-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: upgrade npm to 3.9.3 #7030
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zkat
added
npm
Issues and PRs related to the npm client dependency or the npm registry.
dont-land-on-v4.x
labels
May 27, 2016
I've heard npm 3.9.3 is like 300mb because of some dependency? |
nyc output isn't included in this one. I made a mistake publishing last week that picked up the extra file. |
v3.9.3 uncompressed:
|
Tests pass for me locally. LGTM. |
Fishrock123
pushed a commit
to Fishrock123/node
that referenced
this pull request
May 28, 2016
Contains the following npm releases: - v3.9.0: https://github.com/npm/npm/releases/tag/v3.9.0 - v3.9.1: https://github.com/npm/npm/releases/tag/v3.9.1 - v3.9.2: https://github.com/npm/npm/releases/tag/v3.9.2 - v3.9.3: https://github.com/npm/npm/releases/tag/v3.9.3 PR-URL: nodejs#7030 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Thanks, landed in bd8b1dd 🎉 |
Fishrock123
pushed a commit
to Fishrock123/node
that referenced
this pull request
May 30, 2016
Contains the following npm releases: - v3.9.0: https://github.com/npm/npm/releases/tag/v3.9.0 - v3.9.1: https://github.com/npm/npm/releases/tag/v3.9.1 - v3.9.2: https://github.com/npm/npm/releases/tag/v3.9.2 - v3.9.3: https://github.com/npm/npm/releases/tag/v3.9.3 PR-URL: nodejs#7030 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
rvagg
pushed a commit
that referenced
this pull request
Jun 2, 2016
Contains the following npm releases: - v3.9.0: https://github.com/npm/npm/releases/tag/v3.9.0 - v3.9.1: https://github.com/npm/npm/releases/tag/v3.9.1 - v3.9.2: https://github.com/npm/npm/releases/tag/v3.9.2 - v3.9.3: https://github.com/npm/npm/releases/tag/v3.9.3 PR-URL: #7030 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
rvagg
added a commit
that referenced
this pull request
Jun 2, 2016
* buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or allocUnsafe() as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) #7030 * npm: Upgrade npm to 3.9.3 (Kat Marchán) #7030 * tty: Explicitly opt-in to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at #6980. (Jeremiah Senkpiel) #6895 * V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see #6980 for details. (Michaël Zasso) #6928
rvagg
added a commit
that referenced
this pull request
Jun 2, 2016
* buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or allocUnsafe() as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) #7030 * npm: Upgrade npm to 3.9.3 (Kat Marchán) #7030 * tty: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at #6980. (Jeremiah Senkpiel) #6895 * V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see #6980 for details. (Michaël Zasso) #6928
rvagg
added a commit
that referenced
this pull request
Jun 2, 2016
* buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or allocUnsafe() as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) #7030 * npm: Upgrade npm to 3.9.3 (Kat Marchán) #7030 * tty: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at #6980. (Jeremiah Senkpiel) #6895 * V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see #6980 for details. (Michaël Zasso) #6928
lukesampson
pushed a commit
to ScoopInstaller/Scoop
that referenced
this pull request
Jun 4, 2016
# Notable changes ## Notable changes * **buffer**: Ignore negative lengths in calls to `Buffer()` and `Buffer.allocUnsafe()`. This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or `allocUnsafe()` as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) [#7051](nodejs/node#7051) * **npm**: Upgrade npm to 3.9.3 (Kat Marchán) [#7030](nodejs/node#7030) - [`npm/npm@42d71be`](npm/npm@42d71be) [npm/npm#12685](npm/npm#12685) When using `npm ls <pkg>` without a semver specifier, `npm ls` would skip any packages in your tree that matched by name, but had a prerelease version in their `package.json`. ([@zkat](https://github.com/zkat)) - [`npm/npm@f04e05`](npm/npm@df04e05) [npm/npm#10013](npm/npm#10013) `read-package-tree@5.1.4`: Fixes an issue where `npm install` would fail if your `node_modules` was symlinked. ([@iarna](https://github.com/iarna)) - [`b894413`](npm/npm@b894413) [#12372](npm/npm#12372) Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install` would not get up the updated package. This corrects that. ([@misterbyrne](https://github.com/misterbyrne)) - This release includes `npm@3.9.0`, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis. * **tty**: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at <nodejs/node#6980>. (Jeremiah Senkpiel) [#6895](nodejs/node#6895) * **V8**: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see <node-inspector/node-inspector#864> for details. (Michaël Zasso) [#6928](nodejs/node#6928)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
Affected core subsystem(s)
deps
Description of change
Hey all! This release includes 4 releases of npm. Some notable changes:
npm/npm@42d71be
npm/npm#12685 When usingnpm ls <pkg>
without a semver specifier,npm ls
would skip any packages in your tree that matched by name, but had a prerelease version in theirpackage.json
. (@zkat)npm/npm@f04e05
npm/npm#10013read-package-tree@5.1.4
: Fixes an issue wherenpm install
would fail if yournode_modules
was symlinked. (@iarna)b894413
#12372 Changing a nested dependency in annpm-shrinkwrap.json
and then runningnpm install
would not get up the updated package. This corrects that. (@misterbyrne)npm@3.9.0
, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis.Changelogs
r: @iarna
r: @thealphanerd
r: @Fishrock123