We're hiring systems engineers in San Francisco to build the future of JavaScript!
This release fixes 14 bugs. Adds install.saveTextLockfile option in bunfig.toml to make the text lockfile format the default. Fixes bugs in package-lock.json migration when manually changing npm resolutions to git URLs. Fixes a regression in process.on from Bun v1.1.39. Fixes an issue with BigInt in napi APIs impacting DuckDB. Improves reliability of installing git/github dependencies in bun install. Upgrades WebKit with security & reliability improvements.
To install Bun
curl -fsSL https://bun.sh/install | bashnpm install -g bunpowershell -c "irm bun.sh/install.ps1|iex"scoop install bunbrew tap oven-sh/bunbrew install bundocker pull oven/bundocker run --rm --init --ulimit memlock=-1:-1 oven/bunTo upgrade Bun
bun upgradeNew: install.saveTextLockfile in bunfig.toml
In Bun v1.1.39, we introduced the text-based bun.lock lockfile format for bun install. In Bun v1.2, we will make it the default.
To use bun.lock instead of bun.lockb:
bun install --save-text-lockfileSeveral people have asked for a way to use the text-based lockfile format by default without waiting for v1.2.
You can now set install.saveTextLockfile = true in your bunfig.toml to make the text lockfile format the default.
[install]
saveTextLockfile = true
You can place this in your global ~/.bunfig.toml.
Thanks to @dylan-conway for implementing this!
Fixed: regression in process.on from Bun v1.1.39
A regression introduced in Bun v1.1.39 caused process.on when used in a Worker, in a single-file executable, or a macro to potentially crash. This has been fixed.
Thanks to @dylan-conway for implementing this!
Fixed: N-API BigInt handling bug impacting DuckDB
Our N-API implementation for napi_create_bigint_words was not handling trailing zeros consistently with Node.js & V8.
The napi_get_value_bigint_uint64 and napi_get_value_bigint_int64 functions were not setting the lossless boolean flag.
These have been fixed, thanks to @190n!
Improved git/github dependency installation reliability
In rare cases, bun install would hang or fail to install git/github dependencies.
What makes Git/GitHub dependencies tricky is we don't know their own dependencies until after we've downloaded the package (unlike npm which has a registry API we can ask ahead of time). To save you time, bandwidth, and disk space, bun install goes to great lengths to avoid downloading packages that ultimately won't be used or are already installed. Often bun install won't try to download a package until we try to install it, see it's not there in node_modules, and see it's not there in the global store.
This release fixes a bug that could cause git dependencies to fail to transition from the downloading state to the installed state. This release also fixes a bug in package-lock.json migration when manually changing npm URLs to git URLs.
Thank to @dylan-conway for implementing this!
WebKit upgrade
This WebKit upgrade includes reliability and security improvements.
- A lock could theoretically unlock too early
- An edgecase involving the DFG JIT with the
[[ToString]]operation - Setting a value in a typed array of integers in the DFG JIT could end up in an incorrect state in the global object when taking a slow path