Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.
PR-URL: https://github.com/nodejs/node/pull/27396
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This patch implements --cpu-prof-interval to specify the sampling
interval of the CPU profiler started by --cpu-prof from the command
line. Also adjust the interval to 100 in test-cpu-prof.js to make
the test less flaky - it would fail if the time taken to finish
the workload is smaller than the sampling interval, which was
more likely on powerful machines when the interval was 1000.
PR-URL: https://github.com/nodejs/node/pull/27535
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This is an extremely important part of the ESM implementation
that should have been unflagged as a breaking change in v12.0.0
to allow us to unflag ESM in Node.js 12.x before LTS. Assuming we
can get consensus on this behavior I would argue that this Semver-Major
behavior change could be viewed as a Semver-Patch fix in v12.0.1
PR-URL: https://github.com/nodejs/node/pull/27417
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
This is an abstraction on top of creatRequireFromPath that can accept
both paths, URL Strings, and URL Objects.
PR-URL: https://github.com/nodejs/node/pull/27405
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This commit adds a --trace-tls command-line flag. The
purpose is to enable tracing of TLS connections without the
need to modify existing application code.
PR-URL: https://github.com/nodejs/node/pull/27497
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This commit adds the enableTrace option to the TLSSocket
constructor. It also plumbs the option through other relevant
APIs.
PR-URL: https://github.com/nodejs/node/pull/27497
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
There is no way to disable SNI extension when sending a request to HTTPS
server. Setting `options.servername` to a falsy value would make Node.js
core override it with either hostname or ip address.
This change introduces a way to disable SNI completely if this is
required for user's application. Setting `options.servername` to ``
in `https.request` would disable overrides and thus disable the
extension.
PR-URL: https://github.com/nodejs/node/pull/27316
Reviewed-By: Steven R Loomis <srloomis@us.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
This makes sure we do not use `assert.doesNotReject()` anywhere in
our code base. This is just a simple wrapper that catches the
rejection and then rejects it again in case of an error. Thus, it is
not useful to do that.
The error message for `assert.doesNotThrow()` is also improved.
PR-URL: https://github.com/nodejs/node/pull/27402
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/27367
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Instead of using the public AssertionError, use a simplified
error that describes potential causes of these assertions
and suggests the user to open an issue.
PR-URL: https://github.com/nodejs/node/pull/26635
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
This fixes a pull request number in `repl.md`.
PR-URL: https://github.com/nodejs/node/pull/27336
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
To improve the integration of `--cpu-prof` with workers, this patch
splits `--cpu-prof-path` into `--cpu-prof-dir` and `--cpu-prof-name`,
so when a worker is launched from a thread that enables
`--cpu-prof`, if the parent thread sets `--cpu-prof-dir`, then the
profile of both thread would be generated to the specified directory.
If they end up specifying the same `--cpu-prof-name` the behavior
is undefined the last profile will overwritten the first one.
PR-URL: https://github.com/nodejs/node/pull/27306
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
In the code base the word `report` is almost only used to refer to
the diagnostic report when it's a noun, and it's programmable
interface `process.report()` it not prefixed, so `report` should be
unambiguous enough to use without `diagnostic`.
PR-URL: https://github.com/nodejs/node/pull/27312
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This patch introduces a CLI flag --cpu-prof that starts the V8
CPU profiler on start up, and ends the profiler then writes the
CPU profile before the Node.js instance (on the main thread or
the worker thread) exits. By default the profile is written to
`${cwd}/CPU.${yyyymmdd}.${hhmmss}.${pid}.${tid}.${seq}.cpuprofile`.
The patch also introduces a --cpu-prof-path flag for the user
to specify the path the profile will be written to.
Refs: https://github.com/nodejs/node/issues/26878
PR-URL: https://github.com/nodejs/node/pull/27147
Reviewed-By: Anna Henningsen <anna@addaleax.net>
The characters specified within NODE_OPTIONS can now be escaped, which
is handy especially in conjunction with `--require` (where the file path
might happen to contain spaces that shouldn't cause the option to be
split into two).
Fixes: https://github.com/nodejs/node/issues/12971
PR-URL: https://github.com/nodejs/node/pull/24065
Reviewed-By: Anna Henningsen <anna@addaleax.net>
In lib/dns.js, use `isIP()` instead of `isIPv4()` for determining the
`family` property in `lookup()`. If an invalid IP address is returned,
the `family` currently provided is `6`. With this change, it will be
`0`. Update documentation to reflect this.
PR-URL: https://github.com/nodejs/node/pull/27081
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
New flag is for string input only
PR-URL: https://github.com/nodejs/node/pull/27184
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
This adds documentation that is meant as internal only. As first entry
the `--inspect-brk-node` flag got documented here.
PR-URL: https://github.com/nodejs/node/pull/26665
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
This adds a flag to define the default behavior for unhandled
rejections. Three modes exist: `none`, `warn` and `strict`. The first
is going to silence all unhandled rejection warnings. The second
behaves identical to the current default with the excetion that no
deprecation warning will be printed and the last is going to throw
an error for each unhandled rejection, just as regular exceptions do.
It is possible to intercept those with the `uncaughtException` hook
as with all other exceptions as well.
This PR has no influence on the existing `unhandledRejection` hook.
If that is used, it will continue to function as before.
PR-URL: https://github.com/nodejs/node/pull/26599
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
This updates the customization of colors for `util.inspect`. A couple
entries were missing and this also adds a reference to check for colors.
PR-URL: https://github.com/nodejs/node/pull/27052
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Using `util.inspect` on errors is going to highlight userland and
node_module stack frames from now on. This is done by marking Node.js
core frames grey and frames that contain `node_modules` in their path
yellow.
That way it's easy to grasp what frames belong to what code.
PR-URL: https://github.com/nodejs/node/pull/27052
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
This validates the input to make sure the arguments do not overflow.
Before, if the input would overflow, it would cause the write to be
performt in the wrong spot / result in unexpected behavior.
Instead, just use a strict number validation.
PR-URL: https://github.com/nodejs/node/pull/27045
Fixes: https://github.com/nodejs/node/issues/27043
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
* Add missing reference ids.
* Un-link impossible wildcard link.
* Hardcode a link that baffles our new doc toolchain (`[][]` part
is parsed as an empty link now instead of two-dimensional array sign).
PR-URL: https://github.com/nodejs/node/pull/27141
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
This flag allows heap snapshots to be captured without
modifying application code.
PR-URL: https://github.com/nodejs/node/pull/27133
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
When the threadsafe functions were promoted to
version 4 from experimental we missed documenting
that. Add the version indicator for these functions
in the doc.
PR-URL: https://github.com/nodejs/node/pull/27155
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This changes the `compact` default from `true` to `3`. That mode
changes arrays to be grouped together, it alignes multiple small
entries on a single line in similar to `compact` true but only for
the most inner three depth levels and the closing brackets are
always on the same indentation as the openeing of the object instead
of at the same line as another property.
Big strings will be naturally broken into multiple lines instead of
having one huge line that is not well readable.
The output size mainly stays the same that way while it will be
smaller in case of big arrays.
Increasing the `breakLength` to 80 adjusts for most terminals that
support at least 80 characters in a single line and improves the
general output that way. A lot of calculations use the `breakLength`
to determine the concrete behavior.
PR-URL: https://github.com/nodejs/node/pull/27109
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Server.listenFD() has been runtime deprecated since
Node 0.7.12. This commit moves the deprecation to
end-of-life.
PR-URL: https://github.com/nodejs/node/pull/27127
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Set the default maxBuffer size to 204,800 bytes for execSync,
execFileSync, and spawnSync.
APIs that return the child output as a string should have non-infinite
defaults for maxBuffer sizes to avoid out-of-memory error conditions. A
non-infinite default used to be the documented behaviour for all
relevant APIs, but the implemented behaviour for execSync, execFileSync
and spawnSync was to have no maxBuffer limits.
PR-URL: https://github.com/nodejs/node/pull/23027
Refs: https://github.com/nodejs/node/pull/22894
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
The community maintained material hasn't been updated for
almost five years, corresponds to Node 0.11, and is no longer
accurate. This commit removes the references.
PR-URL: https://github.com/nodejs/node/pull/27126
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This commit adds support for RSA-PSS keys, including
- KeyObjects of type rsa-pss,
- key pair generation for RSA-PSS, and
- signing and verification using RSA-PSS keys.
PR-URL: https://github.com/nodejs/node/pull/26960
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
