Tu Nguyen mrtuvn

Security updates available for Magento - APSB22-12

Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution.

Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.

This vulnerability has a similar severity as the Magento Shoplift vulnerability from 2015. At that time, nearly all unpatched Magento stores globally were compromised in the days after the exploit publication.

– Sansec (https://sansec.io/research/magento-2-cve-2022-24086)

$ npx autoprefixer --info
Browsers:
  Chrome for Android: 90
  Firefox for Android: 87
  QQ Browser: 10.4
  UC for Android: 12.12
  Android: 90
  Chrome: 90, 89, 88, 87
  Edge: 90, 89, 88

Ten seconds to ponder if a thread is worth it

A userstyle that makes you wait ten seconds before entering a Hacker News thread. I use stylus to manage mine.

.subtext {
  display: inline-block;
 background: linear-gradient(to left, transparent 50%, #f60 50%) right;

Add composer v2 support to older Magento2 versions

Magento 2.3.7 and 2.4.2 ship with composer v2 support out of the box but as far as I can see the only thing that needs to happen is to use some more modern versions of certain composer plugins which are used by certain dependencies of Magento.

This means we should be able to add composer v2 support to older Magento2 versions as well if we get a bit creative.

See below for diffs of the composer.json files you can apply to your projects, be sure to keep a mental note of these things, they will need to maintained by yourself in case newer versions of these modules are released. And if one day you update to Magento 2.3.7 or 2.4.2 or higher, you can remove these changes again.

⚠️ Disclaimer: use these tricks at your own risk!

Install Terminator (shell)

sudo add-apt-repository ppa:gnome-terminator
sudo apt-get update
sudo apt-get install terminator

Terminator should be setup as default now. Restart your terminal (shortcut: "Ctrl+Alt+T").

Install ZSH

Install php7.0-fpm

# remove php5 modules
apt-get autoremove --purge php5-*
# add php-7.0 source list by [Ondřej Surý](https://github.com/oerdnj)
add-apt-repository ppa:ondrej/php
# Update index
apt-get update
# Install php7.0-fpm with needed extensions

Debug your PHP in Docker with Intellij/PHPStorm and Xdebug

For your local dev, create a Dockerfile that is based on your production image and simply install xdebug into it. Exemple:

FROM php:5

RUN yes | pecl install xdebug \
&amp;&amp; echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" &gt; /usr/local/etc/php/conf.d/xdebug.ini \

This is the follow up to a post I wrote recently called From Require.js to Webpack - Party 1 (the why) which was published in my personal blog.

In that post I talked about 3 main reasons for moving from require.js to webpack:

Common JS support
NPM support
a healthy loader/plugin ecosystem.

Here I'll instead talk about some of the technical challenges that we faced during the migration. Despite the clear benefits in developer experience (DX) the setup was fairly difficult and I'd like to cover some of the challanges we faced to make the transition a bit easier.

Git Cheat Sheet

Single Git Commands

Initialize a git repo in the current directory

# git init

Add a remote called "origin"

git remote add origin https://github.com/your-username-here/your-repo-here.git

	vcl 4.0;

	import std;
	# The minimal Varnish version is 4.0
	# For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'

	backend default {
	.host = "localhost";
	.port = "8080";
	.first_byte_timeout = 600s;