profile
viewpoint
mary marchini mmarchini @Netflix Bay Area https://mmarchini.me/ BPF and stuff; @nodejs TSC; http://pronoun.is/she

jdewit/bootstrap-timepicker 1666

[Deprecated] A simple timepicker component for Twitter Bootstrap

brendangregg/bpf-perf-tools-book 637

Official repository for the BPF Performance Tools book

mmarchini/docker-node-builder 1

✨Docker images to build Node.js ✨

mmarchini/admin 0

Facilitating joint collaboration amongst the TSC and CommComm

PR closed nodejs/node

doc: change requirements for objection dismissal doc

Previous version would allow dismissal only if the objector is unresponsive to clarifications, but not if they are unresponsive while other collaborators are trying to reach consensus with them. In the spirit of collaboration the objector needs to be open to discuss possible alternatives or should be willing to convince the PR author to drop it. Only if reaching consensus is not possible (either to close the PR or to make changes to it) the issue should be escalated to TSC.

Therefore the guideline is changed to allow dismissal if the objector is unresponsive in the face of "a collaborator proposing a solution or a compromise for the objection". Also adds a note for collaborators to be mindful of holidays and vacations before dismissing an objection.

<!-- Thank you for your pull request. Please provide a description above and review the requirements below.

Bug fixes and new features should include tests and possibly benchmarks.

Contributors guide: https://github.com/nodejs/node/blob/master/CONTRIBUTING.md -->

Checklist

<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->

  • [ ] make -j4 test (UNIX), or vcbuild test (Windows) passes
  • [ ] tests and/or benchmarks are included
  • [ ] documentation is changed or added
  • [ ] commit message follows commit guidelines

<!-- Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. -->

+4 -2

6 comments

1 changed file

mmarchini

pr closed time in 9 hours

pull request commentnodejs/node

doc: change requirements for objection dismissal

Closing as the proposal in the current state can be detrimental to our process for the reasons raised here by @guybedford and @mcollina + discussion in TSC meetings + some discussions in private. Thank you everyone who gave feedback, I'll take those into consideration when bringing more proposals to improve our consensus seeking process 💜

mmarchini

comment created time in 9 hours

PullRequestReviewEvent

Pull request review commentnodejs/docker-node

ci: use github action for automated deployment

+name: Create official images PR++on:+  pull_request_target:+    types:+      - closed

Thanks for testing it. Yes, I missed the master branch is protected here, so we should be good :)

ttshivers

comment created time in 14 hours

Pull request review commentnodejs/docker-node

ci: use github action for automated deployment

+name: Create official images PR++on:+  pull_request_target:+    types:+      - closed

ah right, maybe it works. pull_request_target triggers are kinda meh though, so I wouldn't be surprised if it didn't work.

ttshivers

comment created time in 14 hours

PullRequestReviewEvent

Pull request review commentnodejs/docker-node

ci: use github action for automated deployment

+name: Create official images PR++on:+  pull_request_target:+    types:+      - closed++    paths:+      - "**/Dockerfile"+      - "**/architectures"+      - "**/docker-entrypoint.sh"+      - "generate-stackbrew-library.sh"+      - "functions.sh"++jobs:+  pr:+    runs-on: ubuntu-latest+    if: github.repository_owner == 'nodejs' && github.event.pull_request.merged_by != ''++    steps:+      - name: Checkout the docker-node repo+        uses: actions/checkout@v2+        with:+          path: docker-node+          fetch-depth: 50++      - name: Checkout the official-images repo+        uses: actions/checkout@v2+        with:+          path: official-images+          repository: docker-library/official-images++      - name: Generate Stackbrew for diff+        run: |+          cd docker-node+          ./generate-stackbrew-library.sh > ../official-images/library/node++      - name: Create PR in official-images+        id: create-pr+        uses: peter-evans/create-pull-request@v3+        with:+          token: ${{ secrets.GITHUB_API_TOKEN }}

Yeah it definitely doesn't have permission for the first one. If it was a branch in this repo it could potentially work.

ttshivers

comment created time in 14 hours

PullRequestReviewEvent

issue commentnodejs/admin

GitHub Secret for nodejs/docker-node

I thought that was the case, just wanted to make sure someone tried first :)

(again, I'm +1, I can't approve my fast track request though, and either way we need to wait 72h before setting up secrets on nodejs/docker if folks approve the fast tracking)

nschonni

comment created time in 14 hours

Pull request review commentnodejs/docker-node

ci: use github action for automated deployment

+name: Create official images PR++on:+  pull_request_target:+    types:+      - closed

I see. The downside is that any of the 15 other PRs open right now won't trigger this event unless they are rebased before merge. It also doesn't trigger if someone pushes directly to master.

I'm wondering if: a) we can replace github.event.pull_request.title with the commit message; and b) for pushes coming from PRs, if github.event.pull_request is available (would need to test it in a separate repo).

Not blocking and I'm not familiar with this repo commit workflow, so @nodejs/docker folks will know better which event to use. But pull_request_target has drawbacks, just pointing those so the team makes the right decision.

ttshivers

comment created time in 14 hours

PullRequestReviewEvent

Pull request review commentnodejs/docker-node

ci: use github action for automated deployment

+name: Create official images PR++on:+  pull_request_target:+    types:+      - closed++    paths:+      - "**/Dockerfile"+      - "**/architectures"+      - "**/docker-entrypoint.sh"+      - "generate-stackbrew-library.sh"+      - "functions.sh"++jobs:+  pr:+    runs-on: ubuntu-latest+    if: github.repository_owner == 'nodejs' && github.event.pull_request.merged_by != ''++    steps:+      - name: Checkout the docker-node repo+        uses: actions/checkout@v2+        with:+          path: docker-node+          fetch-depth: 50++      - name: Checkout the official-images repo+        uses: actions/checkout@v2+        with:+          path: official-images+          repository: docker-library/official-images++      - name: Generate Stackbrew for diff+        run: |+          cd docker-node+          ./generate-stackbrew-library.sh > ../official-images/library/node++      - name: Create PR in official-images+        id: create-pr+        uses: peter-evans/create-pull-request@v3+        with:+          token: ${{ secrets.GITHUB_API_TOKEN }}

I'm 90% sure secrets.GITHUB_TOKEN will work here.

ttshivers

comment created time in 14 hours

Pull request review commentnodejs/docker-node

ci: use github action for automated deployment

+name: Create official images PR++on:+  pull_request_target:+    types:+      - closed

Is pull_request_target the best event for this? Why is it better than push?

ttshivers

comment created time in 14 hours

PullRequestReviewEvent
PullRequestReviewEvent

issue commentnodejs/admin

GitHub Secret for nodejs/docker-node

I'm +1 for adding this, but I want to understand why the GITHUB_TOKEN provided by GitHub doesn't work for this use case first. @nschonni have you tried it?

nschonni

comment created time in 15 hours

issue commentnodejs/admin

GitHub Secret for nodejs/docker-node

cc @nodejs/tsc @nodejs/community-committee

We already have secrets for GitHub tokens, which means we can fast-track this (needs two folks from either committee approving the fast track). If we fast-track, this will only need one approval and wait 72h from the time the committees were notified.

nschonni

comment created time in 15 hours

pull request commentnodejs/docker-node

ci: use github action for automated deployment

Still need approval on the admin repo. I can setup the secrets on this repo when request is approved.

ttshivers

comment created time in 15 hours

issue commentnodejs/TSC

V8 currency and Node.js 15

That's what I tried on Ubuntu (WSL2):

$ sudo apt install binutils-arm-linux-gnueabi gcc-arm-linux-gnueabi g++-arm-linux-gnueabi
$ ./configure --dest-cpu=arm
$ make
...
  cc -o /home/mmarchini/workspace/node/out/Release/obj.target/openssl/deps/openssl/openssl/crypto/asn1/a_int.o ../deps/openssl/openssl/crypto/asn1/a_int.c '-DV8_DEPRECATION_WARNINGS' '-DV8_IMMINENT_DEPRECATION_WARNINGS' '-D__STDC_FORMAT_MACROS' '-DOPENSSL_NO_PINSHARED' '-DOPENSSL_THREADS' '-DOPENSSL_NO_HW' '-DOPENSSL_NO_QUIC=1' '-DNDEBUG' '-DOPENSSL_USE_NODELETE' '-DOPENSSL_PIC' '-DOPENSSL_CPUID_OBJ' '-DOPENSSL_BN_ASM_MONT' '-DOPENSSL_BN_ASM_GF2m' '-DSHA1_ASM' '-DSHA256_ASM' '-DSHA512_ASM' '-DKECCAK1600_ASM' '-DAES_ASM' '-DBSAES_ASM' '-DGHASH_ASM' '-DECP_NISTZ256_ASM' '-DPOLY1305_ASM' '-DOPENSSLDIR="/etc/ssl"' '-DENGINESDIR="/dev/null"' '-DTERMIOS' -I../deps/openssl/openssl -I../deps/openssl/openssl/include -I../deps/openssl/openssl/crypto -I../deps/openssl/openssl/crypto/include -I../deps/openssl/openssl/crypto/modes -I../deps/openssl/openssl/crypto/ec/curve448 -I../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I../deps/openssl/config -I../deps/openssl/config/archs/linux-armv4/asm -I../deps/openssl/config/archs/linux-armv4/asm/include -I../deps/openssl/config/archs/linux-armv4/asm/crypto -I../deps/openssl/config/archs/linux-armv4/asm/crypto/include/internal  -pthread -Wall -Wextra -Wno-unused-parameter -Wa,--noexecstack -Wall -O3 -pthread -Wall -O3 -Wno-missing-field-initializers -Wno-old-style-declaration -O3 -fno-omit-frame-pointer  -MMD -MF /home/mmarchini/workspace/node/out/Release/.deps//home/mmarchini/workspace/node/out/Release/obj.target/openssl/deps/openssl/openssl/crypto/asn1/a_int.o.d.raw   -c
In file included from ../deps/openssl/openssl/crypto/armcap.c:18:
../deps/openssl/openssl/crypto/arm_arch.h:55:6: error: #error "unsupported ARM architecture"
   55 | #    error "unsupported ARM architecture"
      |      ^~~~~
make[1]: *** [deps/openssl/openssl.target.mk:850: /home/mmarchini/workspace/node/out/Release/obj.target/openssl/deps/openssl/openssl/crypto/armcap.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:104: node] Error 2

I think I might be missing some dependency.

targos

comment created time in 17 hours

issue commentnodejs/TSC

V8 currency and Node.js 15

Do we have instructions somewhere for cross-compilation? Couldn't find any on BUILDING.md

targos

comment created time in 20 hours

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentnodejs/node

module: CJS exports detection for all CJS modules

(approval on the approach, haven't reviewed the code yet)

guybedford

comment created time in 20 hours

PullRequestReviewEvent

issue commentnodejs/TSC

Node.js Technical Steering Committee (TSC) Meeting 2020-09-24

Removed https://github.com/nodejs/node/pull/35037 from the agenda, we can skip it today.

mhdawson

comment created time in 21 hours

issue commentnodejs/TSC

V8 currency and Node.js 15

I can try to help over the weekend

targos

comment created time in a day

issue commentnodejs/node

PSA: it's now possible to start Jenkins CI by adding `request-ci` label to PRs

Jenkins is shutting down, probably related

mmarchini

comment created time in a day

pull request commentnodejs/node

deps: upgrade to c-ares v1.16.1

Jenkins is shutting down, probably related (there are two jobs on the queue)

codebytere

comment created time in a day

issue commentnodejs/admin

Add SLACK_WEBHOOK secret to nodejs/node

If we don't, I've passed some apps and secrets without proper approvals 😅

mmarchini

comment created time in 2 days

issue commentnodejs/admin

Add SLACK_WEBHOOK secret to nodejs/node

added to commcomm agenda for awareness

mmarchini

comment created time in 2 days

issue commentnodejs/admin

Add SLACK_WEBHOOK secret to nodejs/node

(we don't require 4 votes, we require two from each committee)

mmarchini

comment created time in 2 days

issue commentnodejs/admin

Add SLACK_WEBHOOK secret to nodejs/node

I've been counting each persons vote as one vote, so if they are on two committees they vote counts towards the committee with least votes so far. It doesn't change the fact that we have three TSC votes (you, Shelley and Michaël) and one CommComm vote (Michael). We still need one more from CommComm.

mmarchini

comment created time in 2 days

PR opened pinojs/pino-multi-stream

chore(doc): fix broken links on readme

Fix broken links for pino and bunyan on readme.

+2 -2

0 comment

1 changed file

pr created time in 2 days

push eventmmarchini/pino-multi-stream

mary marchini

commit sha b709b230a4fcc4a166a8a5fdccd9040528651cea

chore(doc): fix broken links on readme Fix broken links for pino and bunyan on readme.

view details

push time in 2 days

fork mmarchini/pino-multi-stream

🌲 A wrapper for Pino to provide Bunyan's multiple stream API

fork in 2 days

PR closed nodejs/node-auto-test

build(deps): bump node-fetch from 2.6.0 to 2.6.1 in /tools/actions dependencies

Bumps node-fetch from 2.6.0 to 2.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bitinn/node-fetch/releases">node-fetch's releases</a>.</em></p> <blockquote> <h2>v2.6.1</h2> <p><strong>This is an important security release. It is strongly recommended to update as soon as possible.</strong></p> <p>See <a href="https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md#v261">CHANGELOG</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md">node-fetch's changelog</a>.</em></p> <blockquote> <h2>v2.6.1</h2> <p><strong>This is an important security release. It is strongly recommended to update as soon as possible.</strong></p> <ul> <li>Fix: honor the <code>size</code> option after following a redirect.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/node-fetch/node-fetch/commit/b5e2e41b2b50bf2997720d6125accaf0dd68c0ab"><code>b5e2e41</code></a> update version number</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334"><code>2358a6c</code></a> Honor the <code>size</code> option after following a redirect and revert data uri support</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/8c197f8982a238b3c345c64b17bfa92e16b4f7c4"><code>8c197f8</code></a> docs: Fix typos and grammatical errors in README.md (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/686">#686</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/1e99050f944ac435fce26a9549eadcc2419a968a"><code>1e99050</code></a> fix: Change error message thrown with redirect mode set to error (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/653">#653</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/244e6f63d42025465796e3ca4ce813bf2c31fc5b"><code>244e6f6</code></a> docs: Show backers in README</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/6a5d192034a0f438551dffb6d2d8df2c00921d16"><code>6a5d192</code></a> fix: Properly parse meta tag when parameters are reversed (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/682">#682</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/47a24a03eb49a49d81b768892aee10074ed54a91"><code>47a24a0</code></a> chore: Add opencollective badge</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/7b136627c537cb24430b0310638c9177a85acee1"><code>7b13662</code></a> chore: Add funding link</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/5535c2ed478d418969ecfd60c16453462de2a53f"><code>5535c2e</code></a> fix: Check for global.fetch before binding it (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/674">#674</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/1d5778ad0d910dbd1584fb407a186f5a0bc1ea22"><code>1d5778a</code></a> docs: Add Discord badge</li> <li>Additional commits viewable in <a href="https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~akepinski">akepinski</a>, a new releaser for node-fetch since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 days

issue closednodejs/node-auto-test

PSA temporarily disabling Actions

Just until we add secrets so the request-ci action doesn't fail all the time.

closed time in 2 days

mmarchini

issue openednodejs/node-auto-test

PSA disabled dependabot alerts in this repository

Too noisy for a automation playgrounds repository mirroring nodejs/node.

created time in 2 days

pull request commentnodejs/node

doc: outline when origin is set to unhandledRejection

@mlarcher nothing else required from your part. We have a minimum wait time of 48h before landing any PRs, so it should be landed tomorrow (or afterwards, depending on collaborators availability)

mlarcher

comment created time in 2 days

pull request commentnodejs/TSC

feat(charter): introduce emergency and async votes

yes, i just haven't had time to do it yet. If someone else wants to do it though, feel free to do so

mmarchini

comment created time in 2 days

issue commentnodejs/build

FYI: rejected request to add Slack integration to this repo

ok just confirmed the user is active here

@aixtools we received your request to add the Slack integration to this repository, but we can't move forward unless the request follows our GitHub App policy. You'll need to open an issue on nodejs/admin requesting us to add the app with the following information:

  • the application to be installed, token to be created or secret to be added
    • in the case of secrets, don't share the value on the issue, share just details on how it will be used
  • for apps and personal tokens, the permissions that it requires
  • the repositories for which the app will be installed or the secrets will be added
mmarchini

comment created time in 2 days

issue openednodejs/build

FYI: rejected request to add Slack integration to this repo

Just FYI, we received a direct request to add a Slack integration to this repository. I rejected it as it didn't follow our GitHub App request policy. If it was someone from this repo please let me know.

created time in 2 days

pull request commentnodejs/node

2020-10-20, Version 15.0.0 (Current)

@BethGriggs hope we're still on time for this to be included without escalating to TSC? https://github.com/nodejs/node/commit/3b10f7f933dee3607649b6bd1ca24876704222ac

BethGriggs

comment created time in 3 days

pull request commentnodejs/node

build: use Actions to validate commit message

I'll go ahead and implement the above with "Action Required". With the commit queue I believe it's more relevant to show when the commit message is not following our guidelines (and therefore will prevent us from using the commit queue). This signal the contributor that their PR might take more time to land compared to a PR following the commit guidelines.

mmarchini

comment created time in 3 days

PR closed nodejs/node

process: Change default --unhandled-rejections=throw C++ commit-queue-failed needs-citgm process semver-major

This is a semver-major change that resolves DEP0018.

All users that have set an unhandledRejection hook or set a non-default value for the --unhandled-rejections flag will see no change in behavior after this change.

Fixes: #20392 Refs: https://nodejs.org/dist/latest/docs/api/deprecations.html#deprecations_dep0018_unhandled_promise_rejections

<!-- Thank you for your pull request. Please provide a description above and review the requirements below.

Bug fixes and new features should include tests and possibly benchmarks.

Contributors guide: https://github.com/nodejs/node/blob/master/CONTRIBUTING.md -->

Checklist

<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->

  • [x] make -j4 test (UNIX), or vcbuild test (Windows) passes
  • [x] tests and/or benchmarks are included
  • [x] documentation is changed or added
  • [x] commit message follows commit guidelines

<!-- Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. -->

+73 -97

113 comments

15 changed files

dfabulich

pr closed time in 3 days

pull request commentnodejs/node

process: Change default --unhandled-rejections=throw

Landed in 3b10f7f933de 🎉

dfabulich

comment created time in 3 days

push eventnodejs/node

Dan Fabulich

commit sha 3b10f7f933dee3607649b6bd1ca24876704222ac

process: change default --unhandled-rejections=throw This is a semver-major change that resolves DEP0018. All users that have set an unhandledRejection hook or set a non-default value for the --unhandled-rejections flag will see no change in behavior after this change. Refs: https://nodejs.org/dist/latest/docs/api/deprecations.html#deprecations_dep0018_unhandled_promise_rejections PR-URL: https://github.com/nodejs/node/pull/33021 Fixes: https://github.com/nodejs/node/issues/20392 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Mary Marchini <oss@mmarchini.me> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>

view details

push time in 3 days

issue closednodejs/node

Terminate process on unhandled promise rejection

<!-- Thank you for reporting an issue.

This issue tracker is for bugs and issues found within Node.js core. If you require more general support please file an issue on our help repo. https://github.com/nodejs/help

Please fill in as much of the template below as you're able.

Version: output of node -v Platform: output of uname -a (UNIX), or version and 32 or 64-bit (Windows) Subsystem: if known, please specify affected core module name

If possible, please provide code that demonstrates the problem, keeping it as simple and free of external dependencies as you are able. -->

  • Version: v11.0.0-nightly2018042865d97c96aa
  • Platform: all
  • Subsystem: Promise

<!-- Enter your issue details below this comment. -->

When a Promise is rejected and has no catch handler, the following warning is displayed on stderr:

$ node -p "Promise.reject()"
Promise { <rejected> undefined }
(node:15518) UnhandledPromiseRejectionWarning: undefined
(node:15518) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:15518) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
$ echo $?
0

This behavior is in place for quite some time now I believe, and maybe it would be time to actually make node exit on a non-zero code.

closed time in 3 days

aduh95

pull request commentnodejs/node

process: Change default --unhandled-rejections=throw

Only package on CITGM whose tests break with this change is serialport, but it seems to be expected. Some packages even use --unhandled-rejections=strict when testing (ember-cli for example). Will land now.

dfabulich

comment created time in 3 days

pull request commentnodejs/node

process: Change default --unhandled-rejections=throw

We're good, after the cutoff we can still land semver majors with tsc approval. I'll try to land it today though.

dfabulich

comment created time in 3 days

pull request commentnodejs/admin

feat: reduce gthub app/secret requirements

I understand that, but do you disagree that having two people doing the due diligence (one from each committee) is enough? We have a total of four people today. I'd rather have two doing proper due diligence than four "empty" +1s.

mmarchini

comment created time in 3 days

issue commentnodejs/admin

Add SLACK_WEBHOOK secret to nodejs/node-v8

Cc @nodejs/community-committee need one more +1

mmarchini

comment created time in 3 days

pull request commentnodejs/admin

feat: reduce gthub app/secret requirements

Cc @nodejs/tsc @nodejs/community-committee since it affects the required approvals from both committees.

mmarchini

comment created time in 3 days

issue commentnodejs/admin

Add SLACK_WEBHOOK secret to nodejs/node

@nodejs/community-committee need one more +1

mmarchini

comment created time in 3 days

pull request commentnodejs/node

Remove --build-v8-with-gn configure option

I think in this case it's reasonable for the collaborator landing to fix the commit before landing (of course you can't use commit queue in that case :/ )

hashseed

comment created time in 4 days

issue commentnodejs/TSC

Show all participants on zoom streaming in meetings

I suggest closing it after the next meeting and trying to test settings to see how much better we can get in the recording.

sxa

comment created time in 4 days

issue commentnodejs/node

Proposal: mark AsyncResource and AsyncLocalStorage as stable

cc @nodejs/tsc for awareness

Qard

comment created time in 4 days

pull request commentnodejs/node

doc: put release script specifics in details

fyi commit queue won't work because there's a commit that neither passes our checks nor is a fixup! commit.

MylesBorins

comment created time in 4 days

pull request commentnodejs/node

build: skip Actions tests for doc-only changes

Yeah, I think this will need a little more thinking. IMO it's acceptable for us to ignore this test on doc-only changes, the test is most likely to fail when there are changes to allowed NODE_OPTIONS, and if a commit does land with this test broken, we can follow up with a fixup. The benefits of avoiding running tests on doc-only changes outweigh the issues with not running this test.

mmarchini

comment created time in 4 days

pull request commentnodejs/node

build: skip Actions tests for doc-only changes

It feels like that test should be a linter...

mmarchini

comment created time in 4 days

pull request commentnodejs/node

build: skip Actions tests for doc-only changes

In the future I think we should have a gitignore-style file in this repo to detect doc-only changes, and then we can have tooling to update those paths in all Actions automatically.

mmarchini

comment created time in 4 days

PR opened nodejs/node

build: skip Actions tests for doc-only changes

No need to run tests for doc-only changes. This doesn't cover all doc-only changes yet, but covers enough to help reduce our Actions run noise.

<!-- Thank you for your pull request. Please provide a description above and review the requirements below.

Bug fixes and new features should include tests and possibly benchmarks.

Contributors guide: https://github.com/nodejs/node/blob/master/CONTRIBUTING.md -->

Checklist

<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->

  • [x] make -j4 test (UNIX), or vcbuild test (Windows) passes
  • [x] tests and/or benchmarks are included
  • [x] documentation is changed or added
  • [x] commit message follows commit guidelines

<!-- Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. -->

+21 -4

0 comment

4 changed files

pr created time in 4 days

create barnchmmarchini/node

branch : skip-test-docs

created branch time in 4 days

issue commentnodejs/node

Tracking Issue: commit queue issues and feedback

It checks all Jenkins links it knows how to parse

mmarchini

comment created time in 4 days

issue commentnodejs/node

Tracking Issue: commit queue issues and feedback

Found another issue: if a jenkins run was deleted but that's the newest one in the PR, it'll show as "pending" by ncu, which will cause the commit queue to skip (it should fail instead). Also, having a successful CI run should take precedence over having a non-CI already-deleted Jenkins run (like a CITGM or benchmark).

Screenshot might make it easier to understand the issue:

image

mmarchini

comment created time in 4 days

pull request commentnodejs/node

process: Change default --unhandled-rejections=throw

Started a CITGM before landing. Will probably need to land it manually because CITGM has been fully red for a while so commit-queue will likely refuse to land.

dfabulich

comment created time in 4 days

pull request commentnodejs/diagnostics

Add ioredis to problematic-modules.md

Keep it open, we can close it once the issues are created (will try to get it done this week)

cupofjoakim

comment created time in 4 days

issue closednodejs/node

Stale action doesn't seem to be working

https://github.com/nodejs/node/actions/runs/247170963

image

It seems like the Action is not faring well with the size of our repository. I'm not sure if it is closing some issues, or if it tries to detect all issues before closing, but fails to do so because it reaches some limit. Based on the number of lines in the output, we're probably iterating over all issues (even though we don't have to) and therefore we're hitting GitHub API rate limit (but that's just a guess). We probably need some changes on the upstream action to better handle days-before-stale: -1 scenarios.

@phillipj fyi

closed time in 4 days

mmarchini
PullRequestReviewEvent

push eventnodejs/diagnostics

mary marchini

commit sha 9024b1a2e12c72349a891b631cb23e41414cb3a3

chore: add meeting notes

view details

push time in 4 days

PR merged nodejs/diagnostics

chore: add meeting notes
+71 -0

0 comment

1 changed file

mmarchini

pr closed time in 4 days

PR closed mmarchini-oss/nodejs-ci-health-dashboard

build(deps): bump node-fetch from 2.1.2 to 2.6.1 dependencies

Bumps node-fetch from 2.1.2 to 2.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bitinn/node-fetch/releases">node-fetch's releases</a>.</em></p> <blockquote> <h2>v2.6.1</h2> <p><strong>This is an important security release. It is strongly recommended to update as soon as possible.</strong></p> <p>See <a href="https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md#v261">CHANGELOG</a> for details.</p> <h2>v2.6.0</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.6.0/CHANGELOG.md#v260">CHANGELOG</a>.</p> <h2>v2.5.0</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.5.0/CHANGELOG.md#v250">CHANGELOG</a>.</p> <h2>v2.4.1</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.4.1/CHANGELOG.md#v241">CHANGELOG</a>.</p> <h2>v2.4.0</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.4.0/CHANGELOG.md#v240">CHANGELOG</a>.</p> <h2>v2.3.0</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.3.0/CHANGELOG.md#v230">CHANGELOG</a>.</p> <h2>v2.2.1</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.2.1/CHANGELOG.md#v221">CHANGELOG</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md">node-fetch's changelog</a>.</em></p> <blockquote> <h2>v2.6.1</h2> <p><strong>This is an important security release. It is strongly recommended to update as soon as possible.</strong></p> <ul> <li>Fix: honor the <code>size</code> option after following a redirect.</li> </ul> <h2>v2.6.0</h2> <ul> <li>Enhance: <code>options.agent</code>, it now accepts a function that returns custom http(s).Agent instance based on current URL, see readme for more information.</li> <li>Fix: incorrect <code>Content-Length</code> was returned for stream body in 2.5.0 release; note that <code>node-fetch</code> doesn't calculate content length for stream body.</li> <li>Fix: <code>Response.url</code> should return empty string instead of <code>null</code> by default.</li> </ul> <h2>v2.5.0</h2> <ul> <li>Enhance: <code>Response</code> object now includes <code>redirected</code> property.</li> <li>Enhance: <code>fetch()</code> now accepts third-party <code>Blob</code> implementation as body.</li> <li>Other: disable <code>package-lock.json</code> generation as we never commit them.</li> <li>Other: dev dependency update.</li> <li>Other: readme update.</li> </ul> <h2>v2.4.1</h2> <ul> <li>Fix: <code>Blob</code> import rule for node < 10, as <code>Readable</code> isn't a named export.</li> </ul> <h2>v2.4.0</h2> <ul> <li>Enhance: added <code>Brotli</code> compression support (using node's zlib).</li> <li>Enhance: updated <code>Blob</code> implementation per spec.</li> <li>Fix: set content type automatically for <code>URLSearchParams</code>.</li> <li>Fix: <code>Headers</code> now reject empty header names.</li> <li>Fix: test cases, as node 12+ no longer accepts invalid header response.</li> </ul> <h2>v2.3.0</h2> <ul> <li>Enhance: added <code>AbortSignal</code> support, with README example.</li> <li>Enhance: handle invalid <code>Location</code> header during redirect by rejecting them explicitly with <code>FetchError</code>.</li> <li>Fix: update <code>browser.js</code> to support react-native environment, where <code>self</code> isn't available globally.</li> </ul> <h2>v2.2.1</h2> <ul> <li>Fix: <code>compress</code> flag shouldn't overwrite existing <code>Accept-Encoding</code> header.</li> <li>Fix: multiple <code>import</code> rules, where <code>PassThrough</code> etc. doesn't have a named export when using node <10 and <code>--experimental-modules</code> flag.</li> <li>Other: Better README.</li> </ul> <h2>v2.2.0</h2> <ul> <li>Enhance: Support all <code>ArrayBuffer</code> view types</li> <li>Enhance: Support Web Workers</li> <li>Enhance: Support Node.js' <code>--experimental-modules</code> mode; deprecate <code>.es.js</code> file</li> <li>Fix: Add <code>__esModule</code> property to the exports object</li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/node-fetch/node-fetch/commit/b5e2e41b2b50bf2997720d6125accaf0dd68c0ab"><code>b5e2e41</code></a> update version number</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334"><code>2358a6c</code></a> Honor the <code>size</code> option after following a redirect and revert data uri support</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/8c197f8982a238b3c345c64b17bfa92e16b4f7c4"><code>8c197f8</code></a> docs: Fix typos and grammatical errors in README.md (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/686">#686</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/1e99050f944ac435fce26a9549eadcc2419a968a"><code>1e99050</code></a> fix: Change error message thrown with redirect mode set to error (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/653">#653</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/244e6f63d42025465796e3ca4ce813bf2c31fc5b"><code>244e6f6</code></a> docs: Show backers in README</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/6a5d192034a0f438551dffb6d2d8df2c00921d16"><code>6a5d192</code></a> fix: Properly parse meta tag when parameters are reversed (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/682">#682</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/47a24a03eb49a49d81b768892aee10074ed54a91"><code>47a24a0</code></a> chore: Add opencollective badge</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/7b136627c537cb24430b0310638c9177a85acee1"><code>7b13662</code></a> chore: Add funding link</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/5535c2ed478d418969ecfd60c16453462de2a53f"><code>5535c2e</code></a> fix: Check for global.fetch before binding it (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/674">#674</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/1d5778ad0d910dbd1584fb407a186f5a0bc1ea22"><code>1d5778a</code></a> docs: Add Discord badge</li> <li>Additional commits viewable in <a href="https://github.com/bitinn/node-fetch/compare/v2.1.2...v2.6.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~akepinski">akepinski</a>, a new releaser for node-fetch since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+37 -18

0 comment

2 changed files

dependabot[bot]

pr closed time in 4 days

PR closed mmarchini-oss/nodejs-ci-health-dashboard

build(deps-dev): bump node-sass from 4.11.0 to 4.13.1 dependencies

Bumps node-sass from 4.11.0 to 4.13.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sass/node-sass/releases">node-sass's releases</a>.</em></p> <blockquote> <h2>v4.13.1</h2> <h3>Community</h3> <ul> <li>Fix render example syntax (<a href="https://github.com/ZoranPandovski">@ZoranPandovski</a> , <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2787">#2787</a>)</li> <li>Fix <code>sourceMap</code> option inconsistencies (<a href="https://github.com/saper">@saper</a> , <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2394">#2394</a>)</li> <li>Fix possible crash in customer importer (<a href="https://github.com/xzyfer">@xzyfer</a>, <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2816">#2816</a>)</li> </ul> <h2>Supported Environments</h2> <table> <thead> <tr> <th>OS</th> <th>Architecture</th> <th>Node</th> </tr> </thead> <tbody> <tr> <td>Windows</td> <td>x86 & x64</td> <td>0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13</td> </tr> <tr> <td>OSX</td> <td>x64</td> <td>0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13</td> </tr> <tr> <td>Linux*</td> <td>x86 & x64</td> <td>0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^</td> </tr> <tr> <td>Alpine Linux</td> <td>x64</td> <td>6, 8, 10, 11, 12, 13</td> </tr> <tr> <td>FreeBSD</td> <td>i386 amd64</td> <td>8, 10, 12, 13</td> </tr> </tbody> </table> <p>Linux support refers to Ubuntu, Debian, and CentOS 5+ ** Not available on CentOS 5 ^ Only available on x64</p> <h2>v4.13.0</h2> <h3>Features</h3> <ul> <li>Node 13 support (<a href="https://github.com/saper">@saper</a>, <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2766">#2766</a> <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2767">#2767</a>)</li> </ul> <h3>Community</h3> <ul> <li>Fix broken link to NodeJS docs in README.md (<a href="https://github.com/schwigri">@schwigri</a>, <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2753">#2753</a>)</li> <li>Assorted typo fixes (<a href="https://github.com/XhmikosR">@XhmikosR</a> , <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2726">#2726</a>)</li> <li>Remove PR template (<a href="https://github.com/nschonni">@nschonni</a>)</li> <li>Remove sudo settings from .travis.yml (<a href="https://github.com/abetomo">@abetomo</a>, <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2673">#2673</a>)</li> <li>Add note in PR template about node-gyp 4.0 (<a href="https://github.com/nschonni">@nschonni</a>)</li> <li>Change note about Node 12 support (<a href="https://github.com/nschonni">@nschonni</a>)</li> </ul> <h3>Dependencies</h3> <ul> <li>lodash@^4.17.15 (<a href="https://github.com/kessenich">@kessenich</a>, <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2574">#2574</a>)</li> </ul> <h2>Supported Environments</h2> <table> <thead> <tr> <th>OS</th> <th>Architecture</th> <th>Node</th> </tr> </thead> <tbody> <tr> <td>Windows</td> <td>x86 & x64</td> <td>0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13</td> </tr> <tr> <td>OSX</td> <td>x64</td> <td>0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13</td> </tr> <tr> <td>Linux</td> <td>x86 & x64</td> <td>0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^</td> </tr> <tr> <td>Alpine Linux</td> <td>x64</td> <td>6, 8, 10, 11, 12, 13</td> </tr> <tr> <td>FreeBSD</td> <td>i386 amd64</td> <td>6, 8, 10, 12, 13</td> </tr> </tbody> </table> <p>*Linux support refers to Ubuntu, Debian, and CentOS 5+</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sass/node-sass/blob/master/CHANGELOG.md">node-sass's changelog</a>.</em></p> <blockquote> <h2>v4.13.1</h2> <p><a href="https://github.com/sass/node-sass/releases/tag/v4.13.1">https://github.com/sass/node-sass/releases/tag/v4.13.1</a></p> <h2>v4.13.0</h2> <p><a href="https://github.com/sass/node-sass/releases/tag/v4.13.0">https://github.com/sass/node-sass/releases/tag/v4.13.0</a></p> <h2>v4.12.0</h2> <p><a href="https://github.com/sass/node-sass/releases/tag/v4.12.0">https://github.com/sass/node-sass/releases/tag/v4.12.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sass/node-sass/commit/01db05182b69dccbd43be777e6808045e71af0b5"><code>01db051</code></a> 4.13.1</li> <li><a href="https://github.com/sass/node-sass/commit/338fd7a14d3b8bd374a382336df16f9c6792b884"><code>338fd7a</code></a> Merge pull request from GHSA-f6rp-gv58-9cw3</li> <li><a href="https://github.com/sass/node-sass/commit/c6f2e5a1643dd00105b63a638756dc99fc33c3e4"><code>c6f2e5a</code></a> doc: README example fix (<a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2787">#2787</a>)</li> <li><a href="https://github.com/sass/node-sass/commit/fbc9ff5abc72d9bc22a3b0bc9fa902fc46c980f7"><code>fbc9ff5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2754">#2754</a> from saper/no-map-if-not-requested</li> <li><a href="https://github.com/sass/node-sass/commit/60fad5f2d92d9978af6a3d9bb29f4b0ff4a70070"><code>60fad5f</code></a> 4.13.0</li> <li><a href="https://github.com/sass/node-sass/commit/43db915c360cdd87ad433990289221879158ffdb"><code>43db915</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2768">#2768</a> from sass/release-4-13</li> <li><a href="https://github.com/sass/node-sass/commit/0c8d308fef78f25fccebe6a6f35f76489e76df04"><code>0c8d308</code></a> Update references for v4.13 release</li> <li><a href="https://github.com/sass/node-sass/commit/f1cc0d37f4b221215ea5f0be7f1c41506a3e4342"><code>f1cc0d3</code></a> Use GCC 6 for Node 12 binaries (<a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2767">#2767</a>)</li> <li><a href="https://github.com/sass/node-sass/commit/3838eae74ff1d4d2d37b80b20b30f8a0f42f3e3c"><code>3838eae</code></a> Use GCC 6 for Node 12 binaries</li> <li><a href="https://github.com/sass/node-sass/commit/e84c6a9f8d62b27174d650c38d18b327c97753ba"><code>e84c6a9</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sass/node-sass/issues/2766">#2766</a> from saper/node-modules-79</li> <li>Additional commits viewable in <a href="https://github.com/sass/node-sass/compare/v4.11.0...v4.13.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+163 -119

0 comment

2 changed files

dependabot[bot]

pr closed time in 4 days

PR closed mmarchini-oss/nodejs-ci-health-dashboard

build(deps): bump lodash from 4.17.10 to 4.17.19 dependencies

Bumps lodash from 4.17.10 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.10...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+36 -17

0 comment

1 changed file

dependabot[bot]

pr closed time in 4 days

PR closed mmarchini-oss/nodejs-ci-health-dashboard

build(deps): bump acorn from 5.6.0 to 5.7.4 dependencies

Bumps acorn from 5.6.0 to 5.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/acornjs/acorn/commit/6370e90067552022710190319cbbbd8c43001957"><code>6370e90</code></a> Mark version 5.7.4</li> <li><a href="https://github.com/acornjs/acorn/commit/fbc15b1344f6dfb992f67b4bbf1357436247c8a0"><code>fbc15b1</code></a> More rigorously check surrogate pairs in regexp validator</li> <li><a href="https://github.com/acornjs/acorn/commit/910e62bbda199ce7acc5de10d374afa0f6fcf7d6"><code>910e62b</code></a> Mark version 5.7.3</li> <li><a href="https://github.com/acornjs/acorn/commit/3442a80d2cdfa672ae2b6ccd6c2bd5c167914db4"><code>3442a80</code></a> Make generate-identifier-regex capable of rewriting src/identifier.js</li> <li><a href="https://github.com/acornjs/acorn/commit/22b22f36330d41a20225f26aab314d3e9d5452bd"><code>22b22f3</code></a> Raise specific errors for unterminated template literals</li> <li><a href="https://github.com/acornjs/acorn/commit/1461c7c5778933514126216fb3ec22d8dfc57feb"><code>1461c7c</code></a> Fix a lint error</li> <li><a href="https://github.com/acornjs/acorn/commit/0c12f63f171d8a6c8b354de54a7ff4a8d5fa486e"><code>0c12f63</code></a> Fix tokenizing of regexps after .of</li> <li><a href="https://github.com/acornjs/acorn/commit/832c3081da0df0a586cfc3ea96040f64252088b7"><code>832c308</code></a> Fix 404 url</li> <li><a href="https://github.com/acornjs/acorn/commit/95ca55c7863fafd8bf6d446a0098325388ff9f1c"><code>95ca55c</code></a> Mark version 5.7.2</li> <li><a href="https://github.com/acornjs/acorn/commit/bba80abc23ed67337a6502b8b0f22675c4b22303"><code>bba80ab</code></a> Remove another fixed test from the 262 whitelist</li> <li>Additional commits viewable in <a href="https://github.com/acornjs/acorn/compare/5.6.0...5.7.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+36 -17

0 comment

1 changed file

dependabot[bot]

pr closed time in 4 days

PR closed mmarchini-oss/nodejs-ci-health-dashboard

build(deps): bump mixin-deep from 1.3.1 to 1.3.2 dependencies

Bumps mixin-deep from 1.3.1 to 1.3.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/754f0c20e1bc13ea5a21a64fbc7d6ba5f7b359b9"><code>754f0c2</code></a> 1.3.2</li> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/90ee1fab375fccfd9b926df718243339b4976d50"><code>90ee1fa</code></a> ensure keys are valid when mixing in values</li> <li>See full diff in <a href="https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~doowb">doowb</a>, a new releaser for mixin-deep since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+36 -17

0 comment

1 changed file

dependabot[bot]

pr closed time in 4 days

PR closed mmarchini-oss/nodejs-ci-health-dashboard

build(deps): bump elliptic from 6.4.0 to 6.5.3 dependencies

Bumps elliptic from 6.4.0 to 6.5.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li><a href="https://github.com/indutny/elliptic/commit/60489415e545efdfd3010ae74b9726facbf08ca8"><code>6048941</code></a> 6.5.2</li> <li><a href="https://github.com/indutny/elliptic/commit/9984964457c9f8a63b91b01ea103260417eca237"><code>9984964</code></a> package: bump dependencies</li> <li><a href="https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a"><code>ec735ed</code></a> utils: leak less information in <code>getNAF()</code></li> <li><a href="https://github.com/indutny/elliptic/commit/71e4e8e2f5b8f0bdbfbe106c72cc9fbc746d3d60"><code>71e4e8e</code></a> 6.5.1</li> <li><a href="https://github.com/indutny/elliptic/commit/7ec66ffa255079260126d87b1762a59ea10de5ea"><code>7ec66ff</code></a> short: add infinity check before multiplying</li> <li><a href="https://github.com/indutny/elliptic/commit/ee7970b92f388e981d694be0436c4c8036b5d36c"><code>ee7970b</code></a> travis: really move on</li> <li><a href="https://github.com/indutny/elliptic/commit/637d0216b58de7edee4f3eb5641295ac323acadb"><code>637d021</code></a> travis: move on</li> <li><a href="https://github.com/indutny/elliptic/commit/5ed0babb6467cd8575a9218265473fda926d9d42"><code>5ed0bab</code></a> package: update deps</li> <li>Additional commits viewable in <a href="https://github.com/indutny/elliptic/compare/v6.4.0...v6.5.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+36 -17

0 comment

1 changed file

dependabot[bot]

pr closed time in 4 days

issue commentnodejs/admin

create a `issue-triage` team

I guess the only question I have is: do we have a clear process for folks to become triagers (like we have for collaborators)?

gireeshpunathil

comment created time in 4 days

issue commentnodejs/admin

create a `issue-triage` team

FWIW this is an issue that was raised before landing the commit queue, and the consensus back then was that it's not an issue: https://github.com/nodejs/TSC/issues/907#issuecomment-672373221

gireeshpunathil

comment created time in 4 days

pull request commentnodejs/docker-node

Reduce image size

I'm not blocking it as it is right no btw :)

This is a trade-off between base image download (happens once) vs installation of packages during final image build (happens every time the user builds). I'm still not convinced the savings are worth it, but I'll defer any decisions to the Docker team as they have more expertise on which use cases this image is used for (and therefore which optimizations are desirable).

Aschen

comment created time in 4 days

issue commentnodejs/admin

create a `issue-triage` team

Triagers will be able to start CI and land PRs using the commit queue.

gireeshpunathil

comment created time in 4 days

issue commentnodejs/node

Promise.reject() crashes repl when using --unhandled-rejections=strict

Didn't had time to look into it over the weekend, and I'm not sure if I'll have time to look into it during the week, so if anyone else wants to take a look go ahead.

dfabulich

comment created time in 4 days

pull request commentcanterberry/nodejs-keys

Rebuild GPG keychain and keys list from latest documented Release Keys

Let me add it to my todo list. Probably won't get to it before next week because I'm on tc39 this week.

canterberry

comment created time in 5 days

issue commentnodejs/node

Stale action doesn't seem to be working

Does it close 30 days after someone comments? If so I think we're fine, otherwise we might need to revisit.

mmarchini

comment created time in 5 days

pull request commentnodejs/node

util: add util.parseArgs()

Edited my comment just to clarify that my objection is resolved with the change above (just to avoid confusion). Also, I'm happy with other solutions for the passthrough problem, I only suggested that one because it's the simplest solution I could think of.

boneskull

comment created time in 6 days

PullRequestReviewEvent

pull request commentnodejs/diagnostics

Add ioredis to problematic-modules.md

As decided in the meeting we'll remove this file and create separate issues for each module that breaks async continuity, so we can work with module maintainers to fix it.

cupofjoakim

comment created time in 7 days

pull request commentnodejs/admin

feat: reduce gthub app/secret requirements

Can you elaborate on your concerns for the not-yet-approved apps/secrets? We currently have a very heavy requirement and sometimes it's hard to get all approvals (recent examples: https://github.com/nodejs/admin/issues/553 9 days and still needs one approval, https://github.com/nodejs/admin/issues/523 took almost a month, https://github.com/nodejs/admin/issues/535 also took almost a month).

mmarchini

comment created time in 7 days

issue commentnodejs/admin

Add SLACK_WEBHOOK secret to nodejs/node-v8

No, the secret is only visible while I'm setting, after that GitHub will mask it on logs (and when editing users can only enter new values, the old value won't show up).

mmarchini

comment created time in 7 days

PullRequestReviewEvent

Pull request review commentnodejs/node

util: add util.parseArgs()

 Otherwise, returns `false`. See [`assert.deepStrictEqual()`][] for more information about deep strict equality. +## `util.parseArgs([argv][, options])`+<!-- YAML+added: REPLACEME+-->++* `argv` {string[]} (Optional) Array of argument strings; defaults+  to [`process.argv.slice(2)`](process_argv). If an Object, the default is used,+  and this parameter is considered to be the `options` parameter.+* `options` {Object} (Optional) The `options` parameter is an+  object supporting the following properties:+  * `optionsWithValue` {string[]|string} (Optional) One or more argument+    strings which _expect a value_ when present in `argv` (see [Options][]+    for details)+  * `multiOptions` {string[]|string} (Optional) One or more argument+    strings which, when appearing multiple times in `argv`, will be concatenated+    into an Array+* Returns: {Object} An object having properties:+  * `options` {Object}, having properties and values corresponding to parsed+    [Options][] and [Flags][]+  * `positionals` {string[]}, containing [Positionals][]++The `util.parseArgs` function parses command-line arguments from an Array of+strings and returns an object representation.++Example using [`process.argv`][]:++```js+// script.js+// called via `node script.js --foo bar baz`+const argv = util.parseArgs();++if (argv.foo === true) {

argv.options.foo?

boneskull

comment created time in 7 days

PullRequestReviewEvent

Pull request review commentnodejs/node

util: add util.parseArgs()

 Otherwise, returns `false`. See [`assert.deepStrictEqual()`][] for more information about deep strict equality. +## `util.parseArgs([argv][, options])`+<!-- YAML+added: REPLACEME+-->++* `argv` {string[]|Object} (Optional) Array of argument strings; defaults

This seems resolved? Can we mark as resolved?

boneskull

comment created time in 7 days

PullRequestReviewEvent

pull request commentnodejs/node

util: add util.parseArgs()

Ok, so here are my comments related to correctness and safety (although I didn't use those specific words, and I apologize if I wasn't as clear as @tniessen on my concerns):

  • https://github.com/nodejs/node/pull/35015#issuecomment-686235873
  • https://github.com/nodejs/node/pull/35015#issuecomment-686615106
  • https://github.com/nodejs/node/pull/35015#issuecomment-686779676
  • https://github.com/nodejs/node/pull/35015#issuecomment-690783560

(note I didn't make it an explicit objection because I do believe we can have a follow up API with more strict/structured format, but I definitely see why others might think a loose API is not ideal in the first place)

boneskull

comment created time in 7 days

pull request commentnodejs/node

util: add util.parseArgs()

@boneskull I'll try to find my comments, but as I said they disappeared (at least in the code view), so it might take a while to find it.

boneskull

comment created time in 7 days

pull request commentnodejs/node

util: add util.parseArgs()

Also as a point of order: given @tniessen objection and the fact that to reach a correct and safe implementation we might end up with material changes to the API, I don't think it's worth discussing Gus objection right now (as the code they're objecting might not exist on a future solution). If that piece of code remains once @tniessen objection is either resolved or dismissed, the TSC must reach a decision on Gus' objection in a timely manner.

boneskull

comment created time in 7 days

pull request commentnodejs/node

util: add util.parseArgs()

fwiw I also raised concerns about correctness and safety, but I think those comments got lost when the PR was updated at some point.

boneskull

comment created time in 7 days

issue commentnodejs/admin

Create a nodejs npm organization?

This is the current membership of the nodejs org on npm:

image

ronag

comment created time in 7 days

issue commentnodejs/build

Onboarding build/infra members

@AshCripps will do

rvagg

comment created time in 7 days

more