-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: upgrade npm to 3.6.0 #4958
Conversation
Ah I may have stepped on some of your CI– I just repushed with |
Doesn't look like it got in the way of the CI job. restarted citgm. I'm also running |
@iarna I'm getting what appears to be a new failure:
|
@Fishrock123 that's the same failure I was getting. Do you have your progress config set off globally atm? |
Yeah my progress is disabled. I don't really think it should be picking it up globally though? |
I'll make a note to make that test agnostic to your configuration. |
@iarna I'm not really sure how npm tests work, my assumption is that it would be ideal to run them as isolated as possible, but perhaps that's not true? |
@Fishrock123 The tests broadly assume that you haven't fiddled with the defaults to various config values, which is not fantastic, but is fine for CI (and for the rest of us it's easy to tweak our configs while testing). When we see things where behavior is gonna be substantially different than expect if you change your config we've been trying to explicitly set the config that the test is testing, but it's been an as-we-go thing, not comprehensive. |
LGTM here. I assume we'll catch that particular config thing next time around. |
LGTM as well. Incremental steps :)
|
PR-URL: nodejs#4958 Reviewed-By: Myles Borins <mborins@us.ibm.com> Reviewed-By: Kat Marchán <kzm@sykosomatic.org> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
PR-URL: nodejs#4958 Reviewed-By: Myles Borins <mborins@us.ibm.com> Reviewed-By: Kat Marchán <kzm@sykosomatic.org> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Thanks, landed in d5d301f...18c12bb! @iarna Just a nit, I had to change the license commit message, it was a bit over 50 chars. :) |
@Fishrock123 Ah! I'll watch for that in future |
PR-URL: #4958 Reviewed-By: Myles Borins <mborins@us.ibm.com> Reviewed-By: Kat Marchán <kzm@sykosomatic.org> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
PR-URL: #4958 Reviewed-By: Myles Borins <mborins@us.ibm.com> Reviewed-By: Kat Marchán <kzm@sykosomatic.org> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. Notable changes * http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters. * http-parser: upgrade from 2.6.0 to 2.6.1 * npm: upgrade npm from 3.3.12 to 3.6.0 (Rebecca Turner) #4958 * openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits.
This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. Notable changes * http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters. * http-parser: upgrade from 2.6.0 to 2.6.1 * npm: upgrade npm from 3.3.12 to 3.6.0 (Rebecca Turner) #4958 * openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits.
PR-URL: nodejs#4958 Reviewed-By: Myles Borins <mborins@us.ibm.com> Reviewed-By: Kat Marchán <kzm@sykosomatic.org> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
PR-URL: nodejs#4958 Reviewed-By: Myles Borins <mborins@us.ibm.com> Reviewed-By: Kat Marchán <kzm@sykosomatic.org> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
This is the big one! After this I anticipate getting back into a weekly cadence of upstreaming things to Node.js.
Contains the changes in these releases:
Notable inclusions are:
bundleDependencies
are handled.npm outdated
reports linked modules &npm version
can now takefrom-git
as an argument.r: @Fishrock123
r: @jasnell
r: @mikeal