Skip to content

V5.10.2 proposal #6311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
MylesBorins wants to merge 66 commits into from
Closed

V5.10.2 proposal #6311

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
66 commits
Select commit Hold shift + click to select a range
eb15c8d
test: fix pummel test failures
Trott Apr 2, 2016
f6d16c1
src: add missing 'inline' keywords
bnoordhuis Apr 5, 2016
fd8e7de
doc: note about Android support
Trott Apr 4, 2016
8ab2d73
test: enforce strict mode for test-domain-crypto
Trott Apr 4, 2016
8952330
build: remove -f{data,function}-sections flags
bnoordhuis Apr 6, 2016
ab80b23
doc: simple doc typo fix
BrendonPierson Apr 4, 2016
9104902
doc: update openssl LICENSE using license-builder.sh
srl295 Apr 5, 2016
838efb4
deps: backport 125ac66 from v8 upstream
Apr 6, 2016
d7b63d0
test: refactor test-file-write-stream3
Trott Apr 5, 2016
ce6c5ac
doc: add example using algorithms not directly exposed
hillbrad Apr 7, 2016
e1ce18a
buffer: standardize array index check
trevnorris Apr 6, 2016
8f5a271
doc: add topic - event loop, timers, `nextTick()`
techjeffharris Apr 8, 2016
820dd58
repl: refactor repl.js
Trott Apr 6, 2016
b9ac6b0
path: fixing a test that breaks on some machines.
Apr 5, 2016
251fc03
test: fix flaky test-http-client-abort
Trott Apr 8, 2016
c3fecfd
doc: fix scrolling on iOS devices
lpinca Mar 23, 2016
a6cf6aa
tools,doc: fix incomplete json produced by doctool
firedfox Mar 31, 2016
052c919
tools,doc: fix json for grouped optional params
firedfox Mar 31, 2016
ff61555
doc: describe child.kill() pitfalls on linux
eljefedelrodeodeljefe Apr 5, 2016
79d612f
doc: clarification for maxBuffer and Unicode output
jasnell Apr 9, 2016
625951d
doc: add copy about how to curl SHA256.txt
Apr 8, 2016
11d617c
stream: Fix readableState.awaitDrain mechanism
addaleax Apr 2, 2016
e6df83d
tools: remove simplejson dependency
thefourtheye Apr 7, 2016
1b8dad2
test: fix flaky test-child-process-fork-net
Trott Apr 9, 2016
fa4956d
deps: cherry-pick 1383d00 from v8 upstream
indutny Apr 13, 2016
0c6bc2c
streams: support unlimited synchronous cork/uncork cycles
mcollina Apr 12, 2016
6021b82
repl: don’t complete non-simple expressions
addaleax Apr 14, 2016
2a0e70e
doc: fix incorrect references in buffer docs
Amery2010 Apr 14, 2016
6729ffc
deps: upgrade npm to 3.8.6
zkat Apr 11, 2016
ac3f0c5
deps: floating fix for npm's test-node script
zkat Apr 11, 2016
39f887e
benchmark: add module loader benchmark parameter
mscdex Feb 10, 2016
93ff5de
doc: add addaleax to collaborators
addaleax Apr 15, 2016
2bb5f95
doc: add santigimeno to collaborators
santigimeno Apr 15, 2016
5252f7a
doc: add iWuzHere to collaborators
imran-iq Apr 15, 2016
bc29c43
doc: add stefanmb to collaborators
stefanmb Apr 15, 2016
b88e3a4
doc: add domain postmortem
trevnorris Apr 11, 2016
c1c3585
test,vm: enable strict mode for vm tests
Trott Apr 15, 2016
39fb5f7
doc: clarify fs.watch() and inodes on linux, os x
jorangreef Apr 7, 2016
2567f2d
tools,doc: parse types in braces everywhere
estliberitas Feb 20, 2016
a31610e
process: fix incorrect usage of assert.fail()
Trott Apr 15, 2016
b22ab38
doc: native module reloading is not supported
bengl Apr 12, 2016
763a867
test,repl: use deepStrictEqual for false-y values
Fishrock123 Apr 14, 2016
46f774f
doc: explain differences in console.assert between node and browsers
jasnell Apr 12, 2016
dae99cb
gitignore: ignore VS 2015 *.VC.opendb files
Apr 5, 2016
1dc77e8
gitignore: adding .vs/ directory to .gitignore
Apr 13, 2016
b0457d9
tools: fix license-builder.sh again for ICU
srl295 Apr 5, 2016
8760dc6
doc: document intention and dangers of fs module Buffer API
seishun Apr 2, 2016
7066394
doc: fix http response event, Agent#getName
mdouglass Apr 1, 2016
41123d0
doc: DCO anchor that doesn't change
williamkapke Apr 18, 2016
599219d
doc: replace functions with arrow functions
hiroppy Apr 14, 2016
690192c
assert: respect assert.doesNotThrow message.
Aug 17, 2015
744fe56
test: fix test-net-settimeout flakiness
santigimeno Apr 12, 2016
4be2e15
test: fix flaky test-http-set-timeout-server
santigimeno Apr 15, 2016
ea3c09f
tools: update ESLint to 2.7.0
silverwind Apr 9, 2016
196cc0c
test: fix issues for ESLint 2.7.0
silverwind Apr 9, 2016
799f414
lib,test,tools: alignment on variable assignments
Trott Apr 16, 2016
6f01ff2
tools: lint for alignment of variable assignments
Trott Apr 16, 2016
b3e62f5
tools: improve js linter
mscdex Mar 10, 2016
5d5b9e1
build: allow test-ci to run tests in parallel
jbergstroem Apr 15, 2016
3bb38b6
test: move the debugger tests back to parallel
santigimeno Apr 15, 2016
089b855
test: move some test from sequential to parallel
santigimeno Apr 5, 2016
6319f1f
doc: path.format provide more examples
eversojk Mar 22, 2016
6606905
tools: move message listener to worker objects
mscdex Apr 15, 2016
0c96eb4
doc: fix broken references
gromnitsky Apr 13, 2016
ec11dfb
test: move debugger tests to sequential
Trott Apr 14, 2016
31e6b5f
2016-04-20, Version 5.10.2 (Stable) Release
Apr 20, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
deps: upgrade npm to 3.8.6 
PR-URL: #6153
Reviewed-By: Jeremiah Senkpiel <[email protected]>
  • Loading branch information
@zkat
zkat authored and Myles Borins committed Apr 20, 2016
commit 6729ffcb84edd6d36eed549a04b554de24d1670a
7 changes: 7 additions & 0 deletions deps/npm/AUTHORS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -382,3 +382,10 @@ Zac <[email protected]>
GriffinSchneider <[email protected]>
Andres Kalle <[email protected]>
thefourtheye <[email protected]>
Yael <[email protected]>
Yann Odeyer <[email protected]>
James Monger <[email protected]>
Thomas Hallock <[email protected]>
Paul Irish <[email protected]>
Paul O'Leary McCann <[email protected]>
Francis Gulotta <[email protected]>
204 changes: 203 additions & 1 deletion deps/npm/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,210 @@
### v3.8.6 (2016-03-31)

Heeeeeey y'all.

Kat here! Rebecca's been schmoozing with folks at [Microsoft
Build](https://build.microsoft.com/), so I'm doing the `npm@3` release this
week.

Speaking of Build, it looks like Microsoft is doing some bash thing. This might
be really good news for our Windows users once it rolls around. We're keeping an
eye out and feeling hopeful. 🙆

As far as the release goes: We're really happy to be getting more and more
community contributions! Keep it up! We really appreciate folks trying to help
us, and we'll do our best to help point you in the right direction. Even things
like documentation are a huge help. And remember -- you get socks for it, too!

#### FIXES

* [`f8fb4d8`](https://github.com/npm/npm/commit/f8fb4d83923810eb78d075bd200a9376c64c3e3a)
[#12079](https://github.com/npm/npm/pull/12079)
Back in `[email protected]` we included [a patch that made it so `npm install pkg` was
basically `npm install pkg@latest` instead of
`pkg@*`](https://github.com/npm/npm/pull/9170)
This is probably what most users expected, but it also ended up [breaking `npm
deprecate`](https://github.com/npm/npm/pull/9170) when no version was provided
for a package. In that case, we were using `*` to mean "deprecate all
versions" and relying on the `pkg` -> `pkg@*` conversion.
This patch fixes `npm deprecate pkg` to work as it used to by special casing
that particular command's behavior.
([@polm](https://github.com/polm))
* [`458f773`](https://github.com/npm/npm/commit/458f7734f3376aba0b6ff16d34a25892f7717e40)
[#12146](https://github.com/npm/npm/pull/12146)
Adds `make doc-clean` to `prepublish` script, to clear out previously built
docs before publishing a new npm version
([@watilde](https://github.com/watilde))
* [`f0d1521`](https://github.com/npm/npm/commit/f0d1521038e956b2197673f36c464684293ce99d)
[#12146](https://github.com/npm/npm/pull/12146)
Adds `doc-clean` phony target to `make publish`.
([@watilde](https://github.com/watilde))

#### DOC UPDATES

* [`ea92ffc`](https://github.com/npm/npm/commit/ea92ffc9dd2a063896353fc52c104e85ec061360)
[#12147](https://github.com/npm/npm/pull/12147)
Document that the current behavior of `engines` is just to warn if the node
platform is incompatible.
([@reconbot](https://github.com/reconbot))
* [`cd1ba44`](https://github.com/npm/npm/commit/cd1ba4423b3ca889c741141b95b0d9472b9f71ea)
[#12143](https://github.com/npm/npm/pull/12143)
Remove `npm faq` command, since the [FAQ was
removed](https://github.com/npm/npm/pull/10547).
([@watilde](https://github.com/watilde))
* [`50a12cb`](https://github.com/npm/npm/commit/50a12cb1f5f158af78d6962ad20ff0a98bc18f18)
[#12143](https://github.com/npm/npm/pull/12143)
Remove references to the FAQ from the docs, since [it was
removed](https://github.com/npm/npm/pull/10547).
([@watilde](https://github.com/watilde))
* [`60051c2`](https://github.com/npm/npm/commit/60051c25e2ab80c667137dfcd04b242eea25980e)
[#12093](https://github.com/npm/npm/pull/12093)
Update `bugs` url in `package.json` to use the `https` URL for Github.
([@watilde](https://github.com/watilde))
* [`af30c37`](https://github.com/npm/npm/commit/af30c374ef22ed1a1c71b14fced7c4b8350e4e82)
[#12075](https://github.com/npm/npm/pull/12075)
Add the `--ignore-scripts` flag to the `npm install` docs.
([@paulirish](https://github.com/paulirish))
* [`632b214`](https://github.com/npm/npm/commit/632b214b2f2450e844410792e5947e46844612ff)
[#12063](https://github.com/npm/npm/pull/12063)
Various minor fixes to the html docs homepage.
([@watilde](https://github.com/watilde))

#### DEP BUMPS

* [`3da0171`](https://github.com/npm/npm/commit/3da01716a0e41d6b5adee2b4fc70fcaf08c0eb24)
`[email protected]`
([@jdalton](https://github.com/jdalton))
* [`69ccf6d`](https://github.com/npm/npm/commit/69ccf6dd4caf95cd0628054307487cae1885acd0)
`[email protected]`
([@jdalton](https://github.com/jdalton))
* [`b50c41a`](https://github.com/npm/npm/commit/b50c41a9930dc5353a23c5ae2ff87bb99e11d482)
`[email protected]`
([@jdalton](https://github.com/jdalton))
* [`59c1ad7`](https://github.com/npm/npm/commit/59c1ad7b6f243d07618ed5703bd11d787732fc57)
`[email protected]`
([@jdalton](https://github.com/jdalton))
* [`2b4f797`](https://github.com/npm/npm/commit/2b4f797dba8e7a1376c8335b7223e82d02cd8243)
`[email protected]`
([@jdalton](https://github.com/jdalton))

### v3.8.5 (2016-03-24)

Like my esteemed colleague [@zkat](https://github.com/zkat) said in this
week's [LTS release notes](https://github.com/npm/npm/releases/tag/v2.15.2),
this week is another small release but we are continuing to work on our
[Windows efforts](https://github.com/npm/npm/pull/11444).

You may also be interested in reading the [LTS process and
policy](https://github.com/npm/npm/wiki/LTS) that
[@othiym23](https://github.com/othiym23) put together recently. If you have any
feedback, we would love to hear.

#### DOCTOR IT HURTS WHEN LINK TO MY LINK

Well then, don't do that.

* [`0d4a0b1`](https://github.com/npm/npm/commit/0d4a0b1)
[#11442](https://github.com/npm/npm/pull/11442)
Fail if the user asks us to make a link from a module back on to itself.
([@antialias](https://github.com/antialias))

#### ERR MODULE LIST TOO LONG

* [`b271ed2`](https://github.com/npm/npm/commit/b271ed2)
[#11983](https://github.com/npm/npm/issues/11983)
Exit early if no arguments were provided to search instead of trying to display all the modules,
running out of memory, and then crashing.
([@SimenB](https://github.com/SimenB))

#### ELIMINATE UNUSED MODULE

* [`b8c7cd7`](https://github.com/npm/npm/commit/b8c7cd7)
[#12000](https://github.com/npm/npm/pull/12000)
Stop depending on [`async-some`](https://npmjs.com/package/async-some) as it's no
longer used in npm.
([@watilde](https://github.com/watilde))

#### DOCUMENTATION IMPROVEMENTS

* [`fdd6b28`](https://github.com/npm/npm/commit/fdd6b28)
[#11884](https://github.com/npm/npm/pull/11884)
Include `node_modules` in the list of files and directories that npm won't
include in packages ordinarily. (Modules listed in `bundledDependencies` and things
that those modules rely on, ARE included of course.)
([@Jameskmonger](https://github.com/Jameskmonger))
* [`aac15eb`](https://github.com/npm/npm/commit/aac15eb)
[#12006](https://github.com/npm/npm/pull/12006)
Fix typo in npm-orgs documentation, where teams docs went to access docs and vice versa.
([@yaelz](https://github.com/yaelz))

#### FEWER NETWORK TESTS

* [`3e41360`](https://github.com/npm/npm/commit/3e41360)
[#11987](https://github.com/npm/npm/pull/11987)
Fix test that was inappropriately hitting the network
([@yodeyer](https://github.com/yodeyer))

### v3.8.4 (2016-03-24)

Was erroneously released with just a changelog typo correction and was
otherwise the same as 3.8.3.

### v3.8.3 (2016-03-17):

#### SECURITY ADVISORY: BEARER TOKEN DISCLOSURE

This release includes [the fix for a
vulnerability](https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29)
that could cause the unintentional leakage of bearer tokens.

Here are details on this vulnerability and how it affects you.

##### DETAILS

Since 2014, npm’s registry has used HTTP bearer tokens to authenticate requests
from the npm’s command-line interface. A design flaw meant that the CLI was
sending these bearer tokens with _every_ request made by logged-in users,
regardless of the destination of their request. (The bearers only should have
been included for requests made against a registry or registries used for the
current install.)

An attacker could exploit this flaw by setting up an HTTP server that could
collect authentication information, then use this authentication information to
impersonate the users whose tokens they collected. This impersonation would
allow them to do anything the compromised users could do, including publishing
new versions of packages.

With the fixes we’ve released, the CLI will only send bearer tokens with
requests made against a registry.

##### THINK YOU'RE AT RISK? REGENERATE YOUR TOKENS

If you believe that your bearer token may have been leaked, [invalidate your
current npm bearer tokens](https://www.npmjs.com/settings/tokens) and rerun
`npm login` to generate new tokens. Keep in mind that this may cause continuous
integration builds in services like Travis to break, in which case you’ll need
to update the tokens in your CI server’s configuration.

##### WILL THIS BREAK MY CURRENT SETUP?

Maybe.

npm’s CLI team believes that the fix won’t break any existing registry setups.
Due to the large number of registry software suites out in the wild, though,
it’s possible our change will be breaking in some cases.

If so, please [file an issue](https://github.com/npm/npm/issues/new) describing
the software you’re using and how it broke. Our team will work with you to
mitigate the breakage.

##### CREDIT & THANKS

Thanks to Mitar, Will White & the team at Mapbox, Max Motovilov, and James
Taylor for reporting this vulnerability to npm.

#### PERFORMANCE IMPROVEMENTS

The updated [`are-we-there-yet`](https://npm.com/package/are-we-there-yet)
The updated [`are-we-there-yet`](https://npmjs.com/package/are-we-there-yet)
changes how it tracks how complete things are to be much more efficient.
The summary is that `are-we-there-yet` was refactored to remove an expensive
tree walk.
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ ls-ok:
gitclean:
git clean -fd

publish: gitclean ls-ok link doc
publish: gitclean ls-ok link doc-clean doc
@git push origin :v$(shell npm -v) 2>&1 || true
git push origin $(BRANCH) &&\
git push origin --tags &&\
Expand Down
2 changes: 0 additions & 2 deletions deps/npm/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,6 @@ you have chosen.
## More Docs

Check out the [docs](https://docs.npmjs.com/),
especially the [faq](https://docs.npmjs.com/misc/faq).

You can use the `npm help` command to read any of them.

Expand All @@ -164,6 +163,5 @@ will no doubt tell you to put the output in a gist or email.
## SEE ALSO

* npm(1)
* npm-faq(7)
* npm-help(1)
* npm-index(7)
Loading