2018-03-28, Version 6.14.0 'Boron' (LTS), @MylesBorins

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

• CVE-2018-7158
• CVE-2018-7159
• CVE-2018-7160

Notable Changes

• Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that are known to impact Node.js.
• Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious website could use a DNS rebinding attack to trick a web browser to bypass same-origin-policy checks and allow HTTP connections to localhost or to hosts on the local network, potentially to an open inspector port as a debugger, therefore gaining full code execution access. The inspector now only allows connections that have a browser Host value of localhost or localhost6.
• Fix for 'path' module regular expression denial of service (CVE-2018-7158): A regular expression used for parsing POSIX paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted 'path' module functions.
• Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The Node.js HTTP parser allowed for spaces inside Content-Length header values. Such values now lead to rejected connections in the same way as non-numeric values.
• Update root certificates: 5 additional root certificates have been added to the Node.js binary and 30 have been removed.

Commits

• [ac21bdc149] - crypto: update root certificates (Ben Noordhuis) #19322
• [3c99e41427] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [d775057090] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [982012b96d] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [1aa83f7707] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #19638
• [05de6f4af7] - deps: upgrade openssl sources to 1.0.2o (Shigeki Ohtsu) #19638
• [ed64cc2be7] - deps: reject interior blanks in Content-Length (Ben Noordhuis) nodejs-private/http-parser-private#1
• [d786d21f92] - deps: upgrade http-parser to v2.8.0 (Ben Noordhuis) nodejs-private/http-parser-private#1
• [4947b0e26e] - inspector: minor adjustments (Eugene Ostroukhov)
• [e3950d1a40] - inspector: check Host header (Ali Ijaz Sheikh)
• [ef32e06a6e] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [1dba2f4950] - src: drop CNNIC+StartCom certificate whitelisting (Ben Noordhuis) #19322
• [bdfeb1c739] - tools: update certdata.txt (Ben Noordhuis) #19322

2018-03-28, Version 4.9.0 'Argon' (Maintenance), @MylesBorins

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

• CVE-2018-7158
• CVE-2018-7159

Notable Changes

• Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that are known to impact Node.js.
• Fix for 'path' module regular expression denial of service (CVE-2018-7158): A regular expression used for parsing POSIX an Windows paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted 'path' module functions.
• Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The Node.js HTTP parser allowed for spaces inside Content-Length header values. Such values now lead to rejected connections in the same way as non-numeric values.
• Update root certificates: 5 additional root certificates have been added to the Node.js binary and 30 have been removed.

Commits

• [497ff3cd4f] - crypto: update root certificates (Ben Noordhuis) #19322
• [514709e41f] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [5108108606] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [d67d0a63d9] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [6af057ecc8] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #19638
• [b50cd3359d] - deps: upgrade openssl sources to 1.0.2o (Shigeki Ohtsu) #19638
• [da6e24c8d6] - deps: reject interior blanks in Content-Length (Ben Noordhuis) nodejs-private/http-parser-private#1
• [7ebc9981e0] - deps: upgrade http-parser to v2.8.0 (Ben Noordhuis) nodejs-private/http-parser-private#1
• [6fd2cc93a6] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [bf00665af6] - path: unwind regular expressions in Windows (Myles Borins)
• [4196fcf23e] - path: unwind regular expressions in POSIX (Myles Borins)
• [625986b699] - src: drop CNNIC+StartCom certificate whitelisting (Ben Noordhuis) #19322
• [ebc46448a4] - tools: update certdata.txt (Ben Noordhuis) #19322

2018-03-21, Version 9.9.0 (Current), @MylesBorins prepared by @targos

Notable Changes

• assert:
  • From now on all error messages produced by assert in strict mode will produce a error diff. (Ruben Bridgewater) #17615
  • From now on it is possible to use a validation object in throws instead of the other possibilities. (Ruben Bridgewater) #17584
• crypto:
  • allow passing null as IV unless required (Tobias Nießen) #18644
• fs:
  • support as and as+ flags in stringToFlags() (Sarat Addepalli) #18801
• tls:
  • expose Finished messages in TLSSocket (Anton Salikhmetov) #19102
• tty:
  • Add getColorDepth function to determine if terminal supports colors. (Ruben Bridgewater) #17615
• util:
  • add util.inspect compact option (Ruben Bridgewater) #17576
• Added new collaborators
  • watson Thomas Watson

Commits

• [acc86ed246] - 2018-03-XX, Version 9.9.0 (Current) (Michaël Zasso)
• [8d33e5c214] - assert: improve error check (Ruben Bridgewater) #17574
• [5e6b42ec9c] - assert: show proper differences (Ruben Bridgewater) #18611
• [9abbb6b857] - assert: fix infinite loop (Ruben Bridgewater) #18611
• [e9ac468146] - assert: fix throws trace (Ruben Bridgewater) #18595
• [d3c2534bbe] - assert: use destructuring for errors (Ruben Bridgewater) #18247
• [5aa3a2d172] - (SEMVER-MINOR) assert: improve error messages (Ruben Bridgewater) #17615
• [f96ea47cf5] - assert: fix strict regression (Ruben Bridgewater) #17903
• [ebd60fa505] - (SEMVER-MINOR) assert: .throws accept objects (Ruben Bridgewater) #17584
• [612ba1a3f0] - (SEMVER-MINOR) assert: improve assert.throws (Ruben Bridgewater) #17585
• [24aeca7dd5] - assert: fix throws and doesNotThrow stack frames (Ruben Bridgewater) #17703
• [db73d1c13b] - assert: use object argument in innerFail (Ruben Bridgewater) #17582
• [bae5de1949] - (SEMVER-MINOR) assert: add strict functionality export (Ruben Bridgewater) #17002
• [f0f31d080a] - async_hooks: add copyHooks function (Daniel Bevenius) #19391
• [71b1c7f79f] - async_hooks: don't set hook_fields[kTotals] to 0 (Daniel Bevenius) #19219
• [530b8a4077] - benchmark: fix benchmark for url (Sergey Golovin) #19084
• [563bed00f5] - benchmark,lib,test,tools: use consistent quotes (Rich Trott) #19156
• [3f7c4eea04] - build: do not cd on vcbuild help (Vse Mozhet Byt) #19291
• [5a1437cdbd] - build: update arm64 minimum supported platform (Gibson Fahnestock) #19164
• [07845fc19e] - console: port errors to new system (Ruben Bridgewater) #18857
• [03c321a713] - (SEMVER-MINOR) crypto: allow passing null as IV unless required (Tobias Nießen) #18644
• [044995e546] - crypto: use bool over int consistently (Tobias Nießen) #19238
• [36f664ef9a] - deps: V8: backport 596d55a from upstream (Myles Borins) #19477
• [5966b8cc06] - deps: v8: cherry-pick fixes for v8:7535 (Flarna) #19333
• [cb732aeda4] - doc: enable eslint prefer-template rule (Ruben Bridgewater) #18831
• [ff82acb95a] - doc: update buffer examples (Ruben Bridgewater) #18758
• [a4c28d77f7] - doc: fix deprecation removed by mistake (Michaël Zasso) #19482
• [b229912f6f] - doc: do not announce obvious examples (Rich Trott) #19270
• [c1fa0926e3] - doc: fix typos on n-api (Kyle Robinson Young) #19385
• [99e6734f19] - doc: improve best practices in onboarding-extras (Rich Trott) #19315
• [5a56327e79] - doc: fix minor issues in async_hooks.md (Rich Trott) #19313
• [5da3ee7719] - doc: clarify default TLS handshake timeout (Rich Trott) #19290
• [7f652c2bcc] - doc: update username and email (Yuta Hiroto) #19338
• [e247f19ac3] - doc: improve style guide text (Rich Trott) #19269
• [c9b12f302a] - doc: remove superfluous text in onboarding-extras (Rich Trott) #19247
• [6c5afebf55] - doc: make caveat in stream.md more concise (Rich Trott) #19251
• [8e88a180b9] - doc: add warning to assert.doesNotThrow() (Ruben Bridgewater) #18699
• [a04e4ae5e4] - doc: remove confusing "cats" from style guide (Rich Trott) #19246
• [7c3617558e] - doc: remove superfluous adverb from style guide (Rich Trott) #19246
• [d117f5ff22] - doc: remove warning against readable/readable.read (Rich Trott) #19193
• [5c21d16c31] - doc: add watson to collaborators (Thomas Watson) #19234
• [9557e66ae1] - doc: update labels info in onboarding-extras.md (Rich Trott) #19160
• [84acb9fae5] - doc: add inspector usage example (Ali Ijaz Sheikh) #19172
• [27088cfaa7] - doc: improve onboarding instructions (Joyee Cheung) #19108
• [9ec0eab019] - doc: make suggestion more direct in stream.md (Rich Trott) #19124
• [968b867bf2] - doc: document asserts Weak(Map|Set) behavior (Ruben Bridgewater) #18248
• [745709396c] - (SEMVER-MINOR) doc: improve .throws RegExp info (Ruben Bridgewater) #17585
• [5a78c6c0a6] - (SEMVER-MINOR) doc: improve assert documentation (Ruben Bridgewater) [#17002](https://gi...

2018-03-07, Version 9.8.0 (Current), @MylesBorins

Notable Changes

• crypto:
  • add cert.fingerprint256 as SHA256 fingerprint (Hannes Magnusson) #17690
• http2:
  • Fixed issues with aborted connections in the HTTP/2 implementation (Anna Henningsen) #18987 #19002
• loader:
  • --inspect-brk now works properly for esmodules (Gus Caplan) #18949
• src:
  • make process.dlopen() load well-known symbol (Ben Noordhuis) #18934
• trace_events:
  • add file pattern cli option (Andreas Madsen) #18480
• Added new collaborators
  • MoonBall Chen Gang

Commits

• [6ae2cafde3] - buffer: coerce offset to integer (Ruben Bridgewater) #18215
• [6d17383041] - buffer: fix typo in lib/buffer.js (Ujjwal Sharma) #19126
• [4b34b2e185] - build: fix gocvr version used for coverage (Michael Dawson) #19094
• [a938e52ffe] - build: disable openssl build warnings on macos (Ben Noordhuis) #19046
• [44d80c5620] - build: fix coverage after gcovr update (killagu) #18958
• [28a5362e83] - build: fix lint-md-build dependency (Joyee Cheung) #18981
• [e74e422a53] - (SEMVER-MINOR) crypto: add cert.fingerprint256 as SHA256 fingerprint (Hannes Magnusson) #17690
• [056001dc8f] - (SEMVER-MINOR) deps: cherry-pick 0bcb1d6f from upstream V8 (Jakob Kummerow) #18212
• [1fadb2edb4] - doc: fix/add link to Android info (Vse Mozhet Byt) #19004
• [68524610f2] - doc: remove subsystem from pull request template (Rich Trott) #19125
• [d3a70e9cd4] - doc: remove tentativeness in pull-requests.md (Rich Trott) #19123
• [f03079fce6] - doc: update cc list (Ruben Bridgewater) #19099
• [9d2de16b13] - doc: add introduced_in metadata to _toc.md (Rich Trott) #19113
• [ae2dabb8fc] - doc: new team for bundlers or delivery of Node.js (Michael Dawson) #19098
• [0e4f4266a1] - doc: add simple example to rename function (punteek) #18812
• [e42600fc4b] - doc: add missing Returns in fs & util (Sho Miyamoto) #18775
• [4ecf5bbe74] - doc: fix a typo in util.isDeepStrictEqual (Sho Miyamoto) #18775
• [cab6c8e95c] - doc: add URL.format() example (Zeke Sikelianos) #18888
• [a4462b7944] - doc: fix n-api asynchronous threading docs (Eric Bickle) #19073
• [bfa894cf37] - doc: add MoonBall to collaborators (Chen Gang) #19109
• [77154cd65d] - doc: update list of re-exported symbols (Richard Lau) #19013
• [459f2095a1] - doc: Readable unpipe on Writable error event (George Sapkin) #18080
• [68c1337819] - doc: add RegExp Unicode Property Escapes to intl (Vse Mozhet Byt) #19052
• [71d09ecbf1] - doc: make the background section concise and improve its formality (Wilson) #18928
• [951054004d] - doc: lowercase primitives in test/common/README.md (Vse Mozhet Byt) #18875
• [5b8c97f6bc] - events: show throw stack trace for uncaught exception (Anna Henningsen) #19003
• [0789eeceb6] - http: prevent aborted event when already completed (Andrew Johnston) #18999
• [ae4d83facf] - http: prevent aborted event when already completed (Andrew Johnston) #18999
• [50d1233935] - http2: no stream destroy while its data is on the wire (Anna Henningsen) #19002
• [551d9752c8] - http2: fix flaky test-http2-https-fallback (Matteo Collina) #19093
• [8bc930c269] - http2: fix endless loop when writing empty string (Anna Henningsen) #18924
• [aa0fca9426] - http2: use original error for cancelling pending streams (Anna Henningsen) #18988
• [447136999d] - http2: send error text in case of ALPN mismatch (Anna Henningsen) #18986
• [ef8f90f34e] - http2: fix condition where data is lost (Matteo Collina) #18895
• [e584113b66] - lib: re-fix v8_prof_processor (Anna Henningsen) #19059
• [12856b0dd2] - lib: change hook -> hooks in code comment (Daniel Bevenius) #19053
• [db8d197e79] - lib,test: remove yoda statements (Ruben Bridgewater) #18746
• [59547cc438] - loader: fix --inspect-brk (Gus Caplan) #18949
• [39e032fe86] - module: fix main lookup regression from #18728 (Guy Bedford) #18788
• [f3e3429296] - module: support main w/o extension, pjson cache (Guy Bedford) #18728
• [95f6467ffd] - module: fix cyclical dynamic import (Bradley Farias) #18965
• [5c4f703607] - n-api: update reference test (Gabriel Schulhof) #19086
• [1b32fc3276] - n-api: fix object test (Gabriel Schulhof) #19039
• [ef4714c2b6] - net: inline and simplify onSocketEnd (Anna Henningsen) #18607
• [28880cf89d] - perf_hooks: fix timing (Timothy Gu) #18993
• [96f0bec48b] - repl: make last error available as \_error (Anna Henningsen) #18919
• [420d56c2ea] - src: don't touch js object in Http2Session dtor (Ben Noordhuis) #18656
• [f89f659dcf] - src: remove unnecessary Reset() calls (Ben Noordhuis) #18656
• [67a9742aed] - src: prevent persistent handle resource leaks (Ben Noordhuis) [#18656](https://github.com/nodej...

2018-03-06, Version 8.10.0 'Carbon' (LTS), @gibfahn

Notable Changes

• deps:
  • update V8 to 6.2.414.46 (Michaël Zasso) #16413
  • revert ABI breaking changes in V8 6.2 (Anna Henningsen) #16413
  • upgrade libuv to 1.19.1 (cjihrig) #18260
  • re land npm 5.6.0 (Myles Borins) #18625
  • ICU 60 bump (Steven R. Loomis) #16876
• crypto:
  • Support both OpenSSL 1.1.0 and 1.0.2 (David Benjamin) #16130
  • warn on invalid authentication tag length (Tobias Nießen) #17566
• async_hooks:
  • update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) #18004
  • use typed array stack as fast path (Anna Henningsen) #17780
  • use scope for defaultTriggerAsyncId (Andreas Madsen) #17273
  • separate missing from default context (Andreas Madsen) #17273
  • rename initTriggerId (Andreas Madsen) #17273
  • deprecate undocumented API (Andreas Madsen) #16972
  • add destroy event for gced AsyncResources (Sebastian Mayr) #16998
  • add trace events to async_hooks (Andreas Madsen) #15538
  • set HTTPParser trigger to socket (Andreas Madsen) #18003
  • add provider types for net server (Andreas Madsen) #17157
• n-api:
  • add helper for addons to get the event loop (Anna Henningsen) #17109
• cli:
  • add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) #16495
• console:
  • add support for console.debug (Benjamin Zaslavsky) #17033
• module:
  • add builtinModules (Jon Moss) #16386
  • replace default paths in require.resolve() (cjihrig) #17113
• src:
  • add helper for addons to get the event loop (Anna Henningsen) #17109
  • add process.ppid (cjihrig) #16839
• http:
  • support generic Duplex streams (Anna Henningsen) #16267
  • add rawPacket in err of clientError event (XadillaX) #17672
  • better support for IPv6 addresses (Mattias Holmlund) #14772
• net:
  • remove ADDRCONFIG DNS hint on Windows (Bartosz Sosnowski) #17662
• process:
  • fix reading zero-length env vars on win32 (Anna Henningsen) #18463
• tls:
  • unconsume stream on destroy (Anna Henningsen) #17478
• process:
  • improve unhandled rejection message (Madara Uchiha) #17158
• stream:
  • remove usage of *State.highWaterMark (Calvin Metcalf) #12860
• trace_events:
  • add executionAsyncId to init events (Andreas Madsen) #17196

Commits

• [5dab90b8bb] - async_hooks: update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) #18004
• [086af68c19] - async_hooks: use typed array stack as fast path (Anna Henningsen) #17780
• [0f7c8984af] - async_hooks: use CHECK instead of throwing error (Jon Moss) #17832
• [5a199a905b] - async_hooks: use scope for defaultTriggerAsyncId (Andreas Madsen) #17273
• [03873db4d0] - async_hooks: separate missing from default context (Andreas Madsen) #17273
• [cce92ccfa8] - async_hooks: rename initTriggerId (Andreas Madsen) #17273
• [025b9f208f] - (SEMVER-MINOR) async_hooks: deprecate undocumented API (Andreas Madsen) #16972
• [36dbd1181a] - (SEMVER-MINOR) async_hooks: add destroy event for gced AsyncResources (Sebastian Mayr) #16998
• [331b175af2] - (SEMVER-MINOR) async_hooks: add trace events to async_hooks (Andreas Madsen) #15538
• [91d4eb5ff8] - (SEMVER-MINOR) async_hooks,http: set HTTPParser trigger to socket (Andreas Madsen) #18003
• [0211175bc7] - async_hooks,test: only use IPv6 in http test (Andreas Madsen) #18143
• [6d55a4c941] - (SEMVER-MINOR) async_wrap: add provider types for net server (Andreas Madsen) #17157
• [8143a95c1f] - benchmark: implement duration in http test double (Joyee Cheung) #18380
• [f779a8b5a4] - benchmark: make compare.R easier to understand (Andreas Madsen) #18373
• [deb70417cd] - benchmark: remove redundant + (sreepurnajasti) #17803
• [452d2c561a] - benchmark: fix timeout in write-stream-throughput (Anatoli Papirovski) #17958
• [1e3ea5023b] - benchmark: make temp file path configurable (Rich Trott) #17811
• [91135b9bd2] - build: fix Makefile wrt finding node executable (Yang Guo) #18040
• [f07bb16255] - build: fix cctest target with --enable-static (Qingyan Li) #17992
• [e61344a9e9] - build: remove cctest extension (Yihong Wang) #16680
• [fd845d80eb] - build,win: update lint-cpp on Windows (Kyle Farnung) #18012
• [44ab4f09a2] - build,win,msi: support WiX with VS2017 (João Reis) #17101
• [ec7996ca15] - (SEMVER-MINOR) cli: add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) #16495
• [087cdaf871] - cluster: resolve relative unix socket paths (laino) #16749
• [162ff56439] - (SEMVER-MINOR) console: add support for console.debug (Benjamin Zaslavsky) #17033
• [8cc0ea78d7] - crypto: do not reach into OpenSSL internals for ThrowCryptoError (David Benjamin) #16701
• [072902a258] - crypto: remove leftover initialization (Myles Borins) #18622
• [b0526ba7f1] - (SEMVER-MINOR) crypto: clear some SSL_METHOD deprecation warnings (David Benjamin) #16130
• [78738266d6] - (SEMVER-MINOR) crypto: make ALPN the same for OpenSSL 1.0.2 & 1.1.0 (David Benjamin) #16130
• [f1d458be58] - (SEMVER-MINOR) crypto: remove deprecated ECDH calls w/ OpenSSL 1.1 (David Benjamin) #16130
• [f9a597a1d3] - (SEMVER-MINOR) crypto: emulate OpenSSL 1.0 ticket scheme in 1.1 (David Benjamin) #16130
• [eb377f38f6] - (SEMVER-MINOR) crypto: h...

2018-03-06, Version 6.13.1 'Boron' (LTS), @MylesBorins

Notable Changes

• http, tls:
  • better support for IPv6 addresses (Mattias Holmlund) #14772

Commits

• [d333ba5e2a] - doc: add vdeturckheim as collaborator (vdeturckheim) #18432
• [7fc5c69a4a] - doc: use PBKDF2 in text (Tobias Nießen) #18279
• [1e8d1200ce] - doc: Add example of null to assert.ifError (Leko) #18236
• [46e43111af] - doc: V8 branch used in 8.x not active anymore (Franziska Hinkelmann) #18155
• [b83b104c17] - doc: add builtin module in building.md (Suixinlei) #17705
• [2e76df5b4e] - doc: warn users about non-ASCII paths on build (Matheus Marchini) #16735
• [2c21421092] - doc: simplify sentences that use "considered" (Rich Trott) #18095
• [8f9362d6e8] - doc: add documentation for deprecation properties (Jon Moss) #16539
• [1505b71dab] - doc: add Leko to collaborators (Leko) #18117
• [838f7bdb6e] - doc: be less tentative about undefined behavior (Rich Trott) #18091
• [17c88c4c18] - doc: examples for fast-tracking regression fixes (Refael Ackermann) #17379
• [e021fb73d2] - doc,test: mention Duplex support for TLS (Anna Henningsen) #17599
• [df038ad90f] - fs: fix options.end of fs.ReadStream() (陈刚) #18121
• [8e7ac25aa6] - http, tls: better support for IPv6 addresses (Mattias Holmlund) #14772
• [969c39eb3a] - lib: enable dot-notation eslint rule (Anatoli Papirovski) #18007
• [37071b8dda] - path: fix path.normalize for relative paths (Weijia Wang) #17974
• [fdf73b110f] - test: preserve env in test cases (Beth Griggs) #14822
• [bb2d292562] - test: change assert message to default (ryanmahan) #18259
• [27107b957c] - test: use countdown timer (Mandeep Singh) #17326
• [eaa30e4947] - test: simplify loadDHParam in TLS test (Tobias Nießen) #18103
• [2004efded8] - test: improve to use template string (sreepurnajasti) #18097
• [16ef24bccf] - test: use smaller input file for test-zlib.js (Rich Trott) #17988
• [48790382f1] - tools: add number-isnan rule (Jon Moss) #17556

2018-03-02, Version 9.7.1 (Current), @rvagg

No additional commits. New version published due to a bad node-v9.7.0.pkg file that was published to nodejs.org in the previous release.

2018-03-01, Version 9.7.0 (Current), @rvagg prepared by @addaleax

Notable Changes

• libuv:

  • Updated to libuv 1.19.2 (Colin Ihrig) #18918

• src:

  • Add initial support for Node.js-specific post-mortem metadata (Matheus Marchini) #14901

• timers:

  • The return value of setImmediate() now has ref() and unref() methods (Anatoli Papirovski) #18139

• util:

  • It is now possible to get the name for a numerical platform-specific error code as a string (Joyee Cheung) #18186

Commits

• [5ddef2988b] - async_wrap: schedule destroy hook as unref (Anatoli Papirovski) #18241
• [be9777c5f6] - benchmark: add stream.pipe benchmarks (Mathias Buus) #18617
• [4012ae8885] - build: fix coverage build (Yihong Wang) #18409
• [8c934990ef] - build: add node_lib_target_name to cctest deps (Daniel Bevenius) #18576
• [f7e1402923] - build: include the libuv and zlib into node (Yihong Wang) #18383
• [237a363dc7] - build: make gyp user defined variables lowercase (Daniel Bevenius) #16238
• [16ef386507] - build, win: vcbuild improvements (Bartosz Sosnowski) #17015
• [4fa1f3197f] - cluster: fix inspector port assignment (Santiago Gimeno) #18696
• [ec55965501] - deps: upgrade libuv to 1.19.2 (cjihrig) #18918
• [7fb72a5fa3] - deps,src: align ssize_t ABI between Node & nghttp2 (Anna Henningsen) #18565
• [dd917eb946] - doc: add pending-deprecation to deprecations list (Сковорода Никита Андреевич) #18433
• [287946ddff] - doc: remove Returns: {undefined} (Sho Miyamoto) #18951
• [4f454bde74] - doc: mention git-node in the collaborator guide (Joyee Cheung) #18960
• [4bc54238b2] - doc: update 2fa information in onboarding.md (Rich Trott) #18968
• [b456e31964] - doc: add process.debugPort to doc/api/process.md (flickz) #18716
• [6f177e7b5d] - doc: readable.push(undefined) in non-object mode (陈刚) #18283
• [85322518ca] - doc: remove extraneous "for example" text (Rich Trott) #18890
• [38cf3cf494] - doc: update description of 'clientError' event (Luigi Pinca) #18885
• [e447580872] - doc: fix link in onboarding.md (Justin Lee) #18878
• [205a84cf09] - doc: remove CII badge in README (Roman Reiss) #18908
• [1246902bae] - errors: move error creation helpers to errors.js (Joyee Cheung) #18546
• [b3fe55aada] - errors: improve the description of ERR_INVALID_ARG_VALUE (Joyee Cheung) #18358
• [112c9a3a19] - http: remove default 'drain' listener on upgrade (Luigi Pinca) #18866
• [c7f9608626] - http: allow _httpMessage to be GC'ed (Luigi Pinca) #18865
• [738b0a1f2e] - lib: add process to internal module wrapper (Anna Henningsen) #17198
• [cfb78bc1df] - process: use linked reusable queue for ticks (Mathias Buus) #18617
• [4acea14197] - process: do not directly schedule _tickCallback in _fatalException (Anatoli Papirovski) #17841
• [d348496345] - process: refactor nextTick for clarity (Anatoli Papirovski) #17738
• [cf0b95c4b1] - process: use more direct sync I/O for stdio (Anna Henningsen) #18019
• [b4c933dd44] - promises: refactor rejection handling (Anatoli Papirovski) #18207
• [01398b29e9] - repl: fix tab-complete warning (killagu) #18881
• [e33b9fa7b5] - src: fix GetCpuProfiler() deprecation warning (Ben Noordhuis) #18534
• [91694497ba] - src: refactor WriteWrap and ShutdownWraps (Anna Henningsen) #18676
• [fa691f7d95] - src: only set JSStreamWrap write req after write() (Anna Henningsen) #18676
• [296523a698] - src: remove unnecessary async hooks check (Anatoli Papirovski) #18291
• [4de4c54069] - src: expose uv.errmap to binding (Joyee Cheung) #17338
• [189e566076] - src: do not redefine private for GenDebugSymbols (Joyee Cheung) #18653
• [07c6fb983b] - src: use AliasedBuffer for TickInfo (Anatoli Papirovski) #17881
• [684684e567] - src: simplify handles for libuv streams (Anna Henningsen) #18334
• [cb5ed45603] - src: refactor stream callbacks and ownership (Anna Henningsen) #18334
• [f60757796b] - src: use DoTryWrite() for not-all-Buffer writev()s too (Anna Henningsen) #18019
• [f17987ba16] - src: remove HasWriteQueue() (Anna Henningsen) #18019
• [2282dceb29] - src: remove node namespace qualifiers (Daniel Bevenius) #18962
• [6e7aa3d8f4] - src: fix abort when taking a heap snapshot (Ben Noordhuis) #18898
• [a17d6840e1] - src: fix deprecation warning in node_perf.cc (Daniel Bevenius) #18877
• [46fc507054] - (SEMVER-MINOR) src, test: node internals' postmortem metadata (Matheus Marchini) #14901
• [7853a7fd2a] - test: add test for stream unpipe with 'data' listeners (Anna Henningsen) #18516
• [3543c5543b] - test: make sure WriteWrap tests are actually async (Anna Henningsen) #18676
• [7dd3c8af88] - test: add url type check in Module options (JiaHerr Tee) #18664
• [1be5e33f03] - test: replace assert.throws with expec...

2018-02-22, Version 9.6.1 (Current), @MylesBorins

This is a special release to fix potentially Semver-Major regression that was released in v9.6.0

Notable Changes

• events:
  • events.usingDomains being set to false by default was removed in 9.6.0 which was a change in behavior compares to 9.5.0. This behavior change has been reverted and the events object now has usingDomains preset to false, which is the behavior in 9.x prior to 9.6.0 (Myles Borins) #18944

Commits

• [761caec379] - events: preset usingDomains to false (Myles Borins) #18944

2018-02-22, Version 9.6.0 (Current), @MylesBorins

Notable Changes

• async_hooks:
  • deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) #18513
  • rename PromiseWrap.parentId to PromiseWrap.isChainedPromise (Ali Ijaz Sheikh) #18633
• deps:
  • update node-inspect to 1.11.3 (Jan Krems) #18354
  • ICU 60.2 bump (Steven R. Loomis) #17687
  • Introduce ScriptOrModule and HostDefinedOptions to V8 (Jan Krems) #16889
• http:
  • add options to http.createServer() for IncomingMessage and ServerReponse (Peter Marton) #15752
• http2:
  • add http fallback options to .createServer (Peter Marton) #15752
• https:
  • Adds the remaining options from tls.createSecureContext() to the string generated by Agent#getName(). This allows https.request() to accept the options and generate unique sockets appropriately. (Jeff Principe) #16402
• inspector:
  • --inspect-brk for es modules (Guy Bedford) #18194
• lib:
  • allow process kill by signal number (Sam Roberts) #16944
• module:
  • enable dynamic import (Myles Borins) #18387
  • dynamic import is now supported (Jan Krems) #15713
• n-api:
  • add methods to open/close callback scope (Michael Dawson) #18089
• src:
  • allow --perf-(basic-)?prof in NODE_OPTIONS (Leko) #17600
• vm:
  • add support for es modules (Gus Caplan) #17560

Commits

• [7f5334e243] - (SEMVER-MINOR) async_hooks: deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) #18513
• [8e39c3bfd6] - (SEMVER-MINOR) async_hooks: rename PromiseWrap.parentId (Ali Ijaz Sheikh) #18633
• [0865d11c08] - async_hooks: clean up comments (Ali Ijaz Sheikh) #18467
• [4d78eb8663] - benchmark: improve compare output (Ruben Bridgewater) #18597
• [ffbad8350e] - benchmark: spread operator benchmark (James M Snell) #18442
• [9ae513a7de] - benchmark: shorten config name in http benchmark (Joyee Cheung) #18452
• [d469a06ace] - benchmark: cut down http benchmark run time (Joyee Cheung) #18379
• [9c125825a9] - benchmark: refactor (Ruben Bridgewater) #18320
• [f0186704cd] - benchmark: (timers) refactor (Ruben Bridgewater) #18320
• [28156e16d1] - benchmark: (http(2)) refactor (Ruben Bridgewater) #18320
• [076b3d9b0a] - benchmark: (es) refactor (Ruben Bridgewater) #18320
• [76cb958975] - benchmark: (url) refactor (Ruben Bridgewater) #18320
• [0851822b87] - benchmark: (crypto) refactor (Ruben Bridgewater) #18320
• [cb13c7c653] - benchmark: (buffer) refactor (Ruben Bridgewater) #18320
• [9acf7545f0] - benchmark: (assert) refactor (Ruben Bridgewater) #18320
• [7da01f43fd] - benchmark: fix variables not being set (Ruben Bridgewater) #18320
• [4a5d7d4248] - benchmark: fix platform in basename-win32 (Ruben Bridgewater) #18320
• [f3ab106750] - buffer: remove obsolete NaN check (Ruben Bridgewater) #18744
• [c38576e526] - buffer: simplify check size in assertSize (Mihail Bodrov) #18665
• [080368b5d0] - build: no longer have v8-debug.h as dependency. (Yang Guo) #18677
• [15db2969fe] - build: do not suppress output in make doc-only (Joyee Cheung) #18507
• [c642e229da] - build: add doc linting when runnning make lint (Camilo Gonzalez) #18472
• [be5c293d73] - build: allow x86_64 as a dest_cpu alias for x64 (Rod Vagg) #18052
• [9c6bb5f386] - build: add cflags for OpenBSD, remove stray comma. (Aaron Bieber) #18448
• [2c7de9df50] - build,win: replace run-python subroutine with single find_python call (Nikolai Vavilov) #18621
• [91f2cf9297] - child_process: fix stdio sockets creation (Santiago Gimeno) #18701
• [a893b42791] - crypto: use non-deprecated v8::Object::Set (Daniel Bevenius) #17482
• [2d98b58c08] - deps: V8: backport 76c3ac5 from upstream (Ali Ijaz Sheikh) #18298
• [442903fb1b] - deps: update node-inspect to 1.11.3 (Jan Krems) #18354
• [9e7f8633b6] - deps: ICU 60.2 bump (Steven R. Loomis) #17687
• [11566fe532] - deps: cherry-pick dbfe4a49d8 from upstream V8 (Jan Krems) #16889
• [6edf952628] - doc: fix nits in tools/doc/README.md (Vse Mozhet Byt) #18874
• [7624686888] - doc: fix minor grammar/typographical issues in onboarding.md (Rich Trott) #18847
• [2f836e76bd] - doc: update onboarding.md for faster exercise completion (Rich Trott) #18846
• [e1f82735fe] - doc: improved documentation for fs.unlink() (dustinnewman98) #18843
• [63b0c158f7] - doc: fix broken link in pull-requests.md (Justin Lee) #18873
• [8047c27855] - doc: fix typo in http2.md (Vse Mozhet Byt) #18872
• [0dd8ea4a00] - doc: refactor manpage to use mdoc(7) macros (Alhadis) #18559
• [33271e60f3] - doc: mark accessing IPC channel fd as undefined (Bartosz Sosnowski) #17545
• [02e9e9949c] - doc: fix minor typos in GOVERNANCE.md (Rich Trott) #18829
• [1bff0aaae5] - doc: add Yihong Wang to collaborators (Yihong Wang) #18824
• [1c77929231] - doc: warn against concurrent http2stream.respondWithFD (Anna Henningsen) #18762
• [cd2fa0412f] - doc: activate no-multiple-empty-lines rule (Ruben Bridgewater) [#18747](https://github.com/nodejs/node/p...