Notable changes The update to npm 6.14.11 has been relanded so that npm correctly reports its version. Commits [ 1953a85035d ] – crypto: fix crash when calling digest after piping (Tobias Nießen) #28251 [ 1fe2c98003e ] – deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 [ 17b7fb43b8a ] – Revert Read more…
Notable Changes deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 V8: backport dfcf1e86fac0 (Michaël Zasso) #37245 Note: Node.js is not believed to be vulnerable to CVE-2021-21148. stream,zlib: do not use _stream_* anymore (Matteo Collina) #36618 Commits [ 120b1e6c802 ] – deps: V8: backport dfcf1e86fac0 (Michaël Zasso) #37245 [ 1408c7a65f3 ] Read more…
Notable Changes This release marks the transition of Node.js 14.x into Long Term Support (LTS) with the codename ‘Fermium’. The 14.x release line now moves into “Active LTS” and will remain so until October 2021. After that time, it will move into “Maintenance” until end of life in April 2023. Read more…
Notable changes Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, Read more…
Notable Changes OpenSSL-1.1.1i OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL – EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt Contributed by Myles Borins #36520. Extended support for 1AbortSignal in child_process and stream The Read more…
Notable Changes Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details. Commits [ 14264d9aa67 ] – Revert “http: lazy create IncomingMessage.headers” (Beth Griggs) #36553 Windows 32-bit Installer: https://nodejs.org/dist/v14.15.3/node-v14.15.3-x86.msi Windows 64-bit Read more…
Notable Changes deps: upgrade npm to 6.14.9 (Myles Borins) #36450 update acorn to v8.0.4 (Michaël Zasso) #35791 doc: add release key for Danielle Adams (Danielle Adams) #35545 http2: check write not scheduled in scope destructor (David Halls) #36241 stream: fix regression on duplex end (Momtchil Momtchev) #35941 Commits [ 1c508bfc66b Read more…
Notable Changes child_processes: add AbortSignal support (Benjamin Gruenbaum) #36308 deps: update ICU to 68.1 (Michaël Zasso) #36187 events: support signal in EventTarget (Benjamin Gruenbaum) #36258 graduate Event, EventTarget, AbortController (James M Snell) #35949 http: enable call chaining with setHeader() (pooja d.p) #35924 module: add isPreloading indicator (James M Snell) #36263 Read more…
Notable Changes crypto: update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546 deps: update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435 (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333 doc: add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542 fs: (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134 http: (SEMVER-MINOR) Read more…
Notable Changes [ 16349b1d673 ] – (SEMVER-MINOR) dns: add a cancel() method to the promise Resolver (Szymon Marczak) #33099 [ 19ce9b016e6 ] – (SEMVER-MINOR) events: add max listener warning for EventTarget (James M Snell) #36001 [ 18390f8a86b ] – (SEMVER-MINOR) http: add support for abortsignal to http.request (Benjamin Gruenbaum) #36048 Read more…
