_Welcome to YUI Weekly, the weekly roundup of news and announcements from the YUI team and community. If you have any interesting demos or links you’d like to share, feel free to leave a comment below._

* This week saw two new releases for YUI projects. First up was YUI 3.10.1, a patch release to resolve a vulnerability detected in the .swf files used in the IO utility and Uploader components. Please see this security bulletin for more details on the issue and steps to ensure your applications are secure. Also released this week was YUICompressor 2.4.8, which includes improved compression results as well as general fixes.

* At this week's Open Roundtable (YouTube) we invited our friends at Wells Fargo to join us. After some quick intros, we began a discussion about their products and interest in YUI, then dove a bit deeper into some talking points regarding DataTable, Skinning, and Tooling. If DataTable development is something interesting to you, you'll find quite a bit of discussion in the video about details of the component and its upcoming roadmap.

* YUI's Shifter build tool got a version bump to v0.4.0 this week and you can upgrade via npm -g install shifter. This update fixes an issue that was discovered after our migration to Grunt for building releases. The version bump is a minor version (as opposed to a patch version, e.g. v0.3.9) because this does introduce a backwards incompatibility. If you are using a copy directive in any of your component build.json files, the 2nd parameter is now relative to your component's build path as opposed to the source path, so you'll need to make the appropriate update when you upgrade your copy of Shifter. An example of this change can be seen in commit 609f7d, which includes updates to /src/io/build.json and /src/uploader/build.json.

* Thanks to the AlloyUI crew for our awesome new t-shirts! If you are unfamiliar with AlloyUI, it's a self-described "UI framework built on top of YUI3 that provides a simple API for building high scalable applications." Their website is full of goodies, such as examples, Tutorials, and API docs. Check it out!

* Do you have experience with JavaScript, Java, Internationalization, and love solving complex problems at massive scale? Yahoo's internationalization team is hiring!

* New and updated Gallery modules include: debounce, dd-momentum-plugin, task, scrollspy, io-utils, and affix.

* Links of the Week (thanks to JavaScript Weekly )

* Draft Specification for ES.next (Ecma-262 Edition 6) * Introducing Augmented JavaScript * Introduction to Map and Reduce in Javascript * JavaScript Regular Expression Enlightenment * … and more

JOB DESCRIPTION We're looking for an experienced and passionate front-end engineer to join the Internationalization team at Yahoo! You must have demonstrable mastery of and passion for JavaScript and be well-versed in various front-end technologies. You love solving complex problems at massive scale, have built robust and intuitive APIs that have withstood the test of time, and embrace the best practices of performance, security, maintainability, code reuse, and usability. You also have excellent communication skills, possess great attention to detail, and are independent and resourceful. The position is located in Sunnyvale, CA.

Interested candidates should send a resume and cover letter to yui-jobs (at) yahoo-inc.com

MINIMUM JOB QUALIFICATIONS * Absolute mastery of JavaScript. * Expert in YUI. * Skilled in HTML/CSS. * Demonstrated experience building reusable JS components that are modular, performant, and maintainable. * Strong Java skills using Struts or other MVC framework. * Experience with Linux/Unix dev environments. * Knowledge of Maven. PREFERRED JOB QUALIFICATIONS * Knowledge of internationalization processes and platform development desirable.

We are pleased to announce the the immediate availability of version 2.4.8 of YUICompressor. The first YUICompressor release to come forward since the project moved to the new Contributor Model, 2.4.8 includes a number of improvements submitted by members of the YUICompressor community.

SPECIAL THANKS In addition to the community at large, special thanks goes out to following individuals for sticking with us during this period of transition and shepherding their pull requests through the new process: @danbeam (Dan Beam), @faisalman (Faisal Salman), @killsaw (Steven Bredenberg), @ademey (Andrew Demey), @sbertrang (Simon Bertrang), @danielbeardsley (Daniel Beardsley), @bmouw, @bandesz, @ryansully (Ryan Sullivan), @apm (Adam Moore), @nlalevee (Nicolas Lalevée), and @tml (Joey Smith).

CHANGES * Fixes for "important" and conditional comment processing * Fixes a bug in the support for JS 1.7 style getters/setters * Better compliance and improved compression in CSS results * Many improvements to parameter parsing and batch mode JOIN THE YUICOMPRESSOR COMMUNITY As we continue to expand our adoption of the new Contributor Model, we invite any who are interested in the progress of YUICompressor to join us on the mailing list, file issues or PRs on the GitHub repo, or just help us spread the word: YUICompressor lives!

If you know of systems that have integrated YUICompressor into their projects or codebases, please drop us a line or add a comment here so we can help push new versions of YUICompressor deeper into the community.

RELEASE LINKS * Compare v2.4.8 source code to v2.4.7 * Download the 2.4.8 release * Download the 2.4.8 source archive

DETAILS Due to a recently discovered SWF vulnerability, we are releasing YUI 3.10.1. Any project which is self-hosting YUI 3 .swf files should read the security bulletin and take action to resolve potential vulnerabilities on your servers.

YUI 3.10.1 is identical to 3.10.0, with the vulnerable .swf files replaced with patched files. YUI 3.10.1 also reflects fixes in our build system that prevented some files from being included in the release. No other code changes have been included with this release.

You can find YUI 3.10.1 on the CDN, as a download, and on npm.

Special thanks to Aleksandr Dobkin and Sebastian Roschke of the Google Security Team for reporting the issue.

Development continues against our current Development Schedule. Please check out the Change History Rollup for this release.

DEPRECATED MODULES In accordance with our Deprecation Policy, we are taking this opportunity to announce the deprecation of Simple YUI, and our intention to deprecate all .swf-related features in a future release. Stay tuned to the Contributor Mailing List for ongoing discussion on these topics.

_Welcome to YUI Weekly, the weekly roundup of news and announcements from the YUI team and community. If you have any interesting demos or links you’d like to share, feel free to leave a comment below._

* YUI3 IO Utils is a new Gallery module by Juan Dopazo (@juandopazo) that includes extra utilities for doing IO request using promises.

* Matt Parker (@Lamplightdb) attended Yahoo's Hack Europe event and wrote up a nice review of the event for the YUI blog. Also in attendence was core team member Satyen Desai who gave a presentation on YUI for Hackers.

* Yeti v0.2.22 was released this week and includes improvements for testing slower browsers. See the release announcement for more details.

* For those interested in YUI's Template component, Caridy Patino (@caridy) posted a template registration proposal with some ideas for discussion. Head on over the the discussion thread to chime in with any thoughts and feedback.

* Getting started with YUI3 and AlloyUI was a presentation given by Zeno Rocha (@zenorocha) at the Jax Conference in Mainz, Germany. In this presentation, Zeno provides an introduction to front-end development tools, YUI, Alloy UI, and dispels some myths about front-end vs back-end development. Great stuff!

* This week's Open Roundtable (YouTube) featured discussion about a proposed date for YUIConf 2013 (Nov 6th-8th), the development schedule for the next release, a heads up on build snafus as a result of the migration to Grunt-built releases (addresses issues #704 and #718), and pull requests.

* New and updated Gallery modules include: flyweight-tree, io-utils, itsadatetimepicker, itsaeditmodel, itsaformelement, itsamodelsyncpromise, itsatabkeymanager, itsaviewmodel, itsaviewmodelpanel, model-list-union, nmresizer, nmpjaxplus, and test-dom.

* Links of the Week (thanks to JavaScript Weekly)

* Use ECMAScript 6 Today * Debugging & Profiling Node.js * Grunt JavaScript Automation for the Lazy Developer * Hard Thresholds on JavaScript Code Coverage * "You Don't Know JS" (book series) * … and more

I went down to Yahoo! Hack Europe 2013 in London this weekend. I've got to say, Yahoo! can put on a good show. The venue and creature comforts were all very impressive. Saturday morning was filled with tech talks from a bunch of Yahoo! and other speakers (like Twilio and Firefox OS) about their technologies and APIs we might want to use. It was nice to see Satyen bigging up YUI (and at the end to see some hacks that used it a bit).

The event itself was a solid 24 hours (although I went home to bed, I'm too old to pull all-nighters) and produced some nice hacks using a range of APIs. I enjoy these hack weekends for the chance to play with APIs that I would not normally have much reason to use, to work with new people, and to learn about new stuff I don't otherwise come across.

My own effort was the 'Contextificator' - a bookmarklet that tries to make the 'I wonder what/who/where that is -> select text -> new tab -> search -> read -> return to first page' pattern I frequently find myself doing. It uses the Yahoo Content Analysis API to look at the page (or text selection), and then pulls out search results, images, wikipedia text, or a map from Yahoo! BOSS and other APIs, and puts it all in a sidebar on the page you're reading.

I had resolved to try to do things reasonably properly, even though it was a hack. I didn't want to end up with 24 hours worth of spaghetti code, which is usually what happens. So I did try to structure things properly, extending View and Model and Base where that seemed right, writing and loading them all as separate modules, and so on.

So after about 10 hours I'd done quite a lot of that set up, trying to get a reasonable structure for the code… and all I had to show for it was an empty iframe. At that point I was beginning to feel slightly dispirited. However, the next morning it paid off. It all came together very quickly, which left me enough time to tussle with CSS so that it looked vaguely presentable.

Now on reflection I'm sure that at least some of the overall code design decisions I made were wrong. That's no surprise. But by the end I was struck again by the strength of YUI and that even in a 24 hour hack I reckon the investment in trying to structure your code properly (instead of a mess of callbacks and dubious hacks) was well worth it. That's largely because YUI gives you such a strong base to build from and establishes good practices to follow.

So yay to hack weekends. Yay to YUI. And happily the Contextificator won second prize overall, and I got my giant cheque presented by Nick d'Alosio (of Summly fortune - though of course the cheque he got from Yahoo! is several orders of magnitude larger, _[and Im old enough to be your father, dammit]_)!

(If you're wondering, it's called 'Contextificator' mainly because my daughter uses a 'stapleriser' to make holes in paper.)

_ABOUT THE AUTHOR: Matt Parker (@Lamplightdb) _ Matt is creator of Lamplight Database Systems, a powerful and affordable management system for charities. He is also a father of three, trombone and bazouki-ist in Albino, and a lapsed climber. Matt does not get to spend as much time as he would like writing JavaScript.

Today's release of Yeti v0.2.22 includes improvements for testing slower browsers. In particular, we focused on the slow and sometimes flaky Android emulators hosted by Sauce Labs.

We continue to rely on Yeti in CI and we've fixed a few bugs along the way. Today, we run 17,202 tests in browsers on every YUI library commit using Yeti. An additional 45,665 tests run about once a day. We can easily reach 100,000 tests running daily with our setup (assuming 4 commits per day) and we still have more browsers and devices yet to come.

CHANGES * Automatically restart stalled browsers when using WebDriver. * Avoid Selenium proxy in Sauce Labs to support IE 6-9. * Maximum duration for sessions in Sauce Labs is now 2 hours. * Support for HTTP_PROXY and HTTPS_PROXY environment variables when installing Yeti dependencies. Thanks, @ryanvanoss! * Crash fix: prevent calling _launch twice when starting a browser. * Crash fix: properly close duplicate connection. * Bugfix: Yeti exits with code 1 when tests fail using the JUnit XML reporter. * Bugfix: Fix bug in Batch.disallowAgentId. * Bugfix: Uncaught exceptions are now reported in JUnit XML results. * Bugfix: Improve handling of browser-sent events on load. * Upgrade glob and request dependencies. GET YETI You can upgrade now by running npm install -g yeti. Learn more about Yeti at yeti.cx.

RELEASE LINKS * Compare v0.2.21 source code to v0.2.22 * v0.2.22 documentation * Unit code coverage * Functional code coverage

_Welcome to YUI Weekly, the weekly roundup of news and announcements from the YUI team and community. If you have any interesting demos or links you’d like to share, feel free to leave a comment below._

* With YUI 3.10 out the door last week, the project now shifts its focus towards the next release of YUI. A tentative schedule has been posted on the wiki, which includes a release date on June 4th. Also, this is the first development cycle since the migration to Github Issues, so for a detailed view of everything going into the next release, check out the tickets for the Sprint 7 milestone.

* YUI's Target Environment Matrix was updated to include Node 0.10.†, and drop Android 2.2, iOS 4.†, Node.js 0.4.†, and Node.js 0.6.†.

* In this week's Open Roundtable (Notes, YouTube), we discussed combo URLs, coding styles and best practices, linting (yui-lint), and pull requests.

* Activity on the mailing list this week included discussion about latency compensation and a style guide, which led to the creation of the soon-to-be-populated Best Practices for Writing Code page on the wiki.

* Updated Gallery modules include: alea, any-base-converter, array-iterate, array-unnest, composite-image, composite-image-canvas, composite-image-pixel, composite-image-pixels, datetime-utils, itsaviewmodel, model-list-difference, nmmenus, and weighted-list.

* New in the Gallery is lazy-promise, a promise implementation that does not execute until the first time its then method is called.

_Welcome to YUI Weekly, the weekly roundup of news and announcements from the YUI team and community. If you have any interesting demos or links you’d like to share, feel free to leave a comment below._

* This week saw the release of YUI 3.10, a release focusing mostly on low-level performance in Attribute, Base, and EventTarget. It also includes Y.Tree improvements, deprecation of Profiler, and was also the first GA release built using Grunt. For all the details about the release check out the release announcement as well as the full comparison of changes. Take a look at Eric Ferraiuolo's "YUI 3.10.0 – Go Fast" presentation from the After Hours event earlier this month for specifics on the performance improvements.

* This week’s Open Roundtable (notes, YouTube) featured discussions on YUI2′s upcoming EOL, an update on the migration to Github Issues for bug tracking, Google Groups for forums, stale pull request reviews, and a refactor of the YUI seed.

* Activity on the mailing list this week included an announcement that the project will be replacing the bug tracker and forums, and a discussion of the YUI Contributor Model's 72-hour window.

* New and updated Gallery modules include: scrollintoview, itsaviewmodel, itsatabkeymanager, itsadatetimepicker, csstypography, and cssextras

* A version bump this week for Yogi to 0.3.3. Upgrade with npm install -g yogi.

* Links of the Week (thanks to JavaScript Weekly )

* Nicholas Zakas on Maintainable JavaScript * Javascript hoisting explained * JavaScript Best Practices * Debug.js: Automatic Globals Detection in Javascript * … and more

We’re pleased to announce a small update to our target environments matrix to reflect the changing landscape of user environments in our customer base. In order to focus our resources on the environments most widely used by our customers’ end users, we have officially removed Android 2.2, iOS 4.†, Node.js 0.4.†, and Node.js 0.6.† target environments from our automated testing system and added Node 0.10.†. Our process is data driven, and thus we will continue to vigilantly monitor usage of older IE browsers in order to remove them as soon as the data supports the decision. We also look forward to onboarding emerging environments in the near future, such as Firefox OS.

INTERNET EXPLORER 6.0 7.0 8.0 9.0 10.0 CHROME † Latest stable FIREFOX † Latest stable SAFARI iOS 5.† iOS 6.† Latest stable (desktop) WEBKIT Android 2.3.† Android 4.† NODE.JS* 0.8.† 0.10.† WINDOWS (NATIVE) Windows 8 Apps The latest set of target environments is always available at http://yuilibrary.com/yui/environments/.