Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v14.17.4 proposal #39466

Merged
merged 140 commits into from
Jul 29, 2021
Merged

v14.17.4 proposal #39466

merged 140 commits into from
Jul 29, 2021

Conversation

richardlau
Copy link
Member

@richardlau richardlau commented Jul 20, 2021

2021-07-29, Version 14.17.4 'Fermium' (LTS), @richardlau

This is a security release.

Notable Changes

This releases also fixes some regressions with internationalization introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

Commits

targos and others added 30 commits July 20, 2021 07:11
Original commit message:

    tracing: Update proto library build rule and roll Perfetto

    This patch removes use of the deprecated sources_assignment_filter GN
    feature from gni/proto_library.gni, since the extra descriptor files are
    no longer being generated.

    We also roll Perfetto to match the version used in Chrome and update
    test expectations accordingly.

    Bug: v8:10995
    Change-Id: I65cb3b79feb6e5a7e5c8d99fdb8bf999a6048539
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454079
    Commit-Queue: Michael Achenbach <machenbach@chromium.org>
    Auto-Submit: Sami Kyöstilä <skyostil@chromium.org>
    Reviewed-by: Peter Marshall <petermarshall@chromium.org>
    Reviewed-by: Michael Achenbach <machenbach@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#70381}

Refs: v8/v8@1b1eda0

PR-URL: #39244
Refs: nodejs/build#2696
Reviewed-By: Richard Lau <rlau@redhat.com>
Original commit message:

    build: Remove no-op calls to set_sources_assignment_filter

    Chromiun no longer use set_sources_assignment_filter() anywhere in the
    build, so these are no longer needed.

    Bug: chromium:1018739
    Change-Id: I7b33612d925563ebca0d93a7d3c9183d7305b7b0
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2456988
    Reviewed-by: Nico Weber <thakis@chromium.org>
    Commit-Queue: Nico Weber <thakis@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#70405}

Refs: v8/v8@92e6d33

PR-URL: #39244
Refs: nodejs/build#2696
Reviewed-By: Richard Lau <rlau@redhat.com>
Original commit message:

    Fix visiblity rules for configs enforced by the latest GN version.

    Prior versions of GN had a bug (gn:22) where visibility rules
    for configs weren't being enforced properly.

    This CL tweaks the visibility settings of some configs to
    conform to the latest version.

    Change-Id: Ic5d827a1f2774278d3894f67fe52bfca836c0409
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2360909
    Commit-Queue: Dirk Pranke <dpranke@google.com>
    Reviewed-by: Adam Klein <adamk@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#69463}

Refs: v8/v8@7c182bd

PR-URL: #39244
Refs: nodejs/build#2696
Reviewed-By: Richard Lau <rlau@redhat.com>
Original commit message:

    Fix implicit conversion loses integer precision warning

    The type of m is long in 64 bits build, and results implicit conversion
    loses integer precision, which was found by improved clang warning
    (-Wshorten-64-to-32)

    Bug: chromium:1124085
    Change-Id: Ic9f22508bd817a06d5c90162b1ac3554a7171529
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2391323
    Commit-Queue: Zequan Wu <zequanwu@google.com>
    Auto-Submit: Zequan Wu <zequanwu@google.com>
    Reviewed-by: Nico Weber <thakis@chromium.org>
    Reviewed-by: Igor Sheludko <ishell@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#69686}

Refs: v8/v8@0b3a4ec

PR-URL: #39244
Refs: nodejs/build#2696
Reviewed-By: Richard Lau <rlau@redhat.com>
Original commit message:

    Add -Wno-string-concatenation to test/cctest:cctest_sources

    v8/test/cctest/interpreter/test-bytecode-generator.cc contains lots of string arrays with intentional concatenation.

    Bug: chromium:1114873
    Change-Id: Ie9d35c3849b5b0a6d1d01b6ce21fb80a320d8736
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366829
    Commit-Queue: Arthur Eubanks <aeubanks@google.com>
    Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#69625}

Refs: v8/v8@8959494

PR-URL: #39244
Refs: nodejs/build#2696
Reviewed-By: Richard Lau <rlau@redhat.com>
These updates are necessary to build V8 with recent GN versions.

PR-URL: #39244
Refs: nodejs/build#2696
Reviewed-By: Richard Lau <rlau@redhat.com>
This modifies 40df0dc so that the changes it applies are only used
if ICU 67 or greater is used, and restores the previous code path for
versions of ICU below 67.

The minimum ICU version was bumped to 67 in Node.js 14.6.0 by
#34356 but the referenced V8
commit[1] isn't on `v14.x-staging` and appears to have been reverted
on V8 8.4[2] so this PR also restores the minimum ICU version to 65.

[1] v8/v8@611e412
[2] v8/v8@eeccede

PR-URL: #39068
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Original commit message:

    [JSON] Fix GC issue in BuildJsonObject
    We must ensure that the sweeper is not running or has already swept
    mutable_double_buffer. Otherwise the GC can add it to the free list.

    Bug: v8:11837
    Change-Id: Ifd9cf15f1c94f664fd6489c70bb38b59730cdd78
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928181
    Commit-Queue: Victor Gomes <victorgomes@chromium.org>
    Reviewed-by: Toon Verwaest <verwaest@chromium.org>
    Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#74859}

Refs: v8/v8@81181a8

PR-URL: #39187
Fixes: #37553
Refs: v8/v8@81181a8
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
node-inspect developers have agreed to move node-inspect into core
rather than vendor it as a dependency.

Refs: #36481

PR-URL: #38161
Backport-PR-URL: #38858
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Remove code that was for when `node-inspect` was called as a standalone
process.

PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Fixes: #37224

PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Make five attempts with a timeout of 1 second each rather than 10
attempts with a timeout of 500ms each. This is to allow for
slower-connecting devices like Raspberry Pi.

PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
The test was assuming that the entire string being sought would arrive
in a single data chunk, but it can be split across multiple chunks.

PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Migrate the node-inspect tests to core (where node-inspect code now
lives) and remove node-inspect from deps directory.

PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Change process.binding() use to internalBinding().

PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #38161
Backport-PR-URL: #38858
Refs: #36481
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #38431
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
There are many things called `url` in this page including `url` module,
`URL` instances, etc.

The original example was not clear where these methods come from.

PR-URL: #38645
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #38644
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
The convention for js-native-api/<test_name>:
  * <test_name>.c or <test_name>.cc has the entry point
  * The name of the target is <test_name>

PR-URL: #38692
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #38724
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
Reviewed-By: James M Snell <jasnell@gmail.com>
Writes pipe handles with `uv_pipe_getsockname()`
and `uv_pipe_getpeername()`.

PR-URL: #38637
Fixes: #38625
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
The implementation of the `fs.lchmod` method has been moved to JS-land

PR-URL: #38693
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Fixes: #38707

PR-URL: #38720
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Added JSDoc typings for the `events` lib module.

PR-URL: #38712
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Masashi Hirano <shisama07@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Refs: https://coverage.nodejs.org/coverage-36bb31be5f0b85a0/lib/_http_outgoing.js.html#L351
Refs: https://coverage.nodejs.org/coverage-36bb31be5f0b85a0/lib/_http_outgoing.js.html#L609

PR-URL: #38734
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Trott and others added 3 commits July 22, 2021 12:06
PR-URL: #39024
Backport-PR-URL: #39446
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
When I moved these files from node-inspect to Node.js core, I put them
in lib/internal/inspector. That was a mistake. They should be in
lib/internal/debugger.

PR-URL: #39080
Backport-PR-URL: #39446
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Continuation of: #35099

Signed-off-by: Darshan Sen <raisinten@gmail.com>

PR-URL: #38789
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
richardlau added a commit that referenced this pull request Jul 22, 2021
Notable Changes:

This releases fixes some regressions with internationalization
introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

PR-URL: #39466
@nodejs-github-bot
Copy link
Collaborator

PR-URL: #39423
Fixes: #38964
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
richardlau added a commit that referenced this pull request Jul 23, 2021
Notable Changes:

This releases fixes some regressions with internationalization
introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

PR-URL: #39466
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@richardlau
Copy link
Member Author

The release will be delayed until at least tomorrow as I'm waiting on clarification on some commits.

PR-URL: #39553
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
richardlau added a commit that referenced this pull request Jul 28, 2021
Notable Changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling (High)

This releases fixes some regressions with internationalization
introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

PR-URL: #39466
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jul 28, 2021

@nodejs-github-bot
Copy link
Collaborator

This is a security release.

Notable Changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling (High)

This releases fixes some regressions with internationalization
introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

PR-URL: #39466
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jul 29, 2021

@richardlau richardlau merged commit 488c27f into v14.x Jul 29, 2021
richardlau added a commit that referenced this pull request Jul 29, 2021
richardlau added a commit that referenced this pull request Jul 29, 2021
This is a security release.

Notable Changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling (High)

This releases fixes some regressions with internationalization
introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

PR-URL: #39466
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Jul 29, 2021
richardlau added a commit to nodejs/nodejs.org that referenced this pull request Jul 29, 2021
@richardlau richardlau deleted the v14.17.4-proposal branch July 29, 2021 17:05
foxxyz pushed a commit to foxxyz/node that referenced this pull request Oct 18, 2021
This is a security release.

Notable Changes:

- CVE-2021-22930: Use after free on close http2 on stream canceling (High)

This releases fixes some regressions with internationalization
introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

PR-URL: nodejs#39466
foxxyz pushed a commit to foxxyz/node that referenced this pull request Oct 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release Issues and PRs related to Node.js releases.
Projects
None yet
Development

Successfully merging this pull request may close these issues.