This Month in React

TMiR 2025-03: Next had an auth vulnerability, TypeScript is porting to Golang

Listen Later
  • Job market: FRED data, Layoffs.fyi
  • Conferences (React, Javascript)
    • React Native Connection April 3 + 4, 2025 Paris, France
    • React Miami, Apr 17-18
    • CityJS London April 23-25 London, UK
    • App.js Conf May 28-30 Kraków, Poland
    • CityJS Athens May 27-31 Athens, Greece
    • SquiggleConf 2025 CFP closes May 23
  • Sponsored by Infinite Red
  • New releases
    • TypeScript 5.8
    • Typescript Release with Go
    • React Native 0.78 - React 19 and more
    • Next 15.2
    • Tanstack Form 1.0
    • Zeego v3
    • Material UI v7
    • "Slot pattern" for overriding internals
    • Parcel v2.14
    • XState Store v3
    • Better Auth v1.2
  • Main Content
    • Lynx being released
      • Release blog
    • Security vulneratibility in Next.js: CVE-2025-29927
      • Original researcher report
      • CVEs and the NVD Process
      • Postmortem on Next.js Middleware bypass
      • Next.js and Coordinated Disclosure
      • You should know this before choosing Next.js
    • React Native 0.78 - React 19 and more
    • React Native Core Contributor Summit 2024 Recap
    • TypeScript compiler Golang rewrite??
      • Github discussion and on reddit too
  • ⚡ Lightning round ⚡
    • JSC being extracted from RN Core
    • node-modules.dev v0.4.0
    • Fernando Rojo joining Vercel as Head of Mobile
    • Next vs TanStack (Router + Vite)
    • Expo’s AI Strategy
    • Laravel launched “starter kits” including React
    • React Native Enterprise Framework
    • State of React Native 2024
  • (00:00) - TSIR_March 2025
  • (00:45) - Job market: [FRED data](https://fred.stlouisfed.org/series/IHLIDXUSTPSOFTDEVE), [Layoffs.fyi](https://layoffs.fyi/)
  • (01:28) - Conferences ([React](https://react.dev/community/conferences), [Javascript](https://confs.tech/javascript))
  • (01:29) - [React Native Connection](https://reactnativeconnection.io/) April 3 + 4, 2025 Paris, France
  • (01:36) - [React Miami](https://www.reactmiami.com/), Apr 17-18
  • (01:49) - [CityJS London](https://london.cityjsconf.org/) April 23-25 London, UK
  • (01:55) - [App.js Conf](https://appjs.co/) May 28-30 Kraków, Poland
  • (02:06) - [CityJS Athens](https://athens.cityjsconf.org/) May 27-31 Athens, Greece
  • (02:13) - [SquiggleConf 2025 CFP](https://2025.squiggleconf.com/cfp) closes May 23
  • (03:19) - [Sponsored by Infinite Red](https://infinite.red/)
  • (04:24) - New releases
  • (04:26) - [TypeScript 5.8](https://devblogs.microsoft.com/typescript/announcing-typescript-5-8/#the---erasablesyntaxonly-option)
  • (05:00) - [Typescript Release with Go](https://devblogs.microsoft.com/typescript/typescript-native-port)
  • (06:26) - [React Native 0.78 - React 19 and more](https://reactnative.dev/blog/2025/02/19/react-native-0.78)
  • (06:44) - [Next 15.2](https://nextjs.org/blog/next-15-2)
  • (07:07) - [Tanstack Form 1.0](https://tanstack.com/blog/announcing-tanstack-form-v1)
  • (07:54) - [Zeego v3](https://github.com/nandorojo/zeego/releases/tag/v3.0.1)
  • (09:04) - ["Slot pattern" for overriding internals](https://mui.com/material-ui/customization/overriding-component-structure/)
  • (10:45) - [Parcel v2.14](https://x.com/devongovett/status/1902022923764076808)
  • (12:33) - [XState Store v3](https://stately.ai/blog/2025-02-26-xstate-store-v3)
  • (13:11) - [Better Auth v1.2](https://www.better-auth.com/changelogs/1-2)
  • (14:31) - [Lynx being released](https://lynxjs.org/)
  • (14:33) - [Release blog](https://lynxjs.org/blog/lynx-unlock-native-for-more)
  • (18:20) - [Original researcher report](https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware)
  • (20:36) - [CVEs and the NVD Process](https://nvd.nist.gov/general/cve-process)
  • (25:03) - [Postmortem on Next.js Middleware bypass](https://vercel.com/blog/postmortem-on-next-js-middleware-bypass)
  • (27:00) - [Next.js and Coordinated Disclosure](https://sxlijin.github.io/2025-03-23-next-js-and-coordinated-disclosure)
  • (30:17) - [You should know this before choosing Next.js](https://eduardoboucas.com/posts/2025-03-25-you-should-know-this-before-choosing-nextjs/)
  • (31:37) - [React Native 0.78 - React 19 and more](https://reactnative.dev/blog/2025/02/19/react-native-0.78)
  • (34:27) - [React Native Core Contributor Summit 2024 Recap](https://reactnative.dev/blog/2025/02/03/react-native-core-contributor-summit-2024)
  • (36:42) - [TypeScript compiler Golang rewrite??](https://devblogs.microsoft.com/typescript/typescript-native-port/)
  • (41:23) - [Github discussion](https://github.com/microsoft/typescript-go/discussions/411) and [on reddit too](https://www.reddit.com/r/javascript/comments/1j8s441/comment/mh7ms9n/)
  • (44:50) - ⚡ Lightning round ⚡
  • (44:52) - [JSC being extracted from RN Core](https://github.com/react-native-community/javascriptcore)
  • (45:22) - [node-modules.dev v0.4....
    • ...more
    View all episodesView all episodes
    Download on the App Store
    This Month in ReactBy Reactiflux; with Mark Erikson, Mo Khazali, and Carl Vitullo