nodejs/nodejs18
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70 Commits 1 Branch 0 Tags
main
Commit Graph

70 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Adam Majer
504746daf4 - Update to 18.20.8: 
* async_hooks,inspector: implement inspector api without async_wrap
  * deps: update undici to v5.29.0
- Build with PIE (bsc#1239949)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=87
 2025-04-08 13:11:25 +00:00
Adam Majer
4f1d302c47 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=86 2025-01-22 12:02:57 +00:00
Adam Majer
8dada3c946 - Update to 18.20.6 
* src: fix HTTP2 mem leak on premature close and ERR_PROTO
    (bsc#1236250, CVE-2025-23085)
  * deps: Use of Insufficiently Random Values in undici fetch()
    (bsc#1236258, CVE-2025-22150)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=85
 2025-01-22 11:29:41 +00:00
Adam Majer
6535b83f74 - nodejs.keyring: sync with upstream releaser list 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=84
 2024-12-05 10:31:40 +00:00
Adam Majer
d3334dffe8 - Update to 18.20.5 
* esm: mark import attributes and JSON module as stable
  * deps:
    + upgrade npm to 10.8.2
    + update simdutf to 5.6.0
    + update brotli to 1.1.0
    + update ada to 2.8.0
    + update acorn to 8.13.0
    + update acorn-walk to 8.3.4
    + update c-ares to 1.29.0
- CVE-2024-21538.patch: fixes regular expression denial of service
  (bsc#1233856, CVE-2024-21538)
- fix_ci_tests.patch, versioned.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=83
 2024-12-04 16:19:46 +00:00
Adam Majer
21e084b8dc OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=82 2024-11-04 15:01:00 +00:00
Adam Majer
97cbc66072 - openssl31.patch: fix unit tests with OpenSSL 3.1 (bsc#1232756) 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=81
 2024-11-04 14:53:20 +00:00
Adam Majer
553ad0cd65 - Update to 18.20.4 
* Bypass incomplete fix of CVE-2024-27980 (bsc#1227560, CVE-2024-36138)
  * Bypass network import restriction via data URL (bsc#1227554, CVE-2024-22020)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=80
 2024-07-12 13:42:15 +00:00
Adam Majer
6c3cb6b255 - Update to 18.20.3: 
* This release fixes a regression introduced in Node.js 18.19.0 where
    http.server.close() was incorrectly closing idle connections.
  * deps:
    + acorn updated to 8.11.3.
    + acorn-walk updated to 8.3.2.
    + ada updated to 2.7.8.
    + c-ares updated to 1.28.1.
    + corepack updated to 0.28.0.
    + nghttp2 updated to 1.61.0.
    + ngtcp2 updated to 1.3.0.
    + npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324.
    + simdutf updated to 5.2.4.
- Changes in 18.20.2:
  * fixes bsc#1222665, CVE-2024-27980 - windows only bug
- versioned.patch, npm_search_paths.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=79
 2024-05-28 12:17:53 +00:00
Adam Majer
318ddc1bc1 - cares_sle12_capabilities.patch: no get_random() on sle12 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=78
 2024-04-10 12:47:26 +00:00
Adam Majer
c6d7cd750d + undici version 5.28.4 (bsc#1222530, bsc#1222603, 
CVE-2024-30260, CVE-2024-30261)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=77
 2024-04-10 11:02:40 +00:00
Adam Majer
0235124643 - Update to 18.20.1: 
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
    leads to HTTP/2 server crash- (High) (bsc#1222244)
  * CVE-2024-27982 - HTTP Request Smuggling via Content Length
    Obfuscation- (Medium) (bsc#1222384)
  * updated dependencies:
    + llhttp version 9.2.1
    + undici version 5.28.4 (bsc#1222530, CVE-2024-30260)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=76
 2024-04-09 14:48:11 +00:00
Adam Majer
7390dfe047 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=75 2024-04-03 14:49:35 +00:00
Adam Majer
bb017bf45f - Update to 18.20.0: 
* Added support for import attributes
  * vm: fix V8 compilation cache support for vm.Script
- versioned.patch: refreshed
  * libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=74
 2024-04-02 15:06:47 +00:00
Adam Majer
7ba0824280 - Update to 18.19.1: (security updates) 
* (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
  * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  * undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
  * libuv version 1.48.0 (CVE-2024-24806, bsc#1219724)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=73
 2024-02-16 16:25:58 +00:00
Adam Majer
7cb40b70e6 typo 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=72
 2023-12-19 15:02:47 +00:00
Adam Majer
3bf7ecbdc2 - sle12-node-gyp-addon-gypi.patch: added variant of node-gyp-addon-gypi.patch 
for SLE12 compatibility. node-gyp-addon-gypi.patch is for SLE15+

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=71
 2023-12-19 12:28:43 +00:00
Adam Majer
de9309e0dd OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=70 2023-12-18 10:43:15 +00:00
Adam Majer
3ee464da9b - Update to LTS version 18.19.0 
* deps: npm updates to 10.x
  * esm:
    + Leverage loaders when resolving subsequent loaders
    + import.meta.resolve unflagged
    + --experimental-default-type flag to flip module defaults
For details, see
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md
- node-gyp-addon-gypi.patch, fix_ci_tests.patch,
  versioned.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=69
 2023-12-18 10:30:14 +00:00
Adam Majer
7b091244b7 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=68 2023-10-16 10:21:35 +00:00
Adam Majer
ac408092d1 - Security update to version 18.18.2 
* (CVE-2023-44487, bsc#1216190): nghttp2 Security Release
  * (CVE-2023-45143, bsc#1216205): undici Security Release
  * (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented
  * (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=67
 2023-10-16 10:17:26 +00:00
Adam Majer
61ab794373 - Update to LTS version 18.18.1 
* deps: libuv update in 18.18.0 broke webpack's thread-loader.
    This update should fix this.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=66
 2023-10-11 08:57:11 +00:00
Adam Majer
0e65c4c0ca - Update to LTS version 18.18.0 
* build: sync libuv header change
  * deps: add missing thread-common.c in uv.gyp
  * deps: upgrade to libuv 1.46.0
  * doc: add atlowChemi to collaborators
  * esm: add `--import` flag
  * events: allow safely adding listener to abortSignal
  * fs, stream: initial `Symbol.dispose` and `Symbol.asyncDispose` support
  * net: add autoSelectFamily global getter and setter
  * url: add value argument to has and delete methods
- versioned.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=65
 2023-09-19 15:56:51 +00:00
Adam Majer
3569013173 - Update to LTS version 18.17.1 (security fixes). The following CVE 
were fixed:
  * (CVE-2023-32002, bsc#1214150): Policies can be bypassed
     via Module._load (High)
  * (CVE-2023-32006, bsc#1214156): Policies can be bypassed by
     module.constructor.createRequire (Medium)
  * (CVE-2023-32559, bsc#1214154): Policies can be bypassed via
     process.binding (Medium)
- Changes included in LTS version 18.17.0:
  * dns: expose getDefaultResultOrder
  * events: add getMaxListeners method
  * fs:
    + add support for mode flag to specify the copy behavior
    + add recursive option to readdir and opendir
    + add support for mode flag to specify the copy behavior
    + implement byob mode for readableWebStream()
  * http:
    + prevent writing to the body when not allowed by HTTP spec
    + remove internal error in assignSocket
    + add highWaterMark opt in http.createServer
  * lib:
    + add webstreams to Duplex.from()
    + implement AbortSignal.any()
  * module:
    + change default resolver to not throw on unknown scheme
  * node-api:
    + define version 9
    + deprecate napi_module_register
  * stream:
    + preserve object mode in compose

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=64
 2023-08-10 14:31:40 +00:00
Adam Majer
7f29cefa84 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=63 2023-06-21 13:48:25 +00:00
Adam Majer
533b8ba978 - Update to version 18.16.1 (security fixes only). The following 
CVEs are fixed in this release:
  * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass
    Experimental Policy Mechanism (High)
  * (CVE-2023-30585, bsc#1212579): Privilege escalation via
    Malicious Registry Key manipulation during Node.js
    installer repair process (Medium)
  * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid
    Public Key information in x509 certificates (Medium)
  * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via
    Empty headers separated by CR (Medium)
  * (CVE-2023-30590, bsc#1212583): DiffieHellman does not
    generate keys after setting a private key (Medium)
  * c-ares security issues:
    + CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
      (bsc#1211604)
    + CVE-2023-31147 Moderate. Insufficient randomness in generation
      of DNS query IDs (bsc#1211605)
    + CVE-2023-31130. Moderate. Buffer Underwrite in
      ares_inet_net_pton() (bsc#1211606)
    + CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
      during cross compilation (bsc#1211607)
- fix_ci_tests.patch: increase default timeout on unit tests
  to 20min from 2min. This seems to have lead to build failures
  on some platforms, like s390x in Factory. (bsc#1211407)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=61
 2023-06-21 12:25:26 +00:00
Adam Majer
a0848d0ff4 * deps: upgrade npm to 9.5.0 (bsc#1208744, CVE-2022-25881) 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=59
 2023-04-17 10:23:37 +00:00
Adam Majer
bb44dc56de - Update to NodeJS 18.16.0 LTS version 
* Add initial support for single executable applications
  * Replace url parser with Ada
  * buffer: add Buffer.copyBytesFrom
- refreshed patches: versioned.patch linker_lto_jobs.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=58
 2023-04-13 14:31:06 +00:00
Adam Majer
9c9268c584 unfix speccleaner 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=56
 2023-03-13 16:48:13 +00:00
Adam Majer
aeef25b81c - relax Requires to Suggests for alts on TW 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=55
 2023-03-13 16:45:30 +00:00
Adam Majer
3f9f6fb843 - Update to NodeJS 18.15.0 LTS version: 
* test_runner:
    + add initial code coverate support
    + add reporters
  * fs: add statfs()
  * buffer: add isAscii()
- s390.patch, sysctl.patch: upstreamed and removed

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=53
 2023-03-08 13:17:36 +00:00
Adam Majer
0938ffe391 - node-gyp_7.1.2.tar.xz: added dependencies so they don't conflict with 
npm dependencies.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=50
 2023-02-23 10:44:42 +00:00
Adam Majer
511d505ae1 - sysctl.patch: unit test fixes 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=49
 2023-02-22 15:54:13 +00:00
Adam Majer
2ef8e23c6d - versioned.patch: refreshed 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=48
 2023-02-22 14:28:12 +00:00
Adam Majer
545556a689 - Update to NodeJS 18.14.2 LTS: 
* deps: upgrade npm to 9.5.0
  * deps: update undici to 5.20.0
- Changes in version 18.14.1:
  * fixes permissions policies can be bypassed via process.mainModule
    (bsc#1208481, CVE-2023-23918)
  * fixes insecure loading of ICU data through ICU_DATA environment
    variable (bsc#1208487, CVE-2023-23920)
  * fixes OpenSSL error handling issues in nodejs crypto library
    (bsc#1208483, CVE-2023-23919)
  * updates undici to v5.19.1
    + Fetch API in Node.js did not protect against CRLF injection in host headers
    + Regular Expression Denial of Service in Headers in Node.js fetch API
    (bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936)

- Update to NodeJS 18.14.0 LTS:
  * deps:
    + update npm to 9.2.0
  * http:
    + join authorization headers
    + improved timeout defaults handling
  * stream:
    + implement finished() for ReadableStream and WritableStream
- refreshed patches: linker_lto_jobs.patch, npm_search_paths.patch,
  versioned.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=47
 2023-02-22 14:23:30 +00:00
Adam Majer
038f5be659 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=45 2023-02-01 10:50:49 +00:00
Adam Majer
89946a890c - Do not use pkg_vcmp to decide BuildDependencies: this works based 
on 'installed packages' which is not interpreted correctly by the
  scheduler. Rather switch to boolean dependencies.
------------------------------------------------------------------

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=44
 2023-02-01 10:04:37 +00:00
Adam Majer
cab4e3b7ea Added patch list 
Patches carried over from nodejs17:
  legacy_python.patch node-gyp-addon-gypi.patch openssl_binary_detection.patch
test-skip-y2038-on-32bit-time_t.patch cares_public_headers.patch
rsa-pss-revert.patch linker_lto_jobs.patch versioned.patch fix_ci_tests.patch
manual_configure.patch npm_search_paths.patch  skip_no_console.patch
flaky_test_rerun.patch nodejs-libpath.patch  sle12_python3_compat.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=42
 2023-01-31 13:07:44 +00:00
Adam Majer
3161391435 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=40 2023-01-26 13:00:15 +00:00
Adam Majer
1abff45f74 - s390.patch: fix unit test on s390 with patched zlib 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=39
 2023-01-26 12:59:22 +00:00
Adam Majer
a64d62f72a - _constraints: reset aarch64 memory requirements back to original 
otherwise some unit tests can fail

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=38
 2023-01-25 12:41:48 +00:00
Adam Majer
2bd60e6d33 - Again use openssl-3, if available. 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=37
 2023-01-25 12:03:50 +00:00
Adam Majer
b1d3799a70 - Update _constraints: 
* Less RAM for aarch64 and 32-bit arm
  * Use 'asimdrdm' cpu flag to use aarch64 workers where tests
    are more stable

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=35
 2023-01-16 15:43:36 +00:00
Adam Majer
9f74102a9b - Update to NodejJS 18.13.0 LTS: 
* build: disable v8 snapshot compression by default
  * crypto: update root certificates
  * deps: update ICU to 72.1
  * doc:
    + add doc-only deprecation for headers/trailers setters
    + add Rafael to the tsc
    + deprecate use of invalid ports in url.parse
    + deprecate url.parse()
  * lib: drop fetch experimental warning
  * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options
  * src:
    + add uvwasi version
    + add initial shadow realm support
  * test_runner:
    + add t.after() hook
    + don't use a symbol for runHook()
  * tls:
    + add "ca" property to certificate object
  * util:
    + add fast path for utf8 encoding
    + improve textdecoder decode performance
    + add MIME utilities
- new_python3.patch, icu721_fixes.patch: upstreamed, removed

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=34
 2023-01-16 15:07:36 +00:00
Adam Majer
b6cd064c87 - icu721_fixes.patch: fixes compatibility with ICU 72.1 (bsc#1205236) 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=32
 2022-11-10 09:15:16 +00:00
Adam Majer
24cecf60b0 - Fix migration to openssl-3 (bsc#1205042) 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=30
 2022-11-07 14:17:05 +00:00
Adam Majer
fdff30c9af OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=29 2022-11-07 10:38:20 +00:00
Adam Majer
438aeafd12 - Update to NodeJS 18.12.1 LTS: 
* inspector: DNS rebinding in --inspect via invalid octal IP
    (bsc#1205119, CVE-2022-43548)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=28
 2022-11-07 10:03:11 +00:00
Adam Majer
b310397cca - Update to NodeJS 18.12.0 LTS: 
* Running in 'watch' mode using node --watch restarts the process
    when an imported file is changed.
  * fs: add FileHandle.prototype.readLines
  * http: add writeEarlyHints function to ServerResponse
  * http2: make early hints generic
  * util: add default value option to parsearg

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=26
 2022-10-28 10:36:54 +00:00
Adam Majer
c9689270a0 - Update to NodeJS 18.11.0: 
* added experimental watch mode -- running in 'watch' mode using
    node --watch restarts the process when an imported file is changed
  * fs: add FileHandle.prototype.readLines
  * http: add writeEarlyHints function to ServerResponse
  * http2: make early hints generic
  * lib: refactor transferable AbortSignal
  * src: add detailed embedder process initialization API
  * util: add default value option to parsearg
- legacy_python.patch, versioned.patch: updated

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=24
 2022-10-17 13:14:57 +00:00