GitHub users who always wanted to write their own CLI tool extensions should have a look at the newly released version 2.0 of the project. The update allows users to create their own commands manually or via gh extension create, which can then be installed and used by others as well. 

Extensions must be executable — GitHub recommends bash scripts, and housed in their own repository that follows the gh-extensionName convention. Examples, such as a utility to set your GitHub status or one to find good first issues, are available in the announcement post. 

Trello adds new subscription tier, changes who can do what

Atlassian subsidiary and Kanban-board provider Trello has announced some changes to its pricing system, which goes hand in hand with the discontinuation of Trello Gold and the introduction of a Standard plan. The Standard package is meant to set teams back $5 per user per month and add features like advanced checklists, custom fields, and additional automated command runs per month to the free tier. 

Changes beyond that include unlimited power-ups and the option to set custom backgrounds and stickers for those using free workspaces. Subscribers to the Business Class meanwhile need to get used to a new name, since this is now known as the Premium tier, and will benefit from unlimited automation command runs.

Npm registry says goodbye to anything below TLS 1.2

The team behind the Node.js package manager npm announced its plans to enforce the use of TLS 1.2 or higher beginning 4 October, 2021. Though they are pretty sure the change is only going to affect a very small percentage of users, alerting activities have already started making sure those who need to upgrade are aware of the situation. So if you have seen a notification popping up this week which you just dismissed, this is probably why.

Envoy pushed security fixes for five severe security flaws

The Envoy team encourages users of the proxy to jump on version 1.19.1, 1.18.4, 1.17.4, or 1.16.5 to make sure they are protected from five high-severity, remotely exploitable vulnerabilities. CVE-2021-32777, CVE-2021-32779, CVE-2021-32781, CVE-2021-32778, and CVE-2021-32780 all sport an CVSS score of 8.6 and can be used to bypass various authorisation policies, inflate resource consumption, or lead to abnormal termination.

Ray 1.6 tempts devs with runtime environments and datasets

Distributed app building framework Ray has been updated to version 1.6 this week. Amongst other things the release pushed runtime environments into general availability, allowing developers to “dynamically specify per-task, per-actor and per-job dependencies, including a working directory, environment variables, pip packages and conda environments”. 

It also includes an alpha version of an Apache Arrow-powered interchange format for distributed datasets, autoscaler support for TPUs, and the 0.1 release of Ray Lightning, which provides PyTorch Lightning plugins for distributed training, so the release notes are definitely worth a look.

Qt Creator 5.0 dips toes into the world of Docker containers

Many developers will be quite interested to learn that the latest version of cross-platform IDE Qt Creator is not only good to go, but also comes with “some support for building and running applications in Docker containers”. According to the blog post accompanying the 5.0 release, a newly added plugin allows users working on Linux hosts with CMake as their build system to create a Docker device which can then be used as a build device.

Other than that the update includes experimental support for clangd instead of libclang as the backend for the C/C++ code model, ways to work with MS Visual Code ARM toolchains, various fixes for the C++ code model, and some changes that should lead to less project freezing.

Gitea brings slew of breaking changes

Gitea 1.15 is now ready for downloading. Though not a major release, the new version of the self-hosted Git service project demands a bit of attention from its users — after all it sports a whole 14 breaking changes which range from new defaults and changed permissions to updated dependencies. 

Teams that make the jump are, however, able to profit from a variety of new features including tag protection, the ability to push-mirror repos to a remote destination, GPG key ownership verification via signed tokens, or use attachments in PR reviews.