Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Node.js to v20.17.0 #1411

Merged
merged 1 commit into from
Sep 9, 2024
Merged

Update Node.js to v20.17.0 #1411

merged 1 commit into from
Sep 9, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 9, 2024

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
node stage minor 20.14.0-alpine3.20 -> 20.17.0-alpine3.20 age adoption passing confidence
@types/node (source) devDependencies minor 20.14.0 -> 20.16.5 age adoption passing confidence

Release Notes

nodejs/node (node)

v20.17.0

Compare Source

v20.16.0: 2024-07-24, Version 20.16.0 'Iron' (LTS), @​marco-ippolito

Compare Source

process: add process.getBuiltinModule(id)

process.getBuiltinModule(id) provides a way to load built-in modules
in a globally available function. ES Modules that need to support
other environments can use it to conditionally load a Node.js built-in
when it is run in Node.js, without having to deal with the resolution
error that can be thrown by import in a non-Node.js environment or
having to use dynamic import() which either turns the module into
an asynchronous module, or turns a synchronous API into an asynchronous one.

if (globalThis.process?.getBuiltinModule) {
  // Run in Node.js, use the Node.js fs module.
  const fs = globalThis.process.getBuiltinModule('fs');
  // If `require()` is needed to load user-modules, use createRequire()
  const module = globalThis.process.getBuiltinModule('module');
  const require = module.createRequire(import.meta.url);
  const foo = require('foo');
}

If id specifies a built-in module available in the current Node.js process,
process.getBuiltinModule(id) method returns the corresponding built-in
module. If id does not correspond to any built-in module, undefined
is returned.

process.getBuiltinModule(id) accepts built-in module IDs that are recognized
by module.isBuiltin(id).

The references returned by process.getBuiltinModule(id) always point to
the built-in module corresponding to id even if users modify
require.cache so that require(id) returns something else.

Contributed by Joyee Cheung in #​52762

doc: doc-only deprecate OpenSSL engine-based APIs

OpenSSL 3 deprecated support for custom engines with a recommendation to switch to its new provider model.
The clientCertEngine option for https.request(), tls.createSecureContext(), and tls.createServer(); the privateKeyEngine and privateKeyIdentifier for tls.createSecureContext(); and crypto.setEngine() all depend on this functionality from OpenSSL.

Contributed by Richard Lau in #​53329

inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth

Debugger.setAsyncCallStackDepth was previously calling the enable function by mistake. As a result, when profiling using Chrome DevTools, the async hooks won't be turned off properly after receiving Debugger.setAsyncCallStackDepth with depth 0.

Contributed by Joyee Cheung in #​53473

Other Notable Changes
  • [09e2191432] - (SEMVER-MINOR) buffer: add .bytes() method to Blob (Matthew Aitken) #​53221
  • [394e00f41c] - (SEMVER-MINOR) doc: add context.assert docs (Colin Ihrig) #​53169
  • [a8601efa5e] - (SEMVER-MINOR) doc: improve explanation about built-in modules (Joyee Cheung) #​52762
  • [5e76c258f7] - doc: add StefanStojanovic to collaborators (StefanStojanovic) #​53118
  • [5e694026f1] - doc: add Marco Ippolito to TSC (Rafael Gonzaga) #​53008
  • [f3ba1eb72f] - (SEMVER-MINOR) net: add new net.server.listen tracing channel (Paolo Insogna) #​53136
  • [2bcce3255b] - (SEMVER-MINOR) src,permission: --allow-wasi & prevent WASI exec (Rafael Gonzaga) #​53124
  • [a03a4c7bdd] - (SEMVER-MINOR) test_runner: add context.fullName (Colin Ihrig) #​53169
  • [69b828f5a5] - (SEMVER-MINOR) util: support --no- for argument with boolean type for parseArgs (Zhenwei Jin) #​53107
Commits

v20.15.1: 2024-07-08, Version 20.15.1 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
  • CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
  • CVE-2024-22018 - fs.lstat bypasses permission model (Low)
  • CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
  • CVE-2024-37372 - Permission model improperly processes UNC paths (Low)
Commits

v20.15.0: 2024-06-20, Version 20.15.0 'Iron' (LTS), @​marco-ippolito

Compare Source

test_runner: support test plans

It is now possible to count the number of assertions and subtests that are expected to run within a test. If the number of assertions and subtests that run does not match the expected count, the test will fail.

test('top level test', (t) => {
  t.plan(2);
  t.assert.ok('some relevant assertion here');
  t.subtest('subtest', () => {});
});

Contributed by Colin Ihrig in #​52860

inspector: introduce the --inspect-wait flag

This release introduces the --inspect-wait flag, which allows debugger to wait for attachement. This flag is useful when you want to debug the code from the beginning. Unlike --inspect-brk, which breaks on the first line, this flag waits for debugger to be connected and then runs the code as soon as a session is established.

Contributed by Kohei Ueno in #​52734

zlib: expose zlib.crc32()

This release exposes the crc32() function from zlib to user-land.

It computes a 32-bit Cyclic Redundancy Check checksum of data. If
value is specified, it is used as the starting value of the checksum,
otherwise, 0 is used as the starting value.

The CRC algorithm is designed to compute checksums and to detect error
in data transmission. It's not suitable for cryptographic authentication.

const zlib = require('node:zlib');
const { Buffer } = require('node:buffer');

let crc = zlib.crc32('hello');  // 907060870
crc = zlib.crc32('world', crc);  // 4192936109

crc = zlib.crc32(Buffer.from('hello', 'utf16le'));  // 1427272415
crc = zlib.crc32(Buffer.from('world', 'utf16le'), crc);  // 4150509955

Contributed by Joyee Cheung in #​52692

cli: allow running wasm in limited vmem with --disable-wasm-trap-handler

By default, Node.js enables trap-handler-based WebAssembly bound
checks. As a result, V8 does not need to insert inline bound checks
int the code compiled from WebAssembly which may speedup WebAssembly
execution significantly, but this optimization requires allocating
a big virtual memory cage (currently 10GB). If the Node.js process
does not have access to a large enough virtual memory address space
due to system configurations or hardware limitations, users won't
be able to run any WebAssembly that involves allocation in this
virtual memory cage and will see an out-of-memory error.

$ ulimit -v 5000000
$ node -p "new WebAssembly.Memory({ initial: 10, maximum: 100 });"
[eval]:1
new WebAssembly.Memory({ initial: 10, maximum: 100 });
^

RangeError: WebAssembly.Memory(): could not allocate memory
    at [eval]:1:1
    at runScriptInThisContext (node:internal/vm:209:10)
    at node:internal/process/execution:118:14
    at [eval]-wrapper:6:24
    at runScript (node:internal/process/execution:101:62)
    at evalScript (node:internal/process/execution:136:3)
    at node:internal/main/eval_string:49:3

--disable-wasm-trap-handler disables this optimization so that
users can at least run WebAssembly (with a less optimial performance)
when the virtual memory address space available to their Node.js
process is lower than what the V8 WebAssembly memory cage needs.

Contributed by Joyee Cheung in #​52766

Other Notable Changes
Commits

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 9, 2024
@codecov Codecov
Copy link

codecov bot commented Sep 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.78%. Comparing base (ce40900) to head (74deab0).
Report is 2 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #1411   +/-   ##
========================================
  Coverage    96.78%   96.78%           
========================================
  Files           48       48           
  Lines         1740     1740           
  Branches       492      492           
========================================
  Hits          1684     1684           
  Misses          52       52           
  Partials         4        4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@VKTB VKTB merged commit 4303dfe into develop Sep 9, 2024
5 checks passed
@VKTB VKTB deleted the renovate/node-20.x branch September 9, 2024 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VKTB VKTB VKTB approved these changes

@joelvdavies joelvdavies joelvdavies approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@VKTB @joelvdavies