Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: completely upgrade npm in LTS to 2.15.1 #5988

Closed

Conversation

othiym23
Copy link
Contributor

@othiym23 othiym23 commented Apr 1, 2016

This is the same as 4041ea6, only it includes the version tag marking it as [email protected] (instead of [email protected]).

My apologies for the confusion.

r: @thealphanerd
r: @rvagg

@othiym23 othiym23 added npm Issues and PRs related to the npm client dependency or the npm registry. v0.12 labels Apr 1, 2016
@jasnell
Copy link
Member

jasnell commented Apr 1, 2016

LGTM

@jasnell
Copy link
Member

jasnell commented Apr 28, 2016

@nodejs/lts

@MylesBorins
Copy link
Contributor

this one already landed on v4.x

It is missing a patch that gets rid of legacy test. @othiym23 would it make more sense to update 0.10 and 0.12 to the latest lts npm?

@rvagg
Copy link
Member

rvagg commented May 5, 2016

@thealphanerd can you help land this one? I'd like to bundle it with the openssl fixes, same as #5987 for v0.10.

@MylesBorins
Copy link
Contributor

@rvagg I'm going to see if I can get this PR working by manually adding 8acb886 on top... if that works than all should be good, otherwise we might need another update from npm.. I've pinged @othiym23 and @zkat over on irc... (and now here)

I'll do a test right now and see if we get get away with a cherry-pick

@MylesBorins
Copy link
Contributor

So it looks like we have afailing test on v0.12

test/tap/outdated-symlink.js ........................ 13/14 4s
  when outdated is called linked packages should be displayed as such
  not ok Global Install format as expected
    at:
      file: test/tap/outdated-symlink.js
      line: 62
      column: 9
    stack: |
      test/tap/outdated-symlink.js:62:9
      f (node_modules/once/once.js:17:25)
      ChildProcess.<anonymous> (test/common-tap.js:58:5)
      maybeClose (internal/child_process.js:827:16)
      Process.ChildProcess._handle.onexit (internal/child_process.js:211:5)

It looks like this is a new test not present in 2.14.19 (version bundled with node v0.12.12). There were two npm test failures in that version Technically we have already shipped this version of npm, and this update is primarily meta data.

I'm going to land this with the patch to fix testing in staging and we can decide to follow up as necessary.

@MylesBorins
Copy link
Contributor

LGTM

MylesBorins pushed a commit that referenced this pull request May 5, 2016
PR-URL: #5988
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Myles Borins <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 5, 2016
@MylesBorins
Copy link
Contributor

landed in 2b63396...810fb21

@MylesBorins MylesBorins closed this May 5, 2016
rvagg added a commit that referenced this pull request May 6, 2016
Notable changes:

* npm: Correct erroneous version number in v2.15.1 code
  (Forrest L Norvell) #5988
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
  (Shigeki Ohtsu) #6553
  - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
  - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
  - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/
    for full details
rvagg added a commit that referenced this pull request May 6, 2016
Notable changes:

* npm: Correct erroneous version number in v2.15.1 code
  (Forrest L Norvell) #5988
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
  (Shigeki Ohtsu) #6553
  - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
  - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
  - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/
    for full details
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
PR-URL: nodejs/node#5988
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Myles Borins <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
Notable changes:

* npm: Correct erroneous version number in v2.15.1 code
  (Forrest L Norvell) nodejs/node#5988
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
  (Shigeki Ohtsu) nodejs/node#6553
  - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
  - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
  - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/
    for full details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
npm Issues and PRs related to the npm client dependency or the npm registry.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants