Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v10.9.0 #22295

Merged
merged 159 commits into from
Aug 16, 2018
Merged

Release proposal: v10.9.0 #22295

merged 159 commits into from
Aug 16, 2018

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Aug 13, 2018

This also needs some security-related commits, for OpenSSL 1.1.0i when it comes out on the 14th, and some internal fixes that are currently embargoed. See https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ for details.

There are some semver-major PRs referenced here but my understanding is that they've been landed in a semver-patch way. @targos could you give me a 👍 on your work merging in V8 6.8 / #21079 and cherry-picking the non-semver-major parts of #20894 please?

Does anything else need to be said about V8 6.8?


Notable Changes

Commits

  • [82830a809b] - assert: fix loose assert with map and set (Ruben Bridgewater) #22145
  • [00f95039be] - benchmark: improve assert benchmarks (Ruben Bridgewater) #22211
  • [6622ac798d] - buffer: use FastBuffer when fill is set to 0 (Сковорода Никита Андреевич) #21989
  • [01147b4637] - build: make --shared-[...]-path work on Windows (Jeremy Apthorp) #21530
  • [08c3f09f30] - build: add CONFIG_FLAGS to with-code-cache target (Daniel Bevenius) #22207
  • [7135822386] - build: make tools/doc/node_modules non-phony (Daniel Bevenius) #22189
  • [d338d412cd] - build: add crypto check to build targets (Daniel Bevenius) #22148
  • [d12c9f5af1] - build: extract common parts from addon .buildstamp (Daniel Bevenius) #22171
  • [edaafcc3e2] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (Michaël Zasso) #21079
  • [58580e9ec2] - (SEMVER-MINOR) crypto: add better scrypt option aliases (Anna Henningsen) #21525
  • [9327a58984] - crypto: remove unused SSLWrap handle methods (Jon Moss) #22216
  • [bef02abb7d] - crypto: simplify state failure handling (Tobias Nießen) #22131
  • [3839ff0b7a] - crypto: simplify Hmac::HmacUpdate (Tobias Nießen) #22132
  • [d005ae0628] - (SEMVER-MINOR) crypto: add better scrypt option aliases (Anna Henningsen) #21525
  • [4dfafac497] - deps: backport c608122b from upstream (Ruben Bridgewater) #22210
  • [1ce38878ce] - deps: update archs files for OpenSSL-1.1.0i (Shigeki Ohtsu) #22318
  • [09a7f1efc6] - (SEMVER-MAJOR) deps: add s390 asm rules for OpenSSL-1.1.0 (Shigeki Ohtsu) #19794
  • [337f6b3573] - deps: upgrade openssl sources to 1.1.0i (Shigeki Ohtsu) #22318
  • [e1dcb795dd] - deps: cherry-pick 09bca09 from upstream V8 (Matheus Marchini) #22068
  • [4e6be4c659] - (SEMVER-MINOR) deps: remove thread_local to fix V8 compilation (Peter Marshall) #21668
  • [ce5cacda6e] - deps: refactor v8.gyp (Michaël Zasso) #22017
  • [3cf809d4d6] - (SEMVER-MINOR) deps: patch the V8 API to be backwards compatible with 6.7 (Peter Marshall) #21668
  • [48ab7dcc55] - deps: cherry-pick 804a693 from upstream V8 (Matheus Marchini) #21855
  • [eb9850a64f] - deps: V8: Backport of 0dd3390 from upstream (James M Snell) #21899
  • [ada715f9db] - deps: cherry-pick 907d7bc from upstream V8 (Michaël Zasso) #21838
  • [7299421bbc] - deps: cherry-pick 2075910 from upstream V8 (Michaël Zasso) #21838
  • [c712e8c56c] - deps: cherry-pick 555c811 from upstream V8 (Anna Henningsen) #21741
  • [a9ec8884ff] - deps: cherry-pick 477df06 from upstream v8 (Gus Caplan) #21644
  • [3afffebb5b] - deps: cherry-pick 70c4340 from upstream V8 (Matheus Marchini) #21126
  • [ffa835e3bb] - deps: cherry-pick acc336c from upstream V8 (Matheus Marchini) #21126
  • [5b6c40116a] - deps: cherry-pick b20faff from upstream V8 (Matheus Marchini) #21126
  • [d9f566a7be] - (SEMVER-MAJOR) deps: cherry-pick aa6ce3e from upstream V8 (Michaël Zasso) #21079
  • [d7af2fa9a7] - deps: cherry-pick 5dd3395 from upstream V8 (Matheus Marchini) #21386
  • [64e4e4eed9] - (SEMVER-MAJOR) deps: update v8.gyp and run Torque (Michaël Zasso) #21079
  • [2f6557390f] - (SEMVER-MAJOR) deps: update V8 to 6.8.275.24 (Michaël Zasso) #21079
  • [b7b4aa057d] - doc: simplify urlObject.hash text (Rich Trott) #22326
  • [9508911d1c] - doc: simplify urlObject.hash description (Rich Trott) #22326
  • [ec6a8611b5] - doc: simplify format description of urlObject.auth (Rich Trott) #22324
  • [3be55faaf5] - doc: remove redundant explanation of format (Rich Trott) #22324
  • [67e268ff20] - doc: use italics for words-as-words (Rich Trott) #22324
  • [127d2ca537] - doc: bump ICU version to avoid confusion (Csaba Palfi) #22313
  • [8f79a90db4] - doc: document 'inherit' option for stdio (non-shorthand) (James Bromwell) #22309
  • [9a31fdc903] - doc: clarify http2 docs around class exports (James M Snell) #22247
  • [05544bad21] - doc: add multiple issue templates for GitHub (Tobias Nießen) #22215
  • [79b7a58671] - doc: declare all parameter types (Sam Ruby) #21782
  • [bc6905bff6] - doc: add missing option for child_process.spawnSync() (James Bromwell) #22231
  • [ab1e5d1152] - doc: list encodings supported by buffer.transcode (James M Snell) #22263
  • [3814e467d3] - doc: discuss special protocol handling (James M Snell) #22261
  • [99793b8806] - doc: replace _WG_ with _team_ (Rich Trott) #22183
  • [e313961e17] - doc: add subprocess.ref() and subprocess.unref() (Thomas Hunter II) #22220
  • [5ba56e5695] - doc: add gdams to collaborators (George Adams) #22236
  • [e80c646702] - doc: specify options parameter type in zlib.md (Vse Mozhet Byt) #21920
  • [40af9767a2] - doc: declare all parameter types (Sam Ruby) #21782
  • [38dd407c83] - doc: remove unused error codes from errors.md (Сковорода Никита Андреевич) #21491
  • [6c7733f58a] - doc: update recommendations for createCipher (Tobias Nießen) #22087
  • [34300aaaa4] - doc: correct crypto.randomFill() and randomFillSync() (Gerhard Stoebich) #21550
  • [28870a46ac] - doc: add rubys to collaborators (Sam Ruby) #22109
  • [d2ad9a2c13] - doc: fix return type of server.address() (Weijia Wang) #22043
  • [168abb5801] - doc: rename stackStartFunction in assert.md (Eugene Y. Q. Shen) #22077
  • [d364f9c8e7] - doc: fix changelog for v10.8.0 (Michaël Zasso) #22072
  • [abac0c56b8] - doc: mark DEP0004 and DEP0042 as End-of-Life (Jon Moss) #22033
  • [c6a56ae23e] - doc: correct grammatical error in BUILDING.md (Brandon Lee) #22067
  • [29bc55320c] - doc: fixup process.binding deprecation code (James M Snell) #22062
  • [ec9d529a32] - doc: documentation deprecation of process.binding (James M Snell) #22004
  • [fdeace6a02] - (SEMVER-MINOR) fs: implement mkdir recursive (mkdirp) (Benjamin Coe) #21875
  • [37369eba38] - (SEMVER-MINOR) http: allow url and options to be passed to http*.request and http*.get (Sam Ruby) #21616
  • [1ca46ab6f4] - http,tls: name anonymous callbacks (Marco Levrero) #21412
  • [535e0e5be1] - http2: correcting the heading format (Anto Aravinth) #22262
  • [a562729e55] - http2: explicitly disallow nested push streams (James M Snell) #22245
  • [83373e2f7f] - http2: avoid race condition in OnHeaderCallback (James M Snell) #22256
  • [999f55a573] - http2: remove streamError from docs (James M Snell) #22246
  • [2bf9a4a09e] - https: allow url and options to be passed to https.request (Sam Ruby) #22003
  • [b97c73fd53] - inspector: tie objects lifetime to the thread they belong to (Eugene Ostroukhov) #22242
  • [64c89d2671] - inspector: unmark tests as flaky (Eugene Ostroukhov) #22253
  • [c96e552d4f] - inspector: add inspector_protocol as a direct dependency (Andrey Lushnikov) #21975
  • [311ec12702] - inspector: fixed V8InspectorClient::currentTimeMS (Aleksey Kozyatinskiy) #21917
  • [22b9691772] - lib: remove unused filterInternalStackFrames param (MaleDong) #22267
  • [193a0480cd] - lib: extract validateString validator (Jon Moss) #22101
  • [9e410328bd] - perf_hooks: avoid memory leak on gc observer (James M Snell) #22241
  • [76a65921d3] - readline,zlib: named anonymous functions (Anto Aravinth) #21792
  • [e4f346892c] - repl: support mult-line string-keyed objects (Sam Ruby) #21805
  • [b7c872a58a] - src: remove unnecessary writes in tls_wrap.cc (Anna Henningsen) #21984
  • [28d4d5fdb6] - src: avoid possible race during NodeBIO initialization (Anna Henningsen) #21984
  • [4590a1c3a2] - src: use smart pointers for NodeBIO (Anna Henningsen) #21984
  • [5b7419bc4c] - src: fix integer overflow in GetNow (Anatoli Papirovski) #22214
  • [b3eb10d9bd] - src: add READONLY_STRING_PROPERTY and simplify config (Jon Moss) #22222
  • [d13d60da12] - src: fix up doc comment for experimental-worker bool (Anna Henningsen) #22165
  • [13e1d63801] - src: remove calls to deprecated v8 functions (NumberValue) (Ujjwal Sharma) #22094
  • [9d801997c4] - src: remove unused env->vm_parsing_context_symbol (Jon Moss) #22034
  • [6ca00d7044] - src: remove unused env strings (Jon Moss) #22137
  • [0ca831a0ed] - src: clean up PackageConfig pseudo-boolean fields (Anna Henningsen) #21987
  • [00c33a5131] - src: clean up agent loop when exiting through destructor (Anna Henningsen) #21867
  • [ba480d33ce] - src: use only one tracing write fs req at a time (Anna Henningsen) #21867
  • [6b58746b2e] - src: use unique_ptr for internal JSON trace writer (Anna Henningsen) #21867
  • [ce48936077] - src: plug trace file file descriptor leak (Anna Henningsen) #21867
  • [89e23021fb] - src: initialize file trace writer on tracing thread (Anna Henningsen) #21867
  • [56edd5fc5b] - src: close tracing event loop (Anna Henningsen) #21867
  • [4c9c1bbc45] - src: fix tracing if cwd or file path is inaccessible (Anna Henningsen) #21867
  • [c101b396aa] - src: refactor default trace writer out of agent (Anna Henningsen) #21867
  • [daafe6c195] - src: refactor tracing agent code (Anna Henningsen) #21867
  • [4379140dbf] - src: minor refactor of node_trace_events.cc (Anna Henningsen) #21867
  • [cde0e5f396] - src: reduce unnecessary includes (Anna Henningsen) #21867
  • [1c61205d73] - stream: fix readable behavior for highWaterMark === 0 (Denys Otrishko) #21690
  • [65d1e027a3] - test: rename some allegories (Vse Mozhet Byt) #22307
  • [9feee1f665] - test: call gc() explicitly to avoid OOM (Refael Ackermann) #22301
  • [3804836534] - test: move test-http-client-timeout-option-with-agent to sequential (Ouyang Yadong) #22083
  • [dc57d4e87f] - test: add test-http2-large-file sequential test (James M Snell) #22254
  • [1ed03b0987] - test: fix error messages for OpenSSL-1.1.0i (Shigeki Ohtsu) #22318
  • [afd3d49d98] - test: improve test coverage for comparisons (Ruben Bridgewater) #22212
  • [0385e09745] - test: remove common.fileExists() (Rich Trott) #22151
  • [6f28557a17] - test: handle errors correctly in GC http test (Ouyang Yadong) #22185
  • [3666993e77] - test: remove second arg from assert.ifError() (Musa Hamwala) #22190
  • [3baeb82f43] - test: move require of https to after crypto check (Daniel Bevenius) #22148
  • [fcc150dbc1] - test: move require of http2 to after crypto check (Daniel Bevenius) #22148
  • [95b2467d5f] - test: don't mask descriptor.enumerable (Thomas Leah) #22172
  • [6f47a84656] - test: remove common.fileExists() (Richard Lau) #22200
  • [f1b34f99e0] - test: remove unused argument in assertion (yahavfuchs) #22113
  • [9d85a059b7] - test: check arg type for dnsPromises.resolve (Masashi Hirano) #22000
  • [43c5455ac9] - (SEMVER-MAJOR) test: update postmortem metadata test (cjihrig) #21079
  • [3175391e1d] - (SEMVER-MAJOR) test: fix scriptParsed event expectations (Ingvar Stepanyan) #21079
  • [a6b9ee9c89] - test: update certificates and private keys (Fedor Indutny) #22184
  • [d38ccaa421] - test: fix n-api addon build warnings (Kyle Farnung) #21808
  • [d66e52fb8e] - test: run ESM tests in parallel (Michaël Zasso) #21919
  • [6cff57e98d] - test: fix incorrect file mode check (Timothy Gu) #22023
  • [dafaff3a5e] - test: remove unused config (Benjamin Gruenbaum) #21985
  • [a569ae4b44] - test: remove third argument from assert.strictEqual() (Rishabh Singh) #22051
  • [a60060b499] - test: remove third argument from call to assert.strictEqual() (Michael Sommer) #22047
  • [246a94f301] - test: see value of "hadError" in tls test (Oryan Moshe) #22069
  • [a40ee213b3] - test: improve reliability in http2-session-timeout (Rich Trott) #22026
  • [e2d97eeb65] - test: remove outdated documentation (Jon Moss) #22009
  • [94746d6a47] - (SEMVER-MAJOR) test: remove outdated, non-functioning test (Anatoli Papirovski) #20894
  • [0beffc0f3b] - test: remove test/gc, integrate into parallel (Anna Henningsen) #22001
  • [c2372eac16] - test: add tracing crash regression test (Eugene Ostroukhov) #21867
  • [7e23080d45] - test: pass through stderr in benchmark tests (Anna Henningsen) #21860
  • [52020dc09a] - test: refactor test-http2-compat-serverresponse-finished.js (Anto Aravinth) #21929
  • [fbc45d408d] - test,doc: fix async-hooks coverage doc for md lint (Rod Vagg) #22296
  • [339f6f62a9] - test,doc: adjust markdown table for linting (Rich Trott) #22221
  • [ffb01dd151] - test,doc: adjust async-hooks coverage doc for lint (Rich Trott) #22221
  • [a0b3c4ac35] - test,doc: wrap common module md doc at 80 chars (Rich Trott) #22221
  • [2bab323a52] - test,doc: fix lint error in test fixtures (Rich Trott) #22221
  • [4ad4e377bc] - tls: change var to const (Eugen Cazacu) #22219
  • [7cb05cf2a0] - tls: remove SLAB_BUFFER_SIZE (Anatoli Papirovski) #21199
  • [b1a9cf756b] - tls: preallocate SSL cipher array (Tobias Nießen) #22136
  • [df7d33e398] - tools: fix header escaping regression (Sam Ruby) #22084
  • [f0c71d7361] - tools: add no-misleading-character-class ESLint rule (Vse Mozhet Byt) #22278
  • [f68b165532] - tools: do not autolink section to itself (Vse Mozhet Byt) #22138
  • [e152cf7209] - tools: update ESLint to 5.3.0 (Rich Trott) #22134
  • [44edfa436c] - tools: convert addon-verify to remark (Sam Ruby) #21978
  • [c85d00b786] - tools: produce JSON documentation using unified/remark/rehype (Sam Ruby) #21697
  • [f0c871b0c7] - tools: add make format-cpp to run clang-format on C++ diffs (Joyee Cheung) #21997
  • [5a4abbadfe] - tools: update to using dmn 1.0.11 (Rich Trott) #22035
  • [7a7c194f4e] - tools: fix docs and run known_issues by default (Jon Moss) #21910
  • [7933310a4b] - tools,build: apply markdown linting to test dir (Rich Trott) #22221
  • [fd318e70b5] - trace_events: add node.promises category, rejection counter (James M Snell) #22124
  • [df087cf09e] - util: improve display of iterators and weak entries (Ruben Bridgewater) #20961
  • [41b5172e11] - util,assert: fix boxed primitives bug (Ruben Bridgewater) #22243
  • [561b1f51df] - worker: fix deadlock when calling terminate from exit handler (Anna Henningsen) #22073
  • [00b0a62988] - zlib: remove unused parameters (MaleDong) #22115

antsmartian and others added 30 commits August 1, 2018 21:31
PR-URL: #21929
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This helps a lot with debugging failing benchmark tests,
which would otherwise just print an assertion for the
exit code (something like `+1 -0`, which yields almost no
information about a failure).

PR-URL: #21860
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Gabriel Schulhof <gabriel.schulhof@intel.com>
This is the first step in a long process of deprecating
`process.binding()` and replacing it with `internalBinding()`.

Eventually, once we have replaced internal uses of
`process.binding()` with `internalBinding()`, we can escalate
to a runtime deprecation and eventual end-of-life.

PR-URL: #22004
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Bryan English <bryan@bryanenglish.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
A forward declaration suffices and means that the tracing
agent header and its dependencies don’t need to be included
in nearly every Node.js file.

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Avoid unnecessary copies/extra operations & align with our style guide,
and add protection against throwing getters.

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Avoid unnecessary operations, add a bit of documentation,
and turn the `ClientHandle` smart pointer alias into a real
class.

This should allow de-coupling the unnecessary combination of
a single specific `file_writer` from `Agent`.

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
The agent code is supposed to manage multiple writers/clients.
Adding the default writer into the mix breaks that encapsulation.
Instead, manage default options through a separate "virtual"
default client handle, and keep the file writer management
all to the actual users.

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Otherwise this would have crashed the process.
In particular, checking the return value of an libuv call against `-1`
was invalid to begin with, as libuv uses it to propagate the
error code.

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Clean up resources when tearing down the tracing agent.

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Run the initialization for the file trace writer’s `uv_async_t`s
on the same thread as `uv_run()` for their loop to avoid race
conditions.

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Close existing file descriptors before overriding
the field with new ones.

Also, use `nullptr` as the loop for these synchronous
operations, since they do not run on the same thread
as the `uv_run()` call for the previously used loop.

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Concurrent writes to the same fd are generally not ideal,
since it’s not generally guaranteed that data from those
writes will end up on disk in the right order.

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Fixes: #22042

PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
PR-URL: #21867
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
PR-URL: #22062
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
There’s no reason to have a separate addon just for
testing GC anymore.

PR-URL: #22001
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Grammatical error corrected.

PR-URL: #22067
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
The timers directory test, utilizing FakeTime, has not worked in
quite a while and is not truly testing Node.js behaviour. If a
similar test is necessary it would be better suited to libuv
on which Node.js relies for timers functionality.

PR-URL: #20894
Fixes: #10154
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>

Backport-PR-URL: #22039
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
- Updates `test/README.md` with new suites
- Fixes some outdated `IGNORED_SUITES` listings
- Allows for `test/known_issues` suite to be run by default

PR-URL: #21910
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Lance Ball <lball@redhat.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
As noted by @richardlau, `Makefile` and `vcbuild.bat` no longer need to
be updated since they run the `default` suite.

PR-URL: #22009
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
`CryptoStream` was removed via 9301b8a.

PR-URL: #22033
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Add missing link at the top.

PR-URL: #22072
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Use `setImmediate()` instead of `setTimeout()` to improve robustness of
test-http2-session-timeout.

Fixes: #20628

PR-URL: #22026
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
The existing implementation created a state that if the assert failed
we got an error message without the values of hadError.
Removed the default error message and added a comment explaining the
assert.

PR-URL: #22069
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
PR-URL: #22047
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
PR-URL: #21792
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
On inspector side inside V8 we assume that this method should
return number of ms since epoch.

PR-URL: #21917
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
dmn 1.0.11 is available. Update update-eslint.sh to use it. Update
update-babel-eslint.sh to use it too via npx. Add removeNPMAbsolutePaths
to the latter while we're at it.

PR-URL: #22035
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
[assert.js](https://github.com/nodejs/node/blob/master/lib/assert.js)
uses `stackStartFn` everywhere instead of `stackStartFunction`.

This also increases consistency with `stackStartFn`
in the `AssertionError` options.

PR-URL: #22077
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
BridgeAR and others added 21 commits August 15, 2018 20:23
This reduces the runtime and makes sure the strict and loose options
can be tested individually.

Besides that a couple of redundant cases were removed.

PR-URL: #22211
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The timeout event cannot be precisely timed and the actual timeout
may be longer in some situations. Here we move this test into the
sequential folder to make it happens less likely.

PR-URL: #22083
Fixes: #22041
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: George Adams <george.adams@uk.ibm.com>
quick fix for #22065

Preferred long term fix can be found at:
#22140

PR-URL: #22084
Fixes: #22065
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
PR-URL: #22253
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Aleksei Koziatinskii <ak239spb@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Fixes: #22229

PR-URL: #22241
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yang Guo <yangguo@chromium.org>
Reviewed-By: George Adams <george.adams@uk.ibm.com>
Fixes: #19095

PR-URL: #22245
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
PR-URL: #22301
Refs: nodejs/reliability#12
Refs: #16354
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
PR-URL: #22307
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Actually we don't refer the `error` directly in
`filterInternalStackFrames`, so just remove it anyway.

PR-URL: #22267
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #22242
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Aleksei Koziatinskii <ak239spb@gmail.com>
PR-URL: #22262
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: George Adams <george.adams@uk.ibm.com>
PR-URL: #22309
Fixes: #22297
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
ICU has been on 6X for a while but example file name in Intl docs
still refers to it as 5X. It might be a small thing but I think
it's good to update this to avoid confusion.

PR-URL: #22313
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: George Adams <george.adams@uk.ibm.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #22324
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Bryan English <bryan@bryanenglish.com>
Simplify format explanation for urlObject.auth.

PR-URL: #22324
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Bryan English <bryan@bryanenglish.com>
The "at sign" is properly the "commercial at" but let's just avoid the
whole naming issue by putting the symbol right in the sentence.

PR-URL: #22324
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Bryan English <bryan@bryanenglish.com>
It's an octothorp, but no one knows what that is either so let's just
show the character in the sentence and be done with it.

PR-URL: #22326
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Bryan English <bryan@bryanenglish.com>
Remove "consists of" in favor of "is". Use "fragment identifier" instead
of "fragment" and remove quotes.

PR-URL: #22326
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Bryan English <bryan@bryanenglish.com>
CVE-2018-12115
Discovered by ChALkeR - Сковорода Никита Андреевич
Fix by Anna Henningsen

Writing to the second-to-last byte with UCS-2 encoding will cause a -1
length to be send to String::Write(), writing all of the provided Buffer
from that point and beyond.

Fixes: nodejs-private/security#203
PR-URL: nodejs-private/node-private#138
CVE-2018-7166
Discovered by ChALkeR - Сковорода Никита Андреевич

Prevent Buffer.alloc(size, fill, number) from returning uninitialized memory.

Fixes: nodejs-private/security#202
PR-URL: nodejs-private/node-private#137
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Notable changes:

* buffer:
  * Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
    (CVE-2018-12115)
  * Fix unintentional exposure of uninitialized memory in `Buffer.alloc()`
    (CVE-2018-7166)
* deps:
  * Upgrade to OpenSSL 1.1.0i, fixing:
    - Client DoS due to large DH parameter (CVE-2018-0732)
    - ECDSA key extraction via local side-channel (CVE not assigned)
  * Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) #21079
    - Memory reduction and performance improvements, details at:
      https://v8project.blogspot.com/2018/06/v8-release-68.html
* http: `http.get()` and `http.request()` (and `https` variants) can now accept
  three arguments to allow for a `URL` _and_ an `options` object
  (Sam Ruby) #21616
* Added new collaborators
  * Sam Ruby (https://github.com/rubys)
  * George Adams (https://github.com/gdams)
@jasnell
Copy link
Member

jasnell commented Aug 15, 2018

@rvagg

There are some semver-major PRs referenced here but my understanding is that they've been landed in a semver-patch way

Hmm... that is something that definitely needs to be explained in the release notes. Specifically, what does it mean "landed in a semver-patch way"?

@Trott Trott dismissed their stale review August 15, 2018 14:42

mkdirp removed from this release

@rvagg
Copy link
Member Author

rvagg commented Aug 16, 2018

Right OK, so I'm not going to clarify this in the release announcement because I'm manually stripping out "SEMVER-MAJOR" but here's the summary for the record:

So here's an interesting topic to mull on next time you're doing a release with SEMVER-MAJORs showing up that you know aren't semver-major: can we do some trickery with changelog-major and branch-diff to figure out the real PR of these changes and make a better assessment. Or should we change our procedures on cherry-picking commits into new PRs whereby we have additional metadata that indicates the real PR of the cherry-pick/backport?

Original-PR-URL: https://github....
PR-URL: https://github...

?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
build Issues and PRs related to build files or the CI. doc Issues and PRs related to the documentations. meta Issues and PRs related to the general management of the project. tools Issues and PRs related to the tools directory. v8 engine Issues and PRs related to the V8 dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.