Commit Graph

516 Commits

Author SHA1 Message Date
Richard Lau
af829837bc
2022-01-10, Version 14.18.3 'Fermium' (LTS)
This is a security release.

Notable changes:

Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
- Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI
is specifically defined to use a particular SAN type, can result in
bypassing name-constrained intermediates. Node.js was accepting URI SAN
types, which PKIs are often not defined to use. Additionally, when a
protocol allows URI SANs, Node.js did not match the URI correctly.
- Versions of Node.js with the fix for this disable the URI SAN type when
checking a certificate against a hostname. This behavior can be
reverted through the `--security-revert` command-line option.
- More details will be available at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
- Node.js converts SANs (Subject Alternative Names) to a string format.
It uses this string to check peer certificates against hostnames when
validating connections. The string format was subject to an injection
vulnerability when name constraints were used within a certificate
chain, allowing the bypass of these name constraints.
- Versions of Node.js with the fix for this escape SANs containing the
problematic characters in order to prevent the injection. This
behavior can be reverted through the `--security-revert` command-line
option.
- More details will be available at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
- Node.js did not handle multi-value Relative Distinguished Names
correctly. Attackers could craft certificate subjects containing a
single-value Relative Distinguished Name that would be interpreted as a
multi-value Relative Distinguished Name, for example, in order to inject
a Common Name that would allow bypassing the certificate subject
verification.
- Affected versions of Node.js do not accept multi-value Relative
Distinguished Names and are thus not vulnerable to such attacks
themselves. However, third-party code that uses node's ambiguous
presentation of certificate subjects may be vulnerable.
- More details will be available at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

Prototype pollution via `console.table` properties (Low)(CVE-2022-21824)
- Due to the formatting logic of the `console.table()` function it was
not safe to allow user controlled input to be passed to the `properties`
parameter while simultaneously passing a plain object with at least one
property as the first parameter, which could be `__proto__`. The
prototype pollution has very limited control, in that it only allows an
empty string to be assigned numerical keys of the object prototype.
- Versions of Node.js with the fix for this use a null protoype for the
object these properties are being assigned to.
- More details will be available at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

PR-URL: https://github.com/nodejs-private/node-private/pull/310
2022-01-10 23:06:10 +00:00
Richard Lau
92e1abd541
2022-01-10, Version 12.22.9 'Erbium' (LTS)
This is a security release.

Notable changes:

Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
- Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI
is specifically defined to use a particular SAN type, can result in
bypassing name-constrained intermediates. Node.js was accepting URI SAN
types, which PKIs are often not defined to use. Additionally, when a
protocol allows URI SANs, Node.js did not match the URI correctly.
- Versions of Node.js with the fix for this disable the URI SAN type when
checking a certificate against a hostname. This behavior can be
reverted through the `--security-revert` command-line option.
- More details will be available at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
- Node.js converts SANs (Subject Alternative Names) to a string format.
It uses this string to check peer certificates against hostnames when
validating connections. The string format was subject to an injection
vulnerability when name constraints were used within a certificate
chain, allowing the bypass of these name constraints.
- Versions of Node.js with the fix for this escape SANs containing the
problematic characters in order to prevent the injection. This
behavior can be reverted through the `--security-revert` command-line
option.
- More details will be available at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
- Node.js did not handle multi-value Relative Distinguished Names
correctly. Attackers could craft certificate subjects containing a
single-value Relative Distinguished Name that would be interpreted as a
multi-value Relative Distinguished Name, for example, in order to inject
a Common Name that would allow bypassing the certificate subject
verification.
- Affected versions of Node.js do not accept multi-value Relative
Distinguished Names and are thus not vulnerable to such attacks
themselves. However, third-party code that uses node's ambiguous
presentation of certificate subjects may be vulnerable.
- More details will be available at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

Prototype pollution via `console.table` properties (Low)(CVE-2022-21824)
- Due to the formatting logic of the `console.table()` function it was
not safe to allow user controlled input to be passed to the `properties`
parameter while simultaneously passing a plain object with at least one
property as the first parameter, which could be `__proto__`. The
prototype pollution has very limited control, in that it only allows an
empty string to be assigned numerical keys of the object prototype.
- Versions of Node.js with the fix for this use a null protoype for the
object these properties are being assigned to.
- More details will be available at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

PR-URL: https://github.com/nodejs-private/node-private/pull/309
2022-01-10 22:49:12 +00:00
Danielle Adams
aeb9c0e1ed
2021-12-17, Version 17.3.0 (Current)
OpenSSL-3.0.1:

OpenSSL-3.0.1 contains a fix for CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors
in libssl (Moderate). This is a vulnerability in OpenSSL that may be exploited through Node.js.
More information can be read here: https://www.openssl.org/news/secadv/20211214.txt.

Contributed by Richard Lau https://github.com/nodejs/node/pull/41177

Other Notable Changes:

* lib:
    * make AbortSignal cloneable/transferable (James M Snell) https://github.com/nodejs/node/pull/41050
* deps:
    * upgrade npm to 8.3.0 (npm team) https://github.com/nodejs/node/pull/41127
* doc:
    * add @bnb as a collaborator (Tierney Cyren) https://github.com/nodejs/node/pull/41100
* process:
    * add `getActiveResourcesInfo()` (Darshan Sen) https://github.com/nodejs/node/pull/40813
* timers:
    * add experimental scheduler api (James M Snell) https://github.com/nodejs/node/pull/40909

PR-URL: https://github.com/nodejs/node/pull/41167
2021-12-17 18:13:50 -05:00
Richard Lau
a182a21636
2012-12-16, Version 12.22.8 'Erbium' (LTS)
Notable changes:
This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
(https://github.com/nodejs/node/issues/39780).

Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 (https://github.com/nodejs/node/pull/40280).

PR-URL: https://github.com/nodejs/node/pull/41161
2021-12-16 18:34:16 -05:00
Beth Griggs
6f740106bd
2021-12-01, Version 16.13.1 'Gallium' (LTS)
Notable changes:

- **deps**: upgrade npm to 8.1.2 (npm team)
  [#40643](https://github.com/nodejs/node/pull/40643)
- **deps**: update c-ares to 1.18.1 (Richard Lau)
  [#40660](https://github.com/nodejs/node/pull/40660)
- **doc**: add VoltrexMaster to collaborators (voltrexmaster)
  [#40566](https://github.com/nodejs/node/pull/40566)
- **lib**: fix regular expression to detect \`/\` and \`\\\`
  (Francesco Trotta) [#40325](https://github.com/nodejs/node/pull/40325)

PR-URL: https://github.com/nodejs/node/pull/40974
2021-12-01 14:51:43 +00:00
Michaël Zasso
79731df608
2021-11-30, Version 17.2.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) expose async_wrap providers (Rafael Gonzaga) https://github.com/nodejs/node/pull/40760
deps:
  * (SEMVER-MINOR) update V8 to 9.6.180.14 (Michaël Zasso) https://github.com/nodejs/node/pull/40488
lib:
  * (SEMVER-MINOR) add reason to AbortSignal (James M Snell) https://github.com/nodejs/node/pull/40807
src:
  * (SEMVER-MINOR) add x509.fingerprint512 to crypto module (3nprob) https://github.com/nodejs/node/pull/39809
stream:
  * deprecate thenable support (Antoine du Hamel) https://github.com/nodejs/node/pull/40860
  * fix finished regression when working with legacy Stream (Matteo Collina) https://github.com/nodejs/node/pull/40858

PR-URL: https://github.com/nodejs/node/pull/40983
2021-11-30 18:45:03 +01:00
Richard Lau
f01d30b121
2021-11-30, Version 14.18.2 'Fermium' (LTS)
Notable changes

This release contains a c-ares update to fix a regression introduced in
Node.js 14.17.5 resolving CNAME records containing underscores
(https://github.com/nodejs/node/issues/39780).

Also included are commits to allow Node.js 14 to continue to build and
pass tests on our Jenkins CI, including adding Python 3.10 to the list
of allowable Python versions for building.

PR-URL: https://github.com/nodejs/node/pull/40969
2021-11-30 11:16:45 -05:00
Michaël Zasso
b022d19272
2021-11-09, Version 17.1.0 (Current)
Notable changes:

doc:
  * add VoltrexMaster to collaborators (voltrexmaster) https://github.com/nodejs/node/pull/40566
esm:
  * (SEMVER-MINOR) add support for JSON import assertion (Antoine du Hamel) https://github.com/nodejs/node/pull/40250
lib:
  * (SEMVER-MINOR) add unsubscribe method to non-active DC channels (simon-id) https://github.com/nodejs/node/pull/40433
  * (SEMVER-MINOR) add return value for DC channel.unsubscribe (simon-id) https://github.com/nodejs/node/pull/40433
v8:
  * (SEMVER-MINOR) multi-tenant promise hook api (Stephen Belanger) https://github.com/nodejs/node/pull/39283

PR-URL: https://github.com/nodejs/node/pull/40758
2021-11-09 20:06:12 +01:00
Rich Trott
86099a375a tools: avoid unnecessary escaping in markdown formatter
Update mdast-util-to-markdown to 1.2.4 which reduces unnecessary
escaping of `_` and some other characters. Re-run markdown formatter.

PR-URL: https://github.com/nodejs/node/pull/40645
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2021-10-31 09:36:05 -07:00
Rich Trott
9c405f2591 doc: simplify CHANGELOG.md
Remove unnecessary `<sup>` usage and lint-disabling comment.

PR-URL: https://github.com/nodejs/node/pull/40475
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2021-10-26 23:35:51 +00:00
Richard Lau
34d810c060 doc: update CHANGELOG.md for Node.js 16.13.0
Update missed changes for the main CHANGELOG.md for Node.js 16.13.0.

PR-URL: https://github.com/nodejs/node/pull/40617
Refs: https://github.com/nodejs/node/pull/40536
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2021-10-26 11:54:56 -07:00
Richard Lau
506f7de440
2021-10-26, Version 16.13.0 'Gallium' (LTS)
Notable changes:

This release marks the transition of Node.js 16.x into Long Term Support (LTS)
with the codename 'Gallium'. The 16.x release line now moves into "Active LTS"
and will remain so until October 2022. After that time, it will move into
"Maintenance" until end of life in April 2024.

PR-URL: https://github.com/nodejs/node/pull/40536
2021-10-26 12:11:04 -04:00
Michaël Zasso
73b2d3bc41
2021-10-20, Version 17.0.1 (Current)
Notable changes:

Fixed distribution for native addon builds

This release fixes an issue introduced in Node.js v17.0.0, where some V8
headers were missing from the distributed tarball, making it impossible
to build native addons. These headers are now included.
https://github.com/nodejs/node/pull/40526

Fixed stream issues
* Fixed a regression in `stream.promises.pipeline`, which was introduced
  in version 16.10.0, is fixed. It is now possible again to pass an
  array of streams to the function.
  https://github.com/nodejs/node/pull/40193
* Fixed a bug in `stream.Duplex.from`, which didn't work properly when
  an async generator function was passed to it.
  https://github.com/nodejs/node/pull/40499

PR-URL: https://github.com/nodejs/node/pull/40535
2021-10-20 22:18:46 +02:00
Richard Lau
7ed303beba
2021-10-20, Version 16.12.0 (Current)
Notable Changes:

Experimental ESM Loader Hooks API:

Node.js ESM Loader hooks have been consolidated to represent the steps involved needed to facilitate future loader chaining:
1. `resolve`: `resolve` [+ `getFormat`]
2. `load`: `getFormat` + `getSource` + `transformSource`

For consistency, `getGlobalPreloadCode` has been renamed to `globalPreload`.

A loader exporting obsolete hook(s) will trigger a single deprecation warning (per loader) listing the errant hooks.

Contributed by Jacob Smith, Geoffrey Booth, and Bradley Farias - https://github.com/nodejs/node/pull/37468

Other Notable Changes:

deps:
  * upgrade npm to 8.1.0 (npm team) https://github.com/nodejs/node/pull/40463
doc:
  * deprecate (doc-only) http abort related (dr-js) https://github.com/nodejs/node/pull/36670
vm:
  * (SEMVER-MINOR) add support for import assertions in dynamic imports (Antoine du Hamel) https://github.com/nodejs/node/pull/40249

PR-URL: https://github.com/nodejs/node/pull/40504
2021-10-20 10:40:02 -04:00
Beth Griggs
d6c3a10757
2021-10-19, Version 17.0.0 (Current)
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [https://github.com/nodejs/node/pull/36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [https://github.com/nodejs/node/pull/40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [https://github.com/nodejs/node/pull/40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support.

While OpenSSL 3.0 APIs should be mostly compatible with those provided
by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to
tightened restrictions on the allowed algorithms and key sizes.

If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with
Node.js 17, it’s likely that your application or a module you’re using
is attempting to use an algorithm or key size which is no longer allowed
by default with OpenSSL 3.0. A command-line option,
`--openssl-legacy-provider`, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [https://github.com/nodejs/node/pull/38512]

Contributed in https://github.com/nodejs/node/pull/38512, https://github.com/nodejs/node/pull/40478

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [https://github.com/nodejs/node/pull/40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [https://github.com/nodejs/node/pull/39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [https://github.com/nodejs/node/pull/38332]
- deps: upgrade npm to 8.1.0
  (npm team) [https://github.com/nodejs/node/pull/40463]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [https://github.com/nodejs/node/pull/39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [https://github.com/nodejs/node/pull/39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [https://github.com/nodejs/node/pull/39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [https://github.com/nodejs/node/pull/39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [https://github.com/nodejs/node/pull/38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [https://github.com/nodejs/node/pull/38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [https://github.com/nodejs/node/pull/40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [https://github.com/nodejs/node/pull/38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [https://github.com/nodejs/node/pull/39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [https://github.com/nodejs/node/pull/39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [https://github.com/nodejs/node/pull/40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [https://github.com/nodejs/node/pull/38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [https://github.com/nodejs/node/pull/38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [https://github.com/nodejs/node/pull/38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [https://github.com/nodejs/node/pull/39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [https://github.com/nodejs/node/pull/39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [https://github.com/nodejs/node/pull/40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [https://github.com/nodejs/node/pull/40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [https://github.com/nodejs/node/pull/37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [https://github.com/nodejs/node/pull/39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [https://github.com/nodejs/node/pull/38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [https://github.com/nodejs/node/pull/38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [https://github.com/nodejs/node/pull/39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [https://github.com/nodejs/node/pull/39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [https://github.com/nodejs/node/pull/39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [https://github.com/nodejs/node/pull/39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [https://github.com/nodejs/node/pull/39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [https://github.com/nodejs/node/pull/39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [https://github.com/nodejs/node/pull/39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [https://github.com/nodejs/node/pull/39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [https://github.com/nodejs/node/pull/34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [https://github.com/nodejs/node/pull/38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [https://github.com/nodejs/node/pull/39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [https://github.com/nodejs/node/pull/38631]

PR-URL: https://github.com/nodejs/node/pull/40119
2021-10-19 16:12:20 +01:00
Danielle Adams
9fcc84d048
2021-10-12, Version 16.11.1 (Current)
This is a security release.

Notable Changes:

* CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  * The http parser accepts requests with a space (SP) right after the
  header name before the colon. This can lead to HTTP Request Smuggling
  (HRS). More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
* CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  * The parse ignores chunk extensions when parsing the body of chunked
  requests. This leads to HTTP Request Smuggling (HRS) under certain
  conditions. More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

PR-URL: https://github.com/nodejs-private/node-private/pull/293
2021-10-12 11:16:57 -04:00
Danielle Adams
df3b4cc90f
2021-10-12, Version 14.18.1 'Fermium' (LTS)
This is a security release.

Notable Changes:

* CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  * The http parser accepts requests with a space (SP) right after the
  header name before the colon. This can lead to HTTP Request Smuggling
  (HRS). More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
* CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  * The parse ignores chunk extensions when parsing the body of chunked requests.
  requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
  More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

PR-URL: https://github.com/nodejs-private/node-private/pull/294
2021-10-12 11:15:04 -04:00
Danielle Adams
52b613abf4
2021-10-12, Version 12.22.7 'Erbium' (LTS)
This is a security release.

Notable changes:

* CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  * The http parser accepts requests with a space (SP) right after the
  header name before the colon. This can lead to HTTP Request Smuggling
  (HRS). More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
* CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  * The parse ignores chunk extensions when parsing the body of chunked
  requests. This leads to HTTP Request Smuggling (HRS) under certain
  conditions. More details are available at:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

PR-URL: https://github.com/nodejs-private/node-private/pull/295
2021-10-12 11:12:20 -04:00
Danielle Adams
879ff775d0
2021-10-08, Version 16.11.0 (Current)
Notable changes:

    * crypto:
      * update root certificates (Richard Lau) https://github.com/nodejs/node/pull/40280
    * deps:
      * upgrade npm to 8.0.0 (npm team) https://github.com/nodejs/node/pull/40369
      * update `nghttp2` to v1.45.1 (thunder-coding) https://github.com/nodejs/node/pull/40206
      * update V8 to 9.4.146.19 (Michaël Zasso) https://github.com/nodejs/node/pull/40285
    * tools:
      * update certdata.txt (Richard Lau) https://github.com/nodejs/node/pull/40280

    PR-URL: https://github.com/nodejs/node/pull/40319
2021-10-08 13:06:10 -04:00
Rich Trott
88e82b890b doc: format general markdown files
Use `make format-md` to format general markdown files.

PR-URL: https://github.com/nodejs/node/pull/40322
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2021-10-06 21:20:55 -07:00
Michaël Zasso
d9ebc04e9b
2021-09-28, Version 14.18.0 'Fermium' (LTS)
Notable changes:

assert:
  * change status of legacy asserts (James M Snell) https://github.com/nodejs/node/pull/38113
buffer:
  * (SEMVER-MINOR) introduce Blob (James M Snell) https://github.com/nodejs/node/pull/36811
  * (SEMVER-MINOR) add base64url encoding option (Filip Skokan) https://github.com/nodejs/node/pull/36952
child_process:
  * (SEMVER-MINOR) allow `options.cwd` receive a URL (Khaidi Chu) https://github.com/nodejs/node/pull/38862
  * (SEMVER-MINOR) add timeout to spawn and fork (Nitzan Uziely) https://github.com/nodejs/node/pull/37256
  * (SEMVER-MINOR) allow promisified exec to be cancel (Carlos Fuentes) https://github.com/nodejs/node/pull/34249
  * (SEMVER-MINOR) add 'overlapped' stdio flag (Thiago Padilha) https://github.com/nodejs/node/pull/29412
cli:
  * (SEMVER-MINOR) add -C alias for --conditions flag (Guy Bedford) https://github.com/nodejs/node/pull/38755
  * (SEMVER-MINOR) add --node-memory-debug option (Anna Henningsen) https://github.com/nodejs/node/pull/35537
dns:
  * (SEMVER-MINOR) add "tries" option to Resolve options (Luan Devecchi) https://github.com/nodejs/node/pull/39610
  * (SEMVER-MINOR) allow `--dns-result-order` to change default dns verbatim (Ouyang Yadong) https://github.com/nodejs/node/pull/38099
doc:
  * (SEMVER-MINOR) add missing change to resolver ctor (Luan Devecchi) https://github.com/nodejs/node/pull/39610
  * refactor fs docs structure (James M Snell) https://github.com/nodejs/node/pull/37170
errors:
  * (SEMVER-MINOR) remove experimental from --enable-source-maps (Benjamin Coe) https://github.com/nodejs/node/pull/37362
esm:
  * deprecate legacy main lookup for modules (Guy Bedford) https://github.com/nodejs/node/pull/36918
fs:
  * (SEMVER-MINOR) allow empty string for temp directory prefix (Voltrex) https://github.com/nodejs/node/pull/39028
  * (SEMVER-MINOR) allow no-params fsPromises fileHandle read (Nitzan Uziely) https://github.com/nodejs/node/pull/38287
  * (SEMVER-MINOR) add support for async iterators to `fsPromises.writeFile` (HiroyukiYagihashi) https://github.com/nodejs/node/pull/37490
  * improve fsPromises readFile performance (Nitzan Uziely) https://github.com/nodejs/node/pull/37608
  * (SEMVER-MINOR) add fsPromises.watch() (James M Snell) https://github.com/nodejs/node/pull/37179
  * (SEMVER-MINOR) allow `position` parameter to be a `BigInt` in read and readSync (Darshan Sen) https://github.com/nodejs/node/pull/36190
http2:
  * (SEMVER-MINOR) add support for sensitive headers (Anna Henningsen) https://github.com/nodejs/node/pull/34145
  * (SEMVER-MINOR) allow setting the local window size of a session (Yongsheng Zhang) https://github.com/nodejs/node/pull/35978
inspector:
  * mark as stable (Gireesh Punathil) https://github.com/nodejs/node/pull/37748
module:
  * (SEMVER-MINOR) add support for `URL` to `import.meta.resolve` (Antoine du Hamel) https://github.com/nodejs/node/pull/38587
  * (SEMVER-MINOR) add support for `node:`‑prefixed `require(…)` calls (ExE Boss) https://github.com/nodejs/node/pull/37246
net:
  * (SEMVER-MINOR) introduce net.BlockList (James M Snell) https://github.com/nodejs/node/pull/34625
node-api:
  * (SEMVER-MINOR) allow retrieval of add-on file name (Gabriel Schulhof) https://github.com/nodejs/node/pull/37195
os:
  * (SEMVER-MINOR) add os.devNull (Luigi Pinca) https://github.com/nodejs/node/pull/38569
perf_hooks:
  * (SEMVER-MINOR) introduce createHistogram (James M Snell) https://github.com/nodejs/node/pull/37155
process:
  * (SEMVER-MINOR) add api to enable source-maps programmatically (legendecas) https://github.com/nodejs/node/pull/39085
  * (SEMVER-MINOR) add `'worker'` event (James M Snell) https://github.com/nodejs/node/pull/38659
  * (SEMVER-MINOR) add direct access to rss without iterating pages (Adrien Maret) https://github.com/nodejs/node/pull/34291
readline:
  * (SEMVER-MINOR) add AbortSignal support to interface (Nitzan Uziely) https://github.com/nodejs/node/pull/37932
  * (SEMVER-MINOR) add support for the AbortController to the question method (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33676
  * (SEMVER-MINOR) add history event and option to set initial history (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33662
repl:
  * (SEMVER-MINOR) add auto‑completion for `node:`‑prefixed `require(…)` calls (ExE Boss) https://github.com/nodejs/node/pull/37246
src:
  * (SEMVER-MINOR) call overload ctor from the original ctor (Darshan Sen) https://github.com/nodejs/node/pull/39768
  * (SEMVER-MINOR) add a constructor overload for CallbackScope (Darshan Sen) https://github.com/nodejs/node/pull/39768
  * (SEMVER-MINOR) allow to negate boolean CLI flags (Michaël Zasso) https://github.com/nodejs/node/pull/39023
  * (SEMVER-MINOR) add --heapsnapshot-near-heap-limit option (Joyee Cheung) https://github.com/nodejs/node/pull/33010
  * (SEMVER-MINOR) add way to get IsolateData and allocator from Environment (Anna Henningsen) https://github.com/nodejs/node/pull/36441
  * (SEMVER-MINOR) allow preventing SetPrepareStackTraceCallback (Shelley Vohr) https://github.com/nodejs/node/pull/36447
  * (SEMVER-MINOR) add maybe versions of EmitExit and EmitBeforeExit (Anna Henningsen) https://github.com/nodejs/node/pull/35486
stream:
  * (SEMVER-MINOR) add readableDidRead if has been read from (Robert Nagy) https://github.com/nodejs/node/pull/39589
  * (SEMVER-MINOR) pipeline accept Buffer as a valid first argument (Nitzan Uziely) https://github.com/nodejs/node/pull/37739
tls:
  * (SEMVER-MINOR) allow reading data into a static buffer (Andrey Pechkurov) https://github.com/nodejs/node/pull/35753
tools:
  * (SEMVER-MINOR) add `Worker` to type-parser (James M Snell) https://github.com/nodejs/node/pull/38659
url:
  * (SEMVER-MINOR) expose urlToHttpOptions utility (Yongsheng Zhang) https://github.com/nodejs/node/pull/35960
util:
  * (SEMVER-MINOR) expose toUSVString (Robert Nagy) https://github.com/nodejs/node/pull/39814
v8:
  * (SEMVER-MINOR) implement v8.stopCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
  * (SEMVER-MINOR) implement v8.takeCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
worker:
  * (SEMVER-MINOR) add setEnvironmentData/getEnvironmentData (James M Snell) https://github.com/nodejs/node/pull/37486

PR-URL: https://github.com/nodejs/node/pull/39990
2021-09-28 13:27:26 +02:00
Beth Griggs
8d5675e3fe
2021-09-22, Version 16.10.0 (Current)
Notable changes:

crypto:
  * (SEMVER-MINOR) add rsa-pss keygen parameters (Filip Skokan) https://github.com/nodejs/node/pull/39927
doc:
  * add Ayase-252 to collaborators (Qingyu Deng) https://github.com/nodejs/node/pull/40078
fs:
  * (SEMVER-MINOR) make `open` and `close` stream override optional when unused (Antoine du Hamel) https://github.com/nodejs/node/pull/40013
http:
  * (SEMVER-MINOR) limit requests per connection (Artur K) https://github.com/nodejs/node/pull/40082
src:
  * (SEMVER-MINOR) add --no-global-search-paths cli option (Cheng Zhao) https://github.com/nodejs/node/pull/39754
  * (SEMVER-MINOR) add option to disable global search paths (Cheng Zhao) https://github.com/nodejs/node/pull/39754
  * (SEMVER-MINOR) make napi_create_reference accept symbol (JckXia) https://github.com/nodejs/node/pull/39926
stream:
  * (SEMVER-MINOR) add signal support to pipeline generators (Robert Nagy) https://github.com/nodejs/node/pull/39067

PR-URL: https://github.com/nodejs/node/pull/40175
2021-09-22 21:38:17 +01:00
Rich Trott
549f96889a doc: update markdown formatting for *.md files
Fix formatting that will change when run through upcoming remark preset.

PR-URL: https://github.com/nodejs/node/pull/40154
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
2021-09-21 15:37:19 +00:00
Richard Lau
1b335d41a4
2021-09-10, Version 16.9.1 (Current)
Notable changes:

This release fixes a regression introduced by the V8 9.3 update in Node.js 16.9.0.

PR-URL: https://github.com/nodejs/node/issues/40069
2021-09-10 15:34:48 -04:00
Michaël Zasso
6211d9358d
2021-09-07, Version 16.9.0 (Current)
Notable changes:

crypto:
  * (SEMVER-MINOR) add RSA-PSS params to asymmetricKeyDetails (Tobias Nießen) https://github.com/nodejs/node/pull/39851
deps:
  * (SEMVER-MINOR) add corepack (Maël Nison) https://github.com/nodejs/node/pull/39608
  * (SEMVER-MINOR) update V8 to 9.3.345.16 (Michaël Zasso) https://github.com/nodejs/node/pull/39947
module:
  * (SEMVER-MINOR) support pattern trailers (Guy Bedford) https://github.com/nodejs/node/pull/39635
stream:
  * (SEMVER-MINOR) add stream.compose (Robert Nagy) https://github.com/nodejs/node/pull/39029

PR-URL: https://github.com/nodejs/node/pull/40011
2021-09-07 12:03:33 +02:00
Myles Borins
f172c5ad5b
2021-08-31, Version 14.17.6 'Fermium' (LTS)
This is a security release.

Notable changes:

These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803 (https://github.com/advisories/GHSA-r628-mhmh-qjhw)
and CVE-2021-32804 (https://github.com/advisories/GHSA-3jfq-g458-7qm9).
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.

You can read more about it in:

* CVE-2021-37701: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
* CVE-2021-37712: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
* CVE-2021-37713: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
* CVE-2021-39134: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
* CVE-2021-39135: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2

PR-URL: https://github.com/nodejs-private/node-private/pull/287
2021-08-31 10:56:51 -04:00
Myles Borins
d989186cf2
2021-08-31, Version 12.22.6 'Erbium' (LTS)
This is a security release.

Notable changes:

These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803 (https://github.com/advisories/GHSA-r628-mhmh-qjhw)
and CVE-2021-32804 (https://github.com/advisories/GHSA-3jfq-g458-7qm9).
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.

You can read more about it in:

* CVE-2021-37701: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
* CVE-2021-37712: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
* CVE-2021-37713: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
* CVE-2021-39134: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
* CVE-2021-39135: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2

PR-URL: https://github.com/nodejs-private/node-private/pull/288
2021-08-31 10:55:56 -04:00
Michaël Zasso
31772a4e85
2021-08-25, Version 16.8.0 (Current)
Notable changes:

doc:
  * deprecate type coercion for `dns.lookup` options (Antoine du Hamel) https://github.com/nodejs/node/pull/38906
stream:
  * (SEMVER-MINOR) add `stream.Duplex.from` utility (Robert Nagy) https://github.com/nodejs/node/pull/39519
  * (SEMVER-MINOR) add `isDisturbed` helper (Robert Nagy) https://github.com/nodejs/node/pull/39628
util:
  * (SEMVER-MINOR) expose `toUSVString` (Robert Nagy) https://github.com/nodejs/node/pull/39814

PR-URL: https://github.com/nodejs/node/pull/39875
2021-08-25 22:51:53 +02:00
Danielle Adams
7ca38f05a0
2021-08-17, Version 16.7.0 (Current)
Notable changes:

* fs:
  * experimental: add recursive cp method (Benjamin Coe) https://github.com/nodejs/node/pull/39372

PR-URL: https://github.com/nodejs/node/pull/39782
2021-08-17 21:09:13 -04:00
Beth Griggs
ea47d83640
2021-08-11, Version 16.6.2 (Current)
This is a security release.

Notable Changes:

- CVE-2021-3672/CVE-2021-22931:
    Improper handling of untypical characters in domain names (High)
- CVE-2021-22930:
    Use after free on close http2 on stream canceling (High)
- CVE-2021-22939:
    Incomplete validation of rejectUnauthorized parameter (Low)

PR-URL: https://github.com/nodejs-private/node-private/pull/280
2021-08-11 16:22:15 +01:00
Beth Griggs
02b145083e
2021-08-11, Version 14.17.5 'Fermium' (LTS)
This is a security release.

Notable Changes:

- CVE-2021-3672/CVE-2021-22931:
    Improper handling of untypical characters in domain names (High)
- CVE-2021-22930:
    Use after free on close http2 on stream canceling (High)
- CVE-2021-22939:
    Incomplete validation of rejectUnauthorized parameter (Low)

PR-URL: https://github.com/nodejs-private/node-private/pull/279
2021-08-11 16:22:15 +01:00
Beth Griggs
e973b55c86
2021-08-11, Version 12.22.5 'Erbium' (LTS)
This is a security release.

Notable Changes:

- CVE-2021-3672/CVE-2021-22931:
    Improper handling of untypical characters in domain names (High)
- CVE-2021-22930:
    Use after free on close http2 on stream canceling (High)
- CVE-2021-22939:
    Incomplete validation of rejectUnauthorized parameter (Low)

PR-URL: https://github.com/nodejs-private/node-private/pull/278
2021-08-11 16:22:15 +01:00
Michaël Zasso
51cd4a8c56
2021-08-03, Version 16.6.1 (Current)
Notable changes:

* Updated npm to 7.20.3 (npm team)
  https://github.com/nodejs/node/pull/39579
* Reverted an ABI-breaking change from V8 9.2 that could impact some
  native modules (Michaël Zasso)
  https://github.com/nodejs/node/pull/39624
* Fixed a bug in error handling known to affect at least Webpack and
  Jest (Guy Bedford) https://github.com/nodejs/node/pull/39593

PR-URL: https://github.com/nodejs/node/pull/39631
2021-08-03 10:04:02 +02:00
Beth Griggs
0e22fa0f3d
2021-07-29, Version 16.6.0 (Current)
This is a security release.

Notable Changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling
  (High) [#39423](https://github.com/nodejs/node/pull/39423)
- (SEMVER-MINOR) deps: update V8 to 9.2.230.21 (Michaël Zasso)
  [#39470](https://github.com/nodejs/node/pull/39470)
- inspector: mark as stable (Gireesh Punathil)
  [#37748](https://github.com/nodejs/node/pull/37748)
- punycode: add pending deprecation (Antoine du Hamel)
  [#38444](https://github.com/nodejs/node/pull/38444)
- (SEMVER-MINOR) repl: enable --experimental-repl-await /w opt-out
  (hemanth.hm) [#34733](https://github.com/nodejs/node/pull/34733)

PR-URL: https://github.com/nodejs/node/pull/39534
2021-07-29 23:52:55 +01:00
Richard Lau
bd33fdfadf
2021-07-29, Version 14.17.4 'Fermium' (LTS)
This is a security release.

Notable Changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling (High)

This releases fixes some regressions with internationalization
introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

PR-URL: https://github.com/nodejs/node/pull/39466
2021-07-29 12:40:58 -04:00
Richard Lau
9b4199450e
2021-07-29, Version 12.22.4 'Erbium' (LTS)
This is a security release.

Notable changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling (High)

PR-URL: https://github.com/nodejs/node/pull/39500
2021-07-29 12:32:23 -04:00
Michaël Zasso
4a9fcb3534
2021-07-14, Version 16.5.0 (Current)
Notable changes:

deps:
  * upgrade npm to 7.19.1 (npm team) https://github.com/nodejs/node/pull/39225
fs:
  * (SEMVER-MINOR) allow empty string for temp directory prefix (Voltrex) https://github.com/nodejs/node/pull/39028
stream:
  * (SEMVER-MINOR) implement Web Streams API (James M Snell) https://github.com/nodejs/node/pull/39062

PR-URL: https://github.com/nodejs/node/pull/39373
2021-07-14 11:08:26 +02:00
Beth Griggs
70cf0dce4e
2021-07-05, Version 16.4.2 (Current)
Notable changes:

Node.js 16.4.1 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

PR-URL: https://github.com/nodejs/node/pull/39270
2021-07-05 18:23:26 +01:00
Richard Lau
ef3969542d
2021-07-05, Version v14.17.3 'Fermium' (LTS)
Notable changes:

Node.js 14.17.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

PR-URL: https://github.com/nodejs/node/pull/39269
2021-07-05 17:03:09 +01:00
Richard Lau
cf1abe4b88
2021-07-05, Version 12.22.3 'Erbium' (LTS)
Notable changes:

Node.js 12.22.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

PR-URL: https://github.com/nodejs/node/pull/39268
2021-07-05 16:50:08 +01:00
Richard Lau
e5f9ef62f6 doc: fix CHANGELOG.md formatting
Fix typo for line break tag.

PR-URL: https://github.com/nodejs/node/pull/39223
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2021-07-02 05:45:26 +02:00
Beth Griggs
5ba2442e82
2021-07-01, Version 16.4.1 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22918**: libuv upgrade - Out of bounds read (Medium)
- **CVE-2021-22921**: Windows installer - Node Installer Local Privilege Escalation (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/271
2021-07-01 15:37:30 +01:00
Richard Lau
0969b9f0e8
2021-07-01, Version 14.17.2 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22918**: libuv upgrade - Out of bounds read (Medium)
- **CVE-2021-22921**: Windows installer - Node Installer Local Privilege Escalation (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/272
2021-07-01 14:48:10 +01:00
Richard Lau
9b7eb82a42
2021-07-01, Version 12.22.2 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22918**: libuv upgrade - Out of bounds read (Medium)
- **CVE-2021-22921**: Windows installer - Node Installer Local Privilege Escalation (Medium)
- **CVE-2021-27290**: npm upgrade - ssri Regular Expression Denial of Service (ReDoS) (High)
- **CVE-2021-23362**: npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS) (Medium)

PR-URL: https://github.com/nodejs-private/node-private/pull/270
2021-07-01 14:41:48 +01:00
Danielle Adams
84d6ce9fd1
2021-06-23, Version 16.4.0 (Current)
Notable changes:

* async_hooks:
  * stabilize part of AsyncLocalStorage (Vladimir de Turckheim) https://github.com/nodejs/node/pull/37675
* deps:
  * upgrade npm to 7.18.1 (npm-robot) https://github.com/nodejs/node/pull/39065
  * update V8 to 9.1.269.36 (Michaël Zasso) https://github.com/nodejs/node/pull/38273
* dns:
  * allow `--dns-result-order` to change default dns verbatim (Ouyang Yadong) https://github.com/nodejs/node/pull/38099

PR-URL: https://github.com/nodejs/node/pull/39031
2021-06-23 07:42:28 -04:00
Michaël Zasso
c0becbc1bd
2021-06-15, Version 14.17.1 'Fermium' (LTS)
Notable changes:

deps:
  * update ICU to 69.1 (Michaël Zasso) https://github.com/nodejs/node/pull/38178
src:
  * align source-map stacks with spec (Benjamin Coe) https://github.com/nodejs/node/pull/37252

PR-URL: https://github.com/nodejs/node/pull/38948
2021-06-15 14:45:01 +02:00
Antoine du Hamel
174b191f70 doc: add missing changelog links
Refs: https://github.com/nodejs/node/pull/38507
Refs: https://github.com/nodejs/node/pull/38874

PR-URL: https://github.com/nodejs/node/pull/39016
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
2021-06-13 01:05:59 +00:00
Antoine du Hamel
9414230eb0 doc: mark Node.js v15.x as EOL
Today is 2021-06-01, which is the date v15.x release line is marked as
End-of-Life.

Refs: https://github.com/nodejs/Release/blob/main/schedule.json

PR-URL: https://github.com/nodejs/node/pull/38891
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Nitzan Uziely <linkgoron@gmail.com>
2021-06-03 17:36:15 +02:00
Michaël Zasso
44ffddae8b
2021-05-19, Version 16.2.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) use new v8::Context PromiseHook API (Stephen Belanger) https://github.com/nodejs/node/pull/36394
lib:
  * support setting process.env.TZ on windows (James M Snell) https://github.com/nodejs/node/pull/38642
module:
  * (SEMVER-MINOR) add support for `URL` to `import.meta.resolve` (Antoine du Hamel) https://github.com/nodejs/node/pull/38587
process:
  * (SEMVER-MINOR) add `'worker'` event (James M Snell) https://github.com/nodejs/node/pull/38659
util:
  * (SEMVER-MINOR) add util.types.isKeyObject and util.types.isCryptoKey (Filip Skokan) https://github.com/nodejs/node/pull/38619

PR-URL: https://github.com/nodejs/node/pull/38719
2021-05-19 12:56:18 +02:00
Michaël Zasso
671c289957
2021-05-04, Version 16.1.0 (Current)
Notable changes:

fs:
  * (SEMVER-MINOR) allow no-params fsPromises fileHandle read (Nitzan Uziely) https://github.com/nodejs/node/pull/38287

PR-URL: https://github.com/nodejs/node/pull/38522
2021-05-04 17:09:39 +02:00