-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7b52921cae 2023-11-03 18:20:20.955354 --------------------------------------------------------------------------------
Name : nodejs20 Product : Fedora 39 Version : 20.8.1 Release : 1.fc39 URL : http://nodejs.org/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.}
-------------------------------------------------------------------------------- Update Information:
## 2023-10-13, Version 20.8.1 (Current), @RafaelGSS This is a security release. ### Notable Changes The following CVEs are fixed in this release: * [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High) * [CVE-2023-45143](https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High) * [CVE-2023-39332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39332): Path traversal through path stored in Uint8Array (High) * [CVE-2023-39331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39331): Permission model improperly protects against path traversal (High) * [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium) * [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low) More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security- releases/) blog post. ---- ## 2023-09-28, Version 20.8.0 (Current), @ruyadorno ### Notable Changes #### Stream performance improvements Performance improvements to writable and readable streams, improving the creation and destruction by ��15% and reducing the memory overhead each stream takes in Node.js Contributed by Benjamin Gruenbaum in [#49745](https://github.com/nodejs/node/pull/49745) and Raz Luvaton in [#49834](https://github.com/nodejs/node/pull/49834). Performance improvements for readable webstream, improving readable stream async iterator consumption by ��140% and improving readable stream `pipeTo` consumption by ��60% Contributed by Raz Luvaton in [#49662](https://github.com/nodejs/node/pull/49662) and [#49690](https://github.com/nodejs/node/pull/49690). #### Rework of memory management in `vm` APIs with the `importModuleDynamically` option This rework addressed a series of long-standing memory leaks and use-after-free issues in the following APIs that support `importModuleDynamically`: * `vm.Script` * `vm.compileFunction` * `vm.SyntheticModule` * `vm.SourceTextModule` This should enable affected users (in particular Jest users) to upgrade from older versions of Node.js. Contributed by Joyee Cheung in [#48510](https://github.com/nodejs/node/pull/48510). #### Other notable changes * [[`32d4d29d02`](https://github.com/nodejs/node/commit/32d4d29d02)] - **deps**: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) [#49874](https://github.com/nodejs/node/pull/49874) * [[`0e686d096b`](https://github.com/nodejs/node/commit/0e686d096b)] - **doc**: deprecate `fs.F_OK`, `fs.R_OK`, `fs.W_OK`, `fs.X_OK` (Livia Medeiros) [#49683](https://github.com/nodejs/node/pull/49683) * [[`a5dd057540`](https://github.com/nodejs/node/commit/a5dd057540)] - **doc**: deprecate `util.toUSVString` (Yagiz Nizipli) [#49725](https://github.com/nodejs/node/pull/49725) * [[`7b6a73172f`](https://github.com/nodejs/node/commit/7b6a73172f)] - **doc**: deprecate calling `promisify` on a function that returns a promise (Antoine du Hamel) [#49647](https://github.com/nodejs/node/pull/49647) * [[`1beefd5f16`](https://github.com/nodejs/node/commit/1beefd5f16)] - **esm**: set all hooks as release candidate (Geoffrey Booth) [#49597](https://github.com/nodejs/node/pull/49597) * [[`b0ce78a75b`](https://github.com/nodejs/node/commit/b0ce78a75b)] - **module**: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) [#48510](https://github.com/nodejs/node/pull/48510) * [[`4e578f8ab1`](https://github.com/nodejs/node/commit/4e578f8ab1)] - **module**: fix leak of vm.SyntheticModule (Joyee Cheung) [#48510](https://github.com/nodejs/node/pull/48510) * [[`69e4218772`](https://github.com/nodejs/node/commit/69e4218772)] - **module**: use symbol in WeakMap to manage host defined options (Joyee Cheung) [#48510](https://github.com/nodejs/node/pull/48510) * [[`14ece0aa76`](https://github.com/nodejs/node/commit/14ece0aa76)] - **(SEMVER- MINOR)** **src**: allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) [#49279](https://github.com/nodejs/node/pull/49279) * [[`9fd67fbff0`](https://github.com/nodejs/node/commit/9fd67fbff0)] - **stream**: use bitmap in writable state (Raz Luvaton) [#49834](https://github.com/nodejs/node/pull/49834) * [[`0ccd4638ac`](https://github.com/nodejs/node/commit/0ccd4638ac)] - **stream**: use bitmap in readable state (Benjamin Gruenbaum) [#49745](https://github.com/nodejs/node/pull/49745) * [[`7c5e322346`](https://github.com/nodejs/node/commit/7c5e322346)] - **stream**: improve webstream readable async iterator performance (Raz Luvaton) [#49662](https://github.com/nodejs/node/pull/49662) * [[`80b342cc38`](https://github.com/nodejs/node/commit/80b342cc38)] - **(SEMVER- MINOR)** **test_runner**: accept `testOnly` in `run` (Moshe Atlow) [#49753](https://github.com/nodejs/node/pull/49753) * [[`17a05b141d`](https://github.com/nodejs/node/commit/17a05b141d)] - **(SEMVER- MINOR)** **test_runner**: add junit reporter (Moshe Atlow) [#49614](https://github.com/nodejs/node/pull/49614) -------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 16 2023 Stephen Gallagher sgallagh@redhat.com - 1:20.8.1-1 - Update to 20.8.1 * Fri Sep 29 2023 Stephen Gallagher sgallagh@redhat.com - 1:20.8.0-1 - Update to 20.8.0 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7b52921cae' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------