Notable Changes [ 13bd0078457 ] – doc: add @ShogunPanda to collaborators (Shogun) #42362 [ 123354673be ] – doc: deprecate string coercion in 1fs.write , 1fs.writeFileSync (Livia Medeiros) #42149 [ 1da42ffb85e ] – (SEMVER-MINOR) http: trace http client by perf_hooks (theanarkh) #42345 [ 184fd6e54b0 ] – deps: upgrade npm to 8.5.5 Read more…
Notable Changes Update to OpenSSL 1.1.1n, which addresses the following vulnerability: Infinite loop in 1BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Commits [ 1b5c52e337e ] – build: pin Windows GitHub runner to windows-2019 (Richard Lau) #42350 [ 13b1a0b24f0 ] – deps: update archs files for Read more…
Notable changes Update to OpenSSL 1.1.1n, which addresses the following vulnerability: Infinite loop in 1BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to run CI tests. Commits [ 1e3e5bf11ba ] – build: Read more…
Notable Changes Update to OpenSSL 3.0.2, which addresses the following vulnerability: Infinite loop in 1BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Commits [ 155e293e05f ] – deps: update archs files for quictls/openssl-3.0.2+quic (Hassaan Pasha) #42356 [ 1b8d090603d ] – deps: upgrade openssl sources to quictls/openssl-3.0.2+quic Read more…
Notable Changes Update to OpenSSL 1.1.1n, which addresses the following vulnerability: Infinite loop in 1BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Commits [ 13924618c74 ] – deps: update archs files for OpenSSL-1.1.1 (Hassaan Pasha) #42352 [ 17a6a870d58 ] – deps: upgrade openssl sources to OpenSSL_1_1_1n Read more…
πΊπ¦ #β429 β March 17, 2022 Read on the Web Node Weekly How the 1peacenotwar Module Sabotaged Software to Protest Russia’s Invasion of Ukraine β Users of a variety of systems (including Vue CLI as seen here) began to notice that the node-ipc dependency was doing some unusual things, such Read more…
Notable changes doc: add release key for Bryan English (Bryan English) #42102 Commits [ 12a24e763d5 ] – async_hooks: fix imports in context example (Yash Ladha) #39229 [ 1c4a296f59b ] – benchmark: enable no-empty ESLint rule (Rich Trott) #41831 [ 1abe2eb9fc0 ] – benchmark: avoid input param manipulation (Jithil P Ponnan) Read more…
Summary The Node.js project may be releasing new versions across all of its supported release lines late next week to incorporate upstream patches from OpenSSL. Please read on for full details. OpenSSL The OpenSSL project announced this week that they will be releasing versions 3.0.2 and 1.1.1n on the 15th Read more…
Notable Changes Fixed regression in url.resolve() This release fixes an issue introduced in Node.js v17.7.0 with some URLs that contain 1@ . This issue affected yarn 1. This version reverts the change that introduced the regression. Commits [ 196a9e00fb3 ] – url: revert fix url.parse() for 1@hostname (Antoine du Hamel) Read more…
#β428 β March 10, 2022 Read on the Web Node Weekly What’s Really Going On Inside Your 1node_modules Folder? β A running joke is that 1node_modules folders are so huge theyβre heavier than black holes but when packages get taken over by nefarious groups, the contents of node_modules becomes somewhat Read more…
