Navigation:
Browse pkgsrc
(this page) 2024-07-11 20:59:31 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: nodejs20: updated to 20.15.1 Version 20.15.1 'Iron' (LTS) Notable Changes CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) CVE-2024-22020 - Bypass network import restriction via data URL (Medium) CVE-2024-22018 - fs.lstat bypasses permission model (Low) CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low) CVE-2024-37372 - Permission model improperly processes UNC paths (Low) |
| 2024-06-27 09:12:31 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs20: updated to 20.15.0 Version 20.15.0 'Iron' (LTS) test_runner: support test plans inspector: introduce the --inspect-wait flag zlib: expose zlib.crc32() cli: allow running wasm in limited vmem with --disable-wasm-trap-handler doc: add pimterry to collaborators (Tim Perry) (SEMVER-MINOR) tools: fix get_asan_state() in tools/test.py (Joyee Cheung) (SEMVER-MINOR) tools: support max_virtual_memory test configuration (Joyee Cheung) (SEMVER-MINOR) tools: support != in test status files (Joyee Cheung) |
| 2024-05-31 07:41:58 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: nodejs20: updated to 20.14.0 Version 20.14.0 'Iron' (LTS) Notable Changes - src,permission: throw async errors on async APIs - (SEMVER-MINOR) test_runner: support forced exit |
| 2024-05-29 18:35:19 by Adam Ciarcinski | Files touched by this commit (1929) | |
Log message: revbump after icu and protobuf updates |
| 2024-05-15 10:50:36 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs20: updated to 20.13.1 Version 20.13.1 'Iron' (LTS) Revert "tools: install npm PowerShell scripts on Windows" Due to a regression in the npm installation on Windows, this commit reverts the \ change that installed npm PowerShell scripts on Windows. |
| 2024-05-07 20:07:05 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: nodejs20: updated to 20.13.0 Node.js v20.13.0 buffer: improve base64 and base64url performance crypto: deprecate implicitly shortened GCM tags events,doc: mark CustomEvent as stable fs: add stacktrace to fs/promises report: add --report-exclude-network option src: add uv_get_available_memory to report and process stream: support typed arrays util: support array of formats in util.styleText v8: implement v8.queryObjects() for memory leak regression testing watch: mark as stable |
| 2024-04-11 16:50:02 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs20: updated to 20.12.2 Version 20.12.2 'Iron' (LTS) Notable Changes CVE-2024-27980 - Command injection via args parameter of child_process.spawn \ without shell option enabled on Windows |
| 2024-04-05 07:31:45 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: nodejs20: updated to 20.12.1 Version 20.12.1 'Iron' (LTS) Notable Changes CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() \ leads to HTTP/2 server crash- (High) CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium) llhttp version 9.2.1 undici version 5.28.4 |
| 2024-02-14 22:16:23 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs20: updated to 20.11.1 Version 20.11.1 'Iron' (LTS) Notable changes CVE-2024-21892 - Code injection and privilege escalation through Linux \ capabilities- (High) CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk \ extension allows DoS attacks- (High) CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High) CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High) CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of \ the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) CVE-2024-21891 - Multiple permission model bypasses due to improper path \ traversal sequence sanitization - (Medium) CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and \ --allow-fs-write (Medium) CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli \ decoding - (Medium) undici version 5.28.3 libuv version 1.48.0 OpenSSL version 3.0.13+quic1 |
| 2024-01-11 10:33:42 by Adam Ciarcinski | Files touched by this commit (6) | |
Log message: nodejs20: updated to 20.11.0 Version 20.11.0 'Iron' (LTS) Notable Changes - crypto: update root certificates to NSS 3.95 (Node.js GitHub Bot) - doc: add MrJithil to collaborators (Jithil P Ponnan) - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) - (SEMVER-MINOR) esm: add import.meta.dirname and import.meta.filename (James \ Sumners) - fs: add c++ fast path for writeFileSync utf8 (CanadaHonk) - (SEMVER-MINOR) module: remove useCustomLoadersIfPresent flag (Chengzhong Wu) - (SEMVER-MINOR) module: bootstrap module loaders in shadow realm (Chengzhong Wu) - (SEMVER-MINOR) src: add --disable-warning option (Ethan Arrowood) - (SEMVER-MINOR) src: create per isolate proxy env template (Chengzhong Wu) - (SEMVER-MINOR) src: make process binding data weak (Chengzhong Wu) - stream: use Array for Readable buffer (Robert Nagy) - stream: optimize creation (Robert Nagy) - (SEMVER-MINOR) test_runner: adds built in lcov reporter (Phil Nash) - (SEMVER-MINOR) test_runner: add Date to the supported mock APIs (Lucas Santos) - (SEMVER-MINOR) test_runner, cli: add --test-timeout flag (Shubham Pandey) |
New packages: