-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v4.4.2 proposal #5961
v4.4.2 proposal #5961
Conversation
fs.readFile, fs.writeFile and fs.appendFile doc changes pulled back from master included details not relevant to v4. PR-URL: #5877 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <mic.besace@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Uses better troff formatting. Removes v8 options from the man page. Also edits `node -h` in node.cc slightly. PR-URL: #5497 Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Instead of leaking the arguments object by passing it as an argument to a function, copy it's contents to a new array, then pass the array. This allows V8 to optimize the function that contains this code, improving performance. PR-URL: #4361 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net>
It's possible that the `end` event is emitted after the timeout fires causing the test to fail. Just remove the timer. If for some reason the `end` would never fire, the test will fail with a timeout. PR-URL: #5129 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Removed an unused `var self = this` that is no longer required. PR-URL: #5224 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Remove unnecessary `self = this`. PR-URL: #5231 Reviewed-By: James M Snell <jasnell@gmail.com>
use String.prototype.repeat() to simplify code, less code, more semantically. PR-URL: #5359 Reviewed-By: Michaël Zasso <mic.besace@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
On strict mode, "'use strict'; void 0; " is added as prefix in order to prevent "use strict" as the result value for let/const statements. It causes wrong column number in stack trace. PR-URL: #5416 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io>
`isIPv4` and `isIPv6` are implemented on top of `isIP`, which in turn checks the sting for being both IPv4 and IPv6, which can be inefficient in some scenarios. This commit makes them use `uv_inet_pton` directly instead. PR-URL: #5478 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io>
PR-URL: #5500 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
[Diffie-Hellman](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#Cryptographic_explanation) keys are composed of a `generator` a `prime` a `secret_key` and the `public_key` resulting from the math operation: ``` (generator ^ secret_key) mod prime = public_key ``` Diffie-Hellman keypairs will compute a matching shared secret if and only if the generator and prime match for both recipients. The generator is usually **2** and the prime is what is called a [Safe Prime](https://en.wikipedia.org/wiki/Safe_prime). Usually this matching is accomplished by using [standard published groups](http://tools.ietf.org/html/rfc3526). We expose access those groups with the `crypto.getDiffieHellman` function. `createDiffieHellman` is trickier to use. The original example had the user creating 11 bit keys, and creating random groups of generators and primes. 11 bit keys are very very small, can be cracked by a single person on a single sheet of paper. A byproduct of using such small keys were that it was a high likelihood that two calls of `createDiffieHellman(11)` would result in using the same 11 bit safe prime. The original example code would fail when the safe primes generated at 11 bit lengths did not match for alice and bob. If you want to use your own generated safe `prime` then the proper use of `createDiffieHellman` is to pass the `prime` and `generator` to the recipient's constructor, so that when they compute the shared secret their `prime` and `generator` match, which is fundamental to the algorithm. PR-URL: #5505 Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
It checks that `eval` is called with `.scope` as an input string. PR-URL: #5534 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Currently we are not testing that `npm install` works. This is a very naive / basic test that shells out to `npm install` in an empty `tempDir`. While this test will not be able to check that `npm install` is 100% working, it should catch certain edge cases that break it. PR-URL: #5166 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Alexis Campailla <orangemocha@nodejs.org>
Make npm install a dependency that is defined as a relative path, so it avoids any network interaction. PR-URL: #5613 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
`Console` constructor checks that `stdout.write()` is a function but does not do an equivalent check for `stderr.write()`. If `stderr` is not specified in the constructor, then `stderr` is set to be `stdout`. However, if `stderr` is specified, but `stderr.write()` is not a function, then an exception is not thrown until `console.error()` is called. This change adds the same check for 'stderr' in the constructor that is there for `stdout`. If `stderr` fails the check, then a `TypeError` is thrown. Took the opportunity to copyedit the `console` doc a little too. PR-URL: #5635 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
PR-URL: #5700 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Changes the multiline return example commments in querystring which have the example out-of-comment, into single comment lines to remain consistent with other docs. PR-URL: #5705 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
There were 2 tests using curl: `test-http-304.js` is removed because it was initially included to test that the 304 response does not contain a body, and this is already covered by `test-http-chunked-304.js`. `test-http-curl-chunk-problem` has been renamed and refactored so instead of using curl, it uses 2 child node processes: one for sending the HTTP request and the other to calculate the sha1sum. Originally, this test was introduced to fix a bug in `nodejs@0.2.x`, and it was not fixed until `nodejs@0.2.5`. A modified version of this test has been run with `nodejs@0.2.0` and reproduces the problem. This same test has been run with `nodejs@0.2.6` and runs correctly. Fixes: #5174 PR-URL: #5750 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
PR-URL: #5765 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This page is mostly a mirror of the updated manual page. PR-URL: #5787 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell jasnell@gmail.com> Reviewed-By: Bryan English <bryan@bryanenglish.com> Reviewed-By: Robert Lindstädt <robert.lindstaedt@gmail.com>
Improve the robustness of test-net-connect-options-ipv6.js PPC Suse build team encountered intermittent failures related to dns. Improve test to make it more robust in the face of intermittent dns issues. PR-URL: #5791 Reviewed-By: James M Snell <jasnell@gmail.com>
Added a hint saying that node uses the default "Cannot find module" error when requiring a module for which the "main" file specified in the package.json is missing. PR-URL: #5812 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #5876 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Now that the CTC has expanded, this PR calls for a vote of the CTC to reinstate Michael Dawson (@mhdawson) as a full voting member. Voted on and approved by the CTC on 2016-03-23 PR-URL: #5633 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Alexis Campailla <orangemocha@nodejs.org> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Fixes a copy typo in the events.md docs. PR-URL: #5849 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
b845334
to
68b31c9
Compare
68b31c9
to
4b15023
Compare
Notable Changes * https: - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - (Alexander Penev) #5713 * lib: - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this - (Nathan Woltman) #4361 * repl: - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - (Prince J Wesley) #5416 PR-URL: #5961
ci: https://ci.nodejs.org/job/node-test-pull-request/2099/ edit: ci is green 🎉 |
When are the AsyncWrap changes scheduled to land in |
@AndreasMadsen those changes will come in when they have been back ported by @trevnorris My assumption is that he is waiting for the implementation changes to calm down before moving them all at once. He can likely chime in with more details |
@thealphanerd An updated npm should probably be listed as a notable change. |
4b15023
to
26a9939
Compare
26a9939
to
e6f58c9
Compare
e6f58c9
to
cf5bf47
Compare
Notable Changes * https: - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - (Alexander Penev) #5713 * lib: - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this - (Nathan Woltman) #4361 * npm: - Upgrade to v2.15.1. (Forrest L Norvell) * repl: - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - (Prince J Wesley) #5416 PR-URL: #5961
Notable Changes * https: - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - (Alexander Penev) #5713 * lib: - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this - (Nathan Woltman) #4361 * npm: - Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) * repl: - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - (Prince J Wesley) #5416 PR-URL: #5961
cf5bf47
to
9ef4b1b
Compare
@richardlau thanks for pointing out the bit about npm. I was keeping things under raps until npm released their information first --> http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability |
Notable Changes * https: - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - (Alexander Penev) #5713 * lib: - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this - (Nathan Woltman) #4361 * npm: - Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) * repl: - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - (Prince J Wesley) #5416 PR-URL: #5961
2016-03-31, Version 4.4.2 'Argon' (LTS), @thealphanerd
Notable Changes