As I wrote yesterday, I have a special holiday gift for you: I’m making the end-of-year recap of the most important web development news, normally a premium feature, free!
I focused this roundup primarily on technical releases and highlights to help you catch up and prepare for 2021 as opposed to general industry top stories. The recap is organized as follows:
Have the most amazing New Year's Eve! I'll see you in 2021!
P.S.: If you want weekly and monthly roundups like this in 2021 so you're always ahead of the curve, you know the drill: click here to upgrade to premium! The first 14 days are free.
- GitHub removed all non-essential, third-party cookies to get rid of "annoying" cookie banners from its site, banners which the EU’s 2018 General Data Protection Regulation (GDPR) requires as part of its cookie consent policy. This means GitHub will get rid of cookies that monitor, display ads, or send information to third-parties "to better protect developer privacy," keeping only those cookies that are required.
- GitHub's CEO announced the company is replacing words like "master" and "slave" with neutral terms to avoid references to slavery. For a full list of the most important changes, click here.
GitHub Universe and GitHub Satellite highlights:
GitHub unveiled its new dark mode during GitHub Universe. You can enable the mode from settings or set it to track your system preferences. Other notable announcements from the conference:
- Companies are now able to become GitHub Sponsors for open-source projects and pay developers directly. Companies that have already done so include American Express, Amazon Web Services Inc., Daimler AG, Stripe Inc., Microsoft Corp. and New Relic Inc.
- Automatic merging of pull requests.
- The new Discussions feature, which offers developers a space to talk, ask, and answer questions that you can attach to a repo.
- The release of version 3.0 of GitHub Enterprise Server.
GitHub Satellite Conference:
Other Tool Updates:
- All core features became free for teams.
- The iOS and Android versions of GitHub for mobile are now generally available. The app allows GitHub users to receive notifications when they're mentioned in a discussion, merge pull requests, add code to repositories, "swipe to finish a task," respond to comments and more "while on the go."
- GitHub has launched a public roadmap, a public repository to keep developers updated about what new features and functionality the platform will release in the next few quarters.
- A new command-line interface known as GitHub CLI is now available, allowing developers to create and check out their pull requests, view out the details of issues causing bugs, and look at the status of their work without needing to leave the command line.
- GitHub is experimenting with allowing profiles to have their own READMEs.
- A new feature making it possible to limit people's interactions with your GitHub project for a select amount of time.
- A new native integration that scans code for security vulnerabilities before production. The new code scanning feature is free to enable on public repositories here, while it is a GitHub Advanced Security feature for GitHub Enterprise.
- The Code Search feature will now only index repos displaying recent activity within the last year, GitHub announced late this year.
- GitLab 12.8: introduces the Log Explorer, which lets developers work with all of their logs from one place. Other new features include a Compliance Dashboard, which you can use to track a group’s Merge Request activity, as well as built-in NuGet repositories.
- GitLab 12.9: new features include a Full Code Quality Report that summarizes code quality problems, customizable value stream analytics, as well as the ability to manage secrets through the HashiCorp Vault managed application.
- Gitlab 12.10: introduces a new compliance tool called requirements management, which helps teams more easily manage the requirements of their business. GitLab 12.10 also features built-in PyPI repositories, making it easier to publish and share Python packages.
- GitLab 13.0: updates include support for highly available Git storage without using NF, auto-deployment to Amazon ECS, version control for snippets, and more. Click here for a full list.
- GitLab 13.1: Expanded alert management with new features such as alert assignments, Slack integration, and the ability to create GitLab To-Dos when assigning alerts
- GitLab 13.4: the ability to use HashiCorp Vault secrets in CI jobs; GitLab pages redirects, and more.
General GitLab news:
GitLab CEO Sid Sijbrandij announced GitLab will be moving 18 of its features to open source. These include features from Plan, Create, Verify, Package, Release, Configure, and Defend. Some specific offerings that will now be free include Code quality reports on merge reports, service desk, various Release features such as feature flags and deploy boards, and more, which you can read about here.
- Chrome 80: While Chrome 80 came with support for SameSite Cookies, it was not immediately rolled out with the release of the new browser version, as many anticipated. Google instead rolled out SameSite-by-default and SameSite=None-requires-Secure in Chrome 80 Stable in February. However, Google started rolling back SameSite cookie labeling because of the coronavirus, although it resumed the enforcement of these changes over this summer.
- Chrome 79: stopped displaying Cross-Origin Resource Sharing (CORS) preflight OPTIONS requests in the Chrome developer tools network panel and in the Resource Timing API, making it harder to debug. To get around this, one developer recommends, for example, that you use WebPageTest, or use Firefox's developer tools panel instead. For those upset by this change, Google engineer Kinuko Yasuda advises they star the Chromium bug to get Google's attention.
- Chrome 81: Developers can more easily bring augmented reality (AR) to users with Google Chrome 81. The release also added WebXR support for browser-based augmented reality, which makes it possible to bring AR to users without native apps. In addition, the new release brings Web NFC support to the browser. There was no Chrome 82 release, however, because of the interruptions caused by the coronavirus pandemic.
- Chrome 83: New Trusted Types API to help tackle cross-site scripting vulnerabilities; the Web Vitals program; support for the Barcode Detection API, and more. Click here for developer-related changes.
- Chrome 85: Chrome announced a new compiler optimization technique, Profile Guided Optimization (PGO), that it claims makes Chrome 85 faster by increasing page load speed by up to 10%.
- Chrome 86: the File System Access API's now available in stable and updated so that it's easier to grant web apps access to a given file/folder for reads and writes.
- Google has released Chrome 88 to desktop and mobile users on its beta channel, offering a glimpse into some of the upcoming release's new features. Some highlights: support removed for Web Components v0, Google's Manifest V3 for Chrome Extensions, a new Digital Goods API, which queries and manages digital products for in-app purchases on web apps in the Play Store.
General Chrome News:
- Google's Chrome Web Store announced new changes in its policies concerning spam. Google instructs developers to avoid publishing more than one extension that provides "duplicate experiences or functionality" and more, which you can check out in further detail here.
- Firefox 73: overscroll-behavior-block and overscroll-behavior-inline to CSS logical properties, giving developers another way to control the browser's actions when they've come to the end of a boundary of a scrolling area. For more details about changes relevant to developers in this release, click here.
- Firefox 75: developers can use the loading attribute on the <img> element, while also allowing an image to be lazily loaded by setting the string value to lazy.
- Firefox 76: provides support for audio worklets by default.
- Firefox 79: improved debugger that now highlights errors in code, inspector updates, like improved source map references for SCSS and CSS-in-JS, automatical setting of rel=noopener for all links that contain target=_blank, and more. For a more detailed list of changes, click here.
- Firefox 80: An experimental sidebar panel in the Firefox Developer Edition inspector; support for RTX and Transport-cc; Firefox's Media Session API now supports "seekto" and "skipad" actions.
- Firefox 82: DevTools now displays server sent events in the Network panel, making it possible for a server to send new data to a web page at any time and support for the Media Session API.
- Firefox 83: comes with HTTPS-Only Mode, a new security feature wherein the browser will try to create secure connections to each site.
- Firefox 84.0: Network panel can now handle unexpected crashes and render helpful debugging details like a related stack-trace. There's also a new link users can click on to easily file a bug report, support for link preloading, native support for macOS devices built with Apple Silicon CPUs.
General Mozilla Firefox News:
- Mozilla captured headlines after it laid off nearly 25% of its workforce, including its Developer Tools employees and entire MDN team. The company seeks to organize a "new product organization" beyond its flagship web browser to create new revenue streams and ship products faster.
- Fastly hired Mozilla's entire Wasmtime team. As a result, Fastly will be sponsoring work on those non-browser projects Mozilla created, like Wasmtime and WASI, although a team at Mozilla will continue working on WebAssembly in Firefox and the Cranelift code generator.
- Mozilla launched a new MDN Web Docs platform codenamed Yari, changing contributor workflow. As a result, the content in Kuma, the platform powering MDN Web Docs, has moved from a MySQL database to being hosted in a GitHub repo.
- Mozilla announced interim CEO Mitchell Baker is the new permanent CEO of Mozilla Corporation. She will now permanently take over from former CEO Chris Beard, who announced he was stepping down last August.
- Mozilla dropped support for Adobe Flash in consumer versions of its browser. Security and performance issues associated with plugins are the main reason for the change.
- Microsoft Edge is one of the least private browsers, a study from earlier this year reveals. After testing Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser, the study found that URLs typed into the browser and unique hardware identifiers are shared with Microsoft sites. Meanwhile, Brave performed well in the tests.
- Microsoft 365 apps and services will no longer support Internet Explorer 11 (IE 11) starting Aug. 17, 2021. Microsoft additionally announced Windows 10 is also sunsetting the Microsoft Edge Legacy desktop app, and will no longer support it starting March 9, 2021.
- Safari Technology Preview Release 117: Web Inspector improvements, such as an option to “Edit Breakpoint…” or “Reveal Breakpoint” in Sources Tab. You can check out the full list of changes here.
- Microsoft has released the Microsoft Edge Dev Channel for Linux. This means the browser is now available on all major desktop and mobile platforms.
- Microsoft Edge WebView2, an embedded web control built on top of the Chromium-powered Edge, for Win32 C/C++ is now generally available. As a result, Windows app developers now can access the most recent web tech in their current and new apps.
- Web browser engine Webkit announced it is blocking cookies for cross-site resources by default in Apple's Safari browser.
- Version 3.0 of the Vivaldi browser introduced built-in ad and tracker blockers, while incorporating DuckDuckGo’s Tracker Radar-powered blocklist into the latter. Vivaldi also launched the first stable release of Vivaldi for Android.
- Tor Browser 9.5 included a number of significant security updates to Firefox, while sites can also advertise their onion service by adding an HTTP header. Click here for more information about changes.
- Opera version 69 became the first major browser to integrate Twitter.
- Cloudflare launched the beta version of Cloudflare Pages, a free cloud platform for deploying and hosting static JAMstack websites. The company added it is also working on integrating Cloudflare Workers and Pages "into a seamless experience," thus also expanding into, and making it possible to deploy, web apps.
- The results for the State of CSS 2020 report have been published. The findings reveal the surge in new CSS features means developers may need to reevaluate their understanding of CSS as the ecosystem is undergoing a "renewal." Other key insights from the report include: CSS Grid Layout increased in usage from 54.7% in 2019 to 73.3% this year.
- Bootstrap v4.5.0: Highlights include new utilities and Sass map that allows developers to set user-select quickly, and a new Reboot style for pointer cursors.
- Bootstrap v5.0.0-alpha2 highlights: New directional positioning utilities. The third alpha version of Bootstrap 5: replacement of the .card based accordion for .accordion component.
- Electron 11.0.0: support for Apple silicon and upgrades to Chromium 87, Node.js 12.18.3, and V8 8.7.
- Electron 9.0: new breaking change that prevents the loading of non-context-aware native modules in renderer processes.
- UI component workshop Storybook 6.1: support for React 17 as well as fast refresh and strict mode. For a full list of more major changes, click here.
- Tailwind CSS v2.0: Support for dark mode, a new color palette, default line-heights per font-size, new form reset so you can easily customize form elements with utility classes.
- The second version of Squoosh, an image compression app from Chrome's engineering team designed to make it easy to experiment with various image codecs, has been released.
- Flutter released new updates improving web support. The default Flutter template for the web app, for example, now supports those features needed for an installable, offline-capable PWA app, while it is now possible to debug Flutter on the web when you enable expression evaluation on VS Code.
- WordPress 5.6: WordPress Core support for PHP 8, more block patterns, more tools making it possible to edit your layout with or without code, new Application Passwords authorization feature.
- WordPress 5.5 comes with the WordPress auto-updates feature plugin and more.
- Node.js v15.0.0: The release of npm 7, which comes with new features such as npm workspaces, support for yarn.lock files, and a new package-lock.json format, while peer dependencies are now installed automatically. Other highlights include sn experimental implementation of AbortController.
- Node.js version 14: the diagnostic report is now a stable feature, enabling developers to generate reports that can help them diagnose and fix problems such as slow performance and memory leaks.
- npm launched a product roadmap repo its users can use to track the progress of new features the team is working on and find out about expected release dates.
- Version 7.0.0 of the npm CLI: Workspaces, which offers support for managing multiple packages from within one top-level, root package.
- React v17.0.0: Unlike previous releases, the new version doesn't come with any new developer-facing features, but rather improvements making it easier to upgrade React. As a result, it will now be possible to upgrade your app to future React versions either all at one, or piece by piece.
- React v16.13.0: comes with several new warnings; for example, if developers fail to call setState during a render on the same component, they will receive a notice to help them avoid incorporating bugs created by unintentional state changes. For further details about new changes, check out the release notes on GitHub.
- Next.js 10 highlights: the Next.js Image Component and Automatic Image Optimization features, which are designed to make images more performant on the web.
- Facebook open-sourced Recoil.js, a new experimental state management library for React to solve some of the problems that React's built-in state management capabilities cannot address.
- Vue.js 3.0: the new Composition API consists of a set of APIs addressing the pain points of Vue usage in large scale applications; two new experimental features for Single-File Components (SFC): <script setup> and <style vars>; improved TypeScript integration. For more information about new features, click here.
- Angular 9: all applications will, by default, migrate to the Ivy compiler and runtime, improvements for handling CSS styles, and more. Angular 9.1 meanwhile came with support for the latest version of TypeScript, TypeScript 3.8.
- Angular 10: drops support for versions 9 and 10 of Internet Explorer, as well as Internet Explorer Mobile. Other highlights: a new date range picker, warnings about CommonJS imports that can slow down apps, support for TypeScript 3.9.
- Angular 11: All new issues reported will be triaged within two weeks and the introduction of automatic font inlining by default. For a more detailed list of new changes, click here.
- jQuery 3.5.0: an important security fix addressing a regex in the jQuery.htmlPrefilter method that could have introduced a cross-site scripting (XSS) vulnerability. For instructions on how to download the new version and more details about changes, click here.
- TypeScript 4.0: Spreads in tuple type syntax can now be generic, while spread elements can now occur anywhere in a tuple; tuples types can now provide labels; and support for a proposal to add three new assignment operators: &&=, ||=, and ??=. For more details about changes, click here.
- TypeScript 3.8: introduces ECMAScript Private Fields and top-level await. For more details about new features, click here.
- TypeScript 3.9: while the new version did not ship with the much-anticipated awaited type, it does come with other new features, like a new feature, // @ts-expect-error comments, that improves error reporting.
RUBY / RUBY ON RAILS:
Ruby 3.0.0 was released on Christmas. Some highlights include:
- The rbs gem, which makes it possible to parse and process type definitions written in RBS.
- Experimental support for TypeProf, a type analysis tool bundled in the Ruby package.
- Memory view as an experimental feature.
- Experimental support for Ractor, which aims to provide a parallel execution feature without thread-safety concerns.
The stable version of Rails 6.1 was released earlier this month. Highlights include:
- Ruby web app framework Hanami has launched a smaller version of itself, but for HTTP APIs. Called "hanami-api," the lightweight framework is designed to be extremely fast and allows potential users interested in sampling the framework a chance to do so.
- Action Cable command-line interface ACLI 0.3 is out and comes with HTTP headers support.
- SimpleCov v0.18: support for branch coverage in Ruby 2.5 and newer, while the team has also stopped supporting those Ruby versions older than Ruby 2.4 that have reached end of life. Learn more here.
- Backports 3.16, a Ruby gem that lets users write code that runs across different versions of Ruby, is out. It comes with support for Ruby 2.7's features in earlier Ruby versions and more, which you can dive into here.
Python creator Guido van Rossum left retirement and joined Microsoft’s Developer Division. Van Rossum didn't specify what he would do in his new role besides stating that he will be working on improving Python on Windows and other platforms, adding "there’s lots of open source here. Watch this space."
- Python 3.9: New operators | and |= for merging and updating dictionaries; type hinting generics in standard collections, and more.
- Python 2.7.18, the last Python 2 release, was released. From now on, the Python team will no longer provide any security updates or fixes for the Python 2 series. Users are advised to switch to Python 3 as soon as possible using this official porting guide.
- Python 3.10.0a2, an early developer preview of Python 3.10, was released for testing. Python 3.10 is expected to be released in October 2021.
- Python versions older than 3.6 have now all officially reached end-of-life.
- Django 3.1: support for a fully asynchronous request path, including asynchronous views, asynchronous middleware, asynchronous tests, and test client. Click here for a full list of updates.
Other Python Tools / News:
- JetBrains' PyCharm 2020.1: interactive reading, allowing you to easily rebase your branch in a cleaner way. To use the IDE, you can download it here or upgrade.
- In the April 2020 Python Extension for Visual Studio Code, Python debugger debugpy now supports live reloading of web applications.
- Facebook's engineering team announced Pysa, a Python Static Analyzer tool now available open-source you can use to find and prevent security issues in your code. Facebook uses Pysa to detect a variety of problems, including common web app security issues, like XSS and SQL injection.
- The Consortium for Python Data API Standards has been launched to develop API standards for arrays and dataframes.
The stable version of PHP 8.0 was released in late November. Highlights include:
- The syntax #[Attr] after the PHP community voted on an RFC to shorten the Attribute syntax.
- The ability to use native union type declarations validated at runtime instead of PHPDoc annotations for a combination of types
- The ability to use a chain of calls with the new nullsafe operator that you can use instead of null check conditions
- Consistent type errors for internal functions
- Named arguments, which means you need to only specify required parameters
- Two new JIT compilation engines
Other PHP Tools / News:
- PhpStorm 2020.1 is out and comes with improved type inference; for example, you can now highlight redundant @var tags, while IDE can now identify when a variable can be null and when not. In addition, the new release comes with out-of-the-box composer.json support and more, which you can dive into in further detail in the release notes.
- WordPress decided against changing the minimum PHP version in 2020. It instead continued supporting PHP 5.6.
- Nearly 50% of PHP developers in a new survey report using PHP 7.4, reaching the highest peak percentage (42.61%) for any version in five years when 48.87% reported using PHP 5.5 in 2015. According to Private Packagist's "PHP Versions Stats - 2020.2 Edition," twice as many developers also reported using PHP 7.4 since May 2020.
- Go 1.15: the GOPROXY environment variable now supports skipping proxies that return errors which means you can divide proxy URLs with either commas (,) or pipe characters (|). Check the release notes for a thorough list of other new changes introduced in this release.
- Go 1.14: developers can now use module support in the Go command in production, and all are encouraged to move to Go modules for dependency management. For further details about new features and more, check out the release notes.
- Golang has released the first beta version of Go 1.15. To read about other new features that will be available in the stable version of Go 1.15, check out the release notes.
Other Go Tools / News:
- Golang celebrated its 11th birthday with a post offering a glimpse into next year's releases and summarizing major changes from 2020. Here are some highlights:
- The team hopes to have generics incorporated into the Go 1.18 betas.
- The February 2021 Go 1.16 release will come with the new file system interfaces, build-time file embedding, and support for the new Apple Silicon Macs.
- The August Go 1.17 release will feature a new register-based calling convention for x86-64 to make programs faster, the new //go:build lines, and possibly a beta version of support for fuzzing in the go test command.
- Support for GOPATH-based development will be sunsetting next year.
- A new database of known vulnerabilities, as well as tools, to check your programs.
- Codebase for pkg.go.dev, a site developers use to find and evaluate Go packages and modules, is now open source. The repository resides here, and is also mirrored to GitHub.
- The VS Code Go extension is now officially a part of the Go project. As a result, its repository will now be located under the rest of the Go project here.
- Golang removed all uses of blacklist/whitelist and replaced them with allowlist and blocklist instead.
- Rust 1.41.1: fixes two critical issues discovered in the previous update: a soundness hole related to static lifetimes, and a miscompilation causing segfaults.
- Rust 1.43: Developers now no longer need to import modules when using associated constants on floats and integers. See the release notes for a more detailed list of changes.
- Rust 1.44: support for async/await in no_std contexts, while the Rust team has now integrated cargo tree within Cargo itself. For a more detailed list of changes, check out the release notes here.
- Rust 1.45: Stabilization of the final feature, proc_macro_hygiene, which was needed for the popular web framework, Rocket, to work on stable Rust. For a more detailed list of all changes, click here.
- Rust 1.46: New core language features you can now use in a const fn that increases compile-time computation power, such as: if, if let, and match; while, while let, and loop; and the && and || operators. It's also possible to cast to a slice. Check out the release notes for a more detailed list of changes.
- Rust 1.48: Rustdoc now will generate URLs for you. Check out the release notes for more details about changes.
Other News / Tools:
- Rust, which was created as a Mozilla Research project in 2010, plans to have its own independent foundation by the end of 2020. The Rust team announced the news while responding to Mozilla's mass layoffs during the summer, which also included active members of the Rust project and the Rust community.
Sheena Vasani is a professional tech writer, creator, and UC Berkeley, Dev Bootcamp, and Thinkful alumna who writes Inside Dev and Inside NoCode. She recently launched Affordable Mental Help, a directory listing free and low-cost mental health resources. You can contact her at sheenavasani1[at]gmail.com.
Jonathan Harris is a writer for Inside.com. Previously, he wrote for The Huffington Post, TakePart.com, and the YouTube channel What’s Trending.