-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: upgrade V8 to 4.5.103.35 #3117
Conversation
Apply the latest fixes from V8 4.5 branch & bring us up to 4.5.103.35: * Disallow Object.observe calls on access checked objects. v8/v8@134e541 * Avoid excessive data copying for ExternalStreamingStream::SetBookmark. v8/v8@96dddb4
LGTM, if CI is green |
BTW, FYI, note that https://github.com/v8/v8 is the new home of the V8 github mirror. |
LGTM |
CI is green, but arm-v8 failed to run. I have launched an arm-only re-run here: https://ci.nodejs.org/job/node-test-commit-arm/766/ |
Looks like they're green. LGTM. |
LGTM |
Added the land-on-4.x tag. I am assuming the release-magicians will land it. /cc @nodejs/release |
That is technically breaking, isn't it? Weird grey area. No real opinions here. |
cc @nodejs/lts ^ |
I'm guessing v8/v8@134e541 is related to CVE-2015-1304. Seems like an appropriate bugfix to me that we want in v4, I'm fine with this so lgtm. |
No, it's a security fix. |
Apply the latest fixes from V8 4.5 branch & bring us up to 4.5.103.35: * Disallow Object.observe calls on access checked objects. v8/v8@134e541 * Avoid excessive data copying for ExternalStreamingStream::SetBookmark. v8/v8@96dddb4 PR-URL: #3117 Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: trevnorris - Trevor Norris <trev.norris@gmail.com> Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Landed on master in c273944. |
Apply the latest fixes from V8 4.5 branch & bring us up to 4.5.103.35: * Disallow Object.observe calls on access checked objects. v8/v8@134e541 * Avoid excessive data copying for ExternalStreamingStream::SetBookmark. v8/v8@96dddb4 PR-URL: #3117 Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: trevnorris - Trevor Norris <trev.norris@gmail.com> Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Notable changes * http: - Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability CVE-2015-7384 (Fedor Indutny) #3128 - Account for pending response data instead of just the data on the current request to decide whether pause the socket or not (Fedor Indutny) #3128 * libuv: Upgraded from v1.7.4 to v1.7.5, see release notes for details (Saúl Ibarra Corretgé) #3010 - A better rwlock implementation for all Windows versions - Improved AIX support * v8: - Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) #3117 - Backported f782159 from v8's upstream to help speed up Promise introspection (Ben Noordhuis) #3130 - Backported c281c15 from v8's upstream to add JSTypedArray length in post-mortem metadata (Julien Gilli) #3031 PR-URL: #3128
Notable changes * http: - Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability CVE-2015-7384 (Fedor Indutny) #3128 - Account for pending response data instead of just the data on the current request to decide whether pause the socket or not (Fedor Indutny) #3128 * libuv: Upgraded from v1.7.4 to v1.7.5, see release notes for details (Saúl Ibarra Corretgé) #3010 - A better rwlock implementation for all Windows versions - Improved AIX support * v8: - Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) #3117 - Backported f782159 from v8's upstream to help speed up Promise introspection (Ben Noordhuis) #3130 - Backported c281c15 from v8's upstream to add JSTypedArray length in post-mortem metadata (Julien Gilli) #3031 PR-URL: #3128
landed in v4.x-staging in 5a9e795 |
Pick up the latest fixes from V8 4.5 branch & bring us up to 4.5.103.35:
v8/v8@134e541
v8/v8@96dddb4
R=@targos, @bnoordhuis
/cc @nodejs/v8