Security releases available Updates are now available for v16.x, v14.x, and v12.x Node.js release lines for the following issue. We normally like to give advance notice and provide releases in which the only changes are security fixes, but since this vulnerability was already public we felt it was more important Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Wednesday August 11th, 2021 in order to address: Two high severity issues and one low severity issue. Impact The 16.x release line of Node.js is vulnerable to two high severity issues and one Read more…
Notable Changes Updated npm to 7.20.3 (npm team) #39579 Reverted an ABI-breaking change from V8 9.2 that could impact some native modules (Michaël Zasso) #39624 Fixed a bug in error handling known to affect at least Webpack and Jest (Guy Bedford) #39593 Commits [ 16c769ccedf ] – build: override python Read more…
Notable Changes Say hello to V8 9.2 The V8 engine is updated to version 9.2.230.21. It notably introduces the new 1Array.prototype.at method (also on Typed Arrays and strings): 1234<span class="token keyword">const</span> array <span class="token operator">=</span> <span class="token punctuation">[</span><span class="token number">1</span><span class="token punctuation">,</span> <span class="token number">2</span><span class="token punctuation">,</span> <span class="token number">3</span><span Read more…
Notable Changes CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 This releases also fixes some Read more…
Notable Changes CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 Commits [ 1499e56babe ] – Read more…
#400 — August 5, 2021 Read on the Web Node Weekly 40+ Node.js Integration Test Best Practices — Component and integration tests are increasingly popular testing techniques for backends. This repository digs into a variety of quick-fire patterns and practices for creating good component tests. There’s also a demo app Read more…
#399 — July 29, 2021 Read on the Web Node Weekly Running CPU-Bound Tasks in Node with Worker Threads — A thorough, practical introduction to using worker threads to get beyond Node’s naturally single-threaded nature. Yarin Ronel ws 8.0: Fast, Stable WebSocket Client and Server for Node — A major update Read more…
Uploading files is a common need for cloud apps. FilePond is a solid open-source project that offers sophisticated file handling and wrappers for many JavaScript frameworks like React and Svelte. This article gives an overview of handling file uploads with FilePond and a Node.js and Express back end. [ Also Read more…
#398 — July 22, 2021 Read on the Web Node Weekly Node-RED 2.0 Released — Node-RED is a now very mature ‘low-code’ Node.js-based programming environment, particularly aimed at connecting together services or IoT devices. The 2.0 release focuses on upgrading dependencies, dropping old Node version support, and an (optional) improved Read more…
