nodejs11/nodejs11.changes

-------------------------------------------------------------------
Mon Jan  7 13:31:31 UTC 2019 - adam.majer@suse.de

- New upstream releases 11.6.0:
  * cli: add --max-http-header-size flag
  * crypto:
    + always accept certificates as public keys
    + add key object API
  * deps:
    + upgrade to libuv 1.24.1
    + upgrade npm to 6.5.0
  * http: add maxHeaderSize property

- Changes in version 11.5.0:
  * tls: support "BEGIN TRUSTED CERTIFICATE" for ca:
  * util: add inspection getter option

- Changes in version 11.4.0:
  * console,util:
    + console functions now handle symbols as defined in the spec.
    + The inspection depth default is now back at 2.
  * dgram,net: Added ipv6Only option for net and dgram
  * http: Chosing between the http parser is now possible per
    runtime flag.
  * readline: The readline module now supports async iterators.
  * repl: The multiline history feature is removed.
  * tls:
    + Added min/max protocol version options.
    + The X.509 public key info now includes the RSA bit size and
      the elliptic curve.
  * url: pathToFileURL() now supports LF, CR and TAB.

- fix_ci_tests.patch: refreshed
- versioned.patch: refreshed

-------------------------------------------------------------------
Thu Dec  6 12:57:45 UTC 2018 - adam.majer@suse.de

- New upstream release 11.3.0:
  * deps: Upgrade to OpenSSL 1.1.0j, fixing
    + Timing vulnerability in DSA signature generation
      (bsc#1113652, CVE-2018-0734)
    + Timing vulnerability in ECDSA signature generation
      (bsc#1113651, CVE-2018-0735)
  * http:
    + Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (bsc#1117626, CVE-2018-12121)
    + A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely
      received within this period, the socket is destroyed on
      the next received chunk. In conjunction
      with server.setTimeout(), this aids in protecting against
      excessive resource retention and possible Denial of Service.
      (bsc#1117627, CVE-2018-12122)
  * url: Fix a bug that would allow a hostname being spoofed when
    parsing URLs with url.parse() with the 'javascript:' protocol.
    (bsc#1117629, CVE-2018-12123)

-------------------------------------------------------------------
Mon Nov 26 14:06:57 UTC 2018 - adam.majer@suse.de

- New upstream release 11.2.0:
  * deps: A new experimental HTTP parser (llhttp) is now supported.
  * timers: Fixed an issue that could cause setTimeout to stop
    working as expected.
- flaky_test_rerun.patch: Rerun failing tests in case of flakiness
- fix_ci_tests.patch: refreshed

-------------------------------------------------------------------
Thu Nov  8 13:03:23 UTC 2018 - adam.majer@suse.de

- New upstream release 11.1.0:
  * repl: Top-level for-await-of is now supported in the REPL.
  * timers: Fixed an issue that could cause timers to enter
    an infinite loop.
- openssl_fix.patch: removed, upstreamed
- fix_ci_tests.patch: refreshed

-------------------------------------------------------------------
Thu Oct 25 14:24:02 UTC 2018 - adam.majer@suse.de

- Initial release of NodeJS 11.0.0
- Notable changes since NodeJS 10.12.0:
  * Use of process.binding() has been deprecated.
  * An experimental implementation of queueMicrotask() is added.

  * child_process: The default value of the windowsHide option
    has been changed to true.
  * deps: V8 has been updated to 7.0.
  * fs:
    + fs.read() method now requires a callback
    + The previously deprecated fs.SyncWriteStream utility has
      been removed
  * http: The http, https, and tls modules now use the WHATWG URL
    parser by default.
  * timers: nextTick queue will be run after each immediate and timer.
  * util:
    + WHATWG TextEncoder and TextDecoder are now globals.
    + util.inspect() output size is limited to 128 MB by default.
    + A runtime warning will be emitted when NODE_DEBUG is set for
      either http or http2.
- New upstream releases 11.6.0: * cli: add --max-http-header-size flag * crypto: + always accept certificates as public keys + add key object API * deps: + upgrade to libuv 1.24.1 + upgrade npm to 6.5.0 * http: add maxHeaderSize property - Changes in version 11.5.0: * tls: support "BEGIN TRUSTED CERTIFICATE" for ca: * util: add inspection getter option - Changes in version 11.4.0: * console,util: + console functions now handle symbols as defined in the spec. + The inspection depth default is now back at 2. * dgram,net: Added ipv6Only option for net and dgram * http: Chosing between the http parser is now possible per runtime flag. * readline: The readline module now supports async iterators. * repl: The multiline history feature is removed. * tls: + Added min/max protocol version options. + The X.509 public key info now includes the RSA bit size and the elliptic curve. * url: pathToFileURL() now supports LF, CR and TAB. - fix_ci_tests.patch: refreshed - versioned.patch: refreshed OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=6 2019-01-07 13:57:21 +00:00			`-------------------------------------------------------------------`
			`Mon Jan 7 13:31:31 UTC 2019 - adam.majer@suse.de`

			`- New upstream releases 11.6.0:`
			`* cli: add --max-http-header-size flag`
			`* crypto:`
			`+ always accept certificates as public keys`
			`+ add key object API`
			`* deps:`
			`+ upgrade to libuv 1.24.1`
			`+ upgrade npm to 6.5.0`
			`* http: add maxHeaderSize property`

			`- Changes in version 11.5.0:`
			`* tls: support "BEGIN TRUSTED CERTIFICATE" for ca:`
			`* util: add inspection getter option`

			`- Changes in version 11.4.0:`
			`* console,util:`
			`+ console functions now handle symbols as defined in the spec.`
			`+ The inspection depth default is now back at 2.`
			`* dgram,net: Added ipv6Only option for net and dgram`
			`* http: Chosing between the http parser is now possible per`
			`runtime flag.`
			`* readline: The readline module now supports async iterators.`
			`* repl: The multiline history feature is removed.`
			`* tls:`
			`+ Added min/max protocol version options.`
			`+ The X.509 public key info now includes the RSA bit size and`
			`the elliptic curve.`
			`* url: pathToFileURL() now supports LF, CR and TAB.`

			`- fix_ci_tests.patch: refreshed`
			`- versioned.patch: refreshed`

- New upstream release 11.3.0: * deps: Upgrade to OpenSSL 1.1.0j, fixing + Timing vulnerability in DSA signature generation (bsc#1113652, CVE-2018-0734) + Timing vulnerability in ECDSA signature generation (bsc#1113651, CVE-2018-0735) * http: + Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. (bsc#1117626, CVE-2018-12121) + A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (bsc#1117627, CVE-2018-12122) * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (bsc#1117629, CVE-2018-12123) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=5 2018-12-06 16:03:44 +00:00			`-------------------------------------------------------------------`
			`Thu Dec 6 12:57:45 UTC 2018 - adam.majer@suse.de`

			`- New upstream release 11.3.0:`
			`* deps: Upgrade to OpenSSL 1.1.0j, fixing`
			`+ Timing vulnerability in DSA signature generation`
			`(bsc#1113652, CVE-2018-0734)`
			`+ Timing vulnerability in ECDSA signature generation`
			`(bsc#1113651, CVE-2018-0735)`
			`* http:`
			`+ Headers received by HTTP servers must not exceed 8192 bytes`
			`in total to prevent possible Denial of Service attacks.`
			`(bsc#1117626, CVE-2018-12121)`
			`+ A timeout of 40 seconds now applies to servers receiving`
			`HTTP headers. This value can be adjusted with`
			`server.headersTimeout. Where headers are not completely`
			`received within this period, the socket is destroyed on`
			`the next received chunk. In conjunction`
			`with server.setTimeout(), this aids in protecting against`
			`excessive resource retention and possible Denial of Service.`
			`(bsc#1117627, CVE-2018-12122)`
			`* url: Fix a bug that would allow a hostname being spoofed when`
			`parsing URLs with url.parse() with the 'javascript:' protocol.`
			`(bsc#1117629, CVE-2018-12123)`

- New upstream release 11.2.0: * deps: A new experimental HTTP parser (llhttp) is now supported. * timers: Fixed an issue that could cause setTimeout to stop working as expected. - flaky_test_rerun.patch: Rerun failing tests in case of flakiness - fix_ci_tests.patch: refreshed OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=4 2018-11-26 15:49:35 +00:00			`-------------------------------------------------------------------`
			`Mon Nov 26 14:06:57 UTC 2018 - adam.majer@suse.de`

			`- New upstream release 11.2.0:`
			`* deps: A new experimental HTTP parser (llhttp) is now supported.`
			`* timers: Fixed an issue that could cause setTimeout to stop`
			`working as expected.`
			`- flaky_test_rerun.patch: Rerun failing tests in case of flakiness`
			`- fix_ci_tests.patch: refreshed`

- New upstream release 11.1.0: * repl: Top-level for-await-of is now supported in the REPL. * timers: Fixed an issue that could cause timers to enter an infinite loop. - openssl_fix.patch: removed, upstreamed - fix_ci_tests.patch: refreshed OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=2 2018-11-08 13:29:54 +00:00			`-------------------------------------------------------------------`
			`Thu Nov 8 13:03:23 UTC 2018 - adam.majer@suse.de`

			`- New upstream release 11.1.0:`
			`* repl: Top-level for-await-of is now supported in the REPL.`
			`* timers: Fixed an issue that could cause timers to enter`
			`an infinite loop.`
			`- openssl_fix.patch: removed, upstreamed`
			`- fix_ci_tests.patch: refreshed`

- Initial release of NodeJS 11.0.0 - Notable changes since NodeJS 10.12.0: * Use of process.binding() has been deprecated. * An experimental implementation of queueMicrotask() is added. * child_process: The default value of the windowsHide option has been changed to true. * deps: V8 has been updated to 7.0. * fs: + fs.read() method now requires a callback + The previously deprecated fs.SyncWriteStream utility has been removed * http: The http, https, and tls modules now use the WHATWG URL parser by default. * timers: nextTick queue will be run after each immediate and timer. * util: + WHATWG TextEncoder and TextDecoder are now globals. + util.inspect() output size is limited to 128 MB by default. + A runtime warning will be emitted when NODE_DEBUG is set for either http or http2. OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=1 2018-10-25 14:40:03 +00:00			`-------------------------------------------------------------------`
			`Thu Oct 25 14:24:02 UTC 2018 - adam.majer@suse.de`

			`- Initial release of NodeJS 11.0.0`
			`- Notable changes since NodeJS 10.12.0:`
			`* Use of process.binding() has been deprecated.`
			`* An experimental implementation of queueMicrotask() is added.`

			`* child_process: The default value of the windowsHide option`
			`has been changed to true.`
			`* deps: V8 has been updated to 7.0.`
			`* fs:`
			`+ fs.read() method now requires a callback`
			`+ The previously deprecated fs.SyncWriteStream utility has`
			`been removed`
			`* http: The http, https, and tls modules now use the WHATWG URL`
			`parser by default.`
			`* timers: nextTick queue will be run after each immediate and timer.`
			`* util:`
			`+ WHATWG TextEncoder and TextDecoder are now globals.`
			`+ util.inspect() output size is limited to 128 MB by default.`
			`+ A runtime warning will be emitted when NODE_DEBUG is set for`
			`either http or http2.`