Ulises Gascón
2d74e776ca
2024-01-09, Version 20.11.0 'Iron' (LTS)
...
Notable changes:
crypto:
* update root certificates to NSS 3.95 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/50805
doc:
* add MrJithil to collaborators (Jithil P Ponnan) https://github.com/nodejs/node/pull/50666
* add Ethan-Arrowood as a collaborator (Ethan Arrowood) https://github.com/nodejs/node/pull/50393
esm:
* (SEMVER-MINOR) add import.meta.dirname and import.meta.filename (James Sumners) https://github.com/nodejs/node/pull/48740
fs:
* add c++ fast path for writeFileSync utf8 (CanadaHonk) https://github.com/nodejs/node/pull/49884
module:
* (SEMVER-MINOR) remove useCustomLoadersIfPresent flag (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) bootstrap module loaders in shadow realm (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
src:
* (SEMVER-MINOR) add `--disable-warning` option (Ethan Arrowood) https://github.com/nodejs/node/pull/50661
* (SEMVER-MINOR) create per isolate proxy env template (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) make process binding data weak (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
stream:
* use Array for Readable buffer (Robert Nagy) https://github.com/nodejs/node/pull/50341
* optimize creation (Robert Nagy) https://github.com/nodejs/node/pull/50337
test_runner:
* (SEMVER-MINOR) adds built in lcov reporter (Phil Nash) https://github.com/nodejs/node/pull/50018
* (SEMVER-MINOR) add Date to the supported mock APIs (Lucas Santos) https://github.com/nodejs/node/pull/48638
test_runner, cli:
* (SEMVER-MINOR) add --test-timeout flag (Shubham Pandey) https://github.com/nodejs/node/pull/50443
PR-URL: https://github.com/nodejs/node/pull/51124
2024-01-09 20:47:16 +00:00
RafaelGSS
8b690a1fc1
2023-12-19, Version 21.5.0 (Current)
...
Notable changes:
deps:
* (SEMVER-MINOR) add simdjson (Yagiz Nizipli) https://github.com/nodejs/node/pull/50322
doc:
* deprecate hash constructor (Marco Ippolito) https://github.com/nodejs/node/pull/51077
* deprecate `dirent.path` (Antoine du Hamel) https://github.com/nodejs/node/pull/51020
module:
* merge config with `package_json_reader` (Yagiz Nizipli) https://github.com/nodejs/node/pull/50322
src:
* move package resolver to c++ (Yagiz Nizipli) https://github.com/nodejs/node/pull/50322
PR-URL: https://github.com/nodejs/node/pull/51166
2023-12-19 16:05:19 -03:00
Michaël Zasso
2eb1808a30
2023-12-05, Version 21.4.0 (Current)
...
Notable changes:
fs:
* (SEMVER-MINOR) introduce `dirent.parentPath` (Antoine du Hamel) https://github.com/nodejs/node/pull/50976
* use default w flag for writeFileSync with utf8 encoding (Murilo Kakazu) https://github.com/nodejs/node/pull/50990
PR-URL: https://github.com/nodejs/node/pull/51043
2023-12-05 10:28:50 +01:00
RafaelGSS
b7d2827ce0
2023-11-30, Version 21.3.0 (Current)
...
Notable changes:
crypto:
* update root certificates to NSS 3.95 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/50805
fs:
* add c++ fast path for writeFileSync utf8 (CanadaHonk) https://github.com/nodejs/node/pull/49884
module:
* (SEMVER-MINOR) bootstrap module loaders in shadow realm (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) remove useCustomLoadersIfPresent flag (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
src:
* (SEMVER-MINOR) add `--disable-warning` option (Ethan Arrowood) https://github.com/nodejs/node/pull/50661
* (SEMVER-MINOR) create per isolate proxy env template (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) create fs_dir per isolate properties (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) create worker per isolate properties (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
* (SEMVER-MINOR) make process binding data weak (Chengzhong Wu) https://github.com/nodejs/node/pull/48655
PR-URL: https://github.com/nodejs/node/pull/50954
2023-11-30 14:17:52 -03:00
Michaël Zasso
8787acb1e6
2023-11-29, Version 18.19.0 'Hydrogen' (LTS)
...
Notable changes:
deps:
* (SEMVER-MINOR) update uvwasi to 0.0.19 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49908
* (SEMVER-MINOR) upgrade npm to 10.2.3 (npm team) https://github.com/nodejs/node/pull/50531
doc:
* move and rename loaders section (Geoffrey Booth) https://github.com/nodejs/node/pull/49261
esm:
* use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50140
* --experimental-default-type flag to flip module defaults (Geoffrey Booth) https://github.com/nodejs/node/pull/49869
* unflag import.meta.resolve (Guy Bedford) https://github.com/nodejs/node/pull/49028
* move hook execution to separate thread (Jacob Smith) https://github.com/nodejs/node/pull/44710
* leverage loaders when resolving subsequent loaders (Maël Nison) https://github.com/nodejs/node/pull/43772
lib:
* (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) https://github.com/nodejs/node/pull/46391
* (SEMVER-MINOR) add tracing channel to diagnostics_channel (Stephen Belanger) https://github.com/nodejs/node/pull/44943
src:
* (SEMVER-MINOR) add cjs_module_lexer_version base64_version (Jithil P Ponnan) https://github.com/nodejs/node/pull/45629
stream:
* use bitmap in readable state (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/49745
test_runner:
* (SEMVER-MINOR) accept `testOnly` in `run` (Moshe Atlow) https://github.com/nodejs/node/pull/49753
* (SEMVER-MINOR) add junit reporter (Moshe Atlow) https://github.com/nodejs/node/pull/49614
* (SEMVER-MINOR) expose location of tests (Colin Ihrig) https://github.com/nodejs/node/pull/48975
* (SEMVER-MINOR) add shards support (Raz Luvaton) https://github.com/nodejs/node/pull/48639
* (SEMVER-MINOR) add initial draft for fakeTimers (Erick Wendel) https://github.com/nodejs/node/pull/47775
test_runner, cli:
* (SEMVER-MINOR) add --test-concurrency flag (Colin Ihrig) https://github.com/nodejs/node/pull/49996
tls:
* (SEMVER-MINOR) add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) https://github.com/nodejs/node/pull/45190
vm:
* (SEMVER-MINOR) use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50141
PR-URL: https://github.com/nodejs/node/pull/50953
2023-11-29 18:11:08 +01:00
Michaël Zasso
a9bd735adf
2023-11-22, Version 20.10.0 'Iron' (LTS)
...
Notable changes:
deps:
* (SEMVER-MINOR) update uvwasi to 0.0.19 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49908
doc:
* add H4ad to collaborators (Vinícius Lourenço) https://github.com/nodejs/node/pull/50217
esm:
* (SEMVER-MINOR) detect ESM syntax in ambiguous JavaScript (Geoffrey Booth) https://github.com/nodejs/node/pull/50096
* use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50140
* --experimental-default-type flag to flip module defaults (Geoffrey Booth) https://github.com/nodejs/node/pull/49869
fs:
* (SEMVER-MINOR) add flush option to appendFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50095
* add flush option to writeFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50009
lib:
* (SEMVER-MINOR) add WebSocket client (Matthew Aitken) https://github.com/nodejs/node/pull/49830
stream:
* (SEMVER-MINOR) allow pass stream class to `stream.compose` (Alex Yang) https://github.com/nodejs/node/pull/50187
* call helper function from push and unshift (Raz Luvaton) https://github.com/nodejs/node/pull/50173
* optimize Writable (Robert Nagy) https://github.com/nodejs/node/pull/50012
test_runner, cli:
* (SEMVER-MINOR) add --test-concurrency flag (Colin Ihrig) https://github.com/nodejs/node/pull/49996
vm:
* (SEMVER-MINOR) use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50141
* use default HDO when importModuleDynamically is not set (Joyee Cheung) https://github.com/nodejs/node/pull/49950
wasi:
PR-URL: https://github.com/nodejs/node/pull/50682
2023-11-22 16:03:13 +01:00
Michaël Zasso
02db7fc2cd
2023-11-14, Version 21.2.0 (Current)
...
Notable changes:
doc:
* add MrJithil to collaborators (Jithil P Ponnan) https://github.com/nodejs/node/pull/50666
* add Ethan-Arrowood as a collaborator (Ethan Arrowood) https://github.com/nodejs/node/pull/50393
esm:
* (SEMVER-MINOR) add import.meta.dirname and import.meta.filename (James Sumners) https://github.com/nodejs/node/pull/48740
fs:
* add stacktrace to fs/promises (翠 / green) https://github.com/nodejs/node/pull/49849
lib:
* (SEMVER-MINOR) add `--no-experimental-global-navigator` CLI flag (Antoine du Hamel) https://github.com/nodejs/node/pull/50562
* (SEMVER-MINOR) add navigator.language & navigator.languages (Aras Abbasi) https://github.com/nodejs/node/pull/50303
* (SEMVER-MINOR) add navigator.platform (Aras Abbasi) https://github.com/nodejs/node/pull/50385
stream:
* (SEMVER-MINOR) add support for `deflate-raw` format to webstreams compression (Damian Krzeminski) https://github.com/nodejs/node/pull/50097
* use Array for Readable buffer (Robert Nagy) https://github.com/nodejs/node/pull/50341
* optimize creation (Robert Nagy) https://github.com/nodejs/node/pull/50337
test_runner:
* (SEMVER-MINOR) adds built in lcov reporter (Phil Nash) https://github.com/nodejs/node/pull/50018
* (SEMVER-MINOR) add Date to the supported mock APIs (Lucas Santos) https://github.com/nodejs/node/pull/48638
test_runner, cli:
* (SEMVER-MINOR) add --test-timeout flag (Shubham Pandey) https://github.com/nodejs/node/pull/50443
PR-URL: https://github.com/nodejs/node/pull/50681
2023-11-14 19:00:59 +01:00
Jacob Smith
c5e1fd0530
doc: correct attribution in v20.6.0 changelog
...
PR-URL: https://github.com/nodejs/node/pull/50564
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Claudio Wunder <cwunder@gnome.org>
2023-11-07 10:25:57 +00:00
Joyee Cheung
eba19d7508
doc: update notable changes in v21.1.0
...
PR-URL: https://github.com/nodejs/node/pull/50388
Refs: https://github.com/nodejs/nodejs.org/pull/6045
Reviewed-By: Tierney Cyren <hello@bnb.im>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2023-10-26 12:11:43 +00:00
Richard Lau
2c4a332a9f
2023-10-24, Version 20.9.0 'Iron' (LTS)
...
Notable changes:
This release marks the transition of Node.js 20.x into Long Term Support (LTS)
with the codename 'Iron'. The 20.x release line now moves into "Active LTS"
and will remain so until October 2024. After that time, it will move into
"Maintenance" until end of life in April 2026.
PR-URL: https://github.com/nodejs/node/pull/50298
2023-10-24 10:12:56 -04:00
Michaël Zasso
7c1b1f41c3
2023-10-24, Version 21.1.0 (Current)
...
Notable changes:
doc:
* add H4ad to collaborators (Vinícius Lourenço) https://github.com/nodejs/node/pull/50217
esm:
* (SEMVER-MINOR) detect ESM syntax in ambiguous JavaScript (Geoffrey Booth) https://github.com/nodejs/node/pull/50096
fs:
* (SEMVER-MINOR) add flush option to appendFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50095
lib:
* (SEMVER-MINOR) add `navigator.userAgent` (Yagiz Nizipli) https://github.com/nodejs/node/pull/50200
stream:
* (SEMVER-MINOR) allow pass stream class to `stream.compose` (Alex Yang) https://github.com/nodejs/node/pull/50187
* call helper function from push and unshift (Raz Luvaton) https://github.com/nodejs/node/pull/50173
PR-URL: https://github.com/nodejs/node/pull/50335
2023-10-24 15:13:00 +02:00
RafaelGSS
ed16a46481
2023-10-17, Version 21.0.0 (Current)
...
Notable Changes:
doc:
* promote fetch/webstreams from experimental to stable (Steven) https://github.com/nodejs/node/pull/45684
esm:
* use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50140
* --experimental-default-type flag to flip module defaults (Geoffrey Booth) https://github.com/nodejs/node/pull/49869
* remove `globalPreload` hook (superseded by `initialize`) (Jacob Smith) https://github.com/nodejs/node/pull/49144
fs:
* add flush option to writeFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50009
* (SEMVER-MAJOR) add globSync implementation (Moshe Atlow) https://github.com/nodejs/node/pull/47653
http:
* (SEMVER-MAJOR) reduce parts in chunked response when corking (Robert Nagy) https://github.com/nodejs/node/pull/50167
lib:
* (SEMVER-MINOR) add WebSocket client (Matthew Aitken) https://github.com/nodejs/node/pull/49830
* (SEMVER-MAJOR) add `navigator.hardwareConcurrency` (Yagiz Nizipli) https://github.com/nodejs/node/pull/47769
stream:
* optimize Writable (Robert Nagy) https://github.com/nodejs/node/pull/50012
test_runner:
* (SEMVER-MAJOR) support passing globs (Moshe Atlow) https://github.com/nodejs/node/pull/47653
vm:
* use default HDO when importModuleDynamically is not set (Joyee Cheung) https://github.com/nodejs/node/pull/49950
Semver-Major Commits:
* (SEMVER-MAJOR) build: drop support for Visual Studio 2019 (Michaël Zasso) https://github.com/nodejs/node/pull/49051
* (SEMVER-MAJOR) build: bump supported macOS and Xcode versions (Michaël Zasso) https://github.com/nodejs/node/pull/49164
* (SEMVER-MAJOR) crypto: do not overwrite \_writableState.defaultEncoding (Tobias Nießen) https://github.com/nodejs/node/pull/49140
* (SEMVER-MAJOR) deps: bump minimum ICU version to 73 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) deps: update V8 to 11.8.172.13 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) deps: update llhttp to 9.1.2 (Paolo Insogna) https://github.com/nodejs/node/pull/48981
* (SEMVER-MAJOR) events: validate options of `on` and `once` (Deokjin Kim) https://github.com/nodejs/node/pull/46018
* (SEMVER-MAJOR) fs: adjust `position` validation in reading methods (Livia Medeiros) https://github.com/nodejs/node/pull/42835
* (SEMVER-MAJOR) fs: add globSync implementation (Moshe Atlow) https://github.com/nodejs/node/pull/47653
* (SEMVER-MAJOR) http: reduce parts in chunked response when corking (Robert Nagy) https://github.com/nodejs/node/pull/50167
* (SEMVER-MAJOR) lib: mark URL/URLSearchParams as uncloneable and untransferable (Chengzhong Wu) https://github.com/nodejs/node/pull/47497
* (SEMVER-MAJOR) lib: remove aix directory case for package reader (Yagiz Nizipli) https://github.com/nodejs/node/pull/48605
* (SEMVER-MAJOR) lib: add `navigator.hardwareConcurrency` (Yagiz Nizipli) https://github.com/nodejs/node/pull/47769
* (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) https://github.com/nodejs/node/pull/47202
* (SEMVER-MAJOR) module: harmonize error code between ESM and CJS (Antoine du Hamel) https://github.com/nodejs/node/pull/48606
* (SEMVER-MAJOR) net: do not treat `server.maxConnections=0` as `Infinity` (ignoramous) https://github.com/nodejs/node/pull/48276
* (SEMVER-MAJOR) net: only defer \_final call when connecting (Jason Zhang) https://github.com/nodejs/node/pull/47385
* (SEMVER-MAJOR) node-api: rename internal NAPI\_VERSION definition (Chengzhong Wu) https://github.com/nodejs/node/pull/48501
* (SEMVER-MAJOR) src: update NODE\_MODULE\_VERSION to 120 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) src: throw DOMException on cloning non-serializable objects (Chengzhong Wu) https://github.com/nodejs/node/pull/47839
* (SEMVER-MAJOR) src: throw DataCloneError on transfering untransferable objects (Chengzhong Wu) https://github.com/nodejs/node/pull/47604
* (SEMVER-MAJOR) stream: use private properties for strategies (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) stream: use private properties for encoding (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) stream: use private properties for compression (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) test\_runner: disallow array in `run` options (Raz Luvaton) https://github.com/nodejs/node/pull/49935
* (SEMVER-MAJOR) test\_runner: support passing globs (Moshe Atlow) https://github.com/nodejs/node/pull/47653
* (SEMVER-MAJOR) tls: use `validateNumber` for `options.minDHSize` (Deokjin Kim) https://github.com/nodejs/node/pull/49973
* (SEMVER-MAJOR) tls: use validateFunction for `options.checkServerIdentity` (Deokjin Kim) https://github.com/nodejs/node/pull/49896
* (SEMVER-MAJOR) util: runtime deprecate `promisify`-ing a function returning a `Promise` (Antoine du Hamel) https://github.com/nodejs/node/pull/49609
* (SEMVER-MAJOR) vm: freeze `dependencySpecifiers` array (Antoine du Hamel) https://github.com/nodejs/node/pull/49720
PR-URL: https://github.com/nodejs/node/pull/49870
Co-authored-by: Michaël Zasso <targos@protonmail.com>
2023-10-17 12:45:37 -03:00
RafaelGSS
937ea06fd5
2023-10-13, Version 18.18.2 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 ): `nghttp2` Security Release (High)
* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143 ): `undici` Security Release (High)
* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552 ): Integrity checks according to policies can be circumvented (Medium)
* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333 ): Code injection via WebAssembly export names (Low)
PR-URL: https://github.com/nodejs-private/node-private/pull/492
2023-10-13 17:52:15 -03:00
RafaelGSS
deeffa0388
2023-10-13, Version 20.8.1 (Current)
...
This is a security release.
Notable changes:
* CVE-2023-44487: `nghttp2` Security Release (High)
* CVE-2023-45143: `undici` Security Release (High)
* CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
* CVE-2023-39331: Permission model improperly protects against path traversal (High)
* CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)
PR-URL: https://github.com/nodejs-private/node-private/pull/491
2023-10-13 17:25:50 -03:00
Richard Lau
11f95dd12f
2023-10-10, Version 18.18.1 'Hydrogen' (LTS)
...
Notable changes:
This release addresses some regressions that appeared in Node.js 18.18.0:
- (Windows) FS can not handle certain characters in file name
https://github.com/nodejs/node/issues/48673
- 18 and 20 node images give error - Text file busy (after re-build images)
https://github.com/nodejs/docker-node/issues/1968
- libuv update in 18.18.0 breaks webpack's thread-loader
https://github.com/nodejs/node/issues/49911
The libuv 1.45.0 and 1.46.0 updates that were released in Node.js 18.18.0
have been temporarily reverted.
PR-URL: https://github.com/nodejs/node/pull/50066
2023-10-10 11:38:44 -04:00
Joyee Cheung
7b624c30b2
doc: update CHANGELOG_V20 about vm fixes
...
Jest users might need additional changes to unblock upgrade from
v16.
PR-URL: https://github.com/nodejs/node/pull/49951
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
2023-09-29 16:20:46 +00:00
Ruy Adorno
5570c29780
2023-09-28, Version 20.8.0 (Current)
...
Notable changes:
deps:
* add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) https://github.com/nodejs/node/pull/49874
doc:
* deprecate `fs.F_OK`, `fs.R_OK`, `fs.W_OK`, `fs.X_OK` (Livia Medeiros) https://github.com/nodejs/node/pull/49683
* deprecate `util.toUSVString` (Yagiz Nizipli) https://github.com/nodejs/node/pull/49725
* deprecate calling `promisify` on a function that returns a promise (Antoine du Hamel) https://github.com/nodejs/node/pull/49647
esm:
* set all hooks as release candidate (Geoffrey Booth) https://github.com/nodejs/node/pull/49597
module:
* fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) https://github.com/nodejs/node/pull/48510
* fix leak of vm.SyntheticModule (Joyee Cheung) https://github.com/nodejs/node/pull/48510
* use symbol in WeakMap to manage host defined options (Joyee Cheung) https://github.com/nodejs/node/pull/48510
src:
* (SEMVER-MINOR) allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) https://github.com/nodejs/node/pull/49279
stream:
* use bitmap in writable state (Raz Luvaton) https://github.com/nodejs/node/pull/49834
* use bitmap in readable state (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/49745
* improve webstream readable async iterator performance (Raz Luvaton) https://github.com/nodejs/node/pull/49662
test_runner:
* (SEMVER-MINOR) accept `testOnly` in `run` (Moshe Atlow) https://github.com/nodejs/node/pull/49753
* (SEMVER-MINOR) add junit reporter (Moshe Atlow) https://github.com/nodejs/node/pull/49614
PR-URL: https://github.com/nodejs/node/pull/49932
2023-09-28 23:14:36 -04:00
Ruy Adorno
78ab0eebd1
2023-09-18, Version 18.18.0 'Hydrogen' (LTS)
...
Notable changes:
build:
* sync libuv header change (Jiawen Geng) https://github.com/nodejs/node/pull/48078
crypto:
* update root certificates to NSS 3.93 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49341
* update root certificates to NSS 3.90 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/48416
deps:
* add missing thread-common.c in uv.gyp (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
* upgrade to libuv 1.46.0 (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
* upgrade to libuv 1.45.0 (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
doc:
* add atlowChemi to collaborators (atlowChemi) https://github.com/nodejs/node/pull/48757
* add vmoroz to collaborators (Vladimir Morozov) https://github.com/nodejs/node/pull/48527
* add kvakil to collaborators (Keyhan Vakil) https://github.com/nodejs/node/pull/48449
esm:
* (SEMVER-MINOR) add `--import` flag (Moshe Atlow) https://github.com/nodejs/node/pull/43942
events:
* (SEMVER-MINOR) allow safely adding listener to abortSignal (Chemi Atlow) https://github.com/nodejs/node/pull/48596
fs, stream:
* initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) https://github.com/nodejs/node/pull/48518
net:
* add autoSelectFamily global getter and setter (Paolo Insogna) https://github.com/nodejs/node/pull/45777
url:
* (SEMVER-MINOR) add value argument to has and delete methods (Sankalp Shubham) https://github.com/nodejs/node/pull/47885
PR-URL: https://github.com/nodejs/node/pull/49220
2023-09-18 17:39:17 -04:00
Ulises Gascón
b651e37d2e
2023-09-18, Version 20.7.0 (Current)
...
Notable changes:
crypto:
* update root certificates to NSS 3.93 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49341
deps:
* upgrade npm to 10.1.0 (npm team) https://github.com/nodejs/node/pull/49570
* upgrade npm to 10.0.0 (npm team) https://github.com/nodejs/node/pull/49423
doc:
* move and rename loaders section (Geoffrey Booth) https://github.com/nodejs/node/pull/49261
* add release key for Ulises Gascon (Ulises Gascón) https://github.com/nodejs/node/pull/49196
lib:
* (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) https://github.com/nodejs/node/pull/46391
src:
* support multiple `--env-file` declarations (Yagiz Nizipli) https://github.com/nodejs/node/pull/49542
src,permission:
* add multiple allow-fs-* flags (Carlos Espa) https://github.com/nodejs/node/pull/49047
test_runner:
* (SEMVER-MINOR) expose location of tests (Colin Ihrig) https://github.com/nodejs/node/pull/48975
PR-URL: https://github.com/nodejs/node/pull/49592
2023-09-18 17:36:24 +00:00
RafaelGSS
0a2ab4c77c
2023-09-08, Version 20.6.1 (Current)
...
Notable changes:
esm:
* fix loading of CJS modules from ESM (Antoine du Hamel) https://github.com/nodejs/node/pull/49500
PR-URL: https://github.com/nodejs/node/pull/49528
2023-09-08 11:45:05 -04:00
Ulises Gascón
12354260db
2023-09-04, Version 20.6.0 (Current)
...
Notable changes:
deps:
* V8: cherry-pick 93275031284c (Joyee Cheung) #48660
doc:
* add new TSC members (Michael Dawson) #48841
* add rluvaton to collaborators (Raz Luvaton) #49215
esm:
* unflag import.meta.resolve (Guy Bedford) #49028
* add `initialize` hook, integrate with `register` (Izaak Schroeder) #48842
* unflag `Module.register` and allow nested loader `import()` (Izaak Schroeder) #48559
inspector:
* (SEMVER-MINOR) open add `SymbolDispose` (Chemi Atlow) #48765
module:
* implement `register` utility (João Lenon) #46826
* make CJS load from ESM loader (Antoine du Hamel) #47999
src:
* add built-in `.env` file support (Yagiz Nizipli) #48890
* initialize cppgc (Daryl Haresign and Joyee Cheung) #48660 and #45704
test_runner:
* (SEMVER-MINOR) expose location of tests (Colin Ihrig) #48975
PR-URL: https://github.com/nodejs/node/pull/49185
2023-09-04 15:01:52 -05:00
RafaelGSS
ae25da20fa
2023-08-09, Version 20.5.1 (Current)
...
This is a security release.
Notable changes:
* CVE-2023-32002: Policies can be bypassed via Module.\_load (High)
* CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High)
* CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* CVE-2023-32005: fs.statfs can bypass the permission model (Low)
* CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
* OpenSSL Security Releases
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html
PR-URL: https://github.com/nodejs-private/node-private/pull/465
2023-08-09 14:24:18 -03:00
RafaelGSS
6d46d986a4
2023-08-09, Version 18.17.1 'Hydrogen' (LTS)
...
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html
PR-URL: https://github.com/nodejs-private/node-private/pull/463
2023-08-09 14:02:22 -03:00
RafaelGSS
eed21991fb
2023-08-09, Version 16.20.2 'Gallium' (LTS)
...
This is a security release.
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html
PR-URL: https://github.com/nodejs-private/node-private/pull/458
2023-08-09 13:36:10 -03:00
Juan José Arboleda
d5761a4f8e
2023-07-18, Version 20.5.0 (Current)
...
Notable changes:
doc:
* add atlowChemi to collaborators (atlowChemi) https://github.com/nodejs/node/pull/48757
events:
* (SEMVER-MINOR) allow safely adding listener to abortSignal (Chemi Atlow) https://github.com/nodejs/node/pull/48596
fs:
* add a fast-path for readFileSync utf-8 (Yagiz Nizipli) https://github.com/nodejs/node/pull/48658
test_runner:
* (SEMVER-MINOR) add shards support (Raz Luvaton) https://github.com/nodejs/node/pull/48639
PR-URL: https://github.com/nodejs/node/pull/48761
2023-07-20 16:28:46 -05:00
Danielle Adams
51513b23e8
2023-07-18, Version 18.17.0 'Hydrogen' (LTS)
...
Notable changes:
Ada 2.0
Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This
update brings significant performance improvements to URL parsing, including
enhancements to the url.domainToASCII and url.domainToUnicode functions
in node:url.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all
parts of the application can benefit from the improved performance. Additionally,
Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in https://github.com/nodejs/node/pull/47339
Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per
their WebIDL definitions like in other Web Crypto API implementations. This
further improves interoperability with other implementations of Web Crypto API.
Contributed by Filip Skokan in https://github.com/nodejs/node/pull/46067
crypto:
* update root certificates to NSS 3.89 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47659
dns:
* (SEMVER-MINOR) expose getDefaultResultOrder (btea) https://github.com/nodejs/node/pull/46973
doc:
* add ovflowd to collaborators (Claudio Wunder) https://github.com/nodejs/node/pull/47844
* add KhafraDev to collaborators (Matthew Aitken) https://github.com/nodejs/node/pull/47510
* events:
* (SEMVER-MINOR) add getMaxListeners method (Matthew Aitken) https://github.com/nodejs/node/pull/47039
fs:
* (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
* (SEMVER-MINOR) add recursive option to readdir and opendir (Ethan Arrowood) https://github.com/nodejs/node/pull/41439
* (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
* (SEMVER-MINOR) implement byob mode for readableWebStream() (Debadree Chatterjee) https://github.com/nodejs/node/pull/46933
http:
* (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) https://github.com/nodejs/node/pull/47732
* (SEMVER-MINOR) remove internal error in assignSocket (Matteo Collina) https://github.com/nodejs/node/pull/47723
* (SEMVER-MINOR) add highWaterMark opt in http.createServer (HinataKah0) https://github.com/nodejs/node/pull/47405
lib:
* (SEMVER-MINOR) add webstreams to Duplex.from() (Debadree Chatterjee) https://github.com/nodejs/node/pull/46190
* (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) https://github.com/nodejs/node/pull/47821
module:
* change default resolver to not throw on unknown scheme (Gil Tayar) https://github.com/nodejs/node/pull/47824
node-api:
* (SEMVER-MINOR) define version 9 (Chengzhong Wu) https://github.com/nodejs/node/pull/48151
* (SEMVER-MINOR) deprecate napi_module_register (Vladimir Morozov) https://github.com/nodejs/node/pull/46319
stream:
* (SEMVER-MINOR) preserve object mode in compose (Raz Luvaton) https://github.com/nodejs/node/pull/47413
* (SEMVER-MINOR) add setter & getter for default highWaterMark (#46929 ) (Robert Nagy) https://github.com/nodejs/node/pull/46929
test:
* unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
test_runner:
* (SEMVER-MINOR) add shorthands to `test` (Chemi Atlow) https://github.com/nodejs/node/pull/47909
* (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) https://github.com/nodejs/node/pull/47686
* (SEMVER-MINOR) execute before hook on test (Chemi Atlow) https://github.com/nodejs/node/pull/47586
* (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow) https://github.com/nodejs/node/pull/47238
tools:
* update LICENSE and license-builder.sh (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
url:
* (SEMVER-MINOR) implement URL.canParse (Matthew Aitken) https://github.com/nodejs/node/pull/47179
wasi:
* (SEMVER-MINOR) no longer require flag to enable wasi (Michael Dawson) https://github.com/nodejs/node/pull/47286
PR-URL: https://github.com/nodejs/node/pull/48694
2023-07-18 15:37:22 -04:00
Rafael Gonzaga
a1fe0d75cd
doc: drop <b> of v20 changelog
...
PR-URL: https://github.com/nodejs/node/pull/48649
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2023-07-06 18:13:03 +00:00
RafaelGSS
8fc3851da7
2023-07-05, Version 20.4.0 (Current)
...
Notable changes:
crypto:
* update root certificates to NSS 3.90 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/48416
doc:
* add vmoroz to collaborators (Vladimir Morozov) https://github.com/nodejs/node/pull/48527
* add kvakil to collaborators (Keyhan Vakil) https://github.com/nodejs/node/pull/48449
fs, stream:
* initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) https://github.com/nodejs/node/pull/48518
test_runner:
* (SEMVER-MINOR) add initial draft for fakeTimers (Erick Wendel) https://github.com/nodejs/node/pull/47775
tls:
* (SEMVER-MINOR) add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) https://github.com/nodejs/node/pull/45190
PR-URL: https://github.com/nodejs/node/pull/48643
2023-07-05 10:51:42 -03:00
RafaelGSS
b607b74a4f
2023-06-20, Version 18.16.1 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
* https://www.openssl.org/news/secadv/20230328.txt
* https://www.openssl.org/news/secadv/20230420.txt
* https://www.openssl.org/news/secadv/20230530.txt
* c-ares vulnerabilities:
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
PR-URL: https://github.com/nodejs-private/node-private/pull/434
2023-06-20 17:26:23 -03:00
RafaelGSS
167dc77d85
2023-06-20, Version 20.3.1 (Current)
...
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
* CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
* CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
* CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
* [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt ).
* [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt ).
* [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt )
PR-URL: https://github.com/nodejs-private/node-private/pull/435
2023-06-20 17:08:45 -03:00
RafaelGSS
c09acb3ea8
2023-06-20, Version 16.20.1 'Gallium' (LTS)
...
This is a security release.
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
* https://www.openssl.org/news/secadv/20230328.txt
* https://www.openssl.org/news/secadv/20230420.txt
* https://www.openssl.org/news/secadv/20230530.txt
* c-ares vulnerabilities:
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
PR-URL: https://github.com/nodejs-private/node-private/pull/432
2023-06-20 16:21:56 -03:00
Michaël Zasso
5a58972207
2023-06-08, Version 20.3.0 (Current)
...
Notable changes:
deps:
* upgrade to libuv 1.45.0, including significant performance
improvements to file system operations on Linux (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
doc:
* add Ruy Adorno to list of TSC members (Michael Dawson) https://github.com/nodejs/node/pull/48172
* mark Node.js 14 as End-of-Life (Richard Lau) https://github.com/nodejs/node/pull/48023
lib:
* (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) https://github.com/nodejs/node/pull/47821
module:
* change default resolver to not throw on unknown scheme (Gil Tayar) https://github.com/nodejs/node/pull/47824
node-api:
* (SEMVER-MINOR) define version 9 (Chengzhong Wu) https://github.com/nodejs/node/pull/48151
stream:
* deprecate asIndexedPairs (Chemi Atlow) https://github.com/nodejs/node/pull/48102
PR-URL: https://github.com/nodejs/node/pull/48332
2023-06-08 13:00:26 -03:00
Michaël Zasso
c2ca4290f6
2023-05-16, Version 20.2.0 (Current)
...
Notable changes:
doc:
* add ovflowd to collaborators (Claudio Wunder) https://github.com/nodejs/node/pull/47844
http:
* (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) https://github.com/nodejs/node/pull/47732
sea:
* (SEMVER-MINOR) add option to disable the experimental SEA warning (Darshan Sen) https://github.com/nodejs/node/pull/47588
test_runner:
* (SEMVER-MINOR) add `skip`, `todo`, and `only` shorthands to `test` (Chemi Atlow) https://github.com/nodejs/node/pull/47909
url:
* (SEMVER-MINOR) add value argument to `URLSearchParams` `has` and `delete` methods (Sankalp Shubham) https://github.com/nodejs/node/pull/47885
PR-URL: https://github.com/nodejs/node/pull/48020
2023-05-16 14:40:46 +02:00
Michaël Zasso
c24a61b3f6
2023-05-03, Version 20.1.0 (Current)
...
Notable changes:
assert:
* deprecate `CallTracker` (Moshe Atlow) https://github.com/nodejs/node/pull/47740
crypto:
* update root certificates to NSS 3.89 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47659
dns:
* (SEMVER-MINOR) expose `getDefaultResultOrder` (btea) https://github.com/nodejs/node/pull/46973
doc:
* add KhafraDev to collaborators (Matthew Aitken) https://github.com/nodejs/node/pull/47510
fs:
* (SEMVER-MINOR) add `recursive` option to `readdir` and `opendir` (Ethan Arrowood) https://github.com/nodejs/node/pull/41439
* (SEMVER-MINOR) add support for `mode` flag to specify the copy behavior of the `cp` methods (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
http:
* (SEMVER-MINOR) add `highWaterMark` option `http.createServer` (HinataKah0) https://github.com/nodejs/node/pull/47405
stream:
* (SEMVER-MINOR) preserve object mode in `compose` (Raz Luvaton) https://github.com/nodejs/node/pull/47413
test_runner:
* (SEMVER-MINOR) add `testNamePatterns` to `run` API (Chemi Atlow) https://github.com/nodejs/node/pull/47628
* (SEMVER-MINOR) execute `before` hook on test (Chemi Atlow) https://github.com/nodejs/node/pull/47586
* (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) https://github.com/nodejs/node/pull/47686
wasi:
* (SEMVER-MINOR) make `returnOnExit` true by default (Michael Dawson) https://github.com/nodejs/node/pull/47390
PR-URL: https://github.com/nodejs/node/pull/47820
2023-05-03 17:41:05 +02:00
RafaelGSS
8920dc1801
2023-04-18, Version 20.0.0 (Current)
...
Notable Changes:
crypto:
* (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) https://github.com/nodejs/node/pull/46067
deps:
* update ada to 2.0.0 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47339
esm:
* move hook execution to separate thread (Jacob Smith) https://github.com/nodejs/node/pull/44710
sea:
* use JSON configuration and blob content for SEA (Joyee Cheung) https://github.com/nodejs/node/pull/47125
src,process:
* (SEMVER-MINOR) add permission model (Rafael Gonzaga) https://github.com/nodejs/node/pull/44004
url:
* drop ICU requirement for parsing hostnames (Yagiz Nizipli) https://github.com/nodejs/node/pull/47339
* use ada::url_aggregator for parsing urls (Yagiz Nizipli) https://github.com/nodejs/node/pull/47339
* (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) https://github.com/nodejs/node/pull/45526
Semver-Major Commits:
* [9fafb0a090https://github.com/nodejs/node/pull/46432
* [1948d37595https://github.com/nodejs/node/pull/46599
* [7bc0e6a4e7https://github.com/nodejs/node/pull/47153
* [671ffd7825https://github.com/nodejs/node/pull/45796
* [ab1614d280https://github.com/nodejs/node/pull/47251
* [c1bcdbcf79https://github.com/nodejs/node/pull/46806
* [649f68fc1ehttps://github.com/nodejs/node/pull/45579
* [9374700d7ahttps://github.com/nodejs/node/pull/47182
* [1640aeb680https://github.com/nodejs/node/pull/47073
* [c2e4b1fa9ahttps://github.com/nodejs/node/pull/47028
* [3ef38c4bd7https://github.com/nodejs/node/pull/46067
* [08af023b1fhttps://github.com/nodejs/node/pull/45653
* [7eb0ac3cb6https://github.com/nodejs/node/pull/47251
* [a7c129f286https://github.com/nodejs/node/pull/47251
* [6f5655a18ehttps://github.com/nodejs/node/pull/47251
* [f226350fcbhttps://github.com/nodejs/node/pull/47251
* [d6dae7420ehttps://github.com/nodejs/node/pull/45579
* [56c436533ehttps://github.com/nodejs/node/pull/45579
* [51ab98c71bhttps://github.com/nodejs/node/pull/45579
* [9f84d3eea8https://github.com/nodejs/node/pull/45579
* [f2318cd4b5https://github.com/nodejs/node/pull/45579
* [16e03e7968https://github.com/nodejs/node/pull/45579
* [6473f5e7f7https://github.com/nodejs/node/pull/47352
* [cc18fd9608https://github.com/nodejs/node/pull/45770
* [ff92b40ffchttps://github.com/nodejs/node/pull/46333
* [2a29df6464https://github.com/nodejs/node/pull/46331
* [391dc74a10https://github.com/nodejs/node/pull/46283
* [ed3604cd64https://github.com/nodejs/node/pull/45597
* [88d71dc301https://github.com/nodejs/node/pull/45772
* [e4d641f02ahttps://github.com/nodejs/node/pull/46174
* [0f3e531096https://github.com/nodejs/node/pull/41276
* [5b5898ac86https://github.com/nodejs/node/pull/45841
* [55321bafd1https://github.com/nodejs/node/pull/46790
* [2d0d99733bhttps://github.com/nodejs/node/pull/43716
* [dc06df31b6https://github.com/nodejs/node/pull/45801
* [295b2f3ff4https://github.com/nodejs/node/pull/47251
* [3803b028ddhttps://github.com/nodejs/node/pull/46825
* [e8bddac3e9https://github.com/nodejs/node/pull/46705
* [f84de0ad4chttps://github.com/nodejs/node/pull/46427
* [a6242772echttps://github.com/nodejs/node/pull/45579
* [dd5c39a808https://github.com/nodejs/node/pull/45579
* [63eca7fec0https://github.com/nodejs/node/pull/46430
* [9e7093f416https://github.com/nodejs/node/pull/46322
* [fb91ee4f26https://github.com/nodejs/node/pull/45579
* [eca618071ehttps://github.com/nodejs/node/pull/45579
* [c03354d3e0https://github.com/nodejs/node/pull/45508
* [c733cc0c7fhttps://github.com/nodejs/node/pull/46983
* [7ce223273dhttps://github.com/nodejs/node/pull/47251
* [ca4bd3023ehttps://github.com/nodejs/node/pull/47251
* [58b06a269ahttps://github.com/nodejs/node/pull/45579
* [027841c964https://github.com/nodejs/node/pull/46904
* [3bed5f11e0https://github.com/nodejs/node/pull/45526
* [7c76fddf25https://github.com/nodejs/node/pull/46718
* [4b52727976https://github.com/nodejs/node/pull/47391
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs/node/pull/47441
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-04-18 13:04:39 -03:00
Danielle Adams
527394783e
2023-04-12, Version 18.16.0 'Hydrogen' (LTS)
...
Notable changes:
Add initial support for single executable applications
Compile a JavaScript file into a single executable application:
```console
$ echo 'console.log(`Hello, ${process.argv[2]}!`);' > hello.js
$ cp $(command -v node) hello
$ npx postject hello NODE_JS_CODE hello.js \
--sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2
$ npx postject hello NODE_JS_CODE hello.js \
--sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2 \
--macho-segment-name NODE_JS
$ ./hello world
Hello, world!
```
Contributed by Darshan Sen in https://github.com/nodejs/node/pull/45038
Replace url parser with Ada
Node.js gets a new URL parser called Ada that is compliant with the WHATWG
URL Specification and provides more than 100% performance improvement to
the existing implementation.
Contributed by Yagiz Nizipli in https://github.com/nodejs/node/pull/46410
Other notable changes:
* buffer:
* (SEMVER-MINOR) add Buffer.copyBytesFrom(...) (James M Snell) https://github.com/nodejs/node/pull/46500
* doc:
* add marco-ippolito to collaborators (Marco Ippolito) https://github.com/nodejs/node/pull/46816
* add debadree25 to collaborators (Debadree Chatterjee) https://github.com/nodejs/node/pull/46716
* add deokjinkim to collaborators (Deokjin Kim) https://github.com/nodejs/node/pull/46444
* events:
* (SEMVER-MINOR) add listener argument to listenerCount (Paolo Insogna) https://github.com/nodejs/node/pull/46523
* lib:
* (SEMVER-MINOR) add AsyncLocalStorage.bind() and .snapshot() (flakey5) https://github.com/nodejs/node/pull/46387
* (SEMVER-MINOR) add aborted() utility function (Debadree Chatterjee) https://github.com/nodejs/node/pull/46494
* src:
* (SEMVER-MINOR) allow optional Isolate termination in node::Stop() (Shelley Vohr) https://github.com/nodejs/node/pull/46583
* (SEMVER-MINOR) allow embedder control of code generation policy (Shelley Vohr) https://github.com/nodejs/node/pull/46368
* stream:
* (SEMVER-MINOR) add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46273
* tls:
* (SEMVER-MINOR) support automatic DHE (Tobias Nießen) https://github.com/nodejs/node/pull/46978
* url:
* (SEMVER-MINOR) implement URLSearchParams size getter (James M Snell) https://github.com/nodejs/node/pull/46308
* worker:
* (SEMVER-MINOR) add support for worker name in inspector and trace_events (Debadree Chatterjee) https://github.com/nodejs/node/pull/46832
PR-URL: https://github.com/nodejs/node/pull/47502
2023-04-12 20:34:40 -04:00
RafaelGSS
c8f6f851f9
2023-04-10, Version 19.9.0 (Current)
...
Notable changes:
events:
* (SEMVER-MINOR) add getMaxListeners method (Khafra) https://github.com/nodejs/node/pull/47039
lib:
* (SEMVER-MINOR) add tracing channel to diagnostics\_channel (Stephen Belanger)
msi:
* (SEMVER-MINOR) migrate to WiX4 (Stefan Stojanovic) https://github.com/nodejs/node/pull/45943
node-api:
* (SEMVER-MINOR) deprecate napi\_module\_register (Vladimir Morozov) https://github.com/nodejs/node/pull/46319
stream:
* (SEMVER-MINOR) add setter & getter for default highWaterMark (Robert Nagy) https://github.com/nodejs/node/pull/46929
url:
* (SEMVER-MINOR) implement URL.canParse (Khafra) https://github.com/nodejs/node/pull/47179
test_runner:
* (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow) https://github.com/nodejs/node/pull/47238
PR-URL: https://github.com/nodejs/node/pull/47441
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-04-10 21:10:55 -03:00
Beth Griggs
143deae6d8
2023-03-29, Version 16.20.0 'Gallium' (LTS)
...
Notable changes:
- deps:
- update undici to 5.20.0 (Node.js GitHub Bot)
https://github.com/nodejs/node/pull/46711
- update c-ares to 1.19.0 (Michaël Zasso)
https://github.com/nodejs/node/pull/46415
- upgrade npm to 8.19.4 (npm team)
https://github.com/nodejs/node/pull/46677
- update corepack to 0.17.0 (Node.js GitHub Bot)
https://github.com/nodejs/node/pull/46842
- (SEMVER-MINOR) src: add support for externally shared js builtins
(Michael Dawson) [https://github.com/nodejs/node/pull/44376 ]
PR-URL: https://github.com/nodejs/node/pull/47272
2023-03-29 19:05:29 +01:00
Michaël Zasso
fa8465794d
2023-03-15, Version 19.8.1 (Current)
...
Notable changes:
This release contains a single revert of a change that was introduced in v19.8.0
and introduced application crashes.
Fixes: https://github.com/nodejs/node/issues/47096
PR-URL: https://github.com/nodejs/node/pull/47104
2023-03-15 18:11:57 +01:00
Michaël Zasso
115c9ac68d
2023-03-14, Version 19.8.0 (Current)
...
Notable changes:
buffer:
* (SEMVER-MINOR) add Buffer.copyBytesFrom(...) (James M Snell) https://github.com/nodejs/node/pull/46500
doc:
* add marco-ippolito to collaborators (Marco Ippolito) https://github.com/nodejs/node/pull/46816
events:
* (SEMVER-MINOR) add listener argument to listenerCount (Paolo Insogna) https://github.com/nodejs/node/pull/46523
lib:
* (SEMVER-MINOR) add AsyncLocalStorage.bind() and .snapshot() (flakey5) https://github.com/nodejs/node/pull/46387
src:
* (SEMVER-MINOR) add `fs.openAsBlob` to support File-backed Blobs (James M Snell) https://github.com/nodejs/node/pull/45258
tls:
* (SEMVER-MINOR) support automatic DHE (Tobias Nießen) https://github.com/nodejs/node/pull/46978
url:
* (SEMVER-MINOR) implement URLSearchParams size getter (James M Snell) https://github.com/nodejs/node/pull/46308
wasi:
* (SEMVER-MINOR) add support for version when creating WASI (Michael Dawson) https://github.com/nodejs/node/pull/46469
worker:
* (SEMVER-MINOR) add support for worker name in inspector and trace_events (Debadree Chatterjee) https://github.com/nodejs/node/pull/46832
PR-URL: https://github.com/nodejs/node/pull/47087
2023-03-14 19:52:10 +01:00
Juan José Arboleda
3b0c047c31
2023-03-07, Version 18.15.0 'Hydrogen' (LTS)
...
Notable changes:
buffer:
* (SEMVER-MINOR) add isAscii method (Yagiz Nizipli) https://github.com/nodejs/node/pull/46046
doc,lib,src,test:
* rename --test-coverage (Colin Ihrig) https://github.com/nodejs/node/pull/46017
fs:
* (SEMVER-MINOR) add statfs() functions (Colin Ihrig) https://github.com/nodejs/node/pull/46358
src,lib:
* (SEMVER-MINOR) add constrainedMemory API for process (theanarkh) https://github.com/nodejs/node/pull/46218
test_runner:
* add initial code coverage support (Colin Ihrig) https://github.com/nodejs/node/pull/46017
* (SEMVER-MINOR) add reporters (Moshe Atlow) https://github.com/nodejs/node/pull/45712
v8:
* (SEMVER-MINOR) support gc profile (theanarkh) https://github.com/nodejs/node/pull/46255
vm:
* (SEMVER-MINOR) expose cachedDataRejected for vm.compileFunction (Anna Henningsen) https://github.com/nodejs/node/pull/46320
PR-URL: https://github.com/nodejs/node/pull/46920
2023-03-07 14:52:01 -05:00
Myles Borins
6a80a2b8cb
2023-02-21, Version 18.14.2 'Hydrogen' (LTS)
...
Notable changes:
deps:
* upgrade npm to 9.5.0 (npm team) https://github.com/nodejs/node/pull/46673
PR-URL: https://github.com/nodejs/node/pull/46724
2023-02-21 13:14:43 -05:00
Myles Borins
89322aed7e
2023-02-21, Version 19.7.0 (Current)
...
Notable changes:
deps:
* upgrade npm to 9.5.0 (npm team) https://github.com/nodejs/node/pull/46673
* add ada as a dependency (Yagiz Nizipli) https://github.com/nodejs/node/pull/46410
doc:
* add debadree25 to collaborators (Debadree Chatterjee) https://github.com/nodejs/node/pull/46716
* add deokjinkim to collaborators (Deokjin Kim) https://github.com/nodejs/node/pull/46444
doc,lib,src,test:
* rename --test-coverage (Colin Ihrig) https://github.com/nodejs/node/pull/46017
lib:
* (SEMVER-MINOR) add aborted() utility function (Debadree Chatterjee) https://github.com/nodejs/node/pull/46494
src:
* (SEMVER-MINOR) add initial support for single executable applications (Darshan Sen) https://github.com/nodejs/node/pull/45038
* (SEMVER-MINOR) allow optional Isolate termination in node::Stop() (Shelley Vohr) https://github.com/nodejs/node/pull/46583
* (SEMVER-MINOR) allow blobs in addition to `FILE*`s in embedder snapshot API (Anna Henningsen) https://github.com/nodejs/node/pull/46491
* (SEMVER-MINOR) allow snapshotting from the embedder API (Anna Henningsen) https://github.com/nodejs/node/pull/45888
* (SEMVER-MINOR) make build_snapshot a per-Isolate option, rather than a global one (Anna Henningsen) https://github.com/nodejs/node/pull/45888
* (SEMVER-MINOR) add snapshot support for embedder API (Anna Henningsen) https://github.com/nodejs/node/pull/45888
* (SEMVER-MINOR) allow embedder control of code generation policy (Shelley Vohr) https://github.com/nodejs/node/pull/46368
stream:
* (SEMVER-MINOR) add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46273
test_runner:
* add initial code coverage support (Colin Ihrig) https://github.com/nodejs/node/pull/46017
url:
* replace url-parser with ada (Yagiz Nizipli) https://github.com/nodejs/node/pull/46410
PR-URL: https://github.com/nodejs/node/pull/46725
2023-02-21 13:12:58 -05:00
RafaelGSS
dd1977f3dd
2023-02-16, Version 19.6.1 (Current)
...
This is a security release.
The following CVEs are fixed in this release:
- CVE-2023-23919: OpenSSL errors not cleared in error stack (Medium)
- CVE-2023-23918: Experimental Policies bypass via `process.mainModule.require`(High)
- CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable (Low)
- OpenSSL 3.0.8
- undici 5.19.1
PR-URL: #385
2023-02-16 18:39:22 -03:00
Juan José Arboleda
667dd34d79
2023-02-16, Version 18.14.1 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
- CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
- OpenSSL 3.0.8
- undici 5.19.1
PR-URL: https://github.com/nodejs-private/node-private/pull/386
2023-02-16 18:29:17 -03:00
Richard Lau
5c4a287c3e
2023-02-16, Version 16.19.1 'Gallium' (LTS)
...
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
- CVE-2023-23918: Node.js Permissions policies can be bypassed via
process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs
crypto library (Medium)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in
Node.js fetch API (Low)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA
environment variable (Low)
Fixed by an update to undici:
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
injection in host headers (Medium)
See https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
for more information.
- CVE-2023-24807: Regular Expression Denial of Service in Headers in
Node.js fetch API (Low)
See https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
for more information.
- OpenSSL 1.1.1t
PR-URL: https://github.com/nodejs-private/node-private/pull/390
2023-02-16 16:12:30 -05:00
Richard Lau
6aca711858
2023-02-16, Version 14.21.3 'Fermium' (LTS)
...
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
* OpenSSL 1.1.1t
* npm 6.14.18
PR-URL: https://github.com/nodejs-private/node-private/pull/389
Refs: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases
2023-02-16 16:11:10 -05:00
Juan José Arboleda
66ab03d032
2023-02-02, Version 18.14.0 'Hydrogen' (LTS)
...
Notable changes:
* deps:
* upgrade npm to 9.3.1 (npm team) https://github.com/nodejs/node/pull/46242
* doc:
* add parallelism note to os.cpus() (Colin Ihrig) https://github.com/nodejs/node/pull/45895
* http:
* join authorization headers (Marco Ippolito) https://github.com/nodejs/node/pull/45982
* improved timeout defaults handling (Paolo Insogna) https://github.com/nodejs/node/pull/45778
* stream:
* implement finished() for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46205
PR-URL: https://github.com/nodejs/node/pull/46396
2023-02-02 14:08:50 -05:00
ruyadorno@google.com
1579ff4f95
2023-02-02, Version 19.6.0 (Current)
...
Notable changes:
buffer:
* (SEMVER-MINOR) add isAscii method (Yagiz Nizipli) https://github.com/nodejs/node/pull/46046
deps:
* upgrade npm to 9.4.0 (npm team) https://github.com/nodejs/node/pull/46353
esm:
* leverage loaders when resolving subsequent loaders (Maël Nison) https://github.com/nodejs/node/pull/43772
fs:
* (SEMVER-MINOR) add statfs() functions (Colin Ihrig) https://github.com/nodejs/node/pull/46358
src,lib:
* (SEMVER-MINOR) add constrainedMemory API for process (theanarkh) https://github.com/nodejs/node/pull/46218
test_runner:
* (SEMVER-MINOR) add reporters (Moshe Atlow) https://github.com/nodejs/node/pull/45712
v8:
* (SEMVER-MINOR) support gc profile (theanarkh) https://github.com/nodejs/node/pull/46255
vm:
* (SEMVER-MINOR) expose cachedDataRejected for vm.compileFunction (Anna Henningsen) https://github.com/nodejs/node/pull/46320
PR-URL: https://github.com/nodejs/node/pull/46455
2023-02-02 11:04:44 -05:00
RafaelGSS
40a206cfff
2023-01-24, Version 19.5.0 (Current)
...
Notable changes:
* http:
* (SEMVER-MINOR) join authorization headers (Marco Ippolito) [#45982 ](https://github.com/nodejs/node/pull/45982 )
* lib:
* add webstreams to Duplex.from() (Debadree Chatterjee) [#46190 ](https://github.com/nodejs/node/pull/46190 )
* stream:
* implement finished() for ReadableStream and WritableStream (Debadree Chatterjee) [#46205 ](https://github.com/nodejs/node/pull/46205 )
PR-URL: https://github.com/nodejs/node/pull/46286
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-01-24 18:16:02 -03:00
