2020-03-04, Version 13.10.0 (Current), @codebytere

Notable Changes

• async_hooks
  • introduce async-context API (vdeturckheim) #26540
• stream
  • support passing generator functions into pipeline() (Robert Nagy) #31223
• tls
  • expose SSL_export_keying_material (simon) #31814
• vm
  • implement vm.measureMemory() for per-context memory measurement (Joyee Cheung) #31824

Commits

• [f71fc9044a] - async_hooks: add store arg in AsyncLocalStorage (Andrey Pechkurov) #31930
• [6af9e7e0c3] - async_hooks: executionAsyncResource matches in hooks (Gerhard Stoebich) #31821
• [877ab97286] - (SEMVER-MINOR) async_hooks: introduce async-context API (vdeturckheim) #26540
• [9a41ced0d1] - build: only lint markdown files that have changed (POSIX-only) (Rich Trott) #31923
• [ca4407105e] - build: add missing comma in node.gyp (cjihrig) #31959
• [4dffd0437d] - cli: --perf-prof only works on Linux (Shelley Vohr) #31892
• [4d05508aa8] - crypto: turn impossible DH errors into assertions (Tobias Nießen) #31934
• [d0e94fc77e] - crypto: fix ieee-p1363 for createVerify (Tobias Nießen) #31876
• [fbaab7d854] - deps: openssl: cherry-pick 4dcb150ea30f (Adam Majer) #32002
• [e6125cd53b] - deps: V8: backport f7771e5b0cc4 (Matheus Marchini) #31957
• [c27f0d10c4] - deps: update zlib to upstream d7f3ca9 (Sam Roberts) #31800
• [b30a6981d3] - deps: move zlib maintenance info to guides (Sam Roberts) #31800
• [cd30dbb0d6] - doc: revise --zero-fill-buffers text in buffer.md (Rich Trott) #32019
• [166579f84b] - doc: add link to sem-ver info (unknown) #31985
• [e3258fd148] - doc: update zlib doc (James M Snell) #31665
• [8516602ba0] - doc: clarify http2.connect authority details (James M Snell) #31828
• [c5acf0a13b] - doc: updated YAML version representation in readline.md (Rich Trott) #31924
• [4c6343fdea] - doc: describe how to update zlib (Sam Roberts) #31800
• [a46839279f] - doc: update releases guide re pushing tags (Myles Borins) #31855
• [15cc9b0126] - doc: update assert.rejects() docs with a validation function example (Eric Eastwood) #31271
• [2046652b4e] - doc: fix anchor for ERR_TLS_INVALID_CONTEXT (Tobias Nießen) #31915
• [091b4bfe2d] - doc: add note about ssh key to releases (Shelley Vohr) #31856
• [3438937a37] - doc: fix notable changes for v13.9.0 (Shelley Vohr) #31857
• [672f76d6bd] - doc: reword possessive form of Node.js in adding-new-napi-api.md (Rich Trott) #31748
• [3eaf37767e] - doc: reword possessive form of Node.js in http.md (Rich Trott) #31748
• [cb210e6b16] - doc: reword possessive form of Node.js in process.md (Rich Trott) #31748
• [3969af43b4] - doc: reword possessive form of Node.js in debugger.md (Rich Trott) #31748
• [f9526057b3] - doc: move gireeshpunathil to TSC emeritus (Gireesh Punathil) #31770
• [b07175853f] - doc: pronouns for @Fishrock123 (Jeremiah Senkpiel) #31725
• [7f4d6ee8ea] - doc: move @Fishrock123 to TSC Emeriti (Jeremiah Senkpiel) #31725
• [b177bba555] - doc: move @Fishrock123 to a previous releaser (Jeremiah Senkpiel) #31725
• [9e4aad705f] - doc: fix typos in doc/api/https.md (Jeff) #31793
• [eb2dce8342] - doc: claim ABI version 82 for Electron 10 (Samuel Attard) #31778
• [db291aaf06] - doc: guide - using valgrind to debug memory leaks (Michael Dawson) #31501
• [aa16d80c05] - doc,crypto: re-document oaepLabel option (Ben Noordhuis) #31825
• [9079bb42ea] - http2: make compat finished match http/1 (Robert Nagy) #24347
• [3bd8feac0c] - meta: move aqrln to emeritus (Rich Trott) #31997
• [c801045fcd] - meta: move jbergstroem to emeritus (Rich Trott) #31996
• [ded3890bec] - meta: move maclover7 to Emeritus (Rich Trott) #31994
• [91ce69a554] - meta: move Glen Keane to Collaborator Emeritus (Rich Trott) #31993
• [b74c40eda6] - meta: move not-an-aardvark to emeritus (Rich Trott) #31928
• [61a0d8b6cd] - meta: move julianduque to emeritus (Rich Trott) #31863
• [94a471a422] - meta: move eljefedelrodeodeljefe to emeritus (Rich Trott) #31735
• [9e3e6763fa] - module: port source map sort logic from chromium (bcoe) #31927
• [b9f3bfe6c8] - module: disable conditional exports, self resolve warnings (Guy Bedford) #31845
• [bbb6cc733c] - module: package "exports" error refinements (Guy Bedford) #31625
• [6adbfac9b0] - repl: eager-evaluate input in parens (Shelley Vohr) #31943
• [6a35b0d102] - src: don't run bootstrapper in CreateEnvironment (Shelley Vohr) #31910
• [3497370d66] - src: move InternalCallbackScope to StartExecution (Shelley Vohr) #31944
• [f62967c827] - src: enable StreamPipe for generic StreamBases (Anna Henningsen) #31869
• [776f379124] - src: include large pages source u...

2020-02-18, Version 13.9.0 (Current), @codebytere

Notable changes

• async_hooks
  • add executionAsyncResource (Matteo Collina) #30959
• crypto
  • add crypto.diffieHellman (Tobias Nießen) #31178
  • add DH support to generateKeyPair (Tobias Nießen) #31178
  • simplify DH groups (Tobias Nießen) #31178
  • add key type 'dh' (Tobias Nießen) #31178
• test
  • skip keygen tests on arm systems (Tobias Nießen) #31178
• perf_hooks
  • add property flags to GCPerformanceEntry (Kirill Fomichev) #29547
• process
  • report ArrayBuffer memory in memoryUsage() (Anna Henningsen) #31550
• readline
  • make tab size configurable (Ruben Bridgewater) #31318
• report
  • add support for Workers (Anna Henningsen) #31386
• worker
  • add ability to take heap snapshot from parent thread (Anna Henningsen) #31569
• added new collaborators
  • add ronag to collaborators (Robert Nagy) #31498

Commits

• [2db7593838] - assert: align character indicators properly (Ruben Bridgewater) #31429
• [a840e9d639] - async_hooks: ensure event after been emitted on runInAsyncScope (legendecas) #31784
• [6be51296e4] - (SEMVER-MINOR) async_hooks: add executionAsyncResource (Matteo Collina) #30959
• [2de085fe93] - benchmark: use let instead of var (Daniele Belardi) #31592
• [e37f5100e5] - benchmark: swap var for let in benchmarks (Alex Ramirez) #28958
• [819fb76ba5] - Revert "benchmark: refactor helper into a class" (Anna Henningsen) #31722
• [8974fa794c] - Revert "benchmark: add test and all options and improve errors" (Anna Henningsen) #31722
• [30f55cebb6] - Revert "benchmark: remove special test entries" (Anna Henningsen) #31722
• [1484f5ab6e] - benchmark: remove special test entries (Ruben Bridgewater) #31396
• [ca343caee3] - benchmark: add test and all options and improve errors (Ruben Bridgewater) #31396
• [9f2c742626] - benchmark: refactor helper into a class (Ruben Bridgewater) #31396
• [161db608ae] - benchmark: check for and fix multiple end() (Brian White) #31624
• [6fe8eda3ca] - benchmark: clean up config resolution in multiple benchmarks (Denys Otrishko) #31581
• [ebdcafafeb] - benchmark: add MessagePort benchmark (Anna Henningsen) #31568
• [eb3c6e9127] - benchmark: use let and const instead of var (Daniele Belardi) #31518
• [b29badad81] - benchmark: fix getStringWidth() benchmark (Rich Trott) #31476
• [519134ddb0] - buffer: improve from() performance (Brian White) #31615
• [769154de07] - buffer: improve concat() performance (Brian White) #31522
• [9d45393e95] - buffer: improve fill(number) performance (Brian White) #31489
• [60a69770f5] - build: add configure option to debug only Node.js part of the binary (Anna Henningsen) #31644
• [10f9abe81d] - build: ignore all the "Debug","Release" folders (ConorDavenport) #31565
• [03eade01d7] - build: enable loading internal modules from disk (Gus Caplan) #31321
• [a2b7006847] - build: build docs in GitHub Actions CI workflow (Richard Lau) #31504
• [2e216aebcb] - build: do not use setup-node in build workflows (Richard Lau) #31349
• [825d089763] - crypto: fix performance regression (Robert Nagy) #31742
• [3c6545f0b4] - crypto: improve randomBytes() performance (Brian White) #31519
• [f84b34d42c] - crypto: improve errors in DiffieHellmanGroup (Tobias Nießen) #31445
• [4591202e66] - crypto: assign and use ERR_CRYPTO_UNKNOWN_CIPHER (Tobias Nießen) #31437
• [bf46c304dd] - (SEMVER-MINOR) crypto: add crypto.diffieHellman (Tobias Nießen) #31178
• [0d3e095941] - (SEMVER-MINOR) crypto: add DH support to generateKeyPair (Tobias Nießen) #31178
• [15bd2c9f0c] - (SEMVER-MINOR) crypto: simplify DH groups (Tobias Nießen) #31178
• [572322fddf] - (SEMVER-MINOR) crypto: add key type 'dh' (Tobias Nießen) #31178
• [0ac124b6b9] - deps: upgrade npm to 6.13.7 (Michael Perrotte) #31558
• [bf7097c77d] - deps: switch to chromium's zlib implementation (Brian White) #31201
• [2eeaa5ce40] - deps: uvwasi: cherry-pick 7b5b6f9 (cjihrig) #31495
• [464f4afa66] - deps: upgrade to libuv 1.34.2 (cjihrig) #31477
• [9811ebe0c5] - deps: uvwasi: cherry-pick eea4508 (cjihrig) #31432
• [2fe0ed3a2e] - deps: uvwasi: cherry-pick c3bef8e (cjihrig) #31432
• [09566be899] - deps: uvwasi: cherry-pick ea73af5 (cjihrig) #31432
• [04f2799ed2] - deps: update to uvwasi 0.0.5 (cjihrig) #31432
• [7c4f1ed030] - deps: uvwasi: cherry-pick 941bedf (cjihrig) #31363
• [00e38a749a] - deps: port uvwasi@676ba9a to gyp (cjihrig) #31363
• [5bd3f6c258] - deps,test: update to uvwasi 0.0.4 (cjihrig) #31363
• [2cd8461e56] - doc: add glossary.md (gengjiawen) #27517
• [c4613c6b8b] - doc: add prerequisites information for Arch (Ujjwal Sharma) #31669
• [b35f83e69b] - doc: fix typo on fs docs (Juan José Arboleda) [#31620](ht...

2020-02-18, Version 12.16.1 'Erbium' (LTS), @MylesBorins

Notable changes

Node.js 12.16.0 included 6 regressions that are being fixed in this release

Accidental Unflagging of Self Resolving Modules:

12.16.0 included a large update to the ESM implementation. One of the new features,
Self Referential Modules, was accidentally released without requiring the --experimental-modules
flag. This release is being made to appropriately flag the feature.

Process Cleanup Changed Introduced WASM-Related Assertion:

A change during Node.js process cleanup led to a crash in combination with
specific usage of WASM. This has been fixed by partially reverted said change.
A regression test and a full fix are being worked on and will likely be included
in future 12.x and 13.x releases.

Use Largepages Runtime Option Introduced Linking Failure:

A Semver-Minor change to introduce --use-largepages as a runtime option
introduced a linking failure. This had been fixed in master but regressed as the fix has not yet gone out
in a Current release. The feature has been reverted, but will be able to reland with a fix in a future
Semver-Minor release.

Async Hooks was Causing an Exception When Handling Errors:

Changes in async hooks internals introduced a case where an internal api call could be called with undefined
causing a process to crash. The change to async hooks was reverted. A regression test and fix has been proposed
and the change could re land in a future Semver-Patch release if the regression is reliably fixed.

New Enumerable Read-Only Property on EventEmitter breaks @types/extend

A new property for enumerating events was added to the EventEmitter class. This
broke existing code that was using the @types/extend module for extending classses
as @types/extend was attemping to write over the existing field which the new
change made read-only. As this is the first property on EventEmitter that is
read-only this feature could be considered Semver-Major. The new feature has been
reverted but could re land in a future Semver-Minor release if a non breaking way
of applying it is found.

Exceptions in the HTTP parser were not emitting an uncaughtException

A refactoring to Node.js interanls resulted in a bug where errors in the HTTP
parser were not being emitted by process.on('uncaughtException'). The fix
to this bug has been included in this release.

Commits

• [51fdd759b9] - async_hooks: ensure event after been emitted on runInAsyncScope (legendecas) #31784
• [7a1b0ac06f] - Revert "build: re-introduce --use-largepages as no-op" (Myles Borins) #31782
• [a53eeca2a9] - Revert "build: switch realpath to pwd" (Myles Borins) #31782
• [6d432994e6] - Revert "build: warn upon --use-largepages config option" (Myles Borins) #31782
• [a5bc00af12] - Revert "events: allow monitoring error events" (Myles Borins)
• [f0b2d875d9] - module: 12.x self resolve flag as experimental modules (Guy Bedford) #31757
• [42b68a4e24] - src: inform callback scopes about exceptions in HTTP parser (Anna Henningsen) #31801
• [065a32f064] - Revert "src: make --use-largepages a runtime option" (Myles Borins) #31782
• [3d5beebc62] - Revert "src: make large_pages node.cc include conditional" (Myles Borins) #31782
• [43d02e20e0] - src: keep main-thread Isolate attached to platform during Dispose (Anna Henningsen) #31795
• [7a5954ef26] - src: fix -Winconsistent-missing-override warning (Colin Ihrig) #30549

2020-02-11, Version 12.16.0 'Erbium' (LTS), @targos

Notable changes

New assert APIs

The assert module now provides experimental assert.match() and
assert.doesNotMatch() methods. They will validate that the first argument is a
string and matches (or does not match) the provided regular expression:

const assert = require('assert').strict;

assert.match('I will fail', /pass/);
// AssertionError [ERR_ASSERTION]: The input did not match the regular ...

assert.doesNotMatch('I will fail', /fail/);
// AssertionError [ERR_ASSERTION]: The input was expected to not match the ...

This is an experimental feature.

Ruben Bridgewater #30929.

Advanced serialization for IPC

The child_process and cluster modules now support a serialization option
to change the serialization mechanism used for IPC. The option can have one of
two values:

• 'json' (default): JSON.stringify() and JSON.parse() are used. This is
  how message serialization was done before.
• 'advanced': The serialization API of the v8 module is used. It is based on
  the HTML structured clone algorithm
  and is able to serialize more built-in JavaScript object types, such as
  BigInt, Map, Set etc. as well as circular data structures.

Anna Henningsen #30162.

CLI flags

The new --trace-exit CLI flag makes Node.js print a stack trace whenever the
Node.js environment is exited proactively (i.e. by invoking the process.exit()
function or pressing Ctrl+C).

legendecas #30516.

---

The new --trace-uncaught CLI flag makes Node.js print a stack trace at the
time of throwing uncaught exceptions, rather than at the creation of the Error
object, if there is any.
This option is not enabled by default because it may affect garbage collection
behavior negatively.

Anna Henningsen #30025.

---

The --disallow-code-generation-from-strings V8 CLI flag is now whitelisted in
the NODE_OPTIONS environment variable.

Shelley Vohr #30094.

New crypto APIs

For DSA and ECDSA, a new signature encoding is now supported in addition to the
existing one (DER). The verify and sign methods accept a dsaEncoding
option, which can have one of two values:

• 'der' (default): DER-encoded ASN.1 signature structure encoding (r, s).
• 'ieee-p1363': Signature format r || s as proposed in IEEE-P1363.

Tobias Nießen #29292.

---

A new method was added to Hash: Hash.prototype.copy. It makes it possible to
clone the internal state of a Hash object into a new Hash object, allowing
to compute the digest between updates:

// Calculate a rolling hash.
const crypto = require('crypto');
const hash = crypto.createHash('sha256');

hash.update('one');
console.log(hash.copy().digest('hex'));

hash.update('two');
console.log(hash.copy().digest('hex'));

hash.update('three');
console.log(hash.copy().digest('hex'));

// Etc.

Ben Noordhuis #29910.

Dependency updates

libuv was updated to 1.34.0. This includes fixes to uv_fs_copyfile() and
uv_interface_addresses() and adds two new functions: uv_sleep() and
uv_fs_mkstemp().

Colin Ihrig #30783.

---

V8 was updated to 7.8.279.23. This includes performance improvements to object
destructuring, RegExp match failures and WebAssembly startup time.
The official release notes are available at https://v8.dev/blog/v8-release-78.

Michaël Zasso #30109.

New EventEmitter APIs

The new EventEmitter.on static method allows to async iterate over events:

const { on, EventEmitter } = require('events');

(async () => {

  const ee = new EventEmitter();

  // Emit later on
  process.nextTick(() => {
    ee.emit('foo', 'bar');
    ee.emit('foo', 42);
  });

  for await (const event of on(ee, 'foo')) {
    // The execution of this inner block is synchronous and it
    // processes one event at a time (even with await). Do not use
    // if concurrent execution is required.
    console.log(event); // prints ['bar'] [42]
  }

})();

Matteo Collina #27994.

---

It is now possible to monitor 'error' events on an EventEmitter without
consuming the emitted error by installing a listener using the symbol
EventEmitter.errorMonitor:

const myEmitter = new MyEmitter();

myEmitter.on(EventEmitter.errorMonitor, (err) => {
  MyMonitoringTool.log(err);
});

myEmitter.emit('error', new Error('whoops!'));
// Still throws and crashes Node.js

Gerhard Stoebich #30932.

---

Using async functions with event handlers is problematic, because it
can lead to an unhandled rejection in case of a thrown exception:

const ee = new EventEmitter();

ee.on('something', async (value) => {
  throw new Error('kaboom');
});

The experimental captureRejections option in the EventEmitter constructor or
the global setting change this behavior, installing a
.then(undefined, handler) handler on the Promise. This handler routes the
exception asynchronously to the Symbol.for('nodejs.rejection') method if there
is one, or to the 'error' event handler if there is none.

const ee1 = new EventEmitter({ captureRejections: true });
ee1.on('something', async (value) => {
  throw new Error('kaboom');
});

ee1.on('error', console.log);

const ee2 = new EventEmitter({ captureRejections: true });
ee2.on('something', async (value) => {
  throw new Error('kaboom');
});

ee2[Symbol.for('nodejs.rejection')] = console.log;

Setting EventEmitter.captureRejections = true will change the default for all
new instances of EventEmitter.

EventEmitter.captureRejections = true;
const ee1 = new EventEmitter();
ee1.on('something', async (value) => {
  throw new Error('kaboom');
});

ee1.on('error', console.log);

This is an experimental feature.

Matteo Collina #27867.

Performance Hooks are no longer experimental

The perf_hooks module is now considered a stable API.

legendecas #31101.

Introduction of experimental WebAssembly System Interface (WASI) support

A new core module, wasi, is introduced to provide an implementation of the
WebAssembly System Interface specification.
WASI gives sandboxed WebAssembly applications access to the
underlying operating system via a collection of POSIX-like functions.

This is an experimental feature.

Colin Ihrig #30258.

Commits

• [fc7b27ea78] - (SEMVER-MINOR) assert: implement assert.match() and assert.doesNotMatch() (Ruben Bridgewater) #30929
• [7d6c963b9d] - assert: DRY .throws code (Ruben Bridgewater) #28263
• [749bc16cca] - assert: fix generatedMessage property (Ruben Bridgewater) #28263
• [6909e3e656] - assert: use for...of (Soar) #30983
• [b4e8f0de12] - assert: fix line number calculation after V8 upgrade (Michaël Zasso) #29694
• [a0f338ecc1] - assert,util: stricter type comparison using deep equal comparisons (Ruben Bridgewater) #30764
• [a9fad8524c] - async_hooks: ensure proper handling in runInAsyncScope (Anatoli Papirovski) #30965
• [73e3c15a70] - benchmark: add more util inspect and format benchmarks (Ruben Bridgewater) #30767
• [634389b3ee] - benchmark: use let instead of var in dgram (dnlup) #31175
• [b55420889c] - benchmark: add benchmark on async_hooks enabled http server (legendecas) #31100
• [1c97163f76] - benchmark: use let instead of var in crypto (dnlup) #31135
• [3de7713aa5] - benchmark: replace var with let/const in cluster benchmark (dnlup) #31042
• [471c59b4ba] - benchmark: include writev in benchmark (Robert Nagy) #31066
• [c73256460d] - benchmark: use let instead of var in child_process (dnlup) #31043
• [aa973c5cd9] - benchmark: add clear connections to sec...

2020-02-06, Version 13.8.0 (Current), @BethGriggs

Notable Changes

This is a security release.

Vulnerabilities fixed:

• CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
• CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
• CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
--insecure-http-parser command line flag, or the insecureHTTPParser
http option. Using the insecure HTTP parser should be avoided.

Commits

• [b7da194714] - benchmark: support optional headers with wrk (Sam Roberts) nodejs-private/node-private#189
• [1156a9e5f8] - crypto: fix assertion caused by unsupported ext (Fedor Indutny) nodejs-private/node-private#175
• [8f41e837bb] - deps: update llhttp to 2.0.4 (Beth Griggs) nodejs-private/node-private#199
• [07d56e49cf] - (SEMVER-MINOR) http: make --insecure-http-parser configurable per-stream or per-server (Anna Henningsen) #31448
• [25b6897e8a] - http: strip trailing OWS from header values (Sam Roberts) nodejs-private/node-private#189
• [eea3a7429b] - test: using TE to smuggle reqs is not possible (Sam Roberts) nodejs-private/node-private#199

2020-02-06, Version 12.15.0 'Erbium' (LTS), @BethGriggs

Notable changes

This is a security release.

Vulnerabilities fixed:

• CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
• CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
• CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
--insecure-http-parser command line flag, or the insecureHTTPParser
http option. Using the insecure HTTP parser should be avoided.

Commits

• [209767c7a2] - benchmark: support optional headers with wrk (Sam Roberts) nodejs-private/node-private#189
• [02c8905051] - crypto: fix assertion caused by unsupported ext (Fedor Indutny) nodejs-private/node-private#175
• [25d6011912] - deps: update llhttp to 2.0.4 (Beth Griggs) nodejs-private/llhttp-private#1
• [8162f0e194] - deps: upgrade http-parser to v2.9.3 (Sam Roberts) nodejs-private/http-parser-private#4
• [d41314ef99] - (SEMVER-MINOR) deps: upgrade http-parser to v2.9.1 (Sam Roberts) #30473
• [7fc565666c] - (SEMVER-MINOR) http: make --insecure-http-parser configurable per-stream or per-server (Anna Henningsen) #31448
• [496736ff78] - (SEMVER-MINOR) http: opt-in insecure HTTP header parsing (Sam Roberts) #30567
• [76fd8910e9] - http: strip trailing OWS from header values (Sam Roberts) nodejs-private/node-private#189
• [9cd155eb4a] - test: using TE to smuggle reqs is not possible (Sam Roberts) nodejs-private/node-private#192
• [ab1fcb89cb] - test: check that --insecure-http-parser works (Sam Roberts) #31253

2020-02-06, Version 10.19.0 'Dubnium' (LTS), @BethGriggs

Notable changes

This is a security release.

Vulnerabilities fixed:

• CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
• CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
• CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
--insecure-http-parser command line flag, or the insecureHTTPParser
http option. Using the insecure HTTP parser should be avoided.

Commits

• [f940bee3b7] - crypto: fix assertion caused by unsupported ext (Fedor Indutny) nodejs-private/node-private#175
• [49f4220ce5] - deps: upgrade http-parser to v2.9.3 (Sam Roberts) nodejs-private/http-parser-private#4
• [a28e5cc1ed] - (SEMVER-MINOR) deps: upgrade http-parser to v2.9.1 (Sam Roberts) #30471
• [0082f62d9c] - (SEMVER-MINOR) http: make --insecure-http-parser configurable per-stream or per-server (Anna Henningsen) #31448
• [a9849c0ff6] - (SEMVER-MINOR) http: opt-in insecure HTTP header parsing (Sam Roberts) #30567
• [2eee90e959] - http: strip trailing OWS from header values (Sam Roberts) nodejs-private/node-private#191
• [e2c8f89b75] - test: using TE to smuggle reqs is not possible (Sam Roberts) nodejs-private/node-private#192
• [d616722f65] - test: check that --insecure-http-parser works (Sam Roberts) #31253

2020-01-21, Version 13.7.0 (Current), @codebytere

Notable Changes

• deps:
  • upgrade to libuv 1.34.1 (cjihrig) #31332
  • upgrade npm to 6.13.6 (Ruy Adorno) #31304
• module
  • add API for interacting with source maps (bcoe) #31132
  • loader getSource, getFormat, transform hooks (Geoffrey Booth) #30986
  • logical conditional exports ordering (Guy Bedford) #31008
  • unflag conditional exports (Guy Bedford) #31001
• process:
  • allow monitoring uncaughtException (Gerhard Stoebich) #31257
• Added new collaborators:
  • GeoffreyBooth - Geoffrey Booth. #31306

Commits

• [9d26358cfe] - async_hooks: remove internal only error checking (Anatoli Papirovski) #30967
• [6e978f7d73] - benchmark: add default type in getstringwidth.js (Rich Trott) #31377
• [317d2dba45] - benchmark: benchmarking impacts of async hooks on promises (legendecas) #31188
• [55e2b4ee3b] - build: remove enable_vtune from vcbuild.bat (Richard Lau) #31338
• [f11406de43] - build: add vs2019 to vcbuild.bat help (Richard Lau) #31338
• [b2180d932a] - build: fix macos runner type in GitHub Action (扩散性百万甜面包) #31327
• [a6e1e9c6c3] - build: fix step name in GitHub Actions workflow (Richard Lau) #31323
• [0379c319fd] - build: add GitHub actions to run linters (Richard Lau) #31323
• [a31eed0214] - build: silence OpenSSL Windows compiler warnings (Richard Lau) #31311
• [6b118b44e8] - build: silence c-ares Windows compiler warnings (Richard Lau) #31311
• [7a5d4fad84] - build: test Python 3 using GitHub Actions-based CI (cclauss) #29474
• [964371824c] - build: avoid using CMP for BZ2File (SpaceRacet5w2A6l0I) #31198
• [22859367ca] - child_process: remove unnecessary use of inner state (Chetan Karande) #29358
• [6d6a3e4551] - deps: V8: cherry-pick d89f4ef1cd62 (Milad Farazmand) #31354
• [d62d06b3b7] - deps: V8: cherry-pick b9d33036e9a8 (Benjamin Coe) #31335
• [51e4a5618b] - deps: upgrade to libuv 1.34.1 (cjihrig) #31332
• [985f980053] - deps: upgrade npm to 6.13.6 (Ruy Adorno) #31304
• [6f95f01f95] - deps: deactivate failing tests corresponding to experimental features (Ruben Bridgewater) #31289
• [aed00d7d68] - doc: add missing code formatting in vm.md (cjihrig) #31350
• [aedbfdb33a] - doc: standardize on "host name" in url.md (Rich Trott) #31326
• [28245277d7] - doc: standardize on "host name" in tls.md (Rich Trott) #31326
• [baeabff896] - doc: standardize on "host name" in os.md (Rich Trott) #31326
• [94122f611a] - doc: standardize on "host name" in net.md (Rich Trott) #31326
• [bac588e076] - doc: standardize on "host name" in https.md (Rich Trott) #31326
• [600eb8b67c] - doc: standardize on "host name" in http2.md (Rich Trott) #31326
• [47f71de786] - doc: standardize on "host name" in fs.md (Rich Trott) #31326
• [ece70a8288] - doc: standardize on "host name" in errors.md (Rich Trott) #31326
• [b8dee4540a] - doc: standardize on "host name" in dgram.md (Rich Trott) #31326
• [8055f78995] - doc: standardize on "host name" in deprecations.md (Rich Trott) #31326
• [6e9f0daad1] - doc: standardize on "host name" in async_hooks.md (Rich Trott) #31326
• [e1fd6ae4fa] - doc: fix a code example in crypto.md (himself65) #31313
• [bb9622ba5a] - doc: add an example for util.types.isExternal (Harshitha KP) #31173
• [0608873052] - doc: fix example of parsing request.url (Egor Pavlov) #31302
• [b9aca7849d] - doc: document readline key bindings (Harshitha KP) #31256
• [6184f1ab70] - doc: improve doc v8.getHeapSpaceStatistics() 'GetHeapSpaceStatistics' (dev-313) #31274
• [deff60024a] - doc: update README to make Node.js description clearer (carterbancroft) #31266
• [8e14066578] - doc: fix a code example in zlib.md (Alexander Wang) #31264
• [9c58aa4c75] - doc: add GeoffreyBooth to collaborators (Geoffrey Booth) #31306
• [de6f2be0d0] - doc: update description of External (Anna Henningsen) #31255
• [0e48d8d855] - doc: rename iterator to iterable in examples (Robert Nagy) #31252
• [d51de787d9] - doc: fix stream async iterator sample (Robert Nagy) #31252
• [3e7b3e3c18] - doc: correct filehandle.[read|write|append]File() (Bryan English) #31235
• [220ea0c12e] - doc: prefer server vs srv and client vs clt (Andrew Hughes) #31224
• [c1333ea113] - doc: explain native external types (Harshitha KP) #31214
• [82b447c399] - doc,src: clarify that one napi_env is per-module (legendecas) #31102
• [4981f9721a] - errors: remove dead code in ERR_INVALID_ARG_TYPE (Gerhard Stoebich) #31322
• [b55fba2028] - fs: add missing HandleScope to FileHandle.close (Anna Henningsen) #31276
• [57016b9e66] - fs: use async writeFile in FileHandle#appendFile (Bryan English) #31235
• [[52504fb91e](https://github.com/nodejs/no...

2020-01-09, Version 10.18.1 'Dubnium' (LTS), @BethGriggs

Notable changes

• http2: fix session memory accounting after pausing (Michael Lehenbauer) #30684
• n-api: correct bug in napi_get_last_error (Octavian Soldea) #28702
• tools: update tzdata to 2019c (Myles Borins) #30479

Commits

• [a80c59130e] - build: fix configure script to work with Apple Clang 11 (Saagar Jha) #28071
• [68b2b5cc51] - build,win: propagate error codes in vcbuild (João Reis) #30724
• [3e0709cf5e] - deps: V8: backport fb63e5cf55e9 (Michaël Zasso)
• [25b8fbda35] - doc: allow <code> in header elements (Rich Trott) #31086
• [a1b095dd46] - doc,dns: use code markup/markdown in headers (Rich Trott) #31086
• [8f3b8ca515] - http2: fix session memory accounting after pausing (Michael Lehenbauer) #30684
• [20f64a96de] - http2: use the latest settings (ZYSzys) #29780
• [81c31005fd] - lib: fix comment nits in bootstrap\loaders.js (Vse Mozhet Byt) #24641
• [88e8b7cf83] - n-api: correct bug in napi_get_last_error (Octavian Soldea) #28702
• [77e0318849] - stream: increase MAX_HWM (Robert Nagy) #29938
• [894aaa2040] - stream: extract Readable.from in its own file (Matteo Collina) #30140
• [7e941eb17d] - test: do not fail SLOW tests if they are not slow (Yang Guo) #25868
• [0f3ae77aaf] - tools: update tzdata to 2019c (Myles Borins) #30479
• [4ae8d204cb] - tools: move python code out of jenkins shell (Sam Roberts) #28458
• [4879b80d87] - tools: fix v8 testing with devtoolset on ppcle (Sam Roberts) #28458

2020-01-07, Version 13.6.0 (Current), @BridgeAR

Notable Changes

• assert:
  • Implement assert.match() and assert.doesNotMatch() (Ruben Bridgewater) #30929
• events:
  • Add EventEmitter.on to async iterate over events (Matteo Collina) #27994
  • Allow monitoring error events (Gerhard Stoebich) #30932
• fs:
  • Allow overriding fs for streams (Robert Nagy) #29083
• perf_hooks:
  • Move perf_hooks out of experimental (legendecas) #31101
• repl:
  • Implement ZSH-like reverse-i-search (Ruben Bridgewater) #31006
• tls:
  • Add PSK (pre-shared key) support (Denys Otrishko) #23188

Commits

• [d831dc1b77] - (SEMVER-MINOR) assert: implement assert.match() and assert.doesNotMatch() (Ruben Bridgewater) #30929
• [f8aa365508] - assert: use for...of (Soar) #30983
• [5fccb508e9] - benchmark: use let instead of var in dgram (dnlup) #31175
• [827d3fea0e] - benchmark: add benchmark on async_hooks enabled http server (legendecas) #31100
• [b193142e0a] - benchmark: use let instead of var in crypto (dnlup) #31135
• [b8ccf30ac1] - benchmark: replace var with let/const in cluster benchmark (dnlup) #31042
• [01fd3be84a] - benchmark: include writev in benchmark (Robert Nagy) #31066
• [ca53f02767] - benchmark: use let instead of var in child_process (dnlup) #31043
• [625744d292] - benchmark: add clear connections to secure-pair (Diego Lafuente) #27971
• [0e864a383c] - benchmark: update manywrites back pressure (Robert Nagy) #30977
• [37ffa8c2ae] - bootstrap: use different scripts to setup different configurations (Joyee Cheung) #30862
• [4df365256f] - buffer: improve .from() error details (Ruben Bridgewater) #29675
• [9b7cf090c7] - build: don't use -latomic on macOS (Ryan Schmidt) #30099
• [d2ab877b72] - build: warn upon --use-largepages config option (Gabriel Schulhof) #31103
• [ca05a5bb64] - build: switch realpath to pwd (bcoe) #31095
• [d131877398] - build: fixes build for some os versions (David Carlier)
• [baf8730a47] - build: re-introduce --use-largepages as no-op (Gabriel Schulhof)
• [ca235112ae] - deps: V8: backport a4545db (David Carlier) #31127
• [e2ef1a9e63] - deps: V8: bump v8_embedder_string for 0e21c1e (Сковорода Никита Андреевич) #31096
• [2ec817e02d] - deps: uvwasi: cherry-pick 75b389c (cjihrig) #31076
• [a5937c7b6c] - deps: uvwasi: cherry-pick 64e59d5 (cjihrig) #31076
• [647f3c7639] - deps: V8: cherry-pick 687d865fe251 (Сковорода Никита Андреевич) #31007
• [7fe8399e08] - deps: V8: cherry-pick d406bfd64653 (Sam Roberts) #30819
• [7e13ae7757] - deps: V8: cherry-pick d3a1a5b6c491 (Michaël Zasso) #31005
• [32805a9525] - deps,src,test: update to uvwasi 0.0.3 (cjihrig) #30980
• [44d03e81d4] - dgram: test to add and to drop specific membership (A. Volgin) #31047
• [21ef3d615e] - dgram: use for...of (Trivikram Kamat) #30999
• [7b696fe9f4] - doc: remove extra backtick (cjihrig) #31186
• [dba2ab75d9] - doc: use code markup/markdown in headers (Ruben Bridgewater) #31149
• [cc44325eed] - doc: update REPL documentation to instantiate the REPL (Ruben Bridgewater) #30928
• [d3a8088cd5] - doc: improve explanation of package.json "type" field (Ronald J Kimball) #27516
• [33352c2433] - doc: clarify role of writable.cork() (Colin Grant) #30442
• [b657a64b77] - doc: de-duplicate security release processes (Sam Roberts) #30996
• [18b34def41] - doc: fix createDiffieHellman generator type (Tobias Nießen) #31121
• [1fa8e49f7e] - doc: update mode type for mkdir() functions (cjihrig) #31115
• [a37a88f40d] - doc: update mode type for process.umask() (cjihrig) #31115
• [2313b9e33b] - doc: update mode type for fs open() functions (cjihrig) #31115
• [53c6a1ee34] - doc: update mode type for fchmod() functions (cjihrig) #31115
• [68557889d3] - doc: update parameter type for fsPromises.chmod() (cjihrig) #31115
• [72d70d5102] - doc: improve dns introduction (Rich Trott) #31090
• [4c29a6ee15] - doc: update parameter type for fs.chmod() (Santosh Yadav) #31085
• [dcce8b68b2] - doc: use code markup/markdown in headers in globals documentation (Rich Trott) #31086
• [7afe69cee0] - doc: use code markup/markdown in headers in deprecations documentation (Rich Trott) #31086
• [ff828900f6] - doc: use code markup/markdown in headers in addons documentation (Rich Trott) #31086
• [ce60a80944] - doc: allow <code> in header elements (Rich Trott) #31086
• [1033760874] - doc: add --inspect-publish-uid man page entry (cjihrig) #31077
• [23013e3e31] - doc: add --force-context-aware man page entry (cjihrig) #31077
• [efc97fd927] - doc: add --enable-source-maps man page entry (cjihrig) #31077
• [4292f64c27] - doc: fix anchors and subtitle in BUILDING.md (sutangu) #30296
• [[1357c97a70](https://github.com/nodejs/node/...