1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: use consistent unordered list style

Browse Source 
Convert to asterisks when there are mixed styles in document.
Addresses Markdownlint MD004 rule

PR-URL: https://github.com/nodejs/node/pull/29516
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
This commit is contained in:
Nick Schonning 2019-09-13 00:22:29 -04:00 committed by Rich Trott
parent 3d841fe20d
commit e2dcbf1c32
41 changed files with 1858 additions and 1862 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
COLLABORATOR_GUIDE.md
View File

@ -3,35 +3,35 @@
## Contents
* [Issues and Pull Requests](#issues-and-pull-requests)
- [Welcoming First-Time Contributors](#welcoming-first-time-contributors)
- [Closing Issues and Pull Requests](#closing-issues-and-pull-requests)
- [Author ready pull requests](#author-ready-pull-requests)
- [Handling own pull requests](#handling-own-pull-requests)
* [Welcoming First-Time Contributors](#welcoming-first-time-contributors)
* [Closing Issues and Pull Requests](#closing-issues-and-pull-requests)
* [Author ready pull requests](#author-ready-pull-requests)
* [Handling own pull requests](#handling-own-pull-requests)
* [Accepting Modifications](#accepting-modifications)
- [Code Reviews](#code-reviews)
- [Consensus Seeking](#consensus-seeking)
- [Waiting for Approvals](#waiting-for-approvals)
- [Testing and CI](#testing-and-ci)
- [Useful CI Jobs](#useful-ci-jobs)
- [Internal vs. Public API](#internal-vs-public-api)
- [Breaking Changes](#breaking-changes)
- [Breaking Changes and Deprecations](#breaking-changes-and-deprecations)
- [Breaking Changes to Internal Elements](#breaking-changes-to-internal-elements)
- [Unintended Breaking Changes](#unintended-breaking-changes)
- [Reverting commits](#reverting-commits)
- [Introducing New Modules](#introducing-new-modules)
- [Additions to N-API](#additions-to-n-api)
- [Deprecations](#deprecations)
- [Involving the TSC](#involving-the-tsc)
* [Code Reviews](#code-reviews)
* [Consensus Seeking](#consensus-seeking)
* [Waiting for Approvals](#waiting-for-approvals)
* [Testing and CI](#testing-and-ci)
* [Useful CI Jobs](#useful-ci-jobs)
* [Internal vs. Public API](#internal-vs-public-api)
* [Breaking Changes](#breaking-changes)
* [Breaking Changes and Deprecations](#breaking-changes-and-deprecations)
* [Breaking Changes to Internal Elements](#breaking-changes-to-internal-elements)
* [Unintended Breaking Changes](#unintended-breaking-changes)
* [Reverting commits](#reverting-commits)
* [Introducing New Modules](#introducing-new-modules)
* [Additions to N-API](#additions-to-n-api)
* [Deprecations](#deprecations)
* [Involving the TSC](#involving-the-tsc)
* [Landing Pull Requests](#landing-pull-requests)
- [Using `git-node`](#using-git-node)
- [Technical HOWTO](#technical-howto)
- [Troubleshooting](#troubleshooting)
- [I Made a Mistake](#i-made-a-mistake)
- [Long Term Support](#long-term-support)
- [What is LTS?](#what-is-lts)
- [How are LTS Branches Managed?](#how-are-lts-branches-managed)
- [How can I help?](#how-can-i-help)
* [Using `git-node`](#using-git-node)
* [Technical HOWTO](#technical-howto)
* [Troubleshooting](#troubleshooting)
* [I Made a Mistake](#i-made-a-mistake)
* [Long Term Support](#long-term-support)
* [What is LTS?](#what-is-lts)
* [How are LTS Branches Managed?](#how-are-lts-branches-managed)
* [How can I help?](#how-can-i-help)
* [Who to CC in the issue tracker](#who-to-cc-in-the-issue-tracker)
This document explains how Collaborators manage the Node.js project.
@ -371,10 +371,10 @@ deprecation level of an API.
Collaborators may opt to elevate pull requests or issues to the [TSC][].
Do this if a pull request or issue:
- is labeled `semver-major`, or
- has a significant impact on the codebase, or
- is controversial, or
- is at an impasse among Collaborators who are participating in the discussion.
* is labeled `semver-major`, or
* has a significant impact on the codebase, or
* is controversial, or
* is at an impasse among Collaborators who are participating in the discussion.
@-mention the `@nodejs/tsc` GitHub team if you want to elevate an issue to the
[TSC][]. Do not use the GitHub UI on the right-hand side to assign to

12
CPP_STYLE_GUIDE.md
View File

@ -191,8 +191,8 @@ class FancyContainer {
### Memory allocation
- `Malloc()`, `Calloc()`, etc. from `util.h` abort in Out-of-Memory situations
- `UncheckedMalloc()`, etc. return `nullptr` in OOM situations
* `Malloc()`, `Calloc()`, etc. from `util.h` abort in Out-of-Memory situations
* `UncheckedMalloc()`, etc. return `nullptr` in OOM situations
### Use `nullptr` instead of `NULL` or `0`
@ -278,10 +278,10 @@ data[0] = 12345;
### Type casting
- Use `static_cast<T>` if casting is required, and it is valid
- Use `reinterpret_cast` only when it is necessary
- Avoid C-style casts (`(type)value`)
- `dynamic_cast` does not work because Node.js is built without
* Use `static_cast<T>` if casting is required, and it is valid
* Use `reinterpret_cast` only when it is necessary
* Avoid C-style casts (`(type)value`)
* `dynamic_cast` does not work because Node.js is built without
[Run Time Type Information][]
Further reading:

14
GOVERNANCE.md
View File

@ -2,13 +2,13 @@
<!-- TOC -->
- [Collaborators](#collaborators)
- [Collaborator Activities](#collaborator-activities)
- [Technical Steering Committee](#technical-steering-committee)
- [TSC Meetings](#tsc-meetings)
- [Collaborator Nominations](#collaborator-nominations)
- [Onboarding](#onboarding)
- [Consensus Seeking Process](#consensus-seeking-process)
* [Collaborators](#collaborators)
* [Collaborator Activities](#collaborator-activities)
* [Technical Steering Committee](#technical-steering-committee)
* [TSC Meetings](#tsc-meetings)
* [Collaborator Nominations](#collaborator-nominations)
* [Onboarding](#onboarding)
* [Consensus Seeking Process](#consensus-seeking-process)
<!-- /TOC -->

8
SECURITY.md
View File

@ -14,22 +14,22 @@ nonetheless.
## Public disclosure preferred
- [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain
* [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain
function can be used to cause segfaults_. Requires the ability to execute
arbitrary JavaScript code. That is already the highest level of privilege
possible.
## Private disclosure preferred
- [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/):
* [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/):
_Fix invalid wildcard certificate validation check_. This was a high-severity
defect. It caused Node.js TLS clients to accept invalid wildcard certificates.
- [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes
* [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes
the CacheBleed Attack possible_. Many, though not all, OpenSSL vulnerabilities
in the TLS/SSL protocols also affect Node.js.
- [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/):
* [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/):
_Fix defects in HTTP header parsing for requests and responses that can allow
response splitting_. This was a remotely-exploitable defect in the Node.js
HTTP implementation.

12
doc/api/addons.md
View File

@ -17,13 +17,13 @@ for more information on N-API.
When not using N-API, implementing Addons is complicated,
involving knowledge of several components and APIs:
- V8: the C++ library Node.js currently uses to provide the
* V8: the C++ library Node.js currently uses to provide the
JavaScript implementation. V8 provides the mechanisms for creating objects,
calling functions, etc. V8's API is documented mostly in the
`v8.h` header file (`deps/v8/include/v8.h` in the Node.js source
tree), which is also available [online][v8-docs].
- [libuv][]: The C library that implements the Node.js event loop, its worker
* [libuv][]: The C library that implements the Node.js event loop, its worker
threads and all of the asynchronous behaviors of the platform. It also
serves as a cross-platform abstraction library, giving easy, POSIX-like
access across all major operating systems to many common system tasks, such
@ -35,11 +35,11 @@ involving knowledge of several components and APIs:
off-loading work via libuv to non-blocking system operations, worker threads
or a custom use of libuv's threads.
- Internal Node.js libraries. Node.js itself exports a number of C++ APIs
* Internal Node.js libraries. Node.js itself exports a number of C++ APIs
that Addons can use &mdash; the most important of which is the
`node::ObjectWrap` class.
- Node.js includes a number of other statically linked libraries including
* Node.js includes a number of other statically linked libraries including
OpenSSL. These other libraries are located in the `deps/` directory in the
Node.js source tree. Only the libuv, OpenSSL, V8 and zlib symbols are
purposefully re-exported by Node.js and may be used to various extents by
@ -262,8 +262,8 @@ signature.
In order to be loaded from multiple Node.js environments,
such as a main thread and a Worker thread, an add-on needs to either:
- Be an N-API addon, or
- Be declared as context-aware using `NODE_MODULE_INIT()` as described above
* Be an N-API addon, or
* Be declared as context-aware using `NODE_MODULE_INIT()` as described above
### Building

150
doc/api/cli.md
View File

@ -301,8 +301,8 @@ added: v11.4.0
Chooses an HTTP parser library. Available values are:
- `llhttp` for https://llhttp.org/
- `legacy` for https://github.com/nodejs/http-parser
* `llhttp` for https://llhttp.org/
* `legacy` for https://github.com/nodejs/http-parser
The default is `llhttp`, unless otherwise specified when building Node.js.
@ -987,79 +987,79 @@ node --require "./a.js" --require "./b.js"
Node.js options that are allowed are:
<!-- node-options-node start -->
- `--enable-fips`
- `--es-module-specifier-resolution`
- `--experimental-exports`
- `--experimental-modules`
- `--experimental-policy`
- `--experimental-repl-await`
- `--experimental-report`
- `--experimental-vm-modules`
- `--experimental-wasm-modules`
- `--force-fips`
- `--frozen-intrinsics`
- `--heapsnapshot-signal`
- `--http-parser`
- `--icu-data-dir`
- `--input-type`
- `--inspect-brk`
- `--inspect-port`, `--debug-port`
- `--inspect-publish-uid`
- `--inspect`
- `--loader`
- `--max-http-header-size`
- `--napi-modules`
- `--no-deprecation`
- `--no-force-async-hooks-checks`
- `--no-warnings`
- `--openssl-config`
- `--pending-deprecation`
- `--policy-integrity`
- `--preserve-symlinks-main`
- `--preserve-symlinks`
- `--prof-process`
- `--redirect-warnings`
- `--report-directory`
- `--report-filename`
- `--report-on-fatalerror`
- `--report-on-signal`
- `--report-signal`
- `--report-uncaught-exception`
- `--require`, `-r`
- `--throw-deprecation`
- `--title`
- `--tls-cipher-list`
- `--tls-max-v1.2`
- `--tls-max-v1.3`
- `--tls-min-v1.0`
- `--tls-min-v1.1`
- `--tls-min-v1.2`
- `--tls-min-v1.3`
- `--trace-deprecation`
- `--trace-event-categories`
- `--trace-event-file-pattern`
- `--trace-events-enabled`
- `--trace-sync-io`
- `--trace-tls`
- `--trace-warnings`
- `--track-heap-objects`
- `--unhandled-rejections`
- `--use-bundled-ca`
- `--use-openssl-ca`
- `--v8-pool-size`
- `--zero-fill-buffers`
* `--enable-fips`
* `--es-module-specifier-resolution`
* `--experimental-exports`
* `--experimental-modules`
* `--experimental-policy`
* `--experimental-repl-await`
* `--experimental-report`
* `--experimental-vm-modules`
* `--experimental-wasm-modules`
* `--force-fips`
* `--frozen-intrinsics`
* `--heapsnapshot-signal`
* `--http-parser`
* `--icu-data-dir`
* `--input-type`
* `--inspect-brk`
* `--inspect-port`, `--debug-port`
* `--inspect-publish-uid`
* `--inspect`
* `--loader`
* `--max-http-header-size`
* `--napi-modules`
* `--no-deprecation`
* `--no-force-async-hooks-checks`
* `--no-warnings`
* `--openssl-config`
* `--pending-deprecation`
* `--policy-integrity`
* `--preserve-symlinks-main`
* `--preserve-symlinks`
* `--prof-process`
* `--redirect-warnings`
* `--report-directory`
* `--report-filename`
* `--report-on-fatalerror`
* `--report-on-signal`
* `--report-signal`
* `--report-uncaught-exception`
* `--require`, `-r`
* `--throw-deprecation`
* `--title`
* `--tls-cipher-list`
* `--tls-max-v1.2`
* `--tls-max-v1.3`
* `--tls-min-v1.0`
* `--tls-min-v1.1`
* `--tls-min-v1.2`
* `--tls-min-v1.3`
* `--trace-deprecation`
* `--trace-event-categories`
* `--trace-event-file-pattern`
* `--trace-events-enabled`
* `--trace-sync-io`
* `--trace-tls`
* `--trace-warnings`
* `--track-heap-objects`
* `--unhandled-rejections`
* `--use-bundled-ca`
* `--use-openssl-ca`
* `--v8-pool-size`
* `--zero-fill-buffers`
<!-- node-options-node end -->
V8 options that are allowed are:
<!-- node-options-v8 start -->
- `--abort-on-uncaught-exception`
- `--interpreted-frames-native-stack`
- `--max-old-space-size`
- `--perf-basic-prof-only-functions`
- `--perf-basic-prof`
- `--perf-prof-unwinding-info`
- `--perf-prof`
- `--stack-trace-limit`
* `--abort-on-uncaught-exception`
* `--interpreted-frames-native-stack`
* `--max-old-space-size`
* `--perf-basic-prof-only-functions`
* `--perf-basic-prof`
* `--perf-prof-unwinding-info`
* `--perf-prof`
* `--stack-trace-limit`
<!-- node-options-v8 end -->
### `NODE_PATH=path[:…]`
@ -1194,12 +1194,12 @@ Asynchronous system APIs are used by Node.js whenever possible, but where they
do not exist, libuv's threadpool is used to create asynchronous node APIs based
on synchronous system APIs. Node.js APIs that use the threadpool are:
- all `fs` APIs, other than the file watcher APIs and those that are explicitly
* all `fs` APIs, other than the file watcher APIs and those that are explicitly
synchronous
- asynchronous crypto APIs such as `crypto.pbkdf2()`, `crypto.scrypt()`,
* asynchronous crypto APIs such as `crypto.pbkdf2()`, `crypto.scrypt()`,
`crypto.randomBytes()`, `crypto.randomFill()`, `crypto.generateKeyPair()`
- `dns.lookup()`
- all `zlib` APIs, other than those that are explicitly synchronous
* `dns.lookup()`
* all `zlib` APIs, other than those that are explicitly synchronous
Because libuv's threadpool has a fixed size, it means that if for whatever
reason any of these APIs takes a long time, other (seemingly unrelated) APIs

172
doc/api/crypto.md
View File

@ -180,9 +180,9 @@ added: v0.1.94
Instances of the `Cipher` class are used to encrypt data. The class can be
used in one of two ways:
- As a [stream][] that is both readable and writable, where plain unencrypted
* As a [stream][] that is both readable and writable, where plain unencrypted
data is written to produce encrypted data on the readable side, or
- Using the [`cipher.update()`][] and [`cipher.final()`][] methods to produce
* Using the [`cipher.update()`][] and [`cipher.final()`][] methods to produce
the encrypted data.
The [`crypto.createCipher()`][] or [`crypto.createCipheriv()`][] methods are
@ -286,7 +286,7 @@ added: v1.0.0
* `buffer` {Buffer}
* `options` {Object} [`stream.transform` options][]
- `plaintextLength` {number}
* `plaintextLength` {number}
* Returns: {Cipher} for method chaining.
When using an authenticated encryption mode (`GCM`, `CCM` and `OCB` are
@ -372,9 +372,9 @@ added: v0.1.94
Instances of the `Decipher` class are used to decrypt data. The class can be
used in one of two ways:
- As a [stream][] that is both readable and writable, where plain encrypted
* As a [stream][] that is both readable and writable, where plain encrypted
data is written to produce unencrypted data on the readable side, or
- Using the [`decipher.update()`][] and [`decipher.final()`][] methods to
* Using the [`decipher.update()`][] and [`decipher.final()`][] methods to
produce the unencrypted data.
The [`crypto.createDecipher()`][] or [`crypto.createDecipheriv()`][] methods are
@ -484,7 +484,7 @@ changes:
* `buffer` {Buffer | TypedArray | DataView}
* `options` {Object} [`stream.transform` options][]
- `plaintextLength` {number}
* `plaintextLength` {number}
* Returns: {Decipher} for method chaining.
When using an authenticated encryption mode (`GCM`, `CCM` and `OCB` are
@ -989,9 +989,9 @@ added: v0.1.92
The `Hash` class is a utility for creating hash digests of data. It can be
used in one of two ways:
- As a [stream][] that is both readable and writable, where data is written
* As a [stream][] that is both readable and writable, where data is written
to produce a computed hash digest on the readable side, or
- Using the [`hash.update()`][] and [`hash.digest()`][] methods to produce the
* Using the [`hash.update()`][] and [`hash.digest()`][] methods to produce the
computed hash.
The [`crypto.createHash()`][] method is used to create `Hash` instances. `Hash`
@ -1087,9 +1087,9 @@ added: v0.1.94
The `Hmac` class is a utility for creating cryptographic HMAC digests. It can
be used in one of two ways:
- As a [stream][] that is both readable and writable, where data is written
* As a [stream][] that is both readable and writable, where data is written
to produce a computed HMAC digest on the readable side, or
- Using the [`hmac.update()`][] and [`hmac.digest()`][] methods to produce the
* Using the [`hmac.update()`][] and [`hmac.digest()`][] methods to produce the
computed HMAC digest.
The [`crypto.createHmac()`][] method is used to create `Hmac` instances. `Hmac`
@ -1303,9 +1303,9 @@ added: v0.1.92
The `Sign` class is a utility for generating signatures. It can be used in one
of two ways:
- As a writable [stream][], where data to be signed is written and the
* As a writable [stream][], where data to be signed is written and the
[`sign.sign()`][] method is used to generate and return the signature, or
- Using the [`sign.update()`][] and [`sign.sign()`][] methods to produce the
* Using the [`sign.update()`][] and [`sign.sign()`][] methods to produce the
signature.
The [`crypto.createSign()`][] method is used to create `Sign` instances. The
@ -1370,8 +1370,8 @@ changes:
-->
* `privateKey` {Object | string | Buffer | KeyObject}
- `padding` {integer}
- `saltLength` {integer}
* `padding` {integer}
* `saltLength` {integer}
* `outputEncoding` {string} The [encoding][] of the return value.
* Returns: {Buffer | string}
@ -1432,9 +1432,9 @@ added: v0.1.92
The `Verify` class is a utility for verifying signatures. It can be used in one
of two ways:
- As a writable [stream][] where written data is used to validate against the
* As a writable [stream][] where written data is used to validate against the
supplied signature, or
- Using the [`verify.update()`][] and [`verify.verify()`][] methods to verify
* Using the [`verify.update()`][] and [`verify.verify()`][] methods to verify
the signature.
The [`crypto.createVerify()`][] method is used to create `Verify` instances.
@ -1478,8 +1478,8 @@ changes:
-->
* `object` {Object | string | Buffer | KeyObject}
- `padding` {integer}
- `saltLength` {integer}
* `padding` {integer}
* `saltLength` {integer}
* `signature` {string | Buffer | TypedArray | DataView}
* `signatureEncoding` {string} The [encoding][] of the `signature` string.
* Returns: {boolean} `true` or `false` depending on the validity of the
@ -1942,11 +1942,11 @@ added: v11.6.0
-->
* `key` {Object | string | Buffer}
- `key`: {string | Buffer} The key material, either in PEM or DER format.
- `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`.
- `type`: {string} Must be `'pkcs1'`, `'pkcs8'` or `'sec1'`. This option is
* `key`: {string | Buffer} The key material, either in PEM or DER format.
* `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`.
* `type`: {string} Must be `'pkcs1'`, `'pkcs8'` or `'sec1'`. This option is
required only if the `format` is `'der'` and ignored if it is `'pem'`.
- `passphrase`: {string | Buffer} The passphrase to use for decryption.
* `passphrase`: {string | Buffer} The passphrase to use for decryption.
* Returns: {KeyObject}
Creates and returns a new key object containing a private key. If `key` is a
@ -1970,9 +1970,9 @@ changes:
-->
* `key` {Object | string | Buffer | KeyObject}
- `key`: {string | Buffer}
- `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`.
- `type`: {string} Must be `'pkcs1'` or `'spki'`. This option is required
* `key`: {string | Buffer}
* `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`.
* `type`: {string} Must be `'pkcs1'` or `'spki'`. This option is required
only if the `format` is `'der'`.
* Returns: {KeyObject}
@ -2060,16 +2060,16 @@ changes:
* `type`: {string} Must be `'rsa'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`,
`'x25519'`, or `'x448'`.
* `options`: {Object}
- `modulusLength`: {number} Key size in bits (RSA, DSA).
- `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`.
- `divisorLength`: {number} Size of `q` in bits (DSA).
- `namedCurve`: {string} Name of the curve to use (EC).
- `publicKeyEncoding`: {Object} See [`keyObject.export()`][].
- `privateKeyEncoding`: {Object} See [`keyObject.export()`][].
* `modulusLength`: {number} Key size in bits (RSA, DSA).
* `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`.
* `divisorLength`: {number} Size of `q` in bits (DSA).
* `namedCurve`: {string} Name of the curve to use (EC).
* `publicKeyEncoding`: {Object} See [`keyObject.export()`][].
* `privateKeyEncoding`: {Object} See [`keyObject.export()`][].
* `callback`: {Function}
- `err`: {Error}
- `publicKey`: {string | Buffer | KeyObject}
- `privateKey`: {string | Buffer | KeyObject}
* `err`: {Error}
* `publicKey`: {string | Buffer | KeyObject}
* `privateKey`: {string | Buffer | KeyObject}
Generates a new asymmetric key pair of the given `type`. RSA, DSA, EC, Ed25519
and Ed448 are currently supported.
@ -2121,15 +2121,15 @@ changes:
* `type`: {string} Must be `'rsa'`, `'dsa'`, `'ec'`, `'ed25519'`, or `'ed448'`.
* `options`: {Object}
- `modulusLength`: {number} Key size in bits (RSA, DSA).
- `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`.
- `divisorLength`: {number} Size of `q` in bits (DSA).
- `namedCurve`: {string} Name of the curve to use (EC).
- `publicKeyEncoding`: {Object} See [`keyObject.export()`][].
- `privateKeyEncoding`: {Object} See [`keyObject.export()`][].
* `modulusLength`: {number} Key size in bits (RSA, DSA).
* `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`.
* `divisorLength`: {number} Size of `q` in bits (DSA).
* `namedCurve`: {string} Name of the curve to use (EC).
* `publicKeyEncoding`: {Object} See [`keyObject.export()`][].
* `privateKeyEncoding`: {Object} See [`keyObject.export()`][].
* Returns: {Object}
- `publicKey`: {string | Buffer | KeyObject}
- `privateKey`: {string | Buffer | KeyObject}
* `publicKey`: {string | Buffer | KeyObject}
* `privateKey`: {string | Buffer | KeyObject}
Generates a new asymmetric key pair of the given `type`. RSA, DSA, EC, Ed25519
and Ed448 are currently supported.
@ -2268,8 +2268,8 @@ changes:
* `keylen` {number}
* `digest` {string}
* `callback` {Function}
- `err` {Error}
- `derivedKey` {Buffer}
* `err` {Error}
* `derivedKey` {Buffer}
Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
implementation. A selected HMAC digest algorithm specified by `digest` is
@ -2395,11 +2395,9 @@ changes:
-->
* `privateKey` {Object | string | Buffer | KeyObject}
- `oaepHash` {string} The hash function to use for OAEP padding.
* `oaepHash` {string} The hash function to use for OAEP padding.
**Default:** `'sha1'`
- `oaepLabel` {Buffer | TypedArray | DataView} The label to use for OAEP
padding. If not specified, no label is used.
- `padding` {crypto.constants} An optional padding value defined in
* `padding` {crypto.constants} An optional padding value defined in
`crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING`,
`crypto.constants.RSA_PKCS1_PADDING`, or
`crypto.constants.RSA_PKCS1_OAEP_PADDING`.
@ -2424,9 +2422,9 @@ changes:
-->
* `privateKey` {Object | string | Buffer | KeyObject}
- `key` {string | Buffer | KeyObject} A PEM encoded private key.
- `passphrase` {string | Buffer} An optional passphrase for the private key.
- `padding` {crypto.constants} An optional padding value defined in
* `key` {string | Buffer | KeyObject} A PEM encoded private key.
* `passphrase` {string | Buffer} An optional passphrase for the private key.
* `padding` {crypto.constants} An optional padding value defined in
`crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING` or
`crypto.constants.RSA_PKCS1_PADDING`.
* `buffer` {Buffer | TypedArray | DataView}
@ -2450,8 +2448,8 @@ changes:
-->
* `key` {Object | string | Buffer | KeyObject}
- `passphrase` {string | Buffer} An optional passphrase for the private key.
- `padding` {crypto.constants} An optional padding value defined in
* `passphrase` {string | Buffer} An optional passphrase for the private key.
* `padding` {crypto.constants} An optional padding value defined in
`crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING` or
`crypto.constants.RSA_PKCS1_PADDING`.
* `buffer` {Buffer | TypedArray | DataView}
@ -2484,13 +2482,11 @@ changes:
-->
* `key` {Object | string | Buffer | KeyObject}
- `key` {string | Buffer | KeyObject} A PEM encoded public or private key.
- `oaepLabel` {Buffer | TypedArray | DataView} The label to use for OAEP
padding. If not specified, no label is used.
- `oaepHash` {string} The hash function to use for OAEP padding.
* `key` {string | Buffer | KeyObject} A PEM encoded public or private key.
* `oaepHash` {string} The hash function to use for OAEP padding.
**Default:** `'sha1'`
- `passphrase` {string | Buffer} An optional passphrase for the private key.
- `padding` {crypto.constants} An optional padding value defined in
* `passphrase` {string | Buffer} An optional passphrase for the private key.
* `padding` {crypto.constants} An optional padding value defined in
`crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING`,
`crypto.constants.RSA_PKCS1_PADDING`, or
`crypto.constants.RSA_PKCS1_OAEP_PADDING`.
@ -2521,8 +2517,8 @@ changes:
* `size` {number}
* `callback` {Function}
- `err` {Error}
- `buf` {Buffer}
* `err` {Error}
* `buf` {Buffer}
* Returns: {Buffer} if the `callback` function is not provided.
Generates cryptographically strong pseudo-random data. The `size` argument
@ -2706,18 +2702,18 @@ changes:
* `salt` {string|Buffer|TypedArray|DataView}
* `keylen` {number}
* `options` {Object}
- `cost` {number} CPU/memory cost parameter. Must be a power of two greater
* `cost` {number} CPU/memory cost parameter. Must be a power of two greater
than one. **Default:** `16384`.
- `blockSize` {number} Block size parameter. **Default:** `8`.
- `parallelization` {number} Parallelization parameter. **Default:** `1`.
- `N` {number} Alias for `cost`. Only one of both may be specified.
- `r` {number} Alias for `blockSize`. Only one of both may be specified.
- `p` {number} Alias for `parallelization`. Only one of both may be specified.
- `maxmem` {number} Memory upper bound. It is an error when (approximately)
* `blockSize` {number} Block size parameter. **Default:** `8`.
* `parallelization` {number} Parallelization parameter. **Default:** `1`.
* `N` {number} Alias for `cost`. Only one of both may be specified.
* `r` {number} Alias for `blockSize`. Only one of both may be specified.
* `p` {number} Alias for `parallelization`. Only one of both may be specified.
* `maxmem` {number} Memory upper bound. It is an error when (approximately)
`128 * N * r > maxmem`. **Default:** `32 * 1024 * 1024`.
* `callback` {Function}
- `err` {Error}
- `derivedKey` {Buffer}
* `err` {Error}
* `derivedKey` {Buffer}
Provides an asynchronous [scrypt][] implementation. Scrypt is a password-based
key derivation function that is designed to be expensive computationally and
@ -2764,14 +2760,14 @@ changes:
* `salt` {string|Buffer|TypedArray|DataView}
* `keylen` {number}
* `options` {Object}
- `cost` {number} CPU/memory cost parameter. Must be a power of two greater
* `cost` {number} CPU/memory cost parameter. Must be a power of two greater
than one. **Default:** `16384`.
- `blockSize` {number} Block size parameter. **Default:** `8`.
- `parallelization` {number} Parallelization parameter. **Default:** `1`.
- `N` {number} Alias for `cost`. Only one of both may be specified.
- `r` {number} Alias for `blockSize`. Only one of both may be specified.
- `p` {number} Alias for `parallelization`. Only one of both may be specified.
- `maxmem` {number} Memory upper bound. It is an error when (approximately)
* `blockSize` {number} Block size parameter. **Default:** `8`.
* `parallelization` {number} Parallelization parameter. **Default:** `1`.
* `N` {number} Alias for `cost`. Only one of both may be specified.
* `r` {number} Alias for `blockSize`. Only one of both may be specified.
* `p` {number} Alias for `parallelization`. Only one of both may be specified.
* `maxmem` {number} Memory upper bound. It is an error when (approximately)
`128 * N * r > maxmem`. **Default:** `32 * 1024 * 1024`.
* Returns: {Buffer}
@ -2970,12 +2966,12 @@ algorithm and key size according to their security requirements.
Based on the recommendations of [NIST SP 800-131A][]:
- MD5 and SHA-1 are no longer acceptable where collision resistance is
* MD5 and SHA-1 are no longer acceptable where collision resistance is
required such as digital signatures.
- The key used with RSA, DSA, and DH algorithms is recommended to have
* The key used with RSA, DSA, and DH algorithms is recommended to have
at least 2048 bits and that of the curve of ECDSA and ECDH at least
224 bits, to be safe to use for several years.
- The DH groups of `modp1`, `modp2` and `modp5` have a key size
* The DH groups of `modp1`, `modp2` and `modp5` have a key size
smaller than 2048 bits and are not recommended.
See the reference for other recommendations and details.
@ -2985,24 +2981,24 @@ See the reference for other recommendations and details.
CCM is one of the supported [AEAD algorithms][]. Applications which use this
mode must adhere to certain restrictions when using the cipher API:
- The authentication tag length must be specified during cipher creation by
* The authentication tag length must be specified during cipher creation by
setting the `authTagLength` option and must be one of 4, 6, 8, 10, 12, 14 or
16 bytes.
- The length of the initialization vector (nonce) `N` must be between 7 and 13
* The length of the initialization vector (nonce) `N` must be between 7 and 13
bytes (`7 ≤ N ≤ 13`).
- The length of the plaintext is limited to `2 ** (8 * (15 - N))` bytes.
- When decrypting, the authentication tag must be set via `setAuthTag()` before
* The length of the plaintext is limited to `2 ** (8 * (15 - N))` bytes.
* When decrypting, the authentication tag must be set via `setAuthTag()` before
calling `update()`.
Otherwise, decryption will fail and `final()` will throw an error in
compliance with section 2.6 of [RFC 3610][].
- Using stream methods such as `write(data)`, `end(data)` or `pipe()` in CCM
* Using stream methods such as `write(data)`, `end(data)` or `pipe()` in CCM
mode might fail as CCM cannot handle more than one chunk of data per instance.
- When passing additional authenticated data (AAD), the length of the actual
* When passing additional authenticated data (AAD), the length of the actual
message in bytes must be passed to `setAAD()` via the `plaintextLength`
option. This is not necessary if no AAD is used.
- As CCM processes the whole message at once, `update()` can only be called
* As CCM processes the whole message at once, `update()` can only be called
once.
- Even though calling `update()` is sufficient to encrypt/decrypt the message,
* Even though calling `update()` is sufficient to encrypt/decrypt the message,
applications *must* call `final()` to compute or verify the
authentication tag.

26
doc/api/deprecations.md
View File

@ -1715,19 +1715,19 @@ Since Node.js versions 4.4.0 and 5.2.0, several modules only intended for
internal usage were mistakenly exposed to user code through `require()`. These
modules were:
- `v8/tools/codemap`
- `v8/tools/consarray`
- `v8/tools/csvparser`
- `v8/tools/logreader`
- `v8/tools/profile_view`
- `v8/tools/profile`
- `v8/tools/SourceMap`
- `v8/tools/splaytree`
- `v8/tools/tickprocessor-driver`
- `v8/tools/tickprocessor`
- `node-inspect/lib/_inspect` (from 7.6.0)
- `node-inspect/lib/internal/inspect_client` (from 7.6.0)
- `node-inspect/lib/internal/inspect_repl` (from 7.6.0)
* `v8/tools/codemap`
* `v8/tools/consarray`
* `v8/tools/csvparser`
* `v8/tools/logreader`
* `v8/tools/profile_view`
* `v8/tools/profile`
* `v8/tools/SourceMap`
* `v8/tools/splaytree`
* `v8/tools/tickprocessor-driver`
* `v8/tools/tickprocessor`
* `node-inspect/lib/_inspect` (from 7.6.0)
* `node-inspect/lib/internal/inspect_client` (from 7.6.0)
* `node-inspect/lib/internal/inspect_repl` (from 7.6.0)
The `v8/*` modules do not have any exports, and if not imported in a specific
order would in fact throw errors. As such there are virtually no legitimate use

4
doc/api/dgram.md
View File

@ -449,13 +449,13 @@ client.connect(41234, 'localhost', (err) => {
The maximum size of an `IPv4/v6` datagram depends on the `MTU`
(_Maximum Transmission Unit_) and on the `Payload Length` field size.
- The `Payload Length` field is `16 bits` wide, which means that a normal
* The `Payload Length` field is `16 bits` wide, which means that a normal
payload exceed 64K octets _including_ the internet header and data
(65,507 bytes = 65,535 8 bytes UDP header 20 bytes IP header);
this is generally true for loopback interfaces, but such long datagram
messages are impractical for most hosts and networks.
- The `MTU` is the largest size a given link layer technology can support for
* The `MTU` is the largest size a given link layer technology can support for
datagram messages. For any link, `IPv4` mandates a minimum `MTU` of `68`
octets, while the recommended `MTU` for IPv4 is `576` (typically recommended
as the `MTU` for dial-up type applications), whether they arrive whole or in

140
doc/api/dns.md
View File

@ -142,23 +142,23 @@ changes:
* `hostname` {string}
* `options` {integer | Object}
- `family` {integer} The record family. Must be `4`, `6`, or `0`. The value
* `family` {integer} The record family. Must be `4`, `6`, or `0`. The value
`0` indicates that IPv4 and IPv6 addresses are both returned. **Default:**
`0`.
- `hints` {number} One or more [supported `getaddrinfo` flags][]. Multiple
* `hints` {number} One or more [supported `getaddrinfo` flags][]. Multiple
flags may be passed by bitwise `OR`ing their values.
- `all` {boolean} When `true`, the callback returns all resolved addresses in
* `all` {boolean} When `true`, the callback returns all resolved addresses in
an array. Otherwise, returns a single address. **Default:** `false`.
- `verbatim` {boolean} When `true`, the callback receives IPv4 and IPv6
* `verbatim` {boolean} When `true`, the callback receives IPv4 and IPv6
addresses in the order the DNS resolver returned them. When `false`,
IPv4 addresses are placed before IPv6 addresses.
**Default:** currently `false` (addresses are reordered) but this is
expected to change in the not too distant future.
New code should use `{ verbatim: true }`.
* `callback` {Function}
- `err` {Error}
- `address` {string} A string representation of an IPv4 or IPv6 address.
- `family` {integer} `4` or `6`, denoting the family of `address`, or `0` if
* `err` {Error}
* `address` {string} A string representation of an IPv4 or IPv6 address.
* `family` {integer} `4` or `6`, denoting the family of `address`, or `0` if
the address is not an IPv4 or IPv6 address. `0` is a likely indicator of a
bug in the name resolution service used by the operating system.
@ -210,11 +210,11 @@ is not set to `true`, it returns a `Promise` for an `Object` with `address` and
The following flags can be passed as hints to [`dns.lookup()`][].
- `dns.ADDRCONFIG`: Returned address types are determined by the types
* `dns.ADDRCONFIG`: Returned address types are determined by the types
of addresses supported by the current system. For example, IPv4 addresses
are only returned if the current system has at least one IPv4 address
configured. Loopback addresses are not considered.
- `dns.V4MAPPED`: If the IPv6 family was specified, but no IPv6 addresses were
* `dns.V4MAPPED`: If the IPv6 family was specified, but no IPv6 addresses were
found, then return IPv4 mapped IPv6 addresses. It is not supported
on some operating systems (e.g FreeBSD 10.1).
@ -226,9 +226,9 @@ added: v0.11.14
* `address` {string}
* `port` {number}
* `callback` {Function}
- `err` {Error}
- `hostname` {string} e.g. `example.com`
- `service` {string} e.g. `http`
* `err` {Error}
* `hostname` {string} e.g. `example.com`
* `service` {string} e.g. `http`
Resolves the given `address` and `port` into a hostname and service using
the operating system's underlying `getnameinfo` implementation.
@ -258,8 +258,8 @@ added: v0.1.27
* `hostname` {string} Hostname to resolve.
* `rrtype` {string} Resource record type. **Default:** `'A'`.
* `callback` {Function}
- `err` {Error}
- `records` {string[] | Object[] | Object}
* `err` {Error}
* `records` {string[] | Object[] | Object}
Uses the DNS protocol to resolve a hostname (e.g. `'nodejs.org'`) into an array
of the resource records. The `callback` function has arguments
@ -295,13 +295,13 @@ changes:
* `hostname` {string} Hostname to resolve.
* `options` {Object}
- `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record.
* `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record.
When `true`, the callback receives an array of
`{ address: '1.2.3.4', ttl: 60 }` objects rather than an array of strings,
with the TTL expressed in seconds.
* `callback` {Function}
- `err` {Error}
- `addresses` {string[] | Object[]}
* `err` {Error}
* `addresses` {string[] | Object[]}
Uses the DNS protocol to resolve a IPv4 addresses (`A` records) for the
`hostname`. The `addresses` argument passed to the `callback` function
@ -320,13 +320,13 @@ changes:
* `hostname` {string} Hostname to resolve.
* `options` {Object}
- `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record.
* `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record.
When `true`, the callback receives an array of
`{ address: '0:1:2:3:4:5:6:7', ttl: 60 }` objects rather than an array of
strings, with the TTL expressed in seconds.
* `callback` {Function}
- `err` {Error}
- `addresses` {string[] | Object[]}
* `err` {Error}
* `addresses` {string[] | Object[]}
Uses the DNS protocol to resolve a IPv6 addresses (`AAAA` records) for the
`hostname`. The `addresses` argument passed to the `callback` function
@ -336,8 +336,8 @@ will contain an array of IPv6 addresses.
* `hostname` {string}
* `callback` {Function}
- `err` {Error}
- `ret` {Object[]}
* `err` {Error}
* `ret` {Object[]}
Uses the DNS protocol to resolve all records (also known as `ANY` or `*` query).
The `ret` argument passed to the `callback` function will be an array containing
@ -388,8 +388,8 @@ added: v0.3.2
* `hostname` {string}
* `callback` {Function}
- `err` {Error}
- `addresses` {string[]}
* `err` {Error}
* `addresses` {string[]}
Uses the DNS protocol to resolve `CNAME` records for the `hostname`. The
`addresses` argument passed to the `callback` function
@ -403,8 +403,8 @@ added: v0.1.27
* `hostname` {string}
* `callback` {Function}
- `err` {Error}
- `addresses` {Object[]}
* `err` {Error}
* `addresses` {Object[]}
Uses the DNS protocol to resolve mail exchange records (`MX` records) for the
`hostname`. The `addresses` argument passed to the `callback` function will
@ -418,8 +418,8 @@ added: v0.9.12
* `hostname` {string}
* `callback` {Function}
- `err` {Error}
- `addresses` {Object[]}
* `err` {Error}
* `addresses` {Object[]}
Uses the DNS protocol to resolve regular expression based records (`NAPTR`
records) for the `hostname`. The `addresses` argument passed to the `callback`
@ -451,8 +451,8 @@ added: v0.1.90
* `hostname` {string}
* `callback` {Function}
- `err` {Error}
- `addresses` {string[]}
* `err` {Error}
* `addresses` {string[]}
Uses the DNS protocol to resolve name server records (`NS` records) for the
`hostname`. The `addresses` argument passed to the `callback` function will
@ -466,8 +466,8 @@ added: v6.0.0
* `hostname` {string}
* `callback` {Function}
- `err` {Error}
- `addresses` {string[]}
* `err` {Error}
* `addresses` {string[]}
Uses the DNS protocol to resolve pointer records (`PTR` records) for the
`hostname`. The `addresses` argument passed to the `callback` function will
@ -480,8 +480,8 @@ added: v0.11.10
* `hostname` {string}
* `callback` {Function}
- `err` {Error}
- `address` {Object}
* `err` {Error}
* `address` {Object}
Uses the DNS protocol to resolve a start of authority record (`SOA` record) for
the `hostname`. The `address` argument passed to the `callback` function will
@ -515,8 +515,8 @@ added: v0.1.27
* `hostname` {string}
* `callback` {Function}
- `err` {Error}
- `addresses` {Object[]}
* `err` {Error}
* `addresses` {Object[]}
Uses the DNS protocol to resolve service records (`SRV` records) for the
`hostname`. The `addresses` argument passed to the `callback` function will
@ -544,8 +544,8 @@ added: v0.1.27
* `hostname` {string}
* `callback` {Function}
- `err` {Error}
- `records` <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type">&lt;string[][]&gt;</a>
* `err` {Error}
* `records` <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type">&lt;string[][]&gt;</a>
Uses the DNS protocol to resolve text queries (`TXT` records) for the
`hostname`. The `records` argument passed to the `callback` function is a
@ -561,8 +561,8 @@ added: v0.1.16
* `ip` {string}
* `callback` {Function}
- `err` {Error}
- `hostnames` {string[]}
* `err` {Error}
* `hostnames` {string[]}
Performs a reverse DNS query that resolves an IPv4 or IPv6 address to an
array of hostnames.
@ -686,14 +686,14 @@ added: v10.6.0
* `hostname` {string}
* `options` {integer | Object}
- `family` {integer} The record family. Must be `4`, `6`, or `0`. The value
* `family` {integer} The record family. Must be `4`, `6`, or `0`. The value
`0` indicates that IPv4 and IPv6 addresses are both returned. **Default:**
`0`.
- `hints` {number} One or more [supported `getaddrinfo` flags][]. Multiple
* `hints` {number} One or more [supported `getaddrinfo` flags][]. Multiple
flags may be passed by bitwise `OR`ing their values.
- `all` {boolean} When `true`, the `Promise` is resolved with all addresses in
* `all` {boolean} When `true`, the `Promise` is resolved with all addresses in
an array. Otherwise, returns a single address. **Default:** `false`.
- `verbatim` {boolean} When `true`, the `Promise` is resolved with IPv4 and
* `verbatim` {boolean} When `true`, the `Promise` is resolved with IPv4 and
IPv6 addresses in the order the DNS resolver returned them. When `false`,
IPv4 addresses are placed before IPv6 addresses.
**Default:** currently `false` (addresses are reordered) but this is
@ -807,7 +807,7 @@ added: v10.6.0
* `hostname` {string} Hostname to resolve.
* `options` {Object}
- `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record.
* `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record.
When `true`, the `Promise` is resolved with an array of
`{ address: '1.2.3.4', ttl: 60 }` objects rather than an array of strings,
with the TTL expressed in seconds.
@ -823,7 +823,7 @@ added: v10.6.0
* `hostname` {string} Hostname to resolve.
* `options` {Object}
- `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record.
* `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record.
When `true`, the `Promise` is resolved with an array of
`{ address: '0:1:2:3:4:5:6:7', ttl: 60 }` objects rather than an array of
strings, with the TTL expressed in seconds.
@ -1074,30 +1074,30 @@ earlier ones time out or result in some other error.
Each DNS query can return one of the following error codes:
- `dns.NODATA`: DNS server returned answer with no data.
- `dns.FORMERR`: DNS server claims query was misformatted.
- `dns.SERVFAIL`: DNS server returned general failure.
- `dns.NOTFOUND`: Domain name not found.
- `dns.NOTIMP`: DNS server does not implement requested operation.
- `dns.REFUSED`: DNS server refused query.
- `dns.BADQUERY`: Misformatted DNS query.
- `dns.BADNAME`: Misformatted hostname.
- `dns.BADFAMILY`: Unsupported address family.
- `dns.BADRESP`: Misformatted DNS reply.
- `dns.CONNREFUSED`: Could not contact DNS servers.
- `dns.TIMEOUT`: Timeout while contacting DNS servers.
- `dns.EOF`: End of file.
- `dns.FILE`: Error reading file.
- `dns.NOMEM`: Out of memory.
- `dns.DESTRUCTION`: Channel is being destroyed.
- `dns.BADSTR`: Misformatted string.
- `dns.BADFLAGS`: Illegal flags specified.
- `dns.NONAME`: Given hostname is not numeric.
- `dns.BADHINTS`: Illegal hints flags specified.
- `dns.NOTINITIALIZED`: c-ares library initialization not yet performed.
- `dns.LOADIPHLPAPI`: Error loading `iphlpapi.dll`.
- `dns.ADDRGETNETWORKPARAMS`: Could not find `GetNetworkParams` function.
- `dns.CANCELLED`: DNS query cancelled.
* `dns.NODATA`: DNS server returned answer with no data.
* `dns.FORMERR`: DNS server claims query was misformatted.
* `dns.SERVFAIL`: DNS server returned general failure.
* `dns.NOTFOUND`: Domain name not found.
* `dns.NOTIMP`: DNS server does not implement requested operation.
* `dns.REFUSED`: DNS server refused query.
* `dns.BADQUERY`: Misformatted DNS query.
* `dns.BADNAME`: Misformatted hostname.
* `dns.BADFAMILY`: Unsupported address family.
* `dns.BADRESP`: Misformatted DNS reply.
* `dns.CONNREFUSED`: Could not contact DNS servers.
* `dns.TIMEOUT`: Timeout while contacting DNS servers.
* `dns.EOF`: End of file.
* `dns.FILE`: Error reading file.
* `dns.NOMEM`: Out of memory.
* `dns.DESTRUCTION`: Channel is being destroyed.
* `dns.BADSTR`: Misformatted string.
* `dns.BADFLAGS`: Illegal flags specified.
* `dns.NONAME`: Given hostname is not numeric.
* `dns.BADHINTS`: Illegal hints flags specified.
* `dns.NOTINITIALIZED`: c-ares library initialization not yet performed.
* `dns.LOADIPHLPAPI`: Error loading `iphlpapi.dll`.
* `dns.ADDRGETNETWORKPARAMS`: Could not find `GetNetworkParams` function.
* `dns.CANCELLED`: DNS query cancelled.
## Implementation considerations

48
doc/api/errors.md
View File

@ -6,13 +6,13 @@
Applications running in Node.js will generally experience four categories of
errors:
- Standard JavaScript errors such as {EvalError}, {SyntaxError}, {RangeError},
* Standard JavaScript errors such as {EvalError}, {SyntaxError}, {RangeError},
{ReferenceError}, {TypeError}, and {URIError}.
- System errors triggered by underlying operating system constraints such
* System errors triggered by underlying operating system constraints such
as attempting to open a file that does not exist or attempting to send data
over a closed socket.
- User-specified errors triggered by application code.
- `AssertionError`s are a special class of error that can be triggered when
* User-specified errors triggered by application code.
* `AssertionError`s are a special class of error that can be triggered when
Node.js detects an exceptional logic violation that should never occur. These
are raised typically by the `assert` module.
@ -54,7 +54,7 @@ to report errors.
Errors that occur within _Asynchronous APIs_ may be reported in multiple ways:
- Most asynchronous methods that accept a `callback` function will accept an
* Most asynchronous methods that accept a `callback` function will accept an
`Error` object passed as the first argument to that function. If that first
argument is not `null` and is an instance of `Error`, then an error occurred
that should be handled.
@ -71,7 +71,7 @@ Errors that occur within _Asynchronous APIs_ may be reported in multiple ways:
});
```
- When an asynchronous method is called on an object that is an
* When an asynchronous method is called on an object that is an
[`EventEmitter`][], errors can be routed to that object's `'error'` event.
```js
@ -89,7 +89,7 @@ Errors that occur within _Asynchronous APIs_ may be reported in multiple ways:
connection.pipe(process.stdout);
```
- A handful of typically asynchronous methods in the Node.js API may still
* A handful of typically asynchronous methods in the Node.js API may still
use the `throw` mechanism to raise exceptions that must be handled using
`try…catch`. There is no comprehensive list of such methods; please
refer to the documentation of each method to determine the appropriate
@ -502,29 +502,29 @@ The `error.syscall` property is a string describing the [syscall][] that failed.
This is a list of system errors commonly-encountered when writing a Node.js
program. For a comprehensive list, see the [`errno`(3) man page][].
- `EACCES` (Permission denied): An attempt was made to access a file in a way
* `EACCES` (Permission denied): An attempt was made to access a file in a way
forbidden by its file access permissions.
- `EADDRINUSE` (Address already in use): An attempt to bind a server
* `EADDRINUSE` (Address already in use): An attempt to bind a server
([`net`][], [`http`][], or [`https`][]) to a local address failed due to
another server on the local system already occupying that address.
- `ECONNREFUSED` (Connection refused): No connection could be made because the
* `ECONNREFUSED` (Connection refused): No connection could be made because the
target machine actively refused it. This usually results from trying to
connect to a service that is inactive on the foreign host.
- `ECONNRESET` (Connection reset by peer): A connection was forcibly closed by
* `ECONNRESET` (Connection reset by peer): A connection was forcibly closed by
a peer. This normally results from a loss of the connection on the remote
socket due to a timeout or reboot. Commonly encountered via the [`http`][]
and [`net`][] modules.
- `EEXIST` (File exists): An existing file was the target of an operation that
* `EEXIST` (File exists): An existing file was the target of an operation that
required that the target not exist.
- `EISDIR` (Is a directory): An operation expected a file, but the given
* `EISDIR` (Is a directory): An operation expected a file, but the given
pathname was a directory.
- `EMFILE` (Too many open files in system): Maximum number of
* `EMFILE` (Too many open files in system): Maximum number of
[file descriptors][] allowable on the system has been reached, and
requests for another descriptor cannot be fulfilled until at least one
has been closed. This is encountered when opening many files at once in
@ -532,28 +532,28 @@ program. For a comprehensive list, see the [`errno`(3) man page][].
file descriptor limit for processes. To remedy a low limit, run
`ulimit -n 2048` in the same shell that will run the Node.js process.
- `ENOENT` (No such file or directory): Commonly raised by [`fs`][] operations
* `ENOENT` (No such file or directory): Commonly raised by [`fs`][] operations
to indicate that a component of the specified pathname does not exist — no
entity (file or directory) could be found by the given path.
- `ENOTDIR` (Not a directory): A component of the given pathname existed, but
* `ENOTDIR` (Not a directory): A component of the given pathname existed, but
was not a directory as expected. Commonly raised by [`fs.readdir`][].
- `ENOTEMPTY` (Directory not empty): A directory with entries was the target
* `ENOTEMPTY` (Directory not empty): A directory with entries was the target
of an operation that requires an empty directory — usually [`fs.unlink`][].
- `ENOTFOUND` (DNS lookup failed): Indicates a DNS failure of either
* `ENOTFOUND` (DNS lookup failed): Indicates a DNS failure of either
`EAI_NODATA` or `EAI_NONAME`. This is not a standard POSIX error.
- `EPERM` (Operation not permitted): An attempt was made to perform an
* `EPERM` (Operation not permitted): An attempt was made to perform an
operation that requires elevated privileges.
- `EPIPE` (Broken pipe): A write on a pipe, socket, or FIFO for which there is
* `EPIPE` (Broken pipe): A write on a pipe, socket, or FIFO for which there is
no process to read the data. Commonly encountered at the [`net`][] and
[`http`][] layers, indicative that the remote side of the stream being
written to has been closed.
- `ETIMEDOUT` (Operation timed out): A connect or send request failed because
* `ETIMEDOUT` (Operation timed out): A connect or send request failed because
the connected party did not properly respond after a period of time. Usually
encountered by [`http`][] or [`net`][] — often a sign that a `socket.end()`
was not properly called.
@ -1964,9 +1964,9 @@ A dynamic import callback was not specified.
The module attempted to be linked is not eligible for linking, because of one of
the following reasons:
- It has already been linked (`linkingStatus` is `'linked'`)
- It is being linked (`linkingStatus` is `'linking'`)
- Linking has failed for this module (`linkingStatus` is `'errored'`)
* It has already been linked (`linkingStatus` is `'linked'`)
* It is being linked (`linkingStatus` is `'linking'`)
* Linking has failed for this module (`linkingStatus` is `'errored'`)
<a id="ERR_VM_MODULE_DIFFERENT_CONTEXT"></a>
### ERR_VM_MODULE_DIFFERENT_CONTEXT

24
doc/api/esm.md
View File

@ -34,13 +34,13 @@ Once enabled, Node.js will treat the following as ES modules when passed to
`node` as the initial input, or when referenced by `import` statements within
ES module code:
- Files ending in `.mjs`.
* Files ending in `.mjs`.
- Files ending in `.js`, or extensionless files, when the nearest parent
* Files ending in `.js`, or extensionless files, when the nearest parent
`package.json` file contains a top-level field `"type"` with a value of
`"module"`.
- Strings passed in as an argument to `--eval` or `--print`, or piped to
* Strings passed in as an argument to `--eval` or `--print`, or piped to
`node` via `STDIN`, with the flag `--input-type=module`.
Node.js will treat as CommonJS all other forms of input, such as `.js` files
@ -51,13 +51,13 @@ CommonJS and ES modules, it is best to be explicit whenever possible. Node.js
will treat the following as CommonJS when passed to `node` as the initial input,
or when referenced by `import` statements within ES module code:
- Files ending in `.cjs`.
* Files ending in `.cjs`.
- Files ending in `.js`, or extensionless files, when the nearest parent
* Files ending in `.js`, or extensionless files, when the nearest parent
`package.json` file contains a top-level field `"type"` with a value of
`"commonjs"`.
- Strings passed in as an argument to `--eval` or `--print`, or piped to
* Strings passed in as an argument to `--eval` or `--print`, or piped to
`node` via `STDIN`, with the flag `--input-type=commonjs`.
## <code>package.json</code> <code>"type"</code> field
@ -146,12 +146,12 @@ import 'commonjs-package/src/index.mjs';
The `.mjs` and `.cjs` extensions may be used to mix types within the same
package scope:
- Within a `"type": "module"` package scope, Node.js can be instructed to
* Within a `"type": "module"` package scope, Node.js can be instructed to
interpret a particular file as CommonJS by naming it with a `.cjs` extension
(since both `.js` and `.mjs` files are treated as ES modules within a
`"module"` package scope).
- Within a `"type": "commonjs"` package scope, Node.js can be instructed to
* Within a `"type": "commonjs"` package scope, Node.js can be instructed to
interpret a particular file as an ES module by naming it with an `.mjs`
extension (since both `.js` and `.cjs` files are treated as CommonJS within a
`"commonjs"` package scope).
@ -298,16 +298,16 @@ e.g. `'path'` in `import { sep } from 'path'`. Specifiers are also used in
There are four types of specifiers:
- _Bare specifiers_ like `'some-package'`. They refer to an entry point of a
* _Bare specifiers_ like `'some-package'`. They refer to an entry point of a
package by the package name.
- _Deep import specifiers_ like `'some-package/lib/shuffle.mjs'`. They refer to
* _Deep import specifiers_ like `'some-package/lib/shuffle.mjs'`. They refer to
a path within a package prefixed by the package name.
- _Relative specifiers_ like `'./startup.js'` or `'../config.mjs'`. They refer
* _Relative specifiers_ like `'./startup.js'` or `'../config.mjs'`. They refer
to a path relative to the location of the importing file.
- _Absolute specifiers_ like `'file:///opt/nodejs/config.js'`. They refer
* _Absolute specifiers_ like `'file:///opt/nodejs/config.js'`. They refer
directly and explicitly to a full path.
Bare specifiers, and the bare specifier portion of deep import specifiers, are

12
doc/api/fs.md
View File

@ -3438,9 +3438,9 @@ Change the file system timestamps of the object referenced by `path`.
The `atime` and `mtime` arguments follow these rules:
- Values can be either numbers representing Unix epoch time, `Date`s, or a
* Values can be either numbers representing Unix epoch time, `Date`s, or a
numeric string like `'123456789.0'`.
- If the value can not be converted to a number, or is `NaN`, `Infinity` or
* If the value can not be converted to a number, or is `NaN`, `Infinity` or
`-Infinity`, an `Error` will be thrown.
## fs.utimesSync(path, atime, mtime)
@ -3640,8 +3640,8 @@ event (its disappearance).
This happens when:
- the file is deleted, followed by a restore
- the file is renamed twice - the second time back to its original name
* the file is deleted, followed by a restore
* the file is renamed twice - the second time back to its original name
## fs.write(fd, buffer[, offset[, length[, position]]], callback)
<!-- YAML
@ -4848,9 +4848,9 @@ resolves the `Promise` with no arguments upon success.
The `atime` and `mtime` arguments follow these rules:
- Values can be either numbers representing Unix epoch time, `Date`s, or a
* Values can be either numbers representing Unix epoch time, `Date`s, or a
numeric string like `'123456789.0'`.
- If the value can not be converted to a number, or is `NaN`, `Infinity` or
* If the value can not be converted to a number, or is `NaN`, `Infinity` or
`-Infinity`, an `Error` will be thrown.
### fsPromises.writeFile(file, data[, options])

10
doc/api/globals.md
View File

@ -7,11 +7,11 @@ These objects are available in all modules. The following variables may appear
to be global but are not. They exist only in the scope of modules, see the
[module system documentation][]:
- [`__dirname`][]
- [`__filename`][]
- [`exports`][]
- [`module`][]
- [`require()`][]
* [`__dirname`][]
* [`__filename`][]
* [`exports`][]
* [`module`][]
* [`require()`][]
The objects listed here are specific to Node.js. There are a number of
[built-in objects][] that are part of the JavaScript language itself, which are

4
doc/api/http.md
View File

@ -912,9 +912,9 @@ ensure the response is a properly formatted HTTP response message.
`err` is an instance of `Error` with two extra columns:
+ `bytesParsed`: the bytes count of request packet that Node.js may have parsed
* `bytesParsed`: the bytes count of request packet that Node.js may have parsed
correctly;
+ `rawPacket`: the raw packet of current request.
* `rawPacket`: the raw packet of current request.
### Event: 'close'
<!-- YAML

14
doc/api/https.md
View File

@ -69,7 +69,7 @@ See [`server.close()`][`http.close()`] from the HTTP module for details.
added: v11.3.0
-->
- {number} **Default:** `40000`
* {number} **Default:** `40000`
See [`http.Server#headersTimeout`][].
@ -80,7 +80,7 @@ This method is identical to [`server.listen()`][] from [`net.Server`][].
### server.maxHeadersCount
- {number} **Default:** `2000`
* {number} **Default:** `2000`
See [`http.Server#maxHeadersCount`][].
@ -100,7 +100,7 @@ See [`http.Server#setTimeout()`][].
added: v0.11.2
-->
- {number} **Default:** `120000` (2 minutes)
* {number} **Default:** `120000` (2 minutes)
See [`http.Server#timeout`][].
@ -109,7 +109,7 @@ See [`http.Server#timeout`][].
added: v8.0.0
-->
- {number} **Default:** `5000` (5 seconds)
* {number} **Default:** `5000` (5 seconds)
See [`http.Server#keepAliveTimeout`][].
@ -224,9 +224,9 @@ changes:
* `url` {string | URL}
* `options` {Object | string | URL} Accepts all `options` from
[`http.request()`][], with some differences in default values:
- `protocol` **Default:** `'https:'`
- `port` **Default:** `443`
- `agent` **Default:** `https.globalAgent`
* `protocol` **Default:** `'https:'`
* `port` **Default:** `443`
* `agent` **Default:** `https.globalAgent`
* `callback` {Function}
Makes a request to a secure web server.

36
doc/api/intl.md
View File

@ -6,21 +6,21 @@
Node.js has many features that make it easier to write internationalized
programs. Some of them are:
- Locale-sensitive or Unicode-aware functions in the [ECMAScript Language
* Locale-sensitive or Unicode-aware functions in the [ECMAScript Language
Specification][ECMA-262]:
- [`String.prototype.normalize()`][]
- [`String.prototype.toLowerCase()`][]
- [`String.prototype.toUpperCase()`][]
- All functionality described in the [ECMAScript Internationalization API
* [`String.prototype.normalize()`][]
* [`String.prototype.toLowerCase()`][]
* [`String.prototype.toUpperCase()`][]
* All functionality described in the [ECMAScript Internationalization API
Specification][ECMA-402] (aka ECMA-402):
- [`Intl`][] object
- Locale-sensitive methods like [`String.prototype.localeCompare()`][] and
* [`Intl`][] object
* Locale-sensitive methods like [`String.prototype.localeCompare()`][] and
[`Date.prototype.toLocaleString()`][]
- The [WHATWG URL parser][]'s [internationalized domain names][] (IDNs) support
- [`require('buffer').transcode()`][]
- More accurate [REPL][] line editing
- [`require('util').TextDecoder`][]
- [`RegExp` Unicode Property Escapes][]
* The [WHATWG URL parser][]'s [internationalized domain names][] (IDNs) support
* [`require('buffer').transcode()`][]
* More accurate [REPL][] line editing
* [`require('util').TextDecoder`][]
* [`RegExp` Unicode Property Escapes][]
Node.js (and its underlying V8 engine) uses [ICU][] to implement these features
in native C/C++ code. However, some of them require a very large ICU data file
@ -36,10 +36,10 @@ To control how ICU is used in Node.js, four `configure` options are available
during compilation. Additional details on how to compile Node.js are documented
in [BUILDING.md][].
- `--with-intl=none`/`--without-intl`
- `--with-intl=system-icu`
- `--with-intl=small-icu` (default)
- `--with-intl=full-icu`
* `--with-intl=none`/`--without-intl`
* `--with-intl=system-icu`
* `--with-intl=small-icu` (default)
* `--with-intl=full-icu`
An overview of available Node.js and JavaScript features for each `configure`
option:
@ -186,9 +186,9 @@ const hasFullICU = (() => {
For more verbose tests for `Intl` support, the following resources may be found
to be helpful:
- [btest402][]: Generally used to check whether Node.js with `Intl` support is
* [btest402][]: Generally used to check whether Node.js with `Intl` support is
built correctly.
- [Test262][]: ECMAScript's official conformance test suite includes a section
* [Test262][]: ECMAScript's official conformance test suite includes a section
dedicated to ECMA-402.
["ICU Data"]: http://userguide.icu-project.org/icudata

12
doc/api/modules.md
View File

@ -492,14 +492,14 @@ wrapper that looks like the following:
By doing this, Node.js achieves a few things:
- It keeps top-level variables (defined with `var`, `const` or `let`) scoped to
* It keeps top-level variables (defined with `var`, `const` or `let`) scoped to
the module rather than the global object.
- It helps to provide some global-looking variables that are actually specific
* It helps to provide some global-looking variables that are actually specific
to the module, such as:
- The `module` and `exports` objects that the implementor can use to export
values from the module.
- The convenience variables `__filename` and `__dirname`, containing the
module's absolute filename and directory path.
* The `module` and `exports` objects that the implementor can use to export
values from the module.
* The convenience variables `__filename` and `__dirname`, containing the
module's absolute filename and directory path.
## The module scope

1028
doc/api/n-api.md
View File

File diff suppressed because it is too large Load Diff

20
doc/api/process.md
View File

@ -511,16 +511,16 @@ environment variable.
representations. `process.allowedNodeEnvironmentFlags.has()` will
return `true` in the following cases:
- Flags may omit leading single (`-`) or double (`--`) dashes; e.g.,
* Flags may omit leading single (`-`) or double (`--`) dashes; e.g.,
`inspect-brk` for `--inspect-brk`, or `r` for `-r`.
- Flags passed through to V8 (as listed in `--v8-options`) may replace
* Flags passed through to V8 (as listed in `--v8-options`) may replace
one or more *non-leading* dashes for an underscore, or vice-versa;
e.g., `--perf_basic_prof`, `--perf-basic-prof`, `--perf_basic-prof`,
etc.
- Flags may contain one or more equals (`=`) characters; all
* Flags may contain one or more equals (`=`) characters; all
characters after and including the first equals will be ignored;
e.g., `--stack-trace-limit=100`.
- Flags *must* be allowable within [`NODE_OPTIONS`][].
* Flags *must* be allowable within [`NODE_OPTIONS`][].
When iterating over `process.allowedNodeEnvironmentFlags`, flags will
appear only *once*; each will begin with one or more dashes. Flags
@ -1680,9 +1680,9 @@ tarball.
* `lts` {string} a string label identifying the [LTS][] label for this release.
This property only exists for LTS releases and is `undefined` for all other
release types, including _Current_ releases. Currently the valid values are:
- `'Argon'` for the 4.x LTS line beginning with 4.2.0.
- `'Boron'` for the 6.x LTS line beginning with 6.9.0.
- `'Carbon'` for the 8.x LTS line beginning with 8.9.1.
* `'Argon'` for the 4.x LTS line beginning with 4.2.0.
* `'Boron'` for the 6.x LTS line beginning with 6.9.0.
* `'Carbon'` for the 8.x LTS line beginning with 8.9.1.
<!-- eslint-skip -->
```js
@ -2178,9 +2178,9 @@ important ways:
respectively.
2. Writes may be synchronous depending on what the stream is connected to
and whether the system is Windows or POSIX:
- Files: *synchronous* on Windows and POSIX
- TTYs (Terminals): *asynchronous* on Windows, *synchronous* on POSIX
- Pipes (and sockets): *synchronous* on Windows, *asynchronous* on POSIX
* Files: *synchronous* on Windows and POSIX
* TTYs (Terminals): *asynchronous* on Windows, *synchronous* on POSIX
* Pipes (and sockets): *synchronous* on Windows, *asynchronous* on POSIX
These behaviors are partly for historical reasons, as changing them would
create backwards incompatibility, but they are also expected by some users.

6
doc/api/repl.md
View File

@ -601,16 +601,16 @@ undefined
Various behaviors of the Node.js REPL can be customized using the following
environment variables:
- `NODE_REPL_HISTORY` - When a valid path is given, persistent REPL history
* `NODE_REPL_HISTORY` - When a valid path is given, persistent REPL history
will be saved to the specified file rather than `.node_repl_history` in the
user's home directory. Setting this value to `''` (an empty string) will
disable persistent REPL history. Whitespace will be trimmed from the value.
On Windows platforms environment variables with empty values are invalid so
set this variable to one or more spaces to disable persistent REPL history.
- `NODE_REPL_HISTORY_SIZE` - Controls how many lines of history will be
* `NODE_REPL_HISTORY_SIZE` - Controls how many lines of history will be
persisted if history is available. Must be a positive number.
**Default:** `1000`.
- `NODE_REPL_MODE` - May be either `'sloppy'` or `'strict'`. **Default:**
* `NODE_REPL_MODE` - May be either `'sloppy'` or `'strict'`. **Default:**
`'sloppy'`, which will allow non-strict mode code to be run.
### Persistent History

10
doc/api/tls.md
View File

@ -317,11 +317,11 @@ on the format, see the OpenSSL [cipher list format][] documentation.
There are only 5 TLSv1.3 cipher suites:
- `'TLS_AES_256_GCM_SHA384'`
- `'TLS_CHACHA20_POLY1305_SHA256'`
- `'TLS_AES_128_GCM_SHA256'`
- `'TLS_AES_128_CCM_SHA256'`
- `'TLS_AES_128_CCM_8_SHA256'`
* `'TLS_AES_256_GCM_SHA384'`
* `'TLS_CHACHA20_POLY1305_SHA256'`
* `'TLS_AES_128_GCM_SHA256'`
* `'TLS_AES_128_CCM_SHA256'`
* `'TLS_AES_128_CCM_8_SHA256'`
The first 3 are enabled by default. The last 2 `CCM`-based suites are supported
by TLSv1.3 because they may be more performant on constrained systems, but they

36
doc/api/vm.md
View File

@ -520,9 +520,9 @@ This must be called after the module has been instantiated; otherwise it will
throw an error. It could be called also when the module has already been
evaluated, in which case it will do one of the following two things:
- return `undefined` if the initial evaluation ended in success (`module.status`
* return `undefined` if the initial evaluation ended in success (`module.status`
is `'evaluated'`)
- rethrow the same exception the initial evaluation threw if the initial
* rethrow the same exception the initial evaluation threw if the initial
evaluation ended in an error (`module.status` is `'errored'`)
This method cannot be called while the module is being evaluated
@ -570,8 +570,8 @@ The function is expected to return a `Module` object or a `Promise` that
eventually resolves to a `Module` object. The returned `Module` must satisfy the
following two invariants:
- It must belong to the same context as the parent `Module`.
- Its `linkingStatus` must not be `'errored'`.
* It must belong to the same context as the parent `Module`.
* Its `linkingStatus` must not be `'errored'`.
If the returned `Module`'s `linkingStatus` is `'unlinked'`, this method will be
recursively called on the returned `Module` with the same provided `linker`
@ -585,9 +585,9 @@ The linker function roughly corresponds to the implementation-defined
[HostResolveImportedModule][] abstract operation in the ECMAScript
specification, with a few key differences:
- The linker function is allowed to be asynchronous while
* The linker function is allowed to be asynchronous while
[HostResolveImportedModule][] is synchronous.
- The linker function is executed during linking, a Node.js-specific stage
* The linker function is executed during linking, a Node.js-specific stage
before instantiation, while [HostResolveImportedModule][] is called during
instantiation.
@ -603,12 +603,12 @@ specification.
The current linking status of `module`. It will be one of the following values:
- `'unlinked'`: `module.link()` has not yet been called.
- `'linking'`: `module.link()` has been called, but not all Promises returned by
* `'unlinked'`: `module.link()` has not yet been called.
* `'linking'`: `module.link()` has been called, but not all Promises returned by
the linker function have been resolved yet.
- `'linked'`: `module.link()` has been called, and all its dependencies have
* `'linked'`: `module.link()` has been called, and all its dependencies have
been successfully linked.
- `'errored'`: `module.link()` has been called, but at least one of its
* `'errored'`: `module.link()` has been called, but at least one of its
dependencies failed to link, either because the callback returned a `Promise`
that is rejected, or because the `Module` the callback returned is invalid.
@ -628,28 +628,28 @@ specification.
The current status of the module. Will be one of:
- `'uninstantiated'`: The module is not instantiated. It may because of any of
* `'uninstantiated'`: The module is not instantiated. It may because of any of
the following reasons:
- The module was just created.
- `module.instantiate()` has been called on this module, but it failed for
* The module was just created.
* `module.instantiate()` has been called on this module, but it failed for
some reason.
This status does not convey any information regarding if `module.link()` has
been called. See `module.linkingStatus` for that.
- `'instantiating'`: The module is currently being instantiated through a
* `'instantiating'`: The module is currently being instantiated through a
`module.instantiate()` call on itself or a parent module.
- `'instantiated'`: The module has been instantiated successfully, but
* `'instantiated'`: The module has been instantiated successfully, but
`module.evaluate()` has not yet been called.
- `'evaluating'`: The module is being evaluated through a `module.evaluate()` on
* `'evaluating'`: The module is being evaluated through a `module.evaluate()` on
itself or a parent module.
- `'evaluated'`: The module has been successfully evaluated.
* `'evaluated'`: The module has been successfully evaluated.
- `'errored'`: The module has been evaluated, but an exception was thrown.
* `'errored'`: The module has been evaluated, but an exception was thrown.
Other than `'errored'`, this status string corresponds to the specification's
[Source Text Module Record][]'s `[[Status]]` field. `'errored'` corresponds to

34
doc/api/worker_threads.md
View File

@ -304,13 +304,13 @@ the [HTML structured clone algorithm][].
In particular, the significant differences to `JSON` are:
- `value` may contain circular references.
- `value` may contain instances of builtin JS types such as `RegExp`s,
* `value` may contain circular references.
* `value` may contain instances of builtin JS types such as `RegExp`s,
`BigInt`s, `Map`s, `Set`s, etc.
- `value` may contain typed arrays, both using `ArrayBuffer`s
* `value` may contain typed arrays, both using `ArrayBuffer`s
and `SharedArrayBuffer`s.
- `value` may contain [`WebAssembly.Module`][] instances.
- `value` may not contain native (C++-backed) objects other than `MessagePort`s.
* `value` may contain [`WebAssembly.Module`][] instances.
* `value` may not contain native (C++-backed) objects other than `MessagePort`s.
```js
const { MessageChannel } = require('worker_threads');
@ -424,26 +424,26 @@ Most Node.js APIs are available inside of it.
Notable differences inside a Worker environment are:
- The [`process.stdin`][], [`process.stdout`][] and [`process.stderr`][]
* The [`process.stdin`][], [`process.stdout`][] and [`process.stderr`][]
may be redirected by the parent thread.
- The [`require('worker_threads').isMainThread`][] property is set to `false`.
- The [`require('worker_threads').parentPort`][] message port is available.
- [`process.exit()`][] does not stop the whole program, just the single thread,
* The [`require('worker_threads').isMainThread`][] property is set to `false`.
* The [`require('worker_threads').parentPort`][] message port is available.
* [`process.exit()`][] does not stop the whole program, just the single thread,
and [`process.abort()`][] is not available.
- [`process.chdir()`][] and `process` methods that set group or user ids
* [`process.chdir()`][] and `process` methods that set group or user ids
are not available.
- [`process.env`][] is a copy of the parent thread's environment variables,
* [`process.env`][] is a copy of the parent thread's environment variables,
unless otherwise specified. Changes to one copy will not be visible in other
threads, and will not be visible to native add-ons (unless
[`worker.SHARE_ENV`][] has been passed as the `env` option to the
[`Worker`][] constructor).
- [`process.title`][] cannot be modified.
- Signals will not be delivered through [`process.on('...')`][Signals events].
- Execution may stop at any point as a result of [`worker.terminate()`][]
* [`process.title`][] cannot be modified.
* Signals will not be delivered through [`process.on('...')`][Signals events].
* Execution may stop at any point as a result of [`worker.terminate()`][]
being invoked.
- IPC channels from parent processes are not accessible.
- The [`trace_events`][] module is not supported.
- Native add-ons can only be loaded from multiple threads if they fulfill
* IPC channels from parent processes are not accessible.
* The [`trace_events`][] module is not supported.
* Native add-ons can only be loaded from multiple threads if they fulfill
[certain conditions][Addons worker support].
Creating `Worker` instances inside of other `Worker`s is possible.

4
doc/api/zlib.md
View File

@ -217,8 +217,8 @@ speed, at the cost of memory usage.
There are equivalents to the zlib options for Brotli-based streams, although
these options have different ranges than the zlib ones:
- zlibs `level` option matches Brotlis `BROTLI_PARAM_QUALITY` option.
- zlibs `windowBits` option matches Brotlis `BROTLI_PARAM_LGWIN` option.
* zlibs `level` option matches Brotlis `BROTLI_PARAM_QUALITY` option.
* zlibs `windowBits` option matches Brotlis `BROTLI_PARAM_LGWIN` option.
See [below][Brotli parameters] for more details on Brotli-specific options.

204
doc/changelogs/CHANGELOG_ARCHIVE.md
View File

@ -1013,9 +1013,9 @@ https://github.com/nodejs/node/commit/2c4eef0d972838c51999d32c0d251857a713dc18
https://github.com/nodejs/node/commit/c50c33e9397d7a0a8717e8ce7530572907c054ad
* npm: Upgrade to v1.2.0
- peerDependencies (Domenic Denicola)
- node-gyp v0.8.2 (Nathan Rajlich)
- Faster installs from github user/project shorthands (Nathan Zadoks)
* peerDependencies (Domenic Denicola)
* node-gyp v0.8.2 (Nathan Rajlich)
* Faster installs from github user/project shorthands (Nathan Zadoks)
* typed arrays: fix 32 bit size/index overflow (Ben Noordhuis)
* http: Improve performance of single-packet responses (Ben Noordhuis)
@ -1279,10 +1279,10 @@ https://github.com/nodejs/node/commit/2134aa3d5c622fc3c3b02ccb713fcde0e0df479a
* V8: upgrade to v3.11.10.12
* npm: upgrade to v1.1.33
- Support for parallel use of the cache folder
- Retry on registry timeouts or network failures (Trent Mick)
- Reduce 'engines' failures to a warning
- Use new zsh completion if available (Jeremy Cantrell)
* Support for parallel use of the cache folder
* Retry on registry timeouts or network failures (Trent Mick)
* Reduce 'engines' failures to a warning
* Use new zsh completion if available (Jeremy Cantrell)
* Fix [#3577](https://github.com/joyent/node/issues/3577) Un-break require('sys')
* util: speed up formatting of large arrays/objects (Ben Noordhuis)
@ -1323,13 +1323,13 @@ https://github.com/nodejs/node/commit/8b8a7a7f9b41e74e1e810d0330738ad06fc302ec
https://github.com/nodejs/node/commit/a72120190a8ffdbcd3d6ad2a2e6ceecd2087111e
* npm: Upgrade to 1.1.30
- Improved 'npm init'
- Fix the 'cb never called' error from 'oudated' and 'update'
- Add --save-bundle|-B config
- Fix isaacs/npm[#2465](https://github.com/joyent/node/issues/2465): Make npm script and windows shims cygwin-aware
- Fix isaacs/npm[#2452](https://github.com/joyent/node/issues/2452) Use --save(-dev|-optional) in npm rm
- `logstream` option to replace removed `logfd` (Rod Vagg)
- Read default descriptions from README.md files
* Improved 'npm init'
* Fix the 'cb never called' error from 'oudated' and 'update'
* Add --save-bundle|-B config
* Fix isaacs/npm[#2465](https://github.com/joyent/node/issues/2465): Make npm script and windows shims cygwin-aware
* Fix isaacs/npm[#2452](https://github.com/joyent/node/issues/2452) Use --save(-dev|-optional) in npm rm
* `logstream` option to replace removed `logfd` (Rod Vagg)
* Read default descriptions from README.md files
* Shims to support deprecated ev_* and eio_* methods (Ben Noordhuis)
* [#3118](https://github.com/joyent/node/issues/3118) net.Socket: Delay pause/resume until after connect (isaacs)
@ -1390,9 +1390,9 @@ https://github.com/nodejs/node/commit/8d9766a9dfb1eea901219d2a865ce9300fe4d68e
* child_process: new stdio API for .spawn() method (Fedor Indutny)
* child_process: spawn().ref() and spawn().unref() (Fedor Indutny)
* Upgrade npm to 1.1.25
- Enable npm link on windows
- Properly remove sh-shim on Windows
- Abstract out registry client and logger
* Enable npm link on windows
* Properly remove sh-shim on Windows
* Abstract out registry client and logger
<a id="0.7.9"></a>
## 2012.05.28, Version 0.7.9 (unstable)
@ -1477,11 +1477,11 @@ https://github.com/nodejs/node/commit/f06abda6f58e517349d1b63a2cbf5a8d04a03505
* Upgrade v8 to 3.9.17
* Upgrade npm to 1.1.8
- Add support for os/cpu fields in package.json (Adam Blackburn)
- Automatically node-gyp packages containing a binding.gyp
- Fix failures unpacking in UNC shares
- Never create un-listable directories
- Handle cases where an optionalDependency fails to build
* Add support for os/cpu fields in package.json (Adam Blackburn)
* Automatically node-gyp packages containing a binding.gyp
* Fix failures unpacking in UNC shares
* Never create un-listable directories
* Handle cases where an optionalDependency fails to build
* events: newListener emit correct fn when using 'once' (Roly Fentanes)
* url: Ignore empty port component (Łukasz Walukiewicz)
@ -1696,12 +1696,12 @@ https://github.com/nodejs/node/commit/e513ffef7549a56a5af728e1f0c2c0c8f290518a
* Add UV_ENOSPC and mappings to it (Bert Belder)
* http-parser: Fix response body is not read (koichik)
* Upgrade npm to 1.1.12
- upgrade node-gyp to 0.3.7
- work around AV-locked directories on Windows
- Fix isaacs/npm[#2293](https://github.com/joyent/node/issues/2293) Don't try to 'uninstall' /
- Exclude symbolic links from packages.
- Fix isaacs/npm[#2275](https://github.com/joyent/node/issues/2275) Spurious 'unresolvable cycle' error.
- Exclude/include dot files as if they were normal files
* upgrade node-gyp to 0.3.7
* work around AV-locked directories on Windows
* Fix isaacs/npm[#2293](https://github.com/joyent/node/issues/2293) Don't try to 'uninstall' /
* Exclude symbolic links from packages.
* Fix isaacs/npm[#2275](https://github.com/joyent/node/issues/2275) Spurious 'unresolvable cycle' error.
* Exclude/include dot files as if they were normal files
<a id="0.6.13"></a>
## 2012.03.15 Version 0.6.13 (stable)
@ -1714,15 +1714,15 @@ https://github.com/nodejs/node/commit/9f7f86b534f8556290eb8cad915984ff4ca54996
* Windows: include syscall in fs errors (Bert Belder)
* Fix fs.watch ENOSYS on Linux kernel version mismatch (Ben Noordhuis)
* Update npm to 1.1.9
- upgrade node-gyp to 0.3.5 (Nathan Rajlich)
- Fix isaacs/npm[#2249](https://github.com/joyent/node/issues/2249) Add cache-max and cache-min configs
- Properly redirect across https/http registry requests
- log config usage if undefined key in set function (Kris Windham)
- Add support for os/cpu fields in package.json (Adam Blackburn)
- Automatically node-gyp packages containing a binding.gyp
- Fix failures unpacking in UNC shares
- Never create un-listable directories
- Handle cases where an optionalDependency fails to build
* upgrade node-gyp to 0.3.5 (Nathan Rajlich)
* Fix isaacs/npm[#2249](https://github.com/joyent/node/issues/2249) Add cache-max and cache-min configs
* Properly redirect across https/http registry requests
* log config usage if undefined key in set function (Kris Windham)
* Add support for os/cpu fields in package.json (Adam Blackburn)
* Automatically node-gyp packages containing a binding.gyp
* Fix failures unpacking in UNC shares
* Never create un-listable directories
* Handle cases where an optionalDependency fails to build
<a id="0.6.12"></a>
## 2012.03.02 Version 0.6.12 (stable)
@ -1744,13 +1744,13 @@ https://github.com/nodejs/node/commit/48a2d34cfe6b7e1c9d15202a4ef5e3c82d1fba35
* windows: fs: handle EOF in read (Brandon Philips)
* windows: avoid IOCP short-circuit on non-ifs lsps (Igor Zinkovsky)
* Upgrade npm to 1.1.4 (isaacs)
- windows fixes
- Bundle nested bundleDependencies properly
- install: support --save with url install targets
- shrinkwrap: behave properly with url-installed modules
- support installing uncompressed tars or single file modules from urls etc.
- don't run make clean on rebuild
- support HTTPS-over-HTTP proxy tunneling
* windows fixes
* Bundle nested bundleDependencies properly
* install: support --save with url install targets
* shrinkwrap: behave properly with url-installed modules
* support installing uncompressed tars or single file modules from urls etc.
* don't run make clean on rebuild
* support HTTPS-over-HTTP proxy tunneling
<a id="0.6.11"></a>
## 2012.02.17 Version 0.6.11 (stable)
@ -1774,9 +1774,9 @@ https://github.com/nodejs/node/commit/1eb1fe32250fc88cb5b0a97cddf3e02be02e3f4a
* unix: don't flush tty on switch to raw mode (Ben Noordhuis)
* windows: reset brightness when reverting to default text color (Bert Belder)
* npm: update to 1.1.1
- Update which, fstream, mkdirp, request, and rimraf
- Fix [#2123](https://github.com/joyent/node/issues/2123) Set path properly for lifecycle scripts on windows
- Mark the root as seen, so we don't recurse into it. Fixes [#1838](https://github.com/joyent/node/issues/1838). (Martin Cooper)
* Update which, fstream, mkdirp, request, and rimraf
* Fix [#2123](https://github.com/joyent/node/issues/2123) Set path properly for lifecycle scripts on windows
* Mark the root as seen, so we don't recurse into it. Fixes [#1838](https://github.com/joyent/node/issues/1838). (Martin Cooper)
<a id="0.6.10"></a>
## 2012.02.02, Version 0.6.10 (stable)
@ -1800,7 +1800,7 @@ https://github.com/nodejs/node/commit/051908e023f87894fa68f5b64d0b99a19a7db01e
https://github.com/nodejs/node/commit/f19e20d33f57c4d2853aaea7d2724d44f3b0012f
* dgram: Bring back missing functionality for Unix (Dan VerWeire, Roman Shtylman, Ben Noordhuis)
- Note: Windows UDP support not yet complete.
* Note: Windows UDP support not yet complete.
* http: Fix parser memory leak (koichik)
* zlib: Fix [#2365](https://github.com/joyent/node/issues/2365) crashes on invalid input (Nicolas LaCasse)
@ -2544,8 +2544,8 @@ https://github.com/nodejs/node/commit/e8aef84191bc2c1ba2bcaa54f30aabde7f03769b
https://github.com/nodejs/node/commit/eb155ea6f6a6aa341aa8c731dca8da545c6a4008
* require() improvements (isaacs)
- understand package.json (isaacs)
- look for 'node_modules' dir
* understand package.json (isaacs)
* look for 'node_modules' dir
* cmake fixes (Daniel Gröber)
* http: fix buffer writes to outgoing messages (Russell Haering)
@ -2677,13 +2677,13 @@ https://github.com/nodejs/node/commit/4bb914bde9f3c2d6de00853353b6b8fc9c66143a
* 'make lint'
* oprofile support (./configure --oprofile)
* Lots of bug fixes, including:
- Memory leak in ChildProcess:Spawn(). (Tom Hughes)
- buffer.slice(0, 0)
- Global variable leaks
- clearTimeouts calling multiple times (Michael W)
- utils.inspect's detection of circular structures (Tim Cooijmans)
- Apple's threaded write()s bug (Jorge Chamorro Bieling)
- Make sure raw mode is disabled when exiting a terminal-based REPL.
* Memory leak in ChildProcess:Spawn(). (Tom Hughes)
* buffer.slice(0, 0)
* Global variable leaks
* clearTimeouts calling multiple times (Michael W)
* utils.inspect's detection of circular structures (Tim Cooijmans)
* Apple's threaded write()s bug (Jorge Chamorro Bieling)
* Make sure raw mode is disabled when exiting a terminal-based REPL.
(Brian White)
* Deprecate process.compile, process.ENV
@ -2695,8 +2695,8 @@ https://github.com/nodejs/node/commit/4bb914bde9f3c2d6de00853353b6b8fc9c66143a
https://github.com/nodejs/node/commit/ce9a54aa1fbf709dd30316af8a2f14d83150e947
* TLS improvements (Paul Querna)
- Centralize error handling in SecureStream
- Add SecurePair for handling of a ssl/tls stream.
* Centralize error handling in SecureStream
* Add SecurePair for handling of a ssl/tls stream.
* New documentation organization (Micheil Smith)
* allowHalfOpen TCP connections disabled by default.
@ -2725,9 +2725,9 @@ https://github.com/nodejs/node/commit/ce9a54aa1fbf709dd30316af8a2f14d83150e947
could not be written to the file in a single write() call.
* new path.join behavior (isaacs)
- Express desired path.join behavior in tests.
- Update fs.realpath to reflect new path.join behavior
- Update url.resolve() to use new path.join behavior.
* Express desired path.join behavior in tests.
* Update fs.realpath to reflect new path.join behavior
* Update url.resolve() to use new path.join behavior.
* API: Move process.binding('evals') to require('vm')
* Fix V8 build on Cygwin (Bert Belder)
@ -2756,11 +2756,11 @@ https://github.com/nodejs/node/commit/1582cfebd6719b2d2373547994b3dca5c8c569c0
* HTTP trailers (Mark Nottingham)
* http 100-continue support (Mark Nottingham)
* Module system simplifications (Herbert Vojčík, isaacs, Tim-Smart)
- remove require.async
- remove registerExtension, add .extensions
- expose require.resolve
- expose require.cache
- require looks in node_modules folders
* remove require.async
* remove registerExtension, add .extensions
* expose require.resolve
* expose require.cache
* require looks in node_modules folders
* Add --eval command line option (TJ Holowaychuk)
* Commas last in sys.inspect
@ -3047,11 +3047,11 @@ https://github.com/nodejs/node/commit/311d7dee19034ff1c6bc9098c36973b8d687eaba
https://github.com/nodejs/node/commit/07e64d45ffa1856e824c4fa6afd0442ba61d6fd8
* Merge writing of networking system (net2)
- New Buffer object for binary data.
- Support UNIX sockets, Pipes
- Uniform stream API
- Currently no SSL
- Legacy modules can be accessed at 'http_old' and 'tcp_old'
* New Buffer object for binary data.
* Support UNIX sockets, Pipes
* Uniform stream API
* Currently no SSL
* Legacy modules can be accessed at 'http_old' and 'tcp_old'
* Replace udns with c-ares. (Krishna Rajendran)
* New documentation system using Markdown and Ronn
@ -3099,8 +3099,8 @@ https://github.com/nodejs/node/commit/61c801413544a50000faa7f58376e9b33ba6254f
https://github.com/nodejs/node/commit/39b63dfe1737d46a8c8818c92773ef181fd174b3
* API:
- Move process.watchFile into fs module
- Move process.inherits to sys
* Move process.watchFile into fs module
* Move process.inherits to sys
* Improve Solaris port
* tcp.Connection.prototype.write now returns boolean to indicate if
@ -3126,7 +3126,7 @@ https://github.com/nodejs/node/commit/39b63dfe1737d46a8c8818c92773ef181fd174b3
https://github.com/nodejs/node/commit/bb0d1e65e1671aaeb21fac186b066701da0bc33b
* Major API Changes
- Promises removed. See
* Promises removed. See
http://groups.google.com/group/nodejs/msg/426f3071f3eec16b
http://groups.google.com/group/nodejs/msg/df199d233ff17efa
The API for fs was
@ -3138,10 +3138,10 @@ https://github.com/nodejs/node/commit/bb0d1e65e1671aaeb21fac186b066701da0bc33b
if (err) throw err;
puts("/usr files: " + files);
});
- Synchronous fs operations exposed, use with care.
- tcp.Connection.prototype.readPause() and readResume()
* Synchronous fs operations exposed, use with care.
* tcp.Connection.prototype.readPause() and readResume()
renamed to pause() and resume()
- http.ServerResponse.prototype.sendHeader() renamed to
* http.ServerResponse.prototype.sendHeader() renamed to
writeHeader(). Now accepts reasonPhrase.
* Compact garbage on idle.
@ -3159,20 +3159,20 @@ https://github.com/nodejs/node/commit/bb0d1e65e1671aaeb21fac186b066701da0bc33b
https://github.com/nodejs/node/commit/87d5e5b316a4276bcf881f176971c1a237dcdc7a
* Major API Changes
- Remove 'file' module
- require('posix') -----------------> require('fs')
- fs.cat ---------------------------> fs.readFile
- file.write -----------------------> fs.writeFile
- TCP 'receive' event --------------> 'data'
- TCP 'eof' event ------------------> 'end'
- TCP send() -----------------------> write()
- HTTP sendBody() ------------------> write()
- HTTP finish() --------------------> close()
- HTTP 'body' event ----------------> 'data'
- HTTP 'complete' event ------------> 'end'
- http.Client.prototype.close() (formerly finish()) no longer
* Remove 'file' module
* require('posix') -----------------> require('fs')
* fs.cat ---------------------------> fs.readFile
* file.write -----------------------> fs.writeFile
* TCP 'receive' event --------------> 'data'
* TCP 'eof' event ------------------> 'end'
* TCP send() -----------------------> write()
* HTTP sendBody() ------------------> write()
* HTTP finish() --------------------> close()
* HTTP 'body' event ----------------> 'data'
* HTTP 'complete' event ------------> 'end'
* http.Client.prototype.close() (formerly finish()) no longer
takes an argument. Add the 'response' listener manually.
- Allow strings for the flag argument to fs.open
* Allow strings for the flag argument to fs.open
("r", "r+", "w", "w+", "a", "a+")
* Added multiple arg support for sys.puts(), print(), etc.
@ -3257,9 +3257,9 @@ https://github.com/nodejs/node/commit/da00413196e432247346d9e587f8c78ce5ceb087
(Micheil Smith)
* API: change some Promise behavior (Felix Geisendörfer)
- Removed Promise.cancel()
- Support late callback binding
- Make unhandled Promise errors throw an exception
* Removed Promise.cancel()
* Support late callback binding
* Make unhandled Promise errors throw an exception
* Upgrade V8 to 2.0.6.1
* Solaris port (Erich Ocean)
@ -3428,16 +3428,16 @@ https://github.com/nodejs/node/commit/d1f69ef35dac810530df8249d523add168e09f03
https://github.com/nodejs/node/commit/726865af7bbafe58435986f4a193ff11c84e4bfe
* API: Use CommonJS-style module requiring
- require("/sys.js") becomes require("sys")
- require("circle.js") becomes require("./circle")
- process.path.join() becomes require("path").join()
- __module becomes module
* require("/sys.js") becomes require("sys")
* require("circle.js") becomes require("./circle")
* process.path.join() becomes require("path").join()
* __module becomes module
* API: Many namespacing changes
- Move node.\* into process.\*
- Move node.dns into module "dns"
- Move node.fs into module "posix"
- process is no longer the global object. GLOBAL is.
* Move node.\* into process.\*
* Move node.dns into module "dns"
* Move node.fs into module "posix"
* process is no longer the global object. GLOBAL is.
For more information on the API changes see:
http://thread.gmane.org/gmane.comp.lang.javascript.nodejs/6

412
doc/changelogs/CHANGELOG_IOJS.md
View File

@ -330,15 +330,15 @@ See https://github.com/nodejs/io.js/labels/confirmed-bug for complete and curren
* **buffer**: Fixed a couple large memory leaks (Ben Noordhuis) [#2352](https://github.com/nodejs/node/pull/2352).
* **crypto**:
- Fixed a couple of minor memory leaks (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375).
- Signing now checks for OpenSSL errors (Minqi Pan) [#2342](https://github.com/nodejs/node/pull/2342). **Note that this may expose previously hidden errors in user code.**
* Fixed a couple of minor memory leaks (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375).
* Signing now checks for OpenSSL errors (Minqi Pan) [#2342](https://github.com/nodejs/node/pull/2342). **Note that this may expose previously hidden errors in user code.**
* **intl**: Intl support using small-icu is now enabled by default in builds (Steven R. Loomis) [#2264](https://github.com/nodejs/node/pull/2264).
- [`String#normalize()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/normalize) can now be used for unicode normalization.
- The [`Intl`](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/Intl) object and various `String` and `Number` methods are present, but only support the English locale.
- For support of all locales, node must be built with [full-icu](https://github.com/nodejs/node#build-with-full-icu-support-all-locales-supported-by-icu).
* [`String#normalize()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/normalize) can now be used for unicode normalization.
* The [`Intl`](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/Intl) object and various `String` and `Number` methods are present, but only support the English locale.
* For support of all locales, node must be built with [full-icu](https://github.com/nodejs/node#build-with-full-icu-support-all-locales-supported-by-icu).
* **tls**: Fixed tls throughput being much lower after an incorrect merge (Fedor Indutny) [#2381](https://github.com/nodejs/node/pull/2381).
* **tools**: The v8 tick processor now comes bundled with node (Matt Loring) [#2090](https://github.com/nodejs/node/pull/2090).
- This can be used by producing performance profiling output by running node with `--perf`, then running your appropriate platform's script on the output as found in [tools/v8-prof](https://github.com/nodejs/node/tree/master/tools/v8-prof).
* This can be used by producing performance profiling output by running node with `--perf`, then running your appropriate platform's script on the output as found in [tools/v8-prof](https://github.com/nodejs/node/tree/master/tools/v8-prof).
* **util**: `util.inspect(obj)` now prints the constructor name of the object if there is one (Christopher Monsanto) [#1935](https://github.com/nodejs/io.js/pull/1935).
### Known issues
@ -398,30 +398,30 @@ See https://github.com/nodejs/io.js/labels/confirmed-bug for complete and curren
### Notable changes
* **buffer**:
- Due to changes in V8, it has been necessary to reimplement `Buffer` on top of V8's `Uint8Array`. Every effort has been made to minimize the performance impact, however `Buffer` instantiation is measurably slower. Access operations may be faster in some circumstances but the exact performance profile and difference over previous versions will depend on how `Buffer` is used within applications. (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825).
- `Buffer` can now take `ArrayBuffer`s as a constructor argument (Trevor Norris) [#2002](https://github.com/nodejs/node/pull/2002).
- When a single buffer is passed to `Buffer.concat()`, a new, copied `Buffer` object will be returned; previous behavior was to return the original `Buffer` object (Sakthipriyan Vairamani) [#1937](https://github.com/nodejs/node/pull/1937).
* Due to changes in V8, it has been necessary to reimplement `Buffer` on top of V8's `Uint8Array`. Every effort has been made to minimize the performance impact, however `Buffer` instantiation is measurably slower. Access operations may be faster in some circumstances but the exact performance profile and difference over previous versions will depend on how `Buffer` is used within applications. (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825).
* `Buffer` can now take `ArrayBuffer`s as a constructor argument (Trevor Norris) [#2002](https://github.com/nodejs/node/pull/2002).
* When a single buffer is passed to `Buffer.concat()`, a new, copied `Buffer` object will be returned; previous behavior was to return the original `Buffer` object (Sakthipriyan Vairamani) [#1937](https://github.com/nodejs/node/pull/1937).
* **build**: PPC support has been added to core to allow compiling on pLinux BE and LE (AIX support coming soon) (Michael Dawson) [#2124](https://github.com/nodejs/node/pull/2124).
* **dgram**: If an error occurs within `socket.send()` and a callback has been provided, the error is only passed as the first argument to the callback and not emitted on the `socket` object; previous behavior was to do both (Matteo Collina & Chris Dickinson) [#1796](https://github.com/nodejs/node/pull/1796)
* **freelist**: Deprecate the undocumented `freelist` core module (Sakthipriyan Vairamani) [#2176](https://github.com/nodejs/node/pull/2176).
* **http**:
- Status codes now all use the official [IANA names](http://www.iana.org/assignments/http-status-codes) as per [RFC7231](https://tools.ietf.org/html/rfc7231), e.g. `http.STATUS_CODES[414]` now returns `'URI Too Long'` rather than `'Request-URI Too Large'` (jomo) [#1470](https://github.com/nodejs/node/pull/1470).
- Calling .getName() on an HTTP agent no longer returns a trailing colon, HTTPS agents will no longer return an extra colon near the middle of the string (Brendan Ashworth) [#1617](https://github.com/nodejs/node/pull/1617).
* Status codes now all use the official [IANA names](http://www.iana.org/assignments/http-status-codes) as per [RFC7231](https://tools.ietf.org/html/rfc7231), e.g. `http.STATUS_CODES[414]` now returns `'URI Too Long'` rather than `'Request-URI Too Large'` (jomo) [#1470](https://github.com/nodejs/node/pull/1470).
* Calling .getName() on an HTTP agent no longer returns a trailing colon, HTTPS agents will no longer return an extra colon near the middle of the string (Brendan Ashworth) [#1617](https://github.com/nodejs/node/pull/1617).
* **node**:
- `NODE_MODULE_VERSION` has been bumped to `45` to reflect the break in ABI (Rod Vagg) [#2096](https://github.com/nodejs/node/pull/2096).
- Introduce a new `process.release` object that contains a `name` property set to `'io.js'` and `sourceUrl`, `headersUrl` and `libUrl` (Windows only) properties containing URLs for the relevant resources; this is intended to be used by node-gyp (Rod Vagg) [#2154](https://github.com/nodejs/node/pull/2154).
- The version of node-gyp bundled with io.js now downloads and uses a tarball of header files from iojs.org rather than the full source for compiling native add-ons; it is hoped this is a temporary floating patch and the change will be upstreamed to node-gyp soon (Rod Vagg) [#2066](https://github.com/nodejs/node/pull/2066).
* `NODE_MODULE_VERSION` has been bumped to `45` to reflect the break in ABI (Rod Vagg) [#2096](https://github.com/nodejs/node/pull/2096).
* Introduce a new `process.release` object that contains a `name` property set to `'io.js'` and `sourceUrl`, `headersUrl` and `libUrl` (Windows only) properties containing URLs for the relevant resources; this is intended to be used by node-gyp (Rod Vagg) [#2154](https://github.com/nodejs/node/pull/2154).
* The version of node-gyp bundled with io.js now downloads and uses a tarball of header files from iojs.org rather than the full source for compiling native add-ons; it is hoped this is a temporary floating patch and the change will be upstreamed to node-gyp soon (Rod Vagg) [#2066](https://github.com/nodejs/node/pull/2066).
* **repl**: Persistent history is now enabled by default. The history file is located at ~/.node_repl_history, which can be overridden by the new environment variable `NODE_REPL_HISTORY`. This deprecates the previous `NODE_REPL_HISTORY_FILE` variable. Additionally, the format of the file has been changed to plain text to better handle file corruption. (Jeremiah Senkpiel) [#2224](https://github.com/nodejs/node/pull/2224).
* **smalloc**: The `smalloc` module has been removed as it is no longer possible to provide the API due to changes in V8 (Ben Noordhuis) [#2022](https://github.com/nodejs/node/pull/2022).
* **tls**: Add `server.getTicketKeys()` and `server.setTicketKeys()` methods for [TLS session key](https://www.ietf.org/rfc/rfc5077.txt) rotation (Fedor Indutny) [#2227](https://github.com/nodejs/node/pull/2227).
* **v8**: Upgraded to 4.4.63.26
- ES6: Enabled [computed property names](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Object_initializer#Computed_property_names)
- ES6: `Array` can now be subclassed in strict mode
- ES6: Implement [rest parameters](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Functions/rest_parameters) in staging, use the `--harmony-rest-parameters` command line flag
- ES6: Implement the [spread operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator) in staging, use the `--harmony-spreadcalls` command line flag
- Removed `SetIndexedPropertiesToExternalArrayData` and related APIs, forcing a shift to `Buffer` to be reimplemented based on `Uint8Array`
- Introduction of `Maybe` and `MaybeLocal` C++ API for objects which _may_ or _may not_ have a value.
- Added support for PPC
* ES6: Enabled [computed property names](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Object_initializer#Computed_property_names)
* ES6: `Array` can now be subclassed in strict mode
* ES6: Implement [rest parameters](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Functions/rest_parameters) in staging, use the `--harmony-rest-parameters` command line flag
* ES6: Implement the [spread operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator) in staging, use the `--harmony-spreadcalls` command line flag
* Removed `SetIndexedPropertiesToExternalArrayData` and related APIs, forcing a shift to `Buffer` to be reimplemented based on `Uint8Array`
* Introduction of `Maybe` and `MaybeLocal` C++ API for objects which _may_ or _may not_ have a value.
* Added support for PPC
See also https://github.com/nodejs/node/wiki/Breaking-Changes#300-from-2x for a summary of the breaking changes (SEMVER-MAJOR).
@ -705,8 +705,8 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current
* **v8**: Fixed an out-of-band write in utf8 decoder. **This is an important security update** as it can be used to cause a denial of service attack.
* **openssl**: Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the [security advisory](https://www.openssl.org/news/secadv_20150611.txt) for full details. (Shigeki Ohtsu) [#1950](https://github.com/nodejs/node/pull/1950) [#1958](https://github.com/nodejs/node/pull/1958)
* **build**:
- Added support for compiling with Microsoft Visual C++ 2015
- Started building and distributing headers-only tarballs along with binaries
* Added support for compiling with Microsoft Visual C++ 2015
* Started building and distributing headers-only tarballs along with binaries
### Known issues
@ -752,8 +752,8 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current
### Notable changes
* **build**:
- Added support for compiling with Microsoft Visual C++ 2015
- Started building and distributing headers-only tarballs along with binaries
* Added support for compiling with Microsoft Visual C++ 2015
* Started building and distributing headers-only tarballs along with binaries
### Known issues
@ -883,23 +883,23 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current
### Notable changes
* **libuv**: Upgraded to 1.6.0 and 1.6.1, see [full ChangeLog](https://github.com/libuv/libuv/blob/60e515d9e6f3d86c0eedad583805201f32ea3aed/ChangeLog#L1-L36) for details. (Saúl Ibarra Corretgé) [#1905](https://github.com/nodejs/node/pull/1905) [#1889](https://github.com/nodejs/node/pull/1889). Highlights include:
- Fix TTY becoming blocked on OS X
- Fix UDP send callbacks to not to be synchronous
- Add `uv_os_homedir()` (exposed as `os.homedir()`, see below)
* Fix TTY becoming blocked on OS X
* Fix UDP send callbacks to not to be synchronous
* Add `uv_os_homedir()` (exposed as `os.homedir()`, see below)
* **npm**: See full [release notes](https://github.com/npm/npm/releases/tag/v2.11.1) for details. (Kat Marchán) [#1899](https://github.com/nodejs/node/pull/1899). Highlight:
- Use GIT_SSH_COMMAND (available as of Git 2.3)
* Use GIT_SSH_COMMAND (available as of Git 2.3)
* **openssl**:
- Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the [security advisory](https://www.openssl.org/news/secadv_20150611.txt) for full details. (Shigeki Ohtsu) [#1950](https://github.com/nodejs/node/pull/1950) [#1958](https://github.com/nodejs/node/pull/1958)
- Support [FIPS](https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards) mode of OpenSSL, see [README](https://github.com/nodejs/node#building-iojs-with-fips-compliant-openssl) for instructions. (Fedor Indutny) [#1890](https://github.com/nodejs/node/pull/1890)
* Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the [security advisory](https://www.openssl.org/news/secadv_20150611.txt) for full details. (Shigeki Ohtsu) [#1950](https://github.com/nodejs/node/pull/1950) [#1958](https://github.com/nodejs/node/pull/1958)
* Support [FIPS](https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards) mode of OpenSSL, see [README](https://github.com/nodejs/node#building-iojs-with-fips-compliant-openssl) for instructions. (Fedor Indutny) [#1890](https://github.com/nodejs/node/pull/1890)
* **os**: Add `os.homedir()` method. (Colin Ihrig) [#1791](https://github.com/nodejs/node/pull/1791)
* **smalloc**: Deprecate whole module. (Vladimir Kurchatkin) [#1822](https://github.com/nodejs/node/pull/1822)
* Add new collaborators:
- Alex Kocharin ([@rlidwka](https://github.com/rlidwka))
- Christopher Monsanto ([@monsanto](https://github.com/monsanto))
- Ali Ijaz Sheikh ([@ofrobots](https://github.com/ofrobots))
- Oleg Elifantiev ([@Olegas](https://github.com/Olegas))
- Domenic Denicola ([@domenic](https://github.com/domenic))
- Rich Trott ([@Trott](https://github.com/Trott))
* Alex Kocharin ([@rlidwka](https://github.com/rlidwka))
* Christopher Monsanto ([@monsanto](https://github.com/monsanto))
* Ali Ijaz Sheikh ([@ofrobots](https://github.com/ofrobots))
* Oleg Elifantiev ([@Olegas](https://github.com/Olegas))
* Domenic Denicola ([@domenic](https://github.com/domenic))
* Rich Trott ([@Trott](https://github.com/Trott))
### Known issues
@ -1128,9 +1128,9 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current
* **crypto**: significantly reduced memory usage for TLS (Fedor Indutny & Сковорода Никита Андреевич) [#1529](https://github.com/nodejs/node/pull/1529)
* **npm**: Upgrade npm to 2.9.0. See the [v2.8.4](https://github.com/npm/npm/releases/tag/v2.8.4) and [v2.9.0](https://github.com/npm/npm/releases/tag/v2.9.0) release notes for details. Summary:
- Add support for default author field to make `npm init -y` work without user-input (@othiym23) [npm/npm/d8eee6cf9d](https://github.com/npm/npm/commit/d8eee6cf9d2ff7aca68dfaed2de76824a3e0d9
- Include local modules in `npm outdated` and `npm update` (@ArnaudRinquin) [npm/npm#7426](https://github.com/npm/npm/issues/7426)
- The prefix used before the version number on `npm version` is now configurable via `tag-version-prefix` (@kkragenbrink) [npm/npm#8014](https://github.com/npm/npm/issues/8014)
* Add support for default author field to make `npm init -y` work without user-input (@othiym23) [npm/npm/d8eee6cf9d](https://github.com/npm/npm/commit/d8eee6cf9d2ff7aca68dfaed2de76824a3e0d9
* Include local modules in `npm outdated` and `npm update` (@ArnaudRinquin) [npm/npm#7426](https://github.com/npm/npm/issues/7426)
* The prefix used before the version number on `npm version` is now configurable via `tag-version-prefix` (@kkragenbrink) [npm/npm#8014](https://github.com/npm/npm/issues/8014)
### Known issues
@ -1215,14 +1215,14 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current
### Notable changes
* **async_wrap**: (Trevor Norris) [#1614](https://github.com/nodejs/node/pull/1614)
- it is now possible to filter by providers
- bit flags have been removed and replaced with method calls on the binding object
- _note that this is an unstable API so feature additions and breaking changes won't change io.js semver_
* it is now possible to filter by providers
* bit flags have been removed and replaced with method calls on the binding object
* _note that this is an unstable API so feature additions and breaking changes won't change io.js semver_
* **libuv**: resolves numerous io.js issues:
- [#862](https://github.com/nodejs/node/issues/862) prevent spawning child processes with invalid stdio file descriptors
- [#1397](https://github.com/nodejs/node/issues/1397) fix EPERM error with fs.access(W_OK) on Windows
- [#1621](https://github.com/nodejs/node/issues/1621) build errors associated with the bundled libuv
- [#1512](https://github.com/nodejs/node/issues/1512) should properly fix Windows termination errors
* [#862](https://github.com/nodejs/node/issues/862) prevent spawning child processes with invalid stdio file descriptors
* [#1397](https://github.com/nodejs/node/issues/1397) fix EPERM error with fs.access(W_OK) on Windows
* [#1621](https://github.com/nodejs/node/issues/1621) build errors associated with the bundled libuv
* [#1512](https://github.com/nodejs/node/issues/1512) should properly fix Windows termination errors
* **addons**: the `NODE_DEPRECATED` macro was causing problems when compiling addons with older compilers, this should now be resolved (Ben Noordhuis) [#1626](https://github.com/nodejs/node/pull/1626)
* **V8**: upgrade V8 from 4.2.77.18 to 4.2.77.20 with minor fixes, including a bug preventing builds on FreeBSD
@ -1275,30 +1275,30 @@ _Note: a new version of the 'url' module was reverted prior to release as it was
* **crypto**: significantly reduced memory usage for TLS (Fedor Indutny & Сковорода Никита Андреевич) [#1529](https://github.com/nodejs/node/pull/1529)
* **net**: `socket.connect()` now accepts a `'lookup'` option for a custom DNS resolution mechanism, defaults to `dns.lookup()` (Evan Lucas) [#1505](https://github.com/nodejs/node/pull/1505)
* **npm**: Upgrade npm to 2.9.0. See the [v2.8.4](https://github.com/npm/npm/releases/tag/v2.8.4) and [v2.9.0](https://github.com/npm/npm/releases/tag/v2.9.0) release notes for details. Notable items:
- Add support for default author field to make `npm init -y` work without user-input (@othiym23) [npm/npm/d8eee6cf9d](https://github.com/npm/npm/commit/d8eee6cf9d2ff7aca68dfaed2de76824a3e0d9af)
- Include local modules in `npm outdated` and `npm update` (@ArnaudRinquin) [npm/npm#7426](https://github.com/npm/npm/issues/7426)
- The prefix used before the version number on `npm version` is now configurable via `tag-version-prefix` (@kkragenbrink) [npm/npm#8014](https://github.com/npm/npm/issues/8014)
* Add support for default author field to make `npm init -y` work without user-input (@othiym23) [npm/npm/d8eee6cf9d](https://github.com/npm/npm/commit/d8eee6cf9d2ff7aca68dfaed2de76824a3e0d9af)
* Include local modules in `npm outdated` and `npm update` (@ArnaudRinquin) [npm/npm#7426](https://github.com/npm/npm/issues/7426)
* The prefix used before the version number on `npm version` is now configurable via `tag-version-prefix` (@kkragenbrink) [npm/npm#8014](https://github.com/npm/npm/issues/8014)
* **os**: `os.tmpdir()` is now cross-platform consistent and will no longer returns a path with a trailing slash on any platform (Christian Tellnes) [#747](https://github.com/nodejs/node/pull/747)
* **process**:
- `process.nextTick()` performance has been improved by between 2-42% across the benchmark suite, notable because this is heavily used across core (Brian White) [#1571](https://github.com/nodejs/node/pull/1571)
- New `process.geteuid()`, `process.seteuid(id)`, `process.getegid()` and `process.setegid(id)` methods allow you to get and set effective UID and GID of the process (Evan Lucas) [#1536](https://github.com/nodejs/node/pull/1536)
* `process.nextTick()` performance has been improved by between 2-42% across the benchmark suite, notable because this is heavily used across core (Brian White) [#1571](https://github.com/nodejs/node/pull/1571)
* New `process.geteuid()`, `process.seteuid(id)`, `process.getegid()` and `process.setegid(id)` methods allow you to get and set effective UID and GID of the process (Evan Lucas) [#1536](https://github.com/nodejs/node/pull/1536)
* **repl**:
- REPL history can be persisted across sessions if the `NODE_REPL_HISTORY_FILE` environment variable is set to a user accessible file, `NODE_REPL_HISTORY_SIZE` can set the maximum history size and defaults to `1000` (Chris Dickinson) [#1513](https://github.com/nodejs/node/pull/1513)
- The REPL can be placed in to one of three modes using the `NODE_REPL_MODE` environment variable: `sloppy`, `strict` or `magic` (default); the new `magic` mode will automatically run "strict mode only" statements in strict mode (Chris Dickinson) [#1513](https://github.com/nodejs/node/pull/1513)
* REPL history can be persisted across sessions if the `NODE_REPL_HISTORY_FILE` environment variable is set to a user accessible file, `NODE_REPL_HISTORY_SIZE` can set the maximum history size and defaults to `1000` (Chris Dickinson) [#1513](https://github.com/nodejs/node/pull/1513)
* The REPL can be placed in to one of three modes using the `NODE_REPL_MODE` environment variable: `sloppy`, `strict` or `magic` (default); the new `magic` mode will automatically run "strict mode only" statements in strict mode (Chris Dickinson) [#1513](https://github.com/nodejs/node/pull/1513)
* **smalloc**: the 'smalloc' module has been deprecated due to changes coming in V8 4.4 that will render it unusable
* **util**: add Promise, Map and Set inspection support (Christopher Monsanto) [#1471](https://github.com/nodejs/node/pull/1471)
* **V8**: upgrade to 4.2.77.18, see the [ChangeLog](https://chromium.googlesource.com/v8/v8/+/refs/heads/4.2.77/ChangeLog) for full details. Notable items:
- Classes have moved out of staging; the `class` keyword is now usable in strict mode without flags
- Object literal enhancements have moved out of staging; shorthand method and property syntax is now usable (`{ method() { }, property }`)
- Rest parameters (`function(...args) {}`) are implemented in staging behind the `--harmony-rest-parameters` flag
- Computed property names (`{['foo'+'bar']:'bam'}`) are implemented in staging behind the `--harmony-computed-property-names` flag
- Unicode escapes (`'\u{xxxx}'`) are implemented in staging behind the `--harmony_unicode` flag and the `--harmony_unicode_regexps` flag for use in regular expressions
* Classes have moved out of staging; the `class` keyword is now usable in strict mode without flags
* Object literal enhancements have moved out of staging; shorthand method and property syntax is now usable (`{ method() { }, property }`)
* Rest parameters (`function(...args) {}`) are implemented in staging behind the `--harmony-rest-parameters` flag
* Computed property names (`{['foo'+'bar']:'bam'}`) are implemented in staging behind the `--harmony-computed-property-names` flag
* Unicode escapes (`'\u{xxxx}'`) are implemented in staging behind the `--harmony_unicode` flag and the `--harmony_unicode_regexps` flag for use in regular expressions
* **Windows**:
- Random process termination on Windows fixed (Fedor Indutny) [#1512](https://github.com/nodejs/node/issues/1512) / [#1563](https://github.com/nodejs/node/pull/1563)
- The delay-load hook introduced to fix issues with process naming (iojs.exe / node.exe) has been made opt-out for native add-ons. Native add-ons should include `'win_delay_load_hook': 'false'` in their binding.gyp to disable this feature if they experience problems . (Bert Belder) [#1433](https://github.com/nodejs/node/pull/1433)
* Random process termination on Windows fixed (Fedor Indutny) [#1512](https://github.com/nodejs/node/issues/1512) / [#1563](https://github.com/nodejs/node/pull/1563)
* The delay-load hook introduced to fix issues with process naming (iojs.exe / node.exe) has been made opt-out for native add-ons. Native add-ons should include `'win_delay_load_hook': 'false'` in their binding.gyp to disable this feature if they experience problems . (Bert Belder) [#1433](https://github.com/nodejs/node/pull/1433)
* **Governance**:
- Rod Vagg (@rvagg) was added to the Technical Committee (TC)
- Jeremiah Senkpiel (@Fishrock123) was added to the Technical Committee (TC)
* Rod Vagg (@rvagg) was added to the Technical Committee (TC)
* Jeremiah Senkpiel (@Fishrock123) was added to the Technical Committee (TC)
### Known issues
@ -1642,9 +1642,9 @@ will be removed at a later point. (Roman Reiss) [#1363](https://github.com/nodej
* **fs**: corruption can be caused by `fs.writeFileSync()` and append-mode `fs.writeFile()` and `fs.writeFileSync()` under certain circumstances, reported in [#1058](https://github.com/nodejs/node/issues/1058), fixed in [#1063](https://github.com/nodejs/node/pull/1063) (Olov Lassus).
* **iojs**: an "internal modules" API has been introduced to allow core code to share JavaScript modules internally only without having to expose them as a public API, this feature is for core-only [#848](https://github.com/nodejs/node/pull/848) (Vladimir Kurchatkin).
* **timers**: two minor problems with timers have been fixed:
- `Timer#close()` is now properly idempotent [#1288](https://github.com/nodejs/node/issues/1288) (Petka Antonov).
- `setTimeout()` will only run the callback once now after an `unref()` during the callback [#1231](https://github.com/nodejs/node/pull/1231) (Roman Reiss).
- NOTE: there are still other unresolved concerns with the timers code, such as [#1152](https://github.com/nodejs/node/pull/1152).
* `Timer#close()` is now properly idempotent [#1288](https://github.com/nodejs/node/issues/1288) (Petka Antonov).
* `setTimeout()` will only run the callback once now after an `unref()` during the callback [#1231](https://github.com/nodejs/node/pull/1231) (Roman Reiss).
* NOTE: there are still other unresolved concerns with the timers code, such as [#1152](https://github.com/nodejs/node/pull/1152).
* **Windows**: a "delay-load hook" has been added for compiled add-ons on Windows that should alleviate some of the problems that Windows users may be experiencing with add-ons in io.js [#1251](https://github.com/nodejs/node/pull/1251) (Bert Belder).
* **V8**: minor bug-fix upgrade for V8 to 4.1.0.27.
* **npm**: upgrade npm to 2.7.4. See [npm CHANGELOG.md](https://github.com/npm/npm/blob/master/CHANGELOG.md#v274-2015-03-20) for details. Summary:
@ -2041,9 +2041,9 @@ will be removed at a later point. (Roman Reiss) [#1363](https://github.com/nodej
deprecation warning to include which `package.json` is using it.
([@othiym23](https://github.com/othiym23))
* Add new collaborators:
- Robert Kowalski ([@robertkowalski](https://github.com/robertkowalski))
- Christian Vaagland Tellnes ([@tellnes](https://github.com/tellnes))
- Brian White ([@mscdex](https://github.com/mscdex))
* Robert Kowalski ([@robertkowalski](https://github.com/robertkowalski))
* Christian Vaagland Tellnes ([@tellnes](https://github.com/tellnes))
* Brian White ([@mscdex](https://github.com/mscdex))
### Known issues
@ -2212,34 +2212,34 @@ _Note: version **1.4.0** was tagged and built but not released. A libuv bug was
### Notable changes
* **stream**:
- Simpler stream construction, see [readable-stream/issues#102](https://github.com/nodejs/readable-stream/issues/102) for details. This extends the streams base objects to make their constructors accept default implementation methods, reducing the boilerplate required to implement custom streams. An updated version of readable-stream will eventually be released to match this change in core. (@sonewman)
* Simpler stream construction, see [readable-stream/issues#102](https://github.com/nodejs/readable-stream/issues/102) for details. This extends the streams base objects to make their constructors accept default implementation methods, reducing the boilerplate required to implement custom streams. An updated version of readable-stream will eventually be released to match this change in core. (@sonewman)
* **dns**:
- `lookup()` now supports an `'all'` boolean option, default to `false` but when turned on will cause the method to return an array of *all* resolved names for an address, see, [#744](https://github.com/nodejs/node/pull/744) (@silverwind)
* `lookup()` now supports an `'all'` boolean option, default to `false` but when turned on will cause the method to return an array of *all* resolved names for an address, see, [#744](https://github.com/nodejs/node/pull/744) (@silverwind)
* **assert**:
- Remove `prototype` property comparison in `deepEqual()`, considered a bugfix, see [#636](https://github.com/nodejs/node/pull/636) (@vkurchatkin)
- Introduce a `deepStrictEqual()` method to mirror `deepEqual()` but performs strict equality checks on primitives, see [#639](https://github.com/nodejs/node/pull/639) (@vkurchatkin)
* Remove `prototype` property comparison in `deepEqual()`, considered a bugfix, see [#636](https://github.com/nodejs/node/pull/636) (@vkurchatkin)
* Introduce a `deepStrictEqual()` method to mirror `deepEqual()` but performs strict equality checks on primitives, see [#639](https://github.com/nodejs/node/pull/639) (@vkurchatkin)
* **tracing**:
- Add [LTTng](http://lttng.org/) (Linux Trace Toolkit Next Generation) when compiled with the `--with-lttng` option. Trace points match those available for DTrace and ETW. [#702](https://github.com/nodejs/node/pull/702) (@thekemkid)
* Add [LTTng](http://lttng.org/) (Linux Trace Toolkit Next Generation) when compiled with the `--with-lttng` option. Trace points match those available for DTrace and ETW. [#702](https://github.com/nodejs/node/pull/702) (@thekemkid)
* **docs**:
- Lots of doc updates, see individual commits
- New **Errors** page discussing JavaScript errors, V8 specifics, and io.js specific error details. (@chrisdickinson)
* Lots of doc updates, see individual commits
* New **Errors** page discussing JavaScript errors, V8 specifics, and io.js specific error details. (@chrisdickinson)
* **npm** upgrade to 2.5.1, short changelog:
- [npm/0e8d473](https://github.com/npm/npm/commit/0e8d4736a1cbdda41ae8eba8a02c7ff7ce80c2ff) [#7281](https://github.com/npm/npm/issues/7281) `npm-registry-mock@1.0.0`: Clean up API, set `connection: close`, which makes tests pass on io.js 1.1.x.
* [npm/0e8d473](https://github.com/npm/npm/commit/0e8d4736a1cbdda41ae8eba8a02c7ff7ce80c2ff) [#7281](https://github.com/npm/npm/issues/7281) `npm-registry-mock@1.0.0`: Clean up API, set `connection: close`, which makes tests pass on io.js 1.1.x.
([@robertkowalski](https://github.com/robertkowalski))
- [npm/f9313a0](https://github.com/npm/npm/commit/f9313a066c9889a0ee898d8a35676e40b8101e7f)
* [npm/f9313a0](https://github.com/npm/npm/commit/f9313a066c9889a0ee898d8a35676e40b8101e7f)
[#7226](https://github.com/npm/npm/issues/7226) Ensure that all request
settings are copied onto the agent.
([@othiym23](https://github.com/othiym23))
- [npm/fec4c96](https://github.com/npm/npm/commit/fec4c967ee235030bf31393e8605e9e2811f4a39)
* [npm/fec4c96](https://github.com/npm/npm/commit/fec4c967ee235030bf31393e8605e9e2811f4a39)
Allow `--no-proxy` to override `HTTP_PROXY` setting in environment.
([@othiym23](https://github.com/othiym23))
- [npm/9d61e96](https://github.com/npm/npm/commit/9d61e96fb1f48687a85c211e4e0cd44c7f95a38e)
* [npm/9d61e96](https://github.com/npm/npm/commit/9d61e96fb1f48687a85c211e4e0cd44c7f95a38e)
`npm outdated --long` now includes a column showing the type of dependency.
([@watilde](https://github.com/watilde))
* **libuv** upgrade to 1.4.0, see [libuv ChangeLog](https://github.com/libuv/libuv/blob/v1.x/ChangeLog)
* Add new collaborators:
- Aleksey Smolenchuk (@lxe)
- Shigeki Ohtsu (@shigeki)
* Aleksey Smolenchuk (@lxe)
* Shigeki Ohtsu (@shigeki)
### Known issues
@ -2302,22 +2302,22 @@ _Note: version **1.4.0** was tagged and built but not released. A libuv bug was
* crypto: ~30% speedup on hashing functions.
* crypto: added privateEncrypt/publicDecrypt functions.
* errors
- better formatting via util.inspect
- more descriptive errors from fs. This necessitated a `NODE_MODULE_VERSION` bump.
- more descriptive errors from http.setHeader
* better formatting via util.inspect
* more descriptive errors from fs. This necessitated a `NODE_MODULE_VERSION` bump.
* more descriptive errors from http.setHeader
* dep updates:
- npm: upgrade to 2.4.1
- http-parser: rollback to 2.3.0
- libuv: update to 1.3.0
- v8: update to 4.1.0.14
* npm: upgrade to 2.4.1
* http-parser: rollback to 2.3.0
* libuv: update to 1.3.0
* v8: update to 4.1.0.14
* http.request: inherited properties on options are now respected
* add iterable interface to buffers (`for (let byte of buffer.values()) { }`)
* fs: fix fd leak on `fs.createReadStream`. See 497fd72 for details.
* installer: on Windows, emit WM_SETTINGCHANGE after install to make other running
processes aware of the PATH changes.
* Added new collaborators:
- Vladimir Kurchatkin (@vkurchatkin)
- Micleușanu Nicu (@micnic)
* Vladimir Kurchatkin (@vkurchatkin)
* Micleușanu Nicu (@micnic)
### Known issues
@ -2406,11 +2406,11 @@ _Note: version **1.4.0** was tagged and built but not released. A libuv bug was
* 'punycode' core module bumped from stability level 2-Unstable,
to 3-Stable
* Added new collaborators:
- Thorsten Lorenz (@thlorenz)
- Stephen Belanger (@qard)
- Jeremiah Senkpiel (@fishrock123)
- Evan Lucas (@evanlucas)
- Brendan Ashworth (@brendanashworth)
* Thorsten Lorenz (@thlorenz)
* Stephen Belanger (@qard)
* Jeremiah Senkpiel (@fishrock123)
* Evan Lucas (@evanlucas)
* Brendan Ashworth (@brendanashworth)
### Commits
@ -2565,140 +2565,140 @@ repository and therefore can be seen as an extension to v0.11.
### General
- The V8 JavaScript engine bundled with io.js was upgraded dramatically, from version 3.14.5.9 in Node.js v0.10.35 and 3.26.33 in Node.js v0.11.14 to 3.31.74.1 for io.js v1.0.0. This brings along many fixes and performance improvements, as well as additional support for new ES6 language features! For more information on this, check out [the io.js ES6 page](https://iojs.org/es6.html).
- Other bundled technologies were upgraded:
- c-ares: 1.9.0-DEV to 1.10.0-DEV
- http_parser: 1.0 to 2.3
- libuv: 0.10.30 to 1.2.0
- npm: 1.4.28 to 2.1.18
- openssl: 1.0.1j to 1.0.1k
- punycode: 1.2.0 to 1.3.2.
- Performance and stability improvements on all platforms.
* The V8 JavaScript engine bundled with io.js was upgraded dramatically, from version 3.14.5.9 in Node.js v0.10.35 and 3.26.33 in Node.js v0.11.14 to 3.31.74.1 for io.js v1.0.0. This brings along many fixes and performance improvements, as well as additional support for new ES6 language features! For more information on this, check out [the io.js ES6 page](https://iojs.org/es6.html).
* Other bundled technologies were upgraded:
* c-ares: 1.9.0-DEV to 1.10.0-DEV
* http_parser: 1.0 to 2.3
* libuv: 0.10.30 to 1.2.0
* npm: 1.4.28 to 2.1.18
* openssl: 1.0.1j to 1.0.1k
* punycode: 1.2.0 to 1.3.2.
* Performance and stability improvements on all platforms.
### buffer
https://iojs.org/api/buffer.html
- Added `buf.writeUIntLE`, `buf.writeUIntBE`, `buf.writeIntLE`, `buf.writeIntBE`, `buf.readUIntLE`, `buf.readUIntBE`, `buf.readIntLE` and `buf.readIntBE` methods that read and write value up to 6 bytes.
- Added `Buffer.compare()` which does a `memcmp()` on two Buffer instances. Instances themselves also have a `compare()`.
- Added `buffer.equals()` that checks equality of Buffers by their contents.
- Added `new Buffer(otherBuffer)` constructor.
- Tweaked `SlowBuffer`'s semantics.
- Updated the output of `buffer.toJSON()` to not be the same as an array. Instead it is an object specifically tagged as a buffer, which can be recovered by passing it to (a new overload of) the `Buffer` constructor.
* Added `buf.writeUIntLE`, `buf.writeUIntBE`, `buf.writeIntLE`, `buf.writeIntBE`, `buf.readUIntLE`, `buf.readUIntBE`, `buf.readIntLE` and `buf.readIntBE` methods that read and write value up to 6 bytes.
* Added `Buffer.compare()` which does a `memcmp()` on two Buffer instances. Instances themselves also have a `compare()`.
* Added `buffer.equals()` that checks equality of Buffers by their contents.
* Added `new Buffer(otherBuffer)` constructor.
* Tweaked `SlowBuffer`'s semantics.
* Updated the output of `buffer.toJSON()` to not be the same as an array. Instead it is an object specifically tagged as a buffer, which can be recovered by passing it to (a new overload of) the `Buffer` constructor.
### child_process
https://iojs.org/api/child_process.html
- Added a `shell` option to `child_process.exec`.
- Added synchronous counterparts for the child process functions: `child_process.spawnSync`, `child_process.execSync`, and `child_process.execFileSync`.
- Added the path to any `ENOENT` errors, for easier debugging.
* Added a `shell` option to `child_process.exec`.
* Added synchronous counterparts for the child process functions: `child_process.spawnSync`, `child_process.execSync`, and `child_process.execFileSync`.
* Added the path to any `ENOENT` errors, for easier debugging.
### console
https://iojs.org/api/console.html
- Added an `options` parameter to `console.dir`.
* Added an `options` parameter to `console.dir`.
### cluster
https://iojs.org/api/cluster.html
- Updated `cluster` to use round-robin load balancing by default on non-Windows platforms. The scheduling policy is configurable however.
- `--debug` has been made cluster-aware.
- Many bug fixes.
* Updated `cluster` to use round-robin load balancing by default on non-Windows platforms. The scheduling policy is configurable however.
* `--debug` has been made cluster-aware.
* Many bug fixes.
### crypto
https://iojs.org/api/crypto.html
- Added support for custom generator values to `DiffieHellman` (defaulting to 2 for backwards compatibility).
- Added support for custom pbkdf2 digest methods.
- Added support for elliptic curve-based Diffie-Hellman.
- Added support for loading and setting the engine for some/all OpenSSL functions.
- Added support for passing in a passphrase for decrypting the signing key to `Sign.sign()`.
- Added support for private key passphrase in every method that accepts it.
- Added support for RSA public/private encryption/decryption functionality.
- Added support for setting and getting of authentication tags and setting additional authentication data when using ciphers such as AES-GCM.
* Added support for custom generator values to `DiffieHellman` (defaulting to 2 for backwards compatibility).
* Added support for custom pbkdf2 digest methods.
* Added support for elliptic curve-based Diffie-Hellman.
* Added support for loading and setting the engine for some/all OpenSSL functions.
* Added support for passing in a passphrase for decrypting the signing key to `Sign.sign()`.
* Added support for private key passphrase in every method that accepts it.
* Added support for RSA public/private encryption/decryption functionality.
* Added support for setting and getting of authentication tags and setting additional authentication data when using ciphers such as AES-GCM.
### dgram
https://iojs.org/api/dgram.html
- Added support for receiving empty UDP packets.
* Added support for receiving empty UDP packets.
### dns
https://iojs.org/api/dns.html
- Added `dns.resolveSoa`, `dns.getServers`, and `dns.setServers` methods.
- Added `hostname` on error messages when available.
- Improved error handling consistency.
* Added `dns.resolveSoa`, `dns.getServers`, and `dns.setServers` methods.
* Added `hostname` on error messages when available.
* Improved error handling consistency.
### events
https://iojs.org/api/events.html
- Added chaining support to `EventEmitter.setMaxListeners`.
- Updated `require('events')` to return the `EventEmitter` constructor, allowing the module to be used like `var EventEmitter = require('events')` instead of `var EventEmitter = require('events').EventEmitter`.
* Added chaining support to `EventEmitter.setMaxListeners`.
* Updated `require('events')` to return the `EventEmitter` constructor, allowing the module to be used like `var EventEmitter = require('events')` instead of `var EventEmitter = require('events').EventEmitter`.
### fs
https://iojs.org/api/fs.html
- Added `fs.access`, and deprecated `fs.exists`. Please read the documentation carefully.
- Added more informative errors and method call site details when the `NODE_DEBUG` environment is set to ease debugging.
- Added option to `fs.watch` for recursive sub-directory support (OS X only).
- Fixed missing callbacks errors just being printed instead of thrown.
* Added `fs.access`, and deprecated `fs.exists`. Please read the documentation carefully.
* Added more informative errors and method call site details when the `NODE_DEBUG` environment is set to ease debugging.
* Added option to `fs.watch` for recursive sub-directory support (OS X only).
* Fixed missing callbacks errors just being printed instead of thrown.
### http
https://iojs.org/api/http.html
- Added support for `response.write` and `response.end` to receive a callback to know when the operation completes.
- Added support for 308 status code (see RFC 7238).
- Added `http.METHODS` array, listing the HTTP methods supported by the parser.
- Added `request.flush` method.
- Added `response.getHeader('header')` method that may be used before headers are flushed.
- Added `response.statusMessage` property.
- Added Client Keep-Alive behavior. Set `keepAlive:true` in request options to reuse connections indefinitely.
- Added `rawHeaders` and `rawTrailers` members on incoming message.
- Removed default chunked encoding on `DELETE` and `OPTIONS`.
* Added support for `response.write` and `response.end` to receive a callback to know when the operation completes.
* Added support for 308 status code (see RFC 7238).
* Added `http.METHODS` array, listing the HTTP methods supported by the parser.
* Added `request.flush` method.
* Added `response.getHeader('header')` method that may be used before headers are flushed.
* Added `response.statusMessage` property.
* Added Client Keep-Alive behavior. Set `keepAlive:true` in request options to reuse connections indefinitely.
* Added `rawHeaders` and `rawTrailers` members on incoming message.
* Removed default chunked encoding on `DELETE` and `OPTIONS`.
### net
https://iojs.org/api/net.html
- Changed `net.Server.listen` such that, when the bind address is omitted, IPv6 is tried first, and IPv4 is used as a fallback.
* Changed `net.Server.listen` such that, when the bind address is omitted, IPv6 is tried first, and IPv4 is used as a fallback.
### os
https://iojs.org/api/os.html
- Added MAC addresses, netmasks and scope IDs for IPv6 addresses to `os.networkInterfaces` method output.
- Updated `os.tmpdir` on Windows to use the `%SystemRoot%` or `%WINDIR%` environment variables instead of the hard-coded value of `c:\windows` when determining the temporary directory location.
* Added MAC addresses, netmasks and scope IDs for IPv6 addresses to `os.networkInterfaces` method output.
* Updated `os.tmpdir` on Windows to use the `%SystemRoot%` or `%WINDIR%` environment variables instead of the hard-coded value of `c:\windows` when determining the temporary directory location.
### path
https://iojs.org/api/path.html
- Added `path.isAbsolute` and `path.parse` methods.
- Added `path.win32` and `path.posix` objects that contain platform-specific versions of the various `path` functions.
- Improved `path.join` performance.
* Added `path.isAbsolute` and `path.parse` methods.
* Added `path.win32` and `path.posix` objects that contain platform-specific versions of the various `path` functions.
* Improved `path.join` performance.
### process
https://iojs.org/api/process.html
- Added `beforeExit` event.
- Added `process.mainModule` and `process.exitCode`.
* Added `beforeExit` event.
* Added `process.mainModule` and `process.exitCode`.
### querystring
https://iojs.org/api/querystring.html
- Added the ability to pass custom versions of `encodeURIComponent` and `decodeURIComponent` when stringifying or parsing a querystring.
- Fixed several issues with the formatting of query strings in edge cases.
* Added the ability to pass custom versions of `encodeURIComponent` and `decodeURIComponent` when stringifying or parsing a querystring.
* Fixed several issues with the formatting of query strings in edge cases.
### smalloc
@ -2750,47 +2750,47 @@ For a detailed overview of how streams3 interact, [see this diagram](https://clo
https://iojs.org/api/timers.html
- Removed `process.maxTickDepth`, allowing `process.nextTick` to be used recursively without limit.
- Updated `setImmediate` to process the full queue each turn of the event loop, instead of one per queue.
* Removed `process.maxTickDepth`, allowing `process.nextTick` to be used recursively without limit.
* Updated `setImmediate` to process the full queue each turn of the event loop, instead of one per queue.
### tls
https://iojs.org/api/tls.html
- Added `detailed` boolean flag to `getPeerCertificate` to return detailed certificate information (with raw DER bytes).
- Added `renegotiate(options, callback)` method for session renegotiation.
- Added `setMaxSendFragment` method for varying TLS fragment size.
- Added a `dhparam` option for DH ciphers.
- Added a `ticketKeys` option for TLS ticket AES encryption keys setup.
- Added async OCSP-stapling callback.
- Added async session storage events.
- Added async SNI callback.
- Added multi-key server support (for example, ECDSA+RSA server).
- Added optional callback to `checkServerIdentity` for manual certificate validation in userland.
- Added support for ECDSA/ECDHE cipher.
- Implemented TLS streams in C++, boosting their performance.
- Moved `createCredentials` to `tls` and renamed it to `createSecureContext`.
- Removed SSLv2 and SSLv3 support.
* Added `detailed` boolean flag to `getPeerCertificate` to return detailed certificate information (with raw DER bytes).
* Added `renegotiate(options, callback)` method for session renegotiation.
* Added `setMaxSendFragment` method for varying TLS fragment size.
* Added a `dhparam` option for DH ciphers.
* Added a `ticketKeys` option for TLS ticket AES encryption keys setup.
* Added async OCSP-stapling callback.
* Added async session storage events.
* Added async SNI callback.
* Added multi-key server support (for example, ECDSA+RSA server).
* Added optional callback to `checkServerIdentity` for manual certificate validation in userland.
* Added support for ECDSA/ECDHE cipher.
* Implemented TLS streams in C++, boosting their performance.
* Moved `createCredentials` to `tls` and renamed it to `createSecureContext`.
* Removed SSLv2 and SSLv3 support.
### url
https://iojs.org/api/url.html
- Improved escaping of certain characters.
- Improved parsing speed.
* Improved escaping of certain characters.
* Improved parsing speed.
### util
https://iojs.org/api/util.html
- Added `util.debuglog`.
- Added a plethora of new type-testing methods. See [the docs](https://iojs.org/api/util.html).
- Updated `util.format` to receive several changes:
- `-0` is now displayed as such, instead of as `0`.
- Anything that is `instanceof Error` is now formatted as an error.
- Circular references in JavaScript objects are now handled for the `%j` specifier.
- Custom `inspect` functions are now allowed to return an object.
- Custom `inspect` functions now receive any arguments passed to `util.inspect`.
* Added `util.debuglog`.
* Added a plethora of new type-testing methods. See [the docs](https://iojs.org/api/util.html).
* Updated `util.format` to receive several changes:
* `-0` is now displayed as such, instead of as `0`.
* Anything that is `instanceof Error` is now formatted as an error.
* Circular references in JavaScript objects are now handled for the `%j` specifier.
* Custom `inspect` functions are now allowed to return an object.
* Custom `inspect` functions now receive any arguments passed to `util.inspect`.
## v8
@ -2804,11 +2804,11 @@ https://iojs.org/api/vm.html
The `vm` module has been rewritten to work better, based on the excellent [Contextify](https://github.com/brianmcd/contextify) native module. All of the functionality of Contextify is now in core, with improvements!
- Added `vm.isContext(object)` method to determine whether `object` has been contextified.
- Added `vm.runInDebugContext(code)` method to compile and execute `code` inside the V8 debug context.
- Updated `vm.createContext(sandbox)` to "contextify" the sandbox, making it suitable for use as a global for `vm` scripts, and then return it. It no longer creates a separate context object.
- Updated most `vm` and `vm.Script` methods to accept an `options` object, allowing you to configure a timeout for the script, the error display behavior, and sometimes the filename (for stack traces).
- Updated the supplied sandbox object to be used directly as the global, remove error-prone copying of properties back and forth between the supplied sandbox object and the global that appears inside the scripts run by the `vm` module.
* Added `vm.isContext(object)` method to determine whether `object` has been contextified.
* Added `vm.runInDebugContext(code)` method to compile and execute `code` inside the V8 debug context.
* Updated `vm.createContext(sandbox)` to "contextify" the sandbox, making it suitable for use as a global for `vm` scripts, and then return it. It no longer creates a separate context object.
* Updated most `vm` and `vm.Script` methods to accept an `options` object, allowing you to configure a timeout for the script, the error display behavior, and sometimes the filename (for stack traces).
* Updated the supplied sandbox object to be used directly as the global, remove error-prone copying of properties back and forth between the supplied sandbox object and the global that appears inside the scripts run by the `vm` module.
For more information, see the `vm` documentation linked above.
@ -2816,9 +2816,9 @@ For more information, see the `vm` documentation linked above.
https://iojs.org/api/zlib.html
- Added support for `zlib.flush` to specify a particular flush method (defaulting to `Z_FULL_FLUSH`).
- Added support for `zlib.params` to dynamically update the compression level and strategy when deflating.
- Added synchronous versions of the zlib methods.
* Added support for `zlib.flush` to specify a particular flush method (defaulting to `Z_FULL_FLUSH`).
* Added support for `zlib.params` to dynamically update the compression level and strategy when deflating.
* Added synchronous versions of the zlib methods.
### C++ API Changes
@ -2828,23 +2828,23 @@ In general it is recommended that you use [NAN](https://github.com/rvagg/nan) as
#### V8 highlights
- Exposed method signature has changed from `Handle<Value> Method(const Arguments& args)` to `void Method(const v8::FunctionCallbackInfo<Value>& args)` with the newly introduced `FunctionCallbackInfo` also taking the return value via `args.GetReturnValue().Set(value)` instead of `scope.Close(value)`, `Arguments` has been removed.
- Exposed setter signature has changed from `void Setter(Local<String> property, Local<Value> value, const v8::AccessorInfo& args)` `void Setter(Local<String> property, Local<Value> value, const v8::PropertyCallbackInfo<void>& args)`.
- Exposed getter signature has changed from `void Getter(Local<String> property, Local<Value> value, const v8::AccessorInfo& args)` `void Getter(Local<String> property, Local<Value> value, const v8::PropertyCallbackInfo<Value>& args)`.
- Exposed property setter signature has changed from `Handle<Value> Setter(Local<String> property, Local<Value> value, const v8::AccessorInfo& args)` `void Setter(Local<String> property, Local<Value> value, const v8::PropertyCallbackInfo<Value>& args)`.
- Exposed property getter signature has changed from `Handle<Value> Getter(Local<String> property, Local<Value> value, const v8::AccessorInfo& args)` `void Getter(Local<String> property, Local<Value> value, const v8::PropertyCallbackInfo<Value>& args)`.
- Similar changes have been made to property enumerators, property deleters, property query, index getter, index setter, index enumerator, index deleter, index query.
- V8 objects instantiated in C++ now require an `Isolate*` argument as the first argument. In most cases it is OK to simply pass `v8::Isolate::GetCurrent()`, e.g. `Date::New(Isolate::GetCurrent(), time)`, or `String::NewFromUtf8(Isolate::GetCurrent(), "foobar")`.
- `HandleScope scope` now requires an `Isolate*` argument, i.e. `HandleScope scope(isolate)`, in most cases `v8::Isolate::GetCurrent()` is OK.
- Similar changes have been made to `Locker` and `Unlocker`.
- V8 objects that need to "escape" a scope should be enclosed in a `EscapableHandleScope` rather than a `HandleScope` and should be returned with `scope.Escape(value)`.
- Exceptions are now thrown from isolates with `isolate->ThrowException(ExceptionObject)`.
- `Context::GetCurrent()` must now be done on an isolate, e.g. `Isolate::GetCurrent()->GetCurrentContext()`.
- `String::NewSymbol()` has been removed, use plain strings instead.
- `String::New()` has been removed, use `String::NewFromUtf8()` instead.
- `Persistent` objects no longer inherit from `Handle` and cannot be instantiated with another object. Instead, the `Persistent` should simply be declared, e.g. `Persistent<Type> handle` and then have a `Local` assigned to it with `handle.Reset(isolate, value)`. To get a `Local` from a `Persistent` you must instantiate it as the argument, i.e. `Local::New(Isolate*, Persistent)`.
* Exposed method signature has changed from `Handle<Value> Method(const Arguments& args)` to `void Method(const v8::FunctionCallbackInfo<Value>& args)` with the newly introduced `FunctionCallbackInfo` also taking the return value via `args.GetReturnValue().Set(value)` instead of `scope.Close(value)`, `Arguments` has been removed.
* Exposed setter signature has changed from `void Setter(Local<String> property, Local<Value> value, const v8::AccessorInfo& args)` `void Setter(Local<String> property, Local<Value> value, const v8::PropertyCallbackInfo<void>& args)`.
* Exposed getter signature has changed from `void Getter(Local<String> property, Local<Value> value, const v8::AccessorInfo& args)` `void Getter(Local<String> property, Local<Value> value, const v8::PropertyCallbackInfo<Value>& args)`.
* Exposed property setter signature has changed from `Handle<Value> Setter(Local<String> property, Local<Value> value, const v8::AccessorInfo& args)` `void Setter(Local<String> property, Local<Value> value, const v8::PropertyCallbackInfo<Value>& args)`.
* Exposed property getter signature has changed from `Handle<Value> Getter(Local<String> property, Local<Value> value, const v8::AccessorInfo& args)` `void Getter(Local<String> property, Local<Value> value, const v8::PropertyCallbackInfo<Value>& args)`.
* Similar changes have been made to property enumerators, property deleters, property query, index getter, index setter, index enumerator, index deleter, index query.
* V8 objects instantiated in C++ now require an `Isolate*` argument as the first argument. In most cases it is OK to simply pass `v8::Isolate::GetCurrent()`, e.g. `Date::New(Isolate::GetCurrent(), time)`, or `String::NewFromUtf8(Isolate::GetCurrent(), "foobar")`.
* `HandleScope scope` now requires an `Isolate*` argument, i.e. `HandleScope scope(isolate)`, in most cases `v8::Isolate::GetCurrent()` is OK.
* Similar changes have been made to `Locker` and `Unlocker`.
* V8 objects that need to "escape" a scope should be enclosed in a `EscapableHandleScope` rather than a `HandleScope` and should be returned with `scope.Escape(value)`.
* Exceptions are now thrown from isolates with `isolate->ThrowException(ExceptionObject)`.
* `Context::GetCurrent()` must now be done on an isolate, e.g. `Isolate::GetCurrent()->GetCurrentContext()`.
* `String::NewSymbol()` has been removed, use plain strings instead.
* `String::New()` has been removed, use `String::NewFromUtf8()` instead.
* `Persistent` objects no longer inherit from `Handle` and cannot be instantiated with another object. Instead, the `Persistent` should simply be declared, e.g. `Persistent<Type> handle` and then have a `Local` assigned to it with `handle.Reset(isolate, value)`. To get a `Local` from a `Persistent` you must instantiate it as the argument, i.e. `Local::New(Isolate*, Persistent)`.
#### Node / io.js
- Updated `node::Buffer::New()` to return a `Handle` directly so you no longer need to fetch the `handle_` property.
- Updated `node::MakeCallback()` to require an `Isolate*` as the first argument. Generally `Isolate::GetCurrent()` will be OK for this.
* Updated `node::Buffer::New()` to return a `Handle` directly so you no longer need to fetch the `handle_` property.
* Updated `node::MakeCallback()` to require an `Isolate*` as the first argument. Generally `Isolate::GetCurrent()` will be OK for this.

32
doc/changelogs/CHANGELOG_V010.md
View File

@ -106,8 +106,8 @@ This is a security release. All Node.js users should consult the security releas
* buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич)
* http:
- CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas)
- Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White)
* CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas)
* Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White)
* openssl: Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2183, CVE-2016-2178 and CVE-2016-6306.
* tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian) (Ben Noordhuis)
@ -150,8 +150,8 @@ This is a security release. All Node.js users should consult the security releas
* npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) https://github.com/nodejs/node/pull/5987
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553
- Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
- See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details
* Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
* See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details
### Commits:
@ -186,13 +186,13 @@ This is a security release. All Node.js users should consult the security releas
* http_parser: Update to http-parser 1.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) https://github.com/nodejs/node/pull/5242
* domains:
- Prevent an exit due to an exception being thrown rather than emitting an `'uncaughtException'` event on the `process` object when no error handler is set on the domain within which an error is thrown and an `'uncaughtException'` event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3887
- Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3887
* Prevent an exit due to an exception being thrown rather than emitting an `'uncaughtException'` event on the `process` object when no error handler is set on the domain within which an error is thrown and an `'uncaughtException'` event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3887
* Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3887
* openssl: Upgrade from 1.0.1r to 1.0.1s (Ben Noordhuis) https://github.com/nodejs/node/pull/5508
- Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705
- Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797
- Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702
- Remove SSLv2 support, the `--enable-ssl2` command line argument will now produce an error. The DROWN Attack (https://drownattack.com/) creates a vulnerability where SSLv2 is enabled by a server, even if a client connection is not using SSLv2. The SSLv2 protocol is widely considered unacceptably broken and should not be supported. More information is available at https://www.openssl.org/news/vulnerabilities.html#2016-0800
* Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705
* Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797
* Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702
* Remove SSLv2 support, the `--enable-ssl2` command line argument will now produce an error. The DROWN Attack (https://drownattack.com/) creates a vulnerability where SSLv2 is enabled by a server, even if a client connection is not using SSLv2. The SSLv2 protocol is widely considered unacceptably broken and should not be supported. More information is available at https://www.openssl.org/news/vulnerabilities.html#2016-0800
### Commits:
@ -215,11 +215,11 @@ This is an important security release. All Node.js users should consult the secu
* http-parser: upgrade from 1.0 to 1.1
* openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits.
* src:
- introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216`
* introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes
* allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216`
* build:
- xz compressed tar files will be made available from nodejs.org for v0.10 builds from v0.10.42 onward
- A headers.tar.gz file will be made available from nodejs.org for v0.10 builds from v0.10.42 onward, a future change to node-gyp will be required to make use of these
* xz compressed tar files will be made available from nodejs.org for v0.10 builds from v0.10.42 onward
* A headers.tar.gz file will be made available from nodejs.org for v0.10 builds from v0.10.42 onward, a future change to node-gyp will be required to make use of these
### Commits
@ -432,7 +432,7 @@ https://github.com/nodejs/node/commit/ce82d6b8474bde7ac7df6d425fb88fb1bcba35bc
* openssl: to 1.0.1h (CVE-2014-0224)
* npm: upgrade to 1.4.14
* utf8: Prevent Node from sending invalid UTF-8 (Felix Geisendörfer)
- *NOTE* this introduces a breaking change, previously you could construct
* *NOTE* this introduces a breaking change, previously you could construct
invalid UTF-8 and invoke an error in a client that was expecting valid
UTF-8, now unmatched surrogate pairs are replaced with the unknown UTF-8
character. To restore the old functionality simply have NODE_INVALID_UTF8
@ -573,7 +573,7 @@ https://github.com/nodejs/node/commit/e2da042844a830fafb8031f6c477eb4f96195210
https://github.com/nodejs/node/commit/d7234c8d50a1af73f60d2d3c0cc7eed17429a481
* tls: fix sporadic hang and partial reads (Fedor Indutny)
- fixes "npm ERR! cb() never called!"
* fixes "npm ERR! cb() never called!"
<a id="0.10.19"></a>
## 2013.09.24, Version 0.10.19 (Stable)

32
doc/changelogs/CHANGELOG_V012.md
View File

@ -90,11 +90,11 @@ This is a security release. All Node.js users should consult the security releas
* buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич)
* http:
- CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas)
- Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White)
* CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas)
* Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White)
* openssl:
- Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306.
- Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis, Rod Vagg)
* Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306.
* Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis, Rod Vagg)
* tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis)
### Commits:
@ -139,9 +139,9 @@ This is a security release. All Node.js users should consult the security releas
* npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) https://github.com/nodejs/node/pull/5988
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553
- Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
- Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
- See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details
* Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
* Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
* See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details
### Commits:
@ -192,12 +192,12 @@ Note that the upgrade to OpenSSL 1.0.1s in Node.js v0.12.11 removed internal SSL
* http_parser: Update to http-parser 2.3.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) https://github.com/nodejs/node/pull/5241
* domains:
- Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the `process` object when no error handler is set on the domain within which an error is thrown and an 'uncaughtException' event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3885
- Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3885
* Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the `process` object when no error handler is set on the domain within which an error is thrown and an 'uncaughtException' event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3885
* Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3885
* openssl: Upgrade from 1.0.1r to 1.0.1s (Ben Noordhuis) https://github.com/nodejs/node/pull/5509
- Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705
- Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797
- Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702
* Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705
* Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797
* Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702
### Commits:
@ -227,11 +227,11 @@ This is an important security release. All Node.js users should consult the secu
* http-parser: upgrade from 2.3.0 to 2.3.1
* openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits.
* src:
- introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216`
* introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes
* allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216`
* build:
- xz compressed tar files will be made available from nodejs.org for v0.12 builds from v0.12.10 onward
- A headers.tar.gz file will be made available from nodejs.org for v0.12 builds from v0.12.10 onward, a future change to node-gyp will be required to make use of these
* xz compressed tar files will be made available from nodejs.org for v0.12 builds from v0.12.10 onward
* A headers.tar.gz file will be made available from nodejs.org for v0.12 builds from v0.12.10 onward, a future change to node-gyp will be required to make use of these
### Commits

54
doc/changelogs/CHANGELOG_V10.md
View File

@ -1016,9 +1016,9 @@ a missing CLI flag to adjust the max header size of the http parser.
### Notable Changes
* **cli**:
- add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811)
* add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811)
* **http**:
- add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860)
* add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860)
### Commits
@ -2211,10 +2211,10 @@ Fixes for the following CVEs are included in this release:
* Fix unintentional exposure of uninitialized memory in `Buffer.alloc()` (CVE-2018-7166)
* **deps**:
* Upgrade to OpenSSL 1.1.0i, fixing:
- Client DoS due to large DH parameter (CVE-2018-0732)
- ECDSA key extraction via local side-channel (CVE not assigned)
* Client DoS due to large DH parameter (CVE-2018-0732)
* ECDSA key extraction via local side-channel (CVE not assigned)
* Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) [#21079](https://github.com/nodejs/node/pull/21079)
- Memory reduction and performance improvements, details at: https://v8project.blogspot.com/2018/06/v8-release-68.html
* Memory reduction and performance improvements, details at: https://v8project.blogspot.com/2018/06/v8-release-68.html
* **http**: `http.get()` and `http.request()` (and `https` variants) can now accept three arguments to allow for a `URL` _and_ an `options` object (Sam Ruby) [#21616](https://github.com/nodejs/node/pull/21616)
* Added new collaborators
* Sam Ruby (https://github.com/rubys)
@ -2985,9 +2985,9 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **deps**:
- update V8 to 6.7.288.43 (Michaël Zasso) [#19989](https://github.com/nodejs/node/pull/19989)
* update V8 to 6.7.288.43 (Michaël Zasso) [#19989](https://github.com/nodejs/node/pull/19989)
* **stream**:
- ensure Stream.pipeline re-throws errors without callback (Blaine Bublitz) [#20437](https://github.com/nodejs/node/pull/20437)
* ensure Stream.pipeline re-throws errors without callback (Blaine Bublitz) [#20437](https://github.com/nodejs/node/pull/20437)
### Commits
@ -3090,15 +3090,15 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **deps**:
- upgrade npm to 6.1.0 (Rebecca Turner) [#20190](https://github.com/nodejs/node/pull/20190)
* upgrade npm to 6.1.0 (Rebecca Turner) [#20190](https://github.com/nodejs/node/pull/20190)
* **fs**:
- fix reads with pos \> 4GB (Mathias Buus) [#21003](https://github.com/nodejs/node/pull/21003)
* fix reads with pos \> 4GB (Mathias Buus) [#21003](https://github.com/nodejs/node/pull/21003)
* **net**:
- new option to allow IPC servers to be readable and writable by all users (Bartosz Sosnowski) [#19472](https://github.com/nodejs/node/pull/19472)
* new option to allow IPC servers to be readable and writable by all users (Bartosz Sosnowski) [#19472](https://github.com/nodejs/node/pull/19472)
* **stream**:
- fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed (Kael Zhang) [#20924](https://github.com/nodejs/node/pull/20924)
* fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed (Kael Zhang) [#20924](https://github.com/nodejs/node/pull/20924)
* **Added new collaborators**
- [jdlaton](https://github.com/jdalton) John-David Dalton
* [jdlaton](https://github.com/jdalton) John-David Dalton
### Commits
@ -3162,23 +3162,23 @@ This is a follow up release to fix two regressions that were introduced in v10.2
### Notable Changes
* **addons**:
- Fixed a memory leak for users of `AsyncResource` and N-API. (Michael Dawson) [#20668](https://github.com/nodejs/node/pull/20668)
* Fixed a memory leak for users of `AsyncResource` and N-API. (Michael Dawson) [#20668](https://github.com/nodejs/node/pull/20668)
* **assert**:
- The `error` parameter of `assert.throws()` can be an object containing regular expressions now. (Ruben Bridgewater) [#20485](https://github.com/nodejs/node/pull/20485)
* The `error` parameter of `assert.throws()` can be an object containing regular expressions now. (Ruben Bridgewater) [#20485](https://github.com/nodejs/node/pull/20485)
* **crypto**:
- The `authTagLength` option has been made more flexible. (Tobias Nießen) [#20235](https://github.com/nodejs/node/pull/20235), [#20039](https://github.com/nodejs/node/pull/20039)
* The `authTagLength` option has been made more flexible. (Tobias Nießen) [#20235](https://github.com/nodejs/node/pull/20235), [#20039](https://github.com/nodejs/node/pull/20039)
* **esm**:
- Builtin modules (e.g. `fs`) now provide named exports in ES6 modules. (Gus Caplan) [#20403](https://github.com/nodejs/node/pull/20403)
* Builtin modules (e.g. `fs`) now provide named exports in ES6 modules. (Gus Caplan) [#20403](https://github.com/nodejs/node/pull/20403)
* **http**:
- Handling of `close` and `aborted` events has been made more consistent. (Robert Nagy) [#20075](https://github.com/nodejs/node/pull/20075), [#20611](https://github.com/nodejs/node/pull/20611)
* Handling of `close` and `aborted` events has been made more consistent. (Robert Nagy) [#20075](https://github.com/nodejs/node/pull/20075), [#20611](https://github.com/nodejs/node/pull/20611)
* **module**:
- add --preserve-symlinks-main (David Goldstein) [#19911](https://github.com/nodejs/node/pull/19911)
* add --preserve-symlinks-main (David Goldstein) [#19911](https://github.com/nodejs/node/pull/19911)
* **timers**:
- `timeout.refresh()` has been added to the public API. (Jeremiah Senkpiel) [#20298](https://github.com/nodejs/node/pull/20298)
* `timeout.refresh()` has been added to the public API. (Jeremiah Senkpiel) [#20298](https://github.com/nodejs/node/pull/20298)
* Embedder support:
- Functions for creating V8 `Isolate` and `Context` objects with Node.js-specific behaviour have been added to the API. (Allen Yonghuang Wang) [#20639](https://github.com/nodejs/node/pull/20639)
- Node.js `Environment`s clean up resources before exiting now. (Anna Henningsen) [#19377](https://github.com/nodejs/node/pull/19377)
- Support for multi-threaded embedding has been improved. (Anna Henningsen) [#20542](https://github.com/nodejs/node/pull/20542), [#20539](https://github.com/nodejs/node/pull/20539), [#20541](https://github.com/nodejs/node/pull/20541)
* Functions for creating V8 `Isolate` and `Context` objects with Node.js-specific behaviour have been added to the API. (Allen Yonghuang Wang) [#20639](https://github.com/nodejs/node/pull/20639)
* Node.js `Environment`s clean up resources before exiting now. (Anna Henningsen) [#19377](https://github.com/nodejs/node/pull/19377)
* Support for multi-threaded embedding has been improved. (Anna Henningsen) [#20542](https://github.com/nodejs/node/pull/20542), [#20539](https://github.com/nodejs/node/pull/20539), [#20541](https://github.com/nodejs/node/pull/20541)
### Commits
@ -3396,15 +3396,15 @@ This is a follow up release to fix two regressions that were introduced in v10.2
### Notable Changes
* **console**:
- make console.table() use colored inspect (TSUYUSATO Kitsune) [#20510](https://github.com/nodejs/node/pull/20510)
* make console.table() use colored inspect (TSUYUSATO Kitsune) [#20510](https://github.com/nodejs/node/pull/20510)
* **fs**:
- move fs/promises to fs.promises (cjihrig) [#20504](https://github.com/nodejs/node/pull/20504)
* move fs/promises to fs.promises (cjihrig) [#20504](https://github.com/nodejs/node/pull/20504)
* **http**:
- added aborted property to request (Robert Nagy) [#20094](https://github.com/nodejs/node/pull/20094)
* added aborted property to request (Robert Nagy) [#20094](https://github.com/nodejs/node/pull/20094)
* **n-api**:
- initialize a module via a special symbol (Gabriel Schulhof) [#20161](https://github.com/nodejs/node/pull/20161)
* initialize a module via a special symbol (Gabriel Schulhof) [#20161](https://github.com/nodejs/node/pull/20161)
* **src**:
- add public API to expose the main V8 Platform (Allen Yonghuang Wang) [#20447](https://github.com/nodejs/node/pull/20447)
* add public API to expose the main V8 Platform (Allen Yonghuang Wang) [#20447](https://github.com/nodejs/node/pull/20447)
### Commits

14
doc/changelogs/CHANGELOG_V11.md
View File

@ -1559,16 +1559,16 @@ A fix for the following CVE is included in this release:
### Notable Changes
* **cli**:
- add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811)
* add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811)
* **crypto**:
- always accept certificates as public keys (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234)
- add key object API (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234)
- update root certificates (Sam Roberts) [#25113](https://github.com/nodejs/node/pull/25113)
* always accept certificates as public keys (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234)
* add key object API (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234)
* update root certificates (Sam Roberts) [#25113](https://github.com/nodejs/node/pull/25113)
* **deps**:
- upgrade to libuv 1.24.1 (cjihrig) [#25078](https://github.com/nodejs/node/pull/25078)
- upgrade npm to 6.5.0 (Audrey Eschright) [#24734](https://github.com/nodejs/node/pull/24734)
* upgrade to libuv 1.24.1 (cjihrig) [#25078](https://github.com/nodejs/node/pull/25078)
* upgrade npm to 6.5.0 (Audrey Eschright) [#24734](https://github.com/nodejs/node/pull/24734)
* **http**:
- add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860)
* add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860)
### Commits

208
doc/changelogs/CHANGELOG_V4.md
View File

@ -155,12 +155,12 @@ This release includes a security update to openssl that has been deemed low seve
### Notable Changes
* **crypto**:
- update root certificates (Ben Noordhuis) [#13279](https://github.com/nodejs/node/pull/13279)
- update root certificates (Ben Noordhuis) [#12402](https://github.com/nodejs/node/pull/12402)
* update root certificates (Ben Noordhuis) [#13279](https://github.com/nodejs/node/pull/13279)
* update root certificates (Ben Noordhuis) [#12402](https://github.com/nodejs/node/pull/12402)
* **deps**:
- add support for more modern versions of INTL (Bruno Pagani) [#13040](https://github.com/nodejs/node/pull/13040)
- upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691)
- upgrade openssl sources to 1.0.2l (Daniel Bevenius) [#13233](https://github.com/nodejs/node/pull/13233)
* add support for more modern versions of INTL (Bruno Pagani) [#13040](https://github.com/nodejs/node/pull/13040)
* upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691)
* upgrade openssl sources to 1.0.2l (Daniel Bevenius) [#13233](https://github.com/nodejs/node/pull/13233)
### Commits
@ -220,7 +220,7 @@ This is a security release. All Node.js users should consult the security releas
### Notable Changes
* **zlib**:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95)
* CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95)
### Commits
@ -234,9 +234,9 @@ This is a security release. All Node.js users should consult the security releas
### Notable Changes
* **build**:
- Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh)
* Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh)
* **deps**:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale)
* CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale)
### Commits
@ -251,11 +251,11 @@ This is a security release. All Node.js users should consult the security releas
### Notable Changes
* **module**:
- The [module loading global fallback](https://nodejs.org/dist/latest-v4.x/docs/api/modules.html#modules_loading_from_the_global_folders) to the Node executable's directory now works correctly on Windows. (Richard Lau) [#9283](https://github.com/nodejs/node/pull/9283)
* The [module loading global fallback](https://nodejs.org/dist/latest-v4.x/docs/api/modules.html#modules_loading_from_the_global_folders) to the Node executable's directory now works correctly on Windows. (Richard Lau) [#9283](https://github.com/nodejs/node/pull/9283)
* **src**:
- fix base64 decoding in rare edgecase (Nikolai Vavilov) [#11995](https://github.com/nodejs/node/pull/11995)
* fix base64 decoding in rare edgecase (Nikolai Vavilov) [#11995](https://github.com/nodejs/node/pull/11995)
* **tls**:
- fix rare segmentation faults when using TLS
* fix rare segmentation faults when using TLS
* (Trevor Norris) [#11947](https://github.com/nodejs/node/pull/11947)
* (Ben Noordhuis) [#11898](https://github.com/nodejs/node/pull/11898)
* (jBarz) [#11776](https://github.com/nodejs/node/pull/11776)
@ -288,9 +288,9 @@ that were present in zlib 1.2.8.
### Notable Changes
* **crypto**:
- fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089)
* fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089)
* **deps**:
- upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980)
* upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980)
### Commits
@ -309,9 +309,9 @@ and 1 commits which are updates to dependencies.
* **buffer**: The performance of `.toJSON()` is now up to 2859% faster on average. (Brian White) [#10895](https://github.com/nodejs/node/pull/10895)
* **IPC**: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. (Alexey Orlenko) [#10677](https://github.com/nodejs/node/pull/10677)
- Performance gains may be up to 40% for some workloads.
* Performance gains may be up to 40% for some workloads.
* **http**:
- Control characters are now always rejected when using `http.request()`. (Ben Noordhuis) [#8923](https://github.com/nodejs/node/pull/8923)
* Control characters are now always rejected when using `http.request()`. (Ben Noordhuis) [#8923](https://github.com/nodejs/node/pull/8923)
* **node**: Heap statistics now support values larger than 4GB. (Ben Noordhuis) [#10186](https://github.com/nodejs/node/pull/10186)
### Commits
@ -866,7 +866,7 @@ The SEMVER-MINOR changes include:
Notable SEMVER-PATCH changes include:
* **build**:
- introduce the configure --shared option for embedders (sxa555) [#6994](https://github.com/nodejs/node/pull/6994)
* introduce the configure --shared option for embedders (sxa555) [#6994](https://github.com/nodejs/node/pull/6994)
* **gtest**: the test reporter now outputs tap comments as yamlish (Johan Bergström) [#9262](https://github.com/nodejs/node/pull/9262)
* **src**: node no longer aborts when c-ares initialization fails (Ben Noordhuis) [#8710](https://github.com/nodejs/node/pull/8710)
* **tls**: fix memory leak when writing data to TLSWrap instance during handshake (Fedor Indutny) [#9586](https://github.com/nodejs/node/pull/9586)
@ -1242,9 +1242,9 @@ This is a security release. All Node.js users should consult the security releas
Semver Minor:
* **openssl**:
- Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) [#8714](https://github.com/nodejs/node/pull/8714)
- Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) [#8786](https://github.com/nodejs/node/pull/8786)
- Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) [nodejs/node-private#70](https://github.com/nodejs/node-private/pull/70)
* Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) [#8714](https://github.com/nodejs/node/pull/8714)
* Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) [#8786](https://github.com/nodejs/node/pull/8786)
* Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) [nodejs/node-private#70](https://github.com/nodejs/node-private/pull/70)
* **http**: CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) [nodejs/node-private#46](https://github.com/nodejs/node-private/pull/46)
Semver Patch:
@ -1576,15 +1576,15 @@ This LTS release comes with 89 commits. This includes 46 commits that are docs r
### Notable Changes
- **debugger**:
- All properties of an array (aside from length) can now be printed in the repl (cjihrig) [#6448](https://github.com/nodejs/node/pull/6448)
- **npm**:
- Upgrade npm to 2.15.8 (Rebecca Turner) [#7412](https://github.com/nodejs/node/pull/7412)
- **stream**:
- Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen) [#7160](https://github.com/nodejs/node/pull/7160)
- **V8**:
- Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) [#7442](https://github.com/nodejs/node/pull/7442)
- Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas) [#3792](https://github.com/nodejs/node/pull/3792)
* **debugger**:
* All properties of an array (aside from length) can now be printed in the repl (cjihrig) [#6448](https://github.com/nodejs/node/pull/6448)
* **npm**:
* Upgrade npm to 2.15.8 (Rebecca Turner) [#7412](https://github.com/nodejs/node/pull/7412)
* **stream**:
* Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen) [#7160](https://github.com/nodejs/node/pull/7160)
* **V8**:
* Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) [#7442](https://github.com/nodejs/node/pull/7442)
* Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas) [#3792](https://github.com/nodejs/node/pull/3792)
### Commits
@ -1698,14 +1698,14 @@ This release is specifically related to a Buffer overflow vulnerability discover
### Notable Changes
- **buffer**:
- Buffer.indexOf now returns correct values for all UTF-16 input (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511)
- **contextify**:
- Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth (Ali Ijaz Sheikh) [#6871](https://github.com/nodejs/node/pull/6871)
- **deps**:
- update npm to 2.15.5 (Rebecca Turner) [#6663](https://github.com/nodejs/node/pull/6663)
- **http**:
- Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999 (Brian White) [#6291](https://github.com/nodejs/node/pull/6291)
* **buffer**:
* Buffer.indexOf now returns correct values for all UTF-16 input (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511)
* **contextify**:
* Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth (Ali Ijaz Sheikh) [#6871](https://github.com/nodejs/node/pull/6871)
* **deps**:
* update npm to 2.15.5 (Rebecca Turner) [#6663](https://github.com/nodejs/node/pull/6663)
* **http**:
* Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999 (Brian White) [#6291](https://github.com/nodejs/node/pull/6291)
### Commits
@ -1792,7 +1792,7 @@ This release is specifically related to a Buffer overflow vulnerability discover
* **deps**:
* update openssl to 1.0.2h. (Shigeki Ohtsu) [#6551](https://github.com/nodejs/node/pull/6551)
- Please see our [blog post](https://nodejs.org/en/blog/vulnerability/openssl-may-2016/) for more info on the security contents of this release.
* Please see our [blog post](https://nodejs.org/en/blog/vulnerability/openssl-may-2016/) for more info on the security contents of this release.
### Commits
@ -1812,11 +1812,11 @@ This release is specifically related to a Buffer overflow vulnerability discover
### Notable Changes
* **deps**:
- Fix `--gdbjit` for embedders. Backported from v8 upstream. (Ben Noordhuis) [#5577](https://github.com/nodejs/node/pull/5577)
* Fix `--gdbjit` for embedders. Backported from v8 upstream. (Ben Noordhuis) [#5577](https://github.com/nodejs/node/pull/5577)
* **etw**:
- Correctly display descriptors for ETW events 9 and 23 on the windows platform. (João Reis) [#5742](https://github.com/nodejs/node/pull/5742)
* Correctly display descriptors for ETW events 9 and 23 on the windows platform. (João Reis) [#5742](https://github.com/nodejs/node/pull/5742)
* **querystring**:
- Restore throw when attempting to stringify bad surrogate pair. (Brian White) [#5858](https://github.com/nodejs/node/pull/5858)
* Restore throw when attempting to stringify bad surrogate pair. (Brian White) [#5858](https://github.com/nodejs/node/pull/5858)
### Commits
@ -1879,13 +1879,13 @@ This release is specifically related to a Buffer overflow vulnerability discover
### Notable Changes
* **https**:
- Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. (Alexander Penev) [#5713](https://github.com/nodejs/node/pull/5713)
* Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. (Alexander Penev) [#5713](https://github.com/nodejs/node/pull/5713)
* **lib**:
- The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this. (Nathan Woltman) [#4361](https://github.com/nodejs/node/pull/4361)
* The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this. (Nathan Woltman) [#4361](https://github.com/nodejs/node/pull/4361)
* **npm**:
- Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell)
* Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell)
* **repl**:
- Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. (Prince J Wesley) [#5416](https://github.com/nodejs/node/pull/5416)
* Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. (Prince J Wesley) [#5416](https://github.com/nodejs/node/pull/5416)
### Commits
@ -1940,16 +1940,16 @@ and 7 which are benchmark related.
### Notable Changes
* **build**:
- Updated Logos for the OSX + Windows installers
- (Rod Vagg) [#5401](https://github.com/nodejs/node/pull/5401)
- (Robert Jefe Lindstaedt) [#5531](https://github.com/nodejs/node/pull/5531)
- New option to select your VS Version in the Windows installer
- (julien.waechter) [#4645](https://github.com/nodejs/node/pull/4645)
- Support Visual C++ Build Tools 2015
- (João Reis) [#5627](https://github.com/nodejs/node/pull/5627)
* Updated Logos for the OSX + Windows installers
* (Rod Vagg) [#5401](https://github.com/nodejs/node/pull/5401)
* (Robert Jefe Lindstaedt) [#5531](https://github.com/nodejs/node/pull/5531)
* New option to select your VS Version in the Windows installer
* (julien.waechter) [#4645](https://github.com/nodejs/node/pull/4645)
* Support Visual C++ Build Tools 2015
* (João Reis) [#5627](https://github.com/nodejs/node/pull/5627)
* **tools**:
- Gyp now works on OSX without XCode
- (Shigeki Ohtsu) [nodejs/node#1325](https://github.com/nodejs/node/pull/1325)
* Gyp now works on OSX without XCode
* (Shigeki Ohtsu) [nodejs/node#1325](https://github.com/nodejs/node/pull/1325)
### Commits
@ -2082,34 +2082,34 @@ This release also includes over 70 fixes to our docs and over 50 fixes to tests.
The SEMVER-MINOR changes include:
* **deps**:
- An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) [#3609](https://github.com/nodejs/node/pull/3609)
* An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) [#3609](https://github.com/nodejs/node/pull/3609)
* **http**:
- A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) [#4482](https://github.com/nodejs/node/pull/4482)
* A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) [#4482](https://github.com/nodejs/node/pull/4482)
* **src**:
- Better support for Big-Endian systems (Bryon Leung) [#3410](https://github.com/nodejs/node/pull/3410)
* Better support for Big-Endian systems (Bryon Leung) [#3410](https://github.com/nodejs/node/pull/3410)
* **tls**:
- A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) [#2441](https://github.com/nodejs/node/pull/2441)
* A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) [#2441](https://github.com/nodejs/node/pull/2441)
* **tools**:
- a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) [#4021](https://github.com/nodejs/node/pull/4021)
* a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) [#4021](https://github.com/nodejs/node/pull/4021)
Notable semver patch changes include:
* **buld**:
- Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) [#4841](https://github.com/nodejs/node/pull/4841)
* Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) [#4841](https://github.com/nodejs/node/pull/4841)
* **https**:
- A potential fix for [#3692](https://github.com/nodejs/node/issues/3692) HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) [#4982](https://github.com/nodejs/node/pull/4982)
* A potential fix for [#3692](https://github.com/nodejs/node/issues/3692) HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) [#4982](https://github.com/nodejs/node/pull/4982)
* **installer**:
- More readable profiling information from isolate tick logs (Matt Loring) [#3032](https://github.com/nodejs/node/pull/3032)
* More readable profiling information from isolate tick logs (Matt Loring) [#3032](https://github.com/nodejs/node/pull/3032)
* **npm**:
- upgrade to npm 2.14.20 (Kat Marchán) [#5510](https://github.com/nodejs/node/pull/5510)
* upgrade to npm 2.14.20 (Kat Marchán) [#5510](https://github.com/nodejs/node/pull/5510)
* **process**:
- Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) [#4798](https://github.com/nodejs/node/pull/4798)
* Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) [#4798](https://github.com/nodejs/node/pull/4798)
* **querystring**:
- querystring.parse() is now 13-22% faster! (Brian White) [#4675](https://github.com/nodejs/node/pull/4675)
* querystring.parse() is now 13-22% faster! (Brian White) [#4675](https://github.com/nodejs/node/pull/4675)
* **streams**:
- performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) [#4354](https://github.com/nodejs/node/pull/4354)
* performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) [#4354](https://github.com/nodejs/node/pull/4354)
* **tools**:
- eslint has been updated to version 2.1.0 (Rich Trott) [#5214](https://github.com/nodejs/node/pull/5214)
* eslint has been updated to version 2.1.0 (Rich Trott) [#5214](https://github.com/nodejs/node/pull/5214)
### Commits
@ -2339,9 +2339,9 @@ This is a security release with only a single commit, an update to openssl due t
### Notable changes
* **openssl**: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) [#5507](https://github.com/nodejs/node/pull/5507)
- Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at [CVE-2016-0705](https://www.openssl.org/news/vulnerabilities.html#2016-0705).
- Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at [CVE-2016-0797](https://www.openssl.org/news/vulnerabilities.html#2016-0797).
- Fix a defect that makes the _[CacheBleed Attack](https://ssrg.nicta.com.au/projects/TS/cachebleed/)_ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at [CVE-2016-0702](https://www.openssl.org/news/vulnerabilities.html#2016-0702).
* Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at [CVE-2016-0705](https://www.openssl.org/news/vulnerabilities.html#2016-0705).
* Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at [CVE-2016-0797](https://www.openssl.org/news/vulnerabilities.html#2016-0797).
* Fix a defect that makes the _[CacheBleed Attack](https://ssrg.nicta.com.au/projects/TS/cachebleed/)_ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at [CVE-2016-0702](https://www.openssl.org/news/vulnerabilities.html#2016-0702).
## Commits
@ -2354,17 +2354,17 @@ This is a security release with only a single commit, an update to openssl due t
* **buffer**
* make byteLength work with Buffer correctly (Jackson Tian)
- [#4738](https://github.com/nodejs/node/pull/4738)
* [#4738](https://github.com/nodejs/node/pull/4738)
* **debugger**
* guard against call from non-node context (Ben Noordhuis)
- [#4328](https://github.com/nodejs/node/pull/4328)
- fixes segfaults in debugger
* [#4328](https://github.com/nodejs/node/pull/4328)
* fixes segfaults in debugger
* do not incept debug context (Myles Borins)
- [#4819](https://github.com/nodejs/node/pull/4819)
- fixes crash in debugger when using util methods
* [#4819](https://github.com/nodejs/node/pull/4819)
* fixes crash in debugger when using util methods
* **deps**
* update to http-parser 2.5.2 (James Snell)
- [#5238](https://github.com/nodejs/node/pull/5238)
* [#5238](https://github.com/nodejs/node/pull/5238)
### Commits
@ -2446,8 +2446,8 @@ Note that this release includes a non-backward compatible change to address a se
* **http-parser**: upgrade from 2.5.0 to 2.5.1
* **openssl**: upgrade from 1.0.2e to 1.0.2f. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits.
* **src**:
- introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216`
* introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes
* allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216`
### Commits
@ -2889,8 +2889,8 @@ Security Update
* **http**: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts to trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny)
* **openssl**: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack may be possible against a Node.js TLS server using DHE key exchange. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
* CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack may be possible against a Node.js TLS server using DHE key exchange. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
* CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) [#4134](https://github.com/nodejs/node/pull/4134)
* **v8**: Backport fix for CVE-2015-6764, a bug in `JSON.stringify()` that can result in out-of-bounds reads for arrays. (Ben Noordhuis)
@ -3008,8 +3008,8 @@ This is an LTS maintenance release that addresses a number of issues:
### Notable changes
* Includes fixes for two regressions
- Assertion error in WeakCallback - see [#3329](https://github.com/nodejs/node/pull/3329)
- Undefined timeout regression - see [#3331](https://github.com/nodejs/node/pull/3331)
* Assertion error in WeakCallback - see [#3329](https://github.com/nodejs/node/pull/3329)
* Undefined timeout regression - see [#3331](https://github.com/nodejs/node/pull/3331)
### Known issues
@ -3034,9 +3034,9 @@ The first Node.js LTS release! See https://github.com/nodejs/LTS/ for details of
* **icu**: Updated to version 56 with significant performance improvements (Steven R. Loomis) [#3281](https://github.com/nodejs/node/pull/3281)
* **node**:
- Added new `-c` (or `--check`) command line argument for checking script syntax without executing the code (Dave Eddy) [#2411](https://github.com/nodejs/node/pull/2411)
- Added `process.versions.icu` to hold the current ICU library version (Evan Lucas) [#3102](https://github.com/nodejs/node/pull/3102)
- Added `process.release.lts` to hold the current LTS codename when the binary is from an active LTS release line (Rod Vagg) [#3212](https://github.com/nodejs/node/pull/3212)
* Added new `-c` (or `--check`) command line argument for checking script syntax without executing the code (Dave Eddy) [#2411](https://github.com/nodejs/node/pull/2411)
* Added `process.versions.icu` to hold the current ICU library version (Evan Lucas) [#3102](https://github.com/nodejs/node/pull/3102)
* Added `process.release.lts` to hold the current LTS codename when the binary is from an active LTS release line (Rod Vagg) [#3212](https://github.com/nodejs/node/pull/3212)
* **npm**: Upgraded to npm 2.14.7 from 2.14.4, see [release notes](https://github.com/npm/npm/releases/tag/v2.14.7) for full details (Kat Marchán) [#3299](https://github.com/nodejs/node/pull/3299)
### Known issues
@ -3116,15 +3116,15 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current
### Notable changes
* **http**:
- Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability [CVE-2015-7384](https://github.com/nodejs/node/issues/3138) (Fedor Indutny) [#3128](https://github.com/nodejs/node/pull/3128)
- Account for pending response data instead of just the data on the current request to decide whether pause the socket or not (Fedor Indutny) [#3128](https://github.com/nodejs/node/pull/3128)
* Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability [CVE-2015-7384](https://github.com/nodejs/node/issues/3138) (Fedor Indutny) [#3128](https://github.com/nodejs/node/pull/3128)
* Account for pending response data instead of just the data on the current request to decide whether pause the socket or not (Fedor Indutny) [#3128](https://github.com/nodejs/node/pull/3128)
* **libuv**: Upgraded from v1.7.4 to v1.7.5, see [release notes](https://github.com/libuv/libuv/releases/tag/v1.7.5) for details (Saúl Ibarra Corretgé) [#3010](https://github.com/nodejs/node/pull/3010)
- A better rwlock implementation for all Windows versions
- Improved AIX support
* A better rwlock implementation for all Windows versions
* Improved AIX support
* **v8**:
- Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) [#3117](https://github.com/nodejs/node/pull/3117)
- Backported [f782159](https://codereview.chromium.org/1367123003) from v8's upstream to help speed up Promise introspection (Ben Noordhuis) [#3130](https://github.com/nodejs/node/pull/3130)
- Backported [c281c15](https://codereview.chromium.org/1363683002) from v8's upstream to add JSTypedArray length in post-mortem metadata (Julien Gilli) [#3031](https://github.com/nodejs/node/pull/3031)
* Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) [#3117](https://github.com/nodejs/node/pull/3117)
* Backported [f782159](https://codereview.chromium.org/1367123003) from v8's upstream to help speed up Promise introspection (Ben Noordhuis) [#3130](https://github.com/nodejs/node/pull/3130)
* Backported [c281c15](https://codereview.chromium.org/1363683002) from v8's upstream to add JSTypedArray length in post-mortem metadata (Julien Gilli) [#3031](https://github.com/nodejs/node/pull/3031)
### Known issues
@ -3186,11 +3186,11 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current
* **buffer**: Fixed a bug introduced in v4.1.0 where allocating a new zero-length buffer can result in the _next_ allocation of a TypedArray in JavaScript not being zero-filled. In certain circumstances this could result in data leakage via reuse of memory space in TypedArrays, breaking the normally safe assumption that TypedArrays should be always zero-filled. (Trevor Norris) [#2931](https://github.com/nodejs/node/pull/2931).
* **http**: Guard against response-splitting of HTTP trailing headers added via [`response.addTrailers()`](https://nodejs.org/api/http.html#http_response_addtrailers_headers) by removing new-line (`[\r\n]`) characters from values. Note that standard header values are already stripped of new-line characters. The expected security impact is low because trailing headers are rarely used. (Ben Noordhuis) [#2945](https://github.com/nodejs/node/pull/2945).
* **npm**: Upgrade to npm 2.14.4 from 2.14.3, see [release notes](https://github.com/npm/npm/releases/tag/v2.14.4) for full details (Kat Marchán) [#2958](https://github.com/nodejs/node/pull/2958)
- Upgrades `graceful-fs` on multiple dependencies to no longer rely on monkey-patching `fs`
- Fix `npm link` for pre-release / RC builds of Node
* Upgrades `graceful-fs` on multiple dependencies to no longer rely on monkey-patching `fs`
* Fix `npm link` for pre-release / RC builds of Node
* **v8**: Update post-mortem metadata to allow post-mortem debugging tools to find and inspect:
- JavaScript objects that use dictionary properties (Julien Gilli) [#2959](https://github.com/nodejs/node/pull/2959)
- ScopeInfo and thus closures (Julien Gilli) [#2974](https://github.com/nodejs/node/pull/2974)
* JavaScript objects that use dictionary properties (Julien Gilli) [#2959](https://github.com/nodejs/node/pull/2959)
* ScopeInfo and thus closures (Julien Gilli) [#2974](https://github.com/nodejs/node/pull/2974)
### Known issues
@ -3237,17 +3237,17 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current
### Notable changes
* **buffer**:
- Buffers are now created in JavaScript, rather than C++. This increases the speed of buffer creation (Trevor Norris) [#2866](https://github.com/nodejs/node/pull/2866).
- `Buffer#slice()` now uses `Uint8Array#subarray()` internally, increasing `slice()` performance (Karl Skomski) [#2777](https://github.com/nodejs/node/pull/2777).
* Buffers are now created in JavaScript, rather than C++. This increases the speed of buffer creation (Trevor Norris) [#2866](https://github.com/nodejs/node/pull/2866).
* `Buffer#slice()` now uses `Uint8Array#subarray()` internally, increasing `slice()` performance (Karl Skomski) [#2777](https://github.com/nodejs/node/pull/2777).
* **fs**:
- `fs.utimes()` now properly converts numeric strings, `NaN`, and `Infinity` (Yazhong Liu) [#2387](https://github.com/nodejs/node/pull/2387).
- `fs.WriteStream` now implements `_writev`, allowing for super-fast bulk writes (Ron Korving) [#2167](https://github.com/nodejs/node/pull/2167).
* `fs.utimes()` now properly converts numeric strings, `NaN`, and `Infinity` (Yazhong Liu) [#2387](https://github.com/nodejs/node/pull/2387).
* `fs.WriteStream` now implements `_writev`, allowing for super-fast bulk writes (Ron Korving) [#2167](https://github.com/nodejs/node/pull/2167).
* **http**: Fixed an issue with certain `write()` sizes causing errors when using `http.request()` (Fedor Indutny) [#2824](https://github.com/nodejs/node/pull/2824).
* **npm**: Upgrade to version 2.14.3, see https://github.com/npm/npm/releases/tag/v2.14.3 for more details (Kat Marchán) [#2822](https://github.com/nodejs/node/pull/2822).
* **src**: V8 cpu profiling no longer erroneously shows idle time (Oleksandr Chekhovskyi) [#2324](https://github.com/nodejs/node/pull/2324).
* **timers**: `#ref()` and `#unref()` now return the timer they belong to (Sam Roberts) [#2905](https://github.com/nodejs/node/pull/2905).
* **v8**: Lateral upgrade to 4.5.103.33 from 4.5.103.30, contains minor fixes (Ali Ijaz Sheikh) [#2870](https://github.com/nodejs/node/pull/2870).
- This fixes a previously known bug where some computed object shorthand properties did not work correctly ([#2507](https://github.com/nodejs/node/issues/2507)).
* This fixes a previously known bug where some computed object shorthand properties did not work correctly ([#2507](https://github.com/nodejs/node/issues/2507)).
### Known issues
@ -3330,10 +3330,10 @@ This list of changes is relative to the last io.js v3.x branch release, v3.3.0.
* **timers**: Improved timer performance from porting the 0.12 implementation, plus minor fixes (Jeremiah Senkpiel) [#2540](https://github.com/nodejs/node/pull/2540), (Julien Gilli) [nodejs/node-v0.x-archive#8751](https://github.com/nodejs/node-v0.x-archive/pull/8751) [nodejs/node-v0.x-archive#8905](https://github.com/nodejs/node-v0.x-archive/pull/8905)
* **util**: The `util.is*()` functions have been deprecated, beginning with deprecation warnings in the documentation for this release, users are encouraged to seek more robust alternatives in the npm registry, (Sakthipriyan Vairamani) [#2447](https://github.com/nodejs/node/pull/2447).
* **v8**: Upgrade to version 4.5.103.30 from 4.4.63.30 (Ali Ijaz Sheikh) [#2632](https://github.com/nodejs/node/pull/2632).
- Implement new `TypedArray` prototype methods: `copyWithin()`, `every()`, `fill()`, `filter()`, `find()`, `findIndex()`, `forEach()`, `indexOf()`, `join()`, `lastIndexOf()`, `map()`, `reduce()`, `reduceRight()`, `reverse()`, `slice()`, `some()`, `sort()`. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information.
- Implement new `TypedArray.from()` and `TypedArray.of()` functions. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information.
- Implement arrow functions, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions for further information.
- Full ChangeLog available at https://github.com/v8/v8-git-mirror/blob/4.5.103/ChangeLog
* Implement new `TypedArray` prototype methods: `copyWithin()`, `every()`, `fill()`, `filter()`, `find()`, `findIndex()`, `forEach()`, `indexOf()`, `join()`, `lastIndexOf()`, `map()`, `reduce()`, `reduceRight()`, `reverse()`, `slice()`, `some()`, `sort()`. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information.
* Implement new `TypedArray.from()` and `TypedArray.of()` functions. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information.
* Implement arrow functions, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions for further information.
* Full ChangeLog available at https://github.com/v8/v8-git-mirror/blob/4.5.103/ChangeLog
### Known issues

160
doc/changelogs/CHANGELOG_V5.md
View File

@ -346,10 +346,10 @@ This is a security release. All Node.js users should consult the security releas
### Notable changes
* **buffer**: Now properly throws `RangeError`s on out-of-bounds writes (Matt Loring) [#5605](https://github.com/nodejs/node/pull/5605).
- This effects `write{Float|Double}` when the `noAssert` option is not used.
* This effects `write{Float|Double}` when the `noAssert` option is not used.
* **timers**:
- Returned timeout objects now have a `Timeout` constructor name (Jeremiah Senkpiel) [#5793](https://github.com/nodejs/node/pull/5793).
- Performance of `Immediate` processing is now ~20-40% faster (Brian White) [#4169](https://github.com/nodejs/node/pull/4169).
* Returned timeout objects now have a `Timeout` constructor name (Jeremiah Senkpiel) [#5793](https://github.com/nodejs/node/pull/5793).
* Performance of `Immediate` processing is now ~20-40% faster (Brian White) [#4169](https://github.com/nodejs/node/pull/4169).
* **vm**: Fixed a contextify regression introduced in v5.9.0 (Ali Ijaz Sheikh) [#5800](https://github.com/nodejs/node/pull/5800).
### Commits
@ -405,13 +405,13 @@ This is a security release. All Node.js users should consult the security releas
* **contextify**: Fixed a memory consumption issue related to heavy use of `vm.createContext` and `vm.runInNewContext`. (Ali Ijaz Sheikh)
https://github.com/nodejs/node/pull/5392
* **governance**: The following members have been added as collaborators:
- Andreas Madsen (@AndreasMadsen)
- Benjamin Gruenbaum (@benjamingr)
- Claudio Rodriguez (@claudiorodriguez)
- Glen Keane (@thekemkid)
- Jeremy Whitlock (@whitlockjc)
- Matt Loring (@matthewloring)
- Phillip Johnsen (@phillipj)
* Andreas Madsen (@AndreasMadsen)
* Benjamin Gruenbaum (@benjamingr)
* Claudio Rodriguez (@claudiorodriguez)
* Glen Keane (@thekemkid)
* Jeremy Whitlock (@whitlockjc)
* Matt Loring (@matthewloring)
* Phillip Johnsen (@phillipj)
* **lib**: copy arguments object instead of leaking it (Nathan Woltman)
https://github.com/nodejs/node/pull/4361
* **src**: allow both -i and -e flags to be used at the same time (Rich Trott)
@ -419,7 +419,7 @@ https://github.com/nodejs/node/pull/5655
* **timers**: Internal Node.js timeouts now use the same logic path as those created with `setTimeout()` (Jeremiah Senkpiel) [#4007](https://github.com/nodejs/node/pull/4007)
* This may cause a slightly different performance profile in some situations. So far, it has shown to be positive in most cases.
* **v8**: backport fb4ccae from v8 upstream (Vladimir Krivosheev) #4231
- breakout events from v8 to offer better support for external debuggers
* breakout events from v8 to offer better support for external debuggers
* **zlib**: add support for concatenated members (Kári Tristan Helgason)
https://github.com/nodejs/node/pull/5120
* Previously, if multiple members were in the same archive, only the first would be read. The others are no longer thrown away.
@ -481,11 +481,11 @@ https://github.com/nodejs/node/pull/5655
### Notable changes
* **child_process**: `send()` now accepts an options parameter (cjihrig) [#5283](https://github.com/nodejs/node/pull/5283).
- Currently the only option is `keepOpen`, which keeps the underlying socket open after the message is sent.
* Currently the only option is `keepOpen`, which keeps the underlying socket open after the message is sent.
* **constants**: `ENGINE_METHOD_RSA` is now correctly exposed (Sam Roberts) [#5463](https://github.com/nodejs/node/pull/5463).
* Fixed two regressions which originated in v5.7.0:
- **http**: Errors inside of http client callbacks now propagate correctly (Trevor Norris) [#5591](https://github.com/nodejs/node/pull/5591).
- **path**: Fixed normalization of absolute paths (Evan Lucas) [#5589](https://github.com/nodejs/node/pull/5589).
* **http**: Errors inside of http client callbacks now propagate correctly (Trevor Norris) [#5591](https://github.com/nodejs/node/pull/5591).
* **path**: Fixed normalization of absolute paths (Evan Lucas) [#5589](https://github.com/nodejs/node/pull/5589).
* **repl**: `start()` no longer requires an options parameter (cjihrig) [#5388](https://github.com/nodejs/node/pull/5388).
* **util**: Improved `format()` performance 50-300% (Evan Lucas) [#5360](https://github.com/nodejs/node/pull/5360).
@ -530,16 +530,16 @@ https://github.com/nodejs/node/pull/5655
* **governance**: The Core Technical Committee (CTC) added four new members to help guide Node.js core development: Evan Lucas, Rich Trott, Ali Ijaz Sheikh and Сковорода Никита Андреевич (Nikita Skovoroda).
* **openssl**: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) [#5507](https://github.com/nodejs/node/pull/5507).
- Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at [CVE-2016-0705](https://www.openssl.org/news/vulnerabilities.html#2016-0705).
- Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at [CVE-2016-0797](https://www.openssl.org/news/vulnerabilities.html#2016-0797).
- Fix a defect that makes the _[CacheBleed Attack](https://ssrg.nicta.com.au/projects/TS/cachebleed/)_ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at [CVE-2016-0702](https://www.openssl.org/news/vulnerabilities.html#2016-0702).
* Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at [CVE-2016-0705](https://www.openssl.org/news/vulnerabilities.html#2016-0705).
* Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at [CVE-2016-0797](https://www.openssl.org/news/vulnerabilities.html#2016-0797).
* Fix a defect that makes the _[CacheBleed Attack](https://ssrg.nicta.com.au/projects/TS/cachebleed/)_ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at [CVE-2016-0702](https://www.openssl.org/news/vulnerabilities.html#2016-0702).
* Fixed several regressions that appeared in v5.7.0:
- **`path.relative()`**:
- Output is no longer unnecessarily verbose (Brian White) [#5389](https://github.com/nodejs/node/pull/5389).
- Resolving UNC paths on Windows now works correctly (Owen Smith) [#5456](https://github.com/nodejs/node/pull/5456).
- Resolving paths with prefixes now works correctly from the root directory (Owen Smith) [#5490](https://github.com/nodejs/node/pull/5490).
- **url**: Fixed an off-by-one error with `parse()` (Brian White) [#5394](https://github.com/nodejs/node/pull/5394).
- **dgram**: Now correctly handles a default address case when offset and length are specified (Matteo Collina) [#5407](https://github.com/nodejs/node/pull/5407).
* **`path.relative()`**:
* Output is no longer unnecessarily verbose (Brian White) [#5389](https://github.com/nodejs/node/pull/5389).
* Resolving UNC paths on Windows now works correctly (Owen Smith) [#5456](https://github.com/nodejs/node/pull/5456).
* Resolving paths with prefixes now works correctly from the root directory (Owen Smith) [#5490](https://github.com/nodejs/node/pull/5490).
* **url**: Fixed an off-by-one error with `parse()` (Brian White) [#5394](https://github.com/nodejs/node/pull/5394).
* **dgram**: Now correctly handles a default address case when offset and length are specified (Matteo Collina) [#5407](https://github.com/nodejs/node/pull/5407).
### Commits
@ -624,8 +624,8 @@ https://github.com/nodejs/node/pull/5655
### Notable changes
* **buffer**:
- You can now supply an `encoding` argument when filling a Buffer `Buffer#fill(string[, start[, end]][, encoding])`, supplying an existing Buffer will also work with `Buffer#fill(buffer[, start[, end]])`. See the [API documentation](https://nodejs.org/api/buffer.html#buffer_buf_fill_value_offset_end_encoding) for details on how this works. (Trevor Norris) [#4935](https://github.com/nodejs/node/pull/4935)
- `Buffer#indexOf()` no longer requires a `byteOffset` argument if you also wish to specify an `encoding`: `Buffer#indexOf(val[, byteOffset][, encoding])`. (Trevor Norris) [#4803](https://github.com/nodejs/node/pull/4803)
* You can now supply an `encoding` argument when filling a Buffer `Buffer#fill(string[, start[, end]][, encoding])`, supplying an existing Buffer will also work with `Buffer#fill(buffer[, start[, end]])`. See the [API documentation](https://nodejs.org/api/buffer.html#buffer_buf_fill_value_offset_end_encoding) for details on how this works. (Trevor Norris) [#4935](https://github.com/nodejs/node/pull/4935)
* `Buffer#indexOf()` no longer requires a `byteOffset` argument if you also wish to specify an `encoding`: `Buffer#indexOf(val[, byteOffset][, encoding])`. (Trevor Norris) [#4803](https://github.com/nodejs/node/pull/4803)
* **child_process**: `spawn()` and `spawnSync()` now support a `'shell'` option to allow for optional execution of the given command inside a shell. If set to `true`, `cmd.exe` will be used on Windows and `/bin/sh` elsewhere. A path to a custom shell can also be passed to override these defaults. On Windows, this option allows `.bat.` and `.cmd` files to be executed with `spawn()` and `spawnSync()`. (Colin Ihrig) [#4598](https://github.com/nodejs/node/pull/4598)
* **http_parser**: Update to http-parser 2.6.2 to fix an unintentionally strict limitation of allowable header characters (James M Snell) [#5237](https://github.com/nodejs/node/pull/5237)
* **dgram**: `socket.send()` now supports accepts an array of Buffers or Strings as the first argument. See the [API docs](https://nodejs.org/download/nightly/v6.0.0-nightly201602102848f84332/docs/api/dgram.html#dgram_socket_send_msg_offset_length_port_address_callback) for details on how this works. (Matteo Collina) [#4374](https://github.com/nodejs/node/pull/4374)
@ -635,10 +635,10 @@ https://github.com/nodejs/node/pull/5655
* **tls**: Add a new `tlsSocket.getProtocol()` method to get the negotiated TLS protocol version of the current connection. (Brian White) [#4995](https://github.com/nodejs/node/pull/4995)
* **vm**: Introduce new `'produceCachedData'` and `'cachedData'` options to `new vm.Script()` to interact with V8's code cache. When a new `vm.Script` object is created with the `'produceCachedData'` set to `true` a `Buffer` with V8's code cache data will be produced and stored in `cachedData` property of the returned object. This data in turn may be supplied back to another `vm.Script()` object with a `'cachedData'` option if the supplied source is the same. Successfully executing a script from cached data can speed up instantiation time. See the [API docs](https://nodejs.org/api/vm.html#vm_new_vm_script_code_options) for details. (Fedor Indutny) [#4777](https://github.com/nodejs/node/pull/4777)
* **performance**: Improvements in:
- `process.nextTick()` (Ruben Bridgewater) [#5092](https://github.com/nodejs/node/pull/5092)
- `path` module (Brian White) [#5123](https://github.com/nodejs/node/pull/5123)
- `querystring` module (Brian White) [#5012](https://github.com/nodejs/node/pull/5012)
- `streams` module when processing small chunks (Matteo Collina) [#4354](https://github.com/nodejs/node/pull/4354)
* `process.nextTick()` (Ruben Bridgewater) [#5092](https://github.com/nodejs/node/pull/5092)
* `path` module (Brian White) [#5123](https://github.com/nodejs/node/pull/5123)
* `querystring` module (Brian White) [#5012](https://github.com/nodejs/node/pull/5012)
* `streams` module when processing small chunks (Matteo Collina) [#4354](https://github.com/nodejs/node/pull/4354)
### Commits
@ -917,16 +917,16 @@ This is an important security release. All Node.js users should consult the secu
### Notable Changes
- **events**: make sure console functions exist (Dave) [#4479](https://github.com/nodejs/node/pull/4479)
- **fs**: add autoClose option to fs.createWriteStream (Saquib) [#3679](https://github.com/nodejs/node/pull/3679)
- **http**: improves expect header handling (Daniel Sellers) [#4501](https://github.com/nodejs/node/pull/4501)
- **node**: allow preload modules with -i (Evan Lucas) [#4696](https://github.com/nodejs/node/pull/4696)
- **v8,src**: expose statistics about heap spaces (`v8.getHeapSpaceStatistics()`) (Ben Ripkens) [#4463](https://github.com/nodejs/node/pull/4463)
- Minor performance improvements:
- **lib**: Use arrow functions instead of bind where possible (Minwoo Jung) [#3622](https://github.com/nodejs/node/pull/3622).
- (Mistakenly missing from v5.4.0)
- **module**: cache stat() results more aggressively (Ben Noordhuis) [#4575](https://github.com/nodejs/node/pull/4575)
- **querystring**: improve parse() performance (Brian White) [#4675](https://github.com/nodejs/node/pull/4675)
* **events**: make sure console functions exist (Dave) [#4479](https://github.com/nodejs/node/pull/4479)
* **fs**: add autoClose option to fs.createWriteStream (Saquib) [#3679](https://github.com/nodejs/node/pull/3679)
* **http**: improves expect header handling (Daniel Sellers) [#4501](https://github.com/nodejs/node/pull/4501)
* **node**: allow preload modules with -i (Evan Lucas) [#4696](https://github.com/nodejs/node/pull/4696)
* **v8,src**: expose statistics about heap spaces (`v8.getHeapSpaceStatistics()`) (Ben Ripkens) [#4463](https://github.com/nodejs/node/pull/4463)
* Minor performance improvements:
* **lib**: Use arrow functions instead of bind where possible (Minwoo Jung) [#3622](https://github.com/nodejs/node/pull/3622).
* (Mistakenly missing from v5.4.0)
* **module**: cache stat() results more aggressively (Ben Noordhuis) [#4575](https://github.com/nodejs/node/pull/4575)
* **querystring**: improve parse() performance (Brian White) [#4675](https://github.com/nodejs/node/pull/4675)
### Known issues
@ -1003,7 +1003,7 @@ This is an important security release. All Node.js users should consult the secu
### Notable Changes
* Minor performance improvements:
- **module**: move unnecessary work for early return (Andres Suarez) [#3579](https://github.com/nodejs/node/pull/3579)
* **module**: move unnecessary work for early return (Andres Suarez) [#3579](https://github.com/nodejs/node/pull/3579)
* Various bug fixes
* Various doc fixes
* Various test improvements
@ -1050,15 +1050,15 @@ This is an important security release. All Node.js users should consult the secu
### Notable changes
* **http**:
- A new status code was added: 451 - "Unavailable For Legal Reasons" (Max Barinov) [#4377](https://github.com/nodejs/node/pull/4377).
- Idle sockets that have been kept alive now handle errors (José F. Romaniello) [#4482](https://github.com/nodejs/node/pull/4482).
* A new status code was added: 451 - "Unavailable For Legal Reasons" (Max Barinov) [#4377](https://github.com/nodejs/node/pull/4377).
* Idle sockets that have been kept alive now handle errors (José F. Romaniello) [#4482](https://github.com/nodejs/node/pull/4482).
* This release also includes several minor performance improvements:
- **assert**: deepEqual is now speedier when comparing TypedArrays (Claudio Rodriguez) [#4330](https://github.com/nodejs/node/pull/4330).
- **lib**: Use arrow functions instead of bind where possible (Minwoo Jung) [node#3622](https://github.com/nodejs/node/pull/3622).
- **node**: Improved accessor perf of `process.env` (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780).
- **node**: Improved performance of `process.hrtime()` (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780), (Evan Lucas) [#4484](https://github.com/nodejs/node/pull/4484).
- **node**: Improved GetActiveHandles performance (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780).
- **util**: Use faster iteration in `util.format()` (Jackson Tian) [#3964](https://github.com/nodejs/node/pull/3964).
* **assert**: deepEqual is now speedier when comparing TypedArrays (Claudio Rodriguez) [#4330](https://github.com/nodejs/node/pull/4330).
* **lib**: Use arrow functions instead of bind where possible (Minwoo Jung) [node#3622](https://github.com/nodejs/node/pull/3622).
* **node**: Improved accessor perf of `process.env` (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780).
* **node**: Improved performance of `process.hrtime()` (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780), (Evan Lucas) [#4484](https://github.com/nodejs/node/pull/4484).
* **node**: Improved GetActiveHandles performance (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780).
* **util**: Use faster iteration in `util.format()` (Jackson Tian) [#3964](https://github.com/nodejs/node/pull/3964).
### Known issues
@ -1174,15 +1174,15 @@ This is an important security release. All Node.js users should consult the secu
### Notable changes
* **buffer**:
- `Buffer.prototype.includes()` has been added to keep parity with TypedArrays. (Alexander Martin) [#3567](https://github.com/nodejs/node/pull/3567).
* `Buffer.prototype.includes()` has been added to keep parity with TypedArrays. (Alexander Martin) [#3567](https://github.com/nodejs/node/pull/3567).
* **domains**:
- Fix handling of uncaught exceptions. (Julien Gilli) [#3654](https://github.com/nodejs/node/pull/3654).
* Fix handling of uncaught exceptions. (Julien Gilli) [#3654](https://github.com/nodejs/node/pull/3654).
* **https**:
- Added support for disabling session caching. (Fedor Indutny) [#4252](https://github.com/nodejs/node/pull/4252).
* Added support for disabling session caching. (Fedor Indutny) [#4252](https://github.com/nodejs/node/pull/4252).
* **repl**:
- Allow third party modules to be imported using `require()`. This corrects a regression from 5.2.0. (Ben Noordhuis) [#4215](https://github.com/nodejs/node/pull/4215).
* Allow third party modules to be imported using `require()`. This corrects a regression from 5.2.0. (Ben Noordhuis) [#4215](https://github.com/nodejs/node/pull/4215).
* **deps**:
- Upgrade libuv to 1.8.0. (Saúl Ibarra Corretgé) [#4276](https://github.com/nodejs/node/pull/4276).
* Upgrade libuv to 1.8.0. (Saúl Ibarra Corretgé) [#4276](https://github.com/nodejs/node/pull/4276).
### Known issues
@ -1251,12 +1251,12 @@ This is an important security release. All Node.js users should consult the secu
### Notable changes
* **build**:
- Add support for Intel's VTune JIT profiling when compiled with `--enable-vtune-profiling`. For more information about VTune, see <https://software.intel.com/en-us/node/544211>. (Chunyang Dai) [#3785](https://github.com/nodejs/node/pull/3785).
- Properly enable V8 snapshots by default. Due to a configuration error, snapshots have been kept off by default when the intention is for the feature to be enabled. (Fedor Indutny) [#3962](https://github.com/nodejs/node/pull/3962).
* Add support for Intel's VTune JIT profiling when compiled with `--enable-vtune-profiling`. For more information about VTune, see <https://software.intel.com/en-us/node/544211>. (Chunyang Dai) [#3785](https://github.com/nodejs/node/pull/3785).
* Properly enable V8 snapshots by default. Due to a configuration error, snapshots have been kept off by default when the intention is for the feature to be enabled. (Fedor Indutny) [#3962](https://github.com/nodejs/node/pull/3962).
* **crypto**:
- Simplify use of ECDH (Elliptic Curve Diffie-Hellman) objects (created via `crypto.createECDH(curve_name)`) with private keys that are not dynamically generated via `generateKeys()`. The public key is now computed when explicitly setting a private key. Added validity checks to reduce the possibility of computing weak or invalid shared secrets. Also, deprecated the `setPublicKey()` method for ECDH objects as its usage is unnecessary and can lead to inconsistent state. (Michael Ruddy) [#3511](https://github.com/nodejs/node/pull/3511).
- Update root certificates from the current list stored maintained by Mozilla NSS. (Ben Noordhuis) [#3951](https://github.com/nodejs/node/pull/3951).
- Multiple CA certificates can now be passed with the `ca` option to TLS methods as an array of strings or in a single new-line separated string. (Ben Noordhuis) [#4099](https://github.com/nodejs/node/pull/4099)
* Simplify use of ECDH (Elliptic Curve Diffie-Hellman) objects (created via `crypto.createECDH(curve_name)`) with private keys that are not dynamically generated via `generateKeys()`. The public key is now computed when explicitly setting a private key. Added validity checks to reduce the possibility of computing weak or invalid shared secrets. Also, deprecated the `setPublicKey()` method for ECDH objects as its usage is unnecessary and can lead to inconsistent state. (Michael Ruddy) [#3511](https://github.com/nodejs/node/pull/3511).
* Update root certificates from the current list stored maintained by Mozilla NSS. (Ben Noordhuis) [#3951](https://github.com/nodejs/node/pull/3951).
* Multiple CA certificates can now be passed with the `ca` option to TLS methods as an array of strings or in a single new-line separated string. (Ben Noordhuis) [#4099](https://github.com/nodejs/node/pull/4099)
* **tools**: Include a tick processor in core, exposed via the `--prof-process` command-line argument which can be used to process V8 profiling output files generated when using the `--prof` command-line argument. (Matt Loring) [#4021](https://github.com/nodejs/node/pull/4021).
### Known issues
@ -1381,8 +1381,8 @@ This is an important security release. All Node.js users should consult the secu
* **http**: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts to trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny)
* **openssl**: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack may be possible against a Node.js TLS server using DHE key exchange. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
* CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack may be possible against a Node.js TLS server using DHE key exchange. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
* CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) [#4134](https://github.com/nodejs/node/pull/4134)
* **v8**: Backport fix for CVE-2015-6764, a bug in `JSON.stringify()` that can result in out-of-bounds reads for arrays. (Ben Noordhuis)
@ -1406,14 +1406,14 @@ This is an important security release. All Node.js users should consult the secu
### Notable changes
* **buffer**: The `noAssert` option for many buffer functions will now silently drop invalid write values rather than crashing (Minqi Pan) [#3767](https://github.com/nodejs/node/pull/3767).
- This makes the behavior match what the docs suggest.
* This makes the behavior match what the docs suggest.
* **child_process**: `child.send()` now properly returns a boolean like the docs suggest (Rich Trott) [#3577](https://github.com/nodejs/node/pull/3577).
* **doc**: All of the API docs have been re-ordered so as to read in alphabetical order (Tristian Flanagan) [#3662](https://github.com/nodejs/node/pull/3662).
* **http_parser**: update http-parser to 2.6.0 from 2.5.0 (James M Snell) [#3569](https://github.com/nodejs/node/pull/3569).
- Now supports the following HTTP methods: `LINK`, `UNLINK`, `BIND`, `REBIND`, `UNBIND`.
- Also added ACL and IPv6 Zone ID support.
* Now supports the following HTTP methods: `LINK`, `UNLINK`, `BIND`, `REBIND`, `UNBIND`.
* Also added ACL and IPv6 Zone ID support.
* **npm**: upgrade npm to 3.3.12 from v3.3.6 (Rebecca Turner) [#3685](https://github.com/nodejs/node/pull/3685).
- See the release notes for [v3.3.7](https://github.com/npm/npm/releases/tag/v3.3.7), [v3.3.8](https://github.com/npm/npm/releases/tag/v3.3.8), [v3.3.9](https://github.com/npm/npm/releases/tag/v3.3.9), [v3.3.10](https://github.com/npm/npm/releases/tag/v3.3.10), [v3.3.11](https://github.com/npm/npm/releases/tag/v3.3.11), and [v3.3.12](https://github.com/npm/npm/releases/tag/v3.3.12) for more details.
* See the release notes for [v3.3.7](https://github.com/npm/npm/releases/tag/v3.3.7), [v3.3.8](https://github.com/npm/npm/releases/tag/v3.3.8), [v3.3.9](https://github.com/npm/npm/releases/tag/v3.3.9), [v3.3.10](https://github.com/npm/npm/releases/tag/v3.3.10), [v3.3.11](https://github.com/npm/npm/releases/tag/v3.3.11), and [v3.3.12](https://github.com/npm/npm/releases/tag/v3.3.12) for more details.
* **repl**: The REPL no longer crashes if the [persistent history](https://nodejs.org/api/repl.html#repl_persistent_history) file cannot be opened (Evan Lucas) [#3630](https://github.com/nodejs/node/pull/3630).
* **tls**: The default `sessionIdContext` now uses SHA1 in FIPS mode rather than MD5 (Stefan Budeanu) [#3755](https://github.com/nodejs/node/pull/3755).
* **v8**: Added some more useful post-mortem data (Fedor Indutny) [#3779](https://github.com/nodejs/node/pull/3779).
@ -1572,30 +1572,30 @@ This is an important security release. All Node.js users should consult the secu
* **buffer**: _(Breaking)_ Removed both `'raw'` and `'raws'` encoding types from `Buffer`, these have been deprecated for a long time (Sakthipriyan Vairamani) [#2859](https://github.com/nodejs/node/pull/2859).
* **console**: _(Breaking)_ Values reported by `console.time()` now have 3 decimals of accuracy added (Michaël Zasso) [#3166](https://github.com/nodejs/node/pull/3166).
* **fs**:
- `fs.readFile*()`, `fs.writeFile*()`, and `fs.appendFile*()` now also accept a file descriptor as their first argument (Johannes Wüller) [#3163](https://github.com/nodejs/node/pull/3163).
- _(Breaking)_ In `fs.readFile()`, if an encoding is specified and the internal `toString()` fails the error is no longer _thrown_ but is passed to the callback (Evan Lucas) [#3485](https://github.com/nodejs/node/pull/3485).
- _(Breaking)_ In `fs.read()` (using the `fs.read(fd, length, position, encoding, callback)` form), if the internal `toString()` fails the error is no longer _thrown_ but is passed to the callback (Evan Lucas) [#3503](https://github.com/nodejs/node/pull/3503).
* `fs.readFile*()`, `fs.writeFile*()`, and `fs.appendFile*()` now also accept a file descriptor as their first argument (Johannes Wüller) [#3163](https://github.com/nodejs/node/pull/3163).
* _(Breaking)_ In `fs.readFile()`, if an encoding is specified and the internal `toString()` fails the error is no longer _thrown_ but is passed to the callback (Evan Lucas) [#3485](https://github.com/nodejs/node/pull/3485).
* _(Breaking)_ In `fs.read()` (using the `fs.read(fd, length, position, encoding, callback)` form), if the internal `toString()` fails the error is no longer _thrown_ but is passed to the callback (Evan Lucas) [#3503](https://github.com/nodejs/node/pull/3503).
* **http**:
- Fixed a bug where pipelined http requests would stall (Fedor Indutny) [#3342](https://github.com/nodejs/node/pull/3342).
- _(Breaking)_ When parsing HTTP, don't add duplicates of the following headers: `Retry-After`, `ETag`, `Last-Modified`, `Server`, `Age`, `Expires`. This is in addition to the following headers which already block duplicates: `Content-Type`, `Content-Length`, `User-Agent`, `Referer`, `Host`, `Authorization`, `Proxy-Authorization`, `If-Modified-Since`, `If-Unmodified-Since`, `From`, `Location`, `Max-Forwards` (James M Snell) [#3090](https://github.com/nodejs/node/pull/3090).
- _(Breaking)_ The `callback` argument to `OutgoingMessage#setTimeout()` must be a function or a `TypeError` is thrown (James M Snell) [#3090](https://github.com/nodejs/node/pull/3090).
- _(Breaking)_ HTTP methods and header names must now conform to the RFC 2616 "token" rule, a list of allowed characters that excludes control characters and a number of _separator_ characters. Specifically, methods and header names must now match ```/^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/``` or a `TypeError` will be thrown (James M Snell) [#2526](https://github.com/nodejs/node/pull/2526).
* Fixed a bug where pipelined http requests would stall (Fedor Indutny) [#3342](https://github.com/nodejs/node/pull/3342).
* _(Breaking)_ When parsing HTTP, don't add duplicates of the following headers: `Retry-After`, `ETag`, `Last-Modified`, `Server`, `Age`, `Expires`. This is in addition to the following headers which already block duplicates: `Content-Type`, `Content-Length`, `User-Agent`, `Referer`, `Host`, `Authorization`, `Proxy-Authorization`, `If-Modified-Since`, `If-Unmodified-Since`, `From`, `Location`, `Max-Forwards` (James M Snell) [#3090](https://github.com/nodejs/node/pull/3090).
* _(Breaking)_ The `callback` argument to `OutgoingMessage#setTimeout()` must be a function or a `TypeError` is thrown (James M Snell) [#3090](https://github.com/nodejs/node/pull/3090).
* _(Breaking)_ HTTP methods and header names must now conform to the RFC 2616 "token" rule, a list of allowed characters that excludes control characters and a number of _separator_ characters. Specifically, methods and header names must now match ```/^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/``` or a `TypeError` will be thrown (James M Snell) [#2526](https://github.com/nodejs/node/pull/2526).
* **node**:
- _(Breaking)_ Deprecated the `_linklist` module (Rich Trott) [#3078](https://github.com/nodejs/node/pull/3078).
- _(Breaking)_ Removed `require.paths` and `require.registerExtension()`, both had been previously set to throw `Error` when accessed (Sakthipriyan Vairamani) [#2922](https://github.com/nodejs/node/pull/2922).
* _(Breaking)_ Deprecated the `_linklist` module (Rich Trott) [#3078](https://github.com/nodejs/node/pull/3078).
* _(Breaking)_ Removed `require.paths` and `require.registerExtension()`, both had been previously set to throw `Error` when accessed (Sakthipriyan Vairamani) [#2922](https://github.com/nodejs/node/pull/2922).
* **npm**: Upgraded to version 3.3.6 from 2.14.7, see https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a major version bump for npm and it has seen a significant amount of change. Please see the original [npm v3.0.0 release notes](https://github.com/npm/npm/blob/master/CHANGELOG.md#v300-2015-06-25) for a list of major changes (Rebecca Turner) [#3310](https://github.com/nodejs/node/pull/3310).
* **src**: _(Breaking)_ Bumped `NODE_MODULE_VERSION` to `47` from `46`, this is necessary due to the V8 upgrade. Native add-ons will need to be recompiled (Rod Vagg) [#3400](https://github.com/nodejs/node/pull/3400).
* **timers**: Attempt to reuse the timer handle for `setTimeout().unref()`. This fixes a long-standing known issue where unrefed timers would perviously hold `beforeExit` open (Fedor Indutny) [#3407](https://github.com/nodejs/node/pull/3407).
* **tls**:
- Added ALPN Support (Shigeki Ohtsu) [#2564](https://github.com/nodejs/node/pull/2564).
- TLS options can now be passed in an object to `createSecurePair()` (Коренберг Марк) [#2441](https://github.com/nodejs/node/pull/2441).
- _(Breaking)_ The default minimum DH key size for `tls.connect()` is now 1024 bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new `minDHSize` TLS option can be used to override the default. (Shigeki Ohtsu) [#1831](https://github.com/nodejs/node/pull/1831).
* Added ALPN Support (Shigeki Ohtsu) [#2564](https://github.com/nodejs/node/pull/2564).
* TLS options can now be passed in an object to `createSecurePair()` (Коренберг Марк) [#2441](https://github.com/nodejs/node/pull/2441).
* _(Breaking)_ The default minimum DH key size for `tls.connect()` is now 1024 bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new `minDHSize` TLS option can be used to override the default. (Shigeki Ohtsu) [#1831](https://github.com/nodejs/node/pull/1831).
* **util**:
- _(Breaking)_ `util.p()` was deprecated for years, and has now been removed (Wyatt Preul) [#3432](https://github.com/nodejs/node/pull/3432).
- _(Breaking)_ `util.inherits()` can now work with ES6 classes. This is considered a breaking change because of potential subtle side-effects caused by a change from directly reassigning the prototype of the constructor using `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })` to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)` (Michaël Zasso) [#3455](https://github.com/nodejs/node/pull/3455).
* _(Breaking)_ `util.p()` was deprecated for years, and has now been removed (Wyatt Preul) [#3432](https://github.com/nodejs/node/pull/3432).
* _(Breaking)_ `util.inherits()` can now work with ES6 classes. This is considered a breaking change because of potential subtle side-effects caused by a change from directly reassigning the prototype of the constructor using `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })` to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)` (Michaël Zasso) [#3455](https://github.com/nodejs/node/pull/3455).
* **v8**: _(Breaking)_ Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) [#3351](https://github.com/nodejs/node/pull/3351).
- Implements the spread operator, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator for further information.
- Implements `new.target`, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target for further information.
* Implements the spread operator, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator for further information.
* Implements `new.target`, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target for further information.
* **zlib**: Decompression now throws on truncated input (e.g. unexpected end of file) (Yuval Brik) [#2595](https://github.com/nodejs/node/pull/2595).
### Known issues

258
doc/changelogs/CHANGELOG_V6.md
View File

@ -87,7 +87,7 @@ Node 6 is due to go End-of-Life on 2019-04-30.
### Notable Changes
* **http**:
- fix error check in `Execute()` (Brian White) [#25939](https://github.com/nodejs/node/pull/25939)
* fix error check in `Execute()` (Brian White) [#25939](https://github.com/nodejs/node/pull/25939)
### Commits
@ -118,8 +118,8 @@ Fixes for the following CVEs are included in this release:
* **deps**: OpenSSL has been upgraded to 1.0.2r which contains a fix for [CVE-2019-1559](https://www.openssl.org/news/secadv/20190226.txt). Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid _padding_ compared to a zero-byte record with an invalid _MAC_. This can be used as the basis of a padding oracle attack to decrypt data.
* **http**:
- Backport `server.keepAliveTimeout` to prevent keep-alive HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential Denial of Service (DoS). (CVE-2019-5739 / [Timur Shemsedinov](https://github.com/tshemsedinov), [Matteo Collina](https://twitter.com/matteocollina))
- Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci ([Voxnest](https://voxnest.com)). (CVE-2019-5737 / Matteo Collina)
* Backport `server.keepAliveTimeout` to prevent keep-alive HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential Denial of Service (DoS). (CVE-2019-5739 / [Timur Shemsedinov](https://github.com/tshemsedinov), [Matteo Collina](https://twitter.com/matteocollina))
* Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci ([Voxnest](https://voxnest.com)). (CVE-2019-5737 / Matteo Collina)
### Commits
@ -145,9 +145,9 @@ a missing CLI flag to adjust the max header size of the http parser.
### Notable Changes
* **cli**:
- add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811)
* add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811)
* **http**:
- add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860)
* add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860)
### Commits
@ -264,7 +264,7 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **n-api**:
- n-api has been backported to v6.x. It is being landed as an experimental interface,
* n-api has been backported to v6.x. It is being landed as an experimental interface,
and as such is landing in a Semver-Patch release. (Gabriel Schulhof) [#19447](https://github.com/nodejs/node/pull/19447)
### Commits
@ -549,7 +549,7 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **http, tls**:
- better support for IPv6 addresses (Mattias Holmlund) [#14772](https://github.com/nodejs/node/pull/14772)
* better support for IPv6 addresses (Mattias Holmlund) [#14772](https://github.com/nodejs/node/pull/14772)
### Commits
@ -586,39 +586,39 @@ This LTS release comes with 112 commits, 17 of which are considered Semver-Minor
### Notable Changes
* **console**:
- added console.count() and console.clear() (James M Snell) [#12678](https://github.com/nodejs/node/pull/12678)
* added console.count() and console.clear() (James M Snell) [#12678](https://github.com/nodejs/node/pull/12678)
* **crypto**:
- expose ECDH class (Bryan English) [#8188](https://github.com/nodejs/node/pull/8188)
- added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas) [#10209](https://github.com/nodejs/node/pull/10209)
- warn on invalid authentication tag length (Tobias Nießen) [#17566](https://github.com/nodejs/node/pull/17566)
* expose ECDH class (Bryan English) [#8188](https://github.com/nodejs/node/pull/8188)
* added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas) [#10209](https://github.com/nodejs/node/pull/10209)
* warn on invalid authentication tag length (Tobias Nießen) [#17566](https://github.com/nodejs/node/pull/17566)
* **deps**:
- upgrade libuv to 1.16.1 (cjihrig) [#16835](https://github.com/nodejs/node/pull/16835)
* upgrade libuv to 1.16.1 (cjihrig) [#16835](https://github.com/nodejs/node/pull/16835)
* **dgram**:
- added socket.setMulticastInterface() (Will Young) [#7855](https://github.com/nodejs/node/pull/7855)
* added socket.setMulticastInterface() (Will Young) [#7855](https://github.com/nodejs/node/pull/7855)
* **http**:
- add agent.keepSocketAlive and agent.reuseSocket as to allow overridable keep-alive behavior of `Agent` (Fedor Indutny) [#13005](https://github.com/nodejs/node/pull/13005)
* add agent.keepSocketAlive and agent.reuseSocket as to allow overridable keep-alive behavior of `Agent` (Fedor Indutny) [#13005](https://github.com/nodejs/node/pull/13005)
* **lib**:
- return this from net.Socket.end() (Sam Roberts) [#13481](https://github.com/nodejs/node/pull/13481)
* return this from net.Socket.end() (Sam Roberts) [#13481](https://github.com/nodejs/node/pull/13481)
* **module**:
- add builtinModules api that provides list of all builtin modules in Node (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386)
* add builtinModules api that provides list of all builtin modules in Node (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386)
* **net**:
- return this from getConnections() (Sam Roberts) [#13553](https://github.com/nodejs/node/pull/13553)
* return this from getConnections() (Sam Roberts) [#13553](https://github.com/nodejs/node/pull/13553)
* **promises**:
- more robust stringification for unhandled rejections (Timothy Gu) [#13784](https://github.com/nodejs/node/pull/13784)
* more robust stringification for unhandled rejections (Timothy Gu) [#13784](https://github.com/nodejs/node/pull/13784)
* **repl**:
- improve require() autocompletion (Alexey Orlenko) [#14409](https://github.com/nodejs/node/pull/14409)
* improve require() autocompletion (Alexey Orlenko) [#14409](https://github.com/nodejs/node/pull/14409)
* **src**:
- add openssl-system-ca-path configure option (Daniel Bevenius) [#16790](https://github.com/nodejs/node/pull/16790)
- add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius) [#12087](https://github.com/nodejs/node/pull/12087)
- add process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839)
* add openssl-system-ca-path configure option (Daniel Bevenius) [#16790](https://github.com/nodejs/node/pull/16790)
* add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius) [#12087](https://github.com/nodejs/node/pull/12087)
* add process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839)
* **tls**:
- accept `lookup` option for `tls.connect()` (Fedor Indutny) [#12839](https://github.com/nodejs/node/pull/12839)
* accept `lookup` option for `tls.connect()` (Fedor Indutny) [#12839](https://github.com/nodejs/node/pull/12839)
* **tools, build**:
- a new macOS installer! (JP Wesselink) [#15179](https://github.com/nodejs/node/pull/15179)
* a new macOS installer! (JP Wesselink) [#15179](https://github.com/nodejs/node/pull/15179)
* **url**:
- WHATWG URL api support (James M Snell) [#7448](https://github.com/nodejs/node/pull/7448)
* WHATWG URL api support (James M Snell) [#7448](https://github.com/nodejs/node/pull/7448)
* **util**:
- add %i and %f formatting specifiers (Roman Reiss) [#10308](https://github.com/nodejs/node/pull/10308)
* add %i and %f formatting specifiers (Roman Reiss) [#10308](https://github.com/nodejs/node/pull/10308)
### Commits
@ -744,7 +744,7 @@ This LTS release comes with 115 commits. This includes 52 which are test related
### Notable Changes
* **build**:
- configure can now be run from any directory (Gibson Fahnestock) [#17321](https://github.com/nodejs/node/pull/17321)
* configure can now be run from any directory (Gibson Fahnestock) [#17321](https://github.com/nodejs/node/pull/17321)
### Commits
@ -898,11 +898,11 @@ This LTS release comes with 263 commits. This includes 173 which are test relate
### Notable Changes
* **build**:
- fix npm install with --shared (Ben Noordhuis) [#16438](https://github.com/nodejs/node/pull/16438)
* fix npm install with --shared (Ben Noordhuis) [#16438](https://github.com/nodejs/node/pull/16438)
* **build**:
- building with python 3 is now supported (Emily Marigold Klassen) [#16058](https://github.com/nodejs/node/pull/16058)
* building with python 3 is now supported (Emily Marigold Klassen) [#16058](https://github.com/nodejs/node/pull/16058)
* **src**:
- v8 options can be specified with either '\_' or '-' in NODE_OPTIONS (Sam Roberts) [#14093](https://github.com/nodejs/node/pull/14093)
* v8 options can be specified with either '\_' or '-' in NODE_OPTIONS (Sam Roberts) [#14093](https://github.com/nodejs/node/pull/14093)
### Commits
@ -1181,28 +1181,28 @@ This release includes a security update to openssl that has been deemed low seve
### Notable Changes
* **assert**:
- assert.fail() can now take one or two arguments (Rich Trott) [#12293](https://github.com/nodejs/node/pull/12293)
* assert.fail() can now take one or two arguments (Rich Trott) [#12293](https://github.com/nodejs/node/pull/12293)
* **crypto**:
- add sign/verify support for RSASSA-PSS (Tobias Nießen) [#11705](https://github.com/nodejs/node/pull/11705)
* add sign/verify support for RSASSA-PSS (Tobias Nießen) [#11705](https://github.com/nodejs/node/pull/11705)
* **deps**:
- upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691)
- upgrade libuv to 1.15.0 (cjihrig) [#15745](https://github.com/nodejs/node/pull/15745)
- upgrade libuv to 1.14.1 (cjihrig) [#14866](https://github.com/nodejs/node/pull/14866)
- upgrade libuv to 1.13.1 (cjihrig) [#14117](https://github.com/nodejs/node/pull/14117)
- upgrade libuv to 1.12.0 (cjihrig) [#13306](https://github.com/nodejs/node/pull/13306)
* upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691)
* upgrade libuv to 1.15.0 (cjihrig) [#15745](https://github.com/nodejs/node/pull/15745)
* upgrade libuv to 1.14.1 (cjihrig) [#14866](https://github.com/nodejs/node/pull/14866)
* upgrade libuv to 1.13.1 (cjihrig) [#14117](https://github.com/nodejs/node/pull/14117)
* upgrade libuv to 1.12.0 (cjihrig) [#13306](https://github.com/nodejs/node/pull/13306)
* **fs**:
- Add support for fs.write/fs.writeSync(fd, buffer, cb) and fs.write/fs.writeSync(fd, buffer, offset, cb) as documented (Andreas Lind) [#7856](https://github.com/nodejs/node/pull/7856)
* Add support for fs.write/fs.writeSync(fd, buffer, cb) and fs.write/fs.writeSync(fd, buffer, offset, cb) as documented (Andreas Lind) [#7856](https://github.com/nodejs/node/pull/7856)
* **inspector**:
- enable --inspect-brk (Refael Ackermann) [#12615](https://github.com/nodejs/node/pull/12615)
* enable --inspect-brk (Refael Ackermann) [#12615](https://github.com/nodejs/node/pull/12615)
* **process**:
- add --redirect-warnings command line argument (James M Snell) [#10116](https://github.com/nodejs/node/pull/10116)
* add --redirect-warnings command line argument (James M Snell) [#10116](https://github.com/nodejs/node/pull/10116)
* **src**:
- allow CLI args in env with NODE_OPTIONS (Sam Roberts) [#12028](https://github.com/nodejs/node/pull/12028)
- --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts) [#13932](https://github.com/nodejs/node/pull/13932)
- allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts) [#13172](https://github.com/nodejs/node/pull/13172)
- use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts) [#12677](https://github.com/nodejs/node/pull/12677)
* allow CLI args in env with NODE_OPTIONS (Sam Roberts) [#12028](https://github.com/nodejs/node/pull/12028)
* --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts) [#13932](https://github.com/nodejs/node/pull/13932)
* allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts) [#13172](https://github.com/nodejs/node/pull/13172)
* use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts) [#12677](https://github.com/nodejs/node/pull/12677)
* **test**:
- remove common.fail() (Rich Trott) [#12293](https://github.com/nodejs/node/pull/12293)
* remove common.fail() (Rich Trott) [#12293](https://github.com/nodejs/node/pull/12293)
### Commits
@ -1342,7 +1342,7 @@ This is a security release. All Node.js users should consult the security releas
### Notable Changes
* **zlib**:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95)
* CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95)
### Commits
@ -1357,7 +1357,7 @@ This LTS release comes with 91 commits. This includes 29 which are test related,
### Notable Changes
* **net**:
- support passing undefined to listen() to match behavior in v4.x and v8.x (Sam Roberts) [#14234](https://github.com/nodejs/node/pull/14234)
* support passing undefined to listen() to match behavior in v4.x and v8.x (Sam Roberts) [#14234](https://github.com/nodejs/node/pull/14234)
### Commits
@ -1462,13 +1462,13 @@ This LTS release comes with 152 commits. This includes 75 which are test related
### Notable Changes
* **build**:
- Codesigning is fixed on macOS (Evan Lucas) [#14179](https://github.com/nodejs/node/pull/14179)
* Codesigning is fixed on macOS (Evan Lucas) [#14179](https://github.com/nodejs/node/pull/14179)
* **deps**:
- Snapshots are turned back on!!! (Yang Guo) [#14385](https://github.com/nodejs/node/pull/14385)
* Snapshots are turned back on!!! (Yang Guo) [#14385](https://github.com/nodejs/node/pull/14385)
* **path**:
- win32 volume-relative paths are working again! (Timothy Gu) [#14440](https://github.com/nodejs/node/pull/14440)
* win32 volume-relative paths are working again! (Timothy Gu) [#14440](https://github.com/nodejs/node/pull/14440)
* **tools**:
- v6.x can now build with ICU 59 (Steven R. Loomis) [#12078](https://github.com/nodejs/node/pull/12078)
* v6.x can now build with ICU 59 (Steven R. Loomis) [#12078](https://github.com/nodejs/node/pull/12078)
### Commits
@ -1634,18 +1634,18 @@ This LTS release comes with 221 commits. This includes 80 which are test related
### Notable Changes
* **configure**:
- add mips64el to valid_arch (Aditya Anand) [#13620](https://github.com/nodejs/node/pull/13620)
* add mips64el to valid_arch (Aditya Anand) [#13620](https://github.com/nodejs/node/pull/13620)
* **crypto**:
- Updated root certificates based on [NSS 3.30](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30_release_notes) (Ben Noordhuis)
- [#13279](https://github.com/nodejs/node/pull/13279)
- [#12402](https://github.com/nodejs/node/pull/12402)
* Updated root certificates based on [NSS 3.30](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30_release_notes) (Ben Noordhuis)
* [#13279](https://github.com/nodejs/node/pull/13279)
* [#12402](https://github.com/nodejs/node/pull/12402)
* **deps**:
- upgrade OpenSSL to version 1.0.2.l (Shigeki Ohtsu) [#12913](https://github.com/nodejs/node/pull/12913)
* upgrade OpenSSL to version 1.0.2.l (Shigeki Ohtsu) [#12913](https://github.com/nodejs/node/pull/12913)
* **http**:
- parse errors are now reported when NODE_DEBUG=http (Sam Roberts) [#13206](https://github.com/nodejs/node/pull/13206)
- Agent construction can now be envoked without `new` (cjihrig) [#12927](https://github.com/nodejs/node/pull/12927)
* parse errors are now reported when NODE_DEBUG=http (Sam Roberts) [#13206](https://github.com/nodejs/node/pull/13206)
* Agent construction can now be envoked without `new` (cjihrig) [#12927](https://github.com/nodejs/node/pull/12927)
* **zlib**:
- node will now throw an Error when zlib rejects the value of windowBits, instead of crashing (Alexey Orlenko) [#13098](https://github.com/nodejs/node/pull/13098)
* node will now throw an Error when zlib rejects the value of windowBits, instead of crashing (Alexey Orlenko) [#13098](https://github.com/nodejs/node/pull/13098)
### Commits
@ -1879,9 +1879,9 @@ This is a security release. All Node.js users should consult the security releas
### Notable Changes
* **build**:
- Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh)
* Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh)
* **deps**:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale)
* CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale)
### Commits
@ -1899,9 +1899,9 @@ This LTS release comes with 126 commits. This includes 40 which are test related
### Notable Changes
* **build**:
- support for building mips64el (nanxiongchao) [#10991](https://github.com/nodejs/node/pull/10991)
* support for building mips64el (nanxiongchao) [#10991](https://github.com/nodejs/node/pull/10991)
* **cluster**:
- disconnect() now returns a reference to the disconnected worker. (Sean Villars) [#10019](https://github.com/nodejs/node/pull/10019)
* disconnect() now returns a reference to the disconnected worker. (Sean Villars) [#10019](https://github.com/nodejs/node/pull/10019)
* **crypto**:
* ability to select cert store at runtime (Adam Majer) [#8334](https://github.com/nodejs/node/pull/8334)
* Use system CAs instead of using bundled ones (Adam Majer) [#8334](https://github.com/nodejs/node/pull/8334)
@ -1918,7 +1918,7 @@ This LTS release comes with 126 commits. This includes 40 which are test related
* **process**:
* add NODE_NO_WARNINGS environment variable (cjihrig) [#10842](https://github.com/nodejs/node/pull/10842)
* **readline**:
- add option to stop duplicates in history (Danny Nemer) [#2982](https://github.com/nodejs/node/pull/2982)
* add option to stop duplicates in history (Danny Nemer) [#2982](https://github.com/nodejs/node/pull/2982)
* **src**:
* support "--" after "-e" as end-of-options (John Barboza) [#10651](https://github.com/nodejs/node/pull/10651)
* **tls**:
@ -2060,11 +2060,11 @@ This LTS release comes with 126 commits. This includes 40 which are test related
### Notable Changes
* **module**:
- The [module loading global fallback](https://nodejs.org/dist/latest-v4.x/docs/api/modules.html#modules_loading_from_the_global_folders) to the Node executable's directory now works correctly on Windows. (Richard Lau) [#9283](https://github.com/nodejs/node/pull/9283)
* The [module loading global fallback](https://nodejs.org/dist/latest-v4.x/docs/api/modules.html#modules_loading_from_the_global_folders) to the Node executable's directory now works correctly on Windows. (Richard Lau) [#9283](https://github.com/nodejs/node/pull/9283)
* **src**:
- fix base64 decoding in rare edgecase (Nikolai Vavilov) [#11995](https://github.com/nodejs/node/pull/11995)
* fix base64 decoding in rare edgecase (Nikolai Vavilov) [#11995](https://github.com/nodejs/node/pull/11995)
* **tls**:
- fix rare segmentation faults when using TLS
* fix rare segmentation faults when using TLS
* (Trevor Norris) [#11947](https://github.com/nodejs/node/pull/11947)
* (Ben Noordhuis) [#11898](https://github.com/nodejs/node/pull/11898)
* (jBarz) [#11776](https://github.com/nodejs/node/pull/11776)
@ -2239,12 +2239,12 @@ that were present in zlib 1.2.8.
### Notable changes
* **crypto**:
- fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089)
* fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089)
* **deps**:
- upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980)
- backport V8 fixes for spread syntax regression causing segfaults (Michaël Zasso) [#12037](https://github.com/nodejs/node/pull/12037)
* upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980)
* backport V8 fixes for spread syntax regression causing segfaults (Michaël Zasso) [#12037](https://github.com/nodejs/node/pull/12037)
* **repl**:
- Revert commit that broke REPL display on Windows (Myles Borins) [#12123](https://github.com/nodejs/node/pull/12123)
* Revert commit that broke REPL display on Windows (Myles Borins) [#12123](https://github.com/nodejs/node/pull/12123)
### Commits
@ -2265,21 +2265,21 @@ This LTS release comes with 297 commits. This includes 124 which are test relate
### Notable changes
* **performance**: The performance of several APIs has been improved.
- `Buffer.compare()` is up to 35% faster on average. (Brian White) [#10927](https://github.com/nodejs/node/pull/10927)
- `buffer.toJSON()` is up to 2859% faster on average. (Brian White) [#10895](https://github.com/nodejs/node/pull/10895)
- `fs.*statSync()` functions are now up to 9.3% faster on average. (Brian White) [#11522](https://github.com/nodejs/node/pull/11522)
- `os.loadavg` is up to 151% faster. (Brian White) [#11516](https://github.com/nodejs/node/pull/11516)
- `process.memoryUsage()` is up to 34% faster. (Brian White) [#11497](https://github.com/nodejs/node/pull/11497)
- `querystring.unescape()` for `Buffer`s is 15% faster on average. (Brian White) [#10837](https://github.com/nodejs/node/pull/10837)
- `querystring.stringify()` is up to 7.8% faster on average. (Brian White) [#10852](https://github.com/nodejs/node/pull/10852)
- `querystring.parse()` is up to 21% faster on average. (Brian White) [#10874](https://github.com/nodejs/node/pull/10874)
* `Buffer.compare()` is up to 35% faster on average. (Brian White) [#10927](https://github.com/nodejs/node/pull/10927)
* `buffer.toJSON()` is up to 2859% faster on average. (Brian White) [#10895](https://github.com/nodejs/node/pull/10895)
* `fs.*statSync()` functions are now up to 9.3% faster on average. (Brian White) [#11522](https://github.com/nodejs/node/pull/11522)
* `os.loadavg` is up to 151% faster. (Brian White) [#11516](https://github.com/nodejs/node/pull/11516)
* `process.memoryUsage()` is up to 34% faster. (Brian White) [#11497](https://github.com/nodejs/node/pull/11497)
* `querystring.unescape()` for `Buffer`s is 15% faster on average. (Brian White) [#10837](https://github.com/nodejs/node/pull/10837)
* `querystring.stringify()` is up to 7.8% faster on average. (Brian White) [#10852](https://github.com/nodejs/node/pull/10852)
* `querystring.parse()` is up to 21% faster on average. (Brian White) [#10874](https://github.com/nodejs/node/pull/10874)
* **IPC**: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. (Alexey Orlenko) [#10677](https://github.com/nodejs/node/pull/10677)
- Performance gains may be up to 40% for some workloads.
* Performance gains may be up to 40% for some workloads.
* **child_process**: `spawnSync` now returns a null `status` when child is terminated by a signal. (cjihrig) [#11288](https://github.com/nodejs/node/pull/11288)
- This fixes the behavior to act like `spawn()` does.
* This fixes the behavior to act like `spawn()` does.
* **http**:
- Control characters are now always rejected when using `http.request()`. (Ben Noordhuis) [#8923](https://github.com/nodejs/node/pull/8923)
- Debug messages have been added for cases when headers contain invalid values. (Evan Lucas) [#9195](https://github.com/nodejs/node/pull/9195)
* Control characters are now always rejected when using `http.request()`. (Ben Noordhuis) [#8923](https://github.com/nodejs/node/pull/8923)
* Debug messages have been added for cases when headers contain invalid values. (Evan Lucas) [#9195](https://github.com/nodejs/node/pull/9195)
* **node**: Heap statistics now support values larger than 4GB. (Ben Noordhuis) [#10186](https://github.com/nodejs/node/pull/10186)
* **timers**: Timer callbacks now always maintain order when interacting with domain error handling. (John Barboza) [#10522](https://github.com/nodejs/node/pull/10522)
@ -2826,14 +2826,14 @@ are updates to dependencies.
* **build**: shared library support is now working for AIX builds (Stewart Addison) [#9675](https://github.com/nodejs/node/pull/9675)
* **deps**:
- *npm*: upgrade npm to 3.10.10 (Rebecca Turner) [#9847](https://github.com/nodejs/node/pull/9847)
- *V8*: Destructuring of arrow function arguments via computed property no longer throws (Michaël Zasso) [#10386](https://github.com/nodejs/node/pull/10386)
* *npm*: upgrade npm to 3.10.10 (Rebecca Turner) [#9847](https://github.com/nodejs/node/pull/9847)
* *V8*: Destructuring of arrow function arguments via computed property no longer throws (Michaël Zasso) [#10386](https://github.com/nodejs/node/pull/10386)
* **inspector**: /json/version returns object, not an object wrapped in an array (Ben Noordhuis) [#9762](https://github.com/nodejs/node/pull/9762)
* **module**: using --debug-brk and --eval together now works as expected (Kelvin Jin) [#8876](https://github.com/nodejs/node/pull/8876)
* **process**: improve performance of nextTick up to 20% (Evan Lucas) [#8932](https://github.com/nodejs/node/pull/8932)
* **repl**:
- the division operator will no longer be accidentally parsed as regex (Teddy Katz) [#10103](https://github.com/nodejs/node/pull/10103)
- improved support for generator functions (Teddy Katz) [#9852](https://github.com/nodejs/node/pull/9852)
* the division operator will no longer be accidentally parsed as regex (Teddy Katz) [#10103](https://github.com/nodejs/node/pull/10103)
* improved support for generator functions (Teddy Katz) [#9852](https://github.com/nodejs/node/pull/9852)
* **timers**: Re canceling a cancelled timers will no longer throw (Jeremiah Senkpiel) [#9685](https://github.com/nodejs/node/pull/9685)
### Commits
@ -3162,10 +3162,10 @@ commits which are updates to dependencies.
* **buffer**: coerce slice parameters consistently (Sakthipriyan Vairamani (thefourtheye)) [#9101](https://github.com/nodejs/node/pull/9101)
* **deps**:
- *npm*: upgrade npm to 3.10.9 (Kat Marchán) [#9286](https://github.com/nodejs/node/pull/9286)
- *V8*: Various fixes to destructuring edge cases
- cherry-pick 3c39bac from V8 upstream (Cristian Cavalli) [#9138](https://github.com/nodejs/node/pull/9138)
- cherry pick 7166503 from upstream v8 (Cristian Cavalli) [#9173](https://github.com/nodejs/node/pull/9173)
* *npm*: upgrade npm to 3.10.9 (Kat Marchán) [#9286](https://github.com/nodejs/node/pull/9286)
* *V8*: Various fixes to destructuring edge cases
* cherry-pick 3c39bac from V8 upstream (Cristian Cavalli) [#9138](https://github.com/nodejs/node/pull/9138)
* cherry pick 7166503 from upstream v8 (Cristian Cavalli) [#9173](https://github.com/nodejs/node/pull/9173)
* **gtest**: the test reporter now outputs tap comments as yamlish (Johan Bergström) [#9262](https://github.com/nodejs/node/pull/9262)
* **inspector**: inspector now prompts user to use 127.0.0.1 rather than localhost (Eugene Ostroukhov) [#9451](https://github.com/nodejs/node/pull/9451)
* **tls**: fix memory leak when writing data to TLSWrap instance during handshake (Fedor Indutny) [#9586](https://github.com/nodejs/node/pull/9586)
@ -3378,9 +3378,9 @@ This is also a security release. All Node.js users should consult the security r
### Notable changes
* **fs**:
- `SyncWriteStream` now inherits from `Stream.Writable`. (Anna Henningsen) [#8830](https://github.com/nodejs/node/pull/8830)
- Practically, this means that when stdio is piped to a file, stdout and stderr will still be `Writable` streams.
- `fs.existsSync()` has been undeprecated. `fs.exists()` remains deprecated. (Dan Fabulich) [#8364](https://github.com/nodejs/node/pull/8364)
* `SyncWriteStream` now inherits from `Stream.Writable`. (Anna Henningsen) [#8830](https://github.com/nodejs/node/pull/8830)
* Practically, this means that when stdio is piped to a file, stdout and stderr will still be `Writable` streams.
* `fs.existsSync()` has been undeprecated. `fs.exists()` remains deprecated. (Dan Fabulich) [#8364](https://github.com/nodejs/node/pull/8364)
* **http**: `http.request()` now accepts a `timeout` option. (Rene Weber) [#8101](https://github.com/nodejs/node/pull/8101)
* **module**: The module loader now maintains its own realpath cache. (Anna Henningsen) [#8100](https://github.com/nodejs/node/pull/8100)
* **npm**: Upgraded to 3.10.8 (Kat Marchán) [#8706](https://github.com/nodejs/node/pull/8706)
@ -3615,9 +3615,9 @@ This is a security release. All Node.js users should consult the security releas
Semver Minor:
* **openssl**:
- Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) [#8714](https://github.com/nodejs/node/pull/8714)
- Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) [#8786](https://github.com/nodejs/node/pull/8786)
- Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) [nodejs/node-private#73](https://github.com/nodejs/node-private/pull/73)
* Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) [#8714](https://github.com/nodejs/node/pull/8714)
* Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) [#8786](https://github.com/nodejs/node/pull/8786)
* Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) [nodejs/node-private#73](https://github.com/nodejs/node-private/pull/73)
* **http**: CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) [nodejs/node-private#60](https://github.com/nodejs/node-private/pull/60)
Semver Patch:
@ -3660,8 +3660,8 @@ Semver Patch:
* **promises**: Unhandled rejections now emit a [process warning](https://nodejs.org/dist/latest-v6.x/docs/api/process.html#process_event_warning) after the first tick. (Benjamin Gruenbaum) [#8223](https://github.com/nodejs/node/pull/8223)
* **repl**: Added auto alignment for `.editor` mode. (Prince J Wesley) [#8241](https://github.com/nodejs/node/pull/8241)
* **util**: Some functionality has been added to `util.inspect()`:
- Returning `this` from a custom inspect function now works. (Anna Henningsen) [#8174](https://github.com/nodejs/node/pull/8174)
- Added support for Symbol-based custom inspection methods. (Anna Henningsen) [#8174](https://github.com/nodejs/node/pull/8174)
* Returning `this` from a custom inspect function now works. (Anna Henningsen) [#8174](https://github.com/nodejs/node/pull/8174)
* Added support for Symbol-based custom inspection methods. (Anna Henningsen) [#8174](https://github.com/nodejs/node/pull/8174)
### Commits
@ -4164,21 +4164,21 @@ Semver Patch:
* **buffer**: Added `buffer.swap64()` to complement `swap16()` & `swap32()`. (Zach Bjornson) [#7157](https://github.com/nodejs/node/pull/7157)
* **build**: New `configure` options have been added for building Node.js as a shared library. (Stefan Budeanu) [#6994](https://github.com/nodejs/node/pull/6994)
- The options are: `--shared`, `--without-v8-platform` & `--without-bundled-v8`.
* The options are: `--shared`, `--without-v8-platform` & `--without-bundled-v8`.
* **crypto**: Root certificates have been updated. (Ben Noordhuis) [#7363](https://github.com/nodejs/node/pull/7363)
* **debugger**: The server address is now configurable via `--debug=<address>:<port>`. (Ben Noordhuis) [#3316](https://github.com/nodejs/node/pull/3316)
* **npm**: Upgraded npm to v3.10.3 (Kat Marchán) [#7515](https://github.com/nodejs/node/pull/7515) & (Rebecca Turner) [#7410](https://github.com/nodejs/node/pull/7410)
* **readline**: Added the `prompt` option to the readline constructor. (Evan Lucas) [#7125](https://github.com/nodejs/node/pull/7125)
* **repl / vm**: `sigint`/`ctrl+c` will now break out of infinite loops without stopping the Node.js instance. (Anna Henningsen) [#6635](https://github.com/nodejs/node/pull/6635)
* **src**:
- Added a `node::FreeEnvironment` public C++ API. (Cheng Zhao) [#3098](https://github.com/nodejs/node/pull/3098)
- Refactored `require('constants')`, constants are now available directly from their respective modules. (James M Snell) [#6534](https://github.com/nodejs/node/pull/6534)
* Added a `node::FreeEnvironment` public C++ API. (Cheng Zhao) [#3098](https://github.com/nodejs/node/pull/3098)
* Refactored `require('constants')`, constants are now available directly from their respective modules. (James M Snell) [#6534](https://github.com/nodejs/node/pull/6534)
* **stream**: Improved `readable.read()` performance by up to 70%. (Brian White) [#7077](https://github.com/nodejs/node/pull/7077)
* **timers**: `setImmediate()` is now up to 150% faster in some situations. (Andras) [#6436](https://github.com/nodejs/node/pull/6436)
* **util**: Added a `breakLength` option to `util.inspect()` to control how objects are formatted across lines. (cjihrig) [#7499](https://github.com/nodejs/node/pull/7499)
* **v8-inspector**: Experimental support has been added for debugging Node.js over the inspector protocol. (Ali Ijaz Sheikh) [#6792](https://github.com/nodejs/node/pull/6792)
- **Note: This feature is _experimental_, and it could be altered or removed.**
- You can try this feature by running Node.js with the `--inspect` flag.
* **Note: This feature is _experimental_, and it could be altered or removed.**
* You can try this feature by running Node.js with the `--inspect` flag.
### Commits
@ -4344,8 +4344,8 @@ Semver Patch:
### Notable changes
* **http**:
- `req.read(0)` could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) [#7211](https://github.com/nodejs/node/pull/7211)
- When freeing the socket to be reused in keep-alive Agent wait for both prefinish and end events. Otherwise the next request may be written before the previous one has finished sending the body, leading to a parser errors. (Fedor Indutny) [#7149](https://github.com/nodejs/node/pull/7149)
* `req.read(0)` could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) [#7211](https://github.com/nodejs/node/pull/7211)
* When freeing the socket to be reused in keep-alive Agent wait for both prefinish and end events. Otherwise the next request may be written before the previous one has finished sending the body, leading to a parser errors. (Fedor Indutny) [#7149](https://github.com/nodejs/node/pull/7149)
* **npm**: upgrade npm to 3.9.5 (Kat Marchán) [#7139](https://github.com/nodejs/node/pull/7139)
### Commits
@ -4421,10 +4421,10 @@ Semver Patch:
* **buffer**: Ignore negative lengths in calls to `Buffer()` and `Buffer.allocUnsafe()`. This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or `allocUnsafe()` as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) [#7051](https://github.com/nodejs/node/pull/7051)
* **npm**: Upgrade npm to 3.9.3 (Kat Marchán) [#7030](https://github.com/nodejs/node/pull/7030)
- [`npm/npm@42d71be`](https://github.com/npm/npm/commit/42d71be2cec674dd9e860ad414f53184f667620d) [npm/npm#12685](https://github.com/npm/npm/pull/12685) When using `npm ls <pkg>` without a semver specifier, `npm ls` would skip any packages in your tree that matched by name, but had a prerelease version in their `package.json`. ([@zkat](https://github.com/zkat))
- [`npm/npm@f04e05`](https://github.com/npm/npm/commit/df04e05af1f257a1903372e1baf334c0969fbdbd) [npm/npm#10013](https://github.com/npm/npm/issues/10013) `read-package-tree@5.1.4`: Fixes an issue where `npm install` would fail if your `node_modules` was symlinked. ([@iarna](https://github.com/iarna))
- [`b894413`](https://github.com/npm/npm/commit/b8944139a935680c4a267468bb2d3c3082b5609f) [#12372](https://github.com/npm/npm/issues/12372) Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install` would not get up the updated package. This corrects that. ([@misterbyrne](https://github.com/misterbyrne))
- This release includes `npm@3.9.0`, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis.
* [`npm/npm@42d71be`](https://github.com/npm/npm/commit/42d71be2cec674dd9e860ad414f53184f667620d) [npm/npm#12685](https://github.com/npm/npm/pull/12685) When using `npm ls <pkg>` without a semver specifier, `npm ls` would skip any packages in your tree that matched by name, but had a prerelease version in their `package.json`. ([@zkat](https://github.com/zkat))
* [`npm/npm@f04e05`](https://github.com/npm/npm/commit/df04e05af1f257a1903372e1baf334c0969fbdbd) [npm/npm#10013](https://github.com/npm/npm/issues/10013) `read-package-tree@5.1.4`: Fixes an issue where `npm install` would fail if your `node_modules` was symlinked. ([@iarna](https://github.com/iarna))
* [`b894413`](https://github.com/npm/npm/commit/b8944139a935680c4a267468bb2d3c3082b5609f) [#12372](https://github.com/npm/npm/issues/12372) Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install` would not get up the updated package. This corrects that. ([@misterbyrne](https://github.com/misterbyrne))
* This release includes `npm@3.9.0`, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis.
* **tty**: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at <https://github.com/nodejs/node/issues/6980>. (Jeremiah Senkpiel) [#6895](https://github.com/nodejs/node/pull/6895)
* **V8**: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see <https://github.com/node-inspector/node-inspector/issues/864> for details. (Michaël Zasso) [#6928](https://github.com/nodejs/node/pull/6928)
@ -4570,19 +4570,19 @@ Semver Patch:
### Notable changes
- **buffer**: fix lastIndexOf and indexOf in various edge cases (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511)
- **child_process**: use /system/bin/sh on android (Ben Noordhuis) [#6745](https://github.com/nodejs/node/pull/6745)
- **deps**:
- upgrade npm to 3.8.9 (Rebecca Turner) [#6664](https://github.com/nodejs/node/pull/6664)
- upgrade to V8 5.0.71.47 (Ali Ijaz Sheikh) [#6572](https://github.com/nodejs/node/pull/6572)
- upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) [#6796](https://github.com/nodejs/node/pull/6796)
- Intl: ICU 57 bump (Steven R. Loomis) [#6088](https://github.com/nodejs/node/pull/6088)
- **repl**:
- copying tabs shouldn't trigger completion (Eugene Obrezkov) [#5958](https://github.com/nodejs/node/pull/5958)
- exports `Recoverable` (Blake Embrey) [#3488](https://github.com/nodejs/node/pull/3488)
- **src**: add O_NOATIME constant (Rich Trott) [#6492](https://github.com/nodejs/node/pull/6492)
- **src,module**: add --preserve-symlinks command line flag (James M Snell) [#6537](https://github.com/nodejs/node/pull/6537)
- **util**: adhere to `noDeprecation` set at runtime (Anna Henningsen) [#6683](https://github.com/nodejs/node/pull/6683)
* **buffer**: fix lastIndexOf and indexOf in various edge cases (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511)
* **child_process**: use /system/bin/sh on android (Ben Noordhuis) [#6745](https://github.com/nodejs/node/pull/6745)
* **deps**:
* upgrade npm to 3.8.9 (Rebecca Turner) [#6664](https://github.com/nodejs/node/pull/6664)
* upgrade to V8 5.0.71.47 (Ali Ijaz Sheikh) [#6572](https://github.com/nodejs/node/pull/6572)
* upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) [#6796](https://github.com/nodejs/node/pull/6796)
* Intl: ICU 57 bump (Steven R. Loomis) [#6088](https://github.com/nodejs/node/pull/6088)
* **repl**:
* copying tabs shouldn't trigger completion (Eugene Obrezkov) [#5958](https://github.com/nodejs/node/pull/5958)
* exports `Recoverable` (Blake Embrey) [#3488](https://github.com/nodejs/node/pull/3488)
* **src**: add O_NOATIME constant (Rich Trott) [#6492](https://github.com/nodejs/node/pull/6492)
* **src,module**: add --preserve-symlinks command line flag (James M Snell) [#6537](https://github.com/nodejs/node/pull/6537)
* **util**: adhere to `noDeprecation` set at runtime (Anna Henningsen) [#6683](https://github.com/nodejs/node/pull/6683)
As of this release the 6.X line now includes 64-bit binaries for Linux on Power Systems
running in big endian mode in addition to the existing 64-bit binaries for running in little endian mode.
@ -4719,16 +4719,16 @@ running in big endian mode in addition to the existing 64-bit binaries for runni
* **assert**: `deep{Strict}Equal()` now works correctly with circular references. (Rich Trott) [#6432](https://github.com/nodejs/node/pull/6432)
* **debugger**: Arrays are now formatted correctly in the debugger repl. (cjihrig) [#6448](https://github.com/nodejs/node/pull/6448)
* **deps**: Upgrade OpenSSL sources to 1.0.2h (Shigeki Ohtsu) [#6550](https://github.com/nodejs/node/pull/6550)
- Please see our [blog post](https://nodejs.org/en/blog/vulnerability/openssl-may-2016/) for more info on the security contents of this release.
* Please see our [blog post](https://nodejs.org/en/blog/vulnerability/openssl-may-2016/) for more info on the security contents of this release.
* **net**: Introduced a `Socket#connecting` property. (Fedor Indutny) [#6404](https://github.com/nodejs/node/pull/6404)
- Previously this information was only available as the undocumented, internal `_connecting` property.
* Previously this information was only available as the undocumented, internal `_connecting` property.
* **process**: Introduced `process.cpuUsage()`. (Patrick Mueller) [#6157](https://github.com/nodejs/node/pull/6157)
* **stream**: `Writable#setDefaultEncoding()` now returns `this`. (Alexander Makarenko) [#5040](https://github.com/nodejs/node/pull/5040)
* **util**: Two new additions to `util.inspect()`:
- Added a `maxArrayLength` option to truncate the formatting of Arrays. (James M Snell) [#6334](https://github.com/nodejs/node/pull/6334)
- This is set to `100` by default.
- Added a `showProxy` option for formatting proxy intercepting handlers. (James M Snell) [#6465](https://github.com/nodejs/node/pull/6465)
- Inspecting proxies is non-trivial and as such this is off by default.
* Added a `maxArrayLength` option to truncate the formatting of Arrays. (James M Snell) [#6334](https://github.com/nodejs/node/pull/6334)
* This is set to `100` by default.
* Added a `showProxy` option for formatting proxy intercepting handlers. (James M Snell) [#6465](https://github.com/nodejs/node/pull/6465)
* Inspecting proxies is non-trivial and as such this is off by default.
### Commits

34
doc/changelogs/CHANGELOG_V7.md
View File

@ -55,13 +55,13 @@ for details on patched vulnerabilities.
### Notable changes
* **build**:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
* Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
(Ali Ijaz Sheikh)
* **deps**:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
* CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks that
@ -344,14 +344,14 @@ for details on patched vulnerabilities.
### Notable Changes
* **buffer**:
- do not segfault on out-of-range index (Timothy Gu) [#11927](https://github.com/nodejs/node/pull/11927)
* do not segfault on out-of-range index (Timothy Gu) [#11927](https://github.com/nodejs/node/pull/11927)
* **crypto**:
- Fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089)
* Fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089)
* **deps**:
* upgrade npm to 4.2.0 (Kat Marchán) [#11389](https://github.com/nodejs/node/pull/11389)
* fix async await desugaring in V8 (Michaël Zasso) [#12004](https://github.com/nodejs/node/pull/12004)
* **readline**:
- add option to stop duplicates in history (Danny Nemer) [#2982](https://github.com/nodejs/node/pull/2982)
* add option to stop duplicates in history (Danny Nemer) [#2982](https://github.com/nodejs/node/pull/2982)
### Commits
@ -1240,8 +1240,8 @@ users is "low". Details on this determination can be found
### Notable changes
* **buffer**:
- Improve performance of Buffer allocation by ~11%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443)
- Improve performance of Buffer.from() by ~50%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443)
* Improve performance of Buffer allocation by ~11%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443)
* Improve performance of Buffer.from() by ~50%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443)
* **events**: Improve performance of `EventEmitter.once()` by ~27%. (Brian White) [#10445](https://github.com/nodejs/node/pull/10445)
* **fs**: Allow passing Uint8Array to fs methods where Buffers are supported. (Anna Henningsen) [#10382](https://github.com/nodejs/node/pull/10382)
* **http**: Improve performance of http server by ~7%. (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
@ -1400,18 +1400,18 @@ Thank you to @italoacasas for preparing the majority of this release.
### Notable changes
* **buffer**:
- buffer.fill() now works properly for the UCS2 encoding on Big-Endian machines. (Anna Henningsen) [#9837](https://github.com/nodejs/node/pull/9837)
* buffer.fill() now works properly for the UCS2 encoding on Big-Endian machines. (Anna Henningsen) [#9837](https://github.com/nodejs/node/pull/9837)
* **cluster**:
- disconnect() now returns a reference to the disconnected worker. (Sean Villars) [#10019](https://github.com/nodejs/node/pull/10019)
* disconnect() now returns a reference to the disconnected worker. (Sean Villars) [#10019](https://github.com/nodejs/node/pull/10019)
* **crypto**:
- The built-in list of Well-Known CAs (Certificate Authorities) can now be extended via a NODE_EXTRA_CA_CERTS environment variable. (Sam Roberts) [#9139](https://github.com/nodejs/node/pull/9139)
* The built-in list of Well-Known CAs (Certificate Authorities) can now be extended via a NODE_EXTRA_CA_CERTS environment variable. (Sam Roberts) [#9139](https://github.com/nodejs/node/pull/9139)
* **http**:
- Remove stale timeout listeners in order to prevent a memory leak when using keep alive. (Karl Böhlmark) [#9440](https://github.com/nodejs/node/pull/9440)
* Remove stale timeout listeners in order to prevent a memory leak when using keep alive. (Karl Böhlmark) [#9440](https://github.com/nodejs/node/pull/9440)
* **tls**:
- Allow obvious key/passphrase combinations. (Sam Roberts) [#10294](https://github.com/nodejs/node/pull/10294)
* Allow obvious key/passphrase combinations. (Sam Roberts) [#10294](https://github.com/nodejs/node/pull/10294)
* **url**:
- Including base argument in URL.originFor() to meet specification compliance. (joyeecheung) [#10021](https://github.com/nodejs/node/pull/10021)
- Improve URLSearchParams to meet specification compliance. (Timothy Gu) [#9484](https://github.com/nodejs/node/pull/9484)
* Including base argument in URL.originFor() to meet specification compliance. (joyeecheung) [#10021](https://github.com/nodejs/node/pull/10021)
* Improve URLSearchParams to meet specification compliance. (Timothy Gu) [#9484](https://github.com/nodejs/node/pull/9484)
### Commits
@ -1550,8 +1550,8 @@ Thank you to @italoacasas for preparing the majority of this release.
### Notable changes
* **buffer**:
- Reverted the runtime deprecation of calling `Buffer()` without `new`. (Anna Henningsen) [#9529](https://github.com/nodejs/node/pull/9529)
- Fixed `buffer.transcode()` for single-byte character
* Reverted the runtime deprecation of calling `Buffer()` without `new`. (Anna Henningsen) [#9529](https://github.com/nodejs/node/pull/9529)
* Fixed `buffer.transcode()` for single-byte character
encodings to `UCS2`. (Anna Henningsen) [#9838](https://github.com/nodejs/node/pull/9838)
* **promise**: `--trace-warnings` now produces useful stacktraces for Promise warnings. (Anna Henningsen) [#9525](https://github.com/nodejs/node/pull/9525)
* **repl**: Fixed a bug preventing correct parsing of generator functions. (Teddy Katz) [#9852](https://github.com/nodejs/node/pull/9852)
@ -1763,7 +1763,7 @@ _This is a security release impacting Windows 10 users._
* **crypto**: The `Decipher` methods `setAuthTag()` and `setAAD` now return `this`. (Kirill Fomichev) [#9398](https://github.com/nodejs/node/pull/9398)
* **dns**: Implemented `{ttl: true}` for `resolve4()` and `resolve6()`. (Ben Noordhuis) [#9296](https://github.com/nodejs/node/pull/9296)
* **libuv**: Upgrade to v1.10.1 (cjihrig) [#9647](https://github.com/nodejs/node/pull/9647)
- Fixed a potential buffer overflow when writing data to console on Windows 10. (CVE-2016-9551)
* Fixed a potential buffer overflow when writing data to console on Windows 10. (CVE-2016-9551)
* **process**: Added a new `external` property to the data returned by `memoryUsage()`. (Fedor Indutny) [#9587](https://github.com/nodejs/node/pull/9587)
* **tls**: Fixed a memory leak when writes were queued on TLS connection that was destroyed during handshake. (Fedor Indutny) [#9626](https://github.com/nodejs/node/pull/9626)
* **V8 (dep)**: Upgrade to v5.4.500.43 (Michaël Zasso) [#9697](https://github.com/nodejs/node/pull/9697)

126
doc/changelogs/CHANGELOG_V8.md
View File

@ -118,8 +118,8 @@ Vulnerabilities fixed:
### Notable Changes
* **n-api**:
- add API for asynchronous functions (Gabriel Schulhof) [#17887](https://github.com/nodejs/node/pull/17887)
- mark thread-safe function as stable (Gabriel Schulhof) [#25556](https://github.com/nodejs/node/pull/25556)
* add API for asynchronous functions (Gabriel Schulhof) [#17887](https://github.com/nodejs/node/pull/17887)
* mark thread-safe function as stable (Gabriel Schulhof) [#25556](https://github.com/nodejs/node/pull/25556)
### Commits
@ -196,9 +196,9 @@ a missing CLI flag to adjust the max header size of the http parser.
### Notable Changes
* **cli**:
- add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811)
* add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811)
* **http**:
- add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860)
* add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860)
### Commits
@ -215,9 +215,9 @@ a missing CLI flag to adjust the max header size of the http parser.
### Notable changes
* **assert**:
- revert breaking change (Ruben Bridgewater) [#24786](https://github.com/nodejs/node/pull/24786)
* revert breaking change (Ruben Bridgewater) [#24786](https://github.com/nodejs/node/pull/24786)
* **http2**:
- fix sequence of error/close events (Gerhard Stoebich) [#24789](https://github.com/nodejs/node/pull/24789)
* fix sequence of error/close events (Gerhard Stoebich) [#24789](https://github.com/nodejs/node/pull/24789)
### Commits
@ -356,14 +356,14 @@ Fixes for the following CVEs are included in this release:
### Notable changes
* **assert**:
- backport some assert commits (Ruben Bridgewater) [#23223](https://github.com/nodejs/node/pull/23223)
* backport some assert commits (Ruben Bridgewater) [#23223](https://github.com/nodejs/node/pull/23223)
* **deps**:
- upgrade to libuv 1.23.2 (cjihrig) [#23336](https://github.com/nodejs/node/pull/23336)
- V8: cherry-pick 64-bit hash seed commits (Yang Guo) [#23274](https://github.com/nodejs/node/pull/23274)
* upgrade to libuv 1.23.2 (cjihrig) [#23336](https://github.com/nodejs/node/pull/23336)
* V8: cherry-pick 64-bit hash seed commits (Yang Guo) [#23274](https://github.com/nodejs/node/pull/23274)
* **http**:
- added aborted property to request (Robert Nagy) [#20094](https://github.com/nodejs/node/pull/20094)
* added aborted property to request (Robert Nagy) [#20094](https://github.com/nodejs/node/pull/20094)
* **http2**:
- graduate from experimental (James M Snell) [#22466](https://github.com/nodejs/node/pull/22466)
* graduate from experimental (James M Snell) [#22466](https://github.com/nodejs/node/pull/22466)
### Commits
@ -502,39 +502,39 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **async_hooks**:
- rename PromiseWrap.parentId (Ali Ijaz Sheikh) [#18633](https://github.com/nodejs/node/pull/18633)
- remove runtime deprecation (Ali Ijaz Sheikh) [#19517](https://github.com/nodejs/node/pull/19517)
- deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) [#18513](https://github.com/nodejs/node/pull/18513)
* rename PromiseWrap.parentId (Ali Ijaz Sheikh) [#18633](https://github.com/nodejs/node/pull/18633)
* remove runtime deprecation (Ali Ijaz Sheikh) [#19517](https://github.com/nodejs/node/pull/19517)
* deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) [#18513](https://github.com/nodejs/node/pull/18513)
* **cluster**:
- add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399)
- support windowsHide option for workers (Todd Wong) [#17412](https://github.com/nodejs/node/pull/17412)
* add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399)
* support windowsHide option for workers (Todd Wong) [#17412](https://github.com/nodejs/node/pull/17412)
* **crypto**:
- allow passing null as IV unless required (Tobias Nießen) [#18644](https://github.com/nodejs/node/pull/18644)
* allow passing null as IV unless required (Tobias Nießen) [#18644](https://github.com/nodejs/node/pull/18644)
* **deps**:
- upgrade npm to 6.4.1 (Kat Marchán) [#22591](https://github.com/nodejs/node/pull/22591)
- upgrade libuv to 1.19.2 (cjihrig) [#18918](https://github.com/nodejs/node/pull/18918)
- Upgrade node-inspect to 1.11.5 (Jan Krems) [#21055](https://github.com/nodejs/node/pull/21055)
* upgrade npm to 6.4.1 (Kat Marchán) [#22591](https://github.com/nodejs/node/pull/22591)
* upgrade libuv to 1.19.2 (cjihrig) [#18918](https://github.com/nodejs/node/pull/18918)
* Upgrade node-inspect to 1.11.5 (Jan Krems) [#21055](https://github.com/nodejs/node/pull/21055)
* **fs,net**:
- support as and as+ flags in stringToFlags() (Sarat Addepalli) [#18801](https://github.com/nodejs/node/pull/18801)
- emit 'ready' for fs streams and sockets (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408)
* support as and as+ flags in stringToFlags() (Sarat Addepalli) [#18801](https://github.com/nodejs/node/pull/18801)
* emit 'ready' for fs streams and sockets (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408)
* **http, http2**:
- add options to http.createServer() (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)-
- add 103 Early Hints status code (Yosuke Furukawa) [#16644](https://github.com/nodejs/node/pull/16644)
- add http fallback options to .createServer (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)
* add options to http.createServer() (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)-
* add 103 Early Hints status code (Yosuke Furukawa) [#16644](https://github.com/nodejs/node/pull/16644)
* add http fallback options to .createServer (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)
* **n-api**:
- take n-api out of experimental (Michael Dawson) [#19262](https://github.com/nodejs/node/pull/19262)
* take n-api out of experimental (Michael Dawson) [#19262](https://github.com/nodejs/node/pull/19262)
* **perf_hooks**:
- add warning when too many entries in the timeline (James M Snell) [#18087](https://github.com/nodejs/node/pull/18087)
* add warning when too many entries in the timeline (James M Snell) [#18087](https://github.com/nodejs/node/pull/18087)
* **src**:
- add public API for managing NodePlatform (Cheng Zhao) [#16981](https://github.com/nodejs/node/pull/16981)
- allow --perf-(basic-)?prof in NODE\_OPTIONS (Leko) [#17600](https://github.com/nodejs/node/pull/17600)
- node internals' postmortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901)
* add public API for managing NodePlatform (Cheng Zhao) [#16981](https://github.com/nodejs/node/pull/16981)
* allow --perf-(basic-)?prof in NODE\_OPTIONS (Leko) [#17600](https://github.com/nodejs/node/pull/17600)
* node internals' postmortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901)
* **tls**:
- expose Finished messages in TLSSocket (Anton Salikhmetov) [#19102](https://github.com/nodejs/node/pull/19102)
* expose Finished messages in TLSSocket (Anton Salikhmetov) [#19102](https://github.com/nodejs/node/pull/19102)
* **trace_events**:
- add file pattern cli option (Andreas Madsen) [#18480](https://github.com/nodejs/node/pull/18480)
* add file pattern cli option (Andreas Madsen) [#18480](https://github.com/nodejs/node/pull/18480)
* **util**:
- implement util.getSystemErrorName() (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186)
* implement util.getSystemErrorName() (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186)
### Commits
@ -877,12 +877,12 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **deps**:
- update node-inspect to 1.11.3 (Jan Krems) [#18354](https://github.com/nodejs/node/pull/18354)
- update nghttp2 to 1.29.0 (James M Snell) [#17908](https://github.com/nodejs/node/pull/17908)
* update node-inspect to 1.11.3 (Jan Krems) [#18354](https://github.com/nodejs/node/pull/18354)
* update nghttp2 to 1.29.0 (James M Snell) [#17908](https://github.com/nodejs/node/pull/17908)
* **http2**:
- Sync with current release stream
* Sync with current release stream
* **n-api**:
- Sync with current release stream
* Sync with current release stream
### Commits
@ -1822,10 +1822,10 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
- **console**:
- avoid adding infinite error listeners (Matteo Collina) [#16770](https://github.com/nodejs/node/pull/16770)
- **http2**:
- improve errors thrown in header validation (Joyee Cheung) [#16718](https://github.com/nodejs/node/pull/16718)
* **console**:
* avoid adding infinite error listeners (Matteo Collina) [#16770](https://github.com/nodejs/node/pull/16770)
* **http2**:
* improve errors thrown in header validation (Joyee Cheung) [#16718](https://github.com/nodejs/node/pull/16718)
### Commits
@ -1943,10 +1943,10 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
- **openssl**:
- upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691)
- ***Revert*** "**https**:
- refactor to use http internals" (Myles Borins) [#16660](https://github.com/nodejs/node/pull/16660)
* **openssl**:
* upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691)
* ***Revert*** "**https**:
* refactor to use http internals" (Myles Borins) [#16660](https://github.com/nodejs/node/pull/16660)
### Commits
@ -1972,15 +1972,15 @@ This release marks the transition of Node.js v8 into Long Term Support (LTS) wit
### Notable Changes
* **doc**:
- add Gibson Fahnestock to Release team (Gibson Fahnestock) [#16620](https://github.com/nodejs/node/pull/16620)
* add Gibson Fahnestock to Release team (Gibson Fahnestock) [#16620](https://github.com/nodejs/node/pull/16620)
* **deps**:
- update npm to 5.5.1 (Myles Borins) [#16509](https://github.com/nodejs/node/pull/16509)
* update npm to 5.5.1 (Myles Borins) [#16509](https://github.com/nodejs/node/pull/16509)
* **http2**:
- The exposed http2 socket is no longer manipulatable (Anatoli Papirovski) [#16330](https://github.com/nodejs/node/pull/16330)
* The exposed http2 socket is no longer manipulatable (Anatoli Papirovski) [#16330](https://github.com/nodejs/node/pull/16330)
* **module**:
- support custom paths to require.resolve() (cjihrig) [#16397](https://github.com/nodejs/node/pull/16397)
* support custom paths to require.resolve() (cjihrig) [#16397](https://github.com/nodejs/node/pull/16397)
* **util**:
- util.TextEncoder and util.TextDecoder are no longer experimental. There will no longer be a warning when they are used (James M Snell) [#15743](https://github.com/nodejs/node/pull/15743)
* util.TextEncoder and util.TextDecoder are no longer experimental. There will no longer be a warning when they are used (James M Snell) [#15743](https://github.com/nodejs/node/pull/15743)
### Commits
@ -2086,7 +2086,7 @@ This release marks the transition of Node.js v8 into Long Term Support (LTS) wit
### Notable Changes
* **net**:
- Fix timeout with null handle issue. This is a regression in Node 8.8.0 [#16489](https://github.com/nodejs/node/pull/16489)
* Fix timeout with null handle issue. This is a regression in Node 8.8.0 [#16489](https://github.com/nodejs/node/pull/16489)
### Commits
@ -2110,15 +2110,15 @@ This release marks the transition of Node.js v8 into Long Term Support (LTS) wit
### Notable Changes
* **crypto**:
- expose ECDH class [#8188](https://github.com/nodejs/node/pull/8188)
* expose ECDH class [#8188](https://github.com/nodejs/node/pull/8188)
* **http2**:
- http2 is now exposed by default without the need for a flag [#15685](https://github.com/nodejs/node/pull/15685)
- a new environment variable NODE\_NO\_HTTP2 has been added to allow userland http2 to be required [#15685](https://github.com/nodejs/node/pull/15685)
- support has been added for generic `Duplex` streams [#16269](https://github.com/nodejs/node/pull/16269)
* http2 is now exposed by default without the need for a flag [#15685](https://github.com/nodejs/node/pull/15685)
* a new environment variable NODE\_NO\_HTTP2 has been added to allow userland http2 to be required [#15685](https://github.com/nodejs/node/pull/15685)
* support has been added for generic `Duplex` streams [#16269](https://github.com/nodejs/node/pull/16269)
* **module**:
- resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle [#15445](https://github.com/nodejs/node/pull/15445)
* resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle [#15445](https://github.com/nodejs/node/pull/15445)
* **zlib**:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95)
* CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95)
### Commits
@ -3474,10 +3474,10 @@ Big thanks to @addaleax who prepared the vast majority of this release.
[[`dc3f6b9ac1`](https://github.com/nodejs/node/commit/dc3f6b9ac1)]
[#14235](https://github.com/nodejs/node/pull/14235)
* `npm` Changelogs:
- [v5.0.4](https://github.com/npm/npm/releases/tag/v5.0.4)
- [v5.1.0](https://github.com/npm/npm/releases/tag/v5.1.0)
- [v5.2.0](https://github.com/npm/npm/releases/tag/v5.2.0)
- [v5.3.0](https://github.com/npm/npm/releases/tag/v5.3.0)
* [v5.0.4](https://github.com/npm/npm/releases/tag/v5.0.4)
* [v5.1.0](https://github.com/npm/npm/releases/tag/v5.1.0)
* [v5.2.0](https://github.com/npm/npm/releases/tag/v5.2.0)
* [v5.3.0](https://github.com/npm/npm/releases/tag/v5.3.0)
### Commits
@ -3737,9 +3737,9 @@ This is a security release. All Node.js users should consult the security releas
### Notable changes
* **build**:
- Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh)
* Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh)
* **deps**:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale)
* CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale)
### Commits

178
doc/changelogs/CHANGELOG_V9.md
View File

@ -84,16 +84,16 @@ The patch release is to ensure that all binaries and installers work as expected
### Notable Changes
* **deps**:
- Updated ICU to 61.1 (Steven R. Loomis) [#19621](https://github.com/nodejs/node/pull/19621)
* Updated ICU to 61.1 (Steven R. Loomis) [#19621](https://github.com/nodejs/node/pull/19621)
Includes CLDR 33 (many new languages and data improvements).
* **fs**:
- Emit 'ready' event for `ReadStream` and `WriteStream` (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408)
* Emit 'ready' event for `ReadStream` and `WriteStream` (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408)
* **n-api**:
- Bump version of n-api supported (Michael Dawson) [#19497](https://github.com/nodejs/node/pull/19497)
* Bump version of n-api supported (Michael Dawson) [#19497](https://github.com/nodejs/node/pull/19497)
* **net**:
- Emit 'ready' event for `Socket` (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408)
* Emit 'ready' event for `Socket` (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408)
* **Added new collaborators**
- [mafintosh](https://github.com/mafintosh) Mathias Buus
* [mafintosh](https://github.com/mafintosh) Mathias Buus
### Commits
@ -215,17 +215,17 @@ Fixes for the following CVEs are included in this release:
* **Update root certificates**: 5 additional root certificates have been added to the Node.js binary and 30 have been removed.
* **cluster**:
- Add support for `NODE_OPTIONS="--inspect"` (Sameer Srivastava) [#19165](https://github.com/nodejs/node/pull/19165)
* Add support for `NODE_OPTIONS="--inspect"` (Sameer Srivastava) [#19165](https://github.com/nodejs/node/pull/19165)
* **crypto**:
- Expose the public key of a certificate (Hannes Magnusson) [#17690](https://github.com/nodejs/node/pull/17690)
* Expose the public key of a certificate (Hannes Magnusson) [#17690](https://github.com/nodejs/node/pull/17690)
* **n-api**:
- Add `napi_fatal_exception` to trigger an `uncaughtException` in JavaScript (Mathias Buus) [#19337](https://github.com/nodejs/node/pull/19337)
* Add `napi_fatal_exception` to trigger an `uncaughtException` in JavaScript (Mathias Buus) [#19337](https://github.com/nodejs/node/pull/19337)
* **path**:
- Fix regression in `posix.normalize` (Michaël Zasso) [#19520](https://github.com/nodejs/node/pull/19520)
* Fix regression in `posix.normalize` (Michaël Zasso) [#19520](https://github.com/nodejs/node/pull/19520)
* **stream**:
- Improve stream creation performance (Brian White) [#19401](https://github.com/nodejs/node/pull/19401)
* Improve stream creation performance (Brian White) [#19401](https://github.com/nodejs/node/pull/19401)
* **Added new collaborators**
- [BethGriggs](https://github.com/BethGriggs) Beth Griggs
* [BethGriggs](https://github.com/BethGriggs) Beth Griggs
### Commits
@ -321,20 +321,20 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **assert**:
- From now on all error messages produced by `assert` in strict mode will produce a error diff. (Ruben Bridgewater) [#17615](https://github.com/nodejs/node/pull/17615)
- From now on it is possible to use a validation object in throws instead of the other possibilities. (Ruben Bridgewater) [#17584](https://github.com/nodejs/node/pull/17584)
* From now on all error messages produced by `assert` in strict mode will produce a error diff. (Ruben Bridgewater) [#17615](https://github.com/nodejs/node/pull/17615)
* From now on it is possible to use a validation object in throws instead of the other possibilities. (Ruben Bridgewater) [#17584](https://github.com/nodejs/node/pull/17584)
* **crypto**:
- allow passing null as IV unless required (Tobias Nießen) [#18644](https://github.com/nodejs/node/pull/18644)
* allow passing null as IV unless required (Tobias Nießen) [#18644](https://github.com/nodejs/node/pull/18644)
* **fs**:
- support as and as+ flags in stringToFlags() (Sarat Addepalli) [#18801](https://github.com/nodejs/node/pull/18801)
* support as and as+ flags in stringToFlags() (Sarat Addepalli) [#18801](https://github.com/nodejs/node/pull/18801)
* **tls**:
- expose Finished messages in TLSSocket (Anton Salikhmetov) [#19102](https://github.com/nodejs/node/pull/19102)
* expose Finished messages in TLSSocket (Anton Salikhmetov) [#19102](https://github.com/nodejs/node/pull/19102)
* **tty**:
- Add getColorDepth function to determine if terminal supports colors. (Ruben Bridgewater) [#17615](https://github.com/nodejs/node/pull/17615)
* Add getColorDepth function to determine if terminal supports colors. (Ruben Bridgewater) [#17615](https://github.com/nodejs/node/pull/17615)
* **util**:
- add util.inspect compact option (Ruben Bridgewater) [#17576](https://github.com/nodejs/node/pull/17576)
* add util.inspect compact option (Ruben Bridgewater) [#17576](https://github.com/nodejs/node/pull/17576)
* **Added new collaborators**
- [watson](https://github.com/watson) Thomas Watson
* [watson](https://github.com/watson) Thomas Watson
### Commits
@ -479,17 +479,17 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **crypto**:
- add cert.fingerprint256 as SHA256 fingerprint (Hannes Magnusson) [#17690](https://github.com/nodejs/node/pull/17690)
* add cert.fingerprint256 as SHA256 fingerprint (Hannes Magnusson) [#17690](https://github.com/nodejs/node/pull/17690)
* **http2**:
- Fixed issues with aborted connections in the HTTP/2 implementation (Anna Henningsen) [#18987](https://github.com/nodejs/node/pull/18987) [#19002](https://github.com/nodejs/node/pull/19002)
* Fixed issues with aborted connections in the HTTP/2 implementation (Anna Henningsen) [#18987](https://github.com/nodejs/node/pull/18987) [#19002](https://github.com/nodejs/node/pull/19002)
* **loader**:
- --inspect-brk now works properly for esmodules (Gus Caplan) [#18949](https://github.com/nodejs/node/pull/18949)
* --inspect-brk now works properly for esmodules (Gus Caplan) [#18949](https://github.com/nodejs/node/pull/18949)
* **src**:
- make process.dlopen() load well-known symbol (Ben Noordhuis) [#18934](https://github.com/nodejs/node/pull/18934)
* make process.dlopen() load well-known symbol (Ben Noordhuis) [#18934](https://github.com/nodejs/node/pull/18934)
* **trace_events**:
- add file pattern cli option (Andreas Madsen) [#18480](https://github.com/nodejs/node/pull/18480)
* add file pattern cli option (Andreas Madsen) [#18480](https://github.com/nodejs/node/pull/18480)
* **Added new collaborators**
- [MoonBall](https://github.com/MoonBall) Chen Gang
* [MoonBall](https://github.com/MoonBall) Chen Gang
### Commits
@ -577,16 +577,16 @@ No additional commits. New version published due to a bad node-v9.7.0.pkg file t
### Notable Changes
* **libuv**:
- Updated to libuv 1.19.2 (Colin Ihrig) [#18918](https://github.com/nodejs/node/pull/18918)
* Updated to libuv 1.19.2 (Colin Ihrig) [#18918](https://github.com/nodejs/node/pull/18918)
* **src**:
- Add initial support for Node.js-specific post-mortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901)
* Add initial support for Node.js-specific post-mortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901)
* **timers**:
- The return value of `setImmediate()` now has `ref()` and `unref()` methods (Anatoli Papirovski) [#18139](https://github.com/nodejs/node/pull/18139)
* The return value of `setImmediate()` now has `ref()` and `unref()` methods (Anatoli Papirovski) [#18139](https://github.com/nodejs/node/pull/18139)
* **util**:
- It is now possible to get the name for a numerical platform-specific error code as a string (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186)
* It is now possible to get the name for a numerical platform-specific error code as a string (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186)
### Commits
@ -666,7 +666,7 @@ This is a special release to fix potentially Semver-Major regression that was re
### Notable Changes
* **events**:
- `events.usingDomains` being set to `false` by default was removed in 9.6.0 which was a change in behavior compares to 9.5.0. This behavior change has been reverted and the `events` object now has `usingDomains` preset to `false`, which is the behavior in 9.x prior to 9.6.0 (Myles Borins) [#18944](https://github.com/nodejs/node/pull/18944)
* `events.usingDomains` being set to `false` by default was removed in 9.6.0 which was a change in behavior compares to 9.5.0. This behavior change has been reverted and the `events` object now has `usingDomains` preset to `false`, which is the behavior in 9.x prior to 9.6.0 (Myles Borins) [#18944](https://github.com/nodejs/node/pull/18944)
### Commits
@ -678,31 +678,31 @@ This is a special release to fix potentially Semver-Major regression that was re
### Notable Changes
* **async_hooks**:
- deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) [#18513](https://github.com/nodejs/node/pull/18513)
- rename PromiseWrap.parentId to PromiseWrap.isChainedPromise (Ali Ijaz Sheikh) [#18633](https://github.com/nodejs/node/pull/18633)
* deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) [#18513](https://github.com/nodejs/node/pull/18513)
* rename PromiseWrap.parentId to PromiseWrap.isChainedPromise (Ali Ijaz Sheikh) [#18633](https://github.com/nodejs/node/pull/18633)
* **deps**:
- update node-inspect to 1.11.3 (Jan Krems) [#18354](https://github.com/nodejs/node/pull/18354)
- ICU 60.2 bump (Steven R. Loomis) [#17687](https://github.com/nodejs/node/pull/17687)
- Introduce ScriptOrModule and HostDefinedOptions to V8 (Jan Krems) [#16889](https://github.com/nodejs/node/pull/16889)
* update node-inspect to 1.11.3 (Jan Krems) [#18354](https://github.com/nodejs/node/pull/18354)
* ICU 60.2 bump (Steven R. Loomis) [#17687](https://github.com/nodejs/node/pull/17687)
* Introduce ScriptOrModule and HostDefinedOptions to V8 (Jan Krems) [#16889](https://github.com/nodejs/node/pull/16889)
* **http**:
- add options to http.createServer() for `IncomingMessage` and `ServerReponse` (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)
* add options to http.createServer() for `IncomingMessage` and `ServerReponse` (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)
* **http2**:
- add http fallback options to .createServer (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)
* add http fallback options to .createServer (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)
* **https**:
- Adds the remaining options from tls.createSecureContext() to the string generated by Agent#getName(). This allows https.request() to accept the options and generate unique sockets appropriately. (Jeff Principe) [#16402](https://github.com/nodejs/node/pull/16402)
* Adds the remaining options from tls.createSecureContext() to the string generated by Agent#getName(). This allows https.request() to accept the options and generate unique sockets appropriately. (Jeff Principe) [#16402](https://github.com/nodejs/node/pull/16402)
* **inspector**:
- --inspect-brk for es modules (Guy Bedford) [#18194](https://github.com/nodejs/node/pull/18194)
* --inspect-brk for es modules (Guy Bedford) [#18194](https://github.com/nodejs/node/pull/18194)
* **lib**:
- allow process kill by signal number (Sam Roberts) [#16944](https://github.com/nodejs/node/pull/16944)
* allow process kill by signal number (Sam Roberts) [#16944](https://github.com/nodejs/node/pull/16944)
* **module**:
- enable dynamic import (Myles Borins) [#18387](https://github.com/nodejs/node/pull/18387)
- dynamic import is now supported (Jan Krems) [#15713](https://github.com/nodejs/node/pull/15713)
* enable dynamic import (Myles Borins) [#18387](https://github.com/nodejs/node/pull/18387)
* dynamic import is now supported (Jan Krems) [#15713](https://github.com/nodejs/node/pull/15713)
* **n-api**:
- add methods to open/close callback scope (Michael Dawson) [#18089](https://github.com/nodejs/node/pull/18089)
* add methods to open/close callback scope (Michael Dawson) [#18089](https://github.com/nodejs/node/pull/18089)
* **src**:
- allow --perf-(basic-)?prof in NODE_OPTIONS (Leko) [#17600](https://github.com/nodejs/node/pull/17600)
* allow --perf-(basic-)?prof in NODE_OPTIONS (Leko) [#17600](https://github.com/nodejs/node/pull/17600)
* **vm**:
- add support for es modules (Gus Caplan) [#17560](https://github.com/nodejs/node/pull/17560)
* add support for es modules (Gus Caplan) [#17560](https://github.com/nodejs/node/pull/17560)
### Commits
@ -918,18 +918,18 @@ This is a special release to fix potentially Semver-Major regression that was re
### Notable Changes
* **cluster**
- add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399)
* add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399)
* **deps**
- upgrade libuv to 1.19.1 (cjihrig) [#18260](https://github.com/nodejs/node/pull/18260)
* upgrade libuv to 1.19.1 (cjihrig) [#18260](https://github.com/nodejs/node/pull/18260)
* **meta**
- add Leko to collaborators (Leko) [#18117](https://github.com/nodejs/node/pull/18117)
- add vdeturckheim as collaborator (vdeturckheim) [#18432](https://github.com/nodejs/node/pull/18432)
* add Leko to collaborators (Leko) [#18117](https://github.com/nodejs/node/pull/18117)
* add vdeturckheim as collaborator (vdeturckheim) [#18432](https://github.com/nodejs/node/pull/18432)
* **n-api**
- expose n-api version in process.versions (Michael Dawson) [#18067](https://github.com/nodejs/node/pull/18067)
* expose n-api version in process.versions (Michael Dawson) [#18067](https://github.com/nodejs/node/pull/18067)
* **perf_hooks**
- add performance.clear() (James M Snell) [#18046](https://github.com/nodejs/node/pull/18046)
* add performance.clear() (James M Snell) [#18046](https://github.com/nodejs/node/pull/18046)
* **stream**
- avoid writeAfterEnd() while ending (陈刚) [#18170](https://github.com/nodejs/node/pull/18170)
* avoid writeAfterEnd() while ending (陈刚) [#18170](https://github.com/nodejs/node/pull/18170)
### Commits
@ -1101,36 +1101,36 @@ This is a special release to fix potentially Semver-Major regression that was re
### Notable Changes
* **async\_hooks**:
- deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither API were documented. (Andreas Madsen) [#16972](https://github.com/nodejs/node/pull/16972)
* deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither API were documented. (Andreas Madsen) [#16972](https://github.com/nodejs/node/pull/16972)
* **deps**:
- update nghttp2 to 1.29.0 (James M Snell) [#17908](https://github.com/nodejs/node/pull/17908)
- upgrade npm to 5.6.0 (Kat Marchán) [#17535](https://github.com/nodejs/node/pull/17535)
- cherry-pick 50f7455 from upstream V8 (Michaël Zasso) [#16591](https://github.com/nodejs/node/pull/16591)
* update nghttp2 to 1.29.0 (James M Snell) [#17908](https://github.com/nodejs/node/pull/17908)
* upgrade npm to 5.6.0 (Kat Marchán) [#17535](https://github.com/nodejs/node/pull/17535)
* cherry-pick 50f7455 from upstream V8 (Michaël Zasso) [#16591](https://github.com/nodejs/node/pull/16591)
* **events**:
- remove reaches into _events internals (Anatoli Papirovski) [#17440](https://github.com/nodejs/node/pull/17440)
* remove reaches into _events internals (Anatoli Papirovski) [#17440](https://github.com/nodejs/node/pull/17440)
* **http**:
- add rawPacket in err of `clientError` event (XadillaX) [#17672](https://github.com/nodejs/node/pull/17672)
* add rawPacket in err of `clientError` event (XadillaX) [#17672](https://github.com/nodejs/node/pull/17672)
* **http2**:
- implement maxSessionMemory (James M Snell) [#17967](https://github.com/nodejs/node/pull/17967)
- add initial support for originSet (James M Snell) [#17935](https://github.com/nodejs/node/pull/17935)
- add altsvc support (James M Snell) [#17917](https://github.com/nodejs/node/pull/17917)
- perf_hooks integration (James M Snell) [#17906](https://github.com/nodejs/node/pull/17906)
- Refactoring and cleanup of Http2Session and Http2Stream destroy (James M Snell) [#17406](https://github.com/nodejs/node/pull/17406)
* implement maxSessionMemory (James M Snell) [#17967](https://github.com/nodejs/node/pull/17967)
* add initial support for originSet (James M Snell) [#17935](https://github.com/nodejs/node/pull/17935)
* add altsvc support (James M Snell) [#17917](https://github.com/nodejs/node/pull/17917)
* perf_hooks integration (James M Snell) [#17906](https://github.com/nodejs/node/pull/17906)
* Refactoring and cleanup of Http2Session and Http2Stream destroy (James M Snell) [#17406](https://github.com/nodejs/node/pull/17406)
* **net**:
- remove Socket.prototype.listen (Ruben Bridgewater) [#13735](https://github.com/nodejs/node/pull/13735)
* remove Socket.prototype.listen (Ruben Bridgewater) [#13735](https://github.com/nodejs/node/pull/13735)
* **repl**:
- show lexically scoped vars in tab completion (Michaël Zasso) [#16591](https://github.com/nodejs/node/pull/16591)
* show lexically scoped vars in tab completion (Michaël Zasso) [#16591](https://github.com/nodejs/node/pull/16591)
* **stream**:
- rm {writeable/readable}State.length (Calvin Metcalf) [#12857](https://github.com/nodejs/node/pull/12857)
- add flow and buffer properties to streams (Calvin Metcalf) [#12855](https://github.com/nodejs/node/pull/12855)
* rm {writeable/readable}State.length (Calvin Metcalf) [#12857](https://github.com/nodejs/node/pull/12857)
* add flow and buffer properties to streams (Calvin Metcalf) [#12855](https://github.com/nodejs/node/pull/12855)
* **util**:
- allow wildcards in NODE_DEBUG variable (Tyler) [#17609](https://github.com/nodejs/node/pull/17609)
* allow wildcards in NODE_DEBUG variable (Tyler) [#17609](https://github.com/nodejs/node/pull/17609)
* **zlib**:
- add ArrayBuffer support (Jem Bezooyen) [#16042](https://github.com/nodejs/node/pull/16042)
* add ArrayBuffer support (Jem Bezooyen) [#16042](https://github.com/nodejs/node/pull/16042)
* **Added new collaborator**
- [starkwang](https://github.com/starkwang) Weijia Wang
* [starkwang](https://github.com/starkwang) Weijia Wang
* **Added new TSC member**
- [danbev](https://github.com/danbev) Daniel Bevenius
* [danbev](https://github.com/danbev) Daniel Bevenius
### Commits
@ -1376,24 +1376,24 @@ This is a special release to fix potentially Semver-Major regression that was re
### Notable Changes
* **async\_hooks**:
- add trace events to async_hooks (Andreas Madsen) [#15538](https://github.com/nodejs/node/pull/15538)
- add provider types for net server (Andreas Madsen) [#17157](https://github.com/nodejs/node/pull/17157)
* add trace events to async_hooks (Andreas Madsen) [#15538](https://github.com/nodejs/node/pull/15538)
* add provider types for net server (Andreas Madsen) [#17157](https://github.com/nodejs/node/pull/17157)
* **console**:
- console.debug can now be used outside of the inspector (Benjamin Zaslavsky) [#17033](https://github.com/nodejs/node/pull/17033)
* console.debug can now be used outside of the inspector (Benjamin Zaslavsky) [#17033](https://github.com/nodejs/node/pull/17033)
* **deps**:
- upgrade libuv to 1.18.0 (cjihrig) [#17282](https://github.com/nodejs/node/pull/17282)
- patch V8 to 6.2.414.46 (Myles Borins) [#17206](https://github.com/nodejs/node/pull/17206)
* upgrade libuv to 1.18.0 (cjihrig) [#17282](https://github.com/nodejs/node/pull/17282)
* patch V8 to 6.2.414.46 (Myles Borins) [#17206](https://github.com/nodejs/node/pull/17206)
* **module**:
- module.builtinModules will return a list of built in modules (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386)
* module.builtinModules will return a list of built in modules (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386)
* **n-api**:
- add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109)
* add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109)
* **process**:
- process.setUncaughtExceptionCaptureCallback can now be used to customize behavior for `--abort-on-uncaught-exception` (Anna Henningsen) [#17159](https://github.com/nodejs/node/pull/17159)
- A signal handler is now able to receive the signal code that triggered the handler. (Robert Rossmann) [#15606](https://github.com/nodejs/node/pull/15606)
* process.setUncaughtExceptionCaptureCallback can now be used to customize behavior for `--abort-on-uncaught-exception` (Anna Henningsen) [#17159](https://github.com/nodejs/node/pull/17159)
* A signal handler is now able to receive the signal code that triggered the handler. (Robert Rossmann) [#15606](https://github.com/nodejs/node/pull/15606)
* **src**:
- embedders can now use Node::CreatePlatform to create an instance of NodePlatform (Cheng Zhao) [#16981](https://github.com/nodejs/node/pull/16981)
* embedders can now use Node::CreatePlatform to create an instance of NodePlatform (Cheng Zhao) [#16981](https://github.com/nodejs/node/pull/16981)
* **stream**:
- writable.writableHighWaterMark and readable.readableHighWaterMark will return the values the stream object was instantiated with (Calvin Metcalf) [#12860](https://github.com/nodejs/node/pull/12860)
* writable.writableHighWaterMark and readable.readableHighWaterMark will return the values the stream object was instantiated with (Calvin Metcalf) [#12860](https://github.com/nodejs/node/pull/12860)
* **Added new collaborators**
* [maclover7](https://github.com/maclover7) Jon Moss
* [guybedford](https://github.com/guybedford) Guy Bedford
@ -1820,11 +1820,11 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **crypto**:
- Support building with both 1.1.0 and 1.0.2 (David Benjamin) [#16130](https://github.com/nodejs/node/pull/16130)
* Support building with both 1.1.0 and 1.0.2 (David Benjamin) [#16130](https://github.com/nodejs/node/pull/16130)
* **fs**:
- fs.realpathSync.native and fs.realpath.native are now exposed (Ben Noordhuis) [#15776](https://github.com/nodejs/node/pull/15776)
* fs.realpathSync.native and fs.realpath.native are now exposed (Ben Noordhuis) [#15776](https://github.com/nodejs/node/pull/15776)
* **process**:
- expose process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839)
* expose process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839)
### Commits
@ -1968,12 +1968,12 @@ Fixes for the following CVEs are included in this release:
### Notable Changes
* **CLI**:
- `NODE_OPTIONS` now supports the `--stack-trace-limit` option. [#16495](https://github.com/nodejs/node/pull/16495)
* `NODE_OPTIONS` now supports the `--stack-trace-limit` option. [#16495](https://github.com/nodejs/node/pull/16495)
* **deps**:
- OpenSSL is upgraded to 1.0.2m [#16691](https://github.com/nodejs/node/pull/16691)
* OpenSSL is upgraded to 1.0.2m [#16691](https://github.com/nodejs/node/pull/16691)
* **http**:
- A `'connect'` event handler leak has been fixed. [#16725](https://github.com/nodejs/node/pull/16725)
- The `103 Early Hints` status code is now supported. [#16644](https://github.com/nodejs/node/pull/16644)
* A `'connect'` event handler leak has been fixed. [#16725](https://github.com/nodejs/node/pull/16725)
* The `103 Early Hints` status code is now supported. [#16644](https://github.com/nodejs/node/pull/16644)
### Commits

24
doc/guides/contributing/pull-requests.md
View File

@ -106,10 +106,10 @@ $ git checkout -b my-branch -t upstream/master
The vast majority of Pull Requests opened against the `nodejs/node`
repository includes changes to one or more of the following:
- the C/C++ code contained in the `src` directory
- the JavaScript code contained in the `lib` directory
- the documentation in `doc/api`
- tests within the `test` directory.
* the C/C++ code contained in the `src` directory
* the JavaScript code contained in the `lib` directory
* the documentation in `doc/api`
* tests within the `test` directory.
If you are modifying code, please be sure to run `make lint` from time to
time to ensure that the changes follow the Node.js code style guide.
@ -143,17 +143,17 @@ notes about [commit squashing](#commit-squashing).
A good commit message should describe what changed and why.
1. The first line should:
- contain a short description of the change (preferably 50 characters or
* contain a short description of the change (preferably 50 characters or
less, and no more than 72 characters)
- be entirely in lowercase with the exception of proper nouns, acronyms, and
* be entirely in lowercase with the exception of proper nouns, acronyms, and
the words that refer to code, like function/variable names
- be prefixed with the name of the changed subsystem and start with an
* be prefixed with the name of the changed subsystem and start with an
imperative verb. Check the output of `git log --oneline files/you/changed` to
find out what subsystems your changes touch.
Examples:
- `net: add localAddress and localPort to Socket`
- `src: fix typos in async_wrap.h`
* `net: add localAddress and localPort to Socket`
* `src: fix typos in async_wrap.h`
2. Keep the second line blank.
3. Wrap all other lines at 72 columns (except for long URLs).
@ -163,9 +163,9 @@ A good commit message should describe what changed and why.
references use `Refs:`.
Examples:
- `Fixes: https://github.com/nodejs/node/issues/1337`
- `Refs: https://eslint.org/docs/rules/space-in-parens.html`
- `Refs: https://github.com/nodejs/node/pull/3615`
* `Fixes: https://github.com/nodejs/node/issues/1337`
* `Refs: https://eslint.org/docs/rules/space-in-parens.html`
* `Refs: https://github.com/nodejs/node/pull/3615`
5. If your commit introduces a breaking change (`semver-major`), it should
contain an explanation about the reason of the breaking change, which

8
doc/guides/maintaining-the-build-files.md
View File

@ -8,17 +8,17 @@ On how to build the Node.js core, see [Building Node.js](../../BUILDING.md).
There are three main build files that may be directly run when building Node.js:
- `configure`: A Python 2 script that detects system capabilities and runs
* `configure`: A Python 2 script that detects system capabilities and runs
[GYP][]. It generates `config.gypi` which includes parameters used by GYP to
create platform-dependent build files. Its output is usually in one of these
formats: Makefile, MSbuild, ninja, or XCode project files (the main
Makefile mentioned below is maintained separately by humans). For a detailed
guide on this script, see [configure](#configure).
- `vcbuild.bat`: A Windows Batch Script that locates build tools, provides a
* `vcbuild.bat`: A Windows Batch Script that locates build tools, provides a
subset of the targets available in the [Makefile](#makefile), and a few
targets of its own. For a detailed guide on this script, see
[vcbuild.bat](#vcbuildbat).
- `Makefile`: A Makefile that can be run with GNU Make. It provides a set of
* `Makefile`: A Makefile that can be run with GNU Make. It provides a set of
targets that build and test the Node.js binary, produce releases and
documentation, and interact with the CI to run benchmarks or tests. For a
detailed guide on this file, see [Makefile](#makefile).
@ -45,7 +45,7 @@ maintained by humans. This is not usually run on Windows, where
### Options
- `-j <n>`: number of threads used to build the binary. On the non-CI
* `-j <n>`: number of threads used to build the binary. On the non-CI
targets, the parallel tests will take up all the available cores, regardless
of this option.

30
doc/guides/writing-tests.md
View File

@ -6,17 +6,17 @@ Most tests in Node.js core are JavaScript programs that exercise a functionality
provided by Node.js and check that it behaves as expected. Tests should exit
with code `0` on success. A test will fail if:
- It exits by setting `process.exitCode` to a non-zero number.
- This is usually done by having an assertion throw an uncaught Error.
- Occasionally, using `process.exit(code)` may be appropriate.
- It never exits. In this case, the test runner will terminate the test because
* It exits by setting `process.exitCode` to a non-zero number.
* This is usually done by having an assertion throw an uncaught Error.
* Occasionally, using `process.exit(code)` may be appropriate.
* It never exits. In this case, the test runner will terminate the test because
it sets a maximum time limit.
Add tests when:
- Adding new functionality.
- Fixing regressions and bugs.
- Expanding test coverage.
* Adding new functionality.
* Fixing regressions and bugs.
* Expanding test coverage.
## Test directory structure
@ -113,14 +113,14 @@ This is the body of the test. This test is simple, it just tests that an
HTTP server accepts `non-ASCII` characters in the headers of an incoming
request. Interesting things to notice:
- If the test doesn't depend on a specific port number, then always use 0
* If the test doesn't depend on a specific port number, then always use 0
instead of an arbitrary value, as it allows tests to run in parallel safely,
as the operating system will assign a random port. If the test requires a
specific port, for example if the test checks that assigning a specific port
works as expected, then it is ok to assign a specific port number.
- The use of `common.mustCall` to check that some callbacks/listeners are
* The use of `common.mustCall` to check that some callbacks/listeners are
called.
- The HTTP server closes once all the checks have run. This way, the test can
* The HTTP server closes once all the checks have run. This way, the test can
exit gracefully. Remember that for a test to succeed, it must exit with a
status code of 0.
@ -268,8 +268,8 @@ const freelist = require('internal/freelist');
When writing assertions, prefer the strict versions:
- `assert.strictEqual()` over `assert.equal()`
- `assert.deepStrictEqual()` over `assert.deepEqual()`
* `assert.strictEqual()` over `assert.equal()`
* `assert.deepStrictEqual()` over `assert.deepEqual()`
When using `assert.throws()`, if possible, provide the full error message:
@ -318,9 +318,9 @@ features that can be used directly without a flag in
[all maintained branches][]. [node.green][] lists available features
in each release, such as:
- `let` and `const` over `var`
- Template literals over string concatenation
- Arrow functions when appropriate
* `let` and `const` over `var`
* Template literals over string concatenation
* Arrow functions when appropriate
## Naming Test Files

48
doc/releases.md
View File

@ -105,11 +105,11 @@ should be listed in the Node.js GitHub README.md file.
Notes:
- Dates listed below as _"YYYY-MM-DD"_ should be the date of the release **as
* Dates listed below as _"YYYY-MM-DD"_ should be the date of the release **as
UTC**. Use `date -u +'%Y-%m-%d'` to find out what this is.
- Version strings are listed below as _"vx.y.z"_ or _"x.y.z"_. Substitute for
* Version strings are listed below as _"vx.y.z"_ or _"x.y.z"_. Substitute for
the release version.
- Examples will use the fictional release version `1.2.3`.
* Examples will use the fictional release version `1.2.3`.
### 0. Pre-release steps
@ -145,10 +145,10 @@ Go through PRs with the label `vN.x`. e.g. [PRs with the `v8.x` label](https://g
For each PR:
- Run or check that there is a passing CI.
- Check approvals (you can approve yourself).
- Check that the commit metadata was not changed from the `master` commit.
- If there are merge conflicts, ask the PR author to rebase.
* Run or check that there is a passing CI.
* Check approvals (you can approve yourself).
* Check that the commit metadata was not changed from the `master` commit.
* If there are merge conflicts, ask the PR author to rebase.
Simple conflicts can be resolved when landing.
When landing the PR add the `Backport-PR-URL:` line to each commit. Close the
@ -174,11 +174,11 @@ cherry-picked.
Carefully review the list of commits:
- Checking for errors (incorrect `PR-URL`)
- Checking semver status - Commits labeled as `semver-minor` or `semver-major`
* Checking for errors (incorrect `PR-URL`)
* Checking semver status - Commits labeled as `semver-minor` or `semver-major`
should only be cherry-picked when appropriate for the type of release being
made.
- If you think it's risky so should wait for a while, add the `baking-for-lts`
* If you think it's risky so should wait for a while, add the `baking-for-lts`
tag.
When cherry-picking commits, if there are simple conflicts you can resolve
@ -225,10 +225,10 @@ be produced with a version string that does not have a trailing pre-release tag:
This macro is used to signal an ABI version for native addons. It currently has
two common uses in the community:
- Determining what API to work against for compiling native addons, e.g.
* Determining what API to work against for compiling native addons, e.g.
[NAN](https://github.com/nodejs/nan) uses it to form a compatibility-layer for
much of what it wraps.
- Determining the ABI for downloading pre-built binaries of native addons, e.g.
* Determining the ABI for downloading pre-built binaries of native addons, e.g.
[node-pre-gyp](https://github.com/mapbox/node-pre-gyp) uses this value as
exposed via `process.versions.modules` to help determine the appropriate
binary to download at install-time.
@ -504,8 +504,8 @@ remainder of the release steps.
On release proposal branch, edit `src/node_version.h` again and:
- Increment `NODE_PATCH_VERSION` by one
- Change `NODE_VERSION_IS_RELEASE` back to `0`
* Increment `NODE_PATCH_VERSION` by one
* Change `NODE_VERSION_IS_RELEASE` back to `0`
Commit this change with the following commit message format:
@ -610,16 +610,16 @@ This script will use the promoted builds and changelog to generate the post. Run
`npm run serve` to preview the post locally before pushing to the
[nodejs.org](https://github.com/nodejs/nodejs.org) repo.
- You can add a short blurb just under the main heading if you want to say
* You can add a short blurb just under the main heading if you want to say
something important, otherwise the text should be publication ready.
- The links to the download files won't be complete unless you waited for the
* The links to the download files won't be complete unless you waited for the
ARMv6 builds. Any downloads that are missing will have `*Coming soon*` next to
them. It's your responsibility to manually update these later when you have
the outstanding builds.
- The SHASUMS256.txt.asc content is at the bottom of the post. When you update
* The SHASUMS256.txt.asc content is at the bottom of the post. When you update
the list of tarballs you'll need to copy/paste the new contents of this file
to reflect those changes.
- Always use pull-requests on the nodejs.org repo. Be respectful of that working
* Always use pull-requests on the nodejs.org repo. Be respectful of that working
group, but you shouldn't have to wait for PR sign-off. Opening a PR and
merging it immediately _should_ be fine. However, please follow the following
commit message format:
@ -630,16 +630,16 @@ This script will use the promoted builds and changelog to generate the post. Run
Refs: <full URL to your release proposal PR>
```
- Changes to `master` on the nodejs.org repo will trigger a new build of
* Changes to `master` on the nodejs.org repo will trigger a new build of
nodejs.org so your changes should appear in a few minutes after pushing.
### 16. Create the release on GitHub
- Go to the [New release page](https://github.com/nodejs/node/releases/new).
- Select the tag version you pushed earlier.
- For release title, copy the title from the changelog.
- For the description, copy the rest of the changelog entry.
- Click on the "Publish release" button.
* Go to the [New release page](https://github.com/nodejs/node/releases/new).
* Select the tag version you pushed earlier.
* For release title, copy the title from the changelog.
* For the description, copy the rest of the changelog entry.
* Click on the "Publish release" button.
### 17. Cleanup