| Age | Commit message (Collapse) | Author |
|---|
|
The 8.14.0 security release introduced some unexpected breakages on
the 8.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.
Notable changes:
* cli:
- add --max-http-header-size flag (cjihrig)
https://github.com/nodejs/node/pull/24811
* http:
- add maxHeaderSize property (cjihrig)
https://github.com/nodejs/node/pull/24860
PR-URL: https://github.com/nodejs/node/pull/25177
|
|
Notable changes:
* **assert**:
- revert breaking change (Ruben Bridgewater)
[#24786](https://github.com/nodejs/node/pull/24786)
* **http2**:
- fix sequence of error/close events (Gerhard Stoebich)
[#24789](https://github.com/nodejs/node/pull/24789)
PR-URL: https://github.com/nodejs/node/pull/24832
|
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* Node.js: HTTP request splitting (CVE-2018-12116)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407)
Notable Changes:
* deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
* Two-byte characters are now strictly disallowed for the `path` option in
HTTP client requests. Paths containing characters outside of the range
`\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior
can be reverted if necessary by supplying the
`--security-revert=CVE-2018-12116` command line argument (this is not
recommended). Reported as security concern for Node.js 6 and 8 by
Arkadiy Tetelman (lob.com), fixed by backporting a change by Benno
Fünfstück applied to Node.js 10 and later.
(CVE-2018-12116 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/154
|
|
Notable changes:
* **assert**:
- backport some assert commits (Ruben Bridgewater)
[#23223](https://github.com/nodejs/node/pull/23223)
* **deps**:
- upgrade to libuv 1.23.2 (cjihrig)
[#23336](https://github.com/nodejs/node/pull/23336)
- V8: cherry-pick 64-bit hash seed commits (Yang Guo)
[#23274](https://github.com/nodejs/node/pull/23274)
* **http**:
- added aborted property to request (Robert Nagy)
[#20094](https://github.com/nodejs/node/pull/20094)
* **http2**:
- graduate from experimental (James M Snell)
[#22466](https://github.com/nodejs/node/pull/22466)
PR-URL: https://github.com/nodejs/node/pull/23974
|
|
Notable changes:
* Build
* FreeBSD 10 is no longer supported.[#22617](https://github.com/nodejs/node/pull/22617)
* `child_process`
* The default value of the `windowsHide` option has been changed
to `true`. [#21316](https://github.com/nodejs/node/pull/21316)
* `console`
* `console.countReset()` will emit a warning if the timer
being reset does not exist. [#21649](https://github.com/nodejs/node/pull/21649)
* `console.time()` will no longer reset a timer if it already
exists. [#20442](https://github.com/nodejs/node/pull/20442)
* Dependencies
* V8 has been updated to 7.0.
[#22754](https://github.com/nodejs/node/pull/22754)
* `fs`
* The `fs.read()` method now requires a callback.
[#22146](https://github.com/nodejs/node/pull/22146)
* The previously deprecated `fs.SyncWriteStream` utility has been
removed.[#20735](https://github.com/nodejs/node/pull/20735)
* `http`
* The `http`, `https`, and `tls` modules now use the WHATWG URL parser
by default. [#20270](https://github.com/nodejs/node/pull/20270)
* General
* Use of `process.binding()` has been deprecated. Userland code using
`process.binding()` should re-evaluate that use and begin migrating. If
there are no supported API alternatives, please open an issue in the
Node.js GitHub repository so that a suitable alternative may be discussed.
* An experimental implementation of `queueMicrotask()` has been added.
[#22951](https://github.com/nodejs/node/pull/22951)
* Internal
* Windows performance-counter support has been removed.
[#22485](https://github.com/nodejs/node/pull/22485)
* The `--expose-http2` command-line option has been removed.
[#20887](https://github.com/nodejs/node/pull/20887)
* Timers
* Interval timers will be rescheduled even if previous interval threw
an error. [#20002](https://github.com/nodejs/node/pull/20002)
* `util`
* The WHATWG `TextEncoder` and `TextDecoder` are now globals.
[#22281](https://github.com/nodejs/node/pull/22281)
* `util.inspect()` output size is limited to 128 MB by default.
[#22756](https://github.com/nodejs/node/pull/22756)
* A runtime warning will be emitted when `NODE_DEBUG` is set for
either `http` or `http2`. [#21914](https://github.com/nodejs/node/pull/21914)
|
|
Notable Changes:
* async_hooks:
- rename PromiseWrap.parentId (Ali Ijaz Sheikh)
https://github.com/nodejs/node/pull/18633
- remove runtime deprecation (Ali Ijaz Sheikh)
https://github.com/nodejs/node/pull/19517
- deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh)
https://github.com/nodejs/node/pull/18513
* cluster:
- add cwd to cluster.settings (cjihrig)
https://github.com/nodejs/node/pull/18399
- support windowsHide option for workers (Todd Wong)
https://github.com/nodejs/node/pull/17412
* crypto:
- allow passing null as IV unless required (Tobias Nießen)
https://github.com/nodejs/node/pull/18644
* deps:
- upgrade npm to 6.2.0 (Kat Marchán)
https://github.com/nodejs/node/pull/21592
- upgrade libuv to 1.19.2 (cjihrig)
https://github.com/nodejs/node/pull/18918
- Upgrade node-inspect to 1.11.5 (Jan Krems)
https://github.com/nodejs/node/pull/21055
* fs,net:
- support as and as+ flags in stringToFlags() (Sarat Addepalli)
https://github.com/nodejs/node/pull/18801
- emit 'ready' for fs streams and sockets (Sameer Srivastava)
https://github.com/nodejs/node/pull/19408
* http, http2:
- add options to http.createServer() (Peter Marton)
https://github.com/nodejs/node/pull/15752
- add 103 Early Hints status code (Yosuke Furukawa)
https://github.com/nodejs/node/pull/16644
- add http fallback options to .createServer (Peter Marton)
https://github.com/nodejs/node/pull/15752
* n-api:
- take n-api out of experimental (Michael Dawson)
https://github.com/nodejs/node/pull/19262
* perf_hooks:
- add warning when too many entries in the timeline (James M Snell)
https://github.com/nodejs/node/pull/18087
* src:
- add public API for managing NodePlatform (Cheng Zhao)
https://github.com/nodejs/node/pull/16981
- allow --perf-(basic-)?prof in NODE\_OPTIONS (Leko)
https://github.com/nodejs/node/pull/17600
- node internals' postmortem metadata (Matheus Marchini)
https://github.com/nodejs/node/pull/14901
* tls:
- expose Finished messages in TLSSocket (Anton Salikhmetov)
https://github.com/nodejs/node/pull/19102
* **trace_events**:
- add file pattern cli option (Andreas Madsen)
https://github.com/nodejs/node/pull/18480
* util:
- implement util.getSystemErrorName() (Joyee Cheung)
https://github.com/nodejs/node/pull/18186
PR-URL: https://github.com/nodejs/node/pull/21593
|
|
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* CVE-2018-0732 (OpenSSL)
* CVE-2018-12115 (Node.js)
Notable changes:
* buffer: Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
(CVE-2018-12115)
* deps: Upgrade to OpenSSL 1.0.2p, fixing:
* Client DoS due to large DH parameter (CVE-2018-0732)
* ECDSA key extraction via local side-channel (CVE not assigned)
|
|
Notable changes:
* **buffer** (CVE-2018-7167): Fixes Denial of Service vulnerability
where calling Buffer.fill() could hang
* **http2**
* (CVE-2018-7161): Fixes Denial of Service vulnerability by
updating the http2 implementation to not crash under
certain circumstances during cleanup
* (CVE-2018-1000168): Fixes Denial of Service vulnerability
by upgrading nghttp2 to 1.32.0
PR-URL: https://github.com/nodejs-private/node-private/pull/126
|
|
Notable Changes:
deps:
- update node-inspect to 1.11.3 (Jan Krems)
https://github.com/nodejs/node/pull/18354
- update nghttp2 to 1.29.0 (James M Snell)
https://github.com/nodejs/node/pull/17908
http2:
- Sync with current release stream
n-api:
- Sync with current release stream
PR-URL: https://github.com/nodejs/node/pull/20478
|
|
* Assert
* Calling `assert.fail()` with more than one argument is deprecated. #70dcacd710
* Calling `assert.ok()` with no arguments will now throw. #3cd7977a42
* Calling `assert.ifError()` will now throw with any argument other than `undefined` or `null`. Previously the method would throw with any truthy value. #e65a6e81ef
* The `assert.rejects()` and `assert.doesNotReject()` methods have been added for working with async functions. #599337f43e
* Async_hooks
* Older experimental async_hooks APIs have been removed. #1cc6b993b9
* Buffer
* Uses of `new Buffer()` and `Buffer()` outside of the `node_modules` directory will now emit a runtime deprecation warning. #9d4ab90117
* `Buffer.isEncoding()` now returns `undefined` for falsy values, including an empty string. #452eed956e
* `Buffer.fill()` will throw if an attempt is made to fill with an empty `Buffer`. #1e802539b2
* Child Process
* Undefined properties of env are ignored. #38ee25e2e2, #85739b6c5b
* Console
* The `console.table()` method has been added. #97ace04492
* Crypto
* The `crypto.createCipher()` and `crypto.createDecipher()` methods have been deprecated. Please use `crypto.createCipheriv()` and `crypto.createDecipheriv()` instead. #81f88e30dd
* The `decipher.finaltol()` method has been deprecated. #19f3927d92
* The `crypto.DEFAULT_ENCODING` property has been deprecated. #6035beea93
* The `ECDH.convertKey()` method has been added. #f2e02883e7
* The `crypto.fips` property has been deprecated. #6e7992e8b8
* Dependencies
* V8 has been updated to 6.6. #9daebb48d6
* OpenSSL has been updated to 1.1.0h. #66cb29e646
* EventEmitter
* The `EventEmitter.prototype.off()` method has been added as an alias for `EventEmitter.prototype.removeListener()`. #3bb6f07d52
* File System
* The `fs.promises` API provides experimental promisified versions of the `fs` functions. #329fc78e49
* Invalid path errors are now thrown synchronously. #d8f73385e2
* The `fs.readFile()` method now partitions reads to avoid thread pool exhaustion. #67a4ce1c6e
* HTTP
* Processing of HTTP Status codes `100`, `102-199` has been improved. #baf8495078
* Multi-byte characters in URL paths are now forbidden. #b961d9fd83
* N-API
* The n-api is no longer experimental. #cd7d7b15c1
* Net
* The `'close'` event will be emitted after `'end'`. #9b7a6914a7
* Perf_hooks
* The `PerformanceObserver` class is now an `AsyncResource` and can be monitored using `async_hooks`. #009e41826f
* Trace events are now emitted for performance events. #9e509b622b
* The `performance` API has been simplified. #2ec6995555
* Performance milestone marks will be emitted as trace events. #96cb4fb795
* Process
* Using non-string values for `process.env` is deprecated. #5826fe4e79
* The `process.assert()` method is deprecated. #703e37cf3f
* REPL
* REPL now experimentally supports top-level await when using the `--experimental-repl-await` flag. #eeab7bc068
* The previously deprecated "magic mode" has been removed. #4893f70d12
* The previously deprecated `NODE_REPL_HISTORY_FILE` environment variable has been removed. #60c9ad7979
* Proxy objects are shown as Proxy objects when inspected. #90a43906ab
* Streams
* The `'readable'` event is now always deferred with nextTick. #1e0f3315c7
* A new `pipeline()` method has been provided for building end-to-data stream pipelines. #a5cf3feaf1
* Experimental support for async for-await has been added to `stream.Readable`. #61b4d60c5d
* Timers
* The `enroll()` and `unenroll()` methods have been deprecated. #68783ae0b8
* TLS
* The `tls.convertNONProtocols()` method has been deprecated. #9204a0db6e
* Support for NPN (next protocol negotiation) has been dropped. #5bfbe5ceae
* The `ecdhCurve` default is now `'auto'`. #af78840b19
* Trace Events
* A new `trace_events` top-level module allows trace event categories to be enabled/disabld at runtime. #da5d818a54
* URL
* The WHATWG URL API is now a global. #312414662b
* Util
* `util.types.is[…]` type checks have been added. #b20af8088a
* Support for bigint formatting has been added to `util.inspect()`. #39dc947409
|
|
Notable changes:
No additional commits.
Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.
Note that Node.js versions 10.X and later will be built with version
4.9.X or later of the GCC compiler, and it is possible that Node.js
version 8.X may be built on the 4.9.X compiler at a later time as the
stated minimum compiler requirement for Node.js version 8.X is 4.9.4.
Refs: https://github.com/nodejs/node/blob/v8.x/BUILDING.md
PR-URL: https://github.com/nodejs/node/pull/19679
|
|
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* CVE-2018-7158
* CVE-2018-7159
* CVE-2018-7160
Notable changes:
* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
are known to impact Node.js.
* **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
A malicious website could use a DNS rebinding attack to trick a web
browser to bypass same-origin-policy checks and allow HTTP
connections to localhost or to hosts on the local network,
potentially to an open inspector port as a debugger, therefore
gaining full code execution access. The inspector now only allows
connections that have a browser `Host` value of `localhost` or
`localhost6`.
* **Fix for `'path'` module regular expression denial of service
(CVE-2018-7158)**: A regular expression used for parsing POSIX an
Windows paths could be used to cause a denial of service if an
attacker were able to have a specially crafted path string passed
through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
(CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
`Content-Length` header values. Such values now lead to rejected
connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
been added to the Node.js binary and 30 have been removed.
PR-URL: https://github.com/nodejs-private/node-private/pull/112
|
|
Notable changes:
* deps:
* update V8 to 6.2.414.46 (Michaël Zasso) [#16413](https://github.com/nodejs/node/pull/16413)
* revert ABI breaking changes in V8 6.2 (Anna Henningsen) [#16413](https://github.com/nodejs/node/pull/16413)
* upgrade libuv to 1.19.1 (cjihrig) [#18260](https://github.com/nodejs/node/pull/18260)
* re land npm 5.6.0 (Myles Borins) [#18625](https://github.com/nodejs/node/pull/18625)
* ICU 60 bump (Steven R. Loomis) [#16876](https://github.com/nodejs/node/pull/16876)
* crypto:
* Support both OpenSSL 1.1.0 and 1.0.2 (David Benjamin) [#16130](https://github.com/nodejs/node/pull/16130)
* warn on invalid authentication tag length (Tobias Nießen) [#17566](https://github.com/nodejs/node/pull/17566)
* async_hooks:
* update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) [#18004](https://github.com/nodejs/node/pull/18004)
* use typed array stack as fast path (Anna Henningsen) [#17780](https://github.com/nodejs/node/pull/17780)
* use scope for defaultTriggerAsyncId (Andreas Madsen) [#17273](https://github.com/nodejs/node/pull/17273)
* separate missing from default context (Andreas Madsen) [#17273](https://github.com/nodejs/node/pull/17273)
* rename initTriggerId (Andreas Madsen) [#17273](https://github.com/nodejs/node/pull/17273)
* deprecate undocumented API (Andreas Madsen) [#16972](https://github.com/nodejs/node/pull/16972)
* add destroy event for gced AsyncResources (Sebastian Mayr) [#16998](https://github.com/nodejs/node/pull/16998)
* add trace events to async_hooks (Andreas Madsen) [#15538](https://github.com/nodejs/node/pull/15538)
* set HTTPParser trigger to socket (Andreas Madsen) [#18003](https://github.com/nodejs/node/pull/18003)
* add provider types for net server (Andreas Madsen) [#17157](https://github.com/nodejs/node/pull/17157)
* n-api:
* add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109)
* cli:
* add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) [#16495](https://github.com/nodejs/node/pull/16495)
* console:
* add support for console.debug (Benjamin Zaslavsky) [#17033](https://github.com/nodejs/node/pull/17033)
* module:
* add builtinModules (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386)
* replace default paths in require.resolve() (cjihrig) [#17113](https://github.com/nodejs/node/pull/17113)
* src:
* add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109)
* add process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839)
* http:
* support generic `Duplex` streams (Anna Henningsen) [#16267](https://github.com/nodejs/node/pull/16267)
* add rawPacket in err of `clientError` event (XadillaX) [#17672](https://github.com/nodejs/node/pull/17672)
* better support for IPv6 addresses (Mattias Holmlund) [#14772](https://github.com/nodejs/node/pull/14772)
* net:
* remove ADDRCONFIG DNS hint on Windows (Bartosz Sosnowski) [#17662](https://github.com/nodejs/node/pull/17662)
* process:
* fix reading zero-length env vars on win32 (Anna Henningsen) [#18463](https://github.com/nodejs/node/pull/18463)
* tls:
* unconsume stream on destroy (Anna Henningsen) [#17478](https://github.com/nodejs/node/pull/17478)
* process:
* improve unhandled rejection message (Madara Uchiha) [#17158](https://github.com/nodejs/node/pull/17158)
* stream:
* remove usage of *State.highWaterMark (Calvin Metcalf) [#12860](https://github.com/nodejs/node/pull/12860)
* trace_events:
* add executionAsyncId to init events (Andreas Madsen) [#17196](https://github.com/nodejs/node/pull/17196)
PR-URL: https://github.com/nodejs/node/pull/18336
|
|
Add 80 characters limit to docs.
Change docs to fit 80 characters per row.
PR-URL: https://github.com/nodejs/node/pull/18726
Fixes: https://github.com/nodejs/node/issues/18703
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/17774
Notable Changes:
* deps:
* upgrade npm to 5.6.0 (Kat Marchán) [#17535](https://github.com/nodejs/node/pull/17535)
* build:
* configure can now be run from any directory (Gibson Fahnestock) [#17321](https://github.com/nodejs/node/pull/17321)
|
|
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* CVE-2017-15896
* CVE-2017-15897
* CVE-2017-3738 (from the openssl project)
Notable Changes:
* buffer:
* buffer allocated with an invalid content will now be zero filled
(Anna Henningsen)
https://github.com/nodejs/node/pull/17428
* deps:
* openssl updated to 1.0.2n (Shigeki Ohtsu)
https://github.com/nodejs/node/pull/17526
PR-URL: https://github.com/nodejs/node/pull/17532
|
|
Notable Changes:
- **console**:
- avoid adding infinite error listeners (Matteo Collina) [#16770](https://github.com/nodejs/n
de/pull/16770)
- **http2**:
- improve errors thrown in header validation (Joyee Cheung) [#16718](https://github.com/nodej
s/node/pull/16718)
PR-URL: https://github.com/nodejs/node/pull/17204
|
|
PR-URL: https://github.com/nodejs/node/pull/17163
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
|
|
Notable Changes:
- **openssl**:
- upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691)
- ***Revert*** "**https**:
- refactor to use http internals" (Myles Borins) [#16660](https://github.com/nodejs/node/pull/16660)
PR-URL: https://github.com/nodejs/node/pull/16783
|
|
* Older experimental APIs have been removed.
[[`d731369b1d`](https://github.com/nodejs/node/commit/d731369b1d)]
[#14414](https://github.com/nodejs/node/pull/14414)
* **Errors**
* Improvements have been made to `buffer` module error messages.
* The assignment of static error codes to Node.js error continues:
* `buffer`
* `child_process`
* `console`
* `crypto`
* `dns`
* `events`
* `fs`
* `http`
* `inspector`
* `net`
* `path`
* `process`
* `querystring`
* `readline`
* `repl`
* `streams`
* `string_decoder`
* `timers`
* `tls`
* `url`
* `util`
* `v8`
* `zlib`
* **Child Processes**
* Errors are emitted on process nextTick.
* **Domains**
* The long-deprecated `.dispose()` method has been removed.
* **fs**
* The `fs.ReadStream` and `fs.WriteStream` classes now use `destroy()`.
* `fs` module callbacks are now invoked with an undefined context.
* **HTTP/1**
* A 400 Bad Request response will now be sent when parsing fails.
* Socket timeout will be set when the socket connects.
* A bug causing the request `'error'` event to fire twice was fixed.
* HTTP clients may now use generic `Duplex` streams in addition to `net.Socket`.
* **Intl**
* The deprecated `Intl.v8BreakIterator` has been removed.
* **Modules**
* The `require.resolve()` method now supports using custom lookup paths.
* **OS**
* The `os.EOL` property is now read-only.
* **Timers**
* `setTimeout()` will emit a warning if the timeout is larger that the maximum
32-bit unsigned integer.
|
|
This LTS release comes with 87 commits. This includes 30 that are
updates to lib/ or src/, 20 that are test related, 13 that are doc
related, 19 which are build / tools related, and 4 commits which are
updates to dependencies.
Notable Changes:
* doc:
- add Gibson Fahnestock to Release team (Gibson Fahnestock)
https://github.com/nodejs/node/pull/16620
* deps:
- update npm to 5.5.1 (Myles Borins)
https://github.com/nodejs/node/pull/16509
* http2:
- The exposed http2 socket is no longer manipulatable
(Anatoli Papirovski)
https://github.com/nodejs/node/pull/16330
* module:
- support custom paths to require.resolve() (cjihrig)
https://github.com/nodejs/node/pull/16397
* util:
- util.TextEncoder and util.TextDecoder are no longer experimental.
There will no longer be a warning when they are used
(James M Snell)
https://github.com/nodejs/node/pull/15743
PR-URL: https://github.com/nodejs/node/pull/16630
|
|
Should not be nested under the bullet point. Headings need to be at the
root level.
PR-URL: https://github.com/nodejs/node/pull/16507
Refs: https://github.com/nodejs/nodejs.org/pull/1425
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
|
|
Notable changes:
* net:
- Fix timeout with null handle issue. This is a regression in
Node 8.8.0. https://github.com/nodejs/node/pull/16489
|
|
PR-URL: https://github.com/nodejs/node/pull/16470
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Khaidi Chu <i@2333.moe>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
|
|
I hear that varible has an a in it.
PR-URL: https://github.com/nodejs/node/pull/16477
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/16462
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
|
|
Notable Changes:
* crypto:
- expose ECDH class
https://github.com/nodejs/node/pull/8188
* http2:
- http2 is now exposed by defualt without the need for a flag
https://github.com/nodejs/node/pull/15685
- a new environment varible NODE\_NO\_HTTP2 has been added to allow
userland http2 to be required
https://github.com/nodejs/node/pull/15685
- support has been added for generic `Duplex` streams
https://github.com/nodejs/node/pull/16269
* module:
- resolve and instantiate loader pipeline hooks have been added to
the ESM lifecycle
https://github.com/nodejs/node/pull/15445
* zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with
windowBits set to 8. On some versions this crashes Node and you
cannot recover from it, while on some versions it throws an
exception. Node.js will now gracefully set windowBits to 9
replicating the legacy behavior to avoid a DOS vector.
https://github.com/nodejs-private/node-private/pull/95
PR-URL: https://github.com/nodejs-private/node-private/pull/98
|
|
PR-URL: https://github.com/nodejs/node/pull/16165
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Notable Changes:
* deps:
* update npm to 5.4.2
https://github.com/nodejs/node/pull/15600
* upgrade libuv to 1.15.0
https://github.com/nodejs/node/pull/15745
* update V8 to 6.1.534.42
https://github.com/nodejs/node/pull/15393
* dgram:
* support for setting dgram socket buffer size
https://github.com/nodejs/node/pull/13623
* fs:
* add support O_DSYNC file open constant
https://github.com/nodejs/node/pull/15451
* util:
* deprecate obj.inspect for custom inspection
https://github.com/nodejs/node/pull/15631
* tools, build:
* there is a fancy new macOS installer
https://github.com/nodejs/node/pull/15179
* Added new collaborator
* bmeurer - Benedikt Meurer - https://github.com/bmeurer
* kfarnung - Kyle Farnung - https://github.com/kfarnung
PR-URL: https://github.com/nodejs/node/pull/15762
|
|
PR-URL: https://github.com/nodejs/node/pull/15716
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
* **crypto**
* Support for multiple ECDH curves. [#15206](https://github.com/nodejs/node/pull/15206)
* **dgram**
* Added `setMulticastInterface()` API. [#7855](https://github.com/nodejs/node/pull/7855)
* Custom lookup functions are now supported. [#14560](https://github.com/nodejs/node/pull/14560)
* **n-api**
* The command-line flag is no longer required to use N-API. [#14902](https://github.com/nodejs/node/pull/14902)
* **tls**
* Docs-only deprecation of `parseCertString()`. [#14245](https://github.com/nodejs/node/pull/14245)
* **New Contributors**
* Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](https://github.com/nodejs/node/pull/15354)
|
|
The original changelog included incorrect information regarding
the new perf_hooks api.
refs: https://github.com/nodejs/node/pull/15308#issuecomment-328874385
PR-URL: https://github.com/nodejs/node/pull/15384
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Notable Changes
* build:
* Snapshots are now re-enabled in V8
https://github.com/nodejs/node/pull/14875
* console:
* Implement minimal `console.group()`.
https://github.com/nodejs/node/pull/14910
* deps:
* upgrade libuv to 1.14.1
https://github.com/nodejs/node/pull/14866
* update nghttp2 to v1.25.0
https://github.com/nodejs/node/pull/14955
* dns:
* Add `verbatim` option to dns.lookup(). When true, results from the
DNS resolver are passed on as-is, without the reshuffling that
Node.js otherwise does that puts IPv4 addresses before IPv6
addresses.
https://github.com/nodejs/node/pull/14731
* fs:
* add fs.copyFile and fs.copyFileSync which allows for more efficient
copying of files.
https://github.com/nodejs/node/pull/15034
* inspector:
* Enable async stack traces
https://github.com/nodejs/node/pull/13870
* module:
* Add support for ESM. This is currently behind the
`--experimental-modules` flag and requires the .mjs extension.
`node --experimental-modules index.mjs`
https://github.com/nodejs/node/pull/14369
* napi:
* implement promise
https://github.com/nodejs/node/pull/14365
* os:
* Add support for CIDR notation to the output of the
networkInterfaces() method.
https://github.com/nodejs/node/pull/14307
* perf_hooks:
* An initial implementation of the Performance Timing API for
Node.js. This is the same Performance Timing API implemented by
modern browsers with a number of Node.js specific properties. The
User Timing mark() and measure() APIs are implemented, as is a
Node.js specific flavor of the Frame Timing for measuring event
loop duration.
https://github.com/nodejs/node/pull/14680
* tls:
* multiple PFX in createSecureContext
[#14793](https://github.com/nodejs/node/pull/14793)
* Added new collaborators:
* BridgeAR – Ruben Bridgewater
PR-URL: https://github.com/nodejs/node/pull/15308
|
|
Notable changes
* **HTTP2**
* Experimental support for the built-in `http2` has been added via the
`--expose-http2` flag.
[#14239](https://github.com/nodejs/node/pull/14239)
* **Inspector**
* `require()` is available in the inspector console now.
[#8837](https://github.com/nodejs/node/pull/8837)
* Multiple contexts, as created by the `vm` module, are supported now.
[#14465](https://github.com/nodejs/node/pull/14465)
* **N-API**
* New APIs for creating number values have been introduced.
[#14573](https://github.com/nodejs/node/pull/14573)
* **Stream**
* For `Duplex` streams, the high water mark option can now be set
independently for the readable and the writable side.
[#14636](https://github.com/nodejs/node/pull/14636)
* **Util**
* `util.format` now supports the `%o` and `%O` specifiers for printing
objects.
[#14558](https://github.com/nodejs/node/pull/14558)
PR-URL: https://github.com/nodejs/node/pull/14811
|
|
V8 6.0:
The V8 engine has been upgraded to version 6.0, which has a significantly
changed performance profile.
[#14574](https://github.com/nodejs/node/pull/14574)
More detailed information on performance differences can be found at
https://medium.com/the-node-js-collection/get-ready-a-new-v8-is-coming-node-js-performance-is-changing-46a63d6da4de
Other notable changes:
* **DNS**
* Independent DNS resolver instances are supported now, with support for
cancelling the corresponding requests.
[#14518](https://github.com/nodejs/node/pull/14518)
* **N-API**
* Multiple N-API functions for error handling have been changed to support
assigning error codes.
[#13988](https://github.com/nodejs/node/pull/13988)
* **REPL**
* Autocompletion support for `require()` has been improved.
[#14409](https://github.com/nodejs/node/pull/14409)
* **Utilities**
* The WHATWG Encoding Standard (`TextDecoder` and `TextEncoder`) has
been implemented as an experimental feature.
[#13644](https://github.com/nodejs/node/pull/13644)
* **Added new collaborators**
* [XadillaX](https://github.com/XadillaX) – Khaidi Chu
* [gabrielschulhof](https://github.com/gabrielschulhof) – Gabriel Schulhof
Conflicts:
src/node_version.h
|
|
Notable changes
* http: Writes no longer abort if the Socket is missing.
* process, async_hooks: Avoid problems when triggerAsyncId is undefined.
* zlib: Streams no longer attempt to process data when destroyed.
PR-URL: https://github.com/nodejs/node/pull/14399
|
|
Big thanks to @addaleax who prepared the vast majority of this release.
Notable changes:
* **Async Hooks**
* Multiple improvements to Promise support in `async_hooks` have been made.
* **Build**
* The compiler version requirement to build Node with GCC has been raised to
GCC 4.9.4.
[[`820b011ed6`](https://github.com/nodejs/node/commit/820b011ed6)]
[#13466](https://github.com/nodejs/node/pull/13466)
* **Cluster**
* Users now have more fine-grained control over the inspector port used by
individual cluster workers. Previously, cluster workers would simply
increment from the master's debug port.
[[`dfc46e262a`](https://github.com/nodejs/node/commit/dfc46e262a)]
[#14140](https://github.com/nodejs/node/pull/14140)
* **DNS**
* The server used for DNS queries can now use a custom port.
[[`ebe7bb29aa`](https://github.com/nodejs/node/commit/ebe7bb29aa)]
[#13723](https://github.com/nodejs/node/pull/13723)
* Support for `dns.resolveAny()` has been added.
[[`6e30e2558e`](https://github.com/nodejs/node/commit/6e30e2558e)]
[#13137](https://github.com/nodejs/node/pull/13137)
* **npm**
* The `npm` CLI has been updated to version 5.3.0. In particular, it now comes
with the `npx` binary, which is also shipped with Node.
[[`dc3f6b9ac1`](https://github.com/nodejs/node/commit/dc3f6b9ac1)]
[#14235](https://github.com/nodejs/node/pull/14235)
* `npm` Changelogs:
- [v5.0.4](https://github.com/npm/npm/releases/tag/v5.0.4)
- [v5.1.0](https://github.com/npm/npm/releases/tag/v5.1.0)
- [v5.2.0](https://github.com/npm/npm/releases/tag/v5.2.0)
- [v5.3.0](https://github.com/npm/npm/releases/tag/v5.3.0)
PR-URL: https://github.com/nodejs/node/pull/13744
|
|
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
Notable changes
* **build**:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
(Ali Ijaz Sheikh)
* **deps**:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks that
there is enough data for the required elements of an NAPTR record (2
int16, 3 bytes for string lengths) before processing a record. (David
Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/91
|
|
Notable changes
* **Stream**
Two regressions with the `stream` module have been fixed:
* The `finish` event will now always be emitted after the `error` event
if one is emitted:
[[`0a9e96e86c`](https://github.com/nodejs/node/commit/0a9e96e86c)]
[#13850](https://github.com/nodejs/node/pull/13850)
* In object mode, readable streams can now use `undefined` again.
[[`5840138e70`](https://github.com/nodejs/node/commit/5840138e70)]
[#13760](https://github.com/nodejs/node/pull/13760)
|
|
Release to fix broken `process.release` properties
Ref: https://github.com/nodejs/node/issues/13667
|
|
* **Child processes**
* `stdout` and `stderr` are now available on the error output of a
failed call to the `util.promisify()`ed version of
`child_process.exec`.
[[`d66d4fc94c`](https://github.com/nodejs/node/commit/d66d4fc94c)]
[#13388](https://github.com/nodejs/node/pull/13388)
* **HTTP**
* A regression that broke certain scenarios in which HTTP is used together
with the `cluster` module has been fixed.
[[`fff8a56d6f`](https://github.com/nodejs/node/commit/fff8a56d6f)]
[#13578](https://github.com/nodejs/node/pull/13578)
* **HTTPS**
* The `rejectUnauthorized` option now works properly for unix sockets.
[[`c4cbd99d37`](https://github.com/nodejs/node/commit/c4cbd99d37)]
[#13505](https://github.com/nodejs/node/pull/13505)
* **Readline**
* A change that broke `npm init` and other code which uses `readline`
multiple times on the same input stream is reverted.
[[`0df6c0b5f0`](https://github.com/nodejs/node/commit/0df6c0b5f0)]
[#13560](https://github.com/nodejs/node/pull/13560)
PR-URL: https://github.com/nodejs/node/pull/13598
|
|
* **Async Hooks**
* When one `Promise` leads to the creation of a new `Promise`, the parent
`Promise` will be identified as the trigger
[[`135f4e6643`](https://github.com/nodejs/node/commit/135f4e6643)]
[#13367](https://github.com/nodejs/node/pull/13367).
* **Dependencies**
* libuv has been updated to 1.12.0
[[`968596ec77`](https://github.com/nodejs/node/commit/968596ec77)]
[#13306](https://github.com/nodejs/node/pull/13306).
* npm has been updated to 5.0.3
[[`ffa7debd7a`](https://github.com/nodejs/node/commit/ffa7debd7a)]
[#13487](https://github.com/nodejs/node/pull/13487).
* **File system**
* The `fs.exists()` function now works correctly with `util.promisify()`
[[`6e0eccd7a1`](https://github.com/nodejs/node/commit/6e0eccd7a1)]
[#13316](https://github.com/nodejs/node/pull/13316).
* fs.Stats times are now also available as numbers
[[`c756efb25a`](https://github.com/nodejs/node/commit/c756efb25a)]
[#13173](https://github.com/nodejs/node/pull/13173).
* **Inspector**
* It is now possible to bind to a random port using `--inspect=0`
[[`cc6ec2fb27`](https://github.com/nodejs/node/commit/cc6ec2fb27)]
[#5025](https://github.com/nodejs/node/pull/5025).
* **Zlib**
* A regression in the Zlib module that made it impossible to properly
subclasses `zlib.Deflate` and other Zlib classes has been fixed.
[[`6aeb555cc4`](https://github.com/nodejs/node/commit/6aeb555cc4)]
[#13374](https://github.com/nodejs/node/pull/13374).
|
|
PR-URL: https://github.com/nodejs/node/pull/13313
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Fixes #13356
PR-URL: https://github.com/nodejs/node/pull/13360
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
* **Async Hooks**
* The `async_hooks` module has landed in core
[[`4a7233c178`](https://github.com/nodejs/node/commit/4a7233c178)]
[#12892](https://github.com/nodejs/node/pull/12892).
* **Buffer**
* Using the `--pending-deprecation` flag will cause Node.js to emit a
deprecation warning when using `new Buffer(num)` or `Buffer(num)`.
[[`d2d32ea5a2`](https://github.com/nodejs/node/commit/d2d32ea5a2)]
[#11968](https://github.com/nodejs/node/pull/11968).
* `new Buffer(num)` and `Buffer(num)` will zero-fill new `Buffer` instances
[[`7eb1b4658e`](https://github.com/nodejs/node/commit/7eb1b4658e)]
[#12141](https://github.com/nodejs/node/pull/12141).
* Many `Buffer` methods now accept `Uint8Array` as input
[[`beca3244e2`](https://github.com/nodejs/node/commit/beca3244e2)]
[#10236](https://github.com/nodejs/node/pull/10236).
* **Child Process**
* Argument and kill signal validations have been improved
[[`97a77288ce`](https://github.com/nodejs/node/commit/97a77288ce)]
[#12348](https://github.com/nodejs/node/pull/12348),
[[`d75fdd96aa`](https://github.com/nodejs/node/commit/d75fdd96aa)]
[#10423](https://github.com/nodejs/node/pull/10423).
* Child Process methods accept `Uint8Array` as input
[[`627ecee9ed`](https://github.com/nodejs/node/commit/627ecee9ed)]
[#10653](https://github.com/nodejs/node/pull/10653).
* **Console**
* Error events emitted when using `console` methods are now supressed.
[[`f18e08d820`](https://github.com/nodejs/node/commit/f18e08d820)]
[#9744](https://github.com/nodejs/node/pull/9744).
* **Dependencies**
* The npm client has been updated to 5.0.0
[[`3c3b36af0f`](https://github.com/nodejs/node/commit/3c3b36af0f)]
[#12936](https://github.com/nodejs/node/pull/12936).
* V8 has been updated to 5.8 with forward ABI stability to 6.0
[[`60d1aac8d2`](https://github.com/nodejs/node/commit/60d1aac8d2)]
[#12784](https://github.com/nodejs/node/pull/12784).
* **Domains**
* Native `Promise` instances are now `Domain` aware
[[`84dabe8373`](https://github.com/nodejs/node/commit/84dabe8373)]
[#12489](https://github.com/nodejs/node/pull/12489).
* **Errors**
* We have started assigning static error codes to errors generated by Node.js.
This has been done through multiple commits and is still a work in
progress.
* **File System**
* The utility class `fs.SyncWriteStream` has been deprecated
[[`7a55e34ef4`](https://github.com/nodejs/node/commit/7a55e34ef4)]
[#10467](https://github.com/nodejs/node/pull/10467).
* The deprecated `fs.read()` string interface has been removed
[[`3c2a9361ff`](https://github.com/nodejs/node/commit/3c2a9361ff)]
[#9683](https://github.com/nodejs/node/pull/9683).
* **HTTP**
* Improved support for userland implemented Agents
[[`90403dd1d0`](https://github.com/nodejs/node/commit/90403dd1d0)]
[#11567](https://github.com/nodejs/node/pull/11567).
* Outgoing Cookie headers are concatenated into a single string
[[`d3480776c7`](https://github.com/nodejs/node/commit/d3480776c7)]
[#11259](https://github.com/nodejs/node/pull/11259).
* The `httpResponse.writeHeader()` method has been deprecated
[[`fb71ba4921`](https://github.com/nodejs/node/commit/fb71ba4921)]
[#11355](https://github.com/nodejs/node/pull/11355).
* New methods for accessing HTTP headers have been added to `OutgoingMessage`
[[`3e6f1032a4`](https://github.com/nodejs/node/commit/3e6f1032a4)]
[#10805](https://github.com/nodejs/node/pull/10805).
* **Lib**
* All deprecation messages have been assigned static identifiers
[[`5de3cf099c`](https://github.com/nodejs/node/commit/5de3cf099c)]
[#10116](https://github.com/nodejs/node/pull/10116).
* The legacy `linkedlist` module has been removed
[[`84a23391f6`](https://github.com/nodejs/node/commit/84a23391f6)]
[#12113](https://github.com/nodejs/node/pull/12113).
* **N-API**
* Experimental support for the new N-API API has been added
[[`56e881d0b0`](https://github.com/nodejs/node/commit/56e881d0b0)]
[#11975](https://github.com/nodejs/node/pull/11975).
* **Process**
* Process warning output can be redirected to a file using the
`--redirect-warnings` command-line argument
[[`03e89b3ff2`](https://github.com/nodejs/node/commit/03e89b3ff2)]
[#10116](https://github.com/nodejs/node/pull/10116).
* Process warnings may now include additional detail
[[`dd20e68b0f`](https://github.com/nodejs/node/commit/dd20e68b0f)]
[#12725](https://github.com/nodejs/node/pull/12725).
* **REPL**
* REPL magic mode has been deprecated
[[`3f27f02da0`](https://github.com/nodejs/node/commit/3f27f02da0)]
[#11599](https://github.com/nodejs/node/pull/11599).
* **Src**
* `NODE_MODULE_VERSION` has been updated to 57
(https://github.com/nodejs/node/commit/ec7cbaf266)]
[#12995](https://github.com/nodejs/node/pull/12995).
* Add `--pending-deprecation` command-line argument and
`NODE_PENDING_DEPRECATION` environment variable
[[`a16b570f8c`](https://github.com/nodejs/node/commit/a16b570f8c)]
[#11968](https://github.com/nodejs/node/pull/11968).
* The `--debug` command-line argument has been deprecated. Note that
using `--debug` will enable the *new* Inspector-based debug protocol
as the legacy Debugger protocol previously used by Node.js has been
removed. [[`010f864426`](https://github.com/nodejs/node/commit/010f864426)]
[#12949](https://github.com/nodejs/node/pull/12949).
* Throw when the `-c` and `-e` command-line arguments are used at the same
time [[`a5f91ab230`](https://github.com/nodejs/node/commit/a5f91ab230)]
[#11689](https://github.com/nodejs/node/pull/11689).
* Throw when the `--use-bundled-ca` and `--use-openssl-ca` command-line
arguments are used at the same time.
[[`8a7db9d4b5`](https://github.com/nodejs/node/commit/8a7db9d4b5)]
[#12087](https://github.com/nodejs/node/pull/12087).
* **Stream**
* `Stream` now supports `destroy()` and `_destroy()` APIs
[[`b6e1d22fa6`](https://github.com/nodejs/node/commit/b6e1d22fa6)]
[#12925](https://github.com/nodejs/node/pull/12925).
* `Stream` now supports the `_final()` API
[[`07c7f198db`](https://github.com/nodejs/node/commit/07c7f198db)]
[#12828](https://github.com/nodejs/node/pull/12828).
* **TLS**
* The `rejectUnauthorized` option now defaults to `true`
[[`348cc80a3c`](https://github.com/nodejs/node/commit/348cc80a3c)]
[#5923](https://github.com/nodejs/node/pull/5923).
* The `tls.createSecurePair()` API now emits a runtime deprecation
[[`a2ae08999b`](https://github.com/nodejs/node/commit/a2ae08999b)]
[#11349](https://github.com/nodejs/node/pull/11349).
* A runtime deprecation will now be emitted when `dhparam` is less than
2048 bits [[`d523eb9c40`](https://github.com/nodejs/node/commit/d523eb9c40)]
[#11447](https://github.com/nodejs/node/pull/11447).
* **URL**
* The WHATWG URL implementation is now a fully-supported Node.js API
[[`d080ead0f9`](https://github.com/nodejs/node/commit/d080ead0f9)]
[#12710](https://github.com/nodejs/node/pull/12710).
* **Util**
* `Symbol` keys are now displayed by default when using `util.inspect()`
[[`5bfd13b81e`](https://github.com/nodejs/node/commit/5bfd13b81e)]
[#9726](https://github.com/nodejs/node/pull/9726).
* `toJSON` errors will be thrown when formatting `%j`
[[`455e6f1dd8`](https://github.com/nodejs/node/commit/455e6f1dd8)]
[#11708](https://github.com/nodejs/node/pull/11708).
* Convert `inspect.styles` and `inspect.colors` to prototype-less objects
[[`aab0d202f8`](https://github.com/nodejs/node/commit/aab0d202f8)]
[#11624](https://github.com/nodejs/node/pull/11624).
* The new `util.promisify()` API has been added
[[`99da8e8e02`](https://github.com/nodejs/node/commit/99da8e8e02)]
[#12442](https://github.com/nodejs/node/pull/12442).
* **Zlib**
* Support `Uint8Array` in Zlib convenience methods
[[`91383e47fd`](https://github.com/nodejs/node/commit/91383e47fd)]
[#12001](https://github.com/nodejs/node/pull/12001).
* Zlib errors now use `RangeError` and `TypeError` consistently
[[`b514bd231e`](https://github.com/nodejs/node/commit/b514bd231e)]
[#11391](https://github.com/nodejs/node/pull/11391).
|
