OpenSSL 3 deprecated support for custom engines with a recommendation
to switch to its new provider model.
PR-URL: https://github.com/nodejs/node/pull/53329
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Despite the `http.Agent` stating:
> The default `http.globalAgent` that is used by `http.request()` has
> all of these values set to their respective defaults.
this isn't true anymore since node.js 19. Both, the http as well as the
https `globalAgent` now set `{ keepAlive: true, scheduling: 'lifo',
timeout: 5000 }` as options. `'lifo'` is the default anyway, but
`keepAlive` is turned off and no `timeout` is set on `new Agent()`.
Document the diverging behaviour in the `globalAgent` sections, remove
the false statement from `http.Agent` section, and extend the changelog
to call out the timeout change as well.
PR-URL: https://github.com/nodejs/node/pull/52392
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
PR-URL: https://github.com/nodejs/node/pull/48692
Fixes: https://github.com/nodejs/node/issues/48688
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/46184
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
console.error is more suitable than console.log for error case.
PR-URL: https://github.com/nodejs/node/pull/45606
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Kohei Ueno <kohei.ueno119@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
PR-URL: https://github.com/nodejs/node/pull/42974
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Some core modules can be loaded with or without the `node:` prefix.
Using the prefix disambiguates which specifiers refer to core modules.
This commit updates the docs to use the prefix everywhere a core module
is referenced.
PR-URL: https://github.com/nodejs/node/pull/42752
Fixes: https://github.com/nodejs/node/issues/38343
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Akhil Marsonya <akhil.marsonya27@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
PR-URL: https://github.com/nodejs/node/pull/40403
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Main changes:
- Replace current HTML anchor generation to match
header anchor generation in Github markdown.
- Remove unnecessary double namespacing on generated anchors/links (E.G.
`esm.md#loaders` instead of `esm.md#esm_loaders`).
- Anchors/links are automatically prefixed with their respective modules
when concatenated for usage in `all.html`.
Benefits:
- All anchor links within and between markdown API docs actually work.
- Adding new anchor links no longer requires contributors to generate
the HTML docs first to look up the correct anchors.
- Anchors are much shorter.
- All previous anchor links are preserved by generating hidden legacy
anchors.
PR-URL: https://github.com/nodejs/node/pull/39304
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This change properly decodes the url.username and url.password for
the authorization header constructed from the URL object for
http(s) requests.
Fixes: https://github.com/nodejs/node/issues/31439
PR-URL: https://github.com/nodejs/node/pull/39310
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Add missing topic about what https.request() returns.
PR-URL: https://github.com/nodejs/node/pull/36370
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Pooja D P <Pooja.D.P@ibm.com>
remark-parse@9.0.0 combined with our html.js tool ends a list if a
multi-line item does not include indentation. Update our docs for this
formatting.
I looked around for a lint rule to enforce this but didn't find one
readily available. (Happy to be shown that I'm wrong about that!) We may
need to write one.
PR-URL: https://github.com/nodejs/node/pull/36049
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
This helps catch broken links as part of the test suite. This also
improves the user experience when browsing the markdown files.
PR-URL: https://github.com/nodejs/node/pull/35191
Fixes: https://github.com/nodejs/node/issues/35189
Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This is a security release.
Notable changes:
Vulnerabilities fixed:
- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due
to unfinished HTTP/1.1 requests (Critical).
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
(High).
PR-URL: https://github.com/nodejs-private/node-private/pull/225
This commits introduces a new http.Server option called requestTimeout
with a default value in milliseconds of 0.
If requestTimeout is set to a positive value, the server will start a new
timer set to expire in requestTimeout milliseconds when a new connection
is established. The timer is also set again if new requests after the
first are received on the socket (this handles pipelining and keep-alive
cases).
The timer is cancelled when:
1. the request body is completely received by the server.
2. the response is completed. This handles the case where the
application responds to the client without consuming the request body.
3. the connection is upgraded, like in the WebSocket case.
If the timer expires, then the server responds with status code 408 and
closes the connection.
CVE-2020-8251
PR-URL: https://github.com/nodejs-private/node-private/pull/208
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Co-Authored-By: Paolo Insogna <paolo@cowtech.it>
Co-Authored-By: Robert Nagy <ronagy@icloud.com>
Our docs use a mixture of _Constructor: `new Fhqwhgads()`_ in some
headers and only _`new Fhqwhgads()`_ in other headers. The latter is
about three times as common, so let's standardize on that.
PR-URL: https://github.com/nodejs/node/pull/33781
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
When cherry-picking release commits for LTS releases into master,
the `REPLACEME` metadata can be taken over as well, to give users
a more accurate view of what is being released on which release line.
This addresses this problem for all previous LTS releases for which
this has not been done.
Fixes: https://github.com/nodejs/node/issues/33001
PR-URL: https://github.com/nodejs/node/pull/33041
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/31793
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Our docs have a mix of "hostname" and "host name" in prose.
Let's follow the usage of Unix man pages, RFCs, and most
professionally-edited sources, and use "host name" in prose and
"hostname" to refer to the command and in code.
Lint rule forthcoming.
PR-URL: https://github.com/nodejs/node/pull/31326
Refs: https://github.com/nodejs/node/pull/31073
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
The keylog event is implemented on TLS sockets, but client HTTPS uses
TLS sockets managed by an agent, so accessing the underlying socket
before the TLS handshake completed was not possible. Note that server
HTTPS already supports the keylog event because it inherits from the TLS
server.
PR-URL: https://github.com/nodejs/node/pull/30053
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Convert to asterisks when there are mixed styles in document.
Addresses Markdownlint MD004 rule
PR-URL: https://github.com/nodejs/node/pull/29516
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
These are rendered as single breaks.
Addresses Markdownlint MD012 rule.
PR-URL: https://github.com/nodejs/node/pull/29352
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/29256
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
