Notable Changes The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) CVE-2023-24807: Regular Expression Denial Read more…
Notable Changes The following CVEs are fixed in this release: CVE-2023-23919: OpenSSL errors not cleared in error stack (Medium) CVE-2023-23918: Experimental Policies bypass via 1process.mainModule.require (High) CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable (Low) More detailed information on each of the vulnerabilities can be found in February Read more…
Notable Changes The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) Fixed by an update to undici: CVE-2023-23936: Read more…
Notable Changes The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post. Read more…
#474 — February 16, 2023 Read on the Web How To Scale Node Apps with Clustering — Node’s cluster module can be used to run and manage multiple Node instances as a way to distribute workloads. Stanley gives a thorough and practical walkthrough of how to do it and why Read more…
#473 — February 9, 2023 Read on the Web Node v19.6.0 (Current) Released — Node 19 moves up to npm 9.4 (which notably implements the pnpm-like isolated mode (via 1–install-strategy=linked ) and the still experimental loader hooks can now chain. Node 18.14.0 (LTS) is also out and features a significant Read more…
Version 1.30 of the Deno JavaScript/TypeScript runtime, published late January 2023, emphasizes support for built-in Node.js modules and offers a major update to the configuration file. With Deno, npm packages have already had access to built-in Node.js modules such as fs (file system), path, process, and others through the runtime’s Read more…
Pre-release announce Summary The Node.js project will release new versions of the 14.x, 16.x, 18.x and 19.x releases lines on or shortly after, Tuesday February 14 2023 in order to address: 2 low severity issues. 2 medium severity issues. 1 high severity issues. OpenSSL security updates for which the highest Read more…
Notable changes Updated npm to 9.3.1 Based on the list of guidelines we’ve established on integrating 1npm and 1node , here is a grouped list of the breaking changes with the reasoning as to why they fit within the guidelines linked above. Note that all the breaking changes were made Read more…
Notable changes ESM: Leverage loaders when resolving subsequent loaders Loaders now apply to subsequent loaders, for example: 1–experimental-loader ts-node –experimental-loader loader-written-in-typescript . Upgrade npm to 9.4.0 Added 1–install-strategy=linked option for installations similar to pnpm. Other notable changes [ 1a7c9daa497 ] – (SEMVER-MINOR) fs: add statfs() functions (Colin Ihrig) #46358 [ Read more…
