Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...
GitHub

[bug] Incorrect binary reuse when changing a transitive dependency from shared to static

We have encountered an issue where Conan fails to correctly trigger a rebuild of all affected downstream dependencies when a transitive dependency is changed from a shared to a static library. This ...
InfoWorld

JDK 26: The new features in Java 26

Next year’s Java release is slated to include a performance boost for the G1 garbage collector and opt-in support for HTTP/3. The Applets API is on the chopping block. Java Development Kit (JDK) 26, a ...
inforum

Get to know breakout Gophers receiver Jalen Smith

Minnesota Golden Gophers wide receiver Jalen Smith (8) catches a pass against the Buffalo Bulls on Aug. 28, 2025, in Minneapolis.
GitHub

Install dev dependencies of transitive workspace packages when targeting a single package

Currently, uv sync does not install the dev dependencies of transitive workspace packages when targeting a single package. Some existing issues mention to use --all-packages, which we do during local ...