Release proposal: v5.2.0 (Stable)

[rvagg]

Since others seem to be busy with Node Interactive and this is long overdue, here's a proposal for release maybe as soon as tomorrow.

Commits list could do with some review, is there anything in here that shouldn't be in v5.x?

---

• [08a3f29fd4] - buffer: fix range checking for slowToString (Matt Loring) #4019
• [e3a8e8bba4] - buffer: Prevent Buffer constructor deopt (Bryce Baril) #4158
• [0e18e68324] - buffer: fix writeInt{B,L}E for some neg values (Peter A. Bigot) #3994
• [ab5b529dd2] - buffer: default to UTF8 in byteLength() (Tom Gallacher) #4010
• [fcf0e8ebdf] - buffer: move checkFloat from lib into src (Matt Loring) #3763
• [12649f4496] - build: add "--partly-static" build options (Super Zheng) #4152
• [a76d788119] - build: update signtool description, add url (Rod Vagg) #4011
• [ed255abdc1] - (SEMVER-MINOR) build,src: add Intel Vtune profiling support (Chunyang Dai) #3785
• [7793c364fc] - child_process: flush consuming streams (Dave) #4071
• [f29c5d6e70] - configure: v8_use_snapshot should be true (Fedor Indutny) #3962
• [da5ac55c83] - (SEMVER-MINOR) crypto: simplify using pre-existing keys with ECDH (Michael Ruddy) #3511
• [cfc97641ee] - crypto: fix native module compilation with FIPS (Stefan Budeanu) #4023
• [b81b45dabd] - crypto: update root certificates (Ben Noordhuis) #3951
• [def681a07e] - crypto: disable crypto.createCipher in FIPS mode (Stefan Budeanu) #3754
• [ce423f3624] - debugger: introduce exec method for debugger (Jackson Tian)
• [99fd1ec28d] - deps: backport 819b40a from V8 upstream (Michaël Zasso) #3937
• [634c5f1f81] - doc: url.format - true slash postfix behaviour (fansworld-claudio) #4119
• [6f957a70d8] - doc: s/node.js/Node.js in readme (Rod Vagg) #3998
• [0cd4a52392] - doc: improve child_process.markdown wording (yorkie) #4138
• [fd5ed6888d] - doc: add JungMinu to collaborators (Minwoo Jung) #4143
• [fa0cdf75d9] - doc: add iarna to collaborators (Rebecca Turner) #4144
• [424eb962b1] - doc: add zkat to collaborators (Kat Marchán) #4142
• [85b601224b] - doc: add HTTP working group (James M Snell) #3919
• [f4164bd8df] - doc: update links to use https where possible (jpersson) #4054
• [3169eed1e3] - doc: add links and backticks around names (jpersson) #4054
• [f3417e2574] - doc: standardize references to node.js in docs (Scott Buchanan) #4136
• [95dd60c657] - doc: reword https.Agent example text (Jan Krems) #4075
• [c61237d3ea] - doc: fix internal link to child.send() (Luigi Pinca) #4089
• [aaeced915e] - doc: fix the exception description (yorkie) #3658
• [a2b7596ac0] - doc: fix color of linked code blocks (jpersson) #4068
• [f3c50f5fb5] - doc: fix rare case of misaligned columns (Roman Reiss) #3948
• [f0a2e2cdec] - doc: message.header duplication correction (Bryan English) #3997
• [b1dfa8bebb] - doc: fix typo in README (Rich Trott) #4000
• [4602e01221] - doc: replace sane with reasonable (Lewis Cowper) #3980
• [4849a54386] - doc: Adding best practises for crypto.pbkdf2 (Tom Gallacher) #3290
• [77251d99de] - doc: numeric flags to fs.open (Carl Lei) #3641
• [f4ca007b42] - doc: clarify that fs streams expect blocking fd (Carl Lei) #3641
• [26eeae8016] - doc: fix broken references (Alexander Gromnitsky) #3944
• [f90227b0e8] - doc: move fs.existsSync() deprecation message (Martin Forsberg) #3942
• [bbcb2a2e65] - doc: clarify module loading behavior (cjihrig) #3920
• [0997178037] - doc: add reference for buffer.inspect() (cjihrig) #3921
• [6c16c40283] - doc: clarify v5.1.1 notable items (Rod Vagg) #4156
• [4c8800c2de] - fs,doc: use target instead of destination (yorkie) #3912
• [1f0e8dca8e] - installer: install the tick processor (Matt Loring) #3032
• [e8e4e0718b] - meta: remove use of profanity in source (Myles Borins) #4122
• [13834caa28] - module: fix column offsets in errors (Tristian Flanagan) #2867
• [8988e1e117] - module,repl: remove repl require() hack (Ben Noordhuis) #4026
• [baac81d95f] - net: add local address/port for better errors (Jan Schär) #3946
• [12754c5dc3] - net: small code cleanup (Jan Schär) #3943
• [8a5e4345fd] - node: s/doNTCallbackX/nextTickCallbackWithXArgs/ (Rod Vagg) #4167
• [0869ef3c55] - (SEMVER-MINOR) repl: allow leading period in multiline input (Zirak) #3835
• [aaab108dfe] - repl: attach location info to syntax errors (cjihrig) #4013
• [da3137d0c5] - src: don't print garbage errors (cjihrig) #4112
• [9e9346fa32] - src: use GetCurrentProcessId() for process.pid (Ben Noordhuis) #4163
• [d969c0965c] - src: define Is* util functions with macros (cjihrig) #4118
• [458facdf66] - src: define getpid() based on OS (cjihrig) #4146
• [7e18f2ec62] - (SEMVER-MINOR) src: add BE support to StringBytes::Encode() (Bryon Leung) #3410
• [756ab9caad] - stream: be less eager with readable flag (Brian White) #4141
• [8f845ba28a] - stream_wrap: error if stream has StringDecoder (Fedor Indutny) #4031
• [1c1af81ea0] - streams: update .readable/.writable to false (Brian White) #4083
• [1d50819c85] - test: check range fix for slowToString (Sakthipriyan Vairamani) #4019
• [0c2a0dc859] - test: skip long path tests on non-Windows (Rafał Pocztarski) #4116
• [8a60aa1303] - test: don't check the # of chunks in test-http-1.0 (Santiago Gimeno) #3961
• [e84aeec883] - test: mark test-cluster-shared-leak flaky (Rich Trott) #4162
• [b3f3b2e157] - test: fix cluster-worker-isdead (Santiago Gimeno) #3954
• [da6be4d31a] - test: fix time resolution constraint (Gireesh Punathil) #3981
• [9d16729b20] - test: skip instead of fail when mem constrained (Michael Cornacchia) #3697
• [be41eb751b] - test: refactor test-http-exit-delay (Rich Trott) #4055
• [4b43bf0385] - test: fix flaky test-net-socket-local-address (Rich Trott) #4109
• [cb55c67a00] - test: improve cluster-disconnect-handles test (Brian White) #4084
• [2b5b127e14] - test: fix cluster-disconnect-handles flakiness (Santiago Gimeno) #4009
• [430264817b] - test: add test for repl.defineCommand() (Bryan English) #3908
• [22b0971222] - test: eliminate multicast test FreeBSD flakiness (Rich Trott) #4042
• [c50003746b] - test: mark test flaky on FreeBSD (Rich Trott) #4016
• [69c95bbdb7] - test: move ArrayStream to common (cjihrig) #4027
• [d94a70ec51] - test: fix test-domain-exit-dispose-again (Julien Gilli) #3990
• [00b839a2b8] - test: use platform-based timeout for reliability (Rich Trott) #4015
• [054a216b6f] - test: mark cluster-net-send test flaky on windows (Rich Trott) #4006
• [d0621c5649] - test: mark fork regression test flaky on windows (Rich Trott) #4005
• [19ed33df80] - test: skip test if in FreeBSD jail (Rich Trott) #3995
• [a863e8d667] - test: remove flaky status for cluster test (Rich Trott) #3975
• [dd0d15fc47] - test: add TAP diagnostic message for retried tests (Rich Trott) #3960
• [1fe4d30efc] - test: retry on smartos if ECONNREFUSED (Rich Trott) #3941
• [665a35d45e] - test: address flaky test-http-client-timeout-event (Rich Trott) #3968
• [f9fe0aee53] - test: numeric flags to fs.open (Carl Lei) #3641
• [54aafa17af] - test: http complete list of non-concat headers (Bryan English) #3930
• [788541b40c] - test: fix race condition in unrefd interval test (Michael Cornacchia) #3550
• [e129d83996] - test: skip/replace weak crypto tests in FIPS mode (Stefan Budeanu) #3757
• [bc27379453] - test: avoid test timeouts on rpi (Stefan Budeanu) #3902
• [272732e76b] - test: fix flaky test-child-process-spawnsync-input (Rich Trott) #3889
• [781f8c0d1e] - test: add OS X to module loading error test (Evan Lucas) #3901
• [f99c6363de] - test: module loading error fix solaris node5: test-module-loading-error.js fails #3798 (fansworld-claudio) #3855
• [1279adc756] - timers: optimize callback call: bind -> arrow (Andrei Sedoi) #4038
• [1c1c1a0f2b] - (SEMVER-MINOR) tools: add --prof-process flag to node binary (Matt Loring) #4021
• [d7a7d3e6f7] - tools: update certdata.txt (Ben Noordhuis) #3951
• [1b434e0654] - util: determine object types in C++ (cjihrig) #4100
• [c93e2678f0] - util: fix constructor/instanceof checks (Brian White) #3385
• [098a3113e1] - util: move .decorateErrorStack to internal/util (Ben Noordhuis) #4026
• [e68ea16c32] - util: add decorateErrorStack() (cjihrig) #4013
• [c584c3e08f] - util,src: allow lookup of hidden values (cjihrig) #3988

---

Commits that are on master since v5.1.0 that are not labelled with semver-major but are not included in v5.x are:

• [e2dec98837] - deps: upgrade to V8 4.7.80.25 (Ali Ijaz Sheikh) #4160
• [e935a5214c] - 2015-12-04, Version 4.2.3 "Argon" (LTS) Release (Rod Vagg) nodejs/node-private#12
• [07d8741ddf] - 2015-12-04, Version 0.12.9 (Stable) (Rod Vagg) nodejs/node-private#13
• [2c61b84772] - 2015-12-04, Version 0.10.41 (Maintenance) (Rod Vagg) nodejs/node-private#15
• [483016ffd9] - 2015-11-25 Version 0.12.8 (LTS) Release (Rod Vagg) #2806
• [1e324d883e] - deps: backport bc2e393 from v8 upstream (evan.lucas) #4106
• [d9d050d396] - deps: cherry-pick 68e89fb from v8's upstream (Fedor Indutny) #4106
• [edfc8cde04] - deps: backport 1ee712a from V8 upstream (Julien Gilli) #4106
• [dc09bbe3ee] - test: fix test-repl-tab-complete after V8 upgrade (Ali Ijaz Sheikh) #4106
• [8a43a3d761] - deps: upgrade V8 to 4.7.80.24 (Ali Ijaz Sheikh) #4106

I think we need a label for these to say they shouldn't be cherry-picked to v5.x.

---

[rvagg]

@nodejs/release I've just made a dont-land-on-v5.x label and applied it to a bunch of V8 and release notes commits so this is now even more useful for finding commits that need to be cherry-picked to v5.x:

branch-diff v5.x master --start-ref=v5.1.0 --exclude-label=semver-major,dont-land-on-v5.x

As of now it only shows commits that don't have PR-URL in them, there are 4. Let's try and remember to put PR-URL into release commits and Working on .. commits too and we'll make it even cleaner.

[bnoordhuis]

I would either back out 1f0e8dc or add 49440b7. #4021 bakes the tick processor script into the binary.

[rvagg]

thanks @bnoordhuis, great to see that land. I've included it now and assume the changes to install.py invalidate the work in 1f0e8dc so I've left that in place.

[rvagg]

https://ci.nodejs.org/job/node-test-commit/1377/ pretty solid atm

[rvagg]

Here's my Notable changes section:

• build:
  • Add support for Intel's VTune JIT profiling when compiled with --enable-vtune-profiling. For more information about VTune, see https://software.intel.com/en-us/node/544211. (Chunyang Dai) #3785.
  • Properly enable V8 snapshots by default. Due to a configuration error, snapshots have been kept off by default when the intention is for the feature to be enabled. (Fedor Indutny) #3962.
• crypto:
  • Generate a public key when explicitly setting a private key for ECDH (Elliptic Curve Diffie-Hellman) exchange objects (created via crypto.createECDH(curve_name)). Also deprecated the setPublicKey() method for ECDH objects as this can lead to an inconsistent state. The validity of the keypair is now checked when setting a private key. (Michael Ruddy) #3511.
  • Update root certificates from the current list stored maintained by Mozilla NSS. (Ben Noordhuis) #3951.
• tools: Include a tick processor in core, exposed via the --prof-process commandline argument which can be used to process V8 profiling output files generated when using the --prof commandline argument. (Matt Loring) #3032, #4021.

Please review @cdai2, @indutny, @mruddy, @bnoordhuis, @matthewloring

[mruddy]

What you have is good/usable. I'd say it like the following (but, no big deal if you want to use what you have):

Simplifies using ECDH (Elliptic Curve Diffie-Hellman) objects with private keys that are not dynamically generated via generateKeys(). The public key is now computed when explicitly setting a private key. Added validity checks to reduce the possibility of computing weak or invalid shared secrets. Also, deprecated the setPublicKey() method for ECDH objects as its usage is unnecessary and can lead to inconsistent state. (Michael Ruddy) #3511.

[rvagg]

thanks @mruddy, that's perfect so I'm going with your wording

[matthewloring]

My only note would have been to remove the link to #3032 which was subsumed by #4021 but it seems that's already been done in the latest revision. The tools section looks good to me.

[bnoordhuis]

LGTM

[rvagg]

Added to crypto:

• Multiple CA certificates can now be passed with the ca option to TLS methods as an array of strings or in a single new-line separated string. (Ben Noordhuis) [tls: support reading multiple cas from one input #4099](https://github.com/nodejs/node

[rvagg]

CI @ https://ci.nodejs.org/job/node-test-commit/1395/
Linux CI re-run @ https://ci.nodejs.org/job/node-test-commit-linux/1466/
Single windows failure is known flaky and currently being addressed

Building @ https://ci.nodejs.org/job/iojs+release/319/, will move on to some further smoke testing before releasing

[rvagg]

a couple of very minor typos in the changelog and commit message, not in a hurry so rebuilding, will release as soon as it's done, tests are all 👍

[rvagg]

built, tagged, promoted and announced, http://nodejs.org/en/blog/release/v5.2.0/ & https://nodejs.org/download/release/v5.2.0/, thanks all, on to v5.2.1