Age | Commit message (Collapse) | Author |
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)
Notable Changes:
* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/156/
|
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)
Notable Changes:
* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/155/
|
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* Node.js: HTTP request splitting (CVE-2018-12116)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407)
Notable Changes:
* deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
* Two-byte characters are now strictly disallowed for the `path` option in
HTTP client requests. Paths containing characters outside of the range
`\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior
can be reverted if necessary by supplying the
`--security-revert=CVE-2018-12116` command line argument (this is not
recommended). Reported as security concern for Node.js 6 and 8 by
Arkadiy Tetelman (lob.com), fixed by backporting a change by Benno
Fünfstück applied to Node.js 10 and later.
(CVE-2018-12116 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/154
|
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Debugger port 5858 listens on any interface by default
(CVE-2018-12120)
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* Node.js: HTTP request splitting (CVE-2018-12116)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407)
Notable Changes:
* debugger: Backport of https://github.com/nodejs/node/pull/8106 to
prevent the debugger from listening on `0.0.0.0`. It now defaults to
`127.0.0.1`. Reported by Ben Noordhuis. (CVE-2018-12120 / Ben Noordhuis).
* deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
(CVE-2018-12122 / Matteo Collina)
* Two-byte characters are now strictly disallowed for the `path` option in
HTTP client requests. Paths containing characters outside of the range
`\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior
can be reverted if necessary by supplying the
`--security-revert=CVE-2018-12116` command line argument (this is not
recommended). Reported as security concern for Node.js 6 and 8 by
Arkadiy Tetelman (lob.com), fixed by backporting a change by Benno
Fünfstück applied to Node.js 10 and later.
(CVE-2018-12116 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing
URLs with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/153
|
|
CVE-2018-12122
An attacker can send a char/s within headers and exahust the resources
(file descriptors) of a system even with a tight max header length
protection. This PR destroys a socket if it has not received the headers
in 40s.
PR-URL: https://github.com/nodejs-private/node-private/pull/144
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Make it more explicit that symlinks are resolved in `__filename`.
Refs: https://github.com/nodejs/node/issues/22602#issuecomment-440906602
PR-URL: https://github.com/nodejs/node/pull/24587
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24606
Reviewed-By: Ron Korving <ron@ronkorving.nl>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24611
Reviewed-By: Ron Korving <ron@ronkorving.nl>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24617
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24590
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24627
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Ouyang Yadong <oyydoibh@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24628
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
This was missed when the function was added. As it
is experimental in the code it should also be
experimental in the docs.
Fixes: https://github.com/nodejs/node/issues/24509
PR-URL: https://github.com/nodejs/node/pull/24572
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
The existing secureProtocol option only allows setting the allowed
protocol to a specific version, or setting it to "all supported
versions". It also used obscure strings based on OpenSSL C API
functions. Directly setting the min or max is easier to use and explain.
PR-URL: https://github.com/nodejs/node/pull/24405
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
|
|
For TCP servers, the dual-stack support is enable by default, i.e.
binding host "::" will also make "0.0.0.0" bound. This commit add
ipv6Only option in `net.Server.listen()` and `dgram.createSocket()`
methods which allows to disable dual-stack support. Support for
cluster module is also provided in this commit.
Fixes: https://github.com/nodejs/node/issues/17664
PR-URL: https://github.com/nodejs/node/pull/23798
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Change doc-only deprecation for _headers and _headerNames accessors to a
runtime deprecation.
PR-URL: https://github.com/nodejs/node/pull/24167
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
|
|
Refs: https://github.com/nodejs/node/pull/22255
PR-URL: https://github.com/nodejs/node/pull/24561
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/23933
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
This commit adds the missing environment variable
NODE_DEBUG_NATIVE to the CLI API docs.
PR-URL: https://github.com/nodejs/node/pull/24383
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ouyang Yadong <oyydoibh@gmail.com>
Reviewed-By: Weijia Wang <starkwang@126.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
|
|
This commit adds the missing environment variables
NODE_DEBUG_NATIVE, NODE_PRESERVE_SYMLINKS,
NODE_TLS_REJECT_UNAUTHORIZED, NODE_V8_COVERAGE, and
UV_THREADPOOL_SIZE to the man page.
PR-URL: https://github.com/nodejs/node/pull/24383
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ouyang Yadong <oyydoibh@gmail.com>
Reviewed-By: Weijia Wang <starkwang@126.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
|
|
Co-authored-by: Ivan Filenko <ivan.filenko@protonmail.com>
Fixes: https://github.com/nodejs/node/issues/18603
Refs: https://github.com/nodejs/node/pull/18904
PR-URL: https://github.com/nodejs/node/pull/23916
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
|
|
Improve markup and return value description.
PR-URL: https://github.com/nodejs/node/pull/24533
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
For symmetricality with the EC public key info, and because its useful.
PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
|
|
X.509 certs are provided to the user in a parsed object form by a number
of TLS APIs. Include public key info for elliptic curves as well, not
just RSA.
- pubkey: the public key
- bits: the strength of the curve
- asn1Curve: the ASN.1 OID for the curve
- nistCurve: the NIST nickname for the curve, if it has one
PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
|
|
PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
|
|
Notable changes:
* **assert**:
- backport some assert commits (Ruben Bridgewater)
[#23223](https://github.com/nodejs/node/pull/23223)
* **deps**:
- upgrade to libuv 1.23.2 (cjihrig)
[#23336](https://github.com/nodejs/node/pull/23336)
- V8: cherry-pick 64-bit hash seed commits (Yang Guo)
[#23274](https://github.com/nodejs/node/pull/23274)
* **http**:
- added aborted property to request (Robert Nagy)
[#20094](https://github.com/nodejs/node/pull/20094)
* **http2**:
- graduate from experimental (James M Snell)
[#22466](https://github.com/nodejs/node/pull/22466)
PR-URL: https://github.com/nodejs/node/pull/23974
|
|
PR-URL: https://github.com/nodejs/node/pull/24404
Fixes: https://github.com/nodejs/node/issues/23846
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
|
|
Add missing docs for filehandle.write(string[, position[, encoding]])
In the fs.promises API.
Fixes: https://github.com/nodejs/node/issues/20406
PR-URL: https://github.com/nodejs/node/pull/23224
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
|
|
Cross-reference the secureProtocol docs and the CLI docs for --tls-v1.0
and --tls-v1.1 and describe relationship. Make clear that --tls-v1.0
enables TLSv1.0 and TLSv1.1.
PR-URL: https://github.com/nodejs/node/pull/24386
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
|
|
Minor formatting adjustments to two changelog files in preparation for a
markdown lint rule.
PR-URL: https://github.com/nodejs/node/pull/24391
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
|
|
Updated Cipher and Decipher examples to not use deprecated
`crypto.createCipher` and `crypto.createDecipher` in examples and
instead use `createCipheriv` and `createDecipheriv`.
Fixes: https://github.com/nodejs/node/issues/24046
PR-URL: https://github.com/nodejs/node/pull/24107
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24458
Refs: https://github.com/nodejs/node/pull/23329
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Split the Node.js ECMAScript API (N-EAPI?) into its own header and
implementation files. The motivation is that the ECMAScript API stand
on its own so it might be embedded separately, implementation and all.
Portions of the implementation used by both files are stored in
`node_api_impl.h`.
The checked boxes below indicate that the given API remains in
`node_api.h`, whereas the lack of a checkbox indicates that the API was
moved to `node_ecma_api.h`.
* [x] NAPI_MODULE
* [x] NAPI_MODULE_INIT
* [x] napi_acquire_threadsafe_function
* [x] napi_add_env_cleanup_hook
* [x] napi_async_destroy
* [x] napi_async_init
* [x] napi_call_threadsafe_function
* [x] napi_cancel_async_work
* [x] napi_close_callback_scope
* [x] napi_create_async_work
* [x] napi_create_buffer
* [x] napi_create_buffer_copy
* [x] napi_create_external_buffer
* [x] napi_create_threadsafe_function
* [x] napi_delete_async_work
* [x] napi_fatal_error
* [x] napi_fatal_exception
* [x] napi_get_buffer_info
* [x] napi_get_node_version
* [x] napi_get_threadsafe_function_context
* [x] napi_get_uv_event_loop
* [x] napi_is_buffer
* [x] napi_make_callback
* [x] napi_module_register
* [x] napi_open_callback_scope
* [x] napi_queue_async_work
* [x] napi_ref_threadsafe_function
* [x] napi_release_threadsafe_function
* [x] napi_remove_env_cleanup_hook
* [x] napi_unref_threadsafe_function
* [ ] napi_add_finalizer
* [ ] napi_adjust_external_memory
* [ ] napi_call_function
* [ ] napi_close_escapable_handle_scope
* [ ] napi_close_handle_scope
* [ ] napi_coerce_to_bool
* [ ] napi_coerce_to_number
* [ ] napi_coerce_to_object
* [ ] napi_coerce_to_string
* [ ] napi_create_array
* [ ] napi_create_arraybuffer
* [ ] napi_create_array_with_length
* [ ] napi_create_bigint_int64
* [ ] napi_create_bigint_uint64
* [ ] napi_create_bigint_words
* [ ] napi_create_dataview
* [ ] napi_create_double
* [ ] napi_create_error
* [ ] napi_create_external
* [ ] napi_create_external_arraybuffer
* [ ] napi_create_function
* [ ] napi_create_int32
* [ ] napi_create_int64
* [ ] napi_create_object
* [ ] napi_create_promise
* [ ] napi_create_range_error
* [ ] napi_create_reference
* [ ] napi_create_string_latin1
* [ ] napi_create_string_utf16
* [ ] napi_create_string_utf8
* [ ] napi_create_symbol
* [ ] napi_create_typedarray
* [ ] napi_create_type_error
* [ ] napi_create_uint32
* [ ] napi_define_class
* [ ] napi_define_properties
* [ ] napi_delete_element
* [ ] napi_delete_property
* [ ] napi_delete_reference
* [ ] napi_escape_handle
* [ ] napi_get_and_clear_last_exception
* [ ] napi_get_arraybuffer_info
* [ ] napi_get_array_length
* [ ] napi_get_boolean
* [ ] napi_get_cb_info
* [ ] napi_get_dataview_info
* [ ] napi_get_element
* [ ] napi_get_global
* [ ] napi_get_last_error_info
* [ ] napi_get_named_property
* [ ] napi_get_new_target
* [ ] napi_get_null
* [ ] napi_get_property
* [ ] napi_get_property_names
* [ ] napi_get_prototype
* [ ] napi_get_reference_value
* [ ] napi_get_typedarray_info
* [ ] napi_get_undefined
* [ ] napi_get_value_bigint_int64
* [ ] napi_get_value_bigint_uint64
* [ ] napi_get_value_bigint_words
* [ ] napi_get_value_bool
* [ ] napi_get_value_double
* [ ] napi_get_value_external
* [ ] napi_get_value_int32
* [ ] napi_get_value_int64
* [ ] napi_get_value_string_latin1
* [ ] napi_get_value_string_utf16
* [ ] napi_get_value_string_utf8
* [ ] napi_get_value_uint32
* [ ] napi_get_version
* [ ] napi_has_element
* [ ] napi_has_named_property
* [ ] napi_has_own_property
* [ ] napi_has_property
* [ ] napi_instanceof
* [ ] napi_is_array
* [ ] napi_is_arraybuffer
* [ ] napi_is_dataview
* [ ] napi_is_error
* [ ] napi_is_exception_pending
* [ ] napi_is_promise
* [ ] napi_is_typedarray
* [ ] napi_new_instance
* [ ] napi_open_escapable_handle_scope
* [ ] napi_open_handle_scope
* [ ] napi_reference_ref
* [ ] napi_reference_unref
* [ ] napi_reject_deferred
* [ ] napi_remove_wrap
* [ ] napi_resolve_deferred
* [ ] napi_run_script
* [ ] napi_set_element
* [ ] napi_set_named_property
* [ ] napi_set_property
* [ ] napi_strict_equals
* [ ] napi_throw
* [ ] napi_throw_error
* [ ] napi_throw_range_error
* [ ] napi_throw_type_error
* [ ] napi_typeof
* [ ] napi_unwrap
* [ ] napi_wrap
PR-URL: https://github.com/nodejs/node/pull/23786
Reviewed-By: Yazhong Liu <yorkiefixer@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
|
|
- reduces page margins
- removes emphasis from links
- hides expandable history items
- removes horizontal scrollbar from bottom of print output
- reduce stability rectangle sizes
- shrink headlines slightly
- hide ToC (as it's unclickable when printed)
Ref: https://thomashunter.name/nodejs-documentation-pdf
PR-URL: https://github.com/nodejs/node/pull/24325
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Bryan English <bryan@bryanenglish.com>
|
|
One of the comments we got at the N-API workshop
at NodeConfEU was that we should have a better link to
node-addon-api and the docs in the main API docs for
N-API. The goal being to help people find node-addon-api
and potentially start with the node-addon-api docs
instead if they are using C++.
This expands and strengthens the link along with a
recommendation that starting with the node-addon-api
docs might make sense.
PR-URL: https://github.com/nodejs/node/pull/24371
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
|
|
Notable changes:
* deps:
* A new experimental HTTP parser (`llhttp`) is now supported.
https://github.com/nodejs/node/pull/24059
* timers:
* Fixed an issue that could cause setTimeout to stop working as
expected. https://github.com/nodejs/node/pull/24322
* Windows
* A crashing process will now show the names of stack frames if the
node.pdb file is available.
https://github.com/nodejs/node/pull/23822
* Continued effort to improve the installer's new stage that installs
native build tools.
https://github.com/nodejs/node/pull/23987,
https://github.com/nodejs/node/pull/24348
* child_process:
* On Windows the `windowsHide` option default was restored to
`false`. This means `detached` child processes and GUI apps will
once again start in a new window.
https://github.com/nodejs/node/pull/24034
* Added new collaborators:
* [oyyd](https://github.com/oyyd) - Ouyang Yadong.
https://github.com/nodejs/node/pull/24300
* [psmarshall](https://github.com/psmarshall) - Peter Marshall.
https://github.com/nodejs/node/pull/24170
* [shisama](https://github.com/shisama) - Masashi Hirano.
https://github.com/nodejs/node/pull/24136
PR-URL: https://github.com/nodejs/node/pull/24350
|
|
Setting the TLS ServerName to an IP address is not permitted by
RFC6066. This will be ignored in a future version.
Refs: https://github.com/nodejs/node/pull/18127
PR-URL: https://github.com/nodejs/node/pull/23329
Fixes: https://github.com/nodejs/node/issues/18071
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
|
|
This reverts commit ac7450a09a4c167cd43c14d7c88721d22f077529.
This fully reverts the changes to util.inspect depth.
It has caused breakage in logging to existing apps, and even
something as simple as `console.log(require)` will cause >1m freezes.
I've heard nothing but negative feedback (seriously not a single
person has expressed anything positive about this change) and
personally i find this change extremely annoying.
PR-URL: https://github.com/nodejs/node/pull/24326
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: John-David Dalton <john.david.dalton@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24319
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
Use the same property name as http2 does to indicate that
the stream is in the state before the `ready` event is emitted.
PR-URL: https://github.com/nodejs/node/pull/24067
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
This commit documents the NODE_TLS_REJECT_UNAUTHORIZED
environment variable so that the world can know how
potentially dangerous it is.
PR-URL: https://github.com/nodejs/node/pull/24289
Fixes: https://github.com/nodejs/node/issues/24284
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24357
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
Add an API to get the local certificate chosen during TLS handshake from
the SSL context.
Fix: https://github.com/nodejs/node/issues/24095
PR-URL: https://github.com/nodejs/node/pull/24261
Fixes: https://github.com/nodejs/node/issues/24095
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
|
|
This reverts commit 420d8afe3db22ad703e74892f58f9e32d34ff699.
PR-URL: https://github.com/nodejs/node/pull/24034
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24232
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Refs: https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
PR-URL: https://github.com/nodejs/node/pull/23814
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24331
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
|
|
Adjust to work with self-signed certificates, and certificates that do
not name "localhost" as their host name.
Removed duplicate examples, they differed only by using `pfx`. Its not
necessary to show every option, and we don't, and the example wouldn't
work with most pfx anyway, since it didn't specify a password.
PR-URL: https://github.com/nodejs/node/pull/24235
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
|
|
Was missed on original PR.
Ref: https://github.com/nodejs/node/pull/23767
PR-URL: https://github.com/nodejs/node/pull/24240
Refs: https://github.com/nodejs/node/pull/23767
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24301
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|