v7.1.0

Compare Source

Minor Changes

• Added support for libc field in package.json #​4454.

Patch Changes

• pnpm setup should update the config of the current shell, not the preferred shell.
• pnpm setup should not override the PNPM_HOME env variable, unless --force is used.
• pnpm dlx should print messages about installation to stderr #​1698.
• pnpm dlx should work with git-hosted packages. For example: pnpm dlx gengjiawen/envinfo #​4714.
• pnpm run --stream should prefix the output with directory #​4702

Our Sponsors

Full Changelog: https://github.com/pnpm/pnpm/compare/v7.0.1...v7.1.0

v7.0.1

Compare Source

Patch Changes

• Use Yarn's compatibility database to patch broken packages in the ecosystem with package extensions #​4676.
• pnpm dlx should work when the bin name of the executed package isn't the same as the package name #​4672.
• Throw an error if arguments are passed to the pnpm init command #​4665.
• pnpm prune works in a workspace #​4647.
• Do not report request retry warnings when loglevel is set to error #​4669.
• pnpm prune does not remove hoisted dependencies #​4647.

Our Sponsors

Full Changelog: https://github.com/pnpm/pnpm/compare/v7.0.0...v7.0.1

v7.0.0

Compare Source

Major Changes

• Node.js 12 is not supported.

• When using pnpm run <script>, all command line arguments after the script name are now passed to the script's argv, even --. For example, the command below will now pass --hello -- world to the echo script's argv: pnpm run echo --hello -- world Previously, flagged arguments (e.g. --silent) were interpreted as pnpm arguments unless -- came before it. If you want to pass options to pnpm, place them before the script name. For instance: pnpm --workspace-root --silent run echo --hello -- world Read more details about this in our docs. Related PR: #​4290

• The root package is excluded by default, when running pnpm -r exec|run|add #​2769.

• Filtering by path is done by globs.

  In pnpm v6, in order to pick packages under a certain directory, the following filter was used: --filter=./apps

  In pnpm v7, a glob should be used: --filter=./apps/**

  For easier upgrade, we have also added a setting to turn back filtering as it was in v6. Just set legacy-dir-filtering=true in .npmrc.

• The NODE_PATH env variable is not set in the command shims (the files in node_modules/.bin). This env variable was really long and frequently caused errors on Windows.

  Also, the extend-node-path setting is removed.

  Related PR: #​4253

• The embed-readme setting is false by default.

• Side effects cache is turned on by default. To turn it off, use side-effects-cache=false.

• The npm_config_argv env variable is not set for scripts #​4153.

• pnpx is now just an alias of pnpm dlx.

  If you want to just execute the command of a dependency, run pnpm <cmd>. For instance, pnpm eslint.

  If you want to install and execute, use pnpm dlx <pkg name>.

• pnpm install -g pkg will add the global command only to a predefined location. pnpm will not try to add a bin to the global Node.js or npm folder. To set the global bin directory, either set the PNPM_HOME env variable or the global-bin-dir setting.

• pnpm pack should only pack a file as an executable if it's a bin or listed in the publishConfig.executableFiles array.

• -W is not an alias of --ignore-workspace-root-check anymore. Just use -w or --workspace-root instead, which will also allow to install dependencies in the root of the workspace.

• Allow to execute a lifecycle script in a directory that doesn't match the package's name. Previously this was only allowed with the --unsafe-perm CLI option #​3709.

• Local dependencies referenced through the file: protocol are hard linked (not symlinked) #​4408. If you need to symlink a dependency, use the link: protocol instead.

• strict-peer-dependencies is true by default #​4427.

• A prerelease version is always added as an exact version to package.json. If the next version of foo is 1.0.0-beta.1 then running pnpm add foo@next will add this to package.json:

  {
    "dependencies": {
      "foo": "1.0.0-beta.1"
    }
  }
  

  PR: #​4435

• Dependencies of the root workspace project are not used to resolve peer dependencies of other workspace projects #​4469.

• Don't hoist types by default to the root of node_modules #​4459.

• Any package with "prettier" in its name is hoisted.

• Changed the location of the global store from ~/.pnpm-store to <pnpm home directory>/store

  On Linux, by default it will be ~/.local/share/pnpm/store On Windows: %LOCALAPPDATA%/pnpm/store On macOS: ~/Library/pnpm/store

  Related issue: #​2574

• 4bed585: The next deprecated settings were removed:

  • frozen-shrinkwrap
  • prefer-frozen-shrinkwrap
  • shared-workspace-shrinkwrap
  • shrinkwrap-directory
  • lockfile-directory
  • shrinkwrap-only
  • store

• Use a base32 hash instead of a hex to encode too long dependency paths inside node_modules/.pnpm #​4552.

• New setting added: git-shallow-hosts. When cloning repositories from "shallow-hosts", pnpm will use shallow cloning to fetch only the needed commit, not all the history #​4548.

• Lockfile version bumped to v5.4.

• Exit with an error when running pnpm install in a directory that has no package.json file in it (and in parent directories) #​4609.

Our Sponsors

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.31.0...v7.0.0

v6.32.12

Compare Source

Patch Changes

• Use Yarn's compatibility database to patch broken packages in the ecosystem with package extensions.
• pnpm dlx should work when the bin name of the executed package isn't the same as the package name #​4672.
• pnpm prune works in a workspace #​4647.
• pnpm prune does not remove hoisted dependencies.
• pnpm dlx should print messages about installation to stderr #​1698.

v6.32.11

Compare Source

Patch Changes

• pnpm publish should work correctly in a workspace, when the latest npm CLI is installed #​4348.
• Installation shouldn't fail when a package from node_modules is moved to the node_modules/.ignored subfolder and a package with that name is already present in `node_modules/.ignored' #​4626.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.10...v6.32.11

v6.32.10

Compare Source

Patch Changes

• It should be possible to use a chain of local file dependencies #​4611.
• Filtering by directory should work with directories that have unicode chars in the name #​4595.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.9...v6.32.10

v6.32.9

Compare Source

Patch Changes

• Fix an error with peer resolutions, which was happening when there was a circular dependency and another dependency that had the name of the circular dependency as a substring.

• When pnpm exec is running a command in a workspace project, the commands that are in the dependencies of that workspace project should be in the PATH #​4481.

• Hide "WARN deprecated" messages on loglevel error #​4507

  Don't show the progress bar when loglevel is set to warn or error.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.8...v6.32.9

v6.32.8

Compare Source

Patch Changes

• Don't check the integrity of the store with the package version from the lockfile, when the package was updated #​4580.
• Don't update a direct dependency that has the same name as a dependency in the workspace, when adding a new dependency to a workspace project #​4575.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.7...v6.32.8

v6.32.7

Compare Source

Patch Changes

• Setting the auto-install-peers to true should work.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.6...v6.32.7

v6.32.6

Compare Source

Patch Changes

• Linked in dependencies should be considered when resolving peer dependencies #​4541.
• Peer dependency should be correctly resolved from the workspace, when it is declared using a workspace protocol #​4529.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.5...v6.32.6

v6.32.5

Compare Source

v6.32.4

Compare Source

Patch Changes

• Show a friendly error message when it is impossible to get the current Git branch name during publish #​4488.
• When checking if the lockfile is up-to-date, an empty dependenciesMeta field in the manifest should be satisfied by a not set field in the lockfile #​4463.
• It should be possible to reference a workspace project that has no version specified in its package.json #​4487.

v6.32.3

Compare Source

Patch Changes

• 4941f31: The location of an injected directory dependency should be correctly located, when there is a chain of local dependencies (declared via the file: protocol`).

  The next scenario was not working prior to the fix. There are 3 projects in the same folder: foo, bar, qar.

  foo/package.json:

  {
    "name": "foo",
    "dependencies": {
      "bar": "file:../bar"
    },
    "dependenciesMeta": {
      "bar": {
        "injected": true
      }
    }
  }
  

  bar/package.json:

  {
    "name": "bar",
    "dependencies": {
      "qar": "file:../qar"
    },
    "dependenciesMeta": {
      "qar": {
        "injected": true
      }
    }
  }
  

  qar/package.json:

  {
    "name": "qar"
  }
  

  Related PR: #​4415.

v6.32.2

Compare Source

Patch Changes

• In order to guarantee that only correct data is written to the store, data from the lockfile should not be written to the store. Only data directly from the package tarball or package metadata #​4395.
• Throw a meaningful error message on pnpm install when the lockfile is broken and node-linker is set to hoisted #​4387.

v6.32.1

Compare Source

Patch Changes

• onlyBuiltDependencies should work #​4377. The new onlyBuiltDependencies feature was released with a bug in v6.32.0, so it didn't work.

v6.32.0

Compare Source

Minor Changes

• A new setting is supported in the pnpm section of the package.json file #​4001. onlyBuiltDependencies is an array of package names that are allowed to be executed during installation. If this field exists, only mentioned packages will be able to run install scripts.

  {
    "pnpm": {
      "onlyBuiltDependencies": ["fsevents"]
    }
  }
  

• -F is a short alias of --filter #​3467.

• When adding a new dependency, use the version specifier from the overrides, when present #​4313.

  Normally, if the latest version of foo is 2.0.0, then pnpm add foo installs foo@^2.0.0. This behavior changes if foo is specified in an override:

  {
    "pnpm": {
      "overrides": {
        "foo": "1.0.0"
      }
    }
  }
  

  In this case, pnpm add foo will add [email protected] to the dependency. However, if a version is explicitly specifying, then the specified version will be used and the override will be ignored. So pnpm add foo@0 will install v0 and it doesn't matter what is in the overrides.

Patch Changes

• Ignore case, when verifying package name in the store #​4367.
• When a peer dependency range is extended with *, just replace any range with *.
• When some dependency types are skipped, let the user know via the installation summary.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.31.0...v6.32.0

v6.31.0

Compare Source

Minor Changes

• Added --shell-mode/-c option support to pnpm exec #​4328

  • --shell-mode: shell interpreter. See: https://github.com/sindresorhus/execa/tree/484f28de7c35da5150155e7a523cbb20de161a4f#shell

  Usage example:

  pnpm -r --shell-mode exec -- echo \"\$PNPM_PACKAGE_NAME\"
  pnpm -r -c exec -- echo \"\$PNPM_PACKAGE_NAME\"
  

  {
    "scripts": {
      "check": " pnpm -r --shell-mode exec -- echo \"\\$PNPM_PACKAGE_NAME\""
    }
  }
  

Patch Changes

• Remove meaningless keys from publishConfig when the pack or publish commands are used #​4311
• The pnpx, pnpm dlx, pnpm create, and pnpm exec commands should set the npm_config_user_agent env variable #​3985.

What's Changed

• fix: the dlx and create commands should set npm_config_user_agent by @​zkochan in https://github.com/pnpm/pnpm/pull/4317
• refactor(publish): remove meaningless key in publishConfig by @​BlackHole1 in https://github.com/pnpm/pnpm/pull/4334
• feat(exec): support shell interpreter by @​BlackHole1 in https://github.com/pnpm/pnpm/pull/4328

New Contributors

• @​BlackHole1 made their first contribution in https://github.com/pnpm/pnpm/pull/4334

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.30.1...v6.31.0

v6.30.1

Compare Source

Patch Changes

• This fixes an issue introduced in pnpm v6.30.0.

  When a package is not linked to node_modules, no info message should be printed about it being "relinked" from the store #​4314.

v6.30.0

Compare Source

Minor Changes

• When checking that a package is linked from the store, check the existence of the package and read its stats with a single filesystem operation #​4304.

v6.29.2

Compare Source

Patch Changes

• node_modules directories inside injected dependencies should not be overwritten #​4299.

v6.29.1

Compare Source

Patch Changes

• Installation should not hang when there are broken symlinks in node_modules.

v6.29.0

Compare Source

Minor Changes

• Add support of the update-notifier configuration option #​4158.

Patch Changes

• A package should be able to be a dependency of itself.

v6.28.0

Compare Source

Minor Changes

• New option added: embed-readme. When false, pnpm publish doesn't save the readme file's content to package.json before publish #​4265.

Patch Changes

• pnpm exec should look for the executed command in the node_modules/.bin directory that is relative to the current working directory. Only after that should it look for the executable in the workspace root.
• Injected dependencies should work properly in projects that use the hoisted node linker #​4259.

v6.27.2

Compare Source

v0.13.1

Compare Source

   🐞 Bug Fixes

• api: Return pwa info when required  -  by @​userquin in https://github.com/antfu/vite-plugin-pwa/issues/378

    View changes on GitHub

v0.13.0

Compare Source

   🚨 Breaking Changes

• Support for Vite 3.1  -  by @​userquin in https://github.com/antfu/vite-plugin-pwa/issues/371

    View changes on GitHub

v6.32.13

Compare Source

Patch Changes

• pnpm setup should update the config of the current shell, not the preferred shell.
• pnpm dlx should work with git-hosted packages. For example: pnpm dlx gengjiawen/envinfo #​4714.
• pnpm setup should not override the PNPM_HOME env variable on Windows, unless --force is used.
• All arguments after pnpm create <pkg> should be passed to the executed create app package. So pnpm create next-app --typescript should work`.
• pnpm run --stream should prefix the output with directory #​4702

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.12...v6.32.13

v6.32.12

Compare Source

Patch Changes

• Use Yarn's compatibility database to patch broken packages in the ecosystem with package extensions.
• pnpm dlx should work when the bin name of the executed package isn't the same as the package name #​4672.
• pnpm prune works in a workspace #​4647.
• pnpm prune does not remove hoisted dependencies.
• pnpm dlx should print messages about installation to stderr #​1698.

v6.32.11

Compare Source

Patch Changes

• pnpm publish should work correctly in a workspace, when the latest npm CLI is installed #​4348.
• Installation shouldn't fail when a package from node_modules is moved to the node_modules/.ignored subfolder and a package with that name is already present in `node_modules/.ignored' #​4626.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.10...v6.32.11

v6.32.10

Compare Source

Patch Changes

• It should be possible to use a chain of local file dependencies #​4611.
• Filtering by directory should work with directories that have unicode chars in the name #​4595.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.9...v6.32.10

v6.32.9

Compare Source

Patch Changes

• Fix an error with peer resolutions, which was happening when there was a circular dependency and another dependency that had the name of the circular dependency as a substring.

• When pnpm exec is running a command in a workspace project, the commands that are in the dependencies of that workspace project should be in the PATH #​4481.

• Hide "WARN deprecated" messages on loglevel error #​4507

  Don't show the progress bar when loglevel is set to warn or error.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.8...v6.32.9

v6.32.8

Compare Source

Patch Changes

• Don't check the integrity of the store with the package version from the lockfile, when the package was updated #​4580.
• Don't update a direct dependency that has the same name as a dependency in the workspace, when adding a new dependency to a workspace project #​4575.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.7...v6.32.8

v6.32.7

Compare Source

Patch Changes

• Setting the auto-install-peers to true should work.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.6...v6.32.7

v6.32.6

Compare Source

Patch Changes

• Linked in dependencies should be considered when resolving peer dependencies #​4541.
• Peer dependency should be correctly resolved from the workspace, when it is declared using a workspace protocol #​4529.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.5...v6.32.6

v6.32.5

Compare Source

v6.32.4

Compare Source

Patch Changes

• Show a friendly error message when it is impossible to get the current Git branch name during publish #​4488.
• When checking if the lockfile is up-to-date, an empty dependenciesMeta field in the manifest should be satisfied by a not set field in the lockfile #​4463.
• It should be possible to reference a workspace project that has no version specified in its package.json #​4487.

v6.32.3

Compare Source

Patch Changes

• 4941f31: The location of an injected directory dependency should be correctly located, when there is a chain of local dependencies (declared via the file: protocol`).

  The next scenario was not working prior to the fix. There are 3 projects in the same folder: foo, bar, qar.

  foo/package.json:

  {
    "name": "foo",
    "dependencies": {
      "bar": "file:../bar"
    },
    "dependenciesMeta": {
      "bar": {
        "injected": true
      }
    }
  }
  

  bar/package.json:

  {
    "name": "bar",
    "dependencies": {
      "qar": "file:../qar"
    },
    "dependenciesMeta": {
      "qar": {
        "injected": true
      }
    }
  }
  

  qar/package.json:

  {
    "name": "qar"
  }
  

  Related PR: #​4415.

v6.32.2

Compare Source

Patch Changes

• In order to guarantee that only correct data is written to the store, data from the lockfile should not be written to the store. Only data directly from the package tarball or package metadata #​4395.
• Throw a meaningful error message on pnpm install when the lockfile is broken and node-linker is set to hoisted #​4387.

v6.32.1

Compare Source

Patch Changes

• onlyBuiltDependencies should work #​4377. The new onlyBuiltDependencies feature was released with a bug in v6.32.0, so it didn't work.

v6.32.0

Compare Source

Minor Changes

• A new setting is supported in the pnpm section of the package.json file #​4001. onlyBuiltDependencies is an array of package names that are allowed to be executed during installation. If this field exists, only mentioned packages will be able to run install scripts.

  {
    "pnpm": {
      "onlyBuiltDependencies": ["fsevents"]
    }
  }
  

• -F is a short alias of --filter #​3467.

• When adding a new dependency, use the version specifier from the overrides, when present #​4313.

  Normally, if the latest version of foo is 2.0.0, then pnpm add foo installs foo@^2.0.0. This behavior changes if foo is specified in an override:

  {
    "pnpm": {
      "overrides": {
        "foo": "1.0.0"
      }
    }
  }
  

  In this case, pnpm add foo will add [email protected] to the dependency. However, if a version is explicitly specifying, then the specified version will be used and the override will be ignored. So pnpm add foo@0 will install v0 and it doesn't matter what is in the overrides.

Patch Changes

• Ignore case, when verifying package name in the store #​4367.
• When a peer dependency range is extended with *, just replace any range with *.
• When some dependency types are skipped, let the user know via the installation summary.

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.31.0...v6.32.0

v6.31.0

Compare Source

Minor Changes

• Added --shell-mode/-c option support to pnpm exec #​4328

  • --shell-mode: shell interpreter. See: https://github.com/sindresorhus/execa/tree/484f28de7c35da5150155e7a523cbb20de161a4f#shell

  Usage example:

  pnpm -r --shell-mode exec -- echo \"\$PNPM_PACKAGE_NAME\"
  pnpm -r -c exec -- echo \"\$PNPM_PACKAGE_NAME\"
  

  {
    "scripts": {
      "check": " pnpm -r --shell-mode exec -- echo \"\\$PNPM_PACKAGE_NAME\""
    }
  }
  

Patch Changes

• Remove meaningless keys from publishConfig when the pack or publish commands are used #​4311
• The pnpx, pnpm dlx, pnpm create, and pnpm exec commands should set the npm_config_user_agent env variable #​3985.

What's Changed

• fix: the dlx and create commands should set npm_config_user_agent by @​zkochan in https://github.com/pnpm/pnpm/pull/4317
• refactor(publish): remove meaningless key in publishConfig by @​BlackHole1 in https://github.com/pnpm/pnpm/pull/4334
• feat(exec): support shell interpreter by @​BlackHole1 in https://github.com/pnpm/pnpm/pull/4328

New Contributors

• @​BlackHole1 made their first contribution in https://github.com/pnpm/pnpm/pull/4334

Full Changelog: https://github.com/pnpm/pnpm/compare/v6.30.1...v6.31.0

v6.30.1

Compare Source

Patch Changes

• This fixes an issue introduced in pnpm v6.30.0.

  When a package is not linked to node_modules, no info message should be printed about it being "relinked" from the store #​4314.

v6.30.0

Compare Source

Minor Changes

• When checking that a package is linked from the store, check the existence of the package and read its stats with a single filesystem operation #​4304.

v6.29.2

Compare Source

Patch Changes

• node_modules directories inside injected dependencies should not be overwritten #​4299.

v6.29.1

Compare Source

Patch Changes

• Installation should not hang when there are broken symlinks in node_modules.

v6.29.0

Compare Source

Minor Changes

• Add support of the update-notifier configuration option #​4158.

Patch Changes

• A package should be able to be a dependency of itself.

v6.28.0

Compare Source

Minor Changes

• New option added: embed-readme. When false, pnpm publish doesn't save the readme file's content to package.json before publish #​4265.

Patch Changes

• pnpm exec should look for the executed command in the node_modules/.bin directory that is relative to the current working directory. Only after that should it look for the executable in the workspace root.
• Injected dependencies should work properly in projects that use the hoisted node linker #​4259.

v6.27.2

Compare Source

v2.1.0

Compare Source

:rocket: New Feature

• docusaurus-theme-classic, docusaurus-theme-common
  • #​8008 feat(theme): ability to use <DocCardList> without items prop, on any doc page (@​slorber)
• docusaurus-plugin-content-docs, docusaurus-theme-classic
  • #​7963 feat(docs): allow to configure noIndex per doc version (@​slorber)
  • #​7949 feat(plugin-docs): docs sidebar item link: support "autoAddBaseUrl" attribute (@​slorber)
• docusaurus-theme-translations
  • #​7953 feat(theme): adds Ukrainian default theme translations (@​b-ovsepian)

:bug: Bug Fix

• create-docusaurus
  • #​8032 fix(create-docusaurus): tutorial and init template improvements (@​slorber)
• docusaurus-preset-classic
  • #​8029 fix(preset-classic): broken link in "unrecognized keys" error message (@​mdubus)
• docusaurus
  • #​7977 fix(core): preload should support encoded page links (@​adventure-yunfei)
  • #​7996 fix(core): CLI command write-translations should extract translations from @​docu… (@​slorber)
  • #​7952 fix(core): allow overriding ssr/dev template meta tags (@​slorber)
• docusaurus-plugin-sitemap
  • #​7964 fix(sitemap): filter all routes with robots meta containing noindex (@​slorber)
• docusaurus-theme-classic
  • #​7910 fix(theme-classic): code block line number display with line wrapping (@​yzhe819)
  • #​7786 fix: collapse siblings when first category is selected (@​whiteand)

:nail_care: Polish

• docusaurus-theme-classic
  • #​7982 fix(theme): add aria-label to skip to content link region (@​YoniChechik)
  • #​7940 refactor(theme-classic): split AnnouncementBar, increase z-index, use shadow (@​slorber)
  • #​7876 refactor(theme-classic): make tag text visually certered (@​Kosai106)
• docusaurus-utils
  • #​7941 feat(core): add new Webpack file-loader extensions: avif, mov, mkv, mpg, avi... (@​slorber)
• docusaurus-theme-classic, docusaurus-types
  • #​7942 feat(theme-classic): use lang attribute in navbar locale dropdown items (@​slorber)
• docusaurus-theme-translations
  • #​7928 chore(theme-translations): complete vi translations (@​datlechin)

:memo: Documentation

• create-docusaurus
  • #​8032 fix(create-docusaurus): tutorial and init template improvements (@​slorber)
• docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-plugin-debug, docusaurus-plugin-google-analytics, docusaurus-plugin-google-gtag, docusaurus-plugin-ideal-image, docusaurus-plugin-sitemap, docusaurus-theme-classic
  • #​7905 docs: remove mention of beta (@​Josh-Cena)

Committers: 10

• Bagdasar Ovsepyan (@​b-ovsepian)
• Joshua Chen (@​Josh-Cena)
• Kevin Østerkilde (@​Kosai106)
• Morgane Dubus (@​mdubus)
• Ngô Quốc Đạt (@​datlechin)
• Sébastien Lorber (@​slorber)
• Yoni Chechik (@​YoniChechik)
• @​whiteand
• @​yzhe819
• adventure-yunfei (@​adventure-yunfei)

v0.15.1

Compare Source

• Update esbuild's Yarn Plug'n'Play implementation to match the latest specification changes (#​2452, #​2453)

  This release updates esbuild's implementation of Yarn Plug'n'Play to match some changes to Yarn's specification that just landed. The changes are as follows:

  • Check for platform-specific absolute paths instead of always for the / prefix

    The specification previously said that Yarn Plug'n'Play path resolution rules should not apply for paths that start with /. The intent was to avoid accidentally processing absolute paths. However, absolute paths on Windows such as C:\project start with drive letters instead of with /. So the specification was changed to instead explicitly avoid processing absolute paths.

  • Make $$virtual an alias for __virtual__

    Supporting Yarn-style path resolution requires implementing a custom Yarn-specific path traversal scheme where certain path segments are considered no-ops. Specifically any path containing segments of the form __virtual__/<whatever>/<n> where <n> is an integer must be treated as if they were n times the .. operator instead (the <whatever> path segment is ignored). So /path/to/project/__virtual__/xyz/2/foo.js maps to the underlying file /path/to/project/../../foo.js. This scheme makes it possible for Yarn to get node (and esbuild) to load the same file multiple times (which is sometimes required for correctness) without actually duplicating the file on the file system.

    However, old versions of Yarn used to use $$virtual instead of __virtual__. This was changed because $$virtual was error-prone due to the use of the $ character, which can cause bugs when it's not correctly escaped within regular expressions. Now that esbuild makes $$virtual an alias for __virtual__, esbuild should now work with manifests from these old Yarn versions.

  • Ignore PnP manifests in virtual directories

    The specification describes the algorithm for how to find the Plug'n'Play manifest when starting from a certain point in the file system: search through all parent directories in reverse order until the manifest is found. However, this interacts poorly with virtual paths since it can end up finding a virtual copy of the manifest instead of the original. To avoid this, esbuild now ignores manifests in virtual directories so that the search for the manifest will continue and find the original manifest in another parent directory later on.

  These fixes mean that esbuild's implementation of Plug'n'Play now matches Yarn's implementation more closely, and esbuild can now correctly build more projects that use Plug'n'Play.

v0.15.0

Compare Source

This release contains backwards-incompatible changes. Since esbuild is before version 1.0.0, these changes have been released as a new minor version to reflect this (as recommended by npm). You should either be pinning the exact version of esbuild in your package.json file or be using a version range syntax that only accepts patch upgrades such as ~0.14.0. See the documentation about semver for more information.

• Implement the Yarn Plug'n'Play module resolution algorithm (#​154, #​237, #​1263, #​2451)

  Node comes with a package manager called npm, which installs packages into a node_modules folder. Node and esbuild both come with built-in rules for resolving import paths to packages within node_modules, so packages installed via npm work automatically without any configuration. However, many people use an alternative package manager called Yarn. While Yarn can install packages using node_modules, it also offers a different package installation strategy called Plug'n'Play, which is often shortened to "PnP" (not to be confused with pnpm, which is an entirely different unrelated package manager).

  Plug'n'Play installs packages as .zip files on your file system. The packages are never actually unzipped. Since Node doesn't know anything about Yarn's package installation strategy, this means you can no longer run your code with Node as it won't be able to find your packages. Instead, you need to run your code with Yarn, which applies patches to Node's file system APIs before running your code. These patches attempt to make zip files seem like normal directories. When running under Yarn, using Node's file system API to read ./some.zip/lib/file.js actually automatically extracts lib/file.js from ./some.zip at run-time as if it was a normal file. Other file system APIs behave similarly. However, these patches don't work with esbuild because esbuild is not written in JavaScript; it's a native binary executable that interacts with the file system directly through the operating system.

  Previously the workaround for using esbuild with Plug'n'Play was to use the @yarnpkg/esbuild-plugin-pnp plugin with esbuild's JavaScript API. However, this wasn't great because the plugin needed to potentially intercept every single import path and file load to check whether it was a Plug'n'Play package, which has an unusually high performance cost. It also meant that certain subtleties of path resolution rules within a .zip file could differ slightly from the way esbuild normally works since path resolution inside .zip files was implemented by Yarn, not by esbuild (which is due to a limitation of esbuild's plugin API).

  With this release, esbuild now contains an independent implementation of Yarn's Plug'n'Play algorithm (which is used when esbuild finds a .pnp.js, .pnp.cjs, or .pnp.data.json file in the directory tree). Creating additional implementations of this algorithm recently became possible because Yarn's package manifest format was recently documented: https://yarnpkg.com/advanced/pnp-spec/. This should mean that you can now use esbuild to bundle Plug'n'Play projects without any additional configuration (so you shouldn't need @yarnpkg/esbuild-plugin-pnp anymore). Bundling these projects should now happen much faster as Yarn no longer even needs to be run at all. Bundling the Yarn codebase itself with esbuild before and after this change seems to demonstrate over a 10x speedup (3.4s to 0.24s). And path resolution rules within Yarn packages should now be consistent with how esbuild handles regular Node packages. For example, fields such as module and browser in package.json files within .zip files should now be respected.

  Keep in mind that this is brand new code and there may be some initial issues to work through before esbuild's implementation is solid. Yarn's Plug'n'Play specification is also brand new and may need some follow-up edits to guide new implementations to match Yarn's exact behavior. If you try this out, make sure to test it before committing to using it, and let me know if anything isn't working as expected. Should you need to debug esbuild's path resolution, you may find --log-level=verbose helpful.

v2.0.1

Compare Source

Fix bad npm publish of 2.0.0

Committers: 1

• Sébastien Lorber (@​slorber)

v2.0.0

Compare Source

Bad npm publish, please use 2.0.1

:nail_care: Polish

• docusaurus
  • #​7781 refactor(core): log Docusaurus & Node version before exiting (@​Josh-Cena)

Committers: 2

• Joshua Chen (@​Josh-Cena)
• Sébastien Lorber (@​slorber)

v3.0.0

Compare Source

Main Changes

Vite 3 is out! Read the Vite 3 Annoucement blog post

• New docs theme using VitePress v1 alpha: https://vitejs.dev
• Vite CLI
  • The default dev server port is now 5173, with the preview server starting at 4173.
  • The default dev server host is now localhost instead of 127.0.0.1.
• Compatibility
  • Vite no longer supports Node v12, which reached its EOL. Node 14.18+ is now required.
  • Vite is now published as ESM, with a CJS proxy to the ESM entry for compatibility.
  • The Modern Browser Baseline now targets browsers which support the native ES Modules and native ESM dynamic import and import.meta.
  • JS file extensions in SSR and lib mode now use a valid extension (js, mjs, or cjs) for output JS entries and chunks based on their format and the package type.
• Architecture changes
  • Vite now avoids full reload during cold start when imports are injected by plugins in while crawling the initial statically imported modules (#​8869).
  • Vite uses ESM for the SSR build by default, and previous SSR externalization heuristics are no longer needed.
• import.meta.glob has been improved, read about the new features in the Glob Import Guide
• The WebAssembly import API has been revised to avoid collisions with future standards. Read more in the WebAssembly guide
• Improved support for relative base.
• Experimental Features
  • Build Advanced Base Options
  • HMR Partial Accept
  • Vite now allows the use of esbuild to optimize dependencies during build time avoiding the need of @rollupjs/plugin-commonjs, removing one of the difference id dependency handling between dev and prod.
• Bundle size reduction
  • Terser is now an optional dependency. If you use build.minify: 'terser', you'll need to install it (npm add -D terser)
  • node-forge moved out of the monorepo to @​vitejs/plugin-basic-ssl
• Options that were already deprecated in v2 have been removed.

Note Before updating, check out the migration guide from v2

Features

• feat: expose server resolved urls (#​8986) (26bcdc3), closes #​8986
• feat: show ws connection error (#​9007) (da7c3ae), closes #​9007
• docs: update api-javascript (#​8999) (05b17df), closes #​8999
• refactor: opt-in optimizeDeps during build and SSR (#​8965) (f8c8cf2), closes #​8965
• refactor!: move basic ssl setup to external plugin, fix #​8532 (#​8961) (5c6cf5a), closes #​8532 #​8961
• feat: avoid scanner during build and only optimize CJS in SSR (#​8932) (339d9e3), closes #​8932
• feat: improved cold start using deps scanner (#​8869) (188f188), closes #​8869
• feat: ssr.optimizeDeps (#​8917) (f280dd9), closes #​8917
• feat: support import assertions (#​8937) (2390422), closes #​8937
• feat: accept AcceptedPlugin type for postcss plugin (#​8830) (6886078), closes #​8830
• feat: ssrBuild flag in config env (#​8863) (b6d655a), closes #​8863
• feat: experimental.renderBuiltUrl (revised build base options) (#​8762) (895a7d6), closes #​8762
• feat: respect esbuild minify config for css (#​8811) (d90409e), closes #​8811
• feat: use esbuild supported feature (#​8665) (2061d41), closes #​8665
• feat: respect esbuild minify config (#​8754) (8b77695), closes #​8754
• feat: update rollup commonjs plugin to v22 (#​8743) (d4dcdd1), closes #​8743
• feat: enable tree-shaking for lib es (#​8737) (5dc0f72), closes #​8737
• feat: supports cts and mts config (#​8729) (c2b09db), closes #​8729
• feat: bump minimum node version to 14.18.0 (#​8662) (8a05432), closes #​8662
• feat: experimental.buildAdvancedBaseOptions (#​8450) (8ef7333), closes #​8450
• feat: export esbuildVersion and rollupVersion (#​8675) (15ebe1e), closes #​8675
• feat: print resolved address for localhost (#​8647) (eb52d36), closes #​8647
• feat(hmr): experimental.hmrPartialAccept (#​7324) (83dab7e), closes #​7324
• refactor: type client maps (#​8626) (cf87882), closes #​8626
• feat: cleaner default dev output (#​8638) (dbd9688), closes #​8638
• feat: legacy options to revert to v2 strategies (#​8623) (993b842), closes #​8623
• feat: support async plugins (#​8574) (caa8a58), closes #​8574
• feat: support cjs noExternal in SSR dev, fix #​2579 (#​8430) (11d2191), closes #​2579 #​8430
• feat(dev): added assets to manifest (#​6649) (cdf744d), closes #​6649
• feat!: appType (spa, mpa, custom), boolean middlewareMode (#​8452) (14db473), closes #​8452
• feat: 500 response if the node proxy request fails (#​7398) (73e1775), closes #​7398
• feat: expose createFilter util (#​8562) (c5c424a), closes #​8562
• feat: better config __dirname support (#​8442) (51e9195), closes #​8442
• feat: expose version (#​8456) (e992594), closes #​8456
• feat: handle named imports of builtin modules (#​8338) (e2e44ff), closes #​8338
• feat: preserve process env vars in lib build (#​8090) (908c9e4), closes #​8090
• refactor!: make terser an optional dependency (#​8049) (164f528), closes #​8049
• chore: resolve ssr options (#​8455) (d97e402), closes #​8455
• perf: disable postcss sourcemap when unused (#​8451) (64fc61c), closes #​8451
• feat: add ssr.format to force esm output for ssr (#​6812) (337b197), closes #​6812
• feat: default esm SSR build, simplified externalization (#​8348) (f8c92d1), closes #​8348
• feat: derive proper js extension from package type (#​8382) (95cdd81), closes #​8382
• feat: ssr build using optimized deps (#​8403) (6a5a5b5), closes #​8403
• refactor: ExportData.imports to ExportData.hasImports (#​8355) (168de2d), closes #​8355
• feat: scan free dev server (#​8319) (3f742b6), closes #​8319
• feat: non-blocking esbuild optimization at build time (#​8280) (909cf9c), closes #​8280
• feat: non-blocking needs interop (#​7568) (531cd7b), closes #​7568
• refactor(cli): improve output aesthetics (#​6997) (809ab47), closes #​6997
• dx: sourcemap combine debug utils (#​8307) (45dba50), closes #​8307
• feat: sourcemap for importAnalysis (#​8258) (a4e4d39), closes #​8258
• feat: spa option, preview and dev for MPA and SSR apps (#​8217) (d7cba46), closes #​8217
• feat: vite connected logs changed to console.debug (#​7733) (9f00c41), closes #​7733
• feat: worker support query url (#​7914) (95297dd), closes #​7914
• feat(wasm): new wasm plugin (.wasm?init) (#​8219) (75c3bf6), closes #​8219
• build!: bump targets (#​8045) (66efd69), closes #​8045
• feat!: migrate to ESM (#​8178) (76fdc27), closes #​8178
• feat!: relative base (#​7644) (09648c2), closes #​7644
• feat(css): warn if url rewrite has no importer (#​8183) (0858450), closes #​8183
• feat: allow any JS identifier in define, not ASCII-only (#​5972) (95eb45b), closes #​5972
• feat: enable generatedCode: 'es2015' for rollup build (#​5018) (46d5e67), closes #​5018
• feat: rework dynamic-import-vars (#​7756) (80d113b), closes #​7756
• feat: worker emit fileName with config (#​7804) (04c2edd), closes #​7804
• feat(glob-import): support { import: '*' } (#​8071) (0b78b2a), closes #​8071
• build!: remove node v12 support (#​7833) (eeac2d2), closes #​7833
• feat!: rework import.meta.glob (#​7537) (330e0a9), closes #​7537
• feat!: vite dev default port is now 5173 (#​8148) (1cc2e2d), closes #​8148
• refactor: remove deprecated api for 3.0 (#​5868) (b5c3709), closes #​5868
• chore: stabilize experimental api (#​7707) (b902932), closes #​7707
• test: migrate to vitest (#​8076) (8148f67), closes #​8076

Bug Fixes

• fix: prevent production node_env in serve (#​9066) (7662998), closes #​9066
• fix: reload on restart with middleware mode (fixes #​9038) (#​9040) (e372693), closes #​9038 #​9040
• fix: remove ws is already closed error (#​9041) (45b8b53), closes #​9041
• fix(ssr): sourcemap content (fixes #​8657) (#​8997) (aff4544), closes #​8657 #​8997
• fix: respect explicitily external/noExternal config (#​8983) (e369880), closes #​8983
• fix: cjs interop export names local clash, fix #​8950 (#​8953) (2185f72), closes #​8950 #​8953
• fix: handle context resolve options (#​8966) (57c6c15), closes #​8966
• fix: re-encode url to prevent fs.allow bypass (fixes #​8498) (#​8979) (b835699), closes #​8498 #​8979
• fix(scan): detect import .ts as .js (#​8969) (752af6c), closes #​8969
• fix: ssrBuild is optional, avoid breaking VitePress (#​8912) (722f514), closes #​8912
• fix(css): always use css module content (#​8936) (6e0dd3a), closes #​8936
• fix: avoid optimizing non-optimizable external deps (#​8860) (cd8d63b), closes #​8860
• fix: ensure define overrides import.meta in build (#​8892) (7d810a9), closes #​8892
• fix: ignore Playwright test results directory (#​8778) (314c09c), closes #​8778
• fix: node platform for ssr dev regression (#​8840) (7257fd8), closes #​8840
• fix: optimize deps on dev SSR, builtin imports in node (#​8854) (d49856c), closes #​8854
• fix: prevent crash when the pad amount is negative (#​8747) (3af6a1b), closes #​8747
• fix: reverts #​8278 (a0da2f0), closes #​8278
• fix: server.force deprecation and force on restart API (#​8842) (c94f564), closes #​8842
• fix(deps): update all non-major dependencies (#​8802) (a4a634d), closes #​8802
• fix(hmr): set isSelfAccepting unless it is delayed (#​8898) (ae34565), closes #​8898
• fix(worker): dont throw on import.meta.url in ssr (#​8846) (ef749ed), closes #​8846
• fix: deps optimizer should wait on entries (#​8822) (2db1b5b), closes #​8822
• fix: incorrectly resolving knownJsSrcRE files from root (fixes #​4161) (#​8808) (e1e426e), closes #​4161 #​8808
• fix: /@​fs/ dir traversal with escaped chars (fixes #​8498) (#​8804) (6851009), closes #​8498 #​8804
• fix: preserve extension of css assets in the manifest (#​8768) (9508549), closes #​8768
• fix: always remove temp config (#​8782) (2c2a86b), closes #​8782
• fix: ensure deps optimizer first run, fixes #​8750 (#​8775) (3f689a4), closes #​8750 #​8775
• fix: remove buildTimeImportMetaUrl (#​8785) (cd32095), closes #​8785
• fix: skip inline html (#​8789) (4a6408b), closes #​8789
• fix(optimizer): only run require-import conversion if require'd (#​8795) (7ae0d3e), closes #​8795
• perf: avoid sourcemap chains during dev (#​8796) (1566f61), closes #​8796
• perf(lib): improve helper inject regex (#​8741) (19fc7e5), closes #​8741
• fix: avoid type mismatch with Rollup (fix #​7843) (#​8701) (87e51f7), closes #​7843 #​8701
• fix: optimizeDeps.entries transformRequest url (fix #​8719) (#​8748) (9208c3b), closes #​8719 #​8748
• fix(hmr): HMR_PORT should not be 'undefined' (#​8761) (3271266), closes #​8761
• fix: respect rollupOptions.external for transitive dependencies (#​8679) (4f9097b), closes #​8679
• fix: use esbuild platform browser/node instead of neutral (#​8714) (a201cd4), closes #​8714
• fix: disable inlineDynamicImports for ssr.target = node (#​8641) (3b41a8e), closes #​8641
• fix: infer hmr ws target by client location (#​8650) (4061ee0), closes #​8650
• fix: non-relative base public paths in CSS files (#​8682) (d11d6ea), closes #​8682
• fix: SSR with relative base (#​8683) (c1667bb), closes #​8683
• fix: filter of BOM tags in json plugin (#​8628) (e10530b), closes #​8628
• fix: revert #​5902, fix #​8243 (#​8654) (1b820da), closes #​8243 #​8654
• fix(optimizer): use simple browser external shim in prod (#​8630) (a32c4ba), closes #​8630
• fix(server): skip localhost verbatim dns lookup (#​8642) (7632247), closes #​8642
• fix(wasm): support inlined WASM in Node < v16 (fix #​8620) (#​8622) (f586b14), closes #​8620 #​8622
• fix: allow cache overlap in parallel builds (#​8592) (2dd0b49), closes #​8592
• fix: avoid replacing defines and NODE_ENV in optimized deps (fix #​8593) (#​8606) (739175b), closes #​8593 #​8606
• fix: sequential injection of tags in transformIndexHtml (#​5851) (#​6901) (649c7f6), closes #​5851 #​6901
• fix(asset): respect assetFileNames if rollupOptions.output is an array (#​8561) (4e6c26f), closes #​8561
• fix(css): escape pattern chars from base path in postcss dir-dependency messages (#​7081) (5151e74), closes #​7081
• fix(optimizer): browser mapping for yarn pnp (#​6493) (c1c7af3), closes #​6493
• fix: add missed JPEG file extensions to KNOWN_ASSET_TYPES (#​8565) (2dfc015), closes #​8565
• fix: default export module transformation for vitest spy (#​8567) (d357e33), closes #​8567
• fix: default host to localhost instead of 127.0.0.1 (#​8543) (49c0896), closes #​8543
• fix: dont handle sigterm in middleware mode (#​8550) (c6f43dd), closes #​8550
• fix: mime missing extensions (#​8568) (acf3024), closes #​8568
• fix: objurl for type module, and concurrent tests (#​8541) (26ecd5a), closes #​8541
• fix: outdated optimized dep removed from module graph (#​8533) (3f4d22d), closes #​8533
• fix(config): only rewrite .js loader in loadConfigFromBundledFile (#​8556) (2548dd3), closes #​8556
• fix(deps): update all non-major dependencies (#​8558) (9a1fd4c), closes #​8558
• fix(ssr): dont replace rollup input (#​7275) (9a88afa), closes #​7275
• fix: deps optimizer idle logic for workers (fix #​8479) (#​8511) (1e05548), closes #​8479 #​8511
• fix: not match \n when injecting esbuild helpers (#​8414) (5a57626), closes #​8414
• fix: respect optimize deps entries (#​8489) (fba82d0), closes #​8489
• fix(optimizer): encode _ and . in different way (#​8508) (9065b37), closes #​8508
• fix(optimizer): external require-import conversion (fixes #​2492, #​3409) (#​8459) (1061bbd), closes #​2492 #​3409 #​8459
• fix: make array acornInjectPlugins work (fixes #​8410) (#​8415) (08d594b), closes #​8410 #​8415
• fix: SSR deep imports externalization (fixes #​8420) (#​8421) (89d6711), closes #​8420 #​8421
• fix: import.meta.accept() -> import.meta.hot.accept() (#​8361) (c5185cf), closes #​8361
• fix: return type of handleHMRUpdate (#​8367) (79d5ce1), closes #​8367
• fix: sourcemap source point to null (#​8299) (356b896), closes #​8299
• fix: ssr-manifest no base (#​8371) (37eb5b3), closes #​8371
• fix(deps): update all non-major dependencies (#​8391) (842f995), closes #​8391
• fix: preserve annotations during build deps optimization (#​8358) (334cd9f), closes #​8358
• fix: missing types for es-module-lexer (fixes #​8349) (#​8352) (df2cc3d), closes #​8349 #​8352
• fix(optimizer): transpile before calling transformGlobImport (#​8343) (1dbc7cc), closes #​8343
• fix(deps): update all non-major dependencies (#​8281) (c68db4d), closes #​8281
• fix: expose client dist in exports (#​8324) (689adc0), closes #​8324
• fix(cjs): build cjs for loadEnv (#​8305) (80dd2df), closes #​8305
• fix: correctly replace process.env.NODE_ENV (#​8283) (ec52baa), closes #​8283
• fix: dev sourcemap (#​8269) (505f75e), closes #​8269
• fix: glob types (#​8257) (03b227e), closes #​8257
• fix: srcset handling in html (#​6419) (a0ee4ff), closes #​6419
• fix: support set NODE_ENV in scripts when custom mode option (#​8218) (adcf041), closes #​8218
• fix(hmr): catch thrown errors when connecting to hmr websocket (#​7111) (4bc9284), closes #​7111
• fix(plugin-legacy): respect entryFileNames for polyfill chunks (#​8247) (baa9632), closes #​8247
• fix(plugin-react): broken optimized deps dir check (#​8255) (9e2a1ea), closes #​8255
• fix!: do not fixStacktrace by default (#​7995) (23f8e08), closes #​7995
• fix(glob): properly handles tailing comma (#​8181) (462be8e), closes #​8181
• fix: add hash to lib chunk names (#​7190) (c81cedf), closes #​7190
• fix: allow css to be written for systemjs output (#​5902) (780b4f5), closes #​5902
• fix: client full reload (#​8018) (2f478ed), closes #​8018
• fix: handle optimize failure (#​8006) (ba95a2a), closes #​8006
• fix: increase default HTTPS dev server session memory limit (#​6207) (f895f94), closes #​6207
• fix: relative path html (#​8122) (d0deac0), closes #​8122
• fix: Remove ssrError when invalidating a module (#​8124) (a543220), closes #​8124
• fix: remove useless /__vite_ping handler (#​8133) (d607b2b), closes #​8133
• fix: typo in #​8121 (#​8143) (c32e3ac), closes #​8121 #​8143
• fix: use Vitest for unit testing, clean regex bug (#​8040) (63cd53d), closes #​8040
• fix: Vite cannot load configuration files in the link directory (#​4180) (#​4181) (a3fa1a3), closes #​4180 #​4181
• fix: vite client types (#​7877) (0e67fe8), closes #​7877
• fix: warn for unresolved css in html (#​7911) (2b58cb3), closes #​7911
• fix(build): use crossorigin for module preloaded (85cab70)
• fix(client): wait on the socket host, not the ping host (#​6819) (ae56e47), closes #​6819
• fix(css): hoist external @​import for non-split css (#​8022) (5280908), closes #​8022
• fix(css): preserve dynamic import css code (fix #​5348) (#​7746) (12d0cc0), closes #​5348 #​7746
• fix(glob): wrap glob compile output in function invocation (#​3682) (bb603d3), closes #​3682
• fix(lib): enable inlineDynamicImports for umd and iife (#​8126) (272a252), closes #​8126
• fix(lib): use proper extension (#​6827) (34df307), closes #​6827
• fix(ssr): avoid transforming json file in ssrTransform (#​6597) (a709440), closes #​6597
• fix(lib)!: remove format prefixes for cjs and esm (#​8107) (ad8c3b1), closes #​8107

Previous Changelogs

3.0.0-beta.10 (2022-07-11)

See 3.0.0-beta.10 changelog

3.0.0-beta.9 (2022-07-08)

See 3.0.0-beta.9 changelog

3.0.0-beta.8 (2022-07-08)

See 3.0.0-beta.8 changelog

3.0.0-beta.7 (2022-07-06)

See 3.0.0-beta.7 changelog

3.0.0-beta.6 (2022-07-04)

See 3.0.0-beta.6 changelog

3.0.0-beta.5 (2022-06-28)

See 3.0.0-beta.5 changelog

3.0.0-beta.4 (2022-06-27)

See 3.0.0-beta.4 changelog

3.0.0-beta.3 (2022-06-26)

See 3.0.0-beta.3 changelog

3.0.0-beta.2 (2022-06-24)

See 3.0.0-beta.2 changelog

3.0.0-beta.1 (2022-06-22)

See 3.0.0-beta.1 changelog

3.0.0-beta.0 (2022-06-21)

See 3.0.0-beta.0 changelog

3.0.0-alpha.14 (2022-06-20)

See 3.0.0-alpha.14 changelog

3.0.0-alpha.13 (2022-06-19)

See 3.0.0-alpha.13 changelog

3.0.0-alpha.12 (2022-06-16)

See 3.0.0-alpha.12 changelog

3.0.0-alpha.11 (2022-06-14)

See 3.0.0-alpha.11 changelog

3.0.0-alpha.10 (2022-06-10)

See 3.0.0-alpha.10 changelog

3.0.0-alpha.9 (2022-06-01)

See 3.0.0-alpha.9 changelog

3.0.0-alpha.8 (2022-05-31)

See 3.0.0-alpha.8 changelog

3.0.0-alpha.7 (2022-05-27)

See 3.0.0-alpha.7 changelog

3.0.0-alpha.6 (2022-05-27)

See 3.0.0-alpha.6 changelog

3.0.0-alpha.5 (2022-05-26)

See 3.0.0-alpha.5 changelog

3.0.0-alpha.4 (2022-05-25)

See 3.0.0-alpha.4 changelog

3.0.0-alpha.3 (2022-05-25)

See 3.0.0-alpha.3 changelog

3.0.0-alpha.2 (2022-05-23)

See 3.0.0-alpha.2 changelog

3.0.0-alpha.1 (2022-05-18)

See 3.0.0-alpha.1 changelog

3.0.0-alpha.0 (2022-05-13)

See 3.0.0-alpha.0 changelog

v15.0.0

Compare Source

Remove invalid ESC control sequence from XML output https://github.com/jest-community/jest-junit/pull/230 - by @​stevenxu-db

v14.0.1

Compare Source

Prevent unnecessary duplicate test cases by @​azzlack - https://github.com/jest-community/jest-junit/pull/221

v14.0.0

Compare Source

• Fix getOptions support for Windows machines #​215 by @​mastrzyz
• Failures in Test hooks like "AfterAll" now get shown in the Junit Results #​214 by @​mastrzyz

v11.2.0

Compare Source

Changelog: https://docs.cypress.io/guides/references/changelog#​11-2-0

v11.1.0

Compare Source

Changelog: https://docs.cypress.io/guides/references/changelog#​11-1-0

v11.0.1

Compare Source

Changelog: https://docs.cypress.io/guides/references/changelog#​11-0-1

v11.0.0

Compare Source

Changelog: https://docs.cypress.io/guides/references/changelog#​11-0-0

v2.2.0

Compare Source

:rocket: New Feature

• docusaurus-plugin-client-redirects
  • #​8227 feat(plugin-client-redirects): keep the query string + hash (@​Xabilahu)
• docusaurus
  • #​8210 feat(core): add --config param to swizzle command (@​e-im)
• docusaurus-mdx-loader, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-theme-classic, docusaurus-theme-mermaid, docusaurus-types, docusaurus
  • #​7490 feat: support mermaid code blocks in Markdown (@​sjwall)
• docusaurus-types, docusaurus
  • #​8151 feat(core): siteConfig.headTags API to render extra tags in document head (@​johnnyreilly)

:bug: Bug Fix

• docusaurus-plugin-ideal-image
  • #​8250 fix(ideal-image): do not pass down img prop (@​lex111)
• docusaurus-theme-common
  • #​8246 fix(mdx-loader): properly unwrap mdxAdmonitionTitle placeholder (@​Josh-Cena)
• docusaurus-plugin-content-docs
  • #​8234 fix(plugin-content-docs): fix error message context (error cause) when doc processing fails (@​shanpriyan)
• docusaurus-theme-classic, docusaurus-theme-translations
  • #​8207 fix(theme-classic): hamburger menu control navigation by keyboard (@​jeferson-sb)
• docusaurus-theme-classic, docusaurus-theme-common
  • #​8204 fix(theme-classic): fix SkipToContent without JS , refactor, make it public theming API (@​mturoci)
  • #​8059 fix(theme): preserve url ?search#hash on navbar version/locale dropdowns navigations (@​slorber)
• docusaurus
  • #​8192 fix(core): throw error for invalid URL in config file (@​forgeRW)
• docusaurus-theme-classic
  • #​8174 fix(theme): announce theme switches (@​mturoci)
  • #​8190 fix(theme): add more tag names to inline code element set (@​Josh-Cena)
  • #​8163 fix(theme): mobile navbar & skipToContent should cover announcementBar (@​adnanhashmi09)
  • #​8068 fix(theme): preserve line breaks when copying code with showLineNumbers in Firefox (@​LittleboyHarry)
• docusaurus-utils
  • #​8137 fix(utils): remove non-ASCII limitation for path normalization (@​birjj)
  • #​8158 fix(content-blog): make RSS feed generation work with slugs with .html extension (@​Pranav2612000)
• docusaurus-theme-translations
  • #​8105 fix(theme-translations): complete turkish theme default translations (@​ramazansancar)
  • #​8087 fix(theme-translations): remove extra vi translations (@​namnguyenthanhwork)
• docusaurus-plugin-client-redirects
  • #​8067 fix(redirect): tolerate trailing slash difference if config is undefined (@​Josh-Cena)

:nail_care: Polish

• docusaurus-theme-translations
  • #​8253 chore(theme-translations): complete ru translations (@​lex111)
  • #​8243 chore(theme-translations): complete French translations (@​forresst)
  • #​8075 fix(theme-translation): complete Japanese theme default translation (@​pasora)
• docusaurus
  • #​8159 fix(core): throw error for invalid URL in config file (@​forgeRW)
  • #​8109 feat(core): prefetch on mobile touchstart (@​sanjaiyan-dev)
• docusaurus-theme-classic
  • #​8161 fix(theme): do not show tab content when tabbing over it; show after selection only (@​mturoci)
  • #​8062 refactor(theme): remove hard-coded tag border-radius (@​homotechsual)
• docusaurus-utils-validation, docusaurus
  • #​8066 fix(core): normalize slashes for url/baseUrl instead of throwing (@​Josh-Cena)

Committers: 22

• Adnan Hashmi (@​adnanhashmi09)
• Alexey Pyltsyn (@​lex111)
• Forresst (@​forresst)
• Jan Peer Stöcklmair (@​JPeer264)
• Jeferson S. Brito (@​jeferson-sb)
• Johan Fagerberg (@​birjj)
• John Reilly (@​johnnyreilly)
• Joshua Chen (@​Josh-Cena)
• LittleboyHarry (@​LittleboyHarry)
• Masahiko Hara (@​pasora)
• Mikey O'Toole (@​homotechsual)
• Nguyễn Thành Nam (@​namnguyenthanhwork)
• Pranav Joglekar (@​Pranav2612000)
• Ramazan SANCAR (@​ramazansancar)
• Sam Wall (@​sjwall)
• Sanjaiyan Parthipan (@​sanjaiyan-dev)
• Shanmughapriyan S (@​shanpriyan)
• Sébastien Lorber (@​slorber)
• Xabier Lahuerta Vazquez (@​Xabilahu)
• @​forgeRW
• @​mturoci
• evan (@​e-im)

v18.12.1: 2022-11-04, Version 18.12.1 'Hydrogen' (LTS), @​juanarbol

Compare Source

This is a security release.

Notable changes

The following CVEs are fixed in this release:

• CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High)
• CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High)
• CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)

More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post.

Commits

• [39f8a672e3] - deps: update archs files for quictls/openssl-3.0.7+quic nodejs/node#​45286
• [80218127c8] - deps: upgrade openssl sources to quictls/openssl-3.0.7+quic nodejs/node#​45286
• [165342beac] - inspector: harden IP address validation again (Tobias Nießen) nodejs-private/node-private#​354

v18.12.0: 2022-10-25, Version 18.12.0 'Hydrogen' (LTS), @​ruyadorno and @​RafaelGSS

Compare Source

Notable Changes

This release marks the transition of Node.js 18.x into Long Term Support (LTS) with the codename 'Hydrogen'. The 18.x release line now moves into "Active LTS" and will remain so until October 2023. After that time, it will move into "Maintenance" until end of life in April 2025.

v18.11.0: 2022-10-13, Version 18.11.0 (Current), @​danielleadams

Compare Source

Notable changes

watch mode (experimental)

Running in 'watch' mode using node --watch restarts the process when an imported file is changed.

Contributed by Moshe Atlow in #​44366

Other notable changes

• fs:
  • (SEMVER-MINOR) add FileHandle.prototype.readLines (Antoine du Hamel) #​42590
• http:
  • (SEMVER-MINOR) add writeEarlyHints function to ServerResponse (Wing) #​44180
• http2:
  • (SEMVER-MINOR) make early hints generic (Yagiz Nizipli) #​44820
• lib:
  • (SEMVER-MINOR) refactor transferable AbortSignal (flakey5) #​44048
• src:
  • (SEMVER-MINOR) add detailed embedder process initialization API (Anna Henningsen) #​44121
• util:
  • (SEMVER-MINOR) add default value option to parsearg (Manuel Spigolon) #​44631

Commits

• [27b4b782ce] - benchmark: add vm context global proxy benchmark (Joyee Cheung) #​44796
• [4e82521af1] - bootstrap: update comments in bootstrap/node.js (Joyee Cheung) #​44726
• [725be0ea50] - buffer: initialize TextDecoder once on blob.text() (Yagiz Nizipli) #​44787
• [653c3b1f62] - buffer,lib: update atob to align wpt's base64.json (Khaidi Chu) #​43901
• [37808b3355] - build: convert V8 test JSON to JUnit XML (Keyhan Vakil) #​44049
• [f92871a52b] - build: update timezone-update.yml (Alex) #​44717
• [f85d3471ee] - child_process: remove lookup of undefined property (Colin Ihrig) #​44766
• [2f5f41c315] - (SEMVER-MINOR) cli: add --watch (Moshe Atlow) #​44366
• [7fb9cc70f3] - cluster: use inspector utils (Moshe Atlow) #​44592
• [99a2c16040] - crypto: add causes to applicable webcrypto's OperationError (Filip Skokan) #​44890
• [e0fbba0939] - crypto: use EVP_PKEY_CTX_set_dsa_paramgen_q_bits when available (David Benjamin) #​44561
• [a90386b0a1] - deps: update undici to 5.11.0 (Node.js GitHub Bot) #​44929
• [aa68d40fbf] - deps: update corepack to 0.14.2 (Node.js GitHub Bot) #​44775
• [c892f35815] - deps: V8: fix debug build (Ben Noordhuis) #​44392
• [91514393dc] - dns: support dns module in the snapshot (Joyee Cheung) #​44633
• [ce3cb29319] - doc: add fsPromises.readFile() example (Tierney Cyren) #​40237
• [97df9b84a2] - doc: improve building doc for Android (BuShe Pie) #​44888
• [8c69da893b] - doc: mention corepack prepare supports tag or range (Michael Rienstra) #​44646
• [842bc64833] - doc: remove Legacy status from querystring (Rich Trott) #​44912
• [ddb5402f5f] - doc: fix label name in collaborator guide (Rich Trott) #​44920
• [d08b024a3d] - doc: fix typo in Node.js 12 changelog (Lorand Horvath) #​42880
• [b6b9c427c5] - doc: move release keys we don't use anymore in README (Rich Trott) #​44899
• [e92b074b32] - doc: fix grammar in dns docs (#​44850) (Colin Ihrig) #​44850
• [780144c339] - doc: remove unnecessary leading commas (Colin Ihrig) #​44854
• [6ae9bc8fbc] - doc: add extra step for reporter pre-approval (Rafael Gonzaga) #​44806
• [ccf31d8bca] - doc: add anchor link for --preserve-symlinks (Kohei Ueno) #​44858
• [7c5c19ee54] - doc: update node prefix require.cache example (Simone Busoli) #​44724
• [2a5bce6318] - doc: include last security release date (Vladimir de Turckheim) #​44794
• [4efaf4265c] - doc: remove "currently" and comma splice from child_process.md (Rich Trott) #​44789
• [3627616b40] - doc,crypto: mark experimental algorithms more visually (Filip Skokan) #​44892
• [3c653cf23a] - doc,crypto: add missing CFRG curve algorithms to supported lists (Filip Skokan) #​44876
• [70f55020d3] - doc,crypto: add null length to crypto.subtle.deriveBits (Filip Skokan) #​44876
• [910fbd0ece] - esm: fix duplicated test (Geoffrey Booth) #​44779
• [bc00f3bde1] - fs: fix opts.filter issue in cp async (Tho) #​44922
• [11d1c23fa0] - (SEMVER-MINOR) fs: add FileHandle.prototype.readLines (Antoine du Hamel) #​42590
• [67fb76519a] - fs: improve promise based readFile performance for big files (Ruben Bridgewater) #​44295
• [dc6379bdc2] - fs: don't hard code name in validatePosition() (Colin Ihrig) #​44767
• [eb19b1e97c] - http: be more aggressive to reply 400, 408 and 431 (ywave620) #​44818
• [4c869c8d9e] - (SEMVER-MINOR) http: add writeEarlyHints function to ServerResponse (Wing) #​44180
• [9c7e66478c] - (SEMVER-MINOR) http2: make early hints generic (Yagiz Nizipli) #​44820
• [3f20e5b15c] - (SEMVER-MINOR) lib: refactor transferable AbortSignal (flakey5) #​44048
• [ada7d82b16] - lib: require JSDoc in internal validators code (Rich Trott) #​44896
• [67eaa303af] - lib: add cause to DOMException (flakey5) #​44703
• [0db86ee98e] - meta: update AUTHORS (Node.js GitHub Bot) #​44930
• [2efe4d985b] - meta: label test.js and test.md with test_runner label (Moshe Atlow) #​44863
• [fd9feb3a6c] - meta: update AUTHORS (Node.js GitHub Bot) #​44857
• [a854bb39c9] - node-api: create reference only when needed (Gerhard Stöbich) #​44827
• [fd5c26b8db] - path: change basename() argument from ext to suffix (Rich Trott) #​44774
• [803fbfb168] - process: fix uid/gid validation to avoid crash (Tobias Nießen) #​44910
• [9f2dd48fc3] - src: remove uid_t/gid_t casts (Tobias Nießen) #​44914
• [3abb607f3a] - src: remove UncheckedMalloc(0) workaround (Tobias Nießen) #​44543
• [0606f9298f] - src: deduplicate setting RSA OAEP label (Tobias Nießen) #​44849
• [daf3152f7e] - src: implement GetDetachedness() in MemoryRetainerNode (Joyee Cheung) #​44803
• [7ca77dd4ef] - src: avoid X509_free in loops in crypto_x509.cc (Tobias Nießen) #​44855
• [781ad96227] - src: use OnScopeLeave instead of multiple free() (Tobias Nießen) #​44852
• [b27b336a7a] - src: remove ParseIP() in cares_wrap.cc (Tobias Nießen) #​44771
• [f99f5d3c01] - (SEMVER-MINOR) src: add detailed embedder process initialization API (Anna Henningsen) #​44121
• [281fd7a09a] - src,stream: improve DoWrite() and Write() (ywave620) #​44434
• [a33cc22bf7] - src,worker: fix race of WorkerHeapSnapshotTaker (ywave620) #​44745
• [f300f197da] - stream: handle enqueuing chunks when a pending BYOB pull request exists (Daeyeon Jeong) #​44770
• [9ac029ea11] - test: bump memory limit for abort fatal error (Danielle Adams) #​44984
• [b9b671f25f] - test: debug watch mode inspect (Moshe Atlow) #​44861
• [2308b71d09] - test: don't clobber RegExp.$_ on startup (Ben Noordhuis) #​44864
• [fe91bebb67] - test: loosen test for negative timestamps in test-fs-stat-date (Livia Medeiros) #​44707
• [a080608552] - test: check --test is disallowed in NODE_OPTIONS (Kohei Ueno) #​44846
• [dc2af265d7] - test: improve lib/internal/source_map/source_map.js coverage (MURAKAMI Masahiko) #​42771
• [60a05d6dea] - test: skip some binding tests on IBMi PASE (Richard Lau) #​44810
• [8dacedaa3d] - test: remove unused variable in addon test (Joyee Cheung) #​44809
• [c54cee1c3f] - test: check server status in test-tls-psk-client (Richard Lau) #​44824
• [ee3c6a4dc5] - test: use async/await in test-debugger-exceptions (pete3249) #​44690
• [9f14625fe5] - test: use async/await in test-debugger-help (Chandana) #​44686
• [8033ad846b] - test: update test-debugger-scripts to use await/async (mmeenapriya) #​44692
• [f4f08be384] - test: use await in test-debugger-invalid-json (Anjana Krishnakumar Vellore) #​44689
• [d2f36169f3] - test: use async/await in test-debugger-random-port-with-inspect-port (Monu-Chaudhary) #​44695
• [ddf029725b] - test: use async/await in test-debugger-heap-profiler (Brinda Ashar) #​44693
• [117f068250] - test: use async/await in test-debugger-auto-resume (samyuktaprabhu) #​44675
• [143c428cae] - test: migrated from Promise chains to Async/Await (Rathi N Das) #​44674
• [e609a3309c] - test: change promises to async/await in test-debugger-backtrace.js (Juliet Zhang) #​44677
• [eeabd23ca6] - test: use async/await in test-debugger-sb-before-load (Hope Olaidé) #​44697
• [5c63d1464e] - test: add extra tests for basename with ext option (Connor Burton) #​44772
• [f8b2d7a059] - test: refactor to async/await (Divya Mohan) #​44694
• [9864bde9ab] - test: modify test-debugger-custom-port.js to use async-await (Priya Shastri) #​44680
• [af30823881] - test: upgrade all 1024 bit RSA keys to 2048 bits (Momtchil Momtchev) #​44498
• [0fb669e31f] - test: update test-debugger-breakpoint-exists.js to use async/await (Archana Kamath) #​44682
• [cca253503e] - test: use async/await in test-debugger-preserve-breaks (poorvitusam) #​44696
• [0b2e8b1681] - test: use async/await in test-debugger-profile (surbhirjain) #​44684
• [4db72a65cf] - test: change the promises to async/await in test-debugger-exec-scope.js (Ankita Khiratkar) #​44685
• [56c9c98963] - test: fix test-runner-inspect (Moshe Atlow) #​44620
• [36227ed862] - test: fix watch mode test flake (Moshe Atlow) #​44739
• [3abd71a0ea] - test: deflake watch mode tests (Moshe Atlow) #​44621
• [0c9f38f2be] - test: split watch mode inspector tests to sequential (Moshe Atlow) #​44551
• [d762a34128] - test_runner: add --test-name-pattern CLI flag (Colin Ihrig)
• [c7ece464a1] - test_runner: remove runtime experimental warning (Colin Ihrig) #​44844
• [3c1e9d41c8] - test_runner: support using --inspect with --test (Moshe Atlow) #​44520
• [4bdef48732] - tools: remove faulty early termination logic from update-timezone.mjs (Darshan Sen) #​44870
• [19d8574996] - tools: fix timezone update tool (Darshan Sen) #​44870
• [ad8b8ae7d3] - tools: update eslint to 8.25.0 (Node.js GitHub Bot) #​44931
• [fd99b17a4d] - tools: make utils.SearchFiles deterministic (Bruno Pitrus) #​44496
• [131adece37] - tools: fix typo in tools/update-authors.mjs (Darshan Sen) #​44780
• [ab22777e65] - tools: refactor deprecated format in no-unescaped-regexp-dot (Madhuri) #​44763
• [3ad0fae89d] - tools: update eslint-check.js to object style (andiemontoyeah) #​44706
• [e9d572a9bd] - tools: update eslint to 8.24.0 (Node.js GitHub Bot) #​44778
• [984b0b4a6c] - tools: update lint-md-dependencies to [email protected] (Node.js GitHub Bot) #​44776
• [db5aeed702] - (SEMVER-MINOR) util: add default value option to parsearg (Manuel Spigolon) #​44631
• [576ccdf125] - util: increase robustness with primordials (Jordan Harband) #​41212

v18.10.0: 2022-09-28, Version 18.10.0 (Current), @​RafaelGSS

Compare Source

Notable changes

• doc:
  • (SEMVER-MINOR) deprecate modp1, modp2, and modp5 groups (Tobias Nießen) #​44588
  • add legendecas to TSC list (Michael Dawson) #​44662
  • move policy docs to the permissions scope (Rafael Gonzaga) #​44222
• gyp:
  • libnode for ios app embedding (chexiongsheng) #​44210
• http:
  • (SEMVER-MINOR) throw error on content-length mismatch (sidwebworks) #​44588
• stream:
  • (SEMVER-MINOR) add ReadableByteStream.tee() (Daeyeon Jeong) #​44505

Commits

• [f497368679] - benchmark: fix startup benchmark (Evan Lucas) #​44727
• [0c9a94684e] - benchmark: add stream destroy benchmark (SindreXie) #​44533
• [9c5c1459a8] - bootstrap: clean up inspector console methods during serialization (Joyee Cheung) #​44279
• [19f67dba8a] - bootstrap: remove unused global parameter in per-context scripts (Joyee Cheung) #​44472
• [9da11426f6] - build: remove redundant entry in crypto (Jiawen Geng) #​44604
• [70898b4e67] - build: rewritten the Android build system (BuShe Pie) #​44207
• [a733f7faac] - Revert "build: go faster, drop -fno-omit-frame-pointer" (Ben Noordhuis) #​44566
• [1315a83333] - build: fix bad upstream merge (Stephen Gallagher) #​44642
• [993bd9b134] - crypto: restrict PBKDF2 args to signed int (Tobias Nießen) #​44575
• [ca5fb67b4e] - deps: update to ngtcp2 0.8.1 and nghttp3 0.7.0 (Tobias Nießen) #​44622
• [8da1d6ebc4] - deps: update corepack to 0.14.1 (Node.js GitHub Bot) #​44704
• [d36c4a3088] - deps: update ngtcp2 update instructions (Tobias Nießen) #​44619
• [7129106aa0] - deps: upgrade npm to 8.19.2 (npm team) #​44632
• [3cc8f4bb56] - deps: update to uvwasi 0.0.13 (Colin Ihrig) #​44524
• [4686579d4b] - dns: remove unnecessary parameter from validateOneOf (Yagiz Nizipli) #​44635
• [729dd95f1f] - dns: refactor default resolver (Joyee Cheung) #​44541
• [6dc038262a] - doc: mention git node backport (RafaelGSS) #​44764
• [fd971f5176] - doc: ensure to revert node_version changes (Rafael Gonzaga) #​44760
• [f274b08f8e] - doc: fix description for napi_get_cb_info() in n-api.md (Daeyeon Jeong) #​44761
• [2502f2353d] - doc: update the deprecation for exit code to clarify its scope (Daeyeon Jeong) #​44714
• [064543d0ae] - doc: update guidance for adding new modules (Michael Dawson) #​44576
• [33a2f17534] - doc: add registry number for Electron 22 (Keeley Hammond) #​44748
• [10a0d75c26] - doc: include code examples for webstreams consumers (Lucas Santos) #​44387
• [4dbe4a010c] - doc: mention where to push security commits (RafaelGSS) #​44691
• [82cb8151ad] - doc: remove extra space on threadpool usage (Connor Burton) #​44734
• [6ef9af2748] - doc: make legacy banner slightly less bright (Rich Trott) #​44665
• [b209c83e66] - doc: improve building doc for Windows Powershell (Brian Muenzenmeyer) #​44625
• [05b17e9250] - doc: maintain only one list of MODP groups (Tobias Nießen) #​44644
• [ec1cbdb69b] - doc: add legendecas to TSC list (Michael Dawson) #​44662
• [9341fb4446] - doc: remove comma in README.md (Taha-Chaudhry) #​44599
• [3dabb44dda] - doc: use serial comma in report docs (Daeyeon Jeong) #​44608
• [226d90a95a] - doc: use serial comma in stream docs (Daeyeon Jeong) #​44609
• [3f710fa636] - doc: remove empty line in YAML block (Claudio Wunder) #​44617
• [4ad1b0abc3] - (SEMVER-MINOR) doc: deprecate modp1, modp2, and modp5 groups (Tobias Nießen) #​44588
• [2d92610525] - doc: remove old OpenSSL ENGINE constants (Tobias Nießen) #​44589
• [03705639c4] - doc: fix heading levels for test runner hooks (Fabian Meyer) #​44603
• [6c557346a7] - doc: fix errors in http.md (Luigi Pinca) #​44587
• [48d944b71c] - doc: fix vm.Script createCachedData example (Chengzhong Wu) #​44487
• [2813323120] - doc: mention how to get commit release (Rafael Gonzaga) #​44572
• [ea7b44d474] - doc: fix link in process.md (Antoine du Hamel) #​44594
• [39b65d2fb7] - doc: do not use weak MODP group in example (Tobias Nießen) #​44585
• [f5549afd90] - doc: remove ebpf from supported tooling list (Rafael Gonzaga) #​44549
• [a3360b1f4f] - doc: emphasize that createCipher is never secure (Tobias Nießen) #​44538
• [4e6f7862ba] - doc: document attribute Script.cachedDataRejected (Chengzhong Wu) #​44451
• [01e584ecab] - doc: move policy docs to the permissions scope (Rafael Gonzaga) #​44222
• [57dac53c22] - doc,crypto: cleanup removed pbkdf2 behaviours (Filip Skokan) #​44733
• [c209bd6fb9] - doc,inspector: document changes of inspector.close (Chengzhong Wu) #​44628
• [9b3b7d6978] - esm,loader: tidy ESMLoader internals (Jacob Smith) #​44701
• [daf63d2fa3] - fs: fix typo in mkdir example (SergeyTsukanov) #​44791
• [85ab2f857f] - fs: remove unused option in fs.fstatSync() (Livia Medeiros) #​44613
• [a6091f5496] - gyp: libnode for ios app embedding (chexiongsheng) #​44210
• [f158656e4c] - (SEMVER-MINOR) http: throw error on content-length mismatch (sidwebworks) #​44378
• [1b160517f5] - inspector: expose inspector.close on workers (Chengzhong Wu) #​44489
• [a2eb55a2c9] - lib: don't match sourceMappingURL in strings (Alan Agius) #​44658
• [2baf532518] - lib: fix reference leak (falsandtru) #​44499
• [d8d34ae6bc] - lib: reset RegExp statics before running user code (Antoine du Hamel) #​44247
• [eb3635184b] - lib,test: fix bug in InternalSocketAddress (Tobias Nießen) #​44618
• [74dc4d198f] - meta: update AUTHORS (Node.js GitHub Bot) #​44777
• [97d2ed7296] - meta: add mailmap entry for dnlup (Rich Trott) #​44716
• [35fbd2cc14] - meta: update AUTHORS (Node.js GitHub Bot) #​44705
• [c5c1bc40a2] - meta: move dnlup to emeriti (dnlup) #​44667
• [c62dfe0427] - meta: update test_runner in label-pr-config (Shrujal Shah) #​44615
• [fe56efd0bc] - meta: update AUTHORS (Node.js GitHub Bot) #​44591
• [4436ffb536] - module: open stat/readPackage to mutations (Maël Nison) #​44537
• [f8ec946c82] - module: exports & imports map invalid slash deprecation (Guy Bedford) #​44477
• [64cb43a2b6] - node-api: add deprecation code of uncaught exception (Chengzhong Wu) #​44624
• [ce1704c2c7] - src: avoid using v8 on Isolate termination (Santiago Gimeno) #​44669
• [3036b85d71] - src: remove <unistd.h> from node_os.cc (Tobias Nießen) #​44668
• [29f57b7899] - src: avoid copy when creating Blob (Tobias Nießen) #​44616
• [75cfb13ea6] - src: make ReqWrap weak (Rafael Gonzaga) #​44074
• [c12abb5ece] - src: make NearHeapLimitCallback() more robust (Joyee Cheung) #​44581
• [81ea507e8e] - src: dump isolate stats when process exits (daomingq) #​44534
• [687844822f] - src: consolidate environment cleanup queue (Chengzhong Wu) #​44379
• [3d42aaaac0] - stream: handle a pending pull request from a released reader (Daeyeon Jeong) #​44702
• [73ad9db6c5] - stream: refactor use es2020 statement (SindreXie) #​44533
• [0af6e420b3] - stream: remove abortReason from WritableStreamDefaultController (Daeyeon Jeong) #​44540
• [2f2f8d5821] - (SEMVER-MINOR) stream: add ReadableByteStream.tee() (Daeyeon Jeong) #​44505
• [667e8bf3fb] - stream: fix writableStream.abort() (Daeyeon Jeong) #​44327
• [3112d5dae0] - test: verify napi_remove_wrap with napi_delete_reference (Chengzhong Wu) #​44754
• [b512436841] - test: change promises to async/await (Madhulika Sharma) #​44683
• [858631f720] - test: use async/await in test-debugger-invalid-args (Nupur Chauhan) #​44678
• [6c9ded810c] - test: update test-debugger-low-level to use await/async (Meghana Ramesh) #​44688
• [945aa74e57] - test: check that sysconf returns a positive value (Tobias Nießen) #​44666
• [79f0f48a6f] - test: change promise to async/await in debugger-watcher (“Pooja) #​44687
• [a56cb65bd6] - test: fix addon tests compilation with OpenSSL 1.1.1 (Adam Majer) #​44725
• [8a68a80a06] - test: fix test-performance-measure (smitley) #​44637
• [55de0136b3] - test: improve lib/readline.js coverage (MURAKAMI Masahiko) #​42686
• [a3095d217f] - test: fix test-repl not validating leaked globals properly (Antoine du Hamel) #​44640
• [7db2974692] - test: ignore stale process cleanup failures on Windows (Joyee Cheung) #​44480
• [6c35f338c3] - test: use python3 instead of python (Luigi Pinca) #​44545
• [20e04c6d44] - test: fix DebugSymbolsTest.ReqWrapList on PPC64LE (Daniel Bevenius) #​44341
• [eb25fe73b0] - test: add more cases for parse-encoding (Tony Gorez) #​44427
• [5ab3bc9419] - test_runner: include stack of uncaught exceptions (Moshe Atlow) #​44614
• [752e1472e1] - tls: fix out-of-bounds read in ClientHelloParser (Tobias Nießen) #​44580
• [0cddb0af99] - tools: add update-llhttp.sh (Paolo Insogna) #​44652
• [ef0dc47df9] - tools: fix typo in update-nghttp2.sh (Luigi Pinca) #​44664
• [0df181a5a1] - tools: add timezone update workflow (Lenvin Gonsalves) #​43988
• [dd4348900d] - tools: update eslint to 8.23.1 (Node.js GitHub Bot) #​44639
• [b9cfb71e12] - tools: update lint-md-dependencies to @​rollup/plugin-node-resolve@​14.1.0 (Node.js GitHub Bot) #​44638
• [5ae142d7ad] - tools: update gyp-next to v0.13.0 (Jiawen Geng) #​44605
• [5dd86c3faf] - tools: update lint-md-dependencies to @​rollup/plugin-node-resolve@​14.0.1 (Node.js GitHub Bot) #​44590
• [caad4748cf] - tools: increase timeout of running WPT (Joyee Cheung) #​44574
• [5db9779f14] - tools: fix shebang to use python3 by default (Himself65) #​44531
• [9aa6a560e9] - v8: add setHeapSnapshotNearHeapLimit (theanarkh) #​44420
• [360b74e94f] - win: fix fs.realpath.native for long paths (StefanStojanovic) #​44536

v18.9.1: 2022-09-23, Version 18.9.1 (Current), @​RafaelGSS

Compare Source

This is a security release.

Notable changes

The following CVEs are fixed in this release:

• CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
  • Insufficient fix for macOS devices on v18.5.0
• CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
• CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
  • Insufficient fix on v18.5.0
• CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
  • Insufficient fix on v18.5.0
• CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
• CVE-2022-35255: Weak randomness in WebCrypto keygen

More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.

llhttp updated to 6.0.10

llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities.

• HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
• HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
• HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).

Commits

• [0c2a5723be] - crypto: fix weak randomness in WebCrypto keygen (Ben Noordhuis) nodejs-private/node-private#
• [ffb6f4d51d] - deps: MacOS - fix location of OpenSSL config file (Michael Dawson) nodejs-private/node-private#​345
• [01bffcdd93] - http: disable chunked encoding when OBS fold is used (Paolo Insogna) nodejs-private/node-private#​341
• [2c379d341d] - src: fix IPv4 non routable validation (RafaelGSS) nodejs-private/node-private#​337

v18.9.0: 2022-09-08, Version 18.9.0 (Current), @​RafaelGSS

Compare Source

Notable changes

• doc
  • add daeyeon to collaborators (Daeyeon Jeong) #​44355
• lib
  • (SEMVER-MINOR) add diagnostics channel for process and worker (theanarkh) #​44045
• os
  • (SEMVER-MINOR) add machine method (theanarkh) #​44416
• report
  • (SEMVER-MINOR) expose report public native apis (Chengzhong Wu) #​44255
• src
  • (SEMVER-MINOR) expose environment RequestInterrupt api (Chengzhong Wu) #​44362
• vm
  • include vm context in the embedded snapshot (Joyee Cheung) #​44252

Commits

• [e27e709d3c] - build: add --libdir flag to configure (Stephen Gallagher) #​44361
• [30da2b4d89] - build: added NINJA env to customize ninja binary (Jeff Dickey) #​44293
• [3c5354869e] - cluster: fix cluster rr distribute error (theanarkh) #​44202
• [5cefd02618] - crypto: handle invalid prepareAsymmetricKey JWK inputs (Filip Skokan) #​44475
• [c868e36385] - crypto: add digest name to INVALID_DIGEST errors (Tobias Nießen) #​44468
• [35cbe1ad85] - crypto: use actual option name in error message (Tobias Nießen) #​44455
• [c3dbe18e4c] - crypto: simplify control flow in HKDF (Tobias Nießen) #​44272
• [28781a1f7e] - crypto: improve RSA-PSS digest error messages (Tobias Nießen) #​44307
• [b1eafe14fd] - debugger: decrease timeout used to wait for the port to be free (Joyee Cheung) #​44359
• [8ef5c40a83] - deps: update corepack to 0.14.0 (Node.js GitHub Bot) #​44509
• [cf19a79dfc] - deps: upgrade npm to 8.19.1 (npm team) #​44486
• [c5630ad1a7] - deps: V8: backport ff8d67c (Michaël Zasso) #​44423
• [255e7fbd08] - deps: update Acorn to v8.8.0 (Michaël Zasso) #​44437
• [754d26a53e] - deps: patch V8 to 10.2.154.15 (Michaël Zasso) #​44294
• [1b50ff2600] - deps: update icu tzdata to 2022b (Matías Zúñiga) #​44283
• [1e451dca99] - deps: upgrade llhttp to 6.0.9 (Paolo Insogna) #​44344
• [57da3db522] - deps: update undici to 5.9.1 (Node.js GitHub Bot) #​44319
• [1c87a7e8f6] - doc: add missing parenthesis in TLSSocket section (Tobias Nießen) #​44512
• [05006eddb2] - doc: do not use "Returns:" for crypto.constants (Tobias Nießen) #​44481
• [54b6ed58bc] - doc: use serial comma in addons docs (Tobias Nießen) #​44482
• [11452a97b3] - doc: add --update-assert-snapshot to node.1 (Colin Ihrig) #​44429
• [ae028e8ac3] - doc: improve assert.snapshot() docs (Colin Ihrig) #​44429
• [71c869688a] - doc: add missing imports in events sample