Changelog

denoland/deno · · 28 commits

Deno leans harder into lazy-loaded scripts

Big Node-compat and telemetry/perf work landed, plus a publish provenance crash fix and several TLS/HTTP2 correctness improvements.

divybot bartlomieju dsherret fibibot

WebSocket upgrades now work from node:http (bartlomieju496e918)

Deno.upgradeWebSocket() can now reuse the node:http upgrade socket and head buffer, writing the 101 response over the existing TCP connection. This unlocks WebSocket upgrade flows in Node-based frameworks that sit on top of node:http.

deno publish no longer panics in non-GitHub CI (bartlomiejue5faf73)

Provenance generation now avoids the empty-token false positive and replaces a series of unwrap()s with proper errors when GitHub-specific CI env vars are missing. That means Forgejo/Gitea-style CI can run deno publish without crashing.

Node TLS certificate handling got much closer to Node.js (bartlomiejue277e4d)

TLS server config now includes provided CA certs in the handshake chain, and peer-certificate handling was updated for self-signed roots. Certificate fields also now preserve Node’s single-value-vs-array behavior, alongside fixes for EC curve naming.

Lazy-loaded script conversion expanded across core extensions (bartlomieju5a970fa, bartlomiejuc532c63, bartlomiejuf5918a7, bartlomieju9499507, bartlomiejubc1f7ff)

Several hot-path JS extensions were converted from ESM to lazy_loaded_js, including fetch, cache, canvas, crypto, fs, ffi, and cron. The goal is to cut module resolution overhead at startup and on first use, while preserving behavior via core.loadExtScript() and shared internals where needed.

HTTP/2 and Node-compat correctness improved across the board (divybot1a6a656, divybot8617871, divybot3ee4720, divybot349f015, divybotd12ea83, divybot3c155b1, divybot60b234f, divybot50920d3, divybot3cb894c, divybot2b39f9c, divybot913f97b, fibibot81a7724, divybotfbfa985, divybot09c6782, divybota0876df, divybotf14cb96)

A long run of Node compatibility fixes landed for HTTP/2, TLS, crypto, and undici integration, enabling more failing tests in the compat suite. Highlights include protocol errors for HTTP/2-to-HTTP/1 mismatches, better flow control and ping handling, support for allowHTTP1 websocket upgrades, CA certificate introspection, PEM/private-key handling, and typed TLS errors.

Other misc changes

  • npm overrides now understand the catalog: protocol.
  • A small monch dependency/perf bump landed.
  • Several node_compat tests were enabled or updated.
  • Minor internal wiring and snapshot-build fixes across extensions.