CrowdStrike blames testing bugs for security update that took down 8.5M Windows PCs | Ars Technica
Upgrading jQuery: Working Towards a Healthy Web
Upgrading jQuery: Working Towards a Healthy Web | Official jQuery Blog
Working in the environments I do, I can tell you there are some scary situations out there with regards to jQuery. I remember John Resig, more than a decade ago, talking about wanting multiple different versions of jQuery to be able to work on the same page (Scary? Cool!) and I have seen (in 2024!) four versions of jQuery on the same page. Everything worked! That was the good part. The bad part? At least two of those versions had existing security issues associated with them.
At least the page was still working?
The fact that two of the versions on the page had existing security issues is a perfect illustration of why it’s important to keep your dependencies up to date. Pre-npm, pre-depdendabot codebases are especially susceptible to this sort of issue, but… neglected modern codebases are just as much of an issue.
Keep your dependencies up to date!
HTML5 Boilerplate 9.0.1 Released
This release was kicked off because of Gulp 5. Gulp 5 has breaking changes so we had to work through the upgrade manually. In the process of doing that upgrade we discovered a couple of bugs.
- Christian Oliff noticed that tests were failing on Windows
- I noticed that the CSS header didn’t have the correct 9.0.0 version number
The failing Windows tests led me down a rabbit hole which pointed towards a two year old breaking change in glob. It was a few hours of clicking through links and then a quick fix. I also added Windows tests to PRs to make sure it won’t happen again.
And then we cut a release. Open Source, amiright?
I Didn’t Realize How Much I Rely on GitHub Codespaces Until This week
How much do I rely on GitHub Codespaces for open source development? Super double-plus much. I can illustrate exactly how much with one short anecdote.
Gulp 5 was recently released and I created several PRs across repos in the H5BP organization to update Gulp across the board. I missed one issue with the encoding of images in the HTML5-Boilerplate repo and had to create a patch PR to address that one issue. Christian Oliff found an issue with failing tests with the PR on a Windows 11 machine.
This morning I decided to take a look at the issue. While, as I mentioned, I mostly use Codepsaces these days; I still have a local clone of HTML5 Boilerplate. So, I pulled down 44 commits and got to work.
As you do with an npm-based project, I ran `npm install` to make sure the dependencies were up to date.
PS C:\Users\rob\code\html5-boilerplate> npm install npm : The term 'npm' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + npm install + ~~~ + CategoryInfo : ObjectNotFound: (npm:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\Users\rob\code\html5-boilerplate>
Oops? Yes, oops.
What’s going on there? Node/npm is my bread-and-butter environment, right? Absolutely. So? Huh?
Here’s the deal- I have a new Surface Studio 2 that I bought in December and I, apparently, never had any need to install Node/npm on this laptop. As my GitHub profile shows I’ve actually done a fair bit of open source work this year so it’s not down to the fact that I’ve been dormant. I just have done everything in Codepsaces. They’re so convenient I never even think about working locally. It took a specific Windows 11 bug to get me working locally on this laptop.
So, yeah, Codepsaces rock.
If you’re wondering, I did fix the issue with the tests and will be releasing v9.0.1 of H5BP tomorrow or Friday.
Transformation Stories #4 A New Podcast Interview With Me (Rob Larsen)
Check out yours truly on an episode of Atlas Systems’ Transformation Stories.
A hands-on leader and change-maker with 20 years of experience, Rob Larsen remains at the forefront of software-led innovation – in financial services and the larger enterprise world. In this all-new conversation with Atlas Systems, Larsen offers insights into finding the right pace for transformation, keeping stakeholders on board without promising too much, and rethinking his own personal approaches to getting things done and interacting with the world.
Tune in for this great conversation with an industry-leading author, tech champion, and all-around thought leader!
In it I talk about the web in 2005, in 2011 and share general thoughts on digital transformations of all types.
If you run a web/tech podcast and want to talk to me- let me know. I really enjoy the process and love talking about this stuff, still.