Next in Dev

Anthropic is suing the US government after being labeled a "supply chain risk," AI found 22 high-severity Firefox bugs in just two weeks, Astro 6 dropped with a completely rebuilt dev server, and there's major tooling news across Cloudflare, shadcn, Cursor, Figma, and more.This week in web development and AI news: the Anthropic lawsuit against the Trump administration, Claude's automated security scanning on the Firefox codebase, OpenAI acquiring Promptfoo, Apple Music AI transparency tags, Astro 6's new Vite Environment API and Cloudflare adapter, shadcn CLI v4 with AI agent skills, Cloudflare's new Browser Rendering crawl endpoint, Cursor plugins, Figma MCP updates, Claude Code releases, Next.js 16.2 canary progress, Railway, and Dokploy updates.0:00 Intro0:24 Anthropic sues the government2:07 Claude finds 22 Firefox bugs3:25 The Anthropic Institute4:16 OpenAI acquires Promptfoo5:08 Apple Music AI transparency tags6:37 Astro 67:49 Cloudflare Browser Rendering API8:15 shadcn CLI v48:52 Cursor plugins9:11 Figma updates9:44 Claude Code, Next.js, Railway, Dokploy10:59 Outro

Sam Altman told CNBC he shares Anthropic's safety principles. Less than 24 hours later, OpenAI signed a government contract without those principles and posted about it like a win. Here's why that matters if you build with AI.

Vercel's CEO called Cloudflare's new Next.js reimplementation "vibe-coded," and I have thoughts. Plus Cursor agents now get their own virtual machines, ChatGPT is serving ads on the first prompt, and Anthropic drops version 3 of its Responsible Scaling Policy.This is Next in Dev. It's a weekly roundup of everything happening in web development, AI tooling, and the platforms developers actually use.https://nlvcodes.com0:00 - Introduction0:22 - Cloudflare rebuilt Next.js in a week1:45 - Vercel's response (glass houses)2:37 - Cloudflare's 6-hour outage3:06 - Figma Make connectors3:26 - Next.js 16.2.0 canary roundup4:10 - Cursor agents get virtual machines4:56 - ChatGPT ads on first prompt5:12 - Anthropic Responsible Scaling Policy v36:04 - Railway DDoS protection + domains7:15 - Claude Code auto-memory + updates8:09 - Closing Thoughts

Anthropic's Pentagon contract is on the rocks, Figma now connects directly to Claude Code, and Tailwind CSS finally ships v4.2.0 after months of silence. Plus Payload CMS v3.77, Perplexity dropping ads, Cursor's new plugin marketplace, and more from the modern web dev world.This is Next in Dev, a weekly roundup of everything happening in web development, AI tooling, and the platforms developers actually use.0:00 - What's Coming Up0:13 - Payload CMS v3.771:27 - Figma + Claude Code2:17 - Next.js canary updates2:49 - Dokploy3:23 - Tailwind CSS v4.2.04:01 - Perplexity drops ads4:31 - OpenClaw founder joins OpenAI4:46 - Cursor 2.5 plugin marketplace5:19 - Anthropic vs the Pentagon5:52 - Claude Sonnet 4.66:18 - Anthropic & Infosys6:39 - Claude Code updates7:17 - Gemini AI music generation7:50 - Railway updates8:18 - Final Thoughts and Next Steps

This week in web development: Payload patches critical SQL injection vulnerabilities affecting Drizzle-based database adapters, Next.js ships 10 canary releases focused on Turbopack infrastructure and server-side HMR, and Anthropic commits to covering electricity cost increases caused by their AI data centers. Payload issued critical security patches for SQL injection vulnerabilities in version 3.73 and 3.74. This affects Drizzle-based adapters with JSON/rich text fields with read access set to anything but false in Postgres/SQLite with serial IDs. OpenAI is beginning to test ads in ChatGPT's free and Go tiers. Cursor released Composer 1.5 with 20x more reinforcement learning than v1, and Railway launches one-click Cloudflare DNS integration plus horizontal scaling without deployment cycles.0:00 Payload CMS Security Patches1:17 Payload v3.7.6 Release1:47 Shadcn/ui Blocks Update2:00 Next.js Canary Releases3:15 Cloudflare Markdown for Agents4:32 AWS Infrastructure Updates5:39 Dokploy v0.27 Stability Release6:12 OpenAI Ad Testing in ChatGPT6:49 Cursor Composer 1.57:55 Anthropic Nonprofit Access & Energy Commitment9:24 Claude Code Updates10:03 Google Gemini 3 Deep Think10:37 Railway Deployment Improvements12:00 Closing Thoughts

In this episode of Next in Dev, I cut through the noise of the latest AI agent arms race to find what actually matters. - Anthropic releases Claude Opus 4.6- OpenAI counters with the GPT-5.3 Codex and a dedicated macOS app- Payload 3.74/3.75 - shadcn’s new first-class RTL support Payload's skill live: https://youtube.com/live/3UDiLVe0PFA00:00 Payload CMS 3.74 & 3.75:02:00 Figma news02:50 Shadcn news03:27 Next.js news 03:54 Cloudflare news 04:34 The OpenClaw Experiment: A Security Nightmare? 05:15 OpenAI news06:29 Anthropic’s Ad-Free Promise07:11 Claude Opus 4.6 08:07 Claude Code & Xcode08:36 Gemini’s Ad Strategy 09:10 Railway Postgres Metrics & Flow Visualizer 09:55 Closing Thoughts

Payload 3.73 is here with Next.js 16 support, SQLite performance upgrades, and a new migration command for relational databases. We also dive into the latest Next.js security patches, Figma’s new glass effects, and Cursor’s sub-agent architecture for faster execution. Plus, all the latest news about the AI that matters.Chapters:00:00 Payload News 02:13 Figma News 02:47 Shadcn News 03:08 Next.js News 03:42 OpenAI News 04:19 Cursor News 05:27 Anthropic News 05:50 Claude Code News 06:17 Gemini News 06:53 Railway News 07:23 Astro News07:51 Closing Thoughts

Payload 3.72, Next.js 16, and Claude Code updates headline this week’s breakdown of essential web development news and security vulnerabilities. We explore Payload's new experimental per-locale publishing and the addition of depth parameters to MCP tools. On the performance side, Next.js continues its relentless focus on Turbopack and memory management. The industry is also grappling with significant security scares: a two-character filtering error that nearly compromised the AWS console and a Cloudflare firewall bug related to certificate renewal. Meanwhile, OpenAI introduces the ChatGPT Go plan at $8 USD/month, powered by GPT 5.2 instant, while pivoting toward an ad-supported model for free users. Finally, we compare the latest CLI enhancements from Cursor and Claude Code, and look at Railway’s intuitive CLI overhaul. Live stream mentioned: https://youtube.com/live/dDYkQ-fXJvwChapters:00:00 - Payload News00:50 - Shadcn News01:12 - Next.js News01:35 - Cloudflare News02:01 - AWS News02:26 - OpenAI News03:22 - Cursor News04:13 - Anthropic News05:26 - Claude Code News06:28 - Railway News07:26 - Closing Thoughts and Next Steps