| Age | Commit message (Collapse) | Author |
|---|
|
Notable Changes:
* cli:
- add --max-http-header-size flag (cjihrig)
https://github.com/nodejs/node/pull/24811
* crypto:
- always accept certificates as public keys (Tobias Nießen)
https://github.com/nodejs/node/pull/24234
- add key object API (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234)
- update root certificates (Sam Roberts)
https://github.com/nodejs/node/pull/25113
* deps:
- upgrade to libuv 1.24.1 (cjihrig)
https://github.com/nodejs/node/pull/25078
- upgrade npm to 6.5.0 (Audrey Eschright)
https://github.com/nodejs/node/pull/24734
* http:
- add maxHeaderSize property (cjihrig)
https://github.com/nodejs/node/pull/24860
PR-URL: https://github.com/nodejs/node/pull/25175
|
|
The 10.14.0 security release introduced some unexpected breakages on
the 10.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.
Notable Changes:
* cli:
- add --max-http-header-size flag (cjihrig)
https://github.com/nodejs/node/pull/24811
* http:
- add maxHeaderSize property (cjihrig)
https://github.com/nodejs/node/pull/24860
PR-URL: https://github.com/nodejs/node/pull/25176
|
|
The 8.14.0 security release introduced some unexpected breakages on
the 8.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.
Notable changes:
* cli:
- add --max-http-header-size flag (cjihrig)
https://github.com/nodejs/node/pull/24811
* http:
- add maxHeaderSize property (cjihrig)
https://github.com/nodejs/node/pull/24860
PR-URL: https://github.com/nodejs/node/pull/25177
|
|
The 6.15.0 security release introduced some unexpected breakages on
the 6.x release line. This is a special release to fix a regression
in the HTTP binary upgrade response body and add a missing CLI flag
to adjust the max header size of the http parser.
Notable changes:
* cli:
- add --max-http-header-size flag (cjihrig)
https://github.com/nodejs/node/pull/24811
* http:
- add maxHeaderSize property (cjihrig)
https://github.com/nodejs/node/pull/24860
PR-URL: https://github.com/nodejs/node/pull/25178
|
|
PR-URL: https://github.com/nodejs/node/pull/25216
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24234
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
This commit makes multiple important changes:
1. A new key object API is introduced. The KeyObject class itself is
not exposed to users, instead, several new APIs can be used to
construct key objects: createSecretKey, createPrivateKey and
createPublicKey. The new API also allows to convert between
different key formats, and even though the API itself is not
compatible to the WebCrypto standard in any way, it makes
interoperability much simpler.
2. Key objects can be used instead of the raw key material in all
relevant crypto APIs.
3. The handling of asymmetric keys has been unified and greatly
improved. Node.js now fully supports both PEM-encoded and
DER-encoded public and private keys.
4. Conversions between buffers and strings have been moved to native
code for sensitive data such as symmetric keys due to security
considerations such as zeroing temporary buffers.
5. For compatibility with older versions of the crypto API, this
change allows to specify Buffers and strings as the "passphrase"
option when reading or writing an encoded key. Note that this
can result in unexpected behavior if the password contains a
null byte.
PR-URL: https://github.com/nodejs/node/pull/24234
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/25113
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
|
|
This commit exposes the value of --max-http-header-size
as a property of the http module.
PR-URL: https://github.com/nodejs/node/pull/24860
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Allow the maximum size of HTTP headers to be overridden from
the command line.
co-authored-by: Matteo Collina <hello@matteocollina.com>
PR-URL: https://github.com/nodejs/node/pull/24811
Fixes: https://github.com/nodejs/node/issues/24692
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
|
|
Originally from portions of https://github.com/nodejs/node/pull/23319/.
PR-URL: https://github.com/nodejs/node/pull/24861
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
|
|
This is necessary to distinguish them from other data types.
PR-URL: https://github.com/nodejs/node/pull/25046
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
|
|
Notable changes:
* **tls**:
* support "BEGIN TRUSTED CERTIFICATE" for ca: (Sam Roberts)
[#24733](https://github.com/nodejs/node/pull/24733)
* **util**:
* add inspection getter option (Ruben Bridgewater)
[#24852](https://github.com/nodejs/node/pull/24852)
PR-URL: https://github.com/nodejs/node/pull/25102
|
|
Notable changes:
* **assert**:
- revert breaking change (Ruben Bridgewater)
[#24786](https://github.com/nodejs/node/pull/24786)
* **http2**:
- fix sequence of error/close events (Gerhard Stoebich)
[#24789](https://github.com/nodejs/node/pull/24789)
PR-URL: https://github.com/nodejs/node/pull/24832
|
|
PR-URL: https://github.com/nodejs/node/pull/25091
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
This activates the eslint capitalize comment rule for comments
above 50 characters.
PR-URL: https://github.com/nodejs/node/pull/24996
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Add an `inspectOptions` option to the `console` constructor. That
way it's possible to define all inspection defaults for each
`console` instance instead of relying on the `inspect()` defaults.
PR-URL: https://github.com/nodejs/node/pull/24978
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
|
|
This commit enables ESLint's no-useless-constructor rule. Note
that the documentation examples that only include constructor
calls were left in tact.
PR-URL: https://github.com/nodejs/node/pull/25055
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
For consistency with the API docs, switch the order of
--http-parser and --force-fips in node.1.
PR-URL: https://github.com/nodejs/node/pull/25045
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/25058
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
Most people are going to use the existing option and switching the
name now comes with a cost which does not seem to justify the
improvement.
PR-URL: https://github.com/nodejs/node/pull/24982
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24969
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
|
|
The onboarding docs still contained an outdated description of the
`author-ready` label. Now it references the main description to
prevent any future conflicts.
PR-URL: https://github.com/nodejs/node/pull/25015
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
|
Currently it is not possible to inspect getters. To prevent any side
effects this should not become a default but under lots of
circumstances it would still be useful to inspect getters. This way
it is possible to actively opt into inspecting those.
PR-URL: https://github.com/nodejs/node/pull/24852
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
Support the same PEM certificate formats for the ca: option to
tls.createSecureContext() that are supported by openssl when loading a
CAfile.
Fixes: https://github.com/nodejs/node/issues/24761
PR-URL: https://github.com/nodejs/node/pull/24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
|
|
TLS client authentication should be tested, including failure scenarios.
PR-URL: https://github.com/nodejs/node/pull/24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
|
|
Add documentation about Worker class inherits from EventEmitter.
PR-URL: https://github.com/nodejs/node/pull/24849
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
Notable changes:
* deps:
* upgrade to c-ares v1.15.0 (Ben Noordhuis)
https://github.com/nodejs/node/pull/23854
* Windows:
* A crashing process will now show the names of stack frames if the node.pdb
file is available. (Refael Ackermann)
https://github.com/nodejs/node/pull/23822
* Added new collaborators:
* Peter Marshall. https://github.com/nodejs/node/pull/24170
* Masashi Hirano. https://github.com/nodejs/node/pull/24136
PR-URL: https://github.com/nodejs/node/pull/24727
|
|
This deprecation applies to undocumented, rather useless
Windows Performance Counter support.
PR-URL: https://github.com/nodejs/node/pull/24862
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
This adds the `capitalized-comments` eslint rule to verify that
actual sentences use capital letters as starting letters. It ignores
special words and all lines below 62 characters.
PR-URL: https://github.com/nodejs/node/pull/24808
Reviewed-By: Sam Ruby <rubys@intertwingly.net>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
|
|
Refs: https://github.com/nodejs/node/pull/24739
Fixes: https://github.com/nodejs/node/issues/24730
PR-URL: https://github.com/nodejs/node/pull/24870
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
For new Agent() signature in http doc, list the supported options in
socket.connect().
Refs: https://github.com/nodejs/node/issues/24098
PR-URL: https://github.com/nodejs/node/pull/24846
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24779
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
Notable Changes:
* console,util:
* `console` functions now handle symbols as defined in the spec.
https://github.com/nodejs/node/pull/23708
* The inspection `depth` default is now back at 2.
https://github.com/nodejs/node/pull/24326
* dgram,net:
* Added ipv6Only option for `net` and `dgram`.
https://github.com/nodejs/node/pull/23798
* http:
* Chosing between the http parser is now possible per runtime flag.
https://github.com/nodejs/node/pull/24739
* readline:
* The `readline` module now supports async iterators.
https://github.com/nodejs/node/pull/23916
* repl:
* The multiline history feature is removed.
https://github.com/nodejs/node/pull/24804
* tls:
* Added min/max protocol version options.
https://github.com/nodejs/node/pull/24405
* The X.509 public key info now includes the RSA bit size and the
elliptic curve. https://github.com/nodejs/node/pull/24358
* url:
* `pathToFileURL()` now supports LF, CR and TAB.
https://github.com/nodejs/node/pull/23720
* Windows:
* Tools are not installed using Boxstarter anymore.
https://github.com/nodejs/node/pull/24677
* The install-tools scripts or now included in the dist.
https://github.com/nodejs/node/pull/24233
* Added new collaborator:
* [antsmartian](https://github.com/antsmartian) - Anto Aravinth.
https://github.com/nodejs/node/pull/24655
PR-URL: https://github.com/nodejs/node/pull/24854
|
|
Add a `--http-parser=llhttp` vs `--http-parser=traditional`
command line switch, to make testing and comparing the new
llhttp-based implementation easier.
PR-URL: https://github.com/nodejs/node/pull/24739
Refs: https://github.com/nodejs/node/issues/24730
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
|
|
This was missed when reverting a former commit. To make sure the
history is kept in place, this just adds a new entry to state the
revert.
PR-URL: https://github.com/nodejs/node/pull/24805
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24847
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
This pull request adds the request psuedo headers authority
and scheme to the http2 documentation
PR-URL: https://github.com/nodejs/node/pull/24777
Fixes: https://github.com/nodejs/node/issues/23825
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24755
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
Add a section on triaging commits and PRs to land in releases.
PR-URL: https://github.com/nodejs/node/pull/20165
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
|
|
The only known condition where we could not provide appropriate
stdio streams so far were non-console Windows applications.
Since this issue has come up a few times in our issue tracker now,
switch to providing dummy streams for these cases instead.
If there are other valid cases in which `uv_guess_handle` fails,
and where there is a more sensible way to provide stdio,
we’ll probably still find out because the streams don’t work
properly either way.
Refs: https://github.com/nodejs/help/issues/1251
PR-URL: https://github.com/nodejs/node/pull/20640
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
The examples show `process.stdout.fd` as a means to use synchronous
writes in async_hooks context. However this is an undocumented field,
so showcase a file write example instead.
Fixes: https://github.com/nodejs/node/issues/22873
PR-URL: https://github.com/nodejs/node/pull/24741
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24812
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Fill in correct pr-url: value in the YAML changelog that was missing
from f512f5ea. The stanza was also sorted in the wrong order, most
recent is supposed to be in the beginning of the changes, not the end.
PR-URL: https://github.com/nodejs/node/pull/24759
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Notable Changes:
This is a patch release to address a bad backport of the fix for "Slowloris
HTTP Denial of Service" (CVE-2018-12122). Node.js 6.15.0 misapplies the headers
timeout to an entire keep-alive HTTP session, resulting in prematurely
disconnected sockets.
PR-URL: https://github.com/nodejs/node/pull/24803
Refs: https://github.com/nodejs/node/pull/24796
Refs: https://github.com/nodejs/node/issues/24760
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
The `util.format()` behavior changed recently. Add the changes entry
to document the new BigInt behavior.
PR-URL: https://github.com/nodejs/node/pull/24758
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
The `console` functions rely on the `util.format()` behavior. It
did not follow the whatwg spec when it comes to symbols in combination
with the %d, %i and %f format specifiers. Using a symbol argument in
combination with one of these specifiers resulted in an error instead
of returning `'NaN'`. This is now fixed by this patch.
PR-URL: https://github.com/nodejs/node/pull/23708
Refs: https://console.spec.whatwg.org/#formatter
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
|
|
Add an error code property to invalid `secureProtocol` method
exceptions.
PR-URL: https://github.com/nodejs/node/pull/24729
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
document that incoming cookie headers are joined using '; '.
PR-URL: https://github.com/nodejs/node/pull/24740
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
|
On Windows creating a symlink to a directory will not work unless extra
'dir' parameter is passed. This adds a check if link target is a
directory, and if so automatically use 'dir' when creating symlink.
PR-URL: https://github.com/nodejs/node/pull/23724
Refs: https://github.com/nodejs/node/pull/23691
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
