Merge Confidence is a new automated solution that helps developers safely update and remediate their open source dependencies by using a badge to show how likely an open source component can be updated without breaking the build.

“Open source components are updated at such a staggering rate, it is impossible to manage this process manually. With WhiteSource, dependencies are managed automatically, allowing developers to focus more of their time innovating your product,” said David Habusha, VP Product Management at WhiteSource. 

The new solution uses extensive open source dependency data to determine whether updates are safe to apply. 

Yellowbrick Data 5 released
Yellowbrick Data Release 5 delivers new capabilities in price/performance. This includes more investments in business-critical reliability and performance, finer-grained security, and faster query building with SQL functions. 

Release 5 adds rapidly self-healing clusters for fault tolerance and since Release 5 is more granular, it gives users subsecond control of a query across its lifetime. 

“Release 5 strengthens our product for demanding fault-tolerant applications, and our new Standard Service Plan extends the power of Yellowbrick to smaller use cases than before,” said Neil Carson, the CEO of Yellowbrick Data. “Businesses of all sizes know that real-time data and analytics power their competitive edge. We’re committed to their success.”

MacOS Big Sur now available
The update includes a new design, enhancements to Safari, Messages, Maps, and privacy and it is engineered for Apple’s new M1 chip. 

For better privacy, the Mac App Store will include a new section on each product page showing a developer-reported summary of the privacy practices of an app.

Xcode 12 makes it easy for developers to update their existing Mac apps to Universal 2 application binaries, adding native support for both M1- and Intel-based Macs within a single app.

Additional details are available here.

Apache weekly update 
This week at Apache saw the release of Apache Log4j 2.14.0, which contains a new Layout, JsonTemplateLayout, that is intended to ultimately replace JsonLayout.

Also, Apache CXF CVE-2020-13954 Reflected XSS in the services listing page via the styleSheetPath. By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. The vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8.

Apache also released its October 2020 Month in Review that contains the latest overview of events from the Apache community.

Additional details on the new releases from Apache are available here.