Releases: nodejs/node
2023-11-29, Version 18.19.0 'Hydrogen' (LTS), @targos
Notable Changes
npm updated to v10
After two months of baking time in Node.js 20, npm 10 is backported, so that all
release lines include a supported version of npm. This release includes npm v10.2.3.
Refer to nodejs/Release#884 for the plan to land npm 10.
ESM and customization hook changes
Leverage loaders when resolving subsequent loaders
Loaders now apply to subsequent loaders, for example: --experimental-loader ts-node --experimental-loader loader-written-in-typescript.
Contributed by MaΓ«l Nison in #43772.
New node:module API register for module customization hooks; new initialize hook
There is a new API register available on node:module to specify a file that exports module customization hooks, and pass data to the hooks, and establish communication channels with them. The βdefine the file with the hooksβ part was previously handled by a flag --experimental-loader, but when the hooks moved into a dedicated thread in 20.0.0 there was a need to provide a way to communicate between the main (application) thread and the hooks thread. This can now be done by calling register from the main thread and passing data, including MessageChannel instances.
We encourage users to migrate to an approach that uses --import with register, such as:
node --import ./file-that-calls-register.js ./app.jsUsing --import ensures that the customization hooks are registered before any application code runs, even the entry point.
Contributed by JoΓ£o Lenon and Jacob Smith in #46826, Izaak Schroeder and Jacob Smith in #48842 and #48559.
import.meta.resolve unflagged
In ES modules, import.meta.resolve(specifier)
can be used to get an absolute URL string to which specifier resolves, similar
to require.resolve in CommonJS. This aligns Node.js with browsers and other server-side runtimes.
Contributed by Guy Bedford in #49028.
--experimental-default-type flag to flip module defaults
The new flag --experimental-default-type can be used to flip the default
module system used by Node.js. Input that is already explicitly defined as ES
modules or CommonJS, such as by a package.json "type" field or .mjs/.cjs
file extension or the --input-type flag, is unaffected. What is currently
implicitly CommonJS would instead be interpreted as ES modules under
--experimental-default-type=module:
-
String input provided via
--evalor STDIN, if--input-typeis unspecified. -
Files ending in
.jsor with no extension, if there is nopackage.jsonfile
present in the same folder or any parent folder. -
Files ending in
.jsor with no extension, if the nearest parent
package.jsonfield lacks atypefield; unless the folder is inside a
node_modulesfolder.
In addition, extensionless files are interpreted as Wasm if
--experimental-wasm-modules is passed and the file contains the "magic bytes"
Wasm header.
Contributed by Geoffrey Booth in #49869.
Other ESM-related changes
- [
ed2d46f4cc] - doc: move and rename loaders section (Geoffrey Booth) #49261 - [
92734d4480] - esm: use import attributes instead of import assertions (Antoine du Hamel) #50140 - [
e96f7ef881] - (SEMVER-MINOR) vm: use import attributes instead of import assertions (Antoine du Hamel) #50141
Test runner changes
Many changes to the built-in test runner have been backported. This includes
the following additions:
- [
b283ae4238] - (SEMVER-MINOR) test_runner: accepttestOnlyinrun(Moshe Atlow) #49753 - [
059b1945d8] - (SEMVER-MINOR) test_runner: add junit reporter (Moshe Atlow) #49614 - [
d61a505546] - (SEMVER-MINOR) test_runner: expose location of tests (Colin Ihrig) #48975 - [
b55eb2a8d1] - (SEMVER-MINOR) test_runner: add shards support (Raz Luvaton) #48639 - [
05e7f28b40] - (SEMVER-MINOR) test_runner: add initial draft for fakeTimers (Erick Wendel) #47775 - [
428301ad27] - (SEMVER-MINOR) test_runner, cli: add --test-concurrency flag (Colin Ihrig) #49996
Other notable changes
- [
0c4a84e8e9] - (SEMVER-MINOR) deps: update uvwasi to 0.0.19 (Node.js GitHub Bot) #49908 - [
fae60c5841] - stream: use bitmap in readable state (Benjamin Gruenbaum) #49745 - [
17246be158] - (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled (ηΏ / green) #46391 - [
2e9f7284a1] - (SEMVER-MINOR) lib: add tracing channel to diagnostics_channel (Stephen Belanger) #44943 - [
cc7bf1f641] - (SEMVER-MINOR) src: add cjs_module_lexer_version base64_version (Jithil P Ponnan) #45629 - [
b5d16cd8f0] - (SEMVER-MINOR) tls: add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) #45190
Commits
- [
0d0eb47e2a] - benchmark: add benchmarks for the test_runner (Raz Luvaton) #48931 - [
8bb03d10f4] - benchmark: differentiate whatwg and legacy url (Yagiz Nizipli) #47377 - [
3d7734cbe3] - benchmark: lower URL.canParse runs (Khafra) #47351 - [
24d3fcf415] - benchmark: stablize encode benchmark (Joyee Cheung) #46658 - [
e08fd98bcc] - bootstrap: use correct descriptor for Symbol.{dispose,asyncDispose} (Jordan Harband) #48703 - [
cf9ddcd6c8] - bootstrap: simplify initialization of source map handlers (Joyee Cheung) #48304 - [
12d731e431] - bootstrap: log isolate data info in mksnapshot debug logs (Joyee Cheung) #47768 - [
d66873871a] - bootstrap: store internal loaders in C++ via a binding (Joyee Cheung) #47215 - [
1a499c5082] - bootstrap: optimize modules loaded in the built-in snapshot (Joyee Cheung) #45849 - [
e0e09caafe] - bootstrap: make CJS loader snapshotable (Joyee Cheung) #45849 - [
5f37decd56] - bootstrap: include event_target into the built-in snapshot (Joyee Cheung) #45849 - [
c3f56a3dee] - bootstrap: support module_wrap binding in snapshot (Joyee Cheung) #45849 - [
6466acbc89] - bootstrap: lazy load non-essential modules (Joyee Cheung) #45659 - [
a0d4b69df4] - bootstrap: lazy-load Performance.prototype.timeOrigin (Joyee Cheung) #46425 - [
c1bc8118e3] - bootstrap: generate bootstrapper arguments in BuiltinLoader (Joyee Cheung) #44488 - [
075c57e88b] - build: add symlink tocompile_commands.jsonfile if needed (Juan JosΓ©) #49260 - [[
9e1c531b8d](9e1c531b...
2023-11-22, Version 20.10.0 'Iron' (LTS), @targos
Notable Changes
--experimental-default-type flag to flip module defaults
The new flag --experimental-default-type can be used to flip the default
module system used by Node.js. Input that is already explicitly defined as ES
modules or CommonJS, such as by a package.json "type" field or .mjs/.cjs
file extension or the --input-type flag, is unaffected. What is currently
implicitly CommonJS would instead be interpreted as ES modules under
--experimental-default-type=module:
-
String input provided via
--evalor STDIN, if--input-typeis unspecified. -
Files ending in
.jsor with no extension, if there is nopackage.jsonfile
present in the same folder or any parent folder. -
Files ending in
.jsor with no extension, if the nearest parent
package.jsonfield lacks atypefield; unless the folder is inside a
node_modulesfolder.
In addition, extensionless files are interpreted as Wasm if
--experimental-wasm-modules is passed and the file contains the "magic bytes"
Wasm header.
Contributed by Geoffrey Booth in #49869.
Detect ESM syntax in ambiguous JavaScript
The new flag --experimental-detect-module can be used to automatically run ES
modules when their syntax can be detected. For βambiguousβ files, which are
.js or extensionless files with no package.json with a type field, Node.js
will parse the file to detect ES module syntax; if found, it will run the file
as an ES module, otherwise it will run the file as a CommonJS module. The same
applies to string input via --eval or STDIN.
We hope to make detection enabled by default in a future version of Node.js.
Detection increases startup time, so we encourage everyoneβespecially package
authorsβto add a type field to package.json, even for the default
"type": "commonjs". The presence of a type field, or explicit extensions
such as .mjs or .cjs, will opt out of detection.
Contributed by Geoffrey Booth in #50096.
New flush option in file system functions
When writing to files, it is possible that data is not immediately flushed to
permanent storage. This allows subsequent read operations to see stale data.
This PR adds a 'flush' option to the fs.writeFile family of functions which
forces the data to be flushed at the end of a successful write operation.
Contributed by Colin Ihrig in #50009 and #50095.
Experimental WebSocket client
Adds a --experimental-websocket flag that adds a WebSocket
global, as standardized by WHATWG.
Contributed by Matthew Aitken in #49830.
vm: fix V8 compilation cache support for vm.Script
Previously repeated compilation of the same source code using vm.Script
stopped hitting the V8 compilation cache after v16.x when support for
importModuleDynamically was added to vm.Script, resulting in a performance
regression that blocked users (in particular Jest users) from upgrading from
v16.x.
The recent fixes allow the compilation cache to be hit again
for vm.Script when --experimental-vm-modules is not used even in the
presence of the importModuleDynamically option, so that users affected by the
performance regression can now upgrade. Ongoing work is also being done to
enable compilation cache support for vm.CompileFunction.
Contributed by Joyee Cheung in #49950
and #50137.
Other notable changes
- [
21453ae555] - (SEMVER-MINOR) deps: update uvwasi to 0.0.19 (Node.js GitHub Bot) #49908 - [
ee65e44c31] - esm: use import attributes instead of import assertions (Antoine du Hamel) #50140 - [
ffdc357167] - (SEMVER-MINOR) stream: allow passing stream class tostream.compose(Alex Yang) #50187 - [
4861ad6431] - stream: improve performance of readable stream reads (Raz Luvaton) #50173 - [
4b27087b30] - stream: optimize Writable (Robert Nagy) #50012 - [
709c6c0cab] - (SEMVER-MINOR) test_runner, cli: add --test-concurrency flag (Colin Ihrig) #49996 - [
57efd5292c] - (SEMVER-MINOR) vm: use import attributes instead of import assertions (Antoine du Hamel) #50141
Commits
- [
73757a5f42] - benchmark: fix race condition on fs benchs (Vinicius Lourenço) #50035 - [
23269717bb] - benchmark: add warmup to accessSync bench (Rafael Gonzaga) #50073 - [
88611d199a] - benchmark: improved config for blob,file benchmark (VinΓcius LourenΓ§o) #49730 - [
b70757476c] - benchmark: added new benchmarks for blob (VinΓcius LourenΓ§o) #49730 - [
458d9a82e3] - buffer: remove unnecessary assignment in fromString (Tobias NieΓen) #50199 - [
878c0b332e] - build: fix IBM i build with Python 3.9 (Richard Lau) #48056 - [
773320e1de] - crypto: ensure valid point on elliptic curve in SubtleCrypto.importKey (Filip Skokan) #50234 - [
edb0ffd7d4] - crypto: use X509_ALGOR accessors instead of reaching into X509_ALGOR (David Benjamin) #50057 - [
3f98c06dbb] - crypto: account for disabled SharedArrayBuffer (Shelley Vohr) #50034 - [
55485ff1cc] - crypto: return clear errors when loading invalid PFX data (Tim Perry) #49566 - [
68ec1e5eeb] - deps: upgrade npm to 10.2.3 (npm team) #50531 - [
b00c11ad7c] - deps: V8: cherry-pick d90d4533b053 (MichaΓ«l Zasso) #50077 - [
e63aef91b4] - deps: V8: cherry-pick f7d000a7ae7b (Luke Albao) #50077 - [
4b243b553a] - deps: V8: cherry-pick 9721082687c9 (Shi Pujin) #50077 - [
9d3cdcbebf] - deps: V8: cherry-pick 840650f2ff4e (MichaΓ«l Zasso) #50077 - [
0c40b513fd] - deps: V8: cherry-pick a1efa5343880 (MichaΓ«l Zasso) #50077 - [
68cddd79f7] - deps: update archs files for openssl-3.0.12+quic1 (Node.js GitHub Bot) #50411 - [
3308189180] - deps: upgrade openssl sources to quictls/openssl-3.0.12+quic1 (Node.js GitHub Bot) #50411 - [
b61707e535] - deps: update ada to 2.7.2 (Node.js GitHub Bot) #50338 - [
1aecf0c17b] - deps: update corepack to 0.22.0 (Node.js GitHub Bot) #50325 - [
f5924f174c] - deps: update c-ares to 1.20.1 (Node.js GitHub Bot) #50082 - [
b705e19a95] - deps: update c-ares to 1.20.0 (Node.js GitHub Bot) #50082 - [
f72cbb7e02] - deps: V8: cherry-pick 25902244ad1a (Joyee Cheung) #50156 - [
6547bd2493] - deps: V8: cherry-pick ea996ad04a68 (Antoine du Hamel) #50183 - [
16fd730e95] - deps: V8: cherry-pick a0fd3209dda8 (Antoine du Hamel) [#50183](https://github.com/nodejs/node...
2023-11-14, Version 21.2.0 (Current), @targos
Notable Changes
- [
e25c65ee2f] - doc: add MrJithil to collaborators (Jithil P Ponnan) #50666 - [
f2366573f9] - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) #50393 - [
eac9cc5fcb] - (SEMVER-MINOR) esm: add import.meta.dirname and import.meta.filename (James Sumners) #48740 - [
7e151114b1] - fs: add stacktrace to fs/promises (ηΏ / green) #49849 - [
6dbb280733] - (SEMVER-MINOR) lib: add--no-experimental-global-navigatorCLI flag (Antoine du Hamel) #50562 - [
03c730b931] - (SEMVER-MINOR) lib: add navigator.language & navigator.languages (Aras Abbasi) #50303 - [
f932f4c518] - (SEMVER-MINOR) lib: add navigator.platform (Aras Abbasi) #50385 - [
91f37d1dc3] - (SEMVER-MINOR) stream: add support fordeflate-rawformat to webstreams compression (Damian Krzeminski) #50097 - [
65850a67c7] - stream: use Array for Readable buffer (Robert Nagy) #50341 - [
e433fa54b7] - stream: optimize creation (Robert Nagy) #50337 - [
c9b92bba58] - (SEMVER-MINOR) test_runner: adds built in lcov reporter (Phil Nash) #50018 - [
f6c496563e] - (SEMVER-MINOR) test_runner: add Date to the supported mock APIs (Lucas Santos) #48638 - [
05e8b6ef20] - (SEMVER-MINOR) test_runner, cli: add --test-timeout flag (Shubham Pandey) #50443
Commits
- [
065d8844c5] - benchmark: change iterations in benchmark/es/string-concatenations.js (Liu Jia) #50585 - [
3f37ed9f0f] - benchmark: add benchmarks for encodings (Aras Abbasi) #50348 - [
c4b6e1e9e4] - benchmark: add more cases to Readable.from (Raz Luvaton) #50351 - [
2006b57a9a] - benchmark: skip test-benchmark-os on IBMi (Michael Dawson) #50286 - [
800206b04a] - benchmark: move permission-fs-read to permission-processhas-fs-read (Aki Hasegawa-Johnson) #49770 - [
3bedaf9405] - buffer: improve Buffer.equals performance (kylo5aby) #50621 - [
b9f3613908] - build: add GN build files (Cheng Zhao) #47637 - [
22eb0257d8] - build: fix build with Python 3.12 (Luigi Pinca) #50582 - [
642c057299] - build: support Python 3.12 (Shi Pujin) #50209 - [
54ebfc10cb] - build: fix building when there is only python3 (Cheng Zhao) #48462 - [
5073a3e16d] - deps: update base64 to 0.5.1 (Node.js GitHub Bot) #50629 - [
f70a59f4fa] - deps: update corepack to 0.23.0 (Node.js GitHub Bot) #50563 - [
78b3432be5] - deps: V8: cherry-pick 13192d6e10fa (Levi Zim) #50552 - [
93e3cc3907] - deps: upgrade npm to 10.2.3 (npm team) #50531 - [
189e5e5326] - deps: update nghttp2 to 1.58.0 (Node.js GitHub Bot) #50441 - [
57bfe53095] - deps: update zlib to 1.2.13.1-motley-dfc48fc (Node.js GitHub Bot) #50456 - [
1e6922e67a] - deps: patch V8 to 11.8.172.17 (MichaΓ«l Zasso) #50292 - [
28453ff966] - deps: update acorn to 8.11.2 (Node.js GitHub Bot) #50460 - [
0a793a2566] - deps: update undici to 5.27.0 (Node.js GitHub Bot) #50463 - [
a90c6d669c] - deps: update archs files for openssl-3.0.12+quic1 (Node.js GitHub Bot) #50411 - [
a64217c116] - deps: upgrade openssl sources to quictls/openssl-3.0.12+quic1 (Node.js GitHub Bot) #50411 - [
62515e118c] - deps: update llhttp to 9.1.3 (Node.js GitHub Bot) #50080 - [
d6f49c7bdc] - deps: update googletest to 116b7e5 (Node.js GitHub Bot) #50324 - [
e25c65ee2f] - doc: add MrJithil to collaborators (Jithil P Ponnan) #50666 - [
8be0efd68f] - doc: fix typo in fs.md (fwio) #50570 - [
a656bf2dee] - doc: add missing description of argument insubtle.encrypt(Deokjin Kim) #50578 - [
4cbe44ed6f] - doc: update pm documentation to include resource (Ranieri Innocenti Spada) #50601 - [
479c1ea9fe] - doc: correct attribution in v20.6.0 changelog (Jacob Smith) #50564 - [
1668798902] - doc: update to alignconsole.tablerow to the left (Jungku Lee) #50553 - [
886fc48f87] - doc: underline links (Rich Trott) #50481 - [
98cfa3a72b] - doc: recommend supported Python versions (Luigi Pinca) #50407 - [
921e36ece9] - doc: remove duplicate word (Gerhard StΓΆbich) #50475 - [
43074ee21c] - doc: fix typo inwebstreams.md(AndrΓ© Santos) #50426 - [
0b11bf16e8] - doc: update notable changes in v21.1.0 (Joyee Cheung) #50388 - [
d62e81229c] - doc: add information about Node-API versions >=9 (Michael Dawson) #50168 - [
f2366573f9] - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) #50393 - [
d9f92bc042] - doc: fix TOC inreleases.md(Bryce Seefieldt) #50372 - [
14e3675b13] - errors: improve hideStackFrames (Aras Abbasi) #49990 - [
09c02ed26b] - esm: bypass CJS loader in default load under--default-type=module(Antoine du Hamel) #50004 - [
eac9cc5fcb] - (SEMVER-MINOR) esm: add import.meta.dirname and impo...
2023-10-24, Version 21.1.0 (Current), @targos
Notable Changes
Automatically detect and run ESM syntax
The new flag --experimental-detect-module can be used to automatically run
ES modules when their syntax can be detected. For βambiguousβ files, which are
.js or extensionless files with no package.json with a type field, Node.js
will parse the file to detect ES module syntax; if found, it will run the file
as an ES module, otherwise it will run the file as a CommonJS module.
The same applies to string input via --eval or STDIN.
We hope to make detection enabled by default in a future version of Node.js.
Detection increases startup time, so we encourage everyone β especially package
authors β to add a type field to package.json, even for the default
"type": "commonjs". The presence of a type field, or explicit extensions
such as .mjs or .cjs, will opt out of detection.
Contributed by Geoffrey Booth in #50096.
Other Notable Changes
- [
3729e33358] - doc: add H4ad to collaborators (VinΓcius LourenΓ§o) #50217 - [
18862e4d5d] - (SEMVER-MINOR) fs: addflushoption toappendFile()functions (Colin Ihrig) #50095 - [
5a52c518ef] - (SEMVER-MINOR) lib: addnavigator.userAgent(Yagiz Nizipli) #50200 - [
789372a072] - (SEMVER-MINOR) stream: allow pass stream class tostream.compose(Alex Yang) #50187 - [
f3a9ea0bc4] - stream: improve performance of readable stream reads (Raz Luvaton) #50173 - [
dda33c2bf1] - vm: reject in importModuleDynamically without --experimental-vm-modules (Joyee Cheung) #50137 - [
3999362c59] - vm: use internal versions of compileFunction and Script (Joyee Cheung) #50137 - [
a54179f0e0] - vm: unify host-defined option generation in vm.compileFunction (Joyee Cheung) #50137
Commits
- [
9cd68b9083] - buffer: remove unnecessary assignment in fromString (Tobias NieΓen) #50199 - [
a362c276ec] - crypto: ensure valid point on elliptic curve in SubtleCrypto.importKey (Filip Skokan) #50234 - [
f4da308f8d] - deps: V8: cherry-pick f7d000a7ae7b (Luke Albao) #50302 - [
269e268c38] - deps: update ada to 2.7.2 (Node.js GitHub Bot) #50338 - [
03a31ce41e] - deps: update corepack to 0.22.0 (Node.js GitHub Bot) #50325 - [
000531781b] - deps: update undici to 5.26.4 (Node.js GitHub Bot) #50274 - [
f050668c14] - deps: update c-ares to 1.20.1 (Node.js GitHub Bot) #50082 - [
ba258b682b] - deps: update c-ares to 1.20.0 (Node.js GitHub Bot) #50082 - [
571f7ef1fa] - deps: patch V8 to 11.8.172.15 (MichaΓ«l Zasso) #50114 - [
943047e800] - deps: V8: cherry-pick 25902244ad1a (Joyee Cheung) #50156 - [
db2a1cf1cb] - doc: fixnavigator.hardwareConcurrencyexample (Tobias NieΓen) #50278 - [
6e537aeb44] - doc: explain how to disable navigator (Geoffrey Booth) #50310 - [
c40de82d62] - doc: add loong64 info into platform list (Shi Pujin) #50086 - [
1c21a1880b] - doc: update release process LTS step (Richard Lau) #50299 - [
2473aa3672] - doc: fix release process table of contents (Richard Lau) #50216 - [
ce9d84eae3] - doc: update apistream.compose(Alex Yang) #50206 - [
dacee4d9b5] - doc: add ReflectConstruct to known perf issues (Vinicius Lourenço) #50111 - [
82363be2ac] - doc: fix typo in dgram docs (Peter Johnson) #50211 - [
8c1a46c751] - doc: fix H4ad collaborator sort (Vinicius Lourenço) #50218 - [
3729e33358] - doc: add H4ad to collaborators (VinΓcius LourenΓ§o) #50217 - [
bac872cbd0] - doc: update release-stewards with last sec-release (Rafael Gonzaga) #50179 - [
06b7724f14] - doc: add command to keep major branch sync (Rafael Gonzaga) #50102 - [
47633ab086] - doc: add loong64 to list of architectures (Shi Pujin) #50172 - [
1f40ca1b91] - doc: update security release process (Michael Dawson) #50166 - [
998feda118] - esm: do not give wrong hints when detecting file format (Antoine du Hamel) #50314 - [
e375063e01] - (SEMVER-MINOR) esm: detect ESM syntax in ambiguous JavaScript (Geoffrey Booth) #50096 - [
c76eb27971] - esm: improve check for ESM syntax (Geoffrey Booth) #50127 - [
7740bf820c] - esm: rename error code related to import attributes (Antoine du Hamel) #50181 - [
0cc176ef25] - fs: improve error performance forreadSync(Jungku Lee) #50033 - [
5942edb774] - fs: improve error performance forfsyncSync(Jungku Lee) #49880 - [
6ec5abadc0] - fs: improve error performance formkdirSync(CanadaHonk) #49847 - [
c5ff000cb1] - fs: improve error performance ofrealpathSync(Yagiz Nizipli) #49962 - [
6eeaa02f5c] - fs: improve error performance oflchownSync(Yagiz Nizipli) #49962 - [
dc9ac8d41c] - fs: improve error performance ofsymlinkSync(Yagiz Nizipli) #49962 - [
bc6f279261] - fs: improve error performance ofreadlinkSync(Yagiz Nizipli) #49962 - [
275987841e] - fs: improve error performance ofmkdtempSync(Yagiz Nizipli) #49962 - [
81f15274e2] - fs: improve error performance oflinkSync(Yagiz Nizipli) #49962 - [
f766c04856] - fs: improve error performance ofchownSync(Yagiz Nizipli) #49962 - [
610036c67d] - fs: improve error performance ofrenameSync(Yagiz Nizipli) #49962 - [[
18862e4d5d](https://github.com/no...
2023-10-24, Version 20.9.0 'Iron' (LTS), @richardlau
richardlau
Richard Lau
22f383d
richardlau
Richard Lau
Notable Changes
This release marks the transition of Node.js 20.x into Long Term Support (LTS)
with the codename 'Iron'. The 20.x release line now moves into "Active LTS"
and will remain so until October 2024. After that time, it will move into
"Maintenance" until end of life in April 2026.
Known issue
Collecting code coverage via the NODE_V8_COVERAGE environment variable may
lead to a hang. This is not thought to be a regression in Node.js 20 (some
reports are on Node.js 18). For more information, including some potential
workarounds, see issue #49344.
2023-10-17, Version 21.0.0 (Current), @RafaelGSS and @targos
We're excited to announce the release of Node.js 21! Highlights include updates of the V8 JavaScript engine to 11.8,
stable fetch and WebStreams, a new experimental flag to change the interpretation of ambiguous code
from CommonJS to ES modules (--experimental-default-type), many updates to our test runner, and more!
Node.js 21 will replace Node.js 20 as our βCurrentβ release line when Node.js 20 enters long-term support (LTS) later this month.
As per the release schedule, Node.js 21 will be βCurrent' release for the next 6 months, until April 2024.
Other Notable Changes
- [
740ca5423a] - doc: promote fetch/webstreams from experimental to stable (Steven) #45684 - [
85301803e1] - esm: --experimental-default-type flag to flip module defaults (Geoffrey Booth) #49869 - [
705e623ac4] - esm: removeglobalPreloadhook (superseded byinitialize) (Jacob Smith) #49144 - [
e01c1d700d] - fs: add flush option to writeFile() functions (Colin Ihrig) #50009 - [
1948dce707] - (SEMVER-MAJOR) fs: add globSync implementation (Moshe Atlow) #47653 - [
e28dbe1c2b] - (SEMVER-MINOR) lib: add WebSocket client (Matthew Aitken) #49830 - [
95b8f5dcab] - stream: optimize Writable (Robert Nagy) #50012 - [
7cd4e70948] - (SEMVER-MAJOR) test_runner: support passing globs (Moshe Atlow) #47653 - [
1d220b55ac] - vm: use default HDO when importModuleDynamically is not set (Joyee Cheung) #49950
Semver-Major Commits
- [
ac2a68c76b] - (SEMVER-MAJOR) build: drop support for Visual Studio 2019 (MichaΓ«l Zasso) #49051 - [
4e3983031a] - (SEMVER-MAJOR) build: bump supported macOS and Xcode versions (MichaΓ«l Zasso) #49164 - [
5a0777776d] - (SEMVER-MAJOR) crypto: do not overwrite _writableState.defaultEncoding (Tobias NieΓen) #49140 - [
162a0652ab] - (SEMVER-MAJOR) deps: bump minimum ICU version to 73 (MichaΓ«l Zasso) #49639 - [
17a74ddd3d] - (SEMVER-MAJOR) deps: update V8 to 11.8.172.13 (MichaΓ«l Zasso) #49639 - [
e9ff81016d] - (SEMVER-MAJOR) deps: update llhttp to 9.1.2 (Paolo Insogna) #48981 - [
7ace5aba75] - (SEMVER-MAJOR) events: validate options ofonandonce(Deokjin Kim) #46018 - [
b3ec13d449] - (SEMVER-MAJOR) fs: adjustpositionvalidation in reading methods (Livia Medeiros) #42835 - [
1948dce707] - (SEMVER-MAJOR) fs: add globSync implementation (Moshe Atlow) #47653 - [
d68d0eacaa] - (SEMVER-MAJOR) http: reduce parts in chunked response when corking (Robert Nagy) #50167 - [
c5b0b894ed] - (SEMVER-MAJOR) lib: mark URL/URLSearchParams as uncloneable and untransferable (Chengzhong Wu) #47497 - [
3205b1936a] - (SEMVER-MAJOR) lib: remove aix directory case for package reader (Yagiz Nizipli) #48605 - [
b40f0c3074] - (SEMVER-MAJOR) lib: addnavigator.hardwareConcurrency(Yagiz Nizipli) #47769 - [
4b08c4c047] - (SEMVER-MAJOR) lib: runtime deprecate punycode (Yagiz Nizipli) #47202 - [
3ce51ae9c0] - (SEMVER-MAJOR) module: harmonize error code between ESM and CJS (Antoine du Hamel) #48606 - [
7202859402] - (SEMVER-MAJOR) net: do not treatserver.maxConnections=0asInfinity(ignoramous) #48276 - [
c15bafdaf4] - (SEMVER-MAJOR) net: only defer _final call when connecting (Jason Zhang) #47385 - [
6ffacbf0f9] - (SEMVER-MAJOR) node-api: rename internal NAPI_VERSION definition (Chengzhong Wu) #48501 - [
11af089b14] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 120 (MichaΓ«l Zasso) #49639 - [
d920b7c94b] - (SEMVER-MAJOR) src: throw DOMException on cloning non-serializable objects (Chengzhong Wu) #47839 - [
64549731b6] - (SEMVER-MAJOR) src: throw DataCloneError on transfering untransferable objects (Chengzhong Wu) #47604 - [
dac8de689b] - (SEMVER-MAJOR) stream: use private properties for strategies (Yagiz Nizipli) #47218 - [
1fa084ecdf] - (SEMVER-MAJOR) stream: use private properties for encoding (Yagiz Nizipli) #47218 - [
4e93247079] - (SEMVER-MAJOR) stream: use private properties for compression (Yagiz Nizipli) #47218 - [
527589b755] - (SEMVER-MAJOR) test_runner: disallow array inrunoptions (Raz Luvaton) #49935 - [
7cd4e70948] - (SEMVER-MAJOR) test_runner: support passing globs (Moshe Atlow) #47653 - [
2ef170254b] - (SEMVER-MAJOR) tls: usevalidateNumberforoptions.minDHSize(Deokjin Kim) #49973 - [
092fb9f541] - (SEMVER-MAJOR) tls: use validateFunction foroptions.checkServerIdentity(Deokjin Kim) #49896 - [
ccca547e28] - (SEMVER-MAJOR) util: runtime deprecatepromisify-ing a function returning aPromise(Antoine du Hamel) #49609 - [
4038cf0513] - (SEMVER-MAJOR) vm: freezedependencySpecifiersarray (Antoine du Hamel) #49720
Semver-Minor Commits
- [
3227d7327c] - (SEMVER-MINOR) deps: update uvwasi to 0.0.19 (Node.js GitHub Bot) #49908 - [
e28dbe1c2b] - (SEMVER-MINOR) lib: add WebSocket client (Matthew Aitken) #49830 - [
9f9c58212e] - (SEMVER-MINOR) test_runner, cli: add --test-concurrency flag (Colin Ihrig) #49996 - [
d37b0d267f] - (SEMVER-MINOR) wasi: updates required for latest uvwasi version (Michael Dawson) #49908
Semver-Patch Commits
- [
33c87ec096] - benchmark: fix race condition on fs benchs (Vinicius Lourenço) #50035 - [
3c0ec61c4b] - benchmark: add warmup to accessSync bench (Rafael Gonzaga) #50073 - [[
1a839f388e](https://g...
2023-10-13, Version 20.8.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
- CVE-2023-44487:
nghttp2Security Release (High) - CVE-2023-45143:
undiciSecurity Release (High) - CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
- CVE-2023-39331: Permission model improperly protects against path traversal (High)
- CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
- CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Commits
- [
c86883e844] - deps: update nghttp2 to 1.57.0 (James M Snell) #50121 - [
2860631359] - deps: update undici to v5.26.3 (Matteo Collina) #50153 - [
cd37838bf8] - lib: let deps requirenodeprefixed modules (Matthew Aitken) #50047 - [
f5c90b2951] - module: fix code injection through export names (Tobias NieΓen) nodejs-private/node-private#461 - [
fa5dae1944] - permission: fix Uint8Array path traversal (Tobias NieΓen) nodejs-private/node-private#456 - [
cd35275111] - permission: improve path traversal protection (Tobias NieΓen) nodejs-private/node-private#456 - [
a4cb7fc7c0] - policy: use tamper-proof integrity check function (Tobias NieΓen) nodejs-private/node-private#462
2023-10-13, Version 18.18.2 'Hydrogen' (LTS), @RafaelGSS
8a01b3d
richardlau
Richard Lau
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
- CVE-2023-44487:
nghttp2Security Release (High) - CVE-2023-45143:
undiciSecurity Release (High) - CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
- CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Commits
- [
55028468db] - deps: update undici to v5.26.3 (Matteo Collina) #50153 - [
a792bbc515] - deps: update nghttp2 to 1.57.0 (James M Snell) #50121 - [
f6444defa4] - deps: update nghttp2 to 1.56.0 (Node.js GitHub Bot) #49582 - [
7e9b08dfd4] - deps: update nghttp2 to 1.55.1 (Node.js GitHub Bot) #48790 - [
85672c153f] - deps: update nghttp2 to 1.55.0 (Node.js GitHub Bot) #48746 - [
300a902422] - deps: update nghttp2 to 1.53.0 (Node.js GitHub Bot) #47997 - [
7d83ed0bf6] - Revert "deps: update nghttp2 to 1.55.0" (Richard Lau) #50151 - [
1193ca5fdb] - lib: let deps requirenodeprefixed modules (Matthew Aitken) #50047 - [
eaf9083cf1] - module: fix code injection through export names (Tobias NieΓen) nodejs-private/node-private#461 - [
1c538938cc] - policy: use tamper-proof integrity check function (Tobias NieΓen) nodejs-private/node-private#462
2023-10-10, Version 18.18.1 'Hydrogen' (LTS), @richardlau
richardlau
Richard Lau
7615798
richardlau
Richard Lau
Notable Changes
This release addresses some regressions that appeared in Node.js 18.18.0:
- (Windows) FS can not handle certain characters in file name #48673
- 18 and 20 node images give error - Text file busy (after re-build images) nodejs/docker-node#1968
- libuv update in 18.18.0 breaks webpack's thread-loader #49911
The libuv 1.45.0 and 1.46.0 updates that were released in Node.js 18.18.0 have been temporarily reverted.
Commits
- [
3e3a75cc46] - Revert "build: sync libuv header change" (Richard Lau) #50036 - [
14ece2c479] - Revert "deps: upgrade to libuv 1.45.0" (Richard Lau) #50036 - [
022352acbe] - Revert "deps: upgrade to libuv 1.46.0" (Richard Lau) #50036 - [
d9f138189c] - Revert "deps: add missing thread-common.c in uv.gyp" (Richard Lau) #50036 - [
7a3e1ffbb8] - fs: make sure to write entire buffer (Robert Nagy) #49211 - [
04cba95a67] - test: addtmpdir.resolve()(Livia Medeiros) #49079
2023-09-28, Version 20.8.0 (Current), @ruyadorno
Notable Changes
Stream performance improvements
Performance improvements to writable and readable streams, improving the creation and destruction by Β±15% and reducing the memory overhead each stream takes in Node.js
Contributed by Benjamin Gruenbaum in #49745 and Raz Luvaton in #49834.
Performance improvements for readable webstream, improving readable stream async iterator consumption by Β±140% and improving readable stream pipeTo consumption by Β±60%
Contributed by Raz Luvaton in #49662 and #49690.
Rework of memory management in vm APIs with the importModuleDynamically option
This rework addressed a series of long-standing memory leaks and use-after-free issues in the following APIs that support importModuleDynamically:
vm.Scriptvm.compileFunctionvm.SyntheticModulevm.SourceTextModule
This should enable affected users (in particular Jest users) to upgrade from older versions of Node.js.
Contributed by Joyee Cheung in #48510.
Other notable changes
- [
32d4d29d02] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #49874 - [
0e686d096b] - doc: deprecatefs.F_OK,fs.R_OK,fs.W_OK,fs.X_OK(Livia Medeiros) #49683 - [
a5dd057540] - doc: deprecateutil.toUSVString(Yagiz Nizipli) #49725 - [
7b6a73172f] - doc: deprecate callingpromisifyon a function that returns a promise (Antoine du Hamel) #49647 - [
1beefd5f16] - esm: set all hooks as release candidate (Geoffrey Booth) #49597 - [
b0ce78a75b] - module: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) #48510 - [
4e578f8ab1] - module: fix leak of vm.SyntheticModule (Joyee Cheung) #48510 - [
69e4218772] - module: use symbol in WeakMap to manage host defined options (Joyee Cheung) #48510 - [
14ece0aa76] - (SEMVER-MINOR) src: allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) #49279 - [
9fd67fbff0] - stream: use bitmap in writable state (Raz Luvaton) #49834 - [
0ccd4638ac] - stream: use bitmap in readable state (Benjamin Gruenbaum) #49745 - [
7c5e322346] - stream: improve webstream readable async iterator performance (Raz Luvaton) #49662 - [
80b342cc38] - (SEMVER-MINOR) test_runner: accepttestOnlyinrun(Moshe Atlow) #49753 - [
17a05b141d] - (SEMVER-MINOR) test_runner: add junit reporter (Moshe Atlow) #49614
Commits
- [
4879e3fbbe] - benchmark: add a benchmark for read() of ReadableStreams (Debadree Chatterjee) #49622 - [
78a6c73157] - benchmark: shorten pipe-to by reducing number of chunks (Raz Luvaton) #49577 - [
4126a6e4c9] - benchmark: fix webstream pipe-to (Raz Luvaton) #49552 - [
6010a91825] - bootstrap: do not expand argv1 for snapshots (Joyee Cheung) #49506 - [
8480280c4b] - bootstrap: only use the isolate snapshot when compiling code cache (Joyee Cheung) #49288 - [
b30754aa87] - build: run embedtest using node executable (Joyee Cheung) #49506 - [
31db0b8e2b] - build: add --write-snapshot-as-array-literals to configure.py (Joyee Cheung) #49312 - [
6fcb51d3ba] - debugger: useinternal/url.URLinstead ofurl.parse(LiviaMedeiros) #49590 - [
32d4d29d02] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #49874 - [
ad37cadc3f] - deps: V8: backport de9a5de2274f (Joyee Cheung) #49703 - [
cdd1c66222] - deps: V8: cherry-pick b33bf2dfd261 (Joyee Cheung) #49703 - [
61d18d6473] - deps: update undici to 5.24.0 (Node.js GitHub Bot) #49559 - [
b8a4fef393] - deps: remove pthread-fixes.c from uv.gyp (Ben Noordhuis) #49744 - [
6c86c0683c] - deps: update googletest to d1467f5 (Node.js GitHub Bot) #49676 - [
1424404742] - deps: update nghttp2 to 1.56.0 (Node.js GitHub Bot) #49582 - [
15b54ff95d] - deps: update googletest to 8a6feab (Node.js GitHub Bot) #49463 - [
2ceab877c2] - deps: update corepack to 0.20.0 (Node.js GitHub Bot) #49464 - [
4814872ddc] - doc: fixDEP0176number (LiviaMedeiros) #49858 - [
0e686d096b] - doc: deprecatefs.F_OK,fs.R_OK,fs.W_OK,fs.X_OK(Livia Medeiros) #49683 - [
5877c403a2] - doc: add mertcanaltin as a triager (mert.altin) #49826 - [
864fe56432] - doc: addgit node backportway to the backporting guide (Raz Luvaton) #49760 - [
e0f93492d5] - doc: improve documentation about ICU data fallback (Joyee Cheung) #49666 - [
a5dd057540] - doc: deprecateutil.toUSVString(Yagiz Nizipli) #49725 - [
774c1cfd52] - doc: add missing function call to example forutil.promisify(Jungku Lee) #49719 - [
fe78a34845] - doc: update output of example inmimeParams.set()(Deokjin Kim) #49718 - [
4175ea33bd] - doc: add missedinspectwith numericSeparator to example (Deokjin Kim) #49717 - [
3a88571972] - doc: fix history comments (Antoine du Hamel) #49701 - [
db4ab1ccbb] - doc: add missing history info forimport.meta.resolve(Antoine du Hamel) #49700 - [
a304d1ee19] - doc: link maintaining deps to pull-request.md (Marco Ippolito) #49716 - [
35294486ad] - doc: fix print results inevents(Jungku Lee) #49548 - [
9f0b0e15c9] - doc: alphabetize cli.md sections (Geoffrey Booth) #49668 - [[
7b6a73172f](7b6a731...