rpms/nodejs
8
0
Fork 0
mirror of https://src.fedoraproject.org/rpms/nodejs18.git synced 2024-11-24 17:44:23 +00:00
Code Issues 7 Projects Releases Packages Wiki Activity Actions
nodejs/sources

8 lines
1.2 KiB
Text
Raw Normal View History

Update to 18.18.2 This is a security release. The following CVEs are fixed in this release: * [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High) * [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High) * [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium) * [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low) More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-10-16 17:11:30 +00:00
SHA512 (node-v18.18.2-stripped.tar.gz) = bb36ffff9cac15d93771b5cc1fd5f3767ee1f315264596b31dc8476b637a202b9e00f5dcca1e39b94146fa2def78cd919b6c9a3d5454bdf8b051520065239477
Update to 18.18.0 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-09-20 17:48:16 +00:00
SHA512 (icu4c-73_2-data-bin-b.zip) = 8512947da7b2a927627abed6bd7e04218cd4fcd02d44eb72a82ffa87aedabfc3be5d3152e9fba33a769ef35e2db55764c2ab8f5bd65b4e89aa9c15b33392e078
SHA512 (icu4c-73_2-data-bin-l.zip) = 420c2f5090927dab13f5449da3b0ec7bf86a91ea8723f177aca2907a8eea9bcb4c3475b66c54355ae320001813db57a00afdab00bd85b8c36d39adedcab80bfc
Update to 18.18.2 This is a security release. The following CVEs are fixed in this release: * [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High) * [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High) * [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium) * [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low) More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-10-16 17:11:30 +00:00
SHA512 (cjs-module-lexer-1.2.2-stripped.tar.gz) = b6321404e47ff41c92bf164f0d3bdb3071a302c583883a9a3ee9de78a6751fc61c52b9732c164aaef857840b22145ef3d3ade319265bdd739c22dc899318090c
Update to 18.13.0 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-16 16:29:46 +00:00
SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20
Update to 18.18.2 This is a security release. The following CVEs are fixed in this release: * [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High) * [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High) * [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium) * [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low) More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-10-16 17:11:30 +00:00
SHA512 (undici-5.26.3-stripped.tar.gz) = 94a568a6c1aad93d8085716d31804360bf26c4d943a34381a30491917d0c274765dbcdf62a26bda7064a5db3fae522ce6bca2d65af1ba3bc5627e359c4cdf27e
Update to 18.17.1 ** 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @RafaelGSS This is a security release. *** Notable Changes The following CVEs are fixed in this release: * [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002): Policies can be bypassed via Module.\_load (High) * [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006): Policies can be bypassed by module.constructor.createRequire (Medium) * [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559): Policies can be bypassed via process.binding (Medium) * OpenSSL Security Releases * [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html). * [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html). * [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html) More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/) blog post. ** 2023-07-18, Version 18.17.0 'Hydrogen' (LTS), @danielleadams *** Notable Changes **** Ada 2.0 Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url. Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4, while also eliminating the need for the ICU requirement for URL hostname parsing. Contributed by Yagiz Nizipli and Daniel Lemire in [#47339](https://github.com/nodejs/node/pull/47339) **** Web Crypto API Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations. This further improves interoperability with other implementations of Web Crypto API. Contributed by Filip Skokan in [#46067](https://github.com/nodejs/node/pull/46067) * **crypto**: * update root certificates to NSS 3.89 (Node.js GitHub Bot) [#47659](https://github.com/nodejs/node/pull/47659) * **dns**: * **(SEMVER-MINOR)** expose getDefaultResultOrder (btea) [#46973](https://github.com/nodejs/node/pull/46973) * **doc**: * add ovflowd to collaborators (Claudio Wunder) [#47844](https://github.com/nodejs/node/pull/47844) * add KhafraDev to collaborators (Matthew Aitken) [#47510](https://github.com/nodejs/node/pull/47510) * **events**: * **(SEMVER-MINOR)** add getMaxListeners method (Matthew Aitken) [#47039](https://github.com/nodejs/node/pull/47039) * **fs**: * **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#47084](https://github.com/nodejs/node/pull/47084) * **(SEMVER-MINOR)** add recursive option to readdir and opendir (Ethan Arrowood) [#41439](https://github.com/nodejs/node/pull/41439) * **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#47084](https://github.com/nodejs/node/pull/47084) * **(SEMVER-MINOR)** implement byob mode for readableWebStream() (Debadree Chatterjee) [#46933](https://github.com/nodejs/node/pull/46933) * **http**: * **(SEMVER-MINOR)** prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) [#47732](https://github.com/nodejs/node/pull/47732) * **(SEMVER-MINOR)** remove internal error in assignSocket (Matteo Collina) [#47723](https://github.com/nodejs/node/pull/47723) * **(SEMVER-MINOR)** add highWaterMark opt in http.createServer (HinataKah0) [#47405](https://github.com/nodejs/node/pull/47405) * **lib**: * **(SEMVER-MINOR)** add webstreams to Duplex.from() (Debadree Chatterjee) [#46190](https://github.com/nodejs/node/pull/46190) * **(SEMVER-MINOR)** implement AbortSignal.any() (Chemi Atlow) [#47821](https://github.com/nodejs/node/pull/47821) * **module**: * change default resolver to not throw on unknown scheme (Gil Tayar) [#47824](https://github.com/nodejs/node/pull/47824) * **node-api**: * **(SEMVER-MINOR)** define version 9 (Chengzhong Wu) [#48151](https://github.com/nodejs/node/pull/48151) * **(SEMVER-MINOR)** deprecate napi\_module\_register (Vladimir Morozov) [#46319](https://github.com/nodejs/node/pull/46319) * **stream**: * **(SEMVER-MINOR)** preserve object mode in compose (Raz Luvaton) [#47413](https://github.com/nodejs/node/pull/47413) * **(SEMVER-MINOR)** add setter & getter for default highWaterMark (#46929) (Robert Nagy) [#46929](https://github.com/nodejs/node/pull/46929) * **test**: * unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) [#48078](https://github.com/nodejs/node/pull/48078) * **test\_runner**: * **(SEMVER-MINOR)** add shorthands to `test` (Chemi Atlow) [#47909](https://github.com/nodejs/node/pull/47909) * **(SEMVER-MINOR)** support combining coverage reports (Colin Ihrig) [#47686](https://github.com/nodejs/node/pull/47686) * **(SEMVER-MINOR)** execute before hook on test (Chemi Atlow) [#47586](https://github.com/nodejs/node/pull/47586) * **(SEMVER-MINOR)** expose reporter for use in run api (Chemi Atlow) [#47238](https://github.com/nodejs/node/pull/47238) * **tools**: * update LICENSE and license-builder.sh (Santiago Gimeno) [#48078](https://github.com/nodejs/node/pull/48078) * **url**: * **(SEMVER-MINOR)** implement URL.canParse (Matthew Aitken) [#47179](https://github.com/nodejs/node/pull/47179) * **wasi**: * **(SEMVER-MINOR)** no longer require flag to enable wasi (Michael Dawson) [#47286](https://github.com/nodejs/node/pull/47286) Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-09 20:33:19 +00:00
SHA512 (wasi-sdk-20.0-linux.tar.gz) = ff3d368267526887534f50767ff010bd368e9c24178ab2f0cf57a8ed0b3a82fbf85986d620ab2327ac6bb3f456c65adc6edb80626a1289e630dde7e43b191b42
Reference in a new issue Copy permalink