SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for nodejs21-devel-21.6.2-4.1.i586.rpm :

* Fri Feb 16 2024 Adam Majer - Update to 21.6.2: (security updates)
* (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
* (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High)
* (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High)
* (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
* libuv version 1.48.0
* Mon Feb 12 2024 Adam Majer - Update to 21.6.1:
* Revert \"stream: fix cloned webstreams not being unref\'d\"- Changes in 21.6.0:
* New connection attempt events
* --allow-addons to enable addon usage when using the Permission Model.
* Support configurable snapshot through --build-snapshot-config flag- fix_ci_tests.patch: refreshed
* Mon Jan 08 2024 Adam Majer - Update to 21.5.0:
* module: merge config with package_json_reader
* src: move package resolver to c++
* doc: + deprecate hash constructor + deprecate dirent.path- linker_lto_jobs.patch: refreshed
* Tue Jan 02 2024 Adam Majer - c-ares-fixes.patch: fixes unit tests for new c-ares
* Mon Dec 11 2023 Adam Majer - Update to 21.4.0:
* fs: introduce dirent.parentPath
* fs: use default w flag for writeFileSync with utf8 encoding- Changes in 21.3.0:
* New --disable-warning flag
* Fast fs.writeFileSync with UTF-8 Strings For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V21.md#21.4.0- fix_ci_tests.patch: added workaround for missing deps
* Thu Nov 23 2023 Adam Majer - node-gyp-addon-gypi.patch: fix misapplied patch (bsc#1217424)
* Wed Nov 15 2023 Adam Majer - Update to 21.2.0
* esm: add import.meta.dirname and import.meta.filename
* fs: add stacktrace to fs/promises
* lib: + add --no-experimental-global-navigator CLI flag + add navigator.language & navigator.languages + add navigator.platform
* stream: + add support for deflate-raw format to webstreams compression + use Array for Readable buffer + optimize creation
* test_runner: + adds built in lcov reporter + test_runner: add Date to the supported mock APIs + test_runner, cli: add --test-timeout flag For details see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V21.md#21.2.0- nodejs20-zlib-1.3.patch: upstreamed, dropped- node-gyp-addon-gypi.patch: rebased- fix_ci_tests.patch: partially upstreamed
* Tue Nov 07 2023 Adam Majer - Package new version 21.1.0 For overview of changes and details since 20.x and earlier see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V21.md#21.0.0- imported the following patches from prior patches: + cares_public_headers.patch + fix_ci_tests.patch + flaky_test_rerun.patch + gcc13.patch + legacy_python.patch + linker_lto_jobs.patch + manual_configure.patch + node-gyp-addon-gypi.patch + node-gyp-config.patch + nodejs20-zlib-1.3.patch + nodejs-libpath.patch + npm_search_paths.patch + openssl_binary_detection.patch + qemu_timeouts_arches.patch + skip_no_console.patch + sle12_python3_compat.patch + test-skip-y2038-on-32bit-time_t.patch + versioned.patch
  
ICM