Commit Graph

462 Commits

Author SHA1 Message Date
Myles Borins
d318ec7fc3
2021-04-06, Version 12.22.1 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)

PR-URL: https://github.com/nodejs/node/pull/38083
2021-04-06 15:55:22 -04:00
Myles Borins
cd15b1cde2
2021-04-06, Version 10.24.1 'Dubnium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)

PR-URL: https://github.com/nodejs/node/pull/38085
2021-04-06 15:55:22 -04:00
Ruy Adorno
82bc5c3d5c
2021-03-31, Version 15.13.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/37977

Notable changes:

* buffer:
  * implement btoa and atob (James M Snell) https://github.com/nodejs/node/pull/37529
* deps:
  * upgrade npm to 7.7.6 (Ruy Adorno) https://github.com/nodejs/node/pull/37968
* doc:
  * add legacy status to stability index (James M Snell) https://github.com/nodejs/node/pull/37784
  * add @linkgoron to collaborators (Nitzan Uziely) https://github.com/nodejs/node/pull/37817
* http:
  * add http.ClientRequest.getRawHeaderNames() (simov) https://github.com/nodejs/node/pull/37660
2021-03-31 10:14:03 -04:00
Richard Lau
30fe4ed8c4
2021-03-30, Version 12.22.0 'Erbium' (LTS)
Notable changes

The legacy HTTP parser is runtime deprecated:
- The legacy HTTP parser, selected by the `--http-parser=legacy` command line
option, is deprecated with the pending End-of-Life of Node.js 10.x (where it
is the only HTTP parser implementation provided) at the end of April 2021. It
will now warn on use but otherwise continue to function and may be removed in
a future Node.js 12.x release.
- The default HTTP parser based on llhttp is not affected. By default it is
stricter than the now deprecated legacy HTTP parser. If interoperability with
HTTP implementations that send invalid HTTP headers is required, the HTTP
parser can be started in a less secure mode with the `--insecure-http-parser`
command line option.

ES Modules:
- ES Modules are now considered stable.

node-api:
- Updated to node-api version 8 and added an experimental API to allow
retrieval of the add-on file name.

New API's to control code coverage data collection:
- `v8.stopCoverage()` and `v8.takeCoverage()` have been added.

New API to monitor event loop utilization by Worker threads
- `worker.performance.eventLoopUtilization()` has been added.

PR-URL: https://github.com/nodejs/node/pull/37797
2021-03-30 15:09:15 +01:00
Danielle Adams
3b3b02f8bb
2021-03-17, Version 15.12.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/37766

Notable changes:

* crypto:
  * add optional callback to crypto.sign and crypto.verify (Filip Skokan) https://github.com/nodejs/node/pull/37500
  * support JWK objects in create\*Key (Filip Skokan) https://github.com/nodejs/node/pull/37254
* deps:
  * update to cjs-module-lexer@1.1.0 (Guy Bedford) https://github.com/nodejs/node/pull/37712
  * switch openssl to quictls/openssl (James M Snell) https://github.com/nodejs/node/pull/37601
* fs:
  * improve fsPromises writeFile performance (Nitzan Uziely) https://github.com/nodejs/node/pull/37610
  * improve fsPromises readFile performance (Nitzan Uziely) https://github.com/nodejs/node/pull/37608
* lib:
  * implement AbortSignal.abort() (James M Snell) https://github.com/nodejs/node/pull/37693
* node-api:
  * define version 8 (Gabriel Schulhof) https://github.com/nodejs/node/pull/37652
* worker:
  * add setEnvironmentData/getEnvironmentData (James M Snell) https://github.com/nodejs/node/pull/37486
2021-03-17 18:16:45 -04:00
Michaël Zasso
f6b1df2226
2021-03-03, Version 15.11.0 (Current)
Notable changes:

crypto:
  * (SEMVER-MINOR) make FIPS related options always awailable (Vít Ondruch) https://github.com/nodejs/node/pull/36341
errors:
  * (SEMVER-MINOR) remove experimental from --enable-source-maps (Benjamin Coe) https://github.com/nodejs/node/pull/37362

PR-URL: https://github.com/nodejs/node/pull/37569
2021-03-03 07:06:17 +01:00
Richard Lau
eed3c72474
2021-02-23, Version 10.24.0 'Dubnium' (LTS)
This is a security release.

Notable changes

Vulnerabilities fixed:

- **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by
    resource exhaustion
- **CVE-2021-22884**: DNS rebinding in --inspect
- **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate

PR-URL: https://github.com/nodejs-private/node-private/pull/255
2021-02-23 12:41:57 +00:00
Richard Lau
199c8bdb0d
2021-02-23, Version 12.21.0 'Erbium' (LTS)
This is a security release.

Notable changes

Vulnerabilities fixed:

- **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by
    resource exhaustion
- **CVE-2021-22884**: DNS rebinding in --inspect
- **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate

PR-URL: https://github.com/nodejs-private/node-private/pull/256
2021-02-23 12:38:53 +00:00
Beth Griggs
40b805a6ef
2021-02-23, Version 14.16.0 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by
    resource exhaustion
- **CVE-2021-22884**: DNS rebinding in --inspect
- **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate

PR-URL: https://github.com/nodejs-private/node-private/pull/254
2021-02-23 12:22:11 +00:00
Beth Griggs
6f9b622737
2021-02-23, Version 15.10.0 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by
    resource exhaustion
- **CVE-2021-22884**: DNS rebinding in --inspect
- **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate

PR-URL: https://github.com/nodejs-private/node-private/pull/253
2021-02-23 12:02:39 +00:00
Danielle Adams
3bf50a70b4
2021-02-17, Version 15.9.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/37406

Notable Changes:

* crypto:
  * add keyObject.export() jwk format option (Filip Skokan) https://github.com/nodejs/node/pull/37081
* deps:
  * upgrade to libuv 1.41.0 (Colin Ihrig) https://github.com/nodejs/node/pull/37360
* doc:
  * add dmabupt to collaborators (Xu Meng) https://github.com/nodejs/node/pull/37377
  * refactor fs docs structure (James M Snell) https://github.com/nodejs/node/pull/37170
* fs:
  * add fsPromises.watch() (James M Snell) https://github.com/nodejs/node/pull/37179
  * use a default callback for fs.close() (James M Snell) https://github.com/nodejs/node/pull/37174
  * add AbortSignal support to watch (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/37190
* perf_hooks:
  * introduce createHistogram (James M Snell) https://github.com/nodejs/node/pull/37155
* stream:
  * improve Readable.from error handling (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/37158
* timers:
  * introduce setInterval async iterator (linkgoron) https://github.com/nodejs/node/pull/37153
* tls:
  * add ability to get cert/peer cert as X509Certificate object (James M Snell) https://github.com/nodejs/node/pull/37070
2021-02-17 21:20:34 -05:00
Ruy Adorno
ad38be4f6a
2021-02-10, Version 12.20.2 'Erbium' (LTS)
Notable changes:

* deps:
  * upgrade npm to 6.14.11 (Ruy Adorno) [#37173](https://github.com/nodejs/node/pull/37173)

PR-URL: https://github.com/nodejs/node/pull/37286
2021-02-10 15:31:09 -05:00
Richard Lau
857fbdb13f
2021-02-09, Version 10.23.3 'Dubnium' (LTS)
Notable changes:

The update to npm 6.14.11 has been relanded so that npm correctly reports its version.

PR-URL: https://github.com/nodejs/node/pull/37241
2021-02-09 22:58:32 +00:00
Beth Griggs
4f12215a6b
2021-02-09, Version 14.15.5 'Fermium' (LTS)
Notable changes:

- **deps**:
  - upgrade npm to 6.14.11 (Ruy Adorno)
    (https://github.com/nodejs/node/pull/37173)
  - V8: backport dfcf1e86fac0 (Michaël Zasso)
    (https://github.com/nodejs/node/pull/37245)
    - Note: Node.js is not believed to be vulnerable to CVE-2021-21148.
- **stream,zlib**: do not use \_stream\_\* anymore (Matteo Collina)
  (https://github.com/nodejs/node/pull/36618)

PR-URL: https://github.com/nodejs/node/pull/37074
2021-02-09 16:40:16 +00:00
Michaël Zasso
211574b0c2
2021-02-02, Version 15.8.0 (Current)
Notable changes:

crypto:
  * (SEMVER-MINOR) add generatePrime/checkPrime (James M Snell) https://github.com/nodejs/node/pull/36997
  * (SEMVER-MINOR) experimental (Ed/X)25519/(Ed/X)448 support (James M Snell) https://github.com/nodejs/node/pull/36879
deps:
  * upgrade npm to 7.5.0 (Ruy Adorno) https://github.com/nodejs/node/pull/37117
dgram:
  * (SEMVER-MINOR) support AbortSignal in createSocket (Nitzan Uziely) https://github.com/nodejs/node/pull/37026
doc:
  * add Zijian Liu to collaborators (ZiJian Liu) https://github.com/nodejs/node/pull/37075
esm:
  * deprecate legacy main lookup for modules (Guy Bedford) https://github.com/nodejs/node/pull/36918
readline:
  * (SEMVER-MINOR) add history event and option to set initial history (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33662
  * (SEMVER-MINOR) add support for the AbortController to the question method (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33676

PR-URL: https://github.com/nodejs/node/pull/37183
2021-02-02 21:50:24 +01:00
Richard Lau
c5f3565100
2021-01-26, Version 10.23.2 'Dubnium' (LTS)
Notable changes:

Release keys have been synchronized with the main branch.

- deps:
  - upgrade npm to 6.14.11 (Darcy Clarke)
    https://github.com/nodejs/node/pull/36838

PR-URL: https://github.com/nodejs/node/pull/37022
2021-01-26 17:14:19 +00:00
Ruy Adorno
cef00ad414
2021-01-26, Version 15.7.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/37020

Notable changes:

* buffer:
  * introduce Blob (James M Snell) [#36811](https://github.com/nodejs/node/pull/36811)
  * add base64url encoding option (Filip Skokan) [#36952](https://github.com/nodejs/node/pull/36952)
* doc:
  * add @iansu to collaborators (Ian Sutherland) [#36951](https://github.com/nodejs/node/pull/36951)
  * add @RaisinTen to collaborators (Darshan Sen) [#36998](https://github.com/nodejs/node/pull/36998)
  * add @miladfarca to collaborators (Milad Fa) [#36934](https://github.com/nodejs/node/pull/36934)
* fs:
  * allow position parameter to be a BigInt in read and readSync (raisinten) [#36190](https://github.com/nodejs/node/pull/36190)
* http:
  * attach request as res.req (Ian Storm Taylor) [#36505](https://github.com/nodejs/node/pull/36505)
  * expose urlToHttpOptions utility (Yongsheng Zhang) [#35960](https://github.com/nodejs/node/pull/35960)
2021-01-26 11:06:59 -05:00
Danielle Adams
0f789488d4
2021-01-14, Version 15.6.0 (Current)
PR-URL: https://github.com/nodejs/node/pull/36889

Notable changes:

* child_process:
  * add 'overlapped' stdio flag (Thiago Padilha) (https://github.com/nodejs/node/pull/29412)
  * support AbortSignal in fork (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/36603)
* crypto:
  * implement basic secure heap support (James M Snell) (https://github.com/nodejs/node/pull/36779)
  * fixup bug in keygen error handling (James M Snell) (https://github.com/nodejs/node/pull/36779)
  * introduce X509Certificate API (James M Snell) (https://github.com/nodejs/node/pull/36804)
  * implement randomuuid (James M Snell) (https://github.com/nodejs/node/pull/36729)
* doc:
  * update release key for Danielle Adams (Danielle Adams) (https://github.com/nodejs/node/pull/36793)
  * add dnlup to collaborators (Daniele Belardi) (https://github.com/nodejs/node/pull/36849)
  * add panva to collaborators (Filip Skokan) (https://github.com/nodejs/node/pull/36802)
  * add yashLadha to collaborator (Yash Ladha) (https://github.com/nodejs/node/pull/36666)
* http:
  * set lifo as the default scheduling strategy in Agent (Matteo Collina) (https://github.com/nodejs/node/pull/36685)
* net:
  * support abortSignal in server.listen (Nitzan Uziely) (https://github.com/nodejs/node/pull/36623)
* process:
  * add direct access to rss without iterating pages (Adrien Maret) (https://github.com/nodejs/node/pull/34291)
* v8:
  * fix native  constructors (ExE Boss) (https://github.com/nodejs/node/pull/36549)
2021-01-14 19:58:43 -05:00
Richard Lau
ceb0dc907a
2021-01-04, Version 12.20.1 'Erbium' (LTS)
Notable changes:

This is a security release.

Vulnerabilities fixed:

- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt

PR-URL: https://github.com/nodejs-private/node-private/pull/240
2021-01-04 18:02:20 +00:00
Richard Lau
6c80df02d1
2021-01-04, Version 10.23.1 'Dubnium' (LTS)
Notable changes:

This is a security release.

Vulnerabilities fixed:

- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt

PR-URL: https://github.com/nodejs-private/node-private/pull/239
2021-01-04 17:59:36 +00:00
Beth Griggs
a384a0c4c6
2021-01-04, Version 14.15.4 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2020-1971**: OpenSSL - EDIPARTYNAME NULL pointer de-reference
  (High)
  - This is a vulnerability in OpenSSL which may be exploited through
  Node.js. You can read more about it in
  https://www.openssl.org/news/secadv/20201208.txt

- **CVE-2020-8265**: use-after-free in TLSWrap (High)
  - Affected Node.js versions are vulnerable to a use-after-free bug in
  its TLS implementation. When writing to a TLS enabled socket,
  node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
  allocated WriteWrap object as first argument. If the DoWrite method
  does not return an error, this object is passed back to the caller as
  part of a StreamWriteResult structure. This may be exploited to
  corrupt memory leading to a Denial of Service or potentially other
  exploits.

- **CVE-2020-8287**: HTTP Request Smuggling in nodejs (Low)
  - Affected versions of Node.js allow two copies of a header field in
  a http request. For example, two Transfer-Encoding header fields. In
  this case Node.js identifies the first header field and ignores the
  second. This can lead to HTTP Request Smuggling
  (https://cwe.mitre.org/data/definitions/444.html).

PR-URL: https://github.com/nodejs-private/node-private/pull/242
2021-01-04 17:53:38 +00:00
Beth Griggs
433ed98b40
2021-01-04, Version 15.5.1 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2020-8265**: use-after-free in TLSWrap (High)
  * Affected Node.js versions are vulnerable to a use-after-free bug in
  its TLS implementation. When writing to a TLS enabled socket,
  node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
  allocated WriteWrap object as first argument. If the DoWrite method
  does not return an error, this object is passed back to the caller as
  part of a StreamWriteResult structure. This may be exploited to
  corrupt memory leading to a Denial of Service or potentially other
  exploits.

- **CVE-2020-8287**: HTTP Request Smuggling in nodejs (Low)
  * Affected versions of Node.js allow two copies of a header field in
  a http request. For example, two Transfer-Encoding header fields. In
  this case Node.js identifies the first header field and ignores the
  second. This can lead to HTTP Request Smuggling
  (https://cwe.mitre.org/data/definitions/444.html).

PR-URL: https://github.com/nodejs-private/node-private/pull/241
2021-01-04 17:46:51 +00:00
Michaël Zasso
80d2fbeb0c
2020-12-22, Version 15.5.0 (Current)
Notable changes:

    child_process:
      * (SEMVER-MINOR) add signal support to spawn (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/36432
    doc:
      * add PoojaDurgad to collaborators (Pooja D P) https://github.com/nodejs/node/pull/36511
    lib:
      * (SEMVER-MINOR) support BigInt in querystring.stringify (raisinten) https://github.com/nodejs/node/pull/36499
    src:
      * (SEMVER-MINOR) add way to get IsolateData and allocator from Environment (Anna Henningsen) https://github.com/nodejs/node/pull/36441
      * (SEMVER-MINOR) allow preventing SetPrepareStackTraceCallback (Shelley Vohr) https://github.com/nodejs/node/pull/36447
    stream:
      * (SEMVER-MINOR) support abortsignal in constructor (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/36431

PR-URL: https://github.com/nodejs/node/pull/36597
2020-12-22 19:56:09 +01:00
Beth Griggs
b49145f795
2020-12-17, Version 14.15.3 'Fermium' (LTS)
Notable Changes:

Node.js v14.15.2 included a commit that has caused reported breakages
when cloning request objects. This release reverts the commit that
introduced the behaviour change.

See https://github.com/nodejs/node/issues/36550 for more details.

PR-URL: https://github.com/nodejs/node/pull/36555
2020-12-17 23:22:59 +00:00
Beth Griggs
a150926177
2020-12-15, Version 14.15.2 'Fermium' (LTS)
Notable Changes:

- **deps**:
  - upgrade npm to 6.14.9 (Myles Borins)
    https://github.com/nodejs/node/pull/36450
  - update acorn to v8.0.4 (Michaël Zasso)
    https://github.com/nodejs/node/pull/35791
- **doc**: add release key for Danielle Adams (Danielle Adams)
    https://github.com/nodejs/node/pull/35545
- **http2**: check write not scheduled in scope destructor (David Halls)
    https://github.com/nodejs/node/pull/36241
- **stream**: fix regression on duplex end (Momtchil Momtchev)
    https://github.com/nodejs/node/pull/35941

PR-URL: https://github.com/nodejs/node/pull/36476
2020-12-15 23:48:00 +00:00
Danielle Adams
04e5418934
doc: add v15.4.0 link to CHANGELOG.md
PR-URL: https://github.com/nodejs/node/pull/36456
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
2020-12-14 15:02:05 -05:00
Myles Borins
219332e66c
2020-11-24, Version 12.20.0 'Erbium' (LTS)
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546
deps:
  * update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333
doc:
  * add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542
fs:
  * (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134
http:
  * (SEMVER-MINOR) added scheduling option to http agent (delvedor) https://github.com/nodejs/node/pull/33278
module:
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
n-api:
  * (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) https://github.com/nodejs/node/pull/35214
src:
  * (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) https://github.com/nodejs/node/pull/35470
  * (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) https://github.com/nodejs/node/pull/35472
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) https://github.com/nodejs/node/pull/35512

PR-URL: https://github.com/nodejs/node/pull/35950
2020-11-24 11:40:37 -05:00
Shelley Vohr
7b5b8ef424
2020-11-24, Version 15.3.0 (Current)
Notable changes:

dns:
  * (SEMVER-MINOR) add a cancel() method to the promise Resolver (Szymon Marczak) https://github.com/nodejs/node/pull/33099
events:
  * (SEMVER-MINOR) add max listener warning for EventTarget (James M Snell) https://github.com/nodejs/node/pull/36001
http:
  * (SEMVER-MINOR) add support for abortsignal to http.request (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/36048
http2:
  * (SEMVER-MINOR) allow setting the local window size of a session (Yongsheng Zhang) https://github.com/nodejs/node/pull/35978
lib:
  * (SEMVER-MINOR) add throws option to fs.f/l/statSync (Andrew Casey) https://github.com/nodejs/node/pull/33716
path:
  * (SEMVER-MINOR) add `path/posix` and `path/win32` alias modules (ExE Boss) https://github.com/nodejs/node/pull/34962
readline:
  * (SEMVER-MINOR) add getPrompt to get the current prompt (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33675
src:
  * (SEMVER-MINOR) add loop idle time in diagnostic report (Gireesh Punathil) https://github.com/nodejs/node/pull/35940
util:
  * (SEMVER-MINOR) add `util/types` alias module (ExE Boss) https://github.com/nodejs/node/pull/34055

PR-URL: https://github.com/nodejs/node/pull/36232
2020-11-24 08:26:26 -08:00
Beth Griggs
88d0b5b2fb
2020-11-16, Version 12.19.1 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
  application that allows an attacker to trigger a DNS request for a
  host of their choice could trigger a Denial of Service by getting the
  application to resolve a DNS record with a larger number of responses.

PR-URL: https://github.com/nodejs-private/node-private/pull/233
2020-11-16 17:09:16 +01:00
Beth Griggs
f67088efec
2020-11-16, Version 14.15.1 'Fermium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
  application that allows an attacker to trigger a DNS request for a
  host of their choice could trigger a Denial of Service by getting the
  application to resolve a DNS record with a larger number of responses.

PR-URL: https://github.com/nodejs-private/node-private/pull/234
2020-11-16 17:09:15 +01:00
Michaël Zasso
6be214d537
2020-11-16, Version 15.2.1 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
  application that allows an attacker to trigger a DNS request for a
  host of their choice could trigger a Denial of service by getting the
  application to resolve a DNS record with a larger number of responses.

PR-URL: https://github.com/nodejs-private/node-private/pull/232
2020-11-16 17:09:15 +01:00
Danielle Adams
f5c508c805
2020-11-10, Version 15.2.0 (Current)
Notable changes:

* events:
  * getEventListeners static (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/35991)
* fs:
  * support abortsignal in writeFile (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/35993)
  * add support for AbortSignal in readFile (Benjamin Gruenbaum) (https://github.com/nodejs/node/pull/35911)
* stream:
  * fix thrown object reference (Gil Pedersen) (https://github.com/nodejs/node/pull/36065)

PR URL: https://github.com/nodejs/node/pull/36055
2020-11-10 17:51:54 -05:00
Michaël Zasso
8caa6a9d8c
2020-11-04, Version 15.1.0 (Current)
Notable changes:

child_process:
  * (SEMVER-MINOR) add ChildProcess 'spawn' event (Matthew Francis Brunetti) https://github.com/nodejs/node/pull/35369
dns:
  * (SEMVER-MINOR) add setLocalAddress to Resolver (Josh Dague) https://github.com/nodejs/node/pull/34824
http:
  * (SEMVER-MINOR) report request start and end with diagnostics_channel (Stephen Belanger) https://github.com/nodejs/node/pull/34895
http2:
  * (SEMVER-MINOR) add updateSettings to both http2 servers (Vincent Boivin) https://github.com/nodejs/node/pull/35383
lib:
  * (SEMVER-MINOR) create diagnostics_channel module (Stephen Belanger) https://github.com/nodejs/node/pull/34895
src:
  * (SEMVER-MINOR) add --heapsnapshot-near-heap-limit option (Joyee Cheung) https://github.com/nodejs/node/pull/33010
v8:
  * (SEMVER-MINOR) implement v8.stopCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
  * (SEMVER-MINOR) implement v8.takeCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807
worker:
  * (SEMVER-MINOR) add eventLoopUtilization() (Trevor Norris) https://github.com/nodejs/node/pull/35664

PR-URL: https://github.com/nodejs/node/pull/35948
2020-11-04 21:43:02 +01:00
Richard Lau
0ca861745a
2020-10-27, Version 14.15.0 'Fermium' (LTS)
Notable changes:

This release marks the transition of Node.js 14.x into Long Term Support (LTS)
with the codename 'Fermium'. The 14.x release line now moves into "Active LTS"
and will remain so until October 2021. After that time, it will move into
"Maintenance" until end of life in April 2023.

PR-URL: https://github.com/nodejs/node/pull/35746
2020-10-27 11:59:05 -04:00
Richard Lau
62ead4e14f
2020-10-27, Version 10.23.0 'Dubnium' (LTS)
Notable changes:
- deps:
  - upgrade npm to 6.14.8 (Ruy Adorno)
    https://github.com/nodejs/node/pull/34834
- n-api:
  - create N-API version 7 (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/35199
  - expose napi_build_version variable (NickNaso)
    https://github.com/nodejs/node/pull/27835
- tools:
  - add debug entitlements for macOS 10.15+ (Gabriele Greco)
    https://github.com/nodejs/node/pull/34378

PR-URL: https://github.com/nodejs/node/pull/35544
2020-10-27 11:31:31 -04:00
Beth Griggs
4d16554bfa
2020-10-21, Version 15.0.1 (Current)
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (https://github.com/nodejs/node/pull/35723)
  - This fixes issue https://github.com/nodejs/node/issues/35722.
- **deps**: upgrade npm to 7.0.3 (Ruy Adorno)
  (https://github.com/nodejs/node/pull/35724)
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (https://github.com/nodejs/node/pull/35545)

PR-URL: https://github.com/nodejs/node/pull/35736
2020-10-21 21:20:48 +01:00
Beth Griggs
57613f8c56
2020-10-20, Version 15.0.0 (Current)
Notable changes:

Deprecations and Removals:

- **build**: remove --build-v8-with-gn configure option (Yang Guo)
(https://github.com/nodejs/node/pull/27576)
- **build**: drop support for VS2017 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33694)
- **doc**: move DEP0018 to End-of-Life (Rich Trott)
(https://github.com/nodejs/node/pull/35316)
- **fs**: deprecation warning on recursive rmdir (Ian Sutherland)
(https://github.com/nodejs/node/pull/35562)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **net**: remove long deprecated server.connections property (James M
Snell) (https://github.com/nodejs/node/pull/33647)
- **repl**: remove deprecated repl.memory function (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.turnOffEditorMode() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.parseREPLKeyword() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated bufferedCommand property (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated .rli (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **src**: remove deprecated node debug command (James M Snell)
(https://github.com/nodejs/node/pull/33648)
- **timers**: introduce timers/promises (James M Snell)
(https://github.com/nodejs/node/pull/33950)
- **util**: change default value of `maxStringLength` to 10000
(unknown) (https://github.com/nodejs/node/pull/32744)
- **wasi**: drop --experimental-wasm-bigint requirement (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)

npm 7 (https://github.com/nodejs/node/pull/35631):

Node.js 15 comes with a new major release of npm, npm 7. npm 7 comes
with many new features - including npm workspaces and a new
package-lock.json format. npm 7 also includes yarn.lock file support.
One of the big changes in npm 7 is that peer dependencies are now
installed by default.

Throw On Unhandled Rejections
(https://github.com/nodejs/node/pull/33021):

As of Node.js 15, the default mode for `unhandledRejection` is changed
to `throw` (from `warn`). In `throw` mode, if an `unhandledRejection`
hook is not set, the `unhandledRejection` is raised as an uncaught
exception. Users that have an `unhandledRejection` hook should see no
change in behavior, and it’s still possible to switch modes using the
`--unhandled-rejections=mode` process flag.

QUIC (https://github.com/nodejs/node/pull/32379):

Node.js 15 comes with experimental support QUIC, which can be enabled
by compiling Node.js with the `--experimental-quic` configuration flag.
The Node.js QUIC implementation is exposed by the core `net` module.

V8 8.6 (https://github.com/nodejs/node/pull/35415):

The V8 JavaScript engine has been updated to V8 8.6 (V8 8.4 is the
latest available in Node.js 14). Along with performance tweaks and
improvements the V8 update also brings the following language features:
* `Promise.any()` (from V8 8.5)
* `AggregateError` (from V8 8.5)
* `String.prototype.replaceAll()` (from V8 8.5)
* Logical assignment operators `&&=`, `||=`, and `??=` (from V8 8.5)

Other Notable Changes:

- **assert**: add `assert/strict` alias module (ExE Boss)
(https://github.com/nodejs/node/pull/34001)
- **dns**: add dns/promises alias (shisama)
(https://github.com/nodejs/node/pull/32953)
- **fs**: reimplement read and write streams using stream.construct
(Robert Nagy) (https://github.com/nodejs/node/pull/29656)
- **http2**: allow Host in HTTP/2 requests (Alba Mendez)
(https://github.com/nodejs/node/pull/34664)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **lib**: unflag AbortController (James M Snell)
(https://github.com/nodejs/node/pull/33527)
- **lib**: initial experimental AbortController implementation (James M
Snell) (https://github.com/nodejs/node/pull/33527)
- **net**: autoDestroy Socket (Robert Nagy)
(https://github.com/nodejs/node/pull/31806)
- **src**: disallow JS execution inside FreeEnvironment (Anna
Henningsen) (https://github.com/nodejs/node/pull/33874)
- **stream**: construct (Robert Nagy)
(https://github.com/nodejs/node/pull/29656)
- **worker**: make MessageEvent class more Web-compatible (Anna
Henningsen) (https://github.com/nodejs/node/pull/35496)

Semver-Major Commits:

- **assert**: add `assert/strict` alias module (ExE Boss)
(https://github.com/nodejs/node/pull/34001)
- **build**: reset embedder string to "-node.0" (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **build**: remove --build-v8-with-gn configure option (Yang Guo)
(https://github.com/nodejs/node/pull/27576)
- **build**: drop support for VS2017 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33694)
- **crypto**: refactoring internals, add WebCrypto (James M Snell)
(https://github.com/nodejs/node/pull/35093)
- **crypto**: move node\_crypto files to src/crypto (James M Snell)
(https://github.com/nodejs/node/pull/35093)
- **deps**: V8: cherry-pick d76abfed3512 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: V8: cherry-pick 717543bbf0ef (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: V8: cherry-pick 6be2f6e26e8d (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: fix V8 build issue with inline methods (Jiawen Geng)
(https://github.com/nodejs/node/pull/35415)
- **deps**: fix platform-embedded-file-writer-win for ARM64 (Michaël
Zasso) (https://github.com/nodejs/node/pull/35415)
- **deps**: update V8 postmortem metadata script (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)
- **deps**: update V8 to 8.6.395 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: upgrade npm to 7.0.0 (Myles Borins)
(https://github.com/nodejs/node/pull/35631)
- **deps**: update npm to 7.0.0-rc.3 (Myles Borins)
(https://github.com/nodejs/node/pull/35474)
- **deps**: V8: cherry-pick 0d6debcc5f08 (Gus Caplan)
(https://github.com/nodejs/node/pull/33600)
- **dns**: add dns/promises alias (shisama)
(https://github.com/nodejs/node/pull/32953)
- **doc**: move DEP0018 to End-of-Life (Rich Trott)
(https://github.com/nodejs/node/pull/35316)
- **doc**: update support macos version for 15.x (Ash Cripps)
(https://github.com/nodejs/node/pull/35022)
- **fs**: deprecation warning on recursive rmdir (Ian Sutherland)
(https://github.com/nodejs/node/pull/35562)
- **fs**: reimplement read and write streams using stream.construct
(Robert Nagy) (https://github.com/nodejs/node/pull/29656)
- **http**: fixed socket.setEncoding fatal error (iskore)
(https://github.com/nodejs/node/pull/33405)
- **http**: emit 'error' on aborted server request (Robert Nagy)
(https://github.com/nodejs/node/pull/33172)
- **http**: cleanup end argument handling (Robert Nagy)
(https://github.com/nodejs/node/pull/31818)
- **http2**: allow Host in HTTP/2 requests (Alba Mendez)
(https://github.com/nodejs/node/pull/34664)
- **http2**: add `invalidheaders` test (Pranshu Srivastava)
(https://github.com/nodejs/node/pull/33161)
- **http2**: refactor state code validation for the http2Stream class
(rickyes) (https://github.com/nodejs/node/pull/33535)
- **http2**: header field valid checks (Pranshu Srivastava)
(https://github.com/nodejs/node/pull/33193)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **lib**: remove ERR\_INVALID\_OPT\_VALUE and
ERR\_INVALID\_OPT\_VALUE\_ENCODING (Denys Otrishko)
(https://github.com/nodejs/node/pull/34682)
- **lib**: handle one of args case in ERR\_MISSING\_ARGS (Denys
Otrishko) (https://github.com/nodejs/node/pull/34022)
- **lib**: remove NodeError from the prototype of errors with code
(Michaël Zasso) (https://github.com/nodejs/node/pull/33857)
- **lib**: unflag AbortController (James M Snell)
(https://github.com/nodejs/node/pull/33527)
- **lib**: initial experimental AbortController implementation (James M
Snell) (https://github.com/nodejs/node/pull/33527)
- **net**: check args in net.connect() and socket.connect() calls
(Denys Otrishko) (https://github.com/nodejs/node/pull/34022)
- **net**: remove long deprecated server.connections property (James M
Snell) (https://github.com/nodejs/node/pull/33647)
- **net**: autoDestroy Socket (Robert Nagy)
(https://github.com/nodejs/node/pull/31806)
- **process**: update v8 fast api calls usage (Maya Lekova)
(https://github.com/nodejs/node/pull/35415)
- **process**: change default --unhandled-rejections=throw (Dan
Fabulich) (https://github.com/nodejs/node/pull/33021)
- **process**: use v8 fast api calls for hrtime (Gus Caplan)
(https://github.com/nodejs/node/pull/33600)
- **process**: delay throwing an error using `throwDeprecation` (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/32312)
- **repl**: remove deprecated repl.memory function (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.turnOffEditorMode() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.parseREPLKeyword() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated bufferedCommand property (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated .rli (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **src**: implement NodePlatform::PostJob (Clemens Backes)
(https://github.com/nodejs/node/pull/35415)
- **src**: update NODE\_MODULE\_VERSION to 88 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **src**: error reporting on CPUUsage (Yash Ladha)
(https://github.com/nodejs/node/pull/34762)
- **src**: use node:moduleName as builtin module filename (Michaël
Zasso) (https://github.com/nodejs/node/pull/35498)
- **src**: enable wasm trap handler on windows (Gus Caplan)
(https://github.com/nodejs/node/pull/35033)
- **src**: update NODE\_MODULE\_VERSION to 86 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33579)
- **src**: disallow JS execution inside FreeEnvironment (Anna
Henningsen) (https://github.com/nodejs/node/pull/33874)
- **src**: remove \_third\_party\_main support (Anna Henningsen)
(https://github.com/nodejs/node/pull/33971)
- **src**: remove deprecated node debug command (James M Snell)
(https://github.com/nodejs/node/pull/33648)
- **src**: remove unused CancelPendingDelayedTasks (Anna Henningsen)
(https://github.com/nodejs/node/pull/32859)
- **stream**: try to wait for flush to complete before 'finish' (Robert
Nagy) (https://github.com/nodejs/node/pull/34314)
- **stream**: cleanup and fix Readable.wrap (Robert Nagy)
(https://github.com/nodejs/node/pull/34204)
- **stream**: add promises version to utility functions (rickyes)
(https://github.com/nodejs/node/pull/33991)
- **stream**: fix writable.end callback behavior (Robert Nagy)
(https://github.com/nodejs/node/pull/34101)
- **stream**: construct (Robert Nagy)
(https://github.com/nodejs/node/pull/29656)
- **stream**: write should throw on unknown encoding (Robert Nagy)
(https://github.com/nodejs/node/pull/33075)
- **stream**: fix \_final and 'prefinish' timing (Robert Nagy)
(https://github.com/nodejs/node/pull/32780)
- **stream**: simplify Transform stream implementation (Robert Nagy)
(https://github.com/nodejs/node/pull/32763)
- **stream**: use callback to properly propagate error (Robert Nagy)
(https://github.com/nodejs/node/pull/29179)
- **test**: update tests after increasing typed array size to 4GB
(Kim-Anh Tran) (https://github.com/nodejs/node/pull/35415)
- **test**: fix tests for npm 7.0.0 (Myles Borins)
(https://github.com/nodejs/node/pull/35631)
- **test**: fix test suite to work with npm 7 (Myles Borins)
(https://github.com/nodejs/node/pull/35474)
- **test**: update WPT harness and tests (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **timers**: introduce timers/promises (James M Snell)
(https://github.com/nodejs/node/pull/33950)
- **tools**: disable x86 safe exception handlers in V8 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **tools**: update V8 gypfiles for 8.6 (Ujjwal Sharma)
(https://github.com/nodejs/node/pull/35415)
- **tools**: update V8 gypfiles for 8.5 (Ujjwal Sharma)
(https://github.com/nodejs/node/pull/35415)
- **url**: file URL path normalization (Daijiro Wachi)
(https://github.com/nodejs/node/pull/35477)
- **url**: verify domain is not empty after "ToASCII" (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **url**: remove U+0000 case in the fragment state (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **url**: remove gopher from special schemes (Michaël Zasso)
(https://github.com/nodejs/node/pull/33325)
- **url**: forbid lt and gt in url host code point (Yash Ladha)
(https://github.com/nodejs/node/pull/33328)
- **util**: change default value of `maxStringLength` to 10000
(unknown) (https://github.com/nodejs/node/pull/32744)
- **wasi**: drop --experimental-wasm-bigint requirement (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)
- **win, child_process**: sanitize env variables (Bartosz Sosnowski)
(https://github.com/nodejs/node/pull/35210)
- **worker**: make MessageEvent class more Web-compatible (Anna
Henningsen) (https://github.com/nodejs/node/pull/35496)
- **worker**: set trackUnmanagedFds to true by default (Anna
Henningsen) (https://github.com/nodejs/node/pull/34394)
- **worker**: rename error code to be more accurate (Anna Henningsen)
(https://github.com/nodejs/node/pull/33872)

PR-URL: https://github.com/nodejs/node/pull/35014
2020-10-20 15:42:45 +01:00
Myles Borins
59d578e1fc
2020-10-15, Version 14.14.0 (Current)
Notable changes:

crypto:
  * update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546
doc:
  * add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542
fs:
  * (SEMVER-MINOR) add rm method (Ian Sutherland) https://github.com/nodejs/node/pull/35494
http:
  * (SEMVER-MINOR) allow passing array of key/val into writeHead (Robert Nagy) https://github.com/nodejs/node/pull/35274
src:
  * (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) https://github.com/nodejs/node/pull/35512

PR-URL: https://github.com/nodejs/node/pull/35648
2020-10-15 19:29:09 -04:00
Danielle Adams
d0438a629a
2020-10-07, Version 14.13.1 (Current)
Notable changes:

* fs:
  * remove experimental from rmdir recursive (Benjamin Coe) [#35171](https://github.com/nodejs/node/pull/35171)

PR-URL: https://github.com/nodejs/node/pull/35525
2020-10-07 17:22:52 -04:00
Shelley Vohr
1cef9c656f
2020-10-06, Version 12.19.0 'Erbium' (LTS)
Notable changes:

assert:
  * (SEMVER-MINOR) port common.mustCall() to assert (ConorDavenport) https://github.com/nodejs/node/pull/31982
async_hooks:
  * (SEMVER-MINOR) add AsyncResource.bind utility (James M Snell) https://github.com/nodejs/node/pull/34574
buffer:
  * (SEMVER-MINOR) also alias BigUInt methods (Anna Henningsen) https://github.com/nodejs/node/pull/34960
  * (SEMVER-MINOR) alias UInt ➡️ Uint in buffer methods (Anna Henningsen) https://github.com/nodejs/node/pull/34729
build:
  * (SEMVER-MINOR) add build flag for OSS-Fuzz integration (davkor) https://github.com/nodejs/node/pull/34761
cli:
  * (SEMVER-MINOR) add alias for report-directory to make it consistent (Ash Cripps) https://github.com/nodejs/node/pull/33587
crypto:
  * (SEMVER-MINOR) allow KeyObjects in postMessage (Tobias Nießen) https://github.com/nodejs/node/pull/33360
  * (SEMVER-MINOR) add randomInt function (Oli Lalonde) https://github.com/nodejs/node/pull/34600
deps:
  * upgrade to libuv 1.39.0 (Colin Ihrig) https://github.com/nodejs/node/pull/34915
  * upgrade npm to 6.14.7 (claudiahdz) https://github.com/nodejs/node/pull/34468
  * upgrade to libuv 1.38.1 (Colin Ihrig) https://github.com/nodejs/node/pull/34187
dgram:
  * (SEMVER-MINOR) add IPv6 scope id suffix to received udp6 dgrams (Pekka Nikander) https://github.com/nodejs/node/pull/14500
  * (SEMVER-MINOR) allow typed arrays in .send() (Sarat Addepalli) https://github.com/nodejs/node/pull/22413
doc:
  * (SEMVER-MINOR) Add maxTotalSockets option to agent constructor (rickyes) https://github.com/nodejs/node/pull/33617
  * (SEMVER-MINOR) add basic embedding example documentation (Anna Henningsen) https://github.com/nodejs/node/pull/30467
  * add Ricky Zhou to collaborators (rickyes) https://github.com/nodejs/node/pull/34676
  * add release key for Ruy Adorno (Ruy Adorno) https://github.com/nodejs/node/pull/34628
  * add DerekNonGeneric to collaborators (Derek Lewis) https://github.com/nodejs/node/pull/34602
  * add AshCripps to collaborators (Ash Cripps) https://github.com/nodejs/node/pull/34494
  * add HarshithaKP to collaborators (Harshitha K P) https://github.com/nodejs/node/pull/34417
  * add rexagod to collaborators (Pranshu Srivastava) https://github.com/nodejs/node/pull/34457
  * add release key for Richard Lau (Richard Lau) https://github.com/nodejs/node/pull/34397
  * add danielleadams to collaborators (Danielle Adams) https://github.com/nodejs/node/pull/34360
  * add sxa as collaborator (Stewart X Addison) https://github.com/nodejs/node/pull/34338
  * add ruyadorno to collaborators (Ruy Adorno) https://github.com/nodejs/node/pull/34297
  * (SEMVER-MAJOR) deprecate process.umask() with no arguments (Colin Ihrig) https://github.com/nodejs/node/pull/32499
embedding:
  * (SEMVER-MINOR) make Stop() stop Workers (Anna Henningsen) https://github.com/nodejs/node/pull/32531
  * (SEMVER-MINOR) provide hook for custom process.exit() behaviour (Anna Henningsen) https://github.com/nodejs/node/pull/32531
fs:
  * (SEMVER-MINOR) implement lutimes (Maël Nison) https://github.com/nodejs/node/pull/33399
http:
  * (SEMVER-MINOR) add maxTotalSockets to agent class (rickyes) https://github.com/nodejs/node/pull/33617
  * (SEMVER-MINOR) return this from IncomingMessage#destroy() (Colin Ihrig) https://github.com/nodejs/node/pull/32789
  * (SEMVER-MINOR) expose host and protocol on ClientRequest (wenningplus) https://github.com/nodejs/node/pull/33803
http2:
  * (SEMVER-MINOR) return this for Http2ServerRequest#setTimeout (Pranshu Srivastava) https://github.com/nodejs/node/pull/33994
  * (SEMVER-MINOR) do not modify explicity set date headers (Pranshu Srivastava) https://github.com/nodejs/node/pull/33160
module:
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
  * (SEMVER-MINOR) package "imports" field (Guy Bedford) https://github.com/nodejs/node/pull/34117
  * (SEMVER-MINOR) deprecate module.parent (Antoine du HAMEL) https://github.com/nodejs/node/pull/32217
n-api:
  * (SEMVER-MINOR) create N-API version 7 (Gabriel Schulhof) https://github.com/nodejs/node/pull/35199
  * (SEMVER-MINOR) support type-tagging objects (Gabriel Schulhof) https://github.com/nodejs/node/pull/28237
n-api,src:
  * (SEMVER-MINOR) provide asynchronous cleanup hooks (Anna Henningsen) https://github.com/nodejs/node/pull/34572
perf_hooks:
  * (SEMVER-MINOR) add idleTime and event loop util (Trevor Norris) https://github.com/nodejs/node/pull/34938
timers:
  * (SEMVER-MINOR) allow timers to be used as primitives (Denys Otrishko) https://github.com/nodejs/node/pull/34017
tls:
  * (SEMVER-MINOR) make 'createSecureContext' honor more options (Mateusz Krawczuk) https://github.com/nodejs/node/pull/33974
worker:
  * (SEMVER-MINOR) add public method for marking objects as untransferable (Anna Henningsen) https://github.com/nodejs/node/pull/33979
  * (SEMVER-MINOR) emit `'messagerror'` events for failed deserialization (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow passing JS wrapper objects via postMessage (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) allow transferring/cloning generic BaseObjects (Anna Henningsen) https://github.com/nodejs/node/pull/33772
  * (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) https://github.com/nodejs/node/pull/34303
  * (SEMVER-MINOR) add stack size resource limit option (Anna Henningsen) https://github.com/nodejs/node/pull/33085
worker,fs:
  * (SEMVER-MINOR) make FileHandle transferable (Anna Henningsen) https://github.com/nodejs/node/pull/33772
zlib:
  * (SEMVER-MINOR) add `maxOutputLength` option (unknown) https://github.com/nodejs/node/pull/33516
  * switch to lazy init for zlib streams (Andrey Pechkurov) https://github.com/nodejs/node/pull/34048

PR-URL: https://github.com/nodejs/node/pull/35401
2020-10-06 13:34:04 -07:00
Myles Borins
cd884cc684
2020-09-29, Version 14.13.0 (Current)
Notable changes:

deps:
  * (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333
module:
  * (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
  * (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
src:
  * (SEMVER-MINOR) allow N-API addon in `AddLinkedBinding()` (Anna Henningsen) https://github.com/nodejs/node/pull/35301

PR-URL: https://github.com/nodejs/node/pull/35419
2020-09-29 15:45:07 -04:00
Ruy Adorno
25d8456563
2020-09-22, Version 14.12.0 (Current)
Notable changes:

- deps:
  - update to uvwasi 0.0.11 (Colin Ihrig)
  [#35104](https://github.com/nodejs/node/pull/35104)
- n-api:
  - create N-API version 7 (Gabriel Schulhof)
  [#35199](https://github.com/nodejs/node/pull/35199)
  - add more property defaults (Gerhard Stoebich)
  [#35214](https://github.com/nodejs/node/pull/35214)

PR-URL: https://github.com/nodejs/node/pull/35285
2020-09-22 14:04:14 -04:00
Richard Lau
8e17383653
2020-09-15, Version 14.11.0 (Current)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due
  to unfinished HTTP/1.1 requests (Critical).
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
  (High).

PR-URL: https://github.com/nodejs-private/node-private/pull/225
2020-09-15 16:49:55 -04:00
Michaël Zasso
9ab5c6b96c
2020-09-15, Version 12.18.4 'Erbium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
- CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).

PR-URL: https://github.com/nodejs-private/node-private/pull/223
2020-09-15 21:43:35 +01:00
Beth Griggs
3bdac31c4b
2020-09-15, Version 10.22.1 'Dubnium' (LTS)
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8252: fs.realpath.native on may cause buffer overflow
  (Medium).

PR-URL: https://github.com/nodejs-private/node-private/pull/222
2020-09-15 21:30:09 +01:00
Richard Lau
b7f3e83086
2020-09-10, Version 14.10.1 (Current)
Notable changes:

Node.js 14.10.0 included a streams regression with async generators
and a docs rendering regression that are being fixed in this release.

PR-URL: https://github.com/nodejs/node/pull/35137
2020-09-10 10:51:03 -04:00
Richard Lau
b5a47ca2d1
2020-09-08, Version 14.10.0 (Current)
Notable changes:

- buffer: also alias BigUInt methods (Anna Henningsen)
  https://github.com/nodejs/node/pull/34960
- crypto: add randomInt function (Oli Lalonde)
  https://github.com/nodejs/node/pull/34600
- perf_hooks: add idleTime and event loop util (Trevor Norris)
  https://github.com/nodejs/node/pull/34938
- stream: simpler and faster Readable async iterator (Robert Nagy)
  https://github.com/nodejs/node/pull/34035
- stream: save error in state (Robert Nagy)
  https://github.com/nodejs/node/pull/34103

PR-URL: https://github.com/nodejs/node/pull/35023

Conflicts:
	src/node_version.h
2020-09-08 11:35:08 -04:00
Danielle Adams
3089f96ed0
2020-08-27, Version 14.9.0 (Current)
Notable changes:

- build: set --v8-enable-object-print by default (Mary Marchini)
  [#34705](https://github.com/nodejs/node/pull/34705)
- deps:
  - upgrade to libuv 1.39.0 (cjihrig)
    [#34915](https://github.com/nodejs/node/pull/34915)
  - upgrade npm to 6.14.8 (Ruy Adorno)
    [#34834](https://github.com/nodejs/node/pull/34834)
  - V8: cherry-pick e06ace6b5cdb (Anna Henningsen)
    [#34673](https://github.com/nodejs/node/pull/34673)
- n-api: handle weak no-finalizer refs correctly (Gabriel Schulhof)
  [#34839](https://github.com/nodejs/node/pull/34839)
- tools: add debug entitlements for macOS 10.15+ (Gabriele Greco)
  [#34378](https://github.com/nodejs/node/pull/34378)

PR-URL: https://github.com/nodejs/node/pull/34852
2020-08-27 15:44:13 +01:00
Juan José Arboleda
79402c0eaa doc: fix CHANGELOG.md parsing issue
PR-URL: https://github.com/nodejs/node/pull/34923
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2020-08-27 07:26:25 -07:00
Shelley Vohr
6e1f6ec573
2020-08-11, Version 14.8.0 (Current)
Notable changes:

async_hooks:
  * (SEMVER-MINOR) add AsyncResource.bind utility (James M Snell) https://github.com/nodejs/node/pull/34574
doc:
  * add Ricky Zhou to collaborators (rickyes) https://github.com/nodejs/node/pull/34676
  * add release key for Ruy Adorno (Ruy Adorno) https://github.com/nodejs/node/pull/34628
  * add DerekNonGeneric to collaborators (Derek Lewis) https://github.com/nodejs/node/pull/34602
module:
  * (SEMVER-MINOR) unflag Top-Level Await (Myles Borins) https://github.com/nodejs/node/pull/34558
n-api:
  * (SEMVER-MINOR) support type-tagging objects (Gabriel Schulhof) https://github.com/nodejs/node/pull/28237
n-api,src:
  * (SEMVER-MINOR) provide asynchronous cleanup hooks (Anna Henningsen) https://github.com/nodejs/node/pull/34572

PR-URL: https://github.com/nodejs/node/pull/34704
2020-08-11 09:40:48 -07:00