Adds a `NODEJS_RELEASE_HOST` environment variable that enable releasers
to provide a custom proxy host to connect to when performing the
promotion steps of a given release.
Signed-off-by: Ruy Adorno <ruyadorno@google.com>
PR-URL: https://github.com/nodejs/node/pull/45913
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/45803
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michael Dawson <midawson@redhat.com>
This fixes an error in parseYAML(text), the version sorting
coudn't be right as we compared an arrify string
(ie. a = ["v18.11, v16.7.0"]) with an array of strings
(ie. b = ["v18.07", "v16.7.0"]) in versionSort(a, b).
minVersion(a) couldn't find the minimum version with an arrify string
like a = ["v18.11, v16.7.0"].
That's why incorrect version history orders sometimes appeared.
Furthermore, no need to sort the added version as it always comes first.
So, it can be the last one to be pushed in the meta.changes array.
Fixes: https://github.com/nodejs/node/issues/45670
Co-authored-by: Luigi Pinca <luigipinca@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/45728
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
In the upstream, V8 also disables snapshot compression on the
desktop by default because the size reduction is not worth the
performance hit.
https://chromium-review.googlesource.com/c/v8/v8/+/3275554
Locally the binary size of Node.js is increased by ~2.7MB
(+3.2%) with a significant speedup in startup after snapshot
compression is disabled on macOS.
Also adds a --v8-enable-snapshot-compression to configure.py for
users who prefer a size reduction over speedup in startup.
Ideally we should implement our own compression for the source
code + the code cache + the snapshot instead of relying on V8's
builtin compression for just the snapshot.
PR-URL: https://github.com/nodejs/node/pull/45716
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com>
This change removes the script used to check for new vulnerabilities
in Node.js' dependencies, since it has been moved to its own
repository.
Refs: https://github.com/nodejs/nodejs-dependency-vuln-assessments
PR-URL: https://github.com/nodejs/node/pull/45675
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/45638
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/45636
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Add a Github Action that checks for new versions of the `libuv` C
library, and creates a PR to update it if a newer version than the one
present in the repo is found.
Refs: https://github.com/nodejs/security-wg/issues/828
PR-URL: https://github.com/nodejs/node/pull/45362
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/45463
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Add a Github Action that checks for new versions of the `acorn` and
`acorn-walk` dependencies, and creates PRs to update them if newer
versions than the ones present in the repo are found.
Refs: https://github.com/nodejs/security-wg/issues/828
PR-URL: https://github.com/nodejs/node/pull/45357
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Make the `update-cares.sh`, `update-llhttp.sh`, `update-nghttp2.sh`,
and `update-npm.sh` scripts work even if they are run outside of the
`tools` directory.
PR-URL: https://github.com/nodejs/node/pull/45361
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This commit allows tests in the test runner to mock functions
and methods.
PR-URL: https://github.com/nodejs/node/pull/45326
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/45332
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Add a Github Action that checks for new versions of the `base64` C
library, and creates a PR to update it if a newer version than the one
present in the repo is found.
Refs: https://github.com/nodejs/security-wg/issues/828
PR-URL: https://github.com/nodejs/node/pull/45300
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
The current code does not treat capital and lowercase letters as
equivalent.
PR-URL: https://github.com/nodejs/node/pull/45159
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
In a previous commit, the loader implementation was modified to be
protected against most prototype pollution, but was kept vulnerable to
`Array.prototype` pollution. This commit fixes that, the tradeoff is
that it modifies the `ESMLoader.prototype.import` return type from an
`Array` to an array-like object.
Refs: https://github.com/nodejs/node/pull/45044
PR-URL: https://github.com/nodejs/node/pull/45175
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
