Skip to content

Commit 7e85e6a

Browse files
digest: add issues for 2026-06-30
1 parent e1b7ff4 commit 7e85e6a

12 files changed

Lines changed: 315 additions & 0 deletions
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
---
2+
date: 2026-06-29
3+
repo: biomejs/biome
4+
size: M
5+
title: "LSP typing gets smoother"
6+
excerpt: "Biome debounces LSP diagnostics on rapid edits, while also refreshing snapshots and bumping a few dependencies and workflows."
7+
commits: 4
8+
authors: [ematipico]
9+
commit_authors: {"dd1429c": ematipico}
10+
---
11+
12+
### **Debounced LSP diagnostics to avoid editor lag** (dd1429c)
13+
Biome now schedules diagnostics after edits instead of running them immediately, so typing in large files should feel much less blocked. The change also closes pending diagnostics when a document is shut, and the new test coverage verifies that rapid successive changes only publish the latest diagnostics.
14+
15+
### Other misc changes
16+
- Updated `anyhow` to 1.0.103.
17+
- Refreshed CLI snapshots for config-extending and monorepo-related cases.
18+
- Bumped several GitHub Actions and release workflow pins, plus Node.js in beta workflows.
19+
- Other CI/dependency maintenance updates (1 commit).
Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
---
2+
date: 2026-06-29
3+
repo: denoland/deno
4+
size: L
5+
title: "Deno tightens npm, Node, and Jupyter fixes"
6+
excerpt: "Major npm resolver and node-compat bug fixes landed, plus Jupyter prompt handling and several security/behavior fixes."
7+
commits: 22
8+
authors: [bartlomieju, nathanwhit, tomas-zijdemans, LeSingh1, Medo-ID, Vallabh-1504, kapil971390, minato32, crowlbot, nathanwhitbot, hugoalh, sectore]
9+
commit_authors: {"1d08c79": nathanwhit, "96cedb7": tomas-zijdemans, "ede442b": LeSingh1, "9b23333": bartlomieju, "38e00aa": bartlomieju, "4c2f662": bartlomieju, "6ddc9d7": Vallabh-1504, "c815982": kapil971390, "4216f2b": bartlomieju, "ed07e25": bartlomieju, "3a8ae3f": minato32, "0532e63": nathanwhitbot, "3ca0e08": bartlomieju}
10+
---
11+
12+
### **Fix min-age npm dist-tags by falling back to <= tagged version** (1d08c79)
13+
When a dist-tag points to a version that is too new for the configured dependency-age policy, Deno now retries resolution with a semver range capped at the tagged version instead of failing outright. This brings behavior in line with npm-pick-manifest/pnpm for tags like `latest`, `canary`, and `next`, while still preserving the original error when no acceptable version exists.
14+
15+
### **Preserve TLS close_notify on JS-backed Node sockets** (96cedb7)
16+
`node:tls` now flushes the TLS shutdown alert for JS stream-backed sockets so peers actually observe EOF instead of hanging until timeout. This fixes a class of shutdown bugs seen in JS-duplex integrations like tedious/mssql and aligns Deno’s behavior with native TLS sockets.
17+
18+
### **Fix Jupyter stdin handshake ordering for prompt()/confirm()** (3ca0e08)
19+
The kernel now waits until the ZMTP handshake completes before registering a stdin peer for sending. That prevents early `input_request` frames from corrupting the handshake, which was causing frontends like VS Code to kill the kernel when a cell prompted for input.
20+
21+
### **Harden node:sqlite attach limits under scoped permissions** (38e00aa)
22+
Deno now keeps `ATTACH DATABASE` capped at zero when the process lacks full filesystem permissions for the database path, even if `limits.attach` is set. The fix closes a permission bypass where opening a database with custom limits could re-enable attach and reach files outside the intended boundary.
23+
24+
### **Make Deno’s doc extractor strip quoted JSDoc code fences correctly** (ede442b)
25+
JSDoc extraction now removes leading `>` blockquote markers from code blocks so generated docs render the code as intended. This fixes malformed documentation output for quoted examples.
26+
27+
### **Node child_process now recognizes more Deno subcommands** (9b23333)
28+
Spawning the Deno executable through `node:child_process` now passes through Deno subcommands like `bundle` and `serve` correctly instead of misclassifying them as scripts. That restores compatibility for Node-style process spawning of Deno CLI commands.
29+
30+
### **Make URL and URLSearchParams non-serializable** (4c2f662)
31+
`URL` objects now throw during `structuredClone()` and `postMessage()` instead of silently turning into empty objects. This matches browser/Node behavior and fixes a standards mismatch in Deno’s web platform implementation.
32+
33+
### **Fix `node:process` export of `report`** (6ddc9d7)
34+
`report` is now exported as a named value from `node:process`, matching the Node API surface. This corrects a compatibility gap for code that imports the property directly.
35+
36+
### **Use case-insensitive matching for `trust-policy-exclude`** (c815982)
37+
npm trust-policy exclusions now compare package names case-insensitively, matching npm’s package-name rules. This fixes exclusions that failed to apply when `.npmrc` and registry names used different casing.
38+
39+
### **Reject unpermitted `node:net` unix socket binds** (4216f2b)
40+
Binding a Unix-domain socket through `node:net` now checks filesystem permissions before the socket is created. The underlying libuv compatibility layer also records the bound path only after a successful bind, preventing cleanup logic from acting on a path that never bound.
41+
42+
### **Decode percent-encoded npm subpaths** (ed07e25)
43+
npm specifiers now correctly decode percent-encoded subpaths, fixing resolution for packages that contain non-ASCII or otherwise encoded path segments. That makes imports like encoded Unicode subpaths resolve the actual target file.
44+
45+
### **Show scoped-registry auth hint on tarball 404s** (3a8ae3f)
46+
Deno now surfaces the “No auth for tarball URI, but present for scoped registry” hint not just on 401s but also on 404s from private registries. This improves diagnostics for registries like GitLab that intentionally return 404 for private packages.
47+
48+
### **Normalize npm bin names that contain path separators** (0532e63)
49+
Bin entry names are now canonicalized so embedded `/` or `\` segments don’t create nested paths inside `node_modules/.bin`. This avoids malformed bin shims and fixes cases where package metadata used scoped or path-like bin names.
50+
51+
### **Other misc changes**
52+
- Bumped `denokv_*` crates to 0.14.0 and updated `rusqlite`/SQLite linking pins.
53+
- Fixed `mock.reset()` to also reset Node mock timers.
54+
- Corrected a JSX schema property name.
55+
- Adjusted a flaky streams test assertion.
56+
- Defaulted the desktop window title to the app name.
57+
- Nix/flake tooling updates for rust-analyzer and non-NixOS builds.
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
---
2+
date: 2026-06-29
3+
repo: denoland/std
4+
size: M
5+
title: "Nightly CI lands; YAML emoji fix"
6+
excerpt: "Adds scheduled Deno canary/stable CI, updates YAML to preserve emoji, and refreshes tests for Deno v2.9."
7+
commits: 5
8+
authors: [bartlomieju, minato32, dsherret]
9+
commit_authors: {"cac00a1": bartlomieju, "6d5aea1": minato32, "e28fa81": dsherret, "f0431c2": bartlomieju}
10+
---
11+
12+
### **Nightly CI now runs daily on stable and canary** (cac00a1)
13+
A new scheduled workflow runs the full test, lint, and format suite every day against stable v2.x and canary Deno, helping catch runtime regressions even when no PRs or pushes are landing. On failure, it opens or updates a tracking issue and pings @bartlomieju so breakages don’t sit unnoticed.
14+
15+
### **YAML stringification now keeps astral characters literal** (e28fa81)
16+
The YAML dumper now iterates by Unicode code point instead of UTF-16 code unit, so emoji and other astral characters are treated as printable characters rather than surrogate halves. That means strings like `🐱` are emitted literally instead of being escaped, matching the updated test expectations.
17+
18+
### **Tests and helpers updated for Deno v2.9** (f0431c2)
19+
Several tests were relaxed or adjusted to account for runtime behavior and interface changes in newer Deno releases, including the addition of `Deno.TestContext.assertSnapshot` and version-dependent crypto error text. This keeps the suite compatible as Deno evolves.
20+
21+
### Other misc changes
22+
- Speeded up `ProgressBarStream` tests by removing randomized delays and using a short fixed interval (6d5aea1).
23+
- Updated `actions/checkout` to v7 across CI and release workflows (094f127).

src/posts/2026-06-29_jsr-io-jsr.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
---
2+
date: 2026-06-29
3+
repo: jsr-io/jsr
4+
size: N
5+
title: "No changes"
6+
excerpt: ""
7+
commits: 0
8+
---
9+
10+
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
---
2+
date: 2026-06-29
3+
repo: leanprover/lean4
4+
size: M
5+
title: "List lemmas land; impossible tactic fixed"
6+
excerpt: "Lean adds round-trip lemmas for `idxOf`, `finRange` ordering facts, and fixes `impossible`/grind goal handling, while reverting a parser tweak."
7+
commits: 5
8+
authors: [kim-em, b-mehta, david-christiansen, nomeata]
9+
commit_authors: {"c81da09": kim-em, "82730f7": kim-em, "bf75564": nomeata}
10+
---
11+
12+
### **Round-trip lemmas for `List.idxOf` and indexing** (c81da09)
13+
Lean now proves that `xs[xs.idxOf x] = x` when `x` occurs in the list, plus the nodup converse `idxOf xs[i] xs = i` for duplicate-free lists. These fill a common gap in core and make list search/index reasoning much smoother.
14+
15+
### **`impossible` no longer cleans up the goal first** (bf75564)
16+
The `impossible` tactic combinator now uses `revertAll` directly instead of running `cleanup` before negating the goal, which avoids erasing the very structure it needs to prove impossibility. The change also moves `revertAll` into `Revert.lean` and adjusts grind’s internal imports, fixing #14201.
17+
18+
### **`finRange` gets monotonicity and `Nodup` facts** (82730f7)
19+
Core now has `pairwise_lt_finRange`, `pairwise_le_finRange`, and `nodup_finRange` for `List.finRange n`. These basic ordering facts should simplify proofs that need to treat `finRange` as an increasing, duplicate-free list.
20+
21+
### Other misc changes
22+
- Made `Nat.ne_of_gt` protected and updated internal references (1 commit).
23+
- Reverted a parser extension change from #14193 (1 commit).
Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
---
2+
date: 2026-06-29
3+
repo: microsoft/typescript-go
4+
size: L
5+
title: "Build checks, AST dispatch, and type fixes"
6+
excerpt: "Conditional type recursion is capped, build up-to-date checks now track package.jsons, and AST traversal/signature help bugs were fixed."
7+
commits: 6
8+
authors: [jakebailey, ahejlsberg]
9+
commit_authors: {"288f23d": ahejlsberg, "042a471": jakebailey, "e190472": jakebailey, "04c7848": jakebailey}
10+
---
11+
12+
### **Build up-to-date checks now track package.json inputs** (042a471)
13+
The incremental/build pipeline now consults package.json cache entries when deciding whether outputs are stale, so dependency/package metadata changes can trigger the right rebuilds. This tightens up up-to-date detection around project references and dependency updates.
14+
15+
### **Conditional type base-constraint recursion is capped** (288f23d)
16+
`computeBaseConstraint` now routes conditional types through a dedicated constraint path with a recursion-depth guard, preventing runaway base-constraint expansion on distributive conditionals. This addresses a real compiler correctness/stability issue around deeply recursive conditional types.
17+
18+
### **AST child iteration is devirtualized for speed** (e190472)
19+
`Node.ForEachChild` is now generated as a kind-switch dispatch to concrete node implementations, and `IterChildren` is implemented directly on `Node` to avoid interface-based escape-analysis penalties. The change is explicitly aimed at keeping visitors/closures on the stack and making child traversal cheaper.
20+
21+
### **Internal symbol names are no longer leaked in help/printing** (04c7848)
22+
Signature help and symbol rendering now suppress internal marker prefixes like `\xFEtype` and escape internal names more consistently, so anonymous/contextual types and synthetic symbols show cleaner user-facing labels. This fixes confusing output in signature help and node printing.
23+
24+
### **RemoteNode child traversal no longer double-visits arrays** (f7acbad)
25+
The native-preview `RemoteNode.forEachChild` logic was fixed so array children aren’t visited twice when a `visitList` callback is supplied. That prevents duplicate traversal in editor/API consumers and is covered by new async/sync tests.
26+
27+
### Other misc changes
28+
- Submodule update for bundled TypeScript and lib definition refreshes (1 commit)
29+
- JSDoc wording/signature cleanup in bundled lib files
30+
- Test baseline updates for the above behavior changes
Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
---
2+
date: 2026-06-29
3+
repo: nodejs/node
4+
size: M
5+
title: "Tracing refactor, path fix, and vm bugfix"
6+
excerpt: "A tracing-agent refactor lands alongside a vm property copy fix and a Windows path normalization correction."
7+
commits: 11
8+
authors: [nodejs-github-bot, legendecas, aduh95, trivikr, joyeecheung, watilde, samuel871211]
9+
commit_authors: {"787912e": legendecas, "d95cbc2": legendecas, "b0a4f16": watilde}
10+
---
11+
12+
### **Tracing agent abstraction refactors legacy/perfetto support** (d95cbc2)
13+
Node’s tracing internals were reworked to route environment and inspector integration through a shared agent abstraction, with legacy handling split into dedicated `agent_legacy` sources. This is a substantial internal refactor that lays groundwork for supporting both the old tracing path and Perfetto more cleanly.
14+
15+
### **Fix vm `PropertyDescriptor` copying during defineProperty** (787912e)
16+
`vm` now preserves partial `PropertyDescriptor` updates correctly instead of accidentally turning missing values into `undefined` when defining properties in a contextified sandbox. This fixes a long-standing bug that could corrupt property definitions, and the new regression test covers enumerable/configurable/value combinations.
17+
18+
### **Fix false positives for reserved names in `path.win32.normalize()`** (b0a4f16)
19+
Windows path normalization no longer treats strings like `CONx` or `NULs` as reserved device names unless a colon is actually present. That avoids incorrectly rewriting ordinary filenames to `.
20+
ame`, while preserving the reserved-name behavior for true device-path cases like `CON:`.
21+
22+
### Other misc changes
23+
- Added a GitHub Actions benchmark runner workflow.
24+
- Updated the release-proposal commit-message lint to validate version numbers.
25+
- Tweaked test runner execArgv filtering for child tests.
26+
- Improved LCOV reporter snapshot diagnostics.
27+
- Updated HTTP/2 close() docs.
28+
- Marked strategic-initiative status updates.
29+
- Refreshed WPT fixtures for urlpattern.
30+
- Updated collaborator emeritus metadata.
Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
---
2+
date: 2026-06-29
3+
repo: oven-sh/bun
4+
size: L
5+
title: "Bun lands stream, WebSocket, and runtime fixes"
6+
excerpt: "Major runtime polish: HTMLRewriter refactor, stream/error semantics, WebSocket delivery fixes, Buffer bounds parity, and more."
7+
commits: 18
8+
authors: [robobun, Jarred-Sumner, pxseu]
9+
commit_authors: {"86d32c8": robobun, "d843870": robobun, "daa4473": robobun, "a0f922a": robobun, "0640273": robobun, "f789198": robobun, "20d649f": robobun, "e323e73": robobun, "a401ba3": robobun, "15a5926": robobun, "c6c4210": robobun, "d1e8adf": robobun}
10+
---
11+
12+
### **HTMLRewriter switches to the Rust lol_html crate** (86d32c8)
13+
Bun’s HTMLRewriter was refactored to use `lol_html` directly instead of going through its C API, cutting out a large FFI layer and a lot of unsafe binding code. This is a substantial internal simplification that should make the HTML stack easier to maintain and safer to evolve.
14+
15+
### **Streams now reject, not throw, when already errored** (d843870)
16+
The `Bun.readableStreamTo*` helpers now return rejected promises for already-errored streams instead of throwing synchronously. That aligns them with the rest of the API surface and prevents `.catch()` handlers from being bypassed.
17+
18+
### **Bun.color now treats 24-bit number inputs as opaque** (daa4473)
19+
Number inputs like `0xff0000` now serialize with an opaque alpha channel instead of being treated as fully transparent. This fixes a user-visible mismatch between `Bun.color` output and the documented behavior.
20+
21+
### **Buffer.from(arrayBuffer, byteOffset, length) matches Node bounds rules** (a0f922a)
22+
Bun now mirrors Node’s handling of fractional, negative, NaN, and out-of-bounds offsets/lengths when slicing an `ArrayBuffer`. This closes a compatibility gap for code that computes defensive lengths and expects empty views rather than exceptions.
23+
24+
### **stringWidth ignores bidi controls and invisible format chars** (0640273)
25+
`Bun.stringWidth` now counts bidi control characters and other invisible format characters as zero-width, matching terminal width expectations. That improves TUI layout for text containing RTL markers and similar formatting code points.
26+
27+
### **FormData multipart serialization now normalizes lone CR/LF** (f789198)
28+
Multipart form-data encoding now follows the spec more closely by normalizing lone CR and LF to CRLF for names and string values before escaping. This fixes malformed serialization differences that could affect interoperability with servers.
29+
30+
### **Linux fs.watch now emits the missing self-delete rename events** (20d649f)
31+
On Linux, Bun now delivers both self-events when a watched path is deleted, including the basename for the watched file or directory. That brings `fs.watch` closer to Node/libuv behavior for an important edge case.
32+
33+
### **WebSocket publish() works from sockets with no subscriptions** (a401ba3)
34+
A socket that has never subscribed to anything can now still call `publish()` and deliver to other subscribers, instead of silently no-oping. This fixes a real messaging bug in Bun.serve WebSocket servers.
35+
36+
### **WebSocket unsubscribe() no longer drops queued publish() messages** (e323e73)
37+
Queued publishes are now delivered even if a socket unsubscribes from its last topic in the same tick. The fix preserves messages that had already been accepted by the publish path, avoiding silent loss.
38+
39+
### **Shell IOWriter stops accepting chunks after fatal write errors** (15a5926)
40+
After a fatal write failure, the shell writer now rejects new enqueued chunks instead of letting them pile onto a dead writer. This closes a state-machine hole that could surface in fault/fuzz scenarios.
41+
42+
### **console.table only reads getters once per cell** (c6c4210)
43+
`console.table` and `Bun.inspect.table` now format each cell exactly once, matching Node and avoiding duplicate getter invocations. That removes a subtle correctness issue for objects with observable getters or custom inspect behavior.
44+
45+
### **node:dgram now throws ERR_SOCKET_DGRAM_NOT_RUNNING after close()** (d1e8adf)
46+
Several `dgram.Socket` methods now check for a closed socket up front and throw the proper Node error code instead of an internal TypeError. That tightens API compatibility and improves error clarity after shutdown.
47+
48+
### Other misc changes
49+
- Docs updates: base64 guide, runtime docs, and “Bun is written in Rust” wording.
50+
- `bun pm pack --quiet` no longer prints a leading newline.
51+
- `bun-plugin-svelte` test loosened to avoid pinning wrapper syntax.
52+
- `bun_core::strings` alias cleanup and related internal refactors.
53+
- Formatter/config/test maintenance around the lol_html migration and assorted docs tweaks.

0 commit comments

Comments
 (0)