![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / lang / nodejs
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
*: recursive bump for icu 77 and libxml2 2.14
nodejs: updated to 23.11.0 Version 23.11.0 (Current) Notable Changes - (SEMVER-MINOR) assert: implement partial error comparison (Ruben Bridgewater) - (SEMVER-MINOR) crypto: add optional callback to crypto.diffieHellman (Filip Skokan) - (SEMVER-MINOR) process: add execve (Paolo Insogna) - (SEMVER-MINOR) sqlite: add StatementSync.prototype.columns() (Colin Ihrig) - (SEMVER-MINOR) util: expose diff function used by the assertion errors (Giovanni Bucci)
nodejs: updated to 23.10.0 Version 23.10.0 (Current) Notable Changes Introducing --experimental-config-file crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) doc: add @geeksilva97 to collaborators (Edy Silva) (SEMVER-MINOR) src: create THROW_ERR_OPTIONS_BEFORE_BOOTSTRAPPING (Marco Ippolito) (SEMVER-MINOR) test_runner: change ts default glob (Marco Ippolito) (SEMVER-MINOR) tls: implement tls.getCACertificates() (Joyee Cheung) (SEMVER-MINOR) v8: add v8.getCppHeapStatistics() method (Aditi)
nodejs: updated to 23.9.0 Version 23.9.0 (Current) Notable Changes - (SEMVER-MINOR) dns: add TLSA record query and parsing (Rithvik Vibhu) - (SEMVER-MINOR) process: add threadCpuUsage (Paolo Insogna)
nodejs: updated to 23.8.0 Version 23.8.0 (Current) Notable Changes Support for using system CA certificates store on macOS and Windows Introduction of the URL Pattern API Support for the zstd compression algorithm Node.js thread names Timezone data has been updated to 2025a sqlite: allow returning ArrayBufferViews from user-defined functions
nodejs: updated to 23.7.0 Version 23.7.0 (Current) Notable Changes - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig)
nodejs: updated to 23.6.1 Version 23.6.1 (Current) Notable Changes CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High) CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency update: CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
nodejs: updated to 23.6.0 Version 23.6.0 (Current) Unflagging --experimental-strip-types
nodejs: updated to 23.5.0 23.5.0 (Current) Notable Changes WebCryptoAPI Ed25519 and X25519 algorithms are now stable - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) - doc: stabilize util.styleText (Rafael Gonzaga) - (SEMVER-MINOR) module: add prefix-only modules to module.builtinModules (Jordan Harband) - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) - (SEMVER-MINOR) src,lib: stabilize permission model (Rafael Gonzaga)
nodejs: remove references to non-existent files (nodejs 8-12 support). Remove reference to Python 2.
nodejs: updated to 23.3.0 Version 23.3.0 (Current) Notable Changes - doc: enforce strict policy to semver-major releases (Rafael Gonzaga) - (SEMVER-MINOR) src: add cli option to preserve env vars on dr (Rafael Gonzaga) - (SEMVER-MINOR) util: add sourcemap support to getCallSites (Marco Ippolito) - (SEMVER-MINOR) util: fix util.getCallSites plurality (Chengzhong Wu)
*: recursive bump for icu 76 shlib major version bump
nodejs: updated to 23.2.0 Version 23.2.0 (Current) Notable Changes Update root certificates to NSS 3.104 This is the version of NSS that shipped in Firefox 131.0 on 2024-10-01. Certificates added: FIRMAPROFESIONAL CA ROOT-A WEB TWCA CYBER Root CA SecureSign Root CA12 SecureSign Root CA14 SecureSign Root CA15 Other notable changes - doc: move typescript support to active development (Marco Ippolito) - doc: add jazelly to collaborators (Jason Zhang) - (SEMVER-MINOR) fs: make dirent.path writable (Antoine du Hamel) - (SEMVER-MINOR) http: add diagnostic channel http.client.request.created (Marco Ippolito) - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) - (SEMVER-MINOR) module: add module.stripTypeScriptTypes (Marco Ippolito)
*: revbump for icu downgrade
*: recursive bump for icu 76.1 shlib bump
nodejs: updated to 22.11.0 Version 22.11.0 'Jod' (LTS) This release marks the transition of Node.js 22.x into Long Term Support (LTS) with the codename 'Jod'. The 22.x release line now moves into "Active LTS" and will remain so until October 2025. After that time, it will move into "Maintenance" until end of life in April 2027. Other than updating metadata, such as the process.release object, to reflect that the release is LTS, no further changes from Node.js 22.10.0 are included.
nodejs: updated to 22.10.0 Version 22.10.0 (Current) New "module-sync" exports condition node --run is now stable
nodejs: updated to 22.9.0 Version 22.9.0 (Current) New API to retrieve execution Stack Trace Disable V8 Maglev Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext
nodejs: updated to 22.8.0 Node.js v22.8.0 New JS API for compile cache New option for vm.createContext() to create a context with a freezable globalThis Support for coverage thresholds
nodejs: updated to 22.7.0 Version 22.7.0 (Current) Experimental transform types support Module syntax detection is now enabled by default. Performance Improvements to Buffer
nodejs: updated to 22.6.0 Version 22.6.0 (Current) Experimental TypeScript support via strip types Experimental Network Inspection Support in Node.js
nodejs: updated to 22.5.1 Version 22.5.1 (Current) Notable Changes This release fixes a regression introduced in Node.js 22.5.0. The problem is known to display the following symptoms: Crash with FATAL ERROR: v8::Object::GetCreationContextChecked No creation context available npm errors with npm error Exit handler never called! yarn hangs or outputs Usage Error: Couldn't find the node_modules state file - running an install might help (findPackageLocation)
nodejs: updated to 22.4.1 Version 22.4.1 (Current) Notable Changes CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) CVE-2024-22020 - Bypass network import restriction via data URL (Medium) CVE-2024-22018 - fs.lstat bypasses permission model (Low) CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low) CVE-2024-37372 - Permission model improperly processes UNC paths (Low)
nodejs: updated to 22.4.0 Version 22.4.0 (Current) Experimental Web Storage API - (SEMVER-MINOR) deps,lib,src: add experimental web storage (Colin Ihrig) API stability updates - doc: move node --run stability to rc (Yagiz Nizipli) - doc: mark WebSocket as stable (Matthew Aitken) - doc: mark --heap-prof and related flags stable (Joyee Cheung) - doc: mark --cpu-prof and related flags stable (Joyee Cheung) Other Notable Changes - doc: doc-only deprecate OpenSSL engine-based APIs (Richard Lau) - inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) - (SEMVER-MINOR) lib: add diagnostics_channel events to module loading (RafaelGSS) - (SEMVER-MINOR) util: support --no- for argument with boolean type for parseArgs (Zhenwei Jin)
lang/nodejs: Set C++20 for std::endian to fix build
nodejs: updated to 22.3.0 Version 22.3.0 (Current) Notable Changes - (SEMVER-MINOR) src: traverse parent folders while running --run (Yagiz Nizipli) - (SEMVER-MINOR) buffer: add .bytes() method to Blob (Matthew Aitken) - (SEMVER-MINOR) src,permission: --allow-wasi & prevent WASI exec (Rafael Gonzaga) - (SEMVER-MINOR) module: print amount of load time of a cjs module (Vinicius Lourenço) - (SEMVER-MINOR) test_runner: add snapshot testing (Colin Ihrig) - (SEMVER-MINOR) doc: add context.assert docs (Colin Ihrig) - (SEMVER-MINOR) test_runner: add context.fullName (Colin Ihrig) - (SEMVER-MINOR) net: add new net.server.listen tracing channel (Paolo Insogna) - (SEMVER-MINOR) process: add process.getBuiltinModule(id) (Joyee Cheung) - (SEMVER-MINOR) doc: improve explanation about built-in modules (Joyee Cheung) - fs: mark recursive cp methods as stable (Théo LUDWIG) - doc: add StefanStojanovic to collaborators (StefanStojanovic) - (SEMVER-MINOR) cli: add NODE_RUN_PACKAGE_JSON_PATH env (Yagiz Nizipli) - (SEMVER-MINOR) test_runner: support module mocking (Colin Ihrig) - (SEMVER-MINOR) lib: add EventSource Client (Aras Abbasi) - (SEMVER-MINOR) lib: replace MessageEvent with undici's (Matthew Aitken) - (SEMVER-MINOR) cli: add NODE_RUN_SCRIPT_NAME env to node --run (Yagiz Nizipli) - doc: add Marco Ippolito to TSC (Rafael Gonzaga)
revbump after icu and protobuf updates
nodejs: updated to 22.2.0 Node.js v22.2.0 Notable Changes - (SEMVER-MINOR) cli: allow running wasm in limited vmem with --disable-wasm-trap-handler (Joyee Cheung) - doc: add pimterry to collaborators (Tim Perry) - (SEMVER-MINOR) fs: allow 'withFileTypes' to be used with globs (Aviv Keller) - (SEMVER-MINOR) inspector: introduce the --inspect-wait flag (Kohei Ueno) - lib,src: remove --experimental-policy (Rafael Gonzaga) - (SEMVER-MINOR) perf_hooks: add deliveryType and responseStatus fields (Matthew Aitken) - (SEMVER-MINOR) test_runner: support test plans (Colin Ihrig) - (SEMVER-MINOR) zlib: expose zlib.crc32() (Joyee Cheung)
nodejs: updated to 22.1.0 Node.js v22.1.0 module: implement NODE_COMPILE_CACHE for automatic on-disk code caching buffer: improve base64 and base64url performance (SEMVER-MINOR) dns: add order option and support ipv6first events,doc: mark CustomEvent as stable (SEMVER-MINOR) lib, url: add a windows option to path parsing (SEMVER-MINOR) net: add CLI option for autoSelectFamilyAttemptTimeout (SEMVER-MINOR) src: add string_view overload to snapshot FromBlob src,permission: throw async errors on async APIs (SEMVER-MINOR) test_runner: add --test-skip-pattern cli option (SEMVER-MINOR) url: implement parse method for safer URL parsing
nodejs: updated to 21.7.3 Version 21.7.3 (Current) This is a security release. Notable Changes CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
nodejs: updated to 21.7.2 Version 21.7.2 (Current) Notable changes CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium) llhttp version 9.2.1 undici version 6.11.1
nodejs: updated to 21.7.1 Version 21.7.1 (Current) Notable Changes This release reverts 51389, which landed in Node.js 21.7.0. It is a documented feature that t.after() hooks are run even if a test has no subtests. The hook can be used to clean up the test itself.
nodejs: updated to 21.7.0 Version 21.7.0 (Current) Text Styling Loading and parsing environment variables Support for multi-line values for .env file sea: support embedding assets vm: support using the default loader to handle dynamic import() crypto: implement crypto.hash()
nodejs: updated to 21.6.2 Version 21.6.2 (Current) Notable changes CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High) CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High) CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High) CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) undici version 5.28.3 libuv version 1.48.0 OpenSSL version 3.0.13+quic1
nodejs: updated to 21.6.1 Version 21.6.1 (Current) Notable Changes This release fixes a bug in undici using WebStreams
nodejs: updated to 21.6.0 Version 21.6.0 (Current) New connection attempt events Changes to the Permission Model Support configurable snapshot through --build-snapshot-config flag timers: export timers.promises
nodejs: updated to 21.5.0 Version 21.5.0 (Current) Notable Changes - (SEMVER-MINOR) deps: add simdjson (Yagiz Nizipli) - module: merge config with package_json_reader (Yagiz Nizipli) - src: move package resolver to c++ (Yagiz Nizipli)
nodejs: updated to 21.4.0 Version 21.4.0 (Current) Notable Changes This release fixes a regression introduced in v21.3.0 that caused the fs.writeFileSync method to throw when called with 'utf8' encoding, no flag option, and if the target file didn't exist yet.
nodejs: updated to 21.3.0 Version 21.3.0 (Current) New --disable-warning flag Update Root Certificates to NSS 3.95 Fast fs.writeFileSync with UTF-8 Strings
nodejs*: Consolidate and fix python includes. Ensures that PYTHON_FOR_BUILD_ONLY is set prior to including pyversion.mk, and ensures python and its dependencies are not buildlinked.
nodejs: updated to 21.2.0 Version 21.2.0 (Current) Notable Changes - doc: add MrJithil to collaborators (Jithil P Ponnan) - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) - (SEMVER-MINOR) esm: add import.meta.dirname and import.meta.filename (James Sumners) - fs: add stacktrace to fs/promises (翠 / green) - (SEMVER-MINOR) lib: add --no-experimental-global-navigator CLI flag (Antoine du Hamel) - (SEMVER-MINOR) lib: add navigator.language & navigator.languages (Aras Abbasi) - (SEMVER-MINOR) lib: add navigator.platform (Aras Abbasi) - (SEMVER-MINOR) stream: add support for deflate-raw format to webstreams compression (Damian Krzeminski) - stream: use Array for Readable buffer (Robert Nagy) - stream: optimize creation (Robert Nagy) - (SEMVER-MINOR) test_runner: adds built in lcov reporter (Phil Nash) - (SEMVER-MINOR) test_runner: add Date to the supported mock APIs (Lucas Santos) - (SEMVER-MINOR) test_runner, cli: add --test-timeout flag (Shubham Pandey)
*: recursive bump for icu 74.1
nodejs: updated to 21.1.0 Version 21.1.0 (Current) Notable Changes Automatically detect and run ESM syntax The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected. For “ambiguous” files, which are .js or extensionless files with no package.json with a type field, Node.js will parse the file to detect ES module syntax; if found, it will run the file as an ES module, otherwise it will run the file as a CommonJS module. The same applies to string input via --eval or STDIN. We hope to make detection enabled by default in a future version of Node.js. Detection increases startup time, so we encourage everyone — especially package authors — to add a type field to package.json, even for the default "type": "commonjs". The presence of a type field, or explicit extensions such as .mjs or .cjs, will opt out of detection. vm: fix V8 compilation cache support for vm.Script Previously repeated compilation of the same source code using vm.Script stopped hitting the V8 compilation cache after v16.x when support for importModuleDynamically was added to vm.Script, resulting in a performance regression that blocked users (in particular Jest users) from upgrading from v16.x. The recent fixes landed in v21.1.0 allow the compilation cache to be hit again for vm.Script when --experimental-vm-modules is not used even in the presence of the importModuleDynamically option, so that users affected by the performance regression can now upgrade. Ongoing work is also being done to enable compilation cache support for vm.CompileFunction.
*: bump for openssl 3
*: update for Python base package change Instead of depending on one of the removed packages (that are now included in the base Python packages), include batteries-included.mk to require a Python version that supplies them. Remove now included packages. Bump PKGREVISION.
nodejs: updated to 20.8.1 Version 20.8.1 (Current) This is a security release. Notable Changes The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release (High) CVE-2023-45143: undici Security Release (High) CVE-2023-39332: Path traversal through path stored in Uint8Array (High) CVE-2023-39331: Permission model improperly protects against path traversal (High) CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium) CVE-2023-39333: Code injection via WebAssembly export names (Low)
nodejs: updated to 20.8.0 Version 20.8.0 (Current) Notable Changes Stream performance improvements Performance improvements to writable and readable streams, improving the creation and destruction by ±15% and reducing the memory overhead each stream takes in Node.js Performance improvements for readable webstream, improving readable stream async iterator consumption by ±140% and improving readable stream pipeTo consumption by ±60% Rework of memory management in vm APIs with the importModuleDynamically option This rework addressed a series of long-standing memory leaks and use-after-free issues in the following APIs that support importModuleDynamically: vm.Script vm.compileFunction vm.SyntheticModule vm.SourceTextModule This should enable affected users to upgrade from older versions of Node.js.
nodejs: updated to 20.7.0 Version 20.7.0 (Current) Notable Changes - src: support multiple --env-file declarations (Yagiz Nizipli) - crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot) - deps: upgrade npm to 10.1.0 (npm team) - (SEMVER-MINOR) deps: upgrade npm to 10.0.0 (npm team) - doc: move and rename loaders section (Geoffrey Booth) - doc: add release key for Ulises Gascon (Ulises Gascón) - (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled (翠 / green) - src,permission: add multiple allow-fs-* flags (Carlos Espa) - (SEMVER-MINOR) test_runner: expose location of tests (Colin Ihrig)
nodejs: updated to 20.6.1 Version 20.6.1 (Current) esm: fix loading of CJS modules from ESM
nodejs: updated to 20.6.0 Version 20.6.0 (Current) Notable changes built-in .env file support Starting from Node.js v20.6.0, Node.js supports .env files for configuring environment variables. Your configuration file should follow the INI file format, with each line containing a key-value pair for an environment variable. To initialize your Node.js application with predefined configurations, use the following CLI command: node --env-file=config.env index.js. For example, you can access the following environment variable using process.env.PASSWORD when your application is initialized: PASSWORD=nodejs In addition to environment variables, this change allows you to define your NODE_OPTIONS directly in the .env file, eliminating the need to include it in your package.json. import.meta.resolve unflagged In ES modules, import.meta.resolve(specifier) can be used to get an absolute URL string to which specifier resolves, similar to require.resolve in CommonJS. This aligns Node.js with browsers and other server-side runtimes. New node:module API register for module customization hooks; new initialize hook There is a new API register available on node:module to specify a file that exports module customization hooks, and pass data to the hooks, and establish communication channels with them. The “define the file with the hooks” part was previously handled by a flag --experimental-loader, but when the hooks moved into a dedicated thread in 20.0.0 there was a need to provide a way to communicate between the main (application) thread and the hooks thread. This can now be done by calling register from the main thread and passing data, including MessageChannel instances. We encourage users to migrate to an approach that uses --import with register, such as: node --import ./file-that-calls-register.js ./app.js Using --import ensures that the customization hooks are registered before any application code runs, even the entry point. Module customization load hook can now support CommonJS
*: recursive bump for Python 3.11 as new default
nodejs: updated to 20.5.1 Version 20.5.1 (Current) Notable Changes The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module._load (High) CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High) CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High) CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium) CVE-2023-32559: Policies can be bypassed via process.binding (Medium) CVE-2023-32005: fs.statfs can bypass the permission model (Low) CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low) OpenSSL Security Releases
nodejs: updated to 20.5.0 Version 20.5.0 (Current) Notable Changes doc: add atlowChemi to collaborators (atlowChemi) (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) fs: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) (SEMVER-MINOR) test_runner: add shards support (Raz Luvaton)
lang: Adapt packages to USE_(CC|CXX)_FEATURES where possible
revbump after nghttp3/ngtcp2 update
nodejs: updated to 20.4.0 Version 20.4.0 (Current) Notable Changes Mock Timers Support to the explicit resource management proposal crypto: update root certificates to NSS 3.90 doc: add vmoroz to collaborators doc: add kvakil to collaborators (SEMVER-MINOR) tls: add ALPNCallback server option for dynamic ALPN negotiation
nodejs: updated to 20.3.1 Version 20.3.1 (Current) This is a security release. Notable Changes The following CVEs are fixed in this release: CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High) CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High) CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High) CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium) CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium) CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium) CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium) CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium) CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium) OpenSSL Security Releases OpenSSL security advisory 28th March. OpenSSL security advisory 20th April. OpenSSL security advisory 30th May
nodejs: updated to 20.3.0 Version 20.3.0 (Current) Notable Changes - deps: upgrade to libuv 1.45.0, including significant performance improvements to file system operations on Linux (Santiago Gimeno) - doc: add Ruy Adorno to list of TSC members (Michael Dawson) - doc: mark Node.js 14 as End-of-Life (Richard Lau) - (SEMVER-MINOR) lib: implement AbortSignal.any() (Chemi Atlow) - module: change default resolver to not throw on unknown scheme (Gil Tayar) - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) - stream: deprecate asIndexedPairs (Chemi Atlow)
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/. Almost all uses, if not all of them, are wrong, according to the semantics of BUILD_DEPENDS (packages built for target available for use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for host available for use _as_ tools at build-time). No change to BUILD_DEPENDS as used correctly inside buildlink3. As proposed on tech-pkg: https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html
nodejs: updated to 20.2.0 Version 20.2.0 (Current) doc: add ovflowd to collaborators (Claudio Wunder) (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) (SEMVER-MINOR) sea: add option to disable the experimental SEA warning (Darshan Sen) (SEMVER-MINOR) test_runner: add skip, todo, and only shorthands to test (Chemi Atlow) (SEMVER-MINOR) url: add value argument to URLSearchParams has and delete methods (Sankalp Shubham)
nodejs: updated to 20.1.0 Version 20.1.0 (Current) Notable Changes - assert: deprecate CallTracker (Moshe Atlow) - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) - (SEMVER-MINOR) dns: expose getDefaultResultOrder (btea) - doc: add KhafraDev to collaborators (Matthew Aitken) - (SEMVER-MINOR) fs: add recursive option to readdir and opendir (Ethan Arrowood) - (SEMVER-MINOR) fs: add support for mode flag to specify the copy behavior of the cp methods (Tetsuharu Ohzeki) - (SEMVER-MINOR) http: add highWaterMark option http.createServer (HinataKah0) - (SEMVER-MINOR) stream: preserve object mode in compose (Raz Luvaton) - (SEMVER-MINOR) test_runner: add testNamePatterns to run API (Chemi Atlow) - (SEMVER-MINOR) test_runner: execute before hook on test (Chemi Atlow) - (SEMVER-MINOR) test_runner: support combining coverage reports (Colin Ihrig) - (SEMVER-MINOR) wasi: make returnOnExit true by default (Michael Dawson)
nodejs: update to version 20.0.0
Changelog:
2023-04-18, Version 20.0.0 (Current), @RafaelGSS
We're excited to announce the release of Node.js 20! Highlights include the new Node.js Permission Model, a synchronous import.meta.resolve, a stable test_runner, updates of the V8 JavaScript engine to 11.3, Ada to 2.0, and more!
As a reminder, Node.js 20 will enter long-term support (LTS) in October, but until then, it will be the "Current" release for the next six months. We encourage you to explore the new features and benefits offered by this latest release and evaluate their potential impact on your applications.
Notable Changes
Permission Model
Node.js now has an experimental feature called the Permission Model. It allows developers to restrict access to specific resources during program execution, such as file system operations, child process spawning, and worker thread creation. The API exists behind a flag --experimental-permission which when enabled will restrict access to all available permissions. By using this feature, developers can prevent their applications from accessing or modifying sensitive data or running potentially harmful code. More information about the Permission Model can be found in the Node.js documentation.
The Permission Model was a contribution by Rafael Gonzaga in #44004.
Custom ESM loader hooks run on dedicated thread
ESM hooks supplied via loaders (--experimental-loader=foo.mjs) now run in a dedicated thread, isolated from the main thread. This provides a separate scope for loaders and ensures no cross-contamination between loaders and application code.
Synchronous import.meta.resolve()
In alignment with browser behavior, this function now returns synchronously. Despite this, user loader resolve hooks can still be defined as async functions (or as sync functions, if the author prefers). Even when there are async resolve hooks loaded, import.meta.resolve will still return synchronously for application code.
Contributed by Anna Henningsen, Antoine du Hamel, Geoffrey Booth, Guy Bedford, Jacob Smith, and Michaël Zasso in #44710
V8 11.3
The V8 engine is updated to version 11.3, which is part of Chromium 113. This version includes three new features to the JavaScript API:
String.prototype.isWellFormed and toWellFormed
Methods that change Array and TypedArray by copy
Resizable ArrayBuffer and growable SharedArrayBuffer
RegExp v flag with set notation + properties of strings
WebAssembly Tail Call
The V8 update was a contribution by Michaël Zasso in #47251.
Stable Test Runner
The recent update to Node.js, version 20, includes an important change to the test_runner module. The module has been marked as stable after a recent update. Previously, the test_runner module was experimental, but this change marks it as a stable module that is ready for production use.
Contributed by Colin Ihrig in #46983
Ada 2.0
Node.js v20 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4, while also eliminating the need for the ICU requirement for URL hostname parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in #47339
Preparing single executable apps now requires injecting a Blob
Building a single executable app now requires injecting a blob prepared by Node.js from a JSON config instead of injecting the raw JS file. This opens up the possibility of embedding multiple co-existing resources into the SEA (Single Executable Apps).
Contributed by Joyee Cheung in #47125
Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations. This further improves interoperability with other implementations of Web Crypto API.
This change was made by Filip Skokan in #46067.
Official support for ARM64 Windows
Node.js now includes binaries for ARM64 Windows, allowing for native execution on the platform. The MSI, zip/7z packages, and executable are available from the Node.js download site along with all other platforms. The CI system was updated and all changes are now fully tested on ARM64 Windows, to prevent regressions and ensure compatibility.
ARM64 Windows was upgraded to tier 2 support by Stefan Stojanovic in #47233.
WASI version must now be specified
When new WASI() is called, the version option is now required and has no default value. Any code that relied on the default for the version will need to be updated to request a specific version.
This change was made by Michael Dawson in #47391.
Deprecations and Removals
[3bed5f11e0] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526
url.parse() accepts URLs with ports that are not numbers. This behavior might result in host name spoofing with unexpected input. These URLs will throw an error in future versions of Node.js, as the WHATWG URL API does already. Starting with Node.js 20, these URLS cause url.parse() to emit a warning.
Semver-Major Commits
[9fafb0a090] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432
[1948d37595] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599
[7bc0e6a4e7] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153
[671ffd7825] - (SEMVER-MAJOR) buffer: use min/max of validateNumber (Deokjin Kim) #45796
[ab1614d280] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251
[c1bcdbcf79] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806
[649f68fc1e] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579
[9374700d7a] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182
[1640aeb680] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073
[c2e4b1fa9a] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028
[3ef38c4bd7] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067
[08af023b1f] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653
[7eb0ac3cb6] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251
[a7c129f286] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251
[6f5655a18e] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251
[f226350fcb] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251
[d6dae7420e] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579
[56c436533e] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579
[51ab98c71b] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579
[9f84d3eea8] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579
[f2318cd4b5] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579
[16e03e7968] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579
[6473f5e7f7] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352
[cc18fd9608] - (SEMVER-MAJOR) events: refactor to use validateNumber (Deokjin Kim) #45770
[ff92b40ffc] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333
[2a29df6464] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331
[391dc74a10] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283
[ed3604cd64] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (wwwzbwcom) #45597
[88d71dc301] - (SEMVER-MAJOR) lib: refactor to use min/max of validateNumber (Deokjin Kim) #45772
[e4d641f02a] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174
[0f3e531096] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276
[5b5898ac86] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841
[55321bafd1] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790
[2d0d99733b] - (SEMVER-MAJOR) process: remove process.exit(), process.exitCode coercion to integer (Daeyeon Jeong) #43716
[dc06df31b6] - (SEMVER-MAJOR) readline: refactor to use validateNumber (Deokjin Kim) #45801
[295b2f3ff4] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251
[3803b028dd] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825
[e8bddac3e9] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705
[f84de0ad4c] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427
[a6242772ec] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579
[dd5c39a808] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579
[63eca7fec0] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430
[9e7093f416] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322
[fb91ee4f26] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579
[eca618071e] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579
[c03354d3e0] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508
[c733cc0c7f] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983
[7ce223273d] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251
[ca4bd3023e] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251
[58b06a269a] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579
[027841c964] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904
[3bed5f11e0] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526
[7c76fddf25] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718
[4b52727976] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391
Semver-Minor Commits
[d4b440bfac] - (SEMVER-MINOR) fs: implement byob mode for readableWebStream() (Debadree Chatterjee) #46933
[00c222593e] - (SEMVER-MINOR) src,process: add permission model (Rafael Gonzaga) #44004
[978b57d750] - (SEMVER-MINOR) wasi: no longer require flag to enable wasi (Michael Dawson) #47286
Semver-Patch Commits
[e50c6b9a22] - bootstrap: do not expand process.argv[1] for snapshot entry points (Joyee Cheung) #47466
[c81e1143e4] - bootstrap: store internal loaders in C++ via a binding (Joyee Cheung) #47215
[8e673bdb84] - build: add node-core-utils to setup (Jiawen Geng) #47442
[5b561d72a6] - build: sync cares source change (Jiawen Geng) #47359
[8e6ee53e4e] - build: remove non-exist build file (Jiawen Geng) #47361
[9a4d21d1d9] - build, deps, tools: avoid excessive LTO (Konstantin Demin) #47313
[48c01485cd] - crypto: replace THROW with CHECK for scrypt keylen (Tobias Nießen) #47407
[4c1a27716b] - crypto: re-add padding for AES-KW wrapped JWKs (Filip Skokan) #46563
[b66eb15d12] - deps: update simdutf to 3.2.7 (Node.js GitHub Bot) #47473
[3fc11477ba] - deps: update corepack to 0.17.2 (Node.js GitHub Bot) #47474
[c1776531ab] - deps: upgrade npm to 9.6.4 (npm team) #47432
[e7ca09f310] - deps: update zlib to upstream 5edb52d4 (Luigi Pinca) #47151
[88387ccd12] - deps: update ada to 2.0.0 (Node.js GitHub Bot) #47339
[9f468cc37e] - deps: cherry-pick Windows ARM64 fix for openssl (Richard Lau) #46570
[eeab210b1b] - deps: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) #46570
[d93d7716c7] - deps: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) #46571
[0f69ec4dd7] - deps: patch V8 to 10.9.194.9 (Michaël Zasso) #45995
[5890d09644] - deps: patch V8 to 10.9.194.6 (Michaël Zasso) #45748
[c02a7e7e93] - diagnostics_channel: fix ref counting bug when reaching zero subscribers (Stephen Belanger) #47520
[c7ad5bb37d] - doc: info on handling unintended breaking changes (Michael Dawson) #47426
[7d2d40ed0d] - doc: add performance initiative (Yagiz Nizipli) #47424
[d56c0f7318] - doc: do not create a backup file (Luigi Pinca) #47151
[412d27b65b] - doc: add MoLow to the TSC (Colin Ihrig) #47436
[f131cca0c0] - doc: reserve 116 for Electron 25 (Keeley Hammond) #47375
[1022c6f424] - doc: add experimental stages (Geoffrey Booth) #46100
[42d3d74717] - doc: clarify release notes for Node.js 16.19.0 (Richard Lau) #45846
[533c6512da] - doc: clarify release notes for Node.js 14.21.2 (Richard Lau) #45846
[97165fc1a6] - doc: fix doc metadata for Node.js 16.19.0 (Richard Lau) #45863
[a266b8b702] - doc: add registry number for Electron 23 & 24 (Keeley Hammond) #45661
[2613a9ced9] - esm: move hook execution to separate thread (Jacob Smith) #44710
[841f6b3abf] - esm: increase test coverage of edge cases (Antoine du Hamel) #47033
[0d575fe61a] - gyp: put filenames in variables (Cheng Zhao) #46965
[41b186722c] - lib: distinguish webidl interfaces with the extended property "Exposed" (Chengzhong Wu) #46809
[9b7db62276] - lib: makeRequireFunction patch when experimental policy (RafaelGSS) nodejs-private/node-private#358
[d43b532789] - lib: refactor to use validateBuffer (Deokjin Kim) #46489
[9a76a2521b] - meta: ping security-wg team on permission model changes (Rafael Gonzaga) #47483
[a4dadde1ba] - meta: ping startup and realm team on src/node_realm* changes (Joyee Cheung) #47448
[631c3ef3de] - module: do less CJS module loader initialization at run time (Joyee Cheung) #47194
[8bcf0a42f7] - permission: fix chmod,chown improve fs coverage (Rafael Gonzaga) #47529
[54d17ff4b5] - permission: support fs.mkdtemp (Rafael Gonzaga) #47470
[b441b5dc65] - permission: drop process.permission.deny (Rafael Gonzaga) #47335
[aa30e16716] - permission: fix some vulnerabilities in fs (Tobias Nießen) #47091
[1726da9300] - permission: add path separator to loader check (Rafael Gonzaga) #47030
[b164038c86] - permission: fix spawnSync permission check (RafaelGSS) #46975
[af91400886] - policy: makeRequireFunction on mainModule.require (RafaelGSS) nodejs-private/node-private#358
[f8b4e26aee] - quic: add more QUIC impl (James M Snell) #47348
[d65ae9f678] - quic: add additional quic implementation utilities (James M Snell) #47289
[9b104be502] - quic: do not dereference shared_ptr after move (Tobias Nießen) #47294
[09a4bb152f] - quic: add multiple internal utilities (James M Snell) #47263
[2bde0059ca] - sea: use JSON configuration and blob content for SEA (Joyee Cheung) #47125
[78c7475493] - src: allow simdutf::convert_* functions to return zero (Daniel Lemire) #47471
[5250947a53] - src: track ShadowRealm native objects correctly in the heap snapshot (Joyee Cheung) #47389
[8059764621] - src: use the internal field to determine if an object is a BaseObject (Joyee Cheung) #47217
[698508afa8] - src: bootstrap prepare stack trace callback in shadow realm (Chengzhong Wu) #47107
[e6b4d30a2f] - src: bootstrap Web [Exposed=*] APIs in the shadow realm (Chengzhong Wu) #46809
[3646a66044] - src: fix AliasedBuffer memory attribution in heap snapshots (Joyee Cheung) #46817
[8b2126f63f] - src: move AliasedBuffer implementation to -inl.h (Joyee Cheung) #46817
[3abbc3829a] - src: fix useless call in permission.cc (Tobias Nießen) #46833
[7b1e153530] - src: simplify exit code accesses (Daeyeon Jeong) #45125
[7359b92a41] - test: remove unnecessary status check on test-release-npm (RafaelGSS) #47516
[a5a5d2fb7e] - test: mark test/parallel/test-file-write-stream4 as flaky (Yagiz Nizipli) #47423
[81ad73a205] - test: remove unused callback variables (angellovc) #47167
[757a586ead] - test: migrate test runner message tests to snapshot (Moshe Atlow) #47392
[86f890539f] - test: remove stale entry from known_issues.status (Richard Lau) #47454
[1f3773d0c1] - test: move more inspector sequential tests to parallel (Joyee Cheung) #47412
[617b8d44c6] - test: use random port in test-inspector-enabled (Joyee Cheung) #47412
[ade0170c4f] - test: use random port in test-inspector-debug-brk-flag (Joyee Cheung) #47412
[1a78632cd3] - test: use random port in NodeInstance.startViaSignal() (Joyee Cheung) #47412
[23f66b137e] - test: move test-shadow-realm-gc.js to known_issues (Joyee Cheung) #47355
[9dfd0394c5] - test: remove useless WPT init scripts (Khafra) #47221
[1cfe058778] - test: fix test-permission-deny-fs-wildcard (win32) (Tobias Nießen) #47095
[b8ef1b476e] - test: add coverage for custom loader hooks with permission model (Antoine du Hamel) #46977
[4a7c3e9c50] - test: fix file path in permission symlink test (Livia Medeiros) #46859
[10005de6a8] - tools: make js2c.py usable for other build systems (Cheng Zhao) #46930
[1e2f9aca72] - tools: move update-acorn.sh to dep_updaters and create maintaining md (Marco Ippolito) #47382
[174662a463] - tools: update eslint to 8.38.0 (Node.js GitHub Bot) #47475
[a58ca61f35] - tools: update eslint to 8.38.0 (Node.js GitHub Bot) #47475
[37d12730ab] - tools: automate cjs-module-lexer dependency update (Marco Ippolito) #47446
[4fbfa3c9f2] - tools: fix notify-on-push Slack messages (Antoine du Hamel) #47453
[b1f2ff1242] - tools: update lint-md-dependencies to @rollup/plugin-node-resolve@15.0.2 (Node.js GitHub Bot) #47431
[26b2584b84] - tools: add root certificate update script (Richard Lau) #47425
[553b052648] - tools: remove targets for individual test suites in Makefile (Antoine du Hamel) #46892
[747ff43e5b] - url: more sophisticated brand check for URLSearchParams (Timothy Gu) #47414
[e727eb066f] - url: do not use object as hashmap (Timothy Gu) #47415
[81c7875eb7] - url: drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339
[a4895df94a] - url: use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339
*: recursive bump for nghttp3 shlib major change
*: recursive bump for ngtcp2 shlib major bump
nodejs: updated to 19.9.0 Version 19.9.0 (Current) Notable Changes Tracing Channel in diagnostic_channel New URL.canParse API (SEMVER-MINOR) add getMaxListeners method (Khafra) (SEMVER-MINOR) migrate to WiX4 (Stefan Stojanovic) (SEMVER-MINOR) deprecate napi_module_register (Vladimir Morozov) (SEMVER-MINOR) add setter & getter for default highWaterMark (Robert Nagy) (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow)
lang/nodejs: Require GCC 8 GCC 7 fails due to <charconv>, even if gcc's page says 7 supports C++17. (Build tested on netbsd-9 amd64.)
nodejs: updated to 19.7.0 Version 19.7.0 (Current) Notable Changes - deps: upgrade npm to 9.5.0 (npm team) - deps: add ada as a dependency (Yagiz Nizipli) - doc: add debadree25 to collaborators (Debadree Chatterjee) - doc: add deokjinkim to collaborators (Deokjin Kim) - doc,lib,src,test: rename --test-coverage (Colin Ihrig) - (SEMVER-MINOR) lib: add aborted() utility function (Debadree Chatterjee) - (SEMVER-MINOR) src: add initial support for single executable applications (Darshan Sen) - (SEMVER-MINOR) src: allow optional Isolate termination in node::Stop() (Shelley Vohr) - (SEMVER-MINOR) src: allow blobs in addition to FILE*s in embedder snapshot API (Anna Henningsen) - (SEMVER-MINOR) src: allow snapshotting from the embedder API (Anna Henningsen) - (SEMVER-MINOR) src: make build_snapshot a per-Isolate option, rather than a global one (Anna Henningsen) - (SEMVER-MINOR) src: add snapshot support for embedder API (Anna Henningsen) - (SEMVER-MINOR) src: allow embedder control of code generation policy (Shelley Vohr) - (SEMVER-MINOR) stream: add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) - test_runner: add initial code coverage support (Colin Ihrig) - url: replace url-parser with ada (Yagiz Nizipli)
nodejs: updated to 19.6.1 Version 19.6.1 (Current) This is a security release. Notable Changes The following CVEs are fixed in this release: CVE-2023-23919: OpenSSL errors not cleared in error stack (Medium) CVE-2023-23918: Experimental Policies bypass via process.mainModule.require(High) CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable (Low)
nodejs: updated to 19.6.0 Version 19.6.0 (Current) Notable changes ESM: Leverage loaders when resolving subsequent loaders Loaders now apply to subsequent loaders, for example: --experimental-loader ts-node --experimental-loader loader-written-in-typescript. Upgrade npm to 9.4.0 Added --install-strategy=linked option for installations similar to pnpm. Other notable changes (SEMVER-MINOR) fs: add statfs() functions (Colin Ihrig) (SEMVER-MINOR) vm: expose cachedDataRejected for vm.compileFunction (Anna Henningsen) (SEMVER-MINOR) v8: support gc profile (theanarkh) (SEMVER-MINOR) src,lib: add constrainedMemory API for process (theanarkh) (SEMVER-MINOR) buffer: add isAscii method (Yagiz Nizipli) (SEMVER-MINOR) test_runner: add reporters (Moshe Atlow)
nodejs: updated to 19.5.0 Version 19.5.0 (Current), @RafaelGSS Notable Changes http: (SEMVER-MINOR) join authorization headers (Marco Ippolito) lib:: add webstreams to Duplex.from() (Debadree Chatterjee) stream: implement finished() for ReadableStream and WritableStream
nodejs: updated to 19.4.0 Version 19.4.0 (Current) Notable Changes buffer: (SEMVER-MINOR) add buffer.isUtf8 for utf8 validation (Yagiz Nizipli) http: (SEMVER-MINOR) improved timeout defaults handling (Paolo Insogna) net: add autoSelectFamily global getter and setter (Paolo Insogna) os: (SEMVER-MINOR) add availableParallelism() (Colin Ihrig) util: add fast path for text-decoder fatal flag (Yagiz Nizipli)
nodejs: updated to 19.3.0 Version 19.3.0 (Current) Notable Changes Updated npm to 9.2.0 build: disable v8 snapshot compression by default (Joyee Cheung) doc: add doc-only deprecation for headers/trailers setters (Rich Trott) doc: add Rafael Gonzaga to the TSC (Michael Dawson) (SEMVER-MINOR) net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) (SEMVER-MINOR) src: add uvwasi version (Jithil P Ponnan) (SEMVER-MINOR) test_runner: add t.after() hook (Colin Ihrig) (SEMVER-MINOR) test_runner: don't use a symbol for runHook() (Colin Ihrig) tls: remove trustcor root ca certificates (Ben Noordhuis)
nodejs: updated to 19.2.0 Version 19.2.0 (Current) Notable changes Time zone update Time zone data has been updated to 2022f. This includes changes to Daylight Savings Time (DST) for Fiji and Mexico. For more information, see https://mm.icann.org/pipermail/tz-announce/2022-October/000075.html. Version 19.1.0 (Current) Notable changes Support function mocking on Node.js test runner fs.watch recursive support on Linux Version 19.0.1 (Current) This is a security release. Notable changes The following CVEs are fixed in this release: CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High) CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High) CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium) Version 19.0.0 (Current) Node.js 19 is here! Highlights include the update of the V8 JavaScript engine to 10.7, HTTP(s)/1.1 KeepAlive enabled by default, and ESM Resolution adjusts. Node.js 19 will replace Node.js 18 as our ‘Current’ release line when Node.js 18 enters long-term support (LTS) later this month. As per the release schedule, Node.js 19 will be ‘Current' release for the next 6 months, until April 2023.
nodejs: updated to 18.12.1 Version 18.12.1 'Hydrogen' (LTS) This is a security release. Notable changes The following CVEs are fixed in this release: CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High) CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High) CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)
nodejs: Fix building with python311 Node.js v18 does not want to build with Python 3.11.
lang/nodejs{,16}: as expected by upstream, install corepack (and bump
PKGREVISION). For earlier versions, no change.
nodejs: updated to 18.12.0 Version 18.12.0 'Hydrogen' (LTS) Notable Changes This release marks the transition of Node.js 18.x into Long Term Support (LTS) with the codename 'Hydrogen'. The 18.x release line now moves into "Active LTS" and will remain so until October 2023. After that time, it will move into "Maintenance" until end of life in April 2025.
nodejs: updated to 18.11.0 Version 18.11.0 (Current) Notable changes watch mode (experimental) Running in 'watch' mode using node --watch restarts the process when an imported file is changed. Contributed by Moshe Atlow in Other notable changes fs: (SEMVER-MINOR) add FileHandle.prototype.readLines (Antoine du Hamel) http: (SEMVER-MINOR) add writeEarlyHints function to ServerResponse (Wing) http2: (SEMVER-MINOR) make early hints generic (Yagiz Nizipli) lib: (SEMVER-MINOR) refactor transferable AbortSignal (flakey5) src: (SEMVER-MINOR) add detailed embedder process initialization API (Anna Henningsen) util: (SEMVER-MINOR) add default value option to parsearg (Manuel Spigolon)
Pullup ticket #6678 - requested by taca lang/nodejs: security fix Revisions pulled up: - lang/nodejs/Makefile 1.241 - lang/nodejs/PLIST 1.65 - lang/nodejs/distinfo 1.222 --- Module Name: pkgsrc Committed By: adam Date: Tue Sep 27 07:59:10 UTC 2022 Modified Files: pkgsrc/lang/nodejs: Makefile PLIST distinfo Log Message: nodejs: updated to 18.9.1 Version 18.9.1 (Current) This is a security release. Notable changes The following CVEs are fixed in this release: CVE-2022-32212: DNS rebinding in --inspect on macOS (High) Insufficient fix for macOS devices on v18.5.0 CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium) CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium) Insufficient fix on v18.5.0 CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium) Insufficient fix on v18.5.0 CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium) CVE-2022-35255: Weak randomness in WebCrypto keygen
nodejs: updated to 18.10.0 Version 18.10.0 (Current) Notable changes doc: (SEMVER-MINOR) deprecate modp1, modp2, and modp5 groups (Tobias Nießen) add legendecas to TSC list (Michael Dawson) move policy docs to the permissions scope (Rafael Gonzaga) gyp: libnode for ios app embedding (chexiongsheng) http: (SEMVER-MINOR) throw error on content-length mismatch (sidwebworks) stream: (SEMVER-MINOR) add ReadableByteStream.tee() (Daeyeon Jeong)
nodejs: updated to 18.9.1 Version 18.9.1 (Current) This is a security release. Notable changes The following CVEs are fixed in this release: CVE-2022-32212: DNS rebinding in --inspect on macOS (High) Insufficient fix for macOS devices on v18.5.0 CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium) CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium) Insufficient fix on v18.5.0 CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium) Insufficient fix on v18.5.0 CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium) CVE-2022-35255: Weak randomness in WebCrypto keygen
nodejs: updated to 18.8.0 Version 18.8.0 (Current) Notable changes bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob crypto: (SEMVER-MINOR) allow zero-length IKM in HKDF and in webcrypto PBKDF2 (SEMVER-MINOR) allow zero-length secret KeyObject deps: upgrade npm to 8.18.0 (npm team) doc: add Erick Wendel to collaborators add theanarkh to collaborators add MoLow to collaborators add cola119 to collaborators deprecate --trace-atomics-wait http: (SEMVER-MINOR) make idle http parser count configurable net: (SEMVER-MINOR) add local family src: (SEMVER-MINOR) print source map error source on demand tls: (SEMVER-MINOR) pass a valid socket on tlsClientError
nodejs: updated to 18.7.0 Version 18.7.0 (Current) Notable changes doc: add F3n67u to collaborators (Feng Yu) deprecate coercion to integer in process.exit (Daeyeon Jeong) (SEMVER-MINOR) deprecate diagnostics_channel object subscribe method (Stephen Belanger) events: (SEMVER-MINOR) expose CustomEvent on global with CLI flag (Daeyeon Jeong) (SEMVER-MINOR) add CustomEvent (Daeyeon Jeong) http: (SEMVER-MINOR) add drop request event for http server (theanarkh) lib: (SEMVER-MINOR) improved diagnostics_channel subscribe/unsubscribe (Stephen Belanger) util: (SEMVER-MINOR) add tokens to parseArgs (John Gee)
Pullup ticket #6652 - requested by khorben
lang/nodejs: security update
Revisions pulled up:
- lang/nodejs/Makefile 1.237
- lang/nodejs/distinfo 1.217
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:31:15 UTC 2022
Modified Files:
pkgsrc/lang/nodejs: Makefile distinfo
Log Message:
nodejs: updated to 18.5.0
Version 18.5.0 (Current), @RafaelGSS
This is a security release.
Notable Changes
- (SEMVER-MAJOR) src,deps,build,test: add OpenSSL config appname (Daniel Bevenius)
- (SEMVER-MAJOR) src,doc,test: add --openssl-shared-config option (Daniel Bevenius)
Node.js now reads nodejs_conf section in the openssl config
- deps: update archs files for quictls/openssl-3.0.5+quic (RafaelGSS)
- deps: upgrade openssl sources to quictls/openssl-3.0.5+quic (RafaelGSS)
To generate a diff of this commit:
cvs rdiff -u -r1.236 -r1.237 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.216 -r1.217 pkgsrc/lang/nodejs/distinfo
nodejs: updated to 18.6.0 Version 18.6.0 (Current) Notable Changes Experimental ESM Loader Hooks API Node.js ESM Loader hooks now support multiple custom loaders, and composition is achieved via "chaining": foo-loader calls bar-loader calls qux-loader (a custom loader must now signal a short circuit when intentionally not calling the next). See the ESM docs for details.
nodejs: updated to 18.5.0 Version 18.5.0 (Current), @RafaelGSS This is a security release. Notable Changes - (SEMVER-MAJOR) src,deps,build,test: add OpenSSL config appname (Daniel Bevenius) - (SEMVER-MAJOR) src,doc,test: add --openssl-shared-config option (Daniel Bevenius) Node.js now reads nodejs_conf section in the openssl config - deps: update archs files for quictls/openssl-3.0.5+quic (RafaelGSS) - deps: upgrade openssl sources to quictls/openssl-3.0.5+quic (RafaelGSS)
nodejs: updated to 18.4.0 Version 18.4.0 (Current) Notable Changes crypto: remove Node.js-specific webcrypto extensions add CFRG curves to Web Crypto API dns: accept 'IPv4' and 'IPv6' for family report: add more heap infos in process report
nodejs: updated to 18.3.0 Version 18.3.0 (Current) Notable Changes - deps: update undici to 5.4.0 (Node.js GitHub Bot) - (SEMVER-MINOR) util: add parseArgs module (Benjamin Coe) - (SEMVER-MINOR) http: add uniqueHeaders option to request and createServer (Paolo Insogna) - deps: upgrade npm to 8.11.0 (npm team) - deps: patch V8 to 10.2.154.4 (Michaël Zasso) - (SEMVER-MINOR) deps: update V8 to 10.2.154.2 (Michaël Zasso) - (SEMVER-MINOR) fs: make params in writing methods optional (LiviaMedeiros) - (SEMVER-MINOR) http: add uniqueHeaders option to request and createServer (Paolo Insogna) - (SEMVER-MINOR) net: add ability to reset a tcp socket (pupilTong) - (SEMVER-MINOR) Revert "build: make x86 Windows support temporarily experimental" (Michaël Zasso)
nodejs: updated to 18.2.0 Version 18.2.0 This update can be treated as a security release as the issues addressed in OpenSSL 3.0.3 slightly affect Node.js 18.
nodejs: updated to 18.1.0 Version 18.1.0 (Current) Notable Changes - doc: add @kuriyosh to collaborators (Yoshiki Kurihara) - (SEMVER-MINOR) lib,src: implement WebAssembly Web API (Tobias Nießen) - (SEMVER-MINOR) test_runner: add initial CLI runner (Colin Ihrig) - (SEMVER-MINOR) worker: add hasRef() to MessagePort (Darshan Sen) Version 18.0.0 (Current) Node.js 18 is here! Highlights include the update of the V8 JavaScript engine to 10.1, global fetch enabled by default, and a core test runner module. Initially, Node.js 18 will replace Node.js 17 as our ‘Current’ release line. As per the release schedule, Node.js 18 will be the ‘Current’ release for the next 6 months and then promoted to Long-term Support (LTS) in October 2022. Once promoted to long-term support the release will be designated the codename ‘Hydrogen’. Node.js 18 will be supported until April 2025. Notable Changes Deprecations and Removals (SEMVER-MAJOR) fs: runtime deprecate string coercion in fs.write, fs.writeFileSync (Livia Medeiros) (SEMVER-MAJOR) dns: remove dns.lookup and dnsPromises.lookup options type coercion (Antoine du Hamel) (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen)
nodejs: updated to 16.15.0 Version 16.15.0 'Gallium' Notable changes Add fetch API Adds experimental support to the fetch API. This adds the --experimental-fetch flag that installs the fetch, Request, Response, Headers, and FormData globals. (SEMVER-MINOR) add fetch (Michaël Zasso) (SEMVER-MINOR) add FormData global when fetch is enabled (Michaël Zasso) Other notable changes build: remove broken x32 arch support (Ben Noordhuis) crypto: (SEMVER-MINOR) add KeyObject.prototype.equals method (Filip Skokan) doc: add @ShogunPanda to collaborators (Paolo Insogna) add JakobJingleheimer to collaborators list (Jacob Smith) add joesepi to collaborators (Joe Sepi) add marsonya to collaborators (Akhil Marsonya) deprecate string coercion in fs.write, fs.writeFileSync (Livia Medeiros) deprecate notice for process methods (Yash Ladha) esm: (SEMVER-MINOR) support https remotely and http locally under flag (Bradley Farias) module: (SEMVER-MINOR) unflag esm json modules (Geoffrey Booth) node-api: (SEMVER-MINOR) add node_api_symbol_for() (Darshan Sen) process: deprecate multipleResolves (Benjamin Gruenbaum) stream: (SEMVER-MINOR) support some and every (Benjamin Gruenbaum) (SEMVER-MINOR) add toArray (Benjamin Gruenbaum) (SEMVER-MINOR) add forEach method (Benjamin Gruenbaum)
nodejs: gyp-mac-tool requires py-expat.
revbump for textproc/icu update
nodejs: disable "near code ranges" on NetBSD/evbarm-aarch64 for now It results in mmap(2) errors of the PR kern/55533 variety.
nodejs: more CHECK_PORTABILITY_SKIP
nodejs: add CHECK_PORTABILITY_SKIP
nodejs: updated to 16.14.2 Version 16.14.2 'Gallium' (LTS) This is a security release. Notable Changes Update to OpenSSL 1.1.1n, which addresses the following vulnerability: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt For older changes, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md
nodejs: updated to 14.19.0 Version 14.19.0 'Fermium' (LTS) Notable Changes Corepack Node.js now includes Corepack, a script that acts as a bridge between Node.js projects and the package managers they are intended to be used with during development. In practical terms, Corepack will let you use Yarn and pnpm without having to install them - just like what currently happens with npm, which is shipped in Node.js by default. Please head over to the Corepack documentation page for more information on how to use it. ICU updated ICU has been updated to 70.1. This updates timezone database to 2021a3, including bringing forward the start for DST for Jordan from March to February. New option to disable loading of native addons A new command line option --no-addons has been added to disallow loading of native addons. Updated Root Certificates Root certificates have been updated to those from Mozilla's Network Security Services 3.71.
nodejs: updated to 14.18.3 Version 14.18.3 'Fermium' (LTS) Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532) Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533) Prototype pollution via console.table properties (Low)(CVE-2022-21824)
nodejs: updated to 14.18.2 Version 14.18.2 'Fermium' (LTS) Notable changes This release contains a c-ares update to fix a regression introduced in Node.js 14.17.5 resolving CNAME records containing underscores 39780. Also included are commits to allow Node.js 14 to continue to build and pass tests on our Jenkins CI, including adding Python 3.10 to the list of allowable Python versions for building.
revbump for icu and libffi
nodejs: updated to 14.18.1 Version 14.18.1 'Fermium' (LTS) This is a security release. Notable changes CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium) The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication. CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium) The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
nodejs: updated to 14.18.0 Version 14.18.0 'Fermium' (LTS) Notable Changes assert: change status of legacy asserts (James M Snell) (SEMVER-MINOR) buffer: introduce Blob (James M Snell) (SEMVER-MINOR) buffer: add base64url encoding option (Filip Skokan) (SEMVER-MINOR) child_process: allow options.cwd receive a URL (Khaidi Chu) (SEMVER-MINOR) child_process: add timeout to spawn and fork (Nitzan Uziely) (SEMVER-MINOR) child_process: allow promisified exec to be cancel (Carlos Fuentes) (SEMVER-MINOR) child_process: add 'overlapped' stdio flag (Thiago Padilha) (SEMVER-MINOR) cli: add -C alias for --conditions flag (Guy Bedford) (SEMVER-MINOR) cli: add --node-memory-debug option (Anna Henningsen) (SEMVER-MINOR) dns: add "tries" option to Resolve options (Luan Devecchi) (SEMVER-MINOR) dns: allow --dns-result-order to change default dns verbatim (Ouyang Yadong) doc: refactor fs docs structure (James M Snell) (SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe) esm: deprecate legacy main lookup for modules (Guy Bedford) (SEMVER-MINOR) fs: allow empty string for temp directory prefix (Voltrex) (SEMVER-MINOR) fs: allow no-params fsPromises fileHandle read (Nitzan Uziely) (SEMVER-MINOR) fs: add support for async iterators to fsPromises.writeFile (HiroyukiYagihashi) fs: improve fsPromises readFile performance (Nitzan Uziely) (SEMVER-MINOR) fs: add fsPromises.watch() (James M Snell) (SEMVER-MINOR) fs: allow position parameter to be a BigInt in read and readSync (Darshan Sen) (SEMVER-MINOR) http2: add support for sensitive headers (Anna Henningsen) (SEMVER-MINOR) http2: allow setting the local window size of a session (Yongsheng Zhang) inspector: mark as stable (Gireesh Punathil) (SEMVER-MINOR) module: add support for URL to import.meta.resolve (Antoine du Hamel) (SEMVER-MINOR) module: add support for node:‑prefixed require(…) calls (ExE Boss) (SEMVER-MINOR) net: introduce net.BlockList (James M Snell) (SEMVER-MINOR) node-api: allow retrieval of add-on file name (Gabriel Schulhof) (SEMVER-MINOR) os: add os.devNull (Luigi Pinca) (SEMVER-MINOR) perf_hooks: introduce createHistogram (James M Snell) (SEMVER-MINOR) process: add api to enable source-maps programmatically (legendecas) (SEMVER-MINOR) process: add 'worker' event (James M Snell) (SEMVER-MINOR) process: add direct access to rss without iterating pages (Adrien Maret) (SEMVER-MINOR) readline: add AbortSignal support to interface (Nitzan Uziely) (SEMVER-MINOR) readline: add support for the AbortController to the question method (Mattias Runge-Broberg) (SEMVER-MINOR) readline: add history event and option to set initial history (Mattias Runge-Broberg) (SEMVER-MINOR) repl: add auto‑completion for node:‑prefixed require(…) calls (ExE Boss) (SEMVER-MINOR) src: call overload ctor from the original ctor (Darshan Sen) (SEMVER-MINOR) src: add a constructor overload for CallbackScope (Darshan Sen) (SEMVER-MINOR) src: allow to negate boolean CLI flags (Michaël Zasso) (SEMVER-MINOR) src: add --heapsnapshot-near-heap-limit option (Joyee Cheung) (SEMVER-MINOR) src: add way to get IsolateData and allocator from Environment (Anna Henningsen) (SEMVER-MINOR) src: allow preventing SetPrepareStackTraceCallback (Shelley Vohr) (SEMVER-MINOR) src: add maybe versions of EmitExit and EmitBeforeExit (Anna Henningsen) (SEMVER-MINOR) stream: add readableDidRead if has been read from (Robert Nagy) (SEMVER-MINOR) stream: pipeline accept Buffer as a valid first argument (Nitzan Uziely) (SEMVER-MINOR) tls: allow reading data into a static buffer (Andrey Pechkurov) (SEMVER-MINOR) url: expose urlToHttpOptions utility (Yongsheng Zhang) (SEMVER-MINOR) util: expose toUSVString (Robert Nagy) (SEMVER-MINOR) v8: implement v8.stopCoverage() (Joyee Cheung) (SEMVER-MINOR) v8: implement v8.takeCoverage() (Joyee Cheung) (SEMVER-MINOR) worker: add setEnvironmentData/getEnvironmentData (James M Snell)
nodejs: updated to 14.17.6 Version 14.17.6 'Fermium' (LTS) This is a security release. Notable Changes These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist. Version 14.17.5 'Fermium' (LTS) This is a security release. Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931. CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930. CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low) If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.
nodejs: updated to 14.17.4 Version 14.17.4 'Fermium' (LTS) This is a security release. Notable Changes CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 This releases also fixes some regressions with internationalization introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.
nodejs: updated to 14.17.3 Version 14.17.3 'Fermium' (LTS) Notable Changes Node.js 14.17.2 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows installer. Version 14.17.2 'Fermium' (LTS) This is a security release. Notable Changes Vulnerabilities fixed: CVE-2021-22918: libuv upgrade - Out of bounds read (Medium) Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918 CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium) Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921
nodejs: updated to 14.17.1 Version 14.17.1 'Fermium' (LTS) Notable Changes - deps: update ICU to 69.1 (Michaël Zasso) - errors: align source-map stacks with spec (Benjamin Coe) Commits - assert: refactor to use more primordials (Antoine du Hamel) - assert: refactor to avoid unsafe array iteration (Antoine du Hamel) - async_hooks: refactor to avoid unsafe array iteration (Antoine du Hamel) - async_hooks,doc: replace process.stdout.fd with 1 (Darshan Sen) - benchmark: avoid using console.log() (Antoine du Hamel) - benchmark: use process.hrtime.bigint() (Antoine du Hamel) - buffer: remove TODOs in atob / btoa (Khaidi Chu) - buffer: remove unreachable code (Rongjian Zhang) - buffer: make FastBuffer safe to construct (Antoine du Hamel) - buffer: refactor to use primordials instead of Array#reduce (Antoine du Hamel) - buffer: refactor to use more primordials (Antoine du Hamel) - build: work around bug in MSBuild v16.10.0 (Michaël Zasso) - build: add workaround for V8 builds (Richard Lau) - build: remove dependency on distutils.spawn (Richard Lau) - build: fix make test-npm (Ruy Adorno) - child_process: reduce abort handler code duplication (Rich Trott) - child_process: treat already-aborted controller as aborting (Rich Trott) - child_process: refactor to use more primordials (Antoine du Hamel) - deps: update to cjs-module-lexer@1.2.1 (Guy Bedford) - deps: update ICU to 69.1 (Michaël Zasso) - deps: V8: cherry-pick 035c305ce776 (Michaël Zasso) - deps: V8: cherry-pick dfcdf7837e23 (Benjamin Coe) - deps: V8: cherry-pick 86991d0587a1 (Benjamin Coe) - deps: V8: cherry-pick 530080c44af2 (Milad Fa) - dgram: extract cluster lazy loading method to make it testable (Rongjian Zhang) - dgram: refactor to use more primordials (Antoine du Hamel) - dns: refactor to use more primordials (Antoine du Hamel) - doc: cleanup events.md structure (James M Snell) - doc: fix JS flavor selection (Antoine du Hamel) - doc: use HEAD instead of master for links (Antoine du Hamel) - doc: remove import.meta.resolve parent URL type (Kevin Locke) - doc: document buffer.kStringMaxLength (Tobias Nießen) - doc: clarify synchronous blocking of Worker stdio (James M Snell) - doc: update contact info (Gabriel Schulhof) - doc: change color of doctag on night mode (Qingyu Deng) - doc: clarify DiffieHellmanGroup class docs (Nitzan Uziely) - doc: use AIX instead of Aix in fs.md (Rich Trott) - doc: remove extraneous dash from flag prefix (Rodolfo Carvalho) - doc: document 'secureConnect' event limitation (James M Snell) - doc: mark querystring api as legacy (James M Snell) - doc: add arguments for stream event of Http2Server and Http2SecureServer (Qingyu Deng) - doc: indicate that abort tests do not generate core files (Rich Trott) - doc: add try/catch in http2 respondWithFile example (Matteo Collina) - doc: note the system requirements for V8 tests (DeeDeeG) - doc: minor clarification to pathObject (James M Snell) - doc: document new TCP_KEEPCNT and TCP_KEEPINTVL socket option defaults (Arnold Zokas) - doc: do not mention TCP in the allowHalfOpen option description (Luigi Pinca) - doc: update message to match actual output (Rich Trott) - doc: request default snap track be updated for LTS (Rod Vagg) - doc: mark process.hrtime() as legacy (Antoine du Hamel) - doc: fix version history for "exports" patterns (Antoine du Hamel) - doc: fix package.json "imports" field history (Antoine du Hamel) - doc: fix typo in buffer.md (divlo) - doc: add nodejs-sec email template (Daniel Bevenius) - doc: update TSC members list with three new members (Rich Trott) - doc: use foo.prototype.bar notation in buffer.md (Voltrex) - doc: internal/test/binding for testing (Bradley Meck) - doc: add missing events.on metadata (Anna Henningsen) - doc: fix wording in outgoingMessage.write (Tobias Nießen) - doc: fix grammar errors in http document (Qingyu Deng) - doc: add document for http.OutgoingMessage (Qingyu Deng) - doc: remove generated from dsaEncoding description (Marko Kaznovac) - doc: document how to register external bindings for snapshot (Joyee Cheung) - doc: document the NO_COLOR and FORCE_COLOR env vars (James M Snell) - doc: clarify event.isTrusted text (Rich Trott) - doc: expand openssl instructions (Michael Dawson) - doc: document ABORT_ERR code (Benjamin Gruenbaum) - doc: document changes for */promises alias modules (ExE Boss) - errors: align source-map stacks with spec (Benjamin Coe) - errors: refactor to use more primordials (Antoine du Hamel) - errors: display original symbol name (Benjamin Coe) - errors: refactor to use more primordials (Antoine du Hamel) - errors: refactor to use more primordials (Antoine du Hamel) - events: refactor to use optional chaining (ZiJian Liu) - events: refactor to use more primordials (Antoine du Hamel) - fs: fix error when writing buffers > INT32_MAX (Zach Bjornson) - Revert "http: make HEAD method to work with keep-alive" (Michaël Zasso) - http2: treat non-EOF empty frames like other invalid frames (Anna Henningsen) - http2: fix setting options before handle exists (Anna Henningsen) - http2: add support for TypedArray to getUnpackedSettings (Antoine du Hamel) - https: refactor to use more primordials (Antoine du Hamel) - inspector: remove redundant method for connection check (Yash Ladha) - inspector: refactor to use more primordials (Antoine du Hamel) - lib: revert primordials in a hot path (Antoine du Hamel) - lib: make IterableWeakMap safe to iterate (Antoine du Hamel) - lib: fix and improve os typings (Akhil Marsonya) - lib: add URI handling functions to primordials (Antoine du Hamel) - lib: fix WebIDL object and dictionary type conversion (ExE Boss) - lib: refactor to use optional chaining in internal/options.js (raisinten) - lib: support returning Safe collections from C++ (ExE Boss) - lib: expose primordials object (Antoine du Hamel) - lib: refactor source_map to use more primordials (Antoine du Hamel) - lib: refactor source_map to avoid unsafe array iteration (Antoine du Hamel) - lib: simplify primordials.uncurryThis (ExE Boss) - lib: remove v8_prof_polyfill from eslint ignore list (Antoine du Hamel) - lib: remove unused code (Brian White) - lib: refactor to use more primordials in internal/encoding.js (raisinten) - lib: refactor to use primordials in internal/priority_queue.js (ZiJian Liu) - lib: add primordials.SafeStringIterator (Antoine du Hamel) - lib: make safe primordials safe to construct (Antoine du Hamel) - lib: make safe primordials safe to iterate (Antoine du Hamel) - lib: refactor to use more primordials in internal/histogram.js (raisinten) - lib: add uncurried accessor properties to primordials (ExE Boss) - lib: refactor primordials.uncurryThis (Antoine du Hamel) - lib: refactor to use more primordials (Antoine du Hamel) - lib: add %TypedArray% abstract constructor to primordials (ExE Boss) - lib: use Object static properties from primordials (Michaël Zasso) - lib,tools: enforce access to prototype from primordials (Antoine du Hamel) - meta: add v8 team (Jiawen Geng) - meta: post comment when pr labeled fast-track (James M Snell) - module: clarify CJS global-like variables not defined error message (Antoine du Hamel) - module: refactor NativeModule to avoid unsafe array iteration (Antoine du Hamel) - module: simplify tryStatSync with throwIfNoEntry option (Antoine du Hamel) - module: refactor to use more primordials (Antoine du Hamel) - module: refactor to use more primordials (Antoine du Hamel) - module: refactor to use iterable-weak-map (Benjamin Coe) - net: refactor to use more primordials (Antoine du Hamel) - node-api: faster threadsafe_function (Fedor Indutny) - node-api: fix shutdown crashes (Michael Dawson) - node-api: make reference weak parameter an indirect link to references (Chengzhong Wu) - os: refactor to use more primordials (Antoine du Hamel) - path: inline conditions (Voltrex) - path: refactor to use more primordials (Akhil Marsonya) - path: refactor to use more primordials (Antoine du Hamel) - perf_hooks: throw ERR_INVALID_ARG_VALUE if histogram.percentile param is NaN (ZiJian Liu) - perf_hooks: refactor to avoid unsafe array iteration (Antoine du Hamel) - perf_hooks: refactor to use more primordials (Antoine du Hamel) - policy: refactor to use more primordials (Antoine du Hamel) - querystring: refactor to use more primordials (Antoine du Hamel) - readline: refactor to use more primordials (Antoine du Hamel) - repl: document top level await limitation with const/let (James M Snell) - repl: display prompt once after error callback (Anna Henningsen) - src: fix multiple AddLinkedBinding() calls (Anna Henningsen) - src: update cares_wrap OpenBSD defines (Anna Henningsen) - src: remove extra semi after member fn (Shelley Vohr) - src: make workers messaging more resilient (Juan José Arboleda) - src: fix validation of negative offset to avoid abort (James M Snell) - src: use %progbits instead of @progbits (Stephen Gallagher) - src: fix setting Converter sub char length (James M Snell) - src: avoid deferred gc/cleanup for Buffer.from (James M Snell) - src: indent long help text properly (David Glasser) - src: fix ETW_WRITE_EMPTY_EVENT macro (Michaël Zasso) - src: disable unfixable MSVC warnings (Michaël Zasso) - src: avoid implicit type conversions (take 2) (Michaël Zasso) - src: fix compiler warnings in node_buffer.cc (Darshan Sen) - src: fix compiler warning in env.cc (Anna Henningsen) - src: add check against non-weak BaseObjects at process exit (Anna Henningsen) - src: use transferred consistently (Daniel Bevenius) - src: fix label indentation (Rich Trott) - stream: fix multiple Writable.destroy() calls (Robert Nagy) - stream: the position of _read() is wrong (helloyou2012) - stream: only use legacy close listeners if not willEmitClose (Robert Nagy) - stream: fix legacy pipe error handling (Robert Nagy) - string_decoder: throw ERR_STRING_TOO_LONG for UTF-8 (Michaël Zasso) - string_decoder: refactor to use more primordials (Antoine du Hamel) - test: improve coverage of lib/_http_client.js (Rongjian Zhang) - test: improve coverage of lib/os.js (Rongjian Zhang) - test: call functions internally (Voltrex) - test: complete coverage of querystring (Rongjian Zhang) - test: increase coverage for AbortController (ZiJian Liu) - test: run message and pseudo-tty tests in parallel (Richard Lau) - test: move test-net-connect-econnrefused from pummel to sequential (Rich Trott) - test: fix common.mustCall length and name properties (Antoine du Hamel) - test: address deprecation warning (Rich Trott) - test: move abort test from pummel to abort directory (Rich Trott) - test: skip some pummel tests on slower machines (Rich Trott) - test: add ancestor package.json checks for tmpdir (Richard Lau) - test: replace function with arrow function and remove unused argument (Andres) - test: use .test domain for not found address (Richard Lau) - test: increase fs promise coverage (Emil Sivervik) - test: increase timeout on ASAN Action (Antoine du Hamel) - test: improve coverage of SourceTextModule getters (Juan José Arboleda) - test: improve coverage for Module getters (Juan José Arboleda) - test: improve coverage on worker threads (Juan José Arboleda) - test: improve coverage at lib/internal/vm/module.js (Juan José Arboleda) - test: guard large string decoder allocation (Michaël Zasso) - test: add already-aborted-controller test for spawn() (Rich Trott) - test: add test for reused AbortController with execfile() (Rich Trott) - test: add Actions annotation output (Mary Marchini) - test: use .then(common.mustCall()) for all async IIFEs (Anna Henningsen) - test,doc,lib: adjust object literal newlines for lint rule (Rich Trott) - test,readline: improve tab completion coverage (Antoine du Hamel) - timers: fix unsafe array iteration (Darshan Sen) - timers: reject with AbortError on cancellation (Benjamin Gruenbaum) - timers: refactor to use more primordials (Antoine du Hamel) - timers: cleanup abort listener on awaitable timers (James M Snell) - tls: validate ticket keys buffer (Antoine du Hamel) - tls: fix session and keylog add listener segfault (Nitzan Uziely) - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) - tools: bump cpplint to 1.5.4 (Rich Trott) - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) - tools: bump cpplint to 1.5.3 (Rich Trott) - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) - tools: bump cpplint.py to 1.5.2 (Rich Trott) - tools: update ESLint to 7.27.0 (Luigi Pinca) - tools: update ESLint to 7.26.0 (Colin Ihrig) - tools: update ESLint to 7.25.0 (Colin Ihrig) - tools: update ESLint to 7.24.0 (Colin Ihrig) - tools: update ESLint to 7.23.0 (Luigi Pinca) - tools: update ESLint to 7.22.0 (Colin Ihrig) - tools: make update-eslint.sh work with npm@7 (Luigi Pinca) - tools: add support for mjs and cjs JS snippet linting (Antoine du Hamel) - tools: update eslint-plugin-markdown configuration (Colin Ihrig) - tools: enable object-curly-newline in ESLint rules (Rich Trott) - tools: make GH Actions workflows work if default branch is not master (Antoine du Hamel) - tools: use mktemp to create the workspace directory (Luigi Pinca) - tools: use a shallow clone of the npm/cli repository (Luigi Pinca) - tools: remove fixer for non-ascii-character ESLint custom rule (Rich Trott) - tools: fix doc generation when version info is not available (Antoine du Hamel) - tools: add _depot_tools to PATH (for V8 tests) (DeeDeeG) - tools: fix type mismatch in test runner (Richard Lau) - tools: simplify eslint comma-dangle configuration (tools) (Rich Trott) - tools: simplify eslint comma-dangle configuration (Rich Trott) - tools: run doctool tests on GitHub Actions CI (Antoine du Hamel) - tools: refactor prefer-primordials (Antoine du Hamel) - tools: update ESLint to 7.21.0 (Luigi Pinca) - tools: update ESLint to 7.20.0 (Colin Ihrig) - tools: update ESLint to 7.19.0 (Colin Ihrig) - tools: update ESLint to 7.18.0 (Colin Ihrig) - tools: update gyp-next to v0.7.0 (Michaël Zasso) - tools: update ESLint to 7.17.0 (Colin Ihrig) - tools: update ESLint to 7.16.0 (Yongsheng Zhang) - tools: enable no-unsafe-optional-chaining lint rule (Colin Ihrig) - tools: update ESLint to 7.15.0 (Colin Ihrig) - tools: enable no-unused-expressions lint rule (Michaël Zasso) - tools: enable no-nonoctal-decimal-escape lint rule (Colin Ihrig) - tools: update ESLint to 7.14.0 (Colin Ihrig) - tools: add linting rule for async IIFEs (Anna Henningsen) - tools: update ESLint to 7.13.0 (Luigi Pinca) - tools: update ESLint to 7.12.1 (Colin Ihrig) - tools: update ESLint to 7.12.0 (Colin Ihrig) - tools: update ESLint to 7.11.0 (Colin Ihrig) - tools: add new ESLint rule: prefer-primordials (Leko) - tools,doc: add support for several flavors of JS code snippets (Antoine du Hamel) - tools,lib: recommend using safe primordials (Antoine du Hamel) - tools,lib: tighten prefer-primordials rules for Error statics (Antoine du Hamel) - tty: refactor to avoid unsafe array iteration (Antoine du Hamel) - tty: refactor to use more primordials (Zijian Liu) - typings: add JSDoc typings for util (Rohit Gohri) - url: refactor to use more primordials (Antoine du Hamel) - util: simplify constructor retrieval in inspect() (Rich Trott) - v8: refactor to use more primordials (Antoine du Hamel) - v8: refactor to use more primordials (Antoine du Hamel) - vm: refactor to avoid unsafe array iteration (Antoine du Hamel) - wasi: refactor to avoid unsafe array iteration (Antoine du Hamel) - Revert "worker: remove ERR_CLOSED_MESSAGE_PORT" (Juan José Arboleda) - worker: refactor to avoid unsafe array iteration (Antoine du Hamel) - worker: refactor to use more primordials (Antoine du Hamel) - zlib: fix brotli flush range (Khaidi Chu) - zlib: refactor to avoid unsafe array iteration (Antoine du Hamel) - zlib: refactor to use primordial instead of <string>.startsWith (Rohan Chougule) - zlib: refactor to use more primordials (Antoine du Hamel)
nodejs: updated to 14.17.0 Version 14.17.0 'Fermium' (LTS) Notable Changes Diagnostics channel (experimental module) UUID support in the crypto module Experimental support for AbortController and AbortSignal doc: revoke deprecation of legacy url, change status to legacy (James M Snell) add legacy status to stability index (James M Snell) upgrade stability status of report API (Gireesh Punathil) deps: V8: Backport various patches for Apple Silicon support (BoHong Li) update ICU to 68.1 (Michaël Zasso) upgrade to libuv 1.41.0 (Colin Ihrig) http: add http.ClientRequest.getRawHeaderNames() (simov) report request start and end with diagnostics_channel (Stephen Belanger) util: add getSystemErrorMap() impl (eladkeyshawn)
nodejs: fix previous; bump revision to nb3.
nodejs: Fix support for NetBSD/aarch64. Bump revision. - Fix malformed preprocessor directive: ``#ifdef FOO && BAR'' - Use V8_OS_NETBSD instead of defined(__NetBSD__) consistently where appropriate XXX Unfortunately, nodejs does not work for aarch64eb yet. We need to add big-endian support to built-in assembler.
nodejs: Add a patch really and remove obsolete comment Noticed by adam@. Thank you.
nodejs: Fix build with icu-69.1 * Backported from nodejs-16.0.0. * Internal icu is not built under NetBSD/amd64 9.99.81 at least.
revbump for textproc/icu
nodejs: updated to 14.16.1 Version 14.16.1 'Fermium' (LTS) This is a security release. Notable Changes Vulnerabilities fixed: CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt Impacts: All versions of the 15.x, 14.x, 12.x and 10.x releases lines CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt Impacts: All versions of the 15.x, 14.x, 12.x and 10.x releases lines CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High) This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh Impacts: All versions of the 14.x, 12.x and 10.x releases lines
nodejs: updated to 14.16.0 Version 14.16.0 'Fermium' (LTS) This is a security release. Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. CVE-2021-22884: DNS rebinding in --inspect Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt
nodejs: updated to 14.15.5 Version 14.15.5 'Fermium' (LTS) Notable Changes deps: upgrade npm to 6.14.11 V8: backport dfcf1e86fac0 Note: Node.js is not believed to be vulnerable to CVE-2021-21148. stream,zlib: do not use _stream_* anymore
nodejs: updated to 14.15.4 Version 14.15.4 'Fermium' (LTS) Notable Changes Vulnerabilities fixed: CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. CVE-2020-8287: HTTP Request Smuggling in nodejs (Low) Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html).
Normalize handling packages that require 64-bit atomic ops.
nodejs: updated to 14.15.3 Version 14.15.3 'Fermium' (LTS) Notable Changes Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details.
nodejs: mark as Python 2.7 only
nodejs: updated to 14.15.2 Version 14.15.2 'Fermium' (LTS) Notable Changes deps: upgrade npm to 6.14.9 update acorn to v8.0.4 doc: add release key for Danielle Adams http2: check write not scheduled in scope destructor stream: fix regression on duplex end
nodejs: updayed to 14.15.1 Version 14.15.1 'Fermium' (LTS) Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses.
*: Recursive revbump from textproc/icu-68.1
nodejs: updated to 14.15.0 Version 14.15.0 'Fermium' (LTS) Notable Changes This release marks the transition of Node.js 14.x into Long Term Support (LTS) with the codename 'Fermium'. The 14.x release line now moves into "Active LTS" and will remain so until October 2021. After that time, it will move into "Maintenance" until end of life in April 2023.
nodejs: updated to 14.14.0 Version 14.14.0 (Current) Notable Changes - crypto: update certdata to NSS 3.56 - doc: add aduh95 to collaborators - (SEMVER-MINOR) fs: add rm method - (SEMVER-MINOR) http: allow passing array of key/val into writeHead - (SEMVER-MINOR) src: expose v8::Isolate setup callbacks
two fixes and now actually builds on armv7hf: - mips, ppc and arm platforms want -latomic, so provide it - link -larm on netbsd/arm to find arm_sync_icache()
nodejs: updated to 14.13.1 Version 14.13.1 (Current) Notable Changes fs: remove experimental from rmdir recursive
nodejs: updated to 14.13.0 Version 14.13.0 (Current) Notable Changes (SEMVER-MINOR) deps: upgrade to libuv 1.40.0 (SEMVER-MINOR) module: named exports for CJS via static analysis (SEMVER-MINOR) module: exports pattern support (SEMVER-MINOR) src: allow N-API addon in AddLinkedBinding() Version 14.12.0 (Current) Notable changes deps: * update to uvwasi 0.0.11 n-api: * create N-API version 7 * add more property defaults Version 14.11.0 (Current) Notable Changes This is a security release. Vulnerabilities fixed: CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical). CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
nodejs: updated to 14.10.1 Version 14.10.1 (Current) Notable Changes Node.js 14.10.0 included a streams regression with async generators and a docs rendering regression that are being fixed in this release.
nodejs: updated to 14.10.0 Version 14.10.0 (Current) Notable Changes (SEMVER-MINOR) buffer: also alias BigUInt methods (SEMVER-MINOR) crypto: add randomInt function (SEMVER-MINOR) perf_hooks: add idleTime and event loop util (SEMVER-MINOR) stream: simpler and faster Readable async iterator (SEMVER-MINOR) stream: save error in state
nodejs: updated to 14.9.0 Version 14.9.0 (Current) Notable Changes build: set --v8-enable-object-print by default deps: upgrade to libuv 1.39.0 upgrade npm to 6.14.8 V8: cherry-pick e06ace6b5cdb n-api: handle weak no-finalizer refs correctly tools: add debug entitlements for macOS 10.15+
Remove redundant --shared-openssl It was causing a build failure when openssl was disabled.
Pullup ticket #6296 - requested by maya lang/nodejs: aarch64 bugfix, PR port-arm/55533 (via patch) --- Module Name: pkgsrc Committed By: maya Date: Wed Aug 5 21:49:18 UTC 2020 Modified Files: pkgsrc/lang/nodejs: Makefile distinfo pkgsrc/lang/nodejs/patches: patch-deps_v8_src_base_platform_platform-posix.cc Log Message: nodejs: workaround issue for netbsd/aarch64 in PR port-arm/55533 NetBSD mmap might fail depending on the choice of hint addr given, so don't give a hint at all. bump PKGREVISION.
nodejs: updated to 14.8.0 Version 14.8.0 (Current) Notable Changes - (SEMVER-MINOR) async_hooks: add AsyncResource.bind utility (James M Snell) - deps: update to uvwasi 0.0.10 (Colin Ihrig) - doc: add Ricky Zhou to collaborators (rickyes) - doc: add release key for Ruy Adorno (Ruy Adorno) - doc: add DerekNonGeneric to collaborators (Derek Lewis) - (SEMVER-MINOR) module: unflag Top-Level Await (Myles Borins) - (SEMVER-MINOR) n-api: support type-tagging objects (Gabriel Schulhof) - (SEMVER-MINOR) n-api,src: provide asynchronous cleanup hooks (Anna Henningsen) Commits - async_hooks: avoid GC tracking of AsyncResource in ALS (Gerhard Stoebich) - async_hooks: avoid unneeded AsyncResource creation (Gerhard Stoebich) - async_hooks: improve property descriptors in als.bind (Gerhard Stoebich) - (SEMVER-MINOR) async_hooks: add AsyncResource.bind utility (James M Snell) - async_hooks: don't read resource if ALS is disabled (Gerhard Stoebich) - async_hooks: fix id assignment in fast-path promise hook (Andrey Pechkurov) - async_hooks: fix resource stack for deep stacks (Anna Henningsen) - async_hooks: execute destroy hooks earlier (Gerhard Stoebich) - async_hooks: don't reuse resource in HttpAgent when queued (Andrey Pechkurov) - benchmark: always throw the same Error instance (Anna Henningsen) - build: do not run auto-start-ci on forks (Evan Lucas) - build: run CI on release branches (Shelley Vohr) - build: enable build for node-v8 push (gengjiawen) - build: increase startCI verbosity and fix job name (Mary Marchini) - build: don't run auto-start-ci on push (Mary Marchini) - build: fix auto-start-ci script path (Mary Marchini) - build: auto start Jenkins CI via PR labels (Mary Marchini) - build: toolchain.gypi and node_gyp.py cleanup (iandrc) - console: document the behavior of console.assert() (iandrc) - crypto: add OP flag constants added in OpenSSL v1.1.1 (Mateusz Krawczuk) - deps: update to uvwasi 0.0.10 (Colin Ihrig) - doc: use _Static method_ instead of _Class Method_ (Rich Trott) - doc: tidy some addons.md text (Rich Trott) - doc: use _Class Method_ in async_hooks.md (Rich Trott) - doc: add Ricky Zhou to collaborators (rickyes) - doc: edit process.title note for brevity and clarity (Rich Trott) - doc: update fs.watch() availability for IBM i (iandrc) - doc: fix typo in path.md (aetheryx) - doc: add release key for Ruy Adorno (Ruy Adorno) - doc: clarify process.title inconsistencies (Corey Butler) - doc: document the connection event for HTTP2 & TLS servers (Tim Perry) - doc: mention null special-case for napi\_typeof (Renée Kooi) - doc: add DerekNonGeneric to collaborators (Derek Lewis) - doc: revise N-API versions matrix text (Rich Trott) - doc: clarify N-API version 1 (Michael Dawson) - doc: use consistent spelling for "falsy" (Rich Trott) - doc: simplify and clarify console.assert() documentation (Rich Trott) - doc: use consistent capitalization for addons (Rich Trott) - doc: add mmarchini pronouns (Mary Marchini) - doc: update mmarchini contact info (Mary Marchini) - doc: update .mailmap for mmarchini (Mary Marchini) - doc: use sentence-case for headers in SECURITY.md (Rich Trott) - esm: fix hook mistypes and links to types (Derek Lewis) - http: reset headers timeout on headers complete (Robert Nagy) - http: provide keep-alive timeout response header (Robert Nagy) - lib: use non-symbols in isURLInstance check (Shelley Vohr) - lib: absorb path error cases (Gireesh Punathil) - meta: uncomment all codeowners (Mary Marchini) - meta: enable http2 team for CODEOWNERS (Rich Trott) - module: handle Top-Level Await non-fulfills better (Anna Henningsen) - (SEMVER-MINOR) module: unflag Top-Level Await (Myles Borins) - n-api: fix use-after-free with napi_remove_async_cleanup_hook (Anna Henningsen) - (SEMVER-MINOR) n-api: support type-tagging objects (Gabriel Schulhof) - n-api: simplify bigint-from-word creation (Gabriel Schulhof) - (SEMVER-MINOR) n-api,src: provide asynchronous cleanup hooks (Anna Henningsen) - net: don't return the stream object from onStreamRead (Robey Pointer) - policy: increase tests via permutation matrix (Bradley Meck) - repl: use _Node.js_ in user-facing REPL text (Rich Trott) - repl: use _REPL_ in user-facing text (Rich Trott) - repl: improve static import error message in repl (Myles Borins) - repl: give repl entries unique names (Bradley Meck) - src: fix linter failures (Anna Henningsen) - src: spin shutdown loop while immediates are pending (Anna Henningsen) - src: fix size underflow in CallbackQueue (Anna Henningsen) - src: fix unused namespace member in node_util (Andrey Pechkurov) - test: fix wrong method call (gengjiawen) - test: add debugging for callbacks in test-https-foafssl.js (Rich Trott) - test: add debugging for test-https-foafssl.js (Rich Trott) - test: convert most N-API tests from C++ to C (Gabriel Schulhof) - test: replace flaky pummel regression tests (Anna Henningsen) - test: change Fixes: to Refs: (Rich Trott) - test: fix flaky http-parser-timeout-reset (Robert Nagy) - test: remove unneeded flag check in test-vm-memleak (Rich Trott) - tools: fix C++ import checker argument expansion (Anna Henningsen) - tools: update ESLint to 7.6.0 (Colin Ihrig) - tools: add meta.fixable to fixable lint rules (Colin Ihrig) - util: print External address from inspect (unknown) - wasi: add __wasi_fd_filestat_set_times() test
nodejs: workaround issue for netbsd/aarch64 in PR port-arm/55533 NetBSD mmap might fail depending on the choice of hint addr given, so don't give a hint at all. bump PKGREVISION.
nodejs: updated to 14.7.0 Version 14.7.0 (Current) Notable Changes deps: - upgrade npm to 6.14.7 dgram: - (SEMVER-MINOR) add IPv6 scope id suffix to received udp6 dgrams src: - (SEMVER-MINOR) allow preventing SetPromiseRejectCallback - (SEMVER-MINOR) allow setting a dir for all diagnostic output worker: - (SEMVER-MINOR) make MessagePort inherit from EventTarget zlib: - switch to lazy init for zlib streams New Collaborators: - add rexagod to collaborators - add AshCripps to collaborators - add HarshithaKP to collaborators - add release key for Richard Lau
nodejs: updated to 14.6.0 Version 14.6.0: Notable Changes deps: upgrade to libuv 1.38.1 (Colin Ihrig) upgrade npm to 6.14.6 (claudiahdz) (SEMVER-MINOR) update V8 to 8.4.371.19 (Michaël Zasso) module: (SEMVER-MINOR) doc only deprecation of module.parent (Antoine du HAMEL) (SEMVER-MINOR) package "imports" field (Guy Bedford) src: (SEMVER-MINOR) allow embedders to disable esm loader (Shelley Vohr) tls: (SEMVER-MINOR) make 'createSecureContext' honor more options (Mateusz Krawczuk) vm: (SEMVER-MINOR) add run-after-evaluate microtask mode (Anna Henningsen) worker: (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) New Collaborators: add danielleadams to collaborators (Danielle Adams) add ruyadorno to collaborators (Ruy Adorno) add sxa as collaborator (Stewart X Addison)
nodejs: updated to 14.5.0 Version 14.5.0 (Current) Notable Changes V8 engine is updated to version 8.3 Initial experimental implementation of EventTarget
nodejs/nodejs10/nodejs12: these now require nghttp2>=1.41.0 As of the last updates to each of these, made earlier this month, they now require nghttp2>=1.41.0 to build. They expect nghttp2_option_set_max_settings to be available.
nodejs: updated to 14.4.0 Version 14.4.0 (Current) Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High). CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low). CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High). Commits - crypto: update root certificates - (SEMVER-MINOR) deps: update nghttp2 to 1.41.0 - (SEMVER-MINOR) http2: implement support for max settings entries - napi: fix memory corruption vulnerability - tls: emit session after verifying certificate - tools: update certdata.txt
Revbump for icu
nodejs: updated to 14.3.0 Version 14.3.0 (Current) Notable Changes REPL previews improvements with autocompletion The output preview is changed to generate previews for autocompleted input instead of the actual input. Pressing <enter> during a preview is now going to evaluate the whole string including the autocompleted part. Pressing <escape> cancels that behavior. Support for Top-Level Await It's now possible to use the await keyword outside of async functions.
nodejs: updated to 14.2.0 Version 14.2.0 (Current) Notable Changes * Track function calls with assert.CallTracker (experimental) * Console groupIndentation option
revbump after boost update
nodejs: updated to 14.1.0 Version 14.1.0 Notable Changes deps: upgrade openssl sources to 1.1.1g doc: add juanarbol as collaborator http: doc deprecate abort and improve docs module: do not warn when accessing __esModule of unfinished exports n-api: detect deadlocks in thread-safe function src: deprecate embedder APIs with replacements stream: * don't emit end after close * don't wait for close on legacy streams * pipeline should only destroy un-finished streams vm: add importModuleDynamically option to compileFunction Version 14.0.0 (Current) Notable Changes ECMAScript Modules - Experimental Warning Removal New V8 ArrayBuffer API cli, report: move --report-on-fatalerror to stable deps: upgrade to libuv 1.37.0 fs: add fs/promises alias module
nodejs: updated to 13.13.0 Version 13.13.0 (Current) Notable Changes New file system APIs Added a new function, fs.readv (with sync and promisified versions). This function takes an array of ArrayBufferView elements and will write the data it reads sequentially to the buffers. A new overload is available for fs.readSync, which allows to optionally pass any of the offset, length and position parameters. Other changes dns: Added the dns.ALL flag, that can be passed to dns.lookup() with dns.V4MAPPED to return resolved IPv6 addresses as well as IPv4 mapped IPv6 addresses. http: The default maximum HTTP header size was changed from 8KB to 16KB. n-api: Calls to napi_call_threadsafe_function from the main thread can now return the napi_would_deadlock status in certain circumstances. util: Added a new maxStrLength option to util.inspect, to control the maximum length of printed strings. Its default value is Infinity. worker: Added support for passing a transferList along with workerData to the Worker constructor
Recursive revision bump after textproc/icu update
nodejs: updated to 13.12.0 Version 13.12.0 build: * macOS package notarization deps: * upgrade npm to 6.14.4 * update to uvwasi 0.0.6 * upgrade to libuv 1.35.0 lib: * add --disable-proto option to cli node_report: * move diagnostic reports to stable worker: * allow URL in Worker constructor util: * use a global symbol for util.promisify.custom
nodejs: updated to 3.11.0 Version 13.11.0 Notable Changes: async_hooks: add sync enterWith to ALS cli: allow --jitless V8 flag in NODE_OPTIONS fs: return first folder made by mkdir recursive n-api: define release 6 os: create a getter for kernel version wasi: add returnOnExit option
nodejs: remove a stale portability skip. Add another one.
nodejs: updated to 13.10.1 Version 13.10.1 (Current): In Node.js 13.9.0 deps/zlib was switched to the chromium maintained implementation. This change had the unforseen consequence of breaking building from the tarballs we release as we were too aggressively removing unneccessary files from the deps/zlib folder. This release includes a patch that ensures that individuals will once again be able to build Node.js from source.
nodejs: updated to 13.10.0 Version 13.10.0 (Current): Notable Changes async_hooks - introduce async-context API stream - support passing generator functions into pipeline() tls - expose SSL_export_keying_material vm - implement vm.measureMemory() for per-context memory measurement
nodejs: updated to 13.9.0 Version 13.9.0 (Current) async_hooks * add executionAsyncResource crypto * add crypto.diffieHellman * add DH support to generateKeyPair * simplify DH groups * add key type 'dh' test * skip keygen tests on arm systems perf_hooks * add property flags to GCPerformanceEntry process * report ArrayBuffer memory in memoryUsage() readline * make tab size configurable report * add support for Workers worker * add ability to take heap snapshot from parent thread added new collaborators * add ronag to collaborators
nodejs: updated to 13.8.0 Version 13.8.0 (Current): Notable Changes This is a security release. Vulnerabilities fixed: CVE-2019-15606: HTTP header values do not have trailing OWS trimmed. CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header. CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string. Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the --insecure-http-parser command line flag, or the insecureHTTPParser http option. Using the insecure HTTP parser should be avoided.
nodejs: updated to 13.7.0 Version 13.7.0 Notable Changes deps: * upgrade to libuv 1.34.1 * upgrade npm to 6.13.6 module * add API for interacting with source maps * loader getSource, getFormat, transform hooks * logical conditional exports ordering * unflag conditional exports process: * allow monitoring uncaughtException
nodejs: updated to 13.6.0 Version 13.6.0 (Current): Notable Changes * assert: - Implement assert.match() and assert.doesNotMatch() * events: - Add EventEmitter.on to async iterate over events - Allow monitoring error events * fs: - Allow overriding fs for streams * perf_hooks: - Move perf_hooks out of experimental * repl: - Implement ZSH-like reverse-i-search * tls: - Add PSK (pre-shared key) support
nodejs: updated to 13.5.0 Version 13.5.0 (Current): Notable Changes cli: * add --trace-exit cli option http,https: * increase server headers timeout readline: * update ansi-regex * promote _getCursorPos to public api repl: * add completion preview util: * add Set and map size to inspect output wasi: * require CLI flag to require() wasi module
Get rid of http-parser for nodejs 12+
nodejs: updated to 13.3.0 Version 13.3.0: Notable Changes fs: Reworked experimental recursive rmdir() The maxBusyTries option is renamed to maxRetries, and its default is set to 0. The emfileWait option has been removed, and EMFILE errors use the same retry logic as other errors. The retryDelay option is now supported. ENFILE errors are now retried. http: Make maximum header size configurable per-stream or per-server http2: Make maximum tolerated rejected streams configurable Allow to configure maximum tolerated invalid frames wasi: Introduce initial WASI support
nodejs: updated to 10.17.0 Version 10.17.0 'Dubnium' (LTS): Notable changes crypto: - add support for chacha20-poly1305 for AEAD - increase maxmem range from 32 to 53 bits deps: - update npm to 6.11.3 - upgrade openssl sources to 1.1.1d dns: remove dns.promises experimental warning fs: remove experimental warning for fs.promises http: makes response.writeHead return the response http2: makes response.writeHead return the response n-api: - make func argument of napi_create_threadsafe_function optional - mark version 5 N-APIs as stable - implement date object process: add --unhandled-rejections flag stream: - implement Readable.from async iterator utility - make Symbol.asyncIterator support stable
nodejs: updated to 10.16.3 Version 10.16.3 'Dubnium' (LTS): Notable changes This is a security release. Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information. Vulnerabilities fixed: CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service. CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service. CVE-2019-9513 “Resource Loop”: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service. CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service. CVE-2019-9515 “Settings Flood”: The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service. CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service. CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service. CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service.
nodejs: updated to 10.16.2 Version 10.16.2 'Dubnium' (LTS) Notable changes This release patches a regression in the OpenSSL upgrade to 1.1.1c that causes intermittent hangs in machines that have low entropy.
nodejs: updated to 10.16.1 Version 10.16.1 'Dubnium' (LTS) Notable changes deps: upgrade openssl sources to 1.1.1c stream: do not unconditionally call \_read() on resume() worker: fix nullptr deref after MessagePort deser failure
nodejs: updated to 10.16.0 Version 10.16.0 'Dubnium' (LTS) Notable Changes deps: update ICU to 64.2 upgrade npm to 6.9.0 upgrade openssl sources to 1.1.1b upgrade to libuv 1.28.0 events: add once method to use promises with EventEmitter n-api: mark thread-safe function as stable repl: support top-level for-await-of zlib: add brotli support
Recursive revbump from textproc/icu
nodejs: fix SIGABRT on NetBSD/i386 8.0 by pulling upstream PR #21848. Also apply similar ifdefs for NetBSD as FreeBSD and OpenBSD. Now nodejs binary won't fail during lang/npm and www/firefox builds on NetBSD/i386 8.0. Bump PKGREVISION. No particular comments on pkgsrc-bug@: http://mail-index.netbsd.org/pkgsrc-bugs/2019/03/19/msg066102.html Should close PR pkg/53497, PR pkg/53758, PR pkg/53792, and PR pkg/53794.
nodejs: updated to 10.15.3 Version 10.15.3 'Dubnium' (LTS) Notable Changes doc: add antsmartian to collaborators http: fix error check in Execute() stream: fix end-of-stream for HTTP/2
nodejs: updated to 10.15.2 Version 10.15.2 'Dubnium' (LTS): This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ for details on patched vulnerabilities. A fix for the following CVE is included in this release: Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737) Notable Changes http: Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode.
- Fix OpenSSL support for NetBSD/amd64 (https works fine now) - Fix NetBSD/i386 support (hopefully also works for other ILP32 archs) - Add NetBSD/aarch64 support - Bump revision
nodejs: Require http-parser>=2.9.0. ok leot
nodejs: updated to 10.15.1 10.15.1: Notable Changes doc: - add oyyd to collaborators (Ouyang Yadong) tls: - throw if protocol too long Bug fixes
Fix build under NetBSD/i386 8.0, based on PR pkg/53758
nodejs: updated to 10.15.0 Version 10.15.0 'Dubnium' (LTS): The 10.14.0 security release introduced some unexpected breakages on the 10.x release line. This is a special release to fix a regression in the HTTP binary upgrade response body and add a missing CLI flag to adjust the max header size of the http parser. Notable Changes cli: add --max-http-header-size flag http: add maxHeaderSize property
nodejs: don't invert notion of code. from Mike Pumford.
nodejs: updated to 10.14.2 Version 10.14.2 'Dubnium' (LTS) This LTS release comes with 374 commits. This includes 165 which are test or benchmark related, 77 which are doc related, 29 which are build / tool related and 15 commits which update dependencies. Notable Changes * deps: - upgrade to c-ares v1.15.0 * Windows: - A crashing process will now show the names of stack frames if the node.pdb file is available.
nodejs: updated to 10.14.1 Version 10.14.1 'Dubnium' (LTS): Notable Changes win/msi: Revert changes to installer causing issues on Windows systems.
nodejs: updated to 10.14.0 Version 10.14.0 'Dubnium' (LTS): This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) * Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) * OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735) Notable Changes * deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735 * http: - Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) - A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina) * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol.
nodejs: updated to 10.13.0
Version 10.13.0 'Dubnium' (LTS)
This release marks the transition of Node.js 10.x into Long Term Support (LTS) with the codename 'Dubnium'. The 10.x release line now moves in to "Active LTS" and will remain so until April 2020. After that time it will move in to "Maintenance" until end of life in April 2021.
Notable Changes
This release only includes minimal changes necessary to fix known regressions prior to LTS.
Version 10.12.0 (Current)
Notable changes
assert
* The diff output is now a tiny bit improved by sorting object properties when inspecting the values that are compared with each other.
cli
* The options parser now normalizes _ to - in all multi-word command-line flags, e.g. --no_warnings has the same effect as --no-warnings.
* Added bash completion for the node binary. To generate a bash completion script, run node --completion-bash. The output can be saved to a file which can be sourced to enable completion.
crypto
* Added support for PEM-level encryption.
* Added an API asymmetric key pair generation. The new methods crypto.generateKeyPair and crypto.generateKeyPairSync can be used to generate public and private key pairs. The API supports RSA, DSA and EC and a variety of key encodings (both PEM and DER).
fs
* Added a recursive option to fs.mkdir and fs.mkdirSync. If this option is set to true, non-existing parent folders will be automatically created.
http2
* Added a 'ping' event to Http2Session that is emitted whenever a non-ack PING is received.
* Added support for the ORIGIN frame.
* Updated nghttp2 to 1.34.0. This adds RFC 8441 extended connect protocol support to allow use of WebSockets over HTTP/2.
module
* Added module.createRequireFromPath(filename). This new method can be used to create a custom require function that will resolve modules relative to the filename path.
process
* Added a 'multipleResolves' process event that is emitted whenever a Promise is attempted to be resolved multiple times, e.g. if the resolve and reject functions are both called in a Promise executor.
url
* Added url.fileURLToPath(url) and url.pathToFileURL(path). These methods can be used to correctly convert between file: URLs and absolute paths.
util
* Added the sorted option to util.inspect(). If set to true, all properties of an object and Set and Map entries will be sorted in the returned string. If set to a function, it is used as a compare function.
The util.instpect.custom symbol is now defined in the global symbol registry as Symbol.for('nodejs.util.inspect.custom').
* Added support for BigInt numbers in util.format().
V8 API
* A number of V8 C++ APIs have been marked as deprecated since they have been removed in the upstream repository. Replacement APIs are added where necessary.
Windows
* The Windows msi installer now provides an option to automatically install the tools required to build native modules.
Workers
* Debugging support for Workers using the DevTools protocol has been implemented.
* The public inspector module is now enabled in Workers.
lang/nodejs: Update to 10.11.0. - fs - Fixed fsPromises.readdir `withFileTypes`. - http2 - Added `http2stream.endAfterHeaders` property. - util - Added `util.types.isBoxedPrimitive(value)`.
nodejs: Work around build rpath issue with torque.
lang/nodejs: Update to 10.10.0.
- child_process:
- `TypedArray` and `DataView` values are now accepted as input by
`execFileSync` and `spawnSync`.
- coverage:
- Native V8 code coverage information can now be output to disk by
setting the environment variable `NODE_V8_COVERAGE` to a directory.
- fs:
- The methods `fs.read`, `fs.readSync`, `fs.write`, `fs.writeSync`,
`fs.writeFile` and `fs.writeFileSync` now all accept `TypedArray`
and `DataView` objects.
- A new boolean option, `withFileTypes`, can be passed to to
`fs.readdir` and `fs.readdirSync`. If set to true, the methods
return an array of directory entries. These are objects that can
be used to determine the type of each entry and filter them based
on that without calling `fs.stat`.
- http2:
- The `http2` module is no longer experimental.
- os:
- Added two new methods: `os.getPriority` and `os.setPriority`,
allowing to manipulate the scheduling priority of processes.
- process:
- Added `process.allowedNodeEnvironmentFlags`. This object can be
used to programmatically validate and list flags that are allowed
in the `NODE_OPTIONS` environment variable.
- src:
- Deprecated option variables in public C++ API.
- Refactored options parsing.
- vm:
- Added `vm.compileFunction`, a method to create new JavaScript
functions from a source body, with options similar to those of
the other `vm` methods.
lang/nodejs: Update to 10.9.0.
- buffer:
- Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2
encoding (CVE-2018-12115)
- Fix unintentional exposure of uninitialized memory in
`Buffer.alloc()` (CVE-2018-7166)
- deps:
- Upgrade to OpenSSL 1.1.0i, fixing:
- Client DoS due to large DH parameter (CVE-2018-0732)
- ECDSA key extraction via local side-channel (CVE not assigned)
- Upgrade V8 from 6.7 to 6.8
- Memory reduction and performance improvements
- http: `http.get()` and `http.request()` (and `https` variants) can
now accept three arguments to allow for a `URL` _and_ an `options`
object
nodejs needs a recent libuv (1.22.0). Bump revision. This fixes a build failure on my machine with an older libuv version installed.
lang/nodejs: Update to 10.8.0. No notable changes besides update to npm 6.2.0, which we do not bundle.
lang/nodejs: Update to 10.7.0.
- console:
- The `console.timeLog()` method has been implemented.
- deps:
- Upgrade to libuv 1.22.0.
- Upgrade to ICU 62.1 (Unicode 11, CLDR 33.1).
- http:
- Added support for passing both `timeout` and `agent` options to
`http.request`.
- inspector:
- Expose the original console API in `require('inspector').console`.
- napi:
- Added experimental support for functions dealing with bigint
numbers.
- process:
- The `process.hrtime.bigint()` method has been implemented.
- Added the `--title` command line argument to set the process title
on startup.
- trace_events:
- Added process\_name metadata.
Recursive revbump from textproc/icu-62.1
lang/nodejs: Update to 10.6.0.
- dns: An experimental promisified version of the dns module is now
available. Give it a try with `require('dns').promises`.
- fs: `fs.lchown` has been undeprecated now that libuv supports it.
- lib: `Atomics.wake` is being renamed to `Atomics.notify` in the
ECMAScript specification. Since Node.js now has experimental support
for worker threads, we are being proactive and added a `notify` alias,
while emitting a warning if `wake` is used.
- n-api: Add API for asynchronous functions.
- util: `util.inspect` is now able to return a result instead of
throwing when the maximum call stack size is exceeded during
inspection.
- vm: Add `script.createCachedData()`. This API replaces the
`produceCachedData` option of the `Script` constructor that is now
deprecated.
- worker: Support for relative paths has been added to the `Worker`
constructor. Paths are interpreted relative to the current working
directory.
lang/nodejs: Update to 10.5.0. crypto: - Support for crypto.scrypt() has been added. fs: - BigInt support has been added to fs.stat and fs.watchFile. - APIs that take mode as arguments no longer throw on values larger than 0o777. - Fix crashes in closed event watchers. Worker Threads: - Support for multi-threading has been added behind the --experimental-worker flag in the worker_threads module. This feature is experimental and may receive breaking changes at any time.
lang/nodejs: Update to 10.4.1.
- Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced
in 9.7.0 that increases the memory consumed when reading from the
network into JavaScript using the net.Socket object directly as a
stream.
- http2
- (CVE-2018-7161): Fixes Denial of Service vulnerability by updating
the http2 implementation to not crash under certain circumstances
during cleanup
- (CVE-2018-1000168): Fixes Denial of Service vulnerability by
upgrading nghttp2 to 1.32.0
- tls (CVE-2018-7162): Fixes Denial of Service vulnerability by
updating the TLS implementation to not crash upon receiving
- n-api: Prevent use-after-free in napi_delete_async_work
lang/nodejs: Update to 10.4.0. - deps: update V8 to 6.7.288.43 - stream: ensure Stream.pipeline re-throws errors without callback
lang/nodejs: Update to 10.3.0. - fs: fix reads with pos > 4GB - net: new option to allow IPC servers to be readable and writable by all users - stream: fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed
lang/nodejs: Update to 10.2.1. - http: fix res emit close before user finish - src: re-integrate headers into node.h - test: mark test-zlib.zlib-binding.deflate as flaky
lang/nodejs: Update to 10.2.0.
- addons:
- Fixed a memory leak for users of `AsyncResource` and N-API.
- assert:
- The `error` parameter of `assert.throws()` can be an object
containing regular expressions now.
- crypto:
- The `authTagLength` option has been made more flexible.
- esm:
- Builtin modules (e.g. `fs`) now provide named exports in ES6
modules.
- http:
- Handling of `close` and `aborted` events has been made more
consistent.
- module:
- add --preserve-symlinks-main
- timers:
- `timeout.refresh()` has been added to the public API.
- Embedder support:
- Functions for creating V8 `Isolate` and `Context` objects with
Node.js-specific behaviour have been added to the API.
- Node.js `Environment`s clean up resources before exiting now.
- Support for multi-threaded embedding has been improved.
lang/nodejs: Update to 10.1.0. - console: make console.table() use colored inspect - fs: move fs/promises to fs.promises - http: added aborted property to request - n-api: initialize a module via a special symbol - src: add public API to expose the main V8 Platform
lang/nodejs: Use pkgsrc http-parser, libuv, libcares instead of bundled versions. Switch back to bundled nghttp2 on lang/nodejs to reconcile a conflict of OpenSSL versions.
lang/nodejs: Include options.mk to enable options
lang/nodejs: Update to 10.0.0.
Use bundled OpenSSL until pkgsrc provides the required 1.1.x.
### Notable Changes
- Assert
- Calling `assert.fail()` with more than one argument is deprecated.
- Calling `assert.ok()` with no arguments will now throw.
- Calling `assert.ifError()` will now throw with any argument other
than `undefined` or `null`. Previously the method would throw with
any truthy value.
- The `assert.rejects()` and `assert.doesNotReject()` methods have
been added for working with async functions.
- Async_hooks
- Older experimental async_hooks APIs have been removed.
- Buffer
- Uses of `new Buffer()` and `Buffer()` outside of the
`node_modules` directory will now emit a runtime deprecation
warning.
- `Buffer.isEncoding()` now returns `undefined` for falsy values,
including an empty string.
- `Buffer.fill()` will throw if an attempt is made to fill with an
empty `Buffer`.
- Child Process
- Undefined properties of env are ignored.
- Console
- The `console.table()` method has been added.
- Crypto
- The `crypto.createCipher()` and `crypto.createDecipher()` methods
have been deprecated. Please use `crypto.createCipheriv()` and
`crypto.createDecipheriv()` instead.
- The `decipher.finaltol()` method has been deprecated.
- The `crypto.DEFAULT_ENCODING` property has been deprecated.
- The `ECDH.convertKey()` method has been added.
- The `crypto.fips` property has been deprecated.
- Dependencies
- V8 has been updated to 6.6.
- OpenSSL has been updated to 1.1.0h.
- EventEmitter
- The `EventEmitter.prototype.off()` method has been added as an
alias for `EventEmitter.prototype.removeListener()`.
- File System
- The `fs/promises` API provides experimental promisified versions
of the `fs` functions.
- Invalid path errors are now thrown synchronously.
- The `fs.readFile()` method now partitions reads to avoid thread
pool exhaustion.
- HTTP
- Processing of HTTP Status codes `100`, `102-199` has been
improved.
- Multi-byte characters in URL paths are now forbidden.
- N-API
- The n-api is no longer experimental.
- Net
- The `'close'` event will be emitted after `'end'`.
- Perf_hooks
- The `PerformanceObserver` class is now an `AsyncResource` and can
be monitored using `async_hooks`.
- Trace events are now emitted for performance events.
- The `performance` API has been simplified.
- Performance milestone marks will be emitted as trace events.
- Process
- Using non-string values for `process.env` is deprecated.
- The `process.assert()` method is deprecated.
- REPL
- REPL now experimentally supports top-level await when using the
`--experimental-repl-await` flag.
- The previously deprecated "magic mode" has been removed.
- The previously deprecated `NODE_REPL_HISTORY_FILE` environment
variable has been removed.
- Proxy objects are shown as Proxy objects when inspected.
- Streams
- The `'readable'` event is now always deferred with nextTick.
- A new `pipeline()` method has been provided for building
end-to-data stream pipelines.
- Experimental support for async for-await has been added to
`stream.Readable`.
- Timers
- The `enroll()` and `unenroll()` methods have been deprecated.
- TLS
- The `tls.convertNPNProtocols()` method has been deprecated.
- Support for NPN (next protocol negotiation) has been dropped.
- The `ecdhCurve` default is now `'auto'`.
- Trace Events
- A new `trace_events` top-level module allows trace event
categories to be enabled/disabled at runtime.
- URL
- The WHATWG URL API is now a global.
- Util
- `util.types.is[…]` type checks have been added.
- Support for bigint formatting has been added to `util.inspect()`.
#### Deprecations:
The following APIs have been deprecated in Node.js 10.0.0
- Passing more than one argument to `assert.fail()` will emit a
runtime deprecation warning.
- Previously deprecated legacy async_hooks APIs have reached
end-of-life and have been removed.
- Using `require()` to access several of Node.js' own internal
dependencies will emit a runtime deprecation.
- The `crypto.createCipher()` and `crypto.createDecipher()` methods
have been deprecated in documentation.
- Using the `Decipher.finaltol()` method will emit a runtime
deprecation warning.
- Using the `crypto.DEFAULT_ENCODING` property will emit a runtime
deprecation warning.
- Use by native addons of the `MakeCallback()` variant that passes a
`Domain` will emit a runtime deprecation warning.
- Previously deprecated internal getters/setters on `net.Server` has
reached end-of-life and have been removed.
- Use of non-string values for `process.env` has been deprecated in
documentation.
- Use of `process.assert()` will emit a runtime deprecation warning.
- Previously deprecated `NODE_REPL_HISTORY_FILE` environment variable
has reached end-of-life and has been removed.
- Use of the `timers.enroll()` and `timers.unenroll()` methods will
emit a runtime deprecation warning.
- Use of the `tls.convertNPNProtocols()` method will emit a runtime
deprecation warning. Support for NPN has been removed from Node.js.
- The `crypto.fips` property has been deprecated in documentation.
lang/nodejs*: Remove the npm package manager from nodejs packages. Introduce nodeversion.mk framework to pick and depend on one of the supported nodejs version packages. Bump respective PKGREVISIONs.
revbump for boost-libs update
revbump after icu update
lang/nodejs: Update to 9.11.1. - deps: Updated ICU to 61.1 - fs: Emit 'ready' event for ReadStream and WriteStream - n-api: Bump version of n-api supported - net: Emit 'ready' event for Socket
nodejs 9.10.1 - No code changes nodejs 9.10.0 Fixes for the following CVEs are included in this release: - CVE-2018-7158 - CVE-2018-7159 - CVE-2018-7160 Notable Changes - Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious website could use a DNS rebinding attack to trick a web browser to bypass same-origin-policy checks and allow HTTP connections to localhost or to hosts on the local network, potentially to an open inspector port as a debugger, therefore gaining full code execution access. The inspector now only allows connections that have a browser Host value of localhost or localhost6. - Fix for 'path' module regular expression denial of service (CVE-2018-7158): A regular expression used for parsing POSIX paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted 'path' module functions. - Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The Node.js HTTP parser allowed for spaces inside Content-Length header values. Such values now lead to rejected connections in the same way as non-numeric values. - Update root certificates: 5 additional root certificates have been added to the Node.js binary and 30 have been removed. - cluster: Add support for NODE_OPTIONS="--inspect" - crypto: Expose the public key of a certificate - n-api: Add napi_fatal_exception to trigger an uncaughtException in JavaScript - path: Fix regression in posix.normalize - stream: Improve stream creation performance nodejs 9.9.0 assert: - From now on all error messages produced by assert in strict mode will produce a error diff. - From now on it is possible to use a validation object in throws instead of the other possibilities. crypto: - allow passing null as IV unless required fs: - support as and as+ flags in stringToFlags() tls: - expose Finished messages in TLSSocket tty: - Add getColorDepth function to determine if terminal supports colors. util: - add util.inspect compact option
lang/nodejs: Update to 9.8.0. crypto: - add cert.fingerprint256 as SHA256 fingerprint (Hannes Magnusson) #17690 http2: - Fixed issues with aborted connections in the HTTP/2 implementation (Anna Henningsen) #18987 #19002 loader: - --inspect-brk now works properly for esmodules (Gus Caplan) #18949 src: - make process.dlopen() load well-known symbol (Ben Noordhuis) #18934 trace_events: - add file pattern cli option (Andreas Madsen) #18480
lang/nodejs: Update to 9.7.1. - libuv: Updated to libuv 1.19.2 - src: Add initial support for Node.js-specific post-mortem metadata - timers: The return value of setImmediate() now has ref() and unref() methods - util: It is now possible to get the name for a numerical platform-specific error code as a string
lang/nodejs: Update to 9.6.1.
nodejs 9.6.1
events:
- events.usingDomains being set to false by default was removed in
9.6.0 which was a change in behavior compares to 9.5.0. This
behavior change has been reverted and the events object now has
usingDomains preset to false, which is the behavior in 9.x prior
to 9.6.0
nodejs 9.6.0
async_hooks:
- deprecate unsafe emit{Before,After}
- rename PromiseWrap.parentId to PromiseWrap.isChainedPromise
deps:
- update node-inspect to 1.11.3
- ICU 60.2 bump
- Introduce ScriptOrModule and HostDefinedOptions to V8
http:
- add options to http.createServer() for IncomingMessage and
ServerReponse
http2:
- add http fallback options to .createServer
https:
- Adds the remaining options from tls.createSecureContext() to the
string generated by Agent#getName(). This allows https.request() to
accept the options and generate unique sockets appropriately.
inspector:
- --inspect-brk for es modules
lib:
- allow process kill by signal number
module:
- enable dynamic import
- dynamic import is now supported
n-api:
- add methods to open/close callback scope
src:
- allow --perf-(basic-)?prof in NODE_OPTIONS
vm:
- add support for es modules
Update lang/nodejs to 9.5.0. cluster - add cwd to cluster.settings deps - upgrade libuv to 1.19.1 n-api - expose n-api version in process.versions perf_hooks - add performance.clear() stream - avoid writeAfterEnd() while ending
Update lang/nodejs to 9.4.0.
async_hooks:
- deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither
API were documented.
deps:
- update nghttp2 to 1.29.0
- upgrade npm to 5.6.0
- cherry-pick 50f7455 from upstream V8
events:
- remove reaches into _events internals
http:
- add rawPacket in err of clientError event
http2:
- implement maxSessionMemory
- add initial support for originSet
- add altsvc support
- perf_hooks integration
- Refactoring and cleanup of Http2Session and Http2Stream destroy
net:
- remove Socket.prototype.write
- remove Socket.prototype.listen
repl:
- show lexically scoped vars in tab completion
stream:
- rm {writeable/readable}State.length
- add flow and buffer properties to streams
util:
- allow wildcards in NODE_DEBUG variable
zlib:
- add ArrayBuffer support
Update lang/nodejs to 9.3.0. async_hooks: - add trace events to async_hooks - add provider types for net server console: - console.debug can now be used outside of the inspector deps: - upgrade libuv to 1.18.0 - patch V8 to 6.2.414.46 module: - module.builtinModules will return a list of built in modules n-api: - add helper for addons to get the event loop process: - process.setUncaughtExceptionCaptureCallback can now be used to customize behavior for --abort-on-uncaught-exception - A signal handler is now able to receive the signal code that triggered the handler. src: - embedders can now use Node::CreatePlatform to create an instance of NodePlatform stream: - writable.writableHighWaterMark and readable.readableHighWaterMark will return the values the stream object was instantiated with
Update lang/nodejs to 9.2.1. - buffer: buffer allocated with an invalid content will now be zero filled (CVE-2017-15897) - deps: openssl updated to 1.0.2n
Revbump after textproc/icu update
Update lang/nodejs to 9.2.0. crypto: - Support building with both 1.1.0 and 1.0.2 fs: - fs.realpathSync.native and fs.realpath.native are now exposed process: - expose process.ppid
Update lang/nodejs to 9.1.0. CLI: - NODE_OPTIONS now supports the --stack-trace-limit option. #16495 deps: - OpenSSL is upgraded to 1.0.2m #16691 http: - A 'connect' event handler leak has been fixed. #16725 - The 103 Early Hints status code is now supported. #16644
Update lang/nodejs to 9.0.0.
### Notable Changes
- Async hooks: Older experimental APIs have been removed.
- Improvements have been made to `buffer` module error messages.
- Child Processes: Errors are emitted on process nextTick.
- Domains: The long-deprecated `.dispose()` method has been removed.
- fs
- The `fs.ReadStream` and `fs.WriteStream` classes now use `destroy()`.
- `fs` module callbacks are now invoked with an undefined context.
- HTTP/1
- A 400 Bad Request response will now be sent when parsing fails.
- Socket timeout will be set when the socket connects.
- A bug causing the request `'error'` event to fire twice was fixed
- HTTP clients may now use generic `Duplex` streams in addition
to `net.Socket`.
- Intl
- The deprecated `Intl.v8BreakIterator` has been removed.
- OS
- The `os.EOL` property is now read-only
- Timers
- `setTimeout()` will emit a warning if the timeout is larger that
the maximum 32-bit unsigned integer.
Update lang/nodejs to 8.8.1. - net: Fix timeout with null handle issue. This is a regression in 8.8.0
Update lang/nodejs to 8.8.0. crypto: - expose ECDH class http2: - http2 is now exposed by default without the need for a flag - a new environment variable NODE_NO_HTTP2 has been added to allow userland http2 to be required - support has been added for generic Duplex streams module: - resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle zlib: - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector.
Update lang/nodejs to 8.7.0. deps: - update npm to 5.4.2 - upgrade libuv to 1.15.0 - update V8 to 6.1.534.42 dgram: - support for setting dgram socket buffer size fs: - add support O_DSYNC file open constant util: - deprecate obj.inspect for custom inspection tools, build: - there is a fancy new macOS installer
Update lang/nodejs to 8.6.0. nodejs 8.6.0 ============ crypto - Support for multiple ECDH curves. dgram - Added setMulticastInterface() API. - Custom lookup functions are now supported. n-api - The command-line flag is no longer required to use N-API. tls - Docs-only deprecation of parseCertString(). nodejs 8.5.0 ============ build - Snapshots are now re-enabled in V8 console - Implement minimal console.group(). deps - upgrade libuv to 1.14.1 - update nghttp2 to v1.25.0 dns - Add verbatim option to dns.lookup(). When true, results from the DNS resolver are passed on as-is, without the reshuffling that Node.js otherwise does that puts IPv4 addresses before IPv6 addresses. fs - add fs.copyFile and fs.copyFileSync which allows for more efficient copying of files. inspector - Enable async stack traces module - Add support for ESM. This is currently behind the --experimental-modules flag and requires the .mjs extension. node --experimental-modules index.mjs napi - implement promise os - Add support for CIDR notation to the output of the networkInterfaces() method. perf_hooks - An initial implementation of the Performance Timing API for Node.js. This is the same Performance Timing API implemented by modern browsers with a number of Node.js specific properties. The User Timing mark() and measure() APIs are implemented. tls - multiple PFX in createSecureContext
revbump for requiring ICU 59.x
Update lang/nodejs to 8.4.0.
Update lang/nodejs to 8.4.0.
## 2017-08-15, Version 8.4.0 (Current), @addaleax
- HTTP2
- Experimental support for the built-in `http2` has been added via the
`--expose-http2` flag.
- Inspector
- `require()` is available in the inspector console now.
- Multiple contexts, as created by the `vm` module, are supported now.
- N-API
- New APIs for creating number values have been introduced.
- Stream
- For `Duplex` streams, the high water mark option can now be set
independently for the readable and the writable side.
- Util
- `util.format` now supports the `%o` and `%O` specifiers for printing
objects.
## 2017-08-09, Version 8.3.0 (Current), @addaleax
The V8 engine has been upgraded to version 6.0, which has a significantly
changed performance profile.
- DNS
- Independent DNS resolver instances are supported now, with support for
cancelling the corresponding requests.
- N-API
- Multiple N-API functions for error handling have been changed to support
assigning error codes.
- REPL
- Autocompletion support for `require()` has been improved.
- Utilities
- The WHATWG Encoding Standard (`TextDecoder` and `TextEncoder`) has
been implemented as an experimental feature.
Update lang/nodejs to 8.2.1.
8.2.1
- configure:
- add mips64el to valid_arch
- crypto:
- Updated root certificates based on NSS 3.30
- deps:
- upgrade OpenSSL to version 1.0.2.l
- http:
- parse errors are now reported when NODE_DEBUG=http
- Agent construction can now be envoked without `new`
- zlib:
- node will now throw an Error when zlib rejects the value of
windowBits, instead of crashing
8.2.0
- Async Hooks
- Multiple improvements to Promise support in `async_hooks` have
been made.
- Build
- The compiler version requirement to build Node with GCC has been
raised to GCC 4.9.4.
- Cluster
- Users now have more fine-grained control over the inspector port
used by individual cluster workers. Previously, cluster workers were
restricted to incrementing from the master's debug port.
- DNS
- The server used for DNS queries can now use a custom port.
- Support for `dns.resolveAny()` has been added.
- npm
- The `npm` CLI has been updated to version 5.3.0. In particular, it
now comes with the `npx` binary, which is also shipped with Node.
Update lang/nodejs to 8.1.4. - Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale)
Update lang/nodejs to 8.1.3.
- Stream Two regressions with the stream module have been fixed:
- The finish event will now always be emitted after the error event
if one is emitted
- In object mode, readable streams can now use undefined again.
Update lang/nodejs to 8.1.2. - Fix broken process.release properties in 8.1.1 causing failure to compile native add-ons on platforms other than Windows. This is a fix in the Node.js build process so there are no additional code commits included on top of 8.1.1.
Update lang/nodejs to 8.1.1. 8.1.1 Child processes - stdout and stderr are now available on the error output of a failed call to the util.promisify()ed version of child_process.exec. HTTP - A regression that broke certain scenarios in which HTTP is used together with the cluster module has been fixed. HTTPS - The rejectUnauthorized option now works properly for unix sockets. Readline - A change that broke npm init and other code which uses readline multiple times on the same input stream is reverted. 8.1.0 Async Hooks - When one Promise leads to the creation of a new Promise, the parent Promise will be identified as the trigger Dependencies - libuv has been updated to 1.12.0 - npm has been updated to 5.0.3 File system - The fs.exists() function now works correctly with util.promisify() - fs.Stats times are now also available as numbers Inspector - It is now possible to bind to a random port using --inspect=0 Zlib - A regression in the Zlib module that made it impossible to properly subclasses zlib.Deflate and other Zlib classes has been fixed.
Update lang/nodejs to 8.0.0
Node.js 8.0.0 is a major new release that includes a significant number of
semver-major and semver-minor changes. Notable changes are listed below.
The Node.js 8.x release branch is scheduled to become the next actively
maintained Long Term Support (LTS) release line in October, 2017 under the
LTS codename 'Carbon'.
### Notable Changes
* Async Hooks
* The `async_hooks` module has landed in core
* Buffer
* Using the `--pending-deprecation` flag will cause Node.js to emit a
deprecation warning when using `new Buffer(num)` or `Buffer(num)`.
* `new Buffer(num)` and `Buffer(num)` will zero-fill new `Buffer` instances
* Many `Buffer` methods now accept `Uint8Array` as input
* Child Process
* Argument and kill signal validations have been improved
* Child Process methods accept `Uint8Array` as input
* Console
* Error events emitted when using `console` methods are now supressed.
* Dependencies
* The npm client has been updated to 5.0.0
* V8 has been updated to 5.8 with forward ABI stability to 6.0
* Domains
* Native `Promise` instances are now `Domain` aware
* Errors
* We have started assigning static error codes to errors generated by Node.js.
This has been done through multiple commits and is still a work in
progress.
* File System
* The utility class `fs.SyncWriteStream` has been deprecated
* The deprecated `fs.read()` string interface has been removed
* HTTP
* Improved support for userland implemented Agents
* Outgoing Cookie headers are concatenated into a single string
* The `httpResponse.writeHeader()` method has been deprecated
* New methods for accessing HTTP headers have been added to `OutgoingMessage`
* Lib
* All deprecation messages have been assigned static identifiers
* The legacy `linkedlist` module has been removed
* N-API
* Experimental support for the new N-API API has been added
* Process
* Process warning output can be redirected to a file using the
`--redirect-warnings` command-line argument
* Process warnings may now include additional detail
* REPL
* REPL magic mode has been deprecated
* Src
* `NODE_MODULE_VERSION` has been updated to 57
* Add `--pending-deprecation` command-line argument and
`NODE_PENDING_DEPRECATION` environment variable
* The `--debug` command-line argument has been deprecated. Note that
using `--debug` will enable the *new* Inspector-based debug protocol
as the legacy Debugger protocol previously used by Node.js has been
removed.
* Throw when the `-c` and `-e` command-line arguments are used at the same
time
* Throw when the `--use-bundled-ca` and `--use-openssl-ca` command-line
arguments are used at the same time.
* Stream
* `Stream` now supports `destroy()` and `_destroy()` APIs
* `Stream` now supports the `_final()` API
* TLS
* The `rejectUnauthorized` option now defaults to `true`
* The `tls.createSecurePair()` API now emits a runtime deprecation
* A runtime deprecation will now be emitted when `dhparam` is less than
2048 bits
* URL
* The WHATWG URL implementation is now a fully-supported Node.js API
* Util
* `Symbol` keys are now displayed by default when using `util.inspect()`
* `toJSON` errors will be thrown when formatting `%j`
* Convert `inspect.styles` and `inspect.colors` to prototype-less objects
* The new `util.promisify()` API has been added
* Zlib
* Support `Uint8Array` in Zlib convenience methods
* Zlib errors now use `RangeError` and `TypeError` consistently
On macOS, do not generate debugging symbols; they use lots of disk space, and most of them get stripped off during installation.
Only node.js 7.x builds with icu>=0.59. Go back to use limited/embedded icu for lang/nodejs4 and lang/nodejs6.
Update lang/nodejs to 7.10.0. - crypto: add randomFill and randomFillSync - meta: Added new collaborators - add lucamaraschi to collaborators - add DavidCai1993 to collaborators - add jkrems to collaborators - add AnnaMag to collaborators - process: fix crash when Promise rejection is a Symbol - url: make WHATWG URL more spec compliant - v8: - fix stack overflow in recursive method - fix build errors with g++ 7
Revbump after icu update
Update lang/nodejs to 7.9.0. - util: console is now closer to what is supported in all major browsers
Update lang/nodejs to 7.8.0 2017-03-28, Version 7.8.0 buffer: - do not segfault on out-of-range index crypto: - Fix memory leak if certificate is revoked deps: - upgrade npm to 4.2.0 - fix async await desugaring in V8 readline: - add option to stop duplicates in history 2017-03-21, Version 7.7.4 - deps: Add node-inspect 1.10.6 - inspector: proper WS URLs when bound to 0.0.0.0 - tls: fix segfault on destroy after partial read.
Update lang/nodejs to 7.7.3. - module: The module loading global fallback to the Node executable's directory now works correctly on Windows. - net: Socket.prototype.connect now once again functions without a callback. - url: URL.prototype.origin now properly specified an opaque return of 'null' for file:// URLs.
Update lang/nodejs to 7.7.2. Notable changes - doc: add Daijiro Wachi to collaborators - tty: add ref() so process.stdin.ref() etc. work - util: fix inspecting symbol key in string
Update lang/nodejs to 7.7.1. - Node.js 7.7.0 contains a bug that will prevent all native modules from building, this patch should fix the issue. Apologies to everyone who was affected by 7.7.0.
Update lang/nodejs to 7.7.0. - child_process: spawnSync() exit code now is null when the child is killed via signal - http: new functions to access the headers for an outgoing HTTP message - lib: deprecate node --debug at runtime - tls: new tls.TLSSocket() supports sec ctx options - url: adding URL.prototype.toJSON support - doc: items in the API documentation may now have changelogs - crypto: adding support for OPENSSL_CONF again - src: adding support for trace-event tracing
Update lang/nodejs to 7.6.0. Notable changes - deps: - update V8 to 5.5 - upgrade libuv to 1.11.0 - add node-inspect 1.10.4 - upgrade zlib to 1.2.11 - lib: build node inspect into node - crypto: Remove expired certs from CNNIC whitelist - inspector: add --inspect-brk - fs: allow WHATWG URL objects as paths - src: support UTF-8 in compiled-in JS source files - url: extend url.format to support WHATWG URL
Update lang/nodejs to 7.5.0. Notable changes - crypto: - ability to select cert store at runtime - Use system CAs instead of using bundled ones - deps: - upgrade npm to 4.1.2 - upgrade openssl sources to 1.0.2k - doc: add basic documentation for WHATWG URL API - process: add NODE_NO_WARNINGS environment variable - url: allow use of URL with http.request and https.request
Update lang/nodejs to 7.4.0. Notable changes - buffer: - Improve performance of Buffer allocation by ~11%. - Improve performance of Buffer.from() by ~50%. - events: Improve performance of EventEmitter.once() by ~27%. - fs: Allow passing Uint8Array to fs methods where Buffers are supported. - http: Improve performance of http server by ~7%. - npm: Upgrade to v4.0.5
Update lang/nodejs to 7.3.0. Notable changes buffer: - buffer.fill() now works properly for the UCS2 encoding on Big-Endian machines. cluster: - disconnect() now returns a reference to the disconnected worker. crypto: - The built-in list of Well-Known CAs (Certificate Authorities) can now be extended via a NODE_EXTRA_CA_CERTS environment variable. http: - Remove stale timeout listeners in order to prevent a memory leak when using keep alive. tls: - Allow obvious key/passphrase combinations. url: - Including base argument in URL.originFor() to meet specification compliance. - Improve URLSearchParams to meet specification compliance.
Update lang/nodejs to 7.2.1. - buffer: - Reverted the runtime deprecation of calling Buffer() without new. - Fixed buffer.transcode() for single-byte character encodings to UCS2. - promise: --trace-warnings now produces useful stacktraces for Promise warnings. - repl: Fixed a bug preventing correct parsing of generator functions. - V8: Fixed a significant instanceof performance regression.
Recursive revbump from textproc/icu 58.1
Update lang/nodejs to 7.2.0.
- crypto: The Decipher methods setAuthTag() and setAAD now return this.
- dns: Implemented {ttl: true} for resolve4() and resolve6().
- libuv: Upgrade to v1.10.1
- Fixed a potential buffer overflow when writing data to console on
Windows 10.
- process: Added a new external property to the data returned by
memoryUsage().
- tls: Fixed a memory leak when writes were queued on TLS connection that
was destroyed during handshake.
- V8 (dep): Upgrade to v5.4.500.43
- v8: The data returned by getHeapStatistics() now includes three new
fields: malloced_memory, peak_malloced_memory, and does_zap_garbage.
Update lang/nodejs to 7.1.0.
- buffer: add buffer.transcode to transcode a buffer's content from one
encoding to another primarily using ICU
- child_process: add public API for IPC channel
- icu:
- Upgraded to ICU 58 - small icu
- Add cldr, tz, and unicode to process.versions
- lib: make String(global) === '\[object global\]'
- libuv: Upgraded to 1.10.0
- readline: use icu based string width calculation
- src:
- add NODE_PRESERVE_SYMLINKS environment variable that has the same effect
as the --preserve-symlinks flag
- Fix String#toLocaleUpperCase() and String#toLocaleLowerCase()
Update lang/nodejs to 7.0.0. This new major version of Node.js includes: V8 5.4 which brings along with 98% coverage of ES6 language features, improved reliability and performance, and a new experimental URL parser based on the WHATWG URL standard. As an odd numbered release, in accordance with our Long Term Support plan, Node.js v7 will be supported only until about June, 2017, with Node.js v8 currently scheduled for release in April, 2017. Notable changes Buffer - Passing invalid input to Buffer.byteLength will now throw an error #8946. - Calling Buffer without new is now deprecated and will emit a process warning #8169. - Passing a negative number to allocUnsafe will now throw an error #7079. Child Process - The fork and execFile methods now have stronger argument validation #7399. Cluster - The worker.suicide method is deprecated and will emit a process warning #3747. Deps - V8 has been updated to 5.4.500.36 #8317, #8852, #9253. - NODE_MODULE_VERSION has been updated to 51 #8808. File System - A process warning is emitted if a callback is not passed to async file system methods #7897. Intl - Intl.v8BreakIterator constructor has been deprecated and will emit a process warning #8908. Promises - Unhandled Promise rejections have been deprecated and will emit a process warning #8217. Punycode - The punycode module has been deprecated #7941. URL - An Experimental WHATWG URL Parser has been introduced #7448.
Update lang/nodejs to 6.9.1. - streams: Fix a regression introduced in v6.8.0 in readable stream that caused unpipe to remove the wrong stream
Update lang/nodejs to 6.9.0. - crypto: Don't automatically attempt to load an OpenSSL configuration file, from the OPENSSL_CONF environment variable or from the default location for the current platform. Always triggering a configuration file load attempt may allow an attacker to load compromised OpenSSL configuration into a Node.js process if they are able to place a file in a default location. - node: Introduce the process.release.lts property, set to "Boron". This value is "Argon" for v4 LTS releases and undefined for all other releases. - V8: Backport fix for CVE-2016-5172, an arbitrary memory read. - v8_inspector: Generate a UUID for each execution of the inspector. This provides additional security to prevent unauthorized clients from connecting to the Node.js process via the v8_inspector port when running with --inspect.
Update lang/nodejs to 6.8.0.
Notable changes
- fs:
- SyncWriteStream now inherits from Stream.Writable.
- fs.existsSync() has been undeprecated. fs.exists() remains
deprecated.
- http: http.request() now accepts a timeout option.
- module: The module loader now maintains its own realpath cache.
- npm: Upgraded to 3.10.8
- stream: Duplex streams now show proper instanceof Stream.Writable.
- timers: Improved setTimeout/Interval performance by up to 22%.
Update lang/nodejs to 6.7.0 - openssl: Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. - http: CVE-2016-5325 - Properly validate for allowable characters in the reason argument in ServerResponse#writeHead(). - buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() while providing a totalLength parameter that exceeds the total length of the original Buffer objects being concatenated. - src: Fix regression where passing an empty password and/or salt to crypto.pbkdf2() would cause a fatal error - tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of *. in the wildcard string. - v8: Fix regression where a regex on a frozen object was broken
Update lang/nodejs to 6.6.0. Notable changes - crypto: Added crypto.timingSafeEqual(). - events: Made the "max event listeners" memory leak warning more accessible. - promises: Unhandled rejections now emit a process warning after the first tick. - repl: Added auto alignment for .editor mode. - util: Some functionality has been added to util.inspect(): - Returning this from a custom inspect function now works. - Added support for Symbol-based custom inspection methods.
Update lang/nodejs to 6.5.0. - buffer: Fix regression introduced in v6.4.0 that prevented .write() at buffer end - deps: update V8 to 5.1.281.75 - inspector: - fix inspector hang while disconnecting - add support for uncaught exception - repl: Fix saving editor mode text in .save - Revert "repl,util: insert carriage returns in output"
Update lang/nodejs to 6.4.0 Notable changes - build: zlib symbols and additional OpenSSL symbols are now exposed on Windows platforms. - child_process, cluster: Forked child processes and cluster workers now support stdio configuration. - child_process: argv[0] can now be set to arbitrary values in spawned processes. - fs: fs.ReadStream now exposes the number of bytes it has read so far. - repl: The REPL now supports editor mode. - util: inspect() can now be configured globally using util.inspect.defaultOptions.
Update lang/nodejs to 6.3.1.
6.3.1.
Notable changes
- buffer:
- Improve performance of Buffer.from(str, 'hex') and
Buffer#write(str, 'hex').
- Fix creating from zero-length ArrayBuffer.
- deps:
- Upgrade to V8 5.0.71.57.
- Backport V8 instanceof bugfix
- repl: Fix issue with function redeclaration.
- util: Fix inspecting of boxed symbols.
6.3.0
Notable changes
- buffer: Added buffer.swap64() to complement swap16() & swap32().
- build: New configure options have been added for building
Node.js as a shared library.
- crypto: Root certificates have been updated.
- debugger: The server address is now configurable via
--debug=<address>:<port>.
- npm: Upgraded npm to v3.10.3
- readline: Added the prompt option to the readline constructor.
- repl / vm: sigint/ctrl+c will now break out of infinite loops
without stopping the Node.js instance.
- src:
- Added a node::FreeEnvironment public C++ API.
- Refactored require('constants'), constants are now available
directly from their respective modules.
- stream: Improved readable.read() performance by up to 70%.
- timers: setImmediate() is now up to 150% faster in some
situations.
- util: Added a breakLength option to util.inspect() to control
how objects are formatted across lines.
- v8-inspector: Experimental support has been added for debugging
Node.js over the inspector protocol.
Update lang/nodejs to 6.2.2.
- http:
- req.read(0) could cause incoming connections to stall and time out
under certain conditions. (Fedor Indutny) #7211
- When freeing the socket to be reused in keep-alive Agent wait for
both prefinish and end events. Otherwise the next request may be
written before the previous one has finished sending the body,
leading to parser errors. (Fedor Indutny) #7149
- npm: upgrade npm to 3.9.5 (Kat Marchan) #7139
Update lang/nodejs to 6.2.1. Notable changes - buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). - npm: Upgrade npm to 3.9.3 - tty: Default to blocking mode for stdio on OS X. - V8: Upgrade to V8 5.0.71.52. See full changelog: https://github.com/nodejs/node/blob/v6.2.1/doc/changelogs/CHANGELOG_V6.md
Remove the nodejs icu option and make nodejs use a system ICU package by default. Expand existing patch to fix NetBSD 6 build. Fixes PR pkg/51172. Bump PKGREVISION for lang/nodejs and lang/nodejs4.
Update lang/nodejs to 6.2.0. Notable Changes - buffer: fix lastIndexOf and indexOf in various edge cases - child_process: use /system/bin/sh on android - deps: - upgrade npm to 3.8.9 - upgrade to V8 5.0.71.47 - upgrade libuv to 1.9.1 - Intl: ICU 57 bump - repl: - copying tabs shouldn't trigger completion - exports Recoverable - src: add O_NOATIME constant - src,module: add --preserve-symlinks command line flag - util: adhere to noDeprecation set at runtime
Update lang/nodejs to 6.1.0.
- assert: deep{Strict}Equal() now works correctly with circular
references.
- debugger: Arrays are now formatted correctly in the debugger repl.
- deps: Upgrade OpenSSL sources to 1.0.2h
- net: Introduced a Socket#connecting property.
- process: Introduced process.cpuUsage().
- stream: Writable#setDefaultEncoding() now returns this.
- util: Two new additions to util.inspect():
- Added a maxArrayLength option to truncate the formatting of
Arrays.
- Added a showProxy option for formatting proxy intercepting
handlers.
Update lang/nodejs to 6.0.0. This release will become the new LTS later in 2016. The following significant changes have been made since the previous Node.js v5.0.0 release. Buffer - New Buffer constructors have been added #4682 and #5833. - Existing Buffer() and SlowBuffer() constructors have been deprecated in docs #4682 and #5833. - Previously deprecated Buffer APIs are removed #5048, #4594. - Improved error handling #4514. - The Buffer.prototype.lastIndexOf() method has been added #4846. Cluster - Worker emitted as first argument in 'message' event #5361. - The worker.exitedAfterDisconnect property replaces worker.suicide #3743. Console - Calling console.timeEnd() with an unknown label now emits a process warning rather than throwing #5901. Crypto - Improved error handling #3100, #5611. - Simplified Certificate class bindings #5382. - Improved control over FIPS mode #5181. - pbkdf2 digest overloading is deprecated #4047. Dependencies - Reintroduce shared c-ares build support #5775. - V8 updated to 5.0.71.35 #6372. DNS - Add dns.resolvePtr() API to query plain DNS PTR records #4921. Domains - Clear stack when no error handler #4659. Events - The EventEmitter.prototype._events object no longer inherits from Object.prototype #6092. - The EventEmitter.prototype.prependListener() and EventEmitter.prototype.prependOnceListener() methods have been added #6032. File System - The fs.realpath() and fs.realpathSync() methods have been updated to use a more efficient libuv-based implementation. This change includes the removal of the cache argument and the method can throw new errors #3594. - FS apis can now accept and return paths as Buffers #5616. - Error handling and type checking improvements #5616, #5590, #4518, #3917. - fs.read's string interface is deprecated #4525. HTTP - 'clientError' can now be used to return custom errors from an HTTP server #4557.
Update lang/nodejs to 5.11.0. Buffer: - Buffer.prototype.compare can now compare sub-ranges of two Buffers. deps: - update to http-parser 2.7.0 - update ESLint to 2.7.0 net: - adds support for passing DNS lookup hints to createConnection() node: - Make the builtin libraries available for the --eval and --print CLI options npm: - upgrade npm to 3.8.6 repl: - Pressing enter in the repl will repeat the last command by default if no input has been received. This behaviour was in node previously and was not removed intentionally. src: - add SIGINFO to supported signals streams: - Fix a regression that caused by net streams requesting multiple chunks synchronously when combined with cork/uncork zlib: - The flushing flag is now configurable allowing for decompression of partial data
Return process.execPath as absolute path on NetBSD current like on Linux. Bump PKGREVISION for NetBSD current. This fixes node-sass build under NetBSD current.
Recursive revbump from textproc/icu 57.1
Update lang/nodejs to 5.10.1. - http: Enclose IPv6 Host header in square brackets. This will enable proper seperation of the host adress from any port reference - path: Make win32.isAbsolute more consistent
Update lang/nodejs to 5.10.0. 5.10.0 * buffer: - make byteLength work with ArrayBuffer & DataView - backport --zero-fill-buffers command line option - backport new buffer constructor APIs - add swap16() and swap32() methods * fs: add the fs.mkdtemp() function. * net: emit host in lookup event * node: --no-browser-globals configure flag * npm: Upgrade to v3.8.3. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. * repl: support standalone blocks * src: override v8 thread defaults using cli options 5.9.0 * contextify: Fixed a memory consumption issue related to heavy use of vm.createContext and vm.runInNewContext. * lib: copy arguments object instead of leaking it * src: allow both -i and -e flags to be used at the same time * timers: Internal Node.js timeouts now use the same logic path as those created with setTimeout() * v8: backport fb4ccae from v8 upstream: breakout events from v8 to offer better support for external debuggers * zlib: add support for concatenated members
Update lang/nodejs to 5.8.0. Clean stale bits from options.mk.
Changes since 5.7.1:
- child_process: send() now accepts an options parameter
- constants: ENGINE_METHOD_RSA is now correctly exposed
- Fixed two regressions which originated in v5.7.0:
- http: Errors inside of http client callbacks now propagate
correctly
- path: Fixed normalization of absolute paths
- repl: start() no longer requires an options parameter
- util: Improved format() performance 50-300%
Bump PKGREVISION for security/openssl ABI bump.
Update lang/nodejs to 5.7.1.
* path.relative():
- Output is no longer unnecessarily verbose
- Resolving UNC paths on Windows now works correctly
- Resolving paths with prefixes now works correctly from
the root directory
* url: Fixed an off-by-one error with parse()
* dgram: Now correctly handles a default address case when offset
and length are specified (Matteo Collina) #5407.
Irrelevant to (dynamically linked) lang/nodejs:
* openssl: Upgrade from 1.0.2f to 1.0.2g
Update lang/nodejs to 5.7.0.
* buffer:
- You can now supply an encoding argument when filling a Buffer
Buffer#fill(string[, start[, end]][, encoding]), supplying an
existing Buffer will also work with Buffer#fill(buffer[, start[,
end]]). See the API documentation for details on how this works.
- Buffer#indexOf() no longer requires a byteOffset argument if
you also wish to specify an encoding: Buffer#indexOf(val[,
byteOffset][, encoding]).
* child_process: spawn() and spawnSync() now support a 'shell'
option to allow for optional execution of the given command inside
a shell. If set to true, cmd.exe will be used on Windows and
/bin/sh elsewhere. A path to a custom shell can also be passed to
override these defaults. On Windows, this option allows .bat. and
.cmd files to be executed with spawn() and spawnSync().
* http_parser: Update to http-parser 2.6.2 to fix an unintentionally
strict limitation of allowable header characters
* dgram: socket.send() now supports accepts an array of Buffers or
Strings as the first argument. See the API docs for details on how
this works.
* http: Fix a bug where handling headers will mistakenly trigger an
'upgrade' event where the server is just advertising its protocols.
This bug can prevent HTTP clients from communicating with HTTP/2
enabled servers.
* net: Added a listening Boolean property to net and http servers to
indicate whether the server is listening for connections.
* node: The C++ node::MakeCallback() API is now reentrant and
calling it from inside another MakeCallback() call no longer causes
the nextTick queue or Promises microtask queue to be processed out
of order.
* tls: Add a new tlsSocket.getProtocol() method to get the negotiated
TLS protocol version of the current connection.
* vm: Introduce new 'produceCachedData' and 'cachedData' options to
new vm.Script() to interact with V8's code cache. When a new
vm.Script object is created with the 'produceCachedData' set to
true a Buffer with V8's code cache data will be produced and stored
in cachedData property of the returned object. This data in turn
may be supplied back to another vm.Script() object with a
'cachedData' option if the supplied source is the same. Successfully
executing a script from cached data can speed up instantiation time.
* performance: Improvements in:
- process.nextTick()
- path module
- querystring module
- streams module when processing small chunks
Update lang/nodejs to 5.6.0. - http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters. - http-parser: upgrade from 2.6.0 to 2.6.1 - npm: upgrade npm from 3.3.12 to 3.6.0 (Rebecca Turner) #4958 - openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits.
Update lang/nodejs to 5.5.0.
* events: make sure console functions exist (Dave) #4479
* fs: add autoClose option to fs.createWriteStream (Saquib) #3679
* http: improves expect header handling (Daniel Sellers) #4501
* node: allow preload modules with -i (Evan Lucas) #4696
* v8,src: expose statistics about heap spaces (v8.getHeapSpaceStatistics())
(Ben Ripkens) #4463
* Minor performance improvements:
- lib: Use arrow functions instead of bind where possible (Minwoo Jung)
#3622.
- module: cache stat() results more aggressively (Ben Noordhuis) #4575
- querystring: improve parse() performance (Brian White) #4675
Update lang/nodejs to 5.4.1. - Minor performance improvements: - module: move unnecessary work for early return (Andres Suarez) #3579 - Various bug fixes - Various doc fixes - Various test improvements
Update lang/nodejs to 5.4.0. http: - A new status code was added: 451 - "Unavailable For Legal Reasons" - Idle sockets that have been kept alive now handle errors This release also includes several minor performance improvements: - assert: deepEqual is now speedier when comparing TypedArrays - lib: Use arrow functions instead of bind where possible - node: Improved accessor perf of process.env - node: Improved performance of process.hrtime() - node: Improved GetActiveHandles performance - util: Use faster iteration in util.format()
Update lang/nodejs to 5.3.0. - buffer: Buffer.prototype.includes() has been added to keep parity with TypedArrays. - domains: Fix handling of uncaught exceptions. - https: Added support for disabling session caching. - repl: Allow third party modules to be imported using require(). This corrects a regression from 5.2.0. - deps: Upgrade libuv to 1.8.0.
Update lang/nodejs to 5.2.0. build: - Add support for Intel's VTune JIT profiling when compiled with --enable-vtune-profiling. - Properly enable V8 snapshots by default. Due to a configuration error, snapshots have been kept off by default when the intention is for the feature to be enabled. crypto: - Simplify use of ECDH (Elliptic Curve Diffie-Hellman) objects (created via crypto.createECDH(curve_name)) with private keys that are not dynamically generated via generateKeys(). The public key is now computed when explicitly setting a private key. Added validity checks to reduce the possibility of computing weak or invalid shared secrets. Also, deprecated the setPublicKey() method for ECDH objects as its usage is unnecessary and can lead to inconsistent state. - Update root certificates from the current list stored maintained by Mozilla NSS. - Multiple CA certificates can now be passed with the ca option to TLS methods as an array of strings or in a single new-line separated string. tools: - Include a tick processor in core, exposed via the --prof-process command-line argument which can be used to process V8 profiling output files generated when using the --prof command-line argument.
Update nodejs4 to 4.2.3 and nodejs to 5.1.1.
Notable changes
- http: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
- openssl: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against a Node.js TLS server
using DHE key exchange. Details are available at
http://openssl.org/news/secadv/20151203.txt.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
http://openssl.org/news/secadv/20151203.txt. (Shigeki Ohtsu) #4134
- v8: Backport fixes for a bug in JSON.stringify() that can result in
out-of-bounds reads for arrays. (Ben Noordhuis)
Update lang/nodejs to 5.1.0.
Notable changes:
* buffer: The noAssert option for many buffer functions will now
silently drop invalid write values rather than crashing
* child_process: child.send() now properly returns a boolean like
the docs suggest
* doc: All of the API docs have been re-ordered so as to read in
alphabetical order
* http_parser: update http-parser to 2.6.0 from 2.5.0
- Now supports the following HTTP methods: LINK, UNLINK, BIND,
REBIND, UNBIND.
- Also added ACL and IPv6 Zone ID support.
* npm: upgrade npm to 3.3.12 from v3.3.6
* repl: The REPL no longer crashes if the persistent history file
cannot be opened
* tls: The default sessionIdContext now uses SHA1 in FIPS mode
rather than MD5
* v8: Added some more useful post-mortem data
See full release notes:
https://nodejs.org/en/blog/release/v5.1.0/
Update lang/nodejs to 5.0.0.
Move most logic into Makefile.common that will be shared
by the LTS lang/nodejs4 package.
Notable Changes in 5.0.0:
* buffer: (Breaking) Removed both 'raw' and 'raws' encoding types
from Buffer, these have been deprecated for a long time
* console: (Breaking) Values reported by console.time() now have
3 decimals of accuracy added
* fs:
- fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also
accept a file descriptor as their first argument
- (Breaking) In fs.readFile(), if an encoding is specified and
the internal toString() fails the error is no longer thrown but is
passed to the callback
- (Breaking) In fs.read() (using the fs.read(fd, length, position,
encoding, callback) form), if the internal toString() fails the
error is no longer thrown but is passed to the callback
* http:
- Fixed a bug where pipelined http requests would stall
- (Breaking) When parsing HTTP, don't add duplicates of the
following headers: Retry-After, ETag, Last-Modified, Server, Age,
Expires.
- (Breaking) The callback argument to OutgoingMessage#setTimeout()
must be a function or a TypeError is thrown
- (Breaking) HTTP methods and header names must now conform to
the RFC 2616 "token" rule, a list of allowed characters that
excludes control characters and a number of separator characters.
* node:
- (Breaking) Deprecated the _linklist module
- (Breaking) Removed require.paths and require.registerExtension(),
both had been previously set to throw Error when accessed
* npm: Upgraded to version 3.3.6 from 2.14.7
* src: (Breaking) Bumped NODE_MODULE_VERSION to 47 from 46
* timers: Attempt to reuse the timer handle for setTimeout().unref().
* tls:
- Added ALPN Support
- TLS options can now be passed in an object to createSecurePair()
- (Breaking) The default minimum DH key size for tls.connect() is
now 1024 bits and a warning is shown when DH key size is less
than 2048 bits.
* util:
- (Breaking) util.p() was deprecated for years, and has now been
removed
- (Breaking) util.inherits() can now work with ES6 classes.
* v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35
- Implements the spread operator
- Implements new.target
* zlib: Decompression now throws on truncated input (e.g. unexpected
end of file)
See full release notes with more information at:
https://nodejs.org/en/blog/release/v5.0.0/
Update lang/nodejs to 4.2.2.
- buffer: fix value check for writeUInt{B,L}E (Trevor Norris)
- buffer: don't CHECK on zero-sized realloc (Ben Noordhuis)
- deps: backport 010897c from V8 upstream (Ali Ijaz Sheikh)
- deps: backport 8d6a228 from the v8's upstream (Fedor Indutny)
- fs: reduced duplicate code in fs.write() (ronkorving)
- http: fix stalled pipeline bug (Fedor Indutny)
- lib: fix cluster handle leak (Rich Trott)
- lib: avoid REPL exit on completion error (Rich Trott)
- repl: handle comments properly (Sakthipriyan Vairamani)
- repl: limit persistent history correctly on load (Jeremiah Senkpiel)
- src: fix race condition in debug signal on exit (Ben Noordhuis)
- src: fix exception message encoding on Windows (Brian White)
- stream: avoid unnecessary concat of a single buffer. (Calvin Metcalf)
- timers: reuse timer in setTimeout().unref() (Fedor Indutny)
- tls: TLSSocket options default isServer false (Yuval Brik)
Update lang/nodejs to 4.2.1. - Fixed: Assertion error in WeakCallback - see #3329 - Fixed: Undefined timeout regression - see #3331
Update lang/nodejs to 4.2.0. The first Node.js LTS release! See https://github.com/nodejs/LTS/ for details of the LTS process. - Added new -c (or --check) command line argument for checking script syntax without executing the code - Added process.versions.icu to hold the current ICU library versio - Added process.release.lts to hold the current LTS codename when the binary is from an active LTS release line - npm: Upgraded to npm 2.14.7 from 2.14.4, see release notes for full details See full release notes incl. commit log: https://nodejs.org/en/blog/release/v4.2.0/
Recursive revbump from textproc/icu
Update lang/nodejs to 4.1.2. This release includes a fix for CVE-2015-7384, a Denial of Service (DoS) bug. All users of Node.js v4.x should upgrade to v4.1.2. http: - Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability CVE-2015-7384 - Account for pending response data instead of just the data on the current request to decide whether pause the socket or not libuv: - Upgraded from v1.7.4 to v1.7.5, see release notes for details - A better rwlock implementation for all Windows versions - Improved AIX support v8: - Upgraded from v4.5.103.33 to v4.5.103.35 - Backported f782159 from v8's upstream to help speed up Promise introspection - Backported c281c15 from v8's upstream to add JSTypedArray length in post-mortem metadata
Update lang/nodejs to 4.1.1. ok by jperkin.
- buffer: Fixed a bug introduced in v4.1.0 where allocating
a new zero-length buffer can result in the next allocation
of a TypedArray in JavaScript not being zero-filled. In
certain circumstances this could result in data leakage
via reuse of memory space in TypedArrays, breaking the
normally safe assumption that TypedArrays should be always
zero-filled.
- http: Guard against response-splitting of HTTP trailing headers
added via response.addTrailers() by removing new-line ([\r\n])
characters from values. Note that standard header values are
already stripped of new-line characters. The expected security
impact is low because trailing headers are rarely used.
- npm: Upgrade to npm 2.14.4 from 2.14.3, see release notes for
full details
- Upgrades graceful-fs on multiple dependencies to no longer rely
on monkey-patching fs
- Fix npm link for pre-release / RC builds of Node
- v8: Update post-mortem metadata to allow post-mortem debugging tools
to find and inspect:
- JavaScript objects that use dictionary properties
- ScopeInfo and thus closures
Update lang/nodejs to 4.1.0. OK'd by jperkin.
Notable changes:
* buffer:
- Buffers are now created in JavaScript, rather than C++. This
increases the speed of buffer creation
- Buffer#slice() now uses Uint8Array#subarray() internally,
increasing slice() performance
* fs:
- fs.utimes() now properly converts numeric strings, NaN, and
Infinity
- fs.WriteStream now implements _writev, allowing for super-fast
bulk writes
* http: Fixed an issue with certain write() sizes causing errors
when using http.request()
* npm: Upgrade to version 2.14.3, see
https://github.com/npm/npm/releases/tag/v2.14.3 for more details
* src: V8 cpu profiling no longer erroneously shows idle time
* timers: #ref() and #unref() now return the timer they belong to
* v8: Lateral upgrade to 4.5.103.33 from 4.5.103.30, contains
minor fixes. This fixes a previously known bug where some computed
object shorthand properties did not work correctly
Full release notes:
https://nodejs.org/en/blog/release/v4.1.0/
nodejs-4.x requires GCC 4.8 or later.
Update to 4.0.0
* OpenSSL 1.0.2 or later is required.
Changelog:
## 2015-09-08, Version 4.0.0 (Stable), @rvagg
### Notable changes
This list of changes is relative to the last io.js v3.x branch release, v3.3.0. Please see the list of notable changes in the v3.x, v2.x and v1.x releases for a more complete list of changes from 0.12.x. Note, that some changes in the v3.x series as well as major breaking changes in this release constitute changes required for full convergence of the Node.js and io.js projects.
* **child_process**: `ChildProcess.prototype.send()` and `process.send()` operate asynchronously across all platforms so an optional callback parameter has been introduced that will be invoked once the message has been sent, i.e. `.send(message[, sendHandle][, callback])` (Ben Noordhuis) [#2620](https://github.com/nodejs/node/pull/2620).
* **node**: Rename "io.js" code to "Node.js" (cjihrig) [#2367](https://github.com/nodejs/node/pull/2367).
* **node-gyp**: This release bundles an updated version of node-gyp that works with all versions of Node.js and io.js including nightly and release candidate builds. From io.js v3 and Node.js v4 onward, it will only download a headers tarball when building addons rather than the entire source. (Rod Vagg) [#2700](https://github.com/nodejs/node/pull/2700)
* **npm**: Upgrade to version 2.14.2 from 2.13.3, includes a security update, see https://github.com/npm/npm/releases/tag/v2.14.2 for more details, (Kat Marchán) [#2696](https://github.com/nodejs/node/pull/2696).
* **timers**: Improved timer performance from porting the 0.12 implementation, plus minor fixes (Jeremiah Senkpiel) [#2540](https://github.com/nodejs/node/pull/2540), (Julien Gilli) [nodejs/node-v0.x-archive#8751](https://github.com/nodejs/node-v0.x-archive/pull/8751) [nodejs/node-v0.x-archive#8905](https://github.com/nodejs/node-v0.x-archive/pull/8905)
* **util**: The `util.is*()` functions have been deprecated, beginning with deprecation warnings in the documentation for this release, users are encouraged to seek more robust alternatives in the npm registry, (Sakthipriyan Vairamani) [#2447](https://github.com/nodejs/node/pull/2447).
* **v8**: Upgrade to version 4.5.103.30 from 4.4.63.30 (Ali Ijaz Sheikh) [#2632](https://github.com/nodejs/node/pull/2632).
- Implement new `TypedArray` prototype methods: `copyWithin()`, `every()`, `fill()`, `filter()`, `find()`, `findIndex()`, `forEach()`, `indexOf()`, `join()`, `lastIndexOf()`, `map()`, `reduce()`, `reduceRight()`, `reverse()`, `slice()`, `some()`, `sort()`. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information.
- Implement new `TypedArray.from()` and `TypedArray.of()` functions. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information.
- Implement arrow functions, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions for further information.
- Full ChangeLog available at https://github.com/v8/v8-git-mirror/blob/4.5.103/ChangeLog
### Known issues
See https://github.com/nodejs/node/labels/confirmed-bug for complete and current list of known issues.
* Some uses of computed object shorthand properties are not handled correctly by the current version of V8. e.g. `[{ [prop]: val }]` evaluates to `[{}]`. [#2507](https://github.com/nodejs/node/issues/2507)
* Some problems with unreferenced timers running during `beforeExit` are still to be resolved. See [#1264](https://github.com/nodejs/node/issues/1264).
* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/node/issues/690)
* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/node/issues/894)
* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/node/issues/1435).
### Commits
* [[`4f50d3fb90`](https://github.com/nodejs/node/commit/4f50d3fb90)] - **(SEMVER-MAJOR)** This commit sets the value of process.release.name to "node". (cjihrig) [#2367](https://github.com/nodejs/node/pull/2367)
* [[`d3178d8b1b`](https://github.com/nodejs/node/commit/d3178d8b1b)] - **buffer**: SlowBuffer only accept valid numeric values (Michaël Zasso) [#2635](https://github.com/nodejs/node/pull/2635)
* [[`0cb0f4a6e4`](https://github.com/nodejs/node/commit/0cb0f4a6e4)] - **build**: fix v8_enable_handle_zapping override (Karl Skomski) [#2731](https://github.com/nodejs/node/pull/2731)
* [[`a7596d7efc`](https://github.com/nodejs/node/commit/a7596d7efc)] - **build**: remote commands on staging in single session (Rod Vagg) [#2717](https://github.com/nodejs/node/pull/2717)
* [[`be427e9efa`](https://github.com/nodejs/node/commit/be427e9efa)] - **build**: make .msi install to "nodejs", not "node" (Rod Vagg) [#2701](https://github.com/nodejs/node/pull/2701)
* [[`5652ce0dbc`](https://github.com/nodejs/node/commit/5652ce0dbc)] - **build**: fix .pkg creation tooling (Rod Vagg) [#2687](https://github.com/nodejs/node/pull/2687)
* [[`101db80111`](https://github.com/nodejs/node/commit/101db80111)] - **build**: add --enable-asan with builtin leakcheck (Karl Skomski) [#2376](https://github.com/nodejs/node/pull/2376)
* [[`2c3939c9c0`](https://github.com/nodejs/node/commit/2c3939c9c0)] - **child_process**: use stdio.fd even if it is 0 (Evan Lucas) [#2727](https://github.com/nodejs/node/pull/2727)
* [[`609db5a1dd`](https://github.com/nodejs/node/commit/609db5a1dd)] - **child_process**: check execFile and fork args (James M Snell) [#2667](https://github.com/nodejs/node/pull/2667)
* [[`d010568c23`](https://github.com/nodejs/node/commit/d010568c23)] - **(SEMVER-MAJOR)** **child_process**: add callback parameter to .send() (Ben Noordhuis) [#2620](https://github.com/nodejs/node/pull/2620)
* [[`c60857a81a`](https://github.com/nodejs/node/commit/c60857a81a)] - **cluster**: allow shared reused dgram sockets (Fedor Indutny) [#2548](https://github.com/nodejs/node/pull/2548)
* [[`b2ecbb6191`](https://github.com/nodejs/node/commit/b2ecbb6191)] - **contextify**: ignore getters during initialization (Fedor Indutny) [#2091](https://github.com/nodejs/node/pull/2091)
* [[`3711934095`](https://github.com/nodejs/node/commit/3711934095)] - **cpplint**: make it possible to run outside git repo (Ben Noordhuis) [#2710](https://github.com/nodejs/node/pull/2710)
* [[`03f900ab25`](https://github.com/nodejs/node/commit/03f900ab25)] - **crypto**: replace rwlocks with simple mutexes (Ben Noordhuis) [#2723](https://github.com/nodejs/node/pull/2723)
* [[`847459c29b`](https://github.com/nodejs/node/commit/847459c29b)] - **(SEMVER-MAJOR)** **crypto**: show exponent in decimal and hex (Chad Johnston) [#2320](https://github.com/nodejs/node/pull/2320)
* [[`e1c976184d`](https://github.com/nodejs/node/commit/e1c976184d)] - **deps**: improve ArrayBuffer performance in v8 (Fedor Indutny) [#2732](https://github.com/nodejs/node/pull/2732)
* [[`cc0ab17a23`](https://github.com/nodejs/node/commit/cc0ab17a23)] - **deps**: float node-gyp v3.0.0 (Rod Vagg) [#2700](https://github.com/nodejs/node/pull/2700)
* [[`b2c3c6d727`](https://github.com/nodejs/node/commit/b2c3c6d727)] - **deps**: create .npmrc during npm tests (Kat Marchán) [#2696](https://github.com/nodejs/node/pull/2696)
* [[`babdbfdbd5`](https://github.com/nodejs/node/commit/babdbfdbd5)] - **deps**: upgrade to npm 2.14.2 (Kat Marchán) [#2696](https://github.com/nodejs/node/pull/2696)
* [[`155783d876`](https://github.com/nodejs/node/commit/155783d876)] - **deps**: backport 75e43a6 from v8 upstream (again) (saper) [#2692](https://github.com/nodejs/node/pull/2692)
* [[`5424d6fcf0`](https://github.com/nodejs/node/commit/5424d6fcf0)] - **deps**: upgrade V8 to 4.5.103.30 (Ali Ijaz Sheikh) [#2632](https://github.com/nodejs/node/pull/2632)
* [[`c43172578e`](https://github.com/nodejs/node/commit/c43172578e)] - **(SEMVER-MAJOR)** **deps**: upgrade V8 to 4.5.103.24 (Ali Ijaz Sheikh) [#2509](https://github.com/nodejs/node/pull/2509)
* [[`714e96e8b9`](https://github.com/nodejs/node/commit/714e96e8b9)] - **deps**: backport 75e43a6 from v8 upstream (saper) [#2636](https://github.com/nodejs/node/pull/2636)
* [[`8637755cbf`](https://github.com/nodejs/node/commit/8637755cbf)] - **doc**: add TSC meeting minutes 2015-09-02 (Rod Vagg) [#2674](https://github.com/nodejs/node/pull/2674)
* [[`d3d5b93214`](https://github.com/nodejs/node/commit/d3d5b93214)] - **doc**: update environment vars in manpage and --help (Roman Reiss) [#2690](https://github.com/nodejs/node/pull/2690)
* [[`29f586ac0a`](https://github.com/nodejs/node/commit/29f586ac0a)] - **doc**: update url doc to account for escaping (Jeremiah Senkpiel) [#2605](https://github.com/nodejs/node/pull/2605)
* [[`ba50cfebef`](https://github.com/nodejs/node/commit/ba50cfebef)] - **doc**: reorder collaborators by their usernames (Johan Bergström) [#2322](https://github.com/nodejs/node/pull/2322)
* [[`8a9a3bf798`](https://github.com/nodejs/node/commit/8a9a3bf798)] - **doc**: update changelog for io.js v3.3.0 (Rod Vagg) [#2653](https://github.com/nodejs/node/pull/2653)
* [[`6cd0e2664b`](https://github.com/nodejs/node/commit/6cd0e2664b)] - **doc**: update io.js reference (Ben Noordhuis) [#2580](https://github.com/nodejs/node/pull/2580)
* [[`f9539c19e8`](https://github.com/nodejs/node/commit/f9539c19e8)] - **doc**: update changelog for io.js v3.2.0 (Rod Vagg) [#2512](https://github.com/nodejs/node/pull/2512)
* [[`cded6e7993`](https://github.com/nodejs/node/commit/cded6e7993)] - **doc**: fix CHANGELOG.md on master (Roman Reiss) [#2513](https://github.com/nodejs/node/pull/2513)
* [[`93e2830686`](https://github.com/nodejs/node/commit/93e2830686)] - **(SEMVER-MINOR)** **doc**: document deprecation of util.is* functions (Sakthipriyan Vairamani) [#2447](https://github.com/nodejs/node/pull/2447)
* [[`7038388558`](https://github.com/nodejs/node/commit/7038388558)] - **doc,test**: enable recursive file watching in Windows (Sakthipriyan Vairamani) [#2649](https://github.com/nodejs/node/pull/2649)
* [[`f3696f64a1`](https://github.com/nodejs/node/commit/f3696f64a1)] - **events,lib**: don't require EE#listenerCount() (Jeremiah Senkpiel) [#2661](https://github.com/nodejs/node/pull/2661)
* [[`45a2046f5d`](https://github.com/nodejs/node/commit/45a2046f5d)] - **(SEMVER-MAJOR)** **installer**: fix installers for node.js rename (Frederic Hemberger) [#2367](https://github.com/nodejs/node/pull/2367)
* [[`7a999a1376`](https://github.com/nodejs/node/commit/7a999a1376)] - **(SEMVER-MAJOR)** **lib**: add net.Socket#localFamily property (Ben Noordhuis) [#956](https://github.com/nodejs/node/pull/956)
* [[`de88255b0f`](https://github.com/nodejs/node/commit/de88255b0f)] - ***Revert*** "**lib,src**: add unix socket getsockname/getpeername" (Ben Noordhuis) [#2584](https://github.com/nodejs/node/pull/2584)
* [[`f337595441`](https://github.com/nodejs/node/commit/f337595441)] - **(SEMVER-MAJOR)** **lib,src**: add unix socket getsockname/getpeername (Ben Noordhuis) [#956](https://github.com/nodejs/node/pull/956)
* [[`3b602527d1`](https://github.com/nodejs/node/commit/3b602527d1)] - **(SEMVER-MAJOR)** **node**: additional cleanup for node rename (cjihrig) [#2367](https://github.com/nodejs/node/pull/2367)
* [[`a69ab27ab4`](https://github.com/nodejs/node/commit/a69ab27ab4)] - **(SEMVER-MAJOR)** **node**: rename from io.js to node (cjihrig) [#2367](https://github.com/nodejs/node/pull/2367)
* [[`9358eee9dd`](https://github.com/nodejs/node/commit/9358eee9dd)] - **node-gyp**: float 3.0.1, minor fix for download url (Rod Vagg) [#2737](https://github.com/nodejs/node/pull/2737)
* [[`d2d981252b`](https://github.com/nodejs/node/commit/d2d981252b)] - **src**: s/ia32/x86 for process.release.libUrl for win (Rod Vagg) [#2699](https://github.com/nodejs/node/pull/2699)
* [[`eba3d3dccd`](https://github.com/nodejs/node/commit/eba3d3dccd)] - **src**: use standard conform snprintf on windows (Karl Skomski) [#2404](https://github.com/nodejs/node/pull/2404)
* [[`cddbec231f`](https://github.com/nodejs/node/commit/cddbec231f)] - **src**: fix buffer overflow for long exception lines (Karl Skomski) [#2404](https://github.com/nodejs/node/pull/2404)
* [[`dd3f3417c7`](https://github.com/nodejs/node/commit/dd3f3417c7)] - **src**: re-enable fast math on arm (Michaël Zasso) [#2592](https://github.com/nodejs/node/pull/2592)
* [[`e137c1177c`](https://github.com/nodejs/node/commit/e137c1177c)] - **(SEMVER-MAJOR)** **src**: enable vector ics on arm again (Ali Ijaz Sheikh) [#2509](https://github.com/nodejs/node/pull/2509)
* [[`7ce749d722`](https://github.com/nodejs/node/commit/7ce749d722)] - **src**: replace usage of v8::Handle with v8::Local (Michaël Zasso) [#2202](https://github.com/nodejs/node/pull/2202)
* [[`b1a2d9509f`](https://github.com/nodejs/node/commit/b1a2d9509f)] - **src**: enable v8 deprecation warnings and fix them (Ben Noordhuis) [#2091](https://github.com/nodejs/node/pull/2091)
* [[`808de0da03`](https://github.com/nodejs/node/commit/808de0da03)] - **(SEMVER-MAJOR)** **src**: apply debug force load fixups from 41e63fb (Ali Ijaz Sheikh) [#2509](https://github.com/nodejs/node/pull/2509)
* [[`5201cb0ff1`](https://github.com/nodejs/node/commit/5201cb0ff1)] - **src**: fix memory leak in ExternString (Karl Skomski) [#2402](https://github.com/nodejs/node/pull/2402)
* [[`2308a27c0a`](https://github.com/nodejs/node/commit/2308a27c0a)] - **src**: only set v8 flags if argc > 1 (Evan Lucas) [#2646](https://github.com/nodejs/node/pull/2646)
* [[`384effed20`](https://github.com/nodejs/node/commit/384effed20)] - **test**: fix use of `common` before required (Rod Vagg) [#2685](https://github.com/nodejs/node/pull/2685)
* [[`f146f686b7`](https://github.com/nodejs/node/commit/f146f686b7)] - **(SEMVER-MAJOR)** **test**: fix test-repl-tab-complete.js for V8 4.5 (Ali Ijaz Sheikh) [#2509](https://github.com/nodejs/node/pull/2509)
* [[`fe4b309fd3`](https://github.com/nodejs/node/commit/fe4b309fd3)] - **test**: refactor to eliminate flaky test (Rich Trott) [#2609](https://github.com/nodejs/node/pull/2609)
* [[`619721e6b8`](https://github.com/nodejs/node/commit/619721e6b8)] - **test**: mark eval_messages as flaky (Alexis Campailla) [#2648](https://github.com/nodejs/node/pull/2648)
* [[`93ba585b66`](https://github.com/nodejs/node/commit/93ba585b66)] - **test**: mark test-vm-syntax-error-stderr as flaky (João Reis) [#2662](https://github.com/nodejs/node/pull/2662)
* [[`367140bca0`](https://github.com/nodejs/node/commit/367140bca0)] - **test**: mark test-repl-persistent-history as flaky (João Reis) [#2659](https://github.com/nodejs/node/pull/2659)
* [[`f6b093343d`](https://github.com/nodejs/node/commit/f6b093343d)] - **timers**: minor `_unrefActive` fixes and improvements (Jeremiah Senkpiel) [#2540](https://github.com/nodejs/node/pull/2540)
* [[`403d7ee7d1`](https://github.com/nodejs/node/commit/403d7ee7d1)] - **timers**: don't mutate unref list while iterating it (Julien Gilli) [#2540](https://github.com/nodejs/node/pull/2540)
* [[`7a8c3e08c3`](https://github.com/nodejs/node/commit/7a8c3e08c3)] - **timers**: Avoid linear scan in `_unrefActive`. (Julien Gilli) [#2540](https://github.com/nodejs/node/pull/2540)
* [[`b630ebaf43`](https://github.com/nodejs/node/commit/b630ebaf43)] - **win,msi**: Upgrade from old upgrade code (João Reis) [#2439](https://github.com/nodejs/node/pull/2439)
## 2015-09-02, Version 3.3.0, @rvagg
### Notable changes
* **build**: Add a `--link-module` option to `configure` that can be used to bundle additional JavaScript modules into a built binary (Bradley Meck) [#2497](https://github.com/nodejs/node/pull/2497)
* **docs**: Merge outstanding doc updates from joyent/node (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* **http_parser**: Significant performance improvement by having `http.Server` consume all initial data from its `net.Socket` and parsing directly without having to enter JavaScript. Any `'data'` listeners on the `net.Socket` will result in the data being "unconsumed" into JavaScript, thereby undoing any performance gains. (Fedor Indutny) [#2355](https://github.com/nodejs/node/pull/2355)
* **libuv**: Upgrade to 1.7.3 (from 1.6.1), see [ChangeLog](https://github.com/libuv/libuv/blob/v1.x/ChangeLog) for details (Saúl Ibarra Corretgé) [#2310](https://github.com/nodejs/node/pull/2310)
* **V8**: Upgrade to 4.4.63.30 (from 4.4.63.26) (Michaël Zasso) [#2482](https://github.com/nodejs/node/pull/2482)
### Known issues
See https://github.com/nodejs/io.js/labels/confirmed-bug for complete and current list of known issues.
* Some uses of computed object shorthand properties are not handled correctly by the current version of V8. e.g. `[{ [prop]: val }]` evaluates to `[{}]`. [#2507](https://github.com/nodejs/node/issues/2507)
* Some problems with unreferenced timers running during `beforeExit` are still to be resolved. See [#1264](https://github.com/nodejs/io.js/issues/1264).
* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/io.js/issues/690)
* `process.send()` is not synchronous as the docs suggest, a regression introduced in 1.0.2, see [#760](https://github.com/nodejs/io.js/issues/760).
* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/io.js/issues/894)
* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/io.js/issues/1435).
### Commits
* [[`1a531b4e44`](https://github.com/nodejs/node/commit/1a531b4e44)] - **(SEMVER-MINOR)** Introduce --link-module to ./configure (Bradley Meck) [#2497](https://github.com/nodejs/node/pull/2497)
* [[`d2f314c190`](https://github.com/nodejs/node/commit/d2f314c190)] - **build**: fix borked chmod call for release uploads (Rod Vagg) [#2645](https://github.com/nodejs/node/pull/2645)
* [[`3172e9c541`](https://github.com/nodejs/node/commit/3172e9c541)] - **build**: set file permissions before uploading (Rod Vagg) [#2623](https://github.com/nodejs/node/pull/2623)
* [[`a860d7fae1`](https://github.com/nodejs/node/commit/a860d7fae1)] - **build**: change staging directory on new server (Rod Vagg) [#2623](https://github.com/nodejs/node/pull/2623)
* [[`50c0baa8d7`](https://github.com/nodejs/node/commit/50c0baa8d7)] - **build**: rename 'doc' directory to 'docs' for upload (Rod Vagg) [#2623](https://github.com/nodejs/node/pull/2623)
* [[`0a0577cf5f`](https://github.com/nodejs/node/commit/0a0577cf5f)] - **build**: fix bad cherry-pick for vcbuild.bat build-release (Rod Vagg) [#2625](https://github.com/nodejs/node/pull/2625)
* [[`34de90194b`](https://github.com/nodejs/node/commit/34de90194b)] - **build**: only define NODE_V8_OPTIONS if not empty (Evan Lucas) [#2532](https://github.com/nodejs/node/pull/2532)
* [[`944174b189`](https://github.com/nodejs/node/commit/944174b189)] - **build**: make ci test addons in test/addons (Ben Noordhuis) [#2428](https://github.com/nodejs/node/pull/2428)
* [[`e955f9a1b0`](https://github.com/nodejs/node/commit/e955f9a1b0)] - **crypto**: Use OPENSSL_cleanse to shred the data. (Сковорода Никита Андреевич) [#2575](https://github.com/nodejs/node/pull/2575)
* [[`395d736b9d`](https://github.com/nodejs/node/commit/395d736b9d)] - **debugger**: use strict equality comparison (Minwoo Jung) [#2558](https://github.com/nodejs/node/pull/2558)
* [[`1d0e5210a8`](https://github.com/nodejs/node/commit/1d0e5210a8)] - **deps**: upgrade libuv to 1.7.3 (Saúl Ibarra Corretgé) [#2310](https://github.com/nodejs/node/pull/2310)
* [[`34ef53364f`](https://github.com/nodejs/node/commit/34ef53364f)] - **deps**: update V8 to 4.4.63.30 (Michaël Zasso) [#2482](https://github.com/nodejs/node/pull/2482)
* [[`23579a5f4a`](https://github.com/nodejs/node/commit/23579a5f4a)] - **doc**: add TSC meeting minutes 2015-08-12 (Rod Vagg) [#2438](https://github.com/nodejs/node/pull/2438)
* [[`0cc59299a4`](https://github.com/nodejs/node/commit/0cc59299a4)] - **doc**: add TSC meeting minutes 2015-08-26 (Rod Vagg) [#2591](https://github.com/nodejs/node/pull/2591)
* [[`6efa96e33a`](https://github.com/nodejs/node/commit/6efa96e33a)] - **doc**: merge CHANGELOG.md with joyent/node ChangeLog (P.S.V.R) [#2536](https://github.com/nodejs/node/pull/2536)
* [[`f75d54607b`](https://github.com/nodejs/node/commit/f75d54607b)] - **doc**: clarify cluster behaviour with no workers (Jeremiah Senkpiel) [#2606](https://github.com/nodejs/node/pull/2606)
* [[`8936302121`](https://github.com/nodejs/node/commit/8936302121)] - **doc**: minor clarification in buffer.markdown (Сковорода Никита Андреевич) [#2574](https://github.com/nodejs/node/pull/2574)
* [[`0db0e53753`](https://github.com/nodejs/node/commit/0db0e53753)] - **doc**: add @jasnell and @sam-github to release team (Rod Vagg) [#2455](https://github.com/nodejs/node/pull/2455)
* [[`c16e100593`](https://github.com/nodejs/node/commit/c16e100593)] - **doc**: reorg release team to separate section (Rod Vagg) [#2455](https://github.com/nodejs/node/pull/2455)
* [[`e3e00143fd`](https://github.com/nodejs/node/commit/e3e00143fd)] - **doc**: fix bad merge on modules.markdown (James M Snell)
* [[`2f62455880`](https://github.com/nodejs/node/commit/2f62455880)] - **doc**: minor additional corrections and improvements (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`3bd08aac4b`](https://github.com/nodejs/node/commit/3bd08aac4b)] - **doc**: minor grammatical update in crypto.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`f707189370`](https://github.com/nodejs/node/commit/f707189370)] - **doc**: minor grammatical update (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`6c98cf0266`](https://github.com/nodejs/node/commit/6c98cf0266)] - **doc**: remove repeated statement in globals.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`48e6ccf8c2`](https://github.com/nodejs/node/commit/48e6ccf8c2)] - **doc**: remove 'dudes' from documentation (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`b5d68f8076`](https://github.com/nodejs/node/commit/b5d68f8076)] - **doc**: update tense in child_process.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`242e3fe3ba`](https://github.com/nodejs/node/commit/242e3fe3ba)] - **doc**: fixed worker.id type (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`ea9ee15c21`](https://github.com/nodejs/node/commit/ea9ee15c21)] - **doc**: port is optional for socket.bind() (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`0ff6657a50`](https://github.com/nodejs/node/commit/0ff6657a50)] - **doc**: fix minor types and grammar in fs docs (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`94d83c04f2`](https://github.com/nodejs/node/commit/94d83c04f2)] - **doc**: update parameter name in net.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`04111ce40f`](https://github.com/nodejs/node/commit/04111ce40f)] - **doc**: small typo in domain.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`c9fdd1bbbf`](https://github.com/nodejs/node/commit/c9fdd1bbbf)] - **doc**: fixed typo in net.markdown (missing comma) (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`27c07b3f8e`](https://github.com/nodejs/node/commit/27c07b3f8e)] - **doc**: update description of fs.exists in fs.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`52018e73d9`](https://github.com/nodejs/node/commit/52018e73d9)] - **doc**: clarification on the 'close' event (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`f6d3b87a25`](https://github.com/nodejs/node/commit/f6d3b87a25)] - **doc**: improve working in stream.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`b5da89431a`](https://github.com/nodejs/node/commit/b5da89431a)] - **doc**: update path.extname documentation (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`1d4ea609db`](https://github.com/nodejs/node/commit/1d4ea609db)] - **doc**: small clarifications to modules.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`c888985591`](https://github.com/nodejs/node/commit/c888985591)] - **doc**: code style cleanups in repl.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`105b493595`](https://github.com/nodejs/node/commit/105b493595)] - **doc**: correct grammar in cluster.markdown (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`51b86ccac7`](https://github.com/nodejs/node/commit/51b86ccac7)] - **doc**: Clarify the module.parent is set once (James M Snell) [#2378](https://github.com/nodejs/node/pull/2378)
* [[`d2ffecba2d`](https://github.com/nodejs/node/commit/d2ffecba2d)] - **doc**: add internal modules notice (Jeremiah Senkpiel) [#2523](https://github.com/nodejs/node/pull/2523)
* [[`b36debd5cb`](https://github.com/nodejs/node/commit/b36debd5cb)] - **env**: introduce `KickNextTick` (Fedor Indutny) [#2355](https://github.com/nodejs/node/pull/2355)
* [[`1bc446863f`](https://github.com/nodejs/node/commit/1bc446863f)] - **http_parser**: consume StreamBase instance (Fedor Indutny) [#2355](https://github.com/nodejs/node/pull/2355)
* [[`ce04b735cc`](https://github.com/nodejs/node/commit/ce04b735cc)] - **src**: only memcmp if length > 0 in Buffer::Compare (Karl Skomski) [#2544](https://github.com/nodejs/node/pull/2544)
* [[`31823e37c7`](https://github.com/nodejs/node/commit/31823e37c7)] - **src**: DRY getsockname/getpeername code (Ben Noordhuis) [#956](https://github.com/nodejs/node/pull/956)
* [[`13fd96dda3`](https://github.com/nodejs/node/commit/13fd96dda3)] - **src**: missing Exception::Error in node_http_parser (Jeremiah Senkpiel) [#2550](https://github.com/nodejs/node/pull/2550)
* [[`42e075ae02`](https://github.com/nodejs/node/commit/42e075ae02)] - **test**: improve performance of stringbytes test (Trevor Norris) [#2544](https://github.com/nodejs/node/pull/2544)
* [[`fc726399fd`](https://github.com/nodejs/node/commit/fc726399fd)] - **test**: unmark test-process-argv-0.js as flaky (Rich Trott) [#2613](https://github.com/nodejs/node/pull/2613)
* [[`7727ba1394`](https://github.com/nodejs/node/commit/7727ba1394)] - **test**: lint and refactor to avoid autocrlf issue (Roman Reiss) [#2494](https://github.com/nodejs/node/pull/2494)
* [[`c56aa829f0`](https://github.com/nodejs/node/commit/c56aa829f0)] - **test**: use tmpDir instead of fixturesDir (Sakthipriyan Vairamani) [#2583](https://github.com/nodejs/node/pull/2583)
* [[`5e65181ea4`](https://github.com/nodejs/node/commit/5e65181ea4)] - **test**: handling failure cases properly (Sakthipriyan Vairamani) [#2206](https://github.com/nodejs/node/pull/2206)
* [[`c48b95e847`](https://github.com/nodejs/node/commit/c48b95e847)] - **test**: initial list of flaky tests (Alexis Campailla) [#2424](https://github.com/nodejs/node/pull/2424)
* [[`94e88498ba`](https://github.com/nodejs/node/commit/94e88498ba)] - **test**: pass args to test-ci via env variable (Alexis Campailla) [#2424](https://github.com/nodejs/node/pull/2424)
* [[`09987c7a1c`](https://github.com/nodejs/node/commit/09987c7a1c)] - **test**: support flaky tests in test-ci (Alexis Campailla) [#2424](https://github.com/nodejs/node/pull/2424)
* [[`08b83c8b45`](https://github.com/nodejs/node/commit/08b83c8b45)] - **test**: add test configuration templates (Alexis Campailla) [#2424](https://github.com/nodejs/node/pull/2424)
* [[`8f8ab6fa57`](https://github.com/nodejs/node/commit/8f8ab6fa57)] - **test**: runner should return 0 on flaky tests (Alexis Campailla) [#2424](https://github.com/nodejs/node/pull/2424)
* [[`0cfd3be9c6`](https://github.com/nodejs/node/commit/0cfd3be9c6)] - **test**: runner support for flaky tests (Alexis Campailla) [#2424](https://github.com/nodejs/node/pull/2424)
* [[`3492d2d4c6`](https://github.com/nodejs/node/commit/3492d2d4c6)] - **test**: make test-process-argv-0 robust (Rich Trott) [#2541](https://github.com/nodejs/node/pull/2541)
* [[`a96cc31710`](https://github.com/nodejs/node/commit/a96cc31710)] - **test**: speed up test-child-process-spawnsync.js (Rich Trott) [#2542](https://github.com/nodejs/node/pull/2542)
* [[`856baf4c67`](https://github.com/nodejs/node/commit/856baf4c67)] - **test**: make spawnSync() test robust (Rich Trott) [#2535](https://github.com/nodejs/node/pull/2535)
* [[`3aa6bbb648`](https://github.com/nodejs/node/commit/3aa6bbb648)] - **tools**: update release.sh to work with new website (Rod Vagg) [#2623](https://github.com/nodejs/node/pull/2623)
* [[`f2f0fe45ff`](https://github.com/nodejs/node/commit/f2f0fe45ff)] - **tools**: make add-on scraper print filenames (Ben Noordhuis) [#2428](https://github.com/nodejs/node/pull/2428)
* [[`bb24c4a418`](https://github.com/nodejs/node/commit/bb24c4a418)] - **win,msi**: correct installation path registry keys (João Reis) [#2565](https://github.com/nodejs/node/pull/2565)
* [[`752977b888`](https://github.com/nodejs/node/commit/752977b888)] - **win,msi**: change InstallScope to perMachine (João Reis) [#2565](https://github.com/nodejs/node/pull/2565)
## 2015-08-25, Version 3.2.0, @rvagg
### Notable changes
* **events**: Added `EventEmitter#listenerCount(event)` as a replacement for `EventEmitter.listenerCount(emitter, event)`, which has now been marked as deprecated in the docs. (Sakthipriyan Vairamani) [#2349](https://github.com/nodejs/node/pull/2349)
* **module**: Fixed an error with preloaded modules when the current working directory doesn't exist. (Bradley Meck) [#2353](https://github.com/nodejs/node/pull/2353)
* **node**: Startup time is now about 5% faster when not passing V8 flags. (Evan Lucas) [#2483](https://github.com/nodejs/node/pull/2483)
* **repl**: Tab-completion now works better with arrays. (James M Snell) [#2409](https://github.com/nodejs/node/pull/2409)
* **string_bytes**: Fixed an unaligned write in the handling of UCS2 encoding. (Fedor Indutny) [#2480](https://github.com/nodejs/node/pull/2480)
* **tls**: Added a new `--tls-cipher-list` flag that can be used to override the built-in default cipher list. (James M Snell) [#2412](https://github.com/nodejs/node/pull/2412) _Note: it is suggested you use the built-in cipher list as it has been carefully selected to reflect current security best practices and risk mitigation._
### Known issues
See https://github.com/nodejs/io.js/labels/confirmed-bug for complete and current list of known issues.
* Some uses of computed object shorthand properties are not handled correctly by the current version of V8. e.g. `[{ [prop]: val }]` evaluates to `[{}]`. [#2507](https://github.com/nodejs/node/issues/2507)
* Some problems with unreferenced timers running during `beforeExit` are still to be resolved. See [#1264](https://github.com/nodejs/io.js/issues/1264).
* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/io.js/issues/690)
* `process.send()` is not synchronous as the docs suggest, a regression introduced in 1.0.2, see [#760](https://github.com/nodejs/io.js/issues/760).
* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/io.js/issues/894)
* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/io.js/issues/1435).
### Commits
* [[`1cd794f129`](https://github.com/nodejs/node/commit/1cd794f129)] - **buffer**: reapply 07c0667 (Fedor Indutny) [#2487](https://github.com/nodejs/node/pull/2487)
* [[`156781dedd`](https://github.com/nodejs/node/commit/156781dedd)] - **build**: use required platform in android-configure (Evan Lucas) [#2501](https://github.com/nodejs/node/pull/2501)
* [[`77075ec906`](https://github.com/nodejs/node/commit/77075ec906)] - **crypto**: fix mem {de}allocation in ExportChallenge (Karl Skomski) [#2359](https://github.com/nodejs/node/pull/2359)
* [[`cb30414d9e`](https://github.com/nodejs/node/commit/cb30414d9e)] - **doc**: sync CHANGELOG.md from master (Roman Reiss) [#2524](https://github.com/nodejs/node/pull/2524)
* [[`9330f5ef45`](https://github.com/nodejs/node/commit/9330f5ef45)] - **doc**: make the deprecations consistent (Sakthipriyan Vairamani) [#2450](https://github.com/nodejs/node/pull/2450)
* [[`09437e0146`](https://github.com/nodejs/node/commit/09437e0146)] - **doc**: fix comments in tls_wrap.cc and _http_client.js (Minwoo Jung) [#2489](https://github.com/nodejs/node/pull/2489)
* [[`c9867fed29`](https://github.com/nodejs/node/commit/c9867fed29)] - **doc**: document response.finished in http.markdown (hackerjs) [#2414](https://github.com/nodejs/node/pull/2414)
* [[`7f23a83c42`](https://github.com/nodejs/node/commit/7f23a83c42)] - **doc**: update AUTHORS list (Rod Vagg) [#2505](https://github.com/nodejs/node/pull/2505)
* [[`cd0c362f67`](https://github.com/nodejs/node/commit/cd0c362f67)] - **doc**: update AUTHORS list (Rod Vagg) [#2318](https://github.com/nodejs/node/pull/2318)
* [[`2c7b9257ea`](https://github.com/nodejs/node/commit/2c7b9257ea)] - **doc**: add TSC meeting minutes 2015-07-29 (Rod Vagg) [#2437](https://github.com/nodejs/node/pull/2437)
* [[`aaefde793e`](https://github.com/nodejs/node/commit/aaefde793e)] - **doc**: add TSC meeting minutes 2015-08-19 (Rod Vagg) [#2460](https://github.com/nodejs/node/pull/2460)
* [[`51ef9106f5`](https://github.com/nodejs/node/commit/51ef9106f5)] - **doc**: add TSC meeting minutes 2015-06-03 (Rod Vagg) [#2453](https://github.com/nodejs/node/pull/2453)
* [[`7130b4cf1d`](https://github.com/nodejs/node/commit/7130b4cf1d)] - **doc**: fix links to original converged repo (Rod Vagg) [#2454](https://github.com/nodejs/node/pull/2454)
* [[`14f2aee1df`](https://github.com/nodejs/node/commit/14f2aee1df)] - **doc**: fix links to original gh issues for TSC meetings (Rod Vagg) [#2454](https://github.com/nodejs/node/pull/2454)
* [[`87a9ef0a40`](https://github.com/nodejs/node/commit/87a9ef0a40)] - **doc**: add audio recording links to TSC meeting minutes (Rod Vagg) [#2454](https://github.com/nodejs/node/pull/2454)
* [[`f5cf24afbc`](https://github.com/nodejs/node/commit/f5cf24afbc)] - **doc**: add TSC meeting minutes 2015-07-22 (Rod Vagg) [#2436](https://github.com/nodejs/node/pull/2436)
* [[`3f821b96eb`](https://github.com/nodejs/node/commit/3f821b96eb)] - **doc**: fix spelling mistake in node.js comment (Jacob Edelman) [#2391](https://github.com/nodejs/node/pull/2391)
* [[`3e6a6fcdd6`](https://github.com/nodejs/node/commit/3e6a6fcdd6)] - **(SEMVER-MINOR)** **events**: deprecate static listenerCount function (Sakthipriyan Vairamani) [#2349](https://github.com/nodejs/node/pull/2349)
* [[`023386c852`](https://github.com/nodejs/node/commit/023386c852)] - **fs**: replace bad_args macro with concrete error msg (Roman Klauke) [#2495](https://github.com/nodejs/node/pull/2495)
* [[`d1c27b2e29`](https://github.com/nodejs/node/commit/d1c27b2e29)] - **module**: fix module preloading when cwd is ENOENT (Bradley Meck) [#2353](https://github.com/nodejs/node/pull/2353)
* [[`5d7486941b`](https://github.com/nodejs/node/commit/5d7486941b)] - **repl**: filter integer keys from repl tab complete list (James M Snell) [#2409](https://github.com/nodejs/node/pull/2409)
* [[`7f02443a9a`](https://github.com/nodejs/node/commit/7f02443a9a)] - **repl**: dont throw ENOENT on NODE_REPL_HISTORY_FILE (Todd Kennedy) [#2451](https://github.com/nodejs/node/pull/2451)
* [[`56a2ae9cef`](https://github.com/nodejs/node/commit/56a2ae9cef)] - **src**: improve startup time (Evan Lucas) [#2483](https://github.com/nodejs/node/pull/2483)
* [[`14653c7429`](https://github.com/nodejs/node/commit/14653c7429)] - **stream**: rename poorly named function (Ben Noordhuis) [#2479](https://github.com/nodejs/node/pull/2479)
* [[`1c6e014bfa`](https://github.com/nodejs/node/commit/1c6e014bfa)] - **stream**: micro-optimize high water mark calculation (Ben Noordhuis) [#2479](https://github.com/nodejs/node/pull/2479)
* [[`f1f4b4c46d`](https://github.com/nodejs/node/commit/f1f4b4c46d)] - **stream**: fix off-by-factor-16 error in comment (Ben Noordhuis) [#2479](https://github.com/nodejs/node/pull/2479)
* [[`2d3f09bd76`](https://github.com/nodejs/node/commit/2d3f09bd76)] - **stream_base**: various improvements (Fedor Indutny) [#2351](https://github.com/nodejs/node/pull/2351)
* [[`c1ce423b35`](https://github.com/nodejs/node/commit/c1ce423b35)] - **string_bytes**: fix unaligned write in UCS2 (Fedor Indutny) [#2480](https://github.com/nodejs/node/pull/2480)
* [[`e4d0e86165`](https://github.com/nodejs/node/commit/e4d0e86165)] - **test**: refactor test-https-simple.js (Rich Trott) [#2433](https://github.com/nodejs/node/pull/2433)
* [[`0ea5c8d737`](https://github.com/nodejs/node/commit/0ea5c8d737)] - **test**: remove test-timers-first-fire (João Reis) [#2458](https://github.com/nodejs/node/pull/2458)
* [[`536c3d0537`](https://github.com/nodejs/node/commit/536c3d0537)] - **test**: use reserved IP in test-net-connect-timeout (Rich Trott) [#2257](https://github.com/nodejs/node/pull/2257)
* [[`5df06fd8df`](https://github.com/nodejs/node/commit/5df06fd8df)] - **test**: add spaces after keywords (Brendan Ashworth)
* [[`e714b5620e`](https://github.com/nodejs/node/commit/e714b5620e)] - **test**: remove unreachable code (Michaël Zasso) [#2289](https://github.com/nodejs/node/pull/2289)
* [[`3579f3a2a4`](https://github.com/nodejs/node/commit/3579f3a2a4)] - **test**: disallow unreachable code (Michaël Zasso) [#2289](https://github.com/nodejs/node/pull/2289)
* [[`3545e236fc`](https://github.com/nodejs/node/commit/3545e236fc)] - **test**: reduce timeouts in test-net-keepalive (Brendan Ashworth) [#2429](https://github.com/nodejs/node/pull/2429)
* [[`b60e690023`](https://github.com/nodejs/node/commit/b60e690023)] - **test**: improve test-net-server-pause-on-connect (Brendan Ashworth) [#2429](https://github.com/nodejs/node/pull/2429)
* [[`11d1b8fcaf`](https://github.com/nodejs/node/commit/11d1b8fcaf)] - **test**: improve test-net-pingpong (Brendan Ashworth) [#2429](https://github.com/nodejs/node/pull/2429)
* [[`5fef5c6562`](https://github.com/nodejs/node/commit/5fef5c6562)] - **(SEMVER-MINOR)** **tls**: add --tls-cipher-list command line switch (James M Snell) [#2412](https://github.com/nodejs/node/pull/2412)
* [[`d9b70f9cbf`](https://github.com/nodejs/node/commit/d9b70f9cbf)] - **tls**: handle empty cert in checkServerIndentity (Mike Atkins) [#2343](https://github.com/nodejs/node/pull/2343)
* [[`4f8e34c202`](https://github.com/nodejs/node/commit/4f8e34c202)] - **tools**: add license boilerplate to check-imports.sh (James M Snell) [#2386](https://github.com/nodejs/node/pull/2386)
* [[`b76b9197f9`](https://github.com/nodejs/node/commit/b76b9197f9)] - **tools**: enable space-after-keywords in eslint (Brendan Ashworth)
* [[`64a8f30a70`](https://github.com/nodejs/node/commit/64a8f30a70)] - **tools**: fix anchors in generated documents (Sakthipriyan Vairamani) [#2491](https://github.com/nodejs/node/pull/2491)
* [[`22e344ea10`](https://github.com/nodejs/node/commit/22e344ea10)] - **win**: fix custom actions for WiX older than 3.9 (João Reis) [#2365](https://github.com/nodejs/node/pull/2365)
* [[`b5bd3ebfc8`](https://github.com/nodejs/node/commit/b5bd3ebfc8)] - **win**: fix custom actions on Visual Studio != 2013 (Julien Gilli) [#2365](https://github.com/nodejs/node/pull/2365)
## 2015-08-18, Version 3.1.0, @Fishrock123
### Notable changes
* **buffer**: Fixed a couple large memory leaks (Ben Noordhuis) [#2352](https://github.com/nodejs/node/pull/2352).
* **crypto**:
- Fixed a couple of minor memory leaks (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375).
- Signing now checks for OpenSSL errors (P.S.V.R) [#2342](https://github.com/nodejs/node/pull/2342). **Note that this may expose previously hidden errors in user code.**
* **intl**: Intl support using small-icu is now enabled by default in builds (Steven R. Loomis) [#2264](https://github.com/nodejs/node/pull/2264).
- [`String#normalize()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/normalize) can now be used for unicode normalization.
- The [`Intl`](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/Intl) object and various `String` and `Number` methods are present, but only support the English locale.
- For support of all locales, node must be built with [full-icu](https://github.com/nodejs/node#build-with-full-icu-support-all-locales-supported-by-icu).
* **tls**: Fixed tls throughput being much lower after an incorrect merge (Fedor Indutny) [#2381](https://github.com/nodejs/node/pull/2381).
* **tools**: The v8 tick processor now comes bundled with node (Matt Loring) [#2090](https://github.com/nodejs/node/pull/2090).
- This can be used by producing performance profiling output by running node with `--perf`, then running your appropriate platform's script on the output as found in [tools/v8-prof](https://github.com/nodejs/node/tree/master/tools/v8-prof).
* **util**: `util.inspect(obj)` now prints the constructor name of the object if there is one (Christopher Monsanto) [#1935](https://github.com/nodejs/io.js/pull/1935).
### Known issues
See https://github.com/nodejs/io.js/labels/confirmed-bug for complete and current list of known issues.
* Some problems with unreferenced timers running during `beforeExit` are still to be resolved. See [#1264](https://github.com/nodejs/io.js/issues/1264).
* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/io.js/issues/690)
* `process.send()` is not synchronous as the docs suggest, a regression introduced in 1.0.2, see [#760](https://github.com/nodejs/io.js/issues/760).
* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/io.js/issues/894)
* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/io.js/issues/1435).
### Commits
* [[`3645dc62ed`](https://github.com/nodejs/node/commit/3645dc62ed)] - **build**: work around VS2015 issue in ICU <56 (Steven R. Loomis) [#2283](https://github.com/nodejs/node/pull/2283)
* [[`1f12e03266`](https://github.com/nodejs/node/commit/1f12e03266)] - **(SEMVER-MINOR)** **build**: intl: converge from joyent/node (Steven R. Loomis) [#2264](https://github.com/nodejs/node/pull/2264)
* [[`071640abdd`](https://github.com/nodejs/node/commit/071640abdd)] - **build**: Intl: bump ICU4C from 54 to 55 (Steven R. Loomis) [#2293](https://github.com/nodejs/node/pull/2293)
* [[`07a88b0c8b`](https://github.com/nodejs/node/commit/07a88b0c8b)] - **build**: update manifest to include Windows 10 (Lucien Greathouse) [#2332](https://github.com/nodejs/io.js/pull/2332)
* [[`0bb099f444`](https://github.com/nodejs/node/commit/0bb099f444)] - **build**: expand ~ in install prefix early (Ben Noordhuis) [#2307](https://github.com/nodejs/io.js/pull/2307)
* [[`7fe6dd8f5d`](https://github.com/nodejs/node/commit/7fe6dd8f5d)] - **crypto**: check for OpenSSL errors when signing (P.S.V.R) [#2342](https://github.com/nodejs/node/pull/2342)
* [[`605f6ee904`](https://github.com/nodejs/node/commit/605f6ee904)] - **crypto**: fix memory leak in PBKDF2Request (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375)
* [[`ba6eb8af12`](https://github.com/nodejs/node/commit/ba6eb8af12)] - **crypto**: fix memory leak in ECDH::SetPrivateKey (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375)
* [[`6a16368611`](https://github.com/nodejs/node/commit/6a16368611)] - **crypto**: fix memory leak in PublicKeyCipher::Cipher (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375)
* [[`a760a87803`](https://github.com/nodejs/node/commit/a760a87803)] - **crypto**: fix memory leak in SafeX509ExtPrint (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375)
* [[`f45487cd6e`](https://github.com/nodejs/node/commit/f45487cd6e)] - **crypto**: fix memory leak in SetDHParam (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375)
* [[`2ff183dd86`](https://github.com/nodejs/node/commit/2ff183dd86)] - **doc**: Update FIPS instructions in README.md (Michael Dawson) [#2278](https://github.com/nodejs/node/pull/2278)
* [[`6483bc2e8f`](https://github.com/nodejs/node/commit/6483bc2e8f)] - **doc**: clarify options for fs.watchFile() (Rich Trott) [#2425](https://github.com/nodejs/node/pull/2425)
* [[`e76822f454`](https://github.com/nodejs/node/commit/e76822f454)] - **doc**: multiple documentation updates cherry picked from v0.12 (James M Snell) [#2302](https://github.com/nodejs/io.js/pull/2302)
* [[`1738c9680b`](https://github.com/nodejs/node/commit/1738c9680b)] - **net**: ensure Socket reported address is current (Ryan Graham) [#2095](https://github.com/nodejs/io.js/pull/2095)
* [[`844d3f0e3e`](https://github.com/nodejs/node/commit/844d3f0e3e)] - **path**: use '===' instead of '==' for comparison (Sam Stites) [#2388](https://github.com/nodejs/node/pull/2388)
* [[`7118b8a882`](https://github.com/nodejs/node/commit/7118b8a882)] - **path**: remove dead code in favor of unit tests (Nathan Woltman) [#2282](https://github.com/nodejs/io.js/pull/2282)
* [[`34f2cfa806`](https://github.com/nodejs/node/commit/34f2cfa806)] - **src**: better error message on failed Buffer malloc (Karl Skomski) [#2422](https://github.com/nodejs/node/pull/2422)
* [[`b196c1da3c`](https://github.com/nodejs/node/commit/b196c1da3c)] - **src**: fix memory leak in DLOpen (Karl Skomski) [#2375](https://github.com/nodejs/node/pull/2375)
* [[`d1307b2995`](https://github.com/nodejs/node/commit/d1307b2995)] - **src**: don't use fopen() in require() fast path (Ben Noordhuis) [#2377](https://github.com/nodejs/node/pull/2377)
* [[`455ec570d1`](https://github.com/nodejs/node/commit/455ec570d1)] - **src**: rename Buffer::Use() to Buffer::New() (Ben Noordhuis) [#2352](https://github.com/nodejs/node/pull/2352)
* [[`fd63e1ce2b`](https://github.com/nodejs/node/commit/fd63e1ce2b)] - **src**: introduce internal Buffer::Copy() function (Ben Noordhuis) [#2352](https://github.com/nodejs/node/pull/2352)
* [[`5586ceca13`](https://github.com/nodejs/node/commit/5586ceca13)] - **src**: move internal functions out of node_buffer.h (Ben Noordhuis) [#2352](https://github.com/nodejs/node/pull/2352)
* [[`bff9bcddb6`](https://github.com/nodejs/node/commit/bff9bcddb6)] - **src**: plug memory leaks (Ben Noordhuis) [#2352](https://github.com/nodejs/node/pull/2352)
* [[`ccf12df4f3`](https://github.com/nodejs/node/commit/ccf12df4f3)] - **(SEMVER-MINOR)** **src**: add total_available_size to v8 statistics (Roman Klauke) [#2348](https://github.com/nodejs/io.js/pull/2348)
* [[`194eeb841b`](https://github.com/nodejs/node/commit/194eeb841b)] - **test**: drop Isolate::GetCurrent() from addon tests (Ben Noordhuis) [#2427](https://github.com/nodejs/node/pull/2427)
* [[`46cdb2f6e2`](https://github.com/nodejs/node/commit/46cdb2f6e2)] - **test**: lint addon tests (Ben Noordhuis) [#2427](https://github.com/nodejs/node/pull/2427)
* [[`850c794882`](https://github.com/nodejs/node/commit/850c794882)] - **test**: refactor test-fs-watchfile.js (Rich Trott) [#2393](https://github.com/nodejs/node/pull/2393)
* [[`a3160c0a33`](https://github.com/nodejs/node/commit/a3160c0a33)] - **test**: correct spelling of 'childProcess' (muddletoes) [#2389](https://github.com/nodejs/node/pull/2389)
* [[`e51f90d747`](https://github.com/nodejs/node/commit/e51f90d747)] - **test**: option to run a subset of tests (João Reis) [#2260](https://github.com/nodejs/io.js/pull/2260)
* [[`cc46d3bca3`](https://github.com/nodejs/node/commit/cc46d3bca3)] - **test**: clarify dropMembership() call (Rich Trott) [#2062](https://github.com/nodejs/io.js/pull/2062)
* [[`0ee4df9c7a`](https://github.com/nodejs/node/commit/0ee4df9c7a)] - **test**: make listen-fd-cluster/server more robust (Sam Roberts) [#1944](https://github.com/nodejs/io.js/pull/1944)
* [[`cf9ba81398`](https://github.com/nodejs/node/commit/cf9ba81398)] - **test**: address timing issues in simple http tests (Gireesh Punathil) [#2294](https://github.com/nodejs/io.js/pull/2294)
* [[`cbb75c4f86`](https://github.com/nodejs/node/commit/cbb75c4f86)] - **tls**: fix throughput issues after incorrect merge (Fedor Indutny) [#2381](https://github.com/nodejs/node/pull/2381)
* [[`94b765f409`](https://github.com/nodejs/node/commit/94b765f409)] - **tls**: fix check for reused session (Fedor Indutny) [#2312](https://github.com/nodejs/io.js/pull/2312)
* [[`e83a41ad65`](https://github.com/nodejs/node/commit/e83a41ad65)] - **tls**: introduce internal `onticketkeycallback` (Fedor Indutny) [#2312](https://github.com/nodejs/io.js/pull/2312)
* [[`fb0f5d733f`](https://github.com/nodejs/node/commit/fb0f5d733f)] - **(SEMVER-MINOR)** **tools**: run the tick processor without building v8 (Matt Loring) [#2090](https://github.com/nodejs/node/pull/2090)
* [[`7606bdb897`](https://github.com/nodejs/node/commit/7606bdb897)] - **(SEMVER-MINOR)** **util**: display constructor when inspecting objects (Christopher Monsanto) [#1935](https://github.com/nodejs/io.js/pull/1935)
## 2015-08-04, Version 3.0.0, @rvagg
### Notable changes
* **buffer**:
- Due to changes in V8, it has been necessary to reimplement `Buffer` on top of V8's `Uint8Array`. Every effort has been made to minimize the performance impact, however `Buffer` instantiation is measurably slower. Access operations may be faster in some circumstances but the exact performance profile and difference over previous versions will depend on how `Buffer` is used within applications. (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825).
- `Buffer` can now take `ArrayBuffer`s as a constructor argument (Trevor Norris) [#2002](https://github.com/nodejs/node/pull/2002).
- When a single buffer is passed to `Buffer.concat()`, a new, copied `Buffer` object will be returned; previous behavior was to return the original `Buffer` object (Sakthipriyan Vairamani) [#1937](https://github.com/nodejs/node/pull/1937).
* **build**: PPC support has been added to core to allow compiling on pLinux BE and LE (AIX support coming soon) (Michael Dawson) [#2124](https://github.com/nodejs/node/pull/2124).
* **dgram**: If an error occurs within `socket.send()` and a callback has been provided, the error is only passed as the first argument to the callback and not emitted on the `socket` object; previous behavior was to do both (Matteo Collina & Chris Dickinson) [#1796](https://github.com/nodejs/node/pull/1796)
* **freelist**: Deprecate the undocumented `freelist` core module (Sakthipriyan Vairamani) [#2176](https://github.com/nodejs/node/pull/2176).
* **http**:
- Status codes now all use the official [IANA names](http://www.iana.org/assignments/http-status-codes) as per [RFC7231](https://tools.ietf.org/html/rfc7231), e.g. `http.STATUS_CODES[414]` now returns `'URI Too Long'` rather than `'Request-URI Too Large'` (jomo) [#1470](https://github.com/nodejs/node/pull/1470).
- Calling .getName() on an HTTP agent no longer returns a trailing colon, HTTPS agents will no longer return an extra colon near the middle of the string (Brendan Ashworth) [#1617](https://github.com/nodejs/node/pull/1617).
* **node**:
- `NODE_MODULE_VERSION` has been bumped to `45` to reflect the break in ABI (Rod Vagg) [#2096](https://github.com/nodejs/node/pull/2096).
- Introduce a new `process.release` object that contains a `name` property set to `'io.js'` and `sourceUrl`, `headersUrl` and `libUrl` (Windows only) properties containing URLs for the relevant resources; this is intended to be used by node-gyp (Rod Vagg) [#2154](https://github.com/nodejs/node/pull/2154).
- The version of node-gyp bundled with io.js now downloads and uses a tarball of header files from iojs.org rather than the full source for compiling native add-ons; it is hoped this is a temporary floating patch and the change will be upstreamed to node-gyp soon (Rod Vagg) [#2066](https://github.com/nodejs/node/pull/2066).
* **repl**: Persistent history is now enabled by default. The history file is located at ~/.node_repl_history, which can be overridden by the new environment variable `NODE_REPL_HISTORY`. This deprecates the previous `NODE_REPL_HISTORY_FILE` variable. Additionally, the format of the file has been changed to plain text to better handle file corruption. (Jeremiah Senkpiel) [#2224](https://github.com/nodejs/node/pull/2224).
* **smalloc**: The `smalloc` module has been removed as it is no longer possible to provide the API due to changes in V8 (Ben Noordhuis) [#2022](https://github.com/nodejs/node/pull/2022).
* **tls**: Add `server.getTicketKeys()` and `server.setTicketKeys()` methods for [TLS session key](https://www.ietf.org/rfc/rfc5077.txt) rotation (Fedor Indutny) [#2227](https://github.com/nodejs/node/pull/2227).
* **v8**: Upgraded to 4.4.63.26
- ES6: Enabled [computed property names](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Object_initializer#Computed_property_names)
- ES6: `Array` can now be subclassed in strict mode
- ES6: Implement [rest parameters](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Functions/rest_parameters) in staging, use the `--harmony-rest-parameters` command line flag
- ES6: Implement the [spread operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator) in staging, use the `--harmony-spreadcalls` command line flag
- Removed `SetIndexedPropertiesToExternalArrayData` and related APIs, forcing a shift to `Buffer` to be reimplemented based on `Uint8Array`
- Introduction of `Maybe` and `MaybeLocal` C++ API for objects which _may_ or _may not_ have a value.
- Added support for PPC
See also https://github.com/nodejs/node/wiki/Breaking-Changes#300-from-2x for a summary of the breaking changes (SEMVER-MAJOR).
### Known issues
See https://github.com/nodejs/node/labels/confirmed-bug for complete and current list of known issues.
* Some problems with unreferenced timers running during `beforeExit` are still to be resolved. See [#1264](https://github.com/nodejs/node/issues/1264).
* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/node/issues/690)
* `process.send()` is not synchronous as the docs suggest, a regression introduced in 1.0.2, see [#760](https://github.com/nodejs/node/issues/760).
* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/node/issues/894)
* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/node/issues/1435).
### Commits
* [[`60a974d200`](https://github.com/nodejs/node/commit/60a974d200)] - **buffer**: fix missing null/undefined check (Trevor Norris) [#2195](https://github.com/nodejs/node/pull/2195)
* [[`e6ab2d92bc`](https://github.com/nodejs/node/commit/e6ab2d92bc)] - **buffer**: fix not return on error (Trevor Norris) [#2225](https://github.com/nodejs/node/pull/2225)
* [[`1057d1186b`](https://github.com/nodejs/node/commit/1057d1186b)] - **buffer**: rename internal/buffer_new.js to buffer.js (Ben Noordhuis) [#2022](https://github.com/nodejs/node/pull/2022)
* [[`4643b8b667`](https://github.com/nodejs/node/commit/4643b8b667)] - **(SEMVER-MINOR)** **buffer**: allow ArrayBuffer as Buffer argument (Trevor Norris) [#2002](https://github.com/nodejs/node/pull/2002)
* [[`e5ada116cd`](https://github.com/nodejs/node/commit/e5ada116cd)] - **buffer**: minor cleanup from rebase (Trevor Norris) [#2003](https://github.com/nodejs/node/pull/2003)
* [[`b625ab4242`](https://github.com/nodejs/node/commit/b625ab4242)] - **buffer**: fix usage of kMaxLength (Trevor Norris) [#2003](https://github.com/nodejs/node/pull/2003)
* [[`eea66e2a7b`](https://github.com/nodejs/node/commit/eea66e2a7b)] - **(SEMVER-MAJOR)** **buffer**: fix case of one buffer passed to concat (Sakthipriyan Vairamani) [#1937](https://github.com/nodejs/node/pull/1937)
* [[`8664084166`](https://github.com/nodejs/node/commit/8664084166)] - **buffer**: make additional changes to native API (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825)
* [[`36f78f4c1c`](https://github.com/nodejs/node/commit/36f78f4c1c)] - **buffer**: switch API to return MaybeLocal<T> (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825)
* [[`571ec13841`](https://github.com/nodejs/node/commit/571ec13841)] - **buffer**: switch to using Maybe<T> API (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825)
* [[`d75f5c8d0e`](https://github.com/nodejs/node/commit/d75f5c8d0e)] - **buffer**: finish implementing FreeCallback (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825)
* [[`63da0dfd3a`](https://github.com/nodejs/node/commit/63da0dfd3a)] - **buffer**: implement Uint8Array backed Buffer (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825)
* [[`23be6ca189`](https://github.com/nodejs/node/commit/23be6ca189)] - **buffer**: allow ARGS_THIS to accept a name (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825)
* [[`971de5e417`](https://github.com/nodejs/node/commit/971de5e417)] - **build**: prepare Windows installer for i18n support (Frederic Hemberger) [#2247](https://github.com/nodejs/node/pull/2247)
* [[`2ba8b23661`](https://github.com/nodejs/node/commit/2ba8b23661)] - **build**: add 'x86' option back in to configure (Rod Vagg) [#2233](https://github.com/nodejs/node/pull/2233)
* [[`b4226e797a`](https://github.com/nodejs/node/commit/b4226e797a)] - **build**: first set of updates to enable PPC support (Michael Dawson) [#2124](https://github.com/nodejs/node/pull/2124)
* [[`24dd016deb`](https://github.com/nodejs/node/commit/24dd016deb)] - **build**: produce symbol map files on windows (Ali Ijaz Sheikh) [#2243](https://github.com/nodejs/node/pull/2243)
* [[`423d8944ce`](https://github.com/nodejs/node/commit/423d8944ce)] - **cluster**: do not unconditionally set --debug-port (cjihrig) [#1949](https://github.com/nodejs/node/pull/1949)
* [[`fa98b97171`](https://github.com/nodejs/node/commit/fa98b97171)] - **cluster**: add handle ref/unref stubs in rr mode (Ben Noordhuis) [#2274](https://github.com/nodejs/node/pull/2274)
* [[`944f68046c`](https://github.com/nodejs/node/commit/944f68046c)] - **crypto**: remove kMaxLength on randomBytes() (Trevor Norris) [#1825](https://github.com/nodejs/node/pull/1825)
* [[`3d3c687012`](https://github.com/nodejs/node/commit/3d3c687012)] - **deps**: update V8 to 4.4.63.26 (Michaël Zasso) [#2220](https://github.com/nodejs/node/pull/2220)
* [[`3aad4fa89a`](https://github.com/nodejs/node/commit/3aad4fa89a)] - **deps**: upgrade v8 to 4.4.63.12 (Ben Noordhuis) [#2092](https://github.com/nodejs/node/pull/2092)
* [[`70d1f32f56`](https://github.com/nodejs/node/commit/70d1f32f56)] - **(SEMVER-MAJOR)** **deps**: update v8 to 4.4.63.9 (Ben Noordhuis) [#2022](https://github.com/nodejs/node/pull/2022)
* [[`deb7ee93a7`](https://github.com/nodejs/node/commit/deb7ee93a7)] - **deps**: backport 7b24219346 from v8 upstream (Rod Vagg) [#1805](https://github.com/nodejs/node/pull/1805)
* [[`d58e780504`](https://github.com/nodejs/node/commit/d58e780504)] - **(SEMVER-MAJOR)** **deps**: update v8 to 4.3.61.21 (Chris Dickinson) [iojs/io.js#1632](https://github.com/iojs/io.js/pull/1632)
* [[`2a63cf612b`](https://github.com/nodejs/node/commit/2a63cf612b)] - **deps**: make node-gyp work with io.js (cjihrig) [iojs/io.js#990](https://github.com/iojs/io.js/pull/990)
* [[`bf63266460`](https://github.com/nodejs/node/commit/bf63266460)] - **deps**: upgrade to npm 2.13.3 (Kat Marchán) [#2284](https://github.com/nodejs/node/pull/2284)
* [[`ef2c8cd4ec`](https://github.com/nodejs/node/commit/ef2c8cd4ec)] - **(SEMVER-MAJOR)** **dgram**: make send cb act as "error" event handler (Matteo Collina) [#1796](https://github.com/nodejs/node/pull/1796)
* [[`3da057fef6`](https://github.com/nodejs/node/commit/3da057fef6)] - **(SEMVER-MAJOR)** **dgram**: make send cb act as "error" event handler (Chris Dickinson) [#1796](https://github.com/nodejs/node/pull/1796)
* [[`df1994fe53`](https://github.com/nodejs/node/commit/df1994fe53)] - ***Revert*** "**dns**: remove AI_V4MAPPED hint flag on FreeBSD" (cjihrig) [iojs/io.js#1555](https://github.com/iojs/io.js/pull/1555)
* [[`1721968b22`](https://github.com/nodejs/node/commit/1721968b22)] - **doc**: document repl persistent history changes (Jeremiah Senkpiel) [#2224](https://github.com/nodejs/node/pull/2224)
* [[`d12df7f159`](https://github.com/nodejs/node/commit/d12df7f159)] - **doc**: update v8 flags in man page (Michaël Zasso) [iojs/io.js#1701](https://github.com/iojs/io.js/pull/1701)
* [[`d168d01b04`](https://github.com/nodejs/node/commit/d168d01b04)] - **doc**: properly inheriting from EventEmitter (Sakthipriyan Vairamani) [#2168](https://github.com/nodejs/node/pull/2168)
* [[`500f2538cc`](https://github.com/nodejs/node/commit/500f2538cc)] - **doc**: a listener, not "an" listener (Sam Roberts) [#1025](https://github.com/nodejs/node/pull/1025)
* [[`54627a919d`](https://github.com/nodejs/node/commit/54627a919d)] - **doc**: server close event does not have an argument (Sam Roberts) [#1025](https://github.com/nodejs/node/pull/1025)
* [[`ed85c95a9c`](https://github.com/nodejs/node/commit/ed85c95a9c)] - **doc,test**: documents behaviour of non-existent file (Sakthipriyan Vairamani) [#2169](https://github.com/nodejs/node/pull/2169)
* [[`2965442308`](https://github.com/nodejs/node/commit/2965442308)] - **(SEMVER-MAJOR)** **http**: fix agent.getName() and add tests (Brendan Ashworth) [#1617](https://github.com/nodejs/node/pull/1617)
* [[`2d9456e3e6`](https://github.com/nodejs/node/commit/2d9456e3e6)] - **(SEMVER-MAJOR)** **http**: use official IANA Status Codes (jomo) [#1470](https://github.com/nodejs/node/pull/1470)
* [[`11e4249227`](https://github.com/nodejs/node/commit/11e4249227)] - **(SEMVER-MAJOR)** **http_server**: `prefinish` vs `finish` (Fedor Indutny) [#1411](https://github.com/nodejs/node/pull/1411)
* [[`9bc2e26720`](https://github.com/nodejs/node/commit/9bc2e26720)] - **net**: do not set V4MAPPED on FreeBSD (Julien Gilli) [iojs/io.js#1555](https://github.com/iojs/io.js/pull/1555)
* [[`ba9ccf227e`](https://github.com/nodejs/node/commit/ba9ccf227e)] - **node**: remove redundant --use-old-buffer (Rod Vagg) [#2275](https://github.com/nodejs/node/pull/2275)
* [[`ef65321083`](https://github.com/nodejs/node/commit/ef65321083)] - **(SEMVER-MAJOR)** **node**: do not override `message`/`stack` of error (Fedor Indutny) [#2108](https://github.com/nodejs/node/pull/2108)
* [[`9f727f5e03`](https://github.com/nodejs/node/commit/9f727f5e03)] - **node-gyp**: detect RC build with x.y.z-rc.n format (Rod Vagg) [#2171](https://github.com/nodejs/node/pull/2171)
* [[`e52f963632`](https://github.com/nodejs/node/commit/e52f963632)] - **node-gyp**: download header tarball for compile (Rod Vagg) [#2066](https://github.com/nodejs/node/pull/2066)
* [[`902c9ca51d`](https://github.com/nodejs/node/commit/902c9ca51d)] - **node-gyp**: make aware of nightly, next-nightly & rc (Rod Vagg) [#2066](https://github.com/nodejs/node/pull/2066)
* [[`4cffaa3f55`](https://github.com/nodejs/node/commit/4cffaa3f55)] - **(SEMVER-MINOR)** **readline**: allow tabs in input (Rich Trott) [#1761](https://github.com/nodejs/node/pull/1761)
* [[`ed6c249104`](https://github.com/nodejs/node/commit/ed6c249104)] - **(SEMVER-MAJOR)** **repl**: persist history in plain text (Jeremiah Senkpiel) [#2224](https://github.com/nodejs/node/pull/2224)
* [[`f7d5e4c618`](https://github.com/nodejs/node/commit/f7d5e4c618)] - **(SEMVER-MINOR)** **repl**: default persistence to ~/.node_repl_history (Jeremiah Senkpiel) [#2224](https://github.com/nodejs/node/pull/2224)
* [[`ea05e760cd`](https://github.com/nodejs/node/commit/ea05e760cd)] - **repl**: don't clobber RegExp.$ properties (Sakthipriyan Vairamani) [#2137](https://github.com/nodejs/node/pull/2137)
* [[`d20093246b`](https://github.com/nodejs/node/commit/d20093246b)] - **src**: disable vector ICs on arm (Michaël Zasso) [#2220](https://github.com/nodejs/node/pull/2220)
* [[`04fd4fad46`](https://github.com/nodejs/node/commit/04fd4fad46)] - **(SEMVER-MINOR)** **src**: introduce process.release object (Rod Vagg) [#2154](https://github.com/nodejs/node/pull/2154)
* [[`9d34bd1147`](https://github.com/nodejs/node/commit/9d34bd1147)] - **src**: increment NODE_MODULE_VERSION to 45 (Rod Vagg) [#2096](https://github.com/nodejs/node/pull/2096)
* [[`ceee8d2807`](https://github.com/nodejs/node/commit/ceee8d2807)] - **test**: add tests for persistent repl history (Jeremiah Senkpiel) [#2224](https://github.com/nodejs/node/pull/2224)
* [[`8e1a8ffe24`](https://github.com/nodejs/node/commit/8e1a8ffe24)] - **test**: remove two obsolete pummel tests (Ben Noordhuis) [#2022](https://github.com/nodejs/node/pull/2022)
* [[`ae731ec0fa`](https://github.com/nodejs/node/commit/ae731ec0fa)] - **test**: don't use arguments.callee (Ben Noordhuis) [#2022](https://github.com/nodejs/node/pull/2022)
* [[`21d31c08e7`](https://github.com/nodejs/node/commit/21d31c08e7)] - **test**: remove obsolete harmony flags (Chris Dickinson)
* [[`64cf71195c`](https://github.com/nodejs/node/commit/64cf71195c)] - **test**: change the hostname to an invalid name (Sakthipriyan Vairamani) [#2287](https://github.com/nodejs/node/pull/2287)
* [[`80a1cf7425`](https://github.com/nodejs/node/commit/80a1cf7425)] - **test**: fix messages and use return to skip tests (Sakthipriyan Vairamani) [#2290](https://github.com/nodejs/node/pull/2290)
* [[`d5ab92bcc1`](https://github.com/nodejs/node/commit/d5ab92bcc1)] - **test**: use common.isWindows consistently (Sakthipriyan Vairamani) [#2269](https://github.com/nodejs/node/pull/2269)
* [[`bc733f7065`](https://github.com/nodejs/node/commit/bc733f7065)] - **test**: fix fs.readFile('/dev/stdin') tests (Ben Noordhuis) [#2265](https://github.com/nodejs/node/pull/2265)
* [[`3cbb5870e5`](https://github.com/nodejs/node/commit/3cbb5870e5)] - **tools**: expose skip output to test runner (Johan Bergström) [#2130](https://github.com/nodejs/node/pull/2130)
* [[`3b021efe11`](https://github.com/nodejs/node/commit/3b021efe11)] - **vm**: fix symbol access (Domenic Denicola) [#1773](https://github.com/nodejs/node/pull/1773)
* [[`7b81e4ba36`](https://github.com/nodejs/node/commit/7b81e4ba36)] - **vm**: remove unnecessary access checks (Domenic Denicola) [#1773](https://github.com/nodejs/node/pull/1773)
* [[`659dadd410`](https://github.com/nodejs/node/commit/659dadd410)] - **vm**: fix property descriptors of sandbox properties (Domenic Denicola) [#1773](https://github.com/nodejs/node/pull/1773)
* [[`9bac1dbae9`](https://github.com/nodejs/node/commit/9bac1dbae9)] - **win,node-gyp**: enable delay-load hook by default (Bert Belder) [iojs/io.js#1433](https://github.com/iojs/io.js/pull/1433)
## 2015-07-28, Version 2.5.0, @cjihrig
### Notable changes
* **https**: TLS sessions in Agent are reused (Fedor Indutny) [#2228](https://github.com/nodejs/node/pull/2228)
* **src**: base64 decoding is now 50% faster (Ben Noordhuis) [#2193](https://github.com/nodejs/node/pull/2193)
* **npm**: Upgraded to v2.13.2, release notes can be found in <https://github.com/npm/npm/releases/tag/v2.13.2> (Kat Marchán) [#2241](https://github.com/nodejs/node/pull/2241).
### Known issues
See https://github.com/nodejs/node/labels/confirmed-bug for complete and current list of known issues.
* Using multiple REPL instances in parallel may cause some REPL history corruption or loss. [#1634](https://github.com/nodejs/node/issues/1634)
* Some problems with unreferenced timers running during `beforeExit` are still to be resolved. See [#1264](https://github.com/nodejs/node/issues/1264).
* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/node/issues/690)
* `process.send()` is not synchronous as the docs suggest, a regression introduced in 1.0.2, see [#760](https://github.com/nodejs/node/issues/760).
* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/node/issues/894)
* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/node/issues/1435).
### Commits
* [[`bf2cd225a8`](https://github.com/nodejs/node/commit/bf2cd225a8)] - **process**: resize stderr on SIGWINCH (Jeremiah Senkpiel) [#2231](https://github.com/nodejs/node/pull/2231)
* [[`99d9d7e716`](https://github.com/nodejs/node/commit/99d9d7e716)] - **benchmark**: add remaining path benchmarks & optimize (Nathan Woltman) [#2103](https://github.com/nodejs/node/pull/2103)
* [[`66fc8ca22b`](https://github.com/nodejs/node/commit/66fc8ca22b)] - **(SEMVER-MINOR)** **cluster**: emit 'message' event on cluster master (Sam Roberts) [#861](https://github.com/nodejs/node/pull/861)
* [[`eb35968de7`](https://github.com/nodejs/node/commit/eb35968de7)] - **crypto**: fix legacy SNICallback (Fedor Indutny) [#1720](https://github.com/nodejs/node/pull/1720)
* [[`fef190cea6`](https://github.com/nodejs/node/commit/fef190cea6)] - **deps**: make node-gyp work with io.js (cjihrig) [iojs/io.js#990](https://github.com/iojs/io.js/pull/990)
* [[`b73a7465c5`](https://github.com/nodejs/node/commit/b73a7465c5)] - **deps**: upgrade to npm 2.13.2 (Kat Marchán) [#2241](https://github.com/nodejs/node/pull/2241)
* [[`0a7bf81d2f`](https://github.com/nodejs/node/commit/0a7bf81d2f)] - **deps**: update V8 to 4.2.77.21 (Ali Ijaz Sheikh) [#2238](https://github.com/nodejs/node/issues/2238)
* [[`73cdcdd581`](https://github.com/nodejs/node/commit/73cdcdd581)] - **deps**: make node-gyp work with io.js (cjihrig) [iojs/io.js#990](https://github.com/iojs/io.js/pull/990)
* [[`04893a736d`](https://github.com/nodejs/node/commit/04893a736d)] - **deps**: upgrade to npm 2.13.1 (Kat Marchán) [#2210](https://github.com/nodejs/node/pull/2210)
* [[`a3c1b9720e`](https://github.com/nodejs/node/commit/a3c1b9720e)] - **doc**: add GPG fingerprint for cjihrig (cjihrig) [#2217](https://github.com/nodejs/node/pull/2217)
* [[`d9f857df3b`](https://github.com/nodejs/node/commit/d9f857df3b)] - **doc**: note about custom inspect functions (Sakthipriyan Vairamani) [#2142](https://github.com/nodejs/node/pull/2142)
* [[`4ef2b5fbfb`](https://github.com/nodejs/node/commit/4ef2b5fbfb)] - **doc**: Replace util.debug with console.error (Yosuke Furukawa) [#2214](https://github.com/nodejs/node/pull/2214)
* [[`b612f085ec`](https://github.com/nodejs/node/commit/b612f085ec)] - **doc**: add joaocgreis as a collaborator (João Reis) [#2208](https://github.com/nodejs/node/pull/2208)
* [[`6b85d5a4b3`](https://github.com/nodejs/node/commit/6b85d5a4b3)] - **doc**: add TSC meeting minutes 2015-07-15 (Rod Vagg) [#2191](https://github.com/nodejs/node/pull/2191)
* [[`c7d8b09162`](https://github.com/nodejs/node/commit/c7d8b09162)] - **doc**: recompile before testing core module changes (Phillip Johnsen) [#2051](https://github.com/nodejs/node/pull/2051)
* [[`9afee6785e`](https://github.com/nodejs/node/commit/9afee6785e)] - **http**: Check this.connection before using it (Sakthipriyan Vairamani) [#2172](https://github.com/nodejs/node/pull/2172)
* [[`2ca5a3db47`](https://github.com/nodejs/node/commit/2ca5a3db47)] - **https**: reuse TLS sessions in Agent (Fedor Indutny) [#2228](https://github.com/nodejs/node/pull/2228)
* [[`fef87fee1d`](https://github.com/nodejs/node/commit/fef87fee1d)] - **(SEMVER-MINOR)** **lib,test**: add freelist deprecation and test (Sakthipriyan Vairamani) [#2176](https://github.com/nodejs/node/pull/2176)
* [[`503b089dd8`](https://github.com/nodejs/node/commit/503b089dd8)] - **net**: don't throw on immediately destroyed socket (Evan Lucas) [#2251](https://github.com/nodejs/node/pull/2251)
* [[`93660c8b8e`](https://github.com/nodejs/node/commit/93660c8b8e)] - **node**: remove bad fn call and check (Trevor Norris) [#2157](https://github.com/nodejs/node/pull/2157)
* [[`afd7e37ee0`](https://github.com/nodejs/node/commit/afd7e37ee0)] - **repl**: better empty line handling (Sakthipriyan Vairamani) [#2163](https://github.com/nodejs/node/pull/2163)
* [[`81ea52aa01`](https://github.com/nodejs/node/commit/81ea52aa01)] - **repl**: improving line continuation handling (Sakthipriyan Vairamani) [#2163](https://github.com/nodejs/node/pull/2163)
* [[`30edb5aee9`](https://github.com/nodejs/node/commit/30edb5aee9)] - **repl**: preventing REPL crash with inherited properties (Sakthipriyan Vairamani) [#2163](https://github.com/nodejs/node/pull/2163)
* [[`77fa385e5d`](https://github.com/nodejs/node/commit/77fa385e5d)] - **repl**: fixing `undefined` in invalid REPL keyword error (Sakthipriyan Vairamani) [#2163](https://github.com/nodejs/node/pull/2163)
* [[`8fd3ce100e`](https://github.com/nodejs/node/commit/8fd3ce100e)] - **src**: make base64 decoding 50% faster (Ben Noordhuis) [#2193](https://github.com/nodejs/node/pull/2193)
* [[`c786d6341d`](https://github.com/nodejs/node/commit/c786d6341d)] - **test**: do not use public IPs for timeout testing (Rich Trott) [#2057](https://github.com/nodejs/node/pull/2057)
* [[`4e78cd71c0`](https://github.com/nodejs/node/commit/4e78cd71c0)] - **test**: skip IPv6 part before testing it (Sakthipriyan Vairamani) [#2226](https://github.com/nodejs/node/pull/2226)
* [[`ac70bc8240`](https://github.com/nodejs/node/commit/ac70bc8240)] - **test**: fix valgrind uninitialized memory warning (Ben Noordhuis) [#2193](https://github.com/nodejs/node/pull/2193)
* [[`ac7d3fa0d9`](https://github.com/nodejs/node/commit/ac7d3fa0d9)] - **test**: add -no_rand_screen to s_client opts on Win (Shigeki Ohtsu) [#2209](https://github.com/nodejs/node/pull/2209)
* [[`79c865a53f`](https://github.com/nodejs/node/commit/79c865a53f)] - **test**: changing process.exit to return while skipping tests (Sakthipriyan Vairamani) [#2109](https://github.com/nodejs/node/pull/2109)
* [[`69298d36cf`](https://github.com/nodejs/node/commit/69298d36cf)] - **test**: formatting skip messages for TAP parsing (Sakthipriyan Vairamani) [#2109](https://github.com/nodejs/node/pull/2109)
* [[`543dabb609`](https://github.com/nodejs/node/commit/543dabb609)] - **timers**: improve Timer.now() performance (Ben Noordhuis) [#2256](https://github.com/nodejs/node/pull/2256)
* [[`3663b124e6`](https://github.com/nodejs/node/commit/3663b124e6)] - **timers**: remove unused Timer.again() (Ben Noordhuis) [#2256](https://github.com/nodejs/node/pull/2256)
* [[`bcce5cf9bb`](https://github.com/nodejs/node/commit/bcce5cf9bb)] - **timers**: remove unused Timer.getRepeat() (Ben Noordhuis) [#2256](https://github.com/nodejs/node/pull/2256)
* [[`f2c83bd202`](https://github.com/nodejs/node/commit/f2c83bd202)] - **timers**: remove unused Timer.setRepeat() (Ben Noordhuis) [#2256](https://github.com/nodejs/node/pull/2256)
* [[`e11fc67225`](https://github.com/nodejs/node/commit/e11fc67225)] - **(SEMVER-MINOR)** **tls**: add `getTicketKeys()`/`setTicketKeys()` (Fedor Indutny) [#2227](https://github.com/nodejs/node/pull/2227)
* [[`68b06e94e3`](https://github.com/nodejs/node/commit/68b06e94e3)] - **tools**: use local or specified $NODE for test-npm (Jeremiah Senkpiel) [#1984](https://github.com/nodejs/node/pull/1984)
* [[`ab479659c7`](https://github.com/nodejs/node/commit/ab479659c7)] - **util**: delay creation of debug context (Ali Ijaz Sheikh) [#2248](https://github.com/nodejs/node/pull/2248)
* [[`6391f4d2fd`](https://github.com/nodejs/node/commit/6391f4d2fd)] - **util**: removing redundant checks in is* functions (Sakthipriyan Vairamani) [#2179](https://github.com/nodejs/node/pull/2179)
* [[`b148c0dff3`](https://github.com/nodejs/node/commit/b148c0dff3)] - **win,node-gyp**: enable delay-load hook by default (Bert Belder) [iojs/io.js#1433](https://github.com/iojs/io.js/pull/1433)
* [[`f90f1e75bb`](https://github.com/nodejs/node/commit/f90f1e75bb)] - **win,node-gyp**: enable delay-load hook by default (Bert Belder) [iojs/io.js#1433](https://github.com/iojs/io.js/pull/1433)
## 2015-07-17, Version 2.4.0, @Fishrock123
### Notable changes
* **src**: Added a new `--track-heap-objects` flag to track heap object allocations for heap snapshots (Bradley Meck) [#2135](https://github.com/nodejs/node/pull/2135).
* **readline**: Fixed a freeze that affected the repl if the keypress event handler threw (Alex Kocharin) [#2107](https://github.com/nodejs/node/pull/2107).
* **npm**: Upgraded to v2.13.0, release notes can be found in <https://github.com/npm/npm/releases/tag/v2.13.0> (Forrest L Norvell) [#2152](https://github.com/nodejs/node/pull/2152).
### Known issues
See https://github.com/nodejs/node/labels/confirmed-bug for complete and current list of known issues.
* Some problems with unreferenced timers running during `beforeExit` are still to be resolved. See [#1264](https://github.com/nodejs/node/issues/1264).
* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/node/issues/690)
* `process.send()` is not synchronous as the docs suggest, a regression introduced in 1.0.2, see [#760](https://github.com/nodejs/node/issues/760).
* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/node/issues/894)
* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/node/issues/1435).
### Commits
* [[`f95f9ef6ea`](https://github.com/nodejs/node/commit/f95f9ef6ea)] - **build**: always use prefix=/ for tar-headers (Rod Vagg) [#2082](https://github.com/nodejs/node/pull/2082)
* [[`12bc397207`](https://github.com/nodejs/node/commit/12bc397207)] - **build**: run-ci makefile rule (Alexis Campailla) [#2134](https://github.com/nodejs/node/pull/2134)
* [[`84012c99e0`](https://github.com/nodejs/node/commit/84012c99e0)] - **build**: fix vcbuild merge issues (Alexis Campailla) [#2131](https://github.com/nodejs/node/pull/2131)
* [[`47e2c5c828`](https://github.com/nodejs/node/commit/47e2c5c828)] - **build**: bail early if clean is invoked (Johan Bergström) [#2127](https://github.com/nodejs/node/pull/2127)
* [[`5acad6b163`](https://github.com/nodejs/node/commit/5acad6b163)] - **child_process**: fix arguments comments (Roman Reiss) [#2161](https://github.com/nodejs/node/pull/2161)
* [[`3c4121c418`](https://github.com/nodejs/node/commit/3c4121c418)] - **deps**: make node-gyp work with io.js (cjihrig) [iojs/io.js#990](https://github.com/iojs/io.js/pull/990)
* [[`938cc757bb`](https://github.com/nodejs/node/commit/938cc757bb)] - **deps**: upgrade to npm 2.13.0 (Forrest L Norvell) [#2152](https://github.com/nodejs/node/pull/2152)
* [[`6f306e0ed2`](https://github.com/nodejs/node/commit/6f306e0ed2)] - **doc**: add targos as a collaborator (Michaël Zasso) [#2200](https://github.com/nodejs/node/pull/2200)
* [[`c019d9a239`](https://github.com/nodejs/node/commit/c019d9a239)] - **doc**: add thefourtheye as a collaborator (Sakthipriyan Vairamani) [#2199](https://github.com/nodejs/node/pull/2199)
* [[`4e92dbc26b`](https://github.com/nodejs/node/commit/4e92dbc26b)] - **doc**: add TSC members from the combined project (Jeremiah Senkpiel) [#2085](https://github.com/nodejs/node/pull/2085)
* [[`6c3aabf455`](https://github.com/nodejs/node/commit/6c3aabf455)] - **doc**: add TSC meeting minutes 2015-07-08 (Rod Vagg) [#2184](https://github.com/nodejs/node/pull/2184)
* [[`30a0d47d51`](https://github.com/nodejs/node/commit/30a0d47d51)] - **doc**: add TSC meeting minutes 2015-07-01 (Rod Vagg) [#2132](https://github.com/nodejs/node/pull/2132)
* [[`23efb05cc3`](https://github.com/nodejs/node/commit/23efb05cc3)] - **doc**: document fs.watchFile behaviour on ENOENT (Brendan Ashworth) [#2093](https://github.com/nodejs/node/pull/2093)
* [[`65963ec26f`](https://github.com/nodejs/node/commit/65963ec26f)] - **doc,test**: empty strings in path module (Sakthipriyan Vairamani) [#2106](https://github.com/nodejs/node/pull/2106)
* [[`0ab81e6f58`](https://github.com/nodejs/node/commit/0ab81e6f58)] - **docs**: link to more up-to-date v8 docs (Jeremiah Senkpiel) [#2196](https://github.com/nodejs/node/pull/2196)
* [[`1afc0c9e86`](https://github.com/nodejs/node/commit/1afc0c9e86)] - **fs**: fix error on bad listener type (Brendan Ashworth) [#2093](https://github.com/nodejs/node/pull/2093)
* [[`2ba84606a6`](https://github.com/nodejs/node/commit/2ba84606a6)] - **path**: assert path.join() arguments equally (Phillip Johnsen) [#2159](https://github.com/nodejs/node/pull/2159)
* [[`bd01603201`](https://github.com/nodejs/node/commit/bd01603201)] - **readline**: fix freeze if `keypress` event throws (Alex Kocharin) [#2107](https://github.com/nodejs/node/pull/2107)
* [[`59f6b5da2a`](https://github.com/nodejs/node/commit/59f6b5da2a)] - **repl**: Prevent crash when tab-completed with Proxy (Sakthipriyan Vairamani) [#2120](https://github.com/nodejs/node/pull/2120)
* [[`cf14a2427c`](https://github.com/nodejs/node/commit/cf14a2427c)] - **(SEMVER-MINOR)** **src**: add --track-heap-objects (Bradley Meck) [#2135](https://github.com/nodejs/node/pull/2135)
* [[`2b4b600660`](https://github.com/nodejs/node/commit/2b4b600660)] - **test**: fix test-debug-port-from-cmdline (João Reis) [#2186](https://github.com/nodejs/node/pull/2186)
* [[`d4ceb16da2`](https://github.com/nodejs/node/commit/d4ceb16da2)] - **test**: properly clean up temp directory (Roman Reiss) [#2164](https://github.com/nodejs/node/pull/2164)
* [[`842eb5b853`](https://github.com/nodejs/node/commit/842eb5b853)] - **test**: add test for dgram.setTTL (Evan Lucas) [#2121](https://github.com/nodejs/node/pull/2121)
* [[`cff7300a57`](https://github.com/nodejs/node/commit/cff7300a57)] - **win,node-gyp**: enable delay-load hook by default (Bert Belder) [iojs/io.js#1433](https://github.com/iojs/io.js/pull/1433)
## 2015-07-09, Version 2.3.4, @Fishrock123
### Notable changes
* **openssl**: Upgrade to 1.0.2d, fixes CVE-2015-1793 (Alternate Chains Certificate Forgery) (Shigeki Ohtsu) [#2141](https://github.com/nodejs/node/pull/2141).
* **npm**: Upgraded to v2.12.1, release notes can be found in <https://github.com/npm/npm/releases/tag/v2.12.0> and <https://github.com/npm/npm/releases/tag/v2.12.1> (Kat Marchán) [#2112](https://github.com/nodejs/node/pull/2112).
### Known issues
See https://github.com/nodejs/node/labels/confirmed-bug for complete and current list of known issues.
* Some problems with unreferenced timers running during `beforeExit` are still to be resolved. See [#1264](https://github.com/nodejs/node/issues/1264).
* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/node/issues/690)
* `process.send()` is not synchronous as the docs suggest, a regression introduced in 1.0.2, see [#760](https://github.com/nodejs/node/issues/760).
* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/node/issues/894)
* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/node/issues/1435).
### Commits
* [[`0d15161c24`](https://github.com/nodejs/node/commit/0d15161c24)] - **benchmark**: Add some path benchmarks for #1778 (Nathan Woltman) [#1778](https://github.com/nodejs/node/pull/1778)
* [[`c70e68fa32`](https://github.com/nodejs/node/commit/c70e68fa32)] - **deps**: update deps/openssl/conf/arch/*/opensslconf.h (Shigeki Ohtsu) [#2141](https://github.com/nodejs/node/pull/2141)
* [[`ca93f7f2e6`](https://github.com/nodejs/node/commit/ca93f7f2e6)] - **deps**: upgrade openssl sources to 1.0.2d (Shigeki Ohtsu) [#2141](https://github.com/nodejs/node/pull/2141)
* [[`b18c841ec1`](https://github.com/nodejs/node/commit/b18c841ec1)] - **deps**: make node-gyp work with io.js (cjihrig) [iojs/io.js#990](https://github.com/iojs/io.js/pull/990)
* [[`863cdbdd08`](https://github.com/nodejs/node/commit/863cdbdd08)] - **deps**: upgrade to npm 2.12.1 (Kat Marchán) [#2112](https://github.com/nodejs/node/pull/2112)
* [[`84b3915764`](https://github.com/nodejs/node/commit/84b3915764)] - **doc**: document current release procedure (Rod Vagg) [#2099](https://github.com/nodejs/node/pull/2099)
* [[`46140334cd`](https://github.com/nodejs/node/commit/46140334cd)] - **doc**: update AUTHORS list (Rod Vagg) [#2100](https://github.com/nodejs/node/pull/2100)
* [[`bca53dce76`](https://github.com/nodejs/node/commit/bca53dce76)] - **path**: refactor for performance and consistency (Nathan Woltman) [#1778](https://github.com/nodejs/node/pull/1778)
* [[`6bef15afe7`](https://github.com/nodejs/node/commit/6bef15afe7)] - **src**: remove traceSyncIO property from process (Bradley Meck) [#2143](https://github.com/nodejs/node/pull/2143)
* [[`2ba1740ba1`](https://github.com/nodejs/node/commit/2ba1740ba1)] - **test**: add missing crypto checks (Johan Bergström) [#2129](https://github.com/nodejs/node/pull/2129)
* [[`180fd392ca`](https://github.com/nodejs/node/commit/180fd392ca)] - **test**: refactor test-repl-tab-complete (Sakthipriyan Vairamani) [#2122](https://github.com/nodejs/node/pull/2122)
* [[`fb05c8e27d`](https://github.com/nodejs/node/commit/fb05c8e27d)] - ***Revert*** "**test**: add test for missing `close`/`finish` event" (Fedor Indutny)
* [[`9436a860cb`](https://github.com/nodejs/node/commit/9436a860cb)] - **test**: add test for missing `close`/`finish` event (Mark Plomer) [iojs/io.js#1373](https://github.com/iojs/io.js/pull/1373)
* [[`ee3ce2ed88`](https://github.com/nodejs/node/commit/ee3ce2ed88)] - **tools**: install gdbinit from v8 to $PREFIX/share (Ali Ijaz Sheikh) [#2123](https://github.com/nodejs/node/pull/2123)
* [[`dd523c75da`](https://github.com/nodejs/node/commit/dd523c75da)] - **win,node-gyp**: enable delay-load hook by default (Bert Belder) [iojs/io.js#1433](https://github.com/iojs/io.js/pull/1433)
Update lang/nodejs to 0.12.7. 2015.07.09, Version 0.12.7 (Stable) * openssl: upgrade to 1.0.1p * npm: upgrade to 2.11.3 * V8: cherry-pick JitCodeEvent patch from upstream (Ben Noordhuis) * win,msi: create npm folder in AppData directory (Steven Rockarts)
Update nodejs to 0.12.6. 2015.07.03, Version 0.12.6 (Stable) * V8: fix out-of-band write in utf8 decoder This is an important security update as this bug can be used to cause a denial of service attack.
Update lang/nodejs to 0.12.5. 2015.06.22, Version 0.12.5 (Stable) - openssl: upgrade to 1.0.1o (Addressing multiple CVEs) - npm: upgrade to 2.11.2 - uv: upgrade to 1.6.1 - V8: avoid deadlock when profiling is active (Dmitri Melikyan) - install: fix source path for openssl headers (Oguz Bastemur) - install: make sure opensslconf.h is overwritten (Oguz Bastemur) - timers: fix timeout when added in timer's callback (Julien Gilli) - windows: broadcast WM_SETTINGCHANGE after install (Mathias Küsel)
Update nodejs to 0.12.4. Fix joerg's patch to actually do the right thing on NetBSD 6. Add option to build with Intl support using textproc/icu. Cleanup. 2015.05.22, Version 0.12.4 (Stable) * npm: upgrade to 2.10.1 * V8: revert v8 Array.prototype.values() removal (cjihrig) * win: bring back xp/2k3 support (Bert Belder)
Update nodejs to 0.12.3. 2015.05.13, Version 0.12.3 (Stable) * V8: update to 3.28.71.19 * uv: upgrade to 1.5.0 * npm: upgrade to 2.9.1 * V8: don't busy loop in v8 cpu profiler thread (Mike Tunnicliffe) * V8: fix issue with let bindings in for loops (adamk) * debugger: don't spawn child process in remote mode (Jackson Tian) * net: do not set V4MAPPED on FreeBSD (Julien Gilli) * repl: make 'Unexpected token' errors recoverable (Julien Gilli) * src: backport ignore ENOTCONN on shutdown race (Ben Noordhuis) * src: fix backport of SIGINT crash fix on FreeBSD (Julien Gilli)
Work around missing sem_timedwait(3) in NetBSD < 6.99.4 by reusing the patch for NaCL from Chromium V8 change d4f11c0cf476dd854eaebec1cbacb1afc7bea18e. PKGREVISION++
Update to 0.12.2 Changelog: 2015.03.31, Version 0.12.2 (Stable) * uv: Upgrade to 1.4.2 * npm: Upgrade to 2.7.4 * V8: do not add extra newline in log file (Julien Gilli) * V8: Fix --max_old_space_size=4096 integer overflow (Andrei Sedoi) * asyncwrap: fix constructor condition for early ret (Trevor Norris) * buffer: align chunks on 8-byte boundary (Fedor Indutny) * buffer: fix pool offset adjustment (Trevor Norris) * build: fix use of strict aliasing (Trevor Norris) * console: allow Object.prototype fields as labels (Colin Ihrig) * fs: make F_OK/R_OK/W_OK/X_OK not writable (Jackson Tian) * fs: properly handle fd passed to truncate() (Bruno Jouhier) * http: fix assert on data/end after socket error (Fedor Indutny) * lib: fix max size check in Buffer constructor (Ben Noordhuis) * lib: fix stdio/ipc sync i/o regression (Ben Noordhuis) * module: replace NativeModule.require (Herbert Vojčík) * net: allow port 0 in connect() (cjihrig) * net: unref timer in parent sockets (Fedor Indutny) * path: refactor for performance and consistency (Nathan Woltman) * smalloc: extend user API (Trevor Norris) * src: fix for SIGINT crash on FreeBSD (Fedor Indutny) * src: fix builtin modules failing with --use-strict (Julien Gilli) * watchdog: fix timeout for early polling return (Saúl Ibarra Corretgé) 2015.03.23, Version 0.12.1 (Stable), 0034086b49f22cfde765a7e9f55db25f8eb310b6 * openssl: upgrade to 1.0.1m (Addressing multiple CVES) 2015.02.06, Version 0.12.0 (Stable), 2b18916ff054309a07408719b62e2b6a4f1e056a * npm: Upgrade to 2.5.1 * mdb_v8: update for v0.12 (Dave Pacheco)
Update nodejs to 0.10.36. 2015.01.26, Version 0.10.36 (Stable) * openssl: update to 1.0.1l * v8: Fix debugger and strict mode regression (Julien Gilli) * v8: don't busy loop in cpu profiler thread (Ben Noordhuis)
Update nodejs to 0.10.35. Trivial bugfix update of a leaf package. 2014.12.22, Version 0.10.35 (Stable) * tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson) * timers: don't close interval timers when unrefd (Julien Gilli) * timers: don't mutate unref list while iterating it (Julien Gilli) 2014.12.17, Version 0.10.34 (Stable) * uv: update to v0.10.30 * zlib: upgrade to v1.2.8 * child_process: check execFile args is an array (Sam Roberts) * child_process: check fork args is an array (Sam Roberts) * crypto: update root certificates (Ben Noordhuis) * domains: fix issues with abort on uncaught (Julien Gilli) * timers: Avoid linear scan in _unrefActive. (Julien Gilli) * timers: fix unref() memory leak (Trevor Norris) * v8: add api for aborting on uncaught exception (Julien Gilli) * debugger: fix when using "use strict" (Julien Gilli)
Update nodejs to 0.10.33. 2014.10.20, Version 0.10.33 (Stable) - openssl: Update to 1.0.1j (Addressing multiple CVEs) - uv: Update to v0.10.29 - child_process: properly support optional args (cjihrig) - crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny, Timothy J Fontaine, Alexis Campailla)
Update nodejs to 0.10.32. 2014.09.16, Version 0.10.32 (Stable) * npm: Update to 1.4.28 * v8: fix a crash introduced by previous release (Fedor Indutny) * configure: add --openssl-no-asm flag (Fedor Indutny) * crypto: use domains for any callback-taking method (Chris Dickinson) * http: do not send `0\r\n\r\n` in TE HEAD responses (Fedor Indutny) * querystring: fix unescape override (Tristan Berger) * url: Add support for RFC 3490 separators (Mathias Bynens)
Update nodejs to 0.10.31. 2014.08.19, Version 0.10.31 (Stable) * v8: backport CVE-2013-6668 * openssl: Update to v1.0.1i * npm: Update to v1.4.23 * cluster: disconnect should not be synchronous (Sam Roberts) * fs: fix fs.readFileSync fd leak when get RangeError (Jackson Tian) * stream: fix Readable.wrap objectMode falsy values (James Halliday) * timers: fix timers with non-integer delay hanging. (Julien Gilli)
Update nodejs to 0.10.30.
2014.07.31, Version 0.10.30 (Stable)
* uv: Upgrade to v0.10.28
* npm: Upgrade to v1.4.21
* v8: Interrupts must not mask stack overflow.
* Revert "stream: start old-mode read in a next tick" (Fedor Indutny)
* buffer: fix sign overflow in `readUIn32BE` (Fedor Indutny)
* buffer: improve {read,write}{U}Int* methods (Nick Apperson)
* child_process: handle writeUtf8String error (Fedor Indutny)
* deps: backport 4ed5fde4f from v8 upstream (Fedor Indutny)
* deps: cherry-pick eca441b2 from OpenSSL (Fedor Indutny)
* lib: remove and restructure calls to isNaN() (cjihrig)
* module: eliminate double `getenv()` (Maciej Malecki)
* stream2: flush extant data on read of ended stream (Chris Dickinson)
* streams: remove unused require('assert') (Rod Vagg)
* timers: backport f8193ab (Julien Gilli)
* util.h: interface compatibility (Oguz Bastemur)
* zlib: do not crash on write after close (Fedor Indutny)
Update nodejs to 0.10.29.
2014.06.05, Version 0.10.29 (Stable)
* openssl: to 1.0.1h (CVE-2014-0224)
* npm: upgrade to 1.4.10
* utf8: Prevent Node from sending invalid UTF-8 (Felix Geisendoerfer)
- *NOTE* this introduces a breaking change, previously you could
construct invalid UTF-8 and invoke an error in a client that was
expecting valid UTF-8, now unmatched surrogate pairs are replaced
with the unknown UTF-8 character. To restore the old functionality
simply have NODE_INVALID_UTF8 environment variable set.
* child_process: do not set args before throwing (Greg Sabia Tucker)
* child_process: spawn() does not throw TypeError (Greg Sabia Tucker)
* constants: export O_NONBLOCK (Fedor Indutny)
* crypto: improve memory usage (Alexis Campailla)
* fs: close file if fstat() fails in readFile() (cjihrig)
* lib: name EventEmitter prototype methods (Ben Noordhuis)
* tls: fix performance issue (Alexis Campailla)
Mark packages that are not ready for python-3.3 also not ready for 3.4, until proven otherwise.
2014.05.01, Version 0.10.28 (Stable) * npm: upgrade to v1.4.9
2014.05.01, Version 0.10.27 (Stable) * npm: upgrade to v1.4.8 * openssl: upgrade to 1.0.1g * uv: update to v0.10.27 * dns: fix certain txt entries (Fedor Indutny) * assert: Ensure reflexivity of deepEqual (Mike Pennisi) * child_process: fix deadlock when sending handles (Fedor Indutny) * child_process: fix sending handle twice (Fedor Indutny) * crypto: do not lowercase cipher/hash names (Fedor Indutny) * dtrace: workaround linker bug on FreeBSD (Fedor Indutny) * http: do not emit EOF non-readable socket (Fedor Indutny) * http: invoke createConnection when no agent (Nathan Rajlich) * stream: remove useless check (Brian White) * timer: don't reschedule timer bucket in a domain (Greg Brail) * url: treat \ the same as / (isaacs) * util: format as Error if instanceof Error (Rod Vagg)
Grab maintainership
Update nodejs to 0.10.26. 2014.02.18, Version 0.10.26 (Stable) * uv: Upgrade to v0.10.25 (Timothy J Fontaine) * npm: upgrade to 1.4.3 (isaacs) * v8: support compiling with VS2013 (Fedor Indutny) * cares: backport TXT parsing fix (Fedor Indutny) * crypto: throw on SignFinal failure (Fedor Indutny) * crypto: update root certificates (Ben Noordhuis) * debugger: Fix breakpoint not showing after restart (Farid Neshat) * fs: make unwatchFile() insensitive to path (iamdoron) * net: do not re-emit stream errors (Fedor Indutny) * net: make Socket destroy() re-entrance safe (Jun Ma) * net: reset `endEmitted` on reconnect (Fedor Indutny) * node: do not close stdio implicitly (Fedor Indutny) * zlib: avoid assertion in close (Fedor Indutny)
Recursive PKGREVISION bump for OpenSSL API version bump.
2014.01.23, Version 0.10.25 (Stable) * uv: Upgrade to v0.10.23 * npm: Upgrade to v1.3.24 * v8: Fix enumeration for objects with lots of properties * child_process: fix spawn() optional arguments (Sam Roberts) * cluster: report more errors to workers (Fedor Indutny) * domains: exit() only affects active domains (Ryan Graham) * src: OnFatalError handler must abort() (Timothy J Fontaine) * stream: writes may return false but forget to emit drain (Yang Tianyang)
Mark packages as not ready for python-3.x where applicable; either because they themselves are not ready or because a dependency isn't. This is annotated by PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z or PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar respectively, please use the same style for other packages, and check during updates. Use versioned_dependencies.mk where applicable. Use REPLACE_PYTHON instead of handcoded alternatives, where applicable. Reorder Makefile sections into standard order, where applicable. Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default with the next commit. Whitespace cleanups and other nits corrected, where necessary.
Include lang/python/tool.mk, gyp-mac-tool previously used the system python which on Snow Leopard is 2.6 and is unable to handle the constructs used in that file.
2013.12.18, Version 0.10.24 (Stable)
* uv: Upgrade to v0.10.21
* npm: upgrade to 1.3.21
* v8: backport fix for CVE-2013-{6639|6640}
* build: unix install node and dep library headers (Timothy J Fontaine)
* cluster, v8: fix --logfile=%p.log (Ben Noordhuis)
* module: only cache package main (Wyatt Preul)
Fix copy/paste error.
Update lang/nodejs to version 0.10.23. Changes since 0.10.20: 2013.12.12, Version 0.10.23 (Stable) * uv: Upgrade to v0.10.20 (Timothy J Fontaine) * npm: Upgrade to 1.3.17 (isaacs) * gyp: update to 78b26f7 (Timothy J Fontaine) * build: include postmortem symbols on linux (Timothy J Fontaine) * crypto: Make Decipher._flush() emit errors. (Kai Groner) * dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny) * events: do not accept NaN in setMaxListeners (Fedor Indutny) * events: avoid calling `once` functions twice (Tim Wood) * events: fix TypeError in removeAllListeners (Jeremy Martin) * fs: report correct path when EEXIST (Fedor Indutny) * process: enforce allowed signals for kill (Sam Roberts) * tls: emit 'end' on .receivedShutdown (Fedor Indutny) * tls: fix potential data corruption (Fedor Indutny) * tls: handle `ssl.start()` errors appropriately (Fedor Indutny) * tls: reset NPN callbacks after SNI (Fedor Indutny) 2013.11.12, Version 0.10.22 (Stable), cbff8f091c22fb1df6b238c7a1b9145db950fa65 * npm: Upgrade to 1.3.14 * uv: Upgrade to v0.10.19 * child_process: don't assert on stale file descriptor events (Fedor Indutny) * darwin: Fix "Not Responding" in Mavericks activity monitor (Fedor Indutny) * debugger: Fix bug in sb() with unnamed script (Maxim Bogushevich) * repl: do not insert duplicates into completions (Maciej Małecki) * src: Fix memory leak on closed handles (Timothy J Fontaine) * tls: prevent stalls by using read(0) (Fedor Indutny) * v8: use correct timezone information on Solaris (Maciej Małecki) 2013.10.18, Version 0.10.21 (Stable), e2da042844a830fafb8031f6c477eb4f96195210 * uv: Upgrade to v0.10.18 * crypto: clear errors from verify failure (Timothy J Fontaine) * dtrace: interpret two byte strings (Dave Pacheco) * fs: fix fs.truncate() file content zeroing bug (Ben Noordhuis) * http: provide backpressure for pipeline flood (isaacs) * tls: fix premature connection termination (Ben Noordhuis)
2013.09.30, Version 0.10.20 (Stable) * tls: fix sporadic hang and partial reads (Fedor Indutny) - fixes "npm ERR! cb() never called!" 2013.09.24, Version 0.10.19 (Stable), 6b5e6a5a3ec8d994c9aab3b800b9edbf1b287904 * uv: Upgrade to v0.10.17 * npm: upgrade to 1.3.11 * readline: handle input starting with control chars (Eric Schrock) * configure: add mips-float-abi (soft, hard) option (Andrei Sedoi) * stream: objectMode transforms allow falsey values (isaacs) * tls: prevent duplicate values returned from read (Nathan Rajlich) * tls: NPN protocols are now local to connections (Fedor Indutny)
2013.09.04, Version 0.10.18 (Stable) * uv: Upgrade to v0.10.15 * stream: Don't crash on unset _events property (isaacs) * stream: Pass 'buffer' encoding with decoded writable chunks (isaacs) 2013.08.21, Version 0.10.17 (Stable), 469a4a5091a677df62be319675056b869c31b35c * uv: Upgrade v0.10.14 * http_parser: Do not accept PUN/GEM methods as PUT/GET (Chris Dickinson) * tls: fix assertion when ssl is destroyed at read (Fedor Indutny) * stream: Throw on 'error' if listeners removed (isaacs) * dgram: fix assertion on bad send() arguments (Ben Noordhuis) * readline: pause stdin before turning off terminal raw mode (Daniel Chatfield) 2013.08.16, Version 0.10.16 (Stable), 50b4c905a4425430ae54db4906f88982309e128d * v8: back-port fix for CVE-2013-2882 * npm: Upgrade to 1.3.8 * crypto: fix assert() on malformed hex input (Ben Noordhuis) * crypto: fix memory leak in randomBytes() error path (Ben Noordhuis) * events: fix memory leak, don't leak event names (Ben Noordhuis) * http: Handle hex/base64 encodings properly (isaacs) * http: improve chunked res.write(buf) performance (Ben Noordhuis) * stream: Fix double pipe error emit (Eran Hammer)
2013.07.25, Version 0.10.15 (Stable) * src: fix process.getuid() return value (Ben Noordhuis) 2013.07.25, Version 0.10.14 (Stable), fdf57f811f9683a4ec49a74dc7226517e32e6c9d * uv: Upgrade to v0.10.13 * npm: Upgrade to v1.3.5 * os: Don't report negative times in cpu info (Ben Noordhuis) * fs: Handle large UID and GID (Ben Noordhuis) * url: Fix edge-case when protocol is non-lowercase (Shuan Wang) * doc: Streams API Doc Rewrite (isaacs) * node: call MakeDomainCallback in all domain cases (Trevor Norris) * crypto: fix memory leak in LoadPKCS12 (Fedor Indutny)
2013.07.09, Version 0.10.13 (Stable) * uv: Upgrade to v0.10.12 * npm: Upgrade to 1.3.2 * windows: get proper errno (Ben Noordhuis) * tls: only wait for finish if we haven't seen it (Timothy J Fontaine) * http: Dump response when request is aborted (isaacs) * http: use an unref'd timer to fix delay in exit (Peter Rust) * zlib: level can be negative (Brian White) * zlib: allow zero values for level and strategy (Brian White) * buffer: add comment explaining buffer alignment (Ben Noordhuis) * string_bytes: properly detect 64bit (Timothy J Fontaine) * src: fix memory leak in UsingDomains() (Ben Noordhuis) 2013.06.18, Version 0.10.12 (Stable) * npm: Upgrade to 1.2.32 * readline: make `ctrl + L` clear the screen (Yuan Chuan) * v8: add setVariableValue debugger command (Ben Noordhuis) * net: Do not destroy socket mid-write (isaacs) * v8: fix build for mips32r2 architecture (Andrei Sedoi) * configure: fix cross-compilation host_arch_cc() (Andrei Sedoi)
Bump PKGREVISION. * Convert .if clause to devel/libexecinfo/builtin.mk. On NetBSD current, binary should be changed.
Enforce using the system libtool on OSX. Fixes build + modules.
Update nodejs to 0.10.11. 2013.06.13, Version 0.10.11 (Stable) * uv: upgrade to 0.10.11 * npm: Upgrade to 1.2.30 * openssl: add missing configuration pieces for MIPS (Andrei Sedoi) * Revert "http: remove bodyHead from 'upgrade' events" (isaacs) * v8: fix pointer arithmetic undefined behavior (Trevor Norris) * crypto: fix utf8/utf-8 encoding check (Ben Noordhuis) * net: Fix busy loop on POLLERR|POLLHUP on older linux kernels (Ben Noordhuis, isaacs)
Update nodejs to 0.10.10
Changes:
* uv: Upgrade to 0.10.10
* npm: Upgrade to 1.2.25
* url: Properly parse certain oddly formed urls (isaacs)
* stream: unshift('') is a noop (isaacs)
2013.05.30, Version 0.10.9 (Stable) * npm: Upgrade to 1.2.24 * uv: Upgrade to v0.10.9 * repl: fix JSON.parse error check (Brian White) * tls: proper .destroySoon (Fedor Indutny) * tls: invoke write cb only after opposite read end (Fedor Indutny) * tls: ignore .shutdown() syscall error (Fedor Indutny)
2013.05.24, Version 0.10.8 (Stable) * v8: update to 3.14.5.9 * uv: upgrade to 0.10.8 * npm: Upgrade to 1.2.23 * http: remove bodyHead from 'upgrade' events (Nathan Zadoks) * http: Return true on empty writes, not false (isaacs) * http: save roundtrips, convert buffers to strings (Ben Noordhuis) * configure: respect the --dest-os flag consistently (Nathan Rajlich) * buffer: throw when writing beyond buffer (Trevor Norris) * crypto: Clear error after DiffieHellman key errors (isaacs) * string_bytes: strip padding from base64 strings (Trevor Norris)
2013.05.17, Version 0.10.7 (Stable) * uv: upgrade to v0.10.7 * npm: Upgrade to 1.2.21 * crypto: Don't ignore verify encoding argument (isaacs) * buffer, crypto: fix default encoding regression (Ben Noordhuis) * timers: fix setInterval() assert (Ben Noordhuis) (Commit lost when importing from wip/node.)
add nodejs package, previously in wip/node