Linux 7.1, tRPC updates, Biome 2.0 beta — Dev Signal
Linux 7.1, tRPC updates, Biome 2.0 beta
Share:
Tool of the Week
Linux 7.1 released with driver and networking fixes
7.1 is a routine release with heap overflow fixes in USB serial drivers, networking stack corrections, and trace tooling updates—no architectural changes or major regressions reported.
Kernel consumers running production systems need the heap overflow patches (USB serial io_ti driver) and memory leak fixes across drivers and networking subsystems. Merge window latency may be irregular due to Torvalds' travel, affecting pull request processing timelines.
This is a maintenance release, not a feature upgrade. Deploy if you're on 7.0 and affected by the USB serial or networking issues listed (particularly heap overflows in get_manuf_info() and build_i2c_fw_hdr()). No breaking changes or new dependencies. Safe to upgrade on standard kernel update cycles.
“7.1 is mostly various smaller driver updates (gpu, networking, sound, misc) with some networking and trace tooling fixes”
“nothing particularly interesting or scary stands out, which is as it should be”
“USB: serial: io_ti: fix heap overflow in get_manuf_info()”
“USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()”
linux-kerneldriver-fixessecurity-patchnetworking
Dev Signal
Get issues like this in your inbox — free, 3x a week.
Quick Signals
tRPC drops abstraction layer for React Query
New tRPC client uses native TanStack Query interfaces (QueryOptions, MutationOptions) instead of wrapper hooks, eliminating a confusing abstraction layer.
Removes cognitive friction for developers already using TanStack Query elsewhere in their app—you follow the same patterns instead of learning tRPC-specific syntax. Also fixes a hooks-linting issue in the classic client that breaks under React Compiler.
Replaces the classic tRPC React Query integration (still maintained but no new features). Requires: tRPC next-release, refactoring useQuery/useMutation calls to use .queryOptions()/.mutationOptions() factories. Both clients coexist, so gradual migration is viable. Ready now for new projects; existing projects should migrate incrementally.
“new TanStack React Query integration for tRPC is now available on tRPC's next-release”
“choosing to utilize the QueryOptions and MutationOptions interfaces native to TanStack React Query”
“removing a layer of abstraction which is a common source of confusion for new users”
“Our classic React Query integration actually breaks the rules of hooks; it cannot be correctly linted”
“Both clients are compatible with each other and can exist in the same application”
RegexPhraseQuery and HyperLogLog++ cardinality aggregation ship alongside 45% memory reduction in top_hits and fixed merge crashes for multivalued indices >4GB.
Enjoying Dev Signal? Get every issue in your inbox.
Free forever · 3 issues a week · One-click unsubscribe
3 issues a week · Free forever · 4,200+ developers
If you're building search on Rust, the regex phrase support and cardinality aggregation cut implementation friction for complex queries. Memory and merge fixes remove production footguns—especially the u32→usize bitpacker swap that previously crashed on large multivalued columns.
Drop-in upgrade for existing Tantivy users. No breaking changes except removed index sorting (likely unused). Worth upgrading now if you run multivalued indices or phrase-heavy workloads. RegexPhraseQuery is immediately useful for permissive match patterns.
“RegexPhraseQuery has been added, which supports phrase queries with regex”
“Cardinality aggregation allows for counting the number of distinct values in a field”
“leverages HyperLogLog++, to provide a space-efficient estimation for large datasets”
“Faster term fetching and reduced memory consumption for top_hits aggregation by 45%”
“This enables multivalued columns larger than 4GB, which crashed during merge before”
rustsearch-enginetantivyperformanceaggregations
Workflows scales to 50k concurrent instances
Cloudflare rearchitected Workflows control plane with SousChef and Gatekeeper components to horizontally scale from 4.5k to 50k concurrent instances and 100 to 300 creations/second, enabling agent-driven workloads at machine speed.
Agent-triggered workflows now replace human-triggered patterns, requiring durable execution at scale; developers building persistent agents need platforms that survive thousands of concurrent instances without losing progress or hitting hard rate limits.
Replaces V1 architecture bottleneck (single Account Durable Object). Requires zero code changes—backward compatible. Ready now: live migration complete. Worth adopting if you run agent loops spawning dozens of workflows per session or need 300+ instance creations/second.
“50,000 concurrent instances (number of workflow executions running in parallel), originally 4,500”
“300 instances/second created per account, previously 100”
“2 million queued instances (meaning instances that have been created or awoken and are waiting for a concurrency slot) per workflow, up from 1 million”
“a single agent session can now kick off dozens of workflows, and many agents running concurrently means thousands of instances created in seconds”
“every step is independently retryable, the workflow can pause for human-in-the-loop approval, and each instance survives failures without losing progress”
Origin (scheme + host + port) is the fundamental security boundary; cross-origin resource loading permits execution but blocks read access, creating leak vectors through side effects.
Misunderstanding origin scope causes cache-poisoning, CSRF, and unintended data leaks when embedding third-party scripts or iframes. Developers need precise mental models to avoid cross-site script inclusion vulnerabilities.
This is foundational reference material, not a tool or library. Use it to audit your iframe/popup interactions and HTTP request handling. Requires reviewing your cross-origin postMessage calls and CORS configurations against the documented corner cases (window.length reads, location.replace navigation tricks).
“An origin is usually a tuple of a scheme, a host and a port of a URL”
“cross-origin resources that are loaded into the current document (e.g., scripts, images) can be used (e.g., executed or displayed) but not properly read”
“This can lead to unintended leaks, called Cross-Site Script Inclusions”
“A Site is a combination of a scheme and a host's registerable domain”
“Cross-Origin Isolation is a newer security boundary, that was created as a reaction to two noteworthy attack groups”
GritQL plugins, domain-based rule grouping, and cross-file analysis replace ESLint + typescript-eslint setup, but project scanning adds latency.
Multi-file linting and type-aware rules (noFloatingPromises) eliminate typescript-eslint overhead; automatic domain detection cuts configuration friction for React/Next projects.
Replaces ESLint + typescript-eslint for JS/TS projects. Requires npm install --save-exact @biomejs/biome@beta and pre-release IDE extensions. Worth testing now on non-critical projects; performance regression likely in large repos until scanner optimization lands.
“You can write custom lint rules using GritQL”
“Scanning projects means that Biome has become slower for many projects”
“Biome's total set of recommended rules should be most relevant to your specific project needs”
“noFloatingPromises rule, one of the most-requested rules that relies on type information”