The TLS start sequence has been broken since #26661 because of the way
how we wrap TCP handle to create TLS handle.
#26661 introduced happy-eyeballs algorithm and some connection could be
dropped because of happy-eyeball attempt timeout. The current
implementation doesn't consider that case and it could start TLS
handshake with timed out TCP connection. That caused #27652 .
This PR fixes it by changing the initialization steps. Now `wrapHandle`
of TLSSocket set up `afterConnectTls` callback in TCP handle, and
`afterConnect` of TCP handle calls it at `connect` event timing if it
exists. This avoids starting TLS session with timed out connection.
closes #27652
This is the release commit being forwarded back to main for 2.1.6
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Fixes #27343
Currently the node:child_process polyfill is always passing the full
parent environment to all spawned subprocesses. In the case where
`options.env` is provided those keys are overridden but the rest of the
parent environment is still passed through.
On Node the behaviour is for child processes to only inherit the parent
environment when `options.env` isn't specified. When `options.env` is
specified the child process inherits only those keys.
This PR updates the internal node child_process polyfill so that the
`clearEnv` argument is set to true when spawning the subprocess to
prevent the parent environment always being inherited by default. It
also fixes an issue where `normalizeSpawnArguments` wasn't returning the
`env` option if `options.env` was unset.
See the comment
https://github.com/denoland/deno/pull/25470#issuecomment-2435077722 for
the reason why we do this workaround to make `make-fetch-happen` work in
Deno
This PR applies the same workaround to `npm-check-updates` package.
`npm-check-updates` internally uses
[`npm-registry-fetch`](https://www.npmjs.com/package/npm-registry-fetch)
which uses
[`make-fetch-happen`](https://www.npmjs.com/package/make-fetch-happen)
(the problematic package) for making http request to npm registry.
The detection of `make-fetch-happen` doesn't work for
`npm-check-updates` because we use call stack at `net.Socket`
constructor to check if it's called from `make-fetch-happen`, but
`npm-check-updates` bundles its dependency and the check doesn't work.
This PR adds the check of `npm-check-updates` string in call stack in
net.Socket constructor to trigger the workaroud.
closes #27629
This commit makes `process` global always available in Node context.
`process` global was previously available explicitly in `deno_node`, but then
got removed in #25291 and made globally available regardless of whether it's in
Deno or Node context, so this commit does not have any effect on Deno CLI.
However, for users who want to use `deno_node` ext only, it makes sense to have
`process` available to simulate the Node environment individually.
This change may bring some negative performance impact. To measure how large the
impact would be, a very simple benchmark was performed whose results can be
found at https://github.com/magurotuna/process_global_bench.
A QUIC endpoint is a UDP socket which multiplexes QUIC sessions, which
may be initiated in either direction. This PR exposes endpoints and
moves things around as needed.
Now that endpoints can be reused between client connections, we have a
way to share tls tickets between them and allow 0rtt. This interface
currently works by conditionally returning a promise.
Also cleaned up the rust op names, fixed some lingering problems in the
data transmission, and switched to explicit error types.
The error message is currently `Bad Resource ID`. This commit changes it to
`Cannot read request body as underlying resource unavailable`
closes #27133
Currently we only supports 7 ciphers (`aes-(128|192|256)-ecb` and
`aes-(128|256)-(cbc|gcm)`) in `node:crypto`, but `crypto.getCiphers`
returns other supported cipher names. That confuses `npm:openpgp`
package and causes https://github.com/denoland/deno/issues/26875.
This PR makes `getCiphers` return actually supported cipher names.
With this change, the example given in #26875 can create private and
public key files.
closes #26875
fixes #27132
When the body resource is unavailable when start reading it, the error
message is `Bad Resource ID` and that doesn't tell what's wrong very
well.
This PR changes that error message to `Cannot read body as underlying
resource unavailable`