Update dependency node to v20.18.0

This MR contains the following updates:

Package	Update	Change
node (source)	minor	20.15.0 -> 20.18.0

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

---

Release Notes

nodejs/node (node)

v20.18.0: 2024-10-03, Version 20.18.0 'Iron' (LTS), @​targos

Compare Source

Notable Changes

Experimental Network Inspection Support in Node.js

This update introduces the initial support for network inspection in Node.js. Currently, this is an experimental feature, so you need to enable it using the --experimental-network-inspection flag. With this feature enabled, you can inspect network activities occurring within a JavaScript application.

To use network inspection, start your Node.js application with the following command:

$ node --inspect-wait --experimental-network-inspection index.js

Please note that the network inspection capabilities are in active development. We are actively working on enhancing this feature and will continue to expand its functionality in future updates.

• Network inspection is limited to the http and https modules only.
• The Network tab in Chrome DevTools will not be available until the feature request on the Chrome DevTools side is addressed.

Contributed by Kohei Ueno in #​53593 and #​54246

Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext

This releases introduces a new option to the API tls.createSecureContext. From now on, tls.createSecureContext({ allowPartialTrustChain: true }) can be used to treat intermediate (non-self-signed) certificates in the trust CA certificate list as trusted.

Contributed by Anna Henningsen in #​54790

New option for vm.createContext() to create a context with a freezable globalThis

Node.js implements a flavor of vm.createContext() and friends that creates a context without contextifying its global object when vm.constants.DONT_CONTEXTIFY is used. This is suitable when users want to freeze the context (impossible when the global is contextified i.e. has interceptors installed) or speed up the global access if they don't need the interceptor behavior.

Contributed by Joyee Cheung in #​54394

Deprecations

• [64aa31f6e5] - repl: doc-deprecate instantiating node:repl classes without new (Aviv Keller) #​54842
• [4c52ee3d7f] - zlib: deprecate instantiating classes without new (Yagiz Nizipli) #​54708

Other Notable Changes

• [b80da2f964] - buffer: optimize createFromString (Robert Nagy) #​54324
• [02b36cbd2d] - (SEMVER-MINOR) lib: add EventSource Client (Aras Abbasi) #​51575
• [879546a9bf] - (SEMVER-MINOR) src,lib: add performance.uvMetricsInfo (Rafael Gonzaga) #​54413
• [f789f4c92d] - (SEMVER-MINOR) test_runner: support module mocking (Colin Ihrig) #​52848
• [4eb0749b6c] - (SEMVER-MINOR) url: implement parse method for safer URL parsing (Ali Hassan) #​52280

Commits

• [013c48f0e9] - benchmark: --no-warnings to avoid DEP/ExpWarn log (Rafael Gonzaga) #​54928
• [194fc113ac] - benchmark: add buffer.isAscii benchmark (RafaelGSS) #​54740
• [7410d51cb9] - benchmark: add buffer.isUtf8 bench (RafaelGSS) #​54740
• [2393f21e8a] - benchmark: add access async version to bench (Rafael Gonzaga) #​54747
• [b8779721f0] - benchmark: enhance dc publish benchmark (Rafael Gonzaga) #​54745
• [4078aa83ff] - benchmark: add match and doesNotMatch bench (RafaelGSS) #​54734
• [66acab9976] - benchmark: add rejects and doesNotReject bench (RafaelGSS) #​54734
• [6db777fb3a] - benchmark: add throws and doesNotThrow bench (RafaelGSS) #​54734
• [8f101560ce] - benchmark: add strictEqual and notStrictEqual bench (RafaelGSS) #​54734
• [2c9e4c936e] - benchmark: adds groups to better separate benchmarks (Giovanni Bucci) #​54393
• [671c3ac633] - benchmark: fix benchmark for file path and URL conversion (Early Riser) #​54190
• [8c8708cb5b] - benchmark: use assert.ok searchparams (Rafael Gonzaga) #​54334
• [8b71fa79e2] - benchmark: add stream.compose benchmark (jakecastelli) #​54308
• [93ee36e3a0] - benchmark: rename count to n (Rafael Gonzaga) #​54271
• [f2971b6f0b] - benchmark: change assert() to assert.ok() (Rafael Gonzaga) #​54254
• [f48f2c212c] - benchmark: support --help in CLI (Aviv Keller) #​53358
• [0309b0520b] - benchmark: remove force option as force defaults to true (Yelim Koo) #​54203
• [b6e8305b2d] - benchmark: use assert.ok instead of assert (Rafael Gonzaga) #​54176
• [90c660d26a] - benchmark: add require-esm benchmark (Joyee Cheung) #​52166
• [1b8584b52e] - benchmark,doc: add CPU scaling governor to perf (Rafael Gonzaga) #​54723
• [0b9161b330] - benchmark,doc: mention bar.R to the list of scripts (Rafael Gonzaga) #​54722
• [84bf93b7ea] - buffer: allow invalid encoding in from (Robert Nagy) #​54533
• [d04246a0d7] - buffer: optimize byteLength for common encodings (Robert Nagy) #​54342
• [f36831f694] - buffer: optimize createFromString (Robert Nagy) #​54324
• [f5f40c8088] - buffer: optimize for common encodings (Robert Nagy) #​54319
• [76c37703be] - buffer: add JSDoc to blob bytes method (Roberto Simonini) #​54117
• [3012d31404] - buffer: use faster integer argument check (Robert Nagy) #​54089
• [3505782801] - buffer: make indexOf(byte) faster (Tobias Nießen) #​53455
• [d285fc1f68] - build: upgrade clang-format to v18 (Aviv Keller) #​53957
• [d288ec3b0a] - build: fix conflicting V8 object print flags (Daeyeon Jeong) #​54785
• [e862eecac9] - build: do not build with code cache for core coverage collection (Joyee Cheung) #​54633
• [f7a606eb96] - build: turn off -Wrestrict (Richard Lau) #​54737
• [71ca2665e4] - build: reclaim disk space on macOS GHA runner (jakecastelli) #​54658
• [82d8051c39] - build: don't clean obj.target directory if it doesn't exist (Joyee Cheung) #​54337
• [6e550b1f26] - build: update ruff to 0.5.2 (Aviv Keller) #​53909
• [e2ea7b26d7] - build: fix ./configure --help format error (Zhenwei Jin) #​53066
• [eb2402d569] - build: enable building with shared uvwasi lib (Pooja D P) #​43987
• [45732314d4] - build: sync V8 warning cflags with BUILD.gn (Michaël Zasso) #​52873
• [6e0a2bb54c] - build: harmonize Clang checks (Michaël Zasso) #​52873
• [3f78d4eb28] - cli: add --expose-gc flag available to NODE_OPTIONS (Juan José) #​53078
• [a110409b2a] - console: use validateOneOf for colorMode validation (HEESEUNG) #​54245
• [231ab788ea] - crypto: reject dh,x25519,x448 in {Sign,Verify}Final (Huáng Jùnliàng) #​53774
• [a5984e4570] - crypto: return a clearer error when loading an unsupported pkcs12 (Tim Perry) #​54485
• [f287cd77bd] - crypto: remove unused kHashTypes internal (Antoine du Hamel) #​54627
• [1fc904f8c4] - deps: update cjs-module-lexer to 1.4.1 (Node.js GitHub Bot) #​54846
• [95b55c39b1] - deps: update simdutf to 5.5.0 (Node.js GitHub Bot) #​54434
• [cf6ded5dd3] - deps: update cjs-module-lexer to 1.4.0 (Node.js GitHub Bot) #​54713
• [7f8edce3f1] - deps: update c-ares to v1.33.1 (Node.js GitHub Bot) #​54549
• [9a4a7b7ecc] - deps: update undici to 6.19.8 (Node.js GitHub Bot) #​54456
• [87ca1d7fee] - deps: update simdutf to 5.3.4 (Node.js GitHub Bot) #​54312
• [d3a743f182] - deps: update zlib to 1.3.0.1-motley-71660e1 (Node.js GitHub Bot) #​53464
• [926981aa9f] - deps: update zlib to 1.3.0.1-motley-c2469fd (Node.js GitHub Bot) #​53464
• [654c8d1fdc] - deps: update zlib to 1.3.0.1-motley-68e57e6 (Node.js GitHub Bot) #​53464
• [2477e79172] - deps: update zlib to 1.3.0.1-motley-8b7eff8 (Node.js GitHub Bot) #​53464
• [3d8113faf5] - deps: update zlib to 1.3.0.1-motley-e432200 (Node.js GitHub Bot) #​53464
• [ac294e3db4] - deps: update zlib to 1.3.0.1-motley-887bb57 (Node.js GitHub Bot) #​53464
• [239588b968] - deps: update c-ares to v1.33.0 (Node.js GitHub Bot) #​54198
• [6e7de37ed3] - deps: update undici to 6.19.7 (Node.js GitHub Bot) #​54286
• [38aa9d6ea9] - deps: update acorn to 8.12.1 (Node.js GitHub Bot) #​53465
• [d30145f663] - deps: update undici to 6.19.5 (Node.js GitHub Bot) #​54076
• [c169d9c12b] - deps: update simdutf to 5.3.1 (Node.js GitHub Bot) #​54196
• [92f3447957] - doc: add missing EventSource docs to globals (Matthew Aitken) #​55022
• [2879ce9681] - doc: fix broken Android building link (Niklas Wenzel) #​54922
• [096623b59a] - doc: add support link for aduh95 (Antoine du Hamel) #​54866
• [1dfd238781] - doc: run license-builder (github-actions[bot]) #​54854
• [a6c748fffb] - doc: experimental flag for global accessible APIs (Chengzhong Wu) #​54330
• [d48a22fa14] - doc: add ERR_INVALID_ADDRESS to errors.md (Aviv Keller) #​54661
• [4a840cecfa] - doc: add support link for mcollina (Matteo Collina) #​54786
• [ec22d86512] - doc: mark --conditions CLI flag as stable (Guy Bedford) #​54209
• [77c702ca07] - doc: fix typo in recognizing-contributors (Tobias Nießen) #​54822
• [62953ef9fb] - doc: clarify --max-old-space-size and --max-semi-space-size units (Alexandre ABRIOUX) #​54477
• [e2bab0f2b2] - doc: replace --allow-fs-read by --allow-fs-write in related section (M1CK431) #​54427
• [9cbfd5b33a] - doc: add support link for marco-ippolito (Marco Ippolito) #​54789
• [53167b29ef] - doc: fix typo (Michael Dawson) #​54640
• [87f78a35f7] - doc: fix webcrypto.md AES-GCM backticks (Filip Skokan) #​54621
• [7c83c15221] - doc: add documentation about os.tmpdir() overrides (Joyee Cheung) #​54613
• [4bfd832d70] - doc: add support me link for anonrig (Yagiz Nizipli) #​54611
• [22a103e5ec] - doc: add alert on REPL from TCP socket (Rafael Gonzaga) #​54594
• [b6374c24e1] - doc: fix typo in styleText description (Rafael Gonzaga) #​54616
• [2f5b98ee1f] - doc: add getHeapStatistics() property descriptions (Benji Marinacci) #​54584
• [482302b99b] - doc: fix information about including coverage files (Aviv Keller) #​54527
• [b3708e7df4] - doc: support collaborators - talk amplification (Michael Dawson) #​54508
• [c86fe23012] - doc: add note about shasum generation failure (Marco Ippolito) #​54487
• [d53e6cf755] - doc: fix capitalization in module.md (shallow-beach) #​54488
• [cdc6713f18] - doc: add esm examples to node:https (Alfredo González) #​54399
• [1ac1fe4e65] - doc: fix error description of the max header size (Egawa Ryo) #​54125
• [244542b720] - doc: add git node security --cleanup (Rafael Gonzaga) #​54381
• [69fb71f54c] - doc: add note on weakness of permission model (Tobias Nießen) #​54268
• [83b2cb908b] - doc: add versions when --watch-preserve-output was added (Théo LUDWIG) #​54328
• [460fb49483] - doc: replace v19 mention in Current release (Rafael Gonzaga) #​54361
• [994b46a160] - doc: correct peformance entry types (Jason Zhang) #​54263
• [f142e668cb] - doc: fix typo in method name in the sea doc (Eliyah Sundström) #​54027
• [9529a30dba] - doc: mark process.nextTick legacy (Marco Ippolito) #​51280
• [7e25fabb91] - doc: add esm examples to node:http2 (Alfredo González) #​54292
• [6a4f05e384] - doc: explicitly mention node:fs module restriction (Rafael Gonzaga) #​54269
• [53f5c54997] - doc: warn for windows build bug (Jason Zhang) #​54217
• [07bde054f3] - doc: make some parameters optional in tracingChannel.traceCallback (Deokjin Kim) #​54068
• [62bf03b5f1] - doc: add esm examples to node:dns (Alfredo González) #​54172
• [fb2b19184b] - doc: add KevinEady as a triager (Chengzhong Wu) #​54179
• [24976bfba0] - doc: add esm examples to node:console (Alfredo González) #​54108
• [4e7edc40f7] - doc: fix sea assets example (Sadzurami) #​54192
• [322b5d91e1] - doc: add links to security steward companies (Aviv Keller) #​52981
• [6ab271510e] - doc: move onread option from socket.connect() to new net.socket() (sendoru) #​54194
• [39c30ea08f] - doc: move release key for Myles Borins (Richard Lau) #​54059
• [e9fc54804a] - doc: refresh instructions for building node from source (Liran Tal) #​53768
• [f131dc625a] - doc: add documentation for blob.bytes() method (jaexxin) #​54114
• [8d41bb900b] - doc: add missing new lines to custom test reporter examples (Eddie Abbondanzio) #​54152
• [2acaeaba77] - doc: update list of Triagers on the README.md (Antoine du Hamel) #​54138
• [fff8eb2792] - doc: expand troubleshooting section (Liran Tal) #​53808
• [402121520f] - doc: clarify useCodeCache setting for cross-platform SEA generation (Yelim Koo) #​53994
• [272484b8b2] - doc: test for cli options (Aras Abbasi) #​51623
• [c4d0ca4710] - doc, build: fixup build docs (Aviv Keller) #​54899
• [2e3e17748b] - doc, child_process: add esm snippets (Aviv Keller) #​53616
• [c40b4b4f27] - doc, meta: fix broken link in onboarding.md (Aviv Keller) #​54886
• [beff587b94] - doc, meta: add missing , to BUILDING.md (Aviv Keller) #​54409
• [c114585430] - doc, meta: replace command with link to keys (Aviv Keller) #​53745
• [0843077a99] - doc, test: simplify test README table (Aviv Keller) #​53971
• [2df7bc0e32] - doc,tools: enforce use of node: prefix (Antoine du Hamel) #​53950
• [0dd4639391] - esm: fix support for URL instances in import.meta.resolve (Antoine du Hamel) #​54690
• [f0c55e206d] - fs: refactor rimraf to avoid using primordials (Yagiz Nizipli) #​54834
• [f568384bbd] - fs: refactor handleTimestampsAndMode to remove redundant call (HEESEUNG) #​54369
• [2fb7cc9715] - fs: fix typings (Yagiz Nizipli) #​53626
• [596940cfa0] - http: reduce likelihood of race conditions on keep-alive timeout (jazelly) #​54863
• [6e13a7ba02] - http: remove prototype primordials (Antoine du Hamel) #​53698
• [99f96eb3f7] - http2: remove prototype primordials (Antoine du Hamel) #​53696
• [41f5eacc1a] - https: only use default ALPNProtocols when appropriate (Brian White) #​54411
• [59a39520e1] - (SEMVER-MINOR) inspector: support Network.loadingFailed event (Kohei Ueno) #​54246
• [d1007fb1a9] - inspector: provide detailed info to fix DevTools frontend errors (Kohei Ueno) #​54156
• [3b93507949] - (SEMVER-MINOR) inspector: add initial support for network inspection (Kohei Ueno) #​53593
• [fc37b801c8] - lib: remove unnecessary async (jakecastelli) #​54829
• [d86f24787b] - lib: make WeakRef safe in abort_controller (jazelly) #​54791
• [77c59224e5] - lib: add note about removing node:sys module (Rafael Gonzaga) #​54743
• [b8c06dce02] - lib: ensure no holey array in fixed_queue (Jason Zhang) #​54537
• [b85c8ce1fc] - lib: refactor SubtleCrypto experimental warnings (Filip Skokan) #​54620
• [e84812c1b5] - lib: respect terminal capabilities on styleText (Rafael Gonzaga) #​54389
• [c004abaf17] - lib: replace spread operator with primordials function (YoonSoo_Shin) #​54053
• [b79aeabc4d] - lib: avoid for of loop and remove unnecessary variable in zlib (YoonSoo_Shin) #​54258
• [f4085363c6] - lib: fix unhandled errors in webstream adapters (Fedor Indutny) #​54206
• [1ad857e748] - lib: fix typos in comments within internal/streams (YoonSoo_Shin) #​54093
• [02b36cbd2d] - (SEMVER-MINOR) lib: add EventSource Client (Aras Abbasi) #​51575
• [afbf2c0530] - lib,permission: support Buffer to permission.has (Rafael Gonzaga) #​54104
• [54af47395d] - meta: bump peter-evans/create-pull-request from 6.1.0 to 7.0.1 (dependabot[bot]) #​54820
• [a0c10f2ed9] - meta: add Windows ARM64 to flaky-tests list (Aviv Keller) #​54693
• [27b06880e1] - meta: bump actions/setup-python from 5.1.1 to 5.2.0 (Rich Trott) #​54691
• [8747af1037] - meta: update sccache to v0.8.1 (Aviv Keller) #​54720
• [3f753d87a6] - meta: bump step-security/harden-runner from 2.9.0 to 2.9.1 (dependabot[bot]) #​54704
• [6f103ae25d] - meta: bump actions/upload-artifact from 4.3.4 to 4.4.0 (dependabot[bot]) #​54703
• [3e6a9bb04e] - meta: bump github/codeql-action from 3.25.15 to 3.26.6 (dependabot[bot]) #​54702
• [c666ebc4e4] - meta: fix links in SECURITY.md (Aviv Keller) #​54696
• [4d361b3bed] - meta: fix contributing codeowners (Aviv Keller) #​54641
• [36931aa183] - meta: remind users to use a supported version in bug reports (Aviv Keller) #​54481
• [cf283d9ca7] - meta: run coverage-windows when vcbuild.bat updated (Aviv Keller) #​54412
• [67ca397c9f] - meta: add test-permission-* CODEOWNERS (Rafael Gonzaga) #​54267
• [b61a2f5b79] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​54210
• [dd8ab83667] - meta: add module label for the lib/internal/modules folder (Aviv Keller) #​52858
• [db78978d17] - meta: bump actions/upload-artifact from 4.3.3 to 4.3.4 (dependabot[bot]) #​54166
• [ca808dd9e5] - meta: bump actions/download-artifact from 4.1.7 to 4.1.8 (dependabot[bot]) #​54167
• [a35d980146] - meta: bump actions/setup-python from 5.1.0 to 5.1.1 (dependabot[bot]) #​54165
• [3a103c3a17] - meta: bump step-security/harden-runner from 2.8.1 to 2.9.0 (dependabot[bot]) #​54169
• [775ebbe0e8] - meta: bump actions/setup-node from 4.0.2 to 4.0.3 (dependabot[bot]) #​54170
• [7d5dd6f1d1] - meta: bump github/codeql-action from 3.25.11 to 3.25.15 (dependabot[bot]) #​54168
• [80dd38dde3] - meta: bump ossf/scorecard-action from 2.3.3 to 2.4.0 (dependabot[bot]) #​54171
• [90b632ee02] - module: warn on detection in typeless package (Geoffrey Booth) #​52168
• [3011927aab] - node-api: add external buffer creation benchmark (Chengzhong Wu) #​54877
• [7611093e11] - node-api: add support for UTF-8 and Latin-1 property keys (Mert Can Altin) #​52984
• [d65a8f377c] - node-api: remove RefBase and CallbackWrapper (Vladimir Morozov) #​53590
• [309cb1cbd2] - path: remove StringPrototypeCharCodeAt from posix.extname (Aviv Keller) #​54546
• [2859b4ba9a] - path: change posix.join to use array (Wiyeong Seo) #​54331
• [c61cee2138] - path: fix relative on Windows (Hüseyin Açacak) #​53991
• [329be5cc35] - path: use the correct name in validateString (Benjamin Pasero) #​53669
• [a9837267cb] - repl: avoid interpreting 'npm' as a command when errors are recoverable (Shima Ryuhei) #​54848
• [d6a2317961] - repl: doc-deprecate instantiating node:repl classes without new (Aviv Keller) #​54842
• [7f09d983f3] - sea: don't set code cache flags when snapshot is used (Joyee Cheung) #​54120
• [85542b094c] - src: add Cleanable class to Environment (Gabriel Schulhof) #​54880
• [8422064127] - src: remove redundant AESCipherMode (Tobias Nießen) #​54438
• [342c32483a] - src: handle errors correctly in permission.cc (Michaël Zasso) #​54541
• [90ff714699] - src: return v8::Object from error constructors (Michaël Zasso) #​54541
• [872856cfcb] - src: improve buffer.transcode performance (Yagiz Nizipli) #​54153
• [91936ebd12] - src: skip inspector wait in internal workers (Chengzhong Wu) #​54219
• [9759049427] - src: account for OpenSSL unexpected version (Shelley Vohr) #​54038
• [87167fa248] - src: use args.This() instead of Holder (Michaël Zasso) #​53474
• [b05c56e4be] - src: simplify size() == 0 checks (Yagiz Nizipli) #​53440
• [d53e53699c] - src: fix execArgv in worker (theanarkh) #​53029
• [21776a34b5] - src: make sure pass the argv to worker threads (theanarkh) #​52827
• [3aaae68ec8] - (SEMVER-MINOR) src,lib: add performance.uvMetricsInfo (Rafael Gonzaga) #​54413
• [ef1c0d7def] - src,permission: handle process.chdir on pm (Rafael Gonzaga) #​53175
• [0c32918eef] - stream: change stream to use index instead of for...of (Wiyeong Seo) #​54474
• [337cd412b5] - stream: make checking pendingcb on WritableStream backward compatible (jakecastelli) #​54142
• [713fc0c9eb] - stream: throw TypeError when criteria fulfilled in getIterator (jakecastelli) #​53825
• [9686153616] - stream: fix util.inspect for compression/decompressionStream (Mert Can Altin) #​52283
• [76110b0b43] - test: adjust test-tls-junk-server for OpenSSL32 (Michael Dawson) #​54926
• [4092889371] - test: adjust tls test for OpenSSL32 (Michael Dawson) #​54909
• [5d48543a16] - test: fix test-http2-socket-close.js (Hüseyin Açacak) #​54900
• [8048c2eaed] - test: improve test-internal-fs-syncwritestream (Sunghoon) #​54671
• [597bc14c90] - test: deflake test-dns (Luigi Pinca) #​54902
• [a9fc8d9cfa] - test: fix test test-tls-dhe for OpenSSL32 (Michael Dawson) #​54903
• [1b3b4f4a9f] - test: use correct file naming syntax for util-parse-env (Aviv Keller) #​53705
• [9db46b5ea3] - test: add missing await (Luigi Pinca) #​54828
• [124f715679] - test: move more url tests to node:test (Yagiz Nizipli) #​54636
• [d2ec96150a] - test: strip color chars in test-runner-run (Giovanni Bucci) #​54552
• [747d9ae72e] - test: deflake test-http2-misbehaving-multiplex (Luigi Pinca) #​54872
• [7b7687eadc] - test: remove dead code in test-http2-misbehaving-multiplex (Luigi Pinca) #​54860
• [60f5f5426d] - test: reduce test-esm-loader-hooks-inspect-wait flakiness (Luigi Pinca) #​54827
• [f5e77385c5] - test: reduce the allocation size in test-worker-arraybuffer-zerofill (James M Snell) #​54839
• [f26cf09d6b] - test: fix test-tls-client-mindhsize for OpenSSL32 (Michael Dawson) #​54739
• [c6f9afec94] - test: use platform timeout (jakecastelli) #​54591
• [8f49b7c3ee] - test: reduce fs calls in test-fs-existssync-false (Yagiz Nizipli) #​54815
• [e2c69c9844] - test: move test-http-server-request-timeouts-mixed (James M Snell) #​54841
• [f7af8ca021] - test: fix volatile for CauseSegfault with clang (Ivan Trubach) #​54325
• [d1bae5ede5] - test: set test-worker-arraybuffer-zerofill as flaky (Yagiz Nizipli) #​54802
• [b5b5cc811f] - test: set test-http-server-request-timeouts-mixed as flaky (Yagiz Nizipli) #​54802
• [9808feecac] - test: set test-single-executable-application-empty as flaky (Yagiz Nizipli) #​54802
• [97d41c62e3] - test: set test-macos-app-sandbox as flaky (Yagiz Nizipli) #​54802
• [57ae68001c] - test: set test-fs-utimes as flaky (Yagiz Nizipli) #​54802
• [38afc4da03] - test: set test-runner-run-watch as flaky (Yagiz Nizipli) #​54802
• [68e19748a6] - test: set test-writewrap as flaky (Yagiz Nizipli) #​54802
• [e8cb03d530] - test: set test-async-context-frame as flaky (Yagiz Nizipli) #​54802
• [3a56517220] - test: set test-esm-loader-hooks-inspect-wait as flaky (Yagiz Nizipli) #​54802
• [c98cd1227d] - test: set test-http2-large-file as flaky (Yagiz Nizipli) #​54802
• [16176a6323] - test: set test-runner-watch-mode-complex as flaky (Yagiz Nizipli) #​54802
• [eed0537533] - test: set test-performance-function as flaky (Yagiz Nizipli) #​54802
• [d0f208d2e9] - test: set test-debugger-heap-profiler as flaky (Yagiz Nizipli) #​54802
• [68891a6363] - test: fix test-process-load-env-file when path contains ' (Antoine du Hamel) #​54511
• [4f82673139] - test: refactor fs-watch tests due to macOS issue (Santiago Gimeno) #​54498
• [3606c53fdc] - test: refactor test-esm-type-field-errors (Giovanni Bucci) #​54368
• [99566aea97] - test: improve output of child process utilities (Joyee Cheung) #​54622
• [ed2377c1a1] - test: fix test-tls-client-auth test for OpenSSL32 (Michael Dawson) #​54610
• [d2a7e45946] - test: update TLS test for OpenSSL 3.2 (Richard Lau) #​54612
• [a50bbca78a] - test: increase key size for ca2-cert.pem (Michael Dawson) #​54599
• [d7ac3262de] - test: update test-assert-typedarray-deepequal to use node:test (James M Snell) #​54585
• [916a73cd8f] - test: update test-assert to use node:test (James M Snell) #​54585
• [10bea1cef5] - test: merge ongc and gcutil into gc.js (tannal) #​54355
• [f145982436] - test: move a couple of tests over to using node:test (James M Snell) #​54582
• [229e102d20] - test: fix embedding test for Windows (Vladimir Morozov) #​53659
• [fcf82adef0] - test: use relative paths in test-cli-permission tests (sendoru) #​54188
• [4c219b0235] - test: fix timeout not being cleared (Isaac-yz-Liu) #​54242
• [e446517a41] - test: refactor test-runner-module-mocking (Antoine du Hamel) #​54233
• [782a6a05ef] - test: use assert.{s,deepS}trictEqual() (Luigi Pinca) #​54208
• [d478db7adc] - test: set test-structuredclone-jstransferable non-flaky (Stefan Stojanovic) #​54115
• [c8587ec90d] - test: update wpt test for streams (devstone) #​54129
• [dbc26c2971] - test: fix typo in test (Sonny) #​54137
• [17b7ec4df3] - test: add initial pull delay and prototype pollution prevention tests (Sonny) #​54061
• [931ff4367a] - test: update wpt test (Mert Can Altin) #​53814
• [1c1bd7ce52] - test: update url web-platform tests (Yagiz Nizipli) #​53472
• [b048eaea5c] - test_runner: reimplement assert.ok to allow stack parsing (Aviv Keller) #​54776
• [c981e61155] - test_runner: improve code coverage cleanup (Colin Ihrig) #​54856
• [4f421b37da] - test_runner: use validateStringArray for timers.enable() (Deokjin Kim) #​49534
• [27da75ae22] - test_runner: do not expose internal loader (Antoine du Hamel) #​54106
• [56cbc80d28] - test_runner: make mock_loader not confuse CJS and ESM resolution (Sung Ye In) #​53846
• [8fd951f7c7] - test_runner: remove outdated comment (Colin Ihrig) #​54146
• [65b6fec3ba] - test_runner: run after hooks even if test is aborted (Colin Ihrig) #​54151
• [c0b4c8284c] - test_runner: added colors to dot reporter (Giovanni) #​53450
• [3000e5df91] - test_runner: support module detection in module mocks (Geoffrey Booth) #​53642
• [f789f4c92d] - (SEMVER-MINOR) test_runner: support module mocking (Colin Ihrig) #​52848
• [82d1c36f51] - test_runner: display failed test stack trace with dot reporter (Mihir Bhansali) #​52655
• [5358601e31] - timers: avoid generating holey internal arrays (Gürgün Dayıoğlu) #​54771
• [b6ed97c66d] - timers: document ref option for scheduler.wait (Paolo Insogna) #​54605
• [f524b8a28b] - timers: fix validation (Paolo Insogna) #​54404
• [bc020f7cb3] - (SEMVER-MINOR) tls: add allowPartialTrustChain flag (Anna Henningsen) #​54790
• [d0e6f9168e] - tls: remove prototype primordials (Antoine du Hamel) #​53699
• [f5c65d0be6] - tools: add readability/fn_size to filter (Rafael Gonzaga) #​54744
• [a47bb9b2c2] - tools: add util scripts to land and rebase MRs (Antoine du Hamel) #​54656
• [fe3155cefa] - tools: remove readability/fn_size rule (Rafael Gonzaga) #​54663
• [d6b9cc3acd] - tools: remove unused python files (Aviv Keller) #​53928
• [b5fbe9609c] - tools: remove header from c-ares license (Aviv Keller) #​54335
• [a7fdc608c6] - tools: add find pyenv path on windows (Marco Ippolito) #​54314
• [f90688cd5b] - tools: make undici updater build wasm from src (Michael Dawson) #​54128
• [a033dff2f2] - tty: initialize winSize array with values (Michaël Zasso) #​54281
• [e635e0956c] - typings: fix TypedArray to a global type (1ilsang) #​54063
• [b5bf08f31e] - typings: correct param type of SafePromisePrototypeFinally (Wuli) #​54727
• [628ae4bde5] - typings: add util.styleText type definition (Rafael Gonzaga) #​54252
• [cc37401ea5] - typings: add missing binding function writeFileUtf8() (Jungku Lee) #​54110
• [728c3fd6f1] - url: modify pathToFileURL to handle extended UNC path (Early Riser) #​54262
• [b25563dfcb] - url: improve resolveObject with ObjectAssign (Early Riser) #​54092
• [eededd1ca8] - url: make URL.parse enumerable (Filip Skokan) #​53720
• [4eb0749b6c] - (SEMVER-MINOR) url: implement parse method for safer URL parsing (Ali Hassan) #​52280
• [9e1c2293bf] - vm: harden module type checks (Chengzhong Wu) #​52162
• [2d90340cb3] - (SEMVER-MINOR) vm: introduce vanilla contexts via vm.constants.DONT_CONTEXTIFY (Joyee Cheung) #​54394
• [4644d05ab5] - zlib: deprecate instantiating classes without new (Yagiz Nizipli) #​54708
• [ecdf6dd444] - zlib: simplify validators (Yagiz Nizipli) #​54442

v20.17.0: 2024-08-21, Version 20.17.0 'Iron' (LTS), @​marco-ippolito

Compare Source

module: support require()ing synchronous ESM graphs

This release adds require() support for synchronous ESM graphs under the flag --experimental-require-module.

If --experimental-require-module is enabled, and the ECMAScript module being loaded by require() meets the following requirements:

• Explicitly marked as an ES module with a "type": "module" field in the closest package.json or a .mjs extension.
• Fully synchronous (contains no top-level await).

require() will load the requested module as an ES Module, and return the module name space object. In this case it is similar to dynamic import() but is run synchronously and returns the name space object directly.

Contributed by Joyee Cheung in #​51977

path: add matchesGlob method

Glob patterns can now be tested against individual paths via the path.matchesGlob(path, pattern) method.

Contributed by Aviv Keller in #​52881

stream: expose DuplexPair API

The function duplexPair returns an array with two items, each being a Duplex stream connected to the other side:

const [ sideA, sideB ] = duplexPair();

Whatever is written to one stream is made readable on the other. It provides behavior analogous to a network connection, where the data written by the client becomes readable by the server, and vice-versa.

Contributed by Austin Wright in #​34111

Other Notable Changes

• [8e64c02b19] - (SEMVER-MINOR) http: add diagnostics channel http.client.request.error (Kohei Ueno) #​54054
• [ae30674991] - meta: add jake to collaborators (jakecastelli) #​54004
• [4a3ecbfc9b] - (SEMVER-MINOR) stream: implement min option for ReadableStreamBYOBReader.read (Mattias Buelens) #​50888

Commits

• [b3a2726cbc] - assert: use isError instead of instanceof in innerOk (Pietro Marchini) #​53980
• [c7e4c3daf4] - benchmark: add cpSync benchmark (Yagiz Nizipli) #​53612
• [a52de8c5ff] - bootstrap: print --help message using console.log (Jacob Hummer) #​51463
• [61b90e7c5e] - build: update gcovr to 7.2 and codecov config (Benjamin E. Coe) #​54019
• [a9c04eaa27] - build: ensure v8_pointer_compression_sandbox is enabled on 64bit (Shelley Vohr) #​53884
• [342a663d7a] - build: trigger coverage ci when updating codecov (Yagiz Nizipli) #​53929
• [5727b4d129] - build: update codecov coverage build count (Yagiz Nizipli) #​53929
• [977af25870] - build: disable test-asan workflow (Michaël Zasso) #​53844
• [04798fb104] - build: fix build warning of c-ares under GN build (Cheng) #​53750
• [5ec5e78574] - build: fix mac build error of c-ares under GN (Cheng) #​53687
• [3d8721f0a4] - build: add version-specific library path for AIX (Richard Lau) #​53585
• [ffb0bd344d] - build, tools: drop leading / from r2dir (Richard Lau) #​53951
• [a2d74f4c31] - build,tools: simplify upload of shasum signatures (Michaël Zasso) #​53892
• [993bb3b6e7] - child_process: fix incomplete prototype pollution hardening (Liran Tal) #​53781
• [137a2e5766] - cli: document --inspect port 0 behavior (Aviv Keller) #​53782
• [820e6e1737] - cli: update node.1 to reflect Atom's sunset (Aviv Keller) #​53734
• [fa0e8d7b3b] - crypto: avoid std::function (Tobias Nießen) #​53683
• [460240c368] - crypto: make deriveBits length parameter optional and nullable (Filip Skokan) #​53601
• [ceb1d5e00a] - crypto: avoid taking ownership of OpenSSL objects (Tobias Nießen) #​53460
• [44268c27eb] - deps: update corepack to 0.29.3 (Node.js GitHub Bot) #​54072
• [496975ece0] - deps: update c-ares to v1.32.3 (Node.js GitHub Bot) #​54020
• [5eea419349] - deps: update c-ares to v1.32.2 (Node.js GitHub Bot) #​53865
• [8c8e3688c5] - deps: update googletest to 4b21f1a (Node.js GitHub Bot) #​53842
• [78f6b34c77] - deps: update minimatch to 10.0.1 (Node.js GitHub Bot) #​53841
• [398f7acca3] - deps: update corepack to 0.29.2 (Node.js GitHub Bot) #​53838
• [fa8f99d90b] - deps: update simdutf to 5.3.0 (Node.js GitHub Bot) #​53837
• [a19b28336b] - deps: update ada to 2.9.0 (Node.js GitHub Bot) #​53748
• [2f66c7e707] - deps: upgrade npm to 10.8.2 (npm team) #​53799
• [2a2620e7c0] - deps: update googletest to 34ad51b (Node.js GitHub Bot) #​53157
• [c01ce60ce7] - deps: update googletest to 305e5a2 (Node.js GitHub Bot) #​53157
• [832328ea01] - deps: update c-ares to v1.32.1 (Node.js GitHub Bot) #​53753
• [878e9a4ae7] - deps: update minimatch to 9.0.5 (Node.js GitHub Bot) #​53646
• [4647e6b5c5] - deps: update c-ares to v1.32.0 (Node.js GitHub Bot) #​53722
• [30310bf887] - doc: move numCPUs require to top of file in cluster CJS example (Alfredo González) #​53932
• [36170eddca] - doc: update security-release process to automated one (Rafael Gonzaga) #​53877
• [55f5e76ba7] - doc: fix typo in technical-priorities.md (YoonSoo_Shin) #​54094
• [1c0ccc0ca8] - doc: fix typo in diagnostic tooling support tiers document (Taejin Kim) #​54058
• [6a5120ff0f] - doc: move GeoffreyBooth to TSC regular member (Geoffrey Booth) #​54047
• [ead05aad2a] - doc: fix typo in recognizing-contributors (Marco Ippolito) #​53990
• [25e59aebac] - doc: update boxstarter README (Aviv Keller) #​53785
• [a3183fb927] - doc: add info about prefix-only modules to module.builtinModules (Grigory) #​53954
• [89599e025f] - doc: remove scroll-behavior: smooth; (Cloyd Lau) #​53942
• [139c62e40c] - doc: move --test-coverage-{ex,in}clude to proper location (Colin Ihrig) #​53926
• [233aba90ea] - doc: update api_assets README for new files (Aviv Keller) #​53676
• [44a1cbe98a] - doc: add MattiasBuelens to collaborators (Mattias Buelens) #​53895
• [f5280ddbc5] - doc: fix casing of GitHub handle for two collaborators (Antoine du Hamel) #​53857
• [9224e3eef1] - doc: update release-post nodejs.org script (Rafael Gonzaga) #​53762
• [f87eed8de4] - doc: move MylesBorins to emeritus (Myles Borins) #​53760
• [32ac80ae8d] - doc: add Rafael to the last security release (Rafael Gonzaga) #​53769
• [e71aa7e98b] - doc: use mock.callCount() in examples (Sébastien Règne) #​53754
• [f64db24312] - doc: clarify authenticity of plaintexts in update (Tobias Nießen) #​53784
• [51e736ac83] - doc: add option to have support me link (Michael Dawson) #​53312
• [9804731d0f] - doc: update scroll-padding-top to 4rem (Cloyd Lau) #​53662
• [229f7f8b8a] - doc: mention v8.setFlagsFromString to pm (Rafael Gonzaga) #​53731
• [98d59aa929] - doc: remove the last <pre> tag (Claudio W) #​53741
• [60ee41df08] - doc: exclude voting and regular TSC from spotlight (Michael Dawson) #​53694
• [c3536cfa99] - doc: fix releases guide for recent Git versions (Michaël Zasso) #​53709
• [3b632e1871] - doc: require node:process in assert doc examples (Alfredo González) #​53702
• [754090c110] - doc: add additional explanation to the wildcard section in permissions (jakecastelli) #​53664
• [4346de7267] - doc: mark NODE_MODULE_VERSION for Node.js 22.0.0 (Michaël Zasso) #​53650
• [758178bd72] - doc: include node.module_timer on available categories (Vinicius Lourenço) #​53638
• [e0d213df2b] - doc: fix module customization hook examples (Elliot Goodrich) #​53637
• [43ac5a2441] - doc: fix doc for correct usage with plan & TestContext (Emil Tayeb) #​53615
• [5076f0d292] - doc: remove some news issues that are no longer (Michael Dawson) #​53608
• [c997dbef34] - doc: add issue for news from ambassadors (Michael Dawson) #​53607
• [16d55f1d25] - doc: add esm example for os (Leonardo Peixoto) #​53604
• [156fc536f2] - doc: clarify usage of coverage reporters (Eliphaz Bouye) #​53523
• [f8f247bc99] - doc: document addition testing options (Aviv Keller) #​53569
• [73860aca56] - doc: clarify that fs.exists() may return false for existing symlink (Tobias Nießen) #​53566
• [59c5c5c73e] - doc: note http.closeAllConnections excludes upgraded sockets (Rob Hogan) #​53560
• [1cd3c8eb27] - doc: fix typo (EhsanKhaki) #​53397
• [3c5e593e2a] - doc, meta: add PTAL to glossary (Aviv Keller) #​53770
• [f336e61257] - doc, test: tracing channel hasSubscribers getter (Thomas Hunter II) #​52908
• [4187b81439] - doc, typings: events.once accepts symbol event type (René) #​53542
• [3cdf94d403] - doc,tty: add documentation for ReadStream and WriteStream (jakecastelli) #​53567
• [5d03f6fab7] - esm: move hooks test with others (Geoffrey Booth) #​53558
• [490f15a99b] - fs: ensure consistency for mkdtemp in both fs and fs/promises (YieldRay) #​53776
• [8e64c02b19] - (SEMVER-MINOR) http: add diagnostics channel http.client.request.error (Kohei Ueno) #​54054
• [0d70c79ebf] - lib: optimize copyError with ObjectAssign in primordials (HEESEUNG) #​53999
• [a4ff2ac0f0] - lib: improve cluster/primary code (Ehsan Khakifirooz) #​53756
• [c667fbd988] - lib: improve error message when index not found on cjs (Vinicius Lourenço) #​53859
• [51ba566171] - lib: decorate async stack trace in source maps (Chengzhong Wu) #​53860
• [d012dd3d29] - lib: remove path.resolve from permissions.js (Rafael Gonzaga) #​53729
• [1e9ff50446] - lib: add toJSON to PerformanceMeasure (theanarkh) #​53603
• [3a2d8bffa5] - lib: convert WeakMaps in cjs loader with private symbol properties (Chengzhong Wu) #​52095
• [e326342bd7] - meta: add sqlite to js subsystems (Alex Yang) #​53911
• [bfabfb4d17] - meta: move tsc member to emeritus (Michael Dawson) #​54029
• [ae30674991] - meta: add jake to collaborators (jakecastelli) #​54004
• [6ca0cfc602] - meta: remove license for hljs (Aviv Keller) #​53970
• [e6ba121e83] - meta: make more bug-report information required (Aviv Keller) #​53718
• [1864cddd0c] - meta: store actions secrets in environment (Aviv Keller) #​53930
• [c0b24e5071] - meta: move anonrig to tsc voting members (Yagiz Nizipli) #​53888
• [e60b089f7f] - meta: remove redudant logging from dep updaters (Aviv Keller) #​53783
• [bff6995ec3] - meta: change email address of anonrig (Yagiz Nizipli) #​53829
• [c2bb46020a] - meta: add node_sqlite.c to MR label config (Aviv Keller) #​53797
• [b8d2bbc6d6] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​53758
• [0ad4b7c1f7] - meta: use HTML entities in commit-queue comment (Aviv Keller) #​53744
• [aa0c5c25d1] - meta: move regular TSC member to emeritus (Michael Dawson) #​53693
• [a5f5b4550b] - meta: bump codecov/codecov-action from 4.4.1 to 4.5.0 (dependabot[bot]) #​53675
• [f84e215c90] - meta: bump mozilla-actions/sccache-action from 0.0.4 to 0.0.5 (dependabot[bot]) #​53674
• [d5a9c249d3] - meta: bump github/codeql-action from 3.25.7 to 3.25.11 (dependabot[bot]) #​53673
• [39d6c780c8] - meta: bump actions/checkout from 4.1.6 to 4.1.7 (dependabot[bot]) #​53672
• [bb6fe38a34] - meta: bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (dependabot[bot]) #​53671
• [5dcdfb5e6b] - meta: bump step-security/harden-runner from 2.8.0 to 2.8.1 (dependabot[bot]) #​53670
• [44d901a1c9] - meta: move member from TSC regular to emeriti (Michael Dawson) #​53599
• [0c91186afa] - meta: warnings bypass deprecation cycle (Benjamin Gruenbaum) #​53513
• [bcd08bef60] - meta: prevent constant references to issues in versioning (Aviv Keller) #​53564
• [7625dc4927] - module: fix submodules loaded by require() and import() (Joyee Cheung) #​52487
• [6c4f4772e3] - module: tidy code and comments (Jacob Smith) #​52437
• [51b88faeac] - module: disallow CJS <-> ESM edges in a cycle from require(esm) (Joyee Cheung) #​52264
• [4dae68ced4] - module: centralize SourceTextModule compilation for builtin loader (Joyee Cheung) #​52291
• [cad46afc07] - (SEMVER-MINOR) module: support require()ing synchronous ESM graphs (Joyee Cheung) #​51977
• [ac58c829a1] - node-api: add property keys benchmark (Chengzhong Wu) #​54012
• [e6a4104bd1] - node-api: rename nogc to basic (Gabriel Schulhof) #​53830
• [57b8b8e18e] - (SEMVER-MINOR) path: add matchesGlob method (Aviv Keller) #​52881
• [bf6aa53299] - process: unify experimental warning messages (Aviv Keller) #​53704
• [2a3ae16e62] - src: expose LookupAndCompile with parameters (Shelley Vohr) #​53886
• [0109f9c961] - src: simplify AESCipherTraits::AdditionalConfig (Tobias Nießen) #​53890
• [6bafe8a457] - src: fix -Wshadow warning (Shelley Vohr) #​53885
• [4c36d6c47a] - src: fix slice of slice of file-backed Blob (Josh Lee) #​53972
• [848c2d59fb] - src: cache invariant code motion (Rafael Gonzaga) #​53879
• [acaf5dd1cd] - src: avoid strcmp in ImportJWKAsymmetricKey (Tobias Nießen) #​53813
• [b71250aaf9] - src: replace ToLocalChecked uses with ToLocal in node-file (James M Snell) #​53869
• [aff9a5339a] - src: fix env-file flag to ignore spaces before quotes (Mohit Malhotra) #​53786
• [e352a4ef27] - src: update outdated references to spec sections (Tobias Nießen) #​53832
• [1a4da22a60] - src: use Maybe<void> in ManagedEVPPKey (Tobias Nießen) #​53811
• [0c24b91bd2] - src: fix error handling in ExportJWKAsymmetricKey (Tobias Nießen) #​53767
• [81cd84c716] - src: use Maybe<void> in node::crypto::error (Tobias Nießen) #​53766
• [8135f3616d] - src: fix typo in node.h (Daeyeon Jeong) #​53759
• [e6d735a997] - src: document the Node.js context embedder data (Joyee Cheung) #​53611
• [584beaa2ed] - src: zero-initialize data that are copied into the snapshot (Joyee Cheung) #​53563
• [ef5dabd8c6] - src: fix Worker termination when '--inspect-brk' is passed (Daeyeon Jeong) #​53724
• [62f4f6f48e] - src: remove ArrayBufferAllocator::Reallocate override (Shu-yu Guo) #​52910
• [a6dd8643fa] - src: reduce unnecessary serialization of CLI options in C++ (Joyee Cheung) #​52451
• [31fdb881cf] - src,lib: expose getCategoryEnabledBuffer to use on node.http (Vinicius Lourenço) #​53602
• [2eea8502e1] - src,test: further cleanup references to osx (Daniel Bayley) #​53820
• [7c21bb99a5] - (SEMVER-MINOR) stream: expose DuplexPair API (Austin Wright) #​34111
• [56299f7309] - stream: improve inspector ergonomics (Benjamin Gruenbaum) #​53800
• [9b82b15230] - stream: update ongoing promise in async iterator return() method (Mattias Buelens) #​52657
• [4a3ecbfc9b] - (SEMVER-MINOR) stream: implement min option for ReadableStreamBYOBReader.read (Mattias Buelens) #​50888
• [bd996bf694] - test: do not swallow uncaughtException errors in exit code tests (Meghan Denny) #​54039
• [77761af077] - test: move shared module to test/common (Rich Trott) #​54042
• [bec88ce138] - test: skip sea tests with more accurate available disk space estimation (Chengzhong Wu) #​53996
• [9a98ad47cd] - test: remove unnecessary console log (KAYYY) #​53812
• [364d09cf0a] - test: add comments and rename test for timer robustness (Rich Trott) #​54008
• [5c5093dc0a] - test: add test for one arg timers to increase coverage (Carlos Espa) #​54007
• [43ede1ae0b] - test: mark 'test/parallel/test-sqlite.js' as flaky (Colin Ihrig) #​54031
• [0ad783cb42] - test: mark test-pipe-file-to-http as flaky (jakecastelli) #​53751
• [f2b4fd3544] - test: compare paths on Windows without considering case (Early Riser) #​53993
• [2e69e5f4d2] - test: skip sea tests in large debug builds (Chengzhong Wu) #​53918
• [56c26fe6e5] - test: skip --title check on IBM i (Abdirahim Musse) #​53952
• [6d0b8ded00] - test: reduce flakiness of test-assert-esm-cjs-message-verify (Antoine du Hamel) #​53967
• [edb75aebd7] - test: use PYTHON executable from env in assertSnapshot (Antoine du Hamel) #​53938
• [be94e470a6] - test: deflake test-blob-file-backed (Luigi Pinca) #​53920
• [c2b0dcd165] - test: un-set inspector-async-hook-setup-at-inspect-brk as flaky (Abdirahim Musse) #​53692
• [6dc18981ac] - test: use python3 instead of python in pummel test (Mathis Wiehl) #​53057
• [662bf524e1] - test: do not assume cwd in snapshot tests (Antoine du Hamel) #​53146
• [a07526702a] - test: fix OpenSSL version checks (Richard Lau) #​53503
• [2b70018d11] - test: refactor, add assertion to http-request-end (jakecastelli) #​53411
• [c0262c1561] - test_runner: switched to internal readline interface (Emil Tayeb) #​54000
• [fb7342246c] - test_runner: do not throw on mocked clearTimeout() (Aksinya Bykova) #​54005
• [367f9e77f3] - test_runner: cleanup global event listeners after run (Eddie Abbondanzio) #​53878
• [206c668ee7] - test_runner: remove plan option from run() (Colin Ihrig) #​53834
• [8660d481e5] - tls: add setKeyCert() to tls.Socket (Brian White) #​53636
• [9c5beabd83] - tools: fix SLACK_TITLE in invalid commit workflow (Antoine du Hamel) #​53912
• [4dedf2aead] - tools: update lint-md-dependencies (Node.js GitHub Bot) #​53840
• [642d5c5d30] - tools: use v8_features.json to populate config.gypi (Cheng) #​53749
• [031206544d] - tools: update lint-md-dependencies to unified@11.0.5 (Node.js GitHub Bot) #​53555
• [8404421ea6] - tools: replace reference to NodeMainInstance with SnapshotBuilder (codediverdev) #​53544
• [2d8490fed5] - typings: add fs_dir types (Yagiz Nizipli) #​53631
• [325eae0b3f] - url: fix typo (KAYYY) #​53827
• [7fc45f5e3f] - url: reduce unnecessary string copies (Yagiz Nizipli) #​53628
• [1d961facf1] - url: add missing documentation for URL.parse() (Yagiz Nizipli) #​53733
• [ce877c6d0f] - util: fix crashing when emitting new Buffer() deprecation warning #​53075 (Aras Abbasi) #​53089
• [d6d04279ca] - worker: allow copied NODE_OPTIONS in the env setting (Joyee Cheung) #​53596

v20.16.0: 2024-07-24, Version 20.16.0 'Iron' (LTS), @​marco-ippolito

Compare Source

process: add process.getBuiltinModule(id)

process.getBuiltinModule(id) provides a way to load built-in modules in a globally available function. ES Modules that need to support other environments can use it to conditionally load a Node.js built-in when it is run in Node.js, without having to deal with the resolution error that can be thrown by import in a non-Node.js environment or having to use dynamic import() which either turns the module into an asynchronous module, or turns a synchronous API into an asynchronous one.

if (globalThis.process?.getBuiltinModule) {
  // Run in Node.js, use the Node.js fs module.
  const fs = globalThis.process.getBuiltinModule('fs');
  // If `require()` is needed to load user-modules, use createRequire()
  const module = globalThis.process.getBuiltinModule('module');
  const require = module.createRequire(import.meta.url);
  const foo = require('foo');
}

If id specifies a built-in module available in the current Node.js process, process.getBuiltinModule(id) method returns the corresponding built-in module. If id does not correspond to any built-in module, undefined is returned.

process.getBuiltinModule(id) accepts built-in module IDs that are recognized by module.isBuiltin(id).

The references returned by process.getBuiltinModule(id) always point to the built-in module corresponding to id even if users modify require.cache so that require(id) returns something else.

Contributed by Joyee Cheung in #​52762

doc: doc-only deprecate OpenSSL engine-based APIs

OpenSSL 3 deprecated support for custom engines with a recommendation to switch to its new provider model. The clientCertEngine option for https.request(), tls.createSecureContext(), and tls.createServer(); the privateKeyEngine and privateKeyIdentifier for tls.createSecureContext(); and crypto.setEngine() all depend on this functionality from OpenSSL.

Contributed by Richard Lau in #​53329

inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth

Debugger.setAsyncCallStackDepth was previously calling the enable function by mistake. As a result, when profiling using Chrome DevTools, the async hooks won't be turned off properly after receiving Debugger.setAsyncCallStackDepth with depth 0.

Contributed by Joyee Cheung in #​53473

Other Notable Changes

• [09e2191432] - (SEMVER-MINOR) buffer: add .bytes() method to Blob (Matthew Aitken) #​53221
• [394e00f41c] - (SEMVER-MINOR) doc: add context.assert docs (Colin Ihrig) #​53169
• [a8601efa5e] - (SEMVER-MINOR) doc: improve explanation about built-in modules (Joyee Cheung) #​52762
• [5e76c258f7] - doc: add StefanStojanovic to collaborators (StefanStojanovic) #​53118
• [5e694026f1] - doc: add Marco Ippolito to TSC (Rafael Gonzaga) #​53008
• [f3ba1eb72f] - (SEMVER-MINOR) net: add new net.server.listen tracing channel (Paolo Insogna) #​53136
• [2bcce3255b] - (SEMVER-MINOR) src,permission: --allow-wasi & prevent WASI exec (Rafael Gonzaga) #​53124
• [a03a4c7bdd] - (SEMVER-MINOR) test_runner: add context.fullName (Colin Ihrig) #​53169
• [69b828f5a5] - (SEMVER-MINOR) util: support --no- for argument with boolean type for parseArgs (Zhenwei Jin) #​53107

Commits

• [76fd0ea92e] - assert,util: correct comparison when both contain same reference (Daniel Lemire) #​53431
• [65308b6692] - benchmark: fix api restriction for the permission category (Ryan Tsien) #​51528
• [1e2bc2c2d0] - benchmark: fix napi/ref addon (Michaël Zasso) #​53233
• [09e2191432] - (SEMVER-MINOR) buffer: add .bytes() method to Blob (Matthew Aitken) #​53221
• [e1951a4804] - build: fix spacing before NINJA_ARGS (jakecastelli) #​53181
• [76f3bb3460] - build: generate binlog in out directories (Chengzhong Wu) #​53325
• [eded0c187b] - build: support python 3.13 (Chengzhong Wu) #​53190
• [1e57c67fdb] - build: update ruff to v0.4.5 (Yagiz Nizipli) #​53180
• [28e71ede63] - build: add --skip-tests to test-ci-js target (Antoine du Hamel) #​53105
• [bb06778a65] - build: fix building embedtest in GN build (Cheng) #​53145
• [117ff5f139] - build: use broader detection for 'help' (Aviv Keller) #​53045
• [9aa896e7f5] - build: fix -j propagation to ninja (Tobias Nießen) #​53088
• [acdbc78955] - build: exit on unsupported host OS for Android (Mohammed Keyvanzadeh) #​52882
• [bf3d94478e] - build: fix --enable-d8 builds (Richard Lau) #​53106
• [99da7d7237] - build: set "clang" in config.gypi in GN build (Cheng) #​53004
• [9446278f03] - crypto: improve GetECGroupBits signature (Tobias Nießen) #​53364
• [dc2a4af68d] - crypto: fix propagation of "memory limit exceeded" (Tobias Nießen) #​53300
• [c5174f5e60] - deps: update c-ares to v1.31.0 (Node.js GitHub Bot) #​53554
• [28e932dc7a] - deps: update undici to 6.19.2 (Node.js GitHub Bot) #​53468
• [e4f9c663c4] - deps: update undici to 6.19.1 (Node.js GitHub Bot) #​53468
• [171dc50fdc] - deps: update undici to 6.19.1 (Node.js GitHub Bot) #​53468
• [6bb6a9100d] - deps: update undici to 6.19.0 (Node.js GitHub Bot) #​53468
• [815d71b4cd] - deps: update acorn-walk to 8.3.3 (Node.js GitHub Bot) #​53466
• [8b5f1d765a] - deps: update zlib to 1.3.0.1-motley-209717d (Node.js GitHub Bot) #​53156
• [fc73da6f50] - deps: update c-ares to v1.30.0 (Node.js GitHub Bot) #​53416
• [a6b803abd6] - deps: update undici to 6.18.2 (Node.js GitHub Bot) #​53255
• [0f235535bb] - deps: update ada to 2.8.0 (Node.js GitHub Bot) #​53254
• [63407269a8] - deps: update corepack to 0.28.2 (Node.js GitHub Bot) #​53253
• [7a126e8773] - deps: update c-ares to 1.29.0 (Node.js GitHub Bot) #​53155
• [0c8fcceefa] - deps: upgrade npm to 10.8.1 (npm team) #​53207
• [23866979f2] - deps: update undici to 6.18.1 (Node.js GitHub Bot) #​53073
• [4987a00142] - deps: update undici to 6.18.0 (Node.js GitHub Bot) #​53073
• [af226d0d9c] - deps: update undici to 6.17.0 (Node.js GitHub Bot) #​53034
• [c9c6bf8bfb] - deps: update undici to 6.16.1 (Node.js GitHub Bot) #​52948
• [b32b62d590] - deps: update undici to 6.15.0 (Matthew Aitken) #​52763
• [6e6641bea2] - deps: update googletest to 33af80a (Node.js GitHub Bot) #​53053
• [aa96fbe03e] - deps: update zlib to 1.3.0.1-motley-4f653ff (Node.js GitHub Bot) #​53052
• [ba3310ded5] - deps: upgrade npm to 10.8.0 (npm team) #​53014
• [8537a2aecf] - doc: recommend not using libuv node-api function (Michael Dawson) #​53521
• [c13600f0db] - doc: add additional guidance for MRs to deps (Michael Dawson) #​53499
• [7c3edd952e] - doc: only apply content-visibility on all.html (Filip Skokan) #​53510
• [ac5be14ed8] - doc: update the description of the return type for options.filter (Zhenwei Jin) #​52742
• [cac300e351] - doc: remove first timer badge (Aviv Keller) #​53338
• [feb61459fd] - doc: add Buffer.from(string) to functions that use buffer pool (Christian Bates-White) #​52801
• [9e0a6e938b] - doc: add initial text for ambassadors program (Michael Dawson) #​52857
• [55ac53cb0b] - doc: define more cases for stream event emissions (Aviv Keller) #​53317
• [7128e0f9c9] - doc: remove mentions of policy model from security info (Aviv Keller) #​53249
• [3e290433df] - doc: fix mistakes in the module load hook api (István Donkó) #​53349
• [3445c08144] - doc: doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #​53329
• [a3e8cda019] - doc: mark --heap-prof and related flags stable (Joyee Cheung) #​53343
• [0b9daaae4d] - doc: mark --cpu-prof and related flags stable (Joyee Cheung) #​53343
• [daf91834f6] - doc: remove IRC from man page (Tobias Nießen) #​53344
• [4246c8fa31] - doc: fix broken link in static-analysis.md (Richard Lau) #​53345
• [955b98a0e4] - doc: remove cases for keys not containing "*" in PATTERN_KEY_COMPARE (Maarten Zuidhoorn) #​53215
• [7832b1815f] - doc: add err param to fs.cp callback (Feng Yu) #​53234
• [01533df87f] - doc: add err param to fs.copyFile callback (Feng Yu) #​53234
• [b081bc7d5e] - doc: reserve 128 for Electron 32 (Keeley Hammond) #​53203
• [6b8460b560] - doc: add note to ninjia build for macOS using -jn flag (jakecastelli) #​53187
• [394e00f41c] - (SEMVER-MINOR) doc: add context.assert docs (Colin Ihrig) #​53169
• [c143d61d0e] - doc: include ESM import for HTTP (Aviv Keller) #​53165
• [a8601efa5e] - (SEMVER-MINOR) doc: improve explanation about built-in modules (Joyee Cheung) #​52762
• [560392de3d] - doc: fix minor grammar and style issues in SECURITY.md (Rich Trott) #​53168
• [9f8e34323d] - doc: mention pm is not enforced when using fd (Rafael Gonzaga) #​53125
• [3ac775b015] - doc: fix format in esm.md (Pop Moore) #​53170
• [41b08bdcf7] - doc: fix wrong variable name in example of timers.tick() (Deokjin Kim) #​53147
• [698ea7aa5a] - doc: fix wrong function name in example of context.plan() (Deokjin Kim) #​53140
• [a99359d79d] - doc: add note for windows users and symlinks (Aviv Keller) #​53117
• [61ec2af292] - doc: move all TLS-PSK documentation to its section (Alba Mendez) #​35717
• [5e76c258f7] - doc: add StefanStojanovic to collaborators (StefanStojanovic) #​53118
• [1dc406ba62] - doc: improve ninja build for --built-in-modules-path (jakecastelli) #​53007
• [2854585662] - doc: avoid hiding by navigation bar in anchor jumping (Cloyd Lau) #​45131
• [3f432f829f] - doc: remove unavailable youtube link in pull requests (Deokjin Kim) #​52982
• [5e694026f1] - doc: add Marco Ippolito to TSC (Rafael Gonzaga) #​53008
• [231e44043e] - doc: add missing supported timer values in timers.enable() (Deokjin Kim) #​52969
• [b8944f6938] - doc, http: add rejectNonStandardBodyWrites option, clear its behaviour (jakecastelli) #​53396
• [0354584738] - doc, meta: organize contributing to Node-API guide (Aviv Keller) #​53243
• [9ae3719c4e] - doc, meta: use markdown rather than HTML in CONTRIBUTING.md (Aviv Keller) #​53235
• [621e073c96] - fs: do not crash if the watched file is removed while setting up watch (Matteo Collina) #​53452
• [f00ee1c377] - fs: fix cp dir/non-dir mismatch error messages (Mathis Wiehl) #​53150
• [655b960418] - http2: reject failed http2.connect when used with promisify (ehsankhfr) #​53475
• [eb0b68bb29] - inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #​53473
• [1c0b89be4c] - lib: fix typo in comment (codediverdev) #​53543
• [55922d9cb0] - lib: remove the unused code (theanarkh) #​53463
• [06374ef96b] - lib: fix naming convention of Symbol (Deokjin Kim) #​53387
• [d1a780039a] - lib: fix timer leak (theanarkh) #​53337
• [8689ce4b41] - lib: fix misleading argument of validateUint32 (Tobias Nießen) #​53307
• [57d7bbf624] - lib: fix the name of the fetch global function (Gabriel Bota) #​53227
• [23f086c363] - lib: do not call callback if socket is closed (theanarkh) #​52829
• [f325c54c80] - meta: use correct source for workflow in MR (Aviv Keller) #​53490
• [8172412dbe] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​53480
• [01b61d65d3] - meta: fix typo in dependency updates (Aviv Keller) #​53471
• [12f5737cd3] - meta: bump step-security/harden-runner from 2.7.1 to 2.8.0 (dependabot[bot]) #​53245
• [102e4eee3c] - meta: bump ossf/scorecard-action from 2.3.1 to 2.3.3 (dependabot[bot]) #​53248
• [5ba185580d] - meta: bump actions/checkout from 4.1.4 to 4.1.6 (dependabot[bot]) #​53247
• [9d186cce2b] - meta: bump github/codeql-action from 3.25.3 to 3.25.7 (dependabot[bot]) #​53246
• [29ab74009e] - meta: bump codecov/codecov-action from 4.3.1 to 4.4.1 (dependabot[bot]) #​53244
• [bd4b593f30] - meta: remove initializeCommand from devcontainer (Aviv Keller) #​53137
• [61b1f573cf] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​53065
• [f3ba1eb72f] - (SEMVER-MINOR) net: add new net.server.listen tracing channel (Paolo Insogna) #​53136
• [67333a5796] - (SEMVER-MINOR) process: add process.getBuiltinModule(id) (Joyee Cheung) #​52762
• [092aa09eb3] - repl: fix await object patterns without values (Luke Haas) #​53331
• [554d25f526] - src: reset process.versions during pre-execution (Richard Lau) #​53444
• [a0879ad628] - src: fix dynamically linked OpenSSL version (Richard Lau) #​53456
• [91c05f34de] - src: remove SetEncoding from StringEncoder (Yagiz Nizipli) #​53441
• [4f49384be5] - src: fix typo in env.cc (EhsanKhaki) #​53418
• [9730d1e186] - src: avoid strcmp in favor of operator== (Tobias Nießen) #​53439
• [436ad8ceb9] - src: print v8::OOMDetails::detail when it's available (Joyee Cheung) #​53360
• [f773b289eb] - src: fix IsIPAddress for IPv6 (Hüseyin Açacak) #​53400
• [7705efd860] - src: fix permission inspector crash (theanarkh) #​53389
• [260d8d9ae1] - src: use __FUNCSIG__ on Windows in backtrace (Joyee Cheung) #​53135
• [3b79e9c24e] - src: fix external module env and kDisableNodeOptionsEnv (Rafael Gonzaga) #​52905
• [32839c63cb] - src: reduce unnecessary GetCwd calls (Yagiz Nizipli) #​53064
• [840dd092ce] - src: improve node::Dotenv declarations (Tobias Nießen) #​52973
• [2bcce3255b] - (SEMVER-MINOR) src,permission: --allow-wasi & prevent WASI exec (Rafael Gonzaga) #​53124
• [e092c62a22] - stream: update outdated highwatermark doc (Jay Kim) #​53494
• [71af3e8172] - stream: support dispose in writable (Benjamin Gruenbaum) #​48547
• [33a15be32f] - stream: callback should be called when pendingcb is 0 (jakecastelli) #​53438
• [1b46ebbf69] - stream: make sure _destroy is called (jakecastelli) #​53213
• [9f95d41947] - stream: prevent stream unexpected pause when highWaterMark set to 0 (jakecastelli) #​53261
• [d02651c9d6] - stream: micro-optimize writable condition (Orgad Shaneh) #​53189
• [324070c410] - stream: fix memory usage regression in writable (Orgad Shaneh) #​53188
• [48138afd35] - stream: fixes for webstreams (Mattias Buelens) #​51168
• [24f078a22b] - test: mark test-benchmark-crypto as flaky (Antoine du Hamel) #​52955
• [0d69ce3474] - test: extend env for test-node-output-errors (Richard Lau) #​53535
• [1aaaad8518] - test: update encoding web-platform tests (Yagiz Nizipli) #​53477
• [54e0ba8771] - test: check against run-time OpenSSL version (Richard Lau) #​53456
• [059e47c320] - test: update tests for OpenSSL 3.0.14 (Richard Lau) #​53373
• [49e6f33021] - test: fix test-http-server-keepalive-req-gc (Etienne Pierre-doray) #​53292
• [292d13a289] - test: update TLS tests for OpenSSL 3.2 (Richard Lau) #​53384
• [82017c90bb] - test: fix test when compiled without engine support (Richard Lau) #​53232
• [a54090b385] - test: update TLS trace tests for OpenSSL >= 3.2 (Richard Lau) #​53229
• [3a1693421d] - test: fix Windows native test suites (Stefan Stojanovic) #​53173
• [2b07d01272] - test: skip test-setproctitle when ps is not available (Antoine du Hamel) #​53104
• [0051d1c83d] - test: increase allocation so it fails for the test (Adam Majer) #​53099
• [048cbe3304] - test: remove timers from test-tls-socket-close (Luigi Pinca) #​53019
• [8653d9223e] - test: replace .substr with .slice (Antoine du Hamel) #​53070
• [d74bda4241] - test: add AbortController to knownGlobals (Luigi Pinca) #​53020
• [f29e1e9838] - test: skip unstable shadow realm gc tests (Chengzhong Wu) #​52855
• [dfa498697e] - test,doc: enable running embedtest for Windows (Vladimir Morozov) #​52646
• [0381817f1d] - test_runner: calculate executed lines using source map (Moshe Atlow) #​53315
• [9d3699b5b0] - test_runner: handle file rename and deletion under watch mode (jakecastelli) #​53114
• [9a36258ca0] - test_runner: refactor to use min/max of validateInteger (Deokjin Kim) #​53148
• [a03a4c7bdd] - (SEMVER-MINOR) test_runner: add context.fullName (Colin Ihrig) #​53169
• [a72157077a] - test_runner: fix t.assert methods (Colin Ihrig) #​53049
• [ba764db9ab] - test_runner: avoid error when coverage line not found (Moshe Atlow) #​53000
• [3a4a0ebd06] - test_runner,doc: align documentation with actual stdout/stderr behavior (Moshe Atlow) #​53131
• [6e6646bdd5] - tls: check result of SSL_CTX_set_*_proto_version (Tobias Nießen) #​53459
• [2aceed4297] - tls: avoid taking ownership of OpenSSL objects (Tobias Nießen) #​53436
• [faa5cac18c] - tls: use SSL_get_peer_tmp_key (Tobias Nießen) #​53366
• [68fcbb635e] - tls: fix negative sessionTimeout handling (Tobias Nießen) #​53002
• [61a1c43ef1] - tools: fix skip detection of test runner output (Richard Lau) #​53545
• [53a7b6e1c0] - tools: fix c-ares update script (Marco Ippolito) #​53414
• [3bd5f46a15] - tools: update lint-md-dependencies (Node.js GitHub Bot) #​53158
• [daab9e170f] - tools: do not run Corepack code before it's reviewed (Antoine du Hamel) #​53405
• [d18a67f937] - tools: use Ubuntu 24.04 and Clang on GitHub actions (Michaël Zasso) #​53212
• [e9b7a52848] - tools: add stream label on MR when related files being changed in lib (jakecastelli) #​53269
• [04d78dd56d] - tools: remove no-goma arg from make-v8 script (Michaël Zasso) #​53336
• [37e725a500] - tools: use sccache Github action (Moshe Atlow) #​53316
• [2a1fde7e32] - tools: update error message for Type Error (Aviv Keller) #​53047
• [8f5fb4192d] - Revert "tools: add --certify-safe to nci-ci" (Antoine du Hamel) #​53098
• [69b828f5a5] - (SEMVER-MINOR) util: support --no- for argument with boolean type for parseArgs (Zhenwei Jin) #​53107
• [1a2f3ab4f5] - watch: fix variable naming (jakecastelli) #​53101

v20.15.1: 2024-07-08, Version 20.15.1 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
• CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
• CVE-2024-22018 - fs.lstat bypasses permission model (Low)
• CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
• CVE-2024-37372 - Permission model improperly processes UNC paths (Low)

Commits

• [60e184a6e4] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522
• [025cbd6936] - lib,permission: support fs.lstat (RafaelGSS) nodejs-private/node-private#486
• [d38ea17341] - lib,permission: disable fchmod/fchown when pm enabled (RafaelGSS) nodejs-private/node-private#584
• [1ba624cd3b] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596
• [2524d00c3d] - src,permission: fix UNC path resolution (RafaelGSS) nodejs-private/node-private#581
• [484cb0f13c] - src,permission: resolve path on fs_permission (Rafael Gonzaga) #​52761

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.