./lang/nodejs, V8 JavaScript for clients and servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 10.14.2, Package name: nodejs-10.14.2, Maintainer: filip

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the latest stable release.


Required to run:
[textproc/icu] [net/libcares] [devel/libuv] [lang/gcc49-libs] [www/http-parser]

Required to build:
[lang/python27] [sysutils/lockf] [lang/gcc49] [pkgtools/cwrappers]

Package options: openssl

Master sites:

SHA1: e7d05110bcb3c46c46390b3026664102f27f5838
RMD160: 2fd95aa111fa1cbd611ab2aba1797efe35895712
Filesize: 35449.129 KB

Version history: (Expand)


CVS history: (Expand)


   2018-12-12 17:38:06 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
nodejs: updated to 10.14.2

Version 10.14.2 'Dubnium' (LTS)
This LTS release comes with 374 commits. This includes 165 which are test or \ 
benchmark related, 77 which are doc related, 29 which are build / tool related \ 
and 15 commits which update dependencies.

Notable Changes
* deps:
  - upgrade to c-ares v1.15.0
* Windows:
  - A crashing process will now show the names of stack frames if the node.pdb \ 
file is available.
   2018-12-09 19:29:12 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 10.14.1

Version 10.14.1 'Dubnium' (LTS):

Notable Changes
win/msi: Revert changes to installer causing issues on Windows systems.
   2018-11-28 09:36:05 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
nodejs: updated to 10.14.0

Version 10.14.0 'Dubnium' (LTS):

This is a security release. All Node.js users should consult the security \ 
release summary at:
https://nodejs.org/en/blog/vulnerabilit … -releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)

Notable Changes
* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
  - Headers received by HTTP servers must not exceed 8192 bytes in total to \ 
prevent possible Denial of Service attacks. Reported by Trevor Norris. \ 
(CVE-2018-12121 / Matteo Collina)
  - A timeout of 40 seconds now applies to servers receiving HTTP headers. This \ 
value can be adjusted with server.headersTimeout. Where headers are not \ 
completely received within this period, the socket is destroyed on the next \ 
received chunk. In conjunction with server.setTimeout(), this aids in protecting \ 
against excessive resource retention and possible Denial of Service. Reported by \ 
Jan Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs \ 
with url.parse() with the 'javascript:' protocol.
   2018-11-10 19:35:18 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 10.13.0

Version 10.13.0 'Dubnium' (LTS)

This release marks the transition of Node.js 10.x into Long Term Support (LTS) \ 
with the codename 'Dubnium'. The 10.x release line now moves in to "Active \ 
LTS" and will remain so until April 2020. After that time it will move in \ 
to "Maintenance" until end of life in April 2021.

Notable Changes

This release only includes minimal changes necessary to fix known regressions \ 
prior to LTS.

Version 10.12.0 (Current)

Notable changes

assert
* The diff output is now a tiny bit improved by sorting object properties when \ 
inspecting the values that are compared with each other.

cli
* The options parser now normalizes _ to - in all multi-word command-line flags, \ 
e.g. --no_warnings has the same effect as --no-warnings.
* Added bash completion for the node binary. To generate a bash completion \ 
script, run node --completion-bash. The output can be saved to a file which can \ 
be sourced to enable completion.

crypto
* Added support for PEM-level encryption.
* Added an API asymmetric key pair generation. The new methods \ 
crypto.generateKeyPair and crypto.generateKeyPairSync can be used to generate \ 
public and private key pairs. The API supports RSA, DSA and EC and a variety of \ 
key encodings (both PEM and DER).
fs
* Added a recursive option to fs.mkdir and fs.mkdirSync. If this option is set \ 
to true, non-existing parent folders will be automatically created.

http2
* Added a 'ping' event to Http2Session that is emitted whenever a non-ack PING \ 
is received.
* Added support for the ORIGIN frame.
* Updated nghttp2 to 1.34.0. This adds RFC 8441 extended connect protocol \ 
support to allow use of WebSockets over HTTP/2.

module
* Added module.createRequireFromPath(filename). This new method can be used to \ 
create a custom require function that will resolve modules relative to the \ 
filename path.

process
* Added a 'multipleResolves' process event that is emitted whenever a Promise is \ 
attempted to be resolved multiple times, e.g. if the resolve and reject \ 
functions are both called in a Promise executor.

url
* Added url.fileURLToPath(url) and url.pathToFileURL(path). These methods can be \ 
used to correctly convert between file: URLs and absolute paths.

util
* Added the sorted option to util.inspect(). If set to true, all properties of \ 
an object and Set and Map entries will be sorted in the returned string. If set \ 
to a function, it is used as a compare function.
The util.instpect.custom symbol is now defined in the global symbol registry as \ 
Symbol.for('nodejs.util.inspect.custom').
* Added support for BigInt numbers in util.format().

V8 API
* A number of V8 C++ APIs have been marked as deprecated since they have been \ 
removed in the upstream repository. Replacement APIs are added where necessary.

Windows
* The Windows msi installer now provides an option to automatically install the \ 
tools required to build native modules.

Workers
* Debugging support for Workers using the DevTools protocol has been implemented.
* The public inspector module is now enabled in Workers.
   2018-09-27 21:27:57 by Tobias Nygren | Files touched by this commit (1)
Log message:
nodejs: unbreak previous for nodejs6 & nodejs8, add comments
   2018-09-27 21:15:59 by Tobias Nygren | Files touched by this commit (1)
Log message:
nodejs: SUBST paxctl in the correct Makefile
   2018-09-20 16:05:25 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
lang/nodejs: Update to 10.11.0.

- fs
  - Fixed fsPromises.readdir `withFileTypes`.
- http2
  - Added `http2stream.endAfterHeaders` property.
- util
  - Added `util.types.isBoxedPrimitive(value)`.
   2018-09-07 16:24:55 by Jonathan Perkin | Files touched by this commit (1)
Log message:
nodejs: Work around build rpath issue with torque.