lukechilds/node - node - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Myles Borins	6218939cdd	2017-07-11, Version 6.11.1 'Boron' (LTS) This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ for details on patched vulnerabilities. Notable Changes: * build: - Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh) * deps: - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale) PR-URL: https://github.com/nodejs/node-private/pull/89	8 years ago
Myles Borins	4c5cbb7c83	2017-06-06, Version 6.11.0 'Boron' (LTS) This LTS release comes with 126 commits. This includes 40 which are test related, 32 which are doc related, 12 which are build / tool related and 4 commits which are updates to dependencies. Notable Changes: * build: - support for building mips64el (nanxiongchao) https://github.com/nodejs/node/pull/10991 * cluster: - disconnect() now returns a reference to the disconnected worker. (Sean Villars) https://github.com/nodejs/node/pull/10019 * crypto: - ability to select cert store at runtime (Adam Majer) https://github.com/nodejs/node/pull/8334 - Use system CAs instead of using bundled ones (Adam Majer) https://github.com/nodejs/node/pull/8334 - The `Decipher` methods `setAuthTag()` and `setAAD` now return `this`. (Kirill Fomichev) https://github.com/nodejs/node/pull/9398 - adding support for OPENSSL_CONF again (Sam Roberts) https://github.com/nodejs/node/pull/11006 - make LazyTransform compabile with Streams1 (Matteo Collina) https://github.com/nodejs/node/pull/12380 * deps: - upgrade libuv to 1.11.0 (cjihrig) https://github.com/nodejs/node/pull/11094 - upgrade libuv to 1.10.2 (cjihrig) https://github.com/nodejs/node/pull/10717 - upgrade libuv to 1.10.1 (cjihrig) https://github.com/nodejs/node/pull/9647 - upgrade libuv to 1.10.0 (cjihrig) https://github.com/nodejs/node/pull/9267 * dns: - Implemented `{ttl: true}` for `resolve4()` and `resolve6()` (Ben Noordhuis) https://github.com/nodejs/node/pull/9296 * process: - add NODE_NO_WARNINGS environment variable (cjihrig) https://github.com/nodejs/node/pull/10842 * readline: - add option to stop duplicates in history (Danny Nemer) https://github.com/nodejs/node/pull/2982 * src: - support "--" after "-e" as end-of-options (John Barboza) https://github.com/nodejs/node/pull/10651 * tls: - new tls.TLSSocket() supports sec ctx options (Sam Roberts) https://github.com/nodejs/node/pull/11005 - Allow obvious key/passphrase combinations. (Sam Roberts) https://github.com/nodejs/node/pull/10294 PR-URL: https://github.com/nodejs/node/pull/13059	8 years ago
James M Snell	43e4efdf21	2017-05-30, Version 8.0.0 (Current) * Async Hooks * The `async_hooks` module has landed in core [[`4a7233c178`](https://github.com/nodejs/node/commit/4a7233c178)] [#12892](https://github.com/nodejs/node/pull/12892). * Buffer * Using the `--pending-deprecation` flag will cause Node.js to emit a deprecation warning when using `new Buffer(num)` or `Buffer(num)`. [[`d2d32ea5a2`](https://github.com/nodejs/node/commit/d2d32ea5a2)] [#11968](https://github.com/nodejs/node/pull/11968). * `new Buffer(num)` and `Buffer(num)` will zero-fill new `Buffer` instances [[`7eb1b4658e`](https://github.com/nodejs/node/commit/7eb1b4658e)] [#12141](https://github.com/nodejs/node/pull/12141). * Many `Buffer` methods now accept `Uint8Array` as input [[`beca3244e2`](https://github.com/nodejs/node/commit/beca3244e2)] [#10236](https://github.com/nodejs/node/pull/10236). * Child Process * Argument and kill signal validations have been improved [[`97a77288ce`](https://github.com/nodejs/node/commit/97a77288ce)] [#12348](https://github.com/nodejs/node/pull/12348), [[`d75fdd96aa`](https://github.com/nodejs/node/commit/d75fdd96aa)] [#10423](https://github.com/nodejs/node/pull/10423). * Child Process methods accept `Uint8Array` as input [[`627ecee9ed`](https://github.com/nodejs/node/commit/627ecee9ed)] [#10653](https://github.com/nodejs/node/pull/10653). * Console * Error events emitted when using `console` methods are now supressed. [[`f18e08d820`](https://github.com/nodejs/node/commit/f18e08d820)] [#9744](https://github.com/nodejs/node/pull/9744). * Dependencies * The npm client has been updated to 5.0.0 [[`3c3b36af0f`](https://github.com/nodejs/node/commit/3c3b36af0f)] [#12936](https://github.com/nodejs/node/pull/12936). * V8 has been updated to 5.8 with forward ABI stability to 6.0 [[`60d1aac8d2`](https://github.com/nodejs/node/commit/60d1aac8d2)] [#12784](https://github.com/nodejs/node/pull/12784). * Domains * Native `Promise` instances are now `Domain` aware [[`84dabe8373`](https://github.com/nodejs/node/commit/84dabe8373)] [#12489](https://github.com/nodejs/node/pull/12489). * Errors * We have started assigning static error codes to errors generated by Node.js. This has been done through multiple commits and is still a work in progress. * File System * The utility class `fs.SyncWriteStream` has been deprecated [[`7a55e34ef4`](https://github.com/nodejs/node/commit/7a55e34ef4)] [#10467](https://github.com/nodejs/node/pull/10467). * The deprecated `fs.read()` string interface has been removed [[`3c2a9361ff`](https://github.com/nodejs/node/commit/3c2a9361ff)] [#9683](https://github.com/nodejs/node/pull/9683). * HTTP * Improved support for userland implemented Agents [[`90403dd1d0`](https://github.com/nodejs/node/commit/90403dd1d0)] [#11567](https://github.com/nodejs/node/pull/11567). * Outgoing Cookie headers are concatenated into a single string [[`d3480776c7`](https://github.com/nodejs/node/commit/d3480776c7)] [#11259](https://github.com/nodejs/node/pull/11259). * The `httpResponse.writeHeader()` method has been deprecated [[`fb71ba4921`](https://github.com/nodejs/node/commit/fb71ba4921)] [#11355](https://github.com/nodejs/node/pull/11355). * New methods for accessing HTTP headers have been added to `OutgoingMessage` [[`3e6f1032a4`](https://github.com/nodejs/node/commit/3e6f1032a4)] [#10805](https://github.com/nodejs/node/pull/10805). * Lib * All deprecation messages have been assigned static identifiers [[`5de3cf099c`](https://github.com/nodejs/node/commit/5de3cf099c)] [#10116](https://github.com/nodejs/node/pull/10116). * The legacy `linkedlist` module has been removed [[`84a23391f6`](https://github.com/nodejs/node/commit/84a23391f6)] [#12113](https://github.com/nodejs/node/pull/12113). * N-API * Experimental support for the new N-API API has been added [[`56e881d0b0`](https://github.com/nodejs/node/commit/56e881d0b0)] [#11975](https://github.com/nodejs/node/pull/11975). * Process * Process warning output can be redirected to a file using the `--redirect-warnings` command-line argument [[`03e89b3ff2`](https://github.com/nodejs/node/commit/03e89b3ff2)] [#10116](https://github.com/nodejs/node/pull/10116). * Process warnings may now include additional detail [[`dd20e68b0f`](https://github.com/nodejs/node/commit/dd20e68b0f)] [#12725](https://github.com/nodejs/node/pull/12725). * REPL * REPL magic mode has been deprecated [[`3f27f02da0`](https://github.com/nodejs/node/commit/3f27f02da0)] [#11599](https://github.com/nodejs/node/pull/11599). * Src * `NODE_MODULE_VERSION` has been updated to 57 (https://github.com/nodejs/node/commit/ec7cbaf266)] [#12995](https://github.com/nodejs/node/pull/12995). * Add `--pending-deprecation` command-line argument and `NODE_PENDING_DEPRECATION` environment variable [[`a16b570f8c`](https://github.com/nodejs/node/commit/a16b570f8c)] [#11968](https://github.com/nodejs/node/pull/11968). * The `--debug` command-line argument has been deprecated. Note that using `--debug` will enable the new Inspector-based debug protocol as the legacy Debugger protocol previously used by Node.js has been removed. [[`010f864426`](https://github.com/nodejs/node/commit/010f864426)] [#12949](https://github.com/nodejs/node/pull/12949). * Throw when the `-c` and `-e` command-line arguments are used at the same time [[`a5f91ab230`](https://github.com/nodejs/node/commit/a5f91ab230)] [#11689](https://github.com/nodejs/node/pull/11689). * Throw when the `--use-bundled-ca` and `--use-openssl-ca` command-line arguments are used at the same time. [[`8a7db9d4b5`](https://github.com/nodejs/node/commit/8a7db9d4b5)] [#12087](https://github.com/nodejs/node/pull/12087). * Stream * `Stream` now supports `destroy()` and `_destroy()` APIs [[`b6e1d22fa6`](https://github.com/nodejs/node/commit/b6e1d22fa6)] [#12925](https://github.com/nodejs/node/pull/12925). * `Stream` now supports the `_final()` API [[`07c7f198db`](https://github.com/nodejs/node/commit/07c7f198db)] [#12828](https://github.com/nodejs/node/pull/12828). * TLS * The `rejectUnauthorized` option now defaults to `true` [[`348cc80a3c`](https://github.com/nodejs/node/commit/348cc80a3c)] [#5923](https://github.com/nodejs/node/pull/5923). * The `tls.createSecurePair()` API now emits a runtime deprecation [[`a2ae08999b`](https://github.com/nodejs/node/commit/a2ae08999b)] [#11349](https://github.com/nodejs/node/pull/11349). * A runtime deprecation will now be emitted when `dhparam` is less than 2048 bits [[`d523eb9c40`](https://github.com/nodejs/node/commit/d523eb9c40)] [#11447](https://github.com/nodejs/node/pull/11447). * URL * The WHATWG URL implementation is now a fully-supported Node.js API [[`d080ead0f9`](https://github.com/nodejs/node/commit/d080ead0f9)] [#12710](https://github.com/nodejs/node/pull/12710). * Util * `Symbol` keys are now displayed by default when using `util.inspect()` [[`5bfd13b81e`](https://github.com/nodejs/node/commit/5bfd13b81e)] [#9726](https://github.com/nodejs/node/pull/9726). * `toJSON` errors will be thrown when formatting `%j` [[`455e6f1dd8`](https://github.com/nodejs/node/commit/455e6f1dd8)] [#11708](https://github.com/nodejs/node/pull/11708). * Convert `inspect.styles` and `inspect.colors` to prototype-less objects [[`aab0d202f8`](https://github.com/nodejs/node/commit/aab0d202f8)] [#11624](https://github.com/nodejs/node/pull/11624). * The new `util.promisify()` API has been added [[`99da8e8e02`](https://github.com/nodejs/node/commit/99da8e8e02)] [#12442](https://github.com/nodejs/node/pull/12442). * Zlib * Support `Uint8Array` in Zlib convenience methods [[`91383e47fd`](https://github.com/nodejs/node/commit/91383e47fd)] [#12001](https://github.com/nodejs/node/pull/12001). * Zlib errors now use `RangeError` and `TypeError` consistently [[`b514bd231e`](https://github.com/nodejs/node/commit/b514bd231e)] [#11391](https://github.com/nodejs/node/pull/11391).	8 years ago
Daijiro Wachi	1d60fc3aa5	doc: fix doc styles BUILDING.md + L122: Missing code-language flag + L170: Strong should use `*` as a marker doc/changelogs/CHANGELOG_V6.md + L1494: Don't pad `emphasis` with inner spaces doc/guides/maintaining-V8.md + L3: Don't use multiple top level headings + L16: Don't use multiple top level headings + L40: Don't use multiple top level headings + L124: Don't use multiple top level headings + L182: Missing code-language flag + L223: Don't use multiple top level headings + L288: Don't use multiple top level headings + L307: Don't use multiple top level headings doc/guides/writing-tests.md + L322: Missing code-language flag + L329: Missing code-language flag doc/releases.md + L299: Missing code-language flag PR-URL: https://github.com/nodejs/node/pull/13270 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>	8 years ago
Alexey Orlenko	2af49b6c89	doc: make the style of notes consistent Make the style of "Note:" paragraphs consistent and document the guidelines in `doc/STYLE_GUIDE.md`. PR-URL: https://github.com/nodejs/node/pull/13133 Fixes: https://github.com/nodejs/node/issues/13131 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>	8 years ago
Myles Borins	20e27dd849	2017-05-02, Version 6.10.3 'Boron' (LTS) Notable Changes: * module: - The module loading global fallback to the Node executable's directory now works correctly on Windows. (Richard Lau) https://github.com/nodejs/node/pull/9283 * src: - fix base64 decoding in rare edgecase (Nikolai Vavilov) https://github.com/nodejs/node/pull/11995 * tls: - fix rare segmentation faults when using TLS * (Trevor Norris) https://github.com/nodejs/node/pull/11947 * (Ben Noordhuis) https://github.com/nodejs/node/pull/11898 * (jBarz) https://github.com/nodejs/node/pull/11776 PR-URL: https://github.com/nodejs/node/pull/12497	8 years ago
Zero King	c79b081367	doc: fix typo in CHANGELOG_V6.md PR-URL: https://github.com/nodejs/node/pull/12206 Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Timothy Gu <timothygu99@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>	8 years ago
Myles Borins	28f8b17ffb	2017-04-04, Version 6.10.2 'Boron' (LTS) This is a special LTS to fix a number of regressions that were found on the 6.10.x release line. This includes: * a fix for memory leak in the crypto module that was introduced in 6.10.1 * a fix for a regression introduced to the windows repl in 6.10.0 * a backported fix for V8 to stop a segfault that could occur when using spread syntax It also includes an upgrade to zlib 1.2.11 to fix a numberof low severity CVEs that were present in zlib 1.2.8. http://seclists.org/oss-sec/2016/q4/602 Notable changes * crypto: - fix memory leak if certificate is revoked (Tom Atkinson) https://github.com/nodejs/node/pull/12089 * deps: - upgrade zlib to 1.2.11 (Sam Roberts) https://github.com/nodejs/node/pull/10980 - backport V8 fixes for spread syntax regression causing segfaults (Michaël Zasso) https://github.com/nodejs/node/pull/12037 * repl: - Revert commit that broke REPL display on Windows (Myles Borins) https://github.com/nodejs/node/pull/12123	8 years ago
Myles Borins	2569c909ba	2017-03-21, Version 6.10.1 'Boron' (LTS) Notable changes * performance: The performance of several APIs has been improved. - `Buffer.compare()` is up to 35% faster on average. (Brian White) https://github.com/nodejs/node/pull/10927 - `buffer.toJSON()` is up to 2859% faster on average. (Brian White) https://github.com/nodejs/node/pull/10895 - `fs.statSync()` functions are now up to 9.3% faster on average. (Brian White) https://github.com/nodejs/node/pull/11522 - `os.loadavg` is up to 151% faster. (Brian White) https://github.com/nodejs/node/pull/11516 - `process.memoryUsage()` is up to 34% faster. (Brian White) https://github.com/nodejs/node/pull/11497 - `querystring.unescape()` for `Buffer`s is 15% faster on average. (Brian White) https://github.com/nodejs/node/pull/10837 - `querystring.stringify()` is up to 7.8% faster on average. (Brian White) https://github.com/nodejs/node/pull/10852 - `querystring.parse()` is up to 21% faster on average. (Brian White) https://github.com/nodejs/node/pull/10874 IPC: - Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. (Alexey Orlenko) https://github.com/nodejs/node/pull/10677 - Performance gains may be up to 40% for some workloads. * child_process: - `spawnSync` now returns a null `status` when child is terminated by a signal. (cjihrig) https://github.com/nodejs/node/pull/11288 - This fixes the behavior to act like `spawn()` does. * http: - Control characters are now always rejected when using `http.request()`. (Ben Noordhuis) https://github.com/nodejs/node/pull/8923 - Debug messages have been added for cases when headers contain invalid values. (Evan Lucas) https://github.com/nodejs/node/pull/9195 * node: - Heap statistics now support values larger than 4GB. (Ben Noordhuis) https://github.com/nodejs/node/pull/10186 * timers: - Timer callbacks now always maintain order when interacting with domain error handling. (John Barboza) https://github.com/nodejs/node/pull/10522 PR-URL: https://github.com/nodejs/node/pull/11759	8 years ago
Luigi Pinca	289e53265a	doc: add missing entry in v6 changelog table This adds an anchor for v6.10.0 in the LTS column. PR-URL: https://github.com/nodejs/node/pull/11534 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>	8 years ago
Myles Borins	aecb0859e5	2017-02-21, Version 6.10.0 'Boron' (LTS) Notable Changes: The SEMVER-MINOR changes include: * crypto: allow adding extra certs to well-known CAs (Sam Roberts) https://github.com/nodejs/node/pull/9139 * deps: Upgrade INTL ICU to version 58 (Steven R. Loomis) https://github.com/nodejs/node/pull/9234 * process: add `process.memoryUsage.external` (Fedor Indutny) https://github.com/nodejs/node/pull/9587 * src: add wrapper for process.emitWarning() (Sam Roberts) https://github.com/nodejs/node/pull/9139 Notable SEMVER-PATCH changes include: * fs: cache non-symlinks in realpathSync. (Jeremy Yallop) https://github.com/nodejs/node/pull/10253 * repl: allow autocompletion for scoped packages (Evan Lucas) https://github.com/nodejs/node/pull/10296 PR-URL: https://github.com/nodejs/node/pull/10974	8 years ago
Myles Borins	5faaf07063	2017-01-31, Version 6.9.5 'Boron' (LTS) This is a security release of the 'Boron' release line to upgrade OpenSSL to version 1.0.2k Although the OpenSSL team have determined a maximum severity rating of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu and Fedor Indutny) have determined the impact to Node users is "low". Details on this determination can be found on the Nodejs.org website https://nodejs.org/en/blog/vulnerability/openssl-january-2017/ Notable Changes: * deps: - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) https://github.com/nodejs/node/pull/11021 PR-URL: https://github.com/nodejs/node/pull/11081	8 years ago
Anna Henningsen	6d31bdb872	doc: move Boron releases to LTS column Move the LTS releases for Node 6 to the `LTS` column in the corresponding `CHANGELOG_V6.md`. PR-URL: https://github.com/nodejs/node/pull/10827 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>	8 years ago
Myles Borins	8066215e5d	2017-01-05, Version 6.9.4 'Boron' (LTS) This is a special release that contains 0 commits. While promoting additional platforms for v6.9.3 after the release, the tarballs on the release server were overwritten and now have different shasums. In order to remove any ambiguity around the release we have opted to do a semver patch release with no changes.	8 years ago
Myles Borins	2bf1c24f6a	2017-01-03, Version 6.9.3 'Boron' (LTS) Release This LTS release comes with 312 commits. This includes 229 that are test related, 62 that are docs related, 17 which are build / tools related, and 4 commits which are updates to dependencies. Notable Changes: * build: - shared library support is now working for AIX builds (Stewart Addison) https://github.com/nodejs/node/pull/9675 * deps: - npm: upgrade npm to 3.10.10 (Rebecca Turner) https://github.com/nodejs/node/pull/9847 - V8: Destructuring of arrow function arguments via computed property no longer throws (Michaël Zasso) https://github.com/nodejs/node/pull/10386) * inspector: - /json/version returns object, not an object wrapped in an array (Ben Noordhuis) https://github.com/nodejs/node/pull/9762 * module: - using --debug-brk and --eval together now works as expected (Kelvin Jin) https://github.com/nodejs/node/pull/8876 * process: - improve performance of nextTick up to 20% (Evan Lucas) https://github.com/nodejs/node/pull/8932 * repl: - the division operator will no longer be accidentally parsed as regex (Teddy Katz) https://github.com/nodejs/node/pull/10103 - improved support for generator functions (Teddy Katz) https://github.com/nodejs/node/pull/9852 * timers: - Re canceling a cancelled timers will no longer throw (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/9685 PR-URL: https://github.com/nodejs/node/pull/10394	8 years ago
Myles Borins	c4391f4664	2016-12-06, Version 6.9.2 'Boron' (LTS) Release This LTS release comes with 144 commits. This includes 47 that are docs related, 46 that are test related, 15 which are build / tools related, and 9 commits which are updates to dependencies Notable Changes: * buffer: - coerce slice parameters consistently (Sakthipriyan Vairamani (thefourtheye)) https://github.com/nodejs/node/pull/9101 * deps: - npm: - upgrade npm to 3.10.9 (Kat Marchán) https://github.com/nodejs/node/pull/9286 - V8: - Various fixes to destructuring edge cases - cherry-pick 3c39bac from V8 upstream (Cristian Cavalli) https://github.com/nodejs/node/pull/9138 - cherry pick 7166503 from upstream v8 (Cristian Cavalli) https://github.com/nodejs/node/pull/9173 * gtest: - the test reporter now outputs tap comments as yamlish (Johan Bergström) https://github.com/nodejs/node/pull/9262 * inspector: - inspector now prompts user to use 127.0.0.1 rather than localhost (Eugene Ostroukhov) https://github.com/nodejs/node/pull/9451 * tls: - fix memory leak when writing data to TLSWrap instance during handshake (Fedor Indutny) https://github.com/nodejs/node/pull/9586 PR-URL: https://github.com/nodejs/node/pull/9735	8 years ago
James M Snell	1e4fafcb1a	2016-10-25, Version 7.0.0 (Current) Notable Changes: * Buffer * Passing invalid input to Buffer.byteLength will now throw an error [#8946](https://github.com/nodejs/node/pull/8946). * Calling Buffer without new is now deprecated and will emit a process warning [#8169](https://github.com/nodejs/node/pull/8169). * Passing a negative number to allocUnsafe will now throw an error [#7079](https://github.com/nodejs/node/pull/7079). * Child Process * The fork and execFile methods now have stronger argument validation [#7399](https://github.com/nodejs/node/pull/7399). * Cluster * The worker.suicide method is deprecated and will emit a process warning [#3747](https://github.com/nodejs/node/pull/3747). * Deps * V8 has been updated to 5.4.500.36 [#8317](https://github.com/nodejs/node/pull/8317), [#8852](https://github.com/nodejs/node/pull/8852), [#9253](https://github.com/nodejs/node/pull/9253). * NODE_MODULE_VERSION has been updated to 51 [#8808](https://github.com/nodejs/node/pull/8808). * File System * A process warning is emitted if a callback is not passed to async file system methods [#7897](https://github.com/nodejs/node/pull/7897). * Intl * Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [#8908](https://github.com/nodejs/node/pull/8908). * Promises * Unhandled Promise rejections have been deprecated and will emit a process warning [#8217](https://github.com/nodejs/node/pull/8217). * Punycode * The `punycode` module has been deprecated [#7941](https://github.com/nodejs/node/pull/7941). * URL * An Experimental WHATWG URL Parser has been introduced [#7448](https://github.com/nodejs/node/pull/7448). PR-URL: https://github.com/nodejs/node/pull/9099	8 years ago
Myles Borins	4b65a65e75	2016-10-19, Version 6.9.1 'Boron' (LTS) Release Notable changes: * streams: Fix a regression introduced in v6.8.0 in readable stream that caused unpipe to remove the wrong stream (Anna Henningsen) PR-URL: https://github.com/nodejs/node/pull/9186	8 years ago
Rod Vagg	0e6750d1cd	2016-10-18 Node.js v6.9.0 'Boron' (LTS) Release This release marks the transition of Node.js v6 into Long Term Support (LTS) with the codename 'Boron'. The v6 release line now moves in to "Active LTS" and will remain so until April 2018. After that time it will move in to "Maintenance" until end of life in April 2019. This is also a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * crypto: Don't automatically attempt to load an OpenSSL configuration file, from the `OPENSSL_CONF` environment variable or from the default location for the current platform. Always triggering a configuration file load attempt may allow an attacker to load compromised OpenSSL configuration into a Node.js process if they are able to place a file in a default location. (Fedor Indutny, Rod Vagg) * node: Introduce the `process.release.lts` property, set to `"Boron"`. This value is `"Argon"` for v4 LTS releases and `undefined` for all other releases. (Rod Vagg) * V8: Backport fix for CVE-2016-5172, an arbitrary memory read. The parser in V8 mishandled scopes, potentially allowing an attacker to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. This vulnerability would require an attacker to be able to execute arbitrary JavaScript code in a Node.js process. (Rod Vagg) * v8_inspector: Generate a UUID for each execution of the inspector. This provides additional security to prevent unauthorized clients from connecting to the Node.js process via the v8_inspector port when running with `--inspect`. Since the debugging protocol allows extensive access to the internals of a running process, and the execution of arbitrary code, it is important to limit connections to authorized tools only. Vulnerability originally reported by Jann Horn. (Eugene Ostroukhov) PR-URL: https://github.com/nodejs/node-private/pull/81	8 years ago
Evan Lucas	113c697ded	2016-10-14, Version 6.8.1 (Current) * build: Fix building with shared zlib. (Bradley T. Hughes) [#9077](https://github.com/nodejs/node/pull/9077) * stream: fix `Writable` subclass instanceof checks (Anna Henningsen) [#9088](https://github.com/nodejs/node/pull/9088) * timers: fix regression with clearImmediate() (Brian White) [#9086](https://github.com/nodejs/node/pull/9086) PR-URL: https://github.com/nodejs/node/pull/9104	8 years ago
Jeremiah Senkpiel	e4ee09a5b3	2016-10-12, Version 6.8.0 (Current) * fs: - `SyncWriteStream` now inherits from `Stream.Writable`. (Anna Henningsen) https://github.com/nodejs/node/pull/8830 - Practically, this means that when stdio is piped to a file, stdout and stderr will still be `Writable` streams. - `fs.existsSync()` has been undeprecated. `fs.exists()` remains deprecated. (Dan Fabulich) https://github.com/nodejs/node/pull/8364 * http: `http.request()` now accepts a `timeout` option. (Rene Weber) https://github.com/nodejs/node/pull/8101 * module: The module loader now maintains its own realpath cache. (Anna Henningsen) https://github.com/nodejs/node/pull/8100 * npm: Upgraded to 3.10.8 (Kat Marchán) https://github.com/nodejs/node/pull/8706 * stream: `Duplex` streams now show proper `instanceof Stream.Writable`. (Anna Henningsen) https://github.com/nodejs/node/pull/8834 * timers: Improved `setTimeout`/`Interval` performance by up to 22%. (Brian White) https://github.com/nodejs/node/pull/8661 PR-URL: https://github.com/nodejs/node/pull/9034	8 years ago
Evan Lucas	aae1862385	2016-09-27, Version 6.7.0 (Current) This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ for details on patched vulnerabilities. Notable Changes Semver Minor: * openssl: - Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2178, and CVE-2016-6306. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8714 - Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8786 - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/73 * http: CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) https://github.com/nodejs/node-private/pull/60 Semver Patch: * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) https://github.com/nodejs/node-private/pull/64 * src: Fix regression where passing an empty password and/or salt to crypto.pbkdf2() would cause a fatal error (Rich Trott) https://github.com/nodejs/node/pull/8572 * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/75 v8: Fix regression where a regex on a frozen object was broken (Myles Borins) https://github.com/nodejs/node/pull/8673	8 years ago
Jeremiah Senkpiel	ea2a309e3b	2016-09-14, Version 6.6.0 (Current) Notable changes: * crypto: Added `crypto.timingSafeEqual()`. (not-an-aardvark) https://github.com/nodejs/node/pull/8304 * events: Made the "max event listeners" memory leak warning more accessible. (Anna Henningsen) https://github.com/nodejs/node/pull/8298 * promises: Unhandled rejections now emit a process warning after the first tick. (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/8223 * repl: Added auto alignment for `.editor` mode. (Prince J Wesley) https://github.com/nodejs/node/pull/8241 * util: Some functionality has been added to `util.inspect()`: - Returning `this` from a custom inspect function now works. (Anna Henningsen) https://github.com/nodejs/node/pull/8174 - Added support for Symbol-based custom inspection methods. (Anna Henningsen) https://github.com/nodejs/node/pull/8174 Refs: https://github.com/nodejs/node/issues/8428 Refs: https://github.com/nodejs/node/pull/8457 PR-URL: https://github.com/nodejs/node/pull/8466	8 years ago
Evan Lucas	0482d6d592	2016-08-26, Version 6.5.0 (Current) Notable changes: * buffer: Fix regression introduced in v6.4.0 that prevented .write() at buffer end (Anna Henningsen) https://github.com/nodejs/node/pull/8154 * deps: update V8 to 5.1.281.75 (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/8054 * inspector: * fix inspector hang while disconnecting (Aleksei Koziatinskii) https://github.com/nodejs/node/pull/8021 * add support for uncaught exception (Aleksei Koziatinskii) https://github.com/nodejs/node/pull/8043 * repl: Fix saving editor mode text in `.save` (Prince J Wesley) https://github.com/nodejs/node/pull/8145 * *Revert* "repl,util: insert carriage returns in output" (Evan Lucas) https://github.com/nodejs/node/pull/8143 PR-URL: https://github.com/nodejs/node/pull/8253	8 years ago
cjihrig	d83373d800	2016-08-15, Version 6.4.0 (Current) Notable changes: * build: zlib symbols and additional OpenSSL symbols are now exposed on Windows platforms. (Alex Hultman) https://github.com/nodejs/node/pull/7983 and https://github.com/nodejs/node/pull/7576 * child_process, cluster: Forked child processes and cluster workers now support stdio configuration. (Colin Ihrig) https://github.com/nodejs/node/pull/7811 and https://github.com/nodejs/node/pull/7838 * child_process: argv[0] can now be set to arbitrary values in spawned processes. (Pat Pannuto) https://github.com/nodejs/node/pull/7696 * fs: fs.ReadStream now exposes the number of bytes it has read so far. (Linus Unnebäck) https://github.com/nodejs/node/pull/7942 * repl: The REPL now supports editor mode. (Prince J Wesley) https://github.com/nodejs/node/pull/7275 * util: inspect() can now be configured globally using util.inspect.defaultOptions. (Roman Reiss) https://github.com/nodejs/node/pull/8013 Refs: https://github.com/nodejs/node/issues/8020 PR-URL: https://github.com/nodejs/node/pull/8070	8 years ago
Luigi Pinca	dabac8a2fb	doc: remove spurious new line in CHANGELOG_V6.md PR-URL: https://github.com/nodejs/node/pull/8009 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>	9 years ago
Timothy Gu	1896ca9e8e	doc: fill in missing V8 version PR-URL: https://github.com/nodejs/node/pull/7878 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: James M Snell <jasnell@gmail.com>	9 years ago
Evan Lucas	c21a212bdc	2016-07-21, Version 6.3.1 (Current) Notable changes: * buffer: * Improve performance of Buffer.from(str, 'hex') and Buffer#write(str, 'hex'). (Christopher Jeffrey) https://github.com/nodejs/node/pull/7602 * Fix creating from zero-length ArrayBuffer. (Ingvar Stepanyan) https://github.com/nodejs/node/pull/7176 * deps: * Upgrade to V8 5.0.71.xx. (Ben Noordhuis) https://github.com/nodejs/node/pull/7531 * Backport V8 instanceof bugfix (Franziska Hinkelmann) https://github.com/nodejs/node/pull/7638 * repl: Fix issue with function redeclaration. (Prince J Wesley) https://github.com/nodejs/node/pull/7794 * util: Fix inspecting of boxed symbols. (Anna Henningsen) https://github.com/nodejs/node/pull/7641 PR-URL: https://github.com/nodejs/node/pull/7782	9 years ago
Сковорода Никита Андреевич	a58b48bc3b	doc: various documentation formatting fixes * Fix markdown code sample in releases.md, it was <a id="x.y.x></a>" * Fix some markdown errors, e.g. in changelogs * Fix broken defs links, e.g. in domain-postmortem.md * Fix other broken refs, by addaleax * Add links to some defs that were present but not linked to * Remove dead defs * Move defs to the bottom (one file affected) * Add language indicators to all code blocks, using `txt` when no specific language could be chosen * Some minor formatting changes (spaces, ident, headings) PR-URL: https://github.com/nodejs/node/pull/7637 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Roman Reiss <me@silverwind.io>	9 years ago
vsemozhetbyt	80478a5240	doc: fix typo in the CHANGELOG_V6 compliment -> complement PR-URL: https://github.com/nodejs/node/pull/7568 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>	9 years ago
Jeremiah Senkpiel	7628031847	2016-07-06, Version 6.3.0 (Current) Notable changes: * buffer: Added `buffer.swap64()` to compliment `swap16()` & `swap32()`. (Zach Bjornson) https://github.com/nodejs/node/pull/7157 * build: New `configure` options have been added for building Node.js as a shared library. (Stefan Budeanu) https://github.com/nodejs/node/pull/6994 - The options are: `--shared`, `--without-v8-platform` & `--without-bundled-v8`. * crypto: Root certificates have been updated. (Ben Noordhuis) https://github.com/nodejs/node/pull/7363 * debugger: The server address is now configurable via `--debug=<address>:<port>`. (Ben Noordhuis) https://github.com/nodejs/node/pull/3316 * npm: Upgraded npm to v3.10.3 (Kat Marchán) https://github.com/nodejs/node/pull/7515 & (Rebecca Turner) https://github.com/nodejs/node/pull/7410 * readline: Added the `prompt` option to the readline constructor. (Evan Lucas) https://github.com/nodejs/node/pull/7125 * repl / vm: `sigint`/`ctrl+c` will now break out of infinite loops without stopping the Node.js instance. (Anna Henningsen) https://github.com/nodejs/node/pull/6635 * src: - Added a `node::FreeEnvironment` public C++ API. (Cheng Zhao) https://github.com/nodejs/node/pull/3098 - Refactored `require('constants')`, constants are now available directly from their respective modules. (James M Snell) https://github.com/nodejs/node/pull/6534 * stream: Improved `readable.read()` performance by up to 70%. (Brian White) https://github.com/nodejs/node/pull/7077 * timers: `setImmediate()` is now up to 150% faster in some situations. (Andras) https://github.com/nodejs/node/pull/6436 * util: Added a `breakLength` option to `util.inspect()` to control how objects are formatted across lines. (cjihrig) https://github.com/nodejs/node/pull/7499 * v8-inspector: Experimental support has been added for debugging Node.js over the inspector protocol. (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/6792 - Note: This feature is experimental, and it could be altered or removed. - You can try this feature by running Node.js with the `--inspect` flag. Refs: https://github.com/nodejs/node/pull/7441 PR-URL: https://github.com/nodejs/node/pull/7550	9 years ago
Evan Lucas	e427150e75	2016-06-17, Version 6.2.2 (Current) Release Notable changes: * http: - req.read(0) could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) [#7211](https://github.com/nodejs/node/pull/7211) - When freeing the socket to be reused in keep-alive Agent wait for both prefinish and end events. Otherwise the next request may be written before the previous one has finished sending the body, leading to a parser errors. (Fedor Indutny) [#7149](https://github.com/nodejs/node/pull/7149) * npm: upgrade npm to 3.9.5 (Kat Marchán) [#7139](https://github.com/nodejs/node/pull/7139) PR-URL: https://github.com/nodejs/node/pull/7323	9 years ago
Rod Vagg	daafe2c65e	2016-06-02, Version 6.2.1 (Current) * buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or allocUnsafe() as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) https://github.com/nodejs/node/pull/7030 * npm: Upgrade npm to 3.9.3 (Kat Marchán) https://github.com/nodejs/node/pull/7030 * tty: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at https://github.com/nodejs/node/pull/6980. (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/6895 * V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see https://github.com/nodejs/node/issues/6980 for details. (Michaël Zasso) https://github.com/nodejs/node/pull/6928	9 years ago
Evan Lucas	26120e2eb0	2016-05-17, Version 6.2.0 (Stable) - buffer: fix lastIndexOf and indexOf in various edge cases (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511) - child_process: use /system/bin/sh on android (Ben Noordhuis) [#6745](https://github.com/nodejs/node/pull/6745) - deps: - upgrade npm to 3.8.9 (Rebecca Turner) [#6664](https://github.com/nodejs/node/pull/6664) - upgrade to V8 5.0.71.47 (Ali Ijaz Sheikh) [#6572](https://github.com/nodejs/node/pull/6572) - upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) [#6796](https://github.com/nodejs/node/pull/6796) - Intl: ICU 57 bump (Steven R. Loomis) [#6088](https://github.com/nodejs/node/pull/6088) - repl: - copying tabs shouldn't trigger completion (Eugene Obrezkov) [#5958](https://github.com/nodejs/node/pull/5958) - exports `Recoverable` (Blake Embrey) [#3488](https://github.com/nodejs/node/pull/3488) - src: add O_NOATIME constant (Rich Trott) [#6492](https://github.com/nodejs/node/pull/6492) - src,module: add --preserve-symlinks command line flag (James M Snell) [#6537](https://github.com/nodejs/node/pull/6537) - util: adhere to `noDeprecation` set at runtime (Anna Henningsen) [#6683](https://github.com/nodejs/node/pull/6683) As of this release the 6.X line now includes 64-bit binaries for Linux on Power Systems running in big endian mode in addition to the existing 64-bit binaries for running in little endian mode. PR-URL: https://github.com/nodejs/node/pull/6810	9 years ago
James M Snell	c663a6db05	doc: refactor the changelog by version The changelog was getting rather huge and difficult to manage. It also wasn't very useful in terms of being able to quickly find specific Node.js versions, or tracking the history for a single major release stream. This reorganizes the changelog by versions separated out over multiple files. An index of the most recent versions is provided in the main log. PR-URL: https://github.com/nodejs/node/pull/6503 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>	9 years ago

35 Commits (57630adf90a347b47315614a63b750d4838911ae)