v15.14.0 proposal #38084
Merged
v15.14.0 proposal #38084
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original commit message: fix "the the" typo in README.md file Refs: nodejs/cjs-module-lexer@22093e7 PR-URL: #37895 Reviewed-By: Pooja D P <Pooja.D.P@ibm.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Harshitha K P <harshitha014@gmail.com>
This completes code coverage for v8.js. Refs: https://coverage.nodejs.org/coverage-290c158018ac0277/lib/v8.js.html#L240 PR-URL: #37955 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This updates all sources in deps/openssl/openssl by:
$ git clone https://github.com/quictls/openssl
$ cd openssl
$ git checkout OpenSSL_1_1_1k+quic
$ cd ../node/deps/openssl
$ rm -rf openssl
$ cp -R ../openssl openssl
$ cd openssl && rm -rf .gitattributes .github/ .gitmodules .travis-apt-pin.preferences .travis-create-release.sh
$ cd ..
$ git add --all openssl
$ git commit openssl
PR-URL: #37916
Fixes: #37913
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
$ make -C deps/openssl/config
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/include/crypto/bn_conf.h
$ git add deps/openssl/openssl/include/crypto/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
PR-URL: #37916
Fixes: #37913
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
- Add a paragraph about case-insensitivity of encoding options. - Document "utf-8", "utf-16le" and "ucs-2" aliases. - Always use "utf8" in documentation for defaults and examples. PR-URL: #37945 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Exporting a variable that will be mutated later doesn't work. Refs: #37937 PR-URL: #37966 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #37893 Reviewed-By: Pooja D P <Pooja.D.P@ibm.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
PR-URL: #37992 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
PR-URL: #37949 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com>
As suggested in #37849 (comment) improve the error presented when encountering a large number of invalid frames by giving this situation a specific error code (which we should have had from the beginning). PR-URL: #37936 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
This was missed in the original PR. Refs: #34912 PR-URL: #37965 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Add documentation for net.connect AbortSignal, and add the support to tls.connect as well PR-URL: #37735 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Add abort signal support to Interface PR-URL: #37932 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
fix pre-aborted question handling PR-URL: #37929 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Change the wording to make the language more Inclusive. PR-URL: #37903 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Pooja D P <Pooja.D.P@ibm.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Change the wording to make the language more Inclusive. PR-URL: #37933 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
PR-URL: #37950 Reviewed-By: Pooja D P <Pooja.D.P@ibm.com> Reviewed-By: Harshitha K P <harshitha014@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: #37917 Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: #37917 Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: #37917 Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
The last als.run() will reactivate the als, hence the test should test for getting the object, not undefined PR-URL: #38008 Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
nodejs-github-bot
added
doc
PR-URL: #38029 Refs: https://www.w3.org/TR/WebCryptoAPI/#rsassa-pkcs1 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
PR-URL: #38024 Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
PR-URL: #38011 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
MylesBorins
added a commit
that referenced
this pull request
Apr 5, 2021
Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High) - **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High) Other Notable changes: fs: * (SEMVER-MINOR) add support for async iterators to `fsPromises.writeFile` (HiroyukiYagihashi) #37490 net: * (SEMVER-MINOR) allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917 * (SEMVER-MINOR) add SocketAddress class (James M Snell) #37917 * (SEMVER-MINOR) make net.BlockList cloneable (James M Snell) #37917 net,tls: * (SEMVER-MINOR) add abort signal support to connect (Nitzan Uziely) #37735 readline: * (SEMVER-MINOR) add AbortSignal support to interface (Nitzan Uziely) #37932 PR-URL: #38084
MylesBorins
force-pushed
the
v15.14.0-proposal
branch
from
28cf81b
to
02160fd
Compare
MylesBorins
added a commit
that referenced
this pull request
Apr 6, 2021
Notable Changes: This is a security release. Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High) - **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High) Other Notable changes: fs: * (SEMVER-MINOR) add support for async iterators to `fsPromises.writeFile` (HiroyukiYagihashi) #37490 net: * (SEMVER-MINOR) allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917 * (SEMVER-MINOR) add SocketAddress class (James M Snell) #37917 * (SEMVER-MINOR) make net.BlockList cloneable (James M Snell) #37917 net,tls: * (SEMVER-MINOR) add abort signal support to connect (Nitzan Uziely) #37735 readline: * (SEMVER-MINOR) add AbortSignal support to interface (Nitzan Uziely) #37932 PR-URL: #38084
MylesBorins
force-pushed
the
v15.14.0-proposal
branch
from
02160fd
to
7f4f37c
Compare
Notable Changes: This is a security release. Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High) - **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High) Other Notable changes: fs: * (SEMVER-MINOR) add support for async iterators to `fsPromises.writeFile` (HiroyukiYagihashi) #37490 net: * (SEMVER-MINOR) allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917 * (SEMVER-MINOR) add SocketAddress class (James M Snell) #37917 * (SEMVER-MINOR) make net.BlockList cloneable (James M Snell) #37917 net,tls: * (SEMVER-MINOR) add abort signal support to connect (Nitzan Uziely) #37735 readline: * (SEMVER-MINOR) add AbortSignal support to interface (Nitzan Uziely) #37932 PR-URL: #38084
MylesBorins
force-pushed
the
v15.14.0-proposal
branch
from
7f4f37c
to
1a34e9c
Compare
|
@bricss I unfortunately don't have time to add them back and re run all the testing. it will have to wait for the next release |
MylesBorins
added a commit
that referenced
this pull request
Apr 6, 2021
Notable Changes: This is a security release. Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High) - **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High) Other Notable changes: fs: * (SEMVER-MINOR) add support for async iterators to `fsPromises.writeFile` (HiroyukiYagihashi) #37490 net: * (SEMVER-MINOR) allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917 * (SEMVER-MINOR) add SocketAddress class (James M Snell) #37917 * (SEMVER-MINOR) make net.BlockList cloneable (James M Snell) #37917 net,tls: * (SEMVER-MINOR) add abort signal support to connect (Nitzan Uziely) #37735 readline: * (SEMVER-MINOR) add AbortSignal support to interface (Nitzan Uziely) #37932 PR-URL: #38084
MylesBorins
added a commit
to nodejs/nodejs.org
that referenced
this pull request
Apr 6, 2021
MylesBorins
added a commit
to nodejs/nodejs.org
that referenced
this pull request
Apr 6, 2021
richardlau
added a commit
to richardlau/nodejs.org
that referenced
this pull request
Apr 12, 2021
Add links for Windows 64-bit Installer and Source Code. Refs: nodejs/node#38084
richardlau
added a commit
to nodejs/nodejs.org
that referenced
this pull request
Apr 12, 2021
Add links for Windows 64-bit Installer and Source Code. Refs: nodejs/node#38084
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
2021-04-06, Version 15.14.0 (Current), @MylesBorins
This is a security release.
Notable Changes
Vulnerabilties Fixed:
Other Notable Changes:
b6f4901221] - (SEMVER-MINOR) fs: add support for async iterators tofsPromises.writeFile(HiroyukiYagihashi) #374900709cbb7fe] - (SEMVER-MINOR) net: allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917daa8a7bbcf] - (SEMVER-MINOR) net: add SocketAddress class (James M Snell) #37917a4169ce519] - (SEMVER-MINOR) net: make net.BlockList cloneable (James M Snell) #37917669b81c68b] - (SEMVER-MINOR) net,tls: add abort signal support to connect (Nitzan Uziely) #37735a1123f0a29] - (SEMVER-MINOR) readline: add AbortSignal support to interface (Nitzan Uziely) #37932Commits
ac69b95e47] - crypto: use correct webcrypto RSASSA-PKCS1-v1_5 algorithm name (Filip Skokan) #38029960c6be229] - crypto: add buffering to randomInt (Tobias Nießen) #351104ef102d34e] - deps: update to cjs-module-lexer@1.1.1 (Guy Bedford) #37992f0e77149a4] - deps: update archs files for OpenSSL-1.1.1k (Hassaan Pasha) #37916bbdcdad2c6] - deps: upgrade openssl sources to 1.1.1k+quic (Hassaan Pasha) #37916913ec56798] - deps: cjs-module-lexer: cherry-pick 22093e765f (pezhmanparsaee) #37895afc6ab2122] - doc: fix asyncLocalStorage.run() description (Darkripper214) #38023b40d35d649] - doc: document how to unref stdin when using readline.Interface (Anu Pasumarthy) #38019ce14080473] - doc: move psmarshall to collaborators emeriti (Peter Marshall) #37994ae70aa3c63] - doc: add distinctive color for code elements inside links (Antoine du Hamel) #379508792c7c96b] - doc: add missing events.on metadata (Anna Henningsen) #37965a57dc06adf] - doc: improve Buffer's encoding documentation (Michaël Zasso) #37945f3fabb57cf] - doc: add missing cleanup step in OpenSSL upgrade (Tobias Nießen) #3792713c3924af8] - doc: add Windows-specific info to subprocess.kill() (João Lucas Lucchetta) #34867b6f4901221] - (SEMVER-MINOR) fs: add support for async iterators tofsPromises.writeFile(HiroyukiYagihashi) #37490ad7e34446c] - fs: fix chown abort (Darshan Sen) #38004d86aca9a77] - http: optimize debug function correctly (Michaël Zasso) #37966062541aae5] - http2: add specific error code for custom frames (Anna Henningsen) #379368525231902] - lib: change wording in lib/domain.js comment (Akhil Marsonya) #3793321e399be4c] - lib: change wording in lib/internal/child_process comment (Akhil Marsonya) #379033ab9619e56] - module: improve error message for invalid data URL (Antoine du Hamel) #377010709cbb7fe] - (SEMVER-MINOR) net: allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917daa8a7bbcf] - (SEMVER-MINOR) net: add SocketAddress class (James M Snell) #37917a4169ce519] - (SEMVER-MINOR) net: make net.BlockList cloneable (James M Snell) #37917669b81c68b] - (SEMVER-MINOR) net,tls: add abort signal support to connect (Nitzan Uziely) #37735a94cc27cbe] - path: refactor to use more primordials (Akhil Marsonya) #378936cc1e15669] - readline: fix pre-aborted signal question handling (Nitzan Uziely) #37929a1123f0a29] - (SEMVER-MINOR) readline: add AbortSignal support to interface (Nitzan Uziely) #37932629e72e9f4] - src: fix typo in node_mutex (Tobias Nießen) #38011e61cc0bfb0] - src: fix typos in crypto comments (Tobias Nießen) #380246ad0b6f0f5] - src: fix error handling for CryptoJob::ToResult (Tobias Nießen) #370763175559bed] - test: add extra space in test failure output (Qingyu Deng) #379570243376cfc] - test: use faster variant for rss (Pooja D P) #36839b02c352ad6] - test: fix test-tls-no-sslv3 for OpenSSL 3 (Richard Lau) #380270db1a1eacf] - test: deflake test-fs-read-optional-params (Luigi Pinca) #379914d50975cd7] - test: improve clarity of ALS-enable-disable.js (Darkripper214) #380085e15ae05d0] - test: add DataView test case for v8 serdes (Rich Trott) #379556d28a24f1c] - tools: update ESLint to 7.23.0 (Luigi Pinca) #3797951e7a33d54] - tools,doc: add "legacy" badge in the TOC (Antoine du Hamel) #37949570fbcef93] - url: forbid pipe in URL host (Darshan Sen) #37877