-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Node.js to v10.23.3 #12
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/node-10.x
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
July 19, 2018 01:35
3275492
to
7993c46
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
August 1, 2018 21:02
7993c46
to
d72018d
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
August 16, 2018 03:20
d72018d
to
c4af604
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
September 6, 2018 22:27
c4af604
to
46cae5a
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
September 20, 2018 11:42
46cae5a
to
3a7aed2
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
October 10, 2018 22:03
3a7aed2
to
f47e722
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
October 30, 2018 08:55
f47e722
to
ef8af23
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
November 28, 2018 05:56
ef8af23
to
2c4b9d4
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
November 29, 2018 20:49
2c4b9d4
to
b3fba98
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
December 11, 2018 21:58
b3fba98
to
4702231
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
December 26, 2018 16:42
4702231
to
35ef32e
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
January 29, 2019 20:58
35ef32e
to
17ef58a
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
February 28, 2019 13:56
17ef58a
to
596731e
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
March 5, 2019 20:48
596731e
to
48ca6e1
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
June 1, 2019 11:54
48ca6e1
to
9e45280
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
August 10, 2019 07:57
9e45280
to
ebcb415
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
August 20, 2019 09:59
ebcb415
to
5807fb2
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
November 12, 2019 08:59
5807fb2
to
f194285
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
December 21, 2019 22:51
f194285
to
4ec68b8
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
January 18, 2020 19:29
4ec68b8
to
06acabc
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
February 9, 2020 02:55
06acabc
to
6a28636
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
April 28, 2020 05:55
6a28636
to
404efea
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
July 2, 2020 04:58
404efea
to
b82f06c
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
August 25, 2020 01:53
b82f06c
to
75bfce9
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
October 25, 2020 23:59
75bfce9
to
1b341aa
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
November 27, 2020 03:59
1b341aa
to
2aa169e
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
January 7, 2021 03:59
2aa169e
to
53eff0a
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
January 30, 2021 14:59
53eff0a
to
d87dfc8
Compare
renovate
bot
force-pushed
the
renovate/node-10.x
branch
from
February 10, 2021 14:54
d87dfc8
to
b7d1f03
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v10.5.0
->10.23.3
Release Notes
nodejs/node
v10.23.3
Compare Source
Notable changes
The update to npm 6.14.11 has been relanded so that npm correctly reports its version.
Commits
953a85035d
] - crypto: fix crash when calling digest after piping (Tobias Nießen) #28251fe2c98003e
] - deps: upgrade npm to 6.14.11 (Ruy Adorno) #371737b7fb43b8a
] - Revert "deps: upgrade npm to 6.14.11" (Richard Lau) #372781c6fbd6ffe
] - test: add test that verifies crypto stream pipeline (Evan Lucas) #37009v10.23.2
Compare Source
Notable changes
Release keys have been synchronized with the main branch.
Commits
cc6b69557a
] - deps: upgrade npm to 6.14.11 (Darcy Clarke) #36838aefb66528a
] - doc: update contact information for @BethGriggs (Beth Griggs) #3545108931481d8
] - doc: update contact information for richardlau (Richard Lau) #35450bc0617f4ea
] - doc: update release key for Danielle Adams (Danielle Adams) #36793d7c09fcfd3
] - doc: add release key for Danielle Adams (Danielle Adams) #35545ac49d415b0
] - doc: add release key for Ruy Adorno (Ruy Adorno) #34628b8426ae3ce
] - doc: add release key for Richard Lau (Richard Lau) #34397v10.23.1
Compare Source
Notable changes
This is a security release.
Vulnerabilities fixed:
Affected Node.js versions are vulnerable to a use-after-free bug in its
TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method does
not return an error, this object is passed back to the caller as part of
a StreamWriteResult structure. This may be exploited to corrupt memory
leading to a Denial of Service or potentially other exploits
Affected versions of Node.js allow two copies of a header field in a
http request. For example, two Transfer-Encoding header fields. In this
case Node.js identifies the first header field and ignores the second.
This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
Commits
bd44b0ee7f
] - build,win: accept Python 3 if 2 is not available (João Reis) #29236d5c9b09bdc
] - build,win: find Python in paths with spaces (João Reis) #29236323a6f114a
] - deps: update http-parser to http-parser@ec8b5ee
(Richard Lau) nodejs-private/node-private#235f08d0fef64
] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #36571b0608b574a
] - deps: update archs files for OpenSSL-1.1.1i (Richard Lau) #36541d936e1833f
] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #365419c4970715c
] - deps: upgrade npm to 6.14.9 (Myles Borins) #36450aa6b97fb99
] - http: add test for http transfer encoding smuggling (Richard Lau) nodejs-private/node-private#235fc70ce08f5
] - http: unsetF_CHUNKED
on newTransfer-Encoding
(Fedor Indutny) nodejs-private/node-private#2357f178663eb
] - src: use unique_ptr for WriteWrap (Daniel Bevenius) nodejs-private/node-private#238357e2857c8
] - test: add test-tls-use-after-free-regression (Daniel Bevenius) nodejs-private/node-private#238v10.23.0
Compare Source
Notable changes
Commits
b83f9a56fc
] - build: expose napi_build_version variable (NickNaso) #27835020ba1a2b8
] - build: enable backtrace when V8 is built for PPC and S390x (Michaël Zasso) #32113eee9412a8c
] - deps: upgrade npm to 6.14.8 (Ruy Adorno) #34834038593d5ff
] - deps: upgrade npm to 6.14.7 (claudiahdz) #344683564424625
] - deps: V8: cherry-pickeec10a2
(Stephen Belanger) #33778e9e86e1b60
] - http2: support non-empty DATA frame with END_STREAM flag (Carlos Lopez) #33875751820b6c2
] - http2,doc: minor fixes (Alba Mendez) #2804454c2bc2e62
] - (SEMVER-MINOR) n-api: create N-API version 7 (Gabriel Schulhof) #351992eb627301c
] - src: allows escaping NODE_OPTIONS with backslashes (Maël Nison) #240655170d14b36
] - test: fix test-linux-perf flakiness (Matheus Marchini) #2761521b86d7f19
] - test,v8: skip less and stabilize test-linux-perf.js (Refael Ackermann) #27364ee11ab50a7
] - tools: add debug entitlements for macOS 10.15+ (Gabriele Greco) #34378v10.22.1
Compare Source
Notable changes
This is a security release.
Vulnerabilities fixed:
Commits
57badcf93e
] - deps: libuv: cherry-pick0e6e862
(Colin Ihrig) libuv/libuv#2966v10.22.0
Compare Source
Notable changes
napi_detach_arraybuffer
(legendecas) #29768Commits
9915774d18
] - build: log detected compilers in --verbose mode (Richard Lau) #32715145dcc2c1c
] - build: move doc versions JSON file out of out/doc (Richard Lau) #3272824b927ab66
] - build: allow clang 10+ in configure.py (Kamil Rytarowski) #2954197b59527c7
] - deps: upgrade npm to 6.14.6 (claudiahdz) #3424684fca3c691
] - deps: upgrade npm to 6.14.5 (Ruy Adorno) #33239745b329260
] - deps: update archs files for OpenSSL-1.1.1g (Hassaan Pasha) #3298294702c1560
] - deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha) #32982ef9413be1a
] - deps: upgrade openssl sources to 1.1.1f (Hassaan Pasha) #325833acc89f8f2
] - deps: V8: backportcd21f71
(Michaël Zasso) #3386289a306bca9
] - deps: fix V8 compiler error with clang++-11 (Sam Roberts) #3309400f04e3b79
] - doc: fix quotes in tls.md (Sparsh Garg) #33641193d1d0e84
] - doc: document fs.watchFile() bigint option (cjihrig) #321285dab101b03
] - doc,n-api: mark napi_detach_arraybuffer as experimental (legendecas) #30703069b6e14a4
] - http: disable headersTimeout check when set to zero (Paolo Insogna) #33307aaf2f827c6
] - inspector: more conservative minimum stack size (Ben Noordhuis) #27855b744ffd586
] - (SEMVER-MINOR) n-api: implement napi_is_detached_arraybuffer (Denys Otrishko) #30613961598b9be
] - (SEMVER-MINOR) n-api: addnapi_detach_arraybuffer
(legendecas) #297687a109febc4
] - test: remove timers-blocking-callback (Jeremiah Senkpiel) #328703dbd8cd3a9
] - Revert "test: mark empty udp tests flaky on OS X" (Luigi Pinca) #32489543656928c
] - test: flaky test-stdout-close-catch on freebsd (Sam Roberts) #3284974b00cca64
] - tls: allow empty subject even with altNames defined (Jason Macgowan) #22906v10.21.0
Compare Source
Notable changes
This is a security release.
Vulnerabilities fixed:
Commits
0ad7970256
] - deps: fix OPENSSLDIR on Windows (Shigeki Ohtsu) #29456bd78c6ea46
] - deps: backport ICU-20958 to fix CVE-2020-10531 (Richard Lau) #3357233e9a12241
] - (SEMVER-MINOR) deps: update nghttp2 to 1.41.0 (James M Snell) nodejs-private/node-private#204881c244a4e
] - (SEMVER-MINOR) http2: implement support for max settings entries (James M Snell) nodejs-private/node-private#204cd9827f105
] - napi: fix memory corruption vulnerability (Tobias Nießen) nodejs-private/node-private#203v10.20.1
Compare Source
Notable changes
Due to release process failures, Node.js v10.20.0 shipped with source
and header tarballs that did not properly match the final release
commit that was used to build the binaries. We recommend that Node.js
v10.20.0 not be used, particularly in any applications using native
add-ons or where compiling Node.js from source is involved.
Node.js v10.20.1 is a clean release with the correct sources and is
strongly recommended in place of v10.20.0.
v10.20.0
Compare Source
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.
Notable changes
Commits
64744a282e
] - (SEMVER-MINOR) buffer: add {read|write}Big[U]Int64{BE|LE} methods (garygsc) #196918a0ed8f1ff
] - build: macOS package notarization (Rod Vagg) #3145942af3b861a
] - build,win: fix goto exit in vcbuild (João Reis) #30931b164a2e3bf
] - console: add trace-events for time and count (James M Snell) #2370304cd67f85e
] - deps: upgrade npm to 6.14.4 (Ruy Adorno) #324958d85a43d99
] - deps: update term-size with signed version (Rod Vagg) #3145976033c5495
] - deps: update archs files for OpenSSL-1.1.1e (Hassaan Pasha) #3232864c184836b
] - deps: adjust openssl configuration for 1.1.1e (Hassaan Pasha) #32328c8f5ab2089
] - deps: upgrade openssl sources to 1.1.1e (Hassaan Pasha) #32328bf26c44c92
] - deps: remove *.pyc files from deps/npm (Ben Noordhuis) #32387c2b3cf61ce
] - deps: update npm to 6.14.3 (Myles Borins) #323688cae4dde91
] - deps: upgrade npm to 6.14.1 (Isaac Z. Schlueter) #3197747046aa5a9
] - deps: openssl: cherry-pick4dcb150
(Adam Majer) #32002098704c85d
] - deps: upgrade to libuv 1.34.2 (Colin Ihrig) #314774b1cccc4ce
] - deps: upgrade to libuv 1.34.1 (Colin Ihrig) #31332fff6162693
] - (SEMVER-MINOR) deps: upgrade to libuv 1.34.0 (Colin Ihrig) #307836826ef0568
] - deps: upgrade to libuv 1.33.1 (Colin Ihrig) #29996aed7ca4fb0
] - deps: upgrade to libuv 1.32.0 (Colin Ihrig) #29508794abbc758
] - deps: upgrade to libuv 1.31.0 (Colin Ihrig) #29070ed71f55a54
] - deps: upgrade to libuv 1.30.1 (Colin Ihrig) #285117cde563235
] - deps: upgrade to libuv 1.30.0 (Colin Ihrig) #28449b53ce6e6c5
] - deps: upgrade to libuv 1.29.1 (Colin Ihrig) #277189b2b66b7d8
] - deps: V8: cherry-pickd89f4ef
(Milad Farazmand) #317537eac95981e
] - deps: upgrade npm to 6.13.7 (Michael Perrotte) #31558db24641fbe
] - deps: upgrade npm to 6.13.6 (Ruy Adorno) #313042e3d511cff
] - doc: correct version metadata for Readable.from (Dave Vandyke) #3263934c1c2a82b
] - doc: add missing version metadata for Readable.from (Anna Henningsen) #28695aa7d369c72
] - doc: update releaser list in README.md (Myles Borins) #3257705f5b3ecc4
] - doc: remove em dashes (Rich Trott) #32080ffa9f9bd1b
] - doc: fix changelog for v10.18.1 (Andrew Hughes) #313580177464b0e
] - doc,tools: get altDocs versions from CHANGELOG.md (Richard Lau) #27661e9c590ea00
] - (SEMVER-MINOR) n-api: define release 6 (Gabriel Schulhof) #32058239377b654
] - (SEMVER-MINOR) n-api: correct instance data tests (Gabriel Schulhof) #32488ecbb331be0
] - (SEMVER-MINOR) n-api: add napi_get_all_property_names (himself65) #30006f29fb14cf6
] - (SEMVER-MINOR) n-api: add APIs for per-instance state management (Gabriel Schulhof) #2868220177b9946
] - n-api: turn NAPI_CALL_INTO_MODULE into a function (Anna Henningsen) #26128017909b847
] - test: fix tool path in test-doctool-versions.js (Richard Lau) #326451ea70d641d
] - test: fix flaky doctool and test (Rich Trott) #2997989692ff19b
] - test: end tls connection with some data (Sam Roberts) #323289bd1317764
] - test: mark empty udp tests flaky on OS X (Sam Roberts) #319365484e061b5
] - test: scale keepalive timeouts for slow machines (Ben Noordhuis) #308343f9cec3f51
] - test: add debugging output to test-net-listen-after-destroy-stdin (Rich Trott) #31698f1a8791316
] - test: allow EAI_FAIL in test-http-dns-error.js (Colin Ihrig) #275004b9a77909b
] - test: mark tests as flaky (João Reis) #30848a8fd8a1a61
] - test: mark http2 tests as flaky on 10.x (AshCripps) #318872315270cb6
] - test: try to stabalize test-child-process-fork-exec-path.js (Refael Ackermann) #27277a2b0e9ef6a
] - (SEMVER-MINOR) tls: expose keylog event on TLSSocket (Alba Mendez) #276541cfb45732a
] - (SEMVER-MINOR) tls: support TLS min/max protocol defaults in CLI (Sam Roberts) #27946a175b8d3a7
] - tools: only fetch previous versions when necessary (Richard Lau) #325183756be8511
] - tools: add NODE_TEST_NO_INTERNET to the doc builder (Joyee Cheung) #31849ac1ea7312a
] - tools: make doctool work if no internet available (Richard Lau) #30214f235eea8b3
] - tools: unify make-v8.sh for ppc64le and s390x (Richard Lau) #3162861e2d4856d
] - tools: use CC instead of CXX when pointing to gcc (Milad Farazmand) #308174390674624
] - url: handle quasi-WHATWG URLs in urlToOptions() (Colin Ihrig) #26226dc61e09feb
] - v8: fix load elimination liveness checks (Ben Noordhuis) #31613v10.19.0
Compare Source
Notable changes
This is a security release.
Vulnerabilities fixed:
Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
--insecure-http-parser
command line flag, or theinsecureHTTPParser
http option. Using the insecure HTTP parser should be avoided.
Commits
f940bee3b7
] - crypto: fix assertion caused by unsupported ext (Fedor Indutny) nodejs-private/node-private#17549f4220ce5
] - deps: upgrade http-parser to v2.9.3 (Sam Roberts) nodejs-private/http-parser-private#4a28e5cc1ed
] - (SEMVER-MINOR) deps: upgrade http-parser to v2.9.1 (Sam Roberts) #304710082f62d9c
] - (SEMVER-MINOR) http: make --insecure-http-parser configurable per-stream or per-server (Anna Henningsen) #31448a9849c0ff6
] - (SEMVER-MINOR) http: opt-in insecure HTTP header parsing (Sam Roberts) #305672eee90e959
] - http: strip trailing OWS from header values (Sam Roberts) nodejs-private/node-private#191e2c8f89b75
] - test: using TE to smuggle reqs is not possible (Sam Roberts) nodejs-private/node-private#192d616722f65
] - test: check that --insecure-http-parser works (Sam Roberts) #31253v10.18.1
Compare Source
Notable changes
Commits
a80c59130e
] - build: fix configure script to work with Apple Clang 11 (Saagar Jha) #2807168b2b5cc51
] - build,win: propagate error codes in vcbuild (João Reis) #307243e0709cf5e
] - deps: V8: backportfb63e5c
(Michaël Zasso)25b8fbda35
] - doc: allow \<code> in header elements (Rich Trott) #31086a1b095dd46
] - doc,dns: use code markup/markdown in headers (Rich Trott) #310868f3b8ca515
] - http2: fix session memory accounting after pausing (Michael Lehenbauer) #3068420f64a96de
] - http2: use the latest settings (ZYSzys) #2978081c31005fd
] - lib: fix comment nits in bootstrap\loaders.js (Vse Mozhet Byt) #2464188e8b7cf83
] - n-api: correct bug in napi_get_last_error (Octavian Soldea) #2870277e0318849
] - stream: increase MAX_HWM (Robert Nagy) #29938894aaa2040
] - stream: extract Readable.from in its own file (Matteo Collina) #301407e941eb17d
] - test: do not fail SLOW tests if they are not slow (Yang Guo) #258680f3ae77aaf
] - tools: update tzdata to 2019c (Myles Borins) #304794ae8d204cb
] - tools: move python code out of jenkins shell (Sam Roberts) #284584879b80d87
] - tools: fix v8 testing with devtoolset on ppcle (Sam Roberts) #28458v10.18.0
Compare Source
This is a security release.
For more details about the vulnerability please consult the npm blog:
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
Notable changes
Commits
54a466a865
] - build,win: add test-ci-native and test-ci-js (João Reis) #30724f9b31edb25
] - deps: update npm to 6.13.4 (Isaac Z. Schlueter) #30904v10.17.0
Compare Source
Notable changes
Commits
f1a5a36961
] - build: update Windows icon to Feb 2016 rebrand (Mike MacCana) #2852463de2ade85
] - (SEMVER-MINOR) crypto: add support for chacha20-poly1305 for AEAD (chux0519) #240814f0f12c3d6
] - crypto: fix rsa key gen with non-default exponent (Sam Roberts) #270927735824d2c
] - (SEMVER-MINOR) crypto: increase maxmem range from 32 to 53 bits (Tobias Nießen) #28799e53dbba6bc
] - deps: update npm to 6.11.3 (claudiahdz) #2943055cd01c5c3
] - (SEMVER-MINOR) deps: update npm to 6.10.3 (isaacs) #29023e2291cf805
] - deps: upgrade npm to 6.10.2 (isaacs) #2885303b69660f9
] - deps: upgrade npm to 6.10.0 (isaacs) #28525333963ef73
] - deps: dlloads node static linked executable (Luca Lindhorst) #280457202792ad3
] - deps: update archs files for OpenSSL-1.1.1d (Sam Roberts) #299219c393f1d02
] - deps: upgrade openssl sources to 1.1.1d (Sam Roberts) #299217f48519413
] - deps: do not link against librt (Sam Roberts) #29729fcc22d31a0
] - (SEMVER-MINOR) dns: make dns.promises enumerable (cjihrig) #26592fa27aac5fb
] - (SEMVER-MINOR) dns: remove dns.promises experimental warning (cjihrig) #2659290fb146933
] - (SEMVER-MINOR) doc: move dns.promises to stable status (cjihrig) #2659265e68d1f4f
] - doc: add documentation for stream readableFlowing (Chetan Karande) #29506c285e694e2
] - doc: fix the links tls default version sections (Chetan Karande) #28827cef5010135
] - doc: describe tls.DEFAULT_MIN_VERSION/_MAX_VERSION (Chetan Karande) #2882715c2eb0e58
] - doc: update N-API version matrix (Gabriel Schulhof) #29461a3eda2896d
] - doc: fixup changelog for v10.16.3 (Andrew Hughes) #2915956a834a53f
] - doc,test: clarify that Http2Stream is destroyed after data is read (Alba Mendez) #2789185ce8ef19a
] - (SEMVER-MINOR) fs: remove experimental warning for fs.promises (Anna Henningsen) #26581ccf2823f83
] - (SEMVER-MINOR) http: makes response.writeHead return the response (Mark S. Everitt) #2597466387cd45e
] - http2: send out pending data earlier (Anna Henningsen) #29398925849650b
] - (SEMVER-MINOR) http2: makes response.writeHead return the response (Mark S. Everitt) #2597469b0212df3
] - http2: do not start reading after write if new write is on wire (Anna Henningsen) #2939936a0e9a063
] - http2: do not crash on stream listener removal w/ destroyed session (Anna Henningsen) #29459c74c6a5ccf
] - n-api: mark version 5 N-APIs as stable (Gabriel Schulhof) #29401f8622762e3
] - (SEMVER-MINOR) n-api: make func argument of napi_create_threadsafe_function optional (legendecas) #277914f41e4f471
] - (SEMVER-MINOR) n-api: implement date object (Jarrod Connolly) #2591769bf5b7944
] - net: treat ENOTCONN at shutdown as success (Anna Henningsen) #29912d6c998a478
] - process: use public readableFlowing property (Chetan Karande) #29502b43d7e8f42
] - (SEMVER-MINOR) process: add --unhandled-rejections flag (Ruben Bridgewater) #2659979f3844fb0
] - (SEMVER-MINOR) readline: make Symbol.asyncIterator support stable (Matteo Collina) #2698918b140ae75
] - src: use maybe version v8::Function::Call (Ouyang Yadong) #238261bb5102999
] - src: use more explicit return type in Sign::SignFinal() (Anna Henningsen) #23779859d47593e
] - src: reduce platform worker barrier lifetime (Ali Ijaz Sheikh) #2341900831f0293
] - (SEMVER-MINOR) stream: make Symbol.asyncIterator support stable (Matteo Collina) #26989ddb5152e9b
] - (SEMVER-MINOR) stream: implement Readable.from async iterator utility (Guy Bedford) #2766013d8549abd
] - test: well-defined DH groups now verify clean (Sam Roberts) #29550f78ecc3f93
] - test: fix race in test-http2-origin (Alba Mendez) #289032afbb3efab
] - test,win: cleanup exec-timeout processes (João Reis) #28723fe58bca878
] - tls: group chunks into TLS segments (Alba Mendez) #278612eae030a4b
] - (SEMVER-MINOR) worker: add missing return value in case of fatal exceptions (Ruben Bridgewater) #29036e8c90bf4d1
] - zlib: do not coalesce multiple.flush()
calls (Anna Henningsen) #28520v10.16.3
Compare Source
Notable changes
This is a security release.
Node.js, as well as many other implementations of HTTP/2, have been found
vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.
Vulnerabilities fixed:
Commits
74507fae34
] - deps: update nghttp2 to 1.39.2 (Anna Henningsen) #29122a397c881ec
] - deps: update nghttp2 to 1.39.1 (gengjiawen) #28448fedfa12a33
] - deps: update nghttp2 to 1.38.0 (gengjiawen) #27295ab0f2ace36
] - deps: update nghttp2 to 1.37.0 (gengjiawen) #269900acbe05ee2
] - http2: allow security revert for Ping/Settings Flood (Anna Henningsen) #29122c152449012
] - http2: pause input processing if sending output (Anna Henningsen) #291220ce699c7b1
] - http2: stop reading from socket if writes are in progress (Anna Henningsen) #2912217357d37a9
] - http2: consider 0-length non-end DATA frames an error (Anna Henningsen) #29122460f896c63
] - http2: shrink defaultvector::reserve()
allocations (Anna Henningsen) #29122f4242e24f9
] - http2: handle 0-length headers better (Anna Henningsen) #29122477461a51f
] - http2: limit number of invalid incoming frames (Anna Henningsen) #2912205dada46ee
] - http2: limit number of rejected stream openings (Anna Henningsen) #291227f11465572
] - http2: do not create ArrayBuffers when no DATA received (Anna Henningsen) #291222eb914ff5f
] - http2: only call into JS when necessary for session events (Anna Henningsen) #2912276a7ada15d
] - http2: improve JS-side debug logging (Anna Henningsen) #2912200f153da13
] - http2: improve http2 code a bit (James M Snell) #23984a0a14c809f
] - src: pass along errors from http2 object creation (Anna Henningsen) #25822d85e4006ab
] - test: apply test-http2-max-session-memory-leak from v12.x (Anna Henningsen) #29122v10.16.2
Compare Source
Notable changes
This release patches a regression in the OpenSSL upgrade to 1.1.1c that causes intermittent hangs in machines that have low entropy.
Commits
894a9dd230
] - deps: cherry-pickc19c5a6
from openssl upstream (Ali Ijaz Sheikh) #28983v10.16.1
Compare Source
Notable changes
\_read()
onresume()
(Anna Henningsen) #26965Commits
65ef26fdcb
] - async_hooks: avoid double-destroy HTTPParser (Gerhard Stoebich) #274778f5d6cf5f5
] - deps: update archs files for OpenSSL-1.1.1c (Sam Roberts) #282129e62852724
] - deps: upgrade openssl sources to 1.1.1c (Sam Roberts) #28212c59e0c256d
] - deps: updated openssl upgrade instructions (Sam Roberts) #28212609d2b9ea4
] - deps: V8: backportf27ac28
(Michaël Zasso) #280618f780e8f99
] - deps: cherry-pick88f8fe1
from upstream V8 (Yang Guo) #24514ad588eb5fc
] - doc: adjust TOC margins (Roman Reiss) #28075b3d8a1b1d0
] - doc: add missing changes entry (Ruben Bridgewater) [#Renovate configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.