-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: completely upgrade npm in LTS to 2.15.1 #5987
Conversation
LGTM |
@jasnell that PR was made with |
Understood :-) |
@thealphanerd @Fishrock123 ... can I get another set of eyes to review this :-) |
I already review and landed on v4. We likely want an update to 2.15.3 in order to fix the removal of test-legacy Same for 0.12 /cc @othiym23 |
@nodejs/lts |
|
It's simple enough for us / me to do, but I was under the understanding that there were a rob ably no further releases for 0.10 and 0.12. The changes are pretty small. |
I think that we are still going to have a release this could be in /cc @rvagg |
so it seems like the npm v2 test suite is just not working on v0.10 with make. I installed the build of Things are looking good aside from the single failure we also saw on v0.12
Again, this is a new test, and we already have this version in production without many complaints afaik. With all of this being said I'm going to land this into |
LGTM |
PR-URL: #5987 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
landed as 3cff81c |
Notable changes: * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) #5987 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) #6553 - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details
Notable changes: * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) #5987 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) #6553 - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details
This is the same as feceb77, only it includes the version tag marking it as
npm@2.15.1
(instead ofnpm@2.15.0
).My apologies for the confusion.
r: @thealphanerd
r: @rvagg