| Age | Commit message (Collapse) | Author |
|---|
|
Notable changes:
* assert:
* If the validation function passed to `assert.throws()` or
`assert.rejects()` returns a value other than `true`, an assertion
error will be thrown instead of the original error to highlight the
programming mistake (Ruben Bridgewater).
https://github.com/nodejs/node/pull/28263
* If a constructor function is passed to validate the instance of
errors thrown in `assert.throws()` or `assert.reject()`, an
assertion error will be thrown instead of the original error
(Ruben Bridgewater).
https://github.com/nodejs/node/pull/28263
* build:
* Node.js releases are now built with default full-icu support. This
means that all locales supported by ICU are now included and
Intl-related APIs may return different values than before
(Richard Lau).
https://github.com/nodejs/node/pull/29887
* The minimum Xcode version supported for macOS was increased to 10.
It is still possible to build Node.js with Xcode 8 but this may no
longer be the case in a future v13.x release (Michael Dawson).
https://github.com/nodejs/node/pull/29622
* child_process:
* `ChildProcess._channel` (DEP0129) is now a Runtime deprecation
(cjihrig).
https://github.com/nodejs/node/pull/27949
* console:
* The output `console.timeEnd()` and `console.timeLog()` will now
automatically select a suitable time unit instead of always using
milliseconds (Xavier Stouder).
https://github.com/nodejs/node/pull/29251
* deps:
* The V8 engine was updated to version 7.8. This includes performance
improvements to object destructuring, memory usage and WebAssembly
startup time (Myles Borins).
https://github.com/nodejs/node/pull/29694)
* domain:
* The domain's error handler is now executed with the active domain
set to the domain's parent to prevent inner recursion
(Julien Gilli).
https://github.com/nodejs/node/pull/26211
* fs:
* The undocumented method `FSWatcher.prototype.start()` was removed
(Lucas Holmquist).
https://github.com/nodejs/node/pull/29905
* Calling the `open()` method on a `ReadStream` or `WriteStream` now
emits a runtime deprecation warning. The methods are supposed to be
internal and should not be called by user code (Robert Nagy).
https://github.com/nodejs/node/pull/29061
* `fs.read/write`, `fs.readSync/writeSync` and `fd.read/write` now
accept any safe integer as their `offset` parameter. The value of
`offset` is also no longer coerced, so a valid type must be passed
to the functions (Zach Bjornson).
https://github.com/nodejs/node/pull/26572
* http:
* Aborted requests no longer emit the `end` or `error` events after
`aborted` (Robert Nagy).
https://github.com/nodejs/node/pull/27984
https://github.com/nodejs/node/pull/20077
* Data will no longer be emitted after a socket error (Robert Nagy).
https://github.com/nodejs/node/pull/28711
* The legacy HTTP parser (previously available under the
`--http-parser=legacy` flag) was removed (Anna Henningsen).
https://github.com/nodejs/node/pull/29589
* The `host` option for HTTP requests is now validated to be a string
value (Giorgos Ntemiris).
https://github.com/nodejs/node/pull/29568
* The `request.connection` and `response.connection` properties are now
runtime deprecated. The equivalent `request.socket` and `response.socket`
should be used instead (Robert Nagy).
https://github.com/nodejs/node/pull/29015
* http, http2:
* The default server timeout was removed (Ali Ijaz Sheikh).
https://github.com/nodejs/node/pull/27558
* Brought 425 status code name into accordance with RFC 8470. The name
changed from "Unordered Collection" to "Too Early" (Sergei Osipov).
https://github.com/nodejs/node/pull/29880
* lib:
* The `error.errno` property will now always be a number. To get the
string value, use `error.code` instead (Joyee Cheung).
https://github.com/nodejs/node/pull/28140
* module:
* `module.createRequireFromPath()` is deprecated. Use
`module.createRequire()` instead (cjihrig).
https://github.com/nodejs/node/pull/27951
* src:
* Changing the value of `process.env.TZ` will now clear the tz cache.
This affects the default time zone used by methods such as
`Date.prototype.toString` (Ben Noordhuis).
https://github.com/nodejs/node/pull/20026
* stream:
* The timing and behavior of streams was consolidated for a number of
edge cases. Please look at the individual commits below for more
information.
PR-URL: https://github.com/nodejs/node/pull/29504
|
|
For `www.cve.mitre.org` they don't seem to redirect www to naked.
PR-URL: https://github.com/nodejs/node/pull/29661
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Convert to asterisks when there are mixed styles in document.
Addresses Markdownlint MD004 rule
PR-URL: https://github.com/nodejs/node/pull/29516
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
Address markdownlint rule MD032.
Flagged a few mixed list styles.
PR-URL: https://github.com/nodejs/node/pull/29467
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
Address Markdownlint MD006 rule.
Can flag when list items aren't indented far enough.
PR-URL: https://github.com/nodejs/node/pull/29390
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Addresses Markdownlint MD033 issues.
Altering changlog should usually be avoided, but they don't render
currently.
PR-URL: https://github.com/nodejs/node/pull/29374
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
These are rendered as single breaks.
Addresses Markdownlint MD012 rule.
PR-URL: https://github.com/nodejs/node/pull/29352
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
Items at same level should have consistent indentation level.
Addresses Markdownlint MD005 errors.
PR-URL: https://github.com/nodejs/node/pull/29330
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Notable changes:
* assert:
* validate required arguments (Ruben Bridgewater)
[#26641](https://github.com/nodejs/node/pull/26641)
* adjust loose assertions (Ruben Bridgewater)
[#25008](https://github.com/nodejs/node/pull/25008)
* async_hooks:
* remove deprecated `emitBefore` and `emitAfter` (Matteo Collina)
[#26530](https://github.com/nodejs/node/pull/26530)
* remove promise object from resource (Andreas Madsen)
[#23443](https://github.com/nodejs/node/pull/23443)
* bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater)
[#24874](https://github.com/nodejs/node/pull/24874)
* buffer:
* use stricter range checks (Ruben Bridgewater)
[#27045](https://github.com/nodejs/node/pull/27045)
* harden `SlowBuffer` creation (ZYSzys)
[#26272](https://github.com/nodejs/node/pull/26272)
* harden validation of buffer allocation size (ZYSzys)
[#26162](https://github.com/nodejs/node/pull/26162)
* do proper error propagation in addon methods (Anna Henningsen)
[#23939](https://github.com/nodejs/node/pull/23939)
* child_process:
* remove `options.customFds` (cjihrig)
[#25279](https://github.com/nodejs/node/pull/25279)
* harden fork arguments validation (ZYSzys)
[#27039](https://github.com/nodejs/node/pull/27039)
* use non-infinite `maxBuffer` defaults (kohta ito)
[#23027](https://github.com/nodejs/node/pull/23027)
* console:
* don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky)
[#26261](https://github.com/nodejs/node/pull/26261)
* crypto:
* remove legacy native handles (Tobias Nießen)
[#27011](https://github.com/nodejs/node/pull/27011)
* decode missing passphrase errors (Tobias Nießen)
[#25208](https://github.com/nodejs/node/pull/25208)
* remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()`
(Tobias Nießen)
[#26249](https://github.com/nodejs/node/pull/26249)
* remove deprecated `crypto._toBuf()` (Tobias Nießen)
[#25338](https://github.com/nodejs/node/pull/25338)
* set `DEFAULT\_ENCODING` property to non-enumerable
(Antoine du Hamel)
[#23222](https://github.com/nodejs/node/pull/23222)
* deps:
* update V8 to 7.4.288.13
(Michaël Zasso, cjihrig, Refael Ackermann)
(Anna Henningsen, Ujjwal Sharma)
[#26685](https://github.com/nodejs/node/pull/26685)
* bump minimum icu version to 63 (Ujjwal Sharma)
[#25852](https://github.com/nodejs/node/pull/25852)
* update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu)
[#26327](https://github.com/nodejs/node/pull/26327)
* errors:
* update error name (Ruben Bridgewater)
[#26738](https://github.com/nodejs/node/pull/26738)
* fs:
* use proper .destroy() implementation for SyncWriteStream
(Matteo Collina)
[#26690](https://github.com/nodejs/node/pull/26690)
* improve mode validation (Ruben Bridgewater)
[#26575](https://github.com/nodejs/node/pull/26575)
* harden validation of start option in `createWriteStream()`
(ZYSzys)
[#25579](https://github.com/nodejs/node/pull/25579)
* make writeFile consistent with readFile wrt fd
(Sakthipriyan Vairamani (thefourtheye))
[#23709](https://github.com/nodejs/node/pull/23709)
* http:
* validate timeout in `ClientRequest()` (cjihrig)
[#26214](https://github.com/nodejs/node/pull/26214)
* return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still)
[#25605](https://github.com/nodejs/node/pull/25605)
* switch default parser to llhttp (Anna Henningsen)
[#24870](https://github.com/nodejs/node/pull/24870)
* Runtime-deprecate `outgoingMessage._headers` and
`outgoingMessage._headerNames` (Morgan Roderick)
[#24167](https://github.com/nodejs/node/pull/24167)
* lib:
* remove `Atomics.wake()` (Gus Caplan)
[#27033](https://github.com/nodejs/node/pull/27033)
* move DTRACE\_\* probes out of global scope (James M Snell)
[#26541](https://github.com/nodejs/node/pull/26541)
* deprecate `_stream_wrap` (Sam Roberts)
[#26245](https://github.com/nodejs/node/pull/26245)
* use ES6 class inheritance style (Ruben Bridgewater)
[#24755](https://github.com/nodejs/node/pull/24755)
* module:
* remove unintended access to deps/ (Anna Henningsen)
[#25138](https://github.com/nodejs/node/pull/25138)
* improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](https://github.com/nodejs/node/pull/25690)
* requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](https://github.com/nodejs/node/pull/25690)
* remove dead code (Ruben Bridgewater)
[#26983](https://github.com/nodejs/node/pull/26983)
* make `require('.')` never resolve outside the current directory
(Ruben Bridgewater)
[#26973](https://github.com/nodejs/node/pull/26973)
* throw an error for invalid package.json main entries
(Ruben Bridgewater)
[#26823](https://github.com/nodejs/node/pull/26823)
* don't search in `require.resolve.paths` (cjihrig)
[#23683](https://github.com/nodejs/node/pull/23683)
* net:
* remove `Server.listenFD()` (cjihrig)
[#27127](https://github.com/nodejs/node/pull/27127)
* do not add `.host` and `.port` properties to DNS error
(Ruben Bridgewater)
[#26751](https://github.com/nodejs/node/pull/26751)
* emit "write after end" errors in the next tick (Ouyang Yadong)
[#24457](https://github.com/nodejs/node/pull/24457)
* deprecate `_setSimultaneousAccepts()` undocumented function
(James M Snell)
[#23760](https://github.com/nodejs/node/pull/23760)
* os:
* implement `os.type()` using `uv_os_uname()` (cjihrig)
[#25659](https://github.com/nodejs/node/pull/25659)
* remove `os.getNetworkInterfaces()` (cjihrig)
[#25280](https://github.com/nodejs/node/pull/25280)
* process:
* make global.process, global.Buffer getters (Guy Bedford)
[#26882](https://github.com/nodejs/node/pull/26882)
* move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
[#25828](https://github.com/nodejs/node/pull/25828)
* exit on --debug and --debug-brk after option parsing
(Joyee Cheung)
[#25828](https://github.com/nodejs/node/pull/25828)
* improve `--redirect-warnings` handling (Ruben Bridgewater)
[#24965](https://github.com/nodejs/node/pull/24965)
* readline:
* support TERM=dumb (Vladislav Kaminsky)
[#26261](https://github.com/nodejs/node/pull/26261)
* repl:
* add welcome message (gengjiawen)
[#25947](https://github.com/nodejs/node/pull/25947)
* fix terminal default setting (Ruben Bridgewater)
[#26518](https://github.com/nodejs/node/pull/26518)
* check colors with `.getColorDepth()` (Vladislav Kaminsky)
[#26261](https://github.com/nodejs/node/pull/26261)
* deprecate REPLServer.rli (Ruben Bridgewater)
[#26260](https://github.com/nodejs/node/pull/26260)
* src:
* remove unused `INT_MAX` constant (Sam Roberts)
[#27078](https://github.com/nodejs/node/pull/27078)
* update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma)
[#26685](https://github.com/nodejs/node/pull/26685)
* remove `AddPromiseHook()` (Anna Henningsen)
[#26574](https://github.com/nodejs/node/pull/26574)
* clean up `MultiIsolatePlatform` interface (Anna Henningsen)
[#26384](https://github.com/nodejs/node/pull/26384)
* properly configure default heap limits (Ali Ijaz Sheikh)
[#25576](https://github.com/nodejs/node/pull/25576)
* remove `icuDataDir` from node config (GauthamBanasandra)
[#24780](https://github.com/nodejs/node/pull/24780)
* tls:
* support TLSv1.3 (Sam Roberts)
[#26209](https://github.com/nodejs/node/pull/26209)
* return correct version from `getCipher()` (Sam Roberts)
[#26625](https://github.com/nodejs/node/pull/26625)
* check arg types of renegotiate() (Sam Roberts)
[#25876](https://github.com/nodejs/node/pull/25876)
* add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts)
[#24729](https://github.com/nodejs/node/pull/24729)
* emit a warning when servername is an IP address (Rodger Combs)
[#23329](https://github.com/nodejs/node/pull/23329)
* disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
[#23814](https://github.com/nodejs/node/pull/23814)
* remove unused arg to createSecureContext() (Sam Roberts)
[#24241](https://github.com/nodejs/node/pull/24241)
* deprecate `Server.prototype.setOptions()` (cjihrig)
[#23820](https://github.com/nodejs/node/pull/23820)
* load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong)
[#23354](https://github.com/nodejs/node/pull/23354)
* util:
* remove `util.print()`, `util.puts()`, `util.debug()`
and `util.error()` (cjihrig)
[#25377](https://github.com/nodejs/node/pull/25377)
* change inspect compact and breakLength default
(Ruben Bridgewater)
[#27109](https://github.com/nodejs/node/pull/27109)
* improve inspect edge cases (Ruben Bridgewater)
[#27109](https://github.com/nodejs/node/pull/27109)
* only the first line of the error message (Simon Zünd)
[#26685](https://github.com/nodejs/node/pull/26685)
* don't set the prototype of callbackified functions
(Ruben Bridgewater)
[#26893](https://github.com/nodejs/node/pull/26893)
* rename callbackified function (Ruben Bridgewater)
[#26893](https://github.com/nodejs/node/pull/26893)
* increase function length when using `callbackify()`
(Ruben Bridgewater)
[#26893](https://github.com/nodejs/node/pull/26893)
* prevent tampering with internals in `inspect()`
(Ruben Bridgewater)
[#26577](https://github.com/nodejs/node/pull/26577)
* prevent Proxy traps being triggered by `.inspect()`
(Ruben Bridgewater)
[#26241](https://github.com/nodejs/node/pull/26241)
* prevent leaking internal properties (Ruben Bridgewater)
[#24971](https://github.com/nodejs/node/pull/24971)
* protect against monkeypatched Object prototype for inspect()
(Rich Trott)
[#25953](https://github.com/nodejs/node/pull/25953)
* treat format arguments equally (Roman Reiss)
[#23162](https://github.com/nodejs/node/pull/23162)
* win, fs:
* detect if symlink target is a directory (Bartosz Sosnowski)
[#23724](https://github.com/nodejs/node/pull/23724)
* zlib:
* throw TypeError if callback is missing (Anna Henningsen)
[#24929](https://github.com/nodejs/node/pull/24929)
* make “bare” constants un-enumerable (Anna Henningsen)
[#24824](https://github.com/nodejs/node/pull/24824)
PR-URL: https://github.com/nodejs/node/pull/26930
|
|
Notable changes:
* Build
* FreeBSD 10 is no longer supported.[#22617](https://github.com/nodejs/node/pull/22617)
* `child_process`
* The default value of the `windowsHide` option has been changed
to `true`. [#21316](https://github.com/nodejs/node/pull/21316)
* `console`
* `console.countReset()` will emit a warning if the timer
being reset does not exist. [#21649](https://github.com/nodejs/node/pull/21649)
* `console.time()` will no longer reset a timer if it already
exists. [#20442](https://github.com/nodejs/node/pull/20442)
* Dependencies
* V8 has been updated to 7.0.
[#22754](https://github.com/nodejs/node/pull/22754)
* `fs`
* The `fs.read()` method now requires a callback.
[#22146](https://github.com/nodejs/node/pull/22146)
* The previously deprecated `fs.SyncWriteStream` utility has been
removed.[#20735](https://github.com/nodejs/node/pull/20735)
* `http`
* The `http`, `https`, and `tls` modules now use the WHATWG URL parser
by default. [#20270](https://github.com/nodejs/node/pull/20270)
* General
* Use of `process.binding()` has been deprecated. Userland code using
`process.binding()` should re-evaluate that use and begin migrating. If
there are no supported API alternatives, please open an issue in the
Node.js GitHub repository so that a suitable alternative may be discussed.
* An experimental implementation of `queueMicrotask()` has been added.
[#22951](https://github.com/nodejs/node/pull/22951)
* Internal
* Windows performance-counter support has been removed.
[#22485](https://github.com/nodejs/node/pull/22485)
* The `--expose-http2` command-line option has been removed.
[#20887](https://github.com/nodejs/node/pull/20887)
* Timers
* Interval timers will be rescheduled even if previous interval threw
an error. [#20002](https://github.com/nodejs/node/pull/20002)
* `util`
* The WHATWG `TextEncoder` and `TextDecoder` are now globals.
[#22281](https://github.com/nodejs/node/pull/22281)
* `util.inspect()` output size is limited to 128 MB by default.
[#22756](https://github.com/nodejs/node/pull/22756)
* A runtime warning will be emitted when `NODE_DEBUG` is set for
either `http` or `http2`. [#21914](https://github.com/nodejs/node/pull/21914)
|
|
* Assert
* Calling `assert.fail()` with more than one argument is deprecated. #70dcacd710
* Calling `assert.ok()` with no arguments will now throw. #3cd7977a42
* Calling `assert.ifError()` will now throw with any argument other than `undefined` or `null`. Previously the method would throw with any truthy value. #e65a6e81ef
* The `assert.rejects()` and `assert.doesNotReject()` methods have been added for working with async functions. #599337f43e
* Async_hooks
* Older experimental async_hooks APIs have been removed. #1cc6b993b9
* Buffer
* Uses of `new Buffer()` and `Buffer()` outside of the `node_modules` directory will now emit a runtime deprecation warning. #9d4ab90117
* `Buffer.isEncoding()` now returns `undefined` for falsy values, including an empty string. #452eed956e
* `Buffer.fill()` will throw if an attempt is made to fill with an empty `Buffer`. #1e802539b2
* Child Process
* Undefined properties of env are ignored. #38ee25e2e2, #85739b6c5b
* Console
* The `console.table()` method has been added. #97ace04492
* Crypto
* The `crypto.createCipher()` and `crypto.createDecipher()` methods have been deprecated. Please use `crypto.createCipheriv()` and `crypto.createDecipheriv()` instead. #81f88e30dd
* The `decipher.finaltol()` method has been deprecated. #19f3927d92
* The `crypto.DEFAULT_ENCODING` property has been deprecated. #6035beea93
* The `ECDH.convertKey()` method has been added. #f2e02883e7
* The `crypto.fips` property has been deprecated. #6e7992e8b8
* Dependencies
* V8 has been updated to 6.6. #9daebb48d6
* OpenSSL has been updated to 1.1.0h. #66cb29e646
* EventEmitter
* The `EventEmitter.prototype.off()` method has been added as an alias for `EventEmitter.prototype.removeListener()`. #3bb6f07d52
* File System
* The `fs.promises` API provides experimental promisified versions of the `fs` functions. #329fc78e49
* Invalid path errors are now thrown synchronously. #d8f73385e2
* The `fs.readFile()` method now partitions reads to avoid thread pool exhaustion. #67a4ce1c6e
* HTTP
* Processing of HTTP Status codes `100`, `102-199` has been improved. #baf8495078
* Multi-byte characters in URL paths are now forbidden. #b961d9fd83
* N-API
* The n-api is no longer experimental. #cd7d7b15c1
* Net
* The `'close'` event will be emitted after `'end'`. #9b7a6914a7
* Perf_hooks
* The `PerformanceObserver` class is now an `AsyncResource` and can be monitored using `async_hooks`. #009e41826f
* Trace events are now emitted for performance events. #9e509b622b
* The `performance` API has been simplified. #2ec6995555
* Performance milestone marks will be emitted as trace events. #96cb4fb795
* Process
* Using non-string values for `process.env` is deprecated. #5826fe4e79
* The `process.assert()` method is deprecated. #703e37cf3f
* REPL
* REPL now experimentally supports top-level await when using the `--experimental-repl-await` flag. #eeab7bc068
* The previously deprecated "magic mode" has been removed. #4893f70d12
* The previously deprecated `NODE_REPL_HISTORY_FILE` environment variable has been removed. #60c9ad7979
* Proxy objects are shown as Proxy objects when inspected. #90a43906ab
* Streams
* The `'readable'` event is now always deferred with nextTick. #1e0f3315c7
* A new `pipeline()` method has been provided for building end-to-data stream pipelines. #a5cf3feaf1
* Experimental support for async for-await has been added to `stream.Readable`. #61b4d60c5d
* Timers
* The `enroll()` and `unenroll()` methods have been deprecated. #68783ae0b8
* TLS
* The `tls.convertNONProtocols()` method has been deprecated. #9204a0db6e
* Support for NPN (next protocol negotiation) has been dropped. #5bfbe5ceae
* The `ecdhCurve` default is now `'auto'`. #af78840b19
* Trace Events
* A new `trace_events` top-level module allows trace event categories to be enabled/disabld at runtime. #da5d818a54
* URL
* The WHATWG URL API is now a global. #312414662b
* Util
* `util.types.is[…]` type checks have been added. #b20af8088a
* Support for bigint formatting has been added to `util.inspect()`. #39dc947409
|
|
Notable changes:
No additional commits.
Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.
PR-URL: https://github.com/nodejs/node/pull/19681
|
|
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* CVE-2018-7158
* CVE-2018-7159
Notable Changes:
* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
are known to impact Node.js.
* **Fix for `'path'` module regular expression denial of service
(CVE-2018-7158)**: A regular expression used for parsing POSIX an
Windows paths could be used to cause a denial of service if an
attacker were able to have a specially crafted path string passed
through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
(CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
`Content-Length` header values. Such values now lead to rejected
connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
been added to the Node.js binary and 30 have been removed.
PR-URL: https://github.com/nodejs-private/node-private/pull/110
|
|
Add 80 characters limit to docs.
Change docs to fit 80 characters per row.
PR-URL: https://github.com/nodejs/node/pull/18726
Fixes: https://github.com/nodejs/node/issues/18703
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
|
|
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* CVE-2017-15896
* CVE-2017-3738 (from the openssl project)
Notable Changes:
* deps:
* openssl updated to 1.0.2n (Shigeki Ohtsu)
https://github.com/nodejs/node/pull/17526
PR-URL: https://github.com/nodejs/node/pull/17534
|
|
PR-URL: https://github.com/nodejs/node/pull/17163
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
|
|
Notable Changes:
* **crypto**:
- update root certificates (Ben Noordhuis)
https://github.com/nodejs/node/pull/13279
- update root certificates (Ben Noordhuis)
https://github.com/nodejs/node/pull/12402
* **deps**:
- add support for more modern versions of INTL (Bruno Pagani)
https://github.com/nodejs/node/pull/13040
- upgrade openssl sources to 1.0.2m (Shigeki Ohtsu)
https://github.com/nodejs/node/pull/16691
- upgrade openssl sources to 1.0.2l (Daniel Bevenius)
https://github.com/nodejs/node/pull/13233
PR-URL: https://github.com/nodejs/node/pull/16500
|
|
* Older experimental APIs have been removed.
[[`d731369b1d`](https://github.com/nodejs/node/commit/d731369b1d)]
[#14414](https://github.com/nodejs/node/pull/14414)
* **Errors**
* Improvements have been made to `buffer` module error messages.
* The assignment of static error codes to Node.js error continues:
* `buffer`
* `child_process`
* `console`
* `crypto`
* `dns`
* `events`
* `fs`
* `http`
* `inspector`
* `net`
* `path`
* `process`
* `querystring`
* `readline`
* `repl`
* `streams`
* `string_decoder`
* `timers`
* `tls`
* `url`
* `util`
* `v8`
* `zlib`
* **Child Processes**
* Errors are emitted on process nextTick.
* **Domains**
* The long-deprecated `.dispose()` method has been removed.
* **fs**
* The `fs.ReadStream` and `fs.WriteStream` classes now use `destroy()`.
* `fs` module callbacks are now invoked with an undefined context.
* **HTTP/1**
* A 400 Bad Request response will now be sent when parsing fails.
* Socket timeout will be set when the socket connects.
* A bug causing the request `'error'` event to fire twice was fixed.
* HTTP clients may now use generic `Duplex` streams in addition to `net.Socket`.
* **Intl**
* The deprecated `Intl.v8BreakIterator` has been removed.
* **Modules**
* The `require.resolve()` method now supports using custom lookup paths.
* **OS**
* The `os.EOL` property is now read-only.
* **Timers**
* `setTimeout()` will emit a warning if the timeout is larger that the maximum
32-bit unsigned integer.
|
|
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
for details on patched vulnerabilities.
Notable Changes:
* zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with
windowBits set to 8. On some versions this crashes Node and you
cannot recover from it, while on some versions it throws an
exception. Node.js will now gracefully set windowBits to 9
replicating the legacy behavior to avoid a DOS vector.
https://github.com/nodejs-private/node-private/pull/95
PR-URL: https://github.com/nodejs-private/node-private/pull/96
|
|
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
Notable Changes:
* build:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node
up to collision attacks which could result in a Denial of Service.
We have temporarily disabled snapshots until a more robust solution
is found (Ali Ijaz Sheikh)
* deps:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks
that there is enough data for the required elements of an NAPTR
record (2 int16, 3 bytes for string lengths) before processing a
record. (David Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/90
|
|
* **Async Hooks**
* The `async_hooks` module has landed in core
[[`4a7233c178`](https://github.com/nodejs/node/commit/4a7233c178)]
[#12892](https://github.com/nodejs/node/pull/12892).
* **Buffer**
* Using the `--pending-deprecation` flag will cause Node.js to emit a
deprecation warning when using `new Buffer(num)` or `Buffer(num)`.
[[`d2d32ea5a2`](https://github.com/nodejs/node/commit/d2d32ea5a2)]
[#11968](https://github.com/nodejs/node/pull/11968).
* `new Buffer(num)` and `Buffer(num)` will zero-fill new `Buffer` instances
[[`7eb1b4658e`](https://github.com/nodejs/node/commit/7eb1b4658e)]
[#12141](https://github.com/nodejs/node/pull/12141).
* Many `Buffer` methods now accept `Uint8Array` as input
[[`beca3244e2`](https://github.com/nodejs/node/commit/beca3244e2)]
[#10236](https://github.com/nodejs/node/pull/10236).
* **Child Process**
* Argument and kill signal validations have been improved
[[`97a77288ce`](https://github.com/nodejs/node/commit/97a77288ce)]
[#12348](https://github.com/nodejs/node/pull/12348),
[[`d75fdd96aa`](https://github.com/nodejs/node/commit/d75fdd96aa)]
[#10423](https://github.com/nodejs/node/pull/10423).
* Child Process methods accept `Uint8Array` as input
[[`627ecee9ed`](https://github.com/nodejs/node/commit/627ecee9ed)]
[#10653](https://github.com/nodejs/node/pull/10653).
* **Console**
* Error events emitted when using `console` methods are now supressed.
[[`f18e08d820`](https://github.com/nodejs/node/commit/f18e08d820)]
[#9744](https://github.com/nodejs/node/pull/9744).
* **Dependencies**
* The npm client has been updated to 5.0.0
[[`3c3b36af0f`](https://github.com/nodejs/node/commit/3c3b36af0f)]
[#12936](https://github.com/nodejs/node/pull/12936).
* V8 has been updated to 5.8 with forward ABI stability to 6.0
[[`60d1aac8d2`](https://github.com/nodejs/node/commit/60d1aac8d2)]
[#12784](https://github.com/nodejs/node/pull/12784).
* **Domains**
* Native `Promise` instances are now `Domain` aware
[[`84dabe8373`](https://github.com/nodejs/node/commit/84dabe8373)]
[#12489](https://github.com/nodejs/node/pull/12489).
* **Errors**
* We have started assigning static error codes to errors generated by Node.js.
This has been done through multiple commits and is still a work in
progress.
* **File System**
* The utility class `fs.SyncWriteStream` has been deprecated
[[`7a55e34ef4`](https://github.com/nodejs/node/commit/7a55e34ef4)]
[#10467](https://github.com/nodejs/node/pull/10467).
* The deprecated `fs.read()` string interface has been removed
[[`3c2a9361ff`](https://github.com/nodejs/node/commit/3c2a9361ff)]
[#9683](https://github.com/nodejs/node/pull/9683).
* **HTTP**
* Improved support for userland implemented Agents
[[`90403dd1d0`](https://github.com/nodejs/node/commit/90403dd1d0)]
[#11567](https://github.com/nodejs/node/pull/11567).
* Outgoing Cookie headers are concatenated into a single string
[[`d3480776c7`](https://github.com/nodejs/node/commit/d3480776c7)]
[#11259](https://github.com/nodejs/node/pull/11259).
* The `httpResponse.writeHeader()` method has been deprecated
[[`fb71ba4921`](https://github.com/nodejs/node/commit/fb71ba4921)]
[#11355](https://github.com/nodejs/node/pull/11355).
* New methods for accessing HTTP headers have been added to `OutgoingMessage`
[[`3e6f1032a4`](https://github.com/nodejs/node/commit/3e6f1032a4)]
[#10805](https://github.com/nodejs/node/pull/10805).
* **Lib**
* All deprecation messages have been assigned static identifiers
[[`5de3cf099c`](https://github.com/nodejs/node/commit/5de3cf099c)]
[#10116](https://github.com/nodejs/node/pull/10116).
* The legacy `linkedlist` module has been removed
[[`84a23391f6`](https://github.com/nodejs/node/commit/84a23391f6)]
[#12113](https://github.com/nodejs/node/pull/12113).
* **N-API**
* Experimental support for the new N-API API has been added
[[`56e881d0b0`](https://github.com/nodejs/node/commit/56e881d0b0)]
[#11975](https://github.com/nodejs/node/pull/11975).
* **Process**
* Process warning output can be redirected to a file using the
`--redirect-warnings` command-line argument
[[`03e89b3ff2`](https://github.com/nodejs/node/commit/03e89b3ff2)]
[#10116](https://github.com/nodejs/node/pull/10116).
* Process warnings may now include additional detail
[[`dd20e68b0f`](https://github.com/nodejs/node/commit/dd20e68b0f)]
[#12725](https://github.com/nodejs/node/pull/12725).
* **REPL**
* REPL magic mode has been deprecated
[[`3f27f02da0`](https://github.com/nodejs/node/commit/3f27f02da0)]
[#11599](https://github.com/nodejs/node/pull/11599).
* **Src**
* `NODE_MODULE_VERSION` has been updated to 57
(https://github.com/nodejs/node/commit/ec7cbaf266)]
[#12995](https://github.com/nodejs/node/pull/12995).
* Add `--pending-deprecation` command-line argument and
`NODE_PENDING_DEPRECATION` environment variable
[[`a16b570f8c`](https://github.com/nodejs/node/commit/a16b570f8c)]
[#11968](https://github.com/nodejs/node/pull/11968).
* The `--debug` command-line argument has been deprecated. Note that
using `--debug` will enable the *new* Inspector-based debug protocol
as the legacy Debugger protocol previously used by Node.js has been
removed. [[`010f864426`](https://github.com/nodejs/node/commit/010f864426)]
[#12949](https://github.com/nodejs/node/pull/12949).
* Throw when the `-c` and `-e` command-line arguments are used at the same
time [[`a5f91ab230`](https://github.com/nodejs/node/commit/a5f91ab230)]
[#11689](https://github.com/nodejs/node/pull/11689).
* Throw when the `--use-bundled-ca` and `--use-openssl-ca` command-line
arguments are used at the same time.
[[`8a7db9d4b5`](https://github.com/nodejs/node/commit/8a7db9d4b5)]
[#12087](https://github.com/nodejs/node/pull/12087).
* **Stream**
* `Stream` now supports `destroy()` and `_destroy()` APIs
[[`b6e1d22fa6`](https://github.com/nodejs/node/commit/b6e1d22fa6)]
[#12925](https://github.com/nodejs/node/pull/12925).
* `Stream` now supports the `_final()` API
[[`07c7f198db`](https://github.com/nodejs/node/commit/07c7f198db)]
[#12828](https://github.com/nodejs/node/pull/12828).
* **TLS**
* The `rejectUnauthorized` option now defaults to `true`
[[`348cc80a3c`](https://github.com/nodejs/node/commit/348cc80a3c)]
[#5923](https://github.com/nodejs/node/pull/5923).
* The `tls.createSecurePair()` API now emits a runtime deprecation
[[`a2ae08999b`](https://github.com/nodejs/node/commit/a2ae08999b)]
[#11349](https://github.com/nodejs/node/pull/11349).
* A runtime deprecation will now be emitted when `dhparam` is less than
2048 bits [[`d523eb9c40`](https://github.com/nodejs/node/commit/d523eb9c40)]
[#11447](https://github.com/nodejs/node/pull/11447).
* **URL**
* The WHATWG URL implementation is now a fully-supported Node.js API
[[`d080ead0f9`](https://github.com/nodejs/node/commit/d080ead0f9)]
[#12710](https://github.com/nodejs/node/pull/12710).
* **Util**
* `Symbol` keys are now displayed by default when using `util.inspect()`
[[`5bfd13b81e`](https://github.com/nodejs/node/commit/5bfd13b81e)]
[#9726](https://github.com/nodejs/node/pull/9726).
* `toJSON` errors will be thrown when formatting `%j`
[[`455e6f1dd8`](https://github.com/nodejs/node/commit/455e6f1dd8)]
[#11708](https://github.com/nodejs/node/pull/11708).
* Convert `inspect.styles` and `inspect.colors` to prototype-less objects
[[`aab0d202f8`](https://github.com/nodejs/node/commit/aab0d202f8)]
[#11624](https://github.com/nodejs/node/pull/11624).
* The new `util.promisify()` API has been added
[[`99da8e8e02`](https://github.com/nodejs/node/commit/99da8e8e02)]
[#12442](https://github.com/nodejs/node/pull/12442).
* **Zlib**
* Support `Uint8Array` in Zlib convenience methods
[[`91383e47fd`](https://github.com/nodejs/node/commit/91383e47fd)]
[#12001](https://github.com/nodejs/node/pull/12001).
* Zlib errors now use `RangeError` and `TypeError` consistently
[[`b514bd231e`](https://github.com/nodejs/node/commit/b514bd231e)]
[#11391](https://github.com/nodejs/node/pull/11391).
|
|
Make the style of "Note:" paragraphs consistent and document the
guidelines in `doc/STYLE_GUIDE.md`.
PR-URL: https://github.com/nodejs/node/pull/13133
Fixes: https://github.com/nodejs/node/issues/13131
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/13039
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
|
|
Notable Changes:
* module:
- The module loading global fallback to the Node executable's
directory now works correctly on Windows.
(Richard Lau) https://github.com/nodejs/node/pull/9283
* src:
- fix base64 decoding in rare edgecase
(Nikolai Vavilov) https://github.com/nodejs/node/pull/11995
* tls:
- fix rare segmentation faults when using TLS
* (Trevor Norris) https://github.com/nodejs/node/pull/11947
* (Ben Noordhuis) https://github.com/nodejs/node/pull/11898
* (jBarz) https://github.com/nodejs/node/pull/11776
PR-URL: https://github.com/nodejs/node/pull/12499
|
|
This is a maintenance release to fix a memory leak that was
introduced in 4.8.1.
It also includes an upgrade to zlib 1.2.11 to fix a number of low
severity CVEs that were present in zlib 1.2.8.
http://seclists.org/oss-sec/2016/q4/602
Notable changes:
* crypto:
- fix memory leak if certificate is revoked (Tom Atkinson)
https://github.com/nodejs/node/pull/12089
* deps:
- upgrade zlib to 1.2.11 (Sam Roberts)
https://github.com/nodejs/node/pull/10980
|
|
Notable Changes:
* buffer:
- The performance of `.toJSON()` is now up to 2859% faster on average
(Brian White) https://github.com/nodejs/node/pull/10895
* IPC:
- Batched writes have been enabled for process IPC on platforms that
support Unix Domain Sockets. (Alexey Orlenko)
https://github.com/nodejs/node/pull/10677
- Performance gains may be up to 40% for some workloads.
* http:
- Control characters are now always rejected when using
`http.request()`. (Ben Noordhuis)
https://github.com/nodejs/node/pull/8923
* node:
- Heap statistics now support values larger than 4GB. (Ben Noordhuis)
https://github.com/nodejs/node/pull/10186
PR-URL: https://github.com/nodejs/node/pull/11760
|
|
Notable Changes:
* child_process: add shell option to spawn() (cjihrig)
https://github.com/nodejs/node/pull/4598
* crypto:
* add ALPN Support (Shigeki Ohtsu)
https://github.com/nodejs/node/pull/2564
* allow adding extra certs to well-known CAs (Sam Roberts)
https://github.com/nodejs/node/pull/9139
* deps:
* v8: expose statistics about heap spaces (Ben Ripkens)
https://github.com/nodejs/node/pull/4463
* fs: add the fs.mkdtemp() function. (Florian MARGAINE)
https://github.com/nodejs/node/pull/5333
* process:
* add `externalMemory` to `process` (Fedor Indutny)
https://github.com/nodejs/node/pull/9587
* add process.cpuUsage() (Patrick Mueller)
https://github.com/nodejs/node/pull/10796
PR-URL: https://github.com/nodejs/node/pull/10973
|
|
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k
Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website
https://nodejs.org/en/blog/vulnerability/openssl-january-2017/
Notable Changes:
* deps:
- upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
https://github.com/nodejs/node/pull/11021
PR-URL: https://github.com/nodejs/node/pull/11083
|
|
This is a special release that contains 0 commits. While promoting
additional platforms for v4.7.1 after the release, the tarballs on the
release server were overwritten and now have different shasums. In
order to remove any ambiguity around the release we have opted to do a
semver patch release with no changes.
|
|
This LTS release comes with 180 commits. This includes 117 which are
test related, 34 which are doc related, 15 which are build / tool
related, and 1 commit which is an update to dependencies.
Notable Changes:
* build:
- shared library support is now working for AIX builds
(Stewart Addison) https://github.com/nodejs/node/pull/9675
* repl:
- Passing options to the repl will no longer overwrite defaults
(cjihrig) https://github.com/nodejs/node/pull/7826
* timers:
- Re canceling a cancelled timers will no longer throw
(Jeremiah Senkpiel) https://github.com/nodejs/node/pull/9685
PR-URL: https://github.com/nodejs/node/pull/10395
|
|
This LTS release comes with 108 commits. This includes 30 which are doc
related, 28 which are test related, 16 which are build / tool related,
and 4 commits which are updates to dependencies.
Notable Changes:
The SEMVER-MINOR changes include:
* build:
- export openssl symbols on Windows making it possible to build
addons linked against the bundled version of openssl (Alex Hultman)
https://github.com/nodejs/node/pull/7576
* debugger:
- make listen address configurable in the debugger server
(Ben Noordhuis) https://github.com/nodejs/node/pull/3316
* dgram:
- generalized send queue to handle close fixing a potential throw
when dgram socket is closed in the listening event handler.
(Matteo Collina) https://github.com/nodejs/node/pull/7066
* http:
- Introduce the 451 status code "Unavailable For Legal Reasons"
(Max Barinov) https://github.com/nodejs/node/pull/4377
* tls:
- introduce `secureContext` for `tls.connect` which is useful for
caching client certificates, key, and CA certificates.
(Fedor Indutny) https://github.com/nodejs/node/pull/4246
Notable SEMVER-PATCH changes include:
* build:
- introduce the configure --shared option for embedders (sxa555)
https://github.com/nodejs/node/pull/6994
* gtest:
- the test reporter now outputs tap comments as yamlish
(Johan Bergström) https://github.com/nodejs/node/pull/9262
* src:
- node no longer aborts when c-ares initialization fails
(Ben Noordhuis) https://github.com/nodejs/node/pull/8710
* tls:
- fix memory leak when writing data to TLSWrap instance during
handshake (Fedor Indutny)
https://github.com/nodejs/node/pull/9586
PR-URL: https://github.com/nodejs/node/pull/9736
|
|
Originally was h2 should be h3
PR-URL: https://github.com/nodejs/node/pull/9515
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
This LTS release comes with 219 commits. This includes 80 commits that
are docs related, 58 commits that are test related, 20 commits that
are build / tool related, and 9 commits that are updates to
dependencies.
Notable Changes
* build:
- It is now possible to build the documentation from the release
tarball (Anna Henningsen)
https://github.com/nodejs/node/pull/8413
* buffer:
- Buffer.alloc() will no longer incorrectly return a zero filled
buffer when an encoding is passed (Teddy Katz)
https://github.com/nodejs/node/pull/9238
* deps:
- upgrade npm in LTS to 2.15.11 (Kat Marchán)
https://github.com/nodejs/node/pull/8928
* repl:
- Enable tab completion for global properties (Lance Ball)
https://github.com/nodejs/node/pull/7369
* url:
- `url.format()` will now encode all `#` in `search` (Ilkka Myller)
https://github.com/nodejs/node/pull/8072
PR-URL: https://github.com/nodejs/node/pull/9298
|
|
Notable Changes:
* Buffer
* Passing invalid input to Buffer.byteLength will now throw an error [#8946](https://github.com/nodejs/node/pull/8946).
* Calling Buffer without new is now deprecated and will emit a process warning [#8169](https://github.com/nodejs/node/pull/8169).
* Passing a negative number to allocUnsafe will now throw an error [#7079](https://github.com/nodejs/node/pull/7079).
* Child Process
* The fork and execFile methods now have stronger argument validation [#7399](https://github.com/nodejs/node/pull/7399).
* Cluster
* The worker.suicide method is deprecated and will emit a process warning [#3747](https://github.com/nodejs/node/pull/3747).
* Deps
* V8 has been updated to 5.4.500.36 [#8317](https://github.com/nodejs/node/pull/8317), [#8852](https://github.com/nodejs/node/pull/8852), [#9253](https://github.com/nodejs/node/pull/9253).
* NODE_MODULE_VERSION has been updated to 51 [#8808](https://github.com/nodejs/node/pull/8808).
* File System
* A process warning is emitted if a callback is not passed to async file system methods [#7897](https://github.com/nodejs/node/pull/7897).
* Intl
* Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [#8908](https://github.com/nodejs/node/pull/8908).
* Promises
* Unhandled Promise rejections have been deprecated and will emit a process warning [#8217](https://github.com/nodejs/node/pull/8217).
* Punycode
* The `punycode` module has been deprecated [#7941](https://github.com/nodejs/node/pull/7941).
* URL
* An Experimental WHATWG URL Parser has been introduced [#7448](https://github.com/nodejs/node/pull/7448).
PR-URL: https://github.com/nodejs/node/pull/9099
|
|
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.
Notable changes:
* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg)
PR-URL: https://github.com/nodejs/node/pull/9153
|
|
Some commit links in the changelogs were pointing to incorrect/missing
shas.
PR-URL: https://github.com/nodejs/node/pull/8122
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
for details on patched vulnerabilities.
Notable Changes
Semver Minor:
* openssl:
- Upgrade to 1.0.2i, fixes a number of defects impacting Node.js:
CVE-2016-6304 ("OCSP Status Request extension unbounded memory
growth", high severity), CVE-2016-2183, CVE-2016-6303,
CVE-2016-2178 and CVE-2016-6306.
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/8714
- Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in
a crash when using CRLs, CVE-2016-7052.
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/8786
- Remove support for loading dynamic third-party engine modules.
An attacker may be able to hide malicious code to be inserted into
Node.js at runtime by masquerading as one of the dynamic engine
modules. Originally reported by Ahmed Zaki (Skype).
(Ben Noordhuis) https://github.com/nodejs/node-private/pull/70
* http: CVE-2016-5325 - Properly validate for allowable characters in
the `reason` argument in `ServerResponse#writeHead()`. Fixes a
possible response splitting attack vector. This introduces a new
case where `throw` may occur when configuring HTTP responses, users
should already be adopting try/catch here. Originally reported
independently by Evan Lucas and Romain Gaucher.
(Evan Lucas) https://github.com/nodejs/node-private/pull/46
Semver Patch:
* buffer: Zero-fill excess bytes in new `Buffer` objects created with
`Buffer.concat()` while providing a `totalLength` parameter that
exceeds the total length of the original `Buffer` objects being
concatenated.
(Сковорода Никита Андреевич) https://github.com/nodejs/node-private/pull/65
* tls: CVE-2016-7099 - Fix invalid wildcard certificate validation
check whereby a TLS server may be able to serve an invalid wildcard
certificate for its hostname due to improper validation of `*.` in
the wildcard string. Originally reported by Alexander Minozhenko and
James Bunton (Atlassian).
(Ben Noordhuis) https://github.com/nodejs/node-private/pull/63
PR-URL: https://github.com/nodejs/node-private/pull/74
|
|
New rules:
1. rule-style
2. strong-marker
3. no-shell-dollars
4. no-inline-padding
5. code-block-style
6. no-multiple-toplevel-headings
Fixes to the existing files applied.
PR-URL: https://github.com/nodejs/node/pull/8708
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Notable Changes:
Semver Minor:
* buffer:
* backport new buffer constructor APIs to v4.x
(Сковорода Никита Андреевич)
https://github.com/nodejs/node/pull/7562
* backport --zero-fill-buffers cli option (James M Snell)
https://github.com/nodejs/node/pull/5745
* build:
* add Intel Vtune profiling support (Chunyang Dai)
https://github.com/nodejs/node/pull/5527
* repl:
* copying tabs shouldn't trigger completion (Eugene Obrezkov)
https://github.com/nodejs/node/pull/5958
* src:
* add node::FreeEnvironment public API (Cheng Zhao)
https://github.com/nodejs/node/pull/3098
* test:
* run v8 tests from node tree (Bryon Leung)
https://github.com/nodejs/node/pull/4704
* V8:
* Add post mortem data to improve object inspection and function's
context variables inspection (Fedor Indutny)
https://github.com/nodejs/node/pull/3779
Semver Patch:
* **buffer**:
* ignore negative allocation lengths (Anna Henningsen)
https://github.com/nodejs/node/pull/7562
* **crypto**:
* update root certificates (Ben Noordhuis)
https://github.com/nodejs/node/pull/7363
* **libuv**:
* upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé)
https://github.com/nodejs/node/pull/6796
* upgrade libuv to 1.9.0 (Saúl Ibarra Corretgé)
https://github.com/nodejs/node/pull/5994
* **npm**:
* upgrade to 2.15.9 (Kat Marchán)
https://github.com/nodejs/node/pull/7692
|
|
* Fix markdown code sample in releases.md, it was <a id="x.y.x></a>"
* Fix some markdown errors, e.g. in changelogs
* Fix broken defs links, e.g. in domain-postmortem.md
* Fix other broken refs, by addaleax
* Add links to some defs that were present but not linked to
* Remove dead defs
* Move defs to the bottom (one file affected)
* Add language indicators to all code blocks, using `txt` when no
specific language could be chosen
* Some minor formatting changes (spaces, ident, headings)
PR-URL: https://github.com/nodejs/node/pull/7637
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Roman Reiss <me@silverwind.io>
|
|
This LTS release comes with 89 commits. This includes 46 commits that
are docs related, 11 commits that are test related, 8 commits that are
build related, and 4 commits that are benchmark related.
Notable Changes:
- debugger:
- All properties of an array (aside from length) can now be printed
in the repl (cjihrig)
https://github.com/nodejs/node/pull/6448
- npm:
- Upgrade npm to 2.15.8 (Rebecca Turner)
https://github.com/nodejs/node/pull/7412
- stream:
- Fix for a bug that became more prevalent with the stream changes
that landed in v4.4.5. (Anna Henningsen)
https://github.com/nodejs/node/pull/7160
- V8:
- Fix for a bug in crankshaft that was causing crashes on arm64
(Myles Borins)
https://github.com/nodejs/node/pull/7442
- Add missing classes to postmortem info such as JSMap and JSSet
(evan.lucas)
https://github.com/nodejs/node/pull/3792
|
|
The current layout is breaking the release post tool.
This commit also removed erroneous entires in the main CHANGELOG for
v4.4.6 and v5.12.0.
PR-URL: https://github.com/nodejs/node/pull/7394
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
This is an important security release. All Node.js users should consult
the security release summary at nodejs.org for details on patched
vulnerabilities.
This release is specifically related to a Buffer overflow vulnerability
discovered in v8, more details can be found in the CVE
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669
PR-URL: https://github.com/nodejs/node-private/pull/41
|
|
Remove extra newlines that were causing rendering problems.
PR-URL: https://github.com/nodejs/node/pull/6958
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
|
|
Notable changes:
* **buffer**:
* Buffer no longer errors if you call lastIndexOf with a search term
longer than the buffer (Anna Henningsen)
https://github.com/nodejs/node/pull/6511
* contextify:
* Context objects are now properly garbage collected, this solves a
problem some individuals were experiencing with extreme memory
growth (Ali Ijaz Sheikh)
https://github.com/nodejs/node/pull/6871
* deps:
* update npm to 2.15.5 (Rebecca Turner)
https://github.com/nodejs/node/pull/6663
* http:
* Invalid status codes can no longer be sent. Limited to 3 digit
numbers between 100 - 999 (Brian White)
https://github.com/nodejs/node/pull/6291
|
|
The changelog was getting rather huge and difficult
to manage. It also wasn't very useful in terms of
being able to quickly find specific Node.js versions,
or tracking the history for a single major release
stream.
This reorganizes the changelog by versions separated
out over multiple files. An index of the most recent
versions is provided in the main log.
PR-URL: https://github.com/nodejs/node/pull/6503
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
|
