Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v11.6.0 proposal #25175

Merged
merged 59 commits into from
Dec 26, 2018
Merged

v11.6.0 proposal #25175

merged 59 commits into from
Dec 26, 2018

Conversation

MylesBorins
Copy link
Contributor

@MylesBorins MylesBorins commented Dec 21, 2018

2018-12-26, Version 11.6.0 (Current), @MylesBorins

Notable Changes

  • cli:
    • add --max-http-header-size flag (cjihrig) #24811
  • crypto:
    • always accept certificates as public keys (Tobias Nießen) #24234
    • add key object API (Tobias Nießen) #24234
    • update root certificates (Sam Roberts) #25113
  • deps:
    • upgrade to libuv 1.24.1 (cjihrig) #25078
    • upgrade npm to 6.5.0 (Audrey Eschright) #24734
  • http:
    • add maxHeaderSize property (cjihrig) #24860

Commits

  • [a9ab28df2c] - assert: inspect getters (Ruben Bridgewater) #25004
  • [508cbaa1c3] - buffer: simplify code (Ruben Bridgewater) #25151
  • [16766bac60] - build: correct fi indentation in Makefile (Daniel Bevenius) #25107
  • [4513516f5e] - build: add a space to clarify skipping crypto msg (Daniel Bevenius) #25011
  • [7b2eefc103] - child_process: spawn ignores options in case args is undefined (Eduard Bondarenko) #24913
  • [edd8bd0ee0] - (SEMVER-MINOR) cli: add --max-http-header-size flag (cjihrig) #24811
  • [25c6053538] - (SEMVER-MINOR) crypto: always accept certificates as public keys (Tobias Nießen) #24234
  • [7c4dd14150] - (SEMVER-MINOR) crypto: add key object API (Tobias Nießen) #24234
  • [cd04a54a36] - crypto: update root certificates (Sam Roberts) #25113
  • [585e014e0a] - (SEMVER-MINOR) deps: upgrade npm to 6.5.0 (Audrey Eschright) #24734
  • [155d1d54bf] - deps: upgrade to libuv 1.24.1 (cjihrig) #25078
  • [0057af293a] - (SEMVER-MINOR) deps: cherry-pick http_parser_set_max_header_size (cjihrig) #24811
  • [9b9060db75] - doc: fix links in test/common/README.md (Vse Mozhet Byt) #25172
  • [9d80666b01] - doc: revise "Breaking Changes and Deprecations" (Rich Trott) #25116
  • [972b056650] - doc: describe root cert update process (Sam Roberts) #25113
  • [4561e2c984] - doc: revise "Breaking Changes" section of Collaborator Guide (Rich Trott) #25071
  • [2516e9cfd0] - doc,lib,test: capitalize comment sentences (Ruben Bridgewater) #24996
  • [d1a98a8d0a] - events: simplify stack compare function (Ruben Bridgewater) #24744
  • [5e1ec70703] - (SEMVER-MINOR) http: add maxHeaderSize property (cjihrig) #24860
  • [d93b642ccd] - lib: make internal API warning more direct (Rich Trott) #25125
  • [d23d63d48d] - lib: switch to object spread where possible (Ruben Bridgewater) #25104
  • [96bdd47734] - lib: refactor argument validation using validateString (ZYSzys) #24960
  • [0cde1a4fdc] - lib: remove unused NativeModule/NativeModule wraps (Joyee Cheung) #24904
  • [1a562ccef7] - os: use uv_os_gethostname() in hostname() (cjihrig) #25111
  • [85a136974e] - perf_hooks: make GC tracking state per-Environment (Anna Henningsen) #25053
  • [3f82144c98] - process: move environment variable proxy code into node_env_var.cc (Joyee Cheung) #25067
  • [e62471394c] - src: add DCHECK macros (kiyomizumia) #24359
  • [3dcdfe30fe] - src: use std::vector for setting up process.execPath (Anna Henningsen) #25069
  • [e0e1b6d2ef] - src: port GetLoadedLibraries for freebsd (Gireesh Punathil) #25106
  • [f213a055f6] - src: mark options parsers as const (Anna Henningsen) #25065
  • [a44910df5e] - src: unload addons when environment quits (Gabriel Schulhof) #24861
  • [c6388edf34] - src: handle empty Maybe in uv binding initialize (Anna Henningsen) #25079
  • [6f3b421dd5] - src: schedule destroy hooks in BeforeExit early during bootstrap (Joyee Cheung) #25020
  • [a4505c698f] - src: extract common Bind method (Jon Moss) #22315
  • [09a99c6834] - src: mark some global state as const (Anna Henningsen) #25052
  • [7f34c768da] - src: remove internalBinding('config').warningFile (Joyee Cheung) #24959
  • [c80ac7fae3] - (SEMVER-MINOR) src: add kUInteger parsing (Matteo Collina) #24811
  • [9c2e97e421] - test: fix test-tls-session-timeout (Rich Trott) #25188
  • [105650746b] - test: mark test-trace-events-api-worker-disabled flaky (Rich Trott) #25197
  • [57148f3be0] - test: remove Files: comment processing from Python test runner (Rich Trott) #25183
  • [8c469601ba] - test: add hasCrypto check to common flags check (Daniel Bevenius) #25147
  • [982b3906ec] - test: remove unnecessary eslint-disable comments (Rich Trott) #25119
  • [d09e3335a6] - test: remove obsolete eslint comments (cjihrig) #25088
  • [8279826ce6] - test: verify input flags (Ruben Bridgewater) #24876
  • [1f45b2370d] - test: add signal check to test-esm-cjs-main (Rich Trott) #25073
  • [3e1fe19194] - test: add missing tmpdir.refresh() in recently-added test (Rich Trott) #25098
  • [5eb5d1d7b1] - test: test internal/util/types in vm (ZYSzys) #25056
  • [9ad6bc2e6e] - test: remove magic numbers in test-gc-http-client-onerror (Rich Trott) #24943
  • [30b61554f6] - test: merge test with unnecessary child process (Sam Roberts) #25025
  • [8e8c651e40] - test,doc: add tests and docs for addon unloading (Anna Henningsen) #24861
  • [e340b8f1ff] - tls: re-define max supported version as 1.2 (Sam Roberts) #25024
  • [56fb66b34c] - tools: update ESLint to 5.11.0 (cjihrig) #25191
  • [440a161109] - tools: alphabetize IGNORED_SUITES in tools/test.py (Rich Trott) #25182
  • [7756279efe] - tools: report unused disable-directives for ESLint (Rich Trott) #25119
  • [66b5c3bdbd] - tools: update certdata.txt (Sam Roberts) #25113
  • [a5bccc2919] - tools: make apilinks building more robust (Joyee Cheung) #25019
  • [ed3303ba99] - tools: enable no-useless-constructor lint rule (cjihrig) #25055
  • [810e6ea471] - vm: reuse validateString of internal/validators (ZYSzys) #25074
  • [74e08c0458] - vm: simplify Script constructor options validation (cjihrig) #25054
  • [4f28da883f] - worker: fix nullptr deref after MessagePort deser failure (Anna Henningsen) #25076

cjihrig and others added 3 commits December 21, 2018 11:53
This commit adds http_parser_set_max_header_size() to the
http-parser for overriding the compile time maximum HTTP
header size.

PR-URL: #24811
Fixes: #24692
Refs: nodejs/http-parser#453
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
This commit adds support for uint64_t option parsing.

PR-URL: #24811
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Allow the maximum size of HTTP headers to be overridden from
the command line.

co-authored-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #24811
Fixes: #24692
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
@nodejs-github-bot nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. v11.x labels Dec 21, 2018
MylesBorins added a commit that referenced this pull request Dec 21, 2018
This is a special release to add a CLI flag to set the max http header size.
This should have been included in the 11.3.0 security release.

Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    #24811

PR-URL: #25175
@MylesBorins
Copy link
Contributor Author

CHANGELOG.md Outdated Show resolved Hide resolved
doc/changelogs/CHANGELOG_V11.md Outdated Show resolved Hide resolved
doc/changelogs/CHANGELOG_V11.md Outdated Show resolved Hide resolved
MylesBorins added a commit that referenced this pull request Dec 22, 2018
This is a special release to add a CLI flag to set the max http header size.
This should have been included in the 11.3.0 security release.

Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    #24811

PR-URL: #25175
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@targos
Copy link
Member

targos commented Dec 22, 2018

It would be awesome to get the latest npm with this as a Christmas present

@MylesBorins
Copy link
Contributor Author

MylesBorins commented Dec 22, 2018 via email

joyeecheung and others added 8 commits December 25, 2018 01:20
We now compile the native modules in C++ so these are no longer
used.

PR-URL: #24904
Refs:https://github.com/joyeecheung/node/commit/
bd765d6
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Instead use `require('internal/options')` lazily. Also refactor the
call site a bit so that the option is queried only once since it's
synchronous anyway.

PR-URL: #24959
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
PR-URL: #24960
Refs: #22101
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
spawn method ignores 3-d argument 'options' in case
the second one 'args' equals to 'undefined'.

Fixes: #24912

PR-URL: #24913
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Otherwise this is global state that may be subject to race
conditions e.g. when running `perf_hooks` inside of Worker threads.

Tracking the GC type is removed entirely since the variable was unused.

PR-URL: #25053
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit combines two related if statements into an
if-else statement.

PR-URL: #25054
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Mark some global variables as `const` or `constexpr`.

PR-URL: #25052
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit enables ESLint's no-useless-constructor rule. Note
that the documentation examples that only include constructor
calls were left in tact.

PR-URL: #25055
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Trott and others added 15 commits December 25, 2018 23:10
PR-URL: #25119
Refs: https://eslint.org/docs/user-guide/command-line-interface#--report-unused-disable-directives
Reviewed-By: Teddy Katz <teddy.katz@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Refs: https://eslint.org/docs/user-guide/command-line-interface#--report-unused-disable-directives

PR-URL: #25119
Reviewed-By: Teddy Katz <teddy.katz@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Before:
These APIs are exposed only for testing and are not tracked by any
versioning system or deprecation process.

After:
These APIs are for internal testing only. Do not use them.

PR-URL: #25125
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Currently, if node is configured --without-ssl there will be a number of
test errors related to crypto flags:

Error: Test has to be started with the flag: '--tls-v1.1'

This commit adds a hasCrypto check to the flags checking similar to what
is done for --without-intl.

PR-URL: #25147
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
We don't use any Files: comments in our tests so remove the Python code
for it from test/testpy/__init__.py.

PR-URL: #25183
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
This refactors some code for simplicity. It also removes a call
indirection used in the buffers custom inspect function.

PR-URL: #25151
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Masashi Hirano <shisama07@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
This adds check statements for debugging and refactors the code
accordingly.

PR-URL: #24359
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
PR-URL: #25172
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
This commit makes multiple important changes:

1. A new key object API is introduced. The KeyObject class itself is
   not exposed to users, instead, several new APIs can be used to
   construct key objects: createSecretKey, createPrivateKey and
   createPublicKey. The new API also allows to convert between
   different key formats, and even though the API itself is not
   compatible to the WebCrypto standard in any way, it makes
   interoperability much simpler.

2. Key objects can be used instead of the raw key material in all
   relevant crypto APIs.

3. The handling of asymmetric keys has been unified and greatly
   improved. Node.js now fully supports both PEM-encoded and
   DER-encoded public and private keys.

4. Conversions between buffers and strings have been moved to native
   code for sensitive data such as symmetric keys due to security
   considerations such as zeroing temporary buffers.

5. For compatibility with older versions of the crypto API, this
   change allows to specify Buffers and strings as the "passphrase"
   option when reading or writing an encoded key. Note that this
   can result in unexpected behavior if the password contains a
   null byte.

PR-URL: #24234
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #24234
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25182
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Refs: #24305

PR-URL: #25197
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Update ESLint to 5.11.0.

PR-URL: #25191
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Tests in pummel seem to break often and stay broken because they don't
get run in CI. In preparation for running pummel tests in CI once a day,
this fixes test-tls-session-timeout. `key` and `cert` are now the
contents of the relevant files and not the paths.

PR-URL: #25188
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #24734
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
MylesBorins added a commit that referenced this pull request Dec 26, 2018
Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    #24811
* crypto:
  - always accept certificates as public keys (Tobias Nießen)
    #24234
  - add key object API (Tobias Nießen) [#24234](#24234)
  - update root certificates (Sam Roberts)
    #25113
* deps:
  - upgrade to libuv 1.24.1 (cjihrig)
    #25078
  - upgrade npm to 6.5.0 (Audrey Eschright)
    #24734
* http:
  - add maxHeaderSize property (cjihrig)
    #24860

PR-URL: #25175
@MylesBorins
Copy link
Contributor Author

MylesBorins commented Dec 26, 2018

CI: https://ci.nodejs.org/job/node-test-pull-request/19811/ ✅(single failure is known flake on AIX)
CITGM: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/1705/ ✅manually tested failures and updated skip / flaky references in citgm lookup)
rc.3: https://nodejs.org/download/rc/v11.16.0-rc.3/

Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    #24811
* crypto:
  - always accept certificates as public keys (Tobias Nießen)
    #24234
  - add key object API (Tobias Nießen) [#24234](#24234)
  - update root certificates (Sam Roberts)
    #25113
* deps:
  - upgrade to libuv 1.24.1 (cjihrig)
    #25078
  - upgrade npm to 6.5.0 (Audrey Eschright)
    #24734
* http:
  - add maxHeaderSize property (cjihrig)
    #24860

PR-URL: #25175
@MylesBorins MylesBorins merged commit 968e901 into v11.x Dec 26, 2018
MylesBorins added a commit that referenced this pull request Dec 26, 2018
MylesBorins added a commit that referenced this pull request Dec 26, 2018
Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    #24811
* crypto:
  - always accept certificates as public keys (Tobias Nießen)
    #24234
  - add key object API (Tobias Nießen) [#24234](#24234)
  - update root certificates (Sam Roberts)
    #25113
* deps:
  - upgrade to libuv 1.24.1 (cjihrig)
    #25078
  - upgrade npm to 6.5.0 (Audrey Eschright)
    #24734
* http:
  - add maxHeaderSize property (cjihrig)
    #24860

PR-URL: #25175
@targos targos deleted the v11.6.0-proposal branch December 28, 2018 09:05
refack pushed a commit to refack/node that referenced this pull request Jan 14, 2019
Notable Changes:

* cli:
  - add --max-http-header-size flag (cjihrig)
    nodejs#24811
* crypto:
  - always accept certificates as public keys (Tobias Nießen)
    nodejs#24234
  - add key object API (Tobias Nießen) [nodejs#24234](nodejs#24234)
  - update root certificates (Sam Roberts)
    nodejs#25113
* deps:
  - upgrade to libuv 1.24.1 (cjihrig)
    nodejs#25078
  - upgrade npm to 6.5.0 (Audrey Eschright)
    nodejs#24734
* http:
  - add maxHeaderSize property (cjihrig)
    nodejs#24860

PR-URL: nodejs#25175
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lib / src Issues and PRs related to general changes in the lib or src directory.
Projects
None yet
Development

Successfully merging this pull request may close these issues.