-
Notifications
You must be signed in to change notification settings - Fork 29.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src,process: initial permission model implementation #44004
src,process: initial permission model implementation #44004
Conversation
Review requested:
|
fcf1607
to
d7d7854
Compare
2978c49
to
ca0ebe3
Compare
Awesome work! |
If |
Yes rafaelgss@rafaelgss-desktop:~/repos/os/node$ ./node --policy-deny-fs=fs example.js
node:internal/modules/cjs/loader:157
const result = internalModuleStat(filename);
^
Error: Access to this API has been restricted
at stat (node:internal/modules/cjs/loader:157:18)
at Module._findPath (node:internal/modules/cjs/loader:531:16)
at resolveMainPath (node:internal/modules/run_main:19:25)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:71:24)
at node:internal/main/run_main_module:17:47 {
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemIn'
}
Node.js v19.0.0-pre |
Don't we actually want the opposite (in common use cases)? |
The problem is that it would block the Node.js internal functions. Node.js can't bypass those permissions since it runs the same code as the userland. If you deny access to the most of the file system, you would need to grant access to all internally needed FS operations manually. I've talked to @jasnell and @addaleax previously and I don't think we're able to bypass Node.js needs without the complexity and compromising the security. |
To be fair, it’s probably quite a bit of work, but that doesn’t mean it isn’t worth doing. (This is something I’d not consider part of the initial implementation here, though.) |
How is that going to work? For example, what prevents user code from creating a symlink from |
Maybe we can allow changing the process policy only in the user land code and not in packages |
I assume you know about https://nodejs.org/api/policy.html ? Shouldn’t the configuration for this be part of that? |
Given that @addaleax has already left a ton of comments, I'll wait a bit until those are resolved before going through and reviewing myself. Overall, however, on first read through things are looking pretty solid here. Happy to see this moving forward |
b5fec69
to
c8494fc
Compare
As mentioned in the description, this behavior wasn't addressed yet. I suggest discussing it in the next iteration (when all the code-review are fully resolved)
Yes. Honestly, this is quite different from the current policy behavior. We can discuss the nomenclature for sure, however, I suggest having this discussion later in this PR. |
I think this is something that needs to be answered before this PR (or any PR with a path-based fs permissions model) can be merged, though. |
Sure, I will. What I meant by "next iteration" is the next round of review after addressing the list mentioned in the PR description 😄 |
I don’t think we can land a PR that adds a |
That's indeed a good point. I'll mention it in the next Security WG. If you have any nomenclature suggestions, please raise them here 😄 |
Looking in https://nodejs.org/api/policy.html, that feature is file/specifier specific, like “disable access to So I think maybe you could add a top-level section to that I agree there’s value in being able to define broad-brush permissions via a flag without needing a config file all the time (like if all the user wants to do is disable FS access or child processes or whatever, without getting into per-specifier definitions), so it’s probably worthwhile to keep the flag that this PR adds in addition to supporting the same via |
c8494fc
to
4dbc8ac
Compare
Adding Note to Node.js users: we've decided to drop the |
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (wwwzbwcom) #45597 * [4b08c4c] - (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) #47202 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [8b51c1a] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [7efae93] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 sea: * use JSON configuration and blob content for SEA (Joyee Cheung) #47125 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (Marco Ippolito) #45597 * [4b08c4c] - (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) #47202 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [8b51c1a] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [7efae93] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 sea: * use JSON configuration and blob content for SEA (Joyee Cheung) #47125 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (Marco Ippolito) #45597 * [4b08c4c] - (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) #47202 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [8b51c1a] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [7efae93] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441 Signed-off-by: RafaelGSS <[email protected]>
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 esm: * move hook execution to separate thread (Jacob Smith) #44710 sea: * use JSON configuration and blob content for SEA (Joyee Cheung) #47125 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (Marco Ippolito) #45597 * [4b08c4c] - (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) #47202 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [8b51c1a] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [7efae93] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441 Signed-off-by: RafaelGSS <[email protected]>
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 esm: * move hook execution to separate thread (Jacob Smith) #44710 sea: * use JSON configuration and blob content for SEA (Joyee Cheung) #47125 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (Marco Ippolito) #45597 * [4b08c4c] - (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) #47202 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [8b51c1a] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [7efae93] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441 Signed-off-by: RafaelGSS <[email protected]>
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 esm: * move hook execution to separate thread (Jacob Smith) #44710 sea: * use JSON configuration and blob content for SEA (Joyee Cheung) #47125 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (Marco Ippolito) #45597 * [4b08c4c] - (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) #47202 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [8b51c1a] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [7efae93] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441 Signed-off-by: RafaelGSS <[email protected]>
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 esm: * move hook execution to separate thread (Jacob Smith) #44710 sea: * use JSON configuration and blob content for SEA (Joyee Cheung) #47125 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (wwwzbwcom) #45597 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [55321ba] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [4b52727] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441 Signed-off-by: RafaelGSS <[email protected]>
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 esm: * move hook execution to separate thread (Jacob Smith) #44710 sea: * use JSON configuration and blob content for SEA (Joyee Cheung) #47125 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (wwwzbwcom) #45597 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [55321ba] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [4b52727] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441 Signed-off-by: RafaelGSS <[email protected]>
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 esm: * move hook execution to separate thread (Jacob Smith) #44710 sea: * use JSON configuration and blob content for SEA (Joyee Cheung) #47125 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (wwwzbwcom) #45597 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [55321ba] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [4b52727] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441 Signed-off-by: RafaelGSS <[email protected]>
Notable Changes: crypto: * (SEMVER-MAJOR) use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 deps: * update ada to 2.0.0 (Node.js GitHub Bot) #47339 esm: * move hook execution to separate thread (Jacob Smith) #44710 sea: * use JSON configuration and blob content for SEA (Joyee Cheung) #47125 src,process: * (SEMVER-MINOR) add permission model (Rafael Gonzaga) #44004 url: * drop ICU requirement for parsing hostnames (Yagiz Nizipli) #47339 * use ada::url_aggregator for parsing urls (Yagiz Nizipli) #47339 * (SEMVER-MAJOR) runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 Semver-Major Commits: * [9fafb0a] - (SEMVER-MAJOR) async_hooks: deprecate the AsyncResource.bind asyncResource property (James M Snell) #46432 * [1948d37] - (SEMVER-MAJOR) buffer: check INSPECT_MAX_BYTES with validateNumber (Umuoy) #46599 * [7bc0e6a] - (SEMVER-MAJOR) buffer: graduate File from experimental and expose as global (Khafra) #47153 * [671ffd7] - (SEMVER-MAJOR) buffer: use min/max of `validateNumber` (Deokjin Kim) #45796 * [ab1614d] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #47251 * [c1bcdbc] - (SEMVER-MAJOR) build: warn for gcc versions earlier than 10.1 (Richard Lau) #46806 * [649f68f] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Yagiz Nizipli) #45579 * [9374700] - (SEMVER-MAJOR) crypto: remove DEFAULT_ENCODING (Tobias Nießen) #47182 * [1640aeb] - (SEMVER-MAJOR) crypto: remove obsolete SSL_OP_* constants (Tobias Nießen) #47073 * [c2e4b1f] - (SEMVER-MAJOR) crypto: remove ALPN_ENABLED (Tobias Nießen) #47028 * [3ef38c4] - (SEMVER-MAJOR) crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #46067 * [08af023] - (SEMVER-MAJOR) crypto: runtime deprecate replaced rsa-pss keygen parameters (Filip Skokan) #45653 * [7eb0ac3] - (SEMVER-MAJOR) deps: patch V8 to support compilation on win-arm64 (Michaël Zasso) #47251 * [a7c129f] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #47251 * [6f5655a] - (SEMVER-MAJOR) deps: always define V8_EXPORT_PRIVATE as no-op (Michaël Zasso) #47251 * [f226350] - (SEMVER-MAJOR) deps: update V8 to 11.3.244.4 (Michaël Zasso) #47251 * [d6dae74] - (SEMVER-MAJOR) deps: V8: cherry-pick f1c888e7093e (Michaël Zasso) #45579 * [56c4365] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #45579 * [51ab98c] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #45579 * [9f84d3e] - (SEMVER-MAJOR) deps: V8: fix v8-cppgc.h for MSVC (Jiawen Geng) #45579 * [f2318cd] - (SEMVER-MAJOR) deps: fix V8 build issue with inline methods (Jiawen Geng) #45579 * [16e03e7] - (SEMVER-MAJOR) deps: update V8 to 10.9.194.4 (Yagiz Nizipli) #45579 * [6473f5e] - (SEMVER-MAJOR) doc: update toolchains used for Node.js 20 releases (Richard Lau) #47352 * [cc18fd9] - (SEMVER-MAJOR) events: refactor to use `validateNumber` (Deokjin Kim) #45770 * [ff92b40] - (SEMVER-MAJOR) http: close the connection after sending a body without declared length (Tim Perry) #46333 * [2a29df6] - (SEMVER-MAJOR) http: keep HTTP/1.1 conns alive even if the Connection header is removed (Tim Perry) #46331 * [391dc74] - (SEMVER-MAJOR) http: throw error if options of http.Server is array (Deokjin Kim) #46283 * [ed3604c] - (SEMVER-MAJOR) http: server check Host header, to meet RFC 7230 5.4 requirement (wwwzbwcom) #45597 * [88d71dc] - (SEMVER-MAJOR) lib: refactor to use min/max of `validateNumber` (Deokjin Kim) #45772 * [e4d641f] - (SEMVER-MAJOR) lib: refactor to use validators in http2 (Debadree Chatterjee) #46174 * [0f3e531] - (SEMVER-MAJOR) lib: performance improvement on readline async iterator (Thiago Oliveira Santos) #41276 * [5b5898a] - (SEMVER-MAJOR) lib,src: update exit codes as per todos (Debadree Chatterjee) #45841 * [55321ba] - (SEMVER-MAJOR) net: enable autoSelectFamily by default (Paolo Insogna) #46790 * [2d0d997] - (SEMVER-MAJOR) process: remove `process.exit()`, `process.exitCode` coercion to integer (Daeyeon Jeong) #43716 * [dc06df3] - (SEMVER-MAJOR) readline: refactor to use `validateNumber` (Deokjin Kim) #45801 * [295b2f3] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 115 (Michaël Zasso) #47251 * [3803b02] - (SEMVER-MAJOR) src: share common code paths for SEA and embedder script (Anna Henningsen) #46825 * [e8bddac] - (SEMVER-MAJOR) src: apply ABI-breaking API simplifications (Anna Henningsen) #46705 * [f84de0a] - (SEMVER-MAJOR) src: use uint32_t for process initialization flags enum (Anna Henningsen) #46427 * [a624277] - (SEMVER-MAJOR) src: fix ArrayBuffer::Detach deprecation (Michaël Zasso) #45579 * [dd5c39a] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 112 (Yagiz Nizipli) #45579 * [63eca7f] - (SEMVER-MAJOR) stream: validate readable defaultEncoding (Marco Ippolito) #46430 * [9e7093f] - (SEMVER-MAJOR) stream: validate writable defaultEncoding (Marco Ippolito) #46322 * [fb91ee4] - (SEMVER-MAJOR) test: make trace-gc-flag tests less strict (Yagiz Nizipli) #45579 * [eca6180] - (SEMVER-MAJOR) test: adapt test-v8-stats for V8 update (Michaël Zasso) #45579 * [c03354d] - (SEMVER-MAJOR) test: test case for multiple res.writeHead and res.getHeader (Marco Ippolito) #45508 * [c733cc0] - (SEMVER-MAJOR) test_runner: mark module as stable (Colin Ihrig) #46983 * [7ce2232] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.1 (Michaël Zasso) #47251 * [ca4bd30] - (SEMVER-MAJOR) tools: update V8 gypfiles for 11.0 (Michaël Zasso) #47251 * [58b06a2] - (SEMVER-MAJOR) tools: update V8 gypfiles (Michaël Zasso) #45579 * [027841c] - (SEMVER-MAJOR) url: use private properties for brand check (Yagiz Nizipli) #46904 * [3bed5f1] - (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 * [7c76fdd] - (SEMVER-MAJOR) util,doc: mark parseArgs() as stable (Colin Ihrig) #46718 * [4b52727] - (SEMVER-MAJOR) wasi: make version non-optional (Michael Dawson) #47391 Signed-off-by: RafaelGSS <[email protected]> PR-URL: #47441 Signed-off-by: RafaelGSS <[email protected]>
Reference issue: nodejs/security-wg#791
The tagged issue contains the initial proposal for this MVP. This Pull Request includes the foundation of the Permission Model.
Constraints
This Permission Model is not bulletproof, which means, there are constraints we agree on before landing this system:
API Design
The Node.js Permission Model is a mechanism to restrict access to specific resources during the program execution. The API exists behind a flag
--experimental-permission
which when enabled, will restrict access to all available permissions.Currently, the available permissions are:
--allow-fs-read
and--allow-fs-write
flags--allow-child-process
flag--allow-worker
flagTherefore, when starting a Node.js process with
--experimental-permission
,the ability to access the filesystem, spawn process and,
create worker_threads will be restricted.
The CLI Arguments
To allow access to the filesystem, use the
--allow-fs-read
and--allow-fs-write
flags:The valid arguments for both flags are:
*
- To allow all operations to given scope (read/write).Example:
--allow-fs-read=/tmp/
- It will allowFileSystemRead
access to the/tmp/
folder--allow-fs-read=/tmp/,/home/.gitignore
- It allowsFileSystemRead
access to the/tmp/
folder and the/home/.gitignore
file — Relative paths are NOT supported.You can also mix both arguments:
--allow-fs-write=* --allow-fs-read=/tmp/
- It will allowFileSystemRead
access to the/tmp/
folder and allow all theFileSystemWrite
operations.Note: It accepts wildcard parameters as well. For instance:
--allow-fs-write=/home/test*
will allow everything that matches the wildcard. e.g:/home/test/file1
//home/test2
Note: I rather prefer reading those arguments from a file (
policy-deny.json
), instead passing them in the command line. However, to reduce the PR scope, I've decided to do it in a separate PR.The API Arguments
A new property
permission
was added to theprocess
module. The property contains two functions:deny(scope [,parameters])
API Call to deny permissions at runtime. e.g(REMOVED)has(scope [,parameters])
API Call to check permissions at runtime. e.g:
Future implementations
The implementation of the next features like “net” or “env” will be easily possible just by creating a new
net_permission.h
and implementing thePermissionBase
methods.FAQ
The user should be able to grant permissions in runtime?
No. Much like with other well-known and well-used permissions systems, code ought to be able to decide it can drop privileges, but never be able to grant itself any expanded privileges.
Can I deny permissions to just a specific module?
No. The permission system is process-scoped. You can use the [policy](https://nodejs.org/api/policy.html) to restrict module access.
What if I spawn a process, it will inherit the root permissions?
A process that has --experimental-permission will not be able to spawn a child process by default. If the user explicitly allows it to spawn a child process, then it will be the user's responsibility to pass along the correct arguments.
Benchmarks
This feature adds a very low overhead (if any), either enabled or disabled). Please, note I'm measuring only the feature usage without restricted files/resources (a better benchmark suite will be created in subsequent PRs). The principal behavior is that it doesn't add overhead to the main
fs
usage. For example, using thebenchmark/fs/readfile.js
comparisson between
main
and this PR (permission model disabled)comparisson enabling permission model (this branch)
Additional Considerations
THROW_IF_INSUFFICIENT_PERMISSIONS
work, I had to makereq_wrap
weak, reverting the behaviour documented in fs: do not throw exception after creating FSReqCallback #35487. I was talking to @addaleax and it shouldn’t break anything. (See: src: make ReqWrap weak #44074)cc: @nodejs/security-wg