Stephen Gallagher
7d157a9ac8
Update to 18.17.1
...
** 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
*** Notable Changes
The following CVEs are fixed in this release:
* [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002 ): Policies can be bypassed via Module.\_load (High)
* [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006 ): Policies can be bypassed by module.constructor.createRequire (Medium)
* [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559 ): Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
* [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html ).
* [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html ).
* [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html )
More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/ ) blog post.
** 2023-07-18, Version 18.17.0 'Hydrogen' (LTS), @danielleadams
*** Notable Changes
**** Ada 2.0
Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements
to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the
improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in [#47339 ](https://github.com/nodejs/node/pull/47339 )
**** Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations.
This further improves interoperability with other implementations of Web Crypto API.
Contributed by Filip Skokan in [#46067 ](https://github.com/nodejs/node/pull/46067 )
* **crypto**:
* update root certificates to NSS 3.89 (Node.js GitHub Bot) [#47659 ](https://github.com/nodejs/node/pull/47659 )
* **dns**:
* **(SEMVER-MINOR)** expose getDefaultResultOrder (btea) [#46973 ](https://github.com/nodejs/node/pull/46973 )
* **doc**:
* add ovflowd to collaborators (Claudio Wunder) [#47844 ](https://github.com/nodejs/node/pull/47844 )
* add KhafraDev to collaborators (Matthew Aitken) [#47510 ](https://github.com/nodejs/node/pull/47510 )
* **events**:
* **(SEMVER-MINOR)** add getMaxListeners method (Matthew Aitken) [#47039 ](https://github.com/nodejs/node/pull/47039 )
* **fs**:
* **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#47084 ](https://github.com/nodejs/node/pull/47084 )
* **(SEMVER-MINOR)** add recursive option to readdir and opendir (Ethan Arrowood) [#41439 ](https://github.com/nodejs/node/pull/41439 )
* **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#47084 ](https://github.com/nodejs/node/pull/47084 )
* **(SEMVER-MINOR)** implement byob mode for readableWebStream() (Debadree Chatterjee) [#46933 ](https://github.com/nodejs/node/pull/46933 )
* **http**:
* **(SEMVER-MINOR)** prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) [#47732 ](https://github.com/nodejs/node/pull/47732 )
* **(SEMVER-MINOR)** remove internal error in assignSocket (Matteo Collina) [#47723 ](https://github.com/nodejs/node/pull/47723 )
* **(SEMVER-MINOR)** add highWaterMark opt in http.createServer (HinataKah0) [#47405 ](https://github.com/nodejs/node/pull/47405 )
* **lib**:
* **(SEMVER-MINOR)** add webstreams to Duplex.from() (Debadree Chatterjee) [#46190 ](https://github.com/nodejs/node/pull/46190 )
* **(SEMVER-MINOR)** implement AbortSignal.any() (Chemi Atlow) [#47821 ](https://github.com/nodejs/node/pull/47821 )
* **module**:
* change default resolver to not throw on unknown scheme (Gil Tayar) [#47824 ](https://github.com/nodejs/node/pull/47824 )
* **node-api**:
* **(SEMVER-MINOR)** define version 9 (Chengzhong Wu) [#48151 ](https://github.com/nodejs/node/pull/48151 )
* **(SEMVER-MINOR)** deprecate napi\_module\_register (Vladimir Morozov) [#46319 ](https://github.com/nodejs/node/pull/46319 )
* **stream**:
* **(SEMVER-MINOR)** preserve object mode in compose (Raz Luvaton) [#47413 ](https://github.com/nodejs/node/pull/47413 )
* **(SEMVER-MINOR)** add setter & getter for default highWaterMark (#46929 ) (Robert Nagy) [#46929 ](https://github.com/nodejs/node/pull/46929 )
* **test**:
* unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) [#48078 ](https://github.com/nodejs/node/pull/48078 )
* **test\_runner**:
* **(SEMVER-MINOR)** add shorthands to `test` (Chemi Atlow) [#47909 ](https://github.com/nodejs/node/pull/47909 )
* **(SEMVER-MINOR)** support combining coverage reports (Colin Ihrig) [#47686 ](https://github.com/nodejs/node/pull/47686 )
* **(SEMVER-MINOR)** execute before hook on test (Chemi Atlow) [#47586 ](https://github.com/nodejs/node/pull/47586 )
* **(SEMVER-MINOR)** expose reporter for use in run api (Chemi Atlow) [#47238 ](https://github.com/nodejs/node/pull/47238 )
* **tools**:
* update LICENSE and license-builder.sh (Santiago Gimeno) [#48078 ](https://github.com/nodejs/node/pull/48078 )
* **url**:
* **(SEMVER-MINOR)** implement URL.canParse (Matthew Aitken) [#47179 ](https://github.com/nodejs/node/pull/47179 )
* **wasi**:
* **(SEMVER-MINOR)** no longer require flag to enable wasi (Michael Dawson) [#47286 ](https://github.com/nodejs/node/pull/47286 )
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-09 16:33:19 -04:00
Stephen Gallagher
a955794775
Update to security release 18.16.1
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-06-21 10:02:16 -04:00
Stephen Gallagher
a98d03435c
Update to 18.16.0
...
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.16.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 12:31:13 -04:00
Stephen Gallagher
6e5a66a778
Update to 18.15.0
...
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.15.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-09 10:28:50 -05:00
Stephen Gallagher
2193e314cf
Update to 18.14.2
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 14:47:39 -05:00
Stephen Gallagher
2ec1a0503b
Update to v18.14.1
...
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.14.1
- packaging: Drop vestigial package.cfg file.
- packaging: Fix spec template
- packaging: Make nodejs-sources.sh clean up after itself
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-17 11:10:30 -05:00
Stephen Gallagher
679308e617
Update to 18.13.0
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-16 11:29:51 -05:00
Jan Staněk
267026f111
Include sources for WASM blobs
2022-12-12 14:42:27 +01:00
Stephen Gallagher
ea87d2c1bc
Update to security release 18.12.1
...
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.12.1
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-11-07 08:19:35 -05:00
Stephen Gallagher
33ebc0634d
Update to 18.11.0
...
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.11.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-10-19 16:33:20 -04:00
Stephen Gallagher
8d3e75401d
Update to 18.10.0
...
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.10.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-10-04 16:29:31 -04:00
Stephen Gallagher
f924bef5fc
Update to 18.9.1
...
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.9.1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-09-23 15:32:42 -04:00
Stephen Gallagher
fa95cc99d9
Update to Node.js 18.9.0
...
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.9.0
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.8.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-09-14 16:36:15 -04:00
Stephen Gallagher
45296320d1
Update to 18.7.0
...
Add bcond to disable building the included npm.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-07-27 15:00:23 -04:00
Stephen Gallagher
6ad3fc8fda
Update to 18.6.0
...
Switch to ninja for faster builds
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-07-14 19:57:13 -04:00
Stephen Gallagher
e0e64a6d19
Update to 18.5.0
...
Add %autorelease support
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-07-11 09:42:57 -04:00
Stephen Gallagher
50d0647ce7
Update to Node.js 18.4.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.4.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-06-17 09:11:38 -04:00
Stephen Gallagher
40ffbd5092
Update to Node.js 18.3.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.3.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-06-07 13:24:16 -04:00
Jan Staněk
cfd6873493
Patch node.gyp in place of leaving OpenSSL bits in place
2022-05-31 13:30:35 +02:00
Stephen Gallagher
cec740c48c
Update to Node.js 18.2.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-05-17 16:15:56 -04:00
Stephen Gallagher
475401441a
Update to Node.js 18.1.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.1.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-05-05 15:54:17 -04:00
Stephen Gallagher
6a5af18121
First release of 18.0.0
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-04-28 14:48:05 -04:00
Stephen Gallagher
f36552580f
Update to Node.js 16.15.0
...
Stop carrying full ICU sources now that the binary data is available
Properly version the v8 virtual Provides
Bundle nghttp2
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-04-27 19:13:00 -04:00
Stephen Gallagher
37e63a09a3
Update to Node.js 16.14.1
...
Drop corepack
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-03-17 12:26:51 -04:00
Stephen Gallagher
0ee3e7e83c
Update to Node.js 16.14.0
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-02-08 15:55:05 -05:00
Stephen Gallagher
b699bdb677
Update npm to 8.3.1 (CVE-2021-43616)
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-02-03 16:25:10 -05:00
Stephen Gallagher
6198b7db15
Bundle zlib on EPEL 7
...
RHEL 7 has zlib 1.2.7, which is too old for NPM.
RHEL 7 is upgrading from 4.x, so we need to re-add the pretrans
scriptlet for npm.
Also clean up and simplify some of the various version macros.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-01-19 14:13:28 -05:00
Stephen Gallagher
97203e0629
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
...
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Prototype pollution via `console.table` properties (Low)(CVE-2022-21824)
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-01-11 14:24:23 -05:00
Stephen Gallagher
7a3f77a0c3
Update to 16.13.1
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.13.1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-12-02 08:06:21 -05:00
Stephen Gallagher
a2ee1ccfdd
Update to 16.13.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.13.0
Add support for epel8
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-11-05 14:56:57 -04:00
Stephen Gallagher
aba90e54b0
Update to 16.12.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.12.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-10-25 09:58:28 -04:00
Stephen Gallagher
4c556b450b
Update to 16.11.1
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.11.0
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.11.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-10-13 15:11:35 -04:00
Stephen Gallagher
e13a2ee556
Update to 16.10.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.10.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-09-23 16:16:56 -04:00
Stephen Gallagher
97563f52cd
Update to 16.9.1
...
Add experimental 'corepack' tool
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.9.0
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.9.1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-09-13 17:05:10 -04:00
Stephen Gallagher
d4c00004d5
Update to 16.8.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.8.0
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.7.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-08-31 13:57:07 -04:00
Stephen Gallagher
41ef8447a8
Update to 16.6.2
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.6.2
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-08-11 16:36:32 -04:00
Stephen Gallagher
a659677e3a
Update to 16.6.1
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.6.1
Fixes v8 regression introduced in 16.6.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-08-03 11:13:30 -04:00
Stephen Gallagher
72af3e7809
Update to 16.6.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.6.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-08-02 08:59:07 -04:00
Stephen Gallagher
9285d83020
Update to 16.5.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.5.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-07-20 16:08:20 -04:00
Stephen Gallagher
7b85cf7acc
Update to 16.4.1
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.4.1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-07-01 14:07:44 -04:00
Stephen Gallagher
4057b49b1e
Update to 16.4.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.4.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-06-23 16:24:50 -04:00
Stephen Gallagher
f02a2195c9
Update to 16.3.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.3.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-06-04 10:55:20 -04:00
Stephen Gallagher
18a648f82c
Update to 16.2.0
...
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.2.0
Fix changelog version numbers
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-05-19 09:17:00 -04:00
Stephen Gallagher
9f9d592a89
Update to 16.1.0
...
- Update to 16.1.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.1.0
- Drop upstreamed patch
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-05-04 17:10:37 -04:00
Stephen Gallagher
49aeab92f0
First release of Node.js 16.x
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-04-29 09:41:42 -04:00
Stephen Gallagher
37e035e768
Update to 14.16.1
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-04-08 12:23:11 -04:00
Stephen Gallagher
a630cd6af9
Update to 14.16.0
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-02-23 13:53:36 -05:00
Stephen Gallagher
74b49c257f
Update to 14.15.4
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-01-04 15:18:59 -05:00
Stephen Gallagher
d4fae2de5a
Update to 14.15.1
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2020-12-02 20:53:53 -05:00
Stephen Gallagher
ab1676bdb3
Update to 14.14.0
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2020-10-19 09:37:56 -04:00