Update node Docker tag to v20.5.1
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
node | image | minor |
20.0.0 -> 20.5.1
|
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the logs for more information.
Release Notes
nodejs/node (node)
v20.5.1
: 2023-08-09, Version 20.5.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
- CVE-2023-32002: Policies can be bypassed via Module._load (High)
- CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High)
- CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
- CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
- CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
- CVE-2023-32005: fs.statfs can bypass the permission model (Low)
- CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
- OpenSSL Security Releases
More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.
Commits
- [
92300b51b4
] - deps: update archs files for openssl-3.0.10+quic1 (Node.js GitHub Bot) #49036 - [
559698abf2
] - deps: upgrade openssl sources to quictls/openssl-3.0.10+quic1 (Node.js GitHub Bot) #49036 - [
1bf3429e8e
] - lib,permission: restrict process.binding when pm is enabled (RafaelGSS) nodejs-private/node-private#438 - [
98a83a67e6
] - permission: ensure to resolve path when calling mkdtemp (RafaelGSS) nodejs-private/node-private#464 - [
1f0cde466b
] - permission: handle buffer path on fs calls (RafaelGSS) nodejs-private/node-private#439 - [
bd094d60ea
] - permission: handle fstatfs and add pm supported list (RafaelGSS) nodejs-private/node-private#441 - [
7337d21484
] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#417 - [
cf348ec640
] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#397
v20.5.0
: 2023-07-18, Version 20.5.0 (Current), @juanarbol
Notable Changes
- [
45be29d89f
] - doc: add atlowChemi to collaborators (atlowChemi) #48757 - [
a316808136
] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #48596 - [
986b46a567
] - fs: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) #48658 - [
0ef73ff6f0
] - (SEMVER-MINOR) test_runner: add shards support (Raz Luvaton) #48639
Commits
- [
eb0aba59b8
] - bootstrap: use correct descriptor for Symbol.{dispose,asyncDispose} (Jordan Harband) #48703 - [
e2d0195dcf
] - bootstrap: hide experimental web globals with flag kNoBrowserGlobals (Chengzhong Wu) #48545 - [
67a1018389
] - build: do not pass target toolchain flags to host toolchain (Ivan Trubach) #48597 - [
7d843bb942
] - child_process: use addAbortListener (atlowChemi) #48550 - [
4e08160f8c
] - child_process: supportSymbol.dispose
(Moshe Atlow) #48551 - [
ef7728bf36
] - deps: update nghttp2 to 1.55.1 (Node.js GitHub Bot) #48790 - [
1454f02499
] - deps: update nghttp2 to 1.55.0 (Node.js GitHub Bot) #48746 - [
fa94debf46
] - deps: update minimatch to 9.0.3 (Node.js GitHub Bot) #48704 - [
c73cfcc144
] - deps: update acorn to 8.10.0 (Node.js GitHub Bot) #48713 - [
b7a076a052
] - deps: V8: cherry-pickcb00db4
(Keyhan Vakil) #48671 - [
150e15536b
] - deps: upgrade npm to 9.8.0 (npm team) #48665 - [
c47b2cbd35
] - dgram: socket addasyncDispose
(atlowChemi) #48717 - [
002ce31cca
] - dgram: use addAbortListener (atlowChemi) #48550 - [
45be29d89f
] - doc: add atlowChemi to collaborators (atlowChemi) #48757 - [
69b55d2261
] - doc: fix ambiguity in http.md and https.md (an5er) #48692 - [
caccb051c7
] - doc: clarify transform._transform() callback argument logic (Rafael Sofi-zada) #48680 - [
999ae0c8c3
] - doc: fix copy node executable in Windows (Yoav Vainrich) #48624 - [
7daefaeb44
] - doc: drop <b> of v20 changelog (Rafael Gonzaga) #48649 - [
dd7ea3e1df
] - doc: mention git node release prepare (Rafael Gonzaga) #48644 - [
cc7809df21
] - esm: fix emit deprecation on legacy main resolve (Antoine du Hamel) #48664 - [
67b13d1dba
] - events: fix bug listenerCount don't compare wrapped listener (yuzheng14) #48592 - [
a316808136
] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #48596 - [
986b46a567
] - fs: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) #48658 - [
e4333ac41f
] - http2: use addAbortListener (atlowChemi) #48550 - [
4a0b66e4f9
] - http2: send RST code 8 on AbortController signal (Devraj Mehta) #48573 - [
1295c76fce
] - lib: use addAbortListener (atlowChemi) #48550 - [
dff6c25a36
] - meta: bump actions/checkout from 3.5.2 to 3.5.3 (dependabot[bot]) #48625 - [
b5cb69ceaa
] - meta: bump step-security/harden-runner from 2.4.0 to 2.4.1 (dependabot[bot]) #48626 - [
332e480b46
] - meta: bump ossf/scorecard-action from 2.1.3 to 2.2.0 (dependabot[bot]) #48628 - [
25c5a0aaee
] - meta: bump github/codeql-action from 2.3.6 to 2.20.1 (dependabot[bot]) #48627 - [
6406f50ab1
] - module: add SourceMap.lineLengths (Isaac Z. Schlueter) #48461 - [
cfa69bd48c
] - net: server addasyncDispose
(atlowChemi) #48717 - [
ac11264cc5
] - net: use addAbortListener (atlowChemi) #48550 - [
82d6b13bf6
] - permission: add debug log when inserting fs nodes (Rafael Gonzaga) #48677 - [
f4333b1cdd
] - permission: v8.writeHeapSnapshot and process.report (Rafael Gonzaga) #48564 - [
f691dca6c9
] - readline: use addAbortListener (atlowChemi) #48550 - [
227e6bd898
] - src: pass syscall onfs.readFileSync
fail operation (Yagiz Nizipli) #48815 - [
a9a4b73653
] - src: make BaseObject iteration order deterministic (Joyee Cheung) #48702 - [
d99ea4845a
] - src: remove kEagerCompile for CompileFunction (Keyhan Vakil) #48671 - [
df363d0010
] - src: deduplicate X509 getter implementations (Tobias Nießen) #48563 - [
9cf2e1f55b
] - src,lib: reducing C++ calls of esm legacy main resolve (Vinicius Lourenço) #48325 - [
daeb21dde9
] - stream: fix deadlock when pipeing to full sink (Robert Nagy) #48691 - [
5a382d02d6
] - stream: use addAbortListener (atlowChemi) #48550 - [
6e82077dd4
] - test: deflake test-net-throttle (Luigi Pinca) #48599 - [
d378b2c822
] - test: move test-net-throttle to parallel (Luigi Pinca) #48599 - [
dfa0aee5bf
] - Revert "test: remove test-crypto-keygen flaky designation" (Luigi Pinca) #48652 - [
0ef73ff6f0
] - (SEMVER-MINOR) test_runner: add shards support (Raz Luvaton) #48639 - [
e2442bb7ef
] - timers: support Symbol.dispose (Moshe Atlow) #48633 - [
4398ade426
] - tools: run fetch_deps.py with Python 3 (Richard Lau) #48729 - [
38ce95d054
] - tools: update doc to unist-util-select@5.0.0 unist-util-visit@5.0.0 (Node.js GitHub Bot) #48714 - [
b25e78a998
] - tools: update lint-md-dependencies to rollup@3.26.2 (Node.js GitHub Bot) #48705 - [
a1f4ff7c59
] - tools: update eslint to 8.44.0 (Node.js GitHub Bot) #48632 - [
42dc6eb698
] - tools: update lint-md-dependencies to rollup@3.26.0 (Node.js GitHub Bot) #48631 - [
07bfcc45ab
] - url: fixcanParse
false value when v8 optimizes (Yagiz Nizipli) #48817
v20.4.0
: 2023-07-05, Version 20.4.0 (Current), @RafaelGSS
Notable Changes
Mock Timers
The new feature allows developers to write more reliable and predictable tests for time-dependent functionality.
It includes MockTimers
with the ability to mock setTimeout
, setInterval
from globals
, node:timers
, and node:timers/promises
.
The feature provides a simple API to advance time, enable specific timers, and release all timers.
import assert from 'node:assert';
import { test } from 'node:test';
test('mocks setTimeout to be executed synchronously without having to actually wait for it', (context) => {
const fn = context.mock.fn();
// Optionally choose what to mock
context.mock.timers.enable(['setTimeout']);
const nineSecs = 9000;
setTimeout(fn, nineSecs);
const threeSeconds = 3000;
context.mock.timers.tick(threeSeconds);
context.mock.timers.tick(threeSeconds);
context.mock.timers.tick(threeSeconds);
assert.strictEqual(fn.mock.callCount(), 1);
});
This feature was contributed by Erick Wendel in #47775.
Support to the explicit resource management proposal
Node is adding support to the explicit resource management
proposal to its resources allowing users of TypeScript/babel to use using
/await using
with
V8 support for everyone else on the way.
This feature was contributed by Moshe Atlow and Benjamin Gruenbaum in #48518.
Other notable changes
- [
fe333d2584
] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #48416 - [
60c2ea4e79
] - doc: add vmoroz to collaborators (Vladimir Morozov) #48527 - [
5cacdf9e6b
] - doc: add kvakil to collaborators (Keyhan Vakil) #48449 - [
504d1d7bdc
] - (SEMVER-MINOR) tls: add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) #45190
Commits
- [
8a611a387f
] - benchmark: add bar.R (Rafael Gonzaga) #47729 - [
12fa716cf9
] - benchmark: refactor crypto oneshot (Filip Skokan) #48267 - [
d6ecbde592
] - benchmark: add crypto.create*Key (Filip Skokan) #48284 - [
e60b6dedd8
] - bootstrap: unify snapshot builder and embedder entry points (Joyee Cheung) #48242 - [
40662957b1
] - bootstrap: simplify initialization of source map handlers (Joyee Cheung) #48304 - [
6551538079
] - build: fixconfigure --link-module
(Richard Lau) #48522 - [
f7f32089e7
] - build: sync libuv header change (Jiawen Geng) #48429 - [
f60205c915
] - build: update action to close stale MRs (Michael Dawson) #48196 - [
4f4d0b802e
] - child_process: improve spawn performance on Linux (Keyhan Vakil) #48523 - [
fe333d2584
] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #48416 - [
89aaf16237
] - crypto: remove OPENSSL_FIPS guard for OpenSSL 3 (Richard Lau) #48392 - [
6199e1946c
] - deps: upgrade to libuv 1.46.0 (Santiago Gimeno) #48618 - [
1b2b930fda
] - deps: add loong64 config into openssl gypi (Shi Pujin) #48043 - [
ba8d048929
] - deps: update acorn to 8.9.0 (Node.js GitHub Bot) #48484 - [
d96f921d06
] - deps: update zlib to 1.2.13.1-motley-f81f385 (Node.js GitHub Bot) #48541 - [
ed1d047e8f
] - deps: update googletest toec4fed9
(Node.js GitHub Bot) #48538 - [
f43d718c67
] - deps: update minimatch to 9.0.2 (Node.js GitHub Bot) #48542 - [
2f66147cbf
] - deps: update corepack to 0.19.0 (Node.js GitHub Bot) #48540 - [
d91b0fde73
] - deps: V8: cherry-pick1a782f6
(Keyhan Vakil) #48523 - [
112335e342
] - deps: update corepack to 0.18.1 (Node.js GitHub Bot) #48483 - [
2b141c413f
] - deps: update icu to 73.2 (Node.js GitHub Bot) #48502 - [
188b34d4a1
] - deps: upgrade npm to 9.7.2 (npm team) #48514 - [
bf0444b5d9
] - deps: update zlib to 1.2.13.1-motley-3ca9f16 (Node.js GitHub Bot) #48413 - [
b339d80a56
] - deps: upgrade npm to 9.7.1 (npm team) #48378 - [
4132931b87
] - deps: update simdutf to 3.2.14 (Node.js GitHub Bot) #48344 - [
8cd56c1e85
] - deps: update ada to 2.5.1 (Node.js GitHub Bot) #48319 - [
78cffcd645
] - deps: update zlib to982b036
(Node.js GitHub Bot) #48327 - [
6d00c2e33b
] - doc: fix options order (Luigi Pinca) #48617 - [
7ad2d3a5d1
] - doc: update security release stewards (Rafael Gonzaga) #48569 - [
cc3a056fdd
] - doc: update return type for describe (Shrujal Shah) #48572 - [
99ae0b98af
] - doc: run license-builder (github-actions[bot]) #48552 - [
9750d8205c
] - doc: add description of autoAllocateChunkSize in ReadableStream (Debadree Chatterjee) #48004 - [
417927bb41
] - doc: fixfilename
type inwatch
result (Dmitry Semigradsky) #48032 - [
ca2ae86bd7
] - doc: unnestmime
andMIMEParams
from MIMEType constructor (Dmitry Semigradsky) #47950 - [
bda1228135
] - doc: update security-release-process.md (Rafael Gonzaga) #48504 - [
60c2ea4e79
] - doc: add vmoroz to collaborators (Vladimir Morozov) #48527 - [
37bc0eac4a
] - doc: improve inspector.close() description (mary marchini) #48494 - [
2a403cdad5
] - doc: link to Runtime Keys in export conditions (Jacob Hummer) #48408 - [
e2d579e644
] - doc: update fs flags documentation (sinkhaha) #48463 - [
38bf290115
] - doc: reviseerror.md
introduction (Antoine du Hamel) #48423 - [
641a2e9c6d
] - doc: add preveen-stack to triagers (Preveen P) #48387 - [
4ab5e8d2e3
] - doc: refine when file is undefined in test events (Moshe Atlow) #48451 - [
5cacdf9e6b
] - doc: add kvakil to collaborators (Keyhan Vakil) #48449 - [
b9c643e3ef
] - doc: add additional info on TSFN dispatch (Michael Dawson) #48367 - [
17a0e1d1bf
] - doc: add link for news from security wg (Michael Dawson) #48396 - [
3a62994a4f
] - doc: fix typo in events.md (Darshan Sen) #48436 - [
e10a4cdf68
] - doc: run license-builder (github-actions[bot]) #48336 - [
19fde638fd
] - fs: call the callback with an error if writeSync fails (killa) #47949 - [
4cad9fd8bd
] - fs: remove unneeded return statement (Luigi Pinca) #48526 - [
d367b73f43
] - fs: use kResistStopPropagation (Chemi Atlow) #48521 - [
e50c3169af
] - fs, stream: initialSymbol.dispose
andSymbol.asyncDispose
support (Moshe Atlow) #48518 - [
7d8a0b6eb7
] - http: null the joinDuplicateHeaders property on cleanup (Luigi Pinca) #48608 - [
94ebb02f59
] - http: server add async dispose (atlowChemi) #48548 - [
c6a69e31a3
] - http: remove useless ternary in test (geekreal) #48481 - [
2f0f40328f
] - http: fix for handling on boot timers headers and request (Franciszek Koltuniuk) #48291 - [
5378ad8ab1
] - http2: server addasyncDispose
(atlowChemi) #48548 - [
97a58c5970
] - https: server addasyncDispose
(atlowChemi) #48548 - [
40ae6eb6aa
] - https: fix connection checking interval not clearing on server close (Nitzan Uziely) #48383 - [
15530fea4c
] - lib: merge cjs and esm package json reader caches (Yagiz Nizipli) #48477 - [
32bda81c31
] - lib: reduce url getters onmakeRequireFunction
(Yagiz Nizipli) #48492 - [
0da03f01ba
] - lib: remove duplicated requires in check_syntax (Yagiz Nizipli) #48508 - [
97b00c347d
] - lib: add option to force handling stopped events (Chemi Atlow) #48301 - [
fe16749649
] - lib: fix output message when repl is used with pm (Rafael Gonzaga) #48438 - [
8c2c02d28a
] - lib: create weakRef only if any signals provided (Chemi Atlow) #48448 - [
b6ae411ea9
] - lib: remove obsolete deletion of bufferBinding.zeroFill (Chengzhong Wu) #47881 - [
562b3d4856
] - lib: move web global bootstrapping to the expected file (Chengzhong Wu) #47881 - [
f9c0d5acac
] - lib: fix blob.stream() causing hanging promises (Debadree Chatterjee) #48232 - [
0162a0f5bf
] - lib: add support for inherited custom inspection methods (Antoine du Hamel) #48306 - [
159ab6627a
] - lib: reduce URL invocations on http2 origins (Yagiz Nizipli) #48338 - [
f0709fdc59
] - module: add SourceMap.findOrigin (Isaac Z. Schlueter) #47790 - [
4ec2d925b1
] - module: reduce url invocations in esm/load.js (Yagiz Nizipli) #48337 - [
2c363971cc
] - net: improve network family autoselection handle handling (Paolo Insogna) #48464 - [
dbf9e9ffc8
] - node-api: provide napi_define_properties fast path (Gabriel Schulhof) #48440 - [
87ad657777
] - node-api: implement external strings (Gabriel Schulhof) #48339 - [
4efa6807ea
] - permission: handle end nodes with children cases (Rafael Gonzaga) #48531 - [
84fe811108
] - repl: display dynamic import variant in static import error messages (Hemanth HM) #48129 - [
bdcc037470
] - report: disable js stack when no context is entered (Chengzhong Wu) #48495 - [
97bd9ccd04
] - src: fix uninitialized field access in AsyncHooks (Jan Olaf Krems) #48566 - [
404958fc96
] - src: fix Coverity issue regarding unnecessary copy (Yagiz Nizipli) #48565 - [
c4b8edea24
] - src: refactorSplitString
in util (Yagiz Nizipli) #48491 - [
5bc13a4772
] - src: revert IS_RELEASE (Rafael Gonzaga) #48505 - [
4971e46051
] - src: add V8 fast api toguessHandleType
(Yagiz Nizipli) #48349 - [
954e46e792
] - src: return uint32 forguessHandleType
(Yagiz Nizipli) #48349 - [
05009675da
] - src: make realm binding data store weak (Chengzhong Wu) #47688 - [
120ac74352
] - src: remove aliased buffer weak callback (Chengzhong Wu) #47688 - [
6591826e99
] - src: handle wasm out of bound in osx will raise SIGBUS correctly (Congcong Cai) #46561 - [
1b84ddeec2
] - src: implement constants binding directly (Joyee Cheung) #48186 - [
06d49c1f10
] - src: implement natives binding without special casing (Joyee Cheung) #48186 - [
325441abf5
] - src: add missing to_ascii method in dns queries (Daniel Lemire) #48354 - [
84d0eb74b8
] - stream: fix premature pipeline end (Robert Nagy) #48435 - [
3df7368735
] - test: add missing assertions to test-runner-cli (Moshe Atlow) #48593 - [
07eb310b0d
] - test: remove test-crypto-keygen flaky designation (Luigi Pinca) #48575 - [
75aa0a7682
] - test: remove test-timers-immediate-queue flaky designation (Luigi Pinca) #48575 - [
a9756f3126
] - test: add Symbol.dispose support to mock timers (Benjamin Gruenbaum) #48549 - [
0f912a7248
] - test: mark test-child-process-stdio-reuse-readable-stdio flaky (Luigi Pinca) #48537 - [
30f4bc4985
] - test: make IsolateData per-isolate in cctest (Joyee Cheung) #48450 - [
407ce3fdcb
] - test: define NAPI_VERSION before including node_api.h (Chengzhong Wu) #48376 - [
24a8fa95f0
] - test: remove unnecessary noop function args tomustNotCall()
(Antoine du Hamel) #48513 - [
09af579775
] - test: skip test-runner-watch-mode on IBMi (Moshe Atlow) #48473 - [
77cb1ee0b2
] - test: add missing <algorithm> include for std::find (Sam James) #48380 - [
7c790ca03c
] - test: fix flaky test-watch-mode (Moshe Atlow) #48147 - [
1398829746
] - test: fixtest-net-autoselectfamily
for kernel without IPv6 support (Livia Medeiros) #48265 - [
764119ba4b
] - test: update url web-platform tests (Yagiz Nizipli) #48319 - [
f1ead59629
] - test: ignore the copied entry_point.c (Luigi Pinca) #48297 - [
fc5d1bddcb
] - test: refactor test-gc-http-client-timeout (Luigi Pinca) #48292 - [
46a3d068a0
] - test: update encoding web-platform tests (Yagiz Nizipli) #48320 - [
141e5aad83
] - test: update FileAPI web-platform tests (Yagiz Nizipli) #48322 - [
83cfc67099
] - test: update user-timing web-platform tests (Yagiz Nizipli) #48321 - [
2c56835a33
] - test_runner: fixedtest
shorthands return type (Shocker) #48555 - [
7d01c8894a
] - (SEMVER-MINOR) test_runner: add initial draft for fakeTimers (Erick Wendel) #47775 - [
de4f14c249
] - test_runner: add enqueue and dequeue events (Moshe Atlow) #48428 - [
5ebe3a4ea7
] - test_runner: make--test-name-pattern
recursive (Moshe Atlow) #48382 - [
93bf447308
] - test_runner: refactor coverage report output for readability (Damien Seguin) #47791 - [
504d1d7bdc
] - (SEMVER-MINOR) tls: add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) #45190 - [
203c3cf4ca
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #48544 - [
333907b19d
] - tools: speedup compilation of js2c output (Keyhan Vakil) #48160 - [
10bd5f4d97
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #48486 - [
52de27b9fe
] - tools: pin ruff version number (Rich Trott) #48505 - [
4345526644
] - tools: replace sed with perl (Luigi Pinca) #48499 - [
6c590835f3
] - tools: automate update openssl v16 (Marco Ippolito) #48377 - [
90b5335338
] - tools: update eslint to 8.43.0 (Node.js GitHub Bot) #48487 - [
cd83530a11
] - tools: update doc to to-vfile@8.0.0 (Node.js GitHub Bot) #48485 - [
e500b439bd
] - tools: prepare tools/doc for to-vfile 8.0.0 (Rich Trott) #48485 - [
d623616813
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #48417 - [
a2e107dde4
] - tools: update create-or-update-pull-request-action (Richard Lau) #48398 - [
8009e2c3be
] - tools: update eslint-plugin-jsdoc (Richard Lau) #48393 - [
10385c8565
] - tools: add version update to external dependencies (Andrea Fassina) #48081 - [
b1cef81b18
] - tools: update eslint to 8.42.0 (Node.js GitHub Bot) #48328 - [
0923dc0b8e
] - tools: disable jsdoc/no-defaults rule (Luigi Pinca) #48328 - [
b03146da85
] - typings: remove unused primordials (Yagiz Nizipli) #48509 - [
e9c9d187b9
] - typings: fix JSDoc in ESM loader modules (Antoine du Hamel) #48424 - [
fafe651d23
] - url: conform to origin getter spec changes (Yagiz Nizipli) #48319
v20.3.1
: 2023-06-20, Version 20.3.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
-
CVE-2023-30581:
mainModule.__proto__
Bypass Experimental Policy Mechanism (High) - CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
- CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
- CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
- CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
- CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
- OpenSSL Security Releases
More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.
Commits
- [
dac08dafc9
] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen) nodejs-private/node-private#393 - [
d274c3babc
] - crypto,https,tls: disable engines if perms enabled (Tobias Nießen) nodejs-private/node-private#409 - [
5621c1de38
] - deps: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
771caa9f1c
] - deps: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
0459bf9c99
] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426 - [
27e20501aa
] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#427 - [
9c17e335f1
] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408 - [
b51124c637
] - permission: handle fs path traversal (RafaelGSS) nodejs-private/node-private#403 - [
ebc5927adc
] - permission: handle fs.openAsBlob (RafaelGSS) nodejs-private/node-private#405 - [
c39a43bff5
] - permission: handle fs.watchFile (RafaelGSS) nodejs-private/node-private#404 - [
d0a8264ec9
] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416 - [
3df13d5a79
] - src,permission: restrict inspector when pm enabled (RafaelGSS) nodejs-private/node-private#410
v20.3.0
: 2023-06-08, Version 20.3.0 (Current), @targos
Notable Changes
- [
bfcb3d1d9a
] - deps: upgrade to libuv 1.45.0, including significant performance improvements to file system operations on Linux (Santiago Gimeno) #48078 - [
5094d1b292
] - doc: add Ruy Adorno to list of TSC members (Michael Dawson) #48172 - [
2f5dbca690
] - doc: mark Node.js 14 as End-of-Life (Richard Lau) #48023 - [
b1828b325e
] - (SEMVER-MINOR) lib: implementAbortSignal.any()
(Chemi Atlow) #47821 - [
f380953103
] - module: change default resolver to not throw on unknown scheme (Gil Tayar) #47824 - [
a94f87ed99
] - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) #48151 - [
9e2b13dfa7
] - stream: deprecateasIndexedPairs
(Chemi Atlow) #48102
Commits
- [
35c96156d1
] - benchmark: usecluster.isPrimary
instead ofcluster.isMaster
(Deokjin Kim) #48002 - [
3e6e3abf32
] - bootstrap: throw ERR_NOT_SUPPORTED_IN_SNAPSHOT in unsupported operation (Joyee Cheung) #47887 - [
c480559347
] - bootstrap: put is_building_snapshot state in IsolateData (Joyee Cheung) #47887 - [
50c0a15535
] - build: set v8_enable_webassembly=false when lite mode is enabled (Cheng Shao) #48248 - [
4562805cf6
] - build: speed up compilation of mksnapshot output (Keyhan Vakil) #48162 - [
8b89f13933
] - build: add action to close stale MRs (Michael Dawson) #48051 - [
5d92202220
] - build: replace js2c.py with js2c.cc (Joyee Cheung) #46997 - [
6cf2adc36e
] - cluster: use ObjectPrototypeHasOwnProperty (Daeyeon Jeong) #48141 - [
f564b03c38
] - crypto: use openssl's own memory BIOs in crypto_context.cc (GauriSpears) #47160 - [
ac8dd61fc3
] - crypto: remove default encoding from cipher (Tobias Nießen) #47998 - [
15c2de4407
] - crypto: fix setEngine() when OPENSSL_NO_ENGINE set (Tobias Nießen) #47977 - [
9e2dd5b5e2
] - deps: update zlib to337322d
(Node.js GitHub Bot) #48218 - [
bfcb3d1d9a
] - deps: upgrade to libuv 1.45.0 (Santiago Gimeno) #48078 - [
13930f092f
] - deps: update ada to 2.5.0 (Node.js GitHub Bot) #48223 - [
3047caebec
] - deps: setCARES_RANDOM_FILE
for c-ares (Richard Lau) #48156 - [
0db79a0872
] - deps: update histogram 0.11.8 (Marco Ippolito) #47742 - [
99af6716f5
] - deps: update histogram to 0.11.7 (Marco Ippolito) #47742 - [
d4922bc985
] - deps: update c-ares to 1.19.1 (Node.js GitHub Bot) #48115 - [
f6ccdb289f
] - deps: update simdutf to 3.2.12 (Node.js GitHub Bot) #48118 - [
3ed0afc778
] - deps: update minimatch to 9.0.1 (Node.js GitHub Bot) #48094 - [
df7540fb73
] - deps: update ada to 2.4.2 (Node.js GitHub Bot) #48092 - [
07df5c48e8
] - deps: update corepack to 0.18.0 (Node.js GitHub Bot) #48091 - [
d95a5bb559
] - deps: update uvwasi to 0.0.18 (Node.js GitHub Bot) #47866 - [
443477e041
] - deps: update uvwasi to 0.0.17 (Node.js GitHub Bot) #47866 - [
03f67d6d6d
] - deps: upgrade npm to 9.6.7 (npm team) #48062 - [
d3e3a911fd
] - deps: update nghttp2 to 1.53.0 (Node.js GitHub Bot) #47997 - [
f7c4daaf67
] - deps: update ada to 2.4.1 (Node.js GitHub Bot) #48036 - [
c6a752560d
] - deps: add loongarch64 into openssl Makefile and gen openssl-loongarch64 (Shi Pujin) #46401 - [
d194241716
] - deps: update undici to 5.22.1 (Node.js GitHub Bot) #47994 - [
02e919f4a2
] - deps,test: update postject to 1.0.0-alpha.6 (Node.js GitHub Bot) #48072 - [
2c19f596ad
] - doc: clarify array args to Buffer.from() (Bryan English) #48274 - [
d681e5f456
] - doc: document watch option for node:test run() (Moshe Atlow) #48256 - [
96e54ddbca
] - doc: reserve 117 for Electron 26 (Calvin) #48245 - [
9aff8c7818
] - doc: update documentation for FIPS support (Richard Lau) #48194 - [
8c5338648f
] - doc: improve the documentation of the stdio option (Kumar Arnav) #48110 - [
11918d705f
] - doc: update Buffer.allocUnsafe description (sinkhaha) #48183 - [
2b51ee5e22
] - doc: update codeowners with website team (Claudio Wunder) #48197 - [
360df25d04
] - doc: fix broken link to new folder doc/contributing/maintaining (Andrea Fassina) #48205 - [
13e95e21a4
] - doc: add atlowChemi to triagers (Chemi Atlow) #48104 - [
5f83ce530f
] - doc: fix typo in readline completer function section (Vadym) #48188 - [
3c82165d27
] - doc: remove broken link for keygen (Rich Trott) #48176 - [
0ca90a1e6d
] - doc: addauto
intrinsic height to prevent jitter/flicker (Daniel Holbert) #48195 - [
f117855092
] - doc: add version info on the SEA docs (Antoine du Hamel) #48173 - [
5094d1b292
] - doc: add Ruy to list of TSC members (Michael Dawson) #48172 - [
39d8140227
] - doc: update socket.remote* properties documentation (Saba Kharanauli) #48139 - [
5497c13efe
] - doc: update outdated section on TLSv1.3-PSK (Tobias Nießen) #48123 - [
281dfaf727
] - doc: improve HMAC key recommendations (Tobias Nießen) #48121 - [
bd311b6c70
] - doc: clarify mkdir() recursive behavior (Stephen Odogwu) #48109 - [
5b061c8922
] - doc: fix typo in crypto legacy streams API section (Tobias Nießen) #48122 - [
10ccb2bd81
] - doc: update SEA source link (Rich Trott) #48080 - [
415bf7f532
] - doc: clarify tty.isRaw (Roberto Vidal) #48055 - [
0ac4b33c76
] - doc: correct line break for Windows terminals (Alex Schwartz) #48083 - [
f30ba5c320
] - doc: fix Windows code snippet tags (Antoine du Hamel) #48100 - [
12fef9b68c
] - doc: harmonize fenced code snippet flags (Antoine du Hamel) #48082 - [
13f163eace
] - doc: use secure key length for HMAC generateKey (Tobias Nießen) #48052 - [
1e3e7c9f33
] - doc: update broken EVP_BytesToKey link (Rich Trott) #48064 - [
5917ba1838
] - doc: update broken spkac link (Rich Trott) #48063 - [
0e4a3b7db1
] - doc: document node-api version process (Chengzhong Wu) #47972 - [
85bbaa94ea
] - doc: update process.versions properties (Saba Kharanauli) #48019 - [
7660eb591a
] - doc: fix typo in binding functions (Deokjin Kim) #48003 - [
2f5dbca690
] - doc: mark Node.js 14 as End-of-Life (Richard Lau) #48023 - [
3b94a739f2
] - doc: clarify CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED (Tobias Nießen) #47976 - [
9e381cfa89
] - doc: add heading for permission model limitations (Tobias Nießen) #47989 - [
802db923e0
] - doc,vm: clarify usage of cachedData in vm.compileFunction() (Darshan Sen) #48193 - [
11a3434810
] - esm: remove support for arrays inimport
internal method (Antoine du Hamel) #48296 - [
3b00f3afef
] - esm: handleglobalPreload
hook returning a nullish value (Antoine du Hamel) #48249 - [
3c7846d7e1
] - esm: handle more error types thrown from the loader thread (Antoine du Hamel) #48247 - [
60ce2bcabc
] - http: send implicit headers on HEAD with no body (Matteo Collina) #48108 - [
72de4e7170
] - lib: do not disable linter for entire files (Antoine du Hamel) #48299 - [
10cc60fc91
] - lib: use existingisWindows
variable (sinkhaha) #48134 - [
a90010aae9
] - lib: support FORCE_COLOR for non TTY streams (Moshe Atlow) #48034 - [
b1828b325e
] - (SEMVER-MINOR) lib: implement AbortSignal.any() (Chemi Atlow) #47821 - [
8f1b86961f
] - meta: bump github/codeql-action from 2.3.3 to 2.3.6 (dependabot[bot]) #48287 - [
1b87ccdf70
] - meta: bump actions/setup-python from 4.6.0 to 4.6.1 (dependabot[bot]) #48286 - [
10715aea26
] - meta: bump codecov/codecov-action from 3.1.3 to 3.1.4 (dependabot[bot]) #48285 - [
79f73778ab
] - meta: remove dont-land-on-v14 auto labeling (Shrujal Shah) #48031 - [
9c5711f3ea
] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #48010 - [
6d6bf3ee52
] - module: reduce the number of URL initializations (Yagiz Nizipli) #48272 - [
f380953103
] - module: change default resolver to not throw on unknown scheme (Gil Tayar) #47824 - [
950185b0c0
] - net: fix address iteration with autoSelectFamily (Fedor Indutny) #48258 - [
5ddca72e62
] - net: fix family autoselection SSL connection handling (Paolo Insogna) #48189 - [
750e53ca3c
] - net: fix family autoselection timeout handling (Paolo Insogna) #47860 - [
a94f87ed99
] - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) #48151 - [
e834979818
] - node-api: add status napi_cannot_run_js (Gabriel Schulhof) #47986 - [
eafe0c3ec6
] - node-api: napi_ref on all types is experimental (Vladimir Morozov) #47975 - [
9a034746f5
] - src: add Realm document in the src README.md (Chengzhong Wu) #47932 - [
b8f4070f71
] - src: check node_extra_ca_certs after openssl cfg (Raghu Saxena) #48159 - [
0347a18056
] - src: include missing header in node_sea.h (Joyee Cheung) #48152 - [
45c3782c20
] - src: remove INT_MAX asserts in SecretKeyGenTraits (Tobias Nießen) #48053 - [
b25e7045ad
] - src: avoid prototype access in binding templates (Joyee Cheung) #47913 - [
33aa373eec
] - src: use Blob{Des|S}erializer for SEA blobs (Joyee Cheung) #47962 - [
9e2b13dfa7
] - stream: deprecate asIndexedPairs (Chemi Atlow) #48102 - [
96c323dee2
] - test: mark test-child-process-pipe-dataflow as flaky (Moshe Atlow) #48334 - [
9875885357
] - test: adapt tests for OpenSSL 3.1 (OttoHollmann) #47859 - [
3440d7c6bf
] - test: unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) #48078 - [
215b2bc72c
] - test: fix zlib version regex (Luigi Pinca) #48227 - [
e12ee59d26
] - test: use lower security level in s_client (Luigi Pinca) #48192 - [
1dabc7390c
] - Revert "test: unskip negative-settimeout.any.js WPT" (Filip Skokan) #48182 - [
c1c4796a86
] - test: mark test_cannot_run_js as flaky (Keyhan Vakil) #48181 - [
8c49d74002
] - test: fix flaky test-runner-watch-mode (Moshe Atlow) #48144 - [
6388766862
] - test: skip test-http-pipeline-flood on IBM i (Abdirahim Musse) #48048 - [
8d2a3b1952
] - test: ignore helper files in WPTs (Filip Skokan) #48079 - [
7a96d825fd
] - test: movetest-cluster-primary-error
flaky test (Yagiz Nizipli) #48039 - [
a80dd3a8b3
] - test: fix suite signal (Benjamin Gruenbaum) #47800 - [
a41cfd183f
] - test: fix parsing test flags (Daeyeon Jeong) #48012 - [
4d4e506f2b
] - test,doc,sea: run SEA tests on ppc64 (Darshan Sen) #48111 - [
44411fc40c
] - test_runner: applyrunOnly
on suites (Moshe Atlow) #48279 - [
3f259b7a30
] - test_runner: emittest:watch:drained
event (Moshe Atlow) #48259 - [
c9f8e8c562
] - test_runner: stop watch mode when abortSignal aborted (Moshe Atlow) #48259 - [
f3268d64cb
] - test_runner: fix global after hook (Moshe Atlow) #48231 - [
15336c3139
] - test_runner: remove redundant check from coverage (Colin Ihrig) #48070 - [
750d3e8606
] - test_runner: pass FORCE_COLOR to child process (Moshe Atlow) #48057 - [
3278542243
] - test_runner: dont split lines ontest:stdout
(Moshe Atlow) #48057 - [
027c531766
] - test_runner: fix test deserialize edge cases (Moshe Atlow) #48106 - [
2b797a6d39
] - test_runner: delegate stderr and stdout formatting to reporter (Shiba) #48045 - [
23d310bee8
] - test_runner: display dot report as wide as the terminal width (Raz Luvaton) #48038 - [
fd2620dcf1
] - tls: reapply servername on happy eyeballs connect (Fedor Indutny) #48255 - [
62f847d0b3
] - tools: update rollup lint-md-dependencies (Node.js GitHub Bot) #48329 - [
3e97826a66
] - Revert "tools: open issue when update workflow fails" (Marco Ippolito) #48312 - [
5f08bfe35f
] - tools: don't gitignore base64 config.h (Ben Noordhuis) #48174 - [
ded0e2d755
] - tools: update LICENSE and license-builder.sh (Santiago Gimeno) #48078 - [
07aa264366
] - tools: automate histogram update (Marco Ippolito) #48171 - [
1416b75eaa
] - tools: use shasum instead of sha256sum (Luigi Pinca) #48229 - [
b81e9d9b7b
] - tools: harmonizedep_updaters
scripts (Antoine du Hamel) #48201 - [
a60bc41e53
] - tools: deps update authenticate github api request (Andrea Fassina) #48200 - [
7478ed014e
] - tools: order dependency jobs alphabetically (Luca) #48184 - [
568a705799
] - tools: refactor v8_pch config (Michaël Zasso) #47364 - [
801573ba46
] - tools: log and verify sha256sum (Andrea Fassina) #48088 - [
db62325e18
] - tools: open issue when update workflow fails (Marco Ippolito) #48018 - [
ad8a68856d
] - tools: alphabetize CODEOWNERS (Rich Trott) #48124 - [
4cf5a9edaf
] - tools: use latest upstream commit for zlib updates (Andrea Fassina) #48054 - [
8d93af381b
] - tools: add security-wg as dep updaters owner (Marco Ippolito) #48113 - [
5325be1d99
] - tools: port js2c.py to C++ (Joyee Cheung) #46997 - [
6c60d90277
] - tools: fix race condition when npm installing (Tobias Nießen) #48101 - [
0ab840a58f
] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #48098 - [
a298193378
] - tools: update cpplint to 1.6.1 (Yagiz Nizipli) #48098 - [
f6725751b7
] - tools: update eslint to 8.41.0 (Node.js GitHub Bot) #48097 - [
6539361f4e
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #48096 - [
5d94dbb951
] - tools: update doc to remark-parse@10.0.2 (Node.js GitHub Bot) #48095 - [
2226088048
] - tools: add debug logs (Marco Ippolito) #48060 - [
0c8c383583
] - tools: fix zconf.h path (Luigi Pinca) #48089 - [
6adaf4c648
] - tools: update remark-preset-lint-node to 4.0.0 (Node.js GitHub Bot) #47995 - [
92b3334231
] - url: clean vertical alignment of docs (Robin Ury) #48037 - [
ebb6536775
] - url: callada::can_parse
directly (Yagiz Nizipli) #47919 - [
ed4514294a
] - vm: properly handle defining symbol props (Nicolas DUBIEN) #47572
v20.2.0
: 2023-05-16, Version 20.2.0 (Current), @targos
Notable Changes
- [
c092df9094
] - doc: add ovflowd to collaborators (Claudio Wunder) #47844 - [
4197a9a5a0
] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #47732 - [
c4596b9ce7
] - (SEMVER-MINOR) sea: add option to disable the experimental SEA warning (Darshan Sen) #47588 - [
17befe008c
] - (SEMVER-MINOR) test_runner: addskip
,todo
, andonly
shorthands totest
(Chemi Atlow) #47909 - [
a0634d7f89
] - (SEMVER-MINOR) url: add value argument toURLSearchParams
has
anddelete
methods (Sankalp Shubham) #47885
Commits
- [
456fca0d9c
] - bootstrap: initialize per-isolate properties of bindings separately (Joyee Cheung) #47768 - [
d6d12bf978
] - bootstrap: log isolate data info in mksnapshot debug logs (Joyee Cheung) #47768 - [
e457d89a1b
] - buffer: combine checking range of sourceStart inbuf.copy
(Deokjin Kim) #47758 - [
00668fcfb4
] - child_process: use signal.reason in child process abort (Debadree Chatterjee) #47817 - [
d7993474ea
] - crypto: remove default encoding from scrypt (Tobias Nießen) #47943 - [
09fb74a7cc
] - crypto: fix webcrypto private/secret import with empty usages (Filip Skokan) #47877 - [
e9c6ee74f3
] - crypto: remove default encoding from pbkdf2 (Tobias Nießen) #47869 - [
b7f13a8679
] - deps: update simdutf to 3.2.9 (Node.js GitHub Bot) #47983 - [
b16f6da153
] - deps: V8: cherry-pick5f025d1
(Michaël Zasso) #47610 - [
99f8fcab45
] - deps: V8: cherry-picka8a11a8
(Michaël Zasso) #47610 - [
c2b14b4c78
] - deps: update ada to 2.4.0 (Node.js GitHub Bot) #47922 - [
cad42e7a56
] - deps: V8: cherry-pick1b471b7
(Lu Yahan) #47399 - [
7b2f17ca59
] - deps: upgrade npm to 9.6.6 (npm team) #47862 - [
d23b1af562
] - deps: update ada to 2.3.1 (Node.js GitHub Bot) #47893 - [
72340c98fb
] - dgram: convert macro to template (Tobias Nießen) #47891 - [
9be922892f
] - dns: callada::idna::to_ascii
directly from c++ (Yagiz Nizipli) #47920 - [
4a1e97156a
] - doc: add missing deprecated blocks to cluster (Tobias Nießen) #47981 - [
13118a19ee
] - doc: update description of global (Tobias Nießen) #47969 - [
372796440b
] - doc: update measure memory rejection information (Yash Ladha) #41639 - [
7ecc6740e4
] - doc: fix broken link to TC39 import attributes proposal (Rich Trott) #47954 - [
b9771c95c7
] - doc: fix broken link (Rich Trott) #47953 - [
6f5ba92e61
] - doc: remove broken link (Rich Trott) #47942 - [
c9ffc555f1
] - doc: document make lint-md-clean (Matteo Collina) #47926 - [
7ed99e8ba5
] - doc: mark global object as legacy (Mert Can Altın) #47819 - [
bf39f2d252
] - doc: ntfs junction points must link to directories (Ben Noordhuis) #47907 - [
4dfc3890d8
] - doc: improvepermission.has
description (Daeyeon Jeong) #47875 - [
93f1aa2856
] - doc: fix params names (Dmitry Semigradsky) #47853 - [
9a362aa2fb
] - doc: update supported version of FreeBSD to 12.4 (Michaël Zasso) #47838 - [
89c70dc6e6
] - doc: add stability experimental to pm (Rafael Gonzaga) #47890 - [
f96fb2eee7
] - doc: swap Matteo with Rafael in the stewards (Rafael Gonzaga) #47841 - [
1666a146e3
] - doc: add valgrind suppression details (Kevin Eady) #47760 - [
e53e8231ff
] - doc: replace EOL versions in README (Tobias Nießen) #47833 - [
c092df9094
] - doc: add ovflowd to collaborators (Claudio Wunder) #47844 - [
f7106765b3
] - doc: update BUILDING.md previous versions links (Tobias Nießen) #47835 - [
811b43c215
] - doc,test: update the v8.startupSnapshot doc and test the example (Joyee Cheung) #47468 - [
1ec640ac70
] - esm: do not use'beforeExit'
on the main thread (Antoine du Hamel) #47964 - [
106dc612d6
] - fs: make readdir recursive algorithm iterative (Ethan Arrowood) #47650 - [
a0da2348a8
] - fs: move fs_use_promises_symbol to per-isolate symbols (Joyee Cheung) #47768 - [
4197a9a5a0
] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #47732 - [
a4d6543598
] - http2: improve nghttp2 error callback (Tobias Nießen) #47840 - [
a4fed6c580
] - lib: update comment (sinkhaha) #47884 - [
fd8bec7b2b
] - meta: bump step-security/harden-runner from 2.3.1 to 2.4.0 (Rich Trott) #47980 - [
f5b4b6d5dc
] - meta: bump github/codeql-action from 2.3.2 to 2.3.3 (Rich Trott) #47979 - [
c05c0a2359
] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (Rich Trott) #47968 - [
2a3d6d97cb
] - meta: add security-wg ping to permission.js (Rafael Gonzaga) #47941 - [
6c158e8dd1
] - meta: bump step-security/harden-runner from 2.2.1 to 2.3.1 (dependabot[bot]) #47808 - [
f7a8094d37
] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (dependabot[bot]) #47806 - [
0f58e48792
] - meta: bump actions/checkout from 3.3.0 to 3.5.2 (dependabot[bot]) #47805 - [
652b06dd82
] - meta: remove extra space in scorecard workflow (Mestery) #47805 - [
9f06eaccaf
] - meta: bump github/codeql-action from 2.2.9 to 2.3.2 (dependabot[bot]) #47809 - [
977fd7cf35
] - meta: bump codecov/codecov-action from 3.1.1 to 3.1.3 (dependabot[bot]) #47807 - [
c19385c154
] - module: refactor to usenormalizeRequirableId
in the CJS module loader (Darshan Sen) #47896 - [
739113f2fc
] - module: block requiringtest/reporters
without scheme (Moshe Atlow) #47831 - [
f489c6710c
] - (NODE-API-SEMVER-MAJOR) node-api: get Node API version used by addon (Vladimir Morozov) #45715 - [
7222f9d74b
] - path: indicate index of wrong resolve() parameter (sosoba) #47660 - [
7dd32f1536
] - permission: remove unused function declaration (Deokjin Kim) #47957 - [
af86625a05
] - permission: resolve reference to absolute path only for fs permission (Daeyeon Jeong) #47930 - [
1625ae11fe
] - quic: address recent coverity warning (Michael Dawson) #47753 - [
c4596b9ce7
] - (SEMVER-MINOR) sea: add option to disable the experimental SEA warning (Darshan Sen) #47588 - [
1a7fc186bc
] - sea: allow requiring core modules with the "node:" prefix (Darshan Sen) #47779 - [
786a1c5398
] - src: deduplicate X509Certificate::Fingerprint* (Tobias Nießen) #47978 - [
060c1d502b
] - src: stop copying code cache, part 2 (Keyhan Vakil) #47958 - [
1aec718619
] - (SEMVER-MINOR) src: add cjs_module_lexer_version base64_version (Jithil P Ponnan) #45629 - [
0c06bfd8dc
] - src: move BlobSerializerDeserializer to a separate header file (Darshan Sen) #47933 - [
bd553e7521
] - src: rename SKIP_CHECK_SIZE to SKIP_CHECK_STRLEN (Tobias Nießen) #47845 - [
190596c189
] - src: register external references for source code (Keyhan Vakil) #47055 - [
4293cc47f4
] - src: support V8 experimental shared values in messaging (Shu-yu Guo) #47706 - [
9bc5d78f0c
] - src: register ext reference for Fingerprint512 (Tobias Nießen) #47892 - [
a11507e23b
] - src: stop copying code cache (Keyhan Vakil) #47144 - [
515c9b8de6
] - src: clarify the parameter name inPermission::Apply
(Daeyeon Jeong) #47874 - [
c4217613f5
] - src: fix creating an ArrayBuffer from a Blob created withopenAsBlob
(Daeyeon Jeong) #47691 - [
4bc17fd67b
] - src: avoid strcmp() with Utf8Value (Tobias Nießen) #47827 - [
d358317f70
] - src: get binding data store directly from the realm (Joyee Cheung) #47437 - [
b04d51a0b5
] - src: prefer data accessor of string and vector (Mohammed Keyvanzadeh) #47750 - [
2952cc576c
] - src: add per-isolate SetFastMethod and Set[Fast]MethodNoSideEffect (Joyee Cheung) #47768 - [
010d2ecf94
] - test: mark test-esm-loader-http-imports as flaky (Tobias Nießen) #47987 - [
bb33c74c07
] - test: add getRandomValues return length (Jithil P Ponnan) #46357 - [
6e019586f7
] - test: unskip negative-settimeout.any.js WPT (Filip Skokan) #47946 - [
8f547afe5f
] - test: use appropriate usages for a negative import test (Filip Skokan) #47878 - [
7e34f77518
] - test: fix webcrypto wrap unwrap tests (Filip Skokan) #47876 - [
30f4f35244
] - test: fix output tests when path includes node version (Moshe Atlow) #47843 - [
54607bfd68
] - test: reduce WPT concurrency (Filip Skokan) #47834 - [
17945a2495
] - test: migrate a pseudo_tty test to use assertSnapshot (Moshe Atlow) #47803 - [
c9233679e8
] - test: fix WPT state when process exits but workers are still running (Filip Skokan) #47826 - [
34bfb69b5b
] - test: migrate message tests to use assertSnapshot (Moshe Atlow) #47498 - [
d25c785c2a
] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851 - [
aa2c7e00d7
] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #47921 - [
da27542058
] - test_runner: use v8.serialize instead of TAP (Moshe Atlow) #47867 - [
17befe008c
] - (SEMVER-MINOR) test_runner: add shorthands totest
(Chemi Atlow) #47909 - [
42db1d50a0
] - test_runner: fix ordering of test hooks (Phil Nash) #47931 - [
d81c54e3a8
] - test_runner: omit inaccessible files from coverage (Colin Ihrig) #47850 - [
a4e261e910
] - tools: debug log for nghttp3 (Marco Ippolito) #47992 - [
f6ff318d4c
] - tools: automate icu-small update (Marco Ippolito) #47727 - [
706c305381
] - tools: update lint-md-dependencies to rollup@3.21.5 (Node.js GitHub Bot) #47903 - [
e22c686ca9
] - tools: update eslint to 8.40.0 (Node.js GitHub Bot) #47906 - [
36f7cfac93
] - tools: update eslint to 8.39.0 (Node.js GitHub Bot) #47789 - [
7323902a40
] - tools: fix jsdoc lint (Moshe Atlow) #47789 - [
a0634d7f89
] - (SEMVER-MINOR) url: add value argument to has and delete methods (Sankalp Shubham) #47885 - [
1b06c1e003
] - url: improveisURL
detection (Yagiz Nizipli) #47886 - [
2bd869d20c
] - vm: fix crash when setting __proto__ on context's globalThis (Feng Yu) #47939 - [
e6685f9e82
] - vm,lib: refactor microtaskQueue assignment logic (Khaidi Chu) #47765 - [
47fea13dac
] - worker: support more cases when (de)serializing errors (Moshe Atlow) #47925 - [
6f3876c035
] - worker: use snapshot in workers spawned by workers (Joyee Cheung) #47731
v20.1.0
: 2023-05-03, Version 20.1.0 (Current), @targos
Notable Changes
- [
5e99598639
] - assert: deprecateCallTracker
(Moshe Atlow) #47740 - [
2d97c89c6f
] - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) #47659 - [
ce8820e292
] - (SEMVER-MINOR) dns: exposegetDefaultResultOrder
(btea) #46973 - [
9d30f469aa
] - doc: add KhafraDev to collaborators (Matthew Aitken) #47510 - [
439ea47a77
] - (SEMVER-MINOR) fs: addrecursive
option toreaddir
andopendir
(Ethan Arrowood) #41439 - [
a54e898dc8
] - (SEMVER-MINOR) fs: add support formode
flag to specify the copy behavior of thecp
methods (Tetsuharu Ohzeki) #47084 - [
4fa773964b
] - (SEMVER-MINOR) http: addhighWaterMark
optionhttp.createServer
(HinataKah0) #47405 - [
2b411f4b42
] - (SEMVER-MINOR) stream: preserve object mode incompose
(Raz Luvaton) #47413 - [
5327483f31
] - (SEMVER-MINOR) test_runner: addtestNamePatterns
torun
API (Chemi Atlow) #47628 - [
bdd02a467d
] - (SEMVER-MINOR) test_runner: executebefore
hook on test (Chemi Atlow) #47586 - [
0e70c187bc
] - (SEMVER-MINOR) test_runner: support combining coverage reports (Colin Ihrig) #47686 - [
75c1d1b66e
] - (SEMVER-MINOR) wasi: makereturnOnExit
true by default (Michael Dawson) #47390
Commits
- [
33d1bd3e02
] - assert: deprecate callTracker (Moshe Atlow) #47740 - [
6d87355e83
] - benchmark: add eventtarget creation bench (Rafael Gonzaga) #47774 - [
40324a1dea
] - benchmark: differentiate whatwg and legacy url (Yagiz Nizipli) #47377 - [
936d7cb069
] - benchmark: add a benchmark fordefaultResolve
(Antoine du Hamel) #47543 - [
202042ee93
] - bootstrap: support namespaced builtins in snapshot scripts (Joyee Cheung) #47467 - [
30af5cee55
] - build: use pathlib for paths (Mohammed Keyvanzadeh) #47581 - [
089c9c51e9
] - build: refactor configure.py (Mohammed Keyvanzadeh) #47667 - [
5b851c8074
] - build: add devcontainer configuration (Tierney Cyren) #40825 - [
35e8b3b467
] - build: bump ossf/scorecard-action from 2.1.2 to 2.1.3 (dependabot[bot]) #47367 - [
78c08243df
] - build: replace Python linter flake8 with ruff (Christian Clauss) #47519 - [
2d97c89c6f
] - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) #47659 - [
420feb41cf
] - crypto: remove INT_MAX restriction in randomBytes (Tobias Nießen) #47559 - [
6046779dd9
] - deps: disable V8 concurrent sparkplug compilation (Michaël Zasso) #47450 - [
00d461e93f
] - deps: V8: cherry-pickc5ab3e4
(Richard Lau) #47736 - [
d08dd8069f
] - deps: update ada to 2.3.0 (Node.js GitHub Bot) #47737 - [
996245976b
] - deps: update undici to 5.22.0 (Node.js GitHub Bot) #47679 - [
f3ee3126df
] - deps: update ada to 2.2.0 (Node.js GitHub Bot) #47678 - [
1391d3b9ff
] - deps: add minimatch as a dependency (Moshe Atlow) #47499 - [
315454350d
] - deps: update ada to 2.1.0 (Node.js GitHub Bot) #47598 - [
7f7735cad9
] - deps: update ICU to 73.1 release (Steven R. Loomis) #47456 - [
13105c12b7
] - deps: patch V8 to 11.3.244.8 (Michaël Zasso) #47536 - [
ede69d272a
] - deps: update undici to 5.21.2 (Node.js GitHub Bot) #47508 - [
64b5a5f872
] - deps: update simdutf to 3.2.8 (Node.js GitHub Bot) #47507 - [
2664536796
] - deps: V8: cherry-pick8e10685
(Jiawen Geng) #47440 - [
ba9ec91f0e
] - deps: update undici to 5.21.1 (Node.js GitHub Bot) #47488 - [
ce8820e292
] - (SEMVER-MINOR) dns: expose getDefaultResultOrder (btea) #46973 - [
4c26e28c33
] - doc: create maintaining folder for deps (Marco Ippolito) #47589 - [
aa0ef3eabd
] - doc: fix --allow-* CLI flag references (Tobias Nießen) #47804 - [
98603b6fd3
] - doc: clarify fs permissions only affect fs module (Tobias Nießen) #47782 - [
3befe5dac9
] - doc: add copy node executable guide on windows (XLor) #47781 - [
98450d9892
] - doc: remove MoLow from Triagers (Moshe Atlow) #47792 - [
d75036410d
] - doc: fix typo in webstreams.md (Christian Takle) #47766 - [
ceba37a74f
] - doc: move BethGriggs to regular member (Rich Trott) #47776 - [
b954ea9781
] - doc: mark signing the binary is macOS and Windows only in SEA (Xuguang Mei) #47722 - [
26bccbcd10
] - doc: move addaleax to TSC emeriti (Anna Henningsen) #47752 - [
20b0de242f
] - doc: add link to news for Node.js core (Michael Dawson) #47704 - [
5709133dc7
] - doc: fix a typo inpermissions.md
(Daeyeon Jeong) #47730 - [
c5c40a89f2
] - doc: async_hooks asynchronous content example add mjs code (btea) #47401 - [
a1403a8df2
] - doc: clarify concurrency model of test runner (Tobias Nießen) #47642 - [
c0c23fbe42
] - doc: fix a typo infs.openAsBlob
(Daeyeon Jeong) #47693 - [
4cef98812d
] - doc: fix typos (Mohammed Keyvanzadeh) #47685 - [
f30ef242ef
] - doc: fix capitalization of ASan (Mohammed Keyvanzadeh) #47676 - [
78a3503406
] - doc: fix typos in SECURITY.md (Mohammed Keyvanzadeh) #47677 - [
9101630e05
] - doc: update error code of buffer (Deokjin Kim) #47617 - [
183f0c3e79
] - doc: change offset of example inBuffer.copyBytesFrom
(Deokjin Kim) #47606 - [
d11ff4bc53
] - doc: improve fs permissions description (Tobias Nießen) #47596 - [
b58920c3a9
] - doc: remove markdown link from heading (Tobias Nießen) #47585 - [
c36634e880
] - doc: fix history ordering ofWASI
constructor (Antoine du Hamel) #47611 - [
d3fadd889d
] - doc: fix release-post script location (Rafael Gonzaga) #47517 - [
2a0bbe7883
] - doc: fix typo in webcrypto metadata (Tobias Nießen) #47595 - [
b0b16ee9f6
] - doc: add link for news from uvwasi team (Michael Dawson) #47531 - [
7ca416af15
] - doc: add missing setEncoding call in ESM example (Anna Henningsen) #47558 - [
f9abd59b41
] - doc: update darwin-x64 toolchain used for Node.js 20 releases (Michaël Zasso) #47546 - [
0dc508070f
] - doc: fix split infinitive in Hooks caveat (Jacob Smith) #47550 - [
4046280475
] - doc: fix typo in util.types.isNativeError() (Julian Dax) #47532 - [
9d30f469aa
] - doc: add KhafraDev to collaborators (Matthew Aitken) #47510 - [
537c17ec48
] - doc: create maintaining-brotli.md (Marco Ippolito) #47380 - [
09ff9eafd9
] - doc,fs: update description of fs.stat() method (Mert Can Altın) #47654 - [
185d6090cd
] - doc,test: fix concurrency option of test() (Tobias Nießen) #47734 - [
a793cf401d
] - esm: renameURLCanParse
to be consistent (Antoine du Hamel) #47668 - [
fbb6b72f87
] - esm: remove support for deprecated hooks (Antoine du Hamel) #47580 - [
c150976c4f
] - esm: initializeimport.meta
on eval (Antoine du Hamel) #47551 - [
55f70f6395
] - esm: propagateprocess.exit
from the loader thread to the main thread (Antoine du Hamel) #47548 - [
269482f61f
] - esm: avoid accessing lazy getters for urls (Yagiz Nizipli) #47542 - [
889add68e5
] - esm: avoid try/catch when validating urls (Yagiz Nizipli) #47541 - [
439ea47a77
] - (SEMVER-MINOR) fs: add recursive option to readdir and opendir (Ethan Arrowood) #41439 - [
a54e898dc8
] - (SEMVER-MINOR) fs: add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #47084 - [
96f93cc500
] - (SEMVER-MINOR) http: remove internal error in assignSocket (Matteo Collina) #47723 - [
4fa773964b
] - (SEMVER-MINOR) http: add highWaterMark opt in http.createServer (HinataKah0) #47405 - [
94a5abb1e0
] - inspector: add tips for Session (theanarkh) #47195 - [
21ff33127a
] - lib: improve esm resolve performance (Yagiz Nizipli) #46652 - [
b8bdaf86c4
] - lib: disallow file-backed blob cloning (James M Snell) #47574 - [
e8bc03b372
] - lib: use webidl DOMString converter in EventTarget (Matthew Aitken) #47514 - [
91e4a7cdee
] - loader: use default loader as cascaded loader in the in loader worker (Joyee Cheung) #47620 - [
d5089fe00a
] - meta: fix dependabot commit message (Mestery) #47810 - [
92794400ce
] - meta: ping nodejs/startup for startup test changes (Joyee Cheung) #47771 - [
8d43689077
] - meta: add mailmap entry for KhafraDev (Rich Trott) #47512 - [
4d02901935
] - node-api: test passing NULL to napi_define_class (Gabriel Schulhof) #47567 - [
568256dca0
] - node-api: test passing NULL to number APIs (Gabriel Schulhof) #47549 - [
12f0fa386d
] - node-api: remove unused mark_arraybuffer_as_untransferable (Chengzhong Wu) #47557 - [
e8ea83416a
] - quic: add more QUIC implementation (James M Snell) #47494 - [
af227b159d
] - readline: fix issue with newline-less last line (Ian Harris) #47317 - [
e948bec969
] - src: avoid copying string in fs_permission (Yagiz Nizipli) #47746 - [
dc43ce7706
] - src: replace idna functions with ada::idna (Yagiz Nizipli) #47735 - [
1f9e7ce7e8
] - src: fix typo in comment in quic/sessionticket.cc (Tobias Nießen) #47754 - [
2acb57b777
] - src: mark fatal error functions as noreturn (Chengzhong Wu) #47695 - [
4431df7481
] - src: split BlobSerializer/BlobDeserializer (Joyee Cheung) #47458 - [
bf9a52cb3d
] - src: prevent changing FunctionTemplateInfo after publish (Shelley Vohr) #46979 - [
872e6706ca
] - src: add v8 fast api for url canParse (Matthew Aitken) #47552 - [
cfafe431f2
] - src: make AliasedBuffers in the binding data weak (Joyee Cheung) #47354 - [
cf48db0034
] - src: use v8::Boolean(b) over b ? True() : False() (Tobias Nießen) #47554 - [
ba255eda37
] - src: fix typo in process.env accessor error message (Moritz Raho) #47014 - [
daf0c78232
] - src: replace static const string_view by static constexpr (Daniel Lemire) #47524 - [
57e7ed7f47
] - src: fix CSMRNG when length exceeds INT_MAX (Tobias Nießen) #47515 - [
cda36bfd8f
] - src: use correct variable in node_builtins.cc (Michaël Zasso) #47343 - [
adc1601ccd
] - src: slim down stream_base-inl.h (lilsweetcaligula) #46972 - [
f88132f1b8
] - stream: prevent pipeline hang with generator functions (Debadree Chatterjee) #47712 - [
2b411f4b42
] - (SEMVER-MINOR) stream: preserve object mode in compose (Raz Luvaton) #47413 - [
159cf02920
] - test: refactor to usegetEventListeners
in timers (Deokjin Kim) #47759 - [
97a3d39b8f
] - test: add and use tmpdir.hasEnoughSpace() (Tobias Nießen) #47767 - [
5bb7b26bb5
] - test: remove spaces from test runner test names (Tobias Nießen) #47733 - [
84fa9fd725
] - test: refactor WPTRunner and enable parallel WPT execution (Filip Skokan) #47635 - [
9d3768eb01
] - Revert "test: run WPT files in parallel again" (Filip Skokan) #47627 - [
826f4041d1
] - test: mark test-cluster-primary-error flaky on asan (Yagiz Nizipli) #47422 - [
e5251e31eb
] - test_runner: fix --require with --experimental-loader (Moshe Atlow) #47751 - [
6ee5e42c73
] - (SEMVER-MINOR) test_runner: support combining coverage reports (Colin Ihrig) #47686 - [
f8581e7629
] - test_runner: remove no-op validation (Colin Ihrig) #47687 - [
40b38797c5
] - test_runner: fix test runner concurrency (Moshe Atlow) #47675 - [
2d7cac0c5b
] - test_runner: fix test counting (Moshe Atlow) #47675 - [
5a9b71a52e
] - test_runner: fix nested hooks (Moshe Atlow) #47648 - [
5327483f31
] - (SEMVER-MINOR) test_runner: add testNamePatterns to run api (Chemi Atlow) #47628 - [
b6fb7914ca
] - test_runner: support coverage of unnamed functions (Colin Ihrig) #47652 - [
1f120a396f
] - test_runner: move coverage collection to root.postRun() (Colin Ihrig) #47651 - [
bdd02a467d
] - (SEMVER-MINOR) test_runner: execute before hook on test (Chemi Atlow) #47586 - [
ec24abaa03
] - test_runner: avoid reporting parents of failing tests in summary (Moshe Atlow) #47579 - [
4203057740
] - test_runner: fix spec skip detection (Moshe Atlow) #47537 - [
57c69987ba
] - tls: accept SecureContext object in server.addContext() (HinataKah0) #47570 - [
c620eb80a0
] - tools: update doc to highlight.js@11.8.0 (Node.js GitHub Bot) #47786 - [
326c3f1593
] - tools: add the missing LoongArch64 definition in the v8.gyp file (Sun Haiyong) #47641 - [
8d1588acdc
] - tools: update lint-md-dependencies to rollup@3.21.1 (Node.js GitHub Bot) #47787 - [
226e5b83ee
] - tools: move update-npm to dep updaters (Marco Ippolito) #47619 - [
9d0bef6c0a
] - tools: fix update-v8-patch cache (Marco Ippolito) #47725 - [
63e8c95a66
] - tools: automate v8 patch update (Marco Ippolito) #47594 - [
d2994e52d3
] - tools: fix skip message in update-cjs-module-lexer (Tobias Nießen) #47701 - [
ccf9c37b43
] - tools: update lint-md-dependencies to @rollup/plugin-commonjs@24.1.0 (Node.js GitHub Bot) #47577 - [
0887fa0464
] - tools: keep MR titles/description up-to-date (Tobias Nießen) #47621 - [
b8927ddf16
] - tools: fix updating root certificates (Richard Lau) #47607 - [
87cae0cb59
] - tools: update MR label config (Mohammed Keyvanzadeh) #47593 - [
c17f2688b8
] - Revert "tools: ensure failed daily wpt run still generates a report" (Filip Skokan) #47627 - [
fbe7d73234
] - tools: add execution permission to uvwasi script (Mert Can Altın) #47600 - [
e3f4ff439e
] - tools: add update script for googletest (Tobias Nießen) #47482 - [
7c552e650a
] - tools: add option to run workflow with specific tool id (Michaël Zasso) #47591 - [
1509312170
] - tools: automate zlib update (Marco Ippolito) #47417 - [
6af7f1ee03
] - tools: add url and whatwg-url labels automatically (Yagiz Nizipli) #47545 - [
ff73c05d54
] - tools: add performance label to benchmark changes (Yagiz Nizipli) #47545 - [
9e3e0b0a84
] - tools: automate uvwasi dependency update (Ranieri Innocenti Spada) #47509 - [
233b628f22
] - tools: add missing pinned dependencies (Mateo Nunez) #47346 - [
e4d95859f5
] - tools: automate ngtcp2 and nghttp3 update (Marco Ippolito) #47402 - [
2e8338126b
] - tools: move update-undici.sh to dep_updaters and create maintain md (Marco Ippolito) #47380 - [
8712eafc87
] - typings: fix syntax error in tsconfig (Mohammed Keyvanzadeh) #47584 - [
e4b6b79f18
] - url: reduce revokeObjectURL cpp calls (Yagiz Nizipli) #47728 - [
9aae76727f
] - url: handle URL.canParse without base parameter (Yagiz Nizipli) #47547 - [
180d365439
] - url: validate URL constructor arg length (Matthew Aitken) #47513 - [
4839fc4369
] - url: validate argument length in canParse (Matthew Aitken) #47513 - [
606523d37e
] - v8: fix ERR_NOT_BUILDING_SNAPSHOT is not a constructor (Chengzhong Wu) #47721 - [
75c1d1b66e
] - (SEMVER-MINOR) wasi: make returnOnExit true by default (Michael Dawson) #47390
Configuration
-
If you want to rebase/retry this MR, check this box