Commit Graph

606 Commits

Author SHA1 Message Date
Richard Lau
44084b81bb
doc: mark Node.js 16 as End-of-Life
PR-URL: https://github.com/nodejs/node/pull/49651
Refs: https://nodejs.org/en/blog/announcements/nodejs16-eol
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
2023-09-14 16:22:41 +00:00
RafaelGSS
0a2ab4c77c
2023-09-08, Version 20.6.1 (Current)
Notable changes:

esm:
  * fix loading of CJS modules from ESM (Antoine du Hamel) https://github.com/nodejs/node/pull/49500

PR-URL: https://github.com/nodejs/node/pull/49528
2023-09-08 11:45:05 -04:00
Ulises Gascón
12354260db 2023-09-04, Version 20.6.0 (Current)
Notable changes:

deps:
  * V8: cherry-pick 93275031284c (Joyee Cheung) #48660
doc:
  * add new TSC members (Michael Dawson) #48841
  * add rluvaton to collaborators (Raz Luvaton) #49215
esm:
  * unflag import.meta.resolve (Guy Bedford) #49028
  * add `initialize` hook, integrate with `register` (Izaak Schroeder) #48842
  * unflag `Module.register` and allow nested loader `import()` (Izaak Schroeder) #48559
inspector:
  * (SEMVER-MINOR) open add `SymbolDispose` (Chemi Atlow) #48765
module:
  * implement `register` utility (João Lenon) #46826
  * make CJS load from ESM loader (Antoine du Hamel) #47999
src:
  * add built-in `.env` file support (Yagiz Nizipli) #48890
  * initialize cppgc (Daryl Haresign and Joyee Cheung) #48660 and #45704
test_runner:
  * (SEMVER-MINOR) expose location of tests (Colin Ihrig) #48975

PR-URL: https://github.com/nodejs/node/pull/49185
2023-09-04 15:01:52 -05:00
RafaelGSS
ae25da20fa 2023-08-09, Version 20.5.1 (Current)
This is a security release.

Notable changes:

* CVE-2023-32002: Policies can be bypassed via Module.\_load (High)
* CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High)
* CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* CVE-2023-32005: fs.statfs can bypass the permission model (Low)
* CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
* OpenSSL Security Releases
  * https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
  * https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
  * https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html

PR-URL: https://github.com/nodejs-private/node-private/pull/465
2023-08-09 14:24:18 -03:00
RafaelGSS
6d46d986a4 2023-08-09, Version 18.17.1 'Hydrogen' (LTS)
Notable changes:

Following CVEs are fixed in this release:

* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
  * https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
  * https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
  * https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html

PR-URL: https://github.com/nodejs-private/node-private/pull/463
2023-08-09 14:02:22 -03:00
RafaelGSS
eed21991fb 2023-08-09, Version 16.20.2 'Gallium' (LTS)
This is a security release.

Notable changes:

Following CVEs are fixed in this release:

* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
  * https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
  * https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
  * https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html

PR-URL: https://github.com/nodejs-private/node-private/pull/458
2023-08-09 13:36:10 -03:00
Juan José Arboleda
d5761a4f8e 2023-07-18, Version 20.5.0 (Current)
Notable changes:

doc:
  * add atlowChemi to collaborators (atlowChemi) https://github.com/nodejs/node/pull/48757
events:
  * (SEMVER-MINOR) allow safely adding listener to abortSignal (Chemi Atlow) https://github.com/nodejs/node/pull/48596
fs:
  * add a fast-path for readFileSync utf-8 (Yagiz Nizipli) https://github.com/nodejs/node/pull/48658
test_runner:
  * (SEMVER-MINOR) add shards support (Raz Luvaton) https://github.com/nodejs/node/pull/48639

PR-URL: https://github.com/nodejs/node/pull/48761
2023-07-20 16:28:46 -05:00
Danielle Adams
51513b23e8
2023-07-18, Version 18.17.0 'Hydrogen' (LTS)
Notable changes:

Ada 2.0
Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This
update brings significant performance improvements to URL parsing, including
enhancements to the url.domainToASCII and url.domainToUnicode functions
in node:url.

Ada 2.0 has been integrated into the Node.js codebase, ensuring that all
parts of the application can benefit from the improved performance. Additionally,
Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.

Contributed by Yagiz Nizipli and Daniel Lemire in https://github.com/nodejs/node/pull/47339

Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per
their WebIDL definitions like in other Web Crypto API implementations. This
further improves interoperability with other implementations of Web Crypto API.

Contributed by Filip Skokan in https://github.com/nodejs/node/pull/46067

crypto:
  * update root certificates to NSS 3.89 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47659
dns:
  * (SEMVER-MINOR) expose getDefaultResultOrder (btea) https://github.com/nodejs/node/pull/46973
doc:
  * add ovflowd to collaborators (Claudio Wunder) https://github.com/nodejs/node/pull/47844
  * add KhafraDev to collaborators (Matthew Aitken) https://github.com/nodejs/node/pull/47510
* events:
  * (SEMVER-MINOR) add getMaxListeners method (Matthew Aitken) https://github.com/nodejs/node/pull/47039
fs:
  * (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
  * (SEMVER-MINOR) add recursive option to readdir and opendir (Ethan Arrowood) https://github.com/nodejs/node/pull/41439
  * (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
  * (SEMVER-MINOR) implement byob mode for readableWebStream() (Debadree Chatterjee) https://github.com/nodejs/node/pull/46933
http:
  * (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) https://github.com/nodejs/node/pull/47732
  * (SEMVER-MINOR) remove internal error in assignSocket (Matteo Collina) https://github.com/nodejs/node/pull/47723
  * (SEMVER-MINOR) add highWaterMark opt in http.createServer (HinataKah0) https://github.com/nodejs/node/pull/47405
lib:
  * (SEMVER-MINOR) add webstreams to Duplex.from() (Debadree Chatterjee) https://github.com/nodejs/node/pull/46190
  * (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) https://github.com/nodejs/node/pull/47821
module:
  * change default resolver to not throw on unknown scheme (Gil Tayar) https://github.com/nodejs/node/pull/47824
node-api:
  * (SEMVER-MINOR) define version 9 (Chengzhong Wu) https://github.com/nodejs/node/pull/48151
  * (SEMVER-MINOR) deprecate napi_module_register (Vladimir Morozov) https://github.com/nodejs/node/pull/46319
stream:
  * (SEMVER-MINOR) preserve object mode in compose (Raz Luvaton) https://github.com/nodejs/node/pull/47413
  * (SEMVER-MINOR) add setter & getter for default highWaterMark (#46929) (Robert Nagy) https://github.com/nodejs/node/pull/46929
test:
  * unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
test_runner:
  * (SEMVER-MINOR) add shorthands to `test` (Chemi Atlow) https://github.com/nodejs/node/pull/47909
  * (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) https://github.com/nodejs/node/pull/47686
  * (SEMVER-MINOR) execute before hook on test (Chemi Atlow) https://github.com/nodejs/node/pull/47586
  * (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow) https://github.com/nodejs/node/pull/47238
tools:
  * update LICENSE and license-builder.sh (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
url:
  * (SEMVER-MINOR) implement URL.canParse (Matthew Aitken) https://github.com/nodejs/node/pull/47179
wasi:
  * (SEMVER-MINOR) no longer require flag to enable wasi (Michael Dawson) https://github.com/nodejs/node/pull/47286

PR-URL: https://github.com/nodejs/node/pull/48694
2023-07-18 15:37:22 -04:00
RafaelGSS
8fc3851da7 2023-07-05, Version 20.4.0 (Current)
Notable changes:

crypto:
  * update root certificates to NSS 3.90 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/48416
doc:
  * add vmoroz to collaborators (Vladimir Morozov) https://github.com/nodejs/node/pull/48527
  * add kvakil to collaborators (Keyhan Vakil) https://github.com/nodejs/node/pull/48449
fs, stream:
  * initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) https://github.com/nodejs/node/pull/48518
test_runner:
  * (SEMVER-MINOR) add initial draft for fakeTimers (Erick Wendel) https://github.com/nodejs/node/pull/47775
tls:
  * (SEMVER-MINOR) add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) https://github.com/nodejs/node/pull/45190

PR-URL: https://github.com/nodejs/node/pull/48643
2023-07-05 10:51:42 -03:00
RafaelGSS
b607b74a4f 2023-06-20, Version 18.16.1 'Hydrogen' (LTS)
This is a security release.

Notable changes:

Following CVEs are fixed in this release:

* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
  * https://www.openssl.org/news/secadv/20230328.txt
  * https://www.openssl.org/news/secadv/20230420.txt
  * https://www.openssl.org/news/secadv/20230530.txt
* c-ares vulnerabilities:
  * GHSA-9g78-jv2r-p7vc
  * GHSA-8r8p-23f3-64c2
  * GHSA-54xr-f67r-4pc4
  * GHSA-x6mf-cxr9-8q6v

PR-URL: https://github.com/nodejs-private/node-private/pull/434
2023-06-20 17:26:23 -03:00
RafaelGSS
167dc77d85 2023-06-20, Version 20.3.1 (Current)
This is a security release.

Notable Changes

The following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
* CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
* CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
* CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)

* OpenSSL Security Releases
  * [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt).
  * [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt).
  * [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt)

PR-URL: https://github.com/nodejs-private/node-private/pull/435
2023-06-20 17:08:45 -03:00
RafaelGSS
c09acb3ea8 2023-06-20, Version 16.20.1 'Gallium' (LTS)
This is a security release.

Notable changes:

Following CVEs are fixed in this release:

* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
  * https://www.openssl.org/news/secadv/20230328.txt
  * https://www.openssl.org/news/secadv/20230420.txt
  * https://www.openssl.org/news/secadv/20230530.txt
* c-ares vulnerabilities:
  * GHSA-9g78-jv2r-p7vc
  * GHSA-8r8p-23f3-64c2
  * GHSA-54xr-f67r-4pc4
  * GHSA-x6mf-cxr9-8q6v

PR-URL: https://github.com/nodejs-private/node-private/pull/432
2023-06-20 16:21:56 -03:00
Michaël Zasso
5a58972207 2023-06-08, Version 20.3.0 (Current)
Notable changes:

deps:
  * upgrade to libuv 1.45.0, including significant performance
    improvements to file system operations on Linux (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
doc:
  * add Ruy Adorno to list of TSC members (Michael Dawson) https://github.com/nodejs/node/pull/48172
  * mark Node.js 14 as End-of-Life (Richard Lau) https://github.com/nodejs/node/pull/48023
lib:
  * (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) https://github.com/nodejs/node/pull/47821
module:
  * change default resolver to not throw on unknown scheme (Gil Tayar) https://github.com/nodejs/node/pull/47824
node-api:
  * (SEMVER-MINOR) define version 9 (Chengzhong Wu) https://github.com/nodejs/node/pull/48151
stream:
  * deprecate asIndexedPairs (Chemi Atlow) https://github.com/nodejs/node/pull/48102

PR-URL: https://github.com/nodejs/node/pull/48332
2023-06-08 13:00:26 -03:00
Richard Lau
6aa2aeedcb
doc: mark Node.js 19 as End-of-Life
PR-URL: https://github.com/nodejs/node/pull/48283
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Debadree Chatterjee <debadree333@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
2023-06-01 17:51:45 +00:00
Michaël Zasso
c2ca4290f6
2023-05-16, Version 20.2.0 (Current)
Notable changes:

doc:
  * add ovflowd to collaborators (Claudio Wunder) https://github.com/nodejs/node/pull/47844
http:
  * (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) https://github.com/nodejs/node/pull/47732
sea:
  * (SEMVER-MINOR) add option to disable the experimental SEA warning (Darshan Sen) https://github.com/nodejs/node/pull/47588
test_runner:
  * (SEMVER-MINOR) add `skip`, `todo`, and `only` shorthands to `test` (Chemi Atlow) https://github.com/nodejs/node/pull/47909
url:
  * (SEMVER-MINOR) add value argument to `URLSearchParams` `has` and `delete` methods (Sankalp Shubham) https://github.com/nodejs/node/pull/47885

PR-URL: https://github.com/nodejs/node/pull/48020
2023-05-16 14:40:46 +02:00
Richard Lau
fb6afb5c67
doc: mark Node.js 14 as End-of-Life
PR-URL: https://github.com/nodejs/node/pull/48023
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>
Reviewed-By: Qingyu Deng <i@ayase-lab.com>
Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Deokjin Kim <deokjin81.kim@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2023-05-16 11:20:08 +00:00
Michaël Zasso
c24a61b3f6
2023-05-03, Version 20.1.0 (Current)
Notable changes:

assert:
  * deprecate `CallTracker` (Moshe Atlow) https://github.com/nodejs/node/pull/47740
crypto:
  * update root certificates to NSS 3.89 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47659
dns:
  * (SEMVER-MINOR) expose `getDefaultResultOrder` (btea) https://github.com/nodejs/node/pull/46973
doc:
  * add KhafraDev to collaborators (Matthew Aitken) https://github.com/nodejs/node/pull/47510
fs:
  * (SEMVER-MINOR) add `recursive` option to `readdir` and `opendir` (Ethan Arrowood) https://github.com/nodejs/node/pull/41439
  * (SEMVER-MINOR) add support for `mode` flag to specify the copy behavior of the `cp` methods (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
http:
  * (SEMVER-MINOR) add `highWaterMark` option `http.createServer` (HinataKah0) https://github.com/nodejs/node/pull/47405
stream:
  * (SEMVER-MINOR) preserve object mode in `compose` (Raz Luvaton) https://github.com/nodejs/node/pull/47413
test_runner:
  * (SEMVER-MINOR) add `testNamePatterns` to `run` API (Chemi Atlow) https://github.com/nodejs/node/pull/47628
  * (SEMVER-MINOR) execute `before` hook on test (Chemi Atlow) https://github.com/nodejs/node/pull/47586
  * (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) https://github.com/nodejs/node/pull/47686
wasi:
  * (SEMVER-MINOR) make `returnOnExit` true by default (Michael Dawson) https://github.com/nodejs/node/pull/47390

PR-URL: https://github.com/nodejs/node/pull/47820
2023-05-03 17:41:05 +02:00
RafaelGSS
8920dc1801 2023-04-18, Version 20.0.0 (Current)
Notable Changes:

crypto:
  * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) https://github.com/nodejs/node/pull/46067
deps:
  * update ada to 2.0.0 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47339
esm:
  * move hook execution to separate thread (Jacob Smith) https://github.com/nodejs/node/pull/44710
sea:
  * use JSON configuration and blob content for SEA (Joyee Cheung) https://github.com/nodejs/node/pull/47125
src,process:
  * (SEMVER-MINOR) add permission model (Rafael Gonzaga) https://github.com/nodejs/node/pull/44004
url:
  * drop ICU requirement for parsing hostnames (Yagiz Nizipli) https://github.com/nodejs/node/pull/47339
  * use ada::url_aggregator for parsing urls (Yagiz Nizipli) https://github.com/nodejs/node/pull/47339
  * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) https://github.com/nodejs/node/pull/45526

Semver-Major Commits:

* [9fafb0a090] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) https://github.com/nodejs/node/pull/46432
* [1948d37595] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) https://github.com/nodejs/node/pull/46599
* [7bc0e6a4e7] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) https://github.com/nodejs/node/pull/47153
* [671ffd7825] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) https://github.com/nodejs/node/pull/45796
* [ab1614d280] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [c1bcdbcf79] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) https://github.com/nodejs/node/pull/46806
* [649f68fc1e] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) https://github.com/nodejs/node/pull/45579
* [9374700d7a] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) https://github.com/nodejs/node/pull/47182
* [1640aeb680] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) https://github.com/nodejs/node/pull/47073
* [c2e4b1fa9a] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) https://github.com/nodejs/node/pull/47028
* [3ef38c4bd7] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) https://github.com/nodejs/node/pull/46067
* [08af023b1f] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) https://github.com/nodejs/node/pull/45653
* [7eb0ac3cb6] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [a7c129f286] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [6f5655a18e] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [f226350fcb] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [d6dae7420e] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [56c436533e] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [51ab98c71b] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [9f84d3eea8] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) https://github.com/nodejs/node/pull/45579
* [f2318cd4b5] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) https://github.com/nodejs/node/pull/45579
* [16e03e7968] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) https://github.com/nodejs/node/pull/45579
* [6473f5e7f7] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) https://github.com/nodejs/node/pull/47352
* [cc18fd9608] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) https://github.com/nodejs/node/pull/45770
* [ff92b40ffc] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) https://github.com/nodejs/node/pull/46333
* [2a29df6464] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) https://github.com/nodejs/node/pull/46331
* [391dc74a10] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) https://github.com/nodejs/node/pull/46283
* [ed3604cd64] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (wwwzbwcom) https://github.com/nodejs/node/pull/45597
* [88d71dc301] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) https://github.com/nodejs/node/pull/45772
* [e4d641f02a] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) https://github.com/nodejs/node/pull/46174
* [0f3e531096] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) https://github.com/nodejs/node/pull/41276
* [5b5898ac86] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) https://github.com/nodejs/node/pull/45841
* [55321bafd1] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) https://github.com/nodejs/node/pull/46790
* [2d0d99733b] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) https://github.com/nodejs/node/pull/43716
* [dc06df31b6] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) https://github.com/nodejs/node/pull/45801
* [295b2f3ff4] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [3803b028dd] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) https://github.com/nodejs/node/pull/46825
* [e8bddac3e9] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) https://github.com/nodejs/node/pull/46705
* [f84de0ad4c] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) https://github.com/nodejs/node/pull/46427
* [a6242772ec] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [dd5c39a808] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) https://github.com/nodejs/node/pull/45579
* [63eca7fec0] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) https://github.com/nodejs/node/pull/46430
* [9e7093f416] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) https://github.com/nodejs/node/pull/46322
* [fb91ee4f26] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) https://github.com/nodejs/node/pull/45579
* [eca618071e] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [c03354d3e0] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) https://github.com/nodejs/node/pull/45508
* [c733cc0c7f] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) https://github.com/nodejs/node/pull/46983
* [7ce223273d] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [ca4bd3023e] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [58b06a269a] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [027841c964] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) https://github.com/nodejs/node/pull/46904
* [3bed5f11e0] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) https://github.com/nodejs/node/pull/45526
* [7c76fddf25] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) https://github.com/nodejs/node/pull/46718
* [4b52727976] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) https://github.com/nodejs/node/pull/47391

Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>

PR-URL: https://github.com/nodejs/node/pull/47441
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-04-18 13:04:39 -03:00
Danielle Adams
527394783e
2023-04-12, Version 18.16.0 'Hydrogen' (LTS)
Notable changes:

Add initial support for single executable applications

Compile a JavaScript file into a single executable application:

```console
$ echo 'console.log(`Hello, ${process.argv[2]}!`);' > hello.js

$ cp $(command -v node) hello

$ npx postject hello NODE_JS_CODE hello.js \
    --sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2

$ npx postject hello NODE_JS_CODE hello.js \
    --sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2 \
    --macho-segment-name NODE_JS

$ ./hello world
Hello, world!
```

Contributed by Darshan Sen in https://github.com/nodejs/node/pull/45038

Replace url parser with Ada

Node.js gets a new URL parser called Ada that is compliant with the WHATWG
URL Specification and provides more than 100% performance improvement to
the existing implementation.

Contributed by Yagiz Nizipli in https://github.com/nodejs/node/pull/46410

Other notable changes:

* buffer:
  * (SEMVER-MINOR) add Buffer.copyBytesFrom(...) (James M Snell) https://github.com/nodejs/node/pull/46500
* doc:
  * add marco-ippolito to collaborators (Marco Ippolito) https://github.com/nodejs/node/pull/46816
  * add debadree25 to collaborators (Debadree Chatterjee) https://github.com/nodejs/node/pull/46716
  * add deokjinkim to collaborators (Deokjin Kim) https://github.com/nodejs/node/pull/46444
* events:
  * (SEMVER-MINOR) add listener argument to listenerCount (Paolo Insogna) https://github.com/nodejs/node/pull/46523
* lib:
  * (SEMVER-MINOR) add AsyncLocalStorage.bind() and .snapshot() (flakey5) https://github.com/nodejs/node/pull/46387
  * (SEMVER-MINOR) add aborted() utility function (Debadree Chatterjee) https://github.com/nodejs/node/pull/46494
* src:
  * (SEMVER-MINOR) allow optional Isolate termination in node::Stop() (Shelley Vohr) https://github.com/nodejs/node/pull/46583
  * (SEMVER-MINOR) allow embedder control of code generation policy (Shelley Vohr) https://github.com/nodejs/node/pull/46368
* stream:
  * (SEMVER-MINOR) add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46273
* tls:
  * (SEMVER-MINOR) support automatic DHE (Tobias Nießen) https://github.com/nodejs/node/pull/46978
* url:
  * (SEMVER-MINOR) implement URLSearchParams size getter (James M Snell) https://github.com/nodejs/node/pull/46308
* worker:
  * (SEMVER-MINOR) add support for worker name in inspector and trace_events (Debadree Chatterjee) https://github.com/nodejs/node/pull/46832

PR-URL: https://github.com/nodejs/node/pull/47502
2023-04-12 20:34:40 -04:00
RafaelGSS
c8f6f851f9 2023-04-10, Version 19.9.0 (Current)
Notable changes:

events:
  * (SEMVER-MINOR) add getMaxListeners method (Khafra) https://github.com/nodejs/node/pull/47039
lib:
  * (SEMVER-MINOR) add tracing channel to diagnostics\_channel (Stephen Belanger)
msi:
  * (SEMVER-MINOR) migrate to WiX4 (Stefan Stojanovic) https://github.com/nodejs/node/pull/45943
node-api:
  * (SEMVER-MINOR) deprecate napi\_module\_register (Vladimir Morozov) https://github.com/nodejs/node/pull/46319
stream:
  * (SEMVER-MINOR) add setter & getter for default highWaterMark (Robert Nagy) https://github.com/nodejs/node/pull/46929
url:
  * (SEMVER-MINOR) implement URL.canParse (Khafra) https://github.com/nodejs/node/pull/47179
test_runner:
  * (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow) https://github.com/nodejs/node/pull/47238

PR-URL: https://github.com/nodejs/node/pull/47441
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-04-10 21:10:55 -03:00
Beth Griggs
143deae6d8
2023-03-29, Version 16.20.0 'Gallium' (LTS)
Notable changes:

- deps:
  - update undici to 5.20.0 (Node.js GitHub Bot)
    https://github.com/nodejs/node/pull/46711
  - update c-ares to 1.19.0 (Michaël Zasso)
    https://github.com/nodejs/node/pull/46415
  - upgrade npm to 8.19.4 (npm team)
    https://github.com/nodejs/node/pull/46677
  - update corepack to 0.17.0 (Node.js GitHub Bot)
    https://github.com/nodejs/node/pull/46842
- (SEMVER-MINOR) src: add support for externally shared js builtins
  (Michael Dawson) [https://github.com/nodejs/node/pull/44376]

PR-URL: https://github.com/nodejs/node/pull/47272
2023-03-29 19:05:29 +01:00
Michaël Zasso
fa8465794d
2023-03-15, Version 19.8.1 (Current)
Notable changes:

This release contains a single revert of a change that was introduced in v19.8.0
and introduced application crashes.

Fixes: https://github.com/nodejs/node/issues/47096
PR-URL: https://github.com/nodejs/node/pull/47104
2023-03-15 18:11:57 +01:00
Michaël Zasso
115c9ac68d
2023-03-14, Version 19.8.0 (Current)
Notable changes:

buffer:
  * (SEMVER-MINOR) add Buffer.copyBytesFrom(...) (James M Snell) https://github.com/nodejs/node/pull/46500
doc:
  * add marco-ippolito to collaborators (Marco Ippolito) https://github.com/nodejs/node/pull/46816
events:
  * (SEMVER-MINOR) add listener argument to listenerCount (Paolo Insogna) https://github.com/nodejs/node/pull/46523
lib:
  * (SEMVER-MINOR) add AsyncLocalStorage.bind() and .snapshot() (flakey5) https://github.com/nodejs/node/pull/46387
src:
  * (SEMVER-MINOR) add `fs.openAsBlob` to support File-backed Blobs (James M Snell) https://github.com/nodejs/node/pull/45258
tls:
  * (SEMVER-MINOR) support automatic DHE (Tobias Nießen) https://github.com/nodejs/node/pull/46978
url:
  * (SEMVER-MINOR) implement URLSearchParams size getter (James M Snell) https://github.com/nodejs/node/pull/46308
wasi:
  * (SEMVER-MINOR) add support for version when creating WASI (Michael Dawson) https://github.com/nodejs/node/pull/46469
worker:
  * (SEMVER-MINOR) add support for worker name in inspector and trace_events (Debadree Chatterjee) https://github.com/nodejs/node/pull/46832

PR-URL: https://github.com/nodejs/node/pull/47087
2023-03-14 19:52:10 +01:00
Juan José Arboleda
3b0c047c31 2023-03-07, Version 18.15.0 'Hydrogen' (LTS)
Notable changes:

buffer:
  * (SEMVER-MINOR) add isAscii method (Yagiz Nizipli) https://github.com/nodejs/node/pull/46046
doc,lib,src,test:
  * rename --test-coverage (Colin Ihrig) https://github.com/nodejs/node/pull/46017
fs:
  * (SEMVER-MINOR) add statfs() functions (Colin Ihrig) https://github.com/nodejs/node/pull/46358
src,lib:
  * (SEMVER-MINOR) add constrainedMemory API for process (theanarkh) https://github.com/nodejs/node/pull/46218
test_runner:
  * add initial code coverage support (Colin Ihrig) https://github.com/nodejs/node/pull/46017
  * (SEMVER-MINOR) add reporters (Moshe Atlow) https://github.com/nodejs/node/pull/45712
v8:
  * (SEMVER-MINOR) support gc profile (theanarkh) https://github.com/nodejs/node/pull/46255
vm:
  * (SEMVER-MINOR) expose cachedDataRejected for vm.compileFunction (Anna Henningsen) https://github.com/nodejs/node/pull/46320

PR-URL: https://github.com/nodejs/node/pull/46920
2023-03-07 14:52:01 -05:00
Myles Borins
6a80a2b8cb
2023-02-21, Version 18.14.2 'Hydrogen' (LTS)
Notable changes:

deps:
  * upgrade npm to 9.5.0 (npm team) https://github.com/nodejs/node/pull/46673

PR-URL: https://github.com/nodejs/node/pull/46724
2023-02-21 13:14:43 -05:00
Myles Borins
89322aed7e
2023-02-21, Version 19.7.0 (Current)
Notable changes:

deps:
  * upgrade npm to 9.5.0 (npm team) https://github.com/nodejs/node/pull/46673
  * add ada as a dependency (Yagiz Nizipli) https://github.com/nodejs/node/pull/46410
doc:
  * add debadree25 to collaborators (Debadree Chatterjee) https://github.com/nodejs/node/pull/46716
  * add deokjinkim to collaborators (Deokjin Kim) https://github.com/nodejs/node/pull/46444
doc,lib,src,test:
  * rename --test-coverage (Colin Ihrig) https://github.com/nodejs/node/pull/46017
lib:
  * (SEMVER-MINOR) add aborted() utility function (Debadree Chatterjee) https://github.com/nodejs/node/pull/46494
src:
  * (SEMVER-MINOR) add initial support for single executable applications (Darshan Sen) https://github.com/nodejs/node/pull/45038
  * (SEMVER-MINOR) allow optional Isolate termination in node::Stop() (Shelley Vohr) https://github.com/nodejs/node/pull/46583
  * (SEMVER-MINOR) allow blobs in addition to `FILE*`s in embedder snapshot API (Anna Henningsen) https://github.com/nodejs/node/pull/46491
  * (SEMVER-MINOR) allow snapshotting from the embedder API (Anna Henningsen) https://github.com/nodejs/node/pull/45888
  * (SEMVER-MINOR) make build_snapshot a per-Isolate option, rather than a global one (Anna Henningsen) https://github.com/nodejs/node/pull/45888
  * (SEMVER-MINOR) add snapshot support for embedder API (Anna Henningsen) https://github.com/nodejs/node/pull/45888
  * (SEMVER-MINOR) allow embedder control of code generation policy (Shelley Vohr) https://github.com/nodejs/node/pull/46368
stream:
  * (SEMVER-MINOR) add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46273
test_runner:
  * add initial code coverage support (Colin Ihrig) https://github.com/nodejs/node/pull/46017
url:
  * replace url-parser with ada (Yagiz Nizipli) https://github.com/nodejs/node/pull/46410

PR-URL: https://github.com/nodejs/node/pull/46725
2023-02-21 13:12:58 -05:00
RafaelGSS
dd1977f3dd 2023-02-16, Version 19.6.1 (Current)
This is a security release.

The following CVEs are fixed in this release:

- CVE-2023-23919: OpenSSL errors not cleared in error stack (Medium)
- CVE-2023-23918: Experimental Policies bypass via `process.mainModule.require`(High)
- CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable (Low)
- OpenSSL 3.0.8
- undici 5.19.1

PR-URL: #385
2023-02-16 18:39:22 -03:00
Juan José Arboleda
667dd34d79 2023-02-16, Version 18.14.1 'Hydrogen' (LTS)
This is a security release.

Notable changes:

The following CVEs are fixed in this release:

- CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
- OpenSSL 3.0.8
- undici 5.19.1

PR-URL: https://github.com/nodejs-private/node-private/pull/386
2023-02-16 18:29:17 -03:00
Richard Lau
5c4a287c3e
2023-02-16, Version 16.19.1 'Gallium' (LTS)
This is a security release.

Notable changes:

The following CVEs are fixed in this release:

- CVE-2023-23918: Node.js Permissions policies can be bypassed via
  process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs
  crypto library (Medium)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
  injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in
  Node.js fetch API (Low)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA
  environment variable (Low)

Fixed by an update to undici:

- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
  injection in host headers (Medium)
  See https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
  for more information.
- CVE-2023-24807: Regular Expression Denial of Service in Headers in
  Node.js fetch API (Low)
  See https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
  for more information.

- OpenSSL 1.1.1t

PR-URL: https://github.com/nodejs-private/node-private/pull/390
2023-02-16 16:12:30 -05:00
Richard Lau
6aca711858
2023-02-16, Version 14.21.3 'Fermium' (LTS)
This is a security release.

Notable changes:

The following CVEs are fixed in this release:

* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

* OpenSSL 1.1.1t
* npm 6.14.18

PR-URL: https://github.com/nodejs-private/node-private/pull/389
Refs: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases
2023-02-16 16:11:10 -05:00
Juan José Arboleda
66ab03d032 2023-02-02, Version 18.14.0 'Hydrogen' (LTS)
Notable changes:

* deps:
  * upgrade npm to 9.3.1 (npm team) https://github.com/nodejs/node/pull/46242
* doc:
  * add parallelism note to os.cpus() (Colin Ihrig) https://github.com/nodejs/node/pull/45895
* http:
  * join authorization headers (Marco Ippolito) https://github.com/nodejs/node/pull/45982
  * improved timeout defaults handling (Paolo Insogna) https://github.com/nodejs/node/pull/45778
* stream:
  * implement finished() for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46205

PR-URL: https://github.com/nodejs/node/pull/46396
2023-02-02 14:08:50 -05:00
ruyadorno@google.com
1579ff4f95
2023-02-02, Version 19.6.0 (Current)
Notable changes:

buffer:
  * (SEMVER-MINOR) add isAscii method (Yagiz Nizipli) https://github.com/nodejs/node/pull/46046
deps:
  * upgrade npm to 9.4.0 (npm team) https://github.com/nodejs/node/pull/46353
esm:
  * leverage loaders when resolving subsequent loaders (Maël Nison) https://github.com/nodejs/node/pull/43772
fs:
  * (SEMVER-MINOR) add statfs() functions (Colin Ihrig) https://github.com/nodejs/node/pull/46358
src,lib:
  * (SEMVER-MINOR) add constrainedMemory API for process (theanarkh) https://github.com/nodejs/node/pull/46218
test_runner:
  * (SEMVER-MINOR) add reporters (Moshe Atlow) https://github.com/nodejs/node/pull/45712
v8:
  * (SEMVER-MINOR) support gc profile (theanarkh) https://github.com/nodejs/node/pull/46255
vm:
  * (SEMVER-MINOR) expose cachedDataRejected for vm.compileFunction (Anna Henningsen) https://github.com/nodejs/node/pull/46320

PR-URL: https://github.com/nodejs/node/pull/46455
2023-02-02 11:04:44 -05:00
RafaelGSS
40a206cfff 2023-01-24, Version 19.5.0 (Current)
Notable changes:

* http:
  * (SEMVER-MINOR) join authorization headers (Marco Ippolito) [#45982](https://github.com/nodejs/node/pull/45982)
* lib:
  * add webstreams to Duplex.from() (Debadree Chatterjee) [#46190](https://github.com/nodejs/node/pull/46190)
* stream:
  * implement finished() for ReadableStream and WritableStream (Debadree Chatterjee) [#46205](https://github.com/nodejs/node/pull/46205)

PR-URL: https://github.com/nodejs/node/pull/46286
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-01-24 18:16:02 -03:00
RafaelGSS
22a2ec64c4 2023-01-06, Version 19.4.0 (Current)
Notable changes:

buffer:
  * (SEMVER-MINOR) add buffer.isUtf8 for utf8 validation (Yagiz Nizipli) https://github.com/nodejs/node/pull/45947
http:
  * (SEMVER-MINOR) improved timeout defaults handling (Paolo Insogna) https://github.com/nodejs/node/pull/45778
net
  * add autoSelectFamily global getter and setter (Paolo Insogna) https://github.com/nodejs/node/pull/45777
os:
  * (SEMVER-MINOR) add availableParallelism() (Colin Ihrig) https://github.com/nodejs/node/pull/45895
util:
  * add fast path for text-decoder fatal flag (Yagiz Nizipli) https://github.com/nodejs/node/pull/45803

PR-URL: https://github.com/nodejs/node/pull/46061
2023-01-06 09:57:24 -03:00
Danielle Adams
0593b699b8
2023-01-05, Version 18.13.0 'Hydrogen' (LTS)
Notable changes:

Add support for externally shared js builtins:

By default Node.js is built so that all dependencies are bundled into the
Node.js binary itself. Some Node.js distributions prefer to manage dependencies
externally. There are existing build options that allow dependencies with
native code to be externalized. This commit adds additional options so that
dependencies with JavaScript code (including WASM) can also be externalized.
This addition does not affect binaries shipped by the Node.js project but
will allow other distributions to externalize additional dependencies when
needed.

Contributed by Michael Dawson in https://github.com/nodejs/node/pull/44376

Introduce `File`:

The File class is part of the [FileAPI](https://w3c.github.io/FileAPI/).
It can be used anywhere a Blob can, for example in `URL.createObjectURL`
and `FormData`. It contains two properties that Blobs do not have: `lastModified`,
the last time the file was modified in ms, and `name`, the name of the file.

Contributed by Khafra in https://github.com/nodejs/node/pull/45139

Support function mocking on Node.js test runner:

The `node:test` module supports mocking during testing via a top-level `mock`
object.

```js
test('spies on an object method', (t) => {
  const number = {
    value: 5,
    add(a) {
      return this.value + a;
    },
  };
  t.mock.method(number, 'add');

  assert.strictEqual(number.add(3), 8);
  assert.strictEqual(number.add.mock.calls.length, 1);
});
```

Contributed by Colin Ihrig in https://github.com/nodejs/node/pull/45326

Other notable changes:

build:
  * disable v8 snapshot compression by default (Joyee Cheung) https://github.com/nodejs/node/pull/45716
crypto:
  * update root certificates (Luigi Pinca) https://github.com/nodejs/node/pull/45490
deps:
  * update ICU to 72.1 (Michaël Zasso) https://github.com/nodejs/node/pull/45068
doc:
  * add doc-only deprecation for headers/trailers setters (Rich Trott) https://github.com/nodejs/node/pull/45697
  * add Rafael to the tsc (Michael Dawson) https://github.com/nodejs/node/pull/45691
  * deprecate use of invalid ports in `url.parse` (Antoine du Hamel) https://github.com/nodejs/node/pull/45576
  * add lukekarrys to collaborators (Luke Karrys) https://github.com/nodejs/node/pull/45180
  * add anonrig to collaborators (Yagiz Nizipli) https://github.com/nodejs/node/pull/45002
  * deprecate url.parse() (Rich Trott) https://github.com/nodejs/node/pull/44919
lib:
  * drop fetch experimental warning (Matteo Collina) https://github.com/nodejs/node/pull/45287
net:
  * (SEMVER-MINOR) add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) https://github.com/nodejs/node/pull/44731
* src:
  * (SEMVER-MINOR) add uvwasi version (Jithil P Ponnan) https://github.com/nodejs/node/pull/45639
  * (SEMVER-MINOR) add initial shadow realm support (Chengzhong Wu) https://github.com/nodejs/node/pull/42869
test_runner:
  * (SEMVER-MINOR) add t.after() hook (Colin Ihrig) https://github.com/nodejs/node/pull/45792
  * (SEMVER-MINOR) don't use a symbol for runHook() (Colin Ihrig) https://github.com/nodejs/node/pull/45792
tls:
  * (SEMVER-MINOR) add "ca" property to certificate object (Ben Noordhuis) https://github.com/nodejs/node/pull/44935
  * remove trustcor root ca certificates (Ben Noordhuis) https://github.com/nodejs/node/pull/45776
tools:
  * update certdata.txt (Luigi Pinca) https://github.com/nodejs/node/pull/45490
util:
  * add fast path for utf8 encoding (Yagiz Nizipli) https://github.com/nodejs/node/pull/45412
  * improve textdecoder decode performance (Yagiz Nizipli) https://github.com/nodejs/node/pull/45294
  * (SEMVER-MINOR) add MIME utilities (#21128) (Bradley Farias) https://github.com/nodejs/node/pull/21128

PR-URL: https://github.com/nodejs/node/pull/46025
2023-01-05 19:57:23 -05:00
Michaël Zasso
b4f8186657
2022-12-14, Version 19.3.0 (Current)
Notable changes:

build:
  * disable v8 snapshot compression by default (Joyee Cheung) https://github.com/nodejs/node/pull/45716
deps:
  * upgrade npm to 9.2.0 (npm team) https://github.com/nodejs/node/pull/45780
doc:
  * add doc-only deprecation for headers/trailers setters (Rich Trott) https://github.com/nodejs/node/pull/45697
  * add Rafael Gonzaga to the TSC (Michael Dawson) https://github.com/nodejs/node/pull/45691
net:
  * (SEMVER-MINOR) add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) https://github.com/nodejs/node/pull/44731
src:
  * (SEMVER-MINOR) add uvwasi version (Jithil P Ponnan) https://github.com/nodejs/node/pull/45639
test_runner:
  * (SEMVER-MINOR) add t.after() hook (Colin Ihrig) https://github.com/nodejs/node/pull/45792
  * (SEMVER-MINOR) don't use a symbol for runHook() (Colin Ihrig) https://github.com/nodejs/node/pull/45792
tls:
  * remove trustcor root ca certificates (Ben Noordhuis) https://github.com/nodejs/node/pull/45776

PR-URL: https://github.com/nodejs/node/pull/45831
2022-12-14 13:52:52 +00:00
Richard Lau
a14244ce26
2022-12-13, Version 16.19.0 'Gallium' (LTS)
Notable changes:

- OpenSSL 1.1.1s
- Root certificates updated to NSS 3.85
- Time zone update to 2022f
- add dgram send queue info
- upgrade npm to 8.19.3
- add `--watch`
- add default value option to parsearg

PR-URL: https://github.com/nodejs/node/pull/45791
2022-12-13 08:01:09 -05:00
Richard Lau
c7946b1744
2022-12-13, Version 14.21.2 'Fermium' (LTS)
Notable changes:

OpenSSL 1.1.1s
Root certificates updated to NSS 3.85
Time zone update to 2022f

PR-URL: https://github.com/nodejs/node/pull/45775
2022-12-13 07:44:16 -05:00
Ruy Adorno
1bbd14eac2
2022-11-29, Version 19.2.0 (Current)
Notable changes:

buffer:
  * (SEMVER-MINOR) introduce File (Khafra) https://github.com/nodejs/node/pull/45139
deps:
  * update timezone to 2022f (Node.js GitHub Bot) https://github.com/nodejs/node/pull/45289
  * update V8 to 10.8.168.20 (Michaël Zasso) https://github.com/nodejs/node/pull/45230
doc:
  * deprecate use of invalid ports in `url.parse` (Antoine du Hamel) https://github.com/nodejs/node/pull/45576
util:
  * add fast path for utf8 encoding (Yagiz Nizipli) https://github.com/nodejs/node/pull/45412

PR-URL: https://github.com/nodejs/node/pull/45615
2022-11-29 14:10:05 -05:00
Rafael Gonzaga
0a592e48a0
doc: include v19.1.0 in CHANGELOG.md
It was missed in the last release.

Refs: 3770d3a450
PR-URL: https://github.com/nodejs/node/pull/45462
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Ruy Adorno <ruyadorno@google.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Harshitha K P <harshitha014@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
2022-11-15 10:50:42 +00:00
Juan José Arboleda
58e8a8c58e 2022-11-04, Version 18.12.1 'Hydrogen' (LTS)
This is a security release.

Notable changes:

The following CVEs are fixed in this release:

- CVE-2022-3602: A buffer overrun can be triggered in X.509
                 certificate verification (High)
- CVE-2022-3786: A buffer overrun can be triggered in X.509
                 certificate verification (High)
- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP
                  address (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/365
2022-11-04 14:26:35 -05:00
RafaelGSS
e4135a1de1 2022-11-04, Version 19.0.1 (Current)
This is a security release.

Notable changes:

The following CVEs are fixed in this release:

- CVE-2022-3786: A buffer overrun can be triggered in X.509
                 certificate verification (High)
- CVE-2022-3602: A buffer overrun can be triggered in X.509
                 certificate verification (High)
- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP
                  address (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/366
2022-11-04 14:55:40 -03:00
Beth Griggs
81123b6658
2022-11-04, Version 16.18.1 'Gallium' (LTS)
This is a security release.

Notable changes:

The following CVEs are fixed in this release:

- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP
                  address (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/363
2022-11-04 16:28:31 +00:00
Beth Griggs
7a14550e7c
2022-11-04, Version 14.21.1 'Fermium' (LTS)
This is a security release.

Notable changes:

The following CVEs are fixed in this release:

- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP
                  address (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/362
2022-11-04 16:12:57 +00:00
Danielle Adams
f1e93820a7
2022-11-01, Version 14.21.0 'Fermium' (LTS)
Notable changes:

* deps:
  * update corepack to 0.14.2 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/44775
* src:
  * add --openssl-shared-config option (Daniel Bevenius) https://github.com/nodejs/node/pull/43124

PR-URL: https://github.com/nodejs/node/pull/44889
2022-11-01 17:19:41 -04:00
Rafael Gonzaga
26126469c1
doc: mark Node.js 12 as End-of-Life
PR-URL: https://github.com/nodejs/node/pull/45186
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2022-10-26 11:04:50 +00:00
Ruy Adorno
efd3c9cd31
2022-10-25, Version 18.12.0 'Hydrogen' (LTS)
Notable changes:

This release marks the transition of Node.js 18.x into Long Term Support (LTS)
with the codename 'Hydrogen'. The 18.x release line now moves into "Active LTS"
and will remain so until October 2023. After that time, it will move into
"Maintenance" until end of life in April 2025.

PR-URL: https://github.com/nodejs/node/pull/45100
2022-10-25 17:27:18 -04:00
KaKa
ee07e6632c
doc: mark Node.js v17.x as EOL
v17.x is EOL on 2022-06-01

Refs: https://github.com/nodejs/Release/blob/main/schedule.json
PR-URL: https://github.com/nodejs/node/pull/45110
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
2022-10-21 14:28:14 +00:00
Richard Lau
3db0c85878
doc: update Node.js 16 End-of-Life date
Node.js 16's End-of-Life date was brought forward to coincide with
the end of support for upstream OpenSSL 1.1.1.

PR-URL: https://github.com/nodejs/node/pull/45103
Refs: https://nodejs.org/en/blog/announcements/nodejs16-eol/
Refs: https://github.com/nodejs/Release/pull/752
Refs: https://github.com/nodejs/TSC/issues/1222
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2022-10-21 02:23:53 +00:00
RafaelGSS
9878c26561 2022-10-18, Version 19.0.0 (Current)
Notable Changes:

doc:
  * graduate webcrypto to stable (Filip Skokan) https://github.com/nodejs/node/pull/44897
esm:
  * remove specifier resolution flag (Geoffrey Booth) https://github.com/nodejs/node/pull/44859
http:
  * (SEMVER-MAJOR) use Keep-Alive by default in global agents (Paolo Insogna) https://github.com/nodejs/node/pull/43522
build:
  * (SEMVER-MAJOR) remove dtrace & etw support (Ben Noordhuis) https://github.com/nodejs/node/pull/43652
  * (SEMVER-MAJOR) remove systemtap support (Ben Noordhuis) https://github.com/nodejs/node/pull/43651
deps:
  * (SEMVER-MAJOR) deps: update V8 to 10.7.193.13 (Michaël Zasso) https://github.com/nodejs/node/pull/44741

Deprecation and Removals:

* deprecate url.parse() (Rich Trott) https://github.com/nodejs/node/pull/44919
* (SEMVER-MAJOR) runtime deprecate exports double slash maps (Guy Bedford) https://github.com/nodejs/node/pull/44495
* (SEMVER-MAJOR) runtime deprecate coercion to integer in `process.exit()` (Daeyeon Jeong) https://github.com/nodejs/node/pull/44711

Semver-Major Commits:

* [53f73d1cfe] - (SEMVER-MAJOR) build: enable V8's trap handler on Windows (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [06aaf8a1c4] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [aa3a572e6b] - (SEMVER-MAJOR) build: remove dtrace & etw support (Ben Noordhuis) https://github.com/nodejs/node/pull/43652
* [38f1e2793c] - (SEMVER-MAJOR) build: remove systemtap support (Ben Noordhuis) https://github.com/nodejs/node/pull/43651
* [2849283c4c] - (SEMVER-MAJOR) crypto: remove non-standard `webcrypto.Crypto.prototype.CryptoKey` (Antoine du Hamel) https://github.com/nodejs/node/pull/42083
* [a1653ac715] - (SEMVER-MAJOR) crypto: do not allow to call setFips from the worker thread (Sergey Petushkov) https://github.com/nodejs/node/pull/43624
* [fd36a8dadb] - (SEMVER-MAJOR) deps: update llhttp to 8.1.0 (Paolo Insogna) https://github.com/nodejs/node/pull/44967
* [89ecdddaab] - (SEMVER-MAJOR) deps: bump minimum ICU version to 71 (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [66fe446efd] - (SEMVER-MAJOR) deps: V8: cherry-pick 0cccb6f27d78 (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [88ed027d57] - (SEMVER-MAJOR) deps: V8: cherry-pick 7ddb8399f9f1 (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [26c651c34e] - (SEMVER-MAJOR) deps: V8: cherry-pick 1b3a4f0c34a1 (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [c8ff2dfd11] - (SEMVER-MAJOR) deps: V8: cherry-pick b161a0823165 (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [7a8fa2d517] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [83b0aaa800] - (SEMVER-MAJOR) deps: fix V8 build on SmartOS (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [7a952e8ea5] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [6bd756d7c6] - (SEMVER-MAJOR) deps: update V8 to 10.7.193.13 (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [03fb789fb9] - (SEMVER-MAJOR) events: add null check for the signal of EventTarget (Masashi Hirano) https://github.com/nodejs/node/pull/43153
* [a4fa526ddc] - (SEMVER-MAJOR) fs: add directory autodetection to fsPromises.symlink() (Livia Medeiros) https://github.com/nodejs/node/pull/42894
* [bb4891d8d4] - (SEMVER-MAJOR) fs: add validateBuffer to improve error (Hirotaka Tagawa / wafuwafu13) https://github.com/nodejs/node/pull/44769
* [950a4411fa] - (SEMVER-MAJOR) fs: remove coercion to string in writing methods (Livia Medeiros) https://github.com/nodejs/node/pull/42796
* [41a6d82968] - (SEMVER-MAJOR) fs: harden fs.readSync(buffer, options) typecheck (LiviaMedeiros) https://github.com/nodejs/node/pull/42772
* [2275faac2b] - (SEMVER-MAJOR) fs: harden fs.read(params, callback) typecheck (LiviaMedeiros) https://github.com/nodejs/node/pull/42772
* [29953a0b88] - (SEMVER-MAJOR) fs: harden filehandle.read(params) typecheck (LiviaMedeiros) https://github.com/nodejs/node/pull/42772
* [4267b92604] - (SEMVER-MAJOR) http: use Keep-Alive by default in global agents (Paolo Insogna) https://github.com/nodejs/node/pull/43522
* [0324529e0f] - (SEMVER-MAJOR) inspector: introduce inspector/promises API (Erick Wendel) https://github.com/nodejs/node/pull/44250
* [80270994d6] - (SEMVER-MAJOR) lib: enable global CustomEvent by default (Daeyeon Jeong) https://github.com/nodejs/node/pull/44860
* [f529f73bd7] - (SEMVER-MAJOR) lib: brand check event handler property receivers (Chengzhong Wu) https://github.com/nodejs/node/pull/44483
* [6de2673a9f] - (SEMVER-MAJOR) lib: enable global WebCrypto by default (Antoine du Hamel) https://github.com/nodejs/node/pull/42083
* [73ba8830d5] - (SEMVER-MAJOR) lib: use private field in AbortController (Joyee Cheung) https://github.com/nodejs/node/pull/43820
* [7dd2f41c73] - (SEMVER-MAJOR) module: runtime deprecate exports double slash maps (Guy Bedford) https://github.com/nodejs/node/pull/44495
* [22c39b1ddd] - (SEMVER-MAJOR) path: the dot will be added(path.format) if it is not specified in `ext` (theanarkh) https://github.com/nodejs/node/pull/44349
* [587367d107] - (SEMVER-MAJOR) perf_hooks: expose webperf global scope interfaces (Chengzhong Wu) https://github.com/nodejs/node/pull/44483
* [364c0e196c] - (SEMVER-MAJOR) perf_hooks: fix webperf idlharness (Chengzhong Wu) https://github.com/nodejs/node/pull/44483
* [ada2d053ae] - (SEMVER-MAJOR) process: runtime deprecate coercion to integer in `process.exit()` (Daeyeon Jeong) https://github.com/nodejs/node/pull/44711
* [e0ab8dd637] - (SEMVER-MAJOR) process: make process.config read only (Sergey Petushkov) https://github.com/nodejs/node/pull/43627
* [481a959adb] - (SEMVER-MAJOR) readline: remove `question` method from `InterfaceConstructor` (Antoine du Hamel) https://github.com/nodejs/node/pull/44606
* [c9602ce212] - (SEMVER-MAJOR) src: use new v8::OOMErrorCallback API (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [19a70c11e4] - (SEMVER-MAJOR) src: override CreateJob instead of PostJob (Clemens Backes) https://github.com/nodejs/node/pull/44741
* [fd52c62bee] - (SEMVER-MAJOR) src: use V8_ENABLE_SANDBOX macro (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [c10988db44] - (SEMVER-MAJOR) src: use non-deprecated V8 inspector API (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [3efe901dd6] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 111 (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [77e585657f] - (SEMVER-MAJOR) src: turn embedder api overload into default argument (Alena Khineika) https://github.com/nodejs/node/pull/43629
* [dabda03ea9] - (SEMVER-MAJOR) src: per-environment time origin value (Chengzhong Wu) https://github.com/nodejs/node/pull/43781
* [2e49b99cc2] - (SEMVER-MAJOR) src,test: disable freezing V8 flags on initialization (Clemens Backes) https://github.com/nodejs/node/pull/44741
* [2b32985c62] - (SEMVER-MAJOR) stream: use null for the error argument (Luigi Pinca) https://github.com/nodejs/node/pull/44312
* [36805e8524] - (SEMVER-MAJOR) test: adapt test-repl for V8 update (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [96ef25793d] - (SEMVER-MAJOR) test: adapt test-repl-pretty-*stack to V8 changes (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [71c193e581] - (SEMVER-MAJOR) test: adapt to new JSON SyntaxError messages (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [b5f1564880] - (SEMVER-MAJOR) test: rename always-opt flag to always-turbofan (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [1acf0339dd] - (SEMVER-MAJOR) test: fix test-hash-seed for new V8 versions (Michaël Zasso) https://github.com/nodejs/node/pull/44741
* [57ff476c33] - (SEMVER-MAJOR) test: remove duplicate test (Luigi Pinca) https://github.com/nodejs/node/pull/44051
* [77def91bf9] - (SEMVER-MAJOR) tls,http2: send fatal alert on ALPN mismatch (Tobias Nießen) https://github.com/nodejs/node/pull/44031
* [4860ad99b9] - (SEMVER-MAJOR) tools: update V8 gypfiles for 10.7 (Michaël Zasso) https://github.com/nodejs/node/pull/44741

PR-URL: https://github.com/nodejs/node/pull/44626
Co-authored-by: Ruy Adorno <ruyadorno@google.com>
2022-10-18 11:17:48 -03:00