Release proposal: v5.0.0

[rvagg]

Also see checklist at #3397, this is just one step and will likely be used to fire off an RC or two.

2015-10-29, Version 5.0.0 RC2 (Stable), @rvagg

Notable Changes

• buffer: (Breaking) Removed both 'raw' and 'raws' encoding types from Buffer, these have been deprecated for a long time (Sakthipriyan Vairamani) #2859.
• console: (Breaking) Values reported by console.time() will now have 3 decimals of accuracy added (Michaël Zasso) #3166.
• fs:
  • fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also accept a file descriptor as their first argument (Johannes Wüller) #3163.
  • (Breaking) In fs.readFile(), if an encoding is specified and toString() fails the error is no longer thrown but is passed to the callback (Evan Lucas) #3485.
  • (Breaking) In fs.read() (using the fs.read(fd, length, position, encoding, callback) form), if toString() fails the error is no longer thrown but is passed to the callback (Evan Lucas) #3503.
• http:
  • Fixed a bug where pipelined http requests would stall (Fedor Indutny) #3342.
  • (Breaking) When parsing HTTP, don't add duplicates of the following headers: Retry-After, ETag, Last-Modified, Server, Age, Expires. This is in addition to the following headers which already block duplicates: Content-Type, Content-Length, User-Agent, Referer, Host, Authorization, Proxy-Authorization, If-Modified-Since, If-Unmodified-Since, From, Location, Max-Forwards (James M Snell) #3090.
  • (Breaking) The callback argument to OutgoingMessage#setTimeout() must be a function or a TypeError is thrown (James M Snell) #3090.
  • (Breaking) HTTP methods and header names must now conform to the RFC 2616 "token" rule, a list of allowed characters that excludes control characters and a number of separator characters. Specifically, methods and header names must now match /^[a-zA-Z0-9_!#$%&'*+.^|~-]+$/or aTypeError` will be thrown (James M Snell) #2526.
• node:
  • (Breaking) Deprecated the _linklist module (Rich Trott) #3078.
  • (Breaking) Removed require.paths and require.registerExtension(), both have been previously set to throw Error when accessed (Sakthipriyan Vairamani) #2922.
• npm: Upgraded to version 3.3.6 from 2.14.7, see https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a major version bump for npm and it has seen a significant amount of change. Please see the original npm v3.0.0 release notes for a list of major changes (Rebecca Turner) #3310.
• src: (Breaking) Bumped NODE_MODULE_VERSION To 47, this is necessary due to the V8 upgrade. Native add-ons will need to be recompiled (Rod Vagg) #3400.
• timers: Attempt to reuse the timer handle for setTimeout().unref(). This fixes a long-standing known issue where unrefed timers would perviously hold beforeExit open (Fedor Indutny) #3407.
• tls:
  • Added ALPN Support (Shigeki Ohtsu) #2564.
  • TLS options can now be passed in an object to createSecurePair() (Коренберг Марк) #2441.
  • (Breaking) The default minimum DH key size for tls.connect() is now 1024 bits. This a security consideration to prevent "logjam" attacks. A new minDHSize TLS option can be used to override the default. (Shigeki Ohtsu) #1831.
• util: (Breaking) util.p() was deprecated for years, and has now been removed (Wyatt Preul) #3432.
• v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) #3351.
  • Implements the spread operator, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator for further information.
  • Implements new.target, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target for further information.
• zlib: Decompression now throws on truncated input (e.g. unexpected end of file) (Yuval Brik) #2595.

Known issues

• Surrogate pair in REPL can freeze terminal. #690
• Calling dns.setServers() while a DNS query is in progress can cause the process to crash on a failed assertion. #894
• url.resolve may transfer the auth portion of the url when resolving between two full hosts, see #1435.
• Unicode characters in filesystem paths are not handled consistently across platforms or Node.js APIs. See #2088, #3401 and #3519.

Commits

• [6a04cc0a43] - buffer: fix value check for writeUInt{B,L}E (Trevor Norris) #3500
• [1a41feb559] - buffer: don't CHECK on zero-sized realloc (Ben Noordhuis) #3499
• [5f6579d366] - (SEMVER-MAJOR) buffer: remove raw & raws encoding (Sakthipriyan Vairamani) #2859
• [70fca2a81e] - build: Updates for AIX npm support - part 1 (Michael Dawson) #3114
• [b36b4f385a] - build: rectify --link-module help text (P.S.V.R) #3379
• [a89eeca590] - console: rename argument of time and timeEnd (Michaël Zasso) #3166
• [870108aaa8] - (SEMVER-MAJOR) console: sub-millisecond accuracy for console.time (Michaël Zasso) #3166
• [0a43697ce8] - deps: backport 010897c from V8 upstream (Ali Ijaz Sheikh) #3520
• [8c0318ce8d] - deps: backport 8d6a228 from the v8's upstream (Fedor Indutny) #3549
• [2974debc6e] - deps: update V8 to 4.6.85.28 (Michaël Zasso) #3484
• [f76af49b13] - deps: fix upgrade to npm 3.3.6 (Rebecca Turner) #3494
• [32b51c97ec] - deps: upgrade npm to 3.3.6 (Rebecca Turner) #3310
• [770cd229f9] - deps: upgrade V8 to 4.6.85.25 (Ali Ijaz Sheikh) #3351
• [972a0c8515] - deps: backport 0d01728 from v8's upstream (Fedor Indutny) #3351
• [1fdec65203] - deps: improve ArrayBuffer performance in v8 (Fedor Indutny) #3351
• [5cd1fd836a] - deps: backport 56a0a79 from V8 upstream (Julien Gilli) #3351
• [7fb128d8df] - deps: cherry-pick backports to V8 (Michaël Zasso) #3351
• [d8011d1683] - (SEMVER-MAJOR) deps: upgrade V8 to 4.6.85.23 (Michaël Zasso) #3351
• [a334ddc467] - _Revert_ "deps: backport 03ef3cd from V8 upstream" (Ali Ijaz Sheikh) #3237
• [6fff47ffac] - deps: backport 03ef3cd from V8 upstream (Ali Ijaz Sheikh) #3165
• [680dda8023] - dns: remove nonexistant exports.ADNAME (Roman Reiss) #3051
• [239ad899a3] - doc: add LTS info to COLLABORATOR_GUIDE.md (Myles Borins) #3442
• [5e76587fdf] - doc: createServer's key option can be an array (Sakthipriyan Vairamani) #3123
• [0317c880da] - doc: add TSC meeting minutes 2015-10-21 (Rod Vagg) #3480
• [cd245b12e0] - doc: clarify API buffer.concat (Martii) #3255
• [ff9ef893fd] - doc: add TSC meeting minutes 2015-10-14 (Rod Vagg) #3463
• [605c5a7754] - doc: clarify the use of option.detached (Kyle Smith) #3250
• [cf75a175e5] - doc: more use-cases for promise events (Domenic Denicola) #3438
• [1b75d4bda3] - doc: update WORKING_GROUPS.md - add missing groups (Michael Dawson) #3450
• [c658de2f99] - doc: add TSC meeting minutes 2015-09-30 (Rod Vagg) #3235
• [d0b8c5d3a4] - doc: add TSC meeting minutes 2015-10-07 (Rod Vagg) #3364
• [b483afcb20] - doc: binary encoding is not deprecated (Trevor Norris) #3441
• [b607366a1c] - doc: add information about Assert behavior and maintenance (Rich Trott) #3330
• [086103b32e] - doc: show keylen in pbkdf2 as a byte length (calebboyd) #3334
• [f6ebc8277b] - doc: reword description of console.time (Michaël Zasso) #3166
• [503f279527] - doc: fix indent in tls resumption example (Roman Reiss) #3372
• [dae9fae0fe] - doc: label v4.2.1 as LTS in changelog heading (Phillip Johnsen) #3360
• [4fc638804c] - doc: update V8 options in man page (Michaël Zasso) #3351
• [a441aa6e1d] - doc: update WORKING_GROUPS.md to include Intl (Steven R. Loomis) #3251
• [81503e597b] - doc: fix typo in changelog (Timothy Gu) #3353
• [3ef2e4acf3] - doc: fix typos in changelog (reggi) #3291
• [b9279aa193] - doc: remove old note, 'cluster' is marked stable (Balázs Galambosi) #3314
• [cdfa271164] - doc: update AUTHORS list (Rod Vagg)
• [47b06f6bb1] - docs: add missing shell option to execSync (fansworld-claudio) #3440
• [4c9abbd1bb] - fs: reduced duplicate code in fs.write() (ronkorving) #2947
• [2bb147535e] - (SEMVER-MAJOR) fs: don't throw in read if buffer too big (Evan Lucas) #3503
• [7added3b39] - (SEMVER-MAJOR) fs: pass err to callback if buffer is too big (Evan Lucas) #3485
• [5e0759f6fd] - (SEMVER-MINOR) fs: add file descriptor support to *File() funcs (Johannes Wüller) #3163
• [d1a2e5357e] - gitignore: don't ignore debug source directory in V8 (Michaël Zasso) #3351
• [ab03635fb1] - http: fix stalled pipeline bug (Fedor Indutny) #3342
• [e655a437b3] - (SEMVER-MAJOR) http: do not allow multiple instances of certain response headers (James M Snell) #3090
• [0094a8dad7] - (SEMVER-MAJOR) http: add callback is function check (James M Snell) #3090
• [6192c9892f] - (SEMVER-MAJOR) http: add checkIsHttpToken check for header fields (James M Snell) #2526
• [c9786bb680] - (SEMVER-MAJOR) http{s}: don't connect to localhost on invalid URL (Sakthipriyan Vairamani) #2967
• [1929d5be73] - lib: fix cluster handle leak (Rich Trott) #3510
• [97d081709e] - lib: avoid REPL exit on completion error (Rich Trott) #3358
• [f236b3a904] - (SEMVER-MINOR) lib,doc: return boolean from child.send() (Rich Trott) #3516
• [6e887cc630] - lib,test: update let to const where applicable (Sakthipriyan Vairamani) #3152
• [47befffc53] - (SEMVER-MAJOR) lib,test: deprecate _linklist (Rich Trott) #3078
• [d5ce53458e] - lttng: update flags for gc tracing (Glen Keane) #3388
• [6ad458b752] - (SEMVER-MAJOR) module: remove unnecessary property and method (Sakthipriyan Vairamani) #2922
• [ae196175f4] - node: improve GetActiveRequests performance (Trevor Norris) #3375
• [bd4311bc9c] - repl: handle comments properly (Sakthipriyan Vairamani) #3515
• [ce391ed849] - (SEMVER-MAJOR) repl: event ordering: delay 'close' until 'flushHistory' (Jeremiah Senkpiel) #3435
• [4c80c02ac7] - repl: limit persistent history correctly on load (Jeremiah Senkpiel) #2356
• [134a60c785] - src: fix race condition in debug signal on exit (Ben Noordhuis) #3528
• [bf7c3dabb4] - (SEMVER-MAJOR) src: bump NODE_MODULE_VERSION To 47 (Rod Vagg) #3400
• [2d3560767e] - src: fix exception message encoding on Windows (Brian White) #3288
• [ff877e93e1] - src: fix stuck debugger process (Liang-Chi Hsieh) #2778
• [8854183fe5] - stream: avoid unnecessary concat of a single buffer. (Calvin Metcalf) #3300
• [85b74de9de] - stream: fix signature of _write() in a comment (Fábio Santos) #3248
• [b8cea49c88] - test: fix heap-profiler link error LNK1194 on win (Junliang Yan) #3572
• [4a5dbeab43] - test: fix missing unistd.h on windows (Junliang Yan) #3532
• [74e2328b3a] - test: split independent tests into separate files (Rich Trott) #3548
• [8c6c0f915a] - test: use port number from env in tls socket test (Stefan Budeanu) #3557
• [1a968e67a5] - test: improve tests for util.inherits (Michaël Zasso) #3507
• [9d8d752456] - test: print helpful err msg on test-dns-ipv6.js (Junliang Yan) #3501
• [60de9f8d7b] - test: wrap assert.fail when passed to callback (Myles Borins) #3453
• [cd83f7ed7f] - test: add node::MakeCallback() test coverage (Ben Noordhuis) #3478
• [08da5c2a06] - test: disable test-tick-processor - aix and be ppc (Michael Dawson) #3491
• [7c35fbcb14] - test: harden test-child-process-fork-regr-Segfault in node::StreamBase::GetFD #2847 (Michael Dawson) #3459
• [ad2b272417] - test: fix test-net-keepalive for AIX (Imran Iqbal) #3458
• [04fb14cc35] - test: fix flaky test-child-process-emfile (Rich Trott) #3430
• [eef0f0cd63] - test: remove flaky status from eval_messages test (Rich Trott) #3420
• [bbbd81eab2] - test: skip test-dns-ipv6.js if ipv6 is unavailable (Junliang Yan) #3444
• [f78c8e7426] - test: fix flaky test for symlinks (Rich Trott) #3418
• [28e9a4f41b] - test: repl-persistent-history is no longer flaky (Jeremiah Senkpiel) #3437
• [9e981556e5] - test: cleanup, improve repl-persistent-history (Jeremiah Senkpiel) #2356
• [ee2e641e0a] - test: add Symbol test for assert.deepEqual() (Rich Trott) #3327
• [e2b8393ee8] - test: port domains regression test from v0.10 (Jonas Dohse) #3356
• [676e61872f] - test: apply correct assert.fail() arguments (Rich Trott) #3378
• [bbdbef9274] - test: fix tests after V8 upgrade (Michaël Zasso) #3351
• [6c032a8333] - test: replace util with backtick strings (Myles Borins) #3359
• [f45c315763] - test: fix domain with abort-on-uncaught on PPC (Julien Gilli) #3354
• [e3d9d25083] - test: add test-child-process-emfile fail message (Rich Trott) #3335
• [6f14b3a7db] - test: remove util from common (Rich Trott) #3324
• [7d94611ac9] - test: split up buffer tests for reliability (Rich Trott) #3323
• [3202456baa] - test: remove util properties from common (Rich Trott) #3304
• [31c971d641] - test: parallelize long-running test (Rich Trott) #3287
• [5bbc6df7de] - test: change call to deprecated util.isError() (Rich Trott) #3084
• [522e3d3cd3] - timers: reuse timer in setTimeout().unref() (Fedor Indutny) #3407
• [b64ce5960f] - tls: remove util and calls to util.format (Myles Borins) #3456
• [c64af7d99e] - tls: TLSSocket options default isServer false (Yuval Brik) #2614
• [2296a4fc0f] - (SEMVER-MINOR) tls: add options argument to createSecurePair (Коренберг Марк) #2441
• [0140e1b5e3] - tls: output warning of setDHParam to console.trace (Shigeki Ohtsu) #1831
• [f72e178a78] - (SEMVER-MAJOR) tls: add minDHSize option to tls.connect() (Shigeki Ohtsu) #1831
• [6d92ebac11] - tls: add TLSSocket.getEphemeralKeyInfo() (Shigeki Ohtsu) #1831
• [62ad1d0113] - (SEMVER-MINOR) tls, crypto: add ALPN Support (Shigeki Ohtsu) #2564
• [5029f41b2f] - (SEMVER-MINOR) tls,crypto: move NPN protcol data to hidden value (Shigeki Ohtsu) #2564
• [701e38c25f] - tools: enable prefer-const eslint rule (Sakthipriyan Vairamani) #3152
• [6e78382605] - tools: ensure npm always uses the local node (Jeremiah Senkpiel) #3489
• [3c3435d017] - tools: update test-npm to work with npm 3 (Rebecca Turner) #3489
• [b4f4c24539] - tools: use absolute paths in test-npm (Rebecca Turner) #3309
• [80573153b8] - (SEMVER-MAJOR) util: make inherits work with classes (Michaël Zasso) #3455
• [412252ca04] - (SEMVER-MAJOR) util: Remove p, has been deprecated for years (Wyatt Preul) #3432
• [718c304a4f] - v8: pull fix for builtin code size on PPC (Michael Dawson) #3474
• [6936468de2] - vm: remove Watchdog dependency on Environment (Ido Ben-Yair) #3274
• [80169b1f0a] - (SEMVER-MAJOR) zlib: decompression throw on truncated input (Yuval Brik) #2595

[rvagg]

@Fishrock123 can you take a look at the beforeExit known issue and confirm whether it should still be listed or not? I haven't been following that crazy narrative.

[Fishrock123]

@rvagg nah it can be removed from here and everywhere else it lands.

Technically there's probably a better way to fix it but it is now fixed.

[rvagg]

great, done, also note @nodejs/lts that we need to remove it from the next v4.x release if it's fixed there too.

[jasnell]

@Fishrock123 ... which commit fixed the issue?

[Fishrock123]

@jasnell 3eecdf9

[Fishrock123]

Working on the changelog.

[Fishrock123]

(WIP)

Notable Changes

• console: console.time has been changed to log with sub-millisecond accuracy (Michaël Zasso) #3166.
  • Values reported by console.time will now have 3 decimals of accuracy added.
• fs: Added file descriptor support to *File functions (Johannes Wüller) #3163
  • fs.readFile, fs.writeFile, and fs.appendFile now also accept a file descriptor as their first argument.
• http: Fixed a bug where pipelined http requests would stall (Fedor Indutny) #3342.
• npm: Upgrade to version 3.3.6 from 2.14.7, see https://github.com/npm/npm/releases/tag/v3.3.6 for more details (Rebecca Turner) #3310.
  • This is a major version bump for npm and it has seen a significant amount of change. Please see the npm v3.0.0 release notes.
• src: Bump NODE_MODULE_VERSION To 47 (Rod Vagg) #3400
  • This is necessary due to the v8 upgrade as written below. Add-ons will need to be recompiled.
• timers: Now attempts to reuse the timer handle for setTimeout().unref() (Fedor Indutny) #3407.
  • This fixes a long-standing known issue where unrefed timers would perviously hold beforeExit open.
• tls:
  • TLS options can now be passes in an object to createSecurePair() (Коренберг Марк) #2441.
  • The minimum DH key size for tls.connect() is now 1024 bits. This a security consideration to prevent logjam attacks. Also added a minDHSize option for configurability. (Shigeki Ohtsu) #1831
• util: util.p() was deprecated for years, and has been removed (Wyatt Preul) #3432.
• v8: Upgrade to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) #3351.
  • Implements the Spread operator, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator for further information.
  • Implements new.target, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target for further information.
• zlib: Decompression now throws on truncated input (i.e. unexpected end of file) (Yuval Brik) #2595.

[mikeal]

what about the npm v3 upgrade?

[Fishrock123]

@mikeal waiting on @iarna, but if I have to pick it up myself and fix the one test bit I can just do it all no problem.

[Fishrock123]

Again, those changes were a WIP and by no means final

[Fishrock123]

Updated my notable Changes, probably mostly go to go for the release now. Still sorting out npm @ 3...

• [6d92ebac11] - (SEMVER-MAJOR) tls: add TLSSocket.getEphemeralKeyInfo() (Shigeki Ohtsu) #1831

This should maybe also be mentioned, but I don't really understand it. :/

[bnoordhuis]

It's semver-major because it increases the minimum DH key size.

[Fishrock123]

@bnoordhuis I think I already caught the bit that did that, I don't know how to sum up that feature addition.

[silverwind]

@nodejs/collaborators: I added a relnotes label in GitHub so you can flag PRs for mentioning in 'Notable changes' for future releases, which hopefully makes @nodejs/release's job of catching up to important changes easier. This was agreed on in a PR's discussion, which I can't seem to find it right now.

[shigeki]

@Fishrock123 6d92eba of adding TLSSocket.getEphemeralKeyInfo itself is a feature addition and semver-minor. f72e178 of adding minDHSize option cases semver-major that break compatibility to connect the server with small key size.

[shigeki]

I'd like to include a new semver-minor feature of #2564 in 5.0.0 if possible. Does the commit need be applied to v5.x branch?

[mikeal]

Oh yes please, this opens the door for HTTP2!

On Thursday, October 22, 2015, Shigeki Ohtsu [email protected]
wrote:

I'd like to include a new semver-minor feature of #2564
#2564 in 5.0.0 if possible. Does the
commit need be applied to v5.x branch?

—
Reply to this email directly or view it on GitHub
#3466 (comment).

[jasnell]

@shigeki ... since #2564 is semver-minor, we can land in v5.x even after v5.0.0 goes out, so it should be ok if it happens to miss that particular train. That said, I'm definitely +1 on getting this in v5.0.0 if we can.

[shigeki]

@jasnell Yes, I don't want to block the release of 5.0.0, just hoping to get ride on the new release timing. and no problem if v5.1.

[rvagg]

oo, ALPN would look nice in the release notes.

Current plan looks like this: get an RC out tomorrow if possible, release next week, Monday or Tuesday.

[shigeki]

#2564 needs more discussions and review, sorry for waiting. Please go a head of releasing 5.0.0.

[thefourtheye]

I hope #2966/#2967 land in atleast 5.0.0. #reviewesneeded

[shigeki]

@rvagg @Fishrock123 I had a mistake to push my commits to v5.x branch at #2564 (comment) and force back to 6e78382 that is the latest just before my mistake where I made sync at that time. Please confirm if it is right one. Sorry for my mistake.

[rvagg]

Updated OP with new CHANGELOG entry, all commits with some (SEMVER-MINOR)'s removed because they were non-breaking commits on PRs that had a proper semver-major.

Please review Known Issues text for your changes: @thefourtheye, @targos, @shigeki, @jwueller, @evanlucas, @indutny, @jasnell, @Trott, @iarna, @socketpair, @ofrobots, @jhamhader. I started with @Fishrock123's text and added a bunch more, also added a _(Breaking)_ label so it's clearer what's breaking in this.

Pushing out an RC1 now, will update here with links when it's ready.

[BurakDev]

@silverwind you created pull request 7 days ago.. @rvagg merge it 😜

[jasnell]

The release binaries are already built actually. It's just waiting for @rvagg to promote and wrap up.

[ChALkeR]

Maybe the npm version bump should be marked as "breaking"?

[rvagg]

Maybe the npm version bump should be marked as "breaking"?

This would be my preference but we had this discussion a while back and the general agreement was that we wouldn't treat npm semver as impacting core semver, so marking it as "breaking" would break that rule.

[rvagg]

I'm not seeing any blockers to going forward with the release in ~30 minutes, please let me know if I'm missing anything.

I know there's Windows stdin problems but they are not exclusive to v5.0.0 and the normal process is underway to fix them in v4 and v5 so I'm not seeing them as a blocker.