Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: upgrade npm to 3.9.3 #7030

Closed
wants to merge 1 commit into from
Closed

deps: upgrade npm to 3.9.3 #7030

wants to merge 1 commit into from

Conversation

zkat
Copy link
Contributor

@zkat zkat commented May 27, 2016

Checklist
  • tests and code linting passes
  • a test and/or benchmark is included
  • documentation is changed or added
  • the commit message follows commit guidelines
Affected core subsystem(s)

deps

Description of change

Hey all! This release includes 4 releases of npm. Some notable changes:

  • npm/npm@42d71be npm/npm#12685 When using npm ls <pkg> without a semver specifier, npm ls would skip any packages in your tree that matched by name, but had a prerelease version in their package.json. (@zkat)
  • npm/npm@f04e05 npm/npm#10013 read-package-tree@5.1.4: Fixes an issue where npm install would fail if your node_modules was symlinked. (@iarna)
  • b894413 #12372 Changing a nested dependency in an npm-shrinkwrap.json and then running npm install would not get up the updated package. This corrects that. (@misterbyrne)
  • This release includes npm@3.9.0, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis.
Changelogs

r: @iarna
r: @thealphanerd
r: @Fishrock123

@zkat zkat added npm Issues and PRs related to the npm client dependency or the npm registry. dont-land-on-v4.x labels May 27, 2016
@Fishrock123
Copy link
Contributor

I've heard npm 3.9.3 is like 300mb because of some dependency?

@zkat
Copy link
Contributor Author

zkat commented May 27, 2016

zkat@Kats-MacBook-Pro:~/Documents/code/npm(5e2fec7○) » du -h release/npm-3.9.3.tgz
3.0M    release/npm-3.9.3.tgz

nyc output isn't included in this one. I made a mistake publishing last week that picked up the extra file.

@mscdex
Copy link
Contributor

mscdex commented May 27, 2016

v3.9.3 uncompressed:

$ du -hc npm-npm-10dfe76 | tail -n1
24M total

@Fishrock123
Copy link
Contributor

Tests pass for me locally. LGTM.

Fishrock123 pushed a commit to Fishrock123/node that referenced this pull request May 28, 2016
@Fishrock123
Copy link
Contributor

Thanks, landed in bd8b1dd 🎉

Fishrock123 pushed a commit to Fishrock123/node that referenced this pull request May 30, 2016
rvagg pushed a commit that referenced this pull request Jun 2, 2016
Contains the following npm releases:
- v3.9.0: https://github.com/npm/npm/releases/tag/v3.9.0
- v3.9.1: https://github.com/npm/npm/releases/tag/v3.9.1
- v3.9.2: https://github.com/npm/npm/releases/tag/v3.9.2
- v3.9.3: https://github.com/npm/npm/releases/tag/v3.9.3

PR-URL: #7030
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
@rvagg rvagg mentioned this pull request Jun 2, 2016
rvagg added a commit that referenced this pull request Jun 2, 2016
* buffer: Ignore negative lengths in calls to Buffer() and
  Buffer.allocUnsafe(). This fixes a possible security concern
  (reported by Feross Aboukhadijeh) where user input is passed
  unchecked to the Buffer constructor or allocUnsafe() as it can
  expose parts of the memory slab used by other Buffers in the
  application. Note that negative lengths are not supported by the
  Buffer API and user input to the constructor should always be
  sanitised and type-checked.
  (Anna Henningsen) #7030
* npm: Upgrade npm to 3.9.3
  (Kat Marchán) #7030
* tty: Explicitly opt-in to blocking mode for stdio on OS X. A bug fix
  in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with
  Node's use of non-blocking stdio, particularly on OS X which has a
  small output buffer. This change should fix CLI applications that
  have been having problems with output since Node.js v6.0.0 on OS X.
  The core team is continuing to address stdio concerns that exist
  across supported platforms and progress can be tracked at
  #6980.
  (Jeremiah Senkpiel) #6895
* V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses
  problems experienced by users of node-inspector since Node.js
  v6.0.0, see #6980 for details.
  (Michaël Zasso) #6928
rvagg added a commit that referenced this pull request Jun 2, 2016
* buffer: Ignore negative lengths in calls to Buffer() and
  Buffer.allocUnsafe(). This fixes a possible security concern
  (reported by Feross Aboukhadijeh) where user input is passed
  unchecked to the Buffer constructor or allocUnsafe() as it can
  expose parts of the memory slab used by other Buffers in the
  application. Note that negative lengths are not supported by the
  Buffer API and user input to the constructor should always be
  sanitised and type-checked.
  (Anna Henningsen) #7030
* npm: Upgrade npm to 3.9.3
  (Kat Marchán) #7030
* tty: Default to blocking mode for stdio on OS X. A bug fix
  in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with
  Node's use of non-blocking stdio, particularly on OS X which has a
  small output buffer. This change should fix CLI applications that
  have been having problems with output since Node.js v6.0.0 on OS X.
  The core team is continuing to address stdio concerns that exist
  across supported platforms and progress can be tracked at
  #6980.
  (Jeremiah Senkpiel) #6895
* V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses
  problems experienced by users of node-inspector since Node.js
  v6.0.0, see #6980 for details.
  (Michaël Zasso) #6928
rvagg added a commit that referenced this pull request Jun 2, 2016
* buffer: Ignore negative lengths in calls to Buffer() and
  Buffer.allocUnsafe(). This fixes a possible security concern
  (reported by Feross Aboukhadijeh) where user input is passed
  unchecked to the Buffer constructor or allocUnsafe() as it can
  expose parts of the memory slab used by other Buffers in the
  application. Note that negative lengths are not supported by the
  Buffer API and user input to the constructor should always be
  sanitised and type-checked.
  (Anna Henningsen) #7030
* npm: Upgrade npm to 3.9.3
  (Kat Marchán) #7030
* tty: Default to blocking mode for stdio on OS X. A bug fix
  in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with
  Node's use of non-blocking stdio, particularly on OS X which has a
  small output buffer. This change should fix CLI applications that
  have been having problems with output since Node.js v6.0.0 on OS X.
  The core team is continuing to address stdio concerns that exist
  across supported platforms and progress can be tracked at
  #6980.
  (Jeremiah Senkpiel) #6895
* V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses
  problems experienced by users of node-inspector since Node.js
  v6.0.0, see #6980 for details.
  (Michaël Zasso) #6928
lukesampson pushed a commit to ScoopInstaller/Scoop that referenced this pull request Jun 4, 2016
# Notable changes

## Notable changes

* **buffer**: Ignore negative lengths in calls to `Buffer()` and `Buffer.allocUnsafe()`. This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or `allocUnsafe()` as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) [#7051](nodejs/node#7051)
* **npm**: Upgrade npm to 3.9.3 (Kat Marchán) [#7030](nodejs/node#7030)
  - [`npm/npm@42d71be`](npm/npm@42d71be) [npm/npm#12685](npm/npm#12685) When using `npm ls <pkg>` without a semver specifier, `npm ls` would skip any packages in your tree that matched by name, but had a prerelease version in their `package.json`. ([@zkat](https://github.com/zkat))
  - [`npm/npm@f04e05`](npm/npm@df04e05) [npm/npm#10013](npm/npm#10013) `read-package-tree@5.1.4`: Fixes an issue where `npm install` would fail if your `node_modules` was symlinked. ([@iarna](https://github.com/iarna))
  - [`b894413`](npm/npm@b894413) [#12372](npm/npm#12372) Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install` would not get up the updated package. This corrects that. ([@misterbyrne](https://github.com/misterbyrne))
  - This release includes `npm@3.9.0`, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis.
* **tty**: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at <nodejs/node#6980>. (Jeremiah Senkpiel) [#6895](nodejs/node#6895)
* **V8**: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see <node-inspector/node-inspector#864> for details. (Michaël Zasso) [#6928](nodejs/node#6928)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
npm Issues and PRs related to the npm client dependency or the npm registry.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants