profile
viewpoint
Bethany Nicolle Griggs BethGriggs IBM UK United Kingdom https://twitter.com/BethGriggs_ IBM Runtimes - Node.js Developer.

BethGriggs/music-recommender-system 3

A music recommendation app with Meteor

BethGriggs/ExodusWave 1

Global visualisation of population change over time

a-roberts/MERN-app 0

Simple example for the MERN stack (MongoDB, Express, React, Node.js) on Kubernetes, optimised to work locally with persistence.

BethGriggs/admin 0

Facilitating joint collaboration amongst the TSC and CommComm

BethGriggs/appmetrics 0

Node Application Metrics provides a foundational infrastructure for collecting resource and performance monitoring data for Node.js-based applications.

BethGriggs/appmetrics-prometheus 0

Module for providing a /metrics endpoint using data from appmetrics for use with Prometheus

BethGriggs/assay 0

noun 1. the testing of a metal or ore to determine its ingredients and quality.

BethGriggs/bethgriggs.github.io 0

Website under construction

BethGriggs/build 0

Better build and test infra for Node.

PR closed nodejs/node

[v10.x-staging] v8: fix load elimination liveness checks V8 Engine author ready v10.x

This commit back-ports the implementations of IsRename() and MayAlias() from the upstream 8.0 branch wholesale. Fixes several bugs where V8's load elimination pass considered values to be alive when they weren't.

Fixes: https://github.com/nodejs/node/issues/31484

Supersedes #31507.

+17 -23

3 comments

2 changed files

bnoordhuis

pr closed time in a few seconds

pull request commentnodejs/node

[v10.x-staging] v8: fix load elimination liveness checks

Landed in dc61e09feb

bnoordhuis

comment created time in a few seconds

push eventnodejs/node

Ben Noordhuis

commit sha dc61e09feb438d3cf4cb09eab3a1d8cf63cd047a

v8: fix load elimination liveness checks This commit back-ports the implementations of IsRename() and MayAlias() from the upstream 8.0 branch wholesale. Fixes several bugs where V8's load elimination pass considered values to be alive when they weren't. Fixes: https://github.com/nodejs/node/issues/31484 PR-URL: https://github.com/nodejs/node/pull/31613 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

view details

push time in 16 minutes

pull request commentnodejs/node

[v10.x] n-api: add napi_get_all_property_names

@gabrielschulhof would you be able to take a look at the conflicts? (I'm working on landing all of the v10.x PRs in the order in which they were opened, so it's possible the conflicts were caused by something that recently landed on v10.x-staging).

gabrielschulhof

comment created time in 2 hours

PR closed nodejs/node

Reviewers
[v10.x]: Backport instance data C++ lib / src n-api semver-minor v10.x

<!-- Thank you for your pull request. Please provide a description above and review the requirements below.

Bug fixes and new features should include tests and possibly benchmarks.

Contributors guide: https://github.com/nodejs/node/blob/master/CONTRIBUTING.md -->

Checklist

<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->

  • [x] make -j4 test (UNIX), or vcbuild test (Windows) passes
  • [x] tests and/or benchmarks are included
  • [x] documentation is changed or added
  • [x] commit message follows commit guidelines

<!-- Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. -->

+638 -104

28 comments

13 changed files

gabrielschulhof

pr closed time in 16 hours

pull request commentnodejs/node

[v10.x]: Backport instance data

Landed in 3f9cec3f51...f29fb14cf6

gabrielschulhof

comment created time in 16 hours

push eventnodejs/node

Anna Henningsen

commit sha 20177b9946782f47a3ec9c197e414badb531af3b

n-api: turn NAPI_CALL_INTO_MODULE into a function These do not need to be macros. PR-URL: https://github.com/nodejs/node/pull/26128 Backport-PR-URL: https://github.com/nodejs/node/pull/30537 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>

view details

Gabriel Schulhof

commit sha f29fb14cf60a1605a548d084c4242262a35694f7

n-api: add APIs for per-instance state management Adds `napi_set_instance_data()` and `napi_get_instance_data()`, which allow native addons to store their data on and retrieve their data from `napi_env`. `napi_set_instance_data()` accepts a finalizer which is called when the `node::Environment()` is destroyed. This entails rendering the `napi_env` local to each add-on. Fixes: https://github.com/nodejs/abi-stable-node/issues/378 PR-URL: https://github.com/nodejs/node/pull/28682 Backport-PR-URL: https://github.com/nodejs/node/pull/30537 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

view details

push time in 16 hours

push eventnodejs/node

Rich Trott

commit sha 3f9cec3f51c19e57dfe85a87017cb210ad6d7bda

test: add debugging output to test-net-listen-after-destroy-stdin The test failed in CI once with a timeout but there is insufficient information to further debug. Add additional debugging information. Refactored callbacks to be arrow functions, since that seems to be the direction we're moving. PR-URL: https://github.com/nodejs/node/pull/31698 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>

view details

push time in 17 hours

PR closed nodejs/node

[v10.x backport] buffer: add {read|write}Big[U]Int64{BE|LE} methods buffer semver-minor v10.x

PR-URL: https://github.com/nodejs/node/pull/19691 Reviewed-By: Ben Noordhuis info@bnoordhuis.nl Reviewed-By: Tiancheng "Timothy" Gu timothygu99@gmail.com Reviewed-By: Joyee Cheung joyeec9h3@gmail.com Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Ruben Bridgewater ruben@bridgewater.de Reviewed-By: Tobias Nießen tniessen@tnie.de Reviewed-By: Matteo Collina matteo.collina@gmail.com

(cherry picked from commit 3d8532f851f2f7a2f8380e717281eaa08b02fb35)

<!-- Thank you for your pull request. Please provide a description above and review the requirements below.

Bug fixes and new features should include tests and possibly benchmarks.

Contributors guide: https://github.com/nodejs/node/blob/master/CONTRIBUTING.md -->

Checklist

<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->

  • [X] make -j4 test (UNIX), or vcbuild test (Windows) passes
  • [X] tests and/or benchmarks are included
  • [X] documentation is changed or added
  • [X] commit message follows commit guidelines

<!-- Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. -->

+313 -0

16 comments

5 changed files

GaryGSC

pr closed time in a day

pull request commentnodejs/node

[v10.x backport] buffer: add {read|write}Big[U]Int64{BE|LE} methods

Landed in 64744a2 :tada:

GaryGSC

comment created time in a day

push eventnodejs/node

garygsc

commit sha 64744a282e661a426d2092901bb7f4f02a0cb746

buffer: add {read|write}Big[U]Int64{BE|LE} methods Backport-PR-URL: https://github.com/nodejs/node/pull/30361 PR-URL: https://github.com/nodejs/node/pull/19691 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>

view details

push time in a day

PR closed nodejs/node

[v10.x] tls: support TLS min/max protocol defaults in CLI lts-watch-v10.x semver-minor tls v10.x

See https://github.com/nodejs/node/issues/27666 and https://github.com/nodejs/node/pull/27432#issuecomment-490220062

<!-- Thank you for your pull request. Please provide a description above and review the requirements below.

Bug fixes and new features should include tests and possibly benchmarks.

Contributors guide: https://github.com/nodejs/node/blob/master/CONTRIBUTING.md -->

Checklist

<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->

  • [ ] make -j4 test (UNIX), or vcbuild test (Windows) passes
  • [ ] tests and/or benchmarks are included
  • [ ] documentation is changed or added
  • [ ] commit message follows commit guidelines
+174 -10

37 comments

12 changed files

sam-github

pr closed time in 2 days

pull request commentnodejs/node

[v10.x] tls: support TLS min/max protocol defaults in CLI

Landed in 1cfb45732a

sam-github

comment created time in 2 days

push eventnodejs/node

Sam Roberts

commit sha 1cfb45732a9b257d0c039cae76789757426f263a

tls: support TLS min/max protocol defaults in CLI Backport CLI switches for default TLS versions: - `--tls-max-v1.2` - `--tls-min-v1.0` - `--tls-min-v1.1` - `--tls-min-v1.2` PR-URL: https://github.com/nodejs/node/pull/27946 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>

view details

push time in 2 days

pull request commentnodejs/node

[v10.x] tls: support TLS min/max protocol defaults in CLI

Added https://github.com/nodejs/node/pull/27500 to v10.x, hopefully, clears up the last error.

sam-github

comment created time in 2 days

push eventnodejs/node

cjihrig

commit sha f1a8791316a5db1c3727e0a337f87b437cf2635e

test: allow EAI_FAIL in test-http-dns-error.js EAI_FAIL is expected on OpenBSD, and has been observed on platforms such as FreeBSD and Windows. This commit makes EAI_FAIL an acceptable error code on all platforms. PR-URL: https://github.com/nodejs/node/pull/27500 Fixes: https://github.com/nodejs/node/issues/27487 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com>

view details

push time in 2 days

pull request commentnodejs/node

[v10.x] tls: support TLS min/max protocol defaults in CLI

@rsam I've just cherry-picked some additional 'mark as flaky' commits on to v10.x-staging. Hopefully, CI will be better now 🤞

sam-github

comment created time in 2 days

push eventnodejs/node

João Reis

commit sha 4b9a77909bbbef5007fe755a73737dc6e1f80bd2

test: mark tests as flaky PR-URL: https://github.com/nodejs/node/pull/30848 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Rich Trott <rtrott@gmail.com>

view details

push time in 2 days

PR closed nodejs/node

[10.x] test: Mark test-http2-client-upload as flaky on 10.x test v10.x

This test is failing ci a lot and is already marked as flaky on master and 12.x

+8 -0

8 comments

1 changed file

AshCripps

pr closed time in 2 days

pull request commentnodejs/node

[10.x] test: Mark test-http2-client-upload as flaky on 10.x

Landed in a8fd8a1a61

AshCripps

comment created time in 2 days

push eventnodejs/node

AshCripps

commit sha a8fd8a1a61950a2e3d926e812cf4743b23f27f1b

test: mark http2 tests as flaky on 10.x These tests are already marked as flaky on 12.x and master. PR-URL: https://github.com/nodejs/node/pull/31887 Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>

view details

push time in 2 days

pull request commentnodejs/node

[v10.x]: Backport instance data

Possibly will not get a green CI on this until https://github.com/nodejs/node/pull/31887 lands (@ashcripps and I are currently working on backporting the appropriate flaky test markers from v12.x)

gabrielschulhof

comment created time in 2 days

pull request commentnodejs/node

[10.x] test: Mark test-http2-client-upload as flaky on 10.x

I've cherry-picked #27277 on to the staging branch, hopefully that'll help us get stable CI's.

AshCripps

comment created time in 6 days

push eventnodejs/node

Refael Ackermann

commit sha 2315270cb6bd54858fce2e669e23f34f5ddc2308

test: try to stabalize test-child-process-fork-exec-path.js PR-URL: https://github.com/nodejs/node/pull/27277 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

view details

push time in 6 days

push eventCloudNativeJS/cloud-health-connect

Bethany Nicolle Griggs

commit sha c73dbe78fa0114685f78b3dd9d12eae5292cf3ed

chore(package): update sinon to version 9.0.0 (#55) Closes #47 Co-authored-by: greenkeeper[bot] <23040076+greenkeeper[bot]@users.noreply.github.com>

view details

push time in 6 days

PR merged CloudNativeJS/cloud-health-connect

chore(package): update sinon to version 9.0.0

Closes #47

Our CI failed with the upgrade to v8.x of Sinon, let's try v9.x 🤞

+1 -1

1 comment

1 changed file

BethGriggs

pr closed time in 6 days

PR closed CloudNativeJS/cloud-health-connect

Update sinon to the latest version 🚀 greenkeeper

The devDependency sinon was updated from 7.5.0 to 8.0.0.

This version is not covered by your current version range.

If you don’t accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update.


Publisher: mrgnrdrck License: BSD-3-Clause

Find out more about this release.


<details> <summary>FAQ and help</summary>

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper. </details>


Your Greenkeeper bot :palm_tree:

+1 -1

5 comments

1 changed file

greenkeeper[bot]

pr closed time in 6 days

PR opened CloudNativeJS/cloud-health-connect

chore(package): update sinon to version 9.0.0

Closes #47

Out CI failed with the upgrade to v8.x of Sinon, let's try v9.x 🤞

+1 -1

0 comment

1 changed file

pr created time in 7 days

push eventCloudNativeJS/cloud-health-connect

Bethany Nicolle Griggs

commit sha df9a71d00a5497b749849ebfb90619a9e3096154

chore(package): update @types/mocha to version 7.0.1 (#53) Closes #52 Co-authored-by: greenkeeper[bot] <23040076+greenkeeper[bot]@users.noreply.github.com>

view details

push time in 7 days

PR closed CloudNativeJS/cloud-health-connect

Update @types/mocha to the latest version 🚀 greenkeeper

The devDependency @types/mocha was updated from 5.2.7 to 7.0.0.

This version is not covered by your current version range.

If you don’t accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update.


Publisher: types License: MIT

Find out more about this release.


<details> <summary>FAQ and help</summary>

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper. </details>


Your Greenkeeper bot :palm_tree:

+1 -1

2 comments

1 changed file

greenkeeper[bot]

pr closed time in 7 days

pull request commentnodejs/node

[v10.x]: Backport instance data

@gabrielschulhof yes, but I'm unsure on the timing of the release (https://github.com/nodejs/Release/issues/504 need updating).

gabrielschulhof

comment created time in 7 days

issue openednodejs/build

arm cross-compile failures for v10.x

Not sure if this has been raised already, I've hit a few arm-cross compile failures when trying to run CI on v10.x.

https://ci.nodejs.org/job/node-cross-compile/nodes=cross-compiler-armv6-gcc-4.9.4/27790

14:34:47 FATAL: java.nio.channels.ClosedChannelException
14:34:47 java.nio.channels.ClosedChannelException
14:34:47 Also:   hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from 137.116.94.125/137.116.94.125:4035

https://ci.nodejs.org/job/node-cross-compile/nodes=cross-compiler-armv6-gcc-4.9.4/27789 and https://ci.nodejs.org/job/node-cross-compile/nodes=cross-compiler-armv6-gcc-4.9.4/27788/

13:45:02 java.lang.OutOfMemoryError: Java heap space
13:45:02 Caused: java.io.IOException: Remote call on JNLP4-connect connection from 137.116.94.125/137.116.94.125:4035 failed
13:45:02 	at hudson.remoting.Channel.call(Channel.java:961)
13:45:02 	at hudson.remoting.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:283)

created time in 8 days

pull request commentcodewind-resources/nodeExpressTemplate

Use pino instead of log4js

Maybe ping @tobespc?

sam-github

comment created time in 8 days

Pull request review commentnodejs/node

v13.9.0 proposal

 </tr> <tr> <td>+<a href="#13.8.0">13.9.0</a><br/>
<a href="#13.9.0">13.9.0</a><br/>
codebytere

comment created time in 8 days

Pull request review commentbajtos/talks

Hold my context!

+# Hold my context!++☝️  _the presentation title_☝️++## Short summary for display++Preserving contextual data across asynchronous calls have been always tricky+in Node.js land. Traditional runtimes like C and Java can utilize thread-local+storage, which obviously does not work for Node's single-threaded event loop.
storage, which does not work for Node's single-threaded event loop.
bajtos

comment created time in 8 days

issue commentnodejs/package-maintenance

Meeting: Test Tooling Breakout Session

Uploaded the recording to YouTube - https://www.youtube.com/watch?v=F3WDWokqrhU

BethGriggs

comment created time in 9 days

issue commentnodejs/package-maintenance

Meeting: Test Tooling Breakout Session

Summary of discussions on 2020-02-13

How can a module author test the health of their module tree?

  • For module authors testing the health of their parents/tree is less important.
  • There is merit in CITGM having the ability to test a modules dependency tree for Node.js.

How can a module author test whether their changes are going to impact modules that depend on them?

  • Can we leverage CITGM for this?
    • CITGM is resource-intensive.
  • A suggestion of a service like GreenKeeper in reverse direction - figure out dependents on npm, sort/filter them, and then automatically run tests in that projects CI.
  • Differentiate between what the cause of the failures - were the module's tests passing before?
  • Subscription/opt-in service for the modules?
  • How do we manage forks?
  • What if the module has an LTS policy?

Tooling prototype

  1. Get a list of the modules that depend on a given module.
    • via npm?
      • check whether there is an npm API to find out the list of depended on
      • open RFC for deps vs dev deps
    • via GitHub API?
  2. Apply filters to those modules.
    • filter by stability, downloads, etc.?
  3. Running tests.
    • Open PR to update the package.json to updated module version, which will run CI in the modules own CI setup.
    • Could be a draft pull request that is then updated to be non-draft when the module version is released.

Actions

  • Adding this to the package maintenance meeting agenda to provide a summary.
  • Work to start on the prototype/call for volunteers.
    • @andrewhughes101 may have some time to help out
  • We'll spin-off breakout meetings as required.
BethGriggs

comment created time in 9 days

push eventnodejs/Release

Danielle Adams

commit sha 0a2340d59055d0fa365c2c497fd81421b5999513

doc: remove section for marking release LTS (#531) This documentation was moved to Releases.md in https://github.com/nodejs/node/pull/31724 Refs: https://github.com/nodejs/node/pull/31724

view details

push time in 12 days

PR merged nodejs/Release

Remove section for marking release LTS

Remove directions for marking release as LTS from Release repo. First step, for https://github.com/nodejs/Release/issues/530.

Docs moved to here: https://github.com/nodejs/node/pull/31724

+1 -29

0 comment

1 changed file

danielleadams

pr closed time in 12 days

issue closednodejs/Release

Node.js Foundation Release WorkGroup Meeting 2020-02-13

Time

UTC Thu 13-Feb-2020 16:00 (04:00 PM):

Timezone Date/Time
US / Pacific Thu 13-Feb-2020 08:00 (08:00 AM)
US / Mountain Thu 13-Feb-2020 09:00 (09:00 AM)
US / Central Thu 13-Feb-2020 10:00 (10:00 AM)
US / Eastern Thu 13-Feb-2020 11:00 (11:00 AM)
London Thu 13-Feb-2020 16:00 (04:00 PM)
Amsterdam Thu 13-Feb-2020 17:00 (05:00 PM)
Moscow Thu 13-Feb-2020 19:00 (07:00 PM)
Chennai Thu 13-Feb-2020 21:30 (09:30 PM)
Hangzhou Fri 14-Feb-2020 00:00 (12:00 AM)
Tokyo Fri 14-Feb-2020 01:00 (01:00 AM)
Sydney Fri 14-Feb-2020 03:00 (03:00 AM)

Or in your local time:

  • http://www.timeanddate.com/worldclock/fixedtime.html?msg=Node.js+Foundation+Release%20WorkGroup+Meeting+2020-02-13&iso=20200213T16
  • or http://www.wolframalpha.com/input/?i=04PM+UTC%2C+Feb+13%2C+2020+in+local+time

Links

Agenda

Extracted from Release-agenda labelled issues and pull requests from the nodejs org prior to the meeting.

nodejs/Release

  • Defining a word for all current releases #359

Invited

  • Release team: @nodejs/release
  • LTS team: @nodejs/lts

Observers/Guests

Notes

The agenda comes from issues labelled with Release-agenda across all of the repositories in the nodejs org. Please label any additional issues that should be on the agenda before the meeting starts.

Joining the meeting

Join URL: https://zoom.us/j/157618869

Invitees

Please use the following emoji reactions in this post to indicate your availability.

  • :+1: - Attending
  • :-1: - Not attending
  • :confused: - Not sure

closed time in 13 days

mhdawson

issue commentnodejs/package-maintenance

Meeting: Test Tooling Breakout Session

Because the Website Redesign is at the same time as this call, we'll be unable to use the Community Zoom account. I've scheduled a meeting under my personal account but that means we will not be able to stream. It may be possible to record the meeting, and we'll aim to take some good minutes/notes and to populate issues on the package maintenance board.

Zoom - https://us04web.zoom.us/j/157787412

BethGriggs

comment created time in 13 days

issue commentnodejs/package-maintenance

Meeting: Test Tooling Breakout Session

@bcoe, this will be more around discussing use cases/requirements for tooling to support the package maintenance efforts, rather than test tooling in general.

The types of discussion I anticipate will happen:

  • How can we test across multiple Node.js versions?
  • How can a module author test the health of their module tree?
  • How can a module author test whether their changes are going to impact modules that depend on them?
  • Can we leverage CITGM for this? Or should we prototype something else?

I hope that clarifies the scope a bit!

BethGriggs

comment created time in 13 days

issue commentnodejs/Release

Node.js Foundation Release WorkGroup Meeting 2020-02-13

ping @nodejs/release?

mhdawson

comment created time in 13 days

Pull request review commentnodejs/node-core-utils

git-node: add --backport flag to land

 class LinkParser {     return result;   } +  getPRUrlsFromArray(arr) {+    const result = [];+    for (const item of arr) {+      const m = item.match(PR_RE);+      if (!m) continue;+      const ref = m[1];+      const url = this.getRefUrlFromOP(ref);+      if (url) result.push(url);+    }+    return result;+  }+   // Do this so we can reliably get the correct url.   // Otherwise, the number could reference a PR or an issue.   getRefUrlFromOP(ref) {

Potentially rename to getUrlFromOP as it now returns more than just refs?

andrewhughes101

comment created time in 13 days

Pull request review commentnodejs/node-core-utils

git-node: add --backport flag to land

 class LinkParser {     return result;   } +  getPRUrlsFromArray(arr) {+    const result = [];+    for (const item of arr) {+      const m = item.match(PR_RE);+      if (!m) continue;+      const ref = m[1];

Should this variable be named something along the lines of prUrl rather than ref?

andrewhughes101

comment created time in 13 days

PR opened nodejs/package-maintenance

doc: add minutes for 2020-02-11

Fixes: https://github.com/nodejs/package-maintenance/issues/314

Please let me know if I missed you off the list (I copied the attendee list from the minutes) :pray:

+70 -0

0 comment

1 changed file

pr created time in 14 days

create barnchBethGriggs/package-maintenance

branch : 2020-02-11-meeting

created branch time in 14 days

issue commentnodejs/Release

Node.js Foundation Release WorkGroup Meeting 2020-02-13

There is not anything new on the agenda for this week, let me know if you're +1 to cancelling or if there is anything we should discuss @nodejs/releasers

As an FYI, build are starting to consider Node.js 14 platform requirements (https://github.com/nodejs/build/issues/2168).

mhdawson

comment created time in 14 days

push eventCloudNativeJS/cloudnativejs.io

Bethany Nicolle Griggs

commit sha 978971b1c9bf5c9e26060cd3c2e5b08d6fefd3e4

module insights: remove from homepage (#60) * modules: remove from homepage * css: change sponsor section to white background * images: remove module insights svg

view details

push time in 15 days

PR merged CloudNativeJS/cloudnativejs.io

Reviewers
module insights: move from homepage pending
+1 -103

0 comment

4 changed files

BethGriggs

pr closed time in 15 days

issue openednodejs/Release

Move steps/process documentation over to nodejs/node

In a similar vein to #522 - As discussed in the previous WG meetings, move Releaser process steps over to Releases.md nodejs/node.

So far the only section I could identify as a candidate to be moved to Releases.md was https://github.com/nodejs/Release#marking-a-release-line-as-lts

  • Remove https://github.com/nodejs/Release#marking-a-release-line-as-lts from Node.js Release README
  • Add to https://github.com/nodejs/node/blob/master/doc/releases.md as a new heading (probably before the "Major Releases" heading)

//cc @danielleadams as I believe you volunteered for this

created time in 16 days

push eventnodejs/Release

Bethany Nicolle Griggs

commit sha ae09392b7e64fa1a947e27556427c3b19d487fc2

doc: add minutes for 2020-01-30 (#528) Fixes: https://github.com/nodejs/Release/issues/527

view details

push time in 16 days

PR merged nodejs/Release

doc: add minutes for 2020-01-30

Fixes: https://github.com/nodejs/Release/issues/527

Please let me know/suggest changes if you were there - I just copied the names over from the minutes

+45 -0

0 comment

1 changed file

BethGriggs

pr closed time in 16 days

issue closednodejs/Release

Node.js Foundation Release WorkGroup Meeting 2020-01-30

Time

UTC Thu 30-Jan-2020 16:00 (04:00 PM):

Timezone Date/Time
US / Pacific Thu 30-Jan-2020 08:00 (08:00 AM)
US / Mountain Thu 30-Jan-2020 09:00 (09:00 AM)
US / Central Thu 30-Jan-2020 10:00 (10:00 AM)
US / Eastern Thu 30-Jan-2020 11:00 (11:00 AM)
London Thu 30-Jan-2020 16:00 (04:00 PM)
Amsterdam Thu 30-Jan-2020 17:00 (05:00 PM)
Moscow Thu 30-Jan-2020 19:00 (07:00 PM)
Chennai Thu 30-Jan-2020 21:30 (09:30 PM)
Hangzhou Fri 31-Jan-2020 00:00 (12:00 AM)
Tokyo Fri 31-Jan-2020 01:00 (01:00 AM)
Sydney Fri 31-Jan-2020 03:00 (03:00 AM)

Or in your local time:

  • http://www.timeanddate.com/worldclock/fixedtime.html?msg=Node.js+Foundation+Release%20WorkGroup+Meeting+2020-01-30&iso=20200130T16
  • or http://www.wolframalpha.com/input/?i=04PM+UTC%2C+Jan+30%2C+2020+in+local+time

Links

Agenda

Extracted from Release-agenda labelled issues and pull requests from the nodejs org prior to the meeting.

nodejs/node

  • v12.15.0 release proposal #31368

nodejs/Release

  • Defining a word for all current releases #359

Invited

  • Release team: @nodejs/release
  • LTS team: @nodejs/lts

Observers/Guests

Notes

The agenda comes from issues labelled with Release-agenda across all of the repositories in the nodejs org. Please label any additional issues that should be on the agenda before the meeting starts.

Joining the meeting

Join URL: https://zoom.us/j/157618869

Invitees

Please use the following emoji reactions in this post to indicate your availability.

  • :+1: - Attending
  • :-1: - Not attending
  • :confused: - Not sure

closed time in 16 days

mhdawson

Pull request review commentnodejs/node

doc: update security release process

  The security release process covers the steps required to plan/implement a security release. This document is copied into the description of the Next-Security Release, and used to track progess on the release. It contains-***TEXT LIKE THIS*** which will be replaced during the release process with-the information described.+Security Release, and used to track progess on the release. It contains ***TEXT+LIKE THIS*** which will be replaced during the release process with the+information described.  ## Planning -* [ ] Open an issue in the private security repo titled `Next Security Release`-  and add this planning checklist to the description.+* [ ] Open an [issue](https://github.com/nodejs-private/node-private) titled+  `Next Security Release`, and put this checklist in the description.  * [ ] Get agreement on the list of vulnerabilities to be addressed:-  * ***LINKS TO VULNS...***+  * ***H1 REPORT LINK***: ***DESCRIPTION*** (***CVE or H1 CVE request link***)+    * v10.x, v12.x: ***LINK to PR URL***+  * ...++* [ ] PR release announcements in [private](https://github.com/nodejs-private/nodejs.org-private):+  * (Use previous PRs as templates, don't forget to update the site banner, and+    the date in the slug so that it will move to the top of the blog list.)+  * [ ] pre-release: ***LINK TO PR***+  * [ ] post-release: ***LINK TO PR***  * [ ] Get agreement on the planned date for the release: ***RELEASE DATE*** -* [ ] Validate that all vulnerabilities have been assigned a CVE. Upstream deps-  such as OpenSSL and NPM will have CVEs, issues reported on H1 may have CVEs,-  otherwise allocate them by following the-  [cve_management_process](https://github.com/nodejs/node/blob/master/doc/guides/cve_management_process.md).+* [ ] Get release team volunteers for all affected lines:+  * v12.x: ***NAME of RELEASER(S)***+  * ... other lines, if multiple releasers -* [ ] Co-ordinate with the Release team members to line up one or more releasers-  to do the releases on the agreed date. Releaser: ***NAME of RELEASER(S)***+## Announcement (one week in advance of the planned release) -* [ ] Prep for the security announcements by getting agreement on drafts (use-  previously announced releases as the template):-  * pre-release: ***LINK TO COMMENT ON THIS ISSUE CONTAINING DRAFT***-  * post-release: ***LINK TO COMMENT ON THIS ISSUE CONTAINING DRAFT***+* [ ] Check that all vulnerabilities are ready for release integration:+  * PRs against all affected release lines or cherry-pick clean+  * Approved+  * Pass `make test`+  * Have CVEs+  * Described in the pre/post announcements -## Announcement (one week in advance of the planned release)+* [ ] Pre-release announcement [email][]: ***LINK TO EMAIL***+  (Get access from existing manager: Ben Noordhuis, Rod Vagg, Michael Dawson) -* [ ] Send pre-release announcement to-  https://groups.google.com/forum/#!forum/nodejs-sec.-  One of the existing managers can give access (Ben-  Noordhuis, Rod Vagg, Michael Dawson). ***LINK TO EMAIL***--* [ ] Post pre-release announcement in vulnerabilities section of Nodejs.org-  blog (https://github.com/nodejs/nodejs.org/tree/master/locale/en/blog/vulnerability).-  Use last pre-release announcement as a template (it includes blog metadata-  such as updates to the banner on the Node.js website to indicate security-  releases are coming).  Submit PR and land immediately. Text was already-  reviewed in security repo.  ***LINK TO BLOG PR AND POST***--* [ ] Open an issue in the build working repository with a notification of the-  date for the security release.  Use this issue to co-ordinate with the build-  team to ensure there will be coverage/availability of build team resources the-  day of the release. Those who volunteer from the build WG should be available-  in node/build during the release in case they are needed by the individual-  doing the release. ***LINK TO BUILD ISSUE***+* [ ] Pre-release announcement to nodejs.org blog: ***LINK TO BLOG***+  (Re-PR the pre-approved branch from nodejs-private/nodejs.org-private to+  nodejs/nodejs.org)++* [ ] Request releaser(s) to start integrating the PRs to be released.++* [ ] Notify [docker-node][] of upcoming security release date: ***LINK***  ## Release day +* [ ] [Lock CI](https://github.com/nodejs/build/blob/master/doc/jenkins-guide.md#before-the-release)+> FIXME: Whoever is doing the Node.js release should have sufficient privs to+> do this+ * [ ] The releaser(s) run the release process to completion.+> FIXME: this process is a bit different from the normal release process

I think https://github.com/nodejs/node/blob/master/doc/releases.md would be a good place to incorporate the security-specific steps for the releaser. (We already have the step of adding "This is a security release." to the changelog listed in that doc.)

sam-github

comment created time in 18 days

issue commentnodejs/package-maintenance

Meeting: Test Tooling Breakout Session

Thursday 13th February 5PM - 6PM UTC looks good for those that have completed the poll. I think we should start with that time and iterate from there. I'll work on adding to the Node.js calendar so that we can use the Zoom account.

So far it looks like it'll be @dominykas, @mhdawson, @andrewhughes101, and myself. Ping @nodejs/citgm in case they're interested.

BethGriggs

comment created time in 19 days

issue commentnodejs/node

Error retrieving entropy since OpenSSL 1.1.1d

/cc @nodejs/platform-ppc

reshnm

comment created time in 19 days

PR opened nodejs/TSC

doc: add minutes for 2020-02-05

Fixes: https://github.com/nodejs/TSC/issues/810

+81 -0

0 comment

1 changed file

pr created time in 19 days

create barnchBethGriggs/TSC

branch : 2020-02-05-minutes

created branch time in 19 days

fork BethGriggs/TSC

The Node.js Technical Steering Committee

fork in 20 days

push eventBethGriggs/Release

Bethany Nicolle Griggs

commit sha 88768d62305748319eeb2c79a6f4a1a66b015a61

doc: add minutes for meeting 2019-01-17 (#408)

view details

Sakthipriyan Vairamani

commit sha 6047ab47cc1c392392deb407a1490f69508c4918

reflect James's current status correctly If I am not mistaken, either the Emeritus list has to be fixed or the current members list.

view details

Antoine du HAMEL

commit sha 2bf2ea36a162571c0aee21f813f51de790c08feb

Use SVG instead of PNG for the schedule image

view details

Tierney Cyren

commit sha d79acf6f2bb47494d90b94d475c127eb5fa9654c

Update statement on odd-numbered update statement This updates a statement that odd-numbered releases are fully EOL once the next even-numbered release is cut. This seems to be reflected in the [release schedule](https://github.com/nodejs/Release/blob/master/schedule.json#L44), and in a [twitter thread](https://twitter.com/MylesBorins/status/989191105152520192) discussing this topic.

view details

Tierney Cyren

commit sha d9efc7e78e7430e4faaafa68558d913b60a189d1

Fix typos

view details

Tierney Cyren

commit sha f7a216c41a90d926d3b24af4c3297ff37ccde0b7

Add more context about security releases vs. non-security

view details

Tierney Cyren

commit sha 507be0d2f92986e72983f03cc3b03d6d5234711c

Fix tpyo

view details

Tierney Cyren

commit sha e31b4d7754864c4158b13e7f2ba0dc99c735a75b

Use @mhdawson's suggestion for describing odd releases

view details

Bethany Nicolle Griggs

commit sha a2ed0b79fcfe396917e10afd56f85b491d3a6c1f

doc: add minutes for meeting 2019-01-31 (#413) * doc: add minutes for meeting 2019-01-31 * fixup! Co-Authored-By: BethGriggs <bethany.griggs@uk.ibm.com>

view details

Rod Vagg

commit sha f44a80f923338ad6ef4f97df17ad4be54384139c

doc: update the releaser onboarding process and rules (#393) * guidance on SSH key complexity * notes about SSH & GPG key compromise * rules for starting new LTS releases (start with a Current)

view details

Michael Dawson

commit sha eb91c94681ea968a69bf4a4fe85c656ed44263b3

doc: update to reflect N-API (#410) * doc: update to reflect N-API * squash: accept suggestion Co-Authored-By: mhdawson <michael_dawson@ca.ibm.com>

view details

Myles Borins

commit sha fb42610326cf0ed48d67f6956738c1e61a394071

doc: update 6.x EOL (#425)

view details

Bethany Nicolle Griggs

commit sha 2e839d1e5921a509c9522054c7ad3bdf6a6ea126

doc: add minutes for meeting 2019-03-14 (#427)

view details

Rod Vagg

commit sha e6e40c1728bd8f594a7f6aa0e2713c14996a0b79

doc: sync team membership (remove rvagg, and jasnell)

view details

Bethany Nicolle Griggs

commit sha f4ae92f443f57f4b8f0716859a9a64ba055caac4

doc: update release dates (#434) * doc: update release dates * fixup: indentation * doc: add v14.x to timeline * fixup: extend v13.x maintenance to remove "current" gap * schedule: add release timeline svg * schedule: add codenames for LTS releases * schedule: update v14.x current date

view details

Rod Vagg

commit sha 0e0b592273104d1cca9154588092654b932659b1

doc: sync team membership (remove rvagg) (#438)

view details

OttNorml

commit sha 6a964d64d8613e5ea5b97c5aeb7897e827af8aac

doc: rename 2019-03-14 to 2019-03-14.md (#441)

view details

Ruben Bridgewater

commit sha 87c98116e471e86a66dc39ebe703d3394323f8da

Update README.md with newest schedule information (#440)

view details

Bethany Nicolle Griggs

commit sha c18767db4954bbb29d02c7f60ff5769fc322a0fe

doc: add minutes for 2019-05-09 (#445)

view details

Anthony Maton

commit sha c7be2c8908acd876a4393ff90c62100942ebba1b

doc: transfer 11.x to End-of-Life Releases (#455) According to the release schedule, 11.x is End-of-Life starting at the 2019-06-01. This commit reflects this change in the `README.md` by moving 11.x from the Release schedule to the End-of-Life Releases.

view details

push time in 20 days

PR opened nodejs/Release

doc: add minutes for 2020-01-30

Fixes: https://github.com/nodejs/Release/issues/527

Please let me know/suggest changes if you were there - I just copied the names over from the minutes

+45 -0

0 comment

1 changed file

pr created time in 20 days

push eventBethGriggs/Release

Beth Griggs

commit sha 4c7ef3508411410ae39cbf76ab1bf4913030d054

doc: add minutes for 2020-01-30 Fixes: https://github.com/nodejs/Release/issues/527

view details

push time in 20 days

push eventBethGriggs/Release

Beth Griggs

commit sha 36956d1a55d1a0296fff385a5af6af966da035ab

doc: add minutes for 2020-01-30 Fixes: https://github.com/nodejs/Release/issues/527

view details

push time in 20 days

create barnchBethGriggs/Release

branch : 2020-01-30-minutes

created branch time in 20 days

issue commentnodejs/build

Lockdown of CI for Feb 2020 security releases

Releases are out - CI can be opened back up

BethGriggs

comment created time in 20 days

PullRequestEvent

PR closed nodejs/docker-node

[WIP] Update Node.js 10, 12, 13 for 2020-01 security updates

See:

  • https://nodejs.org/en/blog/release/v10.19.0
  • https://nodejs.org/en/blog/release/v12.15.0
  • https://nodejs.org/en/blog/release/v13.8.0
+30 -30

7 comments

22 changed files

PeterDaveHello

pr closed time in 20 days

pull request commentnodejs/docker-node

[WIP] Update Node.js 10, 12, 13 for 2020-01 security updates

Ah sorry, the SHASUMS for v13.8.0 should now be available

PeterDaveHello

comment created time in 20 days

issue commentnodejs/node

v13.8.0 unsigned

Ah sorry, I've just run ./tools/release.sh -s v13.8.0 and updated the blog post in nodejs/nodejs.org#2936.

I'll take a look at updating the security blog post (I think @sam-github would typically cover that, but due to timezones it probably makes sense for me to try and update it rather than wait)

rvagg

comment created time in 20 days

push eventnodejs/nodejs.org

Bethany Nicolle Griggs

commit sha 247682eb6253802186a753b0b3208bf03a7b85bf

Blog: v13.8.0 release post - add missing SHAs (#2936) Refs: https://github.com/nodejs-private/node-private/pull/196 Refs: https://github.com/nodejs/node/issues/31657

view details

push time in 20 days

PR merged nodejs/nodejs.org

Blog: v13.8.0 release post - add missing SHAs

Refs: https://github.com/nodejs-private/node-private/pull/196 Refs: https://github.com/nodejs/node/issues/31657

+50 -2

0 comment

1 changed file

BethGriggs

pr closed time in 20 days

PR opened nodejs/nodejs.org

Blog: v13.8.0 release post - add missing SHAs

Refs: https://github.com/nodejs-private/node-private/pull/196 Refs: https://github.com/nodejs/node/issues/31657

+50 -2

0 comment

1 changed file

pr created time in 20 days

push eventBethGriggs/nodejs.org

Bethany Nicolle Griggs

commit sha a2a8a53de5d4d676404198f93dde0331db45b061

Blog: v13.8.0 release post (#2933) Refs: https://github.com/nodejs-private/node-private/pull/196

view details

Beth Griggs

commit sha 619447557096474a46d22ff8f3b8ca522dd68b08

Blog: v13.8.0 release post - add missing SHAs Refs: https://github.com/nodejs-private/node-private/pull/196

view details

push time in 20 days

create barnchBethGriggs/nodejs.org

branch : v13.8.0-release-post-patch

created branch time in 20 days

release nodejs/node

v13.8.0

released time in 20 days

release nodejs/node

v12.15.0

released time in 20 days

release nodejs/node

v10.19.0

released time in 20 days

delete branch BethGriggs/nodejs.org

delete branch : v12.15.0-blog

delete time in 20 days

delete branch BethGriggs/nodejs.org

delete branch : v10.19.0-blog

delete time in 20 days

delete branch BethGriggs/nodejs.org

delete branch : v13.8.0-blog

delete time in 20 days

push eventnodejs/nodejs.org

Bethany Nicolle Griggs

commit sha a2a8a53de5d4d676404198f93dde0331db45b061

Blog: v13.8.0 release post (#2933) Refs: https://github.com/nodejs-private/node-private/pull/196

view details

push time in 20 days

PR merged nodejs/nodejs.org

Blog: v13.8.0 release post

Refs: https://github.com/nodejs-private/node-private/pull/196

+56 -0

0 comment

1 changed file

BethGriggs

pr closed time in 20 days

push eventBethGriggs/nodejs.org

Bethany Nicolle Griggs

commit sha b9602ab02b2499e4ddc25b62227344ad2f93edc4

Blog: v10.19.0 release post (#2935) Refs: https://github.com/nodejs-private/node-private/pull/198

view details

Bethany Nicolle Griggs

commit sha 5ecac2c84242e0374a74cbce25f586142d1ee4ee

Blog: v12.15.0 release post (#2934) Refs: https://github.com/nodejs-private/node-private/pull/197

view details

Bethany Nicolle Griggs

commit sha 916078ba63368231001a8ed18319f5c8152a1482

Merge branch 'master' into v13.8.0-blog

view details

push time in 20 days

push eventnodejs/nodejs.org

Bethany Nicolle Griggs

commit sha 5ecac2c84242e0374a74cbce25f586142d1ee4ee

Blog: v12.15.0 release post (#2934) Refs: https://github.com/nodejs-private/node-private/pull/197

view details

push time in 20 days

PR merged nodejs/nodejs.org

Blog: v12.15.0 release post

Refs: https://github.com/nodejs-private/node-private/pull/197

+108 -0

0 comment

1 changed file

BethGriggs

pr closed time in 20 days

push eventBethGriggs/nodejs.org

Bethany Nicolle Griggs

commit sha b9602ab02b2499e4ddc25b62227344ad2f93edc4

Blog: v10.19.0 release post (#2935) Refs: https://github.com/nodejs-private/node-private/pull/198

view details

Bethany Nicolle Griggs

commit sha 83bd32588e0c3530da2640a194bd99b884846254

Merge branch 'master' into v12.15.0-blog

view details

push time in 20 days

push eventnodejs/nodejs.org

Bethany Nicolle Griggs

commit sha b9602ab02b2499e4ddc25b62227344ad2f93edc4

Blog: v10.19.0 release post (#2935) Refs: https://github.com/nodejs-private/node-private/pull/198

view details

push time in 20 days

PR merged nodejs/nodejs.org

Blog: v10.19.0 release post

Refs: https://github.com/nodejs-private/node-private/pull/198

+109 -0

0 comment

1 changed file

BethGriggs

pr closed time in 20 days

PR opened nodejs/nodejs.org

Blog: v10.19.0 release post

Refs: https://github.com/nodejs-private/node-private/pull/198

+109 -0

0 comment

1 changed file

pr created time in 20 days

PR opened nodejs/nodejs.org

Blog: v12.15.0 release post

Refs: https://github.com/nodejs-private/node-private/pull/197

+108 -0

0 comment

1 changed file

pr created time in 20 days

PR opened nodejs/nodejs.org

Blog: v13.8.0 release post

Refs: https://github.com/nodejs-private/node-private/pull/196

+56 -0

0 comment

1 changed file

pr created time in 20 days

create barnchBethGriggs/nodejs.org

branch : v13.8.0-blog

created branch time in 20 days

create barnchBethGriggs/nodejs.org

branch : v12.15.0-blog

created branch time in 20 days

create barnchBethGriggs/nodejs.org

branch : v10.19.0-blog

created branch time in 20 days

push eventnodejs/node

Beth Griggs

commit sha d602e586bf2baf5889586bde8e072e556db2b273

2020-02-06, Version 10.19.0 'Dubnium' (LTS) This is a security release. Vulnerabilities fixed: * **CVE-2019-15606**: HTTP header values do not have trailing OWS trimmed. * **CVE-2019-15605**: HTTP request smuggling using malformed Transfer-Encoding header. * **CVE-2019-15604**: Remotely trigger an assertion on a TLS server with a malformed certificate string. Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the `--insecure-http-parser` command line flag, or the `insecureHTTPParser` http option. Using the insecure HTTP parser should be avoided. PR-URL: https://github.com/nodejs-private/node-private/pull/198

view details

push time in 20 days

push eventnodejs/node

Sam Roberts

commit sha 2eee90e959ca4abaf53caf238d063c396f2ea17c

http: strip trailing OWS from header values HTTP header values can have trailing OWS, but it should be stripped. It is not semantically part of the header's value, and if treated as part of the value, it can cause spurious inequality between expected and actual header values. Note that a single SPC of leading OWS is common before the field-value, and it is already handled by the HTTP parser by stripping all leading OWS. It is only the trailing OWS that must be stripped by the parser user. header-field = field-name ":" OWS field-value OWS ; https://tools.ietf.org/html/rfc7230#section-3.2 OWS = *( SP / HTAB ) ; https://tools.ietf.org/html/rfc7230#section-3.2.3 Fixes: https://hackerone.com/reports/730779 PR-URL: https://github.com/nodejs-private/node-private/pull/191 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

view details

Fedor Indutny

commit sha f940bee3b7da865e28093472dee9ce664f273f6d

crypto: fix assertion caused by unsupported ext `X509V3_EXT_print` can return value different from `1` if the X509 extension does not support printing to a buffer. Instead of failing with an unrecoverable assertion - replace the relevant value in the hashmap with a JS null value. Fixes: https://hackerone.com/reports/746733 Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/193 PR-URL: https://github.com/nodejs-private/node-private/pull/175 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

view details

Sam Roberts

commit sha a28e5cc1ed7e298118bd3ea8b5b96712467c3703

deps: upgrade http-parser to v2.9.1 PR-URL: https://github.com/nodejs/node/pull/30471 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

view details

Sam Roberts

commit sha a9849c0ff6b4459880f8f6da10e6fedb3c4df620

http: opt-in insecure HTTP header parsing Allow insecure HTTP header parsing. Make clear it is insecure. See: - https://github.com/nodejs/node/pull/30553 - https://github.com/nodejs/node/issues/27711#issuecomment-556265881 - https://github.com/nodejs/node/issues/30515 Backport-PR-URL: https://github.com/nodejs/node/pull/30471 PR-URL: https://github.com/nodejs/node/pull/30567 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Denys Otrishko <shishugi@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>

view details

Sam Roberts

commit sha d616722f65fcfbce57e597f41466e864eba22c4f

test: check that --insecure-http-parser works Test that using --insecure-http-parser will disable validation of invalid characters in HTTP headers. See: - https://github.com/nodejs/node/pull/30567 Backport-PR-URL: https://github.com/nodejs/node/pull/30471 PR-URL: https://github.com/nodejs/node/pull/31253 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>

view details

Anna Henningsen

commit sha 0082f62d9ccf1ef5b12b3bec4e7dfdd1803647ed

http: make --insecure-http-parser configurable per-stream or per-server From the issue: > Some servers deviate from HTTP spec enougth that Node.js can't > communicate with them, but "work" when `--insecure-http-parser` > is enabled globally. It would be useful to be able to use this > mode, as a client, only when connecting to known bad servers. This is largely equivalent to https://github.com/nodejs/node/pull/31446 in terms of code changes. Fixes: https://github.com/nodejs/node/issues/31440 Refs: https://github.com/nodejs/node/pull/31446 Backport-PR-URL: https://github.com/nodejs/node/pull/30471 PR-URL: https://github.com/nodejs/node/pull/31448 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>

view details

Sam Roberts

commit sha 49f4220ce5b92bec68c040f46823e55c27d50517

deps: upgrade http-parser to v2.9.3 PR-URL: https://github.com/nodejs-private/http-parser-private/pull/4 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

view details

Sam Roberts

commit sha e2c8f89b7572a7aea62927923e425bbd7725dca2

test: using TE to smuggle reqs is not possible See: https://hackerone.com/reports/735748 PR-URL: https://github.com/nodejs-private/node-private/pull/192 Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

view details

Beth Griggs

commit sha 5ba7df3c4b81ab695029dacf34a0aa960be71372

2020-02-06, Version 10.19.0 'Dubnium' (LTS) This is a security release. Vulnerabilities fixed: * **CVE-2019-15606**: HTTP header values do not have trailing OWS trimmed. * **CVE-2019-15605**: HTTP request smuggling using malformed Transfer-Encoding header. * **CVE-2019-15604**: Remotely trigger an assertion on a TLS server with a malformed certificate string. Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the `--insecure-http-parser` command line flag, or the `insecureHTTPParser` http option. Using the insecure HTTP parser should be avoided. PR-URL: https://github.com/nodejs-private/node-private/pull/198

view details

Beth Griggs

commit sha c6c6665e1c1292be954462276a10b16585633044

Working on v10.19.1 PR-URL: https://github.com/nodejs-private/node-private/pull/198

view details

push time in 20 days

push eventnodejs/node

Sam Roberts

commit sha 2eee90e959ca4abaf53caf238d063c396f2ea17c

http: strip trailing OWS from header values HTTP header values can have trailing OWS, but it should be stripped. It is not semantically part of the header's value, and if treated as part of the value, it can cause spurious inequality between expected and actual header values. Note that a single SPC of leading OWS is common before the field-value, and it is already handled by the HTTP parser by stripping all leading OWS. It is only the trailing OWS that must be stripped by the parser user. header-field = field-name ":" OWS field-value OWS ; https://tools.ietf.org/html/rfc7230#section-3.2 OWS = *( SP / HTAB ) ; https://tools.ietf.org/html/rfc7230#section-3.2.3 Fixes: https://hackerone.com/reports/730779 PR-URL: https://github.com/nodejs-private/node-private/pull/191 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

view details

Fedor Indutny

commit sha f940bee3b7da865e28093472dee9ce664f273f6d

crypto: fix assertion caused by unsupported ext `X509V3_EXT_print` can return value different from `1` if the X509 extension does not support printing to a buffer. Instead of failing with an unrecoverable assertion - replace the relevant value in the hashmap with a JS null value. Fixes: https://hackerone.com/reports/746733 Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/193 PR-URL: https://github.com/nodejs-private/node-private/pull/175 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

view details

Sam Roberts

commit sha a28e5cc1ed7e298118bd3ea8b5b96712467c3703

deps: upgrade http-parser to v2.9.1 PR-URL: https://github.com/nodejs/node/pull/30471 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

view details

Sam Roberts

commit sha a9849c0ff6b4459880f8f6da10e6fedb3c4df620

http: opt-in insecure HTTP header parsing Allow insecure HTTP header parsing. Make clear it is insecure. See: - https://github.com/nodejs/node/pull/30553 - https://github.com/nodejs/node/issues/27711#issuecomment-556265881 - https://github.com/nodejs/node/issues/30515 Backport-PR-URL: https://github.com/nodejs/node/pull/30471 PR-URL: https://github.com/nodejs/node/pull/30567 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Denys Otrishko <shishugi@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>

view details

Sam Roberts

commit sha d616722f65fcfbce57e597f41466e864eba22c4f

test: check that --insecure-http-parser works Test that using --insecure-http-parser will disable validation of invalid characters in HTTP headers. See: - https://github.com/nodejs/node/pull/30567 Backport-PR-URL: https://github.com/nodejs/node/pull/30471 PR-URL: https://github.com/nodejs/node/pull/31253 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>

view details

Anna Henningsen

commit sha 0082f62d9ccf1ef5b12b3bec4e7dfdd1803647ed

http: make --insecure-http-parser configurable per-stream or per-server From the issue: > Some servers deviate from HTTP spec enougth that Node.js can't > communicate with them, but "work" when `--insecure-http-parser` > is enabled globally. It would be useful to be able to use this > mode, as a client, only when connecting to known bad servers. This is largely equivalent to https://github.com/nodejs/node/pull/31446 in terms of code changes. Fixes: https://github.com/nodejs/node/issues/31440 Refs: https://github.com/nodejs/node/pull/31446 Backport-PR-URL: https://github.com/nodejs/node/pull/30471 PR-URL: https://github.com/nodejs/node/pull/31448 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>

view details

Sam Roberts

commit sha 49f4220ce5b92bec68c040f46823e55c27d50517

deps: upgrade http-parser to v2.9.3 PR-URL: https://github.com/nodejs-private/http-parser-private/pull/4 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

view details

Sam Roberts

commit sha e2c8f89b7572a7aea62927923e425bbd7725dca2

test: using TE to smuggle reqs is not possible See: https://hackerone.com/reports/735748 PR-URL: https://github.com/nodejs-private/node-private/pull/192 Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

view details

Beth Griggs

commit sha 5ba7df3c4b81ab695029dacf34a0aa960be71372

2020-02-06, Version 10.19.0 'Dubnium' (LTS) This is a security release. Vulnerabilities fixed: * **CVE-2019-15606**: HTTP header values do not have trailing OWS trimmed. * **CVE-2019-15605**: HTTP request smuggling using malformed Transfer-Encoding header. * **CVE-2019-15604**: Remotely trigger an assertion on a TLS server with a malformed certificate string. Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the `--insecure-http-parser` command line flag, or the `insecureHTTPParser` http option. Using the insecure HTTP parser should be avoided. PR-URL: https://github.com/nodejs-private/node-private/pull/198

view details

Beth Griggs

commit sha c6c6665e1c1292be954462276a10b16585633044

Working on v10.19.1 PR-URL: https://github.com/nodejs-private/node-private/pull/198

view details

push time in 20 days

more