{{ message }}
deps: upgrade to npm 2.14.4#2958
Closed
zkat wants to merge 2 commits into
Closed
Conversation
Contributor
Author
brendanashworth
added
the
npm
Contributor
|
Rubber stamp LGTM |
Member
|
@zkat re npm@3, you might want to prime Rebecca on this, but we should be able to start accepting npm@3 pull requests to I'm making an assumption here that there would be no objections amongst @nodejs/collaborators to jumping to npm@3 for v5+ (collaborators: pipe up in here if you think this might not be a good idea). Also, node-gyp@3.0.3 would be good on top of this, unfortunately (sorry), it's got 2 fixes that are fairly important. Thanks! |
Contributor
|
+1 for npm@3 in |
Contributor
Author
|
Added |
Fishrock123
pushed a commit
that referenced
this pull request
Sep 20, 2015
PR-URL: #2958 Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Fishrock123
pushed a commit
that referenced
this pull request
Sep 20, 2015
PR-URL: #2958 Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Contributor
|
Thanks, landed in 61d48b4...2c09a53 :) |
Contributor
Author
|
Thanks, Jeremiah! :D |
Fishrock123
pushed a commit
that referenced
this pull request
Sep 20, 2015
PR-URL: #2958 Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Fishrock123
pushed a commit
that referenced
this pull request
Sep 20, 2015
PR-URL: #2958 Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
rvagg
added a commit
that referenced
this pull request
Sep 22, 2015
Notable changes * buffer: Fixed a bug introduced in v4.1.0 where allocating a new zero-length buffer can result in the next allocation of a TypedArray in JavaScript not being zero-filled. In certain circumstances this could result in data leakage via reuse of memory space in TypedArrays, breaking the normally safe assumption that TypedArrays should be always zero-filled. (Trevor Norris) #2931. * http: Guard against response-splitting of HTTP trailing headers added via response.addTrailers() by removing new-line ([\r\n]) characters from values. Note that standard header values are already stripped of new-line characters. The expected security impact is low because trailing headers are rarely used. (Ben Noordhuis) #2945. * npm: Upgrade to npm 2.14.4 from 2.14.3, see release notes for full details (Kat Marchán) #2958 - Upgrades graceful-fs on multiple dependencies to no longer rely on monkey-patching fs - Fix npm link for pre-release / RC builds of Node * v8: Update post-mortem metadata to allow post-mortem debugging tools to find and inspect: - JavaScript objects that use dictionary properties (Julien Gilli) #2959 - ScopeInfo and thus closures (Julien Gilli) #2974
rvagg
added a commit
that referenced
this pull request
Sep 23, 2015
Notable changes * buffer: Fixed a bug introduced in v4.1.0 where allocating a new zero-length buffer can result in the next allocation of a TypedArray in JavaScript not being zero-filled. In certain circumstances this could result in data leakage via reuse of memory space in TypedArrays, breaking the normally safe assumption that TypedArrays should be always zero-filled. (Trevor Norris) #2931. * http: Guard against response-splitting of HTTP trailing headers added via response.addTrailers() by removing new-line ([\r\n]) characters from values. Note that standard header values are already stripped of new-line characters. The expected security impact is low because trailing headers are rarely used. (Ben Noordhuis) #2945. * npm: Upgrade to npm 2.14.4 from 2.14.3, see release notes for full details (Kat Marchán) #2958 - Upgrades graceful-fs on multiple dependencies to no longer rely on monkey-patching fs - Fix npm link for pre-release / RC builds of Node * v8: Update post-mortem metadata to allow post-mortem debugging tools to find and inspect: - JavaScript objects that use dictionary properties (Julien Gilli) #2959 - ScopeInfo and thus closures (Julien Gilli) #2974 PR-URL: #2995
Member
|
@rvagg FYI: Because of npm/npm#9695, I won't be making a pull request to bring in npm@3 till 3.3.5, when that patch is |
Member
This was referenced Jun 29, 2021
This was referenced Jun 30, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Heyo!
This release is the first one to officially include
node-gyp(@3.0.1), so it shouldn't need any hotfixes cherry-picked over! Otherwise, I can add a commit to this that bumps it to@3.0.3(which will come in with next week's downstreaming anyway).This also includes most of @thefourtheye's
graceful-fsupgrades, a Windows fix fornpm link, and a removal of our only usage of a deprecated API (process.binding).You can see the full release notes at https://github.com/npm/npm/releases/tag/v2.14.4
lmk if you want that
node-gyppatch added to this PR!Also note that we finally released
npm@3this week (as you may have heard), but I'll continue to submitnpm@2release PRs -- you can expect a potential slowing, though, since we're also switching to LTS more withnpm@2, so it won't see very much in terms of new features and such.Cheers!