2021-10-20, Version 16.12.0 (Current), @richardlau

Notable Changes

Experimental ESM Loader Hooks API

Node.js ESM Loader hooks have been consolidated to represent the steps involved needed to facilitate future loader chaining:

1. resolve: resolve [+ getFormat]
2. load: getFormat + getSource + transformSource

For consistency, getGlobalPreloadCode has been renamed to globalPreload.

A loader exporting obsolete hook(s) will trigger a single deprecation warning (per loader) listing the errant hooks.

Contributed by Jacob Smith, Geoffrey Booth, and Bradley Farias - #37468

Other Notable Changes

• [8fdabcb918] - deps: upgrade npm to 8.1.0 (npm team) #40463
• [d1d9f2de30] - doc: deprecate (doc-only) http abort related (dr-js) #36670
• [4116b6c907] - (SEMVER-MINOR) vm: add support for import assertions in dynamic imports (Antoine du Hamel) #40249

Commits

• [8bb3951e41] - build: remove duplicate check for authors.yml (Rich Trott) #40393
• [2de57edced] - build: make scripts in gyp run with right python (Cheng Zhao) #39730
• [a8926d199d] - crypto: remove incorrect constructor invocation (gc) #40300
• [8fdabcb918] - deps: upgrade npm to 8.1.0 (npm team) #40463
• [dca5ac1539] - deps: suppress zlib compiler warnings (Daniel Bevenius) #40343
• [91c3bf6a7f] - deps: upgrade Corepack to 0.10 (Maël Nison) #40374
• [7e02124a06] - dgram: add nread assertion to UDPWrap::OnRecv (Darshan Sen) #40295
• [2d409ed29e] - dns: refactor and use validators (Voltrex) #40022
• [dc7291dab8] - doc: remove ESLint comments which were breaking the CJS/ESM toggles (Mark Skelton) #40408
• [85b7385115] - doc: add pronouns for tniessen to README (Tobias Nießen) #40412
• [1d5857c9f4] - doc: format changelogs (Rich Trott) #40388
• [5eb9402b50] - doc: fix missing variable in deepStrictEqual example (OliverOdo) #40396
• [6f77d1a1d5] - doc: fix asyncLocalStorage.run() description (Constantine Kim) #40381
• [93a48e02dc] - doc: fix typos in n-api docs (Ignacio Carbajo) #40402
• [fb7afb91c2] - doc: format doc/guides using format-md task (Rich Trott) #40358
• [6c091c7878] - doc: improve phrasing in fs.md (Arslan Ali) #40255
• [38d81380ac] - doc: add link to core promises tracking issue (Michael Dawson) #40355
• [71a94aa82a] - doc: correct ESM load hook table header (Jacob Smith) #40234
• [5b074affb4] - doc: fix typo in esm.md (Mason Malone) #40273
• [3b3aaa0a37] - doc: fix typo in ESM example (Tobias Nießen) #40275
• [f848553fb8] - doc: assign missing deprecation number (Michaël Zasso) #40324
• [d1d9f2de30] - doc: deprecate (doc-only) http abort related (dr-js) #36670
• [1ef2cf8413] - doc: anchor link parity between markdown and html-generated docs (foxxyz) #39304
• [3743406b0a] - (SEMVER-MINOR) esm: consolidate ESM loader hooks (Jacob Smith) #37468
• [168020e1c8] - lib: refactor to use let (gdccwxx) #40364
• [bcd59d70bb] - meta: consolidate AUTHORS entries for gabrielschulhof (Rich Trott) #40420
• [80b4245db8] - meta: consolidate AUTHORS information for geirha (Rich Trott) #40406
• [93cecb4700] - meta: consolidate duplicate AUTHORS entries for hassaanp (Rich Trott) #40391
• [fff3135909] - meta: update AUTHORS (Node.js GitHub Bot) #40392
• [122481713d] - meta: consolidate AUTHORS entry for thw0rted (Rich Trott) #40387
• [7f50313fcc] - meta: update label-pr-config (Mestery) #40199
• [5668182665] - meta: use .mailmap to consolidate AUTHORS entries for ide (Rich Trott) #40367
• [bc86084a3e] - net: check if option is undefined (Daijiro Wachi) #40344
• [4564a93e5e] - net: remove unused ObjectKeys (Daijiro Wachi) #40344
• [dbb2e6f429] - net: check objectMode first and then readble || writable (Daijiro Wachi) #40344
• [a672be57c8] - net: throw error to object mode in Socket (Daijiro Wachi) #40344
• [faf9e28c36] - src: remove usage of AllocatedBuffer from stream_* (Darshan Sen) #40293
• [857af2ba99] - src: add missing initialization (Michael Dawson) #40370
• [2bfa87edbc] - stream: fix fromAsyncGen (Robert Nagy) #40499
• [1e15137e71] - test: replace common port with specific number (Daijiro Wachi) #40344
• [6f6b99c302] - test: fix typos in whatwg-webstreams explanations (Tobias Nießen) #40389
• [641b1bb052] - test: add test for readStream.path when fd is specified (Qingyu Deng) #40359
• [07dae7ff50] - test: replace .then chains with await (gdccwxx) #40348
• [d8a36ee1de] - test: fix "test/common/debugger" identify async function (gdccwxx) #40348
• [13d6a56c7d] - test: improve test coverage of fs.ReadStream with FileHandle (Antoine du Hamel) #40018
• [50f91ab059] - tools: udpate @babel/eslint-parser (Rich Trott) #40394
• [3611073145] - tools: remove @babel/plugin-syntax-import-assertions (Rich Trott) #40394
• [[b72d693a3a](https://github.com/nodejs/node...

2021-10-19, Version 17.0.0 (Current), @BethGriggs

Notable Changes

Deprecations and Removals

• [f182b9b29f] - (SEMVER-MAJOR) dns: runtime deprecate type coercion of dns.lookup options (Antoine du Hamel) #39793
• [4b030d0573] - doc: deprecate (doc-only) http abort related (dr-js) #36670
• [36e2ffe6dc] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) #40121
• [64287e4d45] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) #40117

OpenSSL 3.0

Node.js now includes OpenSSL 3.0, specifically quictls/openssl which provides QUIC support. With OpenSSL 3.0 FIPS support is again available using the new FIPS module. For details about how to build Node.js with FIPS support please see BUILDING.md.

While OpenSSL 3.0 APIs should be mostly compatible with those provided by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to tightened restrictions on the allowed algorithms and key sizes.

If you hit an ERR_OSSL_EVP_UNSUPPORTED error in your application with Node.js 17, it’s likely that your application or a module you’re using is attempting to use an algorithm or key size which is no longer allowed by default with OpenSSL 3.0. A command-line option, --openssl-legacy-provider, has been added to revert to the legacy provider as a temporary workaround for these tightened restrictions.

For details about all the features in OpenSSL 3.0 please see the OpenSSL 3.0 release blog.

Contributed in #38512, #40478

V8 9.5

The V8 JavaScript engine is updated to V8 9.5. This release comes with additional supported types for the Intl.DisplayNames API and Extended timeZoneName options in the Intl.DateTimeFormat API.

You can read more details in the V8 9.5 release post - https://v8.dev/blog/v8-release-95.

Contributed by Michaël Zasso - #40178

Readline Promise API

The readline module provides an interface for reading data from a Readable
stream (such as process.stdin) one line at a time.

The following simple example illustrates the basic use of the readline module:

import * as readline from 'node:readline/promises';
import { stdin as input, stdout as output } from 'process';

const rl = readline.createInterface({ input, output });

const answer = await rl.question('What do you think of Node.js? ');

console.log(`Thank you for your valuable feedback: ${answer}`);

rl.close();

Contributed by Antoine du Hamel - #37947

Other Notable Changes

• [1b2749ecbe] - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) #39987
• [59d3d542d6] - (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that cause exit (Divlo) #38332
• [a35b7e0427] - deps: upgrade npm to 8.1.0 (npm team) #40463
• [6cd12be347] - (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream() (James M Snell) #39331
• [d0a898681f] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) #39759
• [e4b1fb5e64] - (SEMVER-MAJOR) lib: expose DOMException as global (Khaidi Chu) #39176
• [0738a2b7bd] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) #39235

Semver-Major Commits

• [9dfa30bdd5] - (SEMVER-MAJOR) build: compile with C++17 (MSVC) (Richard Lau) #38807
• [9f0bc602e4] - (SEMVER-MAJOR) build: compile with --gnu++17 (Richard Lau) #38807
• [62719c5fd2] - (SEMVER-MAJOR) deps: update V8 to 9.5.172.19 (Michaël Zasso) #40178
• [66da32c045] - (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0 (Daniel Bevenius) #38512
• [40c6e838df] - (SEMVER-MAJOR) dgram: tighten address validation in socket.send (Voltrex) #39190
• [f182b9b29f] - (SEMVER-MAJOR) dns: runtime deprecate type coercion of dns.lookup options (Antoine du Hamel) #39793
• [1b2749ecbe] - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) #39987
• [ae876d420c] - (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2 (Michaël Zasso) #40179
• [59d3d542d6] - (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that cause exit (Divlo) #38332
• [f9447b71a6] - (SEMVER-MAJOR) fs: fix rmsync error swallowing (Nitzan Uziely) #38684
• [f27b7cf95c] - (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing (Nitzan Uziely) #38259
• [d0a898681f] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) #39759
• [e4b1fb5e64] - (SEMVER-MAJOR) lib: expose DOMException as global (Khaidi Chu) #39176
• [36e2ffe6dc] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) #40121
• [64287e4d45] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) #40117
• [707dd77d86] - (SEMVER-MAJOR) readline: validate AbortSignals and remove unused event listeners (Antoine du Hamel) #37947
• [8122d243ae] - (SEMVER-MAJOR) readline: introduce promise-based API (Antoine du Hamel) #37947
• [592d1c3d44] - (SEMVER-MAJOR) readline: refactor Interface to ES2015 class (Antoine du Hamel) #37947
• [3f619407fe] - (SEMVER-MAJOR) src: allow CAP_NET_BIND_SERVICE in SafeGetenv (Daniel Bevenius) #37727
• [0a7f850123] - (SEMVER-MAJOR) src: return Maybe from a couple of functions (Darshan Sen) #39603
• [bdaf51bae7] - (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform (Shelley Vohr) #38362
• [0c6f345cda] - (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error (Rongjian Zhang) #38700
• [0e841b45c2] - (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close' (Robert Nagy) #39639
• [ef992f6de9] - (SEMVER-MAJOR) stream: do not emit end on readable error (Szymon Marczak) #39607
• [efd40eadab] - (SEMVER-MAJOR) stream: forward errored to callback (Robert Nagy) #39364
• [09d8c0c8d2] - (SEMVER-MAJOR) stream: destroy read...

2021-10-12, Version 16.11.1 (Current), @danielleadams

This is a security release.

Notable changes

• CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
• CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

Commits

• [af488f8dc8] - deps: update llhttp to 6.0.4 (Matteo Collina) nodejs-private/node-private#284
• [2d1eefad98] - http: add regression test for smuggling content length (Matteo Collina) nodejs-private/node-private#284
• [45d419ab1c] - http: add regression test for chunked smuggling (Matteo Collina) nodejs-private/node-private#284

2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams

This is a security release.

Notable changes

• CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
• CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

Commits

• [8c254ca7e4] - deps: update llhttp to 2.1.4 (Fedor Indutny) nodejs-private/node-private#285
• [9b92ae2499] - http: add regression test for smuggling content length (Matteo Collina) nodejs-private/node-private#285
• [f467539719] - http: add regression test for chunked smuggling (Matteo Collina) nodejs-private/node-private#285

2021-10-12, Version 12.22.7 'Erbium' (LTS), @danielleadams

This is a security release.

Notable changes

• CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
• CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

Commits

• [21a2e554e3] - deps: update llhttp to 2.1.4 (Fedor Indutny) nodejs-private/node-private#286
• [d5d3a03246] - http: add regression test for smuggling content length (Matteo Collina) nodejs-private/node-private#286
• [0858587f21] - http: add regression test for chunked smuggling (Matteo Collina) nodejs-private/node-private#286

2021-10-08, Version 16.11.0 (Current), @danielleadams

Notable Changes

• crypto
  • update root certificates (Richard Lau) #40280
• deps
  • upgrade npm to 8.0.0 (npm team) #40369
  • update nghttp2 to v1.45.1 (thunder-coding) #40206
  • update V8 to 9.4.146.19 (Michaël Zasso) #40285
• tools
  • update certdata.txt (Richard Lau) #40280

Commits

• [34f3021ca3] - benchmark: add util.toUSVString()'s benchmark (Khaidi Chu) #40203
• [f83b9bcb6f] - build: support Python 3.10.0 (FrankQiu) #40296
• [3148f9b64e] - build: check for duplicates in new AUTHORS entries (Rich Trott) #40264
• [48c162d457] - build: set DESTCPU correctly for 'make binary' on Apple Silicon (Chris Heisterkamp) #40147
• [7fbfb66d41] - build: limit update authors CI scope (Jiawen Geng) #40219
• [a1bee94502] - build: pass a tuple of alternatives to str.endswith() (Christian Clauss) #40017
• [eaf9d08332] - build: add --no-user for pip commands in Makefile (Rich Trott) #40169
• [e22ca06ac4] - build: fix "test-internet.yml" workflows (SURYAPRATAP SINGH SURYAVANSHI) #40177
• [4da73d09bf] - (SEMVER-MINOR) build: reset embedder string to "-node.0" (Michaël Zasso) #40285
• [4b117fbc81] - console: use validators for consistency (Voltrex) #39812
• [6489423187] - console: avoid unnecessary variables (Pancake) #40183
• [9af2592e69] - crypto: update root certificates (Richard Lau) #40280
• [2fa5e5011f] - crypto: handle initEDRaw pkey failure (Shelley Vohr) #40188
• [7968c79301] - crypto: don't call callback twice in case crypto.randomBytes fails (Guilherme Bernal) #40157
• [b89c7ae297] - deps: upgrade npm to 8.0.0 (npm team) #40369
• [947f3dc9af] - deps: V8: patch jinja2 for Python 3.10 compat (Michaël Zasso) #40296
• [685c7d43a5] - (SEMVER-MINOR) deps: update nghttp2 to v1.45.1 (thunder-coding) #40206
• [e7046e0ff1] - deps: restore minimum ICU version to 68 (Michaël Zasso) #39470
• [a3db2033d4] - (SEMVER-MINOR) deps: make V8 9.4 abi-compatible with 9.0 (Michaël Zasso) #40285
• [5cc24e6d76] - deps: V8: cherry-pick 9a607043cb31 (Jiawen Geng) #40046
• [8de5eb88d3] - deps: V8: cherry-pick 5681a6565828 (Michaël Zasso) #39945
• [150d816edb] - deps: V8: cherry-pick bdcda72cd1d8 (Michaël Zasso) #39945
• [807b68b430] - deps: V8: cherry-pick 00bb1a77c03e (Darshan Sen) #39829
• [be016948df] - deps: silence irrelevant V8 warning (Michaël Zasso) #38990
• [22dcd3e4dc] - deps: silence irrelevant V8 warnings (Michaël Zasso) #37587
• [1aea6a771b] - deps: fix V8 build issue with inline methods (Jiawen Geng) #40060
• [e9812157f0] - deps: make v8.h compatible with VS2015 (Joao Reis) #32116
• [88ae710057] - deps: V8: forward declaration of Rtl*FunctionTable (Refael Ackermann) #32116
• [e810f0766f] - deps: V8: patch register-arm64.h (Refael Ackermann) #32116
• [b8aabd5622] - deps: V8: un-cherry-pick bd019bd (Refael Ackermann) #32116
• [309c4f05df] - (SEMVER-MINOR) deps: update V8 to 9.4.146.19 (Michaël Zasso) #40285
• [69eaaf6321] - doc: format general markdown files (Rich Trott) #40322
• [dc9c31985c] - doc: fix the inline code-block at the NodeDhKeyGenParams class (Justin) #40341
• [8d0546db39] - doc: correct the codeblock for hmacImportParams.hash (Justin) #40340
• [1db2ffd008] - doc: fix typo in stream docs (Juan José Arboleda) #40337
• [abfcbcd14c] - doc: update fast-track approval comment request (voltrexmaster) #40316
• [e2cd2f44f2] - doc: fix CVE-2021-22940 references (Michaël Zasso) #40308
• [88bdbf1e29] - doc: format markdown files in test directory (Rich Trott) #40290
• [f71ac57a86] - doc: add triagers to the table of contents (FrankQiu) #39969
• [a5218b5313] - doc: update Forrest Norvell's pronouns (Forrest L Norvell) #40292
• [d2e54e5d0c] - doc: reorder stream 'readable' paragraphs (Vincent Weevers) #40212
• [1d0a3e1a0c] - doc: fix typo in fs (Brian White) #40257
• [66edb7bfe1] - doc: fix typo in fs.md (Arslan Ali) #40254
• [614a7c21f8] - doc: fix typo in packages.md (Arslan Ali) #40230
• [9fa6dfbe76] - doc: fix example of crypto.generateKeySync (Gary Ho) #40225
• [9a2b94a142] - doc: update fs.watchFile doc (Clément Nardi) #40134
• [a68f91c884] - doc: add version when diagnostics_channel APIs were added (Gerhard Stöbich) #40208
• [6bf67909ad] - doc: fix typo in 'maxHeaderSize' (Rebhi Alfa) #40164
• [73a127ba7b] - doc: fix buffer api example code's token error (m3m0ry) #40125
• [59db8293f4] - doc: fix typo in async_hooks.md (xuchaobei) #40187
• [779dfd199b] - doc: make version picker usable on mobile (Evan Lucas) #39958
• [[7bd62f4809]...

2021-09-28, Version 14.18.0 'Fermium' (LTS), @targos

Notable Changes

• [3a60de0135] - assert: change status of legacy asserts (James M Snell) #38113
• [df37c106a7] - (SEMVER-MINOR) buffer: introduce Blob (James M Snell) #36811
• [223494c548] - (SEMVER-MINOR) buffer: add base64url encoding option (Filip Skokan) #36952
• [14fc4ddabc] - (SEMVER-MINOR) child_process: allow options.cwd receive a URL (Khaidi Chu) #38862
• [b68b13acb3] - (SEMVER-MINOR) child_process: add timeout to spawn and fork (Nitzan Uziely) #37256
• [da98c9f99b] - (SEMVER-MINOR) child_process: allow promisified exec to be cancel (Carlos Fuentes) #34249
• [779310ac87] - (SEMVER-MINOR) child_process: add 'overlapped' stdio flag (Thiago Padilha) #29412
• [40eb3b79f1] - (SEMVER-MINOR) cli: add -C alias for --conditions flag (Guy Bedford) #38755
• [39eba0a2e1] - (SEMVER-MINOR) cli: add --node-memory-debug option (Anna Henningsen) #35537
• [d8d9a9628a] - (SEMVER-MINOR) dns: add "tries" option to Resolve options (Luan Devecchi) #39610
• [15ba19b020] - (SEMVER-MINOR) dns: allow --dns-result-order to change default dns verbatim (Ouyang Yadong) #38099
• [307c1d817f] - doc: refactor fs docs structure (James M Snell) #37170
• [9ee3f77e32] - (SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe) #37362
• [e73bfed2f4] - esm: deprecate legacy main lookup for modules (Guy Bedford) #36918
• [989c204a58] - (SEMVER-MINOR) fs: allow empty string for temp directory prefix (Voltrex) #39028
• [ef72490cde] - (SEMVER-MINOR) fs: allow no-params fsPromises fileHandle read (Nitzan Uziely) #38287
• [cad9d20f64] - (SEMVER-MINOR) fs: add support for async iterators to fsPromises.writeFile (HiroyukiYagihashi) #37490
• [2b0e2706c0] - fs: improve fsPromises readFile performance (Nitzan Uziely) #37608
• [fe12cc07b3] - (SEMVER-MINOR) fs: add fsPromises.watch() (James M Snell) #37179
• [2459c115a8] - (SEMVER-MINOR) fs: allow position parameter to be a BigInt in read and readSync (Darshan Sen) #36190
• [6544cfb4b9] - (SEMVER-MINOR) http2: add support for sensitive headers (Anna Henningsen) #34145
• [a6c6cbb4e6] - (SEMVER-MINOR) http2: allow setting the local window size of a session (Yongsheng Zhang) #35978
• [1e5aca550c] - inspector: mark as stable (Gireesh Punathil) #37748
• [93af04afbb] - (SEMVER-MINOR) module: add support for URL to import.meta.resolve (Antoine du Hamel) #38587
• [f9f9389d83] - (SEMVER-MINOR) module: add support for node:‑prefixed require(…) calls (ExE Boss) #37246
• [87c71065eb] - (SEMVER-MINOR) net: introduce net.BlockList (James M Snell) #34625
• [b421d99a48] - (SEMVER-MINOR) node-api: allow retrieval of add-on file name (Gabriel Schulhof) #37195
• [6a4811df8a] - (SEMVER-MINOR) os: add os.devNull (Luigi Pinca) #38569
• [4a88ddeeca] - (SEMVER-MINOR) perf_hooks: introduce createHistogram (James M Snell) #37155
• [1a6bf1c4a3] - (SEMVER-MINOR) process: add api to enable source-maps programmatically (legendecas) #39085
• [99735a6fe8] - (SEMVER-MINOR) process: add 'worker' event (James M Snell) #38659
• [3982919317] - (SEMVER-MINOR) process: add direct access to rss without iterating pages (Adrien Maret) #34291
• [526e6c7bde] - (SEMVER-MINOR) readline: add AbortSignal support to interface (Nitzan Uziely) #37932
• [e6eee08692] - (SEMVER-MINOR) readline: add support for the AbortController to the question method (Mattias Runge-Broberg) #33676
• [32de361d70] - (SEMVER-MINOR) readline: add history event and option to set initial history (Mattias Runge-Broberg) #33662
• [797f7f8a38] - (SEMVER-MINOR) repl: add auto‑completion for node:‑prefixed require(…) calls (ExE Boss) #37246
• [abfd71b64c] - (SEMVER-MINOR) src: call overload ctor from the original ctor (Darshan Sen) #39768
• [1efae01b18] - (SEMVER-MINOR) src: add a constructor overload for CallbackScope (Darshan Sen) #39768
• [f7933804ba] - (SEMVER-MINOR) src: allow to negate boolean CLI flags (Michaël Zasso) #39023
• [6d06ac2202] - (SEMVER-MINOR) src: add --heapsnapshot-near-heap-limit option (Joyee Cheung) #33010
• [577d228ca0] - (SEMVER-MINOR) src: add way to get IsolateData and allocator from Environment (Anna Henningsen) #36441
• [658a266cd4] - (SEMVER-MINOR) src: allow preventing SetPrepareStackTraceCallback (Shelley Vohr) #36447
• [f421422ea4] - (SEMVER-MINOR) src: add maybe versions of EmitExit and EmitBeforeExit (Anna Henningsen) #35486
• [a62d4d60f4] - (SEMVER-MINOR) stream: add readableDidRead if has been read from (Robert Nagy) #39589
• [63502131a3] - (SEMVER-MINOR) stream: pipeline accept Buffer as a valid first argument (Nitzan Uziely) #37739
• [68bbebd42c] - (SEMVER-MINOR) tls: allow reading data into a static buffer (Andrey Pechkurov) #35753
• [1cbb74d63d] - (SEMVER-MINOR) url: expose urlToHttpOptions utility (Yongsheng Zhang) #35960
• [8eb11356dd] - (SEMVER-MINOR) util: expose toUSVString (Robert Nagy) #39814
• [[84fcdc3074]...

2021-09-22, Version 16.10.0 (Current), @BethGriggs

Notable Changes

• [fb226ff2ee] - (SEMVER-MINOR) crypto: add rsa-pss keygen parameters (Filip Skokan) #39927
• [85206b7311] - deps: upgrade npm to 7.24.0 (npm team) #40167
• [98f56d179c] - deps: update Acorn to v8.5.0 (Michaël Zasso) #40015
• [9655329772] - doc: add Ayase-252 to collaborators (Qingyu Deng) #40078
• [59fff925be] - (SEMVER-MINOR) fs: make open and close stream override optional when unused (Antoine du Hamel) #40013
• [a63a4bce90] - (SEMVER-MINOR) http: limit requests per connection (Artur K) #40082
  • The maximum number of requests a socket can handle before closing keep alive connection can be set with server.maxRequestsPerSocket.
• [9a672961fa] - (SEMVER-MINOR) src: add --no-global-search-paths cli option (Cheng Zhao) #39754
  • Adds the --no-global-search-paths command-line option to not search modules from global paths like $HOME/.node_modules and $NODE_PATH.
• [fe920b6cbf] - (SEMVER-MINOR) src: make napi_create_reference accept symbol (JckXia) #39926
• [97f3072ceb] - (SEMVER-MINOR) stream: add signal support to pipeline generators (Robert Nagy) #39067

Commits

• [b7dc651884] - build: run modified internet tests on GitHub Actions (Rich Trott) #40100
• [8d5787a043] - build: add .mailmap/AUTHORS to paths-ignore for test-macos (Rich Trott) #40109
• [9793e7ff08] - build: add .mailmap/AUTHORS to path-ignore for test-asan (Rich Trott) #40109
• [886921de38] - build: add paths-ignore for build-tarball workflow (Rich Trott) #40109
• [01b1946b38] - build: only lint version numbers for pull requests (Michaël Zasso) #40027
• [c804d070a6] - build: add daily/on-demand internet test workflow (Rich Trott) #40086
• [7bddaecbf4] - build: add YAML linting to GitHub Actions (Rich Trott) #40007
• [5a20f9055c] - build: add YAML linting (Rich Trott) #40007
• [0b30867c08] - build: run AUTHORS update weekly (Rich Trott) #40004
• [22a78a75ee] - build: preserves symbols during LTO with macOS linker (Jesse Chan) #39839
• [f0dec58d43] - crypto: fix webcrypto ed(25519|448) spki/pkcs8 import (Filip Skokan) #40131
• [d80082f3eb] - crypto: use validateObject (Voltrex) #39872
• [d657ae6f8a] - crypto: fix RSA-PSS default saltLength (Tobias Nießen) #39999
• [fc45cbe7a8] - crypto: fix default MGF1 hash for OpenSSL 3 (Tobias Nießen) #40031
• [105c9e6d3b] - crypto: check webcrypto asymmetric key types during importKey (Filip Skokan) #39962
• [fb226ff2ee] - (SEMVER-MINOR) crypto: add rsa-pss keygen parameters (Filip Skokan) #39927
• [85206b7311] - deps: upgrade npm to 7.24.0 (npm team) #40167
• [06f6e01f37] - deps: add riscv64 into openssl Makefile and gen openssl-riscv64 (Lu Yahan) #40063
• [9c76c69972] - deps: patch V8 to 9.3.345.19 (Michaël Zasso) #40108
• [0df47d5843] - deps: upgrade npm to 7.23.0 (npm team) #40055
• [b3843bf417] - deps: patch v8 for vs2019 in std17 (Jiawen Geng) #40060
• [67759585a0] - deps: patch for v8 on windows (Jiawen Geng) #40010
• [98f56d179c] - deps: update Acorn to v8.5.0 (Michaël Zasso) #40015
• [5c6708582e] - dns: cleanup validation (Voltrex) #40061
• [e4825dcfd5] - doc: changes default values for fs.read fns (RISHABH BUDHIRAJA) #39163
• [0254b4b0d3] - doc: fix markdown indentation in lists (Michaël Zasso) #40142
• [b6939a3419] - doc: prepare README.md for stricter linting (Rich Trott) #40137
• [a07d8444f9] - doc: fix comma splice (Rich Trott) #40133
• [2488bc0c4f] - doc: clean up weird notes about reentrancy (Anna Henningsen) #40107
• [8b80dcbc30] - doc: correct parameters in fs and stream documentation (vipul kumar) #39984
• [1ced732078] - doc: fix CJS-ESM selector in Safari (Bradley Farias) #40135
• [7fdb12739d] - doc: add timeout.close (Nikita Galkin) #40036
• [81cb14bb58] - doc: clarify that ObjectWrap requires manual cleanup on shutdown (Gerhard Stöbich) #40074
• [8aad81dd99] - doc: add full list of subsystems (FrankQiu) #39971
• [9655329772] - doc: add Ayase-252 to collaborators (Qingyu Deng) #40078
• [6d399e11e9] - doc: fix CCM cipher example in MJS (Tobias Nießen) #39949
• [d426ee9b17] - doc: fix property name 'detail' of performanceEntry (Christian Boehlke) #40019
• [846e7e880e] - doc: fix list indentation in corepack.md (Alexey Ten) #40029
• [b6dd2ea930] - doc: fix missing history version in fs.md (Antoine du Hamel) #39972
• [f666f5a8d1] - events: fix duplicate require which cause performance penalty (wwwzbwcom) #39892
• [59fff925be] - (SEMVER-MINOR) fs: make open and close stream override optional when unused (Antoine du Hamel) #40013
• [a63a4bce90] - (SEMVER-MINOR) http: limit requests per connection (Artur K) #40082
• [bc9c2ca6af] - http: remove CRLF...

2021-09-10, Version 16.9.1 (Current), @richardlau

Notable Changes

This release fixes a regression introduced by the V8 9.3 update in Node.js 16.9.0.

Commits

• [04f1943109] - deps: V8: cherry-pick 9a607043cb31 (Jiawen Geng) #40046

2021-09-07, Version 16.9.0 (Current), @targos

Notable Changes

Corepack

Node.js now includes Corepack, a script that acts as a bridge between Node.js projects and the package managers they are intended to be used with during development.
In practical terms, Corepack will let you use Yarn and pnpm without having to install them - just like what currently happens with npm, which is shipped in Node.js by default.
Please head over to the Corepack documentation page for more information on how to use it.

Contributed by Maël Nison - #39608

V8 9.3

V8 is updated to version 9.3, which includes performance improvements and new JavaScript features.

Object.hasOwn

Object.hasOwn is a static alias for Object.prototype.hasOwnProperty.call:

Object.hasOwn({ value: 42 }, 'value'); // Returns `true`.

Error cause

Errors can now be optionally constructed with a cause option, pointing to another error.
This adds a cause property on the new error:

const error1 = new Error('Error one');
const error2 = new Error('Error two', { cause: error1 });
// error2.cause === error1

Contributed by Michaël Zasso - #39947

Other Notable Changes

• [34c627e4bc] - (SEMVER-MINOR) crypto: add RSA-PSS params to asymmetricKeyDetails (Tobias Nießen) #39851
• [20da0a5379] - (SEMVER-MINOR) module: support pattern trailers (Guy Bedford) #39635
• [cb44781371] - (SEMVER-MINOR) stream: add stream.compose (Robert Nagy) #39029

Commits

• [2343c394fb] - async_hooks: use resource stack for AsyncLocalStorage run (Stephen Belanger) #39890
• [00951827cd] - Revert "build: add windows-2022 to GitHub test matrix" (Michaël Zasso) #39982
• [e7834535b3] - build: add windows-2022 to GitHub test matrix (Michaël Zasso) #39857
• [c49b0c0dd4] - build: add support for Visual Studio 2022 (Michaël Zasso) #39857
• [afdb665e57] - build: fix find-inactive-collaborators workflow token (Rich Trott) #39909
• [0ff88f362f] - build: update token used for pull requests (Rich Trott) #39907
• [beca890330] - build: adapt v8_pch.h to V8 9.3 (Michaël Zasso) #39469
• [2170346aa3] - build: reset embedder string to "-node.0" (Michaël Zasso) #39947
• [d33ab968ab] - cluster: fix comment regarding child_process file (Yash Ladha) #39308
• [585199497f] - crypto: fix regression in RSA-PSS keygen (Tobias Nießen) #39937
• [34c627e4bc] - (SEMVER-MINOR) crypto: add RSA-PSS params to asymmetricKeyDetails (Tobias Nießen) #39851
• [1dd91582da] - crypto: fix rsa-pss one-shot sign/verify error handling (Filip Skokan) #39830
• [20cf47004e] - crypto: fix JWK RSA-PSS SubtleCrypto.exportKey (Filip Skokan) #39828
• [e25dc8e470] - deps: upgrade npm to 7.21.1 (npm team) #39904
• [9270684837] - deps: update archs files for OpenSSL-1.1.1l+quic (Richard Lau) #39867
• [4b5bbec6cc] - deps: upgrade openssl sources to OpenSSL_1_1_1l+quic (Richard Lau) #39867
• [71659fd4ba] - (SEMVER-MINOR) deps: add corepack (Maël Nison) #39608
• [7470db0dfb] - deps: restore minimum ICU version to 68 (Michaël Zasso) #39470
• [92d83d18d2] - deps: make V8 9.3 abi-compatible with 9.0 (Michaël Zasso) #39947
• [0140face81] - deps: V8: cherry-pick 00bb1a77c03e (Darshan Sen) #39829
• [3e1053e755] - deps: V8: cherry-pick 81814ed44574 (Stephen Belanger) #39719
• [d9d0104878] - deps: silence irrelevant V8 warning (Michaël Zasso) #38990
• [cd9b03ea40] - deps: silence irrelevant V8 warnings (Michaël Zasso) #37587
• [b83cab712f] - deps: fix V8 build issue with inline methods (Jiawen Geng) #35415
• [068824d754] - deps: make v8.h compatible with VS2015 (Joao Reis) #32116
• [54f4f1af50] - deps: V8: forward declaration of Rtl*FunctionTable (Refael Ackermann) #32116
• [10ba1cb8b2] - deps: V8: patch register-arm64.h (Refael Ackermann) #32116
• [3ce6f72124] - deps: V8: un-cherry-pick bd019bd (Refael Ackermann) #32116
• [f43c292520] - (SEMVER-MINOR) deps: update V8 to 9.3.345.16 (Michaël Zasso) #39947
• [9e782eb758] - doc: remove {C,Dec}ompressionStream documentation (Luigi Pinca) #39899
• [7857e9cc77] - doc: add descriptions about when options.mode is ignored (Ray) #39881
• [d43b555047] - doc: remove danbev from TSC member list (Daniel Bevenius) #39978
• [fc01dd916e] - doc: add missing changes to generateKeyPair(Sync) (Tobias Nießen) #39963
• [953f2e9f88] - doc: add nodejs/tweet issue creation to sec. doc (Daniel Bevenius) #39940
• [29c4b07716] - doc: update WASI example to use import.meta.url (Guy Bedford) #39925
• [9eb4a70c14] - doc: move reference to OpenSSL flags SSL_OP_* (Tobias Nießen) #39935
• [8ea4befc82] - doc: add docs for duplex.allowHalfOpen property (Tim Perry) #39126
• [bc2b73ec9b] - doc: add FrankQiu to a triager (FrankQiu) #39922
• [8b68f8ec38] - doc: add VoltrexMaster to triagers (voltrexmaster) #39920
• [3a8f77ac0d] - doc: document JavaScript tool for benchmark comparison (Michaël Zasso) #39835
• [4ac703ca8e] - doc: add Mesteery to triagers (Mestery) #39887
• [d059a5186b] - doc: update maintaining openssl guide (Richard Lau) #39878
• [[486150580c](https://github.com/nodejs/n...