chore(deps): update node docker tag to v16.9.0 (!17) · Merge requests · Gerrit Schröer / Flottenmanagement-Test-Day-Task

FW Serviceworker requested to merge deps/node-16.x into master Sep 09, 2021

This MR contains the following updates:

Package	Type	Update	Change
node	final	minor	`16.3.0-alpine3.13` -> `16.9.0-alpine3.13`
node	stage	minor	`16.3.0-alpine3.13` -> `16.9.0-alpine3.13`

Release Notes

nodejs/node

`v16.9.0`

Compare Source

Notable Changes

Corepack

Node.js now includes Corepack, a script that acts as a bridge between Node.js projects and the package managers they are intended to be used with during development. In practical terms, Corepack will let you use Yarn and pnpm without having to install them - just like what currently happens with npm, which is shipped in Node.js by default. Please head over to the Corepack documentation page for more information on how to use it.

Contributed by Maël Nison - #39608

V8 9.3

V8 is updated to version 9.3, which includes performance improvements and new JavaScript features.

`Object.hasOwn`

Object.hasOwn is a static alias for Object.prototype.hasOwnProperty.call:

Object.hasOwn({ value: 42 }, 'value'); // Returns `true`.

Error cause

Errors can now be optionally constructed with a cause option, pointing to another error. This adds a cause property on the new error:

const error1 = new Error('Error one');
const error2 = new Error('Error two', { cause: error1 });
// error2.cause === error1

Contributed by Michaël Zasso - #39947

Other Notable Changes

[34c627e4bc] - (SEMVER-MINOR) crypto: add RSA-PSS params to asymmetricKeyDetails (Tobias Nießen) #39851
[20da0a5379] - (SEMVER-MINOR) module: support pattern trailers (Guy Bedford) #39635
[cb44781371] - (SEMVER-MINOR) stream: add stream.compose (Robert Nagy) #39029

Commits

[2343c394fb] - async_hooks: use resource stack for AsyncLocalStorage run (Stephen Belanger) #39890
[00951827cd] - Revert "build: add windows-2022 to GitHub test matrix" (Michaël Zasso) #39982
[e7834535b3] - build: add windows-2022 to GitHub test matrix (Michaël Zasso) #39857
[c49b0c0dd4] - build: add support for Visual Studio 2022 (Michaël Zasso) #39857
[afdb665e57] - build: fix find-inactive-collaborators workflow token (Rich Trott) #39909
[0ff88f362f] - build: update token used for pull requests (Rich Trott) #39907
[beca890330] - build: adapt v8_pch.h to V8 9.3 (Michaël Zasso) #39469
[2170346aa3] - build: reset embedder string to "-node.0" (Michaël Zasso) #39947
[d33ab968ab] - cluster: fix comment regarding child_process file (Yash Ladha) #39308
[585199497f] - crypto: fix regression in RSA-PSS keygen (Tobias Nießen) #39937
[34c627e4bc] - (SEMVER-MINOR) crypto: add RSA-PSS params to asymmetricKeyDetails (Tobias Nießen) #39851
[1dd91582da] - crypto: fix rsa-pss one-shot sign/verify error handling (Filip Skokan) #39830
[20cf47004e] - crypto: fix JWK RSA-PSS SubtleCrypto.exportKey (Filip Skokan) #39828
[e25dc8e470] - deps: upgrade npm to 7.21.1 (npm team) #39904
[9270684837] - deps: update archs files for OpenSSL-1.1.1l+quic (Richard Lau) #39867
[4b5bbec6cc] - deps: upgrade openssl sources to OpenSSL_1_1_1l+quic (Richard Lau) #39867
[71659fd4ba] - (SEMVER-MINOR) deps: add corepack (Maël Nison) #39608
[7470db0dfb] - deps: restore minimum ICU version to 68 (Michaël Zasso) #39470
[92d83d18d2] - deps: make V8 9.3 abi-compatible with 9.0 (Michaël Zasso) #39947
[0140face81] - deps: V8: cherry-pick 00bb1a7 (Darshan Sen) #39829
[3e1053e755] - deps: V8: cherry-pick 81814ed (Stephen Belanger) #39719
[d9d0104878] - deps: silence irrelevant V8 warning (Michaël Zasso) #38990
[cd9b03ea40] - deps: silence irrelevant V8 warnings (Michaël Zasso) #37587
[b83cab712f] - deps: fix V8 build issue with inline methods (Jiawen Geng) #35415
[068824d754] - deps: make v8.h compatible with VS2015 (Joao Reis) #32116
[54f4f1af50] - deps: V8: forward declaration of Rtl*FunctionTable (Refael Ackermann) #32116
[10ba1cb8b2] - deps: V8: patch register-arm64.h (Refael Ackermann) #32116
[3ce6f72124] - deps: V8: un-cherry-pick bd019bd (Refael Ackermann) #32116
[f43c292520] - (SEMVER-MINOR) deps: update V8 to 9.3.345.16 (Michaël Zasso) #39947
[9e782eb758] - doc: remove {C,Dec}ompressionStream documentation (Luigi Pinca) #39899
[7857e9cc77] - doc: add descriptions about when options.mode is ignored (Ray) #39881
[d43b555047] - doc: remove danbev from TSC member list (Daniel Bevenius) #39978
[fc01dd916e] - doc: add missing changes to generateKeyPair(Sync) (Tobias Nießen) #39963
[953f2e9f88] - doc: add nodejs/tweet issue creation to sec. doc (Daniel Bevenius) #39940
[29c4b07716] - doc: update WASI example to use import.meta.url (Guy Bedford) #39925
[9eb4a70c14] - doc: move reference to OpenSSL flags SSL_OP_* (Tobias Nießen) #39935
[8ea4befc82] - doc: add docs for duplex.allowHalfOpen property (Tim Perry) #39126
[bc2b73ec9b] - doc: add FrankQiu to a triager (FrankQiu) #39922
[8b68f8ec38] - doc: add VoltrexMaster to triagers (voltrexmaster) #39920
[3a8f77ac0d] - doc: document JavaScript tool for benchmark comparison (Michaël Zasso) #39835
[4ac703ca8e] - doc: add Mesteery to triagers (Mestery) #39887
[d059a5186b] - doc: update maintaining openssl guide (Richard Lau) #39878
[486150580c] - doc: move ERR_WORKER_UNSPPORTED_EXTENSION to legacy (Qingyu Deng) #39788
[a4b8c13798] - events: protect property defs against prototype polution (James M Snell) #39773
[cfbe9065ae] - events: add brand checks for detached accessors (James M Snell) #39773
[112af69194] - fs: add docs and tests for AsyncIterable support in fh.writeFile (Antoine du Hamel) #39836
[402071bc45] - meta: remove duplicate AUTHORS entry for NigelKibodeaux (Rich Trott) #39967
[3588f07603] - meta: add mailmap entry for Ethan-Arrowood (Rich Trott) #39930
[259e0cf4d7] - meta: add mailmap entry for branisha (Rich Trott) #39889
[bc236a6714] - meta: update .mailmap to remove duplicate AUTHORS entry for addaleax (Rich Trott) #39880
[20da0a5379] - (SEMVER-MINOR) module: support pattern trailers (Guy Bedford) #39635
[879dc4658e] - src: remove usage of AllocatedBuffer from src/node_buffer.cc (Darshan Sen) #39941
[79ce096470] - src: remove extra semicolons outside fns (Shelley Vohr) #39800
[cb44781371] - (SEMVER-MINOR) stream: add stream.compose (Robert Nagy) #39029
[ca9b781d20] - test: use assert.match instead of regexp.test (Michaël Zasso) #39928
[007e2855af] - test: use error code mapping in place of raw errno (Darshan Sen) #38675
[00529b0ef2] - test: add test to verify other extension can be loaded by worker (Qingyu Deng) #39788
[4e7212c88c] - test: update error message keywords (leeight) #39826
[549d717722] - test: adapt test-fs-read to V8 9.3 (Michaël Zasso) #39469
[644b25e068] - test: adapt test-util-inspect to V8 9.3 (Michaël Zasso) #39469
[105bff9ea5] - test: adapt test-v8-flags to V8 9.3 (Michaël Zasso) #39469
[d92bd9a982] - tools: add support for import assertions in linter (Antoine du Hamel) #39924
[9763561e30] - tools: update gyp-next to v0.10.0 (Michaël Zasso) #39857
[9f105c73fc] - tools: update V8 gypfiles for 9.3 (Michaël Zasso) #39469
[16271d2f50] - worker: remove file extension check (Qingyu Deng) #39788
[3b1ce93e03] - worker: add brand checks for detached MessageEvent accessors (James M Snell) #39773

`v16.8.0`

Compare Source

Notable Changes

[2e90b10f35] - doc: deprecate type coercion for dns.lookup options (Antoine du Hamel) #38906
[a6d50a18a0] - (SEMVER-MINOR) stream: add stream.Duplex.from utility (Robert Nagy) #39519
[af7047a815] - (SEMVER-MINOR) stream: add isDisturbed helper (Robert Nagy) #39628
[66400374de] - (SEMVER-MINOR) util: expose toUSVString (Robert Nagy) #39814

Commits

[90bf247a55] - build: fix update authors commit (Mestery) #39858
[c968372e37] - build: add authors.yml (Tierney Cyren) #35831
[3f284cf65c] - build: add option to hide console window (Cheng Zhao) #39712
[a01e3ab41d] - deps: V8: cherry-pick 00bb1a7 (Darshan Sen) #39829
[cce95c4c5b] - deps: upgrade npm to 7.21.0 (Myles Borins) #39813
[254810a22e] - doc: add duplicate CVE check in sec. release doc (Daniel Bevenius) #39845
[8c50d16712] - doc: improve description of the triagers team (Michaël Zasso) #39833
[c02165d992] - doc: update instructions for cc (Michael Dawson) #39674
[208305fd8f] - doc: move util.toUSVString() outside of deprecated group (Luigi Pinca) #39840
[2e90b10f35] - doc: deprecate type coercion for dns.lookup options (Antoine du Hamel) #38906
[8460a3216c] - doc: deprecate using non-boolean values in the verbatim option (Antoine du Hamel) #38906
[3041d57201] - doc: fix malformed changelog entries (Rich Trott) #39791
[2b02f747c3] - doc: fix lint errors in packages.md (Rich Trott) #39792
[a387600d8f] - doc: add example of self-reference in scoped packages (Jesús Leganés-Combarro 'piranna) #37630
[7a25bf3a6d] - doc: add himadriganguly as a triager (Himadri Ganguly) #39757
[d1900f43ce] - fs: combine require() and destructure (Colin Ihrig) #39806
[158d4464d2] - meta: add gyp as owner of gyp files and tools/gyp (Mary Marchini) #34847
[8fa38500f2] - policy: canonicalize before resolving specifiers (Bradley Farias) #37863
[a7a217be13] - repl: fix tla function hoisting (Don Jayamanne) #39745
[3a8399ee61] - src: return Maybe<bool> from InitializeContextRuntime() (Darshan Sen) #39695
[a704c9dfce] - (SEMVER-MINOR) src: call overload ctor from the original ctor (Darshan Sen) #39768
[0918ea0683] - (SEMVER-MINOR) src: add a constructor overload for CallbackScope (Darshan Sen) #39768
[a6d50a18a0] - (SEMVER-MINOR) stream: duplexify (Robert Nagy) #39519
[af7047a815] - (SEMVER-MINOR) stream: add isDisturbed helper (Robert Nagy) #39628
[f98311a7c8] - tools: update workflow to open a pull request (Rich Trott) #39825
[d33f897509] - tools: use find-inactive-collaborators to modify README.md (Rich Trott) #39825
[d82ee96861] - tools: update gyp-next to v0.9.5 (Jiawen Geng) #39818
[79079ea01b] - tools: fix markdown linting (Rich Trott) #39832
[01093b07cc] - tools: update markdown linter dependencies and move to ESM (Antoine du Hamel) #39801
[9dc0c91392] - tools: update rollup to latest version in markdown linter (Rich Trott) #39797
[c34e2534ab] - tools: update markdown lint dependencies (Rich Trott) #39770
[66400374de] - (SEMVER-MINOR) util: expose toUSVString (Robert Nagy) #39814

`v16.7.0`

Compare Source

Notable Changes

fs:
- experimental: add recursive cp method (Benjamin Coe) #39372

Commits

[a80c989306] - async_hooks: merge resource_symbol with owner_symbol (Darshan Sen) #38468
[69a2a6b6c3] - bootstrap: call _undestroy() inside _destroy for stdout and stderr (Matteo Collina) #39685
[5bc31ea0aa] - buffer: add endings option, remove Node.js specific encoding option (James M Snell) #39708
[091a579275] - (SEMVER-MINOR) buffer: add Blob.prototype.stream method and other cleanups (James M Snell) #39693
[097d898e58] - build: run coverage for inspector protocol changes (Richard Lau) #39725
[cf028df0ed] - build: fix V8 build with pointer compression (Michaël Zasso) #39664
[9d38400de1] - build: exclude markdown files from some GitHub Actions (Rich Trott) #39565
[eeb804a7b7] - build: use lts shorthand in GitHub Actions (Rich Trott) #39538
[93a904d0ba] - (SEMVER-MINOR) crypto: implement webcrypto.randomUUID (Michaël Zasso) #39648
[3321b65a5a] - debugger: prevent simultaneous heap snapshots (Rich Trott) #39638
[6c375e18b6] - debugger: remove undefined parameter (Rich Trott) #39570
[103bf20988] - deps: V8: cherry-pick 81814ed (Stephen Belanger) #39719
[cf5e5b5711] - deps: upgrade to libuv 1.42.0 (Luigi Pinca) #39525
[5f92d2fe6d] - dgram: use simplified validator (Voltrex) #39753
[c7e918b06a] - (SEMVER-MINOR) dns: add "tries" option to Resolve options (Luan Devecchi) #39610
[5d66646b71] - doc: correct cjs code to match mjs code (Raz Luvaton) #39509
[f18bb2a0f1] - doc: fix typo in hmac.paramNames default (Justin) #39766
[338a166e83] - doc: fix fs.rmdir recursive option deprecation history (Antoine du Hamel) #39728
[bfb1dc0a2c] - doc: fixed variable names in queueMicrotask example (ashish maurya) #39634
[08b31f12f8] - doc: change "Version 4 UUID" to "version 4 UUID" (Tobias Nießen) #39682
[f5200f9785] - doc: update debugger.md description and examples (Rich Trott) #39661
[4700f1e529] - doc: fix color contrast issue in light mode (Rich Trott) #39660
[88c83a4698] - (SEMVER-MINOR) doc: add missing change to resolver ctor (Luan Devecchi) #39610
[760cafa5ed] - doc: fix typo in url.md (Howie Zhao) #39666
[9ab5503693] - doc: add point to ask H1 reporter about credit (Daniel Bevenius) #39585
[7514405456] - doc: update min mac ver + move mac arm64 to tier 1 (Ash Cripps) #39586
[d7c8c6dcee] - doc: add missing introduced_in metadata (Richard Lau) #39575
[8072517097] - doc: add code examples to Writable.destroy() and Writable.destroyed (Juan José Arboleda) #39491
[55f47cc2d0] - doc: add String.prototype.at and %TypedArray%.prototype.at (Jordan Harband) #39583
[0c0412e2c4] - doc: move NODE_MODULE_VERSION in release guide (Richard Lau) #39544
[5df74f9b21] - doc: remove outdated ARM information from release guide (Richard Lau) #39544
[8eccb11ea0] - doc: fence command examples in release guide (Richard Lau) #39544
[0bd97e1f2d] - doc: update backport labels in release guide (Richard Lau) #39544
[2129ad6a0a] - doc: add code example to fs.truncate method (Juan José Arboleda) #39454
[3ff5e153ef] - doc: add code example to http.createServer method (Juan José Arboleda) #39455
[7d0c869cfa] - doc: add PerformanceObserver buffered document (legendecas) #39514
[0dc167a03f] - (SEMVER-MINOR) fs: add recursive cp method (Benjamin Coe) #39372
[54dd3df943] - http: decodes url.username and url.password for authorization header (Lew Gordon) #39310
[81e62f67bf] - inspector: update inspector_protocol to 89c4adf (Rich Trott) #39650
[793fee4915] - inspector: update inspector_protocol to 8ec18cf (Rich Trott) #39614
[5afdc1f4c0] - lib: simplify validators (Voltrex) #39753
[ca3cb96d25] - lib: cleanup validation (Voltrex) #39652
[cc08d3062f] - lib: cleanup instance validation (Voltrex) #39656
[2751cdf6f9] - lib: use helper for readability (Voltrex) #39649
[c68415cba2] - lib: use validators (Voltrex) #39663
[be2d60dd1d] - lib: use validator (Voltrex) #39547
[486d51ac0c] - lib: use validateObject (Voltrex) #39605
[058e882a2a] - lib: use ERR_ILLEGAL_CONSTRUCTOR (Mestery) #39556
[07cadc4432] - meta: consolidate AUTHORS entries for ooHmartY (Rich Trott) #39705
[6c788b8030] - meta: consolidate AUTHORS entries for homosaur (Rich Trott) #39705
[07351edebe] - meta: consolidate AUTHORS entries for Ayase-252 (Rich Trott) #39705
[5fe282769b] - meta: consolidate AUTHORS entries for robin-drexler (Rich Trott) #39705
[fc2a626357] - meta: consolidate AUTHORS entries for samshull (Rich Trott) #39705
[67cfc66a47] - meta: update AUTHORS (Rich Trott) #39705
[91008fbdeb] - meta: consolidate email addresses for MarshallOfSound (Rich Trott) #39651
[a76b63536a] - meta: consolidate email addresses for tadjik1 (Rich Trott) #39651
[aaab2095db] - meta: consolidate email addresses for szmarczak (Rich Trott) #39651
[f413a9d83c] - meta: update AUTHORS (Rich Trott) #39636
[7a91d4bfe9] - meta: simplify mailmap (Rich Trott) #39612
[4ec5d2de5d] - meta: consolidate emails for tadhgcreedon (Rich Trott) #39611
[bb88c38eac] - meta: consolidate emails for timcosta (Rich Trott) #39611
[0920a8cf6f] - meta: consolidate emails for timruffles (Rich Trott) #39611
[1474a9d4b1] - meta: update AUTHORS (Rich Trott) #39629
[c59e3ec685] - meta: add mailmap entry for ryzokuken (Rich Trott) #39596
[34f4bb8277] - meta: add mailmap entry for uttampawar (Rich Trott) #39596
[fd213edda2] - meta: add mailmap entry for dmabupt (Rich Trott) #39596
[6b664e224b] - meta: align README/.mailmap/AUTHORS email entries (Rich Trott) #39505
[96d8ecbd66] - meta: add mailmap entry for garygsc (Rich Trott) #39588
[16d85f3f48] - meta: add mailmap entry for ttzztztz (Rich Trott) #39588
[60ab111fdb] - meta: update AUTHORS (Rich Trott) #39587
[b43f87d729] - meta: update .mailmap to remove duplication in AUTHORS (Rich Trott) #39561
[6f4a2aa5a4] - meta: add .mailmap entries to remove AUTHORS duplicates (Rich Trott) #39560
[86d144c500] - meta: add .mailmap entry to remove duplication in AUTHORS (Rich Trott) #39559
[110c088f02] - meta: update collaborator email in AUTHORS/.mailmap (Rich Trott) #39521
[72af147bb5] - meta: update collaborator email in README (Rich Trott) #39521
[23bc4cfb21] - meta: update collaborator email in AUTHORS/.mailmap (Rich Trott) #39521
[e4289728c7] - meta: move gdams to emeritus (Rich Trott) #39539
[4df59bc727] - module: add some typings to internal/modules/esm/resolve (Antoine du Hamel) #39504
[b5858589d0] - node-api: handle pending exception in cb wrapper (Michael Dawson) #39476
[016b7ba616] - perf_hooks: fix PerformanceObserver gc crash (James M Snell) #39550
[b37575b67c] - perf_hooks: fix performance timeline wpt failures (legendecas) #39532
[64c02eb3cc] - (SEMVER-MINOR) perf_hooks: web performance timeline compliance (legendecas) #39297
[7ff21397d6] - policy: fix integrity when DEFAULT_ENCODING is set (Tobias Nießen) #39750
[03be967cad] - src: fix TextDecoder final flush size calculation (James M Snell) #39737
[9046e78943] - src: fix crash in AfterGetAddrInfo (Anna Henningsen) #39735
[2a00ef5ede] - (SEMVER-MINOR) src: fix align in cares_wrap.h (Luan) #39610
[60a2b31c68] - src: add cosmetic space character to async_wrap.h file (Juan José Arboleda) #39459
[cd9b0bf68c] - stream: ensure text() stream consumer flushes correctly (James M Snell) #39737
[f57a0e4d8b] - (SEMVER-MINOR) stream: utility consumers for web and node.js streams (James M Snell) #39594
[975edf5330] - stream: clean endWritableNT (Mestery) #39645
[9e38fc6757] - (SEMVER-MINOR) stream: add readableDidRead if has been read from (Robert Nagy) #39589
[a5ded4a85a] - test: use simplfied validator (voltrexmaster) #39753
[53cf53c95a] - (SEMVER-MINOR) test: enable blob.prototype.stream tests (James M Snell) #39693
[7e9884598f] - test: update WPT abort tests (Michaël Zasso) #39697
[94381fbdf5] - test: update WPT common and resources (Michaël Zasso) #39697
[34a041a846] - test: fix test-debugger-heap-profiler for workers (Richard Lau) #39687
[9f5acfa90e] - test: increase memory for coverage action (Benjamin Coe) #39690
[0be15cedc4] - test: use template to concatenate string (Himadri Ganguly) #39621
[952a5282e2] - (SEMVER-MINOR) test: pull Web Platform Tests for WebCryptoAPI (Michaël Zasso) #39648
[3622fb1e03] - test: deflake test-http2-buffersize (Luigi Pinca) #39591
[1962c7c7b3] - test: convert anonymous function to arrow function (Himadri Ganguly) #39604
[635e1a0274] - test: add test-debugger-breakpoint-exists (Rich Trott) #39570
[cff2aea5df] - test: add known issues test for debugger heap snapshot race (Rich Trott) #39557
[5e1011238a] - tools: bump remark-preset-lint-node to 3.0.0 (Rich Trott) #39755
[eb741253fd] - tools: update path-parse in markdown linter package-lock file (Rich Trott) #39729
[52a172f983] - tools: fix more build warnings in inspector_protocol (Richard Lau) #39725
[77f9c1fa98] - tools: cherry-pick ffb34b6 (Darshan Sen) #39725
[b9510d21c9] - tools: update inspector_protocol to e8ba1a7 (Rich Trott) #39694
[8d509d8773] - tools: update inspector_protocol to 39ca567 (Rich Trott) #39694
[ee7142fa37] - tools: update inspector_protocol to 97d3146 (Rich Trott) #39694
[c6323d847d] - Revert "tools: fix compiler warning in inspector_protocol" (Rich Trott) #39694
[6e19c166e4] - tools: update inspector_protocol to a53e96d (Rich Trott) #39694
[61c53f39d2] - tools: update inspector_protocol to fe0467f (Rich Trott) #39694
[b1b6f20353] - tools: improve error detection in find-inactive-collaborators (Rich Trott) #39617
[d1360fcf48] - tools: update ESLint to 7.32.0 (Luigi Pinca) #39602
[af1c782cad] - tools: update ESLint to 7.31.0 (Colin Ihrig) #39424
[37dda19461] - (SEMVER-MINOR) url,buffer: implement URL.createObjectURL (James M Snell) #39693
[dcab88ad38] - worker: add brand checks for detached properties/methods (James M Snell) #39763

`v16.6.2`

Compare Source

This is a security release.

Notable Changes

CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
- Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
- Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930.
CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
- If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.

Commits

[054537cdc2] - deps: update c-ares to 1.17.2 (Beth Griggs) #39724
[ac544905b6] - deps: reflect c-ares source tree (Beth Griggs) #39653
[a914b23cbc] - deps: apply missed updates from c-ares 1.17.1 (Beth Griggs) #39653
[31d5773654] - http2: add tests for cancel event while client is paused reading (Akshay K) #39622
[a3c33d4ce7] - http2: update handling of rst_stream with error code NGHTTP2_CANCEL (Akshay K) #39622
[6c7fff6f1d] - tls: validate "rejectUnauthorized: undefined" (Matteo Collina) nodejs-private/node-private#276

`v16.6.1`

Compare Source

Notable Changes

Updated npm to 7.20.3 (npm team) #39579
Reverted an ABI-breaking change from V8 9.2 that could impact some native modules (Michaël Zasso) #39624
Fixed a bug in error handling known to affect at least Webpack and Jest (Guy Bedford) #39593

Commits

[6c769ccedf] - build: override python executable path on configure (legendecas) #39465
[cbf6a01c17] - crypto: fix generateKeyPair with encoding 'jwk' (himself65) #39319
[3091295609] - deps: revert ABI-breaking change from V8 9.2 (Michaël Zasso) #39624
[06d7b8e8c8] - deps: upgrade npm to 7.20.3 (npm team) #39579
[7b612fadc2] - doc: fix crypto.hkdf callback derivedKey type (Filip Skokan) #39453
[7a731efd97] - doc,lib,test: rename HKDF 'key' argument (Tobias Nießen) #39474
[93bbaa0ce9] - module: fix ERR_REQUIRE_ESM error for null frames (Guy Bedford) #39593
[e13162de09] - module: refine enrichCJSError (Antoine du Hamel) #39507
[815fbec6f1] - repl: do not include legacy getter/setter methods in completion (Anna Henningsen) #39576
[0405c8d3f0] - zlib: avoid converting Uint8Array instances to Buffer (Antoine du Hamel) #39492

`v16.6.0`

Compare Source

This is a security release.

Notable Changes

Say hello to V8 9.2

The V8 engine is updated to version 9.2.230.21.

It notably introduces the new Array.prototype.at method (also on Typed Arrays and strings):

const array = [1, 2, 3];

console.log(array.at(-1));
// Prints: 3

Contributed by Michaël Zasso - #39470

Other notable changes

CVE-2021-22930: Use after free on close http2 on stream canceling (High) - #39423
- Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
[f93d2ac587] - inspector: mark as stable (Gireesh Punathil) #37748
[89b4770d5c] - punycode: add pending deprecation (Antoine du Hamel) #38444
[b67214fe31] - (SEMVER-MINOR) repl: enable --experimental-repl-await /w opt-out (hemanth.hm) #34733

Commits

[b5248d4000] - async_hooks: emit promise trace events from JS (Stephen Belanger) #39135
[e18778d409] - async_hooks: eliminate native PromiseHook (Stephen Belanger) #39135
[90b9bb1a7d] - build: use Node.js 14 in commit-lint.yml (Rich Trott) #39506
[5182e26f14] - build: reset embedder string to "-node.0" (Michaël Zasso) #39470
[e1910ef290] - build: fix host_arch_cc() for AIX/IBM i (Richard Lau) #39481
[ce2011b7a1] - build: update coverage Makefile target comments (Richard Lau) #39365
[6b055f17b6] - build: run workflows when a MR is ready for review (Michaël Zasso) #39405
[25f45d5018] - build: update to setup-node@v2 (Rich Trott) #39366
[a7472576d7] - build: add library_files to gyp variables (himself65) #39293
[d16d36f1c2] - crypto: support Big(U)Int64Array in getRandomValues (Michaël Zasso) #39443
[95db54482a] - debugger: validate sec-websocket-accept response header (Chris Opperwall) #39357
[3751b92fa2] - debugger: rename internal module (Rich Trott) #39378
[0e5eb8b17d] - deps: restore minimum ICU version to 68 (Michaël Zasso) #39470
[e8da1f25fb] - (SEMVER-MINOR) deps: make V8 9.2 abi-compatible with 9.0 (Michaël Zasso) #39470
[a93e6ef777] - deps: V8: backport 5c76da8 (Michaël Zasso) #39337
[d612544199] - deps: V8: cherry-pick 359d44d (Michaël Zasso) #39337
[c6ec2b4817] - deps: V8: cherry-pick 3805a69 (Michaël Zasso) #39337
[e6b84dfe84] - deps: V8: cherry-pick 56fe020 (Michaël Zasso) #39337
[2393fae427] - deps: V8: cherry-pick 2b77ca2 (Michaël Zasso) #39337
[c8e7d80475] - deps: V8: cherry-pick 53784bd (Michaël Zasso) #39337
[65062b3e0d] - deps: V8: cherry-pick 7ff6609 (Michaël Zasso) #38990
[c3efc70df7] - deps: V8: cherry-pick a5cea1b (Michaël Zasso) #38990
[201da87bc1] - deps: V8: cherry-pick 9862992 (Richard Lau) #38990
[794ad2e016] - deps: V8: backport 71e8f8b (Michaël Zasso) #38990
[53cc6c8000] - deps: V8: cherry-pick 3d24b3a (Michaël Zasso) #38990
[7f7cb8bfe1] - deps: silence irrelevant V8 warning (Michaël Zasso) #38990
[16cbd8c8b6] - deps: silence irrelevant V8 warnings (Michaël Zasso) #37587
[98150e2bc6] - deps: fix V8 build issue with inline methods (Jiawen Geng) #35415
[3f3e167fea] - deps: make v8.h compatible with VS2015 (Joao Reis) #32116
[785b8990de] - deps: V8: forward declaration of Rtl*FunctionTable (Refael Ackermann) #32116
[38cb655f04] - deps: V8: patch register-arm64.h (Refael Ackermann) #32116
[9082ecef66] - deps: V8: un-cherry-pick bd019bd (Refael Ackermann) #32116
[6114198717] - (SEMVER-MINOR) deps: update V8 to 9.2.230.21 (Michaël Zasso) #39470
[89796d0c7f] - deps: bump HdrHistogram_C to 0.11.2 (Matteo Collina) #39462
[9dd232c42b] - deps: update to cjs-module-lexer@1.2.2 (Guy Bedford) #39402
[626eb07fda] - deps: extract gtest source files to deps/googletest (legendecas) #39386
[487c45ffd9] - doc: move lball@redhat.com to emeritus (Lance Ball) #39501
[5f84f47e13] - doc: update AUTHORS (Rich Trott) #39488
[1d27ae1514] - doc: update strategic initiative champion (Rich Trott) #39487
[e552b1a791] - doc: improve node.js+fips instructions (Benjamin Mayr) #39390
[aa1dfb3111] - doc: simplify unnecessarily specific .mailmap entries (Rich Trott) #39430
[ae69656c61] - doc: update checkbox label in backporting guide (Darshan Sen) #39420
[4fd8db687d] - doc: remove _Addenda_ from headers (Rich Trott) #39427
[cefd2fb1e4] - doc: simplify .mailmap file (Rich Trott) #39418
[ade2eed9a6] - doc: fix broken internal link in http.md (Rich Trott) #39425
[5fdfcc069f] - doc: remove outdated step in onboarding exercise (Rich Trott) #39410
[94706c7012] - doc: revise strategic initiatives text (Rich Trott) #39417
[9932e3589c] - doc: remove typo (extra ' character) (Nikita Rykov) #39414
[2b92b4ea2d] - doc: update mailmap and AUTHORS (Rich Trott) #39393
[6d6396594b] - doc: use a details tag for completed initiatves (Rich Trott) #39416
[ac43e3331c] - doc: update commit-queue.md to indicate GitHub Actions are checked (Rich Trott) #39411
[75130c94d1] - doc: use _pull request_ instead of _MR_ in onboarding doc (Rich Trott) #39409
[20bb3f6df0] - doc: add strategic initiatives from TSC repo (Rich Trott) #39394
[6979313abb] - doc: standardize on _pull request_ (Rich Trott) #39384
[20124cc275] - doc: make minor edits to pull request text (Rich Trott) #39383
[11482f02cf] - doc: add docker-node and build-wg issue contents (Daniel Bevenius) #39215
[c535956b6e] - doc: add instructions for core vuln files (Daniel Bevenius) #39220
[353a8bb27b] - doc: standardize on not capitalizing _collaborator_ (Rich Trott) #39379
[9b15e5c155] - doc: update mailmap and deduplicate AUTHORS entry (Rich Trott) #39391
[e44ccd9aad] - doc: update AUTHORS (Rich Trott) #39367
[39e6536a87] - doc: move jdalton to emeritus (Rich Trott) #39380
[bbff5a9e47] - doc: edit guide on pull requests (Rich Trott) #39359
[902ef9aca0] - doc,meta: update email addresses for misterdjules (Rich Trott) #39433
[cc7b61721c] - doc,tools: remove checkLinks.mjs (Antoine du Hamel) #39206
[e2fd015cda] - domain: do not add domain to promise from other context (Stephen Belanger) #39135
[93eff3f5a6] - esm: refine ERR_REQUIRE_ESM errors (Guy Bedford) #39175
[1fb0954202] - events: allow an event to be dispatched multiple times (Luigi Pinca) #39395
[6f2989c346] - events: allow the options argument to be null (Luigi Pinca) #39486
[72ad6d3f27] - fs: check closing_ in FileHandle::Close (James M Snell) #39472
[8b58e574ba] - fs: fix FileHandle::ClosePromise to return persisted Promise (James M Snell) #39331
[9d950a0956] - http2: on receiving rst_stream with cancel code add it to pending list (Akshay K) #39423
[19e9accf91] - inspector: mark as stable (Gireesh Punathil) #37748
[e4331cd43d] - lib: comment explaining special-case handling of promises (Stephen Belanger) #39135
[0a47f5fc54] - meta: update collaborator email in README (Rich Trott) #39510
[65020110e8] - meta: remove unneeded .mailmap entry (Rich Trott) #39512
[864ef11be8] - meta: update email address for collaborator (Rich Trott) #39511
[d3f58cb650] - meta: align collaborator name in .mailmap/AUTHORS with README (Rich Trott) #39489
[5f9b2187a1] - meta: align email address in README/.mailmap/AUTHORS (Rich Trott) #39503
[9fbe3f6b49] - meta: revise .mailmap for README consistency (Rich Trott) #39457
[f6fbb38924] - meta: alphabetize .mailmap file (Rich Trott) #39434
[dc9c6aa428] - meta: align collaborator email in .mailmap/AUTHORS with README (Rich Trott) #39478
[febeb0df16] - meta: update AUTHORS (Rich Trott) #39461
[d059ed9242] - meta: add .mailmap entry for new email for existing contributor (Rich Trott) #39431
[cdf7251370] - process: add api to enable source-maps programmatically (legendecas) #39085
[eccc9a6578] - punycode: add pending deprecation (Antoine du Hamel) #38444
[a082a705b3] - (SEMVER-MINOR) repl: enable --experimental-repl-await /w opt-out (hemanth.hm) #34733
[b230ac12d9] - src: stop using deprecated v8::ApiObject (Michaël Zasso) #38990
[929205e6b9] - src: use non-deprecated Symbol::Description (Michaël Zasso) #38990
[42ff6d952a] - src: print native module id on native module not found (legendecas) #39460
[f0287e52aa] - src: close HandleWraps instead of deleting them in OnGCCollect() (Anna Henningsen) #39441
[2cf52f8db1] - src: set SSL_OP_ALLOW_CLIENT_RENEGOTIATION (Daniel Bevenius) #38753
[fc138376aa] - src: remove unused guards around node-api reference (legendecas) #38334
[26ada4971c] - stream: import internal/util/types instead (James M Snell) #39331
[e91053a465] - stream: implement TextEncoderStream and TextDecoderStream (James M Snell) #39347
[efe74746f0] - stream: fixup property definition to avoid prototype polution (James M Snell) #39371
[4709da0372] - test: ensure microtask queues are not automatically drained (Jochen Eisinger) #38990
[86ca9a8a80] - test: remove test-debug-args (Michaël Zasso) #38990
[bbcd651cfd] - test: update trace events test expectations (Michaël Zasso) #38990
[039f64f249] - test: fix WASI link test (Richard Lau) #39485
[b1d38ddc8a] - test: update OpenSSL3 error messages for beta-1 (Daniel Bevenius) #39437
[db4f802fba] - Revert "test: skip tests for openssl-3.0.0-alpha15" (Daniel Bevenius) #39437
[a30d021b94] - test: add test for WebSocket secret verification in debugger (Rich Trott) #39357
[04355afd24] - test: add NumberFormat resolvedOptions test (Richard Lau) #39401
[d0fb02c26a] - test: put common lint exceptions into config file (Rich Trott) #39358
[259d091366] - test: mark test-domain-error-types flaky (James M Snell) #39369
[5517769472] - tools: fetch googletest dependency for V8 CI (Michaël Zasso) #38990
[5fe74aa403] - tools: update V8 gypfiles for 9.2 (Michaël Zasso) #38990
[e58cf4e44c] - tools: flag README/mailmap mismatches in find-inactive-collaborators (Rich Trott) #39477
[0a46e66253] - tools: use mailmap for find-inactive-collaborators (Rich Trott) #39432
[7570f998df] - tools: email matchin is case insensitive for .mailmap (Rich Trott) #39430
[5c11a0279d] - tools: make internal link checker more robust (Rich Trott) #39429
[4c32aa02db] - tools: added remark-frontmatter (Ben Halverson) #38717
[c6a7c3d00d] - tools: fix broken link hash (Rich Trott) #39426
[0f1d51578e] - tools: change commit fetch limiting in find-inactive-collaborators (Rich Trott) #39362
[e5d64473e8] - tools: use Node.js 16.x for GitHub workflow (Rich Trott) #39362
[68fd6d5282] - url: prevent pathname setter from erasing path of path-only URLs (Darshan Sen) #39060

`v16.5.0`

Compare Source

Notable Changes

Experimental Web Streams API

Node.js now exposes an experimental implementation of the Web Streams API.

While it is experimental, the API is not exposed on the global object and is only accessible using the new stream/web core module:

import { ReadableStream, WritableStream } from 'stream/web';
// Or from 'node:stream/web'

Importing the module will emit a single experimental warning per process.

The raw API is implemented and we are now working on its integration with various existing core APIs.

Contributed by James M Snell - #39062

Other notable changes

[83f3b959f9] - (SEMVER-MINOR) fs: allow empty string for temp directory prefix (Voltrex) #39028
[c04fd2bb97] - deps: upgrade npm to 7.19.1 (npm team) #39225

Commits

[aafa08d7b9] - bootstrap: load perf_hooks eagerly during bootstrap (Joyee Cheung) #38971
[6e46eb186c] - bootstrap: support perf hooks in snapshot (Joyee Cheung) #38971
[10681828ac] - build: update gcovr for gcc 8 compatibility (Richard Lau) #39326
[8381132f76] - build: add riscv into host_arch_cc (Lu Yahan) #39004
[a7ba21864d] - build: restore libplatform headers in distribution (Jeroen Ooms) #39288
[41161eabf2] - build: remove unused comment in Makefile (LitoMore) #39171
[f6a1092471] - build: allow to build riscv64 using Makefile (Makoto Kato) #39048
[a7cd40ed8d] - build: uvwasi honours node_shared_libuv (Jérémy Lal) #39260
[3ed04994b7] - build: shorten path used in tarball build workflow (Richard Lau) #39192
[65b56b3774] - build: fix building with external builtins (Momtchil Momtchev) #39091
[412b1012d2] - build: pass directory instead of list of files to js2c.py (Joyee Cheung) #39069
[171ca6bb3c] - build: don't pass --mode argument to V8 test-runner (Richard Lau) #39055
[cf8536ea3f] - build: fix commit linter on unrebased MRs (Mary Marchini) #39121
[cf0533b8b2] - build: use Actions to validate commit message (Mary Marchini) #32417
[4202274851] - crypto: move OPENSSL_IS_BORINGSSL guard (Shelley Vohr) #39136
[89f5a73ba5] - crypto: use compatible ecdh function (Shelley Vohr) #39054
[30e878b603] - crypto: add OPENSSL_IS_BORINGSSL guard (Shelley Vohr) #39138
[630266cba2] - debugger: indicate server is ending (Rich Trott) #39334
[48d9680f84] - debugger: remove final lint exceptions in inspect_repl.js (Rich Trott) #39078
[4507714f9d] - deps: V8: backport 5c76da8 (Michaël Zasso) #39337
[0e64bd0dd6] - deps: V8: cherry-pick 359d44d (Michaël Zasso) #39337
[142ce6838b] - deps: V8: cherry-pick 3805a69 (Michaël Zasso) #39337
[2657c305cb] - deps: V8: cherry-pick 56fe020 (Michaël Zasso) #39337
[5c5a93e533] - deps: V8: cherry-pick 2b77ca2 (Michaël Zasso) #39337
[cf49ebb052] - deps: V8: cherry-pick 53784bd (Michaël Zasso) #39337
[3d351b29c1] - deps: V8: cherry-pick cb4faa9 (Michaël Zasso) #39337
[165130a3e0] - deps: patch V8 to 9.1.269.38 (Michaël Zasso) #39196
[c04fd2bb97] - deps: upgrade npm to 7.19.1 (npm team) #39225
[bf4c50f9d9] - deps: upgrade npm to 7.19.0 (npm team) #39148
[8630b39376] - deps: update Acorn to v8.4.1 (Michaël Zasso) #39166
[38ae4077c7] - doc: fix typos in Web Streams API documentation (Tobias Nießen) #39351
[fb6616ecbb] - doc: add text about moving long commit lists out of MR description (Danielle Adams) #39186
[29c9cc8f03] - doc: do not use & for "and" in text (Rich Trott) #39345
[0b3b2695bc] - doc: do not use tilde for "about" or "approximately" (Rich Trott) #39344
[64a185e595] - doc: use consistent abbreviation formatting (Rich Trott) #39343
[2573bf5116] - doc: update AUTHORS (Rich Trott) #39277
[63b6084724] - doc: put information about the past in details tags (Rich Trott) #39321
[e26635085a] - doc: replace outdated util.promisify timer examples with references (foxxyz) #39164
[d101a85e36] - doc: move AndreasMadsen to emeritus (Rich Trott) #39315
[2d552a32d6] - doc: move ofrobots to collaborator emeritus (Rich Trott) #39307
[131d676f64] - doc: simplify CRAN mirror text in benchmark guide (Rich Trott) #39287
[c92b80e631] - doc: use "repository" instead of "repo" in onboarding.md (Rich Trott) #39286
[81df9b1e92] - doc: update collaborator email address (Rich Trott) #39263
[b8860f35c9] - doc: remove GitHub mark (Rich Trott) #39251
[f06ebf1775] - doc: remove emailing the TSC from offboarding doc (Rich Trott) #39280
[175a6569f4] - doc: add annotation to writeFile data as Object (Jacob) #39167
[4d53c63c22] - doc: fix boldface punctuation for full sentences (Rich Trott) #39278
[146f733f43] - doc: fix constants usage in fs.access example (Cyrille Bourgois) #39289
[eacee0ab17] - doc: use "repository" in guides versus repo (Michael Dawson) #39198
[04bcfcfff1] - doc: update Node-api version matrix (Michael Dawson) #39197
[4dd6ab389a] - doc: remove onboarding-extras (Rich Trott) #39252
[a01dacfdcd] - doc: move Sam Ruby to emeritus (Rich Trott) #39264
[2bb3713b74] - doc: update AUTHORS file (Rich Trott) #39250
[2227c1368f] - doc: fix color contrast for anchor marks in dark mode (Rich Trott) #39168
[f8cdaad9d4] - doc: rename datatypes to data types (FrankEntriken) #39209
[250024eaec] - doc: normalize CSS variable names and indentation (Rich Trott) #39199
[db74a35348] - doc: remove unnecessary module format comments (Rich Trott) #39219
[24a1f7ec84] - doc: use more consistent formatting for deprecations (Rich Trott) #39218
[24c0d7d872] - doc: update AUTHORS (Rich Trott) #39217
[3e5ed72b0a] - doc: use "pull request" instead of "MR" in packages.md (Rich Trott) #39213
[ddc24b2105] - doc: move v8.stopCoverage() to expected location in doc (Rich Trott) #39212
[68c334c8c9] - doc: move vm.measureMemory() to expected location in doc (Rich Trott) #39211
[81d52d7c79] - doc: fix CHANGELOG.md formatting (Richard Lau) #39223
[9c3a5fd53e] - doc: add cc oss-security@lists.openwall.com (Daniel Bevenius) #39191
[07ba2875ae] - doc: remove instructions for unsupported Node.js versions (Rich Trott) #39185
[482851f647] - doc: remove obsolete cc recommendations (Rich Trott) #39181
[8311b29083] - doc: use "repository" in maintaining-V8 doc (Rich Trott) #39179
[952580e1bf] - doc: fix broken link in errors.md (Rich Trott) #39200
[af1e1dba36] - doc: correct JavaScript primitive value names in n-api.md (legendecas) #39129
[00728d1301] - doc: apply logical ordering to CSS variables (Rich Trott) #39169
[aec2744e14] - doc: remove file name from self-reference links (Antoine du Hamel) #39165
[74bb915178] - doc: use repository instead of repo (Rich Trott) #39157
[a669a191a1] - doc: use ASCII order for md refs (Antoine du Hamel) #39170
[21e8720155] - doc: fix EventTarget.dispatchEvent docs (Rohan Sharma) #39127
[90ec7660bc] - doc: update AUTHORS file (Rich Trott) #39082
[81cebec5cc] - doc: esm examples /w imports for process, Buffer (Guy Bedford) #39043
[c1588887a6] - doc: fix napi_default_property name (Davidson Francis) #39104
[a440f6c69c] - doc: fix dead links in packages.md (Michaël Zasso) #39113
[33cad271c5] - errors: remove eager stack generation for node errors (Gus Caplan) #39182
[ac05a0a8a3] - errors: don't throw TypeError on missing export (Benjamin Coe) #39017
[83f3b959f9] - (SEMVER-MINOR) fs: allow empty string for temp directory prefix (Voltrex) #39028
[ac7184d8c7] - http: clean up HttpParser correctly (Tobias Koppers) #39292
[35331cbd13] - http,https: align server option of https with http (Qingyu Deng) #38992
[29194d4f88] - inspector: move inspector async hooks to environment (Joyee Cheung) #39112
[ecf627a9af] - lib: rename TransferedReadableStream etc (Tobias Nießen) #39352
[0e55cb72df] - lib: make lazyDOMException more common (Khaidi Chu) #39105
[cfd96aa8f9] - meta: fix tls code owners (Robert Nagy) #39355
[e5c2d80560] - meta: use form schema for bug report template (Michaël Zasso) #39194
[bd472daf0c] - meta: add @nodejs/actions as CODEOWNERS (Mary Marchini) #39119
[63f87027e3] - node-api: cctest on v8impl::Reference (legendecas) #38970
[7ea98fbccd] - perf_hooks: refactor perf_hooks for snapshot building (Joyee Cheung) #38971
[20cc8ec2af] - readline: allow completer to rewrite existing input (Anna Henningsen) #39178
[b168ec2a2a] - repl: processTopLevelAwait fallback error handling (ejose19) #39290
[a101fe68ad] - repl: correctly hoist top level await declarations (ejose19) #39265
[d441d91450] - repl: ensure correct syntax err for await parsing (Guy Bedford) #39154
[9184259a54] - src: add JSDoc typings for v8 (Voltrex) #38944
[66553feeba] - src: compare IPv4 addresses in host byte order (Colin Ihrig) #39096
[ea8d83bf59] - src,crypto: fix 0-length output crash in webcrypto (Khaidi Chu) #38913
[683c995001] - src,zlib: tighten up Z_*_WINDOWBITS macros (Khaidi Chu) #39115
[cb32f69e00] - stream: cleanup async handling (Robert Nagy) #39329
[1fc6382942] - stream: don't emit prefinish after error or close (Robert Nagy) #39332
[35b6669e13] - stream: use finished for pump (Robert Nagy) #39203
[9af62a1357] - (SEMVER-MINOR) stream: implement WHATWG streams (James M Snell) #39062
[0bb980aeaf] - test: remove eslint-disable comment from fixture file (Rich Trott) #39320
[21f77031fb] - test: move debugger test case to parallel (Rich Trott) #39300
[0ec93a1fc1] - test: use common.PORT instead of hardcoded port number (Rich Trott) #39298
[11a8b81caf] - test: remove debugger workaround for AIX (Rich Trott) #39296
[8e77aa23f1] - test: add test for debugger restart message issue (Rich Trott) #39273
[13755599e1] - test: remove workaround code in debugger test (Rich Trott) #39238
[1f31e3c774] - test: remove checks for armv6 (Rich Trott) #39162
[d486d0117c] - test: move test-debugger-address to parallel (Rich Trott) #39236
[cdc7a19f48] - test: remove common.enoughTestCpu (Rich Trott) #39161
[cc32365f56] - (SEMVER-MINOR) test: add WPT streams tests (James M Snell) #39062
[fff21a4afb] - test: replace "inspector-cli" with "debugger" (Rich Trott) #39156
[df17c62818] - test: use localhost test instead of connecting to remote (Adam Majer) #39011
[dfe99d2aac] - tls: move legacy code into own file (Robert Nagy) #39333
[f338fddbb0] - tools: add GitHub Action to run find-inactive-collaborators.mjs (Rich Trott) #39335
[b3a0dd1e4a] - tools: pass bot token to node-pr-labeler (Michaël Zasso) #39271
[b56a3d9009] - tools: update gyp-next to v0.9.3 (Jiawen Geng) #39291
[3cd9f5e298] - tools: add find-inactive-collaborators.js (Rich Trott) #39262
[0673ede3ad] - tools: take ownership of deps/v8/tools/node (Michaël Zasso) #39222
[cb8c6ffbce] - tools: update ESLint to 7.30.0 (Colin Ihrig) #39242
[d5113f9e34] - tools: remove armv6 from test tools (Rich Trott) #39162
[802d9c4488] - tools: update path-parse to 1.0.7 (Rich Trott) #39232
[ab9ccd014c] - tools: remove unused lint-pr-commit-message.sh (Richard Lau) #39120
[6200f3b35f] - tools: update @babel/eslint-parser to 7.14.7 (Rich Trott) #39160
[dfe5d1139c] - tools: update remark-preset-lint-node to 2.4.1 (Rich Trott) #39201
[4715105581] - tools: upgrade highlight.js to version 11.0.1 (Antoine du Hamel) #39032
[2481ddd08d] - tools,doc: fix error message for unrecognized type (Antoine du Hamel) #39221
[adb812c042] - typings: add a few JSDoc typings for the net lib module (nerdthatnoonelikes) #38953
[29673b8ac8] - typings: add JSDoc typings for timers (Voltrex) #38834
[fe1c81f247] - wasi: use missing validator (Voltrex) #39070

`v16.4.2`

Compare Source

Notable Changes

Node.js 16.4.1 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows installer.

Commits

[76e709ec63] - win,msi: use localized "Authenticated Users" name (Richard Lau) #39241

`v16.4.1`

Compare Source

This is a security release.

Notable Changes

Vulnerabilities fixed:

CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
- Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
- Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921

Commits

[d33aead28b] - deps: uv: cherry-pick 99c29c9 (Ben Noordhuis) nodejs-private/node-private#267
[2690907b81] - win,msi: set install directory permission (AkshayK) nodejs-private/node-private#269

`v16.4.0`

Compare Source

Notable changes

async_hooks:
- stabilize part of AsyncLocalStorage (Vladimir de Turckheim) #37675
deps:
- upgrade npm to 7.18.1 (npm team) #39065
- update V8 to 9.1.269.36 (Michaël Zasso) #38273
dns:
- allow --dns-result-order to change default dns verbatim (Ouyang Yadong) #38099

Commits

[d2b972ee52] - async_hooks: check for empty contexts before removing (Bryan English) #39095
[03e75fda4c] - async_hooks: switch between native and context hooks correctly (Stephen Belanger) #38912
[8115e6ee6d] - (SEMVER-MINOR) async_hooks: stabilize part of AsyncLocalStorage (Vladimir de Turckheim) #37675
[5f51729014] - bootstrap: move event loop handle checking into snapshot builder (Joyee Cheung) #39007
[9d100aa269] - bootstrap: split NodeMainInstance::Run() (Joyee Cheung) #39007
[2aaf2f231f] - build: reconfigure when gyp files change on Windows (Joyee Cheung) #39066
[7f225a05ee] - Revert "build: work around bug in MSBuild v16.10.0" (Michaël Zasso) #38977
[1853127dde] - build: reset embedder string to "-node.0" (Michaël Zasso) #38273
[c0d236f5ea] - build: make build-addons errors fail the build (Richard Lau) #38983
[173292bcf8] - build: fix commit-queue default branch (Mary Marchini) #38998
[e939e243bf] - build: don't pass python override to V8 build (Richard Lau) #38969
[651c58b412] - build: correct Xcode spelling in .gitignore (bl-ue) #38895
[5203c9ced7] - build: fast-track npm MRs and dont-land them on LTS (Michaël Zasso) #38885
[7de57d4d33] - build: dont-land gyp-next MRs on LTS branches (Michaël Zasso) #38887
[e87cd4542b] - child_process: refactor to use validateBoolean (Qingyu Deng) #38927
[69fa9e16e9] - (SEMVER-MINOR) child_process: allow options.cwd receive a URL (Khaidi Chu) #38862
[cf9d686c35] - crypto: fix aes crash when tag length too small (Khaidi Chu) #38914
[1799ea36f0] - crypto: use compatible version of EVP_CIPHER_name (Shelley Vohr) #38925
[6d5dc63ae4] - crypto: fix label cast in EVP_PKEY_CTX_set0_rsa_oaep_label (Shelley Vohr) #38926
[6e93c17bf5] - crypto: use EVP_get_cipherbynid directly (Shelley Vohr) #38901
[82c293959e] - crypto: add missing rand.h include (Shelley Vohr) #38864
[e4f802de9a] - debugger: rename internal library for clarity (Rich Trott) #39080
[1e8bdab581] - debugger: use ERR_DEBUGGER_STARTUP_ERROR in _inspect.js (Rich Trott) #39024
[b43cb69fbb] - debugger: use error codes in debugger REPL (Rich Trott) #39024
[dc9218136b] - debugger: use ERR_DEBUGGER_ERROR in debugger client (Rich Trott) #39024
[711916a271] - debugger: remove unnecessary boilerplate copyright comment (Rich Trott) #38952
[0f65e41442] - debugger: reduce scope of eslint disable comment (Rich Trott) #38946
[1fa724ec5a] - deps: upgrade npm to 7.18.1 (npm team) #39065
[c6aa68598d] - deps: upgrade npm to 7.17.0 (npm team) #38999
[864fe9910b] - deps: make V8 9.1 abi-compatible with 9.0 (Michaël Zasso) #38991
[c93f3573eb] - deps: V8: cherry-pick fa4cb17 (Michaël Zasso) #38273
[3c6c28b0a1] - deps: V8: cherry-pick 4c07451 (Michaël Zasso) #38273
[3c37396d5c] - deps: V8: cherry-pick 5f44131 (Michaël Zasso) #38273
[3433559a55] - deps: V8: cherry-pick 272445f (Michaël Zasso) #38273
[f56c78574e] - deps: V8: cherry-pick c0fceaa (Michaël Zasso) #38273
[7197fcec93] - deps: V8: cherry-pick d59db06 (Michaël Zasso) #38273
[bf7aa9fef8] - deps: silence irrelevant V8 warnings (Michaël Zasso) #37587
[eac377bc15] - deps: V8: backport aaacffa (Michaël Zasso) #38273
[1a7c8a12c1] - deps: fix V8 build issue with inline methods (Jiawen Geng) #35415
[3c9a75522b] - deps: make v8.h compatible with VS2015 (Joao Reis) #32116
[8ed258339a] - deps: V8: forward declaration of Rtl*FunctionTable (Refael Ackermann) #32116
[4ef37c83a9] - deps: V8: patch register-arm64.h (Refael Ackermann) #32116
[7c61c6ee25] - deps: V8: un-cherry-pick bd019bd (Refael Ackermann) #32116
[e82ef4148e] - (SEMVER-MINOR) deps: update V8 to 9.1.269.36 (Michaël Zasso) #38273
[70af146745] - deps: upgrade npm to 7.16.0 (npm team) #38920
[a71df7630e] - (SEMVER-MINOR) dns: allow --dns-result-order to change default dns verbatim (Ouyang Yadong) #38099
[dce256b210] - doc: remove references to deleted freenode channels (devsnek) #39047
[1afff98805] - doc: fix typos (bl-ue) #39049
[858f66e691] - doc: add missing parameter types (Voltrex) #39013
[ed91379186] - doc: clearify that http does chunked encoding itself (Mao Wtm) #28379
[51561f390a] - doc: add missing changelog links (Antoine du Hamel) #39016
[a19170eb9d] - doc: clarify that only one Python version is required to build (bl-ue) #38894
[7b219992e0] - doc: fix markup for aesImportParams (Tobias Nießen) #38898
[405b50cdba] - doc: use await in filehandle.truncate() snippet (RA80533) #38939
[5218fe86d1] - doc: fixed typo in process.md (Derevianchenko Maksym) #38941
[f903ad85f2] - doc: add missing semis after classes (Darshan Sen) #38931
[0bdeeda3b5] - doc: update write callback documentation (Simone Busoli) #38959
[7a7c0588ad] - doc: mark util.inherits as legacy (Voltrex) #38896
[f6964dc506] - doc: clarify when readable._read(...) is called (Shaun Keys) #38726
[3481b02e77] - doc: mark Node.js v15.x as EOL (Antoine du Hamel) #38891
[17a9846920] - doc: fix .mjs syntax in crypto.md (himself65) #38882
[8c7b2bab5f] - doc,fs: remove experimental status for WHATWG URL as path (Antoine du Hamel) #38870
[eddde6c31a] - errors: don't rekey on primitive type (Benjamin Coe) #39025
[3d7892ef39] - errors: add ERR_DEBUGGER_STARTUP_ERROR (Rich Trott) #39024
[631856ea32] - errors: add ERR_DEBUGGER_ERROR (Rich Trott) #39024
[336571fbdd] - Revert "http: make HEAD method to work with keep-alive" (Michaël Zasso) #38949
[c2b4fbba0f] - lib: remove semicolon in preparation for babel/eslint-parser update (Rich Trott) #39094
[f17dde81f3] - lib: make internal/options lazy (Joyee Cheung) #38993
[551430514b] - lib: add JSDoc typings for child_process (Voltrex) #38222
[ded83350a0] - lib: make primordials Promise methods safe (Antoine du Hamel) #38650
[637c1fa83c] - lib: refactor debuglog init (Antoine du Hamel) #38838
[5b5e07a2cc] - meta: update label-pr-config (Michaël Zasso) #38950
[92ed1c6cce] - module: fix legacy node specifier resolution to resolve "main" field (Antoine du Hamel) #38979
[4174f139b6] - net: use missing validator (Voltrex) #38984
[f7724ab342] - node-api: avoid crashing on passed-in null string (Gabriel Schulhof) #38923
[ec3e5b4c15] - node-api: avoid SecondPassCallback crash (Michael Dawson) #38899
[74f5e30d69] - node-api: rtn pending excep on napi_new_instance (legendecas) #38798
[4c6193fea1] - report: generates report on threads with no isolates (legendecas) #38994
[3c7a7d9ee4] - (SEMVER-MINOR) src: allow to negate boolean CLI flags (Michaël Zasso) #39023
[284d9c6228] - src: cleanup uv_fs_t regardless of success or not (legendecas) #38996
[902bb858d7] - src: refactor to use locale functions (Darshan Sen) #39014
[10370c5e8a] - src: fix multiple AddLinkedBinding() calls (Anna Henningsen) #39012
[ff8313c3a5] - src: throw error in LoadBuiltinModuleSource when reading fails (Joyee Cheung) #38904
[9ba5518f08] - src: skip test_fatal/test_threads for Debug builds (Daniel Bevenius) #38805
[06afb8df65] - (SEMVER-MINOR) src: make InitializeOncePerProcess more flexible (Shelley Vohr) #38888
[db4b192113] - src: add not-weak DCHECK to PersistentToLocal::Strong (Anna Henningsen) #38875
[08b2a4a138] - src,test: raise error for --enable-fips when no FIPS (Daniel Bevenius) #38859
[5d92c09bbf] - src,url: separate some tables out of node_url.cc (Khaidi Chu) #38988
[c20e28e1a0] - stream: fix pipeline pump (Robert Nagy) #39006
[7b026d8a72] - test: move inspector-cli tests to sequential (Rich Trott) #39079
[a53911b166] - test: improve buffer coverage (Rongjian Zhang) #38538
[5e9175f148] - test: fix name of variable in inspector-cli test (Tobias Nießen) #38869
[bd924610ec] - test: fix typo (Houssem Chebab) #39045
[d50df5dec1] - test: fix typo in test-http2-invalidheaderfield.js (Ikko Ashimine) #39021
[6111671d45] - test: adapt abort tests for new Windows code (Michaël Zasso) #38273
[1816d46cef] - test: adapt test-linux-perf to V8 changes (Michaël Zasso) #38273
[32961c4781] - test: fix V8 serdes test for V8 9.1 (Michaël Zasso) #38273
[f652284b3b] - test: remove obsolete TLS test (Rich Trott) #39001
[81bbeab3bd] - test: improve coverage of lib/events.js (Rongjian Zhang) #38582
[e82111f890] - test: http outgoing _headers setter null (ycjcl868) #38881
[1f10e84939] - test: suppress warning in test_environment.cc (Daniel Bevenius) #38868
[379b5f79a9] - tls: tweak clientCertEngine argument parsing (Shelley Vohr) #38900
[78d2e0ed8e] - tools: update babel-eslint-parser to 7.14.5 (Rich Trott) #39094
[fed641127a] - tools: update ESLint to 7.29.0 (Rich Trott) #39083
[3ae2a0be48] - tools: fix typo (Houssem Chebab) #39044
[a1d0aef60e] - tools: update doctool dependencies, migrate to ESM (Michaël Zasso) #38966
[2a292cf574] - tools: update V8 gypfiles for 9.1 (Michaël Zasso) #38273
[0c90fd8454] - tools: avoid crashing CQ when git push fails (Antoine du Hamel) #36861
[f817c2d3bb] - tools: fix typo in commit-queue.sh (bl-ue) #39000
[be5101eb32] - tools: update ESLint to 7.28.0 (Luigi Pinca) #38955
[9bf9ddb490] - tools: refactor snapshot builder (Joyee Cheung) #38902
[0706565097] - tools: bump remark-preset-lint-node to 2.3.0 (Rich Trott) #38910
[7d35fa7938] - tools: update gyp-next to v0.9.1 (Jiawen Geng) #38867
[00c20e621f] - tools,doc: forbid CJS globals in ESM code snippets (Antoine du Hamel) #38889
[99161b09f6] - url,src: simplify ipv6 logic by using uv_inet_pton (Khaidi Chu) #38842
[f40725f2a1] - vm: use missing validator (Voltrex) #38935
[f959cb3c68] - worker: do not look up context twice in PostMessage (Anna Henningsen) #38784

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

If you want to rebase/retry this MR, check this box.

chore(deps): update node docker tag to v16.9.0

Release Notes

Notable Changes

Corepack

V8 9.3

Other Notable Changes

Commits

Notable Changes

Commits

Notable Changes

Commits

Notable Changes

Commits

Notable Changes

Commits

Notable Changes

Say hello to V8 9.2

Other notable changes

Commits

Notable Changes

Experimental Web Streams API

Other notable changes

Commits

Notable Changes

Commits

Notable Changes

Commits

Notable changes

Commits

Configuration

Merge request reports