Overview Repositories Revisions Requests Users Attributes Meta

Revisions of nodejs20

Marco Strigl's avatar Marco Strigl (mstrigl) committed (revision 8) 
- Update to 20.12.1:
  * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
    leads to HTTP/2 server crash- (High) (bsc#1222244)
  * CVE-2024-27982 - HTTP Request Smuggling via Content Length
    Obfuscation- (Medium) (bsc#1222384)
  * updated dependencies:
    + llhttp version 9.2.1
    + undici version 5.28.4 (bsc#1222530, bsc#1222603, 
      CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts
- fix_ci_tests.patch: add benchmark fix

- Update to 20.12.0:
  * crypto: implement crypto.hash()
  * util: add loading and parsing environment variables
  * new connection attempt events: connectionAttempt,
    connectionAttemptFailed, connectionAttemptTimeout
  * sea: support embedding assets
  * support configurable snapshot through --build-snapshot-config flag
  * util.styleText(format, text): This function returns a formatted
    text considering the format passed.
  * vm: support using the default loader to handle dynamic import()
- c-ares-fixes.patch: removed, upstreamed
- nodejs-libpath.patch, versioned.patch: refreshed

  * libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)
Ruediger Oertel's avatar Ruediger Oertel (oertel) committed (revision 7) 
- Update to 20.11.1: (security updates)
  * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
  * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High)
  * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High)
  * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
  * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
  * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  * undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
  * libuv version 1.48.0 (CVE-2024-24806, bsc#1219724)

- update to 20.11.0:
  * esm: add import.meta.dirname and import.meta.filename
  * fs: add c++ fast path for writeFileSync utf8
  * module: remove useCustomLoadersIfPresent flag
  * module: bootstrap module loaders in shadow realm
  * src: add --disable-warning option
  * src: create per isolate proxy env template
  * src: make process binding data weak
  * stream: use Array for Readable buffer
  * stream: optimize creation
  * test_runner: adds built in lcov reporter
  * test_runner: add Date to the supported mock APIs
  * test_runner, cli: add --test-timeout flag
- c-ares-fixes.patch, fix_ci_tests.patch: refreshed

- fix_ci_tests.patch: disable test_crypto_fips for openssl 3.x,
  to be fixed soon (bsc#1219152)
Ruediger Oertel's avatar Ruediger Oertel (oertel) committed (revision 6) 
initialize package
Ruediger Oertel's avatar Ruediger Oertel (oertel) committed (revision 5) 
undeleted by hilbertsync
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 4) 
on request of nilxam
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 3) 
- Security fixes relase 20.8.1
  * (CVE-2023-44487, bsc#1216190): nghttp2 Security Release
  * (CVE-2023-45143, bsc#1216205): undici Security Release
  * (CVE-2023-39332, bsc#1216271): Path traversal through path stored in Uint8Array
  * (CVE-2023-39331, bsc#1216270): Permission model improperly protects against path traversal
  * (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented
  * (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names
- fix_ci_tests.patch: refreshed

- Update to 20.8.0:
  * Stream performance improvements
  * Rework of memory management in vm APIs with the importModuleDynamically
    option
  * test_runner:
    + accept testOnly in run
    + add junit reporter
- fix_ci_tests.patch: refreshed
Ruediger Oertel's avatar Ruediger Oertel (oertel) committed (revision 2) 
still jsc#PED-4819
libicu is now unbundled

- Update to 20.7.0:
  * src: support multiple --env-file declarations
  * deps: upgrade npm to 10.1.0
  * doc: move and rename loaders section
  * lib: add api to detect whether source-maps are enabled
  * src,permission: add multiple allow-fs-* flags
  * test_runner: expose location of tests
- z13.patch: upstreamed

- Update to 20.6.1:
  * f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: removed, upstreamed

- f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: fixes issues with
  Angular and other software that tries to load ECM modules in
  somewhat circular fashion ending up with multiple executions.

- Update to 20.6.0:
  * add support for .env files to configure envrionment variables
  * import.meta.resolve unflagged
  * deps: npm updated to 9.8.1
- nodejs.keyring: updated to include current upstream releasers
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 1) 
jsc#PED-4819

bugowner: adamm
Displaying all 8 revisions
openSUSE Build Service is sponsored by
Places