Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: enable ASLR (PIE) on OS X #35704

Closed
wants to merge 1 commit into from
Closed

Conversation

woodfairy
Copy link
Contributor

@woodfairy woodfairy commented Oct 19, 2020

After conducting several benchmarks, I noticed performance losses of
5-10%. As OS X is not a performance critical platform, as already
mentioned by @bnoordhuis, I have removed the -no_pie flag at least for
this platform. I'd love to enable PIE for other platforms if the 5-10%
speed loss is not too high. I would be happy to hear your opinion on
this.

Refs: #33425

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added the build Issues and PRs related to build files or the CI. label Oct 19, 2020
After conducting several benchmarks, I noticed performance losses of
5-10%. As OS X is not a performance critical platform, as already
mentioned by @bnoordhuis, I have removed the -no_pie flag at least for
this platform. I'd love to enable PIE for other platforms if the 5-10%
speed loss is not too high. I would be happy to hear your opinion on
this.

Refs: nodejs#33425
Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since common.gypi also affects addons: Should we be extra careful and label this semver-major?

@richardlau
Copy link
Member

richardlau commented Oct 19, 2020

Since common.gypi also affects addons: Should we be extra careful and label this semver-major?

Probably. Does it have to be in common.gypi? Could it be in node.gypi instead?

@woodfairy
Copy link
Contributor Author

Since common.gypi also affects addons: Should we be extra careful and label this semver-major?

Probably. Does it have to be in common.gypi? Could it be in node.gypi instead?

As PIE is explicitly opted-out in common.gypi, and there is no "-no_pie" flag in node.gypi, I wouldn't know how to turn it on specifically in node.gypi. But maybe I am missing some knowledge here. My changes actually just revert this commit: a5012a0

@richardlau richardlau added the semver-major PRs that contain breaking changes and should be released in the next major version. label Oct 20, 2020
@richardlau
Copy link
Member

ugh then I guess defensively semver-major it is 😞.

@Trott
Copy link
Member

Trott commented Oct 31, 2020

@nodejs/tsc This is semver-major and so would need at least one more TSC approval.

@Trott Trott added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 31, 2020
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 31, 2020
@nodejs-github-bot
Copy link
Collaborator

@mmarchini
Copy link
Contributor

CI is passing, so I assume #5903 is not an issue anymore? If someone wants to build a custom Node.js binary without PIE, how would they do it?

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking this as I would like to know more. what is the advantage of -pie?

A lot of frontend build tools compete on build times, e.g. performance. I disagree that Mac is not a perf-critical target.

@addaleax
Copy link
Member

addaleax commented Nov 2, 2020

what is the advantage of -pie?

@mcollina To save you a Google search, it enables the OS to do ASLR which is a security feature: https://en.wikipedia.org/wiki/Position-independent_code#Position-independent_executables & https://en.wikipedia.org/wiki/Address_space_layout_randomization

Apple's macOS and iOS fully support PIE executables as of versions 10.7 and 4.3, respectively; a warning is issued when non-PIE iOS executables are submitted for approval to Apple's App Store but there's no hard requirement yet and non-PIE applications are not rejected.

@mmarchini
Copy link
Contributor

a warning is issued when non-PIE iOS executables are submitted for approval to Apple's App Store but there's no hard requirement yet and non-PIE applications are not rejected

ah that's why my inbox is full of alerts?

@mcollina
Copy link
Member

mcollina commented Nov 2, 2020

I looked at those articles, however I do not understand exactly what is the benefit and what we are trying to protect our users from. None of the threat exposed there seems to apply to our security model.

@addaleax
Copy link
Member

addaleax commented Nov 2, 2020

@mcollina It’s a defense-in-depth mechanism that mitigates the impact of remote code execution vulnerabilities. It is an additional layer to make exploits significantly harder to write, rather than a full protection against a vulnerability. It is also fairly standard to have this enabled in modern applications, if that is technically feasible.

@mhdawson
Copy link
Member

mhdawson commented Nov 2, 2020

My take is that 5-10% is a significant decrease and we need to carefully weigh if the benefits are worth that decrease, particularly in the eyes of end users.

@mcollina
Copy link
Member

mcollina commented Nov 2, 2020

Does python, ruby, etc ships with this enabled? Does go, rust produce binaries with this enabled by default?

@mmarchini
Copy link
Contributor

FWIW, I think we already have it enabled for Linux builds, and I think it's not a performance problem on Linux (although I might be wrong), so when evaluating Python, Ruby, Go, etc. those should be evaluated on OSX as well.

@addaleax
Copy link
Member

addaleax commented Nov 2, 2020

Does python, ruby, etc ships with this enabled?

Yes, and, at least on my Ubuntu machine, they also do so on Linux.

Does go, rust produce binaries with this enabled by default?

Rust does and go doesn’t, on both of these platforms.

Also, keep in mind that this does not affect compiled JS code, only native code in the binary.

@mmarchini
Copy link
Contributor

I'm very surprised by the 5-10% numbers tbh

@mhdawson
Copy link
Member

mhdawson commented Nov 2, 2020

I'm very surprised by the 5-10% numbers tbh

Particularly if we already have it enabled for Linux.

@addaleax
Copy link
Member

addaleax commented Nov 2, 2020

I'm very surprised by the 5-10% numbers tbh

Particularly if we already have it enabled for Linux.

It doesn't look like we do, though.

@woodfairy
Copy link
Contributor Author

woodfairy commented Nov 3, 2020

Blocking this as I would like to know more. what is the advantage of -pie?

A lot of frontend build tools compete on build times, e.g. performance. I disagree that Mac is not a perf-critical target.

PIE / ASLR is an exploit mitigation which makes it harder to exploit a target if you find a memory bug (e.g. stack buffer overflow) which would allow arbitrary code execution. With PIE enabled, you can't hardcode addresses, and you need to calculate offsets for them. To achieve this, another vulnerability would be needed (e.g. format string information leak) in order to circumvent this. From my personal experience writing (basic) exploits, PIE is a very useful mitigation. Especially in combination with W^X mempages, PIE is a very effective way to prevent return-oriented programming (which is a common technique when writing exploits). In my opinion, the security benefits outweigh the perfomance costs.

Does go, rust produce binaries with this enabled by default?

Rust does and go doesn’t, on both of these platforms.

Also, keep in mind that this does not affect compiled JS code, only native code in the binary.

Rust and Go don't need this feature as they are memory safe by design (Rust at compile-time via RAII, Golang at runtime via garbage collector). The developers say, that their languages are safe and therefore no need for PIE, which is not the case for C / C++.

@mcollina
Copy link
Member

mcollina commented Nov 3, 2020

This is a really good protection layer but I also think it is very theoretical in the Node.js case. I may be wrong but I don't think there has been an RCE in the last few years (if not one at all). We consider JS code as "trusted" - there are significant bigger threats if we did not consider it so.

@woodfairy
Copy link
Contributor Author

woodfairy commented Nov 3, 2020

This is a really good protection layer but I also think it is very theoretical in the Node.js case. I may be wrong but I don't think there has been an RCE in the last few years (if not one at all). We consider JS code as "trusted" - there are significant bigger threats if we did not consider it so.

It is not very theoretical, and it does not have to be an RCE, as I've said this is relevant for any memory based attack. It is not about JS code, it's about the native code, which you can never consider safe if it's C or C++. This is a standard security feature in modern applications and should not be turned off (there is a reason why it's opt-out these days, and there has been a reason why it was opted-out, but this is now obsolete).

One recent example from June 202 (and if you go through all security patches, you will find a lot more of them), this is a common threat.
https://www.cvedetails.com/vulnerability-list/vendor_id-12113/Nodejs.html
Even more recent, September 2020:
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

Any big application has such security holes and this is totally normal:
https://security.stackexchange.com/questions/21137/average-number-of-exploitable-bugs-per-thousand-lines-of-code

Especially with Node.js, this kind of issues are a big threat as most users install a Node version and don't update it frequently, so many binaries out there are vulnerable to publicly well known memory corruptions.

@mcollina
Copy link
Member

mcollina commented Nov 3, 2020

Considering the releases in https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/, how would -pie increase protection for CVE-2020-8252 (see also https://hackerone.com/reports/965914 https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-may-cause-buffer-overflow-medium-cve-2020-8252)? (I think that's the only one memory-related, the others are HTTP).

I'm guessing @Trott @devnexen @richardlau @addaleax you'd be in favor of enabling -pie on all platforms?

@woodfairy
Copy link
Contributor Author

woodfairy commented Nov 3, 2020

Considering the releases in https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/, how would -pie increase protection for CVE-2020-8252 (see also https://hackerone.com/reports/965914 https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-may-cause-buffer-overflow-medium-cve-2020-8252)? (I think that's the only one memory-related, the others are HTTP).

I'm guessing @Trott @devnexen @richardlau @addaleax you'd be in favor of enabling -pie on all platforms?

Ok in the particular case for CVE-2020-8252, an exploit is very unlikely by the nature of the bug, but still is for other ones. Didn't to enough research on this one, my bad.

I personally would not necessarily enable it on Linux, as this is a production system for many users, and I can understand that 5-10% performance decrease are too much for this platform. That's my opinion on that (but I'd still be happy if it's done).

@addaleax
Copy link
Member

addaleax commented Nov 3, 2020

We consider JS code as "trusted"

@mcollina This is not what this is about.

Considering the releases in https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/, how would -pie increase protection for CVE-2020-8252 (see also https://hackerone.com/reports/965914 https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-may-cause-buffer-overflow-medium-cve-2020-8252)?

Well … as @woodfairy said, this is probably not easy to exploit on its own, but I can try to turn it into an example of where ASLR would help mitigate impact: If an attacker can cause a write buffer overflow here, they can write to memory that they should not be able to write to. If they can write to memory that contains a function pointer (and possibly some arguments that are later passed to that function – that’s not an uncommon combination), they can overwrite that pointer with another value, leading to a jump to an attacker-controlled address later. If ASLR is disabled, the addresses for code in the Node.js binary itself are fixed, and very easy to jump to, making it possible to jump to an attacker-controlled function inside Node.js (which may perform privileged operations, including using functions that write data to disk). If ASLR is enabled, that makes addresses inside the Node.js binary hard to guess, and can make such attacks impractical.

I'm guessing @Trott @devnexen @richardlau @addaleax you'd be in favor of enabling -pie on all platforms?

I would be okay with that, but I feel like @woodfairy here.

@mcollina
Copy link
Member

mcollina commented Nov 3, 2020

I see, thanks for the detailed explanation. This can be useful indeed.

I disagree with the premise that Mac OS X could "run slower" than other platforms. I'll do some measurements on a real world codebase and report back.

@mcollina
Copy link
Member

mcollina commented Nov 3, 2020

How have you measured the 5-10% slowdown? I've run a few tests and webpack build times or http server throughput are not effected in a meaningful way. I have a Macbook Pro 13'' 2020.

@woodfairy
Copy link
Contributor Author

How have you measured the 5-10% slowdown? I've run a few tests and webpack build times or http server throughput are not effected in a meaningful way. I have a Macbook Pro 13'' 2020.

I measured using the benchmarks in benchmark/

I have a MacBook Pro 13" 2016

@mcollina
Copy link
Member

mcollina commented Nov 6, 2020

I measured using the benchmarks in benchmark/

Which one did you run?

Maybe is there some sort of HW/OS support that could make this less expensive?

@devnexen
Copy link
Contributor

devnexen commented Nov 6, 2020

I'm guessing @Trott @devnexen @richardlau @addaleax you'd be in favor of enabling -pie on all platforms?

Would be in favor indeed.

@woodfairy
Copy link
Contributor Author

I measured using the benchmarks in benchmark/

Which one did you run?

Maybe is there some sort of HW/OS support that could make this less expensive?

There are the results of the benchmark.

#33425 (comment)

It is possible that my hardware causes those. But I don't know it.

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mcollina mcollina added the request-ci Add this label to start a Jenkins CI on a PR. label Nov 14, 2020
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Nov 14, 2020
@nodejs-github-bot
Copy link
Collaborator

@mcollina
Copy link
Member

CI is failing somehow :/

@woodfairy
Copy link
Contributor Author

CI is failing somehow :/

This is very odd as PIE should not affect the code. I will look into it, hopefully soon.

@addaleax
Copy link
Member

I think there’s a good chance that all of those are flaky, pre-existing failures.

@nodejs-github-bot
Copy link
Collaborator

@aduh95
Copy link
Contributor

aduh95 commented Nov 17, 2020

CI is green. Is this ready to land?

@mcollina mcollina added the commit-queue Add this label to land a pull request using GitHub Actions. label Nov 17, 2020
@github-actions github-actions bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Nov 17, 2020
@github-actions
Copy link
Contributor

Landed in fff25a0...8d6b74d

@github-actions github-actions bot closed this Nov 17, 2020
nodejs-github-bot pushed a commit that referenced this pull request Nov 17, 2020
After conducting several benchmarks, I noticed performance losses of
5-10%. As OS X is not a performance critical platform, as already
mentioned by @bnoordhuis, I have removed the -no_pie flag at least for
this platform. I'd love to enable PIE for other platforms if the 5-10%
speed loss is not too high. I would be happy to hear your opinion on
this.

Refs: #33425

PR-URL: #35704
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
BethGriggs added a commit that referenced this pull request Apr 20, 2021
Notable Changes:

Deprecations and Removals

- **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive
  (Antoine du Hamel) [#37216]
- **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option
  (Antoine du Hamel) [#37302]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('http_parser') (James M Snell) [#37813]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('url') (James M Snell) [#37799]
- **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only
  type checkers (Anna Henningsen) [#37819]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('crypto') (James M Snell) [#37790]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('signal_wrap') (James M Snell) [#37800]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('v8') (James M Snell) [#37789]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('async_wrap') (James M Snell) [#37576]
- **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath
  (Antoine du Hamel) [#37201]
- **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder
  mappings (Antoine du Hamel) [#37215]
- **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and
  extension lookups (Antoine du Hamel) [#37206]
- **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json
  main entries (Antoine du Hamel) [#37204]
- **(SEMVER-MAJOR)** **process**: runtime deprecate changing
  process.config (James M Snell) [#36902]

Stable Timers Promises API:

The Timers Promises API provides an alternative set of timer functions
that return Promise objects. Added in Node.js v15.0.0, in this release
they graduate from experimental status to stable.

Contributed by James Snell - [#38112]

Toolchain and Compiler Upgrades:

Node.js v16.0.0 will be the first release where we ship prebuilt
binaries for Apple Silicon. While we’ll be providing separate tarballs
for the Intel (`darwin-x64`) and ARM (`darwin-arm64`) architectures the
macOS installer (`.pkg`) will be shipped as a ‘fat’ (multi-architecture)
binary.

- **(SEMVER-MAJOR)** **build**: remove support for Python 2
  (Christian Clauss) [#36691]
- **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile
  (Michaël Zasso) [#37764]
- **build**: update Makefile to support fat binary (Ash Cripps)
  [#37861]
- **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy)
  [#35704]
- **build**: warn for gcc versions earlier than 8.3.0 (Richard Lau)
  [#37935]
- **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11
  (Michaël Zasso) [#37872]
- **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3
  (Michaël Zasso) [#37871]
- **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [#37677]
- **tools**: set arch in Distribution.xml (Ash Cripps)
  [#38261]

V8 9.0:

The V8 JavaScript engine is updated to V8 9.0, including performance
tweaks and improvements.

This update also brings the ECMAScript RegExp Match Indices, which
provide the start and end indices of the captured string. The indices
array is available via the `.indices` property on match objects when the
regular expression has the `/d` flag.

Contributed by Michaël Zasso - [#37587]

Other Notable Changes:

- **(SEMVER-MINOR)** **assert**: graduate assert.match and
  assert.doesNotMatch (James M Snell) [#38111]
- **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals
  (James M Snell) [#37786]
- **deps**: update llhttp to 6.0.0 (Fedor Indutny)
  [#38277]
- **deps**: upgrade npm to 7.10.0 (Ruy Adorno)
  [#38254]
- **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68
  (Michaël Zasso) [#37330]
- **(SEMVER-MINOR)** **http**: add http.ClientRequest.getRawHeaderNames()
  (simov) [#37660]
- **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent
  (Michael Dawson) [#36478]
- **(SEMVER-MINOR)** **module**: add support for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [#37246]
- **(SEMVER-MINOR)** **perf_hooks**: add histogram option to timerify
  (James M Snell) [#37475]
- **(SEMVER-MINOR)** **repl**: add auto‑completion for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [#37246]
- **(SEMVER-MINOR)** **util**: add getSystemErrorMap() impl
  (eladkeyshawn) [#38101]

Semver-Major Commits:

- **async_hooks**: add thisArg to AsyncResource.bind (James M Snell)
  [#36782]
- **buffer**: expose btoa and atob as globals (James M Snell)
  [#37786]
- **build**: remove support for Python 2 (Christian Clauss)
  [#36691]
- **build**: default PYTHON to python3 in Makefile (Michaël Zasso)
  [#37764]
- **build**: update Makefile to support fat binary (Ash Cripps)
  [#37861]
- **build**: reset embedder string to "-node.0" (Michaël Zasso)
  [#37587]
- **build**: include minimal V8 headers in distribution (Michaël Zasso)
  [#37570]
- **build**: reset embedder string to "-node.0" (Michaël Zasso)
  [#37330]
- **build**: reset embedder string to "-node.0" (Michaël Zasso)
  [#36139]
- **build**: use C++11 ABI with libstdc++ (Anna Henningsen)
  [#36634]
- **build**: enable ASLR (PIE) on OS X (woodfairy)
  [#35704]
- **build**: reset embedder string to "-node.0" (Michaël Zasso)
  [#35700]
- **deps**: V8: cherry-pick 1648e050cade (Michaël Zasso)
  [#37587]
- **deps**: silence irrelevant V8 warnings (Michaël Zasso)
  [#37587]
- **deps**: fix V8 build issue with inline methods (Jiawen Geng)
  [#35415]
- **deps**: make v8.h compatible with VS2015 (Joao Reis)
  [#32116]
- **deps**: V8: forward declaration of `Rtl\*FunctionTable` (Refael
  Ackermann) [#32116]
- **deps**: V8: patch register-arm64.h (Refael Ackermann)
  [#32116]
- **deps**: V8: un-cherry-pick bd019bd (Refael Ackermann)
  [#32116]
- **deps**: update V8 to 9.0.257.11 (Michaël Zasso)
  [#37587]
- **deps**: bump minimum ICU version to 68 (Michaël Zasso)
  [#37330]
- **deps**: V8: cherry-pick 8957d4677aa7 (Michaël Zasso)
  [#37330]
- **deps**: V8: backport a11395433dbd (Michaël Zasso)
  [#37330]
- **deps**: V8: cherry-pick deb0813166f3 (Michaël Zasso)
  [#36139]
- **deps**: V8: cherry-pick 9a6a22874c81 (Michaël Zasso)
  [#36139]
- **deps**: silence irrelevant V8 warning (Michaël Zasso)
  [#37330]
- **deps**: workaround stod() limitations on SmartOS (Colin Ihrig)
  [#37330]
- **deps**: fix V8 build issue with inline methods (Jiawen Geng)
  [#35415]
- **deps**: patch V8 to run on Xcode 8 (Mary Marchini)
  [#32116]
- **deps**: make v8.h compatible with VS2015 (Joao Reis)
  [#32116]
- **deps**: V8: forward declaration of `Rtl\*FunctionTable` (Refael
  Ackermann) [#32116]
- **deps**: V8: patch register-arm64.h (Refael Ackermann)
  [#32116]
- **deps**: patch V8 to run on older XCode versions (Ujjwal Sharma)
  [#32116]
- **deps**: V8: un-cherry-pick bd019bd (Refael Ackermann)
  [#32116]
- **deps**: update V8 to 8.9.255.19 (Michaël Zasso)
  [#37330]
- **deps**: V8: cherry-pick deb0813166f3 (Michaël Zasso)
  [#36139]
- **deps**: V8: cherry-pick 9a6a22874c81 (Michaël Zasso)
  [#36139]
- **deps**: V8: cherry-pick 2059ee813359 (Michaël Zasso)
  [#36139]
- **deps**: V8: cherry-pick bde7ee5473d6 (Michaël Zasso)
  [#36139]
- **deps**: V8: cherry-pick 9a712984025e (Michaël Zasso)
  [#36139]
- **deps**: V8: cherry-pick 0b96e5b0bfb2 (Michaël Zasso)
  [#36139]
- **deps**: V8: cherry-pick fbb28902e049 (Michaël Zasso)
  [#36139]
- **deps**: V8: cherry-pick 821fb3883a8e (Michaël Zasso)
  [#35700]
- **deps**: workaround stod() limitations on SmartOS (Colin Ihrig)
  [#36139]
- **deps**: fix V8 build issue with inline methods (Jiawen Geng)
  [#35415]
- **deps**: patch V8 to run on Xcode 8 (Mary Marchini)
  [#32116]
- **deps**: V8: silence irrelevant warnings (Michaël Zasso)
  [#32116]
- **deps**: make v8.h compatible with VS2015 (Joao Reis)
  [#32116]
- **deps**: V8: forward declaration of `Rtl\*FunctionTable` (Refael
  Ackermann) [#32116]
- **deps**: V8: patch register-arm64.h (Refael Ackermann)
  [#32116]
- **deps**: patch V8 to run on older XCode versions (Ujjwal Sharma)
  [#32116]
- **deps**: V8: un-cherry-pick bd019bd (Refael Ackermann)
  [#32116]
- **deps**: update V8 to 8.8.278.17 (Michaël Zasso)
  [#36139]
- **deps**: V8: cherry-pick 821fb3883a8e (Michaël Zasso)
  [#35700]
- **deps**: V8: cherry-pick 45e49775f5a3 (Michaël Zasso)
  [#35700]
- **deps**: V8: cherry-pick 7b3a27b7ae65 (Michaël Zasso)
  [#35700]
- **deps**: V8: cherry-pick d76abfed3512 (Michaël Zasso)
  [#35415]
- **deps**: fix V8 build issue with inline methods (Jiawen Geng)
  [#35415]
- **deps**: update V8 postmortem metadata script (Colin Ihrig)
  [#35415]
- **deps**: update V8 postmortem metadata script (Colin Ihrig)
  [#33579]
- **deps**: patch V8 to run on Xcode 8 (Mary Marchini)
  [#32116]
- **deps**: V8: silence irrelevant warnings (Michaël Zasso)
  [#32116]
- **deps**: make v8.h compatible with VS2015 (Joao Reis)
  [#32116]
- **deps**: V8: forward declaration of `Rtl\*FunctionTable` (Refael
  Ackermann) [#32116]
- **deps**: V8: patch register-arm64.h (Refael Ackermann)
  [#32116]
- **deps**: patch V8 to run on older XCode versions (Ujjwal Sharma)
  [#32116]
- **deps**: V8: un-cherry-pick bd019bd (Refael Ackermann)
  [#32116]
- **deps**: update V8 to 8.7.220 (Michaël Zasso)
  [#35700]
- **dns**: use url module instead of punycode for IDNA (Antoine du
  Hamel) [#35091]
- **doc**: update minimum supported Xcode to 11 (Michaël Zasso)
  [#37872]
- **doc**: update minimum supported GCC to 8.3 (Michaël Zasso)
  [#37871]
- **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [#37677]
- **doc**: fixup http.IncomingMessage deprecation code (Guy Bedford)
  [#36917]
- **doc**: add http.IncomingMessage#connection (Pranshu Srivastava)
  [#33768]
- **events**: change EventTarget handler exception behavior (Nitzan
  Uziely) [#37237]
- **fs**: remove permissive rmdir recursive (Antoine du Hamel)
  [#37216]
- **fs**: add validation for fd and path (Dylan Elliott)
  [#35187]
- **fs**: runtime deprecate rmdir recursive option (Antoine du Hamel)
  [#37302]
- **fs**: fix flag and mode validation (James M Snell)
  [#37480]
- **http**: use objects with null prototype in Agent (Michaël Zasso)
  [#36409]
- **lib**: runtime deprecate access to process.binding('http_parser')
  (James M Snell) [#37813]
- **lib**: runtime deprecate access to process.binding('url') (James M
  Snell) [#37799]
- **lib**: make process.binding('util') return only type checkers (Anna
  Henningsen) [#37819]
- **lib**: runtime deprecate access to process.binding('crypto') (James
  M Snell) [#37790]
- **lib**: runtime deprecate access to process.binding('signal_wrap')
  (James M Snell) [#37800]
- **lib**: runtime deprecate access to process.binding('v8') (James M
  Snell) [#37789]
- **lib**: aggregate errors to avoid error swallowing (Antoine du Hamel)
  [#37460]
- **lib**: load v8_prof_processor dependencies as ESM (Michaël Zasso)
  [#37587]
- **lib**: runtime deprecate access to process.binding('async_wrap')
  (James M Snell) [#37576]
- **lib**: remove usage of url.parse (raisinten)
  [#36853]
- **lib**: add error handling for input stream (rexagod)
  [#31603]
- **lib,src**: update cluster to use Parent (Michael Dawson)
  [#36478]
- **module**: runtime deprecate subpath folder mappings (Antoine du
  Hamel) [#37215]
- **module**: runtime deprecate "main" index and extension lookups
  (Antoine du Hamel) [#37206]
- **module**: runtime deprecate invalid package.json main entries
  (Antoine du Hamel) [#37204]
- **module**: remove module.createRequireFromPath (Antoine du Hamel)
  [#37201]
- **module**: only set cache when finding module succeeds (Yongsheng
  Zhang) [#36642]
- **perf_hooks**: make performance a global (James M Snell)
  [#37970]
- **perf_hooks**: complete overhaul of the implementation (James M
  Snell) [#37136]
- **process**: disallow adding options to
  process.allowedNodeEnvironmentFlags (Antoine du Hamel)
  [#36660]
- **process**: runtime deprecate changing process.config (James M Snell)
  [#36902]
- **readline**: cursorTo throw error on NaN (Zijian Liu)
  [#36379]
- **src**: use non-deprecated GetCreationContext from V8 (Michaël Zasso)
  [#37587]
- **src**: remove V8_FT_ADAPTOR for V8 update (Colin Ihrig)
  [#37587]
- **src**: use non-deprecated V8 module APIs (Michaël Zasso)
  [#37587]
- **src**: update NODE_MODULE_VERSION to 93 (Michaël Zasso)
  [#37587]
- **src**: use non-deprecated V8 module and script APIs (Michaël Zasso)
  [#37330]
- **src**: update NODE_MODULE_VERSION to 92 (Michaël Zasso)
  [#37330]
- **src**: update NODE_MODULE_VERSION to 91 (Michaël Zasso)
  [#36139]
- **src**: mark internally exported functions as explicitly internal
  (Tyler Ang-Wanek) [#37000]
- **src**: inline AsyncCleanupHookHandle in headers (Tyler Ang-Wanek)
  [#37000]
- **src**: fix v8 api deprecation (Jiawen Geng)
  [#35700]
- **src**: update NODE_MODULE_VERSION to 90 (Michaël Zasso)
  [#35700]
- **src**: clean up embedder API (Anna Henningsen)
  [#35897]
- **test**: mark test-return-on-exit as flaky (Michaël Zasso)
  [#36139]
- **test**: mark WASI's test-return-on-exit as flaky (Colin Ihrig)
  [#36139]
- **tools**: update V8 gypfiles for 9.0 (Michaël Zasso)
  [#37587]
- **tools**: update V8 gypfiles for 8.9 (Michaël Zasso)
  [#37330]
- **tools**: update V8 gypfiles for 8.8 (Michaël Zasso)
  [#36139]
- **tools**: update V8 gypfiles for 8.7 (Michaël Zasso)
  [#35700]
- **worker**: send correct error status for worker init (Yash Ladha)
  [#36242]

PR-URL: #37678
BethGriggs added a commit that referenced this pull request Apr 20, 2021
Notable changes:

Deprecations and Removals:

- **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive
  (Antoine du Hamel) [#37216]
- **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option
  (Antoine du Hamel) [#37302]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('http_parser') (James M Snell) [#37813]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('url') (James M Snell) [#37799]
- **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only
  type checkers (Anna Henningsen) [#37819]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('crypto') (James M Snell) [#37790]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('signal_wrap') (James M Snell) [#37800]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('v8') (James M Snell) [#37789]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('async_wrap') (James M Snell) [#37576]
- **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath
  (Antoine du Hamel) [#37201]
- **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder
  mappings (Antoine du Hamel) [#37215]
- **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and
  extension lookups (Antoine du Hamel) [#37206]
- **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json
  main entries (Antoine du Hamel) [#37204]
- **(SEMVER-MAJOR)** **process**: runtime deprecate changing
  process.config (James M Snell) [#36902]

Stable Timers Promises API:

The Timers Promises API provides an alternative set of timer functions
that return Promise objects. Added in Node.js v15.0.0, in this release
they graduate from experimental status to stable.

Contributed by James Snell - [#38112]

Toolchain and Compiler Upgrades:

Node.js v16.0.0 will be the first release where we ship prebuilt
binaries for Apple Silicon. While we’ll be providing separate tarballs
for the Intel (`darwin-x64`) and ARM (`darwin-arm64`) architectures the
macOS installer (`.pkg`) will be shipped as a ‘fat’ (multi-architecture)
binary.

- **(SEMVER-MAJOR)** **build**: remove support for Python 2 (Christian
  Clauss) [#36691]
- **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile
  (Michaël Zasso) [#37764]
- **build**: update Makefile to support fat binary (Ash Cripps)
  [#37861]
- **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy)
  [#35704]
- **build**: warn for gcc versions earlier than 8.3.0 (Richard Lau)
  [#37935]
- **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11
  (Michaël Zasso) [#37872]
- **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3
  (Michaël Zasso) [#37871]
- **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [#37677]
- **tools**: set arch in Distribution.xml (Ash Cripps)
  [#38261]

V8 9.0:

The V8 JavaScript engine is updated to V8 9.0, including performance
tweaks and improvements.

This update also brings the ECMAScript RegExp Match Indices, which
provide the start and end indices of the captured string. The indices
array is available via the `.indices` property on match objects when the
regular expression has the `/d` flag.

Contributed by Michaël Zasso - [#37587]

Other Notable Changes:

- **(SEMVER-MINOR)** **assert**: graduate assert.match and
  assert.doesNotMatch (James M Snell) [#38111]
- **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals
  (James M Snell) [#37786]
- **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68
  (Michaël Zasso) [#37330]
- **deps**: update ICU to 69.1 (Michaël Zasso)
  [#38178]
- **deps**: update llhttp to 6.0.0 (Fedor Indutny)
  [#38277]
- **deps**: upgrade npm to 7.10.0 (Ruy Adorno)
  [#38254]
- **(SEMVER-MINOR)** **http**: add http.ClientRequest.getRawHeaderNames()
  (simov) [#37660]
- **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent
  (Michael Dawson) [#36478]
- **(SEMVER-MINOR)** **module**: add support for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [#37246]
- **(SEMVER-MINOR)** **perf_hooks**: add histogram option to timerify
  (James M Snell) [#37475]
- **(SEMVER-MINOR)** **repl**: add auto‑completion for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [#37246]
- **(SEMVER-MINOR)** **util**: add getSystemErrorMap() impl
  (eladkeyshawn) [#38101]

Semver-Major Commits:

- **(SEMVER-MAJOR)** **async_hooks**: add thisArg to AsyncResource.bind
  (James M Snell) [#36782]
- **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals
  (James M Snell) [#37786]
- **(SEMVER-MAJOR)** **build**: remove support for Python 2
  (Christian Clauss) [#36691]
- **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile
  (Michaël Zasso) [#37764]
- **(SEMVER-MAJOR)** **build**: update Makefile to support fat binary
  (Ash Cripps) [#37861]
- **(SEMVER-MAJOR)** **build**: include minimal V8 headers in
  distribution (Michaël Zasso) [#37570]
- **(SEMVER-MAJOR)** **build**: use C++11 ABI with libstdc++
  (Anna Henningsen) [#36634]
- **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy)
  [#35704]
- **(SEMVER-MAJOR)** **deps**: update V8 to 9.0.257.11 (Michaël Zasso)
  [#37587]
- **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68
  (Michaël Zasso) [#37330]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.9.255.19 (Michaël Zasso)
  [#37330]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.8.278.17 (Michaël Zasso)
  [#36139]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.7.220 (Michaël Zasso)
  [#35700]
- **(SEMVER-MAJOR)** **dns**: use url module instead of punycode for
  IDNA (Antoine du Hamel) [#35091]
- **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11
  (Michaël Zasso) [#37872]
- **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3
  (Michaël Zasso) [#37871]
- **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [#37677]
- **(SEMVER-MAJOR)** **doc**: add http.IncomingMessage#connection
  (Pranshu Srivastava) [#33768]
- **(SEMVER-MAJOR)** **events**: change EventTarget handler exception
  behavior (Nitzan Uziely) [#37237]
- **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive
  (Antoine du Hamel) [#37216]
- **(SEMVER-MAJOR)** **fs**: add validation for fd and path
  (Dylan Elliott) [#35187]
- **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option
  (Antoine du Hamel) [#37302]
- **(SEMVER-MAJOR)** **fs**: fix flag and mode validation
  (James M Snell) [#37480]
- **(SEMVER-MAJOR)** **http**: use objects with null prototype in Agent
  (Michaël Zasso) [#36409]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('http_parser') (James M Snell)
  [#37813]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('url') (James M Snell)
  [#37799]
- **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only
  type checkers (Anna Henningsen) [#37819]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('crypto') (James M Snell) [#37790]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('signal_wrap') (James M Snell) [#37800]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('v8') (James M Snell) [#37789]
- **(SEMVER-MAJOR)** **lib**: aggregate errors to avoid error swallowing
  (Antoine du Hamel) [#37460]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('async_wrap') (James M Snell) [#37576]
- **(SEMVER-MAJOR)** **lib**: remove usage of url.parse
  (raisinten) [#36853]
- **(SEMVER-MAJOR)** **lib**: add error handling for input stream
  (rexagod) [#31603]
- **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent
  (Michael Dawson) [#36478]
- **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder
  mappings (Antoine du Hamel) [#37215]
- **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and
  extension lookups (Antoine du Hamel) [#37206]
- **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json
  main entries (Antoine du Hamel) [#37204]
- **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath
  (Antoine du Hamel) [#37201]
- **(SEMVER-MAJOR)** **module**: only set cache when finding module
  succeeds (Yongsheng Zhang) [#36642]
- **(SEMVER-MAJOR)** **perf_hooks**: make performance a global (James M
  Snell) [#37970]
- **(SEMVER-MAJOR)** **perf_hooks**: complete overhaul of the
  implementation (James M Snell) [#37136]
- **(SEMVER-MAJOR)** **process**: disallow adding options to
  process.allowedNodeEnvironmentFlags (Antoine du Hamel)
  [#36660]
- **(SEMVER-MAJOR)** **process**: runtime deprecate changing
  process.config (James M Snell) [#36902]
- **(SEMVER-MAJOR)** **readline**: cursorTo throw error on NaN
  (Zijian Liu) [#36379]
- **(SEMVER-MAJOR)** **src**: mark internally exported functions as
  explicitly internal (Tyler Ang-Wanek) [#37000]
- **(SEMVER-MAJOR)** **src**: inline AsyncCleanupHookHandle in headers
  (Tyler Ang-Wanek) [#37000]
- **(SEMVER-MAJOR)** **src**: clean up embedder API (Anna Henningsen)
  [#35897]
- **(SEMVER-MAJOR)** **worker**: send correct error status for worker
  init (Yash Ladha) [#36242]

PR-URL: #37678
BethGriggs added a commit that referenced this pull request Apr 20, 2021
Notable changes:

Deprecations and Removals:

- **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive
  (Antoine du Hamel) [#37216]
- **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option
  (Antoine du Hamel) [#37302]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('http_parser') (James M Snell) [#37813]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('url') (James M Snell) [#37799]
- **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only
  type checkers (Anna Henningsen) [#37819]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('crypto') (James M Snell) [#37790]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('signal_wrap') (James M Snell) [#37800]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('v8') (James M Snell) [#37789]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('async_wrap') (James M Snell) [#37576]
- **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath
  (Antoine du Hamel) [#37201]
- **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder
  mappings (Antoine du Hamel) [#37215]
- **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and
  extension lookups (Antoine du Hamel) [#37206]
- **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json
  main entries (Antoine du Hamel) [#37204]
- **(SEMVER-MAJOR)** **process**: runtime deprecate changing
  process.config (James M Snell) [#36902]

Stable Timers Promises API:

The Timers Promises API provides an alternative set of timer functions
that return Promise objects. Added in Node.js v15.0.0, in this release
they graduate from experimental status to stable.

Contributed by James Snell - [#38112]

Toolchain and Compiler Upgrades:

Node.js v16.0.0 will be the first release where we ship prebuilt
binaries for Apple Silicon. While we’ll be providing separate tarballs
for the Intel (`darwin-x64`) and ARM (`darwin-arm64`) architectures the
macOS installer (`.pkg`) will be shipped as a ‘fat’ (multi-architecture)
binary.

- **(SEMVER-MAJOR)** **build**: remove support for Python 2 (Christian
  Clauss) [#36691]
- **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile
  (Michaël Zasso) [#37764]
- **build**: update Makefile to support fat binary (Ash Cripps)
  [#37861]
- **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy)
  [#35704]
- **build**: warn for gcc versions earlier than 8.3.0 (Richard Lau)
  [#37935]
- **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11
  (Michaël Zasso) [#37872]
- **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3
  (Michaël Zasso) [#37871]
- **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [#37677]
- **tools**: set arch in Distribution.xml (Ash Cripps)
  [#38261]

V8 9.0:

The V8 JavaScript engine is updated to V8 9.0, including performance
tweaks and improvements.

This update also brings the ECMAScript RegExp Match Indices, which
provide the start and end indices of the captured string. The indices
array is available via the `.indices` property on match objects when the
regular expression has the `/d` flag.

Contributed by Michaël Zasso - [#37587]

Other Notable Changes:

- **(SEMVER-MINOR)** **assert**: graduate assert.match and
  assert.doesNotMatch (James M Snell) [#38111]
- **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals
  (James M Snell) [#37786]
- **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68
  (Michaël Zasso) [#37330]
- **deps**: update ICU to 69.1 (Michaël Zasso)
  [#38178]
- **deps**: update llhttp to 6.0.0 (Fedor Indutny)
  [#38277]
- **deps**: upgrade npm to 7.10.0 (Ruy Adorno)
  [#38254]
- **(SEMVER-MINOR)** **http**: add http.ClientRequest.getRawHeaderNames()
  (simov) [#37660]
- **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent
  (Michael Dawson) [#36478]
- **(SEMVER-MINOR)** **module**: add support for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [#37246]
- **(SEMVER-MINOR)** **perf_hooks**: add histogram option to timerify
  (James M Snell) [#37475]
- **(SEMVER-MINOR)** **repl**: add auto‑completion for `node:`‑prefixed
  `require(…)` calls (ExE Boss) [#37246]
- **(SEMVER-MINOR)** **util**: add getSystemErrorMap() impl
  (eladkeyshawn) [#38101]

Semver-Major Commits:

- **(SEMVER-MAJOR)** **async_hooks**: add thisArg to AsyncResource.bind
  (James M Snell) [#36782]
- **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals
  (James M Snell) [#37786]
- **(SEMVER-MAJOR)** **build**: remove support for Python 2
  (Christian Clauss) [#36691]
- **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile
  (Michaël Zasso) [#37764]
- **(SEMVER-MAJOR)** **build**: update Makefile to support fat binary
  (Ash Cripps) [#37861]
- **(SEMVER-MAJOR)** **build**: include minimal V8 headers in
  distribution (Michaël Zasso) [#37570]
- **(SEMVER-MAJOR)** **build**: use C++11 ABI with libstdc++
  (Anna Henningsen) [#36634]
- **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy)
  [#35704]
- **(SEMVER-MAJOR)** **deps**: update V8 to 9.0.257.11 (Michaël Zasso)
  [#37587]
- **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68
  (Michaël Zasso) [#37330]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.9.255.19 (Michaël Zasso)
  [#37330]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.8.278.17 (Michaël Zasso)
  [#36139]
- **(SEMVER-MAJOR)** **deps**: update V8 to 8.7.220 (Michaël Zasso)
  [#35700]
- **(SEMVER-MAJOR)** **dns**: use url module instead of punycode for
  IDNA (Antoine du Hamel) [#35091]
- **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11
  (Michaël Zasso) [#37872]
- **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3
  (Michaël Zasso) [#37871]
- **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps)
  [#37677]
- **(SEMVER-MAJOR)** **doc**: add http.IncomingMessage#connection
  (Pranshu Srivastava) [#33768]
- **(SEMVER-MAJOR)** **events**: change EventTarget handler exception
  behavior (Nitzan Uziely) [#37237]
- **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive
  (Antoine du Hamel) [#37216]
- **(SEMVER-MAJOR)** **fs**: add validation for fd and path
  (Dylan Elliott) [#35187]
- **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option
  (Antoine du Hamel) [#37302]
- **(SEMVER-MAJOR)** **fs**: fix flag and mode validation
  (James M Snell) [#37480]
- **(SEMVER-MAJOR)** **http**: use objects with null prototype in Agent
  (Michaël Zasso) [#36409]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('http_parser') (James M Snell)
  [#37813]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('url') (James M Snell)
  [#37799]
- **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only
  type checkers (Anna Henningsen) [#37819]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('crypto') (James M Snell) [#37790]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('signal_wrap') (James M Snell) [#37800]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('v8') (James M Snell) [#37789]
- **(SEMVER-MAJOR)** **lib**: aggregate errors to avoid error swallowing
  (Antoine du Hamel) [#37460]
- **(SEMVER-MAJOR)** **lib**: runtime deprecate access to
  process.binding('async_wrap') (James M Snell) [#37576]
- **(SEMVER-MAJOR)** **lib**: remove usage of url.parse
  (raisinten) [#36853]
- **(SEMVER-MAJOR)** **lib**: add error handling for input stream
  (rexagod) [#31603]
- **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent
  (Michael Dawson) [#36478]
- **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder
  mappings (Antoine du Hamel) [#37215]
- **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and
  extension lookups (Antoine du Hamel) [#37206]
- **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json
  main entries (Antoine du Hamel) [#37204]
- **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath
  (Antoine du Hamel) [#37201]
- **(SEMVER-MAJOR)** **module**: only set cache when finding module
  succeeds (Yongsheng Zhang) [#36642]
- **(SEMVER-MAJOR)** **perf_hooks**: make performance a global (James M
  Snell) [#37970]
- **(SEMVER-MAJOR)** **perf_hooks**: complete overhaul of the
  implementation (James M Snell) [#37136]
- **(SEMVER-MAJOR)** **process**: disallow adding options to
  process.allowedNodeEnvironmentFlags (Antoine du Hamel)
  [#36660]
- **(SEMVER-MAJOR)** **process**: runtime deprecate changing
  process.config (James M Snell) [#36902]
- **(SEMVER-MAJOR)** **readline**: cursorTo throw error on NaN
  (Zijian Liu) [#36379]
- **(SEMVER-MAJOR)** **src**: mark internally exported functions as
  explicitly internal (Tyler Ang-Wanek) [#37000]
- **(SEMVER-MAJOR)** **src**: inline AsyncCleanupHookHandle in headers
  (Tyler Ang-Wanek) [#37000]
- **(SEMVER-MAJOR)** **src**: clean up embedder API (Anna Henningsen)
  [#35897]
- **(SEMVER-MAJOR)** **worker**: send correct error status for worker
  init (Yash Ladha) [#36242]

PR-URL: #37678
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
build Issues and PRs related to build files or the CI. semver-major PRs that contain breaking changes and should be released in the next major version.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants