chore(deps): update dependency node to v20
This MR contains the following updates:
Package | Update | Change |
---|---|---|
node | major |
18.18.1 -> 20.9.0
|
node (source) | major |
18.18.2 -> 20.9.0
|
MR created with the help of gitlab-org/frontend/renovate-gitlab-bot
Release Notes
nodejs/node
v20.9.0
: 2023-10-24, Version 20.9.0 'Iron' (LTS), @richardlau
Notable Changes
This release marks the transition of Node.js 20.x into Long Term Support (LTS) with the codename 'Iron'. The 20.x release line now moves into "Active LTS" and will remain so until October 2024. After that time, it will move into "Maintenance" until end of life in April 2026.
Known issue
Collecting code coverage via the NODE_V8_COVERAGE
environment variable may
lead to a hang. This is not thought to be a regression in Node.js 20 (some
reports are on Node.js 18). For more information, including some potential
workarounds, see issue #49344.
v20.8.1
: 2023-10-13, Version 20.8.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
-
CVE-2023-44487:
nghttp2
Security Release (High) -
CVE-2023-45143:
undici
Security Release (High) - CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
- CVE-2023-39331: Permission model improperly protects against path traversal (High)
- CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
- CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Commits
- [
c86883e844
] - deps: update nghttp2 to 1.57.0 (James M Snell) #50121 - [
2860631359
] - deps: update undici to v5.26.3 (Matteo Collina) #50153 - [
cd37838bf8
] - lib: let deps requirenode
prefixed modules (Matthew Aitken) #50047 - [
f5c90b2951
] - module: fix code injection through export names (Tobias Nießen) nodejs-private/node-private#461 - [
fa5dae1944
] - permission: fix Uint8Array path traversal (Tobias Nießen) nodejs-private/node-private#456 - [
cd35275111
] - permission: improve path traversal protection (Tobias Nießen) nodejs-private/node-private#456 - [
a4cb7fc7c0
] - policy: use tamper-proof integrity check function (Tobias Nießen) nodejs-private/node-private#462
v20.8.0
: 2023-09-28, Version 20.8.0 (Current), @ruyadorno
Notable Changes
Stream performance improvements
Performance improvements to writable and readable streams, improving the creation and destruction by ±15% and reducing the memory overhead each stream takes in Node.js
Contributed by Benjamin Gruenbaum in #49745 and Raz Luvaton in #49834.
Performance improvements for readable webstream, improving readable stream async iterator consumption by ±140% and improving readable stream pipeTo
consumption by ±60%
Contributed by Raz Luvaton in #49662 and #49690.
vm
APIs with the importModuleDynamically
option
Rework of memory management in This rework addressed a series of long-standing memory leaks and use-after-free issues in the following APIs that support importModuleDynamically
:
vm.Script
vm.compileFunction
vm.SyntheticModule
vm.SourceTextModule
This should enable affected users (in particular Jest users) to upgrade from older versions of Node.js.
Contributed by Joyee Cheung in #48510.
Other notable changes
- [
32d4d29d02
] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #49874 - [
0e686d096b
] - doc: deprecatefs.F_OK
,fs.R_OK
,fs.W_OK
,fs.X_OK
(Livia Medeiros) #49683 - [
a5dd057540
] - doc: deprecateutil.toUSVString
(Yagiz Nizipli) #49725 - [
7b6a73172f
] - doc: deprecate callingpromisify
on a function that returns a promise (Antoine du Hamel) #49647 - [
1beefd5f16
] - esm: set all hooks as release candidate (Geoffrey Booth) #49597 - [
b0ce78a75b
] - module: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) #48510 - [
4e578f8ab1
] - module: fix leak of vm.SyntheticModule (Joyee Cheung) #48510 - [
69e4218772
] - module: use symbol in WeakMap to manage host defined options (Joyee Cheung) #48510 - [
14ece0aa76
] - (SEMVER-MINOR) src: allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) #49279 - [
9fd67fbff0
] - stream: use bitmap in writable state (Raz Luvaton) #49834 - [
0ccd4638ac
] - stream: use bitmap in readable state (Benjamin Gruenbaum) #49745 - [
7c5e322346
] - stream: improve webstream readable async iterator performance (Raz Luvaton) #49662 - [
80b342cc38
] - (SEMVER-MINOR) test_runner: accepttestOnly
inrun
(Moshe Atlow) #49753 - [
17a05b141d
] - (SEMVER-MINOR) test_runner: add junit reporter (Moshe Atlow) #49614
Commits
- [
4879e3fbbe
] - benchmark: add a benchmark for read() of ReadableStreams (Debadree Chatterjee) #49622 - [
78a6c73157
] - benchmark: shorten pipe-to by reducing number of chunks (Raz Luvaton) #49577 - [
4126a6e4c9
] - benchmark: fix webstream pipe-to (Raz Luvaton) #49552 - [
6010a91825
] - bootstrap: do not expand argv1 for snapshots (Joyee Cheung) #49506 - [
8480280c4b
] - bootstrap: only use the isolate snapshot when compiling code cache (Joyee Cheung) #49288 - [
b30754aa87
] - build: run embedtest using node executable (Joyee Cheung) #49506 - [
31db0b8e2b
] - build: add --write-snapshot-as-array-literals to configure.py (Joyee Cheung) #49312 - [
6fcb51d3ba
] - debugger: useinternal/url.URL
instead ofurl.parse
(LiviaMedeiros) #49590 - [
32d4d29d02
] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #49874 - [
ad37cadc3f
] - deps: V8: backportde9a5de
(Joyee Cheung) #49703 - [
cdd1c66222
] - deps: V8: cherry-pickb33bf2d
(Joyee Cheung) #49703 - [
61d18d6473
] - deps: update undici to 5.24.0 (Node.js GitHub Bot) #49559 - [
b8a4fef393
] - deps: remove pthread-fixes.c from uv.gyp (Ben Noordhuis) #49744 - [
6c86c0683c
] - deps: update googletest tod1467f5
(Node.js GitHub Bot) #49676 - [
1424404742
] - deps: update nghttp2 to 1.56.0 (Node.js GitHub Bot) #49582 - [
15b54ff95d
] - deps: update googletest to8a6feab
(Node.js GitHub Bot) #49463 - [
2ceab877c2
] - deps: update corepack to 0.20.0 (Node.js GitHub Bot) #49464 - [
4814872ddc
] - doc: fixDEP0176
number (LiviaMedeiros) #49858 - [
0e686d096b
] - doc: deprecatefs.F_OK
,fs.R_OK
,fs.W_OK
,fs.X_OK
(Livia Medeiros) #49683 - [
5877c403a2
] - doc: add mertcanaltin as a triager (mert.altin) #49826 - [
864fe56432
] - doc: addgit node backport
way to the backporting guide (Raz Luvaton) #49760 - [
e0f93492d5
] - doc: improve documentation about ICU data fallback (Joyee Cheung) #49666 - [
a5dd057540
] - doc: deprecateutil.toUSVString
(Yagiz Nizipli) #49725 - [
774c1cfd52
] - doc: add missing function call to example forutil.promisify
(Jungku Lee) #49719 - [
fe78a34845
] - doc: update output of example inmimeParams.set()
(Deokjin Kim) #49718 - [
4175ea33bd
] - doc: add missedinspect
with numericSeparator to example (Deokjin Kim) #49717 - [
3a88571972
] - doc: fix history comments (Antoine du Hamel) #49701 - [
db4ab1ccbb
] - doc: add missing history info forimport.meta.resolve
(Antoine du Hamel) #49700 - [
a304d1ee19
] - doc: link maintaining deps to pull-request.md (Marco Ippolito) #49716 - [
35294486ad
] - doc: fix print results inevents
(Jungku Lee) #49548 - [
9f0b0e15c9
] - doc: alphabetize cli.md sections (Geoffrey Booth) #49668 - [
7b6a73172f
] - doc: deprecate callingpromisify
on a function that returns a promise (Antoine du Hamel) #49647 - [
d316b32fff
] - doc: updatecorepack.md
to account for 0.20.0 changes (Antoine du Hamel) #49486 - [
c2eac7dc7c
] - doc: remove@anonrig
from performance initiative (Yagiz Nizipli) #49641 - [
3d839fbf87
] - doc: mark Node.js 16 as End-of-Life (Richard Lau) #49651 - [
53fb5aead8
] - doc: save user preference for JS flavor (Vidar Eldøy) #49526 - [
e3594d5658
] - doc: update documentation for node:process warning (Shubham Pandey) #49517 - [
8e033c3963
] - doc: rename possibly confusing variable and CSS class (Antoine du Hamel) #49536 - [
d0e0eb4bb3
] - doc: update outdated history info (Antoine du Hamel) #49530 - [
b4724e2e3a
] - doc: close a parenthesis (Sébastien Règne) #49525 - [
0471c5798e
] - doc: cast GetInternalField() return type to v8::Value in addons.md (Joyee Cheung) #49439 - [
9f8bea3dda
] - doc: fix documentation for input option in child_process (Ariel Weiss) #49481 - [
f3fea92f8a
] - doc: fix missing imports intest.run
code examples (Oshri Asulin) #49489 - [
e426b77b67
] - doc: fix documentation for fs.createWriteStream highWaterMark option (Mert Can Altın) #49456 - [
2b119108ff
] - doc: updated releasers instructions for node.js website (Claudio W) #49427 - [
b9d4a80183
] - doc: editimport.meta.resolve
documentation (Antoine du Hamel) #49247 - [
f67433f666
] - doc,tools: switch to@node-core/utils
(Michaël Zasso) #49851 - [
142e256fc5
] - errors: improve classRegExp in errors.js (Uzlopak) #49643 - [
6377f1bce2
] - errors: usedetermineSpecificType
in more error messages (Antoine du Hamel) #49580 - [
05f0fcb4c4
] - esm: identify parent importing a url with invalid host (Jacob Smith) #49736 - [
8a6f5fb8f3
] - esm: fix return type ofimport.meta.resolve
(Antoine du Hamel) #49698 - [
a6140f1b8c
] - esm: update loaders warning (Geoffrey Booth) #49633 - [
521a9327e0
] - esm: fix support forURL
instances inregister
(Antoine du Hamel) #49655 - [
3a9ea0925a
] - esm: clarify ERR_REQUIRE_ESM errors (Daniel Compton) #49521 - [
1beefd5f16
] - esm: set all hooks as release candidate (Geoffrey Booth) #49597 - [
be48267888
] - esm: remove return value forModule.register
(Antoine du Hamel) #49529 - [
e74a075124
] - esm: refactor test-esm-loader-resolve-type (Geoffrey Booth) #49493 - [
17823b3533
] - esm: refactor test-esm-named-exports (Geoffrey Booth) #49493 - [
f34bd15ac1
] - esm: refactor mocking test (Geoffrey Booth) #49465 - [
ec323bbd99
] - fs: replaceSetMethodNoSideEffect
in node_file (CanadaHonk) #49857 - [
6acf800123
] - fs: improve error performance forunlinkSync
(CanadaHonk) #49856 - [
31702c9403
] - fs: improvereadFileSync
with file descriptors (Yagiz Nizipli) #49691 - [
835f9fe7b9
] - fs: fix file descriptor validator (Yagiz Nizipli) #49752 - [
b618fe262f
] - fs: improve error performance ofopendirSync
(Yagiz Nizipli) #49705 - [
938471ef55
] - fs: improve error performance of sync methods (Yagiz Nizipli) #49593 - [
db3fc6d087
] - fs: fix readdir and opendir recursive with unknown file types (William Marlow) #49603 - [
0f020ed22d
] - gyp: put cctest filenames in variables (Cheng Zhao) #49178 - [
0ce1e94d12
] - lib: update encoding sets inWHATWG API
(Jungku Lee) #49610 - [
efd6815a7a
] - lib: fixinternalBinding
typings (Yagiz Nizipli) #49742 - [
1287d5b74e
] - lib: allow byob reader for 'blob.stream()' (Debadree Chatterjee) #49713 - [
bbc710522d
] - lib: reset the cwd cache before execution (Maël Nison) #49684 - [
f62d649e4d
] - lib: use internalfileURLToPath
(Deokjin Kim) #49558 - [
e515046941
] - lib: use internalpathToFileURL
(Livia Medeiros) #49553 - [
00608e8070
] - lib: check SharedArrayBuffer availability in freeze_intrinsics.js (Milan Burda) #49482 - [
8bfbe7079c
] - meta: fix linter error (Antoine du Hamel) #49755 - [
58f7a9e096
] - meta: add primordials strategic initiative (Benjamin Gruenbaum) #49706 - [
5366027756
] - meta: bump github/codeql-action from 2.21.2 to 2.21.5 (dependabot[bot]) #49438 - [
fe26b74082
] - meta: bump rtCamp/action-slack-notify from 2.2.0 to 2.2.1 (dependabot[bot]) #49437 - [
b0ce78a75b
] - module: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) #48510 - [
4e578f8ab1
] - module: fix leak of vm.SyntheticModule (Joyee Cheung) #48510 - [
69e4218772
] - module: use symbol in WeakMap to manage host defined options (Joyee Cheung) #48510 - [
96874e8fbc
] - node-api: enable uncaught exceptions policy by default (Chengzhong Wu) #49313 - [
b931aeadfd
] - perf_hooks: reduce overhead of new performance_entries (Vinicius Lourenço) #49803 - [
ad043bac31
] - process: add custom dir support for heapsnapshot-signal (Jithil P Ponnan) #47854 - [
8a7c10194c
] - repl: don't accumulate excess indentation in .load (Daniel X Moore) #49461 - [
10a2adeed5
] - src: improve error message when ICU data cannot be initialized (Joyee Cheung) #49666 - [
ce37688bac
] - src: remove unnecessary todo (Rafael Gonzaga) #49227 - [
f611583b71
] - src: use SNAPSHOT_SERDES to log snapshot ser/deserialization (Joyee Cheung) #49637 - [
a597cb8457
] - src: port Pipe to uv_pipe_bind2, uv_pipe_connect2 (Geoff Goodman) #49667 - [
fb21062338
] - src: set --rehash-snapshot explicitly (Joyee Cheung) #49556 - [
14ece0aa76
] - (SEMVER-MINOR) src: allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) #49279 - [
4b5e23c71b
] - src: set ModuleWrap internal fields only once (Joyee Cheung) #49391 - [
2d3f5c7cab
] - src: fix fs_type_to_name default value (Mustafa Ateş Uzun) #49239 - [
cfbcb1059c
] - src: fix comment on StreamResource (rogertyang) #49193 - [
39fb83ad16
] - src: do not rely on the internal field being default to undefined (Joyee Cheung) #49413 - [
9fd67fbff0
] - stream: use bitmap in writable state (Raz Luvaton) #49834 - [
0ccd4638ac
] - stream: use bitmap in readable state (Benjamin Gruenbaum) #49745 - [
b29d927010
] - stream: improve readable webstreampipeTo
(Raz Luvaton) #49690 - [
7c5e322346
] - stream: improve webstream readable async iterator performance (Raz Luvaton) #49662 - [
be211ef818
] - test: deflake test-vm-contextified-script-leak (Joyee Cheung) #49710 - [
355f10dab2
] - test: use checkIfCollectable in vm leak tests (Joyee Cheung) #49671 - [
17cfc531aa
] - test: add checkIfCollectable to test/common/gc.js (Joyee Cheung) #49671 - [
e49a573752
] - test: add os setPriority, getPriority test coverage (Wael) #38771 - [
5f02711522
] - test: deflake test-runner-output (Moshe Atlow) #49878 - [
cd9754d6a7
] - test: mark test-runner-output as flaky (Joyee Cheung) #49854 - [
5ad00424dd
] - test: use mustSucceed instead of mustCall (SiddharthDevulapalli) #49788 - [
3db9b40081
] - test: refactor test-readline-async-iterators into a benchmark (Shubham Pandey) #49237 - [
2cc5ad7859
] - Revert "test: mark test-http-regr-gh-2928 as flaky" (Luigi Pinca) #49708 - [
e5185b053c
] - test: usefs.constants
forfs.access
constants (Livia Medeiros) #49685 - [
b9e5b43462
] - test: deflake test-http-regr-gh-2928 (Luigi Pinca) #49574 - [
1fffda504e
] - test: fix argument computation in embedtest (Joyee Cheung) #49506 - [
6e56f2db52
] - test: skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) #49621 - [
ab3afb330d
] - test: mark test-runner-watch-mode as flaky (Joyee Cheung) #49627 - [
185d9b50db
] - test: deflake test-tls-socket-close (Luigi Pinca) #49575 - [
c70c74a9e6
] - test: show more info on failure in test-cli-syntax-require.js (Joyee Cheung) #49561 - [
ed7c6d1114
] - test: mark test-http-regr-gh-2928 as flaky (Joyee Cheung) #49565 - [
3599eebab9
] - test: use spawnSyncAndExitWithoutError in sea tests (Joyee Cheung) #49543 - [
f79b153e89
] - test: use spawnSyncAndExitWithoutError in test/common/sea.js (Joyee Cheung) #49543 - [
c079c73769
] - test: use setImmediate() in test-heapdump-shadowrealm.js (Joyee Cheung) #49573 - [
667a92493c
] - test: skip test-child-process-pipe-dataflow.js on Windows (Joyee Cheung) #49563 - [
91af0a9a3c
] - Revert "test: ignore the copied entry_point.c" (Chengzhong Wu) #49515 - [
567afc71b8
] - test: avoid copying test source files (Chengzhong Wu) #49515 - [
ced25a976d
] - test: increase coverage ofModule.register
andinitialize
hook (Antoine du Hamel) #49532 - [
be02fbdb8a
] - test: isolateglobalPreload
tests (Geoffrey Booth) #49545 - [
f214428845
] - test: split test-crypto-dh to avoid timeout on slow machines in the CI (Joyee Cheung) #49492 - [
3987094569
] - test: maketest-dotenv-node-options
locale-independent (Livia Medeiros) #49470 - [
34c1741792
] - test: add test for urlstrings usage innode:fs
(Livia Medeiros) #49471 - [
c3c6c4f007
] - test: make test-worker-prof more robust (Joyee Cheung) #49274 - [
843df1a4da
] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #49714 - [
80b342cc38
] - (SEMVER-MINOR) test_runner: accepttestOnly
inrun
(Moshe Atlow) #49753 - [
76865515b9
] - test_runner: fix test runner watch mode when no positional arguments (Moshe Atlow) #49578 - [
17a05b141d
] - (SEMVER-MINOR) test_runner: add junit reporter (Moshe Atlow) #49614 - [
5672e38457
] - test_runner: add jsdocs to mock.js (Caio Borghi) #49555 - [
b4d42a8f2b
] - test_runner: fix invalid timer call (Erick Wendel) #49477 - [
f755e6786b
] - test_runner: add jsdocs to MockTimers (Erick Wendel) #49476 - [
e7285d4bf0
] - test_runner: fix typescript coverage (Moshe Atlow) #49406 - [
07a2e29bf3
] - tools: support updating @reporters/github manually (Moshe Atlow) #49871 - [
5ac6722031
] - tools: skip ruff on tools/node_modules (Moshe Atlow) #49838 - [
462228bd24
] - tools: fix uvwasi updater (Michael Dawson) #49682 - [
ff81bfb958
] - tools: update lint-md-dependencies to rollup@3.29.2 (Node.js GitHub Bot) #49679 - [
08ffc6344c
] - tools: restrict internal code from using publicurl
module (LiviaMedeiros) #49590 - [
728ebf6c97
] - tools: update eslint to 8.49.0 (Node.js GitHub Bot) #49586 - [
20d038ffb1
] - tools: update lint-md-dependencies to rollup@3.29.0 unified@11.0.3 (Node.js GitHub Bot) #49584 - [
210c15bd12
] - tools: allow passing absolute path of config.gypi in js2c (Cheng Zhao) #49162 - [
e341efe173
] - tools: configure never-stale label correctly (Michaël Zasso) #49498 - [
a8a8a498ce
] - tools: update doc dependencies (Node.js GitHub Bot) #49467 - [
ac06607f9e
] - typings: fix missing property inExportedHooks
(Antoine du Hamel) #49567 - [
097b59807a
] - url: improve invalid url performance (Yagiz Nizipli) #49692 - [
7c2060cfac
] - util: addgetCwdSafe
internal util fn (João Lenon) #48434 - [
c23c60f545
] - zlib: disable CRC32 SIMD optimization (Luigi Pinca) #49511
v20.7.0
: 2023-09-18, Version 20.7.0 (Current), @UlisesGascon
Notable Changes
- [
022f1b70c1
] - src: support multiple--env-file
declarations (Yagiz Nizipli) #49542 - [
4a1d1cad61
] - crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot) #49341 - [
a1a65f593c
] - deps: upgrade npm to 10.1.0 (npm team) #49570 - [
6c2480cad9
] - (SEMVER-MINOR) deps: upgrade npm to 10.0.0 (npm team) #49423 - [
bef900e56b
] - doc: move and rename loaders section (Geoffrey Booth) #49261 - [
db4ce8a593
] - doc: add release key for Ulises Gascon (Ulises Gascón) #49196 - [
11c85ffa98
] - (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled (翠 / green) #46391 - [
ec51e25ed7
] - src,permission: add multiple allow-fs-* flags (Carlos Espa) #49047 - [
efdc95fbc0
] - (SEMVER-MINOR) test_runner: expose location of tests (Colin Ihrig) #48975
Commits
- [
e84515594e
] - benchmark: usetmpdir.resolve()
(Livia Medeiros) #49137 - [
f37444e896
] - bootstrap: build code cache from deserialized isolate (Joyee Cheung) #49099 - [
af6dc1754d
] - bootstrap: do not generate code cache in an unfinalized isolate (Joyee Cheung) #49108 - [
cade5716df
] - build: add symlink tocompile_commands.json
file if needed (Juan José) #49260 - [
34a2590b05
] - build: expand when we run internet tests (Michael Dawson) #49218 - [
f637fd46ab
] - build: fix typolibray
->library
(configure.py) (michalbiesek) #49106 - [
ef3d8dd493
] - crypto: remove webcrypto EdDSA key checks and properties (Filip Skokan) #49408 - [
4a1d1cad61
] - crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot) #49341 - [
7eb10a38ea
] - crypto: remove getDefaultEncoding() (Tobias Nießen) #49170 - [
772496c030
] - crypto: remove default encoding from DiffieHellman (Tobias Nießen) #49169 - [
c795083232
] - crypto: remove default encoding from Hash/Hmac (Tobias Nießen) #49167 - [
08197aa010
] - crypto: remove default encoding from sign/verify (Tobias Nießen) #49145 - [
a1a65f593c
] - deps: upgrade npm to 10.1.0 (npm team) #49570 - [
6c2480cad9
] - (SEMVER-MINOR) deps: upgrade npm to 10.0.0 (npm team) #49423 - [
84195d9584
] - deps: add missing thread-common.c in uv.gyp (Santiago Gimeno) #49410 - [
5b70b68b3d
] - deps: V8: cherry-pickeadaef5
(Adam Majer) #49401 - [
fe34d632e8
] - deps: update zlib to 1.2.13.1-motley-f5fd0ad (Node.js GitHub Bot) #49252 - [
db4ce8a593
] - doc: add release key for Ulises Gascon (Ulises Gascón) #49196 - [
e5f3a694cf
] - doc: fix node-api call example (Chengzhong Wu) #49395 - [
021345a724
] - doc: add news issue for Diagnostics WG (Michael Dawson) #49306 - [
f82347266b
] - doc: clarify policy expectations (Rafael Gonzaga) #48947 - [
73cfd9c895
] - doc: add print results for examples inStringDecoder
(Jungku Lee) #49326 - [
63ab591416
] - doc: update outdated reference to NIST SP 800-131A (Tobias Nießen) #49316 - [
935dfe2afd
] - doc: usecjs
as block code's type inMockTimers
(Deokjin Kim) #49309 - [
7c0cd2fb87
] - doc: updateoptions.filter
description forfs.cp
(Shubham Pandey) #49289 - [
f72e79ea67
] - doc: add riscv64 to list of architectures (Stewart X Addison) #49284 - [
d19c710064
] - doc: avoid "not currently recommended" (Tobias Nießen) #49300 - [
ae656101c0
] - doc: update module hooks docs (Geoffrey Booth) #49265 - [
fefbdb92f2
] - doc: modify param description for end(),write() inStringDecoder
(Jungku Lee) #49285 - [
59e66a1ebe
] - doc: use NODE_API_SUPPORTED_VERSION_MAX in release doc (Cheng Zhao) #49268 - [
ac3b88449b
] - doc: fix typo instream.finished
documentation (Antoine du Hamel) #49271 - [
7428ebf6c3
] - doc: update description forpercent_encode
sets inWHATWG API
(Jungku Lee) #49258 - [
bef900e56b
] - doc: move and rename loaders section (Geoffrey Booth) #49261 - [
a22e0d9696
] - doc: clarify use of Uint8Array for n-api (Fedor Indutny) #48742 - [
1704f24cb9
] - doc: add signature formodule.register
(Geoffrey Booth) #49251 - [
5a363bb01b
] - doc: caveat unavailability ofimport.meta.resolve
in custom loaders (Jacob Smith) #49242 - [
8101f2b259
] - doc: use same name in the doc as in the code (Hyunjin Kim) #49216 - [
edf278d60d
] - doc: add notable-change label mention to MR template (Rafael Gonzaga) #49188 - [
3df2251a6a
] - doc: add h1 summary to security release process (Rafael Gonzaga) #49112 - [
9fcd99a744
] - doc: update to semver-minor releases by default (Rafael Gonzaga) #49175 - [
777931f499
] - doc: fix wording in napi_async_init (Tobias Nießen) #49180 - [
f45c8e10c0
] - doc,test: add known path resolution issue in permission model (Tobias Nießen) #49155 - [
a6cfea3f74
] - esm: align sync and async load implementations (Antoine du Hamel) #49152 - [
9fac310b33
] - fs: add the options param description in openAsBlob() (Yeseul Lee) #49308 - [
92772a8175
] - fs: remove redundant code in readableWebStream() (Deokjin Kim) #49298 - [
88ba79b083
] - fs: make sure to write entire buffer (Robert Nagy) #49211 - [
11c85ffa98
] - (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled (翠 / green) #46391 - [
c12711ebfe
] - lib: implement WeakReference on top of JS WeakRef (Joyee Cheung) #49053 - [
9a0891f88d
] - meta: bump step-security/harden-runner from 2.5.0 to 2.5.1 (dependabot[bot]) #49435 - [
ae67f41ef1
] - meta: bump actions/checkout from 3.5.3 to 3.6.0 (dependabot[bot]) #49436 - [
71b4411fb2
] - meta: bump actions/setup-node from 3.7.0 to 3.8.1 (dependabot[bot]) #49434 - [
83b7d3a395
] - meta: remove modules team from CODEOWNERS (Benjamin Gruenbaum) #49412 - [
81ff68c45c
] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #49264 - [
ab975233cc
] - meta: mention nodejs/tsc when changing GH templates (Rafael Gonzaga) #49189 - [
ceaa5494de
] - meta: add test/reporters to codeowners (Chemi Atlow) #49186 - [
de0a51b7cf
] - net: improve performance of isIPv4 and isIPv6 (Uzlopak) #49568 - [
8d0913bf95
] - net: use asserts in JS Socket Stream to catch races in future (Tim Perry) #49400 - [
2486836a7d
] - net: fix crash due to simultaneous close/shutdown on JS Stream Sockets (Tim Perry) #49400 - [
7a808340cd
] - node-api: fix compiler warning in node_api.h (Michael Graeb) #49103 - [
30f26a99f4
] - permission: ensure to resolve path when calling mkdtemp (RafaelGSS) nodejs-private/node-private#440 - [
5051c75a5b
] - policy: fix path to URL conversion (Antoine du Hamel) #49133 - [
173aed4757
] - report: fix recent coverity warning (Michael Dawson) #48954 - [
d7ff78b442
] - sea: generate code cache with deserialized isolate (Joyee Cheung) #49226 - [
022f1b70c1
] - src: support multiple--env-file
declarations (Yagiz Nizipli) #49542 - [
154b1c2115
] - src: don't overwrite environment from .env file (Phil Nash) #49424 - [
dc4de1c69b
] - src: modify code for empty string (pluris) #49336 - [
701c46f967
] - src: remove unused PromiseWrap-related code (Joyee Cheung) #49335 - [
4a094dc7af
] - src: rename IsAnyByteSource to IsAnyBufferSource (Tobias Nießen) #49346 - [
55d6649175
] - src: support snapshot deserialization in RAIIIsolate (Joyee Cheung) #49226 - [
dc092864ef
] - src: remove unused functionGetName()
in node_perf (Jungku Lee) #49244 - [
f2552a410e
] - src: use ARES_SUCCESS instead of 0 (Jungku Lee) #49048 - [
4a9ae31519
] - src: add a condition if the argument ofDomainToUnicode
is empty (Jungku Lee) #49097 - [
f460362cdf
] - src: remove C++ WeakReference implementation (Joyee Cheung) #49053 - [
2a35383b3e
] - src: use per-realm GetBindingData() wherever applicable (Joyee Cheung) #49007 - [
184bbddcf5
] - src: add per-realm GetBindingData() method (Joyee Cheung) #49007 - [
e9946885f9
] - src: serialize both BaseObject slots (Joyee Cheung) #48996 - [
ec51e25ed7
] - src,permission: add multiple allow-fs-* flags (Carlos Espa) #49047 - [
8aac95de4b
] - stream: improve tee perf by reduceReflectConstruct
usages (Raz Luvaton) #49546 - [
0eea7fd8fb
] - stream: use Buffer.from when constructor is a Buffer (Matthew Aitken) #49250 - [
b961d9bd52
] - stream: addhighWaterMark
for the map operator (Raz Luvaton) #49249 - [
ca1384166d
] - test: fix warning for comment in embedtest (Jungku Lee) #49416 - [
2a35782809
] - test: simplify test-crypto-dh-group-setters (Tobias Nießen) #49404 - [
6740f3c209
] - test: verify dynamic import call with absolute path strings (Chengzhong Wu) #49275 - [
6ed47bd8fb
] - test: reduce length in crypto keygen tests (Joyee Cheung) #49221 - [
4faa30c553
] - test: split JWK async elliptic curve keygen tests (Joyee Cheung) #49221 - [
e04a2603d8
] - test: split test-crypto-keygen.js (Joyee Cheung) #49221 - [
0d23c1d4ce
] - test: rename test-crypto-modp1-error (Tobias Nießen) #49348 - [
48e41569e2
] - test: migrate message source map tests from Python to JS (Yiyun Lei) #49238 - [
a11e64e09c
] - test: fix compiler warning in NodeCryptoEnv (Tobias Nießen) #49206 - [
345543938f
] - test: handle EUNATCH (Abdirahim Musse) #48050 - [
e391f4b197
] - test: usetmpdir.resolve()
(Livia Medeiros) #49136 - [
910378f93f
] - test: reduce flakiness oftest-esm-loader-hooks
(Antoine du Hamel) #49248 - [
4a85f70462
] - test: add spawnSyncAndExit() and spawnSyncAndExitWithoutError() (Joyee Cheung) #49200 - [
9610008b79
] - test: make test-perf-hooks more robust and work with workers (Joyee Cheung) #49197 - [
dc8fff9a75
] - test: use gcUntil() in test-v8-serialize-leak (Joyee Cheung) #49168 - [
ca9f801332
] - test: make WeakReference tests robust (Joyee Cheung) #49053 - [
de103a4686
] - test: add test for effect of UV_THREADPOOL_SIZE (Tobias Nießen) #49165 - [
47d24f144b
] - test: use expectSyncExit{WithErrors} in snapshot tests (Joyee Cheung) #49020 - [
c441f5a097
] - test: add expectSyncExitWithoutError() and expectSyncExit() utils (Joyee Cheung) #49020 - [
4d184b5251
] - test: remove --no-warnings flag in test_runner fixtures (Raz Luvaton) #48989 - [
25e967a90b
] - test: reorder test files fixtures for better understanding (Raz Luvaton) #48787 - [
fac56dbcc0
] - test,benchmark: usetmpdir.fileURL()
(Livia Medeiros) #49138 - [
36763fa532
] - test_runner: preserve original property descriptor (Erick Wendel) #49433 - [
40e9fcdbea
] - test_runner: add support for setImmediate (Erick Wendel) #49397 - [
23216f1935
] - test_runner: report covered lines, functions and branches to reporters (Phil Nash) #49320 - [
283f2806b1
] - test_runner: expose spec reporter as newable function (Chemi Atlow) #49184 - [
546ad5f770
] - test_runner: reland run global after() hook earlier (Colin Ihrig) #49116 - [
efdc95fbc0
] - (SEMVER-MINOR) test_runner: expose location of tests (Colin Ihrig) #48975 - [
4bc0a8fe99
] - test_runner: fix global after not failing the tests (Raz Luvaton) #48913 - [
08738b2664
] - test_runner: fix timeout in *Each hook failing further tests (Raz Luvaton) #48925 - [
c2f1830f66
] - test_runner: cleanup test timeout abort listener (Raz Luvaton) #48915 - [
75333f38b2
] - test_runner: fix global before not called when no global test exists (Raz Luvaton) #48877 - [
b28b85adf8
] - tls: remove redundant code in onConnectSecure() (Deokjin Kim) #49457 - [
83fc4dccbc
] - tls: refactor to use validateFunction (Deokjin Kim) #49422 - [
8949cc79dd
] - tls: ensure TLS Sockets are closed if the underlying wrap closes (Tim Perry) #49327 - [
1df56e6f01
] - tools: update eslint to 8.48.0 (Node.js GitHub Bot) #49343 - [
ef50ec5b57
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #49342 - [
9a8fb4fc34
] - tools: remove v8_dump_build_config action (Cheng Zhao) #49301 - [
91b2d4314b
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #49253 - [
b51946ebdd
] - tools: fix github reporter appended multiple times (Moshe Atlow) #49199 - [
ae40cb1612
] - url: validatepathToFileURL(path)
argument as string (LiviaMedeiros) #49161 - [
e787673dcf
] - url: handle unicode hostname if empty (Yagiz Nizipli) #49396 - [
6ee74be87f
] - vm: store MicrotaskQueue in ContextifyContext directly (Joyee Cheung) #48982 - [
0179c6dc8f
] - worker: protect against user mutating well-known prototypes (Antoine du Hamel) #49270
v20.6.1
: 2023-09-08, Version 20.6.1 (Current), @ruyadorno and @RafaelGSS
Commit
- [
8acbe6d8e8
] - esm: fix loading of CJS modules from ESM (Antoine du Hamel) #49500
v20.6.0
: 2023-09-04, Version 20.6.0 (Current), @juanarbol prepared by @UlisesGascon
Notable changes
.env
file support
built-in Starting from Node.js v20.6.0, Node.js supports .env
files for configuring environment variables.
Your configuration file should follow the INI file format, with each line containing a key-value pair for an environment variable.
To initialize your Node.js application with predefined configurations, use the following CLI command: node --env-file=config.env index.js
.
For example, you can access the following environment variable using process.env.PASSWORD
when your application is initialized:
PASSWORD=nodejs
In addition to environment variables, this change allows you to define your NODE_OPTIONS
directly in the .env
file, eliminating the need to include it in your package.json
.
This feature was contributed by Yagiz Nizipli in #48890.
import.meta.resolve
unflagged
In ES modules, import.meta.resolve(specifier)
can be used to get an absolute URL string to which specifier
resolves, similar to require.resolve
in CommonJS. This aligns Node.js with browsers and other server-side runtimes.
This feature was contributed by Guy Bedford in #49028
node:module
API register
for module customization hooks; new initialize
hook
New There is a new API register
available on node:module
to specify a file that exports module customization hooks, and pass data to the hooks, and establish communication channels with them. The “define the file with the hooks” part was previously handled by a flag --experimental-loader
, but when the hooks moved into a dedicated thread in 20.0.0 there was a need to provide a way to communicate between the main (application) thread and the hooks thread. This can now be done by calling register
from the main thread and passing data, including MessageChannel
instances.
We encourage users to migrate to an approach that uses --import
with register
, such as:
node --import ./file-that-calls-register.js ./app.js
Using --import
ensures that the customization hooks are registered before any application code runs, even the entry point.
This feature was contributed by Izaak Schroeder in #48842 and #48559
load
hook can now support CommonJS
Module customization Authors of module customization hooks can how handle both ES module and CommonJS sources in the load
hook. This works for CommonJS modules referenced via either import
or require
, so long as the main entry point of the application is handled by the ES module loader (such as because the entry point is an ES module file, or if the --import
flag is passed). This should simplify the customization of the Node.js module loading process, as package authors can customize more of Node.js without relying on deprecated APIs such as require.extensions
.
This feature was contributed by Antoine du Hamel in #47999
Node.js C++ addons now have experimental support for cppgc (Oilpan), a C++ garbage collection library in V8.
Now when Node.js starts up, it makes sure that there is a v8::CppHeap
attached to the V8 isolate. This enables users to allocate in the v8::CppHeap
using <cppgc/*>
headers from V8, which are now also included into the Node.js headers available to addons. Note that since Node.js only bundles the cppgc library coming from V8, the ABI stability of cppgc is currently not guaranteed in semver-minor and -patch updates, but we do not expect the ABI to break often, as it has been stable and battle-tested in Chromium for years. We may consider including cppgc into the ABI stability guarantees when it gets enough adoption internally and externally.
To help addon authors create JavaScript-to-C++ references of which V8's garbage collector can be aware, a helper function node::SetCppgcReference(isolate, js_object, cppgc_object)
has been added to node.h
. V8 may provide a native alternative in the future, which could then replace this Node.js-specific helper. In the mean time, users can use this API to avoid having to hard-code the layout of JavaScript wrapper objects. An example of how to create garbage-collected C++ objects in the unified heap and wrap it in a JavaScript object can be found in the Node.js addon tests.
The existing node::ObjectWrap
helper would continue to work, while cppgc-based object management serves as an alternative with some advantages mentioned in the V8 blog post about Oilpan.
This feature was contributed by Daryl Haresign and Joyee Cheung in #48660 and #45704.
Other notable changes
- [
d6862b085c
] - deps: V8: cherry-pick9327503
(Joyee Cheung) #48660 - [
00fc8bb8b3
] - doc: add rluvaton to collaborators (Raz Luvaton) #49215 - [
d649339abd
] - doc: add new TSC members (Michael Dawson) #48841 - [
67f9896247
] - (SEMVER-MINOR) inspector: open addSymbolDispose
(Chemi Atlow) #48765 - [
5aef593db3
] - module: implementregister
utility (João Lenon) #46826
Commits
- [
771abcb5da
] - benchmark: add benchmarks for the test_runner (Raz Luvaton) #48931 - [
6b27bb0dab
] - benchmark: add pm startup benchmark (Rafael Gonzaga) #48905 - [
1f35c0ca55
] - child_process: harden against prototype pollution (Livia Medeiros) #48726 - [
d6862b085c
] - deps: V8: cherry-pick9327503
(Joyee Cheung) #48660 - [
f71e383948
] - deps: update simdutf to 3.2.17 (Node.js GitHub Bot) #49019 - [
e14f0456ae
] - deps: update googletest to7e33b6a
(Node.js GitHub Bot) #49034 - [
bfaa0fb500
] - deps: update zlib to 1.2.13.1-motley-526382e (Node.js GitHub Bot) #49033 - [
b79c652c85
] - deps: update undici to 5.23.0 (Node.js GitHub Bot) #49021 - [
6ead86145c
] - deps: update googletest toc875c4e
(Node.js GitHub Bot) #48964 - [
4b0e50501e
] - deps: update ada to 2.6.0 (Node.js GitHub Bot) #48896 - [
d960ee0ba3
] - deps: upgrade npm to 9.8.1 (npm team) #48838 - [
d92b0139ca
] - deps: update zlib to 1.2.13.1-motley-61dc0bd (Node.js GitHub Bot) #48788 - [
2a7835c376
] - deps: V8: cherry-pick9f4b769
(Joyee Cheung) #48830 - [
c8e17829ac
] - deps: V8: cherry-pickc1a54d5
(Joyee Cheung) #48830 - [
318e075b6f
] - deps: update googletest tocc36671
(Node.js GitHub Bot) #48789 - [
114e088267
] - diagnostics_channel: fix last subscriber removal (Gabriel Schulhof) #48933 - [
00fc8bb8b3
] - doc: add rluvaton to collaborators (Raz Luvaton) #49215 - [
21949c45b6
] - doc: add print results for examples inWebStreams
(Jungku Lee) #49143 - [
032107a6fe
] - doc: fixType
notation in webstreams (Deokjin Kim) #49121 - [
91d41e7c5a
] - doc: fix name of the flag ininitialize()
docs (Antoine du Hamel) #49158 - [
aa4caf810e
] - doc: make the NODE_VERSION_IS_RELEASE revert clear (Rafael Gonzaga) #49114 - [
f888a1dbe3
] - doc: update process.binding deprecation text (Tobias Nießen) #49086 - [
89fa3faf92
] - doc: update with latest security release (Rafael Gonzaga) #49085 - [
3d36e7a941
] - doc: add description for--port
flag ofnode inspect
(Michael Bianco) #48785 - [
e9d9ca12a3
] - doc: add missing period (Rich Trott) #49094 - [
7e7b554de0
] - doc: add ESM examples in http.md (btea) #47763 - [
48f8ccfd54
] - doc: detailed description of keystrokes Ctrl-Y and Meta-Y (Ray) #43529 - [
195885c8f8
] - doc: add "type" to test runner event details (Phil Nash) #49014 - [
6ce25f8415
] - doc: reserve 118 for Electron 27 (David Sanders) #49023 - [
9c26c0f296
] - doc: clarify use of process.env in worker threads on Windows (Daeyeon Jeong) #49008 - [
7186e02aa0
] - doc: remove v14 mention (Rafael Gonzaga) #49005 - [
9641ac6c65
] - doc: drop github actions check in sec release process (Rafael Gonzaga) #48978 - [
f3d62abb19
] - doc: improved joinDuplicateHeaders definition (Matteo Bianchi) #48859 - [
0db104a08b
] - doc: fix second parameter name ofevents.addAbortListener
(Deokjin Kim) #48922 - [
5173c559b7
] - doc: add new reporter events to custom reporter examples (Chemi Atlow) #48903 - [
660da785e6
] - doc: run license-builder (github-actions[bot]) #48898 - [
092f9fe92a
] - doc: change duration to duration_ms on test documentation (Ardi_Nugraha) #48892 - [
5e4730858d
] - doc: improve requireHostHeader (Guido Penta) #48860 - [
045e3c549a
] - doc: add ver of 18.x where Node-api 9 is supported (Michael Dawson) #48876 - [
c20d35df34
] - doc: include experimental features assessment (Rafael Gonzaga) #48824 - [
d649339abd
] - doc: add new TSC members (Michael Dawson) #48841 - [
aeac327f2b
] - doc: refactor node-api support matrix (Michael Dawson) #48774 - [
388c7d9232
] - doc: declarepath
on example ofasync_hooks.executionAsyncId()
(Deokjin Kim) #48556 - [
fe20528c8e
] - doc: remove the . in the end to reduce confusing (Jason) #48719 - [
e69c8e173f
] - doc: nodejs-social over nodejs/tweet (Rafael Gonzaga) #48769 - [
ea547849fd
] - doc: expand on squashing and rebasing to land a MR (Chengzhong Wu) #48751 - [
31442b96a5
] - esm: fixglobalPreload
warning (Antoine du Hamel) #49069 - [
eb1215878b
] - esm: unflag import.meta.resolve (Guy Bedford) #49028 - [
57b24a34e6
] - esm: import.meta.resolve exact module not found errors should return (Guy Bedford) #49038 - [
f23b2a3066
] - esm: protectERR_UNSUPPORTED_DIR_IMPORT
against prototype pollution (Antoine du Hamel) #49060 - [
386e826a56
] - esm: addinitialize
hook, integrate withregister
(Izaak Schroeder) #48842 - [
74a2e1e0ab
] - esm: fix typoparentUrl
->parentURL
(Antoine du Hamel) #48999 - [
0a4f7c669a
] - esm: unflagModule.register
and allow nested loaderimport()
(Izaak Schroeder) #48559 - [
a5597470ce
] - esm: add backglobalPreload
tests and fix failing ones (Antoine du Hamel) #48779 - [
d568600b42
] - events: remove weak listener for event target (Raz Luvaton) #48952 - [
3d942d9842
] - fs: fix readdir recursive sync & callback (Ethan Arrowood) #48698 - [
c14ff69d69
] - fs: mentionURL
in NUL character error message (LiviaMedeiros) #48828 - [
d634d781d7
] - fs: makemkdtemp
accept buffers and URL (LiviaMedeiros) #48828 - [
4515a285a4
] - fs: remove redundantnullCheck
(Livia Medeiros) #48826 - [
742597b14a
] - http: start connections checking interval on listen (Paolo Insogna) #48611 - [
67f9896247
] - (SEMVER-MINOR) inspector: open addSymbolDispose
(Chemi Atlow) #48765 - [
b66a3c1c96
] - lib: fix MIME overmatch in data URLs (André Alves) #49104 - [
dca8678a22
] - lib: fix to add resolve() before return at Blob.stream()'s source.pull() (bellbind) #48935 - [
420b85c00f
] - lib: remove invalid parameter to toASCII (Yagiz Nizipli) #48878 - [
a12ce11b09
] - lib,permission: drop repl autocomplete when pm enabled (Rafael Gonzaga) #48920 - [
458eaf5e75
] - meta: bump github/codeql-action from 2.20.1 to 2.21.2 (dependabot[bot]) #48986 - [
4f88cb10e0
] - meta: bump step-security/harden-runner from 2.4.1 to 2.5.0 (dependabot[bot]) #48985 - [
22fc2a6ec6
] - meta: bump actions/setup-node from 3.6.0 to 3.7.0 (dependabot[bot]) #48984 - [
40103adabd
] - meta: bump actions/setup-python from 4.6.1 to 4.7.0 (dependabot[bot]) #48983 - [
84c0c6848c
] - meta: add mailmap entry for atlowChemi (Chemi Atlow) #48810 - [
1a6e9450b8
] - module: make CJS load from ESM loader (Antoine du Hamel) #47999 - [
a5322c4b4a
] - module: ensure successful import returns the same result (Antoine du Hamel) #46662 - [
5aef593db3
] - module: implementregister
utility (João Lenon) #46826 - [
015c4f788d
] - node-api: avoid macro redefinition (Tobias Nießen) #48879 - [
53ee98566b
] - permission: move PrintTree into unnamed namespace (Tobias Nießen) #48874 - [
30ea480135
] - permission: fix data types in PrintTree (Tobias Nießen) #48770 - [
8380800375
] - readline: add paste bracket mode (Jakub Jankiewicz) #47150 - [
bc009d0c10
] - sea: add support for V8 bytecode-only caching (Darshan Sen) #48191 - [
f2f4ce9e29
] - src: use effective cppgc wrapper id to deduce non-cppgc id (Joyee Cheung) #48660 - [
bf7ff369f6
] - src: add built-in.env
file support (Yagiz Nizipli) #48890 - [
8d6948f8e2
] - src: remove duplicated code inGenerateSingleExecutableBlob()
(Jungku Lee) #49119 - [
b030004cee
] - src: refactor vector writing in snapshot builder (Joyee Cheung) #48851 - [
497df8288d
] - src: add ability to overload fast api functions (Yagiz Nizipli) #48993 - [
e5b0dfa359
] - src: remove redundant code for uv_handle_type (Jungku Lee) #49061 - [
f126b9e3d1
] - src: modernize use-equals-default (Jason) #48735 - [
db4370fc3e
] - src: avoid string copy in BuiltinLoader::GetBuiltinIds (Yagiz Nizipli) #48721 - [
9d13503c4e
] - src: fix callback_queue.h missing header (Jason) #48733 - [
6c389df3aa
] - src: cast v8::Object::GetInternalField() return value to v8::Value (Joyee Cheung) #48943 - [
7b9adff0be
] - src: do not pass user input to format string (Antoine du Hamel) #48973 - [
e0fdb7b092
] - src: remove ContextEmbedderIndex::kBindingDataStoreIndex (Joyee Cheung) #48836 - [
578c3d1e14
] - src: use ARES_SUCCESS instead of 0 (Hyunjin Kim) #48834 - [
ed23426aac
] - src: save the performance milestone time origin in the AliasedArray (Joyee Cheung) #48708 - [
5dec186663
] - src: support snapshot in single executable applications (Joyee Cheung) #46824 - [
d759d4f631
] - src: remove unnecessary temporary creation (Jason) #48734 - [
409cc692db
] - src: fix nullptr access on realm (Jan Olaf Krems) #48802 - [
07d0fd61b1
] - src: remove OnScopeLeaveImpl's move assignment overload (Jason) #48732 - [
41cc3efa23
] - src: use string_view for utf-8 string creation (Yagiz Nizipli) #48722 - [
62a46d9335
] - src,permission: restrict by default when pm enabled (Rafael Gonzaga) #48907 - [
099159ce04
] - src,tools: initialize cppgc (Daryl Haresign) #48660 - [
600c08d197
] - stream: improve WebStreams performance (Raz Luvaton) #49089 - [
609b25fa99
] - stream: implement ReadableStream.from (Debadree Chatterjee) #48395 - [
750cca2738
] - test: usetmpdir.resolve()
(Livia Medeiros) #49128 - [
6595367649
] - test: usetmpdir.resolve()
(Livia Medeiros) #49127 - [
661b055e75
] - test: usetmpdir.resolve()
in fs tests (Livia Medeiros) #49126 - [
b3c56d206f
] - test: usetmpdir.resolve()
in fs tests (Livia Medeiros) #49125 - [
3ddb155d16
] - test: fix assertion message in test_async.c (Tobias Nießen) #49146 - [
1d17c1032d
] - test: refactortest-esm-loader-hooks
for easier debugging (Antoine du Hamel) #49131 - [
13bd7a0293
] - test: addtmpdir.resolve()
(Livia Medeiros) #49079 - [
89b1bce56d
] - test: documentfixtures.fileURL()
(Livia Medeiros) #49083 - [
2fcb855c76
] - test: reduce flakiness oftest-esm-loader-hooks
(Antoine du Hamel) #49105 - [
7816e040df
] - test: stabilize the inspector-open-dispose test (Chemi Atlow) #49000 - [
e70e9747e4
] - test: print instruction for creating missing snapshot in assertSnapshot (Raz Luvaton) #48914 - [
669ac03520
] - test: addtmpdir.fileURL()
(Livia Medeiros) #49040 - [
b945d7be35
] - test: usespawn
andspawnPromisified
instead ofexec
(Antoine du Hamel) #48991 - [
b3a7427583
] - test: refactortest-node-output-errors
(Antoine du Hamel) #48992 - [
6c3e5c4d69
] - test: usefixtures.fileURL
when appropriate (Antoine du Hamel) #48990 - [
9138b78bcb
] - test: validate error code rather than message (Antoine du Hamel) #48972 - [
b4ca4a6f80
] - test: fix snapshot tests when cwd contains spaces or backslashes (Antoine du Hamel) #48959 - [
d4398d458c
] - test: ordercommon.mjs
in ASCII order (Antoine du Hamel) #48960 - [
b5991f5250
] - test: fix some assumptions in tests (Antoine du Hamel) #48958 - [
62e23f83f9
] - test: improve internal/worker/io.js coverage (Yoshiki Kurihara) #42387 - [
314bd6095c
] - test: fixes-module/test-esm-initialization
(Antoine du Hamel) #48880 - [
3680a66df4
] - test: validate host with commas on url.parse (Yagiz Nizipli) #48878 - [
24c3742372
] - test: delete test-net-bytes-per-incoming-chunk-overhead (Michaël Zasso) #48811 - [
e01cce50f5
] - test: skip experimental test with pointer compression (Colin Ihrig) #48738 - [
d5e93b1074
] - test: fix flaky test-string-decode.js on x86 (Stefan Stojanovic) #48750 - [
9136667d7d
] - test_runner: dont set exit code on todo tests (Moshe Atlow) #48929 - [
52c94908c0
] - test_runner: fix todo and only in spec reporter (Moshe Atlow) #48929 - [
5ccfb8d515
] - test_runner: unwrap error message in TAP reporter (Colin Ihrig) #48942 - [
fa19b0ed05
] - test_runner: add__proto__
null (Raz Luvaton) #48663 - [
65d23940bf
] - test_runner: fix async callback in describe not awaited (Raz Luvaton) #48856 - [
4bd5e55b43
] - test_runner: fix test_runnertest:fail
event type (Ethan Arrowood) #48854 - [
41058beed8
] - test_runner: call abort on test finish (Raz Luvaton) #48827 - [
821b11a59f
] - tls: fix bugs of double TLS (rogertyang) #48969 - [
4439327e73
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #49122 - [
21dc844309
] - tools: use spec reporter in actions (Moshe Atlow) #49129 - [
3471758696
] - tools: use @reporters/github when running in github actions (Moshe Atlow) #49129 - [
95a6e7661e
] - tools: add @reporters/github to tools (Moshe Atlow) #49129 - [
995cbf93eb
] - tools: update eslint to 8.47.0 (Node.js GitHub Bot) #49124 - [
ed065bc56e
] - tools: update lint-md-dependencies to rollup@3.27.2 (Node.js GitHub Bot) #49035 - [
a5f37178ad
] - tools: limit the number of auto start CIs (Antoine du Hamel) #49067 - [
c1bd680f89
] - tools: update eslint to 8.46.0 (Node.js GitHub Bot) #48966 - [
e09a6b4821
] - tools: update lint-md-dependencies to rollup@3.27.0 (Node.js GitHub Bot) #48965 - [
0cd2393bd9
] - tools: update lint-md-dependencies to rollup@3.26.3 (Node.js GitHub Bot) #48888 - [
41929a2906
] - tools: update lint-md-dependencies to @rollup/plugin-commonjs@25.0.3 (Node.js GitHub Bot) #48791 - [
1761bdfbd9
] - tools: update eslint to 8.45.0 (Node.js GitHub Bot) #48793 - [
b82f05cc4b
] - typings: update JSDoc forcwd
inchild_process
(LiviaMedeiros) #49029 - [
be7b511255
] - typings: sync JSDoc with the actual implementation (Hyunjin Kim) #48853 - [
45c860035d
] - url: overloadcanParse
V8 fast api method (Yagiz Nizipli) #48993 - [
60d614157b
] - url: fixisURL
detection by checkingpath
(Zhuo Zhang) #48928 - [
b12c3b5240
] - url: ensure getter access do not mutate observable symbols (Antoine du Hamel) #48897 - [
30fb7b7535
] - url: reducepathToFileURL
cpp calls (Yagiz Nizipli) #48709 - [
c3dbd0c1e4
] - util: useprimordials.ArrayPrototypeIndexOf
instead of mutable method (DaisyDogs07) #48586 - [
b79b2927ca
] - watch: decrease debounce rate (Moshe Atlow) #48926 - [
a12996298e
] - watch: use debounce instead of throttle (Moshe Atlow) #48926
v20.5.1
: 2023-08-09, Version 20.5.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
- CVE-2023-32002: Policies can be bypassed via Module._load (High)
- CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High)
- CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
- CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
- CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
- CVE-2023-32005: fs.statfs can bypass the permission model (Low)
- CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
- OpenSSL Security Releases
More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.
Commits
- [
92300b51b4
] - deps: update archs files for openssl-3.0.10+quic1 (Node.js GitHub Bot) #49036 - [
559698abf2
] - deps: upgrade openssl sources to quictls/openssl-3.0.10+quic1 (Node.js GitHub Bot) #49036 - [
1bf3429e8e
] - lib,permission: restrict process.binding when pm is enabled (RafaelGSS) nodejs-private/node-private#438 - [
98a83a67e6
] - permission: ensure to resolve path when calling mkdtemp (RafaelGSS) nodejs-private/node-private#464 - [
1f0cde466b
] - permission: handle buffer path on fs calls (RafaelGSS) nodejs-private/node-private#439 - [
bd094d60ea
] - permission: handle fstatfs and add pm supported list (RafaelGSS) nodejs-private/node-private#441 - [
7337d21484
] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#417 - [
cf348ec640
] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#397
v20.5.0
: 2023-07-18, Version 20.5.0 (Current), @juanarbol
Notable Changes
- [
45be29d89f
] - doc: add atlowChemi to collaborators (atlowChemi) #48757 - [
a316808136
] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #48596 - [
986b46a567
] - fs: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) #48658 - [
0ef73ff6f0
] - (SEMVER-MINOR) test_runner: add shards support (Raz Luvaton) #48639
Commits
- [
eb0aba59b8
] - bootstrap: use correct descriptor for Symbol.{dispose,asyncDispose} (Jordan Harband) #48703 - [
e2d0195dcf
] - bootstrap: hide experimental web globals with flag kNoBrowserGlobals (Chengzhong Wu) #48545 - [
67a1018389
] - build: do not pass target toolchain flags to host toolchain (Ivan Trubach) #48597 - [
7d843bb942
] - child_process: use addAbortListener (atlowChemi) #48550 - [
4e08160f8c
] - child_process: supportSymbol.dispose
(Moshe Atlow) #48551 - [
ef7728bf36
] - deps: update nghttp2 to 1.55.1 (Node.js GitHub Bot) #48790 - [
1454f02499
] - deps: update nghttp2 to 1.55.0 (Node.js GitHub Bot) #48746 - [
fa94debf46
] - deps: update minimatch to 9.0.3 (Node.js GitHub Bot) #48704 - [
c73cfcc144
] - deps: update acorn to 8.10.0 (Node.js GitHub Bot) #48713 - [
b7a076a052
] - deps: V8: cherry-pickcb00db4
(Keyhan Vakil) #48671 - [
150e15536b
] - deps: upgrade npm to 9.8.0 (npm team) #48665 - [
c47b2cbd35
] - dgram: socket addasyncDispose
(atlowChemi) #48717 - [
002ce31cca
] - dgram: use addAbortListener (atlowChemi) #48550 - [
45be29d89f
] - doc: add atlowChemi to collaborators (atlowChemi) #48757 - [
69b55d2261
] - doc: fix ambiguity in http.md and https.md (an5er) #48692 - [
caccb051c7
] - doc: clarify transform._transform() callback argument logic (Rafael Sofi-zada) #48680 - [
999ae0c8c3
] - doc: fix copy node executable in Windows (Yoav Vainrich) #48624 - [
7daefaeb44
] - doc: drop <b> of v20 changelog (Rafael Gonzaga) #48649 - [
dd7ea3e1df
] - doc: mention git node release prepare (Rafael Gonzaga) #48644 - [
cc7809df21
] - esm: fix emit deprecation on legacy main resolve (Antoine du Hamel) #48664 - [
67b13d1dba
] - events: fix bug listenerCount don't compare wrapped listener (yuzheng14) #48592 - [
a316808136
] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #48596 - [
986b46a567
] - fs: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) #48658 - [
e4333ac41f
] - http2: use addAbortListener (atlowChemi) #48550 - [
4a0b66e4f9
] - http2: send RST code 8 on AbortController signal (Devraj Mehta) #48573 - [
1295c76fce
] - lib: use addAbortListener (atlowChemi) #48550 - [
dff6c25a36
] - meta: bump actions/checkout from 3.5.2 to 3.5.3 (dependabot[bot]) #48625 - [
b5cb69ceaa
] - meta: bump step-security/harden-runner from 2.4.0 to 2.4.1 (dependabot[bot]) #48626 - [
332e480b46
] - meta: bump ossf/scorecard-action from 2.1.3 to 2.2.0 (dependabot[bot]) #48628 - [
25c5a0aaee
] - meta: bump github/codeql-action from 2.3.6 to 2.20.1 (dependabot[bot]) #48627 - [
6406f50ab1
] - module: add SourceMap.lineLengths (Isaac Z. Schlueter) #48461 - [
cfa69bd48c
] - net: server addasyncDispose
(atlowChemi) #48717 - [
ac11264cc5
] - net: use addAbortListener (atlowChemi) #48550 - [
82d6b13bf6
] - permission: add debug log when inserting fs nodes (Rafael Gonzaga) #48677 - [
f4333b1cdd
] - permission: v8.writeHeapSnapshot and process.report (Rafael Gonzaga) #48564 - [
f691dca6c9
] - readline: use addAbortListener (atlowChemi) #48550 - [
227e6bd898
] - src: pass syscall onfs.readFileSync
fail operation (Yagiz Nizipli) #48815 - [
a9a4b73653
] - src: make BaseObject iteration order deterministic (Joyee Cheung) #48702 - [
d99ea4845a
] - src: remove kEagerCompile for CompileFunction (Keyhan Vakil) #48671 - [
df363d0010
] - src: deduplicate X509 getter implementations (Tobias Nießen) #48563 - [
9cf2e1f55b
] - src,lib: reducing C++ calls of esm legacy main resolve (Vinicius Lourenço) #48325 - [
daeb21dde9
] - stream: fix deadlock when pipeing to full sink (Robert Nagy) #48691 - [
5a382d02d6
] - stream: use addAbortListener (atlowChemi) #48550 - [
6e82077dd4
] - test: deflake test-net-throttle (Luigi Pinca) #48599 - [
d378b2c822
] - test: move test-net-throttle to parallel (Luigi Pinca) #48599 - [
dfa0aee5bf
] - Revert "test: remove test-crypto-keygen flaky designation" (Luigi Pinca) #48652 - [
0ef73ff6f0
] - (SEMVER-MINOR) test_runner: add shards support (Raz Luvaton) #48639 - [
e2442bb7ef
] - timers: support Symbol.dispose (Moshe Atlow) #48633 - [
4398ade426
] - tools: run fetch_deps.py with Python 3 (Richard Lau) #48729 - [
38ce95d054
] - tools: update doc to unist-util-select@5.0.0 unist-util-visit@5.0.0 (Node.js GitHub Bot) #48714 - [
b25e78a998
] - tools: update lint-md-dependencies to rollup@3.26.2 (Node.js GitHub Bot) #48705 - [
a1f4ff7c59
] - tools: update eslint to 8.44.0 (Node.js GitHub Bot) #48632 - [
42dc6eb698
] - tools: update lint-md-dependencies to rollup@3.26.0 (Node.js GitHub Bot) #48631 - [
07bfcc45ab
] - url: fixcanParse
false value when v8 optimizes (Yagiz Nizipli) #48817
v20.4.0
: 2023-07-05, Version 20.4.0 (Current), @RafaelGSS
Notable Changes
Mock Timers
The new feature allows developers to write more reliable and predictable tests for time-dependent functionality.
It includes MockTimers
with the ability to mock setTimeout
, setInterval
from globals
, node:timers
, and node:timers/promises
.
The feature provides a simple API to advance time, enable specific timers, and release all timers.
import assert from 'node:assert';
import { test } from 'node:test';
test('mocks setTimeout to be executed synchronously without having to actually wait for it', (context) => {
const fn = context.mock.fn();
// Optionally choose what to mock
context.mock.timers.enable(['setTimeout']);
const nineSecs = 9000;
setTimeout(fn, nineSecs);
const threeSeconds = 3000;
context.mock.timers.tick(threeSeconds);
context.mock.timers.tick(threeSeconds);
context.mock.timers.tick(threeSeconds);
assert.strictEqual(fn.mock.callCount(), 1);
});
This feature was contributed by Erick Wendel in #47775.
Support to the explicit resource management proposal
Node is adding support to the explicit resource management
proposal to its resources allowing users of TypeScript/babel to use using
/await using
with
V8 support for everyone else on the way.
This feature was contributed by Moshe Atlow and Benjamin Gruenbaum in #48518.
Other notable changes
- [
fe333d2584
] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #48416 - [
60c2ea4e79
] - doc: add vmoroz to collaborators (Vladimir Morozov) #48527 - [
5cacdf9e6b
] - doc: add kvakil to collaborators (Keyhan Vakil) #48449 - [
504d1d7bdc
] - (SEMVER-MINOR) tls: add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) #45190
Commits
- [
8a611a387f
] - benchmark: add bar.R (Rafael Gonzaga) #47729 - [
12fa716cf9
] - benchmark: refactor crypto oneshot (Filip Skokan) #48267 - [
d6ecbde592
] - benchmark: add crypto.create*Key (Filip Skokan) #48284 - [
e60b6dedd8
] - bootstrap: unify snapshot builder and embedder entry points (Joyee Cheung) #48242 - [
40662957b1
] - bootstrap: simplify initialization of source map handlers (Joyee Cheung) #48304 - [
6551538079
] - build: fixconfigure --link-module
(Richard Lau) #48522 - [
f7f32089e7
] - build: sync libuv header change (Jiawen Geng) #48429 - [
f60205c915
] - build: update action to close stale MRs (Michael Dawson) #48196 - [
4f4d0b802e
] - child_process: improve spawn performance on Linux (Keyhan Vakil) #48523 - [
fe333d2584
] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #48416 - [
89aaf16237
] - crypto: remove OPENSSL_FIPS guard for OpenSSL 3 (Richard Lau) #48392 - [
6199e1946c
] - deps: upgrade to libuv 1.46.0 (Santiago Gimeno) #48618 - [
1b2b930fda
] - deps: add loong64 config into openssl gypi (Shi Pujin) #48043 - [
ba8d048929
] - deps: update acorn to 8.9.0 (Node.js GitHub Bot) #48484 - [
d96f921d06
] - deps: update zlib to 1.2.13.1-motley-f81f385 (Node.js GitHub Bot) #48541 - [
ed1d047e8f
] - deps: update googletest toec4fed9
(Node.js GitHub Bot) #48538 - [
f43d718c67
] - deps: update minimatch to 9.0.2 (Node.js GitHub Bot) #48542 - [
2f66147cbf
] - deps: update corepack to 0.19.0 (Node.js GitHub Bot) #48540 - [
d91b0fde73
] - deps: V8: cherry-pick1a782f6
(Keyhan Vakil) #48523 - [
112335e342
] - deps: update corepack to 0.18.1 (Node.js GitHub Bot) #48483 - [
2b141c413f
] - deps: update icu to 73.2 (Node.js GitHub Bot) #48502 - [
188b34d4a1
] - deps: upgrade npm to 9.7.2 (npm team) #48514 - [
bf0444b5d9
] - deps: update zlib to 1.2.13.1-motley-3ca9f16 (Node.js GitHub Bot) #48413 - [
b339d80a56
] - deps: upgrade npm to 9.7.1 (npm team) #48378 - [
4132931b87
] - deps: update simdutf to 3.2.14 (Node.js GitHub Bot) #48344 - [
8cd56c1e85
] - deps: update ada to 2.5.1 (Node.js GitHub Bot) #48319 - [
78cffcd645
] - deps: update zlib to982b036
(Node.js GitHub Bot) #48327 - [
6d00c2e33b
] - doc: fix options order (Luigi Pinca) #48617 - [
7ad2d3a5d1
] - doc: update security release stewards (Rafael Gonzaga) #48569 - [
cc3a056fdd
] - doc: update return type for describe (Shrujal Shah) #48572 - [
99ae0b98af
] - doc: run license-builder (github-actions[bot]) #48552 - [
9750d8205c
] - doc: add description of autoAllocateChunkSize in ReadableStream (Debadree Chatterjee) #48004 - [
417927bb41
] - doc: fixfilename
type inwatch
result (Dmitry Semigradsky) #48032 - [
ca2ae86bd7
] - doc: unnestmime
andMIMEParams
from MIMEType constructor (Dmitry Semigradsky) #47950 - [
bda1228135
] - doc: update security-release-process.md (Rafael Gonzaga) #48504 - [
60c2ea4e79
] - doc: add vmoroz to collaborators (Vladimir Morozov) #48527 - [
37bc0eac4a
] - doc: improve inspector.close() description (mary marchini) #48494 - [
2a403cdad5
] - doc: link to Runtime Keys in export conditions (Jacob Hummer) #48408 - [
e2d579e644
] - doc: update fs flags documentation (sinkhaha) #48463 - [
38bf290115
] - doc: reviseerror.md
introduction (Antoine du Hamel) #48423 - [
641a2e9c6d
] - doc: add preveen-stack to triagers (Preveen P) #48387 - [
4ab5e8d2e3
] - doc: refine when file is undefined in test events (Moshe Atlow) #48451 - [
5cacdf9e6b
] - doc: add kvakil to collaborators (Keyhan Vakil) #48449 - [
b9c643e3ef
] - doc: add additional info on TSFN dispatch (Michael Dawson) #48367 - [
17a0e1d1bf
] - doc: add link for news from security wg (Michael Dawson) #48396 - [
3a62994a4f
] - doc: fix typo in events.md (Darshan Sen) #48436 - [
e10a4cdf68
] - doc: run license-builder (github-actions[bot]) #48336 - [
19fde638fd
] - fs: call the callback with an error if writeSync fails (killa) #47949 - [
4cad9fd8bd
] - fs: remove unneeded return statement (Luigi Pinca) #48526 - [
d367b73f43
] - fs: use kResistStopPropagation (Chemi Atlow) #48521 - [
e50c3169af
] - fs, stream: initialSymbol.dispose
andSymbol.asyncDispose
support (Moshe Atlow) #48518 - [
7d8a0b6eb7
] - http: null the joinDuplicateHeaders property on cleanup (Luigi Pinca) #48608 - [
94ebb02f59
] - http: server add async dispose (atlowChemi) #48548 - [
c6a69e31a3
] - http: remove useless ternary in test (geekreal) #48481 - [
2f0f40328f
] - http: fix for handling on boot timers headers and request (Franciszek Koltuniuk) #48291 - [
5378ad8ab1
] - http2: server addasyncDispose
(atlowChemi) #48548 - [
97a58c5970
] - https: server addasyncDispose
(atlowChemi) #48548 - [
40ae6eb6aa
] - https: fix connection checking interval not clearing on server close (Nitzan Uziely) #48383 - [
15530fea4c
] - lib: merge cjs and esm package json reader caches (Yagiz Nizipli) #48477 - [
32bda81c31
] - lib: reduce url getters onmakeRequireFunction
(Yagiz Nizipli) #48492 - [
0da03f01ba
] - lib: remove duplicated requires in check_syntax (Yagiz Nizipli) #48508 - [
97b00c347d
] - lib: add option to force handling stopped events (Chemi Atlow) #48301 - [
fe16749649
] - lib: fix output message when repl is used with pm (Rafael Gonzaga) #48438 - [
8c2c02d28a
] - lib: create weakRef only if any signals provided (Chemi Atlow) #48448 - [
b6ae411ea9
] - lib: remove obsolete deletion of bufferBinding.zeroFill (Chengzhong Wu) #47881 - [
562b3d4856
] - lib: move web global bootstrapping to the expected file (Chengzhong Wu) #47881 - [
f9c0d5acac
] - lib: fix blob.stream() causing hanging promises (Debadree Chatterjee) #48232 - [
0162a0f5bf
] - lib: add support for inherited custom inspection methods (Antoine du Hamel) #48306 - [
159ab6627a
] - lib: reduce URL invocations on http2 origins (Yagiz Nizipli) #48338 - [
f0709fdc59
] - module: add SourceMap.findOrigin (Isaac Z. Schlueter) #47790 - [
4ec2d925b1
] - module: reduce url invocations in esm/load.js (Yagiz Nizipli) #48337 - [
2c363971cc
] - net: improve network family autoselection handle handling (Paolo Insogna) #48464 - [
dbf9e9ffc8
] - node-api: provide napi_define_properties fast path (Gabriel Schulhof) #48440 - [
87ad657777
] - node-api: implement external strings (Gabriel Schulhof) #48339 - [
4efa6807ea
] - permission: handle end nodes with children cases (Rafael Gonzaga) #48531 - [
84fe811108
] - repl: display dynamic import variant in static import error messages (Hemanth HM) #48129 - [
bdcc037470
] - report: disable js stack when no context is entered (Chengzhong Wu) #48495 - [
97bd9ccd04
] - src: fix uninitialized field access in AsyncHooks (Jan Olaf Krems) #48566 - [
404958fc96
] - src: fix Coverity issue regarding unnecessary copy (Yagiz Nizipli) #48565 - [
c4b8edea24
] - src: refactorSplitString
in util (Yagiz Nizipli) #48491 - [
5bc13a4772
] - src: revert IS_RELEASE (Rafael Gonzaga) #48505 - [
4971e46051
] - src: add V8 fast api toguessHandleType
(Yagiz Nizipli) #48349 - [
954e46e792
] - src: return uint32 forguessHandleType
(Yagiz Nizipli) #48349 - [
05009675da
] - src: make realm binding data store weak (Chengzhong Wu) #47688 - [
120ac74352
] - src: remove aliased buffer weak callback (Chengzhong Wu) #47688 - [
6591826e99
] - src: handle wasm out of bound in osx will raise SIGBUS correctly (Congcong Cai) #46561 - [
1b84ddeec2
] - src: implement constants binding directly (Joyee Cheung) #48186 - [
06d49c1f10
] - src: implement natives binding without special casing (Joyee Cheung) #48186 - [
325441abf5
] - src: add missing to_ascii method in dns queries (Daniel Lemire) #48354 - [
84d0eb74b8
] - stream: fix premature pipeline end (Robert Nagy) #48435 - [
3df7368735
] - test: add missing assertions to test-runner-cli (Moshe Atlow) #48593 - [
07eb310b0d
] - test: remove test-crypto-keygen flaky designation (Luigi Pinca) #48575 - [
75aa0a7682
] - test: remove test-timers-immediate-queue flaky designation (Luigi Pinca) #48575 - [
a9756f3126
] - test: add Symbol.dispose support to mock timers (Benjamin Gruenbaum) #48549 - [
0f912a7248
] - test: mark test-child-process-stdio-reuse-readable-stdio flaky (Luigi Pinca) #48537 - [
30f4bc4985
] - test: make IsolateData per-isolate in cctest (Joyee Cheung) #48450 - [
407ce3fdcb
] - test: define NAPI_VERSION before including node_api.h (Chengzhong Wu) #48376 - [
24a8fa95f0
] - test: remove unnecessary noop function args tomustNotCall()
(Antoine du Hamel) #48513 - [
09af579775
] - test: skip test-runner-watch-mode on IBMi (Moshe Atlow) #48473 - [
77cb1ee0b2
] - test: add missing <algorithm> include for std::find (Sam James) #48380 - [
7c790ca03c
] - test: fix flaky test-watch-mode (Moshe Atlow) #48147 - [
1398829746
] - test: fixtest-net-autoselectfamily
for kernel without IPv6 support (Livia Medeiros) #48265 - [
764119ba4b
] - test: update url web-platform tests (Yagiz Nizipli) #48319 - [
f1ead59629
] - test: ignore the copied entry_point.c (Luigi Pinca) #48297 - [
fc5d1bddcb
] - test: refactor test-gc-http-client-timeout (Luigi Pinca) #48292 - [
46a3d068a0
] - test: update encoding web-platform tests (Yagiz Nizipli) #48320 - [
141e5aad83
] - test: update FileAPI web-platform tests (Yagiz Nizipli) #48322 - [
83cfc67099
] - test: update user-timing web-platform tests (Yagiz Nizipli) #48321 - [
2c56835a33
] - test_runner: fixedtest
shorthands return type (Shocker) #48555 - [
7d01c8894a
] - (SEMVER-MINOR) test_runner: add initial draft for fakeTimers (Erick Wendel) #47775 - [
de4f14c249
] - test_runner: add enqueue and dequeue events (Moshe Atlow) #48428 - [
5ebe3a4ea7
] - test_runner: make--test-name-pattern
recursive (Moshe Atlow) #48382 - [
93bf447308
] - test_runner: refactor coverage report output for readability (Damien Seguin) #47791 - [
504d1d7bdc
] - (SEMVER-MINOR) tls: add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) #45190 - [
203c3cf4ca
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #48544 - [
333907b19d
] - tools: speedup compilation of js2c output (Keyhan Vakil) #48160 - [
10bd5f4d97
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #48486 - [
52de27b9fe
] - tools: pin ruff version number (Rich Trott) #48505 - [
4345526644
] - tools: replace sed with perl (Luigi Pinca) #48499 - [
6c590835f3
] - tools: automate update openssl v16 (Marco Ippolito) #48377 - [
90b5335338
] - tools: update eslint to 8.43.0 (Node.js GitHub Bot) #48487 - [
cd83530a11
] - tools: update doc to to-vfile@8.0.0 (Node.js GitHub Bot) #48485 - [
e500b439bd
] - tools: prepare tools/doc for to-vfile 8.0.0 (Rich Trott) #48485 - [
d623616813
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #48417 - [
a2e107dde4
] - tools: update create-or-update-pull-request-action (Richard Lau) #48398 - [
8009e2c3be
] - tools: update eslint-plugin-jsdoc (Richard Lau) #48393 - [
10385c8565
] - tools: add version update to external dependencies (Andrea Fassina) #48081 - [
b1cef81b18
] - tools: update eslint to 8.42.0 (Node.js GitHub Bot) #48328 - [
0923dc0b8e
] - tools: disable jsdoc/no-defaults rule (Luigi Pinca) #48328 - [
b03146da85
] - typings: remove unused primordials (Yagiz Nizipli) #48509 - [
e9c9d187b9
] - typings: fix JSDoc in ESM loader modules (Antoine du Hamel) #48424 - [
fafe651d23
] - url: conform to origin getter spec changes (Yagiz Nizipli) #48319
v20.3.1
: 2023-06-20, Version 20.3.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
-
CVE-2023-30581:
mainModule.__proto__
Bypass Experimental Policy Mechanism (High) - CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
- CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
- CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
- CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
- CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
- OpenSSL Security Releases
More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.
Commits
- [
dac08dafc9
] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen) nodejs-private/node-private#393 - [
d274c3babc
] - crypto,https,tls: disable engines if perms enabled (Tobias Nießen) nodejs-private/node-private#409 - [
5621c1de38
] - deps: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
771caa9f1c
] - deps: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
0459bf9c99
] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426 - [
27e20501aa
] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#427 - [
9c17e335f1
] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408 - [
b51124c637
] - permission: handle fs path traversal (RafaelGSS) nodejs-private/node-private#403 - [
ebc5927adc
] - permission: handle fs.openAsBlob (RafaelGSS) nodejs-private/node-private#405 - [
c39a43bff5
] - permission: handle fs.watchFile (RafaelGSS) nodejs-private/node-private#404 - [
d0a8264ec9
] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416 - [
3df13d5a79
] - src,permission: restrict inspector when pm enabled (RafaelGSS) nodejs-private/node-private#410
v20.3.0
: 2023-06-08, Version 20.3.0 (Current), @targos
Notable Changes
- [
bfcb3d1d9a
] - deps: upgrade to libuv 1.45.0, including significant performance improvements to file system operations on Linux (Santiago Gimeno) #48078 - [
5094d1b292
] - doc: add Ruy Adorno to list of TSC members (Michael Dawson) #48172 - [
2f5dbca690
] - doc: mark Node.js 14 as End-of-Life (Richard Lau) #48023 - [
b1828b325e
] - (SEMVER-MINOR) lib: implementAbortSignal.any()
(Chemi Atlow) #47821 - [
f380953103
] - module: change default resolver to not throw on unknown scheme (Gil Tayar) #47824 - [
a94f87ed99
] - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) #48151 - [
9e2b13dfa7
] - stream: deprecateasIndexedPairs
(Chemi Atlow) #48102
Commits
- [
35c96156d1
] - benchmark: usecluster.isPrimary
instead ofcluster.isMaster
(Deokjin Kim) #48002 - [
3e6e3abf32
] - bootstrap: throw ERR_NOT_SUPPORTED_IN_SNAPSHOT in unsupported operation (Joyee Cheung) #47887 - [
c480559347
] - bootstrap: put is_building_snapshot state in IsolateData (Joyee Cheung) #47887 - [
50c0a15535
] - build: set v8_enable_webassembly=false when lite mode is enabled (Cheng Shao) #48248 - [
4562805cf6
] - build: speed up compilation of mksnapshot output (Keyhan Vakil) #48162 - [
8b89f13933
] - build: add action to close stale MRs (Michael Dawson) #48051 - [
5d92202220
] - build: replace js2c.py with js2c.cc (Joyee Cheung) #46997 - [
6cf2adc36e
] - cluster: use ObjectPrototypeHasOwnProperty (Daeyeon Jeong) #48141 - [
f564b03c38
] - crypto: use openssl's own memory BIOs in crypto_context.cc (GauriSpears) #47160 - [
ac8dd61fc3
] - crypto: remove default encoding from cipher (Tobias Nießen) #47998 - [
15c2de4407
] - crypto: fix setEngine() when OPENSSL_NO_ENGINE set (Tobias Nießen) #47977 - [
9e2dd5b5e2
] - deps: update zlib to337322d
(Node.js GitHub Bot) #48218 - [
bfcb3d1d9a
] - deps: upgrade to libuv 1.45.0 (Santiago Gimeno) #48078 - [
13930f092f
] - deps: update ada to 2.5.0 (Node.js GitHub Bot) #48223 - [
3047caebec
] - deps: setCARES_RANDOM_FILE
for c-ares (Richard Lau) #48156 - [
0db79a0872
] - deps: update histogram 0.11.8 (Marco Ippolito) #47742 - [
99af6716f5
] - deps: update histogram to 0.11.7 (Marco Ippolito) #47742 - [
d4922bc985
] - deps: update c-ares to 1.19.1 (Node.js GitHub Bot) #48115 - [
f6ccdb289f
] - deps: update simdutf to 3.2.12 (Node.js GitHub Bot) #48118 - [
3ed0afc778
] - deps: update minimatch to 9.0.1 (Node.js GitHub Bot) #48094 - [
df7540fb73
] - deps: update ada to 2.4.2 (Node.js GitHub Bot) #48092 - [
07df5c48e8
] - deps: update corepack to 0.18.0 (Node.js GitHub Bot) #48091 - [
d95a5bb559
] - deps: update uvwasi to 0.0.18 (Node.js GitHub Bot) #47866 - [
443477e041
] - deps: update uvwasi to 0.0.17 (Node.js GitHub Bot) #47866 - [
03f67d6d6d
] - deps: upgrade npm to 9.6.7 (npm team) #48062 - [
d3e3a911fd
] - deps: update nghttp2 to 1.53.0 (Node.js GitHub Bot) #47997 - [
f7c4daaf67
] - deps: update ada to 2.4.1 (Node.js GitHub Bot) #48036 - [
c6a752560d
] - deps: add loongarch64 into openssl Makefile and gen openssl-loongarch64 (Shi Pujin) #46401 - [
d194241716
] - deps: update undici to 5.22.1 (Node.js GitHub Bot) #47994 - [
02e919f4a2
] - deps,test: update postject to 1.0.0-alpha.6 (Node.js GitHub Bot) #48072 - [
2c19f596ad
] - doc: clarify array args to Buffer.from() (Bryan English) #48274 - [
d681e5f456
] - doc: document watch option for node:test run() (Moshe Atlow) #48256 - [
96e54ddbca
] - doc: reserve 117 for Electron 26 (Calvin) #48245 - [
9aff8c7818
] - doc: update documentation for FIPS support (Richard Lau) #48194 - [
8c5338648f
] - doc: improve the documentation of the stdio option (Kumar Arnav) #48110 - [
11918d705f
] - doc: update Buffer.allocUnsafe description (sinkhaha) #48183 - [
2b51ee5e22
] - doc: update codeowners with website team (Claudio Wunder) #48197 - [
360df25d04
] - doc: fix broken link to new folder doc/contributing/maintaining (Andrea Fassina) #48205 - [
13e95e21a4
] - doc: add atlowChemi to triagers (Chemi Atlow) #48104 - [
5f83ce530f
] - doc: fix typo in readline completer function section (Vadym) #48188 - [
3c82165d27
] - doc: remove broken link for keygen (Rich Trott) #48176 - [
0ca90a1e6d
] - doc: addauto
intrinsic height to prevent jitter/flicker (Daniel Holbert) #48195 - [
f117855092
] - doc: add version info on the SEA docs (Antoine du Hamel) #48173 - [
5094d1b292
] - doc: add Ruy to list of TSC members (Michael Dawson) #48172 - [
39d8140227
] - doc: update socket.remote* properties documentation (Saba Kharanauli) #48139 - [
5497c13efe
] - doc: update outdated section on TLSv1.3-PSK (Tobias Nießen) #48123 - [
281dfaf727
] - doc: improve HMAC key recommendations (Tobias Nießen) #48121 - [
bd311b6c70
] - doc: clarify mkdir() recursive behavior (Stephen Odogwu) #48109 - [
5b061c8922
] - doc: fix typo in crypto legacy streams API section (Tobias Nießen) #48122 - [
10ccb2bd81
] - doc: update SEA source link (Rich Trott) #48080 - [
415bf7f532
] - doc: clarify tty.isRaw (Roberto Vidal) #48055 - [
0ac4b33c76
] - doc: correct line break for Windows terminals (Alex Schwartz) #48083 - [
f30ba5c320
] - doc: fix Windows code snippet tags (Antoine du Hamel) #48100 - [
12fef9b68c
] - doc: harmonize fenced code snippet flags (Antoine du Hamel) #48082 - [
13f163eace
] - doc: use secure key length for HMAC generateKey (Tobias Nießen) #48052 - [
1e3e7c9f33
] - doc: update broken EVP_BytesToKey link (Rich Trott) #48064 - [
5917ba1838
] - doc: update broken spkac link (Rich Trott) #48063 - [
0e4a3b7db1
] - doc: document node-api version process (Chengzhong Wu) #47972 - [
85bbaa94ea
] - doc: update process.versions properties (Saba Kharanauli) #48019 - [
7660eb591a
] - doc: fix typo in binding functions (Deokjin Kim) #48003 - [
2f5dbca690
] - doc: mark Node.js 14 as End-of-Life (Richard Lau) #48023 - [
3b94a739f2
] - doc: clarify CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED (Tobias Nießen) #47976 - [
9e381cfa89
] - doc: add heading for permission model limitations (Tobias Nießen) #47989 - [
802db923e0
] - doc,vm: clarify usage of cachedData in vm.compileFunction() (Darshan Sen) #48193 - [
11a3434810
] - esm: remove support for arrays inimport
internal method (Antoine du Hamel) #48296 - [
3b00f3afef
] - esm: handleglobalPreload
hook returning a nullish value (Antoine du Hamel) #48249 - [
3c7846d7e1
] - esm: handle more error types thrown from the loader thread (Antoine du Hamel) #48247 - [
60ce2bcabc
] - http: send implicit headers on HEAD with no body (Matteo Collina) #48108 - [
72de4e7170
] - lib: do not disable linter for entire files (Antoine du Hamel) #48299 - [
10cc60fc91
] - lib: use existingisWindows
variable (sinkhaha) #48134 - [
a90010aae9
] - lib: support FORCE_COLOR for non TTY streams (Moshe Atlow) #48034 - [
b1828b325e
] - (SEMVER-MINOR) lib: implement AbortSignal.any() (Chemi Atlow) #47821 - [
8f1b86961f
] - meta: bump github/codeql-action from 2.3.3 to 2.3.6 (dependabot[bot]) #48287 - [
1b87ccdf70
] - meta: bump actions/setup-python from 4.6.0 to 4.6.1 (dependabot[bot]) #48286 - [
10715aea26
] - meta: bump codecov/codecov-action from 3.1.3 to 3.1.4 (dependabot[bot]) #48285 - [
79f73778ab
] - meta: remove dont-land-on-v14 auto labeling (Shrujal Shah) #48031 - [
9c5711f3ea
] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #48010 - [
6d6bf3ee52
] - module: reduce the number of URL initializations (Yagiz Nizipli) #48272 - [
f380953103
] - module: change default resolver to not throw on unknown scheme (Gil Tayar) #47824 - [
950185b0c0
] - net: fix address iteration with autoSelectFamily (Fedor Indutny) #48258 - [
5ddca72e62
] - net: fix family autoselection SSL connection handling (Paolo Insogna) #48189 - [
750e53ca3c
] - net: fix family autoselection timeout handling (Paolo Insogna) #47860 - [
a94f87ed99
] - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) #48151 - [
e834979818
] - node-api: add status napi_cannot_run_js (Gabriel Schulhof) #47986 - [
eafe0c3ec6
] - node-api: napi_ref on all types is experimental (Vladimir Morozov) #47975 - [
9a034746f5
] - src: add Realm document in the src README.md (Chengzhong Wu) #47932 - [
b8f4070f71
] - src: check node_extra_ca_certs after openssl cfg (Raghu Saxena) #48159 - [
0347a18056
] - src: include missing header in node_sea.h (Joyee Cheung) #48152 - [
45c3782c20
] - src: remove INT_MAX asserts in SecretKeyGenTraits (Tobias Nießen) #48053 - [
b25e7045ad
] - src: avoid prototype access in binding templates (Joyee Cheung) #47913 - [
33aa373eec
] - src: use Blob{Des|S}erializer for SEA blobs (Joyee Cheung) #47962 - [
9e2b13dfa7
] - stream: deprecate asIndexedPairs (Chemi Atlow) #48102 - [
96c323dee2
] - test: mark test-child-process-pipe-dataflow as flaky (Moshe Atlow) #48334 - [
9875885357
] - test: adapt tests for OpenSSL 3.1 (OttoHollmann) #47859 - [
3440d7c6bf
] - test: unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) #48078 - [
215b2bc72c
] - test: fix zlib version regex (Luigi Pinca) #48227 - [
e12ee59d26
] - test: use lower security level in s_client (Luigi Pinca) #48192 - [
1dabc7390c
] - Revert "test: unskip negative-settimeout.any.js WPT" (Filip Skokan) #48182 - [
c1c4796a86
] - test: mark test_cannot_run_js as flaky (Keyhan Vakil) #48181 - [
8c49d74002
] - test: fix flaky test-runner-watch-mode (Moshe Atlow) #48144 - [
6388766862
] - test: skip test-http-pipeline-flood on IBM i (Abdirahim Musse) #48048 - [
8d2a3b1952
] - test: ignore helper files in WPTs (Filip Skokan) #48079 - [
7a96d825fd
] - test: movetest-cluster-primary-error
flaky test (Yagiz Nizipli) #48039 - [
a80dd3a8b3
] - test: fix suite signal (Benjamin Gruenbaum) #47800 - [
a41cfd183f
] - test: fix parsing test flags (Daeyeon Jeong) #48012 - [
4d4e506f2b
] - test,doc,sea: run SEA tests on ppc64 (Darshan Sen) #48111 - [
44411fc40c
] - test_runner: applyrunOnly
on suites (Moshe Atlow) #48279 - [
3f259b7a30
] - test_runner: emittest:watch:drained
event (Moshe Atlow) #48259 - [
c9f8e8c562
] - test_runner: stop watch mode when abortSignal aborted (Moshe Atlow) #48259 - [
f3268d64cb
] - test_runner: fix global after hook (Moshe Atlow) #48231 - [
15336c3139
] - test_runner: remove redundant check from coverage (Colin Ihrig) #48070 - [
750d3e8606
] - test_runner: pass FORCE_COLOR to child process (Moshe Atlow) #48057 - [
3278542243
] - test_runner: dont split lines ontest:stdout
(Moshe Atlow) #48057 - [
027c531766
] - test_runner: fix test deserialize edge cases (Moshe Atlow) #48106 - [
2b797a6d39
] - test_runner: delegate stderr and stdout formatting to reporter (Shiba) #48045 - [
23d310bee8
] - test_runner: display dot report as wide as the terminal width (Raz Luvaton) #48038 - [
fd2620dcf1
] - tls: reapply servername on happy eyeballs connect (Fedor Indutny) #48255 - [
62f847d0b3
] - tools: update rollup lint-md-dependencies (Node.js GitHub Bot) #48329 - [
3e97826a66
] - Revert "tools: open issue when update workflow fails" (Marco Ippolito) #48312 - [
5f08bfe35f
] - tools: don't gitignore base64 config.h (Ben Noordhuis) #48174 - [
ded0e2d755
] - tools: update LICENSE and license-builder.sh (Santiago Gimeno) #48078 - [
07aa264366
] - tools: automate histogram update (Marco Ippolito) #48171 - [
1416b75eaa
] - tools: use shasum instead of sha256sum (Luigi Pinca) #48229 - [
b81e9d9b7b
] - tools: harmonizedep_updaters
scripts (Antoine du Hamel) #48201 - [
a60bc41e53
] - tools: deps update authenticate github api request (Andrea Fassina) #48200 - [
7478ed014e
] - tools: order dependency jobs alphabetically (Luca) #48184 - [
568a705799
] - tools: refactor v8_pch config (Michaël Zasso) #47364 - [
801573ba46
] - tools: log and verify sha256sum (Andrea Fassina) #48088 - [
db62325e18
] - tools: open issue when update workflow fails (Marco Ippolito) #48018 - [
ad8a68856d
] - tools: alphabetize CODEOWNERS (Rich Trott) #48124 - [
4cf5a9edaf
] - tools: use latest upstream commit for zlib updates (Andrea Fassina) #48054 - [
8d93af381b
] - tools: add security-wg as dep updaters owner (Marco Ippolito) #48113 - [
5325be1d99
] - tools: port js2c.py to C++ (Joyee Cheung) #46997 - [
6c60d90277
] - tools: fix race condition when npm installing (Tobias Nießen) #48101 - [
0ab840a58f
] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #48098 - [
a298193378
] - tools: update cpplint to 1.6.1 (Yagiz Nizipli) #48098 - [
f6725751b7
] - tools: update eslint to 8.41.0 (Node.js GitHub Bot) #48097 - [
6539361f4e
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #48096 - [
5d94dbb951
] - tools: update doc to remark-parse@10.0.2 (Node.js GitHub Bot) #48095 - [
2226088048
] - tools: add debug logs (Marco Ippolito) #48060 - [
0c8c383583
] - tools: fix zconf.h path (Luigi Pinca) #48089 - [
6adaf4c648
] - tools: update remark-preset-lint-node to 4.0.0 (Node.js GitHub Bot) #47995 - [
92b3334231
] - url: clean vertical alignment of docs (Robin Ury) #48037 - [
ebb6536775
] - url: callada::can_parse
directly (Yagiz Nizipli) #47919 - [
ed4514294a
] - vm: properly handle defining symbol props (Nicolas DUBIEN) #47572
v20.2.0
: 2023-05-16, Version 20.2.0 (Current), @targos
Notable Changes
- [
c092df9094
] - doc: add ovflowd to collaborators (Claudio Wunder) #47844 - [
4197a9a5a0
] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #47732 - [
c4596b9ce7
] - (SEMVER-MINOR) sea: add option to disable the experimental SEA warning (Darshan Sen) #47588 - [
17befe008c
] - (SEMVER-MINOR) test_runner: addskip
,todo
, andonly
shorthands totest
(Chemi Atlow) #47909 - [
a0634d7f89
] - (SEMVER-MINOR) url: add value argument toURLSearchParams
has
anddelete
methods (Sankalp Shubham) #47885
Commits
- [
456fca0d9c
] - bootstrap: initialize per-isolate properties of bindings separately (Joyee Cheung) #47768 - [
d6d12bf978
] - bootstrap: log isolate data info in mksnapshot debug logs (Joyee Cheung) #47768 - [
e457d89a1b
] - buffer: combine checking range of sourceStart inbuf.copy
(Deokjin Kim) #47758 - [
00668fcfb4
] - child_process: use signal.reason in child process abort (Debadree Chatterjee) #47817 - [
d7993474ea
] - crypto: remove default encoding from scrypt (Tobias Nießen) #47943 - [
09fb74a7cc
] - crypto: fix webcrypto private/secret import with empty usages (Filip Skokan) #47877 - [
e9c6ee74f3
] - crypto: remove default encoding from pbkdf2 (Tobias Nießen) #47869 - [
b7f13a8679
] - deps: update simdutf to 3.2.9 (Node.js GitHub Bot) #47983 - [
b16f6da153
] - deps: V8: cherry-pick5f025d1
(Michaël Zasso) #47610 - [
99f8fcab45
] - deps: V8: cherry-picka8a11a8
(Michaël Zasso) #47610 - [
c2b14b4c78
] - deps: update ada to 2.4.0 (Node.js GitHub Bot) #47922 - [
cad42e7a56
] - deps: V8: cherry-pick1b471b7
(Lu Yahan) #47399 - [
7b2f17ca59
] - deps: upgrade npm to 9.6.6 (npm team) #47862 - [
d23b1af562
] - deps: update ada to 2.3.1 (Node.js GitHub Bot) #47893 - [
72340c98fb
] - dgram: convert macro to template (Tobias Nießen) #47891 - [
9be922892f
] - dns: callada::idna::to_ascii
directly from c++ (Yagiz Nizipli) #47920 - [
4a1e97156a
] - doc: add missing deprecated blocks to cluster (Tobias Nießen) #47981 - [
13118a19ee
] - doc: update description of global (Tobias Nießen) #47969 - [
372796440b
] - doc: update measure memory rejection information (Yash Ladha) #41639 - [
7ecc6740e4
] - doc: fix broken link to TC39 import attributes proposal (Rich Trott) #47954 - [
b9771c95c7
] - doc: fix broken link (Rich Trott) #47953 - [
6f5ba92e61
] - doc: remove broken link (Rich Trott) #47942 - [
c9ffc555f1
] - doc: document make lint-md-clean (Matteo Collina) #47926 - [
7ed99e8ba5
] - doc: mark global object as legacy (Mert Can Altın) #47819 - [
bf39f2d252
] - doc: ntfs junction points must link to directories (Ben Noordhuis) #47907 - [
4dfc3890d8
] - doc: improvepermission.has
description (Daeyeon Jeong) #47875 - [
93f1aa2856
] - doc: fix params names (Dmitry Semigradsky) #47853 - [
9a362aa2fb
] - doc: update supported version of FreeBSD to 12.4 (Michaël Zasso) #47838 - [
89c70dc6e6
] - doc: add stability experimental to pm (Rafael Gonzaga) #47890 - [
f96fb2eee7
] - doc: swap Matteo with Rafael in the stewards (Rafael Gonzaga) #47841 - [
1666a146e3
] - doc: add valgrind suppression details (Kevin Eady) #47760 - [
e53e8231ff
] - doc: replace EOL versions in README (Tobias Nießen) #47833 - [
c092df9094
] - doc: add ovflowd to collaborators (Claudio Wunder) #47844 - [
f7106765b3
] - doc: update BUILDING.md previous versions links (Tobias Nießen) #47835 - [
811b43c215
] - doc,test: update the v8.startupSnapshot doc and test the example (Joyee Cheung) #47468 - [
1ec640ac70
] - esm: do not use'beforeExit'
on the main thread (Antoine du Hamel) #47964 - [
106dc612d6
] - fs: make readdir recursive algorithm iterative (Ethan Arrowood) #47650 - [
a0da2348a8
] - fs: move fs_use_promises_symbol to per-isolate symbols (Joyee Cheung) #47768 - [
4197a9a5a0
] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #47732 - [
a4d6543598
] - http2: improve nghttp2 error callback (Tobias Nießen) #47840 - [
a4fed6c580
] - lib: update comment (sinkhaha) #47884 - [
fd8bec7b2b
] - meta: bump step-security/harden-runner from 2.3.1 to 2.4.0 (Rich Trott) #47980 - [
f5b4b6d5dc
] - meta: bump github/codeql-action from 2.3.2 to 2.3.3 (Rich Trott) #47979 - [
c05c0a2359
] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (Rich Trott) #47968 - [
2a3d6d97cb
] - meta: add security-wg ping to permission.js (Rafael Gonzaga) #47941 - [
6c158e8dd1
] - meta: bump step-security/harden-runner from 2.2.1 to 2.3.1 (dependabot[bot]) #47808 - [
f7a8094d37
] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (dependabot[bot]) #47806 - [
0f58e48792
] - meta: bump actions/checkout from 3.3.0 to 3.5.2 (dependabot[bot]) #47805 - [
652b06dd82
] - meta: remove extra space in scorecard workflow (Mestery) #47805 - [
9f06eaccaf
] - meta: bump github/codeql-action from 2.2.9 to 2.3.2 (dependabot[bot]) #47809 - [
977fd7cf35
] - meta: bump codecov/codecov-action from 3.1.1 to 3.1.3 (dependabot[bot]) #47807 - [
c19385c154
] - module: refactor to usenormalizeRequirableId
in the CJS module loader (Darshan Sen) #47896 - [
739113f2fc
] - module: block requiringtest/reporters
without scheme (Moshe Atlow) #47831 - [
f489c6710c
] - (NODE-API-SEMVER-MAJOR) node-api: get Node API version used by addon (Vladimir Morozov) #45715 - [
7222f9d74b
] - path: indicate index of wrong resolve() parameter (sosoba) #47660 - [
7dd32f1536
] - permission: remove unused function declaration (Deokjin Kim) #47957 - [
af86625a05
] - permission: resolve reference to absolute path only for fs permission (Daeyeon Jeong) #47930 - [
1625ae11fe
] - quic: address recent coverity warning (Michael Dawson) #47753 - [
c4596b9ce7
] - (SEMVER-MINOR) sea: add option to disable the experimental SEA warning (Darshan Sen) #47588 - [
1a7fc186bc
] - sea: allow requiring core modules with the "node:" prefix (Darshan Sen) #47779 - [
786a1c5398
] - src: deduplicate X509Certificate::Fingerprint* (Tobias Nießen) #47978 - [
060c1d502b
] - src: stop copying code cache, part 2 (Keyhan Vakil) #47958 - [
1aec718619
] - (SEMVER-MINOR) src: add cjs_module_lexer_version base64_version (Jithil P Ponnan) #45629 - [
0c06bfd8dc
] - src: move BlobSerializerDeserializer to a separate header file (Darshan Sen) #47933 - [
bd553e7521
] - src: rename SKIP_CHECK_SIZE to SKIP_CHECK_STRLEN (Tobias Nießen) #47845 - [
190596c189
] - src: register external references for source code (Keyhan Vakil) #47055 - [
4293cc47f4
] - src: support V8 experimental shared values in messaging (Shu-yu Guo) #47706 - [
9bc5d78f0c
] - src: register ext reference for Fingerprint512 (Tobias Nießen) #47892 - [
a11507e23b
] - src: stop copying code cache (Keyhan Vakil) #47144 - [
515c9b8de6
] - src: clarify the parameter name inPermission::Apply
(Daeyeon Jeong) #47874 - [
c4217613f5
] - src: fix creating an ArrayBuffer from a Blob created withopenAsBlob
(Daeyeon Jeong) #47691 - [
4bc17fd67b
] - src: avoid strcmp() with Utf8Value (Tobias Nießen) #47827 - [
d358317f70
] - src: get binding data store directly from the realm (Joyee Cheung) #47437 - [
b04d51a0b5
] - src: prefer data accessor of string and vector (Mohammed Keyvanzadeh) #47750 - [
2952cc576c
] - src: add per-isolate SetFastMethod and Set[Fast]MethodNoSideEffect (Joyee Cheung) #47768 - [
010d2ecf94
] - test: mark test-esm-loader-http-imports as flaky (Tobias Nießen) #47987 - [
bb33c74c07
] - test: add getRandomValues return length (Jithil P Ponnan) #46357 - [
6e019586f7
] - test: unskip negative-settimeout.any.js WPT (Filip Skokan) #47946 - [
8f547afe5f
] - test: use appropriate usages for a negative import test (Filip Skokan) #47878 - [
7e34f77518
] - test: fix webcrypto wrap unwrap tests (Filip Skokan) #47876 - [
30f4f35244
] - test: fix output tests when path includes node version (Moshe Atlow) #47843 - [
54607bfd68
] - test: reduce WPT concurrency (Filip Skokan) #47834 - [
17945a2495
] - test: migrate a pseudo_tty test to use assertSnapshot (Moshe Atlow) #47803 - [
c9233679e8
] - test: fix WPT state when process exits but workers are still running (Filip Skokan) #47826 - [
34bfb69b5b
] - test: migrate message tests to use assertSnapshot (Moshe Atlow) #47498 - [
d25c785c2a
] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851 - [
aa2c7e00d7
] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #47921 - [
da27542058
] - test_runner: use v8.serialize instead of TAP (Moshe Atlow) #47867 - [
17befe008c
] - (SEMVER-MINOR) test_runner: add shorthands totest
(Chemi Atlow) #47909 - [
42db1d50a0
] - test_runner: fix ordering of test hooks (Phil Nash) #47931 - [
d81c54e3a8
] - test_runner: omit inaccessible files from coverage (Colin Ihrig) #47850 - [
a4e261e910
] - tools: debug log for nghttp3 (Marco Ippolito) #47992 - [
f6ff318d4c
] - tools: automate icu-small update (Marco Ippolito) #47727 - [
706c305381
] - tools: update lint-md-dependencies to rollup@3.21.5 (Node.js GitHub Bot) #47903 - [
e22c686ca9
] - tools: update eslint to 8.40.0 (Node.js GitHub Bot) #47906 - [
36f7cfac93
] - tools: update eslint to 8.39.0 (Node.js GitHub Bot) #47789 - [
7323902a40
] - tools: fix jsdoc lint (Moshe Atlow) #47789 - [
a0634d7f89
] - (SEMVER-MINOR) url: add value argument to has and delete methods (Sankalp Shubham) #47885 - [
1b06c1e003
] - url: improveisURL
detection (Yagiz Nizipli) #47886 - [
2bd869d20c
] - vm: fix crash when setting __proto__ on context's globalThis (Feng Yu) #47939 - [
e6685f9e82
] - vm,lib: refactor microtaskQueue assignment logic (Khaidi Chu) #47765 - [
47fea13dac
] - worker: support more cases when (de)serializing errors (Moshe Atlow) #47925 - [
6f3876c035
] - worker: use snapshot in workers spawned by workers (Joyee Cheung) #47731
v20.1.0
: 2023-05-03, Version 20.1.0 (Current), @targos
Notable Changes
- [
5e99598639
] - assert: deprecateCallTracker
(Moshe Atlow) #47740 - [
2d97c89c6f
] - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) #47659 - [
ce8820e292
] - (SEMVER-MINOR) dns: exposegetDefaultResultOrder
(btea) #46973 - [
9d30f469aa
] - doc: add KhafraDev to collaborators (Matthew Aitken) #47510 - [
439ea47a77
] - (SEMVER-MINOR) fs: addrecursive
option toreaddir
andopendir
(Ethan Arrowood) #41439 - [
a54e898dc8
] - (SEMVER-MINOR) fs: add support formode
flag to specify the copy behavior of thecp
methods (Tetsuharu Ohzeki) #47084 - [
4fa773964b
] - (SEMVER-MINOR) http: addhighWaterMark
optionhttp.createServer
(HinataKah0) #47405 - [
2b411f4b42
] - (SEMVER-MINOR) stream: preserve object mode incompose
(Raz Luvaton) #47413 - [
5327483f31
] - (SEMVER-MINOR) test_runner: addtestNamePatterns
torun
API (Chemi Atlow) #47628 - [
bdd02a467d
] - (SEMVER-MINOR) test_runner: executebefore
hook on test (Chemi Atlow) #47586 - [
0e70c187bc
] - (SEMVER-MINOR) test_runner: support combining coverage reports (Colin Ihrig) #47686 - [
75c1d1b66e
] - (SEMVER-MINOR) wasi: makereturnOnExit
true by default (Michael Dawson) #47390
Commits
- [
33d1bd3e02
] - assert: deprecate callTracker (Moshe Atlow) #47740 - [
6d87355e83
] - benchmark: add eventtarget creation bench (Rafael Gonzaga) #47774 - [
40324a1dea
] - benchmark: differentiate whatwg and legacy url (Yagiz Nizipli) #47377 - [
936d7cb069
] - benchmark: add a benchmark fordefaultResolve
(Antoine du Hamel) #47543 - [
202042ee93
] - bootstrap: support namespaced builtins in snapshot scripts (Joyee Cheung) #47467 - [
30af5cee55
] - build: use pathlib for paths (Mohammed Keyvanzadeh) #47581 - [
089c9c51e9
] - build: refactor configure.py (Mohammed Keyvanzadeh) #47667 - [
5b851c8074
] - build: add devcontainer configuration (Tierney Cyren) #40825 - [
35e8b3b467
] - build: bump ossf/scorecard-action from 2.1.2 to 2.1.3 (dependabot[bot]) #47367 - [
78c08243df
] - build: replace Python linter flake8 with ruff (Christian Clauss) #47519 - [
2d97c89c6f
] - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) #47659 - [
420feb41cf
] - crypto: remove INT_MAX restriction in randomBytes (Tobias Nießen) #47559 - [
6046779dd9
] - deps: disable V8 concurrent sparkplug compilation (Michaël Zasso) #47450 - [
00d461e93f
] - deps: V8: cherry-pickc5ab3e4
(Richard Lau) #47736 - [
d08dd8069f
] - deps: update ada to 2.3.0 (Node.js GitHub Bot) #47737 - [
996245976b
] - deps: update undici to 5.22.0 (Node.js GitHub Bot) #47679 - [
f3ee3126df
] - deps: update ada to 2.2.0 (Node.js GitHub Bot) #47678 - [
1391d3b9ff
] - deps: add minimatch as a dependency (Moshe Atlow) #47499 - [
315454350d
] - deps: update ada to 2.1.0 (Node.js GitHub Bot) #47598 - [
7f7735cad9
] - deps: update ICU to 73.1 release (Steven R. Loomis) #47456 - [
13105c12b7
] - deps: patch V8 to 11.3.244.8 (Michaël Zasso) #47536 - [
ede69d272a
] - deps: update undici to 5.21.2 (Node.js GitHub Bot) #47508 - [
64b5a5f872
] - deps: update simdutf to 3.2.8 (Node.js GitHub Bot) #47507 - [
2664536796
] - deps: V8: cherry-pick8e10685
(Jiawen Geng) #47440 - [
ba9ec91f0e
] - deps: update undici to 5.21.1 (Node.js GitHub Bot) #47488 - [
ce8820e292
] - (SEMVER-MINOR) dns: expose getDefaultResultOrder (btea) #46973 - [
4c26e28c33
] - doc: create maintaining folder for deps (Marco Ippolito) #47589 - [
aa0ef3eabd
] - doc: fix --allow-* CLI flag references (Tobias Nießen) #47804 - [
98603b6fd3
] - doc: clarify fs permissions only affect fs module (Tobias Nießen) #47782 - [
3befe5dac9
] - doc: add copy node executable guide on windows (XLor) #47781 - [
98450d9892
] - doc: remove MoLow from Triagers (Moshe Atlow) #47792 - [
d75036410d
] - doc: fix typo in webstreams.md (Christian Takle) #47766 - [
ceba37a74f
] - doc: move BethGriggs to regular member (Rich Trott) #47776 - [
b954ea9781
] - doc: mark signing the binary is macOS and Windows only in SEA (Xuguang Mei) #47722 - [
26bccbcd10
] - doc: move addaleax to TSC emeriti (Anna Henningsen) #47752 - [
20b0de242f
] - doc: add link to news for Node.js core (Michael Dawson) #47704 - [
5709133dc7
] - doc: fix a typo inpermissions.md
(Daeyeon Jeong) #47730 - [
c5c40a89f2
] - doc: async_hooks asynchronous content example add mjs code (btea) #47401 - [
a1403a8df2
] - doc: clarify concurrency model of test runner (Tobias Nießen) #47642 - [
c0c23fbe42
] - doc: fix a typo infs.openAsBlob
(Daeyeon Jeong) #47693 - [
4cef98812d
] - doc: fix typos (Mohammed Keyvanzadeh) #47685 - [
f30ef242ef
] - doc: fix capitalization of ASan (Mohammed Keyvanzadeh) #47676 - [
78a3503406
] - doc: fix typos in SECURITY.md (Mohammed Keyvanzadeh) #47677 - [
9101630e05
] - doc: update error code of buffer (Deokjin Kim) #47617 - [
183f0c3e79
] - doc: change offset of example inBuffer.copyBytesFrom
(Deokjin Kim) #47606 - [
d11ff4bc53
] - doc: improve fs permissions description (Tobias Nießen) #47596 - [
b58920c3a9
] - doc: remove markdown link from heading (Tobias Nießen) #47585 - [
c36634e880
] - doc: fix history ordering ofWASI
constructor (Antoine du Hamel) #47611 - [
d3fadd889d
] - doc: fix release-post script location (Rafael Gonzaga) #47517 - [
2a0bbe7883
] - doc: fix typo in webcrypto metadata (Tobias Nießen) #47595 - [
b0b16ee9f6
] - doc: add link for news from uvwasi team (Michael Dawson) #47531 - [
7ca416af15
] - doc: add missing setEncoding call in ESM example (Anna Henningsen) #47558 - [
f9abd59b41
] - doc: update darwin-x64 toolchain used for Node.js 20 releases (Michaël Zasso) #47546 - [
0dc508070f
] - doc: fix split infinitive in Hooks caveat (Jacob Smith) #47550 - [
4046280475
] - doc: fix typo in util.types.isNativeError() (Julian Dax) #47532 - [
9d30f469aa
] - doc: add KhafraDev to collaborators (Matthew Aitken) #47510 - [
537c17ec48
] - doc: create maintaining-brotli.md (Marco Ippolito) #47380 - [
09ff9eafd9
] - doc,fs: update description of fs.stat() method (Mert Can Altın) #47654 - [
185d6090cd
] - doc,test: fix concurrency option of test() (Tobias Nießen) #47734 - [
a793cf401d
] - esm: renameURLCanParse
to be consistent (Antoine du Hamel) #47668 - [
fbb6b72f87
] - esm: remove support for deprecated hooks (Antoine du Hamel) #47580 - [
c150976c4f
] - esm: initializeimport.meta
on eval (Antoine du Hamel) #47551 - [
55f70f6395
] - esm: propagateprocess.exit
from the loader thread to the main thread (Antoine du Hamel) #47548 - [
269482f61f
] - esm: avoid accessing lazy getters for urls (Yagiz Nizipli) #47542 - [
889add68e5
] - esm: avoid try/catch when validating urls (Yagiz Nizipli) #47541 - [
439ea47a77
] - (SEMVER-MINOR) fs: add recursive option to readdir and opendir (Ethan Arrowood) #41439 - [
a54e898dc8
] - (SEMVER-MINOR) fs: add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #47084 - [
96f93cc500
] - (SEMVER-MINOR) http: remove internal error in assignSocket (Matteo Collina) #47723 - [
4fa773964b
] - (SEMVER-MINOR) http: add highWaterMark opt in http.createServer (HinataKah0) #47405 - [
94a5abb1e0
] - inspector: add tips for Session (theanarkh) #47195 - [
21ff33127a
] - lib: improve esm resolve performance (Yagiz Nizipli) #46652 - [
b8bdaf86c4
] - lib: disallow file-backed blob cloning (James M Snell) #47574 - [
e8bc03b372
] - lib: use webidl DOMString converter in EventTarget (Matthew Aitken) #47514 - [
91e4a7cdee
] - loader: use default loader as cascaded loader in the in loader worker (Joyee Cheung) #47620 - [
d5089fe00a
] - meta: fix dependabot commit message (Mestery) #47810 - [
92794400ce
] - meta: ping nodejs/startup for startup test changes (Joyee Cheung) #47771 - [
8d43689077
] - meta: add mailmap entry for KhafraDev (Rich Trott) #47512 - [
4d02901935
] - node-api: test passing NULL to napi_define_class (Gabriel Schulhof) #47567 - [
568256dca0
] - node-api: test passing NULL to number APIs (Gabriel Schulhof) #47549 - [
12f0fa386d
] - node-api: remove unused mark_arraybuffer_as_untransferable (Chengzhong Wu) #47557 - [
e8ea83416a
] - quic: add more QUIC implementation (James M Snell) #47494 - [
af227b159d
] - readline: fix issue with newline-less last line (Ian Harris) #47317 - [
e948bec969
] - src: avoid copying string in fs_permission (Yagiz Nizipli) #47746 - [
dc43ce7706
] - src: replace idna functions with ada::idna (Yagiz Nizipli) #47735 - [
1f9e7ce7e8
] - src: fix typo in comment in quic/sessionticket.cc (Tobias Nießen) #47754 - [
2acb57b777
] - src: mark fatal error functions as noreturn (Chengzhong Wu) #47695 - [
4431df7481
] - src: split BlobSerializer/BlobDeserializer (Joyee Cheung) #47458 - [
bf9a52cb3d
] - src: prevent changing FunctionTemplateInfo after publish (Shelley Vohr) #46979 - [
872e6706ca
] - src: add v8 fast api for url canParse (Matthew Aitken) #47552 - [
cfafe431f2
] - src: make AliasedBuffers in the binding data weak (Joyee Cheung) #47354 - [
cf48db0034
] - src: use v8::Boolean(b) over b ? True() : False() (Tobias Nießen) #47554 - [
ba255eda37
] - src: fix typo in process.env accessor error message (Moritz Raho) #47014 - [
daf0c78232
] - src: replace static const string_view by static constexpr (Daniel Lemire) #47524 - [
57e7ed7f47
] - src: fix CSMRNG when length exceeds INT_MAX (Tobias Nießen) #47515 - [
cda36bfd8f
] - src: use correct variable in node_builtins.cc (Michaël Zasso) #47343 - [
adc1601ccd
] - src: slim down stream_base-inl.h (lilsweetcaligula) #46972 - [
f88132f1b8
] - stream: prevent pipeline hang with generator functions (Debadree Chatterjee) #47712 - [
2b411f4b42
] - (SEMVER-MINOR) stream: preserve object mode in compose (Raz Luvaton) #47413 - [
159cf02920
] - test: refactor to usegetEventListeners
in timers (Deokjin Kim) #47759 - [
97a3d39b8f
] - test: add and use tmpdir.hasEnoughSpace() (Tobias Nießen) #47767 - [
5bb7b26bb5
] - test: remove spaces from test runner test names (Tobias Nießen) #47733 - [
84fa9fd725
] - test: refactor WPTRunner and enable parallel WPT execution (Filip Skokan) #47635 - [
9d3768eb01
] - Revert "test: run WPT files in parallel again" (Filip Skokan) #47627 - [
826f4041d1
] - test: mark test-cluster-primary-error flaky on asan (Yagiz Nizipli) #47422 - [
e5251e31eb
] - test_runner: fix --require with --experimental-loader (Moshe Atlow) #47751 - [
6ee5e42c73
] - (SEMVER-MINOR) test_runner: support combining coverage reports (Colin Ihrig) #47686 - [
f8581e7629
] - test_runner: remove no-op validation (Colin Ihrig) #47687 - [
40b38797c5
] - test_runner: fix test runner concurrency (Moshe Atlow) #47675 - [
2d7cac0c5b
] - test_runner: fix test counting (Moshe Atlow) #47675 - [
5a9b71a52e
] - test_runner: fix nested hooks (Moshe Atlow) #47648 - [
5327483f31
] - (SEMVER-MINOR) test_runner: add testNamePatterns to run api (Chemi Atlow) #47628 - [
b6fb7914ca
] - test_runner: support coverage of unnamed functions (Colin Ihrig) #47652 - [
1f120a396f
] - test_runner: move coverage collection to root.postRun() (Colin Ihrig) #47651 - [
bdd02a467d
] - (SEMVER-MINOR) test_runner: execute before hook on test (Chemi Atlow) #47586 - [
ec24abaa03
] - test_runner: avoid reporting parents of failing tests in summary (Moshe Atlow) #47579 - [
4203057740
] - test_runner: fix spec skip detection (Moshe Atlow) #47537 - [
57c69987ba
] - tls: accept SecureContext object in server.addContext() (HinataKah0) #47570 - [
c620eb80a0
] - tools: update doc to highlight.js@11.8.0 (Node.js GitHub Bot) #47786 - [
326c3f1593
] - tools: add the missing LoongArch64 definition in the v8.gyp file (Sun Haiyong) #47641 - [
8d1588acdc
] - tools: update lint-md-dependencies to rollup@3.21.1 (Node.js GitHub Bot) #47787 - [
226e5b83ee
] - tools: move update-npm to dep updaters (Marco Ippolito) #47619 - [
9d0bef6c0a
] - tools: fix update-v8-patch cache (Marco Ippolito) #47725 - [
63e8c95a66
] - tools: automate v8 patch update (Marco Ippolito) #47594 - [
d2994e52d3
] - tools: fix skip message in update-cjs-module-lexer (Tobias Nießen) #47701 - [
ccf9c37b43
] - tools: update lint-md-dependencies to @rollup/plugin-commonjs@24.1.0 (Node.js GitHub Bot) #47577 - [
0887fa0464
] - tools: keep MR titles/description up-to-date (Tobias Nießen) #47621 - [
b8927ddf16
] - tools: fix updating root certificates (Richard Lau) #47607 - [
87cae0cb59
] - tools: update MR label config (Mohammed Keyvanzadeh) #47593 - [
c17f2688b8
] - Revert "tools: ensure failed daily wpt run still generates a report" (Filip Skokan) #47627 - [
fbe7d73234
] - tools: add execution permission to uvwasi script (Mert Can Altın) #47600 - [
e3f4ff439e
] - tools: add update script for googletest (Tobias Nießen) #47482 - [
7c552e650a
] - tools: add option to run workflow with specific tool id (Michaël Zasso) #47591 - [
1509312170
] - tools: automate zlib update (Marco Ippolito) #47417 - [
6af7f1ee03
] - tools: add url and whatwg-url labels automatically (Yagiz Nizipli) #47545 - [
ff73c05d54
] - tools: add performance label to benchmark changes (Yagiz Nizipli) #47545 - [
9e3e0b0a84
] - tools: automate uvwasi dependency update (Ranieri Innocenti Spada) #47509 - [
233b628f22
] - tools: add missing pinned dependencies (Mateo Nunez) #47346 - [
e4d95859f5
] - tools: automate ngtcp2 and nghttp3 update (Marco Ippolito) #47402 - [
2e8338126b
] - tools: move update-undici.sh to dep_updaters and create maintain md (Marco Ippolito) #47380 - [
8712eafc87
] - typings: fix syntax error in tsconfig (Mohammed Keyvanzadeh) #47584 - [
e4b6b79f18
] - url: reduce revokeObjectURL cpp calls (Yagiz Nizipli) #47728 - [
9aae76727f
] - url: handle URL.canParse without base parameter (Yagiz Nizipli) #47547 - [
180d365439
] - url: validate URL constructor arg length (Matthew Aitken) #47513 - [
4839fc4369
] - url: validate argument length in canParse (Matthew Aitken) #47513 - [
606523d37e
] - v8: fix ERR_NOT_BUILDING_SNAPSHOT is not a constructor (Chengzhong Wu) #47721 - [
75c1d1b66e
] - (SEMVER-MINOR) wasi: make returnOnExit true by default (Michael Dawson) #47390
v20.0.0
: 2023-04-18, Version 20.0.0 (Current), @RafaelGSS
We're excited to announce the release of Node.js 20! Highlights include the new Node.js Permission Model,
a synchronous import.meta.resolve
, a stable test_runner, updates of the V8 JavaScript engine to 11.3, Ada to 2.0,
and more!
As a reminder, Node.js 20 will enter long-term support (LTS) in October, but until then, it will be the "Current" release for the next six months. We encourage you to explore the new features and benefits offered by this latest release and evaluate their potential impact on your applications.
Notable Changes
Permission Model
Node.js now has an experimental feature called the Permission Model.
It allows developers to restrict access to specific resources during program execution, such as file system operations,
child process spawning, and worker thread creation.
The API exists behind a flag --experimental-permission
which when enabled will restrict access to all available permissions.
By using this feature, developers can prevent their applications from accessing or modifying sensitive data or running potentially harmful code.
More information about the Permission Model can be found in the Node.js documentation.
The Permission Model was a contribution by Rafael Gonzaga in #44004.
Custom ESM loader hooks run on dedicated thread
ESM hooks supplied via loaders (--experimental-loader=foo.mjs
) now run in a dedicated thread, isolated from the main thread.
This provides a separate scope for loaders and ensures no cross-contamination between loaders and application code.
Synchronous import.meta.resolve()
In alignment with browser behavior, this function now returns synchronously.
Despite this, user loader resolve
hooks can still be defined as async functions (or as sync functions, if the author prefers).
Even when there are async resolve
hooks loaded, import.meta.resolve
will still return synchronously for application code.
Contributed by Anna Henningsen, Antoine du Hamel, Geoffrey Booth, Guy Bedford, Jacob Smith, and Michaël Zasso in #44710
V8 11.3
The V8 engine is updated to version 11.3, which is part of Chromium 113. This version includes three new features to the JavaScript API:
- String.prototype.isWellFormed and toWellFormed
- Methods that change Array and TypedArray by copy
- Resizable ArrayBuffer and growable SharedArrayBuffer
- RegExp v flag with set notation + properties of strings
- WebAssembly Tail Call
The V8 update was a contribution by Michaël Zasso in #47251.
Stable Test Runner
The recent update to Node.js, version 20, includes an important change to the test_runner module. The module has been marked as stable after a recent update. Previously, the test_runner module was experimental, but this change marks it as a stable module that is ready for production use.
Contributed by Colin Ihrig in #46983
Ada 2.0
Node.js v20 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements
to URL parsing, including enhancements to the url.domainToASCII
and url.domainToUnicode
functions in node:url
.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4, while also eliminating the need for the ICU requirement for URL hostname parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in #47339
Preparing single executable apps now requires injecting a Blob
Building a single executable app now requires injecting a blob prepared by Node.js from a JSON config instead of injecting the raw JS file. This opens up the possibility of embedding multiple co-existing resources into the SEA (Single Executable Apps).
Contributed by Joyee Cheung in #47125
Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations. This further improves interoperability with other implementations of Web Crypto API.
This change was made by Filip Skokan in #46067.
Official support for ARM64 Windows
Node.js now includes binaries for ARM64 Windows, allowing for native execution on the platform. The MSI, zip/7z packages, and executable are available from the Node.js download site along with all other platforms. The CI system was updated and all changes are now fully tested on ARM64 Windows, to prevent regressions and ensure compatibility.
ARM64 Windows was upgraded to tier 2 support by Stefan Stojanovic in #47233.
WASI version must now be specified
When new WASI()
is called, the version option is now required and has no default value.
Any code that relied on the default for the version will need to be updated to request a specific version.
This change was made by Michael Dawson in #47391.
Deprecations and Removals
- [
3bed5f11e0
] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526
url.parse()
accepts URLs with ports that are not numbers. This behavior might result in host name spoofing with unexpected input.
These URLs will throw an error in future versions of Node.js, as the WHATWG URL API does already.
Starting with Node.js 20, these URLS cause url.parse()
to emit a warning.
Semver-Major Commits
- [
9fafb0a090
] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 - [
1948d37595
] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 - [
7bc0e6a4e7
] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 - [
671ffd7825
] - (SEMVER-MAJOR) buffer: use min/max ofvalidateNumber
(Deokjin Kim) #45796 - [
ab1614d280
] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 - [
c1bcdbcf79
] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 - [
649f68fc1e
] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 - [
9374700d7a
] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 - [
1640aeb680
] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 - [
c2e4b1fa9a
] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 - [
3ef38c4bd7
] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 - [
08af023b1f
] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 - [
7eb0ac3cb6
] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 - [
a7c129f286
] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 - [
6f5655a18e
] - (SEMVER-MAJOR) deps: always define V8_EXPORT_MRIVATE as no-op (Michaël Zasso) #47251 - [
f226350fcb
] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 - [
d6dae7420e
] - (SEMVER-MAJOR) deps: V8: cherry-pickf1c888e
(Michaël Zasso) #45579 - [
56c436533e
] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 - [
51ab98c71b
] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 - [
9f84d3eea8
] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 - [
f2318cd4b5
] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 - [
16e03e7968
] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 - [
6473f5e7f7
] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 - [
cc18fd9608
] - (SEMVER-MAJOR) events: refactor to usevalidateNumber
(Deokjin Kim) #45770 - [
ff92b40ffc
] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 - [
2a29df6464
] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 - [
391dc74a10
] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 - [
ed3604cd64
] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (wwwzbwcom) #45597 - [
88d71dc301
] - (SEMVER-MAJOR) lib: refactor to use min/max ofvalidateNumber
(Deokjin Kim) #45772 - [
e4d641f02a
] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 - [
0f3e531096
] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 - [
5b5898ac86
] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 - [
55321bafd1
] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 - [
2d0d99733b
] - (SEMVER-MAJOR) process: removeprocess.exit()
,process.exitCode
coercion to integer (Daeyeon Jeong) #43716 - [
dc06df31b6
] - (SEMVER-MAJOR) readline: refactor to usevalidateNumber
(Deokjin Kim) #45801 - [
295b2f3ff4
] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 - [
3803b028dd
] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 - [
e8bddac3e9
] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 - [
f84de0ad4c
] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 - [
a6242772ec
] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 - [
dd5c39a808
] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 - [
63eca7fec0
] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 - [
9e7093f416
] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 - [
fb91ee4f26
] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 - [
eca618071e
] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 - [
c03354d3e0
] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 - [
c733cc0c7f
] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 - [
7ce223273d
] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 - [
ca4bd3023e
] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 - [
58b06a269a
] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 - [
027841c964
] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 - [
3bed5f11e0
] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 - [
7c76fddf25
] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 - [
4b52727976
] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391
Semver-Minor Commits
- [
d4b440bfac
] - (SEMVER-MINOR) fs: implement byob mode for readableWebStream() (Debadree Chatterjee) #46933 - [
00c222593e
] - (SEMVER-MINOR) src,process: add permission model (Rafael Gonzaga) #44004 - [
978b57d750
] - (SEMVER-MINOR) wasi: no longer require flag to enable wasi (Michael Dawson) #47286
Semver-Patch Commits
- [
e50c6b9a22
] - bootstrap: do not expand process.argv[1] for snapshot entry points (Joyee Cheung) #47466 - [
c81e1143e4
] - bootstrap: store internal loaders in C++ via a binding (Joyee Cheung) #47215 - [
8e673bdb84
] - build: add node-core-utils to setup (Jiawen Geng) #47442 - [
5b561d72a6
] - build: sync cares source change (Jiawen Geng) #47359 - [
8e6ee53e4e
] - build: remove non-exist build file (Jiawen Geng) #47361 - [
9a4d21d1d9
] - build, deps, tools: avoid excessive LTO (Konstantin Demin) #47313 - [
48c01485cd
] - crypto: replace THROW with CHECK for scrypt keylen (Tobias Nießen) #47407 - [
4c1a27716b
] - crypto: re-add padding for AES-KW wrapped JWKs (Filip Skokan) #46563 - [
b66eb15d12
] - deps: update simdutf to 3.2.7 (Node.js GitHub Bot) #47473 - [
3fc11477ba
] - deps: update corepack to 0.17.2 (Node.js GitHub Bot) #47474 - [
c1776531ab
] - deps: upgrade npm to 9.6.4 (npm team) #47432 - [
e7ca09f310
] - deps: update zlib to upstream5edb52d
(Luigi Pinca) #47151 - [
88387ccd12
] - deps: update ada to 2.0.0 (Node.js GitHub Bot) #47339 - [
9f468cc37e
] - deps: cherry-pick Windows ARM64 fix for openssl (Richard Lau) #46570 - [
eeab210b1b
] - deps: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) #46570 - [
d93d7716c7
] - deps: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) #46571 - [
0f69ec4dd7
] - deps: patch V8 to 10.9.194.9 (Michaël Zasso) #45995 - [
5890d09644
] - deps: patch V8 to 10.9.194.6 (Michaël Zasso) #45748 - [
c02a7e7e93
] - diagnostics_channel: fix ref counting bug when reaching zero subscribers (Stephen Belanger) #47520 - [
c7ad5bb37d
] - doc: info on handling unintended breaking changes (Michael Dawson) #47426 - [
7d2d40ed0d
] - doc: add performance initiative (Yagiz Nizipli) #47424 - [
d56c0f7318
] - doc: do not create a backup file (Luigi Pinca) #47151 - [
412d27b65b
] - doc: add MoLow to the TSC (Colin Ihrig) #47436 - [
f131cca0c0
] - doc: reserve 116 for Electron 25 (Keeley Hammond) #47375 - [
1022c6f424
] - doc: add experimental stages (Geoffrey Booth) #46100 - [
42d3d74717
] - doc: clarify release notes for Node.js 16.19.0 (Richard Lau) #45846 - [
533c6512da
] - doc: clarify release notes for Node.js 14.21.2 (Richard Lau) #45846 - [
97165fc1a6
] - doc: fix doc metadata for Node.js 16.19.0 (Richard Lau) #45863 - [
a266b8b702
] - doc: add registry number for Electron 23 & 24 (Keeley Hammond) #45661 - [
2613a9ced9
] - esm: move hook execution to separate thread (Jacob Smith) #44710 - [
841f6b3abf
] - esm: increase test coverage of edge cases (Antoine du Hamel) #47033 - [
0d575fe61a
] - gyp: put filenames in variables (Cheng Zhao) #46965 - [
41b186722c
] - lib: distinguish webidl interfaces with the extended property "Exposed" (Chengzhong Wu) #46809 - [
9b7db62276
] - lib: makeRequireFunction patch when experimental policy (RafaelGSS) nodejs-private/node-private#358 - [
d43b532789
] - lib: refactor to usevalidateBuffer
(Deokjin Kim) #46489 - [
9a76a2521b
] - meta: ping security-wg team on permission model changes (Rafael Gonzaga) #47483 - [
a4dadde1ba
] - meta: ping startup and realm team on src/node_realm* changes (Joyee Cheung) #47448 - [
631c3ef3de
] - module: do less CJS module loader initialization at run time (Joyee Cheung) #47194 - [
8bcf0a42f7
] - permission: fix chmod,chown improve fs coverage (Rafael Gonzaga) #47529 - [
54d17ff4b5
] - permission: support fs.mkdtemp (Rafael Gonzaga) #47470 - [
b441b5dc65
] - permission: drop process.permission.deny (Rafael Gonzaga) #47335 - [
aa30e16716
] - permission: fix some vulnerabilities in fs (Tobias Nießen) #47091 - [
1726da9300
] - permission: add path separator to loader check (Rafael Gonzaga) #47030 - [
b164038c86
] - permission: fix spawnSync permission check (RafaelGSS) #46975 - [
af91400886
] - policy: makeRequireFunction on mainModule.require (RafaelGSS) nodejs-private/node-private#358 - [
f8b4e26aee
] - quic: add more QUIC impl (James M Snell) #47348 - [
d65ae9f678
] - quic: add additional quic implementation utilities (James M Snell) #47289 - [
9b104be502
] - quic: do not dereference shared_ptr after move (Tobias Nießen) #47294 - [
09a4bb152f
] - quic: add multiple internal utilities (James M Snell) #47263 - [
2bde0059ca
] - sea: use JSON configuration and blob content for SEA (Joyee Cheung) #47125 - [
78c7475493
] - src: allow simdutf::convert_* functions to return zero (Daniel Lemire) #47471 - [
5250947a53
] - src: track ShadowRealm native objects correctly in the heap snapshot (Joyee Cheung) #47389 - [
8059764621
] - src: use the internal field to determine if an object is a BaseObject (Joyee Cheung) #47217 - [
698508afa8
] - src: bootstrap prepare stack trace callback in shadow realm (Chengzhong Wu) #47107 - [
e6b4d30a2f
] - src: bootstrap Web [Exposed=*] APIs in the shadow realm (Chengzhong Wu) #46809 - [
3646a66044
] - src: fix AliasedBuffer memory attribution in heap snapshots (Joyee Cheung) #46817 - [
8b2126f63f
] - src: move AliasedBuffer implementation to -inl.h (Joyee Cheung) #46817 - [
3abbc3829a
] - src: fix useless call in permission.cc (Tobias Nießen) #46833 - [
7b1e153530
] - src: simplify exit code accesses (Daeyeon Jeong) #45125 - [
7359b92a41
] - test: remove unnecessary status check on test-release-npm (RafaelGSS) #47516 - [
a5a5d2fb7e
] - test: mark test/parallel/test-file-write-stream4 as flaky (Yagiz Nizipli) #47423 - [
81ad73a205
] - test: remove unused callback variables (angellovc) #47167 - [
757a586ead
] - test: migrate test runner message tests to snapshot (Moshe Atlow) #47392 - [
86f890539f
] - test: remove stale entry from known_issues.status (Richard Lau) #47454 - [
1f3773d0c1
] - test: move more inspector sequential tests to parallel (Joyee Cheung) #47412 - [
617b8d44c6
] - test: use random port in test-inspector-enabled (Joyee Cheung) #47412 - [
ade0170c4f
] - test: use random port in test-inspector-debug-brk-flag (Joyee Cheung) #47412 - [
1a78632cd3
] - test: use random port in NodeInstance.startViaSignal() (Joyee Cheung) #47412 - [
23f66b137e
] - test: move test-shadow-realm-gc.js to known_issues (Joyee Cheung) #47355 - [
9dfd0394c5
] - test: remove useless WPT init scripts (Khafra) #47221 - [
1cfe058778
] - test: fix test-permission-deny-fs-wildcard (win32) (Tobias Nießen) #47095 - [
b8ef1b476e
] - test: add coverage for custom loader hooks with permission model (Antoine du Hamel) #46977 - [
4a7c3e9c50
] - test: fix file path in permission symlink test (Livia Medeiros) #46859 - [
10005de6a8
] - tools: makejs2c.py
usable for other build systems (Cheng Zhao) #46930 - [
1e2f9aca72
] - tools: move update-acorn.sh to dep_updaters and create maintaining md (Marco Ippolito) #47382 - [
174662a463
] - tools: update eslint to 8.38.0 (Node.js GitHub Bot) #47475 - [
a58ca61f35
] - tools: update eslint to 8.38.0 (Node.js GitHub Bot) #47475 - [
37d12730ab
] - tools: automate cjs-module-lexer dependency update (Marco Ippolito) #47446 - [
4fbfa3c9f2
] - tools: fix notify-on-push Slack messages (Antoine du Hamel) #47453 - [
b1f2ff1242
] - tools: update lint-md-dependencies to @rollup/plugin-node-resolve@15.0.2 (Node.js GitHub Bot) #47431 - [
26b2584b84
] - tools: add root certificate update script (Richard Lau) #47425 - [
553b052648
] - tools: remove targets for individual test suites inMakefile
(Antoine du Hamel) #46892 - [
747ff43e5b
] - url: more sophisticated brand check for URLSearchParams (Timothy Gu) #47414 - [
e727eb066f
] - url: do not use object as hashmap (Timothy Gu) #47415 - [
81c7875eb7
] - url: drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 - [
a4895df94a
] - url: use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339
v18.18.2
: 2023-10-13, Version 18.18.2 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
-
CVE-2023-44487:
nghttp2
Security Release (High) -
CVE-2023-45143:
undici
Security Release (High) - CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
- CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Commits
- [
55028468db
] - deps: update undici to v5.26.3 (Matteo Collina) #50153 - [
a792bbc515
] - deps: update nghttp2 to 1.57.0 (James M Snell) #50121 - [
f6444defa4
] - deps: update nghttp2 to 1.56.0 (Node.js GitHub Bot) #49582 - [
7e9b08dfd4
] - deps: update nghttp2 to 1.55.1 (Node.js GitHub Bot) #48790 - [
85672c153f
] - deps: update nghttp2 to 1.55.0 (Node.js GitHub Bot) #48746 - [
300a902422
] - deps: update nghttp2 to 1.53.0 (Node.js GitHub Bot) #47997 - [
7d83ed0bf6
] - Revert "deps: update nghttp2 to 1.55.0" (Richard Lau) #50151 - [
1193ca5fdb
] - lib: let deps requirenode
prefixed modules (Matthew Aitken) #50047 - [
eaf9083cf1
] - module: fix code injection through export names (Tobias Nießen) nodejs-private/node-private#461 - [
1c538938cc
] - policy: use tamper-proof integrity check function (Tobias Nießen) nodejs-private/node-private#462
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.