doc: use consistent indenting for unordered list items

Address Markdownlint MD007 rule.
Default suggestion is 2 space indenting for unordered list items.

PR-URL: https://github.com/nodejs/node/pull/29390
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

BUILDING.md

@@ -243,8 +243,8 @@ transition before the year-end deadline.
 * `gcc` and `g++` >= 6.3 or newer, or
 * GNU Make 3.81 or newer
 * Python (see note above)
-    * Python 2.7
+  * Python 2.7
-    * Python 3.5, 3.6, and 3.7 are experimental.
+  * Python 3.5, 3.6, and 3.7 are experimental.
 
 Installation via Linux package manager can be achieved with:
 
@@ -259,8 +259,8 @@ FreeBSD and OpenBSD users may also need to install `libexecinfo`.
 
 * Xcode Command Line Tools >= 8 for macOS
 * Python (see note above)
-    * Python 2.7
+  * Python 2.7
-    * Python 3.5, 3.6, and 3.7 are experimental.
+  * Python 3.5, 3.6, and 3.7 are experimental.
 
 macOS users can install the `Xcode Command Line Tools` by running
 `xcode-select --install`. Alternatively, if you already have the full Xcode

doc/api/http2.md

@@ -1977,20 +1977,20 @@ changes:
     exceed this limit will result in a `'frameError'` event being emitted
     and the stream being closed and destroyed.
   * `paddingStrategy` {number} Identifies the strategy used for determining the
-     amount of padding to use for `HEADERS` and `DATA` frames. **Default:**
+    amount of padding to use for `HEADERS` and `DATA` frames. **Default:**
-     `http2.constants.PADDING_STRATEGY_NONE`. Value may be one of:
+    `http2.constants.PADDING_STRATEGY_NONE`. Value may be one of:
-     * `http2.constants.PADDING_STRATEGY_NONE` - Specifies that no padding is
+    * `http2.constants.PADDING_STRATEGY_NONE` - Specifies that no padding is
-       to be applied.
+      to be applied.
-     * `http2.constants.PADDING_STRATEGY_MAX` - Specifies that the maximum
+    * `http2.constants.PADDING_STRATEGY_MAX` - Specifies that the maximum
-       amount of padding, as determined by the internal implementation, is to
+      amount of padding, as determined by the internal implementation, is to
-       be applied.
+      be applied.
-     * `http2.constants.PADDING_STRATEGY_ALIGNED` - Will *attempt* to apply
+    * `http2.constants.PADDING_STRATEGY_ALIGNED` - Will *attempt* to apply
-       enough padding to ensure that the total frame length, including the
+      enough padding to ensure that the total frame length, including the
-       9-byte header, is a multiple of 8. For each frame, however, there is a
+      9-byte header, is a multiple of 8. For each frame, however, there is a
-       maximum allowed number of padding bytes that is determined by current
+      maximum allowed number of padding bytes that is determined by current
-       flow control state and settings. If this maximum is less than the
+      flow control state and settings. If this maximum is less than the
-       calculated amount needed to ensure alignment, the maximum will be used
+      calculated amount needed to ensure alignment, the maximum will be used
-       and the total frame length will *not* necessarily be aligned at 8 bytes.
+      and the total frame length will *not* necessarily be aligned at 8 bytes.
   * `peerMaxConcurrentStreams` {number} Sets the maximum number of concurrent
     streams for the remote peer as if a `SETTINGS` frame had been received. Will
     be overridden if the remote peer sets its own value for
@@ -2091,20 +2091,20 @@ changes:
     exceed this limit will result in a `'frameError'` event being emitted
     and the stream being closed and destroyed.
   * `paddingStrategy` {number} Identifies the strategy used for determining the
-     amount of padding to use for `HEADERS` and `DATA` frames. **Default:**
+    amount of padding to use for `HEADERS` and `DATA` frames. **Default:**
-     `http2.constants.PADDING_STRATEGY_NONE`. Value may be one of:
+    `http2.constants.PADDING_STRATEGY_NONE`. Value may be one of:
-     * `http2.constants.PADDING_STRATEGY_NONE` - Specifies that no padding is
+    * `http2.constants.PADDING_STRATEGY_NONE` - Specifies that no padding is
-       to be applied.
+      to be applied.
-     * `http2.constants.PADDING_STRATEGY_MAX` - Specifies that the maximum
+    * `http2.constants.PADDING_STRATEGY_MAX` - Specifies that the maximum
-       amount of padding, as determined by the internal implementation, is to
+      amount of padding, as determined by the internal implementation, is to
-       be applied.
+      be applied.
-     * `http2.constants.PADDING_STRATEGY_ALIGNED` - Will *attempt* to apply
+    * `http2.constants.PADDING_STRATEGY_ALIGNED` - Will *attempt* to apply
-       enough padding to ensure that the total frame length, including the
+      enough padding to ensure that the total frame length, including the
-       9-byte header, is a multiple of 8. For each frame, however, there is a
+      9-byte header, is a multiple of 8. For each frame, however, there is a
-       maximum allowed number of padding bytes that is determined by current
+      maximum allowed number of padding bytes that is determined by current
-       flow control state and settings. If this maximum is less than the
+      flow control state and settings. If this maximum is less than the
-       calculated amount needed to ensure alignment, the maximum will be used
+      calculated amount needed to ensure alignment, the maximum will be used
-       and the total frame length will *not* necessarily be aligned at 8 bytes.
+      and the total frame length will *not* necessarily be aligned at 8 bytes.
   * `peerMaxConcurrentStreams` {number} Sets the maximum number of concurrent
     streams for the remote peer as if a `SETTINGS` frame had been received. Will
     be overridden if the remote peer sets its own value for
@@ -2191,20 +2191,20 @@ changes:
     exceed this limit will result in a `'frameError'` event being emitted
     and the stream being closed and destroyed.
   * `paddingStrategy` {number} Identifies the strategy used for determining the
-     amount of padding to use for `HEADERS` and `DATA` frames. **Default:**
+    amount of padding to use for `HEADERS` and `DATA` frames. **Default:**
-     `http2.constants.PADDING_STRATEGY_NONE`. Value may be one of:
+    `http2.constants.PADDING_STRATEGY_NONE`. Value may be one of:
-     * `http2.constants.PADDING_STRATEGY_NONE` - Specifies that no padding is
+    * `http2.constants.PADDING_STRATEGY_NONE` - Specifies that no padding is
-       to be applied.
+      to be applied.
-     * `http2.constants.PADDING_STRATEGY_MAX` - Specifies that the maximum
+    * `http2.constants.PADDING_STRATEGY_MAX` - Specifies that the maximum
-       amount of padding, as determined by the internal implementation, is to
+      amount of padding, as determined by the internal implementation, is to
-       be applied.
+      be applied.
-     * `http2.constants.PADDING_STRATEGY_ALIGNED` - Will *attempt* to apply
+    * `http2.constants.PADDING_STRATEGY_ALIGNED` - Will *attempt* to apply
-       enough padding to ensure that the total frame length, including the
+      enough padding to ensure that the total frame length, including the
-       9-byte header, is a multiple of 8. For each frame, however, there is a
+      9-byte header, is a multiple of 8. For each frame, however, there is a
-       maximum allowed number of padding bytes that is determined by current
+      maximum allowed number of padding bytes that is determined by current
-       flow control state and settings. If this maximum is less than the
+      flow control state and settings. If this maximum is less than the
-       calculated amount needed to ensure alignment, the maximum will be used
+      calculated amount needed to ensure alignment, the maximum will be used
-       and the total frame length will *not* necessarily be aligned at 8 bytes.
+      and the total frame length will *not* necessarily be aligned at 8 bytes.
   * `peerMaxConcurrentStreams` {number} Sets the maximum number of concurrent
     streams for the remote peer as if a `SETTINGS` frame had been received. Will
     be overridden if the remote peer sets its own value for

doc/api/process.md

@@ -723,8 +723,8 @@ added: v6.1.0
 * `previousValue` {Object} A previous return value from calling
   `process.cpuUsage()`
 * Returns: {Object}
-    * `user` {integer}
+  * `user` {integer}
-    * `system` {integer}
+  * `system` {integer}
 
 The `process.cpuUsage()` method returns the user and system CPU time usage of
 the current process, in an object with properties `user` and `system`, whose
@@ -1450,10 +1450,10 @@ changes:
 -->
 
 * Returns: {Object}
-    * `rss` {integer}
+  * `rss` {integer}
-    * `heapTotal` {integer}
+  * `heapTotal` {integer}
-    * `heapUsed` {integer}
+  * `heapUsed` {integer}
-    * `external` {integer}
+  * `external` {integer}
 
 The `process.memoryUsage()` method returns an object describing the memory usage
 of the Node.js process measured in bytes.
@@ -1866,45 +1866,45 @@ added: v12.6.0
 * Returns: {Object} the resource usage for the current process. All of these
   values come from the `uv_getrusage` call which returns
   a [`uv_rusage_t` struct][uv_rusage_t].
-    * `userCPUTime` {integer} maps to `ru_utime` computed in microseconds.
+  * `userCPUTime` {integer} maps to `ru_utime` computed in microseconds.
-      It is the same value as [`process.cpuUsage().user`][process.cpuUsage].
+    It is the same value as [`process.cpuUsage().user`][process.cpuUsage].
-    * `systemCPUTime` {integer} maps to `ru_stime` computed in microseconds.
+  * `systemCPUTime` {integer} maps to `ru_stime` computed in microseconds.
-      It is the same value as [`process.cpuUsage().system`][process.cpuUsage].
+    It is the same value as [`process.cpuUsage().system`][process.cpuUsage].
-    * `maxRSS` {integer} maps to `ru_maxrss` which is the maximum resident set
+  * `maxRSS` {integer} maps to `ru_maxrss` which is the maximum resident set
-      size used in kilobytes.
+    size used in kilobytes.
-    * `sharedMemorySize` {integer} maps to `ru_ixrss` but is not supported by
+  * `sharedMemorySize` {integer} maps to `ru_ixrss` but is not supported by
-      any platform.
+    any platform.
-    * `unsharedDataSize` {integer} maps to `ru_idrss` but is not supported by
+  * `unsharedDataSize` {integer} maps to `ru_idrss` but is not supported by
-      any platform.
+    any platform.
-    * `unsharedStackSize` {integer} maps to `ru_isrss` but is not supported by
+  * `unsharedStackSize` {integer} maps to `ru_isrss` but is not supported by
-      any platform.
+    any platform.
-    * `minorPageFault` {integer} maps to `ru_minflt` which is the number of
+  * `minorPageFault` {integer} maps to `ru_minflt` which is the number of
-      minor page faults for the process, see
+    minor page faults for the process, see
-      [this article for more details][wikipedia_minor_fault].
+    [this article for more details][wikipedia_minor_fault].
-    * `majorPageFault` {integer} maps to `ru_majflt` which is the number of
+  * `majorPageFault` {integer} maps to `ru_majflt` which is the number of
-      major page faults for the process, see
+    major page faults for the process, see
-      [this article for more details][wikipedia_major_fault]. This field is not
+    [this article for more details][wikipedia_major_fault]. This field is not
-      supported on Windows.
+    supported on Windows.
-    * `swappedOut` {integer} maps to `ru_nswap` but is not supported by any
+  * `swappedOut` {integer} maps to `ru_nswap` but is not supported by any
-      platform.
+    platform.
-    * `fsRead` {integer} maps to `ru_inblock` which is the number of times the
+  * `fsRead` {integer} maps to `ru_inblock` which is the number of times the
-      file system had to perform input.
+    file system had to perform input.
-    * `fsWrite` {integer} maps to `ru_oublock` which is the number of times the
+  * `fsWrite` {integer} maps to `ru_oublock` which is the number of times the
-      file system had to perform output.
+    file system had to perform output.
-    * `ipcSent` {integer} maps to `ru_msgsnd` but is not supported by any
+  * `ipcSent` {integer} maps to `ru_msgsnd` but is not supported by any
-      platform.
+    platform.
-    * `ipcReceived` {integer} maps to `ru_msgrcv` but is not supported by any
+  * `ipcReceived` {integer} maps to `ru_msgrcv` but is not supported by any
-      platform.
+    platform.
-    * `signalsCount` {integer} maps to `ru_nsignals` but is not supported by any
+  * `signalsCount` {integer} maps to `ru_nsignals` but is not supported by any
-      platform.
+    platform.
-    * `voluntaryContextSwitches` {integer} maps to `ru_nvcsw` which is the
+  * `voluntaryContextSwitches` {integer} maps to `ru_nvcsw` which is the
-      number of times a CPU context switch resulted due to a process voluntarily
+    number of times a CPU context switch resulted due to a process voluntarily
-      giving up the processor before its time slice was completed (usually to
+    giving up the processor before its time slice was completed (usually to
-      await availability of a resource). This field is not supported on Windows.
+    await availability of a resource). This field is not supported on Windows.
-    * `involuntaryContextSwitches` {integer} maps to `ru_nivcsw` which is the
+  * `involuntaryContextSwitches` {integer} maps to `ru_nivcsw` which is the
-      number of times a CPU context switch resulted due to a higher priority
+    number of times a CPU context switch resulted due to a higher priority
-      process becoming runnable or because the current process exceeded its
+    process becoming runnable or because the current process exceeded its
-      time slice. This field is not supported on Windows.
+    time slice. This field is not supported on Windows.
 
 ```js
 console.log(process.resourceUsage());

doc/api/url.md

@@ -1143,9 +1143,9 @@ The formatting process operates as follows:
   colon (`:`) character, the literal string `:` will be appended to `result`.
 * If either of the following conditions is true, then the literal string `//`
   will be appended to `result`:
-    * `urlObject.slashes` property is true;
+  * `urlObject.slashes` property is true;
-    * `urlObject.protocol` begins with `http`, `https`, `ftp`, `gopher`, or
+  * `urlObject.protocol` begins with `http`, `https`, `ftp`, `gopher`, or
-      `file`;
+    `file`;
 * If the value of the `urlObject.auth` property is truthy, and either
   `urlObject.host` or `urlObject.hostname` are not `undefined`, the value of
   `urlObject.auth` will be coerced into a string and appended to `result`

doc/api/vm.md

@@ -90,12 +90,12 @@ changes:
     `import()` will reject with [`ERR_VM_DYNAMIC_IMPORT_CALLBACK_MISSING`][].
     This option is part of the experimental API for the `--experimental-modules`
     flag, and should not be considered stable.
-     * `specifier` {string} specifier passed to `import()`
+    * `specifier` {string} specifier passed to `import()`
-     * `module` {vm.SourceTextModule}
+    * `module` {vm.SourceTextModule}
-     * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
+    * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
-       `vm.SourceTextModule` is recommended in order to take advantage of error
+      `vm.SourceTextModule` is recommended in order to take advantage of error
-       tracking, and to avoid issues with namespaces that contain `then`
+      tracking, and to avoid issues with namespaces that contain `then`
-       function exports.
+      function exports.
 
 If `options` is a string, then it specifies the filename.
 
@@ -432,12 +432,12 @@ const contextifiedSandbox = vm.createContext({ secret: 42 });
   * `importModuleDynamically` {Function} Called during evaluation of this module
     when `import()` is called. If this option is not specified, calls to
     `import()` will reject with [`ERR_VM_DYNAMIC_IMPORT_CALLBACK_MISSING`][].
-     * `specifier` {string} specifier passed to `import()`
+    * `specifier` {string} specifier passed to `import()`
-     * `module` {vm.SourceTextModule}
+    * `module` {vm.SourceTextModule}
-     * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
+    * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
-       `vm.SourceTextModule` is recommended in order to take advantage of error
+      `vm.SourceTextModule` is recommended in order to take advantage of error
-       tracking, and to avoid issues with namespaces that contain `then`
+      tracking, and to avoid issues with namespaces that contain `then`
-       function exports.
+      function exports.
 
 Creates a new ES `Module` object.
 
@@ -817,12 +817,12 @@ changes:
     `import()` will reject with [`ERR_VM_DYNAMIC_IMPORT_CALLBACK_MISSING`][].
     This option is part of the experimental API for the `--experimental-modules`
     flag, and should not be considered stable.
-     * `specifier` {string} specifier passed to `import()`
+    * `specifier` {string} specifier passed to `import()`
-     * `module` {vm.SourceTextModule}
+    * `module` {vm.SourceTextModule}
-     * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
+    * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
-       `vm.SourceTextModule` is recommended in order to take advantage of error
+      `vm.SourceTextModule` is recommended in order to take advantage of error
-       tracking, and to avoid issues with namespaces that contain `then`
+      tracking, and to avoid issues with namespaces that contain `then`
-       function exports.
+      function exports.
 * Returns: {any} the result of the very last statement executed in the script.
 
 The `vm.runInContext()` method compiles `code`, runs it within the context of
@@ -915,12 +915,12 @@ changes:
     `import()` will reject with [`ERR_VM_DYNAMIC_IMPORT_CALLBACK_MISSING`][].
     This option is part of the experimental API for the `--experimental-modules`
     flag, and should not be considered stable.
-     * `specifier` {string} specifier passed to `import()`
+    * `specifier` {string} specifier passed to `import()`
-     * `module` {vm.SourceTextModule}
+    * `module` {vm.SourceTextModule}
-     * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
+    * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
-       `vm.SourceTextModule` is recommended in order to take advantage of error
+      `vm.SourceTextModule` is recommended in order to take advantage of error
-       tracking, and to avoid issues with namespaces that contain `then`
+      tracking, and to avoid issues with namespaces that contain `then`
-       function exports.
+      function exports.
 * Returns: {any} the result of the very last statement executed in the script.
 
 The `vm.runInNewContext()` first contextifies the given `sandbox` object (or
@@ -993,12 +993,12 @@ changes:
     `import()` will reject with [`ERR_VM_DYNAMIC_IMPORT_CALLBACK_MISSING`][].
     This option is part of the experimental API for the `--experimental-modules`
     flag, and should not be considered stable.
-     * `specifier` {string} specifier passed to `import()`
+    * `specifier` {string} specifier passed to `import()`
-     * `module` {vm.SourceTextModule}
+    * `module` {vm.SourceTextModule}
-     * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
+    * Returns: {Module Namespace Object|vm.SourceTextModule} Returning a
-       `vm.SourceTextModule` is recommended in order to take advantage of error
+      `vm.SourceTextModule` is recommended in order to take advantage of error
-       tracking, and to avoid issues with namespaces that contain `then`
+      tracking, and to avoid issues with namespaces that contain `then`
-       function exports.
+      function exports.
 * Returns: {any} the result of the very last statement executed in the script.
 
 `vm.runInThisContext()` compiles `code`, runs it within the context of the

doc/changelogs/CHANGELOG_V10.md

@@ -1459,8 +1459,8 @@ Fixes for the following CVEs are included in this release:
 
 * **deps**: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
 * **http**:
-    * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
+  * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
-    * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina)
+  * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina)
 * **url**: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by [Martin Bajanik](https://twitter.com/_bayotop) ([Kentico](https://kenticocloud.com/)). (CVE-2018-12123 / Matteo Collina)
 
 ### Commits

doc/changelogs/CHANGELOG_V11.md

@@ -2098,8 +2098,8 @@ Fixes for the following CVEs are included in this release:
 
 * **deps**: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
 * **http**:
-    * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
+  * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
-    * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina)
+  * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina)
 * **url**: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by [Martin Bajanik](https://twitter.com/_bayotop) ([Kentico](https://kenticocloud.com/)). (CVE-2018-12123 / Matteo Collina)
 
 ### Commits

doc/changelogs/CHANGELOG_V12.md

@@ -1450,109 +1450,109 @@ Vulnerabilities fixed:
 ### Notable Changes
 
 * **assert**:
-    * validate required arguments (Ruben Bridgewater) [#26641](https://github.com/nodejs/node/pull/26641)
+  * validate required arguments (Ruben Bridgewater) [#26641](https://github.com/nodejs/node/pull/26641)
-    * adjust loose assertions (Ruben Bridgewater) [#25008](https://github.com/nodejs/node/pull/25008)
+  * adjust loose assertions (Ruben Bridgewater) [#25008](https://github.com/nodejs/node/pull/25008)
 * **async_hooks**:
-    * remove deprecated `emitBefore` and `emitAfter` (Matteo Collina) [#26530](https://github.com/nodejs/node/pull/26530)
+  * remove deprecated `emitBefore` and `emitAfter` (Matteo Collina) [#26530](https://github.com/nodejs/node/pull/26530)
-    * remove promise object from resource (Andreas Madsen) [#23443](https://github.com/nodejs/node/pull/23443)
+  * remove promise object from resource (Andreas Madsen) [#23443](https://github.com/nodejs/node/pull/23443)
 * **bootstrap**: make Buffer and process non-enumerable (Ruben Bridgewater) [#24874](https://github.com/nodejs/node/pull/24874)
 * **buffer**:
-    * use stricter range checks (Ruben Bridgewater) [#27045](https://github.com/nodejs/node/pull/27045)
+  * use stricter range checks (Ruben Bridgewater) [#27045](https://github.com/nodejs/node/pull/27045)
-    * harden `SlowBuffer` creation (ZYSzys) [#26272](https://github.com/nodejs/node/pull/26272)
+  * harden `SlowBuffer` creation (ZYSzys) [#26272](https://github.com/nodejs/node/pull/26272)
-    * harden validation of buffer allocation size (ZYSzys) [#26162](https://github.com/nodejs/node/pull/26162)
+  * harden validation of buffer allocation size (ZYSzys) [#26162](https://github.com/nodejs/node/pull/26162)
-    * do proper error propagation in addon methods (Anna Henningsen) [#23939](https://github.com/nodejs/node/pull/23939)
+  * do proper error propagation in addon methods (Anna Henningsen) [#23939](https://github.com/nodejs/node/pull/23939)
 * **child_process**:
-    * remove `options.customFds` (cjihrig) [#25279](https://github.com/nodejs/node/pull/25279)
+  * remove `options.customFds` (cjihrig) [#25279](https://github.com/nodejs/node/pull/25279)
-    * harden fork arguments validation (ZYSzys) [#27039](https://github.com/nodejs/node/pull/27039)
+  * harden fork arguments validation (ZYSzys) [#27039](https://github.com/nodejs/node/pull/27039)
-    * use non-infinite `maxBuffer` defaults (kohta ito) [#23027](https://github.com/nodejs/node/pull/23027)
+  * use non-infinite `maxBuffer` defaults (kohta ito) [#23027](https://github.com/nodejs/node/pull/23027)
 * **console**: don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky) [#26261](https://github.com/nodejs/node/pull/26261)
 * **crypto**:
-    * remove legacy native handles (Tobias Nießen) [#27011](https://github.com/nodejs/node/pull/27011)
+  * remove legacy native handles (Tobias Nießen) [#27011](https://github.com/nodejs/node/pull/27011)
-    * decode missing passphrase errors (Tobias Nießen) [#25208](https://github.com/nodejs/node/pull/25208)
+  * decode missing passphrase errors (Tobias Nießen) [#25208](https://github.com/nodejs/node/pull/25208)
-    * remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()` (Tobias Nießen) [#26249](https://github.com/nodejs/node/pull/26249)
+  * remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()` (Tobias Nießen) [#26249](https://github.com/nodejs/node/pull/26249)
-    * remove deprecated `crypto._toBuf()` (Tobias Nießen) [#25338](https://github.com/nodejs/node/pull/25338)
+  * remove deprecated `crypto._toBuf()` (Tobias Nießen) [#25338](https://github.com/nodejs/node/pull/25338)
-    * set `DEFAULT\_ENCODING` property to non-enumerable (Antoine du Hamel) [#23222](https://github.com/nodejs/node/pull/23222)
+  * set `DEFAULT\_ENCODING` property to non-enumerable (Antoine du Hamel) [#23222](https://github.com/nodejs/node/pull/23222)
 * **deps**:
-    * update V8 to 7.4.288.13 (Michaël Zasso, cjihrig, Refael Ackermann, Anna Henningsen, Ujjwal Sharma) [#26685](https://github.com/nodejs/node/pull/26685)
+  * update V8 to 7.4.288.13 (Michaël Zasso, cjihrig, Refael Ackermann, Anna Henningsen, Ujjwal Sharma) [#26685](https://github.com/nodejs/node/pull/26685)
-    * bump minimum icu version to 63 (Ujjwal Sharma) [#25852](https://github.com/nodejs/node/pull/25852)
+  * bump minimum icu version to 63 (Ujjwal Sharma) [#25852](https://github.com/nodejs/node/pull/25852)
-    * update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu) [#26327](https://github.com/nodejs/node/pull/26327)
+  * update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu) [#26327](https://github.com/nodejs/node/pull/26327)
 * **errors**: update error name (Ruben Bridgewater) [#26738](https://github.com/nodejs/node/pull/26738)
 * **fs**:
-    * use proper .destroy() implementation for SyncWriteStream (Matteo Collina) [#26690](https://github.com/nodejs/node/pull/26690)
+  * use proper .destroy() implementation for SyncWriteStream (Matteo Collina) [#26690](https://github.com/nodejs/node/pull/26690)
-    * improve mode validation (Ruben Bridgewater) [#26575](https://github.com/nodejs/node/pull/26575)
+  * improve mode validation (Ruben Bridgewater) [#26575](https://github.com/nodejs/node/pull/26575)
-    * harden validation of start option in `createWriteStream()` (ZYSzys) [#25579](https://github.com/nodejs/node/pull/25579)
+  * harden validation of start option in `createWriteStream()` (ZYSzys) [#25579](https://github.com/nodejs/node/pull/25579)
-    * make writeFile consistent with readFile wrt fd (Sakthipriyan Vairamani (thefourtheye)) [#23709](https://github.com/nodejs/node/pull/23709)
+  * make writeFile consistent with readFile wrt fd (Sakthipriyan Vairamani (thefourtheye)) [#23709](https://github.com/nodejs/node/pull/23709)
 * **http**:
-    * validate timeout in `ClientRequest()` (cjihrig) [#26214](https://github.com/nodejs/node/pull/26214)
+  * validate timeout in `ClientRequest()` (cjihrig) [#26214](https://github.com/nodejs/node/pull/26214)
-    * return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still) [#25605](https://github.com/nodejs/node/pull/25605)
+  * return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still) [#25605](https://github.com/nodejs/node/pull/25605)
-    * switch default parser to llhttp (Anna Henningsen) [#24870](https://github.com/nodejs/node/pull/24870)
+  * switch default parser to llhttp (Anna Henningsen) [#24870](https://github.com/nodejs/node/pull/24870)
-    * Runtime-deprecate `outgoingMessage._headers` and `outgoingMessage._headerNames` (Morgan Roderick) [#24167](https://github.com/nodejs/node/pull/24167)
+  * Runtime-deprecate `outgoingMessage._headers` and `outgoingMessage._headerNames` (Morgan Roderick) [#24167](https://github.com/nodejs/node/pull/24167)
 * **lib**:
-    * remove `Atomics.wake()` (Gus Caplan) [#27033](https://github.com/nodejs/node/pull/27033)
+  * remove `Atomics.wake()` (Gus Caplan) [#27033](https://github.com/nodejs/node/pull/27033)
-    * move DTRACE\_\* probes out of global scope (James M Snell) [#26541](https://github.com/nodejs/node/pull/26541)
+  * move DTRACE\_\* probes out of global scope (James M Snell) [#26541](https://github.com/nodejs/node/pull/26541)
-    * deprecate `_stream_wrap` (Sam Roberts) [#26245](https://github.com/nodejs/node/pull/26245)
+  * deprecate `_stream_wrap` (Sam Roberts) [#26245](https://github.com/nodejs/node/pull/26245)
-    * use ES6 class inheritance style (Ruben Bridgewater) [#24755](https://github.com/nodejs/node/pull/24755)
+  * use ES6 class inheritance style (Ruben Bridgewater) [#24755](https://github.com/nodejs/node/pull/24755)
 * **module**:
-    * remove unintended access to deps/ (Anna Henningsen) [#25138](https://github.com/nodejs/node/pull/25138)
+  * remove unintended access to deps/ (Anna Henningsen) [#25138](https://github.com/nodejs/node/pull/25138)
-    * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh) [#25690](https://github.com/nodejs/node/pull/25690)
+  * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh) [#25690](https://github.com/nodejs/node/pull/25690)
-    * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh) [#25690](https://github.com/nodejs/node/pull/25690)
+  * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh) [#25690](https://github.com/nodejs/node/pull/25690)
-    * remove dead code (Ruben Bridgewater) [#26983](https://github.com/nodejs/node/pull/26983)
+  * remove dead code (Ruben Bridgewater) [#26983](https://github.com/nodejs/node/pull/26983)
-    * make `require('.')` never resolve outside the current directory (Ruben Bridgewater) [#26973](https://github.com/nodejs/node/pull/26973)
+  * make `require('.')` never resolve outside the current directory (Ruben Bridgewater) [#26973](https://github.com/nodejs/node/pull/26973)
-    * throw an error for invalid package.json main entries (Ruben Bridgewater) [#26823](https://github.com/nodejs/node/pull/26823)
+  * throw an error for invalid package.json main entries (Ruben Bridgewater) [#26823](https://github.com/nodejs/node/pull/26823)
-    * don't search in `require.resolve.paths` (cjihrig) [#23683](https://github.com/nodejs/node/pull/23683)
+  * don't search in `require.resolve.paths` (cjihrig) [#23683](https://github.com/nodejs/node/pull/23683)
 * **net**:
-    * remove `Server.listenFD()` (cjihrig) [#27127](https://github.com/nodejs/node/pull/27127)
+  * remove `Server.listenFD()` (cjihrig) [#27127](https://github.com/nodejs/node/pull/27127)
-    * do not add `.host` and `.port` properties to DNS error (Ruben Bridgewater) [#26751](https://github.com/nodejs/node/pull/26751)
+  * do not add `.host` and `.port` properties to DNS error (Ruben Bridgewater) [#26751](https://github.com/nodejs/node/pull/26751)
-    * emit "write after end" errors in the next tick (Ouyang Yadong) [#24457](https://github.com/nodejs/node/pull/24457)
+  * emit "write after end" errors in the next tick (Ouyang Yadong) [#24457](https://github.com/nodejs/node/pull/24457)
-    * deprecate `_setSimultaneousAccepts()` undocumented function (James M Snell) [#23760](https://github.com/nodejs/node/pull/23760)
+  * deprecate `_setSimultaneousAccepts()` undocumented function (James M Snell) [#23760](https://github.com/nodejs/node/pull/23760)
 * **os**:
-    * implement `os.type()` using `uv_os_uname()` (cjihrig) [#25659](https://github.com/nodejs/node/pull/25659)
+  * implement `os.type()` using `uv_os_uname()` (cjihrig) [#25659](https://github.com/nodejs/node/pull/25659)
-    * remove `os.getNetworkInterfaces()` (cjihrig) [#25280](https://github.com/nodejs/node/pull/25280)
+  * remove `os.getNetworkInterfaces()` (cjihrig) [#25280](https://github.com/nodejs/node/pull/25280)
 * **process**:
-    * make global.process, global.Buffer getters (Guy Bedford) [#26882](https://github.com/nodejs/node/pull/26882)
+  * make global.process, global.Buffer getters (Guy Bedford) [#26882](https://github.com/nodejs/node/pull/26882)
-    * move DEP0062 (node --debug) to end-of-life (Joyee Cheung) [#25828](https://github.com/nodejs/node/pull/25828)
+  * move DEP0062 (node --debug) to end-of-life (Joyee Cheung) [#25828](https://github.com/nodejs/node/pull/25828)
-    * exit on --debug and --debug-brk after option parsing (Joyee Cheung) [#25828](https://github.com/nodejs/node/pull/25828)
+  * exit on --debug and --debug-brk after option parsing (Joyee Cheung) [#25828](https://github.com/nodejs/node/pull/25828)
-    * improve `--redirect-warnings` handling (Ruben Bridgewater) [#24965](https://github.com/nodejs/node/pull/24965)
+  * improve `--redirect-warnings` handling (Ruben Bridgewater) [#24965](https://github.com/nodejs/node/pull/24965)
 * **readline**: support TERM=dumb (Vladislav Kaminsky) [#26261](https://github.com/nodejs/node/pull/26261)
 * **repl**:
-    * add welcome message (gengjiawen) [#25947](https://github.com/nodejs/node/pull/25947)
+  * add welcome message (gengjiawen) [#25947](https://github.com/nodejs/node/pull/25947)
-    * fix terminal default setting (Ruben Bridgewater) [#26518](https://github.com/nodejs/node/pull/26518)
+  * fix terminal default setting (Ruben Bridgewater) [#26518](https://github.com/nodejs/node/pull/26518)
-    * check colors with `.getColorDepth()` (Vladislav Kaminsky) [#26261](https://github.com/nodejs/node/pull/26261)
+  * check colors with `.getColorDepth()` (Vladislav Kaminsky) [#26261](https://github.com/nodejs/node/pull/26261)
-    * deprecate REPLServer.rli (Ruben Bridgewater) [#26260](https://github.com/nodejs/node/pull/26260)
+  * deprecate REPLServer.rli (Ruben Bridgewater) [#26260](https://github.com/nodejs/node/pull/26260)
 * **src**:
-    * remove unused `INT_MAX` constant (Sam Roberts) [#27078](https://github.com/nodejs/node/pull/27078)
+  * remove unused `INT_MAX` constant (Sam Roberts) [#27078](https://github.com/nodejs/node/pull/27078)
-    * update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma) [#26685](https://github.com/nodejs/node/pull/26685)
+  * update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma) [#26685](https://github.com/nodejs/node/pull/26685)
-    * remove `AddPromiseHook()` (Anna Henningsen) [#26574](https://github.com/nodejs/node/pull/26574)
+  * remove `AddPromiseHook()` (Anna Henningsen) [#26574](https://github.com/nodejs/node/pull/26574)
-    * clean up `MultiIsolatePlatform` interface (Anna Henningsen) [#26384](https://github.com/nodejs/node/pull/26384)
+  * clean up `MultiIsolatePlatform` interface (Anna Henningsen) [#26384](https://github.com/nodejs/node/pull/26384)
-    * properly configure default heap limits (Ali Ijaz Sheikh) [#25576](https://github.com/nodejs/node/pull/25576)
+  * properly configure default heap limits (Ali Ijaz Sheikh) [#25576](https://github.com/nodejs/node/pull/25576)
-    * remove `icuDataDir` from node config (GauthamBanasandra) [#24780](https://github.com/nodejs/node/pull/24780)
+  * remove `icuDataDir` from node config (GauthamBanasandra) [#24780](https://github.com/nodejs/node/pull/24780)
 * **tls**:
-    * support TLSv1.3 (Sam Roberts) [#26209](https://github.com/nodejs/node/pull/26209)
+  * support TLSv1.3 (Sam Roberts) [#26209](https://github.com/nodejs/node/pull/26209)
-    * return correct version from `getCipher()` (Sam Roberts) [#26625](https://github.com/nodejs/node/pull/26625)
+  * return correct version from `getCipher()` (Sam Roberts) [#26625](https://github.com/nodejs/node/pull/26625)
-    * check arg types of renegotiate() (Sam Roberts) [#25876](https://github.com/nodejs/node/pull/25876)
+  * check arg types of renegotiate() (Sam Roberts) [#25876](https://github.com/nodejs/node/pull/25876)
-    * add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts) [#24729](https://github.com/nodejs/node/pull/24729)
+  * add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts) [#24729](https://github.com/nodejs/node/pull/24729)
-    * emit a warning when servername is an IP address (Rodger Combs) [#23329](https://github.com/nodejs/node/pull/23329)
+  * emit a warning when servername is an IP address (Rodger Combs) [#23329](https://github.com/nodejs/node/pull/23329)
-    * disable TLS v1.0 and v1.1 by default (Ben Noordhuis) [#23814](https://github.com/nodejs/node/pull/23814)
+  * disable TLS v1.0 and v1.1 by default (Ben Noordhuis) [#23814](https://github.com/nodejs/node/pull/23814)
-    * remove unused arg to createSecureContext() (Sam Roberts) [#24241](https://github.com/nodejs/node/pull/24241)
+  * remove unused arg to createSecureContext() (Sam Roberts) [#24241](https://github.com/nodejs/node/pull/24241)
-    * deprecate `Server.prototype.setOptions()` (cjihrig) [#23820](https://github.com/nodejs/node/pull/23820)
+  * deprecate `Server.prototype.setOptions()` (cjihrig) [#23820](https://github.com/nodejs/node/pull/23820)
-    * load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong) [#23354](https://github.com/nodejs/node/pull/23354)
+  * load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong) [#23354](https://github.com/nodejs/node/pull/23354)
 * **util**:
-    * remove `util.print()`, `util.puts()`, `util.debug()` and `util.error()` (cjihrig) [#25377](https://github.com/nodejs/node/pull/25377)
+  * remove `util.print()`, `util.puts()`, `util.debug()` and `util.error()` (cjihrig) [#25377](https://github.com/nodejs/node/pull/25377)
-    * change inspect compact and breakLength default (Ruben Bridgewater) [#27109](https://github.com/nodejs/node/pull/27109)
+  * change inspect compact and breakLength default (Ruben Bridgewater) [#27109](https://github.com/nodejs/node/pull/27109)
-    * improve inspect edge cases (Ruben Bridgewater) [#27109](https://github.com/nodejs/node/pull/27109)
+  * improve inspect edge cases (Ruben Bridgewater) [#27109](https://github.com/nodejs/node/pull/27109)
-    * only the first line of the error message (Simon Zünd) [#26685](https://github.com/nodejs/node/pull/26685)
+  * only the first line of the error message (Simon Zünd) [#26685](https://github.com/nodejs/node/pull/26685)
-    * don't set the prototype of callbackified functions (Ruben Bridgewater) [#26893](https://github.com/nodejs/node/pull/26893)
+  * don't set the prototype of callbackified functions (Ruben Bridgewater) [#26893](https://github.com/nodejs/node/pull/26893)
-    * rename callbackified function (Ruben Bridgewater) [#26893](https://github.com/nodejs/node/pull/26893)
+  * rename callbackified function (Ruben Bridgewater) [#26893](https://github.com/nodejs/node/pull/26893)
-    * increase function length when using `callbackify()` (Ruben Bridgewater) [#26893](https://github.com/nodejs/node/pull/26893)
+  * increase function length when using `callbackify()` (Ruben Bridgewater) [#26893](https://github.com/nodejs/node/pull/26893)
-    * prevent tampering with internals in `inspect()` (Ruben Bridgewater) [#26577](https://github.com/nodejs/node/pull/26577)
+  * prevent tampering with internals in `inspect()` (Ruben Bridgewater) [#26577](https://github.com/nodejs/node/pull/26577)
-    * prevent Proxy traps being triggered by `.inspect()` (Ruben Bridgewater) [#26241](https://github.com/nodejs/node/pull/26241)
+  * prevent Proxy traps being triggered by `.inspect()` (Ruben Bridgewater) [#26241](https://github.com/nodejs/node/pull/26241)
-    * prevent leaking internal properties (Ruben Bridgewater) [#24971](https://github.com/nodejs/node/pull/24971)
+  * prevent leaking internal properties (Ruben Bridgewater) [#24971](https://github.com/nodejs/node/pull/24971)
-    * protect against monkeypatched Object prototype for inspect() (Rich Trott) [#25953](https://github.com/nodejs/node/pull/25953)
+  * protect against monkeypatched Object prototype for inspect() (Rich Trott) [#25953](https://github.com/nodejs/node/pull/25953)
-    * treat format arguments equally (Roman Reiss) [#23162](https://github.com/nodejs/node/pull/23162)
+  * treat format arguments equally (Roman Reiss) [#23162](https://github.com/nodejs/node/pull/23162)
 * **win, fs**: detect if symlink target is a directory (Bartosz Sosnowski) [#23724](https://github.com/nodejs/node/pull/23724)
 * **zlib**:
-    * throw TypeError if callback is missing (Anna Henningsen) [#24929](https://github.com/nodejs/node/pull/24929)
+  * throw TypeError if callback is missing (Anna Henningsen) [#24929](https://github.com/nodejs/node/pull/24929)
-    * make “bare” constants un-enumerable (Anna Henningsen) [#24824](https://github.com/nodejs/node/pull/24824)
+  * make “bare” constants un-enumerable (Anna Henningsen) [#24824](https://github.com/nodejs/node/pull/24824)
 
 ### Semver-Major Commits
 

doc/changelogs/CHANGELOG_V6.md

@@ -191,9 +191,9 @@ Fixes for the following CVEs are included in this release:
 * **debugger**: Backport of [nodejs/node#8106](https://github.com/nodejs/node/pull/8106) to prevent the debugger from listening on `0.0.0.0`. It now defaults to `127.0.0.1`. Reported by Ben Noordhuis. (CVE-2018-12120 / Ben Noordhuis).
 * **deps**: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
 * **http**:
-    * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
+  * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
-    * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina)
+  * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina)
-    * Two-byte characters are now strictly disallowed for the `path` option in HTTP client requests. Paths containing characters outside of the range `\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior can be reverted if necessary by supplying the `--security-revert=CVE-2018-12116` command line argument (this is not recommended). Reported as security concern for Node.js 6 and 8 by [Arkadiy Tetelman](https://twitter.com/arkadiyt) ([Lob](https://lob.com)), fixed by backporting a change by Benno Fünfstück applied to Node.js 10 and later. (CVE-2018-12116 / Matteo Collina)
+  * Two-byte characters are now strictly disallowed for the `path` option in HTTP client requests. Paths containing characters outside of the range `\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior can be reverted if necessary by supplying the `--security-revert=CVE-2018-12116` command line argument (this is not recommended). Reported as security concern for Node.js 6 and 8 by [Arkadiy Tetelman](https://twitter.com/arkadiyt) ([Lob](https://lob.com)), fixed by backporting a change by Benno Fünfstück applied to Node.js 10 and later. (CVE-2018-12116 / Matteo Collina)
 * **url**: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by [Martin Bajanik](https://twitter.com/_bayotop) ([Kentico](https://kenticocloud.com/)). (CVE-2018-12123 / Matteo Collina)
 
 ### Commits
@@ -2826,14 +2826,14 @@ are updates to dependencies.
 
 * **build**: shared library support is now working for AIX builds (Stewart Addison) [#9675](https://github.com/nodejs/node/pull/9675)
 * **deps**:
-    - *npm*: upgrade npm to 3.10.10 (Rebecca Turner) [#9847](https://github.com/nodejs/node/pull/9847)
+  - *npm*: upgrade npm to 3.10.10 (Rebecca Turner) [#9847](https://github.com/nodejs/node/pull/9847)
-    - *V8*: Destructuring of arrow function arguments via computed property no longer throws (Michaël Zasso) [#10386](https://github.com/nodejs/node/pull/10386)
+  - *V8*: Destructuring of arrow function arguments via computed property no longer throws (Michaël Zasso) [#10386](https://github.com/nodejs/node/pull/10386)
 * **inspector**: /json/version returns object, not an object wrapped in an array (Ben Noordhuis) [#9762](https://github.com/nodejs/node/pull/9762)
 * **module**: using --debug-brk and --eval together now works as expected (Kelvin Jin) [#8876](https://github.com/nodejs/node/pull/8876)
 * **process**: improve performance of nextTick up to 20% (Evan Lucas) [#8932](https://github.com/nodejs/node/pull/8932)
 * **repl**:
-    - the division operator will no longer be accidentally parsed as regex (Teddy Katz) [#10103](https://github.com/nodejs/node/pull/10103)
+  - the division operator will no longer be accidentally parsed as regex (Teddy Katz) [#10103](https://github.com/nodejs/node/pull/10103)
-    - improved support for generator functions (Teddy Katz) [#9852](https://github.com/nodejs/node/pull/9852)
+  - improved support for generator functions (Teddy Katz) [#9852](https://github.com/nodejs/node/pull/9852)
 * **timers**: Re canceling a cancelled timers will no longer throw (Jeremiah Senkpiel) [#9685](https://github.com/nodejs/node/pull/9685)
 
 ### Commits
@@ -3162,10 +3162,10 @@ commits which are updates to dependencies.
 
 * **buffer**: coerce slice parameters consistently (Sakthipriyan Vairamani (thefourtheye)) [#9101](https://github.com/nodejs/node/pull/9101)
 * **deps**:
-    - *npm*: upgrade npm to 3.10.9 (Kat Marchán) [#9286](https://github.com/nodejs/node/pull/9286)
+  - *npm*: upgrade npm to 3.10.9 (Kat Marchán) [#9286](https://github.com/nodejs/node/pull/9286)
-    - *V8*: Various fixes to destructuring edge cases
+  - *V8*: Various fixes to destructuring edge cases
-      - cherry-pick 3c39bac from V8 upstream (Cristian Cavalli) [#9138](https://github.com/nodejs/node/pull/9138)
+    - cherry-pick 3c39bac from V8 upstream (Cristian Cavalli) [#9138](https://github.com/nodejs/node/pull/9138)
-      - cherry pick 7166503 from upstream v8 (Cristian Cavalli) [#9173](https://github.com/nodejs/node/pull/9173)
+    - cherry pick 7166503 from upstream v8 (Cristian Cavalli) [#9173](https://github.com/nodejs/node/pull/9173)
 * **gtest**: the test reporter now outputs tap comments as yamlish (Johan Bergström) [#9262](https://github.com/nodejs/node/pull/9262)
 * **inspector**: inspector now prompts user to use 127.0.0.1 rather than localhost (Eugene Ostroukhov) [#9451](https://github.com/nodejs/node/pull/9451)
 * **tls**: fix memory leak when writing data to TLSWrap instance during handshake (Fedor Indutny) [#9586](https://github.com/nodejs/node/pull/9586)

doc/changelogs/CHANGELOG_V7.md

@@ -786,10 +786,10 @@ This release contains **v8 5.5**, you can read more about this version in the of
 ### Notable changes
 
 * **deps**:
-    * update V8 to 5.5 (Michaël Zasso) [#11029](https://github.com/nodejs/node/pull/11029)
+  * update V8 to 5.5 (Michaël Zasso) [#11029](https://github.com/nodejs/node/pull/11029)
-    * upgrade libuv to 1.11.0 (cjihrig) [#11094](https://github.com/nodejs/node/pull/11094)
+  * upgrade libuv to 1.11.0 (cjihrig) [#11094](https://github.com/nodejs/node/pull/11094)
-    * add node-inspect 1.10.4 (Jan Krems) [#10187](https://github.com/nodejs/node/pull/10187)
+  * add node-inspect 1.10.4 (Jan Krems) [#10187](https://github.com/nodejs/node/pull/10187)
-    * upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980)
+  * upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980)
 * **lib**: build `node inspect` into `node` (Anna Henningsen) [#10187](https://github.com/nodejs/node/pull/10187)
 * **crypto**: Remove expired certs from CNNIC whitelist (Shigeki Ohtsu) [#9469](https://github.com/nodejs/node/pull/9469)
 * **inspector**: add --inspect-brk (Josh Gavant) [#11149](https://github.com/nodejs/node/pull/11149)

doc/changelogs/CHANGELOG_V8.md

@@ -332,9 +332,9 @@ Fixes for the following CVEs are included in this release:
 
 * **deps**: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
 * **http**:
-    * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
+  * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
-    * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina)
+  * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina)
-    * Two-byte characters are now strictly disallowed for the `path` option in HTTP client requests. Paths containing characters outside of the range `\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior can be reverted if necessary by supplying the `--security-revert=CVE-2018-12116` command line argument (this is not recommended). Reported as security concern for Node.js 6 and 8 by [Arkadiy Tetelman](https://twitter.com/arkadiyt) ([Lob](https://lob.com)), fixed by backporting a change by Benno Fünfstück applied to Node.js 10 and later. (CVE-2018-12116 / Matteo Collina)
+  * Two-byte characters are now strictly disallowed for the `path` option in HTTP client requests. Paths containing characters outside of the range `\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior can be reverted if necessary by supplying the `--security-revert=CVE-2018-12116` command line argument (this is not recommended). Reported as security concern for Node.js 6 and 8 by [Arkadiy Tetelman](https://twitter.com/arkadiyt) ([Lob](https://lob.com)), fixed by backporting a change by Benno Fünfstück applied to Node.js 10 and later. (CVE-2018-12116 / Matteo Collina)
 * **url**: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by [Martin Bajanik](https://twitter.com/_bayotop) ([Kentico](https://kenticocloud.com/)). (CVE-2018-12123 / Matteo Collina)
 
 ### Commits
@@ -3475,10 +3475,10 @@ Big thanks to @addaleax who prepared the vast majority of this release.
     [[`dc3f6b9ac1`](https://github.com/nodejs/node/commit/dc3f6b9ac1)]
     [#14235](https://github.com/nodejs/node/pull/14235)
   * `npm` Changelogs:
-      - [v5.0.4](https://github.com/npm/npm/releases/tag/v5.0.4)
+    - [v5.0.4](https://github.com/npm/npm/releases/tag/v5.0.4)
-      - [v5.1.0](https://github.com/npm/npm/releases/tag/v5.1.0)
+    - [v5.1.0](https://github.com/npm/npm/releases/tag/v5.1.0)
-      - [v5.2.0](https://github.com/npm/npm/releases/tag/v5.2.0)
+    - [v5.2.0](https://github.com/npm/npm/releases/tag/v5.2.0)
-      - [v5.3.0](https://github.com/npm/npm/releases/tag/v5.3.0)
+    - [v5.3.0](https://github.com/npm/npm/releases/tag/v5.3.0)
 
 ### Commits
 

doc/guides/adding-new-napi-api.md

@@ -6,16 +6,16 @@ a set of principles and guidelines to keep in mind while adding a new
 N-API API.
 
 * A new API **must** adhere to N-API API shape and spirit.
-    * **Must** be a C API.
+  * **Must** be a C API.
-    * **Must** not throw exceptions.
+  * **Must** not throw exceptions.
-    * **Must** return `napi_status`.
+  * **Must** return `napi_status`.
-    * **Should** consume `napi_env`.
+  * **Should** consume `napi_env`.
-    * **Must** operate only on primitive data types, pointers to primitive
+  * **Must** operate only on primitive data types, pointers to primitive
-      datatypes or opaque handles.
+    datatypes or opaque handles.
-    * **Must** be a necessary API and not a nice to have. Convenience APIs
+  * **Must** be a necessary API and not a nice to have. Convenience APIs
-      belong in node-addon-api.
+    belong in node-addon-api.
-    * **Must** not change the signature of an existing N-API API or break
+  * **Must** not change the signature of an existing N-API API or break
-      ABI compatibility with other versions of Node.js.
+    ABI compatibility with other versions of Node.js.
 * New API **should** be agnostic towards the underlying JavaScript VM.
 * New API PRs **must** have a corresponding documentation update.
 * New API PRs **must** be tagged as **n-api**.
@@ -31,19 +31,19 @@ N-API API.
 * A new API **must** be considered experimental for at least one minor
   version release of Node.js before it can be considered for promotion out
   of experimental.
-    * Experimental APIs **must** be documented as such.
+  * Experimental APIs **must** be documented as such.
-    * Experimental APIs **must** require an explicit compile-time flag
+  * Experimental APIs **must** require an explicit compile-time flag
-      (`#define`) to be set to opt-in.
+    (`#define`) to be set to opt-in.
-    * Experimental APIs **must** be considered for backport.
+  * Experimental APIs **must** be considered for backport.
-    * Experimental status exit criteria **must** involve at least the
+  * Experimental status exit criteria **must** involve at least the
-      following:
+    following:
-        * A new PR **must** be opened in `nodejs/node` to remove experimental
+    * A new PR **must** be opened in `nodejs/node` to remove experimental
-          status. This PR **must** be tagged as **n-api** and **semver-minor**.
+      status. This PR **must** be tagged as **n-api** and **semver-minor**.
-        * Exiting an API from experimental **must** be signed off by the team.
+    * Exiting an API from experimental **must** be signed off by the team.
-        * If a backport is merited, an API **must** have a down-level
+    * If a backport is merited, an API **must** have a down-level
-          implementation.
+      implementation.
-        * The API **should** be used by a published real-world module. Use of
+    * The API **should** be used by a published real-world module. Use of
-          the API by a real-world published module will contribute favorably
+      the API by a real-world published module will contribute favorably
-          to the decision to take an API out of experimental status.
+      to the decision to take an API out of experimental status.
-        * The API **must** be implemented in a Node.js implementation with an
+    * The API **must** be implemented in a Node.js implementation with an
-          alternate VM.
+      alternate VM.

doc/guides/diagnostic-tooling-support-tiers.md

@@ -18,16 +18,16 @@ the following tiers.
   early warning of potential issues.  No commit to the current and LTS
   release branches should break this tool/API if the next major release
   is within 1 month. In addition:
-    * The maintainers of the tool must remain responsive when there
+  * The maintainers of the tool must remain responsive when there
-      are problems;
+    are problems;
-    * The tool must be actively used by the ecosystem;
+  * The tool must be actively used by the ecosystem;
-    * The tool must be heavily depended on;
+  * The tool must be heavily depended on;
-    * The tool must have a guide or other documentation in the Node.js GitHub
+  * The tool must have a guide or other documentation in the Node.js GitHub
-      organization or website;
+    organization or website;
-    * The tool must be working on all supported platforms;
+  * The tool must be working on all supported platforms;
-    * The tool must only be using APIs exposed by Nodejs as opposed to
+  * The tool must only be using APIs exposed by Nodejs as opposed to
-      its dependencies; and
+    its dependencies; and
-    * The tool must be open source.
+  * The tool must be open source.
 
 * Tier 2 - Must be working(CI tests passing) for all
   LTS releases. An LTS release will not be shipped if the test
@@ -35,13 +35,13 @@ the following tiers.
   in this tier it must have a good test suite and that test suite and a job
   must exist in the Node.js CI so that it can be run as part of the release
   process. In addition:
-    * The maintainers of the tool must remain responsive when
+  * The maintainers of the tool must remain responsive when
-      there are problems;
+    there are problems;
-    * The tool must be actively used by the ecosystem;
+  * The tool must be actively used by the ecosystem;
-    * The tool must be heavily depended on;
+  * The tool must be heavily depended on;
-    * The tool must have a guide or other documentation in the Node.js GitHub
+  * The tool must have a guide or other documentation in the Node.js GitHub
-      organization or website;
+    organization or website;
-    * The tool must be open source.
+  * The tool must be open source.
 
 * Tier 3 - If possible its test suite
   will be run at least nightly in the Node.js CI and issues opened for

doc/offboarding.md

@@ -10,7 +10,7 @@ Emeritus or leaves the project.
   moving to Collaborator Emeritus.
 * Determine what GitHub teams the Collaborator belongs to. In consultation with
   the Collaborator, determine which of those teams they should be removed from.
-    * Some teams may also require a pull request to remove the Collaborator from
+  * Some teams may also require a pull request to remove the Collaborator from
-      a team listing. For example, if someone is removed from @nodejs/build,
+    a team listing. For example, if someone is removed from @nodejs/build,
-      they should also be removed from the Build WG README.md file in the
+    they should also be removed from the Build WG README.md file in the
-      https://github.com/nodejs/build repository.
+    https://github.com/nodejs/build repository.