[pull] main from nodejs:main #7
Open
+1,586,888
−1,563,115
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
We failed to fetch the diff for pull request #7
You can try again by commenting this pull request with @sourcery-ai review, or contact us for help.
PR-URL: #58116 Reviewed-By: Tim Perry <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]>
PR-URL: #58502 Refs: nodejs/build#4036 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
It seems that the deprecated `_transformState` property was removed at some point in the past but the deprecation metadata was not updated accordingly. PR-URL: #58530 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
Underlying issues still need to be investigated but this will prevent these failures from failing the daily builds. Timeouts: - parallel.test-http-proxy-fetch - parallel.test-https-proxy-fetch - benchmark.test-benchmark-websocket - parallel.test-inspector-network-fetch - es-module.test-wasm-web-api - parallel.test-fetch - parallel.test-without-async-context-frame - report.test-report-exclude-network Flaky test: - parallel.test-process-cpuUsage PR-URL: #58583 Refs: #58582 Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: #58471 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]>
PR-URL: #58073 Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Giovanni Bucci <[email protected]> Reviewed-By: Daniel Lemire <[email protected]>
PR-URL: #57624 Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]>
This reverts commit 52430b9. PR-URL: #58476 Fixes: #58468 Reviewed-By: Dario Piotrowicz <[email protected]>
PR-URL: #58476 Fixes: #58468 Reviewed-By: Dario Piotrowicz <[email protected]>
PR-URL: #58476 Fixes: #58468 Reviewed-By: Dario Piotrowicz <[email protected]>
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.11.0 to 2.12.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@4d991eb...0634a26) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> PR-URL: #58109 Reviewed-By: Antoine du Hamel <[email protected]>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.4.2 to 5.4.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@ad3126e...18283e0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.4.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> PR-URL: #58551 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.16 to 3.28.18. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@28deaed...ff0a06e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> PR-URL: #58552 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
PR-URL: #58565 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
PR-URL: #57269 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
PR-URL: #57682 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Ulises Gascón <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
This commit automatically includes in the allow-fs-read list all the app's entrypoints. `--require` and user entry point Signed-off-by: RafaelGSS <[email protected]> PR-URL: #58579 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Marco Ippolito <[email protected]>
move the logic in `cpSync` that copies a directory from
src to dest from JavaScript to C++ increasing its performance
Note: this improvement is not applied if the filter option is
provided, such optimization will be looked into separately
PR-URL: #58461
Reviewed-By: Yagiz Nizipli <[email protected]>
Upstream libuv commits: libuv/libuv@bb706f5 libuv/libuv@018363a libuv was updated to 1.51.0 in 0315283. v1.51.0 was the release updating from c90 to c11. The standard was back then also updated from c89 to c90. and C89 was never an official standard to begin with. So, I wonder how this managed to stay without breaking anyone's builds for this long. This atleast breaks the builds for Android using NDK r28b and r28a, as LLONG_MAX is not defined by the Clang compiler for older C standards. Fixes: ../../deps/uv/src/unix/linux.c:2331:36: error: use of undeclared identifier 'LLONG_MAX' 2331 | constraint->quota_per_period = LLONG_MAX; | ^ 1 error generated. PR-URL: #58587 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]>
PR-URL: #58591 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Ulises Gascón <[email protected]>
PR-URL: #58262 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Jordan Harband <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ulises Gascón <[email protected]> Reviewed-By: LiviaMedeiros <[email protected]> Reviewed-By: Edy Silva <[email protected]>
PR-URL: #58597 Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: James M Snell <[email protected]>
This change skips asserting the exit code of the child process with the corrupted async hooks stack only on those platforms where termination via a signal has been observed. Refs: #58478 (comment) Signed-off-by: Darshan Sen <[email protected]> PR-URL: #58601 Reviewed-By: Juan José Arboleda <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: #58604 Reviewed-By: Jacob Smith <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
PR-URL: #58614 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
* yield from loop instead of setting up custom iterator * cancel abort listener on exit * do not call <Array>.at(0) PR-URL: #58824 Reviewed-By: Chemi Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Moshe Atlow <[email protected]>
PR-URL: #58963 Fixes: #58894 Reviewed-By: Dario Piotrowicz <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: #59008 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
PR-URL: #59032 Fixes: #59029 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Matthew Aitken <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: #59037 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Marco Ippolito <[email protected]>
PR-URL: #59041 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
The default value is legal by means other than defaulting. PR-URL: #58958 Reviewed-By: Antoine du Hamel <[email protected]>
PR-URL: #59019 Refs: nodejs/api-docs-tooling#348 Reviewed-By: Chemi Atlow <[email protected]> Reviewed-By: Zeyu "Alex" Yang <[email protected]> Reviewed-By: Claudio Wunder <[email protected]>
This is a security release. Notable changes: deps: * (CVE-2025-27209) V8: revert rapidhash commits lib: * (CVE-2025-27210) handle all windows reserved driver name PR-URL: nodejs-private/node-private#725 Signed-off-by: RafaelGSS <[email protected]>
This is a security release. Notable changes: lib: * (CVE-2025-27210) handle all windows reserved driver name PR-URL: nodejs-private/node-private#726
This is a security release. Notable changes: lib: * (CVE-2025-27210) handle all windows reserved driver name PR-URL: nodejs-private/node-private#727
Signed-off-by: RafaelGSS <[email protected]> PR-URL: nodejs-private/node-private#721 Refs: https://hackerone.com/reports/3160912 CVE-ID: CVE-2025-27210
This reverts the following V8 commits:
Revert "[string] Fix rapidhash on big endian"
This reverts commit 3c6749f39dcaf071f7140d501eb6c507ba7d762e.
Revert "Fix build with older gcc and clang compilers"
This reverts commit 63cb5b3519339bb90a50f5d2150c527d1a6ab96f.
Revert "[string] Fix overflow case of TryParseArrayIndex"
This reverts commit f99c2e013acce0c54611c0a67bcb6212577693d4.
Revert "[string] Optimize and refactor index hashing"
This reverts commit dcbc9e7460732aa3cf836cc3d0d9b53406786a1e.
Revert "[string] Use rapidhash for string hashing"
This reverts commit d329f49df91ff1774b4190da11cbe63cb322eded.
PR-URL: nodejs-private/node-private#713
Refs: https://hackerone.com/reports/3131758
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
CVE-ID: CVE-2025-27209
PR-URL: #59056 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Ulises Gascón <[email protected]>
PR-URL: #59050 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: LiviaMedeiros <[email protected]>
PR-URL: #58992 Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: #59078 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: Ulises Gascón <[email protected]>
PR-URL: #59074 Refs: #57542 Reviewed-By: Chemi Atlow <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
We have removed the UBSan workflow and there's no ongoing initiative to bring it back. PR-URL: #59079 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
PR-URL: #59091 Refs: #59090 Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: Ryuhei Shima <[email protected]> Reviewed-By: Filip Skokan <[email protected]>
Rewrite to ESM to use TLA. Also add a test to make sure case precedence is honored. Refs: https://about.gitlab.com/blog/we-need-to-talk-no-proxy PR-URL: #58980 Refs: #57872 Refs: #8381 Refs: #15620 Reviewed-By: Matteo Collina <[email protected]>
This patch implements proxy support for HTTP and HTTPS clients and agents in the `http` and `https` built-ins`. When NODE_USE_ENV_PROXY is set to 1, the default global agent would parse the HTTP_PROXY/http_proxy, HTTPS_PROXY/https_proxy, NO_PROXY/no_proxy settings from the environment variables, and proxy the requests sent through the built-in http/https client accordingly. To support this, `http.Agent` and `https.Agent` now accept a few new options: - `proxyEnv`: when it's an object, the agent would read and parse the HTTP_PROXY/http_proxy, HTTPS_PROXY/https_proxy, NO_PROXY/no_proxy properties from it, and apply them based on the protocol it uses to send requests. This option allows custom agents to reuse built-in proxy support by composing options. Global agents set this to `process.env` when NODE_USE_ENV_PROXY is 1. - `defaultPort` and `protocol`: these allow setting of the default port and protocol of the agents. We also need these when configuring proxy settings and deciding whether a request should be proxied. Implementation-wise, this adds a `ProxyConfig` internal class to handle parsing and application of proxy configurations. The configuration is parsed during agent construction. When requests are made, the `createConnection()` methods on the agents would check whether the request should be proxied. If yes, they either connect to the proxy server (in the case of HTTP reqeusts) or establish a tunnel (in the case of HTTPS requests) through either a TCP socket (if the proxy uses HTTP) or a TLS socket (if the proxy uses HTTPS). When proxying HTTPS requests through a tunnel, the connection listener is invoked after the tunnel is established. Tunnel establishment uses the timeout of the request options, if there is one. Otherwise it uses the timeout of the agent. If an error is encountered during tunnel establishment, an ERR_PROXY_TUNNEL would be emitted on the returned socket. If the proxy server sends a errored status code, the error would contain an `statusCode` property. If the error is caused by timeout, the error would contain a `proxyTunnelTimeout` property. This implementation honors the built-in socket pool and socket limits. Pooled sockets are still keyed by request endpoints, they are just connected to the proxy server instead, and the persistence of the connection can be maintained as long as the proxy server respects connection/proxy-connection or persist by default (HTTP/1.1) PR-URL: #58980 Refs: #57872 Refs: #8381 Refs: #15620 Reviewed-By: Matteo Collina <[email protected]>
PR-URL: #58521 Reviewed-By: James M Snell <[email protected]> Reviewed-By: LiviaMedeiros <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
PR-URL: #59067 Fixes: #59057 Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
Section numbers can change over time. Use the section names as the link text for better readability. Also, use https://tc39.es/ecma262/ as the unified host of living version of ECMA-262. PR-URL: #59087 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Vladimir Morozov <[email protected]>
PR-URL: #58666 Fixes: #36502 Refs: https://w3c.github.io/web-locks Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Ethan Arrowood <[email protected]> Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
PR-URL: #58877 Reviewed-By: LiviaMedeiros <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Ulises Gascón <[email protected]> Reviewed-By: Ruy Adorno <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
This API allows dynamically configuring CA certificates that
will be used by the Node.js TLS clients by default.
Once called, the provided certificates will become the default CA
certificate list returned by `tls.getCACertificates('default')` and
used by TLS connections that don't specify their own CA certificates.
This function only affects the current Node.js thread.
PR-URL: #58822
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Tim Perry <[email protected]>
Reviewed-By: Ethan Arrowood <[email protected]>
PR-URL: #59020 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]>
PR-URL: #59044 Reviewed-By: Dario Piotrowicz <[email protected]> Reviewed-By: James M Snell <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )