OpenAI made news this week for adding more memory to ChatGPT and revealing Sora, a new text-to-video model, but developers may be more interested in other announcements the company made. OpenAI gave developers the ability to control more granular permissions on their API keys for specific endpoints. That’s particularly important for enterprises that want to build on the API, according to a company spokesperson.
It also increased the rate limit on GPT-4 Turbo so that applications can scale their OpenAI usage twice as high as before; the rate chart is online. Additionally, the AI company now has word-level timestamps on its Whisper Audio API, which enables more precise timestamps for transcripts and video edits.
Vercel has partnered with nine AI providers — including Replicate, Perplexity and PineCone — to provide integrations with Vercel’s AI SDK, a developer kit for building AI-powered user interfaces. These integrations will provide support for building chatbots, customer service flows, systems with semantic search, Retrieval Augmented Generation (RAG) and generative image services, noted Vercel’s Vice President of Product Jared Palmer.
Developers can access the AI tab on Vercel’s integration page, which makes third-party AI service discoverable from the Vercel dashboard.
Vercel also announced a new AI Playground where developers can preview and pull pre-built AI models directly into their applications within Vercel’s Frontend Cloud.
Redwood, a full-stack JavaScript/TypeScript web application framework, now has an observability tool called Redwood Studio. It provides tracing with OpenTelemetry, along with SQL statement logging, general metrics and a GraphiQL playground with impersonated authentication.
In the release notes for version 7.0.0, the Redwood team said the command line tool allows developers to identify slow-running SQL statements without reviewing the captured log files. It also “identifies and improves N+1 queries by comparing before and after traces” and makes it easier to “impersonate the user authentication headers in GraphiQL.”
The Studio is also integrated with the mailer, which provides a preview of what mail templates will look like, re-rendering them live as developers update the template code.
This release also announces support for GraphQL real-time, which means that applications can receive automatic updates whenever the underlying data changes. It’s used to support features such as live dashboards, chats and collaborative editing.
“One of the most often-asked questions before and after Redwood’s v1 launch was, ‘When will RedwoodJS support realtime?’” the team wrote. “In this release, serverful deploys can choose from two GraphQL Realtime solutions: Subscriptions and Live Queries.”
The new release also includes three new router hooks for better router introspection capabilities.
“Use these hooks to build more dynamic navigation components for your Redwood apps,” the post stated.
Android 15’s first developer preview was released last week and one new item worth noting is that it allows developers to take advantage of premium hardware features, including high-end camera capabilities. The plan is to refine it further before the final consumer release to help developers use hardware features such as GPUs and AI processing.
Android is also adding new capabilities to its Dynamic Performance Framework that will allow developers to optimize thermal, CPU and GPU management. That will allow performance-intensive apps and games to work more efficiently.
Express.js became the target of a swarm of pull requests thanks to a YouTube tutorial published by Apna College. The tutorial used the open source projects’ repo instead of a practice demo to show people how to submit a pull request. The video received 1.4 million views.
The college has posted a comment to the video urging students not to do a pull request or test on official repositories of any projects.
“Unfortunately the damage had already been done, and hundreds of spam PRs have been submitted to the Express.js project, diverting maintainers’ attention from meaningful development work,” noted Socket’s Sarah Gooding in a blog post about the event. Socket offers a GitHub security product that analyzes pull requests for risky behavior.
The incident highlights a broader problem for the community, Gooding noted, pointing to Hackoberfest, which she called a “corporate-sponsored distributed denial of service attack against the open source maintainer community.”
“So far today, on a single repository, myself and fellow maintainers have closed 11 spam pull requests,” Gooding added. “Each of these generates notifications, often email, to the 485 watchers of the repository. And each of them requires the maintainer time to visit the pull request page, evaluate its spamminess, close it, tag it as spam, lock the thread to prevent further spam comments and then report the spammer to GitHub in the hopes of stopping their time-wasting rampage.”
