Notable Changes Add fetch API Adds experimental support to the fetch API. This adds a 1–experimental-fetch flag that installs the 1fetch , 1Request , 1Reponse and 1Headers globals. [ 176a229c4ff ] – (SEMVER-MINOR) lib: add fetch (MichaĆ«l Zasso) #41749 Add stream methods [ 11ae648567a ] – (SEMVER-MINOR) stream: add iterator Read more…
Notable changes Importing JSON modules now requires experimental import assertions syntax This release adds experimental support for the import assertions stage 3 proposal. To keep Node.js ESM implementation as compatible as possible with the HTML spec, import assertions are now required to import JSON modules (still behind the 1–experimental-json-modules CLI Read more…
Notable changes Upgrade npm to 6.14.16 Updated ICU time zone data Commits [ 133899b435d ] – deps: upgrade npm to 6.14.16 (Ruy Adorno) #41601 [ 1d9237c46ca ] – tools: update tzdata to 2021a4 (Albert Wang) #41443 Windows 32-bit Installer: https://nodejs.org/dist/v12.22.10/node-v12.22.10-x86.msi Windows 64-bit Installer: https://nodejs.org/dist/v12.22.10/node-v12.22.10-x64.msi Windows 32-bit Binary: https://nodejs.org/dist/v12.22.10/win-x86/node.exe Windows 64-bit Read more…
Notable Changes Corepack Node.js now includes Corepack, a script that acts as a bridge between Node.js projects and the package managers they are intended to be used with during development. In practical terms, Corepack will let you use Yarn and pnpm without having to install them – just like what Read more…
Notable Changes [ 1ef6f98c2e3 ] – (SEMVER-MINOR) child_process: add support for URL to 1cp.fork (Antoine du Hamel) #41225 [ 1d62fe315c2 ] – (SEMVER-MINOR) crypto: alias webcrypto.subtle and webcrypto.getRandomValues on crypto (James M Snell) #41266 [ 1fcb37e9ce5 ] – doc: add Mesteery to collaborators (Mestery) #41543 [ 14079fc42b7 ] – (SEMVER-MINOR) Read more…
Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, Read more…
Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, Read more…
Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, Read more…
Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, Read more…
Notable changes OpenSSL-3.0.1 OpenSSL-3.0.1 contains a fix for CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl (Moderate). This is a vulnerability in OpenSSL that may be exploited through Node.js. More information can be read here: https://www.openssl.org/news/secadv/20211214.txt. Contributed by Richard Lau #41177. Other Notable Changes lib: make AbortSignal cloneable/transferable (James Read more…
