- Since we now just reference the nodejs blog post in the
post to the nodejs-sec mailing list, change the order
so the blog post comes first
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/40725
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Add missing semicolons that will be flagged when we update
@babel/eslint-parser to 7.16.0.
PR-URL: https://github.com/nodejs/node/pull/40720
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
The --production flag has no effect in this situation. Remove it.
Add --ignore-scripts as a precaution.
PR-URL: https://github.com/nodejs/node/pull/40644
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Update ESLint, Babel, remark, and so on. Run once a week.
PR-URL: https://github.com/nodejs/node/pull/40644
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/40737
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Use `gh` CLI for CI and commit queue jobs, and use the correct token
to merge PRs.
PR-URL: https://github.com/nodejs/node/pull/40742
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
When using Squash and Merge feature, it would allow to a malicious
actor to push unreviewed code to their PR while the CQ is running and
bypass the usual checks.
This commit adds a check to refuse to land if the head of the PR
branch is different from the one validated by ncu.
PR-URL: https://github.com/nodejs/node/pull/40747
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
• Removed unreachable code of the `evalModule()` function as an early
error is thrown when the `print` parameter is a truthy value.
• Make use of the nullish coalescing operator.
PR-URL: https://github.com/nodejs/node/pull/40664
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
The ABNF for chunk extensions as per RFC 7230 is
chunk-ext = *( ";" chunk-ext-name [ "=" chunk-ext-val ] )
chunk-ext-name = token
chunk-ext-val = token / quoted-string
Add a semicolon after the chunk size for clarity.
This does not invalidate the test as it verifies that the HTTP parser
does not ignore chunk extensions.
PR-URL: https://github.com/nodejs/node/pull/40487
Refs: https://grenfeldt.dev/2021/10/08/gunicorn-20.1.0-public-disclosure-of-request-smuggling
Reviewed-By: James M Snell <jasnell@gmail.com>
Remove V8 flag for import assertions, enabling support for the syntax;
require the import assertion syntax for imports of JSON.
Support import assertions in user loaders.
Use both resolved module URL and import assertion type as the key for
caching modules.
Co-authored-by: Geoffrey Booth <webadmin@geoffreybooth.com>
PR-URL: https://github.com/nodejs/node/pull/40250
Reviewed-By: Bradley Farias <bradley.meck@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Comparing any value to any non-RegExp literal or undefined using
strictEqual (or notStrictEqual) passes if and only if deepStrictEqual
(or notDeepStrictEqual, respectively) passes.
Unnecessarily using deep comparisons adds confusion.
This patch adds an ESLint rule that forbids the use of deepStrictEqual
and notDeepStrictEqual when the expected value (i.e., the second
argument) is a non-RegExp literal or undefined.
For reference, an ESTree literal is defined as follows.
extend interface Literal <: Expression {
type: "Literal";
value: string | boolean | null | number | RegExp | bigint;
}
The value `undefined` is an `Identifier` with `name: 'undefined'`.
PR-URL: https://github.com/nodejs/node/pull/40634
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
If there is not a blank line before it, the comment does not re-enable
the rule.
PR-URL: https://github.com/nodejs/node/pull/40647
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
This will help enforce formatting of markdown files.
PR-URL: https://github.com/nodejs/node/pull/40647
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
The function only takes two arguments.
PR-URL: https://github.com/nodejs/node/pull/40683
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Most PRs are meant to be squashed in one commit when landing. If the
collaborator hasn't been using `fixup!` commits, the CQ lands the PR
as several commits. This change makes the CQ abort by default
when attempting to land several commits, unless there's another
label added to the PR to force squashing or landing as several commits.
Fixes: https://github.com/nodejs/node/issues/40436
Refs: https://github.com/nodejs/node-core-utils/pull/572
PR-URL: https://github.com/nodejs/node/pull/40577
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/39283
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
The win10-COMPILED_BY-vs2019 hosts in CI are very slow and timing out on
certain tests in pummel and (previously) benchmark. Increase timeout
from 4x to 6x.
PR-URL: https://github.com/nodejs/node/pull/40684
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
test-benchmark-buffer is consistently timing out on a single Windows
host in CI. Rather than try to figure out if we need to scale the
timeout up for a certain memory limit or chip speed or something else,
let's increase the timeout for benchmark tests in general.
PR-URL: https://github.com/nodejs/node/pull/40684
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
Update mdast-util-to-markdown to 1.2.4 which reduces unnecessary
escaping of `_` and some other characters. Re-run markdown formatter.
PR-URL: https://github.com/nodejs/node/pull/40645
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Once the README and find-inactive-collaborators.mjs changes land here,
we can introduce markdown formatting as a step in the toolchain
somewhere.
Before this lands, https://github.com/nodejs/node-core-utils/pull/578
will need to land and be included in a node-core-utils release.
PR-URL: https://github.com/nodejs/node/pull/40645
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
The update-authors tool omits Chromium team members. This was a decision
made years ago. The idea was that these folks contributed to V8 not to
Node.js, as they typically ended up in our code-base via cherry-picked
commits from V8.
Ref: https://github.com/nodejs/node/pull/232#discussion-diff-22412788
Now that there are over 3000 contributors identified in AUTHORS, some of
whom are bots that we run, I think it's time to undo this exception. If
we used someone else's code in a cherry-pick, congratulations to them,
they're authors. In particular, this will fix the omission of Yang
Guo who contributed extensively to Node.js outside of V8 contributions.
PR-URL: https://github.com/nodejs/node/pull/40648
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Signed-off-by: Darshan Sen <darshan.sen@postman.com>
PR-URL: https://github.com/nodejs/node/pull/40584
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
