Commit Graph

646 Commits

Author SHA1 Message Date
Ruy Adorno
cef00ad414
2021-01-26, Version 15.7.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/37020

Notable changes:

* buffer:
  * introduce Blob (James M Snell) [#36811](https://github.com/nodejs/node/pull/36811)
  * add base64url encoding option (Filip Skokan) [#36952](https://github.com/nodejs/node/pull/36952)
* doc:
  * add @iansu to collaborators (Ian Sutherland) [#36951](https://github.com/nodejs/node/pull/36951)
  * add @RaisinTen to collaborators (Darshan Sen) [#36998](https://github.com/nodejs/node/pull/36998)
  * add @miladfarca to collaborators (Milad Fa) [#36934](https://github.com/nodejs/node/pull/36934)
* fs:
  * allow position parameter to be a BigInt in read and readSync (raisinten) [#36190](https://github.com/nodejs/node/pull/36190)
* http:
  * attach request as res.req (Ian Storm Taylor) [#36505](https://github.com/nodejs/node/pull/36505)
  * expose urlToHttpOptions utility (Yongsheng Zhang) [#35960](https://github.com/nodejs/node/pull/35960)
2021-01-26 11:06:59 -05:00
Danielle Adams
0f789488d4
2021-01-14, Version 15.6.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/36889

Notable changes:

* child_process:
  * add 'overlapped' stdio flag (Thiago Padilha) (https://github.com/nodejs/node/pull/29412)
  * support AbortSignal in fork (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/36603)
* crypto:
  * implement basic secure heap support (James M Snell) (https://github.com/nodejs/node/pull/36779)
  * fixup bug in keygen error handling (James M Snell) (https://github.com/nodejs/node/pull/36779)
  * introduce X509Certificate API (James M Snell) (https://github.com/nodejs/node/pull/36804)
  * implement randomuuid (James M Snell) (https://github.com/nodejs/node/pull/36729)
* doc:
  * update release key for Danielle Adams (Danielle Adams) (https://github.com/nodejs/node/pull/36793)
  * add dnlup to collaborators (Daniele Belardi) (https://github.com/nodejs/node/pull/36849)
  * add panva to collaborators (Filip Skokan) (https://github.com/nodejs/node/pull/36802)
  * add yashLadha to collaborator (Yash Ladha) (https://github.com/nodejs/node/pull/36666)
* http:
  * set lifo as the default scheduling strategy in Agent (Matteo Collina) (https://github.com/nodejs/node/pull/36685)
* net:
  * support abortSignal in server.listen (Nitzan Uziely) (https://github.com/nodejs/node/pull/36623)
* process:
  * add direct access to rss without iterating pages (Adrien Maret) (https://github.com/nodejs/node/pull/34291)
* v8:
  * fix native  constructors (ExE Boss) (https://github.com/nodejs/node/pull/36549)
2021-01-14 19:58:43 -05:00
Richard Lau
ceb0dc907a
2021-01-04, Version 12.20.1 'Erbium' (LTS)
Notable changes:

This is a security release.

Vulnerabilities fixed:

- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt

PR-URL: https://github.com/nodejs-private/node-private/pull/240
2021-01-04 18:02:20 +00:00
Richard Lau
6c80df02d1
2021-01-04, Version 10.23.1 'Dubnium' (LTS)
Notable changes:

This is a security release.

Vulnerabilities fixed:

- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt

PR-URL: https://github.com/nodejs-private/node-private/pull/239
2021-01-04 17:59:36 +00:00
Beth Griggs
a384a0c4c6
2021-01-04, Version 14.15.4 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2020-1971**: OpenSSL - EDIPARTYNAME NULL pointer de-reference
  (High)
  - This is a vulnerability in OpenSSL which may be exploited through
  Node.js. You can read more about it in
  https://www.openssl.org/news/secadv/20201208.txt

- **CVE-2020-8265**: use-after-free in TLSWrap (High)
  - Affected Node.js versions are vulnerable to a use-after-free bug in
  its TLS implementation. When writing to a TLS enabled socket,
  node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
  allocated WriteWrap object as first argument. If the DoWrite method
  does not return an error, this object is passed back to the caller as
  part of a StreamWriteResult structure. This may be exploited to
  corrupt memory leading to a Denial of Service or potentially other
  exploits.

- **CVE-2020-8287**: HTTP Request Smuggling in nodejs (Low)
  - Affected versions of Node.js allow two copies of a header field in
  a http request. For example, two Transfer-Encoding header fields. In
  this case Node.js identifies the first header field and ignores the
  second. This can lead to HTTP Request Smuggling
  (https://cwe.mitre.org/data/definitions/444.html).

PR-URL: https://github.com/nodejs-private/node-private/pull/242
2021-01-04 17:53:38 +00:00
Beth Griggs
433ed98b40
2021-01-04, Version 15.5.1 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2020-8265**: use-after-free in TLSWrap (High)
  * Affected Node.js versions are vulnerable to a use-after-free bug in
  its TLS implementation. When writing to a TLS enabled socket,
  node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
  allocated WriteWrap object as first argument. If the DoWrite method
  does not return an error, this object is passed back to the caller as
  part of a StreamWriteResult structure. This may be exploited to
  corrupt memory leading to a Denial of Service or potentially other
  exploits.

- **CVE-2020-8287**: HTTP Request Smuggling in nodejs (Low)
  * Affected versions of Node.js allow two copies of a header field in
  a http request. For example, two Transfer-Encoding header fields. In
  this case Node.js identifies the first header field and ignores the
  second. This can lead to HTTP Request Smuggling
  (https://cwe.mitre.org/data/definitions/444.html).

PR-URL: https://github.com/nodejs-private/node-private/pull/241
2021-01-04 17:46:51 +00:00
Michaël Zasso
80d2fbeb0c
2020-12-22, Version 15.5.0 (Current)
Notable changes:

    child_process:
      * (SEMVER-MINOR) add signal support to spawn (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/36432
    doc:
      * add PoojaDurgad to collaborators (Pooja D P) https://github.com/nodejs/node/pull/36511
    lib:
      * (SEMVER-MINOR) support BigInt in querystring.stringify (raisinten) https://github.com/nodejs/node/pull/36499
    src:
      * (SEMVER-MINOR) add way to get IsolateData and allocator from Environment (Anna Henningsen) https://github.com/nodejs/node/pull/36441
      * (SEMVER-MINOR) allow preventing SetPrepareStackTraceCallback (Shelley Vohr) https://github.com/nodejs/node/pull/36447
    stream:
      * (SEMVER-MINOR) support abortsignal in constructor (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/36431

PR-URL: https://github.com/nodejs/node/pull/36597
2020-12-22 19:56:09 +01:00
Beth Griggs
b49145f795
2020-12-17, Version 14.15.3 'Fermium' (LTS)
Notable Changes:

Node.js v14.15.2 included a commit that has caused reported breakages
when cloning request objects. This release reverts the commit that
introduced the behaviour change.

See https://github.com/nodejs/node/issues/36550 for more details.

PR-URL: https://github.com/nodejs/node/pull/36555
2020-12-17 23:22:59 +00:00
Beth Griggs
a150926177
2020-12-15, Version 14.15.2 'Fermium' (LTS)
Notable Changes:

- **deps**:
  - upgrade npm to 6.14.9 (Myles Borins)
    https://github.com/nodejs/node/pull/36450
  - update acorn to v8.0.4 (Michaël Zasso)
    https://github.com/nodejs/node/pull/35791
- **doc**: add release key for Danielle Adams (Danielle Adams)
    https://github.com/nodejs/node/pull/35545
- **http2**: check write not scheduled in scope destructor (David Halls)
    https://github.com/nodejs/node/pull/36241
- **stream**: fix regression on duplex end (Momtchil Momtchev)
    https://github.com/nodejs/node/pull/35941

PR-URL: https://github.com/nodejs/node/pull/36476
2020-12-15 23:48:00 +00:00
Danielle Adams
04e5418934
doc: add v15.4.0 link to CHANGELOG.md
PR-URL: https://github.com/nodejs/node/pull/36456
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
2020-12-14 15:02:05 -05:00
Myles Borins
219332e66c
2020-11-24, Version 12.20.0 'Erbium' (LTS)
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) https://github.com/nodejs/node/pull/33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) https://github.com/nodejs/node/pull/35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) https://github.com/nodejs/node/pull/35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) https://github.com/nodejs/node/pull/35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) https://github.com/nodejs/node/pull/35512

PR-URL: https://github.com/nodejs/node/pull/35950
2020-11-24 11:40:37 -05:00
Shelley Vohr
7b5b8ef424
2020-11-24, Version 15.3.0 (Current)
Notable changes:

dns:
  * (SEMVER-MINOR) add a cancel() method to the promise Resolver (Szymon Marczak) https://github.com/nodejs/node/pull/33099
events:
  * (SEMVER-MINOR) add max listener warning for EventTarget (James M Snell) https://github.com/nodejs/node/pull/36001
http:
  * (SEMVER-MINOR) add support for abortsignal to http.request (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/36048
http2:
  * (SEMVER-MINOR) allow setting the local window size of a session (Yongsheng Zhang) https://github.com/nodejs/node/pull/35978
lib:
  * (SEMVER-MINOR) add throws option to fs.f/l/statSync (Andrew Casey) https://github.com/nodejs/node/pull/33716
path:
  * (SEMVER-MINOR) add `path/posix` and `path/win32` alias modules (ExE Boss) https://github.com/nodejs/node/pull/34962
readline:
  * (SEMVER-MINOR) add getPrompt to get the current prompt (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33675
src:
  * (SEMVER-MINOR) add loop idle time in diagnostic report (Gireesh Punathil) https://github.com/nodejs/node/pull/35940
util:
  * (SEMVER-MINOR) add `util/types` alias module (ExE Boss) https://github.com/nodejs/node/pull/34055

PR-URL: https://github.com/nodejs/node/pull/36232
2020-11-24 08:26:26 -08:00
Beth Griggs
88d0b5b2fb
2020-11-16, Version 12.19.1 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
  application that allows an attacker to trigger a DNS request for a
  host of their choice could trigger a Denial of Service by getting the
  application to resolve a DNS record with a larger number of responses.

PR-URL: https://github.com/nodejs-private/node-private/pull/233
2020-11-16 17:09:16 +01:00
Beth Griggs
f67088efec
2020-11-16, Version 14.15.1 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
  application that allows an attacker to trigger a DNS request for a
  host of their choice could trigger a Denial of Service by getting the
  application to resolve a DNS record with a larger number of responses.

PR-URL: https://github.com/nodejs-private/node-private/pull/234
2020-11-16 17:09:15 +01:00
Michaël Zasso
6be214d537
2020-11-16, Version 15.2.1 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
  application that allows an attacker to trigger a DNS request for a
  host of their choice could trigger a Denial of service by getting the
  application to resolve a DNS record with a larger number of responses.

PR-URL: https://github.com/nodejs-private/node-private/pull/232
2020-11-16 17:09:15 +01:00
Danielle Adams
f5c508c805
2020-11-10, Version 15.2.0 (Current)
Notable changes:

* events:
  * getEventListeners static (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/35991)
* fs:
  * support abortsignal in writeFile (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/35993)
  * add support for AbortSignal in readFile (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/35911)
* stream:
  * fix thrown object reference (Gil Pedersen) (https://github.com/nodejs/node/pull/36065)

PR URL: https://github.com/nodejs/node/pull/36055
2020-11-10 17:51:54 -05:00
Michaël Zasso
8caa6a9d8c
2020-11-04, Version 15.1.0 (Current)
Notable changes:

child_process:
  * (SEMVER-MINOR) add ChildProcess 'spawn' event (Matthew Francis Brunetti) https://github.com/nodejs/node/pull/35369
dns:
  * (SEMVER-MINOR) add setLocalAddress to Resolver (Josh Dague) https://github.com/nodejs/node/pull/34824
http:
  * (SEMVER-MINOR) report request start and end with diagnostics_channel (Stephen Belanger) https://github.com/nodejs/node/pull/34895
http2:
  * (SEMVER-MINOR) add updateSettings to both http2 servers (Vincent Boivin) https://github.com/nodejs/node/pull/35383
lib:
  * (SEMVER-MINOR) create diagnostics_channel module (Stephen Belanger) https://github.com/nodejs/node/pull/34895
src:
  * (SEMVER-MINOR) add --heapsnapshot-near-heap-limit option (Joyee Cheung) https://github.com/nodejs/node/pull/33010
v8:
  * (SEMVER-MINOR) implement v8.stopCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
  * (SEMVER-MINOR) implement v8.takeCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
worker:
  * (SEMVER-MINOR) add eventLoopUtilization() (Trevor Norris) https://github.com/nodejs/node/pull/35664

PR-URL: https://github.com/nodejs/node/pull/35948
2020-11-04 21:43:02 +01:00
Richard Lau
0ca861745a
2020-10-27, Version 14.15.0 'Fermium' (LTS)
Notable changes:

This release marks the transition of Node.js 14.x into Long Term Support (LTS)
with the codename 'Fermium'. The 14.x release line now moves into "Active LTS"
and will remain so until October 2021. After that time, it will move into
"Maintenance" until end of life in April 2023.

PR-URL: https://github.com/nodejs/node/pull/35746
2020-10-27 11:59:05 -04:00
Richard Lau
62ead4e14f
2020-10-27, Version 10.23.0 'Dubnium' (LTS)
Notable changes:
- deps:
  - upgrade npm to 6.14.8 (Ruy Adorno)
    https://github.com/nodejs/node/pull/34834
- n-api:
  - create N-API version 7 (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/35199
  - expose napi_build_version variable (NickNaso)
    https://github.com/nodejs/node/pull/27835
- tools:
  - add debug entitlements for macOS 10.15+ (Gabriele Greco)
    https://github.com/nodejs/node/pull/34378

PR-URL: https://github.com/nodejs/node/pull/35544
2020-10-27 11:31:31 -04:00
Beth Griggs
4d16554bfa
2020-10-21, Version 15.0.1 (Current)
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (https://github.com/nodejs/node/pull/35723)
  - This fixes issue https://github.com/nodejs/node/issues/35722.
- **deps**: upgrade npm to 7.0.3 (Ruy Adorno)
  (https://github.com/nodejs/node/pull/35724)
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (https://github.com/nodejs/node/pull/35545)

PR-URL: https://github.com/nodejs/node/pull/35736
2020-10-21 21:20:48 +01:00
Beth Griggs
57613f8c56
2020-10-20, Version 15.0.0 (Current)
Notable changes:

Deprecations and Removals:

- **build**: remove --build-v8-with-gn configure option (Yang Guo)
(https://github.com/nodejs/node/pull/27576)
- **build**: drop support for VS2017 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33694)
- **doc**: move DEP0018 to End-of-Life (Rich Trott)
(https://github.com/nodejs/node/pull/35316)
- **fs**: deprecation warning on recursive rmdir (Ian Sutherland)
(https://github.com/nodejs/node/pull/35562)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **net**: remove long deprecated server.connections property (James M
Snell) (https://github.com/nodejs/node/pull/33647)
- **repl**: remove deprecated repl.memory function (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.turnOffEditorMode() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.parseREPLKeyword() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated bufferedCommand property (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated .rli (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **src**: remove deprecated node debug command (James M Snell)
(https://github.com/nodejs/node/pull/33648)
- **timers**: introduce timers/promises (James M Snell)
(https://github.com/nodejs/node/pull/33950)
- **util**: change default value of `maxStringLength` to 10000
(unknown) (https://github.com/nodejs/node/pull/32744)
- **wasi**: drop --experimental-wasm-bigint requirement (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)

npm 7 (https://github.com/nodejs/node/pull/35631):

Node.js 15 comes with a new major release of npm, npm 7. npm 7 comes
with many new features - including npm workspaces and a new
package-lock.json format. npm 7 also includes yarn.lock file support.
One of the big changes in npm 7 is that peer dependencies are now
installed by default.

Throw On Unhandled Rejections
(https://github.com/nodejs/node/pull/33021):

As of Node.js 15, the default mode for `unhandledRejection` is changed
to `throw` (from `warn`). In `throw` mode, if an `unhandledRejection`
hook is not set, the `unhandledRejection` is raised as an uncaught
exception. Users that have an `unhandledRejection` hook should see no
change in behavior, and it’s still possible to switch modes using the
`--unhandled-rejections=mode` process flag.

QUIC (https://github.com/nodejs/node/pull/32379):

Node.js 15 comes with experimental support QUIC, which can be enabled
by compiling Node.js with the `--experimental-quic` configuration flag.
The Node.js QUIC implementation is exposed by the core `net` module.

V8 8.6 (https://github.com/nodejs/node/pull/35415):

The V8 JavaScript engine has been updated to V8 8.6 (V8 8.4 is the
latest available in Node.js 14). Along with performance tweaks and
improvements the V8 update also brings the following language features:
* `Promise.any()` (from V8 8.5)
* `AggregateError` (from V8 8.5)
* `String.prototype.replaceAll()` (from V8 8.5)
* Logical assignment operators `&&=`, `||=`, and `??=` (from V8 8.5)

Other Notable Changes:

- **assert**: add `assert/strict` alias module (ExE Boss)
(https://github.com/nodejs/node/pull/34001)
- **dns**: add dns/promises alias (shisama)
(https://github.com/nodejs/node/pull/32953)
- **fs**: reimplement read and write streams using stream.construct
(Robert Nagy) (https://github.com/nodejs/node/pull/29656)
- **http2**: allow Host in HTTP/2 requests (Alba Mendez)
(https://github.com/nodejs/node/pull/34664)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **lib**: unflag AbortController (James M Snell)
(https://github.com/nodejs/node/pull/33527)
- **lib**: initial experimental AbortController implementation (James M
Snell) (https://github.com/nodejs/node/pull/33527)
- **net**: autoDestroy Socket (Robert Nagy)
(https://github.com/nodejs/node/pull/31806)
- **src**: disallow JS execution inside FreeEnvironment (Anna
Henningsen) (https://github.com/nodejs/node/pull/33874)
- **stream**: construct (Robert Nagy)
(https://github.com/nodejs/node/pull/29656)
- **worker**: make MessageEvent class more Web-compatible (Anna
Henningsen) (https://github.com/nodejs/node/pull/35496)

Semver-Major Commits:

- **assert**: add `assert/strict` alias module (ExE Boss)
(https://github.com/nodejs/node/pull/34001)
- **build**: reset embedder string to "-node.0" (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **build**: remove --build-v8-with-gn configure option (Yang Guo)
(https://github.com/nodejs/node/pull/27576)
- **build**: drop support for VS2017 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33694)
- **crypto**: refactoring internals, add WebCrypto (James M Snell)
(https://github.com/nodejs/node/pull/35093)
- **crypto**: move node\_crypto files to src/crypto (James M Snell)
(https://github.com/nodejs/node/pull/35093)
- **deps**: V8: cherry-pick d76abfed3512 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: V8: cherry-pick 717543bbf0ef (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: V8: cherry-pick 6be2f6e26e8d (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: fix V8 build issue with inline methods (Jiawen Geng)
(https://github.com/nodejs/node/pull/35415)
- **deps**: fix platform-embedded-file-writer-win for ARM64 (Michaël
Zasso) (https://github.com/nodejs/node/pull/35415)
- **deps**: update V8 postmortem metadata script (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)
- **deps**: update V8 to 8.6.395 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: upgrade npm to 7.0.0 (Myles Borins)
(https://github.com/nodejs/node/pull/35631)
- **deps**: update npm to 7.0.0-rc.3 (Myles Borins)
(https://github.com/nodejs/node/pull/35474)
- **deps**: V8: cherry-pick 0d6debcc5f08 (Gus Caplan)
(https://github.com/nodejs/node/pull/33600)
- **dns**: add dns/promises alias (shisama)
(https://github.com/nodejs/node/pull/32953)
- **doc**: move DEP0018 to End-of-Life (Rich Trott)
(https://github.com/nodejs/node/pull/35316)
- **doc**: update support macos version for 15.x (Ash Cripps)
(https://github.com/nodejs/node/pull/35022)
- **fs**: deprecation warning on recursive rmdir (Ian Sutherland)
(https://github.com/nodejs/node/pull/35562)
- **fs**: reimplement read and write streams using stream.construct
(Robert Nagy) (https://github.com/nodejs/node/pull/29656)
- **http**: fixed socket.setEncoding fatal error (iskore)
(https://github.com/nodejs/node/pull/33405)
- **http**: emit 'error' on aborted server request (Robert Nagy)
(https://github.com/nodejs/node/pull/33172)
- **http**: cleanup end argument handling (Robert Nagy)
(https://github.com/nodejs/node/pull/31818)
- **http2**: allow Host in HTTP/2 requests (Alba Mendez)
(https://github.com/nodejs/node/pull/34664)
- **http2**: add `invalidheaders` test (Pranshu Srivastava)
(https://github.com/nodejs/node/pull/33161)
- **http2**: refactor state code validation for the http2Stream class
(rickyes) (https://github.com/nodejs/node/pull/33535)
- **http2**: header field valid checks (Pranshu Srivastava)
(https://github.com/nodejs/node/pull/33193)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **lib**: remove ERR\_INVALID\_OPT\_VALUE and
ERR\_INVALID\_OPT\_VALUE\_ENCODING (Denys Otrishko)
(https://github.com/nodejs/node/pull/34682)
- **lib**: handle one of args case in ERR\_MISSING\_ARGS (Denys
Otrishko) (https://github.com/nodejs/node/pull/34022)
- **lib**: remove NodeError from the prototype of errors with code
(Michaël Zasso) (https://github.com/nodejs/node/pull/33857)
- **lib**: unflag AbortController (James M Snell)
(https://github.com/nodejs/node/pull/33527)
- **lib**: initial experimental AbortController implementation (James M
Snell) (https://github.com/nodejs/node/pull/33527)
- **net**: check args in net.connect() and socket.connect() calls
(Denys Otrishko) (https://github.com/nodejs/node/pull/34022)
- **net**: remove long deprecated server.connections property (James M
Snell) (https://github.com/nodejs/node/pull/33647)
- **net**: autoDestroy Socket (Robert Nagy)
(https://github.com/nodejs/node/pull/31806)
- **process**: update v8 fast api calls usage (Maya Lekova)
(https://github.com/nodejs/node/pull/35415)
- **process**: change default --unhandled-rejections=throw (Dan
Fabulich) (https://github.com/nodejs/node/pull/33021)
- **process**: use v8 fast api calls for hrtime (Gus Caplan)
(https://github.com/nodejs/node/pull/33600)
- **process**: delay throwing an error using `throwDeprecation` (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/32312)
- **repl**: remove deprecated repl.memory function (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.turnOffEditorMode() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.parseREPLKeyword() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated bufferedCommand property (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated .rli (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **src**: implement NodePlatform::PostJob (Clemens Backes)
(https://github.com/nodejs/node/pull/35415)
- **src**: update NODE\_MODULE\_VERSION to 88 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **src**: error reporting on CPUUsage (Yash Ladha)
(https://github.com/nodejs/node/pull/34762)
- **src**: use node:moduleName as builtin module filename (Michaël
Zasso) (https://github.com/nodejs/node/pull/35498)
- **src**: enable wasm trap handler on windows (Gus Caplan)
(https://github.com/nodejs/node/pull/35033)
- **src**: update NODE\_MODULE\_VERSION to 86 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33579)
- **src**: disallow JS execution inside FreeEnvironment (Anna
Henningsen) (https://github.com/nodejs/node/pull/33874)
- **src**: remove \_third\_party\_main support (Anna Henningsen)
(https://github.com/nodejs/node/pull/33971)
- **src**: remove deprecated node debug command (James M Snell)
(https://github.com/nodejs/node/pull/33648)
- **src**: remove unused CancelPendingDelayedTasks (Anna Henningsen)
(https://github.com/nodejs/node/pull/32859)
- **stream**: try to wait for flush to complete before 'finish' (Robert
Nagy) (https://github.com/nodejs/node/pull/34314)
- **stream**: cleanup and fix Readable.wrap (Robert Nagy)
(https://github.com/nodejs/node/pull/34204)
- **stream**: add promises version to utility functions (rickyes)
(https://github.com/nodejs/node/pull/33991)
- **stream**: fix writable.end callback behavior (Robert Nagy)
(https://github.com/nodejs/node/pull/34101)
- **stream**: construct (Robert Nagy)
(https://github.com/nodejs/node/pull/29656)
- **stream**: write should throw on unknown encoding (Robert Nagy)
(https://github.com/nodejs/node/pull/33075)
- **stream**: fix \_final and 'prefinish' timing (Robert Nagy)
(https://github.com/nodejs/node/pull/32780)
- **stream**: simplify Transform stream implementation (Robert Nagy)
(https://github.com/nodejs/node/pull/32763)
- **stream**: use callback to properly propagate error (Robert Nagy)
(https://github.com/nodejs/node/pull/29179)
- **test**: update tests after increasing typed array size to 4GB
(Kim-Anh Tran) (https://github.com/nodejs/node/pull/35415)
- **test**: fix tests for npm 7.0.0 (Myles Borins)
(https://github.com/nodejs/node/pull/35631)
- **test**: fix test suite to work with npm 7 (Myles Borins)
(https://github.com/nodejs/node/pull/35474)
- **test**: update WPT harness and tests (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **timers**: introduce timers/promises (James M Snell)
(https://github.com/nodejs/node/pull/33950)
- **tools**: disable x86 safe exception handlers in V8 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **tools**: update V8 gypfiles for 8.6 (Ujjwal Sharma)
(https://github.com/nodejs/node/pull/35415)
- **tools**: update V8 gypfiles for 8.5 (Ujjwal Sharma)
(https://github.com/nodejs/node/pull/35415)
- **url**: file URL path normalization (Daijiro Wachi)
(https://github.com/nodejs/node/pull/35477)
- **url**: verify domain is not empty after "ToASCII" (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **url**: remove U+0000 case in the fragment state (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **url**: remove gopher from special schemes (Michaël Zasso)
(https://github.com/nodejs/node/pull/33325)
- **url**: forbid lt and gt in url host code point (Yash Ladha)
(https://github.com/nodejs/node/pull/33328)
- **util**: change default value of `maxStringLength` to 10000
(unknown) (https://github.com/nodejs/node/pull/32744)
- **wasi**: drop --experimental-wasm-bigint requirement (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)
- **win, child_process**: sanitize env variables (Bartosz Sosnowski)
(https://github.com/nodejs/node/pull/35210)
- **worker**: make MessageEvent class more Web-compatible (Anna
Henningsen) (https://github.com/nodejs/node/pull/35496)
- **worker**: set trackUnmanagedFds to true by default (Anna
Henningsen) (https://github.com/nodejs/node/pull/34394)
- **worker**: rename error code to be more accurate (Anna Henningsen)
(https://github.com/nodejs/node/pull/33872)

PR-URL: https://github.com/nodejs/node/pull/35014
2020-10-20 15:42:45 +01:00
Myles Borins
59d578e1fc
2020-10-15, Version 14.14.0 (Current)
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) https://github.com/nodejs/node/pull/35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) https://github.com/nodejs/node/pull/35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) https://github.com/nodejs/node/pull/35512

PR-URL: https://github.com/nodejs/node/pull/35648
2020-10-15 19:29:09 -04:00
Danielle Adams
d0438a629a
2020-10-07, Version 14.13.1 (Current)
Notable changes:

* fs:
  * remove experimental from rmdir recursive (Benjamin Coe) [#35171](https://github.com/nodejs/node/pull/35171)

PR-URL: https://github.com/nodejs/node/pull/35525
2020-10-07 17:22:52 -04:00
Shelley Vohr
1cef9c656f
2020-10-06, Version 12.19.0 'Erbium' (LTS)
Notable changes:

assert:
  * (SEMVER-MINOR) port common.mustCall() to assert (ConorDavenport) https://github.com/nodejs/node/pull/31982
async_hooks:
  * (SEMVER-MINOR) add AsyncResource.bind utility (James M Snell) https://github.com/nodejs/node/pull/34574
buffer:
  * (SEMVER-MINOR) also alias BigUInt methods (Anna Henningsen) https://github.com/nodejs/node/pull/34960
  * (SEMVER-MINOR) alias UInt ➡️ Uint in buffer methods (Anna Henningsen) https://github.com/nodejs/node/pull/34729
build:
  * (SEMVER-MINOR) add build flag for OSS-Fuzz integration (davkor) https://github.com/nodejs/node/pull/34761
cli:
  * (SEMVER-MINOR) add alias for report-directory to make it consistent (Ash Cripps) https://github.com/nodejs/node/pull/33587
crypto:
  * (SEMVER-MINOR) allow KeyObjects in postMessage (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) add randomInt function (Oli Lalonde) https://github.com/nodejs/node/pull/34600
deps:
  * upgrade to libuv 1.39.0 (Colin Ihrig) https://github.com/nodejs/node/pull/34915
  * upgrade npm to 6.14.7 (claudiahdz) https://github.com/nodejs/node/pull/34468
  * upgrade to libuv 1.38.1 (Colin Ihrig) https://github.com/nodejs/node/pull/34187
dgram:
  * (SEMVER-MINOR) add IPv6 scope id suffix to received udp6 dgrams (Pekka Nikander) https://github.com/nodejs/node/pull/14500
  * (SEMVER-MINOR) allow typed arrays in .send() (Sarat Addepalli) https://github.com/nodejs/node/pull/22413
doc:
  * (SEMVER-MINOR) Add maxTotalSockets option to agent constructor (rickyes) https://github.com/nodejs/node/pull/33617
  * (SEMVER-MINOR) add basic embedding example documentation (Anna Henningsen) https://github.com/nodejs/node/pull/30467
  * add Ricky Zhou to collaborators (rickyes) https://github.com/nodejs/node/pull/34676
  * add release key for Ruy Adorno (Ruy Adorno) https://github.com/nodejs/node/pull/34628
  * add DerekNonGeneric to collaborators (Derek Lewis) https://github.com/nodejs/node/pull/34602
  * add AshCripps to collaborators (Ash Cripps) https://github.com/nodejs/node/pull/34494
  * add HarshithaKP to collaborators (Harshitha K P) https://github.com/nodejs/node/pull/34417
  * add rexagod to collaborators (Pranshu Srivastava) https://github.com/nodejs/node/pull/34457
  * add release key for Richard Lau (Richard Lau) https://github.com/nodejs/node/pull/34397
  * add danielleadams to collaborators (Danielle Adams) https://github.com/nodejs/node/pull/34360
  * add sxa as collaborator (Stewart X Addison) https://github.com/nodejs/node/pull/34338
  * add ruyadorno to collaborators (Ruy Adorno) https://github.com/nodejs/node/pull/34297
  * (SEMVER-MAJOR) deprecate process.umask() with no arguments (Colin Ihrig) https://github.com/nodejs/node/pull/32499
embedding:
  * (SEMVER-MINOR) make Stop() stop Workers (Anna Henningsen) https://github.com/nodejs/node/pull/32531
  * (SEMVER-MINOR) provide hook for custom process.exit() behaviour (Anna Henningsen) https://github.com/nodejs/node/pull/32531
fs:
  * (SEMVER-MINOR) implement lutimes (Maël Nison) https://github.com/nodejs/node/pull/33399
http:
  * (SEMVER-MINOR) add maxTotalSockets to agent class (rickyes) https://github.com/nodejs/node/pull/33617
  * (SEMVER-MINOR) return this from IncomingMessage#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) expose host and protocol on ClientRequest (wenningplus) https://github.com/nodejs/node/pull/33803
http2:
  * (SEMVER-MINOR) return this for Http2ServerRequest#setTimeout (Pranshu Srivastava) https://github.com/nodejs/node/pull/33994
  * (SEMVER-MINOR) do not modify explicity set date headers (Pranshu Srivastava) https://github.com/nodejs/node/pull/33160
module:
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
  * (SEMVER-MINOR) package "imports" field (Guy Bedford) https://github.com/nodejs/node/pull/34117
  * (SEMVER-MINOR) deprecate module.parent (Antoine du HAMEL) https://github.com/nodejs/node/pull/32217
n-api:
  * (SEMVER-MINOR) create N-API version 7 (Gabriel Schulhof) https://github.com/nodejs/node/pull/35199
  * (SEMVER-MINOR) support type-tagging objects (Gabriel Schulhof) https://github.com/nodejs/node/pull/28237
n-api,src:
  * (SEMVER-MINOR) provide asynchronous cleanup hooks (Anna Henningsen) https://github.com/nodejs/node/pull/34572
perf_hooks:
  * (SEMVER-MINOR) add idleTime and event loop util (Trevor Norris) https://github.com/nodejs/node/pull/34938
timers:
  * (SEMVER-MINOR) allow timers to be used as primitives (Denys Otrishko) https://github.com/nodejs/node/pull/34017
tls:
  * (SEMVER-MINOR) make 'createSecureContext' honor more options (Mateusz Krawczuk) https://github.com/nodejs/node/pull/33974
worker:
  * (SEMVER-MINOR) add public method for marking objects as untransferable (Anna Henningsen) https://github.com/nodejs/node/pull/33979
  * (SEMVER-MINOR) emit `'messagerror'` events for failed deserialization (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow passing JS wrapper objects via postMessage (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow transferring/cloning generic BaseObjects (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) https://github.com/nodejs/node/pull/34303
  * (SEMVER-MINOR) add stack size resource limit option (Anna Henningsen) https://github.com/nodejs/node/pull/33085
worker,fs:
  * (SEMVER-MINOR) make FileHandle transferable (Anna Henningsen) https://github.com/nodejs/node/pull/33772
zlib:
  * (SEMVER-MINOR) add `maxOutputLength` option (unknown) https://github.com/nodejs/node/pull/33516
  * switch to lazy init for zlib streams (Andrey Pechkurov) https://github.com/nodejs/node/pull/34048

PR-URL: https://github.com/nodejs/node/pull/35401
2020-10-06 13:34:04 -07:00
Myles Borins
cd884cc684
2020-09-29, Version 14.13.0 (Current)
Notable changes:

deps:
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333
module:
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
src:
  * (SEMVER-MINOR) allow N-API addon in `AddLinkedBinding()` (Anna Henningsen) https://github.com/nodejs/node/pull/35301

PR-URL: https://github.com/nodejs/node/pull/35419
2020-09-29 15:45:07 -04:00
Ruy Adorno
25d8456563
2020-09-22, Version 14.12.0 (Current)
Notable changes:

- deps:
  - update to uvwasi 0.0.11 (Colin Ihrig)
  [#35104](https://github.com/nodejs/node/pull/35104)
- n-api:
  - create N-API version 7 (Gabriel Schulhof)
  [#35199](https://github.com/nodejs/node/pull/35199)
  - add more property defaults (Gerhard Stoebich)
  [#35214](https://github.com/nodejs/node/pull/35214)

PR-URL: https://github.com/nodejs/node/pull/35285
2020-09-22 14:04:14 -04:00
Richard Lau
8e17383653
2020-09-15, Version 14.11.0 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due
  to unfinished HTTP/1.1 requests (Critical).
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
  (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/225
2020-09-15 16:49:55 -04:00
Michaël Zasso
9ab5c6b96c
2020-09-15, Version 12.18.4 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
- CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).

PR-URL: https://github.com/nodejs-private/node-private/pull/223
2020-09-15 21:43:35 +01:00
Beth Griggs
3bdac31c4b
2020-09-15, Version 10.22.1 'Dubnium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8252: fs.realpath.native on may cause buffer overflow
  (Medium).

PR-URL: https://github.com/nodejs-private/node-private/pull/222
2020-09-15 21:30:09 +01:00
Richard Lau
b7f3e83086
2020-09-10, Version 14.10.1 (Current)
Notable changes:

Node.js 14.10.0 included a streams regression with async generators
and a docs rendering regression that are being fixed in this release.

PR-URL: https://github.com/nodejs/node/pull/35137
2020-09-10 10:51:03 -04:00
Richard Lau
b5a47ca2d1
2020-09-08, Version 14.10.0 (Current)
Notable changes:

- buffer: also alias BigUInt methods (Anna Henningsen)
  https://github.com/nodejs/node/pull/34960
- crypto: add randomInt function (Oli Lalonde)
  https://github.com/nodejs/node/pull/34600
- perf_hooks: add idleTime and event loop util (Trevor Norris)
  https://github.com/nodejs/node/pull/34938
- stream: simpler and faster Readable async iterator (Robert Nagy)
  https://github.com/nodejs/node/pull/34035
- stream: save error in state (Robert Nagy)
  https://github.com/nodejs/node/pull/34103

PR-URL: https://github.com/nodejs/node/pull/35023

Conflicts:
	src/node_version.h
2020-09-08 11:35:08 -04:00
Danielle Adams
3089f96ed0
2020-08-27, Version 14.9.0 (Current)
Notable changes:

- build: set --v8-enable-object-print by default (Mary Marchini)
  [#34705](https://github.com/nodejs/node/pull/34705)
- deps:
  - upgrade to libuv 1.39.0 (cjihrig)
    [#34915](https://github.com/nodejs/node/pull/34915)
  - upgrade npm to 6.14.8 (Ruy Adorno)
    [#34834](https://github.com/nodejs/node/pull/34834)
  - V8: cherry-pick e06ace6b5cdb (Anna Henningsen)
    [#34673](https://github.com/nodejs/node/pull/34673)
- n-api: handle weak no-finalizer refs correctly (Gabriel Schulhof)
  [#34839](https://github.com/nodejs/node/pull/34839)
- tools: add debug entitlements for macOS 10.15+ (Gabriele Greco)
  [#34378](https://github.com/nodejs/node/pull/34378)

PR-URL: https://github.com/nodejs/node/pull/34852
2020-08-27 15:44:13 +01:00
Juan José Arboleda
79402c0eaa doc: fix CHANGELOG.md parsing issue
PR-URL: https://github.com/nodejs/node/pull/34923
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2020-08-27 07:26:25 -07:00
Shelley Vohr
6e1f6ec573
2020-08-11, Version 14.8.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) add AsyncResource.bind utility (James M Snell) https://github.com/nodejs/node/pull/34574
doc:
  * add Ricky Zhou to collaborators (rickyes) https://github.com/nodejs/node/pull/34676
  * add release key for Ruy Adorno (Ruy Adorno) https://github.com/nodejs/node/pull/34628
  * add DerekNonGeneric to collaborators (Derek Lewis) https://github.com/nodejs/node/pull/34602
module:
  * (SEMVER-MINOR) unflag Top-Level Await (Myles Borins) https://github.com/nodejs/node/pull/34558
n-api:
  * (SEMVER-MINOR) support type-tagging objects (Gabriel Schulhof) https://github.com/nodejs/node/pull/28237
n-api,src:
  * (SEMVER-MINOR) provide asynchronous cleanup hooks (Anna Henningsen) https://github.com/nodejs/node/pull/34572

PR-URL: https://github.com/nodejs/node/pull/34704
2020-08-11 09:40:48 -07:00
Ruy Adorno
168b22ba07
2020-07-29, Version 14.7.0 (Current)
Notable changes:

deps:
  * upgrade npm to 6.14.7 (claudiahdz) https://github.com/nodejs/node/pull/34468
dgram:
  * (SEMVER-MINOR) add IPv6 scope id suffix to received udp6 dgrams (Pekka Nikander) https://github.com/nodejs/node/pull/14500
doc:
  * add AshCripps to collaborators (AshCripps) https://github.com/nodejs/node/pull/34494
  * add HarshithaKP to collaborators (Harshitha K P) https://github.com/nodejs/node/pull/34417
  * add rexagod to collaborators (Pranshu Srivastava) https://github.com/nodejs/node/pull/34457
  * add release key for Richard Lau (Richard Lau) https://github.com/nodejs/node/pull/34397
events:
  * (SEMVER-MINOR) expand NodeEventTarget functionality (Anna Henningsen) https://github.com/nodejs/node/pull/34057
src:
  * (SEMVER-MINOR) allow preventing SetPromiseRejectCallback (Shelley Vohr) https://github.com/nodejs/node/pull/34387
  * (SEMVER-MINOR) allow setting a dir for all diagnostic output (AshCripps) https://github.com/nodejs/node/pull/33584
worker:
  * (SEMVER-MINOR) make MessagePort inherit from EventTarget (Anna Henningsen) https://github.com/nodejs/node/pull/34057
zlib:
  * switch to lazy init for zlib streams (Andrey Pechkurov) https://github.com/nodejs/node/pull/34048

PR-URL: https://github.com/nodejs/node/pull/34542
2020-07-29 14:38:50 -04:00
Shelley Vohr
90ee98a7d1
2020-07-22, Version 12.18.3 'Erbium' (LTS)
Notable changes:

deps:
  * upgrade npm to 6.14.6 (claudiahdz) [#34246](https://github.com/nodejs/node/pull/34246)
  * update node-inspect to v2.0.0 (Jan Krems) [#33447](https://github.com/nodejs/node/pull/33447)
  * uvwasi: cherry-pick 9e75217 (Colin Ihrig) [#33521](https://github.com/nodejs/node/pull/33521)

PR-URL: https://github.com/nodejs/node/pull/34343
2020-07-22 09:54:26 -07:00
Myles Borins
a981c65b90
2020-07-21, Version 14.6.0 (Current)
Notable changes:

deps:
  * upgrade npm to 6.14.6 (claudiahdz) https://github.com/nodejs/node/pull/34246
  * upgrade to libuv 1.38.1 (Colin Ihrig) https://github.com/nodejs/node/pull/34187
  * (SEMVER-MINOR) update V8 to 8.4.371.19 (Michaël Zasso) [#33579](https://github.com/nodejs/node/pull/33579)
module:
  * (SEMVER-MINOR) deprecate module.parent (Antoine du HAMEL) https://github.com/nodejs/node/pull/32217
  * (SEMVER-MINOR) package "imports" field (Guy Bedford) https://github.com/nodejs/node/pull/34117
src:
  * (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) https://github.com/nodejs/node/pull/34303
  * (SEMVER-MINOR) allow embedders to disable esm loader (Shelley Vohr) https://github.com/nodejs/node/pull/34060
tls:
  * (SEMVER-MINOR) make 'createSecureContext' honor more options (Mateusz Krawczuk) https://github.com/nodejs/node/pull/33974
vm:
  * (SEMVER-MINOR) add run-after-evaluate microtask mode (Anna Henningsen) https://github.com/nodejs/node/pull/34023
worker:
  * (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) https://github.com/nodejs/node/pull/34303
New Collaborators:
  * add danielleadams to collaborators (Danielle Adams) https://github.com/nodejs/node/pull/34360
  * add sxa as collaborator (Stewart X Addison) https://github.com/nodejs/node/pull/34338
  * add ruyadorno to collaborators (Ruy Adorno) https://github.com/nodejs/node/pull/34297

PR-URL: https://github.com/nodejs/node/pull/34371
2020-07-21 17:45:12 -04:00
Richard Lau
95770df2fb
2020-07-21, Version 10.22.0 'Dubnium' (LTS)
Notable changes:

- deps:
  - upgrade npm to 6.14.6 (claudiahdz)
    https://github.com/nodejs/node/pull/34246
  - upgrade openssl sources to 1.1.1g (Hassaan Pasha)
    https://github.com/nodejs/node/pull/32982
- n-api:
  - add `napi_detach_arraybuffer` (legendecas)
    https://github.com/nodejs/node/pull/29768

PR-URL: https://github.com/nodejs/node/pull/34170
2020-07-21 16:52:47 +01:00
Antoine du Hamel
01bd8102ef
doc: mark Node.js 13 as End-of-Life
Remove the "Current" label for Node.js 13 in the CHANGELOG.

PR-URL: https://github.com/nodejs/node/pull/34436
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
2020-07-20 18:29:09 +02:00
Shelley Vohr
eb8fc2bf0f
2020-06-30, Version 14.5.0 (Current)
Notable changes:

build:
  * (SEMVER-MINOR) reset embedder string to "-node.0" (Michaël Zasso) https://github.com/nodejs/node/pull/33376
cli:
  * (SEMVER-MINOR) add alias for report-directory to make it consistent (AshCripps) https://github.com/nodejs/node/pull/33587
crypto:
  * (SEMVER-MINOR) allow KeyObjects in postMessage (Tobias Nießen) https://github.com/nodejs/node/pull/33360
deps:
  * (SEMVER-MINOR) V8: cherry-pick 0d6debcc5f08 (Michaël Zasso) https://github.com/nodejs/node/pull/33376
  * (SEMVER-MINOR) update V8 to 8.3.110.9 (Michaël Zasso) https://github.com/nodejs/node/pull/33376
dgram:
  * (SEMVER-MINOR) allow typed arrays in .send() (Sarat Addepalli) https://github.com/nodejs/node/pull/22413
events:
  * (SEMVER-MINOR) initial implementation of experimental EventTarget (James M Snell) https://github.com/nodejs/node/pull/33556
fs:
  * (SEMVER-MINOR) implement lutimes (Maël Nison) https://github.com/nodejs/node/pull/33399
http:
  * (SEMVER-MINOR) expose host and protocol on ClientRequest (wenningplus) https://github.com/nodejs/node/pull/33803
  * (SEMVER-MINOR) add maxTotalSockets to agent class (rickyes) https://github.com/nodejs/node/pull/33617
  * (SEMVER-MINOR) return this from OutgoingMessage#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) return this from ClientRequest#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) return this from IncomingMessage#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) https://github.com/nodejs/node/pull/33278
http2:
  * (SEMVER-MINOR) return this for Http2ServerRequest#setTimeout (Pranshu Srivastava) https://github.com/nodejs/node/pull/33994
  * (SEMVER-MINOR) do not modify explicity set date headers (Pranshu Srivastava) https://github.com/nodejs/node/pull/33160
process:
  * (SEMVER-MINOR) add unhandled-rejection throw and warn-with-error-code (Dan Fabulich) https://github.com/nodejs/node/pull/33475
src:
  * (SEMVER-MINOR) store key data in separate class (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) add NativeKeyObject base class (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) rename internal key handles to KeyObjectHandle (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) add equality operators for BaseObjectPtr (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) introduce BaseObject base FunctionTemplate (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) add public APIs to manage v8::TracingController (Anna Henningsen) https://github.com/nodejs/node/pull/33850
stream*:
  * runtime deprecate Transform._transformState (Robert Nagy) https://github.com/nodejs/node/pull/32763
win:
  * (SEMVER-MINOR) allow skipping the supported platform check (João Reis) https://github.com/nodejs/node/pull/33176
worker:
  * (SEMVER-MINOR) add public method for marking objects as untransferable (Anna Henningsen) https://github.com/nodejs/node/pull/33979
  * (SEMVER-MINOR) emit `'messagerror'` events for failed deserialization (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow passing JS wrapper objects via postMessage (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow transferring/cloning generic BaseObjects (Anna Henningsen) https://github.com/nodejs/node/pull/33772
worker,fs:
  * (SEMVER-MINOR) make FileHandle transferable (Anna Henningsen) https://github.com/nodejs/node/pull/33772
zlib:
  * (SEMVER-MINOR) add `maxOutputLength` option (unknown) https://github.com/nodejs/node/pull/33516

PR-URL: https://github.com/nodejs/node/pull/34093
2020-06-30 15:27:43 -07:00
Beth Griggs
cb673e1b61
2020-06-30, Version 12.18.2 'Erbium' (LTS)
Notable changes:

- deps: V8: backport fb26d0bb1835 (Matheus Marchini)
  [#33573](https://github.com/nodejs/node/pull/33573)
- src: use symbol to store `AsyncWrap` resource (Anna Henningsen)
  [#31745](https://github.com/nodejs/node/pull/31745)

PR-URL: https://github.com/nodejs/node/pull/34077
2020-06-30 14:31:59 +01:00
Shelley Vohr
e9145dbaef
2020-06-17, Version 12.18.1 'Erbium' (LTS)
Notable changes:

deps:
  * V8: cherry-pick 548f6c81d424 (Dominykas Blyžė) [#33484](https://github.com/nodejs/node/pull/33484)
  * update to uvwasi 0.0.9 (Colin Ihrig) [#33445](https://github.com/nodejs/node/pull/33445)
  * upgrade to libuv 1.38.0 (Colin Ihrig) [#33446](https://github.com/nodejs/node/pull/33446)
  * upgrade npm to 6.14.5 (Ruy Adorno) [#33239](https://github.com/nodejs/node/pull/33239)

PR-URL: https://github.com/nodejs/node/pull/33811
2020-06-17 09:26:19 -07:00
Beth Griggs
f46ca0fd29
2020-06-02, Version 10.21.0 'Dubnium' (LTS)
This is a security release.

Vulnerabilities fixed:

- CVE-2020-8174: napi_get_value_string_*() allows various kinds of
                 memory corruption (High).
- CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).

PR-URL: https://github.com/nodejs-private/node-private/pull/211
2020-06-02 20:35:52 +02:00
Michaël Zasso
12bcee8628
2020-06-02, Version 12.18.0 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: `napi_get_value_string_*()` allows various kinds of memory corruption (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/213
2020-06-02 20:35:52 +02:00
Michaël Zasso
64e33dc952
2020-06-02, Version 14.4.0 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: `napi_get_value_string_*()` allows various kinds of memory corruption (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/212
2020-06-02 20:35:52 +02:00
Michaël Zasso
dcc112b7f7
2020-05-26, Version 12.17.0 'Erbium' (LTS)
Notable changes:

* ECMAScript Modules - `--experimental-modules` flag removal
* AsyncLocalStorage API (experimental)
* REPL previews
* REPL reverse-i-search
* REPL substring-based search
* Error monitoring
  * Monitoring `error` events
  * Monitoring uncaught exceptions
* File system APIs
  * New function: `fs.readv`
  * Optional parameters in `fs.read`
* Console `groupIndentation` option
* `maxStringLength` option for `util.inspect()`
* Stable N-API release 6
* Stable diagnostic reports
* Increase of the default server headers timeout
* New `--trace-sigint` CLI flag
* Various crypto APIs now support Diffie-Hellman secrets
* Added support for the `dns.ALL` flag in `dns.lookup()`
* Added a new experimental API to interact with Source Map V3 data
* Added support for passing a `transferList` along with `workerData` to
  the `Worker` constructor

PR-URL: https://github.com/nodejs/node/pull/33197
2020-05-26 15:55:39 +02:00
Shelley Vohr
c841f516d5
2020-05-19, Version 14.3.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) move PromiseHook handler to JS (Stephen Belanger) https://github.com/nodejs/node/pull/32891
cli:
  * (SEMVER-MINOR) add `--trace-atomics-wait` flag (Anna Henningsen) https://github.com/nodejs/node/pull/33292
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134
http:
  * (SEMVER-MINOR) expose http.validate-header-name/value (osher) https://github.com/nodejs/node/pull/33119
repl:
  * (SEMVER-MINOR) deprecate repl._builtinLibs (Ruben Bridgewater) https://github.com/nodejs/node/pull/33294
  * (SEMVER-MINOR) deprecate repl.inputStream and repl.outputStream (Ruben Bridgewater) https://github.com/nodejs/node/pull/33294
  * (SEMVER-MINOR) show reference errors during preview (Ruben Bridgewater) https://github.com/nodejs/node/pull/33282
  * (SEMVER-MINOR) improve repl preview (Ruben Bridgewater) https://github.com/nodejs/node/pull/33282
src:
  * add support for TLA (Gus Caplan) https://github.com/nodejs/node/pull/30370

PR-URL: https://github.com/nodejs/node/pull/33452
2020-05-19 14:28:43 -07:00
Michaël Zasso
f446b2058d
2020-05-05, Version 14.2.0 (Current)
Notable changes:

* Track function calls with `assert.CallTracker` (experimental).
  https://github.com/nodejs/node/pull/31982
* Added a `groupIndentation` option to the `Console` constructor.
  https://github.com/nodejs/node/pull/32964

PR-URL: https://github.com/nodejs/node/pull/33232
2020-05-05 20:24:37 +02:00
Ruben Bridgewater
d7b02c3cad
2020-04-29, Version 13.14.0 (Current)
Notable Changes:

* async_hooks**:
  * Merge `run` and `exit` methods (Andrey Pechkurov)
    https://github.com/nodejs/node/pull/31950
  * Prevent sync methods of async storage exiting outer context
    (Stephen Belanger)
    https://github.com/nodejs/node/pull/31950
* vm:
  * Add `importModuleDynamically` option to compileFunction (Gus
    Caplan)
    https://github.com/nodejs/node/pull/32985

New core collaborators:

With this release, we welcome two new Node.js core collaborators:

* Juan José Arboleda @juanarbol
  https://github.com/nodejs/node/pull/32906
* Andrey Pechkurov @puzpuzpuz
  https://github.com/nodejs/node/pull/32817

PR-URL: https://github.com/nodejs/node/pull/33122
2020-04-30 00:24:31 +02:00
Beth Griggs
49db211846
2020-04-29, Version 14.1.0 (Current)
Notable changes:

- deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha)
  [#32971](https://github.com/nodejs/node/pull/32971)
- doc: add juanarbol as collaborator (Juan José Arboleda)
  [#32906](https://github.com/nodejs/node/pull/32906)
- http: doc deprecate abort and improve docs (Robert Nagy)
  [#32807](https://github.com/nodejs/node/pull/32807)
- module: do not warn when accessing `__esModule` of unfinished exports
  (Anna Henningsen) [#33048](https://github.com/nodejs/node/pull/33048)
- n-api: detect deadlocks in thread-safe function (Gabriel Schulhof)
  [#32860](https://github.com/nodejs/node/pull/32860)
- src: deprecate embedder APIs with replacements (Anna Henningsen)
  [#32858](https://github.com/nodejs/node/pull/32858)
- stream:
  - don't emit end after close (Robert Nagy)
    [#33076](https://github.com/nodejs/node/pull/33076)
  - don't wait for close on legacy streams (Robert Nagy)
    [#33058](https://github.com/nodejs/node/pull/33058)
  - pipeline should only destroy un-finished streams (Robert Nagy)
    [#32968](https://github.com/nodejs/node/pull/32968)
- vm: add importModuleDynamically option to compileFunction (Gus Caplan)
  [#32985](https://github.com/nodejs/node/pull/32985)

PR-URL: https://github.com/nodejs/node/pull/33103
2020-04-29 19:33:51 +01:00
Michaël Zasso
165011ea98
2020-04-28, Version 12.16.3 'Erbium' (LTS)
Notable changes:

Dependencies:
  * Updated OpenSSL to 1.1.1g.
    https://github.com/nodejs/node/pull/32971
  * Updated c-ares to 1.16.0.
    https://github.com/nodejs/node/pull/32246
  * Updated experimental uvwasi to 0.0.6.
    https://github.com/nodejs/node/pull/32309
ESM (experimental):
  * Additional warnings are no longer printed for modules that use
    conditional exports or package name self resolution.
    https://github.com/nodejs/node/pull/31845

PR-URL: https://github.com/nodejs/node/pull/33009
2020-04-28 15:24:52 +02:00
Beth Griggs
372c7cc3c2
2020-04-21, Version 14.0.0 (Current)
Deprecations:

- (SEMVER-MAJOR) crypto: move pbkdf2 without digest to EOL
  (James M Snell) [#31166](https://github.com/nodejs/node/pull/31166)
- (SEMVER-MAJOR) fs: deprecate closing FileHandle on garbage collection
  (James M Snell) [#28396](https://github.com/nodejs/node/pull/28396)
- (SEMVER-MAJOR) http: move OutboundMessage.prototype.flush to EOL
  (James M Snell) [#31164](https://github.com/nodejs/node/pull/31164)
- (SEMVER-MAJOR) lib: move GLOBAL and root aliases to EOL
  (James M Snell) [#31167](https://github.com/nodejs/node/pull/31167)
- (SEMVER-MAJOR) os: move tmpDir() to EOL
  (James M Snell)[#31169](https://github.com/nodejs/node/pull/31169)
- (SEMVER-MAJOR) src: remove deprecated wasm type check
  (Clemens Backes) [#32116](https://github.com/nodejs/node/pull/32116)
- (SEMVER-MAJOR) stream: move \_writableState.buffer to EOL
  (James M Snell) [#31165](https://github.com/nodejs/node/pull/31165)
- (SEMVER-MINOR) doc: deprecate process.mainModule
  (Antoine du HAMEL) [#32232](https://github.com/nodejs/node/pull/32232)
- (SEMVER-MINOR) doc: deprecate process.umask() with no arguments
  (Colin Ihrig) [#32499](https://github.com/nodejs/node/pull/32499)

ECMAScript Modules - Experimental Warning Removal:

- module: remove experimental modules warning
  (Guy Bedford) [#31974](https://github.com/nodejs/node/pull/31974)

In Node.js 13 we removed the need to include the --experimental-modules
flag, but when running EcmaScript Modules in Node.js, this would still
result in a warning ExperimentalWarning: The ESM module loader is
experimental.

As of Node.js 14 there is no longer this warning when using ESM in
Node.js. However, the ESM implementation in Node.js remains
experimental. As per our stability index: “The feature is not subject
to Semantic Versioning rules. Non-backward compatible changes or
removal may occur in any future release.” Users should be cautious when
using the feature in production environments.

Please keep in mind that the implementation of ESM in Node.js differs
from the developer experience you might be familiar with. Most
transpilation workflows support features such as optional file
extensions or JSON modules that the Node.js ESM implementation does not
support. It is highly likely that modules from transpiled environments
will require a certain degree of refactoring to work in Node.js. It is
worth mentioning that many of our design decisions were made with two
primary goals. Spec compliance and Web Compatibility. It is our belief
that the current implementation offers a future proof model to
authoring ESM modules that paves the path to Universal JavaScript.
Please read more in our documentation.

The ESM implementation in Node.js is still experimental but we do believe
that we are getting very close to being able to call ESM in Node.js
“stable”. Removing the warning is a huge step in that direction.

New V8 ArrayBuffer API:

* **src**: migrate to new V8 ArrayBuffer API
  (Thang Tran) [#30782](https://github.com/nodejs/node/pull/30782)

Multiple ArrayBuffers pointing to the same base address are no longer
allowed by V8. This may impact native addons.

Toolchain and Compiler Upgrades:

- (SEMVER-MAJOR) build: update macos deployment target to 10.13 for 14.x
  (AshCripps)[#32454](https://github.com/nodejs/node/pull/32454)
- (SEMVER-MAJOR) doc: update cross compiler machine for Linux armv7
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) doc: update Centos/RHEL releases use devtoolset-8
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) doc: remove SmartOS from official binaries
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) win: block running on EOL Windows versions
  (João Reis) [#31954](https://github.com/nodejs/node/pull/31954)

It is expected that there will be an ABI mismatch on ARM between the
Node.js binary and native addons. Native addons are only broken if they
interact with `std::shared_ptr`. This is expected to be fixed in a
later version of Node.js 14.
- [#30786](https://github.com/nodejs/node/issues/30786)

Update to V8 8.1:

- (SEMVER-MAJOR) deps: update V8 to 8.1.307.20
  (Matheus Marchini) [#32116](https://github.com/nodejs/node/pull/32116)

Other Notable Changes:

- cli, report: move --report-on-fatalerror to stable
  (Colin Ihrig) [#32496](https://github.com/nodejs/node/pull/32496)
- deps: upgrade to libuv 1.37.0
  (Colin Ihrig) [#32866](https://github.com/nodejs/node/pull/32866)
- fs: add fs/promises alias module
  (Gus Caplan) [#31553](https://github.com/nodejs/node/pull/31553)

PR-URL: https://github.com/nodejs/node/pull/32181
2020-04-21 15:50:14 +01:00
Michaël Zasso
cf4c332b7a
2020-04-14, Version 13.13.0 (Current)
Notable changes:

New file system APIs:
* Added a new function, `fs.readv` (with sync and promisified versions).
  This function takes an array of `ArrayBufferView` elements and will
  write the data it reads sequentially to the buffers
  (Sk Sajidul Kadir). https://github.com/nodejs/node/pull/32356
* A new overload is available for `fs.readSync`, which allows to
  optionally pass any of the `offset`, `length` and `position`
  parameters. https://github.com/nodejs/node/pull/32460

Other changes:
* dns:
  * Added the `dns.ALL` flag, that can be passed to `dns.lookup()` with
    `dns.V4MAPPED` to return resolved IPv6 addresses as well as IPv4
    mapped IPv6 addresses (murgatroid99).
    https://github.com/nodejs/node/pull/32183
* http:
  * The default maximum HTTP header size was changed from 8KB to 16KB
    (rosaxny). https://github.com/nodejs/node/pull/32520
* n-api:
  * Calls to `napi_call_threadsafe_function` from the main thread can
    now return the `napi_would_deadlock` status in certain
    circumstances (Gabriel Schulhof).
    https://github.com/nodejs/node/pull/32689
* util:
  * Added a new `maxStrLength` option to `util.inspect`, to control the
    maximum length of printed strings. Its default value is `Infinity`
    (rosaxny). https://github.com/nodejs/node/pull/32392
* worker:
  * Added support for passing a `transferList` along with `workerData`
    to the `Worker` constructor (Juan José Arboleda).
    https://github.com/nodejs/node/pull/32278

New core collaborators:
With this release, we welcome three new Node.js core collaborators:
* himself65. https://github.com/nodejs/node/pull/32734
* flarna (Gerhard Stoebich). https://github.com/nodejs/node/pull/32620
* mildsunrise (Alba Mendez). https://github.com/nodejs/node/pull/32525

PR-URL: https://github.com/nodejs/node/pull/32813
2020-04-14 20:22:41 +02:00
Beth Griggs
8d93df41b0
2020-04-12 Node.js v10.20.1 'Dubnium' (LTS) Release
Notable changes:

Due to release process failures, Node.js v10.20.0 shipped with source
and header tarballs that did not properly match the final release
commit that was used to build the binaries. We recommend that Node.js
v10.20.0 not be used, particularly in any applications using native
add-ons or where compiling Node.js from source is involved.

Node.js v10.20.1 is a clean release with the correct sources and is
strongly recommended in place of v10.20.0.

PR-URL: https://github.com/nodejs/node/pull/32768
2020-04-12 13:55:01 +01:00
Shelley Vohr
6ec0285478
2020-04-08 Version 12.16.2 'Erbium' (LTS)
Notable changes:

doc:
  * add ronag to collaborators (Robert Nagy) [#31498](https://github.com/nodejs/node/pull/31498)
  * add GeoffreyBooth to collaborators (Geoffrey Booth) [#31306](https://github.com/nodejs/node/pull/31306)
deps:
  * upgrade npm to 6.13.6 (Ruy Adorno) [#31304](https://github.com/nodejs/node/pull/31304)
  * update openssl to 1.1.1e (Hassaan Pasha) [#32328](https://github.com/nodejs/node/pull/32328)
2020-04-08 11:10:14 -07:00
Beth Griggs
9b46e3f7cc
2020-04-08, Version 10.20.0 'Dubnium' (LTS)
macOS package notarization and a change in builder configuration

The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.

Notable changes:

- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
  [#19691](https://github.com/nodejs/node/pull/19691)
- build: macOS package notarization (Rod Vagg)
  [#31459](https://github.com/nodejs/node/pull/31459)
- deps:
  - update npm to 6.14.3 (Myles Borins)
    [#32368](https://github.com/nodejs/node/pull/32368)
  - upgrade openssl sources to 1.1.1e (Hassaan Pasha)
    [#32328](https://github.com/nodejs/node/pull/32328)
  - upgrade to libuv 1.34.2 (cjihrig)
    [#31477](https://github.com/nodejs/node/pull/31477)
- n-api:
  - add napi\_get\_all\_property\_names (himself65)
    [#30006](https://github.com/nodejs/node/pull/30006)
  - add APIs for per-instance state management (Gabriel Schulhof)
    [#28682](https://github.com/nodejs/node/pull/28682)
  - define release 6
    [#32058](https://github.com/nodejs/node/pull/32058)
  - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
    [#26128](https://github.com/nodejs/node/pull/26128)
- tls:
  - expose keylog event on TLSSocket (Alba Mendez)
    [#27654](https://github.com/nodejs/node/pull/27654)
  - support TLS min/max protocol defaults in CLI (Sam Roberts)
    [#27946](https://github.com/nodejs/node/pull/27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
  [#26226](https://github.com/nodejs/node/pull/26226)

PR-URL: https://github.com/nodejs/node/pull/31984
2020-04-08 16:50:11 +01:00
Myles Borins
113c04c524
2020-03-26 Version 13.12.0 (Current)
macOS package notarization and a change in builder configuration:

The macOS binaries for this release, and future 13.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing on .pkg files on
macOS 10.15 and later. Previous builds of Node.js 13.x were compiled on
macOS 10.11 (El Capitan) with Xcode 10. As binaries are still being
compiled to support a minimum of macOS 10.10 (Yosemite) we do not
anticipate this having a negative impact on Node.js 13.x users with
older versions of macOS.

Notable changes:

* build:
  * macOS package notarization (Rod Vagg)
    https://github.com/nodejs/node/pull/31459
* deps:
  * upgrade npm to 6.14.4 (Ruy Adorno)
    https://github.com/nodejs/node/pull/32495
  * update to uvwasi 0.0.6 (Colin Ihrig)
    https://github.com/nodejs/node/pull/32309
  * upgrade to libuv 1.35.0 (Colin Ihrig)
    https://github.com/nodejs/node/pull/32204
* lib:
  * add --disable-proto option to cli (Gus Caplan)
    https://github.com/nodejs/node/pull/32279
* node_report:
  * move diagnostic reports to stable (Colin Ihrig)
    https://github.com/nodejs/node/pull/32242
* worker:
  * allow URL in Worker constructor (Antoine du HAMEL)
    https://github.com/nodejs/node/pull/31664
* util:
  * use a global symbol for `util.promisify.custom` (ExE Boss)
    https://github.com/nodejs/node/pull/31672

PR-URL: https://github.com/nodejs/node/pull/32376
2020-03-26 18:49:28 -04:00
Myles Borins
5bfbd75e47
2020-03-11 Version 13.11.0 (Current)
Notable changes:

* async_hooks:
  - add sync enterWith to ALS (Stephen Belanger)
    https://github.com/nodejs/node/pull/31945
* cli:
  - allow --jitless V8 flag in NODE\_OPTIONS (Andrew Neitsch)
    https://github.com/nodejs/node/pull/32100
* fs:
  - return first folder made by mkdir recursive (Benjamin Coe)
    https://github.com/nodejs/node/pull/31530
* n-api:
  - define release 6 (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/32058
* src:
  - create a getter for kernel version (Juan José Arboleda)
    https://github.com/nodejs/node/pull/31732
* wasi:
  - add returnOnExit option (Colin Ihrig)
    https://github.com/nodejs/node/pull/32101

PR-URL: https://github.com/nodejs/node/pull/32185
2020-03-11 23:54:53 -04:00
Rich Trott
b6cd2155c3 doc: remove em dashes
Our documentation uses em dashes inconsistently. They are treated
inconsistently typographically too. (For example, they are sometimes
surrounded by spaces and sometimes not.) They are also often confused
with ordinary hyphens such as in the CHANGELOG, where they are
inadvertently mixed together in a single list. The difference is
not obvious in the raw markdown but is very noticeable when rendered,
appearing to be a typographical error (which it in fact is).

The em dash is never needed. There are always alternatives. Remove em
dashes entirely.

PR-URL: https://github.com/nodejs/node/pull/32080
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2020-03-05 22:25:42 -08:00
Myles Borins
67d45fb298
2020-03-04 Version 13.10.1 (Current)
Notable changes:

In Node.js 13.9.0 deps/zlib was switched to the chromium maintained
implementation. This change had the unforseen consequence of breaking
building from the tarballs we release as we were too aggressively
removing `unneccessary files` from the `deps/zlib` folder. This release
includes a patch that ensures that individuals will once again be able
to build Node.js from source.

PR-URL: https://github.com/nodejs/node/pull/32099
2020-03-04 20:37:29 -05:00
Shelley Vohr
75466869fb
2020-03-04 Version 13.10.0 (Current)
Notable changes:

* async_hooks
  * introduce async-context API (vdeturckheim) #26540
* stream
  * support passing generator functions into pipeline() (Robert Nagy) #31223
* tls
  * expose SSL\_export\_keying\_material (simon) #31814
* vm
  * implement vm.measureMemory() for per-context memory measurement (Joyee Cheung) #31824

PR-URL: https://github.com/nodejs/node/pull/32027
2020-03-04 09:53:11 -08:00
Shelley Vohr
0c3c0e7184
2020-02-18, Version 13.9.0 (Current)
Notable changes:

* async_hooks
  * add executionAsyncResource (Matteo Collina) #30959
* crypto
  * add crypto.diffieHellman (Tobias Nießen) #31178
  * add DH support to generateKeyPair (Tobias Nießen) #31178
  * simplify DH groups (Tobias Nießen) #31178
  * add key type 'dh' (Tobias Nießen) #31178
* test
  * skip keygen tests on arm systems (Tobias Nießen) #31178
* perf_hooks
  * add property flags to GCPerformanceEntry (Kirill Fomichev) #29547
* process
  * report ArrayBuffer memory in `memoryUsage()` (Anna Henningsen) #31550
* readline
  * make tab size configurable (Ruben Bridgewater) #31318
* report
  * add support for Workers (Anna Henningsen) #31386
* worker
  * add ability to take heap snapshot from parent thread (Anna Henningsen) #31569
* added new collaborators
  * add ronag to collaborators (Robert Nagy) #31498

PR-URL: https://github.com/nodejs/node/pull/31837
2020-02-18 12:40:21 -08:00
Myles Borins
1c2d77d3d9
2020-02-18, Version 12.16.1 'Erbium' (LTS)
Notable changes:

Node.js 12.16.0 included 6 regressions that are being fixed in this
release

**Accidental Unflagging of Self Resolving Modules**:

12.16.0 included a large update to the ESM implementation. One of the
new features, Self Referential Modules, was accidentally released
without requiring the `--experimental-modules` flag. This release is
being made to appropriately flag the feature.

**Process Cleanup Changed Introduced WASM-Related Assertion**:

A change during Node.js process cleanup led to a crash in combination
with specific usage of WASM. This has been fixed by partially reverted
said change. A regression test and a full fix are being worked on and
will likely be included in future 12.x and 13.x releases.

**Use Largepages Runtime Option Introduced Linking Failure**:

A Semver-Minor change to introduce `--use-largepages` as a runtime
option introduced a linking failure. This had been fixed in master but
regressed as the fix has not yet gone out in a Current release. The
feature has been reverted, but will be able to reland with a fix in a
future Semver-Minor release.

**Async Hooks was Causing an Exception When Handling Errors**:

Changes in async hooks internals introduced a case where an internal
api call could be called with undefined causing a process to crash. The
change to async hooks was reverted. A regression test and fix has been
proposed and the change could re land in a future Semver-Patch release
if the regression is reliably fixed.

**New Enumerable Read-Only Property on EventEmitter breaks @types/extend**

A new property for enumerating events was added to the EventEmitter
class. This broke existing code that was using the `@types/extend`
module for extending classses as `@types/extend` was attemping to write
over the existing field which the new change made read-only. As this is
the first property on EventEmitter that is read-only this feature could
be considered Semver-Major. The new feature has been reverted but could
re land in a future Semver-Minor release if a non breaking way of
applying it is found.

**Exceptions in the HTTP parser were not emitting an uncaughtException**

A refactoring to Node.js interanls resulted in a bug where errors in
the HTTP parser were not being emitted by
`process.on('uncaughtException')`. The fix to this bug has been
included in this release.

PR-URL: https://github.com/nodejs/node/pull/31781
2020-02-18 14:46:29 -05:00
Myles Borins
1c11ea4388
2020-02-11, Version 12.16.0 'Erbium' (LTS)
Notable changes:

New assert APIs

The `assert` module now provides experimental `assert.match()` and
`assert.doesNotMatch()` methods. They will validate that the first argument is a
string and matches (or does not match) the provided regular expression

This is an experimental feature.

Ruben Bridgewater [#30929](https://github.com/nodejs/node/pull/30929).

Advanced serialization for IPC

The `child_process` and `cluster` modules now support a `serialization` option
to change the serialization mechanism used for IPC. The option can have one of
two values:

* `'json'` (default): `JSON.stringify()` and `JSON.parse()` are used. This is
  how message serialization was done before.
* `'advanced'`: The serialization API of the `v8` module is used. It is based on
  the HTML structured clone algorithm.
  and is able to serialize more built-in JavaScript object types, such as
  `BigInt`, `Map`, `Set` etc. as well as circular data structures.

Anna Henningsen [#30162](https://github.com/nodejs/node/pull/30162).

CLI flags

The new `--trace-exit` CLI flag makes Node.js print a stack trace whenever the
Node.js environment is exited proactively (i.e. by invoking the `process.exit()`
function or pressing Ctrl+C).

legendecas [#30516](https://github.com/nodejs/node/pull/30516).

___

The new `--trace-uncaught` CLI flag makes Node.js print a stack trace at the
time of throwing uncaught exceptions, rather than at the creation of the `Error`
object, if there is any.
This option is not enabled by default because it may affect garbage collection
behavior negatively.

Anna Henningsen [#30025](https://github.com/nodejs/node/pull/30025).

___

The `--disallow-code-generation-from-strings` V8 CLI flag is now whitelisted in
the `NODE_OPTIONS` environment variable.

Shelley Vohr [#30094](https://github.com/nodejs/node/pull/30094).

New crypto APIs

For DSA and ECDSA, a new signature encoding is now supported in addition to the
existing one (DER). The `verify` and `sign` methods accept a `dsaEncoding`
option, which can have one of two values:

* `'der'` (default): DER-encoded ASN.1 signature structure encoding `(r, s)`.
* `'ieee-p1363'`: Signature format `r || s` as proposed in IEEE-P1363.

Tobias Nießen [#29292](https://github.com/nodejs/node/pull/29292).

___

A new method was added to `Hash`: `Hash.prototype.copy`. It makes it possible to
clone the internal state of a `Hash` object into a new `Hash` object, allowing
to compute the digest between updates.

Ben Noordhuis [#29910](https://github.com/nodejs/node/pull/29910).

Dependency updates

libuv was updated to 1.34.0. This includes fixes to `uv_fs_copyfile()` and
`uv_interface_addresses()` and adds two new functions: `uv_sleep()` and
`uv_fs_mkstemp()`.

Colin Ihrig [#30783](https://github.com/nodejs/node/pull/30783).

___

V8 was updated to 7.8.279.23. This includes performance improvements to object
destructuring, RegExp match failures and WebAssembly startup time.
The official release notes are available at https://v8.dev/blog/v8-release-78.

Michaël Zasso [#30109](https://github.com/nodejs/node/pull/30109).

New EventEmitter APIs

The new `EventEmitter.on` static method allows to async iterate over events.

Matteo Collina [#27994](https://github.com/nodejs/node/pull/27994).

___

It is now possible to monitor `'error'` events on an `EventEmitter` without
consuming the emitted error by installing a listener using the symbol
`EventEmitter.errorMonitor`.

Gerhard Stoebich [#30932](https://github.com/nodejs/node/pull/30932).

___

Using `async` functions with event handlers is problematic, because it
can lead to an unhandled rejection in case of a thrown exception.

The experimental `captureRejections` option in the `EventEmitter` constructor or
the global setting change this behavior, installing a
`.then(undefined, handler)` handler on the `Promise`. This handler routes the
exception asynchronously to the `Symbol.for('nodejs.rejection')` method if there
is one, or to the `'error'` event handler if there is none.

Setting `EventEmitter.captureRejections = true` will change the default for all
new instances of `EventEmitter`.

This is an experimental feature.

Matteo Collina [#27867](https://github.com/nodejs/node/pull/27867).

Performance Hooks are no longer experimental

The `perf_hooks` module is now considered a stable API.

legendecas [#31101](https://github.com/nodejs/node/pull/31101).

Introduction of experimental WebAssembly System Interface (WASI) support

A new core module, `wasi`, is introduced to provide an implementation of the
[WebAssembly System Interface](https://wasi.dev/) specification.
WASI gives sandboxed WebAssembly applications access to the
underlying operating system via a collection of POSIX-like functions.

This is an experimental feature.

Colin Ihrig [#30258](https://github.com/nodejs/node/pull/30258).

PR-URL: https://github.com/nodejs/node/pull/31691
2020-02-11 19:20:59 +01:00
Beth Griggs
d602e586bf
2020-02-06, Version 10.19.0 'Dubnium' (LTS)
This is a security release.

Vulnerabilities fixed:
* **CVE-2019-15606**:
          HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
          HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
          Remotely trigger an assertion on a TLS server with a malformed
          certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.

PR-URL: https://github.com/nodejs-private/node-private/pull/198
2020-02-06 03:05:04 +00:00
Beth Griggs
e65ae42785
2020-02-06, Version 12.15.0 'Erbium' (LTS)
This is a security release.

Vulnerabilities fixed:
* **CVE-2019-15606**:
      HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
      HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
      Remotely trigger an assertion on a TLS server with a malformed
      certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.

PR-URL: https://github.com/nodejs-private/node-private/pull/197
2020-02-06 02:55:47 +00:00
Beth Griggs
f0f2583c91
2020-02-06, Version 13.8.0 (Current)
This is a security release.

Vulnerabilities fixed:
* **CVE-2019-15606**:
      HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
      HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
      Remotely trigger an assertion on a TLS server with a malformed
      certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.

PR-URL: https://github.com/nodejs-private/node-private/pull/196
2020-02-06 02:39:39 +00:00
Shelley Vohr
a484f1acf3
2020-01-21, Version 13.7.0 (Current)
Notable changes:

* deps:
  * upgrade to libuv 1.34.1 (cjihrig) https://github.com/nodejs/node/pull/31332
  * upgrade npm to 6.13.6 (Ruy Adorno) https://github.com/nodejs/node/pull/31304
* module
  * add API for interacting with source maps (bcoe) https://github.com/nodejs/node/pull/31132
  * loader getSource, getFormat, transform hooks (Geoffrey Booth) https://github.com/nodejs/node/pull/30986
  * logical conditional exports ordering (Guy Bedford) https://github.com/nodejs/node/pull/31008
  * unflag conditional exports (Guy Bedford) https://github.com/nodejs/node/pull/31001
* process:
  * allow monitoring uncaughtException (Gerhard Stoebich) https://github.com/nodejs/node/pull/31257
* Added new collaborators:
  * [GeoffreyBooth](https://github.com/GeoffreyBooth) - Geoffrey Booth. https://github.com/nodejs/node/pull/31306

PR-URL: https://github.com/nodejs/node/pull/31382
2020-01-21 09:58:13 -08:00
Beth Griggs
9d5d4f84e3
2020-01-09, Version 10.18.1 'Dubnium' (LTS)
- http2: fix session memory accounting after pausing (Michael Lehenbauer)
  [#30684](https://github.com/nodejs/node/pull/30684)
- n-api: correct bug in napi_get_last_error (Octavian Soldea)
  [#28702](https://github.com/nodejs/node/pull/28702)
- tools: update tzdata to 2019c (Myles Borins)
  [#30479](https://github.com/nodejs/node/pull/30479)

PR-URL: https://github.com/nodejs/node/pull/31248
2020-01-09 21:48:45 +00:00
Ruben Bridgewater
e908323b7e
2020-01-07, Version v13.6.0 (Current)
Notable changes:

* assert:
  * Implement `assert.match()` and `assert.doesNotMatch()` (Ruben
    Bridgewater) https://github.com/nodejs/node/pull/30929
* events:
  * Add `EventEmitter.on` to async iterate over events (Matteo Collina)
    https://github.com/nodejs/node/pull/27994
  * Allow monitoring error events (Gerhard Stoebich)
    https://github.com/nodejs/node/pull/30932
* fs:
  * Allow overriding `fs` for streams (Robert Nagy)
    https://github.com/nodejs/node/pull/29083
* perf_hooks:
  * Move `perf_hooks` out of experimental (legendecas)
    https://github.com/nodejs/node/pull/31101
* repl:
  * Implement ZSH-like reverse-i-search (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/31006
* tls:
  * Add PSK (pre-shared key) support (Denys Otrishko)
    https://github.com/nodejs/node/pull/23188

PR-URL: https://github.com/nodejs/node/pull/31238
2020-01-08 00:10:43 +01:00
Beth Griggs
f5512ff61e
2020-01-07, Version 12.14.1 'Erbium' (LTS)
Notable changes:

- crypto: fix key requirements in asymmetric cipher (Tobias Nießen)
  https://github.com/nodejs/node/pull/30249
- deps:
    - update llhttp to 2.0.1 (Fedor Indutny)
      https://github.com/nodejs/node/pull/30553
    - update nghttp2 to 1.40.0 (gengjiawen)
      https://github.com/nodejs/node/pull/30493
- v8: mark serdes API as stable (Anna Henningsen)
  https://github.com/nodejs/node/pull/30234

PR-URL: https://github.com/nodejs/node/pull/31069
2020-01-07 17:25:49 +00:00
Beth Griggs
d845915d46 doc: mark Node.js 8 End-of-Life in CHANGELOG
PR-URL: https://github.com/nodejs/node/pull/31152
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
2020-01-03 20:11:54 -08:00
Myles Borins
24263ff718
2019-12-18, Version 13.5.0 (Current)
Notable Changes:

* cli:
  * add --trace-exit cli option (legendecas)
    https://github.com/nodejs/node/pull/30516
* http,https:
  * increase server headers timeout (Tim Costa)
    https://github.com/nodejs/node/pull/30071
* readline:
  * update ansi-regex (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/30907
  * promote \_getCursorPos to public api (Jeremy Albright)
    https://github.com/nodejs/node/pull/30687
* repl:
  * add completion preview (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/30907
* util:
  * add Set and map size to inspect output (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/30225
* wasi:
  * require CLI flag to require() wasi module (Colin Ihrig)
    https://github.com/nodejs/node/pull/30963

PR-URL: https://github.com/nodejs/node/pull/31010
2019-12-18 13:51:03 -05:00
Myles Borins
bef1e87e1c
2019-12-17, Version 13.4.0 (Current)
This is a security release.

For more details about the vulnerability please consult the npm blog:

https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Notable Changes:
* deps:
  * update npm to 6.13.4
    https://github.com/nodejs/node/pull/30904
  * update uvwasi (Anna Henningsen)
    https://github.com/nodejs/node/pull/30745
  * upgrade to libuv 1.34.0 (Colin Ihrig)
    https://github.com/nodejs/node/pull/30783
* doc:
  * docs deprecate http finished (Robert Nagy)
    https://github.com/nodejs/node/pull/28679
* events:
  * add captureRejection option (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
* http:
  * add captureRejection support (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
  * llhttp opt-in insecure HTTP header parsing (Sam Roberts)
    https://github.com/nodejs/node/pull/30567
* http2:
  * implement capture rection for 'request' and 'stream' events (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
* net:
  * implement capture rejections for 'connection' event (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
* repl:
  * support previews by eager evaluating input (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/30811
* stream:
  * add support for captureRejection option (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
* tls:
  * implement capture rejections for 'secureConnection' event (Matteo Collina)
    https://github.com/nodejs/node/pull/27867
  * expose IETF name for current cipher suite (Sam Roberts)
    https://github.com/nodejs/node/pull/30637
* worker:
  * add argv constructor option (legendecas)
    https://github.com/nodejs/node/pull/30559

PR-URL: https://github.com/nodejs/node/pull/30937
2019-12-17 17:29:02 -05:00
Myles Borins
75c5de2218
2019-12-17, Version 12.14.0 'Erbium' (LTS)
This is a security release.

For more details about the vulnerability please consult the npm blog:

https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Notable Changes:

* deps: update npm to 6.13.4
  https://github.com/nodejs/node/pull/30904

PR-URL: https://github.com/nodejs/node/pull/30938
2019-12-17 17:16:25 -05:00
Myles Borins
178c5d86b0
2019-12-17, Version 10.18.0 'Dubnium' (LTS)
This is a security release.

For more details about the vulnerability please consult the npm blog:

https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Notable Changes:

* deps: update npm to 6.13.4
  https://github.com/nodejs/node/pull/30904

PR-URL: https://github.com/nodejs/node/pull/30940
2019-12-17 17:15:40 -05:00
Myles Borins
8bfa4d0480
2019-12-17, Version 8.17.0 'Carbon' (LTS)
This is a security release.

For more details about the vulnerability please consult the npm blog:

https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Notable Changes:

* deps: update npm to 6.13.4
  https://github.com/nodejs/node/pull/30904

PR-URL: https://github.com/nodejs/node/pull/30941
2019-12-17 17:15:09 -05:00
Ruben Bridgewater
4091ea90b6
2019-12-03, Version 13.3.0 (Current)
Notable changes:

* fs:
  * Reworked experimental recursive `rmdir()`  (cjihrig)
    https://github.com/nodejs/node/pull/30644
    * The `maxBusyTries` option is renamed to `maxRetries`, and its
      default is set to 0. The `emfileWait` option has been removed,
      and `EMFILE` errors use the same retry logic as other errors.
      The `retryDelay` option is now supported. `ENFILE` errors are
      now retried.
* http:
  * Make maximum header size configurable per-stream or per-server
    (Anna Henningsen) https://github.com/nodejs/node/pull/30570
* http2:
  * Make maximum tolerated rejected streams configurable (Denys
    Otrishko) https://github.com/nodejs/node/pull/30534
  * Allow to configure maximum tolerated invalid frames (Denys
    Otrishko) https://github.com/nodejs/node/pull/30534
* wasi:
  * Introduce initial WASI support (cjihrig)
    https://github.com/nodejs/node/pull/30258

PR-URL: https://github.com/nodejs/node/pull/30774
2019-12-03 22:57:31 +01:00
Myles Borins
b8f8f05002
2019-11-21, Version 13.2.0 (Current)
Notable changes:

* addons:
  * Deprecate one- and two-argument `AtExit()`. Use the three-argument
    variant of `AtExit()` or `AddEnvironmentCleanupHook()` instead
    (Anna Henningsen) https://github.com/nodejs/node/pull/30227
* child_process,cluster:
  * The `serialization` option is added that allows child process
    IPC to use the V8 serialization API (to e.g., pass through data
    types like sets or maps) (Anna Henningsen)
    https://github.com/nodejs/node/pull/30162
* deps:
  * Update V8 to 7.9
  * Update `npm` to 6.13.0 (Ruy Adorno)
    https://github.com/nodejs/node/pull/30271
* embedder:
  * Exposes the ability to pass cli flags / options through an API
    as embedder (Shelley Vohr)
    https://github.com/nodejs/node/pull/30466
  * Allow adding linked bindings to Environment (Anna Henningsen)
    https://github.com/nodejs/node/pull/30274
* esm:
  * Unflag --experimental-modules (Guy Bedford)
    https://github.com/nodejs/node/pull/29866
* stream:
  * Add `writable.writableCorked` property (Robert Nagy)
    https://github.com/nodejs/node/pull/29012
* worker:
  * Allow specifying resource limits (Anna Henningsen)
    https://github.com/nodejs/node/pull/26628
* v8:
  * The Serialization API is now stable (Anna Henningsen)
    https://github.com/nodejs/node/pull/30234

PR-URL: https://github.com/nodejs/node/pull/30547
2019-11-21 17:14:59 -05:00
Michaël Zasso
b351d30701
2019-11-19, Version 12.13.1 'Erbium' (LTS)
Notable changes:

* Experimental support for building Node.js with Python 3 is improved.
* ICU time zone data is updated to version 2019c. This fixes the date
  offset in Brazil.

PR-URL: https://github.com/nodejs/node/issues/30352
2019-11-19 11:50:23 +01:00
Michaël Zasso
309e1eae79
2019-11-05, Version 13.1.0 (Current)
Notable changes:

* cli:
  * Added a new flag (`--trace-uncaught`) that makes Node.js print the
    stack trace at the time of throwing uncaught exceptions, rather than
    at the creation of the `Error` object, if there is any. This is
    disabled by default because it affects GC behavior.
    https://github.com/nodejs/node/pull/30025
* crypto
  * Added `Hash.prototype.copy()` method. It returns a new `Hash` object
    with its internal state cloned from the original one.
    https://github.com/nodejs/node/pull/29910
* dgram
  * Added source-specific multicast support. This adds methods to
    Datagram sockets to support RFC 4607
    (https://tools.ietf.org/html/rfc4607) for IPv4 and IPv6.
    https://github.com/nodejs/node/pull/15735
* fs
  * Added a `bufferSize` option to `fs.opendir()`. It allows to control
    the number of entries that are buffered internally when reading from
    the directory. https://github.com/nodejs/node/pull/30114
* meta
  * Added Chengzhong Wu (https://github.com/legendecas) to
    collaborators. https://github.com/nodejs/node/pull/30115

PR-URL: https://github.com/nodejs/node/pull/30262
2019-11-05 19:39:20 +01:00
Myles Borins
5a042a6b1a
2019-10-23, Version 13.0.1 (Current)
Notable changes:

* deps:
  * Fixed a bug in npm 6.12.0 where warnings are emitted on Node.js
    13.x. https://github.com/nodejs/node/pull/30079
* esm:
  * Changed file extension resolution order of
    `--es-module-specifier-resolution=node`to match that of the CommonJS
    loader. https://github.com/nodejs/node/pull/29974

PR-URL: https://github.com/nodejs/node/pull/30081
2019-10-23 12:34:20 +02:00
Beth Griggs
afbbcb050e
2019-10-22, Version 10.17.0 'Dubnium' (LTS)
Notable changes:

* crypto:
  * add support for chacha20-poly1305 for AEAD (chux0519)
    https://github.com/nodejs/node/pull/24081
  * increase maxmem range from 32 to 53 bits (Tobias Nießen)
    https://github.com/nodejs/node/pull/28799
* deps:
  * update npm to 6.11.3 (claudiahdz)
    https://github.com/nodejs/node/pull/29430
  * upgrade openssl sources to 1.1.1d (Sam Roberts)
    https://github.com/nodejs/node/pull/29921
* dns:
  * remove dns.promises experimental warning (cjihrig)
    https://github.com/nodejs/node/pull/26592
* fs:
  * remove experimental warning for fs.promises (Anna Henningsen)
    https://github.com/nodejs/node/pull/26581
* http:
  * makes response.writeHead return the response (Mark S. Everitt)
    https://github.com/nodejs/node/pull/25974
* http2:
  * makes response.writeHead return the response (Mark S. Everitt)
    https://github.com/nodejs/node/pull/25974
* n-api:
  * make func argument of napi\_create\_threadsafe\_function optional
    (legendecas)
    https://github.com/nodejs/node/pull/27791
  * mark version 5 N-APIs as stable (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/29401
  * implement date object (Jarrod Connolly)
    https://github.com/nodejs/node/pull/25917
* process:
  * add --unhandled-rejections flag (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/26599
* stream:
  * implement Readable.from async iterator utility (Guy Bedford)
    https://github.com/nodejs/node/pull/27660
  * make Symbol.asyncIterator support stable (Matteo Collina)
    https://github.com/nodejs/node/pull/26989

PR-URL: https://github.com/nodejs/node/pull/29875
2019-10-22 20:15:24 +01:00
Beth Griggs
42bf0c8df2
2019-10-22, Version 13.0.0 (Current)
Notable changes:

* assert:
  * If the validation function passed to `assert.throws()` or
    `assert.rejects()` returns a value other than `true`, an assertion
    error will be thrown instead of the original error to highlight the
    programming mistake (Ruben Bridgewater).
    https://github.com/nodejs/node/pull/28263
  * If a constructor function is passed to validate the instance of
    errors thrown in `assert.throws()` or `assert.reject()`, an
    assertion error will be thrown instead of the original error
    (Ruben Bridgewater).
    https://github.com/nodejs/node/pull/28263
* build:
  * Node.js releases are now built with default full-icu support. This
    means that all locales supported by ICU are now included and
    Intl-related APIs may return different values than before
    (Richard Lau).
    https://github.com/nodejs/node/pull/29887
  * The minimum Xcode version supported for macOS was increased to 10.
    It is still possible to build Node.js with Xcode 8 but this may no
    longer be the case in a future v13.x release (Michael Dawson).
    https://github.com/nodejs/node/pull/29622
* child_process:
  * `ChildProcess._channel` (DEP0129) is now a Runtime deprecation
    (cjihrig).
    https://github.com/nodejs/node/pull/27949
* console:
  * The output `console.timeEnd()` and `console.timeLog()` will now
    automatically select a suitable time unit instead of always using
    milliseconds (Xavier Stouder).
    https://github.com/nodejs/node/pull/29251
* deps:
  * The V8 engine was updated to version 7.8. This includes performance
    improvements to object destructuring, memory usage and WebAssembly
    startup time (Myles Borins).
    https://github.com/nodejs/node/pull/29694)
* domain:
  * The domain's error handler is now executed with the active domain
    set to the domain's parent to prevent inner recursion
    (Julien Gilli).
    https://github.com/nodejs/node/pull/26211
* fs:
  * The undocumented method `FSWatcher.prototype.start()` was removed
    (Lucas Holmquist).
    https://github.com/nodejs/node/pull/29905
  * Calling the `open()` method on a `ReadStream` or `WriteStream` now
    emits a runtime deprecation warning. The methods are supposed to be
    internal and should not be called by user code (Robert Nagy).
    https://github.com/nodejs/node/pull/29061
  * `fs.read/write`, `fs.readSync/writeSync` and `fd.read/write` now
    accept any safe integer as their `offset` parameter. The value of
    `offset` is also no longer coerced, so a valid type must be passed
    to the functions (Zach Bjornson).
    https://github.com/nodejs/node/pull/26572
* http:
  * Aborted requests no longer emit the `end` or `error` events after
    `aborted` (Robert Nagy).
    https://github.com/nodejs/node/pull/27984
    https://github.com/nodejs/node/pull/20077
  * Data will no longer be emitted after a socket error (Robert Nagy).
    https://github.com/nodejs/node/pull/28711
  * The legacy HTTP parser (previously available under the
    `--http-parser=legacy` flag) was removed (Anna Henningsen).
    https://github.com/nodejs/node/pull/29589
  * The `host` option for HTTP requests is now validated to be a string
    value (Giorgos Ntemiris).
    https://github.com/nodejs/node/pull/29568
  * The `request.connection` and `response.connection` properties are now
    runtime deprecated. The equivalent `request.socket` and `response.socket`
    should be used instead (Robert Nagy).
    https://github.com/nodejs/node/pull/29015
* http, http2:
  * The default server timeout was removed (Ali Ijaz Sheikh).
    https://github.com/nodejs/node/pull/27558
  * Brought 425 status code name into accordance with RFC 8470. The name
    changed from "Unordered Collection" to "Too Early" (Sergei Osipov).
    https://github.com/nodejs/node/pull/29880
* lib:
  * The `error.errno` property will now always be a number. To get the
    string value, use `error.code` instead (Joyee Cheung).
    https://github.com/nodejs/node/pull/28140
* module:
  * `module.createRequireFromPath()` is deprecated. Use
    `module.createRequire()` instead (cjihrig).
    https://github.com/nodejs/node/pull/27951
* src:
  * Changing the value of `process.env.TZ` will now clear the tz cache.
    This affects the default time zone used by methods such as
    `Date.prototype.toString` (Ben Noordhuis).
    https://github.com/nodejs/node/pull/20026
* stream:
  * The timing and behavior of streams was consolidated for a number of
    edge cases. Please look at the individual commits below for more
    information.

PR-URL: https://github.com/nodejs/node/pull/29504
2019-10-22 17:12:12 +01:00
Michaël Zasso
701933ca8f
2019-10-21, Version 12.13.0 'Erbium' (LTS)
This release marks the transition of Node.js 12.x into Long Term Support
(LTS) with the codename 'Erbium'. The 12.x release line now moves into
"Active LTS" and will remain so until October 2020. After that time, it
will move into "Maintenance" until end of life in April 2022.

Notable changes:

npm was updated to 6.12.0. It now includes a version of `node-gyp` that
supports Python 3 for building native modules.

PR-URL: https://github.com/nodejs/node/pull/29981
2019-10-21 11:12:52 +02:00
Ruben Bridgewater
06f6d662f6
2019-10-11, Version 12.12.0 (Current)
Notable changes:

* build:
  * Add `--force-context-aware` flag to prevent usage of native node
    addons that aren't context aware
    https://github.com/nodejs/node/pull/29631
* deprecations:
  * Add documentation-only deprecation for `process._tickCallback()`
    https://github.com/nodejs/node/pull/29781
* esm:
  * Using JSON modules is experimental again
    https://github.com/nodejs/node/pull/29754
* fs:
  * Introduce `opendir()` and `fs.Dir` to iterate through directories
    https://github.com/nodejs/node/pull/29349
* process:
  * Add source-map support to stack traces by using
    `--source-map-support` https://github.com/nodejs/node/pull/29564
* tls:
  * Honor `pauseOnConnect` option
    https://github.com/nodejs/node/pull/29635
  * Add option for private keys for OpenSSL engines
    https://github.com/nodejs/node/pull/28973

PR-URL: https://github.com/nodejs/node/pull/29919
2019-10-11 21:25:36 +02:00
Beth Griggs
a04b04f4cf
2019-10-09, Version 8.16.2 'Carbon' (LTS)
Node.js 8 is due to go End-of-Life on 31st December 2019.

Notable changes:

- **deps**: upgrade openssl sources to 1.0.2s (Sam Roberts)
  [#28230](https://github.com/nodejs/node/pull/28230)

PR-URL: https://github.com/nodejs/node/pull/29617
2019-10-09 21:25:39 +01:00
Michaël Zasso
d9fd2cd0ff
2019-10-01, Version 12.11.1 (Current)
Notable changes:

* build:
  * This release fixes a regression that prevented from building Node.js
    using the official source tarball.
    https://github.com/nodejs/node/pull/29712
* deps:
  * Updated small-icu data to support "unit" style in the
    `Intl.NumberFormat` API.
    https://github.com/nodejs/node/pull/29735

PR-URL: https://github.com/nodejs/node/pull/29796
2019-10-01 18:44:05 +02:00
Ruben Bridgewater
d36b6f8da3
2019-09-24, Version 12.11.0 (Current)
Notable changes:

* crypto:
  * Add `oaepLabel` option https://github.com/nodejs/node/pull/29489
* deps:
  * Update V8 to 7.7.299.11 https://github.com/nodejs/node/pull/28918
    * More efficient memory handling
    * Stack trace serialization got faster
    * The `Intl.NumberFormat` API gained new functionality
    * For more information: https://v8.dev/blog/v8-release-77
* events:
  * Add support for `EventTarget` in `once`
    https://github.com/nodejs/node/pull/29498
* fs:
  * Expose memory file mapping flag `UV_FS_O_FILEMAP`
    https://github.com/nodejs/node/pull/29260
* inspector:
  * New API - `Session.connectToMainThread`
    https://github.com/nodejs/node/pull/28870
* process:
  * Initial SourceMap support via `env.NODE_V8_COVERAGE`
    https://github.com/nodejs/node/pull/28960
* stream:
  * Make `_write()` optional when `_writev()` is implemented
    https://github.com/nodejs/node/pull/29639
* tls:
  * Add option to override signature algorithms
    https://github.com/nodejs/node/pull/29598
* util:
  * Add `encodeInto` to `TextEncoder`
    https://github.com/nodejs/node/pull/29524
* worker:
  * The `worker_thread` module is now stable
    https://github.com/nodejs/node/pull/29512

PR-URL: https://github.com/nodejs/node/pull/29695
2019-09-26 01:14:24 +02:00
Ruben Bridgewater
02c74e72ea
2019-09-04, Version 12.10.0 (Current)
Notable changes:

* deps:
  * Update npm to 6.10.3 (isaacs)
    https://github.com/nodejs/node/pull/29023
* fs:
  * Add recursive option to rmdir() (cjihrig)
    https://github.com/nodejs/node/pull/29168
  * Allow passing true to emitClose option (Giorgos Ntemiris)
    https://github.com/nodejs/node/pull/29212
  * Add \*timeNs properties to BigInt Stats objects (Joyee Cheung)
    https://github.com/nodejs/node/pull/21387
* net:
  * Allow reading data into a static buffer (Brian White)
    https://github.com/nodejs/node/pull/25436

PR-URL: https://github.com/nodejs/node/pull/29429
2019-09-04 20:10:18 +02:00
Nick Schonning
9e8edb0d79 doc: heading levels should only increment by one
These are flagged by Markdownlint MD001 rule.

PR-URL: https://github.com/nodejs/node/pull/29331
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-28 22:47:21 -07:00
Michaël Zasso
d770b8a931
2019-08-26, Version 12.9.1 (Current)
Notable changes:

This release fixes two regressions in the http module:

* Fixes an event listener leak in the HTTP client. This resulted in lots
  of warnings during npm/yarn installs.
  https://github.com/nodejs/node/pull/29245
* Fixes a regression preventing the `'end'` event from being emitted for
  keepalive requests in case the full body was not parsed.
  https://github.com/nodejs/node/pull/29263

PR-URL: https://github.com/nodejs/node/pull/29321
2019-08-26 20:36:17 +02:00
Michaël Zasso
edc83a9203
2019-08-20, Version 12.9.0 (Current)
Notable changes:

* crypto:
  * Added an oaepHash option to asymmetric encryption which allows
    users to specify a hash function when using OAEP padding.
    https://github.com/nodejs/node/pull/28335
* deps:
  * Updated V8 to 7.6.303.29. https://github.com/nodejs/node/pull/28955
    * Improves the performance of various APIs such as `JSON.parse` and
      methods called on frozen arrays.
    * Adds the Promise.allSettled method.
    * Improves support of `BigInt` in `Intl` methods.
    * For more information: https://v8.dev/blog/v8-release-76
  * Updated libuv to 1.31.0. https://github.com/nodejs/node/pull/29070
    * `UV_FS_O_FILEMAP` has been added for faster access to memory
      mapped files on Windows.
    * `uv_fs_mkdir()` now returns `UV_EINVAL` for invalid filenames on
      Windows. It previously returned `UV_ENOENT`.
    * The `uv_fs_statfs()` API has been added.
    * The `uv_os_environ()` and `uv_os_free_environ()` APIs have been
      added.
* fs:
  * Added `fs.writev`, `fs.writevSync` and `filehandle.writev` (promise
    version) methods. They allow to write an array of `ArrayBufferView`s
    to a file descriptor. https://github.com/nodejs/node/pull/25925
    https://github.com/nodejs/node/pull/29186
* http:
  * Added three properties to `OutgoingMessage.prototype`:
    `writableObjectMode`, `writableLength` and `writableHighWaterMark`
    https://github.com/nodejs/node/pull/29018
* stream:
  * Added an new property `readableEnded` to readable streams. Its value
    is set to `true` when the `'end'` event is emitted.
    https://github.com/nodejs/node/pull/28814
  * Added an new property `writableEnded` to writable streams. Its value
    is set to `true` after `writable.end()` has been called.
    https://github.com/nodejs/node/pull/28934

PR-URL: https://github.com/nodejs/node/pull/29210
2019-08-20 21:37:07 +02:00
Beth Griggs
affa23bc88
2019-08-15, Version 8.16.1 'Carbon' (LTS)
This is a security release.

Notable changes:

Node.js, as well as many other implementations of HTTP/2, have been
found vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
  data from a specified resource over multiple streams. They manipulate
  window size and stream priority to force the server to queue the data
  in 1-byte chunks. Depending on how efficiently this data is queued,
  this can consume excess CPU, memory, or both, potentially leading to a
  denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume
  excess CPU, memory, or both, potentially leading to a denial of
  service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way
  that causes substantial churn to the priority tree. This can consume
  excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
  and sends an invalid request over each stream that should solicit a
  stream of RST_STREAM frames from the peer. Depending on how the peer
  queues the RST_STREAM frames, this can consume excess memory, CPU,or
  both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
  SETTINGS frames to the peer. Since the RFC requires that the peer
  reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping. Depending on how
  efficiently this data is queued, this can consume excess CPU, memory,
  or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
  headers with a 0-length header name and 0-length header value,
  optionally Huffman encoded into 1-byte or greater headers. Some
  implementations allocate memory for these headers and keep the
  allocation alive until the session dies. This can consume excess
  memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave
  the TCP window closed so the peer cannot actually write (many of) the
  bytes on the wire. The attacker then sends a stream of requests for a
  large response object. Depending on how the servers queue the
  responses, this can consume excess memory, CPU, or both, potentially
  leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
  frames with an empty payload and without the end-of-stream flag. These
  frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
  peer spends time processing each frame disproportionate to attack
  bandwidth. This can consume excess CPU, potentially leading to a
  denial of service. (Discovered by Piotr Sikora of Google)

PR-URL: https://github.com/nodejs/node/pull/29152
2019-08-15 23:30:22 +01:00
Beth Griggs
004e2b759f
2019-08-15, Version 10.16.3 'Dubnium' (LTS)
This is a security release.

Notable changes:

Node.js, as well as many other implementations of HTTP/2, have been
found vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
  data from a specified resource over multiple streams. They manipulate
  window size and stream priority to force the server to queue the data
  in 1-byte chunks. Depending on how efficiently this data is queued,
  this can consume excess CPU, memory, or both, potentially leading to a
  denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume
  excess CPU, memory, or both, potentially leading to a denial of
  service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way
  that causes substantial churn to the priority tree. This can consume
  excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
  and sends an invalid request over each stream that should solicit a
  stream of RST_STREAM frames from the peer. Depending on how the peer
  queues the RST_STREAM frames, this can consume excess memory, CPU,or
  both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
  SETTINGS frames to the peer. Since the RFC requires that the peer
  reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping. Depending on how
  efficiently this data is queued, this can consume excess CPU, memory,
  or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
  headers with a 0-length header name and 0-length header value,
  optionally Huffman encoded into 1-byte or greater headers. Some
  implementations allocate memory for these headers and keep the
  allocation alive until the session dies. This can consume excess
  memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave
  the TCP window closed so the peer cannot actually write (many of) the
  bytes on the wire. The attacker then sends a stream of requests for a
  large response object. Depending on how the servers queue the
  responses, this can consume excess memory, CPU, or both, potentially
  leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
  frames with an empty payload and without the end-of-stream flag. These
  frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
  peer spends time processing each frame disproportionate to attack
  bandwidth. This can consume excess CPU, potentially leading to a
  denial of service. (Discovered by Piotr Sikora of Google)

PR-URL: https://github.com/nodejs/node/pull/29148
2019-08-15 22:50:53 +01:00
Michaël Zasso
edc2e5be34
2019-08-15, Version 12.8.1 (Current)
This is a security release.

Notable changes:

Node.js, as well as many other implementations of HTTP/2, have been
found vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
  data from a specified resource over multiple streams. They manipulate
  window size and stream priority to force the server to queue the data
  in 1-byte chunks. Depending on how efficiently this data is queued,
  this can consume excess CPU, memory, or both, potentially leading to a
  denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume
  excess CPU, memory, or both, potentially leading to a denial of
  service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way
  that causes substantial churn to the priority tree. This can consume
  excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
  and sends an invalid request over each stream that should solicit a
  stream of RST_STREAM frames from the peer. Depending on how the peer
  queues the RST_STREAM frames, this can consume excess memory, CPU,or
  both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
  SETTINGS frames to the peer. Since the RFC requires that the peer
  reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping. Depending on how
  efficiently this data is queued, this can consume excess CPU, memory,
  or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
  headers with a 0-length header name and 0-length header value,
  optionally Huffman encoded into 1-byte or greater headers. Some
  implementations allocate memory for these headers and keep the
  allocation alive until the session dies. This can consume excess
  memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave
  the TCP window closed so the peer cannot actually write (many of) the
  bytes on the wire. The attacker then sends a stream of requests for a
  large response object. Depending on how the servers queue the
  responses, this can consume excess memory, CPU, or both, potentially
  leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
  frames with an empty payload and without the end-of-stream flag. These
  frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
  peer spends time processing each frame disproportionate to attack
  bandwidth. This can consume excess CPU, potentially leading to a
  denial of service. (Discovered by Piotr Sikora of Google)

PR-URL: https://github.com/nodejs/node/pull/29133
2019-08-15 14:49:36 +02:00
Beth Griggs
f1478e1789
2019-08-06, Version 10.16.2 'Dubnium' (LTS)
Notable changes:

This release patches a regression in the OpenSSL upgrade to 1.1.1c that
 causes intermittent hangs in machines that have low entropy.

Refs: https://github.com/nodejs/node/issues/28932

PR-URL: https://github.com/nodejs/node/pull/29021
2019-08-06 23:29:55 +01:00
Ruben Bridgewater
a9e7441916
2019-08-06, Version 12.8.0 (Current)
Notable changes:

* assert:
  * Legacy mode deprecation (`DEP0089`) is revoked (Colin Ihrig)
    https://github.com/nodejs/node/pull/28892
* crypto:
  * The `outputLength` option is added to `crypto.createHash`
    (Tobias Nießen) https://github.com/nodejs/node/pull/28805
  * The `maxmem` range is increased from 32 to 53 bits (Tobias Nießen)
    https://github.com/nodejs/node/pull/28799
* n-api:
  * Added APIs for per-instance state management (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/28682
* report:
  * Network interfaces get included in the report (cjihrig)
    https://github.com/nodejs/node/pull/28911
* src:
  * `v8.getHeapCodeStatistics()` is now exported
    (Yuriy Vasiyarov) https://github.com/nodejs/node/pull/27978

PR-URL: https://github.com/nodejs/node/pull/29017
2019-08-07 00:25:59 +02:00
Beth Griggs
9d37013ef0
2019-07-31, Version 10.16.1 'Dubnium' (LTS)
Notable changes:

- **deps**: upgrade openssl sources to 1.1.1c (Sam Roberts) [#28212](https://github.com/nodejs/node/pull/28212)
- **stream**: do not unconditionally call `\_read()` on `resume()` (Anna Henningsen) [#26965](https://github.com/nodejs/node/pull/26965)
- **worker**: fix nullptr deref after MessagePort deser failure (Anna Henningsen) [#25076](https://github.com/nodejs/node/pull/25076)

PR-URL: https://github.com/nodejs/node/pull/28731
2019-07-31 20:04:46 +01:00
Michaël Zasso
52c5287aca
2019-07-23, Version 12.7.0 (Current)
Notable changes:

* deps:
  * Updated nghttp2 to 1.39.1. https://github.com/nodejs/node/pull/28448
  * Updated npm to 6.10.0. https://github.com/nodejs/node/pull/28525
* esm:
  * Implemented experimental "pkg-exports" proposal. A new `"exports"`
    field can be added to a module's `package.json` file to provide
    custom subpath aliasing. See
    https://github.com/jkrems/proposal-pkg-exports/ for more
    information. https://github.com/nodejs/node/pull/28568
* http:
  * Added `response.writableFinished`.
    https://github.com/nodejs/node/pull/28681
  * Exposed `headers`, `rawHeaders` and other fields on an
    `http.ClientRequest` `"information"` event.
    https://github.com/nodejs/node/pull/28459
* inspector:
  * Added `inspector.waitForDebugger()`.
    https://github.com/nodejs/node/pull/28453
* policy:
  * Added `--policy-integrity=sri` CLI option to mitigate policy
    tampering. If a policy integrity is specified and the policy does
    not have that integrity, Node.js will error prior to running any
    code. https://github.com/nodejs/node/pull/28734
* readline,tty:
  * Exposed stream API from various methods which write characters.
    https://github.com/nodejs/node/pull/28674
    https://github.com/nodejs/node/pull/28721
* src:
  * Use cgroups to get memory limits. This improves the way we set
    the memory ceiling for a Node.js process. Previously we would use
    the physical memory size to estimate the necessary V8
    heap sizes. The physical memory size is not necessarily the correct
    limit, e.g. if the process is running inside a docker container or
    is otherwise constrained. This change adds the ability to get a
    memory limit set by linux cgroups, which is used by docker
    containers to set resource constraints.
    https://docs.docker.com/config/containers/resource_constraints/
    https://github.com/nodejs/node/pull/27508

PR-URL: https://github.com/nodejs/node/pull/28817
2019-07-23 22:54:24 +02:00
Michaël Zasso
fcf8fe9f1a
2019-07-03, Version 12.6.0 (Current)
Notable changes:

* build:
  * Experimental support for building Node.js on MIPS architecture
    is back. https://github.com/nodejs/node/pull/27992
* child_process:
  * The promisified versions of `child_process.exec` and
    `child_process.execFile` now both return a `Promise` which has the
	child instance attached to their `child` property.
	https://github.com/nodejs/node/pull/28325
* deps:
  * Updated libuv to 1.30.1. https://github.com/nodejs/node/pull/28449,
    https://github.com/nodejs/node/pull/28511
    * Support for the Haiku platform has been added.
    * The maximum `UV_THREADPOOL_SIZE` has been increased from 128 to
	  1024.
    * `uv_fs_copyfile()` now works properly when the source and
	  destination files are the same.
* process:
  * A new method, `process.resourceUsage()` was added. It returns
    resource usage for the current process, such as CPU time.
	https://github.com/nodejs/node/pull/28018
* src:
  * Fixed an issue related to stdio that could lead to a crash of the
    process in some circumstances.
	https://github.com/nodejs/node/pull/28490
* stream:
  * Added a `writableFinished` property to writable streams. It
    indicates that all the data has been flushed to the underlying
	system. https://github.com/nodejs/node/pull/28007
* worker:
  * Fixed an issue that prevented worker threads to listen for data on
    stdin. https://github.com/nodejs/node/pull/28153
* meta:
  * Added Jiawen Geng (https://github.com/gengjiawen) to collaborators.
    https://github.com/nodejs/node/pull/28322

PR-URL: https://github.com/nodejs/node/pull/28508
2019-07-03 15:53:31 +02:00
Ruben Bridgewater
af3cc714f9
2019-06-27, Version 12.5.0 (Current)
Notable changes:

* build:
  * The startup time is reduced by enabling V8 snapshots by default
    https://github.com/nodejs/node/pull/28181
* deps:
  * Updated `V8` to 7.5.288.22 https://github.com/nodejs/node/pull/27375
    * The numeric separator (v8.dev/features/numeric-separators) feature is now
      enabled by default
  * Updated `OpenSSL` to 1.1.1c https://github.com/nodejs/node/pull/28211
* inspector:
  * The `--inspect-publish-uid` flag was added to specify ways of the inspector
    web socket url exposure https://github.com/nodejs/node/pull/27741
* n-api:
  * Accessors on napi_define_* are now ECMAScript-compliant
    https://github.com/nodejs/node/pull/27851
* report:
  * The cpu info got added to the report output
    https://github.com/nodejs/node/pull/28188
* src:
  * Restore the original state of the stdio file descriptors on exit to prevent
    leaving stdio in raw or non-blocking mode
    https://github.com/nodejs/node/pull/24260
* tools,gyp:
  * Introduce MSVS 2019 https://github.com/nodejs/node/pull/27375
* util:
  * inspect:
    * Array grouping became more compact and uses more columns than before
      https://github.com/nodejs/node/pull/28059
      https://github.com/nodejs/node/pull/28070
    * Long strings will not be split at 80 characters anymore. Instead they will
      be split on new lines https://github.com/nodejs/node/pull/28055
* worker:
  * `worker.terminate()` now returns a promise and using the callback is
    deprecated https://github.com/nodejs/node/pull/28021

PR-URL: https://github.com/nodejs/node/pull/28268
2019-06-27 15:55:50 +02:00
Richard Lau
9611d75943 doc: mark Node.js 11 as EOL in changelog
Update the changelog to mark Node.js 11 as End-of-Life. Remove the
column for Node.js 11 changelog entries from the table.

PR-URL: https://github.com/nodejs/node/pull/28076
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-06-07 21:11:35 -04:00
Michaël Zasso
cb68c04ce1
2019-06-04, Version 12.4.0 (Current)
Notable changes:

* doc:
  * The JSON variant of the API documentation is no longer experimental
    (Rich Trott) https://github.com/nodejs/node/pull/27842.
* esm:
  * JSON module support is always enabled under
    `--experimental-modules`. The `--experimental-json-modules` flag
    has been removed (Myles Borins)
    https://github.com/nodejs/node/pull/27752.
* http,http2:
  * A new flag has been added for overriding the default HTTP server
    socket timeout (which is two minutes). Pass
    `--http-server-default-timeout=milliseconds`
    or `--http-server-default-timeout=0` to respectively change or
    disable the timeout. Starting with Node.js 13.0.0, the timeout will
    be disabled by default
    (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/27704.
* inspector:
  * Added an experimental `--heap-prof` flag to start the V8 heap
    profiler on startup and write the heap profile to disk before exit
    (Joyee Cheung) https://github.com/nodejs/node/pull/27596.
* stream:
  * The `readable.unshift()` method now correctly converts strings to
    buffers. Additionally, a new optional argument is accepted to
    specify the string's encoding, such as `'utf8'` or `'ascii'`
    (Marcos Casagrande) https://github.com/nodejs/node/pull/27194.
* v8:
  * The object returned by `v8.getHeapStatistics()` has two new
    properties: `number_of_native_contexts` and
    `number_of_detached_contexts` (Yuriy Vasiyarov)
    https://github.com/nodejs/node/pull/27933.

PR-URL: https://github.com/nodejs/node/pull/28040
2019-06-04 16:01:53 +02:00
Beth Griggs
b323658b64
2019-05-28, Version 10.16.0 'Dubnium' (LTS)
Notable changes:

- **deps**:
  - update ICU to 64.2 (Ujjwal Sharma)
    [#27361](https://github.com/nodejs/node/pull/27361)
  - upgrade npm to 6.9.0 (Kat Marchán)
    [#26244](https://github.com/nodejs/node/pull/26244)
  - upgrade openssl sources to 1.1.1b (Sam Roberts)
    [#26327](https://github.com/nodejs/node/pull/26327)
  - upgrade to libuv 1.28.0 (cjihrig)
    [#27241](https://github.com/nodejs/node/pull/27241)
- **events**:
  - add once method to use promises with EventEmitter (Matteo Collina)
   [#26078](https://github.com/nodejs/node/pull/26078)
- **n-api**:
  - mark thread-safe function as stable (Gabriel Schulhof)
    [#25556](https://github.com/nodejs/node/pull/25556)
- **repl**:
  - support top-level for-await-of (Shelley Vohr)
    [#23841](https://github.com/nodejs/node/pull/23841)
- **zlib**:
  - add brotli support (Anna Henningsen)
    [#24938](https://github.com/nodejs/node/pull/24938)

PR-URL: https://github.com/nodejs/node/pull/27514
2019-05-28 23:45:42 +01:00
Ruben Bridgewater
8a282dc93a
2019-05-22, Version v12.3.1 (Current)
Notable changes

* deps:
  * Fix handling of +0/-0 when constant field tracking is enabled
    (Michaël Zasso) https://github.com/nodejs/node/pull/27792
  * Fix `os.freemem()` and `os.totalmem` correctness (cjihrig)
    https://github.com/nodejs/node/pull/27718
* src:
  * Fix v12.3.0 regression that prevents native addons from compiling
    https://github.com/nodejs/node/pull/27804

PR-URL: https://github.com/nodejs/node/pull/27814
2019-05-22 20:56:15 +02:00
Ruben Bridgewater
9fec70a703
2019-05-21, Version 12.3.0 (Current)
Notable changes:

* esm:
  * Added the `--experimental-wasm-modules` flag to support
    WebAssembly modules (Myles Borins & Guy Bedford)
    https://github.com/nodejs/node/pull/27659
* process:
  * Log errors using `util.inspect` in case of fatal exceptions
    (Ruben Bridgewater) https://github.com/nodejs/node/pull/27243
* repl:
  * Add `process.on('uncaughtException')` support (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/27151
* stream:
  * Implemented `Readable.from` async iterator utility (Guy Bedford)
    https://github.com/nodejs/node/pull/27660
* tls:
  * Expose built-in root certificates (Ben Noordhuis)
    https://github.com/nodejs/node/pull/26415
  * Support `net.Server` options (Luigi Pinca)
    https://github.com/nodejs/node/pull/27665
  * Expose `keylog` event on TLSSocket (Alba Mendez)
    https://github.com/nodejs/node/pull/27654
* worker:
  * Added the ability to unshift messages from the `MessagePort`
    (Anna Henningsen) https://github.com/nodejs/node/pull/27294

PR-URL: https://github.com/nodejs/node/pull/27799
2019-05-21 21:23:52 +02:00
Richard Lau
4a18b87a3f doc,tools: updates for 6.x End-of-Life
PR-URL: https://github.com/nodejs/node/pull/27658
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
2019-05-14 15:10:19 -07:00
Michaël Zasso
e006a8545e
2019-05-07, Version 12.2.0 (Current)
Notable changes:

* deps:
  * Updated llhttp to 1.1.3. This fixes a bug that made Node.js' HTTP
    parser refuse any request URL that contained the "|" (vertical bar)
    character. https://github.com/nodejs/node/pull/27595
* tls:
  * Added an `enableTrace()` method to `TLSSocket` and an `enableTrace`
    option to `tls.createServer()`. When enabled, TSL packet trace
    information is written to `stderr`. This can be used to debug TLS
    connection problems. https://github.com/nodejs/node/pull/27497
    https://github.com/nodejs/node/pull/27376
* cli:
  * Added a `--trace-tls` command-line flag that enables tracing of TLS
    connections without the need to modify existing application code.
    https://github.com/nodejs/node/pull/27497
  * Added a `--cpu-prof-interval` command-line flag. It can be used to
    specify the sampling interval for the CPU profiles generated by
    `--cpu-prof`. https://github.com/nodejs/node/pull/27535
* module:
  * Added the `createRequire()` method. It allows to create a require
    function from a file URL object, a file URL string or an absolute
    path string. The existing `createRequireFromPath()` method is now
    deprecated https://github.com/nodejs/node/pull/27405.
  * Throw on `require('./path.mjs')`. This is technically a breaking
    change that should have landed with Node.js 12.0.0. It is necessary
    to have this to keep the possibility for a future minor version to
    load ES Modules with the require function.
    https://github.com/nodejs/node/pull/27417
* repl:
  * The REPL now supports multi-line statements using `BigInt` literals
    as well as public and private class fields and methods.
    https://github.com/nodejs/node/pull/27400
  * The REPL now supports tab autocompletion of file paths with `fs`
    methods. https://github.com/nodejs/node/pull/26648
* meta:
  * Added Christian Clauss (https://github.com/cclauss) to
    collaborators. https://github.com/nodejs/node/pull/27554

PR-URL: https://github.com/nodejs/node/pull/27578
2019-05-07 20:38:46 +02:00
Shelley Vohr
ea46db6642
2019-04-30, Version 11.15.0 (Current)
Notable changes:

* deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](https://github.com/nodejs/node/pull/19794)
* src: add .code and SSL specific error properties (Sam Roberts) [#25093](https://github.com/nodejs/node/pull/25093)
* tls:
  * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951)
  * supported shared openssl 1.1.0 (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951)
  * revert default max toTLSv1.2 (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951)
  * revert change to invalid protocol error type (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951)
  * support TLSv1.3 (Sam Roberts) [#26209](https://github.com/nodejs/node/pull/26209)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](https://github.com/nodejs/node/pull/24729)

PR-URL: https://github.com/nodejs/node/pull/27314
2019-04-30 09:18:04 -07:00
Michaël Zasso
1d4a880700
2019-04-29, Version 12.1.0 (Current)
Notable changes:

* intl:
  * Update ICU to 64.2. This adds support for Japanese Era (Reiwa).
    https://github.com/nodejs/node/pull/27361
  * Fixes a bug in ICU that affected Node.js 12.0.0 in the case where
    `new Date().toLocaleString()` was called with a non-default locale.
    https://github.com/nodejs/node/pull/27415
* C++ API:
  * Added an overload of `EmitAsyncDestroy` that can be used during
    garbage collection.
    https://github.com/nodejs/node/pull/27255

PR-URL: https://github.com/nodejs/node/pull/27440
2019-04-29 16:38:53 +02:00
Rivaldo Junior
e029b927c2
Add Node 12 to the first list of versions
PR-URL: https://github.com/nodejs/node/pull/27414
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
2019-04-26 11:25:05 +02:00
Beth Griggs
d896f03578
2019-04-23, Version 12.0.0 (Current)
Notable changes:

* assert:
    * validate required arguments (Ruben Bridgewater)
      [#26641](https://github.com/nodejs/node/pull/26641)
    * adjust loose assertions (Ruben Bridgewater)
      [#25008](https://github.com/nodejs/node/pull/25008)
* async_hooks:
    * remove deprecated `emitBefore` and `emitAfter` (Matteo Collina)
      [#26530](https://github.com/nodejs/node/pull/26530)
    * remove promise object from resource (Andreas Madsen)
      [#23443](https://github.com/nodejs/node/pull/23443)
* bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater)
      [#24874](https://github.com/nodejs/node/pull/24874)
* buffer:
    * use stricter range checks (Ruben Bridgewater)
      [#27045](https://github.com/nodejs/node/pull/27045)
    * harden `SlowBuffer` creation (ZYSzys)
      [#26272](https://github.com/nodejs/node/pull/26272)
    * harden validation of buffer allocation size (ZYSzys)
      [#26162](https://github.com/nodejs/node/pull/26162)
    * do proper error propagation in addon methods (Anna Henningsen)
      [#23939](https://github.com/nodejs/node/pull/23939)
* child_process:
    * remove `options.customFds` (cjihrig)
      [#25279](https://github.com/nodejs/node/pull/25279)
    * harden fork arguments validation (ZYSzys)
      [#27039](https://github.com/nodejs/node/pull/27039)
    * use non-infinite `maxBuffer` defaults (kohta ito)
      [#23027](https://github.com/nodejs/node/pull/23027)
* console:
    * don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
* crypto:
    * remove legacy native handles (Tobias Nießen)
      [#27011](https://github.com/nodejs/node/pull/27011)
    * decode missing passphrase errors (Tobias Nießen)
      [#25208](https://github.com/nodejs/node/pull/25208)
    * remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()`
      (Tobias Nießen)
      [#26249](https://github.com/nodejs/node/pull/26249)
    * remove deprecated `crypto._toBuf()` (Tobias Nießen)
      [#25338](https://github.com/nodejs/node/pull/25338)
    * set `DEFAULT\_ENCODING` property to non-enumerable
      (Antoine du Hamel)
      [#23222](https://github.com/nodejs/node/pull/23222)
* deps:
    * update V8 to 7.4.288.13
    (Michaël Zasso, cjihrig, Refael Ackermann)
    (Anna Henningsen, Ujjwal Sharma)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * bump minimum icu version to 63 (Ujjwal Sharma)
      [#25852](https://github.com/nodejs/node/pull/25852)
    * update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu)
      [#26327](https://github.com/nodejs/node/pull/26327)
* errors:
    * update error name (Ruben Bridgewater)
      [#26738](https://github.com/nodejs/node/pull/26738)
* fs:
    * use proper .destroy() implementation for SyncWriteStream
      (Matteo Collina)
      [#26690](https://github.com/nodejs/node/pull/26690)
    * improve mode validation (Ruben Bridgewater)
      [#26575](https://github.com/nodejs/node/pull/26575)
    * harden validation of start option in `createWriteStream()`
      (ZYSzys)
      [#25579](https://github.com/nodejs/node/pull/25579)
    * make writeFile consistent with readFile wrt fd
      (Sakthipriyan Vairamani (thefourtheye))
      [#23709](https://github.com/nodejs/node/pull/23709)
* http:
    * validate timeout in `ClientRequest()` (cjihrig)
      [#26214](https://github.com/nodejs/node/pull/26214)
    * return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still)
      [#25605](https://github.com/nodejs/node/pull/25605)
    * switch default parser to llhttp (Anna Henningsen)
      [#24870](https://github.com/nodejs/node/pull/24870)
    * Runtime-deprecate `outgoingMessage._headers` and
      `outgoingMessage._headerNames` (Morgan Roderick)
      [#24167](https://github.com/nodejs/node/pull/24167)
* lib:
    * remove `Atomics.wake()` (Gus Caplan)
      [#27033](https://github.com/nodejs/node/pull/27033)
    * move DTRACE\_\* probes out of global scope (James M Snell)
      [#26541](https://github.com/nodejs/node/pull/26541)
    * deprecate `_stream_wrap` (Sam Roberts)
      [#26245](https://github.com/nodejs/node/pull/26245)
    * use ES6 class inheritance style (Ruben Bridgewater)
      [#24755](https://github.com/nodejs/node/pull/24755)
* module:
    * remove unintended access to deps/ (Anna Henningsen)
      [#25138](https://github.com/nodejs/node/pull/25138)
    * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](https://github.com/nodejs/node/pull/25690)
    * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](https://github.com/nodejs/node/pull/25690)
    * remove dead code (Ruben Bridgewater)
      [#26983](https://github.com/nodejs/node/pull/26983)
    * make `require('.')` never resolve outside the current directory
      (Ruben Bridgewater)
      [#26973](https://github.com/nodejs/node/pull/26973)
    * throw an error for invalid package.json main entries
      (Ruben Bridgewater)
      [#26823](https://github.com/nodejs/node/pull/26823)
    * don't search in `require.resolve.paths` (cjihrig)
      [#23683](https://github.com/nodejs/node/pull/23683)
* net:
    * remove `Server.listenFD()` (cjihrig)
      [#27127](https://github.com/nodejs/node/pull/27127)
    * do not add `.host` and `.port` properties to DNS error
      (Ruben Bridgewater)
      [#26751](https://github.com/nodejs/node/pull/26751)
    * emit "write after end" errors in the next tick (Ouyang Yadong)
      [#24457](https://github.com/nodejs/node/pull/24457)
    * deprecate `_setSimultaneousAccepts()` undocumented function
      (James M Snell)
      [#23760](https://github.com/nodejs/node/pull/23760)
* os:
    * implement `os.type()` using `uv_os_uname()` (cjihrig)
      [#25659](https://github.com/nodejs/node/pull/25659)
    * remove `os.getNetworkInterfaces()` (cjihrig)
      [#25280](https://github.com/nodejs/node/pull/25280)
* process:
    * make global.process, global.Buffer getters (Guy Bedford)
      [#26882](https://github.com/nodejs/node/pull/26882)
    * move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
      [#25828](https://github.com/nodejs/node/pull/25828)
    * exit on --debug and --debug-brk after option parsing
      (Joyee Cheung)
      [#25828](https://github.com/nodejs/node/pull/25828)
    * improve `--redirect-warnings` handling (Ruben Bridgewater)
      [#24965](https://github.com/nodejs/node/pull/24965)
* readline:
    * support TERM=dumb (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
* repl:
    * add welcome message (gengjiawen)
      [#25947](https://github.com/nodejs/node/pull/25947)
    * fix terminal default setting (Ruben Bridgewater)
      [#26518](https://github.com/nodejs/node/pull/26518)
    * check colors with `.getColorDepth()` (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
    * deprecate REPLServer.rli (Ruben Bridgewater)
      [#26260](https://github.com/nodejs/node/pull/26260)
* src:
    * remove unused `INT_MAX` constant (Sam Roberts)
      [#27078](https://github.com/nodejs/node/pull/27078)
    * update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * remove `AddPromiseHook()` (Anna Henningsen)
      [#26574](https://github.com/nodejs/node/pull/26574)
    * clean up `MultiIsolatePlatform` interface (Anna Henningsen)
      [#26384](https://github.com/nodejs/node/pull/26384)
    * properly configure default heap limits (Ali Ijaz Sheikh)
      [#25576](https://github.com/nodejs/node/pull/25576)
    * remove `icuDataDir` from node config (GauthamBanasandra)
      [#24780](https://github.com/nodejs/node/pull/24780)
* tls:
    * support TLSv1.3 (Sam Roberts)
      [#26209](https://github.com/nodejs/node/pull/26209)
    * return correct version from `getCipher()` (Sam Roberts)
      [#26625](https://github.com/nodejs/node/pull/26625)
    * check arg types of renegotiate() (Sam Roberts)
      [#25876](https://github.com/nodejs/node/pull/25876)
    * add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts)
      [#24729](https://github.com/nodejs/node/pull/24729)
    * emit a warning when servername is an IP address (Rodger Combs)
      [#23329](https://github.com/nodejs/node/pull/23329)
    * disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
      [#23814](https://github.com/nodejs/node/pull/23814)
    * remove unused arg to createSecureContext() (Sam Roberts)
      [#24241](https://github.com/nodejs/node/pull/24241)
    * deprecate `Server.prototype.setOptions()` (cjihrig)
      [#23820](https://github.com/nodejs/node/pull/23820)
    * load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong)
      [#23354](https://github.com/nodejs/node/pull/23354)
* util:
    * remove `util.print()`, `util.puts()`, `util.debug()`
      and `util.error()` (cjihrig)
      [#25377](https://github.com/nodejs/node/pull/25377)
    * change inspect compact and breakLength default
      (Ruben Bridgewater)
      [#27109](https://github.com/nodejs/node/pull/27109)
    * improve inspect edge cases (Ruben Bridgewater)
      [#27109](https://github.com/nodejs/node/pull/27109)
    * only the first line of the error message (Simon Zünd)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * don't set the prototype of callbackified functions
      (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * rename callbackified function (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * increase function length when using `callbackify()`
      (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * prevent tampering with internals in `inspect()`
      (Ruben Bridgewater)
      [#26577](https://github.com/nodejs/node/pull/26577)
    * prevent Proxy traps being triggered by `.inspect()`
      (Ruben Bridgewater)
      [#26241](https://github.com/nodejs/node/pull/26241)
    * prevent leaking internal properties (Ruben Bridgewater)
      [#24971](https://github.com/nodejs/node/pull/24971)
    * protect against monkeypatched Object prototype for inspect()
      (Rich Trott)
      [#25953](https://github.com/nodejs/node/pull/25953)
    * treat format arguments equally (Roman Reiss)
      [#23162](https://github.com/nodejs/node/pull/23162)
* win, fs:
    * detect if symlink target is a directory (Bartosz Sosnowski)
      [#23724](https://github.com/nodejs/node/pull/23724)
* zlib:
    * throw TypeError if callback is missing (Anna Henningsen)
      [#24929](https://github.com/nodejs/node/pull/24929)
    * make “bare” constants un-enumerable (Anna Henningsen)
      [#24824](https://github.com/nodejs/node/pull/24824)

PR-URL: https://github.com/nodejs/node/pull/26930
2019-04-23 16:46:54 +01:00
Myles Borins
1c26169714
2019-04-16, Version 8.16.0 'Carbon' (LTS)
Notable Changes:

* n-api:
  - add API for asynchronous functions (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/17887
  - mark thread-safe function as stable (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/25556

PR-URL: https://github.com/nodejs/node/pull/26933
2019-04-16 16:04:56 -04:00
Beth Griggs
d42456020b
2019-04-11, Version 11.14.0 (Current)
Notable changes:

- child_process: doc deprecate ChildProcess.\_channel (cjihrig)
  [#26982](https://github.com/nodejs/node/pull/26982)
- deps: update nghttp2 to 1.37.0 (gengjiawen)
  [#26990](https://github.com/nodejs/node/pull/26990)
- dns:
  - make dns.promises enumerable (cjihrig)
    [#26592](https://github.com/nodejs/node/pull/26592)
  - remove dns.promises experimental warning (cjihrig)
    [#26592](https://github.com/nodejs/node/pull/26592)
- fs: remove experimental warning for fs.promises (Anna Henningsen)
  [#26581] (https://github.com/nodejs/node/pull/26581)
- stream: make Symbol.asyncIterator support stable (Matteo Collina)
  [#26989](https://github.com/nodejs/node/pull/26989)
- worker: use copy of process.env (Anna Henningsen)
  [#26544](https://github.com/nodejs/node/pull/26544)

PR-URL: https://github.com/nodejs/node/pull/27163
2019-04-11 17:56:55 +01:00
Beth Griggs
883a0d521f
2019-04-03, Version 6.17.1 'Boron' (LTS)
Notable changes:

- http:
  - fix error check in `Execute()` (Brian White)
    [#25939](https://github.com/nodejs/node/pull/25939)

PR-URL: https://github.com/nodejs/node/pull/26684
2019-04-03 20:35:39 +01:00
Beth Griggs
68b04274ca
doc: update changelog for v10.x LTS
PR-URL: https://github.com/nodejs/node/pull/26931
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-03-30 13:07:19 +01:00
Michaël Zasso
2c73868b04
2019-03-28, Version 11.13.0 (Current)
Notable changes:

* crypto
  * Allow deriving public from private keys (Tobias Nießen)
    [#26278](https://github.com/nodejs/node/pull/26278).
* events
  * Added a `once` function to use `EventEmitter` with promises
    (Matteo Collina) [#26078](https://github.com/nodejs/node/pull/26078).
* tty
  * Added a `hasColors` method to `WriteStream` (Ruben Bridgewater)
    [#26247](https://github.com/nodejs/node/pull/26247).
  * Added NO_COLOR and FORCE_COLOR support (Ruben Bridgewater)
    [#26485](https://github.com/nodejs/node/pull/26485).
* v8
  * Added `v8.getHeapSnapshot` and `v8.writeHeapSnapshot` to generate snapshots
    in the format used by tools such as Chrome DevTools (James M Snell)
    [#26501](https://github.com/nodejs/node/pull/26501).
* worker
  * Added `worker.moveMessagePortToContext`. This enables using MessagePorts in
    different vm.Contexts, aiding with the isolation that the vm module seeks to
    provide (Anna Henningsen)
    [#26497](https://github.com/nodejs/node/pull/26497).
* C++ API
  * `AddPromiseHook` is now deprecated. This API was added to fill an use case
    that is served by `async_hooks`, since that has `Promise` support
    (Anna Henningsen) [#26529](https://github.com/nodejs/node/pull/26529).
  * Added a `Stop` API to shut down Node.js while it is running
    (Gireesh Punathil) [#21283](https://github.com/nodejs/node/pull/21283).
* meta
  * [Gireesh Punathil](https://github.com/gireeshpunathil) is now a member of
    the Technical Steering Committee
    [#26657](https://github.com/nodejs/node/pull/26657).
  * Added [Yongsheng Zhang](https://github.com/ZYSzys) to collaborators
    [#26730](https://github.com/nodejs/node/pull/26730).

PR-URL: https://github.com/nodejs/node/pull/26949
2019-03-28 20:23:29 +01:00
Ruben Bridgewater
969c63a0f1
2019-03-15, Version 11.12.0 (Current)
Notable Changes

* bootstrap:
  * Add experimental `--frozen-intrinsics` flag (Guy Bedford)
    https://github.com/nodejs/node/pull/25685
* build:
  * Enable v8's siphash for hash seed creation (Rod Vagg)
    https://github.com/nodejs/node/pull/26367
* deps:
  * Upgrade openssl to 1.1.1b (Sam Roberts)
    https://github.com/nodejs/node/pull/26327
* process:
  * Make `process[Symbol.toStringTag]` writable again
    (Ruben Bridgewater) https://github.com/nodejs/node/pull/26488
* repl:
  * Add `util.inspect.replDefaults` to customize the writer
    (Ruben Bridgewater) https://github.com/nodejs/node/pull/26375
* report:
  * Rename `triggerReport()` to `writeReport()` (Colin Ihrig)
    https://github.com/nodejs/node/pull/26527
2019-03-15 22:03:09 +01:00
Ruben Bridgewater
b22ee71ef6
2019-03-06, Version 11.11.0 (Current)
Notable Changes

* n-api:
  * Implement date object (Jarrod Connolly)
    https://github.com/nodejs/node/pull/25917
* util:
  * Add compact depth mode for `util.inspect()` (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/26269
* worker:
  * Improve integration with native addons (Anna Henningsen)
    https://github.com/nodejs/node/pull/26175
  * MessagePort.prototype.onmessage takes arguments closer to the Web
    specification now (Anna Henningsen)
    https://github.com/nodejs/node/pull/26082
2019-03-06 20:24:50 +01:00
Beth Griggs
a52c1ead02
2019-03-05, Version 10.15.3 'Dubnium' (LTS)
Notable Changes

* **doc**
  * add antsmartian to collaborators (Anto Aravinth)
    [#24655](https://github.com/nodejs/node/pull/24655)
* **http**
  * fix error check in Execute() (Brian White)
    [#25863](https://github.com/nodejs/node/pull/25863)
* **stream**
  * fix end-of-stream for HTTP/2 (Anna Henningsen)
    [#24926](https://github.com/nodejs/node/pull/24926)

PR-URL: https://github.com/nodejs/node/pull/26063
2019-03-05 17:08:25 +00:00
Rod Vagg
0d64a56012 2019-02-28, Version 6.17.0 'Boron' (LTS)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * Node.js: Denial of Service with keep-alive HTTP connections
    (CVE-2019-5739)
  * Node.js: Slowloris HTTP Denial of Service with keep-alive
    (CVE-2019-5737)
  * OpenSSL: 0-byte record padding oracle (CVE-2019-1559)

Notable Changes:

* deps: OpenSSL has been upgraded to 1.0.2r which contains a fix for
  CVE-2019-1559 (https://www.openssl.org/news/secadv/20190226.txt). Under
  certain circumstances, a TLS server can be forced to respond differently to
  a client if a zero-byte record is received with an invalid padding
  compared to a zero-byte record with an invalid MAC. This can be used as the
  basis of a padding oracle attack to decrypt data.
* http:
  - Backport `server.keepAliveTimeout` to prevent keep-alive HTTP and HTTPS
    connections remaining open and inactive for an extended period of time,
    leading to a potential Denial of Service (DoS).
    (CVE-2019-5739 / Timur Shemsedinov, Matteo Collina)
  - Further prevention of "Slowloris" attacks on HTTP and HTTPS
    connections by consistently applying the receive timeout set by
    `server.headersTimeout` to connections in keep-alive mode. Reported by
    Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/169
2019-02-28 22:36:11 +11:00
Rod Vagg
980cce6d29 2019-02-28, Version 8.15.1 'Carbon' (LTS)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * Node.js: Slowloris HTTP Denial of Service with keep-alive
    (CVE-2019-5737)
  * OpenSSL: 0-byte record padding oracle (CVE-2019-1559)

Notable Changes:

* deps: OpenSSL has been upgraded to 1.0.2r which contains a fix for
  CVE-2019-1559 (https://www.openssl.org/news/secadv/20190226.txt). Under
  certain circumstances, a TLS server can be forced to respond differently to
  a client if a zero-byte record is received with an invalid padding
  compared to a zero-byte record with an invalid MAC. This can be used as the
  basis of a padding oracle attack to decrypt data.
* http: Further prevention of "Slowloris" attacks on HTTP and HTTPS
  connections by consistently applying the receive timeout set by
  `server.headersTimeout` to connections in keep-alive mode. Reported by
  Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/165
2019-02-28 22:31:14 +11:00
Rod Vagg
b974d0dd64 2019-02-28, Version 10.15.2 'Dubnium' (LTS)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

A fix for the following CVE is included in this release:

  * Node.js: Slowloris HTTP Denial of Service with keep-alive
    (CVE-2019-5737)

Notable Changes:

* http: Further prevention of "Slowloris" attacks on HTTP and HTTPS
  connections by consistently applying the receive timeout set by
  `server.headersTimeout` to connections in keep-alive mode. Reported by
  Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/164
2019-02-28 22:29:17 +11:00
Rod Vagg
f1cefdca80 2019-02-28, Version 11.10.1 (Current)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

A fix for the following CVE is included in this release:

  * Node.js: Slowloris HTTP Denial of Service with keep-alive
    (CVE-2019-5737)

Notable Changes:

* http: Further prevention of "Slowloris" attacks on HTTP and HTTPS
  connections by consistently applying the receive timeout set by
  `server.headersTimeout` to connections in keep-alive mode. Reported by
  Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/163
2019-02-28 22:27:59 +11:00
Michaël Zasso
82ee0ff1b8
2018-02-14, Version 11.10.0 (Current)
Notable changes:

deps:
  * Updated libuv to 1.26.0.
  * Updated npm to 6.7.0.
http, http2:
  * `response.writeHead` now returns the response object.
perf_hooks:
  * Implemented a histogram based API.
process:
  * Exposed `process.features.inspector`.
repl:
  * Added `repl.setupHistory` for programmatic repl.
tls:
  * Introduced client "session" event.

PR-URL: https://github.com/nodejs/node/pull/26098
2019-02-14 23:55:48 +01:00
Michaël Zasso
9e08386e61
2019-01-30, Version 11.9.0 (Current)
Notable changes:

* deps:
  * OpenSSL has been updated to 1.1.1a, which is API/ABI compatible with
    the previous OpenSSL 1.1.0j. Note that while OpenSSL 1.1.1a supports
    TLS1.3, Node.js still does not.
    https://github.com/nodejs/node/pull/25582

PR-URL: https://github.com/nodejs/node/pull/25802
2019-01-30 23:06:17 +01:00
Shelley Vohr
d56212e6ef
2019-01-29, Version 10.15.1 'Dubnium' (LTS)
* doc:
  * add oyyd to collaborators (Ouyang Yadong) [#24300](https://github.com/nodejs/node/pull/24300)
* tls:
  * throw if protocol too long (Andre Jodat-Danbrani) [#23606](https://github.com/nodejs/node/pull/23606)

PR-URL: https://github.com/nodejs/node/pull/25346
2019-01-29 10:17:08 -08:00
Myles Borins
641de82404
2019-01-24, Version 11.8.0 (Current)
Notable Changes:

* events:
  * For unhandled `error` events with an argument that is not an
    `Error` object, the resulting exeption will have more information
    about the argument.
    https://github.com/nodejs/node/pull/25621
* child_process:
  * When the `maxBuffer` option is passed, `stdout` and `stderr` will
    be truncated rather than unavailable in case of an error.
    https://github.com/nodejs/node/pull/24951
* policy:
  * Experimental support for module integrity checks through a manifest
    file is implemented now.
    https://github.com/nodejs/node/pull/23834
* n-api:
  * The `napi_threadsafe_function` feature is now stable.
    https://github.com/nodejs/node/pull/25556
* report:
  * An experimental diagnostic API for capturing process state is
    available as `process.report` and through command line flags.
    https://github.com/nodejs/node/pull/22712
* tls:
  * `tls.connect()` takes a `timeout` option analogous to the
    `net.connect()` one.
    https://github.com/nodejs/node/pull/25517
* worker:
  * `process.umask()` is available as a read-only function inside Worker
    threads now.
    https://github.com/nodejs/node/pull/25526
  * An `execArgv` option that supports a subset of Node.js command line
    options is supported now.
    https://github.com/nodejs/node/pull/25467

PR-URL: https://github.com/nodejs/node/pull/25687
2019-01-24 20:51:40 -05:00
Ruben Bridgewater
d3f8f905b3
2019-01-17, Version 11.7.0 (Current), @BridgeAR
Notable Changes

* compression / zlib:
  * Added brotli support (Anna Henningsen and Zach Vacura)
    https://github.com/nodejs/node/pull/24938
* console:
  * Added `inspectOptions` option (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/24978
* crypto:
  * Always accept private keys as public keys (Tobias Nießen)
    https://github.com/nodejs/node/pull/25217
* deps:
  * Upgrade npm to v6.5.0 (Jordan Harband)
    https://github.com/nodejs/node/pull/25234
* fs:
  * Use internalBinding('fs') internally instead of
    process.binding('fs') (Masashi Hirano)
    https://github.com/nodejs/node/pull/22478
* http(s):
  * Support overriding http\\s.globalAgent (Roy Sommer)
    https://github.com/nodejs/node/pull/25170
* util:
  * Inspect ArrayBuffers contents closely (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/25006
* worker:
  * Expose workers by default and remove `--experimental-worker` flag
    (Anna Henningsen) https://github.com/nodejs/node/pull/25361

PR-URL: https://github.com/nodejs/node/pull/25537
2019-01-18 14:03:19 +01:00
Myles Borins
e01999db14
2018-12-26, Version 11.6.0 (Current)
Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    https://github.com/nodejs/node/pull/24811
* crypto:
  - always accept certificates as public keys (Tobias Nießen)
    https://github.com/nodejs/node/pull/24234
  - add key object API (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234)
  - update root certificates (Sam Roberts)
    https://github.com/nodejs/node/pull/25113
* deps:
  - upgrade to libuv 1.24.1 (cjihrig)
    https://github.com/nodejs/node/pull/25078
  - upgrade npm to 6.5.0 (Audrey Eschright)
    https://github.com/nodejs/node/pull/24734
* http:
  - add maxHeaderSize property (cjihrig)
    https://github.com/nodejs/node/pull/24860

PR-URL: https://github.com/nodejs/node/pull/25175
2018-12-26 11:24:51 -05:00
Myles Borins
78f2e142c5
2018-12-26, Version 10.15.0 'Dubnium' (LTS)
The 10.14.0 security release introduced some unexpected breakages on
the 10.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.

Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    https://github.com/nodejs/node/pull/24811
* http:
  - add maxHeaderSize property (cjihrig)
    https://github.com/nodejs/node/pull/24860

PR-URL: https://github.com/nodejs/node/pull/25176
2018-12-26 11:24:26 -05:00
Myles Borins
9542324d9e
2018-12-26, Version 8.15.0 'Carbon' (LTS)
The 8.14.0 security release introduced some unexpected breakages on
the 8.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.

Notable changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    https://github.com/nodejs/node/pull/24811
* http:
  - add maxHeaderSize property (cjihrig)
    https://github.com/nodejs/node/pull/24860

PR-URL: https://github.com/nodejs/node/pull/25177
2018-12-26 11:23:32 -05:00
Myles Borins
7b9c9b3dcc
2018-12-26, Version 6.16.0 'Boron' (LTS)
The 6.15.0 security release introduced some unexpected breakages on
the 6.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.

Notable changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    https://github.com/nodejs/node/pull/24811
* http:
  - add maxHeaderSize property (cjihrig)
    https://github.com/nodejs/node/pull/24860

PR-URL: https://github.com/nodejs/node/pull/25178
2018-12-26 11:22:24 -05:00
Beth Griggs
74a1dfb56e
2018-12-18, Version 11.5.0 (Current)
Notable changes:

* **tls**:
  * support "BEGIN TRUSTED CERTIFICATE" for ca: (Sam Roberts)
    [#24733](https://github.com/nodejs/node/pull/24733)
* **util**:
  * add inspection getter option (Ruben Bridgewater)
    [#24852](https://github.com/nodejs/node/pull/24852)

PR-URL: https://github.com/nodejs/node/pull/25102
2018-12-18 18:36:17 +00:00
Beth Griggs
1cbd377078
2018-12-18, Version 8.14.1 'Carbon' (LTS)
Notable changes:

* **assert**:
  - revert breaking change (Ruben Bridgewater)
    [#24786](https://github.com/nodejs/node/pull/24786)
* **http2**:
  - fix sequence of error/close events (Gerhard Stoebich)
    [#24789](https://github.com/nodejs/node/pull/24789)

PR-URL: https://github.com/nodejs/node/pull/24832
2018-12-18 11:29:17 -05:00
Shelley Vohr
6c6c5630a7
2018-12-11, Version 10.14.2 'Dubnium' (LTS)
Notable changes:

* deps:
  * upgrade to c-ares v1.15.0 (Ben Noordhuis)
    https://github.com/nodejs/node/pull/23854
* Windows:
  * A crashing process will now show the names of stack frames if the node.pdb
    file is available. (Refael Ackermann)
    https://github.com/nodejs/node/pull/23822
* Added new collaborators:
  * Peter Marshall. https://github.com/nodejs/node/pull/24170
  * Masashi Hirano. https://github.com/nodejs/node/pull/24136

PR-URL: https://github.com/nodejs/node/pull/24727
2018-12-11 15:38:17 -05:00
Ruben Bridgewater
bcef949c93
2018-12-07, Version 11.4.0 (Current)
Notable Changes:

* console,util:
  * `console` functions now handle symbols as defined in the spec.
    https://github.com/nodejs/node/pull/23708
  * The inspection `depth` default is now back at 2.
    https://github.com/nodejs/node/pull/24326
* dgram,net:
  * Added ipv6Only option for `net` and `dgram`.
    https://github.com/nodejs/node/pull/23798
* http:
  * Chosing between the http parser is now possible per runtime flag.
    https://github.com/nodejs/node/pull/24739
* readline:
  * The `readline` module now supports async iterators.
    https://github.com/nodejs/node/pull/23916
* repl:
  * The multiline history feature is removed.
    https://github.com/nodejs/node/pull/24804
* tls:
  * Added min/max protocol version options.
    https://github.com/nodejs/node/pull/24405
  * The X.509 public key info now includes the RSA bit size and the
    elliptic curve. https://github.com/nodejs/node/pull/24358
* url:
  * `pathToFileURL()` now supports LF, CR and TAB.
    https://github.com/nodejs/node/pull/23720
* Windows:
  * Tools are not installed using Boxstarter anymore.
    https://github.com/nodejs/node/pull/24677
  * The install-tools scripts or now included in the dist.
    https://github.com/nodejs/node/pull/24233
* Added new collaborator:
  * [antsmartian](https://github.com/antsmartian) - Anto Aravinth.
    https://github.com/nodejs/node/pull/24655

PR-URL: https://github.com/nodejs/node/pull/24854
2018-12-07 18:50:20 +01:00
Rod Vagg
dbdc9081fa 2018-12-03, Version 6.15.1 'Boron' (LTS)
Notable Changes:

This is a patch release to address a bad backport of the fix for "Slowloris
HTTP Denial of Service" (CVE-2018-12122). Node.js 6.15.0 misapplies the headers
timeout to an entire keep-alive HTTP session, resulting in prematurely
disconnected sockets.

PR-URL: https://github.com/nodejs/node/pull/24803
Refs: https://github.com/nodejs/node/pull/24796
Refs: https://github.com/nodejs/node/issues/24760
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
2018-12-04 01:06:32 +11:00
Myles Borins
9efcfd313a
2018-11-29, Version 10.14.1 'Dubnium' (LTS)
Notable Changes:

* **win/msi**: Revert changes to installer causing issues on Windows systems.

PR-URL: https://github.com/nodejs/node/pull/24711
2018-11-29 11:43:35 -05:00
Rod Vagg
cc399cf5b2 2018-11-27, Version 11.3.0 (Current)
This is a security release. All Node.js users should consult the security
release summary at:

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
  * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
  * Node.js: Hostname spoofing in URL parser for javascript protocol
    (CVE-2018-12123)
  * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
  * OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)

Notable Changes:

* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
  * Headers received by HTTP servers must not exceed 8192 bytes in total to
    prevent possible Denial of Service attacks. Reported by Trevor Norris.
    (CVE-2018-12121 / Matteo Collina)
  * A timeout of 40 seconds now applies to servers receiving HTTP headers. This
    value can be adjusted with `server.headersTimeout`. Where headers are not
    completely received within this period, the socket is destroyed on the next
    received chunk. In conjunction with `server.setTimeout()`, this aids in
    protecting against excessive resource retention and possible Denial of
    Service. Reported by Jan Maybach (liebdich.com).
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
  with `url.parse()` with the `'javascript:'` protocol. Reported by
  Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/156/
2018-11-28 11:36:34 +11:00
Rod Vagg
9910cc29bc 2018-11-27, Version 10.14.0 'Dubnium' (LTS)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
  * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
  * Node.js: Hostname spoofing in URL parser for javascript protocol
    (CVE-2018-12123)
  * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
  * OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)

Notable Changes:

* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
  * Headers received by HTTP servers must not exceed 8192 bytes in total to
    prevent possible Denial of Service attacks. Reported by Trevor Norris.
    (CVE-2018-12121 / Matteo Collina)
  * A timeout of 40 seconds now applies to servers receiving HTTP headers. This
    value can be adjusted with `server.headersTimeout`. Where headers are not
    completely received within this period, the socket is destroyed on the next
    received chunk. In conjunction with `server.setTimeout()`, this aids in
    protecting against excessive resource retention and possible Denial of
    Service. Reported by Jan Maybach (liebdich.com).
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
  with `url.parse()` with the `'javascript:'` protocol. Reported by
  Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/155/
2018-11-28 11:36:34 +11:00
Rod Vagg
59fdaede52 2018-11-27, Version 8.14.0 'Carbon' (LTS)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
  * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
  * Node.js: Hostname spoofing in URL parser for javascript protocol
    (CVE-2018-12123)
  * Node.js: HTTP request splitting (CVE-2018-12116)
  * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
  * OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication
    (CVE-2018-5407)

Notable Changes:

* deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
* http:
  * Headers received by HTTP servers must not exceed 8192 bytes in total to
    prevent possible Denial of Service attacks. Reported by Trevor Norris.
    (CVE-2018-12121 / Matteo Collina)
  * A timeout of 40 seconds now applies to servers receiving HTTP headers. This
    value can be adjusted with `server.headersTimeout`. Where headers are not
    completely received within this period, the socket is destroyed on the next
    received chunk. In conjunction with `server.setTimeout()`, this aids in
    protecting against excessive resource retention and possible Denial of
    Service. Reported by Jan Maybach (liebdich.com).
  * Two-byte characters are now strictly disallowed for the `path` option in
    HTTP client requests. Paths containing characters outside of the range
    `\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior
    can be reverted if necessary by supplying the
    `--security-revert=CVE-2018-12116` command line argument (this is not
    recommended). Reported as security concern for Node.js 6 and 8 by
    Arkadiy Tetelman (lob.com), fixed by backporting a change by Benno
    Fünfstück applied to Node.js 10 and later.
    (CVE-2018-12116 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
  with `url.parse()` with the `'javascript:'` protocol. Reported by
  Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/154
2018-11-28 11:36:34 +11:00
Rod Vagg
957aeba352 2018-11-27, Version 6.15.0 'Boron' (LTS)
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * Node.js: Debugger port 5858 listens on any interface by default
    (CVE-2018-12120)
  * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
  * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
  * Node.js: Hostname spoofing in URL parser for javascript protocol
    (CVE-2018-12123)
  * Node.js: HTTP request splitting (CVE-2018-12116)
  * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
  * OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication
    (CVE-2018-5407)

Notable Changes:

* debugger: Backport of https://github.com/nodejs/node/pull/8106 to
  prevent the debugger from listening on `0.0.0.0`. It now defaults to
  `127.0.0.1`. Reported by Ben Noordhuis. (CVE-2018-12120 / Ben Noordhuis).
* deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
* http:
  * Headers received by HTTP servers must not exceed 8192 bytes in total to
    prevent possible Denial of Service attacks. Reported by Trevor Norris.
    (CVE-2018-12121 / Matteo Collina)
  * A timeout of 40 seconds now applies to servers receiving HTTP headers. This
    value can be adjusted with `server.headersTimeout`. Where headers are not
    completely received within this period, the socket is destroyed on the next
    received chunk. In conjunction with `server.setTimeout()`, this aids in
    protecting against excessive resource retention and possible Denial of
    Service. Reported by Jan Maybach (liebdich.com).
    (CVE-2018-12122 / Matteo Collina)
  * Two-byte characters are now strictly disallowed for the `path` option in
    HTTP client requests. Paths containing characters outside of the range
    `\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior
    can be reverted if necessary by supplying the
    `--security-revert=CVE-2018-12116` command line argument (this is not
    recommended). Reported as security concern for Node.js 6 and 8 by
    Arkadiy Tetelman (lob.com), fixed by backporting a change by Benno
    Fünfstück applied to Node.js 10 and later.
    (CVE-2018-12116 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing
  URLs with `url.parse()` with the `'javascript:'` protocol. Reported by
  Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/153
2018-11-28 11:36:34 +11:00
Beth Griggs
2c2e6ec38d
2018-11-20, Version 8.13.0 'Carbon' (LTS)
Notable changes:

* **assert**:
  - backport some assert commits (Ruben Bridgewater)
    [#23223](https://github.com/nodejs/node/pull/23223)
* **deps**:
  - upgrade to libuv 1.23.2 (cjihrig)
    [#23336](https://github.com/nodejs/node/pull/23336)
  - V8: cherry-pick 64-bit hash seed commits (Yang Guo)
    [#23274](https://github.com/nodejs/node/pull/23274)
* **http**:
  - added aborted property to request (Robert Nagy)
    [#20094](https://github.com/nodejs/node/pull/20094)
* **http2**:
  - graduate from experimental (James M Snell)
    [#22466](https://github.com/nodejs/node/pull/22466)

PR-URL: https://github.com/nodejs/node/pull/23974
2018-11-20 13:13:11 -05:00
Ruben Bridgewater
406d9caab5
2018-11-15, Version 11.2.0 (Current)
Notable changes:

* deps:
  * A new experimental HTTP parser (`llhttp`) is now supported.
    https://github.com/nodejs/node/pull/24059
* timers:
  * Fixed an issue that could cause setTimeout to stop working as
    expected. https://github.com/nodejs/node/pull/24322
* Windows
  * A crashing process will now show the names of stack frames if the
    node.pdb file is available.
    https://github.com/nodejs/node/pull/23822
  * Continued effort to improve the installer's new stage that installs
    native build tools.
    https://github.com/nodejs/node/pull/23987,
    https://github.com/nodejs/node/pull/24348
  * child_process:
    * On Windows the `windowsHide` option default was restored to
      `false`. This means `detached` child processes and GUI apps will
      once again start in a new window.
      https://github.com/nodejs/node/pull/24034
* Added new collaborators:
  * [oyyd](https://github.com/oyyd) - Ouyang Yadong.
    https://github.com/nodejs/node/pull/24300
  * [psmarshall](https://github.com/psmarshall) - Peter Marshall.
    https://github.com/nodejs/node/pull/24170
  * [shisama](https://github.com/shisama) - Masashi Hirano.
    https://github.com/nodejs/node/pull/24136

PR-URL: https://github.com/nodejs/node/pull/24350
2018-11-15 22:16:09 +01:00
Rich Trott
c3809ffc24 tools: enable 80-char line length markdown linting
PR-URL: https://github.com/nodejs/node/pull/24094
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2018-11-07 09:27:33 -08:00
Michaël Zasso
74ba48294b
2018-11-02, Version 11.1.0 (Current)
Notable changes:

* deps
  * Updated ICU to 63.1. https://github.com/nodejs/node/pull/23715
* repl
  * Top-level for-await-of is now supported in the REPL.
    https://github.com/nodejs/node/pull/23841
* timers
  * Fixed an issue that could cause timers to enter an infinite loop.
    https://github.com/nodejs/node/pull/23870

PR-URL: https://github.com/nodejs/node/pull/23922
2018-11-02 13:34:02 +01:00
Rich Trott
34f164f1c2 doc: revise CHANGELOG.md text
Make the text shorter and clearer.

PR-URL: https://github.com/nodejs/node/pull/23988
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2018-11-01 23:27:40 -07:00
Myles Borins
cd1193d9ed
2018-10-30 Version 10.13.0 'Dubnium' (LTS)
This release marks the transition of Node.js 10.x into Long Term
Support (LTS) with the codename 'Dubnium'. The 10.x release line
now moves in to "Active LTS" and will remain so until April 2020.
After that time it will move in to "Maintenance" until end of
life in April 2021.

Notable Changes:

This release only includes minimal changes necessary to fix known
regressions prior to LTS.

PR-URL: https://github.com/nodejs/node/pull/23831
2018-10-30 04:45:24 -04:00
James M Snell
3516052bee
2018-10-23, Version 11.0.0 (Current)
Notable changes:

* Build
  * FreeBSD 10 is no longer supported.[#22617](https://github.com/nodejs/node/pull/22617)
* `child_process`
  * The default value of the `windowsHide` option has been changed
    to `true`. [#21316](https://github.com/nodejs/node/pull/21316)
* `console`
  * `console.countReset()` will emit a warning if the timer
    being reset does not exist. [#21649](https://github.com/nodejs/node/pull/21649)
  * `console.time()` will no longer reset a timer if it already
    exists. [#20442](https://github.com/nodejs/node/pull/20442)
* Dependencies
  * V8 has been updated to 7.0.
    [#22754](https://github.com/nodejs/node/pull/22754)
* `fs`
  * The `fs.read()` method now requires a callback.
    [#22146](https://github.com/nodejs/node/pull/22146)
  * The previously deprecated `fs.SyncWriteStream` utility has been
    removed.[#20735](https://github.com/nodejs/node/pull/20735)
* `http`
  * The `http`, `https`, and `tls` modules now use the WHATWG URL parser
    by default. [#20270](https://github.com/nodejs/node/pull/20270)
* General
  * Use of `process.binding()` has been deprecated. Userland code using
    `process.binding()` should re-evaluate that use and begin migrating. If
    there are no supported API alternatives, please open an issue in the
    Node.js GitHub repository so that a suitable alternative may be discussed.
  * An experimental implementation of `queueMicrotask()` has been added.
    [#22951](https://github.com/nodejs/node/pull/22951)
* Internal
  * Windows performance-counter support has been removed.
    [#22485](https://github.com/nodejs/node/pull/22485)
  * The `--expose-http2` command-line option has been removed.
    [#20887](https://github.com/nodejs/node/pull/20887)
* Timers
  * Interval timers will be rescheduled even if previous interval threw
    an error. [#20002](https://github.com/nodejs/node/pull/20002)
* `util`
  * The WHATWG `TextEncoder` and `TextDecoder` are now globals.
    [#22281](https://github.com/nodejs/node/pull/22281)
  * `util.inspect()` output size is limited to 128 MB by default.
    [#22756](https://github.com/nodejs/node/pull/22756)
  * A runtime warning will be emitted when `NODE_DEBUG` is set for
    either `http` or `http2`. [#21914](https://github.com/nodejs/node/pull/21914)
2018-10-23 11:03:02 -07:00
Michaël Zasso
cd8ee2d033
2018-10-10, Version 10.12.0 (Current)
Notable changes:

* assert
  * The diff output is now a tiny bit improved by sorting object
    properties when inspecting the values that are compared with each
    other. https://github.com/nodejs/node/pull/22788
* cli
  * The options parser now normalizes `_` to `-` in all multi-word
    command-line flags, e.g. `--no_warnings` has the same effect as
    `--no-warnings`. https://github.com/nodejs/node/pull/23020
  * Added bash completion for the `node` binary. To generate a bash
    completion script, run `node --completion-bash`. The output can be
    saved to a file which can be sourced to enable completion.
    https://github.com/nodejs/node/pull/20713
* crypto
  * Added support for PEM-level encryption.
    https://github.com/nodejs/node/pull/23151
  * Added an API asymmetric key pair generation. The new methods
    `crypto.generateKeyPair` and `crypto.generateKeyPairSync` can be
    used to generate public and private key pairs. The API supports
    RSA, DSA and EC and a variety of key encodings (both PEM and DER).
    https://github.com/nodejs/node/pull/22660
* fs
  * Added a `recursive` option to `fs.mkdir` and `fs.mkdirSync`. If
    this option is set to true, non-existing parent folders will be
    automatically created. https://github.com/nodejs/node/pull/21875
* http2
  * Added a `'ping'` event to `Http2Session` that is emitted whenever a
    non-ack `PING` is received.
    https://github.com/nodejs/node/pull/23009
  * Added support for the `ORIGIN` frame.
    https://github.com/nodejs/node/pull/22956
  * Updated nghttp2 to 1.34.0. This adds RFC 8441 extended connect
    protocol support to allow use of WebSockets over HTTP/2.
    https://github.com/nodejs/node/pull/23284
* module
  * Added `module.createRequireFromPath(filename)`. This new method can
    be used to create a custom require function that will resolve
    modules relative to the filename path.
    https://github.com/nodejs/node/pull/19360
* process
  * Added a `'multipleResolves'` process event that is emitted whenever
    a `Promise` is attempted to be resolved multiple times, e.g. if the
    `resolve` and `reject` functions are both called in a `Promise`
    executor. https://github.com/nodejs/node/pull/22218
* url
  * Added `url.fileURLToPath(url)` and `url.pathToFileURL(path)`. These
    methods can be used to correctly convert between file: URLs and
    absolute paths. https://github.com/nodejs/node/pull/22506
* util
  * Added the `sorted` option to `util.inspect()`. If set to `true`,
    all properties of an object and Set and Map entries will be sorted
    in the returned string. If set to a function, it is used as a
    compare function. https://github.com/nodejs/node/pull/22788
  * The `util.instpect.custom` symbol is now defined in the global
    symbol registry as `Symbol.for('nodejs.util.inspect.custom')`.
    https://github.com/nodejs/node/pull/20857
  * Added support for `BigInt` numbers in `util.format()`.
    https://github.com/nodejs/node/pull/22097
* V8 API
  * A number of V8 C++ APIs have been marked as deprecated since they
    have been removed in the upstream repository. Replacement APIs
    are added where necessary. https://github.com/nodejs/node/pull/23159
* Windows
  * The Windows msi installer now provides an option to automatically
    install the tools required to build native modules.
    https://github.com/nodejs/node/pull/22645
* Workers
  * Debugging support for Workers using the DevTools protocol has been
    implemented. https://github.com/nodejs/node/pull/21364
  * The public `inspector` module is now enabled in Workers.
    https://github.com/nodejs/node/pull/22769
* Added new collaborators:
  * digitalinfinity - Hitesh Kanwathirtha

PR-URL: https://github.com/nodejs/node/pull/23313
2018-10-10 23:18:55 +02:00
Michaël Zasso
df9abb638d
2018-09-20, Version 10.11.0 (Current)
Notable changes:

* fs
  * Fixed fsPromises.readdir `withFileTypes`.
    https://github.com/nodejs/node/pull/22832
* http2
  * Added `http2stream.endAfterHeaders` property.
    https://github.com/nodejs/node/pull/22843
* util
  * Added `util.types.isBoxedPrimitive(value)`.
    https://github.com/nodejs/node/pull/22620
* Added new collaborators:
  * boneskull (https://github.com/boneskull) - Christopher Hiller
* The Technical Steering Committee has new members:
  * apapirovski (https://github.com/apapirovski) - Anatoli Papirovski
  * gabrielschulhof (https://github.com/gabrielschulhof) - Gabriel Schulhof

PR-URL: https://github.com/nodejs/node/pull/22932
2018-09-20 13:32:38 +02:00
Myles Borins
121439a8ff
2018-09-11, Version 8.12.0 'Carbon' (LTS)
Notable Changes:

* async_hooks:
  - rename PromiseWrap.parentId (Ali Ijaz Sheikh)
    https://github.com/nodejs/node/pull/18633
  - remove runtime deprecation (Ali Ijaz Sheikh)
    https://github.com/nodejs/node/pull/19517
  - deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh)
    https://github.com/nodejs/node/pull/18513
* cluster:
  - add cwd to cluster.settings (cjihrig)
    https://github.com/nodejs/node/pull/18399
  - support windowsHide option for workers (Todd Wong)
    https://github.com/nodejs/node/pull/17412
* crypto:
  - allow passing null as IV unless required (Tobias Nießen)
    https://github.com/nodejs/node/pull/18644
* deps:
  - upgrade npm to 6.2.0 (Kat Marchán)
    https://github.com/nodejs/node/pull/21592
  - upgrade libuv to 1.19.2 (cjihrig)
    https://github.com/nodejs/node/pull/18918
  - Upgrade node-inspect to 1.11.5 (Jan Krems)
    https://github.com/nodejs/node/pull/21055
* fs,net:
  - support as and as+ flags in stringToFlags() (Sarat Addepalli)
    https://github.com/nodejs/node/pull/18801
  - emit 'ready' for fs streams and sockets (Sameer Srivastava)
    https://github.com/nodejs/node/pull/19408
* http, http2:
  - add options to http.createServer() (Peter Marton)
    https://github.com/nodejs/node/pull/15752
  - add 103 Early Hints status code (Yosuke Furukawa)
    https://github.com/nodejs/node/pull/16644
  - add http fallback options to .createServer (Peter Marton)
    https://github.com/nodejs/node/pull/15752
* n-api:
  - take n-api out of experimental (Michael Dawson)
    https://github.com/nodejs/node/pull/19262
* perf_hooks:
  - add warning when too many entries in the timeline (James M Snell)
    https://github.com/nodejs/node/pull/18087
* src:
  - add public API for managing NodePlatform (Cheng Zhao)
    https://github.com/nodejs/node/pull/16981
  - allow --perf-(basic-)?prof in NODE\_OPTIONS (Leko)
    https://github.com/nodejs/node/pull/17600
  - node internals' postmortem metadata (Matheus Marchini)
    https://github.com/nodejs/node/pull/14901
* tls:
  - expose Finished messages in TLSSocket (Anton Salikhmetov)
    https://github.com/nodejs/node/pull/19102
* **trace_events**:
  - add file pattern cli option (Andreas Madsen)
    https://github.com/nodejs/node/pull/18480
* util:
  - implement util.getSystemErrorName() (Joyee Cheung)
    https://github.com/nodejs/node/pull/18186

PR-URL: https://github.com/nodejs/node/pull/21593
2018-09-11 01:33:27 -04:00
Michaël Zasso
ed976d76b0
2018-09-06, Version 10.10.0 (Current)
Notable changes:

* child_process:
  * `TypedArray` and `DataView` values are now accepted as input by
    `execFileSync` and `spawnSync`. https://github.com/nodejs/node/pull/22409
* coverage:
  * Native V8 code coverage information can now be output to disk by setting the
    environment variable `NODE_V8_COVERAGE` to a directory. https://github.com/nodejs/node/pull/22527
* deps:
  * The bundled npm was upgraded to version 6.4.1. https://github.com/nodejs/node/pull/22591
    * Changelogs:
      [6.3.0-next.0](https://github.com/npm/cli/releases/tag/v6.3.0-next.0)
      [6.3.0](https://github.com/npm/cli/releases/tag/v6.3.0)
      [6.4.0](https://github.com/npm/cli/releases/tag/v6.4.0)
      [6.4.1](https://github.com/npm/cli/releases/tag/v6.4.1)
* fs:
  * The methods `fs.read`, `fs.readSync`, `fs.write`, `fs.writeSync`,
    `fs.writeFile` and `fs.writeFileSync` now all accept `TypedArray` and
    `DataView` objects. https://github.com/nodejs/node/pull/22150
  * A new boolean option, `withFileTypes`, can be passed to to `fs.readdir` and
    `fs.readdirSync`. If set to true, the methods return an array of directory
    entries. These are objects that can be used to determine the type of each
    entry and filter them based on that without calling `fs.stat`. https://github.com/nodejs/node/pull/22020
* http2:
  * The `http2` module is no longer experimental. https://github.com/nodejs/node/pull/22466
* os:
  * Added two new methods: `os.getPriority` and `os.setPriority`, allowing to
    manipulate the scheduling priority of processes. https://github.com/nodejs/node/pull/22407
* process:
  * Added `process.allowedNodeEnvironmentFlags`. This object can be used to
    programmatically validate and list flags that are allowed in the
    `NODE_OPTIONS` environment variable. https://github.com/nodejs/node/pull/19335
* src:
  * Deprecated option variables in public C++ API. https://github.com/nodejs/node/pull/22515
  * Refactored options parsing. https://github.com/nodejs/node/pull/22392
* vm:
  * Added `vm.compileFunction`, a method to create new JavaScript functions from
    a source body, with options similar to those of the other `vm` methods. https://github.com/nodejs/node/pull/21571
* Added new collaborators:
  * [lundibundi](https://github.com/lundibundi) - Denys Otrishko

PR-URL: https://github.com/nodejs/node/pull/22716
2018-09-06 23:57:43 +02:00
Rod Vagg
97c1fa3d3b 2018-08-15, Version 10.9.0 (Current)
Notable changes:

* buffer:
  * Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
    (CVE-2018-12115)
  * Fix unintentional exposure of uninitialized memory in `Buffer.alloc()`
    (CVE-2018-7166)
* deps:
  * Upgrade to OpenSSL 1.1.0i, fixing:
    - Client DoS due to large DH parameter (CVE-2018-0732)
    - ECDSA key extraction via local side-channel (CVE not assigned)
  * Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) #21079
    - Memory reduction and performance improvements, details at:
      https://v8project.blogspot.com/2018/06/v8-release-68.html
* http: `http.get()` and `http.request()` (and `https` variants) can now accept
  three arguments to allow for a `URL` _and_ an `options` object
  (Sam Ruby) #21616
* Added new collaborators
  * Sam Ruby (https://github.com/rubys)
  * George Adams (https://github.com/gdams)
2018-08-16 11:52:38 +10:00
Rod Vagg
1efdc5876d 2018-08-15, Version 8.11.4 'Carbon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

  https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * CVE-2018-0732 (OpenSSL)
  * CVE-2018-12115 (Node.js)

Notable changes:

* buffer: Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
  (CVE-2018-12115)
* deps: Upgrade to OpenSSL 1.0.2p, fixing:
  * Client DoS due to large DH parameter (CVE-2018-0732)
  * ECDSA key extraction via local side-channel (CVE not assigned)
2018-08-16 11:52:38 +10:00
Rod Vagg
82ab9b336d 2018-08-15, Version 6.14.4 'Boron' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

  https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * CVE-2018-0732 (OpenSSL)
  * CVE-2018-12115 (Node.js)

Notable changes:

* buffer: Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
  (CVE-2018-12115)
* deps: Upgrade to OpenSSL 1.0.2p, fixing:
  * Client DoS due to large DH parameter (CVE-2018-0732)
  * ECDSA key extraction via local side-channel (CVE not assigned)
2018-08-16 11:52:38 +10:00
Michaël Zasso
27a5338c8a
2018-08-01, Version 10.8.0 (Current)
Notable changes:

* deps:
  * Upgrade npm to 6.2.0. (https://github.com/nodejs/node/pull/21592)
    * npm has moved. This release updates various URLs to point to the right
      places for bugs, support, and PRs.
    * Fix the regular expression matching in `xcode_emulation` in `node-gyp` to
      also handle version numbers with multiple-digit major versions which would
      otherwise break under use of XCode 10.
    * The npm tree has been *significantly* flattened. Tarball size for the npm
      package has gone from 8MB to 4.8MB.
    * Changelogs:
      https://github.com/npm/npm/releases/tag/v6.2.0-next.0
      https://github.com/npm/npm/releases/tag/v6.2.0-next.1
      https://github.com/npm/cli/releases/tag/v6.2.0)

PR-URL: https://github.com/nodejs/node/pull/22040
2018-08-01 20:54:26 +02:00
Michaël Zasso
bb87e41696
2018-07-18, Version 10.7.0 (Current)
Notable changes:

* console:
  * The `console.timeLog()` method has been implemented.
    (https://github.com/nodejs/node/pull/21312)
* deps:
  * Upgrade to libuv 1.22.0. (https://github.com/nodejs/node/pull/21731)
  * Upgrade to ICU 62.1 (Unicode 11, CLDR 33.1).
    (https://github.com/nodejs/node/pull/21728)
* http:
  * Added support for passing both `timeout` and `agent` options to
    `http.request`. (https://github.com/nodejs/node/pull/21204)
* inspector:
  * Expose the original console API in `require('inspector').console`.
    (https://github.com/nodejs/node/pull/21659)
* napi:
  * Added experimental support for functions dealing with bigint numbers.
    (https://github.com/nodejs/node/pull/21226)
* process:
  * The `process.hrtime.bigint()` method has been implemented.
    (https://github.com/nodejs/node/pull/21256)
  * Added the `--title` command line argument to set the process title on
    startup. (https://github.com/nodejs/node/pull/21477)
* trace_events:
  * Added process_name metadata.
    (https://github.com/nodejs/node/pull/21477)
* Added new collaborators
  * codebytere - Shelley Vohr

PR-URL: https://github.com/nodejs/node/pull/21851
2018-07-18 20:17:23 +02:00
Сковорода Никита Андреевич
195480a8bc doc: update changelog with 9.x EOL
This removes unsupported versions from the table, as those might confuse
people, execially given the
  > Release versions displayed in **bold** text represent the most
  > recent actively supported release.
remark below.

It was inconsistent to keep some of the EOL entries in the table while
removing others (v5.x, v7.x) -- this commit takes care of that.

Instead, release status is hinted in the branch list above, highlighting
two main branches -- Current and Active LTS.

Also update the link to the Release repo.

Refs: https://github.com/nodejs/Release/pull/351
PR-URL: https://github.com/nodejs/node/pull/21612
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
2018-07-10 17:52:43 +03:00
Michaël Zasso
7951e6d26b
2018-07-04, Version 10.6.0 (Current)
Notable changes:

* dns:
  * An experimental promisified version of the dns module is now available. Give
    it a try with `require('dns').promises`. [#21264](https://github.com/nodejs/node/pull/21264)
* fs:
  * `fs.lchown` has been undeprecated now that libuv supports it. [#21498](https://github.com/nodejs/node/pull/21498)
* lib:
  * `Atomics.wake` is being renamed to `Atomics.notify` in the ECMAScript
    specification ([reference](https://github.com/tc39/ecma262/pull/1220)).
    Since Node.js now has experimental support for worker threads, we are being
    proactive and added a `notify` alias, while emitting a warning if
    `wake` is used. [#21413](https://github.com/nodejs/node/pull/21413) [#21518](https://github.com/nodejs/node/pull/21518)
* n-api:
  * Add API for asynchronous functions. [#17887](https://github.com/nodejs/node/pull/17887)
* util:
  * `util.inspect` is now able to return a result instead of throwing when the
    maximum call stack size is exceeded during inspection. [#20725](https://github.com/nodejs/node/pull/20725)
* vm:
  * Add `script.createCachedData()`. This API replaces the `produceCachedData`
    option of the `Script` constructor that is now deprecated. [#20300](https://github.com/nodejs/node/pull/20300)
* worker:
  * Support for relative paths has been added to the `Worker` constructor. Paths
    are interpreted relative to the current working directory. [#21407](https://github.com/nodejs/node/pull/21407)

PR-URL: https://github.com/nodejs/node/pull/21629
2018-07-04 20:06:26 +02:00
Michaël Zasso
680aeb3467
2018-16-20, Version 10.5.0 (Current)
Notable changes:

* **crypto**:
  * Support for `crypto.scrypt()` has been added.
    [#20816](https://github.com/nodejs/node/pull/20816)
* **fs**:
  * BigInt support has been added to `fs.stat` and `fs.watchFile`.
    [#20220](https://github.com/nodejs/node/pull/20220)
  * APIs that take `mode` as arguments no longer throw on values larger
    than `0o777`. [#20636](https://github.com/nodejs/node/pull/20636)
    [#20975](https://github.com/nodejs/node/pull/20975)
    (Fixes: [#20498](https://github.com/nodejs/node/issues/20498))
  * Fix crashes in closed event watchers.
    [#20985](https://github.com/nodejs/node/pull/20985)
    (Fixes: [#20297](https://github.com/nodejs/node/issues/20297))
* **Worker Threads**:
  * Support for multi-threading has been added behind the
    `--experimental-worker` flag in the `worker_threads` module.
    This feature is *experimental* and may receive breaking changes at
    any time. [#20876](https://github.com/nodejs/node/pull/20876)

PR-URL: https://github.com/nodejs/node/pull/21400
2018-06-20 20:39:16 +02:00
Evan Lucas
06cab45b2c 2018-06-12, Version 10.4.1 (Current)
Notable changes:

* **Fixes memory exhaustion DoS** (CVE-2018-7164): Fixes a bug introduced
    in 9.7.0 that increases the memory consumed when reading from the network
    into JavaScript using the net.Socket object directly as a stream.
* **http2**
  * (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the
    http2 implementation to not crash under certain circumstances during cleanup
  * (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading
    nghttp2 to 1.32.0
* **tls** (CVE-2018-7162): Fixes Denial of Service vulnerability by updating
    the TLS implementation to not crash upon receiving
* **n-api**: Prevent use-after-free in napi_delete_async_work

PR-URL: https://github.com/nodejs-private/node-private/pull/136
2018-06-12 18:54:17 -05:00
Evan Lucas
0fb290a347 2018-06-12, Version 9.11.2 (Maintenance)
Notable changes:

* **Fixes memory exhaustion DoS** (CVE-2018-7164): Fixes a bug introduced
    in 9.7.0 that increases the memory consumed when reading from the network
    into JavaScript using the net.Socket object directly as a stream.
* **buffer** (CVE-2018-7167): Fixes Denial of Service vulnerability where
    calling Buffer.fill() could hang
* **http2**
  * (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the
    http2 implementation to not crash under certain circumstances during cleanup
  * (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading
    nghttp2 to 1.32.0
* **tls** (CVE-2018-7162): Fixes Denial of Service vulnerability by updating
    the TLS implementation to not crash upon receiving

PR-URL: https://github.com/nodejs-private/node-private/pull/135
2018-06-12 18:54:17 -05:00
Evan Lucas
4913bd41f1 2018-06-12, Version 8.11.3 (LTS)
Notable changes:

* **buffer** (CVE-2018-7167): Fixes Denial of Service vulnerability
    where calling Buffer.fill() could hang
* **http2**
  * (CVE-2018-7161): Fixes Denial of Service vulnerability by
      updating the http2 implementation to not crash under
      certain circumstances during cleanup
  * (CVE-2018-1000168): Fixes Denial of Service vulnerability
      by upgrading nghttp2 to 1.32.0

PR-URL: https://github.com/nodejs-private/node-private/pull/126
2018-06-12 18:54:17 -05:00
Evan Lucas
fbc68a5cea 2018-06-12, Version 6.14.3 (LTS)
Notable changes:

* **buffer** (CVE-2018-7167): Fixes Denial of Service
    vulnerability where calling Buffer.fill() could hang

PR-URL: https://github.com/nodejs-private/node-private/pull/134
2018-06-12 18:31:11 -05:00
Myles Borins
e5d9198352
2018-06-06, Version 10.4.0 (Current)
Notable Changes:

* **deps**:
 - update V8 to 6.7.288.43 (Michaël Zasso)
   https://github.com/nodejs/node/pull/19989
* **stream**:
  - ensure Stream.pipeline re-throws errors without callback (Blaine Bublitz)
    https://github.com/nodejs/node/pull/20437

PR-URL: https://github.com/nodejs/node/pull/21167
2018-06-06 16:23:34 +02:00
Myles Borins
9ae658e362
2018-05-29, Version 10.3.0 (Current)
Notable Changes:

* **deps**:
  - upgrade npm to 6.1.0 (Rebecca Turner)
    https://github.com/nodejs/node/pull/20190
* **fs**:
  - fix reads with pos \> 4GB (Mathias Buus)
    https://github.com/nodejs/node/pull/21003
* **net**:
  - new option to allow IPC servers to be readable and writable
    by all users (Bartosz Sosnowski)
    https://github.com/nodejs/node/pull/19472
* **stream**:
  - fix removeAllListeners() for Stream.Readable to work as expected
    when no arguments are passed (Kael Zhang)
    https://github.com/nodejs/node/pull/20924
* **Added new collaborators**
  - John-David Dalton (https://github.com/jdalton)

PR-URL: https://github.com/nodejs/node/pull/21011
2018-05-29 19:44:55 +02:00
Teddy Katz
6d3940e558
doc: mark Node 4 as EOL in changelog
Node 4 has been unsupported since 2018-05-01, but the changelog was out
of date and said that Node 4 was still in LTS.

PR-URL: https://github.com/nodejs/node/pull/20926
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Weijia Wang <starkwang@126.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Khaidi Chu <i@2333.moe>
Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
Reviewed-By: Matheus Marchini <matheus@sthima.com>
2018-05-26 12:51:22 -04:00
Myles Borins
6caecc614a
2018-05-24, Version 10.2.1 (Current)
This is a follow up release to fix two regressions that were introduced
in v10.2.0.

PR-URL: https://github.com/nodejs/node/pull/20943
2018-05-24 16:08:57 -04:00
Anna Henningsen
82f18118ff
2018-05-23, Version 10.2.0 (Current)
* addons:
  - Fixed a memory leak for users of `AsyncResource` and N-API.
    (Michael Dawson)
    https://github.com/nodejs/node/pull/20668
* assert:
  - The `error` parameter of `assert.throws()` can be an object containing
    regular expressions now. (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/20485
* crypto:
  - The `authTagLength` option has been made more flexible (Tobias Nießen)
    https://github.com/nodejs/node/pull/20235)
    https://github.com/nodejs/node/pull/20039
* esm:
  - Builtin modules (e.g. `fs`) now provide named exports in ES6 modules.
    (Gus Caplan)
    https://github.com/nodejs/node/pull/20403
* http:
  - Handling of `close` and `aborted` events has been made more consistent.
    (Robert Nagy)
    https://github.com/nodejs/node/pull/20075
    https://github.com/nodejs/node/pull/20611
* module:
  - add --preserve-symlinks-main (David Goldstein)
    https://github.com/nodejs/node/pull/19911
* timers:
  - `timeout.refresh()` has been added to the public API.
    (Jeremiah Senkpiel)
    https://github.com/nodejs/node/pull/20298
* Embedder support:
  - Functions for creating V8 `Isolate` and `Context` objects with
    Node.js-specific behaviour have been added to the API.
    (Allen Yonghuang Wang)
    https://github.com/nodejs/node/pull/20639
  - Node.js `Environment`s clean up resources before exiting now.
    (Anna Henningsen)
    https://github.com/nodejs/node/pull/19377
  - Support for multi-threaded embedding has been improved.
    (Anna Henningsen)
    https://github.com/nodejs/node/pull/20542
    https://github.com/nodejs/node/pull/20539
    https://github.com/nodejs/node/pull/20541

PR-URL: https://github.com/nodejs/node/pull/20724
2018-05-23 19:08:39 -04:00
Myles Borins
2e7ea6e061
2018-05-15, Version 8.11.2 'Carbon' (LTS)
Notable Changes:

deps:
  - update node-inspect to 1.11.3 (Jan Krems)
    https://github.com/nodejs/node/pull/18354
  - update nghttp2 to 1.29.0 (James M Snell)
    https://github.com/nodejs/node/pull/17908
http2:
  - Sync with current release stream
n-api:
  - Sync with current release stream

PR-URL: https://github.com/nodejs/node/pull/20478
2018-05-15 17:29:03 -04:00
Myles Borins
2c0fc3bd89
2018-05-08, Version 10.1.0 (Current)
Notable Changes:

* console:
  - make console.table() use colored inspect (TSUYUSATO Kitsune)
    https://github.com/nodejs/node/pull/20510
* fs:
  - move fs/promises to fs.promises (cjihrig)
    https://github.com/nodejs/node/pull/20504
* http:
  - added aborted property to request (Robert Nagy)
    https://github.com/nodejs/node/pull/20094
* n-api:
  - initialize a module via a special symbol (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/20161
* src:
  - add public API to expose the main V8 Platform (Allen Yonghuang Wang)
    https://github.com/nodejs/node/pull/20447

PR-URL: https://github.com/nodejs/node/pull/20606
2018-05-08 19:42:16 -07:00
Myles Borins
c6d3b37650
2018-04-30, Version 6.14.2 'Boron' (LTS)
Notable Change:

* n-api:
  - n-api has been backported to v6.x. It is being landed as an experimental interface,
    and as such is landing in a Semver-Patch release. (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/19447

PR-URL: https://github.com/nodejs/node/pull/19996
2018-04-30 13:42:22 -04:00
James M Snell
0cca27b3ff 2018-04-24, Version 10.0.0 (Current)
* Assert
  * Calling `assert.fail()` with more than one argument is deprecated. #70dcacd710
  * Calling `assert.ok()` with no arguments will now throw. #3cd7977a42
  * Calling `assert.ifError()` will now throw with any argument other than `undefined` or `null`. Previously the method would throw with any truthy value. #e65a6e81ef
  * The `assert.rejects()` and `assert.doesNotReject()` methods have been added for working with async functions. #599337f43e
* Async_hooks
  * Older experimental async_hooks APIs have been removed. #1cc6b993b9
* Buffer
  * Uses of `new Buffer()` and `Buffer()` outside of the `node_modules` directory will now emit a runtime deprecation warning. #9d4ab90117
  * `Buffer.isEncoding()` now returns `undefined` for falsy values, including an empty string. #452eed956e
  * `Buffer.fill()` will throw if an attempt is made to fill with an empty `Buffer`. #1e802539b2
* Child Process
  * Undefined properties of env are ignored. #38ee25e2e2, #85739b6c5b
* Console
  * The `console.table()` method has been added. #97ace04492
* Crypto
  * The `crypto.createCipher()` and `crypto.createDecipher()` methods have been deprecated. Please use `crypto.createCipheriv()` and `crypto.createDecipheriv()` instead. #81f88e30dd
  * The `decipher.finaltol()` method has been deprecated. #19f3927d92
  * The `crypto.DEFAULT_ENCODING` property has been deprecated. #6035beea93
  * The `ECDH.convertKey()` method has been added. #f2e02883e7
  * The `crypto.fips` property has been deprecated. #6e7992e8b8
* Dependencies
  * V8 has been updated to 6.6. #9daebb48d6
  * OpenSSL has been updated to 1.1.0h. #66cb29e646
* EventEmitter
  * The `EventEmitter.prototype.off()` method has been added as an alias for `EventEmitter.prototype.removeListener()`. #3bb6f07d52
* File System
  * The `fs.promises` API provides experimental promisified versions of the `fs` functions. #329fc78e49
  * Invalid path errors are now thrown synchronously. #d8f73385e2
  * The `fs.readFile()` method now partitions reads to avoid thread pool exhaustion. #67a4ce1c6e
* HTTP
  * Processing of HTTP Status codes `100`, `102-199` has been improved. #baf8495078
  * Multi-byte characters in URL paths are now forbidden. #b961d9fd83
* N-API
  * The n-api is no longer experimental. #cd7d7b15c1
* Net
  * The `'close'` event will be emitted after `'end'`. #9b7a6914a7
* Perf_hooks
  * The `PerformanceObserver` class is now an `AsyncResource` and can be monitored using `async_hooks`. #009e41826f
  * Trace events are now emitted for performance events. #9e509b622b
  * The `performance` API has been simplified. #2ec6995555
  * Performance milestone marks will be emitted as trace events. #96cb4fb795
* Process
  * Using non-string values for `process.env` is deprecated. #5826fe4e79
  * The `process.assert()` method is deprecated. #703e37cf3f
* REPL
  * REPL now experimentally supports top-level await when using the `--experimental-repl-await` flag. #eeab7bc068
  * The previously deprecated "magic mode" has been removed. #4893f70d12
  * The previously deprecated `NODE_REPL_HISTORY_FILE` environment variable has been removed. #60c9ad7979
  * Proxy objects are shown as Proxy objects when inspected. #90a43906ab
* Streams
  * The `'readable'` event is now always deferred with nextTick. #1e0f3315c7
  * A new `pipeline()` method has been provided for building end-to-data stream pipelines. #a5cf3feaf1
  * Experimental support for async for-await has been added to `stream.Readable`. #61b4d60c5d
* Timers
  * The `enroll()` and `unenroll()` methods have been deprecated. #68783ae0b8
* TLS
  * The `tls.convertNONProtocols()` method has been deprecated. #9204a0db6e
  * Support for NPN (next protocol negotiation) has been dropped. #5bfbe5ceae
  * The `ecdhCurve` default is now `'auto'`. #af78840b19
* Trace Events
  * A new `trace_events` top-level module allows trace event categories to be enabled/disabld at runtime. #da5d818a54
* URL
  * The WHATWG URL API is now a global. #312414662b
* Util
  * `util.types.is[…]` type checks have been added. #b20af8088a
  * Support for bigint formatting has been added to `util.inspect()`. #39dc947409
2018-04-24 12:02:31 -07:00
Myles Borins
49e9893d85
2018-04-05, Version 9.11.1 (Current)
Notable changes:

An infrastructure issue caused a non-functioning msi installer for x64 to be promoted.
The patch release is to ensure that all binaries and installers work as expected.
2018-04-05 01:20:09 -04:00
Michaël Zasso
67cce8d68a
2018-04-04, Version 9.11.0 (Current)
Notable changes:

* deps:
  - Updated ICU to 61.1 (Steven R. Loomis)
    [#19621](https://github.com/nodejs/node/pull/19621)
    Includes CLDR 33 (many new languages and data improvements).
* fs:
  - Emit 'ready' event for `ReadStream` and `WriteStream` (Sameer
    Srivastava) [#19408](https://github.com/nodejs/node/pull/19408)
* n-api:
  - Bump version of n-api supported (Michael Dawson)
    [#19497](https://github.com/nodejs/node/pull/19497)
* net:
  - Emit 'ready' event for `Socket` (Sameer Srivastava)
    [#19408](https://github.com/nodejs/node/pull/19408)
* Added new collaborators
  - [mafintosh](https://github.com/mafintosh) Mathias Buus
2018-04-04 17:17:17 -04:00
Myles Borins
1e0e988430
2018-03-29, Version 9.10.1 (Current)
Notable changes:

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.

Note that Node.js versions 10.X and later will be built with version
4.9.X or later of the GCC compiler, and it is possible that Node.js
version 9.X may be built on the 4.9.X compiler at a later time as the
stated minimum compiler requirement for Node.js version 9.X is 4.9.4.

Refs: https://github.com/nodejs/node/blob/v9.x/BUILDING.md
PR-URL: https://github.com/nodejs/node/pull/19678
2018-03-29 23:38:20 -04:00
Myles Borins
ea4c69676a
2018-03-29, Version 8.11.1 'Carbon' (LTS)
Notable changes:

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.

Note that Node.js versions 10.X and later will be built with version
4.9.X or later of the GCC compiler, and it is possible that Node.js
version 8.X may be built on the 4.9.X compiler at a later time as the
stated minimum compiler requirement for Node.js version 8.X is 4.9.4.

Refs: https://github.com/nodejs/node/blob/v8.x/BUILDING.md
PR-URL: https://github.com/nodejs/node/pull/19679
2018-03-29 23:38:03 -04:00
Myles Borins
b5e9fcfa4e
2018-03-29, Version 6.14.1 'Boron' (LTS)
Notable changes:

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.

PR-URL: https://github.com/nodejs/node/pull/19680
2018-03-29 23:36:33 -04:00
Myles Borins
b3cb8ce111
2018-03-29, Version 4.9.1 'Argon' (Maintenance)
Notable changes:

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.

PR-URL: https://github.com/nodejs/node/pull/19681
2018-03-29 23:36:33 -04:00
Michaël Zasso
80310e916a
2018-03-28, Version 9.10.0 (Current)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159
* CVE-2018-7160

Notable changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
  A malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP
  connections to localhost or to hosts on the local network,
  potentially to an open inspector port as a debugger, therefore
  gaining full code execution access. The inspector now only allows
  connections that have a browser `Host` value of `localhost` or
  `localhost6`.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

* cluster:
  - Add support for `NODE_OPTIONS="--inspect"` (Sameer Srivastava)
    https://github.com/nodejs/node/pull/19165
* crypto:
  - Expose the public key of a certificate (Hannes Magnusson)
    https://github.com/nodejs/node/pull/17690
* n-api:
  - Add `napi_fatal_exception` to trigger an `uncaughtException` in
    JavaScript (Mathias Buus)
    https://github.com/nodejs/node/pull/19337
* path:
  - Fix regression in `posix.normalize` (Michaël Zasso)
    https://github.com/nodejs/node/pull/19520
* stream:
  - Improve stream creation performance (Brian White)
    https://github.com/nodejs/node/pull/19401
* Added new collaborators
  - [BethGriggs](https://github.com/BethGriggs) Beth Griggs

PR-URL: https://github.com/nodejs-private/node-private/pull/111
2018-03-28 12:21:10 -04:00
Myles Borins
b2a6c97452
2018-03-28, Version 8.11.0 'Carbon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159
* CVE-2018-7160

Notable changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
  A malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP
  connections to localhost or to hosts on the local network,
  potentially to an open inspector port as a debugger, therefore
  gaining full code execution access. The inspector now only allows
  connections that have a browser `Host` value of `localhost` or
  `localhost6`.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

PR-URL: https://github.com/nodejs-private/node-private/pull/112
2018-03-28 12:20:46 -04:00
Myles Borins
ffbcd1d1d1
2018-03-28, Version 6.14.0 'Boron' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159
* CVE-2018-7160

Notable changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
  A malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP
  connections to localhost or to hosts on the local network,
  potentially to an open inspector port as a debugger, therefore
  gaining full code execution access. The inspector now only allows
  connections that have a browser `Host` value of `localhost` or
  `localhost6`.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

PR-URL: https://github.com/nodejs-private/node-private/pull/113
2018-03-28 12:19:33 -04:00
Myles Borins
ebe51d6492
2018-03-28, Version 4.9.0 'Argon' (Maintenance)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159

Notable Changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

PR-URL: https://github.com/nodejs-private/node-private/pull/110
2018-03-28 12:18:57 -04:00
Myles Borins
0ac4ef9a4c
doc: fix changelog
s/9\.7\.1/9\.8\.0

PR-URL: https://github.com/nodejs/node/pull/19515
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2018-03-21 16:13:53 +00:00
Myles Borins
0fc3592255
2018-03-21, Version 9.9.0 (Current)
Notable changes:

* assert:
  - From now on all error messages produced by `assert` in strict mode
    will produce a error diff. (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/17615
  - From now on it is possible to use a validation object in throws
    instead of the other possibilities. (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/17584
* crypto:
  - allow passing null as IV unless required (Tobias Nießen)
    https://github.com/nodejs/node/pull/18644
* fs:
  - support as and as+ flags in stringToFlags() (Sarat Addepalli)
    https://github.com/nodejs/node/pull/18801
* tls:
  - expose Finished messages in TLSSocket (Anton Salikhmetov)
    https://github.com/nodejs/node/pull/19102
* tty:
  - Add getColorDepth function to determine if terminal supports colors
    (Ruben Bridgewater) https://github.com/nodejs/node/pull/17615
* util:
  - add util.inspect compact option (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/17576
* **Added new collaborators**
  - [watson](https://github.com/watson) Thomas Watson

PR-URL: https://github.com/nodejs/node/pull/19428
2018-03-21 15:47:12 +00:00
Myles Borins
282e65cfe3
2018-03-07, Version 9.8.0 (Current)
Notable Changes:

* crypto:
  - add cert.fingerprint256 as SHA256 fingerprint (Hannes Magnusson)
    https://github.com/nodejs/node/pull/17690
* http2:
  - Fixed issues with aborted connections in the HTTP/2 implementation
    (Anna Henningsen)
    https://github.com/nodejs/node/pull/18987
    https://github.com/nodejs/node/pull/19002
* loader:
  - --inspect-brk now works properly for esmodules (Gus Caplan)
    https://github.com/nodejs/node/pull/18949
* src:
  - make process.dlopen() load well-known symbol (Ben Noordhuis)
    https://github.com/nodejs/node/pull/18934
* trace_events:
  - add file pattern cli option (Andreas Madsen)
    https://github.com/nodejs/node/pull/18480
* Added new collaborators:
  - Chen Gang (MoonBall) https://github.com/MoonBall

PR-URL: https://github.com/nodejs/node/pull/19181
2018-03-07 17:54:36 -08:00
Gibson Fahnestock
fc9ddd9cd9 2018-03-06 Version 8.10.0 'Carbon' (LTS)
Notable changes:

* deps:
  * update V8 to 6.2.414.46 (Michaël Zasso) [#16413](https://github.com/nodejs/node/pull/16413)
  * revert ABI breaking changes in V8 6.2 (Anna Henningsen) [#16413](https://github.com/nodejs/node/pull/16413)
  * upgrade libuv to 1.19.1 (cjihrig) [#18260](https://github.com/nodejs/node/pull/18260)
  * re land npm 5.6.0 (Myles Borins) [#18625](https://github.com/nodejs/node/pull/18625)
  * ICU 60 bump (Steven R. Loomis) [#16876](https://github.com/nodejs/node/pull/16876)
* crypto:
  * Support both OpenSSL 1.1.0 and 1.0.2 (David Benjamin) [#16130](https://github.com/nodejs/node/pull/16130)
  * warn on invalid authentication tag length (Tobias Nießen) [#17566](https://github.com/nodejs/node/pull/17566)
* async_hooks:
  * update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) [#18004](https://github.com/nodejs/node/pull/18004)
  * use typed array stack as fast path (Anna Henningsen) [#17780](https://github.com/nodejs/node/pull/17780)
  * use scope for defaultTriggerAsyncId (Andreas Madsen) [#17273](https://github.com/nodejs/node/pull/17273)
  * separate missing from default context (Andreas Madsen) [#17273](https://github.com/nodejs/node/pull/17273)
  * rename initTriggerId (Andreas Madsen) [#17273](https://github.com/nodejs/node/pull/17273)
  * deprecate undocumented API (Andreas Madsen) [#16972](https://github.com/nodejs/node/pull/16972)
  * add destroy event for gced AsyncResources (Sebastian Mayr) [#16998](https://github.com/nodejs/node/pull/16998)
  * add trace events to async_hooks (Andreas Madsen) [#15538](https://github.com/nodejs/node/pull/15538)
  * set HTTPParser trigger to socket (Andreas Madsen) [#18003](https://github.com/nodejs/node/pull/18003)
  * add provider types for net server (Andreas Madsen) [#17157](https://github.com/nodejs/node/pull/17157)
* n-api:
  * add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109)
* cli:
  * add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) [#16495](https://github.com/nodejs/node/pull/16495)
* console:
  * add support for console.debug (Benjamin Zaslavsky) [#17033](https://github.com/nodejs/node/pull/17033)
* module:
  * add builtinModules (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386)
  * replace default paths in require.resolve() (cjihrig) [#17113](https://github.com/nodejs/node/pull/17113)
* src:
  * add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109)
  * add process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839)
* http:
  * support generic `Duplex` streams (Anna Henningsen) [#16267](https://github.com/nodejs/node/pull/16267)
  * add rawPacket in err of `clientError` event (XadillaX) [#17672](https://github.com/nodejs/node/pull/17672)
  * better support for IPv6 addresses (Mattias Holmlund) [#14772](https://github.com/nodejs/node/pull/14772)
* net:
  * remove ADDRCONFIG DNS hint on Windows (Bartosz Sosnowski) [#17662](https://github.com/nodejs/node/pull/17662)
* process:
  * fix reading zero-length env vars on win32 (Anna Henningsen) [#18463](https://github.com/nodejs/node/pull/18463)
* tls:
  * unconsume stream on destroy (Anna Henningsen) [#17478](https://github.com/nodejs/node/pull/17478)
* process:
  * improve unhandled rejection message (Madara Uchiha) [#17158](https://github.com/nodejs/node/pull/17158)
* stream:
  * remove usage of *State.highWaterMark (Calvin Metcalf) [#12860](https://github.com/nodejs/node/pull/12860)
* trace_events:
  * add executionAsyncId to init events (Andreas Madsen) [#17196](https://github.com/nodejs/node/pull/17196)

PR-URL: https://github.com/nodejs/node/pull/18336
2018-03-07 01:00:43 +00:00
Myles Borins
4e15679c02
2018-03-06, Version 6.13.1 'Boron' (LTS)
Notable Changes:

* http, tls:
  - better support for IPv6 addresses (Mattias Holmlund)
    https://github.com/nodejs/node/pull/14772

PR-URL: https://github.com/nodejs/node/pull/19027
2018-03-06 12:03:41 -08:00
Rod Vagg
197fbbed55 2018-03-01, Version 9.7.0 (Current)
Notable Changes:

* **libuv**:
  - Updated to libuv 1.19.2 (Colin Ihrig) [#18918](https://github.com/nodejs/node/pull/18918)

* **src**:
  - Add initial support for Node.js-specific post-mortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901)

* **timers**:
  - The return value of `setImmediate()` now has `ref()` and `unref()` methods (Anatoli Papirovski) [#18139](https://github.com/nodejs/node/pull/18139)

* **util**:
  - It is now possible to get the name for a numerical platform-specific error code as a string (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186)

PR-URL: https://github.com/nodejs/node/pull/19040
Prepared-By: Anna Henningsen <anna@addaleax.net>
2018-03-01 20:47:02 +11:00
estrada9166
a29089d7c8
doc: add new documentation lint rule
Add 80 characters limit to docs.
Change docs to fit 80 characters per row.

PR-URL: https://github.com/nodejs/node/pull/18726
Fixes: https://github.com/nodejs/node/issues/18703
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
2018-02-23 16:26:29 +00:00
Myles Borins
8476815f01
2018-02-22, Version 9.6.1 (Current)
Notable changes:

* events:
  - `events.usingDomains` being set to false by default was removed in
    9.6.0 which was a change in behavior compared to 9.5.0. This
    behavior change has been reverted and the `events` object now has
    `usingDomains` preset to `false`, which is the behavior in 9.x
    prior to 9.6.0 (Myles Borins)
    https://github.com/nodejs/node/pull/18944

PR-URL: https://github.com/nodejs/node/pull/18946
2018-02-22 23:04:01 -05:00
Myles Borins
945eb1bb69
2018-02-22, Version 9.6.0 (Current)
Notable changes:

* async_hooks:
  - deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh)
    https://github.com/nodejs/node/pull/18513
  - rename PromiseWrap.parentId to PromiseWrap.isChainedPromise
    (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/18633
* deps:
  - update node-inspect to 1.11.3 (Jan Krems)
    https://github.com/nodejs/node/pull/18354
  - ICU 60.2 bump (Steven R. Loomis)
    https://github.com/nodejs/node/pull/17687
  - Introduce ScriptOrModule and HostDefinedOptions to V8 (Jan Krems)
    https://github.com/nodejs/node/pull/16889
* http:
  - add options to http.createServer() for `IncomingMessage` and
    `ServerReponse` (Peter Marton)
    https://github.com/nodejs/node/pull/15752
* http2:
  - add http fallback options to .createServer (Peter Marton)
    https://github.com/nodejs/node/pull/15752
* https:
  - Adds the remaining options from tls.createSecureContext() to the
    string generated by Agent#getName(). This allows https.request()
    to accept the options and generate unique sockets appropriately.
    (Jeff Principe)
    https://github.com/nodejs/node/pull/16402
* inspector:
  - --inspect-brk for es modules (Guy Bedford)
    https://github.com/nodejs/node/pull/18194
* lib:
  - allow process kill by signal number (Sam Roberts)
    https://github.com/nodejs/node/pull/16944
* module:
  - enable dynamic import (Myles Borins)
    https://github.com/nodejs/node/pull/18387
  - dynamic import is now supported (Jan Krems)
    https://github.com/nodejs/node/pull/15713
* napi:
  - add methods to open/close callback scope (Michael Dawson)
    https://github.com/nodejs/node/pull/18089
* src:
  - allow --perf-(basic-)?prof in NODE_OPTIONS (Leko)
    https://github.com/nodejs/node/pull/17600
* vm:
  - add support for es modules (Gus Caplan)
    https://github.com/nodejs/node/pull/17560

PR-URL: https://github.com/nodejs/node/pull/18902
2018-02-22 12:02:49 -05:00
Myles Borins
60e612d0b0
2018-01-13, Version 6.13.0 'Boron' (LTS)
This LTS release comes with 112 commits, 17 of which are considered
Semver-Minor. This includes 32 which are doc related, 30 which are test
related, 8 which are build / tool related and 1 commit which updates
a dependency.

Notable Changes:

* console:
  - added console.count() and console.clear() (James M Snell)
    https://github.com/nodejs/node/pull/12678
* crypto:
  - expose ECDH class (Bryan English)
    https://github.com/nodejs/node/pull/8188
  - added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas)
    https://github.com/nodejs/node/pull/10209
  - warn on invalid authentication tag length (Tobias Nießen)
    https://github.com/nodejs/node/pull/17566
* deps:
  - upgrade libuv to 1.16.1 (cjihrig)
    https://github.com/nodejs/node/pull/16835
* dgram:
  - added socket.setMulticastInterface() (Will Young)
    https://github.com/nodejs/node/pull/7855
* http:
  - add agent.keepSocketAlive and agent.reuseSocket as to allow
    overridable keep-alive behavior of `Agent` (Fedor Indutny)
    https://github.com/nodejs/node/pull/13005
* lib:
  - return this from net.Socket.end() (Sam Roberts)
    https://github.com/nodejs/node/pull/13481
* module:
  - add builtinModules api that provides list of all builtin modules in
    Node (Jon Moss)
    https://github.com/nodejs/node/pull/16386
* net:
  - return this from getConnections() (Sam Roberts)
    https://github.com/nodejs/node/pull/13553
* promises:
  - more robust stringification for unhandled rejections (Timothy Gu)
    https://github.com/nodejs/node/pull/13784
* repl:
  - improve require() autocompletion (Alexey Orlenko)
    https://github.com/nodejs/node/pull/14409
* src:
  - add openssl-system-ca-path configure option (Daniel Bevenius)
    https://github.com/nodejs/node/pull/16790
  - add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius)
    https://github.com/nodejs/node/pull/12087
  - add process.ppid (cjihrig)
    https://github.com/nodejs/node/pull/16839
* tls:
  - accept `lookup` option for `tls.connect()` (Fedor Indutny)
    https://github.com/nodejs/node/pull/12839
* tools, build:
  - a new macOS installer! (JP Wesselink)
    https://github.com/nodejs/node/pull/15179
* url:
  - WHATWG URL api support (James M Snell)
    https://github.com/nodejs/node/pull/7448
* util:
  - add %i and %f formatting specifiers (Roman Reiss)
    https://github.com/nodejs/node/pull/10308

PR-URL: https://github.com/nodejs/node/pull/18342
2018-02-13 14:01:52 -05:00
Evan Lucas
83d0f4c92b 2018-01-31, Version 9.5.0 (Current)
Notable changes:

* cluster
  - add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399)
* deps
  - upgrade libuv to 1.19.1 (cjihrig) [#18260](https://github.com/nodejs/node/pull/18260)
* meta
  - add Leko to collaborators (Leko) [#18117](https://github.com/nodejs/node/pull/18117)
  - add vdeturckheim as collaborator (vdeturckheim) [#18432](https://github.com/nodejs/node/pull/18432)
* n-api
  - expose n-api version in process.versions (Michael Dawson) [#18067](https://github.com/nodejs/node/pull/18067)
* perf_hooks
  - add performance.clear() (James M Snell) [#18046](https://github.com/nodejs/node/pull/18046)
* stream
  - avoid writeAfterEnd() while ending (陈刚) [#18170](https://github.com/nodejs/node/pull/18170)

PR-URL: https://github.com/nodejs/node/pull/18464
2018-01-31 18:06:32 -06:00
Myles Borins
e688175c50
2019-01-10 Version 9.4.0 (Current)
Notable change:

* async_hooks:
  - deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither
    API were documented. (Andreas Madsen)
    https://github.com/nodejs/node/pull/16972
* deps:
  - update nghttp2 to 1.29.0 (James M Snell)
    https://github.com/nodejs/node/pull/17908
  - upgrade npm to 5.6.0 (Kat Marchán)
    https://github.com/nodejs/node/pull/17535
  - cherry-pick 50f7455 from upstream V8 (Michaël Zasso)
    https://github.com/nodejs/node/pull/16591
* events:
  - remove reaches into _events internals (Anatoli Papirovski)
    https://github.com/nodejs/node/pull/17440
* http:
  - add rawPacket in err of `clientError` event (XadillaX)
    https://github.com/nodejs/node/pull/17672
* http2:
  - implement maxSessionMemory (James M Snell)
    https://github.com/nodejs/node/pull/17967
  - add initial support for originSet (James M Snell)
    https://github.com/nodejs/node/pull/17935
  - add altsvc support (James M Snell)
    https://github.com/nodejs/node/pull/17917
  - perf_hooks integration (James M Snell)
    https://github.com/nodejs/node/pull/17906
  - Refactoring and cleanup of Http2Session and Http2Stream destroy
    (James M Snell) https://github.com/nodejs/node/pull/17406
* net:
  - remove Socket.prototype.write (Anna Henningsen)
    https://github.com/nodejs/node/pull/17644
  - remove Socket.prototype.listen (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/13735
* repl:
  - show lexically scoped vars in tab completion (Michaël Zasso)
    https://github.com/nodejs/node/pull/16591
* stream:
  - rm {writeable/readable}State.length (Calvin Metcalf)
    https://github.com/nodejs/node/pull/12857
  - add flow and buffer properties to streams (Calvin Metcalf)
    https://github.com/nodejs/node/pull/12855
* util:
  - allow wildcards in NODE_DEBUG variable (Tyler)
    https://github.com/nodejs/node/pull/17609
* zlib:
  - add ArrayBuffer support (Jem Bezooyen)
    https://github.com/nodejs/node/pull/16042
* Addedew collaborator**
  - [starkwang](https://github.com/starkwang) Weijia Wang
* Addedew TSC member**
  - [danbev](https://github.com/danbev) Daniel Bevenius

PR-URL: https://github.com/nodejs/node/pull/18069
2018-01-10 10:24:22 -05:00
Gibson Fahnestock
ec9fb6dd53
2018-01-02 Node.js v8.9.4 'Carbon' (LTS) Release
PR-URL: https://github.com/nodejs/node/pull/17774

Notable Changes:

* deps:
  * upgrade npm to 5.6.0 (Kat Marchán) [#17535](https://github.com/nodejs/node/pull/17535)
* build:
  * configure can now be run from any directory (Gibson Fahnestock) [#17321](https://github.com/nodejs/node/pull/17321)
2018-01-03 04:19:17 +00:00
Myles Borins
02e4c8d981
2018-01-02, Version 6.12.3 'Boron' (LTS)
Notable Changes:

* build:
  - configure can now be run from any directory (Gibson Fahnestock)
    https://github.com/nodejs/node/pull/17321

PR-URL: https://github.com/nodejs/node/pull/17776
2018-01-02 14:09:57 -05:00
Myles Borins
a893e79a69
2017-12-12 Version 9.3.0 (Current)
Notable changes:

* async\_hooks:
  - add trace events to async_hooks (Andreas Madsen)
    https://github.com/nodejs/node/pull/15538
  - add provider types for net server (Andreas Madsen)
    https://github.com/nodejs/node/pull/17157
* console:
  - console.debug can now be used outside of the inspector
    (Benjamin Zaslavsky) https://github.com/nodejs/node/pull/17033
* deps:
  - upgrade libuv to 1.18.0 (cjihrig)
    https://github.com/nodejs/node/pull/17282
  - patch V8 to 6.2.414.46 (Myles Borins)
    https://github.com/nodejs/node/pull/17206
* module:
  - module.builtinModules will return a list of built in modules
    (Jon Moss) https://github.com/nodejs/node/pull/16386
* n-api:
  - add helper for addons to get the event loop (Anna Henningsen)
    https://github.com/nodejs/node/pull/17109
* process:
  - process.setUncaughtExceptionCaptureCallback can now be used to
    customize behavior for `--abort-on-uncaught-exception`
    (Anna Henningsen) https://github.com/nodejs/node/pull/17159
  - A signal handler is now able to receive the signal code that
    triggered the handler. (Robert Rossmann)
    https://github.com/nodejs/node/pull/15606
* src:
  - embedders can now use Node::CreatePlatform to create an instance of
    NodePlatform (Cheng Zhao)
    https://github.com/nodejs/node/pull/16981
* stream:
  - writable.writableHighWaterMark and readable.readableHighWaterMark
    will return the values the stream object was instantiated with
    (Calvin Metcalf) https://github.com/nodejs/node/pull/12860
* **Added new collaborators**
  * [maclover7](https://github.com/maclover7) Jon Moss
  * [guybedford](https://github.com/guybedford) Guy Bedford
  * [hashseed](https://github.com/hashseed) Yang Guo

PR-URL: https://github.com/nodejs/node/pull/17631
2017-12-12 15:59:29 -05:00
Evan Lucas
7f086dd601
2017-12-08 Version 9.2.1 (Current)
Notable changes:

* **buffer**:
  * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) https://github.com/nodejs/node/pull/17428
* **deps**:
  * openssl updated to 1.0.2n (Shigeki Ohtsu) https://github.com/nodejs/node/pull/17526

PR-URL: https://github.com/nodejs/node/pull/17531
2017-12-08 11:36:55 -05:00
Myles Borins
2ac4718ac4
2017-12-08, Version 8.9.3 'Carbon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-15897
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* buffer:
  * buffer allocated with an invalid content will now be zero filled
    (Anna Henningsen)
    https://github.com/nodejs/node/pull/17428
* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/17526

PR-URL: https://github.com/nodejs/node/pull/17532
2017-12-08 11:00:55 -05:00
Myles Borins
6fa9cae83f
2017-12-08, Version 6.12.2 'Boron' (LTS)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/17526

PR-URL: https://github.com/nodejs/node/pull/17533
2017-12-08 10:55:19 -05:00
Myles Borins
e832743f72
2017-12-08, Version 4.8.7 'Argon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/17526

PR-URL: https://github.com/nodejs/node/pull/17534
2017-12-08 10:52:15 -05:00
Gibson Fahnestock
92011e417c 2017-12-05, Version 8.9.2 'Carbon' (LTS)
Notable Changes:

- **console**:
  - avoid adding infinite error listeners (Matteo Collina) [#16770](https://github.com/nodejs/n
de/pull/16770)
- **http2**:
  - improve errors thrown in header validation (Joyee Cheung) [#16718](https://github.com/nodej
s/node/pull/16718)

PR-URL: https://github.com/nodejs/node/pull/17204
2017-12-05 22:17:19 +00:00
Myles Borins
3549d9c2bc
2017-12-05, Version 6.12.1 'Boron' (LTS)
Notable Changes:

* build:
  - fix npm install with --shared (Ben Noordhuis)
    https://github.com/nodejs/node/pull/16438
* build:
  - building with python 3 is now supported (Emily Marigold Klassen)
    https://github.com/nodejs/node/pull/16058
* src:
  - v8 options can be specified with either '\_' or '-' in NODE_OPTIONS
    (Sam Roberts) https://github.com/nodejs/node/pull/14093

PR-URL: https://github.com/nodejs/node/pull/17180
2017-12-05 09:09:24 -05:00
Evan Lucas
1132ea7434 2017-11-14, Version 9.2.0 (Current)
Notable changes:

* **crypto**:
  - Support building with both 1.1.0 and 1.0.2 (David Benjamin) https://github.com/nodejs/node/pull/16130
* **fs**:
  - fs.realpathSync.native and fs.realpath.native are now exposed (Ben Noordhuis) https://github.com/nodejs/node/pull/15776
* **process**:
  - expose process.ppid (cjihrig) https://github.com/nodejs/node/pull/16839

PR-URL: https://github.com/nodejs/node/pull/16992
2017-11-14 17:08:15 -06:00
Gibson Fahnestock
f5a7a9e77d 2017-11-07, Version 8.9.1 'Carbon' (LTS)
Notable Changes:

- **openssl**:
  - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691)
- ***Revert*** "**https**:
  - refactor to use http internals" (Myles Borins) [#16660](https://github.com/nodejs/node/pull/16660)

PR-URL: https://github.com/nodejs/node/pull/16783
2017-11-07 22:36:43 +00:00
cjihrig
a77bfcaac7
2017-11-07, Version 9.1.0 (Current)
Notable changes:

* CLI:
  - NODE_OPTIONS now supports the --stack-trace-limit option.
    https://github.com/nodejs/node/pull/16495
* deps:
  - OpenSSL is upgraded to 1.0.2m
    https://github.com/nodejs/node/pull/16691
* http:
  - A 'connect' event handler leak has been fixed.
    https://github.com/nodejs/node/pull/16725
  - The 103 Early Hints status code is now supported.
    https://github.com/nodejs/node/pull/16644

PR-URL: https://github.com/nodejs/node/pull/16851
2017-11-07 12:58:56 -05:00
Myles Borins
70dc6d5072
2017-11-07, Version 6.12.0 'Boron' (LTS)
Notable Changes:

* assert:
  - assert.fail() can now take one or two arguments (Rich Trott)
    https://github.com/nodejs/node/pull/12293
* crypto:
  - add sign/verify support for RSASSA-PSS (Tobias Nießen)
    https://github.com/nodejs/node/pull/11705
* deps:
  - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/16691
  - upgrade libuv to 1.15.0 (cjihrig)
    https://github.com/nodejs/node/pull/15745
  - upgrade libuv to 1.14.1 (cjihrig)
    https://github.com/nodejs/node/pull/14866
  - upgrade libuv to 1.13.1 (cjihrig)
    https://github.com/nodejs/node/pull/14117
  - upgrade libuv to 1.12.0 (cjihrig)
    https://github.com/nodejs/node/pull/13306
* fs:
  - Add support for fs.write/fs.writeSync(fd, buffer, cb) and
    fs.write/fs.writeSync(fd, buffer, offset, cb) as documented
    (Andreas Lind) https://github.com/nodejs/node/pull/7856
* inspector:
  - enable --inspect-brk (Refael Ackermann)
    https://github.com/nodejs/node/pull/12615
* process:
  - add --redirect-warnings command line argument (James M Snell)
    https://github.com/nodejs/node/pull/10116
* src:
  - allow CLI args in env with NODE_OPTIONS (Sam Roberts)
    https://github.com/nodejs/node/pull/12028)
  - --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts)
    https://github.com/nodejs/node/pull/13932
  - allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts)
    https://github.com/nodejs/node/pull/13172
  - use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts)
    https://github.com/nodejs/node/pull/12677
* test:
  - remove common.fail() (Rich Trott)
    https://github.com/nodejs/node/pull/12293

PR-URL: https://github.com/nodejs/node/pull/16263
2017-11-07 12:23:37 -05:00
Myles Borins
16b1faa05b
2017-11-07, Version 4.8.6 'Argon' (Maintenance)
Notable Changes:

* **crypto**:
  - update root certificates (Ben Noordhuis)
    https://github.com/nodejs/node/pull/13279
  - update root certificates (Ben Noordhuis)
    https://github.com/nodejs/node/pull/12402
* **deps**:
  - add support for more modern versions of INTL (Bruno Pagani)
    https://github.com/nodejs/node/pull/13040
  - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/16691
  - upgrade openssl sources to 1.0.2l (Daniel Bevenius)
    https://github.com/nodejs/node/pull/13233

PR-URL: https://github.com/nodejs/node/pull/16500
2017-11-07 12:22:33 -05:00
Gibson Fahnestock
94b2be7a96 doc: fix Changelog link order
PR-URL: https://github.com/nodejs/node/pull/16632
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Khaidi Chu <i@2333.moe>
Reviewed-By: Brian White <mscdex@mscdex.net>
2017-11-02 11:18:39 +08:00
James M Snell
8cd940af13 2017-10-31, Version 9.0.0 (Current)
* Older experimental APIs have been removed.
    [[`d731369b1d`](https://github.com/nodejs/node/commit/d731369b1d)]
    [#14414](https://github.com/nodejs/node/pull/14414)

* **Errors**
  * Improvements have been made to `buffer` module error messages.
  * The assignment of static error codes to Node.js error continues:
    * `buffer`
    * `child_process`
    * `console`
    * `crypto`
    * `dns`
    * `events`
    * `fs`
    * `http`
    * `inspector`
    * `net`
    * `path`
    * `process`
    * `querystring`
    * `readline`
    * `repl`
    * `streams`
    * `string_decoder`
    * `timers`
    * `tls`
    * `url`
    * `util`
    * `v8`
    * `zlib`

* **Child Processes**
  * Errors are emitted on process nextTick.

* **Domains**
  * The long-deprecated `.dispose()` method has been removed.

* **fs**
  * The `fs.ReadStream` and `fs.WriteStream` classes now use `destroy()`.
  * `fs` module callbacks are now invoked with an undefined context.

* **HTTP/1**
  * A 400 Bad Request response will now be sent when parsing fails.
  * Socket timeout will be set when the socket connects.
  * A bug causing the request `'error'` event to fire twice was fixed.
  * HTTP clients may now use generic `Duplex` streams in addition to `net.Socket`.

* **Intl**
  * The deprecated `Intl.v8BreakIterator` has been removed.

* **Modules**
  * The `require.resolve()` method now supports using custom lookup paths.

* **OS**
  * The `os.EOL` property is now read-only.

* **Timers**
  * `setTimeout()` will emit a warning if the timeout is larger that the maximum
    32-bit unsigned integer.
2017-10-31 12:59:12 -07:00
Gibson Fahnestock
8025bba1a3
2017-10-31, Version 8.9.0 'Carbon' (LTS) Release
This LTS release comes with 87 commits. This includes 30 that are
updates to lib/ or src/, 20 that are test related, 13 that are doc
related, 19 which are build / tools related, and 4 commits which are
updates to dependencies.

Notable Changes:

* doc:
  - add Gibson Fahnestock to Release team (Gibson Fahnestock)
    https://github.com/nodejs/node/pull/16620
* deps:
  - update npm to 5.5.1 (Myles Borins)
    https://github.com/nodejs/node/pull/16509
* http2:
  - The exposed http2 socket is no longer manipulatable
    (Anatoli Papirovski)
    https://github.com/nodejs/node/pull/16330
* module:
  - support custom paths to require.resolve() (cjihrig)
    https://github.com/nodejs/node/pull/16397
* util:
  - util.TextEncoder and util.TextDecoder are no longer experimental.
    There will no longer be a warning when they are used
    (James M Snell)
    https://github.com/nodejs/node/pull/15743

PR-URL: https://github.com/nodejs/node/pull/16630
2017-10-31 18:29:48 +00:00
cjihrig
e8de2bfd13
2017-10-25, Version 8.8.1 (Current)
Notable changes:

* net:
  - Fix timeout with null handle issue. This is a regression in
    Node 8.8.0. https://github.com/nodejs/node/pull/16489
2017-10-25 17:35:36 -04:00
Myles Borins
068cede663
2017-10-24, Version 4.8.5 'Argon' (Maintenance)
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

for details on patched vulnerabilities.

Notable Changes:

* zlib:
  - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
  error to be raised when a raw deflate stream is initialized with
  windowBits set to 8. On some versions this crashes Node and you
  cannot recover from it, while on some versions it throws an
  exception. Node.js will now gracefully set windowBits to 9
  replicating the legacy behavior to avoid a DOS vector.
  https://github.com/nodejs-private/node-private/pull/95

PR-URL: https://github.com/nodejs-private/node-private/pull/96
2017-10-24 18:05:12 -04:00
Myles Borins
274fa6eaaf
2017-10-24, Version 6.11.5 'Boron' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

for details on patched vulnerabilities.

Notable Changes:

* zlib:
  - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
  error to be raised when a raw deflate stream is initialized with
  windowBits set to 8. On some versions this crashes Node and you
  cannot recover from it, while on some versions it throws an
  exception. Node.js will now gracefully set windowBits to 9
  replicating the legacy behavior to avoid a DOS vector.
  https://github.com/nodejs-private/node-private/pull/95

PR-URL: https://github.com/nodejs-private/node-private/pull/97
2017-10-24 17:54:24 -04:00
Myles Borins
9aa31bccb4
2017-10-24, Node.js Version 8.8.0 (Current)
Notable Changes:

* crypto:
  - expose ECDH class
    https://github.com/nodejs/node/pull/8188
* http2:
  - http2 is now exposed by defualt without the need for a flag
    https://github.com/nodejs/node/pull/15685
  - a new environment varible NODE\_NO\_HTTP2 has been added to allow
    userland http2 to be required
    https://github.com/nodejs/node/pull/15685
  - support has been added for generic `Duplex` streams
    https://github.com/nodejs/node/pull/16269
* module:
  - resolve and instantiate loader pipeline hooks have been added to
    the ESM lifecycle
    https://github.com/nodejs/node/pull/15445
* zlib:
  - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
    error to be raised when a raw deflate stream is initialized with
    windowBits set to 8. On some versions this crashes Node and you
    cannot recover from it, while on some versions it throws an
    exception. Node.js will now gracefully set windowBits to 9
    replicating the legacy behavior to avoid a DOS vector.
    https://github.com/nodejs-private/node-private/pull/95

PR-URL: https://github.com/nodejs-private/node-private/pull/98
2017-10-24 17:50:44 -04:00
Myles Borins
b7fec86bf2
2017-10-11, Node.js Version 8.7.0 (Current)
Notable Changes:

* deps:
  * update npm to 5.4.2
    https://github.com/nodejs/node/pull/15600
  * upgrade libuv to 1.15.0
    https://github.com/nodejs/node/pull/15745
  * update V8 to 6.1.534.42
    https://github.com/nodejs/node/pull/15393
* dgram:
  * support for setting dgram socket buffer size
    https://github.com/nodejs/node/pull/13623
* fs:
  * add support O_DSYNC file open constant
    https://github.com/nodejs/node/pull/15451
* util:
  * deprecate obj.inspect for custom inspection
    https://github.com/nodejs/node/pull/15631
* tools, build:
  * there is a fancy new macOS installer
    https://github.com/nodejs/node/pull/15179
* Added new collaborator
  * bmeurer - Benedikt Meurer - https://github.com/bmeurer
  * kfarnung - Kyle Farnung - https://github.com/kfarnung

PR-URL: https://github.com/nodejs/node/pull/15762
2017-10-11 16:51:50 -04:00
Myles Borins
9e8f4b3834
2017-10-03, Version 6.11.4 'Boron' (LTS)
Notable Changes:

* net:
  - support passing undefined to listen() to match behavior in v4.x
    and v8.x (Sam Roberts)
    https://github.com/nodejs/node/pull/14234

PR-URL: https://github.com/nodejs/node/pull/15506
2017-10-03 13:44:40 -07:00
James M Snell
05e4c1d6bc 2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](https://github.com/nodejs/node/pull/15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](https://github.com/nodejs/node/pull/7855)
  * Custom lookup functions are now supported. [#14560](https://github.com/nodejs/node/pull/14560)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](https://github.com/nodejs/node/pull/14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](https://github.com/nodejs/node/pull/14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](https://github.com/nodejs/node/pull/15354)
2017-09-26 14:55:39 -07:00
Myles Borins
a10856a7d3
2017-09-12, Version 8.5.0 (Current)
Notable Changes

* build:
  * Snapshots are now re-enabled in V8
  https://github.com/nodejs/node/pull/14875

* console:
  * Implement minimal `console.group()`.
  https://github.com/nodejs/node/pull/14910

* deps:
  * upgrade libuv to 1.14.1
    https://github.com/nodejs/node/pull/14866
  * update nghttp2 to v1.25.0
    https://github.com/nodejs/node/pull/14955

* dns:
  * Add `verbatim` option to dns.lookup(). When true, results from the
    DNS resolver are passed on as-is, without the reshuffling that
    Node.js otherwise does that puts IPv4 addresses before IPv6
    addresses.
    https://github.com/nodejs/node/pull/14731

* fs:
  * add fs.copyFile and fs.copyFileSync which allows for more efficient
    copying of files.
    https://github.com/nodejs/node/pull/15034

* inspector:
  * Enable async stack traces
    https://github.com/nodejs/node/pull/13870

* module:
  * Add support for ESM. This is currently behind the
    `--experimental-modules` flag and requires the .mjs extension.
    `node --experimental-modules index.mjs`
    https://github.com/nodejs/node/pull/14369

* napi:
  * implement promise
    https://github.com/nodejs/node/pull/14365

* os:
  * Add support for CIDR notation to the output of the
    networkInterfaces() method.
    https://github.com/nodejs/node/pull/14307

* perf_hooks:
  * An initial implementation of the Performance Timing API for
    Node.js. This is the same Performance Timing API implemented by
    modern browsers with a number of Node.js specific properties. The
    User Timing mark() and measure() APIs are implemented, as is a
    Node.js specific flavor of the Frame Timing for measuring event
    loop duration.
    https://github.com/nodejs/node/pull/14680

* tls:
  * multiple PFX in createSecureContext
    [#14793](https://github.com/nodejs/node/pull/14793)

* Added new collaborators:
  * BridgeAR – Ruben Bridgewater

PR-URL: https://github.com/nodejs/node/pull/15308
2017-09-12 17:34:51 +02:00
Myles Borins
dc7f03c897
2017-09-05, Version 6.11.3 'Boron' (LTS)
This LTS release comes with 152 commits. This includes 75 which are
test related, 25 which are doc related, 21 which are build / tool
related and 3 commits which are updates to dependencies.

Notable Changes:

* build:
 - Codesigning is fixed on macOS (Evan Lucas)
   https://github.com/nodejs/node/pull/14179
* deps:
 - Snapshots are turned back on!!! (Yang Guo)
   https://github.com/nodejs/node/pull/14385
* path:
 - win32 volume-relative paths are working again! (Timothy Gu)
   https://github.com/nodejs/node/pull/14440
* tools:
 - v6.x can now build with ICU 59 (Steven R. Loomis)
   https://github.com/nodejs/node/pull/12078

PR-URL: https://github.com/nodejs/node/pull/14852
2017-09-05 15:47:35 -04:00
Ruslan Iusupov
65c9537adc doc: add 8.4.0 link to CHANGELOG.md
PR-URL: https://github.com/nodejs/node/pull/15064
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2017-08-28 21:43:35 -07:00
Anna Henningsen
b72e702247 2017-08-09, Version 8.3.0 (Current)
V8 6.0:

  The V8 engine has been upgraded to version 6.0, which has a significantly
  changed performance profile.
  [#14574](https://github.com/nodejs/node/pull/14574)

  More detailed information on performance differences can be found at
  https://medium.com/the-node-js-collection/get-ready-a-new-v8-is-coming-node-js-performance-is-changing-46a63d6da4de

Other notable changes:

* **DNS**
  * Independent DNS resolver instances are supported now, with support for
    cancelling the corresponding requests.
    [#14518](https://github.com/nodejs/node/pull/14518)

* **N-API**
  * Multiple N-API functions for error handling have been changed to support
    assigning error codes.
    [#13988](https://github.com/nodejs/node/pull/13988)

* **REPL**
  * Autocompletion support for `require()` has been improved.
    [#14409](https://github.com/nodejs/node/pull/14409)

* **Utilities**
  * The WHATWG Encoding Standard (`TextDecoder` and `TextEncoder`) has
    been implemented as an experimental feature.
    [#13644](https://github.com/nodejs/node/pull/13644)

* **Added new collaborators**
  * [XadillaX](https://github.com/XadillaX) – Khaidi Chu
  * [gabrielschulhof](https://github.com/gabrielschulhof) – Gabriel Schulhof

Conflicts:
	src/node_version.h
2017-08-09 21:56:19 -04:00
Myles Borins
8a53897325
2017-08-01, Version 6.11.2 'Boron' (LTS)
This LTS release comes with 221 commits. This includes 80 which are
test related, 52 which are doc related, 32 which are build / tool
related and 10 commits which are updates to dependencies.

Notable Changes:

* configure:
  - add mips64el to valid_arch (Aditya Anand)
    - https://github.com/nodejs/node/pull/13620
* crypto:
  - Updated root certificates based on [NSS 3.30] (Ben Noordhuis)
    - https://github.com/nodejs/node/pull/13279
    - https://github.com/nodejs/node/pull/12402
    - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30_release_notes
* deps:
  - upgrade OpenSSL to version 1.0.2.l (Shigeki Ohtsu)
    - https://github.com/nodejs/node/pull/12913
* http:
  - parse errors are now reported when NODE_DEBUG=http (Sam Roberts)
    - https://github.com/nodejs/node/pull/13206
  - Agent construction can now be envoked without `new` (cjihrig)
    - https://github.com/nodejs/node/pull/12927
* zlib:
  - node will now throw an Error when zlib rejects the value of windowBits,
    instead of crashing (Alexey Orlenko)
    - https://github.com/nodejs/node/pull/13098

PR-URL: https://github.com/nodejs/node/pull/14356
2017-08-01 02:10:20 -05:00
Jeremiah Senkpiel
6a5bdfb97e 2017-07-20, Version 8.2.1 (Current)
Notable changes

* http: Writes no longer abort if the Socket is missing.
* process, async_hooks: Avoid problems when triggerAsyncId is undefined.
* zlib: Streams no longer attempt to process data when destroyed.

PR-URL: https://github.com/nodejs/node/pull/14399
2017-07-20 18:16:37 -04:00
Jeremiah Senkpiel
65eefa0105
2017-07-19, Version 8.2.0 (Current)
Big thanks to @addaleax who prepared the vast majority of this release.

Notable changes:

* **Async Hooks**
  * Multiple improvements to Promise support in `async_hooks` have been made.

* **Build**
  * The compiler version requirement to build Node with GCC has been raised to
    GCC 4.9.4.
    [[`820b011ed6`](https://github.com/nodejs/node/commit/820b011ed6)]
    [#13466](https://github.com/nodejs/node/pull/13466)

* **Cluster**
  * Users now have more fine-grained control over the inspector port used by
    individual cluster workers. Previously, cluster workers would simply
    increment from the master's debug port.
    [[`dfc46e262a`](https://github.com/nodejs/node/commit/dfc46e262a)]
    [#14140](https://github.com/nodejs/node/pull/14140)

* **DNS**
  * The server used for DNS queries can now use a custom port.
    [[`ebe7bb29aa`](https://github.com/nodejs/node/commit/ebe7bb29aa)]
    [#13723](https://github.com/nodejs/node/pull/13723)
  * Support for `dns.resolveAny()` has been added.
    [[`6e30e2558e`](https://github.com/nodejs/node/commit/6e30e2558e)]
    [#13137](https://github.com/nodejs/node/pull/13137)

* **npm**
  * The `npm` CLI has been updated to version 5.3.0. In particular, it now comes
    with the `npx` binary, which is also shipped with Node.
    [[`dc3f6b9ac1`](https://github.com/nodejs/node/commit/dc3f6b9ac1)]
    [#14235](https://github.com/nodejs/node/pull/14235)
  * `npm` Changelogs:
      - [v5.0.4](https://github.com/npm/npm/releases/tag/v5.0.4)
      - [v5.1.0](https://github.com/npm/npm/releases/tag/v5.1.0)
      - [v5.2.0](https://github.com/npm/npm/releases/tag/v5.2.0)
      - [v5.3.0](https://github.com/npm/npm/releases/tag/v5.3.0)

PR-URL: https://github.com/nodejs/node/pull/13744
2017-07-19 18:40:42 -04:00
Evan Lucas
22889347df 2017-07-11, Version 8.1.4 (Current)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.

Notable changes

* **build**:
  - Disable V8 snapshots - The hashseed embedded in the snapshot is
    currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
(Ali Ijaz Sheikh)
* **deps**:
  - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
    which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks that
there is enough data for the required elements of an NAPTR record (2
int16, 3 bytes for string lengths) before processing a record. (David
Drysdale)

PR-URL: https://github.com/nodejs/node-private/pull/91
2017-07-11 11:57:37 -05:00
Evan Lucas
89e121d4a7 2017-07-11, Version 7.10.1 (Current)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.

* **build**:
  - Disable V8 snapshots - The hashseed embedded in the snapshot is
    currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
(Ali Ijaz Sheikh)
* **deps**:
  - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
    which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks that
there is enough data for the required elements of an NAPTR record (2
int16, 3 bytes for string lengths) before processing a record. (David
Drysdale)

PR-URL: https://github.com/nodejs/node-private/pull/92
2017-07-11 11:56:23 -05:00
Myles Borins
6218939cdd
2017-07-11, Version 6.11.1 'Boron' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/

for details on patched vulnerabilities.

Notable Changes:

* build:
  - Disable V8 snapshots - The hashseed embedded in the snapshot is
    currently the same for all runs of the binary. This opens node
    up to collision attacks which could result in a Denial of Service.
    We have temporarily disabled snapshots until a more robust solution
    is found (Ali Ijaz Sheikh)
* deps:
  - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
    which is used for parsing NAPTR responses, could be triggered to
    read memory outside of the given input buffer if the passed in DNS
    response packet was crafted in a particular way. This patch checks
    that there is enough data for the required elements of an NAPTR
    record (2 int16, 3 bytes for string lengths) before processing a
    record. (David Drysdale)

PR-URL: https://github.com/nodejs/node-private/pull/89
2017-07-11 17:50:09 +01:00
Myles Borins
0130cf55bb
2017-07-11, Version 4.8.4 'Argon' (Maintenance)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/

for details on patched vulnerabilities.

Notable Changes:

* build:
  - Disable V8 snapshots - The hashseed embedded in the snapshot is
    currently the same for all runs of the binary. This opens node
    up to collision attacks which could result in a Denial of Service.
    We have temporarily disabled snapshots until a more robust solution
    is found (Ali Ijaz Sheikh)
* deps:
  - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
    which is used for parsing NAPTR responses, could be triggered to
    read memory outside of the given input buffer if the passed in DNS
    response packet was crafted in a particular way. This patch checks
    that there is enough data for the required elements of an NAPTR
    record (2 int16, 3 bytes for string lengths) before processing a
    record. (David Drysdale)

PR-URL: https://github.com/nodejs/node-private/pull/90
2017-07-11 17:49:34 +01:00
Rod Vagg
53b8c51e7c 2017-06-29, Version 8.1.3 (Current)
Notable changes

* **Stream**
  Two regressions with the `stream` module have been fixed:
  * The `finish` event will now always be emitted after the `error` event
    if one is emitted:
    [[`0a9e96e86c`](https://github.com/nodejs/node/commit/0a9e96e86c)]
    [#13850](https://github.com/nodejs/node/pull/13850)
  * In object mode, readable streams can now use `undefined` again.
    [[`5840138e70`](https://github.com/nodejs/node/commit/5840138e70)]
    [#13760](https://github.com/nodejs/node/pull/13760)
2017-06-29 17:02:43 +10:00
Teddy Katz
9f9e3c0653
doc: fix typo in changelog
PR-URL: https://github.com/nodejs/node/pull/13713
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
2017-06-16 00:07:59 -07:00
Rod Vagg
c7323af131 2017-06-15, Version 8.1.2 (Current)
Release to fix broken `process.release` properties
Ref: https://github.com/nodejs/node/issues/13667
2017-06-15 22:43:54 +10:00
Anna Henningsen
9dc3f936c7 2017-06-13, Version 8.1.1 (Current)
* **Child processes**
  * `stdout` and `stderr` are now available on the error output of a
    failed call to the `util.promisify()`ed version of
    `child_process.exec`.
    [[`d66d4fc94c`](https://github.com/nodejs/node/commit/d66d4fc94c)]
    [#13388](https://github.com/nodejs/node/pull/13388)

* **HTTP**
  * A regression that broke certain scenarios in which HTTP is used together
    with the `cluster` module has been fixed.
    [[`fff8a56d6f`](https://github.com/nodejs/node/commit/fff8a56d6f)]
    [#13578](https://github.com/nodejs/node/pull/13578)

* **HTTPS**
  * The `rejectUnauthorized` option now works properly for unix sockets.
    [[`c4cbd99d37`](https://github.com/nodejs/node/commit/c4cbd99d37)]
    [#13505](https://github.com/nodejs/node/pull/13505)

* **Readline**
  * A change that broke `npm init` and other code which uses `readline`
    multiple times on the same input stream is reverted.
    [[`0df6c0b5f0`](https://github.com/nodejs/node/commit/0df6c0b5f0)]
    [#13560](https://github.com/nodejs/node/pull/13560)

PR-URL: https://github.com/nodejs/node/pull/13598
2017-06-13 15:32:26 -07:00
James M Snell
d7f6919228 2017-05-07, Version 8.1.0 (Current)
* **Async Hooks**
  * When one `Promise` leads to the creation of a new `Promise`, the parent
    `Promise` will be identified as the trigger
    [[`135f4e6643`](https://github.com/nodejs/node/commit/135f4e6643)]
    [#13367](https://github.com/nodejs/node/pull/13367).
* **Dependencies**
  * libuv has been updated to 1.12.0
    [[`968596ec77`](https://github.com/nodejs/node/commit/968596ec77)]
    [#13306](https://github.com/nodejs/node/pull/13306).
  * npm has been updated to 5.0.3
    [[`ffa7debd7a`](https://github.com/nodejs/node/commit/ffa7debd7a)]
    [#13487](https://github.com/nodejs/node/pull/13487).
* **File system**
  * The `fs.exists()` function now works correctly with `util.promisify()`
    [[`6e0eccd7a1`](https://github.com/nodejs/node/commit/6e0eccd7a1)]
    [#13316](https://github.com/nodejs/node/pull/13316).
  * fs.Stats times are now also available as numbers
    [[`c756efb25a`](https://github.com/nodejs/node/commit/c756efb25a)]
    [#13173](https://github.com/nodejs/node/pull/13173).
* **Inspector**
  * It is now possible to bind to a random port using `--inspect=0`
    [[`cc6ec2fb27`](https://github.com/nodejs/node/commit/cc6ec2fb27)]
    [#5025](https://github.com/nodejs/node/pull/5025).
* **Zlib**
  * A regression in the Zlib module that made it impossible to properly
    subclasses `zlib.Deflate` and other Zlib classes has been fixed.
    [[`6aeb555cc4`](https://github.com/nodejs/node/commit/6aeb555cc4)]
    [#13374](https://github.com/nodejs/node/pull/13374).
2017-06-08 20:54:01 +10:00
Myles Borins
4c5cbb7c83
2017-06-06, Version 6.11.0 'Boron' (LTS)
This LTS release comes with 126 commits. This includes 40 which
are test related, 32 which are doc related, 12 which are
build / tool related and 4 commits which are updates to
dependencies.

Notable Changes:

* build:
  - support for building mips64el (nanxiongchao)
    https://github.com/nodejs/node/pull/10991
* cluster:
  - disconnect() now returns a reference to the disconnected
    worker. (Sean Villars)
    https://github.com/nodejs/node/pull/10019
* crypto:
  - ability to select cert store at runtime (Adam Majer)
    https://github.com/nodejs/node/pull/8334
  - Use system CAs instead of using bundled ones (Adam Majer)
    https://github.com/nodejs/node/pull/8334
  - The `Decipher` methods `setAuthTag()` and `setAAD` now return
    `this`. (Kirill Fomichev)
    https://github.com/nodejs/node/pull/9398
  - adding support for OPENSSL_CONF again (Sam Roberts)
    https://github.com/nodejs/node/pull/11006
  - make LazyTransform compabile with Streams1 (Matteo Collina)
    https://github.com/nodejs/node/pull/12380
* deps:
  - upgrade libuv to 1.11.0 (cjihrig)
    https://github.com/nodejs/node/pull/11094
  - upgrade libuv to 1.10.2 (cjihrig)
    https://github.com/nodejs/node/pull/10717
  - upgrade libuv to 1.10.1 (cjihrig)
    https://github.com/nodejs/node/pull/9647
  - upgrade libuv to 1.10.0 (cjihrig)
    https://github.com/nodejs/node/pull/9267
* dns:
  - Implemented `{ttl: true}` for `resolve4()` and `resolve6()`
    (Ben Noordhuis)
    https://github.com/nodejs/node/pull/9296
* process:
  - add NODE_NO_WARNINGS environment variable (cjihrig)
    https://github.com/nodejs/node/pull/10842
* readline:
  - add option to stop duplicates in history (Danny Nemer)
    https://github.com/nodejs/node/pull/2982
* src:
  - support "--" after "-e" as end-of-options (John Barboza)
    https://github.com/nodejs/node/pull/10651
* tls:
  - new tls.TLSSocket() supports sec ctx options (Sam Roberts)
    https://github.com/nodejs/node/pull/11005
  - Allow obvious key/passphrase combinations. (Sam Roberts)
    https://github.com/nodejs/node/pull/10294

PR-URL: https://github.com/nodejs/node/pull/13059
2017-06-06 16:30:15 -04:00
James M Snell
43e4efdf21 2017-05-30, Version 8.0.0 (Current)
* **Async Hooks**
  * The `async_hooks` module has landed in core
    [[`4a7233c178`](https://github.com/nodejs/node/commit/4a7233c178)]
    [#12892](https://github.com/nodejs/node/pull/12892).

* **Buffer**
  * Using the `--pending-deprecation` flag will cause Node.js to emit a
    deprecation warning when using `new Buffer(num)` or `Buffer(num)`.
    [[`d2d32ea5a2`](https://github.com/nodejs/node/commit/d2d32ea5a2)]
    [#11968](https://github.com/nodejs/node/pull/11968).
  * `new Buffer(num)` and `Buffer(num)` will zero-fill new `Buffer` instances
    [[`7eb1b4658e`](https://github.com/nodejs/node/commit/7eb1b4658e)]
    [#12141](https://github.com/nodejs/node/pull/12141).
  * Many `Buffer` methods now accept `Uint8Array` as input
    [[`beca3244e2`](https://github.com/nodejs/node/commit/beca3244e2)]
    [#10236](https://github.com/nodejs/node/pull/10236).

* **Child Process**
  * Argument and kill signal validations have been improved
    [[`97a77288ce`](https://github.com/nodejs/node/commit/97a77288ce)]
    [#12348](https://github.com/nodejs/node/pull/12348),
    [[`d75fdd96aa`](https://github.com/nodejs/node/commit/d75fdd96aa)]
    [#10423](https://github.com/nodejs/node/pull/10423).
  * Child Process methods accept `Uint8Array` as input
    [[`627ecee9ed`](https://github.com/nodejs/node/commit/627ecee9ed)]
    [#10653](https://github.com/nodejs/node/pull/10653).

* **Console**
  * Error events emitted when using `console` methods are now supressed.
    [[`f18e08d820`](https://github.com/nodejs/node/commit/f18e08d820)]
    [#9744](https://github.com/nodejs/node/pull/9744).

* **Dependencies**
  * The npm client has been updated to 5.0.0
    [[`3c3b36af0f`](https://github.com/nodejs/node/commit/3c3b36af0f)]
    [#12936](https://github.com/nodejs/node/pull/12936).
  * V8 has been updated to 5.8 with forward ABI stability to 6.0
    [[`60d1aac8d2`](https://github.com/nodejs/node/commit/60d1aac8d2)]
    [#12784](https://github.com/nodejs/node/pull/12784).

* **Domains**
  * Native `Promise` instances are now `Domain` aware
    [[`84dabe8373`](https://github.com/nodejs/node/commit/84dabe8373)]
    [#12489](https://github.com/nodejs/node/pull/12489).

* **Errors**
  * We have started assigning static error codes to errors generated by Node.js.
    This has been done through multiple commits and is still a work in
    progress.

* **File System**
  * The utility class `fs.SyncWriteStream` has been deprecated
    [[`7a55e34ef4`](https://github.com/nodejs/node/commit/7a55e34ef4)]
    [#10467](https://github.com/nodejs/node/pull/10467).
  * The deprecated `fs.read()` string interface has been removed
    [[`3c2a9361ff`](https://github.com/nodejs/node/commit/3c2a9361ff)]
    [#9683](https://github.com/nodejs/node/pull/9683).

* **HTTP**
  * Improved support for userland implemented Agents
    [[`90403dd1d0`](https://github.com/nodejs/node/commit/90403dd1d0)]
    [#11567](https://github.com/nodejs/node/pull/11567).
  * Outgoing Cookie headers are concatenated into a single string
    [[`d3480776c7`](https://github.com/nodejs/node/commit/d3480776c7)]
    [#11259](https://github.com/nodejs/node/pull/11259).
  * The `httpResponse.writeHeader()` method has been deprecated
    [[`fb71ba4921`](https://github.com/nodejs/node/commit/fb71ba4921)]
    [#11355](https://github.com/nodejs/node/pull/11355).
  * New methods for accessing HTTP headers have been added to `OutgoingMessage`
    [[`3e6f1032a4`](https://github.com/nodejs/node/commit/3e6f1032a4)]
    [#10805](https://github.com/nodejs/node/pull/10805).

* **Lib**
  * All deprecation messages have been assigned static identifiers
    [[`5de3cf099c`](https://github.com/nodejs/node/commit/5de3cf099c)]
    [#10116](https://github.com/nodejs/node/pull/10116).
  * The legacy `linkedlist` module has been removed
    [[`84a23391f6`](https://github.com/nodejs/node/commit/84a23391f6)]
    [#12113](https://github.com/nodejs/node/pull/12113).

* **N-API**
  * Experimental support for the new N-API API has been added
    [[`56e881d0b0`](https://github.com/nodejs/node/commit/56e881d0b0)]
    [#11975](https://github.com/nodejs/node/pull/11975).

* **Process**
  * Process warning output can be redirected to a file using the
    `--redirect-warnings` command-line argument
    [[`03e89b3ff2`](https://github.com/nodejs/node/commit/03e89b3ff2)]
    [#10116](https://github.com/nodejs/node/pull/10116).
  * Process warnings may now include additional detail
    [[`dd20e68b0f`](https://github.com/nodejs/node/commit/dd20e68b0f)]
    [#12725](https://github.com/nodejs/node/pull/12725).

* **REPL**
  * REPL magic mode has been deprecated
    [[`3f27f02da0`](https://github.com/nodejs/node/commit/3f27f02da0)]
    [#11599](https://github.com/nodejs/node/pull/11599).

* **Src**
  * `NODE_MODULE_VERSION` has been updated to 57
    (https://github.com/nodejs/node/commit/ec7cbaf266)]
    [#12995](https://github.com/nodejs/node/pull/12995).
  * Add `--pending-deprecation` command-line argument and
    `NODE_PENDING_DEPRECATION` environment variable
    [[`a16b570f8c`](https://github.com/nodejs/node/commit/a16b570f8c)]
    [#11968](https://github.com/nodejs/node/pull/11968).
  * The `--debug` command-line argument has been deprecated. Note that
    using `--debug` will enable the *new* Inspector-based debug protocol
    as the legacy Debugger protocol previously used by Node.js has been
    removed. [[`010f864426`](https://github.com/nodejs/node/commit/010f864426)]
    [#12949](https://github.com/nodejs/node/pull/12949).
  * Throw when the `-c` and `-e` command-line arguments are used at the same
    time [[`a5f91ab230`](https://github.com/nodejs/node/commit/a5f91ab230)]
    [#11689](https://github.com/nodejs/node/pull/11689).
  * Throw when the `--use-bundled-ca` and `--use-openssl-ca` command-line
    arguments are used at the same time.
    [[`8a7db9d4b5`](https://github.com/nodejs/node/commit/8a7db9d4b5)]
    [#12087](https://github.com/nodejs/node/pull/12087).

* **Stream**
  * `Stream` now supports `destroy()` and `_destroy()` APIs
    [[`b6e1d22fa6`](https://github.com/nodejs/node/commit/b6e1d22fa6)]
    [#12925](https://github.com/nodejs/node/pull/12925).
  * `Stream` now supports the `_final()` API
    [[`07c7f198db`](https://github.com/nodejs/node/commit/07c7f198db)]
    [#12828](https://github.com/nodejs/node/pull/12828).

* **TLS**
  * The `rejectUnauthorized` option now defaults to `true`
    [[`348cc80a3c`](https://github.com/nodejs/node/commit/348cc80a3c)]
    [#5923](https://github.com/nodejs/node/pull/5923).
  * The `tls.createSecurePair()` API now emits a runtime deprecation
    [[`a2ae08999b`](https://github.com/nodejs/node/commit/a2ae08999b)]
    [#11349](https://github.com/nodejs/node/pull/11349).
  * A runtime deprecation will now be emitted when `dhparam` is less than
    2048 bits [[`d523eb9c40`](https://github.com/nodejs/node/commit/d523eb9c40)]
    [#11447](https://github.com/nodejs/node/pull/11447).

* **URL**
  * The WHATWG URL implementation is now a fully-supported Node.js API
    [[`d080ead0f9`](https://github.com/nodejs/node/commit/d080ead0f9)]
    [#12710](https://github.com/nodejs/node/pull/12710).

* **Util**
  * `Symbol` keys are now displayed by default when using `util.inspect()`
    [[`5bfd13b81e`](https://github.com/nodejs/node/commit/5bfd13b81e)]
    [#9726](https://github.com/nodejs/node/pull/9726).
  * `toJSON` errors will be thrown when formatting `%j`
    [[`455e6f1dd8`](https://github.com/nodejs/node/commit/455e6f1dd8)]
    [#11708](https://github.com/nodejs/node/pull/11708).
  * Convert `inspect.styles` and `inspect.colors` to prototype-less objects
    [[`aab0d202f8`](https://github.com/nodejs/node/commit/aab0d202f8)]
    [#11624](https://github.com/nodejs/node/pull/11624).
  * The new `util.promisify()` API has been added
    [[`99da8e8e02`](https://github.com/nodejs/node/commit/99da8e8e02)]
    [#12442](https://github.com/nodejs/node/pull/12442).

* **Zlib**
  * Support `Uint8Array` in Zlib convenience methods
    [[`91383e47fd`](https://github.com/nodejs/node/commit/91383e47fd)]
    [#12001](https://github.com/nodejs/node/pull/12001).
  * Zlib errors now use `RangeError` and `TypeError` consistently
    [[`b514bd231e`](https://github.com/nodejs/node/commit/b514bd231e)]
    [#11391](https://github.com/nodejs/node/pull/11391).
2017-05-30 10:58:31 -07:00
Evan Lucas
871fb5a779 2017-05-02, Version 7.10.0 (Current)
Notable changes:

* **crypto**:
  - add randomFill and randomFillSync (Evan Lucas)
    https://github.com/nodejs/node/pull/10209
* **meta**: Added new collaborators
  - add lucamaraschi to collaborators (Luca Maraschi)
    https://github.com/nodejs/node/pull/12538
  - add DavidCai1993 to collaborators (David Cai)
    https://github.com/nodejs/node/pull/12435
  - add jkrems to collaborators (Jan Krems)
    https://github.com/nodejs/node/pull/12427
  - add AnnaMag to collaborators (AnnaMag)
    https://github.com/nodejs/node/pull/12414
* **process**:
  - fix crash when Promise rejection is a Symbol (Cameron Little)
    https://github.com/nodejs/node/pull/11640
* **url**:
  - make WHATWG URL more spec compliant (Timothy Gu)
    https://github.com/nodejs/node/pull/12507
* **v8**:
  - fix stack overflow in recursive method (Ben Noordhuis)
    https://github.com/nodejs/node/pull/12460
  - fix build errors with g++ 7 (Ben Noordhuis)
    https://github.com/nodejs/node/pull/12392

PR-URL: https://github.com/nodejs/node/pull/12775
2017-05-03 07:58:11 -05:00
Myles Borins
20e27dd849
2017-05-02, Version 6.10.3 'Boron' (LTS)
Notable Changes:

* module:
  - The module loading global fallback to the Node executable's
    directory now works correctly on Windows.
    (Richard Lau) https://github.com/nodejs/node/pull/9283
* src:
  - fix base64 decoding in rare edgecase
    (Nikolai Vavilov) https://github.com/nodejs/node/pull/11995
* tls:
  - fix rare segmentation faults when using TLS
   * (Trevor Norris) https://github.com/nodejs/node/pull/11947
   * (Ben Noordhuis) https://github.com/nodejs/node/pull/11898
   * (jBarz) https://github.com/nodejs/node/pull/11776

PR-URL: https://github.com/nodejs/node/pull/12497
2017-05-02 20:04:35 +02:00
Myles Borins
9802d466cc
2017-05-02, Version 4.8.3 'Argon' (Maintenance)
Notable Changes:

* module:
  - The module loading global fallback to the Node executable's
    directory now works correctly on Windows.
    (Richard Lau) https://github.com/nodejs/node/pull/9283
* src:
  - fix base64 decoding in rare edgecase
    (Nikolai Vavilov) https://github.com/nodejs/node/pull/11995
* tls:
  - fix rare segmentation faults when using TLS
   * (Trevor Norris) https://github.com/nodejs/node/pull/11947
   * (Ben Noordhuis) https://github.com/nodejs/node/pull/11898
   * (jBarz) https://github.com/nodejs/node/pull/11776

PR-URL: https://github.com/nodejs/node/pull/12499
2017-05-02 19:54:13 +02:00
Gautam krishna.R
b837bd2792 doc: fix typo in CHANGELOG.md
PR-URL: https://github.com/nodejs/node/pull/12434
Fixes: https://github.com/nodejs/node/issues/12430
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
2017-04-16 10:47:47 -07:00
Italo A. Casas
b8f416023d
2017-04-11, Version 7.9.0 (Current)
Notable changes:

* util: console is now closer to what is supported in all major browsers
(Roman Reiss) [#10308](https://github.com/nodejs/node/pull/10308)

PR-URL: https://github.com/nodejs/node/pull/12319
2017-04-11 13:39:32 -04:00
Myles Borins
f7a31180ad
2017-04-04, Version 4.8.2 'Argon' (Maintenance)
This is a maintenance release to fix a memory leak that was
introduced in 4.8.1.

It also includes an upgrade to zlib 1.2.11 to fix a number of low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes:

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    https://github.com/nodejs/node/pull/12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    https://github.com/nodejs/node/pull/10980
2017-04-04 14:40:28 +02:00
Myles Borins
28f8b17ffb
2017-04-04, Version 6.10.2 'Boron' (LTS)
This is a special LTS to fix a number of regressions that were found
on the 6.10.x release line.

This includes:

 * a fix for memory leak in the crypto module that
   was introduced in 6.10.1
 * a fix for a regression introduced to the windows repl in 6.10.0
 * a backported fix for V8 to stop a segfault that could occur
   when using spread syntax

It also includes an upgrade to zlib 1.2.11 to fix a numberof low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    https://github.com/nodejs/node/pull/12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    https://github.com/nodejs/node/pull/10980
  - backport V8 fixes for spread syntax regression causing segfaults
    (Michaël Zasso) https://github.com/nodejs/node/pull/12037
* repl:
  - Revert commit that broke REPL display on Windows (Myles Borins)
    https://github.com/nodejs/node/pull/12123
2017-04-04 14:23:35 +02:00
Myles Borins
9b2dd47704 2017-03-28, Version 7.8.0 (Current)
Notable changes:

* buffer:
  - do not segfault on out-of-range index (Timothy Gu)
    https://github.com/nodejs/node/pull/11927
* crypto:
  - Fix memory leak if certificate is revoked (Tom Atkinson)
    https://github.com/nodejs/node/pull/12089
* deps:
  * upgrade npm to 4.2.0 (Kat Marchán)
    https://github.com/nodejs/node/pull/11389
  * fix async await desugaring in V8 (Michaël Zasso)
    https://github.com/nodejs/node/pull/12004
* readline:
  - add option to stop duplicates in history (Danny Nemer)
    https://github.com/nodejs/node/pull/2982
* src:
  - add native URL class (James M Snell)
    https://github.com/nodejs/node/pull/11801

PR-URL: https://github.com/nodejs/node/pull/12104
2017-03-28 23:05:21 -04:00
cjihrig
7e6e7d34f3 2017-03-21, Version 7.7.4 (Current)
Notable changes:

* deps: Add node-inspect 1.10.6 (Jan Krems) https://github.com/nodejs/node/pull/11869
* inspector: proper WS URLs when bound to 0.0.0.0 (Eugene Ostroukhov) https://github.com/nodejs/node/pull/11850
* tls: fix segfault on destroy after partial read. (Ben Noordhuis) https://github.com/nodejs/node/pull/11898

PR-URL: https://github.com/nodejs/node/pull/11941
2017-03-21 17:44:18 -04:00
Myles Borins
2569c909ba
2017-03-21, Version 6.10.1 'Boron' (LTS)
Notable changes

* performance: The performance of several APIs has been improved.
  - `Buffer.compare()` is up to 35% faster on average. (Brian White)
    https://github.com/nodejs/node/pull/10927
  - `buffer.toJSON()` is up to 2859% faster on average. (Brian White)
    https://github.com/nodejs/node/pull/10895
  - `fs.*statSync()` functions are now up to 9.3% faster on average.
    (Brian White) https://github.com/nodejs/node/pull/11522
  - `os.loadavg` is up to 151% faster. (Brian White)
    https://github.com/nodejs/node/pull/11516
  - `process.memoryUsage()` is up to 34% faster. (Brian White)
    https://github.com/nodejs/node/pull/11497
  - `querystring.unescape()` for `Buffer`s is 15% faster on average.
    (Brian White) https://github.com/nodejs/node/pull/10837
  - `querystring.stringify()` is up to 7.8% faster on average.
    (Brian White) https://github.com/nodejs/node/pull/10852
  - `querystring.parse()` is up to 21% faster on average. (Brian White)
    https://github.com/nodejs/node/pull/10874

* IPC:
  - Batched writes have been enabled for process IPC on platforms that
    support Unix Domain Sockets. (Alexey Orlenko)
    https://github.com/nodejs/node/pull/10677
  - Performance gains may be up to 40% for some workloads.

* child_process:
  - `spawnSync` now returns a null `status` when child is terminated by
    a signal. (cjihrig) https://github.com/nodejs/node/pull/11288
  - This fixes the behavior to act like `spawn()` does.

* http:
  - Control characters are now always rejected when using
    `http.request()`. (Ben Noordhuis)
    https://github.com/nodejs/node/pull/8923
  - Debug messages have been added for cases when headers contain
    invalid values. (Evan Lucas)
    https://github.com/nodejs/node/pull/9195

* node:
  - Heap statistics now support values larger than 4GB. (Ben Noordhuis)
    https://github.com/nodejs/node/pull/10186

* timers:
  - Timer callbacks now always maintain order when interacting with
    domain error handling. (John Barboza)
    https://github.com/nodejs/node/pull/10522

PR-URL: https://github.com/nodejs/node/pull/11759
2017-03-21 14:31:07 -07:00