Homebrew: Cask Auto-Updates Now Opt-In

Homebrew's development team has made cask auto-updates an opt-in feature through new environment variables, while also implementing security improvements for uninstall path validation and fixing Linux XDG directory support.

Duration: PT1M53S

Episode overview

This episode is a short developer briefing from Homebrew.

It explains recent repository work in plain language.

  • Show: Homebrew
  • Published: 2026-04-11T00:00:00Z
  • Audio duration: PT1M53S

Transcript excerpt

This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.

Good morning, I'm your host with the Homebrew development briefing for April 11th, 2026.

Mike McQuaid merged a significant change to cask auto-updates, making them opt-in rather than default behavior. The update introduces the HOMEBREW_UPGRADE_AUTO_UPDATES_CASKS environment variable to maintain current user behavior until Homebrew 5.2.0. The change also improves bundle version handling by ignoring…

McQuaid also merged security improvements for cask uninstall operations. The update hardens path validation by checking for relative path segments like dot and double-dot before tilde normalization, preventing potential directory traversal issues. New test coverage includes scenarios for relative paths and…

Douglas Eichelberger merged a code cleanup removing redundant T.let calls in Sorbet type annotations within initialize methods across multiple files including cache store, cask artifacts, and download strategy components.

Michael Cho merged a Linux-specific fix ensuring XDG_DATA_HOME environment variable is properly utilized in cask configuration, addressing directory standard compliance on Linux systems.

Additional commits include Timm Heuss fixing PATH environment issues for bundle…

Nearby episodes from Homebrew

  1. Parallel Installer Overhaul and API Documentation
  2. Type Safety Overhaul and Performance Gains
  3. Weekly Recap - Shell Integration & Type Safety
  4. Shell Environment and API Generation Updates
  5. Type Safety and Performance Improvements
  6. Code Cleanup and Dependency Management
  7. Type Safety and Cross-Platform Cask Improvements
  8. Type Safety and User Experience Improvements