Sync from SUSE:ALP:Source:Standard:1.0 nodejs18 revision 4da017ae2ec3ff2f14abf19673a44563

nodejs18.changes

@@ -0,0 +1,299 @@
+-------------------------------------------------------------------
+Thu Apr 13 13:49:59 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Update to NodeJS 18.16.0 LTS version
+  * Add initial support for single executable applications
+  * Replace url parser with Ada
+  * buffer: add Buffer.copyBytesFrom
+
+- refreshed patches: versioned.patch linker_lto_jobs.patch
+
+-------------------------------------------------------------------
+Mon Mar 13 16:43:33 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- relax Requires to Suggests for alts on TW
+
+-------------------------------------------------------------------
+Wed Mar  8 13:01:06 UTC 2023 - Adam Majer <adam.majer@suse.de> - 18.15.0
+
+- Update to NodeJS 18.15.0 LTS version:
+  * test_runner:
+    + add initial code coverate support
+    + add reporters
+  * fs: add statfs()
+  * buffer: add isAscii()
+
+- s390.patch, sysctl.patch: upstreamed and removed
+
+-------------------------------------------------------------------
+Thu Feb 23 10:41:38 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- node-gyp_7.1.2.tar.xz: added dependencies so they don't conflict with
+  npm dependencies.
+
+-------------------------------------------------------------------
+Wed Feb 22 13:59:45 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Update to NodeJS 18.14.2 LTS:
+  * deps: upgrade npm to 9.5.0 (bsc#1208744, CVE-2022-25881)
+  * deps: update undici to 5.20.0
+
+- Changes in version 18.14.1:
+  * fixes permissions policies can be bypassed via process.mainModule
+    (bsc#1208481, CVE-2023-23918)
+  * fixes insecure loading of ICU data through ICU_DATA environment
+    variable (bsc#1208487, CVE-2023-23920)
+  * fixes OpenSSL error handling issues in nodejs crypto library
+    (bsc#1208483, CVE-2023-23919)
+  * updates undici to v5.19.1
+    + Fetch API in Node.js did not protect against CRLF injection in host headers
+    + Regular Expression Denial of Service in Headers in Node.js fetch API
+    (bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936)
+
+- versioned.patch: refreshed
+- sysctl.patch: unit test fixes
+
+-------------------------------------------------------------------
+Fri Feb  3 11:43:02 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Update to NodeJS 18.14.0 LTS:
+  * deps:
+    + update npm to 9.2.0
+  * http:
+    + join authorization headers
+    + improved timeout defaults handling
+  * stream:
+    + implement finished() for ReadableStream and WritableStream
+
+- refreshed patches: linker_lto_jobs.patch, npm_search_paths.patch,
+  versioned.patch
+
+-------------------------------------------------------------------
+Wed Feb  1 07:58:26 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Do not use pkg_vcmp to decide BuildDependencies: this works based
+  on 'installed packages' which is not interpreted correctly by the
+  scheduler. Rather switch to boolean dependencies.
+
+------------------------------------------------------------------
+Wed Jan 25 12:01:18 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Again use openssl-3, if available.
+- _constraints: reset aarch64 memory requirements back to original
+  otherwise some unit tests can fail
+- s390.patch: fix unit test on s390 with patched zlib
+
+-------------------------------------------------------------------
+Mon Jan 16 14:57:58 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Update to NodejJS 18.13.0 LTS:
+  * build: disable v8 snapshot compression by default
+  * crypto: update root certificates
+  * deps: update ICU to 72.1
+  * doc:
+    + add doc-only deprecation for headers/trailers setters
+    + add Rafael to the tsc
+    + deprecate use of invalid ports in url.parse
+    + deprecate url.parse()
+  * lib: drop fetch experimental warning
+  * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options
+  * src:
+    + add uvwasi version
+    + add initial shadow realm support
+  * test_runner:
+    + add t.after() hook
+    + don't use a symbol for runHook()
+  * tls:
+    + add "ca" property to certificate object
+  * util:
+    + add fast path for utf8 encoding
+    + improve textdecoder decode performance
+    + add MIME utilities
+
+- new_python3.patch, icu721_fixes.patch: upstreamed, removed
+
+-------------------------------------------------------------------
+Fri Dec 23 11:31:12 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Update _constraints:
+  * Less RAM for aarch64 and 32-bit arm
+  * Use 'asimdrdm' cpu flag to use aarch64 workers where tests
+    are more stable
+
+-------------------------------------------------------------------
+Thu Nov 10 08:18:42 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- icu721_fixes.patch: fixes compatibility with ICU 72.1 (bsc#1205236)
+
+-------------------------------------------------------------------
+Mon Nov  7 14:00:54 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Fix migration to openssl-3 (bsc#1205042)
+
+-------------------------------------------------------------------
+Mon Nov  7 09:05:07 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to NodeJS 18.12.1 LTS:
+  * inspector: DNS rebinding in --inspect via invalid octal IP
+    (bsc#1205119, CVE-2022-43548)
+
+-------------------------------------------------------------------
+Fri Oct 28 10:31:50 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to NodeJS 18.12.0 LTS:
+  * Running in 'watch' mode using node --watch restarts the process
+    when an imported file is changed.
+  * fs: add FileHandle.prototype.readLines
+  * http: add writeEarlyHints function to ServerResponse
+  * http2: make early hints generic
+  * util: add default value option to parsearg
+
+-------------------------------------------------------------------
+Mon Oct 17 13:02:52 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to NodeJS 18.11.0:
+  * added experimental watch mode -- running in 'watch' mode using
+    node --watch restarts the process when an imported file is changed
+  * fs: add FileHandle.prototype.readLines
+  * http: add writeEarlyHints function to ServerResponse
+  * http2: make early hints generic
+  * lib: refactor transferable AbortSignal
+  * src: add detailed embedder process initialization API
+  * util: add default value option to parsearg
+
+- legacy_python.patch, versioned.patch: updated
+
+-------------------------------------------------------------------
+Wed Oct 12 08:14:29 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- qemu_timeouts_arches.patch: set timeouts on riscv5 to 7x normal
+
+-------------------------------------------------------------------
+Fri Oct  7 08:05:59 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- skip more tests for riscv64/qemu emulation
+
+-------------------------------------------------------------------
+Thu Sep 29 13:58:09 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to NodeJS 18.10.0:
+  * deps: upgrade npm to 8.19.2
+  * http: throw error on content-length mismatch
+  * stream: add ReadableByteStream.tee()
+
+- openssl3_fixups.patch: upstreamed and removed
+
+-------------------------------------------------------------------
+Mon Sep 26 13:13:39 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to Nodejs 18.9.1:
+  * deps: llhttp updated to 6.0.10
+    + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325)
+    + Incorrect Parsing of Multi-line Transfer-Encoding
+      (CVE-2022-32215, bsc#1201327)
+    + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832)
+  * crypto: fix weak randomness in WebCrypto keygen
+    (CVE-2022-35255, bsc#1203831)
+
+-------------------------------------------------------------------
+Sat Sep 17 10:35:31 UTC 2022 - Bruno Pitrus <brunopitrus@hotmail.com>
+
+- Skip test-fs-utimes-y2K38.js on armv6hl as well as armv7hl.
+
+-------------------------------------------------------------------
+Thu Sep 15 15:00:25 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to Nodejs 18.9.0:
+  * lib - add diagnostics channel for process and worker
+  * os - add machine method
+  * report - expose report public native apis
+  * src - expose environment RequestInterrupt api
+  * vm - include vm context in the embedded snapshot
+
+- Changes in 18.8.0:
+  * bootstrap: implement run-time user-land snapshots via
+    --build-snapshot and --snapshot-blob. See
+  * crypto:
+    + allow zero-length IKM in HKDF and in webcrypto PBKDF2
+    + allow zero-length secret KeyObject
+  * deps: upgrade npm to 8.18.0
+  * http: make idle http parser count configurable
+  * net: add local family
+  * src: print source map error source on demand
+  * tls: pass a valid socket on tlsClientError
+
+- dns.patch: upstreamed, removed
+- nodejs-libpath.patch, versioned.patch: refreshed
+- fix_ci_tests.patch: partially upstreamed
+- openssl3_fixups.patch: fix unit tests with openssl 1.1.1
+- new_python3.patch: enable python 3.11 as valid interpreter
+
+-------------------------------------------------------------------
+Thu Aug 18 10:41:57 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to Nodejs 18.7.0:
+  * events: add CustomEvent
+  * http: add drop request event for http server
+  * lib: improved diagnostics_channel subscribe/unsubscribe
+  * util: add tokens to parseArgs
+
+- enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303)
+
+-------------------------------------------------------------------
+Sun Jul 31 15:37:05 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- dns.patch: fix regression
+  https://github.com/nodejs/node/issues/44003
+
+-------------------------------------------------------------------
+Sun Jul 24 09:47:19 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to Nodejs 18.6.0:
+  * Experimental ESM Loader Hooks API. For details see,
+    https://nodejs.org/api/esm.html
+  * dns: export error code constants from dns/promises
+  * esm: add chaining to loaders
+  * http: add diagnostics channel for http client
+  * http: add perf_hooks detail for http request and client
+  * module: add isBuiltIn method
+  * net: add drop event for net server
+  * test_runner: expose describe and it
+  * v8: add v8.startupSnapshot utils
+
+  For details, see
+  https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0
+
+-------------------------------------------------------------------
+Mon Jul 11 12:00:48 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to Nodejs 18.5.0:
+  * http: stricter Transfer-Encoding and header separator parsing
+    (bsc#1201325, bsc#1201326, bsc#1201327,
+     CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)
+  * src: fix IPv4 validation in inspector_socket
+    (bsc#1201328, CVE-2022-32212)
+  For details, see
+  https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0
+
+-------------------------------------------------------------------
+Tue Jun 28 13:06:23 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Update to Nodejs 18.4.0. For detailed changes see,
+  https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0
+- refreshed: versioned.patch, linker_lto_jobs.patch, nodejs-libpath.patch
+
+-------------------------------------------------------------------
+Thu May 19 15:01:09 UTC 2022 - Adam Majer <adam.majer@suse.de>
+
+- Initial packaging of Nodejs 18.2.0. For detailed changes
+  since previous versions, see
+
+  https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0
+
+  Patches carried over from nodejs17:
+  legacy_python.patch node-gyp-addon-gypi.patch openssl_binary_detection.patch
+test-skip-y2038-on-32bit-time_t.patch cares_public_headers.patch
+rsa-pss-revert.patch linker_lto_jobs.patch versioned.patch fix_ci_tests.patch
+manual_configure.patch npm_search_paths.patch  skip_no_console.patch
+flaky_test_rerun.patch nodejs-libpath.patch  sle12_python3_compat.patch
+