View profile

Security, Security, Security... and other Adventures in Nodeland - Issue #30

Matteo Collina
Matteo Collina
Hey Noders! Last week have been dedicated to Security work and the finalization of [email protected] as well as reading a few very interesting articles! Thanks for following along.. and let me know what you think of this issue!

October 12th 2021 Security Releases | Node.js
I’m starting this edition of Adventures in Nodeland by reminding you to upgrade your Node.js on Wednesday 13th.. as a set of vulnerability fixes will be released for all LTS lines. I’m running point for this release train.. let’s see how it is going!
Announcing Hashnode Open Source October - The Symposium, Grants, and New Badges! 🚀
Thursday 14th of October I will speak at the Open Source Symposium by Hashnode about my early days in OSS and what made a difference!
Pino 7 is almost there!
After almost a year in development, [email protected] is ready for prime time. All known transports have been updated and shipped, ready for v7.0.0 to hit npm. If things go according to plan, I’ll ship it next week, ready for my talk on [email protected]!
Release v7.0.0-rc.9 · pinojs/pino · GitHub
Last week I shipped a new security release of fastify-static, fixing an Open Redirect problem in certain conditions. Update!
Release v4.2.4 · fastify/fastify-static · GitHub
Unfortunately, not all fixes are well planned and we had to introduce another fix for the same problem as the fix introduced more problems:
Release v4.4.1 · fastify/fastify-static · GitHub
Last week we shipped Mercurius v8.6.0 and v8.5.0, adding two small features to the “messenger of the gods”: Mercurius. You might wonder why two minor release in a short timeframe… I tend to release as soon as I merge a change, in a form of continuous delivery (otherwise it’s very likeky that I would forget to ship!). Check them out:
Release v8.6.0 · mercurius-js/mercurius · GitHub
Release v8.5.0 · mercurius-js/mercurius · GitHub
I have found the following twitter thread incredibly fascinating. I have often worked in the aftermath of “10x engineers” and I can confirm: the result of their software is full of major flaws as they leave the teams and products they have created just to not fix them.
Gergely Orosz
There’s a debate on whether 10x software engineers exist.

They do: I’ve seen several of them.

And their existence freaks the hell out of me. 5 examples of 10x engineers and why you should be afraid when you see one:
I have been using the new release feature of GitHub for a few months now… and it’s awesome and a true time saver. I release a new version of a module each day and this help me quite significantly! Try it out!
A new public beta of GitHub Releases: How we’re improving the release experience | The GitHub Blog
Flow is one of the most important concept a developer must learn to harness to be great at their job. While in Flow, we can code much better. Read up an article from Sarah Drasner:
Last week all Facebook went down for a while. The following article explains in great detail what happened and what went wrong… and how all the Internet of today relies on a spec done in 1989!
Understanding How Facebook Disappeared from the Internet
Did you enjoy this issue? Yes No
Matteo Collina
Matteo Collina @matteocollina

I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.