RafaelGSS
df9cb97f59
2024-04-10, Version 18.20.2 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
src:
* disallow direct .bat and .cmd file spawning (Ben Noordhuis) https://github.com/nodejs-private/node-private/pull/564
PR-URL: https://github.com/nodejs-private/node-private/pull/578
2024-04-10 13:26:42 -03:00
RafaelGSS
ce4110332e
2024-04-10, Version 20.12.2 'Iron' (LTS)
...
This is a security release.
Notable changes:
src:
* disallow direct .bat and .cmd file spawning (Ben Noordhuis) https://github.com/nodejs-private/node-private/pull/563
PR-URL: https://github.com/nodejs-private/node-private/pull/579
2024-04-10 13:20:23 -03:00
RafaelGSS
e56adf6795
2024-04-10, Version 21.7.3 (Current)
...
This is a security release.
Notable changes:
src:
* disallow direct .bat and .cmd file spawning (Ben Noordhuis) https://github.com/nodejs-private/node-private/pull/562
PR-URL: https://github.com/nodejs-private/node-private/pull/580
2024-04-10 13:13:41 -03:00
RafaelGSS
6590a8c4e4
2024-04-03, Version 18.20.1 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
PR-URL: https://github.com/nodejs-private/node-private/pull/573
2024-04-03 11:00:53 -03:00
RafaelGSS
24d036ba45
2024-04-03, Version 20.12.1 'Iron' (LTS)
...
This is a security release.
Notable changes:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
PR-URL: https://github.com/nodejs-private/node-private/pull/575/
2024-04-03 10:50:49 -03:00
marco-ippolito
dab20ccea7
2024-04-03, Version 21.7.2 (Current)
...
This is a security release.
Notable changes:
deps:
* update undici to 6.11.1 (node-js-github-bot) https://github.com/nodejs/node/pull/52328
http:
* do not allow OBS fold in headers by default (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/556
src:
* ensure to close stream when destroying session (RafaelGSS) https://github.com/nodejs-private/node-private/pull/561
PR-URL: https://github.com/nodejs-private/node-private/pull/574
2024-04-03 10:38:18 -03:00
Richard Lau
6d2d3f17ba
2024-03-26, Version 20.12.0 'Iron' (LTS)
...
Notable changes:
build:
* (SEMVER-MINOR) build opt to set local location of headers (Michael Dawson) https://github.com/nodejs/node/pull/51525
crypto:
* (SEMVER-MINOR) implement crypto.hash() (Joyee Cheung) https://github.com/nodejs/node/pull/51044
* update root certificates to NSS 3.98 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/51794
doc:
* add lemire to collaborators (Daniel Lemire) https://github.com/nodejs/node/pull/51572
* add zcbenz to collaborators (Cheng Zhao) https://github.com/nodejs/node/pull/51812
lib:
* (SEMVER-MINOR) move encodingsMap to internal/util (Joyee Cheung) https://github.com/nodejs/node/pull/51044
sea:
* (SEMVER-MINOR) support sea.getRawAsset() (Joyee Cheung) https://github.com/nodejs/node/pull/50960
* (SEMVER-MINOR) support embedding assets (Joyee Cheung) https://github.com/nodejs/node/pull/50960
src:
* (SEMVER-MINOR) print string content better in BlobDeserializer (Joyee Cheung) https://github.com/nodejs/node/pull/50960
util:
* (SEMVER-MINOR) add styleText API to text formatting (Rafael Gonzaga) https://github.com/nodejs/node/pull/51850
vm:
* (SEMVER-MINOR) support using the default loader to handle dynamic import() (Joyee Cheung) https://github.com/nodejs/node/pull/51244
PR-URL: https://github.com/nodejs/node/pull/52212
2024-03-26 17:42:38 +00:00
Richard Lau
b9dc2a3243
2024-03-26, Version 18.20.0 'Hydrogen' (LTS)
...
Notable changes:
Added support for import attributes:
Support has been added for import attributes, to replace the old import
assertions syntax. This will aid migration by making the new syntax
available across all currently supported Node.js release lines.
For more details, see
* [#50134 ](https://github.com/nodejs/node/issues/50134 )
* [#51622 ](https://github.com/nodejs/node/issues/51622 )
Doc deprecation for `dirent.path`:
Please use newly added `dirent.parentPath` instead.
Experimental node-api feature flags
Introduces an experimental feature to segregate finalizers that affect GC state.
A new type called `node_api_nogc_env` has been introduced as the const version
of `napi_env` and `node_api_nogc_finalize` as a variant of `napi_finalize` that
accepts a `node_api_nogc_env` as its first argument.
This feature can be turned off by defining
`NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT`.
Root certificates updated to NSS 3.98:
Certificates added:
* Telekom Security TLS ECC Root 2020
* Telekom Security TLS RSA Root 2023
Certificates removed:
* Security Communication Root CA
Updated dependencies:
* ada updated to 2.7.6.
* base64 updated to 0.5.2.
* c-ares updated to 1.27.0.
* corepack updated to 0.25.2.
* ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
* npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
* simdutf8 updated to 4.0.8.
* Timezone updated to 2024a.
* zlib updated to 1.3.0.1-motley-40e35a7.
vm: fix V8 compilation cache support for vm.Script:
Previously repeated compilation of the same source code using `vm.Script`
stopped hitting the V8 compilation cache after v16.x when support for
`importModuleDynamically` was added to `vm.Script`, resulting in a performance
regression that blocked users (in particular Jest users) from upgrading from
v16.x.
The recent fixes allow the compilation cache to be hit again
for `vm.Script` when `--experimental-vm-modules` is not used even in the
presence of the `importModuleDynamically` option, so that users affected by the
performance regression can now upgrade. Ongoing work is also being done to
enable compilation cache support for `vm.CompileFunction`.
PR-URL: https://github.com/nodejs/node/pull/52165
2024-03-26 17:31:12 +00:00
Michaël Zasso
fd511fb3d0
2024-03-08, Version 21.7.1 (Current)
...
Notable changes:
This release reverts https://github.com/nodejs/node/pull/51389 ,
which landed in Node.js 21.7.0. It is a documented feature that
`t.after()` hooks are run even if a test has no subtests. The hook can
be used to clean up the test itself.
PR-URL: https://github.com/nodejs/node/pull/52002
2024-03-08 22:48:54 +01:00
marco-ippolito
2246cd9735
2024-03-06, Version 21.7.0 (Current)
...
Notable changes:
build:
* (SEMVER-MINOR) build opt to set local location of headers (Michael Dawson) https://github.com/nodejs/node/pull/51525
crypto:
* (SEMVER-MINOR) implement crypto.hash() (Joyee Cheung) https://github.com/nodejs/node/pull/51044
* update root certificates to NSS 3.98 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/51794
doc:
* add zcbenz to collaborators (Cheng Zhao) https://github.com/nodejs/node/pull/51812
* add lemire to collaborators (Daniel Lemire) https://github.com/nodejs/node/pull/51572
http2:
* (SEMVER-MINOR) add h2 compat support for appendHeader (Tim Perry) https://github.com/nodejs/node/pull/51412
* (SEMVER-MINOR) add server handshake utility (snek) https://github.com/nodejs/node/pull/51172
* (SEMVER-MINOR) receive customsettings (Marten Richter) https://github.com/nodejs/node/pull/51323
lib:
* (SEMVER-MINOR) move encodingsMap to internal/util (Joyee Cheung) https://github.com/nodejs/node/pull/51044
sea:
* (SEMVER-MINOR) support sea.getRawAsset() (Joyee Cheung) https://github.com/nodejs/node/pull/50960
* (SEMVER-MINOR) support embedding assets (Joyee Cheung) https://github.com/nodejs/node/pull/50960
src:
* (SEMVER-MINOR) print string content better in BlobDeserializer (Joyee Cheung) https://github.com/nodejs/node/pull/50960
* (SEMVER-MINOR) support multi-line values for .env file (IlyasShabi) https://github.com/nodejs/node/pull/51289
* (SEMVER-MINOR) add `process.loadEnvFile` and `util.parseEnv` (Yagiz Nizipli) https://github.com/nodejs/node/pull/51476
* (SEMVER-MINOR) do not coerce dotenv paths (Tobias Nießen) https://github.com/nodejs/node/pull/51425
stream:
* (SEMVER-MINOR) implement `min` option for `ReadableStreamBYOBReader.read` (Mattias Buelens) https://github.com/nodejs/node/pull/50888
util:
* (SEMVER-MINOR) add styleText API to text formatting (Rafael Gonzaga) https://github.com/nodejs/node/pull/51850
vm:
* (SEMVER-MINOR) support using the default loader to handle dynamic import() (Joyee Cheung) https://github.com/nodejs/node/pull/51244
PR-URL: https://github.com/nodejs/node/pull/51932
2024-03-06 15:35:16 -03:00
RafaelGSS
b43171c6f6
2024-02-14, Version 21.6.2 (Current)
...
This is a security release.
Notable changes:
crypto:
* disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
* upgrade libuv to 1.48.0 (Santiago Gimeno) https://github.com/nodejs/node/pull/51698
* disable io_uring support in libuv by default (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/528
fs:
* protect against modified Buffer internals in possiblyTransformPath (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/497
http:
* add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/518
lib:
* update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/538
* use cache fs internals against path traversal (RafaelGSS) https://github.com/nodejs-private/node-private/pull/516
src:
* fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
src,deps:
* disable setuid() etc if io_uring enabled (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/528
test,doc:
* clarify wildcard usage (RafaelGSS) https://github.com/nodejs-private/node-private/pull/517
zlib:
* pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/540
PR-URL: https://github.com/nodejs-private/node-private/pull/543
2024-02-14 14:12:25 -03:00
marco-ippolito
5405aa5b90
2024-02-14, Version 20.11.1 'Iron' (LTS)
...
This is a security release.
Notable changes:
crypto:
* disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
* upgrade libuv to 1.48.0 (Santiago Gimeno) https://github.com/nodejs/node/pull/51699
* update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/51614
* upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/51614
* disable io\_uring support in libuv by default (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/529
* fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) https://github.com/nodejs/node/pull/51737
fs:
* protect against modified Buffer internals in possiblyTransformPath (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/49
http:
* add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/519
lib:
* update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/539
* use cache fs internals against path traversal (RafaelGSS) https://github.com/nodejs-private/node-private/pull/516
src:
* fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
src,deps:
* disable setuid() etc if io\_uring enabled (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/529
test,doc:
* clarify wildcard usage (RafaelGSS) https://github.com/nodejs-private/node-private/pull/517
zlib:
* pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/541
PR-URL: https://github.com/nodejs-private/node-private/pull/544
2024-02-14 14:10:22 -03:00
marco-ippolito
2a5a150772
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
crypto:
* update root certificates to NSS 3.95 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/50805
* disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
* upgrade npm to 10.2.4 (npm team) https://github.com/nodejs/node/pull/50751
* update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/51614
* upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/node/pull/51614
* fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) https://github.com/nodejs/node/pull/51614
http:
* add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520
lib:
* update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536
src:
* fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
test:
* skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) https://github.com/nodejs/node/pull/49621
tools:
* add macOS notarization verification step (Ulises Gascón) https://github.com/nodejs/node/pull/50833
* use macOS keychain to notarize the releases (Ulises Gascón) https://github.com/nodejs/node/pull/50715
* remove unused file (Ulises Gascon) https://github.com/nodejs/node/pull/50622
* add macOS notarization stapler (Ulises Gascón) https://github.com/nodejs/node/pull/50625
* improve macOS notarization process output readability (Ulises Gascón) https://github.com/nodejs/node/pull/50389
* remove unused `version` function (Ulises Gascón) https://github.com/nodejs/node/pull/50390
win,tools:
* upgrade Windows signing to smctl (Stefan Stojanovic) https://github.com/nodejs/node/pull/50956
zlib:
* pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542
PR-URL: https://github.com/nodejs-private/node-private/pull/545
2024-02-14 14:05:41 -03:00
RafaelGSS
092075b04d
2024-01-22, Version 21.6.1 (Current)
...
Notable changes:
This release fixes a bug in `undici` using WebStreams
PR-URL: https://github.com/nodejs/node/pull/51530
2024-01-22 16:19:58 -03:00
RafaelGSS
e133e5115a
2024-01-15, Version 21.6.0 (Current)
...
Notable changes:
doc:
* (SEMVER-MINOR) add documentation for --build-snapshot-config (Anna Henningsen) https://github.com/nodejs/node/pull/50453
lib,src,permission:
* (SEMVER-MINOR) port path.resolve to C++ (Rafael Gonzaga) https://github.com/nodejs/node/pull/50758
net:
* (SEMVER-MINOR) add connection attempt events (Paolo Insogna) https://github.com/nodejs/node/pull/51045
src:
* (SEMVER-MINOR) support configurable snapshot (Joyee Cheung) https://github.com/nodejs/node/pull/50453
src,permission:
* (SEMVER-MINOR) add --allow-addon flag (Rafael Gonzaga) https://github.com/nodejs/node/pull/51183
timers:
* (SEMVER-MINOR) export timers.promises (Marco Ippolito) https://github.com/nodejs/node/pull/51246
PR-URL: https://github.com/nodejs/node/pull/51342
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2024-01-15 11:50:31 -03:00
Ulises Gascón
2d74e776ca
2024-01-09, Version 20.11.0 'Iron' (LTS)
...
Notable changes:
crypto:
* update root certificates to NSS 3.95 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/50805
doc:
* add MrJithil to collaborators (Jithil P Ponnan) https://github.com/nodejs/node/pull/50666
* add Ethan-Arrowood as a collaborator (Ethan Arrowood) https://github.com/nodejs/node/pull/50393
esm:
* (SEMVER-MINOR) add import.meta.dirname and import.meta.filename (James Sumners) https://github.com/nodejs/node/pull/48740
fs:
* add c++ fast path for writeFileSync utf8 (CanadaHonk) https://github.com/nodejs/node/pull/49884
module:
* (SEMVER-MINOR) remove useCustomLoadersIfPresent flag (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) bootstrap module loaders in shadow realm (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
src:
* (SEMVER-MINOR) add `--disable-warning` option (Ethan Arrowood) https://github.com/nodejs/node/pull/50661
* (SEMVER-MINOR) create per isolate proxy env template (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) make process binding data weak (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
stream:
* use Array for Readable buffer (Robert Nagy) https://github.com/nodejs/node/pull/50341
* optimize creation (Robert Nagy) https://github.com/nodejs/node/pull/50337
test_runner:
* (SEMVER-MINOR) adds built in lcov reporter (Phil Nash) https://github.com/nodejs/node/pull/50018
* (SEMVER-MINOR) add Date to the supported mock APIs (Lucas Santos) https://github.com/nodejs/node/pull/48638
test_runner, cli:
* (SEMVER-MINOR) add --test-timeout flag (Shubham Pandey) https://github.com/nodejs/node/pull/50443
PR-URL: https://github.com/nodejs/node/pull/51124
2024-01-09 20:47:16 +00:00
RafaelGSS
8b690a1fc1
2023-12-19, Version 21.5.0 (Current)
...
Notable changes:
deps:
* (SEMVER-MINOR) add simdjson (Yagiz Nizipli) https://github.com/nodejs/node/pull/50322
doc:
* deprecate hash constructor (Marco Ippolito) https://github.com/nodejs/node/pull/51077
* deprecate `dirent.path` (Antoine du Hamel) https://github.com/nodejs/node/pull/51020
module:
* merge config with `package_json_reader` (Yagiz Nizipli) https://github.com/nodejs/node/pull/50322
src:
* move package resolver to c++ (Yagiz Nizipli) https://github.com/nodejs/node/pull/50322
PR-URL: https://github.com/nodejs/node/pull/51166
2023-12-19 16:05:19 -03:00
Michaël Zasso
2eb1808a30
2023-12-05, Version 21.4.0 (Current)
...
Notable changes:
fs:
* (SEMVER-MINOR) introduce `dirent.parentPath` (Antoine du Hamel) https://github.com/nodejs/node/pull/50976
* use default w flag for writeFileSync with utf8 encoding (Murilo Kakazu) https://github.com/nodejs/node/pull/50990
PR-URL: https://github.com/nodejs/node/pull/51043
2023-12-05 10:28:50 +01:00
RafaelGSS
b7d2827ce0
2023-11-30, Version 21.3.0 (Current)
...
Notable changes:
crypto:
* update root certificates to NSS 3.95 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/50805
fs:
* add c++ fast path for writeFileSync utf8 (CanadaHonk) https://github.com/nodejs/node/pull/49884
module:
* (SEMVER-MINOR) bootstrap module loaders in shadow realm (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) remove useCustomLoadersIfPresent flag (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
src:
* (SEMVER-MINOR) add `--disable-warning` option (Ethan Arrowood) https://github.com/nodejs/node/pull/50661
* (SEMVER-MINOR) create per isolate proxy env template (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) create fs_dir per isolate properties (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) create worker per isolate properties (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) make process binding data weak (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
PR-URL: https://github.com/nodejs/node/pull/50954
2023-11-30 14:17:52 -03:00
Michaël Zasso
8787acb1e6
2023-11-29, Version 18.19.0 'Hydrogen' (LTS)
...
Notable changes:
deps:
* (SEMVER-MINOR) update uvwasi to 0.0.19 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49908
* (SEMVER-MINOR) upgrade npm to 10.2.3 (npm team) https://github.com/nodejs/node/pull/50531
doc:
* move and rename loaders section (Geoffrey Booth) https://github.com/nodejs/node/pull/49261
esm:
* use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50140
* --experimental-default-type flag to flip module defaults (Geoffrey Booth) https://github.com/nodejs/node/pull/49869
* unflag import.meta.resolve (Guy Bedford) https://github.com/nodejs/node/pull/49028
* move hook execution to separate thread (Jacob Smith) https://github.com/nodejs/node/pull/44710
* leverage loaders when resolving subsequent loaders (Maël Nison) https://github.com/nodejs/node/pull/43772
lib:
* (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) https://github.com/nodejs/node/pull/46391
* (SEMVER-MINOR) add tracing channel to diagnostics_channel (Stephen Belanger) https://github.com/nodejs/node/pull/44943
src:
* (SEMVER-MINOR) add cjs_module_lexer_version base64_version (Jithil P Ponnan) https://github.com/nodejs/node/pull/45629
stream:
* use bitmap in readable state (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/49745
test_runner:
* (SEMVER-MINOR) accept `testOnly` in `run` (Moshe Atlow) https://github.com/nodejs/node/pull/49753
* (SEMVER-MINOR) add junit reporter (Moshe Atlow) https://github.com/nodejs/node/pull/49614
* (SEMVER-MINOR) expose location of tests (Colin Ihrig) https://github.com/nodejs/node/pull/48975
* (SEMVER-MINOR) add shards support (Raz Luvaton) https://github.com/nodejs/node/pull/48639
* (SEMVER-MINOR) add initial draft for fakeTimers (Erick Wendel) https://github.com/nodejs/node/pull/47775
test_runner, cli:
* (SEMVER-MINOR) add --test-concurrency flag (Colin Ihrig) https://github.com/nodejs/node/pull/49996
tls:
* (SEMVER-MINOR) add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) https://github.com/nodejs/node/pull/45190
vm:
* (SEMVER-MINOR) use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50141
PR-URL: https://github.com/nodejs/node/pull/50953
2023-11-29 18:11:08 +01:00
Michaël Zasso
a9bd735adf
2023-11-22, Version 20.10.0 'Iron' (LTS)
...
Notable changes:
deps:
* (SEMVER-MINOR) update uvwasi to 0.0.19 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49908
doc:
* add H4ad to collaborators (Vinícius Lourenço) https://github.com/nodejs/node/pull/50217
esm:
* (SEMVER-MINOR) detect ESM syntax in ambiguous JavaScript (Geoffrey Booth) https://github.com/nodejs/node/pull/50096
* use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50140
* --experimental-default-type flag to flip module defaults (Geoffrey Booth) https://github.com/nodejs/node/pull/49869
fs:
* (SEMVER-MINOR) add flush option to appendFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50095
* add flush option to writeFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50009
lib:
* (SEMVER-MINOR) add WebSocket client (Matthew Aitken) https://github.com/nodejs/node/pull/49830
stream:
* (SEMVER-MINOR) allow pass stream class to `stream.compose` (Alex Yang) https://github.com/nodejs/node/pull/50187
* call helper function from push and unshift (Raz Luvaton) https://github.com/nodejs/node/pull/50173
* optimize Writable (Robert Nagy) https://github.com/nodejs/node/pull/50012
test_runner, cli:
* (SEMVER-MINOR) add --test-concurrency flag (Colin Ihrig) https://github.com/nodejs/node/pull/49996
vm:
* (SEMVER-MINOR) use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50141
* use default HDO when importModuleDynamically is not set (Joyee Cheung) https://github.com/nodejs/node/pull/49950
wasi:
PR-URL: https://github.com/nodejs/node/pull/50682
2023-11-22 16:03:13 +01:00
Michaël Zasso
02db7fc2cd
2023-11-14, Version 21.2.0 (Current)
...
Notable changes:
doc:
* add MrJithil to collaborators (Jithil P Ponnan) https://github.com/nodejs/node/pull/50666
* add Ethan-Arrowood as a collaborator (Ethan Arrowood) https://github.com/nodejs/node/pull/50393
esm:
* (SEMVER-MINOR) add import.meta.dirname and import.meta.filename (James Sumners) https://github.com/nodejs/node/pull/48740
fs:
* add stacktrace to fs/promises (翠 / green) https://github.com/nodejs/node/pull/49849
lib:
* (SEMVER-MINOR) add `--no-experimental-global-navigator` CLI flag (Antoine du Hamel) https://github.com/nodejs/node/pull/50562
* (SEMVER-MINOR) add navigator.language & navigator.languages (Aras Abbasi) https://github.com/nodejs/node/pull/50303
* (SEMVER-MINOR) add navigator.platform (Aras Abbasi) https://github.com/nodejs/node/pull/50385
stream:
* (SEMVER-MINOR) add support for `deflate-raw` format to webstreams compression (Damian Krzeminski) https://github.com/nodejs/node/pull/50097
* use Array for Readable buffer (Robert Nagy) https://github.com/nodejs/node/pull/50341
* optimize creation (Robert Nagy) https://github.com/nodejs/node/pull/50337
test_runner:
* (SEMVER-MINOR) adds built in lcov reporter (Phil Nash) https://github.com/nodejs/node/pull/50018
* (SEMVER-MINOR) add Date to the supported mock APIs (Lucas Santos) https://github.com/nodejs/node/pull/48638
test_runner, cli:
* (SEMVER-MINOR) add --test-timeout flag (Shubham Pandey) https://github.com/nodejs/node/pull/50443
PR-URL: https://github.com/nodejs/node/pull/50681
2023-11-14 19:00:59 +01:00
Richard Lau
2c4a332a9f
2023-10-24, Version 20.9.0 'Iron' (LTS)
...
Notable changes:
This release marks the transition of Node.js 20.x into Long Term Support (LTS)
with the codename 'Iron'. The 20.x release line now moves into "Active LTS"
and will remain so until October 2024. After that time, it will move into
"Maintenance" until end of life in April 2026.
PR-URL: https://github.com/nodejs/node/pull/50298
2023-10-24 10:12:56 -04:00
Michaël Zasso
7c1b1f41c3
2023-10-24, Version 21.1.0 (Current)
...
Notable changes:
doc:
* add H4ad to collaborators (Vinícius Lourenço) https://github.com/nodejs/node/pull/50217
esm:
* (SEMVER-MINOR) detect ESM syntax in ambiguous JavaScript (Geoffrey Booth) https://github.com/nodejs/node/pull/50096
fs:
* (SEMVER-MINOR) add flush option to appendFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50095
lib:
* (SEMVER-MINOR) add `navigator.userAgent` (Yagiz Nizipli) https://github.com/nodejs/node/pull/50200
stream:
* (SEMVER-MINOR) allow pass stream class to `stream.compose` (Alex Yang) https://github.com/nodejs/node/pull/50187
* call helper function from push and unshift (Raz Luvaton) https://github.com/nodejs/node/pull/50173
PR-URL: https://github.com/nodejs/node/pull/50335
2023-10-24 15:13:00 +02:00
RafaelGSS
ed16a46481
2023-10-17, Version 21.0.0 (Current)
...
Notable Changes:
doc:
* promote fetch/webstreams from experimental to stable (Steven) https://github.com/nodejs/node/pull/45684
esm:
* use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50140
* --experimental-default-type flag to flip module defaults (Geoffrey Booth) https://github.com/nodejs/node/pull/49869
* remove `globalPreload` hook (superseded by `initialize`) (Jacob Smith) https://github.com/nodejs/node/pull/49144
fs:
* add flush option to writeFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50009
* (SEMVER-MAJOR) add globSync implementation (Moshe Atlow) https://github.com/nodejs/node/pull/47653
http:
* (SEMVER-MAJOR) reduce parts in chunked response when corking (Robert Nagy) https://github.com/nodejs/node/pull/50167
lib:
* (SEMVER-MINOR) add WebSocket client (Matthew Aitken) https://github.com/nodejs/node/pull/49830
* (SEMVER-MAJOR) add `navigator.hardwareConcurrency` (Yagiz Nizipli) https://github.com/nodejs/node/pull/47769
stream:
* optimize Writable (Robert Nagy) https://github.com/nodejs/node/pull/50012
test_runner:
* (SEMVER-MAJOR) support passing globs (Moshe Atlow) https://github.com/nodejs/node/pull/47653
vm:
* use default HDO when importModuleDynamically is not set (Joyee Cheung) https://github.com/nodejs/node/pull/49950
Semver-Major Commits:
* (SEMVER-MAJOR) build: drop support for Visual Studio 2019 (Michaël Zasso) https://github.com/nodejs/node/pull/49051
* (SEMVER-MAJOR) build: bump supported macOS and Xcode versions (Michaël Zasso) https://github.com/nodejs/node/pull/49164
* (SEMVER-MAJOR) crypto: do not overwrite \_writableState.defaultEncoding (Tobias Nießen) https://github.com/nodejs/node/pull/49140
* (SEMVER-MAJOR) deps: bump minimum ICU version to 73 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) deps: update V8 to 11.8.172.13 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) deps: update llhttp to 9.1.2 (Paolo Insogna) https://github.com/nodejs/node/pull/48981
* (SEMVER-MAJOR) events: validate options of `on` and `once` (Deokjin Kim) https://github.com/nodejs/node/pull/46018
* (SEMVER-MAJOR) fs: adjust `position` validation in reading methods (Livia Medeiros) https://github.com/nodejs/node/pull/42835
* (SEMVER-MAJOR) fs: add globSync implementation (Moshe Atlow) https://github.com/nodejs/node/pull/47653
* (SEMVER-MAJOR) http: reduce parts in chunked response when corking (Robert Nagy) https://github.com/nodejs/node/pull/50167
* (SEMVER-MAJOR) lib: mark URL/URLSearchParams as uncloneable and untransferable (Chengzhong Wu) https://github.com/nodejs/node/pull/47497
* (SEMVER-MAJOR) lib: remove aix directory case for package reader (Yagiz Nizipli) https://github.com/nodejs/node/pull/48605
* (SEMVER-MAJOR) lib: add `navigator.hardwareConcurrency` (Yagiz Nizipli) https://github.com/nodejs/node/pull/47769
* (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) https://github.com/nodejs/node/pull/47202
* (SEMVER-MAJOR) module: harmonize error code between ESM and CJS (Antoine du Hamel) https://github.com/nodejs/node/pull/48606
* (SEMVER-MAJOR) net: do not treat `server.maxConnections=0` as `Infinity` (ignoramous) https://github.com/nodejs/node/pull/48276
* (SEMVER-MAJOR) net: only defer \_final call when connecting (Jason Zhang) https://github.com/nodejs/node/pull/47385
* (SEMVER-MAJOR) node-api: rename internal NAPI\_VERSION definition (Chengzhong Wu) https://github.com/nodejs/node/pull/48501
* (SEMVER-MAJOR) src: update NODE\_MODULE\_VERSION to 120 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) src: throw DOMException on cloning non-serializable objects (Chengzhong Wu) https://github.com/nodejs/node/pull/47839
* (SEMVER-MAJOR) src: throw DataCloneError on transfering untransferable objects (Chengzhong Wu) https://github.com/nodejs/node/pull/47604
* (SEMVER-MAJOR) stream: use private properties for strategies (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) stream: use private properties for encoding (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) stream: use private properties for compression (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) test\_runner: disallow array in `run` options (Raz Luvaton) https://github.com/nodejs/node/pull/49935
* (SEMVER-MAJOR) test\_runner: support passing globs (Moshe Atlow) https://github.com/nodejs/node/pull/47653
* (SEMVER-MAJOR) tls: use `validateNumber` for `options.minDHSize` (Deokjin Kim) https://github.com/nodejs/node/pull/49973
* (SEMVER-MAJOR) tls: use validateFunction for `options.checkServerIdentity` (Deokjin Kim) https://github.com/nodejs/node/pull/49896
* (SEMVER-MAJOR) util: runtime deprecate `promisify`-ing a function returning a `Promise` (Antoine du Hamel) https://github.com/nodejs/node/pull/49609
* (SEMVER-MAJOR) vm: freeze `dependencySpecifiers` array (Antoine du Hamel) https://github.com/nodejs/node/pull/49720
PR-URL: https://github.com/nodejs/node/pull/49870
Co-authored-by: Michaël Zasso <targos@protonmail.com>
2023-10-17 12:45:37 -03:00
RafaelGSS
937ea06fd5
2023-10-13, Version 18.18.2 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 ): `nghttp2` Security Release (High)
* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143 ): `undici` Security Release (High)
* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552 ): Integrity checks according to policies can be circumvented (Medium)
* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333 ): Code injection via WebAssembly export names (Low)
PR-URL: https://github.com/nodejs-private/node-private/pull/492
2023-10-13 17:52:15 -03:00
RafaelGSS
deeffa0388
2023-10-13, Version 20.8.1 (Current)
...
This is a security release.
Notable changes:
* CVE-2023-44487: `nghttp2` Security Release (High)
* CVE-2023-45143: `undici` Security Release (High)
* CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
* CVE-2023-39331: Permission model improperly protects against path traversal (High)
* CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)
PR-URL: https://github.com/nodejs-private/node-private/pull/491
2023-10-13 17:25:50 -03:00
Richard Lau
11f95dd12f
2023-10-10, Version 18.18.1 'Hydrogen' (LTS)
...
Notable changes:
This release addresses some regressions that appeared in Node.js 18.18.0:
- (Windows) FS can not handle certain characters in file name
https://github.com/nodejs/node/issues/48673
- 18 and 20 node images give error - Text file busy (after re-build images)
https://github.com/nodejs/docker-node/issues/1968
- libuv update in 18.18.0 breaks webpack's thread-loader
https://github.com/nodejs/node/issues/49911
The libuv 1.45.0 and 1.46.0 updates that were released in Node.js 18.18.0
have been temporarily reverted.
PR-URL: https://github.com/nodejs/node/pull/50066
2023-10-10 11:38:44 -04:00
Ruy Adorno
5570c29780
2023-09-28, Version 20.8.0 (Current)
...
Notable changes:
deps:
* add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) https://github.com/nodejs/node/pull/49874
doc:
* deprecate `fs.F_OK`, `fs.R_OK`, `fs.W_OK`, `fs.X_OK` (Livia Medeiros) https://github.com/nodejs/node/pull/49683
* deprecate `util.toUSVString` (Yagiz Nizipli) https://github.com/nodejs/node/pull/49725
* deprecate calling `promisify` on a function that returns a promise (Antoine du Hamel) https://github.com/nodejs/node/pull/49647
esm:
* set all hooks as release candidate (Geoffrey Booth) https://github.com/nodejs/node/pull/49597
module:
* fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) https://github.com/nodejs/node/pull/48510
* fix leak of vm.SyntheticModule (Joyee Cheung) https://github.com/nodejs/node/pull/48510
* use symbol in WeakMap to manage host defined options (Joyee Cheung) https://github.com/nodejs/node/pull/48510
src:
* (SEMVER-MINOR) allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) https://github.com/nodejs/node/pull/49279
stream:
* use bitmap in writable state (Raz Luvaton) https://github.com/nodejs/node/pull/49834
* use bitmap in readable state (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/49745
* improve webstream readable async iterator performance (Raz Luvaton) https://github.com/nodejs/node/pull/49662
test_runner:
* (SEMVER-MINOR) accept `testOnly` in `run` (Moshe Atlow) https://github.com/nodejs/node/pull/49753
* (SEMVER-MINOR) add junit reporter (Moshe Atlow) https://github.com/nodejs/node/pull/49614
PR-URL: https://github.com/nodejs/node/pull/49932
2023-09-28 23:14:36 -04:00
Ruy Adorno
78ab0eebd1
2023-09-18, Version 18.18.0 'Hydrogen' (LTS)
...
Notable changes:
build:
* sync libuv header change (Jiawen Geng) https://github.com/nodejs/node/pull/48078
crypto:
* update root certificates to NSS 3.93 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49341
* update root certificates to NSS 3.90 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/48416
deps:
* add missing thread-common.c in uv.gyp (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
* upgrade to libuv 1.46.0 (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
* upgrade to libuv 1.45.0 (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
doc:
* add atlowChemi to collaborators (atlowChemi) https://github.com/nodejs/node/pull/48757
* add vmoroz to collaborators (Vladimir Morozov) https://github.com/nodejs/node/pull/48527
* add kvakil to collaborators (Keyhan Vakil) https://github.com/nodejs/node/pull/48449
esm:
* (SEMVER-MINOR) add `--import` flag (Moshe Atlow) https://github.com/nodejs/node/pull/43942
events:
* (SEMVER-MINOR) allow safely adding listener to abortSignal (Chemi Atlow) https://github.com/nodejs/node/pull/48596
fs, stream:
* initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) https://github.com/nodejs/node/pull/48518
net:
* add autoSelectFamily global getter and setter (Paolo Insogna) https://github.com/nodejs/node/pull/45777
url:
* (SEMVER-MINOR) add value argument to has and delete methods (Sankalp Shubham) https://github.com/nodejs/node/pull/47885
PR-URL: https://github.com/nodejs/node/pull/49220
2023-09-18 17:39:17 -04:00
Ulises Gascón
b651e37d2e
2023-09-18, Version 20.7.0 (Current)
...
Notable changes:
crypto:
* update root certificates to NSS 3.93 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49341
deps:
* upgrade npm to 10.1.0 (npm team) https://github.com/nodejs/node/pull/49570
* upgrade npm to 10.0.0 (npm team) https://github.com/nodejs/node/pull/49423
doc:
* move and rename loaders section (Geoffrey Booth) https://github.com/nodejs/node/pull/49261
* add release key for Ulises Gascon (Ulises Gascón) https://github.com/nodejs/node/pull/49196
lib:
* (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) https://github.com/nodejs/node/pull/46391
src:
* support multiple `--env-file` declarations (Yagiz Nizipli) https://github.com/nodejs/node/pull/49542
src,permission:
* add multiple allow-fs-* flags (Carlos Espa) https://github.com/nodejs/node/pull/49047
test_runner:
* (SEMVER-MINOR) expose location of tests (Colin Ihrig) https://github.com/nodejs/node/pull/48975
PR-URL: https://github.com/nodejs/node/pull/49592
2023-09-18 17:36:24 +00:00
Richard Lau
44084b81bb
doc: mark Node.js 16 as End-of-Life
...
PR-URL: https://github.com/nodejs/node/pull/49651
Refs: https://nodejs.org/en/blog/announcements/nodejs16-eol
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
2023-09-14 16:22:41 +00:00
RafaelGSS
0a2ab4c77c
2023-09-08, Version 20.6.1 (Current)
...
Notable changes:
esm:
* fix loading of CJS modules from ESM (Antoine du Hamel) https://github.com/nodejs/node/pull/49500
PR-URL: https://github.com/nodejs/node/pull/49528
2023-09-08 11:45:05 -04:00
Ulises Gascón
12354260db
2023-09-04, Version 20.6.0 (Current)
...
Notable changes:
deps:
* V8: cherry-pick 93275031284c (Joyee Cheung) #48660
doc:
* add new TSC members (Michael Dawson) #48841
* add rluvaton to collaborators (Raz Luvaton) #49215
esm:
* unflag import.meta.resolve (Guy Bedford) #49028
* add `initialize` hook, integrate with `register` (Izaak Schroeder) #48842
* unflag `Module.register` and allow nested loader `import()` (Izaak Schroeder) #48559
inspector:
* (SEMVER-MINOR) open add `SymbolDispose` (Chemi Atlow) #48765
module:
* implement `register` utility (João Lenon) #46826
* make CJS load from ESM loader (Antoine du Hamel) #47999
src:
* add built-in `.env` file support (Yagiz Nizipli) #48890
* initialize cppgc (Daryl Haresign and Joyee Cheung) #48660 and #45704
test_runner:
* (SEMVER-MINOR) expose location of tests (Colin Ihrig) #48975
PR-URL: https://github.com/nodejs/node/pull/49185
2023-09-04 15:01:52 -05:00
RafaelGSS
ae25da20fa
2023-08-09, Version 20.5.1 (Current)
...
This is a security release.
Notable changes:
* CVE-2023-32002: Policies can be bypassed via Module.\_load (High)
* CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High)
* CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* CVE-2023-32005: fs.statfs can bypass the permission model (Low)
* CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
* OpenSSL Security Releases
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html
PR-URL: https://github.com/nodejs-private/node-private/pull/465
2023-08-09 14:24:18 -03:00
RafaelGSS
6d46d986a4
2023-08-09, Version 18.17.1 'Hydrogen' (LTS)
...
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html
PR-URL: https://github.com/nodejs-private/node-private/pull/463
2023-08-09 14:02:22 -03:00
RafaelGSS
eed21991fb
2023-08-09, Version 16.20.2 'Gallium' (LTS)
...
This is a security release.
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html
PR-URL: https://github.com/nodejs-private/node-private/pull/458
2023-08-09 13:36:10 -03:00
Juan José Arboleda
d5761a4f8e
2023-07-18, Version 20.5.0 (Current)
...
Notable changes:
doc:
* add atlowChemi to collaborators (atlowChemi) https://github.com/nodejs/node/pull/48757
events:
* (SEMVER-MINOR) allow safely adding listener to abortSignal (Chemi Atlow) https://github.com/nodejs/node/pull/48596
fs:
* add a fast-path for readFileSync utf-8 (Yagiz Nizipli) https://github.com/nodejs/node/pull/48658
test_runner:
* (SEMVER-MINOR) add shards support (Raz Luvaton) https://github.com/nodejs/node/pull/48639
PR-URL: https://github.com/nodejs/node/pull/48761
2023-07-20 16:28:46 -05:00
Danielle Adams
51513b23e8
2023-07-18, Version 18.17.0 'Hydrogen' (LTS)
...
Notable changes:
Ada 2.0
Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This
update brings significant performance improvements to URL parsing, including
enhancements to the url.domainToASCII and url.domainToUnicode functions
in node:url.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all
parts of the application can benefit from the improved performance. Additionally,
Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in https://github.com/nodejs/node/pull/47339
Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per
their WebIDL definitions like in other Web Crypto API implementations. This
further improves interoperability with other implementations of Web Crypto API.
Contributed by Filip Skokan in https://github.com/nodejs/node/pull/46067
crypto:
* update root certificates to NSS 3.89 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47659
dns:
* (SEMVER-MINOR) expose getDefaultResultOrder (btea) https://github.com/nodejs/node/pull/46973
doc:
* add ovflowd to collaborators (Claudio Wunder) https://github.com/nodejs/node/pull/47844
* add KhafraDev to collaborators (Matthew Aitken) https://github.com/nodejs/node/pull/47510
* events:
* (SEMVER-MINOR) add getMaxListeners method (Matthew Aitken) https://github.com/nodejs/node/pull/47039
fs:
* (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
* (SEMVER-MINOR) add recursive option to readdir and opendir (Ethan Arrowood) https://github.com/nodejs/node/pull/41439
* (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
* (SEMVER-MINOR) implement byob mode for readableWebStream() (Debadree Chatterjee) https://github.com/nodejs/node/pull/46933
http:
* (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) https://github.com/nodejs/node/pull/47732
* (SEMVER-MINOR) remove internal error in assignSocket (Matteo Collina) https://github.com/nodejs/node/pull/47723
* (SEMVER-MINOR) add highWaterMark opt in http.createServer (HinataKah0) https://github.com/nodejs/node/pull/47405
lib:
* (SEMVER-MINOR) add webstreams to Duplex.from() (Debadree Chatterjee) https://github.com/nodejs/node/pull/46190
* (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) https://github.com/nodejs/node/pull/47821
module:
* change default resolver to not throw on unknown scheme (Gil Tayar) https://github.com/nodejs/node/pull/47824
node-api:
* (SEMVER-MINOR) define version 9 (Chengzhong Wu) https://github.com/nodejs/node/pull/48151
* (SEMVER-MINOR) deprecate napi_module_register (Vladimir Morozov) https://github.com/nodejs/node/pull/46319
stream:
* (SEMVER-MINOR) preserve object mode in compose (Raz Luvaton) https://github.com/nodejs/node/pull/47413
* (SEMVER-MINOR) add setter & getter for default highWaterMark (#46929 ) (Robert Nagy) https://github.com/nodejs/node/pull/46929
test:
* unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
test_runner:
* (SEMVER-MINOR) add shorthands to `test` (Chemi Atlow) https://github.com/nodejs/node/pull/47909
* (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) https://github.com/nodejs/node/pull/47686
* (SEMVER-MINOR) execute before hook on test (Chemi Atlow) https://github.com/nodejs/node/pull/47586
* (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow) https://github.com/nodejs/node/pull/47238
tools:
* update LICENSE and license-builder.sh (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
url:
* (SEMVER-MINOR) implement URL.canParse (Matthew Aitken) https://github.com/nodejs/node/pull/47179
wasi:
* (SEMVER-MINOR) no longer require flag to enable wasi (Michael Dawson) https://github.com/nodejs/node/pull/47286
PR-URL: https://github.com/nodejs/node/pull/48694
2023-07-18 15:37:22 -04:00
RafaelGSS
8fc3851da7
2023-07-05, Version 20.4.0 (Current)
...
Notable changes:
crypto:
* update root certificates to NSS 3.90 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/48416
doc:
* add vmoroz to collaborators (Vladimir Morozov) https://github.com/nodejs/node/pull/48527
* add kvakil to collaborators (Keyhan Vakil) https://github.com/nodejs/node/pull/48449
fs, stream:
* initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) https://github.com/nodejs/node/pull/48518
test_runner:
* (SEMVER-MINOR) add initial draft for fakeTimers (Erick Wendel) https://github.com/nodejs/node/pull/47775
tls:
* (SEMVER-MINOR) add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) https://github.com/nodejs/node/pull/45190
PR-URL: https://github.com/nodejs/node/pull/48643
2023-07-05 10:51:42 -03:00
RafaelGSS
b607b74a4f
2023-06-20, Version 18.16.1 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
* https://www.openssl.org/news/secadv/20230328.txt
* https://www.openssl.org/news/secadv/20230420.txt
* https://www.openssl.org/news/secadv/20230530.txt
* c-ares vulnerabilities:
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
PR-URL: https://github.com/nodejs-private/node-private/pull/434
2023-06-20 17:26:23 -03:00
RafaelGSS
167dc77d85
2023-06-20, Version 20.3.1 (Current)
...
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
* CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
* CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
* CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
* [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt ).
* [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt ).
* [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt )
PR-URL: https://github.com/nodejs-private/node-private/pull/435
2023-06-20 17:08:45 -03:00
RafaelGSS
c09acb3ea8
2023-06-20, Version 16.20.1 'Gallium' (LTS)
...
This is a security release.
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
* https://www.openssl.org/news/secadv/20230328.txt
* https://www.openssl.org/news/secadv/20230420.txt
* https://www.openssl.org/news/secadv/20230530.txt
* c-ares vulnerabilities:
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
PR-URL: https://github.com/nodejs-private/node-private/pull/432
2023-06-20 16:21:56 -03:00
Michaël Zasso
5a58972207
2023-06-08, Version 20.3.0 (Current)
...
Notable changes:
deps:
* upgrade to libuv 1.45.0, including significant performance
improvements to file system operations on Linux (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
doc:
* add Ruy Adorno to list of TSC members (Michael Dawson) https://github.com/nodejs/node/pull/48172
* mark Node.js 14 as End-of-Life (Richard Lau) https://github.com/nodejs/node/pull/48023
lib:
* (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) https://github.com/nodejs/node/pull/47821
module:
* change default resolver to not throw on unknown scheme (Gil Tayar) https://github.com/nodejs/node/pull/47824
node-api:
* (SEMVER-MINOR) define version 9 (Chengzhong Wu) https://github.com/nodejs/node/pull/48151
stream:
* deprecate asIndexedPairs (Chemi Atlow) https://github.com/nodejs/node/pull/48102
PR-URL: https://github.com/nodejs/node/pull/48332
2023-06-08 13:00:26 -03:00
Richard Lau
6aa2aeedcb
doc: mark Node.js 19 as End-of-Life
...
PR-URL: https://github.com/nodejs/node/pull/48283
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Debadree Chatterjee <debadree333@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
2023-06-01 17:51:45 +00:00
Michaël Zasso
c2ca4290f6
2023-05-16, Version 20.2.0 (Current)
...
Notable changes:
doc:
* add ovflowd to collaborators (Claudio Wunder) https://github.com/nodejs/node/pull/47844
http:
* (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) https://github.com/nodejs/node/pull/47732
sea:
* (SEMVER-MINOR) add option to disable the experimental SEA warning (Darshan Sen) https://github.com/nodejs/node/pull/47588
test_runner:
* (SEMVER-MINOR) add `skip`, `todo`, and `only` shorthands to `test` (Chemi Atlow) https://github.com/nodejs/node/pull/47909
url:
* (SEMVER-MINOR) add value argument to `URLSearchParams` `has` and `delete` methods (Sankalp Shubham) https://github.com/nodejs/node/pull/47885
PR-URL: https://github.com/nodejs/node/pull/48020
2023-05-16 14:40:46 +02:00
Richard Lau
fb6afb5c67
doc: mark Node.js 14 as End-of-Life
...
PR-URL: https://github.com/nodejs/node/pull/48023
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>
Reviewed-By: Qingyu Deng <i@ayase-lab.com>
Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Deokjin Kim <deokjin81.kim@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2023-05-16 11:20:08 +00:00
Michaël Zasso
c24a61b3f6
2023-05-03, Version 20.1.0 (Current)
...
Notable changes:
assert:
* deprecate `CallTracker` (Moshe Atlow) https://github.com/nodejs/node/pull/47740
crypto:
* update root certificates to NSS 3.89 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47659
dns:
* (SEMVER-MINOR) expose `getDefaultResultOrder` (btea) https://github.com/nodejs/node/pull/46973
doc:
* add KhafraDev to collaborators (Matthew Aitken) https://github.com/nodejs/node/pull/47510
fs:
* (SEMVER-MINOR) add `recursive` option to `readdir` and `opendir` (Ethan Arrowood) https://github.com/nodejs/node/pull/41439
* (SEMVER-MINOR) add support for `mode` flag to specify the copy behavior of the `cp` methods (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
http:
* (SEMVER-MINOR) add `highWaterMark` option `http.createServer` (HinataKah0) https://github.com/nodejs/node/pull/47405
stream:
* (SEMVER-MINOR) preserve object mode in `compose` (Raz Luvaton) https://github.com/nodejs/node/pull/47413
test_runner:
* (SEMVER-MINOR) add `testNamePatterns` to `run` API (Chemi Atlow) https://github.com/nodejs/node/pull/47628
* (SEMVER-MINOR) execute `before` hook on test (Chemi Atlow) https://github.com/nodejs/node/pull/47586
* (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) https://github.com/nodejs/node/pull/47686
wasi:
* (SEMVER-MINOR) make `returnOnExit` true by default (Michael Dawson) https://github.com/nodejs/node/pull/47390
PR-URL: https://github.com/nodejs/node/pull/47820
2023-05-03 17:41:05 +02:00
RafaelGSS
8920dc1801
2023-04-18, Version 20.0.0 (Current)
...
Notable Changes:
crypto:
* (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) https://github.com/nodejs/node/pull/46067
deps:
* update ada to 2.0.0 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47339
esm:
* move hook execution to separate thread (Jacob Smith) https://github.com/nodejs/node/pull/44710
sea:
* use JSON configuration and blob content for SEA (Joyee Cheung) https://github.com/nodejs/node/pull/47125
src,process:
* (SEMVER-MINOR) add permission model (Rafael Gonzaga) https://github.com/nodejs/node/pull/44004
url:
* drop ICU requirement for parsing hostnames (Yagiz Nizipli) https://github.com/nodejs/node/pull/47339
* use ada::url_aggregator for parsing urls (Yagiz Nizipli) https://github.com/nodejs/node/pull/47339
* (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) https://github.com/nodejs/node/pull/45526
Semver-Major Commits:
* [9fafb0a090https://github.com/nodejs/node/pull/46432
* [1948d37595https://github.com/nodejs/node/pull/46599
* [7bc0e6a4e7https://github.com/nodejs/node/pull/47153
* [671ffd7825https://github.com/nodejs/node/pull/45796
* [ab1614d280https://github.com/nodejs/node/pull/47251
* [c1bcdbcf79https://github.com/nodejs/node/pull/46806
* [649f68fc1ehttps://github.com/nodejs/node/pull/45579
* [9374700d7ahttps://github.com/nodejs/node/pull/47182
* [1640aeb680https://github.com/nodejs/node/pull/47073
* [c2e4b1fa9ahttps://github.com/nodejs/node/pull/47028
* [3ef38c4bd7https://github.com/nodejs/node/pull/46067
* [08af023b1fhttps://github.com/nodejs/node/pull/45653
* [7eb0ac3cb6https://github.com/nodejs/node/pull/47251
* [a7c129f286https://github.com/nodejs/node/pull/47251
* [6f5655a18ehttps://github.com/nodejs/node/pull/47251
* [f226350fcbhttps://github.com/nodejs/node/pull/47251
* [d6dae7420ehttps://github.com/nodejs/node/pull/45579
* [56c436533ehttps://github.com/nodejs/node/pull/45579
* [51ab98c71bhttps://github.com/nodejs/node/pull/45579
* [9f84d3eea8https://github.com/nodejs/node/pull/45579
* [f2318cd4b5https://github.com/nodejs/node/pull/45579
* [16e03e7968https://github.com/nodejs/node/pull/45579
* [6473f5e7f7https://github.com/nodejs/node/pull/47352
* [cc18fd9608https://github.com/nodejs/node/pull/45770
* [ff92b40ffchttps://github.com/nodejs/node/pull/46333
* [2a29df6464https://github.com/nodejs/node/pull/46331
* [391dc74a10https://github.com/nodejs/node/pull/46283
* [ed3604cd64https://github.com/nodejs/node/pull/45597
* [88d71dc301https://github.com/nodejs/node/pull/45772
* [e4d641f02ahttps://github.com/nodejs/node/pull/46174
* [0f3e531096https://github.com/nodejs/node/pull/41276
* [5b5898ac86https://github.com/nodejs/node/pull/45841
* [55321bafd1https://github.com/nodejs/node/pull/46790
* [2d0d99733bhttps://github.com/nodejs/node/pull/43716
* [dc06df31b6https://github.com/nodejs/node/pull/45801
* [295b2f3ff4https://github.com/nodejs/node/pull/47251
* [3803b028ddhttps://github.com/nodejs/node/pull/46825
* [e8bddac3e9https://github.com/nodejs/node/pull/46705
* [f84de0ad4chttps://github.com/nodejs/node/pull/46427
* [a6242772echttps://github.com/nodejs/node/pull/45579
* [dd5c39a808https://github.com/nodejs/node/pull/45579
* [63eca7fec0https://github.com/nodejs/node/pull/46430
* [9e7093f416https://github.com/nodejs/node/pull/46322
* [fb91ee4f26https://github.com/nodejs/node/pull/45579
* [eca618071ehttps://github.com/nodejs/node/pull/45579
* [c03354d3e0https://github.com/nodejs/node/pull/45508
* [c733cc0c7fhttps://github.com/nodejs/node/pull/46983
* [7ce223273dhttps://github.com/nodejs/node/pull/47251
* [ca4bd3023ehttps://github.com/nodejs/node/pull/47251
* [58b06a269ahttps://github.com/nodejs/node/pull/45579
* [027841c964https://github.com/nodejs/node/pull/46904
* [3bed5f11e0https://github.com/nodejs/node/pull/45526
* [7c76fddf25https://github.com/nodejs/node/pull/46718
* [4b52727976https://github.com/nodejs/node/pull/47391
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs/node/pull/47441
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-04-18 13:04:39 -03:00
Danielle Adams
527394783e
2023-04-12, Version 18.16.0 'Hydrogen' (LTS)
...
Notable changes:
Add initial support for single executable applications
Compile a JavaScript file into a single executable application:
```console
$ echo 'console.log(`Hello, ${process.argv[2]}!`);' > hello.js
$ cp $(command -v node) hello
$ npx postject hello NODE_JS_CODE hello.js \
--sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2
$ npx postject hello NODE_JS_CODE hello.js \
--sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2 \
--macho-segment-name NODE_JS
$ ./hello world
Hello, world!
```
Contributed by Darshan Sen in https://github.com/nodejs/node/pull/45038
Replace url parser with Ada
Node.js gets a new URL parser called Ada that is compliant with the WHATWG
URL Specification and provides more than 100% performance improvement to
the existing implementation.
Contributed by Yagiz Nizipli in https://github.com/nodejs/node/pull/46410
Other notable changes:
* buffer:
* (SEMVER-MINOR) add Buffer.copyBytesFrom(...) (James M Snell) https://github.com/nodejs/node/pull/46500
* doc:
* add marco-ippolito to collaborators (Marco Ippolito) https://github.com/nodejs/node/pull/46816
* add debadree25 to collaborators (Debadree Chatterjee) https://github.com/nodejs/node/pull/46716
* add deokjinkim to collaborators (Deokjin Kim) https://github.com/nodejs/node/pull/46444
* events:
* (SEMVER-MINOR) add listener argument to listenerCount (Paolo Insogna) https://github.com/nodejs/node/pull/46523
* lib:
* (SEMVER-MINOR) add AsyncLocalStorage.bind() and .snapshot() (flakey5) https://github.com/nodejs/node/pull/46387
* (SEMVER-MINOR) add aborted() utility function (Debadree Chatterjee) https://github.com/nodejs/node/pull/46494
* src:
* (SEMVER-MINOR) allow optional Isolate termination in node::Stop() (Shelley Vohr) https://github.com/nodejs/node/pull/46583
* (SEMVER-MINOR) allow embedder control of code generation policy (Shelley Vohr) https://github.com/nodejs/node/pull/46368
* stream:
* (SEMVER-MINOR) add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46273
* tls:
* (SEMVER-MINOR) support automatic DHE (Tobias Nießen) https://github.com/nodejs/node/pull/46978
* url:
* (SEMVER-MINOR) implement URLSearchParams size getter (James M Snell) https://github.com/nodejs/node/pull/46308
* worker:
* (SEMVER-MINOR) add support for worker name in inspector and trace_events (Debadree Chatterjee) https://github.com/nodejs/node/pull/46832
PR-URL: https://github.com/nodejs/node/pull/47502
2023-04-12 20:34:40 -04:00
