February 13, 2023

Upcoming Node.js Security Release, fastify-astro, a trip to Milan, and other Adventures in Nodelnad

Hi Folks,

Last week I visited Milan for a Platformatic team retreat! It was a great experience, and we planned several features for Platformatic! I also spoke at the “Milano Frontend” meetup, presenting Platformatic DB!

fastify-astro

Today at 16:30 GMT, Matthew Phillips and I will be building fastify-astro together!

Tune in at https://twitch.tv/matteocollina. All recordings will be published on my YouTube channel too!

Node.js Security Releases

Next week we will have a Node.js security release: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/. This packs quite a lot of fixes. Make sure to update your setup as soon as possible!

Releases

• pino v8.10.0 adds the dedupe option to transport.
• fastify v4.13.0 includes many fixes and new features:
  • Return 408 on client timeout
  • ContentTypeParser remove(): Return false when content type parser was not present for removal
  • Replace native errors with @fastify/errors
  • Fix for a bad crash when using onReady hooks
  • …and many more!
• avvio v8.2.1 fixes a really bad bug that we found when developing platformatic: some errors during the boot phase were swallowed.
• pino-pretty v9.2.0 adds the possibility to pass an object as parameters to customLevels.
• @fastify/circuit-breaker v3.2.0 adds missing options to typings.
• @fastify/static v6.9.0 fixes an infinite loop when the multi-root and pre-compression are both enabled.
• async-cache-dedupe v1.9.0 adds browser support.
• mercurius v12.0.1 fixes __resolveReference.

Articles

• GitHub Actions now have GITHUB_TOKEN permissions as read-only. This update broke the default GitHub for Platformatic Cloud, the fix is tiny.

• I’m so happy that the architecture for IPFS I co-designed with my ex-team NearFom is public. It’s a clear example of how you can use AWS tooling to create things that can achieve massive scalability. As part of this change, the team moved from using AWS SDK to a home-grown solution using undici. This reduced the time needed to serve files from 13 seconds to 3 seconds. Stunning! (TL;DR switch to undici.request() whereever possible)

• Should Open Source integrate some telemetry to help projects make better decisions? The answer seems to be “yes” for the Go team. Read more at Transparent Telemetry for Open-Source Projects1

• Should You Use char, varchar, or text in PostgreSQL? I was surprised by the answer!

Upcoming Events

If you would like to meet me in person, you will find me at these upcoming events:

• Open Source Day 2023 - Florence, Italy - 24th of March
• CityJS - London, UK - 31st of March
• JSDay 2023 - Verona, Italy - 12-14th of April
• Node Congress - Berlin, Germany - 14th of April
• Open Source Summit / OpenJS World / OpenJS Collaborators’ Summit - Vancouver, Canada - 9-12th of May
• JSNation 2023 - Amsterdam, Netherlands - 1st of June