2021-03-30, Version 12.22.0 'Erbium' (LTS), @richardlau

Notable changes

The legacy HTTP parser is runtime deprecated

The legacy HTTP parser, selected by the --http-parser=legacy command line
option, is deprecated with the pending End-of-Life of Node.js 10.x (where it
is the only HTTP parser implementation provided) at the end of April 2021. It
will now warn on use but otherwise continue to function and may be removed in
a future Node.js 12.x release.

The default HTTP parser based on llhttp is not affected. By default it is
stricter than the now deprecated legacy HTTP parser. If interoperability with
HTTP implementations that send invalid HTTP headers is required, the HTTP
parser can be started in a less secure mode with the --insecure-http-parser
command line option.

Contributed by Beth Griggs #37603.

ES Modules

ES Modules are now considered stable.

Contributed by Guy Bedford #35781

node-api

Updated to node-api version 8 and added an experimental API to allow retrieval of the add-on file name.

Contributed by Gabriel Schulhof #37652 and #37195.

New API's to control code coverage data collection

v8.stopCoverage() and v8.takeCoverage() have been added.

Contributed by Joyee Cheung #33807.

New API to monitor event loop utilization by Worker threads

worker.performance.eventLoopUtilization() has been added.

Contributed by Trevor Norris #35664.

Commits

• [1872625990] - (SEMVER-MINOR) deps: update to cjs-module-lexer@1.1.0 (Guy Bedford) #37712
• [dfa04d9035] - deps: V8: cherry-pick beebee4f80ff (Peter Marshall) #37293
• [bf8733fe22] - doc: mark modules implementation as stable (Guy Bedford) #35781
• [0a35d49f56] - Revert "embedding: make Stop() stop Workers" (Anna Henningsen) #32623
• [a0b610450a] - (SEMVER-MINOR) http: runtime deprecate legacy HTTP parser (Beth Griggs) #37603
• [2da24ac302] - lib: add URI handling functions to primordials (Antoine du Hamel) #37394
• [7b0ed4ba92] - module: improve support of data: URLs (Antoine du Hamel) #37392
• [93dd799a86] - (SEMVER-MINOR) node-api: define version 8 (Gabriel Schulhof) #37652
• [f5692093d3] - (SEMVER-MINOR) node-api: allow retrieval of add-on file name (Gabriel Schulhof) #37195
• [6cef0e3678] - src,test: add regression test for nested Worker termination (Anna Henningsen) #32623
• [364bf03a68] - test: fix races in test-performance-eventlooputil (Gerhard Stoebich) #36028
• [d7a4ccdf09] - test: correct test-worker-eventlooputil (Gerhard Stoebich) #35891
• [0f6d44500c] - test: add cpu-profiler-crash test (Santiago Gimeno) #37293
• [86f34ee18c] - (SEMVER-MINOR) v8: implement v8.stopCoverage() (Joyee Cheung) #33807
• [8ddea3f16d] - (SEMVER-MINOR) v8: implement v8.takeCoverage() (Joyee Cheung) #33807
• [eec7542781] - (SEMVER-MINOR) worker: add eventLoopUtilization() (Trevor Norris) #35664

2021-03-17, Version 15.12.0 (Current), @danielleadams

Notable Changes

• crypto:
  • add optional callback to crypto.sign and crypto.verify (Filip Skokan) #37500
  • support JWK objects in create*Key (Filip Skokan) #37254
• deps:
  • switch openssl to quictls/openssl (James M Snell) #37601
  • update to cjs-module-lexer@1.1.0 (Guy Bedford) #37712
• fs:
  • improve fsPromises writeFile performance (Nitzan Uziely) #37610
  • improve fsPromises readFile performance (Nitzan Uziely) #37608
• lib:
  • implement AbortSignal.abort() (James M Snell) #37693
• node-api:
  • define version 8 (Gabriel Schulhof) #37652
• worker:
  • add setEnvironmentData/getEnvironmentData (James M Snell) #37486

Commits

• [44514600b2] - assert,util: fix commutativity edge case (Ruben Bridgewater) #37711
• [8666d777cc] - benchmark: add benchmark for fsPromises.writeFile (Nitzan Uziely) #37610
• [e9028eb646] - cluster: restructure to same prototype for cluster child (Yash Ladha) #36610
• [8e1257e26d] - cluster: clarify construct Handle (Jackson Tian) #37385
• [341ee31e15] - crypto: reconcile duplicated code (James M Snell) #37704
• [a2d08d5dfd] - crypto: add internal error codes (Darshan Sen) #37650
• [922f2f0eb2] - (SEMVER-MINOR) crypto: add optional callback to crypto.sign and crypto.verify (Filip Skokan) #37500
• [55e522ca23] - (SEMVER-MINOR) crypto: support JWK objects in create*Key (Filip Skokan) #37254
• [33180fad81] - crypto: add separate error for INVALID_KEY_TYPE (Darshan Sen) #37555
• [d81b9af1fc] - crypto: improve randomUUID performance (Dawid Rusnak) #37243
• [23d654105f] - crypto,test: improve hmac coverage with webcrypto tests (obi-el) #37571
• [dfca2fac24] - (SEMVER-MINOR) deps: update to cjs-module-lexer@1.1.0 (Guy Bedford) #37712
• [ce357c0c11] - (SEMVER-MINOR) deps: update archs files for OpenSSL-1.1.1+quic (James M Snell) #37601
• [6d77b6174f] - (SEMVER-MINOR) deps: switch openssl to quictls/openssl (James M Snell) #37601
• [3e1a46a6a8] - deps: upgrade npm to 7.6.3 (Ruy Adorno) #37721
• [b2fd00398c] - deps: V8: cherry-pick 1648e050cade (Colin Ihrig) #37664
• [7422453072] - deps: upgrade npm to 7.6.1 (Ruy Adorno) #37606
• [89f3aa92b4] - doc: add marsonya as a triager (marsonya) #37667
• [3710857de3] - doc: add hints to http.request() options (Luigi Pinca) #37745
• [5d793737d7] - (SEMVER-MINOR) doc: update maintaining-openssl guide (James M Snell) #37601
• [1022d3d947] - doc: recommend checking abortSignal.aborted first (James M Snell) #37714
• [764aa2dcee] - doc: fix link to googletest fixtures (Tobias Nießen) #37698
• [0d3cc2dc82] - doc: fix typo in description of close event (Tobias Nießen) #37662
• [e55058fed1] - doc: use sentence case in README.md headers (marsonya) #37645
• [e7fc7a4c23] - doc: crypto esm examples (James M Snell) #37594
• [a3abd52e1e] - doc: add localPort to http.request() options (Luigi Pinca) #37586
• [705bdfbe3e] - doc: fix grammar errors in http document (Qingyu Deng) #37265
• [e5f7179d1e] - doc: add document for http.OutgoingMessage (Qingyu Deng) #37265
• [7c0ce17e65] - doc: fix typo in doc/guides/collaborator-guide.md (marsonya) #37643
• [60d8afa9ab] - doc: document that module.evaluate fulfills as undefined (James M Snell) #37663
• [6192315cf3] - doc: remove generated from dsaEncoding description (Marko Kaznovac) #37459
• [e4c8c50b28] - doc: fix typos in /doc/api/fs.md (Merlin Luntke) #37557
• [ebc6f41072] - doc: fix linter issue (Antoine du Hamel) #37657
• [d17aab1775] - doc: add esm examples for assert (James M Snell) #37607
• [366772bf87] - doc: add return type of readline.createInterface (Darshan Sen) #37600
• [f50db89a52] - doc: change lang info string in fs JS snippets (Antoine du Hamel) #37605
• [5a9196e0e4] - doc: apply sentence case to headers in pull-requests.md (marsonya) #37602
• [05badcf755] - doc: fix small typo in 15.11.0 release (Tierney Cyren) #37590
• [e0e7aa1058] - doc: add top-level await syntax in vm.md (Antoine du Hamel) #37077
• [732d8ca811] - doc: clarify that columnOffset applies only to the first line (James M Snell) #37563
• [267bbe3412] - doc: document that NODE_EXTRA_CA_CERTS is read only once (James M Snell) #37562
• [f56a805a0d] - doc: refactor signal info in child_process.md (Darshan Sen) #37528
• [236ba04a79] - domain: add name to monkey-patched emit function (Colin Ihrig) #37550
• [1c09776106] - domain: show falsy names as anonymous for DEP0097 (Colin Ihrig) #37550
• [5a49e3139e] - errors: remove experimental from --enable-source-maps (Benjamin Coe) #37743
• [e384291c90] - events: remove return value on addEventListener (James M Snell) #37696
• [ba91ef2d08] - fs: improve fsPromises writeFile performance (Nitzan Uziely) #37610
• [[`3572299...

2021-03-03, Version 15.11.0 (Current), @targos

Notable Changes

• [a3e3156b52] - (SEMVER-MINOR) crypto: make FIPS related options always awailable (Vít Ondruch) #36341
• [9ba5c0f9ba] - (SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe) #37362

Commits

• [d039e6fa80] - assert: refactor to avoid unsafe array iteration (Antoine du Hamel) #37344
• [d2e5529e08] - bootstrap: include v8 module into the builtin snapshot (Joyee Cheung) #36943
• [59861bac0e] - bootstrap: include fs module into the builtin snapshot (Joyee Cheung) #36943
• [458a4108b7] - buffer: make Blob's constructor more spec-compliant (Michaël Zasso) #37361
• [0d564ce214] - buffer: make Blob's slice method more spec-compliant (Michaël Zasso) #37361
• [ddae112133] - child_process: fix spawn and fork abort behavior (Nitzan Uziely) #37325
• [b1e188de8d] - crypto: refactor hasAnyNotIn to avoid unsafe array iteration (Antoine du Hamel) #37433
• [291d9e9936] - crypto: check ed/x webcrypto key import algorithm names (Filip Skokan) #37305
• [a3e3156b52] - (SEMVER-MINOR) crypto: make FIPS related options always awailable (Vít Ondruch) #36341
• [b634469c38] - crypto: refactor to avoid unsafe array iteration (Antoine du Hamel) #37364
• [01773ab614] - crypto: use BoringSSL compatible errors (Shelley Vohr) #37297
• [f3d67000a0] - deps: upgrade npm to 7.6.0 (Ruy Adorno) #37559
• [e1045f1004] - deps: upgrade npm to 7.5.6 (Ruy Adorno) #37496
• [80d3c118f4] - deps: V8: cherry-pick 373f4ae739ee (Richard Lau) #37505
• [1408de7e24] - deps: cherry-pick 8957d4677aa794c230577f234071af0 from V8 upstream (Antoine du Hamel) #37471
• [725d48ae77] - doc: remove experimental from --enable-source-maps (Colin Ihrig) #37540
• [5d939b7a49] - doc: fix typo in doc/api/packages.md (marsonya) #37536
• [cbfc6b1692] - doc: document how to register external bindings for snapshot (Joyee Cheung) #37463
• [dd7a04dc9f] - doc: fix typo "director" instead of "directory" (humanwebpl) #37523
• [ba81e7cb5e] - doc: revise LTS text in collaborator guide (Rich Trott) #37527
• [7529a97a5c] - doc: revise CI text in collaborator guide (Rich Trott) #37526
• [1285b907ce] - doc: revise objections section of collaborator guide (Rich Trott) #37525
• [bc86208a0a] - doc: revise premature disclosure text in collaborator guide (Rich Trott) #37524
• [46af56752e] - doc: change links to use HEAD in top level docs (Michael Dawson) #37494
• [3b737e63ce] - doc: apply sentence case to headers in doc/guides (marsonya) #37506
• [fb5e5bed21] - doc: fix typo in webcrypto.md (marsonya) #37507
• [3b7cb75554] - doc: document the NO_COLOR and FORCE_COLOR env vars (James M Snell) #37477
• [0fac27d546] - doc: add url.resolve replacement example (Antoine du Hamel) #37501
• [2228f44b25] - doc: apply sentence case to guides headers (marsonya) #37497
• [617819e4fb] - doc: update CI requirements for landing pull requests (Antoine du Hamel) #37308
• [4a40759b33] - doc: recommend queueMicrotask over process.nextTick (James M Snell) #37484
• [834f63793a] - doc: apply sentence case to headers in doc/guides (marsonya) #37478
• [7ac0820da0] - doc: fix typo in doc/api/http2/md (marsonya) #37479
• [4ad7a78448] - doc: alphabetize vm Module class properties (Rich Trott) #37451
• [a193d7ca87] - doc: alphabetize crypto Cipher class entries (Rich Trott) #37450
• [54b6f1bcf9] - doc: use HEAD for links in api docs (Michael Dawson) #37437
• [549d24b8ad] - doc: fix alignment of parameters (Michael Dawson) #37422
• [f3559a922b] - doc: fix typo in doc/api/esm.md (marsonya) #37400
• [c3d236d405] - doc: fix "referred to" in fs docs (Tobias Nießen) #37388
• [9ac8c74539] - doc: document x509 error codes (Dan Čermák) #37096
• [9a454afcd6] - doc: fix typo in esm.md (Jay Tailor) #37417
• [b3bf3d9824] - doc: use HEAD in links where possible (Michael Dawson) #37421
• [6675342cd9] - doc: clarify that async_hook callbacks cannot be async (James M Snell) #37384
• [4b54c10500] - doc: use **Default:** more consistently (Colin Ihrig) #37387
• [f20ce47dbb] - doc,child_process: pid can be undefined when ENOENT (dr-js) #37014
• [6205e29cb9] - doc,lib: prepare for stricter multi-line array linting (Rich Trott) #37088
• [9ba5c0f9ba] - (SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe) #37362
• [c0cdb83433] - fs: fix writeFile signal does not close file (Nitzan Uziely) #37402
• [e8b1e2c0a3] - fs: fix pre-aborted writeFile AbortSignal file leak (Nitzan Uziely) #37393
• [6b42e65983] - fs: fixup negative length in fs.truncate (James M Snell) #37483
• [[d141fce634](https://github.com/nodejs/node/commit/d141fce...

2021-02-23, Version 15.10.0 (Current), @BethGriggs

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
  • Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
• CVE-2021-22884: DNS rebinding in --inspect
  • Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
• CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in
    https://www.openssl.org/news/secadv/20210216.txt

Commits

• [2a3ce5974b] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37412
• [afbce66874] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37412
• [4184806dee] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
• [43ae9c46c3] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

2021-02-23, Version 14.16.0 'Fermium' (LTS), @BethGriggs

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
  • Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
• CVE-2021-22884: DNS rebinding in --inspect
  • Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
• CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt

Commits

• [313d26800c] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37412
• [6098012b48] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37412
• [afea10b097] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
• [1ca3f5abcb] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

2021-02-23, Version 12.21.0 'Erbium' (LTS), @richardlau

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
  • Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
• CVE-2021-22884: DNS rebinding in --inspect
  • Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
• CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt

Commits

• [e69177a088] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37413
• [0633ae77e6] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37413
• [922ada7713] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
• [1564752d55] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

2021-02-23, Version 10.24.0 'Dubnium' (LTS), @richardlau

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
  • Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
• CVE-2021-22884: DNS rebinding in --inspect
  • Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
• CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt

Commits

• [0afcb4f6bb] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37415
• [447be941cd] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37415
• [3f2e9dc40c] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
• [d1cf6a9b0f] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

2021-02-17, Version 15.9.0 (Current), @danielleadams

Notable Changes

• crypto:
  • add keyObject.export() 'jwk' format option (Filip Skokan) #37081
• deps:
  • upgrade to libuv 1.41.0 (Colin Ihrig) #37360
• doc:
  • add dmabupt to collaborators (Xu Meng) #37377
  • refactor fs docs structure (James M Snell) #37170
• fs:
  • add fsPromises.watch() (James M Snell) #37179
  • use a default callback for fs.close() (James M Snell) #37174
  • add AbortSignal support to watch (Benjamin Gruenbaum) #37190
• perf_hooks:
  • introduce createHistogram (James M Snell) #37155
• stream:
  • improve Readable.from error handling (Benjamin Gruenbaum) #37158
• timers:
  • introduce setInterval async iterator (linkgoron) #37153
• tls:
  • add ability to get cert/peer cert as X509Certificate object (James M Snell) #37070

Commits

• [d0f1ff53ff] - async_hooks: set unhandledRejection async context (Sajal Khandelwal) #37281
• [c160d88c9e] - buffer: add @@toStringTag to Blob (Colin Ihrig) #37336
• [8487184457] - child_process: fix bad abort signal leak (Nitzan Uziely) #37257
• [e28ea89b1a] - crypto: fix subtle.importKey JWK OKP public key import (Filip Skokan) #37255
• [55fd6b6611] - crypto: avoid infinite loops in prime generation (Tobias Nießen) #37212
• [9dac99a11a] - crypto: fix and simplify prime option validation (Tobias Nießen) #37164
• [3e2746ff63] - crypto: remove webcrypto "DSA" JWK Key Type operations (Filip Skokan) #37203
• [011910b424] - (SEMVER-MINOR) crypto: add keyObject.export() 'jwk' format option (Filip Skokan) #37081
• [c0eadef495] - deps: upgrade to libuv 1.41.0 (Colin Ihrig) #37360
• [50e81ba0b8] - deps: V8: cherry-pick 0c8b6e415c30 (Matin Zadehdolatabad) #37276
• [d1c1724c69] - deps: upgrade npm to 7.5.3 (Ruy Adorno) #37283
• [20c65b00c2] - deps: V8: backport dfcf1e86fac0 (Michaël Zasso) #37245
• [e63b380f76] - deps: upgrade npm to 7.5.2 (Ruy Adorno) #37191
• [d808db2732] - doc: add dmabupt to collaborators (Xu Meng) #37377
• [dd054ca37f] - doc: optimize HTML rendering (Antoine du Hamel) #37301
• [c188466a18] - doc: fix quotes in stream docs (Tobias Nießen) #37269
• [f5e4625468] - doc: fix backticks in crypto API docs (Tobias Nießen) #37269
• [e2a2bab44e] - doc: link PACKAGE_EXPORTS_RESOLVE to ESM section (Utku Gultopu) #37135
• [1e99175e01] - doc: alphabetize crypto.* methods (Rich Trott) #37353
• [392c86d38b] - doc: use sentence case in benchmark doc (Rich Trott) #37351
• [62b2648a96] - doc: apply sentence-consistently in C++ style guide (Rich Trott) #37350
• [189ce399da] - doc: apply sentence case to release doc headers (Rich Trott) #37349
• [610b29b8bd] - doc: fix performanceEntry.flags style format (Cheng Liu) #37274
• [85b1476f1d] - doc: fix typo in deprecations.md (marsonya) #37282
• [f253cb9303] - doc: fix typo in buffer.md (marsonya) #37268
• [804e7ae713] - doc: add version metadata for packages features (Antoine du Hamel) #37289
• [cdd2fe5651] - doc: fix typo in /api/dns.md (marsonya) #37312
• [7d8fd3f576] - doc: refactor fs docs structure (James M Snell) #37170
• [facf3a5c23] - doc: fix description of hasSubscribers (Tobias Nießen) #37324
• [3464c9f007] - doc: discourage error event (Benjamin Gruenbaum) #37264
• [85bed2ec26] - doc: fix misnamed SHASUMS256.txt name in README.md (marsonya) #37260
• [cd50e93307] - doc: warn about using strings as inputs in crypto (Tobias Nießen) #37248
• [5a4288ebb6] - doc: fix typo in crypto.md (marsonya) #37279
• [0e887caf32] - doc: fix typo in console.md (marsonya) #37279
• [47c4f1fc54] - doc: use sentence case in README headers (Rich Trott) #37251
• [7da1c9b219] - doc: use sentence case for headers in BUILDING.md (Rich Trott) #37250
• [ebf3597db1] - doc: rename N-API to Node-API (Gabriel Schulhof) #37259
• [760f126adb] - doc: mark Certificate methods as static, add missing KeyObject.from (Filip Skokan) #37198
• [aebe532967] - doc: consistent webcrypto node.keyObject format (Filip Skokan) #37200
• [596bfb36a0] - doc: mention CryptoKey in port.postMessage() (Filip Skokan) #37196
• [0702d60def] - doc: fix webcrypto HMAC generateKey example (Filip Skokan) #37197
• [8a254058f5] - doc: fix accommodate typos (Colin Ihrig) #37229
• [5906e85ce2] - doc: fix version number for DEP006 (Antoine du Hamel) #37231
• [52c40c7a48] - doc: fix CHANGELOG_ARCHIVE table of contents (Antoine du Hamel) #37232
• [eb08afdf24] - doc: fix typo in globals.md (Darshan Sen) #37228
• [b87c0d6c16] - doc: fix typo in cli.md (Kalvin Vasconcellos) #37214
• [3f815d93bf] - doc: fix pr-url for DEP0148 (Antoine du Hamel) #37205
• [ff02e5e12c] - **doc...

2021-02-10, Version 12.20.2 'Erbium' (LTS), @ruyadorno

Notable changes

• deps:
  • upgrade npm to 6.14.11 (Ruy Adorno) #37173

Commits

• [e8a4e560ea] - async_hooks: fix leak in AsyncLocalStorage exit (Stephen Belanger) #35779
• [427968d266] - deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173
• [cd9a8106be] - http: do not loop over prototype in Agent (Michaël Zasso) #36410
• [4ac8f37800] - http2: check write not scheduled in scope destructor (David Halls) #36241

2021-02-09, Version 14.15.5 'Fermium' (LTS), @BethGriggs

Notable Changes

• deps:
  • upgrade npm to 6.14.11 (Ruy Adorno) #37173
  • V8: backport dfcf1e86fac0 (Michaël Zasso) #37245
    • Note: Node.js is not believed to be vulnerable to CVE-2021-21148.
• stream,zlib: do not use _stream_* anymore (Matteo Collina) #36618

Commits

• [20b1e6c802] - deps: V8: backport dfcf1e86fac0 (Michaël Zasso) #37245
• [408c7a65f3] - deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173
• [017eed665b] - http: do not loop over prototype in Agent (Michaël Zasso) #36410
• [25a3204fe2] - http: don't cork .end when not needed (Dimitris Halatsis) #36633
• [2a1e4e9244] - stream: accept iterable as a valid first argument (ZiJian Liu) #36479
• [9ff73fcdbe] - stream,zlib: do not use _stream_* anymore (Matteo Collina) #36618
• [c03cddb46f] - test: http complete response after socket double end (Dimitris Halatsis) #36633
• [f206505e9d] - util: fix instanceof checks with null prototypes during inspection (Ruben Bridgewater) #36178
• [2f7944b18b] - util: fix module prefixes during inspection (Ruben Bridgewater) #36178