Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v0.12.13 #5967

Closed
wants to merge 7 commits into from
Closed

Release proposal: v0.12.13 #5967

wants to merge 7 commits into from

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Mar 31, 2016

Notable changes:


Test: https://ci.nodejs.org/job/node-test-commit/2743/
Smoker: https://ci.nodejs.org/job/thealphanerd-smoker/165/
RC 1: https://nodejs.org/download/rc/v0.12.13-rc.1/

joaocgreis and others added 7 commits March 11, 2016 11:31
Invoke MSBuild specifying the target platform as generated by Gyp.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #5627
backport fix for test-http-get-pipeline-problem.js from master
to 0.12.X.  We've been seeing an intermittent failure
in runs for zLinux with SLES 12.  We confirmed that this fix
resolves the issue so would like it in 0.12.X

The original commit does not apply cleanly as the paths were
changed, but the actual change is identical.  The original commit was:

3ba4f71

PR-URL: #3013
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: James M Snell <jasnell@gmail.com>
openssl-1.0.1s disables EXPORT and LOW ciphers by default.
They are obsoleted ciphers and not safe for the current use.
Node LTS also deprecates them.

Fixes: nodejs/Release#85
PR-URL: #5712
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
DES-CBC-SHA is LOW cipher and disabled by default and it is used in
tests of hornorcipherorder. They are changed as to

- use RC4-SHA instead of DES-CBC-SHA.
- add ECDHE-RSA-AES256-SHA to entries to keep the number of ciphers.
- remove tests for non-default cipher because only SEED and IDEA are
available in !RC4:!HIGH:ALL.

Fixes: nodejs/Release#85
PR-URL: #5712
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: #5621
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Alexis Campailla <orangemocha@nodejs.org>
Notable changes:

* npm: Upgrade to v2.15.1. (Forrest L Norvell)
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
  are obsolete and not considered safe. This release of Node.js turns
  on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
  included in these lists which can be used in SSLv3 and higher. Full
  details can be found in our LTS discussion on the matter
  (nodejs/Release#85).
  (Shigeki Ohtsu) #5712
@r-52 r-52 added meta Issues and PRs related to the general management of the project. v0.12 labels Mar 31, 2016
@MylesBorins
Copy link
Contributor

@rvagg it looks like the node subset for the smoker was too aggressive and not testing on fedora or osx... would you like to run it again?

@rvagg
Copy link
Member Author

rvagg commented Mar 31, 2016

@thealphanerd ditto as for 0.10, would you mind having a go at this please? I'm preoccupied for most of the day unfortunately.

@MylesBorins
Copy link
Contributor

new citgm: https://ci.nodejs.org/job/thealphanerd-smoker/171/

edit: everything is green except for OSX which stalled during the build (infra related). I'm currently running the tests locally on v10.10.5

@MylesBorins
Copy link
Contributor

yeah I know... I'm not 100%, but with the new logging I can see that it always happens when trying to grab the ngrok binary... here are the results. Only failure is ws, and I'm going to test that locally

🎉🎉 CITGM Passed 🎉🎉

📛 But with Flaky Failures 📛

Passing Modules

  • lodash v4.7.0
  • underscore v1.8.3
  • request v2.69.0
  • commander v2.9.0
  • express v4.13.4
  • q v1.4.1
  • coffee-script v1.10.0
  • through2 v2.0.1
  • glob v7.0.3
  • gulp-util v3.0.7
  • jade v1.11.0
  • socket.io v1.4.5
  • fs-extra v0.26.7
  • body-parser v1.15.0
  • uglify-js v2.6.2
  • jquery v2.2.2
  • rimraf v2.5.2
  • david v7.0.1
  • eslint v2.5.3
  • tape v4.5.1
  • browserify v13.0.0
  • watchify v3.7.0
  • stylus v0.54.2
  • level v1.4.0
  • torrent-stream v1.0.2
  • gulp v3.9.1
  • moment v2.12.0
  • ws v1.0.1
  • vinyl v1.1.1
  • vinyl-fs v2.4.2
  • readable-stream v2.0.6
  • ftp v0.3.10
  • split2 v2.0.1
  • throughv v1.0.3
  • duplexer2 v0.1.4
  • bl v1.1.2
  • binary-split v1.0.2
  • spdy v3.2.3
  • dicer v0.2.5
  • spdy-transport v2.0.10
  • sax v1.2.1
  • duplexify v3.4.3
  • pumpify v1.3.4
  • from2 v2.1.1
  • flush-write-stream v1.0.0
  • jsonstream v1.0.3
  • csv-parser v1.9.3

Flaky Modules

  • react v0.14.8
    • Install Failed

@MylesBorins
Copy link
Contributor

so I'd say this release looks good to go as far as citgm is concerned... I'm just doing some local npm-testing and it seems like some of my concerns regarding the npm upgrade are not coming to light...

release LGTM

rvagg pushed a commit that referenced this pull request Mar 31, 2016
rvagg added a commit that referenced this pull request Mar 31, 2016
Notable changes:

* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
  authentication tokens in HTTP requests that would allow an attacker
  to set up a server that could collect tokens from users of the
  command-line interface. Authentication tokens have previously been
  sent with every request made by the CLI for logged-in users,
  regardless of the destination of the request. This update fixes this
  by only including those tokens for requests made against the
  registry or registries used for the current install.
  (Forrest L Norvell) #5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
  are obsolete and not considered safe. This release of Node.js turns
  on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
  included in these lists which can be used in SSLv3 and higher. Full
  details can be found in our LTS discussion on the matter
  (nodejs/Release#85).
  (Shigeki Ohtsu) #5712

PR-URL: #5967
rvagg added a commit that referenced this pull request Mar 31, 2016
Notable changes:

* npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm
  v2 LTS from the previously deprecated npm v1. (Forrest L Norvell)
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
  authentication tokens in HTTP requests that would allow an attacker
  to set up a server that could collect tokens from users of the
  command-line interface. Authentication tokens have previously been
  sent with every request made by the CLI for logged-in users,
  regardless of the destination of the request. This update fixes this
  by only including those tokens for requests made against the
  registry or registries used for the current install. IMPORTANT:
  This is a major upgrade to npm v2 LTS from the previously deprecated
  npm v1. (Forrest L Norvell) #5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
  are obsolete and not considered safe. This release of Node.js turns
  on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
  included in these lists which can be used in SSLv3 and higher. Full
  details can be found in our LTS discussion on the matter
  (nodejs/Release#85).
  (Shigeki Ohtsu) #5712

PR-URL: #5968
rvagg added a commit that referenced this pull request Apr 1, 2016
Notable changes:

* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
  authentication tokens in HTTP requests that would allow an attacker
  to set up a server that could collect tokens from users of the
  command-line interface. Authentication tokens have previously been
  sent with every request made by the CLI for logged-in users,
  regardless of the destination of the request. This update fixes this
  by only including those tokens for requests made against the
  registry or registries used for the current install.
  (Forrest L Norvell) #5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
  are obsolete and not considered safe. This release of Node.js turns
  on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
  included in these lists which can be used in SSLv3 and higher. Full
  details can be found in our LTS discussion on the matter
  (nodejs/Release#85).
  (Shigeki Ohtsu) #5712

PR-URL: #5967
rvagg added a commit that referenced this pull request Apr 1, 2016
Notable changes:

* npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm
  v2 LTS from the previously deprecated npm v1. (Forrest L Norvell)
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
  authentication tokens in HTTP requests that would allow an attacker
  to set up a server that could collect tokens from users of the
  command-line interface. Authentication tokens have previously been
  sent with every request made by the CLI for logged-in users,
  regardless of the destination of the request. This update fixes this
  by only including those tokens for requests made against the
  registry or registries used for the current install. IMPORTANT:
  This is a major upgrade to npm v2 LTS from the previously deprecated
  npm v1. (Forrest L Norvell) #5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
  are obsolete and not considered safe. This release of Node.js turns
  on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
  included in these lists which can be used in SSLv3 and higher. Full
  details can be found in our LTS discussion on the matter
  (nodejs/Release#85).
  (Shigeki Ohtsu) #5712

PR-URL: #5968
@jasnell jasnell closed this Apr 4, 2016
@targos targos deleted the v0.12.13-proposal branch April 27, 2016 13:01
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
Notable changes:

* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
  authentication tokens in HTTP requests that would allow an attacker
  to set up a server that could collect tokens from users of the
  command-line interface. Authentication tokens have previously been
  sent with every request made by the CLI for logged-in users,
  regardless of the destination of the request. This update fixes this
  by only including those tokens for requests made against the
  registry or registries used for the current install.
  (Forrest L Norvell) nodejs/node#5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
  are obsolete and not considered safe. This release of Node.js turns
  on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
  included in these lists which can be used in SSLv3 and higher. Full
  details can be found in our LTS discussion on the matter
  (nodejs/Release#85).
  (Shigeki Ohtsu) nodejs/node#5712

PR-URL: nodejs/node#5967
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants