Notable changes
* deps: Fixed an out-of-band write in utf8 decoder.
This is an important security update as it can be used to cause a
denial of service attack.
Notable changes
build:
- Added support for compiling with Microsoft Visual C++ 2015
- Started building and distributing headers-only tarballs along with binaries
PR-URL: https://github.com/nodejs/io.js/pull/1996
Notable changes
* module: The number of syscalls made during a require() have been
significantly reduced again (see #1801 from v2.2.0 for previous
work), which should lead to a performance improvement
(Pierre Inglebert) #1920.
* npm:
- Upgrade to v2.11.2 (Rebecca Turner) #1956.
- Upgrade to v2.11.3 (Forrest L Norvell) #2018.
* zlib: A bug was discovered where the process would abort if the
final part of a zlib decompression results in a buffer that would
exceed the maximum length of 0x3fffffff bytes (~1GiB). This was
likely to only occur during buffered decompression (rather than
streaming). This is now fixed and will instead result in a thrown
RangeError (Michaël Zasso) #1811.
Notable Changes:
* libuv: Upgraded to 1.6.0 and 1.6.1, see full ChangeLog for details.
(Saúl Ibarra Corretgé) #1905#1889. Highlights include:
- Fix TTY becoming blocked on OS X
- Fix UDP send callbacks to not to be synchronous
- Add uv_os_homedir() (exposed as os.homedir(), see below)
* npm: See full release notes for details. (Kat Marchán) #1899. Highlight:
- Use GIT_SSH_COMMAND (available as of Git 2.3)
* openssl:
- Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection
(Logjam) and fixes malformed ECParameters causing infinite loop
(CVE-2015-1788). See the security advisory for full details.
(Shigeki Ohtsu) #1950#1958
- Support FIPS mode of OpenSSL, see README for instructions.
(Fedor Indutny) #1890
* os: Add os.homedir() method. (Colin Ihrig) #1791
* smalloc: Deprecate whole module. (Vladimir Kurchatkin) #1822
* Add new collaborators:
- Alex Kocharin (@rlidwka)
- Christopher Monsanto (@monsanto)
- Ali Ijaz Sheikh (@ofrobots)
- Oleg Elifantiev (@Olegas)
- Domenic Denicola (@domenic)
- Rich Trott (@Trott)
PR-URL: https://github.com/nodejs/io.js/pull/1808
Notable Changes:
* node: Speed-up require() by replacing usage of fs.statSync() and
fs.readFileSync() with internal variants that are faster for this use-case
and do not create as many objects for the garbage collector to clean up.
The primary two benefits are: significant increase in application start-up
time on typical applications and better start-up time for the debugger by
eliminating almost all of the thousands of exception events.
(Ben Noordhuis) #1801.
* node: Resolution of pre-load modules (-r or --require) now follows the
standard require() rules rather than just resolving paths, so you can now
pre-load modules in node_modules. (Ali Ijaz Sheikh) #1812.
* npm: Upgraded npm to v2.11.0. New hooks for preversion, version, and
postversion lifecycle events, some SPDX-related license changes and license
file inclusions. See the release notes for full details.
PR-URL: https://github.com/nodejs/io.js/pull/1777
Notable Changes:
* crypto: Diffie-Hellman key exchange (DHE) parameters ('dhparams') must now be
1024 bits or longer or an error will be thrown. A warning will also be printed
to the console if you supply less than 2048 bits. See https://weakdh.org/ for
further context on this security concern. (Shigeki Ohtsu) #1739.
* node: A new --trace-sync-io command line flag will print a warning and a stack
trace whenever a synchronous API is used. This can be used to track down
synchronous calls that may be slowing down an application.
(Trevor Norris) #1707.
* node: To allow for chaining of methods, the setTimeout(), setKeepAlive(),
setNoDelay(), ref() and unref() methods used in 'net', 'dgram', 'http',
'https' and 'tls' now return the current instance instead of undefined
(Roman Reiss & Evan Lucas) #1699#1768#1779.
* npm: Upgraded to v2.10.1, release notes can be found in
https://github.com/npm/npm/releases/tag/v2.10.1 and
https://github.com/npm/npm/releases/tag/v2.10.0.
* util: A significant speed-up (in the order of 35%) for the common-case of a
single string argument to util.format(), used by console.log()
(Сковорода Никита Андреевич) #1749.
PR-URL: https://github.com/iojs/io.js/pull/1679
Notable Changes:
* win,node-gyp: the delay-load hook for windows addons has now been
correctly enabled by default, it had wrongly defaulted to off in the
release version of 2.0.0 (Bert Belder) #1433
* os: tmpdir()'s trailing slash stripping has been refined to fix an
issue when the temp directory is at '/'. Also considers which slash is
used by the operating system. (cjihrig) #1673
* tls: default ciphers have been updated to use gcm and aes128 (Mike
MacCana) #1660
* build: v8 snapshots have been re-enabled by default as suggested by
the v8 team, since prior security issues have been resolved. This
should give some perf improvements to both startup and vm context
creation. (Trevor Norris) #1663
* src: fixed preload modules not working when other flags were used
before --require (Yosuke Furukawa) #1694
* dgram: fixed send()'s callback not being asynchronous (Yosuke
Furukawa) #1313
* readline: emitKeys now keeps buffering data until it has enough to
parse. This fixes an issue with parsing split escapes. (Alex Kocharin)
* cluster: works now properly emit 'disconnect' to cluser.worker (Oleg
Elifantiev) #1386
events: uncaught errors now provide some context (Evan Lucas) #1654
PR-URL: https://github.com/iojs/io.js/pull/1532
Notable Changes:
* crypto: significantly reduced memory usage for TLS (Fedor Indutny & Сковорода
Никита Андреевич) #1529
* net: socket.connect() now accepts a 'lookup' option for a custom DNS
resolution mechanism, defaults to dns.lookup() (Evan Lucas) #1505
* npm: Upgrade npm to 2.9.0. See the v2.8.4 and v2.9.0 release notes for
details. Notable items:
- Add support for default author field to make npm init -y work without
user-input (@othiym23) npm/npm/d8eee6cf9d
- Include local modules in npm outdated and npm update (@ArnaudRinquin)
npm/npm#7426
- The prefix used before the version number on npm version is now configurable
via tag-version-prefix (@kkragenbrink) npm/npm#8014
* os: os.tmpdir() is now cross-platform consistent and will no longer returns a
path with a trailling slash on any platform (Christian Tellnes) #747
* process:
- process.nextTick() performance has been improved by between 2-42% across the
benchmark suite, notable because this is heavily used across core (Brian White) #1548
- New process.geteuid(), process.seteuid(id), process.getegid() and
process.setegid(id) methods allow you to get and set effective UID and GID
of the process (Evan Lucas) #1536
* repl:
- REPL history can be persisted across sessions if the NODE_REPL_HISTORY_FILE
environment variable is set to a user accessible file,
NODE_REPL_HISTORY_SIZE can set the maximum history size and defaults to 1000
(Chris Dickinson) #1513
- The REPL can be placed in to one of three modes using the NODE_REPL_MODE
environment variable: sloppy, strict or magic (default); the new magic mode
will automatically run "strict mode only" statements in strict mode
(Chris Dickinson) #1513
* smalloc: the 'smalloc' module has been deprecated due to changes coming in V8
4.4 that will render it unusable
* util: add Promise, Map and Set inspection support (Christopher Monsanto) #1471
* V8: upgrade to 4.2.77.18, see the ChangeLog for full details. Notable items:
- Classes have moved out of staging; the class keyword is now usable in strict
mode without flags
- Object literal enhancements have moved out of staging; shorthand method and
property syntax is now usable ({ method() { }, property })
- Rest parameters (function(...args) {}) are implemented in staging behind the
--harmony-rest-parameters flag
- Computed property names ({['foo'+'bar']:'bam'}) are implemented in staging
behind the --harmony-computed-property-names flag
- Unicode escapes ('\u{xxxx}') are implemented in staging behind the
--harmony_unicode flag and the --harmony_unicode_regexps flag for use in
regular expressions
* Windows:
- Random process termination on Windows fixed (Fedor Indutny) #1512 / #1563
- The delay-load hook introduced to fix issues with process naming (iojs.exe /
node.exe) has been made opt-out for native add-ons. Native add-ons should
include 'win_delay_load_hook': 'false' in their binding.gyp to disable this
feature if they experience problems . (Bert Belder) #1433
* Governance:
- Rod Vagg (@rvagg) was added to the Technical Committee (TC)
- Jeremiah Senkpiel (@Fishrock123) was added to the Technical Committee (TC)
Notable Changes:
* build: revert vcbuild.bat changes
* changes inherited from v1.8.0:
* build: Support for building io.js as a static
library (Marat Abdullin) #1341
* npm: Upgrade npm to 2.8.3. (Forrest L Norvell) #1448
* deps: upgrade openssl to 1.0.2a (Shigeki Ohtsu) #1389
* src: allow multiple arguments to be passed to
process.nextTick (Trevor Norris) #1077
* module: the interaction of require('.') with NODE_PATH has been
restored and deprecated. This functionality will be removed at
a later point. (Roman Reiss) #1363
Notable Changes:
* build: Support for building io.js as a static
library (Marat Abdullin) #1341
* deps: upgrade openssl to 1.0.2a (Shigeki Ohtsu) #1389
* npm: Upgrade npm to 2.8.3. (Forrest L Norvell) #1448
* src: allow multiple arguments to be passed to
process.nextTick (Trevor Norris) #1077
* module: the interaction of require('.') with NODE_PATH has been
restored and deprecated. This functionality will be removed at
a later point. (Roman Reiss) #1363
Notable changes:
* C++ API: Fedor Indutny contributed a feature to V8 which has been
backported to the V8 bundled in io.js. SealHandleScope allows a C++
add-on author to seal a HandleScope to prevent further, unintended
allocations within it. Currently only enabled for debug builds of
io.js. This feature helped detect the leak in #1075 and is now
activated on the root HandleScope in io.js. (Fedor Indutny) #1395.
* ARM: This release includes significant work to improve the state of
ARM support for builds and tests. The io.js CI cluster's ARMv6,
ARMv7 and ARMv8 build servers are now all (mostly) reporting passing
builds and tests.
- ARMv8 64-bit (AARCH64) is now properly supported, including a
backported fix in libuv that was mistakenly detecting the
existence of `epoll_wait()`. (Ben Noordhuis) #1365.
- ARMv6: #1376 reported a problem with Math.exp() on ARMv6 (incl
Raspberry Pi). The culprit is erroneous codegen for ARMv6 when
using the "fast math" feature of V8. --nofast_math has been turned
on for all ARMv6 variants by default to avoid this, fast math can
be turned back on with --fast_math. (Ben Noordhuis) #1398.
- Tests: timeouts have been tuned specifically for slower platforms,
detected as ARMv6 and ARMv7. (Roman Reiss) #1366.
* npm: Upgrade npm to 2.7.6. See the release notes
(https://github.com/npm/npm/releases/tag/v2.7.6) for details.
Notable changes:
* npm: upgrade npm to 2.7.5. See the npm CHANGELOG.md for details.
Includes two important security fixes.
https://github.com/npm/npm/blob/master/CHANGELOG.md#v275-2015-03-26
* openssl: preliminary work has been done for an upcoming upgrade to
OpenSSL 1.0.2a #1325 (Shigeki Ohtsu). See #589 for additional details.
* timers: a minor memory leak when timers are unreferenced was fixed,
alongside some related timers issues #1330 (Fedor Indutny). This
appears to have fixed the remaining leak reported in #1075.
* android: it is now possible to compile io.js for Android and related
devices #1307 (Giovanny Andres Gongora Granada).
Notable changes:
* fs: corruption can be caused by fs.writeFileSync() and append-mode
fs.writeFile() and fs.writeFileSync() under certain circumstances,
reported in #1058, fixed in #1063 (Olov Lassus).
* iojs: an "internal modules" API has been introduced to allow core
code to share JavaScript modules internally only without having to
expose them as a public API, this feature is for core-only #848
(Vladimir Kurchatkin).
* timers: two minor problems with timers have been fixed:
- Timer#close() is now properly idempotent #1288 (Petka Antonov).
- setTimeout() will only run the callback once now after an
unref() during the callback #1231 (Roman Reiss).
* Windows: a "delay-load hook" has been added for compiled add-ons
on Windows that should alleviate some of the problems that Windows
users may be experiencing with add-ons in io.js #1251
(Bert Belder).
* V8: minor bug-fix upgrade for V8 to 4.1.0.27.
* npm: upgrade npm to 2.7.4. See npm CHANGELOG.md for details.
Notable Changes:
* Windows: The ongoing work in improving the state of Windows support
has resulted in full test suite passes once again. As noted in the
release notes for v1.4.2, CI system and configuration problems
prevented it from properly reporting problems with the Windows
tests, the problems with the CI and the codebase appear to have been
fully resolved.
* FreeBSD: A kernel bug impacting io.js/Node.js was discovered and a
patch has been introduced to prevent it causing problems for io.js
(Fedor Indutny) #1218.
* module: you can now require('.') instead of having to require('./'),
this is considered a bugfix (Michaël Zasso) #1185.
* v8: updated to 4.1.0.25 including patches for --max_old_space_size
values above 4096 and Solaris support, both of which are already
included in io.js.
Notable Changes:
* node: a new -r or --require command-line option can be used to
pre-load modules at start-up (Ali Ijaz Sheikh)
* querystring: parse() and stringify() are now faster (Brian White)
* http: the http.ClientRequest#flush() method has been deprecated and
replaced with http.ClientRequest#flushHeaders() to match the same
change now in Node.js v0.12 as per
https://github.com/joyent/node/pull/9048 (Yosuke Furukawa)
* net: allow server.listen() to accept a String option for port, e.g.
{ port: "1234" }, to match the same option being accepted in
net.connect() as of https://github.com/joyent/node/pull/9268 (Ben
Noordhuis)
* tls: further work on the reported memory leak although there appears
to be a minor leak remaining for the use-case in question, track
progress at https://github.com/iojs/io.js/issues/1075.
* v8: backport a fix for an integer overflow when --max_old_space_size
values above 4096 are used (Ben Noordhuis)
* platforms: the io.js CI system now reports passes on FreeBSD and
SmartOS (_Solaris_).
* npm: upgrade npm to 2.7.1. See the npm CHANGELOG.md for details.
https://github.com/npm/npm/blob/master/CHANGELOG.md#v271-2015-03-05
Notable changes:
* buffer: New `Buffer#indexOf()` method, modelled off `Array#indexOf()`.
Accepts a String, Buffer or a Number. Strings are interpreted as UTF8.
(Trevor Norris) https://github.com/iojs/io.js/pull/561
* fs: `options` object properties in `'fs'` methods no longer perform a
`hasOwnProperty()` check, thereby allowing options objects to have
prototype properties that apply. (Jonathan Ong)
https://github.com/iojs/io.js/pull/635
* tls: A likely TLS memory leak was reported by PayPal. Some of the recent
changes in stream_wrap appear to be to blame. The initial fix is in
https://github.com/iojs/io.js/pull/1078, you can track the progress
toward closing the leak at
https://github.com/iojs/io.js/issues/1075 (Fedor Indutny).
* npm: Upgrade npm to 2.7.0. See npm CHANGELOG.md:
https://github.com/npm/npm/blob/master/CHANGELOG.md#v270-2015-02-26
for details including why this is a semver-minor when it could have
been semver-major.
* TC: Colin Ihrig (@cjihrig) resigned from the TC due to his desire to do
more code and fewer meetings.
Notable changes:
* stream: Fixed problems for platforms without `writev()` support,
particularly Windows. Changes introduced in 1.4.1, via
https://github.com/iojs/io.js/pull/926, broke some
functionality for these platforms, this has now been addressed.
https://github.com/iojs/io.js/pull/1008 (Fedor Indutny)
* arm: We have the very beginnings of ARMv8 / ARM64 / AARCH64
support. An upgrade to OpenSSL 1.0.2 is one requirement for full
support. https://github.com/iojs/io.js/pull/1028
(Ben Noordhuis)
* Add new collaborator: Julian Duque @julianduque
Notable changes:
* process / promises: An'unhandledRejection' event is now emitted on
process whenever a Promise is rejected and no error handler is
attached to the Promise within a turn of the event loop. A
'rejectionHandled' event is now emitted whenever a Promise was
rejected and an error handler was attached to it later than after an
event loop turn. See the process documentation for more detail.
https://github.com/iojs/io.js/pull/758 (Petka Antonov)
* streams: you can now use regular streams as an underlying socket for
tls.connect() https://github.com/iojs/io.js/pull/758 (Fedor Indutny)
* http: A new 'abort' event emitted when a http.ClientRequest is
aborted by the client. https://github.com/iojs/io.js/pull/945
(Evan Lucas)
* V8: Upgrade V8 to 4.1.0.21. Includes an embargoed fix, details
should be available at
https://code.google.com/p/chromium/issues/detail?id=430201
when embargo is lifted. A breaking ABI change has been held back
from this upgrade, possibly to be included when io.js merges V8 4.2.
See https://github.com/iojs/io.js/pull/952 for discussion.
* npm: Upgrade npm to 2.6.0. Includes features to support the new
registry and to prepare for npm@3. See npm CHANGELOG.md
https://github.com/npm/npm/blob/master/CHANGELOG.md#v260-2015-02-12
for details.
* libuv: Upgrade to 1.4.2. See libuv ChangeLog
https://github.com/libuv/libuv/blob/v1.x/ChangeLog for details of
fixes.
This adds more consistency, plus links to commits are particularly useful.
PR-URL: https://github.com/iojs/io.js/pull/967
Reviewed-By: Rod Vagg <rod@vagg.org>
The CHANGELOG referenced PR 847, but should really be 846.
PR-URL: https://github.com/iojs/io.js/pull/903
Reviewed-By: Christian Tellnes <christian@tellnes.no>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Notable changes:
* url: `url.resolve('/path/to/file', '.')` now returns `/path/to/`
with the trailing slash, `url.resolve('/', '.')` returns `/`.
https://github.com/iojs/io.js/issues/278 (Amir Saboury)
* tls: tls (and in turn https) now rely on a stronger default
cipher suite which excludes the RC4 cipher. If you still want to
use RC4, you have to specify your own ciphers suite.
https://github.com/iojs/io.js/issues/826 (Roman Reiss)
Notable changes:
* stream:
- Simpler stream construction, see
https://github.com/iojs/readable-stream/issues/102 for details.
This extends the streams base objects to make their constructors
accept default implementation methods, reducing the boilerplate
required to implement custom streams. An updated version of
readable-stream will eventually be released to match this change
in core. (@sonewman)
* dns:
- `lookup()` now supports an `'all'` boolean option, default to
`false` but when turned on will cause the method to return an
array of *all* resolved names for an address, see,
https://github.com/iojs/io.js/pull/744 (@silverwind)
* assert:
- Remove `prototype` property comparison in `deepEqual()`,
considered a bugfix, see https://github.com/iojs/io.js/pull/636
(@vkurchatkin)
- Introduce a `deepStrictEqual()` method to mirror `deepEqual()`
but performs strict equality checks on primitives, see
https://github.com/iojs/io.js/pull/639 (@vkurchatkin)
* **tracing**:
- Add LTTng (Linux Trace Toolkit Next Generation) when compiled
with the `--with-lttng` option. Trace points match those
available for DTrace and ETW.
https://github.com/iojs/io.js/pull/702 (@thekemkid)
* npm upgrade to 2.5.1
* **libuv** upgrade to 1.4.0
* Add new collaborators:
- Aleksey Smolenchuk (@lxe)
- Shigeki Ohtsu (@shigeki)
Include mention of privateEncrypt and publicDecrypt in changelog.
PR-URL: https://github.com/iojs/io.js/pull/722
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Notable changes:
* debug: fix v8 post-mortem debugging.
* crypto: publicEncrypt now supports password-protected private keys.
* crypto: ~30% speedup on hashing functions.
* errors
- better formatting via util.inspect
- more descriptive errors from fs. This necessitated a
NODE_MODULE_VERSION bump.
- more descriptive errors from http.setHeader
* dep updates:
- npm: upgrade to 2.4.1
- http-parser: rollback to 2.3.0
- libuv: update to 1.3.0
- v8: update to 4.1.0.14
* http.request: inherited properties on options are now respected
* add iterable interface to buffers.
* fs: fix fd leak on `fs.createReadStream`. See 497fd72 for details.
* installer: on Windows, emit WM_SETTINGCHANGE after install to make
other running processes aware of the PATH changes.
* Added new collaborators:
- Vladimir Kurchatkin (@vkurchatkin)
- Micleușanu Nicu (@micnic)