Workflows for v20.18.3 #7
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PR-URL: nodejs#54585 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Bumps [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action) from 0.0.5 to 0.0.6. - [Release notes](https://github.com/mozilla-actions/sccache-action/releases) - [Commits](Mozilla-Actions/sccache-action@89e9040...9e326eb) --- updated-dependencies: - dependency-name: mozilla-actions/sccache-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> PR-URL: nodejs#55225 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
Specify the initial default value of `autoSelectFamily` in description of `net.setDefaultAutoSelectFamily()` as specified in description of `net.getDefaultAutoSelectFamily()`. PR-URL: nodejs#55245 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Jake Yuesong Li <[email protected]>
PR-URL: nodejs#55231 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Matteo Collina <[email protected]>
PR-URL: nodejs#55304 Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: LiviaMedeiros <[email protected]>
PR-URL: nodejs#55172 Reviewed-By: Joyee Cheung <[email protected]>
PR-URL: nodejs#55284 Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Ulises Gascón <[email protected]> Reviewed-By: Michael Dawson <[email protected]>
PR-URL: nodejs#55300 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Ulises Gascón <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Michael Dawson <[email protected]>
PR-URL: nodejs#55144 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Jake Yuesong Li <[email protected]>
Syntax detection has been unflagged so it's no longer meaningful to toggle the detection based on CLI flags. It was also previously benchmarking cached module imports which isn't very meaningful for subsequent loads. This patch updates the benchmark to toggle the detection based on the presence of type field in the package.json, and generates fixtures to benchmark fresh module loads. PR-URL: nodejs#55238 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Matteo Collina <[email protected]>
Fixes: nodejs#55053 PR-URL: nodejs#55331 Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
This reverts commit 7ddbfe8. PR-URL: nodejs#55344 Reviewed-By: Jake Yuesong Li <[email protected]> Reviewed-By: Chemi Atlow <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: nodejs#55344 Reviewed-By: Jake Yuesong Li <[email protected]> Reviewed-By: Chemi Atlow <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: nodejs#55329 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Matthew Aitken <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
This should make easier to read on benchmark/compare and when generating graphs PR-URL: nodejs#55254 Reviewed-By: Vinícius Lourenço Claro Cardoso <[email protected]>
Use rclone to upload assets to Cloudflare as it is more reliable. Refs: nodejs/build#3508 PR-URL: nodejs#55617 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Moshe Atlow <[email protected]>
PR-URL: nodejs#54853 Backport-PR-URL: nodejs#55264 Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#55318 Backport-PR-URL: nodejs#55264 Reviewed-By: Michaël Zasso <[email protected]>
Notable changes: doc: * add abmusse to collaborators (Abdirahim Musse) nodejs#55086 PR-URL: nodejs#55879
PR-URL: nodejs#55879
Without this patch, on Windows, normalizing a relative path might result in a path that Windows considers absolute. In rare cases, this might lead to path traversal vulnerabilities in user code. We attempt to detect those cases and return a relative path instead. PR-URL: nodejs-private/node-private#555 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> CVE-ID: CVE-2025-23084
Previously this PR it was expected that InternalWorker
usage doesn't require the --allow-worker when the permission
model is enabled. This, however, exposes a vulnerability
whenever the instance gets accessed by the user. For example
through diagnostics_channel.subscribe('worker_threads')
PR-URL: nodejs-private/node-private#652
Refs: https://hackerone.com/reports/2575105
CVE-ID: CVE-2025-23083
Signed-off-by: Matteo Collina <[email protected]> PR-URL: nodejs-private/node-private#663 Reviewed-By: Rafael Gonzaga <[email protected]> CVE-ID: CVE-2025-22150
This commit fixes a memory leak when the socket is suddenly closed by the peer (without GOAWAY notification) and when invalid header (by nghttp2) is identified and the connection is terminated by peer. Refs: https://hackerone.com/reports/2841362
This is a security release. Notable changes: * CVE-2025-23083 - throw on InternalWorker use when permission model is enabled (High) * CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) * CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) * CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) PR-URL: nodejs-private/node-private#664
Fixes: nodejs#55208 PR-URL: nodejs#55249 Reviewed-By: Yagiz Nizipli <[email protected]>
The actual implementation returns `outgoingMessage` itself, but not exactly `http.ServerResponse`. Refs: https://github.com/nodejs/node/blob/20d8b85d3493bec944de541a896e0165dd356345/lib/_http_outgoing.js#L712-L751 PR-URL: nodejs#55290 Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Qingyu Deng <[email protected]>
PR-URL: nodejs#55334 Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Jake Yuesong Li <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.1 to 2.10.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@5c7944e...91182cc) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> PR-URL: nodejs#55220 Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: nodejs#55562 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Ulises Gascón <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Jason Zhang <[email protected]>
PR-URL: nodejs#55780 Fixes: nodejs#55340 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Jason Zhang <[email protected]> Reviewed-By: Minwoo Jung <[email protected]>
This action reminds collaborators of the upcoming major release date. In the future, this action can also update and create the branches (that's why the action name is generic). PR-URL: nodejs#56199 Refs: nodejs#55732 Reviewed-By: Antoine du Hamel <[email protected]>
PR-URL: nodejs#56256 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Marco Ippolito <[email protected]>
PR-URL: nodejs#56251 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]>
PR-URL: nodejs#56255 Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: nodejs#56205 Reviewed-By: Moshe Atlow <[email protected]>
PR-URL: nodejs#56266 Reviewed-By: Juan José Arboleda <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
Signed-off-by: 吴小白 <[email protected]> PR-URL: nodejs#56271 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]>
Attributes are being highlighted as #f00 on a background of #f2f2f2. That's a color contrast of 3.98:1, failing to meet the 4.5:1 requirement of WCAG 2.1 AA. This changes the attribute color to #d00, which has a color contrast of 5.09:1 meeting the 4.5:1 requirement. PR-URL: nodejs#56272 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Claudio Wunder <[email protected]>
Original commit message:
[import-attributes] Deprecate 'assert' for removal in 12.6
See https://groups.google.com/a/chromium.org/g/blink-dev/c/ZHvzLaJZRvo/m/FgNDBjrtBQAJ
Bug: v8:10958
Change-Id: I4d21c9f7aad1024b198b4a1cdfb4792a011da464
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5055681
Reviewed-by: Rezvan Mahdavi Hezaveh <[email protected]>
Auto-Submit: Shu-yu Guo <[email protected]>
Commit-Queue: Shu-yu Guo <[email protected]>
Cr-Commit-Position: refs/heads/main@{#92044}
Refs: v8/v8@ae5a4db
Co-authored-by: Antoine du Hamel <[email protected]>
PR-URL: nodejs#55961
Reviewed-By: Jacob Smith <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Original commit message:
[import-attributes] Deprecate 'assert' for dynamic import as well
Bug: v8:10958
Change-Id: I7847bdb5d2c79f057f4e1df99f8f5889788f09cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5249778
Commit-Queue: Shu-yu Guo <[email protected]>
Reviewed-by: Leszek Swirski <[email protected]>
Cr-Commit-Position: refs/heads/main@{#92123}
Refs: v8/v8@26fd1df
PR-URL: nodejs#55961
Reviewed-By: Jacob Smith <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
The two proposals reached stage 4 at the October 2024 meeting. PR-URL: nodejs#55333 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Backport-PR-URL: nodejs#55961
PR-URL: nodejs#55855 Refs: nodejs#55333 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Jacob Smith <[email protected]> Backport-PR-URL: nodejs#55961
PR-URL: nodejs#56706 Backport-PR-URL: nodejs#56721 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: nodejs#56707 Backport-PR-URL: nodejs#56724 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
Since the last security release, the resource check has been flaky on Windows. This commit temporarily disables those checks to unblock the next regular release. PR-URL: nodejs#56789 Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: James M Snell <[email protected]>
This has been flaking the CI for more than 2 years with various attempts to fix without success. It has still been flaking the CI (failed 19 out of 100 recent testing CI runs). It's time to mark it as flaky. PR-URL: nodejs#56503 Refs: nodejs#43465 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Jake Yuesong Li <[email protected]>
PR-URL: nodejs#56727 Refs: nodejs#56726 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Richard Lau <[email protected]>
Notable changes: crypto: * update root certificates to NSS 3.104 (Richard Lau) nodejs#55681 doc: * add LJHarb to collaborators (Jordan Harband) nodejs#56132 * enforce strict policy to semver-major releases (Rafael Gonzaga) nodejs#55732 * add jazelly to collaborators (Jason Zhang) nodejs#55531 esm: * mark import attributes and JSON module as stable (Nicolò Ribaudo) nodejs#55333 tools: * fix root certificate updater (Richard Lau) nodejs#55681 PR-URL: nodejs#56699
…-compression, and exposing of utils so our fiber elimination utils can continue to work
trying to add fibers building
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.