2021-01-26, Version 15.7.0 (Current), @ruyadorno

Notable changes

• buffer:
  • introduce Blob (James M Snell) #36811
  • add base64url encoding option (Filip Skokan) #36952
• doc:
  • add @iansu to collaborators (Ian Sutherland) #36951
  • add @RaisinTen to collaborators (Darshan Sen) #36998
  • add @miladfarca to collaborators (Milad Fa) #36934
• fs:
  • allow position parameter to be a BigInt in read and readSync (raisinten) #36190
• http:
  • attach request as res.req (Ian Storm Taylor) #36505
  • expose urlToHttpOptions utility (Yongsheng Zhang) #35960

Commits

• [775b34b822] - (SEMVER-MINOR) buffer: introduce Blob (James M Snell) #36811
• [832cd015d5] - (SEMVER-MINOR) buffer: add base64url encoding option (Filip Skokan) #36952
• [7ce7404f79] - build: fix compiling against openssl with no-psk (Caleb ツ Everett) #36881
• [b7d8e61ef1] - crypto: fix randomInt bias (Tobias Nießen) #36894
• [1149af6265] - (SEMVER-MINOR) crypto: add keyObject.asymmetricKeyDetails for asymmetric keys (Filip Skokan) #36188
• [0398167b35] - crypto: fix WebCrypto import of RSA-PSS keys (Tobias Nießen) #36877
• [e52e860172] - deps: upgrade npm to 7.4.3 (Ruy Adorno) #37018
• [ef3a5f6958] - deps: update ICU to 68.2 (Michaël Zasso) #36980
• [ca479b9e9d] - deps: V8: cherry-pick fe191e8d05cc (Benjamin Coe) #36956
• [6f773fbe84] - deps: upgrade npm to 7.4.2 (Ruy Adorno) #36953
• [4b952d8d3e] - doc: fix maintaining ICU guide (Michaël Zasso) #36980
• [a2559b9044] - doc: add @RaisinTen to collaborators (Darshan Sen) #36998
• [4d5273b156] - doc: fix typo in http.server.requestTimout docs (alexbs) #36987
• [93fc295b75] - doc: add performance notes for fs.readFile (James M Snell) #36880
• [7ea374b159] - doc: clarify maxSockets option of http.Agent (Pooja D P) #36941
• [f3637d5328] - doc: remove pull-requests.md preamble (Rich Trott) #36960
• [d2d9ad7477] - doc: fix module.isPreloading documentation (Antoine du Hamel) #36944
• [48b6781151] - doc: fix crypto.generateKeySync aes allowed length list (Filip Skokan) #36928
• [120db2c169] - doc: fix grammar and link to QUIC in changelog (Dan Dascalescu) #36959
• [af0f0a0f65] - doc: fix percentile range in perf_hooks.md (raisinten) #36938
• [8cf280d9ab] - doc: improve perf_hooks docs (Juan José Arboleda) #36909
• [3ea37c2d67] - doc: fix invalid HTML in doc template (Rich Trott) #36930
• [eaf378aa46] - doc: remove issue template duplication from contributing docs (Rich Trott) #36908
• [7a794417f3] - doc: remove resolving-a-bug-report from contributing docs (Rich Trott) #36905
• [707b97307d] - doc: use ESM syntax for WASI example (Antoine du Hamel) #36848
• [5a9a07e7cd] - doc: add iansu to collaborators (Ian Sutherland) #36951
• [aa3bc74cd6] - doc: fixup typo in metadata entry (James M Snell) #36947
• [22e29ccfa3] - doc: add alternative version links to the packages page (Filip Skokan) #36915
• [80c84a1136] - doc: add miladfarca to collaborators (Milad Fa) #36934
• [e73b1072f3] - doc: update tls test to use better terminology (Michael Dawson) #36851
• [5cbf638c06] - doc: remove unnecessary contributing.md section (Rich Trott) #36891
• [f99b38fedd] - doc: wrap TOC in a <details> tag (Mattia Pontonio) #36896
• [82eccddf1e] - doc: update fs.l/statSync API history for throwIfNoEntry (Andrew Casey) #36882
• [70cd43c32e] - doc: change "it's" to "its" where necessary (Tobias Nießen) #36913
• [02a8f52040] - doc: fix indentation on http2 doc entry (Rich Trott) #36869
• [dc596d0607] - events: remove error listener on signal abort (ZiJian Liu) #36969
• [c4cdf1d830] - (SEMVER-MINOR) fs: allow position parameter to be a BigInt in read and readSync (raisinten) #36190
• [70ee7dce62] - (SEMVER-MINOR) http: attach request as res.req (Ian Storm Taylor) #36505
• [f07e1c9d03] - http: abortIncoming only on socket close (Robert Nagy) #36821
• [aa7243e3d4] - http: refactor ClientRequest destroy (Robert Nagy) #36863
• [80051abfcb] - http: cleanup ClientRequest oncreate (Robert Nagy) #36862
• [f5b8e7b068] - http2: refactor to avoid unsafe array iteration (Antoine du Hamel) #36700
• [8aeba3cb92] - lib: refactor to use validateArray (ZiJian Liu) #36982
• [743dd8f89d] - lib: remove non used getter in lib/perf\_hooks.js (Juan José Arboleda) #36907
• [f2ac4bb8e2] - lib: expose primordials object (Antoine du Hamel) #36872
• [850d3578b6] - lib: refactor primordials.makeSafe to use more primordials (ExE Boss) #36865
• [b86c48cc91] - lib: refactor source_map to use more primordials (Antoine du Hamel) #36733
• [1ef92f61fa] - lib: refactor source_map to avoid unsafe array iteration (Antoine du Hamel) #36734
• [[5290d63e7f](https://github.com/nodejs/node/com...

2021-01-26, Version 10.23.2 'Dubnium' (LTS), @richardlau

Notable changes

Release keys have been synchronized with the main branch.

• deps:
  • upgrade npm to 6.14.11 (Darcy Clarke) #36838

Commits

• [cc6b69557a] - deps: upgrade npm to 6.14.11 (Darcy Clarke) #36838
• [aefb66528a] - doc: update contact information for @BethGriggs (Beth Griggs) #35451
• [08931481d8] - doc: update contact information for richardlau (Richard Lau) #35450
• [bc0617f4ea] - doc: update release key for Danielle Adams (Danielle Adams) #36793
• [d7c09fcfd3] - doc: add release key for Danielle Adams (Danielle Adams) #35545
• [ac49d415b0] - doc: add release key for Ruy Adorno (Ruy Adorno) #34628
• [b8426ae3ce] - doc: add release key for Richard Lau (Richard Lau) #34397

2021-01-14, Version 15.6.0 (Current), @danielleadams

Notable Changes

• child_process:
  • add 'overlapped' stdio flag (Thiago Padilha) #29412
  • support AbortSignal in fork (Benjamin Gruenbaum) #36603
• crypto:
  • implement basic secure heap support (James M Snell) #36779
  • fixup bug in keygen error handling (James M Snell) #36779
  • introduce X509Certificate API (James M Snell) #36804
  • implement randomuuid (James M Snell) #36729
• doc:
  • update release key for Danielle Adams (Danielle Adams) #36793
  • add dnlup to collaborators (Daniele Belardi) #36849
  • add panva to collaborators (Filip Skokan) #36802
  • add yashLadha to collaborator (Yash Ladha) #36666
• http:
  • set lifo as the default scheduling strategy in Agent (Matteo Collina) #36685
• net:
  • support abortSignal in server.listen (Nitzan Uziely) #36623
• process:
  • add direct access to rss without iterating pages (Adrien Maret) #34291
• v8:
  • fix native serdes constructors (ExE Boss) #36549

Commits

• [3ca7a786c5] - benchmark: fix http2 benchmarks (Rich Trott) #36871
• [4601886d7c] - benchmark: fix http/headers.js with test-double (Rich Trott) #36794
• [7aedda9dcd] - benchmark: add simple https benchmark (Andrey Pechkurov) #36612
• [822ac48272] - buffer: make FastBuffer safe to construct (Antoine du Hamel) #36587
• [21f329532f] - build: refactor Makefile (raisinten) #36759
• [857b98eed9] - build: fix unknown warning option (raisinten) #36629
• [ffaa8c1735] - build: do not "exit" a script meant to be "source"d (François-Denis Gonthier) #35520
• [9bc2cec848] - (SEMVER-MINOR) child_process: add 'overlapped' stdio flag (Thiago Padilha) #29412
• [b98cc51be2] - child_process: reduce abort handler code duplication (Rich Trott) #36644
• [78d4d91e54] - child_process: treat already-aborted controller as aborting (Rich Trott) #36644
• [a8a427f646] - (SEMVER-MINOR) child_process: support AbortSignal in fork (Benjamin Gruenbaum) #36603
• [7134d49e56] - child_process: clean event listener correctly (Benjamin Gruenbaum) #36424
• [54bd4ab855] - cluster: fix edge cases that throw ERR_INTERNAL_ASSERTION (Ouyang Yadong) #36764
• [0c11a17d82] - console: refactor to avoid unsafe array iteration (Antoine du Hamel) #36753
• [53cf996270] - (SEMVER-MINOR) crypto: implement basic secure heap support (James M Snell) #36779
• [42aca13953] - (SEMVER-MINOR) crypto: fixup bug in keygen error handling (James M Snell) #36779
• [c4ad50e0ff] - (SEMVER-MINOR) crypto: introduce X509Certificate API (James M Snell) #36804
• [4e4deca90d] - (SEMVER-MINOR) crypto: implement randomuuid (James M Snell) #36729
• [1c9ec2529e] - deps: upgrade npm to 7.4.0 (Ruy Adorno) #36829
• [ff5bd04900] - deps: update nghttp2 to 1.42.0 (Michaël Zasso) #36842
• [578fa0fedf] - deps: V8: cherry-pick dfcdf7837e23 (Benjamin Coe) #36573
• [05f34c6963] - doc: define "browser", "production", "development" (Guy Bedford) #36856
• [e8bb1f7350] - doc: clarify event.isTrusted text (Rich Trott) #36827
• [153be6c80e] - doc: fix module syncBuiltinESMExports example (Bruce A. MacNaughton) #34284
• [3b64b38142] - doc: os.uptime() temporary bug notice (Nicholas Schamberg) #36503
• [da49624a46] - doc: update release key for Danielle Adams (Danielle Adams) #36793
• [2d8423da3c] - doc: clarify child_process.exec inherits cwd (ugultopu) #36809
• [1a4d34ebd0] - doc: clarify descriptions of _writev chunks argument (James M Snell) #36822
• [7c7180a6f7] - doc: document buffer's "Uint" aliases clearly (Michaël Zasso) #36796
• [ff6edbc6b2] - doc: add dnlup to collaborators (Daniele Belardi) #36849
• [835bdf0e50] - doc: improve crypto.randomUUID() text (Rich Trott) #36830
• [d4bcb3689d] - doc: clarify subprocess.stdout/in/err/io properties (James M Snell) #36784
• [a956fb3fdd] - doc: add dark mode (Ajay Poshak) #36313
• [757b9664cd] - doc: revise method text in async_hooks.md (Rich Trott) #36736
• [b4091ea59b] - doc: clarify when messageerror is emitted (James M Snell) #36780
• [61b039365c] - doc: avoid memory leak warning in async_hooks example (James M Snell) #36783
• [a7bb4da55e] - doc: clarify that --require only supports cjs (James M Snell) #36806
• [c6eb2b4fec] - doc: clarify Buffer.from when using ArrayBuffer (James M Snell) #36785
• [ad1d8fba9f] - doc: fix broken link for ChildProcess (James M Snell) #36788
• [ef628891f7] - doc: revise exit() and run() text in async_hooks.md (Rich Trott) #36738
• [ff39464559] - doc: add OpenSSL CVE fix to notable changes in v15.5.0 (Beth Griggs) #36798
• [6db465a99f] - doc: clarify that N-API addons are context-aware (Alba Mendez) #36640
• [fad07d5439] - doc: fix typo in esm documentation (Mohamed Kamagate) #36800
• [67dd48ed05] - doc: add panva to collaborators (Filip Skokan) #36802
• [[b2c1aeb694](https://github.com/nodejs/no...

2021-01-04, Version 15.5.1 (Current), @BethGriggs

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2020-8265: use-after-free in TLSWrap (High)

  • Affected Node.js versions are vulnerable to a use-after-free bug in
    its TLS implementation. When writing to a TLS enabled socket,
    node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
    allocated WriteWrap object as first argument. If the DoWrite method
    does not return an error, this object is passed back to the caller as
    part of a StreamWriteResult structure. This may be exploited to
    corrupt memory leading to a Denial of Service or potentially other
    exploits.

• CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)

  • Affected versions of Node.js allow two copies of a header field in
    a http request. For example, two Transfer-Encoding header fields. In
    this case Node.js identifies the first header field and ignores the
    second. This can lead to HTTP Request Smuggling
    (https://cwe.mitre.org/data/definitions/444.html).

Commits

• [c5dbe831b7] - http: add test for http transfer encoding smuggling (Matteo Collina) nodejs-private/node-private#228
• [e0c9a2285c] - http: unset F_CHUNKED on new Transfer-Encoding (Matteo Collina) nodejs-private/node-private#228
• [9834ef85a0] - src: retain pointers to WriteWrap/ShutdownWrap (James M Snell) nodejs-private/node-private#23

2021-01-04, Version 14.15.4 'Fermium' (LTS), @BethGriggs

This is a security release.

Notable Changes

Vulnerabilities fixed:

• CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)

  • This is a vulnerability in OpenSSL which may be exploited through
    Node.js. You can read more about it in
    https://www.openssl.org/news/secadv/20201208.txt

• CVE-2020-8265: use-after-free in TLSWrap (High)

  • Affected Node.js versions are vulnerable to a use-after-free bug in
    its TLS implementation. When writing to a TLS enabled socket,
    node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
    allocated WriteWrap object as first argument. If the DoWrite method
    does not return an error, this object is passed back to the caller as
    part of a StreamWriteResult structure. This may be exploited to
    corrupt memory leading to a Denial of Service or potentially other
    exploits.

• CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)

  • Affected versions of Node.js allow two copies of a header field in
    a http request. For example, two Transfer-Encoding header fields. In
    this case Node.js identifies the first header field and ignores the
    second. This can lead to HTTP Request Smuggling
    (https://cwe.mitre.org/data/definitions/444.html).

Commits

• [305c0f4977] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #36571
• [d62c650f75] - deps: update archs files for OpenSSL-1.1.1i (Myles Borins) #36521
• [2de2672eb5] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #36521
• [7ecac8143f] - http: add test for http transfer encoding smuggling (Matteo Collina) nodejs-private/node-private#228
• [641f786bb1] - http: unset F_CHUNKED on new Transfer-Encoding (Matteo Collina) nodejs-private/node-private#228
• [4f8772f9b7] - src: retain pointers to WriteWrap/ShutdownWrap (James M Snell) nodejs-private/node-private#23

2021-01-04, Version 12.20.1 'Erbium' (LTS), @richardlau

Notable changes

This is a security release.

Vulnerabilities fixed:

• CVE-2020-8265: use-after-free in TLSWrap (High)
  Affected Node.js versions are vulnerable to a use-after-free bug in its
  TLS implementation. When writing to a TLS enabled socket,
  node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
  allocated WriteWrap object as first argument. If the DoWrite method does
  not return an error, this object is passed back to the caller as part of
  a StreamWriteResult structure. This may be exploited to corrupt memory
  leading to a Denial of Service or potentially other exploits
• CVE-2020-8287: HTTP Request Smuggling in nodejs
  Affected versions of Node.js allow two copies of a header field in a
  http request. For example, two Transfer-Encoding header fields. In this
  case Node.js identifies the first header field and ignores the second.
  This can lead to HTTP Request Smuggling
  (https://cwe.mitre.org/data/definitions/444.html).
• CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
  This is a vulnerability in OpenSSL which may be exploited through Node.js.
  You can read more about it in
  https://www.openssl.org/news/secadv/20201208.txt

Commits

• [5de5354918] - deps: update http-parser to http-parser@ec8b5ee63f (Richard Lau) nodejs-private/node-private#236
• [2eacfbec68] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #36571
• [96ec482d90] - deps: update archs files for OpenSSL-1.1.1i (Myles Borins) #36521
• [7ec0eb408b] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #36521
• [76ea9c5a7a] - deps: upgrade npm to 6.14.9 (Myles Borins) #36450
• [420244e4d9] - http: unset F_CHUNKED on new Transfer-Encoding (Matteo Collina) nodejs-private/node-private#236
• [4a30ac8c75] - http: add test for http transfer encoding smuggling (Richard Lau) nodejs-private/node-private#236
• [92d430917a] - http: unset F_CHUNKED on new Transfer-Encoding (Fedor Indutny) nodejs-private/node-private#236
• [5b00de7d67] - src: retain pointers to WriteWrap/ShutdownWrap (James M Snell) nodejs-private/node-private#230

2021-01-04, Version 10.23.1 'Dubnium' (LTS), @richardlau

Notable changes

This is a security release.

Vulnerabilities fixed:

• CVE-2020-8265: use-after-free in TLSWrap (High)
  Affected Node.js versions are vulnerable to a use-after-free bug in its
  TLS implementation. When writing to a TLS enabled socket,
  node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
  allocated WriteWrap object as first argument. If the DoWrite method does
  not return an error, this object is passed back to the caller as part of
  a StreamWriteResult structure. This may be exploited to corrupt memory
  leading to a Denial of Service or potentially other exploits
• CVE-2020-8287: HTTP Request Smuggling in nodejs
  Affected versions of Node.js allow two copies of a header field in a
  http request. For example, two Transfer-Encoding header fields. In this
  case Node.js identifies the first header field and ignores the second.
  This can lead to HTTP Request Smuggling
  (https://cwe.mitre.org/data/definitions/444.html).
• CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
  This is a vulnerability in OpenSSL which may be exploited through Node.js.
  You can read more about it in
  https://www.openssl.org/news/secadv/20201208.txt

Commits

• [bd44b0ee7f] - build,win: accept Python 3 if 2 is not available (João Reis) #29236
• [d5c9b09bdc] - build,win: find Python in paths with spaces (João Reis) #29236
• [323a6f114a] - deps: update http-parser to http-parser@ec8b5ee63f (Richard Lau) nodejs-private/node-private#235
• [f08d0fef64] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #36571
• [b0608b574a] - deps: update archs files for OpenSSL-1.1.1i (Richard Lau) #36541
• [d936e1833f] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #36541
• [9c4970715c] - deps: upgrade npm to 6.14.9 (Myles Borins) #36450
• [aa6b97fb99] - http: add test for http transfer encoding smuggling (Richard Lau) nodejs-private/node-private#235
• [fc70ce08f5] - http: unset F_CHUNKED on new Transfer-Encoding (Fedor Indutny) nodejs-private/node-private#235
• [7f178663eb] - src: use unique_ptr for WriteWrap (Daniel Bevenius) nodejs-private/node-private#238
• [357e2857c8] - test: add test-tls-use-after-free-regression (Daniel Bevenius) nodejs-private/node-private#238

2020-12-22, Version 15.5.0 (Current), @targos

Notable Changes

Extended support for AbortSignal in child_process and stream

The following APIs now support an AbortSignal in their options object:

• child_process.spawn()

Calling .abort() on the corresponding AbortController is similar to calling .kill() on the child process except the error passed to the callback will be an AbortError:

const controller = new AbortController();
const { signal } = controller;
const grep = spawn('grep', ['ssh'], { signal });
grep.on('error', (err) => {
  // This will be called with err being an AbortError if the controller aborts
});
controller.abort(); // stops the process

• new stream.Writable() and new stream.Readable()

Calling .abort() on the corresponding AbortController will behave the same way as calling .destroy(new AbortError()) on the stream:

const { Readable } = require('stream');
const controller = new AbortController();
const read = new Readable({
  read(size) {
    // ...
  },
  signal: controller.signal
});
// Later, abort the operation closing the stream
controller.abort();

Contributed by Benjamin Gruenbaum #36431, #36432.

BigInt support in querystring.stringify()

If querystring.stringify() is called with an object that contains BigInt values, they will now be serialized to their decimal representation instead of the empty string:

const querystring = require('querystring');
console.log(querystring.stringify({ bigint: 2n ** 64n }));
// Prints: bigint=18446744073709551616

Contributed by Darshan Sen #36499.

Additions to the C++ embedder APIs

A new IsolateSettingsFlag is available for those calling SetIsolateUpForNode(): SHOULD_NOT_SET_PREPARE_STACK_TRACE_CALLBACK can be used to prevent Node.js from setting a custom callback to prepare stack traces.

Contributed by Shelley Vohr #36447.

---

Added node::GetEnvironmentIsolateData() and node::GetArrayBufferAllocator() to respectively get the current IsolateData* and, from it, the current Node.js ArrayBufferAllocator if there is one.

Contributed by Anna Henningsen #36441.

New core collaborator

With this release, we welcome a new Node.js core collaborator:

• Pooja D P @PoojaDurgad #36511

Commits

Semver-minor commits

• [e449571230] - (SEMVER-MINOR) child_process: add signal support to spawn (Benjamin Gruenbaum) #36432
• [25d7e90386] - (SEMVER-MINOR) http: use autoDestroy: true in incoming message (Daniele Belardi) #33035
• [5481be8cbd] - (SEMVER-MINOR) lib: support BigInt in querystring.stringify (raisinten) #36499
• [036ed1fafc] - (SEMVER-MINOR) src: add way to get IsolateData and allocator from Environment (Anna Henningsen) #36441
• [e23309486b] - (SEMVER-MINOR) src: allow preventing SetPrepareStackTraceCallback (Shelley Vohr) #36447
• [6ecbc1dcb3] - (SEMVER-MINOR) stream: support abortsignal in constructor (Benjamin Gruenbaum) #36431

Semver-patch commits

• [1330995b80] - build,lib,test: change whitelist to allowlist (Michaël Zasso) #36406
• [dc8d1a74a6] - deps: upgrade npm to 7.3.0 (Ruy Adorno) #36572
• [b6a31f0a70] - deps: update archs files for OpenSSL-1.1.1i (Myles Borins) #36520
• [5b49807c3f] - deps: re-enable OPENSSL_NO_QUIC guards (James M Snell) #36520
• [309e2971a2] - deps: various quic patches from akamai/openssl (Todd Short) #36520
• [27fb651cbc] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #36520
• [1f43aadf90] - deps: update patch and docs for openssl update (Myles Borins) #36520
• [752c94d202] - deps: fix npm doctor tests for pre-release node (nlf) #36543
• [b0393fa2ed] - deps: upgrade npm to 7.2.0 (Myles Borins) #36543
• [cb4652e91d] - deps: update to c-ares 1.17.1 (Danny Sonnenschein) #36207
• [21fbcb6f81] - deps: V8: backport 4bf051d536a1 (Anna Henningsen) #36482
• [30fe0ff681] - deps: upgrade npm to 7.1.2 (Darcy Clarke) #36487
• [0baa610c3e] - deps: upgrade npm to 7.1.1 (Ruy Adorno) #36459
• [5929b08851] - deps: upgrade npm to 7.1.0 (Ruy Adorno) #36395
• [deaafd5788] - dns: refactor to use more primordials (Antoine du Hamel) #36314
• [e30af7be33] - fs: refactor to use optional chaining (ZiJian Liu) #36524
• [213dcd7930] - http: add test for incomingmessage destroy (Daniele Belardi) #33035
• [36b4ddd382] - http: use standard args order in IncomingMEssage onError (Daniele Belardi) #33035
• [60b5e696fc] - http: remove trailing space (Daniele Belardi) #33035
• [f11a648d8e] - http: add comments in _http_incoming (Daniele Belardi) #33035
• [4b81d79b58] - http: fix lint error in incoming message (Daniele Belardi) #33035
• [397e31e25f] - http: reafactor incoming message destroy (Daniele Belardi) #33035
• [9852ebca8d] - http: do not loop over prototype in Agent (Michaël Zasso) #36410
• [e46a46a4cd] - inspector: refactor to use more primordials (Antoine du Hamel) #36356
• [728f512c7d] - lib: make safe primordials safe to iterate (Antoine du Hamel) #36391
• [f368d697cf] - Revert "perf_hooks: make PerformanceObserver an AsyncResource" (Nicolai Stange) #36343
• [e2ced0d401] - perf_hooks: invoke performance_entry_callback via MakeSyncCallback() (Nicolai Stange) #36343
• [7c903ec6c8] - repl: disable blocking completions by default (Anna Henningsen) #36564
• [d38a0ec93e] - src: remove unnecessary ToLocalChecked node_errors (Daniel Bevenius) #36547
• [bbc0d14cd2] - src: use correct microtask queue for checkpoints (Anna Henningsen) #36581
• [7efb3111e8] - src: remove unnecessary ToLocalChecked call (Daniel Bevenius) #36523
• [68687d3419] - src: remove empty name check in node_env_var.cc (raisinten) #36133
• [1b4984de98] - *src...

2020-12-17, Version 14.15.3 'Fermium' (LTS), @BethGriggs

Notable Changes

Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See #36550 for more details.

Commits

• [4264d9aa67] - Revert "http: lazy create IncomingMessage.headers" (Beth Griggs) #36553

2020-12-15, Version 14.15.2 'Fermium' (LTS), @BethGriggs

Notable Changes

• deps:
  • upgrade npm to 6.14.9 (Myles Borins) #36450
  • update acorn to v8.0.4 (Michaël Zasso) #35791
• doc: add release key for Danielle Adams (Danielle Adams) #35545
• http2: check write not scheduled in scope destructor (David Halls) #36241
• stream: fix regression on duplex end (Momtchil Momtchev) #35941

Commits

• [c508bfc66b] - assert: refactor to use more primordials (Antoine du Hamel) #35998
• [a9d3a0df29] - assert,repl: enable ecmaVersion 2021 in acorn parser (Michaël Zasso) #35827
• [6d43c8dd69] - async_hooks: refactor to use more primordials (Antoine du Hamel) #36168
• [029ea16a24] - async_hooks: fix leak in AsyncLocalStorage exit (Stephen Belanger) #35779
• [d49e0ca73a] - benchmark: fix build warnings (Gabriel Schulhof) #36157
• [d027be0551] - benchmark: ignore build artifacts for napi addons (Richard Lau) #35970
• [fdb1c0d31c] - benchmark: remove modules that require intl (Richard Lau) #35968
• [f6487960b5] - benchmark: make the benchmark tool work with Node 10 (Joyee Cheung) #35817
• [21d3ccf5df] - benchmark: add startup benchmark for loading public modules (Joyee Cheung) #35816
• [0477e000bf] - bootstrap: refactor to use more primordials (Antoine du Hamel) #35999
• [699bb348d9] - build: replace which with command -v (raisinten) #36118
• [304e269001] - build: try “python3” as a last resort for 3.x (Ole André Vadla Ravnås) #35983
• [6bafe04911] - build: conditionally clear vcinstalldir (Brian Ingenito) #36009
• [f498127c41] - build: fix zlib inlining for IA-32 (raisinten) #35679
• [f33fa264cc] - build: fix lint-js-fix target (Antoine du Hamel) #35927
• [67d31827ac] - build: add vcbuilt test-doc target (Antoine du Hamel) #35708
• [2a8c2ddcb1] - build: add license-builder GitHub Action (Tierney Cyren) #35712
• [6c61b9372b] - build: use make functions instead of echo (Antoine du Hamel) #35707
• [4813d913e3] - build: use GITHUB_ENV file to set env variables (Michaël Zasso) #35638
• [71e0f33751] - build: do not install jq in workflows (Michaël Zasso) #35638
• [8ab7f258d4] - build, tools: look for local installation of NASM (Richard Lau) #36014
• [50552facb7] - build,tools: gitHub Actions: use Node.js Fermium (Antoine du Hamel) #35840
• [77b7c985f6] - build,tools: add lint-js-doc target (Antoine du Hamel) #35708
• [929e1272ee] - cluster: refactor to use more primordials (Antoine du Hamel) #36011
• [568e6177c9] - console: use more primordials (Antoine du Hamel) #35734
• [6cea3152fe] - deps: upgrade npm to 6.14.9 (Myles Borins) #36450
• [d2ee676eb9] - deps: cherry-pick 9a49b22 from V8 upstream (Daniel Bevenius) #35939
• [7367e6c6be] - deps: update acorn to v8.0.4 (Michaël Zasso) #35791
• [4937a34be6] - deps: fix typo in zlib.gyp that break arm-fpu-neon build (lucasg) #35659
• [1e8dfb9d2c] - deps: upgrade to cjs-module-lexer@1.0.0 (Guy Bedford) #35928
• [0356963f0e] - deps: update to cjs-module-lexer@0.5.2 (Guy Bedford) #35901
• [172be4ffe0] - deps: upgrade to cjs-module-lexer@0.5.0 (Guy Bedford) #35871
• [1f7740691d] - deps: update to cjs-module-lexer@0.4.3 (Guy Bedford) #35745
• [47bd445e56] - doc: remove stray comma in url.md (Rich Trott) #36175
• [2f76a75fc6] - doc: revise agent.destroy() text (Rich Trott) #36163
• [72fb6f88ab] - doc: add compatibility/interop technical value (Geoffrey Booth) #35323
• [f5efd54727] - doc: de-emphasize wrapping in napi_define_class (Gabriel Schulhof) #36159
• [8a7c2b951d] - doc: clarify text about process not responding (Rich Trott) #36117
• [800e1db83d] - doc: esm docs consolidation and reordering (Guy Bedford) #36046
• [4fad888fe1] - doc: move shigeki to emeritus (Rich Trott) #36093
• [c088434b4d] - doc: document the error when cwd not exists in child_process.spawn (FeelyChau) #34505
• [4dbbbaa2e9] - doc: fix typo in debugger.md (Rich Trott) #36066
• [d796bc7348] - doc: update list styles for remark-parse@9 rendering (Rich Trott) #36049
• [6daf204f32] - doc: escape asterisk in cctest gtest-filter (raisinten) #36034
• [9470bf5872] - doc: move v8.getHeapCodeStatistics() (Rich Trott) #36027
• [30cd797c15] - doc: add note regarding file structure in src/README.md (Denys Otrishko) #35000
• [cddcfcde9f] - doc: advise users to import the full set of trusted release keys (Reşat SABIQ) #32655
• [1ca1f262a5] - doc: fix crypto doc linter errors (Antoine du Hamel) #36035
• [b11725eb9e] - doc: revise v8.getHeapSnapshot() (Rich Trott) #35849
• [990facbc3e] - doc: update core-validate-commit link in guide (Daijiro Wachi) #35938
• [773685c2a4] - **d...