Fedora 35: 2022-97b214b298 Moderate: Node.js 16.14.0 Security Fix

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

## 2022-02-08, Version 16.14.0 'Gallium' (LTS), @danielleadams ### Notable

changes #### Importing JSON modules now requires experimental import assertions

syntax This release adds experimental support for the import assertions stage 3

proposal. To keep Node.js ESM implementation as compatible as possible with the

HTML spec, import assertions are now required to import JSON modules (still

behind the `--experimental-json-modules` CLI flag): ```mjs import info from

'./package.json' assert { type: 'json' }; ``` Or use dynamic import: ```mjs

const info = await import('./package.json', { assert: { type: 'json' } }); ```

Contributed by Antoine du Hamel and Geoffrey Booth

[#40250](https://github.com/nodejs/node/pull/40250) #### Other notable changes

* **async\_hooks**: * **(SEMVER-MINOR)** expose async\_wrap providers (Rafael

Gonzaga) [#40760](https://github.com/nodejs/node/pull/40760) *

**child\_process**: * **(SEMVER-MINOR)** add support for URL to `cp.fork`

(Antoine du Hamel) [#41225](https://github.com/nodejs/node/pull/41225) *

**doc**: * add @Mesteery to collaborators (Mestery)

[#41543](https://github.com/nodejs/node/pull/41543) * add @bnb as a

collaborator (Tierney Cyren) [#41100](https://github.com/nodejs/node/pull/41100)

* **esm**: * **(SEMVER-MINOR)** graduate capturerejections to supported (James

M Snell) [#41267](https://github.com/nodejs/node/pull/41267) * **(SEMVER-MINOR)** add EventEmitterAsyncResource to core (James M Snell)

[#41246](https://github.com/nodejs/node/pull/41246) * **events**: * **(SEMVER-MINOR)** propagate weak option for kNewListener (James M Snell)

[#40899](https://github.com/nodejs/node/pull/40899) * **fs**: * **(SEMVER-MINOR)** accept URL as argument for `fs.rm` and `fs.rmSync` (Antoine du Hamel)

[#41132](https://github.com/nodejs/node/pull/41132) * **lib**: * **(SEMVER-MINOR)** make AbortSignal cloneable/transferable (James M Snell)

[#41050](https://github.com/nodejs/node/pull/41050) * **(SEMVER-MINOR)** add

AbortSignal.timeout (James M Snell)

[#40899](https://github.com/nodejs/node/pull/40899) * **(SEMVER-MINOR)** add

reason to AbortSignal (James M Snell)

[#40807](https://github.com/nodejs/node/pull/40807) * **(SEMVER-MINOR)** add

unsubscribe method to non-active DC channels (simon-id)

[#40433](https://github.com/nodejs/node/pull/40433) * **(SEMVER-MINOR)** add

return value for DC channel.unsubscribe (simon-id)

[#40433](https://github.com/nodejs/node/pull/40433) * **loader**: * **(SEMVER-MINOR)** return package format from defaultResolve if known (Gabriel Bota)

[#40980](https://github.com/nodejs/node/pull/40980) * **perf\_hooks**: *

**(SEMVER-MINOR)** multiple fixes for Histogram (James M Snell)

[#41153](https://github.com/nodejs/node/pull/41153) * **process**: *

**(SEMVER-MINOR)** add `getActiveResourcesInfo()` (Darshan Sen)

[#40813](https://github.com/nodejs/node/pull/40813) * **src**: * **(SEMVER-MINOR)** add x509.fingerprint512 to crypto module (3nprob)

[#39809](https://github.com/nodejs/node/pull/39809) * **(SEMVER-MINOR)** add

flags for controlling process behavior (Cheng Zhao)

[#40339](https://github.com/nodejs/node/pull/40339) * **stream**: * **(SEMVER-MINOR)** add filter method to readable (Benjamin Gruenbaum)

[#41354](https://github.com/nodejs/node/pull/41354) * **(SEMVER-MINOR)** add

isReadable helper (Robert Nagy)

[#41199](https://github.com/nodejs/node/pull/41199) * **(SEMVER-MINOR)** add

map method to Readable (Benjamin Gruenbaum)

[#40815](https://github.com/nodejs/node/pull/40815) * deprecate thenable

support (Antoine du Hamel) [#40860](https://github.com/nodejs/node/pull/40860) *

**util**: * **(SEMVER-MINOR)** pass through the inspect function to custom

inspect functions (Ruben Bridgewater)

[#41019](https://github.com/nodejs/node/pull/41019) * **(SEMVER-MINOR)** add

numericSeparator to util.inspect (Ruben Bridgewater)

[#41003](https://github.com/nodejs/node/pull/41003) * **(SEMVER-MINOR)**

always visualize cause property in errors during inspection (Ruben Bridgewater)

[#41002](https://github.com/nodejs/node/pull/41002) * **timers**: * **(SEMVER-MINOR)** add experimental scheduler api (James M Snell)

[#40909](https://github.com/nodejs/node/pull/40909) * **v8**: * **(SEMVER-MINOR)** multi-tenant promise hook api (Stephen Belanger)

[#39283](https://github.com/nodejs/node/pull/39283) ---- Fix for

CVE-2021-43616

* Wed Feb 9 2022 Zuzana Svetlikova - 1:16.14.0-2

- Replace explicit version of npm in %check with variable and make build fail if it doesn't match

* Tue Feb 8 2022 Stephen Gallagher - 1:16.14.0-1

- Update to Node.js 16.14.0

* Thu Feb 3 2022 Stephen Gallagher - 1:16.13.2-8

- Update npm to 8.3.1 (CVE-2021-43616)

* Wed Feb 2 2022 Stephen Gallagher - 1:16.13.2-7

- Fix incorrect version Provides: for npm (bz#2049873)

* Mon Jan 31 2022 Stephen Gallagher - 1:16.13.2-6

- Rebuild for more architectures

* Mon Jan 31 2022 Stephen Gallagher - 1:16.13.2-5

- Tweak some dependencies on EPEL 7 (bz2048589)

- Add Provides: bundled(zlib)

* Wed Jan 19 2022 Stephen Gallagher - 1:16.13.2-3

- Bundle zlib on EPEL 7

* Mon Jan 17 2022 Stephen Gallagher - 1:16.13.2-2

- Add support for building on EPEL 7

[ 1 ] Bug #2050282 - CVE-2021-43616 npm: npm ci succeeds when package-lock.json doesn't match package.json

https://bugzilla.redhat.com/show_bug.cgi?id=2050282

su -c 'dnf upgrade --advisory FEDORA-2022-97b214b298' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure