Is this impacting up-to-date installations of this CRM product? Array.prototype.values is an established part of JavaScript at this point, and exists not just in Chrome but also in modern versions of Edge, Safari, and an upcoming release of Firefox.

 Issue 620556  has been merged into this issue.

 Issue 620964  has been merged into this issue.

Michael, we have more reports coming in. I'm thinking we want to merge an un-flipping of the Array.prototype.values flag.

As discussed, let's switch it off on all channels

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/43a10a0c4a3f3ba859fab199227590bc79a608d2

commit 43a10a0c4a3f3ba859fab199227590bc79a608d2
Author: adamk <adamk@chromium.org>
Date: Fri Jun 17 10:37:19 2016

Disable Array.prototype.values

It still seems to break things in the wild, see attached Chromium
bug for details.

BUG= v8:4247 ,  chromium:615873 

Review-Url: https://codereview.chromium.org/2076763003
Cr-Commit-Position: refs/heads/master@{#37064}

[modify] https://crrev.com/43a10a0c4a3f3ba859fab199227590bc79a608d2/src/flag-definitions.h
[modify] https://crrev.com/43a10a0c4a3f3ba859fab199227590bc79a608d2/test/test262/test262.status

Is "the wild" here basically Microsoft CRM?
Have you found other breakages? If so, can you give some examples?
It seems a bit backwards, to revert a feature because of one system. The Blink policy is generally not to let a single site (or a system, I guess) dictate web compatibility...
Edge has shipped it since its beginning, though those users probably use Internet Explorer (or, apparently, Chrome) instead. Firefox 48 or 49 will be shipping it.

I'm curious what Blink policy you're referring to. In general we (V8) try to avoid breaking any significant number of users with feature changes.

For this particular feature, the value of the feature is quite low compared to the breakage it causes.

Perhaps a policy is a strong word. See this post -
https://groups.google.com/a/chromium.org/d/msg/blink-dev/EHy8zm0eVy0/Y1pKHszGBgAJ

Thanks for the reference. I think this case is somewhat different. It's not "one site" so much as "one piece of software that's installed on many sites". In JS, at least, this has caused spec changes in the past (see Array.prototype.contains -> includes, for example).

CCing Rick and Philip for their thoughts on how to handle cases like this (though I intend to merge to M51 and M52 on Monday).

Looks like a first attempt to ship this in M38 failed, and even though it's already shipping in Edge and Safari it's still breaking things this time?

Blink policy doesn't really apply since this is V8, but in any case reverting while investigating seems like the responsible thing to do.

This is basically a problematic library, so like #4 I wonder if this has been fixed upstream.

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Hi,

For solution of this error I have to Contact Microsoft or this will be fix
in browser team.  As in Microsoft Internet Explorer and Mozila Firefox is
not having this error. Resolution required urgently else we have to ask to
continue using Microsoft IE/Mozila Firefox to users.

Waiting for positive reply.

Thanks.
KAPIL SINHA.
8860025682

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/bf7aa5e45a0ecbc4b46c232cde94ae7425c49e4f

commit bf7aa5e45a0ecbc4b46c232cde94ae7425c49e4f
Author: Adam Klein <adamk@chromium.org>
Date: Mon Jun 20 16:51:31 2016

Version 5.1.281.66 (cherry-pick)

Merged 43a10a0c4a3f3ba859fab199227590bc79a608d2

Disable Array.prototype.values

BUG= chromium:615873 , v8:4247 
LOG=N
R=littledan@chromium.org

Review URL: https://codereview.chromium.org/2083663002 .

Cr-Commit-Position: refs/branch-heads/5.1@{#77}
Cr-Branched-From: 167dc63b4c9a1d0f0fe1b19af93644ac9a561e83-refs/heads/5.1.281@{#1}
Cr-Branched-From: 03953f52bd4a184983a551927c406be6489ef89b-refs/heads/master@{#35282}

[modify] https://crrev.com/bf7aa5e45a0ecbc4b46c232cde94ae7425c49e4f/include/v8-version.h
[modify] https://crrev.com/bf7aa5e45a0ecbc4b46c232cde94ae7425c49e4f/src/flag-definitions.h
[modify] https://crrev.com/bf7aa5e45a0ecbc4b46c232cde94ae7425c49e4f/test/test262/test262.status

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4b9df6af9b28a0a6424a8f8695d6ab0f2fd87a7b

commit 4b9df6af9b28a0a6424a8f8695d6ab0f2fd87a7b
Author: Adam Klein <adamk@chromium.org>
Date: Mon Jun 20 17:03:05 2016

Version 5.2.361.23 (cherry-pick)

Merged 43a10a0c4a3f3ba859fab199227590bc79a608d2

Disable Array.prototype.values

BUG= chromium:615873 , v8:4247 
LOG=N
R=littledan@chromium.org

Review URL: https://codereview.chromium.org/2080813002 .

Cr-Commit-Position: refs/branch-heads/5.2@{#29}
Cr-Branched-From: 2cd36d6d0439ddfbe84cd90e112dced85084ec95-refs/heads/5.2.361@{#1}
Cr-Branched-From: 3fef34e02388e07d46067c516320f1ff12304c8e-refs/heads/master@{#36332}

[modify] https://crrev.com/4b9df6af9b28a0a6424a8f8695d6ab0f2fd87a7b/include/v8-version.h
[modify] https://crrev.com/4b9df6af9b28a0a6424a8f8695d6ab0f2fd87a7b/src/flag-definitions.h
[modify] https://crrev.com/4b9df6af9b28a0a6424a8f8695d6ab0f2fd87a7b/test/test262/test262.status

The ES6 spec has been finalized and it includes Array.prototype.values: http://www.ecma-international.org/ecma-262/6.0/#sec-array.prototype.values
So what happens when this regression gets released and someone files a issue that Array.prototype.values no longer exists?

Steps to reproduce the problem:
var foo = [1, 2, 3]
var values = foo.values()

What is the expected behavior?
It should return a new Array Iterator object that contains the values for each index in the array.

What went wrong?
Got a TypeError saying "foo.values is not a function"

Did this work before?
Yes. Versions 38 and 51.

Hello Guys,

Just checking, do we have an ETA when this fix will be released?

Thanks,

 Issue 623497  has been merged into this issue.

Chrome 51 still has Array#values. Seeing how it has been live for more than 6 weeks and the world hasn't ended, is it really necessary to unship it? Especially considering that Edge is shipping it and Safari 10 is most likely going to ship with it.

Correction: not only Safari 10 will most likely ship with it but Safari 9.1 contains this API already. And has for more than half a year now.

I raised a ticket to the Google chrome team below:
https://bugs.chromium.org/p/chromium/issues/detail?id=623497

I think we have same issue. The issue is resolved on Beta Ver.52.
However, I would like to know when the fix will release to regular update.

Don't need the exact time but approximate time is also okay.

Please let us know the tentative time to release the fix as regularly.

Thanks for your effort.

@adamk -
I guess either the merge was unsuccessful, or no one made Chrome use the patched V8 branch, because [].values returns an ArrayIterator in Chrome 51.0.2704.106.

There simply hasn't been a Chrome 51 release that included the merge. The recommended fix for now is to switch to 52 Beta. It will also be included in the 52 Stable release.