Notable Changes The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) CVE-2023-24807: Regular Expression Denial Read more…
Notable Changes The following CVEs are fixed in this release: CVE-2023-23919: OpenSSL errors not cleared in error stack (Medium) CVE-2023-23918: Experimental Policies bypass via 1process.mainModule.require (High) CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable (Low) More detailed information on each of the vulnerabilities can be found in February Read more…
Notable Changes The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) Fixed by an update to undici: CVE-2023-23936: Read more…
Notable changes Updated npm to 9.3.1 Based on the list of guidelines we’ve established on integrating 1npm and 1node , here is a grouped list of the breaking changes with the reasoning as to why they fit within the guidelines linked above. Note that all the breaking changes were made Read more…
Notable changes ESM: Leverage loaders when resolving subsequent loaders Loaders now apply to subsequent loaders, for example: 1–experimental-loader ts-node –experimental-loader loader-written-in-typescript . Upgrade npm to 9.4.0 Added 1–install-strategy=linked option for installations similar to pnpm. Other notable changes [ 1a7c9daa497 ] – (SEMVER-MINOR) fs: add statfs() functions (Colin Ihrig) #46358 [ Read more…
Notable Changes http: (SEMVER-MINOR) join authorization headers (Marco Ippolito) #45982 lib:: add webstreams to Duplex.from() (Debadree Chatterjee) #46190 stream: implement finished() for ReadableStream and WritableStream (Debadree Chatterjee) #46205 Commits [ 1def36946da ] – assert: remove 1assert.snapshot (Moshe Atlow) #46112 [ 1e1c56ec3fd ] – benchmark,tools: use os.availableParallelism() (Deokjin Kim) #46003 [ Read more…
Notable Changes buffer: (SEMVER-MINOR) add buffer.isUtf8 for utf8 validation (Yagiz Nizipli) #45947 http: (SEMVER-MINOR) improved timeout defaults handling (Paolo Insogna) #45778 net: add autoSelectFamily global getter and setter (Paolo Insogna) #45777 os: (SEMVER-MINOR) add availableParallelism() (Colin Ihrig) #45895 util: add fast path for text-decoder fatal flag (Yagiz Nizipli) #45803 Commits Read more…
Notable changes Add support for externally shared js builtins By default Node.js is built so that all dependencies are bundled into the Node.js binary itself. Some Node.js distributions prefer to manage dependencies externally. There are existing build options that allow dependencies with native code to be externalized. This commit adds Read more…
Notable Changes Updated npm to 9.2.0 Based on the list of guidelines we’ve established on integrating 1npm and 1node , here is a grouped list of the breaking changes with the reasoning as to why they fit within the guidelines linked above. Note that all the breaking changes were made Read more…
Notable Changes OpenSSL 1.1.1s This update is a bugfix release and does not address any security vulnerabilities. Root certificates updated to NSS 3.85 Certificates added: Autoridad de Certificacion Firmaprofesional CIF A62634068 Certainly Root E1 Certainly Root R1 D-TRUST BR Root CA 1 2020 D-TRUST EV Root CA 1 2020 DigiCert Read more…
