Change8

v24.18.0

📦 node-jsView on GitHub →
14 features🐛 8 fixes🔧 10 symbols

Summary

This release introduces several minor version features, including new Web Cryptography algorithms (TurboSHAKE, KangarooTwelve) and an increased default Buffer pool size. It also includes security updates via root certificate renewal and various hardening improvements across the crypto module.

Migration Steps

  1. If relying on specific argument names in crypto functions or error messages, review them for alignment with updated documentation.
  2. If using crypto.diffieHellman(), note that it now accepts key data.

✨ New Features

  • Increased Buffer.poolSize default to 64 KiB.
  • Aligned key argument names in crypto documentation and error messages.
  • Added support for key data in crypto.diffieHellman() and cleaned up DH jobs.
  • Added TurboSHAKE and KangarooTwelve Web Cryptography algorithms.
  • Added writeInformation to http module to send arbitrary 1xx status codes.
  • Exposed precise coverage start to the JS runtime via inspector.
  • Added --enable-all-experimentals build flag.
  • Enabled x64 PGO build on Windows.
  • Added WebCrypto CryptoJob mode.
  • Wired ML-DSA and ML-KEM for use with BoringSSL.
  • Wired ChaCha20-Poly1305 in Web Cryptography when using BoringSSL.
  • Wired AES-KW in Web Cryptography when using BoringSSL.
  • Added JWK support for ML-KEM and SLH-DSA key types.
  • Added --help option to 'node inspect'.

🐛 Bug Fixes

  • Updated root certificates to NSS 3.123.1.
  • Avoided stream listeners on idle agent sockets in http module.
  • Reverted the change to noop pause/resume on destroyed streams.
  • Strengthened argument CHECKs in TurboSHAKE.
  • Hardened WebCrypto against prototype pollution.
  • Coerced -0 keylen to +0 in pbkdf2 and scrypt.
  • Aligned verifyOneShot accepted types in crypto module.
  • Improved system certificate enumeration logic on macOS.

Affected Symbols