Three Releases in 48 Hours
Between June 24 and June 26, three of the web's most-watched frameworks pushed production releases. Vue shipped v3.5.39, Angular released v22.0.3, and FastAPI published v0.138.1. Each release addressed different concerns — Vue focused on reactivity stability, Angular on compiler fixes, FastAPI on making its documentation structure agent-navigable — but the collective signal is the same: modern frameworks ship continuously.
FastAPI's Quiet Revolution
FastAPI 0.138.1 included a refactor described as making 'info easier to find for agents.' This is not a user-facing feature — it restructures internal documentation and skill definitions so that AI coding agents can navigate the framework's API surface more effectively. FastAPI is adapting its own architecture for machine consumption, not just human developers.
With 99,610 GitHub stars and only 40 known CVEs, FastAPI continues to represent the highest security-to-popularity ratio of any Python web framework in WebPulse's dataset. Flask, by comparison, has 71,843 stars but 186 CVEs — a 4.6x higher vulnerability density.
Angular 22: The Enterprise Workhorse
Angular v22.0.3 is a patch release, but its mere existence tells a story. Google's framework maintains a predictable six-month major release cadence with continuous patch cycles. Angular 22 represents the framework's full commitment to signals-based reactivity — a fundamental architectural shift that enterprise teams can adopt incrementally.
WebPulse detects 1,479 Angular sites in its Tranco 100K scan, making it the fourth most-detected framework after WordPress, Drupal, and Next.js. Angular's enterprise footprint remains substantial, and its release velocity ensures those deployments stay current.
The Velocity Gap
WordPress, which powers 10,816 sites in WebPulse's Tranco 100K scan, publishes zero releases on GitHub. Its development happens behind closed doors through SVN and trac — a process invisible to the dependency tracking, security scanning, and automated upgrade tooling that modern DevOps relies on.
This is not a philosophical difference. It is an operational one. When Vue, Angular, or FastAPI ship a security fix, automated systems detect the release, CI/CD pipelines trigger updates, and dependency bots create pull requests — often within hours. WordPress updates require manual intervention, plugin compatibility checks, and hope that the 18,321 CVEs in its ecosystem haven't acquired a new neighbor overnight.
