Skip to content

chore(deps): update node.js to v19

sousuke0422 requested to merge renovate/node-19.x into develop

This MR contains the following updates:

Package Type Update Change
node image major 18.12.0 -> 19.1.0
node final major 18.12.0-alpine3.16 -> 19.1.0-alpine3.16

Release Notes

nodejs/node

v19.1.0: 2022-11-14, Version 19.1.0 (Current), @​RafaelGSS

Compare Source

Notable changes
Support function mocking on Node.js test runner

The node:test module supports mocking during testing via a top-level mock object.

test('spies on an object method', (t) => {
  const number = {
    value: 5,
    add(a) {
      return this.value + a;
    },
  };
  t.mock.method(number, 'add');

  assert.strictEqual(number.add(3), 8);
  assert.strictEqual(number.add.mock.calls.length, 1);
});

Contributed by Colin Ihrig in #​45326

fs.watch recursive support on Linux

fs.watch supports recursive watch using the recursive: true option.

const watcher = fs.watch(testDirectory, { recursive: true });
watcher.on('change', function(event, filename) {
});

Contributed by Yagiz Nizipli in #​45098

Other notable changes
  • deps
    • update ICU to 72.1 (Michaël Zasso) #​45068
  • doc
    • add lukekarrys to collaborators (Luke Karrys) #​45180
    • add anonrig to collaborators (Yagiz Nizipli) #​45002
  • lib
    • drop fetch experimental warning (Matteo Collina) #​45287
  • util
    • (SEMVER-MINOR) add MIME utilities (Bradley Farias) #​21128
    • improve textdecoder decode performance (Yagiz Nizipli) #​45294
Commits

v19.0.1: 2022-11-04, Version 19.0.1 (Current), @​RafaelGSS

Compare Source

This is a security release.

Notable changes

The following CVEs are fixed in this release:

  • CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High)
  • CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High)
  • CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)

More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post.

Commits

v19.0.0: 2022-10-18, Version 19.0.0 (Current), @​RafaelGSS and @​ruyadorno

Compare Source

Node.js 19 is here! Highlights include the update of the V8 JavaScript engine to 10.7, HTTP(s)/1.1 KeepAlive enabled by default, and ESM Resolution adjustments.

Node.js 19 will replace Node.js 18 as our ‘Current’ release line when Node.js 18 enters long-term support (LTS) later this month. As per the release schedule, Node.js 19 will be ‘Current' release for the next 6 months, until April 2023.

Notable Changes
Deprecations and Removals
  • [7dd2f41c73] - (SEMVER-MAJOR) module: runtime deprecate exports double slash maps (Guy Bedford) #​44495
  • [ada2d053ae] - (SEMVER-MAJOR) process: runtime deprecate coercion to integer in process.exit() (Daeyeon Jeong) #​44711
HTTP(S)/1.1 KeepAlive by default

Starting with this release, Node.js sets keepAlive to true by default. This means that any outgoing HTTP(s) connection will automatically use HTTP 1.1 Keep-Alive. The default waiting window is 5 seconds. Enable keep-alive will deliver better throughput as connections are reused by default.

Additionally, the agent is now able to parse the response Keep-Alive which the servers might send. This header instructs the client on how much to stay connected. On the other side, the Node.js HTTP server will now automatically disconnect idle clients (which are using HTTP Keep-Alive to reuse the connection) when close() is invoked).

Node.js HTTP(S)/1.1 requests may experience a better throughput/performance by default.

Contributed by Paolo Insogna in #​43522

DTrace/SystemTap/ETW Support were removed

The main reason is the lack of resources from the Node.js team. The complexity to keep the support up-to-date has proved not worth it without a clear plan to support those tools. Hence, an issue was raised in the Node.js repository to assess better support, for DTrace in specific.

Contributed by Ben Noordhuis in #​43651 and #​43652

V8 10.7

The V8 engine is updated to version 10.7, which is part of Chromium 107. This version include a new feature to the JavaScript API: Intl.NumberFormat.

Intl.NumberFormat v3 API is a new TC39 ECMA402 stage 3 proposal extend the pre-existing Intl.NumberFormat.

The V8 update was a contribution by Michaël Zasso in #​44741.

llhttp 8.1.0

llhttp has been updated to version 8.1.0. Collectively, this version brings many updates to the llhttp API, introducing new callbacks and allow all callback to be pausable.

Contributed by Paolo Insogna in #​44967

Other Notable Changes
Semver-Major Commits
  • [53f73d1cfe] - (SEMVER-MAJOR) build: enable V8's trap handler on Windows (Michaël Zasso) #​44741
  • [06aaf8a1c4] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #​44741
  • [aa3a572e6b] - (SEMVER-MAJOR) build: remove dtrace & etw support (Ben Noordhuis) #​43652
  • [38f1e2793c] - (SEMVER-MAJOR) build: remove systemtap support (Ben Noordhuis) #​43651
  • [2849283c4c] - (SEMVER-MAJOR) crypto: remove non-standard webcrypto.Crypto.prototype.CryptoKey (Antoine du Hamel) #​42083
  • [a1653ac715] - (SEMVER-MAJOR) crypto: do not allow to call setFips from the worker thread (Sergey Petushkov) #​43624
  • [fd36a8dadb] - (SEMVER-MAJOR) deps: update llhttp to 8.1.0 (Paolo Insogna) #​44967
  • [89ecdddaab] - (SEMVER-MAJOR) deps: bump minimum ICU version to 71 (Michaël Zasso) #​44741
  • [66fe446efd] - (SEMVER-MAJOR) deps: V8: cherry-pick 0cccb6f (Michaël Zasso) #​44741
  • [88ed027d57] - (SEMVER-MAJOR) deps: V8: cherry-pick 7ddb839 (Michaël Zasso) #​44741
  • [26c651c34e] - (SEMVER-MAJOR) deps: V8: cherry-pick 1b3a4f0 (Michaël Zasso) #​44741
  • [c8ff2dfd11] - (SEMVER-MAJOR) deps: V8: cherry-pick b161a08 (Michaël Zasso) #​44741
  • [7a8fa2d517] - (SEMVER-MAJOR) deps: fix V8 build on Windows with MSVC (Michaël Zasso) #​44741
  • [83b0aaa800] - (SEMVER-MAJOR) deps: fix V8 build on SmartOS (Michaël Zasso) #​44741
  • [7a952e8ea5] - (SEMVER-MAJOR) deps: silence irrelevant V8 warning (Michaël Zasso) #​44741
  • [6bd756d7c6] - (SEMVER-MAJOR) deps: update V8 to 10.7.193.13 (Michaël Zasso) #​44741
  • [03fb789fb9] - (SEMVER-MAJOR) events: add null check for the signal of EventTarget (Masashi Hirano) #​43153
  • [a4fa526ddc] - (SEMVER-MAJOR) fs: add directory autodetection to fsPromises.symlink() (Livia Medeiros) #​42894
  • [bb4891d8d4] - (SEMVER-MAJOR) fs: add validateBuffer to improve error (Hirotaka Tagawa / wafuwafu13) #​44769
  • [950a4411fa] - (SEMVER-MAJOR) fs: remove coercion to string in writing methods (Livia Medeiros) #​42796
  • [41a6d82968] - (SEMVER-MAJOR) fs: harden fs.readSync(buffer, options) typecheck (LiviaMedeiros) #​42772
  • [2275faac2b] - (SEMVER-MAJOR) fs: harden fs.read(params, callback) typecheck (LiviaMedeiros) #​42772
  • [29953a0b88] - (SEMVER-MAJOR) fs: harden filehandle.read(params) typecheck (LiviaMedeiros) #​42772
  • [4267b92604] - (SEMVER-MAJOR) http: use Keep-Alive by default in global agents (Paolo Insogna) #​43522
  • [0324529e0f] - (SEMVER-MAJOR) inspector: introduce inspector/promises API (Erick Wendel) #​44250
  • [80270994d6] - (SEMVER-MAJOR) lib: enable global CustomEvent by default (Daeyeon Jeong) #​44860
  • [f529f73bd7] - (SEMVER-MAJOR) lib: brand check event handler property receivers (Chengzhong Wu) #​44483
  • [6de2673a9f] - (SEMVER-MAJOR) lib: enable global WebCrypto by default (Antoine du Hamel) #​42083
  • [73ba8830d5] - (SEMVER-MAJOR) lib: use private field in AbortController (Joyee Cheung) #​43820
  • [7dd2f41c73] - (SEMVER-MAJOR) module: runtime deprecate exports double slash maps (Guy Bedford) #​44495
  • [22c39b1ddd] - (SEMVER-MAJOR) path: the dot will be added(path.format) if it is not specified in ext (theanarkh) #​44349
  • [587367d107] - (SEMVER-MAJOR) perf_hooks: expose webperf global scope interfaces (Chengzhong Wu) #​44483
  • [364c0e196c] - (SEMVER-MAJOR) perf_hooks: fix webperf idlharness (Chengzhong Wu) #​44483
  • [ada2d053ae] - (SEMVER-MAJOR) process: runtime deprecate coercion to integer in process.exit() (Daeyeon Jeong) #​44711
  • [e0ab8dd637] - (SEMVER-MAJOR) process: make process.config read only (Sergey Petushkov) #​43627
  • [481a959adb] - (SEMVER-MAJOR) readline: remove question method from InterfaceConstructor (Antoine du Hamel) #​44606
  • [c9602ce212] - (SEMVER-MAJOR) src: use new v8::OOMErrorCallback API (Michaël Zasso) #​44741
  • [19a70c11e4] - (SEMVER-MAJOR) src: override CreateJob instead of PostJob (Clemens Backes) #​44741
  • [fd52c62bee] - (SEMVER-MAJOR) src: use V8_ENABLE_SANDBOX macro (Michaël Zasso) #​44741
  • [c10988db44] - (SEMVER-MAJOR) src: use non-deprecated V8 inspector API (Michaël Zasso) #​44741
  • [3efe901dd6] - (SEMVER-MAJOR) src: update NODE_MODULE_VERSION to 111 (Michaël Zasso) #​44741
  • [77e585657f] - (SEMVER-MAJOR) src: turn embedder api overload into default argument (Alena Khineika) #​43629
  • [dabda03ea9] - (SEMVER-MAJOR) src: per-environment time origin value (Chengzhong Wu) #​43781
  • [2e49b99cc2] - (SEMVER-MAJOR) src,test: disable freezing V8 flags on initialization (Clemens Backes) #​44741
  • [2b32985c62] - (SEMVER-MAJOR) stream: use null for the error argument (Luigi Pinca) #​44312
  • [36805e8524] - (SEMVER-MAJOR) test: adapt test-repl for V8 update (Michaël Zasso) #​44741
  • [96ef25793d] - (SEMVER-MAJOR) test: adapt test-repl-pretty-*stack to V8 changes (Michaël Zasso) #​44741
  • [71c193e581] - (SEMVER-MAJOR) test: adapt to new JSON SyntaxError messages (Michaël Zasso) #​44741
  • [b5f1564880] - (SEMVER-MAJOR) test: rename always-opt flag to always-turbofan (Michaël Zasso) #​44741
  • [1acf0339dd] - (SEMVER-MAJOR) test: fix test-hash-seed for new V8 versions (Michaël Zasso) #​44741
  • [57ff476c33] - (SEMVER-MAJOR) test: remove duplicate test (Luigi Pinca) #​44051
  • [77def91bf9] - (SEMVER-MAJOR) tls,http2: send fatal alert on ALPN mismatch (Tobias Nießen) #​44031
  • [4860ad99b9] - (SEMVER-MAJOR) tools: update V8 gypfiles for 10.7 (Michaël Zasso) #​44741
Semver-Minor Commits
  • [af0921d877] - (SEMVER-MINOR) esm: add --import flag (Moshe Atlow) #​43942
  • [0633e9a0b5] - (SEMVER-MINOR) lib: add diagnostics channel for process and worker (theanarkh) #​44045
  • [ca5be26b31] - (SEMVER-MINOR) src: add support for externally shared js builtins (Michael Dawson) #​44376
  • [e86a638305] - (SEMVER-MINOR) src: add initial shadow realm support (Chengzhong Wu) #​42869
  • [71ca6d7d6a] - (SEMVER-MINOR) util: add maxArrayLength option to Set and Map (Kohei Ueno) #​43576
Semver-Patch Commits

v18.12.1: 2022-11-04, Version 18.12.1 'Hydrogen' (LTS), @​juanarbol

Compare Source

This is a security release.

Notable changes

The following CVEs are fixed in this release:

  • CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High)
  • CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High)
  • CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)

More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post.

Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by sousuke0422

Merge request reports

Loading