v17.3.0 release proposal

[danielleadams]

2021-12-17, Version 17.3.0 (Current), @danielleadams

Notable changes

OpenSSL-3.0.1

OpenSSL-3.0.1 contains a fix for CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl (Moderate). This is a vulnerability in OpenSSL that may be exploited through Node.js. More information can be read here: https://www.openssl.org/news/secadv/20211214.txt.

Contributed by Richard Lau #41177.

Other Notable Changes

• lib:
  • make AbortSignal cloneable/transferable (James M Snell) #41050
• deps:
  • upgrade npm to 8.3.0 (npm team) #41127
• doc:
  • add @bnb as a collaborator (Tierney Cyren) #41100
• process:
  • add getActiveResourcesInfo() (Darshan Sen) #40813
• timers:
  • add experimental scheduler api (James M Snell) #40909

Commits

• [99fb6d48eb] - assert: prefer reference comparison over string comparison (Darshan Sen) #41015
• [a7dfa43dc7] - assert: use stricter stack frame detection in .ifError() (Ruben Bridgewater) #41006
• [28761de6d4] - buffer: fix Blob constructor on various TypedArrays (Irakli Gozalishvili) #40706
• [8fcb71a5ab] - build: update openssl config generator Dockerfile (Richard Lau) #41177
• [3a9ffa86db] - build: use '<(python)' instead of 'python' (Cheng Zhao) #41146
• [85f1537c28] - build: fix comment-labeled workflow (Mestery) #41176
• [61c53a667a] - build: use gh cli in workflows file (Mestery) #40985
• [1fc6fd66ff] - build: fix commit-queue-rebase functionality (Rich Trott) #41140
• [831face7d1] - build: skip documentation generation if no ICU (Rich Trott) #41091
• [c776c9236e] - build: re-enable V8 concurrent marking (Michaël Zasso) #41013
• [2125449f89] - build: add --without-corepack (Jonah Snider) #41060
• [6327685363] - build: fail early in test-macos.yml (Rich Trott) #41035
• [ee4186b305] - build: add tools/doc to tools.yml updates (Rich Trott) #41036
• [db30bc97d0] - build: update Actions versions (Mestery) #40987
• [db9cef3c4f] - build: set persist-credentials: false on workflows (Rich Trott) #40972
• [29739f813f] - build: add OpenSSL gyp artifacts to .gitignore (Luigi Pinca) #40967
• [1b8baf0e4f] - build: remove legacy -J test.py option from Makefile/vcbuild (Rich Trott) #40945
• [5c27ec8385] - build: ignore unrelated workflow changes in slow Actions tests (Rich Trott) #40928
• [8957c9bd1c] - build,tools: automate enforcement of emeritus criteria (Rich Trott) #41155
• [e924dc7982] - cluster: use linkedlist for round_robin_handle (twchn) #40615
• [c757fa513e] - crypto: add missing null check (Michael Dawson) #40598
• [35fe14454b] - deps: update archs files for quictls/openssl-3.0.1+quic (Richard Lau) #41177
• [0b2103419f] - deps: upgrade openssl sources to quictls/openssl-3.0.1+quic (Richard Lau) #41177
• [fae4945ab3] - deps: upgrade npm to 8.3.0 (npm team) #41127
• [3a1d952e68] - deps: upgrade npm to 8.2.0 (npm team) #41065
• [627b5bb718] - deps: update Acorn to v8.6.0 (Michaël Zasso) #40993
• [a2fb12f9c6] - deps: patch V8 to 9.6.180.15 (Michaël Zasso) #40949
• [93111e4662] - doc: fix closing parenthesis (AlphaDio) #41190
• [f883bf3d12] - doc: add security steward on/offboarding steps (Michael Dawson) #41129
• [1274a25b14] - doc: align module resolve algorithm with implementation (Qingyu Deng) #38837
• [34c6c59014] - doc: update nodejs-sec managers (Michael Dawson) #41128
• [db26bdb011] - doc: move style guide to findable location (Rich Trott) #41119
• [4369c6d9f6] - doc: fix comments in test-fs-watch.js (jakub-g) #41046
• [93f5bd34e9] - doc: document support building with Python 3.10 on Windows (Christian Clauss) #41098
• [d8fa227c26] - doc: add note about pip being required (Piotr Rybak) #40669
• [95691801f3] - doc: remove OpenJSF Slack nodejs from support doc (Rich Trott) #41108
• [e3ac384d78] - doc: simplify major release preparation (Bethany Nicolle Griggs) #40816
• [3406910040] - doc: clarify escaping for ES modules (notroid5) #41074
• [668284b5a1] - doc: add @bnb as a collaborator (Tierney Cyren) #41100
• [94d09113a2] - doc: add explicit declaration of fd with null val (Henadzi) #40704
• [b353ded677] - doc: expand entries for isIP(), isIPv4(), and isIPv6() (Rich Trott) #41028
• [f18aa14b1d] - doc: link to commit queue guide (Geoffrey Booth) #41030
• [681edbe75f] - doc: specify that message.socket can be nulled (Luigi Pinca) #41014
• [7c41f32f06] - doc: fix JSDoc in ESM loaders examples (Mestery) #40984
• [61b2e2ef9e] - doc: remove legacy -J test.py option from BUILDING.md (Rich Trott) #40945
• [c9b09d124e] - doc,lib,tools: align multiline comments (Rich Trott) #41109
• [12023dff4b] - (SEMVER-MINOR) errors: add support for cause in aborterror (James M Snell) #41008
• [b0b7943e8f] - (SEMVER-MINOR) esm: working mock test (Bradley Farias) #39240
• [37dbc3b9e9] - (SEMVER-MINOR) events: propagate abortsignal reason in new AbortError ctor in events (James M Snell) #41008
• [1b8d4e4867] - (SEMVER-MINOR) events: propagate weak option for kNewListener (James M Snell) #40899
• [bbdcd0513b] - (SEMVER-MINOR) fs: accept URL as argument for fs.rm and fs.rmSync (Antoine du Hamel) #41132
• [46108f8d50] - fs: fix error codes for fs.cp (Antoine du Hamel) #41106
• [e25671cddb] - fs: fix length option being ignored during read() (Shinho Ahn) #40906
• [6eda874be0] - (SEMVER-MINOR) fs: propagate abortsignal reason in new AbortSignal constructors (James M Snell) #41008
• [70ed4ef248] - http: don't write empty data on req/res end() (Santiago Gimeno) #41116
• [4b3bf7e818] - (SEMVER-MINOR) http2: propagate abortsignal reason in new AbortError constructor (James M Snell) #41008
• [8d87303f76] - inspector: add missing initialization (Michael Dawson) #41022
• [b191e66ddf] - lib: include return types in JSDoc (Rich Trott) #41130
• [348707fca6] - (SEMVER-MINOR) lib: make AbortSignal cloneable/transferable (James M Snell) #41050
• [4ba883d384] - (SEMVER-MINOR) lib: add abortSignal.throwIfAborted() (James M Snell) #40951
• [cc3e430c11] - lib: use consistent types in JSDoc @returns (Rich Trott) #41089
• [a1ed7f2810] - (SEMVER-MINOR) lib: propagate abortsignal reason in new AbortError constructor in blob (James M Snell) #41008
• [1572db3e86] - lib: do not lazy load EOL in blob (Ruben Bridgewater) #41004
• [62c4b4c85b] - (SEMVER-MINOR) lib: add AbortSignal.timeout (James M Snell) #40899
• [f0d874342d] - lib,test,tools: use consistent JSDoc types (Rich Trott) #40989
• [03e6771137] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #41154
• [e26c187b85] - meta: move to emeritus automatically after 18 months (Rich Trott) #41155
• [b89fb3ef0a] - meta: move silverwind to emeriti (Roman Reiss) #41171
• [0fc148321f] - meta: update AUTHORS (Node.js GitHub Bot) #41144
• [d6d1d6647c] - meta: update AUTHORS (Node.js GitHub Bot) #41088
• [f30d6bcaff] - meta: move one or more TSC members to emeritus (Node.js GitHub Bot) #40908
• [033a646d82] - meta: increase security policy response targets (Matteo Collina) #40968
• [6b6e1d054e] - node-api,doc: document parms which can be optional (Michael Dawson) #41021
• [93ea1666f6] - perf_hooks: use spec-compliant structuredClone (Michaël Zasso) #40904
• [d8a2125900] - (SEMVER-MINOR) process: add getActiveResourcesInfo() (Darshan Sen) #40813
• [67124ac63a] - (SEMVER-MINOR) readline: propagate signal.reason in awaitable question (James M Snell) #41008
• [8fac878ff5] - readline: skip escaping characters again (Ruben Bridgewater) #41005
• [d3de937782] - src: fix limit calculation (Michael Dawson) #41026
• [6f0ec9835a] - src: use a higher limit in the NearHeapLimitCallback (Joyee Cheung) #41041
• [90097ab891] - src,crypto: remove uses of AllocatedBuffer from crypto_sig (Darshan Sen) #40895
• [b59c513c31] - stream: add isErrored helper (Robert Nagy) #41121
• [1787bfab68] - stream: allow readable to end early without error (Robert Nagy) #40881
• [01e8c15c8a] - (SEMVER-MINOR) stream: use cause options in AbortError constructors (James M Snell) #41008
• [0e21c64ae9] - stream: remove whatwg streams experimental warning (James M Snell) #40971
• [513305c7d7] - stream: cleanup eos (Robert Nagy) #40998
• [da8baf4bbb] - test: do not load absolute path crypto engines twice (Richard Lau) #41177
• [1f6a9c3e31] - test: skip ESLint tests if no Intl (Rich Trott) #41105
• [ce656a80b5] - test: add missing JSDoc parameter name (Rich Trott) #41057
• [fb8f2e9643] - test: deflake test-trace-atomics-wait (Luigi Pinca) #41018
• [de1748aca4] - test: add auth option case for url.format (Hirotaka Tagawa / wafuwafu13) #40516
• [943547a0eb] - Revert "test: skip different params test for OpenSSL 3.x" (Daniel Bevenius) #40640
• [0caa3483d2] - (SEMVER-MINOR) timers: add experimental scheduler api (James M Snell) #40909
• [e795547651] - (SEMVER-MINOR) timers: propagate signal.reason in awaitable timers (James M Snell) #41008
• [a77cae1ef7] - tls: improve handling of shutdown (Jameson Nash) #36111
• [db410e7d3e] - tools: update doc to remark-rehype@10.1.0 (Node.js GitHub Bot) #41149
• [e3870f3f17] - tools: update lint-md-dependencies to rollup@2.61.1 vfile-reporter@7.0.3 (Node.js GitHub Bot) #41150
• [6fc92bd191] - tools: enable jsdoc/require-returns-type ESLint rule (Rich Trott) #41130
• [70e6fe860a] - tools: update ESLint to 8.4.1 (Rich Trott) #41114
• [78894fa888] - tools: enable JSDoc check-alignment lint rule (Rich Trott) #41109
• [40a773aa29] - tools: strip comments from lint-md rollup output (Rich Trott) #41092
• [7b606cfef6] - tools: update highlight.js to 11.3.1 (Rich Trott) #41091
• [52633a9e95] - tools: enable jsdoc/require-returns-check lint rule (Rich Trott) #41089
• [dc0405e7fb] - tools: update ESLint to 8.4.0 (Luigi Pinca) #41085
• [855f15d059] - tools: enable jsdoc/require-param-name lint rule (Rich Trott) #41057
• [78265e095a] - tools: use jsdoc recommended rules (Rich Trott) #41057
• [9cfdf15da6] - tools: rollback highlight.js (Richard Lau) #41078
• [fe3e09bb4b] - tools: remove Babel from license-builder.sh (Rich Trott) #41049
• [62e0aa9725] - tools: udpate packages in tools/doc (Rich Trott) #41036
• [a959f4fa72] - tools: install and enable JSDoc linting in ESLint (Rich Trott) #41027
• [661960e471] - tools: include JSDoc in ESLint updating tool (Rich Trott) #41027
• [e2922714ee] - tools: ignore unrelated workflow changes in slow Actions tests (Antoine du Hamel) #40990
• [6525226ff7] - tools: remove unneeded tool in update-eslint.sh (Rich Trott) #40995
• [5400b7963d] - tools: consolidate ESLint dependencies (Rich Trott) #40995
• [86d5af14bc] - tools: update ESLint update script to consolidate dependencies (Rich Trott) #40995
• [8427099f66] - tools: run ESLint update to minimize diff on subsequent update (Rich Trott) #40995
• [82daaa9914] - tools,test: make -J behavior default for test.py (Rich Trott) #40945
• [db77780cb9] - url: detect hostname more reliably in url.parse() (Rich Trott) #41031
• [66b5083c1e] - util: serialize falsy cause values while inspecting errors (Ruben Bridgewater) #41097
• [09d29ca8d9] - util: make sure error causes of any type may be inspected (Ruben Bridgewater) #41097
• [f5ff88b3cb] - (SEMVER-MINOR) util: pass through the inspect function to custom inspect functions (Ruben Bridgewater) #41019
• [a0326f0941] - util: escape lone surrogate code points using .inspect() (Ruben Bridgewater) #41001
• [91df200ad6] - (SEMVER-MINOR) util: add numericSeparator to util.inspect (Ruben Bridgewater) #41003
• [da87413257] - (SEMVER-MINOR) util: always visualize cause property in errors during inspection (Ruben Bridgewater) #41002

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/41523/
CITGM v17.x: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/2814/
CITGM: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/2819/
V8: https://ci.nodejs.org/job/node-test-commit-v8-linux/4434/ ✅

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/41524/ ✅