Commit graph

54 commits

Author SHA1 Message Date
Rich Trott
86099a375a tools: avoid unnecessary escaping in markdown formatter
Update mdast-util-to-markdown to 1.2.4 which reduces unnecessary
escaping of `_` and some other characters. Re-run markdown formatter.

PR-URL: https://github.com/nodejs/node/pull/40645
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2021-10-31 09:36:05 -07:00
Beth Griggs
d6c3a10757
2021-10-19, Version 17.0.0 (Current)
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [https://github.com/nodejs/node/pull/36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [https://github.com/nodejs/node/pull/40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [https://github.com/nodejs/node/pull/40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support.

While OpenSSL 3.0 APIs should be mostly compatible with those provided
by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to
tightened restrictions on the allowed algorithms and key sizes.

If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with
Node.js 17, it’s likely that your application or a module you’re using
is attempting to use an algorithm or key size which is no longer allowed
by default with OpenSSL 3.0. A command-line option,
`--openssl-legacy-provider`, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [https://github.com/nodejs/node/pull/38512]

Contributed in https://github.com/nodejs/node/pull/38512, https://github.com/nodejs/node/pull/40478

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [https://github.com/nodejs/node/pull/40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [https://github.com/nodejs/node/pull/39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [https://github.com/nodejs/node/pull/38332]
- deps: upgrade npm to 8.1.0
  (npm team) [https://github.com/nodejs/node/pull/40463]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [https://github.com/nodejs/node/pull/39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [https://github.com/nodejs/node/pull/39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [https://github.com/nodejs/node/pull/39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [https://github.com/nodejs/node/pull/39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [https://github.com/nodejs/node/pull/38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [https://github.com/nodejs/node/pull/38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [https://github.com/nodejs/node/pull/40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [https://github.com/nodejs/node/pull/38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [https://github.com/nodejs/node/pull/39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [https://github.com/nodejs/node/pull/39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [https://github.com/nodejs/node/pull/40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [https://github.com/nodejs/node/pull/38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [https://github.com/nodejs/node/pull/38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [https://github.com/nodejs/node/pull/38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [https://github.com/nodejs/node/pull/39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [https://github.com/nodejs/node/pull/39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [https://github.com/nodejs/node/pull/40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [https://github.com/nodejs/node/pull/40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [https://github.com/nodejs/node/pull/37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [https://github.com/nodejs/node/pull/39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [https://github.com/nodejs/node/pull/38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [https://github.com/nodejs/node/pull/38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [https://github.com/nodejs/node/pull/39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [https://github.com/nodejs/node/pull/39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [https://github.com/nodejs/node/pull/39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [https://github.com/nodejs/node/pull/39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [https://github.com/nodejs/node/pull/39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [https://github.com/nodejs/node/pull/39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [https://github.com/nodejs/node/pull/39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [https://github.com/nodejs/node/pull/39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [https://github.com/nodejs/node/pull/34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [https://github.com/nodejs/node/pull/38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [https://github.com/nodejs/node/pull/39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [https://github.com/nodejs/node/pull/38631]

PR-URL: https://github.com/nodejs/node/pull/40119
2021-10-19 16:12:20 +01:00
Rich Trott
40db88b7b5 doc: format changelogs
Use the format-md task to format changelogs.

PR-URL: https://github.com/nodejs/node/pull/40388
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
2021-10-11 17:45:09 +00:00
Rich Trott
0991dfcece doc: add blank line between comments
Upcoming remark-based formatting/linting will add a blank line between
comments in markdown. This is in preparation for that change.

PR-URL: https://github.com/nodejs/node/pull/40160
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2021-09-21 18:40:04 -07:00
Beth Griggs
8780537564
2021-04-20, Version 16.0.0 (Current)
Notable changes:

Deprecations and Removals:

- **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37216]
- **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37302]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('http_parser') (James M Snell) [https://github.com/nodejs/node/pull/37813]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('url') (James M Snell) [https://github.com/nodejs/node/pull/37799]
- **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only
  type checkers (Anna Henningsen) [https://github.com/nodejs/node/pull/37819]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('crypto') (James M Snell) [https://github.com/nodejs/node/pull/37790]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('signal_wrap') (James M Snell) [https://github.com/nodejs/node/pull/37800]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('v8') (James M Snell) [https://github.com/nodejs/node/pull/37789]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('async_wrap') (James M Snell) [https://github.com/nodejs/node/pull/37576]
- **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37201]
- **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder
  mappings (Antoine du Hamel) [https://github.com/nodejs/node/pull/37215]
- **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and
  extension lookups (Antoine du Hamel) [https://github.com/nodejs/node/pull/37206]
- **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json
  main entries (Antoine du Hamel) [https://github.com/nodejs/node/pull/37204]
- **(SEMVER-MAJOR)** **process**: runtime deprecate changing
  process.config (James M Snell) [https://github.com/nodejs/node/pull/36902]

Stable Timers Promises API:

The Timers Promises API provides an alternative set of timer functions
that return Promise objects. Added in Node.js v15.0.0, in this release
they graduate from experimental status to stable.

Contributed by James Snell - [https://github.com/nodejs/node/pull/38112]

Toolchain and Compiler Upgrades:

Node.js v16.0.0 will be the first release where we ship prebuilt
binaries for Apple Silicon. While we’ll be providing separate tarballs
for the Intel (`darwin-x64`) and ARM (`darwin-arm64`) architectures the
macOS installer (`.pkg`) will be shipped as a ‘fat’ (multi-architecture)
binary.

- **(SEMVER-MAJOR)** **build**: remove support for Python 2 (Christian
  Clauss) [https://github.com/nodejs/node/pull/36691]
- **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37764]
- **build**: update Makefile to support fat binary (Ash Cripps)
  [https://github.com/nodejs/node/pull/37861]
- **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy)
  [https://github.com/nodejs/node/pull/35704]
- **build**: warn for gcc versions earlier than 8.3.0 (Richard Lau)
  [https://github.com/nodejs/node/pull/37935]
- **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37872]
- **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37871]
- **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [https://github.com/nodejs/node/pull/37677]
- **tools**: set arch in Distribution.xml (Ash Cripps)
  [https://github.com/nodejs/node/pull/38261]

V8 9.0:

The V8 JavaScript engine is updated to V8 9.0, including performance
tweaks and improvements.

This update also brings the ECMAScript RegExp Match Indices, which
provide the start and end indices of the captured string. The indices
array is available via the `.indices` property on match objects when the
regular expression has the `/d` flag.

Contributed by Michaël Zasso - [https://github.com/nodejs/node/pull/37587]

Other Notable Changes:

- **(SEMVER-MINOR)** **assert**: graduate assert.match and
  assert.doesNotMatch (James M Snell) [https://github.com/nodejs/node/pull/38111]
- **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals
  (James M Snell) [https://github.com/nodejs/node/pull/37786]
- **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37330]
- **deps**: update ICU to 69.1 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/38178]
- **deps**: update llhttp to 6.0.0 (Fedor Indutny)
  [https://github.com/nodejs/node/pull/38277]
- **deps**: upgrade npm to 7.10.0 (Ruy Adorno)
  [https://github.com/nodejs/node/pull/38254]
- **(SEMVER-MINOR)** **http**: add http.ClientRequest.getRawHeaderNames()
  (simov) [https://github.com/nodejs/node/pull/37660]
- **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent
  (Michael Dawson) [https://github.com/nodejs/node/pull/36478]
- **(SEMVER-MINOR)** **module**: add support for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [https://github.com/nodejs/node/pull/37246]
- **(SEMVER-MINOR)** **perf_hooks**: add histogram option to timerify
  (James M Snell) [https://github.com/nodejs/node/pull/37475]
- **(SEMVER-MINOR)** **repl**: add auto‑completion for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [https://github.com/nodejs/node/pull/37246]
- **(SEMVER-MINOR)** **util**: add getSystemErrorMap() impl
  (eladkeyshawn) [https://github.com/nodejs/node/pull/38101]

Semver-Major Commits:

- **(SEMVER-MAJOR)** **async_hooks**: add thisArg to AsyncResource.bind
  (James M Snell) [https://github.com/nodejs/node/pull/36782]
- **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals
  (James M Snell) [https://github.com/nodejs/node/pull/37786]
- **(SEMVER-MAJOR)** **build**: remove support for Python 2
  (Christian Clauss) [https://github.com/nodejs/node/pull/36691]
- **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37764]
- **(SEMVER-MAJOR)** **build**: update Makefile to support fat binary
  (Ash Cripps) [https://github.com/nodejs/node/pull/37861]
- **(SEMVER-MAJOR)** **build**: include minimal V8 headers in
  distribution (Michaël Zasso) [https://github.com/nodejs/node/pull/37570]
- **(SEMVER-MAJOR)** **build**: use C++11 ABI with libstdc++
  (Anna Henningsen) [https://github.com/nodejs/node/pull/36634]
- **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy)
  [https://github.com/nodejs/node/pull/35704]
- **(SEMVER-MAJOR)** **deps**: update V8 to 9.0.257.11 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/37587]
- **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37330]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.9.255.19 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/37330]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.8.278.17 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/36139]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.7.220 (Michaël Zasso)
  [https://github.com/nodejs/node/pull/35700]
- **(SEMVER-MAJOR)** **dns**: use url module instead of punycode for
  IDNA (Antoine du Hamel) [https://github.com/nodejs/node/pull/35091]
- **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37872]
- **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3
  (Michaël Zasso) [https://github.com/nodejs/node/pull/37871]
- **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [https://github.com/nodejs/node/pull/37677]
- **(SEMVER-MAJOR)** **doc**: add http.IncomingMessage#connection
  (Pranshu Srivastava) [https://github.com/nodejs/node/pull/33768]
- **(SEMVER-MAJOR)** **events**: change EventTarget handler exception
  behavior (Nitzan Uziely) [https://github.com/nodejs/node/pull/37237]
- **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37216]
- **(SEMVER-MAJOR)** **fs**: add validation for fd and path
  (Dylan Elliott) [https://github.com/nodejs/node/pull/35187]
- **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37302]
- **(SEMVER-MAJOR)** **fs**: fix flag and mode validation
  (James M Snell) [https://github.com/nodejs/node/pull/37480]
- **(SEMVER-MAJOR)** **http**: use objects with null prototype in Agent
  (Michaël Zasso) [https://github.com/nodejs/node/pull/36409]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('http_parser') (James M Snell)
  [https://github.com/nodejs/node/pull/37813]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('url') (James M Snell)
  [https://github.com/nodejs/node/pull/37799]
- **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only
  type checkers (Anna Henningsen) [https://github.com/nodejs/node/pull/37819]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('crypto') (James M Snell) [https://github.com/nodejs/node/pull/37790]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('signal_wrap') (James M Snell) [https://github.com/nodejs/node/pull/37800]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('v8') (James M Snell) [https://github.com/nodejs/node/pull/37789]
- **(SEMVER-MAJOR)** **lib**: aggregate errors to avoid error swallowing
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37460]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('async_wrap') (James M Snell) [https://github.com/nodejs/node/pull/37576]
- **(SEMVER-MAJOR)** **lib**: remove usage of url.parse
  (raisinten) [https://github.com/nodejs/node/pull/36853]
- **(SEMVER-MAJOR)** **lib**: add error handling for input stream
  (rexagod) [https://github.com/nodejs/node/pull/31603]
- **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent
  (Michael Dawson) [https://github.com/nodejs/node/pull/36478]
- **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder
  mappings (Antoine du Hamel) [https://github.com/nodejs/node/pull/37215]
- **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and
  extension lookups (Antoine du Hamel) [https://github.com/nodejs/node/pull/37206]
- **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json
  main entries (Antoine du Hamel) [https://github.com/nodejs/node/pull/37204]
- **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath
  (Antoine du Hamel) [https://github.com/nodejs/node/pull/37201]
- **(SEMVER-MAJOR)** **module**: only set cache when finding module
  succeeds (Yongsheng Zhang) [https://github.com/nodejs/node/pull/36642]
- **(SEMVER-MAJOR)** **perf_hooks**: make performance a global (James M
  Snell) [https://github.com/nodejs/node/pull/37970]
- **(SEMVER-MAJOR)** **perf_hooks**: complete overhaul of the
  implementation (James M Snell) [https://github.com/nodejs/node/pull/37136]
- **(SEMVER-MAJOR)** **process**: disallow adding options to
  process.allowedNodeEnvironmentFlags (Antoine du Hamel)
  [https://github.com/nodejs/node/pull/36660]
- **(SEMVER-MAJOR)** **process**: runtime deprecate changing
  process.config (James M Snell) [https://github.com/nodejs/node/pull/36902]
- **(SEMVER-MAJOR)** **readline**: cursorTo throw error on NaN
  (Zijian Liu) [https://github.com/nodejs/node/pull/36379]
- **(SEMVER-MAJOR)** **src**: mark internally exported functions as
  explicitly internal (Tyler Ang-Wanek) [https://github.com/nodejs/node/pull/37000]
- **(SEMVER-MAJOR)** **src**: inline AsyncCleanupHookHandle in headers
  (Tyler Ang-Wanek) [https://github.com/nodejs/node/pull/37000]
- **(SEMVER-MAJOR)** **src**: clean up embedder API (Anna Henningsen)
  [https://github.com/nodejs/node/pull/35897]
- **(SEMVER-MAJOR)** **worker**: send correct error status for worker
  init (Yash Ladha) [https://github.com/nodejs/node/pull/36242]

PR-URL: https://github.com/nodejs/node/pull/37678
2021-04-20 16:48:35 +01:00
Beth Griggs
57613f8c56
2020-10-20, Version 15.0.0 (Current)
Notable changes:

Deprecations and Removals:

- **build**: remove --build-v8-with-gn configure option (Yang Guo)
(https://github.com/nodejs/node/pull/27576)
- **build**: drop support for VS2017 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33694)
- **doc**: move DEP0018 to End-of-Life (Rich Trott)
(https://github.com/nodejs/node/pull/35316)
- **fs**: deprecation warning on recursive rmdir (Ian Sutherland)
(https://github.com/nodejs/node/pull/35562)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **net**: remove long deprecated server.connections property (James M
Snell) (https://github.com/nodejs/node/pull/33647)
- **repl**: remove deprecated repl.memory function (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.turnOffEditorMode() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.parseREPLKeyword() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated bufferedCommand property (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated .rli (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **src**: remove deprecated node debug command (James M Snell)
(https://github.com/nodejs/node/pull/33648)
- **timers**: introduce timers/promises (James M Snell)
(https://github.com/nodejs/node/pull/33950)
- **util**: change default value of `maxStringLength` to 10000
(unknown) (https://github.com/nodejs/node/pull/32744)
- **wasi**: drop --experimental-wasm-bigint requirement (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)

npm 7 (https://github.com/nodejs/node/pull/35631):

Node.js 15 comes with a new major release of npm, npm 7. npm 7 comes
with many new features - including npm workspaces and a new
package-lock.json format. npm 7 also includes yarn.lock file support.
One of the big changes in npm 7 is that peer dependencies are now
installed by default.

Throw On Unhandled Rejections
(https://github.com/nodejs/node/pull/33021):

As of Node.js 15, the default mode for `unhandledRejection` is changed
to `throw` (from `warn`). In `throw` mode, if an `unhandledRejection`
hook is not set, the `unhandledRejection` is raised as an uncaught
exception. Users that have an `unhandledRejection` hook should see no
change in behavior, and it’s still possible to switch modes using the
`--unhandled-rejections=mode` process flag.

QUIC (https://github.com/nodejs/node/pull/32379):

Node.js 15 comes with experimental support QUIC, which can be enabled
by compiling Node.js with the `--experimental-quic` configuration flag.
The Node.js QUIC implementation is exposed by the core `net` module.

V8 8.6 (https://github.com/nodejs/node/pull/35415):

The V8 JavaScript engine has been updated to V8 8.6 (V8 8.4 is the
latest available in Node.js 14). Along with performance tweaks and
improvements the V8 update also brings the following language features:
* `Promise.any()` (from V8 8.5)
* `AggregateError` (from V8 8.5)
* `String.prototype.replaceAll()` (from V8 8.5)
* Logical assignment operators `&&=`, `||=`, and `??=` (from V8 8.5)

Other Notable Changes:

- **assert**: add `assert/strict` alias module (ExE Boss)
(https://github.com/nodejs/node/pull/34001)
- **dns**: add dns/promises alias (shisama)
(https://github.com/nodejs/node/pull/32953)
- **fs**: reimplement read and write streams using stream.construct
(Robert Nagy) (https://github.com/nodejs/node/pull/29656)
- **http2**: allow Host in HTTP/2 requests (Alba Mendez)
(https://github.com/nodejs/node/pull/34664)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **lib**: unflag AbortController (James M Snell)
(https://github.com/nodejs/node/pull/33527)
- **lib**: initial experimental AbortController implementation (James M
Snell) (https://github.com/nodejs/node/pull/33527)
- **net**: autoDestroy Socket (Robert Nagy)
(https://github.com/nodejs/node/pull/31806)
- **src**: disallow JS execution inside FreeEnvironment (Anna
Henningsen) (https://github.com/nodejs/node/pull/33874)
- **stream**: construct (Robert Nagy)
(https://github.com/nodejs/node/pull/29656)
- **worker**: make MessageEvent class more Web-compatible (Anna
Henningsen) (https://github.com/nodejs/node/pull/35496)

Semver-Major Commits:

- **assert**: add `assert/strict` alias module (ExE Boss)
(https://github.com/nodejs/node/pull/34001)
- **build**: reset embedder string to "-node.0" (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **build**: remove --build-v8-with-gn configure option (Yang Guo)
(https://github.com/nodejs/node/pull/27576)
- **build**: drop support for VS2017 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33694)
- **crypto**: refactoring internals, add WebCrypto (James M Snell)
(https://github.com/nodejs/node/pull/35093)
- **crypto**: move node\_crypto files to src/crypto (James M Snell)
(https://github.com/nodejs/node/pull/35093)
- **deps**: V8: cherry-pick d76abfed3512 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: V8: cherry-pick 717543bbf0ef (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: V8: cherry-pick 6be2f6e26e8d (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: fix V8 build issue with inline methods (Jiawen Geng)
(https://github.com/nodejs/node/pull/35415)
- **deps**: fix platform-embedded-file-writer-win for ARM64 (Michaël
Zasso) (https://github.com/nodejs/node/pull/35415)
- **deps**: update V8 postmortem metadata script (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)
- **deps**: update V8 to 8.6.395 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **deps**: upgrade npm to 7.0.0 (Myles Borins)
(https://github.com/nodejs/node/pull/35631)
- **deps**: update npm to 7.0.0-rc.3 (Myles Borins)
(https://github.com/nodejs/node/pull/35474)
- **deps**: V8: cherry-pick 0d6debcc5f08 (Gus Caplan)
(https://github.com/nodejs/node/pull/33600)
- **dns**: add dns/promises alias (shisama)
(https://github.com/nodejs/node/pull/32953)
- **doc**: move DEP0018 to End-of-Life (Rich Trott)
(https://github.com/nodejs/node/pull/35316)
- **doc**: update support macos version for 15.x (Ash Cripps)
(https://github.com/nodejs/node/pull/35022)
- **fs**: deprecation warning on recursive rmdir (Ian Sutherland)
(https://github.com/nodejs/node/pull/35562)
- **fs**: reimplement read and write streams using stream.construct
(Robert Nagy) (https://github.com/nodejs/node/pull/29656)
- **http**: fixed socket.setEncoding fatal error (iskore)
(https://github.com/nodejs/node/pull/33405)
- **http**: emit 'error' on aborted server request (Robert Nagy)
(https://github.com/nodejs/node/pull/33172)
- **http**: cleanup end argument handling (Robert Nagy)
(https://github.com/nodejs/node/pull/31818)
- **http2**: allow Host in HTTP/2 requests (Alba Mendez)
(https://github.com/nodejs/node/pull/34664)
- **http2**: add `invalidheaders` test (Pranshu Srivastava)
(https://github.com/nodejs/node/pull/33161)
- **http2**: refactor state code validation for the http2Stream class
(rickyes) (https://github.com/nodejs/node/pull/33535)
- **http2**: header field valid checks (Pranshu Srivastava)
(https://github.com/nodejs/node/pull/33193)
- **lib**: add EventTarget-related browser globals (Anna Henningsen)
(https://github.com/nodejs/node/pull/35496)
- **lib**: remove ERR\_INVALID\_OPT\_VALUE and
ERR\_INVALID\_OPT\_VALUE\_ENCODING (Denys Otrishko)
(https://github.com/nodejs/node/pull/34682)
- **lib**: handle one of args case in ERR\_MISSING\_ARGS (Denys
Otrishko) (https://github.com/nodejs/node/pull/34022)
- **lib**: remove NodeError from the prototype of errors with code
(Michaël Zasso) (https://github.com/nodejs/node/pull/33857)
- **lib**: unflag AbortController (James M Snell)
(https://github.com/nodejs/node/pull/33527)
- **lib**: initial experimental AbortController implementation (James M
Snell) (https://github.com/nodejs/node/pull/33527)
- **net**: check args in net.connect() and socket.connect() calls
(Denys Otrishko) (https://github.com/nodejs/node/pull/34022)
- **net**: remove long deprecated server.connections property (James M
Snell) (https://github.com/nodejs/node/pull/33647)
- **net**: autoDestroy Socket (Robert Nagy)
(https://github.com/nodejs/node/pull/31806)
- **process**: update v8 fast api calls usage (Maya Lekova)
(https://github.com/nodejs/node/pull/35415)
- **process**: change default --unhandled-rejections=throw (Dan
Fabulich) (https://github.com/nodejs/node/pull/33021)
- **process**: use v8 fast api calls for hrtime (Gus Caplan)
(https://github.com/nodejs/node/pull/33600)
- **process**: delay throwing an error using `throwDeprecation` (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/32312)
- **repl**: remove deprecated repl.memory function (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.turnOffEditorMode() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated repl.parseREPLKeyword() function (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated bufferedCommand property (Ruben
Bridgewater) (https://github.com/nodejs/node/pull/33286)
- **repl**: remove deprecated .rli (Ruben Bridgewater)
(https://github.com/nodejs/node/pull/33286)
- **src**: implement NodePlatform::PostJob (Clemens Backes)
(https://github.com/nodejs/node/pull/35415)
- **src**: update NODE\_MODULE\_VERSION to 88 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **src**: error reporting on CPUUsage (Yash Ladha)
(https://github.com/nodejs/node/pull/34762)
- **src**: use node:moduleName as builtin module filename (Michaël
Zasso) (https://github.com/nodejs/node/pull/35498)
- **src**: enable wasm trap handler on windows (Gus Caplan)
(https://github.com/nodejs/node/pull/35033)
- **src**: update NODE\_MODULE\_VERSION to 86 (Michaël Zasso)
(https://github.com/nodejs/node/pull/33579)
- **src**: disallow JS execution inside FreeEnvironment (Anna
Henningsen) (https://github.com/nodejs/node/pull/33874)
- **src**: remove \_third\_party\_main support (Anna Henningsen)
(https://github.com/nodejs/node/pull/33971)
- **src**: remove deprecated node debug command (James M Snell)
(https://github.com/nodejs/node/pull/33648)
- **src**: remove unused CancelPendingDelayedTasks (Anna Henningsen)
(https://github.com/nodejs/node/pull/32859)
- **stream**: try to wait for flush to complete before 'finish' (Robert
Nagy) (https://github.com/nodejs/node/pull/34314)
- **stream**: cleanup and fix Readable.wrap (Robert Nagy)
(https://github.com/nodejs/node/pull/34204)
- **stream**: add promises version to utility functions (rickyes)
(https://github.com/nodejs/node/pull/33991)
- **stream**: fix writable.end callback behavior (Robert Nagy)
(https://github.com/nodejs/node/pull/34101)
- **stream**: construct (Robert Nagy)
(https://github.com/nodejs/node/pull/29656)
- **stream**: write should throw on unknown encoding (Robert Nagy)
(https://github.com/nodejs/node/pull/33075)
- **stream**: fix \_final and 'prefinish' timing (Robert Nagy)
(https://github.com/nodejs/node/pull/32780)
- **stream**: simplify Transform stream implementation (Robert Nagy)
(https://github.com/nodejs/node/pull/32763)
- **stream**: use callback to properly propagate error (Robert Nagy)
(https://github.com/nodejs/node/pull/29179)
- **test**: update tests after increasing typed array size to 4GB
(Kim-Anh Tran) (https://github.com/nodejs/node/pull/35415)
- **test**: fix tests for npm 7.0.0 (Myles Borins)
(https://github.com/nodejs/node/pull/35631)
- **test**: fix test suite to work with npm 7 (Myles Borins)
(https://github.com/nodejs/node/pull/35474)
- **test**: update WPT harness and tests (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **timers**: introduce timers/promises (James M Snell)
(https://github.com/nodejs/node/pull/33950)
- **tools**: disable x86 safe exception handlers in V8 (Michaël Zasso)
(https://github.com/nodejs/node/pull/35415)
- **tools**: update V8 gypfiles for 8.6 (Ujjwal Sharma)
(https://github.com/nodejs/node/pull/35415)
- **tools**: update V8 gypfiles for 8.5 (Ujjwal Sharma)
(https://github.com/nodejs/node/pull/35415)
- **url**: file URL path normalization (Daijiro Wachi)
(https://github.com/nodejs/node/pull/35477)
- **url**: verify domain is not empty after "ToASCII" (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **url**: remove U+0000 case in the fragment state (Michaël Zasso)
(https://github.com/nodejs/node/pull/33770)
- **url**: remove gopher from special schemes (Michaël Zasso)
(https://github.com/nodejs/node/pull/33325)
- **url**: forbid lt and gt in url host code point (Yash Ladha)
(https://github.com/nodejs/node/pull/33328)
- **util**: change default value of `maxStringLength` to 10000
(unknown) (https://github.com/nodejs/node/pull/32744)
- **wasi**: drop --experimental-wasm-bigint requirement (Colin Ihrig)
(https://github.com/nodejs/node/pull/35415)
- **win, child_process**: sanitize env variables (Bartosz Sosnowski)
(https://github.com/nodejs/node/pull/35210)
- **worker**: make MessageEvent class more Web-compatible (Anna
Henningsen) (https://github.com/nodejs/node/pull/35496)
- **worker**: set trackUnmanagedFds to true by default (Anna
Henningsen) (https://github.com/nodejs/node/pull/34394)
- **worker**: rename error code to be more accurate (Anna Henningsen)
(https://github.com/nodejs/node/pull/33872)

PR-URL: https://github.com/nodejs/node/pull/35014
2020-10-20 15:42:45 +01:00
Nick Schonning
6fc17fbec9 doc: ignore no-literal-urls in changelogs
PR-URL: https://github.com/nodejs/node/pull/32676
Reviewed-By: Rich Trott <rtrott@gmail.com>
2020-04-23 21:48:20 -07:00
Beth Griggs
372c7cc3c2
2020-04-21, Version 14.0.0 (Current)
Deprecations:

- (SEMVER-MAJOR) crypto: move pbkdf2 without digest to EOL
  (James M Snell) [#31166](https://github.com/nodejs/node/pull/31166)
- (SEMVER-MAJOR) fs: deprecate closing FileHandle on garbage collection
  (James M Snell) [#28396](https://github.com/nodejs/node/pull/28396)
- (SEMVER-MAJOR) http: move OutboundMessage.prototype.flush to EOL
  (James M Snell) [#31164](https://github.com/nodejs/node/pull/31164)
- (SEMVER-MAJOR) lib: move GLOBAL and root aliases to EOL
  (James M Snell) [#31167](https://github.com/nodejs/node/pull/31167)
- (SEMVER-MAJOR) os: move tmpDir() to EOL
  (James M Snell)[#31169](https://github.com/nodejs/node/pull/31169)
- (SEMVER-MAJOR) src: remove deprecated wasm type check
  (Clemens Backes) [#32116](https://github.com/nodejs/node/pull/32116)
- (SEMVER-MAJOR) stream: move \_writableState.buffer to EOL
  (James M Snell) [#31165](https://github.com/nodejs/node/pull/31165)
- (SEMVER-MINOR) doc: deprecate process.mainModule
  (Antoine du HAMEL) [#32232](https://github.com/nodejs/node/pull/32232)
- (SEMVER-MINOR) doc: deprecate process.umask() with no arguments
  (Colin Ihrig) [#32499](https://github.com/nodejs/node/pull/32499)

ECMAScript Modules - Experimental Warning Removal:

- module: remove experimental modules warning
  (Guy Bedford) [#31974](https://github.com/nodejs/node/pull/31974)

In Node.js 13 we removed the need to include the --experimental-modules
flag, but when running EcmaScript Modules in Node.js, this would still
result in a warning ExperimentalWarning: The ESM module loader is
experimental.

As of Node.js 14 there is no longer this warning when using ESM in
Node.js. However, the ESM implementation in Node.js remains
experimental. As per our stability index: “The feature is not subject
to Semantic Versioning rules. Non-backward compatible changes or
removal may occur in any future release.” Users should be cautious when
using the feature in production environments.

Please keep in mind that the implementation of ESM in Node.js differs
from the developer experience you might be familiar with. Most
transpilation workflows support features such as optional file
extensions or JSON modules that the Node.js ESM implementation does not
support. It is highly likely that modules from transpiled environments
will require a certain degree of refactoring to work in Node.js. It is
worth mentioning that many of our design decisions were made with two
primary goals. Spec compliance and Web Compatibility. It is our belief
that the current implementation offers a future proof model to
authoring ESM modules that paves the path to Universal JavaScript.
Please read more in our documentation.

The ESM implementation in Node.js is still experimental but we do believe
that we are getting very close to being able to call ESM in Node.js
“stable”. Removing the warning is a huge step in that direction.

New V8 ArrayBuffer API:

* **src**: migrate to new V8 ArrayBuffer API
  (Thang Tran) [#30782](https://github.com/nodejs/node/pull/30782)

Multiple ArrayBuffers pointing to the same base address are no longer
allowed by V8. This may impact native addons.

Toolchain and Compiler Upgrades:

- (SEMVER-MAJOR) build: update macos deployment target to 10.13 for 14.x
  (AshCripps)[#32454](https://github.com/nodejs/node/pull/32454)
- (SEMVER-MAJOR) doc: update cross compiler machine for Linux armv7
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) doc: update Centos/RHEL releases use devtoolset-8
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) doc: remove SmartOS from official binaries
  (Richard Lau) [#32812](https://github.com/nodejs/node/pull/32812)
- (SEMVER-MAJOR) win: block running on EOL Windows versions
  (João Reis) [#31954](https://github.com/nodejs/node/pull/31954)

It is expected that there will be an ABI mismatch on ARM between the
Node.js binary and native addons. Native addons are only broken if they
interact with `std::shared_ptr`. This is expected to be fixed in a
later version of Node.js 14.
- [#30786](https://github.com/nodejs/node/issues/30786)

Update to V8 8.1:

- (SEMVER-MAJOR) deps: update V8 to 8.1.307.20
  (Matheus Marchini) [#32116](https://github.com/nodejs/node/pull/32116)

Other Notable Changes:

- cli, report: move --report-on-fatalerror to stable
  (Colin Ihrig) [#32496](https://github.com/nodejs/node/pull/32496)
- deps: upgrade to libuv 1.37.0
  (Colin Ihrig) [#32866](https://github.com/nodejs/node/pull/32866)
- fs: add fs/promises alias module
  (Gus Caplan) [#31553](https://github.com/nodejs/node/pull/31553)

PR-URL: https://github.com/nodejs/node/pull/32181
2020-04-21 15:50:14 +01:00
Beth Griggs
42bf0c8df2
2019-10-22, Version 13.0.0 (Current)
Notable changes:

* assert:
  * If the validation function passed to `assert.throws()` or
    `assert.rejects()` returns a value other than `true`, an assertion
    error will be thrown instead of the original error to highlight the
    programming mistake (Ruben Bridgewater).
    https://github.com/nodejs/node/pull/28263
  * If a constructor function is passed to validate the instance of
    errors thrown in `assert.throws()` or `assert.reject()`, an
    assertion error will be thrown instead of the original error
    (Ruben Bridgewater).
    https://github.com/nodejs/node/pull/28263
* build:
  * Node.js releases are now built with default full-icu support. This
    means that all locales supported by ICU are now included and
    Intl-related APIs may return different values than before
    (Richard Lau).
    https://github.com/nodejs/node/pull/29887
  * The minimum Xcode version supported for macOS was increased to 10.
    It is still possible to build Node.js with Xcode 8 but this may no
    longer be the case in a future v13.x release (Michael Dawson).
    https://github.com/nodejs/node/pull/29622
* child_process:
  * `ChildProcess._channel` (DEP0129) is now a Runtime deprecation
    (cjihrig).
    https://github.com/nodejs/node/pull/27949
* console:
  * The output `console.timeEnd()` and `console.timeLog()` will now
    automatically select a suitable time unit instead of always using
    milliseconds (Xavier Stouder).
    https://github.com/nodejs/node/pull/29251
* deps:
  * The V8 engine was updated to version 7.8. This includes performance
    improvements to object destructuring, memory usage and WebAssembly
    startup time (Myles Borins).
    https://github.com/nodejs/node/pull/29694)
* domain:
  * The domain's error handler is now executed with the active domain
    set to the domain's parent to prevent inner recursion
    (Julien Gilli).
    https://github.com/nodejs/node/pull/26211
* fs:
  * The undocumented method `FSWatcher.prototype.start()` was removed
    (Lucas Holmquist).
    https://github.com/nodejs/node/pull/29905
  * Calling the `open()` method on a `ReadStream` or `WriteStream` now
    emits a runtime deprecation warning. The methods are supposed to be
    internal and should not be called by user code (Robert Nagy).
    https://github.com/nodejs/node/pull/29061
  * `fs.read/write`, `fs.readSync/writeSync` and `fd.read/write` now
    accept any safe integer as their `offset` parameter. The value of
    `offset` is also no longer coerced, so a valid type must be passed
    to the functions (Zach Bjornson).
    https://github.com/nodejs/node/pull/26572
* http:
  * Aborted requests no longer emit the `end` or `error` events after
    `aborted` (Robert Nagy).
    https://github.com/nodejs/node/pull/27984
    https://github.com/nodejs/node/pull/20077
  * Data will no longer be emitted after a socket error (Robert Nagy).
    https://github.com/nodejs/node/pull/28711
  * The legacy HTTP parser (previously available under the
    `--http-parser=legacy` flag) was removed (Anna Henningsen).
    https://github.com/nodejs/node/pull/29589
  * The `host` option for HTTP requests is now validated to be a string
    value (Giorgos Ntemiris).
    https://github.com/nodejs/node/pull/29568
  * The `request.connection` and `response.connection` properties are now
    runtime deprecated. The equivalent `request.socket` and `response.socket`
    should be used instead (Robert Nagy).
    https://github.com/nodejs/node/pull/29015
* http, http2:
  * The default server timeout was removed (Ali Ijaz Sheikh).
    https://github.com/nodejs/node/pull/27558
  * Brought 425 status code name into accordance with RFC 8470. The name
    changed from "Unordered Collection" to "Too Early" (Sergei Osipov).
    https://github.com/nodejs/node/pull/29880
* lib:
  * The `error.errno` property will now always be a number. To get the
    string value, use `error.code` instead (Joyee Cheung).
    https://github.com/nodejs/node/pull/28140
* module:
  * `module.createRequireFromPath()` is deprecated. Use
    `module.createRequire()` instead (cjihrig).
    https://github.com/nodejs/node/pull/27951
* src:
  * Changing the value of `process.env.TZ` will now clear the tz cache.
    This affects the default time zone used by methods such as
    `Date.prototype.toString` (Ben Noordhuis).
    https://github.com/nodejs/node/pull/20026
* stream:
  * The timing and behavior of streams was consolidated for a number of
    edge cases. Please look at the individual commits below for more
    information.

PR-URL: https://github.com/nodejs/node/pull/29504
2019-10-22 17:12:12 +01:00
XhmikosR
f81bef5398 doc: fix 404 links
For `www.cve.mitre.org` they don't seem to redirect www to naked.

PR-URL: https://github.com/nodejs/node/pull/29661
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-09-26 22:32:46 -07:00
Nick Schonning
e2dcbf1c32 doc: use consistent unordered list style
Convert to asterisks when there are mixed styles in document.
Addresses Markdownlint MD004 rule

PR-URL: https://github.com/nodejs/node/pull/29516
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2019-09-16 11:24:54 -07:00
Nick Schonning
c929b15d1d doc: space around lists
Address markdownlint rule MD032.
Flagged a few mixed list styles.

PR-URL: https://github.com/nodejs/node/pull/29467
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2019-09-09 16:45:24 -07:00
Nick Schonning
27a57d3a34 doc: start unorded lists at start of line
Address Markdownlint MD006 rule.
Can flag when list items aren't indented far enough.

PR-URL: https://github.com/nodejs/node/pull/29390
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-09-03 20:55:39 -07:00
Nick Schonning
61d973affb doc: escape elements swallowed as HTML in markdown
Addresses Markdownlint MD033 issues.
Altering changlog should usually be avoided, but they don't render
currently.

PR-URL: https://github.com/nodejs/node/pull/29374
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2019-09-02 07:46:45 +02:00
Nick Schonning
9a46cfc337 doc: remove multiple consecutive blank lines
These are rendered as single breaks.
Addresses Markdownlint MD012 rule.

PR-URL: https://github.com/nodejs/node/pull/29352
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2019-08-31 15:27:58 -07:00
Nick Schonning
1d5186e657 doc: inconsistent indentation for list items
Items at same level should have consistent indentation level.
Addresses Markdownlint MD005 errors.

PR-URL: https://github.com/nodejs/node/pull/29330
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-28 22:48:12 -07:00
Beth Griggs
d896f03578
2019-04-23, Version 12.0.0 (Current)
Notable changes:

* assert:
    * validate required arguments (Ruben Bridgewater)
      [#26641](https://github.com/nodejs/node/pull/26641)
    * adjust loose assertions (Ruben Bridgewater)
      [#25008](https://github.com/nodejs/node/pull/25008)
* async_hooks:
    * remove deprecated `emitBefore` and `emitAfter` (Matteo Collina)
      [#26530](https://github.com/nodejs/node/pull/26530)
    * remove promise object from resource (Andreas Madsen)
      [#23443](https://github.com/nodejs/node/pull/23443)
* bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater)
      [#24874](https://github.com/nodejs/node/pull/24874)
* buffer:
    * use stricter range checks (Ruben Bridgewater)
      [#27045](https://github.com/nodejs/node/pull/27045)
    * harden `SlowBuffer` creation (ZYSzys)
      [#26272](https://github.com/nodejs/node/pull/26272)
    * harden validation of buffer allocation size (ZYSzys)
      [#26162](https://github.com/nodejs/node/pull/26162)
    * do proper error propagation in addon methods (Anna Henningsen)
      [#23939](https://github.com/nodejs/node/pull/23939)
* child_process:
    * remove `options.customFds` (cjihrig)
      [#25279](https://github.com/nodejs/node/pull/25279)
    * harden fork arguments validation (ZYSzys)
      [#27039](https://github.com/nodejs/node/pull/27039)
    * use non-infinite `maxBuffer` defaults (kohta ito)
      [#23027](https://github.com/nodejs/node/pull/23027)
* console:
    * don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
* crypto:
    * remove legacy native handles (Tobias Nießen)
      [#27011](https://github.com/nodejs/node/pull/27011)
    * decode missing passphrase errors (Tobias Nießen)
      [#25208](https://github.com/nodejs/node/pull/25208)
    * remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()`
      (Tobias Nießen)
      [#26249](https://github.com/nodejs/node/pull/26249)
    * remove deprecated `crypto._toBuf()` (Tobias Nießen)
      [#25338](https://github.com/nodejs/node/pull/25338)
    * set `DEFAULT\_ENCODING` property to non-enumerable
      (Antoine du Hamel)
      [#23222](https://github.com/nodejs/node/pull/23222)
* deps:
    * update V8 to 7.4.288.13
    (Michaël Zasso, cjihrig, Refael Ackermann)
    (Anna Henningsen, Ujjwal Sharma)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * bump minimum icu version to 63 (Ujjwal Sharma)
      [#25852](https://github.com/nodejs/node/pull/25852)
    * update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu)
      [#26327](https://github.com/nodejs/node/pull/26327)
* errors:
    * update error name (Ruben Bridgewater)
      [#26738](https://github.com/nodejs/node/pull/26738)
* fs:
    * use proper .destroy() implementation for SyncWriteStream
      (Matteo Collina)
      [#26690](https://github.com/nodejs/node/pull/26690)
    * improve mode validation (Ruben Bridgewater)
      [#26575](https://github.com/nodejs/node/pull/26575)
    * harden validation of start option in `createWriteStream()`
      (ZYSzys)
      [#25579](https://github.com/nodejs/node/pull/25579)
    * make writeFile consistent with readFile wrt fd
      (Sakthipriyan Vairamani (thefourtheye))
      [#23709](https://github.com/nodejs/node/pull/23709)
* http:
    * validate timeout in `ClientRequest()` (cjihrig)
      [#26214](https://github.com/nodejs/node/pull/26214)
    * return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still)
      [#25605](https://github.com/nodejs/node/pull/25605)
    * switch default parser to llhttp (Anna Henningsen)
      [#24870](https://github.com/nodejs/node/pull/24870)
    * Runtime-deprecate `outgoingMessage._headers` and
      `outgoingMessage._headerNames` (Morgan Roderick)
      [#24167](https://github.com/nodejs/node/pull/24167)
* lib:
    * remove `Atomics.wake()` (Gus Caplan)
      [#27033](https://github.com/nodejs/node/pull/27033)
    * move DTRACE\_\* probes out of global scope (James M Snell)
      [#26541](https://github.com/nodejs/node/pull/26541)
    * deprecate `_stream_wrap` (Sam Roberts)
      [#26245](https://github.com/nodejs/node/pull/26245)
    * use ES6 class inheritance style (Ruben Bridgewater)
      [#24755](https://github.com/nodejs/node/pull/24755)
* module:
    * remove unintended access to deps/ (Anna Henningsen)
      [#25138](https://github.com/nodejs/node/pull/25138)
    * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](https://github.com/nodejs/node/pull/25690)
    * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](https://github.com/nodejs/node/pull/25690)
    * remove dead code (Ruben Bridgewater)
      [#26983](https://github.com/nodejs/node/pull/26983)
    * make `require('.')` never resolve outside the current directory
      (Ruben Bridgewater)
      [#26973](https://github.com/nodejs/node/pull/26973)
    * throw an error for invalid package.json main entries
      (Ruben Bridgewater)
      [#26823](https://github.com/nodejs/node/pull/26823)
    * don't search in `require.resolve.paths` (cjihrig)
      [#23683](https://github.com/nodejs/node/pull/23683)
* net:
    * remove `Server.listenFD()` (cjihrig)
      [#27127](https://github.com/nodejs/node/pull/27127)
    * do not add `.host` and `.port` properties to DNS error
      (Ruben Bridgewater)
      [#26751](https://github.com/nodejs/node/pull/26751)
    * emit "write after end" errors in the next tick (Ouyang Yadong)
      [#24457](https://github.com/nodejs/node/pull/24457)
    * deprecate `_setSimultaneousAccepts()` undocumented function
      (James M Snell)
      [#23760](https://github.com/nodejs/node/pull/23760)
* os:
    * implement `os.type()` using `uv_os_uname()` (cjihrig)
      [#25659](https://github.com/nodejs/node/pull/25659)
    * remove `os.getNetworkInterfaces()` (cjihrig)
      [#25280](https://github.com/nodejs/node/pull/25280)
* process:
    * make global.process, global.Buffer getters (Guy Bedford)
      [#26882](https://github.com/nodejs/node/pull/26882)
    * move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
      [#25828](https://github.com/nodejs/node/pull/25828)
    * exit on --debug and --debug-brk after option parsing
      (Joyee Cheung)
      [#25828](https://github.com/nodejs/node/pull/25828)
    * improve `--redirect-warnings` handling (Ruben Bridgewater)
      [#24965](https://github.com/nodejs/node/pull/24965)
* readline:
    * support TERM=dumb (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
* repl:
    * add welcome message (gengjiawen)
      [#25947](https://github.com/nodejs/node/pull/25947)
    * fix terminal default setting (Ruben Bridgewater)
      [#26518](https://github.com/nodejs/node/pull/26518)
    * check colors with `.getColorDepth()` (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
    * deprecate REPLServer.rli (Ruben Bridgewater)
      [#26260](https://github.com/nodejs/node/pull/26260)
* src:
    * remove unused `INT_MAX` constant (Sam Roberts)
      [#27078](https://github.com/nodejs/node/pull/27078)
    * update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * remove `AddPromiseHook()` (Anna Henningsen)
      [#26574](https://github.com/nodejs/node/pull/26574)
    * clean up `MultiIsolatePlatform` interface (Anna Henningsen)
      [#26384](https://github.com/nodejs/node/pull/26384)
    * properly configure default heap limits (Ali Ijaz Sheikh)
      [#25576](https://github.com/nodejs/node/pull/25576)
    * remove `icuDataDir` from node config (GauthamBanasandra)
      [#24780](https://github.com/nodejs/node/pull/24780)
* tls:
    * support TLSv1.3 (Sam Roberts)
      [#26209](https://github.com/nodejs/node/pull/26209)
    * return correct version from `getCipher()` (Sam Roberts)
      [#26625](https://github.com/nodejs/node/pull/26625)
    * check arg types of renegotiate() (Sam Roberts)
      [#25876](https://github.com/nodejs/node/pull/25876)
    * add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts)
      [#24729](https://github.com/nodejs/node/pull/24729)
    * emit a warning when servername is an IP address (Rodger Combs)
      [#23329](https://github.com/nodejs/node/pull/23329)
    * disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
      [#23814](https://github.com/nodejs/node/pull/23814)
    * remove unused arg to createSecureContext() (Sam Roberts)
      [#24241](https://github.com/nodejs/node/pull/24241)
    * deprecate `Server.prototype.setOptions()` (cjihrig)
      [#23820](https://github.com/nodejs/node/pull/23820)
    * load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong)
      [#23354](https://github.com/nodejs/node/pull/23354)
* util:
    * remove `util.print()`, `util.puts()`, `util.debug()`
      and `util.error()` (cjihrig)
      [#25377](https://github.com/nodejs/node/pull/25377)
    * change inspect compact and breakLength default
      (Ruben Bridgewater)
      [#27109](https://github.com/nodejs/node/pull/27109)
    * improve inspect edge cases (Ruben Bridgewater)
      [#27109](https://github.com/nodejs/node/pull/27109)
    * only the first line of the error message (Simon Zünd)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * don't set the prototype of callbackified functions
      (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * rename callbackified function (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * increase function length when using `callbackify()`
      (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * prevent tampering with internals in `inspect()`
      (Ruben Bridgewater)
      [#26577](https://github.com/nodejs/node/pull/26577)
    * prevent Proxy traps being triggered by `.inspect()`
      (Ruben Bridgewater)
      [#26241](https://github.com/nodejs/node/pull/26241)
    * prevent leaking internal properties (Ruben Bridgewater)
      [#24971](https://github.com/nodejs/node/pull/24971)
    * protect against monkeypatched Object prototype for inspect()
      (Rich Trott)
      [#25953](https://github.com/nodejs/node/pull/25953)
    * treat format arguments equally (Roman Reiss)
      [#23162](https://github.com/nodejs/node/pull/23162)
* win, fs:
    * detect if symlink target is a directory (Bartosz Sosnowski)
      [#23724](https://github.com/nodejs/node/pull/23724)
* zlib:
    * throw TypeError if callback is missing (Anna Henningsen)
      [#24929](https://github.com/nodejs/node/pull/24929)
    * make “bare” constants un-enumerable (Anna Henningsen)
      [#24824](https://github.com/nodejs/node/pull/24824)

PR-URL: https://github.com/nodejs/node/pull/26930
2019-04-23 16:46:54 +01:00
James M Snell
3516052bee
2018-10-23, Version 11.0.0 (Current)
Notable changes:

* Build
  * FreeBSD 10 is no longer supported.[#22617](https://github.com/nodejs/node/pull/22617)
* `child_process`
  * The default value of the `windowsHide` option has been changed
    to `true`. [#21316](https://github.com/nodejs/node/pull/21316)
* `console`
  * `console.countReset()` will emit a warning if the timer
    being reset does not exist. [#21649](https://github.com/nodejs/node/pull/21649)
  * `console.time()` will no longer reset a timer if it already
    exists. [#20442](https://github.com/nodejs/node/pull/20442)
* Dependencies
  * V8 has been updated to 7.0.
    [#22754](https://github.com/nodejs/node/pull/22754)
* `fs`
  * The `fs.read()` method now requires a callback.
    [#22146](https://github.com/nodejs/node/pull/22146)
  * The previously deprecated `fs.SyncWriteStream` utility has been
    removed.[#20735](https://github.com/nodejs/node/pull/20735)
* `http`
  * The `http`, `https`, and `tls` modules now use the WHATWG URL parser
    by default. [#20270](https://github.com/nodejs/node/pull/20270)
* General
  * Use of `process.binding()` has been deprecated. Userland code using
    `process.binding()` should re-evaluate that use and begin migrating. If
    there are no supported API alternatives, please open an issue in the
    Node.js GitHub repository so that a suitable alternative may be discussed.
  * An experimental implementation of `queueMicrotask()` has been added.
    [#22951](https://github.com/nodejs/node/pull/22951)
* Internal
  * Windows performance-counter support has been removed.
    [#22485](https://github.com/nodejs/node/pull/22485)
  * The `--expose-http2` command-line option has been removed.
    [#20887](https://github.com/nodejs/node/pull/20887)
* Timers
  * Interval timers will be rescheduled even if previous interval threw
    an error. [#20002](https://github.com/nodejs/node/pull/20002)
* `util`
  * The WHATWG `TextEncoder` and `TextDecoder` are now globals.
    [#22281](https://github.com/nodejs/node/pull/22281)
  * `util.inspect()` output size is limited to 128 MB by default.
    [#22756](https://github.com/nodejs/node/pull/22756)
  * A runtime warning will be emitted when `NODE_DEBUG` is set for
    either `http` or `http2`. [#21914](https://github.com/nodejs/node/pull/21914)
2018-10-23 11:03:02 -07:00
James M Snell
0cca27b3ff 2018-04-24, Version 10.0.0 (Current)
* Assert
  * Calling `assert.fail()` with more than one argument is deprecated. #70dcacd710
  * Calling `assert.ok()` with no arguments will now throw. #3cd7977a42
  * Calling `assert.ifError()` will now throw with any argument other than `undefined` or `null`. Previously the method would throw with any truthy value. #e65a6e81ef
  * The `assert.rejects()` and `assert.doesNotReject()` methods have been added for working with async functions. #599337f43e
* Async_hooks
  * Older experimental async_hooks APIs have been removed. #1cc6b993b9
* Buffer
  * Uses of `new Buffer()` and `Buffer()` outside of the `node_modules` directory will now emit a runtime deprecation warning. #9d4ab90117
  * `Buffer.isEncoding()` now returns `undefined` for falsy values, including an empty string. #452eed956e
  * `Buffer.fill()` will throw if an attempt is made to fill with an empty `Buffer`. #1e802539b2
* Child Process
  * Undefined properties of env are ignored. #38ee25e2e2, #85739b6c5b
* Console
  * The `console.table()` method has been added. #97ace04492
* Crypto
  * The `crypto.createCipher()` and `crypto.createDecipher()` methods have been deprecated. Please use `crypto.createCipheriv()` and `crypto.createDecipheriv()` instead. #81f88e30dd
  * The `decipher.finaltol()` method has been deprecated. #19f3927d92
  * The `crypto.DEFAULT_ENCODING` property has been deprecated. #6035beea93
  * The `ECDH.convertKey()` method has been added. #f2e02883e7
  * The `crypto.fips` property has been deprecated. #6e7992e8b8
* Dependencies
  * V8 has been updated to 6.6. #9daebb48d6
  * OpenSSL has been updated to 1.1.0h. #66cb29e646
* EventEmitter
  * The `EventEmitter.prototype.off()` method has been added as an alias for `EventEmitter.prototype.removeListener()`. #3bb6f07d52
* File System
  * The `fs.promises` API provides experimental promisified versions of the `fs` functions. #329fc78e49
  * Invalid path errors are now thrown synchronously. #d8f73385e2
  * The `fs.readFile()` method now partitions reads to avoid thread pool exhaustion. #67a4ce1c6e
* HTTP
  * Processing of HTTP Status codes `100`, `102-199` has been improved. #baf8495078
  * Multi-byte characters in URL paths are now forbidden. #b961d9fd83
* N-API
  * The n-api is no longer experimental. #cd7d7b15c1
* Net
  * The `'close'` event will be emitted after `'end'`. #9b7a6914a7
* Perf_hooks
  * The `PerformanceObserver` class is now an `AsyncResource` and can be monitored using `async_hooks`. #009e41826f
  * Trace events are now emitted for performance events. #9e509b622b
  * The `performance` API has been simplified. #2ec6995555
  * Performance milestone marks will be emitted as trace events. #96cb4fb795
* Process
  * Using non-string values for `process.env` is deprecated. #5826fe4e79
  * The `process.assert()` method is deprecated. #703e37cf3f
* REPL
  * REPL now experimentally supports top-level await when using the `--experimental-repl-await` flag. #eeab7bc068
  * The previously deprecated "magic mode" has been removed. #4893f70d12
  * The previously deprecated `NODE_REPL_HISTORY_FILE` environment variable has been removed. #60c9ad7979
  * Proxy objects are shown as Proxy objects when inspected. #90a43906ab
* Streams
  * The `'readable'` event is now always deferred with nextTick. #1e0f3315c7
  * A new `pipeline()` method has been provided for building end-to-data stream pipelines. #a5cf3feaf1
  * Experimental support for async for-await has been added to `stream.Readable`. #61b4d60c5d
* Timers
  * The `enroll()` and `unenroll()` methods have been deprecated. #68783ae0b8
* TLS
  * The `tls.convertNONProtocols()` method has been deprecated. #9204a0db6e
  * Support for NPN (next protocol negotiation) has been dropped. #5bfbe5ceae
  * The `ecdhCurve` default is now `'auto'`. #af78840b19
* Trace Events
  * A new `trace_events` top-level module allows trace event categories to be enabled/disabld at runtime. #da5d818a54
* URL
  * The WHATWG URL API is now a global. #312414662b
* Util
  * `util.types.is[…]` type checks have been added. #b20af8088a
  * Support for bigint formatting has been added to `util.inspect()`. #39dc947409
2018-04-24 12:02:31 -07:00
Myles Borins
b3cb8ce111
2018-03-29, Version 4.9.1 'Argon' (Maintenance)
Notable changes:

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.

PR-URL: https://github.com/nodejs/node/pull/19681
2018-03-29 23:36:33 -04:00
Myles Borins
ebe51d6492
2018-03-28, Version 4.9.0 'Argon' (Maintenance)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159

Notable Changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

PR-URL: https://github.com/nodejs-private/node-private/pull/110
2018-03-28 12:18:57 -04:00
estrada9166
a29089d7c8
doc: add new documentation lint rule
Add 80 characters limit to docs.
Change docs to fit 80 characters per row.

PR-URL: https://github.com/nodejs/node/pull/18726
Fixes: https://github.com/nodejs/node/issues/18703
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
2018-02-23 16:26:29 +00:00
Myles Borins
e832743f72
2017-12-08, Version 4.8.7 'Argon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/17526

PR-URL: https://github.com/nodejs/node/pull/17534
2017-12-08 10:52:15 -05:00
Rich Trott
911f16329e doc: prepare for v8/V8 linting in doc text
PR-URL: https://github.com/nodejs/node/pull/17163
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
2017-11-22 08:24:46 -08:00
Myles Borins
16b1faa05b
2017-11-07, Version 4.8.6 'Argon' (Maintenance)
Notable Changes:

* **crypto**:
  - update root certificates (Ben Noordhuis)
    https://github.com/nodejs/node/pull/13279
  - update root certificates (Ben Noordhuis)
    https://github.com/nodejs/node/pull/12402
* **deps**:
  - add support for more modern versions of INTL (Bruno Pagani)
    https://github.com/nodejs/node/pull/13040
  - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/16691
  - upgrade openssl sources to 1.0.2l (Daniel Bevenius)
    https://github.com/nodejs/node/pull/13233

PR-URL: https://github.com/nodejs/node/pull/16500
2017-11-07 12:22:33 -05:00
James M Snell
8cd940af13 2017-10-31, Version 9.0.0 (Current)
* Older experimental APIs have been removed.
    [[`d731369b1d`](d731369b1d)]
    [#14414](https://github.com/nodejs/node/pull/14414)

* **Errors**
  * Improvements have been made to `buffer` module error messages.
  * The assignment of static error codes to Node.js error continues:
    * `buffer`
    * `child_process`
    * `console`
    * `crypto`
    * `dns`
    * `events`
    * `fs`
    * `http`
    * `inspector`
    * `net`
    * `path`
    * `process`
    * `querystring`
    * `readline`
    * `repl`
    * `streams`
    * `string_decoder`
    * `timers`
    * `tls`
    * `url`
    * `util`
    * `v8`
    * `zlib`

* **Child Processes**
  * Errors are emitted on process nextTick.

* **Domains**
  * The long-deprecated `.dispose()` method has been removed.

* **fs**
  * The `fs.ReadStream` and `fs.WriteStream` classes now use `destroy()`.
  * `fs` module callbacks are now invoked with an undefined context.

* **HTTP/1**
  * A 400 Bad Request response will now be sent when parsing fails.
  * Socket timeout will be set when the socket connects.
  * A bug causing the request `'error'` event to fire twice was fixed.
  * HTTP clients may now use generic `Duplex` streams in addition to `net.Socket`.

* **Intl**
  * The deprecated `Intl.v8BreakIterator` has been removed.

* **Modules**
  * The `require.resolve()` method now supports using custom lookup paths.

* **OS**
  * The `os.EOL` property is now read-only.

* **Timers**
  * `setTimeout()` will emit a warning if the timeout is larger that the maximum
    32-bit unsigned integer.
2017-10-31 12:59:12 -07:00
Myles Borins
068cede663
2017-10-24, Version 4.8.5 'Argon' (Maintenance)
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

for details on patched vulnerabilities.

Notable Changes:

* zlib:
  - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
  error to be raised when a raw deflate stream is initialized with
  windowBits set to 8. On some versions this crashes Node and you
  cannot recover from it, while on some versions it throws an
  exception. Node.js will now gracefully set windowBits to 9
  replicating the legacy behavior to avoid a DOS vector.
  https://github.com/nodejs-private/node-private/pull/95

PR-URL: https://github.com/nodejs-private/node-private/pull/96
2017-10-24 18:05:12 -04:00
Myles Borins
0130cf55bb
2017-07-11, Version 4.8.4 'Argon' (Maintenance)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/

for details on patched vulnerabilities.

Notable Changes:

* build:
  - Disable V8 snapshots - The hashseed embedded in the snapshot is
    currently the same for all runs of the binary. This opens node
    up to collision attacks which could result in a Denial of Service.
    We have temporarily disabled snapshots until a more robust solution
    is found (Ali Ijaz Sheikh)
* deps:
  - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
    which is used for parsing NAPTR responses, could be triggered to
    read memory outside of the given input buffer if the passed in DNS
    response packet was crafted in a particular way. This patch checks
    that there is enough data for the required elements of an NAPTR
    record (2 int16, 3 bytes for string lengths) before processing a
    record. (David Drysdale)

PR-URL: https://github.com/nodejs/node-private/pull/90
2017-07-11 17:49:34 +01:00
James M Snell
43e4efdf21 2017-05-30, Version 8.0.0 (Current)
* **Async Hooks**
  * The `async_hooks` module has landed in core
    [[`4a7233c178`](4a7233c178)]
    [#12892](https://github.com/nodejs/node/pull/12892).

* **Buffer**
  * Using the `--pending-deprecation` flag will cause Node.js to emit a
    deprecation warning when using `new Buffer(num)` or `Buffer(num)`.
    [[`d2d32ea5a2`](d2d32ea5a2)]
    [#11968](https://github.com/nodejs/node/pull/11968).
  * `new Buffer(num)` and `Buffer(num)` will zero-fill new `Buffer` instances
    [[`7eb1b4658e`](7eb1b4658e)]
    [#12141](https://github.com/nodejs/node/pull/12141).
  * Many `Buffer` methods now accept `Uint8Array` as input
    [[`beca3244e2`](beca3244e2)]
    [#10236](https://github.com/nodejs/node/pull/10236).

* **Child Process**
  * Argument and kill signal validations have been improved
    [[`97a77288ce`](97a77288ce)]
    [#12348](https://github.com/nodejs/node/pull/12348),
    [[`d75fdd96aa`](d75fdd96aa)]
    [#10423](https://github.com/nodejs/node/pull/10423).
  * Child Process methods accept `Uint8Array` as input
    [[`627ecee9ed`](627ecee9ed)]
    [#10653](https://github.com/nodejs/node/pull/10653).

* **Console**
  * Error events emitted when using `console` methods are now supressed.
    [[`f18e08d820`](f18e08d820)]
    [#9744](https://github.com/nodejs/node/pull/9744).

* **Dependencies**
  * The npm client has been updated to 5.0.0
    [[`3c3b36af0f`](3c3b36af0f)]
    [#12936](https://github.com/nodejs/node/pull/12936).
  * V8 has been updated to 5.8 with forward ABI stability to 6.0
    [[`60d1aac8d2`](60d1aac8d2)]
    [#12784](https://github.com/nodejs/node/pull/12784).

* **Domains**
  * Native `Promise` instances are now `Domain` aware
    [[`84dabe8373`](84dabe8373)]
    [#12489](https://github.com/nodejs/node/pull/12489).

* **Errors**
  * We have started assigning static error codes to errors generated by Node.js.
    This has been done through multiple commits and is still a work in
    progress.

* **File System**
  * The utility class `fs.SyncWriteStream` has been deprecated
    [[`7a55e34ef4`](7a55e34ef4)]
    [#10467](https://github.com/nodejs/node/pull/10467).
  * The deprecated `fs.read()` string interface has been removed
    [[`3c2a9361ff`](3c2a9361ff)]
    [#9683](https://github.com/nodejs/node/pull/9683).

* **HTTP**
  * Improved support for userland implemented Agents
    [[`90403dd1d0`](90403dd1d0)]
    [#11567](https://github.com/nodejs/node/pull/11567).
  * Outgoing Cookie headers are concatenated into a single string
    [[`d3480776c7`](d3480776c7)]
    [#11259](https://github.com/nodejs/node/pull/11259).
  * The `httpResponse.writeHeader()` method has been deprecated
    [[`fb71ba4921`](fb71ba4921)]
    [#11355](https://github.com/nodejs/node/pull/11355).
  * New methods for accessing HTTP headers have been added to `OutgoingMessage`
    [[`3e6f1032a4`](3e6f1032a4)]
    [#10805](https://github.com/nodejs/node/pull/10805).

* **Lib**
  * All deprecation messages have been assigned static identifiers
    [[`5de3cf099c`](5de3cf099c)]
    [#10116](https://github.com/nodejs/node/pull/10116).
  * The legacy `linkedlist` module has been removed
    [[`84a23391f6`](84a23391f6)]
    [#12113](https://github.com/nodejs/node/pull/12113).

* **N-API**
  * Experimental support for the new N-API API has been added
    [[`56e881d0b0`](56e881d0b0)]
    [#11975](https://github.com/nodejs/node/pull/11975).

* **Process**
  * Process warning output can be redirected to a file using the
    `--redirect-warnings` command-line argument
    [[`03e89b3ff2`](03e89b3ff2)]
    [#10116](https://github.com/nodejs/node/pull/10116).
  * Process warnings may now include additional detail
    [[`dd20e68b0f`](dd20e68b0f)]
    [#12725](https://github.com/nodejs/node/pull/12725).

* **REPL**
  * REPL magic mode has been deprecated
    [[`3f27f02da0`](3f27f02da0)]
    [#11599](https://github.com/nodejs/node/pull/11599).

* **Src**
  * `NODE_MODULE_VERSION` has been updated to 57
    (ec7cbaf266)]
    [#12995](https://github.com/nodejs/node/pull/12995).
  * Add `--pending-deprecation` command-line argument and
    `NODE_PENDING_DEPRECATION` environment variable
    [[`a16b570f8c`](a16b570f8c)]
    [#11968](https://github.com/nodejs/node/pull/11968).
  * The `--debug` command-line argument has been deprecated. Note that
    using `--debug` will enable the *new* Inspector-based debug protocol
    as the legacy Debugger protocol previously used by Node.js has been
    removed. [[`010f864426`](010f864426)]
    [#12949](https://github.com/nodejs/node/pull/12949).
  * Throw when the `-c` and `-e` command-line arguments are used at the same
    time [[`a5f91ab230`](a5f91ab230)]
    [#11689](https://github.com/nodejs/node/pull/11689).
  * Throw when the `--use-bundled-ca` and `--use-openssl-ca` command-line
    arguments are used at the same time.
    [[`8a7db9d4b5`](8a7db9d4b5)]
    [#12087](https://github.com/nodejs/node/pull/12087).

* **Stream**
  * `Stream` now supports `destroy()` and `_destroy()` APIs
    [[`b6e1d22fa6`](b6e1d22fa6)]
    [#12925](https://github.com/nodejs/node/pull/12925).
  * `Stream` now supports the `_final()` API
    [[`07c7f198db`](07c7f198db)]
    [#12828](https://github.com/nodejs/node/pull/12828).

* **TLS**
  * The `rejectUnauthorized` option now defaults to `true`
    [[`348cc80a3c`](348cc80a3c)]
    [#5923](https://github.com/nodejs/node/pull/5923).
  * The `tls.createSecurePair()` API now emits a runtime deprecation
    [[`a2ae08999b`](a2ae08999b)]
    [#11349](https://github.com/nodejs/node/pull/11349).
  * A runtime deprecation will now be emitted when `dhparam` is less than
    2048 bits [[`d523eb9c40`](d523eb9c40)]
    [#11447](https://github.com/nodejs/node/pull/11447).

* **URL**
  * The WHATWG URL implementation is now a fully-supported Node.js API
    [[`d080ead0f9`](d080ead0f9)]
    [#12710](https://github.com/nodejs/node/pull/12710).

* **Util**
  * `Symbol` keys are now displayed by default when using `util.inspect()`
    [[`5bfd13b81e`](5bfd13b81e)]
    [#9726](https://github.com/nodejs/node/pull/9726).
  * `toJSON` errors will be thrown when formatting `%j`
    [[`455e6f1dd8`](455e6f1dd8)]
    [#11708](https://github.com/nodejs/node/pull/11708).
  * Convert `inspect.styles` and `inspect.colors` to prototype-less objects
    [[`aab0d202f8`](aab0d202f8)]
    [#11624](https://github.com/nodejs/node/pull/11624).
  * The new `util.promisify()` API has been added
    [[`99da8e8e02`](99da8e8e02)]
    [#12442](https://github.com/nodejs/node/pull/12442).

* **Zlib**
  * Support `Uint8Array` in Zlib convenience methods
    [[`91383e47fd`](91383e47fd)]
    [#12001](https://github.com/nodejs/node/pull/12001).
  * Zlib errors now use `RangeError` and `TypeError` consistently
    [[`b514bd231e`](b514bd231e)]
    [#11391](https://github.com/nodejs/node/pull/11391).
2017-05-30 10:58:31 -07:00
Alexey Orlenko
2af49b6c89 doc: make the style of notes consistent
Make the style of "Note:" paragraphs consistent and document the
guidelines in `doc/STYLE_GUIDE.md`.

PR-URL: https://github.com/nodejs/node/pull/13133
Fixes: https://github.com/nodejs/node/issues/13131
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
2017-05-25 18:49:41 -04:00
Frank Lanitz
5de722ab6d
doc: fix links from ToC to subsection for 4.8.x
PR-URL: https://github.com/nodejs/node/pull/13039
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
2017-05-18 17:14:17 +01:00
Myles Borins
9802d466cc
2017-05-02, Version 4.8.3 'Argon' (Maintenance)
Notable Changes:

* module:
  - The module loading global fallback to the Node executable's
    directory now works correctly on Windows.
    (Richard Lau) https://github.com/nodejs/node/pull/9283
* src:
  - fix base64 decoding in rare edgecase
    (Nikolai Vavilov) https://github.com/nodejs/node/pull/11995
* tls:
  - fix rare segmentation faults when using TLS
   * (Trevor Norris) https://github.com/nodejs/node/pull/11947
   * (Ben Noordhuis) https://github.com/nodejs/node/pull/11898
   * (jBarz) https://github.com/nodejs/node/pull/11776

PR-URL: https://github.com/nodejs/node/pull/12499
2017-05-02 19:54:13 +02:00
Myles Borins
f7a31180ad
2017-04-04, Version 4.8.2 'Argon' (Maintenance)
This is a maintenance release to fix a memory leak that was
introduced in 4.8.1.

It also includes an upgrade to zlib 1.2.11 to fix a number of low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes:

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    https://github.com/nodejs/node/pull/12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    https://github.com/nodejs/node/pull/10980
2017-04-04 14:40:28 +02:00
Myles Borins
7738cf22c2
2017-03-21, Version 4.8.1 'Argon' (LTS)
Notable Changes:

* buffer:
  - The performance of `.toJSON()` is now up to 2859% faster on average
    (Brian White) https://github.com/nodejs/node/pull/10895

* IPC:
  - Batched writes have been enabled for process IPC on platforms that
    support Unix Domain Sockets. (Alexey Orlenko)
    https://github.com/nodejs/node/pull/10677
  - Performance gains may be up to 40% for some workloads.

* http:
  - Control characters are now always rejected when using
    `http.request()`. (Ben Noordhuis)
    https://github.com/nodejs/node/pull/8923

* node:
  - Heap statistics now support values larger than 4GB. (Ben Noordhuis)
    https://github.com/nodejs/node/pull/10186

PR-URL: https://github.com/nodejs/node/pull/11760
2017-03-21 14:20:51 -07:00
Myles Borins
49c5ff4408
2017-02-21, Version 4.8.0 'Argon' (LTS)
Notable Changes:

* child_process: add shell option to spawn() (cjihrig)
  https://github.com/nodejs/node/pull/4598
* crypto:
  * add ALPN Support (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/2564
  * allow adding extra certs to well-known CAs (Sam Roberts)
    https://github.com/nodejs/node/pull/9139
* deps:
  * v8: expose statistics about heap spaces (Ben Ripkens)
    https://github.com/nodejs/node/pull/4463
* fs: add the fs.mkdtemp() function. (Florian MARGAINE)
  https://github.com/nodejs/node/pull/5333
* process:
  * add `externalMemory` to `process` (Fedor Indutny)
    https://github.com/nodejs/node/pull/9587
  * add process.cpuUsage() (Patrick Mueller)
    https://github.com/nodejs/node/pull/10796

PR-URL: https://github.com/nodejs/node/pull/10973
2017-02-21 20:45:47 -05:00
Myles Borins
54fef6761e
2017-01-31, Version 4.7.3 'Argon' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		https://github.com/nodejs/node/pull/11021

PR-URL: https://github.com/nodejs/node/pull/11083
2017-01-31 20:00:04 -05:00
Myles Borins
d4d3e2f674 2017-01-05, Version 4.7.2 'Argon' (LTS)
This is a special release that contains 0 commits. While promoting
additional platforms for v4.7.1 after the release, the tarballs on the
release server were overwritten and now have different shasums. In
order to remove any ambiguity around the release we have opted to do a
semver patch release with no changes.
2017-01-05 17:58:05 -05:00
Myles Borins
b26a469211 2017-01-03, Version 4.7.1 'Argon' (LTS)
This LTS release comes with 180 commits. This includes 117 which are
test related, 34 which are doc related, 15 which are build / tool
related, and 1 commit which is an update to dependencies.

Notable Changes:

* build:
  - shared library support is now working for AIX builds
    (Stewart Addison) https://github.com/nodejs/node/pull/9675
* repl:
  - Passing options to the repl will no longer overwrite defaults
    (cjihrig) https://github.com/nodejs/node/pull/7826
* timers:
  - Re canceling a cancelled timers will no longer throw
    (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/9685

PR-URL: https://github.com/nodejs/node/pull/10395
2017-01-03 19:10:36 -05:00
Myles Borins
6ade6dedab 2016-12-06, Version 4.7.0 'Argon' (LTS)
This LTS release comes with 108 commits. This includes 30 which are doc
related, 28 which are test related, 16 which are build / tool related,
and 4 commits which are updates to dependencies.

Notable Changes:

The SEMVER-MINOR changes include:

* build:
  - export openssl symbols on Windows making it possible to build
    addons linked against the bundled version of openssl (Alex Hultman)
    https://github.com/nodejs/node/pull/7576
* debugger:
  - make listen address configurable in the debugger server
    (Ben Noordhuis) https://github.com/nodejs/node/pull/3316
* dgram:
  - generalized send queue to handle close fixing a potential throw
    when dgram socket is closed in the listening event handler.
    (Matteo Collina) https://github.com/nodejs/node/pull/7066
* http:
  - Introduce the 451 status code "Unavailable For Legal Reasons"
    (Max Barinov) https://github.com/nodejs/node/pull/4377
* tls:
  - introduce `secureContext` for `tls.connect` which is useful for
    caching client certificates, key, and CA certificates.
    (Fedor Indutny) https://github.com/nodejs/node/pull/4246

Notable SEMVER-PATCH changes include:

* build:
  - introduce the configure --shared option for embedders (sxa555)
    https://github.com/nodejs/node/pull/6994
* gtest:
  - the test reporter now outputs tap comments as yamlish
    (Johan Bergström) https://github.com/nodejs/node/pull/9262
* src:
  - node no longer aborts when c-ares initialization fails
    (Ben Noordhuis) https://github.com/nodejs/node/pull/8710
* tls:
  - fix memory leak when writing data to TLSWrap instance during
    handshake (Fedor Indutny)
    https://github.com/nodejs/node/pull/9586

PR-URL: https://github.com/nodejs/node/pull/9736
2016-12-06 14:58:36 -05:00
Myles Borins
65e7f62400 doc: fix heading type for v4.6.2 changelog
Originally was h2 should be h3

PR-URL: https://github.com/nodejs/node/pull/9515
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
2016-11-08 14:49:42 -05:00
Myles Borins
3562658bed 2016-11-08, Version 4.6.2 'Argon' (LTS)
This LTS release comes with 219 commits. This includes 80 commits that
are docs related, 58 commits that are test related, 20 commits that
are build / tool related, and 9 commits that are updates to
dependencies.

Notable Changes

* build:
  - It is now possible to build the documentation from the release
    tarball (Anna Henningsen)
    https://github.com/nodejs/node/pull/8413
* buffer:
  - Buffer.alloc() will no longer incorrectly return a zero filled
    buffer when an encoding is passed (Teddy Katz)
    https://github.com/nodejs/node/pull/9238
* deps:
  - upgrade npm in LTS to 2.15.11 (Kat Marchán)
    https://github.com/nodejs/node/pull/8928
* repl:
  - Enable tab completion for global properties (Lance Ball)
    https://github.com/nodejs/node/pull/7369
* url:
  - `url.format()` will now encode all `#` in `search` (Ilkka Myller)
    https://github.com/nodejs/node/pull/8072

PR-URL: https://github.com/nodejs/node/pull/9298
2016-11-08 14:42:44 -05:00
James M Snell
1e4fafcb1a 2016-10-25, Version 7.0.0 (Current)
Notable Changes:

* Buffer
  * Passing invalid input to Buffer.byteLength will now throw an error [#8946](https://github.com/nodejs/node/pull/8946).
  * Calling Buffer without new is now deprecated and will emit a process warning [#8169](https://github.com/nodejs/node/pull/8169).
  * Passing a negative number to allocUnsafe will now throw an error [#7079](https://github.com/nodejs/node/pull/7079).
* Child Process
  * The fork and execFile methods now have stronger argument validation [#7399](https://github.com/nodejs/node/pull/7399).
* Cluster
  * The worker.suicide method is deprecated and will emit a process warning [#3747](https://github.com/nodejs/node/pull/3747).
* Deps
  * V8 has been updated to 5.4.500.36 [#8317](https://github.com/nodejs/node/pull/8317), [#8852](https://github.com/nodejs/node/pull/8852), [#9253](https://github.com/nodejs/node/pull/9253).
  * NODE_MODULE_VERSION has been updated to 51 [#8808](https://github.com/nodejs/node/pull/8808).
* File System
  * A process warning is emitted if a callback is not passed to async file system methods [#7897](https://github.com/nodejs/node/pull/7897).
* Intl
  * Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [#8908](https://github.com/nodejs/node/pull/8908).
* Promises
  * Unhandled Promise rejections have been deprecated and will emit a process warning [#8217](https://github.com/nodejs/node/pull/8217).
* Punycode
  * The `punycode` module has been deprecated [#7941](https://github.com/nodejs/node/pull/7941).
* URL
  * An Experimental WHATWG URL Parser has been introduced [#7448](https://github.com/nodejs/node/pull/7448).

PR-URL: https://github.com/nodejs/node/pull/9099
2016-10-25 06:53:36 -07:00
Rod Vagg
83c7a8897c 2016-10-18, Version 4.6.1 'Argon' (LTS)
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg)

PR-URL: https://github.com/nodejs/node/pull/9153
2016-10-19 04:01:02 +11:00
Evan Lucas
3d54ea4304 doc: fix broken links in changelogs
Some commit links in the changelogs were pointing to incorrect/missing
shas.

PR-URL: https://github.com/nodejs/node/pull/8122
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2016-10-11 16:41:45 -05:00
Rod Vagg
eba39c4bc6 2016-09-27, Version 4.6.0 'Argon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
for details on patched vulnerabilities.

Notable Changes

Semver Minor:

* openssl:
  - Upgrade to 1.0.2i, fixes a number of defects impacting Node.js:
    CVE-2016-6304 ("OCSP Status Request extension unbounded memory
    growth", high severity), CVE-2016-2183, CVE-2016-6303,
    CVE-2016-2178 and CVE-2016-6306.
    (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8714
  - Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in
    a crash when using CRLs, CVE-2016-7052.
    (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8786
  - Remove support for loading dynamic third-party engine modules.
    An attacker may be able to hide malicious code to be inserted into
    Node.js at runtime by masquerading as one of the dynamic engine
    modules. Originally reported by Ahmed Zaki (Skype).
    (Ben Noordhuis) https://github.com/nodejs/node-private/pull/70
* http: CVE-2016-5325 - Properly validate for allowable characters in
  the `reason` argument in `ServerResponse#writeHead()`. Fixes a
  possible response splitting attack vector. This introduces a new
  case where `throw` may occur when configuring HTTP responses, users
  should already be adopting try/catch here. Originally reported
  independently by Evan Lucas and Romain Gaucher.
  (Evan Lucas) https://github.com/nodejs/node-private/pull/46

Semver Patch:

* buffer: Zero-fill excess bytes in new `Buffer` objects created with
  `Buffer.concat()` while providing a `totalLength` parameter that
  exceeds the total length of the original `Buffer` objects being
  concatenated.
  (Сковорода Никита Андреевич) https://github.com/nodejs/node-private/pull/65
* tls: CVE-2016-7099 - Fix invalid wildcard certificate validation
  check whereby a TLS server may be able to serve an invalid wildcard
  certificate for its hostname due to improper validation of `*.` in
  the wildcard string. Originally reported by Alexander Minozhenko and
  James Bunton (Atlassian).
  (Ben Noordhuis) https://github.com/nodejs/node-private/pull/63

PR-URL: https://github.com/nodejs/node-private/pull/74
2016-09-28 10:42:18 +10:00
Сковорода Никита Андреевич
50be885285 tools: enable more remark-lint rules
New rules:
 1. rule-style
 2. strong-marker
 3. no-shell-dollars
 4. no-inline-padding
 5. code-block-style
 6. no-multiple-toplevel-headings

Fixes to the existing files applied.

PR-URL: https://github.com/nodejs/node/pull/8708
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
2016-09-25 13:02:45 +03:00
Myles Borins
e7bd4d2597 2016-08-15, Version 4.5.0 'Argon' (LTS)
Notable Changes:

Semver Minor:

* buffer:
 * backport new buffer constructor APIs to v4.x
   (Сковорода Никита Андреевич)
   https://github.com/nodejs/node/pull/7562
 * backport --zero-fill-buffers cli option (James M Snell)
   https://github.com/nodejs/node/pull/5745
* build:
  * add Intel Vtune profiling support (Chunyang Dai)
    https://github.com/nodejs/node/pull/5527
* repl:
  * copying tabs shouldn't trigger completion (Eugene Obrezkov)
    https://github.com/nodejs/node/pull/5958
* src:
  * add node::FreeEnvironment public API (Cheng Zhao)
    https://github.com/nodejs/node/pull/3098
* test:
  * run v8 tests from node tree (Bryon Leung)
    https://github.com/nodejs/node/pull/4704
* V8:
  * Add post mortem data to improve object inspection and function's
    context variables inspection (Fedor Indutny)
    https://github.com/nodejs/node/pull/3779

Semver Patch:

* **buffer**:
  * ignore negative allocation lengths (Anna Henningsen)
    https://github.com/nodejs/node/pull/7562
* **crypto**:
  * update root certificates (Ben Noordhuis)
    https://github.com/nodejs/node/pull/7363
* **libuv**:
  * upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé)
    https://github.com/nodejs/node/pull/6796
  * upgrade libuv to 1.9.0 (Saúl Ibarra Corretgé)
    https://github.com/nodejs/node/pull/5994
* **npm**:
  * upgrade to 2.15.9 (Kat Marchán)
    https://github.com/nodejs/node/pull/7692
2016-08-16 12:09:23 -04:00
Сковорода Никита Андреевич
a58b48bc3b doc: various documentation formatting fixes
* Fix markdown code sample in releases.md, it was <a id="x.y.x></a>"
* Fix some markdown errors, e.g. in changelogs
* Fix broken defs links, e.g. in domain-postmortem.md
* Fix other broken refs, by addaleax
* Add links to some defs that were present but not linked to
* Remove dead defs
* Move defs to the bottom (one file affected)
* Add language indicators to all code blocks, using `txt` when no
specific language could be chosen
* Some minor formatting changes (spaces, ident, headings)

PR-URL: https://github.com/nodejs/node/pull/7637
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Roman Reiss <me@silverwind.io>
2016-07-14 12:26:50 +03:00
Myles Borins
21535e851c 2016-06-28, Version 4.4.7 'Argon' (LTS)
This LTS release comes with 89 commits. This includes 46 commits that
are docs related, 11 commits that are test related, 8 commits that are
build related, and 4 commits that are benchmark related.

Notable Changes:

- debugger:
  - All properties of an array (aside from length) can now be printed
    in the repl (cjihrig)
    https://github.com/nodejs/node/pull/6448
- npm:
  - Upgrade npm to 2.15.8 (Rebecca Turner)
    https://github.com/nodejs/node/pull/7412
- stream:
  - Fix for a bug that became more prevalent with the stream changes
    that landed in v4.4.5. (Anna Henningsen)
    https://github.com/nodejs/node/pull/7160
- V8:
  - Fix for a bug in crankshaft that was causing crashes on arm64
    (Myles Borins)
    https://github.com/nodejs/node/pull/7442
  - Add missing classes to postmortem info such as JSMap and JSSet
    (evan.lucas)
    https://github.com/nodejs/node/pull/3792
2016-06-28 15:53:44 -07:00
Myles Borins
9744928cf5 doc: fix layout problem in v4 changelog
The current layout is breaking the release post tool.

This commit also removed erroneous entires in the main CHANGELOG for
v4.4.6 and v5.12.0.

PR-URL: https://github.com/nodejs/node/pull/7394
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2016-06-27 10:42:16 -07:00