-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-97b214b298 2022-02-19 01:30:44.345535 --------------------------------------------------------------------------------
Name : nodejs Product : Fedora 35 Version : 16.14.0 Release : 2.fc35 URL : http://nodejs.org/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.
-------------------------------------------------------------------------------- Update Information:
## 2022-02-08, Version 16.14.0 'Gallium' (LTS), @danielleadams ### Notable changes #### Importing JSON modules now requires experimental import assertions syntax This release adds experimental support for the import assertions stage 3 proposal. To keep Node.js ESM implementation as compatible as possible with the HTML spec, import assertions are now required to import JSON modules (still behind the `--experimental-json-modules` CLI flag): ```mjs import info from './package.json' assert { type: 'json' }; ``` Or use dynamic import: ```mjs const info = await import('./package.json', { assert: { type: 'json' } }); ``` Contributed by Antoine du Hamel and Geoffrey Booth [#40250](https://github.com/nodejs/node/pull/40250) #### Other notable changes * **async_hooks**: * **(SEMVER-MINOR)** expose async_wrap providers (Rafael Gonzaga) [#40760](https://github.com/nodejs/node/pull/40760) * **child_process**: * **(SEMVER-MINOR)** add support for URL to `cp.fork` (Antoine du Hamel) [#41225](https://github.com/nodejs/node/pull/41225) * **doc**: * add @Mesteery to collaborators (Mestery) [#41543](https://github.com/nodejs/node/pull/41543) * add @bnb as a collaborator (Tierney Cyren) [#41100](https://github.com/nodejs/node/pull/41100) * **esm**: * **(SEMVER-MINOR)** graduate capturerejections to supported (James M Snell) [#41267](https://github.com/nodejs/node/pull/41267) * **(SEMVER- MINOR)** add EventEmitterAsyncResource to core (James M Snell) [#41246](https://github.com/nodejs/node/pull/41246) * **events**: * **(SEMVER- MINOR)** propagate weak option for kNewListener (James M Snell) [#40899](https://github.com/nodejs/node/pull/40899) * **fs**: * **(SEMVER- MINOR)** accept URL as argument for `fs.rm` and `fs.rmSync` (Antoine du Hamel) [#41132](https://github.com/nodejs/node/pull/41132) * **lib**: * **(SEMVER- MINOR)** make AbortSignal cloneable/transferable (James M Snell) [#41050](https://github.com/nodejs/node/pull/41050) * **(SEMVER-MINOR)** add AbortSignal.timeout (James M Snell) [#40899](https://github.com/nodejs/node/pull/40899) * **(SEMVER-MINOR)** add reason to AbortSignal (James M Snell) [#40807](https://github.com/nodejs/node/pull/40807) * **(SEMVER-MINOR)** add unsubscribe method to non-active DC channels (simon-id) [#40433](https://github.com/nodejs/node/pull/40433) * **(SEMVER-MINOR)** add return value for DC channel.unsubscribe (simon-id) [#40433](https://github.com/nodejs/node/pull/40433) * **loader**: * **(SEMVER- MINOR)** return package format from defaultResolve if known (Gabriel Bota) [#40980](https://github.com/nodejs/node/pull/40980) * **perf_hooks**: * **(SEMVER-MINOR)** multiple fixes for Histogram (James M Snell) [#41153](https://github.com/nodejs/node/pull/41153) * **process**: * **(SEMVER-MINOR)** add `getActiveResourcesInfo()` (Darshan Sen) [#40813](https://github.com/nodejs/node/pull/40813) * **src**: * **(SEMVER- MINOR)** add x509.fingerprint512 to crypto module (3nprob) [#39809](https://github.com/nodejs/node/pull/39809) * **(SEMVER-MINOR)** add flags for controlling process behavior (Cheng Zhao) [#40339](https://github.com/nodejs/node/pull/40339) * **stream**: * **(SEMVER- MINOR)** add filter method to readable (Benjamin Gruenbaum) [#41354](https://github.com/nodejs/node/pull/41354) * **(SEMVER-MINOR)** add isReadable helper (Robert Nagy) [#41199](https://github.com/nodejs/node/pull/41199) * **(SEMVER-MINOR)** add map method to Readable (Benjamin Gruenbaum) [#40815](https://github.com/nodejs/node/pull/40815) * deprecate thenable support (Antoine du Hamel) [#40860](https://github.com/nodejs/node/pull/40860) * **util**: * **(SEMVER-MINOR)** pass through the inspect function to custom inspect functions (Ruben Bridgewater) [#41019](https://github.com/nodejs/node/pull/41019) * **(SEMVER-MINOR)** add numericSeparator to util.inspect (Ruben Bridgewater) [#41003](https://github.com/nodejs/node/pull/41003) * **(SEMVER-MINOR)** always visualize cause property in errors during inspection (Ruben Bridgewater) [#41002](https://github.com/nodejs/node/pull/41002) * **timers**: * **(SEMVER- MINOR)** add experimental scheduler api (James M Snell) [#40909](https://github.com/nodejs/node/pull/40909) * **v8**: * **(SEMVER- MINOR)** multi-tenant promise hook api (Stephen Belanger) [#39283](https://github.com/nodejs/node/pull/39283) ---- Fix for CVE-2021-43616 -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 9 2022 Zuzana Svetlikova zsvetlik@redhat.com - 1:16.14.0-2 - Replace explicit version of npm in %check with variable and make build fail if it doesn't match * Tue Feb 8 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.14.0-1 - Update to Node.js 16.14.0 * Thu Feb 3 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.13.2-8 - Update npm to 8.3.1 (CVE-2021-43616) * Wed Feb 2 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.13.2-7 - Fix incorrect version Provides: for npm (bz#2049873) * Mon Jan 31 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.13.2-6 - Rebuild for more architectures * Mon Jan 31 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.13.2-5 - Tweak some dependencies on EPEL 7 (bz2048589) - Add Provides: bundled(zlib) * Wed Jan 19 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.13.2-3 - Bundle zlib on EPEL 7 * Mon Jan 17 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.13.2-2 - Add support for building on EPEL 7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2050282 - CVE-2021-43616 npm: npm ci succeeds when package-lock.json doesn't match package.json https://bugzilla.redhat.com/show_bug.cgi?id=2050282 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-97b214b298' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org