stable

nodejs20-20.8.1-1.fc39

FEDORA-2023-7b52921cae created by sgallagh a year ago for Fedora 39

2023-10-13, Version 20.8.1 (Current), @RafaelGSS

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.


2023-09-28, Version 20.8.0 (Current), @ruyadorno

Notable Changes

Stream performance improvements

Performance improvements to writable and readable streams, improving the creation and destruction by ±15% and reducing the memory overhead each stream takes in Node.js

Contributed by Benjamin Gruenbaum in #49745 and Raz Luvaton in #49834.

Performance improvements for readable webstream, improving readable stream async iterator consumption by ±140% and improving readable stream pipeTo consumption by ±60%

Contributed by Raz Luvaton in #49662 and #49690.

Rework of memory management in vm APIs with the importModuleDynamically option

This rework addressed a series of long-standing memory leaks and use-after-free issues in the following APIs that support importModuleDynamically:

  • vm.Script
  • vm.compileFunction
  • vm.SyntheticModule
  • vm.SourceTextModule

This should enable affected users (in particular Jest users) to upgrade from older versions of Node.js.

Contributed by Joyee Cheung in #48510.

Other notable changes

  • [32d4d29d02] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #49874
  • [0e686d096b] - doc: deprecate fs.F_OK, fs.R_OK, fs.W_OK, fs.X_OK (Livia Medeiros) #49683
  • [a5dd057540] - doc: deprecate util.toUSVString (Yagiz Nizipli) #49725
  • [7b6a73172f] - doc: deprecate calling promisify on a function that returns a promise (Antoine du Hamel) #49647
  • [1beefd5f16] - esm: set all hooks as release candidate (Geoffrey Booth) #49597
  • [b0ce78a75b] - module: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) #48510
  • [4e578f8ab1] - module: fix leak of vm.SyntheticModule (Joyee Cheung) #48510
  • [69e4218772] - module: use symbol in WeakMap to manage host defined options (Joyee Cheung) #48510
  • [14ece0aa76] - (SEMVER-MINOR) src: allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) #49279
  • [9fd67fbff0] - stream: use bitmap in writable state (Raz Luvaton) #49834
  • [0ccd4638ac] - stream: use bitmap in readable state (Benjamin Gruenbaum) #49745
  • [7c5e322346] - stream: improve webstream readable async iterator performance (Raz Luvaton) #49662
  • [80b342cc38] - (SEMVER-MINOR) test_runner: accept testOnly in run (Moshe Atlow) #49753
  • [17a05b141d] - (SEMVER-MINOR) test_runner: add junit reporter (Moshe Atlow) #49614

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-7b52921cae

This update has been submitted for testing by sgallagh.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

There is an ongoing freeze; this will be pushed to stable after the freeze is over.

a year ago

This update has obsoleted nodejs20-20.8.0-1.fc39, and has inherited its bugs and notes.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago

Automated Test Results