Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v7.5.0 proposal #11062

Merged
merged 291 commits into from
Feb 1, 2017
Merged

v7.5.0 proposal #11062

merged 291 commits into from
Feb 1, 2017

Conversation

italoacasas
Copy link
Contributor

@italoacasas italoacasas commented Jan 29, 2017

2017-01-31, Version 7.5.0 (Current), @evanlucas

Thank you to @italoacasas for preparing the majority of this release.

This release contains security fixes to upgrade OpenSSL to version 1.0.2k.

Although the OpenSSL team have determined a maximum severity rating of "moderate", the Node.js
crypto team (Ben Noordhuis, Shigeki Ohtsu and Fedor Indutny) have determined the impact to Node
users is "low". Details on this determination can be found
on the Nodejs.org website.

Notable changes

  • crypto:
    • ability to select cert store at runtime (Adam Majer) #8334
    • Use system CAs instead of using bundled ones (Adam Majer) #8334
  • deps:
    • upgrade npm to 4.1.2 (Kat Marchán) #11020
    • upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
  • doc: add basic documentation for WHATWG URL API (James M Snell) #10620
  • process: add NODE_NO_WARNINGS environment variable (cjihrig) #10842
  • url: allow use of URL with http.request and https.request (James M Snell) #10638

Commits

reshnm and others added 30 commits January 27, 2017 08:11
The destroy_ids_idle_handle_ needs to be closed on
environment destruction. Not closing the handle leaves
a dangling pointer in the used uv loop. This leads to
undefined behavior when the uv loop is used after the
environment has been destroyed.

PR-URL: #10385
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
* use common.mustCall() where appropriate
* Buffer.allocUnsafe() -> Buffer.alloc()
* do crypto check before loading any additional modules
* specify 1ms duration for `setTimeout()`

PR-URL: #10225
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
We were transporting the heap statistics as uint32 values to JS land but
those wrap around for values > 4 GB.  Use 64 bits floats instead, those
should last us a while.

Fixes: #10185
PR-URL: #10186
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
This reverts commit f59b888
now that the libuv update containing the proper fix has
landed in 63243bc.

Ref: libuv/libuv#1054
Ref: #7837
PR-URL: #8645
Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #10510
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
See: https://url.spec.whatwg.org/#dom-url-origin

Also moves the tests for origins to the parsing tests
since now URL#origin matches the test cases by default.

PR-URL: #10552
Reviewed-By: James M Snell <jasnell@gmail.com>
new year new alias

PR-URL: #10586
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Remove the numbers from the comments to make it clear that
assert does not follow the
[CJS spec](http://wiki.commonjs.org/wiki/Unit_Testing/1.0).
Additionally, clean up the existing comments for consistent
formatting/language and ease of reading.

PR-URL: #10579
Fixes: #9063
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This updates util.inspect() to avoid accessing out-of-range indices of
the `arguments` object, which is known to cause optimization bailout.

Based on an average of 10 runs of the benchmark in
`benchmark/util/inspect.js`, this change improves the performance of
`util.inspect` by about 10%.

Relates to #10323

PR-URL: #10569
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Jackson Tian <shyvo1987@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
punycode/ICU is not specific to any particular module, so move it to
a more generic location.

PR-URL: #10446
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #10446
Reviewed-By: James M Snell <jasnell@gmail.com>
Some benchmarks' results are small values, so keeping decimals when
running them manually (not comparing) can be helpful.

PR-URL: #10559
Reviewed-By: James M Snell <jasnell@gmail.com>
array.shift() seems to be faster than arrayClone() when the item
to remove is at the front (at least with V8 5.4).

PR-URL: #10572
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
These changes result in ~50% improvement in the included benchmark.

PR-URL: #10580
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* use const instead of var
* use common.mustCall to control functions execution
* use assert.strictEqual instead of assert.equal
* use arrow functions
* remove console.error

PR-URL: #10521
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
We have had #9728
open for a while but the frequency of the failures
seems to be such that we should mark it as flaky
while we continue to investigate.

PR-URL: #10618
Reviewed-by: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit makes sure EventEmitter.emit() doesn't get deoptimized by
V8. The deopt happens when accessing out of bound indexes of the
`arguments` object.

This issue has been raised here: #10323 and this specific case might
become a more serious performance issue in upcoming V8 releases.

PR-URL: #10568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
PR-URL: #10568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Add the nodejs/python github team to the table of people to /cc for
reviews on python code.

PR-URL: #10637
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Pulls in new URL parsing tests from w3c web-platform-tests and updates
null password handling.

Refs: web-platform-tests/wpt@e001240
Refs: whatwg/url#186
PR-URL: #10601
Fixes: #10595
Reviewed-By: Michal Zasso <targos@protonmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Per a recent change to the URL spec, arbitrary %2e sequences
in URL paths that are not single or double dot segments are
not to be decoded.

Refs: whatwg/url#87
Refs: whatwg/url#156
Refs: web-platform-tests/wpt@d93247d
Fixes: #10598
PR-URL: #10602
Reviewed-By: Michal Zasso <targos@protonmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Fixes: nodejs/CTC#41

PR-URL: #10604
Fixes: https://github.com/nodejs/CTC#41
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Michal Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Use arrow functions and prefer `strictEqual` over `deepStrictEqual`
where it works.

PR-URL: #10611
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Keepalive sockets that are returned to the agent's freesocket pool were
previously capturing a reference to the ClientRequest that initiated the
request.

This commit eliminates that by moving the installation of the socket
listeners to a different function.

PR-URL: #10134
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* use let instead of var
* use assert.strictEqual instead of assert.equal
* swap assertions arguments to match the standard

PR-URL: #10600
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Currently, when test/cctest/test_inspector_socket_server.cc is run there
is output written to stderr by src/inspector_socket_server.cc which is
interleaved with the gtest report:

Debugger listening on port 9229.
Warning: This is an experimental feature and could change at any time.
To start debugging, open the following URLs in Chrome:
  ...

The goal of this commit is to remove the above logged information
by introducing an out_ member in the InspectorSocketServer class
which defaults to stderr (keeping the current behavior).

Setting out_ to NULL is supported in which case nothing will be written
and is what the test has been configured with. When working on specific
test case the appropriate output stream can be specified for the
ServerHolder constructor to limit logging to that test case.

PR-URL: #10537
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
ESLint `indent` rule now has options that duplicate functionality in our
custom `align-function-arguments` rule. Remove
`align-function-arguments` custom rule.

PR-URL: #10561
Reviewed-By: Teddy Katz <teddy.katz@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
The `no-useless-regex-char-class-escape` custom lint rule was introduced
as a less aggressive alternative to some enhancements that were
introduced into ESLint. Those enhancements were blocking us from
updating ESLint. However, they have since been relaxed and the custom
rule is no longer needed. Remove it.

PR-URL: #10561
Reviewed-By: Teddy Katz <teddy.katz@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
There are places in the code base where setTimeout() or
setInterval() are called with just a callback and no duration/interval.
The timers module will use a value of `1` in that situation.

An unspecified duration or interval can be confusing. Did the original
author forget to provide a value? Did they intend to use setImmediate()
or process.nextTick() instead of setTimeout()? And so on.

This change provides a duration or interval of `1` to all calls in the
codebase where it is missing. `parallel/test-timers.js` still tests the
situation where `setTimeout()` and `setInterval()` are called with
`undefined` and other non-numeric values for the duration/interval.

PR-URL: #9472
Reviewed-By: Teddy Katz <teddy.katz@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Add a custom ESLint rule to require that setTimeout() and setInterval()
get called with at least two arguments. This prevents omitting the
duration or interval.

PR-URL: #9472
Reviewed-By: Teddy Katz <teddy.katz@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
DavidCai1111 and others added 7 commits January 31, 2017 14:09
PR-URL: #10964
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Calling `.As<Object>()` on a non-object aborts in debug mode,
but `node_url.cc` relied on it. Address that by using `Local<Value>`
until it has been confirmed that the handle actually is an object.

PR-URL: #11064
Reviewed-By: Michal Zasso <targos@protonmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
* Add an exception test.
* Add `common.mustCall()`.
* Make use of Arrow function.

PR-URL: #11034
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
removed unneccessary curly braces and return statement from
inspect arrow function
updated `assert.throws` regex to look for exact match at start
of string

PR-URL: #11039
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* Print the progress bar and the current benchmark to stderr
  when stderr is TTY and stdout is not.
* Allow cli arguments without values via setting.boolArgs
* Add --no-progress option

PR-URL: #10823
Fixes: #8659
Reviewed-By: Andreas Madsen <amwebdk@gmail.com>
PR-URL: #11020
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
PR-URL: #11080
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
TimothyGu and others added 7 commits January 31, 2017 15:05
PR-URL: #11057
Fixes: #10799
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
When parameter count is fixed, use literal Array instance is more
simply and avoid arguments leak also.

PR-URL: #10833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
PR-URL: #11085
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Use `common.mustCall()` to guarantee that the wrapped `_refreshSize()`
functions are invoked.

PR-URL: #11068
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michal Zasso <targos@protonmail.com>
PR-URL: #11061
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
`port` was listed as required, but as described in the following
paragraphs, it's actually not.

Also, note that setting `port` to `0` will also cause the OS to assign a
a random port and sync up the docs of both forms.

PR-URL: #11025
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Notable changes:

* crypto:
  * ability to select cert store at runtime (Adam Majer) #8334
  * Use system CAs instead of using bundled ones (Adam Majer) #8334
* deps:
  * upgrade npm to 4.1.2 (Kat Marchán) #11020
  * upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
* doc: add basic documentation for WHATWG URL API (James M Snell) #10620
* process: add NODE_NO_WARNINGS environment variable (cjihrig) #10842
* url: allow use of URL with http.request and https.request (James M Snell) #10638

PR-URL: #11062
evanlucas added a commit that referenced this pull request Feb 1, 2017
Notable changes:

* crypto:
  * ability to select cert store at runtime (Adam Majer) #8334
  * Use system CAs instead of using bundled ones (Adam Majer) #8334
* deps:
  * upgrade npm to 4.1.2 (Kat Marchán) #11020
  * upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
* doc: add basic documentation for WHATWG URL API (James M Snell) #10620
* process: add NODE_NO_WARNINGS environment variable (cjihrig) #10842
* url: allow use of URL with http.request and https.request (James M Snell) #10638

PR-URL: #11062
@evanlucas evanlucas merged commit 13a024d into v7.x Feb 1, 2017
@evanlucas evanlucas deleted the v7.5.0-proposal branch February 1, 2017 02:49
evanlucas added a commit to evanlucas/nodejs.org that referenced this pull request Feb 1, 2017
evanlucas added a commit to nodejs/nodejs.org that referenced this pull request Feb 1, 2017
@pi0
Copy link

pi0 commented Feb 1, 2017

Thats so sad :( It was previously mentioned that #11029 would be merged into this release. Is there any 7.x releases planned or we have to wait 3 months and expecting v8 > 5.5 ?

@MylesBorins
Copy link
Contributor

@pi0 don't be sad... we just need to make sure the build is safe before releasing it.

I spun up a test build of v7.5.0 with the V8 update if you want to test it out (give it another 30 minutes or so until it is done building)

https://nodejs.org/download/test/v7.5.1-test20170201baf1e18b0c/

You can install it with nvm too

$ NVM_NODEJS_ORG_MIRROR=https://nodejs.org/download/test nvm install v7.51-test20170201baf1e18b0

@evanlucas
Copy link
Contributor

@pi0 we cut v7.x releases at least every other week, so you shouldn't have to wait too long provided the PR gets approval by someone. :]

imyller added a commit to imyller/meta-nodejs that referenced this pull request Mar 2, 2017
    Notable changes:

    * crypto:
      * ability to select cert store at runtime (Adam Majer) #8334
      * Use system CAs instead of using bundled ones (Adam Majer) #8334
    * deps:
      * upgrade npm to 4.1.2 (Kat Marchán) #11020
      * upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
    * doc: add basic documentation for WHATWG URL API (James M Snell) #10620
    * process: add NODE_NO_WARNINGS environment variable (cjihrig) #10842
    * url: allow use of URL with http.request and https.request (James M Snell) #10638

    PR-URL: nodejs/node#11062

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.