* This release fixes a regression introduced in Node.js 18.19.0 where
http.server.close() was incorrectly closing idle connections.
* deps:
+ acorn updated to 8.11.3.
+ acorn-walk updated to 8.3.2.
+ ada updated to 2.7.8.
+ c-ares updated to 1.28.1.
+ corepack updated to 0.28.0.
+ nghttp2 updated to 1.61.0.
+ ngtcp2 updated to 1.3.0.
+ npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324.
+ simdutf updated to 5.2.4.
- Changes in 18.20.2:
* fixes bsc#1222665, CVE-2024-27980 - windows only bug
- versioned.patch, npm_search_paths.patch: refreshed
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=79
were fixed:
* (CVE-2023-32002, bsc#1214150): Policies can be bypassed
via Module._load (High)
* (CVE-2023-32006, bsc#1214156): Policies can be bypassed by
module.constructor.createRequire (Medium)
* (CVE-2023-32559, bsc#1214154): Policies can be bypassed via
process.binding (Medium)
- Changes included in LTS version 18.17.0:
* dns: expose getDefaultResultOrder
* events: add getMaxListeners method
* fs:
+ add support for mode flag to specify the copy behavior
+ add recursive option to readdir and opendir
+ add support for mode flag to specify the copy behavior
+ implement byob mode for readableWebStream()
* http:
+ prevent writing to the body when not allowed by HTTP spec
+ remove internal error in assignSocket
+ add highWaterMark opt in http.createServer
* lib:
+ add webstreams to Duplex.from()
+ implement AbortSignal.any()
* module:
+ change default resolver to not throw on unknown scheme
* node-api:
+ define version 9
+ deprecate napi_module_register
* stream:
+ preserve object mode in compose
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=64
* deps: upgrade npm to 9.5.0
* deps: update undici to 5.20.0
- Changes in version 18.14.1:
* fixes permissions policies can be bypassed via process.mainModule
(bsc#1208481, CVE-2023-23918)
* fixes insecure loading of ICU data through ICU_DATA environment
variable (bsc#1208487, CVE-2023-23920)
* fixes OpenSSL error handling issues in nodejs crypto library
(bsc#1208483, CVE-2023-23919)
* updates undici to v5.19.1
+ Fetch API in Node.js did not protect against CRLF injection in host headers
+ Regular Expression Denial of Service in Headers in Node.js fetch API
(bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936)
- Update to NodeJS 18.14.0 LTS:
* deps:
+ update npm to 9.2.0
* http:
+ join authorization headers
+ improved timeout defaults handling
* stream:
+ implement finished() for ReadableStream and WritableStream
- refreshed patches: linker_lto_jobs.patch, npm_search_paths.patch,
versioned.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=47
