jun 26, 2026
8 links from the engineering internet.
rspack 2.1 ships with module error apis and cache timing logs
the rust-based, webpack-compatible bundler tags 2.1, exposing module errors through a new javascript api and logging persistent-cache read and write timings, alongside the usual round of bug fixes.
podman 5.8.4 patches a cve leaking host env vars into containers
the container engine ships 5.8.4 to fix cve-2026-57231, where an image with malformed env entries could leak host environment variables into containers started from it. upgrade if you run untrusted images.
docker engine 29.6.1 fixes two security bugs and bumps containerd
moby ships docker engine 29.6.1, patching a malicious-image memory exhaustion bug and a seccomp and apparmor bypass via custom buildkit frontends, then bumps containerd to 2.2.5 and buildkit to 0.31.1.
grype 0.115.0 emits go stdlib vulns from govulndb
anchore's vulnerability scanner 0.115.0 emits golang.org/x/net and go standard-library advisories sourced from govulndb, merges go matches with ghsa records, and restricts stdlib records to the standard library.
terraform cuts 1.16.0-alpha with a new store block
hashicorp tags the first 1.16.0 alpha, adding a store block in terraform_data for ephemeral and sensitive values and letting providers persist plannedprivate data across plan and apply.
shadcn cli 4.11.1 drops node-fetch for native fetch
the shadcn cli 4.11.1 swaps node-fetch for the runtime's native fetch and preserves environment variables when running commands, a small maintenance patch for the component installer.
sglang ships v0.5.14
the sglang team tags v0.5.14 of its high-throughput llm serving engine, the latest build in the 0.5 line for batched inference and structured generation over large models.
keycloak ships 26.6.4 maintenance patch
the open-source identity and access management server ships 26.6.4, a maintenance patch on the current 26.6 line for self-hosted keycloak deployments.