Commit graph

724 commits

Author SHA1 Message Date
Stephen Gallagher
7d157a9ac8 Update to 18.17.1
** 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @RafaelGSS

This is a security release.

*** Notable Changes

The following CVEs are fixed in this release:

* [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002):  Policies can be bypassed via Module.\_load (High)
* [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006): Policies can be bypassed by module.constructor.createRequire (Medium)
* [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559): Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
  * [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html).
  * [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html).
  * [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html)

More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/) blog post.

** 2023-07-18, Version 18.17.0 'Hydrogen' (LTS), @danielleadams

*** Notable Changes

**** Ada 2.0

Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements
to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url.

Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the
improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.

Contributed by Yagiz Nizipli and Daniel Lemire in [#47339](https://github.com/nodejs/node/pull/47339)

**** Web Crypto API

Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations.
This further improves interoperability with other implementations of Web Crypto API.

Contributed by Filip Skokan in [#46067](https://github.com/nodejs/node/pull/46067)

* **crypto**:
  * update root certificates to NSS 3.89 (Node.js GitHub Bot) [#47659](https://github.com/nodejs/node/pull/47659)
* **dns**:
  * **(SEMVER-MINOR)** expose getDefaultResultOrder (btea) [#46973](https://github.com/nodejs/node/pull/46973)
* **doc**:
  * add ovflowd to collaborators (Claudio Wunder) [#47844](https://github.com/nodejs/node/pull/47844)
  * add KhafraDev to collaborators (Matthew Aitken) [#47510](https://github.com/nodejs/node/pull/47510)
* **events**:
  * **(SEMVER-MINOR)** add getMaxListeners method (Matthew Aitken) [#47039](https://github.com/nodejs/node/pull/47039)
* **fs**:
  * **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#47084](https://github.com/nodejs/node/pull/47084)
  * **(SEMVER-MINOR)** add recursive option to readdir and opendir (Ethan Arrowood) [#41439](https://github.com/nodejs/node/pull/41439)
  * **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#47084](https://github.com/nodejs/node/pull/47084)
  * **(SEMVER-MINOR)** implement byob mode for readableWebStream() (Debadree Chatterjee) [#46933](https://github.com/nodejs/node/pull/46933)
* **http**:
  * **(SEMVER-MINOR)** prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) [#47732](https://github.com/nodejs/node/pull/47732)
  * **(SEMVER-MINOR)** remove internal error in assignSocket (Matteo Collina) [#47723](https://github.com/nodejs/node/pull/47723)
  * **(SEMVER-MINOR)** add highWaterMark opt in http.createServer (HinataKah0) [#47405](https://github.com/nodejs/node/pull/47405)
* **lib**:
  * **(SEMVER-MINOR)** add webstreams to Duplex.from() (Debadree Chatterjee) [#46190](https://github.com/nodejs/node/pull/46190)
  * **(SEMVER-MINOR)** implement AbortSignal.any() (Chemi Atlow) [#47821](https://github.com/nodejs/node/pull/47821)
* **module**:
  * change default resolver to not throw on unknown scheme (Gil Tayar) [#47824](https://github.com/nodejs/node/pull/47824)
* **node-api**:
  * **(SEMVER-MINOR)** define version 9 (Chengzhong Wu) [#48151](https://github.com/nodejs/node/pull/48151)
  * **(SEMVER-MINOR)** deprecate napi\_module\_register (Vladimir Morozov) [#46319](https://github.com/nodejs/node/pull/46319)
* **stream**:
  * **(SEMVER-MINOR)** preserve object mode in compose (Raz Luvaton) [#47413](https://github.com/nodejs/node/pull/47413)
  * **(SEMVER-MINOR)** add setter & getter for default highWaterMark (#46929) (Robert Nagy) [#46929](https://github.com/nodejs/node/pull/46929)
* **test**:
  * unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) [#48078](https://github.com/nodejs/node/pull/48078)
* **test\_runner**:
  * **(SEMVER-MINOR)** add shorthands to `test` (Chemi Atlow) [#47909](https://github.com/nodejs/node/pull/47909)
  * **(SEMVER-MINOR)** support combining coverage reports (Colin Ihrig) [#47686](https://github.com/nodejs/node/pull/47686)
  * **(SEMVER-MINOR)** execute before hook on test (Chemi Atlow) [#47586](https://github.com/nodejs/node/pull/47586)
  * **(SEMVER-MINOR)** expose reporter for use in run api (Chemi Atlow) [#47238](https://github.com/nodejs/node/pull/47238)
* **tools**:
  * update LICENSE and license-builder.sh (Santiago Gimeno) [#48078](https://github.com/nodejs/node/pull/48078)
* **url**:
  * **(SEMVER-MINOR)** implement URL.canParse (Matthew Aitken) [#47179](https://github.com/nodejs/node/pull/47179)
* **wasi**:
  * **(SEMVER-MINOR)** no longer require flag to enable wasi (Michael Dawson) [#47286](https://github.com/nodejs/node/pull/47286)

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-09 16:33:19 -04:00
Fedora Release Engineering
544f76d98b Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-20 16:47:35 +00:00
Stephen Gallagher
d1beeb0f81 Sync to latest nodejs-sources.sh
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-07-12 13:36:15 -04:00
Stephen Gallagher
a955794775 Update to security release 18.16.1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-06-21 10:02:16 -04:00
Stephen Gallagher
8feb3e5509 sources: install jinja2 if needed
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-06-21 09:19:01 -04:00
Stephen Gallagher
dfeab1ea3d
Fix NPM Obsoletes
The version of npm shipped by nodejs20 in the frozen F38 repo is
higher than the version provided by the default nodejs18. This
works around that.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-05-15 09:37:29 -04:00
Stephen Gallagher
14431056f7
Fix up shebangs for npm and npx
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-28 10:46:32 -04:00
Stephen Gallagher
00573643f6
Add README for packagers
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-27 13:51:35 -04:00
Stephen Gallagher
7fac550d3e
nodejs-sources.sh: Add --debug flag
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-27 08:58:13 -04:00
Stephen Gallagher
4e9436a835
Replace /usr/etc/npmrc symlink with builtin configuration
We want to have the system-level npmrc located at /etc/npmrc.
By default, npm looks for it in /usr/etc/npmrc,
so we placed a symlink to /etc/npmrc there.
However, we are the only known package that has anything in /usr/etc,
which confuses and/or breaks various tooling (see related bug).

This gets rid of the symlink,
and instead uses "builtin"-level configuration of npm
to cause it to load the system-level configuration from /etc/npmrc.

Related: rhbz#2177776

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-27 08:50:37 -04:00
Stephen Gallagher
7559b10a65
Apply to spec also
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 15:14:32 -04:00
Stephen Gallagher
bca6ea5ea2
Fix manpage symlinks
Resolves: rhbz#2187978

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 15:13:29 -04:00
Stephen Gallagher
a7bb99ba07
Rebase Fedora patches
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 12:37:19 -04:00
Stephen Gallagher
a98d03435c
Update to 18.16.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.16.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 12:31:13 -04:00
Stephen Gallagher
0362f42fb0
Don't 'Provides: npm' on non-default
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-11 15:23:07 -04:00
Stephen Gallagher
7000efe305
Adjust nodejs-devel Provides
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-03 09:07:15 -04:00
Stephen Gallagher
4ffd58b121
Pull in changes from nodejs20
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-30 08:50:27 -04:00
Stephen Gallagher
4aadc166bf
Fix build issue on non-default releases
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 19:10:34 -04:00
Stephen Gallagher
c2b89a7006
Fix libv8 packaging issue
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 14:55:11 -04:00
Stephen Gallagher
580f45bab6
Namespace the v8 compat libraries
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-16 15:37:40 -04:00
Stephen Gallagher
6e5a66a778
Update to 18.15.0
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.15.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-09 10:28:50 -05:00
Stephen Gallagher
b77028c109
template: Re-sync from nodejs20
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 15:08:30 -05:00
Stephen Gallagher
dc374d2c11
Also drop patch from specfile
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-23 15:17:55 -05:00
Stephen Gallagher
18c023f26e
Drop unneeded patch
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-23 15:16:26 -05:00
Stephen Gallagher
b1efdc3f55
Update to latest version of nodejs-sources.sh
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 14:59:23 -05:00
Stephen Gallagher
2193e314cf
Update to 18.14.2
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 14:47:39 -05:00
Stephen Gallagher
2ec1a0503b
Update to v18.14.1
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.14.1
- packaging: Drop vestigial package.cfg file.
- packaging: Fix spec template
- packaging: Make nodejs-sources.sh clean up after itself

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-17 11:10:30 -05:00
Stephen Gallagher
c541b7e256
Set Node.js 18.x as the default for RHEL 10
This will likely change to 20.x closer to release, but we need a
default in place for the time being.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-27 13:36:00 -05:00
Stephen Gallagher
8cfad4cd12
sources: Fix typo preventing upload
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 17:18:47 -05:00
Stephen Gallagher
148cb7de34
sources: Use spec template for ICU URL
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 16:53:27 -05:00
Stephen Gallagher
99e9cbbbe5
Fix important typo
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 15:41:05 -05:00
Stephen Gallagher
443d608e13
Fix v8 symlinks
Resolves: rhbz#2163346

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 15:32:31 -05:00
Stephen Gallagher
bd35f75e9f
Rework nodejs-sources.sh
This will now automatically update the specfile from the
.packaging/nodejs.spec.in template.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 15:27:59 -05:00
Fedora Release Engineering
c2526cc511 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 21:42:59 +00:00
Stephen Gallagher
679308e617
Update to 18.13.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-16 11:29:51 -05:00
Stephen Gallagher
35ce6bd08e
Disable gating for now
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-13 14:26:58 -05:00
Stephen Gallagher
2851ac84ca
Use requires instead of conflicts for -docs
Conflicts causes issues with parallel-installation of non-default
Node.js versions.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:19 -05:00
Stephen Gallagher
e518e262b3
Add pretrans scriptlet for node_modules
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:19 -05:00
Stephen Gallagher
cc73e226d4
Add proper npm obsoletes
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:18 -05:00
Stephen Gallagher
592c8cae25
Drop redundant default definition
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:17 -05:00
Stephen Gallagher
ee9d5d135c
Enable parallel-installation
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:11 -05:00
Jan Staněk
a3c7fd02a8
Check bundled WASM sources for version mismatch 2022-12-12 14:42:28 +01:00
Jan Staněk
267026f111
Include sources for WASM blobs 2022-12-12 14:42:27 +01:00
Stephen Gallagher
ea87d2c1bc
Update to security release 18.12.1
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.12.1
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-11-07 08:19:35 -05:00
Stephen Gallagher
64be0117c5
Update python3_fixup
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-11-01 10:21:54 -04:00
Stephen Gallagher
7c7a75f64b
Move native module autorequires to nodejs-packaging
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-10-20 10:05:37 -04:00
Stephen Gallagher
08c7ea5ebe
Fix symlinks
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-10-19 20:28:01 -04:00
Stephen Gallagher
33ebc0634d
Update to 18.11.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.11.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-10-19 16:33:20 -04:00
Stephen Gallagher
8d3e75401d
Update to 18.10.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.10.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-10-04 16:29:31 -04:00
Stephen Gallagher
4c37e579db
Fix incorrect version number
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-09-23 16:03:16 -04:00