v4.4.2 proposal #5961
Merged
v4.4.2 proposal #5961
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fs.readFile, fs.writeFile and fs.appendFile doc changes pulled back from master included details not relevant to v4. PR-URL: #5877 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: James M Snell <[email protected]>
Uses better troff formatting. Removes v8 options from the man page. Also edits `node -h` in node.cc slightly. PR-URL: #5497 Reviewed-By: James Snell <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]>
Instead of leaking the arguments object by passing it as an argument to a function, copy it's contents to a new array, then pass the array. This allows V8 to optimize the function that contains this code, improving performance. PR-URL: #4361 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Brian White <[email protected]>
It's possible that the `end` event is emitted after the timeout fires causing the test to fail. Just remove the timer. If for some reason the `end` would never fire, the test will fail with a timeout. PR-URL: #5129 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rich Trott <[email protected]>
Removed an unused `var self = this` that is no longer required. PR-URL: #5224 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Evan Lucas <[email protected]> Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Remove unnecessary `self = this`. PR-URL: #5231 Reviewed-By: James M Snell <[email protected]>
use String.prototype.repeat() to simplify code, less code, more semantically. PR-URL: #5359 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: James M Snell <[email protected]>
On strict mode, "'use strict'; void 0; " is added as prefix in order to prevent "use strict" as the result value for let/const statements. It causes wrong column number in stack trace. PR-URL: #5416 Reviewed-By: Jeremiah Senkpiel <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Roman Reiss <[email protected]>
`isIPv4` and `isIPv6` are implemented on top of `isIP`, which in turn checks the sting for being both IPv4 and IPv6, which can be inefficient in some scenarios. This commit makes them use `uv_inet_pton` directly instead. PR-URL: #5478 Reviewed-By: Evan Lucas <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Roman Reiss <[email protected]>
PR-URL: #5500 Reviewed-By: Shigeki Ohtsu <[email protected]>
[Diffie-Hellman](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#Cryptographic_explanation) keys are composed of a `generator` a `prime` a `secret_key` and the `public_key` resulting from the math operation: ``` (generator ^ secret_key) mod prime = public_key ``` Diffie-Hellman keypairs will compute a matching shared secret if and only if the generator and prime match for both recipients. The generator is usually **2** and the prime is what is called a [Safe Prime](https://en.wikipedia.org/wiki/Safe_prime). Usually this matching is accomplished by using [standard published groups](http://tools.ietf.org/html/rfc3526). We expose access those groups with the `crypto.getDiffieHellman` function. `createDiffieHellman` is trickier to use. The original example had the user creating 11 bit keys, and creating random groups of generators and primes. 11 bit keys are very very small, can be cracked by a single person on a single sheet of paper. A byproduct of using such small keys were that it was a high likelihood that two calls of `createDiffieHellman(11)` would result in using the same 11 bit safe prime. The original example code would fail when the safe primes generated at 11 bit lengths did not match for alice and bob. If you want to use your own generated safe `prime` then the proper use of `createDiffieHellman` is to pass the `prime` and `generator` to the recipient's constructor, so that when they compute the shared secret their `prime` and `generator` match, which is fundamental to the algorithm. PR-URL: #5505 Reviewed-By: Brian White <[email protected]> Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: James M Snell <[email protected]>
It checks that `eval` is called with `.scope` as an input string. PR-URL: #5534 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: James M Snell <[email protected]>
Currently we are not testing that `npm install` works. This is a very naive / basic test that shells out to `npm install` in an empty `tempDir`. While this test will not be able to check that `npm install` is 100% working, it should catch certain edge cases that break it. PR-URL: #5166 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Alexis Campailla <[email protected]>
Make npm install a dependency that is defined as a relative path, so it avoids any network interaction. PR-URL: #5613 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Claudio Rodriguez <[email protected]>
Refs: #5615 PR-URL: #5619 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
`Console` constructor checks that `stdout.write()` is a function but does not do an equivalent check for `stderr.write()`. If `stderr` is not specified in the constructor, then `stderr` is set to be `stdout`. However, if `stderr` is specified, but `stderr.write()` is not a function, then an exception is not thrown until `console.error()` is called. This change adds the same check for 'stderr' in the constructor that is there for `stdout`. If `stderr` fails the check, then a `TypeError` is thrown. Took the opportunity to copyedit the `console` doc a little too. PR-URL: #5635 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
This commit adds tests for several known issues. Refs: #1901 Refs: #728 Refs: #4778 Refs: #947 Refs: #2734 PR-URL: #5653 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rich Trott <[email protected]>
PR-URL: #5700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Changes the multiline return example commments in querystring which have the example out-of-comment, into single comment lines to remain consistent with other docs. PR-URL: #5705 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Sakthipriyan Vairamani <[email protected]>
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
Reduce resoures required by test. Clarify comment explaining source of test and what the test is looking for. Fixes: #5725 PR-URL: #5728 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
There were 2 tests using curl: `test-http-304.js` is removed because it was initially included to test that the 304 response does not contain a body, and this is already covered by `test-http-chunked-304.js`. `test-http-curl-chunk-problem` has been renamed and refactored so instead of using curl, it uses 2 child node processes: one for sending the HTTP request and the other to calculate the sha1sum. Originally, this test was introduced to fix a bug in `[email protected]`, and it was not fixed until `[email protected]`. A modified version of this test has been run with `[email protected]` and reproduces the problem. This same test has been run with `[email protected]` and runs correctly. Fixes: #5174 PR-URL: #5750 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Jeremiah Senkpiel <[email protected]>
PR-URL: #5765 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
This page is mostly a mirror of the updated manual page. PR-URL: #5787 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell [email protected]> Reviewed-By: Bryan English <[email protected]> Reviewed-By: Robert Lindstädt <[email protected]>
Improve the robustness of test-net-connect-options-ipv6.js PPC Suse build team encountered intermittent failures related to dns. Improve test to make it more robust in the face of intermittent dns issues. PR-URL: #5791 Reviewed-By: James M Snell <[email protected]>
Explain the expected properties in path.format Fixes: #5746 PR-URL: #5801 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]>
Test was flaky on centos7-64 due to an uncaught ECONNRESET on the worker code. This catches the error so the process will exit with code 0. Fixes: #5604 PR-URL: #5802 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: James M Snell <[email protected]>
Prefer the use of template string literals over string concatenation in the dns module, makes dns consistent with other modules basically doing #5778 for it. PR-URL: #5809 Reviewed-By: James M Snell <[email protected]>
Added a hint saying that node uses the default "Cannot find module" error when requiring a module for which the "main" file specified in the package.json is missing. PR-URL: #5812 Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: James M Snell <[email protected]>
Fixes: #5749 PR-URL: #5813 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
PR-URL: #5876 Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
Now that the CTC has expanded, this PR calls for a vote of the CTC to reinstate Michael Dawson (@mhdawson) as a full voting member. Voted on and approved by the CTC on 2016-03-23 PR-URL: #5633 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Alexis Campailla <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Fixes a copy typo in the events.md docs. PR-URL: #5849 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: James M Snell <[email protected]>
MylesBorins
added
meta
MylesBorins
force-pushed
the
v4.4.2-proposal
branch
from
b845334 to
68b31c9
Compare
MylesBorins
force-pushed
the
v4.4.2-proposal
branch
from
68b31c9 to
4b15023
Compare
MylesBorins
pushed a commit
that referenced
this pull request
Mar 30, 2016
Notable Changes
* https:
- Under certain conditions ssl sockets may have been causing a memory
leak when keepalive is enabled. This is no longer the case.
- (Alexander Penev) #5713
* lib:
- The way that we were internally passing arguments was causing a
potential leak. By copying the arguments into an array we can avoid this
- (Nathan Woltman) #4361
* repl:
- Previously if you were using the repl in strict mode the column number
would be wrong in a stack trace. This is no longer an issue.
- (Prince J Wesley) #5416
PR-URL: #5961
|
ci: https://ci.nodejs.org/job/node-test-pull-request/2099/ edit: ci is green 🎉 |
|
When are the AsyncWrap changes scheduled to land in |
|
@AndreasMadsen those changes will come in when they have been back ported by @trevnorris My assumption is that he is waiting for the implementation changes to calm down before moving them all at once. He can likely chime in with more details |
|
@thealphanerd An updated npm should probably be listed as a notable change. |
MylesBorins
force-pushed
the
v4.4.2-proposal
branch
from
4b15023 to
26a9939
Compare
MylesBorins
force-pushed
the
v4.4.2-proposal
branch
from
26a9939 to
e6f58c9
Compare
MylesBorins
force-pushed
the
v4.4.2-proposal
branch
from
e6f58c9 to
cf5bf47
Compare
MylesBorins
pushed a commit
that referenced
this pull request
Mar 31, 2016
Notable Changes
* https:
- Under certain conditions ssl sockets may have been causing a memory
leak when keepalive is enabled. This is no longer the case.
- (Alexander Penev) #5713
* lib:
- The way that we were internally passing arguments was causing a
potential leak. By copying the arguments into an array we can avoid this
- (Nathan Woltman) #4361
* npm:
- Upgrade to v2.15.1. (Forrest L Norvell)
* repl:
- Previously if you were using the repl in strict mode the column number
would be wrong in a stack trace. This is no longer an issue.
- (Prince J Wesley) #5416
PR-URL: #5961
Notable Changes
* https:
- Under certain conditions ssl sockets may have been causing a memory
leak when keepalive is enabled. This is no longer the case.
- (Alexander Penev) #5713
* lib:
- The way that we were internally passing arguments was causing a
potential leak. By copying the arguments into an array we can avoid this
- (Nathan Woltman) #4361
* npm:
- Upgrade to v2.15.1. Fixes a security flaw in the use of authentication
tokens in HTTP requests that would allow an attacker to set up a server
that could collect tokens from users of the command-line interface.
Authentication tokens have previously been sent with every request made
by the CLI for logged-in users, regardless of the destination of the
request. This update fixes this by only including those tokens for
requests made against the registry or registries used for the current
install. (Forrest L Norvell)
* repl:
- Previously if you were using the repl in strict mode the column number
would be wrong in a stack trace. This is no longer an issue.
- (Prince J Wesley) #5416
PR-URL: #5961
MylesBorins
force-pushed
the
v4.4.2-proposal
branch
from
cf5bf47 to
9ef4b1b
Compare
|
@richardlau thanks for pointing out the bit about npm. I was keeping things under raps until npm released their information first --> http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability |
MylesBorins
pushed a commit
that referenced
this pull request
Apr 1, 2016
Notable Changes
* https:
- Under certain conditions ssl sockets may have been causing a memory
leak when keepalive is enabled. This is no longer the case.
- (Alexander Penev) #5713
* lib:
- The way that we were internally passing arguments was causing a
potential leak. By copying the arguments into an array we can avoid this
- (Nathan Woltman) #4361
* npm:
- Upgrade to v2.15.1. Fixes a security flaw in the use of authentication
tokens in HTTP requests that would allow an attacker to set up a server
that could collect tokens from users of the command-line interface.
Authentication tokens have previously been sent with every request made
by the CLI for logged-in users, regardless of the destination of the
request. This update fixes this by only including those tokens for
requests made against the registry or registries used for the current
install. (Forrest L Norvell)
* repl:
- Previously if you were using the repl in strict mode the column number
would be wrong in a stack trace. This is no longer an issue.
- (Prince J Wesley) #5416
PR-URL: #5961
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
2016-03-31, Version 4.4.2 'Argon' (LTS), @thealphanerd
Notable Changes