Remove all leftover usage of _stream_* and keep all of them as legacy.
We do not deprecate the old modules to avoid disrupition and ease
maintainance.
PR-URL: https://github.com/nodejs/node/pull/36684
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Newly added process.memoryUsage.rss() will presumably return 0 on IBMi
the same way process.memoryUsage().rss does. Allow IBMi to skip the new
assertion.
The test was using a mix of `assert()` and `assert.ok()`. This change
makes it consistently use `assert.ok()`.
PR-URL: https://github.com/nodejs/node/pull/36758
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Some general edits, but also adding an explanation of why one might
choose process.memoryUsage.rss() over process.memoryUsage().rss.
PR-URL: https://github.com/nodejs/node/pull/36757
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Yash Ladha <yash@yashladha.in>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Use common.enoughTestMem to avoid "Array buffer allocation failed"
error on low memory devices.
Fixes: https://github.com/nodejs/node/issues/36792
PR-URL: https://github.com/nodejs/node/pull/36795
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Pooja D P <Pooja.D.P@ibm.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Now that we are using primordials in the first part of
isIdenticalTypedArrayType(), the defensive coding to get the correct
result (when Symbol.toStringTag is manipulated) is no longer reachable
or necessary. Remove the code.
Refs: https://coverage.nodejs.org/coverage-873d21cdc1266273/lib/internal/util/comparisons.js.html#L135
PR-URL: https://github.com/nodejs/node/pull/36744
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Notify #nodejs-dev on the OpenJS Foundation slack when someone
force-pushes, removing one manual step from force-pushing.
PR-URL: https://github.com/nodejs/node/pull/35131
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Calling `finished(socket, cb)` would previously not
invoked the callback if the socket was already detroyed.
PR-URL: https://github.com/nodejs/node/pull/36635
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Update ESLint to 7.17.0
PR-URL: https://github.com/nodejs/node/pull/36726
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Yash Ladha <yash@yashladha.in>
This macro needs to match between Node.js and addons that use C++
standard library types whose ABI differs (e.g. `std::string`).
Therefore, a value for this should be specified in `common.gypi`.
(Currently, the 32-bit ARM builds use this ABI, and other
platforms don’t. It might also be possible to set this value to `0`
instead, it’s only important that *a* value is specified.)
Refs: https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html
PR-URL: https://github.com/nodejs/node/pull/36634
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Notable changes:
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
PR-URL: https://github.com/nodejs-private/node-private/pull/240
Notable changes:
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
PR-URL: https://github.com/nodejs-private/node-private/pull/239
This is a security release.
Notable changes:
Vulnerabilities fixed:
- **CVE-2020-1971**: OpenSSL - EDIPARTYNAME NULL pointer de-reference
(High)
- This is a vulnerability in OpenSSL which may be exploited through
Node.js. You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
- **CVE-2020-8265**: use-after-free in TLSWrap (High)
- Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller as
part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits.
- **CVE-2020-8287**: HTTP Request Smuggling in nodejs (Low)
- Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields. In
this case Node.js identifies the first header field and ignores the
second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
PR-URL: https://github.com/nodejs-private/node-private/pull/242
This is a security release.
Notable changes:
Vulnerabilities fixed:
- **CVE-2020-8265**: use-after-free in TLSWrap (High)
* Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller as
part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits.
- **CVE-2020-8287**: HTTP Request Smuggling in nodejs (Low)
* Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields. In
this case Node.js identifies the first header field and ignores the
second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
PR-URL: https://github.com/nodejs-private/node-private/pull/241
Duplicate `Transfer-Encoding` header should be a treated as a single,
but with original header values concatenated with a comma separator. In
the light of this, even if the past `Transfer-Encoding` ended with
`chunked`, we should be not let the `F_CHUNKED` to leak into the next
header, because mere presence of another header indicates that `chunked`
is not the last transfer-encoding token.
CVE-ID: CVE-2020-8287
Refs: https://github.com/nodejs-private/llhttp-private/pull/3
Refs: https://hackerone.com/bugs?report_id=1002188&subject=nodejs
PR-URL: https://github.com/nodejs-private/node-private/pull/228
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Spell out or omit _i.e._ and _e.g._ as appropriate.
PR-URL: https://github.com/nodejs/node/pull/36737
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Replace checklist with a list. Clarify when things like tests and
benchmarks are needed.
PR-URL: https://github.com/nodejs/node/pull/36739
Reviewed-By: Zeyu Yang <himself65@outlook.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Yash Ladha <yash@yashladha.in>
Accessing the rss value through memoryUsage() can be expensive
because this method will also generate memory usage statistics
by iterating on each page.
This commit intend to offer a more direct access to rss value.
Refs: #33384
PR-URL: https://github.com/nodejs/node/pull/34291
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
The default for the `emitClose` option was changed from `false` to
`true` by nodejs/node#31408 which landed in f0d2df4 for v14.0.0.
This commit updates the fs doc to match the current behavior.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
PR-URL: https://github.com/nodejs/node/pull/36653
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
The associated condition mentioned in the URL parsing algorithm of the
WHATWG URL Standard is:
url is special and c is U+005C (\)
So, `special_back_slash` must be updated whenever `special` is updated.
Fixes: https://github.com/nodejs/node/issues/36559
PR-URL: https://github.com/nodejs/node/pull/36613
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
String::NewFromUtf8 doesn't generate an exception in V8 when the string
is too long but is guaranteed to return an empty MaybeLocal only in
that case. Generate a Node.js exception when it happens.
Fixes: https://github.com/nodejs/node/issues/35676
PR-URL: https://github.com/nodejs/node/pull/36661
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Move duplicate abort handler logic into a separate function.
PR-URL: https://github.com/nodejs/node/pull/36644
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
If an AbortController passed to execfile() is already aborted, use the
same behavior as if the controller was aborted after calling execfile().
This mimics the behavior of fetch in the browser.
PR-URL: https://github.com/nodejs/node/pull/36644
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Test that reusing an aborted AbortController with execfile() results in
immediate SIGTERM.
PR-URL: https://github.com/nodejs/node/pull/36644
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
