Notable Changes Vulerabilties fixed: CVE-2021-3450: OpenSSL – CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt Impacts: All versions of the 15.x, 14.x, 12.x and 10.x releases lines CVE-2021-3449: OpenSSL – NULL Read more…
#382 — April 1, 2021 Read on the Web Node Weekly How to Migrate Your App from Express to Fastify — Simon Plenderleith demonstrates what makes Fastify a great alternative, and how to migrate an existing Node.js app from Express to Fastify. It must be the week for it, too, Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, April 6th, 2021. Three High severity issues Impact The 15.x release line of Node.js is vulnerable to two high severity issues. The 14.x release line of Node.js is vulnerable to three high Read more…
Notable Changes buffer: implement btoa and atob (James M Snell) #37529 deps: upgrade npm to 7.7.6 (Ruy Adorno) #37968 This update adds workspaces support to 1npm run and 1npm exec doc: add legacy status to stability index (James M Snell) #37784 add @linkgoron to collaborators (Nitzan Uziely) #37817 http: add Read more…
The creators of Deno have formed the Deno Company, a business venture around the JavaScript/TypeScript runtime and rival to Node.js. In a bulletin on March 29, Deno creator Ryan Dahl and Bert Belder, both of whom also led the development of Node.js, announced the formation of the company and said Read more…
Notable changes The legacy HTTP parser is runtime deprecated The legacy HTTP parser, selected by the 1–http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation provided) at the end of April 2021. It will now warn on use Read more…
#381 — March 25, 2021 Read on the Web Node Weekly Piscina: A Fast Worker Thread Pool Implementation — Node now offers worker threads which bring true multithreading to Node apps and Piscina is a pool for tracking and controlling the number of such threads (including being able to cancel them). Read more…
#380 — March 18, 2021 Read on the Web 👋 Hi. This week we’ve got another package maintainer interview for you, this time with frontend engineer Krasimir Tsonev, the creator of a Puppeteer test runner called Miss-Piggy (you’ll find out why it’s called that too) — it’s at the very Read more…
Notable Changes crypto: add optional callback to crypto.sign and crypto.verify (Filip Skokan) #37500 support JWK objects in create*Key (Filip Skokan) #37254 deps: switch openssl to quictls/openssl (James M Snell) #37601 update to cjs-module-lexer@1.1.0 (Guy Bedford) #37712 fs: improve fsPromises writeFile performance (Nitzan Uziely) #37610 improve fsPromises readFile performance (Nitzan Uziely) Read more…
#379 — March 11, 2021 Read on the Web Node Weekly The Death of a Node.js Process — Writing code to do stuff is fun, but do you ever think about what happens when your creation is either ready to terminate or gets cut off in its prime? Thomas looks Read more…
