Commit Graph

  • 8286770095 fix typo in changes main Adam Majer 2022-05-02 11:01:18 +00:00
  • c9b44edd37 (bsc#1198247, CVE-2021-44906) - CVE-2021-44907.patch: fix insuficient sanitation in npm dependency (bsc#1197283, CVE-2021-44907) - CVE-2022-0235.patch: fix passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235) Adam Majer 2022-04-21 14:26:21 +00:00
  • 5731acaa08 - CVE-2021-44906.patch: fix prototype pollution in npm dependency Adam Majer 2022-04-20 12:12:11 +00:00
  • 819316cde3 - CVE-2021-44906.patch: fix prototype pollution in npm dependecy Adam Majer 2022-04-20 11:15:43 +00:00
  • 847d392aec - fix_ci_tests.patch: fix zlib tests for z15 Adam Majer 2022-02-16 11:38:17 +00:00
  • 17a6d023c1 - npm-v6.14.16.tar.gz: update to npm 6.14.16 fixing * CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153) * CVE-2021-23343 - node-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (bsc#1191963) * CVE-2021-32804 - node-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (bsc#1191962) * CVE-2021-3918 - json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (bsc#1192696) - CVE-2021-3807.patch: node-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (bsc#1192154, CVE-2021-3807) - test_ssl_cert_fixups.patch: fixup SSL certificates in unit tests Adam Majer 2022-02-16 10:39:49 +00:00
  • 48635dbb89 - CVE-2021-22930.patch: http2: fixes use after free on close in stream canceling (bsc#1188917, CVE-2021-22930) Adam Majer 2021-08-04 16:38:50 +00:00
  • 7265e7b02f OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=178 Adam Majer 2021-07-07 14:24:19 +00:00
  • c59587fdbd - CVE-2020-8265.patch: Add a unit test for CVE-2020-8265 to make sure we don't have it broken in the future. Adam Majer 2021-07-07 12:58:16 +00:00
  • e96d73bf02 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=176 Adam Majer 2021-07-06 15:10:25 +00:00
  • 4e7bcdb27e - npm-v6.14.13.tar.gz: update to npm 6.14.13 fixing * fixes ssri Regular Expression Denial of Service and hosted-git-info Regular Expression Denial of Service (bsc#1187976, bsc#1187977, CVE-2021-27290, CVE-2021-23362) * fixes y18n Prototype Pollution (bsc#1184450, CVE-2020-7774) Adam Majer 2021-07-06 15:07:41 +00:00
  • 7be706a744 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=174 Adam Majer 2021-07-01 16:14:59 +00:00
  • baf4836ab7 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=173 Adam Majer 2021-02-23 17:23:31 +00:00
  • 5dcc2f76e0 - CVE-2021-22884.patch: DNS rebinding in --inspect (CVE-2021-22884, bsc#1182620) - CVE-2021-22883.patch: only backport unit test to make sure we don't have regression here in the future. Adam Majer 2021-02-23 17:01:57 +00:00
  • 6be6af0b70 - CVE-2020-8287.patch: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554, CVE-2020-8287) Adam Majer 2021-01-11 15:51:30 +00:00
  • 6c5698fc9e - Update Requires: so -devel requires npm - Rely on rpmbuild to define necessary python dependencies Adam Majer 2020-11-23 16:08:19 +00:00
  • 16371a0c7d - fix_ci_tests.patch: add support to SUSE's ECDH backport errors in SLE's openssl Adam Majer 2020-10-09 09:41:15 +00:00
  • 880b49d7a2 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=168 Adam Majer 2020-09-28 12:10:18 +00:00
  • b271bb0768 - CVE-2020-15095.patch: fix information leak through log files (bsc#1173937, CVE-2020-15095) Adam Majer 2020-09-24 15:43:26 +00:00
  • 873e40e8cb OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=166 Adam Majer 2020-08-11 15:13:02 +00:00
  • 9472d098fa OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=165 Adam Majer 2020-08-10 17:02:51 +00:00
  • 70ffaffd94 - New upstream release 8.4.0 * HTTP2: Experimental support for the built-in http2 module has been added via the --expose-http2 flag. (#14239) * Inspector: + require() is available in the inspector console now. (#8837) + Multiple contexts, as created by the vm module, are supported now. (#14465) * N-API: New APIs for creating number values have been introduced. (#14573) * Stream: For Duplex streams, the high water mark option can now be set independently for the readable and the writable side. (#14636) * Util: util.format now supports the %o and %O specifiers for printing objects. (#14558) - Changes in release 8.3.0 * V8: The V8 engine has been upgraded to version 6.0, which has a significantly changed performance profile. (#14574) * DNS: Independent DNS resolver instances are supported now, with support for cancelling the corresponding requests. (#14518) * N-API: Multiple N-API functions for error handling have been changed to support assigning error codes. (#13988) * REPL: Autocompletion support for require() has been improved. (#14409) * Utilities: The WHATWG Encoding Standard (TextDecoder and TextEncoder) has been implemented as an experimental feature. (#13644) Karl Cheng 2017-08-19 06:12:00 +00:00
  • 5813a3383a Remove duplicate .changes entries Adam Majer 2017-08-02 16:17:59 +00:00
  • 7f296d25a7 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=25 Adam Majer 2017-08-02 15:25:49 +00:00
  • 483c1c2cac Don't delete update-alternative links on upgrades Adam Majer 2017-08-02 15:19:51 +00:00
  • 5adf16b707 - Update gcc requiremnts for NodeJS 8.x Adam Majer 2017-08-02 14:09:40 +00:00
  • aa04e1c2fb Fix unpackaged file warning Karl Cheng 2017-08-02 06:11:05 +00:00
  • a0ed2e3501 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=21 Karl Cheng 2017-08-01 05:12:36 +00:00
  • 329247211e - Modify versioned.patch: * Add support for new npx binary introduced in npm 5.3.0, versioned as /usr/bin/npx8. Karl Cheng 2017-08-01 04:59:41 +00:00
  • 8e2c80530e Replace the old tar.xz file Karl Cheng 2017-07-28 01:08:33 +00:00
  • f4908e2974 - New upstream release 8.2.1 * http: Writes no longer abort if the Socket is missing. * process, async_hooks: Avoid problems when triggerAsyncId is undefined. * zlib: Streams no longer attempt to process data when destroyed. - Changes in upstream release 8.2.0 * async_hooks: Multiple improvements to Promise support in async_hooks have been made. * build: The compiler version requirement to build Node with GCC has been raised to GCC 4.9.4. [820b011ed6] #13466 * cluster: Users now have more fine-grained control over the inspector port used by individual cluster workers. Previously, cluster workers were restricted to incrementing from the master's debug port. [dfc46e262a] #14140 * dns: + The server used for DNS queries can now use a custom port. [ebe7bb29aa] #13723 + Support for dns.resolveAny() has been added. [6e30e2558e] #13137 * npm: The npm CLI has been updated to version 5.3.0. In particular, it now comes with the npx binary, which is also shipped with Node. - Refresh versioned.patch robust solution is found. (bnc#1048299, CVE-2017-11499) Karl Cheng 2017-07-27 13:15:52 +00:00
  • aa0615bf98 Update update-alternative names Adam Majer 2017-07-12 10:15:16 +00:00
  • 31d1658351 Security upstream release updates Adam Majer 2017-07-12 09:25:04 +00:00
  • 0e079b34db - Depend on nodejs-common that is then used to pick correctly versioned node or npm binary. This is required since 3rd party modules use /usr/bin/env node which breaks if multiple versions of NodeJS are installed at the same time and non-default version is used (for example, to compile a native module) Adam Majer 2017-07-07 14:16:59 +00:00
  • 4b9bb06bf9 Regresh patch so it applies without any offset again Adam Majer 2017-07-07 08:28:46 +00:00
  • 431e0d5dd0 Fix hardcoded object paths to make everything compile Adam Majer 2017-07-06 15:57:15 +00:00
  • 406e3c3762 Remove obsolete paths from shipped directories and fix update-alternative priorities Adam Majer 2017-07-06 13:51:49 +00:00
  • 7ba13db466 Fix case typo Adam Majer 2017-07-06 13:01:57 +00:00
  • ab060bf694 - npm_search_paths.patch: Since concurrent installations are now possible, node manual pages are moved once again back under npm searcheable locations only. - versioned.patch: All files are now under versioned directoies and names. node and npm symlinks are now managed by update-alternatives - node-gyp-addon-gypi.patch: Reference versioned directories only Adam Majer 2017-07-06 12:34:07 +00:00
  • ef9f8e765e - New upstream version 8.1.3 * Stream regression fixed - The finish event will now always be emitted after the error event if one is emitted * Stream regression fixed - In object mode, readable streams can now use undefined again. Adam Majer 2017-06-29 15:34:10 +00:00
  • ceb1101115 - New upstream version 8.1.2 * Release to fix broken process.release properties Adam Majer 2017-06-19 09:20:45 +00:00
  • 71b430e1a6 - New upstream version 8.1.1 * Child processes - stdout and stderr are now available on the error output of a failed call to the util.promisify()ed version of child_process.exec. * HTTP - A regression that broke certain scenarios in which HTTP is used together with the cluster module has been fixed. * HTTPS - The rejectUnauthorized option now works properly for unix sockets. * Readline - A change that broke npm init and other code which uses readline multiple times on the same input stream is reverted. Adam Majer 2017-06-14 09:37:31 +00:00
  • 08b2d3760a - Fix typo in node-gyp-addon-gypi.patch patch - Refresh node-gyp-addon-gypi.patch Adam Majer 2017-06-13 12:37:05 +00:00
  • 0e22563a23 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=5 Adam Majer 2017-06-13 11:43:35 +00:00
  • 9ea0014ccb - Don't remove all src/ directories, as that breaks npm. (boo:#1043965) - New upstream version 8.1.0 Notable changes, * Async Hooks - When one Promise leads to the creation of a new Promise, the parent Promise will be identified as the trigger * Dependencies + libuv has been updated to 1.12.0 + npm has been updated to 5.0.3 * File system + The fs.exists() function now works correctly with util.promisify() + fs.Stats times are now also available as numbers * Inspector + It is now possible to bind to a random port using --inspect=0 * Zlib + A regression in the Zlib module that made it impossible to properly subclasses zlib.Deflate and other Zlib classes has been fixed. Adam Majer 2017-06-13 11:39:45 +00:00
  • 220f4c57d7 - placeholders from other NodeJS version: 0f3e69db.patch, icu59.patch. Adam Majer 2017-05-31 12:46:50 +00:00
  • 75b9ae12f1 - node-gyp-addon-gypi.patch: refresh Adam Majer 2017-05-31 09:54:06 +00:00
  • b08175ef28 - Branch nodejs7 -> nodejs8, the new current and eventually LTS upstream branch. Note that the LTS lifespan for 8.x will end on December 31st, 2019 unless extended at a later date. - New upstream version 8.0.0. Notable changes * Async Hooks - now in core * Buffer + Using the --pending-deprecation flag will cause Node.js to emit a deprecation warning when using new Buffer(num) or Buffer(num). + new Buffer(num) and Buffer(num) will zero-fill new Buffer + Many Buffer methods now accept Uint8Array as input * Child Process + Argument and kill signal validations have been improved + Child Process methods accept Uint8Array as input * Console + Error events emitted when using console methods are now supressed. * Dependencies + The npm client has been updated to 5.0.0 + V8 has been updated to 5.8 with forward ABI stability to 6.0 * Domains + Native Promise instances are now Domain aware * Errors + We have started assigning static error codes to errors generated by Node.js. This has been done through multiple commits and is still a work in progress. * File System + The utility class fs.SyncWriteStream has been deprecated + The deprecated fs.read() string interface has been removed * HTTP + Improved support for userland implemented Agents + Outgoing Cookie headers are concatenated into a single string + The httpResponse.writeHeader() method has been deprecated + New methods for accessing HTTP headers have been added to OutgoingMessage * lib + All deprecation messages have been assigned static identifiers + The legacy linkedlist module has been removed * N-API + Experimental support for the new N-API API has been added * Process + Process warning output can be redirected to a file using the --redirect-warnings command-line argument + Process warnings may now include additional detail * REPL + REPL magic mode has been deprecated * src + NODE_MODULE_VERSION has been updated to 57 + Add --pending-deprecation command-line argument and NODE_PENDING_DEPRECATION environment variable + The --debug command-line argument has been deprecated. Note that using --debug will enable the new Inspector-based debug protocol as the legacy Debugger protocol previously used by Node.js has been removed. + Throw when the -c and -e command-line arguments are used at the same time + Throw when the --use-bundled-ca and --use-openssl-ca command-line arguments are used at the same time. * Stream + Stream now supports destroy() and _destroy() APIs + Stream now supports the _final() API * TLS + The rejectUnauthorized option now defaults to true + The tls.createSecurePair() API now emits runtime deprecation + A runtime deprecation will now be emitted when dhparam is less than 2048 bits * URL + The WHATWG URL implementation is now a fully-supported API * Util + Symbol keys are now displayed by default when using util.inspect() + toJSON errors will be thrown when formatting %j + Convert inspect.styles and inspect.colors to prototype-less objects + The new util.promisify() API has been added * Zlib + Support Uint8Array in Zlib convenience methods + Zlib errors now use RangeError and TypeError consistently Adam Majer 2017-05-31 09:20:17 +00:00