-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: change default check(Host|Email) behavior #41600
Closed
tniessen
wants to merge
1
commit into
nodejs:master
from
tniessen:crypto-x509-check-flag-subject-default
Closed
crypto: change default check(Host|Email) behavior #41600
tniessen
wants to merge
1
commit into
nodejs:master
from
tniessen:crypto-x509-check-flag-subject-default
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tniessen
added
the
semver-major
PRs that contain breaking changes and should be released in the next major version.
label
Jan 19, 2022
Review requested:
|
nodejs-github-bot
added
crypto
Issues and PRs related to the crypto subsystem.
needs-ci
PRs that need a full CI run.
labels
Jan 19, 2022
tniessen
added
request-ci
Add this label to start a Jenkins CI on a PR.
tls
Issues and PRs related to the tls subsystem.
labels
Jan 19, 2022
github-actions
bot
removed
the
request-ci
Add this label to start a Jenkins CI on a PR.
label
Jan 19, 2022
This comment has been minimized.
This comment has been minimized.
mcollina
approved these changes
Jan 20, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Trott
approved these changes
Jan 20, 2022
@tniessen go ahead and rebase |
panva
approved these changes
Jan 22, 2022
This changes the default behavior of the X509Certificate functions checkHost and checkEmail to match the default behavior of OpenSSL's X509_check_host and X509_check_email functions, respectively, which is also what RFC 2818 mandates for HTTPS. Refs: nodejs#36804 Refs: nodejs#41569
tniessen
force-pushed
the
crypto-x509-check-flag-subject-default
branch
from
January 22, 2022 14:33
e6ba945
to
992e7d4
Compare
github-actions
bot
removed
the
request-ci
Add this label to start a Jenkins CI on a PR.
label
Jan 22, 2022
This comment has been minimized.
This comment has been minimized.
panva
added
the
commit-queue
Add this label to land a pull request using GitHub Actions.
label
Jan 22, 2022
nodejs-github-bot
added
commit-queue-failed
An error occurred while landing this pull request using GitHub Actions.
and removed
commit-queue
Add this label to land a pull request using GitHub Actions.
labels
Jan 22, 2022
Commit Queue failed- Loading data for nodejs/node/pull/41600 ✔ Done loading data for nodejs/node/pull/41600 ----------------------------------- PR info ------------------------------------ Title crypto: change default check(Host|Email) behavior (#41600) ⚠ Could not retrieve the email or name of the PR author's from user's GitHub profile! Branch tniessen:crypto-x509-check-flag-subject-default -> nodejs:master Labels tls, crypto, semver-major, needs-ci Commits 1 - crypto: change default check(Host|Email) behavior Committers 1 - Tobias Nießen PR-URL: https://github.com/nodejs/node/pull/41600 Refs: https://github.com/nodejs/node/pull/36804 Refs: https://github.com/nodejs/node/pull/41569 Reviewed-By: Matteo Collina Reviewed-By: Rich Trott Reviewed-By: Filip Skokan ------------------------------ Generated metadata ------------------------------ PR-URL: https://github.com/nodejs/node/pull/41600 Refs: https://github.com/nodejs/node/pull/36804 Refs: https://github.com/nodejs/node/pull/41569 Reviewed-By: Matteo Collina Reviewed-By: Rich Trott Reviewed-By: Filip Skokan -------------------------------------------------------------------------------- ⚠ Commits were pushed since the last review: ⚠ - crypto: change default check(Host|Email) behavior ℹ This PR was created on Wed, 19 Jan 2022 19:11:19 GMT ✔ Approvals: 3 ✔ - Matteo Collina (@mcollina) (TSC): https://github.com/nodejs/node/pull/41600#pullrequestreview-858521373 ✔ - Rich Trott (@Trott) (TSC): https://github.com/nodejs/node/pull/41600#pullrequestreview-858584651 ✔ - Filip Skokan (@panva): https://github.com/nodejs/node/pull/41600#pullrequestreview-860210859 ✖ GitHub CI is still running ℹ Last Full PR CI on 2022-01-22T15:54:27Z: https://ci.nodejs.org/job/node-test-pull-request/42085/ - Querying data for job/node-test-pull-request/42085/ ✔ Last Jenkins CI successful -------------------------------------------------------------------------------- ✔ Aborted `git node land` session in /home/runner/work/node/node/.ncuhttps://github.com/nodejs/node/actions/runs/1733554817 |
I can't see a pending github CI, ... 🤷 |
Landed in 18365d8 |
panva
pushed a commit
that referenced
this pull request
Jan 22, 2022
This changes the default behavior of the X509Certificate functions checkHost and checkEmail to match the default behavior of OpenSSL's X509_check_host and X509_check_email functions, respectively, which is also what RFC 2818 mandates for HTTPS. Refs: #36804 Refs: #41569 PR-URL: #41600 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
tniessen
removed
the
commit-queue-failed
An error occurred while landing this pull request using GitHub Actions.
label
Jan 23, 2022
This was referenced Jan 23, 2022
Linkgoron
pushed a commit
to Linkgoron/node
that referenced
this pull request
Jan 31, 2022
This changes the default behavior of the X509Certificate functions checkHost and checkEmail to match the default behavior of OpenSSL's X509_check_host and X509_check_email functions, respectively, which is also what RFC 2818 mandates for HTTPS. Refs: nodejs#36804 Refs: nodejs#41569 PR-URL: nodejs#41600 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
BethGriggs
added a commit
that referenced
this pull request
Apr 18, 2022
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (#42607) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (#41896) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (#40773) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (#41479) fetch (experimental): An experimental fetch API is available on the global scope by default. The implementation is based upon https://undici.nodejs.org/#/, an HTTP/1.1 client written for Node.js by contributors to the project. Through this addition, the following globals are made available: `fetch` , `FormData`, `Headers`, `Request`, `Response`. Disable this API with the `--no-experimental-fetch` command-line flag. Contributed by Michaël Zasso in #41811. HTTP Timeouts: `server.headersTimeout`, which limits the amount of time the parser will wait to receive the complete HTTP headers, is now set to `60000` (60 seconds) by default. `server.requestTimeout`, which sets the timeout value in milliseconds for receiving the entire request from the client, is now set to `300000` (5 minutes) by default. If these timeouts expire, the server responds with status 408 without forwarding the request to the request listener and then closes the connection. Both timeouts must be set to a non-zero value to protect against potential Denial-of-Service attacks in case the server is deployed without a reverse proxy in front. Contributed by Paolo Insogna in #41263. Test Runner module (experimental): The `node:test` module facilitates the creation of JavaScript tests that report results in TAP format. This module is only available under the `node:` scheme. Contributed by Colin Ihrig in #42325. Toolchain and Compiler Upgrades: - Prebuilt binaries for Linux are now built on Red Hat Enterprise Linux (RHEL) 8 and are compatible with Linux distributions based on glibc 2.28 or later, for example, Debian 10, RHEL 8, Ubuntu 20.04. - Prebuilt binaries for macOS now require macOS 10.15 or later. - For AIX the minimum supported architecture has been raised from Power 7 to Power 8. Prebuilt binaries for 32-bit Windows will initially not be available due to issues building the V8 dependency in Node.js. We hope to restore 32-bit Windows binaries for Node.js 18 with a future V8 update. Node.js does not support running on operating systems that are no longer supported by their vendor. For operating systems where their vendor has planned to end support earlier than April 2025, such as Windows 8.1 (January 2023) and Windows Server 2012 R2 (October 2023), support for Node.js 18 will end at the earlier date. Full details about the supported toolchains and compilers are documented in the Node.js `BUILDING.md` file. Contributed by Richard Lau in #42292, #42604 and #42659 , and Michaël Zasso in #42105 and #42666. V8 10.1: The V8 engine is updated to version 10.1, which is part of Chromium 101. Compared to the version included in Node.js 17.9.0, the following new features are included: - The `findLast` and `findLastIndex` array methods. - Improvements to the `Intl.Locale` API. - The `Intl.supportedValuesOf` function. - Improved performance of class fields and private class methods (the initialization of them is now as fast as ordinary property stores). The data format returned by the serialization API (`v8.serialize(value)`) has changed, and cannot be deserialized by earlier versions of Node.js. On the other hand, it is still possible to deserialize the previous format, as the API is backwards-compatible. Contributed by Michaël Zasso in #42657. Web Streams API (experimental): Node.js now exposes the experimental implementation of the Web Streams API on the global scope. This means the following APIs are now globally available: - `ReadableStream`, `ReadableStreamDefaultReader`, `ReadableStreamBYOBReader`, `ReadableStreamBYOBRequest`, `ReadableByteStreamController`, `ReadableStreamDefaultController`, `TransformStream`, `TransformStreamDefaultController`, `WritableStream`, `WritableStreamDefaultWriter`, `WritableStreamDefaultController`, `ByteLengthQueuingStrategy`, `CountQueuingStrategy`, `TextEncoderStream`, `TextDecoderStream`, `CompressionStream`, `DecompressionStream`. Contributed James Snell in #39062, and Antoine du Hamel in #42225. Other Notable Changes: - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (#41270) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (#41305) - doc: add RafaelGSS to collaborators (RafaelGSS) (#42718) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (#42163) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (#41271) Semver-Major Commits: - (SEMVER-MAJOR) assert,util: compare RegExp.lastIndex while using deep equal checks (Ruben Bridgewater) (#41020) - (SEMVER-MAJOR) buffer: refactor `byteLength` to remove outdated optimizations (Rongjian Zhang) (#38545) - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (#41270) - (SEMVER-MAJOR) buffer: graduate Blob from experimental (James M Snell) (#41270) - (SEMVER-MAJOR) build: make x86 Windows support temporarily experimental (Michaël Zasso) (#42666) - (SEMVER-MAJOR) build: bump macOS deployment target to 10.15 (Richard Lau) (#42292) - (SEMVER-MAJOR) build: downgrade Windows 8.1 and server 2012 R2 to experimental (Michaël Zasso) (#42105) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (#41305) - (SEMVER-MAJOR) cluster: make `kill` to be just `process.kill` (Bar Admoni) (#34312) - (SEMVER-MAJOR) crypto: cleanup validation (Mohammed Keyvanzadeh) (#39841) - (SEMVER-MAJOR) crypto: prettify othername in PrintGeneralName (Tobias Nießen) (#42123) - (SEMVER-MAJOR) crypto: fix X509Certificate toLegacyObject (Tobias Nießen) (#42124) - (SEMVER-MAJOR) crypto: use RFC2253 format in PrintGeneralName (Tobias Nießen) (#42002) - (SEMVER-MAJOR) crypto: change default check(Host|Email) behavior (Tobias Nießen) (#41600) - (SEMVER-MAJOR) deps: V8: cherry-pick semver-major commits from 10.2 (Michaël Zasso) (#42657) - (SEMVER-MAJOR) deps: update V8 to 10.1.124.6 (Michaël Zasso) (#42657) - (SEMVER-MAJOR) deps: update V8 to 9.8.177.9 (Michaël Zasso) (#41610) - (SEMVER-MAJOR) deps: update V8 to 9.7.106.18 (Michaël Zasso) (#40907) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) doc: update minimum glibc requirements for Linux (Richard Lau) (#42659) - (SEMVER-MAJOR) doc: update AIX minimum supported arch (Richard Lau) (#42604) - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (#42607) - (SEMVER-MAJOR) http: refactor headersTimeout and requestTimeout logic (Paolo Insogna) (#41263) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (#42163) - (SEMVER-MAJOR) lib: enable fetch by default (Michaël Zasso) (#41811) - (SEMVER-MAJOR) lib: replace validator and error (Mohammed Keyvanzadeh) (#41678) - (SEMVER-MAJOR) module,repl: support 'node:'-only core modules (Colin Ihrig) (#42325) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) process: disallow some uses of Object.defineProperty() on process.env (Himself65) (#28006) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (#41896) - (SEMVER-MAJOR) readline: fix question still called after closed (Xuguang Mei) (#42464) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (#40773) - (SEMVER-MAJOR) stream: expose web streams globals, remove runtime experimental warning (Antoine du Hamel) (#42225) - (SEMVER-MAJOR) stream: need to cleanup event listeners if last stream is readable (Xuguang Mei) (#41954) - (SEMVER-MAJOR) stream: revert revert `map` spec compliance (Benjamin Gruenbaum) (#41933) - (SEMVER-MAJOR) stream: throw invalid arg type from End Of Stream (Jithil P Ponnan) (#41766) - (SEMVER-MAJOR) stream: don't emit finish after destroy (Robert Nagy) (#40852) - (SEMVER-MAJOR) stream: add errored and closed props (Robert Nagy) (#40696) - (SEMVER-MAJOR) test: add initial test module (Colin Ihrig) (#42325) - (SEMVER-MAJOR) timers: refactor internal classes to ES2015 syntax (Rabbit) (#37408) - (SEMVER-MAJOR) tls: represent registeredID numerically always (Tobias Nießen) (#41561) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (#41479) - (SEMVER-MAJOR) url: throw on NULL in IPv6 hostname (Rich Trott) (#42313) - (SEMVER-MAJOR) v8: make v8.writeHeapSnapshot() error codes consistent (Darshan Sen) (#42577) - (SEMVER-MAJOR) v8: make writeHeapSnapshot throw if fopen fails (Antonio Román) (#41373) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (#41271) PR-URL: #42262
BethGriggs
added a commit
that referenced
this pull request
Apr 19, 2022
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (#42607) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (#41896) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (#40773) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (#41479) fetch (experimental): An experimental fetch API is available on the global scope by default. The implementation is based upon https://undici.nodejs.org/#/, an HTTP/1.1 client written for Node.js by contributors to the project. Through this addition, the following globals are made available: `fetch` , `FormData`, `Headers`, `Request`, `Response`. Disable this API with the `--no-experimental-fetch` command-line flag. Contributed by Michaël Zasso in #41811. HTTP Timeouts: `server.headersTimeout`, which limits the amount of time the parser will wait to receive the complete HTTP headers, is now set to `60000` (60 seconds) by default. `server.requestTimeout`, which sets the timeout value in milliseconds for receiving the entire request from the client, is now set to `300000` (5 minutes) by default. If these timeouts expire, the server responds with status 408 without forwarding the request to the request listener and then closes the connection. Both timeouts must be set to a non-zero value to protect against potential Denial-of-Service attacks in case the server is deployed without a reverse proxy in front. Contributed by Paolo Insogna in #41263. Test Runner module (experimental): The `node:test` module facilitates the creation of JavaScript tests that report results in TAP format. This module is only available under the `node:` scheme. Contributed by Colin Ihrig in #42325. Toolchain and Compiler Upgrades: - Prebuilt binaries for Linux are now built on Red Hat Enterprise Linux (RHEL) 8 and are compatible with Linux distributions based on glibc 2.28 or later, for example, Debian 10, RHEL 8, Ubuntu 20.04. - Prebuilt binaries for macOS now require macOS 10.15 or later. - For AIX the minimum supported architecture has been raised from Power 7 to Power 8. Prebuilt binaries for 32-bit Windows will initially not be available due to issues building the V8 dependency in Node.js. We hope to restore 32-bit Windows binaries for Node.js 18 with a future V8 update. Node.js does not support running on operating systems that are no longer supported by their vendor. For operating systems where their vendor has planned to end support earlier than April 2025, such as Windows 8.1 (January 2023) and Windows Server 2012 R2 (October 2023), support for Node.js 18 will end at the earlier date. Full details about the supported toolchains and compilers are documented in the Node.js `BUILDING.md` file. Contributed by Richard Lau in #42292, #42604 and #42659 , and Michaël Zasso in #42105 and #42666. V8 10.1: The V8 engine is updated to version 10.1, which is part of Chromium 101. Compared to the version included in Node.js 17.9.0, the following new features are included: - The `findLast` and `findLastIndex` array methods. - Improvements to the `Intl.Locale` API. - The `Intl.supportedValuesOf` function. - Improved performance of class fields and private class methods (the initialization of them is now as fast as ordinary property stores). The data format returned by the serialization API (`v8.serialize(value)`) has changed, and cannot be deserialized by earlier versions of Node.js. On the other hand, it is still possible to deserialize the previous format, as the API is backwards-compatible. Contributed by Michaël Zasso in #42657. Web Streams API (experimental): Node.js now exposes the experimental implementation of the Web Streams API on the global scope. This means the following APIs are now globally available: - `ReadableStream`, `ReadableStreamDefaultReader`, `ReadableStreamBYOBReader`, `ReadableStreamBYOBRequest`, `ReadableByteStreamController`, `ReadableStreamDefaultController`, `TransformStream`, `TransformStreamDefaultController`, `WritableStream`, `WritableStreamDefaultWriter`, `WritableStreamDefaultController`, `ByteLengthQueuingStrategy`, `CountQueuingStrategy`, `TextEncoderStream`, `TextDecoderStream`, `CompressionStream`, `DecompressionStream`. Contributed James Snell in #39062, and Antoine du Hamel in #42225. Other Notable Changes: - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (#41270) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (#41305) - doc: add RafaelGSS to collaborators (RafaelGSS) (#42718) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (#42163) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (#41271) Semver-Major Commits: - (SEMVER-MAJOR) assert,util: compare RegExp.lastIndex while using deep equal checks (Ruben Bridgewater) (#41020) - (SEMVER-MAJOR) buffer: refactor `byteLength` to remove outdated optimizations (Rongjian Zhang) (#38545) - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (#41270) - (SEMVER-MAJOR) buffer: graduate Blob from experimental (James M Snell) (#41270) - (SEMVER-MAJOR) build: make x86 Windows support temporarily experimental (Michaël Zasso) (#42666) - (SEMVER-MAJOR) build: bump macOS deployment target to 10.15 (Richard Lau) (#42292) - (SEMVER-MAJOR) build: downgrade Windows 8.1 and server 2012 R2 to experimental (Michaël Zasso) (#42105) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (#41305) - (SEMVER-MAJOR) cluster: make `kill` to be just `process.kill` (Bar Admoni) (#34312) - (SEMVER-MAJOR) crypto: cleanup validation (Mohammed Keyvanzadeh) (#39841) - (SEMVER-MAJOR) crypto: prettify othername in PrintGeneralName (Tobias Nießen) (#42123) - (SEMVER-MAJOR) crypto: fix X509Certificate toLegacyObject (Tobias Nießen) (#42124) - (SEMVER-MAJOR) crypto: use RFC2253 format in PrintGeneralName (Tobias Nießen) (#42002) - (SEMVER-MAJOR) crypto: change default check(Host|Email) behavior (Tobias Nießen) (#41600) - (SEMVER-MAJOR) deps: V8: cherry-pick semver-major commits from 10.2 (Michaël Zasso) (#42657) - (SEMVER-MAJOR) deps: update V8 to 10.1.124.6 (Michaël Zasso) (#42657) - (SEMVER-MAJOR) deps: update V8 to 9.8.177.9 (Michaël Zasso) (#41610) - (SEMVER-MAJOR) deps: update V8 to 9.7.106.18 (Michaël Zasso) (#40907) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) doc: update minimum glibc requirements for Linux (Richard Lau) (#42659) - (SEMVER-MAJOR) doc: update AIX minimum supported arch (Richard Lau) (#42604) - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (#42607) - (SEMVER-MAJOR) http: refactor headersTimeout and requestTimeout logic (Paolo Insogna) (#41263) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (#42163) - (SEMVER-MAJOR) lib: enable fetch by default (Michaël Zasso) (#41811) - (SEMVER-MAJOR) lib: replace validator and error (Mohammed Keyvanzadeh) (#41678) - (SEMVER-MAJOR) module,repl: support 'node:'-only core modules (Colin Ihrig) (#42325) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) process: disallow some uses of Object.defineProperty() on process.env (Himself65) (#28006) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (#41896) - (SEMVER-MAJOR) readline: fix question still called after closed (Xuguang Mei) (#42464) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (#40773) - (SEMVER-MAJOR) stream: expose web streams globals, remove runtime experimental warning (Antoine du Hamel) (#42225) - (SEMVER-MAJOR) stream: need to cleanup event listeners if last stream is readable (Xuguang Mei) (#41954) - (SEMVER-MAJOR) stream: revert revert `map` spec compliance (Benjamin Gruenbaum) (#41933) - (SEMVER-MAJOR) stream: throw invalid arg type from End Of Stream (Jithil P Ponnan) (#41766) - (SEMVER-MAJOR) stream: don't emit finish after destroy (Robert Nagy) (#40852) - (SEMVER-MAJOR) stream: add errored and closed props (Robert Nagy) (#40696) - (SEMVER-MAJOR) test: add initial test module (Colin Ihrig) (#42325) - (SEMVER-MAJOR) timers: refactor internal classes to ES2015 syntax (Rabbit) (#37408) - (SEMVER-MAJOR) tls: represent registeredID numerically always (Tobias Nießen) (#41561) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (#41479) - (SEMVER-MAJOR) url: throw on NULL in IPv6 hostname (Rich Trott) (#42313) - (SEMVER-MAJOR) v8: make v8.writeHeapSnapshot() error codes consistent (Darshan Sen) (#42577) - (SEMVER-MAJOR) v8: make writeHeapSnapshot throw if fopen fails (Antonio Román) (#41373) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (#41271) PR-URL: #42262
xtx1130
pushed a commit
to xtx1130/node
that referenced
this pull request
Apr 25, 2022
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (nodejs#42607) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (nodejs#41431) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (nodejs#41896) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (nodejs#40773) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (nodejs#41479) fetch (experimental): An experimental fetch API is available on the global scope by default. The implementation is based upon https://undici.nodejs.org/#/, an HTTP/1.1 client written for Node.js by contributors to the project. Through this addition, the following globals are made available: `fetch` , `FormData`, `Headers`, `Request`, `Response`. Disable this API with the `--no-experimental-fetch` command-line flag. Contributed by Michaël Zasso in nodejs#41811. HTTP Timeouts: `server.headersTimeout`, which limits the amount of time the parser will wait to receive the complete HTTP headers, is now set to `60000` (60 seconds) by default. `server.requestTimeout`, which sets the timeout value in milliseconds for receiving the entire request from the client, is now set to `300000` (5 minutes) by default. If these timeouts expire, the server responds with status 408 without forwarding the request to the request listener and then closes the connection. Both timeouts must be set to a non-zero value to protect against potential Denial-of-Service attacks in case the server is deployed without a reverse proxy in front. Contributed by Paolo Insogna in nodejs#41263. Test Runner module (experimental): The `node:test` module facilitates the creation of JavaScript tests that report results in TAP format. This module is only available under the `node:` scheme. Contributed by Colin Ihrig in nodejs#42325. Toolchain and Compiler Upgrades: - Prebuilt binaries for Linux are now built on Red Hat Enterprise Linux (RHEL) 8 and are compatible with Linux distributions based on glibc 2.28 or later, for example, Debian 10, RHEL 8, Ubuntu 20.04. - Prebuilt binaries for macOS now require macOS 10.15 or later. - For AIX the minimum supported architecture has been raised from Power 7 to Power 8. Prebuilt binaries for 32-bit Windows will initially not be available due to issues building the V8 dependency in Node.js. We hope to restore 32-bit Windows binaries for Node.js 18 with a future V8 update. Node.js does not support running on operating systems that are no longer supported by their vendor. For operating systems where their vendor has planned to end support earlier than April 2025, such as Windows 8.1 (January 2023) and Windows Server 2012 R2 (October 2023), support for Node.js 18 will end at the earlier date. Full details about the supported toolchains and compilers are documented in the Node.js `BUILDING.md` file. Contributed by Richard Lau in nodejs#42292, nodejs#42604 and nodejs#42659 , and Michaël Zasso in nodejs#42105 and nodejs#42666. V8 10.1: The V8 engine is updated to version 10.1, which is part of Chromium 101. Compared to the version included in Node.js 17.9.0, the following new features are included: - The `findLast` and `findLastIndex` array methods. - Improvements to the `Intl.Locale` API. - The `Intl.supportedValuesOf` function. - Improved performance of class fields and private class methods (the initialization of them is now as fast as ordinary property stores). The data format returned by the serialization API (`v8.serialize(value)`) has changed, and cannot be deserialized by earlier versions of Node.js. On the other hand, it is still possible to deserialize the previous format, as the API is backwards-compatible. Contributed by Michaël Zasso in nodejs#42657. Web Streams API (experimental): Node.js now exposes the experimental implementation of the Web Streams API on the global scope. This means the following APIs are now globally available: - `ReadableStream`, `ReadableStreamDefaultReader`, `ReadableStreamBYOBReader`, `ReadableStreamBYOBRequest`, `ReadableByteStreamController`, `ReadableStreamDefaultController`, `TransformStream`, `TransformStreamDefaultController`, `WritableStream`, `WritableStreamDefaultWriter`, `WritableStreamDefaultController`, `ByteLengthQueuingStrategy`, `CountQueuingStrategy`, `TextEncoderStream`, `TextDecoderStream`, `CompressionStream`, `DecompressionStream`. Contributed James Snell in nodejs#39062, and Antoine du Hamel in nodejs#42225. Other Notable Changes: - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (nodejs#41270) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (nodejs#41305) - doc: add RafaelGSS to collaborators (RafaelGSS) (nodejs#42718) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (nodejs#42163) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (nodejs#41431) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (nodejs#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (nodejs#41271) Semver-Major Commits: - (SEMVER-MAJOR) assert,util: compare RegExp.lastIndex while using deep equal checks (Ruben Bridgewater) (nodejs#41020) - (SEMVER-MAJOR) buffer: refactor `byteLength` to remove outdated optimizations (Rongjian Zhang) (nodejs#38545) - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (nodejs#41270) - (SEMVER-MAJOR) buffer: graduate Blob from experimental (James M Snell) (nodejs#41270) - (SEMVER-MAJOR) build: make x86 Windows support temporarily experimental (Michaël Zasso) (nodejs#42666) - (SEMVER-MAJOR) build: bump macOS deployment target to 10.15 (Richard Lau) (nodejs#42292) - (SEMVER-MAJOR) build: downgrade Windows 8.1 and server 2012 R2 to experimental (Michaël Zasso) (nodejs#42105) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (nodejs#41305) - (SEMVER-MAJOR) cluster: make `kill` to be just `process.kill` (Bar Admoni) (nodejs#34312) - (SEMVER-MAJOR) crypto: cleanup validation (Mohammed Keyvanzadeh) (nodejs#39841) - (SEMVER-MAJOR) crypto: prettify othername in PrintGeneralName (Tobias Nießen) (nodejs#42123) - (SEMVER-MAJOR) crypto: fix X509Certificate toLegacyObject (Tobias Nießen) (nodejs#42124) - (SEMVER-MAJOR) crypto: use RFC2253 format in PrintGeneralName (Tobias Nießen) (nodejs#42002) - (SEMVER-MAJOR) crypto: change default check(Host|Email) behavior (Tobias Nießen) (nodejs#41600) - (SEMVER-MAJOR) deps: V8: cherry-pick semver-major commits from 10.2 (Michaël Zasso) (nodejs#42657) - (SEMVER-MAJOR) deps: update V8 to 10.1.124.6 (Michaël Zasso) (nodejs#42657) - (SEMVER-MAJOR) deps: update V8 to 9.8.177.9 (Michaël Zasso) (nodejs#41610) - (SEMVER-MAJOR) deps: update V8 to 9.7.106.18 (Michaël Zasso) (nodejs#40907) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (nodejs#41431) - (SEMVER-MAJOR) doc: update minimum glibc requirements for Linux (Richard Lau) (nodejs#42659) - (SEMVER-MAJOR) doc: update AIX minimum supported arch (Richard Lau) (nodejs#42604) - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (nodejs#42607) - (SEMVER-MAJOR) http: refactor headersTimeout and requestTimeout logic (Paolo Insogna) (nodejs#41263) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (nodejs#42163) - (SEMVER-MAJOR) lib: enable fetch by default (Michaël Zasso) (nodejs#41811) - (SEMVER-MAJOR) lib: replace validator and error (Mohammed Keyvanzadeh) (nodejs#41678) - (SEMVER-MAJOR) module,repl: support 'node:'-only core modules (Colin Ihrig) (nodejs#42325) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (nodejs#41431) - (SEMVER-MAJOR) process: disallow some uses of Object.defineProperty() on process.env (Himself65) (nodejs#28006) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (nodejs#41896) - (SEMVER-MAJOR) readline: fix question still called after closed (Xuguang Mei) (nodejs#42464) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (nodejs#40773) - (SEMVER-MAJOR) stream: expose web streams globals, remove runtime experimental warning (Antoine du Hamel) (nodejs#42225) - (SEMVER-MAJOR) stream: need to cleanup event listeners if last stream is readable (Xuguang Mei) (nodejs#41954) - (SEMVER-MAJOR) stream: revert revert `map` spec compliance (Benjamin Gruenbaum) (nodejs#41933) - (SEMVER-MAJOR) stream: throw invalid arg type from End Of Stream (Jithil P Ponnan) (nodejs#41766) - (SEMVER-MAJOR) stream: don't emit finish after destroy (Robert Nagy) (nodejs#40852) - (SEMVER-MAJOR) stream: add errored and closed props (Robert Nagy) (nodejs#40696) - (SEMVER-MAJOR) test: add initial test module (Colin Ihrig) (nodejs#42325) - (SEMVER-MAJOR) timers: refactor internal classes to ES2015 syntax (Rabbit) (nodejs#37408) - (SEMVER-MAJOR) tls: represent registeredID numerically always (Tobias Nießen) (nodejs#41561) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (nodejs#41479) - (SEMVER-MAJOR) url: throw on NULL in IPv6 hostname (Rich Trott) (nodejs#42313) - (SEMVER-MAJOR) v8: make v8.writeHeapSnapshot() error codes consistent (Darshan Sen) (nodejs#42577) - (SEMVER-MAJOR) v8: make writeHeapSnapshot throw if fopen fails (Antonio Román) (nodejs#41373) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (nodejs#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (nodejs#41271) PR-URL: nodejs#42262
codebytere
added a commit
to electron/electron
that referenced
this pull request
Oct 12, 2022
codebytere
added a commit
to electron/electron
that referenced
this pull request
Oct 17, 2022
codebytere
added a commit
to electron/electron
that referenced
this pull request
Oct 19, 2022
codebytere
added a commit
to electron/electron
that referenced
this pull request
Oct 19, 2022
codebytere
added a commit
to electron/electron
that referenced
this pull request
Oct 24, 2022
codebytere
added a commit
to electron/electron
that referenced
this pull request
Nov 8, 2022
codebytere
added a commit
to electron/electron
that referenced
this pull request
Nov 8, 2022
codebytere
added a commit
to electron/electron
that referenced
this pull request
Nov 10, 2022
* chore: update to Node.js v18 * child_process: improve argument validation nodejs/node#41305 * bootstrap: support configure-time user-land snapshot nodejs/node#42466 * chore: update GN patch * src: disambiguate terms used to refer to builtins and addons nodejs/node#44135 * src: use a typed array internally for process._exiting nodejs/node#43883 * chore: lib/internal/bootstrap -> lib/internal/process * src: disambiguate terms used to refer to builtins and addons nodejs/node#44135 * chore: remove redudant browserGlobals patch * chore: update BoringSSL patch * src: allow embedder-provided PageAllocator in NodePlatform nodejs/node#38362 * chore: fixup Node.js crypto tests - nodejs/node#44171 - nodejs/node#41600 * lib: add Promise methods to avoid-prototype-pollution lint rule nodejs/node#43849 * deps: update V8 to 10.1 nodejs/node#42657 * src: add kNoBrowserGlobals flag for Environment nodejs/node#40532 * chore: consolidate asar initialization patches * deps: update V8 to 10.1 nodejs/node#42657 * deps: update V8 to 9.8 nodejs/node#41610 * src,crypto: remove AllocatedBuffers from crypto_spkac nodejs/node#40752 * build: enable V8's shared read-only heap nodejs/node#42809 * src: fix ssize_t error from nghttp2.h nodejs/node#44393 * chore: fixup ESM patch * chore: fixup patch indices * src: merge NativeModuleEnv into NativeModuleLoader nodejs/node#43824 * [API] Pass OOMDetails to OOMErrorCallback https://chromium-review.googlesource.com/c/v8/v8/+/3647827 * src: iwyu in cleanup_queue.cc * src: return Maybe from a couple of functions nodejs/node#39603 * src: clean up embedder API nodejs/node#35897 * src: refactor DH groups to delete crypto_groups.h nodejs/node#43896 * deps,src: use SIMD for normal base64 encoding nodejs/node#39775 * chore: remove deleted source file * chore: update patches * chore: remove deleted source file * lib: add fetch nodejs/node#41749 * chore: remove nonexistent node specs * test: split report OOM tests nodejs/node#44389 * src: trace fs async api nodejs/node#44057 * http: trace http request / response nodejs/node#44102 * test: split test-crypto-dh.js nodejs/node#40451 * crypto: introduce X509Certificate API nodejs/node#36804 * src: split property helpers from node::Environment nodejs/node#44056 * nodejs/node#38905 bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob * lib,src: implement WebAssembly Web API nodejs/node#42701 * fixup! deps,src: use SIMD for normal base64 encoding * fixup! src: refactor DH groups to delete crypto_groups.h * chore: fixup base64 GN file * fix: check that node::InitializeContext() returns true * chore: delete _noBrowserGlobals usage * chore: disable fetch in renderer procceses * dns: default to verbatim=true in dns.lookup() nodejs/node#39987 Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
khalwa
pushed a commit
to solarwindscloud/electron
that referenced
this pull request
Feb 22, 2023
* chore: update to Node.js v18 * child_process: improve argument validation nodejs/node#41305 * bootstrap: support configure-time user-land snapshot nodejs/node#42466 * chore: update GN patch * src: disambiguate terms used to refer to builtins and addons nodejs/node#44135 * src: use a typed array internally for process._exiting nodejs/node#43883 * chore: lib/internal/bootstrap -> lib/internal/process * src: disambiguate terms used to refer to builtins and addons nodejs/node#44135 * chore: remove redudant browserGlobals patch * chore: update BoringSSL patch * src: allow embedder-provided PageAllocator in NodePlatform nodejs/node#38362 * chore: fixup Node.js crypto tests - nodejs/node#44171 - nodejs/node#41600 * lib: add Promise methods to avoid-prototype-pollution lint rule nodejs/node#43849 * deps: update V8 to 10.1 nodejs/node#42657 * src: add kNoBrowserGlobals flag for Environment nodejs/node#40532 * chore: consolidate asar initialization patches * deps: update V8 to 10.1 nodejs/node#42657 * deps: update V8 to 9.8 nodejs/node#41610 * src,crypto: remove AllocatedBuffers from crypto_spkac nodejs/node#40752 * build: enable V8's shared read-only heap nodejs/node#42809 * src: fix ssize_t error from nghttp2.h nodejs/node#44393 * chore: fixup ESM patch * chore: fixup patch indices * src: merge NativeModuleEnv into NativeModuleLoader nodejs/node#43824 * [API] Pass OOMDetails to OOMErrorCallback https://chromium-review.googlesource.com/c/v8/v8/+/3647827 * src: iwyu in cleanup_queue.cc * src: return Maybe from a couple of functions nodejs/node#39603 * src: clean up embedder API nodejs/node#35897 * src: refactor DH groups to delete crypto_groups.h nodejs/node#43896 * deps,src: use SIMD for normal base64 encoding nodejs/node#39775 * chore: remove deleted source file * chore: update patches * chore: remove deleted source file * lib: add fetch nodejs/node#41749 * chore: remove nonexistent node specs * test: split report OOM tests nodejs/node#44389 * src: trace fs async api nodejs/node#44057 * http: trace http request / response nodejs/node#44102 * test: split test-crypto-dh.js nodejs/node#40451 * crypto: introduce X509Certificate API nodejs/node#36804 * src: split property helpers from node::Environment nodejs/node#44056 * nodejs/node#38905 bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob * lib,src: implement WebAssembly Web API nodejs/node#42701 * fixup! deps,src: use SIMD for normal base64 encoding * fixup! src: refactor DH groups to delete crypto_groups.h * chore: fixup base64 GN file * fix: check that node::InitializeContext() returns true * chore: delete _noBrowserGlobals usage * chore: disable fetch in renderer procceses * dns: default to verbatim=true in dns.lookup() nodejs/node#39987 Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
crypto
Issues and PRs related to the crypto subsystem.
needs-ci
PRs that need a full CI run.
semver-major
PRs that contain breaking changes and should be released in the next major version.
tls
Issues and PRs related to the tls subsystem.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This changes the default behavior of the
X509Certificate
functionscheckHost
andcheckEmail
to match the default behavior of OpenSSL'sX509_check_host
andX509_check_email
functions, respectively, which is also what RFC 2818 mandates for HTTPS.As demonstrated in the modified test case, the new default matches the behavior of
checkServerIdentity
.Refs: #36804
Refs: #41569