View profile

So many releases and other Adventures in Nodeland - Issue #53

Matteo Collina
Matteo Collina
Hi Folks! Another week has passed and we had a flurry of activity on Pino, Fastify and Mercurius! Last week I was back on the road to speak at CityJS Conference. After more than 2 years it felt amazing to be on stage!

Matteo Collina
Last week I did my first in-person conference from 2019! I missed the stage and connecting with the users of my modules so much!

Thank you Aris and all the CityJS team! https://t.co/iUPsi9AnBQ
Pino
Last week I have been on a journey to fix failing tests in CITGM. Some of the changes required a change in thread-stream’s flush() implementation to avoid release zalgo!
Release v0.14.0 · pinojs/thread-stream · GitHub
thread-stream v0.15.0 changes how transpiled code is loaded.
Release v0.15.0 · pinojs/thread-stream · GitHub
pino v7.9.2 fixed embedded those changes and reverted https://github.com/pinojs/pino/pull/1367, which caused a regression.
Release v7.9.2 · pinojs/pino · GitHub
[email protected] changed how we log errors to actually log the error message.
Release v9.3.0 · pinojs/hapi-pino · GitHub
pino-pretty v7.6.0 ships a new option to fallback custom levels and colors to default values: https://github.com/pinojs/pino-pretty/pull/317.
Release v7.6.0 · pinojs/pino-pretty · GitHub
Mercurius
Mercurius v9.3.6 and v8.12.2 ships a fundamental fix in how Federation is implemented: now they keep the requires directive in the gateway schema.
Release v9.3.6 · mercurius-js/mercurius · GitHub
Release v8.12.2 · mercurius-js/mercurius · GitHub
Fastify
How would you do hot module replacement for Frontend applications with Fastify? You could always wrap an express based solution… however
GitHub - gajus/fastify-webpack-hot: A Fastify plugin for serving files emitted by Webpack with Hot Module Replacement (HMR).
light-my-request, the module that provides the http injection capabilities to Fastify, got an update: the json() method can now be destructured. Thanks Simen!
Release v4.9.0 · fastify/light-my-request · GitHub
[email protected] was released with a few dependency upgrades and a fix for patternProperties.
Release v5.1.0 · fastify/fastify-swagger · GitHub
The new release of point-of-view includes an improved caching algorithm for partials. Check out v5.2.0:
Release v5.2.0 · fastify/point-of-view · GitHub
Other modules
[email protected] add cli options to pass certificate information:
Release v7.8.0 · mcollina/autocannon · GitHub
The power of “small modules” that “do one thing and one thing well” is that they could be “done” - no more features are needed. This was the case for the loopbench module which had its last update in 2016. Given the recent updates to Node.js a new version was needed and last week I released v2.0.0!
Release v2.0.0 · mcollina/loopbench · GitHub
News
Minimist received a public security vulnerability disclosure on March 15th, leading to a lot of security scanners flagging a lot of dependencies insecure. However that’s not the case as prototype pollution hardly affect command line parsing. Anyway, this was fixed in [email protected] Read up the initial report:
insufficient fix for prototype pollution in setKey() CVE-2021-44906 · Issue #164 · substack/minimist
Last week was interrupted by the public disclaimer of an Okta breach. Okta provides the corporate Single Sign On solution for most of the brands we use every day: potentially this could have enable somebody to access your data. Please read the Okta statement and the CloudFlare analysis.
Updated Okta Statement on LAPSUS$
Cloudflare’s investigation of the January 2022 Okta compromise
Event listeners and garbage collection
What manager would you like to be? Should you care about your direct reports or not? What would be most beneficial to you in the long term?
Gergely Orosz
As a manager, what approach would you choose?

Option 1: put the careers of your direct reports first.

Option 2: put the company first, and not be supportive for any external opportunities.

It's so clear when written down like this. So why do so many managers practice Option 2? https://t.co/rfTu1P45BC
I probably have missed the news back then, but Quirrel was acquired by Netlify. Why is this important for you? Quirrel is built on Fastify. That’s great news for the team!
Netlify Announces Acquisition of Quirrel to Extend Serverless Functions Capabilities
Have you had an hard time understanding NFTs? I compare them to collecting coins (or stamps) like my grandad used to do.
NFT Unpack | No Mercy / No Malice
Gergely Orosz
"What should worry about if I want to retain software engineers / engineering managers on my team?"

My way of thinking about the four key areas you should make sure people feel good about. If they do: unlikely they will leave. If 2 or more are missing: they are likely to go. https://t.co/LvzLUfkrv6
Did you enjoy this issue? Yes No
Matteo Collina
Matteo Collina @matteocollina

I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.