-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
inspector: don't bind to 0.0.0.0 by default (v6.x) #21376
Conversation
Tool versions can be 10 and higher. Float patch from node-gyp to accommodate this fact of life. PR-URL: nodejs#21216 Refs: nodejs/node-gyp@293092c Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Compare versions using tuples instead of strings so that it is future-proofed against versions that contain a number that is more than one digit. Backport-PR-URL: nodejs#21301 PR-URL: nodejs#21183 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Using High Sierra and `xcode-select --install` without installing full Xcode, our build tooling breaks due to faulty regular expressions. Update the `configure` script in our project root directory to handle multi-digit version numbers. `tools/gyp` and `deps/npm/node_modules/node-gyp` still need to be updated for a complete fix. PR-URL: nodejs#21173 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Change the bind address from 0.0.0.0 to 127.0.0.1 and start respecting the address part of `--inspect=<address>:<port>` so that the bind address can be overridden by the user. Fixes: nodejs#21349
Linter failure is infrastructural:
|
Build PR for v6.x linter: nodejs/build#1349 |
@nodejs/release @nodejs/lts do we want to do a 6.x release for this? |
In 6.x the V8 inspector is an experimental feature, so I would say no to doing a release specifically for this. I would not be opposed to including it in a release if other critical fixes are found to warrant a release. |
@nodejs/security-wg |
That's a welcomed change 👍 |
FYI this is queued up for inclusion in v6.14.4 as per https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ |
Change the bind address from 0.0.0.0 to 127.0.0.1 and start respecting
the address part of
--inspect=<address>:<port>
so that the bindaddress can be overridden by the user.
Fixes: #21349