Changelog for
nodejs11-11.15.0-2.1.i586.rpm :
* Mon Jul 29 2019 Adam Majer
- CVE-2019-13173.patch: fix potential file overwrite via hardlink in fstream.DirWriter() function (bsc#1140290, CVE-2019-13173)
* Fri May 03 2019 Adam Majer - New upstream release 11.15.0:
* tls: + add --tls-min-v1.2 CLI switch + supported shared openssl 1.1.0 + revert default max toTLSv1.2 + revert change to invalid protocol error type + support TLSv1.3 + add code for ERR_TLS_INVALID_PROTOCOL_METHOD- Changes in release 11.14.0:
* child_process: doc deprecate ChildProcess._channel
* deps: update bundled nghttp2 to 1.37.0
* dns: + make dns.promises enumerable + remove dns.promises experimental warning
* fs: remove experimental warning for fs.promises
* stream: make Symbol.asyncIterator support stable
* worker: use copy of process.env
* Sun Apr 07 2019 Guillaume GARDET - Add _constraints file to avoid OOM errors
* Fri Apr 05 2019 Adam Majer - New upstream release 11.13.0:
* crypto: Allow deriving public from private keys
* events: Added a once function to use EventEmitter with promises
* tty: + Added a hasColors method to WriteStream + Added NO_COLOR and FORCE_COLOR support
* v8: Added v8.getHeapSnapshot and v8.writeHeapSnapshot to generate snapshots in the format used by tools such as Chrome
* worker: Added worker.moveMessagePortToContext
* C++ API: + AddPromiseHook is now deprecated. + Added a Stop API to shut down Node.js while it is running- Changes in release 11.12.0:
* bootstrap: Add experimental --frozen-intrinsics flag
* deps: Upgrade openssl to 1.1.1b
* process: Make process[Symbol.toStringTag] writable again
* repl: Add util.inspect.replDefaults to customize the writer
* report: Rename triggerReport() to writeReport()- fix_ci_tests.patch: add another exception for our OpenSSL library- versioned.patch: refresh
* Thu Mar 07 2019 Adam Majer - New upstream release 11.11.0:
* n-api: Implement date object
* util: Add compact depth mode for util.inspect()
* worker: + Improve integration with native addons + MessagePort.prototype.onmessage takes arguments closer to the Web specification now
* Thu Feb 28 2019 Adam Majer - New upstream release 11.10.1:
* http: Further prevention of \"Slowloris\" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. (CVE-2019-5737, bsc#1127532)
* Fri Feb 15 2019 adam.majerAATTsuse.de- New upstream release 11.10.0:
* child_process: close pipe ends that are re-piped
* crypto: + don\'t crash X509ToObject on error + fix public key encoding name in comment
* deps: npm updated to 6.7.0
* http: + improve performance for incoming headers + makes response.writeHead return the response + make timeout event work with agent timeout
* http2: makes response.writeHead return the response
* perf_hooks: implement histogram based api
* process: + normalize process.argv before user code execution + expose process.features.inspector
* repl: add repl.setupHistory for programmatic repl
* tls: introduce client \'session\' event- fix_ci_tests.patch: remove part of parallel/test-dns- versioned.patch: refreshed
* Fri Feb 01 2019 adam.majerAATTsuse.de- nodejs.keyring: update keyring to today\'s list as per https://github.com/nodejs/node
* Fri Feb 01 2019 adam.majerAATTsuse.de- New upstream release 11.9.0:
* internal changes to ship OpenSSL 1.1.1, which has already been used on all openSUSE platforms.- test-brotli.patch: removed, upstreamed
* Mon Jan 28 2019 adam.majerAATTsuse.de- New upstream releases 11.8.0:
* events: For unhandled error events with an argument that is not an Error object, the resulting exeption will have more information about the argument.
* child_process: When the maxBuffer option is passed, stdout and stderr will be truncated rather than unavailable in case of an error.
* policy: Experimental support for module integrity checks through a manifest file is implemented now.
* n-api: The napi_threadsafe_function feature is now stable.
* report: An experimental diagnostic API for capturing process state is available as process.report and through command line flags.
* tls: tls.connect() takes a timeout option analogous to the net.connect() one.
* worker: + process.umask() is available as a read-only function inside Worker threads + An execArgv option that supports a subset of Node.js command line options is now supported.- Changes in version 11.7.0:
* compression / zlib: Added brotli support
* console: Added inspectOptions option
* crypto: Always accept private keys as public keys
* deps: Upgrade npm to v6.5.0
* fs: Use internalBinding(\'fs\') internally instead of process.binding(\'fs\')
* http(s): Support overriding http(s).globalAgent
* util: Inspect ArrayBuffers contents closely
* worker: Expose workers and remove --experimental-worker flag- test-brotli.patch: fixes assumption about compression- versioned.patch: refreshed- nodejs-libpath.patch: refreshed
* Thu Jan 10 2019 adam.majerAATTsuse.de- versioned.patch: set correct node version in environment (bsc#1121188)
* Mon Jan 07 2019 adam.majerAATTsuse.de- New upstream releases 11.6.0:
* cli: add --max-http-header-size flag
* crypto: + always accept certificates as public keys + add key object API
* deps: + upgrade to libuv 1.24.1 + upgrade npm to 6.5.0
* http: add maxHeaderSize property- Changes in version 11.5.0:
* tls: support \"BEGIN TRUSTED CERTIFICATE\" for ca:
* util: add inspection getter option- Changes in version 11.4.0:
* console,util: + console functions now handle symbols as defined in the spec. + The inspection depth default is now back at 2.
* dgram,net: Added ipv6Only option for net and dgram
* http: Chosing between the http parser is now possible per runtime flag.
* readline: The readline module now supports async iterators.
* repl: The multiline history feature is removed.
* tls: + Added min/max protocol version options. + The X.509 public key info now includes the RSA bit size and the elliptic curve.
* url: pathToFileURL() now supports LF, CR and TAB.- fix_ci_tests.patch: refreshed- versioned.patch: refreshed- skip_test_on_lowmem.patch: skip test on low-memory build machine- env_shebang.patch: dropped in favour of programmatic update
* Thu Dec 06 2018 adam.majerAATTsuse.de- New upstream release 11.3.0:
* deps: Upgrade to OpenSSL 1.1.0j, fixing + Timing vulnerability in DSA signature generation (bsc#1113652, CVE-2018-0734) + Timing vulnerability in ECDSA signature generation (bsc#1113651, CVE-2018-0735)
* http: + Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. (bsc#1117626, CVE-2018-12121) + A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (bsc#1117627, CVE-2018-12122)
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the \'javascript:\' protocol. (bsc#1117629, CVE-2018-12123)
* Mon Nov 26 2018 adam.majerAATTsuse.de- New upstream release 11.2.0:
* deps: A new experimental HTTP parser (llhttp) is now supported.
* timers: Fixed an issue that could cause setTimeout to stop working as expected.- flaky_test_rerun.patch: Rerun failing tests in case of flakiness- fix_ci_tests.patch: refreshed
* Thu Nov 08 2018 adam.majerAATTsuse.de- New upstream release 11.1.0:
* repl: Top-level for-await-of is now supported in the REPL.
* timers: Fixed an issue that could cause timers to enter an infinite loop.- openssl_fix.patch: removed, upstreamed- fix_ci_tests.patch: refreshed
* Thu Oct 25 2018 adam.majerAATTsuse.de- Initial release of NodeJS 11.0.0- Notable changes since NodeJS 10.12.0:
* Use of process.binding() has been deprecated.
* An experimental implementation of queueMicrotask() is added.
* child_process: The default value of the windowsHide option has been changed to true.
* deps: V8 has been updated to 7.0.
* fs: + fs.read() method now requires a callback + The previously deprecated fs.SyncWriteStream utility has been removed
* http: The http, https, and tls modules now use the WHATWG URL parser by default.
* timers: nextTick queue will be run after each immediate and timer.
* util: + WHATWG TextEncoder and TextDecoder are now globals. + util.inspect() output size is limited to 128 MB by default. + A runtime warning will be emitted when NODE_DEBUG is set for either http or http2.