nodejs/nodejs10
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • d9c3644924 - CVE-2023-44487.patch: nghttp2 Security Release (CVE-2023-44487, bsc#1216190) - nodejs.keyring: include new releaser keys - newicu_test_fixup.patch: workaround whitespaces funnies in some icu versions main Adam Majer 2023-10-25 11:18:21 +00:00
  • c1015aaffd OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=186 Adam Majer 2023-04-13 14:32:17 +00:00
  • 9c44ecaad1 - CVE-2022-25881.patch: http-cache-semantics(npm): Don't use regex to trim whitespace (bsc#1208744, CVE-2022-25881) Adam Majer 2023-04-13 14:29:56 +00:00
  • 7b3a79261f - CVE-2023-23920.patch: fixes insecure loading of ICU data through ICU_DATA environment variable (bsc#1208487, CVE-2023-23920) Adam Majer 2023-02-22 11:33:32 +00:00
  • e01a8ff785 - CVE-2022-43548.patch: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Adam Majer 2022-11-07 10:06:31 +00:00
  • 11443c2973 - CVE-2022-35256.patch: update llhttp to 2.1.6 + fixes CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + fixes incorrect parsing of header fields (CVE-2022-35256, bsc#1203832) Adam Majer 2022-09-29 12:47:30 +00:00
  • f6e7348e9b CVE-2022-32214, CVE-2022-32215, bsc#1191602, CVE-2021-22960, bsc#1191601, CVE-2021-22959) Adam Majer 2022-08-09 11:57:25 +00:00
  • cc718baf73 - CVE-2021-22930.patch: backports http2 fixes (bsc#1188917, bsc#1189368, CVE-2021-22930, CVE-2021-22940) - CVE-2022-32213.patch: backport llhttp http parser fixes (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) - CVE-2022-32212.patch: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) Adam Majer 2022-07-19 11:52:36 +00:00
  • 97a9329d36 - CVE-2021-22940.patch: merged with CVE-2021-22930.patch Adam Majer 2022-07-18 15:45:57 +00:00
  • ef2b06e403 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=178 Adam Majer 2022-07-18 12:24:56 +00:00
  • b7d70500b8 - CVE-2021-44906.patch: fix prototype pollution in npm dependency (bsc#1198247, CVE-2021-44906) - CVE-2021-44907.patch: fix insuficient sanitation in npm dependency (bsc#1197283, CVE-2021-44907) - CVE-2022-0235.patch: fix passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235) * CVE-2021-32803 - node-tar: Insufficient symlink protection Adam Majer 2022-04-21 15:54:23 +00:00
  • 166897fe0a (bsc#1194514, CVE-2022-21824) Adam Majer 2022-02-15 16:54:25 +00:00
  • 84df5ed6ac - CVE-2022-21824.patch: fix prototype pollution via console.table Adam Majer 2022-02-15 16:51:44 +00:00
  • 2a1c926780 * CVE-2021-3918 - json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (bsc#1192696) - CVE-2021-3807.patch: node-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (bsc#1192154, CVE-2021-3807) Adam Majer 2022-02-15 13:34:42 +00:00
  • 013ffaea96 - npm-v6.14.16.tar.gz: update to npm 6.14.16 fixing * CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153) * CVE-2021-23343 - node-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (bsc#1191963) * CVE-2021-32804 - node-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (bsc#1191962) Adam Majer 2022-02-15 13:06:09 +00:00
  • ad2d70f251 - CVE-2022-21824.patch: fix prototype pollution via console.table Adam Majer 2022-02-15 12:05:47 +00:00
  • 84c464ac24 - fix_ci_tests.patch: updated for z15 zlib compression Adam Majer 2022-01-13 21:08:33 +00:00
  • ce54bd25e1 - CVE-2021-22939.patch: Incomplete validation of rejectUnauthorized parameter (bsc#1189369, CVE-2021-22939) Adam Majer 2022-01-13 20:17:57 +00:00
  • 6d1d300242 - test_ssl_cert_fixups.patch: fixup SSL certificates in unit tests Adam Majer 2022-01-13 20:09:01 +00:00
  • 2fb35405af OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=168 Adam Majer 2021-08-09 12:56:54 +00:00
  • b47ba3f6cc - z15-test-skip.patch: skip problematic test on s390x Adam Majer 2021-08-09 12:56:43 +00:00
  • 94a049977c OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=166 Adam Majer 2021-08-04 16:38:25 +00:00
  • fd99e5a392 - CVE-2021-22930.patch: http2: fixes use after free on close in stream canceling (bsc#1188917, CVE-2021-22930) Adam Majer 2021-08-04 16:38:06 +00:00
  • 7c8c76a6cf OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=164 Adam Majer 2021-07-22 13:35:54 +00:00
  • f8a9c947c2 Keyring update Adam Majer 2018-06-22 14:30:57 +00:00
  • 42a1d10084 - New upstream release 10.5.0: * crypto: Support for crypto.scrypt() has been added * fs: + APIs that take mode as arguments no longer throw on values larger than 0o777 + BigInt support has been added to fs.stat and fs.watchFile + Fix crashes in closed event watchers. * worker_threads: multi-threading has been added behind the --experimental-worker flag in the worker_threads module. This feature is *experimental* and may receive breaking changes at any time. - npm_search_paths.patch: Fix typo causing npm to not work Adam Majer 2018-06-22 13:46:46 +00:00
  • c6f0ed16c0 - Recommend same major version npm package (bsc#1097748) Adam Majer 2018-06-15 12:16:38 +00:00
  • 5c2902ea39 * Fixes memory exhaustion DoS: Fixes a bug that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream (CVE-2018-7164, bsc#1097537) + Unbundled nghttp2 to fix Denial of Service vulnerability (CVE-2018-1000168, bsc#1097401) (CVE-2018-7162, bsc#1097538) Adam Majer 2018-06-14 13:54:45 +00:00
  • 68f9c117f6 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=10 Adam Majer 2018-06-13 16:52:09 +00:00
  • f0701de170 - New upstream release 10.4.1: * Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. * http2: + Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup (CVE-2018-7161, bsc#1097404) + Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0 (CVE-2018-1000168, bsc#1097401) * tls: Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving (CVE-2018-7162) Adam Majer 2018-06-13 16:32:01 +00:00
  • 716ae17f10 - New upstream release 10.4.0: * deps: update V8 to 6.7.288.43 * stream: ensure Stream.pipeline re-throws errors without callback - Changes in version 10.3.0: * deps: upgrade npm to 6.1.0 * fs: fix reads with pos > 4GB * net: new option to allow IPC servers to be readable and writable by all users * stream: fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed npm_search_paths.patch: no longer override explicitly prefixed etc/ versioned.patch, env_shebang.patch: refreshed Adam Majer 2018-06-11 14:45:00 +00:00
  • 18403124a9 - New upstream release 10.2.0: * addons: Fixed a memory leak for users of AsyncResource and N-API. * assert: The error parameter of assert.throws() can now be an object containing regular expressions. * crypto: The authTagLength option has been made more flexible. * esm: Builtin modules now provide named exports in ES6 modules. * http: Handling of close and aborted events has been made more consistent. * module: add --preserve-symlinks-main * timers: timeout.refresh() has been added to the public API. - fix_ci_tests.patch: refreshed - versioned.patch: refreshed Adam Majer 2018-05-24 14:51:25 +00:00
  • 3d5311786b OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=6 Adam Majer 2018-05-24 14:27:54 +00:00
  • fb7be50b1c - manual_configure.patch: configure nghttp2 correctly - icu_small_grouping.patch: prevents undefined behaviour possibility Adam Majer 2018-05-23 12:32:27 +00:00
  • c060914f95 - use gcc7 for SLE12 - versioned.patch: set node version in environment to 10 Adam Majer 2018-05-23 11:33:33 +00:00
  • 911d8c2f05 - versioned.patch: rebased Adam Majer 2018-05-17 08:10:32 +00:00
  • 94d20bd6e3 - OpenSSL 1.1.0+ is required. Adam Majer 2018-05-16 11:38:06 +00:00
  • 20a701d2db - New upstream release 10.1.0: * console: make console.table() use colored inspect * fs: move fs/promises to fs.promises * http: added aborted property to request * n-api: initialize a module via a special symbol * src: add public API to expose the main V8 Platform - Changes in version 10.0.0: * Assert: + Calling assert.fail() with more than one argument is deprecated. + Calling assert.ok() with no arguments will now throw. + Calling assert.ifError() will now throw with any argument other than undefined or null. Previously the method would throw with any truthy value. * Async_hooks: + Older experimental async_hooks APIs have been removed. * Buffer: + Uses of new Buffer() and Buffer() outside of the node_modules directory will now emit a runtime deprecation warning. + Buffer.isEncoding() now returns undefined for falsy values, including an empty string. + Buffer.fill() will throw if an attempt is made to fill with an empty Buffer. * Child Process: Undefined properties of env are ignored. * console: console.table() method has been added. * crypto: + The crypto.createCipher() and crypto.createDecipher() methods have been deprecated. Please use crypto.createCipheriv() and crypto.createDecipheriv() instead. + The decipher.finaltol() method has been deprecated. + The crypto.DEFAULT_ENCODING property has been deprecated. + The ECDH.convertKey() method has been added. + The crypto.fips property has been deprecated. * deps: + V8 has been updated to 6.6 + npm upgraded to 5.8.0 * EventEmitter: + The EventEmitter.prototype.off() method has been added as an alias for EventEmitter.prototype.removeListener(). * File System: + The fs/promises API provides experimental promisified versions of the fs functions. + Invalid path errors are now thrown synchronously. + fs.readFile() method now partitions reads to avoid thread pool exhaustion. * http: + Processing of HTTP Status codes 100, 102-199 has been improved. + Multi-byte characters in URL paths are now forbidden. * N-API: The n-api is no longer experimental. * net: The 'close' event will be emitted after 'end'. * perf_hooks: + The PerformanceObserver class is now an AsyncResource and can be monitored using async_hooks. + Trace events are now emitted for performance events. + The performance API has been simplified. + Performance milestone marks will be emitted as trace events. * process: + Using non-string values for process.env is deprecated. + The process.assert() method is deprecated. * repl: + REPL now experimentally supports top-level await when using the --experimental-repl-await flag. + The previously deprecated "magic mode" has been removed. + The previously deprecated NODE_REPL_HISTORY_FILE environment variable has been removed. + Proxy objects are shown as Proxy objects when inspected. * streams: + The 'readable' event is now always deferred with nextTick. + A new pipeline() method has been provided for building end-to-data stream pipelines. + support for async for-await has been added to stream.Readable * timers: The enroll() and unenroll() methods have been deprecated * tls: + The tls.convertNPNProtocols() method has been deprecated. + Support for NPN (next protocol negotiation) has been dropped. + The ecdhCurve default is now 'auto'. * Trace Events: + A new trace_events top-level module allows trace event categories to be enabled/disabled at runtime. * URL: The WHATWG URL API is now a global. * Util: + util.types.is[…] type checks have been added. + Support for bigint formatting has been added to util.inspect(). Adam Majer 2018-05-11 14:21:06 +00:00