This is a security release with only a single commit, an update to openssl due to a recent security advisory. You can read more about the security advisory on the Node.js website https://nodejs.org/en/blog/vulnerability/openssl-march-2016/
* openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) https://github.com/nodejs/node/pull/5507
- Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at CVE-2016-0705 https://www.openssl.org/news/vulnerabilities.html#2016-0705.
- Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at CVE-2016-0797 https://www.openssl.org/news/vulnerabilities.html#2016-0797.
- Fix a defect that makes the _CacheBleed Atta https://ssrg.nicta.com.au/projects/TS/cachebleed/ _ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at CVE-2016-0702 https://www.openssl.org/news/vulnerabilities.html#2016-0702.
PR-URL: https://github.com/nodejs/node/pull/5526
* buffer:
- You can now supply an encoding argument when filling a
Buffer Buffer#fill(string[, start[, end]][, encoding]), supplying
an existing Buffer will also work with
Buffer#fill(buffer[, start[, end]]). See the API documentation for
details on how this works. (Trevor Norris) #4935
- Buffer#indexOf() no longer requires a byteOffset argument if you
also wish to specify an encoding:
Buffer#indexOf(val[, byteOffset][, encoding]).
(Trevor Norris) #4803
* child_process: spawn() and spawnSync() now support a 'shell' option
to allow for optional execution of the given command inside a shell.
If set to true, cmd.exe will be used on Windows and /bin/sh
elsewhere. A path to a custom shell can also be passed to override
these defaults. On Windows, this option allows .bat. and .cmd files
to be executed with spawn() and spawnSync(). (Colin Ihrig) #4598
* http_parser: Update to http-parser 2.6.2 to fix an unintentionally
strict limitation of allowable header characters.
(James M Snell) #5237
* dgram: socket.send() now supports accepts an array of Buffers or
Strings as the first argument. See the API docs for details on how
this works. (Matteo Collina) #4374
* http: Fix a bug where handling headers will mistakenly trigger an
'upgrade' event where the server is just advertising its protocols.
This bug can prevent HTTP clients from communicating with HTTP/2
enabled servers. (Fedor Indutny) #4337
* net: Added a listening Boolean property to net and http servers to
indicate whether the server is listening for connections.
(José Moreira) #4743
* node: The C++ node::MakeCallback() API is now reentrant and calling
it from inside another MakeCallback() call no longer causes the
nextTick queue or Promises microtask queue to be processed out of
order. (Trevor Norris) #4507
* tls: Add a new tlsSocket.getProtocol() method to get the negotiated
TLS protocol version of the current connection. (Brian White) #4995
* vm: Introduce new 'produceCachedData' and 'cachedData' options to
new vm.Script() to interact with V8's code cache. When a new
vm.Script object is created with the 'produceCachedData' set to true
a Buffer with V8's code cache data will be produced and stored in
cachedData property of the returned object. This data in turn may be
supplied back to another vm.Script() object with a 'cachedData'
option if the supplied source is the same. Successfully executing a
script from cached data can speed up instantiation time. See the API
docs for details. (Fedor Indutny) #4777
* performance: Improvements in:
- process.nextTick() (Ruben Bridgewater) #5092
- path module (Brian White) #5123
- querystring module (Brian White) #5012
- streams module when processing small chunks (Matteo Collina) #4354
PR-URL: https://github.com/nodejs/node/pull/5295
This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.
Notable changes
* http: fix defects in HTTP header parsing for requests and responses
that can allow request smuggling (CVE-2016-2086) or response
splitting (CVE-2016-2216). HTTP header parsing now aligns more
closely with the HTTP spec including restricting the acceptable
characters.
* http-parser: upgrade from 2.6.0 to 2.6.1
* npm: upgrade npm from 3.3.12 to 3.6.0
(Rebecca Turner) https://github.com/nodejs/node/pull/4958
* openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the
Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
parameters shorter than 1024-bits, up from the previous limit of
768-bits.
This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.
Note that this release includes a non-backward compatible change to
address a security issue. This change increases the version of the LTS
v4.x line to v4.3.0. There will be *no further updates* to v4.2.x.
* http: fix defects in HTTP header parsing for requests and responses
that can allow request smuggling (CVE-2016-2086) or response
splitting (CVE-2016-2216). HTTP header parsing now aligns more
closely with the HTTP spec including restricting the acceptable
characters.
* http-parser: upgrade from 2.5.0 to 2.5.1
* openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the
Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
parameters shorter than 1024-bits, up from the previous limit of
768-bits.
* src:
- introduce new `--security-revert={cvenum}` command line flag for
selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted using
`--security-revert=CVE-2016-2216`
PR-URL: https://github.com/nodejs/node-private/pull/20
This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.
Notable changes:
* http: fix defects in HTTP header parsing for requests and responses
that can allow request smuggling (CVE-2016-2086) or response
splitting (CVE-2016-2216). HTTP header parsing now aligns more
closely with the HTTP spec including restricting the acceptable
characters.
* http-parser: upgrade from 2.3.0 to 2.3.1
* openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the
Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
parameters shorter than 1024-bits, up from the previous limit of
768-bits.
* src:
- introduce new `--security-revert={cvenum}` command line flag for
selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted using
`--security-revert=CVE-2016-2216`
* build:
- xz compressed tar files will be made available from nodejs.org for
v0.12 builds from v0.12.10 onward
- A headers.tar.gz file will be made available from nodejs.org for
v0.12 builds from v0.12.10 onward, a future change to node-gyp
will be required to make use of these
PR-URL: https://github.com/nodejs/node-private/pull/24
This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.
Notable changes:
* http: fix defects in HTTP header parsing for requests and responses
that can allow request smuggling (CVE-2016-2086) or response
splitting (CVE-2016-2216). HTTP header parsing now aligns more
closely with the HTTP spec including restricting the acceptable
characters.
* http-parser: upgrade from 1.0 to 1.1
* openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the
Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
parameters shorter than 1024-bits, up from the previous limit of
768-bits.
* src:
- introduce new `--security-revert={cvenum}` command line flag for
selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted using
`--security-revert=CVE-2016-2216`
* build:
- xz compressed tar files will be made available from nodejs.org for
v0.10 builds from v0.10.42 onward
- A headers.tar.gz file will be made available from nodejs.org for
v0.10 builds from v0.10.42 onward, a future change to node-gyp
will be required to make use of these
PR-URL: https://github.com/nodejs/node-private/pull/25
Notable changes:
* Fix regression in debugger and profiler functionality
PR-URL: https://github.com/nodejs/node/pull/4788
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Notable Changes:
* Minor performance improvements:
- module: move unnecessary work for early return (Andres Suarez) https://github.com/nodejs/node/pull/3579
* Various bug fixes
* Various doc fixes
* Various test improvements
PR-URL: https://github.com/nodejs/node/pull/4626
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Maintenance release
Notable Changes:
* v8: Fixed an out-of-band write in utf8 decoder. This is an important
security update as it can be used to cause a denial of service
attack.
* openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE
man-in-the-middle protection (Logjam) and fixes malformed
ECParameters causing infinite loop (CVE-2015-1788). See the
security advisory for full details. (Shigeki Ohtsu) #1950#1958
* build:
- Added support for compiling with Microsoft Visual C++ 2015
- Started building and distributing headers-only tarballs along with
binaries
Notable changes:
* buffer:
- Buffer.prototype.includes() has been added to keep parity
with TypedArrays. (Alexander Martin) #3567.
* domains:
- Fix handling of uncaught exceptions.
(Julien Gilli) #3654.
* https:
- Added support for disabling session caching.
(Fedor Indutny) #4252.
* repl:
- Allow third party modules to be imported using
require(). This corrects a regression from 5.2.0.
(Ben Noordhuis) #4215.
* deps:
- Upgrade libuv to 1.8.0.
(Saúl Ibarra Corretgé) #4276.
PR-URL: https://github.com/nodejs/node/pull/4281
Conflicts:
src/node_version.h
Notable changes:
* build:
- Add support for Intel's VTune JIT profiling when compiled with
--enable-vtune-profiling. For more information about VTune, see
https://software.intel.com/en-us/node/544211. (Chunyang Dai) #3785.
- Properly enable V8 snapshots by default. Due to a configuration
error, snapshots have been kept off by default when the intention
is for the feature to be enabled. (Fedor Indutny) #3962.
* crypto:
- Simplify use of ECDH (Elliptic Curve Diffie-Hellman) objects
(created via crypto.createECDH(curve_name)) with private keys that
are not dynamically generated via generateKeys(). The public key
is now computed when explicitly setting a private key. Added
validity checks to reduce the possibility of computing weak or
invalid shared secrets. Also, deprecated the setPublicKey() method
for ECDH objects as its usage is unnecessary and can lead to
inconsistent state. (Michael Ruddy) #3511.
- Update root certificates from the current list stored maintained
by Mozilla NSS. (Ben Noordhuis) #3951.
- Multiple CA certificates can now be passed with the ca option to
TLS methods as an array of strings or in a single new-line
separated string. (Ben Noordhuis) #4099
* tools: Include a tick processor in core, exposed via the
--prof-process command-line argument which can be used to process V8
profiling output files generated when using the --prof command-line
argument. (Matt Loring) #4021.
PR-URL: https://github.com/nodejs/node/pull/4181
Security Update
Notable items:
* **http**: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
* **openssl**: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against DH, an attack against RSA
and DSA is considered possible but unlikely, EC algorithms are not
affected. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
in out-of-bounds reads for arrays. (Ben Noordhuis)
PR-URL: https://github.com/nodejs/node-private/pull/11
Security Update
Notable items:
* http: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
* openssl: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against a Node.js TLS server using
DHE key exchange. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
in out-of-bounds reads for arrays. (Ben Noordhuis)
PR-URL: https://github.com/nodejs/node-private/pull/12
Security Update
Notable items:
* http: Fix a bug where an HTTP socket may no longer have a socket but a
pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
* openssl: Upgrade to 1.0.1q, fixes CVE-2015-3194
"Certificate verify crash with missing PSS parameter", a potential
denial-of-service vector for Node.js TLS servers; TLS clients are also
impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>. (Ben Noordhuis) #4133
PR-URL: https://github.com/nodejs/node-private/pull/13
Security Update
Notable items:
* build: Add support for Microsoft Visual Studio 2015
* npm: Upgrade to v1.4.29 from v1.4.28. A special one-off release as
part of the strategy to get a version of npm into Node.js v0.10.x that
works with the current registry
(https://github.com/nodejs/LTS/issues/37). This version of npm prints
out a banner each time it is run. The banner warns that the next
standard release of Node.js v0.10.x will ship with a version of npm
v2.
* openssl: Upgrade to 1.0.1q, containing fixes CVE-2015-3194
"Certificate verify crash with missing PSS parameter", a potential
denial-of-service vector for Node.js TLS servers; TLS clients are also
impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>. (Ben Noordhuis)
#4133
PR-URL: https://github.com/nodejs/node-private/pull/15
* A known issue was resolved but not removed from the list
* The wrong date was documented in the changelog for v4.2.2
PR-URL: https://github.com/nodejs/node/pull/3650
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Notable changes:
* buffer: (Breaking) Removed both 'raw' and 'raws' encoding types from Buffer,
these have been deprecated for a long time (Sakthipriyan Vairamani) #2859.
* console: (Breaking) Values reported by console.time() now have 3 decimals of
accuracy added (Michaël Zasso) #3166.
* fs:
- fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also accept a file
descriptor as their first argument (Johannes Wüller) #3163.
- (Breaking) In fs.readFile(), if an encoding is specified and the internal
toString() fails the error is no longer thrown but is passed to the callback
(Evan Lucas) #3485.
- (Breaking) In fs.read() (using the fs.read(fd, length, position, encoding,
callback) form), if the internal toString() fails the error is no longer
thrown but is passed to the callback (Evan Lucas) #3503.
* http:
- Fixed a bug where pipelined http requests would stall (Fedor Indutny) #3342.
- (Breaking) When parsing HTTP, don't add duplicates of the following headers:
Retry-After, ETag, Last-Modified, Server, Age, Expires. This is in addition
to the following headers which already block duplicates: Content-Type,
Content-Length, User-Agent, Referer, Host, Authorization,
Proxy-Authorization, If-Modified-Since, If-Unmodified-Since, From, Location,
Max-Forwards (James M Snell) #3090.
- (Breaking) The callback argument to OutgoingMessage#setTimeout() must be a
function or a TypeError is thrown (James M Snell) #3090.
- (Breaking) HTTP methods and header names must now conform to the RFC 2616
"token" rule, a list of allowed characters that excludes control characters
and a number of separator characters. Specifically, methods and header names
must now match /^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/ or a TypeError will be thrown
(James M Snell) #2526.
* node:
- (Breaking) Deprecated the _linklist module (Rich Trott) #3078.
- (Breaking) Removed require.paths and require.registerExtension(), both had
been previously set to throw Error when accessed
(Sakthipriyan Vairamani) #2922.
* npm: Upgraded to version 3.3.6 from 2.14.7, see
https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a
major version bump for npm and it has seen a significant amount of change.
Please see the original npm v3.0.0 release notes for a list of major changes
(Rebecca Turner) #3310.
* src: (Breaking) Bumped NODE_MODULE_VERSION to 47 from 46, this is necessary
due to the V8 upgrade. Native add-ons will need to be recompiled
(Rod Vagg) #3400.
* timers: Attempt to reuse the timer handle for setTimeout().unref(). This fixes
a long-standing known issue where unrefed timers would perviously hold
beforeExit open (Fedor Indutny) #3407.
* tls:
- Added ALPN Support (Shigeki Ohtsu) #2564.
- TLS options can now be passed in an object to createSecurePair()
(Коренберг Марк) #2441.
- (Breaking) The default minimum DH key size for tls.connect() is now 1024
bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new minDHSize TLS
option can be used to override the default. (Shigeki Ohtsu) #1831.
* util:
- (Breaking) util.p() was deprecated for years, and has now been removed
(Wyatt Preul) #3432.
- (Breaking) util.inherits() can now work with ES6 classes. This is considered
a breaking change because of potential subtle side-effects caused by a
change from directly reassigning the prototype of the constructor using
`ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })`
to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)`
(Michaël Zasso) #3455.
* v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) #3351.
- Implements the spread operator, see
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator
for further information.
- Implements new.target, see
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target
for further information.
* zlib: Decompression now throws on truncated input (e.g. unexpected end of
file) (Yuval Brik) #2595.
PR-URL: https://github.com/nodejs/node/pull/3466
PR-URL: https://github.com/nodejs/node/pull/3360
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Update the label for v4.2.0 to (LTS) from (Stable)
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/3343
Notable changes
* http:
- Fix out-of-order 'finish' event bug in pipelining that can abort
execution, fixes DoS vulnerability CVE-2015-7384
(Fedor Indutny) #3128
- Account for pending response data instead of just the data on the
current request to decide whether pause the socket or not
(Fedor Indutny) #3128
* libuv: Upgraded from v1.7.4 to v1.7.5, see release notes for details
(Saúl Ibarra Corretgé) #3010
- A better rwlock implementation for all Windows versions
- Improved AIX support
* v8:
- Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) #3117
- Backported f782159 from v8's upstream to help speed up Promise
introspection (Ben Noordhuis) #3130
- Backported c281c15 from v8's upstream to add JSTypedArray length
in post-mortem metadata (Julien Gilli) #3031
PR-URL: https://github.com/nodejs/node/pull/3128
Notable changes
* buffer: Fixed a bug introduced in v4.1.0 where allocating a new
zero-length buffer can result in the next allocation of a TypedArray
in JavaScript not being zero-filled. In certain circumstances this
could result in data leakage via reuse of memory space in
TypedArrays, breaking the normally safe assumption that TypedArrays
should be always zero-filled. (Trevor Norris) #2931.
* http: Guard against response-splitting of HTTP trailing headers
added via response.addTrailers() by removing new-line ([\r\n])
characters from values. Note that standard header values are already
stripped of new-line characters. The expected security impact is low
because trailing headers are rarely used. (Ben Noordhuis) #2945.
* npm: Upgrade to npm 2.14.4 from 2.14.3, see release notes for full
details (Kat Marchán) #2958
- Upgrades graceful-fs on multiple dependencies to no longer rely on
monkey-patching fs
- Fix npm link for pre-release / RC builds of Node
* v8: Update post-mortem metadata to allow post-mortem debugging tools
to find and inspect:
- JavaScript objects that use dictionary properties
(Julien Gilli) #2959
- ScopeInfo and thus closures (Julien Gilli) #2974
PR-URL: https://github.com/nodejs/node/pull/2995
* buffer: Fixed a minor errors that was causing crashes
(Michaël Zasso) #2635,
* child_process: Fix error that was causing crashes (Evan Lucas) #2727
* crypto: Replace use of rwlocks, unsafe on Windows XP / 2003
(Ben Noordhuis) #2723
* libuv: Upgrade from 1.7.3 to 1.7.4 (Saúl Ibarra Corretgé) #2817
* node: Fix faulty process.release.libUrl on Windows (Rod Vagg) #2699
* node-gyp: Float v3.0.3 which has improved support for Node.js and
io.js v0.10 to v4+ (Rod Vagg) #2700
* npm: Upgrade to version 2.14.3 from 2.13.3, includes a security
update, see https://github.com/npm/npm/releases/tag/v2.14.2 for more
details, (Kat Marchán) #2696.
* timers: Improved timer performance from porting the 0.12
implementation, plus minor fixes (Jeremiah Senkpiel) #2540,
(Julien Gilli) nodejs/node-v0.x-archive#8751nodejs/node-v0.x-archive#8905
PR-URL: https://github.com/nodejs/node/pull/2698
This list of changes is relative to the last io.js v3.x branch
release, v3.3.0. Please see the list of notable changes in the v3.x,
v2.x and v1.x releases for a more complete list of changes from
0.12.x. Note, that some changes in the v3.x series as well as major
breaking changes in this release constitute changes required for full
convergence of the Node.js and io.js projects.
* child_process: ChildProcess.prototype.send() and process.send()
operate asynchronously across all platforms so an optional callback
parameter has been introduced that will be invoked once the message
has been sent, i.e. .send(message[, sendHandle][, callback])
(Ben Noordhuis) #2620.
* node: Rename "io.js" code to "Node.js" (cjihrig) #2367.
* node-gyp: This release bundles an updated version of node-gyp that
works with all versions of Node.js and io.js including nightly and
release candidate builds. From io.js v3 and Node.js v4 onward, it
will only download a headers tarball when building addons rather
than the entire source. (Rod Vagg) #2700.
* npm: Upgrade to version 2.14.2 from 2.13.3, includes a security
update, see https://github.com/npm/npm/releases/tag/v2.14.2 for more
details, (Kat Marchán) #2696.
* timers: Improved timer performance from porting the 0.12
implementation, plus minor fixes (Jeremiah Senkpiel) #2540,
(Julien Gilli) nodejs/node-v0.x-archive#8751nodejs/node-v0.x-archive#8905
* util: The util.is*() functions have been deprecated, beginning with
deprecation warnings in the documentation for this release, users
are encouraged to seek more robust alternatives in the npm registry,
(Sakthipriyan Vairamani) #2447.
* v8: Upgrade to version 4.5.103.30 from 4.4.63.30 (Ali Ijaz Sheikh) #2632.
- Implement new TypedArray prototype methods: copyWithin(), every(),
fill(), filter(), find(), findIndex(), forEach(), indexOf(),
join(), lastIndexOf(), map(), reduce(), reduceRight(), reverse(),
slice(), some(), sort(). See
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray
for further information.
- Implement new TypedArray.from() and TypedArray.of() functions. See
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray
for further information.
- Implement arrow functions. See
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions
for further information.
- Full ChangeLog available at
https://github.com/v8/v8-git-mirror/blob/4.5.103/ChangeLog
PR-URL: https://github.com/nodejs/node/pull/2742
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Notable changes:
* build: Add a --link-module option to configure that can be used to
bundle additional JavaScript modules into a built binary
(Bradley Meck) #2497
* docs: Merge outstanding doc updates from joyent/node
(James M Snell) #2378
* http_parser: Significant performance improvement by having
http.Server consume all initial data from its net.Socket and parsing
directly without having to enter JavaScript. Any 'data' listeners on
the net.Socket will result in the data being "unconsumed" into
JavaScript, thereby undoing any performance gains.
(Fedor Indutny) #2355
* libuv: Upgrade to 1.7.3 (from 1.6.1), see
https://github.com/libuv/libuv/blob/v1.x/ChangeLog for details
(Saúl Ibarra Corretgé) #2310
* V8: Upgrade to 4.4.63.30 (from 4.4.63.26) (Michaël Zasso) #2482
cherry-picked from v3.x @ 1a6e52db30
PR-URL: https://github.com/nodejs/node/pull/2653
Reviewed-By: cjihrig - Colin Ihrig <cjihrig@gmail.com>
Notable changes:
* events: Added EventEmitter#listenerCount(event) as a replacement for
EventEmitter.listenerCount(emitter, event), which has now been
marked as deprecated in the docs. (Sakthipriyan Vairamani) #2349
* module: Fixed an error with preloaded modules when the current
working directory doesn't exist. (Bradley Meck) #2353
* node: Startup time is now about 5% faster when not passing V8 flags.
(Evan Lucas) #2483
* repl: Tab-completion now works better with arrays.
(James M Snell) #2409
* string_bytes: Fixed an unaligned write in the handling of UCS2
encoding. (Fedor Indutny) #2480
* tls: Added a new --tls-cipher-list flag that can be used to override
the built-in default cipher list. (James M Snell) #2412
PR-URL: https://github.com/nodejs/node/pull/2512
This commit replaces instances of io.js with Node.js, based on the
recent convergence. There are some remaining instances of io.js,
related to build and the installer.
Fixes: https://github.com/nodejs/node/issues/2361
PR-URL: https://github.com/nodejs/node/pull/2367
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: João Reis <reis@janeasystems.com>
Notable changes:
* buffer:
- Due to changes in V8, it has been necessary to reimplement Buffer
on top of V8's Uint8Array. While every effort has been made to
maintain performance, users are likely to experience a different
performance profile depending on how Buffer is used.
(Trevor Norris) #1825.
- Buffer can now take ArrayBuffers as a constructor argument
(Trevor Norris) #2002.
- When a single buffer is passed to Buffer.concat(), a new, copied
Buffer object will be returned; previous behavior was to return
the original Buffer object (Sakthipriyan Vairamani) #1937.
* build: PPC support has been added to core to allow compiling on
pLinux BE and LE (AIX support coming soon) (Michael Dawson) #2124.
* dgram: If an error occurs within socket.send() and a callback has
been provided, the error is only passed as the first argument to the
callback and not emitted on the socket object; previous behavior was
to do both (Matteo Collina & Chris Dickinson) #1796
* freelist: Deprecate the undocumented freelist core module
(Sakthipriyan Vairamani) #2176.
* http:
- Status codes now all use the official IANA names as per RFC7231,
e.g. http.STATUS_CODES[414] now returns 'URI Too Long' rather than
'Request-URI Too Large' (jomo) #1470.
- Calling .getName() on an HTTP agent no longer returns a trailing
colon, HTTPS agents will no longer return an extra colon near the
middle of the string (Brendan Ashworth) #1617.
* node:
- NODE_MODULE_VERSION has been bumped to 45 to reflect the break in
ABI (Rod Vagg) #2096.
- Introduce a new process.release object that contains a name
property set to 'io.js' and sourceUrl, headersUrl and libUrl
(Windows only) properties containing URLs for the relevant
resources; this is intended to be used by node-gyp
(Rod Vagg) #2154.
- The version of node-gyp bundled with io.js now downloads and uses
a tarball of header files from iojs.org rather than the full
source for compiling native add-ons; it is hoped this is a
temporary floating patch and the change will be upstreamed to
node-gyp soon (Rod Vagg) #2066.
* repl: Persistent history is now enabled by default. The history file
is located at ~/.node_repl_history, which can be overridden by the
new environment variable NODE_REPL_HISTORY. This deprecates the
previous NODE_REPL_HISTORY_FILE variable. Additionally, the format
of the file has been changed to plain text to better handle file
corruption. (Jeremiah Senkpiel) #2224.
* smalloc: The smalloc module has been removed as it is no longer
possible to provide the API due to changes in V8
(Ben Noordhuis) #2022.
* tls: Add server.getTicketKeys() and server.setTicketKeys() methods
for TLS session key rotation (Fedor Indutny) #2227.
* v8: Upgraded to 4.4.63.26
- ES6: Enabled computed property names
- ES6: Array can now be subclassed in strict mode
- ES6: Implement rest parameters in staging, use the
--harmony-rest-parameters command line flag
- ES6: Implement the spread operator in staging, use the
--harmony-spreadcalls command line flag
- Removed SetIndexedPropertiesToExternalArrayData and related APIs,
forcing a shift to Buffer to be reimplemented based on Uint8Array
- Introduction of Maybe and MaybeLocal C++ API for objects which may
or may not have a value.
- Added support for PPC
PR-URL: https://github.com/nodejs/io.js/pull/2299
Myles Borins
Rod Vagg
James M Snell
Evan Lucas
Jeremiah Senkpiel
cjihrig
Phillip Johnsen
Timothy Gu
reggi
Martial
P.S.V.R
Roman Reiss