v24.7.0
Breaking Changes📦 node-jsView on GitHub →
⚠ 2 breaking✨ 7 features🐛 4 fixes🔧 16 symbols
Summary
This release introduces Post-Quantum Cryptography support in node:crypto and the Web Cryptography API, adds Argon2 password hashing, and enables execution argument configuration for Single Executable Applications.
⚠️ Breaking Changes
- Removal of several root certificates (GlobalSign Root CA, Entrust.net Premium 2048, Baltimore CyberTrust, Comodo AAA, XRamp Global, Go Daddy Class 2, Starfield Class 2) may break TLS connections to servers relying on these CAs.
- Web Cryptography HMAC now requires a key length when using SHA-3 hashes.
Migration Steps
- If using Single Executable Applications, update your configuration JSON to include 'execArgv' and 'execArgvExtension' if you need to control runtime flags.
- Verify TLS connectivity if your infrastructure relies on the removed root certificates from GlobalSign, Entrust, Baltimore, Comodo, XRamp, Go Daddy, or Starfield.
- Update Web Cryptography HMAC implementations using SHA-3 to explicitly provide a key length.
✨ New Features
- Added Post-Quantum Cryptography support (ML-KEM and ML-DSA) to node:crypto via encapsulate/decapsulate and sign/verify.
- Extended Web Cryptography API with AES-OCB, ChaCha20-Poly1305, ML-DSA, ML-KEM, SHA-3, SHAKE, subtle.getPublicKey(), and SubtleCrypto.supports().
- Added support for Node.js execution arguments (execArgv and execArgvExtension) in Single Executable Applications (SEA).
- Added crypto.argon2() and crypto.argon2Sync() for password hashing.
- Added Agent.agentKeepAliveTimeoutBuffer option to http module.
- Added support for raw header arrays in h2Stream.respond() in http2.
- Added Brotli support to CompressionStream and DecompressionStream.
🐛 Bug Fixes
- Fixed subtle.getPublicKey error when provided with secret type key inputs.
- Fixed unsafe array iteration in child_process.
- Normalized RsaHashedKeyParams publicExponent in Web Cryptography.
- System CA certificates are now loaded off-thread to improve performance.