Michaël Zasso
7c1b1f41c3
2023-10-24, Version 21.1.0 (Current)
...
Notable changes:
doc:
* add H4ad to collaborators (Vinícius Lourenço) https://github.com/nodejs/node/pull/50217
esm:
* (SEMVER-MINOR) detect ESM syntax in ambiguous JavaScript (Geoffrey Booth) https://github.com/nodejs/node/pull/50096
fs:
* (SEMVER-MINOR) add flush option to appendFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50095
lib:
* (SEMVER-MINOR) add `navigator.userAgent` (Yagiz Nizipli) https://github.com/nodejs/node/pull/50200
stream:
* (SEMVER-MINOR) allow pass stream class to `stream.compose` (Alex Yang) https://github.com/nodejs/node/pull/50187
* call helper function from push and unshift (Raz Luvaton) https://github.com/nodejs/node/pull/50173
PR-URL: https://github.com/nodejs/node/pull/50335
2023-10-24 15:13:00 +02:00
RafaelGSS
ed16a46481
2023-10-17, Version 21.0.0 (Current)
...
Notable Changes:
doc:
* promote fetch/webstreams from experimental to stable (Steven) https://github.com/nodejs/node/pull/45684
esm:
* use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50140
* --experimental-default-type flag to flip module defaults (Geoffrey Booth) https://github.com/nodejs/node/pull/49869
* remove `globalPreload` hook (superseded by `initialize`) (Jacob Smith) https://github.com/nodejs/node/pull/49144
fs:
* add flush option to writeFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50009
* (SEMVER-MAJOR) add globSync implementation (Moshe Atlow) https://github.com/nodejs/node/pull/47653
http:
* (SEMVER-MAJOR) reduce parts in chunked response when corking (Robert Nagy) https://github.com/nodejs/node/pull/50167
lib:
* (SEMVER-MINOR) add WebSocket client (Matthew Aitken) https://github.com/nodejs/node/pull/49830
* (SEMVER-MAJOR) add `navigator.hardwareConcurrency` (Yagiz Nizipli) https://github.com/nodejs/node/pull/47769
stream:
* optimize Writable (Robert Nagy) https://github.com/nodejs/node/pull/50012
test_runner:
* (SEMVER-MAJOR) support passing globs (Moshe Atlow) https://github.com/nodejs/node/pull/47653
vm:
* use default HDO when importModuleDynamically is not set (Joyee Cheung) https://github.com/nodejs/node/pull/49950
Semver-Major Commits:
* (SEMVER-MAJOR) build: drop support for Visual Studio 2019 (Michaël Zasso) https://github.com/nodejs/node/pull/49051
* (SEMVER-MAJOR) build: bump supported macOS and Xcode versions (Michaël Zasso) https://github.com/nodejs/node/pull/49164
* (SEMVER-MAJOR) crypto: do not overwrite \_writableState.defaultEncoding (Tobias Nießen) https://github.com/nodejs/node/pull/49140
* (SEMVER-MAJOR) deps: bump minimum ICU version to 73 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) deps: update V8 to 11.8.172.13 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) deps: update llhttp to 9.1.2 (Paolo Insogna) https://github.com/nodejs/node/pull/48981
* (SEMVER-MAJOR) events: validate options of `on` and `once` (Deokjin Kim) https://github.com/nodejs/node/pull/46018
* (SEMVER-MAJOR) fs: adjust `position` validation in reading methods (Livia Medeiros) https://github.com/nodejs/node/pull/42835
* (SEMVER-MAJOR) fs: add globSync implementation (Moshe Atlow) https://github.com/nodejs/node/pull/47653
* (SEMVER-MAJOR) http: reduce parts in chunked response when corking (Robert Nagy) https://github.com/nodejs/node/pull/50167
* (SEMVER-MAJOR) lib: mark URL/URLSearchParams as uncloneable and untransferable (Chengzhong Wu) https://github.com/nodejs/node/pull/47497
* (SEMVER-MAJOR) lib: remove aix directory case for package reader (Yagiz Nizipli) https://github.com/nodejs/node/pull/48605
* (SEMVER-MAJOR) lib: add `navigator.hardwareConcurrency` (Yagiz Nizipli) https://github.com/nodejs/node/pull/47769
* (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) https://github.com/nodejs/node/pull/47202
* (SEMVER-MAJOR) module: harmonize error code between ESM and CJS (Antoine du Hamel) https://github.com/nodejs/node/pull/48606
* (SEMVER-MAJOR) net: do not treat `server.maxConnections=0` as `Infinity` (ignoramous) https://github.com/nodejs/node/pull/48276
* (SEMVER-MAJOR) net: only defer \_final call when connecting (Jason Zhang) https://github.com/nodejs/node/pull/47385
* (SEMVER-MAJOR) node-api: rename internal NAPI\_VERSION definition (Chengzhong Wu) https://github.com/nodejs/node/pull/48501
* (SEMVER-MAJOR) src: update NODE\_MODULE\_VERSION to 120 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) src: throw DOMException on cloning non-serializable objects (Chengzhong Wu) https://github.com/nodejs/node/pull/47839
* (SEMVER-MAJOR) src: throw DataCloneError on transfering untransferable objects (Chengzhong Wu) https://github.com/nodejs/node/pull/47604
* (SEMVER-MAJOR) stream: use private properties for strategies (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) stream: use private properties for encoding (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) stream: use private properties for compression (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) test\_runner: disallow array in `run` options (Raz Luvaton) https://github.com/nodejs/node/pull/49935
* (SEMVER-MAJOR) test\_runner: support passing globs (Moshe Atlow) https://github.com/nodejs/node/pull/47653
* (SEMVER-MAJOR) tls: use `validateNumber` for `options.minDHSize` (Deokjin Kim) https://github.com/nodejs/node/pull/49973
* (SEMVER-MAJOR) tls: use validateFunction for `options.checkServerIdentity` (Deokjin Kim) https://github.com/nodejs/node/pull/49896
* (SEMVER-MAJOR) util: runtime deprecate `promisify`-ing a function returning a `Promise` (Antoine du Hamel) https://github.com/nodejs/node/pull/49609
* (SEMVER-MAJOR) vm: freeze `dependencySpecifiers` array (Antoine du Hamel) https://github.com/nodejs/node/pull/49720
PR-URL: https://github.com/nodejs/node/pull/49870
Co-authored-by: Michaël Zasso <targos@protonmail.com>
2023-10-17 12:45:37 -03:00
RafaelGSS
937ea06fd5
2023-10-13, Version 18.18.2 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 ): `nghttp2` Security Release (High)
* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143 ): `undici` Security Release (High)
* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552 ): Integrity checks according to policies can be circumvented (Medium)
* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333 ): Code injection via WebAssembly export names (Low)
PR-URL: https://github.com/nodejs-private/node-private/pull/492
2023-10-13 17:52:15 -03:00
RafaelGSS
deeffa0388
2023-10-13, Version 20.8.1 (Current)
...
This is a security release.
Notable changes:
* CVE-2023-44487: `nghttp2` Security Release (High)
* CVE-2023-45143: `undici` Security Release (High)
* CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
* CVE-2023-39331: Permission model improperly protects against path traversal (High)
* CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)
PR-URL: https://github.com/nodejs-private/node-private/pull/491
2023-10-13 17:25:50 -03:00
Richard Lau
11f95dd12f
2023-10-10, Version 18.18.1 'Hydrogen' (LTS)
...
Notable changes:
This release addresses some regressions that appeared in Node.js 18.18.0:
- (Windows) FS can not handle certain characters in file name
https://github.com/nodejs/node/issues/48673
- 18 and 20 node images give error - Text file busy (after re-build images)
https://github.com/nodejs/docker-node/issues/1968
- libuv update in 18.18.0 breaks webpack's thread-loader
https://github.com/nodejs/node/issues/49911
The libuv 1.45.0 and 1.46.0 updates that were released in Node.js 18.18.0
have been temporarily reverted.
PR-URL: https://github.com/nodejs/node/pull/50066
2023-10-10 11:38:44 -04:00
Ruy Adorno
5570c29780
2023-09-28, Version 20.8.0 (Current)
...
Notable changes:
deps:
* add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) https://github.com/nodejs/node/pull/49874
doc:
* deprecate `fs.F_OK`, `fs.R_OK`, `fs.W_OK`, `fs.X_OK` (Livia Medeiros) https://github.com/nodejs/node/pull/49683
* deprecate `util.toUSVString` (Yagiz Nizipli) https://github.com/nodejs/node/pull/49725
* deprecate calling `promisify` on a function that returns a promise (Antoine du Hamel) https://github.com/nodejs/node/pull/49647
esm:
* set all hooks as release candidate (Geoffrey Booth) https://github.com/nodejs/node/pull/49597
module:
* fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) https://github.com/nodejs/node/pull/48510
* fix leak of vm.SyntheticModule (Joyee Cheung) https://github.com/nodejs/node/pull/48510
* use symbol in WeakMap to manage host defined options (Joyee Cheung) https://github.com/nodejs/node/pull/48510
src:
* (SEMVER-MINOR) allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) https://github.com/nodejs/node/pull/49279
stream:
* use bitmap in writable state (Raz Luvaton) https://github.com/nodejs/node/pull/49834
* use bitmap in readable state (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/49745
* improve webstream readable async iterator performance (Raz Luvaton) https://github.com/nodejs/node/pull/49662
test_runner:
* (SEMVER-MINOR) accept `testOnly` in `run` (Moshe Atlow) https://github.com/nodejs/node/pull/49753
* (SEMVER-MINOR) add junit reporter (Moshe Atlow) https://github.com/nodejs/node/pull/49614
PR-URL: https://github.com/nodejs/node/pull/49932
2023-09-28 23:14:36 -04:00
Ruy Adorno
78ab0eebd1
2023-09-18, Version 18.18.0 'Hydrogen' (LTS)
...
Notable changes:
build:
* sync libuv header change (Jiawen Geng) https://github.com/nodejs/node/pull/48078
crypto:
* update root certificates to NSS 3.93 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49341
* update root certificates to NSS 3.90 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/48416
deps:
* add missing thread-common.c in uv.gyp (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
* upgrade to libuv 1.46.0 (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
* upgrade to libuv 1.45.0 (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
doc:
* add atlowChemi to collaborators (atlowChemi) https://github.com/nodejs/node/pull/48757
* add vmoroz to collaborators (Vladimir Morozov) https://github.com/nodejs/node/pull/48527
* add kvakil to collaborators (Keyhan Vakil) https://github.com/nodejs/node/pull/48449
esm:
* (SEMVER-MINOR) add `--import` flag (Moshe Atlow) https://github.com/nodejs/node/pull/43942
events:
* (SEMVER-MINOR) allow safely adding listener to abortSignal (Chemi Atlow) https://github.com/nodejs/node/pull/48596
fs, stream:
* initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) https://github.com/nodejs/node/pull/48518
net:
* add autoSelectFamily global getter and setter (Paolo Insogna) https://github.com/nodejs/node/pull/45777
url:
* (SEMVER-MINOR) add value argument to has and delete methods (Sankalp Shubham) https://github.com/nodejs/node/pull/47885
PR-URL: https://github.com/nodejs/node/pull/49220
2023-09-18 17:39:17 -04:00
Ulises Gascón
b651e37d2e
2023-09-18, Version 20.7.0 (Current)
...
Notable changes:
crypto:
* update root certificates to NSS 3.93 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/49341
deps:
* upgrade npm to 10.1.0 (npm team) https://github.com/nodejs/node/pull/49570
* upgrade npm to 10.0.0 (npm team) https://github.com/nodejs/node/pull/49423
doc:
* move and rename loaders section (Geoffrey Booth) https://github.com/nodejs/node/pull/49261
* add release key for Ulises Gascon (Ulises Gascón) https://github.com/nodejs/node/pull/49196
lib:
* (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) https://github.com/nodejs/node/pull/46391
src:
* support multiple `--env-file` declarations (Yagiz Nizipli) https://github.com/nodejs/node/pull/49542
src,permission:
* add multiple allow-fs-* flags (Carlos Espa) https://github.com/nodejs/node/pull/49047
test_runner:
* (SEMVER-MINOR) expose location of tests (Colin Ihrig) https://github.com/nodejs/node/pull/48975
PR-URL: https://github.com/nodejs/node/pull/49592
2023-09-18 17:36:24 +00:00
Richard Lau
44084b81bb
doc: mark Node.js 16 as End-of-Life
...
PR-URL: https://github.com/nodejs/node/pull/49651
Refs: https://nodejs.org/en/blog/announcements/nodejs16-eol
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
2023-09-14 16:22:41 +00:00
RafaelGSS
0a2ab4c77c
2023-09-08, Version 20.6.1 (Current)
...
Notable changes:
esm:
* fix loading of CJS modules from ESM (Antoine du Hamel) https://github.com/nodejs/node/pull/49500
PR-URL: https://github.com/nodejs/node/pull/49528
2023-09-08 11:45:05 -04:00
Ulises Gascón
12354260db
2023-09-04, Version 20.6.0 (Current)
...
Notable changes:
deps:
* V8: cherry-pick 93275031284c (Joyee Cheung) #48660
doc:
* add new TSC members (Michael Dawson) #48841
* add rluvaton to collaborators (Raz Luvaton) #49215
esm:
* unflag import.meta.resolve (Guy Bedford) #49028
* add `initialize` hook, integrate with `register` (Izaak Schroeder) #48842
* unflag `Module.register` and allow nested loader `import()` (Izaak Schroeder) #48559
inspector:
* (SEMVER-MINOR) open add `SymbolDispose` (Chemi Atlow) #48765
module:
* implement `register` utility (João Lenon) #46826
* make CJS load from ESM loader (Antoine du Hamel) #47999
src:
* add built-in `.env` file support (Yagiz Nizipli) #48890
* initialize cppgc (Daryl Haresign and Joyee Cheung) #48660 and #45704
test_runner:
* (SEMVER-MINOR) expose location of tests (Colin Ihrig) #48975
PR-URL: https://github.com/nodejs/node/pull/49185
2023-09-04 15:01:52 -05:00
RafaelGSS
ae25da20fa
2023-08-09, Version 20.5.1 (Current)
...
This is a security release.
Notable changes:
* CVE-2023-32002: Policies can be bypassed via Module.\_load (High)
* CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High)
* CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* CVE-2023-32005: fs.statfs can bypass the permission model (Low)
* CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
* OpenSSL Security Releases
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html
PR-URL: https://github.com/nodejs-private/node-private/pull/465
2023-08-09 14:24:18 -03:00
RafaelGSS
6d46d986a4
2023-08-09, Version 18.17.1 'Hydrogen' (LTS)
...
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html
PR-URL: https://github.com/nodejs-private/node-private/pull/463
2023-08-09 14:02:22 -03:00
RafaelGSS
eed21991fb
2023-08-09, Version 16.20.2 'Gallium' (LTS)
...
This is a security release.
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html
* https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html
PR-URL: https://github.com/nodejs-private/node-private/pull/458
2023-08-09 13:36:10 -03:00
Juan José Arboleda
d5761a4f8e
2023-07-18, Version 20.5.0 (Current)
...
Notable changes:
doc:
* add atlowChemi to collaborators (atlowChemi) https://github.com/nodejs/node/pull/48757
events:
* (SEMVER-MINOR) allow safely adding listener to abortSignal (Chemi Atlow) https://github.com/nodejs/node/pull/48596
fs:
* add a fast-path for readFileSync utf-8 (Yagiz Nizipli) https://github.com/nodejs/node/pull/48658
test_runner:
* (SEMVER-MINOR) add shards support (Raz Luvaton) https://github.com/nodejs/node/pull/48639
PR-URL: https://github.com/nodejs/node/pull/48761
2023-07-20 16:28:46 -05:00
Danielle Adams
51513b23e8
2023-07-18, Version 18.17.0 'Hydrogen' (LTS)
...
Notable changes:
Ada 2.0
Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This
update brings significant performance improvements to URL parsing, including
enhancements to the url.domainToASCII and url.domainToUnicode functions
in node:url.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all
parts of the application can benefit from the improved performance. Additionally,
Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in https://github.com/nodejs/node/pull/47339
Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per
their WebIDL definitions like in other Web Crypto API implementations. This
further improves interoperability with other implementations of Web Crypto API.
Contributed by Filip Skokan in https://github.com/nodejs/node/pull/46067
crypto:
* update root certificates to NSS 3.89 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47659
dns:
* (SEMVER-MINOR) expose getDefaultResultOrder (btea) https://github.com/nodejs/node/pull/46973
doc:
* add ovflowd to collaborators (Claudio Wunder) https://github.com/nodejs/node/pull/47844
* add KhafraDev to collaborators (Matthew Aitken) https://github.com/nodejs/node/pull/47510
* events:
* (SEMVER-MINOR) add getMaxListeners method (Matthew Aitken) https://github.com/nodejs/node/pull/47039
fs:
* (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
* (SEMVER-MINOR) add recursive option to readdir and opendir (Ethan Arrowood) https://github.com/nodejs/node/pull/41439
* (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
* (SEMVER-MINOR) implement byob mode for readableWebStream() (Debadree Chatterjee) https://github.com/nodejs/node/pull/46933
http:
* (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) https://github.com/nodejs/node/pull/47732
* (SEMVER-MINOR) remove internal error in assignSocket (Matteo Collina) https://github.com/nodejs/node/pull/47723
* (SEMVER-MINOR) add highWaterMark opt in http.createServer (HinataKah0) https://github.com/nodejs/node/pull/47405
lib:
* (SEMVER-MINOR) add webstreams to Duplex.from() (Debadree Chatterjee) https://github.com/nodejs/node/pull/46190
* (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) https://github.com/nodejs/node/pull/47821
module:
* change default resolver to not throw on unknown scheme (Gil Tayar) https://github.com/nodejs/node/pull/47824
node-api:
* (SEMVER-MINOR) define version 9 (Chengzhong Wu) https://github.com/nodejs/node/pull/48151
* (SEMVER-MINOR) deprecate napi_module_register (Vladimir Morozov) https://github.com/nodejs/node/pull/46319
stream:
* (SEMVER-MINOR) preserve object mode in compose (Raz Luvaton) https://github.com/nodejs/node/pull/47413
* (SEMVER-MINOR) add setter & getter for default highWaterMark (#46929 ) (Robert Nagy) https://github.com/nodejs/node/pull/46929
test:
* unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
test_runner:
* (SEMVER-MINOR) add shorthands to `test` (Chemi Atlow) https://github.com/nodejs/node/pull/47909
* (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) https://github.com/nodejs/node/pull/47686
* (SEMVER-MINOR) execute before hook on test (Chemi Atlow) https://github.com/nodejs/node/pull/47586
* (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow) https://github.com/nodejs/node/pull/47238
tools:
* update LICENSE and license-builder.sh (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
url:
* (SEMVER-MINOR) implement URL.canParse (Matthew Aitken) https://github.com/nodejs/node/pull/47179
wasi:
* (SEMVER-MINOR) no longer require flag to enable wasi (Michael Dawson) https://github.com/nodejs/node/pull/47286
PR-URL: https://github.com/nodejs/node/pull/48694
2023-07-18 15:37:22 -04:00
RafaelGSS
8fc3851da7
2023-07-05, Version 20.4.0 (Current)
...
Notable changes:
crypto:
* update root certificates to NSS 3.90 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/48416
doc:
* add vmoroz to collaborators (Vladimir Morozov) https://github.com/nodejs/node/pull/48527
* add kvakil to collaborators (Keyhan Vakil) https://github.com/nodejs/node/pull/48449
fs, stream:
* initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) https://github.com/nodejs/node/pull/48518
test_runner:
* (SEMVER-MINOR) add initial draft for fakeTimers (Erick Wendel) https://github.com/nodejs/node/pull/47775
tls:
* (SEMVER-MINOR) add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) https://github.com/nodejs/node/pull/45190
PR-URL: https://github.com/nodejs/node/pull/48643
2023-07-05 10:51:42 -03:00
RafaelGSS
b607b74a4f
2023-06-20, Version 18.16.1 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
* https://www.openssl.org/news/secadv/20230328.txt
* https://www.openssl.org/news/secadv/20230420.txt
* https://www.openssl.org/news/secadv/20230530.txt
* c-ares vulnerabilities:
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
PR-URL: https://github.com/nodejs-private/node-private/pull/434
2023-06-20 17:26:23 -03:00
RafaelGSS
167dc77d85
2023-06-20, Version 20.3.1 (Current)
...
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
* CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
* CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
* CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
* [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt ).
* [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt ).
* [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt )
PR-URL: https://github.com/nodejs-private/node-private/pull/435
2023-06-20 17:08:45 -03:00
RafaelGSS
c09acb3ea8
2023-06-20, Version 16.20.1 'Gallium' (LTS)
...
This is a security release.
Notable changes:
Following CVEs are fixed in this release:
* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
* https://www.openssl.org/news/secadv/20230328.txt
* https://www.openssl.org/news/secadv/20230420.txt
* https://www.openssl.org/news/secadv/20230530.txt
* c-ares vulnerabilities:
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
PR-URL: https://github.com/nodejs-private/node-private/pull/432
2023-06-20 16:21:56 -03:00
Michaël Zasso
5a58972207
2023-06-08, Version 20.3.0 (Current)
...
Notable changes:
deps:
* upgrade to libuv 1.45.0, including significant performance
improvements to file system operations on Linux (Santiago Gimeno) https://github.com/nodejs/node/pull/48078
doc:
* add Ruy Adorno to list of TSC members (Michael Dawson) https://github.com/nodejs/node/pull/48172
* mark Node.js 14 as End-of-Life (Richard Lau) https://github.com/nodejs/node/pull/48023
lib:
* (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) https://github.com/nodejs/node/pull/47821
module:
* change default resolver to not throw on unknown scheme (Gil Tayar) https://github.com/nodejs/node/pull/47824
node-api:
* (SEMVER-MINOR) define version 9 (Chengzhong Wu) https://github.com/nodejs/node/pull/48151
stream:
* deprecate asIndexedPairs (Chemi Atlow) https://github.com/nodejs/node/pull/48102
PR-URL: https://github.com/nodejs/node/pull/48332
2023-06-08 13:00:26 -03:00
Richard Lau
6aa2aeedcb
doc: mark Node.js 19 as End-of-Life
...
PR-URL: https://github.com/nodejs/node/pull/48283
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Debadree Chatterjee <debadree333@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
2023-06-01 17:51:45 +00:00
Michaël Zasso
c2ca4290f6
2023-05-16, Version 20.2.0 (Current)
...
Notable changes:
doc:
* add ovflowd to collaborators (Claudio Wunder) https://github.com/nodejs/node/pull/47844
http:
* (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) https://github.com/nodejs/node/pull/47732
sea:
* (SEMVER-MINOR) add option to disable the experimental SEA warning (Darshan Sen) https://github.com/nodejs/node/pull/47588
test_runner:
* (SEMVER-MINOR) add `skip`, `todo`, and `only` shorthands to `test` (Chemi Atlow) https://github.com/nodejs/node/pull/47909
url:
* (SEMVER-MINOR) add value argument to `URLSearchParams` `has` and `delete` methods (Sankalp Shubham) https://github.com/nodejs/node/pull/47885
PR-URL: https://github.com/nodejs/node/pull/48020
2023-05-16 14:40:46 +02:00
Richard Lau
fb6afb5c67
doc: mark Node.js 14 as End-of-Life
...
PR-URL: https://github.com/nodejs/node/pull/48023
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>
Reviewed-By: Qingyu Deng <i@ayase-lab.com>
Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Deokjin Kim <deokjin81.kim@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2023-05-16 11:20:08 +00:00
Michaël Zasso
c24a61b3f6
2023-05-03, Version 20.1.0 (Current)
...
Notable changes:
assert:
* deprecate `CallTracker` (Moshe Atlow) https://github.com/nodejs/node/pull/47740
crypto:
* update root certificates to NSS 3.89 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47659
dns:
* (SEMVER-MINOR) expose `getDefaultResultOrder` (btea) https://github.com/nodejs/node/pull/46973
doc:
* add KhafraDev to collaborators (Matthew Aitken) https://github.com/nodejs/node/pull/47510
fs:
* (SEMVER-MINOR) add `recursive` option to `readdir` and `opendir` (Ethan Arrowood) https://github.com/nodejs/node/pull/41439
* (SEMVER-MINOR) add support for `mode` flag to specify the copy behavior of the `cp` methods (Tetsuharu Ohzeki) https://github.com/nodejs/node/pull/47084
http:
* (SEMVER-MINOR) add `highWaterMark` option `http.createServer` (HinataKah0) https://github.com/nodejs/node/pull/47405
stream:
* (SEMVER-MINOR) preserve object mode in `compose` (Raz Luvaton) https://github.com/nodejs/node/pull/47413
test_runner:
* (SEMVER-MINOR) add `testNamePatterns` to `run` API (Chemi Atlow) https://github.com/nodejs/node/pull/47628
* (SEMVER-MINOR) execute `before` hook on test (Chemi Atlow) https://github.com/nodejs/node/pull/47586
* (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) https://github.com/nodejs/node/pull/47686
wasi:
* (SEMVER-MINOR) make `returnOnExit` true by default (Michael Dawson) https://github.com/nodejs/node/pull/47390
PR-URL: https://github.com/nodejs/node/pull/47820
2023-05-03 17:41:05 +02:00
RafaelGSS
8920dc1801
2023-04-18, Version 20.0.0 (Current)
...
Notable Changes:
crypto:
* (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) https://github.com/nodejs/node/pull/46067
deps:
* update ada to 2.0.0 (Node.js GitHub Bot) https://github.com/nodejs/node/pull/47339
esm:
* move hook execution to separate thread (Jacob Smith) https://github.com/nodejs/node/pull/44710
sea:
* use JSON configuration and blob content for SEA (Joyee Cheung) https://github.com/nodejs/node/pull/47125
src,process:
* (SEMVER-MINOR) add permission model (Rafael Gonzaga) https://github.com/nodejs/node/pull/44004
url:
* drop ICU requirement for parsing hostnames (Yagiz Nizipli) https://github.com/nodejs/node/pull/47339
* use ada::url_aggregator for parsing urls (Yagiz Nizipli) https://github.com/nodejs/node/pull/47339
* (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) https://github.com/nodejs/node/pull/45526
Semver-Major Commits:
* [9fafb0a090
] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) https://github.com/nodejs/node/pull/46432
* [1948d37595
] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) https://github.com/nodejs/node/pull/46599
* [7bc0e6a4e7
] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) https://github.com/nodejs/node/pull/47153
* [671ffd7825
] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) https://github.com/nodejs/node/pull/45796
* [ab1614d280
] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [c1bcdbcf79
] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) https://github.com/nodejs/node/pull/46806
* [649f68fc1e
] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) https://github.com/nodejs/node/pull/45579
* [9374700d7a
] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) https://github.com/nodejs/node/pull/47182
* [1640aeb680
] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) https://github.com/nodejs/node/pull/47073
* [c2e4b1fa9a
] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) https://github.com/nodejs/node/pull/47028
* [3ef38c4bd7
] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) https://github.com/nodejs/node/pull/46067
* [08af023b1f
] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) https://github.com/nodejs/node/pull/45653
* [7eb0ac3cb6
] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [a7c129f286
] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [6f5655a18e
] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [f226350fcb
] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [d6dae7420e
] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [56c436533e
] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [51ab98c71b
] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [9f84d3eea8
] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) https://github.com/nodejs/node/pull/45579
* [f2318cd4b5
] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) https://github.com/nodejs/node/pull/45579
* [16e03e7968
] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) https://github.com/nodejs/node/pull/45579
* [6473f5e7f7
] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) https://github.com/nodejs/node/pull/47352
* [cc18fd9608
] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) https://github.com/nodejs/node/pull/45770
* [ff92b40ffc
] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) https://github.com/nodejs/node/pull/46333
* [2a29df6464
] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) https://github.com/nodejs/node/pull/46331
* [391dc74a10
] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) https://github.com/nodejs/node/pull/46283
* [ed3604cd64
] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (wwwzbwcom) https://github.com/nodejs/node/pull/45597
* [88d71dc301
] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) https://github.com/nodejs/node/pull/45772
* [e4d641f02a
] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) https://github.com/nodejs/node/pull/46174
* [0f3e531096
] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) https://github.com/nodejs/node/pull/41276
* [5b5898ac86
] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) https://github.com/nodejs/node/pull/45841
* [55321bafd1
] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) https://github.com/nodejs/node/pull/46790
* [2d0d99733b
] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) https://github.com/nodejs/node/pull/43716
* [dc06df31b6
] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) https://github.com/nodejs/node/pull/45801
* [295b2f3ff4
] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [3803b028dd
] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) https://github.com/nodejs/node/pull/46825
* [e8bddac3e9
] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) https://github.com/nodejs/node/pull/46705
* [f84de0ad4c
] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) https://github.com/nodejs/node/pull/46427
* [a6242772ec
] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [dd5c39a808
] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) https://github.com/nodejs/node/pull/45579
* [63eca7fec0
] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) https://github.com/nodejs/node/pull/46430
* [9e7093f416
] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) https://github.com/nodejs/node/pull/46322
* [fb91ee4f26
] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) https://github.com/nodejs/node/pull/45579
* [eca618071e
] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [c03354d3e0
] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) https://github.com/nodejs/node/pull/45508
* [c733cc0c7f
] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) https://github.com/nodejs/node/pull/46983
* [7ce223273d
] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [ca4bd3023e
] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) https://github.com/nodejs/node/pull/47251
* [58b06a269a
] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) https://github.com/nodejs/node/pull/45579
* [027841c964
] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) https://github.com/nodejs/node/pull/46904
* [3bed5f11e0
] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) https://github.com/nodejs/node/pull/45526
* [7c76fddf25
] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) https://github.com/nodejs/node/pull/46718
* [4b52727976
] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) https://github.com/nodejs/node/pull/47391
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs/node/pull/47441
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-04-18 13:04:39 -03:00
Danielle Adams
527394783e
2023-04-12, Version 18.16.0 'Hydrogen' (LTS)
...
Notable changes:
Add initial support for single executable applications
Compile a JavaScript file into a single executable application:
```console
$ echo 'console.log(`Hello, ${process.argv[2]}!`);' > hello.js
$ cp $(command -v node) hello
$ npx postject hello NODE_JS_CODE hello.js \
--sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2
$ npx postject hello NODE_JS_CODE hello.js \
--sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2 \
--macho-segment-name NODE_JS
$ ./hello world
Hello, world!
```
Contributed by Darshan Sen in https://github.com/nodejs/node/pull/45038
Replace url parser with Ada
Node.js gets a new URL parser called Ada that is compliant with the WHATWG
URL Specification and provides more than 100% performance improvement to
the existing implementation.
Contributed by Yagiz Nizipli in https://github.com/nodejs/node/pull/46410
Other notable changes:
* buffer:
* (SEMVER-MINOR) add Buffer.copyBytesFrom(...) (James M Snell) https://github.com/nodejs/node/pull/46500
* doc:
* add marco-ippolito to collaborators (Marco Ippolito) https://github.com/nodejs/node/pull/46816
* add debadree25 to collaborators (Debadree Chatterjee) https://github.com/nodejs/node/pull/46716
* add deokjinkim to collaborators (Deokjin Kim) https://github.com/nodejs/node/pull/46444
* events:
* (SEMVER-MINOR) add listener argument to listenerCount (Paolo Insogna) https://github.com/nodejs/node/pull/46523
* lib:
* (SEMVER-MINOR) add AsyncLocalStorage.bind() and .snapshot() (flakey5) https://github.com/nodejs/node/pull/46387
* (SEMVER-MINOR) add aborted() utility function (Debadree Chatterjee) https://github.com/nodejs/node/pull/46494
* src:
* (SEMVER-MINOR) allow optional Isolate termination in node::Stop() (Shelley Vohr) https://github.com/nodejs/node/pull/46583
* (SEMVER-MINOR) allow embedder control of code generation policy (Shelley Vohr) https://github.com/nodejs/node/pull/46368
* stream:
* (SEMVER-MINOR) add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46273
* tls:
* (SEMVER-MINOR) support automatic DHE (Tobias Nießen) https://github.com/nodejs/node/pull/46978
* url:
* (SEMVER-MINOR) implement URLSearchParams size getter (James M Snell) https://github.com/nodejs/node/pull/46308
* worker:
* (SEMVER-MINOR) add support for worker name in inspector and trace_events (Debadree Chatterjee) https://github.com/nodejs/node/pull/46832
PR-URL: https://github.com/nodejs/node/pull/47502
2023-04-12 20:34:40 -04:00
RafaelGSS
c8f6f851f9
2023-04-10, Version 19.9.0 (Current)
...
Notable changes:
events:
* (SEMVER-MINOR) add getMaxListeners method (Khafra) https://github.com/nodejs/node/pull/47039
lib:
* (SEMVER-MINOR) add tracing channel to diagnostics\_channel (Stephen Belanger)
msi:
* (SEMVER-MINOR) migrate to WiX4 (Stefan Stojanovic) https://github.com/nodejs/node/pull/45943
node-api:
* (SEMVER-MINOR) deprecate napi\_module\_register (Vladimir Morozov) https://github.com/nodejs/node/pull/46319
stream:
* (SEMVER-MINOR) add setter & getter for default highWaterMark (Robert Nagy) https://github.com/nodejs/node/pull/46929
url:
* (SEMVER-MINOR) implement URL.canParse (Khafra) https://github.com/nodejs/node/pull/47179
test_runner:
* (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow) https://github.com/nodejs/node/pull/47238
PR-URL: https://github.com/nodejs/node/pull/47441
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-04-10 21:10:55 -03:00
Beth Griggs
143deae6d8
2023-03-29, Version 16.20.0 'Gallium' (LTS)
...
Notable changes:
- deps:
- update undici to 5.20.0 (Node.js GitHub Bot)
https://github.com/nodejs/node/pull/46711
- update c-ares to 1.19.0 (Michaël Zasso)
https://github.com/nodejs/node/pull/46415
- upgrade npm to 8.19.4 (npm team)
https://github.com/nodejs/node/pull/46677
- update corepack to 0.17.0 (Node.js GitHub Bot)
https://github.com/nodejs/node/pull/46842
- (SEMVER-MINOR) src: add support for externally shared js builtins
(Michael Dawson) [https://github.com/nodejs/node/pull/44376 ]
PR-URL: https://github.com/nodejs/node/pull/47272
2023-03-29 19:05:29 +01:00
Michaël Zasso
fa8465794d
2023-03-15, Version 19.8.1 (Current)
...
Notable changes:
This release contains a single revert of a change that was introduced in v19.8.0
and introduced application crashes.
Fixes: https://github.com/nodejs/node/issues/47096
PR-URL: https://github.com/nodejs/node/pull/47104
2023-03-15 18:11:57 +01:00
Michaël Zasso
115c9ac68d
2023-03-14, Version 19.8.0 (Current)
...
Notable changes:
buffer:
* (SEMVER-MINOR) add Buffer.copyBytesFrom(...) (James M Snell) https://github.com/nodejs/node/pull/46500
doc:
* add marco-ippolito to collaborators (Marco Ippolito) https://github.com/nodejs/node/pull/46816
events:
* (SEMVER-MINOR) add listener argument to listenerCount (Paolo Insogna) https://github.com/nodejs/node/pull/46523
lib:
* (SEMVER-MINOR) add AsyncLocalStorage.bind() and .snapshot() (flakey5) https://github.com/nodejs/node/pull/46387
src:
* (SEMVER-MINOR) add `fs.openAsBlob` to support File-backed Blobs (James M Snell) https://github.com/nodejs/node/pull/45258
tls:
* (SEMVER-MINOR) support automatic DHE (Tobias Nießen) https://github.com/nodejs/node/pull/46978
url:
* (SEMVER-MINOR) implement URLSearchParams size getter (James M Snell) https://github.com/nodejs/node/pull/46308
wasi:
* (SEMVER-MINOR) add support for version when creating WASI (Michael Dawson) https://github.com/nodejs/node/pull/46469
worker:
* (SEMVER-MINOR) add support for worker name in inspector and trace_events (Debadree Chatterjee) https://github.com/nodejs/node/pull/46832
PR-URL: https://github.com/nodejs/node/pull/47087
2023-03-14 19:52:10 +01:00
Juan José Arboleda
3b0c047c31
2023-03-07, Version 18.15.0 'Hydrogen' (LTS)
...
Notable changes:
buffer:
* (SEMVER-MINOR) add isAscii method (Yagiz Nizipli) https://github.com/nodejs/node/pull/46046
doc,lib,src,test:
* rename --test-coverage (Colin Ihrig) https://github.com/nodejs/node/pull/46017
fs:
* (SEMVER-MINOR) add statfs() functions (Colin Ihrig) https://github.com/nodejs/node/pull/46358
src,lib:
* (SEMVER-MINOR) add constrainedMemory API for process (theanarkh) https://github.com/nodejs/node/pull/46218
test_runner:
* add initial code coverage support (Colin Ihrig) https://github.com/nodejs/node/pull/46017
* (SEMVER-MINOR) add reporters (Moshe Atlow) https://github.com/nodejs/node/pull/45712
v8:
* (SEMVER-MINOR) support gc profile (theanarkh) https://github.com/nodejs/node/pull/46255
vm:
* (SEMVER-MINOR) expose cachedDataRejected for vm.compileFunction (Anna Henningsen) https://github.com/nodejs/node/pull/46320
PR-URL: https://github.com/nodejs/node/pull/46920
2023-03-07 14:52:01 -05:00
Myles Borins
6a80a2b8cb
2023-02-21, Version 18.14.2 'Hydrogen' (LTS)
...
Notable changes:
deps:
* upgrade npm to 9.5.0 (npm team) https://github.com/nodejs/node/pull/46673
PR-URL: https://github.com/nodejs/node/pull/46724
2023-02-21 13:14:43 -05:00
Myles Borins
89322aed7e
2023-02-21, Version 19.7.0 (Current)
...
Notable changes:
deps:
* upgrade npm to 9.5.0 (npm team) https://github.com/nodejs/node/pull/46673
* add ada as a dependency (Yagiz Nizipli) https://github.com/nodejs/node/pull/46410
doc:
* add debadree25 to collaborators (Debadree Chatterjee) https://github.com/nodejs/node/pull/46716
* add deokjinkim to collaborators (Deokjin Kim) https://github.com/nodejs/node/pull/46444
doc,lib,src,test:
* rename --test-coverage (Colin Ihrig) https://github.com/nodejs/node/pull/46017
lib:
* (SEMVER-MINOR) add aborted() utility function (Debadree Chatterjee) https://github.com/nodejs/node/pull/46494
src:
* (SEMVER-MINOR) add initial support for single executable applications (Darshan Sen) https://github.com/nodejs/node/pull/45038
* (SEMVER-MINOR) allow optional Isolate termination in node::Stop() (Shelley Vohr) https://github.com/nodejs/node/pull/46583
* (SEMVER-MINOR) allow blobs in addition to `FILE*`s in embedder snapshot API (Anna Henningsen) https://github.com/nodejs/node/pull/46491
* (SEMVER-MINOR) allow snapshotting from the embedder API (Anna Henningsen) https://github.com/nodejs/node/pull/45888
* (SEMVER-MINOR) make build_snapshot a per-Isolate option, rather than a global one (Anna Henningsen) https://github.com/nodejs/node/pull/45888
* (SEMVER-MINOR) add snapshot support for embedder API (Anna Henningsen) https://github.com/nodejs/node/pull/45888
* (SEMVER-MINOR) allow embedder control of code generation policy (Shelley Vohr) https://github.com/nodejs/node/pull/46368
stream:
* (SEMVER-MINOR) add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46273
test_runner:
* add initial code coverage support (Colin Ihrig) https://github.com/nodejs/node/pull/46017
url:
* replace url-parser with ada (Yagiz Nizipli) https://github.com/nodejs/node/pull/46410
PR-URL: https://github.com/nodejs/node/pull/46725
2023-02-21 13:12:58 -05:00
RafaelGSS
dd1977f3dd
2023-02-16, Version 19.6.1 (Current)
...
This is a security release.
The following CVEs are fixed in this release:
- CVE-2023-23919: OpenSSL errors not cleared in error stack (Medium)
- CVE-2023-23918: Experimental Policies bypass via `process.mainModule.require`(High)
- CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable (Low)
- OpenSSL 3.0.8
- undici 5.19.1
PR-URL: #385
2023-02-16 18:39:22 -03:00
Juan José Arboleda
667dd34d79
2023-02-16, Version 18.14.1 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
- CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
- OpenSSL 3.0.8
- undici 5.19.1
PR-URL: https://github.com/nodejs-private/node-private/pull/386
2023-02-16 18:29:17 -03:00
Richard Lau
5c4a287c3e
2023-02-16, Version 16.19.1 'Gallium' (LTS)
...
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
- CVE-2023-23918: Node.js Permissions policies can be bypassed via
process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs
crypto library (Medium)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in
Node.js fetch API (Low)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA
environment variable (Low)
Fixed by an update to undici:
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
injection in host headers (Medium)
See https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
for more information.
- CVE-2023-24807: Regular Expression Denial of Service in Headers in
Node.js fetch API (Low)
See https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
for more information.
- OpenSSL 1.1.1t
PR-URL: https://github.com/nodejs-private/node-private/pull/390
2023-02-16 16:12:30 -05:00
Richard Lau
6aca711858
2023-02-16, Version 14.21.3 'Fermium' (LTS)
...
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
* OpenSSL 1.1.1t
* npm 6.14.18
PR-URL: https://github.com/nodejs-private/node-private/pull/389
Refs: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases
2023-02-16 16:11:10 -05:00
Juan José Arboleda
66ab03d032
2023-02-02, Version 18.14.0 'Hydrogen' (LTS)
...
Notable changes:
* deps:
* upgrade npm to 9.3.1 (npm team) https://github.com/nodejs/node/pull/46242
* doc:
* add parallelism note to os.cpus() (Colin Ihrig) https://github.com/nodejs/node/pull/45895
* http:
* join authorization headers (Marco Ippolito) https://github.com/nodejs/node/pull/45982
* improved timeout defaults handling (Paolo Insogna) https://github.com/nodejs/node/pull/45778
* stream:
* implement finished() for ReadableStream and WritableStream (Debadree Chatterjee) https://github.com/nodejs/node/pull/46205
PR-URL: https://github.com/nodejs/node/pull/46396
2023-02-02 14:08:50 -05:00
ruyadorno@google.com
1579ff4f95
2023-02-02, Version 19.6.0 (Current)
...
Notable changes:
buffer:
* (SEMVER-MINOR) add isAscii method (Yagiz Nizipli) https://github.com/nodejs/node/pull/46046
deps:
* upgrade npm to 9.4.0 (npm team) https://github.com/nodejs/node/pull/46353
esm:
* leverage loaders when resolving subsequent loaders (Maël Nison) https://github.com/nodejs/node/pull/43772
fs:
* (SEMVER-MINOR) add statfs() functions (Colin Ihrig) https://github.com/nodejs/node/pull/46358
src,lib:
* (SEMVER-MINOR) add constrainedMemory API for process (theanarkh) https://github.com/nodejs/node/pull/46218
test_runner:
* (SEMVER-MINOR) add reporters (Moshe Atlow) https://github.com/nodejs/node/pull/45712
v8:
* (SEMVER-MINOR) support gc profile (theanarkh) https://github.com/nodejs/node/pull/46255
vm:
* (SEMVER-MINOR) expose cachedDataRejected for vm.compileFunction (Anna Henningsen) https://github.com/nodejs/node/pull/46320
PR-URL: https://github.com/nodejs/node/pull/46455
2023-02-02 11:04:44 -05:00
RafaelGSS
40a206cfff
2023-01-24, Version 19.5.0 (Current)
...
Notable changes:
* http:
* (SEMVER-MINOR) join authorization headers (Marco Ippolito) [#45982 ](https://github.com/nodejs/node/pull/45982 )
* lib:
* add webstreams to Duplex.from() (Debadree Chatterjee) [#46190 ](https://github.com/nodejs/node/pull/46190 )
* stream:
* implement finished() for ReadableStream and WritableStream (Debadree Chatterjee) [#46205 ](https://github.com/nodejs/node/pull/46205 )
PR-URL: https://github.com/nodejs/node/pull/46286
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
2023-01-24 18:16:02 -03:00
RafaelGSS
22a2ec64c4
2023-01-06, Version 19.4.0 (Current)
...
Notable changes:
buffer:
* (SEMVER-MINOR) add buffer.isUtf8 for utf8 validation (Yagiz Nizipli) https://github.com/nodejs/node/pull/45947
http:
* (SEMVER-MINOR) improved timeout defaults handling (Paolo Insogna) https://github.com/nodejs/node/pull/45778
net
* add autoSelectFamily global getter and setter (Paolo Insogna) https://github.com/nodejs/node/pull/45777
os:
* (SEMVER-MINOR) add availableParallelism() (Colin Ihrig) https://github.com/nodejs/node/pull/45895
util:
* add fast path for text-decoder fatal flag (Yagiz Nizipli) https://github.com/nodejs/node/pull/45803
PR-URL: https://github.com/nodejs/node/pull/46061
2023-01-06 09:57:24 -03:00
Danielle Adams
0593b699b8
2023-01-05, Version 18.13.0 'Hydrogen' (LTS)
...
Notable changes:
Add support for externally shared js builtins:
By default Node.js is built so that all dependencies are bundled into the
Node.js binary itself. Some Node.js distributions prefer to manage dependencies
externally. There are existing build options that allow dependencies with
native code to be externalized. This commit adds additional options so that
dependencies with JavaScript code (including WASM) can also be externalized.
This addition does not affect binaries shipped by the Node.js project but
will allow other distributions to externalize additional dependencies when
needed.
Contributed by Michael Dawson in https://github.com/nodejs/node/pull/44376
Introduce `File`:
The File class is part of the [FileAPI](https://w3c.github.io/FileAPI/ ).
It can be used anywhere a Blob can, for example in `URL.createObjectURL`
and `FormData`. It contains two properties that Blobs do not have: `lastModified`,
the last time the file was modified in ms, and `name`, the name of the file.
Contributed by Khafra in https://github.com/nodejs/node/pull/45139
Support function mocking on Node.js test runner:
The `node:test` module supports mocking during testing via a top-level `mock`
object.
```js
test('spies on an object method', (t) => {
const number = {
value: 5,
add(a) {
return this.value + a;
},
};
t.mock.method(number, 'add');
assert.strictEqual(number.add(3), 8);
assert.strictEqual(number.add.mock.calls.length, 1);
});
```
Contributed by Colin Ihrig in https://github.com/nodejs/node/pull/45326
Other notable changes:
build:
* disable v8 snapshot compression by default (Joyee Cheung) https://github.com/nodejs/node/pull/45716
crypto:
* update root certificates (Luigi Pinca) https://github.com/nodejs/node/pull/45490
deps:
* update ICU to 72.1 (Michaël Zasso) https://github.com/nodejs/node/pull/45068
doc:
* add doc-only deprecation for headers/trailers setters (Rich Trott) https://github.com/nodejs/node/pull/45697
* add Rafael to the tsc (Michael Dawson) https://github.com/nodejs/node/pull/45691
* deprecate use of invalid ports in `url.parse` (Antoine du Hamel) https://github.com/nodejs/node/pull/45576
* add lukekarrys to collaborators (Luke Karrys) https://github.com/nodejs/node/pull/45180
* add anonrig to collaborators (Yagiz Nizipli) https://github.com/nodejs/node/pull/45002
* deprecate url.parse() (Rich Trott) https://github.com/nodejs/node/pull/44919
lib:
* drop fetch experimental warning (Matteo Collina) https://github.com/nodejs/node/pull/45287
net:
* (SEMVER-MINOR) add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) https://github.com/nodejs/node/pull/44731
* src:
* (SEMVER-MINOR) add uvwasi version (Jithil P Ponnan) https://github.com/nodejs/node/pull/45639
* (SEMVER-MINOR) add initial shadow realm support (Chengzhong Wu) https://github.com/nodejs/node/pull/42869
test_runner:
* (SEMVER-MINOR) add t.after() hook (Colin Ihrig) https://github.com/nodejs/node/pull/45792
* (SEMVER-MINOR) don't use a symbol for runHook() (Colin Ihrig) https://github.com/nodejs/node/pull/45792
tls:
* (SEMVER-MINOR) add "ca" property to certificate object (Ben Noordhuis) https://github.com/nodejs/node/pull/44935
* remove trustcor root ca certificates (Ben Noordhuis) https://github.com/nodejs/node/pull/45776
tools:
* update certdata.txt (Luigi Pinca) https://github.com/nodejs/node/pull/45490
util:
* add fast path for utf8 encoding (Yagiz Nizipli) https://github.com/nodejs/node/pull/45412
* improve textdecoder decode performance (Yagiz Nizipli) https://github.com/nodejs/node/pull/45294
* (SEMVER-MINOR) add MIME utilities (#21128 ) (Bradley Farias) https://github.com/nodejs/node/pull/21128
PR-URL: https://github.com/nodejs/node/pull/46025
2023-01-05 19:57:23 -05:00
Michaël Zasso
b4f8186657
2022-12-14, Version 19.3.0 (Current)
...
Notable changes:
build:
* disable v8 snapshot compression by default (Joyee Cheung) https://github.com/nodejs/node/pull/45716
deps:
* upgrade npm to 9.2.0 (npm team) https://github.com/nodejs/node/pull/45780
doc:
* add doc-only deprecation for headers/trailers setters (Rich Trott) https://github.com/nodejs/node/pull/45697
* add Rafael Gonzaga to the TSC (Michael Dawson) https://github.com/nodejs/node/pull/45691
net:
* (SEMVER-MINOR) add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) https://github.com/nodejs/node/pull/44731
src:
* (SEMVER-MINOR) add uvwasi version (Jithil P Ponnan) https://github.com/nodejs/node/pull/45639
test_runner:
* (SEMVER-MINOR) add t.after() hook (Colin Ihrig) https://github.com/nodejs/node/pull/45792
* (SEMVER-MINOR) don't use a symbol for runHook() (Colin Ihrig) https://github.com/nodejs/node/pull/45792
tls:
* remove trustcor root ca certificates (Ben Noordhuis) https://github.com/nodejs/node/pull/45776
PR-URL: https://github.com/nodejs/node/pull/45831
2022-12-14 13:52:52 +00:00
Richard Lau
a14244ce26
2022-12-13, Version 16.19.0 'Gallium' (LTS)
...
Notable changes:
- OpenSSL 1.1.1s
- Root certificates updated to NSS 3.85
- Time zone update to 2022f
- add dgram send queue info
- upgrade npm to 8.19.3
- add `--watch`
- add default value option to parsearg
PR-URL: https://github.com/nodejs/node/pull/45791
2022-12-13 08:01:09 -05:00
Richard Lau
c7946b1744
2022-12-13, Version 14.21.2 'Fermium' (LTS)
...
Notable changes:
OpenSSL 1.1.1s
Root certificates updated to NSS 3.85
Time zone update to 2022f
PR-URL: https://github.com/nodejs/node/pull/45775
2022-12-13 07:44:16 -05:00
Ruy Adorno
1bbd14eac2
2022-11-29, Version 19.2.0 (Current)
...
Notable changes:
buffer:
* (SEMVER-MINOR) introduce File (Khafra) https://github.com/nodejs/node/pull/45139
deps:
* update timezone to 2022f (Node.js GitHub Bot) https://github.com/nodejs/node/pull/45289
* update V8 to 10.8.168.20 (Michaël Zasso) https://github.com/nodejs/node/pull/45230
doc:
* deprecate use of invalid ports in `url.parse` (Antoine du Hamel) https://github.com/nodejs/node/pull/45576
util:
* add fast path for utf8 encoding (Yagiz Nizipli) https://github.com/nodejs/node/pull/45412
PR-URL: https://github.com/nodejs/node/pull/45615
2022-11-29 14:10:05 -05:00
Rafael Gonzaga
0a592e48a0
doc: include v19.1.0 in CHANGELOG.md
...
It was missed in the last release.
Refs: 3770d3a450
PR-URL: https://github.com/nodejs/node/pull/45462
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Ruy Adorno <ruyadorno@google.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Harshitha K P <harshitha014@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
2022-11-15 10:50:42 +00:00
Juan José Arboleda
58e8a8c58e
2022-11-04, Version 18.12.1 'Hydrogen' (LTS)
...
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
- CVE-2022-3602: A buffer overrun can be triggered in X.509
certificate verification (High)
- CVE-2022-3786: A buffer overrun can be triggered in X.509
certificate verification (High)
- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP
address (Medium)
PR-URL: https://github.com/nodejs-private/node-private/pull/365
2022-11-04 14:26:35 -05:00
RafaelGSS
e4135a1de1
2022-11-04, Version 19.0.1 (Current)
...
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
- CVE-2022-3786: A buffer overrun can be triggered in X.509
certificate verification (High)
- CVE-2022-3602: A buffer overrun can be triggered in X.509
certificate verification (High)
- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP
address (Medium)
PR-URL: https://github.com/nodejs-private/node-private/pull/366
2022-11-04 14:55:40 -03:00