SUSE-RU-2023:4344-1: moderate: Recommended update for nodejs20

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Nov 2 16:30:45 UTC 2023 


# Recommended update for nodejs20

Announcement ID: SUSE-RU-2023:4344-1  
Rating: moderate  
References:

  * jsc#PED-4819
  * jsc#PED-7088

  
Affected Products:

  * openSUSE Leap 15.5
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * Web and Scripting Module 15-SP5

  
  
An update that contains two features can now be installed.

## Description:

This update for nodejs20 fixes the following issues:

This update provides nodejs 20 in version 20.8.1.

For overview of changes and details since 19.x and earlier see:

    
    
    https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0
    

  * Permission Model

Node.js now has an experimental feature called the Permission Model. It allows
developers to restrict access to specific resources during program execution,
such as file system operations, child process spawning, and worker thread
creation. The API exists behind a flag \--experimental-permission which when
enabled will restrict access to all available permissions. By using this
feature, developers can prevent their applications from accessing or modifying
sensitive data or running potentially harmful code. More information about the
Permission Model can be found in the Node.js documentation.

The Permission Model was a contribution by Rafael Gonzaga in #44004.

  * Custom ESM loader hooks run on dedicated thread

ESM hooks supplied via loaders (--experimental-loader=foo.mjs) now run in a
dedicated thread, isolated from the main thread. This provides a separate scope
for loaders and ensures no cross-contamination between loaders and application
code.

  * Synchronous import.meta.resolve()

In alignment with browser behavior, this function now returns synchronously.
Despite this, user loader resolve hooks can still be defined as async functions
(or as sync functions, if the author prefers). Even when there are async resolve
hooks loaded, import.meta.resolve will still return synchronously for
application code.

Contributed by Anna Henningsen, Antoine du Hamel, Geoffrey Booth, Guy Bedford,
Jacob Smith, and Michaël Zasso in #44710

  * V8 11.3

The V8 engine is updated to version 11.3, which is part of Chromium 113. This
version includes three new features to the JavaScript API:

String.prototype.isWellFormed and toWellFormed Methods that change Array and
TypedArray by copy Resizable ArrayBuffer and growable SharedArrayBuffer RegExp v
flag with set notation + properties of strings WebAssembly Tail Call

The V8 update was a contribution by Michaël Zasso in #47251.

  * Stable Test Runner

The recent update to Node.js, version 20, includes an important change to the
test_runner module. The module has been marked as stable after a recent update.
Previously, the test_runner module was experimental, but this change marks it as
a stable module that is ready for production use.

Contributed by Colin Ihrig in #46983

  * Ada 2.0

Node.js v20 comes with the latest version of the URL parser, Ada. This update
brings significant performance improvements to URL parsing, including
enhancements to the url.domainToASCII and url.domainToUnicode functions in
node:url.

Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts
of the application can benefit from the improved performance. Additionally, Ada
2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname
parsing.

Contributed by Yagiz Nizipli and Daniel Lemire in #47339

  * Preparing single executable apps now requires injecting a Blob

Building a single executable app now requires injecting a blob prepared by
Node.js from a JSON config instead of injecting the raw JS file. This opens up
the possibility of embedding multiple co-existing resources into the SEA (Single
Executable Apps).

Contributed by Joyee Cheung in #47125

  * Web Crypto API

Web Crypto API functions' arguments are now coerced and validated as per their
WebIDL definitions like in other Web Crypto API implementations. This further
improves interoperability with other implementations of Web Crypto API.

This change was made by Filip Skokan in #46067.

  * WASI version must now be specified

When new WASI() is called, the version option is now required and has no default
value. Any code that relied on the default for the version will need to be
updated to request a specific version.

This change was made by Michael Dawson in #47391.

  * Deprecations and Removals

  * (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich
    Trott) #45526

url.parse() accepts URLs with ports that are not numbers. This behavior might
result in host name spoofing with unexpected input. These URLs will throw an
error in future versions of Node.js, as the WHATWG URL API does already.
Starting with Node.js 20, these URLS cause url.parse() to emit a warning.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.5  
    zypper in -t patch SUSE-2023-4344=1 openSUSE-SLE-15.5-2023-4344=1

  * Web and Scripting Module 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4344=1

## Package List:

  * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
    * nodejs20-20.8.1-150500.11.3.1
    * nodejs20-debugsource-20.8.1-150500.11.3.1
    * nodejs20-devel-20.8.1-150500.11.3.1
    * npm20-20.8.1-150500.11.3.1
    * nodejs20-debuginfo-20.8.1-150500.11.3.1
    * corepack20-20.8.1-150500.11.3.1
  * openSUSE Leap 15.5 (noarch)
    * nodejs20-docs-20.8.1-150500.11.3.1
  * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64)
    * nodejs20-20.8.1-150500.11.3.1
    * nodejs20-debugsource-20.8.1-150500.11.3.1
    * nodejs20-devel-20.8.1-150500.11.3.1
    * npm20-20.8.1-150500.11.3.1
    * nodejs20-debuginfo-20.8.1-150500.11.3.1
  * Web and Scripting Module 15-SP5 (noarch)
    * nodejs20-docs-20.8.1-150500.11.3.1

## References:

  * https://jira.suse.com/browse/PED-4819
  * https://jira.suse.com/browse/PED-7088

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20231102/25a71680/attachment.htm>

More information about the sle-updates mailing list