Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v5.5.1 (Stable) #5141

Closed
wants to merge 15 commits into from
Closed

Release proposal: v5.5.1 (Stable) #5141

wants to merge 15 commits into from

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Feb 8, 2016

Security release, to go out ~ Tuesday, the 9th of February, 11pm UTC with releases across all active lines as per https://groups.google.com/d/msg/nodejs-sec/G8IA0G4uA88/So3Cw84YDwAJ.

Pending additions being worked on by the security team. We'll get everything else ready here and finish it off in our private repo. Still needs "Notable items" filled out. Either myself or @jasnell will handle this release. I'm doing v0.10 and v0.12, @jasnell is doing v4 and was slated for v5 but we may switch that up depending our workloads finalising the security fixes.

Because this is not an LTS line this release is not restricted to security+build changes as we are doing with v0.10, v0.12 and v4. However, I've opted to keep semver-minor changes out of this so we can get away with a patch-level bump, see below for a list of changes left out. Unfortunately, because we haven't had a release in ~20 days the backlog is kind of large even with just semver-patch changes.

  • [3b6283c163] - benchmark: add a constant declaration for net (Minwoo Jung) #3950
  • [d64e6e0112] - buffer: remove duplicated code in fromObject (HUANG Wei) #4948
  • [58d67e26a2] - buffer: validate list elements in Buffer.concat (Michaël Zasso) #4951
  • [bafc86f00e] - buffer: refactor redeclared variables (Rich Trott) #4886
  • [0fa4d90b94] - build: Add VARIATION variable to binary target (Stefan Budeanu) #4631
  • [0d4b538175] - crypto: use SSL_CTX_clear_extra_chain_certs. (Adam Langley) #4919
  • [abb0f6cd53] - crypto: fix build when OCSP-stapling not provided (Adam Langley) #4914
  • [755619c554] - crypto: use a const SSL_CIPHER (Adam Langley) #4913
  • [cbf36de8f1] - deps: upgrade npm to 3.6.0 (Rebecca Turner) #4958
  • [dd97d07a0d] - deps: backport 8d00c2c from v8 upstream (Gibson Fahnestock) #5024
  • [b75263094b] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) #1836
  • [b312b7914f] - deps: upgrade openssl sources to 1.0.2f (Myles Borins) #4961
  • [fa0457ed04] - dns: throw a TypeError in lookupService with invalid port (Evan Lucas) #4839
  • [6f58bc578a] - doc: console is asynchronous unless it's a file (Ben Noordhuis) #5133
  • [3b960af47a] - doc: fix typo in dgram doc (Rich Trott) #5114
  • [6363264fa9] - doc: fix links order in Buffer doc (Alexander Makarenko) #5076
  • [28b392854c] - doc: add CTC meeting minutes 2016-01-20 (Rod Vagg) #4904
  • [e325ece23e] - doc: minor improvement in OS docs (Alexander Makarenko) #5006
  • [9e4f94bf2b] - doc: add CTC meeting minutes 2016-01-27 (Rod Vagg) #5057
  • [1e2108a6b7] - doc: fix links in Addons docs (Alexander Makarenko) #5072
  • [e5134b1701] - doc: fix inconsistent styling (Brian White) #4996
  • [dde160378e] - doc: fix link in cluster documentation (Timothy Gu) #5068
  • [e5254c12f4] - doc: fix reference to API hash.final (Minwoo Jung) #5050
  • [87fd9968a8] - doc: clarify optional arguments of Buffer methods (Michaël Zasso) #5008
  • [9908eced24] - doc: uppercase 'RSA-SHA256' in crypto.markdown (Rainer Oviir) #5044
  • [bf0383bbea] - doc: apply consistent styling for functions (Rich Trott) #4974
  • [8c7f4bab2d] - doc: multiple improvements in Stream docs (Alexander Makarenko) #5009
  • [ee013715b9] - doc: improve styling consistency in VM docs (Alexander Makarenko) #5005
  • [9824b0d132] - doc: fix anchor links from stream to http and events (piepmatz) #5007
  • [2c85f79569] - doc: minor improvement to HTTPS doc (Alexander Makarenko) #5002
  • [9cf1370017] - doc: improve styling consistency in Buffer docs (Alexander Makarenko) #5001
  • [2750cb0613] - doc: consistent styling for functions in TLS docs (Alexander Makarenko) #5000
  • [4758bf13a5] - doc: update npm LICENSE using license-builder.sh (Rebecca Turner) #4958
  • [3b08b5d22c] - doc: fix minor typo in process doc (Prayag Verma) #5018
  • [129977c9c7] - doc: fix typo in Readme.md (Prayag Verma) #5017
  • [5de3dc557f] - doc: fix notDeepEqual API (Minwoo Jung) #4971
  • [d47dadcc1f] - doc: make buffer methods styles consistent (Timothy Gu) #4873
  • [17888b122c] - doc: fix JSON generation for aliased methods (Timothy Gu) #4871
  • [396e4b9199] - doc: add more details to process.env (Evan Lucas) #4924
  • [bc11bf4659] - doc: don't use "interface" as a variable name (ChALkeR) #4900
  • [bcf55d2f44] - doc: spell writable consistently (Peter Lyons) #4954
  • [4a6d0ac436] - doc: update eol handling in readline (Kári Tristan Helgason) #4927
  • [e65d3638c0] - doc: replace function expressions with arrows (Benjamin Gruenbaum) #4832
  • [423a58d66f] - doc: show links consistently in deprecations (Sakthipriyan Vairamani) #4907
  • [fd87659139] - doc: add docs working group (Bryan English) #4244
  • [19ed619cff] - doc: remove unnecessary bind(this) (Dmitriy Lazarev) #4797
  • [5129930786] - doc: keep the names in sorted order (Sakthipriyan Vairamani) #4876
  • [3c46c10d54] - doc: fix nonsensical grammar in Buffer::write (Jimb Esser) #4863
  • [a1af6fc1a7] - doc: add servername parameter docs (Alexander Makarenko) #4729
  • [f4eeba8467] - doc: fix code type of markdowns (Jackson Tian) #4858
  • [fa1d453359] - doc: check for errors in 'listen' event (Benjamin Gruenbaum) #4834
  • [f462320f74] - doc: undo move http.IncomingMessage.statusMessage (Jeff Harris) #4822
  • [711245e5ac] - doc: style fixes for the TOC (Roman Reiss) #4748
  • [611c2f6fdf] - doc: proper markdown escaping -> __, *, _ (Robert Jefe Lindstaedt) #4805
  • [5a860d9cb7] - doc: Examples work when data exceeds buffer size (Glen Arrowsmith) #4811
  • [71ba14de86] - doc: update list of personal traits in CoC (Kat Marchán) #4801
  • [97eedfc57a] - doc: harmonize $ node command line notation (Robert Jefe Lindstaedt) #4806
  • [2dde0f08c9] - doc: add buf.indexOf encoding param with example (Karl Skomski) #3373
  • [66c74548de] - doc: fenced all code blocks, typo fixes (Robert Jefe Lindstaedt) #4733
  • [54e8845b5e] - fs: refactor redeclared variables (Rich Trott) #4959
  • [fa940cf9bc] - fs: remove unused branches (Benjamin Gruenbaum) #4795
  • [9b03af254a] - http: remove reference to onParserExecute (Tom Atkinson) #4773
  • [101de9de3f] - https: evict cached sessions on error (Fedor Indutny) #4982
  • [55030922e5] - lib: scope loop variables (Rich Trott) #4965
  • [725ad5b1ce] - lib: remove string_decoder.js var redeclarations (Rich Trott) #4978
  • [c09eb44a59] - module: refactor redeclared variable (Rich Trott) #4962
  • [612ce66c78] - net: refactor redeclared variables (Rich Trott) #4963
  • [c9b05dafe0] - net: move isLegalPort to internal/net (Evan Lucas) #4882
  • [1b49dfbe78] - node_contextify: do not incept debug context (Myles Borins) #4815
  • [f8269fe365] - querystring: check that maxKeys is finite (Myles Borins) #5066
  • [5a10fe932c] - querystring: use String.prototype.split's limit (Manuel Valls) #2288
  • [2844cc03dc] - repl: remove variable redeclaration (Rich Trott) #4977
  • [853d73bb50] - src: clean up usage of proto (Jackson Tian) #5069
  • [e93b024214] - src: remove no longer relevant comments (Chris911) #4843
  • [a2c257a3ef] - src: fix negative values in process.hrtime() (Ben Noordhuis) #4757
  • [ee8d4bb075] - stream: prevent object map change in TransformState (Evan Lucas) #5032
  • [c8b6de244e] - stream: refactor redeclared variables (Rich Trott) #4816
  • [fc3c32b582] - test: fix flaky test-dgram-pingpong (Rich Trott) #5125
  • [3effca6076] - test: mark flaky tests on Raspberry Pi (Rich Trott) #5082
  • [09917c99d8] - test: fix net-socket-timeout-unref flakiness (Santiago Gimeno) #4772
  • [83da19aa48] - test: fix redeclared test-event-emitter-* vars (Rich Trott) #4985
  • [87b27c913d] - test: fix redeclared test-intl var (Rich Trott) #4988
  • [e98772d68e] - test: remove redeclared var in test-domain (Rich Trott) #4984
  • [443d0463ca] - test: add common.platformTimeout() to dgram test (Rich Trott) #4938
  • [90219c3398] - test: fix flaky cluster test on Windows 10 (Rich Trott) #4934
  • [3488fa81b5] - test: fix variable redeclarations (Rich Trott) #4992
  • [7dc0905d4d] - test: fix redeclared test-util-* vars (Rich Trott) #4994
  • [53e7d605c9] - test: fix redeclared vars in sequential tests (Rich Trott) #4999
  • [a62ace9f7e] - test: fix tls-no-rsa-key flakiness (Santiago Gimeno) #4043
  • [9b8f025816] - test: fix redeclared vars in test-url (Rich Trott) #4993
  • [51fb8845d5] - test: fix redeclared test-path vars (Rich Trott) #4991
  • [b16b360ae8] - test: fix var redeclarations in test-os (Rich Trott) #4990
  • [d6199773e8] - test: fix test-net-* variable redeclarations (Rich Trott) #4989
  • [9dd5b3e01b] - test: fix redeclared test-http-* vars (Rich Trott) #4987
  • [835bf13c1d] - test: fix var redeclarations in test-fs-* (Rich Trott) #4986
  • [71d7a4457d] - test: fix redeclared vars in test-vm-* (Rich Trott) #4997
  • [38459402a5] - test: fix inconsistent styling in test-url (Brian White) #5014
  • [4934798c0d] - test: pummel test fixes (Rich Trott) #4998
  • [3970504298] - test: remove var redeclarations in test-crypto-* (Rich Trott) #4981
  • [a2881e2187] - test: remove test-cluster-* var redeclarations (Rich Trott) #4980
  • [c3d93299c2] - test: fix test-http-extra-response flakiness (Santiago Gimeno) #4979
  • [0384a43885] - test: Add assertion for TLS peer certificate fingerprint (Alan Cohen) #4923
  • [48a353fe41] - test: scope redeclared vars in test-child-process* (Rich Trott) #4944
  • [89d1149467] - test: fix test-tls-zero-clear-in flakiness (Santiago Gimeno) #4888
  • [f7ed47341a] - test: remove Object.observe from tests (Vladimir Kurchatkin) #4769
  • [d95e53dc3b] - test: refactor switch (Rich Trott) #4870
  • [7f1e3e929a] - test: remove race condition in http flood test (Rich Trott) #4793
  • [6539c64e67] - test: scope redeclared variable (Rich Trott) #4854
  • [62fb941557] - test: fix irregular whitespace issue (Roman Reiss) #4864
  • [3b225209f0] - test: fs.link() test runs on same device (Drew Folta) #4861
  • [1860eae110] - test: refactor test-net-settimeout (Rich Trott) #4799
  • [ae9a8cd053] - test: mark test-tick-processor flaky (Rich Trott) #4809
  • [57cea9e421] - test: remove test-http-exit-delay (Rich Trott) #4786
  • [2119c76d5a] - test: refactor test-fs-watch (Rich Trott) #4776
  • [e487b72459] - test: move cluster tests to parallel (Rich Trott) #4774
  • [8c694a658c] - test: improve test-cluster-disconnect-suicide-race (Rich Trott) #4739
  • [14f5bb7a99] - test,buffer: refactor redeclarations (Rich Trott) #4893
  • [62479e3406] - tls: scope loop vars with let (Rich Trott) #4853
  • [d6fbd81a7a] - tls_wrap: reach error reporting for UV_EPROTO (Fedor Indutny) #4885
  • [f513e66075] - tools: lint for empty character classes in regex (Rich Trott) #5115
  • [e05bb409a6] - tools: lint for spacing around unary operators (Rich Trott) #5063
  • [7fa5959c59] - tools: fix redeclared vars in doc/json.js (Rich Trott) #5047
  • [e95fd6ae70] - tools: apply linting to doc tools (Rich Trott) #4973
  • [777ed82162] - tools: fix detecting constructor for JSON doc (Timothy Gu) #4966
  • [5d55f59c85] - tools: add property types in JSON documentation (Timothy Gu) #4884
  • [fd5c56698e] - tools: add support for subkeys in release tools (Myles Borins) #4807
  • [34df6a5c0c] - tools: enable assorted ESLint error rules (Roman Reiss) #4864
  • [386ad7e0b5] - tools: fix setting path containing an ampersand (Brian White) #4804
  • [e415eb27e5] - url: change scoping of variables with let (Kári Tristan Helgason) #4867
  • [b2c8b7f6d3] - internal/child_process: call postSend on error (Fedor Indutny) #4752
  • [5a77c095a6] - Event emitters support symbols as event names. The process object (cjihrig) #4798

Changes (apparently) available for v5.6.0. Note that some of these are semver-patch but build on semver-minor changes so I've left them out so out-of-order cherry-picking doesn't leave us in an inconsistent state. #4337 was also left out because there's a remote possibility it could break for some users, but it's considered a fix rather than semver-major, see discussion there.

  • [34f39670cf] - tools: enable no-redeclare rule for linter (Rich Trott) #5047
  • [c41c09375b] - (SEMVER-MINOR) doc: correct tlsSocket.getCipher() description (Brian White) #4995
  • [2c357a7e3b] - (SEMVER-MINOR) tls: add getProtocol() to TLS sockets (Brian White) #4995
  • [924cc6c633] - src: upgrade to new v8::Private api (Ben Noordhuis) #5045
  • [1800bf4142] - dgram: scope redeclared variables (Rich Trott) #4940
  • [b4ece1b7ec] - contextify: use offset/length from Uint8Array (Fedor Indutny) #4947
  • [137f53c7b7] - (SEMVER-MINOR) dgram: support dgram.send with multiple buffers (Matteo Collina) #4374
  • [efd33a2a9a] - test: update arrow function style (cjihrig) #4813
  • [452928eb24] - tools: add arrow function rules to eslint (cjihrig) #4813
  • [c3bb4b1aa5] - (SEMVER-MINOR) child_process: add shell option to spawn() (cjihrig) #4598
  • [96934cbb30] - (SEMVER-MINOR) vm: introduce cachedData/produceCachedData (Fedor Indutny) #4777
  • [54cd2e1e5e] - (SEMVER-MINOR) buffer: properly retrieve binary length of needle (Trevor Norris) #4803
  • [7240ad4441] - (SEMVER-MINOR) buffer: allow encoding param to collapse (Trevor Norris) #4803
  • [5ef9989bd6] - (SEMVER-MINOR) net: add net.listening boolean property over a getter (José Moreira) #4743
  • [32ac3769f5] - http: do not emit upgrade on advertisement (Fedor Indutny) #4337

CI for this: https://ci.nodejs.org/job/node-test-commit/2148/ (green on all but arm where it's yellow)

rvagg and others added 15 commits February 8, 2016 23:15
PR-URL: #5057
Reviewed-By: Roman Reiss <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Add links to `process.arch` and `process.platform`.

PR-URL: #5006
Reviewed-By: Roman Klauke <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Roman Reiss <[email protected]>
PR-URL: #4904
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Roman Reiss <[email protected]>
Sort links in lexical order

PR-URL: #5076
Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Reviewed-By: Roman Klauke <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Enable `space-unary-ops` in `.eslintrc`. This prohibits things like:

    i ++        // use `i++` instead
    typeof(foo) // use `typeof foo` or `typeof (foo)` instead

Ref: #4772 (comment)
PR-URL: #5063
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Roman Reiss <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Add fromArrayLike() to handle logic of copying in values from array-like
argument.

PR-URL: #4948
Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Trevor Norris <[email protected]>
There was a very subtle change in behavior introduced with 27def4f

In the past if querystring.parse was given Infinity for maxKeys,
everything worked as expected.

Check to see is maxKeys is Infinity before forwarding the value to
String.prototype.split which causes this regression

PR-URL: #5066
Reviewed-By: Evan Lucas <[email protected]>
Reviewed By: Sakthipriyan Vairamani <[email protected]>
Reviewed-By: Rod Vagg <[email protected]>
Reviewed-By: Jeremiah Senkpiel <[email protected]>
Currently a debug context is created for various calls to util.

If the node debugger is being run the main context is the debug
context. In this case node_contextify was freeing the debug context
and causing everything to explode.

This change moves around the logic and no longer frees the context.

There is a concern about the dangling pointer

The regression test was adapted from code submitted by @3y3 in #4815

Fixes: #4440
Fixes: #4815
Fixes: #4597
Fixes: #4952

PR-URL: #4815

Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
A few tests have started failing on Raspberry Pi devices in CI.
https://ci.nodejs.org/job/node-test-binary-arm/943/

PR-URL: #5082
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Roman Klauke <[email protected]>
Ref: #4830
Ref: #3635
Ref: #4526
Remove stray square brackets from dgram documentation.

PR-URL: #5114
Reviewed-By: Brian White <[email protected]>
Reviewed By: Sakthipriyan Vairamani <[email protected]>
Prefer using Object.setPrototypeOf() instead.

PR-URL: #5069
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
There is no guarantee UDP messages will be received. Accommodate the
occasional dropped message.

This is a functionality test, not a performance benchmark. Speed up the
test by not sending 1500 messages across three ports.

Fixes: #4526
PR-URL: #5125
Reviewed-By: Brian White <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Enable linting rule to forbid empty character classes in regular
expressions. See http://eslint.org/docs/rules/no-empty-character-class

Organize "Possible Error" rules in .eslintrc in alphabetical order to
match eslint documentation.

PR-URL: #5115
Reviewed-By: Roman Reiss <[email protected]>
Reviewed-By: Jeremiah Senkpiel <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Mea culpa, looks like I forgot to update console.markdown in commit
dac1d38 ("doc: stdout/stderr can block when directed to file").
This commit rectifies that.

Refs: #5131
PR-URL: #5133
Reviewed-By: Brian White <[email protected]>
Reviewed-By: Evan Lucas <[email protected]>
@bnoordhuis
Copy link
Member

924cc6c should be dropped, it won't compile.

@mscdex mscdex added meta Issues and PRs related to the general management of the project. v5.x labels Feb 8, 2016
@MylesBorins
Copy link
Contributor

if #5109 can get done in time we should try to get it out asap

@MylesBorins
Copy link
Contributor

citgm: https://ci.nodejs.org/job/thealphanerd-smoker/63/

Only failure is expected (eslint on ppc)

@silverwind
Copy link
Contributor

Thanks for including 32ac3769f5. I'd say it warrants a notable change entry.

@MylesBorins
Copy link
Contributor

@rvagg I think it is also worth considering npm@b5362b5

This has not yet landed on master due to the npm breakage, but I have run citgm on a patched branch and everything was a ok.

the npm update includes a fix for the progress bar, which I think the community would greatly appreciate

@rvagg
Copy link
Member Author

rvagg commented Feb 9, 2016

@bnoordhuis @seishun the commit list at the bottom of the OP are not included in this, both the Private V8 API and the http upgrade event. The former has since been correctly labelled as dont-land-on-v5.x and the latter I justified as:

#4337 was also left out because there's a remote possibility it could break for some users, but it's considered a fix rather than semver-major, see discussion there.

We'll have a semver-minor release next week that will pull all of the outstanding changes into it, we just need to have this one at least seem lower risk for users.

FWIW all the other lines are going to need releases soon as well, we have domains (and other) fixes queued up in 0.10 and 0.12 and v4.x has a big backlog that needs to be dealt with too. All 3 of those lines are being kept to the absolute minimum required for the security release.

@rvagg
Copy link
Member Author

rvagg commented Feb 9, 2016

@thealphanerd at this stage I'm opting for not including #5097, it doesn't have any reviews and there's a risk the PR may be modified before landed on master so we'll just have to catch up on it in next week's release.

@silverwind
Copy link
Contributor

We'll have a semver-minor release next week that will pull all of the outstanding changes into it, we just need to have this one at least seem lower risk for users.

5.6.0 was just shipped, does that mean those patch-level things will be in 5.6.1 next week?

@jasnell
Copy link
Member

jasnell commented Feb 9, 2016

@silverwind ... yes, those will go in the next release cycle

@chorrell
Copy link

chorrell commented Feb 9, 2016

FYI: The docker-node images have been updated. We're just waiting for the pull request to be reviewed and merged:

docker-library/official-images#1427

@MylesBorins
Copy link
Contributor

@rvagg / @jasnell should this be closed as most of the changes seem to have landed in v5.6.0?

@rvagg
Copy link
Member Author

rvagg commented Feb 9, 2016

Yes, this was finished off in node-private and included commits that bumped it up to 5.6.0. Because this isn't LTS we didn't limit it to just the security commits so all of commits listed above, and a few more, made it in. There's not a whole lot waiting to land but next week will probably be a 5.7.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.