| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Version 13.3.0:
Notable Changes
fs:
Reworked experimental recursive rmdir()
The maxBusyTries option is renamed to maxRetries, and its default is set to 0. The emfileWait option has been removed, and EMFILE errors use the same retry logic as other errors. The retryDelay option is now supported. ENFILE errors are now retried.
http:
Make maximum header size configurable per-stream or per-server
http2:
Make maximum tolerated rejected streams configurable
Allow to configure maximum tolerated invalid frames
wasi:
Introduce initial WASI support
|
|
Version 10.14.2 'Dubnium' (LTS)
This LTS release comes with 374 commits. This includes 165 which are test or benchmark related, 77 which are doc related, 29 which are build / tool related and 15 commits which update dependencies.
Notable Changes
* deps:
- upgrade to c-ares v1.15.0
* Windows:
- A crashing process will now show the names of stack frames if the node.pdb file is available.
|
|
Version 10.14.0 'Dubnium' (LTS):
This is a security release. All Node.js users should consult the security release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)
Notable Changes
* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
- Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
- A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol.
|
|
|
|
Use bundled OpenSSL until pkgsrc provides the required 1.1.x.
### Notable Changes
- Assert
- Calling `assert.fail()` with more than one argument is deprecated.
- Calling `assert.ok()` with no arguments will now throw.
- Calling `assert.ifError()` will now throw with any argument other
than `undefined` or `null`. Previously the method would throw with
any truthy value.
- The `assert.rejects()` and `assert.doesNotReject()` methods have
been added for working with async functions.
- Async_hooks
- Older experimental async_hooks APIs have been removed.
- Buffer
- Uses of `new Buffer()` and `Buffer()` outside of the
`node_modules` directory will now emit a runtime deprecation
warning.
- `Buffer.isEncoding()` now returns `undefined` for falsy values,
including an empty string.
- `Buffer.fill()` will throw if an attempt is made to fill with an
empty `Buffer`.
- Child Process
- Undefined properties of env are ignored.
- Console
- The `console.table()` method has been added.
- Crypto
- The `crypto.createCipher()` and `crypto.createDecipher()` methods
have been deprecated. Please use `crypto.createCipheriv()` and
`crypto.createDecipheriv()` instead.
- The `decipher.finaltol()` method has been deprecated.
- The `crypto.DEFAULT_ENCODING` property has been deprecated.
- The `ECDH.convertKey()` method has been added.
- The `crypto.fips` property has been deprecated.
- Dependencies
- V8 has been updated to 6.6.
- OpenSSL has been updated to 1.1.0h.
- EventEmitter
- The `EventEmitter.prototype.off()` method has been added as an
alias for `EventEmitter.prototype.removeListener()`.
- File System
- The `fs/promises` API provides experimental promisified versions
of the `fs` functions.
- Invalid path errors are now thrown synchronously.
- The `fs.readFile()` method now partitions reads to avoid thread
pool exhaustion.
- HTTP
- Processing of HTTP Status codes `100`, `102-199` has been
improved.
- Multi-byte characters in URL paths are now forbidden.
- N-API
- The n-api is no longer experimental.
- Net
- The `'close'` event will be emitted after `'end'`.
- Perf_hooks
- The `PerformanceObserver` class is now an `AsyncResource` and can
be monitored using `async_hooks`.
- Trace events are now emitted for performance events.
- The `performance` API has been simplified.
- Performance milestone marks will be emitted as trace events.
- Process
- Using non-string values for `process.env` is deprecated.
- The `process.assert()` method is deprecated.
- REPL
- REPL now experimentally supports top-level await when using the
`--experimental-repl-await` flag.
- The previously deprecated "magic mode" has been removed.
- The previously deprecated `NODE_REPL_HISTORY_FILE` environment
variable has been removed.
- Proxy objects are shown as Proxy objects when inspected.
- Streams
- The `'readable'` event is now always deferred with nextTick.
- A new `pipeline()` method has been provided for building
end-to-data stream pipelines.
- Experimental support for async for-await has been added to
`stream.Readable`.
- Timers
- The `enroll()` and `unenroll()` methods have been deprecated.
- TLS
- The `tls.convertNPNProtocols()` method has been deprecated.
- Support for NPN (next protocol negotiation) has been dropped.
- The `ecdhCurve` default is now `'auto'`.
- Trace Events
- A new `trace_events` top-level module allows trace event
categories to be enabled/disabled at runtime.
- URL
- The WHATWG URL API is now a global.
- Util
- `util.types.is[…]` type checks have been added.
- Support for bigint formatting has been added to `util.inspect()`.
#### Deprecations:
The following APIs have been deprecated in Node.js 10.0.0
- Passing more than one argument to `assert.fail()` will emit a
runtime deprecation warning.
- Previously deprecated legacy async_hooks APIs have reached
end-of-life and have been removed.
- Using `require()` to access several of Node.js' own internal
dependencies will emit a runtime deprecation.
- The `crypto.createCipher()` and `crypto.createDecipher()` methods
have been deprecated in documentation.
- Using the `Decipher.finaltol()` method will emit a runtime
deprecation warning.
- Using the `crypto.DEFAULT_ENCODING` property will emit a runtime
deprecation warning.
- Use by native addons of the `MakeCallback()` variant that passes a
`Domain` will emit a runtime deprecation warning.
- Previously deprecated internal getters/setters on `net.Server` has
reached end-of-life and have been removed.
- Use of non-string values for `process.env` has been deprecated in
documentation.
- Use of `process.assert()` will emit a runtime deprecation warning.
- Previously deprecated `NODE_REPL_HISTORY_FILE` environment variable
has reached end-of-life and has been removed.
- Use of the `timers.enroll()` and `timers.unenroll()` methods will
emit a runtime deprecation warning.
- Use of the `tls.convertNPNProtocols()` method will emit a runtime
deprecation warning. Support for NPN has been removed from Node.js.
- The `crypto.fips` property has been deprecated in documentation.
|
|
nodeversion.mk framework to pick and depend on one of the supported nodejs version packages. Bump respective PKGREVISIONs.
|
