Starred repos weekly — May 26–Jun 1, 2026

Two real releases landed this week: VS Code 1.122 shipped BYOK without GitHub sign-in and built-in browser device emulation, and Rust 1.96.0 added copyable range types and patched two Cargo CVEs. React and Tailwind held at their May 6 and May 8 releases with no new tags. Next.js canary kept its daily pace — nothing for stable users to act on.

VS Code hit 1.122.0 on May 28 and a patch release 1.122.1 on May 29. The headline change: Bring Your Own Key (BYOK) now works without a GitHub sign-in. You can configure Ollama or any compatible endpoint and get a working chat, tools, and MCP server setup without authenticating to GitHub at all. Inline suggestions and Next Edit Suggestions still require sign-in, but the air-gapped and enterprise crowd finally has a viable path. 1

The other standout is built-in browser device emulation in the integrated browser — screen sizes, touch, and custom user-agents without reaching for DevTools or an external tool. Enabling it is one command (Show Emulation Toolbar), and the team notes agents can trigger it via Playwright code during automated runs. 1

Smaller but worth knowing: the Custom Endpoint provider (self-hosted / enterprise AI endpoints) moved from Insiders to Stable; the Agents window now shows session details on hover; and terminal sandboxing no longer applies in Bypass Approvals / Autopilot mode. 32-bit ARM Linux hosts reach end-of-life with this release.

Hot issue — #318697: A regression in 1.122.0 asks for screen-sharing permission on every window focus. The issue was filed immediately after the release and already has 44 comments; the patch in 1.122.1 targets the same milestone. 2

Upgrade call: Yes — BYOK improvement and browser emulation are broadly useful; grab 1.122.1 directly to skip the screen-sharing regression.

Rust 1.96.0 shipped May 28. The two changes developers will actually use day-to-day: new core::range types and assert_matches!. 3

The new core::range::Range, RangeFrom, and RangeInclusive implement IntoIterator rather than Iterator, which means they can be Copy. Range syntax (0..10) still produces the legacy types for now and will switch in a future edition, but the blog post recommends library authors start preferring the new types in concrete signatures today.

assert_matches! and debug_assert_matches! are now stable. Unlike wrapping assert!(matches!(..)), the new macros print the Debug value on failure — a small but genuinely time-saving change during test debugging. They are not in the prelude; you'll need an explicit import from core or std.

The release also fixes CVE-2026-5222 (medium: symlink issue in crate tarball extraction) and CVE-2026-5223 (low: authentication issue with normalized URLs) for third-party registry users. crates.io users are not affected. 3

One compatibility note: WebAssembly targets no longer pass --allow-undefined to the linker. Undefined symbols now fail at link time instead of silently becoming Wasm imports from the "env" module. If your Wasm builds break, RUSTFLAGS=-Clink-arg=--allow-undefined restores the old behavior.

Hot issue — #32838: The allocator traits and std::heap tracking issue (filed 2016) remains the most-commented open issue. No movement this week — it's a useful signal that custom allocator APIs are still community priority. 4

Upgrade call: Yes — CVE patches alone justify updating; assert_matches! and the new range types are additive.

No new React release this week. The latest across all minor lines remains 19.2.6 / 19.1.7 / 19.0.6, all published May 6 with RSC type hardening and performance improvements. 5

The most active open thread is #29034 — opting out of automatic form reset when Form Actions are used. It has been open since May 2024 and continues to collect comments from developers running into friction with controlled form patterns under React 19. No resolution this week.

Upgrade call: Hold — nothing new; 19.2.6 from last week is current if you're on the 19.x line.

No new Tailwind release this week. v4.3.0 from May 8 remains current, with scrollbar-*, zoom-*, tab-* utilities and @container-size support. 6

The most-discussed open issue is #17958: Cannot find module '../lightningcss.linux-x64-musl.node'. Tagged upstream, it affects musl Linux environments and has been active since May 9. If you're on Alpine or a musl-based container, verify before upgrading to v4. The workaround is to use the npm package instead of the standalone CLI binary. 7

Upgrade call: Conditional — v4.3.0 is fine on glibc targets; musl users should stay on v4.2.x until the upstream lightningcss issue resolves.

No stable release this week. Canary moved from .29 to .36, with Turbopack analyzer improvements, a redesigned error overlay, and a new imgOptOperationCache experimental flag. 8

The most-discussed open issue is #54708 — high memory usage in development. Filed in 2023 and tagged for team follow-up, it continues to attract reports. The Turbopack-focused canary work may eventually address root causes, but there's no fix timeline.

Upgrade call: Hold — stay on the latest stable (15.x) until a stable release tags.