Adds a "dependencies" field to resources in policy manifest files.
In order to ease development and testing while using manifests,
wildcard values for both "dependencies" and "integrity" have been
added using the boolean value "true" in the policy manifest.
PR-URL: https://github.com/nodejs/node/pull/28767
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
It is possible to bypass parameter validation in crypto.scrypt and
crypto.scryptSync by crafting option objects with malicious getters as
demonstrated in the regression test. After bypassing validation, any
value can be passed to the C++ layer, causing an assertion to crash
the process.
Fixes: https://github.com/nodejs/node/issues/28836
PR-URL: https://github.com/nodejs/node/pull/28838
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This change adds an outputLength option to crypto.createHash which
allows users to produce variable-length hash values using XOF hash
functons.
Fixes: https://github.com/nodejs/node/issues/28757
PR-URL: https://github.com/nodejs/node/pull/28805
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Often, the word “identical” when referring to JS objects will
be read as referring to having the same object identity (which is
called “reference equality” here), but what the error message is
trying to say here is that the objects are different but yield the
same `util.inspect()` output.
Since `util.inspect()` output represents the structure rather than
the identity of objects, (hopefully) clarify the error message to
reflect that.
PR-URL: https://github.com/nodejs/node/pull/28824
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
The code currently loops over the results, but only the
first result is accessed.
PR-URL: https://github.com/nodejs/node/pull/28829
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
In diagnostic reports, the CPUs are listed in a "cpus" field.
This commit fixes the docs, which refer to the field as "osCpus"
PR-URL: https://github.com/nodejs/node/pull/28830
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Adds `napi_set_instance_data()` and `napi_get_instance_data()`, which
allow native addons to store their data on and retrieve their data from
`napi_env`. `napi_set_instance_data()` accepts a finalizer which is
called when the `node::Environment()` is destroyed.
This entails rendering the `napi_env` local to each add-on.
Fixes: https://github.com/nodejs/abi-stable-node/issues/378
PR-URL: https://github.com/nodejs/node/pull/28682
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Existing docs weren't clear on the actual problem. In addition, the text
described 8.0.0 as being a future Node.js release, so adjust language
to reflect that 8.0.0 is in the past (while not losing important
information about what the pre-8.x behaviour was).
PR-URL: https://github.com/nodejs/node/pull/28825
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
In #23913 it looked like arm64 testing was flaky, and as a result a
number of changes were made including disabling openssl asm for that
architecture.
This PR is limited to re-enabling the one change to turn on openssl asm
for arm64, in the hopes that either it works now, or that this specific
change introduces a reproducible condition.
See: https://github.com/nodejs/node/pull/23913
PR-URL: https://github.com/nodejs/node/pull/28180
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
When an uncaught exception is thrown inside a domain, the domain is
removed from the stack as of 43a5170858.
This means that it might not be kept alive as an object anymore,
and may be garbage collected before the `after()` hook can run,
which tries to exit it as well.
Resolve that by making references to the domain strong while it is
active.
Fixes: https://github.com/nodejs/node/issues/28275
PR-URL: https://github.com/nodejs/node/pull/28313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Original commit message:
[code-serializer] Handlify in CodeSerializer::Deserialize
This section potentially contains allocations and thus gc, all object
references should be handlified.
Bug: v8:9333
Change-Id: I5814e66e8b9b75a8bd952afecae7a3a27b42a642
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647695
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62012}
(This required resolution of a few merge conflicts, so it’s essentially
a manual backport.)
Refs: b107214265
Refs: https://github.com/nodejs/node/pull/28847
PR-URL: https://github.com/nodejs/node/pull/28850
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
The perl script must be fully named, correct so that the command can be
copy-pasted-run from the docs.
PR-URL: https://github.com/nodejs/node/pull/28808
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.
Certificates added: (none)
Certificates removed:
- Certinomis - Root CA
PR-URL: https://github.com/nodejs/node/pull/28808
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit updates validateInteger() in two ways:
- Number.isInteger() is used instead of Number.isSafeInteger().
This ensures that all integer values are supported.
- Minimum and maximum values are supported. They default to
the min and max safe integer values, but can be customized.
PR-URL: https://github.com/nodejs/node/pull/28810
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
The comment refers to an exception type that JS land throws on the C++
code's behalf but apparently I changed the JS name before landing the
pull request and forgot to update the comment.
Refs: https://github.com/nodejs/node/pull/20816
PR-URL: https://github.com/nodejs/node/pull/28320
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
The upstream commit fixes an incorrect initialization of memory in
rand_lib.c. This fixes all errors that are reported by valgrind during
startup.
Origin: https://github.com/openssl/openssl/commit/15d7e7997e219fc
PR-URL: https://github.com/nodejs/node/pull/28796
Fixes: https://github.com/nodejs/node/issues/28739
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Heap dumps can be taken either through the inspector or the public API
for it during an async_hooks init() hook, but at that point the
AsyncWrap in question is not done initializing yet and virtual methods
cannot be called on it.
Address this issue (somewhat hackily) by excluding `AsyncWrap`
instances which have not yet executed their `init()` hook fully
from heap dumps.
Fixes: https://github.com/nodejs/node/issues/28786
PR-URL: https://github.com/nodejs/node/pull/28789
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
In particular:
- Move the class definition to the relevant header file,
i.e. `node_contextify.h`.
- Make sure that class instances are destroyed on
`Environment` teardown.
- Make instances of the key object traceable in heap dumps. This is
particularly relevant here because our C++ script → map key mapping
could introduce memory leaks when the import function metadata refers
back to the script in some way.
Refs: https://github.com/nodejs/node/pull/28671
PR-URL: https://github.com/nodejs/node/pull/28782
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Rich Trott <rtrott@gmail.com>
As node requires a tracing controller to be initialized embedders need
access to the TraceEventHelper so that we can actually set the tracing
controller.
Refs: 0e5b6f9300/#diff-89b287b2edd0a02dddae60cb26157f47
PR-URL: https://github.com/nodejs/node/pull/28724
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
when the readable side of a transform ends any for await
loop on that transform stream should also complete. This
fix prevents for await loop on a transform stream
from hanging indefinitely.
PR-URL: https://github.com/nodejs/node/pull/28566
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This method blocks current node process until a client sends
Runtime.runifWaitingForDebugger.
It can be useful when we need to report inspector.url() before
waiting for connection:
```
inspector.open(0, undefined, false);
fs.writeFileSync(someFileName, inspector.url());
inspector.waitForDebugger();
```
PR-URL: https://github.com/nodejs/node/pull/28453
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
As KVStore has derived classes, it is essential to
declare a public virtual destructor in the base
KVStore class. Otherwise, deleting derived class
instances using base class pointers would
potentially cause undefined behaviour.
Additionally, since we are implementing a non-default
destructor, the special member functions have also
been implemented in order to abide by the rule of five.
PR-URL: https://github.com/nodejs/node/pull/28737
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
It's nice to have usage examples, especially since the flag requires the
`SIG` version of the signal name, unlike `kill`.
PR-URL: https://github.com/nodejs/node/pull/28754
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Add specific recommendation not to use the
to the napi-env parameter in napi_async_execute_callback
PR-URL: https://github.com/nodejs/node/pull/28738
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Original commit message:
[api] Get ScriptOrModule from CompileFunctionInContext
Adds a new out param which allows accessing the ScriptOrModule
of a function, which allows an embedder such as Node.js to use
the function's i::Script lifetime.
Refs: https://github.com/nodejs/node-v8/issues/111
Change-Id: I34346d94d76e8f9b8377c97d948673f4b95eb9d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1699698
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62830}
Refs: b33af60dd9
PR-URL: https://github.com/nodejs/node/pull/28671
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Guy Bedford <guybedford@gmail.com>
Now large pages is also supported by FreeBSD.
PR-URL: https://github.com/nodejs/node/pull/28729
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
