Node.js – v20.8.1

This is the changelog for 20.8.1, but it’s important to point out that that 4 of the CVEs were also patched in 18.18.2.<p>Shameless promotion time, I have a little utility that can check a node version for CVEs or EOL:<p><pre><code> npx node-version-audit@latest --fail-security </code></pre> Or with docker:<p><pre><code> docker run --rm -t lightswitch05&#x2F;node-version-audit:latest --version=$(node -e &quot;console.log(process.versions.node)&quot;) </code></pre> Some highlights of the tool is zero dependencies and CVEs are sourced directly from NPM changelogs instead of waiting on slow CVE release processes. See the website for more details: <a href="https:&#x2F;&#x2F;www.github.developerdan.com&#x2F;node-version-audit&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.github.developerdan.com&#x2F;node-version-audit&#x2F;</a>

&gt; CVE-2023-44487: nghttp2 Security Release (High)<p><a href="https:&#x2F;&#x2F;cve.mitre.org&#x2F;cgi-bin&#x2F;cvename.cgi?name=CVE-2023-44487" rel="nofollow noreferrer">https:&#x2F;&#x2F;cve.mitre.org&#x2F;cgi-bin&#x2F;cvename.cgi?name=CVE-2023-4448...</a><p><a href="https:&#x2F;&#x2F;github.com&#x2F;nodejs&#x2F;node&#x2F;pull&#x2F;50121&#x2F;files">https:&#x2F;&#x2F;github.com&#x2F;nodejs&#x2F;node&#x2F;pull&#x2F;50121&#x2F;files</a><p>&gt; &#x2F;* Stream reset rate limiter. If receiving excessive amount of stream resets, GOAWAY will be sent. *&#x2F;<p>Easy to understand how that &quot;Google thwarted 400,000,000 requests per second&quot; CVE that was popular on here a week ago was worked around.

Is NodeJS becoming more performant &amp; efficient - as competition from Bun&#x2F;JustJS&#x2F;etc heat up?