Skip to content
Permalink
Branch: master
Commits on Oct 21, 2019
  1. 2019-10-21, Version 12.13.0 'Erbium' (LTS)

    targos committed Oct 14, 2019
    This release marks the transition of Node.js 12.x into Long Term Support
    (LTS) with the codename 'Erbium'. The 12.x release line now moves into
    "Active LTS" and will remain so until October 2020. After that time, it
    will move into "Maintenance" until end of life in April 2022.
    
    Notable changes:
    
    npm was updated to 6.12.0. It now includes a version of `node-gyp` that
    supports Python 3 for building native modules.
    
    PR-URL: #29981
Commits on Oct 20, 2019
  1. build: make configure --without-snapshot a no-op

    targos committed Oct 18, 2019
    From V8 7.9, the option will no longer exist upstream.
    
    Refs: https://chromium-review.googlesource.com/c/chromium/src/+/1796325
    
    PR-URL: #30021
    Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Richard Lau <riclau@uk.ibm.com>
    Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  2. build: default Windows build to Visual Studio 2019

    targos committed Oct 18, 2019
    Building and testing Node.js with Visual Studio 2019 is now working as
    expected.
    Fallback to VS 2017 if VS 2019 was not found.
    
    Fixes: #27214
    
    PR-URL: #30022
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Richard Lau <riclau@uk.ibm.com>
    Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
  3. test: fix test runner for Python 3 on Windows

    targos committed Oct 18, 2019
    Explicitly open files with utf8 encoding, otherwise the system could use
    another encoding such as latin1 by default.
    
    PR-URL: #30023
    Reviewed-By: Richard Lau <riclau@uk.ibm.com>
    Reviewed-By: Christian Clauss <cclauss@me.com>
    Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Commits on Oct 18, 2019
  1. build: fix version checks in configure.py

    targos committed Oct 14, 2019
    Fixes: #29927
    Refs: #29931
    
    PR-URL: #29965
    Reviewed-By: Richard Lau <riclau@uk.ibm.com>
    Reviewed-By: David Carlier <devnexen@gmail.com>
    Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Commits on Oct 13, 2019
  1. tools: fix GYP MSVS solution generator for Python 3

    targos committed Oct 9, 2019
    PR-URL: #29897
    Reviewed-By: Christian Clauss <cclauss@me.com>
    Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
  2. build: always use strings for compiler version in gyp files

    targos committed Oct 9, 2019
    If GYP finds a string variable that can be converted to an integer,
    it will do it when the variable is expanded. Use "0.0" instead of "0"
    to force strings and be able to use comparison operations such as
    `gas_version >= "2.26"` in Python 3.
    
    PR-URL: #29897
    Reviewed-By: Christian Clauss <cclauss@me.com>
    Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
  3. tools: port Python 3 compat patches from node-gyp to gyp

    targos committed Oct 9, 2019
    Refs: nodejs/node-gyp#1820
    Refs: nodejs/node-gyp#1843
    
    PR-URL: #29897
    Reviewed-By: Christian Clauss <cclauss@me.com>
    Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
  4. deps: patch V8 to 7.8.279.17

    targos committed Oct 11, 2019
    Refs: v8/v8@7.8.279.15...7.8.279.17
    
    PR-URL: #29928
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Commits on Oct 11, 2019
  1. deps: V8: cherry-pick 53e62af

    targos committed Oct 9, 2019
    Original commit message:
    
        [build] Include string in v8.h
    
        Explicitly #include<string> in v8.h, since std::string is referenced
        in it. In the C++ STL shipped with Visual Studio 2019, none of the
        headers included in v8.h ends up including the C++ string header, which
        caused a compile error.
    
        Bug: v8:9793
        Change-Id: I84a133dd10dd6dcc7b70287af393e82cf0dc97df
        Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834321
        Reviewed-by: Adam Klein <adamk@chromium.org>
        Commit-Queue: Adam Klein <adamk@chromium.org>
        Cr-Commit-Position: refs/heads/master@{#64074}
    
    Refs: v8/v8@53e62af
    
    PR-URL: #29898
    Reviewed-By: David Carlier <devnexen@gmail.com>
    Reviewed-By: Richard Lau <riclau@uk.ibm.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
    Reviewed-By: Gus Caplan <me@gus.host>
  2. deps: patch V8 to 7.8.279.15

    targos committed Oct 9, 2019
    Refs: v8/v8@7.8.279.14...7.8.279.15
    
    PR-URL: #29899
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
    Reviewed-By: Gus Caplan <me@gus.host>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Commits on Oct 7, 2019
  1. assert: fix line number calculation after V8 upgrade

    targos authored and MylesBorins committed Aug 28, 2019
    PR-URL: #29694
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: Gus Caplan <me@gus.host>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Tobias Nießen <tniessen@tnie.de>
    Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
  2. tools: update V8 gypfiles

    targos authored and MylesBorins committed Aug 19, 2019
    until c6196ad7a2d601a4e1fdb313bfe2ec727fd67f7a
    
    Co-authored-by: Ujjwal Sharma <usharma1998@gmail.com>
    Co-authored-by: Michaël Zasso <targos@protonmail.com>
    
    PR-URL: #29694
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: Gus Caplan <me@gus.host>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Tobias Nießen <tniessen@tnie.de>
    Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
  3. deps: V8: silence irrelevant warning

    targos authored and MylesBorins committed Mar 27, 2019
    PR-URL: #26685
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Refael Ackermann <refack@gmail.com>
Commits on Oct 1, 2019
  1. 2019-10-01, Version 12.11.1 (Current)

    targos committed Oct 1, 2019
    Notable changes:
    
    * build:
      * This release fixes a regression that prevented from building Node.js
        using the official source tarball.
        #29712
    * deps:
      * Updated small-icu data to support "unit" style in the
        `Intl.NumberFormat` API.
        #29735
    
    PR-URL: #29796
Commits on Sep 30, 2019
  1. deps: enable unit data in small-icu

    targos authored and Trott committed Sep 27, 2019
    The data are needed for new Intl.NumberFormat options added by V8.
    
    Fixes: #29734
    
    PR-URL: #29735
    Reviewed-By: Richard Lau <riclau@uk.ibm.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Steven R Loomis <srloomis@us.ibm.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Commits on Sep 23, 2019
  1. deps: patch V8 to 7.7.299.11

    targos committed Sep 20, 2019
    Refs: v8/v8@7.7.299.10...7.7.299.11
    
    PR-URL: #29628
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Commits on Sep 5, 2019
  1. tools: fix GYP ninja generator for Python 3

    targos committed Sep 3, 2019
    PR-URL: #29416
    Reviewed-By: Christian Clauss <cclauss@me.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Commits on Aug 30, 2019
  1. deps: patch V8 to 7.7.299.8

    targos authored and danbev committed Aug 27, 2019
    PR-URL: #29336
    Refs: v8/v8@7.7.299.4...7.7.299.8
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Commits on Aug 26, 2019
  1. 2019-08-26, Version 12.9.1 (Current)

    targos committed Aug 26, 2019
    Notable changes:
    
    This release fixes two regressions in the http module:
    
    * Fixes an event listener leak in the HTTP client. This resulted in lots
      of warnings during npm/yarn installs.
      #29245
    * Fixes a regression preventing the `'end'` event from being emitted for
      keepalive requests in case the full body was not parsed.
      #29263
    
    PR-URL: #29321
Commits on Aug 20, 2019
  1. 2019-08-20, Version 12.9.0 (Current)

    targos committed Aug 19, 2019
    Notable changes:
    
    * crypto:
      * Added an oaepHash option to asymmetric encryption which allows
        users to specify a hash function when using OAEP padding.
        #28335
    * deps:
      * Updated V8 to 7.6.303.29. #28955
        * Improves the performance of various APIs such as `JSON.parse` and
          methods called on frozen arrays.
        * Adds the Promise.allSettled method.
        * Improves support of `BigInt` in `Intl` methods.
        * For more information: https://v8.dev/blog/v8-release-76
      * Updated libuv to 1.31.0. #29070
        * `UV_FS_O_FILEMAP` has been added for faster access to memory
          mapped files on Windows.
        * `uv_fs_mkdir()` now returns `UV_EINVAL` for invalid filenames on
          Windows. It previously returned `UV_ENOENT`.
        * The `uv_fs_statfs()` API has been added.
        * The `uv_os_environ()` and `uv_os_free_environ()` APIs have been
          added.
    * fs:
      * Added `fs.writev`, `fs.writevSync` and `filehandle.writev` (promise
        version) methods. They allow to write an array of `ArrayBufferView`s
        to a file descriptor. #25925
        #29186
    * http:
      * Added three properties to `OutgoingMessage.prototype`:
        `writableObjectMode`, `writableLength` and `writableHighWaterMark`
        #29018
    * stream:
      * Added an new property `readableEnded` to readable streams. Its value
        is set to `true` when the `'end'` event is emitted.
        #28814
      * Added an new property `writableEnded` to writable streams. Its value
        is set to `true` after `writable.end()` has been called.
        #28934
    
    PR-URL: #29210
Commits on Aug 19, 2019
  1. lib,test: fix error message check after V8 update

    targos committed Jun 17, 2019
    PR-URL: #28918
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
  2. tools: sync gypfiles with V8 7.7

    targos committed May 31, 2019
    Co-authored-by: Ujjwal Sharma <usharma1998@gmail.com>
    
    PR-URL: #28918
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
  3. deps: V8: silence irrelevant warning

    targos committed Mar 27, 2019
    PR-URL: #26685
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Refael Ackermann <refack@gmail.com>
  4. src: update NODE_MODULE_VERSION to 78

    targos committed Aug 16, 2019
    Major V8 updates are usually API/ABI incompatible with previous
    versions. This commit adapts NODE_MODULE_VERSION for V8 7.7.
    
    Refs: https://github.com/nodejs/CTC/blob/master/meetings/2016-09-28.md
    
    PR-URL: #28918
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
  5. build: reset embedder string to "-node.0"

    targos committed Aug 16, 2019
    PR-URL: #28918
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
  6. deps: update V8 to 7.7.299.4

    targos committed Aug 16, 2019
    PR-URL: #28918
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
Commits on Aug 15, 2019
  1. 2019-08-15, Version 12.8.1 (Current)

    targos committed Aug 15, 2019
    This is a security release.
    
    Notable changes:
    
    Node.js, as well as many other implementations of HTTP/2, have been
    found vulnerable to Denial of Service attacks.
    See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
    for more information.
    
    Vulnerabilities fixed:
    
    * CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
      data from a specified resource over multiple streams. They manipulate
      window size and stream priority to force the server to queue the data
      in 1-byte chunks. Depending on how efficiently this data is queued,
      this can consume excess CPU, memory, or both, potentially leading to a
      denial of service.
    * CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
      HTTP/2 peer, causing the peer to build an internal queue of responses.
      Depending on how efficiently this data is queued, this can consume
      excess CPU, memory, or both, potentially leading to a denial of
      service.
    * CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
      streams and continually shuffles the priority of the streams in a way
      that causes substantial churn to the priority tree. This can consume
      excess CPU, potentially leading to a denial of service.
    * CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
      and sends an invalid request over each stream that should solicit a
      stream of RST_STREAM frames from the peer. Depending on how the peer
      queues the RST_STREAM frames, this can consume excess memory, CPU,or
      both, potentially leading to a denial of service.
    * CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
      SETTINGS frames to the peer. Since the RFC requires that the peer
      reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
      frame is almost equivalent in behavior to a ping. Depending on how
      efficiently this data is queued, this can consume excess CPU, memory,
      or both, potentially leading to a denial of service.
    * CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
      headers with a 0-length header name and 0-length header value,
      optionally Huffman encoded into 1-byte or greater headers. Some
      implementations allocate memory for these headers and keep the
      allocation alive until the session dies. This can consume excess
      memory, potentially leading to a denial of service.
    * CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
      window so the peer can send without constraint; however, they leave
      the TCP window closed so the peer cannot actually write (many of) the
      bytes on the wire. The attacker then sends a stream of requests for a
      large response object. Depending on how the servers queue the
      responses, this can consume excess memory, CPU, or both, potentially
      leading to a denial of service.
    * CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
      frames with an empty payload and without the end-of-stream flag. These
      frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
      peer spends time processing each frame disproportionate to attack
      bandwidth. This can consume excess CPU, potentially leading to a
      denial of service. (Discovered by Piotr Sikora of Google)
    
    PR-URL: #29133
Commits on Aug 1, 2019
  1. src: use non-deprecated overload of V8::SetFlagsFromString

    targos committed Jul 20, 2019
    PR-URL: #28016
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
  2. tools: sync gypfiles with V8 7.6

    targos committed May 18, 2019
    Co-authored-by: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
    Co-authored-by: Ujjwal Sharma <usharma1998@gmail.com>
    
    PR-URL: #28016
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
  3. deps: V8: cherry-pick b33af60

    targos committed Jul 20, 2019
    Original commit message:
    
        [api] Get ScriptOrModule from CompileFunctionInContext
    
        Adds a new out param which allows accessing the ScriptOrModule
        of a function, which allows an embedder such as Node.js to use
        the function's i::Script lifetime.
    
        Refs: nodejs/node-v8#111
        Change-Id: I34346d94d76e8f9b8377c97d948673f4b95eb9d5
        Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1699698
        Reviewed-by: Yang Guo <yangguo@chromium.org>
        Commit-Queue: Yang Guo <yangguo@chromium.org>
        Cr-Commit-Position: refs/heads/master@{#62830}
    
    Refs: v8/v8@b33af60
    
    PR-URL: #28016
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
  4. deps: V8: cherry-pick d2ccc59

    targos committed Jul 20, 2019
    Original commit message:
    
        [snapshot] print reference stack for JSFunctions in the isolate snapshot
    
        This helps debugging incorrect usage of the SnapshotCreator API in
        debug mode.
    
        Change-Id: Ibd9db76a5f460cdf7ea6d14e865592ebaf69aeef
        Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648240
        Reviewed-by: Yang Guo <yangguo@chromium.org>
        Commit-Queue: Yang Guo <yangguo@chromium.org>
        Cr-Commit-Position: refs/heads/master@{#62095}
    
    Refs: v8/v8@d2ccc59
    
    PR-URL: #28016
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
  5. deps: V8: cherry-pick 3b8c624

    targos committed Jun 17, 2019
    Original commit message:
    
        GCC: explicitely instantiate JSObject::ApplyAttributesToDictionary for NumberDictionary
    
        elements.cc invokes ApplyAttributesToDictionary using NumberDictionary as its template
        parameter. But the declaration of the template method is in js-object.cc, so nobody
        can actually compile the version for number dictionary. This is fixed requesting
        explicit instantiation for NumberDictionary.
    
        This was breaking GCC build.
    
        Bug: chromium:819294
        Change-Id: I685ddc5b97e129d1a534dbdb04025c0932bc5ecd
        Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649565
        Reviewed-by: Toon Verwaest <verwaest@chromium.org>
        Commit-Queue: José Dapena Paz <jose.dapena@lge.com>
        Cr-Commit-Position: refs/heads/master@{#62097}
    
    Refs: v8/v8@3b8c624
    
    PR-URL: #28016
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
  6. deps: V8: silence irrelevant warning

    targos committed Mar 27, 2019
    PR-URL: #26685
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Refael Ackermann <refack@gmail.com>
  7. src: update NODE_MODULE_VERSION to 77

    targos committed Aug 1, 2019
    Major V8 updates are usually API/ABI incompatible with previous
    versions. This commit adapts NODE_MODULE_VERSION for V8 7.6.
    
    Refs: https://github.com/nodejs/CTC/blob/master/meetings/2016-09-28.md
    
    PR-URL: #28016
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Older
You can’t perform that action at this time.