Branching Workflows: Choosing the Right Git Strategy for Your Team
Video version at: https://youtu.be/R_-NG_frTiw Last month, two developers on a team I was working with both merged their branches to main within minutes of each other. The first merge was fine but the the second introduced a conflict in a shared service class that nobody caught until the CI pipeline deployed a broken build to […] The post Branching Workflows: Choosing the Right Git Strategy for Your Team appeared first on PHP Architect.
An Update on Composer & Packagist Supply Chain Security
Composer and Packagist share a solid overview of the supply chain security work already in place, what is shipping now, and what is coming next. Worth reading if you maintain PHP packages or care about how the ecosystem is hardening against package compromise. Read more
Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security
Socket CEO Feross Aboukhadijeh joined John Coogan and Jordi Hays on TBPN to discuss Socket's $60 million Series C led by Thrive Capital, the company's 500%+ ARR growth over the past 12 months, and why software supply chain security has moved to the top of the priority list at nearly every company. The 10-minute conversation covers three forces converging right now: AI generating more third-party code than ever before, frontier models surfacing massive volumes of vulnerabilities across operating…
Get a Good Return on Your AI Investments
Last week, we had our first Infrastructure & Ops superstream of 2026, Platform Engineering in the Age of AI. Our speakers explored a range of topics focused on supporting new AI workloads, each with unique infrastructure needs, unpredictable costs, and novel security concerns. Google Cloud’s Abdel Sghiouar took the audience through what a good platform […]
I think Anthropic and OpenAI have found product-market fit
Anthropic are strongly rumored to be about to have their first profitable quarter. Stories are circulating of companies surprised at how expensive their LLM bills are becoming from usage by their staff. I think this is because OpenAI and Anthropic have both found product-market fit. Enterprise customers are now paying API prices I think they've found product-market fit And they're ramping up The AI-failure stories around this are pretty thin We also know the labs are spending a lot API revenue…
SymfonyOnline June 2026: Custom PHPStan Rules: Guardrails for AI-Assisted Symfony Code
SymfonyOnline June 2026 is officially scheduled for June 11 and 12, 2026! Join us online for two tracks of cutting-edge tech talks: one full day dedicated to AI and another full day focus on Symfony Deep Dive. 🎤 Speaker announcement! We are excited…
New in Symfony 8.1: Improved JSON Streaming and Querying
Symfony includes two components dedicated to working with JSON: JsonStreamer encodes PHP data into JSON and decodes JSON back into PHP objects by streaming the contents, which provides high performance and low memory usage even for large payloads; JsonPath…
CVE-2026-48807: Sandbox `__toString()` policy bypass via `Traversable` in `join`/`replace` and `in`/`not in` operators
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded __toString()…
CVE-2026-46636: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description The per-template filter, tag and function allow-list check is compiled into the checkSecurity() method of each Template…
CVE-2026-48806: Sandbox `__toString()` policy bypass via dynamic mapping keys
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded __toString()…
CVE-2026-48805: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description The 3.26.0 source-policy hardening changed the signature of CoreExtension::checkArrow() to take a boolean $isSandboxed…
CVE-2026-48808: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description This is a residual bypass of CVE-2026-46635 / GHSA-vcc8-phrv-43wj that only affects sandboxing enabled through SourcePolicyInterface…
Locally great, globally drifting
A thoughtful review of AI-generated frontend code in a real product: strong in isolated spots, but increasingly inconsistent at the system level. It also makes the case for using AI as a candidate generator and validator, not as the reviewer with the final opinion. Read more
Agent Skills
The following article originally appeared on Addy Osmani’s blog and is being reposted here with the author’s permission. The default behavior of any AI coding agent is to take the shortest path to “done.” Ask for a feature and it writes the feature. It doesn’t ask whether you have a spec, write a test before […]
Aucun résultat
Essayez avec d'autres termes de recherche.