2025-08-27, Version 24.7.0 (Current) #59629
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit) from 0.3.3 to 0.3.4. - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.3.4/packages/plugin-kit) --- updated-dependencies: - dependency-name: "@eslint/plugin-kit" dependency-version: 0.3.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #59271 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
The checks for '[::1]' and '[0:0:0:0:0:0:0:1]' in isLoopback were using startsWith, which is unnecessary as these are canonical loopback addresses with no valid prefixes. Switching to strict equality improves clarity and improves performance. PR-URL: #59375 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: theanarkh <theratliter@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Stefan Stojanovic <stefan.stojanovic@janeasystems.com>
PR-URL: #58841 Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
PR-URL: #58935 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Stefan Stojanovic <stefan.stojanovic@janeasystems.com>
PR-URL: #59436 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com>
Add note indicating support of Intel CET for large_pages.S file based on annocheck guide: https://sourceware.org/annobin/annobin.html/Test-cf-protection.html PR-URL: #59363 Refs: #59084 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Richard Lau <richard.lau@ibm.com>
PR-URL: #59315 Reviewed-By: Jason Zhang <xzha4350@gmail.com>
The test for watch mode with inspect fails when the inspector is not available (such as when configured with `--without-ssl`). This commit skips the test in such cases. PR-URL: #59440 Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
The `isSkipped` function in the JUnit reporter was incorrectly checking for `node?.attrs.failures` instead of `node?.attrs.skipped`. PR-URL: #59414 Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com>
PR-URL: #59330 Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com> Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com>
PR-URL: #59434 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
PR-URL: #59049 Reviewed-By: theanarkh <theratliter@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
PR-URL: #59214 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
PR-URL: #59445 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Ruy Adorno <ruy@vlt.sh> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br>
This completes the TODO to compile WASM synchronously and thus making translation (i.e. compilation + instantiation) synchronous. PR-URL: #59453 Refs: #55782 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Replace manual `if (err) assert.fail(err)` and `assert.ok(!err)` with `assert.ifError()` or `common.mustSucceed()` in a few tests to clarify intent and follow project conventions. - test/parallel/test-child-process-send-returns-boolean.js - test/parallel/test-dgram-blocklist.js - test/parallel/test-fs-watchfile.js PR-URL: #59424 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
PR-URL: #59459 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
`v8::ConvertableToTraceFormat` is only available in legacy V8 tracing
API and no longer supported in perfetto. This internalize
`node::tracing::TracedValue` and `v8::ConvertableToTraceFormat` by
defining specialized trace argument classes.
The newly defined structured trace argument classes can be easily
converted to `perfetto::TracedValue` by perfetto traced value protocol.
For example, when adding perfetto support, `CastTracedValue` will be a
no-op and these classes can add a new conversion method like:
```cpp
class Foo {
void WriteIntoTrace(TracedValue context) const {
auto dict = std::move(context).WriteDictionary();
dict->Add("key", 42);
dict->Add("foo", "bar");
dict->Add("member", member_);
}
};
```
PR-URL: #57866
Refs: nodejs/diagnostics#654
Refs: https://github.com/google/perfetto/blob/9ddf987d48cdfd9129987a3af1e85052c377756f/include/perfetto/tracing/traced_value.h#L46
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
PR-URL: #57866 Refs: nodejs/diagnostics#654 Refs: https://github.com/google/perfetto/blob/9ddf987d48cdfd9129987a3af1e85052c377756f/include/perfetto/tracing/traced_value.h#L46 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
PR-URL: #59138 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
PR-URL: #59412 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #59461 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Commit 206ebeb added an additional call to EVP_PKEY_public_check and an unconditional return from publicCheck(). This prevents the control flow from reaching the original call to either EVP_PKEY_public_check or EVP_PKEY_public_check_quick. This change restores the previous behavior, which calls EVP_PKEY_public_check_quick instead, if possible. Refs: #56812 PR-URL: #59471 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Since copying `shared_ptr` may involve costly atomic operations, explicitly move both `shared_ptr` objects that are passed to the private KeyObjectData constructor. PR-URL: #59472 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
In certain machine configurations on Windows, fs.readlinkSync() may return a path with upper case drive letter while the other paths may be constructed from a base path with a lower case drive letter (e.g. from process.cwd()). Checking path mismatch in a case-sensitive manner can lead to failure in some tests, specifically with the Windows machine configurations in the Jenkins CI. Since paths are case-insensitive on Windows anyway, compare them in a case-insensitive manner in the tests. PR-URL: #59475 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
This change improves diagnosis by reporting the headers object that is actually sent rather than the original input headers in the following diagnostics channels: - 'http2.client.stream.created' - 'http2.client.stream.start' Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #59419 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
The `execArgv` field can be used to specify Node.js-specific arguments that will be automatically applied when the single executable application starts. This allows application developers to configure Node.js runtime options without requiring end users to be aware of these flags. PR-URL: #59314 Refs: #51688 Refs: #55573 Refs: nodejs/single-executable#100 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Darshan Sen <raisinten@gmail.com>
Original commit message:
[liftoff] Fix parameter passing during CallC
Values smaller than 8 bytes need to be sign/zero extended to
8 bytes then pushed on to the stack.
Change-Id: I5c9a2179ef2b65cf08b7e773180d78b252c2253f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6597365
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#100578}
Refs: v8/v8@59d52e3
PR-URL: #59485
Refs: nodejs/build#4091
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Original commit message:
s390: use %r15 instead of %sp
Some compilers do not recognize %sp and output:
```
error: invalid register
```
Change-Id: I2e1b64dd0e799a03afccbd12f5b2db17b3130e07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6603554
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#100576}
Refs: v8/v8@7b91e3e
PR-URL: #59485
Refs: nodejs/build#4091
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
1552a48 to
fa6091a
Compare
targos
pushed a commit
that referenced
this pull request
Aug 26, 2025
Notable changes: crypto: * update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 * (SEMVER-MINOR) add AES-OCB Web Cryptography algorithm (Filip Skokan) #59539 * (SEMVER-MINOR) support ML-KEM in Web Cryptography (Filip Skokan) #59569 * (SEMVER-MINOR) support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) #59491 * (SEMVER-MINOR) add argon2() and argon2Sync() methods (Ranieri Althoff) #50353 * (SEMVER-MINOR) support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) #59365 * (SEMVER-MINOR) add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) add SHA-3 Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SHAKE Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-DSA in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-KEM KeyObject (Filip Skokan) #59461 http: * (SEMVER-MINOR) add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315 http2: * (SEMVER-MINOR) add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455 sea: * (SEMVER-MINOR) support execArgv in sea config (Joyee Cheung) #59314 stream: * (SEMVER-MINOR) add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464 PR-URL: #59629
|
Any chance #59518 could make the cut? I can't re-run these tests myself, but the CI seems to be at fault here. |
|
Text for the SEA execArgv changes (if it's too long, the example can be left out). ### Node.js execution argument support in single executable applications
The single executable application configuration now supports additional fields to specify Node.js execution arguments and control how they can be extended when the application is run.
- `execArgv` takes an array of strings for the execution arguments to be used.
- `execArgvExtension` takes one of the following values:
- `"none"`: No additional execution arguments are allowed.
- `"cli"`: Additional execution arguments can be provided via a special command-line flag `--node-options="--flag1 --flag2=value"` at run time.
- `"env"` (default): Additional execution arguments can be provided via the `NODE_OPTIONS` environment variable at run time.
For example, with the following configuration:
```json
{
"main": "/path/to/bundled/script.js",
"output": "/path/to/write/the/generated/blob.blob",
"execArgv": ["--no-warnings"],
"execArgvExtension": "cli",
}
```
If the generated single executable application is named `sea`, then running:
```console
sea --node-options="--max-old-space-size=4096" user-arg1 user-arg2
```
Would be equivalent to running:
```console
node --no-warnings --max-old-space-size=4096 /path/to/bundled/script.js user-arg1 user-arg2
```
Contributed by Joyee Cheung in https://github.com/nodejs/node/pull/59314 and https://github.com/nodejs/node/pull/59560
|
You can ignore it – I guess the proper way would be to put it in quote, i.e. |
|
@targos notable summary for the plethora of Rendered Markdown (click to expand)Post-Quantum Cryptography in
|
Previous attempt has missed one argument (`useEmitSync`), therefore it effectively did not work as intended. This change sets `useEmitSync` to `false` which is equivalent to previous behaviour of `undefined` and sets `modifyPrototype` to `false` as expected. PR-URL: #59518 Refs: #58218 Refs: #59195 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
fa6091a to
cfb616a
Compare
targos
pushed a commit
that referenced
this pull request
Aug 27, 2025
Notable changes: crypto: * update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 * (SEMVER-MINOR) add AES-OCB Web Cryptography algorithm (Filip Skokan) #59539 * (SEMVER-MINOR) support ML-KEM in Web Cryptography (Filip Skokan) #59569 * (SEMVER-MINOR) support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) #59491 * (SEMVER-MINOR) add argon2() and argon2Sync() methods (Ranieri Althoff) #50353 * (SEMVER-MINOR) support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) #59365 * (SEMVER-MINOR) add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) add SHA-3 Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SHAKE Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-DSA in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-KEM KeyObject (Filip Skokan) #59461 http: * (SEMVER-MINOR) add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315 http2: * (SEMVER-MINOR) add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455 sea: * (SEMVER-MINOR) support execArgv in sea config (Joyee Cheung) #59314 stream: * (SEMVER-MINOR) add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464 PR-URL: #59629
|
Added #59518 and updated the notable changes. |
Notable changes: crypto: * update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 * (SEMVER-MINOR) add AES-OCB Web Cryptography algorithm (Filip Skokan) #59539 * (SEMVER-MINOR) support ML-KEM in Web Cryptography (Filip Skokan) #59569 * (SEMVER-MINOR) support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) #59491 * (SEMVER-MINOR) add argon2() and argon2Sync() methods (Ranieri Althoff) #50353 * (SEMVER-MINOR) support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) #59365 * (SEMVER-MINOR) add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) add SHA-3 Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SHAKE Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-DSA in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-KEM KeyObject (Filip Skokan) #59461 http: * (SEMVER-MINOR) add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315 http2: * (SEMVER-MINOR) add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455 sea: * (SEMVER-MINOR) support execArgv in sea config (Joyee Cheung) #59314 stream: * (SEMVER-MINOR) add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464 PR-URL: #59629
cfb616a to
d795edb
Compare
targos
approved these changes
Aug 27, 2025
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## v24.x #59629 +/- ##
==========================================
- Coverage 91.77% 89.93% -1.85%
==========================================
Files 330 659 +329
Lines 131235 196393 +65158
Branches 21467 38606 +17139
==========================================
+ Hits 120446 176622 +56176
- Misses 10556 12246 +1690
- Partials 233 7525 +7292
🚀 New features to boost your workflow:
|
targos
pushed a commit
to targos/node
that referenced
this pull request
Aug 27, 2025
Notable changes: crypto: * update root certificates to NSS 3.114 (Node.js GitHub Bot) nodejs#59571 * (SEMVER-MINOR) add AES-OCB Web Cryptography algorithm (Filip Skokan) nodejs#59539 * (SEMVER-MINOR) support ML-KEM in Web Cryptography (Filip Skokan) nodejs#59569 * (SEMVER-MINOR) support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) nodejs#59491 * (SEMVER-MINOR) add argon2() and argon2Sync() methods (Ranieri Althoff) nodejs#50353 * (SEMVER-MINOR) support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add SHA-3 Web Cryptography digest algorithms (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add SHAKE Web Cryptography digest algorithms (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) support ML-DSA in Web Cryptography (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) support ML-KEM KeyObject (Filip Skokan) nodejs#59461 http: * (SEMVER-MINOR) add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) nodejs#59315 http2: * (SEMVER-MINOR) add support for raw header arrays in h2Stream.respond() (Tim Perry) nodejs#59455 sea: * (SEMVER-MINOR) support execArgv in sea config (Joyee Cheung) nodejs#59314 stream: * (SEMVER-MINOR) add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) nodejs#59464 PR-URL: nodejs#59629
5 tasks
targos
added a commit
to targos/nodejs.org
that referenced
this pull request
Aug 27, 2025
github-merge-queue bot
pushed a commit
to nodejs/nodejs.org
that referenced
this pull request
Aug 27, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
2025-08-27, Version 24.7.0 (Current), @targos
Notable Changes
Post-Quantum Cryptography in
node:cryptoOpenSSL 3.5 on 24.x kicked off post-quantum cryptography efforts in Node.js by
allowing use of NIST's post-quantum cryptography standards for future-proofing
applications against quantum computing threats. The following post-quantum
algorithms are now available in
node:crypto:crypto.encapsulate()andcrypto.decapsulate()methods.crypto.sign()andcrypto.verify()methods.Contributed by Filip Skokan in #59259 and #59491.
Modern Algorithms in Web Cryptography API
The second substantial extension to the Web Cryptography API
(
globalThis.crypto.subtle) was recently accepted for incubation by WICG.The following algorithms and methods from this extension are now available in
the Node.js Web Cryptography API implementation:
subtle.getPublicKey()SubtleCrypto.supports()Contributed by Filip Skokan in #59365, #59569, #59461, and #59539.
Node.js execution argument support in single executable applications
The single executable application configuration now supports additional fields
to specify Node.js execution arguments and control how they can be extended when
the application is run.
execArgvtakes an array of strings for the execution arguments to be used.execArgvExtensiontakes one of the following values:"none": No additional execution arguments are allowed."cli": Additional execution arguments can be provided via a special command-line flag--node-options="--flag1 --flag2=value"at run time."env"(default): Additional execution arguments can be provided via theNODE_OPTIONSenvironment variable at run time.For example, with the following configuration:
{ "main": "/path/to/bundled/script.js", "output": "/path/to/write/the/generated/blob.blob", "execArgv": ["--no-warnings"], "execArgvExtension": "cli", }If the generated single executable application is named
sea, then running:sea --node-options="--max-old-space-size=4096" user-arg1 user-arg2Would be equivalent to running:
node --no-warnings --max-old-space-size=4096 /path/to/bundled/script.js user-arg1 user-arg2Contributed by Joyee Cheung in #59314 and #59560.
Root certificates updated to NSS 3.114
Certificates added:
Certificates removed:
Other Notable Changes
d3afc63c44] - (SEMVER-MINOR) crypto: add argon2() and argon2Sync() methods (Ranieri Althoff) #503536ae202fcdf] - (SEMVER-MINOR) http: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315dafee05358] - (SEMVER-MINOR) http2: add support for raw header arrays in h2Stream.respond() (Tim Perry) #594558dc6f5b696] - (SEMVER-MINOR) stream: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464Commits
0fa22cbf7c] - benchmark: calibrate config v8/serialize.js (Rafael Gonzaga) #59586f5ece45b45] - benchmark: reduce readfile-permission-enabled config (Rafael Gonzaga) #595898ebd4f4434] - benchmark: calibrate length of util.diff (Rafael Gonzaga) #595887dee3ffd14] - benchmark: reflect current OpenSSL in crypto key benchmarks (Filip Skokan) #59459027b861ca1] - benchmark, test: replace CRLF variable with string literal (Lee Jiho) #5946689dd770889] - build: do not set-mminimal-tocwithclang(Richard Lau) #59484e13de4542f] - child_process: remove unsafe array iteration (hotpineapple) #5934789fe63551e] - crypto: load system CA certificates off thread (Joyee Cheung) #59550152c5ef518] - (SEMVER-MINOR) crypto: add AES-OCB Web Cryptography algorithm (Filip Skokan) #59539c6c418343d] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #5957118a2ee5b6c] - (SEMVER-MINOR) crypto: support ML-KEM in Web Cryptography (Filip Skokan) #5956972937e5144] - crypto: require HMAC key length with SHA-3 hashes in Web Cryptography (Filip Skokan) #59567b7383186c7] - crypto: fix subtle.getPublicKey error for secret type key inputs (Filip Skokan) #595582d05c046db] - crypto: return cached copies from CryptoKey algorithm and usages getters (Filip Skokan) #59538207ffbeb07] - crypto: use CryptoKey internal slots in Web Cryptography (Filip Skokan) #595384276516781] - crypto: normalize RsaHashedKeyParams publicExponent (Filip Skokan) #5953814741539a7] - (SEMVER-MINOR) crypto: support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) #59491d3afc63c44] - (SEMVER-MINOR) crypto: add argon2() and argon2Sync() methods (Ranieri Althoff) #503534fe383e45a] - (SEMVER-MINOR) crypto: support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) #59365a95386fbf9] - (SEMVER-MINOR) crypto: subject some algorithms in Web Cryptography on BoringSSL absence (Filip Skokan) #593653f47a2fb63] - (SEMVER-MINOR) crypto: add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) #593656fcce9058a] - (SEMVER-MINOR) crypto: add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) #5936576cde76429] - (SEMVER-MINOR) crypto: add SHA-3 Web Cryptography digest algorithms (Filip Skokan) #59365247d017501] - (SEMVER-MINOR) crypto: add SHAKE Web Cryptography digest algorithms (Filip Skokan) #59365f4fbcca5ce] - (SEMVER-MINOR) crypto: add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) #59365a55382214f] - (SEMVER-MINOR) crypto: support ML-DSA in Web Cryptography (Filip Skokan) #59365c38988c860] - crypto: fix EVPKeyCtxPointer::publicCheck() (Tobias Nießen) #5947161c3bcdc56] - (SEMVER-MINOR) crypto: support ML-KEM KeyObject (Filip Skokan) #594610821b446fb] - deps: update undici to 7.14.0 (Node.js GitHub Bot) #59507b3af17c065] - deps: V8: cherry-pick 7b91e3e2cbaf (Milad Fa) #594859b69baf146] - deps: V8: cherry-pick 59d52e311bb1 (Milad Fa) #59485b4f202c2f1] - doc: improvesqlite.backup()progress/fulfillment documentation (René) #5959840b217a2f9] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #59591cf84fffea5] - doc: link toTypedArray.from()in signature (Aviv Keller) #592264bf6ed0bf5] - doc: fix typos inenvironment_variables.md(PhistucK) #595361784c35a49] - doc: add security incident reponse plan (Rafael Gonzaga) #59470b962560240] - doc: clarify maxRSS unit inprocess.resourceUsage()(Alex Yang) #59511e6a6cdb9df] - doc: add missing Zstd strategy constants (RANDRIAMANANTENA Narindra Tiana Annaick) #59312a6a31cb467] - (SEMVER-MINOR) doc: compress Web Cryptography Algorithm matrix (Filip Skokan) #593658f8960cfcb] - doc: fix the version tls.DEFAULT_CIPHERS was added (Allon Murienik) #592479e76089f1a] - doc: clarify glob's exclude option behavior (hotpineapple) #59245dd5f835af7] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #594452b7a7a525e] - doc,crypto: add supported asymmetric key types section (Filip Skokan) #594922fafe4c3bb] - esm: link modules synchronously when no async loader hooks are used (Joyee Cheung) #595195347c4997a] - esm: show race error message for inner module job race (Joyee Cheung) #59519b56d8af2fe] - esm: sync-ify module translation (Joyee Cheung) #59453b4a23d6a69] - http: trim off brackets from IPv6 addresses with string operations (Krishnadas PC) #594206ae202fcdf] - (SEMVER-MINOR) http: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315dafee05358] - (SEMVER-MINOR) http2: add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455b7ea39d860] - http2: report sent headers object in client stream dcs (Darshan Sen) #59419ebe9272dae] - inspector: initial support websocket inspection (Shima Ryuhei) #59404b35041c7dc] - inspector: prevent propagation of promise hooks to noPromise hooks (Shima Ryuhei) #58841fe7176d7c6] - lib: do not modify prototype deprecated asyncResource (encore) (Szymon Łągiewka) #5951893fc80a1e2] - (SEMVER-MINOR) lib: refactor kSupportedAlgorithms (Filip Skokan) #593659a12f71ad9] - lib: simplify IPv6 checks in isLoopback() (Krishnadas) #59375566fb04c82] - meta: update devcontainer to the latest schema (Aviv Keller) #54347389a24bbff] - module: allow overriding linked requests for a ModuleWrap (Chengzhong Wu) #595277880978fe3] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #5864699128d9244] - node-api: link to other programming language bindings (Chengzhong Wu) #5951665c870e6cb] - node-api: clarify enum value ABI stability (Chengzhong Wu) #59085352d63541a] - sea: implement execArgvExtension (Joyee Cheung) #59560c6e3d5d98d] - (SEMVER-MINOR) sea: support execArgv in sea config (Joyee Cheung) #59314e7084df4db] - sqlite: add sqlite-type symbol for DatabaseSync (Alex Yang) #59405e2b6bdc640] - sqlite: handle ?NNN parameters as positional (Edy Silva) #5935099e4a12731] - sqlite: avoid useless call to FromMaybe() (Tobias Nießen) #59490dfd4962e5f] - src: enforce assumptions in FIXED_ONE_BYTE_STRING (Tobias Nießen) #5815593a368df04] - src: use simdjson to parse --snapshot-config (Joyee Cheung) #59473716750fcf8] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #5948744a8ecf8d4] - src: assert memory calc for max-old-space-size-percentage (Asaf Federman) #594603462b46fca] - src: use simdjson::pad (0hm☘️) #593913e1551d845] - src: move shared_ptr objects in KeyObjectData (Tobias Nießen) #59472c022c1f85a] - src: add internal GetOptionsAsFlags (Pietro Marchini) #59138c0f08454a3] - src: iterate metadata version entries with std::array (Chengzhong Wu) #57866f87836f3ae] - src: internalizev8::ConvertableToTraceFormatin traces (Chengzhong Wu) #57866852b8e46d8] - src: remove duplicate assignment ofO_EXCLin node_constants.cc (Daniel Osvaldo R) #5904964ffde608f] - src: add Intel CET properties to large_pages.S (tjuhaszrh) #59363823dce32ec] - src: update OpenSSL pqc checks (Filip Skokan) #594368dc6f5b696] - (SEMVER-MINOR) stream: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464b2b8383755] - test: use mustSucceed in test-repl-tab-complete-import (Sohyeon Kim) #59368e3ad5cc2c6] - test: skip sea tests on Linux ppc64le (Richard Lau) #59563f78f47ca5a] - test: support standalone env comment in tests (Pietro Marchini) #595460e8bc2c7ac] - test: rename test-net-server-drop-connections-in-cluster.js to -http- (Meghan Denny) #59532ed339580af] - test: lazy-load internalTTy (Pietro Marchini) #59517fe86bc6da8] - test: fixtest-setproctitlestatus whenpsis not available (Antoine du Hamel) #59523e517792973] - test: add parseTestMetadata support (Pietro Marchini) #5950331092972d6] - test: update WPT for WebCryptoAPI to ff26d9b307 (Node.js GitHub Bot) #5949716afd103cc] - (SEMVER-MINOR) test: add Web Cryptography wrap/unwrap vectors (Filip Skokan) #593655598baf34e] - (SEMVER-MINOR) test: cleanup test-webcrypto-supports (Filip Skokan) #59365e7809d6ddb] - test: make test-debug-process locale-independent (BCD1me) #59254ca7856e73c] - test: mark test-wasi-pthread as flaky (Joyee Cheung) #594880ecd82197f] - test: split test-wasi.js (Joyee Cheung) #594880930c218d6] - test: deflake connection refused proxy tests (Joyee Cheung) #594767f457f886a] - test: use case-insensitive path checking on Windows in fs.cpSync tests (Joyee Cheung) #5947537809115f9] - test: add missing hasPostData in test-inspector-emit-protocol-event (Shima Ryuhei) #59412f4722b1672] - test: refactor error checks to use assert.ifError/mustSucceed (Sohyeon Kim) #594249ff71a672d] - test: fix typos (Lee Jiho) #593309a7700da62] - test: skip test-watch-mode inspect when no inspector (James M Snell) #59440e964c4334e] - test_runner: do not error when gettingfullNameof root context (René) #59377e076f7857c] - test_runner: add option to rerun only failed tests (Moshe Atlow) #59443eb8b1939a4] - test_runner: fix isSkipped check in junit (Sungwon) #594144e02ea1c52] - tools: update gyp-next to 0.20.3 (Node.js GitHub Bot) #5960399da7fbe11] - tools: avoid parsing test files twice (Pietro Marchini) #595269a6a8e319b] - tools: update coverage GitHub Actions to fixed version (Rich Trott) #595128d28236aff] - tools: fix return value of try_check_compiler (theanarkh) #5943452ab64ec3a] - tools: bump @eslint/plugin-kit from 0.3.3 to 0.3.4 in /tools/eslint (dependabot[bot]) #59271baa22893bb] - typings: add missing URLBinding methods (성우현 | Woohyun Sung) #59468b68e0d1eca] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #5944615ae21b88a] - util: add some additional error classes towellKnownPrototypes(Mark S. Miller) #59456c38b7cfa35] - worker: fix worker name with \0 (theanarkh) #59214f54ace694a] - worker: add worker name to report (theanarkh) #58935