chore(deps): update node.js

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
circleci/node	docker	minor	10.13.0 -> 10.16.3
node		minor	v10.13.0 -> 10.16.3

---

Release Notes

nodejs/node

v10.16.3

Compare Source

Notable changes

This is a security release.

Node.js, as well as many other implementations of HTTP/2, have been found
vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

• CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
• CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
• CVE-2019-9513 “Resource Loop”: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
• CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
• CVE-2019-9515 “Settings Flood”: The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
• CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
• CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
• CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service. (Discovered by Piotr Sikora of Google)

Commits

• [74507fae34] - deps: update nghttp2 to 1.39.2 (Anna Henningsen) #​29122
• [a397c881ec] - deps: update nghttp2 to 1.39.1 (gengjiawen) #​28448
• [fedfa12a33] - deps: update nghttp2 to 1.38.0 (gengjiawen) #​27295
• [ab0f2ace36] - deps: update nghttp2 to 1.37.0 (gengjiawen) #​26990
• [0acbe05ee2] - http2: allow security revert for Ping/Settings Flood (Anna Henningsen) #​29122
• [c152449012] - http2: pause input processing if sending output (Anna Henningsen) #​29122
• [0ce699c7b1] - http2: stop reading from socket if writes are in progress (Anna Henningsen) #​29122
• [17357d37a9] - http2: consider 0-length non-end DATA frames an error (Anna Henningsen) #​29122
• [460f896c63] - http2: shrink default vector::reserve() allocations (Anna Henningsen) #​29122
• [f4242e24f9] - http2: handle 0-length headers better (Anna Henningsen) #​29122
• [477461a51f] - http2: limit number of invalid incoming frames (Anna Henningsen) #​29122
• [05dada46ee] - http2: limit number of rejected stream openings (Anna Henningsen) #​29122
• [7f11465572] - http2: do not create ArrayBuffers when no DATA received (Anna Henningsen) #​29122
• [2eb914ff5f] - http2: only call into JS when necessary for session events (Anna Henningsen) #​29122
• [76a7ada15d] - http2: improve JS-side debug logging (Anna Henningsen) #​29122
• [00f153da13] - http2: improve http2 code a bit (James M Snell) #​23984
• [a0a14c809f] - src: pass along errors from http2 object creation (Anna Henningsen) #​25822
• [d85e4006ab] - test: apply test-http2-max-session-memory-leak from v12.x (Anna Henningsen) #​29122

v10.16.2

Compare Source

Notable changes

This release patches a regression in the OpenSSL upgrade to 1.1.1c that causes intermittent hangs in machines that have low entropy.

Commits

• [894a9dd230] - deps: cherry-pick c19c5a6 from openssl upstream (Ali Ijaz Sheikh) #​28983

v10.16.1

Compare Source

Notable changes

• deps: upgrade openssl sources to 1.1.1c (Sam Roberts) #​28212
• stream: do not unconditionally call \_read() on resume() (Anna Henningsen) #​26965
• worker: fix nullptr deref after MessagePort deser failure (Anna Henningsen) #​25076

Commits

• [65ef26fdcb] - async_hooks: avoid double-destroy HTTPParser (Gerhard Stoebich) #​27477
• [8f5d6cf5f5] - deps: update archs files for OpenSSL-1.1.1c (Sam Roberts) #​28212
• [9e62852724] - deps: upgrade openssl sources to 1.1.1c (Sam Roberts) #​28212
• [c59e0c256d] - deps: updated openssl upgrade instructions (Sam Roberts) #​28212
• [609d2b9ea4] - deps: V8: backport f27ac28 (Michaël Zasso) #​28061
• [8f780e8f99] - deps: cherry-pick 88f8fe1 from upstream V8 (Yang Guo) #​24514
• [ad588eb5fc] - doc: adjust TOC margins (Roman Reiss) #​28075
• [b3d8a1b1d0] - doc: add missing changes entry (Ruben Bridgewater) #​24758
• [819a647d8f] - esm: fix esm load bug (ZYSzys) #​25491
• [f34bb968c4] - process: make stdout and stderr emit 'close' on destroy (Matteo Collina) #​26691
• [0339fba1bb] - src: handle empty Maybe in uv binding initialize (Anna Henningsen) #​25079
• [f9e8e8856a] - src: fix Get() usage in tls_wrap.cc (cjihrig) #​24060
• [b689008dea] - src: in-source comments and minor TLS cleanups (Sam Roberts) #​25713
• [76af23a32b] - src: remove internalBinding('config').warningFile (Joyee Cheung) #​24959
• [b7dbc1c537] - src: fix warning in cares_wrap.cc (cjihrig) #​25230
• [a8f78f02cb] - src: fulfill Maybe contract in InlineDecoder (Anna Henningsen) #​25140
• [0dee607409] - src: extract common Bind method (Jon Moss) #​22315
• [08a32fbf57] - src: elevate v8 namespaces for node_process.cc (Jayasankar) #​24578
• [f3841c6750] - stream: convert existing buffer when calling .setEncoding (Anna Henningsen) #​27936
• [274b97c4ea] - stream: do not unconditionally call \_read() on resume() (Anna Henningsen) #​26965
• [044e753aaf] - stream: make _read() be called indefinitely if the user wants so (Matteo Collina) #​26135
• [f332265cda] - test: remove util.inherits() usage (ZYSzys) #​25245
• [ada0ed55d1] - test: fix pty test hangs on aix (Ben Noordhuis) #​28600
• [2ae99160e5] - test: skip stringbytes-external-exceed-max on AIX (Sam Roberts) #​28516
• [39637cb95f] - test: skip tests related to CI failures on AIX (Sam Roberts) #​28469
• [35be08a16f] - test: clean up build files (Gabriel Schulhof) #​28297
• [cc3ca08046] - test: clearing require cache crashes esm loader (Antoine du HAMEL) #​25491
• [75052cadaa] - tls: add debugging to native TLS code (Anna Henningsen) #​26843
• [99dad28ebf] - tls: add CHECK for impossible condition (Anna Henningsen) #​26843
• [5ffe04753e] - tls: renegotiate should take care of its own state (Sam Roberts) #​25997
• [4a607fab49] - tools: replace rollup with ncc (Rich Trott) #​24813
• [14090b59fc] - worker: fix nullptr deref after MessagePort deser failure (Anna Henningsen) #​25076

v10.16.0

Compare Source

Notable Changes

• deps:
  • update ICU to 64.2 (Ujjwal Sharma) #​27361
  • upgrade npm to 6.9.0 (Kat Marchán) #​26244
  • upgrade openssl sources to 1.1.1b (Sam Roberts) #​26327
  • upgrade to libuv 1.28.0 (cjihrig) #​27241
• events: add once method to use promises with EventEmitter (Matteo Collina) #​26078
• n-api: mark thread-safe function as stable (Gabriel Schulhof) #​25556
• repl: support top-level for-await-of (Shelley Vohr) #​23841
• zlib: add brotli support (Anna Henningsen) #​24938

Commits

• [77ed1bbea4] - benchmark: fix net-wrap-js-stream-passthrough (Rich Trott) #​25273
• [a8cbe0e6d2] - benchmark: replace deprecated and eliminate var in buffer-from.js (gengjiawen) #​26585
• [5249a22704] - benchmark: refactor path benchmarks (Ruben Bridgewater) #​26359
• [de7db26879] - benchmark,lib: add process.hrtime.bigint benchmark (Anna Henningsen) #​26381
• [c670358d7e] - (SEMVER-MINOR) benchmark,test: add brotli (Anna Henningsen) #​24938
• [ff647fda13] - buffer: do not affect memory after target for utf16 write (Anna Henningsen) #​26432
• [99a653e9ee] - build: make compress_json python3 compatible (Sakthipriyan Vairamani (thefourtheye)) #​25582
• [1c7f6a51c4] - build: make configure.py compatible with python 3 (Sakthipriyan Vairamani (thefourtheye)) #​25580
• [de268667e7] - build: remove AIX/ppc (32bit) dead code (Refael Ackermann) #​25523
• [a575a410fa] - build: remove erroneous duplicate declaration from node_inspector.gypi (Refael Ackermann) #​25586
• [6348d71a8a] - build: do not lint python scripts under test/fixtures (Joyee Cheung) #​25639
• [7ead9af0f5] - build: add check for empty openssl-fips flag (Daniel Bevenius) #​25391
• [554a4345c2] - build: fix Windows shared lib build (Richard Lau) #​25166
• [ffd62b129d] - build: correct fi indentation in Makefile (Daniel Bevenius) #​25107
• [5760e419d7] - build: add a space to clarify skipping crypto msg (Daniel Bevenius) #​25011
• [513913c672] - build: restore running tests on Travis (Richard Lau) #​26720
• [9512f3938a] - build: temporarily don't run tests on Travis (Richard Lau) #​26720
• [add5141933] - build: use Xenial and gcc 6 on Travis (Richard Lau) #​26720
• [9f5ad9b476] - build,deps: less warnings from V8 (Refael Ackermann) #​26405
• [16a92f66a1] - child_process: truncate output when maxBuffer is exceeded (Jeremiah Senkpiel) #​24951
• [274fc16178] - child_process: simplify argument handling (cjihrig) #​25194
• [fce822f6e9] - child_process: ensure message sanity at source (Gireesh Punathil) #​24787
• [a193a0f9dd] - child_process: spawn ignores options in case args is undefined (Eduard Bondarenko) #​24913
• [4b3e9486ca] - cluster: refactor empty for in round_robin_handle.js (gengjiawen) #​26560
• [fb73c06025] - cluster: improve for-loop (gengjiawen) #​26336
• [b8b23a3d78] - crypto: add crypto modules to cannotUseCache (Daniel Bevenius) #​25606
• [3a2814367b] - crypto: add crypto/keys to cannotUseCache (Daniel Bevenius) #​25237
• [a0dc65d0ed] - crypto: update root certificates (Sam Roberts) #​25113
• [4c87c1b1bc] - deps: upgrade to libuv 1.28.0 (cjihrig) #​27241
• [7e5ef4a0e1] - deps: upgrade to libuv 1.27.0 (cjihrig) #​26707
• [8ea22bbb88] - deps: upgrade to libuv 1.26.0 (cjihrig) #​26037
• [e6275f939a] - deps: upgrade to libuv 1.25.0 (cjihrig) #​25571
• [aceac0581c] - deps: patch to fix *.onion MX query on c-ares (XadillaX) #​25840
• [be219bd559] - deps: update archs files for OpenSSL-1.1.1b (Sam Roberts) #​26327
• [6a6aa6f038] - (SEMVER-MINOR) deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) #​25381
• [5109c4f432] - deps: add ARM64 Windows support in openssl (Shigeki Ohtsu) #​26001
• [f270eeec52] - deps: openssl-1.1.1b no longer packages .gitignore (Sam Roberts) #​26327
• [ebe0b05a24] - deps: upgrade openssl sources to 1.1.1b (Sam Roberts) #​26327
• [bbf5373041] - deps: update OpenSSL upgrade process (Sam Roberts) #​26378
• [a9c68a05d9] - (SEMVER-MINOR) deps: add brotli (Hackzzila) #​24938
• [281b52d6ec] - deps: upgrade npm to 6.9.0 (Kat Marchán) #​26244
• [d2413d630c] - deps: upgrade npm to 6.7.0 (Kat Marchán) #​25804
• [e880904d22] - deps: upgrade npm to v6.5.0 (Jordan Harband) #​25234
• [f91a818508] - deps: backport ICU-20575 to fix err/crasher (Steven R. Loomis) #​27435
• [c7931e4438] - deps: backport ICU-20558 to fix Intl crasher (Steven R. Loomis) #​27415
• [c9d0b6a9a0] - deps: update ICU to 64.2 (Ujjwal Sharma) #​27361
• [391185e550] - (SEMVER-MINOR) deps: upgrade npm to 6.5.0 (Audrey Eschright) #​24734
• [4875e881cd] - deps: upgrade to libuv 1.24.1 (cjihrig) #​25078
• [74f4741b63] - (SEMVER-MINOR) deps: upgrade to libuv 1.24.0 (cjihrig) #​24332
• [e9a9c88363] - (SEMVER-MINOR) deps: icu 63.1 bump (CLDR 34) (Steven R. Loomis) #​23715
• [23ea7ee64b] - deps: v8, backport coverage fixes (bcoe) #​26579
• [b0b73fa561] - (SEMVER-MINOR) deps: update archs files for OpenSSL-1.1.1a (Sam Roberts) #​25381
• [56441a0900] - (SEMVER-MINOR) deps: fix for non GNU assembler in AIX (Shigeki Ohtsu) #​25381
• [639b1d2f68] - (SEMVER-MINOR) deps: add only avx2 configs for OpenSSL-1.1.1 (Shigeki Ohtsu) #​25381
• [f5369da047] - (SEMVER-MINOR) deps: fix MacOS and Win build for OpenSSL-1.1.1 (Shigeki Ohtsu) #​25381
• [70a785cd9f] - (SEMVER-MINOR) deps: fix gyp/gypi for openssl-1.1.1 (Shigeki Ohtsu) #​25381
• [0e7019ff76] - (SEMVER-MINOR) deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) #​25381
• [2d396fe058] - (SEMVER-MINOR) deps: upgrade openssl sources to 1.1.1a (Sam Roberts) #​25381
• [ce6fec53a4] - (SEMVER-MINOR) deps,tools: update license-builder.sh and LICENSE (Hackzzila) #​24938
• [b7dd0b841e] - deps,tools: include SipHash in LICENSE (Rod Vagg) #​26367
• [4fcfa5a63f] - dns: fix TTL value for AAAA replies to resolveAny() (Anna Henningsen) #​25187
• [2a98b9cf2f] - doc: add "tick" function name and argument description (Artur Hayrapetyan) #​23551
• [93edf907ca] - (SEMVER-MINOR) doc: add documentation for brotli support (Anna Henningsen) #​24938
• [7ed29fc1e8] - doc: revise breaking changes material in COLLABORATOR_GUIDE (Rich Trott) #​25730
• [498edfde9b] - doc: fix http.Agent timeout option description (Luigi Pinca) #​25489
• [a040a73ee3] - doc: fix file extension on ESM file example (Eric Whitebloom) #​25692
• [6a2d9d192f] - doc: remove outdated s_client information in tls.md (Rich Trott) #​25678
• [bb96d79a7e] - doc: clarify what dns.setResolvers() affects (Sam Roberts) #​25570
• [a382932097] - doc: simplify process.binding() deprecation message (Rich Trott) #​25654
• [b1a15ab4cf] - doc: add note regarding pushing release tags (Myles Borins) #​25569
• [6ae41bde4d] - doc: reword stream docs to clarify that decodeStrings encodes strings (Daniel George Holz) #​25468
• [13205d5805] - doc: correct my wrong note about buf.fill() (Vse Mozhet Byt) #​25585
• [12fe2d30fe] - doc: add a note to buf.fill() description (Vse Mozhet Byt) #​25547
• [92d0794d63] - doc: fix typo in Buffer API (H1Gdev) #​25544
• [37082bd149] - doc: add Rich back to TSC list (Michael Dawson) #​25535
• [5631d7a6e0] - doc: add metadata about ecdh curve options (Sam Roberts) #​25502
• [5c602dabc4] - doc: add TLSSocket.isSessionReused() docs (Sam Roberts) #​25423
• [07f878b0c1] - doc: fix sorting in buffer.md (Vse Mozhet Byt) #​25477
• [9dffc2ba0c] - doc: fix napi\_open\_callback\_scope description (Philipp Renoth) #​25366
• [0c33ecb2bd] - doc: document that stream.on('close') was changed in Node 10 (Matteo Collina) #​25413
• [8f0fa61406] - doc: fix the path to postMessage() (Mitar) #​25332
• [3a30c87e88] - doc: update os.networkInterfaces() example (jvelezpo) #​25417
• [530f005d7d] - doc: make sure that calls to .read() are looped (Matteo Collina) #​25375
• [487f6536bc] - doc: add history to http.request.setTimeout() (James Bunton) #​25121
• [66ab7e4a99] - doc: add clarification for exception behaviour (Michael Dawson) #​25339
• [ce3cf0dffd] - doc: clarify timing of socket.connecting (Sam Roberts) #​25333
• [b68d47a246] - doc: update benchmark doc (Kazushi Kitaya) #​25367
• [252a696568] - doc: use lowercase for zlib (Rich Trott) #​25371
• [0d3212aa5c] - doc: fix heading in cpp style guide (Kazushi Kitaya) #​25303
• [8d5ac6c8ef] - doc: fix process.stdin example (Anna Henningsen) #​25344
• [ef6e4f15a0] - doc: fs.mkdir('/') throws EPERM on Windows (Corey Farrell) #​25340
• [fc5dc9c13e] - doc: include license for src/large_pages in LICENSE (Ujjwal Sharma) #​25246
• [b76931b7e9] - doc: describe TLS session resumption (Sam Roberts) #​25174
• [c84b4fb51a] - doc: link and expand --tls-cipher-list docs (Sam Roberts) #​25174
• [18e0a61f91] - doc: revise "Breaking Changes to Internal Elements" (Rich Trott) #​25190
• [b980fa3a21] - doc: fix NAPI typo (Philipp Renoth) #​25216
• [173e5fee9d] - doc: revise "Breaking Changes and Deprecations" (Rich Trott) #​25116
• [c571e9e18b] - doc: describe root cert update process (Sam Roberts) #​25113
• [09a97f29df] - doc: edit LTS material in Collaborator Guide (Rich Trott) #​26845
• [f52160d385] - doc: change error message to 'not defined' (Mohammed Essehemy) #​26857
• [6bd33dde62] - doc: fix comma of the list in worker_threads.md (Hang Jiang) #​26838
• [889d68ce6d] - doc: remove discord community (Aymen Naghmouchi) #​26830
• [ddfa756797] - doc: remove How Does LTS Work section from Collaborator Guide (Rich Trott) #​26723
• [a228254d6b] - doc: condense LTS material in Collaborator Guide (Rich Trott) #​26722
• [09f162b18f] - doc: add Note of options.stdio into child_process (kohta ito) #​26604
• [83c2a14e08] - doc: update spawnSync() status value possibilities (Rich Trott) #​26680
• [621099ebed] - doc: add ZYSzys to collaborators (ZYSzys) #​26730
• [30021881f8] - doc: simplify force-push guidelines (Rich Trott) #​26699
• [1e6faf9ee0] - doc: note about DNS ANY queries / RFC 8482 (Thomas Hunter II) #​26695
• [fc3552305a] - doc: simplify Troubleshooting text (Rich Trott) #​26652
• [983ea7f3e0] - doc: update copy/paste error message in Troubleshooting (Rich Trott) #​26652
• [c07619d581] - doc: add Gireesh to TSC (Rich Trott) #​26657
• [07ded7c975] - doc: edit "Technical How-To" section of guide (Rich Trott) #​26601
• [0a976ecb63] - doc: fix misleading sentence in http.md (Luigi Pinca) #​26465
• [f30172fa25] - doc: fix typo in http2.md (TJKoury) #​26616
• [4fed47ab79] - doc: edit "Using git-node" section of Guide (Rich Trott) #​26580
• [033d49c1f4] - doc: add version for http.createServer() options addition (Ben Swinburne) #​25001
• [d4a1d79e3d] - doc: add inspector API example for heapdump (Sam Roberts) #​26498
• [72f0efc1f2] - doc: edit Landing Pull Requests (Rich Trott) #​26536
• [132a457ed4] - doc: add decode() & encode() methods into querystring.md (ZYSzys) #​23889
• [74dac5913d] - doc: update partner communities link in releases.md (Beth Griggs) #​26475
• [5279a884cc] - doc: fix nits in writing-tests.md (Vse Mozhet Byt) #​26543
• [11d163b439] - doc: edit "Involving the TSC" (Rich Trott) #​26481
• [5fedf0f257] - doc: add guidance on console output in tests (Sam Roberts) #​26456
• [40657859ca] - doc: add caveat and tradeoff example to readline (Vse Mozhet Byt) #​26472
• [77eae4ecd6] - doc: fix the example implementation of MemoryRetainer (Joyee Cheung) #​26262
• [aa49bf53f2] - doc: clarify http.Agent constructor options (Luigi Pinca) #​26412
• [a562aba84c] - doc: hello addon example should return "world" (Geir Hauge) #​26328
• [b450ee28e3] - doc: fix up N-API support matrix (Michael Dawson) #​26377
• [3ff7c631a6] - doc: edit deprecation identifier info in Collaborator Guide (Rich Trott) #​26372
• [8d22048756] - doc: update LICENSE file (Thomas Leah) #​24898
• [e05eb3e041] - (SEMVER-MINOR) doc: fix assembler requirement for OpenSSL-1.1.1 (Shigeki Ohtsu) #​25381
• [ecae7275bd] - doc: fix REPLACEME for tls min/max protocol option (Sam Roberts) #​24759
• [1ae6853015] - doc,n-api: update matrix for N-API version 4 (Richard Lau)
• [98193d1d4d] - doc,tools: updates for 6.x End-of-Life (Richard Lau) #​27658
• [25d73aa187] - domain: avoid circular memory references (Anna Henningsen) #​25993
• [46a816fa00] - events: show inspected error in uncaught 'error' message (Anna Henningsen) #​25621
• [aca5ed5563] - events: simplify stack compare function (Ruben Bridgewater) #​24744
• [064511ec4b] - (SEMVER-MINOR) events: add once method to use promises with EventEmitter (Matteo Collina) #​26078
• [e1f293c7a1] - events: improve for-loop (gengjiawen) #​26354
• [cb0fc6520a] - events: onceWrapper returns target value (himself65) #​25818
• [af301b2821] - fs: fix infinite loop with async recursive mkdir on Windows (Richard Lau) #​27207
• [3516a2735f] - (SEMVER-MINOR) fs: default open/openSync flags argument to 'r' (Ben Noordhuis) #​23767
• [ae465f6fc4] - (SEMVER-MINOR) fs,net: standardize pending stream property (Anna Henningsen) #​24067
• [ced7f67fbb] - http: make ClientRequest#setTimeout() noop at end (Tim De Pauw) #​25536
• [33a9d17733] - http: reuse noop function in socketOnError() (cjihrig) #​25566
• [378d4f18f1] - http: remove unused variable in _http_server.js (gengjiawen) #​26407
• [cb88c58e42] - http: check for existance in resetHeadersTimeoutOnReqEnd (Matteo Collina) #​26402
• [277271c4a9] - http: send connection: close when closing conn (Yann Hamon) #​26467
• [decba1c59b] - http2: allow fully synchronous \_final() (Anna Henningsen) #​25609
• [ba6829d1b8] - http2: add test case for goaway (Anto Aravinth) #​24054
• [91b1b2cf84] - http2: delete unused enum in node_http2.h (gengjiawen) #​26704
• [59b348e0e4] - http2: Http2ServerResponse.end() should always return self (Robert Nagy) #​24346
• [32b83eaf38] - http2: refactor deprecated method in core.js (gengjiawen) #​26275
• [cc25f22094] - http2: improve compatibility with http/1 (Sagi Tsofan) #​23908
• [4f60364201] - (SEMVER-MINOR) http2: add Http2Stream.bufferSize (Ouyang Yadong) #​23711
• [b7b08d1009] - https: add missing localPort while create socket (leeight) #​24554
• [66ca795028] - inspector: print all listening addresses (Ben Noordhuis) #​26008
• [cbc428c803] - inspector, test: verify reported console message (Eugene Ostroukhov) #​25455
• [73230cc2c8] - (SEMVER-MINOR) lib: support overriding http\s.globalAgent (Roy Sommer) #​25170
• [ec90cefdd9] - lib: simplify several debug() calls (cjihrig) #​25241
• [43f41beff2] - (SEMVER-MINOR) lib: enable TypedArray and DataView for the v8 module (Ouyang Yadong) #​23953
• [bda45a5cfe] - (SEMVER-MINOR) lib: add escapeCodeTimeout as an option to createInterface (Raoof) #​19780
• [81cf2b450d] - lib,test: remove lib/internal/test/unicode.js (Rich Trott) #​25298
• [a49bd36a1a] - module: revert module._compile to original state if module is patched (Ujjwal Sharma) #​21573
• [590e8d37e9] - module: use compileFunction over Module.wrap (Ujjwal Sharma) #​21573
• [0dc6f03873] - (SEMVER-MINOR) module: support multi-dot file extension (Geoffrey Booth) #​23416
• [2643801d9d] - n-api: improve performance creating strings (Anthony Tuininga) #​26439
• [b5588daef0] - n-api: finalize during second-pass callback (Gabriel Schulhof) #​25992
• [48a5241b46] - (SEMVER-MINOR) n-api: mark thread-safe function as stable (Gabriel Schulhof) #​25556
• [f17b61e071] - net: check for close on stream, not parent (David Halls) #​25026
• [eef2debcc7] - os: implement os.release() using uv_os_uname() (cjihrig) #​25600
• [d4688485b5] - os: use uv_os_gethostname() in hostname() (cjihrig) #​25111
• [ff3d977f04] - perf_hooks: clean up GC listeners (Anna Henningsen) #​25647
• [45481bce63] - querystring: remove eslint-disable (cjihrig) #​24995
• [d3f15b0ffb] - (SEMVER-MINOR) readline: add support for async iteration (Timothy Gu) #​23916
• [2f1ad8efbd] - repl: improve doc for disabling REPL history on Windows (Samuel D. Leslie) #​25672
• [b061a08cab] - repl: indicate if errors are thrown or not (Ruben Bridgewater) #​25253
• [ef767a28b2] - repl: eliminate var in function _memory (gengjiawen) #​26496
• [600929d4f8] - repl: simplify regex expression (gengjiawen) #​26496
• [1080a1af3d] - repl: remove redundant escape (gengjiawen) #​26496
• [b9188d473b] - (SEMVER-MINOR) repl: support top-level for-await-of (Shelley Vohr) #​23841
• [b9ea23c0ed] - src: add WeakReference utility (Anna Henningsen) #​25993
• [57469e62d9] - src: extract common sockaddr creation code (Daniel Bevenius) #​26070
• [bc5e04b5f7] - src: fix race condition in \~NodeTraceBuffer (Anna Henningsen) #​25896
• [51ec21cb17] - src: remove unused field in node_http2.h (gengjiawen) #​25727
• [550af6d72f] - src: remove unnecessary call to SSL_get_mode (Sam Roberts) #​25711
• [b31035d0b3] - src: fix macro duplicate declaration in env.h (gengjiawen) #​25703
• [cd4a932af3] - src: remove outdated Neuter() call in node\_buffer.cc (Anna Henningsen) #​25479
• [883d61c7ae] - src: trace_events: fix race with metadata events (Ali Ijaz Sheikh) #​25235
• [7655253251] - src: remove unused method declaration (Ben Noordhuis) #​25329
• [f5e4a1e9d8] - src: remove unused variable from string_search.h (Anna Henningsen) #​25139
• [5d5ac23bb7] - src: do not leak NodeTraceStateObserver (Anna Henningsen) #​25180
• [870549b8ac] - src: port GetLoadedLibraries for freebsd (Gireesh Punathil) #​25106
• [74b034fe94] - src: schedule destroy hooks in BeforeExit early during bootstrap (Joyee Cheung) #​25020
• [42c26a6afb] - src: remove unused variable in class InspectorSocketServer (gengjiawen) #​26633
• [84db29c93b] - src: remove usage of deprecated IsNearDeath (Michaël Zasso) #​26630
• [4274542a39] - (SEMVER-MINOR) src: deprecate AddPromiseHook() (Anna Henningsen) #​26529
• [479ef60013] - src: remove redundant cast in util-inl.h (gengjiawen) #​26410
• [44f62607a1] - src: remove redundant cast in string_search.h (gengjiawen) #​26426
• [dc9f1c60e2] - src: remove unused function in cares_wrap.cc (gengjiawen) #​26429
• [e418b4f650] - src: fix if indent in node_http2.cc (gengjiawen) #​26396
• [0bff833df9] - src: remove unused struct in test_inspector_socket.cc (gengjiawen) #​26284
• [281eb0f928] - src: extra-semi warning in node_platform.h (Jeremy Apthorp) #​26330
• [0fa3a512c1] - src: reduce to simple const char\* in OptionsParser (ZYSzys) #​26297
• [44fd3a2fce] - src: remove already elevated Isolate namespce (Juan José Arboleda) #​26294
• [5cd96b367b] - src: avoid race condition in tracing code (Anna Henningsen) #​25624
• [452b6aad5a] - src: remove redundant cast in PipeWrap::Fchmod (gengjiawen) #​26242
• [55d3be7e9e] - src: simplify native immediate by using v8::Global (Anna Henningsen) #​26254
• [a92286d6da] - src: ensure no more platform foreground tasks after Deinit (Clemens Hammacher) #​25653
• [f4be1767a5] - src: dispose of V8 platform in process.exit() (Anna Henningsen) #​25061
• [c2dab8e642] - (SEMVER-MINOR) src,test: add public wrapper for Environment::GetCurrent (Shelley Vohr) #​23676
• [99c555a1de] - stream: ensure writable.destroy() emits error once (Luigi Pinca) #​26057
• [a1b253a416] - (SEMVER-MINOR) stream: add auto-destroy mo

---

Renovate configuration

📅 Schedule: "on monday" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot. View repository job log here.

[renovate]

PR has been edited

👷 This PR has received other commits, so Renovate will stop updating it to avoid conflicts or other problems. If you wish to abandon your changes and have Renovate start over you may click the "rebase" checkbox in the PR body/description.

[codecov]

Codecov Report

Merging #1115 into develop will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop    #1115   +/-   ##
========================================
  Coverage    50.79%   50.79%           
========================================
  Files          240      240           
  Lines         2063     2063           
  Branches       276      276           
========================================
  Hits          1048     1048           
  Misses         843      843           
  Partials       172      172