| Age | Commit message (Collapse) | Author |
|---|
|
Clarify `http.ClientRequest` path description.
Fixes: https://github.com/nodejs/node/issues/25864
PR-URL: https://github.com/nodejs/node/pull/26259
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Notable changes:
deps:
* Updated libuv to 1.26.0.
* Updated npm to 6.7.0.
http, http2:
* `response.writeHead` now returns the response object.
perf_hooks:
* Implemented a histogram based API.
process:
* Exposed `process.features.inspector`.
repl:
* Added `repl.setupHistory` for programmatic repl.
tls:
* Introduced client "session" event.
PR-URL: https://github.com/nodejs/node/pull/26098
|
|
Fixes: https://github.com/nodejs/node/issues/25935
PR-URL: https://github.com/nodejs/node/pull/25974
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Socket timeouts set using the `'connection'` event are replaced by
`server.keepAliveTimeout` when a response is handled.
PR-URL: https://github.com/nodejs/node/pull/25748
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
Instead of returning a generic 400 response when the
max header size is reached, return a 431 Request Header
Fields Too Large.
This is a semver-major because it changes the HTTP
status code for requests that trigger the header
overflow error.
PR-URL: https://github.com/nodejs/node/pull/25605
Fixes: https://github.com/nodejs/node/issues/25528
Refs: https://tools.ietf.org/html/rfc6585#section-5
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
The field has been added in v0.4.0.
PR-URL: https://github.com/nodejs/node/pull/25788
Refs: https://github.com/nodejs/node/commit/b09c5889bee8388a6710ecf75d76ca242e0684bd#diff-1c0f1c434b17b7f8795d44a51a14320aR814
Refs: https://github.com/nodejs/node/blob/380929ec0c4c4004b522bed5e3800ebce2b68bfd/test/parallel/test-http-client-defaults.js
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
By default the agent options are passed to `net.createConnection()`
which sets the timeout on the socket immediately after creating it.
PR-URL: https://github.com/nodejs/node/pull/25489
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
PR-URL: https://github.com/nodejs/node/pull/25121
Refs: https://github.com/nodejs/node/pull/8895
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Notable Changes:
* cli:
- add --max-http-header-size flag (cjihrig)
https://github.com/nodejs/node/pull/24811
* crypto:
- always accept certificates as public keys (Tobias Nießen)
https://github.com/nodejs/node/pull/24234
- add key object API (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234)
- update root certificates (Sam Roberts)
https://github.com/nodejs/node/pull/25113
* deps:
- upgrade to libuv 1.24.1 (cjihrig)
https://github.com/nodejs/node/pull/25078
- upgrade npm to 6.5.0 (Audrey Eschright)
https://github.com/nodejs/node/pull/24734
* http:
- add maxHeaderSize property (cjihrig)
https://github.com/nodejs/node/pull/24860
PR-URL: https://github.com/nodejs/node/pull/25175
|
|
This commit exposes the value of --max-http-header-size
as a property of the http module.
PR-URL: https://github.com/nodejs/node/pull/24860
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
For new Agent() signature in http doc, list the supported options in
socket.connect().
Refs: https://github.com/nodejs/node/issues/24098
PR-URL: https://github.com/nodejs/node/pull/24846
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24779
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
document that incoming cookie headers are joined using '; '.
PR-URL: https://github.com/nodejs/node/pull/24740
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
|
Reapply https://github.com/nodejs/node/pull/12726
It would be nice to have the sort check applied as part of doc testing,
but this change doesn't implement that.
PR-URL: https://github.com/nodejs/node/pull/24679
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
* Fix sort orders of sections and bottom references.
* Fix links.
* Unify spelling.
* Add missing YAML block.
PR-URL: https://github.com/nodejs/node/pull/24697
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
|
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)
Notable Changes:
* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/156/
|
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)
Notable Changes:
* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/155/
|
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* Node.js: HTTP request splitting (CVE-2018-12116)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407)
Notable Changes:
* deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
* Two-byte characters are now strictly disallowed for the `path` option in
HTTP client requests. Paths containing characters outside of the range
`\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior
can be reverted if necessary by supplying the
`--security-revert=CVE-2018-12116` command line argument (this is not
recommended). Reported as security concern for Node.js 6 and 8 by
Arkadiy Tetelman (lob.com), fixed by backporting a change by Benno
Fünfstück applied to Node.js 10 and later.
(CVE-2018-12116 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/154
|
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Debugger port 5858 listens on any interface by default
(CVE-2018-12120)
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* Node.js: HTTP request splitting (CVE-2018-12116)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407)
Notable Changes:
* debugger: Backport of https://github.com/nodejs/node/pull/8106 to
prevent the debugger from listening on `0.0.0.0`. It now defaults to
`127.0.0.1`. Reported by Ben Noordhuis. (CVE-2018-12120 / Ben Noordhuis).
* deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
(CVE-2018-12122 / Matteo Collina)
* Two-byte characters are now strictly disallowed for the `path` option in
HTTP client requests. Paths containing characters outside of the range
`\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior
can be reverted if necessary by supplying the
`--security-revert=CVE-2018-12116` command line argument (this is not
recommended). Reported as security concern for Node.js 6 and 8 by
Arkadiy Tetelman (lob.com), fixed by backporting a change by Benno
Fünfstück applied to Node.js 10 and later.
(CVE-2018-12116 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing
URLs with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/153
|
|
CVE-2018-12122
An attacker can send a char/s within headers and exahust the resources
(file descriptors) of a system even with a tight max header length
protection. This PR destroys a socket if it has not received the headers
in 40s.
PR-URL: https://github.com/nodejs-private/node-private/pull/144
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24319
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24301
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
host names are DNS names, host addresses are IP addresses, and `host`
arguments and options can be either.
PR-URL: https://github.com/nodejs/node/pull/24199
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
Fixes: https://github.com/nodejs/node/issues/8102
PR-URL: https://github.com/nodejs/node/pull/23914
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
`Set-Cookie` is a response header, replace it with `Cookie`.
PR-URL: https://github.com/nodejs/node/pull/23707
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Notable changes:
* Build
* FreeBSD 10 is no longer supported.[#22617](https://github.com/nodejs/node/pull/22617)
* `child_process`
* The default value of the `windowsHide` option has been changed
to `true`. [#21316](https://github.com/nodejs/node/pull/21316)
* `console`
* `console.countReset()` will emit a warning if the timer
being reset does not exist. [#21649](https://github.com/nodejs/node/pull/21649)
* `console.time()` will no longer reset a timer if it already
exists. [#20442](https://github.com/nodejs/node/pull/20442)
* Dependencies
* V8 has been updated to 7.0.
[#22754](https://github.com/nodejs/node/pull/22754)
* `fs`
* The `fs.read()` method now requires a callback.
[#22146](https://github.com/nodejs/node/pull/22146)
* The previously deprecated `fs.SyncWriteStream` utility has been
removed.[#20735](https://github.com/nodejs/node/pull/20735)
* `http`
* The `http`, `https`, and `tls` modules now use the WHATWG URL parser
by default. [#20270](https://github.com/nodejs/node/pull/20270)
* General
* Use of `process.binding()` has been deprecated. Userland code using
`process.binding()` should re-evaluate that use and begin migrating. If
there are no supported API alternatives, please open an issue in the
Node.js GitHub repository so that a suitable alternative may be discussed.
* An experimental implementation of `queueMicrotask()` has been added.
[#22951](https://github.com/nodejs/node/pull/22951)
* Internal
* Windows performance-counter support has been removed.
[#22485](https://github.com/nodejs/node/pull/22485)
* The `--expose-http2` command-line option has been removed.
[#20887](https://github.com/nodejs/node/pull/20887)
* Timers
* Interval timers will be rescheduled even if previous interval threw
an error. [#20002](https://github.com/nodejs/node/pull/20002)
* `util`
* The WHATWG `TextEncoder` and `TextDecoder` are now globals.
[#22281](https://github.com/nodejs/node/pull/22281)
* `util.inspect()` output size is limited to 128 MB by default.
[#22756](https://github.com/nodejs/node/pull/22756)
* A runtime warning will be emitted when `NODE_DEBUG` is set for
either `http` or `http2`. [#21914](https://github.com/nodejs/node/pull/21914)
|
|
PR-URL: https://github.com/nodejs/node/pull/22949
Refs: https://github.com/nodejs/node/pull/21616
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Some nits were also fixed in passing.
PR-URL: https://github.com/nodejs/node/pull/22537
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/22461
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/22118
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
In short: `ServerResponse` acutally inherits from `OutgoingMessage`,
with a series of methods like those in `Stream.Writable`. So we cannot
use `implements`(this has made poeple feel puzzled because there are
still many methods we don't need or have), so `inherits from Stream` is
enough, due to some core reasons and performance told by mcollina from
the ref (See some latest discussions at Ref).
Ref: https://github.com/nodejs/node/issues/14146.
PR-URL: https://github.com/nodejs/node/pull/22305
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Notable changes:
* buffer:
* Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
(CVE-2018-12115)
* Fix unintentional exposure of uninitialized memory in `Buffer.alloc()`
(CVE-2018-7166)
* deps:
* Upgrade to OpenSSL 1.1.0i, fixing:
- Client DoS due to large DH parameter (CVE-2018-0732)
- ECDSA key extraction via local side-channel (CVE not assigned)
* Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) #21079
- Memory reduction and performance improvements, details at:
https://v8project.blogspot.com/2018/06/v8-release-68.html
* http: `http.get()` and `http.request()` (and `https` variants) can now accept
three arguments to allow for a `URL` _and_ an `options` object
(Sam Ruby) #21616
* Added new collaborators
* Sam Ruby (https://github.com/rubys)
* George Adams (https://github.com/gdams)
|
|
PR-URL: https://github.com/nodejs/node/pull/21780
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/21782
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
When request with both timeout and agent, timeout not
work. This patch will fix it, socket timeout will set
to request timeout before socket is connected, and
socket timeout will reset to agent timeout after
response end.
Fixes: https://github.com/nodejs/node/issues/21185
PR-URL: https://github.com/nodejs/node/pull/21204
Reviewed-By: Khaidi Chu <i@2333.moe>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
|
|
Fixes: https://github.com/nodejs/node/issues/20795
PR-URL: https://github.com/nodejs/node/pull/21616
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Ron Korving <ron@ronkorving.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/21670
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/21047
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
calling writeHead() into a Response object that has no headers already
set causes getHeader() to return undefined, even if the header was set
in the writeHead() function call. Explain this behavior as an
optimiation as opposed to a bug.
Fixes: https://github.com/nodejs/node/issues/10354
PR-URL: https://github.com/nodejs/node/pull/21289
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/20230
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Notable Changes:
* console:
- make console.table() use colored inspect (TSUYUSATO Kitsune)
https://github.com/nodejs/node/pull/20510
* fs:
- move fs/promises to fs.promises (cjihrig)
https://github.com/nodejs/node/pull/20504
* http:
- added aborted property to request (Robert Nagy)
https://github.com/nodejs/node/pull/20094
* n-api:
- initialize a module via a special symbol (Gabriel Schulhof)
https://github.com/nodejs/node/pull/20161
* src:
- add public API to expose the main V8 Platform (Allen Yonghuang Wang)
https://github.com/nodejs/node/pull/20447
PR-URL: https://github.com/nodejs/node/pull/20606
|
|
In http.ClientRequest's doc, add maxHeadersCount as a public property.
And in the description of server's one, change a hyphen to a comma.
PR-URL: https://github.com/nodejs/node/pull/20361
Refs: https://github.com/nodejs/node/pull/20359
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
Also, fix some other nits in passing
(formatting, punctuation, typos, redundancy, obsoleteness).
PR-URL: https://github.com/nodejs/node/pull/20438
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
Some other formatting nits were fixed
and some superfluous descriptions were simplified in passing.
PR-URL: https://github.com/nodejs/node/pull/20401
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
This switches the url parser from `url.parse()` to the WHATWG URL
parser while keeping `url.parse()` as fallback.
Also add tests for invalid url deprecations and correct hostname
checks.
PR-URL: https://github.com/nodejs/node/pull/20270
Fixes: https://github.com/nodejs/node/issues/19468
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
|
|
PR-URL: https://github.com/nodejs/node/pull/20398
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
|
|
PR-URL: https://github.com/nodejs/node/pull/20094
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
* Assert
* Calling `assert.fail()` with more than one argument is deprecated. #70dcacd710
* Calling `assert.ok()` with no arguments will now throw. #3cd7977a42
* Calling `assert.ifError()` will now throw with any argument other than `undefined` or `null`. Previously the method would throw with any truthy value. #e65a6e81ef
* The `assert.rejects()` and `assert.doesNotReject()` methods have been added for working with async functions. #599337f43e
* Async_hooks
* Older experimental async_hooks APIs have been removed. #1cc6b993b9
* Buffer
* Uses of `new Buffer()` and `Buffer()` outside of the `node_modules` directory will now emit a runtime deprecation warning. #9d4ab90117
* `Buffer.isEncoding()` now returns `undefined` for falsy values, including an empty string. #452eed956e
* `Buffer.fill()` will throw if an attempt is made to fill with an empty `Buffer`. #1e802539b2
* Child Process
* Undefined properties of env are ignored. #38ee25e2e2, #85739b6c5b
* Console
* The `console.table()` method has been added. #97ace04492
* Crypto
* The `crypto.createCipher()` and `crypto.createDecipher()` methods have been deprecated. Please use `crypto.createCipheriv()` and `crypto.createDecipheriv()` instead. #81f88e30dd
* The `decipher.finaltol()` method has been deprecated. #19f3927d92
* The `crypto.DEFAULT_ENCODING` property has been deprecated. #6035beea93
* The `ECDH.convertKey()` method has been added. #f2e02883e7
* The `crypto.fips` property has been deprecated. #6e7992e8b8
* Dependencies
* V8 has been updated to 6.6. #9daebb48d6
* OpenSSL has been updated to 1.1.0h. #66cb29e646
* EventEmitter
* The `EventEmitter.prototype.off()` method has been added as an alias for `EventEmitter.prototype.removeListener()`. #3bb6f07d52
* File System
* The `fs.promises` API provides experimental promisified versions of the `fs` functions. #329fc78e49
* Invalid path errors are now thrown synchronously. #d8f73385e2
* The `fs.readFile()` method now partitions reads to avoid thread pool exhaustion. #67a4ce1c6e
* HTTP
* Processing of HTTP Status codes `100`, `102-199` has been improved. #baf8495078
* Multi-byte characters in URL paths are now forbidden. #b961d9fd83
* N-API
* The n-api is no longer experimental. #cd7d7b15c1
* Net
* The `'close'` event will be emitted after `'end'`. #9b7a6914a7
* Perf_hooks
* The `PerformanceObserver` class is now an `AsyncResource` and can be monitored using `async_hooks`. #009e41826f
* Trace events are now emitted for performance events. #9e509b622b
* The `performance` API has been simplified. #2ec6995555
* Performance milestone marks will be emitted as trace events. #96cb4fb795
* Process
* Using non-string values for `process.env` is deprecated. #5826fe4e79
* The `process.assert()` method is deprecated. #703e37cf3f
* REPL
* REPL now experimentally supports top-level await when using the `--experimental-repl-await` flag. #eeab7bc068
* The previously deprecated "magic mode" has been removed. #4893f70d12
* The previously deprecated `NODE_REPL_HISTORY_FILE` environment variable has been removed. #60c9ad7979
* Proxy objects are shown as Proxy objects when inspected. #90a43906ab
* Streams
* The `'readable'` event is now always deferred with nextTick. #1e0f3315c7
* A new `pipeline()` method has been provided for building end-to-data stream pipelines. #a5cf3feaf1
* Experimental support for async for-await has been added to `stream.Readable`. #61b4d60c5d
* Timers
* The `enroll()` and `unenroll()` methods have been deprecated. #68783ae0b8
* TLS
* The `tls.convertNONProtocols()` method has been deprecated. #9204a0db6e
* Support for NPN (next protocol negotiation) has been dropped. #5bfbe5ceae
* The `ecdhCurve` default is now `'auto'`. #af78840b19
* Trace Events
* A new `trace_events` top-level module allows trace event categories to be enabled/disabld at runtime. #da5d818a54
* URL
* The WHATWG URL API is now a global. #312414662b
* Util
* `util.types.is[…]` type checks have been added. #b20af8088a
* Support for bigint formatting has been added to `util.inspect()`. #39dc947409
|
|
The http spec does not say anything about Upgrade headers making
protocol switch mandatory but Node.js implements them as if they
are. Relax the requirements to only destroy the socket if no
upgrade listener exists on the client when status code is 101.
PR-URL: https://github.com/nodejs/node/pull/19981
Fixes: https://github.com/nodejs/node/issues/11552
Refs: https://tools.ietf.org/html/rfc7230#section-6.7
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
http.setHeader() coerces input values.
http.getHeader() returns the type as passed to setHeader().
PR-URL: https://github.com/nodejs/node/pull/19902
Fixes: https://github.com/nodejs/node/issues/13825
Reviewed-By: Chen Gang <gangc.cxy@foxmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
