util: prevent leaking inspect internals #24971
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BridgeAR
added
the
semver-major
nodejs-github-bot
added
encoding
devsnek
approved these changes
Dec 11, 2018
BridgeAR
added
the
author ready
jdalton
previously requested changes
Dec 14, 2018
|
@jdalton stylize might be an interesting candidate to make public. I just wonder if I would call this API user friendly or not. It can be powerful. I suggest that I keep stylize accessible so we are still able to figure out in what way this API should be exposed / not exposed. Is that fine? |
BridgeAR
removed
the
author ready
|
Sounds good! |
BridgeAR
force-pushed
the
prevent-inspet-leakage
branch
from
6733b74
to
0a621b4
Compare
|
@jdalton I rebased and kept stylize as we discussed. PTAL. @nodejs/tsc PTAL this is semver-major. |
jdalton
reviewed
Dec 14, 2018
BridgeAR
added
the
author ready
|
Thanks for the change. FWIW I also found that |
|
Windows CI failure has a PR to mark it as flaky that should land today. Other failure is newly observed on that platform. #25029 (comment) I'll keep monitoring it and re-run it. |
|
Resume Build: https://ci.nodejs.org/job/node-test-pull-request/19540/ ✔️ |
|
With one additional tweak there may be no remaining way to leak references to a Proxy’s target/handlers objects: In lib/internal/util/inspect.js at line 578: if (value[Symbol.iterator]) {
noIterator = false;
if (Array.isArray(value)) {
//...value here is possibly a target or handlers object. This appears to be the only place where these values may be still be passed into a function which could be overwritten. I think that can be avoided by grabbing a reference to isArray at module eval time: const { isArray } = Array;
// ...
if (isArray(value)) {(I know bnoordhuis said the objective isn’t to prevent malicious tampering, but this seems like a reasonably small adjustment with no apparent downside.) |
addaleax
requested changes
Dec 15, 2018
lib/internal/util/inspect.js
Outdated
| if (inspectDefaultOptions[key] === undefined && | ||
| key !== 'stylize' && | ||
| !(key in inspectDefaultOptions)) { | ||
| throw new ERR_INVALID_OPT_KEY(key); |
There was a problem hiding this comment.
This particular change seems unrelated, and as far as I can tell, it would mean that when we introduce a new option in the future, that would break on older versions of Node.js as opposed to being silently ignored? If my understanding is correct, I’m -1 on this.
There was a problem hiding this comment.
Without this, the seen array could be overridden (just as well as the indentationLvl and budget). That's not intended. I could also prevent this otherwise but this seemed the most straight forward way and I believe it will also uncover bugs in user implementation with typos.
Therefore I consider this something pretty important.
Using "newer" options in older Node.js versions that have this validation would indeed throw but I don't think this is bad at all. IMO if code is written for a specific Node.js version it should be upwards compatible but not downwards compatible.
Every userland module normally supports a version range from a specific point on (e.g., => 6.x). That's just the same here: it's a feature that can only be used for new enough Node.js versions (it would be => 12.x).
There was a problem hiding this comment.
Therefore I consider this something pretty important.
Then maybe we could do something like you did below, to filter out specific properties that we care about? Or would that be too slow?
IMO if code is written for a specific Node.js version it should be upwards compatible but not downwards compatible.
Yes, I think that’s the part that I disagree with – this PR would mean that we artificially reduce the range of supported versions…
@nodejs/tsc Any opinions? I don’t want this to be blocked just on me.
There was a problem hiding this comment.
Then maybe we could do something like you did below, to filter out specific properties that we care about? Or would that be too slow?
This would prevent the main aspect which I would like to get with it: finding bugs in user implementations by finding typos. Otherwise they would be silently ignored as well. The performance is not that critical here.
this PR would mean that we artificially reduce the range of supported version
I don't think that it's artificially reducing the supported version range. Either something fully works in a version or not. Silently ignoring something could result in unwanted behavior. And isn't this what semver-major is for?
I consider it a breaking change feature.
There was a problem hiding this comment.
After gathering the general feedback that it's probably to late to change this in general, I am uncertain how to address this properly...
I see the following options:
- Stop accepting only specific options. Either by silently ignoring specific properties or by throwing an error. This would be inconsistent and seems "random": any other property will be passed through to the user in the custom inspection function.
- Split the user options and internal options completely from each other. This requires a significantly bigger code change and an extra argument to be passed around in all functions calls that have something to do with
util.inspect. There would also be a performance penalty in case we do not pass through the original options argument from the user but a new options object which is a clone from the current one without the internal properties and even without this, there might be a performance penalty. - For this specific API we keep my implementation and forbid all unknown options but this is an exception which would only apply to
util.inspect().
@addaleax @joyeecheung does either of you have another idea or suggestion?
addaleax
reviewed
Dec 15, 2018
BridgeAR
force-pushed
the
prevent-inspet-leakage
branch
from
0a621b4
to
4ae7338
Compare
|
I addressed the comments and pushed the fixes in separate commits so it's easier to review the actual change. I rebased while doing that so the commits stay in order how they should be applied / squashed. |
BridgeAR
removed
the
author ready
|
Relevant CI failures: 04:00:44 not ok 1999 parallel/test-util-inspect
04:00:44 ---
04:00:44 duration_ms: 0.322
04:00:44 severity: fail
04:00:44 exitcode: 1
04:00:44 stack: |-
04:00:44 internal/util/inspect.js:191
04:00:44 throw new ERR_INVALID_OPT_KEY(key);
04:00:44 ^
04:00:44
04:00:44 TypeError [ERR_INVALID_OPT_KEY]: "budget" is an unknown options key
04:00:44 at inspect (internal/util/inspect.js:191:17)
04:00:44 at getConstructorName (internal/util/inspect.js:350:14)
04:00:44 at formatRaw (internal/util/inspect.js:560:23)
04:00:44 at formatValue (internal/util/inspect.js:554:10)
04:00:44 at Object.inspect (internal/util/inspect.js:199:10)
04:00:44 at Object.<anonymous> (/Users/iojs/build/workspace/node-test-commit-osx/nodes/osx1011/test/parallel/test-util-inspect.js:1764:27)
04:00:44 at Module._compile (internal/modules/cjs/loader.js:718:30)
04:00:44 at Object.Module._extensions..js (internal/modules/cjs/loader.js:729:10)
04:00:44 at Module.load (internal/modules/cjs/loader.js:617:32)
04:00:44 at tryModuleLoad (internal/modules/cjs/loader.js:560:12)
04:00:44 ... |
BridgeAR
force-pushed
the
prevent-inspet-leakage
branch
from
4ae7338
to
17f6092
Compare
|
Rebased. I fixed the CI issue (a commit on master changed behavior here, so I addressed that). @nodejs/tsc PTAL CI https://ci.nodejs.org/job/node-test-pull-request/19614/ ✔️ |
|
If we are specifically checking the validity of options passed into util.inspect, why this particular method alone? This is similar to the question I have in #24267 |
BridgeAR
force-pushed
the
prevent-inspet-leakage
branch
from
34b39f8
to
dd1a712
Compare
|
Rebased due to conflicts. |
|
CI is green. I don’t know if this has changed enough since @devsnek’s last review that it would require a re-review? |
BridgeAR
added
the
author ready
It seems all right to me and I'll give it an official 👍 if no one else on TSC steps up to do so (or offer an objection). I've been refraining because I feel like others would have a better understanding of the ramifications here. Seems OK to me, though. EDIT: Awaiting @devsnek confirming their LGTM... |
devsnek
approved these changes
Feb 20, 2019
Trott
approved these changes
Feb 20, 2019
BridgeAR
added a commit
to BridgeAR/node
that referenced
this pull request
Feb 28, 2019
This makes sure the internal `stylize` function is not used to render anything and instead just uses the regular inspect function in case of reaching the maximum depth level. PR-URL: nodejs#24971 Refs: nodejs#24765 Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Rich Trott <rtrott@gmail.com>
BridgeAR
added a commit
to BridgeAR/node
that referenced
this pull request
Feb 28, 2019
This prevents leaking of the internal `inspect()` properties when using a custom inspect function. It also aligns the indentation to the way it was in v8.0.0 since that changed unintentionally. All strings returned by the custom inspect function will now be indented appropriately to the current depth. PR-URL: nodejs#24971 Refs: nodejs#24765 Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Rich Trott <rtrott@gmail.com>
Merged
BethGriggs
added a commit
that referenced
this pull request
Apr 22, 2019
Notable changes:
* assert:
* improve performance to instantiate errors (Ruben Bridgewater)
[#26738](#26738)
* validate required arguments (Ruben Bridgewater)
[#26641](#26641)
* adjust loose assertions (Ruben Bridgewater)
[#25008](#25008)
* async_hooks:
* remove deprecated emitBefore and emitAfter (Matteo Collina)
[#26530](#26530)
* remove promise object from resource (Andreas Madsen)
[#23443](#23443)
* bootstrap
* make Buffer and process non-enumerable (Ruben Bridgewater)
[#24874](#24874)
* buffer:
* use stricter range checks (Ruben Bridgewater)
[#27045](#27045)
* harden SlowBuffer creation (ZYSzys)
[#26272](#26272)
* harden validation of buffer allocation size (ZYSzys)
[#26162](#26162)
* do proper error propagation in addon methods (Anna Henningsen)
[#23939](#23939)
* child_process:
* change the defaults maxBuffer size (kohta ito)
[#27179](#27179)
* harden fork arguments validation (ZYSzys)
[#27039](#27039)
* use non-infinite maxBuffer defaults (kohta ito)
[#23027](#23027)
* console:
* don't use ANSI escape codes when TERM=dumb (Vladislav Kaminsky)
[#26261](#26261)
* crypto:
* remove legacy native handles (Tobias Nießen)
[#27011](#27011)
* decode missing passphrase errors (Tobias Nießen)
[#25208](#25208)
* move DEP0113 to End-of-Life (Tobias Nießen)
[#26249](#26249)
* remove deprecated crypto.\_toBuf (Tobias Nießen)
[#25338](#25338)
* set `DEFAULT\_ENCODING` property to non-enumerable
(Antoine du Hamel)
[#23222](#23222)
* deps:
* silence irrelevant V8 warning (Michaël Zasso)
[#26685](#26685)
* update postmortem metadata generation script (cjihrig)
[#26685](#26685)
* V8: un-cherry-pick bd019bd (Refael Ackermann)
[#26685](#26685)
* V8: cherry-pick 6 commits (Michaël Zasso)
[#26685](#26685)
* V8: cherry-pick d82c9af (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick e5f01ba (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick d5f08e4 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 6b09d21 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick f0bb5d2 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 5b0510d (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 91f0cd0 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 392316d (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 2f79d68 (Anna Henningsen)
[#26685](#26685)
* sync V8 gypfiles with 7.4 (Ujjwal Sharma)
[#26685](#26685)
* update V8 to 7.4.288.13 (Ujjwal Sharma)
[#26685](#26685)
* bump minimum icu version to 63 (Ujjwal Sharma)
[#25852](#25852)
* silence irrelevant V8 warnings (Michaël Zasso)
[#25852](#25852)
* V8: cherry-pick 7803fa6 (Jon Kunkee)
[#25852](#25852)
* V8: cherry-pick 58cefed (Jon Kunkee)
[#25852](#25852)
* V8: cherry-pick d3308d0 (Michaël Zasso)
[#25852](#25852)
* V8: cherry-pick 74571c8 (Michaël Zasso)
[#25852](#25852)
* cherry-pick fc0ddf5 from upstream V8 (Anna Henningsen)
[#25852](#25852)
* sync V8 gypfiles with 7.3 (Ujjwal Sharma)
[#25852](#25852)
* sync V8 gypfiles with 7.2 (Michaël Zasso)
[#25852](#25852)
* update V8 to 7.3.492.25 (Michaël Zasso)
[#25852](#25852)
* add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu)
[#19794](#19794)
* sync V8 gypfiles with 7.1 (Refael Ackermann)
[#23423](#23423)
* update V8 to 7.1.302.28 (Michaël Zasso)
[#23423](#23423)
* doc:
* update behaviour of fs.writeFile
(Sakthipriyan Vairamani (thefourtheye))
[#25080](#25080)
* add internal functionality details of util.inherits
(Ruben Bridgewater)
[#24755](#24755)
* errors:
* update error name (Ruben Bridgewater)
[#26738](#26738)
* fs:
* use proper .destroy() implementation for SyncWriteStream
(Matteo Collina)
[#26690](#26690)
* improve mode validation (Ruben Bridgewater)
[#26575](#26575)
* harden validation of start option in createWriteStream (ZYSzys)
[#25579](#25579)
* make writeFile consistent with readFile wrt fd
(Sakthipriyan Vairamani (thefourtheye))
[#23709](#23709)
* http:
* validate timeout in ClientRequest() (cjihrig)
[#26214](#26214)
* return HTTP 431 on HPE\_HEADER\_OVERFLOW error (Albert Still)
[#25605](#25605)
* switch default parser to llhttp (Anna Henningsen)
[#24870](#24870)
* change DEP0066 to a runtime deprecation (Morgan Roderick)
[#24167](#24167)
* else case is not reachable (szabolcsit)
[#24176](#24176)
* lib:
* move DEP0021 to end of life (cjihrig)
[#27127](#27127)
* remove Atomics.wake (Gus Caplan)
[#27033](#27033)
* validate Error.captureStackTrace() calls (Ruben Bridgewater)
[#26738](#26738)
* refactor Error.captureStackTrace() usage (Ruben Bridgewater)
[#26738](#26738)
* move DTRACE\_\* probes out of global scope (James M Snell)
[#26541](#26541)
* deprecate \_stream\_wrap (Sam Roberts) [#26245]
(#26245)
* don't use `util.inspect()` internals (Ruben Bridgewater)
[#24971](#24971)
* improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* move DEP0029 to end of life (cjihrig)
[#25377](#25377)
* move DEP0028 to end of life (cjihrig)
[#25377](#25377)
* move DEP0027 to end of life (cjihrig)
[#25377](#25377)
* move DEP0026 to end of life (cjihrig)
[#25377](#25377)
* move DEP0023 to end of life (cjihrig)
[#25280](#25280)
* move DEP0006 to end of life (cjihrig)
[#25279](#25279)
* remove unintended access to deps/ (Anna Henningsen)
[#25138](#25138)
* move DEP0120 to end of life (cjihrig)
[#24862](#24862)
* use ES6 class inheritance style (Ruben Bridgewater)
[#24755](#24755)
* remove `inherits()` usage (Ruben Bridgewater)
[#24755](#24755)
* module:
* remove dead code (Ruben Bridgewater)
[#26983](#26983)
* mark DEP0019 as End-of-Life (Ruben Bridgewater)
[#26973](#26973)
* throw an error for invalid package.json main entries
(Ruben Bridgewater)
[#26823](#26823)
* don't search in require.resolve.paths (cjihrig)
[#23683](#23683)
* n-api:
* remove code from error name (Ruben Bridgewater)
[#26738](#26738)
* net:
* do not manipulate potential user code (Ruben Bridgewater)
[#26751](#26751)
* emit "write after end" errors in the next tick (Ouyang Yadong)
[#24457](#24457)
* deprecate \_setSimultaneousAccepts() undocumented function
(James M Snell)
[#23760](#23760)
* net,http2:
* merge setTimeout code (ZYSzys)
[#25084](#25084)
* os:
* implement os.type() using uv\_os\_uname() (cjihrig)
[#25659](#25659)
* process:
* global.process, global.Buffer getters (Guy Bedford)
[#26882](#26882)
* move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
[#25828](#25828)
* exit on --debug and --debug-brk after option parsing (Joyee Cheung)
[#25828](#25828)
* improve `--redirect-warnings` handling (Ruben Bridgewater)
[#24965](#24965)
* readline:
* support TERM=dumb (Vladislav Kaminsky)
[#26261](#26261)
* repl:
* add welcome message (gengjiawen)
[#25947](#25947)
* fix terminal default setting (Ruben Bridgewater)
[#26518](#26518)
* check colors with .getColorDepth() (Vladislav Kaminsky)
[#26261](#26261)
* deprecate REPLServer.rli (Ruben Bridgewater)
[#26260](#26260)
* src:
* remove unused INT\_MAX constant (Sam Roberts)
[#27078](#27078)
* update NODE\_MODULE\_VERSION to 72 (Ujjwal Sharma)
[#26685](#26685)
* remove `AddPromiseHook()` (Anna Henningsen)
[#26574](#26574)
* update NODE\_MODULE\_VERSION to 71 (Michaël Zasso)
[#25852](#25852)
* clean up MultiIsolatePlatform interface (Anna Henningsen)
[#26384](#26384)
* properly configure default heap limits (Ali Ijaz Sheikh)
[#25576](#25576)
* remove icuDataDir from node config (GauthamBanasandra)
[#24780](#24780)
* explicitly allow JS in ReadHostObject (Yang Guo)
[#23423](#23423)
* update postmortem constant (cjihrig)
[#23423](#23423)
* update NODE\_MODULE\_VERSION to 68 (Michaël Zasso)
[#23423](#23423)
* tls:
* support TLSv1.3 (Sam Roberts)
[#26209](#26209)
* return correct version from getCipher() (Sam Roberts)
[#26625](#26625)
* check arg types of renegotiate() (Sam Roberts)
[#25876](#25876)
* add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts)
[#24729](#24729)
* emit a warning when servername is an IP address (Rodger Combs)
[#23329](#23329)
* disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
[#23814](#23814)
* remove unused arg to createSecureContext() (Sam Roberts)
[#24241](#24241)
* deprecate Server.prototype.setOptions() (cjihrig)[
#23820](#23820)
* load NODE\_EXTRA\_CA\_CERTS at startup (Ouyang Yadong)
[#23354](#23354)
* util:
* change inspect compact and breakLength default (Ruben Bridgewater)
[#27109](#27109)
* improve inspect edge cases (Ruben Bridgewater)
[#27109](#27109)
* only the first line of the error message (Simon Zünd)
[#26685](#26685)
* don't set the prototype of callbackified functions
(Ruben Bridgewater)
[#26893](#26893)
* rename callbackified function (Ruben Bridgewater)
[#26893](#26893)
* increase function length when using `callbackify()`
(Ruben Bridgewater)
[#26893](#26893)
* prevent tampering with internals in `inspect()` (Ruben Bridgewater)
[#26577](#26577)
* fix proxy inspection (Ruben Bridgewater)
[#26241](#26241)
* prevent leaking internal properties (Ruben Bridgewater)
[#24971](#24971)
* protect against monkeypatched Object prototype for inspect()
(Rich Trott)
[#25953](#25953)
* treat format arguments equally (Roman Reiss)
[#23162](#23162)
* win, fs:
* detect if symlink target is a directory (Bartosz Sosnowski)
[#23724](#23724)
* zlib:
* throw TypeError if callback is missing (Anna Henningsen)[
#24929](#24929)
* make “bare” constants un-enumerable (Anna Henningsen)
[#24824](#24824)
PR-URL: #26930
BethGriggs
added a commit
that referenced
this pull request
Apr 23, 2019
Notable changes:
* assert:
* validate required arguments (Ruben Bridgewater)
[#26641](#26641)
* adjust loose assertions (Ruben Bridgewater)
[#25008](#25008)
* async_hooks:
* remove deprecated `emitBefore` and `emitAfter` (Matteo Collina)
[#26530](#26530)
* remove promise object from resource (Andreas Madsen)
[#23443](#23443)
* bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater)
[#24874](#24874)
* buffer:
* use stricter range checks (Ruben Bridgewater)
[#27045](#27045)
* harden `SlowBuffer` creation (ZYSzys)
[#26272](#26272)
* harden validation of buffer allocation size (ZYSzys)
[#26162](#26162)
* do proper error propagation in addon methods (Anna Henningsen)
[#23939](#23939)
* child_process:
* remove `options.customFds` (cjihrig)
[#25279](#25279)
* harden fork arguments validation (ZYSzys)
[#27039](#27039)
* use non-infinite `maxBuffer` defaults (kohta ito)
[#23027](#23027)
* console:
* don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky)
[#26261](#26261)
* crypto:
* remove legacy native handles (Tobias Nießen)
[#27011](#27011)
* decode missing passphrase errors (Tobias Nießen)
[#25208](#25208)
* remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()`
(Tobias Nießen)
[#26249](#26249)
* remove deprecated `crypto._toBuf()` (Tobias Nießen)
[#25338](#25338)
* set `DEFAULT\_ENCODING` property to non-enumerable
(Antoine du Hamel)
[#23222](#23222)
* deps:
* update V8 to 7.4.288.13
(Michaël Zasso, cjihrig, Refael Ackermann)
(Anna Henningsen, Ujjwal Sharma)
[#26685](#26685)
* bump minimum icu version to 63 (Ujjwal Sharma)
[#25852](#25852)
* update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu)
[#26327](#26327)
* errors:
* update error name (Ruben Bridgewater)
[#26738](#26738)
* fs:
* use proper .destroy() implementation for SyncWriteStream
(Matteo Collina)
[#26690](#26690)
* improve mode validation (Ruben Bridgewater)
[#26575](#26575)
* harden validation of start option in `createWriteStream()`
(ZYSzys)
[#25579](#25579)
* make writeFile consistent with readFile wrt fd
(Sakthipriyan Vairamani (thefourtheye))
[#23709](#23709)
* http:
* validate timeout in `ClientRequest()` (cjihrig)
[#26214](#26214)
* return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still)
[#25605](#25605)
* switch default parser to llhttp (Anna Henningsen)
[#24870](#24870)
* Runtime-deprecate `outgoingMessage._headers` and
`outgoingMessage._headerNames` (Morgan Roderick)
[#24167](#24167)
* lib:
* remove `Atomics.wake()` (Gus Caplan)
[#27033](#27033)
* move DTRACE\_\* probes out of global scope (James M Snell)
[#26541](#26541)
* deprecate `_stream_wrap` (Sam Roberts)
[#26245](#26245)
* use ES6 class inheritance style (Ruben Bridgewater)
[#24755](#24755)
* module:
* remove unintended access to deps/ (Anna Henningsen)
[#25138](#25138)
* improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* remove dead code (Ruben Bridgewater)
[#26983](#26983)
* make `require('.')` never resolve outside the current directory
(Ruben Bridgewater)
[#26973](#26973)
* throw an error for invalid package.json main entries
(Ruben Bridgewater)
[#26823](#26823)
* don't search in `require.resolve.paths` (cjihrig)
[#23683](#23683)
* net:
* remove `Server.listenFD()` (cjihrig)
[#27127](#27127)
* do not add `.host` and `.port` properties to DNS error
(Ruben Bridgewater)
[#26751](#26751)
* emit "write after end" errors in the next tick (Ouyang Yadong)
[#24457](#24457)
* deprecate `_setSimultaneousAccepts()` undocumented function
(James M Snell)
[#23760](#23760)
* os:
* implement `os.type()` using `uv_os_uname()` (cjihrig)
[#25659](#25659)
* remove `os.getNetworkInterfaces()` (cjihrig)
[#25280](#25280)
* process:
* make global.process, global.Buffer getters (Guy Bedford)
[#26882](#26882)
* move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
[#25828](#25828)
* exit on --debug and --debug-brk after option parsing
(Joyee Cheung)
[#25828](#25828)
* improve `--redirect-warnings` handling (Ruben Bridgewater)
[#24965](#24965)
* readline:
* support TERM=dumb (Vladislav Kaminsky)
[#26261](#26261)
* repl:
* add welcome message (gengjiawen)
[#25947](#25947)
* fix terminal default setting (Ruben Bridgewater)
[#26518](#26518)
* check colors with `.getColorDepth()` (Vladislav Kaminsky)
[#26261](#26261)
* deprecate REPLServer.rli (Ruben Bridgewater)
[#26260](#26260)
* src:
* remove unused `INT_MAX` constant (Sam Roberts)
[#27078](#27078)
* update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma)
[#26685](#26685)
* remove `AddPromiseHook()` (Anna Henningsen)
[#26574](#26574)
* clean up `MultiIsolatePlatform` interface (Anna Henningsen)
[#26384](#26384)
* properly configure default heap limits (Ali Ijaz Sheikh)
[#25576](#25576)
* remove `icuDataDir` from node config (GauthamBanasandra)
[#24780](#24780)
* tls:
* support TLSv1.3 (Sam Roberts)
[#26209](#26209)
* return correct version from `getCipher()` (Sam Roberts)
[#26625](#26625)
* check arg types of renegotiate() (Sam Roberts)
[#25876](#25876)
* add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts)
[#24729](#24729)
* emit a warning when servername is an IP address (Rodger Combs)
[#23329](#23329)
* disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
[#23814](#23814)
* remove unused arg to createSecureContext() (Sam Roberts)
[#24241](#24241)
* deprecate `Server.prototype.setOptions()` (cjihrig)
[#23820](#23820)
* load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong)
[#23354](#23354)
* util:
* remove `util.print()`, `util.puts()`, `util.debug()`
and `util.error()` (cjihrig)
[#25377](#25377)
* change inspect compact and breakLength default
(Ruben Bridgewater)
[#27109](#27109)
* improve inspect edge cases (Ruben Bridgewater)
[#27109](#27109)
* only the first line of the error message (Simon Zünd)
[#26685](#26685)
* don't set the prototype of callbackified functions
(Ruben Bridgewater)
[#26893](#26893)
* rename callbackified function (Ruben Bridgewater)
[#26893](#26893)
* increase function length when using `callbackify()`
(Ruben Bridgewater)
[#26893](#26893)
* prevent tampering with internals in `inspect()`
(Ruben Bridgewater)
[#26577](#26577)
* prevent Proxy traps being triggered by `.inspect()`
(Ruben Bridgewater)
[#26241](#26241)
* prevent leaking internal properties (Ruben Bridgewater)
[#24971](#24971)
* protect against monkeypatched Object prototype for inspect()
(Rich Trott)
[#25953](#25953)
* treat format arguments equally (Roman Reiss)
[#23162](#23162)
* win, fs:
* detect if symlink target is a directory (Bartosz Sosnowski)
[#23724](#23724)
* zlib:
* throw TypeError if callback is missing (Anna Henningsen)
[#24929](#24929)
* make “bare” constants un-enumerable (Anna Henningsen)
[#24824](#24824)
PR-URL: #26930
BethGriggs
added a commit
that referenced
this pull request
Apr 23, 2019
Notable changes:
* assert:
* validate required arguments (Ruben Bridgewater)
[#26641](#26641)
* adjust loose assertions (Ruben Bridgewater)
[#25008](#25008)
* async_hooks:
* remove deprecated `emitBefore` and `emitAfter` (Matteo Collina)
[#26530](#26530)
* remove promise object from resource (Andreas Madsen)
[#23443](#23443)
* bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater)
[#24874](#24874)
* buffer:
* use stricter range checks (Ruben Bridgewater)
[#27045](#27045)
* harden `SlowBuffer` creation (ZYSzys)
[#26272](#26272)
* harden validation of buffer allocation size (ZYSzys)
[#26162](#26162)
* do proper error propagation in addon methods (Anna Henningsen)
[#23939](#23939)
* child_process:
* remove `options.customFds` (cjihrig)
[#25279](#25279)
* harden fork arguments validation (ZYSzys)
[#27039](#27039)
* use non-infinite `maxBuffer` defaults (kohta ito)
[#23027](#23027)
* console:
* don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky)
[#26261](#26261)
* crypto:
* remove legacy native handles (Tobias Nießen)
[#27011](#27011)
* decode missing passphrase errors (Tobias Nießen)
[#25208](#25208)
* remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()`
(Tobias Nießen)
[#26249](#26249)
* remove deprecated `crypto._toBuf()` (Tobias Nießen)
[#25338](#25338)
* set `DEFAULT\_ENCODING` property to non-enumerable
(Antoine du Hamel)
[#23222](#23222)
* deps:
* update V8 to 7.4.288.13
(Michaël Zasso, cjihrig, Refael Ackermann)
(Anna Henningsen, Ujjwal Sharma)
[#26685](#26685)
* bump minimum icu version to 63 (Ujjwal Sharma)
[#25852](#25852)
* update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu)
[#26327](#26327)
* errors:
* update error name (Ruben Bridgewater)
[#26738](#26738)
* fs:
* use proper .destroy() implementation for SyncWriteStream
(Matteo Collina)
[#26690](#26690)
* improve mode validation (Ruben Bridgewater)
[#26575](#26575)
* harden validation of start option in `createWriteStream()`
(ZYSzys)
[#25579](#25579)
* make writeFile consistent with readFile wrt fd
(Sakthipriyan Vairamani (thefourtheye))
[#23709](#23709)
* http:
* validate timeout in `ClientRequest()` (cjihrig)
[#26214](#26214)
* return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still)
[#25605](#25605)
* switch default parser to llhttp (Anna Henningsen)
[#24870](#24870)
* Runtime-deprecate `outgoingMessage._headers` and
`outgoingMessage._headerNames` (Morgan Roderick)
[#24167](#24167)
* lib:
* remove `Atomics.wake()` (Gus Caplan)
[#27033](#27033)
* move DTRACE\_\* probes out of global scope (James M Snell)
[#26541](#26541)
* deprecate `_stream_wrap` (Sam Roberts)
[#26245](#26245)
* use ES6 class inheritance style (Ruben Bridgewater)
[#24755](#24755)
* module:
* remove unintended access to deps/ (Anna Henningsen)
[#25138](#25138)
* improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* remove dead code (Ruben Bridgewater)
[#26983](#26983)
* make `require('.')` never resolve outside the current directory
(Ruben Bridgewater)
[#26973](#26973)
* throw an error for invalid package.json main entries
(Ruben Bridgewater)
[#26823](#26823)
* don't search in `require.resolve.paths` (cjihrig)
[#23683](#23683)
* net:
* remove `Server.listenFD()` (cjihrig)
[#27127](#27127)
* do not add `.host` and `.port` properties to DNS error
(Ruben Bridgewater)
[#26751](#26751)
* emit "write after end" errors in the next tick (Ouyang Yadong)
[#24457](#24457)
* deprecate `_setSimultaneousAccepts()` undocumented function
(James M Snell)
[#23760](#23760)
* os:
* implement `os.type()` using `uv_os_uname()` (cjihrig)
[#25659](#25659)
* remove `os.getNetworkInterfaces()` (cjihrig)
[#25280](#25280)
* process:
* make global.process, global.Buffer getters (Guy Bedford)
[#26882](#26882)
* move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
[#25828](#25828)
* exit on --debug and --debug-brk after option parsing
(Joyee Cheung)
[#25828](#25828)
* improve `--redirect-warnings` handling (Ruben Bridgewater)
[#24965](#24965)
* readline:
* support TERM=dumb (Vladislav Kaminsky)
[#26261](#26261)
* repl:
* add welcome message (gengjiawen)
[#25947](#25947)
* fix terminal default setting (Ruben Bridgewater)
[#26518](#26518)
* check colors with `.getColorDepth()` (Vladislav Kaminsky)
[#26261](#26261)
* deprecate REPLServer.rli (Ruben Bridgewater)
[#26260](#26260)
* src:
* remove unused `INT_MAX` constant (Sam Roberts)
[#27078](#27078)
* update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma)
[#26685](#26685)
* remove `AddPromiseHook()` (Anna Henningsen)
[#26574](#26574)
* clean up `MultiIsolatePlatform` interface (Anna Henningsen)
[#26384](#26384)
* properly configure default heap limits (Ali Ijaz Sheikh)
[#25576](#25576)
* remove `icuDataDir` from node config (GauthamBanasandra)
[#24780](#24780)
* tls:
* support TLSv1.3 (Sam Roberts)
[#26209](#26209)
* return correct version from `getCipher()` (Sam Roberts)
[#26625](#26625)
* check arg types of renegotiate() (Sam Roberts)
[#25876](#25876)
* add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts)
[#24729](#24729)
* emit a warning when servername is an IP address (Rodger Combs)
[#23329](#23329)
* disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
[#23814](#23814)
* remove unused arg to createSecureContext() (Sam Roberts)
[#24241](#24241)
* deprecate `Server.prototype.setOptions()` (cjihrig)
[#23820](#23820)
* load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong)
[#23354](#23354)
* util:
* remove `util.print()`, `util.puts()`, `util.debug()`
and `util.error()` (cjihrig)
[#25377](#25377)
* change inspect compact and breakLength default
(Ruben Bridgewater)
[#27109](#27109)
* improve inspect edge cases (Ruben Bridgewater)
[#27109](#27109)
* only the first line of the error message (Simon Zünd)
[#26685](#26685)
* don't set the prototype of callbackified functions
(Ruben Bridgewater)
[#26893](#26893)
* rename callbackified function (Ruben Bridgewater)
[#26893](#26893)
* increase function length when using `callbackify()`
(Ruben Bridgewater)
[#26893](#26893)
* prevent tampering with internals in `inspect()`
(Ruben Bridgewater)
[#26577](#26577)
* prevent Proxy traps being triggered by `.inspect()`
(Ruben Bridgewater)
[#26241](#26241)
* prevent leaking internal properties (Ruben Bridgewater)
[#24971](#24971)
* protect against monkeypatched Object prototype for inspect()
(Rich Trott)
[#25953](#25953)
* treat format arguments equally (Roman Reiss)
[#23162](#23162)
* win, fs:
* detect if symlink target is a directory (Bartosz Sosnowski)
[#23724](#23724)
* zlib:
* throw TypeError if callback is missing (Anna Henningsen)
[#24929](#24929)
* make “bare” constants un-enumerable (Anna Henningsen)
[#24824](#24824)
PR-URL: #26930
This was referenced Apr 23, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please have a look at the commit messages.
Refs: #24765
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes