2021-06-02, Version 16.3.0 (Current), @danielleadams

Notable Changes

• cli:
  • add -C alias for --conditions flag (Guy Bedford) #38755
• deps:
  • add workspaces support to npm install commands (Ruy Adorno) #38750

Commits

• [4e58ec4aa6] - benchmark: output JSON-compatible numbers (Michaël Zasso) #38778
• [7a9d0fd5a9] - benchmark: fix http elapsed time (Antoine du Hamel) #38743
• [a98d631905] - bootstrap: include vm and contextify binding into the snapshot (Joyee Cheung) #38677
• [f1628960e1] - build: remove outdated dont-land-on-v6.x label (Michaël Zasso) #38886
• [6986154b30] - build: work around bug in MSBuild v16.10.0 (Michaël Zasso) #38873
• [24cca7c5ea] - build: add lto build to CI (Jiawen Geng) #38567
• [80c32b7a9a] - build: allow LTO with Clang 3.9.1+ (Jesse Chan) #38751
• [e9be2095cf] - build: replace non-POSIX test -a|o (Issam E. Maghni) #38731
• [717a8b63e1] - child_process: retain reference to data with advanced serialization (Anna Henningsen) #38728
• [bc8400122c] - (SEMVER-MINOR) cli: add -C alias for --conditions flag (Guy Bedford) #38755
• [eb7c932a6d] - debugger: revise async iterator usage to comply with lint rules (Rich Trott) #38847
• [f1000e0e52] - debugger: removed unused function argument (Rich Trott) #38850
• [ee1056da60] - debugger: wait for V8 debugger to be enabled (Michaël Zasso) #38811
• [47ad448def] - deps: upgrade npm to 7.15.1 (npm team) #38880
• [e8192b5e89] - deps: upgrade npm to 7.14.0 (Ruy Adorno) #38750
• [15aaf14690] - deps: update llhttp to 6.0.2 (Fedor Indutny) #38665
• [108ffdb68f] - doc: fixed typo in n-api.md (julianjany) #38822
• [131a6918dd] - doc: use "Long Term Support" in collaborator guide (Rich Trott) #38841
• [4844337cd7] - doc: use "Long Term Support" in technical values doc (Rich Trott) #38841
• [f1e823b679] - doc: use "Long Term Support" in README (Philip) #38839
• [4e11971a76] - doc: fix grammar in fs.md (yotamselementor) #38818
• [e2f28c80d1] - doc: fixup code sample in http.md (TodorTotev) #38776
• [96fa387082] - doc: document null target pattern (Guy Bedford) #38724
• [5553be3f4e] - doc: update code examples for node:url module (fisker Cheung) #38645
• [0c063a1258] - doc,url: clarify domainTo* when built without ICU (Darshan Sen) #38789
• [2054efa02c] - events: refactor to use primordials in lib/events (Akhil Marsonya) #38117
• [4884991a12] - lib: include url in bootstrap snapshot and remove unnecessary lazy-loads (Joyee Cheung) #38826
• [08ad2f6c18] - lib: fix typos (bl-ue) #38846
• [7d3a8cb854] - lib: remove unnecessary lazy loads (Joyee Cheung) #38737
• [5d9442a024] - lib: load internal/fs/watchers and internal/fs/read_file_context early (Joyee Cheung) #38737
• [2268d1cf4c] - lib: refactor to reuse validators (Rongjian Zhang) #38608
• [496f7eae92] - node-api: fix shutdown crashes (Michael Dawson) #38492
• [e1195312b9] - (SEMVER-MINOR) os: add os.devNull (Luigi Pinca) #38569
• [7ba305552f] - src: set PromiseHooks by Environment (Bryan English) #38821
• [74205b3542] - src: replace autos in node_api.cc (Khaidi Chu) #38852
• [120849f609] - src: cache necessary isolate & context in api/* (Khaidi Chu) #38366
• [f25cd4f377] - src: fix typos (bl-ue) #38845
• [a1b0e64187] - src: support fs_event_wrap binding in the snapshot (Joyee Cheung) #38737
• [36d4a4331d] - src: remove redundant v8 namespaces in env.cc (Juan José Arboleda) #38792
• [3e6b3b22c5] - src: use SPrintF in ProcessEmitWarning (Darshan Sen) #38758
• [9ca5c0e29e] - src: fix compiler warnings in node_buffer.cc (Darshan Sen) #38722
• [3741595289] - src: set CONF_MFLAGS_DEFAULT_SECTION for OpenSSL 3 (Daniel Bevenius) #38732
• [4e3353223e] - src: use HandleScope in StreamReq::Done() (Darshan Sen) #38720
• [c576311954] - src: remove commented code in node_file.cc (Juan José Arboleda) #38693
• [61c95f08b3] - src: write named pipe info in diagnostic report (legendecas) #38637
• [ba96f14233] - src: remove unused iostream library (Juan José Arboleda) #38694
• [f5dd85bbe6] - src: remove more extra semis from member fns (Shelley Vohr) #38744
• [a47fd67154] - src: replace autos in node_contextify.cc (Khaidi Chu) #38644
• [9054d25acc] - stream: add a non-destroying iterator to Readable (Nitzan Uziely) #38526
• [4131f94ca8] - stream: allow empty string as source of pipeline (Qingyu Deng) #38723
• [0aa3cb5c0e] - test: improve coverage of fs internal utils (Rongjian Zhang) #38746
• [48ebebd2a8] - test: remove unnecessary --pending-deprecation flag (Antoine du Hamel) #38819
• [[3c492baa51](https://github.co...

2021-05-19, Version 16.2.0 (Current), @targos

Notable Changes

• [36b948560c] - (SEMVER-MINOR) async_hooks: use new v8::Context PromiseHook API (Stephen Belanger) #36394
• [c0deeeacb2] - lib: support setting process.env.TZ on windows (James M Snell) #38642
• [4c4902748c] - (SEMVER-MINOR) module: add support for URL to import.meta.resolve (Antoine du Hamel) #38587
• [c182198c44] - (SEMVER-MINOR) process: add 'worker' event (James M Snell) #38659
• [fbf02e3198] - (SEMVER-MINOR) util: add util.types.isKeyObject and util.types.isCryptoKey (Filip Skokan) #38619

Commits

• [36b948560c] - (SEMVER-MINOR) async_hooks: use new v8::Context PromiseHook API (Stephen Belanger) #36394
• [dcae03203e] - buffer: remove TODOs in atob / btoa (Khaidi Chu) #38548
• [48b557e904] - buffer: remove unreachable code (Rongjian Zhang) #38537
• [b0df28dea5] - build: add workaround for V8 builds (Richard Lau) #38632
• [3bb12db255] - build: remove dependency on distutils.spawn (Richard Lau) #38600
• [10aaf30da1] - build: add missing torque output sources (Richard Lau) #38576
• [03b4a3a5bf] - build: compile with -std=gnu++14 (Darshan Sen) #38504
• [4296591154] - build,src,test,doc: enable FIPS for OpenSSL 3.0 (Daniel Bevenius) #38633
• [36bb8daba5] - crypto: forbid NODE-ED25519 and NODE-ED448 "raw" key export (Filip Skokan) #38668
• [36bb7243ff] - debugger: refactor inspect_repl to use primordials (Antoine du Hamel) #38551
• [16a6c8d5a6] - debugger: refactor to use internal modules (Antoine du Hamel) #38550
• [11dd9a6838] - debugger: disable only the lint rules required by current file state (Rich Trott) #38529
• [e79f540fa0] - debugger: avoid non-ASCII char in code file (Rich Trott) #38529
• [d9867b9358] - debugger: wrap lines longer than 80 chars (Rich Trott) #38529
• [352a600142] - debugger: rename inspector-cli test module to debugger (Rich Trott) #38530
• [608d0e11f3] - deps: upgrade npm to 7.13.0 (Ruy Adorno) #38682
• [5c71f49d3f] - deps: upgrade npm to 7.12.1 (Ruy Adorno) #38628
• [ec2dbfb200] - deps: patch V8 to 9.0.257.25 (Michaël Zasso) #38556
• [ab298723b5] - (SEMVER-MINOR) deps: V8: cherry-pick fa4cb172cde2 (Stephen Belanger) #36394
• [a84e9b3e7d] - (SEMVER-MINOR) deps: V8: cherry-pick 4c074516397b (Stephen Belanger) #36394
• [043b1aaa3f] - (SEMVER-MINOR) deps: V8: cherry-pick 5f4413194480 (Stephen Belanger) #36394
• [1a104bac74] - (SEMVER-MINOR) deps: V8: cherry-pick 272445f10927 (Stephen Belanger) #36394
• [827ae05538] - (SEMVER-MINOR) deps: V8: backport c0fceaa0669b (Stephen Belanger) #36394
• [f31a6114a4] - deps: V8: cherry-pick 530080c44af2 (Milad Fa) #38489
• [4001dd28ba] - dgram: extract cluster lazy loading method to make it testable (Rongjian Zhang) #38563
• [a0dc194e31] - doc: document buffer.kStringMaxLength (Tobias Nießen) #38688
• [8590c151cd] - doc: update abort signal in fs promise api example (Moritz Kneilmann) #38669
• [0100a3b026] - doc: add documentation for fs.WriteStream.close() (Hitesh Sharma) #38610
• [5c38a554ec] - doc: clarify synchronous blocking of Worker stdio (James M Snell) #38658
• [1765e32c45] - doc: update contact info (Gabriel Schulhof) #38689
• [c4b161cb89] - doc: change color of doctag on night mode (Qingyu Deng) #38652
• [6620a3182e] - doc: add ESM code examples in url.md (Antoine du Hamel) #38651
• [d3de0ef5d4] - doc: fix fs.openSync() signature (Luigi Pinca) #38591
• [56bf6c1bcd] - doc: typo stats() should be stat(); clarity (Bryan Field) #38541
• [1d9fd49f41] - doc: fix code example in ecdh.setPublicKey() (Jordan Baczuk) #38542
• [4c70e42928] - doc: use HEAD instead of master for links (Antoine du Hamel) #38518
• [ae9128ec61] - doc: clarify DiffieHellmanGroup class docs (Nitzan Uziely) #38363
• [e59131d97f] - doc: fix broken AHAFS link in fs doc (Rich Trott) #38534
• [e9d4c8587a] - doc: use AIX instead of Aix in fs.md (Rich Trott) #38535
• [e0118f347a] - doc: remove extraneous dash from flag prefix (Rodolfo Carvalho) #38532
• [9e10e1a76f] - doc: corrected workload name as per the latest VS Installer (MrJithil) #38500
• [38644d6f96] - doc: use sentence case in headers in src/crypto/README.md (Rich Trott) #38524
• [347b9f2304] - errors: remove input from ERR_INVALID_URL message (moander) #38614
• [5b40e2f596] - events: use nullish coalencing operator (Voltrex) #38328
• [3a5856cbc3] - fs: fix async iterator partial writes (Nitzan Uziely) #38615
• [e8761186a5] - fs: fix error when writing buffers > INT32_MAX (Zach Bjornson) #38546
• [47080bcfc8] - fs: use assert in fsCall argument checking (Rongjian Zhang) #38519
• [[3d8b8e133f](https://github.com/nodejs...

2021-05-11, Version 14.17.0 'Fermium' (LTS), @danielleadams

Notable Changes

Diagnostics channel (experimental module)

diagnostics_channel is a new experimental module that provides an API to create named channels to report arbitrary message data for diagnostics purposes.

The module was initially introduced in Node.js v15.1.0 and is backported to v14.17.0
to enable testing it at a larger scale.

With diagnostics_channel, Node.js core and module authors can publish contextual data about what they are doing at a given time. This could be the hostname and query string of a mysql query, for example. Just create a named channel with dc.channel(name) and call channel.publish(data) to send the data to any listeners to that channel.

const dc = require('diagnostics_channel');
const channel = dc.channel('mysql.query');

MySQL.prototype.query = function query(queryString, values, callback) {
  // Broadcast query information whenever a query is made
  channel.publish({
    query: queryString,
    host: this.hostname,
  });

  this.doQuery(queryString, values, callback);
};

Channels are like one big global event emitter but are split into separate objects to ensure they get the best performance. If nothing is listening to the channel, the publishing overhead should be as close to zero as possible. Consuming channel data is as easy as using channel.subscribe(listener) to run a function whenever a message is published to that channel.

const dc = require('diagnostics_channel');
const channel = dc.channel('mysql.query');

channel.subscribe(({ query, host }) => {
  console.log(`mysql query to ${host}: ${query}`);
});

The data captured can be used to provide context for what an app is doing at a given time. This can be used for things like augmenting tracing data, tracking network and filesystem activity, logging queries, and many other things. It's also a very useful data source for diagnostics tools to provide a clearer picture of exactly what the application is doing at a given point in the data they are presenting.

Contributed by Stephen Belanger #34895.

UUID support in the crypto module

The new crypto.randomUUID() method now allows to generate random
RFC 4122 Version 4 UUID strings:

const { randomUUID } = require('crypto');

console.log(randomUUID());
// 'aa7c91a1-f8fc-4339-b9db-f93fc7233429'

Contributed by James M Snell #36729.

Experimental support for AbortController and AbortSignal

Node.js 14.17.0 adds experimental partial support for AbortController and AbortSignal.

Both constructors can be enabled globally using the --experimental-abortcontroller flag.

Additionally, several Node.js APIs have been updated to support AbortSignal for cancellation.
It is not mandatory to use the built-in constructors with them. Any spec-compliant third-party alternatives
should be compatible.

AbortSignal support was added to the following methods:

• child_process.exec
• child_process.execFile
• child_process.fork
• child_process.spawn
• dgram.createSocket
• events.on
• events.once
• fs.readFile
• fs.watch
• fs.writeFile
• http.request
• https.request
• http2Session.request
• The promisified variants of setImmediate and setTimeout

Other notable changes

• doc:
  • revoke deprecation of legacy url, change status to legacy (James M Snell) #37784
  • add legacy status to stability index (James M Snell) #37784
  • upgrade stability status of report API (Gireesh Punathil) #35654
• deps:
  • V8: Backport various patches for Apple Silicon support (BoHong Li) #38051
  • update ICU to 68.1 (Michaël Zasso) #36187
  • upgrade to libuv 1.41.0 (Colin Ihrig) #37360
• http:
  • add http.ClientRequest.getRawHeaderNames() (simov) #37660
  • report request start and end with diagnostics_channel (Stephen Belanger) #34895
• util:
  • add getSystemErrorMap() impl (eladkeyshawn) #38101

Commits

• [9fb10dc4e7] - assert,util: fix commutativity edge case (Ruben Bridgewater) #37711
• [2bbf253b00] - benchmark: changed fstat to fstatSync (Narasimha Prasanna HN) #36206
• [c00c31c3c5] - benchmark: improve compare.R output (Brian White) #38118
• [a191bc7761] - benchmark: add benchmark for fsPromises.writeFile (Nitzan Uziely) #37610
• [d2770a5608] - benchmark: add benchmark for NODE_V8_COVERAGE (Benjamin Coe) #36972
• [4318e708b8] - benchmark: make output RFC 4180 compliant (Tobias Nießen) #37038
• [0fbeab7a95] - benchmark: improve explanations in R script (Tobias Nießen) #36995
• [c22efc5191] - benchmark: fix http2 benchmarks (Rich Trott) #36871
• [682d0a92db] - benchmark: fix http/headers.js with test-double (Rich Trott) #36794
• [3a11ee88a2] - benchmark: add simple https benchmark (Andrey Pechkurov) #36612
• [681c4afc51] - benchmark: reduce code duplication (Rich Trott) #36568
• [f28eea0896] - benchmark,child_process: remove failing benchmark parameter (Antoine du Hamel) #36295
• [bf2d9f25d4] - (SEMVER-MINOR) buffer: implement btoa and atob (James M Snell) #37529
• [0544410328] - buffer,errors: add missing n literal in range error string (Cactysman) #37750
• [5667d0a540] - build: don't run test workflow on doc dir on macOS (ycjcl868) #37999
• [079d90b9f3] - build: package release changelog for releases (Richard Lau) #38033
• [5c74dc7227] - build: refactor Makefile (raisinten) #36759
• [38921b3805] - build: do not "exit" a script meant to be "source"d (François-Denis Gonthier) #35520
• [dcbcd9e045] - build: run some workflows only on nodejs/node (Michaël Zasso) #36507
• [cda0a80713] - build: fix typo in Makefile (raisinten) #36176
• [d8f8719415] - build: do not pass mode option to test-v8 command (Michaël Zasso) #38275
• [f62b138278] - build: fix label-pr workflow (Michaël Zasso) #38399
• [1250db9206] - build: label PRs with GitHub Action instead of nodejs-github-bot (Phillip Johnsen) #38301
• [9ccf7dbe2d] - build,lib,test: change whitelist to allowlist (Michaël Zasso) #36406
• [385e8e8d7b] - (SEMVER-MINOR) child_process: support AbortSignal in fork (Benjamin Gruenbaum) #36603
• [0b691ce57e] - (SEMVER-MINOR) child_process: add signal support to spawn (Benjamin Gruenbaum) #36432
• [6c08c9de4a] - child_process: clean event listener correctly (Benjamin Gruenbaum) #36424
• [a5c0f39197] - (SEMVER-MINOR) child_process: add AbortSignal support (Benjamin Gruenbaum) #36308
• [aa5b726f83] - (SEMVER-MINOR) child_process: a...

2021-05-04, Version 16.1.0 (Current), @targos

Notable Changes

• [8a90f55a05] - (SEMVER-MINOR) fs: allow no-params fsPromises fileHandle read (Nitzan Uziely) #38287

Commits

• [28e16488cf] - async_hooks,doc: replace process.stdout.fd with 1 (Darshan Sen) #38382
• [cbab7ec6e5] - benchmark: avoid using console.log() (Antoine du Hamel) #38370
• [ba15b20062] - benchmark: use process.hrtime.bigint() (Antoine du Hamel) #38369
• [bc6e719884] - bootstrap: freeze more intrinsics (Antoine du Hamel) #38217
• [29faf0f12e] - build: fix label-pr workflow (Michaël Zasso) #38399
• [b5d669a6ea] - build: label PRs with GitHub Action instead of nodejs-github-bot (Phillip Johnsen) #38301
• [195f679331] - crypto: don't crash with some selfsigned certs (Nils Dralle) #37990
• [4b073b0beb] - crypto: fix generateKeyPair type checks (Nitzan Uziely) #38364
• [c1d9b5b386] - crypto: fix scrypt keylen validation (Antoine du Hamel) #38385
• [7354479ad5] - crypto: fix DiffieHellman generator validation (eladkeyshawn) #38311
• [0e446d6048] - debugger: enable linter on internal/inspector/inspect_client (Antoine du Hamel) #38417
• [9f0e80aa4d] - debugger: refactor internal/inspector/_inspect to use more primordials (Antoine du Hamel) #38406
• [a0c566f85a] - debugger: apply automatic lint fixes for inspect_repl.js (Rich Trott) #38411
• [b884ea739b] - debugger: apply automatic lint fixes for _inspect.js (Rich Trott) #38411
• [f946aa0360] - debugger: remove unused function argument (Rich Trott) #38400
• [203a9689a3] - debugger: align message with Node.js standard (Rich Trott) #38400
• [ef617dcbb0] - debugger: add usage example for --port (Rafael Gonzaga) #38400
• [37b5ce2d5a] - debugger: fix race condition/deadlock on initialization (Rich Trott) #38161
• [2a6203d155] - debugger: replace internal use of deprecated API (Rich Trott) #38161
• [6fff9fff97] - debugger: allow longer time to connect (Rich Trott) #38161
• [def85daace] - debugger: accommodate line chunking in Windows (Rich Trott) #38161
• [07361e6b77] - debugger: fix inspect restart on Windows (Rich Trott) #38161
• [d65615e119] - debugger: remove unused code (Rich Trott) #38161
• [62b03bc4f6] - debugger: move node-inspect to internal library (Rich Trott) #38161
• [e3b75cb5aa] - deps: V8: cherry-pick fd75c97d3f56 (Michaël Zasso) #38455
• [aabddfbeb5] - deps: upgrade npm to 7.11.2 (Ruy Adorno) #38475
• [7b9fb92d51] - deps: update to cjs-module-lexer@1.2.1 (Guy Bedford) #38450
• [47626c52a3] - deps: patch V8 to 9.0.257.24 (Michaël Zasso) #38423
• [f455e08621] - deps: patch V8 to 9.0.257.21 (Michaël Zasso) #38333
• [dd61a26d8c] - deps: update llhttp to 6.0.1 (Fedor Indutny) #38359
• [05f41cdbcc] - deps: patch V8 to 9.0.257.19 (Michaël Zasso) #38270
• [224faa0a05] - Revert "doc: os.uptime() temporary bug notice" (Michaël Zasso) #38494
• [3b0480dde8] - doc: document 'secureConnect' event limitation (James M Snell) #38447
• [92586046ec] - doc: fix outdated util inspect documentation and layout example (Ruben Bridgewater) #37079
• [13de4cf1ca] - doc: mark Node.js 10 as End-of-Life (Richard Lau) #38482
• [3cbfde1f25] - doc: mark querystring api as legacy (James M Snell) #38436
• [a5929c2487] - doc: update node-api support matrix (Michael Dawson) #38424
• [f08650cefe] - doc: add arguments for stream event of Http2Server and Http2SecureServer (Qingyu Deng) #37892
• [2d59273bed] - doc: indicate that abort tests do not generate core files (Rich Trott) #38422
• [f1970127ee] - doc: add try/catch in http2 respondWithFile example (Matteo Collina) #38410
• [f6f1317f43] - doc: note the system requirements for V8 tests (DeeDeeG) #38319
• [4b19beaf3c] - doc: minor clarification to pathObject (James M Snell) #38437
• [1eae4af6f7] - doc: clarify that fs.Dir async iterator closes automatically (James M Snell) #38438
• [14afb39259] - doc: document new TCP_KEEPCNT and TCP_KEEPINTVL socket option defaults (Arnold Zokas) #38313
• [ed5ef21690] - doc: do not mention TCP in the allowHalfOpen option description (Luigi Pinca) #38360
• [042985c139] - doc: update message to match actual output (Rich Trott) #35271
• [bcc5e2af76] - doc: request default snap track be updated for LTS (Rod Vagg) #37708
• [dfd4c7ba93] - doc: mark process.hrtime() as legacy (Antoine du Hamel) #38371
• [67cd88da00] - doc: fix typo in worker_threads.md (takayama) #38368
• [a9314cda7d] - doc: fix version history for "exports" patterns (Antoine du Hamel) #38355
• [76885cd578] - doc: fix package.json "imports" field history (Antoine du Hamel) #38356
• [0e88ae7ec1] - doc: fix typo in bu...

2021-04-20, Version 16.0.0 (Current), @BethGriggs

Notable Changes

Deprecations and Removals

• (SEMVER-MAJOR) fs: remove permissive rmdir recursive (Antoine du Hamel) #37216
• (SEMVER-MAJOR) fs: runtime deprecate rmdir recursive option (Antoine du Hamel) #37302
• (SEMVER-MAJOR) lib: runtime deprecate access to process.binding('http_parser') (James M Snell) #37813
• (SEMVER-MAJOR) lib: runtime deprecate access to process.binding('url') (James M Snell) #37799
• (SEMVER-MAJOR) lib: make process.binding('util') return only type checkers (Anna Henningsen) #37819
• (SEMVER-MAJOR) lib: runtime deprecate access to process.binding('crypto') (James M Snell) #37790
• (SEMVER-MAJOR) lib: runtime deprecate access to process.binding('signal_wrap') (James M Snell) #37800
• (SEMVER-MAJOR) lib: runtime deprecate access to process.binding('v8') (James M Snell) #37789
• (SEMVER-MAJOR) lib: runtime deprecate access to process.binding('async_wrap') (James M Snell) #37576
• (SEMVER-MAJOR) module: remove module.createRequireFromPath (Antoine du Hamel) #37201
• (SEMVER-MAJOR) module: runtime deprecate subpath folder mappings (Antoine du Hamel) #37215
• (SEMVER-MAJOR) module: runtime deprecate "main" index and extension lookups (Antoine du Hamel) #37206
• (SEMVER-MAJOR) module: runtime deprecate invalid package.json main entries (Antoine du Hamel) #37204
• (SEMVER-MAJOR) process: runtime deprecate changing process.config (James M Snell) #36902

Stable Timers Promises API

The Timers Promises API provides an alternative set of timer functions that return Promise objects. Added in Node.js v15.0.0, in this release they graduate from experimental status to stable.

Contributed by James Snell - #38112

Toolchain and Compiler Upgrades

Node.js v16.0.0 will be the first release where we ship prebuilt binaries for Apple Silicon. While we’ll be providing separate tarballs for the Intel (darwin-x64) and ARM (darwin-arm64) architectures the macOS installer (.pkg) will be shipped as a ‘fat’ (multi-architecture) binary.

• (SEMVER-MAJOR) build: remove support for Python 2 (Christian Clauss) #36691
• (SEMVER-MAJOR) build: default PYTHON to python3 in Makefile (Michaël Zasso) #37764
• build: update Makefile to support fat binary (Ash Cripps) #37861
• (SEMVER-MAJOR) build: enable ASLR (PIE) on OS X (woodfairy) #35704
• build: warn for gcc versions earlier than 8.3.0 (Richard Lau) #37935
• (SEMVER-MAJOR) doc: update minimum supported Xcode to 11 (Michaël Zasso) #37872
• (SEMVER-MAJOR) doc: update minimum supported GCC to 8.3 (Michaël Zasso) #37871
• (SEMVER-MAJOR) doc: update AIX to GCC8 for v16.x (Ash Cripps) #37677
• tools: set arch in Distribution.xml (Ash Cripps) #38261

V8 9.0

The V8 JavaScript engine is updated to V8 9.0, including performance tweaks and improvements.

This update also brings the ECMAScript RegExp Match Indices, which provide the start and end indices of the captured string. The indices array is available via the .indices property on match objects when the regular expression has the /d flag.

Contributed by Michaël Zasso - #37587

Other Notable Changes

• (SEMVER-MINOR) assert: graduate assert.match and assert.doesNotMatch (James M Snell) #38111
• (SEMVER-MAJOR) buffer: expose btoa and atob as globals (James M Snell) #37786
• (SEMVER-MAJOR) deps: bump minimum ICU version to 68 (Michaël Zasso) #37330
• deps: update ICU to 69.1 (Michaël Zasso) #38178
• deps: update llhttp to 6.0.0 (Fedor Indutny) #38277
• deps: upgrade npm to 7.10.0 (Ruy Adorno) #38254
• (SEMVER-MINOR) http: add http.ClientRequest.getRawHeaderNames() (simov) #37660
• (SEMVER-MAJOR) lib,src: update cluster to use Parent (Michael Dawson) #36478
• (SEMVER-MINOR) module: add support for node:‑prefixed require(…) calls (ExE Boss) #37246
• (SEMVER-MINOR) perf_hooks: add histogram option to timerify (James M Snell) #37475
• (SEMVER-MINOR) repl: add auto‑completion for node:‑prefixed require(…) calls (ExE Boss) #37246
• (SEMVER-MINOR) util: add getSystemErrorMap() impl (eladkeyshawn) #38101

Semver-Major Commits

• [324a6c235a] - (SEMVER-MAJOR) async_hooks: add thisArg to AsyncResource.bind (James M Snell) #36782
• [d1e2184c8e] - (SEMVER-MAJOR) buffer: expose btoa and atob as globals (James M Snell) #37786
• [4268fae04a] - (SEMVER-MAJOR) build: remove support for Python 2 (Christian Clauss) #36691
• [c3a5e15ebe] - (SEMVER-MAJOR) build: default PYTHON to python3 in Makefile (Michaël Zasso) #37764
• [1d8c022544] - (SEMVER-MAJOR) build: update Makefile to support fat binary (Ash Cripps) #37861
• [38f32386c1] - (SEMVER-MAJOR) build: include minimal V8 headers in distribution (Michaël Zasso) #37570
• [a19af5ee71] - (SEMVER-MAJOR) build: use C++11 ABI with libstdc++ (Anna Henningsen) #36634
• [8d6b74d347] - (SEMVER-MAJOR) build: enable ASLR (PIE) on OS X (woodfairy) #35704
• [732ad99e47] - (SEMVER-MAJOR) deps: update V8 to 9.0.257.11 (Michaël Zasso) #37587
• [43cc8e4b2e] - (SEMVER-MAJOR) deps: bump minimum ICU version to 68 (Michaël Zasso) #37330
• [c5ff019a4e] - (SEMVER-MAJOR) deps: update V8 to 8.9.255.19 (Michaël Zasso) #37330
• [c7b3292251] - (SEMVER-MAJOR) deps: update V8 to 8.8.278.17 (Michaël Zasso) #36139
• [48db20f6f5] - (SEMVER-MAJOR) deps: update V8 to 8.7.220 (Michaël Zasso) #35700
• [d85e1f0703] - (SEMVER-MAJOR) dns: use url module instead of punycode for IDNA (Antoine du Hamel) #35091
• [290c158018] - (SEMVER-MAJOR) doc: update minimum supported Xcode to 11 (Michaël Zasso) #37872
• [1ff2918d80] - (SEMVER-MAJOR) doc: update minimum supported GCC to 8.3 (Michaël Zasso) #37871
• [2706e67116] - (SEMVER-MAJOR) doc: update AIX to GCC8 for v16.x (Ash Cripps) #37677
• [5ae5ca90ef] - (SEMVER-MAJOR) doc: add http.IncomingMessage#connection (Pranshu Srivastava) #33768
• [83d6e63aee] - (SEMVER-MAJOR) events: change EventTarget handler exception behavior (Nitzan Uziely) #37237
• [9948036ee0] - (SEMVER-MAJOR) fs: remove permissive rmdir recursive (A...

2021-04-06, Version 15.14.0 (Current), @mylesborins

This is a security release.

Notable Changes

Vulnerabilties Fixed:

• CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • Impacts:
    • All versions of the 15.x, 14.x, 12.x and 10.x releases lines
• CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • Impacts:
    • All versions of the 15.x, 14.x, 12.x and 10.x releases lines
• CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
  • This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in GHSA-c4w7-xm78-47vh
  • Impacts:
    • All versions of the 14.x, 12.x and 10.x releases lines

Other Notable Changes:

• [b6f4901221] - (SEMVER-MINOR) fs: add support for async iterators to fsPromises.writeFile (HiroyukiYagihashi) #37490
• [0709cbb7fe] - (SEMVER-MINOR) net: allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917
• [daa8a7bbcf] - (SEMVER-MINOR) net: add SocketAddress class (James M Snell) #37917
• [a4169ce519] - (SEMVER-MINOR) net: make net.BlockList cloneable (James M Snell) #37917
• [669b81c68b] - (SEMVER-MINOR) net,tls: add abort signal support to connect (Nitzan Uziely) #37735
• [a1123f0a29] - (SEMVER-MINOR) readline: add AbortSignal support to interface (Nitzan Uziely) #37932

Commits

• [ac69b95e47] - crypto: use correct webcrypto RSASSA-PKCS1-v1_5 algorithm name (Filip Skokan) #38029
• [960c6be229] - crypto: add buffering to randomInt (Tobias Nießen) #35110
• [4ef102d34e] - deps: update to cjs-module-lexer@1.1.1 (Guy Bedford) #37992
• [f0e77149a4] - deps: update archs files for OpenSSL-1.1.1k (Hassaan Pasha) #37916
• [bbdcdad2c6] - deps: upgrade openssl sources to 1.1.1k+quic (Hassaan Pasha) #37916
• [913ec56798] - deps: cjs-module-lexer: cherry-pick 22093e765f (pezhmanparsaee) #37895
• [afc6ab2122] - doc: fix asyncLocalStorage.run() description (Darkripper214) #38023
• [b40d35d649] - doc: document how to unref stdin when using readline.Interface (Anu Pasumarthy) #38019
• [ce14080473] - doc: move psmarshall to collaborators emeriti (Peter Marshall) #37994
• [ae70aa3c63] - doc: add distinctive color for code elements inside links (Antoine du Hamel) #37950
• [8792c7c96b] - doc: add missing events.on metadata (Anna Henningsen) #37965
• [a57dc06adf] - doc: improve Buffer's encoding documentation (Michaël Zasso) #37945
• [f3fabb57cf] - doc: add missing cleanup step in OpenSSL upgrade (Tobias Nießen) #37927
• [13c3924af8] - doc: add Windows-specific info to subprocess.kill() (João Lucas Lucchetta) #34867
• [b6f4901221] - (SEMVER-MINOR) fs: add support for async iterators to fsPromises.writeFile (HiroyukiYagihashi) #37490
• [ad7e34446c] - fs: fix chown abort (Darshan Sen) #38004
• [d86aca9a77] - http: optimize debug function correctly (Michaël Zasso) #37966
• [062541aae5] - http2: add specific error code for custom frames (Anna Henningsen) #37936
• [8525231902] - lib: change wording in lib/domain.js comment (Akhil Marsonya) #37933
• [21e399be4c] - lib: change wording in lib/internal/child_process comment (Akhil Marsonya) #37903
• [3ab9619e56] - module: improve error message for invalid data URL (Antoine du Hamel) #37701
• [0709cbb7fe] - (SEMVER-MINOR) net: allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917
• [daa8a7bbcf] - (SEMVER-MINOR) net: add SocketAddress class (James M Snell) #37917
• [a4169ce519] - (SEMVER-MINOR) net: make net.BlockList cloneable (James M Snell) #37917
• [669b81c68b] - (SEMVER-MINOR) net,tls: add abort signal support to connect (Nitzan Uziely) #37735
• [a94cc27cbe] - path: refactor to use more primordials (Akhil Marsonya) #37893
• [6cc1e15669] - readline: fix pre-aborted signal question handling (Nitzan Uziely) #37929
• [a1123f0a29] - (SEMVER-MINOR) readline: add AbortSignal support to interface (Nitzan Uziely) #37932
• [629e72e9f4] - src: fix typo in node_mutex (Tobias Nießen) #38011
• [e61cc0bfb0] - src: fix typos in crypto comments (Tobias Nießen) #38024
• [6ad0b6f0f5] - src: fix error handling for CryptoJob::ToResult (Tobias Nießen) #37076
• [3175559bed] - test: add extra space in test failure output (Qingyu Deng) #37957
• [0243376cfc] - test: use faster variant for rss (Pooja D P) #36839
• [b02c352ad6] - test: fix test-tls-no-sslv3 for OpenSSL 3 (Richard Lau) #38027
• [0db1a1eacf] - test: deflake test-fs-read-optional-params (Luigi Pinca) #37991
• [4d50975cd7] - test: improve clarity of ALS-enable-disable.js (Darkripper214) #38008
• [5e15ae05d0] - test: add DataView test case for v8 serdes (Rich Trott) #37955
• [6d28a24f1c] - tools: update ESLint to 7.23.0 (Luigi Pinca) #37979
• [51e7a33d54] - tools,doc: add "legacy" badge in the TOC (Antoine du Hamel) #37949
• [570fbcef93] - url: forbid pipe in URL host (Darshan Sen) [#37877](https://...

2021-04-06, Version 14.16.1 'Fermium' (LTS), @mylesborins

This is a security release.

Notable Changes

Vulnerabilities fixed:

• CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • Impacts:
    • All versions of the 15.x, 14.x, 12.x and 10.x releases lines
• CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • Impacts:
    • All versions of the 15.x, 14.x, 12.x and 10.x releases lines
• CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
  • This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in GHSA-c4w7-xm78-47vh
  • Impacts:
    • All versions of the 14.x, 12.x and 10.x releases lines

Commits

• [467be7a950] - deps: upgrade npm to 6.14.12 (Ruy Adorno) #37918
• [6bc8f58182] - deps: update archs files for OpenSSL-1.1.1k (Tobias Nießen) #37938
• [403a014ef6] - deps: upgrade openssl sources to 1.1.1k (Tobias Nießen) #37938

2021-04-06, Version 12.22.1 'Erbium' (LTS), @mylesborins

This is a security release.

Notable Changes

Vulnerabilities fixed:

• CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • Impacts:
    • All versions of the 15.x, 14.x, 12.x and 10.x releases lines
• CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • Impacts:
    • All versions of the 15.x, 14.x, 12.x and 10.x releases lines
• CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
  • This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in GHSA-c4w7-xm78-47vh
  • Impacts:
    • All versions of the 14.x, 12.x and 10.x releases lines

Commits

• [c947f1a0e1] - deps: upgrade npm to 6.14.12 (Ruy Adorno) #37918
• [51a753c06f] - deps: update archs files for OpenSSL-1.1.1k (Tobias Nießen) #37939
• [c85a519b48] - deps: upgrade openssl sources to 1.1.1k (Tobias Nießen) #37939

2021-04-06, Version 10.24.1 'Dubnium' (LTS), @mylesborins

This is a security release.

Notable Changes

Vulerabilties fixed:

• CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • Impacts:
    • All versions of the 15.x, 14.x, 12.x and 10.x releases lines
• CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • Impacts:
    • All versions of the 15.x, 14.x, 12.x and 10.x releases lines
• CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
  • This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in GHSA-c4w7-xm78-47vh
  • Impacts:
    • All versions of the 14.x, 12.x and 10.x releases lines

Commits

• [5e526b96ce] - deps: upgrade npm to 6.14.12 (Ruy Adorno) #37918
• [781cb6df5c] - deps: update archs files for OpenSSL-1.1.1k (Tobias Nießen) #37940
• [5db0a05a90] - deps: upgrade openssl sources to 1.1.1k (Tobias Nießen) #37940

2021-03-31, Version 15.13.0 (Current), @ruyadorno

Notable Changes

• buffer:
  • implement btoa and atob (James M Snell) #37529
• deps:
  • upgrade npm to 7.7.6 (Ruy Adorno) #37968
    • This update adds workspaces support to npm run and npm exec
• doc:
  • add legacy status to stability index (James M Snell) #37784
  • add @Linkgoron to collaborators (Nitzan Uziely) #37817
• http:
  • add http.ClientRequest.getRawHeaderNames() (simov) #37660

Commits

• [dc9cd43d8f] - (SEMVER-MINOR) buffer: implement btoa and atob (James M Snell) #37529
• [377830fd28] - child_process: remove unused argument (Rich Trott) #37923
• [cdfc1c8692] - child_process: cleanup AbortSignal duplication (Nitzan Uziely) #37823
• [95aa032413] - (SEMVER-MINOR) child_process: add timeout to spawn and fork (Nitzan Uziely) #37256
• [50fc6b9df0] - crypto: clear errors in SignTraits::DeriveBits (Filip Skokan) #37820
• [79259389a1] - crypto: fix DiffieHellman argument validation (Antoine du Hamel) #37810
• [11d45855cd] - crypto: fix header name (Jiawen Geng) #37792
• [c37806d0ba] - crypto: use macro map for NodeCryptoError (Darshan Sen) #37758
• [bfe3f21ee0] - crypto: fix crypto.verify callback invocation with a private keyobject (Filip Skokan) #37795
• [f2cef54b6f] - deps: upgrade npm to 7.7.6 (Ruy Adorno) #37968
• [ec82feb728] - deps: upgrade npm to 7.7.5 (Ruy Adorno) #37919
• [649e04c4a5] - deps: upgrade npm to 7.7.4 (Ruy Adorno) #37897
• [d5b472b70d] - deps: upgrade npm to 7.7.0 (Ruy Adorno) #37879
• [9e6aa190e3] - deps: add ngtcp2 and nghttp3 (James M Snell) #37682
• [659fc5d684] - doc: fix typos in lib/internal/bootstrap/pre_execution.js (marsonya) #37658
• [ac60d018e2] - doc: add more commands for cherry-picking and changelog to release docs (Danielle Adams) #37785
• [0fe3c7edd3] - doc: spell out ICU acronym on first occurrence (Rich Trott) #37942
• [364c8ac40d] - doc: update GOVERNANCE.md for TSC Charter changes (Rich Trott) #37888
• [e84252b35d] - doc: reduce header nesting in async_hooks.md (Rich Trott) #37839
• [a6f21e2cfc] - doc: fix wording in outgoingMessage.write (Tobias Nießen) #37894
• [30bc2e43e4] - doc: add examples for WHATWG URL objects (James M Snell) #37822
• [c0a424f3e9] - doc: clarify when child process 'spawn' event is *not* emitted (Matthew Francis Brunetti) #37833
• [9defe10371] - doc: fix legacy stability indicator display (Rich Trott) #37838
• [f97a5dd22f] - doc: use sentence-style capitlaztion in template header (Rich Trott) #37837
• [71fde07274] - doc: add Ayase-252 to triagers (Qingyu Deng) #37781
• [8f18133de0] - doc: use sentence case in issues.md headers (marsonya) #37537
• [3376051a0e] - doc: fix JS flavor selection (Antoine du Hamel) #37791
• [b09d032683] - doc: move Derek Lewis back to collaborators (Derek Lewis) #37726
• [6da0a0e85a] - doc: apply style for legacy status (James M Snell) #37784
• [185d4cd4aa] - doc: revoke deprecation of legacy url, change status to legacy (James M Snell) #37784
• [9d160daa89] - doc: add legacy status to stability index (James M Snell) #37784
• [4700042a9b] - doc: add @Linkgoron to collaborators (Nitzan Uziely) #37817
• [c4183bbea4] - doc: fix AbortError example for timers (dbachko) #37738
• [50f3ad1946] - doc: fix typo in stream docs (Ian Kerins) #37716
• [2e82a97520] - doc: add gyp maintain info (Jiawen Geng) #37765
• [3925458df7] - doc,tools: use only one level 1 header per page (Rich Trott) #37839
• [e9c161ce12] - http: fix double AbortSignal registration (Nitzan Uziely) #37730
• [a5205819d8] - (SEMVER-MINOR) http: add http.ClientRequest.getRawHeaderNames() (simov) #37660
• [1c043272ea] - http2: treat non-EOF empty frames like other invalid frames (Anna Henningsen) #37875
• [a5bf7de6eb] - http2: fix setting options before handle exists (Anna Henningsen) #37875
• [af7489cb6c] - lib: add brand checks to AbortController and AbortSignal (Mattias Buelens) #37720
• [6e2b60931c] - lib: fix typo in internal/modules/esm/module_job.js (marsonya) #37773
• [3a440ecdf8] - lib: fix typo in lib/internal/crypto/certificate.js (marsonya) #37741
• [3ab223dd32] - node-api: fix crash in finalization (Michael Dawson) #37876
• [d1a3e0efb6] - node-api: stop ref gc during environment teardown (Gabriel Schulhof) #37616
• [e60bd1a7dc] - (SEMVER-MINOR) perf_hooks: make Performance extend EventTarget (Michaël Zasso) #37621
• [b6ad8e4cc1] - src: indent long help text properly (David Glasser) #37911
• [13ecff63d6] - src: document newer values for --unhandled-rejections flag (David Glasser) #37899
• [bd87e195ed] - src: fix typo in src code guide (Tobias Nießen) #37956
• [[2da532cef8](https...