-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: completely upgrade npm in LTS to 2.15.1 #5988
Conversation
LGTM |
@nodejs/lts |
this one already landed on v4.x It is missing a patch that gets rid of legacy test. @othiym23 would it make more sense to update 0.10 and 0.12 to the latest lts npm? |
@thealphanerd can you help land this one? I'd like to bundle it with the openssl fixes, same as #5987 for v0.10. |
@rvagg I'm going to see if I can get this PR working by manually adding 8acb886 on top... if that works than all should be good, otherwise we might need another update from npm.. I've pinged @othiym23 and @zkat over on irc... (and now here) I'll do a test right now and see if we get get away with a cherry-pick |
So it looks like we have afailing test on v0.12
It looks like this is a new test not present in 2.14.19 (version bundled with node v0.12.12). There were two npm test failures in that version Technically we have already shipped this version of npm, and this update is primarily meta data. I'm going to land this with the patch to fix testing in staging and we can decide to follow up as necessary. |
LGTM |
PR-URL: #5988 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
PR-URL: #5988 Reviewed-By: Myles Borins <myles.borins@gmail.com>
landed in 2b63396...810fb21 |
Notable changes: * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) #5988 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) #6553 - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details
Notable changes: * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) #5988 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) #6553 - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details
PR-URL: nodejs/node#5988 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
PR-URL: nodejs/node#5988 Reviewed-By: Myles Borins <myles.borins@gmail.com>
Notable changes: * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) nodejs/node#5988 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) nodejs/node#6553 - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details
This is the same as 4041ea6, only it includes the version tag marking it as
npm@2.15.1
(instead ofnpm@2.15.0
).My apologies for the confusion.
r: @thealphanerd
r: @rvagg