- YUI Weekly for May 17th, 2013
- Yahoo’s International Team Is Hiring!
- YUICompressor 2.4.8 Released
- YUI 3.10.1 Released to Fix SWF Vulnerability
- YUI Weekly for May 10th, 2013
- Yahoo Hack Europe 2013
- Yeti 0.2.22 Released
- YUI Weekly for May 3rd, 2013
- YUI Weekly for April 26th, 2013
- YUI Target Environments Update
_Welcome to YUI Weekly, the weekly roundup of news and announcements from the YUI team and community. If you have any interesting demos or links you’d like to share, feel free to leave a comment below._ * This week saw two new releases for YUI projects. First up was YUI 3.10.1, a patch release to resolve a vulnerability detected in the
.swffiles used in the IO utility and Uploader components. Please see this security bulletin for more details on the issue and steps to ensure your applications are secure. Also released this week was YUICompressor 2.4.8, which includes improved compression results as well as general fixes. * At this week's Open Roundtable (YouTube) we invited our friends at Wells Fargo to join us. After some quick intros, we began a discussion about their products and interest in YUI, then dove a bit deeper into some talking points regarding DataTable, Skinning, and Tooling. If DataTable development is something interesting to you, you'll find quite a bit of discussion in the video about details of the component and its upcoming roadmap. * YUI's Shifter build tool got a version bump to v0.4.0 this week and you can upgrade via
npm -g install shifter. This update fixes an issue that was discovered after our migration to Grunt for building releases. The version bump is a minor version (as opposed to a patch version, e.g. v0.3.9) because this does introduce a backwards incompatibility. If you are using a
copydirective in any of your component
build.jsonfiles, the 2nd parameter is now relative to your component's build path as opposed to the source path, so you'll need to make the appropriate update when you upgrade your copy of Shifter. An example of this change can be seen in commit 609f7d, which includes updates to
We are pleased to announce the the immediate availability of version 2.4.8 of YUICompressor. The first YUICompressor release to come forward since the project moved to the new Contributor Model, 2.4.8 includes a number of improvements submitted by members of the YUICompressor community. SPECIAL THANKS In addition to the community at large, special thanks goes out to following individuals for sticking with us during this period of transition and shepherding their pull requests through the new process: @danbeam (Dan Beam), @faisalman (Faisal Salman), @killsaw (Steven Bredenberg), @ademey (Andrew Demey), @sbertrang (Simon Bertrang), @danielbeardsley (Daniel Beardsley), @bmouw, @bandesz, @ryansully (Ryan Sullivan), @apm (Adam Moore), @nlalevee (Nicolas Lalevée), and @tml (Joey Smith). CHANGES * Fixes for "important" and conditional comment processing * Fixes a bug in the support for JS 1.7 style getters/setters * Better compliance and improved compression in CSS results * Many improvements to parameter parsing and batch mode JOIN THE YUICOMPRESSOR COMMUNITY As we continue to expand our adoption of the new Contributor Model, we invite any who are interested in the progress of YUICompressor to join us on the mailing list, file issues or PRs on the GitHub repo, or just help us spread the word: YUICompressor lives! If you know of systems that have integrated YUICompressor into their projects or codebases, please drop us a line or add a comment here so we can help push new versions of YUICompressor deeper into the community. RELEASE LINKS * Compare v2.4.8 source code to v2.4.7 * Download the 2.4.8 release * Download the 2.4.8 source archive
DETAILS Due to a recently discovered SWF vulnerability, we are releasing YUI 3.10.1. Any project which is self-hosting YUI 3
.swffiles should read the security bulletin and take action to resolve potential vulnerabilities on your servers. YUI 3.10.1 is identical to 3.10.0, with the vulnerable
.swffiles replaced with patched files. YUI 3.10.1 also reflects fixes in our build system that prevented some files from being included in the release. No other code changes have been included with this release. You can find YUI 3.10.1 on the CDN, as a download, and on npm. Special thanks to Aleksandr Dobkin and Sebastian Roschke of the Google Security Team for reporting the issue. Development continues against our current Development Schedule. Please check out the Change History Rollup for this release. DEPRECATED MODULES In accordance with our Deprecation Policy, we are taking this opportunity to announce the deprecation of Simple YUI, and our intention to deprecate all
.swf-related features in a future release. Stay tuned to the Contributor Mailing List for ongoing discussion on these topics.
I went down to Yahoo! Hack Europe 2013 in London this weekend. I've got to say, Yahoo! can put on a good show. The venue and creature comforts were all very impressive. Saturday morning was filled with tech talks from a bunch of Yahoo! and other speakers (like Twilio and Firefox OS) about their technologies and APIs we might want to use. It was nice to see Satyen bigging up YUI (and at the end to see some hacks that used it a bit). The event itself was a solid 24 hours (although I went home to bed, I'm too old to pull all-nighters) and produced some nice hacks using a range of APIs. I enjoy these hack weekends for the chance to play with APIs that I would not normally have much reason to use, to work with new people, and to learn about new stuff I don't otherwise come across. My own effort was the 'Contextificator' - a bookmarklet that tries to make the 'I wonder what/who/where that is -> select text -> new tab -> search -> read -> return to first page' pattern I frequently find myself doing. It uses the Yahoo Content Analysis API to look at the page (or text selection), and then pulls out search results, images, wikipedia text, or a map from Yahoo! BOSS and other APIs, and puts it all in a sidebar on the page you're reading. I had resolved to try to do things reasonably properly, even though it was a hack. I didn't want to end up with 24 hours worth of spaghetti code, which is usually what happens. So I did try to structure things properly, extending
Today's release of Yeti v0.2.22 includes improvements for testing slower browsers. In particular, we focused on the slow and sometimes flaky Android emulators hosted by Sauce Labs. We continue to rely on Yeti in CI and we've fixed a few bugs along the way. Today, we run 17,202 tests in browsers on every YUI library commit using Yeti. An additional 45,665 tests run about once a day. We can easily reach 100,000 tests running daily with our setup (assuming 4 commits per day) and we still have more browsers and devices yet to come. CHANGES * Automatically restart stalled browsers when using WebDriver. * Avoid Selenium proxy in Sauce Labs to support IE 6-9. * Maximum duration for sessions in Sauce Labs is now 2 hours. * Support for
HTTPS_PROXYenvironment variables when installing Yeti dependencies. Thanks, @ryanvanoss! * Crash fix: prevent calling _launch twice when starting a browser. * Crash fix: properly close duplicate connection. * Bugfix: Yeti exits with code 1 when tests fail using the JUnit XML reporter. * Bugfix: Fix bug in Batch.disallowAgentId. * Bugfix: Uncaught exceptions are now reported in JUnit XML results. * Bugfix: Improve handling of browser-sent events on load. * Upgrade glob and request dependencies. GET YETI You can upgrade now by running
npm install -g yeti. Learn more about Yeti at yeti.cx. RELEASE LINKS * Compare v0.2.21 source code to v0.2.22 * v0.2.22 documentation * Unit code coverage * Functional code coverage
_Welcome to YUI Weekly, the weekly roundup of news and announcements from the YUI team and community. If you have any interesting demos or links you’d like to share, feel free to leave a comment below._ * With YUI 3.10 out the door last week, the project now shifts its focus towards the next release of YUI. A tentative schedule has been posted on the wiki, which includes a release date on June 4th. Also, this is the first development cycle since the migration to Github Issues, so for a detailed view of everything going into the next release, check out the tickets for the Sprint 7 milestone. * YUI's Target Environment Matrix was updated to include Node 0.10.†, and drop Android 2.2, iOS 4.†, Node.js 0.4.†, and Node.js 0.6.†. * In this week's Open Roundtable (Notes, YouTube), we discussed combo URLs, coding styles and best practices, linting (yui-lint), and pull requests. * Activity on the mailing list this week included discussion about latency compensation and a style guide, which led to the creation of the soon-to-be-populated Best Practices for Writing Code page on the wiki. * Updated Gallery modules include: alea, any-base-converter, array-iterate, array-unnest, composite-image, composite-image-canvas, composite-image-pixel, composite-image-pixels, datetime-utils, itsaviewmodel, model-list-difference, nmmenus, and weighted-list. * New in the Gallery is lazy-promise, a promise implementation that does not execute until the first time its then method is called.
_Welcome to YUI Weekly, the weekly roundup of news and announcements from the YUI team and community. If you have any interesting demos or links you’d like to share, feel free to leave a comment below._ * This week saw the release of YUI 3.10, a release focusing mostly on low-level performance in Attribute, Base, and EventTarget. It also includes Y.Tree improvements, deprecation of Profiler, and was also the first GA release built using Grunt. For all the details about the release check out the release announcement as well as the full comparison of changes. Take a look at Eric Ferraiuolo's "YUI 3.10.0 – Go Fast" presentation from the After Hours event earlier this month for specifics on the performance improvements. * This week’s Open Roundtable (notes, YouTube) featured discussions on YUI2′s upcoming EOL, an update on the migration to Github Issues for bug tracking, Google Groups for forums, stale pull request reviews, and a refactor of the YUI seed. * Activity on the mailing list this week included an announcement that the project will be replacing the bug tracker and forums, and a discussion of the YUI Contributor Model's 72-hour window. * New and updated Gallery modules include: scrollintoview, itsaviewmodel, itsatabkeymanager, itsadatetimepicker, csstypography, and cssextras * A version bump this week for Yogi to 0.3.3. Upgrade with
We’re pleased to announce a small update to our target environments matrix to reflect the changing landscape of user environments in our customer base. In order to focus our resources on the environments most widely used by our customers’ end users, we have officially removed Android 2.2, iOS 4.†, Node.js 0.4.†, and Node.js 0.6.† target environments from our automated testing system and added Node 0.10.†. Our process is data driven, and thus we will continue to vigilantly monitor usage of older IE browsers in order to remove them as soon as the data supports the decision. We also look forward to onboarding emerging environments in the near future, such as Firefox OS. INTERNET EXPLORER 6.0 7.0 8.0 9.0 10.0 CHROME † Latest stable FIREFOX † Latest stable SAFARI iOS 5.† iOS 6.† Latest stable (desktop) WEBKIT Android 2.3.† Android 4.† NODE.JS* 0.8.† 0.10.† WINDOWS (NATIVE) Windows 8 Apps The latest set of target environments is always available at http://yuilibrary.com/yui/environments/.