Notable changes
* http: Writes no longer abort if the Socket is missing.
* process, async_hooks: Avoid problems when triggerAsyncId is undefined.
* zlib: Streams no longer attempt to process data when destroyed.
PR-URL: https://github.com/nodejs/node/pull/14399
Added comments to whatwg-url tests that they should not be changed until
modifications are merged upstream as per "Web Platform Tests" guidelines
PR-URL: https://github.com/nodejs/node/pull/14355
Fixes: https://github.com/nodejs/node/issues/12793
Refs: https://github.com/nodejs/node/blob/master/doc/guides/writing-tests.md
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Clarifies the default shell in Windows is process.env.ComSpec
and that cmd.exe is only used as a fallback. Functions whose
descriptions are affected include:
child_process.spawn, child_process.exec,
child_process.spawnsSync, and child_process.execSync.
PR-URL: https://github.com/nodejs/node/pull/14203
Fixes: https://github.com/nodejs/node/issues/14156
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
fs.rmdir() on the file (not directory) results in different errors on
Windows to everything else
Fixes: https://github.com/nodejs/node/issues/8797
PR-URL: https://github.com/nodejs/node/pull/14323
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Add a note to the stream docs specifying that at most a single
call to _transform can happen, and the provided callback()
should be used to process another chunk.
Fixes: https://github.com/nodejs/node/issues/3208
PR-URL: https://github.com/nodejs/node/pull/14321
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/14207
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jason Ginchereau <jasongin@microsoft.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
In support of the effort to add error codes to all errors
generated by Node.js, add an optional code parameter to the
helper functions used to throw/create errors in N-API.
PR-URL: https://github.com/nodejs/node/pull/13988
Fixes: https://github.com/nodejs/node/issues/13933
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Use a stronger criterion to identify objects in the prototype chain that store
pointers to native data that were added by previous calls to `napi_wrap()`.
Whereas the old criterion for identifying `napi_wrap()`-injected prototype
chain objects was to consider an object with an internal field
count of 1 to be such an object, the new criterion is to consider an object
with an internal field count of 2 such that the second field holds a
`v8::External` which itself contains a pointer to a global static string unique
to N-API to be a `napi_wrap()`-injected prototype chain object.
This greatly reduces the possibility of returning a pointer that was not
previously added with `napi_wrap()`, and it allows us to recognize that an
object has already undergone `napi_wrap()` and we can thus prevent a chain of
wrappers only the first of which is accessible from appearing in the prototype
chain, as would be the result of multiple calls to `napi_wrap()` using the same
object.
PR-URL: https://github.com/nodejs/node/pull/13872
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
Notable changes
* **build**:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
(Ali Ijaz Sheikh)
* **deps**:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks that
there is enough data for the required elements of an NAPTR record (2
int16, 3 bytes for string lengths) before processing a record. (David
Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/91
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
* **build**:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
(Ali Ijaz Sheikh)
* **deps**:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks that
there is enough data for the required elements of an NAPTR record (2
int16, 3 bytes for string lengths) before processing a record. (David
Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/92
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
Notable Changes:
* build:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node
up to collision attacks which could result in a Denial of Service.
We have temporarily disabled snapshots until a more robust solution
is found (Ali Ijaz Sheikh)
* deps:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks
that there is enough data for the required elements of an NAPTR
record (2 int16, 3 bytes for string lengths) before processing a
record. (David Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/89
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
Notable Changes:
* build:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node
up to collision attacks which could result in a Denial of Service.
We have temporarily disabled snapshots until a more robust solution
is found (Ali Ijaz Sheikh)
* deps:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks
that there is enough data for the required elements of an NAPTR
record (2 int16, 3 bytes for string lengths) before processing a
record. (David Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/90
If allowHalfOpen is set to false, the stream will automatically end the
writable side when the readable side ends, but not the other way around.
PR-URL: https://github.com/nodejs/node/pull/14127
Fixes: https://github.com/nodejs/node/issues/4044
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
V8 options allow either '_' or '-' to be used in options as a seperator,
such as "--abort-on_uncaught-exception". Allow these case variations
when used with NODE_OPTIONS.
PR-URL: https://github.com/nodejs/node/pull/14093
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
If the first parameter of `request.end` `data` is specified, it should
be equivalent to calling `request.write(data, encoding)` (not
`response.write(data, encoding)`) followed by `request.end(callback)`.
This mistake was introduced in commit
14b3aab7d289a568e4a9efa6cd07a6ced370e318:
date: 28 November 2015 at 7:30:32 AM GMT+8
author: jpersson <jonathan.persson@creuna.se>
committer: James M Snell <jasnell@gmail.com>
summary: doc: add links and backticks around names
PR-URL: https://github.com/nodejs/node/pull/14126
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: David Cai <davidcai1993@yahoo.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Its important for post-mortem diagnostics and should be more prominently
documented.
PR-URL: https://github.com/nodejs/node/pull/13931
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Julien Gilli <jgilli@nodejs.org>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Allow --abort-on-uncaught-exception in NODE_OPTIONS, its useful to
enable for post-mortem debugging.
PR-URL: https://github.com/nodejs/node/pull/13932
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* Remove pinning of eslint-plugin-markdown
An issue affecting Node.js source has been fixed in
eslint-plugin-markdown so we don't need to pin it to beta-4 anymore.
Refs: https://github.com/eslint/eslint-plugin-markdown/issues/69
* Update eslint-plugin-markdown up to 1.0.0-beta.7
* Fix docs for eslint-plugin-markdown@1.0.0-beta.7
PR-URL: https://github.com/nodejs/node/pull/14047
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Add clarification to the documentation on util.format()
and console.log() regarding how excessive arguments are treated
when the first argument is a non-format string
compared to when it is not a string at all.
PR-URL: https://github.com/nodejs/node/pull/14027
Fixes: https://github.com/nodejs/node/issues/13908
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
doc/api/cluster.md
L337: Use the definition link
doc/api/deprecations.md
L106: Fix the definition link name
doc/api/errors.md
L901: Remove unused definition
PR-URL: https://github.com/nodejs/node/pull/13970
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: David Cai <davidcai1993@yahoo.com>
PR-URL: https://github.com/nodejs/node/pull/13811
Reviewed-By: Jackson Tian <shyvo1987@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13974
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13733
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Marc Hernández Cabot
Jeremiah Senkpiel
Gautam Arora
Henry
Oleksandr Kushchak
Devin Boyer
Matteo Collina
Gunar C. Gessner
Lance Ball
Anna Henningsen
Michael Dawson
cornholio
James Sumners
starkwang
Kyle Farnung
Roman Shoryn
Gabriel Schulhof
Timothy Gu
Evan Lucas
Myles Borins
Rich Trott
Sam Roberts
Dean Coakley
Moogen Tian
XadillaX
Jan Krems
cjihrig
Refael Ackermann
Vse Mozhet Byt
MoonBall
Natanael Log
Daijiro Wachi
Ruben Bridgewater
Ruslan Iusupov
Matej Krajčovič
Alexander Gromnitsky
Tobias Nießen