-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: upgrade to npm 2.14.18 #5245
Conversation
It's possible there is already an existing error on OpenSSL's error stack that is unrelated to the EVP_DigestInit_ex() operation we just executed. Fixes: nodejs#4221 PR-URL: nodejs#4731 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
Fix a segmentation fault when the debug message handler was called from a context without an associated `node::Environment`. Fixes: nodejs#4261 Fixes: nodejs#4322 PR-URL: nodejs#4328 Reviewed-By: Evan Lucas <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#4194 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Jeremiah Senkpiel <[email protected]>
PR-URL: nodejs#4194 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Jeremiah Senkpiel <[email protected]>
Modify tools/license-builder.sh to restore the Third-Party Software licenses for ICU. Also fix arguments to tail to work on Linux. rvagg: modified sed command for ICU to replace tabs with spaces and remove whitespace at the end of lines PR-URL: nodejs#4762 Reviewed-By: Rod Vagg <[email protected]>
PR-URL: nodejs#4762 Reviewed-By: Rod Vagg <[email protected]>
On case-insensitive platorms, the Debug/ rule catches the debug module under npm and eslint. PR-URL: nodejs#2286 Reviewed-By: Roman Reiss <[email protected]>
PR-URL: nodejs#2286 Reviewed-By: Roman Reiss <[email protected]>
The no-reserved-keys rule doesn't exist anymore and we don't need ES3 compatibility. escape and unescape are now known by eslint. --reset flag was removed and it is now the default behavior. PR-URL: nodejs#2286 Reviewed-By: Roman Reiss <[email protected]>
With an indentation style of two spaces, it is not possible to indent multiline variable declarations by four spaces. Instead, the var keyword is used on every new line. Use const instead of var where applicable for changed lines. PR-URL: nodejs#2286 Reviewed-By: Roman Reiss <[email protected]>
PR-URL: nodejs#2286 Reviewed-By: Roman Reiss <[email protected]>
Replace var keyword with const or let. PR-URL: nodejs#2286 Reviewed-By: Roman Reiss <[email protected]>
Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: nodejs#2772 PR-URL: nodejs#3537 Reviewed-By: Ben Noordhuis <[email protected]>
The exts and trailingSlash variables are only used if the path isn't cached. This commit moves them further down in the code, and changes from var to const. PR-URL: nodejs#3579 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Trevor Norris <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
In some conditions it can happen that the client-side socket is destroyed before the server-side socket has gracefully closed, thus causing a 'ECONNRESET' error in this socket. To solve this, also close gracefully in the client side. PR-URL: nodejs#3966 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#4244 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Chris Dickinson <[email protected]>
There is no guarantee that the `suicide` property of a worker in the master process is going to be set when the `disconnect` and `exit` events are emitted. To fix it, wait for the ACK of the suicide message from the master before disconnecting the worker. Also, there's no need to send the suicide message from the worker if the disconnection has been initiated in the master. Add `test-cluster-disconnect-suicide-race` that forks a lot of workers to consistently reproduce the issue this patch tries to solve. Modify `test-regress-nodejsGH-3238` so it checks both the `kill` and `disconnect` cases. Also take into account that the `disconnect` event may be received after the `exit` event. PR-URL: nodejs#4349 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Rich Trott <[email protected]>
Documents the "path" property on fs.WriteStream and fs.ReadStream. See nodejs#4327 PR-URL: nodejs#4368 Reviewed-By: James M Snell <[email protected]>
Allows more freedom in adding additional headings to addon.markdown, otherwise it'll try and convert each block under a heading to a test case. We need to have at least a .js and a .cc in order to have something to test. Fixes regression caused by adding a new 3rd-level heading in d5863bc PR-URL: nodejs#4411 Reviewed-By: Myles Borins <[email protected]>
instead of doc-* PR-URL: nodejs#4412 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Johan Bergström <[email protected]>
All the other properties get an h2/## but process.connected gets an h3/### for no discernible reason. Change it to h2/## like the others. PR-URL: nodejs#4433 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Stephan Belanger <[email protected]> Reviewed-By: Roman Klauke <[email protected]>
Copyedit the documentation for setTimeout() and enforce wrapping at 80 characters in the markdown file for nearby text. PR-URL: nodejs#4434 Reviewed-By: Trevor Norris <[email protected]> Reviewed-By: jasnell - James M Snell <[email protected]> Reviewed-By: Stephan Belanger <[email protected]>
Windows would die with ECONNRESET most times when running this particular test. This commit makes handling these errors more tolerable. PR-URL: nodejs#4442 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Rich Trott <[email protected]>
Before this commit, it was possible on Windows for the server's 'connection' handler to be called *after* the client socket's 'connect' handler. This caused the 'message' event to be missed and the test would never end (timing out in CI). This problem was more easily reproducible on a low resource (slow CPU) Windows (2012r2) installation. This commit waits until both handlers have been called before sending the handle to the master process. Fixes: nodejs#3957 PR-URL: nodejs#4444 Reviewed-By: Rich Trott <[email protected]>
PR-URL: nodejs#4455 Reviewed-By: Brian White <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Stephen Belanger <[email protected]> Reviewed-By: James M Snell <[email protected]>
Since headers are stored in an empty literal object ({}) instead of an object created with Object.create(null), care must be taken with property names inherited from Object. Currently there are only functions inherited, so we can safely check for existing strings instead. Fixes: nodejs#4456 PR-URL: nodejs#4460 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Minwoo Jung <[email protected]>
It avoids the creation of unnecessary handles. This issue is causing intermitent failures in `test-cluster-disconnect-race` on `FreeBSD` and `OS X`. The problem is that the `worker2.disconnect` is being called on the master before the `queryServer` is handled, causing the worker to be deleted, then the Server handle is created afterwards. Later on, when `removeWorker` is called from the `exit` handler, there are no workers left, but one handle, thus the `AssertionError`. Add a new `test/sequential/test-cluster-disconnect-leak` based on `test-cluster-disconnect-race` that creates lots of workers and fails consistently without this patch. PR-URL: nodejs#4465 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: Rich Trott <[email protected]>
Wait for worker2 to come online before doing anything that might result in an EPIPE. Fixes flakiness of test on Windows. Fixes: nodejs#3956 PR-URL: nodejs#4510 Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: James M Snell<[email protected]>
It's not guaranteed that the socket data is received in the same chunk as the upgrade response. Listen for the `data` event to make sure all the data is received. PR-URL: nodejs#4520 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: James M Snell <[email protected]>
If one were to set NODE_REPL_HISTORY to a string that contains only a space (" "), then the history file would be created with that name which can cause problems are certain systems. PR-URL: nodejs#4539 Reviewed-By: Sakthipriyan Vairamani <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Jeremiah Senkpiel <[email protected]>
Previously, test-cluster-disconnect-suicide-race had two issues: * Magic numbers: How many times to spawn a worker was determined through empirical experimentation. This means that as new platforms and new CPU/RAM configurations are tested, the magic numbers require more and more refinement. This brings us to... * Non-determinism: The test seems to fail all the time when the bug it tests for is present, but it's really a judgment based on sampling. "Oh, with 8 workers per CPU, it fails about 80% of the time. Let's try 16..." This revised version of the test takes a different approach. The fix for the bug that the test was written for means that the disconnect event will fire on a subsequent tick. So we check for that and the test still fails when the fix is not in the code base and succeeds when it is. Advantages of this approach include: * The test runs much faster. * The test should be reliable on any new platform regardless of CPU and RAM. PR-URL: nodejs#4739 Ref: nodejs#4674 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]>
- Hide the scrollbar on the TOC on all browsers. It was never the intention for it to be visible with the scroll indication in place. A wrapper element with 20px padding was added to accommodate for hopefully all scrollbar widths as well as to avoid overflowing content. - Fixed the scroll indication gradient on Safari, which was caused by the wrong from-color, which now matches the to-color. - Fixed a issue in old IE where the TOC didn't render on the correct position through setting `left: 0` and `top: 0` on it. PR-URL: nodejs#4748 Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#4753 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Evan Lucas <[email protected]>
Ref: http://eslint.org/docs/rules/space-in-parens.html PR-URL: nodejs#4753 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Evan Lucas <[email protected]>
rust-lang/prev.rust-lang.org#288 landed in the Rust repo so it seems like a good idea to just bring the updated list in. We also received a request to do this in nodejs/inclusivity#82 so this should resolve that. Thanks to [@Charlotteis](https://github.com/Charlotteis) for bringing up the original issue. Reviewed-By: Jeremiah Senkpiel <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Сковорода Никита Андреевич <[email protected]> PR-URL: nodejs#4801 Fixes: nodejs/inclusivity#82
Replace grep with awk to add support for subkeys PR-URL: nodejs#4807 Reviewed-By: Rod Vagg <[email protected]>
PR-URL: nodejs#4872 Reviewed-By: João Reis <[email protected]> Reviewed-By: Jeremiah Senkpiel <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rebecca Turner <[email protected]>
PR-URL: nodejs#4872 Reviewed-By: João Reis <[email protected]> Reviewed-By: Jeremiah Senkpiel <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rebecca Turner <[email protected]>
This corresponds to npm/npm@6051a69 PR-URL: nodejs#4872 Reviewed-By: João Reis <[email protected]> Reviewed-By: Jeremiah Senkpiel <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rebecca Turner <[email protected]>
PR-URL: nodejs#4960 Reviewed-By: Jeremiah Senkpiel <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#4960 Reviewed-By: Jeremiah Senkpiel <[email protected]> Reviewed-By: James M Snell <[email protected]>
In some conditions it can happen that the client-side socket is destroyed before the server-side socket has gracefully closed, thus causing a 'ECONNRESET' error in this socket. To solve this, wait in the client-side socket for the 'end' event before closing it. PR-URL: nodejs#4043 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
PR-URL: nodejs#5110 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Myles Borins <[email protected]>
Currently a debug context is created for various calls to util. If the node debugger is being run the main context is the debug context. In this case node_contextify was freeing the debug context and causing everything to explode. This change moves around the logic and no longer frees the context. There is a concern about the dangling pointer The regression test was adapted from code submitted by @3y3 in nodejs#4815 Fixes: nodejs#4440 Fixes: nodejs#4815 Fixes: nodejs#4597 Fixes: nodejs#4952 PR-URL: nodejs#4815 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rich Trott <[email protected]>
There are other ways for malicious packages to do bad stuff on the system than executing time-consuming regexps, either way. So this does not look like a security release to me. |
Local tests are passing, but we still have the same issues regarding path lengths for windows LGTM |
8b08780
to
524b083
Compare
PR-URL: #5245 Reviewed-By: Myles Borins <[email protected]>
landed in |
PR-URL: #5245 Reviewed-By: Myles Borins <[email protected]>
Notable changes: This update to the LTS line includes a number of semver minor changes that have been staged for a number of months. This includes: * deps: backport 9da3ab6 from V8 upstream (Ali Ijaz Sheikh) - #3609 * http: handle errors on idle sockets (José F. Romaniello) - #4482 * src: add BE support to StringBytes::Encode() (Bryon Leung) - #3410 * tls: add `options` argument to createSecurePair (Коренберг Марк) - #2441 There are also quite a large number of semver patch changes including over 20 doc fixes and almost 50 test fixes. Notable semver patch changes include: * deps: upgrade to npm 2.14.18 (Kat Marchán) - #5245 * https: evict cached sessions on error (Fedor Indutny) - #4982 * process: support symbol events (cjihrig) - #4798 * querystring: improve parse() performance (Brian White) - #4675 PR-URL: #5301
PR-URL: #5245 Reviewed-By: Myles Borins <[email protected]>
Hey all!
This update includes only https://github.com/npm/npm/releases/tag/v2.14.18
It's mostly dependency updates, but there is one related to security:
5c095ef
Bump bundledDeps: hawk and is-my-json-valid to non-vuln ranges npm/npm#11341[email protected]
: Includes security-related dependency updates involvinghawk
andis-my-json-valid
(@remy and @simov)r @iarna
r @jasnell
r @thealphanerd
r @Fishrock123