Update Node.js to v10.9.0

[renovate]

This Pull Request updates dependency node (source) from v10.6.0 to v10.9.0

Release Notes

2018-08-15, Version 10.9.0 (Current), @​rvagg

Compare Source

This is a security release. All Node.js users should consult the security release summary at:

https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

• CVE-2018-0732 (OpenSSL)
• CVE-2018-7166 (Node.js)
• CVE-2018-12115 (Node.js)

Notable Changes

• buffer:
  • Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115)
  • Fix unintentional exposure of uninitialized memory in Buffer.alloc() (CVE-2018-7166)
• deps:
  • Upgrade to OpenSSL 1.1.0i, fixing:
    • Client DoS due to large DH parameter (CVE-2018-0732)
    • ECDSA key extraction via local side-channel (CVE not assigned)
  • Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) #​21079
    • Memory reduction and performance improvements, details at: https://v8project.blogspot.com/2018/06/v8-release-68.html
• http: http.get() and http.request() (and https variants) can now accept three arguments to allow for a URL and an options object (Sam Ruby) #​21616
• Added new collaborators
  • Sam Ruby (https://github.com/rubys)
  • George Adams (https://github.com/gdams)

Commits

• [58a9ae118e] - assert: fix loose assert with map and set (Ruben Bridgewater) #​22145
• [1c577016b8] - benchmark: improve assert benchmarks (Ruben Bridgewater) #​22211
• [734323d9eb] - buffer: stop alloc() uninitialized memory return (cjihrig) nodejs-private/node-private#​137
• [2c4c17b708] - buffer: avoid overrun on UCS-2 string write (Rod Vagg) nodejs-private/node-private#​138
• [6622ac798d] - buffer: use FastBuffer when fill is set to 0 (Сковорода Никита Андреевич) #​21989
• [f506a5f46e] - build: make --shared-[…]-path work on Windows (Jeremy Apthorp) #​21530
• [1be6fb93c8] - build: add CONFIG_FLAGS to with-code-cache target (Daniel Bevenius) [#​22207](https
  ://github.com/build: add CONFIG_FLAGS to with-code-cache target nodejs/node#22207)
• [4520bb8a73] - build: make tools/doc/node_modules non-phony (Daniel Bevenius) #​22189
• [c42ff4ebd8] - build: add crypto check to build targets (Daniel Bevenius) #​22148
• [cdb8c1b44d] - build: extract common parts from addon .buildstamp (Daniel Bevenius) #​22171
• [1e7a8c3016] - build: reset embedder string to "-node.0" (Michaël Zasso) #​21079
• [86ab2c041e] - crypto: remove unused SSLWrap handle methods (Jon Moss) #​22216
• [9212875406] - crypto: simplify state failure handling (Tobias Nießen) #​22131
• [916a1d59f0] - crypto: simplify Hmac::HmacUpdate (Tobias Nießen) #​22132
• [2dc7f17e8b] - (SEMVER-MINOR) crypto: add better scrypt option aliases (Anna Henningsen) #​21525
• [fcf422e921] - deps: backport c608122 from upstream (Ruben Bridgewater) #​22210
• [a07ccaeb19] - deps: update archs files for OpenSSL-1.1.0i (Shigeki Ohtsu) #​22318
• [473996c90f] - deps: add s390 asm rules for OpenSSL-1.1.0 (Shigeki Ohtsu) #​19794
• [05e48fd018] - deps: upgrade openssl sources to 1.1.0i (Shigeki Ohtsu) #​22318
• [f8bc5d6320] - deps: cherry-pick 09bca09 from upstream V8 (Matheus Marchini) #​22068
• [c69fdc9d5f] - (SEMVER-MINOR) deps: remove thread_local to fix V8 compilation (Peter Marshall) #​21668
• [981fff714e] - deps: refactor v8.gyp (Michaël Zasso) #​22017
• [5fa3ffad20] - (SEMVER-MINOR) deps: patch the V8 API to be backwards compatible with 6.7 (Peter Marshall) #​21668
• [6eed40acbb] - deps: cherry-pick 804a693 from upstream V8 (Matheus Marchini) #​21855
• [7eccaf86d6] - deps: V8: Backport of 0dd3390 from upstream (James M Snell) #​21899
• [328c89925a] - deps: cherry-pick 907d7bc from upstream V8 (Michaël Zasso) #​21838
• [afacfd2992] - deps: cherry-pick 2075910 from upstream V8 (Michaël Zasso) #​21838
• [4f24256274] - deps: cherry-pick 555c811 from upstream V8 (Anna Henningsen) #​21741
• [7b4272a14d] - deps: cherry-pick 477df06 from upstream v8 (Gus Caplan) #​21644
• [a0bf7aa07c] - deps: cherry-pick 70c4340 from upstream V8 (Matheus Marchini) #​21126
• [4994ac65b0] - deps: cherry-pick acc336c from upstream V8 (Matheus Marchini) #​21126
• [be569f82f1] - deps: cherry-pick b20faff from upstream V8 (Matheus Marchini) #​21126
• [6df5feb13f] - deps: cherry-pick aa6ce3e from upstream V8 (Michaël Zasso) #​21079
• [8b9a956f9e] - deps: cherry-pick 5dd3395 from upstream V8 (Matheus Marchini) #​21386
• [548008a6f6] - deps: update v8.gyp and run Torque (Michaël Zasso) #​21079
• [9c74271a96] - deps: update V8 to 6.8.275.24 (Michaël Zasso) #​21079
• [a3f3c40966] - doc: simplify urlObject.hash text (Rich Trott) #​22326
• [d2848697dc] - doc: simplify urlObject.hash description (Rich Trott) #​22326
• [6d29986f4d] - doc: simplify format description of urlObject.auth (Rich Trott) #​22324
• [a658a4df34] - doc: remove redundant explanation of format (Rich Trott) #​22324
• [3236697c0b] - doc: use italics for words-as-words (Rich Trott) #​22324
• [da76b61f59] - doc: bump ICU version to avoid confusion (Csaba Palfi) #​22313
• [e04b0532bf] - doc: document 'inherit' option for stdio (non-shorthand) (James Bromwell) #​22309
• [882c2c017a] - doc: clarify http2 docs around class exports (James M Snell) #​22247
• [dd96ba5b89] - doc: add multiple issue templates for GitHub (Tobias Nießen) #​22215
• [d95a22c304] - doc: declare all parameter types (Sam Ruby) #​21782
• [9e25028981] - doc: add missing option for child_process.spawnSync() (James Bromwell) #​22231
• [ef8d0fc490] - doc: list encodings supported by buffer.transcode (James M Snell) #​22263
• [1b41cd44b5] - doc: discuss special protocol handling (James M Snell) #​22261
• [cea8d4f4e9] - doc: replace _WG_ with _team_ (Rich Trott) #​22183
• [fafdae4ce1] - doc: add subprocess.ref() and subprocess.unref() (Thomas Hunter II) #​22220
• [d4f3615aaf] - doc: add gdams to collaborators (George Adams) [#​22236](https://github.com/nodejs/n
  ode/pull/22236)
• [e75885f2e6] - doc: specify options parameter type in zlib.md (Vse Mozhet Byt) #​21920
• [40af9767a2] - doc: declare all parameter types (Sam Ruby) #​21782
• [38dd407c83] - doc: remove unused error codes from errors.md (Сковорода Никита Андреевич) #​21491
• [6c7733f58a] - doc: update recommendations for createCipher (Tobias Nießen) #​22087
• [34300aaaa4] - doc: correct crypto.randomFill() and randomFillSync() (Gerhard Stoebich) #​21550
• [28870a46ac] - doc: add rubys to collaborators (Sam Ruby) #​22109
• [d2ad9a2c13] - doc: fix return type of server.address() (Weijia Wang) #​22043
• [168abb5801] - doc: rename stackStartFunction in assert.md (Eugene Y. Q. Shen) #​22077
• [d364f9c8e7] - doc: fix changelog for v10.8.0 (Michaël Zasso) #​22072
• [abac0c56b8] - doc: mark DEP0004 and DEP0042 as End-of-Life (Jon Moss) #​22033
• [c6a56ae23e] - doc: correct grammatical error in BUILDING.md (Brandon Lee) #​22067
• [29bc55320c] - doc: fixup process.binding deprecation code (James M Snell) #​22062
• [ec9d529a32] - doc: documentation deprecation of process.binding (James M Snell) #​22004
• [37369eba38] - (SEMVER-MINOR) http: allow url and options to be passed to http*.request and http*.get (Sam Ruby) #​21616
• [1ca46ab6f4] - http,tls: name anonymous callbacks (Marco Levrero) #​21412
• [8d226c6a79] - http2: correcting the heading format (Anto Aravinth) #​22262
• [7223a91a50] - http2: explicitly disallow nested push streams (James M Snell) #​22245
• [cee78bf7a2] - http2: avoid race condition in OnHeaderCallback (James M Snell) #​22256
• [fcca2f7e49] - http2: remove streamError from docs (James M Snell) #​22246
• [2bf9a4a09e] - https: allow url and options to be passed to https.request (Sam Ruby) #​22003
• [4c5dc6e012] - inspector: tie objects lifetime to the thread they belong to (Eugene Ostroukhov) #​22242
• [39898695b6] - inspector: add inspector_protocol as a direct dependency (Andrey Lushnikov) #​21975
• [311ec12702] - inspector: fixed V8InspectorClient::currentTimeMS (Aleksey Kozyatinskiy) #​21917
• [8f7e37337f] - lib: remove unused filterInternalStackFrames param (MaleDong) #​22267
• [3f729aac20] - lib: extract validateString validator (Jon Moss) #​22101
• [f570c19c89] - perf_hooks: avoid memory leak on gc observer (James M Snell) #​22241
• [76a65921d3] - readline,zlib: named anonymous functions (Anto Aravinth) #​21792
• [e4f346892c] - repl: support mult-line string-keyed objects (Sam Ruby) #​21805
• [d0b0ea971a] - src: remove unnecessary writes in tls_wrap.cc (Anna Henningsen) #​21984
• [b2ac7a750f] - src: avoid possible race during NodeBIO initialization (Anna Henningsen) #​21984
• [d85b0a3c10] - src: use smart pointers for NodeBIO (Anna Henningsen) #​21984
• [82e71dd8bd] - src: fix integer overflow in GetNow (Anatoli Papirovski) #​22214
• [2737b46e16] - src: add READONLY_STRING_PROPERTY and simplify config (Jon Moss) #​22222
• [8b5485dcf5] - src: fix up doc comment for experimental-worker bool (Anna Henningsen) #​22165
• [e90e56f4ca] - src: remove calls to deprecated v8 functions (NumberValue) (Ujjwal Sharma) #​22094
• [c09872b749] - src: remove unused env->vm_parsing_context_symbol (Jon Moss) #​22034
• [6ca00d7044] - src: remove unused env strings (Jon Moss) #​22137
• [0ca831a0ed] - src: clean up PackageConfig pseudo-boolean fields (Anna Henningsen) #​21987
• [00c33a5131] - src: clean up agent loop when exiting through destructor (Anna Henningsen) #​21867
• [ba480d33ce] - src: use only one tracing write fs req at a time (Anna Henningsen) #​21867
• [6b58746b2e] - src: use unique_ptr for internal JSON trace writer (Anna Henningsen) #​21867
• [ce48936077] - src: plug trace file file descriptor leak (Anna Henningsen) #​21867
• [89e23021fb] - src: initialize file trace writer on tracing thread (Anna Henningsen) [#​21867](http
  s://github.com/src: refactor tracing code  nodejs/node#21867)
• [56edd5fc5b] - src: close tracing event loop (Anna Henningsen) #​21867
• [4c9c1bbc45] - src: fix tracing if cwd or file path is inaccessible (Anna Henningsen) #​21867
• [c101b396aa] - src: refactor default trace writer out of agent (Anna Henningsen) #​21867
• [daafe6c195] - src: refactor tracing agent code (Anna Henningsen) #​21867
• [4379140dbf] - src: minor refactor of node_trace_events.cc (Anna Henningsen) #​21867
• [cde0e5f396] - src: reduce unnecessary includes (Anna Henningsen) #​21867
• [31e3e6f1f8] - stream: fix readable behavior for highWaterMark === 0 (Denys Otrishko) #​21690
• [9d89b3c7ec] - test: rename some allegories (Vse Mozhet Byt) #​22307
• [1d15f33277] - test: call gc() explicitly to avoid OOM (Refael Ackermann) #​22301
• [a7dad4565b] - test: move test-http-client-timeout-option-with-agent to sequential (Ouyang Yadong) #​22083
• [a414b0757a] - test: add test-http2-large-file sequential test (James M Snell) #​22254
• [01fe2cee5b] - test: fix error messages for OpenSSL-1.1.0i (Shigeki Ohtsu) #​22318
• [c145690aad] - test: improve test coverage for comparisons (Ruben Bridgewater) #​22212
• [bdc644f2ec] - test: remove common.fileExists() (Rich Trott) #​22151
• [bc1cb7b7fc] - test: handle errors correctly in GC http test (Ouyang Yadong) #​22185
• [cefc4a03cc] - test: remove second arg from assert.ifError() (Musa Hamwala) #​22190
• [b1cbbbc7af] - test: move require of https to after crypto check (Daniel Bevenius) #​22148
• [a6ab19a96a] - test: move require of http2 to after crypto check (Daniel Bevenius) #​22148
• [7a4c7e6c82] - test: don't mask descriptor.enumerable (Thomas Leah) #​22172
• [5018661a85] - test: remove common.fileExists() (Richard Lau) #​22200
• [77ce40fa03] - test: remove unused argument in assertion (yahavfuchs) #​22113
• [6daa4f8797] - test: update postmortem metadata test (cjihrig) #​21079
• [16a929b867] - test: fix scriptParsed event expectations (Ingvar Stepanyan) #​21079
• [e58c17b849] - test: update certificates and private keys (Fedor Indutny) #​22184
• [d38ccaa421] - test: fix n-api addon build warnings (Kyle Farnung) #​21808
• [d66e52fb8e] - test: run ESM tests in parallel (Michaël Zasso) #​21919
• [6cff57e98d] - test: fix incorrect file mode check (Timothy Gu) #​22023
• [dafaff3a5e] - test: remove unused config (Benjamin Gruenbaum) #​21985
• [a569ae4b44] - test: remove third argument from assert.strictEqual() (Rishabh Singh) #​22051
• [a60060b499] - test: remove third argument from call to assert.strictEqual() (Michael Sommer) #​22047
• [246a94f301] - test: see value of "hadError" in tls test (Oryan Moshe) #​22069
• [a40ee213b3] - test: improve reliability in http2-session-timeout (Rich Trott) #​22026
• [e2d97eeb65] - test: remove outdated documentation (Jon Moss) #​22009
• [94746d6a47] - test: remove outdated, non-functioning test (Anatoli Papirovski) #​20894
• [0beffc0f3b] - test: remove test/gc, integrate into parallel (Anna Henningsen) #​22001
• [c2372eac16] - test: add tracing crash regression test (Eugene Ostroukhov) #​21867
• [7e23080d45] - test: pass through stderr in benchmark tests (Anna Henningsen) #​21860
• [52020dc09a] - test: refactor test-http2-compat-serverresponse-finished.js (Anto Aravinth) #​21929
• [88665b3cef] - test,doc: fix async-hooks coverage doc for md lint (Rod Vagg) #​22296
• [d60b017135] - test,doc: adjust markdown table for linting (Rich Trott) #​22221
• [8f56cc0321] - test,doc: adjust async-hooks coverage doc for lint (Rich Trott) #​22221
• [5c41caa1cc] - test,doc: wrap common module md doc at 80 chars (Rich Trott) #​22221
• [21883be05d] - test,doc: fix lint error in test fixtures (Rich Trott) [#​22221](https://github.com/
  tools,test: apply markdown linting to test dir nodejs/node#22221)
• [ec2209dc8b] - tls: change var to const (Eugen Cazacu) #​22219
• [2d1c1853e9] - tls: remove SLAB_BUFFER_SIZE (Anatoli Papirovski) #​21199
• [f989681e34] - tls: preallocate SSL cipher array (Tobias Nießen) #​22136
• [6cd2d1dddc] - tools: fix header escaping regression (Sam Ruby) #​22084
• [80dd0445c6] - tools: add no-misleading-character-class ESLint rule (Vse Mozhet Byt) #​22278
• [bc35f17b7b] - tools: do not autolink section to itself (Vse Mozhet Byt) #​22138
• [950a4a9b91] - tools: update ESLint to 5.3.0 (Rich Trott) #​22134
• [0c67d326dc] - tools: convert addon-verify to remark (Sam Ruby) #​21978
• [c85d00b786] - tools: produce JSON documentation using unified/remark/rehype (Sam Ruby) #​21697
• [f0c871b0c7] - tools: add make format-cpp to run clang-format on C++ diffs (Joyee Cheung) #​21997
• [5a4abbadfe] - tools: update to using dmn 1.0.11 (Rich Trott) #​22035
• [7a7c194f4e] - tools: fix docs and run known_issues by default (Jon Moss) #​21910
• [4995b28a11] - tools,build: apply markdown linting to test dir (Rich Trott) #​22221
• [ad46cca104] - trace_events: add node.promises category, rejection counter (James M Snell) #​22124
• [b171fa2530] - util: improve display of iterators and weak entries (Ruben Bridgewater) #​20961
• [f1c22eaa56] - util,assert: fix boxed primitives bug (Ruben Bridgewater) #​22243
• [677d10cdd1] - worker: fix deadlock when calling terminate from exit handler (Anna Henningsen) #​22073
• [4b0d2de5f4] - zlib: remove unused parameters (MaleDong) #​22115

---

2018-08-01, Version 10.8.0 (Current), @​targos

Compare Source

Notable Changes

• deps:
  • Upgrade npm to 6.2.0. #​21592
    • npm has moved. This release updates various URLs to point to the right
      places for bugs, support, and PRs.
    • Fix the regular expression matching in xcode_emulation in node-gyp to
      also handle version numbers with multiple-digit major versions which would
      otherwise break under use of XCode 10.
    • The npm tree has been significantly flattened. Tarball size for the npm
      package has gone from 8MB to 4.8MB.
    • Changelogs:
      6.2.0-next.0,
      6.2.0-next.1,
      6.2.0.

Commits

• [335575e49b] - benchmark: remove arrays benchmark (Peter Marshall) #​21831
• [62024b651e] - build: create V8 code cache after script is run (Joyee Cheung) #​21567
• [50ccda2a00] - build: increase macOS minimum supported version (Michaël Zasso) #​21883
• [5e1ceaabaa] - build: remove redundant Makefile target (Rich Trott) #​21915
• [4f00562ef0] - build: add new benchmark targets (Kenny Yuan) #​20905
• [4c5fc5c7ce] - build: move to npm ci where possible (Rich Trott) #​21802
• [e0f3d5703a] - build,win,v8: allow precompiling objects-inl.h (João Reis) #​21772
• [87ed6e6351] - (SEMVER-MINOR) deps: upgrade npm to 6.2.0 (Kat Marchán) #​21592
• [f868415cf6] - deps: cherry-pick 804a693 from upstream V8 (Matheus Marchini) #​21855
• [b56c8ad879] - deps: V8: Backport of 0dd3390 from upstream (James M Snell) #​21899
• [ec0ff7008a] - deps: cherry-pick 907d7bc from upstream V8 (Michaël Zasso) #​21838
• [c23e8b51ea] - deps: cherry-pick 2075910 from upstream V8 (Michaël Zasso) #​21838
• [40fedd3620] - dgram: add getters/setters for private APIs (cjihrig) #​21923
• [98ef8cfb8e] - dgram: make _createSocketHandle() internal only (cjihrig) #​21923
• [ae17d18013] - dgram: hide underscored Socket properties (cjihrig) #​21923
• [b5b74382e0] - dgram: hide _healthCheck() and _stopReceiving() (cjihrig) #​21923
• [b5ae33959b] - doc: add pronouns to readme (Teddy Katz) #​22036
• [f4b6031e39] - doc: clarify text about internal module changes (MaleDong) #​22024
• [1f9570bd10] - doc: add missing worker error (Benjamin Gruenbaum) #​21947
• [67d7a15886] - doc: fix typo in releases.md (Vitor Bruno de Oliveira Barth) #​21990
• [2a0fa4792e] - doc: do not advise to cancel full CI on onboarding (Vse Mozhet Byt) #​21977
• [478dbee8fe] - doc: replace deprecated CI job (Vse Mozhet Byt) #​21938
• [5b0c451e61] - doc: add guide for updating N-API API surface (Hitesh Kanwathirtha) #​21877
• [96bb6052e9] - doc: add node-test-commit-custom-suites to docs (Rich Trott) #​21927
• [c44df51249] - doc: link n-api module init to multi-load addons (Gabriel Schulhof) #​21891
• [c3d9000111] - doc: document http2 network error behaviour (Anna Henningsen) #​21861
• [e8d5787840] - doc: document MODULE_NOT_FOUND error (Jacob Page) #​21894
• [5e562fd792] - doc: fix sorting in the vm.Module section (Vse Mozhet Byt) #​21931
• [eabe907e03] - doc: fix descriptions of sync methods in fs.md (Tim Ruffles) #​21747
• [bd352f0298] - doc: update and improve the release guide (Michaël Zasso) #​21868
• [fd5a0c7a1f] - doc: fix incorrect method name (Anto Aravinth) #​21908
• [af1530e06d] - doc: add cjihrig pronouns (cjihrig) #​21901
• [4d78a21d8c] - doc: add missing require to example in http2.md (Kevin Simper) #​21858
• [ab0da57150] - doc: make minor improvements to collab guide (Rich Trott) #​21862
• [b510cdc756] - doc: fix worker example to receive message (Sakthipriyan Vairamani (thefourtheye)) #​21486
• [d91742aa9a] - fs: reduce memory retention when streaming small files (Anna Henningsen) #​21968
• [484140e223] - fs: stop lazy loading stream constructors (Michaël Zasso) #​21776
• [8799f43fb0] - http: revert "http: always emit close on req and res" (Michaël Zasso) #​21809
• [a5928712c9] - http: name anonymous function in _http_common.js (Petras) #​21755
• [337b2df82f] - http2: release request()'s "connect" event listener after it runs (James Ide) #​21916
• [1e15581823] - http2: remove unused nghttp2 error list (Anna Henningsen) #​21827
• [baf3027c77] - lib: remove usc-2 encoding (Brian White) #​21964
• [9817e405ee] - (SEMVER-MINOR) lib,src: replace all C++ promises with JS promises (Ruben Bridgewater) #​20830
• [45816c50ac] - n-api: guard against cond null dereference (Gabriel Schulhof) #​21871
• [2548f75a92] - src: use UTF-8 for naming interfaces in unix (Ujjwal Sharma) #​21926
• [6b6a26bb8d] - src: use kInternalized instead of kNormal (Ujjwal Sharma) #​21926
• [2c95b96e8e] - src: remove calls to deprecated v8 functions (NewFromUtf8) (Ujjwal Sharma) #​21926
• [e0336b2891] - src: fix may be uninitialized warning in n-api (Michael Dawson) #​21898
• [2f3a28dbf2] - src: use available ReqWrap instance for libuv req (Jon Moss) #​21980
• [80b5c914bb] - src: add proper MemoryInfoName to wrappers (Joyee Cheung) #​21939
• [f6606bf9e4] - src: add missing cmath include to traced_value.cc (Anna Henningsen)

[coveralls]

Pull Request Test Coverage Report for Build 364

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 92.071%

---

Totals
Change from base Build 359:	0.0%
Covered Lines:	1279
Relevant Lines:	1340

---

💛 - Coveralls

[codecov-io]

Codecov Report

Merging #21 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #21   +/-   ##
=======================================
  Coverage   94.55%   94.55%           
=======================================
  Files          84       84           
  Lines        1413     1413           
  Branches      235      235           
=======================================
  Hits         1336     1336           
  Misses         73       73           
  Partials        4        4

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e5974e1...2835a5c. Read the comment docs.