Releases: nodejs/node
Releases Β· nodejs/node
2025-02-13, Version 23.8.0 (Current), @targos
Notable Changes
Support for using system CA certificates store on macOS and Windows
This version adds the --use-system-ca command-line flag, which instructs Node.js
to use the trusted CA certificates present in the system store along with
the --use-bundled-ca, --use-openssl-ca options.
This option is available on macOS and Windows for now.
Contributed by Tim Jacomb in #56599
and Joyee Cheung in #56833.
Introduction of the URL Pattern API
An implementation of the URL Pattern API
is now available.
The URLPattern constructor is exported from the node:url module and will be
available as a global in Node.js 24.
Contributed by Yagiz Nizipli and Daniel Lemire in #56452.
Support for the zstd compression algorithm
Node.js now includes support for the Zstandard (zstd) compression algorithm.
Various APIs have been added to the node:zlib module for both compression and decompression
of zstd streams.
Contributed by Jan Krems in #52100.
Node.js thread names
Threads created by the Node.js process are now named to improve the debugging experience.
Worker threads will use the name option that can be passed to the Worker constructor.
Contributed by Rafael Gonzaga in #56416.
Timezone data has been updated to 2025a
Included changes:
- Paraguay adopts permanent -03 starting spring 2024.
- Improve pre-1991 data for the Philippines.
Other Notable Changes
- [
39997867cf] - (SEMVER-MINOR) sqlite: allow returningArrayBufferViews from user-defined functions (RenΓ©) #56790
Commits
- [
0ee9c34d63] - benchmark: add simple parse and test benchmarks for URLPattern (James M Snell) #56882 - [
b3f2045d14] - build: gyp exclude libm linking on macOS (deepak1556) #56901 - [
e0dd9aefd6] - build: remove explicit linker call to libm on macOS (deepak1556) #56901 - [
52399da780] - build: link with Security.framework in GN build (Cheng) #56895 - [
582b9221c9] - build: do not put commands in sources variables (Cheng) #56885 - [
ea61b956e9] - build: add double quotes around <(python) (Luigi Pinca) #56826 - [
14236ef778] - build: add build option suppress_all_error_on_warn (Michael Dawson) #56647 - [
dfd3f430f3] - build,win: enable ccache (Stefan Stojanovic) #56847 - [
3e207bd9ec] - (SEMVER-MINOR) crypto: support --use-system-ca on Windows (Joyee Cheung) #56833 - [
fe2694a992] - crypto: fix X509* leak in --use-system-ca (Joyee Cheung) #56832 - [
60039a2c36] - crypto: add api to get openssl security level (Michael Dawson) #56601 - [
39a474f7c0] - (SEMVER-MINOR) crypto: added support for reading certificates from macOS system store (Tim Jacomb) #56599 - [
144bee8067] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #56655 - [
7fd39e3a79] - deps: update sqlite to 3.49.0 (Node.js GitHub Bot) #56654 - [
d698cb5434] - deps: update amaro to 0.3.2 (marco-ippolito) #56916 - [
dbd09067c0] - deps: V8: cherry-pick 9ab40592f697 (Levi Zim) #56781 - [
ee33ef3aa6] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #56855 - [
c0542557d0] - deps: update timezone to 2025a (Node.js GitHub Bot) #56876 - [
d67cb1f9bb] - deps: update simdjson to 3.12.0 (Node.js GitHub Bot) #56874 - [
70b04b4314] - deps: update googletest to e235eb3 (Node.js GitHub Bot) #56873 - [
e11cda003f] - (SEMVER-MINOR) deps: update ada to v3.0.1 (Yagiz Nizipli) #56452 - [
8743ef525d] - deps: update simdjson to 3.11.6 (Node.js GitHub Bot) #56250 - [
0f553e5575] - deps: update amaro to 0.3.1 (Node.js GitHub Bot) #56785 - [
380a8d8d2f] - (SEMVER-MINOR) deps,tools: add zstd 1.5.6 (Jan Krems) #52100 - [
66898a7c3b] - doc: update history of stream.Readable.toWeb() (Jimmy Leung) #56928 - [
9e29416e12] - doc: make MDN links to global classes more consistent (Antoine du Hamel) #56924 - [
6bc270728a] - doc: make MDN links to global classes more consistent inassert.md(Antoine du Hamel) #56920 - [
00da003171] - doc: make MDN links to global classes more consistent (Antoine du Hamel) #56923 - [
d90198793a] - doc: make MDN links to global classes more consistent inutil.md(Antoine du Hamel) #56922 - [
5f4377a759] - doc: make MDN links to global classes more consistent inbuffer.md(Antoine du Hamel) #56921 - [
7353266b50] - doc: improve type stripping documentation (Marco Ippolito) #56916 - [
888d2acc3a] - doc: specificy support for erasable ts syntax (Marco Ippolito) #56916 - [
3c082d43bc] - doc: update post sec release process (Rafael Gonzaga) #56907 - [
f0bf35d3c5] - doc: update websocket link to avoid linking to self (Chengzhong Wu) #56897 - [
373dbb0e6c] - doc: mark--env-file-if-existsflag as experimental (Juan JosΓ©) #56893 - [
d436888cc8] - doc: fix typo in cjs example ofutil.styleText(Deokjin Kim) #56769 - [
91638eeb4a] - doc: clarify sqlite user-defined function behaviour (RenΓ©) #56786 - [
bab9c4d331] - events: getMaxListeners detects 0 listeners (Matthew Aitken) #56807 - [
ccaf7fe737] - fs: makeFileHandle.readableWebStreamalways create byte streams (Ian Kerins) #55461 - [
974cec7a0a] - http: be more generational GC friendly (ywave620) #56767 - [
be00058712] - inspector: add Network.Initiator in inspector protocol (Chengzhong Wu) #56805 - [
31293a4b09] - inspector: fix GN build (Cheng) #56798 - [[
91a302356b](https://github.com/...
2025-02-11, Version 22.14.0 'Jod' (LTS), @aduh95
Notable Changes
- [
82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #56566 - [
b7fe54fc88] - (SEMVER-MINOR) fs: allowexcludeoption in globs to accept glob patterns (Daeyeon Jeong) #56489 - [
3ac92ef607] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #56359 - [
1614e8e7bc] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #56610 - [
6d6cffa9cc] - (SEMVER-MINOR) module: addfindPackageJSONutil (Jacob Smith) #55412 - [
d35333ae18] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #56400 - [
07ff3ddcb5] - (SEMVER-MINOR) sqlite: support TypedArray and DataView inStatementSync(Alex Yang) #56385 - [
94d3fe1b62] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #56441 - [
5afffb4415] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #56469 - [
697a851fb3] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #56595 - [
047537b48c] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #56459 - [
926cf84e95] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #56434 - [
c658a8afdf] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #56394
Commits
- [
bad1ad8650] - assert: make myers_diff function more performant (Giovanni Bucci) #56303 - [
e222e36f3b] - assert: make partialDeepStrictEqual work with urls and File prototypes (Giovanni Bucci) #56231 - [
e232789fe2] - assert: show diff when doing partial comparisons (Giovanni Bucci) #56211 - [
c99de1fdcf] - assert: make partialDeepStrictEqual throw when comparing [0] with [-0] (Giovanni) #56237 - [
2386fd5840] - benchmark: add validateStream to styleText bench (Rafael Gonzaga) #56556 - [
b197dfa7ec] - build: fix GN build for ngtcp2 (Cheng) #56300 - [
2a3cdd34ff] - build: test macos-13 on GitHub actions (MichaΓ«l Zasso) #56307 - [
12f716be0a] - build: build v8 with -fvisibility=hidden on macOS (Joyee Cheung) #56275 - [
c5ca15bd34] - child_process: fix parsing messages with splitted length field (Maksim Gorkov) #56106 - [
8346b8fc2c] - crypto: add missing return value check (Michael Dawson) #56615 - [
82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #56566 - [
890eef20a1] - crypto: fix checkPrime crash with large buffers (Santiago Gimeno) #56559 - [
5edb7b5e87] - crypto: fix warning of ignoring return value (Cheng) #56527 - [
b89f123a0b] - crypto: make generatePrime/checkPrime interruptible (James M Snell) #56460 - [
63c1859e01] - deps: update corepack to 0.31.0 (Node.js GitHub Bot) #56795 - [
a48430d4d3] - deps: move inspector_protocol to deps (Chengzhong Wu) #56649 - [
74cccc824f] - deps: macro ENODATA is deprecated in libc++ (Cheng) #56698 - [
fa869ea0f2] - deps: fixup some minor coverity warnings (James M Snell) #56612 - [
1a4fa2b015] - deps: update amaro to 0.3.0 (Node.js GitHub Bot) #56568 - [
b47076fd82] - deps: update amaro to 0.2.2 (Node.js GitHub Bot) #56568 - [
46bd4b8731] - deps: update simdutf to 6.0.3 (Node.js GitHub Bot) #56567 - [
8ead9c693b] - deps: update simdutf to 5.7.2 (Node.js GitHub Bot) #56388 - [
18d4b502af] - deps: update amaro to 0.2.1 (Node.js GitHub Bot) #56390 - [
d938d7cc86] - deps: update googletest to 7d76a23 (Node.js GitHub Bot) #56387 - [
9761e7dccb] - deps: update googletest to e54519b (Node.js GitHub Bot) #56370 - [
8319dc6bc5] - deps: update ngtcp2 to 1.10.0 (Node.js GitHub Bot) #56334 - [
6eacd19d6a] - deps: update simdutf to 5.7.0 (Node.js GitHub Bot) #56332 - [
28bec2dda3] - diagnostics_channel: capture console messages (Stephen Belanger) #56292 - [
d519d33502] - doc: update macOS and Xcode versions for releases (MichaΓ«l Zasso) #56337 - [
fcfe650507] - doc: add note for features usingInternalWorkerwith permission model (Antoine du Hamel) #56706 - [
efbba182b5] - doc: add entry to changelog about SQLite Session Extension (Bart Louwers) #56318 - [
31bf9c7dd9] - doc: move anatoli to emeritus (Michael Dawson) #56592 - [
6096e38c7c] - doc: fix styles of the expandable TOC (Antoine du Hamel) #56755 - [
d423638281] - doc: add "Skip to content" button (Antoine du Hamel) #56750 - [
edeb157d75] - doc: improve accessibility of expandable lists (Antoine du Hamel) #56749 - [
1a79e87687] - doc: add note regarding commit message trailers (Dario Piotrowicz) #56736 - [
927c7e47e4] - doc: fix typo in example code for util.styleText (Robin Mehner) #56720 - [
fade522538] - doc: fix inconsistencies inWeakSetandWeakMapcomparison details (Shreyans Pathak) #56683 - [[
55533bf147](55533bf147...
2025-02-10, Version 20.18.3 'Iron' (LTS), @marco-ippolito
v20.18.3
This tag was signed with the committerβs verified signature.
marco-ippolito
Marco Ippolito
4819c99
This commit was signed with the committerβs verified signature.
marco-ippolito
Marco Ippolito
Notable Changes
- [
030f155986] - esm: mark import attributes and JSON module as stable (NicolΓ² Ribaudo) #55333 - [
b9b006331f] - doc: add LJHarb to collaborators (Jordan Harband) #56132 - [
39b89e90b4] - doc: enforce strict policy to semver-major releases (Rafael Gonzaga) #55732 - [
247fa1959f] - crypto: update root certificates to NSS 3.104 (Richard Lau) #55681 - [
adfc2f993a] - tools: fix root certificate updater (Richard Lau) #55681 - [
29862ae105] - doc: add jazelly to collaborators (Jason Zhang) #55531
Commits
- [
b4f5da18a5] - benchmark: addtest-reporters(Aviv Keller) #55757 - [
407992e272] - benchmark: addtest_runner/mock-fn(Aviv Keller) #55771 - [
17abec4367] - benchmark: add nodeTiming.uvmetricsinfo bench (RafaelGSS) #55614 - [
43f7050338] - benchmark: add --runs support to run.js (Rafael Gonzaga) #55158 - [
470789a981] - benchmark: adjust byte size for buffer-copy (Rafael Gonzaga) #55295 - [
ea1c97ac16] - buffer: document concat zero-fill (Duncan) #55562 - [
ae683a9e1f] - build: set DESTCPU correctly for 'make binary' on loongarch64 (ε΄ε°η½) #56271 - [
af020edf96] - build: fix missing fp16 dependency in d8 builds (Joyee Cheung) #56266 - [
d6a1b74404] - build: add major release action (Rafael Gonzaga) #56199 - [
bc92a96a5a] - build: allow overriding clang usage (Shelley Vohr) #56016 - [
f370ec0989] - build: remove defaults for create-release-proposal (Rafael Gonzaga) #56042 - [
25e1862e87] - build: set node_arch to target_cpu in GN (Shelley Vohr) #55967 - [
55c205e5f6] - build: add create release proposal action (Rafael Gonzaga) #55690 - [
9f14ba808d] - build: implement node_use_amaro flag in GN build (Cheng) #55798 - [
046430c47e] - build: fix building with system icu 76 (Michael Cho) #55563 - [
0b6d62c812] - build: fix GN arg used in generate_config_gypi.py (Shelley Vohr) #55530 - [
8f9c642369] - build: fix GN build for cares/uv deps (Cheng) #55477 - [
284e932326] - build: fix uninstall script for AIX 7.1 (Cloorc) #55438 - [
2f71f168ef] - build: tidy up cares.gyp (Richard Lau) #55445 - [
e89e807522] - build: synchronize list of c-ares source files (Richard Lau) #55445 - [
5eb6c94851] - build: fix path concatenation (Mohammed Keyvanzadeh) #55387 - [
720d23f3ac] - build: fix make errors that occur in Makefile (minkyu_kim) #55287 - [
dc552c6739] - build,win: enable pch for clang-cl (Stefan Stojanovic) #55249 - [
64b140d484] - cli: add--heap-profflag available toNODE_OPTIONS(Juan JosΓ©) #54259 - [
23fb644037] - crypto: ensure CryptoKey usages and algorithm are cached objects (Filip Skokan) #56108 - [
247fa1959f] - crypto: update root certificates to NSS 3.104 (Richard Lau) #55681 - [
3c4262a171] - deps: V8: cherry-pick 26fd1dfa9cd6 (Shu-yu Guo) #55961 - [
558e6588a4] - deps: V8: backport ae5a4db8ad86 (Shu-yu Guo) #55961 - [
169bc58447] - deps: update simdutf to 5.6.4 (Node.js GitHub Bot) #56255 - [
bc7bb1e269] - deps: update c-ares to v1.34.4 (Node.js GitHub Bot) #56256 - [
782bb6cac4] - deps: update zlib to 1.3.0.1-motley-82a5fec (Node.js GitHub Bot) #55980 - [
f7131cf178] - deps: update corepack to 0.30.0 (Node.js GitHub Bot) #55977 - [
b09f6abcd3] - deps: update simdutf to 5.6.3 (Node.js GitHub Bot) #55973 - [
d63ccb60ea] - deps: update zlib to 1.3.0.1-motley-7e2e4d7 (Node.js GitHub Bot) #54432 - [
a2f315ef8b] - deps: update simdutf to 5.6.2 (Node.js GitHub Bot) #55889 - [
afed723b6c] - deps: update simdutf to 5.6.1 (Node.js GitHub Bot) #55850 - [
753c3b322f] - deps: update c-ares to v1.34.3 (Node.js GitHub Bot) #55803 - [
4f89af8a6f] - deps: update acorn to 8.14.0 (Node.js GitHub Bot) #55699 - [
07359ec14f] - deps: update acorn to 8.13.0 (Node.js GitHub Bot) #55558 - [
c6236571fc] - deps: update googletest to df1544b (Node.js GitHub Bot) #55465 - [
f63413c6f3] - deps: update c-ares to v1.34.2 (Node.js GitHub Bot) #55463 - [
ad725c766d] - deps: update ada to 2.9.1 (Node.js GitHub Bot) #54679 - [
33367cbd62] - deps: update simdutf to 5.6.0 (Node.js GitHub Bot) #55379 - [
f2a55d9d2d] - deps: update c-ares to v1.34.1 (Node.js GitHub Bot) #55369 - [
1d14886266] - dgram: check udp buffer size to avoid fd leak (theanarkh) #56084 - [
de265b9558] - diagnostics_channel: fix unsubscribe during publish (simon-id) #55116 - [
22e0d17097] - dns: stop using deprecatedares_query(Aviv Keller) #55430 - [
44f3b23749] - dns: honor the order option (Luigi Pinca) #55392
*...
2025-01-30, Version 23.7.0 (Current), @aduh95
Notable Changes
- [
36dd9ecc41] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #56566 - [
9414d3cbf1] - (SEMVER-MINOR) fs: allowexcludeoption in globs to accept glob patterns (Daeyeon Jeong) #56489 - [
9c5c3b3115] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #56610 - [
1e201fd5fd] - (SEMVER-MINOR) sqlite: support TypedArray and DataView inStatementSync(Alex Yang) #56385 - [
48c813fb67] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #56441 - [
cf16123785] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #56469 - [
13bdd9c961] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #56595 - [
00a1943858] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #56459 - [
3143566045] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #56434
Commits
- [
334a3ac7c6] - assert: make myers_diff function more performant (Giovanni Bucci) #56303 - [
eb2bf460b7] - assert: make partialDeepStrictEqual work with urls and File prototypes (Giovanni Bucci) #56231 - [
d184453b90] - assert: show diff when doing partial comparisons (Giovanni Bucci) #56211 - [
4aa1afd607] - benchmark: add validateStream to styleText bench (Rafael Gonzaga) #56556 - [
8bbdb1203e] - child_process: fix parsing messages with splitted length field (Maksim Gorkov) #56106 - [
d83d89a08e] - crypto: add missing return value check (Michael Dawson) #56615 - [
36dd9ecc41] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #56566 - [
3915152c36] - crypto: fix checkPrime crash with large buffers (Santiago Gimeno) #56559 - [
c8d1dcb063] - crypto: fix warning of ignoring return value (Cheng) #56527 - [
1994eaaf52] - crypto: make generatePrime/checkPrime interruptible (James M Snell) #56460 - [
5f1ee05390] - deps: update corepack to 0.31.0 (Node.js GitHub Bot) #56795 - [
9cfac712b8] - deps: move inspector_protocol to deps (Chengzhong Wu) #56649 - [
b2ec816a31] - deps: macro ENODATA is deprecated in libc++ (Cheng) #56698 - [
edd9361499] - deps: fixup some minor coverity warnings (James M Snell) #56612 - [
9ffe3ad4b1] - deps: update libuv to 1.50.0 (Node.js GitHub Bot) #56616 - [
73ad3ca238] - deps: update amaro to 0.3.0 (Node.js GitHub Bot) #56568 - [
0657f6270a] - deps: update amaro to 0.2.2 (Node.js GitHub Bot) #56568 - [
47fad8cbc0] - deps: update simdutf to 6.0.3 (Node.js GitHub Bot) #56567 - [
c9a211ae29] - diagnostics_channel: capture console messages (Stephen Belanger) #56292 - [
cf5d2d6598] - doc: move anatoli to emeritus (Michael Dawson) #56592 - [
5dd08d10be] - doc: fix styles of the expandable TOC (Antoine du Hamel) #56755 - [
09fb3adf80] - doc: add "Skip to content" button (Antoine du Hamel) #56750 - [
ad012ca1f3] - doc: improve accessibility of expandable lists (Antoine du Hamel) #56749 - [
38acdb57eb] - doc: add note regarding commit message trailers (Dario Piotrowicz) #56736 - [
f4a9b134c0] - doc: fix typo in example code for util.styleText (Robin Mehner) #56720 - [
8a61aaa734] - doc: fix inconsistencies inWeakSetandWeakMapcomparison details (Shreyans Pathak) #56683 - [
4ade128184] - doc: add RafaelGSS as latest sec release stewards (Rafael Gonzaga) #56682 - [
e1e1200b79] - doc: clarify cjs/esm diff inqueueMicrotask()vsprocess.nextTick()(Dario Piotrowicz) #56659 - [
57a7b931fb] - doc:WeakSetandWeakMapcomparison details (Shreyans Pathak) #56648 - [
56b21489f4] - doc: mention prepare --security (Rafael Gonzaga) #56617 - [
67f39b597a] - doc: tweak info on reposts in ambassador program (Michael Dawson) #56589 - [
6381e0761d] - doc: add type stripping to ambassadors program (Marco Ippolito) #56598 - [
9bd438acd3] - doc: improve internal documentation on built-in snapshot (Joyee Cheung) #56505 - [
f54118c84a] - doc: correct customization hook types & clarify descriptions (Jacob Smith) #56454 - [
6af5053153] - doc: document CLI way to open the nodejs/bluesky PR (Antoine du Hamel) #56506 - [
4a77a9e1eb] - doc: add history info for Permission Model (Antoine du Hamel) #56707 - [
097b8b4889] - doc: add note for features usingInternalWorkerwith permission model (Antoine du Hamel) #56706 - [
f600466c73] - doc: add section about using npx with permission model (Rafael Gonzaga) #56539 - [
c2d5a0c629] - doc: update gcc-version for ubuntu-lts (Kunal Kumar) #56553 - [
202af46793] - doc: fix parentheses in options (Tobias NieΓen) #56563 - [
4e4b0c63d0] - doc: fix location of NO_COLOR in CLI docs (Colin Ihrig) #56525 - [
92eeeb98a5] - doc: include CVE to EOL lines as sec release process (Rafael Gonzaga) #56520 - [[
233a6a93a1](https://gi...
2025-01-21, Version 23.6.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
- CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
- CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
- CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
- CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits
- [
f2ad4d3af8] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#654 - [
0afc6f9600] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (RafaelGSS) nodejs-private/node-private#555 - [
3c7686163e] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650 - [
51938f023a] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#629
2025-01-21, Version 22.13.1 'Jod' (LTS), @RafaelGSS
This is a security release.
Notable Changes
- CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
- CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
- CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
- CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits
- [
520da342e0] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#662 - [
99f217369f] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias NieΓen) nodejs-private/node-private#555 - [
984f735e35] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650 - [
2446870618] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#651
2025-01-21, Version 20.18.2 'Iron' (LTS), @RafaelGSS
This is a security release.
Notable Changes
- CVE-2025-23083 - throw on InternalWorker use when permission model is enabled (High)
- CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
- CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
- CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits
- [
df8b9f2c3e] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#663 - [
42d5821873] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias NieΓen) nodejs-private/node-private#555 - [
8187a4b9bb] - src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) - [
389f239a28] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#652
2025-01-21, Version 18.20.6 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
Notable Changes
- CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
- CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
- CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits
- [
c03ad5ed63] - build: use rclone instead of aws CLI (MichaΓ«l Zasso) #55617 - [
8232463294] - build, tools: drop leading/fromr2dir(Richard Lau) #53951 - [
b26bcd3394] - build, tools: copy release assets to staging R2 bucket once built (flakey5) #51394 - [
56df127b7b] - build,tools: simplify upload of shasum signatures (MichaΓ«l Zasso) #53892 - [
a63e9372ed] - (CVE-2025-22150) deps: update undici to v5.28.5 (Matteo Collina) nodejs-private/node-private#657 - [
da2d177f91] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias NieΓen) nodejs-private/node-private#555 - [
6cc8d58e6f] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650
2025-01-07, Version 23.6.0 (Current), @marco-ippolito
v23.6.0
This tag was signed with the committerβs verified signature.
marco-ippolito
Marco Ippolito
9fa6aeb
This commit was signed with the committerβs verified signature.
marco-ippolito
Marco Ippolito
Notable Changes
Unflagging --experimental-strip-types
This release enables the flag --experimental-strip-types by default.
Node.js will be able to execute TypeScript files without additional configuration:
node file.tsThere are some limitations in the supported syntax documented at https://nodejs.org/api/typescript.html#type-stripping
This feature is experimental and is subject to change.
Contributed by Marco Ippolito in #56350
Other Notable Changes
- [
c1023284c3] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #56359 - [
8dc39e5e2e] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #56400 - [
8b20cc212b] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #56394
Commits
- [
7b4d288116] - assert: make partialDeepStrictEqual throw when comparing [0] with [-0] (Giovanni) #56237 - [
0ec2ed0a0b] - build: fix GN build for ngtcp2 (Cheng) #56300 - [
ab3e64630b] - build: test macos-13 on GitHub actions (MichaΓ«l Zasso) #56307 - [
46fb69daca] - build: build v8 with -fvisibility=hidden on macOS (Joyee Cheung) #56275 - [
9d4930b993] - deps: update simdutf to 5.7.2 (Node.js GitHub Bot) #56388 - [
6afe36397e] - deps: update amaro to 0.2.1 (Node.js GitHub Bot) #56390 - [
195990a0ee] - deps: update googletest to 7d76a23 (Node.js GitHub Bot) #56387 - [
b9c0852fc6] - deps: update googletest to e54519b (Node.js GitHub Bot) #56370 - [
eaefd90128] - deps: update ngtcp2 to 1.10.0 (Node.js GitHub Bot) #56334 - [
06de0c65cf] - deps: update simdutf to 5.7.0 (Node.js GitHub Bot) #56332 - [
03df76cdec] - doc: add example for piping ReadableStream (Gabriel Schulhof) #56415 - [
38ce249b07] - doc: expand description ofparseArg'sdefault(Kevin Gibbons) #54431 - [
ecc718cef2] - doc: use<ul>instead of<ol>inSECURITY.md(Antoine du Hamel) #56346 - [
3db4809130] - doc: clarify that WASM is trusted (Matteo Collina) #56345 - [
384ccbacd5] - doc: update macOS and Xcode versions for releases (MichaΓ«l Zasso) #56337 - [
3943986e88] - doc: fix thecrc32documentation (Kevin Toshihiro Uehara) #55898 - [
710b8fc6ed] - doc: add entry to changelog about SQLite Session Extension (Bart Louwers) #56318 - [
4c978b4d77] - doc: fix links inmodule.md(Antoine du Hamel) #56283 - [
cdb631efe7] - esm: add experimental support for addon modules (Chengzhong Wu) #55844 - [
db83d2f0ee] - Revert "events: add hasEventListener util for validate" (origranot) #56282 - [
c2baae84ce] - lib: refactor execution.js (Marco Ippolito) #56358 - [
c1023284c3] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #56359 - [
e4b795ec4a] - lib: optimizeprepareStackTraceon builtin frames (Chengzhong Wu) #56299 - [
d1b009b623] - lib: suppress source map lookup exceptions (Chengzhong Wu) #56299 - [
c2837f0805] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #56342 - [
72336233f2] - meta: move MoLow to TSC regular member (Moshe Atlow) #56276 - [
4f77920a9d] - module: fix async resolution error within the syncfindPackageJSON(Jacob Smith) #56382 - [
e5ba216501] - (SEMVER-MINOR) module: unflag --experimental-strip-types (Marco Ippolito) #56350 - [
959f133a22] - module: support eval with ts syntax detection (Marco Ippolito) #56285 - [
717cfa4fac] - module: use buffer.toString base64 (Chengzhong Wu) #56315 - [
c2f4d8d688] - node-api: define version 10 (Gabriel Schulhof) #55676 - [
417a8ebdec] - node-api: remove deprecated attribute from napi_module_register (Vladimir Morozov) #56162 - [
8dc39e5e2e] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #56400 - [
d194f1ab5f] - sqlite: pass conflict type to conflict resolution handler (Bart Louwers) #56352 - [
29f5d70452] - src: use v8::LocalVector consistently with other minor cleanups (James M Snell) #56417 - [
2a5543b78e] - src: use starts_with in fs_permission.cc (ishabi) #55811 - [
3a3f5c9a64] - stream: validate undefined sizeAlgorithm in WritableStream (Jason Zhang) #56067 - [
6e6f6b071a] - test: add ts eval snapshots (Marco Ippolito) #56358 - [
8a87e39052] - test: remove empty lines from snapshots (Marco Ippolito) #56358 - [
510649f617] - test: use unusual chars in the path to ensure our tests are robust (Antoine du Hamel) #48409 - [
54f6d681a0] - test: remove flaky designation (Luigi Pinca) #56369 - [
20ace0bb01] - test: remove test-worker-arraybuffer-zerofill flaky designation (Luigi Pinca) #56364 - [
b757e40525] - test: remove test-net-write-fully-async-hex-string flaky designation (Luigi Pinca) #56365 - [
64556baddc] - test: improve abort signal dropping test (Edy Silva) #56339 - [
accbdad329] - test: enable ts test on win arm64 (Marco Ippolito) #56349 - [
4188ee00d1] - test: deflake test-watch-file-shared-dependency (Luigi Pinca) [#56344](https://github.com/...
2025-01-07, Version 22.13.0 'Jod' (LTS), @ruyadorno
Notable Changes
Stabilize Permission Model
Upgrades the Permission Model status from Active Development to Stable.
Contributed by Rafael Gonzaga #56201
Graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable
Following the merge of Curve25519 into the Web Cryptography API Editor's Draft the Ed25519 and X25519 algorithm identifiers are now stable and will no longer emit an ExperimentalWarning upon use.
Contributed by (Filip Skokan) #56142
Other Notable Changes
- [
05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #54630 - [
a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604 - [
ba9d5397de] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #56087 - [
f6d0c01303] - doc: stabilize util.styleText (Rafael Gonzaga) #56265 - [
34c68827af] - doc: move typescript support to active development (Marco Ippolito) #55536 - [
dd14b80350] - doc: add LJHarb to collaborators (Jordan Harband) #56132 - [
5263086169] - (SEMVER-MINOR) doc: add report version and history section (Chengzhong Wu) #56130 - [
8cb3c2018d] - (SEMVER-MINOR) doc: sort --report-exclude alphabetically (Rafael Gonzaga) #55788 - [
55239a48b6] - (SEMVER-MINOR) doc,lib,src,test: unflag sqlite module (Colin Ihrig) #55890 - [
7cbe3de1d8] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 - [
6575b76042] - (SEMVER-MINOR) module: add module.stripTypeScriptTypes (Marco Ippolito) #55282 - [
bacfe6d5c9] - (SEMVER-MINOR) net: support blocklist in net.connect (theanarkh) #56075 - [
b47888d390] - (SEMVER-MINOR) net: support blocklist for net.Server (theanarkh) #56079 - [
566f0a1d25] - (SEMVER-MINOR) net: add SocketAddress.parse (James M Snell) #56076 - [
ed7eab1421] - (SEMVER-MINOR) net: add net.BlockList.isBlockList(value) (James M Snell) #56078 - [
ea4891856d] - (SEMVER-MINOR) process: deprecatefeatures.{ipv6,uv}andfeatures.tls_*(RenΓ©) #55545 - [
01eb308f26] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 - [
97c38352d0] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 - [
b4041e554a] - (SEMVER-MINOR) sqlite: addStatementSync.prototype.iteratemethod (tpoisseau) #54213 - [
2e3ca1bbdd] - (SEMVER-MINOR) src: add cli option to preserve env vars on diagnostic reports (Rafael Gonzaga) #55697 - [
bcfe9c80fc] - (SEMVER-MINOR) util: add sourcemap support to getCallSites (Marco Ippolito) #55589
Commits
- [
e9024779c0] - assert: make Maps be partially compared in partialDeepStrictEqual (Giovanni Bucci) #56195 - [
4c13d8e587] - assert: make partialDeepStrictEqual work with ArrayBuffers (Giovanni Bucci) #56098 - [
a4fa31a86e] - assert: optimize partial comparison of twoSets (Antoine du Hamel) #55970 - [
05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #54630 - [
5e1321abd7] - buffer: document concat zero-fill (Duncan) #55562 - [
be5ba7c648] - build: set DESTCPU correctly for 'make binary' on loongarch64 (ε΄ε°η½) #56271 - [
38cf37ee2d] - build: fix missing fp16 dependency in d8 builds (Joyee Cheung) #56266 - [
dbb7557455] - build: add major release action (Rafael Gonzaga) #56199 - [
27cc90f3be] - build: fix C string encoding forPRODUCT_DIR_ABS(Anna Henningsen) #56111 - [
376561c2b4] - build: use variable for simdutf path (Shelley Vohr) #56196 - [
126ae15000] - build: allow overriding clang usage (Shelley Vohr) #56016 - [
97bb8f7c76] - build: remove defaults for create-release-proposal (Rafael Gonzaga) #56042 - [
a8fb1a06f3] - build: set node_arch to target_cpu in GN (Shelley Vohr) #55967 - [
9f48ca27f1] - build: use variable for crypto dep path (Shelley Vohr) #55928 - [
e47ccd2287] - build: fix GN build for sqlite (Cheng) #55912 - [
8d70b99a5a] - build: compile bundled simdutf conditionally (Jakub Jirutka) #55886 - [
826fd35242] - build: compile bundled simdjson conditionally (Jakub Jirutka) #55886 - [
1015b22085] - build: compile bundled ada conditionally (Jakub Jirutka) #55886 - [
77e2869ca6] - build: use glob for dependencies of out/Makefile (Richard Lau) #55789 - [
a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604 - [
72e8e0684e] - crypto: graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 - [
fe2b344ddb] - crypto: ensure CryptoKey usages and algorithm are cached objects (Filip Skokan) #56108 - [
9ee9f524a7] - crypto: allow non-multiple of 8 in SubtleCrypto.deriveBits (Filip Skokan) #55296 - [
76f242d993] - deps: update nghttp3 to 1.6.0 (Node.js GitHub Bot) #56258 - [
c7ff2ea6b5] - deps: update simdutf to 5.6.4 (Node.js GitHub Bot) #56255 - [
04230be1ef] - deps: update libuv to 1.49.2 (Luigi Pinca) #56224 - [
88589b85b7] - deps: updat...