Sourcegraph 3.42 release
sourcegraph-3-42-release
Update as of July 29: Patch 3.42.1 has been released, which fixes the issue below. If you previously download 3.42.0 and turned off sgm, we recommend upgrading to 3.42.1 and turning on sgm to fix any repo corruption.
Update as of July 27: We identified a bug in Sourcegraph 3.42 that can cause issues with gitserver. We are working to fix this in an upcoming patch. In the meantime, we recommend running version 3.41.
Sourcegraph 3.42 is now available! For this release, we introduced:
Measure the value of Sourcegraph with admin analytics
We believe providing a world-class admin experience is critical for the success of Sourcegraph customers. This starts with enabling administrators to measure and track the value of Sourcegraph within their organization.
Historically, Sourcegraph administrators relied on word-of-mouth feedback from developers, leading to a poor understanding of the value of Sourcegraph within an organization.
In 3.42, we are releasing a completely redesigned analytics experience for administrators. These visualizations will make it easier to understand developer engagement, identify power users, and measure the value of Sourcegraph.
New search UI, now in Beta
We're fixing UX papercuts and working to improve the core search experience. 3.42 includes a new, optional Beta UI, which can be enabled via a toggle in the avatar menu. Filters have moved to the right and are now collapsible, search results are more compact and individually expandable, and buttons in the header have been combined to reduce clutter.
This UI is disabled by default but we encourage you to give it a try. We think you'll find it cleaner and easier to use. You can find the toggle below the theme dropdown in the avatar menu.
Search by repository descriptions
We've introduced a new search predicate that enables searching by repository description, for example: repo:has.description(machine learning). Now you can search for interesting repository topics, even if you don't know their names.
This is especially useful for engineers joining new teams or onboarding to a codebase at a new company, so you can quickly find repositories without knowing exactly what you're looking for.
Code Insights load faster and include more historical datapoints
Insights running over an explicit list of repos now behave like insights running over all repositories.
They:
- Backfill 12 historical datapoints (instead of 7)
- Now load 3-10x faster on future page visits thanks to persisting their datapoints
- Better handle large results sets and repositories
- Take daily snapshots of the current state and save it at your defined interval
Code Insights better supports large monorepos
Code Insights now better supports running insights over large monorepos. Insights now use our streaming endpoints to avoid being limited by global network timeouts, have improved retry behavior, and send insights running over explicitly-listed individual monorepos to our persistent backend (see prior highlight above).
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
release
datasette-llm 0.1a2
<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm/releases/tag/0.1a2">datasette-llm 0.1a2</a></p> <blockquote> <ul> <li><code>actor</code> is now available to the <code>llm_prompt_context</code> plugin hook. <a href="https://github.com/datasette/datasette-llm/pull/2">#2</a></li> </ul> </blockquote> <p>Tags: <a href="https://simonwillison.net/tags/llm">llm</a>, <a href="https://simonwillison.net/tags/datasette">datasette</a></p>
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
<p><strong><a href="https://socket.dev/blog/axios-npm-package-compromised">Supply Chain Attack on Axios Pulls Malicious Dependency from npm</a></strong></p> Useful writeup of today's supply chain attack against Axios, the HTTP client NPM package with <a href="https://www.npmjs.com/package/axios">101 million weekly downloads</a>. Versions <code>1.14.1</code> and <code>0.30.4</code> both included a new dependency called <code>plain-crypto-js</code> which was freshly published malware, stealing credentials and installing a remote access trojan (RAT).</p> <p>It looks like the attack came from a leaked long-lived npm token. Axios have <a href="https://github.com/axios/axios/issues/7055">an open issue to adopt trusted publishing</a>, which would ensure that only their GitHub Actions workflows ar
Blind `npm install` Execution Risks Security Vulnerabilities: Review Lockfiles to Mitigate Threats
<p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk3labo0gsfmuphb69nbt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk3labo0gsfmuphb69nbt.png" alt="cover" width="800" height="420"></a></p> <h2> Introduction: The Silent Threat in npm Install </h2> <p>The recent attack on the npm ecosystem didn’t target security engineers meticulously reviewing lockfiles. It targeted the rest of us—developers who type <code>npm install</code> and move on, trusting the process implicitly. This blind executi
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Releases
datasette-llm 0.1a2
<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm/releases/tag/0.1a2">datasette-llm 0.1a2</a></p> <blockquote> <ul> <li><code>actor</code> is now available to the <code>llm_prompt_context</code> plugin hook. <a href="https://github.com/datasette/datasette-llm/pull/2">#2</a></li> </ul> </blockquote> <p>Tags: <a href="https://simonwillison.net/tags/llm">llm</a>, <a href="https://simonwillison.net/tags/datasette">datasette</a></p>
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
<p><strong><a href="https://socket.dev/blog/axios-npm-package-compromised">Supply Chain Attack on Axios Pulls Malicious Dependency from npm</a></strong></p> Useful writeup of today's supply chain attack against Axios, the HTTP client NPM package with <a href="https://www.npmjs.com/package/axios">101 million weekly downloads</a>. Versions <code>1.14.1</code> and <code>0.30.4</code> both included a new dependency called <code>plain-crypto-js</code> which was freshly published malware, stealing credentials and installing a remote access trojan (RAT).</p> <p>It looks like the attack came from a leaked long-lived npm token. Axios have <a href="https://github.com/axios/axios/issues/7055">an open issue to adopt trusted publishing</a>, which would ensure that only their GitHub Actions workflows ar
Why Your AI Solves the Wrong Problem (And How Intent Engineering Fixes It)
<p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiztcnc9vfessx2zlhm72.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiztcnc9vfessx2zlhm72.png" alt="Banner" width="800" height="533"></a></p> <p><strong>TL;DR</strong><br> AI systems don't usually fail because the model is wrong. They fail because the system solved the wrong problem correctly.</p> <p><strong>Intent engineering</strong> is the layer that closes the gap between what you say and what you actually mean. It ensures the system is
Stop tuning LLM agents with live API calls: A simulation-based approach
<p>LLM agent configuration is a surprisingly large search space, including model choice, thinking depth, timeout, and context window. Most teams pick a setup once and never revisit it. Manual tuning with live API calls is slow and expensive, and usually only happens after something breaks.</p> <p>We explored a different approach: simulate first, then deploy. Instead of calling the model for every trial, we built a lightweight parametric simulator and replayed hundreds of configuration variants offline. A scoring function selects the lowest-cost configuration that still meets quality requirements.</p> <p>The full search completes in under 5 seconds.</p> <p>A few patterns stood out:</p> <ul> <li>Many agents are over-configured by default </li> <li>Token usage can often be reduced without imp
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!