#409 — October 14, 2021 Read on the Web Node Weekly The GitHub Advisory Database Now Powers 1npm audit — 1npm audit is a command you can run to scan your project’s dependencies for known security vulnerabilities. Edward Thomson (GitHub) Node 16.11.1, 14.18.1, and 12.22.7 Released — Billed as the ‘October Read more…
Notable changes CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium) The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication. CVE-2021-22960: HTTP Request Smuggling Read more…
Notable changes CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium) The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication. CVE-2021-22960: HTTP Request Smuggling Read more…
Notable changes CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium) The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication. CVE-2021-22960: HTTP Request Smuggling Read more…
Notable Changes crypto update root certificates (Richard Lau) #40280 deps upgrade npm to 8.0.0 (npm team) #40369 update 1nghttp2 to v1.45.1 (thunder-coding) #40206 update V8 to 9.4.146.19 (Michaël Zasso) #40285 tools update certdata.txt (Richard Lau) #40280 Commits [ 134f3021ca3 ] – benchmark: add 1util.toUSVString() ‘s benchmark (Khaidi Chu) #40203 [ Read more…
#408 — October 7, 2021 Read on the Web Node Weekly Writing Clean JavaScript Tests with the BASIC Principles — An introduction to applying several key principles to shorten, clean, and simplify JavaScript and Node.js-based test suites. Yoni Goldberg Eleventy 1.0 Beta 1 Released — Eleventy (a.k.a. 11ty) is a very Read more…
Summary The Node.js project will release new versions of the 12.x, 14.x, and 16.x releases lines on or shortly after Tuesday October 12th, 2021 in order to address: Two medium severity issues Impact The 16.x release line of Node.js is vulnerable to two medium severity issues. The 14.x release line Read more…
#407 — September 30, 2021 Read on the Web Node Weekly Guidelines for Choosing a Node.js Framework — Hapi? Koa? Express? Slow down. Unlike a lot of articles, this one doesn’t give you any specific framework suggestions (the list of Node frameworks from awesome-nodejs is suggested for that) but instead Read more…
Notable Changes [ 13a60de0135 ] – assert: change status of legacy asserts (James M Snell) #38113 [ 1df37c106a7 ] – (SEMVER-MINOR) buffer: introduce Blob (James M Snell) #36811 [ 1223494c548 ] – (SEMVER-MINOR) buffer: add base64url encoding option (Filip Skokan) #36952 [ 114fc4ddabc ] – (SEMVER-MINOR) child_process: allow 1options.cwd receive Read more…
#406 — September 23, 2021 Read on the Web Node Weekly The Story of 5 RCEs Found in 1npm for $15,000 — A security researcher explains some remote code execution vulnerabilities he found in the 1npm tool and how they added up to $15K in payouts. Few of us need Read more…
