<div class="container">
<h1>Recommended update for nodejs20</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2023:4344-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-4819">jsc#PED-4819</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-7088">jsc#PED-7088</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">openSUSE Leap 15.5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">Web and Scripting Module 15-SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that contains two features can now be installed.</p>
<h2>Description:</h2>
<p>This update for nodejs20 fixes the following issues:</p>
<p>This update provides nodejs 20 in version 20.8.1.</p>
<p>For overview of changes and details since 19.x and earlier see:</p>
<pre><code>https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0
</code></pre>
<ul>
<li>Permission Model</li>
</ul>
<p>Node.js now has an experimental feature called the Permission Model. It
allows developers to restrict access to specific resources during
program execution, such as file system operations, child process
spawning, and worker thread creation. The API exists behind a flag
--experimental-permission which when enabled will restrict access
to all available permissions. By using this feature, developers can
prevent their applications from accessing or modifying sensitive
data or running potentially harmful code. More information about the
Permission Model can be found in the Node.js documentation.</p>
<p>The Permission Model was a contribution by Rafael Gonzaga in #44004.</p>
<ul>
<li>Custom ESM loader hooks run on dedicated thread</li>
</ul>
<p>ESM hooks supplied via loaders (--experimental-loader=foo.mjs) now run
in a dedicated thread, isolated from the main thread. This provides a
separate scope for loaders and ensures no cross-contamination between
loaders and application code.</p>
<ul>
<li>Synchronous import.meta.resolve()</li>
</ul>
<p>In alignment with browser behavior, this function now returns
synchronously. Despite this, user loader resolve hooks can still
be defined as async functions (or as sync functions, if the
author prefers). Even when there are async resolve hooks loaded,
import.meta.resolve will still return synchronously for application code.</p>
<p>Contributed by Anna Henningsen, Antoine du Hamel, Geoffrey Booth,
Guy Bedford, Jacob Smith, and Michaël Zasso in #44710</p>
<ul>
<li>V8 11.3</li>
</ul>
<p>The V8 engine is updated to version 11.3, which is part of Chromium 113. This version includes three new features to the JavaScript API:</p>
<p>String.prototype.isWellFormed and toWellFormed
Methods that change Array and TypedArray by copy
Resizable ArrayBuffer and growable SharedArrayBuffer
RegExp v flag with set notation + properties of strings
WebAssembly Tail Call</p>
<p>The V8 update was a contribution by Michaël Zasso in #47251.</p>
<ul>
<li>Stable Test Runner</li>
</ul>
<p>The recent update to Node.js, version 20, includes an important change
to the test_runner module. The module has been marked as stable after a
recent update. Previously, the test_runner module was experimental, but
this change marks it as a stable module that is ready for production
use.</p>
<p>Contributed by Colin Ihrig in #46983</p>
<ul>
<li>Ada 2.0</li>
</ul>
<p>Node.js v20 comes with the latest version of the URL parser, Ada. This
update brings significant performance improvements to URL parsing,
including enhancements to the url.domainToASCII and url.domainToUnicode
functions in node:url.</p>
<p>Ada 2.0 has been integrated into the Node.js codebase, ensuring
that all parts of the application can benefit from the improved
performance. Additionally, Ada 2.0 features a significant performance
boost over its predecessor, Ada 1.0.4, while also eliminating the need
for the ICU requirement for URL hostname parsing.</p>
<p>Contributed by Yagiz Nizipli and Daniel Lemire in #47339</p>
<ul>
<li>Preparing single executable apps now requires injecting a Blob</li>
</ul>
<p>Building a single executable app now requires injecting a blob prepared
by Node.js from a JSON config instead of injecting the raw JS file. This
opens up the possibility of embedding multiple co-existing resources
into the SEA (Single Executable Apps).</p>
<p>Contributed by Joyee Cheung in #47125</p>
<ul>
<li>Web Crypto API</li>
</ul>
<p>Web Crypto API functions' arguments are now coerced and validated
as per their WebIDL definitions like in other Web Crypto API
implementations. This further improves interoperability with other
implementations of Web Crypto API.</p>
<p>This change was made by Filip Skokan in #46067.</p>
<ul>
<li>WASI version must now be specified</li>
</ul>
<p>When new WASI() is called, the version option is now required and has
no default value. Any code that relied on the default for the version
will need to be updated to request a specific version.</p>
<p>This change was made by Michael Dawson in #47391.</p>
<ul>
<li>
<p>Deprecations and Removals</p>
</li>
<li>
<p>(SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526</p>
<p>url.parse() accepts URLs with ports that are not numbers. This
behavior might result in host name spoofing with unexpected
input. These URLs will throw an error in future versions of Node.js,
as the WHATWG URL API does already. Starting with Node.js 20, these
URLS cause url.parse() to emit a warning.</p>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.5
<br/>
<code>zypper in -t patch SUSE-2023-4344=1 openSUSE-SLE-15.5-2023-4344=1</code>
</li>
<li class="list-group-item">
Web and Scripting Module 15-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4344=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
<ul>
<li>nodejs20-20.8.1-150500.11.3.1</li>
<li>nodejs20-debugsource-20.8.1-150500.11.3.1</li>
<li>nodejs20-devel-20.8.1-150500.11.3.1</li>
<li>npm20-20.8.1-150500.11.3.1</li>
<li>nodejs20-debuginfo-20.8.1-150500.11.3.1</li>
<li>corepack20-20.8.1-150500.11.3.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.5 (noarch)
<ul>
<li>nodejs20-docs-20.8.1-150500.11.3.1</li>
</ul>
</li>
<li>
Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>nodejs20-20.8.1-150500.11.3.1</li>
<li>nodejs20-debugsource-20.8.1-150500.11.3.1</li>
<li>nodejs20-devel-20.8.1-150500.11.3.1</li>
<li>npm20-20.8.1-150500.11.3.1</li>
<li>nodejs20-debuginfo-20.8.1-150500.11.3.1</li>
</ul>
</li>
<li>
Web and Scripting Module 15-SP5 (noarch)
<ul>
<li>nodejs20-docs-20.8.1-150500.11.3.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://jira.suse.com/browse/PED-4819">https://jira.suse.com/browse/PED-4819</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-7088">https://jira.suse.com/browse/PED-7088</a>
</li>
</ul>
</div>