Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, Read more…
Build processes can be quite sophisticated for enterprise applications, but even simple and early-stage projects can benefit from automated build pipelines. This article describes a quick-to-deploy system for running an automated build, test, and deploy pipeline with Node.js, Jenkins, and Git. You’ll need Git and Node/NPM installed on your system Read more…
Summary The Node.js project will release new versions of the 12.x, 14.x, 16.x, and 17.x releases lines on or shortly after Monday, January 10th, 2021 in order to address: Three medium severity issues One low severity issue Impact The 17.x release line of Node.js is vulnerable to three medium severity Read more…
#419 — December 23, 2021 Read on the Web Node Weekly The Best of Node Weekly in 2021 This is the last issue of the year (we’re back on January 13 as we’re taking a two week break) so we’re taking a look back at some of the most popular links Read more…
Notable changes OpenSSL-3.0.1 OpenSSL-3.0.1 contains a fix for CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl (Moderate). This is a vulnerability in OpenSSL that may be exploited through Node.js. More information can be read here: https://www.openssl.org/news/secadv/20211214.txt. Contributed by Richard Lau #41177. Other Notable Changes lib: make AbortSignal cloneable/transferable (James Read more…
Notable Changes This release contains a c-ares update to fix a regression introduced in Node.js 12.22.5 resolving CNAME records containing underscores #39780. Root certificates have been updated to those from Mozilla’s Network Security Services 3.71 #40281. Commits [ 12d42295d2a ] – build: pin macOS GitHub runner to macos-10.15 (Richard Lau) Read more…
#418 — December 16, 2021 Read on the Web Node Weekly How To Write Shell Scripts in Node with Google’s 1zx — zx is a utility that makes it easier to write command line scripts based around Node. This tutorial covers the basics before going on to build a command-line Read more…
Developers of Deno, the TypeScript/JavaScript runtime positioned as an alternative to Node.js, have joined the standards body overseeing development of the JavaScript standard. In a December 13 blog post on the Deno company website, engineer Luca Casonato noted the company is now a member of ECMA International, the organization overseeing Read more…
#417 — December 9, 2021 Read on the Web Node Weekly GitHub Rolling Out Enforced 2FA and More for npm Registry — Many public code package registries have suffered issues with user security in recent years, and a single compromised package can cause havoc in the npm ecosystem in particular. Read more…
#416 — December 2, 2021 Read on the Web Node Weekly The Best Starting Word in WORDLE? — WORDLE is an online word game that’s a bit like ‘Mastermind’ but with 5 letter words. And, of course, if you’re a developer, why not use code to analyze an approach to Read more…
