Notable changes CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium) The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication. CVE-2021-22960: HTTP Request Smuggling Read more…
Notable changes CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium) The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication. CVE-2021-22960: HTTP Request Smuggling Read more…
Notable Changes crypto update root certificates (Richard Lau) #40280 deps upgrade npm to 8.0.0 (npm team) #40369 update 1nghttp2 to v1.45.1 (thunder-coding) #40206 update V8 to 9.4.146.19 (Michaël Zasso) #40285 tools update certdata.txt (Richard Lau) #40280 Commits [ 134f3021ca3 ] – benchmark: add 1util.toUSVString() ‘s benchmark (Khaidi Chu) #40203 [ Read more…
Notable Changes [ 13a60de0135 ] – assert: change status of legacy asserts (James M Snell) #38113 [ 1df37c106a7 ] – (SEMVER-MINOR) buffer: introduce Blob (James M Snell) #36811 [ 1223494c548 ] – (SEMVER-MINOR) buffer: add base64url encoding option (Filip Skokan) #36952 [ 114fc4ddabc ] – (SEMVER-MINOR) child_process: allow 1options.cwd receive Read more…
Notable Changes [ 1fb226ff2ee ] – (SEMVER-MINOR) crypto: add rsa-pss keygen parameters (Filip Skokan) #39927 [ 185206b7311 ] – deps: upgrade npm to 7.24.0 (npm team) #40167 [ 198f56d179c ] – deps: update Acorn to v8.5.0 (Michaël Zasso) #40015 [ 19655329772 ] – doc: add Ayase-252 to collaborators (Qingyu Deng) Read more…
Notable Changes This release fixes a regression introduced by the V8 9.3 update in Node.js 16.9.0. Commits [ 104f1943109 ] – deps: V8: cherry-pick 9a607043cb31 (Jiawen Geng) #40046 Windows 32-bit Installer: https://nodejs.org/dist/v16.9.1/node-v16.9.1-x86.msi Windows 64-bit Installer: https://nodejs.org/dist/v16.9.1/node-v16.9.1-x64.msi Windows 32-bit Binary: https://nodejs.org/dist/v16.9.1/win-x86/node.exe Windows 64-bit Binary: https://nodejs.org/dist/v16.9.1/win-x64/node.exe macOS 64-bit Installer: https://nodejs.org/dist/v16.9.1/node-v16.9.1.pkg macOS Apple Read more…
Notable Changes Corepack Node.js now includes Corepack, a script that acts as a bridge between Node.js projects and the package managers they are intended to be used with during development. In practical terms, Corepack will let you use Yarn and pnpm without having to install them – just like what Read more…
Notable Changes These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core Read more…
Notable Changes These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core Read more…
Notable Changes [ 12e90b10f35 ] – doc: deprecate type coercion for 1dns.lookup options (Antoine du Hamel) #38906 [ 1a6d50a18a0 ] – (SEMVER-MINOR) stream: add 1stream.Duplex.from utility (Robert Nagy) #39519 [ 1af7047a815 ] – (SEMVER-MINOR) stream: add 1isDisturbed helper (Robert Nagy) #39628 [ 166400374de ] – (SEMVER-MINOR) util: expose 1toUSVString (Robert Read more…
