-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dgram: tighten address
validation in socket.send
#39190
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'd need to update the docs here:
Lines 518 to 521 in f4d0a6a
The `address` argument is a string. If the value of `address` is a host name, | |
DNS will be used to resolve the address of the host. If `address` is not | |
provided or otherwise falsy, `'127.0.0.1'` (for `udp4` sockets) or `'::1'` | |
(for `udp6` sockets) will be used by default. |
Also doesn't that make the method throw if address
is nullish? undefined
and null
should still be valid value IMHO.
No, it doesn't make it throw if the value is "falsy" (or "nullish" if you will) as it only validates the value as a string if the value is not "falsy" or "nullish". |
How do you mean? Doesn't node/lib/internal/validators.js Lines 117 to 120 in 46a7e61
|
@aduh95 Here's how: The current code:
This change:
Both leading to the exact same result but current change tends to keep consistency with the usage of validators and improve readability a little. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh right, I guess I missed the else if
part, my bad.
I think I'd prefer to stricken the validation to allow only nullish or strings, and making this a semver-major, to make this function more consistent with how Node.js usually validates arguments. wdyt?
@aduh95 I'm fine with making the validation more strict, if this actually becomes semver-major do we need to add any change entries to the method's documentation? |
That's correct, we'd need also to update the documentation and add some tests. |
Done, although I don't think we should add more tests because there's already a good one that exists; fixed that one in the changed files. |
Change LGTM but please improve the commit message. There was nothing "missing" and the message should reflect the change in behavior. |
Can you update the doc here ( Lines 518 to 521 in f4d0a6a
Also, it'd be nice to have some tests that unsures a TypeError is thrown when a non-valid value is provided. You can use the following as an example: node/test/parallel/test-buffer-readfloat.js Lines 70 to 75 in a352a71
|
address
validation in socket.send
Done.
Doesn't this already do that though? node/test/parallel/test-dgram-send-address-types.js Lines 24 to 32 in 245dd62
|
cc @aduh95 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't this already do that though?
Sure, can you add the missing cases then? Something like that:
[0, 1, 1n, {}, [], () => {}, true, false, Symbol()].forEach(...
@aduh95 done. |
We don't mention a value being "falsy" in validation, its better to use a validator here to keep consistency. fixup! dgram: use missing validator Updated the validation to be more strict. Co-authored-by: Antoine du Hamel <[email protected]>
79469a0
to
f7f21c3
Compare
- Fixed the dgram expected error message. - Removed invalid addresses in the `dgram`'s `Socket.prototype.send()` tests. - Lowered the amount of expected anonymous function calls. - Added a few missing invalid address test cases and made the valid address test cases non-blocking. - Added missing falsy values for the invalid address test check list. test: remove invalid addresses Removed invalid addresses in the `dgram`'s `Socket.prototype.send()` tests. test: lower expected function calls Lowered the amount of expected anonymous function calls. test: add missing and non-blocking cases Added a few missing invalid address test cases and made the valid address test cases non-blocking. test: omit invalid test case Omitted the invalid anonymous function test case as the `address` parameter can also be a function. test: add missing falsy values Added missing falsy values for the invalid address test check list.
Added a change entry for the stricter validation of the `address` parameter in `Socket.prototype.send()`. doc: use nullish instead of falsy Used nullish instead of falsy to point at that the parameter now only accepts a `string`, `null` or `undefined`.
@aduh95 👍 |
Landed in 40c6e83 |
PR-URL: #39190 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: James M Snell <[email protected]>
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - doc: deprecate (doc-only) http abort related (dr-js) [#36670] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] - v8: remove --harmony-top-level-await (Geoffrey Booth) [#40226] OpenSSL 3.0: Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl which provides QUIC support. For details about all the features in OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final. (Daniel Bevenius) [#38512] V8 9.5: The V8 JavaScript engine is updated to V8 9.5. This release comes with additional supported types for th `Intl.DisplayNames` API and Extended `timeZoneName` options in the `Intl.DateTimeFormat` API. You can read more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95. (Michaël Zasso) [#40178] Readline Promise API: The `readline` module provides an interface for reading data from a Readable stream (such as `process.stdin`) one line at a time. (Antoine du Hamel) [#37947] Other Notable Changes: - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream() (James M Snell) [#39331] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] Semver-Major Commits: - (SEMVER-MAJOR) build: compile with C++17 (MSVC) (Richard Lau) [#38807] - (SEMVER-MAJOR) build: compile with --gnu++17 (Richard Lau) [#38807] - (SEMVER-MAJOR) deps: update V8 to 9.5.172.19 (Michaël Zasso) [#40178] - (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0 (Daniel Bevenius) [#38512] - (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send` (Voltrex) [#39190] - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2 (Michaël Zasso) [#40179] - (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit (Divlo) [#38332] - (SEMVER-MAJOR) fs: fix rmsync error swallowing (Nitzan Uziely) [#38684] - (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing (Nitzan Uziely) [#38259] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] - (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: introduce promise-based API (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv (Daniel Bevenius) [#37727] - (SEMVER-MAJOR) src: return Maybe from a couple of functions (Darshan Sen) [#39603] - (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform (Shelley Vohr) [#38362] - (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error (Rongjian Zhang) [#38700] - (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close' (Robert Nagy) [#39639] - (SEMVER-MAJOR) stream: do not emit `end` on readable error (Szymon Marczak) [#39607] - (SEMVER-MAJOR) stream: forward errored to callback (Robert Nagy) [#39364] - (SEMVER-MAJOR) stream: destroy readable on read error (Robert Nagy) [#39342] - (SEMVER-MAJOR) stream: validate abort signal (Robert Nagy) [#39346] - (SEMVER-MAJOR) stream: unify stream utils (Robert Nagy) [#39294] - (SEMVER-MAJOR) stream: throw on premature close in Readable\ (Darshan Sen) [#39117] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] - (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable (Robert Nagy) [#34385] - (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration (Robert Nagy) [#38505] - (SEMVER-MAJOR) url: throw invalid this on detached accessors (James M Snell) [#39752] - (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII (Timothy Gu) [#38631] PR-URL: #40119
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - doc: deprecate (doc-only) http abort related (dr-js) [#36670] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] - v8: remove --harmony-top-level-await (Geoffrey Booth) [#40226] OpenSSL 3.0: Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl which provides QUIC support. For details about all the features in OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final. (Daniel Bevenius) [#38512] V8 9.5: The V8 JavaScript engine is updated to V8 9.5. This release comes with additional supported types for the `Intl.DisplayNames` API and Extended `timeZoneName` options in the `Intl.DateTimeFormat` API. You can read more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95. (Michaël Zasso) [#40178] Readline Promise API: The `readline` module provides an interface for reading data from a Readable stream (such as `process.stdin`) one line at a time. (Antoine du Hamel) [#37947] Other Notable Changes: - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that cause exit (Divlo) [#38332] - (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream() (James M Snell) [#39331] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] Semver-Major Commits: - (SEMVER-MAJOR) build: compile with C++17 (MSVC) (Richard Lau) [#38807] - (SEMVER-MAJOR) build: compile with --gnu++17 (Richard Lau) [#38807] - (SEMVER-MAJOR) deps: update V8 to 9.5.172.19 (Michaël Zasso) [#40178] - (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0 (Daniel Bevenius) [#38512] - (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send` (Voltrex) [#39190] - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2 (Michaël Zasso) [#40179] - (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit (Divlo) [#38332] - (SEMVER-MAJOR) fs: fix rmsync error swallowing (Nitzan Uziely) [#38684] - (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing (Nitzan Uziely) [#38259] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] - (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: introduce promise-based API (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv (Daniel Bevenius) [#37727] - (SEMVER-MAJOR) src: return Maybe from a couple of functions (Darshan Sen) [#39603] - (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform (Shelley Vohr) [#38362] - (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error (Rongjian Zhang) [#38700] - (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close' (Robert Nagy) [#39639] - (SEMVER-MAJOR) stream: do not emit `end` on readable error (Szymon Marczak) [#39607] - (SEMVER-MAJOR) stream: forward errored to callback (Robert Nagy) [#39364] - (SEMVER-MAJOR) stream: destroy readable on read error (Robert Nagy) [#39342] - (SEMVER-MAJOR) stream: validate abort signal (Robert Nagy) [#39346] - (SEMVER-MAJOR) stream: unify stream utils (Robert Nagy) [#39294] - (SEMVER-MAJOR) stream: throw on premature close in Readable\ (Darshan Sen) [#39117] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] - (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable (Robert Nagy) [#34385] - (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration (Robert Nagy) [#38505] - (SEMVER-MAJOR) url: throw invalid this on detached accessors (James M Snell) [#39752] - (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII (Timothy Gu) [#38631] PR-URL: #40119
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - doc: deprecate (doc-only) http abort related (dr-js) [#36670] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] OpenSSL 3.0: Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl which provides QUIC support. For details about all the features in OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final. (Daniel Bevenius) [#38512] V8 9.5: The V8 JavaScript engine is updated to V8 9.5. This release comes with additional supported types for the `Intl.DisplayNames` API and Extended `timeZoneName` options in the `Intl.DateTimeFormat` API. You can read more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95. (Michaël Zasso) [#40178] Readline Promise API: The `readline` module provides an interface for reading data from a Readable stream (such as `process.stdin`) one line at a time. (Antoine du Hamel) [#37947] Other Notable Changes: - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that cause exit (Divlo) [#38332] - (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream() (James M Snell) [#39331] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] Semver-Major Commits: - (SEMVER-MAJOR) build: compile with C++17 (MSVC) (Richard Lau) [#38807] - (SEMVER-MAJOR) build: compile with --gnu++17 (Richard Lau) [#38807] - (SEMVER-MAJOR) deps: update V8 to 9.5.172.19 (Michaël Zasso) [#40178] - (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0 (Daniel Bevenius) [#38512] - (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send` (Voltrex) [#39190] - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2 (Michaël Zasso) [#40179] - (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit (Divlo) [#38332] - (SEMVER-MAJOR) fs: fix rmsync error swallowing (Nitzan Uziely) [#38684] - (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing (Nitzan Uziely) [#38259] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] - (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: introduce promise-based API (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv (Daniel Bevenius) [#37727] - (SEMVER-MAJOR) src: return Maybe from a couple of functions (Darshan Sen) [#39603] - (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform (Shelley Vohr) [#38362] - (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error (Rongjian Zhang) [#38700] - (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close' (Robert Nagy) [#39639] - (SEMVER-MAJOR) stream: do not emit `end` on readable error (Szymon Marczak) [#39607] - (SEMVER-MAJOR) stream: forward errored to callback (Robert Nagy) [#39364] - (SEMVER-MAJOR) stream: destroy readable on read error (Robert Nagy) [#39342] - (SEMVER-MAJOR) stream: validate abort signal (Robert Nagy) [#39346] - (SEMVER-MAJOR) stream: unify stream utils (Robert Nagy) [#39294] - (SEMVER-MAJOR) stream: throw on premature close in Readable\ (Darshan Sen) [#39117] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] - (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable (Robert Nagy) [#34385] - (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration (Robert Nagy) [#38505] - (SEMVER-MAJOR) url: throw invalid this on detached accessors (James M Snell) [#39752] - (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII (Timothy Gu) [#38631] PR-URL: #40119
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - doc: deprecate (doc-only) http abort related (dr-js) [#36670] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] OpenSSL 3.0: Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl which provides QUIC support. While OpenSSL 3.0 APIs should be mostly compatible with those provided by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to tightened restrictions on the allowed algorithms and key sizes. If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with Node.js 17, it’s likely that your application or a module you’re using is attempting to use an algorithm or key size which is no longer allowed by default with OpenSSL 3.0. A command-line option, `--openssl-legacy-provider`, has been added to revert to the legacy provider as a temporary workaround for these tightened restrictions. For details about all the features in OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final. (Daniel Bevenius) [#38512] Contributed in #38512, #40478 V8 9.5: The V8 JavaScript engine is updated to V8 9.5. This release comes with additional supported types for the `Intl.DisplayNames` API and Extended `timeZoneName` options in the `Intl.DateTimeFormat` API. You can read more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95. (Michaël Zasso) [#40178] Readline Promise API: The `readline` module provides an interface for reading data from a Readable stream (such as `process.stdin`) one line at a time. (Antoine du Hamel) [#37947] Other Notable Changes: - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that cause exit (Divlo) [#38332] - deps: upgrade npm to 8.1.0 (npm team) [#40463] - (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream() (James M Snell) [#39331] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] Semver-Major Commits: - (SEMVER-MAJOR) build: compile with C++17 (MSVC) (Richard Lau) [#38807] - (SEMVER-MAJOR) build: compile with --gnu++17 (Richard Lau) [#38807] - (SEMVER-MAJOR) deps: update V8 to 9.5.172.19 (Michaël Zasso) [#40178] - (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0 (Daniel Bevenius) [#38512] - (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send` (Voltrex) [#39190] - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2 (Michaël Zasso) [#40179] - (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit (Divlo) [#38332] - (SEMVER-MAJOR) fs: fix rmsync error swallowing (Nitzan Uziely) [#38684] - (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing (Nitzan Uziely) [#38259] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] - (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: introduce promise-based API (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv (Daniel Bevenius) [#37727] - (SEMVER-MAJOR) src: return Maybe from a couple of functions (Darshan Sen) [#39603] - (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform (Shelley Vohr) [#38362] - (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error (Rongjian Zhang) [#38700] - (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close' (Robert Nagy) [#39639] - (SEMVER-MAJOR) stream: do not emit `end` on readable error (Szymon Marczak) [#39607] - (SEMVER-MAJOR) stream: forward errored to callback (Robert Nagy) [#39364] - (SEMVER-MAJOR) stream: destroy readable on read error (Robert Nagy) [#39342] - (SEMVER-MAJOR) stream: validate abort signal (Robert Nagy) [#39346] - (SEMVER-MAJOR) stream: unify stream utils (Robert Nagy) [#39294] - (SEMVER-MAJOR) stream: throw on premature close in Readable\ (Darshan Sen) [#39117] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] - (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable (Robert Nagy) [#34385] - (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration (Robert Nagy) [#38505] - (SEMVER-MAJOR) url: throw invalid this on detached accessors (James M Snell) [#39752] - (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII (Timothy Gu) [#38631] PR-URL: #40119
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - doc: deprecate (doc-only) http abort related (dr-js) [#36670] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] OpenSSL 3.0: Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl which provides QUIC support. While OpenSSL 3.0 APIs should be mostly compatible with those provided by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to tightened restrictions on the allowed algorithms and key sizes. If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with Node.js 17, it’s likely that your application or a module you’re using is attempting to use an algorithm or key size which is no longer allowed by default with OpenSSL 3.0. A command-line option, `--openssl-legacy-provider`, has been added to revert to the legacy provider as a temporary workaround for these tightened restrictions. For details about all the features in OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final. (Daniel Bevenius) [#38512] Contributed in #38512, #40478 V8 9.5: The V8 JavaScript engine is updated to V8 9.5. This release comes with additional supported types for the `Intl.DisplayNames` API and Extended `timeZoneName` options in the `Intl.DateTimeFormat` API. You can read more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95. (Michaël Zasso) [#40178] Readline Promise API: The `readline` module provides an interface for reading data from a Readable stream (such as `process.stdin`) one line at a time. (Antoine du Hamel) [#37947] Other Notable Changes: - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that cause exit (Divlo) [#38332] - deps: upgrade npm to 8.1.0 (npm team) [#40463] - (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream() (James M Snell) [#39331] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] Semver-Major Commits: - (SEMVER-MAJOR) build: compile with C++17 (MSVC) (Richard Lau) [#38807] - (SEMVER-MAJOR) build: compile with --gnu++17 (Richard Lau) [#38807] - (SEMVER-MAJOR) deps: update V8 to 9.5.172.19 (Michaël Zasso) [#40178] - (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0 (Daniel Bevenius) [#38512] - (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send` (Voltrex) [#39190] - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2 (Michaël Zasso) [#40179] - (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit (Divlo) [#38332] - (SEMVER-MAJOR) fs: fix rmsync error swallowing (Nitzan Uziely) [#38684] - (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing (Nitzan Uziely) [#38259] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] - (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: introduce promise-based API (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv (Daniel Bevenius) [#37727] - (SEMVER-MAJOR) src: return Maybe from a couple of functions (Darshan Sen) [#39603] - (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform (Shelley Vohr) [#38362] - (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error (Rongjian Zhang) [#38700] - (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close' (Robert Nagy) [#39639] - (SEMVER-MAJOR) stream: do not emit `end` on readable error (Szymon Marczak) [#39607] - (SEMVER-MAJOR) stream: forward errored to callback (Robert Nagy) [#39364] - (SEMVER-MAJOR) stream: destroy readable on read error (Robert Nagy) [#39342] - (SEMVER-MAJOR) stream: validate abort signal (Robert Nagy) [#39346] - (SEMVER-MAJOR) stream: unify stream utils (Robert Nagy) [#39294] - (SEMVER-MAJOR) stream: throw on premature close in Readable\ (Darshan Sen) [#39117] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] - (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable (Robert Nagy) [#34385] - (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration (Robert Nagy) [#38505] - (SEMVER-MAJOR) url: throw invalid this on detached accessors (James M Snell) [#39752] - (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII (Timothy Gu) [#38631] PR-URL: #40119
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - doc: deprecate (doc-only) http abort related (dr-js) [#36670] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] OpenSSL 3.0: Node.js now includes OpenSSL 3.0, specifically https://github.com/quictls/openssl which provides QUIC support. While OpenSSL 3.0 APIs should be mostly compatible with those provided by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to tightened restrictions on the allowed algorithms and key sizes. If you hit an `ERR_OSSL_EVP_UNSUPPORTED` error in your application with Node.js 17, it’s likely that your application or a module you’re using is attempting to use an algorithm or key size which is no longer allowed by default with OpenSSL 3.0. A command-line option, `--openssl-legacy-provider`, has been added to revert to the legacy provider as a temporary workaround for these tightened restrictions. For details about all the features in OpenSSL 3.0 please see https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final. (Daniel Bevenius) [#38512] Contributed in #38512, #40478 V8 9.5: The V8 JavaScript engine is updated to V8 9.5. This release comes with additional supported types for the `Intl.DisplayNames` API and Extended `timeZoneName` options in the `Intl.DateTimeFormat` API. You can read more details in the V8 9.5 release post https://v8.dev/blog/v8-release-95. (Michaël Zasso) [#40178] Readline Promise API: The `readline` module provides an interface for reading data from a Readable stream (such as `process.stdin`) one line at a time. (Antoine du Hamel) [#37947] Other Notable Changes: - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) errors: print Node.js version on fatal exceptions that cause exit (Divlo) [#38332] - deps: upgrade npm to 8.1.0 (npm team) [#40463] - (SEMVER-MINOR) fs: add FileHandle.prototype.readableWebStream() (James M Snell) [#39331] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] Semver-Major Commits: - (SEMVER-MAJOR) build: compile with C++17 (MSVC) (Richard Lau) [#38807] - (SEMVER-MAJOR) build: compile with --gnu++17 (Richard Lau) [#38807] - (SEMVER-MAJOR) deps: update V8 to 9.5.172.19 (Michaël Zasso) [#40178] - (SEMVER-MAJOR) deps,test,src,doc,tools: update to OpenSSL 3.0 (Daniel Bevenius) [#38512] - (SEMVER-MAJOR) dgram: tighten `address` validation in `socket.send` (Voltrex) [#39190] - (SEMVER-MAJOR) dns: runtime deprecate type coercion of `dns.lookup` options (Antoine du Hamel) [#39793] - (SEMVER-MAJOR) dns: default to verbatim=true in dns.lookup() (treysis) [#39987] - (SEMVER-MAJOR) doc: update minimum supported FreeBSD to 12.2 (Michaël Zasso) [#40179] - (SEMVER-MAJOR) errors: disp ver on fatal except that causes exit (Divlo) [#38332] - (SEMVER-MAJOR) fs: fix rmsync error swallowing (Nitzan Uziely) [#38684] - (SEMVER-MAJOR) fs: aggregate errors in fsPromises to avoid error swallowing (Nitzan Uziely) [#38259] - (SEMVER-MAJOR) lib: add structuredClone() global (Ethan Arrowood) [#39759] - (SEMVER-MAJOR) lib: expose `DOMException` as global (Khaidi Chu) [#39176] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) [#40121] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) [#40117] - (SEMVER-MAJOR) readline: validate `AbortSignal`s and remove unused event listeners (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: introduce promise-based API (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) readline: refactor `Interface` to ES2015 class (Antoine du Hamel) [#37947] - (SEMVER-MAJOR) src: allow CAP\_NET\_BIND\_SERVICE in SafeGetenv (Daniel Bevenius) [#37727] - (SEMVER-MAJOR) src: return Maybe from a couple of functions (Darshan Sen) [#39603] - (SEMVER-MAJOR) src: allow custom PageAllocator in NodePlatform (Shelley Vohr) [#38362] - (SEMVER-MAJOR) stream: fix highwatermark threshold and add the missing error (Rongjian Zhang) [#38700] - (SEMVER-MAJOR) stream: don't emit 'data' after 'error' or 'close' (Robert Nagy) [#39639] - (SEMVER-MAJOR) stream: do not emit `end` on readable error (Szymon Marczak) [#39607] - (SEMVER-MAJOR) stream: forward errored to callback (Robert Nagy) [#39364] - (SEMVER-MAJOR) stream: destroy readable on read error (Robert Nagy) [#39342] - (SEMVER-MAJOR) stream: validate abort signal (Robert Nagy) [#39346] - (SEMVER-MAJOR) stream: unify stream utils (Robert Nagy) [#39294] - (SEMVER-MAJOR) stream: throw on premature close in Readable\ (Darshan Sen) [#39117] - (SEMVER-MAJOR) stream: finished should error on errored stream (Robert Nagy) [#39235] - (SEMVER-MAJOR) stream: error Duplex write/read if not writable/readable (Robert Nagy) [#34385] - (SEMVER-MAJOR) stream: bypass legacy destroy for pipeline and async iteration (Robert Nagy) [#38505] - (SEMVER-MAJOR) url: throw invalid this on detached accessors (James M Snell) [#39752] - (SEMVER-MAJOR) url: forbid certain confusable changes from being introduced by toASCII (Timothy Gu) [#38631] PR-URL: #40119
We don't mention a value being "falsy" in validation, its
better to use a validator here to keep consistency,
this change makes the
address
parameter onlyaccept a
string
,null
orundefined
.