cli: whitelist new V8 flag in NODE_OPTIONS by codebytere · Pull Request #30094 · nodejs/node
added
the
c++
label
Oct 23, 2019
codebytere
added
the
cli
label
Oct 23, 2019
addaleax
added
the
author ready
label
Oct 23, 2019
codebytere added a commit that referenced this pull request
Oct 28, 2019
Explicitly whitelists --disallow-code-generation-from-strings in NODE_OPTIONS as a new V8 flag. This flag prevents strings like eval() from performing code generation. PR-URL: #30094 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request
Nov 5, 2019
Explicitly whitelists --disallow-code-generation-from-strings in NODE_OPTIONS as a new V8 flag. This flag prevents strings like eval() from performing code generation. PR-URL: #30094 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request
Nov 8, 2019
Explicitly whitelists --disallow-code-generation-from-strings in NODE_OPTIONS as a new V8 flag. This flag prevents strings like eval() from performing code generation. PR-URL: #30094 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request
Nov 10, 2019
Explicitly whitelists --disallow-code-generation-from-strings in NODE_OPTIONS as a new V8 flag. This flag prevents strings like eval() from performing code generation. PR-URL: #30094 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
targos
added
the
semver-minor
label
Nov 10, 2019MylesBorins pushed a commit that referenced this pull request
Jan 12, 2020
Explicitly whitelists --disallow-code-generation-from-strings in NODE_OPTIONS as a new V8 flag. This flag prevents strings like eval() from performing code generation. PR-URL: #30094 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
BethGriggs pushed a commit that referenced this pull request
Feb 6, 2020
Explicitly whitelists --disallow-code-generation-from-strings in NODE_OPTIONS as a new V8 flag. This flag prevents strings like eval() from performing code generation. PR-URL: #30094 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request
Feb 11, 2020
Notable changes: New assert APIs The `assert` module now provides experimental `assert.match()` and `assert.doesNotMatch()` methods. They will validate that the first argument is a string and matches (or does not match) the provided regular expression This is an experimental feature. Ruben Bridgewater [#30929](#30929). Advanced serialization for IPC The `child_process` and `cluster` modules now support a `serialization` option to change the serialization mechanism used for IPC. The option can have one of two values: * `'json'` (default): `JSON.stringify()` and `JSON.parse()` are used. This is how message serialization was done before. * `'advanced'`: The serialization API of the `v8` module is used. It is based on the HTML structured clone algorithm. and is able to serialize more built-in JavaScript object types, such as `BigInt`, `Map`, `Set` etc. as well as circular data structures. Anna Henningsen [#30162](#30162). CLI flags The new `--trace-exit` CLI flag makes Node.js print a stack trace whenever the Node.js environment is exited proactively (i.e. by invoking the `process.exit()` function or pressing Ctrl+C). legendecas [#30516](#30516). ___ The new `--trace-uncaught` CLI flag makes Node.js print a stack trace at the time of throwing uncaught exceptions, rather than at the creation of the `Error` object, if there is any. This option is not enabled by default because it may affect garbage collection behavior negatively. Anna Henningsen [#30025](#30025). ___ The `--disallow-code-generation-from-strings` V8 CLI flag is now whitelisted in the `NODE_OPTIONS` environment variable. Shelley Vohr [#30094](#30094). New crypto APIs For DSA and ECDSA, a new signature encoding is now supported in addition to the existing one (DER). The `verify` and `sign` methods accept a `dsaEncoding` option, which can have one of two values: * `'der'` (default): DER-encoded ASN.1 signature structure encoding `(r, s)`. * `'ieee-p1363'`: Signature format `r || s` as proposed in IEEE-P1363. Tobias Nießen [#29292](#29292). ___ A new method was added to `Hash`: `Hash.prototype.copy`. It makes it possible to clone the internal state of a `Hash` object into a new `Hash` object, allowing to compute the digest between updates. Ben Noordhuis [#29910](#29910). Dependency updates libuv was updated to 1.34.0. This includes fixes to `uv_fs_copyfile()` and `uv_interface_addresses()` and adds two new functions: `uv_sleep()` and `uv_fs_mkstemp()`. Colin Ihrig [#30783](#30783). ___ V8 was updated to 7.8.279.23. This includes performance improvements to object destructuring, RegExp match failures and WebAssembly startup time. The official release notes are available at https://v8.dev/blog/v8-release-78. Michaël Zasso [#30109](#30109). New EventEmitter APIs The new `EventEmitter.on` static method allows to async iterate over events. Matteo Collina [#27994](#27994). ___ It is now possible to monitor `'error'` events on an `EventEmitter` without consuming the emitted error by installing a listener using the symbol `EventEmitter.errorMonitor`. Gerhard Stoebich [#30932](#30932). ___ Using `async` functions with event handlers is problematic, because it can lead to an unhandled rejection in case of a thrown exception. The experimental `captureRejections` option in the `EventEmitter` constructor or the global setting change this behavior, installing a `.then(undefined, handler)` handler on the `Promise`. This handler routes the exception asynchronously to the `Symbol.for('nodejs.rejection')` method if there is one, or to the `'error'` event handler if there is none. Setting `EventEmitter.captureRejections = true` will change the default for all new instances of `EventEmitter`. This is an experimental feature. Matteo Collina [#27867](#27867). Performance Hooks are no longer experimental The `perf_hooks` module is now considered a stable API. legendecas [#31101](#31101). Introduction of experimental WebAssembly System Interface (WASI) support A new core module, `wasi`, is introduced to provide an implementation of the [WebAssembly System Interface](https://wasi.dev/) specification. WASI gives sandboxed WebAssembly applications access to the underlying operating system via a collection of POSIX-like functions. This is an experimental feature. Colin Ihrig [#30258](#30258). PR-URL: #31691
targos pushed a commit that referenced this pull request
Feb 11, 2020
Notable changes: New assert APIs The `assert` module now provides experimental `assert.match()` and `assert.doesNotMatch()` methods. They will validate that the first argument is a string and matches (or does not match) the provided regular expression This is an experimental feature. Ruben Bridgewater [#30929](#30929). Advanced serialization for IPC The `child_process` and `cluster` modules now support a `serialization` option to change the serialization mechanism used for IPC. The option can have one of two values: * `'json'` (default): `JSON.stringify()` and `JSON.parse()` are used. This is how message serialization was done before. * `'advanced'`: The serialization API of the `v8` module is used. It is based on the HTML structured clone algorithm. and is able to serialize more built-in JavaScript object types, such as `BigInt`, `Map`, `Set` etc. as well as circular data structures. Anna Henningsen [#30162](#30162). CLI flags The new `--trace-exit` CLI flag makes Node.js print a stack trace whenever the Node.js environment is exited proactively (i.e. by invoking the `process.exit()` function or pressing Ctrl+C). legendecas [#30516](#30516). ___ The new `--trace-uncaught` CLI flag makes Node.js print a stack trace at the time of throwing uncaught exceptions, rather than at the creation of the `Error` object, if there is any. This option is not enabled by default because it may affect garbage collection behavior negatively. Anna Henningsen [#30025](#30025). ___ The `--disallow-code-generation-from-strings` V8 CLI flag is now whitelisted in the `NODE_OPTIONS` environment variable. Shelley Vohr [#30094](#30094). New crypto APIs For DSA and ECDSA, a new signature encoding is now supported in addition to the existing one (DER). The `verify` and `sign` methods accept a `dsaEncoding` option, which can have one of two values: * `'der'` (default): DER-encoded ASN.1 signature structure encoding `(r, s)`. * `'ieee-p1363'`: Signature format `r || s` as proposed in IEEE-P1363. Tobias Nießen [#29292](#29292). ___ A new method was added to `Hash`: `Hash.prototype.copy`. It makes it possible to clone the internal state of a `Hash` object into a new `Hash` object, allowing to compute the digest between updates. Ben Noordhuis [#29910](#29910). Dependency updates libuv was updated to 1.34.0. This includes fixes to `uv_fs_copyfile()` and `uv_interface_addresses()` and adds two new functions: `uv_sleep()` and `uv_fs_mkstemp()`. Colin Ihrig [#30783](#30783). ___ V8 was updated to 7.8.279.23. This includes performance improvements to object destructuring, RegExp match failures and WebAssembly startup time. The official release notes are available at https://v8.dev/blog/v8-release-78. Michaël Zasso [#30109](#30109). New EventEmitter APIs The new `EventEmitter.on` static method allows to async iterate over events. Matteo Collina [#27994](#27994). ___ It is now possible to monitor `'error'` events on an `EventEmitter` without consuming the emitted error by installing a listener using the symbol `EventEmitter.errorMonitor`. Gerhard Stoebich [#30932](#30932). ___ Using `async` functions with event handlers is problematic, because it can lead to an unhandled rejection in case of a thrown exception. The experimental `captureRejections` option in the `EventEmitter` constructor or the global setting change this behavior, installing a `.then(undefined, handler)` handler on the `Promise`. This handler routes the exception asynchronously to the `Symbol.for('nodejs.rejection')` method if there is one, or to the `'error'` event handler if there is none. Setting `EventEmitter.captureRejections = true` will change the default for all new instances of `EventEmitter`. This is an experimental feature. Matteo Collina [#27867](#27867). Performance Hooks are no longer experimental The `perf_hooks` module is now considered a stable API. legendecas [#31101](#31101). Introduction of experimental WebAssembly System Interface (WASI) support A new core module, `wasi`, is introduced to provide an implementation of the [WebAssembly System Interface](https://wasi.dev/) specification. WASI gives sandboxed WebAssembly applications access to the underlying operating system via a collection of POSIX-like functions. This is an experimental feature. Colin Ihrig [#30258](#30258). PR-URL: #31691
andrewdotn added a commit to andrewdotn/node that referenced this pull request
Mar 5, 2020
This work is modeled on nodejs#30094 which allowed `--disallow-code-generation-from-strings` in `NODE_OPTIONS`. The `--jitless` v8 option has been supported since 12.0.0. As a v8 option, node automatically picks it up, but there have been a few issues that were resolved by simply telling users about the option: nodejs#26758, nodejs#28800. This PR: - allows `--jitless` in `NODE_OPTIONS` - documents `--jitless` - moves `--experimental-loader=module` to locally restore alphabetical order in option documentation Refs: nodejs#30094 Refs: nodejs#26758 Refs: nodejs#28800
mmarchini pushed a commit that referenced this pull request
Mar 9, 2020
This work is modeled on #30094 which allowed `--disallow-code-generation-from-strings` in `NODE_OPTIONS`. The `--jitless` v8 option has been supported since 12.0.0. As a v8 option, node automatically picks it up, but there have been a few issues that were resolved by simply telling users about the option: #26758, This PR: - allows `--jitless` in `NODE_OPTIONS` - documents `--jitless` - moves `--experimental-loader=module` to locally restore alphabetical order in option documentation Refs: #30094 Refs: #26758 Refs: #28800 PR-URL: #32100 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
MylesBorins pushed a commit that referenced this pull request
Mar 9, 2020
This work is modeled on #30094 which allowed `--disallow-code-generation-from-strings` in `NODE_OPTIONS`. The `--jitless` v8 option has been supported since 12.0.0. As a v8 option, node automatically picks it up, but there have been a few issues that were resolved by simply telling users about the option: #26758, This PR: - allows `--jitless` in `NODE_OPTIONS` - documents `--jitless` - moves `--experimental-loader=module` to locally restore alphabetical order in option documentation Refs: #30094 Refs: #26758 Refs: #28800 PR-URL: #32100 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
codebytere pushed a commit that referenced this pull request
Mar 23, 2020
This work is modeled on #30094 which allowed `--disallow-code-generation-from-strings` in `NODE_OPTIONS`. The `--jitless` v8 option has been supported since 12.0.0. As a v8 option, node automatically picks it up, but there have been a few issues that were resolved by simply telling users about the option: #26758, This PR: - allows `--jitless` in `NODE_OPTIONS` - documents `--jitless` - moves `--experimental-loader=module` to locally restore alphabetical order in option documentation Refs: #30094 Refs: #26758 Refs: #28800 PR-URL: #32100 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
codebytere pushed a commit that referenced this pull request
Mar 30, 2020
This work is modeled on #30094 which allowed `--disallow-code-generation-from-strings` in `NODE_OPTIONS`. The `--jitless` v8 option has been supported since 12.0.0. As a v8 option, node automatically picks it up, but there have been a few issues that were resolved by simply telling users about the option: #26758, This PR: - allows `--jitless` in `NODE_OPTIONS` - documents `--jitless` - moves `--experimental-loader=module` to locally restore alphabetical order in option documentation Refs: #30094 Refs: #26758 Refs: #28800 PR-URL: #32100 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request
Apr 1, 2020
This work is modeled on nodejs#30094 which allowed `--disallow-code-generation-from-strings` in `NODE_OPTIONS`. The `--jitless` v8 option has been supported since 12.0.0. As a v8 option, node automatically picks it up, but there have been a few issues that were resolved by simply telling users about the option: nodejs#26758, This PR: - allows `--jitless` in `NODE_OPTIONS` - documents `--jitless` - moves `--experimental-loader=module` to locally restore alphabetical order in option documentation Refs: nodejs#30094 Refs: nodejs#26758 Refs: nodejs#28800 PR-URL: nodejs#32100 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
MylesBorins pushed a commit that referenced this pull request
Apr 1, 2020
This work is modeled on #30094 which allowed `--disallow-code-generation-from-strings` in `NODE_OPTIONS`. The `--jitless` v8 option has been supported since 12.0.0. As a v8 option, node automatically picks it up, but there have been a few issues that were resolved by simply telling users about the option: #26758, This PR: - allows `--jitless` in `NODE_OPTIONS` - documents `--jitless` - moves `--experimental-loader=module` to locally restore alphabetical order in option documentation Refs: #30094 Refs: #26758 Refs: #28800 Backport-PR-URL: #32594 PR-URL: #32100 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters