Sync from SUSE:ALP:Source:Standard:1.0 nodejs20 revision 5d1a80ee6af19d06fa0d5bdb9470c213

nodejs20.changes

@@ -1,3 +1,78 @@
+-------------------------------------------------------------------
+Fri Feb 16 16:04:46 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- Update to 20.11.1: (security updates)
+  * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
+  * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
+  * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High)
+  * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High)
+  * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
+  * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
+  * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
+  * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
+  * undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
+  * libuv version 1.48.0 (CVE-2024-24806, bsc#1219724)
+
+-------------------------------------------------------------------
+Mon Feb 12 14:27:04 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- update to 20.11.0:
+  * esm: add import.meta.dirname and import.meta.filename
+  * fs: add c++ fast path for writeFileSync utf8
+  * module: remove useCustomLoadersIfPresent flag
+  * module: bootstrap module loaders in shadow realm
+  * src: add --disable-warning option
+  * src: create per isolate proxy env template
+  * src: make process binding data weak
+  * stream: use Array for Readable buffer
+  * stream: optimize creation
+  * test_runner: adds built in lcov reporter
+  * test_runner: add Date to the supported mock APIs
+  * test_runner, cli: add --test-timeout flag
+
+- c-ares-fixes.patch, fix_ci_tests.patch: refreshed
+
+-------------------------------------------------------------------
+Mon Jan 29 10:04:22 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- fix_ci_tests.patch: disable test_crypto_fips for openssl 3.x,
+  to be fixed soon (bsc#1219152)
+
+-------------------------------------------------------------------
+Mon Jan  8 15:36:04 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- c-ares-fixes.patch: add additional backports for unit test fixes
+
+-------------------------------------------------------------------
+Tue Jan  2 16:14:58 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- c-ares-fixes.patch: fixes unit tests for new c-ares
+
+-------------------------------------------------------------------
+Thu Nov 23 08:02:58 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.10.0
+
+- Update to 20.10.0:
+  * --experimental-default-type flag to flip module defaults
+  * The new flag --experimental-detect-module can be used to
+  automatically run ES modules when their syntax can be detected.
+  * Added flush option in file system functions for fs.writeFile functions
+  * Added experimental WebSocket client
+  * vm: fix V8 compilation cache support for vm.Script. This fixes
+  performance regression since v16.x when support for
+  importModuleDynamically was added to vm.Script
+
+For details, see
+https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.10.0
+
+- nodejs20-zlib-1.3.patch: upstreamed, removed
+- fix_ci_tests.patch, node-gyp-addon-gypi.patch: refreshed
+
+-------------------------------------------------------------------
+Thu Nov  9 09:05:33 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Update to 20.9.0:
+  * No changes, just LTS transition
+
 -------------------------------------------------------------------
 Fri Oct 27 09:10:38 UTC 2023 - Adam Majer <adam.majer@suse.de>