This is a security release.
The following CVEs are fixed in this release:
nghttp2 Security Release (High)undici Security Release (High)More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Performance improvements to writable and readable streams, improving the creation and destruction by ±15% and reducing the memory overhead each stream takes in Node.js
Contributed by Benjamin Gruenbaum in #49745 and Raz Luvaton in #49834.
Performance improvements for readable webstream, improving readable stream async iterator consumption by ±140% and improving readable stream pipeTo consumption by ±60%
Contributed by Raz Luvaton in #49662 and #49690.
vm APIs with the importModuleDynamically optionThis rework addressed a series of long-standing memory leaks and use-after-free issues in the following APIs that support importModuleDynamically:
vm.Scriptvm.compileFunctionvm.SyntheticModulevm.SourceTextModuleThis should enable affected users (in particular Jest users) to upgrade from older versions of Node.js.
Contributed by Joyee Cheung in #48510.
32d4d29d02] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #498740e686d096b] - doc: deprecate fs.F_OK, fs.R_OK, fs.W_OK, fs.X_OK (Livia Medeiros) #49683a5dd057540] - doc: deprecate util.toUSVString (Yagiz Nizipli) #497257b6a73172f] - doc: deprecate calling promisify on a function that returns a promise (Antoine du Hamel) #496471beefd5f16] - esm: set all hooks as release candidate (Geoffrey Booth) #49597b0ce78a75b] - module: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) #485104e578f8ab1] - module: fix leak of vm.SyntheticModule (Joyee Cheung) #4851069e4218772] - module: use symbol in WeakMap to manage host defined options (Joyee Cheung) #4851014ece0aa76] - (SEMVER-MINOR) src: allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) #492799fd67fbff0] - stream: use bitmap in writable state (Raz Luvaton) #498340ccd4638ac] - stream: use bitmap in readable state (Benjamin Gruenbaum) #497457c5e322346] - stream: improve webstream readable async iterator performance (Raz Luvaton) #4966280b342cc38] - (SEMVER-MINOR) test_runner: accept testOnly in run (Moshe Atlow) #4975317a05b141d] - (SEMVER-MINOR) test_runner: add junit reporter (Moshe Atlow) #49614Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2023-7b52921caePlease login to add feedback.
This update has been submitted for testing by sgallagh.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update has been submitted for stable by bodhi.
There is an ongoing freeze; this will be pushed to stable after the freeze is over.
This update has obsoleted nodejs20-20.8.0-1.fc39, and has inherited its bugs and notes.
This update has been pushed to stable.