June 01, 2026

#482 Mr. Beast's episode

24 minutes

Topics covered in this episode:

CVE-2026-48710: A Maintainer's Perspective

daily-stars-explorer

Markdown to pdf with pandoc and typst

postman2pytest

Extras

Joke

Watch on YouTube

About the show

Brian #1: CVE-2026-48710: A Maintainer's Perspective

Marcelo Trylesinski

suggested by Lee Luocks

Short version:

users of Starlette: upgrade to Starlette 1.0.1

security professionals: we can’t treat open source projects like corporations

This top link is a Starlette security advisory with the title

Missing Host header validation poisons request.url.path, bypassing path-based security checks

The CVE apparently caused some negative press targeting starlette.

However, “the vulnerability came from the application pattern and the deployment, never from something Starlette intended.”

A quote from an OSTIF article: “This bug is a classic “responsibility gap” where if this maintainer didn’t patch, thousands of exposed projects would have to individually secure their projects. In doing this work, they’ve voluntarily taken on the responsibility to protect the ecosystem from long-term systemic harm. As with all open source projects, they owed us nothing and could have left this to be everyone else’s problem and took the extraordinary steps of helping the ecosystem.”

Both X40 D-Sec and Ars Technica expected immediate fixes and responses from Starlette.

That’s not good. We can do better.

Michael #2: daily-stars-explorer

Explore the full history of any GitHub repository.

📈 Full Star History - Complete daily star counts for any repo

⏰ Hourly Stars - Hour-by-hour activity with timezone support

🔀 Compare Repos - Side-by-side comparison of any two repositories

📊 Activity Timelines - Commits, PRs, Issues, Forks, Contributors over time

📌 Pin Favorites - Bookmark repos for quick access without retyping

📰 Feed Mentions - See when repos were mentioned on HN, Reddit, YouTube, GitHub

💾 Export Data - Download as CSV or JSON

🌙 Dark Mode - Easy on the eyes

Try/use it online at emanuelef.github.io/daily-stars-explorer or install it for yourself.

Brian #3: Markdown to pdf with pandoc and typst

typst suggestion from Matt Harrison

Markdown is awesome

Pandoc is great for converting markdown to tons of stuff

but for pdf, it goes through LaTeX, which is … yuk (my opinion)

Pandoc also can convert to typst

And typst creates beautiful pdfs and is way easier (my opinion) to deal with than LaTeX.

New tools

brew upgrade pandoc

brew install typst

Now convert

pandoc something.md --to typst -o something.typ

typst compile something.typ something.pdf

Michael #4: postman2pytest

via Mikhail

Based on postman app

Convert Postman Collection v2.1 JSON into executable pytest test suites

Postman collections document your API. postman2pytest turns that documentation into executable regression tests that run in CI. No manual rewriting, no drift.

Extras:

New blog, who dis? - testandcode.org is now on .org and a blog and soon to be a “publisher”.

Joke: Centering a div

...more

View all episodes

By Michael Kennedy and Brian Okken

4.7

212212 ratings