Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dgram: tighten address validation in socket.send #39190

Closed
wants to merge 3 commits into from

Conversation

VoltrexKeyva
Copy link
Member

@VoltrexKeyva VoltrexKeyva commented Jun 29, 2021

We don't mention a value being "falsy" in validation, its
better to use a validator here to keep consistency,
this change makes the address parameter only
accept a string, null or undefined.

@github-actions github-actions bot added dgram Issues and PRs related to the dgram subsystem / UDP. needs-ci PRs that need a full CI run. labels Jun 29, 2021
Copy link
Contributor

@aduh95 aduh95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'd need to update the docs here:

node/doc/api/dgram.md

Lines 518 to 521 in f4d0a6a

The `address` argument is a string. If the value of `address` is a host name,
DNS will be used to resolve the address of the host. If `address` is not
provided or otherwise falsy, `'127.0.0.1'` (for `udp4` sockets) or `'::1'`
(for `udp6` sockets) will be used by default.

Also doesn't that make the method throw if address is nullish? undefined and null should still be valid value IMHO.

@aduh95 aduh95 added the semver-major PRs that contain breaking changes and should be released in the next major version. label Jun 29, 2021
@VoltrexKeyva
Copy link
Member Author

VoltrexKeyva commented Jun 29, 2021

You'd need to update the docs here:

node/doc/api/dgram.md

Lines 518 to 521 in f4d0a6a

The `address` argument is a string. If the value of `address` is a host name,
DNS will be used to resolve the address of the host. If `address` is not
provided or otherwise falsy, `'127.0.0.1'` (for `udp4` sockets) or `'::1'`
(for `udp6` sockets) will be used by default.

Also doesn't that make the method throw if address is nullish? undefined and null should still be valid value IMHO.

No, it doesn't make it throw if the value is "falsy" (or "nullish" if you will) as it only validates the value as a string if the value is not "falsy" or "nullish".

@aduh95
Copy link
Contributor

aduh95 commented Jun 29, 2021

How do you mean? Doesn't validateString simply check the typeof?

function validateString(value, name) {
if (typeof value !== 'string')
throw new ERR_INVALID_ARG_TYPE(name, 'string', value);
}

@VoltrexKeyva
Copy link
Member Author

VoltrexKeyva commented Jun 29, 2021

@aduh95 Here's how:

The current code:

  • Check if address is not falsy or nullish
    • Check if type of address doesn't equal to string
      • Throw
  • Otherwise ignore

This change:

  • Check if address is not falsy or nullish
    • Validate address to check if its a type of string with validateString()
      • validateString(): If type of the passed value is not string, then throw
  • Otherwise ignore

Both leading to the exact same result but current change tends to keep consistency with the usage of validators and improve readability a little.

Copy link
Contributor

@aduh95 aduh95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh right, I guess I missed the else if part, my bad.
I think I'd prefer to stricken the validation to allow only nullish or strings, and making this a semver-major, to make this function more consistent with how Node.js usually validates arguments. wdyt?

lib/dgram.js Outdated Show resolved Hide resolved
@VoltrexKeyva
Copy link
Member Author

@aduh95 I'm fine with making the validation more strict, if this actually becomes semver-major do we need to add any change entries to the method's documentation?

@aduh95
Copy link
Contributor

aduh95 commented Jun 30, 2021

@aduh95 I'm fine with making the validation more strict, if this actually becomes semver-major do we need to add any change entries to the method's documentation?

That's correct, we'd need also to update the documentation and add some tests.

@VoltrexKeyva
Copy link
Member Author

@aduh95 I'm fine with making the validation more strict, if this actually becomes semver-major do we need to add any change entries to the method's documentation?

That's correct, we'd need also to update the documentation and add some tests.

Done, although I don't think we should add more tests because there's already a good one that exists; fixed that one in the changed files.

@targos
Copy link
Member

targos commented Jun 30, 2021

Change LGTM but please improve the commit message. There was nothing "missing" and the message should reflect the change in behavior.

@VoltrexKeyva VoltrexKeyva changed the title dgram: use missing validator dgram: use validator Jun 30, 2021
@aduh95
Copy link
Contributor

aduh95 commented Jun 30, 2021

Can you update the doc here (falsy -> nullish):

node/doc/api/dgram.md

Lines 518 to 521 in f4d0a6a

The `address` argument is a string. If the value of `address` is a host name,
DNS will be used to resolve the address of the host. If `address` is not
provided or otherwise falsy, `'127.0.0.1'` (for `udp4` sockets) or `'::1'`
(for `udp6` sockets) will be used by default.

Also, it'd be nice to have some tests that unsures a TypeError is thrown when a non-valid value is provided. You can use the following as an example:
['', '0', null, {}, [], () => {}, true, false].forEach((off) => {
assert.throws(
() => buffer[fn](off),
{ code: 'ERR_INVALID_ARG_TYPE' }
);
});

@aduh95 aduh95 changed the title dgram: use validator dgram: tighten address validation in socket.send Jun 30, 2021
@VoltrexKeyva
Copy link
Member Author

Can you update the doc here (falsy -> nullish):

node/doc/api/dgram.md

Lines 518 to 521 in f4d0a6a

The `address` argument is a string. If the value of `address` is a host name,
DNS will be used to resolve the address of the host. If `address` is not
provided or otherwise falsy, `'127.0.0.1'` (for `udp4` sockets) or `'::1'`
(for `udp6` sockets) will be used by default.

Done.

Also, it'd be nice to have some tests that unsures a TypeError is thrown when a non-valid value is provided. You can use the following as an example:

['', '0', null, {}, [], () => {}, true, false].forEach((off) => {
assert.throws(
() => buffer[fn](off),
{ code: 'ERR_INVALID_ARG_TYPE' }
);
});

Doesn't this already do that though?

[[], 1, true].forEach((invalidInput) => {
const expectedError = {
code: 'ERR_INVALID_ARG_TYPE',
name: 'TypeError',
message: 'The "address" argument must be of type string.' +
`${common.invalidArgTypeHelper(invalidInput)}`
};
assert.throws(() => client.send(buf, port, invalidInput), expectedError);
});

@VoltrexKeyva
Copy link
Member Author

cc @aduh95

Copy link
Contributor

@aduh95 aduh95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this already do that though?

Sure, can you add the missing cases then? Something like that:

[0, 1, 1n, {}, [], () => {}, true, false, Symbol()].forEach(...

test/parallel/test-dgram-send-address-types.js Outdated Show resolved Hide resolved
@VoltrexKeyva
Copy link
Member Author

@aduh95 done.

We don't mention a value being "falsy" in validation, its
better to use a validator here to keep consistency.

fixup! dgram: use missing validator

Updated the validation to be more strict.

Co-authored-by: Antoine du Hamel <[email protected]>
@VoltrexKeyva VoltrexKeyva force-pushed the patch-6 branch 3 times, most recently from 79469a0 to f7f21c3 Compare July 31, 2021 20:14
- Fixed the dgram expected error message.
- Removed invalid addresses in the `dgram`'s
`Socket.prototype.send()` tests.
- Lowered the amount of expected anonymous function calls.
- Added a few missing invalid address test cases and made the valid
address test cases non-blocking.
- Added missing falsy values for the invalid address test check list.

test: remove invalid addresses

Removed invalid addresses in the `dgram`'s `Socket.prototype.send()`
tests.

test: lower expected function calls

Lowered the amount of expected anonymous function calls.

test: add missing and non-blocking cases

Added a few missing invalid address test cases
and made the valid address test cases
non-blocking.

test: omit invalid test case

Omitted the invalid anonymous function test case as the `address`
parameter can also be a function.

test: add missing falsy values

Added missing falsy values for the invalid address test check list.
Added a change entry for the stricter validation of the `address`
parameter in `Socket.prototype.send()`.

doc: use nullish instead of falsy

Used nullish instead of falsy to point at that
the parameter now only accepts a `string`,
`null` or `undefined`.
@VoltrexKeyva
Copy link
Member Author

@aduh95 👍

@aduh95 aduh95 added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Sep 3, 2021
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 3, 2021
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@targos
Copy link
Member

targos commented Sep 18, 2021

Landed in 40c6e83

@targos targos closed this Sep 18, 2021
targos pushed a commit that referenced this pull request Sep 18, 2021
PR-URL: #39190
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@VoltrexKeyva VoltrexKeyva deleted the patch-6 branch September 18, 2021 14:29
BethGriggs added a commit that referenced this pull request Oct 15, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- v8: remove --harmony-top-level-await
  (Geoffrey Booth) [#40226]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support. For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for th `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 15, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- v8: remove --harmony-top-level-await
  (Geoffrey Booth) [#40226]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support. For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 16, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support. For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 18, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support.

While OpenSSL 3.0 APIs should be mostly compatible with those provided
by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to
tightened restrictions on the allowed algorithms and key sizes.

If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with
Node.js 17, it’s likely that your application or a module you’re using
is attempting to use an algorithm or key size which is no longer allowed
by default with OpenSSL 3.0. A command-line option,
`--openssl-legacy-provider`, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

Contributed in #38512, #40478

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- deps: upgrade npm to 8.1.0
  (npm team) [#40463]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 18, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support.

While OpenSSL 3.0 APIs should be mostly compatible with those provided
by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to
tightened restrictions on the allowed algorithms and key sizes.

If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with
Node.js 17, it’s likely that your application or a module you’re using
is attempting to use an algorithm or key size which is no longer allowed
by default with OpenSSL 3.0. A command-line option,
`--openssl-legacy-provider`, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

Contributed in #38512, #40478

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- deps: upgrade npm to 8.1.0
  (npm team) [#40463]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
BethGriggs added a commit that referenced this pull request Oct 19, 2021
Notable Changes:

Deprecations and Removals:

- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup`
  options
  (Antoine du Hamel) [#39793]
- doc: deprecate (doc-only) http abort related
  (dr-js) [#36670]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]

OpenSSL 3.0:

Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl
which provides QUIC support.

While OpenSSL 3.0 APIs should be mostly compatible with those provided
by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to
tightened restrictions on the allowed algorithms and key sizes.

If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with
Node.js 17, it’s likely that your application or a module you’re using
is attempting to use an algorithm or key size which is no longer allowed
by default with OpenSSL 3.0. A command-line option,
`--openssl-legacy-provider`, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

For details about all the features in
OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final.
(Daniel Bevenius) [#38512]

Contributed in #38512, #40478

V8 9.5:

The V8 JavaScript engine is updated to V8 9.5. This release comes with
additional supported types for the `Intl.DisplayNames` API and Extended
`timeZoneName` options in the `Intl.DateTimeFormat` API. You can read
more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95.
(Michaël Zasso) [#40178]

Readline Promise API:

The `readline` module provides an interface for reading data from a
Readable stream (such as `process.stdin`) one line at a time.
(Antoine du Hamel) [#37947]

Other Notable Changes:

- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that
  cause exit
  (Divlo) [#38332]
- deps: upgrade npm to 8.1.0
  (npm team) [#40463]
- (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream()
  (James M Snell) [#39331]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]

Semver-Major Commits:

- (SEMVER-MAJOR) build: compile with C++17 (MSVC)
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) build: compile with --gnu++17
  (Richard Lau) [#38807]
- (SEMVER-MAJOR) deps: update V8 to 9.5.172.19
  (Michaël Zasso) [#40178]
- (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0
  (Daniel Bevenius) [#38512]
- (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send`
  (Voltrex) [#39190]
- (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options
  (Antoine du Hamel) [#39793]
- (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup()
  (treysis) [#39987]
- (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2
  (Michaël Zasso) [#40179]
- (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit
  (Divlo) [#38332]
- (SEMVER-MAJOR) fs: fix rmsync error swallowing
  (Nitzan Uziely) [#38684]
- (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing
  (Nitzan Uziely) [#38259]
- (SEMVER-MAJOR) lib: add structuredClone() global
  (Ethan Arrowood) [#39759]
- (SEMVER-MAJOR) lib: expose `DOMException` as global
  (Khaidi Chu) [#39176]
- (SEMVER-MAJOR) module: subpath folder mappings EOL
  (Guy Bedford) [#40121]
- (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns
  (Guy Bedford) [#40117]
- (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: introduce promise-based API
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class
  (Antoine du Hamel) [#37947]
- (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv
  (Daniel Bevenius) [#37727]
- (SEMVER-MAJOR) src: return Maybe from a couple of functions
  (Darshan Sen) [#39603]
- (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform
  (Shelley Vohr) [#38362]
- (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error
  (Rongjian Zhang) [#38700]
- (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close'
  (Robert Nagy) [#39639]
- (SEMVER-MAJOR) stream: do not emit `end` on readable error
  (Szymon Marczak) [#39607]
- (SEMVER-MAJOR) stream: forward errored to callback
  (Robert Nagy) [#39364]
- (SEMVER-MAJOR) stream: destroy readable on read error
  (Robert Nagy) [#39342]
- (SEMVER-MAJOR) stream: validate abort signal
  (Robert Nagy) [#39346]
- (SEMVER-MAJOR) stream: unify stream utils
  (Robert Nagy) [#39294]
- (SEMVER-MAJOR) stream: throw on premature close in Readable\
  (Darshan Sen) [#39117]
- (SEMVER-MAJOR) stream: finished should error on errored stream
  (Robert Nagy) [#39235]
- (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable
  (Robert Nagy) [#34385]
- (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration
  (Robert Nagy) [#38505]
- (SEMVER-MAJOR) url: throw invalid this on detached accessors
  (James M Snell) [#39752]
- (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII
  (Timothy Gu) [#38631]

PR-URL: #40119
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. dgram Issues and PRs related to the dgram subsystem / UDP. needs-ci PRs that need a full CI run. semver-major PRs that contain breaking changes and should be released in the next major version.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants