1
0
Fork 0
freesewing/sites/org/blog/roundup-2018-11/index.mdx
Joost De Cock 51dc1d9732
[breaking]: FreeSewing v4 (#7297)
Refer to the CHANGELOG for all info.

---------

Co-authored-by: Wouter van Wageningen <wouter.vdub@yahoo.com>
Co-authored-by: Josh Munic <jpmunic@gmail.com>
Co-authored-by: Jonathan Haas <haasjona@gmail.com>
2025-04-01 16:15:20 +02:00

52 lines
2.2 KiB
Text

---
authors: 1
caption: 'Your login background for December'
date: '2018-11-30'
intro: 'Monthly roundup - November 2018: New showcases and a (false) security alarm'
title: 'Monthly roundup - November 2018: New showcases and a (false) security alarm'
---
This is your monthly roundup of the freesewing news of the last four weeks,
and a look at what lies ahead in the next month.
<!-- truncate -->
## Looking back at November
I have been very busy this month, but more about that in our roundup post for
the year which you can expect on December 10th.
Because I've been busy, a few showcase posts had fallen through the cracks.
I've cleared the backlog in my inbox now, and as a result we have [a new Bruce
showcase by Felix](/showcase/bruce-three-pack) and [a new Sandy showcase by
Karin](/showcase/sandy-by-karin).
If you've made one of our patterns, make sure to send in your pictures so we
can add them too. I mean, even if it takes a while, I do eventually get around
to it :)
Earlier this week, I woke to the unsettling news that a popular package on NPM
[had been hijacked by malicious
actors](https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/).
That's obviously shitty behaviour, but the fact that this package is a
dependency of our backend (as in, we use it) made for a rude awakening. Our
backend was patched by the time I got to work (yay for trains), but as more
information came to light, it turned out it was never a problem in the first
place.
For one thing, the dependency was a so-called development dependency. Code that
is included while developing, but not included in the production build.
Furthermore, the malicious actors were targetting a very specific set of people
in order to make off with their bitcoin, so there was never an issue.
As the story was developing, we [posted updates on
Twitter](https://twitter.com/freesewing_org/status/1067312509672177664) so if
you want to make sure you want to hear all the latest news, make sure to follow
[@freesewing_org](https://twitter.com/freesewing_org) on Twitter.
## Looking ahead to December
In early December we traditionally do our yearly roundup, so more on that soon
:)