Releases: nodejs/node
2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @richardlau
Notable Changes
Added support for import attributes
Support has been added for import attributes, to replace the old import
assertions syntax. This will aid migration by making the new syntax available
across all currently supported Node.js release lines.
This adds the with
keyword which should be used in place of the previous
assert
keyword, which will be removed in a future semver-major Node.js
release.
For example,
import "foo" assert { ... }
should be replaced with
import "foo" with { ... }
For more details, see
Contributed by NicolΓ² Ribaudo in #51136
and Antoine du Hamel in #50140.
Doc deprecation for dirent.path
Please use newly added dirent.parentPath
instead.
Contributed by Antoine du Hamel in #50976
and #51020.
Experimental node-api feature flags
Introduces an experimental feature to segregate finalizers that affect GC state.
A new type called node_api_nogc_env
has been introduced as the const version
of napi_env
and node_api_nogc_finalize
as a variant of napi_finalize
that
accepts a node_api_nogc_env
as its first argument.
This feature can be turned off by defining
NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT
.
Contributed by Gabriel Schulhof in #50060.
Root certificates updated to NSS 3.98
Certificates added:
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
Certificates removed:
- Security Communication Root CA
Updated dependencies
- ada updated to 2.7.6.
- base64 updated to 0.5.2.
- c-ares updated to 1.27.0.
- corepack updated to 0.25.2.
- ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
- npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
- simdutf8 updated to 4.0.8.
- Timezone updated to 2024a.
- zlib updated to 1.3.0.1-motley-40e35a7.
vm: fix V8 compilation cache support for vm.Script
Previously repeated compilation of the same source code using vm.Script
stopped hitting the V8 compilation cache after v16.x when support for
importModuleDynamically
was added to vm.Script
, resulting in a performance
regression that blocked users (in particular Jest users) from upgrading from
v16.x.
The recent fixes allow the compilation cache to be hit again
for vm.Script
when --experimental-vm-modules
is not used even in the
presence of the importModuleDynamically
option, so that users affected by the
performance regression can now upgrade. Ongoing work is also being done to
enable compilation cache support for vm.CompileFunction
.
Contributed by Joyee Cheung in #49950
and #50137.
Commits
- [
c70383b8d4
] - build: support Python 3.12 (Shi Pujin) #50209 - [
4b960c3a4a
] - build: fix incorrect g++ warning message (Richard Lau) #51695 - [
8fdea67694
] - crypto: update root certificates to NSS 3.98 (Node.js GitHub Bot) #51794 - [
812b126dd9
] - deps: V8: cherry-pick d90d4533b053 (MichaΓ«l Zasso) #50077 - [
9ab8c3db87
] - deps: update c-ares to 1.27.0 (Node.js GitHub Bot) #51846 - [
c688680387
] - deps: update c-ares to 1.26.0 (Node.js GitHub Bot) #51582 - [
9498ac8a47
] - deps: compile c-ares with C11 support (MichaΓ«l Zasso) #51410 - [
8fb743642f
] - deps: update c-ares to 1.25.0 (Node.js GitHub Bot) #51385 - [
7bea2d7c12
] - deps: update zlib to 1.3.0.1-motley-40e35a7 (Node.js GitHub Bot) #51274 - [
57a38c8f75
] - deps: update zlib to 1.3.0.1-motley-dd5fc13 (Node.js GitHub Bot) #51105 - [
b0ca084a6b
] - deps: update zlib to 1.3-22124f5 (Node.js GitHub Bot) #50910 - [
4b43823f37
] - deps: update zlib to 1.2.13.1-motley-5daffc7 (Node.js GitHub Bot) #50803 - [
f0da591812
] - deps: update zlib to 1.2.13.1-motley-dfc48fc (Node.js GitHub Bot) #50456 - [
16d28a883a
] - deps: update base64 to 0.5.2 (Node.js GitHub Bot) #51455 - [
13a9e81cb6
] - deps: update base64 to 0.5.1 (Node.js GitHub Bot) #50629 - [
b4502d3ac5
] - deps: update simdutf to 4.0.8 (Node.js GitHub Bot) #51000 - [
183cf8a74a
] - deps: update simdutf to 4.0.4 (Node.js GitHub Bot) #50772 - [
11ba8593ea
] - deps: update ada to 2.7.6 (Node.js GitHub Bot) #51542 - [
73a946d55c
] - deps: update ada to 2.7.5 (Node.js GitHub Bot) #51542 - [
cc434c1a39
] - deps: update ada to 2.7.4 (Node.js GitHub Bot) #50815 - [
3a3808a6ae
] - deps: upgrade npm to 10.5.0 (npm team) #51913 - [
c8876d765c
] - deps: upgrade npm to 10.3.0 (npm team) #51431 - [
5aec3af460
] - deps: update corepack to 0.25.2 (Node.js GitHub Bot) #51810 - [
a593985326
] - deps: update corepack to 0.24.1 (Node.js GitHub Bot) #51459 - [
d1a9237bf5
] - deps: update corepack to 0.24.0 (Node.js GitHub Bot) #51318 - [
adac0c7a63
] - deps: update corepack to 0.23.0 (Node.js GitHub Bot) #50563 - [
4a6f83e32a
] - deps: escape Python strings correctly (MichaΓ«l Zasso) #50695 - [
c13969e52a
] - deps: V8: cherry-pick ea996ad04a68 (NicolΓ² Ribaudo) #51136 - [
6fbf0ba5c3
] - deps: V8: cherry-pick a0fd3209dda8 (NicolΓ² Ribaudo) #51136 - [
68fd7516e1
] - deps: update timezone to 2024a (MichaΓ«l Zasso) #51723 - [
f9b229ebe1
] - deps: update icu to 74.2 (MichaΓ«l Zasso) #51723 - [
90c73d2eb4
] - deps: update timezone to 2023d (Node.js GitHub Bot) #51461 - [
2a2bf57028
] - deps: update icu to 74.1 (Node.js GitHub Bot) #50515 - [
425e011e52
] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #49874 - [
58c70344a2
] - deps: V8: cherry-pick 705e374124ae (Joyee Cheung) #51004 - [
b0e88899e1
] - deps: V8: cherry-pick 1fada6b36f8d (Joyee Cheung) #51004 - [
d87a810b81
] - deps: V8: cherry-pick 3dd9576ce336 (Joyee Cheung) #51004 - [
6d50966876
] - deps: V8: cherry-pick 94e8282325a1 (Joyee Cheung) [#51004](https://githu...
2024-03-08, Version 21.7.1 (Current), @targos
Notable Changes
This release reverts #51389, which
landed in Node.js 21.7.0. It is a documented feature that t.after()
hooks are
run even if a test has no subtests. The hook can be used to clean up the test
itself.
Commits
- [
0dfe810ac7
] - benchmark: update iterations of benchmark/async_hooks/async-local- (Lei Shi) #51420 - [
625c9e0ac9
] - benchmark: update iterations of benchmark/domain/domain-fn-args.js (Lei Shi) #51408 - [
7ff3551bad
] - build: fix arm64 host cross-compilation in GN (Cheng Zhao) #51903 - [
fd86ea8b71
] - Revert "build: workaround for node-core-utils" (Richard Lau) #51975 - [
23c32ab3a7
] - build: respect theNODE
env variable inMakefile
(Antoine du Hamel) #51743 - [
9617adc064
] - Revert "build: fix warning in cares under GN build" (Luigi Pinca) #51865 - [
5864534095
] - deps: update nghttp2 to 1.60.0 (Node.js GitHub Bot) #51948 - [
fcf235d623
] - doc: add policy for distribution (Geoffrey Booth) #51918 - [
87d2acc8b1
] - doc: fix actual result of example is different in events (Deokjin Kim) #51925 - [
5908c121c6
] - doc: clarify Corepack threat model (Antoine du Hamel) #51917 - [
20e0ba3b94
] - doc,module: clarify hook chain execution sequence (Jacob Smith) #51884 - [
4d997971ac
] - lib: make sure close net server (theanarkh) #51929 - [
fcc6d54aa3
] - lib: return directly if udp socket close before lookup (theanarkh) #51914 - [
10aaabd158
] - meta: bump github/codeql-action from 3.23.2 to 3.24.6 (dependabot[bot]) #51942 - [
78f38a0143
] - meta: bump actions/upload-artifact from 4.3.0 to 4.3.1 (dependabot[bot]) #51941 - [
42ca5452c4
] - meta: bump codecov/codecov-action from 4.0.1 to 4.1.0 (dependabot[bot]) #51940 - [
015a157375
] - meta: bump actions/cache from 4.0.0 to 4.0.1 (dependabot[bot]) #51939 - [
e476cb4a32
] - meta: bump actions/download-artifact from 4.1.1 to 4.1.3 (dependabot[bot]) #51938 - [
67e8001790
] - meta: bump actions/setup-node from 4.0.1 to 4.0.2 (dependabot[bot]) #51937 - [
50343636e8
] - src: fix --disable-single-executable-application (Joyee Cheung) #51808 - [
a48c9ca0db
] - stream: do not defer construction by one microtick (Matteo Collina) #52005 - [
bee3b364f9
] - test: add regression test for test_runner after hook (Colin Ihrig) #51998 - [
fff7f48f50
] - test: reduce flakiness oftest-runner-output
(Antoine du Hamel) #51952 - [
57ba8f5acb
] - test: fix flaky http-chunk-extensions-limit test (Ethan Arrowood) #51943 - [
9d2c03990a
] - test: remove flaky designation (Luigi Pinca) #51736 - [
e992af81d3
] - test: skip SEA tests when SEA generation fails (Joyee Cheung) #51887 - [
85aa6ca850
] - Revert "test_runner: do not invoke after hook when test is empty" (Colin Ihrig) #51998
2024-03-06, Version 21.7.0 (Current), @RafaelGSS prepared by @marco-ippolito
Text Styling
util.styleText(format, text)
: This function returns a formatted text considering theformat
passed.
A new API has been created to format text based on util.inspect.colors
, enabling you to style text in different colors (such as red, blue, ...) and emphasis (italic, bold, ...).
const { styleText } = require('node:util');
const errorMessage = styleText('red', 'Error! Error!');
console.log(errorMessage);
Contributed by Rafael Gonzaga and Hemanth HM in #51850.
Loading and parsing environment variables
-
process.loadEnvFile(path)
:- Use this function to load the
.env
file. If no path is specified, it automatically loads the .env file in the current directory. Example:process.loadEnvFile()
. - Load a specific .env file by specifying its path. Example:
process.loadEnvFile('./development.env')
.
- Use this function to load the
-
util.parseEnv(content)
:- Use this function to parse an existing string containing environment variable assignments.
- Example usage:
require('node:util').parseEnv('HELLO=world')
.
Contributed by Yagiz Nizipli in #51476
Support for multi-line values for .env
file
Node.js 21.7.0 will now support multi-line values in the .env file:
MULTI_LINE="HELLO
WORLD"
Contributed by Ilyas Shabi #51289
sea: support embedding assets
Users can now include assets by adding a key-path dictionary
to the configuration as the assets
field. At build time, Node.js
would read the assets from the specified paths and bundle them into
the preparation blob. In the generated executable, users can retrieve
the assets using the sea.getAsset()
and sea.getAssetAsBlob()
API.
{
"main": "/path/to/bundled/script.js",
"output": "/path/to/write/the/generated/blob.blob",
"assets": {
"a.jpg": "/path/to/a.jpg",
"b.txt": "/path/to/b.txt"
}
}
The single-executable application can access the assets as follows:
const { getAsset } = require('node:sea');
// Returns a copy of the data in an ArrayBuffer
const image = getAsset('a.jpg');
// Returns a string decoded from the asset as UTF8.
const text = getAsset('b.txt', 'utf8');
// Returns a Blob containing the asset without copying.
const blob = getAssetAsBlob('a.jpg');
Contributed by Joyee Cheung in #50960
vm: support using the default loader to handle dynamic import()
This patch adds support for using vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER
as the
importModuleDynamically
option in all vm APIs that take this option except vm.SourceTextModule
. This allows users to have a shortcut to support dynamic import()
in the compiled code without missing the compilation cache if they don't need customization of the loading process. We emit an experimental warning when the import()
is actually handled by the default loader through this option instead of requiring --experimental-vm-modules
.
const { Script, constants } = require('node:vm');
const { resolve } = require('node:path');
const { writeFileSync } = require('node:fs');
// Write test.js and test.txt to the directory where the current script
// being run is located.
writeFileSync(resolve(__dirname, 'test.mjs'),
'export const filename = "./test.json";');
writeFileSync(resolve(__dirname, 'test.json'),
'{"hello": "world"}');
// Compile a script that loads test.mjs and then test.json
// as if the script is placed in the same directory.
const script = new Script(
`(async function() {
const { filename } = await import('./test.mjs');
return import(filename, { with: { type: 'json' } })
})();`,
{
filename: resolve(__dirname, 'test-with-default.js'),
importModuleDynamically: constants.USE_MAIN_CONTEXT_DEFAULT_LOADER,
});
// { default: { hello: 'world' } }
script.runInThisContext().then(console.log);
Contributed by Joyee Cheung in #51244
crypto: implement crypto.hash()
This patch introduces a helper crypto.hash() that computes
a digest from the input at one shot. This can be 1.2-2x faster
than the object-based createHash() for smaller inputs (<= 5MB)
that are readily available (not streamed) and incur less memory
overhead since no intermediate objects will be created.
const crypto = require('node:crypto');
// Hashing a string and return the result as a hex-encoded string.
const string = 'Node.js';
// 10b3493287f831e81a438811a1ffba01f8cec4b7
console.log(crypto.hash('sha1', string));
Contributed by Joyee Cheung in #51044
Other Notable Changes
- [
8ae0eeb7f4
] - (SEMVER-MINOR) build: build opt to set local location of headers (Michael Dawson) #51525 - [
496776cc78
] - crypto: update root certificates to NSS 3.98 (Node.js GitHub Bot) #51794 - [
a8c9e6f7e9
] - doc: add zcbenz to collaborators (Cheng Zhao) #51812 - [
adbf2d3837
] - doc: add lemire to collaborators (Daniel Lemire) #51572 - [
4b1c6839f4
] - (SEMVER-MINOR) http2: add h2 compat support for appendHeader (Tim Perry) #51412 - [
d8aa2bac0b
] - (SEMVER-MINOR) http2: add server handshake utility (snek) #51172 - [
b9275d9039
] - (SEMVER-MINOR) http2: receive customsettings (Marten Richter) #51323 - [
5a2d2daad5
] - (SEMVER-MINOR) lib: move encodingsMap to internal/util (Joyee Cheung) #51044 - [
e8d9065262
] - (SEMVER-MINOR) sea: support sea.getRawAsset() (Joyee Cheung) #50960 - [
47186fbad5
] - (SEMVER-MINOR) src: print string content better in BlobDeserializer (Joyee Cheung) #50960 - [
119e045053
] - (SEMVER-MINOR) src: do not coerce dotenv paths (Tobias NieΓen) #51425 - [
9ab353af00
] - (SEMVER-MINOR) stream: implementmin
option forReadableStreamBYOBReader.read
(Mattias Buelens) #50888
Commits
- [
4ddb9b33d5
] - async_hooks,inspector: implement inspector api without async_wrap (Gabriel Bota) #51501 - [
7e06c11f55
] - benchmark: update iterations of assert/deepequal-typedarrays.js (Lei Shi) #51419 - [
72be232006
] - benchmark: update iterations of benchmark/assert/deepequal-map.js (Lei Shi) #51416 - [
92e7c310cb
] - benchmark: rename startup.js to startup-core.js (Joyee Cheung) #51669 - [
c9ada533a2
] - build: removelibrt
libs link for Android compatibility (BuShe Pie) #51632 - [
86ac787889
] - build: do not rely on gn_helpers in GN build (Cheng Zhao) #51439 - [
9be6b7ccf0
] - build: fix warning in cares under GN build (Cheng Zhao) #51687 - [
d1a8c2e989
] - build: fix building js2c with GN (Cheng Zhao) #51818 - [
9840715dc0
] - build: encode non-ASCII Latin1 characters as one byte in JS2C (Joyee Cheung) #51605 - [
8ae0eeb7f4
] - (SEMVER-MINOR) build: build opt to set local location of headers (Michael Dawson) #51525 - [
1999719877
] - build: use macOS m1 machines for testing (Yagiz Nizipli) #51620 - [
85f63f3d7d
] - build: check before removing %config% link (liudonghua) #51437 - [
cc37959232
] - build: increase parallel executions in github (Yagiz Nizipli) #51554 - [
2921d55121
] - build: remove copyright header in node.gni (Cheng Zhao) [#51535](https://gith...
2024-02-14, Version 21.6.2 (Current), @RafaelGSS
Notable changes
This is a security release.
Notable changes
- CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
- CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
- CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
- CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
- CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
- CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
- CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
- CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
- undici version 5.28.3
- libuv version 1.48.0
- OpenSSL version 3.0.13+quic1
Commits
- [
8344719369
] - crypto: disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525 - [
d093600ac4
] - deps: update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614 - [
6cd930e5e8
] - deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614 - [
9590c15d3d
] - deps: upgrade libuv to 1.48.0 (Santiago Gimeno) #51698 - [
666096298c
] - deps: disable io_uring support in libuv by default (Tobias NieΓen) nodejs-private/node-private#528 - [
a4edd22e30
] - fs: protect against modified Buffer internals in possiblyTransformPath (Tobias NieΓen) nodejs-private/node-private#497 - [
6155a1ffaf
] - http: add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#518 - [
777509495e
] - lib: use cache fs internals against path traversal (RafaelGSS) nodejs-private/node-private#516 - [
9d2ac2b3fc
] - lib: update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#538 - [
208b3940c7
] - src: fix HasOnly(capability) in node::credentials (Tobias NieΓen) nodejs-private/node-private#505 - [
fc2454f29c
] - src,deps: disable setuid() etc if io_uring enabled (Tobias NieΓen) nodejs-private/node-private#528 - [
ef3eea20be
] - test,doc: clarify wildcard usage (RafaelGSS) nodejs-private/node-private#517 - [
8547196964
] - zlib: pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#540
2024-02-14, Version 20.11.1 'Iron' (LTS), @RafaelGSS prepared by @marco-ippolito
Notable changes
This is a security release.
Notable changes
- CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
- CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
- CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
- CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
- CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
- CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
- CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
- CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
- undici version 5.28.3
- libuv version 1.48.0
- OpenSSL version 3.0.13+quic1
Commits
- [
7079c062bb
] - crypto: disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525 - [
186a6e1ffb
] - deps: fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) #51737 - [
686da19abb
] - deps: disable io_uring support in libuv by default (Tobias NieΓen) nodejs-private/node-private#529 - [
f7b44bfbce
] - deps: update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614 - [
7a30fecea2
] - deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614 - [
480fc169a8
] - fs: protect against modified Buffer internals in possiblyTransformPath (Tobias NieΓen) nodejs-private/node-private#497 - [
77ac7c3153
] - http: add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#519 - [
ed7d149675
] - lib: use cache fs internals against path traversal (RafaelGSS) nodejs-private/node-private#516 - [
89bd5fc38f
] - lib: update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#539 - [
d01dd4291d
] - permission: fix wildcard when children > 1 (Rafael Gonzaga) #51209 - [
40ff37dfcc
] - src: fix HasOnly(capability) in node::credentials (Tobias NieΓen) nodejs-private/node-private#505 - [
3f6addd590
] - src,deps: disable setuid() etc if io_uring enabled (Tobias NieΓen) nodejs-private/node-private#529 - [
d6da413aa4
] - test,doc: clarify wildcard usage (RafaelGSS) nodejs-private/node-private#517 - [
c213910aea
] - zlib: pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#541
2024-02-14, Version 18.19.1 'Hydrogen' (LTS), @RafaelGSS prepared by @marco-ippolito
Notable changes
This is a security release.
Notable changes
- CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
- CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
- CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
- CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
- undici version 5.28.3
- npm version 10.2.4
Commits
- [
69e0a1dba8
] - crypto: update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805 - [
d3d357ab09
] - crypto: disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525 - [
3d27175c42
] - deps: fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) #51614 - [
331558b8ab
] - deps: update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614 - [
99b77dfb9c
] - deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614 - [
6cdc71bff1
] - deps: upgrade npm to 10.2.4 (npm team) #50751 - [
911cb33cda
] - http: add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#520 - [
f48b89689d
] - lib: update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#536 - [
e6b4c105e0
] - src: fix HasOnly(capability) in node::credentials (Tobias NieΓen) nodejs-private/node-private#505 - [
97c49076cd
] - test: skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) #49621 - [
60affdde8e
] - tools: add macOS notarization verification step (Ulises GascΓ³n) #50833 - [
ccc676a327
] - tools: use macOS keychain to notarize the releases (Ulises GascΓ³n) #50715 - [
31f1ceb380
] - tools: remove unused file (Ulises Gascon) #50622 - [
bd5f6fb92a
] - tools: add macOS notarization stapler (Ulises GascΓ³n) #50625 - [
4168c4f71b
] - tools: improve macOS notarization process output readability (Ulises GascΓ³n) #50389 - [
4622f775aa
] - tools: remove unusedversion
function (Ulises GascΓ³n) #50390 - [
b90804b1e7
] - win,tools: upgrade Windows signing to smctl (Stefan Stojanovic) #50956 - [
f31d47e135
] - zlib: pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#542
2024-01-22, Version 21.6.1 (Current), @RafaelGSS
Notable Changes
This release fixes a bug in undici
using WebStreams
Commits
- [
662ac95729
] - Revert "stream: fix cloned webstreams not being unref'd" (Matteo Collina) #51491 - [
1b8bba8aee
] - test: add regression test for 51586 (Matteo Collina) #51491
2024-01-15, Version 21.6.0 (Current), @RafaelGSS
New connection attempt events
Three new events were added in the net.createConnection
flow:
connectionAttempt
: Emitted when a new connection attempt is established. In case of Happy Eyeballs, this might emitted multiple times.connectionAttemptFailed
: Emitted when a connection attempt failed. In case of Happy Eyeballs, this might emitted multiple times.connectionAttemptTimeout
: Emitted when a connection attempt timed out. In case of Happy Eyeballs, this will not be emitted for the last attempt. This is not emitted at all if Happy Eyeballs is not used.
Additionally, a previous bug has been fixed where a new connection attempt could have been started after a previous one failed and after the connection was destroyed by the user.
This led to a failed assertion.
Contributed by Paolo Insogna in #51045.
Changes to the Permission Model
Node.js 21.6.0 comes with several fixes for the experimental permission model and two new semver-minor commits.
We're adding a new flag --allow-addons
to enable addon usage when using the Permission Model.
$ node --experimental-permission --allow-addons
Contributed by Rafael Gonzaga in #51183
And relative paths are now supported through the --allow-fs-*
flags.
Therefore, with this release one can use:
$ node --experimental-permission --allow-fs-read=./index.js
To give only read access to the entrypoint of the application.
Contributed by Rafael Gonzaga and Carlos Espa in #50758
Support configurable snapshot through --build-snapshot-config
flag
We are adding a new flag --build-snapshot-config
to configure snapshots through a custom JSON configuration file.
$ node --build-snapshot-config=/path/to/myconfig.json
When using this flag, additional script files provided on the command line will
not be executed and instead be interpreted as regular command line arguments.
These changes were contributed by Joyee Cheung and Anna Henningsen in #50453
Other Notable Changes
- [
c31ed51373
] - (SEMVER-MINOR) timers: export timers.promises (Marco Ippolito) #51246
Commits
- [
13a1241b83
] - assert,crypto: make KeyObject and CryptoKey testable for equality (Filip Skokan) #50897 - [
4dcc5114aa
] - benchmark: remove dependency on unshipped tools (Adam Majer) #51146 - [
2eb41f86b3
] - build: fix for VScode "Reopen in Container" (Serg Kryvonos) #51271 - [
e03ac83c19
] - build: fix arm64 cross-compilation (MichaΓ«l Zasso) #51256 - [
cd61fce34e
] - build: add-flax-vector-conversions
to V8 build (MichaΓ«l Zasso) #51257 - [
e5017a522e
] - crypto: update CryptoKey symbol properties (Filip Skokan) #50897 - [
c0d2e8be11
] - deps: update corepack to 0.24.0 (Node.js GitHub Bot) #51318 - [
24a9a72492
] - deps: update acorn to 8.11.3 (Node.js GitHub Bot) #51317 - [
e53cbb22c2
] - deps: update ngtcp2 and nghttp3 (James M Snell) #51291 - [
f00f1204f1
] - deps: update brotli to 1.1.0 (Node.js GitHub Bot) #50804 - [
a41dca0c51
] - deps: update zlib to 1.3.0.1-motley-40e35a7 (Node.js GitHub Bot) #51274 - [
efa12a89c6
] - deps: update simdutf to 4.0.8 (Node.js GitHub Bot) #51000 - [
25eba3d20b
] - deps: V8: cherry-pick de611e69ad51 (Keyhan Vakil) #51200 - [
a07d6e23e4
] - deps: update simdjson to 3.6.3 (Node.js GitHub Bot) #51104 - [
6d1bfcb2dd
] - deps: update googletest to 530d5c8 (Node.js GitHub Bot) #51191 - [
75e5615c43
] - deps: update acorn-walk to 8.3.1 (Node.js GitHub Bot) #50457 - [
3ecc7dcc00
] - deps: update acorn-walk to 8.3.0 (Node.js GitHub Bot) #50457 - [
e2f8d741c8
] - deps: update zlib to 1.3.0.1-motley-dd5fc13 (Node.js GitHub Bot) #51105 - [
4a5d3bda72
] - doc: the GN files should use Node's license (Cheng Zhao) #50694 - [
84127514ba
] - doc: improve localWindowSize event descriptions (Davy Landman) #51071 - [
8ee882a49c
] - doc: mark--jitless
as experimental (Antoine du Hamel) #51247 - [
876743ece1
] - doc: run license-builder (github-actions[bot]) #51199 - [
ec6fcff009
] - doc: fix limitations and known issues in pm (Rafael Gonzaga) #51184 - [
c13a5c0373
] - doc: mention node:wasi in the Threat Model (Rafael Gonzaga) #51211 - [
4b19e62444
] - doc: remove ambiguous 'considered' (Rich Trott) #51207 - [
5453abd6ad
] - doc: set exit code in custom test runner example (Matteo Collina) #51056 - [
f9d4e07faf
] - doc: remove version frommaintaining-dependencies.md
(Antoine du Hamel) #51195 - [
df8927a073
] - doc: mention native addons are restricted in pm (Rafael Gonzaga) #51185 - [
e636d83914
] - doc: correct note on behavior of stats.isDirectory (Nick Reilingh) #50946 - [
1c71435c2a
] - doc: fixTestsStream
parent class (Jungku Lee) #51181 - [
2c227b0d64
] - doc: fix simdjson wrong link (Marco Ippolito) #51177 - [
efa13e1943
] - (SEMVER-MINOR) doc: add documentation for --build-snapshot-config (Anna Henningsen) #50453 - [
941aedc6fc
] - errors: fix stacktrace of SystemError (uzlopak) #49956 - [
47548d9e61
] - esm: fix hint on invalid module specifier (Antoine du Hamel) #51223 - [
091098f40a
] - fs: fix fs.promises.realpath for long paths on Windows (ηΏ / green) #51032 - [
e5a8fa01aa
] - fs: make offset, position & length args in fh.read() optional (Pulkit Gupta) #51087 - [
c87e5d51cc
] - fs: add missing jsdoc parameters toreadSync
(Yagiz Nizipli) #51225 - [
e24249cf37
] - fs: removeinternalModuleReadJSON
binding (Yagiz Nizipli) #51224 - [
7421467812
] - fs: improve mkdtemp performance for buffer prefix (Yagiz Nizipli) #51078 - [
5b229d775f
] - fs: validate fd synchronously on c++ (Yagiz Nizipli) #51027 - [[...
2024-01-09, Version 20.11.0 'Iron' (LTS), @UlisesGascon
Notable Changes
- [
833190fe7c
] - crypto: update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805 - [
a541b78bdb
] - doc: add MrJithil to collaborators (Jithil P Ponnan) #50666 - [
d4be8fad83
] - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) #50393 - [
c1a196c897
] - (SEMVER-MINOR) esm: add import.meta.dirname and import.meta.filename (James Sumners) #48740 - [
aa3209b880
] - fs: add c++ fast path for writeFileSync utf8 (CanadaHonk) #49884 - [
8e886a2fff
] - (SEMVER-MINOR) module: remove useCustomLoadersIfPresent flag (Chengzhong Wu) #48655 - [
21ab3c0f0b
] - (SEMVER-MINOR) module: bootstrap module loaders in shadow realm (Chengzhong Wu) #48655 - [
29d91b13e3
] - (SEMVER-MINOR) src: add--disable-warning
option (Ethan Arrowood) #50661 - [
11b3e470db
] - (SEMVER-MINOR) src: create per isolate proxy env template (Chengzhong Wu) #48655 - [
621c4d66c2
] - (SEMVER-MINOR) src: make process binding data weak (Chengzhong Wu) #48655 - [
139d6c8d3b
] - stream: use Array for Readable buffer (Robert Nagy) #50341 - [
6206957e8d
] - stream: optimize creation (Robert Nagy) #50337 - [
e64378643d
] - (SEMVER-MINOR) test_runner: adds built in lcov reporter (Phil Nash) #50018 - [
4a830c2d9d
] - (SEMVER-MINOR) test_runner: add Date to the supported mock APIs (Lucas Santos) #48638 - [
842dc01def
] - (SEMVER-MINOR) test_runner, cli: add --test-timeout flag (Shubham Pandey) #50443
Commits
- [
e40a559ab1
] - benchmark: update iterations in benchmark/util/splice-one.js (Liu Jia) #50698 - [
00f7a5d26f
] - benchmark: increase the iteration number to an appropriate value (Lei Shi) #50766 - [
be6ad3f375
] - benchmark: rewrite import.meta benchmark (Joyee Cheung) #50683 - [
9857364129
] - benchmark: add misc/startup-cli-version benchmark (Joyee Cheung) #50684 - [
22d729e7f5
] - benchmark: remove punycode from require-builtins fixture (Joyee Cheung) #50689 - [
4cf10a149a
] - benchmark: change iterations in benchmark/es/string-concatenations.js (Liu Jia) #50585 - [
15c2ed93a8
] - benchmark: add benchmarks for encodings (Aras Abbasi) #50348 - [
8a896428ca
] - benchmark: add more cases to Readable.from (Raz Luvaton) #50351 - [
dbe6c5f354
] - benchmark: skip test-benchmark-os on IBMi (Michael Dawson) #50286 - [
179b4b6e62
] - benchmark: move permission-fs-read to permission-processhas-fs-read (Aki Hasegawa-Johnson) #49770 - [
32d65c001d
] - buffer: improve Buffer.equals performance (kylo5aby) #50621 - [
80ea83757e
] - build: add GN configurations for simdjson (Cheng Zhao) #50831 - [
904e645bcd
] - build: add configuration flag to enable Maglev (Keyhan Vakil) #50692 - [
019efa8a5a
] - build: fix GN configuration for deps/base64 (Cheng Zhao) #50696 - [
a645d5ac54
] - build: disable flag v8_scriptormodule_legacy_lifetime (Chengzhong Wu) #50616 - [
8705058b09
] - build: add GN build files (Cheng Zhao) #47637 - [
0a5e9c12cf
] - build: fix build with Python 3.12 (Luigi Pinca) #50582 - [
ff5713dd43
] - build: support Python 3.12 (Shi Pujin) #50209 - [
cfd50f229a
] - build: fix building when there is only python3 (Cheng Zhao) #48462 - [
833190fe7c
] - crypto: update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805 - [
54c46dae9e
] - deps: update zlib to 1.2.13.1-motley-5daffc7 (Node.js GitHub Bot) #50803 - [
0be84e5a28
] - deps: update undici to 5.27.2 (Node.js GitHub Bot) #50813 - [
ec67890824
] - deps: V8: cherry-pick 0f9ebbc672c7 (Chengzhong Wu) #50867 - [
bc2ebb972b
] - deps: V8: cherry-pick 13192d6e10fa (Levi Zim) #50552 - [
656135d70a
] - deps: update zlib to 1.2.13.1-motley-dfc48fc (Node.js GitHub Bot) #50456 - [
41ee4bcc5d
] - deps: update ada to 2.7.4 (Node.js GitHub Bot) #50815 - [
a40948b5c5
] - deps: update minimatch to 9.0.3 (Node.js GitHub Bot) #50806 - [
7be1222c4a
] - deps: update simdutf to 4.0.4 (Node.js GitHub Bot) #50772 - [
68e7d49db6
] - deps: upgrade npm to 10.2.4 (npm team) #50751 - [
3d82d38336
] - deps: escape Python strings correctly (MichaΓ«l Zasso) #50695 - [
d3870ac957
] - deps: update base64 to 0.5.1 (Node.js GitHub Bot) #50629 - [
4b219b6ece
] - deps: update corepack to 0.23.0 (Node.js GitHub Bot) #50563 - [
6c41b50922
] - deps: update nghttp2 to 1.58.0 (Node.js GitHub Bot) #50441 - [
3beee0ae8f
] - deps: update acorn to 8.11.2 (Node.js GitHub Bot) #50460 - [
220916fa93
] - deps: update undici to 5.27.0 (Node.js GitHub Bot) #50463 - [
f9960b3545
] - deps: update googletest to 116b7e5 (Node.js GitHub Bot) #50324 - [
d5c16f897a
] - dns: call handle.setServers() with a valid array (Luigi Pinca) #50811 - [
1bd6537c97
] - doc...
2023-12-19, Version 21.5.0 (Current), @RafaelGSS
Notable Changes
- [
0dd53da722
] - (SEMVER-MINOR) deps: add simdjson (Yagiz Nizipli) #50322 - [
9f54987fbc
] - module: merge config withpackage_json_reader
(Yagiz Nizipli) #50322 - [
45e4f82912
] - src: move package resolver to c++ (Yagiz Nizipli) #50322
Deprecations
- [
26ed4ad01f
] - doc: deprecate hash constructor (Marco Ippolito) #51077 - [
58ca66a1a7
] - doc: deprecatedirent.path
(Antoine du Hamel) #51020
Commits
- [
1bbdbdfbeb
] - benchmark: update iterations in benchmark/perf_hooks (Lei Shi) #50869 - [
087fb0908e
] - benchmark: update iterations in benchmark/crypto/aes-gcm-throughput.js (Lei Shi) #50929 - [
53b16c71fb
] - benchmark: update iteration and size in benchmark/crypto/randomBytes.js (Lei Shi) #50868 - [
38fd0ca753
] - benchmark: add undici websocket benchmark (Chenyu Yang) #50586 - [
b148c43244
] - benchmark: add create-hash benchmark (Joyee Cheung) #51026 - [
fdd8c18f96
] - benchmark: update interations and len in benchmark/util/text-decoder.js (Lei Shi) #50938 - [
a9972057ac
] - benchmark: update iterations of benchmark/util/type-check.js (Lei Shi) #50937 - [
b80bb1329b
] - benchmark: update iterations in benchmark/util/normalize-encoding.js (Lei Shi) #50934 - [
dbee03d646
] - benchmark: update iterations in benchmark/util/inspect-array.js (Lei Shi) #50933 - [
f2d83a3a84
] - benchmark: update iterations in benchmark/util/format.js (Lei Shi) #50932 - [
2581fce553
] - bootstrap: improve snapshot unsupported builtin warnings (Joyee Cheung) #50944 - [
735bad3694
] - build: fix warnings from uv for gn build (Cheng Zhao) #51069 - [
8da9d969f9
] - deps: V8: cherry-pick 0fd478bcdabd (Joyee Cheung) #50572 - [
429fbb37c1
] - deps: update simdjson to v3.6.2 (Yagiz Nizipli) #50986 - [
9950103253
] - deps: update zlib to 1.3-22124f5 (Node.js GitHub Bot) #50910 - [
0b61823e8b
] - deps: update undici to 5.28.2 (Node.js GitHub Bot) #51024 - [
95d8a273cc
] - deps: cherry-pick bfbe4e38d7 from libuv upstream (Abdirahim Musse) #50650 - [
06038a489e
] - deps: update libuv to 1.47.0 (Node.js GitHub Bot) #50650 - [
0dd53da722
] - (SEMVER-MINOR) deps: add simdjson (Yagiz Nizipli) #50322 - [
04eaa5cdd7
] - doc: run license-builder (github-actions[bot]) #51111 - [
26ed4ad01f
] - doc: deprecate hash constructor (Marco Ippolito) #51077 - [
637ffce4c4
] - doc: add note regarding--experimental-detect-module
(Shubherthi Mitra) #51089 - [
838179b096
] - doc: correct tracingChannel.traceCallback() (Gerhard StΓΆbich) #51068 - [
539bee4f0a
] - doc: use length argument in pbkdf2Key (Tobias NieΓen) #51066 - [
c45a9a3187
] - doc: add deprecation notice todirent.path
(Antoine du Hamel) #51059 - [
58ca66a1a7
] - doc: deprecatedirent.path
(Antoine du Hamel) #51020 - [
c2b6edf9ab
] - esm: fix hook name in error message (Bruce MacNaughton) #50466 - [
35e8f26f07
] - fs: throw fchownSync error from c++ (Yagiz Nizipli) #51075 - [
c3c8237089
] - fs: update params in jsdoc for createReadStream and createWriteStream (Jungku Lee) #51063 - [
3f7f3ce8c9
] - fs: improve error performance of readvSync (IlyasShabi) #50100 - [
7f95926f17
] - http: handle multi-value content-disposition header (Arsalan Ahmad) #50977 - [
7a8a2d5632
] - lib: don't parse windows drive letters as schemes (ε) #50580 - [
aa2be4bb76
] - module: load source maps incommonjs
translator (Hiroki Osame) #51033 - [
c0e5e74876
] - module: documentparentURL
in register options (Hiroki Osame) #51039 - [
4eedf5e694
] - module: fix recently introduced coverity warning (Michael Dawson) #50843 - [
9f54987fbc
] - module: merge config withpackage_json_reader
(Yagiz Nizipli) #50322 - [
5f95dca638
] - node-api: introduce experimental feature flags (Gabriel Schulhof) #50991 - [
3fb7fc909e
] - quic: further implementation details (James M Snell) #48244 - [
fa25e069fc
] - src: implement countObjectsWithPrototype (Joyee Cheung) #50572 - [
abe90527e4
] - src: register udp_wrap external references (Joyee Cheung) #50943 - [
84e2f51d14
] - src: register spawn_sync external references (Joyee Cheung) #50943 - [
2cfee53d7b
] - src: register process_wrap external references (Joyee Cheung) #50943 - [
9b7f79a8bd
] - src: fix double free reported by coverity (Michael Dawson) #51046 - [
fc5503246e
] - src: remove unused headers innode_file.cc
(Jungku Lee) #50927 - [
c3abdc58af
] - src: implement --trace-promises (Joyee Cheung) #50899 - [
f90fc83e97
] - src: fix dynamically linked zlib version (Richard Lau) #51007 - [
9bf144379f
] - src: omit bool values of package.json main field (Yagiz Nizipli) #50965 - [
45e4f82912
] - src:...