Node.js

News from 2018

02 Nov Node v11.1.0 (Current)
- deps
  - Updated ICU to 63.1. #23715
- repl
  - Top-level for-await-of is now supported in the REPL. #23841
- timers
  - Fixed an issue that could cause timers to enter an infinite loop. #23870
Read more...
30 Oct Node v10.13.0 (LTS)

This release marks the transition of Node.js 10.x into Long Term Support (LTS) with the codename 'Dubnium'. The 10.x release line now moves in to "Active LTS" and will remain so until April 2020. After that time it will move in to "Maintenance" until end of life in April 2021.
Read more...
23 Oct Node v11.0.0 (Current)
Node.js 11.0.0 is here! This is the newest Node.js Current Release line with a focus primarily on improving internals, performance, and an update to V8 7.0.
- Build
  - FreeBSD 10 is no longer supported. #22617
- child_process
  - The default value of the windowsHide option has been changed to true. #21316
- console
  - console.countReset() will emit a warning if the timer being reset does not exist. #21649
  - console.time() will no longer reset a timer if it already exists. #20442
- Dependencies
  - V8 has been updated to 7.0. #22754
- fs
  - The fs.read() method now requires a callback. #22146
  - The previously deprecated fs.SyncWriteStream utility has been removed.#20735
- http
  - The http, https, and tls modules now use the WHATWG URL parser by default. #20270
- General
  - Use of process.binding() has been deprecated. Userland code using process.binding() should re-evaluate that use and begin migrating. If there are no supported API alternatives, please open an issue in the Node.js GitHub repository so that a suitable alternative may be discussed.
  - An experimental implementation of queueMicrotask() has been added. #22951
- Internal
  - Windows performance-counter support has been removed. #22485
  - The --expose-http2 command-line option has been removed. #20887
- Timers
  - Interval timers will be rescheduled even if previous interval threw an error. #20002
  - nextTick queue will be run after each immediate and timer. #22842
- util
  - The WHATWG TextEncoder and TextDecoder are now globals. #22281
  - util.inspect() output size is limited to 128 MB by default. #22756
  - A runtime warning will be emitted when NODE_DEBUG is set for either http or http2. #21914
Read more...
10 Oct Node v10.12.0 (Current)
- assert
  - The diff output is now a tiny bit improved by sorting object properties when inspecting the values that are compared with each other. #22788
- cli
  - The options parser now normalizes _ to - in all multi-word command-line flags, e.g. --no_warnings has the same effect as --no-warnings. #23020
  - Added bash completion for the node binary. To generate a bash completion script, run node --completion-bash. The output can be saved to a file which can be sourced to enable completion. #20713
- crypto
  - Added support for PEM-level encryption. #23151
  - Added an API asymmetric key pair generation. The new methods crypto.generateKeyPair and crypto.generateKeyPairSync can be used to generate public and private key pairs. The API supports RSA, DSA and EC and a variety of key encodings (both PEM and DER). #22660
- fs
  - Added a recursive option to fs.mkdir and fs.mkdirSync. If this option is set to true, non-existing parent folders will be automatically created. #21875
- http2
  - Added a 'ping' event to Http2Session that is emitted whenever a non-ack PING is received. #23009
  - Added support for the ORIGIN frame. #22956
  - Updated nghttp2 to 1.34.0. This adds RFC 8441 extended connect protocol support to allow use of WebSockets over HTTP/2. #23284
- module
  - Added module.createRequireFromPath(filename). This new method can be used to create a custom require function that will resolve modules relative to the filename path. #19360
- process
  - Added a 'multipleResolves' process event that is emitted whenever a Promise is attempted to be resolved multiple times, e.g. if the resolve and reject functions are both called in a Promise executor. #22218
- url
  - Added url.fileURLToPath(url) and url.pathToFileURL(path). These methods can be used to correctly convert between file: URLs and absolute paths. #22506
- util
  - Added the sorted option to util.inspect(). If set to true, all properties of an object and Set and Map entries will be sorted in the returned string. If set to a function, it is used as a compare function. #22788
  - The util.inspect.custom symbol is now defined in the global symbol registry as Symbol.for('nodejs.util.inspect.custom'). #20857
  - Added support for BigInt numbers in util.format(). #22097
- V8 API
  - A number of V8 C++ APIs have been marked as deprecated since they have been removed in the upstream repository. Replacement APIs are added where necessary. #23159
- Windows
  - The Windows msi installer now provides an option to automatically install the tools required to build native modules. #22645
- Workers
  - Debugging support for Workers using the DevTools protocol has been implemented. #21364
  - The public inspector module is now enabled in Workers. #22769
- Added new collaborators:
  - digitalinfinity - Hitesh Kanwathirtha
Read more...
20 Sep Node v10.11.0 (Current)
- fs
  - Fixed fsPromises.readdir withFileTypes. #22832
- http2
  - Added http2stream.endAfterHeaders property. #22843
- util
  - Added util.types.isBoxedPrimitive(value). #22620
- Added new collaborators:
  - boneskull - Christopher Hiller
- The Technical Steering Committee has new members:
  - apapirovski - Anatoli Papirovski
  - gabrielschulhof - Gabriel Schulhof
Read more...
11 Sep Node v8.12.0 (LTS)
- async_hooks:
  - rename PromiseWrap.parentId (Ali Ijaz Sheikh) #18633
  - remove runtime deprecation (Ali Ijaz Sheikh) #19517
  - deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) #18513
- cluster:
  - add cwd to cluster.settings (cjihrig) #18399
  - support windowsHide option for workers (Todd Wong) #17412
- crypto:
  - allow passing null as IV unless required (Tobias Nießen) #18644
- deps:
  - upgrade npm to 6.4.1 (Kat Marchán) #22591
  - upgrade libuv to 1.19.2 (cjihrig) #18918
  - Upgrade node-inspect to 1.11.5 (Jan Krems) #21055
- fs,net:
  - support as and as+ flags in stringToFlags() (Sarat Addepalli) #18801
  - emit 'ready' for fs streams and sockets (Sameer Srivastava) #19408
- http, http2:
  - add options to http.createServer() (Peter Marton) #15752-
  - add 103 Early Hints status code (Yosuke Furukawa) #16644
  - add http fallback options to .createServer (Peter Marton) #15752
- n-api:
  - take n-api out of experimental (Michael Dawson) #19262
- perf_hooks:
  - add warning when too many entries in the timeline (James M Snell) #18087
- src:
  - add public API for managing NodePlatform (Cheng Zhao) #16981
  - allow --perf-(basic-)?prof in NODE_OPTIONS (Leko) #17600
  - node internals' postmortem metadata (Matheus Marchini) #14901
- tls:
  - expose Finished messages in TLSSocket (Anton Salikhmetov) #19102
- trace_events:
  - add file pattern cli option (Andreas Madsen) #18480
- util:
  - implement util.getSystemErrorName() (Joyee Cheung) #18186
Read more...
06 Sep Node v10.10.0 (Current)
- child_process:
  - TypedArray and DataView values are now accepted as input by execFileSync and spawnSync. #22409
- coverage:
  - Native V8 code coverage information can now be output to disk by setting the environment variable NODE_V8_COVERAGE to a directory. #22527
- deps:
  - The bundled npm was upgraded to version 6.4.1. #22591
    - Changelogs: 6.3.0-next.0 6.3.0 6.4.0 6.4.1
- fs:
  - The methods fs.read, fs.readSync, fs.write, fs.writeSync, fs.writeFile and fs.writeFileSync now all accept TypedArray and DataView objects. #22150
  - A new boolean option, withFileTypes, can be passed to fs.readdir and fs.readdirSync. If set to true, the methods return an array of directory entries. These are objects that can be used to determine the type of each entry and filter them based on that without calling fs.stat. #22020
- http2:
  - The http2 module is no longer experimental. #22466
- os:
  - Added two new methods: os.getPriority and os.setPriority, allowing to manipulate the scheduling priority of processes. #22407
- process:
  - Added process.allowedNodeEnvironmentFlags. This object can be used to programmatically validate and list flags that are allowed in the NODE_OPTIONS environment variable. #19335
- src:
  - Deprecated option variables in public C++ API. #22515
  - Refactored options parsing. #22392
- vm:
  - Added vm.compileFunction, a method to create new JavaScript functions from a source body, with options similar to those of the other vm methods. #21571
- Added new collaborators:
  - lundibundi - Denys Otrishko
Read more...
16 Aug Node v10.9.0 (Current)
This is a security release, fixing a number of vulnerabilities in OpenSSL and Node.js. Refer to the August 2018 Security Releases announcement for full details.
- buffer:
  - Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115)
  - Fix unintentional exposure of uninitialized memory in Buffer.alloc() (CVE-2018-7166)
- deps:
  - Upgrade to OpenSSL 1.1.0i, fixing:
    - Client DoS due to large DH parameter (CVE-2018-0732)
    - ECDSA key extraction via local side-channel (CVE not assigned)
  - Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) #21079
    - Memory reduction and performance improvements, details at: https://v8project.blogspot.com/2018/06/v8-release-68.html
- http: http.get() and http.request() (and https variants) can now accept three arguments to allow for a URL and an options object (Sam Ruby) #21616
- Added new collaborators
  - Sam Ruby (https://github.com/rubys)
  - George Adams (https://github.com/gdams)
Read more...
16 Aug Node v8.11.4 (LTS)
This is a security release, fixing a number of vulnerabilities in OpenSSL and Node.js. Refer to the August 2018 Security Releases announcement for full details.
- buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115)
- deps: Upgrade to OpenSSL 1.0.2p, fixing:
  - Client DoS due to large DH parameter (CVE-2018-0732)
  - ECDSA key extraction via local side-channel (CVE not assigned)
Read more...
16 Aug Node v6.14.4 (LTS)
This is a security release, fixing a number of vulnerabilities in OpenSSL and Node.js. Refer to the August 2018 Security Releases announcement for full details.
- buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115)
- deps: Upgrade to OpenSSL 1.0.2p, fixing:
  - Client DoS due to large DH parameter (CVE-2018-0732)
  - ECDSA key extraction via local side-channel (CVE not assigned)
Read more...
11 Aug August 2018 Security Releases
01 Aug Node v10.8.0 (Current)
18 Jul Node v10.7.0 (Current)
04 Jul Node v10.6.0 (Current)
20 Jun Node v10.5.0 (Current)
12 Jun Node v8.11.3 (LTS)
12 Jun Node v6.14.3 (LTS)
12 Jun Node v9.11.2 (Current)
12 Jun Node v10.4.1 (Current)
12 Jun June 2018 Security Releases
06 Jun Node v10.4.0 (Current)
29 May Node v10.3.0 (Current)
24 May Node v10.2.1 (Current)
23 May Node v10.2.0 (Current)
15 May Node v8.11.2 (LTS)
09 May Node v10.1.0 (Current)
30 Apr Node v6.14.2 (LTS)
24 Apr Node v10.0.0 (Current)
05 Apr Node v9.11.1 (Current)
04 Apr Node v9.11.0 (Current)
30 Mar Node v9.10.1 (Current)
30 Mar Node v8.11.1 (LTS)
30 Mar Node v6.14.1 (LTS)
30 Mar Node v4.9.1 (Maintenance)
28 Mar Node v9.10.0 (Current)
28 Mar Node v8.11.0 (LTS)
28 Mar Node v6.14.0 (LTS)
28 Mar Node v4.9.0 (Maintenance)
21 Mar March 2018 Security Releases
21 Mar Node v9.9.0 (Current)
08 Mar Node v9.8.0 (Current)
07 Mar Node v8.10.0 (LTS)
06 Mar Node v6.13.1 (LTS)
02 Mar Node v9.7.1 (Current)
01 Mar Node v9.7.0 (Current)
23 Feb Node v9.6.1 (Current)
22 Feb Node v9.6.0 (Current)
13 Feb Node v6.13.0 (LTS)
01 Feb Node v9.5.0 (Current)
10 Jan Node v9.4.0 (Current)
08 Jan Meltdown and Spectre - Impact On Node.js
03 Jan Node v8.9.4 (LTS)
02 Jan Node v6.12.3 (LTS)