Commit Graph

347 Commits

Author SHA1 Message Date
Myles Borins
cd884cc684
2020-09-29, Version 14.13.0 (Current)
Notable changes:

deps:
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333
module:
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
src:
  * (SEMVER-MINOR) allow N-API addon in `AddLinkedBinding()` (Anna Henningsen) https://github.com/nodejs/node/pull/35301

PR-URL: https://github.com/nodejs/node/pull/35419
2020-09-29 15:45:07 -04:00
Ruy Adorno
25d8456563
2020-09-22, Version 14.12.0 (Current)
Notable changes:

- deps:
  - update to uvwasi 0.0.11 (Colin Ihrig)
  [#35104](https://github.com/nodejs/node/pull/35104)
- n-api:
  - create N-API version 7 (Gabriel Schulhof)
  [#35199](https://github.com/nodejs/node/pull/35199)
  - add more property defaults (Gerhard Stoebich)
  [#35214](https://github.com/nodejs/node/pull/35214)

PR-URL: https://github.com/nodejs/node/pull/35285
2020-09-22 14:04:14 -04:00
Beth Griggs
524123fbf0 doc: update releaser in v12.18.4 changelog
PR-URL: https://github.com/nodejs/node/pull/35217
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2020-09-16 17:19:43 +00:00
Richard Lau
8e17383653
2020-09-15, Version 14.11.0 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due
  to unfinished HTTP/1.1 requests (Critical).
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
  (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/225
2020-09-15 16:49:55 -04:00
Michaël Zasso
9ab5c6b96c
2020-09-15, Version 12.18.4 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
- CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).

PR-URL: https://github.com/nodejs-private/node-private/pull/223
2020-09-15 21:43:35 +01:00
Beth Griggs
3bdac31c4b
2020-09-15, Version 10.22.1 'Dubnium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8252: fs.realpath.native on may cause buffer overflow
  (Medium).

PR-URL: https://github.com/nodejs-private/node-private/pull/222
2020-09-15 21:30:09 +01:00
Richard Lau
b7f3e83086
2020-09-10, Version 14.10.1 (Current)
Notable changes:

Node.js 14.10.0 included a streams regression with async generators
and a docs rendering regression that are being fixed in this release.

PR-URL: https://github.com/nodejs/node/pull/35137
2020-09-10 10:51:03 -04:00
Richard Lau
b5a47ca2d1
2020-09-08, Version 14.10.0 (Current)
Notable changes:

- buffer: also alias BigUInt methods (Anna Henningsen)
  https://github.com/nodejs/node/pull/34960
- crypto: add randomInt function (Oli Lalonde)
  https://github.com/nodejs/node/pull/34600
- perf_hooks: add idleTime and event loop util (Trevor Norris)
  https://github.com/nodejs/node/pull/34938
- stream: simpler and faster Readable async iterator (Robert Nagy)
  https://github.com/nodejs/node/pull/34035
- stream: save error in state (Robert Nagy)
  https://github.com/nodejs/node/pull/34103

PR-URL: https://github.com/nodejs/node/pull/35023

Conflicts:
	src/node_version.h
2020-09-08 11:35:08 -04:00
Danielle Adams
3089f96ed0
2020-08-27, Version 14.9.0 (Current)
Notable changes:

- build: set --v8-enable-object-print by default (Mary Marchini)
  [#34705](https://github.com/nodejs/node/pull/34705)
- deps:
  - upgrade to libuv 1.39.0 (cjihrig)
    [#34915](https://github.com/nodejs/node/pull/34915)
  - upgrade npm to 6.14.8 (Ruy Adorno)
    [#34834](https://github.com/nodejs/node/pull/34834)
  - V8: cherry-pick e06ace6b5cdb (Anna Henningsen)
    [#34673](https://github.com/nodejs/node/pull/34673)
- n-api: handle weak no-finalizer refs correctly (Gabriel Schulhof)
  [#34839](https://github.com/nodejs/node/pull/34839)
- tools: add debug entitlements for macOS 10.15+ (Gabriele Greco)
  [#34378](https://github.com/nodejs/node/pull/34378)

PR-URL: https://github.com/nodejs/node/pull/34852
2020-08-27 15:44:13 +01:00
Shelley Vohr
6e1f6ec573
2020-08-11, Version 14.8.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) add AsyncResource.bind utility (James M Snell) https://github.com/nodejs/node/pull/34574
doc:
  * add Ricky Zhou to collaborators (rickyes) https://github.com/nodejs/node/pull/34676
  * add release key for Ruy Adorno (Ruy Adorno) https://github.com/nodejs/node/pull/34628
  * add DerekNonGeneric to collaborators (Derek Lewis) https://github.com/nodejs/node/pull/34602
module:
  * (SEMVER-MINOR) unflag Top-Level Await (Myles Borins) https://github.com/nodejs/node/pull/34558
n-api:
  * (SEMVER-MINOR) support type-tagging objects (Gabriel Schulhof) https://github.com/nodejs/node/pull/28237
n-api,src:
  * (SEMVER-MINOR) provide asynchronous cleanup hooks (Anna Henningsen) https://github.com/nodejs/node/pull/34572

PR-URL: https://github.com/nodejs/node/pull/34704
2020-08-11 09:40:48 -07:00
Ruy Adorno
168b22ba07
2020-07-29, Version 14.7.0 (Current)
Notable changes:

deps:
  * upgrade npm to 6.14.7 (claudiahdz) https://github.com/nodejs/node/pull/34468
dgram:
  * (SEMVER-MINOR) add IPv6 scope id suffix to received udp6 dgrams (Pekka Nikander) https://github.com/nodejs/node/pull/14500
doc:
  * add AshCripps to collaborators (AshCripps) https://github.com/nodejs/node/pull/34494
  * add HarshithaKP to collaborators (Harshitha K P) https://github.com/nodejs/node/pull/34417
  * add rexagod to collaborators (Pranshu Srivastava) https://github.com/nodejs/node/pull/34457
  * add release key for Richard Lau (Richard Lau) https://github.com/nodejs/node/pull/34397
events:
  * (SEMVER-MINOR) expand NodeEventTarget functionality (Anna Henningsen) https://github.com/nodejs/node/pull/34057
src:
  * (SEMVER-MINOR) allow preventing SetPromiseRejectCallback (Shelley Vohr) https://github.com/nodejs/node/pull/34387
  * (SEMVER-MINOR) allow setting a dir for all diagnostic output (AshCripps) https://github.com/nodejs/node/pull/33584
worker:
  * (SEMVER-MINOR) make MessagePort inherit from EventTarget (Anna Henningsen) https://github.com/nodejs/node/pull/34057
zlib:
  * switch to lazy init for zlib streams (Andrey Pechkurov) https://github.com/nodejs/node/pull/34048

PR-URL: https://github.com/nodejs/node/pull/34542
2020-07-29 14:38:50 -04:00
Shelley Vohr
90ee98a7d1
2020-07-22, Version 12.18.3 'Erbium' (LTS)
Notable changes:

deps:
  * upgrade npm to 6.14.6 (claudiahdz) [#34246](https://github.com/nodejs/node/pull/34246)
  * update node-inspect to v2.0.0 (Jan Krems) [#33447](https://github.com/nodejs/node/pull/33447)
  * uvwasi: cherry-pick 9e75217 (Colin Ihrig) [#33521](https://github.com/nodejs/node/pull/33521)

PR-URL: https://github.com/nodejs/node/pull/34343
2020-07-22 09:54:26 -07:00
Myles Borins
a981c65b90
2020-07-21, Version 14.6.0 (Current)
Notable changes:

deps:
  * upgrade npm to 6.14.6 (claudiahdz) https://github.com/nodejs/node/pull/34246
  * upgrade to libuv 1.38.1 (Colin Ihrig) https://github.com/nodejs/node/pull/34187
  * (SEMVER-MINOR) update V8 to 8.4.371.19 (Michaël Zasso) [#33579](https://github.com/nodejs/node/pull/33579)
module:
  * (SEMVER-MINOR) deprecate module.parent (Antoine du HAMEL) https://github.com/nodejs/node/pull/32217
  * (SEMVER-MINOR) package "imports" field (Guy Bedford) https://github.com/nodejs/node/pull/34117
src:
  * (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) https://github.com/nodejs/node/pull/34303
  * (SEMVER-MINOR) allow embedders to disable esm loader (Shelley Vohr) https://github.com/nodejs/node/pull/34060
tls:
  * (SEMVER-MINOR) make 'createSecureContext' honor more options (Mateusz Krawczuk) https://github.com/nodejs/node/pull/33974
vm:
  * (SEMVER-MINOR) add run-after-evaluate microtask mode (Anna Henningsen) https://github.com/nodejs/node/pull/34023
worker:
  * (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) https://github.com/nodejs/node/pull/34303
New Collaborators:
  * add danielleadams to collaborators (Danielle Adams) https://github.com/nodejs/node/pull/34360
  * add sxa as collaborator (Stewart X Addison) https://github.com/nodejs/node/pull/34338
  * add ruyadorno to collaborators (Ruy Adorno) https://github.com/nodejs/node/pull/34297

PR-URL: https://github.com/nodejs/node/pull/34371
2020-07-21 17:45:12 -04:00
Richard Lau
95770df2fb
2020-07-21, Version 10.22.0 'Dubnium' (LTS)
Notable changes:

- deps:
  - upgrade npm to 6.14.6 (claudiahdz)
    https://github.com/nodejs/node/pull/34246
  - upgrade openssl sources to 1.1.1g (Hassaan Pasha)
    https://github.com/nodejs/node/pull/32982
- n-api:
  - add `napi_detach_arraybuffer` (legendecas)
    https://github.com/nodejs/node/pull/29768

PR-URL: https://github.com/nodejs/node/pull/34170
2020-07-21 16:52:47 +01:00
sapics
3975799f26 doc: replace http to https of link urls
PR-URL: https://github.com/nodejs/node/pull/34158
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2020-07-06 07:03:05 -07:00
Shelley Vohr
eb8fc2bf0f
2020-06-30, Version 14.5.0 (Current)
Notable changes:

build:
  * (SEMVER-MINOR) reset embedder string to "-node.0" (Michaël Zasso) https://github.com/nodejs/node/pull/33376
cli:
  * (SEMVER-MINOR) add alias for report-directory to make it consistent (AshCripps) https://github.com/nodejs/node/pull/33587
crypto:
  * (SEMVER-MINOR) allow KeyObjects in postMessage (Tobias Nießen) https://github.com/nodejs/node/pull/33360
deps:
  * (SEMVER-MINOR) V8: cherry-pick 0d6debcc5f08 (Michaël Zasso) https://github.com/nodejs/node/pull/33376
  * (SEMVER-MINOR) update V8 to 8.3.110.9 (Michaël Zasso) https://github.com/nodejs/node/pull/33376
dgram:
  * (SEMVER-MINOR) allow typed arrays in .send() (Sarat Addepalli) https://github.com/nodejs/node/pull/22413
events:
  * (SEMVER-MINOR) initial implementation of experimental EventTarget (James M Snell) https://github.com/nodejs/node/pull/33556
fs:
  * (SEMVER-MINOR) implement lutimes (Maël Nison) https://github.com/nodejs/node/pull/33399
http:
  * (SEMVER-MINOR) expose host and protocol on ClientRequest (wenningplus) https://github.com/nodejs/node/pull/33803
  * (SEMVER-MINOR) add maxTotalSockets to agent class (rickyes) https://github.com/nodejs/node/pull/33617
  * (SEMVER-MINOR) return this from OutgoingMessage#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) return this from ClientRequest#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) return this from IncomingMessage#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) https://github.com/nodejs/node/pull/33278
http2:
  * (SEMVER-MINOR) return this for Http2ServerRequest#setTimeout (Pranshu Srivastava) https://github.com/nodejs/node/pull/33994
  * (SEMVER-MINOR) do not modify explicity set date headers (Pranshu Srivastava) https://github.com/nodejs/node/pull/33160
process:
  * (SEMVER-MINOR) add unhandled-rejection throw and warn-with-error-code (Dan Fabulich) https://github.com/nodejs/node/pull/33475
src:
  * (SEMVER-MINOR) store key data in separate class (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) add NativeKeyObject base class (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) rename internal key handles to KeyObjectHandle (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) add equality operators for BaseObjectPtr (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) introduce BaseObject base FunctionTemplate (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) add public APIs to manage v8::TracingController (Anna Henningsen) https://github.com/nodejs/node/pull/33850
stream*:
  * runtime deprecate Transform._transformState (Robert Nagy) https://github.com/nodejs/node/pull/32763
win:
  * (SEMVER-MINOR) allow skipping the supported platform check (João Reis) https://github.com/nodejs/node/pull/33176
worker:
  * (SEMVER-MINOR) add public method for marking objects as untransferable (Anna Henningsen) https://github.com/nodejs/node/pull/33979
  * (SEMVER-MINOR) emit `'messagerror'` events for failed deserialization (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow passing JS wrapper objects via postMessage (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow transferring/cloning generic BaseObjects (Anna Henningsen) https://github.com/nodejs/node/pull/33772
worker,fs:
  * (SEMVER-MINOR) make FileHandle transferable (Anna Henningsen) https://github.com/nodejs/node/pull/33772
zlib:
  * (SEMVER-MINOR) add `maxOutputLength` option (unknown) https://github.com/nodejs/node/pull/33516

PR-URL: https://github.com/nodejs/node/pull/34093
2020-06-30 15:27:43 -07:00
Beth Griggs
cb673e1b61
2020-06-30, Version 12.18.2 'Erbium' (LTS)
Notable changes:

- deps: V8: backport fb26d0bb1835 (Matheus Marchini)
  [#33573](https://github.com/nodejs/node/pull/33573)
- src: use symbol to store `AsyncWrap` resource (Anna Henningsen)
  [#31745](https://github.com/nodejs/node/pull/31745)

PR-URL: https://github.com/nodejs/node/pull/34077
2020-06-30 14:31:59 +01:00
Shelley Vohr
e9145dbaef
2020-06-17, Version 12.18.1 'Erbium' (LTS)
Notable changes:

deps:
  * V8: cherry-pick 548f6c81d424 (Dominykas Blyžė) [#33484](https://github.com/nodejs/node/pull/33484)
  * update to uvwasi 0.0.9 (Colin Ihrig) [#33445](https://github.com/nodejs/node/pull/33445)
  * upgrade to libuv 1.38.0 (Colin Ihrig) [#33446](https://github.com/nodejs/node/pull/33446)
  * upgrade npm to 6.14.5 (Ruy Adorno) [#33239](https://github.com/nodejs/node/pull/33239)

PR-URL: https://github.com/nodejs/node/pull/33811
2020-06-17 09:26:19 -07:00
Beth Griggs
f46ca0fd29
2020-06-02, Version 10.21.0 'Dubnium' (LTS)
This is a security release.

Vulnerabilities fixed:

- CVE-2020-8174: napi_get_value_string_*() allows various kinds of
                 memory corruption (High).
- CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).

PR-URL: https://github.com/nodejs-private/node-private/pull/211
2020-06-02 20:35:52 +02:00
Michaël Zasso
12bcee8628
2020-06-02, Version 12.18.0 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: `napi_get_value_string_*()` allows various kinds of memory corruption (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/213
2020-06-02 20:35:52 +02:00
Michaël Zasso
64e33dc952
2020-06-02, Version 14.4.0 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: `napi_get_value_string_*()` allows various kinds of memory corruption (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/212
2020-06-02 20:35:52 +02:00
Michaël Zasso
dcc112b7f7
2020-05-26, Version 12.17.0 'Erbium' (LTS)
Notable changes:

* ECMAScript Modules - `--experimental-modules` flag removal
* AsyncLocalStorage API (experimental)
* REPL previews
* REPL reverse-i-search
* REPL substring-based search
* Error monitoring
  * Monitoring `error` events
  * Monitoring uncaught exceptions
* File system APIs
  * New function: `fs.readv`
  * Optional parameters in `fs.read`
* Console `groupIndentation` option
* `maxStringLength` option for `util.inspect()`
* Stable N-API release 6
* Stable diagnostic reports
* Increase of the default server headers timeout
* New `--trace-sigint` CLI flag
* Various crypto APIs now support Diffie-Hellman secrets
* Added support for the `dns.ALL` flag in `dns.lookup()`
* Added a new experimental API to interact with Source Map V3 data
* Added support for passing a `transferList` along with `workerData` to
  the `Worker` constructor

PR-URL: https://github.com/nodejs/node/pull/33197
2020-05-26 15:55:39 +02:00
dfabulich
c39467cb47 doc: mention --experimental-top-level-await flag
PR-URL: https://github.com/nodejs/node/pull/33473
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2020-05-23 17:29:42 +02:00
Shelley Vohr
c841f516d5
2020-05-19, Version 14.3.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) move PromiseHook handler to JS (Stephen Belanger) https://github.com/nodejs/node/pull/32891
cli:
  * (SEMVER-MINOR) add `--trace-atomics-wait` flag (Anna Henningsen) https://github.com/nodejs/node/pull/33292
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134
http:
  * (SEMVER-MINOR) expose http.validate-header-name/value (osher) https://github.com/nodejs/node/pull/33119
repl:
  * (SEMVER-MINOR) deprecate repl._builtinLibs (Ruben Bridgewater) https://github.com/nodejs/node/pull/33294
  * (SEMVER-MINOR) deprecate repl.inputStream and repl.outputStream (Ruben Bridgewater) https://github.com/nodejs/node/pull/33294
  * (SEMVER-MINOR) show reference errors during preview (Ruben Bridgewater) https://github.com/nodejs/node/pull/33282
  * (SEMVER-MINOR) improve repl preview (Ruben Bridgewater) https://github.com/nodejs/node/pull/33282
src:
  * add support for TLA (Gus Caplan) https://github.com/nodejs/node/pull/30370

PR-URL: https://github.com/nodejs/node/pull/33452
2020-05-19 14:28:43 -07:00
Rich Trott
bea0ee8033 doc: prepare 14.x changelog for remark update
Add a comment to disable a rule in the 14.x changelog that will be
needed once we update remark lint dependencies. This comment appears in
the other changelogs.

Refs: https://github.com/nodejs/remark-preset-lint-node/pull/89#issuecomment-628978791

PR-URL: https://github.com/nodejs/node/pull/33412
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
2020-05-16 22:02:11 -07:00
Michaël Zasso
f446b2058d
2020-05-05, Version 14.2.0 (Current)
Notable changes:

* Track function calls with `assert.CallTracker` (experimental).
  https://github.com/nodejs/node/pull/31982
* Added a `groupIndentation` option to the `Console` constructor.
  https://github.com/nodejs/node/pull/32964

PR-URL: https://github.com/nodejs/node/pull/33232
2020-05-05 20:24:37 +02:00
Ruben Bridgewater
d7b02c3cad
2020-04-29, Version 13.14.0 (Current)
Notable Changes:

* async_hooks**:
  * Merge `run` and `exit` methods (Andrey Pechkurov)
    https://github.com/nodejs/node/pull/31950
  * Prevent sync methods of async storage exiting outer context
    (Stephen Belanger)
    https://github.com/nodejs/node/pull/31950
* vm:
  * Add `importModuleDynamically` option to compileFunction (Gus
    Caplan)
    https://github.com/nodejs/node/pull/32985

New core collaborators:

With this release, we welcome two new Node.js core collaborators:

* Juan José Arboleda @juanarbol
  https://github.com/nodejs/node/pull/32906
* Andrey Pechkurov @puzpuzpuz
  https://github.com/nodejs/node/pull/32817

PR-URL: https://github.com/nodejs/node/pull/33122
2020-04-30 00:24:31 +02:00
Beth Griggs
49db211846
2020-04-29, Version 14.1.0 (Current)
Notable changes:

- deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha)
  [#32971](https://github.com/nodejs/node/pull/32971)
- doc: add juanarbol as collaborator (Juan José Arboleda)
  [#32906](https://github.com/nodejs/node/pull/32906)
- http: doc deprecate abort and improve docs (Robert Nagy)
  [#32807](https://github.com/nodejs/node/pull/32807)
- module: do not warn when accessing `__esModule` of unfinished exports
  (Anna Henningsen) [#33048](https://github.com/nodejs/node/pull/33048)
- n-api: detect deadlocks in thread-safe function (Gabriel Schulhof)
  [#32860](https://github.com/nodejs/node/pull/32860)
- src: deprecate embedder APIs with replacements (Anna Henningsen)
  [#32858](https://github.com/nodejs/node/pull/32858)
- stream:
  - don't emit end after close (Robert Nagy)
    [#33076](https://github.com/nodejs/node/pull/33076)
  - don't wait for close on legacy streams (Robert Nagy)
    [#33058](https://github.com/nodejs/node/pull/33058)
  - pipeline should only destroy un-finished streams (Robert Nagy)
    [#32968](https://github.com/nodejs/node/pull/32968)
- vm: add importModuleDynamically option to compileFunction (Gus Caplan)
  [#32985](https://github.com/nodejs/node/pull/32985)

PR-URL: https://github.com/nodejs/node/pull/33103
2020-04-29 19:33:51 +01:00
Michaël Zasso
165011ea98
2020-04-28, Version 12.16.3 'Erbium' (LTS)
Notable changes:

Dependencies:
  * Updated OpenSSL to 1.1.1g.
    https://github.com/nodejs/node/pull/32971
  * Updated c-ares to 1.16.0.
    https://github.com/nodejs/node/pull/32246
  * Updated experimental uvwasi to 0.0.6.
    https://github.com/nodejs/node/pull/32309
ESM (experimental):
  * Additional warnings are no longer printed for modules that use
    conditional exports or package name self resolution.
    https://github.com/nodejs/node/pull/31845

PR-URL: https://github.com/nodejs/node/pull/33009
2020-04-28 15:24:52 +02:00
Nick Schonning
6fc17fbec9 doc: ignore no-literal-urls in changelogs
PR-URL: https://github.com/nodejs/node/pull/32676
Reviewed-By: Rich Trott <rtrott@gmail.com>
2020-04-23 21:48:20 -07:00
Gus Caplan
d08bd41248
doc: add more info to v14 changelog
PR-URL: https://github.com/nodejs/node/pull/32979
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
2020-04-21 22:15:48 -05:00
Beth Griggs
372c7cc3c2
2020-04-21, Version 14.0.0 (Current)
Deprecations:

- (SEMVER-MAJOR) crypto: move pbkdf2 without digest to EOL
  (James M Snell) [#31166](https://github.com/nodejs/node/pull/31166)
- (SEMVER-MAJOR) fs: deprecate closing FileHandle on garbage collection
  (James M Snell) [#28396](https://github.com/nodejs/node/pull/28396)
- (SEMVER-MAJOR) http: move OutboundMessage.prototype.flush to EOL
  (James M Snell) [#31164](https://github.com/nodejs/node/pull/31164)
- (SEMVER-MAJOR) lib: move GLOBAL and root aliases to EOL
  (James M Snell) [#31167](https://github.com/nodejs/node/pull/31167)
- (SEMVER-MAJOR) os: move tmpDir() to EOL
  (James M Snell)[#31169](https://github.com/nodejs/node/pull/31169)
- (SEMVER-MAJOR) src: remove deprecated wasm type check
  (Clemens Backes) [#32116](https://github.com/nodejs/node/pull/32116)
- (SEMVER-MAJOR) stream: move \_writableState.buffer to EOL
  (James M Snell) [#31165](https://github.com/nodejs/node/pull/31165)
- (SEMVER-MINOR) doc: deprecate process.mainModule
  (Antoine du HAMEL) [#32232](https://github.com/nodejs/node/pull/32232)
- (SEMVER-MINOR) doc: deprecate process.umask() with no arguments
  (Colin Ihrig) [#32499](https://github.com/nodejs/node/pull/32499)

ECMAScript Modules - Experimental Warning Removal:

- module: remove experimental modules warning
  (Guy Bedford) [#31974](https://github.com/nodejs/node/pull/31974)

In Node.js 13 we removed the need to include the --experimental-modules
flag, but when running EcmaScript Modules in Node.js, this would still
result in a warning ExperimentalWarning: The ESM module loader is
experimental.

As of Node.js 14 there is no longer this warning when using ESM in
Node.js. However, the ESM implementation in Node.js remains
experimental. As per our stability index: “The feature is not subject
to Semantic Versioning rules. Non-backward compatible changes or
removal may occur in any future release.” Users should be cautious when
using the feature in production environments.

Please keep in mind that the implementation of ESM in Node.js differs
from the developer experience you might be familiar with. Most
transpilation workflows support features such as optional file
extensions or JSON modules that the Node.js ESM implementation does not
support. It is highly likely that modules from transpiled environments
will require a certain degree of refactoring to work in Node.js. It is
worth mentioning that many of our design decisions were made with two
primary goals. Spec compliance and Web Compatibility. It is our belief
that the current implementation offers a future proof model to
authoring ESM modules that paves the path to Universal JavaScript.
Please read more in our documentation.

The ESM implementation in Node.js is still experimental but we do believe
that we are getting very close to being able to call ESM in Node.js
“stable”. Removing the warning is a huge step in that direction.

New V8 ArrayBuffer API:

* **src**: migrate to new V8 ArrayBuffer API
  (Thang Tran) [#30782](https://github.com/nodejs/node/pull/30782)

Multiple ArrayBuffers pointing to the same base address are no longer
allowed by V8. This may impact native addons.

Toolchain and Compiler Upgrades:

- (SEMVER-MAJOR) build: update macos deployment target to 10.13 for 14.x
  (AshCripps)[#32454](https://github.com/nodejs/node/pull/32454)
- (SEMVER-MAJOR) doc: update cross compiler machine for Linux armv7
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) doc: update Centos/RHEL releases use devtoolset-8
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) doc: remove SmartOS from official binaries
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) win: block running on EOL Windows versions
  (João Reis) [#31954](https://github.com/nodejs/node/pull/31954)

It is expected that there will be an ABI mismatch on ARM between the
Node.js binary and native addons. Native addons are only broken if they
interact with `std::shared_ptr`. This is expected to be fixed in a
later version of Node.js 14.
- [#30786](https://github.com/nodejs/node/issues/30786)

Update to V8 8.1:

- (SEMVER-MAJOR) deps: update V8 to 8.1.307.20
  (Matheus Marchini) [#32116](https://github.com/nodejs/node/pull/32116)

Other Notable Changes:

- cli, report: move --report-on-fatalerror to stable
  (Colin Ihrig) [#32496](https://github.com/nodejs/node/pull/32496)
- deps: upgrade to libuv 1.37.0
  (Colin Ihrig) [#32866](https://github.com/nodejs/node/pull/32866)
- fs: add fs/promises alias module
  (Gus Caplan) [#31553](https://github.com/nodejs/node/pull/31553)

PR-URL: https://github.com/nodejs/node/pull/32181
2020-04-21 15:50:14 +01:00
Michaël Zasso
cf4c332b7a
2020-04-14, Version 13.13.0 (Current)
Notable changes:

New file system APIs:
* Added a new function, `fs.readv` (with sync and promisified versions).
  This function takes an array of `ArrayBufferView` elements and will
  write the data it reads sequentially to the buffers
  (Sk Sajidul Kadir). https://github.com/nodejs/node/pull/32356
* A new overload is available for `fs.readSync`, which allows to
  optionally pass any of the `offset`, `length` and `position`
  parameters. https://github.com/nodejs/node/pull/32460

Other changes:
* dns:
  * Added the `dns.ALL` flag, that can be passed to `dns.lookup()` with
    `dns.V4MAPPED` to return resolved IPv6 addresses as well as IPv4
    mapped IPv6 addresses (murgatroid99).
    https://github.com/nodejs/node/pull/32183
* http:
  * The default maximum HTTP header size was changed from 8KB to 16KB
    (rosaxny). https://github.com/nodejs/node/pull/32520
* n-api:
  * Calls to `napi_call_threadsafe_function` from the main thread can
    now return the `napi_would_deadlock` status in certain
    circumstances (Gabriel Schulhof).
    https://github.com/nodejs/node/pull/32689
* util:
  * Added a new `maxStrLength` option to `util.inspect`, to control the
    maximum length of printed strings. Its default value is `Infinity`
    (rosaxny). https://github.com/nodejs/node/pull/32392
* worker:
  * Added support for passing a `transferList` along with `workerData`
    to the `Worker` constructor (Juan José Arboleda).
    https://github.com/nodejs/node/pull/32278

New core collaborators:
With this release, we welcome three new Node.js core collaborators:
* himself65. https://github.com/nodejs/node/pull/32734
* flarna (Gerhard Stoebich). https://github.com/nodejs/node/pull/32620
* mildsunrise (Alba Mendez). https://github.com/nodejs/node/pull/32525

PR-URL: https://github.com/nodejs/node/pull/32813
2020-04-14 20:22:41 +02:00
Beth Griggs
8d93df41b0
2020-04-12 Node.js v10.20.1 'Dubnium' (LTS) Release
Notable changes:

Due to release process failures, Node.js v10.20.0 shipped with source
and header tarballs that did not properly match the final release
commit that was used to build the binaries. We recommend that Node.js
v10.20.0 not be used, particularly in any applications using native
add-ons or where compiling Node.js from source is involved.

Node.js v10.20.1 is a clean release with the correct sources and is
strongly recommended in place of v10.20.0.

PR-URL: https://github.com/nodejs/node/pull/32768
2020-04-12 13:55:01 +01:00
Shelley Vohr
6ec0285478
2020-04-08 Version 12.16.2 'Erbium' (LTS)
Notable changes:

doc:
  * add ronag to collaborators (Robert Nagy) [#31498](https://github.com/nodejs/node/pull/31498)
  * add GeoffreyBooth to collaborators (Geoffrey Booth) [#31306](https://github.com/nodejs/node/pull/31306)
deps:
  * upgrade npm to 6.13.6 (Ruy Adorno) [#31304](https://github.com/nodejs/node/pull/31304)
  * update openssl to 1.1.1e (Hassaan Pasha) [#32328](https://github.com/nodejs/node/pull/32328)
2020-04-08 11:10:14 -07:00
Beth Griggs
9b46e3f7cc
2020-04-08, Version 10.20.0 'Dubnium' (LTS)
macOS package notarization and a change in builder configuration

The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.

Notable changes:

- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
  [#19691](https://github.com/nodejs/node/pull/19691)
- build: macOS package notarization (Rod Vagg)
  [#31459](https://github.com/nodejs/node/pull/31459)
- deps:
  - update npm to 6.14.3 (Myles Borins)
    [#32368](https://github.com/nodejs/node/pull/32368)
  - upgrade openssl sources to 1.1.1e (Hassaan Pasha)
    [#32328](https://github.com/nodejs/node/pull/32328)
  - upgrade to libuv 1.34.2 (cjihrig)
    [#31477](https://github.com/nodejs/node/pull/31477)
- n-api:
  - add napi\_get\_all\_property\_names (himself65)
    [#30006](https://github.com/nodejs/node/pull/30006)
  - add APIs for per-instance state management (Gabriel Schulhof)
    [#28682](https://github.com/nodejs/node/pull/28682)
  - define release 6
    [#32058](https://github.com/nodejs/node/pull/32058)
  - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
    [#26128](https://github.com/nodejs/node/pull/26128)
- tls:
  - expose keylog event on TLSSocket (Alba Mendez)
    [#27654](https://github.com/nodejs/node/pull/27654)
  - support TLS min/max protocol defaults in CLI (Sam Roberts)
    [#27946](https://github.com/nodejs/node/pull/27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
  [#26226](https://github.com/nodejs/node/pull/26226)

PR-URL: https://github.com/nodejs/node/pull/31984
2020-04-08 16:50:11 +01:00
Myles Borins
113c04c524
2020-03-26 Version 13.12.0 (Current)
macOS package notarization and a change in builder configuration:

The macOS binaries for this release, and future 13.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing on .pkg files on
macOS 10.15 and later. Previous builds of Node.js 13.x were compiled on
macOS 10.11 (El Capitan) with Xcode 10. As binaries are still being
compiled to support a minimum of macOS 10.10 (Yosemite) we do not
anticipate this having a negative impact on Node.js 13.x users with
older versions of macOS.

Notable changes:

* build:
  * macOS package notarization (Rod Vagg)
    https://github.com/nodejs/node/pull/31459
* deps:
  * upgrade npm to 6.14.4 (Ruy Adorno)
    https://github.com/nodejs/node/pull/32495
  * update to uvwasi 0.0.6 (Colin Ihrig)
    https://github.com/nodejs/node/pull/32309
  * upgrade to libuv 1.35.0 (Colin Ihrig)
    https://github.com/nodejs/node/pull/32204
* lib:
  * add --disable-proto option to cli (Gus Caplan)
    https://github.com/nodejs/node/pull/32279
* node_report:
  * move diagnostic reports to stable (Colin Ihrig)
    https://github.com/nodejs/node/pull/32242
* worker:
  * allow URL in Worker constructor (Antoine du HAMEL)
    https://github.com/nodejs/node/pull/31664
* util:
  * use a global symbol for `util.promisify.custom` (ExE Boss)
    https://github.com/nodejs/node/pull/31672

PR-URL: https://github.com/nodejs/node/pull/32376
2020-03-26 18:49:28 -04:00
Myles Borins
3a116b6ec2
doc: add missing link for v13.11.0 changelog
Missing from release, apologies.

PR-URL: https://github.com/nodejs/node/pull/32218
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2020-03-12 01:02:16 -04:00
Myles Borins
5bfbd75e47
2020-03-11 Version 13.11.0 (Current)
Notable changes:

* async_hooks:
  - add sync enterWith to ALS (Stephen Belanger)
    https://github.com/nodejs/node/pull/31945
* cli:
  - allow --jitless V8 flag in NODE\_OPTIONS (Andrew Neitsch)
    https://github.com/nodejs/node/pull/32100
* fs:
  - return first folder made by mkdir recursive (Benjamin Coe)
    https://github.com/nodejs/node/pull/31530
* n-api:
  - define release 6 (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/32058
* src:
  - create a getter for kernel version (Juan José Arboleda)
    https://github.com/nodejs/node/pull/31732
* wasi:
  - add returnOnExit option (Colin Ihrig)
    https://github.com/nodejs/node/pull/32101

PR-URL: https://github.com/nodejs/node/pull/32185
2020-03-11 23:54:53 -04:00
Myles Borins
67d45fb298
2020-03-04 Version 13.10.1 (Current)
Notable changes:

In Node.js 13.9.0 deps/zlib was switched to the chromium maintained
implementation. This change had the unforseen consequence of breaking
building from the tarballs we release as we were too aggressively
removing `unneccessary files` from the `deps/zlib` folder. This release
includes a patch that ensures that individuals will once again be able
to build Node.js from source.

PR-URL: https://github.com/nodejs/node/pull/32099
2020-03-04 20:37:29 -05:00
Shelley Vohr
75466869fb
2020-03-04 Version 13.10.0 (Current)
Notable changes:

* async_hooks
  * introduce async-context API (vdeturckheim) #26540
* stream
  * support passing generator functions into pipeline() (Robert Nagy) #31223
* tls
  * expose SSL\_export\_keying\_material (simon) #31814
* vm
  * implement vm.measureMemory() for per-context memory measurement (Joyee Cheung) #31824

PR-URL: https://github.com/nodejs/node/pull/32027
2020-03-04 09:53:11 -08:00
Shelley Vohr
31290824de
doc: fix notable changes for v13.9.0
PR-URL: https://github.com/nodejs/node/pull/31857
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
2020-02-18 17:45:09 -05:00
Myles Borins
43fb664701
doc: fix missing changelog corrections
There was a slight discrepancy between the build of 12.16.1 and what
landed on 12.x. This was only a couple spelling errors that didn't
get updated between machines I was working on. This change gets the
changelog up to date with what went out in the release vs what is
current on the 12.x release branch.

PR-URL: https://github.com/nodejs/node/pull/31854
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
2020-02-18 17:26:48 -05:00
Shelley Vohr
0c3c0e7184
2020-02-18, Version 13.9.0 (Current)
Notable changes:

* async_hooks
  * add executionAsyncResource (Matteo Collina) #30959
* crypto
  * add crypto.diffieHellman (Tobias Nießen) #31178
  * add DH support to generateKeyPair (Tobias Nießen) #31178
  * simplify DH groups (Tobias Nießen) #31178
  * add key type 'dh' (Tobias Nießen) #31178
* test
  * skip keygen tests on arm systems (Tobias Nießen) #31178
* perf_hooks
  * add property flags to GCPerformanceEntry (Kirill Fomichev) #29547
* process
  * report ArrayBuffer memory in `memoryUsage()` (Anna Henningsen) #31550
* readline
  * make tab size configurable (Ruben Bridgewater) #31318
* report
  * add support for Workers (Anna Henningsen) #31386
* worker
  * add ability to take heap snapshot from parent thread (Anna Henningsen) #31569
* added new collaborators
  * add ronag to collaborators (Robert Nagy) #31498

PR-URL: https://github.com/nodejs/node/pull/31837
2020-02-18 12:40:21 -08:00
Myles Borins
1c2d77d3d9
2020-02-18, Version 12.16.1 'Erbium' (LTS)
Notable changes:

Node.js 12.16.0 included 6 regressions that are being fixed in this
release

**Accidental Unflagging of Self Resolving Modules**:

12.16.0 included a large update to the ESM implementation. One of the
new features, Self Referential Modules, was accidentally released
without requiring the `--experimental-modules` flag. This release is
being made to appropriately flag the feature.

**Process Cleanup Changed Introduced WASM-Related Assertion**:

A change during Node.js process cleanup led to a crash in combination
with specific usage of WASM. This has been fixed by partially reverted
said change. A regression test and a full fix are being worked on and
will likely be included in future 12.x and 13.x releases.

**Use Largepages Runtime Option Introduced Linking Failure**:

A Semver-Minor change to introduce `--use-largepages` as a runtime
option introduced a linking failure. This had been fixed in master but
regressed as the fix has not yet gone out in a Current release. The
feature has been reverted, but will be able to reland with a fix in a
future Semver-Minor release.

**Async Hooks was Causing an Exception When Handling Errors**:

Changes in async hooks internals introduced a case where an internal
api call could be called with undefined causing a process to crash. The
change to async hooks was reverted. A regression test and fix has been
proposed and the change could re land in a future Semver-Patch release
if the regression is reliably fixed.

**New Enumerable Read-Only Property on EventEmitter breaks @types/extend**

A new property for enumerating events was added to the EventEmitter
class. This broke existing code that was using the `@types/extend`
module for extending classses as `@types/extend` was attemping to write
over the existing field which the new change made read-only. As this is
the first property on EventEmitter that is read-only this feature could
be considered Semver-Major. The new feature has been reverted but could
re land in a future Semver-Minor release if a non breaking way of
applying it is found.

**Exceptions in the HTTP parser were not emitting an uncaughtException**

A refactoring to Node.js interanls resulted in a bug where errors in
the HTTP parser were not being emitted by
`process.on('uncaughtException')`. The fix to this bug has been
included in this release.

PR-URL: https://github.com/nodejs/node/pull/31781
2020-02-18 14:46:29 -05:00
Myles Borins
1c11ea4388
2020-02-11, Version 12.16.0 'Erbium' (LTS)
Notable changes:

New assert APIs

The `assert` module now provides experimental `assert.match()` and
`assert.doesNotMatch()` methods. They will validate that the first argument is a
string and matches (or does not match) the provided regular expression

This is an experimental feature.

Ruben Bridgewater [#30929](https://github.com/nodejs/node/pull/30929).

Advanced serialization for IPC

The `child_process` and `cluster` modules now support a `serialization` option
to change the serialization mechanism used for IPC. The option can have one of
two values:

* `'json'` (default): `JSON.stringify()` and `JSON.parse()` are used. This is
  how message serialization was done before.
* `'advanced'`: The serialization API of the `v8` module is used. It is based on
  the HTML structured clone algorithm.
  and is able to serialize more built-in JavaScript object types, such as
  `BigInt`, `Map`, `Set` etc. as well as circular data structures.

Anna Henningsen [#30162](https://github.com/nodejs/node/pull/30162).

CLI flags

The new `--trace-exit` CLI flag makes Node.js print a stack trace whenever the
Node.js environment is exited proactively (i.e. by invoking the `process.exit()`
function or pressing Ctrl+C).

legendecas [#30516](https://github.com/nodejs/node/pull/30516).

___

The new `--trace-uncaught` CLI flag makes Node.js print a stack trace at the
time of throwing uncaught exceptions, rather than at the creation of the `Error`
object, if there is any.
This option is not enabled by default because it may affect garbage collection
behavior negatively.

Anna Henningsen [#30025](https://github.com/nodejs/node/pull/30025).

___

The `--disallow-code-generation-from-strings` V8 CLI flag is now whitelisted in
the `NODE_OPTIONS` environment variable.

Shelley Vohr [#30094](https://github.com/nodejs/node/pull/30094).

New crypto APIs

For DSA and ECDSA, a new signature encoding is now supported in addition to the
existing one (DER). The `verify` and `sign` methods accept a `dsaEncoding`
option, which can have one of two values:

* `'der'` (default): DER-encoded ASN.1 signature structure encoding `(r, s)`.
* `'ieee-p1363'`: Signature format `r || s` as proposed in IEEE-P1363.

Tobias Nießen [#29292](https://github.com/nodejs/node/pull/29292).

___

A new method was added to `Hash`: `Hash.prototype.copy`. It makes it possible to
clone the internal state of a `Hash` object into a new `Hash` object, allowing
to compute the digest between updates.

Ben Noordhuis [#29910](https://github.com/nodejs/node/pull/29910).

Dependency updates

libuv was updated to 1.34.0. This includes fixes to `uv_fs_copyfile()` and
`uv_interface_addresses()` and adds two new functions: `uv_sleep()` and
`uv_fs_mkstemp()`.

Colin Ihrig [#30783](https://github.com/nodejs/node/pull/30783).

___

V8 was updated to 7.8.279.23. This includes performance improvements to object
destructuring, RegExp match failures and WebAssembly startup time.
The official release notes are available at https://v8.dev/blog/v8-release-78.

Michaël Zasso [#30109](https://github.com/nodejs/node/pull/30109).

New EventEmitter APIs

The new `EventEmitter.on` static method allows to async iterate over events.

Matteo Collina [#27994](https://github.com/nodejs/node/pull/27994).

___

It is now possible to monitor `'error'` events on an `EventEmitter` without
consuming the emitted error by installing a listener using the symbol
`EventEmitter.errorMonitor`.

Gerhard Stoebich [#30932](https://github.com/nodejs/node/pull/30932).

___

Using `async` functions with event handlers is problematic, because it
can lead to an unhandled rejection in case of a thrown exception.

The experimental `captureRejections` option in the `EventEmitter` constructor or
the global setting change this behavior, installing a
`.then(undefined, handler)` handler on the `Promise`. This handler routes the
exception asynchronously to the `Symbol.for('nodejs.rejection')` method if there
is one, or to the `'error'` event handler if there is none.

Setting `EventEmitter.captureRejections = true` will change the default for all
new instances of `EventEmitter`.

This is an experimental feature.

Matteo Collina [#27867](https://github.com/nodejs/node/pull/27867).

Performance Hooks are no longer experimental

The `perf_hooks` module is now considered a stable API.

legendecas [#31101](https://github.com/nodejs/node/pull/31101).

Introduction of experimental WebAssembly System Interface (WASI) support

A new core module, `wasi`, is introduced to provide an implementation of the
[WebAssembly System Interface](https://wasi.dev/) specification.
WASI gives sandboxed WebAssembly applications access to the
underlying operating system via a collection of POSIX-like functions.

This is an experimental feature.

Colin Ihrig [#30258](https://github.com/nodejs/node/pull/30258).

PR-URL: https://github.com/nodejs/node/pull/31691
2020-02-11 19:20:59 +01:00
Beth Griggs
d602e586bf
2020-02-06, Version 10.19.0 'Dubnium' (LTS)
This is a security release.

Vulnerabilities fixed:
* **CVE-2019-15606**:
          HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
          HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
          Remotely trigger an assertion on a TLS server with a malformed
          certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.

PR-URL: https://github.com/nodejs-private/node-private/pull/198
2020-02-06 03:05:04 +00:00
Beth Griggs
e65ae42785
2020-02-06, Version 12.15.0 'Erbium' (LTS)
This is a security release.

Vulnerabilities fixed:
* **CVE-2019-15606**:
      HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
      HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
      Remotely trigger an assertion on a TLS server with a malformed
      certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.

PR-URL: https://github.com/nodejs-private/node-private/pull/197
2020-02-06 02:55:47 +00:00
Beth Griggs
f0f2583c91
2020-02-06, Version 13.8.0 (Current)
This is a security release.

Vulnerabilities fixed:
* **CVE-2019-15606**:
      HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
      HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
      Remotely trigger an assertion on a TLS server with a malformed
      certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.

PR-URL: https://github.com/nodejs-private/node-private/pull/196
2020-02-06 02:39:39 +00:00
Shelley Vohr
a484f1acf3
2020-01-21, Version 13.7.0 (Current)
Notable changes:

* deps:
  * upgrade to libuv 1.34.1 (cjihrig) https://github.com/nodejs/node/pull/31332
  * upgrade npm to 6.13.6 (Ruy Adorno) https://github.com/nodejs/node/pull/31304
* module
  * add API for interacting with source maps (bcoe) https://github.com/nodejs/node/pull/31132
  * loader getSource, getFormat, transform hooks (Geoffrey Booth) https://github.com/nodejs/node/pull/30986
  * logical conditional exports ordering (Guy Bedford) https://github.com/nodejs/node/pull/31008
  * unflag conditional exports (Guy Bedford) https://github.com/nodejs/node/pull/31001
* process:
  * allow monitoring uncaughtException (Gerhard Stoebich) https://github.com/nodejs/node/pull/31257
* Added new collaborators:
  * [GeoffreyBooth](https://github.com/GeoffreyBooth) - Geoffrey Booth. https://github.com/nodejs/node/pull/31306

PR-URL: https://github.com/nodejs/node/pull/31382
2020-01-21 09:58:13 -08:00