Changelog for
npm11-11.10.0-1.4.x86_64.rpm :
Fri Feb 15 13:00:00 2019 adam.majerAATTsuse.de
- New upstream release 11.10.0:
* child_process: close pipe ends that are re-piped
* crypto:
+ don\'t crash X509ToObject on error
+ fix public key encoding name in comment
* deps: npm updated to 6.7.0
* http:
+ improve performance for incoming headers
+ makes response.writeHead return the response
+ make timeout event work with agent timeout
* http2: makes response.writeHead return the response
* perf_hooks: implement histogram based api
* process:
+ normalize process.argv before user code execution
+ expose process.features.inspector
* repl: add repl.setupHistory for programmatic repl
* tls: introduce client \'session\' event
- fix_ci_tests.patch: remove part of parallel/test-dns
- versioned.patch: refreshed
Fri Feb 1 13:00:00 2019 adam.majerAATTsuse.de
- nodejs.keyring: update keyring to today\'s list as per
https://github.com/nodejs/node
Fri Feb 1 13:00:00 2019 adam.majerAATTsuse.de
- New upstream release 11.9.0:
* internal changes to ship OpenSSL 1.1.1, which has already been
used on all openSUSE platforms.
- test-brotli.patch: removed, upstreamed
Mon Jan 28 13:00:00 2019 adam.majerAATTsuse.de
- New upstream releases 11.8.0:
* events: For unhandled error events with an argument that is not
an Error object, the resulting exeption will have more information
about the argument.
* child_process: When the maxBuffer option is passed, stdout and
stderr will be truncated rather than unavailable in case of an error.
* policy: Experimental support for module integrity checks through
a manifest file is implemented now.
* n-api: The napi_threadsafe_function feature is now stable.
* report: An experimental diagnostic API for capturing process state
is available as process.report and through command line flags.
* tls: tls.connect() takes a timeout option analogous to
the net.connect() one.
* worker:
+ process.umask() is available as a read-only function inside
Worker threads
+ An execArgv option that supports a subset of Node.js command
line options is now supported.
- Changes in version 11.7.0:
* compression / zlib: Added brotli support
* console: Added inspectOptions option
* crypto: Always accept private keys as public keys
* deps: Upgrade npm to v6.5.0
* fs: Use internalBinding(\'fs\') internally instead of
process.binding(\'fs\')
* http(s): Support overriding http(s).globalAgent
* util: Inspect ArrayBuffers contents closely
* worker: Expose workers and remove --experimental-worker flag
- test-brotli.patch: fixes assumption about compression
- versioned.patch: refreshed
- nodejs-libpath.patch: refreshed
Thu Jan 10 13:00:00 2019 adam.majerAATTsuse.de
- versioned.patch: set correct node version in environment
(bsc#1121188)
Mon Jan 7 13:00:00 2019 adam.majerAATTsuse.de
- New upstream releases 11.6.0:
* cli: add --max-http-header-size flag
* crypto:
+ always accept certificates as public keys
+ add key object API
* deps:
+ upgrade to libuv 1.24.1
+ upgrade npm to 6.5.0
* http: add maxHeaderSize property
- Changes in version 11.5.0:
* tls: support \"BEGIN TRUSTED CERTIFICATE\" for ca:
* util: add inspection getter option
- Changes in version 11.4.0:
* console,util:
+ console functions now handle symbols as defined in the spec.
+ The inspection depth default is now back at 2.
* dgram,net: Added ipv6Only option for net and dgram
* http: Chosing between the http parser is now possible per
runtime flag.
* readline: The readline module now supports async iterators.
* repl: The multiline history feature is removed.
* tls:
+ Added min/max protocol version options.
+ The X.509 public key info now includes the RSA bit size and
the elliptic curve.
* url: pathToFileURL() now supports LF, CR and TAB.
- fix_ci_tests.patch: refreshed
- versioned.patch: refreshed
- skip_test_on_lowmem.patch: skip test on low-memory build machine
- env_shebang.patch: dropped in favour of programmatic update
Thu Dec 6 13:00:00 2018 adam.majerAATTsuse.de
- New upstream release 11.3.0:
* deps: Upgrade to OpenSSL 1.1.0j, fixing
+ Timing vulnerability in DSA signature generation
(bsc#1113652, CVE-2018-0734)
+ Timing vulnerability in ECDSA signature generation
(bsc#1113651, CVE-2018-0735)
* http:
+ Headers received by HTTP servers must not exceed 8192 bytes
in total to prevent possible Denial of Service attacks.
(bsc#1117626, CVE-2018-12121)
+ A timeout of 40 seconds now applies to servers receiving
HTTP headers. This value can be adjusted with
server.headersTimeout. Where headers are not completely
received within this period, the socket is destroyed on
the next received chunk. In conjunction
with server.setTimeout(), this aids in protecting against
excessive resource retention and possible Denial of Service.
(bsc#1117627, CVE-2018-12122)
* url: Fix a bug that would allow a hostname being spoofed when
parsing URLs with url.parse() with the \'javascript:\' protocol.
(bsc#1117629, CVE-2018-12123)
Mon Nov 26 13:00:00 2018 adam.majerAATTsuse.de
- New upstream release 11.2.0:
* deps: A new experimental HTTP parser (llhttp) is now supported.
* timers: Fixed an issue that could cause setTimeout to stop
working as expected.
- flaky_test_rerun.patch: Rerun failing tests in case of flakiness
- fix_ci_tests.patch: refreshed
Thu Nov 8 13:00:00 2018 adam.majerAATTsuse.de
- New upstream release 11.1.0:
* repl: Top-level for-await-of is now supported in the REPL.
* timers: Fixed an issue that could cause timers to enter
an infinite loop.
- openssl_fix.patch: removed, upstreamed
- fix_ci_tests.patch: refreshed
Thu Oct 25 14:00:00 2018 adam.majerAATTsuse.de
- Initial release of NodeJS 11.0.0
- Notable changes since NodeJS 10.12.0:
* Use of process.binding() has been deprecated.
* An experimental implementation of queueMicrotask() is added.
* child_process: The default value of the windowsHide option
has been changed to true.
* deps: V8 has been updated to 7.0.
* fs:
+ fs.read() method now requires a callback
+ The previously deprecated fs.SyncWriteStream utility has
been removed
* http: The http, https, and tls modules now use the WHATWG URL
parser by default.
* timers: nextTick queue will be run after each immediate and timer.
* util:
+ WHATWG TextEncoder and TextDecoder are now globals.
+ util.inspect() output size is limited to 128 MB by default.
+ A runtime warning will be emitted when NODE_DEBUG is set for
either http or http2.