Update Node.js to v14.17.6

[renovate]

This PR contains the following updates:

Package	Update	Change
node	minor	14.4.0 -> 14.17.6

---

Release Notes

nodejs/node

v14.17.6

Compare Source

This is a security release.

Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803
and CVE-2021-32804.
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.

You can read more about it in:

• CVE-2021-37701
• CVE-2021-37712
• CVE-2021-37713
• CVE-2021-39134
• CVE-2021-39135

Commits

• [5b3f70bfb5] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #​39868
• [71372625ae] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #​39868
• [4276984803] - deps: upgrade npm to 6.14.15 (Darcy Clarke) #​39856

v14.17.5

Compare Source

This is a security release.

Notable Changes

• CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
  • Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
• CVE-2021-22930: Use after free on close http2 on stream canceling (High)
  • Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930.
• CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
  • If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.

Commits

• [4923b59e0b] - deps: update c-ares to 1.17.2 (Beth Griggs) #​39724
• [847a4c6a8a] - deps: reflect c-ares source tree (Beth Griggs) #​39653
• [33208e2f89] - deps: apply missed updates from c-ares 1.17.1 (Beth Griggs) #​39653
• [af5c1af9a4] - http2: add tests for cancel event while client is paused reading (Akshay K) #​39622
• [434872e838] - http2: update handling of rst_stream with error code NGHTTP2_CANCEL (Akshay K) #​39622
• [35b86110e4] - tls: validate "rejectUnauthorized: undefined" (Matteo Collina) nodejs-private/node-private#​276

v14.17.4

Compare Source

This is a security release.

Notable Changes

• CVE-2021-22930: Use after free on close http2 on stream canceling (High)
  • Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930

This releases also fixes some regressions with internationalization introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

Commits

• [86477b2b53] - benchmark: output JSON-compatible numbers (Michaël Zasso) #​38778
• [f9693cf0a0] - benchmark: fix http elapsed time (Antoine du Hamel) #​38743
• [1ab4f81abc] - build: fix building with external builtins (Momtchil Momtchev) #​39091
• [a657f250f1] - build: reconfigure when gyp files change on Windows (Joyee Cheung) #​39066
• [6962c647d6] - Revert "build: work around bug in MSBuild v16.10.0" (Michaël Zasso) #​38977
• [069cf59e56] - build: make build-addons errors fail the build (Richard Lau) #​38983
• [d341561ae0] - build: fix commit-queue default branch (Mary Marchini) #​38998
• [0736dd833a] - build: don't pass python override to V8 build (Richard Lau) #​38969
• [49a000683a] - build: correct Xcode spelling in .gitignore (bl-ue) #​38895
• [1ffbe3d5da] - build: remove outdated dont-land-on-v6.x label (Michaël Zasso) #​38886
• [7f53a0b349] - build: add lto build to CI (Jiawen Geng) #​38567
• [a6f8ba8f0c] - build: allow LTO with Clang 3.9.1+ (Jesse Chan) #​38751
• [b5b1d1fb79] - build: replace non-POSIX test -a|o (Issam E. Maghni) #​38731
• [fc2b1ec308] - child_process: refactor to use validateBoolean (Qingyu Deng) #​38927
• [55ea29eedd] - child_process: retain reference to data with advanced serialization (Anna Henningsen) #​38728
• [716ee1531c] - debugger: rename internal library for clarity (Rich Trott) #​39080
• [b7ee9d8287] - debugger: use ERR_DEBUGGER_STARTUP_ERROR in _inspect.js (Rich Trott) #​39024
• [5d4d23dcf3] - debugger: use error codes in debugger REPL (Rich Trott) #​39024
• [a3991d7c18] - debugger: use ERR_DEBUGGER_ERROR in debugger client (Rich Trott) #​39024
• [052e1c5385] - debugger: removed unused function argument (Rich Trott) #​38850
• [f9a4dcb30c] - debugger: refactor inspect_repl to use primordials (Antoine du Hamel) #​38551
• [ad8056659f] - debugger: refactor to use internal modules (Antoine du Hamel) #​38550
• [b5724a1984] - debugger: disable only the lint rules required by current file state (Rich Trott) #​38529
• [34659f2b7a] - debugger: avoid non-ASCII char in code file (Rich Trott) #​38529
• [ae90756582] - debugger: wrap lines longer than 80 chars (Rich Trott) #​38529
• [b30ff35a36] - debugger: align message with Node.js standard (Rich Trott) #​38400
• [d74d67f207] - debugger: remove unnecessary boilerplate copyright comment (Rich Trott) #​38952
• [e58f938ab3] - debugger: enable linter on internal/inspector/inspect_client (Antoine du Hamel) #​38417
• [249acd5e69] - debugger: reduce scope of eslint disable comment (Rich Trott) #​38946
• [0ef5e088c0] - debugger: revise async iterator usage to comply with lint rules (Rich Trott) #​38847
• [79bfb0416b] - debugger: wait for V8 debugger to be enabled (Michaël Zasso) #​38811
• [721edeffd3] - debugger: refactor internal/inspector/_inspect to use more primordials (Antoine du Hamel) #​38406
• [21ecee1b4b] - debugger: add usage example for --port (Rafael Gonzaga) #​38400
• [cde72213d1] - Revert "debugger: rename internal library for clarity" (Antoine du Hamel) #​39446
• [4c2b813799] - debugger: rename internal library for clarity (Rich Trott) #​39080
• [61da371251] - debugger: apply automatic lint fixes for inspect_repl.js (Rich Trott) #​38411
• [8dd1f70fe3] - debugger: apply automatic lint fixes for _inspect.js (Rich Trott) #​38411
• [fb0ab4c034] - debugger: removed unused function argument (Rich Trott) #​38850
• [9e28c6c946] - debugger: fix race condition/deadlock on initialization (Rich Trott) #​38161
• [a8924fa0fb] - debugger: replace internal use of deprecated API (Rich Trott) #​38161
• [22afb7cbe6] - debugger: allow longer time to connect (Rich Trott) #​38161
• [b172e6f436] - debugger: accommodate line chunking in Windows (Rich Trott) #​38161
• [1da692185a] - debugger: fix inspect restart on Windows (Rich Trott) #​38161
• [0321c5b194] - debugger: remove unused code (Rich Trott) #​38161
• [8bd2a3926a] - debugger: move node-inspect to internal library (Rich Trott) #​38161
• [acf5279c39] - deps: upgrade npm to 6.14.14 (Darcy Clarke) #​39553
• [4efefe02a8] - deps: V8: backport ae7bfb3 (Michaël Zasso) #​39051
• [5039f21396] - deps: V8: backport 16ffec9 (Michaël Zasso) #​39051
• [9b69069f71] - deps: V8: cherry-pick b0a7f56 (Michaël Zasso) #​39051
• [4213e97d26] - deps: V8: cherry-pick 81181a8 (thomasmichaelwallace) #​39187
• [ccecea5f72] - deps: restore minimum ICU version to 65 (Richard Lau) #​39068
• [7557e74cf4] - deps: V8: update build dependencies (Michaël Zasso) #​39244
• [a60a960406] - deps: V8: cherry-pick 8959494 (Michaël Zasso) #​39244
• [7fdd6ecbb4] - deps: V8: cherry-pick 0b3a4ec (Michaël Zasso) #​39244
• [4be2e878b7] - deps: V8: cherry-pick 7c182bd (Michaël Zasso) #​39244
• [a83b01a4af] - deps: V8: cherry-pick 92e6d33 (Michaël Zasso) #​39244
• [17eb561184] - deps: V8: backport 1b1eda0 (Michaël Zasso) #​39244
• [04032fa1a3] - doc: remove references to deleted freenode channels (devsnek) #​39047
• [797bd73849] - doc: add missing parameter types (Voltrex) #​39013
• [e474e984e5] - doc: clarify that only one Python version is required to build (bl-ue) #​38894
• [cd48ee71d9] - doc: fixed typo in process.md (Derevianchenko Maksym) #​38941
• [41fcbad2b2] - doc: add missing semis after classes (Darshan Sen) #​38931
• [b40529643b] - doc: mark util.inherits as legacy (Voltrex) #​38896
• [b2d836b1ea] - doc: clarify when readable._read(...) is called (Shaun Keys) #​38726
• [e36d2a6d6a] - doc: fixed typo in n-api.md (julianjany) #​38822
• [b4f60bb523] - doc: use "Long Term Support" in collaborator guide (Rich Trott) #​38841
• [7a9850a5fb] - doc: use "Long Term Support" in technical values doc (Rich Trott) #​38841
• [dfe9698db0] - doc: use "Long Term Support" in README (Philip) #​38839
• [8699e622fc] - doc: fix grammar in fs.md (yotamselementor) #​38818
• [826ae9b2e2] - doc: fixup code sample in http.md (TodorTotev) #​38776
• [8049b69b7f] - doc: document null target pattern (Guy Bedford) #​38724
• [4d9129eb71] - doc: update code examples for node:url module (fisker Cheung) #​38645
• [2ff671e4c4] - doc,url: clarify domainTo* when built without ICU (Darshan Sen) #​38789
• [9b993edca8] - errors: add ERR_DEBUGGER_STARTUP_ERROR (Rich Trott) #​39024
• [cfccf13e84] - errors: add ERR_DEBUGGER_ERROR (Rich Trott) #​39024
• [bb9a9adc2b] - errors: don't rekey on primitive type (Benjamin Coe) #​39025
• [d48b91ea2b] - http2: on receiving rst_stream with cancel code add it to pending list (Akshay K) #​39423
• [d8cc2fffd6] - lib: add primordials.SafeArrayIterator (Antoine du Hamel) #​36532
• [e3223edb89] - lib: harden lint checks for globals (Antoine du Hamel) #​38419
• [d4f96bb926] - lib: enforce using primordials.globalThis instead of global (Antoine du Hamel) #​38230
• [ea9003a559] - lib: add globalThis to primordials (Antoine du Hamel) #​38211
• [097a7874d3] - lib: remove semicolon in preparation for babel/eslint-parser update (Rich Trott) #​39094
• [199fe32cbc] - lib: make internal/options lazy (Joyee Cheung) #​38993
• [2bc2a232af] - lib: add JSDoc typings for child_process (Voltrex) #​38222
• [b0a1984d4d] - lib: fix typos (bl-ue) #​38846
• [6c061d5f2c] - meta: update label-pr-config (Michaël Zasso) #​38950
• [afb61786b9] - module: fix legacy node specifier resolution to resolve "main" field (Antoine du Hamel) #​38979
• [cd3305a9e4] - node-api: avoid SecondPassCallback crash (Michael Dawson) #​38899
• [e7f266e93d] - src: use SPrintF in ProcessEmitWarning (Darshan Sen) #​38758
• [43fe6c1d27] - src: cleanup uv_fs_t regardless of success or not (legendecas) #​38996
• [dcfb182546] - src: refactor to use locale functions (Darshan Sen) #​39014
• [bee477b000] - src: throw error in LoadBuiltinModuleSource when reading fails (Joyee Cheung) #​38904
• [ff7cc8f9ef] - src: add not-weak DCHECK to PersistentToLocal::Strong (Anna Henningsen) #​38875
• [981217e48a] - src: replace autos in node_api.cc (Khaidi Chu) #​38852
• [73e199d963] - src: fix typos (bl-ue) #​38845
• [2d32031724] - src: use HandleScope in StreamReq::Done() (Darshan Sen) #​38720
• [2c11d3ec0a] - src: remove commented code in node_file.cc (Juan José Arboleda) #​38693
• [846a138f54] - src: write named pipe info in diagnostic report (legendecas) #​38637
• [7d82200861] - src: replace autos in node_contextify.cc (Khaidi Chu) #​38644
• [51da7d2048] - src,url: separate some tables out of node_url.cc (Khaidi Chu) #​38988
• [45c2ea3b72] - test: add NumberFormat resolvedOptions test (Richard Lau) #​39401
• [6b2fea38d1] - test: move inspector-cli tests to sequential (Rich Trott) #​39079
• [6447cab7be] - test: improve buffer coverage (Rongjian Zhang) #​38538
• [6f1862eab3] - test: fix name of variable in inspector-cli test (Tobias Nießen) #​38869
• [40093504bc] - test: fix typo (Houssem Chebab) #​39045
• [ab28f9b9a1] - test: remove obsolete TLS test (Rich Trott) #​39001
• [b3b59953fe] - test: improve coverage of lib/events.js (Rongjian Zhang) #​38582
• [c99a09f05f] - test: http outgoing _headers setter null (ycjcl868) #​38881
• [660a97b1d5] - test: suppress warning in test_environment.cc (Daniel Bevenius) #​38868
• [0cca16ac4c] - test: improve coverage of fs internal utils (Rongjian Zhang) #​38746
• [fecad40f27] - test: fix writefile with fd (Nitzan Uziely) #​38820
• [01f00faaa8] - test: simplify test-path-resolve.js (himself65) #​38671
• [504bfd7a88] - test: improve coverage for question in readline (Qingyu Deng) #​38799
• [eb91932e77] - test: os, replace custom flatten method with built-in Array.flat (Wael Almattar) #​38770
• [aeea252b96] - test: improve coverage of lib/_http_outgoing.js (Rongjian Zhang) #​38734
• [e265d8ee1b] - test: give js-native-api tests consistent names (Gabriel Schulhof) #​38692
• [99fd8bfc6a] - test: fix flaky inspector-cli tests when breakpionts are restored (Rich Trott) #​38431
• [4d3a1fad28] - test: extend timeout on debugger tests for slower machines (Rich Trott) #​38161
• [dd2642b5db] - test: fix comment typo (Rich Trott) #​38161
• [193ea8fd91] - test: fix test-inspector-cli-address (Rich Trott) #​38161
• [a62826bbe6] - test,debugger: migrate node-inspect tests to core (Rich Trott) #​38161
• [ab45ace9bd] - tools: update babel-eslint-parser to 7.14.5 (Rich Trott) #​39094
• [b8e63b3c08] - tools: update ESLint to 7.29.0 (Rich Trott) #​39083
• [54a250e79c] - tools: update doctool dependencies, migrate to ESM (Michaël Zasso) #​38966
• [443db64eed] - tools: avoid crashing CQ when git push fails (Antoine du Hamel) #​36861
• [547f88b149] - tools: fix typo in commit-queue.sh (bl-ue) #​39000
• [1023433a81] - tools: update ESLint to 7.28.0 (Luigi Pinca) #​38955
• [9b4ae8fbb0] - tools: bump remark-preset-lint-node to 2.3.0 (Rich Trott) #​38910
• [2ad0719e86] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #​38851
• [b7686d0c1e] - tools: bump cpplint to 1.5.5 (Rich Trott) #​38851
• [2ec7c9de57] - tools: remove exception for Node.js 8 and earlier (Rich Trott) #​38840
• [1dc71da302] - tools: update setup-node to setup-node@v2 (pengjie) #​38825
• [fc219d862c] - tools: remove node-inspect from license (Rich Trott) #​38161
• [4bb0bd0f0e] - tools,doc: forbid CJS globals in ESM code snippets (Antoine du Hamel) #​38889
• [58154ce426] - typings: add JSDoc typings for https (Voltrex) #​38589
• [6ea1368a67] - typings: add JSDoc typings for events (Voltrex) #​38712
• [b6942a6138] - url,src: simplify ipv6 logic by using uv_inet_pton (Khaidi Chu) #​38842
• [dd00547ada] - vm: use missing validator (Voltrex) #​38935
• [2c28e00685] - worker: do not look up context twice in PostMessage (Anna Henningsen) #​38784

v14.17.3

Compare Source

Notable Changes

Node.js 14.17.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

Commits

• [0f00104a2c] - win,msi: use localized "Authenticated Users" name (Richard Lau) #​39241

v14.17.2

Compare Source

This is a security release.

Notable Changes

Vulnerabilities fixed:

• CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
  • Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
• CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
  • Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921

Commits

• [a7496aba0a] - deps: uv: cherry-pick 99c29c9 (Ben Noordhuis) nodejs-private/node-private#​267
• [d0b449da1d] - win,msi: set install directory permission (AkshayK) nodejs-private/node-private#​269

v14.17.1

Compare Source

Notable Changes

• [6035492c8f] - deps: update ICU to 69.1 (Michaël Zasso) #​38178
• [9417fd0bc8] - errors: align source-map stacks with spec (Benjamin Coe) #​37252

Commits

• [87fa636953] - assert: refactor to use more primordials (Antoine du Hamel) #​36234
• [cfff3b4462] - assert: refactor to avoid unsafe array iteration (Antoine du Hamel) #​37344
• [dd18def7db] - async_hooks: refactor to avoid unsafe array iteration (Antoine du Hamel) #​37125
• [5f3e96b570] - async_hooks,doc: replace process.stdout.fd with 1 (Darshan Sen) #​38382
• [f4cb8b8281] - benchmark: avoid using console.log() (Antoine du Hamel) #​38370
• [9e4c1f2f2c] - benchmark: use process.hrtime.bigint() (Antoine du Hamel) #​38369
• [3c886e0ad6] - buffer: remove TODOs in atob / btoa (Khaidi Chu) #​38548
• [c5b86f8c2f] - buffer: remove unreachable code (Rongjian Zhang) #​38537
• [9ae2a27d44] - buffer: make FastBuffer safe to construct (Antoine du Hamel) #​36587
• [ff546ff744] - buffer: refactor to use primordials instead of Array#reduce (Antoine du Hamel) #​36392
• [5acf0a5ba3] - buffer: refactor to use more primordials (Antoine du Hamel) #​36166
• [52fd42ec46] - build: work around bug in MSBuild v16.10.0 (Michaël Zasso) #​38873
• [5df0f35bf6] - build: add workaround for V8 builds (Richard Lau) #​38632
• [754aa384e0] - build: remove dependency on distutils.spawn (Richard Lau) #​38600
• [5de7e64f3a] - build: fix make test-npm (Ruy Adorno) #​36369
• [e5fae63108] - child_process: reduce abort handler code duplication (Rich Trott) #​36644
• [598d2bdf09] - child_process: treat already-aborted controller as aborting (Rich Trott) #​36644
• [8d7708bdef] - child_process: refactor to use more primordials (Antoine du Hamel) #​36003
• [b8c4d30e77] - deps: update to [email protected] (Guy Bedford) #​38450
• [6035492c8f] - deps: update ICU to 69.1 (Michaël Zasso) #​38178
• [51dad8cabb] - deps: V8: cherry-pick 035c305 (Michaël Zasso) #​38497
• [a467125c8d] - deps: V8: cherry-pick dfcdf78 (Benjamin Coe) #​36573
• [acc9fad2ba] - deps: V8: cherry-pick 86991d0 (Benjamin Coe) #​36254
• [d67827744b] - deps: V8: cherry-pick 530080c (Milad Fa) #​38508
• [bac9ba4f8a] - dgram: extract cluster lazy loading method to make it testable (Rongjian Zhang) #​38563
• [f5b2115b76] - dgram: refactor to use more primordials (Antoine du Hamel) #​36286
• [cd7cf0547a] - dns: refactor to use more primordials (Antoine du Hamel) #​36314
• [9f67c0852c] - doc: cleanup events.md structure (James M Snell) #​36100
• [41cfe645c0] - doc: fix JS flavor selection (Antoine du Hamel) #​37791
• [7c4748b0dc] - doc: use HEAD instead of master for links (Antoine du Hamel) #​38518
• [26426577ff] - doc: remove import.meta.resolve parent URL type (Kevin Locke) #​38585
• [88055abf19] - doc: document buffer.kStringMaxLength (Tobias Nießen) #​38688
• [2e8dfee165] - doc: clarify synchronous blocking of Worker stdio (James M Snell) #​38658
• [212cd5cf05] - doc: update contact info (Gabriel Schulhof) #​38689
• [fa35c0662b] - doc: change color of doctag on night mode (Qingyu Deng) #​38652
• [4c67437c53] - doc: clarify DiffieHellmanGroup class docs (Nitzan Uziely) #​38363
• [e90c60b1e3] - doc: use AIX instead of Aix in fs.md (Rich Trott) #​38535
• [dc67fec1b4] - doc: remove extraneous dash from flag prefix (Rodolfo Carvalho) #​38532
• [4c54d81a59] - doc: document 'secureConnect' event limitation (James M Snell) #​38447
• [839e8d1672] - doc: mark querystring api as legacy (James M Snell) #​38436
• [a75b7af9bd] - doc: add arguments for stream event of Http2Server and Http2SecureServer (Qingyu Deng) #​37892
• [cf0007edc4] - doc: indicate that abort tests do not generate core files (Rich Trott) #​38422
• [945450b5cf] - doc: add try/catch in http2 respondWithFile example (Matteo Collina) #​38410
• [1f7cd7148a] - doc: note the system requirements for V8 tests (DeeDeeG) #​38319
• [cd54834854] - doc: minor clarification to pathObject (James M Snell) #​38437
• [ba117c2c6f] - doc: document new TCP_KEEPCNT and TCP_KEEPINTVL socket option defaults (Arnold Zokas) #​38313
• [dcdbaffced] - doc: do not mention TCP in the allowHalfOpen option description (Luigi Pinca) #​38360
• [fe8003e5de] - doc: update message to match actual output (Rich Trott) #​35271
• [c03f23e126] - doc: request default snap track be updated for LTS (Rod Vagg) #​37708
• [a9f7aeed12] - doc: mark process.hrtime() as legacy (Antoine du Hamel) #​38371
• [cede0c57b8] - doc: fix version history for "exports" patterns (Antoine du Hamel) #​38355
• [9702f22397] - doc: fix package.json "imports" field history (Antoine du Hamel) #​38356
• [2d96da875e] - doc: fix typo in buffer.md (divlo) #​38323
• [6b58f28472] - doc: add nodejs-sec email template (Daniel Bevenius) #​38290
• [5a532e4725] - doc: update TSC members list with three new members (Rich Trott) #​38352
• [e994d6a27c] - doc: use foo.prototype.bar notation in buffer.md (Voltrex) #​38032
• [c61f363d66] - doc: internal/test/binding for testing (Bradley Meck) #​38026
• [0bb6fe31b3] - doc: add missing events.on metadata (Anna Henningsen) #​37965
• [30c82b2745] - doc: fix wording in outgoingMessage.write (Tobias Nießen) #​37894
• [932000020a] - doc: fix grammar errors in http document (Qingyu Deng) #​37265
• [19e8ae44c4] - doc: add document for http.OutgoingMessage (Qingyu Deng) #​37265
• [a6c123363d] - doc: remove generated from dsaEncoding description (Marko Kaznovac) #​37459
• [bc6ea63e48] - doc: document how to register external bindings for snapshot (Joyee Cheung) #​37463
• [2168e954aa] - doc: document the NO_COLOR and FORCE_COLOR env vars (James M Snell) #​37477
• [2907848fc9] - doc: clarify event.isTrusted text (Rich Trott) #​36827
• [7efa020892] - doc: expand openssl instructions (Michael Dawson) #​36554
• [b197a44152] - doc: document ABORT_ERR code (Benjamin Gruenbaum) #​36319
• [1d80f89442] - doc: document changes for */promises alias modules (ExE Boss) #​34002
• [9417fd0bc8] - errors: align source-map stacks with spec (Benjamin Coe) #​37252
• [dcd221ce69] - errors: refactor to use more primordials (Antoine du Hamel) #​36651
• [ee444473e9] - errors: display original symbol name (Benjamin Coe) #​36042
• [83d28374d6] - errors: refactor to use more primordials (Antoine du Hamel) #​36167
• [7d7e34c15a] - errors: refactor to use more primordials (Antoine du Hamel) #​35944
• [18e5c0f3e2] - events: refactor to use optional chaining (ZiJian Liu) #​36763
• [4fdcbae583] - events: refactor to use more primordials (Antoine du Hamel) #​36304
• [c4e7dca8f3] - fs: fix error when writing buffers > INT32_MAX (Zach Bjornson) #​38546
• [07c55d2844] - Revert "http: make HEAD method to work with keep-alive" (Michaël Zasso) #​38949
• [d8da265c81] - http2: treat non-EOF empty frames like other invalid frames (Anna Henningsen) #​37875
• [c3bd0fdb73] - http2: fix setting options before handle exists (Anna Henningsen) #​37875
• [74fe1d8f0c] - http2: add support for TypedArray to getUnpackedSettings (Antoine du Hamel) #​36141
• [c90f1dbeb3] - https: refactor to use more primordials (Antoine du Hamel) #​36195
• [8258799472] - inspector: remove redundant method for connection check (Yash Ladha) #​37986
• [ba19313e1e] - inspector: refactor to use more primordials (Antoine du Hamel) #​36356
• [eb8f7ee634] - lib: revert primordials in a hot path (Antoine du Hamel) #​38248
• [cea8b4265c] - lib: make IterableWeakMap safe to iterate (Antoine du Hamel) #​38523
• [490bc58229] - lib: fix and improve os typings (Akhil Marsonya) #​38316
• [af39df6d03] - lib: add URI handling functions to primordials (Antoine du Hamel) #​37394
• [16691be80e] - lib: fix WebIDL object and dictionary type conversion (ExE Boss) #​37047
• [47ed512312] - lib: refactor to use optional chaining in internal/options.js (raisinten) #​36939
• [346fc0ac21] - lib: support returning Safe collections from C++ (ExE Boss) #​36989
• [8912caba64] - lib: expose primordials object (Antoine du Hamel) #​36872
• [46c019b988] - lib: refactor source_map to use more primordials (Antoine du Hamel) #​36733
• [cf9556d8f7] - lib: refactor source_map to avoid unsafe array iteration (Antoine du Hamel) #​36734
• [6eaf357f49] - lib: simplify primordials.uncurryThis (ExE Boss) #​36866
• [9338759b01] - lib: remove v8_prof_polyfill from eslint ignore list (Antoine du Hamel) #​36537
• [c9861a344a] - lib: remove unused code (Brian White) #​36632
• [01a71dd393] - lib: refactor to use more primordials in internal/encoding.js (raisinten) #​36480
• [e6c0877604] - lib: refactor to use primordials in internal/priority_queue.js (ZiJian Liu) #​36560
• [6e3a2ffb98] - lib: add primordials.SafeStringIterator (Antoine du Hamel) #​36526
• [bf0738bc07] - lib: make safe primordials safe to construct (Antoine du Hamel) #​36428
• [7ebc18f293] - lib: make safe primordials safe to iterate (Antoine du Hamel) #​36391
• [e12dbc8519] - lib: refactor to use more primordials in internal/histogram.js (raisinten) #​36455
• [5daeac64a4] - lib: add uncurried accessor properties to primordials (ExE Boss) #​36329
• [bb4900d9eb] - lib: refactor primordials.uncurryThis (Antoine du Hamel) #​36221
• [0fbe945ebb] - lib: refactor to use more primordials (Antoine du Hamel) #​36140
• [24d4d63308] - lib: add %TypedArray% abstract constructor to primordials (ExE Boss) #​36016
• [e2395b0f3b] - lib: use Object static properties from primordials (Michaël Zasso) #​35380
• [b3e22e1612] - lib,tools: enforce access to prototype from primordials (Antoine du Hamel) #​36025
• [e94e0b488e] - meta: add v8 team (Jiawen Geng) #​38566
• [fcc6a00f1a] - meta: post comment when pr labeled fast-track (James M Snell) #​38446
• [bd0d9647ca] - module: clarify CJS global-like variables not defined error message (Antoine du Hamel) #​37852
• [0fdb5d59f7] - module: refactor NativeModule to avoid unsafe array iteration (Antoine du Hamel) [#​37656](https://github.com/nodejs/node/pull/37656

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.