Releases: nodejs/node
2023-07-18, Version 20.5.0 (Current), @juanarbol
Notable Changes
- [
45be29d89f
] - doc: add atlowChemi to collaborators (atlowChemi) #48757 - [
a316808136
] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #48596 - [
986b46a567
] - fs: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) #48658 - [
0ef73ff6f0
] - (SEMVER-MINOR) test_runner: add shards support (Raz Luvaton) #48639
Commits
- [
eb0aba59b8
] - bootstrap: use correct descriptor for Symbol.{dispose,asyncDispose} (Jordan Harband) #48703 - [
e2d0195dcf
] - bootstrap: hide experimental web globals with flag kNoBrowserGlobals (Chengzhong Wu) #48545 - [
67a1018389
] - build: do not pass target toolchain flags to host toolchain (Ivan Trubach) #48597 - [
7d843bb942
] - child_process: use addAbortListener (atlowChemi) #48550 - [
4e08160f8c
] - child_process: supportSymbol.dispose
(Moshe Atlow) #48551 - [
ef7728bf36
] - deps: update nghttp2 to 1.55.1 (Node.js GitHub Bot) #48790 - [
1454f02499
] - deps: update nghttp2 to 1.55.0 (Node.js GitHub Bot) #48746 - [
fa94debf46
] - deps: update minimatch to 9.0.3 (Node.js GitHub Bot) #48704 - [
c73cfcc144
] - deps: update acorn to 8.10.0 (Node.js GitHub Bot) #48713 - [
b7a076a052
] - deps: V8: cherry-pick cb00db4dba6c (Keyhan Vakil) #48671 - [
150e15536b
] - deps: upgrade npm to 9.8.0 (npm team) #48665 - [
c47b2cbd35
] - dgram: socket addasyncDispose
(atlowChemi) #48717 - [
002ce31cca
] - dgram: use addAbortListener (atlowChemi) #48550 - [
45be29d89f
] - doc: add atlowChemi to collaborators (atlowChemi) #48757 - [
69b55d2261
] - doc: fix ambiguity in http.md and https.md (an5er) #48692 - [
caccb051c7
] - doc: clarify transform._transform() callback argument logic (Rafael Sofi-zada) #48680 - [
999ae0c8c3
] - doc: fix copy node executable in Windows (Yoav Vainrich) #48624 - [
7daefaeb44
] - doc: drop <b> of v20 changelog (Rafael Gonzaga) #48649 - [
dd7ea3e1df
] - doc: mention git node release prepare (Rafael Gonzaga) #48644 - [
cc7809df21
] - esm: fix emit deprecation on legacy main resolve (Antoine du Hamel) #48664 - [
67b13d1dba
] - events: fix bug listenerCount don't compare wrapped listener (yuzheng14) #48592 - [
a316808136
] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #48596 - [
986b46a567
] - fs: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) #48658 - [
e4333ac41f
] - http2: use addAbortListener (atlowChemi) #48550 - [
4a0b66e4f9
] - http2: send RST code 8 on AbortController signal (Devraj Mehta) #48573 - [
1295c76fce
] - lib: use addAbortListener (atlowChemi) #48550 - [
dff6c25a36
] - meta: bump actions/checkout from 3.5.2 to 3.5.3 (dependabot[bot]) #48625 - [
b5cb69ceaa
] - meta: bump step-security/harden-runner from 2.4.0 to 2.4.1 (dependabot[bot]) #48626 - [
332e480b46
] - meta: bump ossf/scorecard-action from 2.1.3 to 2.2.0 (dependabot[bot]) #48628 - [
25c5a0aaee
] - meta: bump github/codeql-action from 2.3.6 to 2.20.1 (dependabot[bot]) #48627 - [
6406f50ab1
] - module: add SourceMap.lineLengths (Isaac Z. Schlueter) #48461 - [
cfa69bd48c
] - net: server addasyncDispose
(atlowChemi) #48717 - [
ac11264cc5
] - net: use addAbortListener (atlowChemi) #48550 - [
82d6b13bf6
] - permission: add debug log when inserting fs nodes (Rafael Gonzaga) #48677 - [
f4333b1cdd
] - permission: v8.writeHeapSnapshot and process.report (Rafael Gonzaga) #48564 - [
f691dca6c9
] - readline: use addAbortListener (atlowChemi) #48550 - [
227e6bd898
] - src: pass syscall onfs.readFileSync
fail operation (Yagiz Nizipli) #48815 - [
a9a4b73653
] - src: make BaseObject iteration order deterministic (Joyee Cheung) #48702 - [
d99ea4845a
] - src: remove kEagerCompile for CompileFunction (Keyhan Vakil) #48671 - [
df363d0010
] - src: deduplicate X509 getter implementations (Tobias Nießen) #48563 - [
9cf2e1f55b
] - src,lib: reducing C++ calls of esm legacy main resolve (Vinicius Lourenço) #48325 - [
daeb21dde9
] - stream: fix deadlock when pipeing to full sink (Robert Nagy) #48691 - [
5a382d02d6
] - stream: use addAbortListener (atlowChemi) #48550 - [
6e82077dd4
] - test: deflake test-net-throttle (Luigi Pinca) #48599 - [
d378b2c822
] - test: move test-net-throttle to parallel (Luigi Pinca) #48599 - [
dfa0aee5bf
] - Revert "test: remove test-crypto-keygen flaky designation" (Luigi Pinca) #48652 - [
0ef73ff6f0
] - (SEMVER-MINOR) test_runner: add shards support (Raz Luvaton) #48639 - [
e2442bb7ef
] - timers: support Symbol.dispose (Moshe Atlow) #48633 - [
4398ade426
] - tools: run fetch_deps.py with Python 3 (Richard Lau) [#48729](https://githu...
2023-07-18, Version 18.17.0 'Hydrogen' (LTS), @danielleadams
Notable Changes
Ada 2.0
Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements
to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the
improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in #47339
Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations.
This further improves interoperability with other implementations of Web Crypto API.
Contributed by Filip Skokan in #46067
- crypto:
- update root certificates to NSS 3.89 (Node.js GitHub Bot) #47659
- dns:
- (SEMVER-MINOR) expose getDefaultResultOrder (btea) #46973
- doc:
- events:
- (SEMVER-MINOR) add getMaxListeners method (Matthew Aitken) #47039
- fs:
- (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #47084
- (SEMVER-MINOR) add recursive option to readdir and opendir (Ethan Arrowood) #41439
- (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #47084
- (SEMVER-MINOR) implement byob mode for readableWebStream() (Debadree Chatterjee) #46933
- http:
- lib:
- module:
- change default resolver to not throw on unknown scheme (Gil Tayar) #47824
- node-api:
- stream:
- test:
- unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) #48078
- test_runner:
- tools:
- update LICENSE and license-builder.sh (Santiago Gimeno) #48078
- url:
- (SEMVER-MINOR) implement URL.canParse (Matthew Aitken) #47179
- wasi:
- (SEMVER-MINOR) no longer require flag to enable wasi (Michael Dawson) #47286
Commits
- [
2ba08ac002
] - benchmark: usecluster.isPrimary
instead ofcluster.isMaster
(Deokjin Kim) #48002 - [
60ca69d96c
] - benchmark: add eventtarget creation bench (Rafael Gonzaga) #47774 - [
d8233d96bb
] - benchmark: add a benchmark fordefaultResolve
(Antoine du Hamel) #47543 - [
a1aabb6912
] - benchmark: fix invalid requirementsURL (Deokjin Kim) #47378 - [
394c61caf9
] - bootstrap: support namespaced builtins in snapshot scripts (Joyee Cheung) #47467 - [
0165a765a0
] - bootstrap: do not expand process.argv[1] for snapshot entry points (Joyee Cheung) #47466 - [
cca557cdd9
] - buffer: combine checking range of sourceStart inbuf.copy
(Deokjin Kim) #47758 - [
4c69be467c
] - buffer: use private properties for brand checks in File (Matthew Aitken) #47154 - [
d002f9b6e2
] - build: revert unkonwn ruff selector (Moshe Atlow) #48753 - [
93f77cb762
] - build: set v8_enable_webassembly=false when lite mode is enabled (Cheng Shao) #48248 - [
1662e894f3
] - build: add action to close stale PRs (Michael Dawson) #48051 - [
5ca437b288
] - build: use pathlib for paths (Mohammed Keyvanzadeh) #47581 - [
72443bc54b
] - build: refactor configure.py (Mohammed Keyvanzadeh) #47667 - [
d4eecb5be9
] - build: add devcontainer configuration (Tierney Cyren) #40825 - [
803ed41144
] - build: bump ossf/scorecard-action from 2.1.2 to 2.1.3 (dependabot[bot]) #47367 - [
48468c4413
] - build: replace Python linter flake8 with ruff (Christian Clauss) #47519 - [
3ceb2c4387
] - build: add node-core-utils to setup (Jiawen Geng) #47442 - [
fdc59b8e14
] - build: bump github/codeql-action from 2.2.6 to 2.2.9 (dependabot[bot]) #47366 - [
3924893023
] - build: update stale action from v7 to v8 (Rich Trott) #47357 - [
753185c5b0
] - build: remove Python pip--no-user
option (Christian Clauss) #47372 - [
67af0a6a2b
] - build: avoid usage of pipes library (Mohammed Keyvanzadeh) #47271 - [
db910dd6b2
] - build, deps, tools: avoid excessive LTO (Konstantin Demin) #47313 - [
35d1def891
] - child_process: use signal.reason in child process abort (Debadree Chatterjee) #47817 - [
7692d2e7b9
] - cluster: use ObjectPrototypeHasOwnProperty (Daeyeon Jeong) #48141 - [
7617772762
] - crypto: use openssl's own memory BIOs in crypto_context.cc (GauriSpears) #47160 - [
8cabfe7c6e
] - crypto: fix setEngine() when OPENSSL_NO_ENGINE set (Tobias Nießen) #47977 - [
de1338da05
] - crypto: fix webcrypto private/secret import with empty usages (Filip Skokan) #47877 - [
27a696fda9
] - crypto: update root...
2023-07-05, Version 20.4.0 (Current), @RafaelGSS
Notable Changes
Mock Timers
The new feature allows developers to write more reliable and predictable tests for time-dependent functionality.
It includes MockTimers
with the ability to mock setTimeout
, setInterval
from globals
, node:timers
, and node:timers/promises
.
The feature provides a simple API to advance time, enable specific timers, and release all timers.
import assert from 'node:assert';
import { test } from 'node:test';
test('mocks setTimeout to be executed synchronously without having to actually wait for it', (context) => {
const fn = context.mock.fn();
// Optionally choose what to mock
context.mock.timers.enable(['setTimeout']);
const nineSecs = 9000;
setTimeout(fn, nineSecs);
const threeSeconds = 3000;
context.mock.timers.tick(threeSeconds);
context.mock.timers.tick(threeSeconds);
context.mock.timers.tick(threeSeconds);
assert.strictEqual(fn.mock.callCount(), 1);
});
This feature was contributed by Erick Wendel in #47775.
Support to the explicit resource management proposal
Node is adding support to the explicit resource management
proposal to its resources allowing users of TypeScript/babel to use using
/await using
with
V8 support for everyone else on the way.
This feature was contributed by Moshe Atlow and Benjamin Gruenbaum in #48518.
Other notable changes
- [
fe333d2584
] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #48416 - [
60c2ea4e79
] - doc: add vmoroz to collaborators (Vladimir Morozov) #48527 - [
5cacdf9e6b
] - doc: add kvakil to collaborators (Keyhan Vakil) #48449 - [
504d1d7bdc
] - (SEMVER-MINOR) tls: add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) #45190
Commits
- [
8a611a387f
] - benchmark: add bar.R (Rafael Gonzaga) #47729 - [
12fa716cf9
] - benchmark: refactor crypto oneshot (Filip Skokan) #48267 - [
d6ecbde592
] - benchmark: add crypto.create*Key (Filip Skokan) #48284 - [
e60b6dedd8
] - bootstrap: unify snapshot builder and embedder entry points (Joyee Cheung) #48242 - [
40662957b1
] - bootstrap: simplify initialization of source map handlers (Joyee Cheung) #48304 - [
6551538079
] - build: fixconfigure --link-module
(Richard Lau) #48522 - [
f7f32089e7
] - build: sync libuv header change (Jiawen Geng) #48429 - [
f60205c915
] - build: update action to close stale PRs (Michael Dawson) #48196 - [
4f4d0b802e
] - child_process: improve spawn performance on Linux (Keyhan Vakil) #48523 - [
fe333d2584
] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #48416 - [
89aaf16237
] - crypto: remove OPENSSL_FIPS guard for OpenSSL 3 (Richard Lau) #48392 - [
6199e1946c
] - deps: upgrade to libuv 1.46.0 (Santiago Gimeno) #48618 - [
1b2b930fda
] - deps: add loong64 config into openssl gypi (Shi Pujin) #48043 - [
ba8d048929
] - deps: update acorn to 8.9.0 (Node.js GitHub Bot) #48484 - [
d96f921d06
] - deps: update zlib to 1.2.13.1-motley-f81f385 (Node.js GitHub Bot) #48541 - [
ed1d047e8f
] - deps: update googletest to ec4fed9 (Node.js GitHub Bot) #48538 - [
f43d718c67
] - deps: update minimatch to 9.0.2 (Node.js GitHub Bot) #48542 - [
2f66147cbf
] - deps: update corepack to 0.19.0 (Node.js GitHub Bot) #48540 - [
d91b0fde73
] - deps: V8: cherry-pick 1a782f6543ae (Keyhan Vakil) #48523 - [
112335e342
] - deps: update corepack to 0.18.1 (Node.js GitHub Bot) #48483 - [
2b141c413f
] - deps: update icu to 73.2 (Node.js GitHub Bot) #48502 - [
188b34d4a1
] - deps: upgrade npm to 9.7.2 (npm team) #48514 - [
bf0444b5d9
] - deps: update zlib to 1.2.13.1-motley-3ca9f16 (Node.js GitHub Bot) #48413 - [
b339d80a56
] - deps: upgrade npm to 9.7.1 (npm team) #48378 - [
4132931b87
] - deps: update simdutf to 3.2.14 (Node.js GitHub Bot) #48344 - [
8cd56c1e85
] - deps: update ada to 2.5.1 (Node.js GitHub Bot) #48319 - [
78cffcd645
] - deps: update zlib to 982b036 (Node.js GitHub Bot) #48327 - [
6d00c2e33b
] - doc: fix options order (Luigi Pinca) #48617 - [
7ad2d3a5d1
] - doc: update security release stewards (Rafael Gonzaga) #48569 - [
cc3a056fdd
] - doc: update return type for describe (Shrujal Shah) #48572 - [
99ae0b98af
] - doc: run license-builder (github-actions[bot]) #48552 - [
9750d8205c
] - doc: add description of autoAllocateChunkSize in ReadableStream (Debadree Chatterjee) #48004 - [
417927bb41
] - doc: fixfilename
type inwatch
result (Dmitry Semigradsky) #48032 - [
ca2ae86bd7
] - doc: unnestmime
andMIMEParams
from MIMEType constructor (Dmitry Semigradsky) #47950 - [
bda1228135
] - doc: update security-release-process.md (Rafael Gonzaga) #48504 - [
60c2ea4e79
] - doc: add vmoroz to collaborators (Vladimir Morozov) #48527 - [
37bc0eac4a
] - doc: improve inspector.close() description (mary marchini) #48494 - [
2a403cdad5
] - doc: link to Runtime Keys in export conditions (Jacob Hummer) #48408 - [
e2d579e644
] - doc: update fs flags documentation (sinkhaha) #48463 - [
38bf290115
] - doc: reviseerror.md
introduction (Antoine du Hamel) #48423 - [
641a2e9c6d
] - doc: add preveen-stack to triagers (Preveen P) #48387 - [
4ab5e8d2e3
] - doc: refine ...
2023-06-20, Version 20.3.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
- CVE-2023-30581:
mainModule.__proto__
Bypass Experimental Policy Mechanism (High) - CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
- CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
- CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
- CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
- CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
- OpenSSL Security Releases
More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.
Commits
- [
dac08dafc9
] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen) nodejs-private/node-private#393 - [
d274c3babc
] - crypto,https,tls: disable engines if perms enabled (Tobias Nießen) nodejs-private/node-private#409 - [
5621c1de38
] - deps: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
771caa9f1c
] - deps: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
0459bf9c99
] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426 - [
27e20501aa
] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#427 - [
9c17e335f1
] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408 - [
b51124c637
] - permission: handle fs path traversal (RafaelGSS) nodejs-private/node-private#403 - [
ebc5927adc
] - permission: handle fs.openAsBlob (RafaelGSS) nodejs-private/node-private#405 - [
c39a43bff5
] - permission: handle fs.watchFile (RafaelGSS) nodejs-private/node-private#404 - [
d0a8264ec9
] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416 - [
3df13d5a79
] - src,permission: restrict inspector when pm enabled (RafaelGSS) nodejs-private/node-private#410
2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
- CVE-2023-30581:
mainModule.__proto__
Bypass Experimental Policy Mechanism (High) - CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
- OpenSSL Security Releases
- c-ares vulnerabilities:
More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.
Commits
- [
bf3e2c8928
] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen) nodejs-private/node-private#393 - [
70f9449072
] - deps: setCARES_RANDOM_FILE
for c-ares (Richard Lau) #48156 - [
35d4efb57b
] - deps: update c-ares to 1.19.1 (RafaelGSS) #48115 - [
392dfedc77
] - deps: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
46cd5fe38b
] - deps: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
7e3d2d85c2
] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426 - [
4ff6ba050a
] - http: disable request smuggling via rempty headers (Paolo Insogna) nodejs-private/node-private#428 - [
ab269129a6
] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408 - [
925e8f5619
] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416 - [
d6fae8e47e
] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851
2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
- CVE-2023-30581:
mainModule.__proto__
Bypass Experimental Policy Mechanism (High) - CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
- OpenSSL Security Releases
- c-ares vulnerabilities:
More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.
Commits
- [
5a92ea7a3b
] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen) - [
5df04e893a
] - deps: setCARES_RANDOM_FILE
for c-ares (Richard Lau) #48156 - [
c171cbd124
] - deps: update c-ares to 1.19.1 (RafaelGSS) #48115 - [
155d3aac02
] - deps: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) #48369 - [
8d4c8f8ebe
] - deps: upgrade openssl sources to OpenSSL_1_1_1u (RafaelGSS) #48369 - [
1a5c9284eb
] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426 - [
e42ff4b018
] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#429 - [
10042683c8
] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408 - [
a6f4e87bc9
] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416 - [
b77000f4d7
] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851
2023-06-08, Version 20.3.0 (Current), @targos
Notable Changes
- [
bfcb3d1d9a
] - deps: upgrade to libuv 1.45.0, including significant performance improvements to file system operations on Linux (Santiago Gimeno) #48078 - [
5094d1b292
] - doc: add Ruy Adorno to list of TSC members (Michael Dawson) #48172 - [
2f5dbca690
] - doc: mark Node.js 14 as End-of-Life (Richard Lau) #48023 - [
b1828b325e
] - (SEMVER-MINOR) lib: implementAbortSignal.any()
(Chemi Atlow) #47821 - [
f380953103
] - module: change default resolver to not throw on unknown scheme (Gil Tayar) #47824 - [
a94f87ed99
] - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) #48151 - [
9e2b13dfa7
] - stream: deprecateasIndexedPairs
(Chemi Atlow) #48102
Commits
- [
35c96156d1
] - benchmark: usecluster.isPrimary
instead ofcluster.isMaster
(Deokjin Kim) #48002 - [
3e6e3abf32
] - bootstrap: throw ERR_NOT_SUPPORTED_IN_SNAPSHOT in unsupported operation (Joyee Cheung) #47887 - [
c480559347
] - bootstrap: put is_building_snapshot state in IsolateData (Joyee Cheung) #47887 - [
50c0a15535
] - build: set v8_enable_webassembly=false when lite mode is enabled (Cheng Shao) #48248 - [
4562805cf6
] - build: speed up compilation of mksnapshot output (Keyhan Vakil) #48162 - [
8b89f13933
] - build: add action to close stale PRs (Michael Dawson) #48051 - [
5d92202220
] - build: replace js2c.py with js2c.cc (Joyee Cheung) #46997 - [
6cf2adc36e
] - cluster: use ObjectPrototypeHasOwnProperty (Daeyeon Jeong) #48141 - [
f564b03c38
] - crypto: use openssl's own memory BIOs in crypto_context.cc (GauriSpears) #47160 - [
ac8dd61fc3
] - crypto: remove default encoding from cipher (Tobias Nießen) #47998 - [
15c2de4407
] - crypto: fix setEngine() when OPENSSL_NO_ENGINE set (Tobias Nießen) #47977 - [
9e2dd5b5e2
] - deps: update zlib to 337322d (Node.js GitHub Bot) #48218 - [
bfcb3d1d9a
] - deps: upgrade to libuv 1.45.0 (Santiago Gimeno) #48078 - [
13930f092f
] - deps: update ada to 2.5.0 (Node.js GitHub Bot) #48223 - [
3047caebec
] - deps: setCARES_RANDOM_FILE
for c-ares (Richard Lau) #48156 - [
0db79a0872
] - deps: update histogram 0.11.8 (Marco Ippolito) #47742 - [
99af6716f5
] - deps: update histogram to 0.11.7 (Marco Ippolito) #47742 - [
d4922bc985
] - deps: update c-ares to 1.19.1 (Node.js GitHub Bot) #48115 - [
f6ccdb289f
] - deps: update simdutf to 3.2.12 (Node.js GitHub Bot) #48118 - [
3ed0afc778
] - deps: update minimatch to 9.0.1 (Node.js GitHub Bot) #48094 - [
df7540fb73
] - deps: update ada to 2.4.2 (Node.js GitHub Bot) #48092 - [
07df5c48e8
] - deps: update corepack to 0.18.0 (Node.js GitHub Bot) #48091 - [
d95a5bb559
] - deps: update uvwasi to 0.0.18 (Node.js GitHub Bot) #47866 - [
443477e041
] - deps: update uvwasi to 0.0.17 (Node.js GitHub Bot) #47866 - [
03f67d6d6d
] - deps: upgrade npm to 9.6.7 (npm team) #48062 - [
d3e3a911fd
] - deps: update nghttp2 to 1.53.0 (Node.js GitHub Bot) #47997 - [
f7c4daaf67
] - deps: update ada to 2.4.1 (Node.js GitHub Bot) #48036 - [
c6a752560d
] - deps: add loongarch64 into openssl Makefile and gen openssl-loongarch64 (Shi Pujin) #46401 - [
d194241716
] - deps: update undici to 5.22.1 (Node.js GitHub Bot) #47994 - [
02e919f4a2
] - deps,test: update postject to 1.0.0-alpha.6 (Node.js GitHub Bot) #48072 - [
2c19f596ad
] - doc: clarify array args to Buffer.from() (Bryan English) #48274 - [
d681e5f456
] - doc: document watch option for node:test run() (Moshe Atlow) #48256 - [
96e54ddbca
] - doc: reserve 117 for Electron 26 (Calvin) #48245 - [
9aff8c7818
] - doc: update documentation for FIPS support (Richard Lau) #48194 - [
8c5338648f
] - doc: improve the documentation of the stdio option (Kumar Arnav) #48110 - [
11918d705f
] - doc: update Buffer.allocUnsafe description (sinkhaha) #48183 - [
2b51ee5e22
] - doc: update codeowners with website team (Claudio Wunder) #48197 - [
360df25d04
] - doc: fix broken link to new folder doc/contributing/maintaining (Andrea Fassina) #48205 - [
13e95e21a4
] - doc: add atlowChemi to triagers (Chemi Atlow) #48104 - [
5f83ce530f
] - doc: fix typo in readline completer function section (Vadym) #48188 - [
3c82165d27
] - doc: remove broken link for keygen (Rich Trott) #48176 - [
0ca90a1e6d
] - doc: addauto
intrinsic height to prevent jitter/flicker (Daniel Holbert) #48195 - [
f117855092
] - doc: add version info on the SEA docs (Antoine du Hamel) #48173 - [
5094d1b292
] - doc: add Ruy to list of TSC members (Michael Dawson) #48172 - [
39d8140227
] - doc: update socket.remote* properties documentation (Saba Kharanauli) #48139 - [
5497c13efe
] - doc: update outdated section on TLSv1.3-PSK ...
2023-05-16, Version 20.2.0 (Current), @targos
Notable Changes
- [
c092df9094
] - doc: add ovflowd to collaborators (Claudio Wunder) #47844 - [
4197a9a5a0
] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #47732 - [
c4596b9ce7
] - (SEMVER-MINOR) sea: add option to disable the experimental SEA warning (Darshan Sen) #47588 - [
17befe008c
] - (SEMVER-MINOR) test_runner: addskip
,todo
, andonly
shorthands totest
(Chemi Atlow) #47909 - [
a0634d7f89
] - (SEMVER-MINOR) url: add value argument toURLSearchParams
has
anddelete
methods (Sankalp Shubham) #47885
Commits
- [
456fca0d9c
] - bootstrap: initialize per-isolate properties of bindings separately (Joyee Cheung) #47768 - [
d6d12bf978
] - bootstrap: log isolate data info in mksnapshot debug logs (Joyee Cheung) #47768 - [
e457d89a1b
] - buffer: combine checking range of sourceStart inbuf.copy
(Deokjin Kim) #47758 - [
00668fcfb4
] - child_process: use signal.reason in child process abort (Debadree Chatterjee) #47817 - [
d7993474ea
] - crypto: remove default encoding from scrypt (Tobias Nießen) #47943 - [
09fb74a7cc
] - crypto: fix webcrypto private/secret import with empty usages (Filip Skokan) #47877 - [
e9c6ee74f3
] - crypto: remove default encoding from pbkdf2 (Tobias Nießen) #47869 - [
b7f13a8679
] - deps: update simdutf to 3.2.9 (Node.js GitHub Bot) #47983 - [
b16f6da153
] - deps: V8: cherry-pick 5f025d1ca2ca (Michaël Zasso) #47610 - [
99f8fcab45
] - deps: V8: cherry-pick a8a11a87cb72 (Michaël Zasso) #47610 - [
c2b14b4c78
] - deps: update ada to 2.4.0 (Node.js GitHub Bot) #47922 - [
cad42e7a56
] - deps: V8: cherry-pick 1b471b796022 (Lu Yahan) #47399 - [
7b2f17ca59
] - deps: upgrade npm to 9.6.6 (npm team) #47862 - [
d23b1af562
] - deps: update ada to 2.3.1 (Node.js GitHub Bot) #47893 - [
72340c98fb
] - dgram: convert macro to template (Tobias Nießen) #47891 - [
9be922892f
] - dns: callada::idna::to_ascii
directly from c++ (Yagiz Nizipli) #47920 - [
4a1e97156a
] - doc: add missing deprecated blocks to cluster (Tobias Nießen) #47981 - [
13118a19ee
] - doc: update description of global (Tobias Nießen) #47969 - [
372796440b
] - doc: update measure memory rejection information (Yash Ladha) #41639 - [
7ecc6740e4
] - doc: fix broken link to TC39 import attributes proposal (Rich Trott) #47954 - [
b9771c95c7
] - doc: fix broken link (Rich Trott) #47953 - [
6f5ba92e61
] - doc: remove broken link (Rich Trott) #47942 - [
c9ffc555f1
] - doc: document make lint-md-clean (Matteo Collina) #47926 - [
7ed99e8ba5
] - doc: mark global object as legacy (Mert Can Altın) #47819 - [
bf39f2d252
] - doc: ntfs junction points must link to directories (Ben Noordhuis) #47907 - [
4dfc3890d8
] - doc: improvepermission.has
description (Daeyeon Jeong) #47875 - [
93f1aa2856
] - doc: fix params names (Dmitry Semigradsky) #47853 - [
9a362aa2fb
] - doc: update supported version of FreeBSD to 12.4 (Michaël Zasso) #47838 - [
89c70dc6e6
] - doc: add stability experimental to pm (Rafael Gonzaga) #47890 - [
f96fb2eee7
] - doc: swap Matteo with Rafael in the stewards (Rafael Gonzaga) #47841 - [
1666a146e3
] - doc: add valgrind suppression details (Kevin Eady) #47760 - [
e53e8231ff
] - doc: replace EOL versions in README (Tobias Nießen) #47833 - [
c092df9094
] - doc: add ovflowd to collaborators (Claudio Wunder) #47844 - [
f7106765b3
] - doc: update BUILDING.md previous versions links (Tobias Nießen) #47835 - [
811b43c215
] - doc,test: update the v8.startupSnapshot doc and test the example (Joyee Cheung) #47468 - [
1ec640ac70
] - esm: do not use'beforeExit'
on the main thread (Antoine du Hamel) #47964 - [
106dc612d6
] - fs: make readdir recursive algorithm iterative (Ethan Arrowood) #47650 - [
a0da2348a8
] - fs: move fs_use_promises_symbol to per-isolate symbols (Joyee Cheung) #47768 - [
4197a9a5a0
] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #47732 - [
a4d6543598
] - http2: improve nghttp2 error callback (Tobias Nießen) #47840 - [
a4fed6c580
] - lib: update comment (sinkhaha) #47884 - [
fd8bec7b2b
] - meta: bump step-security/harden-runner from 2.3.1 to 2.4.0 (Rich Trott) #47980 - [
f5b4b6d5dc
] - meta: bump github/codeql-action from 2.3.2 to 2.3.3 (Rich Trott) #47979 - [
c05c0a2359
] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (Rich Trott) #47968 - [
2a3d6d97cb
] - meta: add security-wg ping to permission.js (Rafael Gonzaga) #47941 - [
6c158e8dd1
] - meta: bump step-security/harden-runner from 2.2.1 to 2.3.1 (dependabot[bot]) #47808 - [
f7a8094d37
] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (dependabot[bot]) [#47806](https://github.com/nodejs...
2023-05-03, Version 20.1.0 (Current), @targos
Notable Changes
- [
5e99598639
] - assert: deprecateCallTracker
(Moshe Atlow) #47740 - [
2d97c89c6f
] - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) #47659 - [
ce8820e292
] - (SEMVER-MINOR) dns: exposegetDefaultResultOrder
(btea) #46973 - [
9d30f469aa
] - doc: add KhafraDev to collaborators (Matthew Aitken) #47510 - [
439ea47a77
] - (SEMVER-MINOR) fs: addrecursive
option toreaddir
andopendir
(Ethan Arrowood) #41439 - [
a54e898dc8
] - (SEMVER-MINOR) fs: add support formode
flag to specify the copy behavior of thecp
methods (Tetsuharu Ohzeki) #47084 - [
4fa773964b
] - (SEMVER-MINOR) http: addhighWaterMark
optionhttp.createServer
(HinataKah0) #47405 - [
2b411f4b42
] - (SEMVER-MINOR) stream: preserve object mode incompose
(Raz Luvaton) #47413 - [
5327483f31
] - (SEMVER-MINOR) test_runner: addtestNamePatterns
torun
API (Chemi Atlow) #47628 - [
bdd02a467d
] - (SEMVER-MINOR) test_runner: executebefore
hook on test (Chemi Atlow) #47586 - [
0e70c187bc
] - (SEMVER-MINOR) test_runner: support combining coverage reports (Colin Ihrig) #47686 - [
75c1d1b66e
] - (SEMVER-MINOR) wasi: makereturnOnExit
true by default (Michael Dawson) #47390
Commits
- [
33d1bd3e02
] - assert: deprecate callTracker (Moshe Atlow) #47740 - [
6d87355e83
] - benchmark: add eventtarget creation bench (Rafael Gonzaga) #47774 - [
40324a1dea
] - benchmark: differentiate whatwg and legacy url (Yagiz Nizipli) #47377 - [
936d7cb069
] - benchmark: add a benchmark fordefaultResolve
(Antoine du Hamel) #47543 - [
202042ee93
] - bootstrap: support namespaced builtins in snapshot scripts (Joyee Cheung) #47467 - [
30af5cee55
] - build: use pathlib for paths (Mohammed Keyvanzadeh) #47581 - [
089c9c51e9
] - build: refactor configure.py (Mohammed Keyvanzadeh) #47667 - [
5b851c8074
] - build: add devcontainer configuration (Tierney Cyren) #40825 - [
35e8b3b467
] - build: bump ossf/scorecard-action from 2.1.2 to 2.1.3 (dependabot[bot]) #47367 - [
78c08243df
] - build: replace Python linter flake8 with ruff (Christian Clauss) #47519 - [
2d97c89c6f
] - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) #47659 - [
420feb41cf
] - crypto: remove INT_MAX restriction in randomBytes (Tobias Nießen) #47559 - [
6046779dd9
] - deps: disable V8 concurrent sparkplug compilation (Michaël Zasso) #47450 - [
00d461e93f
] - deps: V8: cherry-pick c5ab3e4f0c5a (Richard Lau) #47736 - [
d08dd8069f
] - deps: update ada to 2.3.0 (Node.js GitHub Bot) #47737 - [
996245976b
] - deps: update undici to 5.22.0 (Node.js GitHub Bot) #47679 - [
f3ee3126df
] - deps: update ada to 2.2.0 (Node.js GitHub Bot) #47678 - [
1391d3b9ff
] - deps: add minimatch as a dependency (Moshe Atlow) #47499 - [
315454350d
] - deps: update ada to 2.1.0 (Node.js GitHub Bot) #47598 - [
7f7735cad9
] - deps: update ICU to 73.1 release (Steven R. Loomis) #47456 - [
13105c12b7
] - deps: patch V8 to 11.3.244.8 (Michaël Zasso) #47536 - [
ede69d272a
] - deps: update undici to 5.21.2 (Node.js GitHub Bot) #47508 - [
64b5a5f872
] - deps: update simdutf to 3.2.8 (Node.js GitHub Bot) #47507 - [
2664536796
] - deps: V8: cherry-pick 8e10685ff918 (Jiawen Geng) #47440 - [
ba9ec91f0e
] - deps: update undici to 5.21.1 (Node.js GitHub Bot) #47488 - [
ce8820e292
] - (SEMVER-MINOR) dns: expose getDefaultResultOrder (btea) #46973 - [
4c26e28c33
] - doc: create maintaining folder for deps (Marco Ippolito) #47589 - [
aa0ef3eabd
] - doc: fix --allow-* CLI flag references (Tobias Nießen) #47804 - [
98603b6fd3
] - doc: clarify fs permissions only affect fs module (Tobias Nießen) #47782 - [
3befe5dac9
] - doc: add copy node executable guide on windows (XLor) #47781 - [
98450d9892
] - doc: remove MoLow from Triagers (Moshe Atlow) #47792 - [
d75036410d
] - doc: fix typo in webstreams.md (Christian Takle) #47766 - [
ceba37a74f
] - doc: move BethGriggs to regular member (Rich Trott) #47776 - [
b954ea9781
] - doc: mark signing the binary is macOS and Windows only in SEA (Xuguang Mei) #47722 - [
26bccbcd10
] - doc: move addaleax to TSC emeriti (Anna Henningsen) #47752 - [
20b0de242f
] - doc: add link to news for Node.js core (Michael Dawson) #47704 - [
5709133dc7
] - doc: fix a typo inpermissions.md
(Daeyeon Jeong) #47730 - [
c5c40a89f2
] - doc: async_hooks asynchronous content example add mjs code (btea) #47401 - [
a1403a8df2
] - doc: clarify concurrency model of test runner (Tobias Nießen) #47642 - [
c0c23fbe42
] - doc: fix a typo infs.openAsBlob
(Daeyeon Jeong) #47693 - [
4cef98812d
] - doc: fix ...
2023-04-18, Version 20.0.0 (Current), @RafaelGSS
We're excited to announce the release of Node.js 20! Highlights include the new Node.js Permission Model,
a synchronous import.meta.resolve
, a stable test_runner, updates of the V8 JavaScript engine to 11.3, Ada to 2.0,
and more!
As a reminder, Node.js 20 will enter long-term support (LTS) in October, but until then, it will be the "Current" release for the next six months.
We encourage you to explore the new features and benefits offered by this latest release and evaluate their potential impact on your applications.
Notable Changes
Permission Model
Node.js now has an experimental feature called the Permission Model.
It allows developers to restrict access to specific resources during program execution, such as file system operations,
child process spawning, and worker thread creation.
The API exists behind a flag --experimental-permission
which when enabled will restrict access to all available permissions.
By using this feature, developers can prevent their applications from accessing or modifying sensitive data or running potentially harmful code.
More information about the Permission Model can be found in the Node.js documentation.
The Permission Model was a contribution by Rafael Gonzaga in #44004.
Custom ESM loader hooks run on dedicated thread
ESM hooks supplied via loaders (--experimental-loader=foo.mjs
) now run in a dedicated thread, isolated from the main thread.
This provides a separate scope for loaders and ensures no cross-contamination between loaders and application code.
Synchronous import.meta.resolve()
In alignment with browser behavior, this function now returns synchronously.
Despite this, user loader resolve
hooks can still be defined as async functions (or as sync functions, if the author prefers).
Even when there are async resolve
hooks loaded, import.meta.resolve
will still return synchronously for application code.
Contributed by Anna Henningsen, Antoine du Hamel, Geoffrey Booth, Guy Bedford, Jacob Smith, and Michaël Zasso in #44710
V8 11.3
The V8 engine is updated to version 11.3, which is part of Chromium 113.
This version includes three new features to the JavaScript API:
- String.prototype.isWellFormed and toWellFormed
- Methods that change Array and TypedArray by copy
- Resizable ArrayBuffer and growable SharedArrayBuffer
- RegExp v flag with set notation + properties of strings
- WebAssembly Tail Call
The V8 update was a contribution by Michaël Zasso in #47251.
Stable Test Runner
The recent update to Node.js, version 20, includes an important change to the test_runner module. The module has been marked as stable after a recent update.
Previously, the test_runner module was experimental, but this change marks it as a stable module that is ready for production use.
Contributed by Colin Ihrig in #46983
Ada 2.0
Node.js v20 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements
to URL parsing, including enhancements to the url.domainToASCII
and url.domainToUnicode
functions in node:url
.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the
improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in #47339
Preparing single executable apps now requires injecting a Blob
Building a single executable app now requires injecting a blob prepared by
Node.js from a JSON config instead of injecting the raw JS file.
This opens up the possibility of embedding multiple co-existing resources into the SEA (Single Executable Apps).
Contributed by Joyee Cheung in #47125
Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations.
This further improves interoperability with other implementations of Web Crypto API.
This change was made by Filip Skokan in #46067.
Official support for ARM64 Windows
Node.js now includes binaries for ARM64 Windows, allowing for native execution on the platform.
The MSI, zip/7z packages, and executable are available from the Node.js download site along with all other platforms.
The CI system was updated and all changes are now fully tested on ARM64 Windows, to prevent regressions and ensure compatibility.
ARM64 Windows was upgraded to tier 2 support by Stefan Stojanovic in #47233.
WASI version must now be specified
When new WASI()
is called, the version option is now required and has no default value.
Any code that relied on the default for the version will need to be updated to request a specific version.
This change was made by Michael Dawson in #47391.
Deprecations and Removals
- [
3bed5f11e0
] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526
url.parse()
accepts URLs with ports that are not numbers. This behavior might result in host name spoofing with unexpected input.
These URLs will throw an error in future versions of Node.js, as the WHATWG URL API does already.
Starting with Node.js 20, these URLS cause url.parse()
to emit a warning.
Semver-Major Commits
- [
9fafb0a090
] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 - [
1948d37595
] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 - [
7bc0e6a4e7
] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 - [
671ffd7825
] - (SEMVER-MAJOR) buffer: use min/max ofvalidateNumber
(Deokjin Kim) #45796 - [
ab1614d280
] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 - [
c1bcdbcf79
] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 - [
649f68fc1e
] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 - [
9374700d7a
] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 - [
1640aeb680
] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 - [
c2e4b1fa9a
] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 - [
3ef38c4bd7
] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 - [
08af023b1f
] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 - [
7eb0ac3cb6
] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 - [
a7c129f286
] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 - [
6f5655a18e
] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 - [
f226350fcb
] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 - [
d6dae7420e
] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 - [
56c436533e
] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël...