Commit Graph

662 Commits

Author SHA1 Message Date
Beth Griggs
6f740106bd
2021-12-01, Version 16.13.1 'Gallium' (LTS)
Notable changes:

- **deps**: upgrade npm to 8.1.2 (npm team)
  [#40643](https://github.com/nodejs/node/pull/40643)
- **deps**: update c-ares to 1.18.1 (Richard Lau)
  [#40660](https://github.com/nodejs/node/pull/40660)
- **doc**: add VoltrexMaster to collaborators (voltrexmaster)
  [#40566](https://github.com/nodejs/node/pull/40566)
- **lib**: fix regular expression to detect \`/\` and \`\\\`
  (Francesco Trotta) [#40325](https://github.com/nodejs/node/pull/40325)

PR-URL: https://github.com/nodejs/node/pull/40974
2021-12-01 14:51:43 +00:00
Michaël Zasso
79731df608
2021-11-30, Version 17.2.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) expose async_wrap providers (Rafael Gonzaga) https://github.com/nodejs/node/pull/40760
deps:
  * (SEMVER-MINOR) update V8 to 9.6.180.14 (Michaël Zasso) https://github.com/nodejs/node/pull/40488
lib:
  * (SEMVER-MINOR) add reason to AbortSignal (James M Snell) https://github.com/nodejs/node/pull/40807
src:
  * (SEMVER-MINOR) add x509.fingerprint512 to crypto module (3nprob) https://github.com/nodejs/node/pull/39809
stream:
  * deprecate thenable support (Antoine du Hamel) https://github.com/nodejs/node/pull/40860
  * fix finished regression when working with legacy Stream (Matteo Collina) https://github.com/nodejs/node/pull/40858

PR-URL: https://github.com/nodejs/node/pull/40983
2021-11-30 18:45:03 +01:00
Richard Lau
f01d30b121
2021-11-30, Version 14.18.2 'Fermium' (LTS)
Notable changes

This release contains a c-ares update to fix a regression introduced in
Node.js 14.17.5 resolving CNAME records containing underscores
(https://github.com/nodejs/node/issues/39780).

Also included are commits to allow Node.js 14 to continue to build and
pass tests on our Jenkins CI, including adding Python 3.10 to the list
of allowable Python versions for building.

PR-URL: https://github.com/nodejs/node/pull/40969
2021-11-30 11:16:45 -05:00
Michaël Zasso
b022d19272
2021-11-09, Version 17.1.0 (Current)
Notable changes:

doc:
  * add VoltrexMaster to collaborators (voltrexmaster) https://github.com/nodejs/node/pull/40566
esm:
  * (SEMVER-MINOR) add support for JSON import assertion (Antoine du Hamel) https://github.com/nodejs/node/pull/40250
lib:
  * (SEMVER-MINOR) add unsubscribe method to non-active DC channels (simon-id) https://github.com/nodejs/node/pull/40433
  * (SEMVER-MINOR) add return value for DC channel.unsubscribe (simon-id) https://github.com/nodejs/node/pull/40433
v8:
  * (SEMVER-MINOR) multi-tenant promise hook api (Stephen Belanger) https://github.com/nodejs/node/pull/39283

PR-URL: https://github.com/nodejs/node/pull/40758
2021-11-09 20:06:12 +01:00
Rich Trott
86099a375a tools: avoid unnecessary escaping in markdown formatter
Update mdast-util-to-markdown to 1.2.4 which reduces unnecessary
escaping of `_` and some other characters. Re-run markdown formatter.

PR-URL: https://github.com/nodejs/node/pull/40645
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2021-10-31 09:36:05 -07:00
Rich Trott
9c405f2591 doc: simplify CHANGELOG.md
Remove unnecessary `<sup>` usage and lint-disabling comment.

PR-URL: https://github.com/nodejs/node/pull/40475
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2021-10-26 23:35:51 +00:00
Richard Lau
34d810c060 doc: update CHANGELOG.md for Node.js 16.13.0
Update missed changes for the main CHANGELOG.md for Node.js 16.13.0.

PR-URL: https://github.com/nodejs/node/pull/40617
Refs: https://github.com/nodejs/node/pull/40536
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2021-10-26 11:54:56 -07:00
Richard Lau
506f7de440
2021-10-26, Version 16.13.0 'Gallium' (LTS)
Notable changes:

This release marks the transition of Node.js 16.x into Long Term Support (LTS)
with the codename 'Gallium'. The 16.x release line now moves into "Active LTS"
and will remain so until October 2022. After that time, it will move into
"Maintenance" until end of life in April 2024.

PR-URL: https://github.com/nodejs/node/pull/40536
2021-10-26 12:11:04 -04:00
Michaël Zasso
73b2d3bc41
2021-10-20, Version 17.0.1 (Current)
Notable changes:

Fixed distribution for native addon builds

This release fixes an issue introduced in Node.js v17.0.0, where some V8
headers were missing from the distributed tarball, making it impossible
to build native addons. These headers are now included.
https://github.com/nodejs/node/pull/40526

Fixed stream issues
* Fixed a regression in `stream.promises.pipeline`, which was introduced
  in version 16.10.0, is fixed. It is now possible again to pass an
  array of streams to the function.
  https://github.com/nodejs/node/pull/40193
* Fixed a bug in `stream.Duplex.from`, which didn't work properly when
  an async generator function was passed to it.
  https://github.com/nodejs/node/pull/40499

PR-URL: https://github.com/nodejs/node/pull/40535
2021-10-20 22:18:46 +02:00
Richard Lau
7ed303beba
2021-10-20, Version 16.12.0 (Current)
Notable Changes:

Experimental ESM Loader Hooks API:

Node.js ESM Loader hooks have been consolidated to represent the steps involved needed to facilitate future loader chaining:
1. `resolve`: `resolve` [+ `getFormat`]
2. `load`: `getFormat` + `getSource` + `transformSource`

For consistency, `getGlobalPreloadCode` has been renamed to `globalPreload`.

A loader exporting obsolete hook(s) will trigger a single deprecation warning (per loader) listing the errant hooks.

Contributed by Jacob Smith, Geoffrey Booth, and Bradley Farias - https://github.com/nodejs/node/pull/37468

Other Notable Changes:

deps:
  * upgrade npm to 8.1.0 (npm team) https://github.com/nodejs/node/pull/40463
doc:
  * deprecate (doc-only) http abort related (dr-js) https://github.com/nodejs/node/pull/36670
vm:
  * (SEMVER-MINOR) add support for import assertions in dynamic imports (Antoine du Hamel) https://github.com/nodejs/node/pull/40249

PR-URL: https://github.com/nodejs/node/pull/40504
2021-10-20 10:40:02 -04:00
Beth Griggs
d6c3a10757
2021-10-19, Version 17.0.0 (Current)
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [https://github.com/nodejs/node/pull/36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [https://github.com/nodejs/node/pull/40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [https://github.com/nodejs/node/pull/40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support.

While OpenSSL 3.0 APIs should be mostly compatible with those provided
by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to
tightened restrictions on the allowed algorithms and key sizes.

If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with
Node.js 17, it’s likely that your application or a module you’re using
is attempting to use an algorithm or key size which is no longer allowed
by default with OpenSSL 3.0. A command-line option,
`--openssl-legacy-provider`, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [https://github.com/nodejs/node/pull/38512]

Contributed in https://github.com/nodejs/node/pull/38512, https://github.com/nodejs/node/pull/40478

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [https://github.com/nodejs/node/pull/40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [https://github.com/nodejs/node/pull/39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [https://github.com/nodejs/node/pull/38332]
- deps: upgrade npm to 8.1.0
  (npm team) [https://github.com/nodejs/node/pull/40463]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [https://github.com/nodejs/node/pull/39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [https://github.com/nodejs/node/pull/39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [https://github.com/nodejs/node/pull/39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [https://github.com/nodejs/node/pull/39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [https://github.com/nodejs/node/pull/38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [https://github.com/nodejs/node/pull/38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [https://github.com/nodejs/node/pull/40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [https://github.com/nodejs/node/pull/38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [https://github.com/nodejs/node/pull/39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [https://github.com/nodejs/node/pull/39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [https://github.com/nodejs/node/pull/40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [https://github.com/nodejs/node/pull/38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [https://github.com/nodejs/node/pull/38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [https://github.com/nodejs/node/pull/38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [https://github.com/nodejs/node/pull/39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [https://github.com/nodejs/node/pull/39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [https://github.com/nodejs/node/pull/40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [https://github.com/nodejs/node/pull/40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [https://github.com/nodejs/node/pull/37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [https://github.com/nodejs/node/pull/39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [https://github.com/nodejs/node/pull/38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [https://github.com/nodejs/node/pull/38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [https://github.com/nodejs/node/pull/39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [https://github.com/nodejs/node/pull/39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [https://github.com/nodejs/node/pull/39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [https://github.com/nodejs/node/pull/39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [https://github.com/nodejs/node/pull/39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [https://github.com/nodejs/node/pull/39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [https://github.com/nodejs/node/pull/39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [https://github.com/nodejs/node/pull/39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [https://github.com/nodejs/node/pull/34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [https://github.com/nodejs/node/pull/38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [https://github.com/nodejs/node/pull/39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [https://github.com/nodejs/node/pull/38631]

PR-URL: https://github.com/nodejs/node/pull/40119
2021-10-19 16:12:20 +01:00
Danielle Adams
9fcc84d048
2021-10-12, Version 16.11.1 (Current)
This is a security release.

Notable Changes:

* CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  * The http parser accepts requests with a space (SP) right after the
  header name before the colon. This can lead to HTTP Request Smuggling
  (HRS). More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
* CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  * The parse ignores chunk extensions when parsing the body of chunked
  requests. This leads to HTTP Request Smuggling (HRS) under certain
  conditions. More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

PR-URL: https://github.com/nodejs-private/node-private/pull/293
2021-10-12 11:16:57 -04:00
Danielle Adams
df3b4cc90f
2021-10-12, Version 14.18.1 'Fermium' (LTS)
This is a security release.

Notable Changes:

* CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  * The http parser accepts requests with a space (SP) right after the
  header name before the colon. This can lead to HTTP Request Smuggling
  (HRS). More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
* CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  * The parse ignores chunk extensions when parsing the body of chunked requests.
  requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
  More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

PR-URL: https://github.com/nodejs-private/node-private/pull/294
2021-10-12 11:15:04 -04:00
Danielle Adams
52b613abf4
2021-10-12, Version 12.22.7 'Erbium' (LTS)
This is a security release.

Notable changes:

* CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  * The http parser accepts requests with a space (SP) right after the
  header name before the colon. This can lead to HTTP Request Smuggling
  (HRS). More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
* CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  * The parse ignores chunk extensions when parsing the body of chunked
  requests. This leads to HTTP Request Smuggling (HRS) under certain
  conditions. More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

PR-URL: https://github.com/nodejs-private/node-private/pull/295
2021-10-12 11:12:20 -04:00
Danielle Adams
879ff775d0
2021-10-08, Version 16.11.0 (Current)
Notable changes:

    * crypto:
      * update root certificates (Richard Lau) https://github.com/nodejs/node/pull/40280
    * deps:
      * upgrade npm to 8.0.0 (npm team) https://github.com/nodejs/node/pull/40369
      * update `nghttp2` to v1.45.1 (thunder-coding) https://github.com/nodejs/node/pull/40206
      * update V8 to 9.4.146.19 (Michaël Zasso) https://github.com/nodejs/node/pull/40285
    * tools:
      * update certdata.txt (Richard Lau) https://github.com/nodejs/node/pull/40280

    PR-URL: https://github.com/nodejs/node/pull/40319
2021-10-08 13:06:10 -04:00
Rich Trott
88e82b890b doc: format general markdown files
Use `make format-md` to format general markdown files.

PR-URL: https://github.com/nodejs/node/pull/40322
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2021-10-06 21:20:55 -07:00
Michaël Zasso
d9ebc04e9b
2021-09-28, Version 14.18.0 'Fermium' (LTS)
Notable changes:

assert:
  * change status of legacy asserts (James M Snell) https://github.com/nodejs/node/pull/38113
buffer:
  * (SEMVER-MINOR) introduce Blob (James M Snell) https://github.com/nodejs/node/pull/36811
  * (SEMVER-MINOR) add base64url encoding option (Filip Skokan) https://github.com/nodejs/node/pull/36952
child_process:
  * (SEMVER-MINOR) allow `options.cwd` receive a URL (Khaidi Chu) https://github.com/nodejs/node/pull/38862
  * (SEMVER-MINOR) add timeout to spawn and fork (Nitzan Uziely) https://github.com/nodejs/node/pull/37256
  * (SEMVER-MINOR) allow promisified exec to be cancel (Carlos Fuentes) https://github.com/nodejs/node/pull/34249
  * (SEMVER-MINOR) add 'overlapped' stdio flag (Thiago Padilha) https://github.com/nodejs/node/pull/29412
cli:
  * (SEMVER-MINOR) add -C alias for --conditions flag (Guy Bedford) https://github.com/nodejs/node/pull/38755
  * (SEMVER-MINOR) add --node-memory-debug option (Anna Henningsen) https://github.com/nodejs/node/pull/35537
dns:
  * (SEMVER-MINOR) add "tries" option to Resolve options (Luan Devecchi) https://github.com/nodejs/node/pull/39610
  * (SEMVER-MINOR) allow `--dns-result-order` to change default dns verbatim (Ouyang Yadong) https://github.com/nodejs/node/pull/38099
doc:
  * (SEMVER-MINOR) add missing change to resolver ctor (Luan Devecchi) https://github.com/nodejs/node/pull/39610
  * refactor fs docs structure (James M Snell) https://github.com/nodejs/node/pull/37170
errors:
  * (SEMVER-MINOR) remove experimental from --enable-source-maps (Benjamin Coe) https://github.com/nodejs/node/pull/37362
esm:
  * deprecate legacy main lookup for modules (Guy Bedford) https://github.com/nodejs/node/pull/36918
fs:
  * (SEMVER-MINOR) allow empty string for temp directory prefix (Voltrex) https://github.com/nodejs/node/pull/39028
  * (SEMVER-MINOR) allow no-params fsPromises fileHandle read (Nitzan Uziely) https://github.com/nodejs/node/pull/38287
  * (SEMVER-MINOR) add support for async iterators to `fsPromises.writeFile` (HiroyukiYagihashi) https://github.com/nodejs/node/pull/37490
  * improve fsPromises readFile performance (Nitzan Uziely) https://github.com/nodejs/node/pull/37608
  * (SEMVER-MINOR) add fsPromises.watch() (James M Snell) https://github.com/nodejs/node/pull/37179
  * (SEMVER-MINOR) allow `position` parameter to be a `BigInt` in read and readSync (Darshan Sen) https://github.com/nodejs/node/pull/36190
http2:
  * (SEMVER-MINOR) add support for sensitive headers (Anna Henningsen) https://github.com/nodejs/node/pull/34145
  * (SEMVER-MINOR) allow setting the local window size of a session (Yongsheng Zhang) https://github.com/nodejs/node/pull/35978
inspector:
  * mark as stable (Gireesh Punathil) https://github.com/nodejs/node/pull/37748
module:
  * (SEMVER-MINOR) add support for `URL` to `import.meta.resolve` (Antoine du Hamel) https://github.com/nodejs/node/pull/38587
  * (SEMVER-MINOR) add support for `node:`‑prefixed `require(…)` calls (ExE Boss) https://github.com/nodejs/node/pull/37246
net:
  * (SEMVER-MINOR) introduce net.BlockList (James M Snell) https://github.com/nodejs/node/pull/34625
node-api:
  * (SEMVER-MINOR) allow retrieval of add-on file name (Gabriel Schulhof) https://github.com/nodejs/node/pull/37195
os:
  * (SEMVER-MINOR) add os.devNull (Luigi Pinca) https://github.com/nodejs/node/pull/38569
perf_hooks:
  * (SEMVER-MINOR) introduce createHistogram (James M Snell) https://github.com/nodejs/node/pull/37155
process:
  * (SEMVER-MINOR) add api to enable source-maps programmatically (legendecas) https://github.com/nodejs/node/pull/39085
  * (SEMVER-MINOR) add `'worker'` event (James M Snell) https://github.com/nodejs/node/pull/38659
  * (SEMVER-MINOR) add direct access to rss without iterating pages (Adrien Maret) https://github.com/nodejs/node/pull/34291
readline:
  * (SEMVER-MINOR) add AbortSignal support to interface (Nitzan Uziely) https://github.com/nodejs/node/pull/37932
  * (SEMVER-MINOR) add support for the AbortController to the question method (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33676
  * (SEMVER-MINOR) add history event and option to set initial history (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33662
repl:
  * (SEMVER-MINOR) add auto‑completion for `node:`‑prefixed `require(…)` calls (ExE Boss) https://github.com/nodejs/node/pull/37246
src:
  * (SEMVER-MINOR) call overload ctor from the original ctor (Darshan Sen) https://github.com/nodejs/node/pull/39768
  * (SEMVER-MINOR) add a constructor overload for CallbackScope (Darshan Sen) https://github.com/nodejs/node/pull/39768
  * (SEMVER-MINOR) allow to negate boolean CLI flags (Michaël Zasso) https://github.com/nodejs/node/pull/39023
  * (SEMVER-MINOR) add --heapsnapshot-near-heap-limit option (Joyee Cheung) https://github.com/nodejs/node/pull/33010
  * (SEMVER-MINOR) add way to get IsolateData and allocator from Environment (Anna Henningsen) https://github.com/nodejs/node/pull/36441
  * (SEMVER-MINOR) allow preventing SetPrepareStackTraceCallback (Shelley Vohr) https://github.com/nodejs/node/pull/36447
  * (SEMVER-MINOR) add maybe versions of EmitExit and EmitBeforeExit (Anna Henningsen) https://github.com/nodejs/node/pull/35486
stream:
  * (SEMVER-MINOR) add readableDidRead if has been read from (Robert Nagy) https://github.com/nodejs/node/pull/39589
  * (SEMVER-MINOR) pipeline accept Buffer as a valid first argument (Nitzan Uziely) https://github.com/nodejs/node/pull/37739
tls:
  * (SEMVER-MINOR) allow reading data into a static buffer (Andrey Pechkurov) https://github.com/nodejs/node/pull/35753
tools:
  * (SEMVER-MINOR) add `Worker` to type-parser (James M Snell) https://github.com/nodejs/node/pull/38659
url:
  * (SEMVER-MINOR) expose urlToHttpOptions utility (Yongsheng Zhang) https://github.com/nodejs/node/pull/35960
util:
  * (SEMVER-MINOR) expose toUSVString (Robert Nagy) https://github.com/nodejs/node/pull/39814
v8:
  * (SEMVER-MINOR) implement v8.stopCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
  * (SEMVER-MINOR) implement v8.takeCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
worker:
  * (SEMVER-MINOR) add setEnvironmentData/getEnvironmentData (James M Snell) https://github.com/nodejs/node/pull/37486

PR-URL: https://github.com/nodejs/node/pull/39990
2021-09-28 13:27:26 +02:00
Beth Griggs
8d5675e3fe
2021-09-22, Version 16.10.0 (Current)
Notable changes:

crypto:
  * (SEMVER-MINOR) add rsa-pss keygen parameters (Filip Skokan) https://github.com/nodejs/node/pull/39927
doc:
  * add Ayase-252 to collaborators (Qingyu Deng) https://github.com/nodejs/node/pull/40078
fs:
  * (SEMVER-MINOR) make `open` and `close` stream override optional when unused (Antoine du Hamel) https://github.com/nodejs/node/pull/40013
http:
  * (SEMVER-MINOR) limit requests per connection (Artur K) https://github.com/nodejs/node/pull/40082
src:
  * (SEMVER-MINOR) add --no-global-search-paths cli option (Cheng Zhao) https://github.com/nodejs/node/pull/39754
  * (SEMVER-MINOR) add option to disable global search paths (Cheng Zhao) https://github.com/nodejs/node/pull/39754
  * (SEMVER-MINOR) make napi_create_reference accept symbol (JckXia) https://github.com/nodejs/node/pull/39926
stream:
  * (SEMVER-MINOR) add signal support to pipeline generators (Robert Nagy) https://github.com/nodejs/node/pull/39067

PR-URL: https://github.com/nodejs/node/pull/40175
2021-09-22 21:38:17 +01:00
Rich Trott
549f96889a doc: update markdown formatting for *.md files
Fix formatting that will change when run through upcoming remark preset.

PR-URL: https://github.com/nodejs/node/pull/40154
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
2021-09-21 15:37:19 +00:00
Richard Lau
1b335d41a4
2021-09-10, Version 16.9.1 (Current)
Notable changes:

This release fixes a regression introduced by the V8 9.3 update in Node.js 16.9.0.

PR-URL: https://github.com/nodejs/node/issues/40069
2021-09-10 15:34:48 -04:00
Michaël Zasso
6211d9358d
2021-09-07, Version 16.9.0 (Current)
Notable changes:

crypto:
  * (SEMVER-MINOR) add RSA-PSS params to asymmetricKeyDetails (Tobias Nießen) https://github.com/nodejs/node/pull/39851
deps:
  * (SEMVER-MINOR) add corepack (Maël Nison) https://github.com/nodejs/node/pull/39608
  * (SEMVER-MINOR) update V8 to 9.3.345.16 (Michaël Zasso) https://github.com/nodejs/node/pull/39947
module:
  * (SEMVER-MINOR) support pattern trailers (Guy Bedford) https://github.com/nodejs/node/pull/39635
stream:
  * (SEMVER-MINOR) add stream.compose (Robert Nagy) https://github.com/nodejs/node/pull/39029

PR-URL: https://github.com/nodejs/node/pull/40011
2021-09-07 12:03:33 +02:00
Myles Borins
f172c5ad5b
2021-08-31, Version 14.17.6 'Fermium' (LTS)
This is a security release.

Notable changes:

These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803 (https://github.com/advisories/GHSA-r628-mhmh-qjhw)
and CVE-2021-32804 (https://github.com/advisories/GHSA-3jfq-g458-7qm9).
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.

You can read more about it in:

* CVE-2021-37701: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
* CVE-2021-37712: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
* CVE-2021-37713: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
* CVE-2021-39134: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
* CVE-2021-39135: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2

PR-URL: https://github.com/nodejs-private/node-private/pull/287
2021-08-31 10:56:51 -04:00
Myles Borins
d989186cf2
2021-08-31, Version 12.22.6 'Erbium' (LTS)
This is a security release.

Notable changes:

These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803 (https://github.com/advisories/GHSA-r628-mhmh-qjhw)
and CVE-2021-32804 (https://github.com/advisories/GHSA-3jfq-g458-7qm9).
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.

You can read more about it in:

* CVE-2021-37701: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
* CVE-2021-37712: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
* CVE-2021-37713: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
* CVE-2021-39134: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
* CVE-2021-39135: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2

PR-URL: https://github.com/nodejs-private/node-private/pull/288
2021-08-31 10:55:56 -04:00
Michaël Zasso
31772a4e85
2021-08-25, Version 16.8.0 (Current)
Notable changes:

doc:
  * deprecate type coercion for `dns.lookup` options (Antoine du Hamel) https://github.com/nodejs/node/pull/38906
stream:
  * (SEMVER-MINOR) add `stream.Duplex.from` utility (Robert Nagy) https://github.com/nodejs/node/pull/39519
  * (SEMVER-MINOR) add `isDisturbed` helper (Robert Nagy) https://github.com/nodejs/node/pull/39628
util:
  * (SEMVER-MINOR) expose `toUSVString` (Robert Nagy) https://github.com/nodejs/node/pull/39814

PR-URL: https://github.com/nodejs/node/pull/39875
2021-08-25 22:51:53 +02:00
Danielle Adams
7ca38f05a0
2021-08-17, Version 16.7.0 (Current)
Notable changes:

* fs:
  * experimental: add recursive cp method (Benjamin Coe) https://github.com/nodejs/node/pull/39372

PR-URL: https://github.com/nodejs/node/pull/39782
2021-08-17 21:09:13 -04:00
Beth Griggs
ea47d83640
2021-08-11, Version 16.6.2 (Current)
This is a security release.

Notable Changes:

- CVE-2021-3672/CVE-2021-22931:
    Improper handling of untypical characters in domain names (High)
- CVE-2021-22930:
    Use after free on close http2 on stream canceling (High)
- CVE-2021-22939:
    Incomplete validation of rejectUnauthorized parameter (Low)

PR-URL: https://github.com/nodejs-private/node-private/pull/280
2021-08-11 16:22:15 +01:00
Beth Griggs
02b145083e
2021-08-11, Version 14.17.5 'Fermium' (LTS)
This is a security release.

Notable Changes:

- CVE-2021-3672/CVE-2021-22931:
    Improper handling of untypical characters in domain names (High)
- CVE-2021-22930:
    Use after free on close http2 on stream canceling (High)
- CVE-2021-22939:
    Incomplete validation of rejectUnauthorized parameter (Low)

PR-URL: https://github.com/nodejs-private/node-private/pull/279
2021-08-11 16:22:15 +01:00
Beth Griggs
e973b55c86
2021-08-11, Version 12.22.5 'Erbium' (LTS)
This is a security release.

Notable Changes:

- CVE-2021-3672/CVE-2021-22931:
    Improper handling of untypical characters in domain names (High)
- CVE-2021-22930:
    Use after free on close http2 on stream canceling (High)
- CVE-2021-22939:
    Incomplete validation of rejectUnauthorized parameter (Low)

PR-URL: https://github.com/nodejs-private/node-private/pull/278
2021-08-11 16:22:15 +01:00
Michaël Zasso
51cd4a8c56
2021-08-03, Version 16.6.1 (Current)
Notable changes:

* Updated npm to 7.20.3 (npm team)
  https://github.com/nodejs/node/pull/39579
* Reverted an ABI-breaking change from V8 9.2 that could impact some
  native modules (Michaël Zasso)
  https://github.com/nodejs/node/pull/39624
* Fixed a bug in error handling known to affect at least Webpack and
  Jest (Guy Bedford) https://github.com/nodejs/node/pull/39593

PR-URL: https://github.com/nodejs/node/pull/39631
2021-08-03 10:04:02 +02:00
Beth Griggs
0e22fa0f3d
2021-07-29, Version 16.6.0 (Current)
This is a security release.

Notable Changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling
  (High) [#39423](https://github.com/nodejs/node/pull/39423)
- (SEMVER-MINOR) deps: update V8 to 9.2.230.21 (Michaël Zasso)
  [#39470](https://github.com/nodejs/node/pull/39470)
- inspector: mark as stable (Gireesh Punathil)
  [#37748](https://github.com/nodejs/node/pull/37748)
- punycode: add pending deprecation (Antoine du Hamel)
  [#38444](https://github.com/nodejs/node/pull/38444)
- (SEMVER-MINOR) repl: enable --experimental-repl-await /w opt-out
  (hemanth.hm) [#34733](https://github.com/nodejs/node/pull/34733)

PR-URL: https://github.com/nodejs/node/pull/39534
2021-07-29 23:52:55 +01:00
Richard Lau
bd33fdfadf
2021-07-29, Version 14.17.4 'Fermium' (LTS)
This is a security release.

Notable Changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling (High)

This releases fixes some regressions with internationalization
introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

PR-URL: https://github.com/nodejs/node/pull/39466
2021-07-29 12:40:58 -04:00
Richard Lau
9b4199450e
2021-07-29, Version 12.22.4 'Erbium' (LTS)
This is a security release.

Notable changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling (High)

PR-URL: https://github.com/nodejs/node/pull/39500
2021-07-29 12:32:23 -04:00
Michaël Zasso
4a9fcb3534
2021-07-14, Version 16.5.0 (Current)
Notable changes:

deps:
  * upgrade npm to 7.19.1 (npm team) https://github.com/nodejs/node/pull/39225
fs:
  * (SEMVER-MINOR) allow empty string for temp directory prefix (Voltrex) https://github.com/nodejs/node/pull/39028
stream:
  * (SEMVER-MINOR) implement Web Streams API (James M Snell) https://github.com/nodejs/node/pull/39062

PR-URL: https://github.com/nodejs/node/pull/39373
2021-07-14 11:08:26 +02:00
Beth Griggs
70cf0dce4e
2021-07-05, Version 16.4.2 (Current)
Notable changes:

Node.js 16.4.1 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

PR-URL: https://github.com/nodejs/node/pull/39270
2021-07-05 18:23:26 +01:00
Richard Lau
ef3969542d
2021-07-05, Version v14.17.3 'Fermium' (LTS)
Notable changes:

Node.js 14.17.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

PR-URL: https://github.com/nodejs/node/pull/39269
2021-07-05 17:03:09 +01:00
Richard Lau
cf1abe4b88
2021-07-05, Version 12.22.3 'Erbium' (LTS)
Notable changes:

Node.js 12.22.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

PR-URL: https://github.com/nodejs/node/pull/39268
2021-07-05 16:50:08 +01:00
Richard Lau
e5f9ef62f6 doc: fix CHANGELOG.md formatting
Fix typo for line break tag.

PR-URL: https://github.com/nodejs/node/pull/39223
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2021-07-02 05:45:26 +02:00
Beth Griggs
5ba2442e82
2021-07-01, Version 16.4.1 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22918**: libuv upgrade - Out of bounds read (Medium)
- **CVE-2021-22921**: Windows installer - Node Installer Local Privilege Escalation (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/271
2021-07-01 15:37:30 +01:00
Richard Lau
0969b9f0e8
2021-07-01, Version 14.17.2 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22918**: libuv upgrade - Out of bounds read (Medium)
- **CVE-2021-22921**: Windows installer - Node Installer Local Privilege Escalation (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/272
2021-07-01 14:48:10 +01:00
Richard Lau
9b7eb82a42
2021-07-01, Version 12.22.2 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22918**: libuv upgrade - Out of bounds read (Medium)
- **CVE-2021-22921**: Windows installer - Node Installer Local Privilege Escalation (Medium)
- **CVE-2021-27290**: npm upgrade - ssri Regular Expression Denial of Service (ReDoS) (High)
- **CVE-2021-23362**: npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS) (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/270
2021-07-01 14:41:48 +01:00
Danielle Adams
84d6ce9fd1
2021-06-23, Version 16.4.0 (Current)
Notable changes:

* async_hooks:
  * stabilize part of AsyncLocalStorage (Vladimir de Turckheim) https://github.com/nodejs/node/pull/37675
* deps:
  * upgrade npm to 7.18.1 (npm-robot) https://github.com/nodejs/node/pull/39065
  * update V8 to 9.1.269.36 (Michaël Zasso) https://github.com/nodejs/node/pull/38273
* dns:
  * allow `--dns-result-order` to change default dns verbatim (Ouyang Yadong) https://github.com/nodejs/node/pull/38099

PR-URL: https://github.com/nodejs/node/pull/39031
2021-06-23 07:42:28 -04:00
Michaël Zasso
c0becbc1bd
2021-06-15, Version 14.17.1 'Fermium' (LTS)
Notable changes:

deps:
  * update ICU to 69.1 (Michaël Zasso) https://github.com/nodejs/node/pull/38178
src:
  * align source-map stacks with spec (Benjamin Coe) https://github.com/nodejs/node/pull/37252

PR-URL: https://github.com/nodejs/node/pull/38948
2021-06-15 14:45:01 +02:00
Antoine du Hamel
174b191f70 doc: add missing changelog links
Refs: https://github.com/nodejs/node/pull/38507
Refs: https://github.com/nodejs/node/pull/38874

PR-URL: https://github.com/nodejs/node/pull/39016
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
2021-06-13 01:05:59 +00:00
Antoine du Hamel
9414230eb0 doc: mark Node.js v15.x as EOL
Today is 2021-06-01, which is the date v15.x release line is marked as
End-of-Life.

Refs: https://github.com/nodejs/Release/blob/main/schedule.json

PR-URL: https://github.com/nodejs/node/pull/38891
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Nitzan Uziely <linkgoron@gmail.com>
2021-06-03 17:36:15 +02:00
Michaël Zasso
44ffddae8b
2021-05-19, Version 16.2.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) use new v8::Context PromiseHook API (Stephen Belanger) https://github.com/nodejs/node/pull/36394
lib:
  * support setting process.env.TZ on windows (James M Snell) https://github.com/nodejs/node/pull/38642
module:
  * (SEMVER-MINOR) add support for `URL` to `import.meta.resolve` (Antoine du Hamel) https://github.com/nodejs/node/pull/38587
process:
  * (SEMVER-MINOR) add `'worker'` event (James M Snell) https://github.com/nodejs/node/pull/38659
util:
  * (SEMVER-MINOR) add util.types.isKeyObject and util.types.isCryptoKey (Filip Skokan) https://github.com/nodejs/node/pull/38619

PR-URL: https://github.com/nodejs/node/pull/38719
2021-05-19 12:56:18 +02:00
Michaël Zasso
671c289957
2021-05-04, Version 16.1.0 (Current)
Notable changes:

fs:
  * (SEMVER-MINOR) allow no-params fsPromises fileHandle read (Nitzan Uziely) https://github.com/nodejs/node/pull/38287

PR-URL: https://github.com/nodejs/node/pull/38522
2021-05-04 17:09:39 +02:00
Richard Lau
6434cd66bb
doc: mark Node.js 10 as End-of-Life
PR-URL: https://github.com/nodejs/node/pull/38482
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Nitzan Uziely <linkgoron@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
2021-04-30 12:06:14 -04:00
Beth Griggs
8780537564
2021-04-20, Version 16.0.0 (Current)
Notable changes:

Deprecations and Removals:

- **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37216]
- **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37302]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('http_parser') (James M Snell) [https://github.com/nodejs/node/pull/37813]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('url') (James M Snell) [https://github.com/nodejs/node/pull/37799]
- **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only
  type checkers (Anna Henningsen) [https://github.com/nodejs/node/pull/37819]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('crypto') (James M Snell) [https://github.com/nodejs/node/pull/37790]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('signal_wrap') (James M Snell) [https://github.com/nodejs/node/pull/37800]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('v8') (James M Snell) [https://github.com/nodejs/node/pull/37789]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('async_wrap') (James M Snell) [https://github.com/nodejs/node/pull/37576]
- **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37201]
- **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder
  mappings (Antoine du Hamel) [https://github.com/nodejs/node/pull/37215]
- **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and
  extension lookups (Antoine du Hamel) [https://github.com/nodejs/node/pull/37206]
- **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json
  main entries (Antoine du Hamel) [https://github.com/nodejs/node/pull/37204]
- **(SEMVER-MAJOR)** **process**: runtime deprecate changing
  process.config (James M Snell) [https://github.com/nodejs/node/pull/36902]

Stable Timers Promises API:

The Timers Promises API provides an alternative set of timer functions
that return Promise objects. Added in Node.js v15.0.0, in this release
they graduate from experimental status to stable.

Contributed by James Snell - [https://github.com/nodejs/node/pull/38112]

Toolchain and Compiler Upgrades:

Node.js v16.0.0 will be the first release where we ship prebuilt
binaries for Apple Silicon. While we’ll be providing separate tarballs
for the Intel (`darwin-x64`) and ARM (`darwin-arm64`) architectures the
macOS installer (`.pkg`) will be shipped as a ‘fat’ (multi-architecture)
binary.

- **(SEMVER-MAJOR)** **build**: remove support for Python 2 (Christian
  Clauss) [https://github.com/nodejs/node/pull/36691]
- **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37764]
- **build**: update Makefile to support fat binary (Ash Cripps)
  [https://github.com/nodejs/node/pull/37861]
- **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy)
  [https://github.com/nodejs/node/pull/35704]
- **build**: warn for gcc versions earlier than 8.3.0 (Richard Lau)
  [https://github.com/nodejs/node/pull/37935]
- **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37872]
- **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37871]
- **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [https://github.com/nodejs/node/pull/37677]
- **tools**: set arch in Distribution.xml (Ash Cripps)
  [https://github.com/nodejs/node/pull/38261]

V8 9.0:

The V8 JavaScript engine is updated to V8 9.0, including performance
tweaks and improvements.

This update also brings the ECMAScript RegExp Match Indices, which
provide the start and end indices of the captured string. The indices
array is available via the `.indices` property on match objects when the
regular expression has the `/d` flag.

Contributed by Michaël Zasso - [https://github.com/nodejs/node/pull/37587]

Other Notable Changes:

- **(SEMVER-MINOR)** **assert**: graduate assert.match and
  assert.doesNotMatch (James M Snell) [https://github.com/nodejs/node/pull/38111]
- **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals
  (James M Snell) [https://github.com/nodejs/node/pull/37786]
- **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37330]
- **deps**: update ICU to 69.1 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/38178]
- **deps**: update llhttp to 6.0.0 (Fedor Indutny)
  [https://github.com/nodejs/node/pull/38277]
- **deps**: upgrade npm to 7.10.0 (Ruy Adorno)
  [https://github.com/nodejs/node/pull/38254]
- **(SEMVER-MINOR)** **http**: add http.ClientRequest.getRawHeaderNames()
  (simov) [https://github.com/nodejs/node/pull/37660]
- **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent
  (Michael Dawson) [https://github.com/nodejs/node/pull/36478]
- **(SEMVER-MINOR)** **module**: add support for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [https://github.com/nodejs/node/pull/37246]
- **(SEMVER-MINOR)** **perf_hooks**: add histogram option to timerify
  (James M Snell) [https://github.com/nodejs/node/pull/37475]
- **(SEMVER-MINOR)** **repl**: add auto‑completion for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [https://github.com/nodejs/node/pull/37246]
- **(SEMVER-MINOR)** **util**: add getSystemErrorMap() impl
  (eladkeyshawn) [https://github.com/nodejs/node/pull/38101]

Semver-Major Commits:

- **(SEMVER-MAJOR)** **async_hooks**: add thisArg to AsyncResource.bind
  (James M Snell) [https://github.com/nodejs/node/pull/36782]
- **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals
  (James M Snell) [https://github.com/nodejs/node/pull/37786]
- **(SEMVER-MAJOR)** **build**: remove support for Python 2
  (Christian Clauss) [https://github.com/nodejs/node/pull/36691]
- **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37764]
- **(SEMVER-MAJOR)** **build**: update Makefile to support fat binary
  (Ash Cripps) [https://github.com/nodejs/node/pull/37861]
- **(SEMVER-MAJOR)** **build**: include minimal V8 headers in
  distribution (Michaël Zasso) [https://github.com/nodejs/node/pull/37570]
- **(SEMVER-MAJOR)** **build**: use C++11 ABI with libstdc++
  (Anna Henningsen) [https://github.com/nodejs/node/pull/36634]
- **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy)
  [https://github.com/nodejs/node/pull/35704]
- **(SEMVER-MAJOR)** **deps**: update V8 to 9.0.257.11 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/37587]
- **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37330]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.9.255.19 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/37330]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.8.278.17 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/36139]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.7.220 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/35700]
- **(SEMVER-MAJOR)** **dns**: use url module instead of punycode for
  IDNA (Antoine du Hamel) [https://github.com/nodejs/node/pull/35091]
- **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37872]
- **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37871]
- **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [https://github.com/nodejs/node/pull/37677]
- **(SEMVER-MAJOR)** **doc**: add http.IncomingMessage#connection
  (Pranshu Srivastava) [https://github.com/nodejs/node/pull/33768]
- **(SEMVER-MAJOR)** **events**: change EventTarget handler exception
  behavior (Nitzan Uziely) [https://github.com/nodejs/node/pull/37237]
- **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37216]
- **(SEMVER-MAJOR)** **fs**: add validation for fd and path
  (Dylan Elliott) [https://github.com/nodejs/node/pull/35187]
- **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37302]
- **(SEMVER-MAJOR)** **fs**: fix flag and mode validation
  (James M Snell) [https://github.com/nodejs/node/pull/37480]
- **(SEMVER-MAJOR)** **http**: use objects with null prototype in Agent
  (Michaël Zasso) [https://github.com/nodejs/node/pull/36409]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('http_parser') (James M Snell)
  [https://github.com/nodejs/node/pull/37813]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('url') (James M Snell)
  [https://github.com/nodejs/node/pull/37799]
- **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only
  type checkers (Anna Henningsen) [https://github.com/nodejs/node/pull/37819]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('crypto') (James M Snell) [https://github.com/nodejs/node/pull/37790]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('signal_wrap') (James M Snell) [https://github.com/nodejs/node/pull/37800]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('v8') (James M Snell) [https://github.com/nodejs/node/pull/37789]
- **(SEMVER-MAJOR)** **lib**: aggregate errors to avoid error swallowing
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37460]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('async_wrap') (James M Snell) [https://github.com/nodejs/node/pull/37576]
- **(SEMVER-MAJOR)** **lib**: remove usage of url.parse
  (raisinten) [https://github.com/nodejs/node/pull/36853]
- **(SEMVER-MAJOR)** **lib**: add error handling for input stream
  (rexagod) [https://github.com/nodejs/node/pull/31603]
- **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent
  (Michael Dawson) [https://github.com/nodejs/node/pull/36478]
- **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder
  mappings (Antoine du Hamel) [https://github.com/nodejs/node/pull/37215]
- **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and
  extension lookups (Antoine du Hamel) [https://github.com/nodejs/node/pull/37206]
- **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json
  main entries (Antoine du Hamel) [https://github.com/nodejs/node/pull/37204]
- **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37201]
- **(SEMVER-MAJOR)** **module**: only set cache when finding module
  succeeds (Yongsheng Zhang) [https://github.com/nodejs/node/pull/36642]
- **(SEMVER-MAJOR)** **perf_hooks**: make performance a global (James M
  Snell) [https://github.com/nodejs/node/pull/37970]
- **(SEMVER-MAJOR)** **perf_hooks**: complete overhaul of the
  implementation (James M Snell) [https://github.com/nodejs/node/pull/37136]
- **(SEMVER-MAJOR)** **process**: disallow adding options to
  process.allowedNodeEnvironmentFlags (Antoine du Hamel)
  [https://github.com/nodejs/node/pull/36660]
- **(SEMVER-MAJOR)** **process**: runtime deprecate changing
  process.config (James M Snell) [https://github.com/nodejs/node/pull/36902]
- **(SEMVER-MAJOR)** **readline**: cursorTo throw error on NaN
  (Zijian Liu) [https://github.com/nodejs/node/pull/36379]
- **(SEMVER-MAJOR)** **src**: mark internally exported functions as
  explicitly internal (Tyler Ang-Wanek) [https://github.com/nodejs/node/pull/37000]
- **(SEMVER-MAJOR)** **src**: inline AsyncCleanupHookHandle in headers
  (Tyler Ang-Wanek) [https://github.com/nodejs/node/pull/37000]
- **(SEMVER-MAJOR)** **src**: clean up embedder API (Anna Henningsen)
  [https://github.com/nodejs/node/pull/35897]
- **(SEMVER-MAJOR)** **worker**: send correct error status for worker
  init (Yash Ladha) [https://github.com/nodejs/node/pull/36242]

PR-URL: https://github.com/nodejs/node/pull/37678
2021-04-20 16:48:35 +01:00
Myles Borins
78b6f389d0
2021-04-06, Version 15.14.0 (Current)
Notable Changes:

This is a security release.

Vulnerabilities fixed:

- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)

Other Notable changes:

fs:
  * (SEMVER-MINOR) add support for async iterators to `fsPromises.writeFile` (HiroyukiYagihashi) https://github.com/nodejs/node/pull/37490
net:
  * (SEMVER-MINOR) allow net.BlockList to use net.SocketAddress objects (James M Snell) https://github.com/nodejs/node/pull/37917
  * (SEMVER-MINOR) add SocketAddress class (James M Snell) https://github.com/nodejs/node/pull/37917
  * (SEMVER-MINOR) make net.BlockList cloneable (James M Snell) https://github.com/nodejs/node/pull/37917
net,tls:
  * (SEMVER-MINOR) add abort signal support to connect (Nitzan Uziely) https://github.com/nodejs/node/pull/37735
readline:
  * (SEMVER-MINOR) add AbortSignal support to interface (Nitzan Uziely) https://github.com/nodejs/node/pull/37932

PR-URL: https://github.com/nodejs/node/pull/38084
2021-04-06 15:55:23 -04:00
Myles Borins
1522a93646
2021-04-06, Version 14.16.1 'Fermium' (LTS)
This is a security release.

Notable Changes:

Vulnerabilities fixed:

- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)

PR-URL: https://github.com/nodejs/node/pull/38082
2021-04-06 15:55:23 -04:00
Myles Borins
d318ec7fc3
2021-04-06, Version 12.22.1 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)

PR-URL: https://github.com/nodejs/node/pull/38083
2021-04-06 15:55:22 -04:00
Myles Borins
cd15b1cde2
2021-04-06, Version 10.24.1 'Dubnium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)

PR-URL: https://github.com/nodejs/node/pull/38085
2021-04-06 15:55:22 -04:00
Ruy Adorno
82bc5c3d5c
2021-03-31, Version 15.13.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/37977

Notable changes:

* buffer:
  * implement btoa and atob (James M Snell) https://github.com/nodejs/node/pull/37529
* deps:
  * upgrade npm to 7.7.6 (Ruy Adorno) https://github.com/nodejs/node/pull/37968
* doc:
  * add legacy status to stability index (James M Snell) https://github.com/nodejs/node/pull/37784
  * add @linkgoron to collaborators (Nitzan Uziely) https://github.com/nodejs/node/pull/37817
* http:
  * add http.ClientRequest.getRawHeaderNames() (simov) https://github.com/nodejs/node/pull/37660
2021-03-31 10:14:03 -04:00
Richard Lau
30fe4ed8c4
2021-03-30, Version 12.22.0 'Erbium' (LTS)
Notable changes

The legacy HTTP parser is runtime deprecated:
- The legacy HTTP parser, selected by the `--http-parser=legacy` command line
option, is deprecated with the pending End-of-Life of Node.js 10.x (where it
is the only HTTP parser implementation provided) at the end of April 2021. It
will now warn on use but otherwise continue to function and may be removed in
a future Node.js 12.x release.
- The default HTTP parser based on llhttp is not affected. By default it is
stricter than the now deprecated legacy HTTP parser. If interoperability with
HTTP implementations that send invalid HTTP headers is required, the HTTP
parser can be started in a less secure mode with the `--insecure-http-parser`
command line option.

ES Modules:
- ES Modules are now considered stable.

node-api:
- Updated to node-api version 8 and added an experimental API to allow
retrieval of the add-on file name.

New API's to control code coverage data collection:
- `v8.stopCoverage()` and `v8.takeCoverage()` have been added.

New API to monitor event loop utilization by Worker threads
- `worker.performance.eventLoopUtilization()` has been added.

PR-URL: https://github.com/nodejs/node/pull/37797
2021-03-30 15:09:15 +01:00
Danielle Adams
3b3b02f8bb
2021-03-17, Version 15.12.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/37766

Notable changes:

* crypto:
  * add optional callback to crypto.sign and crypto.verify (Filip Skokan) https://github.com/nodejs/node/pull/37500
  * support JWK objects in create\*Key (Filip Skokan) https://github.com/nodejs/node/pull/37254
* deps:
  * update to cjs-module-lexer@1.1.0 (Guy Bedford) https://github.com/nodejs/node/pull/37712
  * switch openssl to quictls/openssl (James M Snell) https://github.com/nodejs/node/pull/37601
* fs:
  * improve fsPromises writeFile performance (Nitzan Uziely) https://github.com/nodejs/node/pull/37610
  * improve fsPromises readFile performance (Nitzan Uziely) https://github.com/nodejs/node/pull/37608
* lib:
  * implement AbortSignal.abort() (James M Snell) https://github.com/nodejs/node/pull/37693
* node-api:
  * define version 8 (Gabriel Schulhof) https://github.com/nodejs/node/pull/37652
* worker:
  * add setEnvironmentData/getEnvironmentData (James M Snell) https://github.com/nodejs/node/pull/37486
2021-03-17 18:16:45 -04:00
Michaël Zasso
f6b1df2226
2021-03-03, Version 15.11.0 (Current)
Notable changes:

crypto:
  * (SEMVER-MINOR) make FIPS related options always awailable (Vít Ondruch) https://github.com/nodejs/node/pull/36341
errors:
  * (SEMVER-MINOR) remove experimental from --enable-source-maps (Benjamin Coe) https://github.com/nodejs/node/pull/37362

PR-URL: https://github.com/nodejs/node/pull/37569
2021-03-03 07:06:17 +01:00
Richard Lau
eed3c72474
2021-02-23, Version 10.24.0 'Dubnium' (LTS)
This is a security release.

Notable changes

Vulnerabilities fixed:

- **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by
    resource exhaustion
- **CVE-2021-22884**: DNS rebinding in --inspect
- **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate

PR-URL: https://github.com/nodejs-private/node-private/pull/255
2021-02-23 12:41:57 +00:00
Richard Lau
199c8bdb0d
2021-02-23, Version 12.21.0 'Erbium' (LTS)
This is a security release.

Notable changes

Vulnerabilities fixed:

- **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by
    resource exhaustion
- **CVE-2021-22884**: DNS rebinding in --inspect
- **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate

PR-URL: https://github.com/nodejs-private/node-private/pull/256
2021-02-23 12:38:53 +00:00
Beth Griggs
40b805a6ef
2021-02-23, Version 14.16.0 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by
    resource exhaustion
- **CVE-2021-22884**: DNS rebinding in --inspect
- **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate

PR-URL: https://github.com/nodejs-private/node-private/pull/254
2021-02-23 12:22:11 +00:00
Beth Griggs
6f9b622737
2021-02-23, Version 15.10.0 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by
    resource exhaustion
- **CVE-2021-22884**: DNS rebinding in --inspect
- **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate

PR-URL: https://github.com/nodejs-private/node-private/pull/253
2021-02-23 12:02:39 +00:00
Danielle Adams
3bf50a70b4
2021-02-17, Version 15.9.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/37406

Notable Changes:

* crypto:
  * add keyObject.export() jwk format option (Filip Skokan) https://github.com/nodejs/node/pull/37081
* deps:
  * upgrade to libuv 1.41.0 (Colin Ihrig) https://github.com/nodejs/node/pull/37360
* doc:
  * add dmabupt to collaborators (Xu Meng) https://github.com/nodejs/node/pull/37377
  * refactor fs docs structure (James M Snell) https://github.com/nodejs/node/pull/37170
* fs:
  * add fsPromises.watch() (James M Snell) https://github.com/nodejs/node/pull/37179
  * use a default callback for fs.close() (James M Snell) https://github.com/nodejs/node/pull/37174
  * add AbortSignal support to watch (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/37190
* perf_hooks:
  * introduce createHistogram (James M Snell) https://github.com/nodejs/node/pull/37155
* stream:
  * improve Readable.from error handling (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/37158
* timers:
  * introduce setInterval async iterator (linkgoron) https://github.com/nodejs/node/pull/37153
* tls:
  * add ability to get cert/peer cert as X509Certificate object (James M Snell) https://github.com/nodejs/node/pull/37070
2021-02-17 21:20:34 -05:00
Ruy Adorno
ad38be4f6a
2021-02-10, Version 12.20.2 'Erbium' (LTS)
Notable changes:

* deps:
  * upgrade npm to 6.14.11 (Ruy Adorno) [#37173](https://github.com/nodejs/node/pull/37173)

PR-URL: https://github.com/nodejs/node/pull/37286
2021-02-10 15:31:09 -05:00
Richard Lau
857fbdb13f
2021-02-09, Version 10.23.3 'Dubnium' (LTS)
Notable changes:

The update to npm 6.14.11 has been relanded so that npm correctly reports its version.

PR-URL: https://github.com/nodejs/node/pull/37241
2021-02-09 22:58:32 +00:00
Beth Griggs
4f12215a6b
2021-02-09, Version 14.15.5 'Fermium' (LTS)
Notable changes:

- **deps**:
  - upgrade npm to 6.14.11 (Ruy Adorno)
    (https://github.com/nodejs/node/pull/37173)
  - V8: backport dfcf1e86fac0 (Michaël Zasso)
    (https://github.com/nodejs/node/pull/37245)
    - Note: Node.js is not believed to be vulnerable to CVE-2021-21148.
- **stream,zlib**: do not use \_stream\_\* anymore (Matteo Collina)
  (https://github.com/nodejs/node/pull/36618)

PR-URL: https://github.com/nodejs/node/pull/37074
2021-02-09 16:40:16 +00:00
Michaël Zasso
211574b0c2
2021-02-02, Version 15.8.0 (Current)
Notable changes:

crypto:
  * (SEMVER-MINOR) add generatePrime/checkPrime (James M Snell) https://github.com/nodejs/node/pull/36997
  * (SEMVER-MINOR) experimental (Ed/X)25519/(Ed/X)448 support (James M Snell) https://github.com/nodejs/node/pull/36879
deps:
  * upgrade npm to 7.5.0 (Ruy Adorno) https://github.com/nodejs/node/pull/37117
dgram:
  * (SEMVER-MINOR) support AbortSignal in createSocket (Nitzan Uziely) https://github.com/nodejs/node/pull/37026
doc:
  * add Zijian Liu to collaborators (ZiJian Liu) https://github.com/nodejs/node/pull/37075
esm:
  * deprecate legacy main lookup for modules (Guy Bedford) https://github.com/nodejs/node/pull/36918
readline:
  * (SEMVER-MINOR) add history event and option to set initial history (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33662
  * (SEMVER-MINOR) add support for the AbortController to the question method (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33676

PR-URL: https://github.com/nodejs/node/pull/37183
2021-02-02 21:50:24 +01:00
Richard Lau
c5f3565100
2021-01-26, Version 10.23.2 'Dubnium' (LTS)
Notable changes:

Release keys have been synchronized with the main branch.

- deps:
  - upgrade npm to 6.14.11 (Darcy Clarke)
    https://github.com/nodejs/node/pull/36838

PR-URL: https://github.com/nodejs/node/pull/37022
2021-01-26 17:14:19 +00:00
Ruy Adorno
cef00ad414
2021-01-26, Version 15.7.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/37020

Notable changes:

* buffer:
  * introduce Blob (James M Snell) [#36811](https://github.com/nodejs/node/pull/36811)
  * add base64url encoding option (Filip Skokan) [#36952](https://github.com/nodejs/node/pull/36952)
* doc:
  * add @iansu to collaborators (Ian Sutherland) [#36951](https://github.com/nodejs/node/pull/36951)
  * add @RaisinTen to collaborators (Darshan Sen) [#36998](https://github.com/nodejs/node/pull/36998)
  * add @miladfarca to collaborators (Milad Fa) [#36934](https://github.com/nodejs/node/pull/36934)
* fs:
  * allow position parameter to be a BigInt in read and readSync (raisinten) [#36190](https://github.com/nodejs/node/pull/36190)
* http:
  * attach request as res.req (Ian Storm Taylor) [#36505](https://github.com/nodejs/node/pull/36505)
  * expose urlToHttpOptions utility (Yongsheng Zhang) [#35960](https://github.com/nodejs/node/pull/35960)
2021-01-26 11:06:59 -05:00
Danielle Adams
0f789488d4
2021-01-14, Version 15.6.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/36889

Notable changes:

* child_process:
  * add 'overlapped' stdio flag (Thiago Padilha) (https://github.com/nodejs/node/pull/29412)
  * support AbortSignal in fork (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/36603)
* crypto:
  * implement basic secure heap support (James M Snell) (https://github.com/nodejs/node/pull/36779)
  * fixup bug in keygen error handling (James M Snell) (https://github.com/nodejs/node/pull/36779)
  * introduce X509Certificate API (James M Snell) (https://github.com/nodejs/node/pull/36804)
  * implement randomuuid (James M Snell) (https://github.com/nodejs/node/pull/36729)
* doc:
  * update release key for Danielle Adams (Danielle Adams) (https://github.com/nodejs/node/pull/36793)
  * add dnlup to collaborators (Daniele Belardi) (https://github.com/nodejs/node/pull/36849)
  * add panva to collaborators (Filip Skokan) (https://github.com/nodejs/node/pull/36802)
  * add yashLadha to collaborator (Yash Ladha) (https://github.com/nodejs/node/pull/36666)
* http:
  * set lifo as the default scheduling strategy in Agent (Matteo Collina) (https://github.com/nodejs/node/pull/36685)
* net:
  * support abortSignal in server.listen (Nitzan Uziely) (https://github.com/nodejs/node/pull/36623)
* process:
  * add direct access to rss without iterating pages (Adrien Maret) (https://github.com/nodejs/node/pull/34291)
* v8:
  * fix native  constructors (ExE Boss) (https://github.com/nodejs/node/pull/36549)
2021-01-14 19:58:43 -05:00
Richard Lau
ceb0dc907a
2021-01-04, Version 12.20.1 'Erbium' (LTS)
Notable changes:

This is a security release.

Vulnerabilities fixed:

- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt

PR-URL: https://github.com/nodejs-private/node-private/pull/240
2021-01-04 18:02:20 +00:00
Richard Lau
6c80df02d1
2021-01-04, Version 10.23.1 'Dubnium' (LTS)
Notable changes:

This is a security release.

Vulnerabilities fixed:

- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt

PR-URL: https://github.com/nodejs-private/node-private/pull/239
2021-01-04 17:59:36 +00:00
Beth Griggs
a384a0c4c6
2021-01-04, Version 14.15.4 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2020-1971**: OpenSSL - EDIPARTYNAME NULL pointer de-reference
  (High)
  - This is a vulnerability in OpenSSL which may be exploited through
  Node.js. You can read more about it in
  https://www.openssl.org/news/secadv/20201208.txt

- **CVE-2020-8265**: use-after-free in TLSWrap (High)
  - Affected Node.js versions are vulnerable to a use-after-free bug in
  its TLS implementation. When writing to a TLS enabled socket,
  node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
  allocated WriteWrap object as first argument. If the DoWrite method
  does not return an error, this object is passed back to the caller as
  part of a StreamWriteResult structure. This may be exploited to
  corrupt memory leading to a Denial of Service or potentially other
  exploits.

- **CVE-2020-8287**: HTTP Request Smuggling in nodejs (Low)
  - Affected versions of Node.js allow two copies of a header field in
  a http request. For example, two Transfer-Encoding header fields. In
  this case Node.js identifies the first header field and ignores the
  second. This can lead to HTTP Request Smuggling
  (https://cwe.mitre.org/data/definitions/444.html).

PR-URL: https://github.com/nodejs-private/node-private/pull/242
2021-01-04 17:53:38 +00:00
Beth Griggs
433ed98b40
2021-01-04, Version 15.5.1 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2020-8265**: use-after-free in TLSWrap (High)
  * Affected Node.js versions are vulnerable to a use-after-free bug in
  its TLS implementation. When writing to a TLS enabled socket,
  node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
  allocated WriteWrap object as first argument. If the DoWrite method
  does not return an error, this object is passed back to the caller as
  part of a StreamWriteResult structure. This may be exploited to
  corrupt memory leading to a Denial of Service or potentially other
  exploits.

- **CVE-2020-8287**: HTTP Request Smuggling in nodejs (Low)
  * Affected versions of Node.js allow two copies of a header field in
  a http request. For example, two Transfer-Encoding header fields. In
  this case Node.js identifies the first header field and ignores the
  second. This can lead to HTTP Request Smuggling
  (https://cwe.mitre.org/data/definitions/444.html).

PR-URL: https://github.com/nodejs-private/node-private/pull/241
2021-01-04 17:46:51 +00:00
Michaël Zasso
80d2fbeb0c
2020-12-22, Version 15.5.0 (Current)
Notable changes:

    child_process:
      * (SEMVER-MINOR) add signal support to spawn (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/36432
    doc:
      * add PoojaDurgad to collaborators (Pooja D P) https://github.com/nodejs/node/pull/36511
    lib:
      * (SEMVER-MINOR) support BigInt in querystring.stringify (raisinten) https://github.com/nodejs/node/pull/36499
    src:
      * (SEMVER-MINOR) add way to get IsolateData and allocator from Environment (Anna Henningsen) https://github.com/nodejs/node/pull/36441
      * (SEMVER-MINOR) allow preventing SetPrepareStackTraceCallback (Shelley Vohr) https://github.com/nodejs/node/pull/36447
    stream:
      * (SEMVER-MINOR) support abortsignal in constructor (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/36431

PR-URL: https://github.com/nodejs/node/pull/36597
2020-12-22 19:56:09 +01:00
Beth Griggs
b49145f795
2020-12-17, Version 14.15.3 'Fermium' (LTS)
Notable Changes:

Node.js v14.15.2 included a commit that has caused reported breakages
when cloning request objects. This release reverts the commit that
introduced the behaviour change.

See https://github.com/nodejs/node/issues/36550 for more details.

PR-URL: https://github.com/nodejs/node/pull/36555
2020-12-17 23:22:59 +00:00
Beth Griggs
a150926177
2020-12-15, Version 14.15.2 'Fermium' (LTS)
Notable Changes:

- **deps**:
  - upgrade npm to 6.14.9 (Myles Borins)
    https://github.com/nodejs/node/pull/36450
  - update acorn to v8.0.4 (Michaël Zasso)
    https://github.com/nodejs/node/pull/35791
- **doc**: add release key for Danielle Adams (Danielle Adams)
    https://github.com/nodejs/node/pull/35545
- **http2**: check write not scheduled in scope destructor (David Halls)
    https://github.com/nodejs/node/pull/36241
- **stream**: fix regression on duplex end (Momtchil Momtchev)
    https://github.com/nodejs/node/pull/35941

PR-URL: https://github.com/nodejs/node/pull/36476
2020-12-15 23:48:00 +00:00
Danielle Adams
04e5418934
doc: add v15.4.0 link to CHANGELOG.md
PR-URL: https://github.com/nodejs/node/pull/36456
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
2020-12-14 15:02:05 -05:00
Myles Borins
219332e66c
2020-11-24, Version 12.20.0 'Erbium' (LTS)
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) https://github.com/nodejs/node/pull/33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) https://github.com/nodejs/node/pull/35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) https://github.com/nodejs/node/pull/35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) https://github.com/nodejs/node/pull/35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) https://github.com/nodejs/node/pull/35512

PR-URL: https://github.com/nodejs/node/pull/35950
2020-11-24 11:40:37 -05:00
Shelley Vohr
7b5b8ef424
2020-11-24, Version 15.3.0 (Current)
Notable changes:

dns:
  * (SEMVER-MINOR) add a cancel() method to the promise Resolver (Szymon Marczak) https://github.com/nodejs/node/pull/33099
events:
  * (SEMVER-MINOR) add max listener warning for EventTarget (James M Snell) https://github.com/nodejs/node/pull/36001
http:
  * (SEMVER-MINOR) add support for abortsignal to http.request (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/36048
http2:
  * (SEMVER-MINOR) allow setting the local window size of a session (Yongsheng Zhang) https://github.com/nodejs/node/pull/35978
lib:
  * (SEMVER-MINOR) add throws option to fs.f/l/statSync (Andrew Casey) https://github.com/nodejs/node/pull/33716
path:
  * (SEMVER-MINOR) add `path/posix` and `path/win32` alias modules (ExE Boss) https://github.com/nodejs/node/pull/34962
readline:
  * (SEMVER-MINOR) add getPrompt to get the current prompt (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33675
src:
  * (SEMVER-MINOR) add loop idle time in diagnostic report (Gireesh Punathil) https://github.com/nodejs/node/pull/35940
util:
  * (SEMVER-MINOR) add `util/types` alias module (ExE Boss) https://github.com/nodejs/node/pull/34055

PR-URL: https://github.com/nodejs/node/pull/36232
2020-11-24 08:26:26 -08:00
Beth Griggs
88d0b5b2fb
2020-11-16, Version 12.19.1 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
  application that allows an attacker to trigger a DNS request for a
  host of their choice could trigger a Denial of Service by getting the
  application to resolve a DNS record with a larger number of responses.

PR-URL: https://github.com/nodejs-private/node-private/pull/233
2020-11-16 17:09:16 +01:00
Beth Griggs
f67088efec
2020-11-16, Version 14.15.1 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
  application that allows an attacker to trigger a DNS request for a
  host of their choice could trigger a Denial of Service by getting the
  application to resolve a DNS record with a larger number of responses.

PR-URL: https://github.com/nodejs-private/node-private/pull/234
2020-11-16 17:09:15 +01:00
Michaël Zasso
6be214d537
2020-11-16, Version 15.2.1 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
  application that allows an attacker to trigger a DNS request for a
  host of their choice could trigger a Denial of service by getting the
  application to resolve a DNS record with a larger number of responses.

PR-URL: https://github.com/nodejs-private/node-private/pull/232
2020-11-16 17:09:15 +01:00
Danielle Adams
f5c508c805
2020-11-10, Version 15.2.0 (Current)
Notable changes:

* events:
  * getEventListeners static (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/35991)
* fs:
  * support abortsignal in writeFile (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/35993)
  * add support for AbortSignal in readFile (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/35911)
* stream:
  * fix thrown object reference (Gil Pedersen) (https://github.com/nodejs/node/pull/36065)

PR URL: https://github.com/nodejs/node/pull/36055
2020-11-10 17:51:54 -05:00
Michaël Zasso
8caa6a9d8c
2020-11-04, Version 15.1.0 (Current)
Notable changes:

child_process:
  * (SEMVER-MINOR) add ChildProcess 'spawn' event (Matthew Francis Brunetti) https://github.com/nodejs/node/pull/35369
dns:
  * (SEMVER-MINOR) add setLocalAddress to Resolver (Josh Dague) https://github.com/nodejs/node/pull/34824
http:
  * (SEMVER-MINOR) report request start and end with diagnostics_channel (Stephen Belanger) https://github.com/nodejs/node/pull/34895
http2:
  * (SEMVER-MINOR) add updateSettings to both http2 servers (Vincent Boivin) https://github.com/nodejs/node/pull/35383
lib:
  * (SEMVER-MINOR) create diagnostics_channel module (Stephen Belanger) https://github.com/nodejs/node/pull/34895
src:
  * (SEMVER-MINOR) add --heapsnapshot-near-heap-limit option (Joyee Cheung) https://github.com/nodejs/node/pull/33010
v8:
  * (SEMVER-MINOR) implement v8.stopCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
  * (SEMVER-MINOR) implement v8.takeCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
worker:
  * (SEMVER-MINOR) add eventLoopUtilization() (Trevor Norris) https://github.com/nodejs/node/pull/35664

PR-URL: https://github.com/nodejs/node/pull/35948
2020-11-04 21:43:02 +01:00
Richard Lau
0ca861745a
2020-10-27, Version 14.15.0 'Fermium' (LTS)
Notable changes:

This release marks the transition of Node.js 14.x into Long Term Support (LTS)
with the codename 'Fermium'. The 14.x release line now moves into "Active LTS"
and will remain so until October 2021. After that time, it will move into
"Maintenance" until end of life in April 2023.

PR-URL: https://github.com/nodejs/node/pull/35746
2020-10-27 11:59:05 -04:00
Richard Lau
62ead4e14f
2020-10-27, Version 10.23.0 'Dubnium' (LTS)
Notable changes:
- deps:
  - upgrade npm to 6.14.8 (Ruy Adorno)
    https://github.com/nodejs/node/pull/34834
- n-api:
  - create N-API version 7 (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/35199
  - expose napi_build_version variable (NickNaso)
    https://github.com/nodejs/node/pull/27835
- tools:
  - add debug entitlements for macOS 10.15+ (Gabriele Greco)
    https://github.com/nodejs/node/pull/34378

PR-URL: https://github.com/nodejs/node/pull/35544
2020-10-27 11:31:31 -04:00
Beth Griggs
4d16554bfa
2020-10-21, Version 15.0.1 (Current)
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (https://github.com/nodejs/node/pull/35723)
  - This fixes issue https://github.com/nodejs/node/issues/35722.
- **deps**: upgrade npm to 7.0.3 (Ruy Adorno)
  (https://github.com/nodejs/node/pull/35724)
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (https://github.com/nodejs/node/pull/35545)

PR-URL: https://github.com/nodejs/node/pull/35736
2020-10-21 21:20:48 +01:00
Beth Griggs
57613f8c56
2020-10-20, Version 15.0.0 (Current)
Notable changes:

Deprecations and Removals:

- **build**: remove --build-v8-with-gn configure option (Yang Guo)
(https://github.com/nodejs/node/pull/27576)
- **build**: drop support for VS2017 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33694)
- **doc**: move DEP0018 to End-of-Life (Rich Trott)
(https://github.com/nodejs/node/pull/35316)
- **fs**: deprecation warning on recursive rmdir (Ian Sutherland)
(https://github.com/nodejs/node/pull/35562)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **net**: remove long deprecated server.connections property (James M
Snell) (https://github.com/nodejs/node/pull/33647)
- **repl**: remove deprecated repl.memory function (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.turnOffEditorMode() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.parseREPLKeyword() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated bufferedCommand property (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated .rli (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **src**: remove deprecated node debug command (James M Snell)
(https://github.com/nodejs/node/pull/33648)
- **timers**: introduce timers/promises (James M Snell)
(https://github.com/nodejs/node/pull/33950)
- **util**: change default value of `maxStringLength` to 10000
(unknown) (https://github.com/nodejs/node/pull/32744)
- **wasi**: drop --experimental-wasm-bigint requirement (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)

npm 7 (https://github.com/nodejs/node/pull/35631):

Node.js 15 comes with a new major release of npm, npm 7. npm 7 comes
with many new features - including npm workspaces and a new
package-lock.json format. npm 7 also includes yarn.lock file support.
One of the big changes in npm 7 is that peer dependencies are now
installed by default.

Throw On Unhandled Rejections
(https://github.com/nodejs/node/pull/33021):

As of Node.js 15, the default mode for `unhandledRejection` is changed
to `throw` (from `warn`). In `throw` mode, if an `unhandledRejection`
hook is not set, the `unhandledRejection` is raised as an uncaught
exception. Users that have an `unhandledRejection` hook should see no
change in behavior, and it’s still possible to switch modes using the
`--unhandled-rejections=mode` process flag.

QUIC (https://github.com/nodejs/node/pull/32379):

Node.js 15 comes with experimental support QUIC, which can be enabled
by compiling Node.js with the `--experimental-quic` configuration flag.
The Node.js QUIC implementation is exposed by the core `net` module.

V8 8.6 (https://github.com/nodejs/node/pull/35415):

The V8 JavaScript engine has been updated to V8 8.6 (V8 8.4 is the
latest available in Node.js 14). Along with performance tweaks and
improvements the V8 update also brings the following language features:
* `Promise.any()` (from V8 8.5)
* `AggregateError` (from V8 8.5)
* `String.prototype.replaceAll()` (from V8 8.5)
* Logical assignment operators `&&=`, `||=`, and `??=` (from V8 8.5)

Other Notable Changes:

- **assert**: add `assert/strict` alias module (ExE Boss)
(https://github.com/nodejs/node/pull/34001)
- **dns**: add dns/promises alias (shisama)
(https://github.com/nodejs/node/pull/32953)
- **fs**: reimplement read and write streams using stream.construct
(Robert Nagy) (https://github.com/nodejs/node/pull/29656)
- **http2**: allow Host in HTTP/2 requests (Alba Mendez)
(https://github.com/nodejs/node/pull/34664)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **lib**: unflag AbortController (James M Snell)
(https://github.com/nodejs/node/pull/33527)
- **lib**: initial experimental AbortController implementation (James M
Snell) (https://github.com/nodejs/node/pull/33527)
- **net**: autoDestroy Socket (Robert Nagy)
(https://github.com/nodejs/node/pull/31806)
- **src**: disallow JS execution inside FreeEnvironment (Anna
Henningsen) (https://github.com/nodejs/node/pull/33874)
- **stream**: construct (Robert Nagy)
(https://github.com/nodejs/node/pull/29656)
- **worker**: make MessageEvent class more Web-compatible (Anna
Henningsen) (https://github.com/nodejs/node/pull/35496)

Semver-Major Commits:

- **assert**: add `assert/strict` alias module (ExE Boss)
(https://github.com/nodejs/node/pull/34001)
- **build**: reset embedder string to "-node.0" (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **build**: remove --build-v8-with-gn configure option (Yang Guo)
(https://github.com/nodejs/node/pull/27576)
- **build**: drop support for VS2017 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33694)
- **crypto**: refactoring internals, add WebCrypto (James M Snell)
(https://github.com/nodejs/node/pull/35093)
- **crypto**: move node\_crypto files to src/crypto (James M Snell)
(https://github.com/nodejs/node/pull/35093)
- **deps**: V8: cherry-pick d76abfed3512 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: V8: cherry-pick 717543bbf0ef (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: V8: cherry-pick 6be2f6e26e8d (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: fix V8 build issue with inline methods (Jiawen Geng)
(https://github.com/nodejs/node/pull/35415)
- **deps**: fix platform-embedded-file-writer-win for ARM64 (Michaël
Zasso) (https://github.com/nodejs/node/pull/35415)
- **deps**: update V8 postmortem metadata script (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)
- **deps**: update V8 to 8.6.395 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: upgrade npm to 7.0.0 (Myles Borins)
(https://github.com/nodejs/node/pull/35631)
- **deps**: update npm to 7.0.0-rc.3 (Myles Borins)
(https://github.com/nodejs/node/pull/35474)
- **deps**: V8: cherry-pick 0d6debcc5f08 (Gus Caplan)
(https://github.com/nodejs/node/pull/33600)
- **dns**: add dns/promises alias (shisama)
(https://github.com/nodejs/node/pull/32953)
- **doc**: move DEP0018 to End-of-Life (Rich Trott)
(https://github.com/nodejs/node/pull/35316)
- **doc**: update support macos version for 15.x (Ash Cripps)
(https://github.com/nodejs/node/pull/35022)
- **fs**: deprecation warning on recursive rmdir (Ian Sutherland)
(https://github.com/nodejs/node/pull/35562)
- **fs**: reimplement read and write streams using stream.construct
(Robert Nagy) (https://github.com/nodejs/node/pull/29656)
- **http**: fixed socket.setEncoding fatal error (iskore)
(https://github.com/nodejs/node/pull/33405)
- **http**: emit 'error' on aborted server request (Robert Nagy)
(https://github.com/nodejs/node/pull/33172)
- **http**: cleanup end argument handling (Robert Nagy)
(https://github.com/nodejs/node/pull/31818)
- **http2**: allow Host in HTTP/2 requests (Alba Mendez)
(https://github.com/nodejs/node/pull/34664)
- **http2**: add `invalidheaders` test (Pranshu Srivastava)
(https://github.com/nodejs/node/pull/33161)
- **http2**: refactor state code validation for the http2Stream class
(rickyes) (https://github.com/nodejs/node/pull/33535)
- **http2**: header field valid checks (Pranshu Srivastava)
(https://github.com/nodejs/node/pull/33193)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **lib**: remove ERR\_INVALID\_OPT\_VALUE and
ERR\_INVALID\_OPT\_VALUE\_ENCODING (Denys Otrishko)
(https://github.com/nodejs/node/pull/34682)
- **lib**: handle one of args case in ERR\_MISSING\_ARGS (Denys
Otrishko) (https://github.com/nodejs/node/pull/34022)
- **lib**: remove NodeError from the prototype of errors with code
(Michaël Zasso) (https://github.com/nodejs/node/pull/33857)
- **lib**: unflag AbortController (James M Snell)
(https://github.com/nodejs/node/pull/33527)
- **lib**: initial experimental AbortController implementation (James M
Snell) (https://github.com/nodejs/node/pull/33527)
- **net**: check args in net.connect() and socket.connect() calls
(Denys Otrishko) (https://github.com/nodejs/node/pull/34022)
- **net**: remove long deprecated server.connections property (James M
Snell) (https://github.com/nodejs/node/pull/33647)
- **net**: autoDestroy Socket (Robert Nagy)
(https://github.com/nodejs/node/pull/31806)
- **process**: update v8 fast api calls usage (Maya Lekova)
(https://github.com/nodejs/node/pull/35415)
- **process**: change default --unhandled-rejections=throw (Dan
Fabulich) (https://github.com/nodejs/node/pull/33021)
- **process**: use v8 fast api calls for hrtime (Gus Caplan)
(https://github.com/nodejs/node/pull/33600)
- **process**: delay throwing an error using `throwDeprecation` (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/32312)
- **repl**: remove deprecated repl.memory function (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.turnOffEditorMode() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.parseREPLKeyword() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated bufferedCommand property (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated .rli (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **src**: implement NodePlatform::PostJob (Clemens Backes)
(https://github.com/nodejs/node/pull/35415)
- **src**: update NODE\_MODULE\_VERSION to 88 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **src**: error reporting on CPUUsage (Yash Ladha)
(https://github.com/nodejs/node/pull/34762)
- **src**: use node:moduleName as builtin module filename (Michaël
Zasso) (https://github.com/nodejs/node/pull/35498)
- **src**: enable wasm trap handler on windows (Gus Caplan)
(https://github.com/nodejs/node/pull/35033)
- **src**: update NODE\_MODULE\_VERSION to 86 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33579)
- **src**: disallow JS execution inside FreeEnvironment (Anna
Henningsen) (https://github.com/nodejs/node/pull/33874)
- **src**: remove \_third\_party\_main support (Anna Henningsen)
(https://github.com/nodejs/node/pull/33971)
- **src**: remove deprecated node debug command (James M Snell)
(https://github.com/nodejs/node/pull/33648)
- **src**: remove unused CancelPendingDelayedTasks (Anna Henningsen)
(https://github.com/nodejs/node/pull/32859)
- **stream**: try to wait for flush to complete before 'finish' (Robert
Nagy) (https://github.com/nodejs/node/pull/34314)
- **stream**: cleanup and fix Readable.wrap (Robert Nagy)
(https://github.com/nodejs/node/pull/34204)
- **stream**: add promises version to utility functions (rickyes)
(https://github.com/nodejs/node/pull/33991)
- **stream**: fix writable.end callback behavior (Robert Nagy)
(https://github.com/nodejs/node/pull/34101)
- **stream**: construct (Robert Nagy)
(https://github.com/nodejs/node/pull/29656)
- **stream**: write should throw on unknown encoding (Robert Nagy)
(https://github.com/nodejs/node/pull/33075)
- **stream**: fix \_final and 'prefinish' timing (Robert Nagy)
(https://github.com/nodejs/node/pull/32780)
- **stream**: simplify Transform stream implementation (Robert Nagy)
(https://github.com/nodejs/node/pull/32763)
- **stream**: use callback to properly propagate error (Robert Nagy)
(https://github.com/nodejs/node/pull/29179)
- **test**: update tests after increasing typed array size to 4GB
(Kim-Anh Tran) (https://github.com/nodejs/node/pull/35415)
- **test**: fix tests for npm 7.0.0 (Myles Borins)
(https://github.com/nodejs/node/pull/35631)
- **test**: fix test suite to work with npm 7 (Myles Borins)
(https://github.com/nodejs/node/pull/35474)
- **test**: update WPT harness and tests (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **timers**: introduce timers/promises (James M Snell)
(https://github.com/nodejs/node/pull/33950)
- **tools**: disable x86 safe exception handlers in V8 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **tools**: update V8 gypfiles for 8.6 (Ujjwal Sharma)
(https://github.com/nodejs/node/pull/35415)
- **tools**: update V8 gypfiles for 8.5 (Ujjwal Sharma)
(https://github.com/nodejs/node/pull/35415)
- **url**: file URL path normalization (Daijiro Wachi)
(https://github.com/nodejs/node/pull/35477)
- **url**: verify domain is not empty after "ToASCII" (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **url**: remove U+0000 case in the fragment state (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **url**: remove gopher from special schemes (Michaël Zasso)
(https://github.com/nodejs/node/pull/33325)
- **url**: forbid lt and gt in url host code point (Yash Ladha)
(https://github.com/nodejs/node/pull/33328)
- **util**: change default value of `maxStringLength` to 10000
(unknown) (https://github.com/nodejs/node/pull/32744)
- **wasi**: drop --experimental-wasm-bigint requirement (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)
- **win, child_process**: sanitize env variables (Bartosz Sosnowski)
(https://github.com/nodejs/node/pull/35210)
- **worker**: make MessageEvent class more Web-compatible (Anna
Henningsen) (https://github.com/nodejs/node/pull/35496)
- **worker**: set trackUnmanagedFds to true by default (Anna
Henningsen) (https://github.com/nodejs/node/pull/34394)
- **worker**: rename error code to be more accurate (Anna Henningsen)
(https://github.com/nodejs/node/pull/33872)

PR-URL: https://github.com/nodejs/node/pull/35014
2020-10-20 15:42:45 +01:00
Myles Borins
59d578e1fc
2020-10-15, Version 14.14.0 (Current)
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) https://github.com/nodejs/node/pull/35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) https://github.com/nodejs/node/pull/35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) https://github.com/nodejs/node/pull/35512

PR-URL: https://github.com/nodejs/node/pull/35648
2020-10-15 19:29:09 -04:00
Danielle Adams
d0438a629a
2020-10-07, Version 14.13.1 (Current)
Notable changes:

* fs:
  * remove experimental from rmdir recursive (Benjamin Coe) [#35171](https://github.com/nodejs/node/pull/35171)

PR-URL: https://github.com/nodejs/node/pull/35525
2020-10-07 17:22:52 -04:00
Shelley Vohr
1cef9c656f
2020-10-06, Version 12.19.0 'Erbium' (LTS)
Notable changes:

assert:
  * (SEMVER-MINOR) port common.mustCall() to assert (ConorDavenport) https://github.com/nodejs/node/pull/31982
async_hooks:
  * (SEMVER-MINOR) add AsyncResource.bind utility (James M Snell) https://github.com/nodejs/node/pull/34574
buffer:
  * (SEMVER-MINOR) also alias BigUInt methods (Anna Henningsen) https://github.com/nodejs/node/pull/34960
  * (SEMVER-MINOR) alias UInt ➡️ Uint in buffer methods (Anna Henningsen) https://github.com/nodejs/node/pull/34729
build:
  * (SEMVER-MINOR) add build flag for OSS-Fuzz integration (davkor) https://github.com/nodejs/node/pull/34761
cli:
  * (SEMVER-MINOR) add alias for report-directory to make it consistent (Ash Cripps) https://github.com/nodejs/node/pull/33587
crypto:
  * (SEMVER-MINOR) allow KeyObjects in postMessage (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) add randomInt function (Oli Lalonde) https://github.com/nodejs/node/pull/34600
deps:
  * upgrade to libuv 1.39.0 (Colin Ihrig) https://github.com/nodejs/node/pull/34915
  * upgrade npm to 6.14.7 (claudiahdz) https://github.com/nodejs/node/pull/34468
  * upgrade to libuv 1.38.1 (Colin Ihrig) https://github.com/nodejs/node/pull/34187
dgram:
  * (SEMVER-MINOR) add IPv6 scope id suffix to received udp6 dgrams (Pekka Nikander) https://github.com/nodejs/node/pull/14500
  * (SEMVER-MINOR) allow typed arrays in .send() (Sarat Addepalli) https://github.com/nodejs/node/pull/22413
doc:
  * (SEMVER-MINOR) Add maxTotalSockets option to agent constructor (rickyes) https://github.com/nodejs/node/pull/33617
  * (SEMVER-MINOR) add basic embedding example documentation (Anna Henningsen) https://github.com/nodejs/node/pull/30467
  * add Ricky Zhou to collaborators (rickyes) https://github.com/nodejs/node/pull/34676
  * add release key for Ruy Adorno (Ruy Adorno) https://github.com/nodejs/node/pull/34628
  * add DerekNonGeneric to collaborators (Derek Lewis) https://github.com/nodejs/node/pull/34602
  * add AshCripps to collaborators (Ash Cripps) https://github.com/nodejs/node/pull/34494
  * add HarshithaKP to collaborators (Harshitha K P) https://github.com/nodejs/node/pull/34417
  * add rexagod to collaborators (Pranshu Srivastava) https://github.com/nodejs/node/pull/34457
  * add release key for Richard Lau (Richard Lau) https://github.com/nodejs/node/pull/34397
  * add danielleadams to collaborators (Danielle Adams) https://github.com/nodejs/node/pull/34360
  * add sxa as collaborator (Stewart X Addison) https://github.com/nodejs/node/pull/34338
  * add ruyadorno to collaborators (Ruy Adorno) https://github.com/nodejs/node/pull/34297
  * (SEMVER-MAJOR) deprecate process.umask() with no arguments (Colin Ihrig) https://github.com/nodejs/node/pull/32499
embedding:
  * (SEMVER-MINOR) make Stop() stop Workers (Anna Henningsen) https://github.com/nodejs/node/pull/32531
  * (SEMVER-MINOR) provide hook for custom process.exit() behaviour (Anna Henningsen) https://github.com/nodejs/node/pull/32531
fs:
  * (SEMVER-MINOR) implement lutimes (Maël Nison) https://github.com/nodejs/node/pull/33399
http:
  * (SEMVER-MINOR) add maxTotalSockets to agent class (rickyes) https://github.com/nodejs/node/pull/33617
  * (SEMVER-MINOR) return this from IncomingMessage#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) expose host and protocol on ClientRequest (wenningplus) https://github.com/nodejs/node/pull/33803
http2:
  * (SEMVER-MINOR) return this for Http2ServerRequest#setTimeout (Pranshu Srivastava) https://github.com/nodejs/node/pull/33994
  * (SEMVER-MINOR) do not modify explicity set date headers (Pranshu Srivastava) https://github.com/nodejs/node/pull/33160
module:
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
  * (SEMVER-MINOR) package "imports" field (Guy Bedford) https://github.com/nodejs/node/pull/34117
  * (SEMVER-MINOR) deprecate module.parent (Antoine du HAMEL) https://github.com/nodejs/node/pull/32217
n-api:
  * (SEMVER-MINOR) create N-API version 7 (Gabriel Schulhof) https://github.com/nodejs/node/pull/35199
  * (SEMVER-MINOR) support type-tagging objects (Gabriel Schulhof) https://github.com/nodejs/node/pull/28237
n-api,src:
  * (SEMVER-MINOR) provide asynchronous cleanup hooks (Anna Henningsen) https://github.com/nodejs/node/pull/34572
perf_hooks:
  * (SEMVER-MINOR) add idleTime and event loop util (Trevor Norris) https://github.com/nodejs/node/pull/34938
timers:
  * (SEMVER-MINOR) allow timers to be used as primitives (Denys Otrishko) https://github.com/nodejs/node/pull/34017
tls:
  * (SEMVER-MINOR) make 'createSecureContext' honor more options (Mateusz Krawczuk) https://github.com/nodejs/node/pull/33974
worker:
  * (SEMVER-MINOR) add public method for marking objects as untransferable (Anna Henningsen) https://github.com/nodejs/node/pull/33979
  * (SEMVER-MINOR) emit `'messagerror'` events for failed deserialization (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow passing JS wrapper objects via postMessage (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow transferring/cloning generic BaseObjects (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) https://github.com/nodejs/node/pull/34303
  * (SEMVER-MINOR) add stack size resource limit option (Anna Henningsen) https://github.com/nodejs/node/pull/33085
worker,fs:
  * (SEMVER-MINOR) make FileHandle transferable (Anna Henningsen) https://github.com/nodejs/node/pull/33772
zlib:
  * (SEMVER-MINOR) add `maxOutputLength` option (unknown) https://github.com/nodejs/node/pull/33516
  * switch to lazy init for zlib streams (Andrey Pechkurov) https://github.com/nodejs/node/pull/34048

PR-URL: https://github.com/nodejs/node/pull/35401
2020-10-06 13:34:04 -07:00
Myles Borins
cd884cc684
2020-09-29, Version 14.13.0 (Current)
Notable changes:

deps:
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333
module:
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
src:
  * (SEMVER-MINOR) allow N-API addon in `AddLinkedBinding()` (Anna Henningsen) https://github.com/nodejs/node/pull/35301

PR-URL: https://github.com/nodejs/node/pull/35419
2020-09-29 15:45:07 -04:00
Ruy Adorno
25d8456563
2020-09-22, Version 14.12.0 (Current)
Notable changes:

- deps:
  - update to uvwasi 0.0.11 (Colin Ihrig)
  [#35104](https://github.com/nodejs/node/pull/35104)
- n-api:
  - create N-API version 7 (Gabriel Schulhof)
  [#35199](https://github.com/nodejs/node/pull/35199)
  - add more property defaults (Gerhard Stoebich)
  [#35214](https://github.com/nodejs/node/pull/35214)

PR-URL: https://github.com/nodejs/node/pull/35285
2020-09-22 14:04:14 -04:00
Richard Lau
8e17383653
2020-09-15, Version 14.11.0 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due
  to unfinished HTTP/1.1 requests (Critical).
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
  (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/225
2020-09-15 16:49:55 -04:00
Michaël Zasso
9ab5c6b96c
2020-09-15, Version 12.18.4 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
- CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).

PR-URL: https://github.com/nodejs-private/node-private/pull/223
2020-09-15 21:43:35 +01:00
Beth Griggs
3bdac31c4b
2020-09-15, Version 10.22.1 'Dubnium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8252: fs.realpath.native on may cause buffer overflow
  (Medium).

PR-URL: https://github.com/nodejs-private/node-private/pull/222
2020-09-15 21:30:09 +01:00
Richard Lau
b7f3e83086
2020-09-10, Version 14.10.1 (Current)
Notable changes:

Node.js 14.10.0 included a streams regression with async generators
and a docs rendering regression that are being fixed in this release.

PR-URL: https://github.com/nodejs/node/pull/35137
2020-09-10 10:51:03 -04:00
Richard Lau
b5a47ca2d1
2020-09-08, Version 14.10.0 (Current)
Notable changes:

- buffer: also alias BigUInt methods (Anna Henningsen)
  https://github.com/nodejs/node/pull/34960
- crypto: add randomInt function (Oli Lalonde)
  https://github.com/nodejs/node/pull/34600
- perf_hooks: add idleTime and event loop util (Trevor Norris)
  https://github.com/nodejs/node/pull/34938
- stream: simpler and faster Readable async iterator (Robert Nagy)
  https://github.com/nodejs/node/pull/34035
- stream: save error in state (Robert Nagy)
  https://github.com/nodejs/node/pull/34103

PR-URL: https://github.com/nodejs/node/pull/35023

Conflicts:
	src/node_version.h
2020-09-08 11:35:08 -04:00
Danielle Adams
3089f96ed0
2020-08-27, Version 14.9.0 (Current)
Notable changes:

- build: set --v8-enable-object-print by default (Mary Marchini)
  [#34705](https://github.com/nodejs/node/pull/34705)
- deps:
  - upgrade to libuv 1.39.0 (cjihrig)
    [#34915](https://github.com/nodejs/node/pull/34915)
  - upgrade npm to 6.14.8 (Ruy Adorno)
    [#34834](https://github.com/nodejs/node/pull/34834)
  - V8: cherry-pick e06ace6b5cdb (Anna Henningsen)
    [#34673](https://github.com/nodejs/node/pull/34673)
- n-api: handle weak no-finalizer refs correctly (Gabriel Schulhof)
  [#34839](https://github.com/nodejs/node/pull/34839)
- tools: add debug entitlements for macOS 10.15+ (Gabriele Greco)
  [#34378](https://github.com/nodejs/node/pull/34378)

PR-URL: https://github.com/nodejs/node/pull/34852
2020-08-27 15:44:13 +01:00
Juan José Arboleda
79402c0eaa doc: fix CHANGELOG.md parsing issue
PR-URL: https://github.com/nodejs/node/pull/34923
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2020-08-27 07:26:25 -07:00
Shelley Vohr
6e1f6ec573
2020-08-11, Version 14.8.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) add AsyncResource.bind utility (James M Snell) https://github.com/nodejs/node/pull/34574
doc:
  * add Ricky Zhou to collaborators (rickyes) https://github.com/nodejs/node/pull/34676
  * add release key for Ruy Adorno (Ruy Adorno) https://github.com/nodejs/node/pull/34628
  * add DerekNonGeneric to collaborators (Derek Lewis) https://github.com/nodejs/node/pull/34602
module:
  * (SEMVER-MINOR) unflag Top-Level Await (Myles Borins) https://github.com/nodejs/node/pull/34558
n-api:
  * (SEMVER-MINOR) support type-tagging objects (Gabriel Schulhof) https://github.com/nodejs/node/pull/28237
n-api,src:
  * (SEMVER-MINOR) provide asynchronous cleanup hooks (Anna Henningsen) https://github.com/nodejs/node/pull/34572

PR-URL: https://github.com/nodejs/node/pull/34704
2020-08-11 09:40:48 -07:00
Ruy Adorno
168b22ba07
2020-07-29, Version 14.7.0 (Current)
Notable changes:

deps:
  * upgrade npm to 6.14.7 (claudiahdz) https://github.com/nodejs/node/pull/34468
dgram:
  * (SEMVER-MINOR) add IPv6 scope id suffix to received udp6 dgrams (Pekka Nikander) https://github.com/nodejs/node/pull/14500
doc:
  * add AshCripps to collaborators (AshCripps) https://github.com/nodejs/node/pull/34494
  * add HarshithaKP to collaborators (Harshitha K P) https://github.com/nodejs/node/pull/34417
  * add rexagod to collaborators (Pranshu Srivastava) https://github.com/nodejs/node/pull/34457
  * add release key for Richard Lau (Richard Lau) https://github.com/nodejs/node/pull/34397
events:
  * (SEMVER-MINOR) expand NodeEventTarget functionality (Anna Henningsen) https://github.com/nodejs/node/pull/34057
src:
  * (SEMVER-MINOR) allow preventing SetPromiseRejectCallback (Shelley Vohr) https://github.com/nodejs/node/pull/34387
  * (SEMVER-MINOR) allow setting a dir for all diagnostic output (AshCripps) https://github.com/nodejs/node/pull/33584
worker:
  * (SEMVER-MINOR) make MessagePort inherit from EventTarget (Anna Henningsen) https://github.com/nodejs/node/pull/34057
zlib:
  * switch to lazy init for zlib streams (Andrey Pechkurov) https://github.com/nodejs/node/pull/34048

PR-URL: https://github.com/nodejs/node/pull/34542
2020-07-29 14:38:50 -04:00
Shelley Vohr
90ee98a7d1
2020-07-22, Version 12.18.3 'Erbium' (LTS)
Notable changes:

deps:
  * upgrade npm to 6.14.6 (claudiahdz) [#34246](https://github.com/nodejs/node/pull/34246)
  * update node-inspect to v2.0.0 (Jan Krems) [#33447](https://github.com/nodejs/node/pull/33447)
  * uvwasi: cherry-pick 9e75217 (Colin Ihrig) [#33521](https://github.com/nodejs/node/pull/33521)

PR-URL: https://github.com/nodejs/node/pull/34343
2020-07-22 09:54:26 -07:00
Myles Borins
a981c65b90
2020-07-21, Version 14.6.0 (Current)
Notable changes:

deps:
  * upgrade npm to 6.14.6 (claudiahdz) https://github.com/nodejs/node/pull/34246
  * upgrade to libuv 1.38.1 (Colin Ihrig) https://github.com/nodejs/node/pull/34187
  * (SEMVER-MINOR) update V8 to 8.4.371.19 (Michaël Zasso) [#33579](https://github.com/nodejs/node/pull/33579)
module:
  * (SEMVER-MINOR) deprecate module.parent (Antoine du HAMEL) https://github.com/nodejs/node/pull/32217
  * (SEMVER-MINOR) package "imports" field (Guy Bedford) https://github.com/nodejs/node/pull/34117
src:
  * (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) https://github.com/nodejs/node/pull/34303
  * (SEMVER-MINOR) allow embedders to disable esm loader (Shelley Vohr) https://github.com/nodejs/node/pull/34060
tls:
  * (SEMVER-MINOR) make 'createSecureContext' honor more options (Mateusz Krawczuk) https://github.com/nodejs/node/pull/33974
vm:
  * (SEMVER-MINOR) add run-after-evaluate microtask mode (Anna Henningsen) https://github.com/nodejs/node/pull/34023
worker:
  * (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) https://github.com/nodejs/node/pull/34303
New Collaborators:
  * add danielleadams to collaborators (Danielle Adams) https://github.com/nodejs/node/pull/34360
  * add sxa as collaborator (Stewart X Addison) https://github.com/nodejs/node/pull/34338
  * add ruyadorno to collaborators (Ruy Adorno) https://github.com/nodejs/node/pull/34297

PR-URL: https://github.com/nodejs/node/pull/34371
2020-07-21 17:45:12 -04:00
Richard Lau
95770df2fb
2020-07-21, Version 10.22.0 'Dubnium' (LTS)
Notable changes:

- deps:
  - upgrade npm to 6.14.6 (claudiahdz)
    https://github.com/nodejs/node/pull/34246
  - upgrade openssl sources to 1.1.1g (Hassaan Pasha)
    https://github.com/nodejs/node/pull/32982
- n-api:
  - add `napi_detach_arraybuffer` (legendecas)
    https://github.com/nodejs/node/pull/29768

PR-URL: https://github.com/nodejs/node/pull/34170
2020-07-21 16:52:47 +01:00
Antoine du Hamel
01bd8102ef
doc: mark Node.js 13 as End-of-Life
Remove the "Current" label for Node.js 13 in the CHANGELOG.

PR-URL: https://github.com/nodejs/node/pull/34436
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
2020-07-20 18:29:09 +02:00
Shelley Vohr
eb8fc2bf0f
2020-06-30, Version 14.5.0 (Current)
Notable changes:

build:
  * (SEMVER-MINOR) reset embedder string to "-node.0" (Michaël Zasso) https://github.com/nodejs/node/pull/33376
cli:
  * (SEMVER-MINOR) add alias for report-directory to make it consistent (AshCripps) https://github.com/nodejs/node/pull/33587
crypto:
  * (SEMVER-MINOR) allow KeyObjects in postMessage (Tobias Nießen) https://github.com/nodejs/node/pull/33360
deps:
  * (SEMVER-MINOR) V8: cherry-pick 0d6debcc5f08 (Michaël Zasso) https://github.com/nodejs/node/pull/33376
  * (SEMVER-MINOR) update V8 to 8.3.110.9 (Michaël Zasso) https://github.com/nodejs/node/pull/33376
dgram:
  * (SEMVER-MINOR) allow typed arrays in .send() (Sarat Addepalli) https://github.com/nodejs/node/pull/22413
events:
  * (SEMVER-MINOR) initial implementation of experimental EventTarget (James M Snell) https://github.com/nodejs/node/pull/33556
fs:
  * (SEMVER-MINOR) implement lutimes (Maël Nison) https://github.com/nodejs/node/pull/33399
http:
  * (SEMVER-MINOR) expose host and protocol on ClientRequest (wenningplus) https://github.com/nodejs/node/pull/33803
  * (SEMVER-MINOR) add maxTotalSockets to agent class (rickyes) https://github.com/nodejs/node/pull/33617
  * (SEMVER-MINOR) return this from OutgoingMessage#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) return this from ClientRequest#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) return this from IncomingMessage#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) https://github.com/nodejs/node/pull/33278
http2:
  * (SEMVER-MINOR) return this for Http2ServerRequest#setTimeout (Pranshu Srivastava) https://github.com/nodejs/node/pull/33994
  * (SEMVER-MINOR) do not modify explicity set date headers (Pranshu Srivastava) https://github.com/nodejs/node/pull/33160
process:
  * (SEMVER-MINOR) add unhandled-rejection throw and warn-with-error-code (Dan Fabulich) https://github.com/nodejs/node/pull/33475
src:
  * (SEMVER-MINOR) store key data in separate class (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) add NativeKeyObject base class (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) rename internal key handles to KeyObjectHandle (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) add equality operators for BaseObjectPtr (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) introduce BaseObject base FunctionTemplate (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) add public APIs to manage v8::TracingController (Anna Henningsen) https://github.com/nodejs/node/pull/33850
stream*:
  * runtime deprecate Transform._transformState (Robert Nagy) https://github.com/nodejs/node/pull/32763
win:
  * (SEMVER-MINOR) allow skipping the supported platform check (João Reis) https://github.com/nodejs/node/pull/33176
worker:
  * (SEMVER-MINOR) add public method for marking objects as untransferable (Anna Henningsen) https://github.com/nodejs/node/pull/33979
  * (SEMVER-MINOR) emit `'messagerror'` events for failed deserialization (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow passing JS wrapper objects via postMessage (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow transferring/cloning generic BaseObjects (Anna Henningsen) https://github.com/nodejs/node/pull/33772
worker,fs:
  * (SEMVER-MINOR) make FileHandle transferable (Anna Henningsen) https://github.com/nodejs/node/pull/33772
zlib:
  * (SEMVER-MINOR) add `maxOutputLength` option (unknown) https://github.com/nodejs/node/pull/33516

PR-URL: https://github.com/nodejs/node/pull/34093
2020-06-30 15:27:43 -07:00
Beth Griggs
cb673e1b61
2020-06-30, Version 12.18.2 'Erbium' (LTS)
Notable changes:

- deps: V8: backport fb26d0bb1835 (Matheus Marchini)
  [#33573](https://github.com/nodejs/node/pull/33573)
- src: use symbol to store `AsyncWrap` resource (Anna Henningsen)
  [#31745](https://github.com/nodejs/node/pull/31745)

PR-URL: https://github.com/nodejs/node/pull/34077
2020-06-30 14:31:59 +01:00
Shelley Vohr
e9145dbaef
2020-06-17, Version 12.18.1 'Erbium' (LTS)
Notable changes:

deps:
  * V8: cherry-pick 548f6c81d424 (Dominykas Blyžė) [#33484](https://github.com/nodejs/node/pull/33484)
  * update to uvwasi 0.0.9 (Colin Ihrig) [#33445](https://github.com/nodejs/node/pull/33445)
  * upgrade to libuv 1.38.0 (Colin Ihrig) [#33446](https://github.com/nodejs/node/pull/33446)
  * upgrade npm to 6.14.5 (Ruy Adorno) [#33239](https://github.com/nodejs/node/pull/33239)

PR-URL: https://github.com/nodejs/node/pull/33811
2020-06-17 09:26:19 -07:00
Beth Griggs
f46ca0fd29
2020-06-02, Version 10.21.0 'Dubnium' (LTS)
This is a security release.

Vulnerabilities fixed:

- CVE-2020-8174: napi_get_value_string_*() allows various kinds of
                 memory corruption (High).
- CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).

PR-URL: https://github.com/nodejs-private/node-private/pull/211
2020-06-02 20:35:52 +02:00
Michaël Zasso
12bcee8628
2020-06-02, Version 12.18.0 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: `napi_get_value_string_*()` allows various kinds of memory corruption (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/213
2020-06-02 20:35:52 +02:00
Michaël Zasso
64e33dc952
2020-06-02, Version 14.4.0 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: `napi_get_value_string_*()` allows various kinds of memory corruption (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/212
2020-06-02 20:35:52 +02:00
Michaël Zasso
dcc112b7f7
2020-05-26, Version 12.17.0 'Erbium' (LTS)
Notable changes:

* ECMAScript Modules - `--experimental-modules` flag removal
* AsyncLocalStorage API (experimental)
* REPL previews
* REPL reverse-i-search
* REPL substring-based search
* Error monitoring
  * Monitoring `error` events
  * Monitoring uncaught exceptions
* File system APIs
  * New function: `fs.readv`
  * Optional parameters in `fs.read`
* Console `groupIndentation` option
* `maxStringLength` option for `util.inspect()`
* Stable N-API release 6
* Stable diagnostic reports
* Increase of the default server headers timeout
* New `--trace-sigint` CLI flag
* Various crypto APIs now support Diffie-Hellman secrets
* Added support for the `dns.ALL` flag in `dns.lookup()`
* Added a new experimental API to interact with Source Map V3 data
* Added support for passing a `transferList` along with `workerData` to
  the `Worker` constructor

PR-URL: https://github.com/nodejs/node/pull/33197
2020-05-26 15:55:39 +02:00
Shelley Vohr
c841f516d5
2020-05-19, Version 14.3.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) move PromiseHook handler to JS (Stephen Belanger) https://github.com/nodejs/node/pull/32891
cli:
  * (SEMVER-MINOR) add `--trace-atomics-wait` flag (Anna Henningsen) https://github.com/nodejs/node/pull/33292
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134
http:
  * (SEMVER-MINOR) expose http.validate-header-name/value (osher) https://github.com/nodejs/node/pull/33119
repl:
  * (SEMVER-MINOR) deprecate repl._builtinLibs (Ruben Bridgewater) https://github.com/nodejs/node/pull/33294
  * (SEMVER-MINOR) deprecate repl.inputStream and repl.outputStream (Ruben Bridgewater) https://github.com/nodejs/node/pull/33294
  * (SEMVER-MINOR) show reference errors during preview (Ruben Bridgewater) https://github.com/nodejs/node/pull/33282
  * (SEMVER-MINOR) improve repl preview (Ruben Bridgewater) https://github.com/nodejs/node/pull/33282
src:
  * add support for TLA (Gus Caplan) https://github.com/nodejs/node/pull/30370

PR-URL: https://github.com/nodejs/node/pull/33452
2020-05-19 14:28:43 -07:00
Michaël Zasso
f446b2058d
2020-05-05, Version 14.2.0 (Current)
Notable changes:

* Track function calls with `assert.CallTracker` (experimental).
  https://github.com/nodejs/node/pull/31982
* Added a `groupIndentation` option to the `Console` constructor.
  https://github.com/nodejs/node/pull/32964

PR-URL: https://github.com/nodejs/node/pull/33232
2020-05-05 20:24:37 +02:00
Ruben Bridgewater
d7b02c3cad
2020-04-29, Version 13.14.0 (Current)
Notable Changes:

* async_hooks**:
  * Merge `run` and `exit` methods (Andrey Pechkurov)
    https://github.com/nodejs/node/pull/31950
  * Prevent sync methods of async storage exiting outer context
    (Stephen Belanger)
    https://github.com/nodejs/node/pull/31950
* vm:
  * Add `importModuleDynamically` option to compileFunction (Gus
    Caplan)
    https://github.com/nodejs/node/pull/32985

New core collaborators:

With this release, we welcome two new Node.js core collaborators:

* Juan José Arboleda @juanarbol
  https://github.com/nodejs/node/pull/32906
* Andrey Pechkurov @puzpuzpuz
  https://github.com/nodejs/node/pull/32817

PR-URL: https://github.com/nodejs/node/pull/33122
2020-04-30 00:24:31 +02:00
Beth Griggs
49db211846
2020-04-29, Version 14.1.0 (Current)
Notable changes:

- deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha)
  [#32971](https://github.com/nodejs/node/pull/32971)
- doc: add juanarbol as collaborator (Juan José Arboleda)
  [#32906](https://github.com/nodejs/node/pull/32906)
- http: doc deprecate abort and improve docs (Robert Nagy)
  [#32807](https://github.com/nodejs/node/pull/32807)
- module: do not warn when accessing `__esModule` of unfinished exports
  (Anna Henningsen) [#33048](https://github.com/nodejs/node/pull/33048)
- n-api: detect deadlocks in thread-safe function (Gabriel Schulhof)
  [#32860](https://github.com/nodejs/node/pull/32860)
- src: deprecate embedder APIs with replacements (Anna Henningsen)
  [#32858](https://github.com/nodejs/node/pull/32858)
- stream:
  - don't emit end after close (Robert Nagy)
    [#33076](https://github.com/nodejs/node/pull/33076)
  - don't wait for close on legacy streams (Robert Nagy)
    [#33058](https://github.com/nodejs/node/pull/33058)
  - pipeline should only destroy un-finished streams (Robert Nagy)
    [#32968](https://github.com/nodejs/node/pull/32968)
- vm: add importModuleDynamically option to compileFunction (Gus Caplan)
  [#32985](https://github.com/nodejs/node/pull/32985)

PR-URL: https://github.com/nodejs/node/pull/33103
2020-04-29 19:33:51 +01:00
Michaël Zasso
165011ea98
2020-04-28, Version 12.16.3 'Erbium' (LTS)
Notable changes:

Dependencies:
  * Updated OpenSSL to 1.1.1g.
    https://github.com/nodejs/node/pull/32971
  * Updated c-ares to 1.16.0.
    https://github.com/nodejs/node/pull/32246
  * Updated experimental uvwasi to 0.0.6.
    https://github.com/nodejs/node/pull/32309
ESM (experimental):
  * Additional warnings are no longer printed for modules that use
    conditional exports or package name self resolution.
    https://github.com/nodejs/node/pull/31845

PR-URL: https://github.com/nodejs/node/pull/33009
2020-04-28 15:24:52 +02:00
Beth Griggs
372c7cc3c2
2020-04-21, Version 14.0.0 (Current)
Deprecations:

- (SEMVER-MAJOR) crypto: move pbkdf2 without digest to EOL
  (James M Snell) [#31166](https://github.com/nodejs/node/pull/31166)
- (SEMVER-MAJOR) fs: deprecate closing FileHandle on garbage collection
  (James M Snell) [#28396](https://github.com/nodejs/node/pull/28396)
- (SEMVER-MAJOR) http: move OutboundMessage.prototype.flush to EOL
  (James M Snell) [#31164](https://github.com/nodejs/node/pull/31164)
- (SEMVER-MAJOR) lib: move GLOBAL and root aliases to EOL
  (James M Snell) [#31167](https://github.com/nodejs/node/pull/31167)
- (SEMVER-MAJOR) os: move tmpDir() to EOL
  (James M Snell)[#31169](https://github.com/nodejs/node/pull/31169)
- (SEMVER-MAJOR) src: remove deprecated wasm type check
  (Clemens Backes) [#32116](https://github.com/nodejs/node/pull/32116)
- (SEMVER-MAJOR) stream: move \_writableState.buffer to EOL
  (James M Snell) [#31165](https://github.com/nodejs/node/pull/31165)
- (SEMVER-MINOR) doc: deprecate process.mainModule
  (Antoine du HAMEL) [#32232](https://github.com/nodejs/node/pull/32232)
- (SEMVER-MINOR) doc: deprecate process.umask() with no arguments
  (Colin Ihrig) [#32499](https://github.com/nodejs/node/pull/32499)

ECMAScript Modules - Experimental Warning Removal:

- module: remove experimental modules warning
  (Guy Bedford) [#31974](https://github.com/nodejs/node/pull/31974)

In Node.js 13 we removed the need to include the --experimental-modules
flag, but when running EcmaScript Modules in Node.js, this would still
result in a warning ExperimentalWarning: The ESM module loader is
experimental.

As of Node.js 14 there is no longer this warning when using ESM in
Node.js. However, the ESM implementation in Node.js remains
experimental. As per our stability index: “The feature is not subject
to Semantic Versioning rules. Non-backward compatible changes or
removal may occur in any future release.” Users should be cautious when
using the feature in production environments.

Please keep in mind that the implementation of ESM in Node.js differs
from the developer experience you might be familiar with. Most
transpilation workflows support features such as optional file
extensions or JSON modules that the Node.js ESM implementation does not
support. It is highly likely that modules from transpiled environments
will require a certain degree of refactoring to work in Node.js. It is
worth mentioning that many of our design decisions were made with two
primary goals. Spec compliance and Web Compatibility. It is our belief
that the current implementation offers a future proof model to
authoring ESM modules that paves the path to Universal JavaScript.
Please read more in our documentation.

The ESM implementation in Node.js is still experimental but we do believe
that we are getting very close to being able to call ESM in Node.js
“stable”. Removing the warning is a huge step in that direction.

New V8 ArrayBuffer API:

* **src**: migrate to new V8 ArrayBuffer API
  (Thang Tran) [#30782](https://github.com/nodejs/node/pull/30782)

Multiple ArrayBuffers pointing to the same base address are no longer
allowed by V8. This may impact native addons.

Toolchain and Compiler Upgrades:

- (SEMVER-MAJOR) build: update macos deployment target to 10.13 for 14.x
  (AshCripps)[#32454](https://github.com/nodejs/node/pull/32454)
- (SEMVER-MAJOR) doc: update cross compiler machine for Linux armv7
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) doc: update Centos/RHEL releases use devtoolset-8
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) doc: remove SmartOS from official binaries
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) win: block running on EOL Windows versions
  (João Reis) [#31954](https://github.com/nodejs/node/pull/31954)

It is expected that there will be an ABI mismatch on ARM between the
Node.js binary and native addons. Native addons are only broken if they
interact with `std::shared_ptr`. This is expected to be fixed in a
later version of Node.js 14.
- [#30786](https://github.com/nodejs/node/issues/30786)

Update to V8 8.1:

- (SEMVER-MAJOR) deps: update V8 to 8.1.307.20
  (Matheus Marchini) [#32116](https://github.com/nodejs/node/pull/32116)

Other Notable Changes:

- cli, report: move --report-on-fatalerror to stable
  (Colin Ihrig) [#32496](https://github.com/nodejs/node/pull/32496)
- deps: upgrade to libuv 1.37.0
  (Colin Ihrig) [#32866](https://github.com/nodejs/node/pull/32866)
- fs: add fs/promises alias module
  (Gus Caplan) [#31553](https://github.com/nodejs/node/pull/31553)

PR-URL: https://github.com/nodejs/node/pull/32181
2020-04-21 15:50:14 +01:00
Michaël Zasso
cf4c332b7a
2020-04-14, Version 13.13.0 (Current)
Notable changes:

New file system APIs:
* Added a new function, `fs.readv` (with sync and promisified versions).
  This function takes an array of `ArrayBufferView` elements and will
  write the data it reads sequentially to the buffers
  (Sk Sajidul Kadir). https://github.com/nodejs/node/pull/32356
* A new overload is available for `fs.readSync`, which allows to
  optionally pass any of the `offset`, `length` and `position`
  parameters. https://github.com/nodejs/node/pull/32460

Other changes:
* dns:
  * Added the `dns.ALL` flag, that can be passed to `dns.lookup()` with
    `dns.V4MAPPED` to return resolved IPv6 addresses as well as IPv4
    mapped IPv6 addresses (murgatroid99).
    https://github.com/nodejs/node/pull/32183
* http:
  * The default maximum HTTP header size was changed from 8KB to 16KB
    (rosaxny). https://github.com/nodejs/node/pull/32520
* n-api:
  * Calls to `napi_call_threadsafe_function` from the main thread can
    now return the `napi_would_deadlock` status in certain
    circumstances (Gabriel Schulhof).
    https://github.com/nodejs/node/pull/32689
* util:
  * Added a new `maxStrLength` option to `util.inspect`, to control the
    maximum length of printed strings. Its default value is `Infinity`
    (rosaxny). https://github.com/nodejs/node/pull/32392
* worker:
  * Added support for passing a `transferList` along with `workerData`
    to the `Worker` constructor (Juan José Arboleda).
    https://github.com/nodejs/node/pull/32278

New core collaborators:
With this release, we welcome three new Node.js core collaborators:
* himself65. https://github.com/nodejs/node/pull/32734
* flarna (Gerhard Stoebich). https://github.com/nodejs/node/pull/32620
* mildsunrise (Alba Mendez). https://github.com/nodejs/node/pull/32525

PR-URL: https://github.com/nodejs/node/pull/32813
2020-04-14 20:22:41 +02:00
Beth Griggs
8d93df41b0
2020-04-12 Node.js v10.20.1 'Dubnium' (LTS) Release
Notable changes:

Due to release process failures, Node.js v10.20.0 shipped with source
and header tarballs that did not properly match the final release
commit that was used to build the binaries. We recommend that Node.js
v10.20.0 not be used, particularly in any applications using native
add-ons or where compiling Node.js from source is involved.

Node.js v10.20.1 is a clean release with the correct sources and is
strongly recommended in place of v10.20.0.

PR-URL: https://github.com/nodejs/node/pull/32768
2020-04-12 13:55:01 +01:00
Shelley Vohr
6ec0285478
2020-04-08 Version 12.16.2 'Erbium' (LTS)
Notable changes:

doc:
  * add ronag to collaborators (Robert Nagy) [#31498](https://github.com/nodejs/node/pull/31498)
  * add GeoffreyBooth to collaborators (Geoffrey Booth) [#31306](https://github.com/nodejs/node/pull/31306)
deps:
  * upgrade npm to 6.13.6 (Ruy Adorno) [#31304](https://github.com/nodejs/node/pull/31304)
  * update openssl to 1.1.1e (Hassaan Pasha) [#32328](https://github.com/nodejs/node/pull/32328)
2020-04-08 11:10:14 -07:00
Beth Griggs
9b46e3f7cc
2020-04-08, Version 10.20.0 'Dubnium' (LTS)
macOS package notarization and a change in builder configuration

The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.

Notable changes:

- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
  [#19691](https://github.com/nodejs/node/pull/19691)
- build: macOS package notarization (Rod Vagg)
  [#31459](https://github.com/nodejs/node/pull/31459)
- deps:
  - update npm to 6.14.3 (Myles Borins)
    [#32368](https://github.com/nodejs/node/pull/32368)
  - upgrade openssl sources to 1.1.1e (Hassaan Pasha)
    [#32328](https://github.com/nodejs/node/pull/32328)
  - upgrade to libuv 1.34.2 (cjihrig)
    [#31477](https://github.com/nodejs/node/pull/31477)
- n-api:
  - add napi\_get\_all\_property\_names (himself65)
    [#30006](https://github.com/nodejs/node/pull/30006)
  - add APIs for per-instance state management (Gabriel Schulhof)
    [#28682](https://github.com/nodejs/node/pull/28682)
  - define release 6
    [#32058](https://github.com/nodejs/node/pull/32058)
  - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
    [#26128](https://github.com/nodejs/node/pull/26128)
- tls:
  - expose keylog event on TLSSocket (Alba Mendez)
    [#27654](https://github.com/nodejs/node/pull/27654)
  - support TLS min/max protocol defaults in CLI (Sam Roberts)
    [#27946](https://github.com/nodejs/node/pull/27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
  [#26226](https://github.com/nodejs/node/pull/26226)

PR-URL: https://github.com/nodejs/node/pull/31984
2020-04-08 16:50:11 +01:00
Myles Borins
113c04c524
2020-03-26 Version 13.12.0 (Current)
macOS package notarization and a change in builder configuration:

The macOS binaries for this release, and future 13.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing on .pkg files on
macOS 10.15 and later. Previous builds of Node.js 13.x were compiled on
macOS 10.11 (El Capitan) with Xcode 10. As binaries are still being
compiled to support a minimum of macOS 10.10 (Yosemite) we do not
anticipate this having a negative impact on Node.js 13.x users with
older versions of macOS.

Notable changes:

* build:
  * macOS package notarization (Rod Vagg)
    https://github.com/nodejs/node/pull/31459
* deps:
  * upgrade npm to 6.14.4 (Ruy Adorno)
    https://github.com/nodejs/node/pull/32495
  * update to uvwasi 0.0.6 (Colin Ihrig)
    https://github.com/nodejs/node/pull/32309
  * upgrade to libuv 1.35.0 (Colin Ihrig)
    https://github.com/nodejs/node/pull/32204
* lib:
  * add --disable-proto option to cli (Gus Caplan)
    https://github.com/nodejs/node/pull/32279
* node_report:
  * move diagnostic reports to stable (Colin Ihrig)
    https://github.com/nodejs/node/pull/32242
* worker:
  * allow URL in Worker constructor (Antoine du HAMEL)
    https://github.com/nodejs/node/pull/31664
* util:
  * use a global symbol for `util.promisify.custom` (ExE Boss)
    https://github.com/nodejs/node/pull/31672

PR-URL: https://github.com/nodejs/node/pull/32376
2020-03-26 18:49:28 -04:00
Myles Borins
5bfbd75e47
2020-03-11 Version 13.11.0 (Current)
Notable changes:

* async_hooks:
  - add sync enterWith to ALS (Stephen Belanger)
    https://github.com/nodejs/node/pull/31945
* cli:
  - allow --jitless V8 flag in NODE\_OPTIONS (Andrew Neitsch)
    https://github.com/nodejs/node/pull/32100
* fs:
  - return first folder made by mkdir recursive (Benjamin Coe)
    https://github.com/nodejs/node/pull/31530
* n-api:
  - define release 6 (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/32058
* src:
  - create a getter for kernel version (Juan José Arboleda)
    https://github.com/nodejs/node/pull/31732
* wasi:
  - add returnOnExit option (Colin Ihrig)
    https://github.com/nodejs/node/pull/32101

PR-URL: https://github.com/nodejs/node/pull/32185
2020-03-11 23:54:53 -04:00
Rich Trott
b6cd2155c3 doc: remove em dashes
Our documentation uses em dashes inconsistently. They are treated
inconsistently typographically too. (For example, they are sometimes
surrounded by spaces and sometimes not.) They are also often confused
with ordinary hyphens such as in the CHANGELOG, where they are
inadvertently mixed together in a single list. The difference is
not obvious in the raw markdown but is very noticeable when rendered,
appearing to be a typographical error (which it in fact is).

The em dash is never needed. There are always alternatives. Remove em
dashes entirely.

PR-URL: https://github.com/nodejs/node/pull/32080
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2020-03-05 22:25:42 -08:00
Myles Borins
67d45fb298
2020-03-04 Version 13.10.1 (Current)
Notable changes:

In Node.js 13.9.0 deps/zlib was switched to the chromium maintained
implementation. This change had the unforseen consequence of breaking
building from the tarballs we release as we were too aggressively
removing `unneccessary files` from the `deps/zlib` folder. This release
includes a patch that ensures that individuals will once again be able
to build Node.js from source.

PR-URL: https://github.com/nodejs/node/pull/32099
2020-03-04 20:37:29 -05:00
Shelley Vohr
75466869fb
2020-03-04 Version 13.10.0 (Current)
Notable changes:

* async_hooks
  * introduce async-context API (vdeturckheim) #26540
* stream
  * support passing generator functions into pipeline() (Robert Nagy) #31223
* tls
  * expose SSL\_export\_keying\_material (simon) #31814
* vm
  * implement vm.measureMemory() for per-context memory measurement (Joyee Cheung) #31824

PR-URL: https://github.com/nodejs/node/pull/32027
2020-03-04 09:53:11 -08:00
Shelley Vohr
0c3c0e7184
2020-02-18, Version 13.9.0 (Current)
Notable changes:

* async_hooks
  * add executionAsyncResource (Matteo Collina) #30959
* crypto
  * add crypto.diffieHellman (Tobias Nießen) #31178
  * add DH support to generateKeyPair (Tobias Nießen) #31178
  * simplify DH groups (Tobias Nießen) #31178
  * add key type 'dh' (Tobias Nießen) #31178
* test
  * skip keygen tests on arm systems (Tobias Nießen) #31178
* perf_hooks
  * add property flags to GCPerformanceEntry (Kirill Fomichev) #29547
* process
  * report ArrayBuffer memory in `memoryUsage()` (Anna Henningsen) #31550
* readline
  * make tab size configurable (Ruben Bridgewater) #31318
* report
  * add support for Workers (Anna Henningsen) #31386
* worker
  * add ability to take heap snapshot from parent thread (Anna Henningsen) #31569
* added new collaborators
  * add ronag to collaborators (Robert Nagy) #31498

PR-URL: https://github.com/nodejs/node/pull/31837
2020-02-18 12:40:21 -08:00
Myles Borins
1c2d77d3d9
2020-02-18, Version 12.16.1 'Erbium' (LTS)
Notable changes:

Node.js 12.16.0 included 6 regressions that are being fixed in this
release

**Accidental Unflagging of Self Resolving Modules**:

12.16.0 included a large update to the ESM implementation. One of the
new features, Self Referential Modules, was accidentally released
without requiring the `--experimental-modules` flag. This release is
being made to appropriately flag the feature.

**Process Cleanup Changed Introduced WASM-Related Assertion**:

A change during Node.js process cleanup led to a crash in combination
with specific usage of WASM. This has been fixed by partially reverted
said change. A regression test and a full fix are being worked on and
will likely be included in future 12.x and 13.x releases.

**Use Largepages Runtime Option Introduced Linking Failure**:

A Semver-Minor change to introduce `--use-largepages` as a runtime
option introduced a linking failure. This had been fixed in master but
regressed as the fix has not yet gone out in a Current release. The
feature has been reverted, but will be able to reland with a fix in a
future Semver-Minor release.

**Async Hooks was Causing an Exception When Handling Errors**:

Changes in async hooks internals introduced a case where an internal
api call could be called with undefined causing a process to crash. The
change to async hooks was reverted. A regression test and fix has been
proposed and the change could re land in a future Semver-Patch release
if the regression is reliably fixed.

**New Enumerable Read-Only Property on EventEmitter breaks @types/extend**

A new property for enumerating events was added to the EventEmitter
class. This broke existing code that was using the `@types/extend`
module for extending classses as `@types/extend` was attemping to write
over the existing field which the new change made read-only. As this is
the first property on EventEmitter that is read-only this feature could
be considered Semver-Major. The new feature has been reverted but could
re land in a future Semver-Minor release if a non breaking way of
applying it is found.

**Exceptions in the HTTP parser were not emitting an uncaughtException**

A refactoring to Node.js interanls resulted in a bug where errors in
the HTTP parser were not being emitted by
`process.on('uncaughtException')`. The fix to this bug has been
included in this release.

PR-URL: https://github.com/nodejs/node/pull/31781
2020-02-18 14:46:29 -05:00
Myles Borins
1c11ea4388
2020-02-11, Version 12.16.0 'Erbium' (LTS)
Notable changes:

New assert APIs

The `assert` module now provides experimental `assert.match()` and
`assert.doesNotMatch()` methods. They will validate that the first argument is a
string and matches (or does not match) the provided regular expression

This is an experimental feature.

Ruben Bridgewater [#30929](https://github.com/nodejs/node/pull/30929).

Advanced serialization for IPC

The `child_process` and `cluster` modules now support a `serialization` option
to change the serialization mechanism used for IPC. The option can have one of
two values:

* `'json'` (default): `JSON.stringify()` and `JSON.parse()` are used. This is
  how message serialization was done before.
* `'advanced'`: The serialization API of the `v8` module is used. It is based on
  the HTML structured clone algorithm.
  and is able to serialize more built-in JavaScript object types, such as
  `BigInt`, `Map`, `Set` etc. as well as circular data structures.

Anna Henningsen [#30162](https://github.com/nodejs/node/pull/30162).

CLI flags

The new `--trace-exit` CLI flag makes Node.js print a stack trace whenever the
Node.js environment is exited proactively (i.e. by invoking the `process.exit()`
function or pressing Ctrl+C).

legendecas [#30516](https://github.com/nodejs/node/pull/30516).

___

The new `--trace-uncaught` CLI flag makes Node.js print a stack trace at the
time of throwing uncaught exceptions, rather than at the creation of the `Error`
object, if there is any.
This option is not enabled by default because it may affect garbage collection
behavior negatively.

Anna Henningsen [#30025](https://github.com/nodejs/node/pull/30025).

___

The `--disallow-code-generation-from-strings` V8 CLI flag is now whitelisted in
the `NODE_OPTIONS` environment variable.

Shelley Vohr [#30094](https://github.com/nodejs/node/pull/30094).

New crypto APIs

For DSA and ECDSA, a new signature encoding is now supported in addition to the
existing one (DER). The `verify` and `sign` methods accept a `dsaEncoding`
option, which can have one of two values:

* `'der'` (default): DER-encoded ASN.1 signature structure encoding `(r, s)`.
* `'ieee-p1363'`: Signature format `r || s` as proposed in IEEE-P1363.

Tobias Nießen [#29292](https://github.com/nodejs/node/pull/29292).

___

A new method was added to `Hash`: `Hash.prototype.copy`. It makes it possible to
clone the internal state of a `Hash` object into a new `Hash` object, allowing
to compute the digest between updates.

Ben Noordhuis [#29910](https://github.com/nodejs/node/pull/29910).

Dependency updates

libuv was updated to 1.34.0. This includes fixes to `uv_fs_copyfile()` and
`uv_interface_addresses()` and adds two new functions: `uv_sleep()` and
`uv_fs_mkstemp()`.

Colin Ihrig [#30783](https://github.com/nodejs/node/pull/30783).

___

V8 was updated to 7.8.279.23. This includes performance improvements to object
destructuring, RegExp match failures and WebAssembly startup time.
The official release notes are available at https://v8.dev/blog/v8-release-78.

Michaël Zasso [#30109](https://github.com/nodejs/node/pull/30109).

New EventEmitter APIs

The new `EventEmitter.on` static method allows to async iterate over events.

Matteo Collina [#27994](https://github.com/nodejs/node/pull/27994).

___

It is now possible to monitor `'error'` events on an `EventEmitter` without
consuming the emitted error by installing a listener using the symbol
`EventEmitter.errorMonitor`.

Gerhard Stoebich [#30932](https://github.com/nodejs/node/pull/30932).

___

Using `async` functions with event handlers is problematic, because it
can lead to an unhandled rejection in case of a thrown exception.

The experimental `captureRejections` option in the `EventEmitter` constructor or
the global setting change this behavior, installing a
`.then(undefined, handler)` handler on the `Promise`. This handler routes the
exception asynchronously to the `Symbol.for('nodejs.rejection')` method if there
is one, or to the `'error'` event handler if there is none.

Setting `EventEmitter.captureRejections = true` will change the default for all
new instances of `EventEmitter`.

This is an experimental feature.

Matteo Collina [#27867](https://github.com/nodejs/node/pull/27867).

Performance Hooks are no longer experimental

The `perf_hooks` module is now considered a stable API.

legendecas [#31101](https://github.com/nodejs/node/pull/31101).

Introduction of experimental WebAssembly System Interface (WASI) support

A new core module, `wasi`, is introduced to provide an implementation of the
[WebAssembly System Interface](https://wasi.dev/) specification.
WASI gives sandboxed WebAssembly applications access to the
underlying operating system via a collection of POSIX-like functions.

This is an experimental feature.

Colin Ihrig [#30258](https://github.com/nodejs/node/pull/30258).

PR-URL: https://github.com/nodejs/node/pull/31691
2020-02-11 19:20:59 +01:00
Beth Griggs
d602e586bf
2020-02-06, Version 10.19.0 'Dubnium' (LTS)
This is a security release.

Vulnerabilities fixed:
* **CVE-2019-15606**:
          HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
          HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
          Remotely trigger an assertion on a TLS server with a malformed
          certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.

PR-URL: https://github.com/nodejs-private/node-private/pull/198
2020-02-06 03:05:04 +00:00
Beth Griggs
e65ae42785
2020-02-06, Version 12.15.0 'Erbium' (LTS)
This is a security release.

Vulnerabilities fixed:
* **CVE-2019-15606**:
      HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
      HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
      Remotely trigger an assertion on a TLS server with a malformed
      certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.

PR-URL: https://github.com/nodejs-private/node-private/pull/197
2020-02-06 02:55:47 +00:00
Beth Griggs
f0f2583c91
2020-02-06, Version 13.8.0 (Current)
This is a security release.

Vulnerabilities fixed:
* **CVE-2019-15606**:
      HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
      HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
      Remotely trigger an assertion on a TLS server with a malformed
      certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.

PR-URL: https://github.com/nodejs-private/node-private/pull/196
2020-02-06 02:39:39 +00:00
Shelley Vohr
a484f1acf3
2020-01-21, Version 13.7.0 (Current)
Notable changes:

* deps:
  * upgrade to libuv 1.34.1 (cjihrig) https://github.com/nodejs/node/pull/31332
  * upgrade npm to 6.13.6 (Ruy Adorno) https://github.com/nodejs/node/pull/31304
* module
  * add API for interacting with source maps (bcoe) https://github.com/nodejs/node/pull/31132
  * loader getSource, getFormat, transform hooks (Geoffrey Booth) https://github.com/nodejs/node/pull/30986
  * logical conditional exports ordering (Guy Bedford) https://github.com/nodejs/node/pull/31008
  * unflag conditional exports (Guy Bedford) https://github.com/nodejs/node/pull/31001
* process:
  * allow monitoring uncaughtException (Gerhard Stoebich) https://github.com/nodejs/node/pull/31257
* Added new collaborators:
  * [GeoffreyBooth](https://github.com/GeoffreyBooth) - Geoffrey Booth. https://github.com/nodejs/node/pull/31306

PR-URL: https://github.com/nodejs/node/pull/31382
2020-01-21 09:58:13 -08:00
Beth Griggs
9d5d4f84e3
2020-01-09, Version 10.18.1 'Dubnium' (LTS)
- http2: fix session memory accounting after pausing (Michael Lehenbauer)
  [#30684](https://github.com/nodejs/node/pull/30684)
- n-api: correct bug in napi_get_last_error (Octavian Soldea)
  [#28702](https://github.com/nodejs/node/pull/28702)
- tools: update tzdata to 2019c (Myles Borins)
  [#30479](https://github.com/nodejs/node/pull/30479)

PR-URL: https://github.com/nodejs/node/pull/31248
2020-01-09 21:48:45 +00:00
Ruben Bridgewater
e908323b7e
2020-01-07, Version v13.6.0 (Current)
Notable changes:

* assert:
  * Implement `assert.match()` and `assert.doesNotMatch()` (Ruben
    Bridgewater) https://github.com/nodejs/node/pull/30929
* events:
  * Add `EventEmitter.on` to async iterate over events (Matteo Collina)
    https://github.com/nodejs/node/pull/27994
  * Allow monitoring error events (Gerhard Stoebich)
    https://github.com/nodejs/node/pull/30932
* fs:
  * Allow overriding `fs` for streams (Robert Nagy)
    https://github.com/nodejs/node/pull/29083
* perf_hooks:
  * Move `perf_hooks` out of experimental (legendecas)
    https://github.com/nodejs/node/pull/31101
* repl:
  * Implement ZSH-like reverse-i-search (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/31006
* tls:
  * Add PSK (pre-shared key) support (Denys Otrishko)
    https://github.com/nodejs/node/pull/23188

PR-URL: https://github.com/nodejs/node/pull/31238
2020-01-08 00:10:43 +01:00
Beth Griggs
f5512ff61e
2020-01-07, Version 12.14.1 'Erbium' (LTS)
Notable changes:

- crypto: fix key requirements in asymmetric cipher (Tobias Nießen)
  https://github.com/nodejs/node/pull/30249
- deps:
    - update llhttp to 2.0.1 (Fedor Indutny)
      https://github.com/nodejs/node/pull/30553
    - update nghttp2 to 1.40.0 (gengjiawen)
      https://github.com/nodejs/node/pull/30493
- v8: mark serdes API as stable (Anna Henningsen)
  https://github.com/nodejs/node/pull/30234

PR-URL: https://github.com/nodejs/node/pull/31069
2020-01-07 17:25:49 +00:00
Beth Griggs
d845915d46 doc: mark Node.js 8 End-of-Life in CHANGELOG
PR-URL: https://github.com/nodejs/node/pull/31152
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
2020-01-03 20:11:54 -08:00
Myles Borins
24263ff718
2019-12-18, Version 13.5.0 (Current)
Notable Changes:

* cli:
  * add --trace-exit cli option (legendecas)
    https://github.com/nodejs/node/pull/30516
* http,https:
  * increase server headers timeout (Tim Costa)
    https://github.com/nodejs/node/pull/30071
* readline:
  * update ansi-regex (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/30907
  * promote \_getCursorPos to public api (Jeremy Albright)
    https://github.com/nodejs/node/pull/30687
* repl:
  * add completion preview (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/30907
* util:
  * add Set and map size to inspect output (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/30225
* wasi:
  * require CLI flag to require() wasi module (Colin Ihrig)
    https://github.com/nodejs/node/pull/30963

PR-URL: https://github.com/nodejs/node/pull/31010
2019-12-18 13:51:03 -05:00
Myles Borins
bef1e87e1c
2019-12-17, Version 13.4.0 (Current)
This is a security release.

For more details about the vulnerability please consult the npm blog:

https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Notable Changes:
* deps:
  * update npm to 6.13.4
    https://github.com/nodejs/node/pull/30904
  * update uvwasi (Anna Henningsen)
    https://github.com/nodejs/node/pull/30745
  * upgrade to libuv 1.34.0 (Colin Ihrig)
    https://github.com/nodejs/node/pull/30783
* doc:
  * docs deprecate http finished (Robert Nagy)
    https://github.com/nodejs/node/pull/28679
* events:
  * add captureRejection option (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
* http:
  * add captureRejection support (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
  * llhttp opt-in insecure HTTP header parsing (Sam Roberts)
    https://github.com/nodejs/node/pull/30567
* http2:
  * implement capture rection for 'request' and 'stream' events (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
* net:
  * implement capture rejections for 'connection' event (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
* repl:
  * support previews by eager evaluating input (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/30811
* stream:
  * add support for captureRejection option (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
* tls:
  * implement capture rejections for 'secureConnection' event (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
  * expose IETF name for current cipher suite (Sam Roberts)
    https://github.com/nodejs/node/pull/30637
* worker:
  * add argv constructor option (legendecas)
    https://github.com/nodejs/node/pull/30559

PR-URL: https://github.com/nodejs/node/pull/30937
2019-12-17 17:29:02 -05:00
Myles Borins
75c5de2218
2019-12-17, Version 12.14.0 'Erbium' (LTS)
This is a security release.

For more details about the vulnerability please consult the npm blog:

https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Notable Changes:

* deps: update npm to 6.13.4
  https://github.com/nodejs/node/pull/30904

PR-URL: https://github.com/nodejs/node/pull/30938
2019-12-17 17:16:25 -05:00
Myles Borins
178c5d86b0
2019-12-17, Version 10.18.0 'Dubnium' (LTS)
This is a security release.

For more details about the vulnerability please consult the npm blog:

https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Notable Changes:

* deps: update npm to 6.13.4
  https://github.com/nodejs/node/pull/30904

PR-URL: https://github.com/nodejs/node/pull/30940
2019-12-17 17:15:40 -05:00
Myles Borins
8bfa4d0480
2019-12-17, Version 8.17.0 'Carbon' (LTS)
This is a security release.

For more details about the vulnerability please consult the npm blog:

https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Notable Changes:

* deps: update npm to 6.13.4
  https://github.com/nodejs/node/pull/30904

PR-URL: https://github.com/nodejs/node/pull/30941
2019-12-17 17:15:09 -05:00
Ruben Bridgewater
4091ea90b6
2019-12-03, Version 13.3.0 (Current)
Notable changes:

* fs:
  * Reworked experimental recursive `rmdir()`  (cjihrig)
    https://github.com/nodejs/node/pull/30644
    * The `maxBusyTries` option is renamed to `maxRetries`, and its
      default is set to 0. The `emfileWait` option has been removed,
      and `EMFILE` errors use the same retry logic as other errors.
      The `retryDelay` option is now supported. `ENFILE` errors are
      now retried.
* http:
  * Make maximum header size configurable per-stream or per-server
    (Anna Henningsen) https://github.com/nodejs/node/pull/30570
* http2:
  * Make maximum tolerated rejected streams configurable (Denys
    Otrishko) https://github.com/nodejs/node/pull/30534
  * Allow to configure maximum tolerated invalid frames (Denys
    Otrishko) https://github.com/nodejs/node/pull/30534
* wasi:
  * Introduce initial WASI support (cjihrig)
    https://github.com/nodejs/node/pull/30258

PR-URL: https://github.com/nodejs/node/pull/30774
2019-12-03 22:57:31 +01:00
Myles Borins
b8f8f05002
2019-11-21, Version 13.2.0 (Current)
Notable changes:

* addons:
  * Deprecate one- and two-argument `AtExit()`. Use the three-argument
    variant of `AtExit()` or `AddEnvironmentCleanupHook()` instead
    (Anna Henningsen) https://github.com/nodejs/node/pull/30227
* child_process,cluster:
  * The `serialization` option is added that allows child process
    IPC to use the V8 serialization API (to e.g., pass through data
    types like sets or maps) (Anna Henningsen)
    https://github.com/nodejs/node/pull/30162
* deps:
  * Update V8 to 7.9
  * Update `npm` to 6.13.0 (Ruy Adorno)
    https://github.com/nodejs/node/pull/30271
* embedder:
  * Exposes the ability to pass cli flags / options through an API
    as embedder (Shelley Vohr)
    https://github.com/nodejs/node/pull/30466
  * Allow adding linked bindings to Environment (Anna Henningsen)
    https://github.com/nodejs/node/pull/30274
* esm:
  * Unflag --experimental-modules (Guy Bedford)
    https://github.com/nodejs/node/pull/29866
* stream:
  * Add `writable.writableCorked` property (Robert Nagy)
    https://github.com/nodejs/node/pull/29012
* worker:
  * Allow specifying resource limits (Anna Henningsen)
    https://github.com/nodejs/node/pull/26628
* v8:
  * The Serialization API is now stable (Anna Henningsen)
    https://github.com/nodejs/node/pull/30234

PR-URL: https://github.com/nodejs/node/pull/30547
2019-11-21 17:14:59 -05:00
Michaël Zasso
b351d30701
2019-11-19, Version 12.13.1 'Erbium' (LTS)
Notable changes:

* Experimental support for building Node.js with Python 3 is improved.
* ICU time zone data is updated to version 2019c. This fixes the date
  offset in Brazil.

PR-URL: https://github.com/nodejs/node/issues/30352
2019-11-19 11:50:23 +01:00
Michaël Zasso
309e1eae79
2019-11-05, Version 13.1.0 (Current)
Notable changes:

* cli:
  * Added a new flag (`--trace-uncaught`) that makes Node.js print the
    stack trace at the time of throwing uncaught exceptions, rather than
    at the creation of the `Error` object, if there is any. This is
    disabled by default because it affects GC behavior.
    https://github.com/nodejs/node/pull/30025
* crypto
  * Added `Hash.prototype.copy()` method. It returns a new `Hash` object
    with its internal state cloned from the original one.
    https://github.com/nodejs/node/pull/29910
* dgram
  * Added source-specific multicast support. This adds methods to
    Datagram sockets to support RFC 4607
    (https://tools.ietf.org/html/rfc4607) for IPv4 and IPv6.
    https://github.com/nodejs/node/pull/15735
* fs
  * Added a `bufferSize` option to `fs.opendir()`. It allows to control
    the number of entries that are buffered internally when reading from
    the directory. https://github.com/nodejs/node/pull/30114
* meta
  * Added Chengzhong Wu (https://github.com/legendecas) to
    collaborators. https://github.com/nodejs/node/pull/30115

PR-URL: https://github.com/nodejs/node/pull/30262
2019-11-05 19:39:20 +01:00
Myles Borins
5a042a6b1a
2019-10-23, Version 13.0.1 (Current)
Notable changes:

* deps:
  * Fixed a bug in npm 6.12.0 where warnings are emitted on Node.js
    13.x. https://github.com/nodejs/node/pull/30079
* esm:
  * Changed file extension resolution order of
    `--es-module-specifier-resolution=node`to match that of the CommonJS
    loader. https://github.com/nodejs/node/pull/29974

PR-URL: https://github.com/nodejs/node/pull/30081
2019-10-23 12:34:20 +02:00
Beth Griggs
afbbcb050e
2019-10-22, Version 10.17.0 'Dubnium' (LTS)
Notable changes:

* crypto:
  * add support for chacha20-poly1305 for AEAD (chux0519)
    https://github.com/nodejs/node/pull/24081
  * increase maxmem range from 32 to 53 bits (Tobias Nießen)
    https://github.com/nodejs/node/pull/28799
* deps:
  * update npm to 6.11.3 (claudiahdz)
    https://github.com/nodejs/node/pull/29430
  * upgrade openssl sources to 1.1.1d (Sam Roberts)
    https://github.com/nodejs/node/pull/29921
* dns:
  * remove dns.promises experimental warning (cjihrig)
    https://github.com/nodejs/node/pull/26592
* fs:
  * remove experimental warning for fs.promises (Anna Henningsen)
    https://github.com/nodejs/node/pull/26581
* http:
  * makes response.writeHead return the response (Mark S. Everitt)
    https://github.com/nodejs/node/pull/25974
* http2:
  * makes response.writeHead return the response (Mark S. Everitt)
    https://github.com/nodejs/node/pull/25974
* n-api:
  * make func argument of napi\_create\_threadsafe\_function optional
    (legendecas)
    https://github.com/nodejs/node/pull/27791
  * mark version 5 N-APIs as stable (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/29401
  * implement date object (Jarrod Connolly)
    https://github.com/nodejs/node/pull/25917
* process:
  * add --unhandled-rejections flag (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/26599
* stream:
  * implement Readable.from async iterator utility (Guy Bedford)
    https://github.com/nodejs/node/pull/27660
  * make Symbol.asyncIterator support stable (Matteo Collina)
    https://github.com/nodejs/node/pull/26989

PR-URL: https://github.com/nodejs/node/pull/29875
2019-10-22 20:15:24 +01:00
Beth Griggs
42bf0c8df2
2019-10-22, Version 13.0.0 (Current)
Notable changes:

* assert:
  * If the validation function passed to `assert.throws()` or
    `assert.rejects()` returns a value other than `true`, an assertion
    error will be thrown instead of the original error to highlight the
    programming mistake (Ruben Bridgewater).
    https://github.com/nodejs/node/pull/28263
  * If a constructor function is passed to validate the instance of
    errors thrown in `assert.throws()` or `assert.reject()`, an
    assertion error will be thrown instead of the original error
    (Ruben Bridgewater).
    https://github.com/nodejs/node/pull/28263
* build:
  * Node.js releases are now built with default full-icu support. This
    means that all locales supported by ICU are now included and
    Intl-related APIs may return different values than before
    (Richard Lau).
    https://github.com/nodejs/node/pull/29887
  * The minimum Xcode version supported for macOS was increased to 10.
    It is still possible to build Node.js with Xcode 8 but this may no
    longer be the case in a future v13.x release (Michael Dawson).
    https://github.com/nodejs/node/pull/29622
* child_process:
  * `ChildProcess._channel` (DEP0129) is now a Runtime deprecation
    (cjihrig).
    https://github.com/nodejs/node/pull/27949
* console:
  * The output `console.timeEnd()` and `console.timeLog()` will now
    automatically select a suitable time unit instead of always using
    milliseconds (Xavier Stouder).
    https://github.com/nodejs/node/pull/29251
* deps:
  * The V8 engine was updated to version 7.8. This includes performance
    improvements to object destructuring, memory usage and WebAssembly
    startup time (Myles Borins).
    https://github.com/nodejs/node/pull/29694)
* domain:
  * The domain's error handler is now executed with the active domain
    set to the domain's parent to prevent inner recursion
    (Julien Gilli).
    https://github.com/nodejs/node/pull/26211
* fs:
  * The undocumented method `FSWatcher.prototype.start()` was removed
    (Lucas Holmquist).
    https://github.com/nodejs/node/pull/29905
  * Calling the `open()` method on a `ReadStream` or `WriteStream` now
    emits a runtime deprecation warning. The methods are supposed to be
    internal and should not be called by user code (Robert Nagy).
    https://github.com/nodejs/node/pull/29061
  * `fs.read/write`, `fs.readSync/writeSync` and `fd.read/write` now
    accept any safe integer as their `offset` parameter. The value of
    `offset` is also no longer coerced, so a valid type must be passed
    to the functions (Zach Bjornson).
    https://github.com/nodejs/node/pull/26572
* http:
  * Aborted requests no longer emit the `end` or `error` events after
    `aborted` (Robert Nagy).
    https://github.com/nodejs/node/pull/27984
    https://github.com/nodejs/node/pull/20077
  * Data will no longer be emitted after a socket error (Robert Nagy).
    https://github.com/nodejs/node/pull/28711
  * The legacy HTTP parser (previously available under the
    `--http-parser=legacy` flag) was removed (Anna Henningsen).
    https://github.com/nodejs/node/pull/29589
  * The `host` option for HTTP requests is now validated to be a string
    value (Giorgos Ntemiris).
    https://github.com/nodejs/node/pull/29568
  * The `request.connection` and `response.connection` properties are now
    runtime deprecated. The equivalent `request.socket` and `response.socket`
    should be used instead (Robert Nagy).
    https://github.com/nodejs/node/pull/29015
* http, http2:
  * The default server timeout was removed (Ali Ijaz Sheikh).
    https://github.com/nodejs/node/pull/27558
  * Brought 425 status code name into accordance with RFC 8470. The name
    changed from "Unordered Collection" to "Too Early" (Sergei Osipov).
    https://github.com/nodejs/node/pull/29880
* lib:
  * The `error.errno` property will now always be a number. To get the
    string value, use `error.code` instead (Joyee Cheung).
    https://github.com/nodejs/node/pull/28140
* module:
  * `module.createRequireFromPath()` is deprecated. Use
    `module.createRequire()` instead (cjihrig).
    https://github.com/nodejs/node/pull/27951
* src:
  * Changing the value of `process.env.TZ` will now clear the tz cache.
    This affects the default time zone used by methods such as
    `Date.prototype.toString` (Ben Noordhuis).
    https://github.com/nodejs/node/pull/20026
* stream:
  * The timing and behavior of streams was consolidated for a number of
    edge cases. Please look at the individual commits below for more
    information.

PR-URL: https://github.com/nodejs/node/pull/29504
2019-10-22 17:12:12 +01:00
Michaël Zasso
701933ca8f
2019-10-21, Version 12.13.0 'Erbium' (LTS)
This release marks the transition of Node.js 12.x into Long Term Support
(LTS) with the codename 'Erbium'. The 12.x release line now moves into
"Active LTS" and will remain so until October 2020. After that time, it
will move into "Maintenance" until end of life in April 2022.

Notable changes:

npm was updated to 6.12.0. It now includes a version of `node-gyp` that
supports Python 3 for building native modules.

PR-URL: https://github.com/nodejs/node/pull/29981
2019-10-21 11:12:52 +02:00
Ruben Bridgewater
06f6d662f6
2019-10-11, Version 12.12.0 (Current)
Notable changes:

* build:
  * Add `--force-context-aware` flag to prevent usage of native node
    addons that aren't context aware
    https://github.com/nodejs/node/pull/29631
* deprecations:
  * Add documentation-only deprecation for `process._tickCallback()`
    https://github.com/nodejs/node/pull/29781
* esm:
  * Using JSON modules is experimental again
    https://github.com/nodejs/node/pull/29754
* fs:
  * Introduce `opendir()` and `fs.Dir` to iterate through directories
    https://github.com/nodejs/node/pull/29349
* process:
  * Add source-map support to stack traces by using
    `--source-map-support` https://github.com/nodejs/node/pull/29564
* tls:
  * Honor `pauseOnConnect` option
    https://github.com/nodejs/node/pull/29635
  * Add option for private keys for OpenSSL engines
    https://github.com/nodejs/node/pull/28973

PR-URL: https://github.com/nodejs/node/pull/29919
2019-10-11 21:25:36 +02:00
Beth Griggs
a04b04f4cf
2019-10-09, Version 8.16.2 'Carbon' (LTS)
Node.js 8 is due to go End-of-Life on 31st December 2019.

Notable changes:

- **deps**: upgrade openssl sources to 1.0.2s (Sam Roberts)
  [#28230](https://github.com/nodejs/node/pull/28230)

PR-URL: https://github.com/nodejs/node/pull/29617
2019-10-09 21:25:39 +01:00
Michaël Zasso
d9fd2cd0ff
2019-10-01, Version 12.11.1 (Current)
Notable changes:

* build:
  * This release fixes a regression that prevented from building Node.js
    using the official source tarball.
    https://github.com/nodejs/node/pull/29712
* deps:
  * Updated small-icu data to support "unit" style in the
    `Intl.NumberFormat` API.
    https://github.com/nodejs/node/pull/29735

PR-URL: https://github.com/nodejs/node/pull/29796
2019-10-01 18:44:05 +02:00
Ruben Bridgewater
d36b6f8da3
2019-09-24, Version 12.11.0 (Current)
Notable changes:

* crypto:
  * Add `oaepLabel` option https://github.com/nodejs/node/pull/29489
* deps:
  * Update V8 to 7.7.299.11 https://github.com/nodejs/node/pull/28918
    * More efficient memory handling
    * Stack trace serialization got faster
    * The `Intl.NumberFormat` API gained new functionality
    * For more information: https://v8.dev/blog/v8-release-77
* events:
  * Add support for `EventTarget` in `once`
    https://github.com/nodejs/node/pull/29498
* fs:
  * Expose memory file mapping flag `UV_FS_O_FILEMAP`
    https://github.com/nodejs/node/pull/29260
* inspector:
  * New API - `Session.connectToMainThread`
    https://github.com/nodejs/node/pull/28870
* process:
  * Initial SourceMap support via `env.NODE_V8_COVERAGE`
    https://github.com/nodejs/node/pull/28960
* stream:
  * Make `_write()` optional when `_writev()` is implemented
    https://github.com/nodejs/node/pull/29639
* tls:
  * Add option to override signature algorithms
    https://github.com/nodejs/node/pull/29598
* util:
  * Add `encodeInto` to `TextEncoder`
    https://github.com/nodejs/node/pull/29524
* worker:
  * The `worker_thread` module is now stable
    https://github.com/nodejs/node/pull/29512

PR-URL: https://github.com/nodejs/node/pull/29695
2019-09-26 01:14:24 +02:00
Ruben Bridgewater
02c74e72ea
2019-09-04, Version 12.10.0 (Current)
Notable changes:

* deps:
  * Update npm to 6.10.3 (isaacs)
    https://github.com/nodejs/node/pull/29023
* fs:
  * Add recursive option to rmdir() (cjihrig)
    https://github.com/nodejs/node/pull/29168
  * Allow passing true to emitClose option (Giorgos Ntemiris)
    https://github.com/nodejs/node/pull/29212
  * Add \*timeNs properties to BigInt Stats objects (Joyee Cheung)
    https://github.com/nodejs/node/pull/21387
* net:
  * Allow reading data into a static buffer (Brian White)
    https://github.com/nodejs/node/pull/25436

PR-URL: https://github.com/nodejs/node/pull/29429
2019-09-04 20:10:18 +02:00
Nick Schonning
9e8edb0d79 doc: heading levels should only increment by one
These are flagged by Markdownlint MD001 rule.

PR-URL: https://github.com/nodejs/node/pull/29331
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-28 22:47:21 -07:00
Michaël Zasso
d770b8a931
2019-08-26, Version 12.9.1 (Current)
Notable changes:

This release fixes two regressions in the http module:

* Fixes an event listener leak in the HTTP client. This resulted in lots
  of warnings during npm/yarn installs.
  https://github.com/nodejs/node/pull/29245
* Fixes a regression preventing the `'end'` event from being emitted for
  keepalive requests in case the full body was not parsed.
  https://github.com/nodejs/node/pull/29263

PR-URL: https://github.com/nodejs/node/pull/29321
2019-08-26 20:36:17 +02:00
Michaël Zasso
edc83a9203
2019-08-20, Version 12.9.0 (Current)
Notable changes:

* crypto:
  * Added an oaepHash option to asymmetric encryption which allows
    users to specify a hash function when using OAEP padding.
    https://github.com/nodejs/node/pull/28335
* deps:
  * Updated V8 to 7.6.303.29. https://github.com/nodejs/node/pull/28955
    * Improves the performance of various APIs such as `JSON.parse` and
      methods called on frozen arrays.
    * Adds the Promise.allSettled method.
    * Improves support of `BigInt` in `Intl` methods.
    * For more information: https://v8.dev/blog/v8-release-76
  * Updated libuv to 1.31.0. https://github.com/nodejs/node/pull/29070
    * `UV_FS_O_FILEMAP` has been added for faster access to memory
      mapped files on Windows.
    * `uv_fs_mkdir()` now returns `UV_EINVAL` for invalid filenames on
      Windows. It previously returned `UV_ENOENT`.
    * The `uv_fs_statfs()` API has been added.
    * The `uv_os_environ()` and `uv_os_free_environ()` APIs have been
      added.
* fs:
  * Added `fs.writev`, `fs.writevSync` and `filehandle.writev` (promise
    version) methods. They allow to write an array of `ArrayBufferView`s
    to a file descriptor. https://github.com/nodejs/node/pull/25925
    https://github.com/nodejs/node/pull/29186
* http:
  * Added three properties to `OutgoingMessage.prototype`:
    `writableObjectMode`, `writableLength` and `writableHighWaterMark`
    https://github.com/nodejs/node/pull/29018
* stream:
  * Added an new property `readableEnded` to readable streams. Its value
    is set to `true` when the `'end'` event is emitted.
    https://github.com/nodejs/node/pull/28814
  * Added an new property `writableEnded` to writable streams. Its value
    is set to `true` after `writable.end()` has been called.
    https://github.com/nodejs/node/pull/28934

PR-URL: https://github.com/nodejs/node/pull/29210
2019-08-20 21:37:07 +02:00
Beth Griggs
affa23bc88
2019-08-15, Version 8.16.1 'Carbon' (LTS)
This is a security release.

Notable changes:

Node.js, as well as many other implementations of HTTP/2, have been
found vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
  data from a specified resource over multiple streams. They manipulate
  window size and stream priority to force the server to queue the data
  in 1-byte chunks. Depending on how efficiently this data is queued,
  this can consume excess CPU, memory, or both, potentially leading to a
  denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume
  excess CPU, memory, or both, potentially leading to a denial of
  service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way
  that causes substantial churn to the priority tree. This can consume
  excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
  and sends an invalid request over each stream that should solicit a
  stream of RST_STREAM frames from the peer. Depending on how the peer
  queues the RST_STREAM frames, this can consume excess memory, CPU,or
  both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
  SETTINGS frames to the peer. Since the RFC requires that the peer
  reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping. Depending on how
  efficiently this data is queued, this can consume excess CPU, memory,
  or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
  headers with a 0-length header name and 0-length header value,
  optionally Huffman encoded into 1-byte or greater headers. Some
  implementations allocate memory for these headers and keep the
  allocation alive until the session dies. This can consume excess
  memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave
  the TCP window closed so the peer cannot actually write (many of) the
  bytes on the wire. The attacker then sends a stream of requests for a
  large response object. Depending on how the servers queue the
  responses, this can consume excess memory, CPU, or both, potentially
  leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
  frames with an empty payload and without the end-of-stream flag. These
  frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
  peer spends time processing each frame disproportionate to attack
  bandwidth. This can consume excess CPU, potentially leading to a
  denial of service. (Discovered by Piotr Sikora of Google)

PR-URL: https://github.com/nodejs/node/pull/29152
2019-08-15 23:30:22 +01:00
Beth Griggs
004e2b759f
2019-08-15, Version 10.16.3 'Dubnium' (LTS)
This is a security release.

Notable changes:

Node.js, as well as many other implementations of HTTP/2, have been
found vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
  data from a specified resource over multiple streams. They manipulate
  window size and stream priority to force the server to queue the data
  in 1-byte chunks. Depending on how efficiently this data is queued,
  this can consume excess CPU, memory, or both, potentially leading to a
  denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume
  excess CPU, memory, or both, potentially leading to a denial of
  service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way
  that causes substantial churn to the priority tree. This can consume
  excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
  and sends an invalid request over each stream that should solicit a
  stream of RST_STREAM frames from the peer. Depending on how the peer
  queues the RST_STREAM frames, this can consume excess memory, CPU,or
  both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
  SETTINGS frames to the peer. Since the RFC requires that the peer
  reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping. Depending on how
  efficiently this data is queued, this can consume excess CPU, memory,
  or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
  headers with a 0-length header name and 0-length header value,
  optionally Huffman encoded into 1-byte or greater headers. Some
  implementations allocate memory for these headers and keep the
  allocation alive until the session dies. This can consume excess
  memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave
  the TCP window closed so the peer cannot actually write (many of) the
  bytes on the wire. The attacker then sends a stream of requests for a
  large response object. Depending on how the servers queue the
  responses, this can consume excess memory, CPU, or both, potentially
  leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
  frames with an empty payload and without the end-of-stream flag. These
  frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
  peer spends time processing each frame disproportionate to attack
  bandwidth. This can consume excess CPU, potentially leading to a
  denial of service. (Discovered by Piotr Sikora of Google)

PR-URL: https://github.com/nodejs/node/pull/29148
2019-08-15 22:50:53 +01:00
Michaël Zasso
edc2e5be34
2019-08-15, Version 12.8.1 (Current)
This is a security release.

Notable changes:

Node.js, as well as many other implementations of HTTP/2, have been
found vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
  data from a specified resource over multiple streams. They manipulate
  window size and stream priority to force the server to queue the data
  in 1-byte chunks. Depending on how efficiently this data is queued,
  this can consume excess CPU, memory, or both, potentially leading to a
  denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume
  excess CPU, memory, or both, potentially leading to a denial of
  service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way
  that causes substantial churn to the priority tree. This can consume
  excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
  and sends an invalid request over each stream that should solicit a
  stream of RST_STREAM frames from the peer. Depending on how the peer
  queues the RST_STREAM frames, this can consume excess memory, CPU,or
  both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
  SETTINGS frames to the peer. Since the RFC requires that the peer
  reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping. Depending on how
  efficiently this data is queued, this can consume excess CPU, memory,
  or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
  headers with a 0-length header name and 0-length header value,
  optionally Huffman encoded into 1-byte or greater headers. Some
  implementations allocate memory for these headers and keep the
  allocation alive until the session dies. This can consume excess
  memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave
  the TCP window closed so the peer cannot actually write (many of) the
  bytes on the wire. The attacker then sends a stream of requests for a
  large response object. Depending on how the servers queue the
  responses, this can consume excess memory, CPU, or both, potentially
  leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
  frames with an empty payload and without the end-of-stream flag. These
  frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
  peer spends time processing each frame disproportionate to attack
  bandwidth. This can consume excess CPU, potentially leading to a
  denial of service. (Discovered by Piotr Sikora of Google)

PR-URL: https://github.com/nodejs/node/pull/29133
2019-08-15 14:49:36 +02:00
Beth Griggs
f1478e1789
2019-08-06, Version 10.16.2 'Dubnium' (LTS)
Notable changes:

This release patches a regression in the OpenSSL upgrade to 1.1.1c that
 causes intermittent hangs in machines that have low entropy.

Refs: https://github.com/nodejs/node/issues/28932

PR-URL: https://github.com/nodejs/node/pull/29021
2019-08-06 23:29:55 +01:00
Ruben Bridgewater
a9e7441916
2019-08-06, Version 12.8.0 (Current)
Notable changes:

* assert:
  * Legacy mode deprecation (`DEP0089`) is revoked (Colin Ihrig)
    https://github.com/nodejs/node/pull/28892
* crypto:
  * The `outputLength` option is added to `crypto.createHash`
    (Tobias Nießen) https://github.com/nodejs/node/pull/28805
  * The `maxmem` range is increased from 32 to 53 bits (Tobias Nießen)
    https://github.com/nodejs/node/pull/28799
* n-api:
  * Added APIs for per-instance state management (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/28682
* report:
  * Network interfaces get included in the report (cjihrig)
    https://github.com/nodejs/node/pull/28911
* src:
  * `v8.getHeapCodeStatistics()` is now exported
    (Yuriy Vasiyarov) https://github.com/nodejs/node/pull/27978

PR-URL: https://github.com/nodejs/node/pull/29017
2019-08-07 00:25:59 +02:00
Beth Griggs
9d37013ef0
2019-07-31, Version 10.16.1 'Dubnium' (LTS)
Notable changes:

- **deps**: upgrade openssl sources to 1.1.1c (Sam Roberts) [#28212](https://github.com/nodejs/node/pull/28212)
- **stream**: do not unconditionally call `\_read()` on `resume()` (Anna Henningsen) [#26965](https://github.com/nodejs/node/pull/26965)
- **worker**: fix nullptr deref after MessagePort deser failure (Anna Henningsen) [#25076](https://github.com/nodejs/node/pull/25076)

PR-URL: https://github.com/nodejs/node/pull/28731
2019-07-31 20:04:46 +01:00
Michaël Zasso
52c5287aca
2019-07-23, Version 12.7.0 (Current)
Notable changes:

* deps:
  * Updated nghttp2 to 1.39.1. https://github.com/nodejs/node/pull/28448
  * Updated npm to 6.10.0. https://github.com/nodejs/node/pull/28525
* esm:
  * Implemented experimental "pkg-exports" proposal. A new `"exports"`
    field can be added to a module's `package.json` file to provide
    custom subpath aliasing. See
    https://github.com/jkrems/proposal-pkg-exports/ for more
    information. https://github.com/nodejs/node/pull/28568
* http:
  * Added `response.writableFinished`.
    https://github.com/nodejs/node/pull/28681
  * Exposed `headers`, `rawHeaders` and other fields on an
    `http.ClientRequest` `"information"` event.
    https://github.com/nodejs/node/pull/28459
* inspector:
  * Added `inspector.waitForDebugger()`.
    https://github.com/nodejs/node/pull/28453
* policy:
  * Added `--policy-integrity=sri` CLI option to mitigate policy
    tampering. If a policy integrity is specified and the policy does
    not have that integrity, Node.js will error prior to running any
    code. https://github.com/nodejs/node/pull/28734
* readline,tty:
  * Exposed stream API from various methods which write characters.
    https://github.com/nodejs/node/pull/28674
    https://github.com/nodejs/node/pull/28721
* src:
  * Use cgroups to get memory limits. This improves the way we set
    the memory ceiling for a Node.js process. Previously we would use
    the physical memory size to estimate the necessary V8
    heap sizes. The physical memory size is not necessarily the correct
    limit, e.g. if the process is running inside a docker container or
    is otherwise constrained. This change adds the ability to get a
    memory limit set by linux cgroups, which is used by docker
    containers to set resource constraints.
    https://docs.docker.com/config/containers/resource_constraints/
    https://github.com/nodejs/node/pull/27508

PR-URL: https://github.com/nodejs/node/pull/28817
2019-07-23 22:54:24 +02:00
Michaël Zasso
fcf8fe9f1a
2019-07-03, Version 12.6.0 (Current)
Notable changes:

* build:
  * Experimental support for building Node.js on MIPS architecture
    is back. https://github.com/nodejs/node/pull/27992
* child_process:
  * The promisified versions of `child_process.exec` and
    `child_process.execFile` now both return a `Promise` which has the
	child instance attached to their `child` property.
	https://github.com/nodejs/node/pull/28325
* deps:
  * Updated libuv to 1.30.1. https://github.com/nodejs/node/pull/28449,
    https://github.com/nodejs/node/pull/28511
    * Support for the Haiku platform has been added.
    * The maximum `UV_THREADPOOL_SIZE` has been increased from 128 to
	  1024.
    * `uv_fs_copyfile()` now works properly when the source and
	  destination files are the same.
* process:
  * A new method, `process.resourceUsage()` was added. It returns
    resource usage for the current process, such as CPU time.
	https://github.com/nodejs/node/pull/28018
* src:
  * Fixed an issue related to stdio that could lead to a crash of the
    process in some circumstances.
	https://github.com/nodejs/node/pull/28490
* stream:
  * Added a `writableFinished` property to writable streams. It
    indicates that all the data has been flushed to the underlying
	system. https://github.com/nodejs/node/pull/28007
* worker:
  * Fixed an issue that prevented worker threads to listen for data on
    stdin. https://github.com/nodejs/node/pull/28153
* meta:
  * Added Jiawen Geng (https://github.com/gengjiawen) to collaborators.
    https://github.com/nodejs/node/pull/28322

PR-URL: https://github.com/nodejs/node/pull/28508
2019-07-03 15:53:31 +02:00
Ruben Bridgewater
af3cc714f9
2019-06-27, Version 12.5.0 (Current)
Notable changes:

* build:
  * The startup time is reduced by enabling V8 snapshots by default
    https://github.com/nodejs/node/pull/28181
* deps:
  * Updated `V8` to 7.5.288.22 https://github.com/nodejs/node/pull/27375
    * The numeric separator (v8.dev/features/numeric-separators) feature is now
      enabled by default
  * Updated `OpenSSL` to 1.1.1c https://github.com/nodejs/node/pull/28211
* inspector:
  * The `--inspect-publish-uid` flag was added to specify ways of the inspector
    web socket url exposure https://github.com/nodejs/node/pull/27741
* n-api:
  * Accessors on napi_define_* are now ECMAScript-compliant
    https://github.com/nodejs/node/pull/27851
* report:
  * The cpu info got added to the report output
    https://github.com/nodejs/node/pull/28188
* src:
  * Restore the original state of the stdio file descriptors on exit to prevent
    leaving stdio in raw or non-blocking mode
    https://github.com/nodejs/node/pull/24260
* tools,gyp:
  * Introduce MSVS 2019 https://github.com/nodejs/node/pull/27375
* util:
  * inspect:
    * Array grouping became more compact and uses more columns than before
      https://github.com/nodejs/node/pull/28059
      https://github.com/nodejs/node/pull/28070
    * Long strings will not be split at 80 characters anymore. Instead they will
      be split on new lines https://github.com/nodejs/node/pull/28055
* worker:
  * `worker.terminate()` now returns a promise and using the callback is
    deprecated https://github.com/nodejs/node/pull/28021

PR-URL: https://github.com/nodejs/node/pull/28268
2019-06-27 15:55:50 +02:00
Richard Lau
9611d75943 doc: mark Node.js 11 as EOL in changelog
Update the changelog to mark Node.js 11 as End-of-Life. Remove the
column for Node.js 11 changelog entries from the table.

PR-URL: https://github.com/nodejs/node/pull/28076
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-06-07 21:11:35 -04:00
Michaël Zasso
cb68c04ce1
2019-06-04, Version 12.4.0 (Current)
Notable changes:

* doc:
  * The JSON variant of the API documentation is no longer experimental
    (Rich Trott) https://github.com/nodejs/node/pull/27842.
* esm:
  * JSON module support is always enabled under
    `--experimental-modules`. The `--experimental-json-modules` flag
    has been removed (Myles Borins)
    https://github.com/nodejs/node/pull/27752.
* http,http2:
  * A new flag has been added for overriding the default HTTP server
    socket timeout (which is two minutes). Pass
    `--http-server-default-timeout=milliseconds`
    or `--http-server-default-timeout=0` to respectively change or
    disable the timeout. Starting with Node.js 13.0.0, the timeout will
    be disabled by default
    (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/27704.
* inspector:
  * Added an experimental `--heap-prof` flag to start the V8 heap
    profiler on startup and write the heap profile to disk before exit
    (Joyee Cheung) https://github.com/nodejs/node/pull/27596.
* stream:
  * The `readable.unshift()` method now correctly converts strings to
    buffers. Additionally, a new optional argument is accepted to
    specify the string's encoding, such as `'utf8'` or `'ascii'`
    (Marcos Casagrande) https://github.com/nodejs/node/pull/27194.
* v8:
  * The object returned by `v8.getHeapStatistics()` has two new
    properties: `number_of_native_contexts` and
    `number_of_detached_contexts` (Yuriy Vasiyarov)
    https://github.com/nodejs/node/pull/27933.

PR-URL: https://github.com/nodejs/node/pull/28040
2019-06-04 16:01:53 +02:00
Beth Griggs
b323658b64
2019-05-28, Version 10.16.0 'Dubnium' (LTS)
Notable changes:

- **deps**:
  - update ICU to 64.2 (Ujjwal Sharma)
    [#27361](https://github.com/nodejs/node/pull/27361)
  - upgrade npm to 6.9.0 (Kat Marchán)
    [#26244](https://github.com/nodejs/node/pull/26244)
  - upgrade openssl sources to 1.1.1b (Sam Roberts)
    [#26327](https://github.com/nodejs/node/pull/26327)
  - upgrade to libuv 1.28.0 (cjihrig)
    [#27241](https://github.com/nodejs/node/pull/27241)
- **events**:
  - add once method to use promises with EventEmitter (Matteo Collina)
   [#26078](https://github.com/nodejs/node/pull/26078)
- **n-api**:
  - mark thread-safe function as stable (Gabriel Schulhof)
    [#25556](https://github.com/nodejs/node/pull/25556)
- **repl**:
  - support top-level for-await-of (Shelley Vohr)
    [#23841](https://github.com/nodejs/node/pull/23841)
- **zlib**:
  - add brotli support (Anna Henningsen)
    [#24938](https://github.com/nodejs/node/pull/24938)

PR-URL: https://github.com/nodejs/node/pull/27514
2019-05-28 23:45:42 +01:00
Ruben Bridgewater
8a282dc93a
2019-05-22, Version v12.3.1 (Current)
Notable changes

* deps:
  * Fix handling of +0/-0 when constant field tracking is enabled
    (Michaël Zasso) https://github.com/nodejs/node/pull/27792
  * Fix `os.freemem()` and `os.totalmem` correctness (cjihrig)
    https://github.com/nodejs/node/pull/27718
* src:
  * Fix v12.3.0 regression that prevents native addons from compiling
    https://github.com/nodejs/node/pull/27804

PR-URL: https://github.com/nodejs/node/pull/27814
2019-05-22 20:56:15 +02:00
Ruben Bridgewater
9fec70a703
2019-05-21, Version 12.3.0 (Current)
Notable changes:

* esm:
  * Added the `--experimental-wasm-modules` flag to support
    WebAssembly modules (Myles Borins & Guy Bedford)
    https://github.com/nodejs/node/pull/27659
* process:
  * Log errors using `util.inspect` in case of fatal exceptions
    (Ruben Bridgewater) https://github.com/nodejs/node/pull/27243
* repl:
  * Add `process.on('uncaughtException')` support (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/27151
* stream:
  * Implemented `Readable.from` async iterator utility (Guy Bedford)
    https://github.com/nodejs/node/pull/27660
* tls:
  * Expose built-in root certificates (Ben Noordhuis)
    https://github.com/nodejs/node/pull/26415
  * Support `net.Server` options (Luigi Pinca)
    https://github.com/nodejs/node/pull/27665
  * Expose `keylog` event on TLSSocket (Alba Mendez)
    https://github.com/nodejs/node/pull/27654
* worker:
  * Added the ability to unshift messages from the `MessagePort`
    (Anna Henningsen) https://github.com/nodejs/node/pull/27294

PR-URL: https://github.com/nodejs/node/pull/27799
2019-05-21 21:23:52 +02:00
Richard Lau
4a18b87a3f doc,tools: updates for 6.x End-of-Life
PR-URL: https://github.com/nodejs/node/pull/27658
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
2019-05-14 15:10:19 -07:00
Michaël Zasso
e006a8545e
2019-05-07, Version 12.2.0 (Current)
Notable changes:

* deps:
  * Updated llhttp to 1.1.3. This fixes a bug that made Node.js' HTTP
    parser refuse any request URL that contained the "|" (vertical bar)
    character. https://github.com/nodejs/node/pull/27595
* tls:
  * Added an `enableTrace()` method to `TLSSocket` and an `enableTrace`
    option to `tls.createServer()`. When enabled, TSL packet trace
    information is written to `stderr`. This can be used to debug TLS
    connection problems. https://github.com/nodejs/node/pull/27497
    https://github.com/nodejs/node/pull/27376
* cli:
  * Added a `--trace-tls` command-line flag that enables tracing of TLS
    connections without the need to modify existing application code.
    https://github.com/nodejs/node/pull/27497
  * Added a `--cpu-prof-interval` command-line flag. It can be used to
    specify the sampling interval for the CPU profiles generated by
    `--cpu-prof`. https://github.com/nodejs/node/pull/27535
* module:
  * Added the `createRequire()` method. It allows to create a require
    function from a file URL object, a file URL string or an absolute
    path string. The existing `createRequireFromPath()` method is now
    deprecated https://github.com/nodejs/node/pull/27405.
  * Throw on `require('./path.mjs')`. This is technically a breaking
    change that should have landed with Node.js 12.0.0. It is necessary
    to have this to keep the possibility for a future minor version to
    load ES Modules with the require function.
    https://github.com/nodejs/node/pull/27417
* repl:
  * The REPL now supports multi-line statements using `BigInt` literals
    as well as public and private class fields and methods.
    https://github.com/nodejs/node/pull/27400
  * The REPL now supports tab autocompletion of file paths with `fs`
    methods. https://github.com/nodejs/node/pull/26648
* meta:
  * Added Christian Clauss (https://github.com/cclauss) to
    collaborators. https://github.com/nodejs/node/pull/27554

PR-URL: https://github.com/nodejs/node/pull/27578
2019-05-07 20:38:46 +02:00
Shelley Vohr
ea46db6642
2019-04-30, Version 11.15.0 (Current)
Notable changes:

* deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](https://github.com/nodejs/node/pull/19794)
* src: add .code and SSL specific error properties (Sam Roberts) [#25093](https://github.com/nodejs/node/pull/25093)
* tls:
  * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951)
  * supported shared openssl 1.1.0 (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951)
  * revert default max toTLSv1.2 (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951)
  * revert change to invalid protocol error type (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951)
  * support TLSv1.3 (Sam Roberts) [#26209](https://github.com/nodejs/node/pull/26209)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](https://github.com/nodejs/node/pull/24729)

PR-URL: https://github.com/nodejs/node/pull/27314
2019-04-30 09:18:04 -07:00
Michaël Zasso
1d4a880700
2019-04-29, Version 12.1.0 (Current)
Notable changes:

* intl:
  * Update ICU to 64.2. This adds support for Japanese Era (Reiwa).
    https://github.com/nodejs/node/pull/27361
  * Fixes a bug in ICU that affected Node.js 12.0.0 in the case where
    `new Date().toLocaleString()` was called with a non-default locale.
    https://github.com/nodejs/node/pull/27415
* C++ API:
  * Added an overload of `EmitAsyncDestroy` that can be used during
    garbage collection.
    https://github.com/nodejs/node/pull/27255

PR-URL: https://github.com/nodejs/node/pull/27440
2019-04-29 16:38:53 +02:00
Rivaldo Junior
e029b927c2
Add Node 12 to the first list of versions
PR-URL: https://github.com/nodejs/node/pull/27414
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
2019-04-26 11:25:05 +02:00
Beth Griggs
d896f03578
2019-04-23, Version 12.0.0 (Current)
Notable changes:

* assert:
    * validate required arguments (Ruben Bridgewater)
      [#26641](https://github.com/nodejs/node/pull/26641)
    * adjust loose assertions (Ruben Bridgewater)
      [#25008](https://github.com/nodejs/node/pull/25008)
* async_hooks:
    * remove deprecated `emitBefore` and `emitAfter` (Matteo Collina)
      [#26530](https://github.com/nodejs/node/pull/26530)
    * remove promise object from resource (Andreas Madsen)
      [#23443](https://github.com/nodejs/node/pull/23443)
* bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater)
      [#24874](https://github.com/nodejs/node/pull/24874)
* buffer:
    * use stricter range checks (Ruben Bridgewater)
      [#27045](https://github.com/nodejs/node/pull/27045)
    * harden `SlowBuffer` creation (ZYSzys)
      [#26272](https://github.com/nodejs/node/pull/26272)
    * harden validation of buffer allocation size (ZYSzys)
      [#26162](https://github.com/nodejs/node/pull/26162)
    * do proper error propagation in addon methods (Anna Henningsen)
      [#23939](https://github.com/nodejs/node/pull/23939)
* child_process:
    * remove `options.customFds` (cjihrig)
      [#25279](https://github.com/nodejs/node/pull/25279)
    * harden fork arguments validation (ZYSzys)
      [#27039](https://github.com/nodejs/node/pull/27039)
    * use non-infinite `maxBuffer` defaults (kohta ito)
      [#23027](https://github.com/nodejs/node/pull/23027)
* console:
    * don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
* crypto:
    * remove legacy native handles (Tobias Nießen)
      [#27011](https://github.com/nodejs/node/pull/27011)
    * decode missing passphrase errors (Tobias Nießen)
      [#25208](https://github.com/nodejs/node/pull/25208)
    * remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()`
      (Tobias Nießen)
      [#26249](https://github.com/nodejs/node/pull/26249)
    * remove deprecated `crypto._toBuf()` (Tobias Nießen)
      [#25338](https://github.com/nodejs/node/pull/25338)
    * set `DEFAULT\_ENCODING` property to non-enumerable
      (Antoine du Hamel)
      [#23222](https://github.com/nodejs/node/pull/23222)
* deps:
    * update V8 to 7.4.288.13
    (Michaël Zasso, cjihrig, Refael Ackermann)
    (Anna Henningsen, Ujjwal Sharma)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * bump minimum icu version to 63 (Ujjwal Sharma)
      [#25852](https://github.com/nodejs/node/pull/25852)
    * update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu)
      [#26327](https://github.com/nodejs/node/pull/26327)
* errors:
    * update error name (Ruben Bridgewater)
      [#26738](https://github.com/nodejs/node/pull/26738)
* fs:
    * use proper .destroy() implementation for SyncWriteStream
      (Matteo Collina)
      [#26690](https://github.com/nodejs/node/pull/26690)
    * improve mode validation (Ruben Bridgewater)
      [#26575](https://github.com/nodejs/node/pull/26575)
    * harden validation of start option in `createWriteStream()`
      (ZYSzys)
      [#25579](https://github.com/nodejs/node/pull/25579)
    * make writeFile consistent with readFile wrt fd
      (Sakthipriyan Vairamani (thefourtheye))
      [#23709](https://github.com/nodejs/node/pull/23709)
* http:
    * validate timeout in `ClientRequest()` (cjihrig)
      [#26214](https://github.com/nodejs/node/pull/26214)
    * return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still)
      [#25605](https://github.com/nodejs/node/pull/25605)
    * switch default parser to llhttp (Anna Henningsen)
      [#24870](https://github.com/nodejs/node/pull/24870)
    * Runtime-deprecate `outgoingMessage._headers` and
      `outgoingMessage._headerNames` (Morgan Roderick)
      [#24167](https://github.com/nodejs/node/pull/24167)
* lib:
    * remove `Atomics.wake()` (Gus Caplan)
      [#27033](https://github.com/nodejs/node/pull/27033)
    * move DTRACE\_\* probes out of global scope (James M Snell)
      [#26541](https://github.com/nodejs/node/pull/26541)
    * deprecate `_stream_wrap` (Sam Roberts)
      [#26245](https://github.com/nodejs/node/pull/26245)
    * use ES6 class inheritance style (Ruben Bridgewater)
      [#24755](https://github.com/nodejs/node/pull/24755)
* module:
    * remove unintended access to deps/ (Anna Henningsen)
      [#25138](https://github.com/nodejs/node/pull/25138)
    * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](https://github.com/nodejs/node/pull/25690)
    * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](https://github.com/nodejs/node/pull/25690)
    * remove dead code (Ruben Bridgewater)
      [#26983](https://github.com/nodejs/node/pull/26983)
    * make `require('.')` never resolve outside the current directory
      (Ruben Bridgewater)
      [#26973](https://github.com/nodejs/node/pull/26973)
    * throw an error for invalid package.json main entries
      (Ruben Bridgewater)
      [#26823](https://github.com/nodejs/node/pull/26823)
    * don't search in `require.resolve.paths` (cjihrig)
      [#23683](https://github.com/nodejs/node/pull/23683)
* net:
    * remove `Server.listenFD()` (cjihrig)
      [#27127](https://github.com/nodejs/node/pull/27127)
    * do not add `.host` and `.port` properties to DNS error
      (Ruben Bridgewater)
      [#26751](https://github.com/nodejs/node/pull/26751)
    * emit "write after end" errors in the next tick (Ouyang Yadong)
      [#24457](https://github.com/nodejs/node/pull/24457)
    * deprecate `_setSimultaneousAccepts()` undocumented function
      (James M Snell)
      [#23760](https://github.com/nodejs/node/pull/23760)
* os:
    * implement `os.type()` using `uv_os_uname()` (cjihrig)
      [#25659](https://github.com/nodejs/node/pull/25659)
    * remove `os.getNetworkInterfaces()` (cjihrig)
      [#25280](https://github.com/nodejs/node/pull/25280)
* process:
    * make global.process, global.Buffer getters (Guy Bedford)
      [#26882](https://github.com/nodejs/node/pull/26882)
    * move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
      [#25828](https://github.com/nodejs/node/pull/25828)
    * exit on --debug and --debug-brk after option parsing
      (Joyee Cheung)
      [#25828](https://github.com/nodejs/node/pull/25828)
    * improve `--redirect-warnings` handling (Ruben Bridgewater)
      [#24965](https://github.com/nodejs/node/pull/24965)
* readline:
    * support TERM=dumb (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
* repl:
    * add welcome message (gengjiawen)
      [#25947](https://github.com/nodejs/node/pull/25947)
    * fix terminal default setting (Ruben Bridgewater)
      [#26518](https://github.com/nodejs/node/pull/26518)
    * check colors with `.getColorDepth()` (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
    * deprecate REPLServer.rli (Ruben Bridgewater)
      [#26260](https://github.com/nodejs/node/pull/26260)
* src:
    * remove unused `INT_MAX` constant (Sam Roberts)
      [#27078](https://github.com/nodejs/node/pull/27078)
    * update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * remove `AddPromiseHook()` (Anna Henningsen)
      [#26574](https://github.com/nodejs/node/pull/26574)
    * clean up `MultiIsolatePlatform` interface (Anna Henningsen)
      [#26384](https://github.com/nodejs/node/pull/26384)
    * properly configure default heap limits (Ali Ijaz Sheikh)
      [#25576](https://github.com/nodejs/node/pull/25576)
    * remove `icuDataDir` from node config (GauthamBanasandra)
      [#24780](https://github.com/nodejs/node/pull/24780)
* tls:
    * support TLSv1.3 (Sam Roberts)
      [#26209](https://github.com/nodejs/node/pull/26209)
    * return correct version from `getCipher()` (Sam Roberts)
      [#26625](https://github.com/nodejs/node/pull/26625)
    * check arg types of renegotiate() (Sam Roberts)
      [#25876](https://github.com/nodejs/node/pull/25876)
    * add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts)
      [#24729](https://github.com/nodejs/node/pull/24729)
    * emit a warning when servername is an IP address (Rodger Combs)
      [#23329](https://github.com/nodejs/node/pull/23329)
    * disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
      [#23814](https://github.com/nodejs/node/pull/23814)
    * remove unused arg to createSecureContext() (Sam Roberts)
      [#24241](https://github.com/nodejs/node/pull/24241)
    * deprecate `Server.prototype.setOptions()` (cjihrig)
      [#23820](https://github.com/nodejs/node/pull/23820)
    * load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong)
      [#23354](https://github.com/nodejs/node/pull/23354)
* util:
    * remove `util.print()`, `util.puts()`, `util.debug()`
      and `util.error()` (cjihrig)
      [#25377](https://github.com/nodejs/node/pull/25377)
    * change inspect compact and breakLength default
      (Ruben Bridgewater)
      [#27109](https://github.com/nodejs/node/pull/27109)
    * improve inspect edge cases (Ruben Bridgewater)
      [#27109](https://github.com/nodejs/node/pull/27109)
    * only the first line of the error message (Simon Zünd)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * don't set the prototype of callbackified functions
      (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * rename callbackified function (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * increase function length when using `callbackify()`
      (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * prevent tampering with internals in `inspect()`
      (Ruben Bridgewater)
      [#26577](https://github.com/nodejs/node/pull/26577)
    * prevent Proxy traps being triggered by `.inspect()`
      (Ruben Bridgewater)
      [#26241](https://github.com/nodejs/node/pull/26241)
    * prevent leaking internal properties (Ruben Bridgewater)
      [#24971](https://github.com/nodejs/node/pull/24971)
    * protect against monkeypatched Object prototype for inspect()
      (Rich Trott)
      [#25953](https://github.com/nodejs/node/pull/25953)
    * treat format arguments equally (Roman Reiss)
      [#23162](https://github.com/nodejs/node/pull/23162)
* win, fs:
    * detect if symlink target is a directory (Bartosz Sosnowski)
      [#23724](https://github.com/nodejs/node/pull/23724)
* zlib:
    * throw TypeError if callback is missing (Anna Henningsen)
      [#24929](https://github.com/nodejs/node/pull/24929)
    * make “bare” constants un-enumerable (Anna Henningsen)
      [#24824](https://github.com/nodejs/node/pull/24824)

PR-URL: https://github.com/nodejs/node/pull/26930
2019-04-23 16:46:54 +01:00
Myles Borins
1c26169714
2019-04-16, Version 8.16.0 'Carbon' (LTS)
Notable Changes:

* n-api:
  - add API for asynchronous functions (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/17887
  - mark thread-safe function as stable (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/25556

PR-URL: https://github.com/nodejs/node/pull/26933
2019-04-16 16:04:56 -04:00
Beth Griggs
d42456020b
2019-04-11, Version 11.14.0 (Current)
Notable changes:

- child_process: doc deprecate ChildProcess.\_channel (cjihrig)
  [#26982](https://github.com/nodejs/node/pull/26982)
- deps: update nghttp2 to 1.37.0 (gengjiawen)
  [#26990](https://github.com/nodejs/node/pull/26990)
- dns:
  - make dns.promises enumerable (cjihrig)
    [#26592](https://github.com/nodejs/node/pull/26592)
  - remove dns.promises experimental warning (cjihrig)
    [#26592](https://github.com/nodejs/node/pull/26592)
- fs: remove experimental warning for fs.promises (Anna Henningsen)
  [#26581] (https://github.com/nodejs/node/pull/26581)
- stream: make Symbol.asyncIterator support stable (Matteo Collina)
  [#26989](https://github.com/nodejs/node/pull/26989)
- worker: use copy of process.env (Anna Henningsen)
  [#26544](https://github.com/nodejs/node/pull/26544)

PR-URL: https://github.com/nodejs/node/pull/27163
2019-04-11 17:56:55 +01:00
Beth Griggs
883a0d521f
2019-04-03, Version 6.17.1 'Boron' (LTS)
Notable changes:

- http:
  - fix error check in `Execute()` (Brian White)
    [#25939](https://github.com/nodejs/node/pull/25939)

PR-URL: https://github.com/nodejs/node/pull/26684
2019-04-03 20:35:39 +01:00
Beth Griggs
68b04274ca
doc: update changelog for v10.x LTS
PR-URL: https://github.com/nodejs/node/pull/26931
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-03-30 13:07:19 +01:00
Michaël Zasso
2c73868b04
2019-03-28, Version 11.13.0 (Current)
Notable changes:

* crypto
  * Allow deriving public from private keys (Tobias Nießen)
    [#26278](https://github.com/nodejs/node/pull/26278).
* events
  * Added a `once` function to use `EventEmitter` with promises
    (Matteo Collina) [#26078](https://github.com/nodejs/node/pull/26078).
* tty
  * Added a `hasColors` method to `WriteStream` (Ruben Bridgewater)
    [#26247](https://github.com/nodejs/node/pull/26247).
  * Added NO_COLOR and FORCE_COLOR support (Ruben Bridgewater)
    [#26485](https://github.com/nodejs/node/pull/26485).
* v8
  * Added `v8.getHeapSnapshot` and `v8.writeHeapSnapshot` to generate snapshots
    in the format used by tools such as Chrome DevTools (James M Snell)
    [#26501](https://github.com/nodejs/node/pull/26501).
* worker
  * Added `worker.moveMessagePortToContext`. This enables using MessagePorts in
    different vm.Contexts, aiding with the isolation that the vm module seeks to
    provide (Anna Henningsen)
    [#26497](https://github.com/nodejs/node/pull/26497).
* C++ API
  * `AddPromiseHook` is now deprecated. This API was added to fill an use case
    that is served by `async_hooks`, since that has `Promise` support
    (Anna Henningsen) [#26529](https://github.com/nodejs/node/pull/26529).
  * Added a `Stop` API to shut down Node.js while it is running
    (Gireesh Punathil) [#21283](https://github.com/nodejs/node/pull/21283).
* meta
  * [Gireesh Punathil](https://github.com/gireeshpunathil) is now a member of
    the Technical Steering Committee
    [#26657](https://github.com/nodejs/node/pull/26657).
  * Added [Yongsheng Zhang](https://github.com/ZYSzys) to collaborators
    [#26730](https://github.com/nodejs/node/pull/26730).

PR-URL: https://github.com/nodejs/node/pull/26949
2019-03-28 20:23:29 +01:00
Ruben Bridgewater
969c63a0f1
2019-03-15, Version 11.12.0 (Current)
Notable Changes

* bootstrap:
  * Add experimental `--frozen-intrinsics` flag (Guy Bedford)
    https://github.com/nodejs/node/pull/25685
* build:
  * Enable v8's siphash for hash seed creation (Rod Vagg)
    https://github.com/nodejs/node/pull/26367
* deps:
  * Upgrade openssl to 1.1.1b (Sam Roberts)
    https://github.com/nodejs/node/pull/26327
* process:
  * Make `process[Symbol.toStringTag]` writable again
    (Ruben Bridgewater) https://github.com/nodejs/node/pull/26488
* repl:
  * Add `util.inspect.replDefaults` to customize the writer
    (Ruben Bridgewater) https://github.com/nodejs/node/pull/26375
* report:
  * Rename `triggerReport()` to `writeReport()` (Colin Ihrig)
    https://github.com/nodejs/node/pull/26527
2019-03-15 22:03:09 +01:00
Ruben Bridgewater
b22ee71ef6
2019-03-06, Version 11.11.0 (Current)
Notable Changes

* n-api:
  * Implement date object (Jarrod Connolly)
    https://github.com/nodejs/node/pull/25917
* util:
  * Add compact depth mode for `util.inspect()` (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/26269
* worker:
  * Improve integration with native addons (Anna Henningsen)
    https://github.com/nodejs/node/pull/26175
  * MessagePort.prototype.onmessage takes arguments closer to the Web
    specification now (Anna Henningsen)
    https://github.com/nodejs/node/pull/26082
2019-03-06 20:24:50 +01:00
Beth Griggs
a52c1ead02
2019-03-05, Version 10.15.3 'Dubnium' (LTS)
Notable Changes

* **doc**
  * add antsmartian to collaborators (Anto Aravinth)
    [#24655](https://github.com/nodejs/node/pull/24655)
* **http**
  * fix error check in Execute() (Brian White)
    [#25863](https://github.com/nodejs/node/pull/25863)
* **stream**
  * fix end-of-stream for HTTP/2 (Anna Henningsen)
    [#24926](https://github.com/nodejs/node/pull/24926)

PR-URL: https://github.com/nodejs/node/pull/26063
2019-03-05 17:08:25 +00:00
Rod Vagg
0d64a56012 2019-02-28, Version 6.17.0 'Boron' (LTS)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * Node.js: Denial of Service with keep-alive HTTP connections
    (CVE-2019-5739)
  * Node.js: Slowloris HTTP Denial of Service with keep-alive
    (CVE-2019-5737)
  * OpenSSL: 0-byte record padding oracle (CVE-2019-1559)

Notable Changes:

* deps: OpenSSL has been upgraded to 1.0.2r which contains a fix for
  CVE-2019-1559 (https://www.openssl.org/news/secadv/20190226.txt). Under
  certain circumstances, a TLS server can be forced to respond differently to
  a client if a zero-byte record is received with an invalid padding
  compared to a zero-byte record with an invalid MAC. This can be used as the
  basis of a padding oracle attack to decrypt data.
* http:
  - Backport `server.keepAliveTimeout` to prevent keep-alive HTTP and HTTPS
    connections remaining open and inactive for an extended period of time,
    leading to a potential Denial of Service (DoS).
    (CVE-2019-5739 / Timur Shemsedinov, Matteo Collina)
  - Further prevention of "Slowloris" attacks on HTTP and HTTPS
    connections by consistently applying the receive timeout set by
    `server.headersTimeout` to connections in keep-alive mode. Reported by
    Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/169
2019-02-28 22:36:11 +11:00
Rod Vagg
980cce6d29 2019-02-28, Version 8.15.1 'Carbon' (LTS)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * Node.js: Slowloris HTTP Denial of Service with keep-alive
    (CVE-2019-5737)
  * OpenSSL: 0-byte record padding oracle (CVE-2019-1559)

Notable Changes:

* deps: OpenSSL has been upgraded to 1.0.2r which contains a fix for
  CVE-2019-1559 (https://www.openssl.org/news/secadv/20190226.txt). Under
  certain circumstances, a TLS server can be forced to respond differently to
  a client if a zero-byte record is received with an invalid padding
  compared to a zero-byte record with an invalid MAC. This can be used as the
  basis of a padding oracle attack to decrypt data.
* http: Further prevention of "Slowloris" attacks on HTTP and HTTPS
  connections by consistently applying the receive timeout set by
  `server.headersTimeout` to connections in keep-alive mode. Reported by
  Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/165
2019-02-28 22:31:14 +11:00
Rod Vagg
b974d0dd64 2019-02-28, Version 10.15.2 'Dubnium' (LTS)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

A fix for the following CVE is included in this release:

  * Node.js: Slowloris HTTP Denial of Service with keep-alive
    (CVE-2019-5737)

Notable Changes:

* http: Further prevention of "Slowloris" attacks on HTTP and HTTPS
  connections by consistently applying the receive timeout set by
  `server.headersTimeout` to connections in keep-alive mode. Reported by
  Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/164
2019-02-28 22:29:17 +11:00
Rod Vagg
f1cefdca80 2019-02-28, Version 11.10.1 (Current)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

A fix for the following CVE is included in this release:

  * Node.js: Slowloris HTTP Denial of Service with keep-alive
    (CVE-2019-5737)

Notable Changes:

* http: Further prevention of "Slowloris" attacks on HTTP and HTTPS
  connections by consistently applying the receive timeout set by
  `server.headersTimeout` to connections in keep-alive mode. Reported by
  Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/163
2019-02-28 22:27:59 +11:00
Michaël Zasso
82ee0ff1b8
2018-02-14, Version 11.10.0 (Current)
Notable changes:

deps:
  * Updated libuv to 1.26.0.
  * Updated npm to 6.7.0.
http, http2:
  * `response.writeHead` now returns the response object.
perf_hooks:
  * Implemented a histogram based API.
process:
  * Exposed `process.features.inspector`.
repl:
  * Added `repl.setupHistory` for programmatic repl.
tls:
  * Introduced client "session" event.

PR-URL: https://github.com/nodejs/node/pull/26098
2019-02-14 23:55:48 +01:00
Michaël Zasso
9e08386e61
2019-01-30, Version 11.9.0 (Current)
Notable changes:

* deps:
  * OpenSSL has been updated to 1.1.1a, which is API/ABI compatible with
    the previous OpenSSL 1.1.0j. Note that while OpenSSL 1.1.1a supports
    TLS1.3, Node.js still does not.
    https://github.com/nodejs/node/pull/25582

PR-URL: https://github.com/nodejs/node/pull/25802
2019-01-30 23:06:17 +01:00
Shelley Vohr
d56212e6ef
2019-01-29, Version 10.15.1 'Dubnium' (LTS)
* doc:
  * add oyyd to collaborators (Ouyang Yadong) [#24300](https://github.com/nodejs/node/pull/24300)
* tls:
  * throw if protocol too long (Andre Jodat-Danbrani) [#23606](https://github.com/nodejs/node/pull/23606)

PR-URL: https://github.com/nodejs/node/pull/25346
2019-01-29 10:17:08 -08:00
Myles Borins
641de82404
2019-01-24, Version 11.8.0 (Current)
Notable Changes:

* events:
  * For unhandled `error` events with an argument that is not an
    `Error` object, the resulting exeption will have more information
    about the argument.
    https://github.com/nodejs/node/pull/25621
* child_process:
  * When the `maxBuffer` option is passed, `stdout` and `stderr` will
    be truncated rather than unavailable in case of an error.
    https://github.com/nodejs/node/pull/24951
* policy:
  * Experimental support for module integrity checks through a manifest
    file is implemented now.
    https://github.com/nodejs/node/pull/23834
* n-api:
  * The `napi_threadsafe_function` feature is now stable.
    https://github.com/nodejs/node/pull/25556
* report:
  * An experimental diagnostic API for capturing process state is
    available as `process.report` and through command line flags.
    https://github.com/nodejs/node/pull/22712
* tls:
  * `tls.connect()` takes a `timeout` option analogous to the
    `net.connect()` one.
    https://github.com/nodejs/node/pull/25517
* worker:
  * `process.umask()` is available as a read-only function inside Worker
    threads now.
    https://github.com/nodejs/node/pull/25526
  * An `execArgv` option that supports a subset of Node.js command line
    options is supported now.
    https://github.com/nodejs/node/pull/25467

PR-URL: https://github.com/nodejs/node/pull/25687
2019-01-24 20:51:40 -05:00
Ruben Bridgewater
d3f8f905b3
2019-01-17, Version 11.7.0 (Current), @BridgeAR
Notable Changes

* compression / zlib:
  * Added brotli support (Anna Henningsen and Zach Vacura)
    https://github.com/nodejs/node/pull/24938
* console:
  * Added `inspectOptions` option (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/24978
* crypto:
  * Always accept private keys as public keys (Tobias Nießen)
    https://github.com/nodejs/node/pull/25217
* deps:
  * Upgrade npm to v6.5.0 (Jordan Harband)
    https://github.com/nodejs/node/pull/25234
* fs:
  * Use internalBinding('fs') internally instead of
    process.binding('fs') (Masashi Hirano)
    https://github.com/nodejs/node/pull/22478
* http(s):
  * Support overriding http\\s.globalAgent (Roy Sommer)
    https://github.com/nodejs/node/pull/25170
* util:
  * Inspect ArrayBuffers contents closely (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/25006
* worker:
  * Expose workers by default and remove `--experimental-worker` flag
    (Anna Henningsen) https://github.com/nodejs/node/pull/25361

PR-URL: https://github.com/nodejs/node/pull/25537
2019-01-18 14:03:19 +01:00
Myles Borins
e01999db14
2018-12-26, Version 11.6.0 (Current)
Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    https://github.com/nodejs/node/pull/24811
* crypto:
  - always accept certificates as public keys (Tobias Nießen)
    https://github.com/nodejs/node/pull/24234
  - add key object API (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234)
  - update root certificates (Sam Roberts)
    https://github.com/nodejs/node/pull/25113
* deps:
  - upgrade to libuv 1.24.1 (cjihrig)
    https://github.com/nodejs/node/pull/25078
  - upgrade npm to 6.5.0 (Audrey Eschright)
    https://github.com/nodejs/node/pull/24734
* http:
  - add maxHeaderSize property (cjihrig)
    https://github.com/nodejs/node/pull/24860

PR-URL: https://github.com/nodejs/node/pull/25175
2018-12-26 11:24:51 -05:00
Myles Borins
78f2e142c5
2018-12-26, Version 10.15.0 'Dubnium' (LTS)
The 10.14.0 security release introduced some unexpected breakages on
the 10.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.

Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    https://github.com/nodejs/node/pull/24811
* http:
  - add maxHeaderSize property (cjihrig)
    https://github.com/nodejs/node/pull/24860

PR-URL: https://github.com/nodejs/node/pull/25176
2018-12-26 11:24:26 -05:00
Myles Borins
9542324d9e
2018-12-26, Version 8.15.0 'Carbon' (LTS)
The 8.14.0 security release introduced some unexpected breakages on
the 8.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.

Notable changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    https://github.com/nodejs/node/pull/24811
* http:
  - add maxHeaderSize property (cjihrig)
    https://github.com/nodejs/node/pull/24860

PR-URL: https://github.com/nodejs/node/pull/25177
2018-12-26 11:23:32 -05:00
Myles Borins
7b9c9b3dcc
2018-12-26, Version 6.16.0 'Boron' (LTS)
The 6.15.0 security release introduced some unexpected breakages on
the 6.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.

Notable changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    https://github.com/nodejs/node/pull/24811
* http:
  - add maxHeaderSize property (cjihrig)
    https://github.com/nodejs/node/pull/24860

PR-URL: https://github.com/nodejs/node/pull/25178
2018-12-26 11:22:24 -05:00