Next.js Security Vulnerability (CVE-2025-29927) – The big news this week is the recent Next.js middleware vulnerability that lets attackers bypass middleware authorization by tweaking the x-middleware-subrequest header. It affects versions from 11.1.4 all the way to unpatched 15.x releases If you’re running Next.js, update yesterday. Here are some key links covering the incident:
Authorization in Next.js – In light of the recent security incident, this guide couldn’t be more timely. It explains everything from securing data access at the API layer to routing, UI, and middleware strategies // ROBIN WIERUCH
📙 Tutorials, Articles & Opinion
► Next.js Finally Fixed Caching – Caching in Next.js finally feels right thanks to Dynamic IO and useCache. Features like cacheTags and cacheLife make it easy to control how your data is cached. Check out the video to see how it works. // WEB DEV SIMPLIFIED
𝕏 Different data fetching patterns in Next.js – After noticing a developer frustrated with slow data loading in Next.js, Lee shared a quick video outlining how to achieve fast, snappy navigation using granular loading states, server-side data fetching with React 19, and caching with SWR. Turns out, Next.js can handle this use cases just fine, if you know the right tricks // LEE ROBINSON
SSR Deep Dive for React Developers – A comprehensive guide to SSR, hydration, and SSG in React. Covers the pros, cons, and costs of server-side rendering, with practical challenges to test your knowledge // NADIA MAKAREVICH
📦 Packages / Tools / Repos
Announcing tRPC v11 – tRPC v11 is finally out, bringing TanStack Query v5 support, FormData handling, better React Server Components integration, streaming responses, and simplified router definitions. // TRPC
shadcn/ui Dashboard Template – A fully open-sourced app built to test Tailwind v4. Features custom themes, draggable rows, editable tables, and filters. Perfect if you want to see Tailwind v4 in action or steal some ideas for your next project // SHADCN
Parcel v2.14.0 – React Server Components finally starting to find their way into other tools. Really cool! Of course there is more: first-class MDX support, a shiny new React error overlay, and native HTML import maps for better browser caching. Oh, and there's a CLI to scaffold new Parcel apps // PARCEL
Base UI v1.0.0 (alpha.7) – Toolbar, useRender, modal for Popover, and locale for NumberField headline this release. Accessibility upgrades and bug fixes across Accordion, Dialog, Slider, and more. // BASE UI
🌈 Related
Next.js vs TanStack – A really well written, brutally honest comparison of Next.js and TanStack, highlighting the trade-offs between complexity and simplicity // KYLE GILL
New URLPattern API brings improved pattern matching – The URLPattern API is now available in Node.js (v23.8.0) and Cloudflare Workers. The goal is to make URL matching easier with named parameters, wildcards, and regex-like patterns. Also, it’s part of the WinterTC effort to unify JavaScript runtimes // YAGIZ NIZIPLI
Learn Zod So You Can Trust Your Data and Your Types – A beginner-friendly guide to Zod, the TypeScript library for validating and transforming data. Learn about schemas, pipelines, and error handling, with a playground to test your setups // DIANA MACDONALD
|