diff --git a/COLLABORATOR_GUIDE.md b/COLLABORATOR_GUIDE.md index b3dbd05756c23c..2796565670a1ff 100644 --- a/COLLABORATOR_GUIDE.md +++ b/COLLABORATOR_GUIDE.md @@ -3,35 +3,35 @@ ## Contents * [Issues and Pull Requests](#issues-and-pull-requests) - - [Welcoming First-Time Contributors](#welcoming-first-time-contributors) - - [Closing Issues and Pull Requests](#closing-issues-and-pull-requests) - - [Author ready pull requests](#author-ready-pull-requests) - - [Handling own pull requests](#handling-own-pull-requests) + * [Welcoming First-Time Contributors](#welcoming-first-time-contributors) + * [Closing Issues and Pull Requests](#closing-issues-and-pull-requests) + * [Author ready pull requests](#author-ready-pull-requests) + * [Handling own pull requests](#handling-own-pull-requests) * [Accepting Modifications](#accepting-modifications) - - [Code Reviews](#code-reviews) - - [Consensus Seeking](#consensus-seeking) - - [Waiting for Approvals](#waiting-for-approvals) - - [Testing and CI](#testing-and-ci) - - [Useful CI Jobs](#useful-ci-jobs) - - [Internal vs. Public API](#internal-vs-public-api) - - [Breaking Changes](#breaking-changes) - - [Breaking Changes and Deprecations](#breaking-changes-and-deprecations) - - [Breaking Changes to Internal Elements](#breaking-changes-to-internal-elements) - - [Unintended Breaking Changes](#unintended-breaking-changes) - - [Reverting commits](#reverting-commits) - - [Introducing New Modules](#introducing-new-modules) - - [Additions to N-API](#additions-to-n-api) - - [Deprecations](#deprecations) - - [Involving the TSC](#involving-the-tsc) + * [Code Reviews](#code-reviews) + * [Consensus Seeking](#consensus-seeking) + * [Waiting for Approvals](#waiting-for-approvals) + * [Testing and CI](#testing-and-ci) + * [Useful CI Jobs](#useful-ci-jobs) + * [Internal vs. Public API](#internal-vs-public-api) + * [Breaking Changes](#breaking-changes) + * [Breaking Changes and Deprecations](#breaking-changes-and-deprecations) + * [Breaking Changes to Internal Elements](#breaking-changes-to-internal-elements) + * [Unintended Breaking Changes](#unintended-breaking-changes) + * [Reverting commits](#reverting-commits) + * [Introducing New Modules](#introducing-new-modules) + * [Additions to N-API](#additions-to-n-api) + * [Deprecations](#deprecations) + * [Involving the TSC](#involving-the-tsc) * [Landing Pull Requests](#landing-pull-requests) - - [Using `git-node`](#using-git-node) - - [Technical HOWTO](#technical-howto) - - [Troubleshooting](#troubleshooting) - - [I Made a Mistake](#i-made-a-mistake) - - [Long Term Support](#long-term-support) - - [What is LTS?](#what-is-lts) - - [How are LTS Branches Managed?](#how-are-lts-branches-managed) - - [How can I help?](#how-can-i-help) + * [Using `git-node`](#using-git-node) + * [Technical HOWTO](#technical-howto) + * [Troubleshooting](#troubleshooting) + * [I Made a Mistake](#i-made-a-mistake) + * [Long Term Support](#long-term-support) + * [What is LTS?](#what-is-lts) + * [How are LTS Branches Managed?](#how-are-lts-branches-managed) + * [How can I help?](#how-can-i-help) * [Who to CC in the issue tracker](#who-to-cc-in-the-issue-tracker) This document explains how Collaborators manage the Node.js project. @@ -371,10 +371,10 @@ deprecation level of an API. Collaborators may opt to elevate pull requests or issues to the [TSC][]. Do this if a pull request or issue: -- is labeled `semver-major`, or -- has a significant impact on the codebase, or -- is controversial, or -- is at an impasse among Collaborators who are participating in the discussion. +* is labeled `semver-major`, or +* has a significant impact on the codebase, or +* is controversial, or +* is at an impasse among Collaborators who are participating in the discussion. @-mention the `@nodejs/tsc` GitHub team if you want to elevate an issue to the [TSC][]. Do not use the GitHub UI on the right-hand side to assign to diff --git a/CPP_STYLE_GUIDE.md b/CPP_STYLE_GUIDE.md index c3fe1e840746cb..30a2ec99fa087b 100644 --- a/CPP_STYLE_GUIDE.md +++ b/CPP_STYLE_GUIDE.md @@ -191,8 +191,8 @@ class FancyContainer { ### Memory allocation -- `Malloc()`, `Calloc()`, etc. from `util.h` abort in Out-of-Memory situations -- `UncheckedMalloc()`, etc. return `nullptr` in OOM situations +* `Malloc()`, `Calloc()`, etc. from `util.h` abort in Out-of-Memory situations +* `UncheckedMalloc()`, etc. return `nullptr` in OOM situations ### Use `nullptr` instead of `NULL` or `0` @@ -278,10 +278,10 @@ data[0] = 12345; ### Type casting -- Use `static_cast` if casting is required, and it is valid -- Use `reinterpret_cast` only when it is necessary -- Avoid C-style casts (`(type)value`) -- `dynamic_cast` does not work because Node.js is built without +* Use `static_cast` if casting is required, and it is valid +* Use `reinterpret_cast` only when it is necessary +* Avoid C-style casts (`(type)value`) +* `dynamic_cast` does not work because Node.js is built without [Run Time Type Information][] Further reading: diff --git a/GOVERNANCE.md b/GOVERNANCE.md index 9e678855932e1d..c8560291164f36 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -2,13 +2,13 @@ -- [Collaborators](#collaborators) - - [Collaborator Activities](#collaborator-activities) -- [Technical Steering Committee](#technical-steering-committee) - - [TSC Meetings](#tsc-meetings) -- [Collaborator Nominations](#collaborator-nominations) - - [Onboarding](#onboarding) -- [Consensus Seeking Process](#consensus-seeking-process) +* [Collaborators](#collaborators) + * [Collaborator Activities](#collaborator-activities) +* [Technical Steering Committee](#technical-steering-committee) + * [TSC Meetings](#tsc-meetings) +* [Collaborator Nominations](#collaborator-nominations) + * [Onboarding](#onboarding) +* [Consensus Seeking Process](#consensus-seeking-process) diff --git a/SECURITY.md b/SECURITY.md index 5f1e3e2cc7d563..a82c5f48ceac12 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -14,22 +14,22 @@ nonetheless. ## Public disclosure preferred -- [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain +* [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain function can be used to cause segfaults_. Requires the ability to execute arbitrary JavaScript code. That is already the highest level of privilege possible. ## Private disclosure preferred -- [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/): +* [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/): _Fix invalid wildcard certificate validation check_. This was a high-severity defect. It caused Node.js TLS clients to accept invalid wildcard certificates. -- [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes +* [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes the CacheBleed Attack possible_. Many, though not all, OpenSSL vulnerabilities in the TLS/SSL protocols also affect Node.js. -- [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/): +* [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/): _Fix defects in HTTP header parsing for requests and responses that can allow response splitting_. This was a remotely-exploitable defect in the Node.js HTTP implementation. diff --git a/doc/api/addons.md b/doc/api/addons.md index 81bd8b5bacc68e..ca99e5e35d95cf 100644 --- a/doc/api/addons.md +++ b/doc/api/addons.md @@ -17,13 +17,13 @@ for more information on N-API. When not using N-API, implementing Addons is complicated, involving knowledge of several components and APIs: -- V8: the C++ library Node.js currently uses to provide the +* V8: the C++ library Node.js currently uses to provide the JavaScript implementation. V8 provides the mechanisms for creating objects, calling functions, etc. V8's API is documented mostly in the `v8.h` header file (`deps/v8/include/v8.h` in the Node.js source tree), which is also available [online][v8-docs]. -- [libuv][]: The C library that implements the Node.js event loop, its worker +* [libuv][]: The C library that implements the Node.js event loop, its worker threads and all of the asynchronous behaviors of the platform. It also serves as a cross-platform abstraction library, giving easy, POSIX-like access across all major operating systems to many common system tasks, such @@ -35,11 +35,11 @@ involving knowledge of several components and APIs: off-loading work via libuv to non-blocking system operations, worker threads or a custom use of libuv's threads. -- Internal Node.js libraries. Node.js itself exports a number of C++ APIs +* Internal Node.js libraries. Node.js itself exports a number of C++ APIs that Addons can use — the most important of which is the `node::ObjectWrap` class. -- Node.js includes a number of other statically linked libraries including +* Node.js includes a number of other statically linked libraries including OpenSSL. These other libraries are located in the `deps/` directory in the Node.js source tree. Only the libuv, OpenSSL, V8 and zlib symbols are purposefully re-exported by Node.js and may be used to various extents by @@ -262,8 +262,8 @@ signature. In order to be loaded from multiple Node.js environments, such as a main thread and a Worker thread, an add-on needs to either: -- Be an N-API addon, or -- Be declared as context-aware using `NODE_MODULE_INIT()` as described above +* Be an N-API addon, or +* Be declared as context-aware using `NODE_MODULE_INIT()` as described above ### Building diff --git a/doc/api/cli.md b/doc/api/cli.md index 24cf04055398ad..af54fbe7c030ca 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -301,8 +301,8 @@ added: v11.4.0 Chooses an HTTP parser library. Available values are: -- `llhttp` for https://llhttp.org/ -- `legacy` for https://github.com/nodejs/http-parser +* `llhttp` for https://llhttp.org/ +* `legacy` for https://github.com/nodejs/http-parser The default is `llhttp`, unless otherwise specified when building Node.js. @@ -987,79 +987,79 @@ node --require "./a.js" --require "./b.js" Node.js options that are allowed are: -- `--enable-fips` -- `--es-module-specifier-resolution` -- `--experimental-exports` -- `--experimental-modules` -- `--experimental-policy` -- `--experimental-repl-await` -- `--experimental-report` -- `--experimental-vm-modules` -- `--experimental-wasm-modules` -- `--force-fips` -- `--frozen-intrinsics` -- `--heapsnapshot-signal` -- `--http-parser` -- `--icu-data-dir` -- `--input-type` -- `--inspect-brk` -- `--inspect-port`, `--debug-port` -- `--inspect-publish-uid` -- `--inspect` -- `--loader` -- `--max-http-header-size` -- `--napi-modules` -- `--no-deprecation` -- `--no-force-async-hooks-checks` -- `--no-warnings` -- `--openssl-config` -- `--pending-deprecation` -- `--policy-integrity` -- `--preserve-symlinks-main` -- `--preserve-symlinks` -- `--prof-process` -- `--redirect-warnings` -- `--report-directory` -- `--report-filename` -- `--report-on-fatalerror` -- `--report-on-signal` -- `--report-signal` -- `--report-uncaught-exception` -- `--require`, `-r` -- `--throw-deprecation` -- `--title` -- `--tls-cipher-list` -- `--tls-max-v1.2` -- `--tls-max-v1.3` -- `--tls-min-v1.0` -- `--tls-min-v1.1` -- `--tls-min-v1.2` -- `--tls-min-v1.3` -- `--trace-deprecation` -- `--trace-event-categories` -- `--trace-event-file-pattern` -- `--trace-events-enabled` -- `--trace-sync-io` -- `--trace-tls` -- `--trace-warnings` -- `--track-heap-objects` -- `--unhandled-rejections` -- `--use-bundled-ca` -- `--use-openssl-ca` -- `--v8-pool-size` -- `--zero-fill-buffers` +* `--enable-fips` +* `--es-module-specifier-resolution` +* `--experimental-exports` +* `--experimental-modules` +* `--experimental-policy` +* `--experimental-repl-await` +* `--experimental-report` +* `--experimental-vm-modules` +* `--experimental-wasm-modules` +* `--force-fips` +* `--frozen-intrinsics` +* `--heapsnapshot-signal` +* `--http-parser` +* `--icu-data-dir` +* `--input-type` +* `--inspect-brk` +* `--inspect-port`, `--debug-port` +* `--inspect-publish-uid` +* `--inspect` +* `--loader` +* `--max-http-header-size` +* `--napi-modules` +* `--no-deprecation` +* `--no-force-async-hooks-checks` +* `--no-warnings` +* `--openssl-config` +* `--pending-deprecation` +* `--policy-integrity` +* `--preserve-symlinks-main` +* `--preserve-symlinks` +* `--prof-process` +* `--redirect-warnings` +* `--report-directory` +* `--report-filename` +* `--report-on-fatalerror` +* `--report-on-signal` +* `--report-signal` +* `--report-uncaught-exception` +* `--require`, `-r` +* `--throw-deprecation` +* `--title` +* `--tls-cipher-list` +* `--tls-max-v1.2` +* `--tls-max-v1.3` +* `--tls-min-v1.0` +* `--tls-min-v1.1` +* `--tls-min-v1.2` +* `--tls-min-v1.3` +* `--trace-deprecation` +* `--trace-event-categories` +* `--trace-event-file-pattern` +* `--trace-events-enabled` +* `--trace-sync-io` +* `--trace-tls` +* `--trace-warnings` +* `--track-heap-objects` +* `--unhandled-rejections` +* `--use-bundled-ca` +* `--use-openssl-ca` +* `--v8-pool-size` +* `--zero-fill-buffers` V8 options that are allowed are: -- `--abort-on-uncaught-exception` -- `--interpreted-frames-native-stack` -- `--max-old-space-size` -- `--perf-basic-prof-only-functions` -- `--perf-basic-prof` -- `--perf-prof-unwinding-info` -- `--perf-prof` -- `--stack-trace-limit` +* `--abort-on-uncaught-exception` +* `--interpreted-frames-native-stack` +* `--max-old-space-size` +* `--perf-basic-prof-only-functions` +* `--perf-basic-prof` +* `--perf-prof-unwinding-info` +* `--perf-prof` +* `--stack-trace-limit` ### `NODE_PATH=path[:…]` @@ -1194,12 +1194,12 @@ Asynchronous system APIs are used by Node.js whenever possible, but where they do not exist, libuv's threadpool is used to create asynchronous node APIs based on synchronous system APIs. Node.js APIs that use the threadpool are: -- all `fs` APIs, other than the file watcher APIs and those that are explicitly +* all `fs` APIs, other than the file watcher APIs and those that are explicitly synchronous -- asynchronous crypto APIs such as `crypto.pbkdf2()`, `crypto.scrypt()`, +* asynchronous crypto APIs such as `crypto.pbkdf2()`, `crypto.scrypt()`, `crypto.randomBytes()`, `crypto.randomFill()`, `crypto.generateKeyPair()` -- `dns.lookup()` -- all `zlib` APIs, other than those that are explicitly synchronous +* `dns.lookup()` +* all `zlib` APIs, other than those that are explicitly synchronous Because libuv's threadpool has a fixed size, it means that if for whatever reason any of these APIs takes a long time, other (seemingly unrelated) APIs diff --git a/doc/api/crypto.md b/doc/api/crypto.md index ca2e02d190bb80..112865f180c895 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -180,9 +180,9 @@ added: v0.1.94 Instances of the `Cipher` class are used to encrypt data. The class can be used in one of two ways: -- As a [stream][] that is both readable and writable, where plain unencrypted +* As a [stream][] that is both readable and writable, where plain unencrypted data is written to produce encrypted data on the readable side, or -- Using the [`cipher.update()`][] and [`cipher.final()`][] methods to produce +* Using the [`cipher.update()`][] and [`cipher.final()`][] methods to produce the encrypted data. The [`crypto.createCipher()`][] or [`crypto.createCipheriv()`][] methods are @@ -286,7 +286,7 @@ added: v1.0.0 * `buffer` {Buffer} * `options` {Object} [`stream.transform` options][] - - `plaintextLength` {number} + * `plaintextLength` {number} * Returns: {Cipher} for method chaining. When using an authenticated encryption mode (`GCM`, `CCM` and `OCB` are @@ -372,9 +372,9 @@ added: v0.1.94 Instances of the `Decipher` class are used to decrypt data. The class can be used in one of two ways: -- As a [stream][] that is both readable and writable, where plain encrypted +* As a [stream][] that is both readable and writable, where plain encrypted data is written to produce unencrypted data on the readable side, or -- Using the [`decipher.update()`][] and [`decipher.final()`][] methods to +* Using the [`decipher.update()`][] and [`decipher.final()`][] methods to produce the unencrypted data. The [`crypto.createDecipher()`][] or [`crypto.createDecipheriv()`][] methods are @@ -484,7 +484,7 @@ changes: * `buffer` {Buffer | TypedArray | DataView} * `options` {Object} [`stream.transform` options][] - - `plaintextLength` {number} + * `plaintextLength` {number} * Returns: {Decipher} for method chaining. When using an authenticated encryption mode (`GCM`, `CCM` and `OCB` are @@ -989,9 +989,9 @@ added: v0.1.92 The `Hash` class is a utility for creating hash digests of data. It can be used in one of two ways: -- As a [stream][] that is both readable and writable, where data is written +* As a [stream][] that is both readable and writable, where data is written to produce a computed hash digest on the readable side, or -- Using the [`hash.update()`][] and [`hash.digest()`][] methods to produce the +* Using the [`hash.update()`][] and [`hash.digest()`][] methods to produce the computed hash. The [`crypto.createHash()`][] method is used to create `Hash` instances. `Hash` @@ -1087,9 +1087,9 @@ added: v0.1.94 The `Hmac` class is a utility for creating cryptographic HMAC digests. It can be used in one of two ways: -- As a [stream][] that is both readable and writable, where data is written +* As a [stream][] that is both readable and writable, where data is written to produce a computed HMAC digest on the readable side, or -- Using the [`hmac.update()`][] and [`hmac.digest()`][] methods to produce the +* Using the [`hmac.update()`][] and [`hmac.digest()`][] methods to produce the computed HMAC digest. The [`crypto.createHmac()`][] method is used to create `Hmac` instances. `Hmac` @@ -1303,9 +1303,9 @@ added: v0.1.92 The `Sign` class is a utility for generating signatures. It can be used in one of two ways: -- As a writable [stream][], where data to be signed is written and the +* As a writable [stream][], where data to be signed is written and the [`sign.sign()`][] method is used to generate and return the signature, or -- Using the [`sign.update()`][] and [`sign.sign()`][] methods to produce the +* Using the [`sign.update()`][] and [`sign.sign()`][] methods to produce the signature. The [`crypto.createSign()`][] method is used to create `Sign` instances. The @@ -1370,8 +1370,8 @@ changes: --> * `privateKey` {Object | string | Buffer | KeyObject} - - `padding` {integer} - - `saltLength` {integer} + * `padding` {integer} + * `saltLength` {integer} * `outputEncoding` {string} The [encoding][] of the return value. * Returns: {Buffer | string} @@ -1432,9 +1432,9 @@ added: v0.1.92 The `Verify` class is a utility for verifying signatures. It can be used in one of two ways: -- As a writable [stream][] where written data is used to validate against the +* As a writable [stream][] where written data is used to validate against the supplied signature, or -- Using the [`verify.update()`][] and [`verify.verify()`][] methods to verify +* Using the [`verify.update()`][] and [`verify.verify()`][] methods to verify the signature. The [`crypto.createVerify()`][] method is used to create `Verify` instances. @@ -1478,8 +1478,8 @@ changes: --> * `object` {Object | string | Buffer | KeyObject} - - `padding` {integer} - - `saltLength` {integer} + * `padding` {integer} + * `saltLength` {integer} * `signature` {string | Buffer | TypedArray | DataView} * `signatureEncoding` {string} The [encoding][] of the `signature` string. * Returns: {boolean} `true` or `false` depending on the validity of the @@ -1942,11 +1942,11 @@ added: v11.6.0 --> * `key` {Object | string | Buffer} - - `key`: {string | Buffer} The key material, either in PEM or DER format. - - `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`. - - `type`: {string} Must be `'pkcs1'`, `'pkcs8'` or `'sec1'`. This option is + * `key`: {string | Buffer} The key material, either in PEM or DER format. + * `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`. + * `type`: {string} Must be `'pkcs1'`, `'pkcs8'` or `'sec1'`. This option is required only if the `format` is `'der'` and ignored if it is `'pem'`. - - `passphrase`: {string | Buffer} The passphrase to use for decryption. + * `passphrase`: {string | Buffer} The passphrase to use for decryption. * Returns: {KeyObject} Creates and returns a new key object containing a private key. If `key` is a @@ -1970,9 +1970,9 @@ changes: --> * `key` {Object | string | Buffer | KeyObject} - - `key`: {string | Buffer} - - `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`. - - `type`: {string} Must be `'pkcs1'` or `'spki'`. This option is required + * `key`: {string | Buffer} + * `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`. + * `type`: {string} Must be `'pkcs1'` or `'spki'`. This option is required only if the `format` is `'der'`. * Returns: {KeyObject} @@ -2060,16 +2060,16 @@ changes: * `type`: {string} Must be `'rsa'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'`, or `'x448'`. * `options`: {Object} - - `modulusLength`: {number} Key size in bits (RSA, DSA). - - `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`. - - `divisorLength`: {number} Size of `q` in bits (DSA). - - `namedCurve`: {string} Name of the curve to use (EC). - - `publicKeyEncoding`: {Object} See [`keyObject.export()`][]. - - `privateKeyEncoding`: {Object} See [`keyObject.export()`][]. + * `modulusLength`: {number} Key size in bits (RSA, DSA). + * `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`. + * `divisorLength`: {number} Size of `q` in bits (DSA). + * `namedCurve`: {string} Name of the curve to use (EC). + * `publicKeyEncoding`: {Object} See [`keyObject.export()`][]. + * `privateKeyEncoding`: {Object} See [`keyObject.export()`][]. * `callback`: {Function} - - `err`: {Error} - - `publicKey`: {string | Buffer | KeyObject} - - `privateKey`: {string | Buffer | KeyObject} + * `err`: {Error} + * `publicKey`: {string | Buffer | KeyObject} + * `privateKey`: {string | Buffer | KeyObject} Generates a new asymmetric key pair of the given `type`. RSA, DSA, EC, Ed25519 and Ed448 are currently supported. @@ -2121,15 +2121,15 @@ changes: * `type`: {string} Must be `'rsa'`, `'dsa'`, `'ec'`, `'ed25519'`, or `'ed448'`. * `options`: {Object} - - `modulusLength`: {number} Key size in bits (RSA, DSA). - - `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`. - - `divisorLength`: {number} Size of `q` in bits (DSA). - - `namedCurve`: {string} Name of the curve to use (EC). - - `publicKeyEncoding`: {Object} See [`keyObject.export()`][]. - - `privateKeyEncoding`: {Object} See [`keyObject.export()`][]. + * `modulusLength`: {number} Key size in bits (RSA, DSA). + * `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`. + * `divisorLength`: {number} Size of `q` in bits (DSA). + * `namedCurve`: {string} Name of the curve to use (EC). + * `publicKeyEncoding`: {Object} See [`keyObject.export()`][]. + * `privateKeyEncoding`: {Object} See [`keyObject.export()`][]. * Returns: {Object} - - `publicKey`: {string | Buffer | KeyObject} - - `privateKey`: {string | Buffer | KeyObject} + * `publicKey`: {string | Buffer | KeyObject} + * `privateKey`: {string | Buffer | KeyObject} Generates a new asymmetric key pair of the given `type`. RSA, DSA, EC, Ed25519 and Ed448 are currently supported. @@ -2268,8 +2268,8 @@ changes: * `keylen` {number} * `digest` {string} * `callback` {Function} - - `err` {Error} - - `derivedKey` {Buffer} + * `err` {Error} + * `derivedKey` {Buffer} Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by `digest` is @@ -2395,11 +2395,9 @@ changes: --> * `privateKey` {Object | string | Buffer | KeyObject} - - `oaepHash` {string} The hash function to use for OAEP padding. + * `oaepHash` {string} The hash function to use for OAEP padding. **Default:** `'sha1'` - - `oaepLabel` {Buffer | TypedArray | DataView} The label to use for OAEP - padding. If not specified, no label is used. - - `padding` {crypto.constants} An optional padding value defined in + * `padding` {crypto.constants} An optional padding value defined in `crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING`, `crypto.constants.RSA_PKCS1_PADDING`, or `crypto.constants.RSA_PKCS1_OAEP_PADDING`. @@ -2424,9 +2422,9 @@ changes: --> * `privateKey` {Object | string | Buffer | KeyObject} - - `key` {string | Buffer | KeyObject} A PEM encoded private key. - - `passphrase` {string | Buffer} An optional passphrase for the private key. - - `padding` {crypto.constants} An optional padding value defined in + * `key` {string | Buffer | KeyObject} A PEM encoded private key. + * `passphrase` {string | Buffer} An optional passphrase for the private key. + * `padding` {crypto.constants} An optional padding value defined in `crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING` or `crypto.constants.RSA_PKCS1_PADDING`. * `buffer` {Buffer | TypedArray | DataView} @@ -2450,8 +2448,8 @@ changes: --> * `key` {Object | string | Buffer | KeyObject} - - `passphrase` {string | Buffer} An optional passphrase for the private key. - - `padding` {crypto.constants} An optional padding value defined in + * `passphrase` {string | Buffer} An optional passphrase for the private key. + * `padding` {crypto.constants} An optional padding value defined in `crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING` or `crypto.constants.RSA_PKCS1_PADDING`. * `buffer` {Buffer | TypedArray | DataView} @@ -2484,13 +2482,11 @@ changes: --> * `key` {Object | string | Buffer | KeyObject} - - `key` {string | Buffer | KeyObject} A PEM encoded public or private key. - - `oaepLabel` {Buffer | TypedArray | DataView} The label to use for OAEP - padding. If not specified, no label is used. - - `oaepHash` {string} The hash function to use for OAEP padding. + * `key` {string | Buffer | KeyObject} A PEM encoded public or private key. + * `oaepHash` {string} The hash function to use for OAEP padding. **Default:** `'sha1'` - - `passphrase` {string | Buffer} An optional passphrase for the private key. - - `padding` {crypto.constants} An optional padding value defined in + * `passphrase` {string | Buffer} An optional passphrase for the private key. + * `padding` {crypto.constants} An optional padding value defined in `crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING`, `crypto.constants.RSA_PKCS1_PADDING`, or `crypto.constants.RSA_PKCS1_OAEP_PADDING`. @@ -2521,8 +2517,8 @@ changes: * `size` {number} * `callback` {Function} - - `err` {Error} - - `buf` {Buffer} + * `err` {Error} + * `buf` {Buffer} * Returns: {Buffer} if the `callback` function is not provided. Generates cryptographically strong pseudo-random data. The `size` argument @@ -2706,18 +2702,18 @@ changes: * `salt` {string|Buffer|TypedArray|DataView} * `keylen` {number} * `options` {Object} - - `cost` {number} CPU/memory cost parameter. Must be a power of two greater + * `cost` {number} CPU/memory cost parameter. Must be a power of two greater than one. **Default:** `16384`. - - `blockSize` {number} Block size parameter. **Default:** `8`. - - `parallelization` {number} Parallelization parameter. **Default:** `1`. - - `N` {number} Alias for `cost`. Only one of both may be specified. - - `r` {number} Alias for `blockSize`. Only one of both may be specified. - - `p` {number} Alias for `parallelization`. Only one of both may be specified. - - `maxmem` {number} Memory upper bound. It is an error when (approximately) + * `blockSize` {number} Block size parameter. **Default:** `8`. + * `parallelization` {number} Parallelization parameter. **Default:** `1`. + * `N` {number} Alias for `cost`. Only one of both may be specified. + * `r` {number} Alias for `blockSize`. Only one of both may be specified. + * `p` {number} Alias for `parallelization`. Only one of both may be specified. + * `maxmem` {number} Memory upper bound. It is an error when (approximately) `128 * N * r > maxmem`. **Default:** `32 * 1024 * 1024`. * `callback` {Function} - - `err` {Error} - - `derivedKey` {Buffer} + * `err` {Error} + * `derivedKey` {Buffer} Provides an asynchronous [scrypt][] implementation. Scrypt is a password-based key derivation function that is designed to be expensive computationally and @@ -2764,14 +2760,14 @@ changes: * `salt` {string|Buffer|TypedArray|DataView} * `keylen` {number} * `options` {Object} - - `cost` {number} CPU/memory cost parameter. Must be a power of two greater + * `cost` {number} CPU/memory cost parameter. Must be a power of two greater than one. **Default:** `16384`. - - `blockSize` {number} Block size parameter. **Default:** `8`. - - `parallelization` {number} Parallelization parameter. **Default:** `1`. - - `N` {number} Alias for `cost`. Only one of both may be specified. - - `r` {number} Alias for `blockSize`. Only one of both may be specified. - - `p` {number} Alias for `parallelization`. Only one of both may be specified. - - `maxmem` {number} Memory upper bound. It is an error when (approximately) + * `blockSize` {number} Block size parameter. **Default:** `8`. + * `parallelization` {number} Parallelization parameter. **Default:** `1`. + * `N` {number} Alias for `cost`. Only one of both may be specified. + * `r` {number} Alias for `blockSize`. Only one of both may be specified. + * `p` {number} Alias for `parallelization`. Only one of both may be specified. + * `maxmem` {number} Memory upper bound. It is an error when (approximately) `128 * N * r > maxmem`. **Default:** `32 * 1024 * 1024`. * Returns: {Buffer} @@ -2970,12 +2966,12 @@ algorithm and key size according to their security requirements. Based on the recommendations of [NIST SP 800-131A][]: -- MD5 and SHA-1 are no longer acceptable where collision resistance is +* MD5 and SHA-1 are no longer acceptable where collision resistance is required such as digital signatures. -- The key used with RSA, DSA, and DH algorithms is recommended to have +* The key used with RSA, DSA, and DH algorithms is recommended to have at least 2048 bits and that of the curve of ECDSA and ECDH at least 224 bits, to be safe to use for several years. -- The DH groups of `modp1`, `modp2` and `modp5` have a key size +* The DH groups of `modp1`, `modp2` and `modp5` have a key size smaller than 2048 bits and are not recommended. See the reference for other recommendations and details. @@ -2985,24 +2981,24 @@ See the reference for other recommendations and details. CCM is one of the supported [AEAD algorithms][]. Applications which use this mode must adhere to certain restrictions when using the cipher API: -- The authentication tag length must be specified during cipher creation by +* The authentication tag length must be specified during cipher creation by setting the `authTagLength` option and must be one of 4, 6, 8, 10, 12, 14 or 16 bytes. -- The length of the initialization vector (nonce) `N` must be between 7 and 13 +* The length of the initialization vector (nonce) `N` must be between 7 and 13 bytes (`7 ≤ N ≤ 13`). -- The length of the plaintext is limited to `2 ** (8 * (15 - N))` bytes. -- When decrypting, the authentication tag must be set via `setAuthTag()` before +* The length of the plaintext is limited to `2 ** (8 * (15 - N))` bytes. +* When decrypting, the authentication tag must be set via `setAuthTag()` before calling `update()`. Otherwise, decryption will fail and `final()` will throw an error in compliance with section 2.6 of [RFC 3610][]. -- Using stream methods such as `write(data)`, `end(data)` or `pipe()` in CCM +* Using stream methods such as `write(data)`, `end(data)` or `pipe()` in CCM mode might fail as CCM cannot handle more than one chunk of data per instance. -- When passing additional authenticated data (AAD), the length of the actual +* When passing additional authenticated data (AAD), the length of the actual message in bytes must be passed to `setAAD()` via the `plaintextLength` option. This is not necessary if no AAD is used. -- As CCM processes the whole message at once, `update()` can only be called +* As CCM processes the whole message at once, `update()` can only be called once. -- Even though calling `update()` is sufficient to encrypt/decrypt the message, +* Even though calling `update()` is sufficient to encrypt/decrypt the message, applications *must* call `final()` to compute or verify the authentication tag. diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md index 6904821d1bde7a..8addff8dfde5c5 100644 --- a/doc/api/deprecations.md +++ b/doc/api/deprecations.md @@ -1715,19 +1715,19 @@ Since Node.js versions 4.4.0 and 5.2.0, several modules only intended for internal usage were mistakenly exposed to user code through `require()`. These modules were: -- `v8/tools/codemap` -- `v8/tools/consarray` -- `v8/tools/csvparser` -- `v8/tools/logreader` -- `v8/tools/profile_view` -- `v8/tools/profile` -- `v8/tools/SourceMap` -- `v8/tools/splaytree` -- `v8/tools/tickprocessor-driver` -- `v8/tools/tickprocessor` -- `node-inspect/lib/_inspect` (from 7.6.0) -- `node-inspect/lib/internal/inspect_client` (from 7.6.0) -- `node-inspect/lib/internal/inspect_repl` (from 7.6.0) +* `v8/tools/codemap` +* `v8/tools/consarray` +* `v8/tools/csvparser` +* `v8/tools/logreader` +* `v8/tools/profile_view` +* `v8/tools/profile` +* `v8/tools/SourceMap` +* `v8/tools/splaytree` +* `v8/tools/tickprocessor-driver` +* `v8/tools/tickprocessor` +* `node-inspect/lib/_inspect` (from 7.6.0) +* `node-inspect/lib/internal/inspect_client` (from 7.6.0) +* `node-inspect/lib/internal/inspect_repl` (from 7.6.0) The `v8/*` modules do not have any exports, and if not imported in a specific order would in fact throw errors. As such there are virtually no legitimate use diff --git a/doc/api/dgram.md b/doc/api/dgram.md index 38d9492be8790f..ef8cc69b7d18e1 100644 --- a/doc/api/dgram.md +++ b/doc/api/dgram.md @@ -449,13 +449,13 @@ client.connect(41234, 'localhost', (err) => { The maximum size of an `IPv4/v6` datagram depends on the `MTU` (_Maximum Transmission Unit_) and on the `Payload Length` field size. -- The `Payload Length` field is `16 bits` wide, which means that a normal +* The `Payload Length` field is `16 bits` wide, which means that a normal payload exceed 64K octets _including_ the internet header and data (65,507 bytes = 65,535 − 8 bytes UDP header − 20 bytes IP header); this is generally true for loopback interfaces, but such long datagram messages are impractical for most hosts and networks. -- The `MTU` is the largest size a given link layer technology can support for +* The `MTU` is the largest size a given link layer technology can support for datagram messages. For any link, `IPv4` mandates a minimum `MTU` of `68` octets, while the recommended `MTU` for IPv4 is `576` (typically recommended as the `MTU` for dial-up type applications), whether they arrive whole or in diff --git a/doc/api/dns.md b/doc/api/dns.md index f8b051b884289d..f7640dfb8eb153 100644 --- a/doc/api/dns.md +++ b/doc/api/dns.md @@ -142,23 +142,23 @@ changes: * `hostname` {string} * `options` {integer | Object} - - `family` {integer} The record family. Must be `4`, `6`, or `0`. The value + * `family` {integer} The record family. Must be `4`, `6`, or `0`. The value `0` indicates that IPv4 and IPv6 addresses are both returned. **Default:** `0`. - - `hints` {number} One or more [supported `getaddrinfo` flags][]. Multiple + * `hints` {number} One or more [supported `getaddrinfo` flags][]. Multiple flags may be passed by bitwise `OR`ing their values. - - `all` {boolean} When `true`, the callback returns all resolved addresses in + * `all` {boolean} When `true`, the callback returns all resolved addresses in an array. Otherwise, returns a single address. **Default:** `false`. - - `verbatim` {boolean} When `true`, the callback receives IPv4 and IPv6 + * `verbatim` {boolean} When `true`, the callback receives IPv4 and IPv6 addresses in the order the DNS resolver returned them. When `false`, IPv4 addresses are placed before IPv6 addresses. **Default:** currently `false` (addresses are reordered) but this is expected to change in the not too distant future. New code should use `{ verbatim: true }`. * `callback` {Function} - - `err` {Error} - - `address` {string} A string representation of an IPv4 or IPv6 address. - - `family` {integer} `4` or `6`, denoting the family of `address`, or `0` if + * `err` {Error} + * `address` {string} A string representation of an IPv4 or IPv6 address. + * `family` {integer} `4` or `6`, denoting the family of `address`, or `0` if the address is not an IPv4 or IPv6 address. `0` is a likely indicator of a bug in the name resolution service used by the operating system. @@ -210,11 +210,11 @@ is not set to `true`, it returns a `Promise` for an `Object` with `address` and The following flags can be passed as hints to [`dns.lookup()`][]. -- `dns.ADDRCONFIG`: Returned address types are determined by the types +* `dns.ADDRCONFIG`: Returned address types are determined by the types of addresses supported by the current system. For example, IPv4 addresses are only returned if the current system has at least one IPv4 address configured. Loopback addresses are not considered. -- `dns.V4MAPPED`: If the IPv6 family was specified, but no IPv6 addresses were +* `dns.V4MAPPED`: If the IPv6 family was specified, but no IPv6 addresses were found, then return IPv4 mapped IPv6 addresses. It is not supported on some operating systems (e.g FreeBSD 10.1). @@ -226,9 +226,9 @@ added: v0.11.14 * `address` {string} * `port` {number} * `callback` {Function} - - `err` {Error} - - `hostname` {string} e.g. `example.com` - - `service` {string} e.g. `http` + * `err` {Error} + * `hostname` {string} e.g. `example.com` + * `service` {string} e.g. `http` Resolves the given `address` and `port` into a hostname and service using the operating system's underlying `getnameinfo` implementation. @@ -258,8 +258,8 @@ added: v0.1.27 * `hostname` {string} Hostname to resolve. * `rrtype` {string} Resource record type. **Default:** `'A'`. * `callback` {Function} - - `err` {Error} - - `records` {string[] | Object[] | Object} + * `err` {Error} + * `records` {string[] | Object[] | Object} Uses the DNS protocol to resolve a hostname (e.g. `'nodejs.org'`) into an array of the resource records. The `callback` function has arguments @@ -295,13 +295,13 @@ changes: * `hostname` {string} Hostname to resolve. * `options` {Object} - - `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record. + * `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record. When `true`, the callback receives an array of `{ address: '1.2.3.4', ttl: 60 }` objects rather than an array of strings, with the TTL expressed in seconds. * `callback` {Function} - - `err` {Error} - - `addresses` {string[] | Object[]} + * `err` {Error} + * `addresses` {string[] | Object[]} Uses the DNS protocol to resolve a IPv4 addresses (`A` records) for the `hostname`. The `addresses` argument passed to the `callback` function @@ -320,13 +320,13 @@ changes: * `hostname` {string} Hostname to resolve. * `options` {Object} - - `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record. + * `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record. When `true`, the callback receives an array of `{ address: '0:1:2:3:4:5:6:7', ttl: 60 }` objects rather than an array of strings, with the TTL expressed in seconds. * `callback` {Function} - - `err` {Error} - - `addresses` {string[] | Object[]} + * `err` {Error} + * `addresses` {string[] | Object[]} Uses the DNS protocol to resolve a IPv6 addresses (`AAAA` records) for the `hostname`. The `addresses` argument passed to the `callback` function @@ -336,8 +336,8 @@ will contain an array of IPv6 addresses. * `hostname` {string} * `callback` {Function} - - `err` {Error} - - `ret` {Object[]} + * `err` {Error} + * `ret` {Object[]} Uses the DNS protocol to resolve all records (also known as `ANY` or `*` query). The `ret` argument passed to the `callback` function will be an array containing @@ -388,8 +388,8 @@ added: v0.3.2 * `hostname` {string} * `callback` {Function} - - `err` {Error} - - `addresses` {string[]} + * `err` {Error} + * `addresses` {string[]} Uses the DNS protocol to resolve `CNAME` records for the `hostname`. The `addresses` argument passed to the `callback` function @@ -403,8 +403,8 @@ added: v0.1.27 * `hostname` {string} * `callback` {Function} - - `err` {Error} - - `addresses` {Object[]} + * `err` {Error} + * `addresses` {Object[]} Uses the DNS protocol to resolve mail exchange records (`MX` records) for the `hostname`. The `addresses` argument passed to the `callback` function will @@ -418,8 +418,8 @@ added: v0.9.12 * `hostname` {string} * `callback` {Function} - - `err` {Error} - - `addresses` {Object[]} + * `err` {Error} + * `addresses` {Object[]} Uses the DNS protocol to resolve regular expression based records (`NAPTR` records) for the `hostname`. The `addresses` argument passed to the `callback` @@ -451,8 +451,8 @@ added: v0.1.90 * `hostname` {string} * `callback` {Function} - - `err` {Error} - - `addresses` {string[]} + * `err` {Error} + * `addresses` {string[]} Uses the DNS protocol to resolve name server records (`NS` records) for the `hostname`. The `addresses` argument passed to the `callback` function will @@ -466,8 +466,8 @@ added: v6.0.0 * `hostname` {string} * `callback` {Function} - - `err` {Error} - - `addresses` {string[]} + * `err` {Error} + * `addresses` {string[]} Uses the DNS protocol to resolve pointer records (`PTR` records) for the `hostname`. The `addresses` argument passed to the `callback` function will @@ -480,8 +480,8 @@ added: v0.11.10 * `hostname` {string} * `callback` {Function} - - `err` {Error} - - `address` {Object} + * `err` {Error} + * `address` {Object} Uses the DNS protocol to resolve a start of authority record (`SOA` record) for the `hostname`. The `address` argument passed to the `callback` function will @@ -515,8 +515,8 @@ added: v0.1.27 * `hostname` {string} * `callback` {Function} - - `err` {Error} - - `addresses` {Object[]} + * `err` {Error} + * `addresses` {Object[]} Uses the DNS protocol to resolve service records (`SRV` records) for the `hostname`. The `addresses` argument passed to the `callback` function will @@ -544,8 +544,8 @@ added: v0.1.27 * `hostname` {string} * `callback` {Function} - - `err` {Error} - - `records` <string[][]> + * `err` {Error} + * `records` <string[][]> Uses the DNS protocol to resolve text queries (`TXT` records) for the `hostname`. The `records` argument passed to the `callback` function is a @@ -561,8 +561,8 @@ added: v0.1.16 * `ip` {string} * `callback` {Function} - - `err` {Error} - - `hostnames` {string[]} + * `err` {Error} + * `hostnames` {string[]} Performs a reverse DNS query that resolves an IPv4 or IPv6 address to an array of hostnames. @@ -686,14 +686,14 @@ added: v10.6.0 * `hostname` {string} * `options` {integer | Object} - - `family` {integer} The record family. Must be `4`, `6`, or `0`. The value + * `family` {integer} The record family. Must be `4`, `6`, or `0`. The value `0` indicates that IPv4 and IPv6 addresses are both returned. **Default:** `0`. - - `hints` {number} One or more [supported `getaddrinfo` flags][]. Multiple + * `hints` {number} One or more [supported `getaddrinfo` flags][]. Multiple flags may be passed by bitwise `OR`ing their values. - - `all` {boolean} When `true`, the `Promise` is resolved with all addresses in + * `all` {boolean} When `true`, the `Promise` is resolved with all addresses in an array. Otherwise, returns a single address. **Default:** `false`. - - `verbatim` {boolean} When `true`, the `Promise` is resolved with IPv4 and + * `verbatim` {boolean} When `true`, the `Promise` is resolved with IPv4 and IPv6 addresses in the order the DNS resolver returned them. When `false`, IPv4 addresses are placed before IPv6 addresses. **Default:** currently `false` (addresses are reordered) but this is @@ -807,7 +807,7 @@ added: v10.6.0 * `hostname` {string} Hostname to resolve. * `options` {Object} - - `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record. + * `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record. When `true`, the `Promise` is resolved with an array of `{ address: '1.2.3.4', ttl: 60 }` objects rather than an array of strings, with the TTL expressed in seconds. @@ -823,7 +823,7 @@ added: v10.6.0 * `hostname` {string} Hostname to resolve. * `options` {Object} - - `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record. + * `ttl` {boolean} Retrieve the Time-To-Live value (TTL) of each record. When `true`, the `Promise` is resolved with an array of `{ address: '0:1:2:3:4:5:6:7', ttl: 60 }` objects rather than an array of strings, with the TTL expressed in seconds. @@ -1074,30 +1074,30 @@ earlier ones time out or result in some other error. Each DNS query can return one of the following error codes: -- `dns.NODATA`: DNS server returned answer with no data. -- `dns.FORMERR`: DNS server claims query was misformatted. -- `dns.SERVFAIL`: DNS server returned general failure. -- `dns.NOTFOUND`: Domain name not found. -- `dns.NOTIMP`: DNS server does not implement requested operation. -- `dns.REFUSED`: DNS server refused query. -- `dns.BADQUERY`: Misformatted DNS query. -- `dns.BADNAME`: Misformatted hostname. -- `dns.BADFAMILY`: Unsupported address family. -- `dns.BADRESP`: Misformatted DNS reply. -- `dns.CONNREFUSED`: Could not contact DNS servers. -- `dns.TIMEOUT`: Timeout while contacting DNS servers. -- `dns.EOF`: End of file. -- `dns.FILE`: Error reading file. -- `dns.NOMEM`: Out of memory. -- `dns.DESTRUCTION`: Channel is being destroyed. -- `dns.BADSTR`: Misformatted string. -- `dns.BADFLAGS`: Illegal flags specified. -- `dns.NONAME`: Given hostname is not numeric. -- `dns.BADHINTS`: Illegal hints flags specified. -- `dns.NOTINITIALIZED`: c-ares library initialization not yet performed. -- `dns.LOADIPHLPAPI`: Error loading `iphlpapi.dll`. -- `dns.ADDRGETNETWORKPARAMS`: Could not find `GetNetworkParams` function. -- `dns.CANCELLED`: DNS query cancelled. +* `dns.NODATA`: DNS server returned answer with no data. +* `dns.FORMERR`: DNS server claims query was misformatted. +* `dns.SERVFAIL`: DNS server returned general failure. +* `dns.NOTFOUND`: Domain name not found. +* `dns.NOTIMP`: DNS server does not implement requested operation. +* `dns.REFUSED`: DNS server refused query. +* `dns.BADQUERY`: Misformatted DNS query. +* `dns.BADNAME`: Misformatted hostname. +* `dns.BADFAMILY`: Unsupported address family. +* `dns.BADRESP`: Misformatted DNS reply. +* `dns.CONNREFUSED`: Could not contact DNS servers. +* `dns.TIMEOUT`: Timeout while contacting DNS servers. +* `dns.EOF`: End of file. +* `dns.FILE`: Error reading file. +* `dns.NOMEM`: Out of memory. +* `dns.DESTRUCTION`: Channel is being destroyed. +* `dns.BADSTR`: Misformatted string. +* `dns.BADFLAGS`: Illegal flags specified. +* `dns.NONAME`: Given hostname is not numeric. +* `dns.BADHINTS`: Illegal hints flags specified. +* `dns.NOTINITIALIZED`: c-ares library initialization not yet performed. +* `dns.LOADIPHLPAPI`: Error loading `iphlpapi.dll`. +* `dns.ADDRGETNETWORKPARAMS`: Could not find `GetNetworkParams` function. +* `dns.CANCELLED`: DNS query cancelled. ## Implementation considerations diff --git a/doc/api/errors.md b/doc/api/errors.md index baa75a21c830eb..989811fea90188 100644 --- a/doc/api/errors.md +++ b/doc/api/errors.md @@ -6,13 +6,13 @@ Applications running in Node.js will generally experience four categories of errors: -- Standard JavaScript errors such as {EvalError}, {SyntaxError}, {RangeError}, +* Standard JavaScript errors such as {EvalError}, {SyntaxError}, {RangeError}, {ReferenceError}, {TypeError}, and {URIError}. -- System errors triggered by underlying operating system constraints such +* System errors triggered by underlying operating system constraints such as attempting to open a file that does not exist or attempting to send data over a closed socket. -- User-specified errors triggered by application code. -- `AssertionError`s are a special class of error that can be triggered when +* User-specified errors triggered by application code. +* `AssertionError`s are a special class of error that can be triggered when Node.js detects an exceptional logic violation that should never occur. These are raised typically by the `assert` module. @@ -54,7 +54,7 @@ to report errors. Errors that occur within _Asynchronous APIs_ may be reported in multiple ways: -- Most asynchronous methods that accept a `callback` function will accept an +* Most asynchronous methods that accept a `callback` function will accept an `Error` object passed as the first argument to that function. If that first argument is not `null` and is an instance of `Error`, then an error occurred that should be handled. @@ -71,7 +71,7 @@ Errors that occur within _Asynchronous APIs_ may be reported in multiple ways: }); ``` -- When an asynchronous method is called on an object that is an +* When an asynchronous method is called on an object that is an [`EventEmitter`][], errors can be routed to that object's `'error'` event. ```js @@ -89,7 +89,7 @@ Errors that occur within _Asynchronous APIs_ may be reported in multiple ways: connection.pipe(process.stdout); ``` -- A handful of typically asynchronous methods in the Node.js API may still +* A handful of typically asynchronous methods in the Node.js API may still use the `throw` mechanism to raise exceptions that must be handled using `try…catch`. There is no comprehensive list of such methods; please refer to the documentation of each method to determine the appropriate @@ -502,29 +502,29 @@ The `error.syscall` property is a string describing the [syscall][] that failed. This is a list of system errors commonly-encountered when writing a Node.js program. For a comprehensive list, see the [`errno`(3) man page][]. -- `EACCES` (Permission denied): An attempt was made to access a file in a way +* `EACCES` (Permission denied): An attempt was made to access a file in a way forbidden by its file access permissions. -- `EADDRINUSE` (Address already in use): An attempt to bind a server +* `EADDRINUSE` (Address already in use): An attempt to bind a server ([`net`][], [`http`][], or [`https`][]) to a local address failed due to another server on the local system already occupying that address. -- `ECONNREFUSED` (Connection refused): No connection could be made because the +* `ECONNREFUSED` (Connection refused): No connection could be made because the target machine actively refused it. This usually results from trying to connect to a service that is inactive on the foreign host. -- `ECONNRESET` (Connection reset by peer): A connection was forcibly closed by +* `ECONNRESET` (Connection reset by peer): A connection was forcibly closed by a peer. This normally results from a loss of the connection on the remote socket due to a timeout or reboot. Commonly encountered via the [`http`][] and [`net`][] modules. -- `EEXIST` (File exists): An existing file was the target of an operation that +* `EEXIST` (File exists): An existing file was the target of an operation that required that the target not exist. -- `EISDIR` (Is a directory): An operation expected a file, but the given +* `EISDIR` (Is a directory): An operation expected a file, but the given pathname was a directory. -- `EMFILE` (Too many open files in system): Maximum number of +* `EMFILE` (Too many open files in system): Maximum number of [file descriptors][] allowable on the system has been reached, and requests for another descriptor cannot be fulfilled until at least one has been closed. This is encountered when opening many files at once in @@ -532,28 +532,28 @@ program. For a comprehensive list, see the [`errno`(3) man page][]. file descriptor limit for processes. To remedy a low limit, run `ulimit -n 2048` in the same shell that will run the Node.js process. -- `ENOENT` (No such file or directory): Commonly raised by [`fs`][] operations +* `ENOENT` (No such file or directory): Commonly raised by [`fs`][] operations to indicate that a component of the specified pathname does not exist — no entity (file or directory) could be found by the given path. -- `ENOTDIR` (Not a directory): A component of the given pathname existed, but +* `ENOTDIR` (Not a directory): A component of the given pathname existed, but was not a directory as expected. Commonly raised by [`fs.readdir`][]. -- `ENOTEMPTY` (Directory not empty): A directory with entries was the target +* `ENOTEMPTY` (Directory not empty): A directory with entries was the target of an operation that requires an empty directory — usually [`fs.unlink`][]. -- `ENOTFOUND` (DNS lookup failed): Indicates a DNS failure of either +* `ENOTFOUND` (DNS lookup failed): Indicates a DNS failure of either `EAI_NODATA` or `EAI_NONAME`. This is not a standard POSIX error. -- `EPERM` (Operation not permitted): An attempt was made to perform an +* `EPERM` (Operation not permitted): An attempt was made to perform an operation that requires elevated privileges. -- `EPIPE` (Broken pipe): A write on a pipe, socket, or FIFO for which there is +* `EPIPE` (Broken pipe): A write on a pipe, socket, or FIFO for which there is no process to read the data. Commonly encountered at the [`net`][] and [`http`][] layers, indicative that the remote side of the stream being written to has been closed. -- `ETIMEDOUT` (Operation timed out): A connect or send request failed because +* `ETIMEDOUT` (Operation timed out): A connect or send request failed because the connected party did not properly respond after a period of time. Usually encountered by [`http`][] or [`net`][] — often a sign that a `socket.end()` was not properly called. @@ -1964,9 +1964,9 @@ A dynamic import callback was not specified. The module attempted to be linked is not eligible for linking, because of one of the following reasons: -- It has already been linked (`linkingStatus` is `'linked'`) -- It is being linked (`linkingStatus` is `'linking'`) -- Linking has failed for this module (`linkingStatus` is `'errored'`) +* It has already been linked (`linkingStatus` is `'linked'`) +* It is being linked (`linkingStatus` is `'linking'`) +* Linking has failed for this module (`linkingStatus` is `'errored'`) ### ERR_VM_MODULE_DIFFERENT_CONTEXT diff --git a/doc/api/esm.md b/doc/api/esm.md index 114e3319e1bfab..20f4330acc96c7 100644 --- a/doc/api/esm.md +++ b/doc/api/esm.md @@ -34,13 +34,13 @@ Once enabled, Node.js will treat the following as ES modules when passed to `node` as the initial input, or when referenced by `import` statements within ES module code: -- Files ending in `.mjs`. +* Files ending in `.mjs`. -- Files ending in `.js`, or extensionless files, when the nearest parent +* Files ending in `.js`, or extensionless files, when the nearest parent `package.json` file contains a top-level field `"type"` with a value of `"module"`. -- Strings passed in as an argument to `--eval` or `--print`, or piped to +* Strings passed in as an argument to `--eval` or `--print`, or piped to `node` via `STDIN`, with the flag `--input-type=module`. Node.js will treat as CommonJS all other forms of input, such as `.js` files @@ -51,13 +51,13 @@ CommonJS and ES modules, it is best to be explicit whenever possible. Node.js will treat the following as CommonJS when passed to `node` as the initial input, or when referenced by `import` statements within ES module code: -- Files ending in `.cjs`. +* Files ending in `.cjs`. -- Files ending in `.js`, or extensionless files, when the nearest parent +* Files ending in `.js`, or extensionless files, when the nearest parent `package.json` file contains a top-level field `"type"` with a value of `"commonjs"`. -- Strings passed in as an argument to `--eval` or `--print`, or piped to +* Strings passed in as an argument to `--eval` or `--print`, or piped to `node` via `STDIN`, with the flag `--input-type=commonjs`. ## package.json "type" field @@ -146,12 +146,12 @@ import 'commonjs-package/src/index.mjs'; The `.mjs` and `.cjs` extensions may be used to mix types within the same package scope: -- Within a `"type": "module"` package scope, Node.js can be instructed to +* Within a `"type": "module"` package scope, Node.js can be instructed to interpret a particular file as CommonJS by naming it with a `.cjs` extension (since both `.js` and `.mjs` files are treated as ES modules within a `"module"` package scope). -- Within a `"type": "commonjs"` package scope, Node.js can be instructed to +* Within a `"type": "commonjs"` package scope, Node.js can be instructed to interpret a particular file as an ES module by naming it with an `.mjs` extension (since both `.js` and `.cjs` files are treated as CommonJS within a `"commonjs"` package scope). @@ -298,16 +298,16 @@ e.g. `'path'` in `import { sep } from 'path'`. Specifiers are also used in There are four types of specifiers: -- _Bare specifiers_ like `'some-package'`. They refer to an entry point of a +* _Bare specifiers_ like `'some-package'`. They refer to an entry point of a package by the package name. -- _Deep import specifiers_ like `'some-package/lib/shuffle.mjs'`. They refer to +* _Deep import specifiers_ like `'some-package/lib/shuffle.mjs'`. They refer to a path within a package prefixed by the package name. -- _Relative specifiers_ like `'./startup.js'` or `'../config.mjs'`. They refer +* _Relative specifiers_ like `'./startup.js'` or `'../config.mjs'`. They refer to a path relative to the location of the importing file. -- _Absolute specifiers_ like `'file:///opt/nodejs/config.js'`. They refer +* _Absolute specifiers_ like `'file:///opt/nodejs/config.js'`. They refer directly and explicitly to a full path. Bare specifiers, and the bare specifier portion of deep import specifiers, are diff --git a/doc/api/fs.md b/doc/api/fs.md index 2f1ce3f4876d2a..8aa2d6d8c04e1a 100644 --- a/doc/api/fs.md +++ b/doc/api/fs.md @@ -3438,9 +3438,9 @@ Change the file system timestamps of the object referenced by `path`. The `atime` and `mtime` arguments follow these rules: -- Values can be either numbers representing Unix epoch time, `Date`s, or a +* Values can be either numbers representing Unix epoch time, `Date`s, or a numeric string like `'123456789.0'`. -- If the value can not be converted to a number, or is `NaN`, `Infinity` or +* If the value can not be converted to a number, or is `NaN`, `Infinity` or `-Infinity`, an `Error` will be thrown. ## fs.utimesSync(path, atime, mtime) @@ -3640,8 +3640,8 @@ event (its disappearance). This happens when: -- the file is deleted, followed by a restore -- the file is renamed twice - the second time back to its original name +* the file is deleted, followed by a restore +* the file is renamed twice - the second time back to its original name ## fs.write(fd, buffer[, offset[, length[, position]]], callback) -- {number} **Default:** `40000` +* {number} **Default:** `40000` See [`http.Server#headersTimeout`][]. @@ -80,7 +80,7 @@ This method is identical to [`server.listen()`][] from [`net.Server`][]. ### server.maxHeadersCount -- {number} **Default:** `2000` +* {number} **Default:** `2000` See [`http.Server#maxHeadersCount`][]. @@ -100,7 +100,7 @@ See [`http.Server#setTimeout()`][]. added: v0.11.2 --> -- {number} **Default:** `120000` (2 minutes) +* {number} **Default:** `120000` (2 minutes) See [`http.Server#timeout`][]. @@ -109,7 +109,7 @@ See [`http.Server#timeout`][]. added: v8.0.0 --> -- {number} **Default:** `5000` (5 seconds) +* {number} **Default:** `5000` (5 seconds) See [`http.Server#keepAliveTimeout`][]. @@ -224,9 +224,9 @@ changes: * `url` {string | URL} * `options` {Object | string | URL} Accepts all `options` from [`http.request()`][], with some differences in default values: - - `protocol` **Default:** `'https:'` - - `port` **Default:** `443` - - `agent` **Default:** `https.globalAgent` + * `protocol` **Default:** `'https:'` + * `port` **Default:** `443` + * `agent` **Default:** `https.globalAgent` * `callback` {Function} Makes a request to a secure web server. diff --git a/doc/api/intl.md b/doc/api/intl.md index b6e1cf188b41b2..be30e4e2528607 100644 --- a/doc/api/intl.md +++ b/doc/api/intl.md @@ -6,21 +6,21 @@ Node.js has many features that make it easier to write internationalized programs. Some of them are: -- Locale-sensitive or Unicode-aware functions in the [ECMAScript Language +* Locale-sensitive or Unicode-aware functions in the [ECMAScript Language Specification][ECMA-262]: - - [`String.prototype.normalize()`][] - - [`String.prototype.toLowerCase()`][] - - [`String.prototype.toUpperCase()`][] -- All functionality described in the [ECMAScript Internationalization API + * [`String.prototype.normalize()`][] + * [`String.prototype.toLowerCase()`][] + * [`String.prototype.toUpperCase()`][] +* All functionality described in the [ECMAScript Internationalization API Specification][ECMA-402] (aka ECMA-402): - - [`Intl`][] object - - Locale-sensitive methods like [`String.prototype.localeCompare()`][] and + * [`Intl`][] object + * Locale-sensitive methods like [`String.prototype.localeCompare()`][] and [`Date.prototype.toLocaleString()`][] -- The [WHATWG URL parser][]'s [internationalized domain names][] (IDNs) support -- [`require('buffer').transcode()`][] -- More accurate [REPL][] line editing -- [`require('util').TextDecoder`][] -- [`RegExp` Unicode Property Escapes][] +* The [WHATWG URL parser][]'s [internationalized domain names][] (IDNs) support +* [`require('buffer').transcode()`][] +* More accurate [REPL][] line editing +* [`require('util').TextDecoder`][] +* [`RegExp` Unicode Property Escapes][] Node.js (and its underlying V8 engine) uses [ICU][] to implement these features in native C/C++ code. However, some of them require a very large ICU data file @@ -36,10 +36,10 @@ To control how ICU is used in Node.js, four `configure` options are available during compilation. Additional details on how to compile Node.js are documented in [BUILDING.md][]. -- `--with-intl=none`/`--without-intl` -- `--with-intl=system-icu` -- `--with-intl=small-icu` (default) -- `--with-intl=full-icu` +* `--with-intl=none`/`--without-intl` +* `--with-intl=system-icu` +* `--with-intl=small-icu` (default) +* `--with-intl=full-icu` An overview of available Node.js and JavaScript features for each `configure` option: @@ -186,9 +186,9 @@ const hasFullICU = (() => { For more verbose tests for `Intl` support, the following resources may be found to be helpful: -- [btest402][]: Generally used to check whether Node.js with `Intl` support is +* [btest402][]: Generally used to check whether Node.js with `Intl` support is built correctly. -- [Test262][]: ECMAScript's official conformance test suite includes a section +* [Test262][]: ECMAScript's official conformance test suite includes a section dedicated to ECMA-402. ["ICU Data"]: http://userguide.icu-project.org/icudata diff --git a/doc/api/modules.md b/doc/api/modules.md index bffea8db7eb206..6225f41cad8365 100644 --- a/doc/api/modules.md +++ b/doc/api/modules.md @@ -492,14 +492,14 @@ wrapper that looks like the following: By doing this, Node.js achieves a few things: -- It keeps top-level variables (defined with `var`, `const` or `let`) scoped to +* It keeps top-level variables (defined with `var`, `const` or `let`) scoped to the module rather than the global object. -- It helps to provide some global-looking variables that are actually specific +* It helps to provide some global-looking variables that are actually specific to the module, such as: - - The `module` and `exports` objects that the implementor can use to export - values from the module. - - The convenience variables `__filename` and `__dirname`, containing the - module's absolute filename and directory path. + * The `module` and `exports` objects that the implementor can use to export + values from the module. + * The convenience variables `__filename` and `__dirname`, containing the + module's absolute filename and directory path. ## The module scope diff --git a/doc/api/n-api.md b/doc/api/n-api.md index 8f4eac295799ca..241c50fc4d6bd1 100644 --- a/doc/api/n-api.md +++ b/doc/api/n-api.md @@ -25,12 +25,12 @@ JavaScript values. Concepts and operations generally map to ideas specified in the ECMA-262 Language Specification. The APIs have the following properties: -- All N-API calls return a status code of type `napi_status`. This +* All N-API calls return a status code of type `napi_status`. This status indicates whether the API call succeeded or failed. -- The API's return value is passed via an out parameter. -- All JavaScript values are abstracted behind an opaque type named +* The API's return value is passed via an out parameter. +* All JavaScript values are abstracted behind an opaque type named `napi_value`. -- In case of an error status code, additional information can be obtained +* In case of an error status code, additional information can be obtained using `napi_get_last_error_info`. More information can be found in the error handling section [Error Handling][]. @@ -302,11 +302,11 @@ napi_status napi_set_instance_data(napi_env env, void* finalize_hint); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] data`: The data item to make available to bindings of this instance. -- `[in] finalize_cb`: The function to call when the environment is being torn +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] data`: The data item to make available to bindings of this instance. +* `[in] finalize_cb`: The function to call when the environment is being torn down. The function receives `data` so that it might free it. -- `[in] finalize_hint`: Optional hint to pass to the finalize callback +* `[in] finalize_hint`: Optional hint to pass to the finalize callback during collection. Returns `napi_ok` if the API succeeded. @@ -327,8 +327,8 @@ napi_status napi_get_instance_data(napi_env env, void** data); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[out] data`: The data item that was previously associated with the currently +* `[in] env`: The environment that the N-API call is invoked under. +* `[out] data`: The data item that was previously associated with the currently running Agent by a call to `napi_set_instance_data()`. Returns `napi_ok` if the API succeeded. @@ -393,13 +393,13 @@ typedef struct { } napi_extended_error_info; ``` -- `error_message`: UTF8-encoded string containing a VM-neutral description of +* `error_message`: UTF8-encoded string containing a VM-neutral description of the error. -- `engine_reserved`: Reserved for VM-specific error details. This is currently +* `engine_reserved`: Reserved for VM-specific error details. This is currently not implemented for any VM. -- `engine_error_code`: VM-specific error code. This is currently +* `engine_error_code`: VM-specific error code. This is currently not implemented for any VM. -- `error_code`: The N-API status code that originated with the last error. +* `error_code`: The N-API status code that originated with the last error. See the [Error Handling][] section for additional information. @@ -601,14 +601,14 @@ typedef void (*napi_threadsafe_function_call_js)(napi_env env, void* data); ``` -- `[in] env`: The environment to use for API calls, or `NULL` if the thread-safe +* `[in] env`: The environment to use for API calls, or `NULL` if the thread-safe function is being torn down and `data` may need to be freed. -- `[in] js_callback`: The JavaScript function to call, or `NULL` if the +* `[in] js_callback`: The JavaScript function to call, or `NULL` if the thread-safe function is being torn down and `data` may need to be freed. It may also be `NULL` if the thread-safe function was created without `js_callback`. -- `[in] context`: The optional data with which the thread-safe function was +* `[in] context`: The optional data with which the thread-safe function was created. -- `[in] data`: Data created by the secondary thread. It is the responsibility of +* `[in] data`: Data created by the secondary thread. It is the responsibility of the callback to convert this native data to JavaScript values (with N-API functions) that can be passed as parameters when `js_callback` is invoked. This pointer is managed entirely by the threads and this callback. Thus this callback @@ -659,10 +659,10 @@ typedef struct napi_extended_error_info { }; ``` -- `error_message`: Textual representation of the error that occurred. -- `engine_reserved`: Opaque handle reserved for engine use only. -- `engine_error_code`: VM specific error code. -- `error_code`: n-api status code for the last error. +* `error_message`: Textual representation of the error that occurred. +* `engine_reserved`: Opaque handle reserved for engine use only. +* `engine_error_code`: VM specific error code. +* `error_code`: n-api status code for the last error. [`napi_get_last_error_info`][] returns the information for the last N-API call that was made. @@ -683,8 +683,8 @@ napi_get_last_error_info(napi_env env, const napi_extended_error_info** result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: The `napi_extended_error_info` structure with more +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: The `napi_extended_error_info` structure with more information about the error. Returns `napi_ok` if the API succeeded. @@ -791,8 +791,8 @@ napiVersion: 1 NAPI_EXTERN napi_status napi_throw(napi_env env, napi_value error); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] error`: The JavaScript value to be thrown. +* `[in] env`: The environment that the API is invoked under. +* `[in] error`: The JavaScript value to be thrown. Returns `napi_ok` if the API succeeded. @@ -810,9 +810,9 @@ NAPI_EXTERN napi_status napi_throw_error(napi_env env, const char* msg); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] code`: Optional error code to be set on the error. -- `[in] msg`: C string representing the text to be associated with +* `[in] env`: The environment that the API is invoked under. +* `[in] code`: Optional error code to be set on the error. +* `[in] msg`: C string representing the text to be associated with the error. Returns `napi_ok` if the API succeeded. @@ -831,9 +831,9 @@ NAPI_EXTERN napi_status napi_throw_type_error(napi_env env, const char* msg); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] code`: Optional error code to be set on the error. -- `[in] msg`: C string representing the text to be associated with +* `[in] env`: The environment that the API is invoked under. +* `[in] code`: Optional error code to be set on the error. +* `[in] msg`: C string representing the text to be associated with the error. Returns `napi_ok` if the API succeeded. @@ -852,9 +852,9 @@ NAPI_EXTERN napi_status napi_throw_range_error(napi_env env, const char* msg); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] code`: Optional error code to be set on the error. -- `[in] msg`: C string representing the text to be associated with +* `[in] env`: The environment that the API is invoked under. +* `[in] code`: Optional error code to be set on the error. +* `[in] msg`: C string representing the text to be associated with the error. Returns `napi_ok` if the API succeeded. @@ -873,9 +873,9 @@ NAPI_EXTERN napi_status napi_is_error(napi_env env, bool* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The `napi_value` to be checked. -- `[out] result`: Boolean value that is set to true if `napi_value` represents +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The `napi_value` to be checked. +* `[out] result`: Boolean value that is set to true if `napi_value` represents an error, false otherwise. Returns `napi_ok` if the API succeeded. @@ -895,12 +895,12 @@ NAPI_EXTERN napi_status napi_create_error(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] code`: Optional `napi_value` with the string for the error code to +* `[in] env`: The environment that the API is invoked under. +* `[in] code`: Optional `napi_value` with the string for the error code to be associated with the error. -- `[in] msg`: `napi_value` that references a JavaScript `String` to be +* `[in] msg`: `napi_value` that references a JavaScript `String` to be used as the message for the `Error`. -- `[out] result`: `napi_value` representing the error created. +* `[out] result`: `napi_value` representing the error created. Returns `napi_ok` if the API succeeded. @@ -919,12 +919,12 @@ NAPI_EXTERN napi_status napi_create_type_error(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] code`: Optional `napi_value` with the string for the error code to +* `[in] env`: The environment that the API is invoked under. +* `[in] code`: Optional `napi_value` with the string for the error code to be associated with the error. -- `[in] msg`: `napi_value` that references a JavaScript `String` to be +* `[in] msg`: `napi_value` that references a JavaScript `String` to be used as the message for the `Error`. -- `[out] result`: `napi_value` representing the error created. +* `[out] result`: `napi_value` representing the error created. Returns `napi_ok` if the API succeeded. @@ -943,12 +943,12 @@ NAPI_EXTERN napi_status napi_create_range_error(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] code`: Optional `napi_value` with the string for the error code to +* `[in] env`: The environment that the API is invoked under. +* `[in] code`: Optional `napi_value` with the string for the error code to be associated with the error. -- `[in] msg`: `napi_value` that references a JavaScript `String` to be +* `[in] msg`: `napi_value` that references a JavaScript `String` to be used as the message for the `Error`. -- `[out] result`: `napi_value` representing the error created. +* `[out] result`: `napi_value` representing the error created. Returns `napi_ok` if the API succeeded. @@ -965,8 +965,8 @@ napi_status napi_get_and_clear_last_exception(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: The exception if one is pending, NULL otherwise. +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: The exception if one is pending, NULL otherwise. Returns `napi_ok` if the API succeeded. @@ -984,8 +984,8 @@ napiVersion: 1 napi_status napi_is_exception_pending(napi_env env, bool* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: Boolean value that is set to true if an exception is pending. +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: Boolean value that is set to true if an exception is pending. Returns `napi_ok` if the API succeeded. @@ -1003,8 +1003,8 @@ napiVersion: 3 napi_status napi_fatal_exception(napi_env env, napi_value err); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] err`: The error that is passed to `'uncaughtException'`. +* `[in] env`: The environment that the API is invoked under. +* `[in] err`: The error that is passed to `'uncaughtException'`. Trigger an `'uncaughtException'` in JavaScript. Useful if an async callback throws an exception with no way to recover. @@ -1027,11 +1027,11 @@ NAPI_NO_RETURN void napi_fatal_error(const char* location, size_t message_len); ``` -- `[in] location`: Optional location at which the error occurred. -- `[in] location_len`: The length of the location in bytes, or +* `[in] location`: Optional location at which the error occurred. +* `[in] location_len`: The length of the location in bytes, or `NAPI_AUTO_LENGTH` if it is null-terminated. -- `[in] message`: The message associated with the error. -- `[in] message_len`: The length of the message in bytes, or +* `[in] message`: The message associated with the error. +* `[in] message_len`: The length of the message in bytes, or `NAPI_AUTO_LENGTH` if it is null-terminated. @@ -1140,8 +1140,8 @@ NAPI_EXTERN napi_status napi_open_handle_scope(napi_env env, napi_handle_scope* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: `napi_value` representing the new scope. +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: `napi_value` representing the new scope. Returns `napi_ok` if the API succeeded. @@ -1158,8 +1158,8 @@ NAPI_EXTERN napi_status napi_close_handle_scope(napi_env env, napi_handle_scope scope); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] scope`: `napi_value` representing the scope to be closed. +* `[in] env`: The environment that the API is invoked under. +* `[in] scope`: `napi_value` representing the scope to be closed. Returns `napi_ok` if the API succeeded. @@ -1180,8 +1180,8 @@ NAPI_EXTERN napi_status napi_handle_scope* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: `napi_value` representing the new scope. +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: `napi_value` representing the new scope. Returns `napi_ok` if the API succeeded. @@ -1200,8 +1200,8 @@ NAPI_EXTERN napi_status napi_handle_scope scope); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] scope`: `napi_value` representing the scope to be closed. +* `[in] env`: The environment that the API is invoked under. +* `[in] scope`: `napi_value` representing the scope to be closed. Returns `napi_ok` if the API succeeded. @@ -1223,11 +1223,11 @@ napi_status napi_escape_handle(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] scope`: `napi_value` representing the current scope. -- `[in] escapee`: `napi_value` representing the JavaScript `Object` to be +* `[in] env`: The environment that the API is invoked under. +* `[in] scope`: `napi_value` representing the current scope. +* `[in] escapee`: `napi_value` representing the JavaScript `Object` to be escaped. -- `[out] result`: `napi_value` representing the handle to the escaped +* `[out] result`: `napi_value` representing the handle to the escaped `Object` in the outer scope. Returns `napi_ok` if the API succeeded. @@ -1290,11 +1290,11 @@ NAPI_EXTERN napi_status napi_create_reference(napi_env env, napi_ref* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing the `Object` to which we want +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing the `Object` to which we want a reference. -- `[in] initial_refcount`: Initial reference count for the new reference. -- `[out] result`: `napi_ref` pointing to the new reference. +* `[in] initial_refcount`: Initial reference count for the new reference. +* `[out] result`: `napi_ref` pointing to the new reference. Returns `napi_ok` if the API succeeded. @@ -1311,8 +1311,8 @@ napiVersion: 1 NAPI_EXTERN napi_status napi_delete_reference(napi_env env, napi_ref ref); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] ref`: `napi_ref` to be deleted. +* `[in] env`: The environment that the API is invoked under. +* `[in] ref`: `napi_ref` to be deleted. Returns `napi_ok` if the API succeeded. @@ -1332,9 +1332,9 @@ NAPI_EXTERN napi_status napi_reference_ref(napi_env env, int* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] ref`: `napi_ref` for which the reference count will be incremented. -- `[out] result`: The new reference count. +* `[in] env`: The environment that the API is invoked under. +* `[in] ref`: `napi_ref` for which the reference count will be incremented. +* `[out] result`: The new reference count. Returns `napi_ok` if the API succeeded. @@ -1353,9 +1353,9 @@ NAPI_EXTERN napi_status napi_reference_unref(napi_env env, int* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] ref`: `napi_ref` for which the reference count will be decremented. -- `[out] result`: The new reference count. +* `[in] env`: The environment that the API is invoked under. +* `[in] ref`: `napi_ref` for which the reference count will be decremented. +* `[out] result`: The new reference count. Returns `napi_ok` if the API succeeded. @@ -1377,9 +1377,9 @@ NAPI_EXTERN napi_status napi_get_reference_value(napi_env env, the `napi_value passed` in or out of these methods is a handle to the object to which the reference is related. -- `[in] env`: The environment that the API is invoked under. -- `[in] ref`: `napi_ref` for which we requesting the corresponding `Object`. -- `[out] result`: The `napi_value` for the `Object` referenced by the +* `[in] env`: The environment that the API is invoked under. +* `[in] ref`: `napi_ref` for which we requesting the corresponding `Object`. +* `[out] result`: The `napi_value` for the `Object` referenced by the `napi_ref`. Returns `napi_ok` if the API succeeded. @@ -1636,8 +1636,8 @@ napiVersion: 1 napi_status napi_create_array(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[out] result`: A `napi_value` representing a JavaScript `Array`. +* `[in] env`: The environment that the N-API call is invoked under. +* `[out] result`: A `napi_value` representing a JavaScript `Array`. Returns `napi_ok` if the API succeeded. @@ -1657,9 +1657,9 @@ napi_status napi_create_array_with_length(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] length`: The initial length of the `Array`. -- `[out] result`: A `napi_value` representing a JavaScript `Array`. +* `[in] env`: The environment that the API is invoked under. +* `[in] length`: The initial length of the `Array`. +* `[out] result`: A `napi_value` representing a JavaScript `Array`. Returns `napi_ok` if the API succeeded. @@ -1688,10 +1688,10 @@ napi_status napi_create_arraybuffer(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] length`: The length in bytes of the array buffer to create. -- `[out] data`: Pointer to the underlying byte buffer of the `ArrayBuffer`. -- `[out] result`: A `napi_value` representing a JavaScript `ArrayBuffer`. +* `[in] env`: The environment that the API is invoked under. +* `[in] length`: The length in bytes of the array buffer to create. +* `[out] data`: Pointer to the underlying byte buffer of the `ArrayBuffer`. +* `[out] result`: A `napi_value` representing a JavaScript `ArrayBuffer`. Returns `napi_ok` if the API succeeded. @@ -1721,10 +1721,10 @@ napi_status napi_create_buffer(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] size`: Size in bytes of the underlying buffer. -- `[out] data`: Raw pointer to the underlying buffer. -- `[out] result`: A `napi_value` representing a `node::Buffer`. +* `[in] env`: The environment that the API is invoked under. +* `[in] size`: Size in bytes of the underlying buffer. +* `[out] data`: Raw pointer to the underlying buffer. +* `[out] result`: A `napi_value` representing a `node::Buffer`. Returns `napi_ok` if the API succeeded. @@ -1745,12 +1745,12 @@ napi_status napi_create_buffer_copy(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] size`: Size in bytes of the input buffer (should be the same as the +* `[in] env`: The environment that the API is invoked under. +* `[in] size`: Size in bytes of the input buffer (should be the same as the size of the new buffer). -- `[in] data`: Raw pointer to the underlying buffer to copy from. -- `[out] result_data`: Pointer to the new `Buffer`'s underlying data buffer. -- `[out] result`: A `napi_value` representing a `node::Buffer`. +* `[in] data`: Raw pointer to the underlying buffer to copy from. +* `[out] result_data`: Pointer to the new `Buffer`'s underlying data buffer. +* `[out] result`: A `napi_value` representing a `node::Buffer`. Returns `napi_ok` if the API succeeded. @@ -1769,9 +1769,9 @@ napi_status napi_create_date(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] time`: ECMAScript time value in milliseconds since 01 January, 1970 UTC. -- `[out] result`: A `napi_value` representing a JavaScript `Date`. +* `[in] env`: The environment that the API is invoked under. +* `[in] time`: ECMAScript time value in milliseconds since 01 January, 1970 UTC. +* `[out] result`: A `napi_value` representing a JavaScript `Date`. Returns `napi_ok` if the API succeeded. @@ -1794,13 +1794,13 @@ napi_status napi_create_external(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] data`: Raw pointer to the external data. -- `[in] finalize_cb`: Optional callback to call when the external value +* `[in] env`: The environment that the API is invoked under. +* `[in] data`: Raw pointer to the external data. +* `[in] finalize_cb`: Optional callback to call when the external value is being collected. -- `[in] finalize_hint`: Optional hint to pass to the finalize callback +* `[in] finalize_hint`: Optional hint to pass to the finalize callback during collection. -- `[out] result`: A `napi_value` representing an external value. +* `[out] result`: A `napi_value` representing an external value. Returns `napi_ok` if the API succeeded. @@ -1830,15 +1830,15 @@ napi_create_external_arraybuffer(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] external_data`: Pointer to the underlying byte buffer of the +* `[in] env`: The environment that the API is invoked under. +* `[in] external_data`: Pointer to the underlying byte buffer of the `ArrayBuffer`. -- `[in] byte_length`: The length in bytes of the underlying buffer. -- `[in] finalize_cb`: Optional callback to call when the `ArrayBuffer` is +* `[in] byte_length`: The length in bytes of the underlying buffer. +* `[in] finalize_cb`: Optional callback to call when the `ArrayBuffer` is being collected. -- `[in] finalize_hint`: Optional hint to pass to the finalize callback +* `[in] finalize_hint`: Optional hint to pass to the finalize callback during collection. -- `[out] result`: A `napi_value` representing a JavaScript `ArrayBuffer`. +* `[out] result`: A `napi_value` representing a JavaScript `ArrayBuffer`. Returns `napi_ok` if the API succeeded. @@ -1865,15 +1865,15 @@ napi_status napi_create_external_buffer(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] length`: Size in bytes of the input buffer (should be the same as +* `[in] env`: The environment that the API is invoked under. +* `[in] length`: Size in bytes of the input buffer (should be the same as the size of the new buffer). -- `[in] data`: Raw pointer to the underlying buffer to copy from. -- `[in] finalize_cb`: Optional callback to call when the `ArrayBuffer` is +* `[in] data`: Raw pointer to the underlying buffer to copy from. +* `[in] finalize_cb`: Optional callback to call when the `ArrayBuffer` is being collected. -- `[in] finalize_hint`: Optional hint to pass to the finalize callback +* `[in] finalize_hint`: Optional hint to pass to the finalize callback during collection. -- `[out] result`: A `napi_value` representing a `node::Buffer`. +* `[out] result`: A `napi_value` representing a `node::Buffer`. Returns `napi_ok` if the API succeeded. @@ -1893,8 +1893,8 @@ napiVersion: 1 napi_status napi_create_object(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: A `napi_value` representing a JavaScript `Object`. +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: A `napi_value` representing a JavaScript `Object`. Returns `napi_ok` if the API succeeded. @@ -1917,10 +1917,10 @@ napi_status napi_create_symbol(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] description`: Optional `napi_value` which refers to a JavaScript +* `[in] env`: The environment that the API is invoked under. +* `[in] description`: Optional `napi_value` which refers to a JavaScript `String` to be set as the description for the symbol. -- `[out] result`: A `napi_value` representing a JavaScript `Symbol`. +* `[out] result`: A `napi_value` representing a JavaScript `Symbol`. Returns `napi_ok` if the API succeeded. @@ -1945,13 +1945,13 @@ napi_status napi_create_typedarray(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] type`: Scalar datatype of the elements within the `TypedArray`. -- `[in] length`: Number of elements in the `TypedArray`. -- `[in] arraybuffer`: `ArrayBuffer` underlying the typed array. -- `[in] byte_offset`: The byte offset within the `ArrayBuffer` from which to +* `[in] env`: The environment that the API is invoked under. +* `[in] type`: Scalar datatype of the elements within the `TypedArray`. +* `[in] length`: Number of elements in the `TypedArray`. +* `[in] arraybuffer`: `ArrayBuffer` underlying the typed array. +* `[in] byte_offset`: The byte offset within the `ArrayBuffer` from which to start projecting the `TypedArray`. -- `[out] result`: A `napi_value` representing a JavaScript `TypedArray`. +* `[out] result`: A `napi_value` representing a JavaScript `TypedArray`. Returns `napi_ok` if the API succeeded. @@ -1981,12 +1981,12 @@ napi_status napi_create_dataview(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] length`: Number of elements in the `DataView`. -- `[in] arraybuffer`: `ArrayBuffer` underlying the `DataView`. -- `[in] byte_offset`: The byte offset within the `ArrayBuffer` from which to +* `[in] env`: The environment that the API is invoked under. +* `[in] length`: Number of elements in the `DataView`. +* `[in] arraybuffer`: `ArrayBuffer` underlying the `DataView`. +* `[in] byte_offset`: The byte offset within the `ArrayBuffer` from which to start projecting the `DataView`. -- `[out] result`: A `napi_value` representing a JavaScript `DataView`. +* `[out] result`: A `napi_value` representing a JavaScript `DataView`. Returns `napi_ok` if the API succeeded. @@ -2012,9 +2012,9 @@ napiVersion: 1 napi_status napi_create_int32(napi_env env, int32_t value, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: Integer value to be represented in JavaScript. -- `[out] result`: A `napi_value` representing a JavaScript `Number`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: Integer value to be represented in JavaScript. +* `[out] result`: A `napi_value` representing a JavaScript `Number`. Returns `napi_ok` if the API succeeded. @@ -2034,9 +2034,9 @@ napiVersion: 1 napi_status napi_create_uint32(napi_env env, uint32_t value, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: Unsigned integer value to be represented in JavaScript. -- `[out] result`: A `napi_value` representing a JavaScript `Number`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: Unsigned integer value to be represented in JavaScript. +* `[out] result`: A `napi_value` representing a JavaScript `Number`. Returns `napi_ok` if the API succeeded. @@ -2056,9 +2056,9 @@ napiVersion: 1 napi_status napi_create_int64(napi_env env, int64_t value, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: Integer value to be represented in JavaScript. -- `[out] result`: A `napi_value` representing a JavaScript `Number`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: Integer value to be represented in JavaScript. +* `[out] result`: A `napi_value` representing a JavaScript `Number`. Returns `napi_ok` if the API succeeded. @@ -2084,9 +2084,9 @@ napiVersion: 1 napi_status napi_create_double(napi_env env, double value, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: Double-precision value to be represented in JavaScript. -- `[out] result`: A `napi_value` representing a JavaScript `Number`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: Double-precision value to be represented in JavaScript. +* `[out] result`: A `napi_value` representing a JavaScript `Number`. Returns `napi_ok` if the API succeeded. @@ -2109,9 +2109,9 @@ napi_status napi_create_bigint_int64(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: Integer value to be represented in JavaScript. -- `[out] result`: A `napi_value` representing a JavaScript `BigInt`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: Integer value to be represented in JavaScript. +* `[out] result`: A `napi_value` representing a JavaScript `BigInt`. Returns `napi_ok` if the API succeeded. @@ -2130,9 +2130,9 @@ napi_status napi_create_bigint_uint64(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: Unsigned integer value to be represented in JavaScript. -- `[out] result`: A `napi_value` representing a JavaScript `BigInt`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: Unsigned integer value to be represented in JavaScript. +* `[out] result`: A `napi_value` representing a JavaScript `BigInt`. Returns `napi_ok` if the API succeeded. @@ -2153,12 +2153,12 @@ napi_status napi_create_bigint_words(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] sign_bit`: Determines if the resulting `BigInt` will be positive or +* `[in] env`: The environment that the API is invoked under. +* `[in] sign_bit`: Determines if the resulting `BigInt` will be positive or negative. -- `[in] word_count`: The length of the `words` array. -- `[in] words`: An array of `uint64_t` little-endian 64-bit words. -- `[out] result`: A `napi_value` representing a JavaScript `BigInt`. +* `[in] word_count`: The length of the `words` array. +* `[in] words`: An array of `uint64_t` little-endian 64-bit words. +* `[out] result`: A `napi_value` representing a JavaScript `BigInt`. Returns `napi_ok` if the API succeeded. @@ -2181,11 +2181,11 @@ napi_status napi_create_string_latin1(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] str`: Character buffer representing an ISO-8859-1-encoded string. -- `[in] length`: The length of the string in bytes, or +* `[in] env`: The environment that the API is invoked under. +* `[in] str`: Character buffer representing an ISO-8859-1-encoded string. +* `[in] length`: The length of the string in bytes, or `NAPI_AUTO_LENGTH` if it is null-terminated. -- `[out] result`: A `napi_value` representing a JavaScript `String`. +* `[out] result`: A `napi_value` representing a JavaScript `String`. Returns `napi_ok` if the API succeeded. @@ -2208,11 +2208,11 @@ napi_status napi_create_string_utf16(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] str`: Character buffer representing a UTF16-LE-encoded string. -- `[in] length`: The length of the string in two-byte code units, or +* `[in] env`: The environment that the API is invoked under. +* `[in] str`: Character buffer representing a UTF16-LE-encoded string. +* `[in] length`: The length of the string in two-byte code units, or `NAPI_AUTO_LENGTH` if it is null-terminated. -- `[out] result`: A `napi_value` representing a JavaScript `String`. +* `[out] result`: A `napi_value` representing a JavaScript `String`. Returns `napi_ok` if the API succeeded. @@ -2235,11 +2235,11 @@ napi_status napi_create_string_utf8(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] str`: Character buffer representing a UTF8-encoded string. -- `[in] length`: The length of the string in bytes, or `NAPI_AUTO_LENGTH` +* `[in] env`: The environment that the API is invoked under. +* `[in] str`: Character buffer representing a UTF8-encoded string. +* `[in] length`: The length of the string in bytes, or `NAPI_AUTO_LENGTH` if it is null-terminated. -- `[out] result`: A `napi_value` representing a JavaScript `String`. +* `[out] result`: A `napi_value` representing a JavaScript `String`. Returns `napi_ok` if the API succeeded. @@ -2262,10 +2262,10 @@ napi_status napi_get_array_length(napi_env env, uint32_t* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing the JavaScript `Array` whose length is +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing the JavaScript `Array` whose length is being queried. -- `[out] result`: `uint32` representing length of the array. +* `[out] result`: `uint32` representing length of the array. Returns `napi_ok` if the API succeeded. @@ -2288,10 +2288,10 @@ napi_status napi_get_arraybuffer_info(napi_env env, size_t* byte_length) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] arraybuffer`: `napi_value` representing the `ArrayBuffer` being queried. -- `[out] data`: The underlying data buffer of the `ArrayBuffer`. -- `[out] byte_length`: Length in bytes of the underlying data buffer. +* `[in] env`: The environment that the API is invoked under. +* `[in] arraybuffer`: `napi_value` representing the `ArrayBuffer` being queried. +* `[out] data`: The underlying data buffer of the `ArrayBuffer`. +* `[out] byte_length`: Length in bytes of the underlying data buffer. Returns `napi_ok` if the API succeeded. @@ -2319,10 +2319,10 @@ napi_status napi_get_buffer_info(napi_env env, size_t* length) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing the `node::Buffer` being queried. -- `[out] data`: The underlying data buffer of the `node::Buffer`. -- `[out] length`: Length in bytes of the underlying data buffer. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing the `node::Buffer` being queried. +* `[out] data`: The underlying data buffer of the `node::Buffer`. +* `[out] length`: Length in bytes of the underlying data buffer. Returns `napi_ok` if the API succeeded. @@ -2344,11 +2344,11 @@ napi_status napi_get_prototype(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] object`: `napi_value` representing JavaScript `Object` whose prototype +* `[in] env`: The environment that the API is invoked under. +* `[in] object`: `napi_value` representing JavaScript `Object` whose prototype to return. This returns the equivalent of `Object.getPrototypeOf` (which is not the same as the function's `prototype` property). -- `[out] result`: `napi_value` representing prototype of the given object. +* `[out] result`: `napi_value` representing prototype of the given object. Returns `napi_ok` if the API succeeded. @@ -2368,16 +2368,16 @@ napi_status napi_get_typedarray_info(napi_env env, size_t* byte_offset) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] typedarray`: `napi_value` representing the `TypedArray` whose +* `[in] env`: The environment that the API is invoked under. +* `[in] typedarray`: `napi_value` representing the `TypedArray` whose properties to query. -- `[out] type`: Scalar datatype of the elements within the `TypedArray`. -- `[out] length`: The number of elements in the `TypedArray`. -- `[out] data`: The data buffer underlying the `TypedArray` adjusted by +* `[out] type`: Scalar datatype of the elements within the `TypedArray`. +* `[out] length`: The number of elements in the `TypedArray`. +* `[out] data`: The data buffer underlying the `TypedArray` adjusted by the `byte_offset` value so that it points to the first element in the `TypedArray`. -- `[out] arraybuffer`: The `ArrayBuffer` underlying the `TypedArray`. -- `[out] byte_offset`: The byte offset within the underlying native array +* `[out] arraybuffer`: The `ArrayBuffer` underlying the `TypedArray`. +* `[out] byte_offset`: The byte offset within the underlying native array at which the first element of the arrays is located. The value for the data parameter has already been adjusted so that data points to the first element in the array. Therefore, the first byte of the native array would be at @@ -2405,13 +2405,13 @@ napi_status napi_get_dataview_info(napi_env env, size_t* byte_offset) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] dataview`: `napi_value` representing the `DataView` whose +* `[in] env`: The environment that the API is invoked under. +* `[in] dataview`: `napi_value` representing the `DataView` whose properties to query. -- `[out] byte_length`: `Number` of bytes in the `DataView`. -- `[out] data`: The data buffer underlying the `DataView`. -- `[out] arraybuffer`: `ArrayBuffer` underlying the `DataView`. -- `[out] byte_offset`: The byte offset within the data buffer from which +* `[out] byte_length`: `Number` of bytes in the `DataView`. +* `[out] data`: The data buffer underlying the `DataView`. +* `[out] arraybuffer`: `ArrayBuffer` underlying the `DataView`. +* `[out] byte_offset`: The byte offset within the data buffer from which to start projecting the `DataView`. Returns `napi_ok` if the API succeeded. @@ -2429,9 +2429,9 @@ napi_status napi_get_date_value(napi_env env, double* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing a JavaScript `Date`. -- `[out] result`: Time value as a `double` represented as milliseconds +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing a JavaScript `Date`. +* `[out] result`: Time value as a `double` represented as milliseconds since midnight at the beginning of 01 January, 1970 UTC. Returns `napi_ok` if the API succeeded. If a non-date `napi_value` is passed @@ -2450,9 +2450,9 @@ napiVersion: 1 napi_status napi_get_value_bool(napi_env env, napi_value value, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript `Boolean`. -- `[out] result`: C boolean primitive equivalent of the given JavaScript +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript `Boolean`. +* `[out] result`: C boolean primitive equivalent of the given JavaScript `Boolean`. Returns `napi_ok` if the API succeeded. If a non-boolean `napi_value` is @@ -2473,9 +2473,9 @@ napi_status napi_get_value_double(napi_env env, double* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript `Number`. -- `[out] result`: C double primitive equivalent of the given JavaScript +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript `Number`. +* `[out] result`: C double primitive equivalent of the given JavaScript `Number`. Returns `napi_ok` if the API succeeded. If a non-number `napi_value` is passed @@ -2498,11 +2498,11 @@ napi_status napi_get_value_bigint_int64(napi_env env, bool* lossless); ``` -- `[in] env`: The environment that the API is invoked under -- `[in] value`: `napi_value` representing JavaScript `BigInt`. -- `[out] result`: C `int64_t` primitive equivalent of the given JavaScript +* `[in] env`: The environment that the API is invoked under +* `[in] value`: `napi_value` representing JavaScript `BigInt`. +* `[out] result`: C `int64_t` primitive equivalent of the given JavaScript `BigInt`. -- `[out] lossless`: Indicates whether the `BigInt` value was converted +* `[out] lossless`: Indicates whether the `BigInt` value was converted losslessly. Returns `napi_ok` if the API succeeded. If a non-`BigInt` is passed in it @@ -2525,11 +2525,11 @@ napi_status napi_get_value_bigint_uint64(napi_env env, bool* lossless); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript `BigInt`. -- `[out] result`: C `uint64_t` primitive equivalent of the given JavaScript +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript `BigInt`. +* `[out] result`: C `uint64_t` primitive equivalent of the given JavaScript `BigInt`. -- `[out] lossless`: Indicates whether the `BigInt` value was converted +* `[out] lossless`: Indicates whether the `BigInt` value was converted losslessly. Returns `napi_ok` if the API succeeded. If a non-`BigInt` is passed in it @@ -2553,14 +2553,14 @@ napi_status napi_get_value_bigint_words(napi_env env, uint64_t* words); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript `BigInt`. -- `[out] sign_bit`: Integer representing if the JavaScript `BigInt` is positive +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript `BigInt`. +* `[out] sign_bit`: Integer representing if the JavaScript `BigInt` is positive or negative. -- `[in/out] word_count`: Must be initialized to the length of the `words` +* `[in/out] word_count`: Must be initialized to the length of the `words` array. Upon return, it will be set to the actual number of words that would be needed to store this `BigInt`. -- `[out] words`: Pointer to a pre-allocated 64-bit word array. +* `[out] words`: Pointer to a pre-allocated 64-bit word array. Returns `napi_ok` if the API succeeded. @@ -2580,9 +2580,9 @@ napi_status napi_get_value_external(napi_env env, void** result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript external value. -- `[out] result`: Pointer to the data wrapped by the JavaScript external value. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript external value. +* `[out] result`: Pointer to the data wrapped by the JavaScript external value. Returns `napi_ok` if the API succeeded. If a non-external `napi_value` is passed in it returns `napi_invalid_arg`. @@ -2602,9 +2602,9 @@ napi_status napi_get_value_int32(napi_env env, int32_t* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript `Number`. -- `[out] result`: C `int32` primitive equivalent of the given JavaScript +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript `Number`. +* `[out] result`: C `int32` primitive equivalent of the given JavaScript `Number`. Returns `napi_ok` if the API succeeded. If a non-number `napi_value` @@ -2632,9 +2632,9 @@ napi_status napi_get_value_int64(napi_env env, int64_t* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript `Number`. -- `[out] result`: C `int64` primitive equivalent of the given JavaScript +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript `Number`. +* `[out] result`: C `int64` primitive equivalent of the given JavaScript `Number`. Returns `napi_ok` if the API succeeded. If a non-number `napi_value` @@ -2666,13 +2666,13 @@ napi_status napi_get_value_string_latin1(napi_env env, size_t* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript string. -- `[in] buf`: Buffer to write the ISO-8859-1-encoded string into. If NULL is +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript string. +* `[in] buf`: Buffer to write the ISO-8859-1-encoded string into. If NULL is passed in, the length of the string (in bytes) is returned. -- `[in] bufsize`: Size of the destination buffer. When this value is +* `[in] bufsize`: Size of the destination buffer. When this value is insufficient, the returned string will be truncated. -- `[out] result`: Number of bytes copied into the buffer, excluding the null +* `[out] result`: Number of bytes copied into the buffer, excluding the null terminator. Returns `napi_ok` if the API succeeded. If a non-`String` `napi_value` @@ -2695,13 +2695,13 @@ napi_status napi_get_value_string_utf8(napi_env env, size_t* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript string. -- `[in] buf`: Buffer to write the UTF8-encoded string into. If NULL is passed +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript string. +* `[in] buf`: Buffer to write the UTF8-encoded string into. If NULL is passed in, the length of the string (in bytes) is returned. -- `[in] bufsize`: Size of the destination buffer. When this value is +* `[in] bufsize`: Size of the destination buffer. When this value is insufficient, the returned string will be truncated. -- `[out] result`: Number of bytes copied into the buffer, excluding the null +* `[out] result`: Number of bytes copied into the buffer, excluding the null terminator. Returns `napi_ok` if the API succeeded. If a non-`String` `napi_value` @@ -2723,13 +2723,13 @@ napi_status napi_get_value_string_utf16(napi_env env, size_t* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript string. -- `[in] buf`: Buffer to write the UTF16-LE-encoded string into. If NULL is +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript string. +* `[in] buf`: Buffer to write the UTF16-LE-encoded string into. If NULL is passed in, the length of the string (in 2-byte code units) is returned. -- `[in] bufsize`: Size of the destination buffer. When this value is +* `[in] bufsize`: Size of the destination buffer. When this value is insufficient, the returned string will be truncated. -- `[out] result`: Number of 2-byte code units copied into the buffer, excluding +* `[out] result`: Number of 2-byte code units copied into the buffer, excluding the null terminator. Returns `napi_ok` if the API succeeded. If a non-`String` `napi_value` @@ -2749,9 +2749,9 @@ napi_status napi_get_value_uint32(napi_env env, uint32_t* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: `napi_value` representing JavaScript `Number`. -- `[out] result`: C primitive equivalent of the given `napi_value` as a +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: `napi_value` representing JavaScript `Number`. +* `[out] result`: C primitive equivalent of the given `napi_value` as a `uint32_t`. Returns `napi_ok` if the API succeeded. If a non-number `napi_value` @@ -2771,9 +2771,9 @@ napiVersion: 1 napi_status napi_get_boolean(napi_env env, bool value, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The value of the boolean to retrieve. -- `[out] result`: `napi_value` representing JavaScript `Boolean` singleton to +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The value of the boolean to retrieve. +* `[out] result`: `napi_value` representing JavaScript `Boolean` singleton to retrieve. Returns `napi_ok` if the API succeeded. @@ -2791,8 +2791,8 @@ napiVersion: 1 napi_status napi_get_global(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: `napi_value` representing JavaScript `global` object. +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: `napi_value` representing JavaScript `global` object. Returns `napi_ok` if the API succeeded. @@ -2808,8 +2808,8 @@ napiVersion: 1 napi_status napi_get_null(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: `napi_value` representing JavaScript `null` object. +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: `napi_value` representing JavaScript `null` object. Returns `napi_ok` if the API succeeded. @@ -2825,8 +2825,8 @@ napiVersion: 1 napi_status napi_get_undefined(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: `napi_value` representing JavaScript Undefined value. +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: `napi_value` representing JavaScript Undefined value. Returns `napi_ok` if the API succeeded. @@ -2858,9 +2858,9 @@ napi_status napi_coerce_to_bool(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to coerce. -- `[out] result`: `napi_value` representing the coerced JavaScript `Boolean`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to coerce. +* `[out] result`: `napi_value` representing the coerced JavaScript `Boolean`. Returns `napi_ok` if the API succeeded. @@ -2881,9 +2881,9 @@ napi_status napi_coerce_to_number(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to coerce. -- `[out] result`: `napi_value` representing the coerced JavaScript `Number`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to coerce. +* `[out] result`: `napi_value` representing the coerced JavaScript `Number`. Returns `napi_ok` if the API succeeded. @@ -2904,9 +2904,9 @@ napi_status napi_coerce_to_object(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to coerce. -- `[out] result`: `napi_value` representing the coerced JavaScript `Object`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to coerce. +* `[out] result`: `napi_value` representing the coerced JavaScript `Object`. Returns `napi_ok` if the API succeeded. @@ -2927,9 +2927,9 @@ napi_status napi_coerce_to_string(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to coerce. -- `[out] result`: `napi_value` representing the coerced JavaScript `String`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to coerce. +* `[out] result`: `napi_value` representing the coerced JavaScript `String`. Returns `napi_ok` if the API succeeded. @@ -2948,13 +2948,13 @@ napiVersion: 1 napi_status napi_typeof(napi_env env, napi_value value, napi_valuetype* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value whose type to query. -- `[out] result`: The type of the JavaScript value. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value whose type to query. +* `[out] result`: The type of the JavaScript value. Returns `napi_ok` if the API succeeded. -- `napi_invalid_arg` if the type of `value` is not a known ECMAScript type and +* `napi_invalid_arg` if the type of `value` is not a known ECMAScript type and `value` is not an External value. This API represents behavior similar to invoking the `typeof` Operator on @@ -2975,11 +2975,11 @@ napi_status napi_instanceof(napi_env env, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] object`: The JavaScript value to check. -- `[in] constructor`: The JavaScript function object of the constructor +* `[in] env`: The environment that the API is invoked under. +* `[in] object`: The JavaScript value to check. +* `[in] constructor`: The JavaScript function object of the constructor function to check against. -- `[out] result`: Boolean that is set to true if `object instanceof constructor` +* `[out] result`: Boolean that is set to true if `object instanceof constructor` is true. Returns `napi_ok` if the API succeeded. @@ -2999,9 +2999,9 @@ napiVersion: 1 napi_status napi_is_array(napi_env env, napi_value value, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to check. -- `[out] result`: Whether the given object is an array. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to check. +* `[out] result`: Whether the given object is an array. Returns `napi_ok` if the API succeeded. @@ -3019,9 +3019,9 @@ napiVersion: 1 napi_status napi_is_arraybuffer(napi_env env, napi_value value, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to check. -- `[out] result`: Whether the given object is an `ArrayBuffer`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to check. +* `[out] result`: Whether the given object is an `ArrayBuffer`. Returns `napi_ok` if the API succeeded. @@ -3037,9 +3037,9 @@ napiVersion: 1 napi_status napi_is_buffer(napi_env env, napi_value value, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to check. -- `[out] result`: Whether the given `napi_value` represents a `node::Buffer` +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to check. +* `[out] result`: Whether the given `napi_value` represents a `node::Buffer` object. Returns `napi_ok` if the API succeeded. @@ -3055,9 +3055,9 @@ added: v11.11.0 napi_status napi_is_date(napi_env env, napi_value value, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to check. -- `[out] result`: Whether the given `napi_value` represents a JavaScript `Date` +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to check. +* `[out] result`: Whether the given `napi_value` represents a JavaScript `Date` object. Returns `napi_ok` if the API succeeded. @@ -3074,9 +3074,9 @@ napiVersion: 1 napi_status napi_is_error(napi_env env, napi_value value, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to check. -- `[out] result`: Whether the given `napi_value` represents an `Error` object. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to check. +* `[out] result`: Whether the given `napi_value` represents an `Error` object. Returns `napi_ok` if the API succeeded. @@ -3092,9 +3092,9 @@ napiVersion: 1 napi_status napi_is_typedarray(napi_env env, napi_value value, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to check. -- `[out] result`: Whether the given `napi_value` represents a `TypedArray`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to check. +* `[out] result`: Whether the given `napi_value` represents a `TypedArray`. Returns `napi_ok` if the API succeeded. @@ -3110,9 +3110,9 @@ napiVersion: 1 napi_status napi_is_dataview(napi_env env, napi_value value, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] value`: The JavaScript value to check. -- `[out] result`: Whether the given `napi_value` represents a `DataView`. +* `[in] env`: The environment that the API is invoked under. +* `[in] value`: The JavaScript value to check. +* `[out] result`: Whether the given `napi_value` represents a `DataView`. Returns `napi_ok` if the API succeeded. @@ -3131,10 +3131,10 @@ napi_status napi_strict_equals(napi_env env, bool* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] lhs`: The JavaScript value to check. -- `[in] rhs`: The JavaScript value to check against. -- `[out] result`: Whether the two `napi_value` objects are equal. +* `[in] env`: The environment that the API is invoked under. +* `[in] lhs`: The JavaScript value to check. +* `[in] rhs`: The JavaScript value to check against. +* `[out] result`: Whether the two `napi_value` objects are equal. Returns `napi_ok` if the API succeeded. @@ -3154,9 +3154,9 @@ Properties in JavaScript are represented as a tuple of a key and a value. Fundamentally, all property keys in N-API can be represented in one of the following forms: -- Named: a simple UTF8-encoded string -- Integer-Indexed: an index value represented by `uint32_t` -- JavaScript value: these are represented in N-API by `napi_value`. This can +* Named: a simple UTF8-encoded string +* Integer-Indexed: an index value represented by `uint32_t` +* JavaScript value: these are represented in N-API by `napi_value`. This can be a `napi_value` representing a `String`, `Number`, or `Symbol`. N-API values are represented by the type `napi_value`. @@ -3306,14 +3306,14 @@ attributes listed in [Section 6.1.7.1][] of the [ECMAScript Language Specification][]. They can be one or more of the following bitflags: -- `napi_default` - Used to indicate that no explicit attributes are set on the +* `napi_default` - Used to indicate that no explicit attributes are set on the given property. By default, a property is read only, not enumerable and not configurable. -- `napi_writable` - Used to indicate that a given property is writable. -- `napi_enumerable` - Used to indicate that a given property is enumerable. -- `napi_configurable` - Used to indicate that a given property is configurable, +* `napi_writable` - Used to indicate that a given property is writable. +* `napi_enumerable` - Used to indicate that a given property is enumerable. +* `napi_configurable` - Used to indicate that a given property is configurable, as defined in [Section 6.1.7.1][] of the [ECMAScript Language Specification][]. -- `napi_static` - Used to indicate that the property will be defined as +* `napi_static` - Used to indicate that the property will be defined as a static property on a class as opposed to an instance property, which is the default. This is used only by [`napi_define_class`][]. It is ignored by `napi_define_properties`. @@ -3336,32 +3336,32 @@ typedef struct { } napi_property_descriptor; ``` -- `utf8name`: Optional `String` describing the key for the property, +* `utf8name`: Optional `String` describing the key for the property, encoded as UTF8. One of `utf8name` or `name` must be provided for the property. -- `name`: Optional `napi_value` that points to a JavaScript string or symbol +* `name`: Optional `napi_value` that points to a JavaScript string or symbol to be used as the key for the property. One of `utf8name` or `name` must be provided for the property. -- `value`: The value that's retrieved by a get access of the property if the +* `value`: The value that's retrieved by a get access of the property if the property is a data property. If this is passed in, set `getter`, `setter`, `method` and `data` to `NULL` (since these members won't be used). -- `getter`: A function to call when a get access of the property is performed. +* `getter`: A function to call when a get access of the property is performed. If this is passed in, set `value` and `method` to `NULL` (since these members won't be used). The given function is called implicitly by the runtime when the property is accessed from JavaScript code (or if a get on the property is performed using a N-API call). -- `setter`: A function to call when a set access of the property is performed. +* `setter`: A function to call when a set access of the property is performed. If this is passed in, set `value` and `method` to `NULL` (since these members won't be used). The given function is called implicitly by the runtime when the property is set from JavaScript code (or if a set on the property is performed using a N-API call). -- `method`: Set this to make the property descriptor object's `value` +* `method`: Set this to make the property descriptor object's `value` property to be a JavaScript function represented by `method`. If this is passed in, set `value`, `getter` and `setter` to `NULL` (since these members won't be used). -- `attributes`: The attributes associated with the particular property. +* `attributes`: The attributes associated with the particular property. See [`napi_property_attributes`](#n_api_napi_property_attributes). -- `data`: The callback data passed into `method`, `getter` and `setter` if +* `data`: The callback data passed into `method`, `getter` and `setter` if this function is invoked. ### Functions @@ -3377,9 +3377,9 @@ napi_status napi_get_property_names(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object from which to retrieve the properties. -- `[out] result`: A `napi_value` representing an array of JavaScript values +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object from which to retrieve the properties. +* `[out] result`: A `napi_value` representing an array of JavaScript values that represent the property names of the object. The API can be used to iterate over `result` using [`napi_get_array_length`][] and [`napi_get_element`][]. @@ -3403,10 +3403,10 @@ napi_status napi_set_property(napi_env env, napi_value value); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object on which to set the property. -- `[in] key`: The name of the property to set. -- `[in] value`: The property value. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object on which to set the property. +* `[in] key`: The name of the property to set. +* `[in] value`: The property value. Returns `napi_ok` if the API succeeded. @@ -3425,10 +3425,10 @@ napi_status napi_get_property(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object from which to retrieve the property. -- `[in] key`: The name of the property to retrieve. -- `[out] result`: The value of the property. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object from which to retrieve the property. +* `[in] key`: The name of the property to retrieve. +* `[out] result`: The value of the property. Returns `napi_ok` if the API succeeded. @@ -3447,10 +3447,10 @@ napi_status napi_has_property(napi_env env, bool* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object to query. -- `[in] key`: The name of the property whose existence to check. -- `[out] result`: Whether the property exists on the object or not. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object to query. +* `[in] key`: The name of the property whose existence to check. +* `[out] result`: Whether the property exists on the object or not. Returns `napi_ok` if the API succeeded. @@ -3469,10 +3469,10 @@ napi_status napi_delete_property(napi_env env, bool* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object to query. -- `[in] key`: The name of the property to delete. -- `[out] result`: Whether the property deletion succeeded or not. `result` can +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object to query. +* `[in] key`: The name of the property to delete. +* `[out] result`: Whether the property deletion succeeded or not. `result` can optionally be ignored by passing `NULL`. Returns `napi_ok` if the API succeeded. @@ -3492,10 +3492,10 @@ napi_status napi_has_own_property(napi_env env, bool* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object to query. -- `[in] key`: The name of the own property whose existence to check. -- `[out] result`: Whether the own property exists on the object or not. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object to query. +* `[in] key`: The name of the own property whose existence to check. +* `[out] result`: Whether the own property exists on the object or not. Returns `napi_ok` if the API succeeded. @@ -3516,10 +3516,10 @@ napi_status napi_set_named_property(napi_env env, napi_value value); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object on which to set the property. -- `[in] utf8Name`: The name of the property to set. -- `[in] value`: The property value. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object on which to set the property. +* `[in] utf8Name`: The name of the property to set. +* `[in] value`: The property value. Returns `napi_ok` if the API succeeded. @@ -3539,10 +3539,10 @@ napi_status napi_get_named_property(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object from which to retrieve the property. -- `[in] utf8Name`: The name of the property to get. -- `[out] result`: The value of the property. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object from which to retrieve the property. +* `[in] utf8Name`: The name of the property to get. +* `[out] result`: The value of the property. Returns `napi_ok` if the API succeeded. @@ -3562,10 +3562,10 @@ napi_status napi_has_named_property(napi_env env, bool* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object to query. -- `[in] utf8Name`: The name of the property whose existence to check. -- `[out] result`: Whether the property exists on the object or not. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object to query. +* `[in] utf8Name`: The name of the property whose existence to check. +* `[out] result`: Whether the property exists on the object or not. Returns `napi_ok` if the API succeeded. @@ -3585,10 +3585,10 @@ napi_status napi_set_element(napi_env env, napi_value value); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object from which to set the properties. -- `[in] index`: The index of the property to set. -- `[in] value`: The property value. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object from which to set the properties. +* `[in] index`: The index of the property to set. +* `[in] value`: The property value. Returns `napi_ok` if the API succeeded. @@ -3607,10 +3607,10 @@ napi_status napi_get_element(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object from which to retrieve the property. -- `[in] index`: The index of the property to get. -- `[out] result`: The value of the property. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object from which to retrieve the property. +* `[in] index`: The index of the property to get. +* `[out] result`: The value of the property. Returns `napi_ok` if the API succeeded. @@ -3629,10 +3629,10 @@ napi_status napi_has_element(napi_env env, bool* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object to query. -- `[in] index`: The index of the property whose existence to check. -- `[out] result`: Whether the property exists on the object or not. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object to query. +* `[in] index`: The index of the property whose existence to check. +* `[out] result`: Whether the property exists on the object or not. Returns `napi_ok` if the API succeeded. @@ -3652,10 +3652,10 @@ napi_status napi_delete_element(napi_env env, bool* result); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object to query. -- `[in] index`: The index of the property to delete. -- `[out] result`: Whether the element deletion succeeded or not. `result` can +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object to query. +* `[in] index`: The index of the property to delete. +* `[out] result`: Whether the element deletion succeeded or not. `result` can optionally be ignored by passing `NULL`. Returns `napi_ok` if the API succeeded. @@ -3675,10 +3675,10 @@ napi_status napi_define_properties(napi_env env, const napi_property_descriptor* properties); ``` -- `[in] env`: The environment that the N-API call is invoked under. -- `[in] object`: The object from which to retrieve the properties. -- `[in] property_count`: The number of elements in the `properties` array. -- `[in] properties`: The array of property descriptors. +* `[in] env`: The environment that the N-API call is invoked under. +* `[in] object`: The object from which to retrieve the properties. +* `[in] property_count`: The number of elements in the `properties` array. +* `[in] properties`: The array of property descriptors. Returns `napi_ok` if the API succeeded. @@ -3699,9 +3699,9 @@ native code, the `napi_callback` function provided is invoked. The APIs documented in this section allow the callback function to do the following: -- Get information about the context in which the callback was invoked. -- Get the arguments passed into the callback. -- Return a `napi_value` back from the callback. +* Get information about the context in which the callback was invoked. +* Get the arguments passed into the callback. +* Return a `napi_value` back from the callback. Additionally, N-API provides a set of functions which allow calling JavaScript functions from native code. One can either call a function @@ -3728,14 +3728,14 @@ napi_status napi_call_function(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] recv`: The `this` object passed to the called function. -- `[in] func`: `napi_value` representing the JavaScript function +* `[in] env`: The environment that the API is invoked under. +* `[in] recv`: The `this` object passed to the called function. +* `[in] func`: `napi_value` representing the JavaScript function to be invoked. -- `[in] argc`: The count of elements in the `argv` array. -- `[in] argv`: Array of `napi_values` representing JavaScript values passed +* `[in] argc`: The count of elements in the `argv` array. +* `[in] argv`: Array of `napi_values` representing JavaScript values passed in as arguments to the function. -- `[out] result`: `napi_value` representing the JavaScript object returned. +* `[out] result`: `napi_value` representing the JavaScript object returned. Returns `napi_ok` if the API succeeded. @@ -3798,16 +3798,16 @@ napi_status napi_create_function(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] utf8Name`: The name of the function encoded as UTF8. This is visible +* `[in] env`: The environment that the API is invoked under. +* `[in] utf8Name`: The name of the function encoded as UTF8. This is visible within JavaScript as the new function object's `name` property. -- `[in] length`: The length of the `utf8name` in bytes, or +* `[in] length`: The length of the `utf8name` in bytes, or `NAPI_AUTO_LENGTH` if it is null-terminated. -- `[in] cb`: The native function which should be called when this function +* `[in] cb`: The native function which should be called when this function object is invoked. -- `[in] data`: User-provided data context. This will be passed back into the +* `[in] data`: User-provided data context. This will be passed back into the function when invoked later. -- `[out] result`: `napi_value` representing the JavaScript function object for +* `[out] result`: `napi_value` representing the JavaScript function object for the newly created function. Returns `napi_ok` if the API succeeded. @@ -3880,17 +3880,17 @@ napi_status napi_get_cb_info(napi_env env, void** data) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] cbinfo`: The callback info passed into the callback function. -- `[in-out] argc`: Specifies the size of the provided `argv` array +* `[in] env`: The environment that the API is invoked under. +* `[in] cbinfo`: The callback info passed into the callback function. +* `[in-out] argc`: Specifies the size of the provided `argv` array and receives the actual count of arguments. -- `[out] argv`: Buffer to which the `napi_value` representing the +* `[out] argv`: Buffer to which the `napi_value` representing the arguments are copied. If there are more arguments than the provided count, only the requested number of arguments are copied. If there are fewer arguments provided than claimed, the rest of `argv` is filled with `napi_value` values that represent `undefined`. -- `[out] this`: Receives the JavaScript `this` argument for the call. -- `[out] data`: Receives the data pointer for the callback. +* `[out] this`: Receives the JavaScript `this` argument for the call. +* `[out] data`: Receives the data pointer for the callback. Returns `napi_ok` if the API succeeded. @@ -3909,9 +3909,9 @@ napi_status napi_get_new_target(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] cbinfo`: The callback info passed into the callback function. -- `[out] result`: The `new.target` of the constructor call. +* `[in] env`: The environment that the API is invoked under. +* `[in] cbinfo`: The callback info passed into the callback function. +* `[out] result`: The `new.target` of the constructor call. Returns `napi_ok` if the API succeeded. @@ -3932,13 +3932,13 @@ napi_status napi_new_instance(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] cons`: `napi_value` representing the JavaScript function +* `[in] env`: The environment that the API is invoked under. +* `[in] cons`: `napi_value` representing the JavaScript function to be invoked as a constructor. -- `[in] argc`: The count of elements in the `argv` array. -- `[in] argv`: Array of JavaScript values as `napi_value` +* `[in] argc`: The count of elements in the `argv` array. +* `[in] argv`: Array of JavaScript values as `napi_value` representing the arguments to the constructor. -- `[out] result`: `napi_value` representing the JavaScript object returned, +* `[out] result`: `napi_value` representing the JavaScript object returned, which in this case is the constructed object. This method is used to instantiate a new JavaScript value using a given @@ -4032,34 +4032,34 @@ napi_status napi_define_class(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] utf8name`: Name of the JavaScript constructor function; this is +* `[in] env`: The environment that the API is invoked under. +* `[in] utf8name`: Name of the JavaScript constructor function; this is not required to be the same as the C++ class name, though it is recommended for clarity. -- `[in] length`: The length of the `utf8name` in bytes, or `NAPI_AUTO_LENGTH` +* `[in] length`: The length of the `utf8name` in bytes, or `NAPI_AUTO_LENGTH` if it is null-terminated. -- `[in] constructor`: Callback function that handles constructing instances +* `[in] constructor`: Callback function that handles constructing instances of the class. (This should be a static method on the class, not an actual C++ constructor function.) -- `[in] data`: Optional data to be passed to the constructor callback as +* `[in] data`: Optional data to be passed to the constructor callback as the `data` property of the callback info. -- `[in] property_count`: Number of items in the `properties` array argument. -- `[in] properties`: Array of property descriptors describing static and +* `[in] property_count`: Number of items in the `properties` array argument. +* `[in] properties`: Array of property descriptors describing static and instance data properties, accessors, and methods on the class See `napi_property_descriptor`. -- `[out] result`: A `napi_value` representing the constructor function for +* `[out] result`: A `napi_value` representing the constructor function for the class. Returns `napi_ok` if the API succeeded. Defines a JavaScript class that corresponds to a C++ class, including: -- A JavaScript constructor function that has the class name and invokes the +* A JavaScript constructor function that has the class name and invokes the provided C++ constructor callback. -- Properties on the constructor function corresponding to _static_ data +* Properties on the constructor function corresponding to _static_ data properties, accessors, and methods of the C++ class (defined by property descriptors with the `napi_static` attribute). -- Properties on the constructor function's `prototype` object corresponding to +* Properties on the constructor function's `prototype` object corresponding to _non-static_ data properties, accessors, and methods of the C++ class (defined by property descriptors without the `napi_static` attribute). @@ -4095,16 +4095,16 @@ napi_status napi_wrap(napi_env env, napi_ref* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] js_object`: The JavaScript object that will be the wrapper for the +* `[in] env`: The environment that the API is invoked under. +* `[in] js_object`: The JavaScript object that will be the wrapper for the native object. -- `[in] native_object`: The native instance that will be wrapped in the +* `[in] native_object`: The native instance that will be wrapped in the JavaScript object. -- `[in] finalize_cb`: Optional native callback that can be used to free the +* `[in] finalize_cb`: Optional native callback that can be used to free the native instance when the JavaScript object is ready for garbage-collection. -- `[in] finalize_hint`: Optional contextual hint that is passed to the +* `[in] finalize_hint`: Optional contextual hint that is passed to the finalize callback. -- `[out] result`: Optional reference to the wrapped object. +* `[out] result`: Optional reference to the wrapped object. Returns `napi_ok` if the API succeeded. @@ -4149,9 +4149,9 @@ napi_status napi_unwrap(napi_env env, void** result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] js_object`: The object associated with the native instance. -- `[out] result`: Pointer to the wrapped native instance. +* `[in] env`: The environment that the API is invoked under. +* `[in] js_object`: The object associated with the native instance. +* `[out] result`: Pointer to the wrapped native instance. Returns `napi_ok` if the API succeeded. @@ -4176,9 +4176,9 @@ napi_status napi_remove_wrap(napi_env env, void** result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] js_object`: The object associated with the native instance. -- `[out] result`: Pointer to the wrapped native instance. +* `[in] env`: The environment that the API is invoked under. +* `[in] js_object`: The object associated with the native instance. +* `[out] result`: Pointer to the wrapped native instance. Returns `napi_ok` if the API succeeded. @@ -4202,16 +4202,16 @@ napi_status napi_add_finalizer(napi_env env, napi_ref* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] js_object`: The JavaScript object to which the native data will be +* `[in] env`: The environment that the API is invoked under. +* `[in] js_object`: The JavaScript object to which the native data will be attached. -- `[in] native_object`: The native data that will be attached to the JavaScript +* `[in] native_object`: The native data that will be attached to the JavaScript object. -- `[in] finalize_cb`: Native callback that will be used to free the +* `[in] finalize_cb`: Native callback that will be used to free the native data when the JavaScript object is ready for garbage-collection. -- `[in] finalize_hint`: Optional contextual hint that is passed to the +* `[in] finalize_hint`: Optional contextual hint that is passed to the finalize callback. -- `[out] result`: Optional reference to the JavaScript object. +* `[out] result`: Optional reference to the JavaScript object. Returns `napi_ok` if the API succeeded. @@ -4306,20 +4306,20 @@ napi_status napi_create_async_work(napi_env env, napi_async_work* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] async_resource`: An optional object associated with the async work +* `[in] env`: The environment that the API is invoked under. +* `[in] async_resource`: An optional object associated with the async work that will be passed to possible `async_hooks` [`init` hooks][]. -- `[in] async_resource_name`: Identifier for the kind of resource that is +* `[in] async_resource_name`: Identifier for the kind of resource that is being provided for diagnostic information exposed by the `async_hooks` API. -- `[in] execute`: The native function which should be called to execute +* `[in] execute`: The native function which should be called to execute the logic asynchronously. The given function is called from a worker pool thread and can execute in parallel with the main event loop thread. -- `[in] complete`: The native function which will be called when the +* `[in] complete`: The native function which will be called when the asynchronous logic is completed or is cancelled. The given function is called from the main event loop thread. -- `[in] data`: User-provided data context. This will be passed back into the +* `[in] data`: User-provided data context. This will be passed back into the execute and complete functions. -- `[out] result`: `napi_async_work*` which is the handle to the newly created +* `[out] result`: `napi_async_work*` which is the handle to the newly created async work. Returns `napi_ok` if the API succeeded. @@ -4346,8 +4346,8 @@ napi_status napi_delete_async_work(napi_env env, napi_async_work work); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] work`: The handle returned by the call to `napi_create_async_work`. +* `[in] env`: The environment that the API is invoked under. +* `[in] work`: The handle returned by the call to `napi_create_async_work`. Returns `napi_ok` if the API succeeded. @@ -4366,8 +4366,8 @@ napi_status napi_queue_async_work(napi_env env, napi_async_work work); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] work`: The handle returned by the call to `napi_create_async_work`. +* `[in] env`: The environment that the API is invoked under. +* `[in] work`: The handle returned by the call to `napi_create_async_work`. Returns `napi_ok` if the API succeeded. @@ -4386,8 +4386,8 @@ napi_status napi_cancel_async_work(napi_env env, napi_async_work work); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] work`: The handle returned by the call to `napi_create_async_work`. +* `[in] env`: The environment that the API is invoked under. +* `[in] work`: The handle returned by the call to `napi_create_async_work`. Returns `napi_ok` if the API succeeded. @@ -4419,13 +4419,13 @@ napi_status napi_async_init(napi_env env, napi_async_context* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] async_resource`: An optional object associated with the async work +* `[in] env`: The environment that the API is invoked under. +* `[in] async_resource`: An optional object associated with the async work that will be passed to possible `async_hooks` [`init` hooks][]. -- `[in] async_resource_name`: Identifier for the kind of resource +* `[in] async_resource_name`: Identifier for the kind of resource that is being provided for diagnostic information exposed by the `async_hooks` API. -- `[out] result`: The initialized async context. +* `[out] result`: The initialized async context. Returns `napi_ok` if the API succeeded. @@ -4440,8 +4440,8 @@ napi_status napi_async_destroy(napi_env env, napi_async_context async_context); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] async_context`: The async context to be destroyed. +* `[in] env`: The environment that the API is invoked under. +* `[in] async_context`: The async context to be destroyed. Returns `napi_ok` if the API succeeded. @@ -4466,19 +4466,19 @@ napi_status napi_make_callback(napi_env env, napi_value* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] async_context`: Context for the async operation that is +* `[in] env`: The environment that the API is invoked under. +* `[in] async_context`: Context for the async operation that is invoking the callback. This should normally be a value previously obtained from [`napi_async_init`][]. However `NULL` is also allowed, which indicates the current async context (if any) is to be used for the callback. -- `[in] recv`: The `this` object passed to the called function. -- `[in] func`: `napi_value` representing the JavaScript function +* `[in] recv`: The `this` object passed to the called function. +* `[in] func`: `napi_value` representing the JavaScript function to be invoked. -- `[in] argc`: The count of elements in the `argv` array. -- `[in] argv`: Array of JavaScript values as `napi_value` +* `[in] argc`: The count of elements in the `argv` array. +* `[in] argv`: Array of JavaScript values as `napi_value` representing the arguments to the function. -- `[out] result`: `napi_value` representing the JavaScript object returned. +* `[out] result`: `napi_value` representing the JavaScript object returned. Returns `napi_ok` if the API succeeded. @@ -4508,13 +4508,13 @@ NAPI_EXTERN napi_status napi_open_callback_scope(napi_env env, napi_callback_scope* result) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] resource_object`: An object associated with the async work +* `[in] env`: The environment that the API is invoked under. +* `[in] resource_object`: An object associated with the async work that will be passed to possible `async_hooks` [`init` hooks][]. -- `[in] context`: Context for the async operation that is +* `[in] context`: Context for the async operation that is invoking the callback. This should be a value previously obtained from [`napi_async_init`][]. -- `[out] result`: The newly created scope. +* `[out] result`: The newly created scope. There are cases (for example, resolving promises) where it is necessary to have the equivalent of the scope associated with a callback @@ -4534,8 +4534,8 @@ NAPI_EXTERN napi_status napi_close_callback_scope(napi_env env, napi_callback_scope scope) ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] scope`: The scope to be closed. +* `[in] env`: The environment that the API is invoked under. +* `[in] scope`: The scope to be closed. This API can be called even if there is a pending JavaScript exception. @@ -4559,8 +4559,8 @@ napi_status napi_get_node_version(napi_env env, const napi_node_version** version); ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] version`: A pointer to version information for Node.js itself. +* `[in] env`: The environment that the API is invoked under. +* `[out] version`: A pointer to version information for Node.js itself. Returns `napi_ok` if the API succeeded. @@ -4581,8 +4581,8 @@ napi_status napi_get_version(napi_env env, uint32_t* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] result`: The highest version of N-API supported. +* `[in] env`: The environment that the API is invoked under. +* `[out] result`: The highest version of N-API supported. Returns `napi_ok` if the API succeeded. @@ -4614,10 +4614,10 @@ NAPI_EXTERN napi_status napi_adjust_external_memory(napi_env env, int64_t* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] change_in_bytes`: The change in externally allocated memory that is +* `[in] env`: The environment that the API is invoked under. +* `[in] change_in_bytes`: The change in externally allocated memory that is kept alive by JavaScript objects. -- `[out] result`: The adjusted value +* `[out] result`: The adjusted value Returns `napi_ok` if the API succeeded. @@ -4697,11 +4697,11 @@ napi_status napi_create_promise(napi_env env, napi_value* promise); ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] deferred`: A newly created deferred object which can later be passed to +* `[in] env`: The environment that the API is invoked under. +* `[out] deferred`: A newly created deferred object which can later be passed to `napi_resolve_deferred()` or `napi_reject_deferred()` to resolve resp. reject the associated promise. -- `[out] promise`: The JavaScript promise associated with the deferred object. +* `[out] promise`: The JavaScript promise associated with the deferred object. Returns `napi_ok` if the API succeeded. @@ -4719,9 +4719,9 @@ napi_status napi_resolve_deferred(napi_env env, napi_value resolution); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] deferred`: The deferred object whose associated promise to resolve. -- `[in] resolution`: The value with which to resolve the promise. +* `[in] env`: The environment that the API is invoked under. +* `[in] deferred`: The deferred object whose associated promise to resolve. +* `[in] resolution`: The value with which to resolve the promise. This API resolves a JavaScript promise by way of the deferred object with which it is associated. Thus, it can only be used to resolve JavaScript @@ -4744,9 +4744,9 @@ napi_status napi_reject_deferred(napi_env env, napi_value rejection); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] deferred`: The deferred object whose associated promise to resolve. -- `[in] rejection`: The value with which to reject the promise. +* `[in] env`: The environment that the API is invoked under. +* `[in] deferred`: The deferred object whose associated promise to resolve. +* `[in] rejection`: The value with which to reject the promise. This API rejects a JavaScript promise by way of the deferred object with which it is associated. Thus, it can only be used to reject JavaScript @@ -4769,9 +4769,9 @@ napi_status napi_is_promise(napi_env env, bool* is_promise); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] promise`: The promise to examine -- `[out] is_promise`: Flag indicating whether `promise` is a native promise +* `[in] env`: The environment that the API is invoked under. +* `[in] promise`: The promise to examine +* `[out] is_promise`: Flag indicating whether `promise` is a native promise object - that is, a promise object created by the underlying engine. ## Script execution @@ -4791,9 +4791,9 @@ NAPI_EXTERN napi_status napi_run_script(napi_env env, napi_value* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] script`: A JavaScript string containing the script to execute. -- `[out] result`: The value resulting from having executed the script. +* `[in] env`: The environment that the API is invoked under. +* `[in] script`: A JavaScript string containing the script to execute. +* `[out] result`: The value resulting from having executed the script. ## libuv event loop @@ -4813,8 +4813,8 @@ NAPI_EXTERN napi_status napi_get_uv_event_loop(napi_env env, uv_loop_t** loop); ``` -- `[in] env`: The environment that the API is invoked under. -- `[out] loop`: The current libuv loop instance. +* `[in] env`: The environment that the API is invoked under. +* `[out] loop`: The current libuv loop instance. @@ -4951,27 +4951,27 @@ napi_create_threadsafe_function(napi_env env, napi_threadsafe_function* result); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] func`: An optional JavaScript function to call from another thread. +* `[in] env`: The environment that the API is invoked under. +* `[in] func`: An optional JavaScript function to call from another thread. It must be provided if `NULL` is passed to `call_js_cb`. -- `[in] async_resource`: An optional object associated with the async work that +* `[in] async_resource`: An optional object associated with the async work that will be passed to possible `async_hooks` [`init` hooks][]. -- `[in] async_resource_name`: A JavaScript string to provide an identifier for +* `[in] async_resource_name`: A JavaScript string to provide an identifier for the kind of resource that is being provided for diagnostic information exposed by the `async_hooks` API. -- `[in] max_queue_size`: Maximum size of the queue. `0` for no limit. -- `[in] initial_thread_count`: The initial number of threads, including the main +* `[in] max_queue_size`: Maximum size of the queue. `0` for no limit. +* `[in] initial_thread_count`: The initial number of threads, including the main thread, which will be making use of this function. -- `[in] thread_finalize_data`: Optional data to be passed to `thread_finalize_cb`. -- `[in] thread_finalize_cb`: Optional function to call when the +* `[in] thread_finalize_data`: Optional data to be passed to `thread_finalize_cb`. +* `[in] thread_finalize_cb`: Optional function to call when the `napi_threadsafe_function` is being destroyed. -- `[in] context`: Optional data to attach to the resulting +* `[in] context`: Optional data to attach to the resulting `napi_threadsafe_function`. -- `[in] call_js_cb`: Optional callback which calls the JavaScript function in +* `[in] call_js_cb`: Optional callback which calls the JavaScript function in response to a call on a different thread. This callback will be called on the main thread. If not given, the JavaScript function will be called with no parameters and with `undefined` as its `this` value. -- `[out] result`: The asynchronous thread-safe JavaScript function. +* `[out] result`: The asynchronous thread-safe JavaScript function. ### napi_get_threadsafe_function_context @@ -4986,8 +4986,8 @@ napi_get_threadsafe_function_context(napi_threadsafe_function func, void** result); ``` -- `[in] func`: The thread-safe function for which to retrieve the context. -- `[out] result`: The location where to store the context. +* `[in] func`: The thread-safe function for which to retrieve the context. +* `[out] result`: The location where to store the context. This API may be called from any thread which makes use of `func`. @@ -5005,10 +5005,10 @@ napi_call_threadsafe_function(napi_threadsafe_function func, napi_threadsafe_function_call_mode is_blocking); ``` -- `[in] func`: The asynchronous thread-safe JavaScript function to invoke. -- `[in] data`: Data to send into JavaScript via the callback `call_js_cb` +* `[in] func`: The asynchronous thread-safe JavaScript function to invoke. +* `[in] data`: Data to send into JavaScript via the callback `call_js_cb` provided during the creation of the thread-safe JavaScript function. -- `[in] is_blocking`: Flag whose value can be either `napi_tsfn_blocking` to +* `[in] is_blocking`: Flag whose value can be either `napi_tsfn_blocking` to indicate that the call should block if the queue is full or `napi_tsfn_nonblocking` to indicate that the call should return immediately with a status of `napi_queue_full` whenever the queue is full. @@ -5031,7 +5031,7 @@ NAPI_EXTERN napi_status napi_acquire_threadsafe_function(napi_threadsafe_function func); ``` -- `[in] func`: The asynchronous thread-safe JavaScript function to start making +* `[in] func`: The asynchronous thread-safe JavaScript function to start making use of. A thread should call this API before passing `func` to any other thread-safe @@ -5054,9 +5054,9 @@ napi_release_threadsafe_function(napi_threadsafe_function func, napi_threadsafe_function_release_mode mode); ``` -- `[in] func`: The asynchronous thread-safe JavaScript function whose reference +* `[in] func`: The asynchronous thread-safe JavaScript function whose reference count to decrement. -- `[in] mode`: Flag whose value can be either `napi_tsfn_release` to indicate +* `[in] mode`: Flag whose value can be either `napi_tsfn_release` to indicate that the current thread will make no further calls to the thread-safe function, or `napi_tsfn_abort` to indicate that in addition to the current thread, no other thread should make any further calls to the thread-safe function. If set @@ -5081,8 +5081,8 @@ NAPI_EXTERN napi_status napi_ref_threadsafe_function(napi_env env, napi_threadsafe_function func); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] func`: The thread-safe function to reference. +* `[in] env`: The environment that the API is invoked under. +* `[in] func`: The thread-safe function to reference. This API is used to indicate that the event loop running on the main thread should not exit until `func` has been destroyed. Similar to [`uv_ref`][] it is @@ -5102,8 +5102,8 @@ NAPI_EXTERN napi_status napi_unref_threadsafe_function(napi_env env, napi_threadsafe_function func); ``` -- `[in] env`: The environment that the API is invoked under. -- `[in] func`: The thread-safe function to unreference. +* `[in] env`: The environment that the API is invoked under. +* `[in] func`: The thread-safe function to unreference. This API is used to indicate that the event loop running on the main thread may exit before `func` is destroyed. Similar to [`uv_unref`][] it is also diff --git a/doc/api/process.md b/doc/api/process.md index 778abbb903417d..3a414dad231357 100644 --- a/doc/api/process.md +++ b/doc/api/process.md @@ -511,16 +511,16 @@ environment variable. representations. `process.allowedNodeEnvironmentFlags.has()` will return `true` in the following cases: -- Flags may omit leading single (`-`) or double (`--`) dashes; e.g., +* Flags may omit leading single (`-`) or double (`--`) dashes; e.g., `inspect-brk` for `--inspect-brk`, or `r` for `-r`. -- Flags passed through to V8 (as listed in `--v8-options`) may replace +* Flags passed through to V8 (as listed in `--v8-options`) may replace one or more *non-leading* dashes for an underscore, or vice-versa; e.g., `--perf_basic_prof`, `--perf-basic-prof`, `--perf_basic-prof`, etc. -- Flags may contain one or more equals (`=`) characters; all +* Flags may contain one or more equals (`=`) characters; all characters after and including the first equals will be ignored; e.g., `--stack-trace-limit=100`. -- Flags *must* be allowable within [`NODE_OPTIONS`][]. +* Flags *must* be allowable within [`NODE_OPTIONS`][]. When iterating over `process.allowedNodeEnvironmentFlags`, flags will appear only *once*; each will begin with one or more dashes. Flags @@ -1680,9 +1680,9 @@ tarball. * `lts` {string} a string label identifying the [LTS][] label for this release. This property only exists for LTS releases and is `undefined` for all other release types, including _Current_ releases. Currently the valid values are: - - `'Argon'` for the 4.x LTS line beginning with 4.2.0. - - `'Boron'` for the 6.x LTS line beginning with 6.9.0. - - `'Carbon'` for the 8.x LTS line beginning with 8.9.1. + * `'Argon'` for the 4.x LTS line beginning with 4.2.0. + * `'Boron'` for the 6.x LTS line beginning with 6.9.0. + * `'Carbon'` for the 8.x LTS line beginning with 8.9.1. ```js @@ -2178,9 +2178,9 @@ important ways: respectively. 2. Writes may be synchronous depending on what the stream is connected to and whether the system is Windows or POSIX: - - Files: *synchronous* on Windows and POSIX - - TTYs (Terminals): *asynchronous* on Windows, *synchronous* on POSIX - - Pipes (and sockets): *synchronous* on Windows, *asynchronous* on POSIX + * Files: *synchronous* on Windows and POSIX + * TTYs (Terminals): *asynchronous* on Windows, *synchronous* on POSIX + * Pipes (and sockets): *synchronous* on Windows, *asynchronous* on POSIX These behaviors are partly for historical reasons, as changing them would create backwards incompatibility, but they are also expected by some users. diff --git a/doc/api/repl.md b/doc/api/repl.md index 75be841490ef66..573fbb6af422a6 100644 --- a/doc/api/repl.md +++ b/doc/api/repl.md @@ -601,16 +601,16 @@ undefined Various behaviors of the Node.js REPL can be customized using the following environment variables: -- `NODE_REPL_HISTORY` - When a valid path is given, persistent REPL history +* `NODE_REPL_HISTORY` - When a valid path is given, persistent REPL history will be saved to the specified file rather than `.node_repl_history` in the user's home directory. Setting this value to `''` (an empty string) will disable persistent REPL history. Whitespace will be trimmed from the value. On Windows platforms environment variables with empty values are invalid so set this variable to one or more spaces to disable persistent REPL history. -- `NODE_REPL_HISTORY_SIZE` - Controls how many lines of history will be +* `NODE_REPL_HISTORY_SIZE` - Controls how many lines of history will be persisted if history is available. Must be a positive number. **Default:** `1000`. -- `NODE_REPL_MODE` - May be either `'sloppy'` or `'strict'`. **Default:** +* `NODE_REPL_MODE` - May be either `'sloppy'` or `'strict'`. **Default:** `'sloppy'`, which will allow non-strict mode code to be run. ### Persistent History diff --git a/doc/api/tls.md b/doc/api/tls.md index 936cc1c027996c..34f7aecca8475f 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -317,11 +317,11 @@ on the format, see the OpenSSL [cipher list format][] documentation. There are only 5 TLSv1.3 cipher suites: -- `'TLS_AES_256_GCM_SHA384'` -- `'TLS_CHACHA20_POLY1305_SHA256'` -- `'TLS_AES_128_GCM_SHA256'` -- `'TLS_AES_128_CCM_SHA256'` -- `'TLS_AES_128_CCM_8_SHA256'` +* `'TLS_AES_256_GCM_SHA384'` +* `'TLS_CHACHA20_POLY1305_SHA256'` +* `'TLS_AES_128_GCM_SHA256'` +* `'TLS_AES_128_CCM_SHA256'` +* `'TLS_AES_128_CCM_8_SHA256'` The first 3 are enabled by default. The last 2 `CCM`-based suites are supported by TLSv1.3 because they may be more performant on constrained systems, but they diff --git a/doc/api/vm.md b/doc/api/vm.md index cd0d3077e47d74..18ebd10a63c685 100644 --- a/doc/api/vm.md +++ b/doc/api/vm.md @@ -520,9 +520,9 @@ This must be called after the module has been instantiated; otherwise it will throw an error. It could be called also when the module has already been evaluated, in which case it will do one of the following two things: -- return `undefined` if the initial evaluation ended in success (`module.status` +* return `undefined` if the initial evaluation ended in success (`module.status` is `'evaluated'`) -- rethrow the same exception the initial evaluation threw if the initial +* rethrow the same exception the initial evaluation threw if the initial evaluation ended in an error (`module.status` is `'errored'`) This method cannot be called while the module is being evaluated @@ -570,8 +570,8 @@ The function is expected to return a `Module` object or a `Promise` that eventually resolves to a `Module` object. The returned `Module` must satisfy the following two invariants: -- It must belong to the same context as the parent `Module`. -- Its `linkingStatus` must not be `'errored'`. +* It must belong to the same context as the parent `Module`. +* Its `linkingStatus` must not be `'errored'`. If the returned `Module`'s `linkingStatus` is `'unlinked'`, this method will be recursively called on the returned `Module` with the same provided `linker` @@ -585,9 +585,9 @@ The linker function roughly corresponds to the implementation-defined [HostResolveImportedModule][] abstract operation in the ECMAScript specification, with a few key differences: -- The linker function is allowed to be asynchronous while +* The linker function is allowed to be asynchronous while [HostResolveImportedModule][] is synchronous. -- The linker function is executed during linking, a Node.js-specific stage +* The linker function is executed during linking, a Node.js-specific stage before instantiation, while [HostResolveImportedModule][] is called during instantiation. @@ -603,12 +603,12 @@ specification. The current linking status of `module`. It will be one of the following values: -- `'unlinked'`: `module.link()` has not yet been called. -- `'linking'`: `module.link()` has been called, but not all Promises returned by +* `'unlinked'`: `module.link()` has not yet been called. +* `'linking'`: `module.link()` has been called, but not all Promises returned by the linker function have been resolved yet. -- `'linked'`: `module.link()` has been called, and all its dependencies have +* `'linked'`: `module.link()` has been called, and all its dependencies have been successfully linked. -- `'errored'`: `module.link()` has been called, but at least one of its +* `'errored'`: `module.link()` has been called, but at least one of its dependencies failed to link, either because the callback returned a `Promise` that is rejected, or because the `Module` the callback returned is invalid. @@ -628,28 +628,28 @@ specification. The current status of the module. Will be one of: -- `'uninstantiated'`: The module is not instantiated. It may because of any of +* `'uninstantiated'`: The module is not instantiated. It may because of any of the following reasons: - - The module was just created. - - `module.instantiate()` has been called on this module, but it failed for + * The module was just created. + * `module.instantiate()` has been called on this module, but it failed for some reason. This status does not convey any information regarding if `module.link()` has been called. See `module.linkingStatus` for that. -- `'instantiating'`: The module is currently being instantiated through a +* `'instantiating'`: The module is currently being instantiated through a `module.instantiate()` call on itself or a parent module. -- `'instantiated'`: The module has been instantiated successfully, but +* `'instantiated'`: The module has been instantiated successfully, but `module.evaluate()` has not yet been called. -- `'evaluating'`: The module is being evaluated through a `module.evaluate()` on +* `'evaluating'`: The module is being evaluated through a `module.evaluate()` on itself or a parent module. -- `'evaluated'`: The module has been successfully evaluated. +* `'evaluated'`: The module has been successfully evaluated. -- `'errored'`: The module has been evaluated, but an exception was thrown. +* `'errored'`: The module has been evaluated, but an exception was thrown. Other than `'errored'`, this status string corresponds to the specification's [Source Text Module Record][]'s `[[Status]]` field. `'errored'` corresponds to diff --git a/doc/api/worker_threads.md b/doc/api/worker_threads.md index 99aa276f5859ca..023d41db2964d7 100644 --- a/doc/api/worker_threads.md +++ b/doc/api/worker_threads.md @@ -304,13 +304,13 @@ the [HTML structured clone algorithm][]. In particular, the significant differences to `JSON` are: -- `value` may contain circular references. -- `value` may contain instances of builtin JS types such as `RegExp`s, +* `value` may contain circular references. +* `value` may contain instances of builtin JS types such as `RegExp`s, `BigInt`s, `Map`s, `Set`s, etc. -- `value` may contain typed arrays, both using `ArrayBuffer`s +* `value` may contain typed arrays, both using `ArrayBuffer`s and `SharedArrayBuffer`s. -- `value` may contain [`WebAssembly.Module`][] instances. -- `value` may not contain native (C++-backed) objects other than `MessagePort`s. +* `value` may contain [`WebAssembly.Module`][] instances. +* `value` may not contain native (C++-backed) objects other than `MessagePort`s. ```js const { MessageChannel } = require('worker_threads'); @@ -424,26 +424,26 @@ Most Node.js APIs are available inside of it. Notable differences inside a Worker environment are: -- The [`process.stdin`][], [`process.stdout`][] and [`process.stderr`][] +* The [`process.stdin`][], [`process.stdout`][] and [`process.stderr`][] may be redirected by the parent thread. -- The [`require('worker_threads').isMainThread`][] property is set to `false`. -- The [`require('worker_threads').parentPort`][] message port is available. -- [`process.exit()`][] does not stop the whole program, just the single thread, +* The [`require('worker_threads').isMainThread`][] property is set to `false`. +* The [`require('worker_threads').parentPort`][] message port is available. +* [`process.exit()`][] does not stop the whole program, just the single thread, and [`process.abort()`][] is not available. -- [`process.chdir()`][] and `process` methods that set group or user ids +* [`process.chdir()`][] and `process` methods that set group or user ids are not available. -- [`process.env`][] is a copy of the parent thread's environment variables, +* [`process.env`][] is a copy of the parent thread's environment variables, unless otherwise specified. Changes to one copy will not be visible in other threads, and will not be visible to native add-ons (unless [`worker.SHARE_ENV`][] has been passed as the `env` option to the [`Worker`][] constructor). -- [`process.title`][] cannot be modified. -- Signals will not be delivered through [`process.on('...')`][Signals events]. -- Execution may stop at any point as a result of [`worker.terminate()`][] +* [`process.title`][] cannot be modified. +* Signals will not be delivered through [`process.on('...')`][Signals events]. +* Execution may stop at any point as a result of [`worker.terminate()`][] being invoked. -- IPC channels from parent processes are not accessible. -- The [`trace_events`][] module is not supported. -- Native add-ons can only be loaded from multiple threads if they fulfill +* IPC channels from parent processes are not accessible. +* The [`trace_events`][] module is not supported. +* Native add-ons can only be loaded from multiple threads if they fulfill [certain conditions][Addons worker support]. Creating `Worker` instances inside of other `Worker`s is possible. diff --git a/doc/api/zlib.md b/doc/api/zlib.md index a2250ea3f648c0..de57a561c361a4 100644 --- a/doc/api/zlib.md +++ b/doc/api/zlib.md @@ -217,8 +217,8 @@ speed, at the cost of memory usage. There are equivalents to the zlib options for Brotli-based streams, although these options have different ranges than the zlib ones: -- zlib’s `level` option matches Brotli’s `BROTLI_PARAM_QUALITY` option. -- zlib’s `windowBits` option matches Brotli’s `BROTLI_PARAM_LGWIN` option. +* zlib’s `level` option matches Brotli’s `BROTLI_PARAM_QUALITY` option. +* zlib’s `windowBits` option matches Brotli’s `BROTLI_PARAM_LGWIN` option. See [below][Brotli parameters] for more details on Brotli-specific options. diff --git a/doc/changelogs/CHANGELOG_ARCHIVE.md b/doc/changelogs/CHANGELOG_ARCHIVE.md index f403042ff868e1..938f71abdbcc13 100644 --- a/doc/changelogs/CHANGELOG_ARCHIVE.md +++ b/doc/changelogs/CHANGELOG_ARCHIVE.md @@ -1013,9 +1013,9 @@ https://github.com/nodejs/node/commit/2c4eef0d972838c51999d32c0d251857a713dc18 https://github.com/nodejs/node/commit/c50c33e9397d7a0a8717e8ce7530572907c054ad * npm: Upgrade to v1.2.0 - - peerDependencies (Domenic Denicola) - - node-gyp v0.8.2 (Nathan Rajlich) - - Faster installs from github user/project shorthands (Nathan Zadoks) + * peerDependencies (Domenic Denicola) + * node-gyp v0.8.2 (Nathan Rajlich) + * Faster installs from github user/project shorthands (Nathan Zadoks) * typed arrays: fix 32 bit size/index overflow (Ben Noordhuis) * http: Improve performance of single-packet responses (Ben Noordhuis) @@ -1279,10 +1279,10 @@ https://github.com/nodejs/node/commit/2134aa3d5c622fc3c3b02ccb713fcde0e0df479a * V8: upgrade to v3.11.10.12 * npm: upgrade to v1.1.33 - - Support for parallel use of the cache folder - - Retry on registry timeouts or network failures (Trent Mick) - - Reduce 'engines' failures to a warning - - Use new zsh completion if available (Jeremy Cantrell) + * Support for parallel use of the cache folder + * Retry on registry timeouts or network failures (Trent Mick) + * Reduce 'engines' failures to a warning + * Use new zsh completion if available (Jeremy Cantrell) * Fix [#3577](https://github.com/joyent/node/issues/3577) Un-break require('sys') * util: speed up formatting of large arrays/objects (Ben Noordhuis) @@ -1323,13 +1323,13 @@ https://github.com/nodejs/node/commit/8b8a7a7f9b41e74e1e810d0330738ad06fc302ec https://github.com/nodejs/node/commit/a72120190a8ffdbcd3d6ad2a2e6ceecd2087111e * npm: Upgrade to 1.1.30 - - Improved 'npm init' - - Fix the 'cb never called' error from 'oudated' and 'update' - - Add --save-bundle|-B config - - Fix isaacs/npm[#2465](https://github.com/joyent/node/issues/2465): Make npm script and windows shims cygwin-aware - - Fix isaacs/npm[#2452](https://github.com/joyent/node/issues/2452) Use --save(-dev|-optional) in npm rm - - `logstream` option to replace removed `logfd` (Rod Vagg) - - Read default descriptions from README.md files + * Improved 'npm init' + * Fix the 'cb never called' error from 'oudated' and 'update' + * Add --save-bundle|-B config + * Fix isaacs/npm[#2465](https://github.com/joyent/node/issues/2465): Make npm script and windows shims cygwin-aware + * Fix isaacs/npm[#2452](https://github.com/joyent/node/issues/2452) Use --save(-dev|-optional) in npm rm + * `logstream` option to replace removed `logfd` (Rod Vagg) + * Read default descriptions from README.md files * Shims to support deprecated ev_* and eio_* methods (Ben Noordhuis) * [#3118](https://github.com/joyent/node/issues/3118) net.Socket: Delay pause/resume until after connect (isaacs) @@ -1390,9 +1390,9 @@ https://github.com/nodejs/node/commit/8d9766a9dfb1eea901219d2a865ce9300fe4d68e * child_process: new stdio API for .spawn() method (Fedor Indutny) * child_process: spawn().ref() and spawn().unref() (Fedor Indutny) * Upgrade npm to 1.1.25 - - Enable npm link on windows - - Properly remove sh-shim on Windows - - Abstract out registry client and logger + * Enable npm link on windows + * Properly remove sh-shim on Windows + * Abstract out registry client and logger ## 2012.05.28, Version 0.7.9 (unstable) @@ -1477,11 +1477,11 @@ https://github.com/nodejs/node/commit/f06abda6f58e517349d1b63a2cbf5a8d04a03505 * Upgrade v8 to 3.9.17 * Upgrade npm to 1.1.8 - - Add support for os/cpu fields in package.json (Adam Blackburn) - - Automatically node-gyp packages containing a binding.gyp - - Fix failures unpacking in UNC shares - - Never create un-listable directories - - Handle cases where an optionalDependency fails to build + * Add support for os/cpu fields in package.json (Adam Blackburn) + * Automatically node-gyp packages containing a binding.gyp + * Fix failures unpacking in UNC shares + * Never create un-listable directories + * Handle cases where an optionalDependency fails to build * events: newListener emit correct fn when using 'once' (Roly Fentanes) * url: Ignore empty port component (Łukasz Walukiewicz) @@ -1696,12 +1696,12 @@ https://github.com/nodejs/node/commit/e513ffef7549a56a5af728e1f0c2c0c8f290518a * Add UV_ENOSPC and mappings to it (Bert Belder) * http-parser: Fix response body is not read (koichik) * Upgrade npm to 1.1.12 - - upgrade node-gyp to 0.3.7 - - work around AV-locked directories on Windows - - Fix isaacs/npm[#2293](https://github.com/joyent/node/issues/2293) Don't try to 'uninstall' / - - Exclude symbolic links from packages. - - Fix isaacs/npm[#2275](https://github.com/joyent/node/issues/2275) Spurious 'unresolvable cycle' error. - - Exclude/include dot files as if they were normal files + * upgrade node-gyp to 0.3.7 + * work around AV-locked directories on Windows + * Fix isaacs/npm[#2293](https://github.com/joyent/node/issues/2293) Don't try to 'uninstall' / + * Exclude symbolic links from packages. + * Fix isaacs/npm[#2275](https://github.com/joyent/node/issues/2275) Spurious 'unresolvable cycle' error. + * Exclude/include dot files as if they were normal files ## 2012.03.15 Version 0.6.13 (stable) @@ -1714,15 +1714,15 @@ https://github.com/nodejs/node/commit/9f7f86b534f8556290eb8cad915984ff4ca54996 * Windows: include syscall in fs errors (Bert Belder) * Fix fs.watch ENOSYS on Linux kernel version mismatch (Ben Noordhuis) * Update npm to 1.1.9 - - upgrade node-gyp to 0.3.5 (Nathan Rajlich) - - Fix isaacs/npm[#2249](https://github.com/joyent/node/issues/2249) Add cache-max and cache-min configs - - Properly redirect across https/http registry requests - - log config usage if undefined key in set function (Kris Windham) - - Add support for os/cpu fields in package.json (Adam Blackburn) - - Automatically node-gyp packages containing a binding.gyp - - Fix failures unpacking in UNC shares - - Never create un-listable directories - - Handle cases where an optionalDependency fails to build + * upgrade node-gyp to 0.3.5 (Nathan Rajlich) + * Fix isaacs/npm[#2249](https://github.com/joyent/node/issues/2249) Add cache-max and cache-min configs + * Properly redirect across https/http registry requests + * log config usage if undefined key in set function (Kris Windham) + * Add support for os/cpu fields in package.json (Adam Blackburn) + * Automatically node-gyp packages containing a binding.gyp + * Fix failures unpacking in UNC shares + * Never create un-listable directories + * Handle cases where an optionalDependency fails to build ## 2012.03.02 Version 0.6.12 (stable) @@ -1744,13 +1744,13 @@ https://github.com/nodejs/node/commit/48a2d34cfe6b7e1c9d15202a4ef5e3c82d1fba35 * windows: fs: handle EOF in read (Brandon Philips) * windows: avoid IOCP short-circuit on non-ifs lsps (Igor Zinkovsky) * Upgrade npm to 1.1.4 (isaacs) - - windows fixes - - Bundle nested bundleDependencies properly - - install: support --save with url install targets - - shrinkwrap: behave properly with url-installed modules - - support installing uncompressed tars or single file modules from urls etc. - - don't run make clean on rebuild - - support HTTPS-over-HTTP proxy tunneling + * windows fixes + * Bundle nested bundleDependencies properly + * install: support --save with url install targets + * shrinkwrap: behave properly with url-installed modules + * support installing uncompressed tars or single file modules from urls etc. + * don't run make clean on rebuild + * support HTTPS-over-HTTP proxy tunneling ## 2012.02.17 Version 0.6.11 (stable) @@ -1774,9 +1774,9 @@ https://github.com/nodejs/node/commit/1eb1fe32250fc88cb5b0a97cddf3e02be02e3f4a * unix: don't flush tty on switch to raw mode (Ben Noordhuis) * windows: reset brightness when reverting to default text color (Bert Belder) * npm: update to 1.1.1 - - Update which, fstream, mkdirp, request, and rimraf - - Fix [#2123](https://github.com/joyent/node/issues/2123) Set path properly for lifecycle scripts on windows - - Mark the root as seen, so we don't recurse into it. Fixes [#1838](https://github.com/joyent/node/issues/1838). (Martin Cooper) + * Update which, fstream, mkdirp, request, and rimraf + * Fix [#2123](https://github.com/joyent/node/issues/2123) Set path properly for lifecycle scripts on windows + * Mark the root as seen, so we don't recurse into it. Fixes [#1838](https://github.com/joyent/node/issues/1838). (Martin Cooper) ## 2012.02.02, Version 0.6.10 (stable) @@ -1800,7 +1800,7 @@ https://github.com/nodejs/node/commit/051908e023f87894fa68f5b64d0b99a19a7db01e https://github.com/nodejs/node/commit/f19e20d33f57c4d2853aaea7d2724d44f3b0012f * dgram: Bring back missing functionality for Unix (Dan VerWeire, Roman Shtylman, Ben Noordhuis) - - Note: Windows UDP support not yet complete. + * Note: Windows UDP support not yet complete. * http: Fix parser memory leak (koichik) * zlib: Fix [#2365](https://github.com/joyent/node/issues/2365) crashes on invalid input (Nicolas LaCasse) @@ -2544,8 +2544,8 @@ https://github.com/nodejs/node/commit/e8aef84191bc2c1ba2bcaa54f30aabde7f03769b https://github.com/nodejs/node/commit/eb155ea6f6a6aa341aa8c731dca8da545c6a4008 * require() improvements (isaacs) - - understand package.json (isaacs) - - look for 'node_modules' dir + * understand package.json (isaacs) + * look for 'node_modules' dir * cmake fixes (Daniel Gröber) * http: fix buffer writes to outgoing messages (Russell Haering) @@ -2677,13 +2677,13 @@ https://github.com/nodejs/node/commit/4bb914bde9f3c2d6de00853353b6b8fc9c66143a * 'make lint' * oprofile support (./configure --oprofile) * Lots of bug fixes, including: - - Memory leak in ChildProcess:Spawn(). (Tom Hughes) - - buffer.slice(0, 0) - - Global variable leaks - - clearTimeouts calling multiple times (Michael W) - - utils.inspect's detection of circular structures (Tim Cooijmans) - - Apple's threaded write()s bug (Jorge Chamorro Bieling) - - Make sure raw mode is disabled when exiting a terminal-based REPL. + * Memory leak in ChildProcess:Spawn(). (Tom Hughes) + * buffer.slice(0, 0) + * Global variable leaks + * clearTimeouts calling multiple times (Michael W) + * utils.inspect's detection of circular structures (Tim Cooijmans) + * Apple's threaded write()s bug (Jorge Chamorro Bieling) + * Make sure raw mode is disabled when exiting a terminal-based REPL. (Brian White) * Deprecate process.compile, process.ENV @@ -2695,8 +2695,8 @@ https://github.com/nodejs/node/commit/4bb914bde9f3c2d6de00853353b6b8fc9c66143a https://github.com/nodejs/node/commit/ce9a54aa1fbf709dd30316af8a2f14d83150e947 * TLS improvements (Paul Querna) - - Centralize error handling in SecureStream - - Add SecurePair for handling of a ssl/tls stream. + * Centralize error handling in SecureStream + * Add SecurePair for handling of a ssl/tls stream. * New documentation organization (Micheil Smith) * allowHalfOpen TCP connections disabled by default. @@ -2725,9 +2725,9 @@ https://github.com/nodejs/node/commit/ce9a54aa1fbf709dd30316af8a2f14d83150e947 could not be written to the file in a single write() call. * new path.join behavior (isaacs) - - Express desired path.join behavior in tests. - - Update fs.realpath to reflect new path.join behavior - - Update url.resolve() to use new path.join behavior. + * Express desired path.join behavior in tests. + * Update fs.realpath to reflect new path.join behavior + * Update url.resolve() to use new path.join behavior. * API: Move process.binding('evals') to require('vm') * Fix V8 build on Cygwin (Bert Belder) @@ -2756,11 +2756,11 @@ https://github.com/nodejs/node/commit/1582cfebd6719b2d2373547994b3dca5c8c569c0 * HTTP trailers (Mark Nottingham) * http 100-continue support (Mark Nottingham) * Module system simplifications (Herbert Vojčík, isaacs, Tim-Smart) - - remove require.async - - remove registerExtension, add .extensions - - expose require.resolve - - expose require.cache - - require looks in node_modules folders + * remove require.async + * remove registerExtension, add .extensions + * expose require.resolve + * expose require.cache + * require looks in node_modules folders * Add --eval command line option (TJ Holowaychuk) * Commas last in sys.inspect @@ -3047,11 +3047,11 @@ https://github.com/nodejs/node/commit/311d7dee19034ff1c6bc9098c36973b8d687eaba https://github.com/nodejs/node/commit/07e64d45ffa1856e824c4fa6afd0442ba61d6fd8 * Merge writing of networking system (net2) - - New Buffer object for binary data. - - Support UNIX sockets, Pipes - - Uniform stream API - - Currently no SSL - - Legacy modules can be accessed at 'http_old' and 'tcp_old' + * New Buffer object for binary data. + * Support UNIX sockets, Pipes + * Uniform stream API + * Currently no SSL + * Legacy modules can be accessed at 'http_old' and 'tcp_old' * Replace udns with c-ares. (Krishna Rajendran) * New documentation system using Markdown and Ronn @@ -3099,8 +3099,8 @@ https://github.com/nodejs/node/commit/61c801413544a50000faa7f58376e9b33ba6254f https://github.com/nodejs/node/commit/39b63dfe1737d46a8c8818c92773ef181fd174b3 * API: - - Move process.watchFile into fs module - - Move process.inherits to sys + * Move process.watchFile into fs module + * Move process.inherits to sys * Improve Solaris port * tcp.Connection.prototype.write now returns boolean to indicate if @@ -3126,7 +3126,7 @@ https://github.com/nodejs/node/commit/39b63dfe1737d46a8c8818c92773ef181fd174b3 https://github.com/nodejs/node/commit/bb0d1e65e1671aaeb21fac186b066701da0bc33b * Major API Changes - - Promises removed. See + * Promises removed. See http://groups.google.com/group/nodejs/msg/426f3071f3eec16b http://groups.google.com/group/nodejs/msg/df199d233ff17efa The API for fs was @@ -3138,10 +3138,10 @@ https://github.com/nodejs/node/commit/bb0d1e65e1671aaeb21fac186b066701da0bc33b if (err) throw err; puts("/usr files: " + files); }); - - Synchronous fs operations exposed, use with care. - - tcp.Connection.prototype.readPause() and readResume() + * Synchronous fs operations exposed, use with care. + * tcp.Connection.prototype.readPause() and readResume() renamed to pause() and resume() - - http.ServerResponse.prototype.sendHeader() renamed to + * http.ServerResponse.prototype.sendHeader() renamed to writeHeader(). Now accepts reasonPhrase. * Compact garbage on idle. @@ -3159,20 +3159,20 @@ https://github.com/nodejs/node/commit/bb0d1e65e1671aaeb21fac186b066701da0bc33b https://github.com/nodejs/node/commit/87d5e5b316a4276bcf881f176971c1a237dcdc7a * Major API Changes - - Remove 'file' module - - require('posix') -----------------> require('fs') - - fs.cat ---------------------------> fs.readFile - - file.write -----------------------> fs.writeFile - - TCP 'receive' event --------------> 'data' - - TCP 'eof' event ------------------> 'end' - - TCP send() -----------------------> write() - - HTTP sendBody() ------------------> write() - - HTTP finish() --------------------> close() - - HTTP 'body' event ----------------> 'data' - - HTTP 'complete' event ------------> 'end' - - http.Client.prototype.close() (formerly finish()) no longer + * Remove 'file' module + * require('posix') -----------------> require('fs') + * fs.cat ---------------------------> fs.readFile + * file.write -----------------------> fs.writeFile + * TCP 'receive' event --------------> 'data' + * TCP 'eof' event ------------------> 'end' + * TCP send() -----------------------> write() + * HTTP sendBody() ------------------> write() + * HTTP finish() --------------------> close() + * HTTP 'body' event ----------------> 'data' + * HTTP 'complete' event ------------> 'end' + * http.Client.prototype.close() (formerly finish()) no longer takes an argument. Add the 'response' listener manually. - - Allow strings for the flag argument to fs.open + * Allow strings for the flag argument to fs.open ("r", "r+", "w", "w+", "a", "a+") * Added multiple arg support for sys.puts(), print(), etc. @@ -3257,9 +3257,9 @@ https://github.com/nodejs/node/commit/da00413196e432247346d9e587f8c78ce5ceb087 (Micheil Smith) * API: change some Promise behavior (Felix Geisendörfer) - - Removed Promise.cancel() - - Support late callback binding - - Make unhandled Promise errors throw an exception + * Removed Promise.cancel() + * Support late callback binding + * Make unhandled Promise errors throw an exception * Upgrade V8 to 2.0.6.1 * Solaris port (Erich Ocean) @@ -3428,16 +3428,16 @@ https://github.com/nodejs/node/commit/d1f69ef35dac810530df8249d523add168e09f03 https://github.com/nodejs/node/commit/726865af7bbafe58435986f4a193ff11c84e4bfe * API: Use CommonJS-style module requiring - - require("/sys.js") becomes require("sys") - - require("circle.js") becomes require("./circle") - - process.path.join() becomes require("path").join() - - __module becomes module + * require("/sys.js") becomes require("sys") + * require("circle.js") becomes require("./circle") + * process.path.join() becomes require("path").join() + * __module becomes module * API: Many namespacing changes - - Move node.\* into process.\* - - Move node.dns into module "dns" - - Move node.fs into module "posix" - - process is no longer the global object. GLOBAL is. + * Move node.\* into process.\* + * Move node.dns into module "dns" + * Move node.fs into module "posix" + * process is no longer the global object. GLOBAL is. For more information on the API changes see: http://thread.gmane.org/gmane.comp.lang.javascript.nodejs/6 diff --git a/doc/changelogs/CHANGELOG_IOJS.md b/doc/changelogs/CHANGELOG_IOJS.md index 34e5d8d55991f4..658a92258ef0a0 100644 --- a/doc/changelogs/CHANGELOG_IOJS.md +++ b/doc/changelogs/CHANGELOG_IOJS.md @@ -330,15 +330,15 @@ See https://github.com/nodejs/io.js/labels/confirmed-bug for complete and curren * **buffer**: Fixed a couple large memory leaks (Ben Noordhuis) [#2352](https://github.com/nodejs/node/pull/2352). * **crypto**: - - Fixed a couple of minor memory leaks (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375). - - Signing now checks for OpenSSL errors (Minqi Pan) [#2342](https://github.com/nodejs/node/pull/2342). **Note that this may expose previously hidden errors in user code.** + * Fixed a couple of minor memory leaks (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375). + * Signing now checks for OpenSSL errors (Minqi Pan) [#2342](https://github.com/nodejs/node/pull/2342). **Note that this may expose previously hidden errors in user code.** * **intl**: Intl support using small-icu is now enabled by default in builds (Steven R. Loomis) [#2264](https://github.com/nodejs/node/pull/2264). - - [`String#normalize()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/normalize) can now be used for unicode normalization. - - The [`Intl`](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/Intl) object and various `String` and `Number` methods are present, but only support the English locale. - - For support of all locales, node must be built with [full-icu](https://github.com/nodejs/node#build-with-full-icu-support-all-locales-supported-by-icu). + * [`String#normalize()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/normalize) can now be used for unicode normalization. + * The [`Intl`](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/Intl) object and various `String` and `Number` methods are present, but only support the English locale. + * For support of all locales, node must be built with [full-icu](https://github.com/nodejs/node#build-with-full-icu-support-all-locales-supported-by-icu). * **tls**: Fixed tls throughput being much lower after an incorrect merge (Fedor Indutny) [#2381](https://github.com/nodejs/node/pull/2381). * **tools**: The v8 tick processor now comes bundled with node (Matt Loring) [#2090](https://github.com/nodejs/node/pull/2090). - - This can be used by producing performance profiling output by running node with `--perf`, then running your appropriate platform's script on the output as found in [tools/v8-prof](https://github.com/nodejs/node/tree/master/tools/v8-prof). + * This can be used by producing performance profiling output by running node with `--perf`, then running your appropriate platform's script on the output as found in [tools/v8-prof](https://github.com/nodejs/node/tree/master/tools/v8-prof). * **util**: `util.inspect(obj)` now prints the constructor name of the object if there is one (Christopher Monsanto) [#1935](https://github.com/nodejs/io.js/pull/1935). ### Known issues @@ -398,30 +398,30 @@ See https://github.com/nodejs/io.js/labels/confirmed-bug for complete and curren ### Notable changes * **buffer**: - - Due to changes in V8, it has been necessary to reimplement `Buffer` on top of V8's `Uint8Array`. Every effort has been made to minimize the performance impact, however `Buffer` instantiation is measurably slower. Access operations may be faster in some circumstances but the exact performance profile and difference over previous versions will depend on how `Buffer` is used within applications. (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825). - - `Buffer` can now take `ArrayBuffer`s as a constructor argument (Trevor Norris) [#2002](https://github.com/nodejs/node/pull/2002). - - When a single buffer is passed to `Buffer.concat()`, a new, copied `Buffer` object will be returned; previous behavior was to return the original `Buffer` object (Sakthipriyan Vairamani) [#1937](https://github.com/nodejs/node/pull/1937). + * Due to changes in V8, it has been necessary to reimplement `Buffer` on top of V8's `Uint8Array`. Every effort has been made to minimize the performance impact, however `Buffer` instantiation is measurably slower. Access operations may be faster in some circumstances but the exact performance profile and difference over previous versions will depend on how `Buffer` is used within applications. (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825). + * `Buffer` can now take `ArrayBuffer`s as a constructor argument (Trevor Norris) [#2002](https://github.com/nodejs/node/pull/2002). + * When a single buffer is passed to `Buffer.concat()`, a new, copied `Buffer` object will be returned; previous behavior was to return the original `Buffer` object (Sakthipriyan Vairamani) [#1937](https://github.com/nodejs/node/pull/1937). * **build**: PPC support has been added to core to allow compiling on pLinux BE and LE (AIX support coming soon) (Michael Dawson) [#2124](https://github.com/nodejs/node/pull/2124). * **dgram**: If an error occurs within `socket.send()` and a callback has been provided, the error is only passed as the first argument to the callback and not emitted on the `socket` object; previous behavior was to do both (Matteo Collina & Chris Dickinson) [#1796](https://github.com/nodejs/node/pull/1796) * **freelist**: Deprecate the undocumented `freelist` core module (Sakthipriyan Vairamani) [#2176](https://github.com/nodejs/node/pull/2176). * **http**: - - Status codes now all use the official [IANA names](http://www.iana.org/assignments/http-status-codes) as per [RFC7231](https://tools.ietf.org/html/rfc7231), e.g. `http.STATUS_CODES[414]` now returns `'URI Too Long'` rather than `'Request-URI Too Large'` (jomo) [#1470](https://github.com/nodejs/node/pull/1470). - - Calling .getName() on an HTTP agent no longer returns a trailing colon, HTTPS agents will no longer return an extra colon near the middle of the string (Brendan Ashworth) [#1617](https://github.com/nodejs/node/pull/1617). + * Status codes now all use the official [IANA names](http://www.iana.org/assignments/http-status-codes) as per [RFC7231](https://tools.ietf.org/html/rfc7231), e.g. `http.STATUS_CODES[414]` now returns `'URI Too Long'` rather than `'Request-URI Too Large'` (jomo) [#1470](https://github.com/nodejs/node/pull/1470). + * Calling .getName() on an HTTP agent no longer returns a trailing colon, HTTPS agents will no longer return an extra colon near the middle of the string (Brendan Ashworth) [#1617](https://github.com/nodejs/node/pull/1617). * **node**: - - `NODE_MODULE_VERSION` has been bumped to `45` to reflect the break in ABI (Rod Vagg) [#2096](https://github.com/nodejs/node/pull/2096). - - Introduce a new `process.release` object that contains a `name` property set to `'io.js'` and `sourceUrl`, `headersUrl` and `libUrl` (Windows only) properties containing URLs for the relevant resources; this is intended to be used by node-gyp (Rod Vagg) [#2154](https://github.com/nodejs/node/pull/2154). - - The version of node-gyp bundled with io.js now downloads and uses a tarball of header files from iojs.org rather than the full source for compiling native add-ons; it is hoped this is a temporary floating patch and the change will be upstreamed to node-gyp soon (Rod Vagg) [#2066](https://github.com/nodejs/node/pull/2066). + * `NODE_MODULE_VERSION` has been bumped to `45` to reflect the break in ABI (Rod Vagg) [#2096](https://github.com/nodejs/node/pull/2096). + * Introduce a new `process.release` object that contains a `name` property set to `'io.js'` and `sourceUrl`, `headersUrl` and `libUrl` (Windows only) properties containing URLs for the relevant resources; this is intended to be used by node-gyp (Rod Vagg) [#2154](https://github.com/nodejs/node/pull/2154). + * The version of node-gyp bundled with io.js now downloads and uses a tarball of header files from iojs.org rather than the full source for compiling native add-ons; it is hoped this is a temporary floating patch and the change will be upstreamed to node-gyp soon (Rod Vagg) [#2066](https://github.com/nodejs/node/pull/2066). * **repl**: Persistent history is now enabled by default. The history file is located at ~/.node_repl_history, which can be overridden by the new environment variable `NODE_REPL_HISTORY`. This deprecates the previous `NODE_REPL_HISTORY_FILE` variable. Additionally, the format of the file has been changed to plain text to better handle file corruption. (Jeremiah Senkpiel) [#2224](https://github.com/nodejs/node/pull/2224). * **smalloc**: The `smalloc` module has been removed as it is no longer possible to provide the API due to changes in V8 (Ben Noordhuis) [#2022](https://github.com/nodejs/node/pull/2022). * **tls**: Add `server.getTicketKeys()` and `server.setTicketKeys()` methods for [TLS session key](https://www.ietf.org/rfc/rfc5077.txt) rotation (Fedor Indutny) [#2227](https://github.com/nodejs/node/pull/2227). * **v8**: Upgraded to 4.4.63.26 - - ES6: Enabled [computed property names](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Object_initializer#Computed_property_names) - - ES6: `Array` can now be subclassed in strict mode - - ES6: Implement [rest parameters](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Functions/rest_parameters) in staging, use the `--harmony-rest-parameters` command line flag - - ES6: Implement the [spread operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator) in staging, use the `--harmony-spreadcalls` command line flag - - Removed `SetIndexedPropertiesToExternalArrayData` and related APIs, forcing a shift to `Buffer` to be reimplemented based on `Uint8Array` - - Introduction of `Maybe` and `MaybeLocal` C++ API for objects which _may_ or _may not_ have a value. - - Added support for PPC + * ES6: Enabled [computed property names](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Object_initializer#Computed_property_names) + * ES6: `Array` can now be subclassed in strict mode + * ES6: Implement [rest parameters](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Functions/rest_parameters) in staging, use the `--harmony-rest-parameters` command line flag + * ES6: Implement the [spread operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator) in staging, use the `--harmony-spreadcalls` command line flag + * Removed `SetIndexedPropertiesToExternalArrayData` and related APIs, forcing a shift to `Buffer` to be reimplemented based on `Uint8Array` + * Introduction of `Maybe` and `MaybeLocal` C++ API for objects which _may_ or _may not_ have a value. + * Added support for PPC See also https://github.com/nodejs/node/wiki/Breaking-Changes#300-from-2x for a summary of the breaking changes (SEMVER-MAJOR). @@ -705,8 +705,8 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current * **v8**: Fixed an out-of-band write in utf8 decoder. **This is an important security update** as it can be used to cause a denial of service attack. * **openssl**: Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the [security advisory](https://www.openssl.org/news/secadv_20150611.txt) for full details. (Shigeki Ohtsu) [#1950](https://github.com/nodejs/node/pull/1950) [#1958](https://github.com/nodejs/node/pull/1958) * **build**: - - Added support for compiling with Microsoft Visual C++ 2015 - - Started building and distributing headers-only tarballs along with binaries + * Added support for compiling with Microsoft Visual C++ 2015 + * Started building and distributing headers-only tarballs along with binaries ### Known issues @@ -752,8 +752,8 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current ### Notable changes * **build**: - - Added support for compiling with Microsoft Visual C++ 2015 - - Started building and distributing headers-only tarballs along with binaries + * Added support for compiling with Microsoft Visual C++ 2015 + * Started building and distributing headers-only tarballs along with binaries ### Known issues @@ -883,23 +883,23 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current ### Notable changes * **libuv**: Upgraded to 1.6.0 and 1.6.1, see [full ChangeLog](https://github.com/libuv/libuv/blob/60e515d9e6f3d86c0eedad583805201f32ea3aed/ChangeLog#L1-L36) for details. (Saúl Ibarra Corretgé) [#1905](https://github.com/nodejs/node/pull/1905) [#1889](https://github.com/nodejs/node/pull/1889). Highlights include: - - Fix TTY becoming blocked on OS X - - Fix UDP send callbacks to not to be synchronous - - Add `uv_os_homedir()` (exposed as `os.homedir()`, see below) + * Fix TTY becoming blocked on OS X + * Fix UDP send callbacks to not to be synchronous + * Add `uv_os_homedir()` (exposed as `os.homedir()`, see below) * **npm**: See full [release notes](https://github.com/npm/npm/releases/tag/v2.11.1) for details. (Kat Marchán) [#1899](https://github.com/nodejs/node/pull/1899). Highlight: - - Use GIT_SSH_COMMAND (available as of Git 2.3) + * Use GIT_SSH_COMMAND (available as of Git 2.3) * **openssl**: - - Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the [security advisory](https://www.openssl.org/news/secadv_20150611.txt) for full details. (Shigeki Ohtsu) [#1950](https://github.com/nodejs/node/pull/1950) [#1958](https://github.com/nodejs/node/pull/1958) - - Support [FIPS](https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards) mode of OpenSSL, see [README](https://github.com/nodejs/node#building-iojs-with-fips-compliant-openssl) for instructions. (Fedor Indutny) [#1890](https://github.com/nodejs/node/pull/1890) + * Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the [security advisory](https://www.openssl.org/news/secadv_20150611.txt) for full details. (Shigeki Ohtsu) [#1950](https://github.com/nodejs/node/pull/1950) [#1958](https://github.com/nodejs/node/pull/1958) + * Support [FIPS](https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards) mode of OpenSSL, see [README](https://github.com/nodejs/node#building-iojs-with-fips-compliant-openssl) for instructions. (Fedor Indutny) [#1890](https://github.com/nodejs/node/pull/1890) * **os**: Add `os.homedir()` method. (Colin Ihrig) [#1791](https://github.com/nodejs/node/pull/1791) * **smalloc**: Deprecate whole module. (Vladimir Kurchatkin) [#1822](https://github.com/nodejs/node/pull/1822) * Add new collaborators: - - Alex Kocharin ([@rlidwka](https://github.com/rlidwka)) - - Christopher Monsanto ([@monsanto](https://github.com/monsanto)) - - Ali Ijaz Sheikh ([@ofrobots](https://github.com/ofrobots)) - - Oleg Elifantiev ([@Olegas](https://github.com/Olegas)) - - Domenic Denicola ([@domenic](https://github.com/domenic)) - - Rich Trott ([@Trott](https://github.com/Trott)) + * Alex Kocharin ([@rlidwka](https://github.com/rlidwka)) + * Christopher Monsanto ([@monsanto](https://github.com/monsanto)) + * Ali Ijaz Sheikh ([@ofrobots](https://github.com/ofrobots)) + * Oleg Elifantiev ([@Olegas](https://github.com/Olegas)) + * Domenic Denicola ([@domenic](https://github.com/domenic)) + * Rich Trott ([@Trott](https://github.com/Trott)) ### Known issues @@ -1128,9 +1128,9 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current * **crypto**: significantly reduced memory usage for TLS (Fedor Indutny & Сковорода Никита Андреевич) [#1529](https://github.com/nodejs/node/pull/1529) * **npm**: Upgrade npm to 2.9.0. See the [v2.8.4](https://github.com/npm/npm/releases/tag/v2.8.4) and [v2.9.0](https://github.com/npm/npm/releases/tag/v2.9.0) release notes for details. Summary: - - Add support for default author field to make `npm init -y` work without user-input (@othiym23) [npm/npm/d8eee6cf9d](https://github.com/npm/npm/commit/d8eee6cf9d2ff7aca68dfaed2de76824a3e0d9 - - Include local modules in `npm outdated` and `npm update` (@ArnaudRinquin) [npm/npm#7426](https://github.com/npm/npm/issues/7426) - - The prefix used before the version number on `npm version` is now configurable via `tag-version-prefix` (@kkragenbrink) [npm/npm#8014](https://github.com/npm/npm/issues/8014) + * Add support for default author field to make `npm init -y` work without user-input (@othiym23) [npm/npm/d8eee6cf9d](https://github.com/npm/npm/commit/d8eee6cf9d2ff7aca68dfaed2de76824a3e0d9 + * Include local modules in `npm outdated` and `npm update` (@ArnaudRinquin) [npm/npm#7426](https://github.com/npm/npm/issues/7426) + * The prefix used before the version number on `npm version` is now configurable via `tag-version-prefix` (@kkragenbrink) [npm/npm#8014](https://github.com/npm/npm/issues/8014) ### Known issues @@ -1215,14 +1215,14 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current ### Notable changes * **async_wrap**: (Trevor Norris) [#1614](https://github.com/nodejs/node/pull/1614) - - it is now possible to filter by providers - - bit flags have been removed and replaced with method calls on the binding object - - _note that this is an unstable API so feature additions and breaking changes won't change io.js semver_ + * it is now possible to filter by providers + * bit flags have been removed and replaced with method calls on the binding object + * _note that this is an unstable API so feature additions and breaking changes won't change io.js semver_ * **libuv**: resolves numerous io.js issues: - - [#862](https://github.com/nodejs/node/issues/862) prevent spawning child processes with invalid stdio file descriptors - - [#1397](https://github.com/nodejs/node/issues/1397) fix EPERM error with fs.access(W_OK) on Windows - - [#1621](https://github.com/nodejs/node/issues/1621) build errors associated with the bundled libuv - - [#1512](https://github.com/nodejs/node/issues/1512) should properly fix Windows termination errors + * [#862](https://github.com/nodejs/node/issues/862) prevent spawning child processes with invalid stdio file descriptors + * [#1397](https://github.com/nodejs/node/issues/1397) fix EPERM error with fs.access(W_OK) on Windows + * [#1621](https://github.com/nodejs/node/issues/1621) build errors associated with the bundled libuv + * [#1512](https://github.com/nodejs/node/issues/1512) should properly fix Windows termination errors * **addons**: the `NODE_DEPRECATED` macro was causing problems when compiling addons with older compilers, this should now be resolved (Ben Noordhuis) [#1626](https://github.com/nodejs/node/pull/1626) * **V8**: upgrade V8 from 4.2.77.18 to 4.2.77.20 with minor fixes, including a bug preventing builds on FreeBSD @@ -1275,30 +1275,30 @@ _Note: a new version of the 'url' module was reverted prior to release as it was * **crypto**: significantly reduced memory usage for TLS (Fedor Indutny & Сковорода Никита Андреевич) [#1529](https://github.com/nodejs/node/pull/1529) * **net**: `socket.connect()` now accepts a `'lookup'` option for a custom DNS resolution mechanism, defaults to `dns.lookup()` (Evan Lucas) [#1505](https://github.com/nodejs/node/pull/1505) * **npm**: Upgrade npm to 2.9.0. See the [v2.8.4](https://github.com/npm/npm/releases/tag/v2.8.4) and [v2.9.0](https://github.com/npm/npm/releases/tag/v2.9.0) release notes for details. Notable items: - - Add support for default author field to make `npm init -y` work without user-input (@othiym23) [npm/npm/d8eee6cf9d](https://github.com/npm/npm/commit/d8eee6cf9d2ff7aca68dfaed2de76824a3e0d9af) - - Include local modules in `npm outdated` and `npm update` (@ArnaudRinquin) [npm/npm#7426](https://github.com/npm/npm/issues/7426) - - The prefix used before the version number on `npm version` is now configurable via `tag-version-prefix` (@kkragenbrink) [npm/npm#8014](https://github.com/npm/npm/issues/8014) + * Add support for default author field to make `npm init -y` work without user-input (@othiym23) [npm/npm/d8eee6cf9d](https://github.com/npm/npm/commit/d8eee6cf9d2ff7aca68dfaed2de76824a3e0d9af) + * Include local modules in `npm outdated` and `npm update` (@ArnaudRinquin) [npm/npm#7426](https://github.com/npm/npm/issues/7426) + * The prefix used before the version number on `npm version` is now configurable via `tag-version-prefix` (@kkragenbrink) [npm/npm#8014](https://github.com/npm/npm/issues/8014) * **os**: `os.tmpdir()` is now cross-platform consistent and will no longer returns a path with a trailing slash on any platform (Christian Tellnes) [#747](https://github.com/nodejs/node/pull/747) * **process**: - - `process.nextTick()` performance has been improved by between 2-42% across the benchmark suite, notable because this is heavily used across core (Brian White) [#1571](https://github.com/nodejs/node/pull/1571) - - New `process.geteuid()`, `process.seteuid(id)`, `process.getegid()` and `process.setegid(id)` methods allow you to get and set effective UID and GID of the process (Evan Lucas) [#1536](https://github.com/nodejs/node/pull/1536) + * `process.nextTick()` performance has been improved by between 2-42% across the benchmark suite, notable because this is heavily used across core (Brian White) [#1571](https://github.com/nodejs/node/pull/1571) + * New `process.geteuid()`, `process.seteuid(id)`, `process.getegid()` and `process.setegid(id)` methods allow you to get and set effective UID and GID of the process (Evan Lucas) [#1536](https://github.com/nodejs/node/pull/1536) * **repl**: - - REPL history can be persisted across sessions if the `NODE_REPL_HISTORY_FILE` environment variable is set to a user accessible file, `NODE_REPL_HISTORY_SIZE` can set the maximum history size and defaults to `1000` (Chris Dickinson) [#1513](https://github.com/nodejs/node/pull/1513) - - The REPL can be placed in to one of three modes using the `NODE_REPL_MODE` environment variable: `sloppy`, `strict` or `magic` (default); the new `magic` mode will automatically run "strict mode only" statements in strict mode (Chris Dickinson) [#1513](https://github.com/nodejs/node/pull/1513) + * REPL history can be persisted across sessions if the `NODE_REPL_HISTORY_FILE` environment variable is set to a user accessible file, `NODE_REPL_HISTORY_SIZE` can set the maximum history size and defaults to `1000` (Chris Dickinson) [#1513](https://github.com/nodejs/node/pull/1513) + * The REPL can be placed in to one of three modes using the `NODE_REPL_MODE` environment variable: `sloppy`, `strict` or `magic` (default); the new `magic` mode will automatically run "strict mode only" statements in strict mode (Chris Dickinson) [#1513](https://github.com/nodejs/node/pull/1513) * **smalloc**: the 'smalloc' module has been deprecated due to changes coming in V8 4.4 that will render it unusable * **util**: add Promise, Map and Set inspection support (Christopher Monsanto) [#1471](https://github.com/nodejs/node/pull/1471) * **V8**: upgrade to 4.2.77.18, see the [ChangeLog](https://chromium.googlesource.com/v8/v8/+/refs/heads/4.2.77/ChangeLog) for full details. Notable items: - - Classes have moved out of staging; the `class` keyword is now usable in strict mode without flags - - Object literal enhancements have moved out of staging; shorthand method and property syntax is now usable (`{ method() { }, property }`) - - Rest parameters (`function(...args) {}`) are implemented in staging behind the `--harmony-rest-parameters` flag - - Computed property names (`{['foo'+'bar']:'bam'}`) are implemented in staging behind the `--harmony-computed-property-names` flag - - Unicode escapes (`'\u{xxxx}'`) are implemented in staging behind the `--harmony_unicode` flag and the `--harmony_unicode_regexps` flag for use in regular expressions + * Classes have moved out of staging; the `class` keyword is now usable in strict mode without flags + * Object literal enhancements have moved out of staging; shorthand method and property syntax is now usable (`{ method() { }, property }`) + * Rest parameters (`function(...args) {}`) are implemented in staging behind the `--harmony-rest-parameters` flag + * Computed property names (`{['foo'+'bar']:'bam'}`) are implemented in staging behind the `--harmony-computed-property-names` flag + * Unicode escapes (`'\u{xxxx}'`) are implemented in staging behind the `--harmony_unicode` flag and the `--harmony_unicode_regexps` flag for use in regular expressions * **Windows**: - - Random process termination on Windows fixed (Fedor Indutny) [#1512](https://github.com/nodejs/node/issues/1512) / [#1563](https://github.com/nodejs/node/pull/1563) - - The delay-load hook introduced to fix issues with process naming (iojs.exe / node.exe) has been made opt-out for native add-ons. Native add-ons should include `'win_delay_load_hook': 'false'` in their binding.gyp to disable this feature if they experience problems . (Bert Belder) [#1433](https://github.com/nodejs/node/pull/1433) + * Random process termination on Windows fixed (Fedor Indutny) [#1512](https://github.com/nodejs/node/issues/1512) / [#1563](https://github.com/nodejs/node/pull/1563) + * The delay-load hook introduced to fix issues with process naming (iojs.exe / node.exe) has been made opt-out for native add-ons. Native add-ons should include `'win_delay_load_hook': 'false'` in their binding.gyp to disable this feature if they experience problems . (Bert Belder) [#1433](https://github.com/nodejs/node/pull/1433) * **Governance**: - - Rod Vagg (@rvagg) was added to the Technical Committee (TC) - - Jeremiah Senkpiel (@Fishrock123) was added to the Technical Committee (TC) + * Rod Vagg (@rvagg) was added to the Technical Committee (TC) + * Jeremiah Senkpiel (@Fishrock123) was added to the Technical Committee (TC) ### Known issues @@ -1642,9 +1642,9 @@ will be removed at a later point. (Roman Reiss) [#1363](https://github.com/nodej * **fs**: corruption can be caused by `fs.writeFileSync()` and append-mode `fs.writeFile()` and `fs.writeFileSync()` under certain circumstances, reported in [#1058](https://github.com/nodejs/node/issues/1058), fixed in [#1063](https://github.com/nodejs/node/pull/1063) (Olov Lassus). * **iojs**: an "internal modules" API has been introduced to allow core code to share JavaScript modules internally only without having to expose them as a public API, this feature is for core-only [#848](https://github.com/nodejs/node/pull/848) (Vladimir Kurchatkin). * **timers**: two minor problems with timers have been fixed: - - `Timer#close()` is now properly idempotent [#1288](https://github.com/nodejs/node/issues/1288) (Petka Antonov). - - `setTimeout()` will only run the callback once now after an `unref()` during the callback [#1231](https://github.com/nodejs/node/pull/1231) (Roman Reiss). - - NOTE: there are still other unresolved concerns with the timers code, such as [#1152](https://github.com/nodejs/node/pull/1152). + * `Timer#close()` is now properly idempotent [#1288](https://github.com/nodejs/node/issues/1288) (Petka Antonov). + * `setTimeout()` will only run the callback once now after an `unref()` during the callback [#1231](https://github.com/nodejs/node/pull/1231) (Roman Reiss). + * NOTE: there are still other unresolved concerns with the timers code, such as [#1152](https://github.com/nodejs/node/pull/1152). * **Windows**: a "delay-load hook" has been added for compiled add-ons on Windows that should alleviate some of the problems that Windows users may be experiencing with add-ons in io.js [#1251](https://github.com/nodejs/node/pull/1251) (Bert Belder). * **V8**: minor bug-fix upgrade for V8 to 4.1.0.27. * **npm**: upgrade npm to 2.7.4. See [npm CHANGELOG.md](https://github.com/npm/npm/blob/master/CHANGELOG.md#v274-2015-03-20) for details. Summary: @@ -2041,9 +2041,9 @@ will be removed at a later point. (Roman Reiss) [#1363](https://github.com/nodej deprecation warning to include which `package.json` is using it. ([@othiym23](https://github.com/othiym23)) * Add new collaborators: - - Robert Kowalski ([@robertkowalski](https://github.com/robertkowalski)) - - Christian Vaagland Tellnes ([@tellnes](https://github.com/tellnes)) - - Brian White ([@mscdex](https://github.com/mscdex)) + * Robert Kowalski ([@robertkowalski](https://github.com/robertkowalski)) + * Christian Vaagland Tellnes ([@tellnes](https://github.com/tellnes)) + * Brian White ([@mscdex](https://github.com/mscdex)) ### Known issues @@ -2212,34 +2212,34 @@ _Note: version **1.4.0** was tagged and built but not released. A libuv bug was ### Notable changes * **stream**: - - Simpler stream construction, see [readable-stream/issues#102](https://github.com/nodejs/readable-stream/issues/102) for details. This extends the streams base objects to make their constructors accept default implementation methods, reducing the boilerplate required to implement custom streams. An updated version of readable-stream will eventually be released to match this change in core. (@sonewman) + * Simpler stream construction, see [readable-stream/issues#102](https://github.com/nodejs/readable-stream/issues/102) for details. This extends the streams base objects to make their constructors accept default implementation methods, reducing the boilerplate required to implement custom streams. An updated version of readable-stream will eventually be released to match this change in core. (@sonewman) * **dns**: - - `lookup()` now supports an `'all'` boolean option, default to `false` but when turned on will cause the method to return an array of *all* resolved names for an address, see, [#744](https://github.com/nodejs/node/pull/744) (@silverwind) + * `lookup()` now supports an `'all'` boolean option, default to `false` but when turned on will cause the method to return an array of *all* resolved names for an address, see, [#744](https://github.com/nodejs/node/pull/744) (@silverwind) * **assert**: - - Remove `prototype` property comparison in `deepEqual()`, considered a bugfix, see [#636](https://github.com/nodejs/node/pull/636) (@vkurchatkin) - - Introduce a `deepStrictEqual()` method to mirror `deepEqual()` but performs strict equality checks on primitives, see [#639](https://github.com/nodejs/node/pull/639) (@vkurchatkin) + * Remove `prototype` property comparison in `deepEqual()`, considered a bugfix, see [#636](https://github.com/nodejs/node/pull/636) (@vkurchatkin) + * Introduce a `deepStrictEqual()` method to mirror `deepEqual()` but performs strict equality checks on primitives, see [#639](https://github.com/nodejs/node/pull/639) (@vkurchatkin) * **tracing**: - - Add [LTTng](http://lttng.org/) (Linux Trace Toolkit Next Generation) when compiled with the `--with-lttng` option. Trace points match those available for DTrace and ETW. [#702](https://github.com/nodejs/node/pull/702) (@thekemkid) + * Add [LTTng](http://lttng.org/) (Linux Trace Toolkit Next Generation) when compiled with the `--with-lttng` option. Trace points match those available for DTrace and ETW. [#702](https://github.com/nodejs/node/pull/702) (@thekemkid) * **docs**: - - Lots of doc updates, see individual commits - - New **Errors** page discussing JavaScript errors, V8 specifics, and io.js specific error details. (@chrisdickinson) + * Lots of doc updates, see individual commits + * New **Errors** page discussing JavaScript errors, V8 specifics, and io.js specific error details. (@chrisdickinson) * **npm** upgrade to 2.5.1, short changelog: - - [npm/0e8d473](https://github.com/npm/npm/commit/0e8d4736a1cbdda41ae8eba8a02c7ff7ce80c2ff) [#7281](https://github.com/npm/npm/issues/7281) `npm-registry-mock@1.0.0`: Clean up API, set `connection: close`, which makes tests pass on io.js 1.1.x. + * [npm/0e8d473](https://github.com/npm/npm/commit/0e8d4736a1cbdda41ae8eba8a02c7ff7ce80c2ff) [#7281](https://github.com/npm/npm/issues/7281) `npm-registry-mock@1.0.0`: Clean up API, set `connection: close`, which makes tests pass on io.js 1.1.x. ([@robertkowalski](https://github.com/robertkowalski)) - - [npm/f9313a0](https://github.com/npm/npm/commit/f9313a066c9889a0ee898d8a35676e40b8101e7f) + * [npm/f9313a0](https://github.com/npm/npm/commit/f9313a066c9889a0ee898d8a35676e40b8101e7f) [#7226](https://github.com/npm/npm/issues/7226) Ensure that all request settings are copied onto the agent. ([@othiym23](https://github.com/othiym23)) - - [npm/fec4c96](https://github.com/npm/npm/commit/fec4c967ee235030bf31393e8605e9e2811f4a39) + * [npm/fec4c96](https://github.com/npm/npm/commit/fec4c967ee235030bf31393e8605e9e2811f4a39) Allow `--no-proxy` to override `HTTP_PROXY` setting in environment. ([@othiym23](https://github.com/othiym23)) - - [npm/9d61e96](https://github.com/npm/npm/commit/9d61e96fb1f48687a85c211e4e0cd44c7f95a38e) + * [npm/9d61e96](https://github.com/npm/npm/commit/9d61e96fb1f48687a85c211e4e0cd44c7f95a38e) `npm outdated --long` now includes a column showing the type of dependency. ([@watilde](https://github.com/watilde)) * **libuv** upgrade to 1.4.0, see [libuv ChangeLog](https://github.com/libuv/libuv/blob/v1.x/ChangeLog) * Add new collaborators: - - Aleksey Smolenchuk (@lxe) - - Shigeki Ohtsu (@shigeki) + * Aleksey Smolenchuk (@lxe) + * Shigeki Ohtsu (@shigeki) ### Known issues @@ -2302,22 +2302,22 @@ _Note: version **1.4.0** was tagged and built but not released. A libuv bug was * crypto: ~30% speedup on hashing functions. * crypto: added privateEncrypt/publicDecrypt functions. * errors - - better formatting via util.inspect - - more descriptive errors from fs. This necessitated a `NODE_MODULE_VERSION` bump. - - more descriptive errors from http.setHeader + * better formatting via util.inspect + * more descriptive errors from fs. This necessitated a `NODE_MODULE_VERSION` bump. + * more descriptive errors from http.setHeader * dep updates: - - npm: upgrade to 2.4.1 - - http-parser: rollback to 2.3.0 - - libuv: update to 1.3.0 - - v8: update to 4.1.0.14 + * npm: upgrade to 2.4.1 + * http-parser: rollback to 2.3.0 + * libuv: update to 1.3.0 + * v8: update to 4.1.0.14 * http.request: inherited properties on options are now respected * add iterable interface to buffers (`for (let byte of buffer.values()) { }`) * fs: fix fd leak on `fs.createReadStream`. See 497fd72 for details. * installer: on Windows, emit WM_SETTINGCHANGE after install to make other running processes aware of the PATH changes. * Added new collaborators: - - Vladimir Kurchatkin (@vkurchatkin) - - Micleușanu Nicu (@micnic) + * Vladimir Kurchatkin (@vkurchatkin) + * Micleușanu Nicu (@micnic) ### Known issues @@ -2406,11 +2406,11 @@ _Note: version **1.4.0** was tagged and built but not released. A libuv bug was * 'punycode' core module bumped from stability level 2-Unstable, to 3-Stable * Added new collaborators: - - Thorsten Lorenz (@thlorenz) - - Stephen Belanger (@qard) - - Jeremiah Senkpiel (@fishrock123) - - Evan Lucas (@evanlucas) - - Brendan Ashworth (@brendanashworth) + * Thorsten Lorenz (@thlorenz) + * Stephen Belanger (@qard) + * Jeremiah Senkpiel (@fishrock123) + * Evan Lucas (@evanlucas) + * Brendan Ashworth (@brendanashworth) ### Commits @@ -2565,140 +2565,140 @@ repository and therefore can be seen as an extension to v0.11. ### General -- The V8 JavaScript engine bundled with io.js was upgraded dramatically, from version 3.14.5.9 in Node.js v0.10.35 and 3.26.33 in Node.js v0.11.14 to 3.31.74.1 for io.js v1.0.0. This brings along many fixes and performance improvements, as well as additional support for new ES6 language features! For more information on this, check out [the io.js ES6 page](https://iojs.org/es6.html). -- Other bundled technologies were upgraded: - - c-ares: 1.9.0-DEV to 1.10.0-DEV - - http_parser: 1.0 to 2.3 - - libuv: 0.10.30 to 1.2.0 - - npm: 1.4.28 to 2.1.18 - - openssl: 1.0.1j to 1.0.1k - - punycode: 1.2.0 to 1.3.2. -- Performance and stability improvements on all platforms. +* The V8 JavaScript engine bundled with io.js was upgraded dramatically, from version 3.14.5.9 in Node.js v0.10.35 and 3.26.33 in Node.js v0.11.14 to 3.31.74.1 for io.js v1.0.0. This brings along many fixes and performance improvements, as well as additional support for new ES6 language features! For more information on this, check out [the io.js ES6 page](https://iojs.org/es6.html). +* Other bundled technologies were upgraded: + * c-ares: 1.9.0-DEV to 1.10.0-DEV + * http_parser: 1.0 to 2.3 + * libuv: 0.10.30 to 1.2.0 + * npm: 1.4.28 to 2.1.18 + * openssl: 1.0.1j to 1.0.1k + * punycode: 1.2.0 to 1.3.2. +* Performance and stability improvements on all platforms. ### buffer https://iojs.org/api/buffer.html -- Added `buf.writeUIntLE`, `buf.writeUIntBE`, `buf.writeIntLE`, `buf.writeIntBE`, `buf.readUIntLE`, `buf.readUIntBE`, `buf.readIntLE` and `buf.readIntBE` methods that read and write value up to 6 bytes. -- Added `Buffer.compare()` which does a `memcmp()` on two Buffer instances. Instances themselves also have a `compare()`. -- Added `buffer.equals()` that checks equality of Buffers by their contents. -- Added `new Buffer(otherBuffer)` constructor. -- Tweaked `SlowBuffer`'s semantics. -- Updated the output of `buffer.toJSON()` to not be the same as an array. Instead it is an object specifically tagged as a buffer, which can be recovered by passing it to (a new overload of) the `Buffer` constructor. +* Added `buf.writeUIntLE`, `buf.writeUIntBE`, `buf.writeIntLE`, `buf.writeIntBE`, `buf.readUIntLE`, `buf.readUIntBE`, `buf.readIntLE` and `buf.readIntBE` methods that read and write value up to 6 bytes. +* Added `Buffer.compare()` which does a `memcmp()` on two Buffer instances. Instances themselves also have a `compare()`. +* Added `buffer.equals()` that checks equality of Buffers by their contents. +* Added `new Buffer(otherBuffer)` constructor. +* Tweaked `SlowBuffer`'s semantics. +* Updated the output of `buffer.toJSON()` to not be the same as an array. Instead it is an object specifically tagged as a buffer, which can be recovered by passing it to (a new overload of) the `Buffer` constructor. ### child_process https://iojs.org/api/child_process.html -- Added a `shell` option to `child_process.exec`. -- Added synchronous counterparts for the child process functions: `child_process.spawnSync`, `child_process.execSync`, and `child_process.execFileSync`. -- Added the path to any `ENOENT` errors, for easier debugging. +* Added a `shell` option to `child_process.exec`. +* Added synchronous counterparts for the child process functions: `child_process.spawnSync`, `child_process.execSync`, and `child_process.execFileSync`. +* Added the path to any `ENOENT` errors, for easier debugging. ### console https://iojs.org/api/console.html -- Added an `options` parameter to `console.dir`. +* Added an `options` parameter to `console.dir`. ### cluster https://iojs.org/api/cluster.html -- Updated `cluster` to use round-robin load balancing by default on non-Windows platforms. The scheduling policy is configurable however. -- `--debug` has been made cluster-aware. -- Many bug fixes. +* Updated `cluster` to use round-robin load balancing by default on non-Windows platforms. The scheduling policy is configurable however. +* `--debug` has been made cluster-aware. +* Many bug fixes. ### crypto https://iojs.org/api/crypto.html -- Added support for custom generator values to `DiffieHellman` (defaulting to 2 for backwards compatibility). -- Added support for custom pbkdf2 digest methods. -- Added support for elliptic curve-based Diffie-Hellman. -- Added support for loading and setting the engine for some/all OpenSSL functions. -- Added support for passing in a passphrase for decrypting the signing key to `Sign.sign()`. -- Added support for private key passphrase in every method that accepts it. -- Added support for RSA public/private encryption/decryption functionality. -- Added support for setting and getting of authentication tags and setting additional authentication data when using ciphers such as AES-GCM. +* Added support for custom generator values to `DiffieHellman` (defaulting to 2 for backwards compatibility). +* Added support for custom pbkdf2 digest methods. +* Added support for elliptic curve-based Diffie-Hellman. +* Added support for loading and setting the engine for some/all OpenSSL functions. +* Added support for passing in a passphrase for decrypting the signing key to `Sign.sign()`. +* Added support for private key passphrase in every method that accepts it. +* Added support for RSA public/private encryption/decryption functionality. +* Added support for setting and getting of authentication tags and setting additional authentication data when using ciphers such as AES-GCM. ### dgram https://iojs.org/api/dgram.html -- Added support for receiving empty UDP packets. +* Added support for receiving empty UDP packets. ### dns https://iojs.org/api/dns.html -- Added `dns.resolveSoa`, `dns.getServers`, and `dns.setServers` methods. -- Added `hostname` on error messages when available. -- Improved error handling consistency. +* Added `dns.resolveSoa`, `dns.getServers`, and `dns.setServers` methods. +* Added `hostname` on error messages when available. +* Improved error handling consistency. ### events https://iojs.org/api/events.html -- Added chaining support to `EventEmitter.setMaxListeners`. -- Updated `require('events')` to return the `EventEmitter` constructor, allowing the module to be used like `var EventEmitter = require('events')` instead of `var EventEmitter = require('events').EventEmitter`. +* Added chaining support to `EventEmitter.setMaxListeners`. +* Updated `require('events')` to return the `EventEmitter` constructor, allowing the module to be used like `var EventEmitter = require('events')` instead of `var EventEmitter = require('events').EventEmitter`. ### fs https://iojs.org/api/fs.html -- Added `fs.access`, and deprecated `fs.exists`. Please read the documentation carefully. -- Added more informative errors and method call site details when the `NODE_DEBUG` environment is set to ease debugging. -- Added option to `fs.watch` for recursive sub-directory support (OS X only). -- Fixed missing callbacks errors just being printed instead of thrown. +* Added `fs.access`, and deprecated `fs.exists`. Please read the documentation carefully. +* Added more informative errors and method call site details when the `NODE_DEBUG` environment is set to ease debugging. +* Added option to `fs.watch` for recursive sub-directory support (OS X only). +* Fixed missing callbacks errors just being printed instead of thrown. ### http https://iojs.org/api/http.html -- Added support for `response.write` and `response.end` to receive a callback to know when the operation completes. -- Added support for 308 status code (see RFC 7238). -- Added `http.METHODS` array, listing the HTTP methods supported by the parser. -- Added `request.flush` method. -- Added `response.getHeader('header')` method that may be used before headers are flushed. -- Added `response.statusMessage` property. -- Added Client Keep-Alive behavior. Set `keepAlive:true` in request options to reuse connections indefinitely. -- Added `rawHeaders` and `rawTrailers` members on incoming message. -- Removed default chunked encoding on `DELETE` and `OPTIONS`. +* Added support for `response.write` and `response.end` to receive a callback to know when the operation completes. +* Added support for 308 status code (see RFC 7238). +* Added `http.METHODS` array, listing the HTTP methods supported by the parser. +* Added `request.flush` method. +* Added `response.getHeader('header')` method that may be used before headers are flushed. +* Added `response.statusMessage` property. +* Added Client Keep-Alive behavior. Set `keepAlive:true` in request options to reuse connections indefinitely. +* Added `rawHeaders` and `rawTrailers` members on incoming message. +* Removed default chunked encoding on `DELETE` and `OPTIONS`. ### net https://iojs.org/api/net.html -- Changed `net.Server.listen` such that, when the bind address is omitted, IPv6 is tried first, and IPv4 is used as a fallback. +* Changed `net.Server.listen` such that, when the bind address is omitted, IPv6 is tried first, and IPv4 is used as a fallback. ### os https://iojs.org/api/os.html -- Added MAC addresses, netmasks and scope IDs for IPv6 addresses to `os.networkInterfaces` method output. -- Updated `os.tmpdir` on Windows to use the `%SystemRoot%` or `%WINDIR%` environment variables instead of the hard-coded value of `c:\windows` when determining the temporary directory location. +* Added MAC addresses, netmasks and scope IDs for IPv6 addresses to `os.networkInterfaces` method output. +* Updated `os.tmpdir` on Windows to use the `%SystemRoot%` or `%WINDIR%` environment variables instead of the hard-coded value of `c:\windows` when determining the temporary directory location. ### path https://iojs.org/api/path.html -- Added `path.isAbsolute` and `path.parse` methods. -- Added `path.win32` and `path.posix` objects that contain platform-specific versions of the various `path` functions. -- Improved `path.join` performance. +* Added `path.isAbsolute` and `path.parse` methods. +* Added `path.win32` and `path.posix` objects that contain platform-specific versions of the various `path` functions. +* Improved `path.join` performance. ### process https://iojs.org/api/process.html -- Added `beforeExit` event. -- Added `process.mainModule` and `process.exitCode`. +* Added `beforeExit` event. +* Added `process.mainModule` and `process.exitCode`. ### querystring https://iojs.org/api/querystring.html -- Added the ability to pass custom versions of `encodeURIComponent` and `decodeURIComponent` when stringifying or parsing a querystring. -- Fixed several issues with the formatting of query strings in edge cases. +* Added the ability to pass custom versions of `encodeURIComponent` and `decodeURIComponent` when stringifying or parsing a querystring. +* Fixed several issues with the formatting of query strings in edge cases. ### smalloc @@ -2750,47 +2750,47 @@ For a detailed overview of how streams3 interact, [see this diagram](https://clo https://iojs.org/api/timers.html -- Removed `process.maxTickDepth`, allowing `process.nextTick` to be used recursively without limit. -- Updated `setImmediate` to process the full queue each turn of the event loop, instead of one per queue. +* Removed `process.maxTickDepth`, allowing `process.nextTick` to be used recursively without limit. +* Updated `setImmediate` to process the full queue each turn of the event loop, instead of one per queue. ### tls https://iojs.org/api/tls.html -- Added `detailed` boolean flag to `getPeerCertificate` to return detailed certificate information (with raw DER bytes). -- Added `renegotiate(options, callback)` method for session renegotiation. -- Added `setMaxSendFragment` method for varying TLS fragment size. -- Added a `dhparam` option for DH ciphers. -- Added a `ticketKeys` option for TLS ticket AES encryption keys setup. -- Added async OCSP-stapling callback. -- Added async session storage events. -- Added async SNI callback. -- Added multi-key server support (for example, ECDSA+RSA server). -- Added optional callback to `checkServerIdentity` for manual certificate validation in userland. -- Added support for ECDSA/ECDHE cipher. -- Implemented TLS streams in C++, boosting their performance. -- Moved `createCredentials` to `tls` and renamed it to `createSecureContext`. -- Removed SSLv2 and SSLv3 support. +* Added `detailed` boolean flag to `getPeerCertificate` to return detailed certificate information (with raw DER bytes). +* Added `renegotiate(options, callback)` method for session renegotiation. +* Added `setMaxSendFragment` method for varying TLS fragment size. +* Added a `dhparam` option for DH ciphers. +* Added a `ticketKeys` option for TLS ticket AES encryption keys setup. +* Added async OCSP-stapling callback. +* Added async session storage events. +* Added async SNI callback. +* Added multi-key server support (for example, ECDSA+RSA server). +* Added optional callback to `checkServerIdentity` for manual certificate validation in userland. +* Added support for ECDSA/ECDHE cipher. +* Implemented TLS streams in C++, boosting their performance. +* Moved `createCredentials` to `tls` and renamed it to `createSecureContext`. +* Removed SSLv2 and SSLv3 support. ### url https://iojs.org/api/url.html -- Improved escaping of certain characters. -- Improved parsing speed. +* Improved escaping of certain characters. +* Improved parsing speed. ### util https://iojs.org/api/util.html -- Added `util.debuglog`. -- Added a plethora of new type-testing methods. See [the docs](https://iojs.org/api/util.html). -- Updated `util.format` to receive several changes: - - `-0` is now displayed as such, instead of as `0`. - - Anything that is `instanceof Error` is now formatted as an error. - - Circular references in JavaScript objects are now handled for the `%j` specifier. - - Custom `inspect` functions are now allowed to return an object. - - Custom `inspect` functions now receive any arguments passed to `util.inspect`. +* Added `util.debuglog`. +* Added a plethora of new type-testing methods. See [the docs](https://iojs.org/api/util.html). +* Updated `util.format` to receive several changes: + * `-0` is now displayed as such, instead of as `0`. + * Anything that is `instanceof Error` is now formatted as an error. + * Circular references in JavaScript objects are now handled for the `%j` specifier. + * Custom `inspect` functions are now allowed to return an object. + * Custom `inspect` functions now receive any arguments passed to `util.inspect`. ## v8 @@ -2804,11 +2804,11 @@ https://iojs.org/api/vm.html The `vm` module has been rewritten to work better, based on the excellent [Contextify](https://github.com/brianmcd/contextify) native module. All of the functionality of Contextify is now in core, with improvements! -- Added `vm.isContext(object)` method to determine whether `object` has been contextified. -- Added `vm.runInDebugContext(code)` method to compile and execute `code` inside the V8 debug context. -- Updated `vm.createContext(sandbox)` to "contextify" the sandbox, making it suitable for use as a global for `vm` scripts, and then return it. It no longer creates a separate context object. -- Updated most `vm` and `vm.Script` methods to accept an `options` object, allowing you to configure a timeout for the script, the error display behavior, and sometimes the filename (for stack traces). -- Updated the supplied sandbox object to be used directly as the global, remove error-prone copying of properties back and forth between the supplied sandbox object and the global that appears inside the scripts run by the `vm` module. +* Added `vm.isContext(object)` method to determine whether `object` has been contextified. +* Added `vm.runInDebugContext(code)` method to compile and execute `code` inside the V8 debug context. +* Updated `vm.createContext(sandbox)` to "contextify" the sandbox, making it suitable for use as a global for `vm` scripts, and then return it. It no longer creates a separate context object. +* Updated most `vm` and `vm.Script` methods to accept an `options` object, allowing you to configure a timeout for the script, the error display behavior, and sometimes the filename (for stack traces). +* Updated the supplied sandbox object to be used directly as the global, remove error-prone copying of properties back and forth between the supplied sandbox object and the global that appears inside the scripts run by the `vm` module. For more information, see the `vm` documentation linked above. @@ -2816,9 +2816,9 @@ For more information, see the `vm` documentation linked above. https://iojs.org/api/zlib.html -- Added support for `zlib.flush` to specify a particular flush method (defaulting to `Z_FULL_FLUSH`). -- Added support for `zlib.params` to dynamically update the compression level and strategy when deflating. -- Added synchronous versions of the zlib methods. +* Added support for `zlib.flush` to specify a particular flush method (defaulting to `Z_FULL_FLUSH`). +* Added support for `zlib.params` to dynamically update the compression level and strategy when deflating. +* Added synchronous versions of the zlib methods. ### C++ API Changes @@ -2828,23 +2828,23 @@ In general it is recommended that you use [NAN](https://github.com/rvagg/nan) as #### V8 highlights -- Exposed method signature has changed from `Handle Method(const Arguments& args)` to `void Method(const v8::FunctionCallbackInfo& args)` with the newly introduced `FunctionCallbackInfo` also taking the return value via `args.GetReturnValue().Set(value)` instead of `scope.Close(value)`, `Arguments` has been removed. -- Exposed setter signature has changed from `void Setter(Local property, Local value, const v8::AccessorInfo& args)` `void Setter(Local property, Local value, const v8::PropertyCallbackInfo& args)`. -- Exposed getter signature has changed from `void Getter(Local property, Local value, const v8::AccessorInfo& args)` `void Getter(Local property, Local value, const v8::PropertyCallbackInfo& args)`. -- Exposed property setter signature has changed from `Handle Setter(Local property, Local value, const v8::AccessorInfo& args)` `void Setter(Local property, Local value, const v8::PropertyCallbackInfo& args)`. -- Exposed property getter signature has changed from `Handle Getter(Local property, Local value, const v8::AccessorInfo& args)` `void Getter(Local property, Local value, const v8::PropertyCallbackInfo& args)`. -- Similar changes have been made to property enumerators, property deleters, property query, index getter, index setter, index enumerator, index deleter, index query. -- V8 objects instantiated in C++ now require an `Isolate*` argument as the first argument. In most cases it is OK to simply pass `v8::Isolate::GetCurrent()`, e.g. `Date::New(Isolate::GetCurrent(), time)`, or `String::NewFromUtf8(Isolate::GetCurrent(), "foobar")`. -- `HandleScope scope` now requires an `Isolate*` argument, i.e. `HandleScope scope(isolate)`, in most cases `v8::Isolate::GetCurrent()` is OK. -- Similar changes have been made to `Locker` and `Unlocker`. -- V8 objects that need to "escape" a scope should be enclosed in a `EscapableHandleScope` rather than a `HandleScope` and should be returned with `scope.Escape(value)`. -- Exceptions are now thrown from isolates with `isolate->ThrowException(ExceptionObject)`. -- `Context::GetCurrent()` must now be done on an isolate, e.g. `Isolate::GetCurrent()->GetCurrentContext()`. -- `String::NewSymbol()` has been removed, use plain strings instead. -- `String::New()` has been removed, use `String::NewFromUtf8()` instead. -- `Persistent` objects no longer inherit from `Handle` and cannot be instantiated with another object. Instead, the `Persistent` should simply be declared, e.g. `Persistent handle` and then have a `Local` assigned to it with `handle.Reset(isolate, value)`. To get a `Local` from a `Persistent` you must instantiate it as the argument, i.e. `Local::New(Isolate*, Persistent)`. +* Exposed method signature has changed from `Handle Method(const Arguments& args)` to `void Method(const v8::FunctionCallbackInfo& args)` with the newly introduced `FunctionCallbackInfo` also taking the return value via `args.GetReturnValue().Set(value)` instead of `scope.Close(value)`, `Arguments` has been removed. +* Exposed setter signature has changed from `void Setter(Local property, Local value, const v8::AccessorInfo& args)` `void Setter(Local property, Local value, const v8::PropertyCallbackInfo& args)`. +* Exposed getter signature has changed from `void Getter(Local property, Local value, const v8::AccessorInfo& args)` `void Getter(Local property, Local value, const v8::PropertyCallbackInfo& args)`. +* Exposed property setter signature has changed from `Handle Setter(Local property, Local value, const v8::AccessorInfo& args)` `void Setter(Local property, Local value, const v8::PropertyCallbackInfo& args)`. +* Exposed property getter signature has changed from `Handle Getter(Local property, Local value, const v8::AccessorInfo& args)` `void Getter(Local property, Local value, const v8::PropertyCallbackInfo& args)`. +* Similar changes have been made to property enumerators, property deleters, property query, index getter, index setter, index enumerator, index deleter, index query. +* V8 objects instantiated in C++ now require an `Isolate*` argument as the first argument. In most cases it is OK to simply pass `v8::Isolate::GetCurrent()`, e.g. `Date::New(Isolate::GetCurrent(), time)`, or `String::NewFromUtf8(Isolate::GetCurrent(), "foobar")`. +* `HandleScope scope` now requires an `Isolate*` argument, i.e. `HandleScope scope(isolate)`, in most cases `v8::Isolate::GetCurrent()` is OK. +* Similar changes have been made to `Locker` and `Unlocker`. +* V8 objects that need to "escape" a scope should be enclosed in a `EscapableHandleScope` rather than a `HandleScope` and should be returned with `scope.Escape(value)`. +* Exceptions are now thrown from isolates with `isolate->ThrowException(ExceptionObject)`. +* `Context::GetCurrent()` must now be done on an isolate, e.g. `Isolate::GetCurrent()->GetCurrentContext()`. +* `String::NewSymbol()` has been removed, use plain strings instead. +* `String::New()` has been removed, use `String::NewFromUtf8()` instead. +* `Persistent` objects no longer inherit from `Handle` and cannot be instantiated with another object. Instead, the `Persistent` should simply be declared, e.g. `Persistent handle` and then have a `Local` assigned to it with `handle.Reset(isolate, value)`. To get a `Local` from a `Persistent` you must instantiate it as the argument, i.e. `Local::New(Isolate*, Persistent)`. #### Node / io.js -- Updated `node::Buffer::New()` to return a `Handle` directly so you no longer need to fetch the `handle_` property. -- Updated `node::MakeCallback()` to require an `Isolate*` as the first argument. Generally `Isolate::GetCurrent()` will be OK for this. +* Updated `node::Buffer::New()` to return a `Handle` directly so you no longer need to fetch the `handle_` property. +* Updated `node::MakeCallback()` to require an `Isolate*` as the first argument. Generally `Isolate::GetCurrent()` will be OK for this. diff --git a/doc/changelogs/CHANGELOG_V010.md b/doc/changelogs/CHANGELOG_V010.md index 1e48a4107831c4..43131745be61e9 100644 --- a/doc/changelogs/CHANGELOG_V010.md +++ b/doc/changelogs/CHANGELOG_V010.md @@ -106,8 +106,8 @@ This is a security release. All Node.js users should consult the security releas * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) * http: - - CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) - - Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White) + * CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) + * Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White) * openssl: Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2183, CVE-2016-2178 and CVE-2016-6306. * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian) (Ben Noordhuis) @@ -150,8 +150,8 @@ This is a security release. All Node.js users should consult the security releas * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) https://github.com/nodejs/node/pull/5987 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553 - - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details + * Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" + * See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details ### Commits: @@ -186,13 +186,13 @@ This is a security release. All Node.js users should consult the security releas * http_parser: Update to http-parser 1.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) https://github.com/nodejs/node/pull/5242 * domains: - - Prevent an exit due to an exception being thrown rather than emitting an `'uncaughtException'` event on the `process` object when no error handler is set on the domain within which an error is thrown and an `'uncaughtException'` event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3887 - - Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3887 + * Prevent an exit due to an exception being thrown rather than emitting an `'uncaughtException'` event on the `process` object when no error handler is set on the domain within which an error is thrown and an `'uncaughtException'` event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3887 + * Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3887 * openssl: Upgrade from 1.0.1r to 1.0.1s (Ben Noordhuis) https://github.com/nodejs/node/pull/5508 - - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 - - Remove SSLv2 support, the `--enable-ssl2` command line argument will now produce an error. The DROWN Attack (https://drownattack.com/) creates a vulnerability where SSLv2 is enabled by a server, even if a client connection is not using SSLv2. The SSLv2 protocol is widely considered unacceptably broken and should not be supported. More information is available at https://www.openssl.org/news/vulnerabilities.html#2016-0800 + * Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 + * Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 + * Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 + * Remove SSLv2 support, the `--enable-ssl2` command line argument will now produce an error. The DROWN Attack (https://drownattack.com/) creates a vulnerability where SSLv2 is enabled by a server, even if a client connection is not using SSLv2. The SSLv2 protocol is widely considered unacceptably broken and should not be supported. More information is available at https://www.openssl.org/news/vulnerabilities.html#2016-0800 ### Commits: @@ -215,11 +215,11 @@ This is an important security release. All Node.js users should consult the secu * http-parser: upgrade from 1.0 to 1.1 * openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits. * src: - - introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes - - allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216` + * introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes + * allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216` * build: - - xz compressed tar files will be made available from nodejs.org for v0.10 builds from v0.10.42 onward - - A headers.tar.gz file will be made available from nodejs.org for v0.10 builds from v0.10.42 onward, a future change to node-gyp will be required to make use of these + * xz compressed tar files will be made available from nodejs.org for v0.10 builds from v0.10.42 onward + * A headers.tar.gz file will be made available from nodejs.org for v0.10 builds from v0.10.42 onward, a future change to node-gyp will be required to make use of these ### Commits @@ -432,7 +432,7 @@ https://github.com/nodejs/node/commit/ce82d6b8474bde7ac7df6d425fb88fb1bcba35bc * openssl: to 1.0.1h (CVE-2014-0224) * npm: upgrade to 1.4.14 * utf8: Prevent Node from sending invalid UTF-8 (Felix Geisendörfer) - - *NOTE* this introduces a breaking change, previously you could construct + * *NOTE* this introduces a breaking change, previously you could construct invalid UTF-8 and invoke an error in a client that was expecting valid UTF-8, now unmatched surrogate pairs are replaced with the unknown UTF-8 character. To restore the old functionality simply have NODE_INVALID_UTF8 @@ -573,7 +573,7 @@ https://github.com/nodejs/node/commit/e2da042844a830fafb8031f6c477eb4f96195210 https://github.com/nodejs/node/commit/d7234c8d50a1af73f60d2d3c0cc7eed17429a481 * tls: fix sporadic hang and partial reads (Fedor Indutny) - - fixes "npm ERR! cb() never called!" + * fixes "npm ERR! cb() never called!" ## 2013.09.24, Version 0.10.19 (Stable) diff --git a/doc/changelogs/CHANGELOG_V012.md b/doc/changelogs/CHANGELOG_V012.md index 1205b8b3103593..e563ea6a084308 100644 --- a/doc/changelogs/CHANGELOG_V012.md +++ b/doc/changelogs/CHANGELOG_V012.md @@ -90,11 +90,11 @@ This is a security release. All Node.js users should consult the security releas * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) * http: - - CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) - - Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White) + * CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) + * Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White) * openssl: - - Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. - - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis, Rod Vagg) + * Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. + * Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis, Rod Vagg) * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) ### Commits: @@ -139,9 +139,9 @@ This is a security release. All Node.js users should consult the security releas * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) https://github.com/nodejs/node/pull/5988 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553 - - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details + * Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" + * Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" + * See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details ### Commits: @@ -192,12 +192,12 @@ Note that the upgrade to OpenSSL 1.0.1s in Node.js v0.12.11 removed internal SSL * http_parser: Update to http-parser 2.3.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) https://github.com/nodejs/node/pull/5241 * domains: - - Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the `process` object when no error handler is set on the domain within which an error is thrown and an 'uncaughtException' event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3885 - - Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3885 + * Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the `process` object when no error handler is set on the domain within which an error is thrown and an 'uncaughtException' event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3885 + * Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3885 * openssl: Upgrade from 1.0.1r to 1.0.1s (Ben Noordhuis) https://github.com/nodejs/node/pull/5509 - - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 + * Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 + * Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 + * Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 ### Commits: @@ -227,11 +227,11 @@ This is an important security release. All Node.js users should consult the secu * http-parser: upgrade from 2.3.0 to 2.3.1 * openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits. * src: - - introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes - - allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216` + * introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes + * allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216` * build: - - xz compressed tar files will be made available from nodejs.org for v0.12 builds from v0.12.10 onward - - A headers.tar.gz file will be made available from nodejs.org for v0.12 builds from v0.12.10 onward, a future change to node-gyp will be required to make use of these + * xz compressed tar files will be made available from nodejs.org for v0.12 builds from v0.12.10 onward + * A headers.tar.gz file will be made available from nodejs.org for v0.12 builds from v0.12.10 onward, a future change to node-gyp will be required to make use of these ### Commits diff --git a/doc/changelogs/CHANGELOG_V10.md b/doc/changelogs/CHANGELOG_V10.md index caf8ee18cc419b..8d3b83e241814f 100644 --- a/doc/changelogs/CHANGELOG_V10.md +++ b/doc/changelogs/CHANGELOG_V10.md @@ -1016,9 +1016,9 @@ a missing CLI flag to adjust the max header size of the http parser. ### Notable Changes * **cli**: - - add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811) + * add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811) * **http**: - - add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860) + * add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860) ### Commits @@ -2211,10 +2211,10 @@ Fixes for the following CVEs are included in this release: * Fix unintentional exposure of uninitialized memory in `Buffer.alloc()` (CVE-2018-7166) * **deps**: * Upgrade to OpenSSL 1.1.0i, fixing: - - Client DoS due to large DH parameter (CVE-2018-0732) - - ECDSA key extraction via local side-channel (CVE not assigned) + * Client DoS due to large DH parameter (CVE-2018-0732) + * ECDSA key extraction via local side-channel (CVE not assigned) * Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) [#21079](https://github.com/nodejs/node/pull/21079) - - Memory reduction and performance improvements, details at: https://v8project.blogspot.com/2018/06/v8-release-68.html + * Memory reduction and performance improvements, details at: https://v8project.blogspot.com/2018/06/v8-release-68.html * **http**: `http.get()` and `http.request()` (and `https` variants) can now accept three arguments to allow for a `URL` _and_ an `options` object (Sam Ruby) [#21616](https://github.com/nodejs/node/pull/21616) * Added new collaborators * Sam Ruby (https://github.com/rubys) @@ -2985,9 +2985,9 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **deps**: - - update V8 to 6.7.288.43 (Michaël Zasso) [#19989](https://github.com/nodejs/node/pull/19989) + * update V8 to 6.7.288.43 (Michaël Zasso) [#19989](https://github.com/nodejs/node/pull/19989) * **stream**: - - ensure Stream.pipeline re-throws errors without callback (Blaine Bublitz) [#20437](https://github.com/nodejs/node/pull/20437) + * ensure Stream.pipeline re-throws errors without callback (Blaine Bublitz) [#20437](https://github.com/nodejs/node/pull/20437) ### Commits @@ -3090,15 +3090,15 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **deps**: - - upgrade npm to 6.1.0 (Rebecca Turner) [#20190](https://github.com/nodejs/node/pull/20190) + * upgrade npm to 6.1.0 (Rebecca Turner) [#20190](https://github.com/nodejs/node/pull/20190) * **fs**: - - fix reads with pos \> 4GB (Mathias Buus) [#21003](https://github.com/nodejs/node/pull/21003) + * fix reads with pos \> 4GB (Mathias Buus) [#21003](https://github.com/nodejs/node/pull/21003) * **net**: - - new option to allow IPC servers to be readable and writable by all users (Bartosz Sosnowski) [#19472](https://github.com/nodejs/node/pull/19472) + * new option to allow IPC servers to be readable and writable by all users (Bartosz Sosnowski) [#19472](https://github.com/nodejs/node/pull/19472) * **stream**: - - fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed (Kael Zhang) [#20924](https://github.com/nodejs/node/pull/20924) + * fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed (Kael Zhang) [#20924](https://github.com/nodejs/node/pull/20924) * **Added new collaborators** - - [jdlaton](https://github.com/jdalton) John-David Dalton + * [jdlaton](https://github.com/jdalton) John-David Dalton ### Commits @@ -3162,23 +3162,23 @@ This is a follow up release to fix two regressions that were introduced in v10.2 ### Notable Changes * **addons**: - - Fixed a memory leak for users of `AsyncResource` and N-API. (Michael Dawson) [#20668](https://github.com/nodejs/node/pull/20668) + * Fixed a memory leak for users of `AsyncResource` and N-API. (Michael Dawson) [#20668](https://github.com/nodejs/node/pull/20668) * **assert**: - - The `error` parameter of `assert.throws()` can be an object containing regular expressions now. (Ruben Bridgewater) [#20485](https://github.com/nodejs/node/pull/20485) + * The `error` parameter of `assert.throws()` can be an object containing regular expressions now. (Ruben Bridgewater) [#20485](https://github.com/nodejs/node/pull/20485) * **crypto**: - - The `authTagLength` option has been made more flexible. (Tobias Nießen) [#20235](https://github.com/nodejs/node/pull/20235), [#20039](https://github.com/nodejs/node/pull/20039) + * The `authTagLength` option has been made more flexible. (Tobias Nießen) [#20235](https://github.com/nodejs/node/pull/20235), [#20039](https://github.com/nodejs/node/pull/20039) * **esm**: - - Builtin modules (e.g. `fs`) now provide named exports in ES6 modules. (Gus Caplan) [#20403](https://github.com/nodejs/node/pull/20403) + * Builtin modules (e.g. `fs`) now provide named exports in ES6 modules. (Gus Caplan) [#20403](https://github.com/nodejs/node/pull/20403) * **http**: - - Handling of `close` and `aborted` events has been made more consistent. (Robert Nagy) [#20075](https://github.com/nodejs/node/pull/20075), [#20611](https://github.com/nodejs/node/pull/20611) + * Handling of `close` and `aborted` events has been made more consistent. (Robert Nagy) [#20075](https://github.com/nodejs/node/pull/20075), [#20611](https://github.com/nodejs/node/pull/20611) * **module**: - - add --preserve-symlinks-main (David Goldstein) [#19911](https://github.com/nodejs/node/pull/19911) + * add --preserve-symlinks-main (David Goldstein) [#19911](https://github.com/nodejs/node/pull/19911) * **timers**: - - `timeout.refresh()` has been added to the public API. (Jeremiah Senkpiel) [#20298](https://github.com/nodejs/node/pull/20298) + * `timeout.refresh()` has been added to the public API. (Jeremiah Senkpiel) [#20298](https://github.com/nodejs/node/pull/20298) * Embedder support: - - Functions for creating V8 `Isolate` and `Context` objects with Node.js-specific behaviour have been added to the API. (Allen Yonghuang Wang) [#20639](https://github.com/nodejs/node/pull/20639) - - Node.js `Environment`s clean up resources before exiting now. (Anna Henningsen) [#19377](https://github.com/nodejs/node/pull/19377) - - Support for multi-threaded embedding has been improved. (Anna Henningsen) [#20542](https://github.com/nodejs/node/pull/20542), [#20539](https://github.com/nodejs/node/pull/20539), [#20541](https://github.com/nodejs/node/pull/20541) + * Functions for creating V8 `Isolate` and `Context` objects with Node.js-specific behaviour have been added to the API. (Allen Yonghuang Wang) [#20639](https://github.com/nodejs/node/pull/20639) + * Node.js `Environment`s clean up resources before exiting now. (Anna Henningsen) [#19377](https://github.com/nodejs/node/pull/19377) + * Support for multi-threaded embedding has been improved. (Anna Henningsen) [#20542](https://github.com/nodejs/node/pull/20542), [#20539](https://github.com/nodejs/node/pull/20539), [#20541](https://github.com/nodejs/node/pull/20541) ### Commits @@ -3396,15 +3396,15 @@ This is a follow up release to fix two regressions that were introduced in v10.2 ### Notable Changes * **console**: - - make console.table() use colored inspect (TSUYUSATO Kitsune) [#20510](https://github.com/nodejs/node/pull/20510) + * make console.table() use colored inspect (TSUYUSATO Kitsune) [#20510](https://github.com/nodejs/node/pull/20510) * **fs**: - - move fs/promises to fs.promises (cjihrig) [#20504](https://github.com/nodejs/node/pull/20504) + * move fs/promises to fs.promises (cjihrig) [#20504](https://github.com/nodejs/node/pull/20504) * **http**: - - added aborted property to request (Robert Nagy) [#20094](https://github.com/nodejs/node/pull/20094) + * added aborted property to request (Robert Nagy) [#20094](https://github.com/nodejs/node/pull/20094) * **n-api**: - - initialize a module via a special symbol (Gabriel Schulhof) [#20161](https://github.com/nodejs/node/pull/20161) + * initialize a module via a special symbol (Gabriel Schulhof) [#20161](https://github.com/nodejs/node/pull/20161) * **src**: - - add public API to expose the main V8 Platform (Allen Yonghuang Wang) [#20447](https://github.com/nodejs/node/pull/20447) + * add public API to expose the main V8 Platform (Allen Yonghuang Wang) [#20447](https://github.com/nodejs/node/pull/20447) ### Commits diff --git a/doc/changelogs/CHANGELOG_V11.md b/doc/changelogs/CHANGELOG_V11.md index a19554a5df8497..93b93a11cda8b9 100644 --- a/doc/changelogs/CHANGELOG_V11.md +++ b/doc/changelogs/CHANGELOG_V11.md @@ -1559,16 +1559,16 @@ A fix for the following CVE is included in this release: ### Notable Changes * **cli**: - - add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811) + * add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811) * **crypto**: - - always accept certificates as public keys (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234) - - add key object API (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234) - - update root certificates (Sam Roberts) [#25113](https://github.com/nodejs/node/pull/25113) + * always accept certificates as public keys (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234) + * add key object API (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234) + * update root certificates (Sam Roberts) [#25113](https://github.com/nodejs/node/pull/25113) * **deps**: - - upgrade to libuv 1.24.1 (cjihrig) [#25078](https://github.com/nodejs/node/pull/25078) - - upgrade npm to 6.5.0 (Audrey Eschright) [#24734](https://github.com/nodejs/node/pull/24734) + * upgrade to libuv 1.24.1 (cjihrig) [#25078](https://github.com/nodejs/node/pull/25078) + * upgrade npm to 6.5.0 (Audrey Eschright) [#24734](https://github.com/nodejs/node/pull/24734) * **http**: - - add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860) + * add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860) ### Commits diff --git a/doc/changelogs/CHANGELOG_V4.md b/doc/changelogs/CHANGELOG_V4.md index a585aee31468e8..6a9a2d1f94f27c 100644 --- a/doc/changelogs/CHANGELOG_V4.md +++ b/doc/changelogs/CHANGELOG_V4.md @@ -155,12 +155,12 @@ This release includes a security update to openssl that has been deemed low seve ### Notable Changes * **crypto**: - - update root certificates (Ben Noordhuis) [#13279](https://github.com/nodejs/node/pull/13279) - - update root certificates (Ben Noordhuis) [#12402](https://github.com/nodejs/node/pull/12402) + * update root certificates (Ben Noordhuis) [#13279](https://github.com/nodejs/node/pull/13279) + * update root certificates (Ben Noordhuis) [#12402](https://github.com/nodejs/node/pull/12402) * **deps**: - - add support for more modern versions of INTL (Bruno Pagani) [#13040](https://github.com/nodejs/node/pull/13040) - - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691) - - upgrade openssl sources to 1.0.2l (Daniel Bevenius) [#13233](https://github.com/nodejs/node/pull/13233) + * add support for more modern versions of INTL (Bruno Pagani) [#13040](https://github.com/nodejs/node/pull/13040) + * upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691) + * upgrade openssl sources to 1.0.2l (Daniel Bevenius) [#13233](https://github.com/nodejs/node/pull/13233) ### Commits @@ -220,7 +220,7 @@ This is a security release. All Node.js users should consult the security releas ### Notable Changes * **zlib**: - - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95) + * CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95) ### Commits @@ -234,9 +234,9 @@ This is a security release. All Node.js users should consult the security releas ### Notable Changes * **build**: - - Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh) + * Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh) * **deps**: - - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale) + * CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale) ### Commits @@ -251,11 +251,11 @@ This is a security release. All Node.js users should consult the security releas ### Notable Changes * **module**: - - The [module loading global fallback](https://nodejs.org/dist/latest-v4.x/docs/api/modules.html#modules_loading_from_the_global_folders) to the Node executable's directory now works correctly on Windows. (Richard Lau) [#9283](https://github.com/nodejs/node/pull/9283) + * The [module loading global fallback](https://nodejs.org/dist/latest-v4.x/docs/api/modules.html#modules_loading_from_the_global_folders) to the Node executable's directory now works correctly on Windows. (Richard Lau) [#9283](https://github.com/nodejs/node/pull/9283) * **src**: - - fix base64 decoding in rare edgecase (Nikolai Vavilov) [#11995](https://github.com/nodejs/node/pull/11995) + * fix base64 decoding in rare edgecase (Nikolai Vavilov) [#11995](https://github.com/nodejs/node/pull/11995) * **tls**: - - fix rare segmentation faults when using TLS + * fix rare segmentation faults when using TLS * (Trevor Norris) [#11947](https://github.com/nodejs/node/pull/11947) * (Ben Noordhuis) [#11898](https://github.com/nodejs/node/pull/11898) * (jBarz) [#11776](https://github.com/nodejs/node/pull/11776) @@ -288,9 +288,9 @@ that were present in zlib 1.2.8. ### Notable Changes * **crypto**: - - fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089) + * fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089) * **deps**: - - upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980) + * upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980) ### Commits @@ -309,9 +309,9 @@ and 1 commits which are updates to dependencies. * **buffer**: The performance of `.toJSON()` is now up to 2859% faster on average. (Brian White) [#10895](https://github.com/nodejs/node/pull/10895) * **IPC**: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. (Alexey Orlenko) [#10677](https://github.com/nodejs/node/pull/10677) - - Performance gains may be up to 40% for some workloads. + * Performance gains may be up to 40% for some workloads. * **http**: - - Control characters are now always rejected when using `http.request()`. (Ben Noordhuis) [#8923](https://github.com/nodejs/node/pull/8923) + * Control characters are now always rejected when using `http.request()`. (Ben Noordhuis) [#8923](https://github.com/nodejs/node/pull/8923) * **node**: Heap statistics now support values larger than 4GB. (Ben Noordhuis) [#10186](https://github.com/nodejs/node/pull/10186) ### Commits @@ -866,7 +866,7 @@ The SEMVER-MINOR changes include: Notable SEMVER-PATCH changes include: * **build**: - - introduce the configure --shared option for embedders (sxa555) [#6994](https://github.com/nodejs/node/pull/6994) + * introduce the configure --shared option for embedders (sxa555) [#6994](https://github.com/nodejs/node/pull/6994) * **gtest**: the test reporter now outputs tap comments as yamlish (Johan Bergström) [#9262](https://github.com/nodejs/node/pull/9262) * **src**: node no longer aborts when c-ares initialization fails (Ben Noordhuis) [#8710](https://github.com/nodejs/node/pull/8710) * **tls**: fix memory leak when writing data to TLSWrap instance during handshake (Fedor Indutny) [#9586](https://github.com/nodejs/node/pull/9586) @@ -1242,9 +1242,9 @@ This is a security release. All Node.js users should consult the security releas Semver Minor: * **openssl**: - - Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) [#8714](https://github.com/nodejs/node/pull/8714) - - Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) [#8786](https://github.com/nodejs/node/pull/8786) - - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) [nodejs/node-private#70](https://github.com/nodejs/node-private/pull/70) + * Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) [#8714](https://github.com/nodejs/node/pull/8714) + * Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) [#8786](https://github.com/nodejs/node/pull/8786) + * Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) [nodejs/node-private#70](https://github.com/nodejs/node-private/pull/70) * **http**: CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) [nodejs/node-private#46](https://github.com/nodejs/node-private/pull/46) Semver Patch: @@ -1576,15 +1576,15 @@ This LTS release comes with 89 commits. This includes 46 commits that are docs r ### Notable Changes -- **debugger**: - - All properties of an array (aside from length) can now be printed in the repl (cjihrig) [#6448](https://github.com/nodejs/node/pull/6448) -- **npm**: - - Upgrade npm to 2.15.8 (Rebecca Turner) [#7412](https://github.com/nodejs/node/pull/7412) -- **stream**: - - Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen) [#7160](https://github.com/nodejs/node/pull/7160) -- **V8**: - - Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) [#7442](https://github.com/nodejs/node/pull/7442) - - Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas) [#3792](https://github.com/nodejs/node/pull/3792) +* **debugger**: + * All properties of an array (aside from length) can now be printed in the repl (cjihrig) [#6448](https://github.com/nodejs/node/pull/6448) +* **npm**: + * Upgrade npm to 2.15.8 (Rebecca Turner) [#7412](https://github.com/nodejs/node/pull/7412) +* **stream**: + * Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen) [#7160](https://github.com/nodejs/node/pull/7160) +* **V8**: + * Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) [#7442](https://github.com/nodejs/node/pull/7442) + * Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas) [#3792](https://github.com/nodejs/node/pull/3792) ### Commits @@ -1698,14 +1698,14 @@ This release is specifically related to a Buffer overflow vulnerability discover ### Notable Changes -- **buffer**: - - Buffer.indexOf now returns correct values for all UTF-16 input (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511) -- **contextify**: - - Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth (Ali Ijaz Sheikh) [#6871](https://github.com/nodejs/node/pull/6871) -- **deps**: - - update npm to 2.15.5 (Rebecca Turner) [#6663](https://github.com/nodejs/node/pull/6663) -- **http**: - - Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999 (Brian White) [#6291](https://github.com/nodejs/node/pull/6291) +* **buffer**: + * Buffer.indexOf now returns correct values for all UTF-16 input (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511) +* **contextify**: + * Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth (Ali Ijaz Sheikh) [#6871](https://github.com/nodejs/node/pull/6871) +* **deps**: + * update npm to 2.15.5 (Rebecca Turner) [#6663](https://github.com/nodejs/node/pull/6663) +* **http**: + * Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999 (Brian White) [#6291](https://github.com/nodejs/node/pull/6291) ### Commits @@ -1792,7 +1792,7 @@ This release is specifically related to a Buffer overflow vulnerability discover * **deps**: * update openssl to 1.0.2h. (Shigeki Ohtsu) [#6551](https://github.com/nodejs/node/pull/6551) - - Please see our [blog post](https://nodejs.org/en/blog/vulnerability/openssl-may-2016/) for more info on the security contents of this release. + * Please see our [blog post](https://nodejs.org/en/blog/vulnerability/openssl-may-2016/) for more info on the security contents of this release. ### Commits @@ -1812,11 +1812,11 @@ This release is specifically related to a Buffer overflow vulnerability discover ### Notable Changes * **deps**: - - Fix `--gdbjit` for embedders. Backported from v8 upstream. (Ben Noordhuis) [#5577](https://github.com/nodejs/node/pull/5577) + * Fix `--gdbjit` for embedders. Backported from v8 upstream. (Ben Noordhuis) [#5577](https://github.com/nodejs/node/pull/5577) * **etw**: - - Correctly display descriptors for ETW events 9 and 23 on the windows platform. (João Reis) [#5742](https://github.com/nodejs/node/pull/5742) + * Correctly display descriptors for ETW events 9 and 23 on the windows platform. (João Reis) [#5742](https://github.com/nodejs/node/pull/5742) * **querystring**: - - Restore throw when attempting to stringify bad surrogate pair. (Brian White) [#5858](https://github.com/nodejs/node/pull/5858) + * Restore throw when attempting to stringify bad surrogate pair. (Brian White) [#5858](https://github.com/nodejs/node/pull/5858) ### Commits @@ -1879,13 +1879,13 @@ This release is specifically related to a Buffer overflow vulnerability discover ### Notable Changes * **https**: - - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. (Alexander Penev) [#5713](https://github.com/nodejs/node/pull/5713) + * Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. (Alexander Penev) [#5713](https://github.com/nodejs/node/pull/5713) * **lib**: - - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this. (Nathan Woltman) [#4361](https://github.com/nodejs/node/pull/4361) + * The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this. (Nathan Woltman) [#4361](https://github.com/nodejs/node/pull/4361) * **npm**: - - Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) + * Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) * **repl**: - - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. (Prince J Wesley) [#5416](https://github.com/nodejs/node/pull/5416) + * Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. (Prince J Wesley) [#5416](https://github.com/nodejs/node/pull/5416) ### Commits @@ -1940,16 +1940,16 @@ and 7 which are benchmark related. ### Notable Changes * **build**: - - Updated Logos for the OSX + Windows installers - - (Rod Vagg) [#5401](https://github.com/nodejs/node/pull/5401) - - (Robert Jefe Lindstaedt) [#5531](https://github.com/nodejs/node/pull/5531) - - New option to select your VS Version in the Windows installer - - (julien.waechter) [#4645](https://github.com/nodejs/node/pull/4645) - - Support Visual C++ Build Tools 2015 - - (João Reis) [#5627](https://github.com/nodejs/node/pull/5627) + * Updated Logos for the OSX + Windows installers + * (Rod Vagg) [#5401](https://github.com/nodejs/node/pull/5401) + * (Robert Jefe Lindstaedt) [#5531](https://github.com/nodejs/node/pull/5531) + * New option to select your VS Version in the Windows installer + * (julien.waechter) [#4645](https://github.com/nodejs/node/pull/4645) + * Support Visual C++ Build Tools 2015 + * (João Reis) [#5627](https://github.com/nodejs/node/pull/5627) * **tools**: - - Gyp now works on OSX without XCode - - (Shigeki Ohtsu) [nodejs/node#1325](https://github.com/nodejs/node/pull/1325) + * Gyp now works on OSX without XCode + * (Shigeki Ohtsu) [nodejs/node#1325](https://github.com/nodejs/node/pull/1325) ### Commits @@ -2082,34 +2082,34 @@ This release also includes over 70 fixes to our docs and over 50 fixes to tests. The SEMVER-MINOR changes include: * **deps**: - - An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) [#3609](https://github.com/nodejs/node/pull/3609) + * An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) [#3609](https://github.com/nodejs/node/pull/3609) * **http**: - - A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) [#4482](https://github.com/nodejs/node/pull/4482) + * A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) [#4482](https://github.com/nodejs/node/pull/4482) * **src**: - - Better support for Big-Endian systems (Bryon Leung) [#3410](https://github.com/nodejs/node/pull/3410) + * Better support for Big-Endian systems (Bryon Leung) [#3410](https://github.com/nodejs/node/pull/3410) * **tls**: - - A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) [#2441](https://github.com/nodejs/node/pull/2441) + * A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) [#2441](https://github.com/nodejs/node/pull/2441) * **tools**: - - a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) [#4021](https://github.com/nodejs/node/pull/4021) + * a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) [#4021](https://github.com/nodejs/node/pull/4021) Notable semver patch changes include: * **buld**: - - Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) [#4841](https://github.com/nodejs/node/pull/4841) + * Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) [#4841](https://github.com/nodejs/node/pull/4841) * **https**: - - A potential fix for [#3692](https://github.com/nodejs/node/issues/3692) HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) [#4982](https://github.com/nodejs/node/pull/4982) + * A potential fix for [#3692](https://github.com/nodejs/node/issues/3692) HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) [#4982](https://github.com/nodejs/node/pull/4982) * **installer**: - - More readable profiling information from isolate tick logs (Matt Loring) [#3032](https://github.com/nodejs/node/pull/3032) + * More readable profiling information from isolate tick logs (Matt Loring) [#3032](https://github.com/nodejs/node/pull/3032) * **npm**: - - upgrade to npm 2.14.20 (Kat Marchán) [#5510](https://github.com/nodejs/node/pull/5510) + * upgrade to npm 2.14.20 (Kat Marchán) [#5510](https://github.com/nodejs/node/pull/5510) * **process**: - - Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) [#4798](https://github.com/nodejs/node/pull/4798) + * Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) [#4798](https://github.com/nodejs/node/pull/4798) * **querystring**: - - querystring.parse() is now 13-22% faster! (Brian White) [#4675](https://github.com/nodejs/node/pull/4675) + * querystring.parse() is now 13-22% faster! (Brian White) [#4675](https://github.com/nodejs/node/pull/4675) * **streams**: - - performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) [#4354](https://github.com/nodejs/node/pull/4354) + * performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) [#4354](https://github.com/nodejs/node/pull/4354) * **tools**: - - eslint has been updated to version 2.1.0 (Rich Trott) [#5214](https://github.com/nodejs/node/pull/5214) + * eslint has been updated to version 2.1.0 (Rich Trott) [#5214](https://github.com/nodejs/node/pull/5214) ### Commits @@ -2339,9 +2339,9 @@ This is a security release with only a single commit, an update to openssl due t ### Notable changes * **openssl**: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) [#5507](https://github.com/nodejs/node/pull/5507) - - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at [CVE-2016-0705](https://www.openssl.org/news/vulnerabilities.html#2016-0705). - - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at [CVE-2016-0797](https://www.openssl.org/news/vulnerabilities.html#2016-0797). - - Fix a defect that makes the _[CacheBleed Attack](https://ssrg.nicta.com.au/projects/TS/cachebleed/)_ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at [CVE-2016-0702](https://www.openssl.org/news/vulnerabilities.html#2016-0702). + * Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at [CVE-2016-0705](https://www.openssl.org/news/vulnerabilities.html#2016-0705). + * Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at [CVE-2016-0797](https://www.openssl.org/news/vulnerabilities.html#2016-0797). + * Fix a defect that makes the _[CacheBleed Attack](https://ssrg.nicta.com.au/projects/TS/cachebleed/)_ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at [CVE-2016-0702](https://www.openssl.org/news/vulnerabilities.html#2016-0702). ## Commits @@ -2354,17 +2354,17 @@ This is a security release with only a single commit, an update to openssl due t * **buffer** * make byteLength work with Buffer correctly (Jackson Tian) - - [#4738](https://github.com/nodejs/node/pull/4738) + * [#4738](https://github.com/nodejs/node/pull/4738) * **debugger** * guard against call from non-node context (Ben Noordhuis) - - [#4328](https://github.com/nodejs/node/pull/4328) - - fixes segfaults in debugger + * [#4328](https://github.com/nodejs/node/pull/4328) + * fixes segfaults in debugger * do not incept debug context (Myles Borins) - - [#4819](https://github.com/nodejs/node/pull/4819) - - fixes crash in debugger when using util methods + * [#4819](https://github.com/nodejs/node/pull/4819) + * fixes crash in debugger when using util methods * **deps** * update to http-parser 2.5.2 (James Snell) - - [#5238](https://github.com/nodejs/node/pull/5238) + * [#5238](https://github.com/nodejs/node/pull/5238) ### Commits @@ -2446,8 +2446,8 @@ Note that this release includes a non-backward compatible change to address a se * **http-parser**: upgrade from 2.5.0 to 2.5.1 * **openssl**: upgrade from 1.0.2e to 1.0.2f. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits. * **src**: - - introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes - - allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216` + * introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes + * allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216` ### Commits @@ -2889,8 +2889,8 @@ Security Update * **http**: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts to trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny) * **openssl**: Upgrade to 1.0.2e, containing fixes for: - - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack may be possible against a Node.js TLS server using DHE key exchange. Details are available at . - - CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at . + * CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack may be possible against a Node.js TLS server using DHE key exchange. Details are available at . + * CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at . (Shigeki Ohtsu) [#4134](https://github.com/nodejs/node/pull/4134) * **v8**: Backport fix for CVE-2015-6764, a bug in `JSON.stringify()` that can result in out-of-bounds reads for arrays. (Ben Noordhuis) @@ -3008,8 +3008,8 @@ This is an LTS maintenance release that addresses a number of issues: ### Notable changes * Includes fixes for two regressions - - Assertion error in WeakCallback - see [#3329](https://github.com/nodejs/node/pull/3329) - - Undefined timeout regression - see [#3331](https://github.com/nodejs/node/pull/3331) + * Assertion error in WeakCallback - see [#3329](https://github.com/nodejs/node/pull/3329) + * Undefined timeout regression - see [#3331](https://github.com/nodejs/node/pull/3331) ### Known issues @@ -3034,9 +3034,9 @@ The first Node.js LTS release! See https://github.com/nodejs/LTS/ for details of * **icu**: Updated to version 56 with significant performance improvements (Steven R. Loomis) [#3281](https://github.com/nodejs/node/pull/3281) * **node**: - - Added new `-c` (or `--check`) command line argument for checking script syntax without executing the code (Dave Eddy) [#2411](https://github.com/nodejs/node/pull/2411) - - Added `process.versions.icu` to hold the current ICU library version (Evan Lucas) [#3102](https://github.com/nodejs/node/pull/3102) - - Added `process.release.lts` to hold the current LTS codename when the binary is from an active LTS release line (Rod Vagg) [#3212](https://github.com/nodejs/node/pull/3212) + * Added new `-c` (or `--check`) command line argument for checking script syntax without executing the code (Dave Eddy) [#2411](https://github.com/nodejs/node/pull/2411) + * Added `process.versions.icu` to hold the current ICU library version (Evan Lucas) [#3102](https://github.com/nodejs/node/pull/3102) + * Added `process.release.lts` to hold the current LTS codename when the binary is from an active LTS release line (Rod Vagg) [#3212](https://github.com/nodejs/node/pull/3212) * **npm**: Upgraded to npm 2.14.7 from 2.14.4, see [release notes](https://github.com/npm/npm/releases/tag/v2.14.7) for full details (Kat Marchán) [#3299](https://github.com/nodejs/node/pull/3299) ### Known issues @@ -3116,15 +3116,15 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current ### Notable changes * **http**: - - Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability [CVE-2015-7384](https://github.com/nodejs/node/issues/3138) (Fedor Indutny) [#3128](https://github.com/nodejs/node/pull/3128) - - Account for pending response data instead of just the data on the current request to decide whether pause the socket or not (Fedor Indutny) [#3128](https://github.com/nodejs/node/pull/3128) + * Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability [CVE-2015-7384](https://github.com/nodejs/node/issues/3138) (Fedor Indutny) [#3128](https://github.com/nodejs/node/pull/3128) + * Account for pending response data instead of just the data on the current request to decide whether pause the socket or not (Fedor Indutny) [#3128](https://github.com/nodejs/node/pull/3128) * **libuv**: Upgraded from v1.7.4 to v1.7.5, see [release notes](https://github.com/libuv/libuv/releases/tag/v1.7.5) for details (Saúl Ibarra Corretgé) [#3010](https://github.com/nodejs/node/pull/3010) - - A better rwlock implementation for all Windows versions - - Improved AIX support + * A better rwlock implementation for all Windows versions + * Improved AIX support * **v8**: - - Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) [#3117](https://github.com/nodejs/node/pull/3117) - - Backported [f782159](https://codereview.chromium.org/1367123003) from v8's upstream to help speed up Promise introspection (Ben Noordhuis) [#3130](https://github.com/nodejs/node/pull/3130) - - Backported [c281c15](https://codereview.chromium.org/1363683002) from v8's upstream to add JSTypedArray length in post-mortem metadata (Julien Gilli) [#3031](https://github.com/nodejs/node/pull/3031) + * Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) [#3117](https://github.com/nodejs/node/pull/3117) + * Backported [f782159](https://codereview.chromium.org/1367123003) from v8's upstream to help speed up Promise introspection (Ben Noordhuis) [#3130](https://github.com/nodejs/node/pull/3130) + * Backported [c281c15](https://codereview.chromium.org/1363683002) from v8's upstream to add JSTypedArray length in post-mortem metadata (Julien Gilli) [#3031](https://github.com/nodejs/node/pull/3031) ### Known issues @@ -3186,11 +3186,11 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current * **buffer**: Fixed a bug introduced in v4.1.0 where allocating a new zero-length buffer can result in the _next_ allocation of a TypedArray in JavaScript not being zero-filled. In certain circumstances this could result in data leakage via reuse of memory space in TypedArrays, breaking the normally safe assumption that TypedArrays should be always zero-filled. (Trevor Norris) [#2931](https://github.com/nodejs/node/pull/2931). * **http**: Guard against response-splitting of HTTP trailing headers added via [`response.addTrailers()`](https://nodejs.org/api/http.html#http_response_addtrailers_headers) by removing new-line (`[\r\n]`) characters from values. Note that standard header values are already stripped of new-line characters. The expected security impact is low because trailing headers are rarely used. (Ben Noordhuis) [#2945](https://github.com/nodejs/node/pull/2945). * **npm**: Upgrade to npm 2.14.4 from 2.14.3, see [release notes](https://github.com/npm/npm/releases/tag/v2.14.4) for full details (Kat Marchán) [#2958](https://github.com/nodejs/node/pull/2958) - - Upgrades `graceful-fs` on multiple dependencies to no longer rely on monkey-patching `fs` - - Fix `npm link` for pre-release / RC builds of Node + * Upgrades `graceful-fs` on multiple dependencies to no longer rely on monkey-patching `fs` + * Fix `npm link` for pre-release / RC builds of Node * **v8**: Update post-mortem metadata to allow post-mortem debugging tools to find and inspect: - - JavaScript objects that use dictionary properties (Julien Gilli) [#2959](https://github.com/nodejs/node/pull/2959) - - ScopeInfo and thus closures (Julien Gilli) [#2974](https://github.com/nodejs/node/pull/2974) + * JavaScript objects that use dictionary properties (Julien Gilli) [#2959](https://github.com/nodejs/node/pull/2959) + * ScopeInfo and thus closures (Julien Gilli) [#2974](https://github.com/nodejs/node/pull/2974) ### Known issues @@ -3237,17 +3237,17 @@ See https://github.com/nodejs/node/labels/confirmed-bug for complete and current ### Notable changes * **buffer**: - - Buffers are now created in JavaScript, rather than C++. This increases the speed of buffer creation (Trevor Norris) [#2866](https://github.com/nodejs/node/pull/2866). - - `Buffer#slice()` now uses `Uint8Array#subarray()` internally, increasing `slice()` performance (Karl Skomski) [#2777](https://github.com/nodejs/node/pull/2777). + * Buffers are now created in JavaScript, rather than C++. This increases the speed of buffer creation (Trevor Norris) [#2866](https://github.com/nodejs/node/pull/2866). + * `Buffer#slice()` now uses `Uint8Array#subarray()` internally, increasing `slice()` performance (Karl Skomski) [#2777](https://github.com/nodejs/node/pull/2777). * **fs**: - - `fs.utimes()` now properly converts numeric strings, `NaN`, and `Infinity` (Yazhong Liu) [#2387](https://github.com/nodejs/node/pull/2387). - - `fs.WriteStream` now implements `_writev`, allowing for super-fast bulk writes (Ron Korving) [#2167](https://github.com/nodejs/node/pull/2167). + * `fs.utimes()` now properly converts numeric strings, `NaN`, and `Infinity` (Yazhong Liu) [#2387](https://github.com/nodejs/node/pull/2387). + * `fs.WriteStream` now implements `_writev`, allowing for super-fast bulk writes (Ron Korving) [#2167](https://github.com/nodejs/node/pull/2167). * **http**: Fixed an issue with certain `write()` sizes causing errors when using `http.request()` (Fedor Indutny) [#2824](https://github.com/nodejs/node/pull/2824). * **npm**: Upgrade to version 2.14.3, see https://github.com/npm/npm/releases/tag/v2.14.3 for more details (Kat Marchán) [#2822](https://github.com/nodejs/node/pull/2822). * **src**: V8 cpu profiling no longer erroneously shows idle time (Oleksandr Chekhovskyi) [#2324](https://github.com/nodejs/node/pull/2324). * **timers**: `#ref()` and `#unref()` now return the timer they belong to (Sam Roberts) [#2905](https://github.com/nodejs/node/pull/2905). * **v8**: Lateral upgrade to 4.5.103.33 from 4.5.103.30, contains minor fixes (Ali Ijaz Sheikh) [#2870](https://github.com/nodejs/node/pull/2870). - - This fixes a previously known bug where some computed object shorthand properties did not work correctly ([#2507](https://github.com/nodejs/node/issues/2507)). + * This fixes a previously known bug where some computed object shorthand properties did not work correctly ([#2507](https://github.com/nodejs/node/issues/2507)). ### Known issues @@ -3330,10 +3330,10 @@ This list of changes is relative to the last io.js v3.x branch release, v3.3.0. * **timers**: Improved timer performance from porting the 0.12 implementation, plus minor fixes (Jeremiah Senkpiel) [#2540](https://github.com/nodejs/node/pull/2540), (Julien Gilli) [nodejs/node-v0.x-archive#8751](https://github.com/nodejs/node-v0.x-archive/pull/8751) [nodejs/node-v0.x-archive#8905](https://github.com/nodejs/node-v0.x-archive/pull/8905) * **util**: The `util.is*()` functions have been deprecated, beginning with deprecation warnings in the documentation for this release, users are encouraged to seek more robust alternatives in the npm registry, (Sakthipriyan Vairamani) [#2447](https://github.com/nodejs/node/pull/2447). * **v8**: Upgrade to version 4.5.103.30 from 4.4.63.30 (Ali Ijaz Sheikh) [#2632](https://github.com/nodejs/node/pull/2632). - - Implement new `TypedArray` prototype methods: `copyWithin()`, `every()`, `fill()`, `filter()`, `find()`, `findIndex()`, `forEach()`, `indexOf()`, `join()`, `lastIndexOf()`, `map()`, `reduce()`, `reduceRight()`, `reverse()`, `slice()`, `some()`, `sort()`. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information. - - Implement new `TypedArray.from()` and `TypedArray.of()` functions. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information. - - Implement arrow functions, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions for further information. - - Full ChangeLog available at https://github.com/v8/v8-git-mirror/blob/4.5.103/ChangeLog + * Implement new `TypedArray` prototype methods: `copyWithin()`, `every()`, `fill()`, `filter()`, `find()`, `findIndex()`, `forEach()`, `indexOf()`, `join()`, `lastIndexOf()`, `map()`, `reduce()`, `reduceRight()`, `reverse()`, `slice()`, `some()`, `sort()`. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information. + * Implement new `TypedArray.from()` and `TypedArray.of()` functions. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information. + * Implement arrow functions, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions for further information. + * Full ChangeLog available at https://github.com/v8/v8-git-mirror/blob/4.5.103/ChangeLog ### Known issues diff --git a/doc/changelogs/CHANGELOG_V5.md b/doc/changelogs/CHANGELOG_V5.md index 35b3d21f75b879..e7ae65ef37893f 100644 --- a/doc/changelogs/CHANGELOG_V5.md +++ b/doc/changelogs/CHANGELOG_V5.md @@ -346,10 +346,10 @@ This is a security release. All Node.js users should consult the security releas ### Notable changes * **buffer**: Now properly throws `RangeError`s on out-of-bounds writes (Matt Loring) [#5605](https://github.com/nodejs/node/pull/5605). - - This effects `write{Float|Double}` when the `noAssert` option is not used. + * This effects `write{Float|Double}` when the `noAssert` option is not used. * **timers**: - - Returned timeout objects now have a `Timeout` constructor name (Jeremiah Senkpiel) [#5793](https://github.com/nodejs/node/pull/5793). - - Performance of `Immediate` processing is now ~20-40% faster (Brian White) [#4169](https://github.com/nodejs/node/pull/4169). + * Returned timeout objects now have a `Timeout` constructor name (Jeremiah Senkpiel) [#5793](https://github.com/nodejs/node/pull/5793). + * Performance of `Immediate` processing is now ~20-40% faster (Brian White) [#4169](https://github.com/nodejs/node/pull/4169). * **vm**: Fixed a contextify regression introduced in v5.9.0 (Ali Ijaz Sheikh) [#5800](https://github.com/nodejs/node/pull/5800). ### Commits @@ -405,13 +405,13 @@ This is a security release. All Node.js users should consult the security releas * **contextify**: Fixed a memory consumption issue related to heavy use of `vm.createContext` and `vm.runInNewContext`. (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/5392 * **governance**: The following members have been added as collaborators: - - Andreas Madsen (@AndreasMadsen) - - Benjamin Gruenbaum (@benjamingr) - - Claudio Rodriguez (@claudiorodriguez) - - Glen Keane (@thekemkid) - - Jeremy Whitlock (@whitlockjc) - - Matt Loring (@matthewloring) - - Phillip Johnsen (@phillipj) + * Andreas Madsen (@AndreasMadsen) + * Benjamin Gruenbaum (@benjamingr) + * Claudio Rodriguez (@claudiorodriguez) + * Glen Keane (@thekemkid) + * Jeremy Whitlock (@whitlockjc) + * Matt Loring (@matthewloring) + * Phillip Johnsen (@phillipj) * **lib**: copy arguments object instead of leaking it (Nathan Woltman) https://github.com/nodejs/node/pull/4361 * **src**: allow both -i and -e flags to be used at the same time (Rich Trott) @@ -419,7 +419,7 @@ https://github.com/nodejs/node/pull/5655 * **timers**: Internal Node.js timeouts now use the same logic path as those created with `setTimeout()` (Jeremiah Senkpiel) [#4007](https://github.com/nodejs/node/pull/4007) * This may cause a slightly different performance profile in some situations. So far, it has shown to be positive in most cases. * **v8**: backport fb4ccae from v8 upstream (Vladimir Krivosheev) #4231 - - breakout events from v8 to offer better support for external debuggers + * breakout events from v8 to offer better support for external debuggers * **zlib**: add support for concatenated members (Kári Tristan Helgason) https://github.com/nodejs/node/pull/5120 * Previously, if multiple members were in the same archive, only the first would be read. The others are no longer thrown away. @@ -481,11 +481,11 @@ https://github.com/nodejs/node/pull/5655 ### Notable changes * **child_process**: `send()` now accepts an options parameter (cjihrig) [#5283](https://github.com/nodejs/node/pull/5283). - - Currently the only option is `keepOpen`, which keeps the underlying socket open after the message is sent. + * Currently the only option is `keepOpen`, which keeps the underlying socket open after the message is sent. * **constants**: `ENGINE_METHOD_RSA` is now correctly exposed (Sam Roberts) [#5463](https://github.com/nodejs/node/pull/5463). * Fixed two regressions which originated in v5.7.0: - - **http**: Errors inside of http client callbacks now propagate correctly (Trevor Norris) [#5591](https://github.com/nodejs/node/pull/5591). - - **path**: Fixed normalization of absolute paths (Evan Lucas) [#5589](https://github.com/nodejs/node/pull/5589). + * **http**: Errors inside of http client callbacks now propagate correctly (Trevor Norris) [#5591](https://github.com/nodejs/node/pull/5591). + * **path**: Fixed normalization of absolute paths (Evan Lucas) [#5589](https://github.com/nodejs/node/pull/5589). * **repl**: `start()` no longer requires an options parameter (cjihrig) [#5388](https://github.com/nodejs/node/pull/5388). * **util**: Improved `format()` performance 50-300% (Evan Lucas) [#5360](https://github.com/nodejs/node/pull/5360). @@ -530,16 +530,16 @@ https://github.com/nodejs/node/pull/5655 * **governance**: The Core Technical Committee (CTC) added four new members to help guide Node.js core development: Evan Lucas, Rich Trott, Ali Ijaz Sheikh and Сковорода Никита Андреевич (Nikita Skovoroda). * **openssl**: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) [#5507](https://github.com/nodejs/node/pull/5507). - - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at [CVE-2016-0705](https://www.openssl.org/news/vulnerabilities.html#2016-0705). - - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at [CVE-2016-0797](https://www.openssl.org/news/vulnerabilities.html#2016-0797). - - Fix a defect that makes the _[CacheBleed Attack](https://ssrg.nicta.com.au/projects/TS/cachebleed/)_ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at [CVE-2016-0702](https://www.openssl.org/news/vulnerabilities.html#2016-0702). + * Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at [CVE-2016-0705](https://www.openssl.org/news/vulnerabilities.html#2016-0705). + * Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at [CVE-2016-0797](https://www.openssl.org/news/vulnerabilities.html#2016-0797). + * Fix a defect that makes the _[CacheBleed Attack](https://ssrg.nicta.com.au/projects/TS/cachebleed/)_ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at [CVE-2016-0702](https://www.openssl.org/news/vulnerabilities.html#2016-0702). * Fixed several regressions that appeared in v5.7.0: - - **`path.relative()`**: - - Output is no longer unnecessarily verbose (Brian White) [#5389](https://github.com/nodejs/node/pull/5389). - - Resolving UNC paths on Windows now works correctly (Owen Smith) [#5456](https://github.com/nodejs/node/pull/5456). - - Resolving paths with prefixes now works correctly from the root directory (Owen Smith) [#5490](https://github.com/nodejs/node/pull/5490). - - **url**: Fixed an off-by-one error with `parse()` (Brian White) [#5394](https://github.com/nodejs/node/pull/5394). - - **dgram**: Now correctly handles a default address case when offset and length are specified (Matteo Collina) [#5407](https://github.com/nodejs/node/pull/5407). + * **`path.relative()`**: + * Output is no longer unnecessarily verbose (Brian White) [#5389](https://github.com/nodejs/node/pull/5389). + * Resolving UNC paths on Windows now works correctly (Owen Smith) [#5456](https://github.com/nodejs/node/pull/5456). + * Resolving paths with prefixes now works correctly from the root directory (Owen Smith) [#5490](https://github.com/nodejs/node/pull/5490). + * **url**: Fixed an off-by-one error with `parse()` (Brian White) [#5394](https://github.com/nodejs/node/pull/5394). + * **dgram**: Now correctly handles a default address case when offset and length are specified (Matteo Collina) [#5407](https://github.com/nodejs/node/pull/5407). ### Commits @@ -624,8 +624,8 @@ https://github.com/nodejs/node/pull/5655 ### Notable changes * **buffer**: - - You can now supply an `encoding` argument when filling a Buffer `Buffer#fill(string[, start[, end]][, encoding])`, supplying an existing Buffer will also work with `Buffer#fill(buffer[, start[, end]])`. See the [API documentation](https://nodejs.org/api/buffer.html#buffer_buf_fill_value_offset_end_encoding) for details on how this works. (Trevor Norris) [#4935](https://github.com/nodejs/node/pull/4935) - - `Buffer#indexOf()` no longer requires a `byteOffset` argument if you also wish to specify an `encoding`: `Buffer#indexOf(val[, byteOffset][, encoding])`. (Trevor Norris) [#4803](https://github.com/nodejs/node/pull/4803) + * You can now supply an `encoding` argument when filling a Buffer `Buffer#fill(string[, start[, end]][, encoding])`, supplying an existing Buffer will also work with `Buffer#fill(buffer[, start[, end]])`. See the [API documentation](https://nodejs.org/api/buffer.html#buffer_buf_fill_value_offset_end_encoding) for details on how this works. (Trevor Norris) [#4935](https://github.com/nodejs/node/pull/4935) + * `Buffer#indexOf()` no longer requires a `byteOffset` argument if you also wish to specify an `encoding`: `Buffer#indexOf(val[, byteOffset][, encoding])`. (Trevor Norris) [#4803](https://github.com/nodejs/node/pull/4803) * **child_process**: `spawn()` and `spawnSync()` now support a `'shell'` option to allow for optional execution of the given command inside a shell. If set to `true`, `cmd.exe` will be used on Windows and `/bin/sh` elsewhere. A path to a custom shell can also be passed to override these defaults. On Windows, this option allows `.bat.` and `.cmd` files to be executed with `spawn()` and `spawnSync()`. (Colin Ihrig) [#4598](https://github.com/nodejs/node/pull/4598) * **http_parser**: Update to http-parser 2.6.2 to fix an unintentionally strict limitation of allowable header characters (James M Snell) [#5237](https://github.com/nodejs/node/pull/5237) * **dgram**: `socket.send()` now supports accepts an array of Buffers or Strings as the first argument. See the [API docs](https://nodejs.org/download/nightly/v6.0.0-nightly201602102848f84332/docs/api/dgram.html#dgram_socket_send_msg_offset_length_port_address_callback) for details on how this works. (Matteo Collina) [#4374](https://github.com/nodejs/node/pull/4374) @@ -635,10 +635,10 @@ https://github.com/nodejs/node/pull/5655 * **tls**: Add a new `tlsSocket.getProtocol()` method to get the negotiated TLS protocol version of the current connection. (Brian White) [#4995](https://github.com/nodejs/node/pull/4995) * **vm**: Introduce new `'produceCachedData'` and `'cachedData'` options to `new vm.Script()` to interact with V8's code cache. When a new `vm.Script` object is created with the `'produceCachedData'` set to `true` a `Buffer` with V8's code cache data will be produced and stored in `cachedData` property of the returned object. This data in turn may be supplied back to another `vm.Script()` object with a `'cachedData'` option if the supplied source is the same. Successfully executing a script from cached data can speed up instantiation time. See the [API docs](https://nodejs.org/api/vm.html#vm_new_vm_script_code_options) for details. (Fedor Indutny) [#4777](https://github.com/nodejs/node/pull/4777) * **performance**: Improvements in: - - `process.nextTick()` (Ruben Bridgewater) [#5092](https://github.com/nodejs/node/pull/5092) - - `path` module (Brian White) [#5123](https://github.com/nodejs/node/pull/5123) - - `querystring` module (Brian White) [#5012](https://github.com/nodejs/node/pull/5012) - - `streams` module when processing small chunks (Matteo Collina) [#4354](https://github.com/nodejs/node/pull/4354) + * `process.nextTick()` (Ruben Bridgewater) [#5092](https://github.com/nodejs/node/pull/5092) + * `path` module (Brian White) [#5123](https://github.com/nodejs/node/pull/5123) + * `querystring` module (Brian White) [#5012](https://github.com/nodejs/node/pull/5012) + * `streams` module when processing small chunks (Matteo Collina) [#4354](https://github.com/nodejs/node/pull/4354) ### Commits @@ -917,16 +917,16 @@ This is an important security release. All Node.js users should consult the secu ### Notable Changes -- **events**: make sure console functions exist (Dave) [#4479](https://github.com/nodejs/node/pull/4479) -- **fs**: add autoClose option to fs.createWriteStream (Saquib) [#3679](https://github.com/nodejs/node/pull/3679) -- **http**: improves expect header handling (Daniel Sellers) [#4501](https://github.com/nodejs/node/pull/4501) -- **node**: allow preload modules with -i (Evan Lucas) [#4696](https://github.com/nodejs/node/pull/4696) -- **v8,src**: expose statistics about heap spaces (`v8.getHeapSpaceStatistics()`) (Ben Ripkens) [#4463](https://github.com/nodejs/node/pull/4463) -- Minor performance improvements: - - **lib**: Use arrow functions instead of bind where possible (Minwoo Jung) [#3622](https://github.com/nodejs/node/pull/3622). - - (Mistakenly missing from v5.4.0) - - **module**: cache stat() results more aggressively (Ben Noordhuis) [#4575](https://github.com/nodejs/node/pull/4575) - - **querystring**: improve parse() performance (Brian White) [#4675](https://github.com/nodejs/node/pull/4675) +* **events**: make sure console functions exist (Dave) [#4479](https://github.com/nodejs/node/pull/4479) +* **fs**: add autoClose option to fs.createWriteStream (Saquib) [#3679](https://github.com/nodejs/node/pull/3679) +* **http**: improves expect header handling (Daniel Sellers) [#4501](https://github.com/nodejs/node/pull/4501) +* **node**: allow preload modules with -i (Evan Lucas) [#4696](https://github.com/nodejs/node/pull/4696) +* **v8,src**: expose statistics about heap spaces (`v8.getHeapSpaceStatistics()`) (Ben Ripkens) [#4463](https://github.com/nodejs/node/pull/4463) +* Minor performance improvements: + * **lib**: Use arrow functions instead of bind where possible (Minwoo Jung) [#3622](https://github.com/nodejs/node/pull/3622). + * (Mistakenly missing from v5.4.0) + * **module**: cache stat() results more aggressively (Ben Noordhuis) [#4575](https://github.com/nodejs/node/pull/4575) + * **querystring**: improve parse() performance (Brian White) [#4675](https://github.com/nodejs/node/pull/4675) ### Known issues @@ -1003,7 +1003,7 @@ This is an important security release. All Node.js users should consult the secu ### Notable Changes * Minor performance improvements: - - **module**: move unnecessary work for early return (Andres Suarez) [#3579](https://github.com/nodejs/node/pull/3579) + * **module**: move unnecessary work for early return (Andres Suarez) [#3579](https://github.com/nodejs/node/pull/3579) * Various bug fixes * Various doc fixes * Various test improvements @@ -1050,15 +1050,15 @@ This is an important security release. All Node.js users should consult the secu ### Notable changes * **http**: - - A new status code was added: 451 - "Unavailable For Legal Reasons" (Max Barinov) [#4377](https://github.com/nodejs/node/pull/4377). - - Idle sockets that have been kept alive now handle errors (José F. Romaniello) [#4482](https://github.com/nodejs/node/pull/4482). + * A new status code was added: 451 - "Unavailable For Legal Reasons" (Max Barinov) [#4377](https://github.com/nodejs/node/pull/4377). + * Idle sockets that have been kept alive now handle errors (José F. Romaniello) [#4482](https://github.com/nodejs/node/pull/4482). * This release also includes several minor performance improvements: - - **assert**: deepEqual is now speedier when comparing TypedArrays (Claudio Rodriguez) [#4330](https://github.com/nodejs/node/pull/4330). - - **lib**: Use arrow functions instead of bind where possible (Minwoo Jung) [node#3622](https://github.com/nodejs/node/pull/3622). - - **node**: Improved accessor perf of `process.env` (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780). - - **node**: Improved performance of `process.hrtime()` (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780), (Evan Lucas) [#4484](https://github.com/nodejs/node/pull/4484). - - **node**: Improved GetActiveHandles performance (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780). - - **util**: Use faster iteration in `util.format()` (Jackson Tian) [#3964](https://github.com/nodejs/node/pull/3964). + * **assert**: deepEqual is now speedier when comparing TypedArrays (Claudio Rodriguez) [#4330](https://github.com/nodejs/node/pull/4330). + * **lib**: Use arrow functions instead of bind where possible (Minwoo Jung) [node#3622](https://github.com/nodejs/node/pull/3622). + * **node**: Improved accessor perf of `process.env` (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780). + * **node**: Improved performance of `process.hrtime()` (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780), (Evan Lucas) [#4484](https://github.com/nodejs/node/pull/4484). + * **node**: Improved GetActiveHandles performance (Trevor Norris) [#3780](https://github.com/nodejs/node/pull/3780). + * **util**: Use faster iteration in `util.format()` (Jackson Tian) [#3964](https://github.com/nodejs/node/pull/3964). ### Known issues @@ -1174,15 +1174,15 @@ This is an important security release. All Node.js users should consult the secu ### Notable changes * **buffer**: - - `Buffer.prototype.includes()` has been added to keep parity with TypedArrays. (Alexander Martin) [#3567](https://github.com/nodejs/node/pull/3567). + * `Buffer.prototype.includes()` has been added to keep parity with TypedArrays. (Alexander Martin) [#3567](https://github.com/nodejs/node/pull/3567). * **domains**: - - Fix handling of uncaught exceptions. (Julien Gilli) [#3654](https://github.com/nodejs/node/pull/3654). + * Fix handling of uncaught exceptions. (Julien Gilli) [#3654](https://github.com/nodejs/node/pull/3654). * **https**: - - Added support for disabling session caching. (Fedor Indutny) [#4252](https://github.com/nodejs/node/pull/4252). + * Added support for disabling session caching. (Fedor Indutny) [#4252](https://github.com/nodejs/node/pull/4252). * **repl**: - - Allow third party modules to be imported using `require()`. This corrects a regression from 5.2.0. (Ben Noordhuis) [#4215](https://github.com/nodejs/node/pull/4215). + * Allow third party modules to be imported using `require()`. This corrects a regression from 5.2.0. (Ben Noordhuis) [#4215](https://github.com/nodejs/node/pull/4215). * **deps**: - - Upgrade libuv to 1.8.0. (Saúl Ibarra Corretgé) [#4276](https://github.com/nodejs/node/pull/4276). + * Upgrade libuv to 1.8.0. (Saúl Ibarra Corretgé) [#4276](https://github.com/nodejs/node/pull/4276). ### Known issues @@ -1251,12 +1251,12 @@ This is an important security release. All Node.js users should consult the secu ### Notable changes * **build**: - - Add support for Intel's VTune JIT profiling when compiled with `--enable-vtune-profiling`. For more information about VTune, see . (Chunyang Dai) [#3785](https://github.com/nodejs/node/pull/3785). - - Properly enable V8 snapshots by default. Due to a configuration error, snapshots have been kept off by default when the intention is for the feature to be enabled. (Fedor Indutny) [#3962](https://github.com/nodejs/node/pull/3962). + * Add support for Intel's VTune JIT profiling when compiled with `--enable-vtune-profiling`. For more information about VTune, see . (Chunyang Dai) [#3785](https://github.com/nodejs/node/pull/3785). + * Properly enable V8 snapshots by default. Due to a configuration error, snapshots have been kept off by default when the intention is for the feature to be enabled. (Fedor Indutny) [#3962](https://github.com/nodejs/node/pull/3962). * **crypto**: - - Simplify use of ECDH (Elliptic Curve Diffie-Hellman) objects (created via `crypto.createECDH(curve_name)`) with private keys that are not dynamically generated via `generateKeys()`. The public key is now computed when explicitly setting a private key. Added validity checks to reduce the possibility of computing weak or invalid shared secrets. Also, deprecated the `setPublicKey()` method for ECDH objects as its usage is unnecessary and can lead to inconsistent state. (Michael Ruddy) [#3511](https://github.com/nodejs/node/pull/3511). - - Update root certificates from the current list stored maintained by Mozilla NSS. (Ben Noordhuis) [#3951](https://github.com/nodejs/node/pull/3951). - - Multiple CA certificates can now be passed with the `ca` option to TLS methods as an array of strings or in a single new-line separated string. (Ben Noordhuis) [#4099](https://github.com/nodejs/node/pull/4099) + * Simplify use of ECDH (Elliptic Curve Diffie-Hellman) objects (created via `crypto.createECDH(curve_name)`) with private keys that are not dynamically generated via `generateKeys()`. The public key is now computed when explicitly setting a private key. Added validity checks to reduce the possibility of computing weak or invalid shared secrets. Also, deprecated the `setPublicKey()` method for ECDH objects as its usage is unnecessary and can lead to inconsistent state. (Michael Ruddy) [#3511](https://github.com/nodejs/node/pull/3511). + * Update root certificates from the current list stored maintained by Mozilla NSS. (Ben Noordhuis) [#3951](https://github.com/nodejs/node/pull/3951). + * Multiple CA certificates can now be passed with the `ca` option to TLS methods as an array of strings or in a single new-line separated string. (Ben Noordhuis) [#4099](https://github.com/nodejs/node/pull/4099) * **tools**: Include a tick processor in core, exposed via the `--prof-process` command-line argument which can be used to process V8 profiling output files generated when using the `--prof` command-line argument. (Matt Loring) [#4021](https://github.com/nodejs/node/pull/4021). ### Known issues @@ -1381,8 +1381,8 @@ This is an important security release. All Node.js users should consult the secu * **http**: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts to trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny) * **openssl**: Upgrade to 1.0.2e, containing fixes for: - - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack may be possible against a Node.js TLS server using DHE key exchange. Details are available at . - - CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at . + * CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack may be possible against a Node.js TLS server using DHE key exchange. Details are available at . + * CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at . (Shigeki Ohtsu) [#4134](https://github.com/nodejs/node/pull/4134) * **v8**: Backport fix for CVE-2015-6764, a bug in `JSON.stringify()` that can result in out-of-bounds reads for arrays. (Ben Noordhuis) @@ -1406,14 +1406,14 @@ This is an important security release. All Node.js users should consult the secu ### Notable changes * **buffer**: The `noAssert` option for many buffer functions will now silently drop invalid write values rather than crashing (Minqi Pan) [#3767](https://github.com/nodejs/node/pull/3767). - - This makes the behavior match what the docs suggest. + * This makes the behavior match what the docs suggest. * **child_process**: `child.send()` now properly returns a boolean like the docs suggest (Rich Trott) [#3577](https://github.com/nodejs/node/pull/3577). * **doc**: All of the API docs have been re-ordered so as to read in alphabetical order (Tristian Flanagan) [#3662](https://github.com/nodejs/node/pull/3662). * **http_parser**: update http-parser to 2.6.0 from 2.5.0 (James M Snell) [#3569](https://github.com/nodejs/node/pull/3569). - - Now supports the following HTTP methods: `LINK`, `UNLINK`, `BIND`, `REBIND`, `UNBIND`. - - Also added ACL and IPv6 Zone ID support. + * Now supports the following HTTP methods: `LINK`, `UNLINK`, `BIND`, `REBIND`, `UNBIND`. + * Also added ACL and IPv6 Zone ID support. * **npm**: upgrade npm to 3.3.12 from v3.3.6 (Rebecca Turner) [#3685](https://github.com/nodejs/node/pull/3685). - - See the release notes for [v3.3.7](https://github.com/npm/npm/releases/tag/v3.3.7), [v3.3.8](https://github.com/npm/npm/releases/tag/v3.3.8), [v3.3.9](https://github.com/npm/npm/releases/tag/v3.3.9), [v3.3.10](https://github.com/npm/npm/releases/tag/v3.3.10), [v3.3.11](https://github.com/npm/npm/releases/tag/v3.3.11), and [v3.3.12](https://github.com/npm/npm/releases/tag/v3.3.12) for more details. + * See the release notes for [v3.3.7](https://github.com/npm/npm/releases/tag/v3.3.7), [v3.3.8](https://github.com/npm/npm/releases/tag/v3.3.8), [v3.3.9](https://github.com/npm/npm/releases/tag/v3.3.9), [v3.3.10](https://github.com/npm/npm/releases/tag/v3.3.10), [v3.3.11](https://github.com/npm/npm/releases/tag/v3.3.11), and [v3.3.12](https://github.com/npm/npm/releases/tag/v3.3.12) for more details. * **repl**: The REPL no longer crashes if the [persistent history](https://nodejs.org/api/repl.html#repl_persistent_history) file cannot be opened (Evan Lucas) [#3630](https://github.com/nodejs/node/pull/3630). * **tls**: The default `sessionIdContext` now uses SHA1 in FIPS mode rather than MD5 (Stefan Budeanu) [#3755](https://github.com/nodejs/node/pull/3755). * **v8**: Added some more useful post-mortem data (Fedor Indutny) [#3779](https://github.com/nodejs/node/pull/3779). @@ -1572,30 +1572,30 @@ This is an important security release. All Node.js users should consult the secu * **buffer**: _(Breaking)_ Removed both `'raw'` and `'raws'` encoding types from `Buffer`, these have been deprecated for a long time (Sakthipriyan Vairamani) [#2859](https://github.com/nodejs/node/pull/2859). * **console**: _(Breaking)_ Values reported by `console.time()` now have 3 decimals of accuracy added (Michaël Zasso) [#3166](https://github.com/nodejs/node/pull/3166). * **fs**: - - `fs.readFile*()`, `fs.writeFile*()`, and `fs.appendFile*()` now also accept a file descriptor as their first argument (Johannes Wüller) [#3163](https://github.com/nodejs/node/pull/3163). - - _(Breaking)_ In `fs.readFile()`, if an encoding is specified and the internal `toString()` fails the error is no longer _thrown_ but is passed to the callback (Evan Lucas) [#3485](https://github.com/nodejs/node/pull/3485). - - _(Breaking)_ In `fs.read()` (using the `fs.read(fd, length, position, encoding, callback)` form), if the internal `toString()` fails the error is no longer _thrown_ but is passed to the callback (Evan Lucas) [#3503](https://github.com/nodejs/node/pull/3503). + * `fs.readFile*()`, `fs.writeFile*()`, and `fs.appendFile*()` now also accept a file descriptor as their first argument (Johannes Wüller) [#3163](https://github.com/nodejs/node/pull/3163). + * _(Breaking)_ In `fs.readFile()`, if an encoding is specified and the internal `toString()` fails the error is no longer _thrown_ but is passed to the callback (Evan Lucas) [#3485](https://github.com/nodejs/node/pull/3485). + * _(Breaking)_ In `fs.read()` (using the `fs.read(fd, length, position, encoding, callback)` form), if the internal `toString()` fails the error is no longer _thrown_ but is passed to the callback (Evan Lucas) [#3503](https://github.com/nodejs/node/pull/3503). * **http**: - - Fixed a bug where pipelined http requests would stall (Fedor Indutny) [#3342](https://github.com/nodejs/node/pull/3342). - - _(Breaking)_ When parsing HTTP, don't add duplicates of the following headers: `Retry-After`, `ETag`, `Last-Modified`, `Server`, `Age`, `Expires`. This is in addition to the following headers which already block duplicates: `Content-Type`, `Content-Length`, `User-Agent`, `Referer`, `Host`, `Authorization`, `Proxy-Authorization`, `If-Modified-Since`, `If-Unmodified-Since`, `From`, `Location`, `Max-Forwards` (James M Snell) [#3090](https://github.com/nodejs/node/pull/3090). - - _(Breaking)_ The `callback` argument to `OutgoingMessage#setTimeout()` must be a function or a `TypeError` is thrown (James M Snell) [#3090](https://github.com/nodejs/node/pull/3090). - - _(Breaking)_ HTTP methods and header names must now conform to the RFC 2616 "token" rule, a list of allowed characters that excludes control characters and a number of _separator_ characters. Specifically, methods and header names must now match ```/^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/``` or a `TypeError` will be thrown (James M Snell) [#2526](https://github.com/nodejs/node/pull/2526). + * Fixed a bug where pipelined http requests would stall (Fedor Indutny) [#3342](https://github.com/nodejs/node/pull/3342). + * _(Breaking)_ When parsing HTTP, don't add duplicates of the following headers: `Retry-After`, `ETag`, `Last-Modified`, `Server`, `Age`, `Expires`. This is in addition to the following headers which already block duplicates: `Content-Type`, `Content-Length`, `User-Agent`, `Referer`, `Host`, `Authorization`, `Proxy-Authorization`, `If-Modified-Since`, `If-Unmodified-Since`, `From`, `Location`, `Max-Forwards` (James M Snell) [#3090](https://github.com/nodejs/node/pull/3090). + * _(Breaking)_ The `callback` argument to `OutgoingMessage#setTimeout()` must be a function or a `TypeError` is thrown (James M Snell) [#3090](https://github.com/nodejs/node/pull/3090). + * _(Breaking)_ HTTP methods and header names must now conform to the RFC 2616 "token" rule, a list of allowed characters that excludes control characters and a number of _separator_ characters. Specifically, methods and header names must now match ```/^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/``` or a `TypeError` will be thrown (James M Snell) [#2526](https://github.com/nodejs/node/pull/2526). * **node**: - - _(Breaking)_ Deprecated the `_linklist` module (Rich Trott) [#3078](https://github.com/nodejs/node/pull/3078). - - _(Breaking)_ Removed `require.paths` and `require.registerExtension()`, both had been previously set to throw `Error` when accessed (Sakthipriyan Vairamani) [#2922](https://github.com/nodejs/node/pull/2922). + * _(Breaking)_ Deprecated the `_linklist` module (Rich Trott) [#3078](https://github.com/nodejs/node/pull/3078). + * _(Breaking)_ Removed `require.paths` and `require.registerExtension()`, both had been previously set to throw `Error` when accessed (Sakthipriyan Vairamani) [#2922](https://github.com/nodejs/node/pull/2922). * **npm**: Upgraded to version 3.3.6 from 2.14.7, see https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a major version bump for npm and it has seen a significant amount of change. Please see the original [npm v3.0.0 release notes](https://github.com/npm/npm/blob/master/CHANGELOG.md#v300-2015-06-25) for a list of major changes (Rebecca Turner) [#3310](https://github.com/nodejs/node/pull/3310). * **src**: _(Breaking)_ Bumped `NODE_MODULE_VERSION` to `47` from `46`, this is necessary due to the V8 upgrade. Native add-ons will need to be recompiled (Rod Vagg) [#3400](https://github.com/nodejs/node/pull/3400). * **timers**: Attempt to reuse the timer handle for `setTimeout().unref()`. This fixes a long-standing known issue where unrefed timers would perviously hold `beforeExit` open (Fedor Indutny) [#3407](https://github.com/nodejs/node/pull/3407). * **tls**: - - Added ALPN Support (Shigeki Ohtsu) [#2564](https://github.com/nodejs/node/pull/2564). - - TLS options can now be passed in an object to `createSecurePair()` (Коренберг Марк) [#2441](https://github.com/nodejs/node/pull/2441). - - _(Breaking)_ The default minimum DH key size for `tls.connect()` is now 1024 bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new `minDHSize` TLS option can be used to override the default. (Shigeki Ohtsu) [#1831](https://github.com/nodejs/node/pull/1831). + * Added ALPN Support (Shigeki Ohtsu) [#2564](https://github.com/nodejs/node/pull/2564). + * TLS options can now be passed in an object to `createSecurePair()` (Коренберг Марк) [#2441](https://github.com/nodejs/node/pull/2441). + * _(Breaking)_ The default minimum DH key size for `tls.connect()` is now 1024 bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new `minDHSize` TLS option can be used to override the default. (Shigeki Ohtsu) [#1831](https://github.com/nodejs/node/pull/1831). * **util**: - - _(Breaking)_ `util.p()` was deprecated for years, and has now been removed (Wyatt Preul) [#3432](https://github.com/nodejs/node/pull/3432). - - _(Breaking)_ `util.inherits()` can now work with ES6 classes. This is considered a breaking change because of potential subtle side-effects caused by a change from directly reassigning the prototype of the constructor using `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })` to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)` (Michaël Zasso) [#3455](https://github.com/nodejs/node/pull/3455). + * _(Breaking)_ `util.p()` was deprecated for years, and has now been removed (Wyatt Preul) [#3432](https://github.com/nodejs/node/pull/3432). + * _(Breaking)_ `util.inherits()` can now work with ES6 classes. This is considered a breaking change because of potential subtle side-effects caused by a change from directly reassigning the prototype of the constructor using `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })` to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)` (Michaël Zasso) [#3455](https://github.com/nodejs/node/pull/3455). * **v8**: _(Breaking)_ Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) [#3351](https://github.com/nodejs/node/pull/3351). - - Implements the spread operator, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator for further information. - - Implements `new.target`, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target for further information. + * Implements the spread operator, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator for further information. + * Implements `new.target`, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target for further information. * **zlib**: Decompression now throws on truncated input (e.g. unexpected end of file) (Yuval Brik) [#2595](https://github.com/nodejs/node/pull/2595). ### Known issues diff --git a/doc/changelogs/CHANGELOG_V6.md b/doc/changelogs/CHANGELOG_V6.md index e17760742d8084..2e84d741b8848f 100644 --- a/doc/changelogs/CHANGELOG_V6.md +++ b/doc/changelogs/CHANGELOG_V6.md @@ -87,7 +87,7 @@ Node 6 is due to go End-of-Life on 2019-04-30. ### Notable Changes * **http**: - - fix error check in `Execute()` (Brian White) [#25939](https://github.com/nodejs/node/pull/25939) + * fix error check in `Execute()` (Brian White) [#25939](https://github.com/nodejs/node/pull/25939) ### Commits @@ -118,8 +118,8 @@ Fixes for the following CVEs are included in this release: * **deps**: OpenSSL has been upgraded to 1.0.2r which contains a fix for [CVE-2019-1559](https://www.openssl.org/news/secadv/20190226.txt). Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid _padding_ compared to a zero-byte record with an invalid _MAC_. This can be used as the basis of a padding oracle attack to decrypt data. * **http**: - - Backport `server.keepAliveTimeout` to prevent keep-alive HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential Denial of Service (DoS). (CVE-2019-5739 / [Timur Shemsedinov](https://github.com/tshemsedinov), [Matteo Collina](https://twitter.com/matteocollina)) - - Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci ([Voxnest](https://voxnest.com)). (CVE-2019-5737 / Matteo Collina) + * Backport `server.keepAliveTimeout` to prevent keep-alive HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential Denial of Service (DoS). (CVE-2019-5739 / [Timur Shemsedinov](https://github.com/tshemsedinov), [Matteo Collina](https://twitter.com/matteocollina)) + * Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci ([Voxnest](https://voxnest.com)). (CVE-2019-5737 / Matteo Collina) ### Commits @@ -145,9 +145,9 @@ a missing CLI flag to adjust the max header size of the http parser. ### Notable Changes * **cli**: - - add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811) + * add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811) * **http**: - - add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860) + * add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860) ### Commits @@ -264,7 +264,7 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **n-api**: - - n-api has been backported to v6.x. It is being landed as an experimental interface, + * n-api has been backported to v6.x. It is being landed as an experimental interface, and as such is landing in a Semver-Patch release. (Gabriel Schulhof) [#19447](https://github.com/nodejs/node/pull/19447) ### Commits @@ -549,7 +549,7 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **http, tls**: - - better support for IPv6 addresses (Mattias Holmlund) [#14772](https://github.com/nodejs/node/pull/14772) + * better support for IPv6 addresses (Mattias Holmlund) [#14772](https://github.com/nodejs/node/pull/14772) ### Commits @@ -586,39 +586,39 @@ This LTS release comes with 112 commits, 17 of which are considered Semver-Minor ### Notable Changes * **console**: - - added console.count() and console.clear() (James M Snell) [#12678](https://github.com/nodejs/node/pull/12678) + * added console.count() and console.clear() (James M Snell) [#12678](https://github.com/nodejs/node/pull/12678) * **crypto**: - - expose ECDH class (Bryan English) [#8188](https://github.com/nodejs/node/pull/8188) - - added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas) [#10209](https://github.com/nodejs/node/pull/10209) - - warn on invalid authentication tag length (Tobias Nießen) [#17566](https://github.com/nodejs/node/pull/17566) + * expose ECDH class (Bryan English) [#8188](https://github.com/nodejs/node/pull/8188) + * added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas) [#10209](https://github.com/nodejs/node/pull/10209) + * warn on invalid authentication tag length (Tobias Nießen) [#17566](https://github.com/nodejs/node/pull/17566) * **deps**: - - upgrade libuv to 1.16.1 (cjihrig) [#16835](https://github.com/nodejs/node/pull/16835) + * upgrade libuv to 1.16.1 (cjihrig) [#16835](https://github.com/nodejs/node/pull/16835) * **dgram**: - - added socket.setMulticastInterface() (Will Young) [#7855](https://github.com/nodejs/node/pull/7855) + * added socket.setMulticastInterface() (Will Young) [#7855](https://github.com/nodejs/node/pull/7855) * **http**: - - add agent.keepSocketAlive and agent.reuseSocket as to allow overridable keep-alive behavior of `Agent` (Fedor Indutny) [#13005](https://github.com/nodejs/node/pull/13005) + * add agent.keepSocketAlive and agent.reuseSocket as to allow overridable keep-alive behavior of `Agent` (Fedor Indutny) [#13005](https://github.com/nodejs/node/pull/13005) * **lib**: - - return this from net.Socket.end() (Sam Roberts) [#13481](https://github.com/nodejs/node/pull/13481) + * return this from net.Socket.end() (Sam Roberts) [#13481](https://github.com/nodejs/node/pull/13481) * **module**: - - add builtinModules api that provides list of all builtin modules in Node (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386) + * add builtinModules api that provides list of all builtin modules in Node (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386) * **net**: - - return this from getConnections() (Sam Roberts) [#13553](https://github.com/nodejs/node/pull/13553) + * return this from getConnections() (Sam Roberts) [#13553](https://github.com/nodejs/node/pull/13553) * **promises**: - - more robust stringification for unhandled rejections (Timothy Gu) [#13784](https://github.com/nodejs/node/pull/13784) + * more robust stringification for unhandled rejections (Timothy Gu) [#13784](https://github.com/nodejs/node/pull/13784) * **repl**: - - improve require() autocompletion (Alexey Orlenko) [#14409](https://github.com/nodejs/node/pull/14409) + * improve require() autocompletion (Alexey Orlenko) [#14409](https://github.com/nodejs/node/pull/14409) * **src**: - - add openssl-system-ca-path configure option (Daniel Bevenius) [#16790](https://github.com/nodejs/node/pull/16790) - - add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius) [#12087](https://github.com/nodejs/node/pull/12087) - - add process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839) + * add openssl-system-ca-path configure option (Daniel Bevenius) [#16790](https://github.com/nodejs/node/pull/16790) + * add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius) [#12087](https://github.com/nodejs/node/pull/12087) + * add process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839) * **tls**: - - accept `lookup` option for `tls.connect()` (Fedor Indutny) [#12839](https://github.com/nodejs/node/pull/12839) + * accept `lookup` option for `tls.connect()` (Fedor Indutny) [#12839](https://github.com/nodejs/node/pull/12839) * **tools, build**: - - a new macOS installer! (JP Wesselink) [#15179](https://github.com/nodejs/node/pull/15179) + * a new macOS installer! (JP Wesselink) [#15179](https://github.com/nodejs/node/pull/15179) * **url**: - - WHATWG URL api support (James M Snell) [#7448](https://github.com/nodejs/node/pull/7448) + * WHATWG URL api support (James M Snell) [#7448](https://github.com/nodejs/node/pull/7448) * **util**: - - add %i and %f formatting specifiers (Roman Reiss) [#10308](https://github.com/nodejs/node/pull/10308) + * add %i and %f formatting specifiers (Roman Reiss) [#10308](https://github.com/nodejs/node/pull/10308) ### Commits @@ -744,7 +744,7 @@ This LTS release comes with 115 commits. This includes 52 which are test related ### Notable Changes * **build**: - - configure can now be run from any directory (Gibson Fahnestock) [#17321](https://github.com/nodejs/node/pull/17321) + * configure can now be run from any directory (Gibson Fahnestock) [#17321](https://github.com/nodejs/node/pull/17321) ### Commits @@ -898,11 +898,11 @@ This LTS release comes with 263 commits. This includes 173 which are test relate ### Notable Changes * **build**: - - fix npm install with --shared (Ben Noordhuis) [#16438](https://github.com/nodejs/node/pull/16438) + * fix npm install with --shared (Ben Noordhuis) [#16438](https://github.com/nodejs/node/pull/16438) * **build**: - - building with python 3 is now supported (Emily Marigold Klassen) [#16058](https://github.com/nodejs/node/pull/16058) + * building with python 3 is now supported (Emily Marigold Klassen) [#16058](https://github.com/nodejs/node/pull/16058) * **src**: - - v8 options can be specified with either '\_' or '-' in NODE_OPTIONS (Sam Roberts) [#14093](https://github.com/nodejs/node/pull/14093) + * v8 options can be specified with either '\_' or '-' in NODE_OPTIONS (Sam Roberts) [#14093](https://github.com/nodejs/node/pull/14093) ### Commits @@ -1181,28 +1181,28 @@ This release includes a security update to openssl that has been deemed low seve ### Notable Changes * **assert**: - - assert.fail() can now take one or two arguments (Rich Trott) [#12293](https://github.com/nodejs/node/pull/12293) + * assert.fail() can now take one or two arguments (Rich Trott) [#12293](https://github.com/nodejs/node/pull/12293) * **crypto**: - - add sign/verify support for RSASSA-PSS (Tobias Nießen) [#11705](https://github.com/nodejs/node/pull/11705) + * add sign/verify support for RSASSA-PSS (Tobias Nießen) [#11705](https://github.com/nodejs/node/pull/11705) * **deps**: - - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691) - - upgrade libuv to 1.15.0 (cjihrig) [#15745](https://github.com/nodejs/node/pull/15745) - - upgrade libuv to 1.14.1 (cjihrig) [#14866](https://github.com/nodejs/node/pull/14866) - - upgrade libuv to 1.13.1 (cjihrig) [#14117](https://github.com/nodejs/node/pull/14117) - - upgrade libuv to 1.12.0 (cjihrig) [#13306](https://github.com/nodejs/node/pull/13306) + * upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691) + * upgrade libuv to 1.15.0 (cjihrig) [#15745](https://github.com/nodejs/node/pull/15745) + * upgrade libuv to 1.14.1 (cjihrig) [#14866](https://github.com/nodejs/node/pull/14866) + * upgrade libuv to 1.13.1 (cjihrig) [#14117](https://github.com/nodejs/node/pull/14117) + * upgrade libuv to 1.12.0 (cjihrig) [#13306](https://github.com/nodejs/node/pull/13306) * **fs**: - - Add support for fs.write/fs.writeSync(fd, buffer, cb) and fs.write/fs.writeSync(fd, buffer, offset, cb) as documented (Andreas Lind) [#7856](https://github.com/nodejs/node/pull/7856) + * Add support for fs.write/fs.writeSync(fd, buffer, cb) and fs.write/fs.writeSync(fd, buffer, offset, cb) as documented (Andreas Lind) [#7856](https://github.com/nodejs/node/pull/7856) * **inspector**: - - enable --inspect-brk (Refael Ackermann) [#12615](https://github.com/nodejs/node/pull/12615) + * enable --inspect-brk (Refael Ackermann) [#12615](https://github.com/nodejs/node/pull/12615) * **process**: - - add --redirect-warnings command line argument (James M Snell) [#10116](https://github.com/nodejs/node/pull/10116) + * add --redirect-warnings command line argument (James M Snell) [#10116](https://github.com/nodejs/node/pull/10116) * **src**: - - allow CLI args in env with NODE_OPTIONS (Sam Roberts) [#12028](https://github.com/nodejs/node/pull/12028) - - --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts) [#13932](https://github.com/nodejs/node/pull/13932) - - allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts) [#13172](https://github.com/nodejs/node/pull/13172) - - use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts) [#12677](https://github.com/nodejs/node/pull/12677) + * allow CLI args in env with NODE_OPTIONS (Sam Roberts) [#12028](https://github.com/nodejs/node/pull/12028) + * --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts) [#13932](https://github.com/nodejs/node/pull/13932) + * allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts) [#13172](https://github.com/nodejs/node/pull/13172) + * use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts) [#12677](https://github.com/nodejs/node/pull/12677) * **test**: - - remove common.fail() (Rich Trott) [#12293](https://github.com/nodejs/node/pull/12293) + * remove common.fail() (Rich Trott) [#12293](https://github.com/nodejs/node/pull/12293) ### Commits @@ -1342,7 +1342,7 @@ This is a security release. All Node.js users should consult the security releas ### Notable Changes * **zlib**: - - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95) + * CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95) ### Commits @@ -1357,7 +1357,7 @@ This LTS release comes with 91 commits. This includes 29 which are test related, ### Notable Changes * **net**: - - support passing undefined to listen() to match behavior in v4.x and v8.x (Sam Roberts) [#14234](https://github.com/nodejs/node/pull/14234) + * support passing undefined to listen() to match behavior in v4.x and v8.x (Sam Roberts) [#14234](https://github.com/nodejs/node/pull/14234) ### Commits @@ -1462,13 +1462,13 @@ This LTS release comes with 152 commits. This includes 75 which are test related ### Notable Changes * **build**: - - Codesigning is fixed on macOS (Evan Lucas) [#14179](https://github.com/nodejs/node/pull/14179) + * Codesigning is fixed on macOS (Evan Lucas) [#14179](https://github.com/nodejs/node/pull/14179) * **deps**: - - Snapshots are turned back on!!! (Yang Guo) [#14385](https://github.com/nodejs/node/pull/14385) + * Snapshots are turned back on!!! (Yang Guo) [#14385](https://github.com/nodejs/node/pull/14385) * **path**: - - win32 volume-relative paths are working again! (Timothy Gu) [#14440](https://github.com/nodejs/node/pull/14440) + * win32 volume-relative paths are working again! (Timothy Gu) [#14440](https://github.com/nodejs/node/pull/14440) * **tools**: - - v6.x can now build with ICU 59 (Steven R. Loomis) [#12078](https://github.com/nodejs/node/pull/12078) + * v6.x can now build with ICU 59 (Steven R. Loomis) [#12078](https://github.com/nodejs/node/pull/12078) ### Commits @@ -1634,18 +1634,18 @@ This LTS release comes with 221 commits. This includes 80 which are test related ### Notable Changes * **configure**: - - add mips64el to valid_arch (Aditya Anand) [#13620](https://github.com/nodejs/node/pull/13620) + * add mips64el to valid_arch (Aditya Anand) [#13620](https://github.com/nodejs/node/pull/13620) * **crypto**: - - Updated root certificates based on [NSS 3.30](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30_release_notes) (Ben Noordhuis) - - [#13279](https://github.com/nodejs/node/pull/13279) - - [#12402](https://github.com/nodejs/node/pull/12402) + * Updated root certificates based on [NSS 3.30](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30_release_notes) (Ben Noordhuis) + * [#13279](https://github.com/nodejs/node/pull/13279) + * [#12402](https://github.com/nodejs/node/pull/12402) * **deps**: - - upgrade OpenSSL to version 1.0.2.l (Shigeki Ohtsu) [#12913](https://github.com/nodejs/node/pull/12913) + * upgrade OpenSSL to version 1.0.2.l (Shigeki Ohtsu) [#12913](https://github.com/nodejs/node/pull/12913) * **http**: - - parse errors are now reported when NODE_DEBUG=http (Sam Roberts) [#13206](https://github.com/nodejs/node/pull/13206) - - Agent construction can now be envoked without `new` (cjihrig) [#12927](https://github.com/nodejs/node/pull/12927) + * parse errors are now reported when NODE_DEBUG=http (Sam Roberts) [#13206](https://github.com/nodejs/node/pull/13206) + * Agent construction can now be envoked without `new` (cjihrig) [#12927](https://github.com/nodejs/node/pull/12927) * **zlib**: - - node will now throw an Error when zlib rejects the value of windowBits, instead of crashing (Alexey Orlenko) [#13098](https://github.com/nodejs/node/pull/13098) + * node will now throw an Error when zlib rejects the value of windowBits, instead of crashing (Alexey Orlenko) [#13098](https://github.com/nodejs/node/pull/13098) ### Commits @@ -1879,9 +1879,9 @@ This is a security release. All Node.js users should consult the security releas ### Notable Changes * **build**: - - Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh) + * Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh) * **deps**: - - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale) + * CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale) ### Commits @@ -1899,9 +1899,9 @@ This LTS release comes with 126 commits. This includes 40 which are test related ### Notable Changes * **build**: - - support for building mips64el (nanxiongchao) [#10991](https://github.com/nodejs/node/pull/10991) + * support for building mips64el (nanxiongchao) [#10991](https://github.com/nodejs/node/pull/10991) * **cluster**: - - disconnect() now returns a reference to the disconnected worker. (Sean Villars) [#10019](https://github.com/nodejs/node/pull/10019) + * disconnect() now returns a reference to the disconnected worker. (Sean Villars) [#10019](https://github.com/nodejs/node/pull/10019) * **crypto**: * ability to select cert store at runtime (Adam Majer) [#8334](https://github.com/nodejs/node/pull/8334) * Use system CAs instead of using bundled ones (Adam Majer) [#8334](https://github.com/nodejs/node/pull/8334) @@ -1918,7 +1918,7 @@ This LTS release comes with 126 commits. This includes 40 which are test related * **process**: * add NODE_NO_WARNINGS environment variable (cjihrig) [#10842](https://github.com/nodejs/node/pull/10842) * **readline**: - - add option to stop duplicates in history (Danny Nemer) [#2982](https://github.com/nodejs/node/pull/2982) + * add option to stop duplicates in history (Danny Nemer) [#2982](https://github.com/nodejs/node/pull/2982) * **src**: * support "--" after "-e" as end-of-options (John Barboza) [#10651](https://github.com/nodejs/node/pull/10651) * **tls**: @@ -2060,11 +2060,11 @@ This LTS release comes with 126 commits. This includes 40 which are test related ### Notable Changes * **module**: - - The [module loading global fallback](https://nodejs.org/dist/latest-v4.x/docs/api/modules.html#modules_loading_from_the_global_folders) to the Node executable's directory now works correctly on Windows. (Richard Lau) [#9283](https://github.com/nodejs/node/pull/9283) + * The [module loading global fallback](https://nodejs.org/dist/latest-v4.x/docs/api/modules.html#modules_loading_from_the_global_folders) to the Node executable's directory now works correctly on Windows. (Richard Lau) [#9283](https://github.com/nodejs/node/pull/9283) * **src**: - - fix base64 decoding in rare edgecase (Nikolai Vavilov) [#11995](https://github.com/nodejs/node/pull/11995) + * fix base64 decoding in rare edgecase (Nikolai Vavilov) [#11995](https://github.com/nodejs/node/pull/11995) * **tls**: - - fix rare segmentation faults when using TLS + * fix rare segmentation faults when using TLS * (Trevor Norris) [#11947](https://github.com/nodejs/node/pull/11947) * (Ben Noordhuis) [#11898](https://github.com/nodejs/node/pull/11898) * (jBarz) [#11776](https://github.com/nodejs/node/pull/11776) @@ -2239,12 +2239,12 @@ that were present in zlib 1.2.8. ### Notable changes * **crypto**: - - fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089) + * fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089) * **deps**: - - upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980) - - backport V8 fixes for spread syntax regression causing segfaults (Michaël Zasso) [#12037](https://github.com/nodejs/node/pull/12037) + * upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980) + * backport V8 fixes for spread syntax regression causing segfaults (Michaël Zasso) [#12037](https://github.com/nodejs/node/pull/12037) * **repl**: - - Revert commit that broke REPL display on Windows (Myles Borins) [#12123](https://github.com/nodejs/node/pull/12123) + * Revert commit that broke REPL display on Windows (Myles Borins) [#12123](https://github.com/nodejs/node/pull/12123) ### Commits @@ -2265,21 +2265,21 @@ This LTS release comes with 297 commits. This includes 124 which are test relate ### Notable changes * **performance**: The performance of several APIs has been improved. - - `Buffer.compare()` is up to 35% faster on average. (Brian White) [#10927](https://github.com/nodejs/node/pull/10927) - - `buffer.toJSON()` is up to 2859% faster on average. (Brian White) [#10895](https://github.com/nodejs/node/pull/10895) - - `fs.*statSync()` functions are now up to 9.3% faster on average. (Brian White) [#11522](https://github.com/nodejs/node/pull/11522) - - `os.loadavg` is up to 151% faster. (Brian White) [#11516](https://github.com/nodejs/node/pull/11516) - - `process.memoryUsage()` is up to 34% faster. (Brian White) [#11497](https://github.com/nodejs/node/pull/11497) - - `querystring.unescape()` for `Buffer`s is 15% faster on average. (Brian White) [#10837](https://github.com/nodejs/node/pull/10837) - - `querystring.stringify()` is up to 7.8% faster on average. (Brian White) [#10852](https://github.com/nodejs/node/pull/10852) - - `querystring.parse()` is up to 21% faster on average. (Brian White) [#10874](https://github.com/nodejs/node/pull/10874) + * `Buffer.compare()` is up to 35% faster on average. (Brian White) [#10927](https://github.com/nodejs/node/pull/10927) + * `buffer.toJSON()` is up to 2859% faster on average. (Brian White) [#10895](https://github.com/nodejs/node/pull/10895) + * `fs.*statSync()` functions are now up to 9.3% faster on average. (Brian White) [#11522](https://github.com/nodejs/node/pull/11522) + * `os.loadavg` is up to 151% faster. (Brian White) [#11516](https://github.com/nodejs/node/pull/11516) + * `process.memoryUsage()` is up to 34% faster. (Brian White) [#11497](https://github.com/nodejs/node/pull/11497) + * `querystring.unescape()` for `Buffer`s is 15% faster on average. (Brian White) [#10837](https://github.com/nodejs/node/pull/10837) + * `querystring.stringify()` is up to 7.8% faster on average. (Brian White) [#10852](https://github.com/nodejs/node/pull/10852) + * `querystring.parse()` is up to 21% faster on average. (Brian White) [#10874](https://github.com/nodejs/node/pull/10874) * **IPC**: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. (Alexey Orlenko) [#10677](https://github.com/nodejs/node/pull/10677) - - Performance gains may be up to 40% for some workloads. + * Performance gains may be up to 40% for some workloads. * **child_process**: `spawnSync` now returns a null `status` when child is terminated by a signal. (cjihrig) [#11288](https://github.com/nodejs/node/pull/11288) - - This fixes the behavior to act like `spawn()` does. + * This fixes the behavior to act like `spawn()` does. * **http**: - - Control characters are now always rejected when using `http.request()`. (Ben Noordhuis) [#8923](https://github.com/nodejs/node/pull/8923) - - Debug messages have been added for cases when headers contain invalid values. (Evan Lucas) [#9195](https://github.com/nodejs/node/pull/9195) + * Control characters are now always rejected when using `http.request()`. (Ben Noordhuis) [#8923](https://github.com/nodejs/node/pull/8923) + * Debug messages have been added for cases when headers contain invalid values. (Evan Lucas) [#9195](https://github.com/nodejs/node/pull/9195) * **node**: Heap statistics now support values larger than 4GB. (Ben Noordhuis) [#10186](https://github.com/nodejs/node/pull/10186) * **timers**: Timer callbacks now always maintain order when interacting with domain error handling. (John Barboza) [#10522](https://github.com/nodejs/node/pull/10522) @@ -2826,14 +2826,14 @@ are updates to dependencies. * **build**: shared library support is now working for AIX builds (Stewart Addison) [#9675](https://github.com/nodejs/node/pull/9675) * **deps**: - - *npm*: upgrade npm to 3.10.10 (Rebecca Turner) [#9847](https://github.com/nodejs/node/pull/9847) - - *V8*: Destructuring of arrow function arguments via computed property no longer throws (Michaël Zasso) [#10386](https://github.com/nodejs/node/pull/10386) + * *npm*: upgrade npm to 3.10.10 (Rebecca Turner) [#9847](https://github.com/nodejs/node/pull/9847) + * *V8*: Destructuring of arrow function arguments via computed property no longer throws (Michaël Zasso) [#10386](https://github.com/nodejs/node/pull/10386) * **inspector**: /json/version returns object, not an object wrapped in an array (Ben Noordhuis) [#9762](https://github.com/nodejs/node/pull/9762) * **module**: using --debug-brk and --eval together now works as expected (Kelvin Jin) [#8876](https://github.com/nodejs/node/pull/8876) * **process**: improve performance of nextTick up to 20% (Evan Lucas) [#8932](https://github.com/nodejs/node/pull/8932) * **repl**: - - the division operator will no longer be accidentally parsed as regex (Teddy Katz) [#10103](https://github.com/nodejs/node/pull/10103) - - improved support for generator functions (Teddy Katz) [#9852](https://github.com/nodejs/node/pull/9852) + * the division operator will no longer be accidentally parsed as regex (Teddy Katz) [#10103](https://github.com/nodejs/node/pull/10103) + * improved support for generator functions (Teddy Katz) [#9852](https://github.com/nodejs/node/pull/9852) * **timers**: Re canceling a cancelled timers will no longer throw (Jeremiah Senkpiel) [#9685](https://github.com/nodejs/node/pull/9685) ### Commits @@ -3162,10 +3162,10 @@ commits which are updates to dependencies. * **buffer**: coerce slice parameters consistently (Sakthipriyan Vairamani (thefourtheye)) [#9101](https://github.com/nodejs/node/pull/9101) * **deps**: - - *npm*: upgrade npm to 3.10.9 (Kat Marchán) [#9286](https://github.com/nodejs/node/pull/9286) - - *V8*: Various fixes to destructuring edge cases - - cherry-pick 3c39bac from V8 upstream (Cristian Cavalli) [#9138](https://github.com/nodejs/node/pull/9138) - - cherry pick 7166503 from upstream v8 (Cristian Cavalli) [#9173](https://github.com/nodejs/node/pull/9173) + * *npm*: upgrade npm to 3.10.9 (Kat Marchán) [#9286](https://github.com/nodejs/node/pull/9286) + * *V8*: Various fixes to destructuring edge cases + * cherry-pick 3c39bac from V8 upstream (Cristian Cavalli) [#9138](https://github.com/nodejs/node/pull/9138) + * cherry pick 7166503 from upstream v8 (Cristian Cavalli) [#9173](https://github.com/nodejs/node/pull/9173) * **gtest**: the test reporter now outputs tap comments as yamlish (Johan Bergström) [#9262](https://github.com/nodejs/node/pull/9262) * **inspector**: inspector now prompts user to use 127.0.0.1 rather than localhost (Eugene Ostroukhov) [#9451](https://github.com/nodejs/node/pull/9451) * **tls**: fix memory leak when writing data to TLSWrap instance during handshake (Fedor Indutny) [#9586](https://github.com/nodejs/node/pull/9586) @@ -3378,9 +3378,9 @@ This is also a security release. All Node.js users should consult the security r ### Notable changes * **fs**: - - `SyncWriteStream` now inherits from `Stream.Writable`. (Anna Henningsen) [#8830](https://github.com/nodejs/node/pull/8830) - - Practically, this means that when stdio is piped to a file, stdout and stderr will still be `Writable` streams. - - `fs.existsSync()` has been undeprecated. `fs.exists()` remains deprecated. (Dan Fabulich) [#8364](https://github.com/nodejs/node/pull/8364) + * `SyncWriteStream` now inherits from `Stream.Writable`. (Anna Henningsen) [#8830](https://github.com/nodejs/node/pull/8830) + * Practically, this means that when stdio is piped to a file, stdout and stderr will still be `Writable` streams. + * `fs.existsSync()` has been undeprecated. `fs.exists()` remains deprecated. (Dan Fabulich) [#8364](https://github.com/nodejs/node/pull/8364) * **http**: `http.request()` now accepts a `timeout` option. (Rene Weber) [#8101](https://github.com/nodejs/node/pull/8101) * **module**: The module loader now maintains its own realpath cache. (Anna Henningsen) [#8100](https://github.com/nodejs/node/pull/8100) * **npm**: Upgraded to 3.10.8 (Kat Marchán) [#8706](https://github.com/nodejs/node/pull/8706) @@ -3615,9 +3615,9 @@ This is a security release. All Node.js users should consult the security releas Semver Minor: * **openssl**: - - Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) [#8714](https://github.com/nodejs/node/pull/8714) - - Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) [#8786](https://github.com/nodejs/node/pull/8786) - - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) [nodejs/node-private#73](https://github.com/nodejs/node-private/pull/73) + * Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) [#8714](https://github.com/nodejs/node/pull/8714) + * Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) [#8786](https://github.com/nodejs/node/pull/8786) + * Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) [nodejs/node-private#73](https://github.com/nodejs/node-private/pull/73) * **http**: CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) [nodejs/node-private#60](https://github.com/nodejs/node-private/pull/60) Semver Patch: @@ -3660,8 +3660,8 @@ Semver Patch: * **promises**: Unhandled rejections now emit a [process warning](https://nodejs.org/dist/latest-v6.x/docs/api/process.html#process_event_warning) after the first tick. (Benjamin Gruenbaum) [#8223](https://github.com/nodejs/node/pull/8223) * **repl**: Added auto alignment for `.editor` mode. (Prince J Wesley) [#8241](https://github.com/nodejs/node/pull/8241) * **util**: Some functionality has been added to `util.inspect()`: - - Returning `this` from a custom inspect function now works. (Anna Henningsen) [#8174](https://github.com/nodejs/node/pull/8174) - - Added support for Symbol-based custom inspection methods. (Anna Henningsen) [#8174](https://github.com/nodejs/node/pull/8174) + * Returning `this` from a custom inspect function now works. (Anna Henningsen) [#8174](https://github.com/nodejs/node/pull/8174) + * Added support for Symbol-based custom inspection methods. (Anna Henningsen) [#8174](https://github.com/nodejs/node/pull/8174) ### Commits @@ -4164,21 +4164,21 @@ Semver Patch: * **buffer**: Added `buffer.swap64()` to complement `swap16()` & `swap32()`. (Zach Bjornson) [#7157](https://github.com/nodejs/node/pull/7157) * **build**: New `configure` options have been added for building Node.js as a shared library. (Stefan Budeanu) [#6994](https://github.com/nodejs/node/pull/6994) - - The options are: `--shared`, `--without-v8-platform` & `--without-bundled-v8`. + * The options are: `--shared`, `--without-v8-platform` & `--without-bundled-v8`. * **crypto**: Root certificates have been updated. (Ben Noordhuis) [#7363](https://github.com/nodejs/node/pull/7363) * **debugger**: The server address is now configurable via `--debug=
:`. (Ben Noordhuis) [#3316](https://github.com/nodejs/node/pull/3316) * **npm**: Upgraded npm to v3.10.3 (Kat Marchán) [#7515](https://github.com/nodejs/node/pull/7515) & (Rebecca Turner) [#7410](https://github.com/nodejs/node/pull/7410) * **readline**: Added the `prompt` option to the readline constructor. (Evan Lucas) [#7125](https://github.com/nodejs/node/pull/7125) * **repl / vm**: `sigint`/`ctrl+c` will now break out of infinite loops without stopping the Node.js instance. (Anna Henningsen) [#6635](https://github.com/nodejs/node/pull/6635) * **src**: - - Added a `node::FreeEnvironment` public C++ API. (Cheng Zhao) [#3098](https://github.com/nodejs/node/pull/3098) - - Refactored `require('constants')`, constants are now available directly from their respective modules. (James M Snell) [#6534](https://github.com/nodejs/node/pull/6534) + * Added a `node::FreeEnvironment` public C++ API. (Cheng Zhao) [#3098](https://github.com/nodejs/node/pull/3098) + * Refactored `require('constants')`, constants are now available directly from their respective modules. (James M Snell) [#6534](https://github.com/nodejs/node/pull/6534) * **stream**: Improved `readable.read()` performance by up to 70%. (Brian White) [#7077](https://github.com/nodejs/node/pull/7077) * **timers**: `setImmediate()` is now up to 150% faster in some situations. (Andras) [#6436](https://github.com/nodejs/node/pull/6436) * **util**: Added a `breakLength` option to `util.inspect()` to control how objects are formatted across lines. (cjihrig) [#7499](https://github.com/nodejs/node/pull/7499) * **v8-inspector**: Experimental support has been added for debugging Node.js over the inspector protocol. (Ali Ijaz Sheikh) [#6792](https://github.com/nodejs/node/pull/6792) - - **Note: This feature is _experimental_, and it could be altered or removed.** - - You can try this feature by running Node.js with the `--inspect` flag. + * **Note: This feature is _experimental_, and it could be altered or removed.** + * You can try this feature by running Node.js with the `--inspect` flag. ### Commits @@ -4344,8 +4344,8 @@ Semver Patch: ### Notable changes * **http**: - - `req.read(0)` could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) [#7211](https://github.com/nodejs/node/pull/7211) - - When freeing the socket to be reused in keep-alive Agent wait for both prefinish and end events. Otherwise the next request may be written before the previous one has finished sending the body, leading to a parser errors. (Fedor Indutny) [#7149](https://github.com/nodejs/node/pull/7149) + * `req.read(0)` could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) [#7211](https://github.com/nodejs/node/pull/7211) + * When freeing the socket to be reused in keep-alive Agent wait for both prefinish and end events. Otherwise the next request may be written before the previous one has finished sending the body, leading to a parser errors. (Fedor Indutny) [#7149](https://github.com/nodejs/node/pull/7149) * **npm**: upgrade npm to 3.9.5 (Kat Marchán) [#7139](https://github.com/nodejs/node/pull/7139) ### Commits @@ -4421,10 +4421,10 @@ Semver Patch: * **buffer**: Ignore negative lengths in calls to `Buffer()` and `Buffer.allocUnsafe()`. This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or `allocUnsafe()` as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) [#7051](https://github.com/nodejs/node/pull/7051) * **npm**: Upgrade npm to 3.9.3 (Kat Marchán) [#7030](https://github.com/nodejs/node/pull/7030) - - [`npm/npm@42d71be`](https://github.com/npm/npm/commit/42d71be2cec674dd9e860ad414f53184f667620d) [npm/npm#12685](https://github.com/npm/npm/pull/12685) When using `npm ls ` without a semver specifier, `npm ls` would skip any packages in your tree that matched by name, but had a prerelease version in their `package.json`. ([@zkat](https://github.com/zkat)) - - [`npm/npm@f04e05`](https://github.com/npm/npm/commit/df04e05af1f257a1903372e1baf334c0969fbdbd) [npm/npm#10013](https://github.com/npm/npm/issues/10013) `read-package-tree@5.1.4`: Fixes an issue where `npm install` would fail if your `node_modules` was symlinked. ([@iarna](https://github.com/iarna)) - - [`b894413`](https://github.com/npm/npm/commit/b8944139a935680c4a267468bb2d3c3082b5609f) [#12372](https://github.com/npm/npm/issues/12372) Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install` would not get up the updated package. This corrects that. ([@misterbyrne](https://github.com/misterbyrne)) - - This release includes `npm@3.9.0`, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis. + * [`npm/npm@42d71be`](https://github.com/npm/npm/commit/42d71be2cec674dd9e860ad414f53184f667620d) [npm/npm#12685](https://github.com/npm/npm/pull/12685) When using `npm ls ` without a semver specifier, `npm ls` would skip any packages in your tree that matched by name, but had a prerelease version in their `package.json`. ([@zkat](https://github.com/zkat)) + * [`npm/npm@f04e05`](https://github.com/npm/npm/commit/df04e05af1f257a1903372e1baf334c0969fbdbd) [npm/npm#10013](https://github.com/npm/npm/issues/10013) `read-package-tree@5.1.4`: Fixes an issue where `npm install` would fail if your `node_modules` was symlinked. ([@iarna](https://github.com/iarna)) + * [`b894413`](https://github.com/npm/npm/commit/b8944139a935680c4a267468bb2d3c3082b5609f) [#12372](https://github.com/npm/npm/issues/12372) Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install` would not get up the updated package. This corrects that. ([@misterbyrne](https://github.com/misterbyrne)) + * This release includes `npm@3.9.0`, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis. * **tty**: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at . (Jeremiah Senkpiel) [#6895](https://github.com/nodejs/node/pull/6895) * **V8**: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see for details. (Michaël Zasso) [#6928](https://github.com/nodejs/node/pull/6928) @@ -4570,19 +4570,19 @@ Semver Patch: ### Notable changes -- **buffer**: fix lastIndexOf and indexOf in various edge cases (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511) -- **child_process**: use /system/bin/sh on android (Ben Noordhuis) [#6745](https://github.com/nodejs/node/pull/6745) -- **deps**: - - upgrade npm to 3.8.9 (Rebecca Turner) [#6664](https://github.com/nodejs/node/pull/6664) - - upgrade to V8 5.0.71.47 (Ali Ijaz Sheikh) [#6572](https://github.com/nodejs/node/pull/6572) - - upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) [#6796](https://github.com/nodejs/node/pull/6796) - - Intl: ICU 57 bump (Steven R. Loomis) [#6088](https://github.com/nodejs/node/pull/6088) -- **repl**: - - copying tabs shouldn't trigger completion (Eugene Obrezkov) [#5958](https://github.com/nodejs/node/pull/5958) - - exports `Recoverable` (Blake Embrey) [#3488](https://github.com/nodejs/node/pull/3488) -- **src**: add O_NOATIME constant (Rich Trott) [#6492](https://github.com/nodejs/node/pull/6492) -- **src,module**: add --preserve-symlinks command line flag (James M Snell) [#6537](https://github.com/nodejs/node/pull/6537) -- **util**: adhere to `noDeprecation` set at runtime (Anna Henningsen) [#6683](https://github.com/nodejs/node/pull/6683) +* **buffer**: fix lastIndexOf and indexOf in various edge cases (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511) +* **child_process**: use /system/bin/sh on android (Ben Noordhuis) [#6745](https://github.com/nodejs/node/pull/6745) +* **deps**: + * upgrade npm to 3.8.9 (Rebecca Turner) [#6664](https://github.com/nodejs/node/pull/6664) + * upgrade to V8 5.0.71.47 (Ali Ijaz Sheikh) [#6572](https://github.com/nodejs/node/pull/6572) + * upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) [#6796](https://github.com/nodejs/node/pull/6796) + * Intl: ICU 57 bump (Steven R. Loomis) [#6088](https://github.com/nodejs/node/pull/6088) +* **repl**: + * copying tabs shouldn't trigger completion (Eugene Obrezkov) [#5958](https://github.com/nodejs/node/pull/5958) + * exports `Recoverable` (Blake Embrey) [#3488](https://github.com/nodejs/node/pull/3488) +* **src**: add O_NOATIME constant (Rich Trott) [#6492](https://github.com/nodejs/node/pull/6492) +* **src,module**: add --preserve-symlinks command line flag (James M Snell) [#6537](https://github.com/nodejs/node/pull/6537) +* **util**: adhere to `noDeprecation` set at runtime (Anna Henningsen) [#6683](https://github.com/nodejs/node/pull/6683) As of this release the 6.X line now includes 64-bit binaries for Linux on Power Systems running in big endian mode in addition to the existing 64-bit binaries for running in little endian mode. @@ -4719,16 +4719,16 @@ running in big endian mode in addition to the existing 64-bit binaries for runni * **assert**: `deep{Strict}Equal()` now works correctly with circular references. (Rich Trott) [#6432](https://github.com/nodejs/node/pull/6432) * **debugger**: Arrays are now formatted correctly in the debugger repl. (cjihrig) [#6448](https://github.com/nodejs/node/pull/6448) * **deps**: Upgrade OpenSSL sources to 1.0.2h (Shigeki Ohtsu) [#6550](https://github.com/nodejs/node/pull/6550) - - Please see our [blog post](https://nodejs.org/en/blog/vulnerability/openssl-may-2016/) for more info on the security contents of this release. + * Please see our [blog post](https://nodejs.org/en/blog/vulnerability/openssl-may-2016/) for more info on the security contents of this release. * **net**: Introduced a `Socket#connecting` property. (Fedor Indutny) [#6404](https://github.com/nodejs/node/pull/6404) - - Previously this information was only available as the undocumented, internal `_connecting` property. + * Previously this information was only available as the undocumented, internal `_connecting` property. * **process**: Introduced `process.cpuUsage()`. (Patrick Mueller) [#6157](https://github.com/nodejs/node/pull/6157) * **stream**: `Writable#setDefaultEncoding()` now returns `this`. (Alexander Makarenko) [#5040](https://github.com/nodejs/node/pull/5040) * **util**: Two new additions to `util.inspect()`: - - Added a `maxArrayLength` option to truncate the formatting of Arrays. (James M Snell) [#6334](https://github.com/nodejs/node/pull/6334) - - This is set to `100` by default. - - Added a `showProxy` option for formatting proxy intercepting handlers. (James M Snell) [#6465](https://github.com/nodejs/node/pull/6465) - - Inspecting proxies is non-trivial and as such this is off by default. + * Added a `maxArrayLength` option to truncate the formatting of Arrays. (James M Snell) [#6334](https://github.com/nodejs/node/pull/6334) + * This is set to `100` by default. + * Added a `showProxy` option for formatting proxy intercepting handlers. (James M Snell) [#6465](https://github.com/nodejs/node/pull/6465) + * Inspecting proxies is non-trivial and as such this is off by default. ### Commits diff --git a/doc/changelogs/CHANGELOG_V7.md b/doc/changelogs/CHANGELOG_V7.md index 1a0b9893690613..3ce23bf6fa0fe4 100644 --- a/doc/changelogs/CHANGELOG_V7.md +++ b/doc/changelogs/CHANGELOG_V7.md @@ -55,13 +55,13 @@ for details on patched vulnerabilities. ### Notable changes * **build**: - - Disable V8 snapshots - The hashseed embedded in the snapshot is + * Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh) * **deps**: - - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), + * CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that @@ -344,14 +344,14 @@ for details on patched vulnerabilities. ### Notable Changes * **buffer**: - - do not segfault on out-of-range index (Timothy Gu) [#11927](https://github.com/nodejs/node/pull/11927) + * do not segfault on out-of-range index (Timothy Gu) [#11927](https://github.com/nodejs/node/pull/11927) * **crypto**: - - Fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089) + * Fix memory leak if certificate is revoked (Tom Atkinson) [#12089](https://github.com/nodejs/node/pull/12089) * **deps**: * upgrade npm to 4.2.0 (Kat Marchán) [#11389](https://github.com/nodejs/node/pull/11389) * fix async await desugaring in V8 (Michaël Zasso) [#12004](https://github.com/nodejs/node/pull/12004) * **readline**: - - add option to stop duplicates in history (Danny Nemer) [#2982](https://github.com/nodejs/node/pull/2982) + * add option to stop duplicates in history (Danny Nemer) [#2982](https://github.com/nodejs/node/pull/2982) ### Commits @@ -1240,8 +1240,8 @@ users is "low". Details on this determination can be found ### Notable changes * **buffer**: - - Improve performance of Buffer allocation by ~11%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443) - - Improve performance of Buffer.from() by ~50%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443) + * Improve performance of Buffer allocation by ~11%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443) + * Improve performance of Buffer.from() by ~50%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443) * **events**: Improve performance of `EventEmitter.once()` by ~27%. (Brian White) [#10445](https://github.com/nodejs/node/pull/10445) * **fs**: Allow passing Uint8Array to fs methods where Buffers are supported. (Anna Henningsen) [#10382](https://github.com/nodejs/node/pull/10382) * **http**: Improve performance of http server by ~7%. (Brian White) [#6533](https://github.com/nodejs/node/pull/6533) @@ -1400,18 +1400,18 @@ Thank you to @italoacasas for preparing the majority of this release. ### Notable changes * **buffer**: - - buffer.fill() now works properly for the UCS2 encoding on Big-Endian machines. (Anna Henningsen) [#9837](https://github.com/nodejs/node/pull/9837) + * buffer.fill() now works properly for the UCS2 encoding on Big-Endian machines. (Anna Henningsen) [#9837](https://github.com/nodejs/node/pull/9837) * **cluster**: - - disconnect() now returns a reference to the disconnected worker. (Sean Villars) [#10019](https://github.com/nodejs/node/pull/10019) + * disconnect() now returns a reference to the disconnected worker. (Sean Villars) [#10019](https://github.com/nodejs/node/pull/10019) * **crypto**: - - The built-in list of Well-Known CAs (Certificate Authorities) can now be extended via a NODE_EXTRA_CA_CERTS environment variable. (Sam Roberts) [#9139](https://github.com/nodejs/node/pull/9139) + * The built-in list of Well-Known CAs (Certificate Authorities) can now be extended via a NODE_EXTRA_CA_CERTS environment variable. (Sam Roberts) [#9139](https://github.com/nodejs/node/pull/9139) * **http**: - - Remove stale timeout listeners in order to prevent a memory leak when using keep alive. (Karl Böhlmark) [#9440](https://github.com/nodejs/node/pull/9440) + * Remove stale timeout listeners in order to prevent a memory leak when using keep alive. (Karl Böhlmark) [#9440](https://github.com/nodejs/node/pull/9440) * **tls**: - - Allow obvious key/passphrase combinations. (Sam Roberts) [#10294](https://github.com/nodejs/node/pull/10294) + * Allow obvious key/passphrase combinations. (Sam Roberts) [#10294](https://github.com/nodejs/node/pull/10294) * **url**: - - Including base argument in URL.originFor() to meet specification compliance. (joyeecheung) [#10021](https://github.com/nodejs/node/pull/10021) - - Improve URLSearchParams to meet specification compliance. (Timothy Gu) [#9484](https://github.com/nodejs/node/pull/9484) + * Including base argument in URL.originFor() to meet specification compliance. (joyeecheung) [#10021](https://github.com/nodejs/node/pull/10021) + * Improve URLSearchParams to meet specification compliance. (Timothy Gu) [#9484](https://github.com/nodejs/node/pull/9484) ### Commits @@ -1550,8 +1550,8 @@ Thank you to @italoacasas for preparing the majority of this release. ### Notable changes * **buffer**: - - Reverted the runtime deprecation of calling `Buffer()` without `new`. (Anna Henningsen) [#9529](https://github.com/nodejs/node/pull/9529) - - Fixed `buffer.transcode()` for single-byte character + * Reverted the runtime deprecation of calling `Buffer()` without `new`. (Anna Henningsen) [#9529](https://github.com/nodejs/node/pull/9529) + * Fixed `buffer.transcode()` for single-byte character encodings to `UCS2`. (Anna Henningsen) [#9838](https://github.com/nodejs/node/pull/9838) * **promise**: `--trace-warnings` now produces useful stacktraces for Promise warnings. (Anna Henningsen) [#9525](https://github.com/nodejs/node/pull/9525) * **repl**: Fixed a bug preventing correct parsing of generator functions. (Teddy Katz) [#9852](https://github.com/nodejs/node/pull/9852) @@ -1763,7 +1763,7 @@ _This is a security release impacting Windows 10 users._ * **crypto**: The `Decipher` methods `setAuthTag()` and `setAAD` now return `this`. (Kirill Fomichev) [#9398](https://github.com/nodejs/node/pull/9398) * **dns**: Implemented `{ttl: true}` for `resolve4()` and `resolve6()`. (Ben Noordhuis) [#9296](https://github.com/nodejs/node/pull/9296) * **libuv**: Upgrade to v1.10.1 (cjihrig) [#9647](https://github.com/nodejs/node/pull/9647) - - Fixed a potential buffer overflow when writing data to console on Windows 10. (CVE-2016-9551) + * Fixed a potential buffer overflow when writing data to console on Windows 10. (CVE-2016-9551) * **process**: Added a new `external` property to the data returned by `memoryUsage()`. (Fedor Indutny) [#9587](https://github.com/nodejs/node/pull/9587) * **tls**: Fixed a memory leak when writes were queued on TLS connection that was destroyed during handshake. (Fedor Indutny) [#9626](https://github.com/nodejs/node/pull/9626) * **V8 (dep)**: Upgrade to v5.4.500.43 (Michaël Zasso) [#9697](https://github.com/nodejs/node/pull/9697) diff --git a/doc/changelogs/CHANGELOG_V8.md b/doc/changelogs/CHANGELOG_V8.md index c281b619fff880..86528eb0d463ca 100644 --- a/doc/changelogs/CHANGELOG_V8.md +++ b/doc/changelogs/CHANGELOG_V8.md @@ -118,8 +118,8 @@ Vulnerabilities fixed: ### Notable Changes * **n-api**: - - add API for asynchronous functions (Gabriel Schulhof) [#17887](https://github.com/nodejs/node/pull/17887) - - mark thread-safe function as stable (Gabriel Schulhof) [#25556](https://github.com/nodejs/node/pull/25556) + * add API for asynchronous functions (Gabriel Schulhof) [#17887](https://github.com/nodejs/node/pull/17887) + * mark thread-safe function as stable (Gabriel Schulhof) [#25556](https://github.com/nodejs/node/pull/25556) ### Commits @@ -196,9 +196,9 @@ a missing CLI flag to adjust the max header size of the http parser. ### Notable Changes * **cli**: - - add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811) + * add --max-http-header-size flag (cjihrig) [#24811](https://github.com/nodejs/node/pull/24811) * **http**: - - add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860) + * add maxHeaderSize property (cjihrig) [#24860](https://github.com/nodejs/node/pull/24860) ### Commits @@ -215,9 +215,9 @@ a missing CLI flag to adjust the max header size of the http parser. ### Notable changes * **assert**: - - revert breaking change (Ruben Bridgewater) [#24786](https://github.com/nodejs/node/pull/24786) + * revert breaking change (Ruben Bridgewater) [#24786](https://github.com/nodejs/node/pull/24786) * **http2**: - - fix sequence of error/close events (Gerhard Stoebich) [#24789](https://github.com/nodejs/node/pull/24789) + * fix sequence of error/close events (Gerhard Stoebich) [#24789](https://github.com/nodejs/node/pull/24789) ### Commits @@ -356,14 +356,14 @@ Fixes for the following CVEs are included in this release: ### Notable changes * **assert**: - - backport some assert commits (Ruben Bridgewater) [#23223](https://github.com/nodejs/node/pull/23223) + * backport some assert commits (Ruben Bridgewater) [#23223](https://github.com/nodejs/node/pull/23223) * **deps**: - - upgrade to libuv 1.23.2 (cjihrig) [#23336](https://github.com/nodejs/node/pull/23336) - - V8: cherry-pick 64-bit hash seed commits (Yang Guo) [#23274](https://github.com/nodejs/node/pull/23274) + * upgrade to libuv 1.23.2 (cjihrig) [#23336](https://github.com/nodejs/node/pull/23336) + * V8: cherry-pick 64-bit hash seed commits (Yang Guo) [#23274](https://github.com/nodejs/node/pull/23274) * **http**: - - added aborted property to request (Robert Nagy) [#20094](https://github.com/nodejs/node/pull/20094) + * added aborted property to request (Robert Nagy) [#20094](https://github.com/nodejs/node/pull/20094) * **http2**: - - graduate from experimental (James M Snell) [#22466](https://github.com/nodejs/node/pull/22466) + * graduate from experimental (James M Snell) [#22466](https://github.com/nodejs/node/pull/22466) ### Commits @@ -502,39 +502,39 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **async_hooks**: - - rename PromiseWrap.parentId (Ali Ijaz Sheikh) [#18633](https://github.com/nodejs/node/pull/18633) - - remove runtime deprecation (Ali Ijaz Sheikh) [#19517](https://github.com/nodejs/node/pull/19517) - - deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) [#18513](https://github.com/nodejs/node/pull/18513) + * rename PromiseWrap.parentId (Ali Ijaz Sheikh) [#18633](https://github.com/nodejs/node/pull/18633) + * remove runtime deprecation (Ali Ijaz Sheikh) [#19517](https://github.com/nodejs/node/pull/19517) + * deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) [#18513](https://github.com/nodejs/node/pull/18513) * **cluster**: - - add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399) - - support windowsHide option for workers (Todd Wong) [#17412](https://github.com/nodejs/node/pull/17412) + * add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399) + * support windowsHide option for workers (Todd Wong) [#17412](https://github.com/nodejs/node/pull/17412) * **crypto**: - - allow passing null as IV unless required (Tobias Nießen) [#18644](https://github.com/nodejs/node/pull/18644) + * allow passing null as IV unless required (Tobias Nießen) [#18644](https://github.com/nodejs/node/pull/18644) * **deps**: - - upgrade npm to 6.4.1 (Kat Marchán) [#22591](https://github.com/nodejs/node/pull/22591) - - upgrade libuv to 1.19.2 (cjihrig) [#18918](https://github.com/nodejs/node/pull/18918) - - Upgrade node-inspect to 1.11.5 (Jan Krems) [#21055](https://github.com/nodejs/node/pull/21055) + * upgrade npm to 6.4.1 (Kat Marchán) [#22591](https://github.com/nodejs/node/pull/22591) + * upgrade libuv to 1.19.2 (cjihrig) [#18918](https://github.com/nodejs/node/pull/18918) + * Upgrade node-inspect to 1.11.5 (Jan Krems) [#21055](https://github.com/nodejs/node/pull/21055) * **fs,net**: - - support as and as+ flags in stringToFlags() (Sarat Addepalli) [#18801](https://github.com/nodejs/node/pull/18801) - - emit 'ready' for fs streams and sockets (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408) + * support as and as+ flags in stringToFlags() (Sarat Addepalli) [#18801](https://github.com/nodejs/node/pull/18801) + * emit 'ready' for fs streams and sockets (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408) * **http, http2**: - - add options to http.createServer() (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)- - - add 103 Early Hints status code (Yosuke Furukawa) [#16644](https://github.com/nodejs/node/pull/16644) - - add http fallback options to .createServer (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752) + * add options to http.createServer() (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752)- + * add 103 Early Hints status code (Yosuke Furukawa) [#16644](https://github.com/nodejs/node/pull/16644) + * add http fallback options to .createServer (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752) * **n-api**: - - take n-api out of experimental (Michael Dawson) [#19262](https://github.com/nodejs/node/pull/19262) + * take n-api out of experimental (Michael Dawson) [#19262](https://github.com/nodejs/node/pull/19262) * **perf_hooks**: - - add warning when too many entries in the timeline (James M Snell) [#18087](https://github.com/nodejs/node/pull/18087) + * add warning when too many entries in the timeline (James M Snell) [#18087](https://github.com/nodejs/node/pull/18087) * **src**: - - add public API for managing NodePlatform (Cheng Zhao) [#16981](https://github.com/nodejs/node/pull/16981) - - allow --perf-(basic-)?prof in NODE\_OPTIONS (Leko) [#17600](https://github.com/nodejs/node/pull/17600) - - node internals' postmortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901) + * add public API for managing NodePlatform (Cheng Zhao) [#16981](https://github.com/nodejs/node/pull/16981) + * allow --perf-(basic-)?prof in NODE\_OPTIONS (Leko) [#17600](https://github.com/nodejs/node/pull/17600) + * node internals' postmortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901) * **tls**: - - expose Finished messages in TLSSocket (Anton Salikhmetov) [#19102](https://github.com/nodejs/node/pull/19102) + * expose Finished messages in TLSSocket (Anton Salikhmetov) [#19102](https://github.com/nodejs/node/pull/19102) * **trace_events**: - - add file pattern cli option (Andreas Madsen) [#18480](https://github.com/nodejs/node/pull/18480) + * add file pattern cli option (Andreas Madsen) [#18480](https://github.com/nodejs/node/pull/18480) * **util**: - - implement util.getSystemErrorName() (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186) + * implement util.getSystemErrorName() (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186) ### Commits @@ -877,12 +877,12 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **deps**: - - update node-inspect to 1.11.3 (Jan Krems) [#18354](https://github.com/nodejs/node/pull/18354) - - update nghttp2 to 1.29.0 (James M Snell) [#17908](https://github.com/nodejs/node/pull/17908) + * update node-inspect to 1.11.3 (Jan Krems) [#18354](https://github.com/nodejs/node/pull/18354) + * update nghttp2 to 1.29.0 (James M Snell) [#17908](https://github.com/nodejs/node/pull/17908) * **http2**: - - Sync with current release stream + * Sync with current release stream * **n-api**: - - Sync with current release stream + * Sync with current release stream ### Commits @@ -1822,10 +1822,10 @@ Fixes for the following CVEs are included in this release: ### Notable Changes -- **console**: - - avoid adding infinite error listeners (Matteo Collina) [#16770](https://github.com/nodejs/node/pull/16770) -- **http2**: - - improve errors thrown in header validation (Joyee Cheung) [#16718](https://github.com/nodejs/node/pull/16718) +* **console**: + * avoid adding infinite error listeners (Matteo Collina) [#16770](https://github.com/nodejs/node/pull/16770) +* **http2**: + * improve errors thrown in header validation (Joyee Cheung) [#16718](https://github.com/nodejs/node/pull/16718) ### Commits @@ -1943,10 +1943,10 @@ Fixes for the following CVEs are included in this release: ### Notable Changes -- **openssl**: - - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691) -- ***Revert*** "**https**: - - refactor to use http internals" (Myles Borins) [#16660](https://github.com/nodejs/node/pull/16660) +* **openssl**: + * upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://github.com/nodejs/node/pull/16691) +* ***Revert*** "**https**: + * refactor to use http internals" (Myles Borins) [#16660](https://github.com/nodejs/node/pull/16660) ### Commits @@ -1972,15 +1972,15 @@ This release marks the transition of Node.js v8 into Long Term Support (LTS) wit ### Notable Changes * **doc**: - - add Gibson Fahnestock to Release team (Gibson Fahnestock) [#16620](https://github.com/nodejs/node/pull/16620) + * add Gibson Fahnestock to Release team (Gibson Fahnestock) [#16620](https://github.com/nodejs/node/pull/16620) * **deps**: - - update npm to 5.5.1 (Myles Borins) [#16509](https://github.com/nodejs/node/pull/16509) + * update npm to 5.5.1 (Myles Borins) [#16509](https://github.com/nodejs/node/pull/16509) * **http2**: - - The exposed http2 socket is no longer manipulatable (Anatoli Papirovski) [#16330](https://github.com/nodejs/node/pull/16330) + * The exposed http2 socket is no longer manipulatable (Anatoli Papirovski) [#16330](https://github.com/nodejs/node/pull/16330) * **module**: - - support custom paths to require.resolve() (cjihrig) [#16397](https://github.com/nodejs/node/pull/16397) + * support custom paths to require.resolve() (cjihrig) [#16397](https://github.com/nodejs/node/pull/16397) * **util**: - - util.TextEncoder and util.TextDecoder are no longer experimental. There will no longer be a warning when they are used (James M Snell) [#15743](https://github.com/nodejs/node/pull/15743) + * util.TextEncoder and util.TextDecoder are no longer experimental. There will no longer be a warning when they are used (James M Snell) [#15743](https://github.com/nodejs/node/pull/15743) ### Commits @@ -2086,7 +2086,7 @@ This release marks the transition of Node.js v8 into Long Term Support (LTS) wit ### Notable Changes * **net**: - - Fix timeout with null handle issue. This is a regression in Node 8.8.0 [#16489](https://github.com/nodejs/node/pull/16489) + * Fix timeout with null handle issue. This is a regression in Node 8.8.0 [#16489](https://github.com/nodejs/node/pull/16489) ### Commits @@ -2110,15 +2110,15 @@ This release marks the transition of Node.js v8 into Long Term Support (LTS) wit ### Notable Changes * **crypto**: - - expose ECDH class [#8188](https://github.com/nodejs/node/pull/8188) + * expose ECDH class [#8188](https://github.com/nodejs/node/pull/8188) * **http2**: - - http2 is now exposed by default without the need for a flag [#15685](https://github.com/nodejs/node/pull/15685) - - a new environment variable NODE\_NO\_HTTP2 has been added to allow userland http2 to be required [#15685](https://github.com/nodejs/node/pull/15685) - - support has been added for generic `Duplex` streams [#16269](https://github.com/nodejs/node/pull/16269) + * http2 is now exposed by default without the need for a flag [#15685](https://github.com/nodejs/node/pull/15685) + * a new environment variable NODE\_NO\_HTTP2 has been added to allow userland http2 to be required [#15685](https://github.com/nodejs/node/pull/15685) + * support has been added for generic `Duplex` streams [#16269](https://github.com/nodejs/node/pull/16269) * **module**: - - resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle [#15445](https://github.com/nodejs/node/pull/15445) + * resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle [#15445](https://github.com/nodejs/node/pull/15445) * **zlib**: - - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95) + * CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://github.com/nodejs-private/node-private/pull/95) ### Commits @@ -3474,10 +3474,10 @@ Big thanks to @addaleax who prepared the vast majority of this release. [[`dc3f6b9ac1`](https://github.com/nodejs/node/commit/dc3f6b9ac1)] [#14235](https://github.com/nodejs/node/pull/14235) * `npm` Changelogs: - - [v5.0.4](https://github.com/npm/npm/releases/tag/v5.0.4) - - [v5.1.0](https://github.com/npm/npm/releases/tag/v5.1.0) - - [v5.2.0](https://github.com/npm/npm/releases/tag/v5.2.0) - - [v5.3.0](https://github.com/npm/npm/releases/tag/v5.3.0) + * [v5.0.4](https://github.com/npm/npm/releases/tag/v5.0.4) + * [v5.1.0](https://github.com/npm/npm/releases/tag/v5.1.0) + * [v5.2.0](https://github.com/npm/npm/releases/tag/v5.2.0) + * [v5.3.0](https://github.com/npm/npm/releases/tag/v5.3.0) ### Commits @@ -3737,9 +3737,9 @@ This is a security release. All Node.js users should consult the security releas ### Notable changes * **build**: - - Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh) + * Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh) * **deps**: - - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale) + * CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale) ### Commits diff --git a/doc/changelogs/CHANGELOG_V9.md b/doc/changelogs/CHANGELOG_V9.md index c2b7b2b33a67ea..cf6a3c40ecf67f 100644 --- a/doc/changelogs/CHANGELOG_V9.md +++ b/doc/changelogs/CHANGELOG_V9.md @@ -84,16 +84,16 @@ The patch release is to ensure that all binaries and installers work as expected ### Notable Changes * **deps**: - - Updated ICU to 61.1 (Steven R. Loomis) [#19621](https://github.com/nodejs/node/pull/19621) + * Updated ICU to 61.1 (Steven R. Loomis) [#19621](https://github.com/nodejs/node/pull/19621) Includes CLDR 33 (many new languages and data improvements). * **fs**: - - Emit 'ready' event for `ReadStream` and `WriteStream` (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408) + * Emit 'ready' event for `ReadStream` and `WriteStream` (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408) * **n-api**: - - Bump version of n-api supported (Michael Dawson) [#19497](https://github.com/nodejs/node/pull/19497) + * Bump version of n-api supported (Michael Dawson) [#19497](https://github.com/nodejs/node/pull/19497) * **net**: - - Emit 'ready' event for `Socket` (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408) + * Emit 'ready' event for `Socket` (Sameer Srivastava) [#19408](https://github.com/nodejs/node/pull/19408) * **Added new collaborators** - - [mafintosh](https://github.com/mafintosh) Mathias Buus + * [mafintosh](https://github.com/mafintosh) Mathias Buus ### Commits @@ -215,17 +215,17 @@ Fixes for the following CVEs are included in this release: * **Update root certificates**: 5 additional root certificates have been added to the Node.js binary and 30 have been removed. * **cluster**: - - Add support for `NODE_OPTIONS="--inspect"` (Sameer Srivastava) [#19165](https://github.com/nodejs/node/pull/19165) + * Add support for `NODE_OPTIONS="--inspect"` (Sameer Srivastava) [#19165](https://github.com/nodejs/node/pull/19165) * **crypto**: - - Expose the public key of a certificate (Hannes Magnusson) [#17690](https://github.com/nodejs/node/pull/17690) + * Expose the public key of a certificate (Hannes Magnusson) [#17690](https://github.com/nodejs/node/pull/17690) * **n-api**: - - Add `napi_fatal_exception` to trigger an `uncaughtException` in JavaScript (Mathias Buus) [#19337](https://github.com/nodejs/node/pull/19337) + * Add `napi_fatal_exception` to trigger an `uncaughtException` in JavaScript (Mathias Buus) [#19337](https://github.com/nodejs/node/pull/19337) * **path**: - - Fix regression in `posix.normalize` (Michaël Zasso) [#19520](https://github.com/nodejs/node/pull/19520) + * Fix regression in `posix.normalize` (Michaël Zasso) [#19520](https://github.com/nodejs/node/pull/19520) * **stream**: - - Improve stream creation performance (Brian White) [#19401](https://github.com/nodejs/node/pull/19401) + * Improve stream creation performance (Brian White) [#19401](https://github.com/nodejs/node/pull/19401) * **Added new collaborators** - - [BethGriggs](https://github.com/BethGriggs) Beth Griggs + * [BethGriggs](https://github.com/BethGriggs) Beth Griggs ### Commits @@ -321,20 +321,20 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **assert**: - - From now on all error messages produced by `assert` in strict mode will produce a error diff. (Ruben Bridgewater) [#17615](https://github.com/nodejs/node/pull/17615) - - From now on it is possible to use a validation object in throws instead of the other possibilities. (Ruben Bridgewater) [#17584](https://github.com/nodejs/node/pull/17584) + * From now on all error messages produced by `assert` in strict mode will produce a error diff. (Ruben Bridgewater) [#17615](https://github.com/nodejs/node/pull/17615) + * From now on it is possible to use a validation object in throws instead of the other possibilities. (Ruben Bridgewater) [#17584](https://github.com/nodejs/node/pull/17584) * **crypto**: - - allow passing null as IV unless required (Tobias Nießen) [#18644](https://github.com/nodejs/node/pull/18644) + * allow passing null as IV unless required (Tobias Nießen) [#18644](https://github.com/nodejs/node/pull/18644) * **fs**: - - support as and as+ flags in stringToFlags() (Sarat Addepalli) [#18801](https://github.com/nodejs/node/pull/18801) + * support as and as+ flags in stringToFlags() (Sarat Addepalli) [#18801](https://github.com/nodejs/node/pull/18801) * **tls**: - - expose Finished messages in TLSSocket (Anton Salikhmetov) [#19102](https://github.com/nodejs/node/pull/19102) + * expose Finished messages in TLSSocket (Anton Salikhmetov) [#19102](https://github.com/nodejs/node/pull/19102) * **tty**: - - Add getColorDepth function to determine if terminal supports colors. (Ruben Bridgewater) [#17615](https://github.com/nodejs/node/pull/17615) + * Add getColorDepth function to determine if terminal supports colors. (Ruben Bridgewater) [#17615](https://github.com/nodejs/node/pull/17615) * **util**: - - add util.inspect compact option (Ruben Bridgewater) [#17576](https://github.com/nodejs/node/pull/17576) + * add util.inspect compact option (Ruben Bridgewater) [#17576](https://github.com/nodejs/node/pull/17576) * **Added new collaborators** - - [watson](https://github.com/watson) Thomas Watson + * [watson](https://github.com/watson) Thomas Watson ### Commits @@ -479,17 +479,17 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **crypto**: - - add cert.fingerprint256 as SHA256 fingerprint (Hannes Magnusson) [#17690](https://github.com/nodejs/node/pull/17690) + * add cert.fingerprint256 as SHA256 fingerprint (Hannes Magnusson) [#17690](https://github.com/nodejs/node/pull/17690) * **http2**: - - Fixed issues with aborted connections in the HTTP/2 implementation (Anna Henningsen) [#18987](https://github.com/nodejs/node/pull/18987) [#19002](https://github.com/nodejs/node/pull/19002) + * Fixed issues with aborted connections in the HTTP/2 implementation (Anna Henningsen) [#18987](https://github.com/nodejs/node/pull/18987) [#19002](https://github.com/nodejs/node/pull/19002) * **loader**: - - --inspect-brk now works properly for esmodules (Gus Caplan) [#18949](https://github.com/nodejs/node/pull/18949) + * --inspect-brk now works properly for esmodules (Gus Caplan) [#18949](https://github.com/nodejs/node/pull/18949) * **src**: - - make process.dlopen() load well-known symbol (Ben Noordhuis) [#18934](https://github.com/nodejs/node/pull/18934) + * make process.dlopen() load well-known symbol (Ben Noordhuis) [#18934](https://github.com/nodejs/node/pull/18934) * **trace_events**: - - add file pattern cli option (Andreas Madsen) [#18480](https://github.com/nodejs/node/pull/18480) + * add file pattern cli option (Andreas Madsen) [#18480](https://github.com/nodejs/node/pull/18480) * **Added new collaborators** - - [MoonBall](https://github.com/MoonBall) Chen Gang + * [MoonBall](https://github.com/MoonBall) Chen Gang ### Commits @@ -577,16 +577,16 @@ No additional commits. New version published due to a bad node-v9.7.0.pkg file t ### Notable Changes * **libuv**: - - Updated to libuv 1.19.2 (Colin Ihrig) [#18918](https://github.com/nodejs/node/pull/18918) + * Updated to libuv 1.19.2 (Colin Ihrig) [#18918](https://github.com/nodejs/node/pull/18918) * **src**: - - Add initial support for Node.js-specific post-mortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901) + * Add initial support for Node.js-specific post-mortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901) * **timers**: - - The return value of `setImmediate()` now has `ref()` and `unref()` methods (Anatoli Papirovski) [#18139](https://github.com/nodejs/node/pull/18139) + * The return value of `setImmediate()` now has `ref()` and `unref()` methods (Anatoli Papirovski) [#18139](https://github.com/nodejs/node/pull/18139) * **util**: - - It is now possible to get the name for a numerical platform-specific error code as a string (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186) + * It is now possible to get the name for a numerical platform-specific error code as a string (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186) ### Commits @@ -666,7 +666,7 @@ This is a special release to fix potentially Semver-Major regression that was re ### Notable Changes * **events**: - - `events.usingDomains` being set to `false` by default was removed in 9.6.0 which was a change in behavior compares to 9.5.0. This behavior change has been reverted and the `events` object now has `usingDomains` preset to `false`, which is the behavior in 9.x prior to 9.6.0 (Myles Borins) [#18944](https://github.com/nodejs/node/pull/18944) + * `events.usingDomains` being set to `false` by default was removed in 9.6.0 which was a change in behavior compares to 9.5.0. This behavior change has been reverted and the `events` object now has `usingDomains` preset to `false`, which is the behavior in 9.x prior to 9.6.0 (Myles Borins) [#18944](https://github.com/nodejs/node/pull/18944) ### Commits @@ -678,31 +678,31 @@ This is a special release to fix potentially Semver-Major regression that was re ### Notable Changes * **async_hooks**: - - deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) [#18513](https://github.com/nodejs/node/pull/18513) - - rename PromiseWrap.parentId to PromiseWrap.isChainedPromise (Ali Ijaz Sheikh) [#18633](https://github.com/nodejs/node/pull/18633) + * deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) [#18513](https://github.com/nodejs/node/pull/18513) + * rename PromiseWrap.parentId to PromiseWrap.isChainedPromise (Ali Ijaz Sheikh) [#18633](https://github.com/nodejs/node/pull/18633) * **deps**: - - update node-inspect to 1.11.3 (Jan Krems) [#18354](https://github.com/nodejs/node/pull/18354) - - ICU 60.2 bump (Steven R. Loomis) [#17687](https://github.com/nodejs/node/pull/17687) - - Introduce ScriptOrModule and HostDefinedOptions to V8 (Jan Krems) [#16889](https://github.com/nodejs/node/pull/16889) + * update node-inspect to 1.11.3 (Jan Krems) [#18354](https://github.com/nodejs/node/pull/18354) + * ICU 60.2 bump (Steven R. Loomis) [#17687](https://github.com/nodejs/node/pull/17687) + * Introduce ScriptOrModule and HostDefinedOptions to V8 (Jan Krems) [#16889](https://github.com/nodejs/node/pull/16889) * **http**: - - add options to http.createServer() for `IncomingMessage` and `ServerReponse` (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752) + * add options to http.createServer() for `IncomingMessage` and `ServerReponse` (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752) * **http2**: - - add http fallback options to .createServer (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752) + * add http fallback options to .createServer (Peter Marton) [#15752](https://github.com/nodejs/node/pull/15752) * **https**: - - Adds the remaining options from tls.createSecureContext() to the string generated by Agent#getName(). This allows https.request() to accept the options and generate unique sockets appropriately. (Jeff Principe) [#16402](https://github.com/nodejs/node/pull/16402) + * Adds the remaining options from tls.createSecureContext() to the string generated by Agent#getName(). This allows https.request() to accept the options and generate unique sockets appropriately. (Jeff Principe) [#16402](https://github.com/nodejs/node/pull/16402) * **inspector**: - - --inspect-brk for es modules (Guy Bedford) [#18194](https://github.com/nodejs/node/pull/18194) + * --inspect-brk for es modules (Guy Bedford) [#18194](https://github.com/nodejs/node/pull/18194) * **lib**: - - allow process kill by signal number (Sam Roberts) [#16944](https://github.com/nodejs/node/pull/16944) + * allow process kill by signal number (Sam Roberts) [#16944](https://github.com/nodejs/node/pull/16944) * **module**: - - enable dynamic import (Myles Borins) [#18387](https://github.com/nodejs/node/pull/18387) - - dynamic import is now supported (Jan Krems) [#15713](https://github.com/nodejs/node/pull/15713) + * enable dynamic import (Myles Borins) [#18387](https://github.com/nodejs/node/pull/18387) + * dynamic import is now supported (Jan Krems) [#15713](https://github.com/nodejs/node/pull/15713) * **n-api**: - - add methods to open/close callback scope (Michael Dawson) [#18089](https://github.com/nodejs/node/pull/18089) + * add methods to open/close callback scope (Michael Dawson) [#18089](https://github.com/nodejs/node/pull/18089) * **src**: - - allow --perf-(basic-)?prof in NODE_OPTIONS (Leko) [#17600](https://github.com/nodejs/node/pull/17600) + * allow --perf-(basic-)?prof in NODE_OPTIONS (Leko) [#17600](https://github.com/nodejs/node/pull/17600) * **vm**: - - add support for es modules (Gus Caplan) [#17560](https://github.com/nodejs/node/pull/17560) + * add support for es modules (Gus Caplan) [#17560](https://github.com/nodejs/node/pull/17560) ### Commits @@ -918,18 +918,18 @@ This is a special release to fix potentially Semver-Major regression that was re ### Notable Changes * **cluster** - - add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399) + * add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399) * **deps** - - upgrade libuv to 1.19.1 (cjihrig) [#18260](https://github.com/nodejs/node/pull/18260) + * upgrade libuv to 1.19.1 (cjihrig) [#18260](https://github.com/nodejs/node/pull/18260) * **meta** - - add Leko to collaborators (Leko) [#18117](https://github.com/nodejs/node/pull/18117) - - add vdeturckheim as collaborator (vdeturckheim) [#18432](https://github.com/nodejs/node/pull/18432) + * add Leko to collaborators (Leko) [#18117](https://github.com/nodejs/node/pull/18117) + * add vdeturckheim as collaborator (vdeturckheim) [#18432](https://github.com/nodejs/node/pull/18432) * **n-api** - - expose n-api version in process.versions (Michael Dawson) [#18067](https://github.com/nodejs/node/pull/18067) + * expose n-api version in process.versions (Michael Dawson) [#18067](https://github.com/nodejs/node/pull/18067) * **perf_hooks** - - add performance.clear() (James M Snell) [#18046](https://github.com/nodejs/node/pull/18046) + * add performance.clear() (James M Snell) [#18046](https://github.com/nodejs/node/pull/18046) * **stream** - - avoid writeAfterEnd() while ending (陈刚) [#18170](https://github.com/nodejs/node/pull/18170) + * avoid writeAfterEnd() while ending (陈刚) [#18170](https://github.com/nodejs/node/pull/18170) ### Commits @@ -1101,36 +1101,36 @@ This is a special release to fix potentially Semver-Major regression that was re ### Notable Changes * **async\_hooks**: - - deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither API were documented. (Andreas Madsen) [#16972](https://github.com/nodejs/node/pull/16972) + * deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither API were documented. (Andreas Madsen) [#16972](https://github.com/nodejs/node/pull/16972) * **deps**: - - update nghttp2 to 1.29.0 (James M Snell) [#17908](https://github.com/nodejs/node/pull/17908) - - upgrade npm to 5.6.0 (Kat Marchán) [#17535](https://github.com/nodejs/node/pull/17535) - - cherry-pick 50f7455 from upstream V8 (Michaël Zasso) [#16591](https://github.com/nodejs/node/pull/16591) + * update nghttp2 to 1.29.0 (James M Snell) [#17908](https://github.com/nodejs/node/pull/17908) + * upgrade npm to 5.6.0 (Kat Marchán) [#17535](https://github.com/nodejs/node/pull/17535) + * cherry-pick 50f7455 from upstream V8 (Michaël Zasso) [#16591](https://github.com/nodejs/node/pull/16591) * **events**: - - remove reaches into _events internals (Anatoli Papirovski) [#17440](https://github.com/nodejs/node/pull/17440) + * remove reaches into _events internals (Anatoli Papirovski) [#17440](https://github.com/nodejs/node/pull/17440) * **http**: - - add rawPacket in err of `clientError` event (XadillaX) [#17672](https://github.com/nodejs/node/pull/17672) + * add rawPacket in err of `clientError` event (XadillaX) [#17672](https://github.com/nodejs/node/pull/17672) * **http2**: - - implement maxSessionMemory (James M Snell) [#17967](https://github.com/nodejs/node/pull/17967) - - add initial support for originSet (James M Snell) [#17935](https://github.com/nodejs/node/pull/17935) - - add altsvc support (James M Snell) [#17917](https://github.com/nodejs/node/pull/17917) - - perf_hooks integration (James M Snell) [#17906](https://github.com/nodejs/node/pull/17906) - - Refactoring and cleanup of Http2Session and Http2Stream destroy (James M Snell) [#17406](https://github.com/nodejs/node/pull/17406) + * implement maxSessionMemory (James M Snell) [#17967](https://github.com/nodejs/node/pull/17967) + * add initial support for originSet (James M Snell) [#17935](https://github.com/nodejs/node/pull/17935) + * add altsvc support (James M Snell) [#17917](https://github.com/nodejs/node/pull/17917) + * perf_hooks integration (James M Snell) [#17906](https://github.com/nodejs/node/pull/17906) + * Refactoring and cleanup of Http2Session and Http2Stream destroy (James M Snell) [#17406](https://github.com/nodejs/node/pull/17406) * **net**: - - remove Socket.prototype.listen (Ruben Bridgewater) [#13735](https://github.com/nodejs/node/pull/13735) + * remove Socket.prototype.listen (Ruben Bridgewater) [#13735](https://github.com/nodejs/node/pull/13735) * **repl**: - - show lexically scoped vars in tab completion (Michaël Zasso) [#16591](https://github.com/nodejs/node/pull/16591) + * show lexically scoped vars in tab completion (Michaël Zasso) [#16591](https://github.com/nodejs/node/pull/16591) * **stream**: - - rm {writeable/readable}State.length (Calvin Metcalf) [#12857](https://github.com/nodejs/node/pull/12857) - - add flow and buffer properties to streams (Calvin Metcalf) [#12855](https://github.com/nodejs/node/pull/12855) + * rm {writeable/readable}State.length (Calvin Metcalf) [#12857](https://github.com/nodejs/node/pull/12857) + * add flow and buffer properties to streams (Calvin Metcalf) [#12855](https://github.com/nodejs/node/pull/12855) * **util**: - - allow wildcards in NODE_DEBUG variable (Tyler) [#17609](https://github.com/nodejs/node/pull/17609) + * allow wildcards in NODE_DEBUG variable (Tyler) [#17609](https://github.com/nodejs/node/pull/17609) * **zlib**: - - add ArrayBuffer support (Jem Bezooyen) [#16042](https://github.com/nodejs/node/pull/16042) + * add ArrayBuffer support (Jem Bezooyen) [#16042](https://github.com/nodejs/node/pull/16042) * **Added new collaborator** - - [starkwang](https://github.com/starkwang) Weijia Wang + * [starkwang](https://github.com/starkwang) Weijia Wang * **Added new TSC member** - - [danbev](https://github.com/danbev) Daniel Bevenius + * [danbev](https://github.com/danbev) Daniel Bevenius ### Commits @@ -1376,24 +1376,24 @@ This is a special release to fix potentially Semver-Major regression that was re ### Notable Changes * **async\_hooks**: - - add trace events to async_hooks (Andreas Madsen) [#15538](https://github.com/nodejs/node/pull/15538) - - add provider types for net server (Andreas Madsen) [#17157](https://github.com/nodejs/node/pull/17157) + * add trace events to async_hooks (Andreas Madsen) [#15538](https://github.com/nodejs/node/pull/15538) + * add provider types for net server (Andreas Madsen) [#17157](https://github.com/nodejs/node/pull/17157) * **console**: - - console.debug can now be used outside of the inspector (Benjamin Zaslavsky) [#17033](https://github.com/nodejs/node/pull/17033) + * console.debug can now be used outside of the inspector (Benjamin Zaslavsky) [#17033](https://github.com/nodejs/node/pull/17033) * **deps**: - - upgrade libuv to 1.18.0 (cjihrig) [#17282](https://github.com/nodejs/node/pull/17282) - - patch V8 to 6.2.414.46 (Myles Borins) [#17206](https://github.com/nodejs/node/pull/17206) + * upgrade libuv to 1.18.0 (cjihrig) [#17282](https://github.com/nodejs/node/pull/17282) + * patch V8 to 6.2.414.46 (Myles Borins) [#17206](https://github.com/nodejs/node/pull/17206) * **module**: - - module.builtinModules will return a list of built in modules (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386) + * module.builtinModules will return a list of built in modules (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386) * **n-api**: - - add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109) + * add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109) * **process**: - - process.setUncaughtExceptionCaptureCallback can now be used to customize behavior for `--abort-on-uncaught-exception` (Anna Henningsen) [#17159](https://github.com/nodejs/node/pull/17159) - - A signal handler is now able to receive the signal code that triggered the handler. (Robert Rossmann) [#15606](https://github.com/nodejs/node/pull/15606) + * process.setUncaughtExceptionCaptureCallback can now be used to customize behavior for `--abort-on-uncaught-exception` (Anna Henningsen) [#17159](https://github.com/nodejs/node/pull/17159) + * A signal handler is now able to receive the signal code that triggered the handler. (Robert Rossmann) [#15606](https://github.com/nodejs/node/pull/15606) * **src**: - - embedders can now use Node::CreatePlatform to create an instance of NodePlatform (Cheng Zhao) [#16981](https://github.com/nodejs/node/pull/16981) + * embedders can now use Node::CreatePlatform to create an instance of NodePlatform (Cheng Zhao) [#16981](https://github.com/nodejs/node/pull/16981) * **stream**: - - writable.writableHighWaterMark and readable.readableHighWaterMark will return the values the stream object was instantiated with (Calvin Metcalf) [#12860](https://github.com/nodejs/node/pull/12860) + * writable.writableHighWaterMark and readable.readableHighWaterMark will return the values the stream object was instantiated with (Calvin Metcalf) [#12860](https://github.com/nodejs/node/pull/12860) * **Added new collaborators** * [maclover7](https://github.com/maclover7) Jon Moss * [guybedford](https://github.com/guybedford) Guy Bedford @@ -1820,11 +1820,11 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **crypto**: - - Support building with both 1.1.0 and 1.0.2 (David Benjamin) [#16130](https://github.com/nodejs/node/pull/16130) + * Support building with both 1.1.0 and 1.0.2 (David Benjamin) [#16130](https://github.com/nodejs/node/pull/16130) * **fs**: - - fs.realpathSync.native and fs.realpath.native are now exposed (Ben Noordhuis) [#15776](https://github.com/nodejs/node/pull/15776) + * fs.realpathSync.native and fs.realpath.native are now exposed (Ben Noordhuis) [#15776](https://github.com/nodejs/node/pull/15776) * **process**: - - expose process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839) + * expose process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839) ### Commits @@ -1968,12 +1968,12 @@ Fixes for the following CVEs are included in this release: ### Notable Changes * **CLI**: - - `NODE_OPTIONS` now supports the `--stack-trace-limit` option. [#16495](https://github.com/nodejs/node/pull/16495) + * `NODE_OPTIONS` now supports the `--stack-trace-limit` option. [#16495](https://github.com/nodejs/node/pull/16495) * **deps**: - - OpenSSL is upgraded to 1.0.2m [#16691](https://github.com/nodejs/node/pull/16691) + * OpenSSL is upgraded to 1.0.2m [#16691](https://github.com/nodejs/node/pull/16691) * **http**: - - A `'connect'` event handler leak has been fixed. [#16725](https://github.com/nodejs/node/pull/16725) - - The `103 Early Hints` status code is now supported. [#16644](https://github.com/nodejs/node/pull/16644) + * A `'connect'` event handler leak has been fixed. [#16725](https://github.com/nodejs/node/pull/16725) + * The `103 Early Hints` status code is now supported. [#16644](https://github.com/nodejs/node/pull/16644) ### Commits diff --git a/doc/guides/contributing/pull-requests.md b/doc/guides/contributing/pull-requests.md index ec6beb0bb50756..a9ac6e42541b12 100644 --- a/doc/guides/contributing/pull-requests.md +++ b/doc/guides/contributing/pull-requests.md @@ -106,10 +106,10 @@ $ git checkout -b my-branch -t upstream/master The vast majority of Pull Requests opened against the `nodejs/node` repository includes changes to one or more of the following: -- the C/C++ code contained in the `src` directory -- the JavaScript code contained in the `lib` directory -- the documentation in `doc/api` -- tests within the `test` directory. +* the C/C++ code contained in the `src` directory +* the JavaScript code contained in the `lib` directory +* the documentation in `doc/api` +* tests within the `test` directory. If you are modifying code, please be sure to run `make lint` from time to time to ensure that the changes follow the Node.js code style guide. @@ -143,17 +143,17 @@ notes about [commit squashing](#commit-squashing). A good commit message should describe what changed and why. 1. The first line should: - - contain a short description of the change (preferably 50 characters or + * contain a short description of the change (preferably 50 characters or less, and no more than 72 characters) - - be entirely in lowercase with the exception of proper nouns, acronyms, and + * be entirely in lowercase with the exception of proper nouns, acronyms, and the words that refer to code, like function/variable names - - be prefixed with the name of the changed subsystem and start with an + * be prefixed with the name of the changed subsystem and start with an imperative verb. Check the output of `git log --oneline files/you/changed` to find out what subsystems your changes touch. Examples: - - `net: add localAddress and localPort to Socket` - - `src: fix typos in async_wrap.h` + * `net: add localAddress and localPort to Socket` + * `src: fix typos in async_wrap.h` 2. Keep the second line blank. 3. Wrap all other lines at 72 columns (except for long URLs). @@ -163,9 +163,9 @@ A good commit message should describe what changed and why. references use `Refs:`. Examples: - - `Fixes: https://github.com/nodejs/node/issues/1337` - - `Refs: https://eslint.org/docs/rules/space-in-parens.html` - - `Refs: https://github.com/nodejs/node/pull/3615` + * `Fixes: https://github.com/nodejs/node/issues/1337` + * `Refs: https://eslint.org/docs/rules/space-in-parens.html` + * `Refs: https://github.com/nodejs/node/pull/3615` 5. If your commit introduces a breaking change (`semver-major`), it should contain an explanation about the reason of the breaking change, which diff --git a/doc/guides/maintaining-the-build-files.md b/doc/guides/maintaining-the-build-files.md index d36e827145c90d..72b2318e63ab0c 100644 --- a/doc/guides/maintaining-the-build-files.md +++ b/doc/guides/maintaining-the-build-files.md @@ -8,17 +8,17 @@ On how to build the Node.js core, see [Building Node.js](../../BUILDING.md). There are three main build files that may be directly run when building Node.js: -- `configure`: A Python 2 script that detects system capabilities and runs +* `configure`: A Python 2 script that detects system capabilities and runs [GYP][]. It generates `config.gypi` which includes parameters used by GYP to create platform-dependent build files. Its output is usually in one of these formats: Makefile, MSbuild, ninja, or XCode project files (the main Makefile mentioned below is maintained separately by humans). For a detailed guide on this script, see [configure](#configure). -- `vcbuild.bat`: A Windows Batch Script that locates build tools, provides a +* `vcbuild.bat`: A Windows Batch Script that locates build tools, provides a subset of the targets available in the [Makefile](#makefile), and a few targets of its own. For a detailed guide on this script, see [vcbuild.bat](#vcbuildbat). -- `Makefile`: A Makefile that can be run with GNU Make. It provides a set of +* `Makefile`: A Makefile that can be run with GNU Make. It provides a set of targets that build and test the Node.js binary, produce releases and documentation, and interact with the CI to run benchmarks or tests. For a detailed guide on this file, see [Makefile](#makefile). @@ -45,7 +45,7 @@ maintained by humans. This is not usually run on Windows, where ### Options -- `-j `: number of threads used to build the binary. On the non-CI +* `-j `: number of threads used to build the binary. On the non-CI targets, the parallel tests will take up all the available cores, regardless of this option. diff --git a/doc/guides/writing-tests.md b/doc/guides/writing-tests.md index 012532db43f092..f34c07cc151c59 100644 --- a/doc/guides/writing-tests.md +++ b/doc/guides/writing-tests.md @@ -6,17 +6,17 @@ Most tests in Node.js core are JavaScript programs that exercise a functionality provided by Node.js and check that it behaves as expected. Tests should exit with code `0` on success. A test will fail if: -- It exits by setting `process.exitCode` to a non-zero number. - - This is usually done by having an assertion throw an uncaught Error. - - Occasionally, using `process.exit(code)` may be appropriate. -- It never exits. In this case, the test runner will terminate the test because +* It exits by setting `process.exitCode` to a non-zero number. + * This is usually done by having an assertion throw an uncaught Error. + * Occasionally, using `process.exit(code)` may be appropriate. +* It never exits. In this case, the test runner will terminate the test because it sets a maximum time limit. Add tests when: -- Adding new functionality. -- Fixing regressions and bugs. -- Expanding test coverage. +* Adding new functionality. +* Fixing regressions and bugs. +* Expanding test coverage. ## Test directory structure @@ -113,14 +113,14 @@ This is the body of the test. This test is simple, it just tests that an HTTP server accepts `non-ASCII` characters in the headers of an incoming request. Interesting things to notice: -- If the test doesn't depend on a specific port number, then always use 0 +* If the test doesn't depend on a specific port number, then always use 0 instead of an arbitrary value, as it allows tests to run in parallel safely, as the operating system will assign a random port. If the test requires a specific port, for example if the test checks that assigning a specific port works as expected, then it is ok to assign a specific port number. -- The use of `common.mustCall` to check that some callbacks/listeners are +* The use of `common.mustCall` to check that some callbacks/listeners are called. -- The HTTP server closes once all the checks have run. This way, the test can +* The HTTP server closes once all the checks have run. This way, the test can exit gracefully. Remember that for a test to succeed, it must exit with a status code of 0. @@ -268,8 +268,8 @@ const freelist = require('internal/freelist'); When writing assertions, prefer the strict versions: -- `assert.strictEqual()` over `assert.equal()` -- `assert.deepStrictEqual()` over `assert.deepEqual()` +* `assert.strictEqual()` over `assert.equal()` +* `assert.deepStrictEqual()` over `assert.deepEqual()` When using `assert.throws()`, if possible, provide the full error message: @@ -318,9 +318,9 @@ features that can be used directly without a flag in [all maintained branches][]. [node.green][] lists available features in each release, such as: -- `let` and `const` over `var` -- Template literals over string concatenation -- Arrow functions when appropriate +* `let` and `const` over `var` +* Template literals over string concatenation +* Arrow functions when appropriate ## Naming Test Files diff --git a/doc/releases.md b/doc/releases.md index da4a29696028b8..cab18fdd7b71eb 100644 --- a/doc/releases.md +++ b/doc/releases.md @@ -105,11 +105,11 @@ should be listed in the Node.js GitHub README.md file. Notes: -- Dates listed below as _"YYYY-MM-DD"_ should be the date of the release **as +* Dates listed below as _"YYYY-MM-DD"_ should be the date of the release **as UTC**. Use `date -u +'%Y-%m-%d'` to find out what this is. -- Version strings are listed below as _"vx.y.z"_ or _"x.y.z"_. Substitute for +* Version strings are listed below as _"vx.y.z"_ or _"x.y.z"_. Substitute for the release version. -- Examples will use the fictional release version `1.2.3`. +* Examples will use the fictional release version `1.2.3`. ### 0. Pre-release steps @@ -145,10 +145,10 @@ Go through PRs with the label `vN.x`. e.g. [PRs with the `v8.x` label](https://g For each PR: -- Run or check that there is a passing CI. -- Check approvals (you can approve yourself). -- Check that the commit metadata was not changed from the `master` commit. -- If there are merge conflicts, ask the PR author to rebase. +* Run or check that there is a passing CI. +* Check approvals (you can approve yourself). +* Check that the commit metadata was not changed from the `master` commit. +* If there are merge conflicts, ask the PR author to rebase. Simple conflicts can be resolved when landing. When landing the PR add the `Backport-PR-URL:` line to each commit. Close the @@ -174,11 +174,11 @@ cherry-picked. Carefully review the list of commits: -- Checking for errors (incorrect `PR-URL`) -- Checking semver status - Commits labeled as `semver-minor` or `semver-major` +* Checking for errors (incorrect `PR-URL`) +* Checking semver status - Commits labeled as `semver-minor` or `semver-major` should only be cherry-picked when appropriate for the type of release being made. -- If you think it's risky so should wait for a while, add the `baking-for-lts` +* If you think it's risky so should wait for a while, add the `baking-for-lts` tag. When cherry-picking commits, if there are simple conflicts you can resolve @@ -225,10 +225,10 @@ be produced with a version string that does not have a trailing pre-release tag: This macro is used to signal an ABI version for native addons. It currently has two common uses in the community: -- Determining what API to work against for compiling native addons, e.g. +* Determining what API to work against for compiling native addons, e.g. [NAN](https://github.com/nodejs/nan) uses it to form a compatibility-layer for much of what it wraps. -- Determining the ABI for downloading pre-built binaries of native addons, e.g. +* Determining the ABI for downloading pre-built binaries of native addons, e.g. [node-pre-gyp](https://github.com/mapbox/node-pre-gyp) uses this value as exposed via `process.versions.modules` to help determine the appropriate binary to download at install-time. @@ -504,8 +504,8 @@ remainder of the release steps. On release proposal branch, edit `src/node_version.h` again and: -- Increment `NODE_PATCH_VERSION` by one -- Change `NODE_VERSION_IS_RELEASE` back to `0` +* Increment `NODE_PATCH_VERSION` by one +* Change `NODE_VERSION_IS_RELEASE` back to `0` Commit this change with the following commit message format: @@ -610,16 +610,16 @@ This script will use the promoted builds and changelog to generate the post. Run `npm run serve` to preview the post locally before pushing to the [nodejs.org](https://github.com/nodejs/nodejs.org) repo. -- You can add a short blurb just under the main heading if you want to say +* You can add a short blurb just under the main heading if you want to say something important, otherwise the text should be publication ready. -- The links to the download files won't be complete unless you waited for the +* The links to the download files won't be complete unless you waited for the ARMv6 builds. Any downloads that are missing will have `*Coming soon*` next to them. It's your responsibility to manually update these later when you have the outstanding builds. -- The SHASUMS256.txt.asc content is at the bottom of the post. When you update +* The SHASUMS256.txt.asc content is at the bottom of the post. When you update the list of tarballs you'll need to copy/paste the new contents of this file to reflect those changes. -- Always use pull-requests on the nodejs.org repo. Be respectful of that working +* Always use pull-requests on the nodejs.org repo. Be respectful of that working group, but you shouldn't have to wait for PR sign-off. Opening a PR and merging it immediately _should_ be fine. However, please follow the following commit message format: @@ -630,16 +630,16 @@ This script will use the promoted builds and changelog to generate the post. Run Refs: ``` -- Changes to `master` on the nodejs.org repo will trigger a new build of +* Changes to `master` on the nodejs.org repo will trigger a new build of nodejs.org so your changes should appear in a few minutes after pushing. ### 16. Create the release on GitHub -- Go to the [New release page](https://github.com/nodejs/node/releases/new). -- Select the tag version you pushed earlier. -- For release title, copy the title from the changelog. -- For the description, copy the rest of the changelog entry. -- Click on the "Publish release" button. +* Go to the [New release page](https://github.com/nodejs/node/releases/new). +* Select the tag version you pushed earlier. +* For release title, copy the title from the changelog. +* For the description, copy the rest of the changelog entry. +* Click on the "Publish release" button. ### 17. Cleanup