adamm/nodejs18
1
0
Fork 0
forked from pool/nodejs18
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Update to NodeJS 18.14.2 LTS:

Browse Source 
* deps: upgrade npm to 9.5.0
  * deps: update undici to 5.20.0
- Changes in version 18.14.1:
  * fixes permissions policies can be bypassed via process.mainModule
    (bsc#1208481, CVE-2023-23918)
  * fixes insecure loading of ICU data through ICU_DATA environment
    variable (bsc#1208487, CVE-2023-23920)
  * fixes OpenSSL error handling issues in nodejs crypto library
    (bsc#1208483, CVE-2023-23919)
  * updates undici to v5.19.1
    + Fetch API in Node.js did not protect against CRLF injection in host headers
    + Regular Expression Denial of Service in Headers in Node.js fetch API
    (bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936)

- Update to NodeJS 18.14.0 LTS:
  * deps:
    + update npm to 9.2.0
  * http:
    + join authorization headers
    + improved timeout defaults handling
  * stream:
    + implement finished() for ReadableStream and WritableStream
- refreshed patches: linker_lto_jobs.patch, npm_search_paths.patch,
  versioned.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=47
This commit is contained in:
Adam Majer
2023-02-22 14:23:30 +00:00
committed by Git OBS Bridge
parent 020700894b
commit b6349c1613
10 changed files with 240 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
nodejs18.changes
View File

@@ -1,3 +1,37 @@
-------------------------------------------------------------------
Wed Feb 22 13:59:45 UTC 2023 - Adam Majer <adam.majer@suse.de>
- Update to NodeJS 18.14.2 LTS:
* deps: upgrade npm to 9.5.0
* deps: update undici to 5.20.0
- Changes in version 18.14.1:
* fixes permissions policies can be bypassed via process.mainModule
(bsc#1208481, CVE-2023-23918)
* fixes insecure loading of ICU data through ICU_DATA environment
variable (bsc#1208487, CVE-2023-23920)
* fixes OpenSSL error handling issues in nodejs crypto library
(bsc#1208483, CVE-2023-23919)
* updates undici to v5.19.1
+ Fetch API in Node.js did not protect against CRLF injection in host headers
+ Regular Expression Denial of Service in Headers in Node.js fetch API
(bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936)
-------------------------------------------------------------------
Fri Feb 3 11:43:02 UTC 2023 - Adam Majer <adam.majer@suse.de>
- Update to NodeJS 18.14.0 LTS:
* deps:
+ update npm to 9.2.0
* http:
+ join authorization headers
+ improved timeout defaults handling
* stream:
+ implement finished() for ReadableStream and WritableStream
- refreshed patches: linker_lto_jobs.patch, npm_search_paths.patch,
versioned.patch
-------------------------------------------------------------------
Wed Feb 1 07:58:26 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>