2021-03-03, Version 15.11.0 (Current), @targos

Notable Changes

• [a3e3156b52] - (SEMVER-MINOR) crypto: make FIPS related options always awailable (Vít Ondruch) #36341
• [9ba5c0f9ba] - (SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe) #37362

Commits

• [d039e6fa80] - assert: refactor to avoid unsafe array iteration (Antoine du Hamel) #37344
• [d2e5529e08] - bootstrap: include v8 module into the builtin snapshot (Joyee Cheung) #36943
• [59861bac0e] - bootstrap: include fs module into the builtin snapshot (Joyee Cheung) #36943
• [458a4108b7] - buffer: make Blob's constructor more spec-compliant (Michaël Zasso) #37361
• [0d564ce214] - buffer: make Blob's slice method more spec-compliant (Michaël Zasso) #37361
• [ddae112133] - child_process: fix spawn and fork abort behavior (Nitzan Uziely) #37325
• [b1e188de8d] - crypto: refactor hasAnyNotIn to avoid unsafe array iteration (Antoine du Hamel) #37433
• [291d9e9936] - crypto: check ed/x webcrypto key import algorithm names (Filip Skokan) #37305
• [a3e3156b52] - (SEMVER-MINOR) crypto: make FIPS related options always awailable (Vít Ondruch) #36341
• [b634469c38] - crypto: refactor to avoid unsafe array iteration (Antoine du Hamel) #37364
• [01773ab614] - crypto: use BoringSSL compatible errors (Shelley Vohr) #37297
• [f3d67000a0] - deps: upgrade npm to 7.6.0 (Ruy Adorno) #37559
• [e1045f1004] - deps: upgrade npm to 7.5.6 (Ruy Adorno) #37496
• [80d3c118f4] - deps: V8: cherry-pick 373f4ae739ee (Richard Lau) #37505
• [1408de7e24] - deps: cherry-pick 8957d4677aa794c230577f234071af0 from V8 upstream (Antoine du Hamel) #37471
• [725d48ae77] - doc: remove experimental from --enable-source-maps (Colin Ihrig) #37540
• [5d939b7a49] - doc: fix typo in doc/api/packages.md (marsonya) #37536
• [cbfc6b1692] - doc: document how to register external bindings for snapshot (Joyee Cheung) #37463
• [dd7a04dc9f] - doc: fix typo "director" instead of "directory" (humanwebpl) #37523
• [ba81e7cb5e] - doc: revise LTS text in collaborator guide (Rich Trott) #37527
• [7529a97a5c] - doc: revise CI text in collaborator guide (Rich Trott) #37526
• [1285b907ce] - doc: revise objections section of collaborator guide (Rich Trott) #37525
• [bc86208a0a] - doc: revise premature disclosure text in collaborator guide (Rich Trott) #37524
• [46af56752e] - doc: change links to use HEAD in top level docs (Michael Dawson) #37494
• [3b737e63ce] - doc: apply sentence case to headers in doc/guides (marsonya) #37506
• [fb5e5bed21] - doc: fix typo in webcrypto.md (marsonya) #37507
• [3b7cb75554] - doc: document the NO_COLOR and FORCE_COLOR env vars (James M Snell) #37477
• [0fac27d546] - doc: add url.resolve replacement example (Antoine du Hamel) #37501
• [2228f44b25] - doc: apply sentence case to guides headers (marsonya) #37497
• [617819e4fb] - doc: update CI requirements for landing pull requests (Antoine du Hamel) #37308
• [4a40759b33] - doc: recommend queueMicrotask over process.nextTick (James M Snell) #37484
• [834f63793a] - doc: apply sentence case to headers in doc/guides (marsonya) #37478
• [7ac0820da0] - doc: fix typo in doc/api/http2/md (marsonya) #37479
• [4ad7a78448] - doc: alphabetize vm Module class properties (Rich Trott) #37451
• [a193d7ca87] - doc: alphabetize crypto Cipher class entries (Rich Trott) #37450
• [54b6f1bcf9] - doc: use HEAD for links in api docs (Michael Dawson) #37437
• [549d24b8ad] - doc: fix alignment of parameters (Michael Dawson) #37422
• [f3559a922b] - doc: fix typo in doc/api/esm.md (marsonya) #37400
• [c3d236d405] - doc: fix "referred to" in fs docs (Tobias Nießen) #37388
• [9ac8c74539] - doc: document x509 error codes (Dan Čermák) #37096
• [9a454afcd6] - doc: fix typo in esm.md (Jay Tailor) #37417
• [b3bf3d9824] - doc: use HEAD in links where possible (Michael Dawson) #37421
• [6675342cd9] - doc: clarify that async_hook callbacks cannot be async (James M Snell) #37384
• [4b54c10500] - doc: use **Default:** more consistently (Colin Ihrig) #37387
• [f20ce47dbb] - doc,child_process: pid can be undefined when ENOENT (dr-js) #37014
• [6205e29cb9] - doc,lib: prepare for stricter multi-line array linting (Rich Trott) #37088
• [9ba5c0f9ba] - (SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe) #37362
• [c0cdb83433] - fs: fix writeFile signal does not close file (Nitzan Uziely) #37402
• [e8b1e2c0a3] - fs: fix pre-aborted writeFile AbortSignal file leak (Nitzan Uziely) #37393
• [6b42e65983] - fs: fixup negative length in fs.truncate (James M Snell) #37483
• [[d141fce634](https://github.com/nodejs/node/commit/d141fce...

2021-02-23, Version 15.10.0 (Current), @BethGriggs

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
  • Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
• CVE-2021-22884: DNS rebinding in --inspect
  • Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
• CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in
    https://www.openssl.org/news/secadv/20210216.txt

Commits

• [2a3ce5974b] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37412
• [afbce66874] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37412
• [4184806dee] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
• [43ae9c46c3] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

2021-02-23, Version 14.16.0 'Fermium' (LTS), @BethGriggs

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
  • Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
• CVE-2021-22884: DNS rebinding in --inspect
  • Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
• CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt

Commits

• [313d26800c] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37412
• [6098012b48] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37412
• [afea10b097] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
• [1ca3f5abcb] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

2021-02-23, Version 12.21.0 'Erbium' (LTS), @richardlau

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
  • Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
• CVE-2021-22884: DNS rebinding in --inspect
  • Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
• CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt

Commits

• [e69177a088] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37413
• [0633ae77e6] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37413
• [922ada7713] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
• [1564752d55] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

2021-02-23, Version 10.24.0 'Dubnium' (LTS), @richardlau

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
  • Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
• CVE-2021-22884: DNS rebinding in --inspect
  • Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
• CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt

Commits

• [0afcb4f6bb] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37415
• [447be941cd] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37415
• [3f2e9dc40c] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
• [d1cf6a9b0f] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

2021-02-17, Version 15.9.0 (Current), @danielleadams

Notable Changes

• crypto:
  • add keyObject.export() 'jwk' format option (Filip Skokan) #37081
• deps:
  • upgrade to libuv 1.41.0 (Colin Ihrig) #37360
• doc:
  • add dmabupt to collaborators (Xu Meng) #37377
  • refactor fs docs structure (James M Snell) #37170
• fs:
  • add fsPromises.watch() (James M Snell) #37179
  • use a default callback for fs.close() (James M Snell) #37174
  • add AbortSignal support to watch (Benjamin Gruenbaum) #37190
• perf_hooks:
  • introduce createHistogram (James M Snell) #37155
• stream:
  • improve Readable.from error handling (Benjamin Gruenbaum) #37158
• timers:
  • introduce setInterval async iterator (linkgoron) #37153
• tls:
  • add ability to get cert/peer cert as X509Certificate object (James M Snell) #37070

Commits

• [d0f1ff53ff] - async_hooks: set unhandledRejection async context (Sajal Khandelwal) #37281
• [c160d88c9e] - buffer: add @@toStringTag to Blob (Colin Ihrig) #37336
• [8487184457] - child_process: fix bad abort signal leak (Nitzan Uziely) #37257
• [e28ea89b1a] - crypto: fix subtle.importKey JWK OKP public key import (Filip Skokan) #37255
• [55fd6b6611] - crypto: avoid infinite loops in prime generation (Tobias Nießen) #37212
• [9dac99a11a] - crypto: fix and simplify prime option validation (Tobias Nießen) #37164
• [3e2746ff63] - crypto: remove webcrypto "DSA" JWK Key Type operations (Filip Skokan) #37203
• [011910b424] - (SEMVER-MINOR) crypto: add keyObject.export() 'jwk' format option (Filip Skokan) #37081
• [c0eadef495] - deps: upgrade to libuv 1.41.0 (Colin Ihrig) #37360
• [50e81ba0b8] - deps: V8: cherry-pick 0c8b6e415c30 (Matin Zadehdolatabad) #37276
• [d1c1724c69] - deps: upgrade npm to 7.5.3 (Ruy Adorno) #37283
• [20c65b00c2] - deps: V8: backport dfcf1e86fac0 (Michaël Zasso) #37245
• [e63b380f76] - deps: upgrade npm to 7.5.2 (Ruy Adorno) #37191
• [d808db2732] - doc: add dmabupt to collaborators (Xu Meng) #37377
• [dd054ca37f] - doc: optimize HTML rendering (Antoine du Hamel) #37301
• [c188466a18] - doc: fix quotes in stream docs (Tobias Nießen) #37269
• [f5e4625468] - doc: fix backticks in crypto API docs (Tobias Nießen) #37269
• [e2a2bab44e] - doc: link PACKAGE_EXPORTS_RESOLVE to ESM section (Utku Gultopu) #37135
• [1e99175e01] - doc: alphabetize crypto.* methods (Rich Trott) #37353
• [392c86d38b] - doc: use sentence case in benchmark doc (Rich Trott) #37351
• [62b2648a96] - doc: apply sentence-consistently in C++ style guide (Rich Trott) #37350
• [189ce399da] - doc: apply sentence case to release doc headers (Rich Trott) #37349
• [610b29b8bd] - doc: fix performanceEntry.flags style format (Cheng Liu) #37274
• [85b1476f1d] - doc: fix typo in deprecations.md (marsonya) #37282
• [f253cb9303] - doc: fix typo in buffer.md (marsonya) #37268
• [804e7ae713] - doc: add version metadata for packages features (Antoine du Hamel) #37289
• [cdd2fe5651] - doc: fix typo in /api/dns.md (marsonya) #37312
• [7d8fd3f576] - doc: refactor fs docs structure (James M Snell) #37170
• [facf3a5c23] - doc: fix description of hasSubscribers (Tobias Nießen) #37324
• [3464c9f007] - doc: discourage error event (Benjamin Gruenbaum) #37264
• [85bed2ec26] - doc: fix misnamed SHASUMS256.txt name in README.md (marsonya) #37260
• [cd50e93307] - doc: warn about using strings as inputs in crypto (Tobias Nießen) #37248
• [5a4288ebb6] - doc: fix typo in crypto.md (marsonya) #37279
• [0e887caf32] - doc: fix typo in console.md (marsonya) #37279
• [47c4f1fc54] - doc: use sentence case in README headers (Rich Trott) #37251
• [7da1c9b219] - doc: use sentence case for headers in BUILDING.md (Rich Trott) #37250
• [ebf3597db1] - doc: rename N-API to Node-API (Gabriel Schulhof) #37259
• [760f126adb] - doc: mark Certificate methods as static, add missing KeyObject.from (Filip Skokan) #37198
• [aebe532967] - doc: consistent webcrypto node.keyObject format (Filip Skokan) #37200
• [596bfb36a0] - doc: mention CryptoKey in port.postMessage() (Filip Skokan) #37196
• [0702d60def] - doc: fix webcrypto HMAC generateKey example (Filip Skokan) #37197
• [8a254058f5] - doc: fix accommodate typos (Colin Ihrig) #37229
• [5906e85ce2] - doc: fix version number for DEP006 (Antoine du Hamel) #37231
• [52c40c7a48] - doc: fix CHANGELOG_ARCHIVE table of contents (Antoine du Hamel) #37232
• [eb08afdf24] - doc: fix typo in globals.md (Darshan Sen) #37228
• [b87c0d6c16] - doc: fix typo in cli.md (Kalvin Vasconcellos) #37214
• [3f815d93bf] - doc: fix pr-url for DEP0148 (Antoine du Hamel) #37205
• [ff02e5e12c] - **doc...

2021-02-10, Version 12.20.2 'Erbium' (LTS), @ruyadorno

Notable changes

• deps:
  • upgrade npm to 6.14.11 (Ruy Adorno) #37173

Commits

• [e8a4e560ea] - async_hooks: fix leak in AsyncLocalStorage exit (Stephen Belanger) #35779
• [427968d266] - deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173
• [cd9a8106be] - http: do not loop over prototype in Agent (Michaël Zasso) #36410
• [4ac8f37800] - http2: check write not scheduled in scope destructor (David Halls) #36241

2021-02-09, Version 14.15.5 'Fermium' (LTS), @BethGriggs

Notable Changes

• deps:
  • upgrade npm to 6.14.11 (Ruy Adorno) #37173
  • V8: backport dfcf1e86fac0 (Michaël Zasso) #37245
    • Note: Node.js is not believed to be vulnerable to CVE-2021-21148.
• stream,zlib: do not use _stream_* anymore (Matteo Collina) #36618

Commits

• [20b1e6c802] - deps: V8: backport dfcf1e86fac0 (Michaël Zasso) #37245
• [408c7a65f3] - deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173
• [017eed665b] - http: do not loop over prototype in Agent (Michaël Zasso) #36410
• [25a3204fe2] - http: don't cork .end when not needed (Dimitris Halatsis) #36633
• [2a1e4e9244] - stream: accept iterable as a valid first argument (ZiJian Liu) #36479
• [9ff73fcdbe] - stream,zlib: do not use _stream_* anymore (Matteo Collina) #36618
• [c03cddb46f] - test: http complete response after socket double end (Dimitris Halatsis) #36633
• [f206505e9d] - util: fix instanceof checks with null prototypes during inspection (Ruben Bridgewater) #36178
• [2f7944b18b] - util: fix module prefixes during inspection (Ruben Bridgewater) #36178

2021-02-09, Version 10.23.3 'Dubnium' (LTS), @richardlau

Notable changes

The update to npm 6.14.11 has been relanded so that npm correctly reports its version.

Commits

• [953a85035d] - crypto: fix crash when calling digest after piping (Tobias Nießen) #28251
• [fe2c98003e] - deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173
• [7b7fb43b8a] - Revert "deps: upgrade npm to 6.14.11" (Richard Lau) #37278
• [1c6fbd6ffe] - test: add test that verifies crypto stream pipeline (Evan Lucas) #37009

2021-02-02, Version 15.8.0 (Current), @targos

Notable Changes

• [110063d694] - (SEMVER-MINOR) crypto: add generatePrime/checkPrime (James M Snell) #36997
• [53a0bdff47] - (SEMVER-MINOR) crypto: experimental (Ed/X)25519/(Ed/X)448 support (James M Snell) #36879
• [03460432af] - deps: upgrade npm to 7.5.0 (Ruy Adorno) #37117
  • This update adds a new npm diff command.
• [2c7ad38c75] - (SEMVER-MINOR) dgram: support AbortSignal in createSocket (Nitzan Uziely) #37026
• [b7c3f99f7e] - doc: add Zijian Liu to collaborators (ZiJian Liu) #37075
• [02f1d2fda4] - esm: deprecate legacy main lookup for modules (Guy Bedford) #36918
• [75124298d5] - (SEMVER-MINOR) readline: add history event and option to set initial history (Mattias Runge-Broberg) #33662
• [4e757eab96] - (SEMVER-MINOR) readline: add support for the AbortController to the question method (Mattias Runge-Broberg) #33676

Commits

• [602aaf25af] - async_hooks: refactor to avoid unsafe array iteration (Antoine du Hamel) #37125
• [dcd34b0144] - benchmark: add benchmark for NODE_V8_COVERAGE (Benjamin Coe) #36972
• [ec22756ac9] - benchmark: make output RFC 4180 compliant (Tobias Nießen) #37038
• [96cec1e5f3] - benchmark: improve explanations in R script (Tobias Nießen) #36995
• [e4b88b521a] - buffer: avoid creating the backing store in the thread (James M Snell) #37052
• [7b78c6773d] - child_process: allow promisified exec to be cancel (Carlos Fuentes) #34249
• [c4193ba8ae] - crypto: fix encrypted private -> public import (Tobias Nießen) #37056
• [cb3b0ec4fc] - crypto: generateKeyPair('ec') should not support NODE-ED* and NODE-X* (Filip Skokan) #37063
• [110063d694] - (SEMVER-MINOR) crypto: add generatePrime/checkPrime (James M Snell) #36997
• [ab64d74791] - crypto: throw error on invalid object in diffieHellman() (ZiJian Liu) #37016
• [53a0bdff47] - (SEMVER-MINOR) crypto: experimental (Ed/X)25519/(Ed/X)448 support (James M Snell) #36879
• [4551d14b8e] - deps: upgrade npm to 7.5.1 (Ruy Adorno) #37177
• [9d6fd4586f] - deps: update openssl config (James M Snell) #37067
• [f74b376596] - Revert "deps: various quic patches from akamai/openssl" (James M Snell) #37067
• [6756130c4b] - Revert "deps: re-enable OPENSSL_NO_QUIC guards" (James M Snell) #37067
• [52ce1d5f1a] - Revert "deps: update patch and docs for openssl update" (James M Snell) #37067
• [03460432af] - deps: upgrade npm to 7.5.0 (Ruy Adorno) #37117
• [2c7ad38c75] - (SEMVER-MINOR) dgram: support AbortSignal in createSocket (Nitzan Uziely) #37026
• [47bfde00fd] - doc: fix color contrast on <kbd> elements (Antoine du Hamel) #37185
• [3c9077130d] - doc: fix list format in Developer's Certificate of Origin (Akash Negi) #37138
• [8cecce3ff4] - doc: fix markup and alphabetization in errors.md (Rich Trott) #37144
• [a7780815bf] - doc: clarify ERR_INVALID_REPL_INPUT usage (Rich Trott) #37143
• [e7126503e0] - doc: clarify repl exception conditions (Rich Trott) #37142
• [e55d3d0953] - doc: add example for test structure (Turner Jabbour) #35046
• [9b9a1801ba] - doc: remove TOC summary for pages with no TOC (Rich Trott) #37043
• [ae42658be9] - doc: add missing deprecation code (Colin Ihrig) #37147
• [b79b82de8e] - doc: update Buffer encoding option count (Dave Cardwell) #37102
• [ddee21b587] - doc: update BUILDING.md previous versions links (Richard Lau) #37082
• [1710016053] - doc: mention adding Fixes to collaborator onboarding PR (Joyee Cheung) #37097
• [b7c3f99f7e] - doc: add Zijian Liu to collaborators (ZiJian Liu) #37075
• [7ddfa81612] - doc: add tooltip for light/dark mode toggle (Rich Trott) #37044
• [c79688ffe3] - doc: improve AsyncLocalStorage introduction (Romuald Brillout) #36946
• [a7b6464097] - doc: EventTarget and Event are available to user code since v15.0.0 (ExE Boss) #37059
• [3722c15a75] - doc: add missing comma in tty (Matthew Mario Di Pasquale) #37039
• [2cfe7954fc] - doc: list Unsupported Directory Import resolve err (Guy Bedford) #37032
• [fef6ac77e5] - doc: add missing ARIA label for button (Rich Trott) #37031
• [634bedcd6f] - doc,test: fix prime generation description (Tobias Nießen) #37085
• [181719d4c4] - esm: update to correct deprecation code (Colin Ihrig) #37147
• [02f1d2fda4] - esm: deprecate legacy main lookup for modules (Guy Bedford) #36918
• [69402522fd] - fs: read full size if known in promises.readFile (Anna Henningsen) #37127
• [ad12fefcb0] - fs: only use Buffer.concat in promises.readFile when necessary (Anna Henningsen) #37127
• [6f54a14cda] - fs: add validatePosition and use in read and readSync (Darshan Sen) #37051
• [175f6f0be3] - fs: use throwIfNoEntry option on statSync calls (Antoine du Hamel) [#36975](#3697...