* crypto: Allow deriving public from private keys
* events: Added a once function to use EventEmitter with promises
* tty:
+ Added a hasColors method to WriteStream
+ Added NO_COLOR and FORCE_COLOR support
* v8: Added v8.getHeapSnapshot and v8.writeHeapSnapshot to
generate snapshots in the format used by tools such as Chrome
* worker: Added worker.moveMessagePortToContext
* C++ API:
+ AddPromiseHook is now deprecated.
+ Added a Stop API to shut down Node.js while it is running
- Changes in release 11.12.0:
* bootstrap: Add experimental --frozen-intrinsics flag
* deps: Upgrade openssl to 1.1.1b
* process: Make process[Symbol.toStringTag] writable again
* repl: Add util.inspect.replDefaults to customize the writer
* report: Rename triggerReport() to writeReport()
- fix_ci_tests.patch: add another exception for our OpenSSL library
- versioned.patch: refresh
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=16
* deps: Upgrade to OpenSSL 1.1.0j, fixing
+ Timing vulnerability in DSA signature generation
(bsc#1113652, CVE-2018-0734)
+ Timing vulnerability in ECDSA signature generation
(bsc#1113651, CVE-2018-0735)
* http:
+ Headers received by HTTP servers must not exceed 8192 bytes
in total to prevent possible Denial of Service attacks.
(bsc#1117626, CVE-2018-12121)
+ A timeout of 40 seconds now applies to servers receiving
HTTP headers. This value can be adjusted with
server.headersTimeout. Where headers are not completely
received within this period, the socket is destroyed on
the next received chunk. In conjunction
with server.setTimeout(), this aids in protecting against
excessive resource retention and possible Denial of Service.
(bsc#1117627, CVE-2018-12122)
* url: Fix a bug that would allow a hostname being spoofed when
parsing URLs with url.parse() with the 'javascript:' protocol.
(bsc#1117629, CVE-2018-12123)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=5
