2021-07-05, Version 16.4.2 (Current), @BethGriggs

Notable Changes

Node.js 16.4.1 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

Commits

• [76e709ec63] - win,msi: use localized "Authenticated Users" name (Richard Lau) #39241

2021-07-05, Version 14.17.3 'Fermium' (LTS), @richardlau

Notable Changes

Node.js 14.17.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

Commits

• [0f00104a2c] - win,msi: use localized "Authenticated Users" name (Richard Lau) #39241

2021-07-05, Version 12.22.3 'Erbium' (LTS), @richardlau

Notable Changes

Node.js 12.22.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

Commits

• [182f86a4d4] - win,msi: use localized "Authenticated Users" name (Richard Lau) #39241

2021-07-01, Version 16.4.1 (Current), @BethGriggs

This is a security release.

Notable Changes

Vulnerabilities fixed:

• CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
  • Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
• CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
  • Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921

Commits

• [d33aead28b] - deps: uv: cherry-pick 99c29c9c2c9b (Ben Noordhuis) nodejs-private/node-private#267
• [2690907b81] - win,msi: set install directory permission (AkshayK) nodejs-private/node-private#269

2021-07-01, Version 14.17.2 'Fermium' (LTS), @richardlau

This is a security release.

Notable Changes

Vulnerabilities fixed:

• CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
  • Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
• CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
  • Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921

Commits

• [a7496aba0a] - deps: uv: cherry-pick 99c29c9c2c9b (Ben Noordhuis) nodejs-private/node-private#267
• [d0b449da1d] - win,msi: set install directory permission (AkshayK) nodejs-private/node-private#269

2021-07-01, Version 12.22.2 'Erbium' (LTS), @richardlau

This is a security release.

Notable Changes

Vulnerabilities fixed:

• CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
  • Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
• CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
  • Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921
• CVE-2021-27290: npm upgrade - ssri Regular Expression Denial of Service (ReDoS) (High)
  • This is a vulnerability in the ssri npm mudule which may be vulnerable to denial of service attacks. You can read more about it in GHSA-vx3p-948g-6vhq
• CVE-2021-23362: npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS) (Medium)
  • This is a vulnerability in the hosted-git-info npm mudule which may be vulnerable to denial of service attacks. You can read more about it in https://nvd.nist.gov/vuln/detail/CVE-2021-23362

Commits

• [623fd1fcb5] - deps: uv: cherry-pick 99c29c9c2c9b (Ben Noordhuis) nodejs-private/node-private#267
• [923b3760f8] - deps: upgrade npm to 6.14.13 (Ruy Adorno) #38214
• [a52790cba0] - win,msi: set install directory permission (AkshayK) nodejs-private/node-private#269

2021-06-23, Version 16.4.0 (Current), @danielleadams

Notable changes

• async_hooks:
  • stabilize part of AsyncLocalStorage (Vladimir de Turckheim) #37675
• deps:
  • upgrade npm to 7.18.1 (npm team) #39065
  • update V8 to 9.1.269.36 (Michaël Zasso) #38273
• dns:
  • allow --dns-result-order to change default dns verbatim (Ouyang Yadong) #38099

Commits

• [d2b972ee52] - async_hooks: check for empty contexts before removing (Bryan English) #39095
• [03e75fda4c] - async_hooks: switch between native and context hooks correctly (Stephen Belanger) #38912
• [8115e6ee6d] - (SEMVER-MINOR) async_hooks: stabilize part of AsyncLocalStorage (Vladimir de Turckheim) #37675
• [5f51729014] - bootstrap: move event loop handle checking into snapshot builder (Joyee Cheung) #39007
• [9d100aa269] - bootstrap: split NodeMainInstance::Run() (Joyee Cheung) #39007
• [2aaf2f231f] - build: reconfigure when gyp files change on Windows (Joyee Cheung) #39066
• [7f225a05ee] - Revert "build: work around bug in MSBuild v16.10.0" (Michaël Zasso) #38977
• [1853127dde] - build: reset embedder string to "-node.0" (Michaël Zasso) #38273
• [c0d236f5ea] - build: make build-addons errors fail the build (Richard Lau) #38983
• [173292bcf8] - build: fix commit-queue default branch (Mary Marchini) #38998
• [e939e243bf] - build: don't pass python override to V8 build (Richard Lau) #38969
• [651c58b412] - build: correct Xcode spelling in .gitignore (bl-ue) #38895
• [5203c9ced7] - build: fast-track npm PRs and dont-land them on LTS (Michaël Zasso) #38885
• [7de57d4d33] - build: dont-land gyp-next PRs on LTS branches (Michaël Zasso) #38887
• [e87cd4542b] - child_process: refactor to use validateBoolean (Qingyu Deng) #38927
• [69fa9e16e9] - (SEMVER-MINOR) child_process: allow options.cwd receive a URL (Khaidi Chu) #38862
• [cf9d686c35] - crypto: fix aes crash when tag length too small (Khaidi Chu) #38914
• [1799ea36f0] - crypto: use compatible version of EVP_CIPHER_name (Shelley Vohr) #38925
• [6d5dc63ae4] - crypto: fix label cast in EVP_PKEY_CTX_set0_rsa_oaep_label (Shelley Vohr) #38926
• [6e93c17bf5] - crypto: use EVP_get_cipherbynid directly (Shelley Vohr) #38901
• [82c293959e] - crypto: add missing rand.h include (Shelley Vohr) #38864
• [e4f802de9a] - debugger: rename internal library for clarity (Rich Trott) #39080
• [1e8bdab581] - debugger: use ERR_DEBUGGER_STARTUP_ERROR in _inspect.js (Rich Trott) #39024
• [b43cb69fbb] - debugger: use error codes in debugger REPL (Rich Trott) #39024
• [dc9218136b] - debugger: use ERR_DEBUGGER_ERROR in debugger client (Rich Trott) #39024
• [711916a271] - debugger: remove unnecessary boilerplate copyright comment (Rich Trott) #38952
• [0f65e41442] - debugger: reduce scope of eslint disable comment (Rich Trott) #38946
• [1fa724ec5a] - deps: upgrade npm to 7.18.1 (npm team) #39065
• [c6aa68598d] - deps: upgrade npm to 7.17.0 (npm team) #38999
• [864fe9910b] - deps: make V8 9.1 abi-compatible with 9.0 (Michaël Zasso) #38991
• [c93f3573eb] - deps: V8: cherry-pick fa4cb172cde2 (Michaël Zasso) #38273
• [3c6c28b0a1] - deps: V8: cherry-pick 4c074516397b (Michaël Zasso) #38273
• [3c37396d5c] - deps: V8: cherry-pick 5f4413194480 (Michaël Zasso) #38273
• [3433559a55] - deps: V8: cherry-pick 272445f10927 (Michaël Zasso) #38273
• [f56c78574e] - deps: V8: cherry-pick c0fceaa0669b (Michaël Zasso) #38273
• [7197fcec93] - deps: V8: cherry-pick d59db06bf542 (Michaël Zasso) #38273
• [bf7aa9fef8] - deps: silence irrelevant V8 warnings (Michaël Zasso) #37587
• [eac377bc15] - deps: V8: backport aaacffa1e003 (Michaël Zasso) #38273
• [1a7c8a12c1] - deps: fix V8 build issue with inline methods (Jiawen Geng) #35415
• [3c9a75522b] - deps: make v8.h compatible with VS2015 (Joao Reis) #32116
• [8ed258339a] - deps: V8: forward declaration of Rtl*FunctionTable (Refael Ackermann) #32116
• [4ef37c83a9] - deps: V8: patch register-arm64.h (Refael Ackermann) #32116
• [7c61c6ee25] - deps: V8: un-cherry-pick bd019bd (Refael Ackermann) #32116
• [e82ef4148e] - (SEMVER-MINOR) deps: update V8 to 9.1.269.36 (Michaël Zasso) #38273
• [70af146745] - deps: upgrade npm to 7.16.0 (npm team) #38920
• [a71df7630e] - (SEMVER-MINOR) dns: allow --dns-result-order to change default dns verbatim (Ouyang Yadong) #38099
• [dce256b210] - doc: remove references to deleted freenode channels (devsnek) #39047
• [1afff98805] - doc: fix typos (bl-ue) #39049
• [858f66e691] - doc: add missing parameter types (Voltrex) #39013
• [ed91379186] - doc: clearify that http does chunked encoding itself (Mao Wtm) #28379
• [51561f390a] ...

2021-06-15, Version 14.17.1 'Fermium' (LTS), @targos

Notable Changes

• [6035492c8f] - deps: update ICU to 69.1 (Michaël Zasso) #38178
• [9417fd0bc8] - errors: align source-map stacks with spec (Benjamin Coe) #37252

Commits

• [87fa636953] - assert: refactor to use more primordials (Antoine du Hamel) #36234
• [cfff3b4462] - assert: refactor to avoid unsafe array iteration (Antoine du Hamel) #37344
• [dd18def7db] - async_hooks: refactor to avoid unsafe array iteration (Antoine du Hamel) #37125
• [5f3e96b570] - async_hooks,doc: replace process.stdout.fd with 1 (Darshan Sen) #38382
• [f4cb8b8281] - benchmark: avoid using console.log() (Antoine du Hamel) #38370
• [9e4c1f2f2c] - benchmark: use process.hrtime.bigint() (Antoine du Hamel) #38369
• [3c886e0ad6] - buffer: remove TODOs in atob / btoa (Khaidi Chu) #38548
• [c5b86f8c2f] - buffer: remove unreachable code (Rongjian Zhang) #38537
• [9ae2a27d44] - buffer: make FastBuffer safe to construct (Antoine du Hamel) #36587
• [ff546ff744] - buffer: refactor to use primordials instead of Array#reduce (Antoine du Hamel) #36392
• [5acf0a5ba3] - buffer: refactor to use more primordials (Antoine du Hamel) #36166
• [52fd42ec46] - build: work around bug in MSBuild v16.10.0 (Michaël Zasso) #38873
• [5df0f35bf6] - build: add workaround for V8 builds (Richard Lau) #38632
• [754aa384e0] - build: remove dependency on distutils.spawn (Richard Lau) #38600
• [5de7e64f3a] - build: fix make test-npm (Ruy Adorno) #36369
• [e5fae63108] - child_process: reduce abort handler code duplication (Rich Trott) #36644
• [598d2bdf09] - child_process: treat already-aborted controller as aborting (Rich Trott) #36644
• [8d7708bdef] - child_process: refactor to use more primordials (Antoine du Hamel) #36003
• [b8c4d30e77] - deps: update to cjs-module-lexer@1.2.1 (Guy Bedford) #38450
• [6035492c8f] - deps: update ICU to 69.1 (Michaël Zasso) #38178
• [51dad8cabb] - deps: V8: cherry-pick 035c305ce776 (Michaël Zasso) #38497
• [a467125c8d] - deps: V8: cherry-pick dfcdf7837e23 (Benjamin Coe) #36573
• [acc9fad2ba] - deps: V8: cherry-pick 86991d0587a1 (Benjamin Coe) #36254
• [d67827744b] - deps: V8: cherry-pick 530080c44af2 (Milad Fa) #38508
• [bac9ba4f8a] - dgram: extract cluster lazy loading method to make it testable (Rongjian Zhang) #38563
• [f5b2115b76] - dgram: refactor to use more primordials (Antoine du Hamel) #36286
• [cd7cf0547a] - dns: refactor to use more primordials (Antoine du Hamel) #36314
• [9f67c0852c] - doc: cleanup events.md structure (James M Snell) #36100
• [41cfe645c0] - doc: fix JS flavor selection (Antoine du Hamel) #37791
• [7c4748b0dc] - doc: use HEAD instead of master for links (Antoine du Hamel) #38518
• [26426577ff] - doc: remove import.meta.resolve parent URL type (Kevin Locke) #38585
• [88055abf19] - doc: document buffer.kStringMaxLength (Tobias Nießen) #38688
• [2e8dfee165] - doc: clarify synchronous blocking of Worker stdio (James M Snell) #38658
• [212cd5cf05] - doc: update contact info (Gabriel Schulhof) #38689
• [fa35c0662b] - doc: change color of doctag on night mode (Qingyu Deng) #38652
• [4c67437c53] - doc: clarify DiffieHellmanGroup class docs (Nitzan Uziely) #38363
• [e90c60b1e3] - doc: use AIX instead of Aix in fs.md (Rich Trott) #38535
• [dc67fec1b4] - doc: remove extraneous dash from flag prefix (Rodolfo Carvalho) #38532
• [4c54d81a59] - doc: document 'secureConnect' event limitation (James M Snell) #38447
• [839e8d1672] - doc: mark querystring api as legacy (James M Snell) #38436
• [a75b7af9bd] - doc: add arguments for stream event of Http2Server and Http2SecureServer (Qingyu Deng) #37892
• [cf0007edc4] - doc: indicate that abort tests do not generate core files (Rich Trott) #38422
• [945450b5cf] - doc: add try/catch in http2 respondWithFile example (Matteo Collina) #38410
• [1f7cd7148a] - doc: note the system requirements for V8 tests (DeeDeeG) #38319
• [cd54834854] - doc: minor clarification to pathObject (James M Snell) #38437
• [ba117c2c6f] - doc: document new TCP_KEEPCNT and TCP_KEEPINTVL socket option defaults (Arnold Zokas) #38313
• [dcdbaffced] - doc: do not mention TCP in the allowHalfOpen option description (Luigi Pinca) #38360
• [fe8003e5de] - doc: update message to match actual output (Rich Trott) #35271
• [c03f23e126] - doc: request default snap track be updated for LTS (Rod Vagg) #37708
• [a9f7aeed12] - doc: mark process.hrtime() as legacy (Antoine du Hamel) #38371
• [cede0c57b8] - doc: fix version history for "exports" patterns (Antoine du Hamel) #38355
• [[`9...

2021-06-02, Version 16.3.0 (Current), @danielleadams

Notable Changes

• cli:
  • add -C alias for --conditions flag (Guy Bedford) #38755
• deps:
  • add workspaces support to npm install commands (Ruy Adorno) #38750

Commits

• [4e58ec4aa6] - benchmark: output JSON-compatible numbers (Michaël Zasso) #38778
• [7a9d0fd5a9] - benchmark: fix http elapsed time (Antoine du Hamel) #38743
• [a98d631905] - bootstrap: include vm and contextify binding into the snapshot (Joyee Cheung) #38677
• [f1628960e1] - build: remove outdated dont-land-on-v6.x label (Michaël Zasso) #38886
• [6986154b30] - build: work around bug in MSBuild v16.10.0 (Michaël Zasso) #38873
• [24cca7c5ea] - build: add lto build to CI (Jiawen Geng) #38567
• [80c32b7a9a] - build: allow LTO with Clang 3.9.1+ (Jesse Chan) #38751
• [e9be2095cf] - build: replace non-POSIX test -a|o (Issam E. Maghni) #38731
• [717a8b63e1] - child_process: retain reference to data with advanced serialization (Anna Henningsen) #38728
• [bc8400122c] - (SEMVER-MINOR) cli: add -C alias for --conditions flag (Guy Bedford) #38755
• [eb7c932a6d] - debugger: revise async iterator usage to comply with lint rules (Rich Trott) #38847
• [f1000e0e52] - debugger: removed unused function argument (Rich Trott) #38850
• [ee1056da60] - debugger: wait for V8 debugger to be enabled (Michaël Zasso) #38811
• [47ad448def] - deps: upgrade npm to 7.15.1 (npm team) #38880
• [e8192b5e89] - deps: upgrade npm to 7.14.0 (Ruy Adorno) #38750
• [15aaf14690] - deps: update llhttp to 6.0.2 (Fedor Indutny) #38665
• [108ffdb68f] - doc: fixed typo in n-api.md (julianjany) #38822
• [131a6918dd] - doc: use "Long Term Support" in collaborator guide (Rich Trott) #38841
• [4844337cd7] - doc: use "Long Term Support" in technical values doc (Rich Trott) #38841
• [f1e823b679] - doc: use "Long Term Support" in README (Philip) #38839
• [4e11971a76] - doc: fix grammar in fs.md (yotamselementor) #38818
• [e2f28c80d1] - doc: fixup code sample in http.md (TodorTotev) #38776
• [96fa387082] - doc: document null target pattern (Guy Bedford) #38724
• [5553be3f4e] - doc: update code examples for node:url module (fisker Cheung) #38645
• [0c063a1258] - doc,url: clarify domainTo* when built without ICU (Darshan Sen) #38789
• [2054efa02c] - events: refactor to use primordials in lib/events (Akhil Marsonya) #38117
• [4884991a12] - lib: include url in bootstrap snapshot and remove unnecessary lazy-loads (Joyee Cheung) #38826
• [08ad2f6c18] - lib: fix typos (bl-ue) #38846
• [7d3a8cb854] - lib: remove unnecessary lazy loads (Joyee Cheung) #38737
• [5d9442a024] - lib: load internal/fs/watchers and internal/fs/read_file_context early (Joyee Cheung) #38737
• [2268d1cf4c] - lib: refactor to reuse validators (Rongjian Zhang) #38608
• [496f7eae92] - node-api: fix shutdown crashes (Michael Dawson) #38492
• [e1195312b9] - (SEMVER-MINOR) os: add os.devNull (Luigi Pinca) #38569
• [7ba305552f] - src: set PromiseHooks by Environment (Bryan English) #38821
• [74205b3542] - src: replace autos in node_api.cc (Khaidi Chu) #38852
• [120849f609] - src: cache necessary isolate & context in api/* (Khaidi Chu) #38366
• [f25cd4f377] - src: fix typos (bl-ue) #38845
• [a1b0e64187] - src: support fs_event_wrap binding in the snapshot (Joyee Cheung) #38737
• [36d4a4331d] - src: remove redundant v8 namespaces in env.cc (Juan José Arboleda) #38792
• [3e6b3b22c5] - src: use SPrintF in ProcessEmitWarning (Darshan Sen) #38758
• [9ca5c0e29e] - src: fix compiler warnings in node_buffer.cc (Darshan Sen) #38722
• [3741595289] - src: set CONF_MFLAGS_DEFAULT_SECTION for OpenSSL 3 (Daniel Bevenius) #38732
• [4e3353223e] - src: use HandleScope in StreamReq::Done() (Darshan Sen) #38720
• [c576311954] - src: remove commented code in node_file.cc (Juan José Arboleda) #38693
• [61c95f08b3] - src: write named pipe info in diagnostic report (legendecas) #38637
• [ba96f14233] - src: remove unused iostream library (Juan José Arboleda) #38694
• [f5dd85bbe6] - src: remove more extra semis from member fns (Shelley Vohr) #38744
• [a47fd67154] - src: replace autos in node_contextify.cc (Khaidi Chu) #38644
• [9054d25acc] - stream: add a non-destroying iterator to Readable (Nitzan Uziely) #38526
• [4131f94ca8] - stream: allow empty string as source of pipeline (Qingyu Deng) #38723
• [0aa3cb5c0e] - test: improve coverage of fs internal utils (Rongjian Zhang) #38746
• [48ebebd2a8] - test: remove unnecessary --pending-deprecation flag (Antoine du Hamel) #38819
• [[3c492baa51](https://github.co...

2021-05-19, Version 16.2.0 (Current), @targos

Notable Changes

• [36b948560c] - (SEMVER-MINOR) async_hooks: use new v8::Context PromiseHook API (Stephen Belanger) #36394
• [c0deeeacb2] - lib: support setting process.env.TZ on windows (James M Snell) #38642
• [4c4902748c] - (SEMVER-MINOR) module: add support for URL to import.meta.resolve (Antoine du Hamel) #38587
• [c182198c44] - (SEMVER-MINOR) process: add 'worker' event (James M Snell) #38659
• [fbf02e3198] - (SEMVER-MINOR) util: add util.types.isKeyObject and util.types.isCryptoKey (Filip Skokan) #38619

Commits

• [36b948560c] - (SEMVER-MINOR) async_hooks: use new v8::Context PromiseHook API (Stephen Belanger) #36394
• [dcae03203e] - buffer: remove TODOs in atob / btoa (Khaidi Chu) #38548
• [48b557e904] - buffer: remove unreachable code (Rongjian Zhang) #38537
• [b0df28dea5] - build: add workaround for V8 builds (Richard Lau) #38632
• [3bb12db255] - build: remove dependency on distutils.spawn (Richard Lau) #38600
• [10aaf30da1] - build: add missing torque output sources (Richard Lau) #38576
• [03b4a3a5bf] - build: compile with -std=gnu++14 (Darshan Sen) #38504
• [4296591154] - build,src,test,doc: enable FIPS for OpenSSL 3.0 (Daniel Bevenius) #38633
• [36bb8daba5] - crypto: forbid NODE-ED25519 and NODE-ED448 "raw" key export (Filip Skokan) #38668
• [36bb7243ff] - debugger: refactor inspect_repl to use primordials (Antoine du Hamel) #38551
• [16a6c8d5a6] - debugger: refactor to use internal modules (Antoine du Hamel) #38550
• [11dd9a6838] - debugger: disable only the lint rules required by current file state (Rich Trott) #38529
• [e79f540fa0] - debugger: avoid non-ASCII char in code file (Rich Trott) #38529
• [d9867b9358] - debugger: wrap lines longer than 80 chars (Rich Trott) #38529
• [352a600142] - debugger: rename inspector-cli test module to debugger (Rich Trott) #38530
• [608d0e11f3] - deps: upgrade npm to 7.13.0 (Ruy Adorno) #38682
• [5c71f49d3f] - deps: upgrade npm to 7.12.1 (Ruy Adorno) #38628
• [ec2dbfb200] - deps: patch V8 to 9.0.257.25 (Michaël Zasso) #38556
• [ab298723b5] - (SEMVER-MINOR) deps: V8: cherry-pick fa4cb172cde2 (Stephen Belanger) #36394
• [a84e9b3e7d] - (SEMVER-MINOR) deps: V8: cherry-pick 4c074516397b (Stephen Belanger) #36394
• [043b1aaa3f] - (SEMVER-MINOR) deps: V8: cherry-pick 5f4413194480 (Stephen Belanger) #36394
• [1a104bac74] - (SEMVER-MINOR) deps: V8: cherry-pick 272445f10927 (Stephen Belanger) #36394
• [827ae05538] - (SEMVER-MINOR) deps: V8: backport c0fceaa0669b (Stephen Belanger) #36394
• [f31a6114a4] - deps: V8: cherry-pick 530080c44af2 (Milad Fa) #38489
• [4001dd28ba] - dgram: extract cluster lazy loading method to make it testable (Rongjian Zhang) #38563
• [a0dc194e31] - doc: document buffer.kStringMaxLength (Tobias Nießen) #38688
• [8590c151cd] - doc: update abort signal in fs promise api example (Moritz Kneilmann) #38669
• [0100a3b026] - doc: add documentation for fs.WriteStream.close() (Hitesh Sharma) #38610
• [5c38a554ec] - doc: clarify synchronous blocking of Worker stdio (James M Snell) #38658
• [1765e32c45] - doc: update contact info (Gabriel Schulhof) #38689
• [c4b161cb89] - doc: change color of doctag on night mode (Qingyu Deng) #38652
• [6620a3182e] - doc: add ESM code examples in url.md (Antoine du Hamel) #38651
• [d3de0ef5d4] - doc: fix fs.openSync() signature (Luigi Pinca) #38591
• [56bf6c1bcd] - doc: typo stats() should be stat(); clarity (Bryan Field) #38541
• [1d9fd49f41] - doc: fix code example in ecdh.setPublicKey() (Jordan Baczuk) #38542
• [4c70e42928] - doc: use HEAD instead of master for links (Antoine du Hamel) #38518
• [ae9128ec61] - doc: clarify DiffieHellmanGroup class docs (Nitzan Uziely) #38363
• [e59131d97f] - doc: fix broken AHAFS link in fs doc (Rich Trott) #38534
• [e9d4c8587a] - doc: use AIX instead of Aix in fs.md (Rich Trott) #38535
• [e0118f347a] - doc: remove extraneous dash from flag prefix (Rodolfo Carvalho) #38532
• [9e10e1a76f] - doc: corrected workload name as per the latest VS Installer (MrJithil) #38500
• [38644d6f96] - doc: use sentence case in headers in src/crypto/README.md (Rich Trott) #38524
• [347b9f2304] - errors: remove input from ERR_INVALID_URL message (moander) #38614
• [5b40e2f596] - events: use nullish coalencing operator (Voltrex) #38328
• [3a5856cbc3] - fs: fix async iterator partial writes (Nitzan Uziely) #38615
• [e8761186a5] - fs: fix error when writing buffers > INT32_MAX (Zach Bjornson) #38546
• [47080bcfc8] - fs: use assert in fsCall argument checking (Rongjian Zhang) #38519
• [[3d8b8e133f](https://github.com/nodejs...