inspector: don't bind to 0.0.0.0 by default (v6.x)#21376
Closed
bnoordhuis wants to merge 4 commits intonodejs:v6.x-stagingfrom
Closed
inspector: don't bind to 0.0.0.0 by default (v6.x)#21376bnoordhuis wants to merge 4 commits intonodejs:v6.x-stagingfrom
bnoordhuis wants to merge 4 commits intonodejs:v6.x-stagingfrom
Conversation
Tool versions can be 10 and higher. Float patch from node-gyp to accommodate this fact of life. PR-URL: nodejs#21216 Refs: nodejs/node-gyp@293092c Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Compare versions using tuples instead of strings so that it is future-proofed against versions that contain a number that is more than one digit. Backport-PR-URL: nodejs#21301 PR-URL: nodejs#21183 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Using High Sierra and `xcode-select --install` without installing full Xcode, our build tooling breaks due to faulty regular expressions. Update the `configure` script in our project root directory to handle multi-digit version numbers. `tools/gyp` and `deps/npm/node_modules/node-gyp` still need to be updated for a complete fix. PR-URL: nodejs#21173 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Change the bind address from 0.0.0.0 to 127.0.0.1 and start respecting the address part of `--inspect=<address>:<port>` so that the bind address can be overridden by the user. Fixes: nodejs#21349
Member
Author
|
Linter failure is infrastructural: |
Member
|
Build PR for v6.x linter: nodejs/build#1349 |
jasnell
approved these changes
Jun 21, 2018
Contributor
|
@nodejs/release @nodejs/lts do we want to do a 6.x release for this? |
Member
In 6.x the V8 inspector is an experimental feature, so I would say no to doing a release specifically for this. I would not be opposed to including it in a release if other critical fixes are found to warrant a release. |
Member
|
@nodejs/security-wg |
Member
|
That's a welcomed change 👍 |
Member
|
FYI this is queued up for inclusion in v6.14.4 as per https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ |
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Change the bind address from 0.0.0.0 to 127.0.0.1 and start respecting
the address part of
--inspect=<address>:<port>so that the bindaddress can be overridden by the user.
Fixes: #21349