Digest of news from the world of programming #1

At the same time, existing functions have been updated and tools for testing applications have been improved. Android Studio Flamingo now works with the Android Gradle 8.0.0 plugin, and the release itself includes IntelliJ 2022.2 with a rendering system using the Metal API on macOS.

Moscow authorities announced the release of Mos.Hub (MosHub) – an analogue of GitHub

The Moscow government announced that it will launch the Mos.Hub service (MosHub), which is designed to become an alternative to GitHub. The Department of Information Technologies of Moscow said that Mos.Hub will be launched on the basis of the city’s software repository, which stores the source code of Moscow’s services.

Mos.Hub is already being tested by city IT specialists, and in the near future access to the service will be open to everyone. The press release noted that users will have access to the functions of checking the published code for errors and the presence of malicious components.

GitHub users can now comment on files in pull requests

GitHub has introduced a file commenting feature in pull requests. If earlier users could comment on individual lines of code, now it is possible to leave a comment for the entire file at once. Declared support for all types of files, including images.

The company has been testing the feature since early March. Now commenting is open to all users. A button to open the comment window appeared next to files in pull requests.

GitHub launches public beta test of repository rules

Organizations can now set rules for their GitHub repositories. You can create rule sets and manage their state. For example, you can prevent changes from being uploaded without comments, or that all changes in a branch are accompanied by at least two developers.

This approach will allow companies to secure their repositories and protect them from uncontrolled updates. Also, administrators will not need to constantly track changes in order to make adjustments to them – inappropriate changes simply cannot be published.

At the same time, a new menu for setting up rules has appeared in the organizations section, in which you can create new rules and edit existing ones. GitHub Enterprise Cloud customers have the option to test the rule before running it. The feature itself is currently in public beta.

Node.js 20 became available to developers

Last week, the release of the Node.js 20 platform took place. The platform was transferred to the V8 engine version 11.3, which runs Chromium 113. Support for new functions and methods has appeared, and now Node.js can fully run on ARM64 machines.

The project team also updated the module node: test, making it stable. The Node.js 20 release included the Ada 2.0 URL parser and added support for WebAssembly System Interface (WASI) without a special command line flag.

It’s easier for users to track the origin of npm packages

It’s now easier for users to trace the origin of npm packages to make sure they’re installing the right library, and not a virus with a consonant name. The new verification mechanism was introduced by the GitHub service team.

If the developer passes the verification process, then his package will be marked with a special icon that informs users about the security. In the GitHub blog, they said that they plan to deal with viruses that spread through the npm repository in this way.

For now, the package validation feature only works in GitHub Actions, but support for other cloud CI/CDs should be coming soon. You can get acquainted with the new verification system in the official documentation.

Amazon introduced a cryptographic library for Rust

Amazon experts have noticed that Rust programmers are increasingly having to develop applications using cryptographic algorithms. All necessary algorithms are implemented in the popular Ring library, but these implementations are not enshrined in the Federal Information Processing Standards (FIPS) of the United States and Canada and cannot be used in government systems.

Amazon solved this problem by releasing the aws-lc-rs library, which is based on AWS-LC for C++. Implementations of the algorithms from it have already received regulatory approval, and Amazon developers have added compatibility with the Ring API to make it easier for Rust programmers to work. The aws-lc-rs code has been published to an open GitHub repository, and the library itself is compatible with Linux (x86, x86-64, aarch64) and macOS (x86-64).

GitHub releases tool for reporting vulnerabilities in open source projects

The next GitHub update this week includes a dedicated mechanism for confidential vulnerability reporting in open source projects. The company said that often security researchers cannot contact the owners of repositories to report a bug. Therefore, the company decided to develop a single tool for generating reports.

Organizations can activate the feature, then a form for submitting reports will appear in all its repositories. Security researchers will be able to mark the types of vulnerabilities and describe them in detail. However, other users will not see these messages to prevent attackers from exploiting the vulnerability.

The function itself was announced during the GitHub Universe 2022 conference. At the same time, a public beta test was launched. Since then, more than 30,000 organizations have connected vulnerability reports to 180,000 repositories, receiving about a thousand reports.

Ubuntu 23.04 Lunar Lobster Released

Canonical has released a distribution of Ubuntu 23.04 called Lunar Lobster. The system now uses the Gnome 44 desktop environment, and developers continue the process of porting system applications to GTK 4. The distribution now comes with an updated installer based on curtin and Flutter. The company has left the option to switch to an older version of the Ubuntu installer for now.

The Linux kernel was updated to version 6.2 and the applications from the default base package were updated. The device settings control bar has been given an option to change Bluetooth settings, and all snap packages are now updated in the background and applied after closing the applications associated with them.

Also, the Ubuntu team has returned a build of Edubuntu with a package of educational applications for children. Ububntu-based builds also received an update and moved to new versions of their user environments.

Microsoft improves JavaScript and TypeScript code highlighting in Visual Studio

Last year, a user complained on the official developer forum that JavaScript and TypeScript code highlighting in Visual Studio Code is more informative and convenient than in Visual Studio. The team responded to the remark and promised to rectify the situation.

Now, Microsoft has unveiled the Visual Studio 17.6 update, which includes new syntax highlighting rules for JavaScript, TypeScript, and HTML. In the company’s blog, they said that they tried not only to make the highlight as in Visual Studio Code, but to adapt it to the IDE’s features. It also became possible to fully customize the highlighting rules and change them for specific preferences. In the article, you can see screenshots that clearly demonstrate the changes by clicking on the link.