Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: update openssl to quictls/openssl 3.0.0+quic #38512

Closed
wants to merge 30 commits into from

Conversation

danbev
Copy link
Contributor

@danbev danbev commented May 3, 2021

This pull request updates the OpenSSL version that is statically linked with Node.js from OpenSSl 1.1.1 to quictls OpenSSL 3.0.0+quic.

This pull request will replace the OpenSSL version that is currently in the deps directory and when performing a normal build OpenSSL 3.0+quic will be statically linked to the Node.js executable. We will still be able to dynamically link to OpenSSL 1.1.1 and we have a CI job which dynamically links to OpenSSL 1.1.1 which is run for every pull request to make sure that we maintain backward compatibility.

The question is when does the community think that we should make this switch to OpenSSL 3.0+quic?


Building

$ ./configure && make -j8 test
...
[03:59|% 100|+ 3363|-   0]: Done

Verify that OpenSSL is statically linked

$ ldd ./node
	linux-vdso.so.1 (0x00007ffff7fcf000)
	libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007ffff7f9d000)
	libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007ffff7da4000)
	libm.so.6 => /usr/lib64/libm.so.6 (0x00007ffff7c5e000)
	libgcc_s.so.1 => /usr/lib64/libgcc_s.so.1 (0x00007ffff7c44000)
	libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007ffff7c22000)
	libc.so.6 => /usr/lib64/libc.so.6 (0x00007ffff7a59000)
	/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fd1000)
$ ./node -p 'process.versions.openssl'
3.0.0+quic

Building with FIPS support

$ ./configure --openssl-is-fips && make -j8 test
...
[04:06|% 100|+ 3384|-   0]: Done

The above command will build and install the FIPS module into the out directory.
This includes building fips.so, running the installfips command that generates the FIPS configuration file (fipsmodule.cnf), copying and updating openssl.cnf to include the correct path to fipsmodule.cnf and finally uncomment the fips section.

We can then run node specifying --enable-fips:

$ ./node --enable-fips  -p 'crypto.getFips()'
1

The above will use the Node's default locations for OpenSSL 3.0:

$ ./out/Release/openssl-cli version -m -d
OPENSSLDIR: "/home/danielbevenius/work/nodejs/openssl/out/Release/obj.target/deps/openssl"
MODULESDIR: "/home/danielbevenius/work/nodejs/openssl/out/Release/obj.target/deps/openssl/lib/openssl-modules"

Hopefully having these defaults will enable for CI jobs to be configured without too much trouble, and also enable developers to configure FIPS for development/testing.

@github-actions github-actions bot added build Issues and PRs related to build files or the CI. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. labels May 3, 2021
@danbev danbev added dont-land-on-v12.x quic Issues and PRs related to the QUIC implementation / HTTP/3. labels May 3, 2021
@danbev danbev force-pushed the openssl-3.0-statically-linked branch from bcc569a to 2b5ef85 Compare May 3, 2021 16:30
@nodejs-github-bot
Copy link
Collaborator

@danbev danbev force-pushed the openssl-3.0-statically-linked branch from 2b5ef85 to eaf8adc Compare May 26, 2021 10:49
@danbev danbev changed the title deps: update openssl to quictls/openssl 3.0.0-alpha15+quic (wip) deps: update openssl to quictls/openssl 3.0.0-alpha17+quic (wip) May 26, 2021
@nodejs-github-bot
Copy link
Collaborator

@danbev danbev force-pushed the openssl-3.0-statically-linked branch from 04ac9e1 to d6fb5d7 Compare May 31, 2021 06:50
@nodejs-github-bot
Copy link
Collaborator

@danbev danbev force-pushed the openssl-3.0-statically-linked branch from d6fb5d7 to d677da6 Compare May 31, 2021 11:34
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@danbev danbev force-pushed the openssl-3.0-statically-linked branch from d677da6 to 955920c Compare June 1, 2021 05:57
@nodejs-github-bot
Copy link
Collaborator

danbev added a commit to danbev/openssl that referenced this pull request Jun 7, 2021
This commit adds an architecture named aix64-gcc-as which can generate
assembler source code compatible with AIX assembler (as) instead of the
GNU Assembler (gas). This architecture name is then used in a callback
for the .p2align directive which is not available in AIX as.

The motivation for this addition came out of an issue we ran into when
working on upgrading OpenSSL in Node.js. We ran into the following
compilation error on one of the CI machines that uses AIX:

  05:39:05 Assembler:
  05:39:05 crypto/bn/ppc64-mont-fixed.s: line 4: Error In Syntax

This machine is using AIX Version 7.2 and does not have gas installed
and the .p2align directive is causing this error. After asking around if
it would be possible to install GAS on this machine I learned that AIX
GNU utils are not maintained as well as the native AIX ones and we
(Red Hat/IBM) have run into issues with the GNU utils in the past and if
possible it would be preferable to be able to use the AIX native
assembler.

Refs: nodejs/node#38512
openssl-machine pushed a commit to openssl/openssl that referenced this pull request Jun 8, 2021
This commit adds an architecture named aix64-gcc-as which can generate
assembler source code compatible with AIX assembler (as) instead of the
GNU Assembler (gas). This architecture name is then used in a callback
for the .p2align directive which is not available in AIX as.

The motivation for this addition came out of an issue we ran into when
working on upgrading OpenSSL in Node.js. We ran into the following
compilation error on one of the CI machines that uses AIX:

  05:39:05 Assembler:
  05:39:05 crypto/bn/ppc64-mont-fixed.s: line 4: Error In Syntax

This machine is using AIX Version 7.2 and does not have gas installed
and the .p2align directive is causing this error. After asking around if
it would be possible to install GAS on this machine I learned that AIX
GNU utils are not maintained as well as the native AIX ones and we
(Red Hat/IBM) have run into issues with the GNU utils in the past and if
possible it would be preferable to be able to use the AIX native
assembler.

Refs: nodejs/node#38512

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from #15638)
@nodejs-github-bot
Copy link
Collaborator

@danbev
Copy link
Contributor Author

danbev commented Jun 8, 2021

Just a note that node-test-linux-linked-openssl300 is expected to fail until it has our CI has been upgraded to alpha17 or later.

@danbev danbev force-pushed the openssl-3.0-statically-linked branch 2 times, most recently from c75fdea to a8ff58a Compare June 17, 2021 05:06
@danbev danbev force-pushed the openssl-3.0-statically-linked branch from ba291ca to a991d15 Compare June 23, 2021 10:15
@danbev danbev changed the title deps: update openssl to quictls/openssl 3.0.0-alpha17+quic (wip) deps: update openssl to quictls/openssl 3.0.0-beta1+quic (wip) Jun 23, 2021
@danbev danbev force-pushed the openssl-3.0-statically-linked branch from 1107e17 to 07ded8b Compare October 10, 2021 13:47
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@danbev
Copy link
Contributor Author

danbev commented Oct 11, 2021

Re-run of failing node-test-commit-arm-fanned ✔️

danbev added a commit that referenced this pull request Oct 11, 2021
This pull request updates the OpenSSL version that is statically
linked with Node.js from OpenSSl 1.1.1 to quictls OpenSSL 3.0.0+quic.

This pull request will replace the OpenSSL version that is currently
in the deps directory and when performing a normal build
OpenSSL 3.0+quic will be statically linked to the Node.js executable.
We will still be able to dynamically link to OpenSSL 1.1.1 and we have
a CI job which dynamically links to OpenSSL 1.1.1 which is run for
every pull request to make sure that we maintain backward compatibility.

PR-URL: #38512
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@danbev
Copy link
Contributor Author

danbev commented Oct 11, 2021

Landed in 66da32c.

@danbev danbev closed this Oct 11, 2021
BethGriggs added a commit that referenced this pull request Oct 15, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- v8: remove --harmony-top-level-await
  (Geoffrey Booth) [#40226]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support. For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for th `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 15, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- v8: remove --harmony-top-level-await
  (Geoffrey Booth) [#40226]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support. For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 16, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support. For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 18, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support.

While OpenSSL 3.0 APIs should be mostly compatible with those provided
by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to
tightened restrictions on the allowed algorithms and key sizes.

If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with
Node.js 17, it’s likely that your application or a module you’re using
is attempting to use an algorithm or key size which is no longer allowed
by default with OpenSSL 3.0. A command-line option,
`--openssl-legacy-provider`, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

Contributed in #38512, #40478

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- deps: upgrade npm to 8.1.0
  (npm team) [#40463]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 18, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support.

While OpenSSL 3.0 APIs should be mostly compatible with those provided
by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to
tightened restrictions on the allowed algorithms and key sizes.

If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with
Node.js 17, it’s likely that your application or a module you’re using
is attempting to use an algorithm or key size which is no longer allowed
by default with OpenSSL 3.0. A command-line option,
`--openssl-legacy-provider`, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

Contributed in #38512, #40478

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- deps: upgrade npm to 8.1.0
  (npm team) [#40463]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 19, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support.

While OpenSSL 3.0 APIs should be mostly compatible with those provided
by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to
tightened restrictions on the allowed algorithms and key sizes.

If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with
Node.js 17, it’s likely that your application or a module you’re using
is attempting to use an algorithm or key size which is no longer allowed
by default with OpenSSL 3.0. A command-line option,
`--openssl-legacy-provider`, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

Contributed in #38512, #40478

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- deps: upgrade npm to 8.1.0
  (npm team) [#40463]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
@pimterry pimterry mentioned this pull request Jan 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
build Issues and PRs related to build files or the CI. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. quic Issues and PRs related to the QUIC implementation / HTTP/3. semver-major PRs that contain breaking changes and should be released in the next major version. tsc-agenda Issues and PRs to discuss during the meetings of the TSC.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants