Releases

Notable Changes This release fixes a regression introduced by the V8 9.3 update in Node.js 16.9.0. Commits [ 104f1943109 ] – deps: V8: cherry-pick 9a607043cb31 (Jiawen Geng) #40046 Windows 32-bit Installer: https://nodejs.org/dist/v16.9.1/node-v16.9.1-x86.msi Windows 64-bit Installer: https://nodejs.org/dist/v16.9.1/node-v16.9.1-x64.msi Windows 32-bit Binary: https://nodejs.org/dist/v16.9.1/win-x86/node.exe Windows 64-bit Binary: https://nodejs.org/dist/v16.9.1/win-x64/node.exe macOS 64-bit Installer: https://nodejs.org/dist/v16.9.1/node-v16.9.1.pkg macOS Apple Read more…

Notable Changes Corepack Node.js now includes Corepack, a script that acts as a bridge between Node.js projects and the package managers they are intended to be used with during development. In practical terms, Corepack will let you use Yarn and pnpm without having to install them – just like what Read more…

Notable Changes These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core Read more…

Notable Changes These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core Read more…

Notable Changes [ 12e90b10f35 ] – doc: deprecate type coercion for 1dns.lookup options (Antoine du Hamel) #38906 [ 1a6d50a18a0 ] – (SEMVER-MINOR) stream: add 1stream.Duplex.from utility (Robert Nagy) #39519 [ 1af7047a815 ] – (SEMVER-MINOR) stream: add 1isDisturbed helper (Robert Nagy) #39628 [ 166400374de ] – (SEMVER-MINOR) util: expose 1toUSVString (Robert Read more…

Notable Changes fs: experimental: add recursive cp method (Benjamin Coe) #39372 Commits [ 1a80c989306 ] – async_hooks: merge resource_symbol with owner_symbol (Darshan Sen) #38468 [ 169a2a6b6c3 ] – bootstrap: call _undestroy() inside _destroy for stdout and stderr (Matteo Collina) #39685 [ 15bc31ea0aa ] – buffer: add endings option, remove Node.js Read more…

Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Read more…

Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Read more…

Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Read more…

Notable Changes Say hello to V8 9.2 The V8 engine is updated to version 9.2.230.21. It notably introduces the new 1Array.prototype.at method (also on Typed Arrays and strings): 1234<span class="token keyword">const</span> array <span class="token operator">=</span> <span class="token punctuation">[</span><span class="token number">1</span><span class="token punctuation">,</span> <span class="token number">2</span><span class="token punctuation">,</span> <span class="token number">3</span><span Read more…