Direct high-level discussion and questions about IP and trademark policy
to the TSC repository.
PR-URL: https://github.com/nodejs/node/pull/5227
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Rod Vagg <r@va.gg>
- Made scrolling of the sidebar not affect the main page by using a combination
of overflow:hidden and overflow:scroll.
- Changed the scrollbar of the sidebar to be visible again for accessibilty
reasons and removed the indication gradient because it was causing too much
issues.
- In WebKit-based browsers, the scrollbar received custom styling making it
appear to be outside of the sidebar.
- The main content is no longer limited to 702px width, but now uses all
available space.
- Changed the background of the code blocks to a very similar, but neutral
color and made inline blocks the same color.
- Made inline code blocks inside italic sections not italic.
- Simplified styling of api_stability classes by introducing a common class
name for the stability levels.
- Fixed various issues related to the green hover background on links.
- Fixed code box overflow outside the main content area.
- Various minor tweaks to paddings and margins.
- Cleaned up numbers in the stylesheet, removing unnecessary units, decimals
and empty selectors.
PR-URL: https://github.com/nodejs/node/pull/5198
Reviewed-By: James M Snell <jasnell@gmail.com>
This is needed to give users a grace period before actually breaking
modules that re-evaluate fs sources from context where internal modules
are not allowed, e.g. older version of graceful-fs module.
To be reverted in Node.js 7.0
Fixes: #5097, see also #1898, #2026, and #4525.
PR-URL: https://github.com/nodejs/node/pull/5102
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit improves escape() performance by up to 15% with the
existing querystring-stringify benchmarks by reducing the number
of string concatentations. A potential deopt is also avoided by
making sure the index passed to charCodeAt() is within bounds.
PR-URL: https://github.com/nodejs/node/pull/5012
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Before this, v8 would deopt when an out of bounds `inIndex` would get
passed to charCodeAt(). charCodeAt() returns NaN in such cases, so we
directly emulate that behavior as well.
Also, calls to charCodeAt() for constant strings have been replaced
by the raw character codes and parser state is now stored as an
integer instead of a string. Both of these provide a slight
performance increase.
PR-URL: https://github.com/nodejs/node/pull/5012
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
This commit improves parse() performance by ~20-200% with the various
querystring-parse benchmarks.
Some optimization strategies used in this commit include:
* Combining multiple searches (for '&', '=', and '+') on the same
string into a single loop
* Avoiding string.split()
* Minimizing creation of temporary strings
* Avoiding string decoding if no encoded bytes were found and the
default string decoder is being used
PR-URL: https://github.com/nodejs/node/pull/5012
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
This change adds ESLint rules that meet two criteria:
* recommended by ESLint
* require no code changes
These rules are:
* `no-func-assign`: Disallow overwriting a function that was written
as a function declaration.
* `no-negated-in-lhs`: Disallow negated left operand of `in` operator.
It prevents `if(!a in b)` when `if(!(a in b))` is intended.
* `no-obj-calls`: Disallow global object function calls. It prevents
errors like `JSON()` and `Math()`.
to exercise the code in tests or whatever, it can sneak in.
* `use-isnan`: Prevents errors like `if (foo == NaN)`
* `no-octal`: Disallows confusing constructs like `var num = 071;`
* `no-delete-var`: Delete works on properties, not variables. Disallows
`delete foo`.
PR-URL: https://github.com/nodejs/node/pull/5188
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Make sure that calling MakeCallback multiple times within the same stack
does not allow the nextTickQueue or MicrotaskQueue to be processed in
any more than the first MakeCallback call.
Check that domains enter/exit poperly with multiple MakeCallback calls
and that errors are handled as expected
PR-URL: https://github.com/nodejs/node/pull/4507
Reviewed-By: Fedor Indutny <fedor@indutny.com>
After attempting to use ReThrow() and Reset() there were cases where
firing the domain's error handlers was not happening. Or in some cases
reentering MakeCallback would still cause the domain enter callback to
abort (because the error had not been Reset yet).
In order for the script to properly stop execution when a subsequent
call to MakeCallback throws it must not be located within a TryCatch.
PR-URL: https://github.com/nodejs/node/pull/4507
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Environment::TickInfo::last_threw() is no longer in use.
Also pass Isolate to few methods and fix whitespace alignment.
PR-URL: https://github.com/nodejs/node/pull/4507
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Add a scope that will allow MakeCallback to know whether or not it's
currently running. This will prevent nextTickQueue and the
MicrotaskQueue from being processed recursively. It is also required to
wrap the bootloading stage since it doesn't run within a MakeCallback.
Ref: https://github.com/nodejs/node-v0.x-archive/issues/9245
PR-URL: https://github.com/nodejs/node/pull/4507
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Implementations of error handling between node::MakeCallback() and
AsyncWrap::MakeCallback() do not return at the same point. Make both
executions work the same by moving the early return if there's a caught
exception just after the AsyncWrap post callback. Since the domain's
call stack is cleared on a caught exception there is no reason to call
its exit() callback.
Remove the SetVerbose() statement in the AsyncWrap pre/post callback
calls since it does not affect the callback call.
PR-URL: https://github.com/nodejs/node/pull/4507
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Prior to this change, the NodeBIO objects used to wrap fixed data had
`num` equal to -1. This caused them to return -1 and set the retry flags
when they ran out of data. Since the data is fixed, that's incorrect.
Instead they should return zero to signal EOF.
This change adds a new, static function, NodeBIO::NewFixed to create a
BIO that wraps fixed data and which returns zero when exhausted.
The practical impact of this is limited since most (all?) the parsing
functions that these BIOs get passed to consider any return value less
than one to be EOF and ignore the retry flags anyway.
PR-URL: https://github.com/nodejs/node/pull/5105
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Ported by exinfinitum from a PR by jasnell:
see https://github.com/nodejs/node-v0.x-archive/pull/14185
Allows the running of v8 tests on node's packaged v8 source code.
Note that the limited win32 support added by jasnell has NOT been ported,
and so these tests are currently UNIX ONLY.
Note that gclient depot tools
(see https://commondatastorage.googleapis.com/
chrome-infra-docs/flat/depot_tools/docs/html/
depot_tools_tutorial.html#_setting_up) and subversion are required
to run tests.
To perform tests, run the following commands:
make v8 DESTCPU=(ARCH)
make test-v8 DESTCPU=(ARCH)
where (ARCH) is your CPU architecture, e.g. x64, ia32.
DESTCPU MUST be specified for this to work properly.
Can also do tests on debug build by using "make test-v8 DESTCPU=(ARCH)
BUILDTYPE=Debug", or perform intl or benchmark tests via make
test-v8-intl or test-v8-benchmarks respectively.
Note that by default, quickcheck and TAP output are disabled, and i18n
is enabled. To activate these options, use options"QUICKCHECK=True" and
"ENABLE_V8_TAP=True" respectively.
Use "DISABLE_V8_I18N" to disable i18n.
Use V8_BUILD_OPTIONS to allow custom user-defined flags to be
appended onto "make v8".
Any tests performed after changes to the packaged v8 file will require
recompiling of v8, which can be done using "make v8 DESTCPU=(ARCH)".
Finally, two additional files necessary for one of the v8 tests have
been added to the v8 folder.
PR-URL: https://github.com/nodejs/node/pull/4704
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
This commit adds support for async createConnection()
implementations and is still backwards compatible with
synchronous createConnection() implementations.
This commit also makes the http client more friendly with
generic stream objects produced by createConnection() by
checking stream.writable instead of stream.destroyed as the
latter is currently a net.Socket-ism and not set by the core
stream implementations.
PR-URL: https://github.com/nodejs/node/pull/4638
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit prevents child process stdio streams from being
automatically flushed on child process exit/close if a 'readable'
event handler has been attached at the time of exit.
Without this, child process stdio data can be lost if the process
exits quickly and a `read()` (e.g. from a 'readable' handler)
hasn't had the chance to get called yet.
Fixes: https://github.com/nodejs/node/issues/5034
PR-URL: https://github.com/nodejs/node/pull/5036
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit reverts the const usage introduced by 68a6abc
because v8 currently cannot optimize functions that contain
these uses of const (unsupported phi use of const variable).
The performance difference in this case can be up to ~130%
for non-ascii/binary string encodings.
PR-URL: https://github.com/nodejs/node/pull/5134
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Can now call fill() using following parameters if value is a String:
fill(string[, start[, end]][, encoding])
And with the following if value is a Buffer:
fill(buffer[, start[, end]])
The encoding is ignored if value is not a String. All other non-Buffer
values are coerced to a uint32.
A multibyte strings will simply be copied into the Buffer until the
number of bytes run out. Meaning partial strings can be left behind:
Buffer(3).fill('\u0222');
// returns: <Buffer c8 a2 c8>
In some encoding cases, such as 'hex', fill() will throw if the input
string is not valid.
PR-URL: https://github.com/nodejs/node/pull/4935
Reviewed-By: James M Snell <jasnell@gmail.com>
The comments make the config hard to scan. They do not provide any
information that isn't in the documentation links referred to in
comments (that are not being removed here).
Additionally, all rule config sections are alphabetically ordered for
easier scanning etc.
PR-URL: https://github.com/nodejs/node/pull/5151
Reviewed-By: Roman Reiss <me@silverwind.io>
Currently the test-tick-processor functionality in V8
depends on addresses being smaller than a full 64 bits. Aix supports
the full 64 bits and the result is that it does not process the
addresses correctly and runs of out memory.
Disabling until we get a fix upstreamed into V8.
PR-URL: https://github.com/nodejs/node/pull/5093
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Enable `no-proto` in `.eslintrc`.
Use `Object.setPrototypeOf()` and `Object.getPrototypeOf()`
instead of.
PR-URL: https://github.com/nodejs/node/pull/5140
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
The `root` and `GLOBAL` were never documented.
PR-URL: https://github.com/nodejs/node/pull/1838
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
This commit significantly improves performance of all path functions.
Optimization strategies include:
* Replacing regexps with manual parsers
* Avoiding unnecessary array creation (including split() + join())
* Returning earlier where possible to avoid unnecessary work
* Minimize unnecessary string creation and concatenations
* Combining string iterations
PR-URL: https://github.com/nodejs/node/pull/5123
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit adds new tests, executes tests for other platforms
instead of limiting platform-specific tests to those platforms,
and fixes a few style/formatting inconsistencies.
PR-URL: https://github.com/nodejs/node/pull/5123
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit splits each path benchmark into separate posix and
Windows benchmark files. This allows benchmarking (platform-)specific
inputs against specific platforms (only).
PR-URL: https://github.com/nodejs/node/pull/5123
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
The test would sometimes time out on some platforms. Take the initial
version of the test and instead of sending 100 handles, just send 2.
It still fails when run with the code before the change was introduced
and passes afterwards.
Remove test from parallel.status.
PR-URL: https://github.com/nodejs/node/pull/5121
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Fixes: https://github.com/nodejs/node/issues/3635
Enable eslint rule disallowing mixing tabs and spaces for indentation.
Modify the one file that had been mixing tabs and spaces.
PR-URL: https://github.com/nodejs/node/pull/5135
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Rearrange the style rules in .eslintrc to be in alphabetical order.
This has two benefits:
It means the rules appear in the same order as they do in the ESLint
documentation, easing cross-referencing.
It also means that it is much easier to determine with visual inspection
if a rule is set or not.
https://github.com/nodejs/node/pull/5135
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.
Notable changes
* http: fix defects in HTTP header parsing for requests and responses
that can allow request smuggling (CVE-2016-2086) or response
splitting (CVE-2016-2216). HTTP header parsing now aligns more
closely with the HTTP spec including restricting the acceptable
characters.
* http-parser: upgrade from 2.6.0 to 2.6.1
* npm: upgrade npm from 3.3.12 to 3.6.0
(Rebecca Turner) https://github.com/nodejs/node/pull/4958
* openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the
Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
parameters shorter than 1024-bits, up from the previous limit of
768-bits.
This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.
Note that this release includes a non-backward compatible change to
address a security issue. This change increases the version of the LTS
v4.x line to v4.3.0. There will be *no further updates* to v4.2.x.
* http: fix defects in HTTP header parsing for requests and responses
that can allow request smuggling (CVE-2016-2086) or response
splitting (CVE-2016-2216). HTTP header parsing now aligns more
closely with the HTTP spec including restricting the acceptable
characters.
* http-parser: upgrade from 2.5.0 to 2.5.1
* openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the
Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
parameters shorter than 1024-bits, up from the previous limit of
768-bits.
* src:
- introduce new `--security-revert={cvenum}` command line flag for
selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted using
`--security-revert=CVE-2016-2216`
PR-URL: https://github.com/nodejs/node-private/pull/20
This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.
Notable changes:
* http: fix defects in HTTP header parsing for requests and responses
that can allow request smuggling (CVE-2016-2086) or response
splitting (CVE-2016-2216). HTTP header parsing now aligns more
closely with the HTTP spec including restricting the acceptable
characters.
* http-parser: upgrade from 2.3.0 to 2.3.1
* openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the
Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
parameters shorter than 1024-bits, up from the previous limit of
768-bits.
* src:
- introduce new `--security-revert={cvenum}` command line flag for
selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted using
`--security-revert=CVE-2016-2216`
* build:
- xz compressed tar files will be made available from nodejs.org for
v0.12 builds from v0.12.10 onward
- A headers.tar.gz file will be made available from nodejs.org for
v0.12 builds from v0.12.10 onward, a future change to node-gyp
will be required to make use of these
PR-URL: https://github.com/nodejs/node-private/pull/24
This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.
Notable changes:
* http: fix defects in HTTP header parsing for requests and responses
that can allow request smuggling (CVE-2016-2086) or response
splitting (CVE-2016-2216). HTTP header parsing now aligns more
closely with the HTTP spec including restricting the acceptable
characters.
* http-parser: upgrade from 1.0 to 1.1
* openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the
Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
parameters shorter than 1024-bits, up from the previous limit of
768-bits.
* src:
- introduce new `--security-revert={cvenum}` command line flag for
selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted using
`--security-revert=CVE-2016-2216`
* build:
- xz compressed tar files will be made available from nodejs.org for
v0.10 builds from v0.10.42 onward
- A headers.tar.gz file will be made available from nodejs.org for
v0.10 builds from v0.10.42 onward, a future change to node-gyp
will be required to make use of these
PR-URL: https://github.com/nodejs/node-private/pull/25
The `--security-revert={cvenum}` command line flag is a special purpose
flag to be used only in stable or LTS branches when a breaking change
is required to address a security vulnerability. Whenever a vulnerability
requires a breaking change, and a CVE has been assigned, the flag can
be used to force Node to revert to the insecure behavior that was
implemented before the fix was applied.
Note that this flag is intended to be used only as a last resort in the
case a security update breaks existing code. When used, a security
warning will be printed to stderr when Node launches.
The `--security-revert={cvenum}` flag takes a single CVE number as an
argument. Multiple instances of the `--security-revert={cvenum}` flag
can be used on the command line to revert multiple changes.
Whenever a new `--security-revert={cvenum}` is enabled, it should be
documented in the release notes and in the API docs.
Master and the first release of a new major (e.g. v6.0) should not have
any reverts available.
Every time a new `--security-revert={cvenum}` is added, there should be
a semver-minor bump in the stable and LTS branch.
PR-URL: https://github.com/nodejs/node-private/pull/26
Reviewed-By: Rod Vagg <r@va.gg>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/nodejs/node/pull/4841
Reviewed-By: Benjamin Gruenbaum <inglor@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>