Release proposal: v6.2.1
Replaces https://github.com/nodejs/node/pull/6934, Jeremiah's not doing too well atm and I haven't done a >= v4 release for a while!
View changelog at https://github.com/nodejs/node/blob/v6.2.1-proposal/doc/changelogs/CHANGELOG_V6.md
CI is happy @ https://ci.nodejs.org/job/node-test-commit/3624/
Notable changes
-
buffer: Ignore negative lengths in calls to
Buffer()
andBuffer.allocUnsafe()
. This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor orallocUnsafe()
as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) #7051 -
npm: Upgrade npm to 3.9.3 (Kat Marchán) #7030
-
npm/npm@42d71be
npm/npm#12685 When usingnpm ls <pkg>
without a semver specifier,npm ls
would skip any packages in your tree that matched by name, but had a prerelease version in theirpackage.json
. (@zkat) -
npm/npm@f04e05
npm/npm#10013read-package-tree@5.1.4
: Fixes an issue wherenpm install
would fail if yournode_modules
was symlinked. (@iarna) -
b894413
#12372 Changing a nested dependency in annpm-shrinkwrap.json
and then runningnpm install
would not get up the updated package. This corrects that. (@misterbyrne) - This release includes
npm@3.9.0
, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis.
-
- tty: Explicitly opt-in to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at https://github.com/nodejs/node/issues/6980. (Jeremiah Senkpiel) #6895
- V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see https://github.com/node-inspector/node-inspector/issues/864 for details. (Michaël Zasso) #6928