Node v16.8.0 (Current)

Notable Changes [ 12e90b10f35 ] – doc: deprecate type coercion for 1dns.lookup options (Antoine du Hamel) #38906 [ 1a6d50a18a0 ] – (SEMVER-MINOR) stream: add 1stream.Duplex.from utility (Robert Nagy) #39519 [ 1af7047a815 ] – (SEMVER-MINOR) stream: add 1isDisturbed helper (Robert Nagy) #39628 [ 166400374de ] – (SEMVER-MINOR) util: expose 1toUSVString (Robert Read more…

Get started with CodeSandbox

The integrated development environment (IDE) remains the centerpiece of developer tools. Online IDEs have ridden the wave of cloud-based tools, growing in power over the last few years. CodeSandbox is one of the more popular options in that space, and its usage has been increasing recently. CodeSandbox is gaining popularity Read more…

How to use Auth0 with Node.js and Express

Cloud-based authentication and authorization platforms—sometimes known as IDaaS, or identity as a service — are an expanding area of cloud tooling, and it’s easy to see why. App security is difficult and error-prone, and virtually every project requires it. The ability to offload much of the work to a dedicated Read more…

Node v16.7.0 (Current)

Notable Changes fs: experimental: add recursive cp method (Benjamin Coe) #39372 Commits [ 1a80c989306 ] – async_hooks: merge resource_symbol with owner_symbol (Darshan Sen) #38468 [ 169a2a6b6c3 ] – bootstrap: call _undestroy() inside _destroy for stdout and stderr (Matteo Collina) #39685 [ 15bc31ea0aa ] – buffer: add endings option, remove Node.js Read more…

Security releases all round

#​401 — August 12, 2021 Read on the Web 📋 Node Weekly is taking a little summer vacation next week so we’ll be back for the next time on Thursday, August 26. See you then! 🙂__Peter Cooper, editor Node Weekly August 2021 Security Releases: Node 16.6.2, 14.17.5 and 12.22.5 — Read more…

Node v16.6.2 (Current)

Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Read more…

Node v14.17.5 (LTS)

Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Read more…

Node v12.22.5 (LTS)

Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Read more…

August 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Wednesday August 11th, 2021 in order to address: Two high severity issues and one low severity issue. Impact The 16.x release line of Node.js is vulnerable to two high severity issues and one Read more…

July 2021 Security Releases

Security releases available Updates are now available for v16.x, v14.x, and v12.x Node.js release lines for the following issue. We normally like to give advance notice and provide releases in which the only changes are security fixes, but since this vulnerability was already public we felt it was more important Read more…