forked from pool/nodejs18
Adam Majer
b6349c1613
* deps: upgrade npm to 9.5.0 * deps: update undici to 5.20.0 - Changes in version 18.14.1: * fixes permissions policies can be bypassed via process.mainModule (bsc#1208481, CVE-2023-23918) * fixes insecure loading of ICU data through ICU_DATA environment variable (bsc#1208487, CVE-2023-23920) * fixes OpenSSL error handling issues in nodejs crypto library (bsc#1208483, CVE-2023-23919) * updates undici to v5.19.1 + Fetch API in Node.js did not protect against CRLF injection in host headers + Regular Expression Denial of Service in Headers in Node.js fetch API (bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936) - Update to NodeJS 18.14.0 LTS: * deps: + update npm to 9.2.0 * http: + join authorization headers + improved timeout defaults handling * stream: + implement finished() for ReadableStream and WritableStream - refreshed patches: linker_lto_jobs.patch, npm_search_paths.patch, versioned.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=47
264 lines
10 KiB
Plaintext
264 lines
10 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Feb 22 13:59:45 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to NodeJS 18.14.2 LTS:
|
|
* deps: upgrade npm to 9.5.0
|
|
* deps: update undici to 5.20.0
|
|
|
|
- Changes in version 18.14.1:
|
|
* fixes permissions policies can be bypassed via process.mainModule
|
|
(bsc#1208481, CVE-2023-23918)
|
|
* fixes insecure loading of ICU data through ICU_DATA environment
|
|
variable (bsc#1208487, CVE-2023-23920)
|
|
* fixes OpenSSL error handling issues in nodejs crypto library
|
|
(bsc#1208483, CVE-2023-23919)
|
|
* updates undici to v5.19.1
|
|
+ Fetch API in Node.js did not protect against CRLF injection in host headers
|
|
+ Regular Expression Denial of Service in Headers in Node.js fetch API
|
|
(bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 3 11:43:02 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to NodeJS 18.14.0 LTS:
|
|
* deps:
|
|
+ update npm to 9.2.0
|
|
* http:
|
|
+ join authorization headers
|
|
+ improved timeout defaults handling
|
|
* stream:
|
|
+ implement finished() for ReadableStream and WritableStream
|
|
|
|
- refreshed patches: linker_lto_jobs.patch, npm_search_paths.patch,
|
|
versioned.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 1 07:58:26 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Do not use pkg_vcmp to decide BuildDependencies: this works based
|
|
on 'installed packages' which is not interpreted correctly by the
|
|
scheduler. Rather switch to boolean dependencies.
|
|
|
|
------------------------------------------------------------------
|
|
Wed Jan 25 12:01:18 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Again use openssl-3, if available.
|
|
- _constraints: reset aarch64 memory requirements back to original
|
|
otherwise some unit tests can fail
|
|
- s390.patch: fix unit test on s390 with patched zlib
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 16 14:57:58 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to NodejJS 18.13.0 LTS:
|
|
* build: disable v8 snapshot compression by default
|
|
* crypto: update root certificates
|
|
* deps: update ICU to 72.1
|
|
* doc:
|
|
+ add doc-only deprecation for headers/trailers setters
|
|
+ add Rafael to the tsc
|
|
+ deprecate use of invalid ports in url.parse
|
|
+ deprecate url.parse()
|
|
* lib: drop fetch experimental warning
|
|
* net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options
|
|
* src:
|
|
+ add uvwasi version
|
|
+ add initial shadow realm support
|
|
* test_runner:
|
|
+ add t.after() hook
|
|
+ don't use a symbol for runHook()
|
|
* tls:
|
|
+ add "ca" property to certificate object
|
|
* util:
|
|
+ add fast path for utf8 encoding
|
|
+ improve textdecoder decode performance
|
|
+ add MIME utilities
|
|
|
|
- new_python3.patch, icu721_fixes.patch: upstreamed, removed
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 23 11:31:12 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Update _constraints:
|
|
* Less RAM for aarch64 and 32-bit arm
|
|
* Use 'asimdrdm' cpu flag to use aarch64 workers where tests
|
|
are more stable
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 10 08:18:42 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- icu721_fixes.patch: fixes compatibility with ICU 72.1 (bsc#1205236)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 7 14:00:54 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Fix migration to openssl-3 (bsc#1205042)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 7 09:05:07 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to NodeJS 18.12.1 LTS:
|
|
* inspector: DNS rebinding in --inspect via invalid octal IP
|
|
(bsc#1205119, CVE-2022-43548)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 28 10:31:50 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to NodeJS 18.12.0 LTS:
|
|
* Running in 'watch' mode using node --watch restarts the process
|
|
when an imported file is changed.
|
|
* fs: add FileHandle.prototype.readLines
|
|
* http: add writeEarlyHints function to ServerResponse
|
|
* http2: make early hints generic
|
|
* util: add default value option to parsearg
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 17 13:02:52 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to NodeJS 18.11.0:
|
|
* added experimental watch mode -- running in 'watch' mode using
|
|
node --watch restarts the process when an imported file is changed
|
|
* fs: add FileHandle.prototype.readLines
|
|
* http: add writeEarlyHints function to ServerResponse
|
|
* http2: make early hints generic
|
|
* lib: refactor transferable AbortSignal
|
|
* src: add detailed embedder process initialization API
|
|
* util: add default value option to parsearg
|
|
|
|
- legacy_python.patch, versioned.patch: updated
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 12 08:14:29 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- qemu_timeouts_arches.patch: set timeouts on riscv5 to 7x normal
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 7 08:05:59 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- skip more tests for riscv64/qemu emulation
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 29 13:58:09 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to NodeJS 18.10.0:
|
|
* deps: upgrade npm to 8.19.2
|
|
* http: throw error on content-length mismatch
|
|
* stream: add ReadableByteStream.tee()
|
|
|
|
- openssl3_fixups.patch: upstreamed and removed
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 26 13:13:39 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to Nodejs 18.9.1:
|
|
* deps: llhttp updated to 6.0.10
|
|
+ CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325)
|
|
+ Incorrect Parsing of Multi-line Transfer-Encoding
|
|
(CVE-2022-32215, bsc#1201327)
|
|
+ Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832)
|
|
* crypto: fix weak randomness in WebCrypto keygen
|
|
(CVE-2022-35255, bsc#1203831)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Sep 17 10:35:31 UTC 2022 - Bruno Pitrus <brunopitrus@hotmail.com>
|
|
|
|
- Skip test-fs-utimes-y2K38.js on armv6hl as well as armv7hl.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 15 15:00:25 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to Nodejs 18.9.0:
|
|
* lib - add diagnostics channel for process and worker
|
|
* os - add machine method
|
|
* report - expose report public native apis
|
|
* src - expose environment RequestInterrupt api
|
|
* vm - include vm context in the embedded snapshot
|
|
|
|
- Changes in 18.8.0:
|
|
* bootstrap: implement run-time user-land snapshots via
|
|
--build-snapshot and --snapshot-blob. See
|
|
* crypto:
|
|
+ allow zero-length IKM in HKDF and in webcrypto PBKDF2
|
|
+ allow zero-length secret KeyObject
|
|
* deps: upgrade npm to 8.18.0
|
|
* http: make idle http parser count configurable
|
|
* net: add local family
|
|
* src: print source map error source on demand
|
|
* tls: pass a valid socket on tlsClientError
|
|
|
|
- dns.patch: upstreamed, removed
|
|
- nodejs-libpath.patch, versioned.patch: refreshed
|
|
- fix_ci_tests.patch: partially upstreamed
|
|
- openssl3_fixups.patch: fix unit tests with openssl 1.1.1
|
|
- new_python3.patch: enable python 3.11 as valid interpreter
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 18 10:41:57 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to Nodejs 18.7.0:
|
|
* events: add CustomEvent
|
|
* http: add drop request event for http server
|
|
* lib: improved diagnostics_channel subscribe/unsubscribe
|
|
* util: add tokens to parseArgs
|
|
|
|
- enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 31 15:37:05 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- dns.patch: fix regression
|
|
https://github.com/nodejs/node/issues/44003
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 24 09:47:19 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to Nodejs 18.6.0:
|
|
* Experimental ESM Loader Hooks API. For details see,
|
|
https://nodejs.org/api/esm.html
|
|
* dns: export error code constants from dns/promises
|
|
* esm: add chaining to loaders
|
|
* http: add diagnostics channel for http client
|
|
* http: add perf_hooks detail for http request and client
|
|
* module: add isBuiltIn method
|
|
* net: add drop event for net server
|
|
* test_runner: expose describe and it
|
|
* v8: add v8.startupSnapshot utils
|
|
|
|
For details, see
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 11 12:00:48 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to Nodejs 18.5.0:
|
|
* http: stricter Transfer-Encoding and header separator parsing
|
|
(bsc#1201325, bsc#1201326, bsc#1201327,
|
|
CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)
|
|
* src: fix IPv4 validation in inspector_socket
|
|
(bsc#1201328, CVE-2022-32212)
|
|
For details, see
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 28 13:06:23 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to Nodejs 18.4.0. For detailed changes see,
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0
|
|
- refreshed: versioned.patch, linker_lto_jobs.patch, nodejs-libpath.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 19 15:01:09 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Initial packaging of Nodejs 18.2.0. For detailed changes
|
|
since previous versions, see
|
|
|
|
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0
|
|
|
|
Patches carried over from nodejs17:
|
|
legacy_python.patch node-gyp-addon-gypi.patch openssl_binary_detection.patch
|
|
test-skip-y2038-on-32bit-time_t.patch cares_public_headers.patch
|
|
rsa-pss-revert.patch linker_lto_jobs.patch versioned.patch fix_ci_tests.patch
|
|
manual_configure.patch npm_search_paths.patch skip_no_console.patch
|
|
flaky_test_rerun.patch nodejs-libpath.patch sle12_python3_compat.patch
|
|
|