deps: upgrade npm to 6.14.14 #39552
Closed
deps: upgrade npm to 6.14.14 #39552
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Experimental implementation of the WHATWG streams standard. Signed-off-by: James M Snell <[email protected]> PR-URL: nodejs#39062 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
PR-URL: nodejs#39129 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#39200 Reviewed-By: Harshitha K P <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
Use "repository" instead of "repo". This also adjusts capitalization in a header that was already being modified to use "repository" because even I couldn't bring myself to put that in a separate commit. PR-URL: nodejs#39179 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Harshitha K P <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
In 2016, Ali added the instruction to cc him on particular V8 bugs and the suggestion to contact him for certain problems. However, I'm pretty sure Ali has not been working on V8 for 2+ years at this point. I'm guessing those instructions are obsolete at this point. (I'll ping him in the PR for this change to confirm, though.) Also: Remove a parenthetical and add a comma, because I can't imagine opening a separate pull request to add a comma. (OK, I'm lying, I totally can and if anyone has done that in the past, it's probably me.) PR-URL: nodejs#39181 Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
Remove special V8 maintenance instructions for versions of Node.js prior to 9.0.0. Perform other minor edits in nearby text. PR-URL: nodejs#39185 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Gerhard Stöbich <[email protected]>
This commit adds step to CC [email protected] as part of the security release process. PR-URL: nodejs#39191 Refs: nodejs/TSC#1047 Reviewed-By: Beth Griggs <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]>
This is a security release. Notable changes: Vulnerabilities fixed: - **CVE-2021-22918**: libuv upgrade - Out of bounds read (Medium) - **CVE-2021-22921**: Windows installer - Node Installer Local Privilege Escalation (Medium) - **CVE-2021-27290**: npm upgrade - ssri Regular Expression Denial of Service (ReDoS) (High) - **CVE-2021-23362**: npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS) (Medium) PR-URL: nodejs-private/node-private#270
This is a security release. Notable changes: Vulnerabilities fixed: - **CVE-2021-22918**: libuv upgrade - Out of bounds read (Medium) - **CVE-2021-22921**: Windows installer - Node Installer Local Privilege Escalation (Medium) PR-URL: nodejs-private/node-private#272
This is a security release. Notable changes: Vulnerabilities fixed: - **CVE-2021-22918**: libuv upgrade - Out of bounds read (Medium) - **CVE-2021-22921**: Windows installer - Node Installer Local Privilege Escalation (Medium) PR-URL: nodejs-private/node-private#271
Original commit message:
idna: fix OOB read in punycode decoder
Reported by Eric Sesterhenn in collaboration with
Cure53 and ExpressVPN.
Reported-By: Eric Sesterhenn <[email protected]>
PR-URL: https://github.com/libuv/libuv-private/pull/1
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
CVE-ID: CVE-2021-22918
Refs: https://hackerone.com/reports/1209681
PR-URL: nodejs-private/node-private#267
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Beth Griggs <[email protected]>
Explicitly set permission for Windows install directory. Refs: https://hackerone.com/reports/1211160 PR-URL: nodejs-private/node-private#269 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Rich Trott <[email protected]>
Fix typo for line break tag. PR-URL: nodejs#39223 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Beth Griggs <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: nodejs#39201 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
Re-use existing compat logic for pump by using finished. PR-URL: nodejs#39203 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]>
Since async hooks are per-environment and putting them in the environment allows us to serialize them for the snapshot automatically. PR-URL: nodejs#39112 Refs: nodejs#38905 Refs: nodejs#35711 Reviewed-By: Anna Henningsen <[email protected]>
If writable/readable has been explicitly disabled then using a Duplex as writable/readable should fail. Fixes: nodejs#34374 PR-URL: nodejs#34385 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
PR-URL: nodejs#39154 Reviewed-By: Anna Henningsen <[email protected]>
PR-URL: nodejs#39160 Reviewed-By: Michaël Zasso <[email protected]>
PR-URL: nodejs#39211 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Harshitha K P <[email protected]>
PR-URL: nodejs#39212 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Harshitha K P <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: nodejs#39213 Reviewed-By: Harshitha K P <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Thinking it is probably better to run this frequently and do small quick timely updates to AUTHORS rather than waiting months like we usually do and having a lot of little issues to sort out. If this works well, maybe it can be a scheduled GitHub Action or something the bot does for us. PR-URL: nodejs#39217 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Richard Lau <[email protected]>
Most deprecations do not end with a full-stop/period, but three of them do. Well, not anymore after this change. PR-URL: nodejs#39218 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
`tools/lint-pr-commit-message.sh` was previously used to lint the commit message of the first commit in a pull request but is now no longer used -- commit message linting is now done in a GitHub actions workflow which does not call this script. PR-URL: nodejs#39120 Reviewed-By: Mary Marchini <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Zijian Liu <[email protected]>
Now that the docs have toggles for CJS vs. ESM, there is no need to include a comment explaining which module type is being used. PR-URL: nodejs#39219 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Zijian Liu <[email protected]>
PR-URL: nodejs#39199 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Zijian Liu <[email protected]>
PR-URL: nodejs#39209 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Harshitha K P <[email protected]>
PR-URL: nodejs#39119 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: Zijian Liu <[email protected]>
All hosts in CI return true for common.enoughTestCpu. At least for our CI, it is always true, so we can remove it. PR-URL: nodejs#39161 Reviewed-By: Luigi Pinca <[email protected]>
Modify .mailmap so Myles has the same email address in AUTHORS as he does in README. PR-URL: nodejs#39503 Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
I exchanged email with Gerhard to make sure that this was the rendering of his name that was correct. PR-URL: nodejs#39489 Reviewed-By: Gerhard Stöbich <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
This change was discussed at the TSC meeting today. PR-URL: nodejs#39487 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#39488 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
I have not contributed to Node.js in a couple of years. While I would love to continue doing so, there's not a high likelihood of this happening in the near future. This commit moves my status from collaborator to emeritus. It's been fun! Signed-off-by: Lance Ball <[email protected]> PR-URL: nodejs#39501 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Rich Trott <[email protected]>
Make `EventTarget.prototype.addEventListener()` accept `null` as a valid value for the `options` argument. PR-URL: nodejs#39486 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Robert Nagy <[email protected]>
Use a different flag to prevent recursive dispatching. PR-URL: nodejs#39395 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: James M Snell <[email protected]>
All API introduced in this PR are compliant with web [performance-timeline](https://w3c.github.io/performance-timeline) spec. "performance-timeline" is listed as supported web spec in the doc https://nodejs.org/docs/latest/api/perf_hooks.html#perf_hooks_performance_measurement_apis. Changes summary: 1. Add new supported wpt test subsets: user-timing and performance-timeline. 2. Add support for `Performance.getEntries`, `Performance.getEntriesByName` and `Performance.getEntriesByType` to synchronously fetch buffered performance entries. This means the user should invoke `Performance.clearMarks` and `Performance.clearMeasures` to clear buffered entries to prevent from those entries been kept alive forever. 3. Add support (again after nodejs#37136) for `buffered` flags for `PerformanceObserver`. 3. Fixes `PerformanceMark` and `PerformanceMeasure` wpt compliance issues. 4. Only user-created performance entries will be buffered globally. This behavior should be compliant with https://w3c.github.io/timing-entrytypes-registry/#registry. With the new ability to fetch user-created performance entries synchronously, the issues raised in nodejs/diagnostics#464 (comment) could also be fixed. PR-URL: nodejs#39297 Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#39496 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
PR-URL: nodejs#39494 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: James M Snell <[email protected]>
The WASI link test attempts to create a link in the temporary directory to a file in the fixtures directory and can fail if those directories are on different devices. Update the test so that both the source and target of the link reside on the same device. PR-URL: nodejs#39485 Fixes: nodejs#39484 Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
The AIX/IBM i branch in `host_arch_cc()` that hardcodes the compiler executable to `gcc` precludes picking up either `CC_host` or `CC` environment variables (if set) as is done on other platforms. On an AIX/IBM i platform where the compiler is, e.g. `gcc-10` instead of just `gcc`, the current check will fail to detect the host architecture and incorrectly default to `ia32`. Removing the AIX/IBM i specific branch will follow the same logic as on the other platforms: 1. The value, if set, of the `CC_host` environment variable. 2. Otherwise, if set, the value of the `CC` environment variable. 3. `gcc` (`cc` if on macOS). PR-URL: nodejs#39481 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Ash Cripps <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>
In email, Saúl indicated that they've switched to using their personalized domain email address. Update their email in README accordingly. This will align their email in the README with their email in .mailmap, which will in turn assist the accuracy of tools for contributor metrics. PR-URL: nodejs#39511 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]>
The previous Perl script used to generate the AUTHORS file (probably) needed more entries than the current JS script to avoid duplicate entries in AUTHORS. The entry removed here is no longer needed for that purpose, but it is creating a small issue around tooling for gathering contributor metrics. PR-URL: nodejs#39512 Reviewed-By: Bradley Farias <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]>
Per instructions from Fedor, I'm updating their email address in the README. PR-URL: nodejs#39510 Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: James M Snell <[email protected]>
All of our workflows use Node.js 14.x or 16.x except for commit-lint.yml which has 12.x hard-coded. Update it to 14.x and change it to using an environment variable so it is consistent with our other workflows. PR-URL: nodejs#39506 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#39474 Refs: nodejs#39471 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Zeyu Yang <[email protected]> Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
Fixes: nodejs#39205 PR-URL: nodejs#39319 Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#39507 Reviewed-By: Guy Bedford <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#39492 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Zeyu Yang <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: nodejs#39453 Reviewed-By: James M Snell <[email protected]>
The option buffered is not about queueing the PerformanceEntrys with an event loop task or not. The option buffered in the spec is about filling the observer with the global PerformanceEntry buffer. The current (and the spec) behavior is different with Node.js version <= v16.0.0. PR-URL: nodejs#39514 Refs: https://w3c.github.io/performance-timeline/#observe-method Refs: https://nodejs.org/dist/latest-v14.x/docs/api/perf_hooks.html#perf_hooks_performanceobserver_observe_options Refs: nodejs#39297 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]>
github-actions
bot
added
meta
|
@nodejs/npm something's obviously gone awry here -- did the bot start with an up-to-date v14.x-staging branch? |
|
@richardlau yep, I'm going to manually kick this PR off instead of using the automation; The Update: manual PR opened - #39553 |
|
Closing: need to debug https://github.com/npm/cli/blob/latest/.github/workflows/create-cli-deps-pr.yml for |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
6.14.14 (2021-07-27)
DEPENDENCIES
4627c0670[email protected]