Security releases all round

#​401 — August 12, 2021

Read on the Web

📋 Node Weekly is taking a little summer vacation next week so we’ll be back for the next time on Thursday, August 26. See you then! 🙂
__
Peter Cooper, editor

Node Weekly

August 2021 Security Releases: Node 16.6.2, 14.17.5 and 12.22.5 — The Node team is always on the ball when it comes to security fixes and releases so now we have Node 16.6.2, 14.17.5 and 12.22.5, all fixing up the same three issues on their respective branches. The two ‘high’ level vulnerabilities relate to improper handling of unusual characters in Node’s DNS library and a memory freeing issue in http2.

Michael Dawson

V8 Release v9.3 — Recent V8 releases have been reasonably lean on new features, and so it goes with 9.3 which mostly gets faster compilation, Object.hasOwn (an alias for Object.prototype.hasOwnProperty.call), and the ability to attach error ‘causes’ to Error instances. It’s in beta until Chrome 93 (due in the coming weeks) and will appear in Node.js soon too.

Ingvar Stepanyan

Search Your Code. ALL of It, Everywhere — Sourcegraph is the one tool to find & fix things across all your code: any code host, any repo, any language. Easily construct complex queries to find & filter code in ways IDEs and code hosts can’t. Stay in flow & get your answers in milliseconds. Try it now.

Sourcegraph sponsor

QUICK BITS:

A developer claims npm has indefinitely suspended its process for adopting ‘abandoned’ packages because he accidentally ended up with a package that wasn’t actually abandoned..

Tim Perry thinks that the lowest severity fix in this week’s security releases (above) is more serious than it looks at first as it can allow TLS certificate verification to be turned off in many HTTPS request scenarios.

It’s oriented around a commercial service, but it’s interesting to see the potential for distributing Node modules in a commercial way.

Deno 1.13 Released — Node’s cousin runtime has received a release with a ton of small enhancements, including its native HTTP server API going stable, language server improvements, more TLS customization options, and integrating V8 9.3.

The Deno Team

How to Publish Node.js Docker Images to Docker Hub Registry with GitHub Actions — Last month Liran covered publishing Docker images to GitHub Packages and moves on to a workflow for Docker Hub this time out.

Liran Tal (Snyk)

▶  Learning MongoDB by Building a Project — This was a livestream so is unedited and gently paced but it’s also thorough and honest as a nice look at how real developers approach building apps using Node, Next.js, and MongoDB’s hosted Atlas service.

Florin Pop and Jesse Hall

Seamlessly Integrate Video into Your Node App

Mux sponsor

How Writing Can Advance Your Career as a Developer

Karl Hughes

Using Express.js Routes for Promise-Based Error Handling

Vitaly Senko

Testing Authenticated Routes in AdonisJS

Warren Wong

🛠 Code & Tools

PureORM: A Node.js SQL Toolkit for Writing Native SQL Queries Yielding Pure Business Objects — Allows you to write regular native SQL and receive back properly structured (nested) pure business objects, as opposed to a more typical ORM where you build queries in other ways.

Craig Martin

Keyv: Simple Key-Value Storage with Multi-Backend Support — Need either a TTL-based cache or persistent key-value store for your Node app with total flexibility over the backend store? This supports MySQL, PostgreSQL, SQLite, Redis, Mongo, DynamoDB, Memcached, and, amazingly, more.

Microlink

Caterpillar 6.8: The ‘Ultimate’ Logging System — Log levels are implemented to RFC 3164 standards. Entries can be filtered and piped to various streams, including colorized output to the terminal, the browser console, and debug files. You can also write your own transforms. It supports Deno too.

Bevry

Slonik v24: A Sophisticated Node Postgres Client Library — A ‘battle tested’ framework that abstracts repeating code patterns, protects against unsafe behavior, and provides a rich debugging experience.

Gajus Kuizinas

Book a Demo. Ship Fast. Rest Easy. LaunchDarkly

LaunchDarkly sponsor

Awilix: An Inversion of Control (IoC) Container for Node — There’s also a tutorial (from 2016) explaining how it works and why it exists.

Jeff Hansen

Octokit.js 1.4.0: The All-Batteries-Included GitHub SDK — Supports browsers, Deno, and of course, Node.

Octokit

negative-array 3.0: Negative Array Index Support using Proxies — For example, array[-1]. Even if you wouldn’t use this (and on Node 16.6+ you can now use Array#at() anyway), the source is worth reading to learn how it works if proxies remain a mystery to you.

Sindre Sorhus

💻 Jobs

Senior Fullstack JS Engineer? Come Solve Challenges at Matterway — We’re looking for experienced engineers to help us build an innovative web automation platform.

Matterway

Senior Software Architect — As a Sr Software Architect you’ll be at the center of building the platform that enables us to redefine this industry.

Berkadia a Berkshire Hathaway and Jefferies Financial Group company

Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.

Hired

Leave a Reply

Your email address will not be published. Required fields are marked *