OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
39,962 Commits 30 Branches 683 Tags
37d4f08cbd38c723fee0cc36c811ec3c2930a2e9
Commit Graph

39962 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Antoine du Hamel
37d4f08cbd esm: rename error code related to import attributes 
PR-URL: https://github.com/nodejs/node/pull/50181
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com>
 2023-10-18 14:27:55 +00:00
Yagiz Nizipli
dab9505829 test: set sea snapshot tests as flaky 
PR-URL: https://github.com/nodejs/node/pull/50223
Refs: https://github.com/nodejs/node/issues/49630
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
 2023-10-18 14:05:39 +00:00
Colin Ihrig
f971106072 fs: add flush option to appendFile() functions 
This commit adds documentation and tests for the 'flush' option
of the fs.appendFile family of functions. Technically, support
was indirectly added in #50009, but this makes it more official.

Refs: https://github.com/nodejs/node/issues/49886
Refs: https://github.com/nodejs/node/pull/50009
PR-URL: https://github.com/nodejs/node/pull/50095
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
 2023-10-18 01:51:41 +00:00
Peter Johnson
09f80a9f64 doc: fix typo in dgram docs 
PR-URL: https://github.com/nodejs/node/pull/50211
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br>
 2023-10-18 00:46:38 +00:00
Vinicius Lourenço
6dadb99891 doc: fix H4ad collaborator sort 
PR-URL: https://github.com/nodejs/node/pull/50218
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
 2023-10-17 19:31:49 +00:00
Vinícius Lourenço
3973568041 doc: add H4ad to collaborators 
Fixes: https://github.com/nodejs/node/issues/50103
PR-URL: https://github.com/nodejs/node/pull/50217
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Raz Luvaton <rluvaton@gmail.com>
 2023-10-17 16:12:07 -03:00
Robert Nagy
4e70d23476 stream: reduce scope of readable bitmap details 
PR-URL: https://github.com/nodejs/node/pull/49963
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Raz Luvaton <rluvaton@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
 2023-10-17 12:09:34 -07:00
RafaelGSS
ed16a46481 2023-10-17, Version 21.0.0 (Current) 
Notable Changes:

doc:
  * promote fetch/webstreams from experimental to stable (Steven) https://github.com/nodejs/node/pull/45684
esm:
  * use import attributes instead of import assertions (Antoine du Hamel) https://github.com/nodejs/node/pull/50140
  * --experimental-default-type flag to flip module defaults (Geoffrey Booth) https://github.com/nodejs/node/pull/49869
  * remove `globalPreload` hook (superseded by `initialize`) (Jacob Smith) https://github.com/nodejs/node/pull/49144
fs:
  * add flush option to writeFile() functions (Colin Ihrig) https://github.com/nodejs/node/pull/50009
  * (SEMVER-MAJOR) add globSync implementation (Moshe Atlow) https://github.com/nodejs/node/pull/47653
http:
  * (SEMVER-MAJOR) reduce parts in chunked response when corking (Robert Nagy) https://github.com/nodejs/node/pull/50167
lib:
  * (SEMVER-MINOR) add WebSocket client (Matthew Aitken) https://github.com/nodejs/node/pull/49830
  * (SEMVER-MAJOR) add `navigator.hardwareConcurrency` (Yagiz Nizipli) https://github.com/nodejs/node/pull/47769
stream:
  * optimize Writable (Robert Nagy) https://github.com/nodejs/node/pull/50012
test_runner:
  * (SEMVER-MAJOR) support passing globs (Moshe Atlow) https://github.com/nodejs/node/pull/47653
vm:
  * use default HDO when importModuleDynamically is not set (Joyee Cheung) https://github.com/nodejs/node/pull/49950

Semver-Major Commits:

* (SEMVER-MAJOR) build: drop support for Visual Studio 2019 (Michaël Zasso) https://github.com/nodejs/node/pull/49051
* (SEMVER-MAJOR) build: bump supported macOS and Xcode versions (Michaël Zasso) https://github.com/nodejs/node/pull/49164
* (SEMVER-MAJOR) crypto: do not overwrite \_writableState.defaultEncoding (Tobias Nießen) https://github.com/nodejs/node/pull/49140
* (SEMVER-MAJOR) deps: bump minimum ICU version to 73 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) deps: update V8 to 11.8.172.13 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) deps: update llhttp to 9.1.2 (Paolo Insogna) https://github.com/nodejs/node/pull/48981
* (SEMVER-MAJOR) events: validate options of `on` and `once` (Deokjin Kim) https://github.com/nodejs/node/pull/46018
* (SEMVER-MAJOR) fs: adjust `position` validation in reading methods (Livia Medeiros) https://github.com/nodejs/node/pull/42835
* (SEMVER-MAJOR) fs: add globSync implementation (Moshe Atlow) https://github.com/nodejs/node/pull/47653
* (SEMVER-MAJOR) http: reduce parts in chunked response when corking (Robert Nagy) https://github.com/nodejs/node/pull/50167
* (SEMVER-MAJOR) lib: mark URL/URLSearchParams as uncloneable and untransferable (Chengzhong Wu) https://github.com/nodejs/node/pull/47497
* (SEMVER-MAJOR) lib: remove aix directory case for package reader (Yagiz Nizipli) https://github.com/nodejs/node/pull/48605
* (SEMVER-MAJOR) lib: add `navigator.hardwareConcurrency` (Yagiz Nizipli) https://github.com/nodejs/node/pull/47769
* (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) https://github.com/nodejs/node/pull/47202
* (SEMVER-MAJOR) module: harmonize error code between ESM and CJS (Antoine du Hamel) https://github.com/nodejs/node/pull/48606
* (SEMVER-MAJOR) net: do not treat `server.maxConnections=0` as `Infinity` (ignoramous) https://github.com/nodejs/node/pull/48276
* (SEMVER-MAJOR) net: only defer \_final call when connecting (Jason Zhang) https://github.com/nodejs/node/pull/47385
* (SEMVER-MAJOR) node-api: rename internal NAPI\_VERSION definition (Chengzhong Wu) https://github.com/nodejs/node/pull/48501
* (SEMVER-MAJOR) src: update NODE\_MODULE\_VERSION to 120 (Michaël Zasso) https://github.com/nodejs/node/pull/49639
* (SEMVER-MAJOR) src: throw DOMException on cloning non-serializable objects (Chengzhong Wu) https://github.com/nodejs/node/pull/47839
* (SEMVER-MAJOR) src: throw DataCloneError on transfering untransferable objects (Chengzhong Wu) https://github.com/nodejs/node/pull/47604
* (SEMVER-MAJOR) stream: use private properties for strategies (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) stream: use private properties for encoding (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) stream: use private properties for compression (Yagiz Nizipli) https://github.com/nodejs/node/pull/47218
* (SEMVER-MAJOR) test\_runner: disallow array in `run` options (Raz Luvaton) https://github.com/nodejs/node/pull/49935
* (SEMVER-MAJOR) test\_runner: support passing globs (Moshe Atlow) https://github.com/nodejs/node/pull/47653
* (SEMVER-MAJOR) tls: use `validateNumber` for `options.minDHSize` (Deokjin Kim) https://github.com/nodejs/node/pull/49973
* (SEMVER-MAJOR) tls: use validateFunction for `options.checkServerIdentity` (Deokjin Kim) https://github.com/nodejs/node/pull/49896
* (SEMVER-MAJOR) util: runtime deprecate `promisify`-ing a function returning a `Promise` (Antoine du Hamel) https://github.com/nodejs/node/pull/49609
* (SEMVER-MAJOR) vm: freeze `dependencySpecifiers` array (Antoine du Hamel) https://github.com/nodejs/node/pull/49720

PR-URL: https://github.com/nodejs/node/pull/49870
Co-authored-by: Michaël Zasso <targos@protonmail.com>
 2023-10-17 12:45:37 -03:00
Michaël Zasso
9f46adf5bc deps: patch V8 to 11.8.172.15 
Refs: https://github.com/v8/v8/compare/11.8.172.13...11.8.172.15
PR-URL: https://github.com/nodejs/node/pull/50114
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
 2023-10-17 15:16:23 +00:00
Joyee Cheung
c2d79208d6 vm: reject in importModuleDynamically without --experimental-vm-modules 
Users cannot access any API that can be used to return a module or
module namespace in this callback without --experimental-vm-modules
anyway, so this would eventually lead to a rejection. This patch
rejects in this case with our own error message and use a constant
host-defined option for the rejection, so that scripts with the
same source can still be compiled using the compilation cache
if no `import()` is actually called in the script.

PR-URL: https://github.com/nodejs/node/pull/50137
Refs: https://github.com/nodejs/node/issues/35375
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
 2023-10-17 13:24:54 +00:00
Joyee Cheung
a3407b4ee8 vm: use internal versions of compileFunction and Script 
Instead of using the public versions of the vm APIs internally,
use the internal versions so that we can skip unnecessary
argument validation.

The public versions would need special care to the generation
of host-defined options to hit the isolate compilation cache
when imporModuleDynamically isn't used, while internally it's
almost always used, so this allows us to handle the host-defined
options separately.

PR-URL: https://github.com/nodejs/node/pull/50137
Refs: https://github.com/nodejs/node/issues/35375
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
 2023-10-17 13:24:53 +00:00
Joyee Cheung
f7cdac091a vm: unify host-defined option generation in vm.compileFunction 
Set a default host-defined option for vm.compileFunction so that
it's consistent with vm.Script.

PR-URL: https://github.com/nodejs/node/pull/50137
Refs: https://github.com/nodejs/node/issues/35375
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
 2023-10-17 13:24:51 +00:00
Vinicius Lourenço
badba8ceb6 lib: reduce overhead of blob clone 
PR-URL: https://github.com/nodejs/node/pull/50110
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
 2023-10-17 06:23:40 +00:00
Rafael Gonzaga
ea595ebbf2 doc: update release-stewards with last sec-release 
PR-URL: https://github.com/nodejs/node/pull/50179
Refs: https://github.com/nodejs-private/node-private/issues/485
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
 2023-10-16 23:01:31 +00:00
Rafael Gonzaga
db07c35120 doc: add command to keep major branch sync 
PR-URL: https://github.com/nodejs/node/pull/50102
Reviewed-By: Richard Lau <rlau@redhat.com>
 2023-10-16 23:01:19 +00:00
Alex Yang
ef7363e507 stream: allow pass stream class to stream.compose 
PR-URL: https://github.com/nodejs/node/pull/50187
Fixes: https://github.com/nodejs/node/issues/50176
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
 2023-10-16 17:38:03 -05:00
Shi Pujin
4032ad593c doc: add loong64 to list of architectures 
PR-URL: https://github.com/nodejs/node/pull/50172
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
 2023-10-16 20:19:31 +00:00
Michael Dawson
356b4a268a doc: update security release process 
- update security release process to reflect current way to
  ask for tweet to amplify security release blog posts.

Signed-off-by: Michael Dawson <midawson@redhat.com>

PR-URL: https://github.com/nodejs/node/pull/50166
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
 2023-10-16 15:13:00 -04:00
Tobias Nießen
0c5696248b test: fix defect path traversal tests 
The test never actually tested what it claims to test because it did not
properly insert separators before `..`.

PR-URL: https://github.com/nodejs/node/pull/50124
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
 2023-10-16 15:50:28 +00:00
Jungku Lee
f09a50c39d tools: update comment in update-uncidi.sh and acorn_version.h 
PR-URL: https://github.com/nodejs/node/pull/50175
Fixes: https://github.com/nodejs/node/issues/50159
Refs: https://github.com/nodejs/node/pull/50165
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
 2023-10-15 22:28:23 +02:00
Raz Luvaton
3907bd18f8 stream: call helper function from push and unshift 
PR-URL: https://github.com/nodejs/node/pull/50173
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
 2023-10-15 18:31:08 +00:00
Joyee Cheung
00de2faf78 deps: V8: cherry-pick 25902244ad1a 
Original commit message:

    [api] add line breaks to the output of Message::PrintCurrentStackTrace

    Previously this prints the stack trace without line breaks and it
    can be difficult to read. This also affects
    --abort-on-uncaught-exception. This patch adds line breaks to the
    output to improve readability.

    Change-Id: I4c44b529f8c829329f784b0859b1d13c9ec56838
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4925009
    Reviewed-by: Leszek Swirski <leszeks@chromium.org>
    Commit-Queue: Joyee Cheung <joyee@igalia.com>
    Cr-Commit-Position: refs/heads/main@{#90360}

Refs: 25902244ad
PR-URL: https://github.com/nodejs/node/pull/50156
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Debadree Chatterjee <debadree333@gmail.com>
 2023-10-15 16:30:13 +00:00
Mohammed Keyvanzadeh
31bde06233 tools: refactor checkimports.py 
- Use f-strings for formatting.
- Use raw strings for regexes alongside f-strings.
- Use a generator.
- Remove unnecessary `else` clause.

PR-URL: https://github.com/nodejs/node/pull/50011
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Christian Clauss <cclauss@me.com>
 2023-10-15 15:14:57 +00:00
Robert Nagy
d68d0eacaa http: reduce parts in chunked response when corking 
Refs: https://github.com/nodejs/performance/issues/57

PR-URL: https://github.com/nodejs/node/pull/50167
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
 2023-10-15 12:19:48 +00:00
Chengzhong Wu
8609915951 doc: improve ccache explanation 
ccache improves the build speed significantly only when the branch was
built before. Building fresh branches with major changes are not
benefited from ccache.

PR-URL: https://github.com/nodejs/node/pull/50133
Fixes: https://github.com/nodejs/node/issues/49967
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
 2023-10-15 10:55:36 +00:00
Vinicius Lourenço
33c87ec096 benchmark: fix race condition on fs benchs 
PR-URL: https://github.com/nodejs/node/pull/50035
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
 2023-10-15 10:55:27 +00:00
Aras Abbasi
0f0dd1a493 os: cache homedir, remove getCheckedFunction 
PR-URL: https://github.com/nodejs/node/pull/50037
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
 2023-10-15 06:50:31 +00:00
Robert Nagy
aad8002b88 stream: use private symbol for bitmap state 
PR-URL: https://github.com/nodejs/node/pull/49993
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Raz Luvaton <rluvaton@gmail.com>
 2023-10-14 14:50:30 -07:00
Rafael Gonzaga
3c0ec61c4b benchmark: add warmup to accessSync bench 
PR-URL: https://github.com/nodejs/node/pull/50073
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
 2023-10-14 19:51:30 +00:00
Yagiz Nizipli
18a818744f fs: improve error performance of readdirSync 
PR-URL: https://github.com/nodejs/node/pull/50131
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
 2023-10-14 19:35:01 +00:00
Niklas Mollenhauer
9df864ddeb typings: use Symbol.dispose and Symbol.asyncDispose in types 
PR-URL: https://github.com/nodejs/node/pull/50123
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Debadree Chatterjee <debadree333@gmail.com>
 2023-10-14 06:41:59 +00:00
Antoine du Hamel
d1ef6aa2db esm: use import attributes instead of import assertions 
The old import assertions proposal has been
renamed to "import attributes" with the follwing major changes:

1. The keyword is now `with` instead of `assert`.
2. Unknown assertions cause an error rather than being ignored,

This commit updates the documentation to encourage folks to use the new
syntax, and add aliases for module customization hooks.

PR-URL: https://github.com/nodejs/node/pull/50140
Fixes: https://github.com/nodejs/node/issues/50134
Refs: 159c82c5e6
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
 2023-10-14 03:52:38 +00:00
Tobias Nießen
f447a4611a permission: fix Uint8Array path traversal 
Previous security patches addressed path traversal vulnerabilities for
string and Buffer inputs, but ignored Uint8Array inputs. This commit
fixes the existing logic to account for the latter.

The previous implementation would silently ignore unexpected inputs,
whereas this commit introduces an explicit assertion to prevent that
unsafe behavior.

PR-URL: https://github.com/nodejs-private/node-private/pull/456
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2023-39332
 2023-10-13 18:05:15 -03:00
Tobias Nießen
32bcf4ca27 permission: improve path traversal protection 
Always use the original implementation of pathModule.resolve. If the
application overwrites the value of pathModule.resolve with a custom
implementation, it should not have any effect on the permission model.

PR-URL: https://github.com/nodejs-private/node-private/pull/456
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2023-39331
 2023-10-13 18:05:10 -03:00
Tobias Nießen
3b23b2ee53 module: fix code injection through export names 
createDynamicModule() properly escapes import names, but not export
names. In WebAssembly, any string is a valid export name. Importing a
WebAssembly module that uses a non-identifier export name leads to
either a syntax error in createDynamicModule() or to code injection,
that is, to the evaluation of almost arbitrary JavaScript code outside
of the WebAssembly module.

To address this issue, adopt the same mechanism in createExport() that
createImport() already uses. Add tests for both exports and imports.

PR-URL: https://github.com/nodejs-private/node-private/pull/461
Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/489
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2023-39333
 2023-10-13 18:03:52 -03:00
Tobias Nießen
e673c03629 policy: use tamper-proof integrity check function 
Using the JavaScript Hash class is unsafe because its internals can be
tampered with. In particular, an application can cause
Hash.prototype.digest() to return arbitrary values, thus allowing to
circumvent the integrity verification that policies are supposed to
guarantee.

Add and use a new C++ binding internalVerifyIntegrity() that (hopefully)
cannot be tampered with from JavaScript.

PR-URL: https://github.com/nodejs-private/node-private/pull/462
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2023-38552
 2023-10-13 18:03:19 -03:00
RafaelGSS
937ea06fd5 2023-10-13, Version 18.18.2 'Hydrogen' (LTS) 
This is a security release.

Notable changes:

* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High)
* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High)
* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium)
* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low)

PR-URL: https://github.com/nodejs-private/node-private/pull/492
 2023-10-13 17:52:15 -03:00
RafaelGSS
deeffa0388 2023-10-13, Version 20.8.1 (Current) 
This is a security release.

Notable changes:

* CVE-2023-44487: `nghttp2` Security Release (High)
* CVE-2023-45143: `undici` Security Release (High)
* CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
* CVE-2023-39331: Permission model improperly protects against path traversal (High)
* CVE-2023-38552:  Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)

PR-URL: https://github.com/nodejs-private/node-private/pull/491
 2023-10-13 17:25:50 -03:00
Tobias Nießen
bac85be22d meta: ping TSC for offboarding 
Refs: https://github.com/nodejs/node/pull/49264
PR-URL: https://github.com/nodejs/node/pull/50147
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tierney Cyren <hello@bnb.im>
Reviewed-By: Rich Trott <rtrott@gmail.com>
 2023-10-13 16:55:57 +00:00
Niya Shiyas
41e4174945 test: replace forEach with for..of in test-net-isipv6.js 
PR-URL: https://github.com/nodejs/node/pull/49823
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
 2023-10-13 16:28:48 +02:00
npm CLI robot
ca25d564c6 deps: upgrade npm to 10.2.0 
PR-URL: https://github.com/nodejs/node/pull/50027
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
 2023-10-13 13:55:37 +00:00
Keksonoid
766198b9e1 tools: fix comments referencing dep_updaters scripts 
PR-URL: https://github.com/nodejs/node/pull/50165
Fixes: https://github.com/nodejs/node/issues/50159
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
 2023-10-13 00:08:05 +02:00
Abdirahim Musse
f0e720a7fa test: add EOVERFLOW as an allowed error 
in test-fs-read-promises-position-validation.mjs

As stated in https://github.com/nodejs/node/issues/50054

This looks like an oversight as
test-fs-read-position-validation.mjs includes
EOVERFLOW as an allowed error.

Fixes https://github.com/nodejs/node/issues/50054

PR-URL: https://github.com/nodejs/node/pull/50128
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
 2023-10-12 19:13:09 +00:00
Michael Dawson
971af4b211 quic: fix up coverity warning in quic/session.cc 
- add CHECK around SocketAddress::New like we have in other
  places as suggested by Coverity scan

Signed-off-by: Michael Dawson <midawson@redhat.com>

PR-URL: https://github.com/nodejs/node/pull/49865
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
 2023-10-12 13:03:41 -04:00
Michael Dawson
c1a3a98560 wasi: address coverity warning 
- add check for case when trying to provide
  a better Exception fails
- the code was modified to avoid a CHECK_EQ in all
  cases in https://github.com/nodejs/node/pull/31076,
  however, I believe that if we fail to create the exeption
  to throw instead of simply returning using a CHECK makes
  more sense. I think it should also address the coverity
  warning about not initializing in the constructor.

Signed-off-by: Michael Dawson <midawson@redhat.com>

PR-URL: https://github.com/nodejs/node/pull/49866
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
 2023-10-12 13:02:33 -04:00
Yagiz Nizipli
d3985296a9 fs: fix unlinkSync typings 
PR-URL: https://github.com/nodejs/node/pull/49859
Refs: https://github.com/nodejs/performance/issues/106
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
 2023-10-12 11:14:37 -04:00
CanadaHonk
6bc7fa7906 fs: improve error perf of sync chmod+fchmod 
PR-URL: https://github.com/nodejs/node/pull/49859
Refs: https://github.com/nodejs/performance/issues/106
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
 2023-10-12 11:14:34 -04:00
CanadaHonk
6bd77db41f fs: improve error perf of sync *times 
PR-URL: https://github.com/nodejs/node/pull/49864
Refs: https://github.com/nodejs/performance/issues/106
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
 2023-10-12 11:12:19 -04:00
Vinicius Lourenço
a85e4186e5 stream: reduce overhead of transfer 
PR-URL: https://github.com/nodejs/node/pull/50107
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
 2023-10-12 14:37:41 +00:00
翠 / green
760b5dd259 tools: remove no-return-await lint rule 
no-return-await rule was deprecated in ESLint 8.46.0. According to the
ESLint docs removing `await` can make the code slower.

Refs: https://eslint.org/docs/latest/rules/no-return-await
PR-URL: https://github.com/nodejs/node/pull/50118
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
 2023-10-12 10:40:21 +00:00