Node.js

News from 2019

12 Dec December 2019 Security Releases

The Node.js project will release new versions of all supported release lines on or shortly after Tuesday December 17, 2019 UTC. The only update in these releases will be an updated version of npm addressing the vulnerability announced in https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli.
Read more...
03 Dec Node v13.3.0 (Current)
- fs:
  - Reworked experimental recursive rmdir() (cjihrig) #30644
    - The maxBusyTries option is renamed to maxRetries, and its default is set to 0. The emfileWait option has been removed, and EMFILE errors use the same retry logic as other errors. The retryDelay option is now supported. ENFILE errors are now retried.
- http:
  - Make maximum header size configurable per-stream or per-server (Anna Henningsen) #30570
- http2:
  - Make maximum tolerated rejected streams configurable (Denys Otrishko) #30534
  - Allow to configure maximum tolerated invalid frames (Denys Otrishko) #30534
- wasi:
  - Introduce initial WASI support (cjihrig) #30258
Read more...
21 Nov Node v13.2.0 (Current)
- addons:
  - Deprecate one- and two-argument AtExit(). Use the three-argument variant of AtExit() or AddEnvironmentCleanupHook() instead (Anna Henningsen) #30227
- child_process,cluster:
  - The serialization option is added that allows child process IPC to use the V8 serialization API (to e.g., pass through data types like sets or maps) (Anna Henningsen) #30162
- deps:
  - Update V8 to 7.9
  - Update npm to 6.13.1 (Ruy Adorno) #30271
- embedder:
  - Exposes the ability to pass cli flags / options through an API as embedder (Shelley Vohr) #30466
  - Allow adding linked bindings to Environment (Anna Henningsen) #30274
- esm:
  - Unflag --experimental-modules (Guy Bedford) #29866
- stream:
  - Add writable.writableCorked property (Robert Nagy) #29012
- worker:
  - Allow specifying resource limits (Anna Henningsen) #26628
- v8:
  - The Serialization API is now stable (Anna Henningsen) #30234
Read more...
19 Nov Node v12.13.1 (LTS)
- Experimental support for building Node.js with Python 3 is improved.
- ICU time zone data is updated to version 2019c. This fixes the date offset in Brazil.
- [56be32d22d] - async_hooks: only emit after for AsyncResource if stack not empty (Anna Henningsen) #30087
- [e16e3d5b90] - benchmark: remove double word "then" in comments (Nick Schonning) #29823
- [dcdb96c7bb] - benchmark: add benchmark for vm.createContext (Joyee Cheung) #29845
- [680e9cc7e1] - buffer: improve performance caused by primordials (Jizu Sun) #30235
- [bcd2238b3e] - build: add workaround for WSL (gengjiawen) #30221
- [c5d312f821] - build: find Python syntax errors in dependencies (Christian Clauss) #30143
- [468f203809] - build: fix pkg-config search for libnghttp2 (Ben Noordhuis) #30145
- [0415dd7cb3] - build: python3 support for configure (Rod Vagg) #30047
- [032c23d360] - build: make linter failures fail test-doc target (Richard Lau) #30012
- [a86648c8d2] - build: log the found compiler version if too old (Richard Lau) #30028
- [02f6e5cc40] - build: fix version checks in configure.py (Michaël Zasso) #29965
- [a1adce1b4f] - build: build benchmark addons like test addons (Richard Lau) #29995
- [735ec1bf96] - build: fix version checks in gyp files (Ben Noordhuis) #29931
- [8da83e8c24] - build: always use strings for compiler version in gyp files (Michaël Zasso) #29897
- [b7bdfd346c] - crypto: guard with OPENSSL_NO_GOST (Shelley Vohr) #30050
- [e175d0beb6] - crypto: reject public keys properly (Tobias Nießen) #29913
- [b1529c6bc2] - deps: V8: cherry-pick a7dffcd767be (Christian Clauss) #30218
- [6bc7a6db0e] - deps: V8: cherry-pick e5dbc95 (Gabriel Schulhof) #30130
- [b88314f735] - deps: update npm to 6.12.1 (Michael Perrotte) #30164
- [ce49a412ef] - deps: V8: cherry-pick c721203 (Michaël Zasso) #30065
- [d2756fd14d] - deps: V8: cherry-pick ed40ab1 (Michaël Zasso) #30064
- [58c585e3ed] - deps: npm: patch support for 13.x (Jordan Harband) #30079
- [2764567f90] - deps: upgrade to libuv 1.33.1 (Colin Ihrig) #29996
- [33bd1281fc] - doc: add missing hash for header link (Nick Schonning) #30188
- [b159b91798] - doc: linkify .setupMaster() in cluster doc (Trivikram Kamat) #30204
- [9c4a9e7337] - doc: explain http2 aborted event callback (dev-313) #30179
- [d7bfc6c987] - doc: linkify .fork() in cluster documentation (Anna Henningsen) #30163
- [a71f210206] - doc: update AUTHORS list (Michaël Zasso) #30142
- [7b5047454b] - doc: improve doc Http2Session:Timeout (dev-313) #30161
- [0efe9a0c97] - doc: move inactive Collaborators to emeriti (Rich Trott) #30177
- [98d31da342] - doc: add options description for send APIs (dev-313) #29868
- [d0f5bc1aa7] - doc: fix an error in resolution algorithm steps (Alex Zherdev) #29940
- [28db99932a] - doc: remove incorrect and outdated example (Tobias Nießen) #30138
- [c2108d4919] - doc: adjust code sample for stream.finished (Cotton Hou) #29983
- [2ac76e3055] - doc: remove "it is important to" phrasing (Rich Trott) #30108
- [ec992878e8] - doc: revise os.md (Rich Trott) #30102
- [a56e78c8c8] - doc: delete "a number of" things in the docs (Rich Trott) #30103
- [ee954d5570] - doc: remove dashes (Rich Trott) #30101
- [c4c8e01af1] - doc: add legendecas to collaborators (legendecas) #30115
- [22e10fd15a] - doc: --enable-source-maps and prepareStackTrace are incompatible (Benjamin Coe) #30046
- [870c320f31] - doc: join parts of disrupt section in cli.md (vsemozhetbyt) #30038
- [8df5bdbd66] - doc: update collaborator email address (Minwoo Jung) #30007
- [d9b5508fc8] - doc: fix tls version typo (akitsu-sanae) #29984
- [5616f22839] - doc: clarify readable.unshift null/EOF (Robert Nagy) #29950
- [b57fe3b370] - doc: remove unused Markdown reference links (Nick Schonning) #29961
- [12f24542b8] - doc: re-enable passing remark-lint rule (Nick Schonning) #29961
- [c0cbfae0e3] - doc: add server header into the discarded list of http message.headers (Huachao Mao) #29962
- [a23b5cbf61] - doc: prepare miscellaneous docs for new markdown lint rules (Rich Trott) #29963
- [c66bc20bbf] - doc: fix some recent nits in fs.md (vsemozhetbyt) #29906
- [1fefd7fddc] - doc: fs dir modifications may not be reflected by dir.read (Anna Henningsen) #29893
- [66c6818473] - doc,meta: prefer aliases and stubs over Runtime Deprecations (Rich Trott) #30153
- [5ade490505] - doc,meta: reduce npm PR wait period to one week (Rich Trott) #29922
- [0ec63ee27a] - doc,n-api: sort bottom-of-the-page references (Gabriel Schulhof) #30124
- [8a333a4519] - domain: do not import util for a simple type check (Ruben Bridgewater) #29825
- [94ac44f3fc] - esm: modify resolution order for specifier flag (Myles Borins) #29974
- [216e200fa9] - fs: buffer dir entries in opendir() (Anna Henningsen) #29893
- [5959023b76] - http2: fix file close error condition at respondWithFd (Anna Henningsen) #29884
- [4277066afd] - inspector: turn platform tasks that outlive Agent into no-ops (Anna Henningsen) #30031
- [b0837fead3] - meta: use contact_links instead of issue templates (Michaël Zasso) #30172
- [2695f822bc] - module: warn on require of .js inside type: module (Guy Bedford) #29909
- [ee3c3ad0f5] - n-api,doc: add info about building n-api addons (Jim Schlight) #30032
- [da58301054] - net: treat ENOTCONN at shutdown as success (Anna Henningsen) #29912
- [62bc80c906] - process: add lineLength to source-map-cache (Benjamin Coe) #29863
- [ab03c29587] - src: isolate->Dispose() order consistency (Shelley Vohr) #30181
- [c52b292adf] - src: change env.h includes for forward declarations (Alexandre Ferrando) #30133
- [b215b1665a] - src: split up InitializeContext (Shelley Vohr) #30067
- [d586070388] - src: allow inspector without v8 platform (Shelley Vohr) #30049
- [f6655b41fa] - src: remove unnecessary std::endl usage (Daniel Bevenius) #30003
- [abfac9640e] - src: make implementing CancelPendingDelayedTasks for platform optional (Anna Henningsen) #30034
- [693bf73b06] - src: expose ListNode<T>::prev_ on postmortem metadata (legendecas) #30027
- [4b57088c25] - src: fewer uses of NODE_USE_V8_PLATFORM (Shelley Vohr) #30029
- [6269a3c92a] - src: remove unused iomanip include (Daniel Bevenius) #30004
- [aa0aacbba9] - src: initialize openssl only once (Sam Roberts) #29999
- [45c5ad7922] - src: refine maps parsing for large pages (Gabriel Schulhof) #29973
- [aac2476346] - src: render N-API weak callbacks as cleanup hooks (Gabriel Schulhof) #28428
- [f3115c4d62] - src: fix largepages regression (Gabriel Schulhof) #29914
- [ddbf150edb] - src: remove unused using declarations in worker.cc (Daniel Bevenius) #29883
- [8a31136a95] - stream: extract Readable.from in its own file (Matteo Collina) #30140
- [21a43bd2fd] - stream: simplify uint8ArrayToBuffer helper (Luigi Pinca) #30041
- [ae390393b6] - stream: remove dead code (Luigi Pinca) #30041
- [56e986aa23] - test: do not run release-npm test without crypto (Michaël Zasso) #30265
- [d96e8b662e] - test: use arrow functions for callbacks (Minuk Park) #30069
- [00dab3495d] - test: verify npm compatibility with releases (Michaël Zasso) #30082
- [ecf6ae89f4] - test: expand Worker test for non-shared ArrayBuffer (Anna Henningsen) #30044
- [2ebd1a0d3f] - test: fix test runner for Python 3 on Windows (Michaël Zasso) #30023
- [9fed62f7cb] - test: remove common.skipIfInspectorEnabled() (Rich Trott) #29993
- [3e39909022] - test: add cb error test for fs.close() (Matteo Rossi) #29970
- [b93c8a77a3] - test: fix flaky doctool and test (Rich Trott) #29979
- [aec8e77ae1] - test: fix fs benchmark test (Rich Trott) #29967
- [b9fd18f9fb] - tools: pull xcode_emulation.py from node-gyp (Christian Clauss) #30272
- [2810f1aec3] - tools: update tzdata to 2019c (Myles Borins) #30478
- [41d1f166bc] - tools: fix Python 3 deprecation warning in test.py (Loris Zinsou) #30208
- [b6546736a0] - tools: fix Python 3 syntax error in mac_tool.py (Christian Clauss) #30146
- [87cb6b2418] - tools: use print() function in buildbot_run.py (Christian Clauss) #30148
- [309c395aba] - tools: undefined name opts -> args in gyptest.py (Christian Clauss) #30144
- [df0fbf2e46] - tools: git rm -r tools/v8_gypfiles/broken (Christian Clauss) #30149
- [375f349760] - tools: update ESLint to 6.6.0 (Colin Ihrig) #30123
- [0b6fb3d1db] - tools: doc: improve async workflow of generate.js (Theotime Poisseau) #30106
- [8d030131a4] - tools: fix test runner in presence of NODE_REPL_EXTERNAL_MODULE (Gus Caplan) #29956
- [59033f618a] - tools: fix GYP MSVS solution generator for Python 3 (Michaël Zasso) #29897
- [41430bea3c] - tools: port Python 3 compat patches from node-gyp to gyp (Michaël Zasso) #29897
Read more...
06 Nov Node v13.1.0 (Current)
- cli:
  - Added a new flag (--trace-uncaught) that makes Node.js print the stack trace at the time of throwing uncaught exceptions, rather than at the creation of the Error object, if there is any. This is disabled by default because it affects GC behavior (Anna Henningsen) #30025.
- crypto:
  - Added Hash.prototype.copy() method. It returns a new Hash object with its internal state cloned from the original one (Ben Noordhuis) #29910.
- dgram:
  - Added source-specific multicast support. This adds methods to Datagram sockets to support RFC 4607 for IPv4 and IPv6 (Lucas Pardue) #15735.
- fs:
  - Added a bufferSize option to fs.opendir(). It allows to control the number of entries that are buffered internally when reading from the directory (Anna Henningsen) #30114.
- meta:
  - Added Chengzhong Wu to collaborators #30115.
Read more...
23 Oct Node v13.0.1 (Current)
- deps:
  - Fixed a bug in npm 6.12.0 where warnings are emitted on Node.js 13.x (Jordan Harband) #30079.
- esm:
  - Changed file extension resolution order of --es-module-specifier-resolution=node to match that of the CommonJS loader (Myles Borins) #29974.
Read more...
22 Oct Node v10.17.0 (LTS)
- crypto:
  - add support for chacha20-poly1305 for AEAD (chux0519) #24081
  - increase maxmem range from 32 to 53 bits (Tobias Nießen) #28799
- deps:
  - update npm to 6.11.3 (claudiahdz) #29430
  - upgrade openssl sources to 1.1.1d (Sam Roberts) #29921
- dns: remove dns.promises experimental warning (cjihrig) #26592
- fs: remove experimental warning for fs.promises (Anna Henningsen) #26581
- http: makes response.writeHead return the response (Mark S. Everitt) #25974
- http2: makes response.writeHead return the response (Mark S. Everitt) #25974
- n-api:
  - make func argument of napi_create_threadsafe_function optional (legendecas) #27791
  - mark version 5 N-APIs as stable (Gabriel Schulhof) #29401
  - implement date object (Jarrod Connolly) #25917
- process: add --unhandled-rejections flag (Ruben Bridgewater) #26599
- stream:
  - implement Readable.from async iterator utility (Guy Bedford) #27660
  - make Symbol.asyncIterator support stable (Matteo Collina) #26989
Read more...
22 Oct Node v13.0.0 (Current)
- assert:
  - If the validation function passed to assert.throws() or assert.rejects() returns a value other than true, an assertion error will be thrown instead of the original error to highlight the programming mistake (Ruben Bridgewater) #28263.
  - If a constructor function is passed to validate the instance of errors thrown in assert.throws() or assert.reject(), an assertion error will be thrown instead of the original error (Ruben Bridgewater) #28263.
- build:
  - Node.js releases are now built with default full-icu support. This means that all locales supported by ICU are now included and Intl-related APIs may return different values than before (Richard Lau) #29887.
  - The minimum Xcode version supported for macOS was increased to 10. It is still possible to build Node.js with Xcode 8 but this may no longer be the case in a future v13.x release (Michael Dawson) #29622.
- child_process:
  - ChildProcess._channel (DEP0129) is now a Runtime deprecation (cjihrig) #27949.
- console:
  - The output console.timeEnd() and console.timeLog() will now automatically select a suitable time unit instead of always using milliseconds (Xavier Stouder) #29251.
- deps:
  - The V8 engine was updated to version 7.8. This includes performance improvements to object destructuring, memory usage and WebAssembly startup time (Myles Borins) #29694.
- domain:
  - The domain's error handler is now executed with the active domain set to the domain's parent to prevent inner recursion (Julien Gilli) #26211.
- fs:
  - The undocumented method FSWatcher.prototype.start() was removed (Lucas Holmquist) #29905.
  - Calling the open() method on a ReadStream or WriteStream now emits a runtime deprecation warning. The methods are supposed to be internal and should not be called by user code (Robert Nagy) #29061.
  - fs.read/write, fs.readSync/writeSync and fd.read/write now accept any safe integer as their offset parameter. The value of offset is also no longer coerced, so a valid type must be passed to the functions (Zach Bjornson) #26572.
- http:
  - Aborted requests no longer emit the end or error events after aborted (Robert Nagy) #27984, #20077.
  - Data will no longer be emitted after a socket error (Robert Nagy) #28711.
  - The legacy HTTP parser (previously available under the --http-parser=legacy flag) was removed (Anna Henningsen) #29589.
  - The host option for HTTP requests is now validated to be a string value (Giorgos Ntemiris) #29568.
  - The request.connection and response.connection properties are now runtime deprecated. The equivalent request.socket and response.socket should be used instead (Robert Nagy) #29015.
- http, http2:
  - The default server timeout was removed (Ali Ijaz Sheikh) #27558.
  - Brought 425 status code name into accordance with RFC 8470. The name changed from "Unordered Collection" to "Too Early" (Sergei Osipov) #29880.
- lib:
  - The error.errno property will now always be a number. To get the string value, use error.code instead (Joyee Cheung) #28140.
- module:
  - module.createRequireFromPath() is deprecated. Use module.createRequire() instead (cjihrig) #27951.
- src:
  - Changing the value of process.env.TZ will now clear the tz cache. This affects the default time zone used by methods such as Date.prototype.toString (Ben Noordhuis) #20026.
- stream:
  - The timing and behavior of streams was consolidated for a number of edge cases. Please look at the individual commits below for more information.
Read more...
21 Oct Node v12.13.0 (LTS)

This release marks the transition of Node.js 12.x into Long Term Support (LTS) with the codename 'Erbium'. The 12.x release line now moves into "Active LTS" and will remain so until October 2020. After that time, it will move into "Maintenance" until end of life in April 2022.
Read more...
20 Oct The Difference Between Node.js 10 LTS and Node.js 12 LTS

With the transition of Node.js 12 from Current into LTS, a suite of new features are now available inside Node.js LTS release lines!
In each release's changelog, we capture notable changes. But going through over two dozen individual release notes to find those can be a bit daunting.
Read more...
11 Oct Node v12.12.0 (Current)
09 Oct Node v8.16.2 (LTS)
01 Oct Node v12.11.1 (Current)
25 Sep Node v12.11.0 (Current)
12 Sep OpenSSL security releases do not require Node.js security releases
05 Sep OpenSSL security releases may require Node.js security releases
04 Sep Node v12.10.0 (Current)
26 Aug Node v12.9.1 (Current)
20 Aug Node v12.9.0 (Current)
16 Aug August 2019 Security Releases
15 Aug Node v10.16.3 (LTS)
15 Aug Node v8.16.1 (LTS)
15 Aug Node v12.8.1 (Current)
06 Aug Node v10.16.2 (LTS)
06 Aug Node v12.8.0 (Current)
31 Jul Node v10.16.1 (LTS)
23 Jul Node v12.7.0 (Current)
03 Jul Node v12.6.0 (Current)
27 Jun Node v12.5.0 (Current)
04 Jun Node v12.4.0 (Current)
28 May Node v10.16.0 (LTS)
22 May Node v12.3.1 (Current)
21 May Node v12.3.0 (Current)
07 May Node v12.2.0 (Current)
30 Apr Node v11.15.0 (Current)
29 Apr Node v12.1.0 (Current)
23 Apr Node v12.0.0 (Current)
16 Apr Node v8.16.0 (LTS)
11 Apr Node v11.14.0 (Current)
03 Apr Node v6.17.1 (LTS)
28 Mar Node v11.13.0 (Current)
15 Mar Node v11.12.0 (Current)
06 Mar Node v11.11.0 (Current)
05 Mar Node v10.15.3 (LTS)
28 Feb February 2019 Security Releases
28 Feb Node v11.10.1 (Current)
28 Feb Node v10.15.2 (LTS)
28 Feb Node v8.15.1 (LTS)
28 Feb Node v6.17.0 (LTS)
14 Feb Node v11.10.0 (Current)
30 Jan Node v11.9.0 (Current)
29 Jan Node v10.15.1 (LTS)
25 Jan Node v11.8.0 (Current)
18 Jan Node v11.7.0 (Current)