#378 — March 4, 2021 Read on the Web 👋 To help with the ‘no big news in the Node world this week’ problem we’re encountering sometimes, we’re interviewing maintainers of different Node projects so you can get a look behind the scenes of their work. This week we have Read more…
Deno 1.8, released on March 2, offers preliminary support for an API to bring enhanced machine learning to the secure JavaScript/TypeScript runtime. Experimental backing for the WebGPU API, for performing operations such as rendering and computation on a GPU, provides a path toward out-of-the-box GPU accelerated machine learning in Deno, Read more…
Notable Changes [ 1a3e3156b52 ] – (SEMVER-MINOR) crypto: make FIPS related options always awailable (Vít Ondruch) #36341 [ 19ba5c0f9ba ] – (SEMVER-MINOR) errors: remove experimental from –enable-source-maps (Benjamin Coe) #37362 Commits [ 1d039e6fa80 ] – assert: refactor to avoid unsafe array iteration (Antoine du Hamel) #37344 [ 1d2e5529e08 ] – Read more…
#377 — February 25, 2021 Read on the Web Node Weekly Tauri: A New(ish) Framework for Building Desktop Apps with a Web Frontend — Electron is the big cheese in the ‘build desktop apps with JavaScript, HTML and CSS’ space but other contenders are now coming along including this Rust-based one. Read more…
Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…
Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…
Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…
Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, February 23th, 2021. One Critical serverity issue One High serverity issue One Low serverity issue Impact The 15.x release line of Node.js is vulnerable to one critical severity issue, one high severity Read more…
#376 — February 18, 2021 Read on the Web Node Weekly Avoiding npm Substitution Attacks — Recently there have been some high profile examples of supply chain attacks on popular source code repositories, such as where fake or eponymous packages are published, but you can reduce your attack surface by Read more…
