jun 13, 2026
3 links from the engineering internet.
github.comsystemsinfra
runc 1.4.3 and 1.3.6 patch cve-2026-41579 host filesystem write
the container runtime fixes cve-2026-41579, where a malicious image with a /dev symlink could gain limited write access to the host filesystem, similar to earlier rootfs escapes. it also reuses one tmpfs when masking directories to cut per-container cleanup cost.
github.comweboss
rollup 4.62.0 splits manual-chunk shared deps into separate chunks
the bundler now extracts static dependencies shared between manual chunks and entry points into their own chunk instead of duplicating them, so manual chunking no longer bloats output with repeated code.
pypi.org
ai
vllm 0.23.0 ships deepseek-v4 hardening and gemma 4 support
the inference engine lands 408 commits: another deepseek-v4 optimization pass, encoder-free gemma 4 with mtp, model runner v2 now default for llama and mistral dense models, and a move to transformers v5 that deprecates v4 support.