Adventures in Nodeland logo

Adventures in Nodeland

Subscribe
Archives
October 31, 2022

Upcoming Node.js security releases and many other Adventures in Nodeland - Issue #82

Hey Folks! As I’m writing this I’m in Ortigia in Sicily waiting for my daughter to wake up. I’m grateful of every moment I can pass with her. Brace yourself for a CRITICAL OpenSSL release - we would need to update all our Node.js installs next week!

OpenSSL November Security Release | Node.js
OpenSSL November Security Release | Node.js
OpenSSL is releasing a CRITICAL security fix the 1st of November. A Node.js security release will follow thereafter.
nodejs.org

Training

As you know, I’m a Board member of the OpenJS Foundation, the home of Node.js, Eslint, Webpack, and many other projects you know and love. One of the ways we keep our operations running is by providing a neutral home for vendor-neutral training. The Node.js training material for OpenJS was developed by my friend David Mark Clements with help of many others (including me). Are you interested? Head to https://training.linuxfoundation.org/application-development/ and enter the discount code COLLINA15 for 15% off.

Releases

  • @fastify/cors v8.1.1 expose named export to make it work with typescript nodenext resolution algorithm.
  • @fastify/express v2.1.0 removes a deep-require from within Fastify.
  • @fastify/vite v3.0.0 the official vite integration for Fastify! The inevitable v3.0.1 prevents the automatic loading of vite.config.js.
  • fastify-cli v5.5.1 adds the debug options to the help.
  • @fastify/multipart v7.3.0 adds support for TS nodenext resolution algorithm.
  • @fastify/swagger v8.1.0 adds support for server relative and templated URLs and renders the syntax of different content types responses.
  • async-cache-dedupe v1.5.0 allows the ttl parameter to be a function.
  • hapi-pino v11.0.1 removes old types.
  • @fastify/nextjs v9.2.0 adds support for Next.js v13!
  • @fastify/request-context v4.1.0 adds support for defaultStoreValue to be a function.
  • undici v5.12.0 improves fetch WPT test compatibility; undici.fetch() now pass 84% of WPT tests for fetch. It also fixes a tough bug on that could lead to unexpected errors - closing the socket is now interpreted as a “message complete” case. It also adds authentication support to ProxyAgent, and it updates llhttp to v8.1.0.

Articles I found interesting

Do you like css-in-js? It’s a wildly popular approach - and yet teams are starting to switch back to using CSS.

Why We're Breaking Up with CSS-in-JS
Hi, I’m Sam — software engineer at Spot and the 2nd most active maintainer of Emotion, a widely-popular CSS-in-JS library for React. This post will delve into what originally attracted me to CSS-in-JS, and why I (along with the rest of the Spot team) have decided to shift away from it.
dev.to

What is the 103 Early Hints status code? They can speed up the loading of your website - they are the successor of HTTP/2 push! Did you know that Node.js had support for early hints https://nodejs.org/api/http.html#responsewriteearlyhintshints-callback? In fact, you might not even need Node.js to leverage this as Cloudflare could do this for you, automatically.

Early Hints: How Cloudflare Can Improve Website Load Times by 30%
Early Hints: How Cloudflare Can Improve Website Load Times by 30%
Today, Cloudflare is announcing support for Early Hints. Early Hints takes advantage of “server think time” to asynchronously send instructions to the browser to begin loading resources while the origin server is compiling the full response, which can improve page load time by 30%.
blog.cloudflare.com
Early Hints: How Cloudflare Can Improve Website Load Times by 30%
Early Hints: How Cloudflare Can Improve Website Load Times by 30%
Today, Cloudflare is announcing support for Early Hints. Early Hints takes advantage of “server think time” to asynchronously send instructions to the browser to begin loading resources while the origin server is compiling the full response, which can improve page load time by 30%.
blog.cloudflare.com

Do you think CoPilot is breaking the Open Source licenses of our software? In any case, check out this investigation: there might be some news coming out of this topic sooner rather than later.

GitHub Copilot investigation · Joseph Saveri Law Firm & Matthew Butterick
Hello. This is Matthew Butterick.
githubcopilotinvestigation.com

At Next.js Conf last week, Vercel announced Turbopack - their successor of Webpack. You should check it out ;).

Introducing Turbopack: Rust-based successor to Webpack – Vercel
Introducing Turbopack: Rust-based successor to Webpack – Vercel
Introducing Turbopack, the Rust-based successor to Webpack.
vercel.com
Introducing Turbopack: Rust-based successor to Webpack – Vercel
Introducing Turbopack: Rust-based successor to Webpack – Vercel
Introducing Turbopack, the Rust-based successor to Webpack.
vercel.com
Don't miss what's next. Subscribe to Adventures in Nodeland:
GitHub X YouTube LinkedIn