./lang/nodejs, V8 JavaScript for clients and servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 20.7.0, Package name: nodejs-20.7.0, Maintainer: pkgsrc-users

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the latest release.


Required to run:
[textproc/icu] [net/libcares] [security/openssl] [devel/libuv] [lang/gcc49-libs] [www/nghttp2]

Required to build:
[lang/python27] [sysutils/lockf] [lang/gcc49] [pkgtools/cwrappers]

Package options: openssl

Master sites:

Filesize: 40843.977 KB

Version history: (Expand)


CVS history: (Expand)


   2023-09-20 13:21:59 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
nodejs: updated to 20.7.0

Version 20.7.0 (Current)

Notable Changes

- src: support multiple --env-file declarations (Yagiz Nizipli)
- crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot)
- deps: upgrade npm to 10.1.0 (npm team)
- (SEMVER-MINOR) deps: upgrade npm to 10.0.0 (npm team)
- doc: move and rename loaders section (Geoffrey Booth)
- doc: add release key for Ulises Gascon (Ulises Gascón)
- (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled (翠 / green)
- src,permission: add multiple allow-fs-* flags (Carlos Espa)
- (SEMVER-MINOR) test_runner: expose location of tests (Colin Ihrig)
   2023-09-13 11:55:45 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 20.6.1

Version 20.6.1 (Current)
esm: fix loading of CJS modules from ESM
   2023-09-06 21:28:21 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
nodejs: updated to 20.6.0

Version 20.6.0 (Current)

Notable changes

built-in .env file support

Starting from Node.js v20.6.0, Node.js supports .env files for configuring \ 
environment variables.

Your configuration file should follow the INI file format, with each line \ 
containing a key-value pair for an environment variable. To initialize your \ 
Node.js application with predefined configurations, use the following CLI \ 
command: node --env-file=config.env index.js.

For example, you can access the following environment variable using \ 
process.env.PASSWORD when your application is initialized:

PASSWORD=nodejs
In addition to environment variables, this change allows you to define your \ 
NODE_OPTIONS directly in the .env file, eliminating the need to include it in \ 
your package.json.

import.meta.resolve unflagged

In ES modules, import.meta.resolve(specifier) can be used to get an absolute URL \ 
string to which specifier resolves, similar to require.resolve in CommonJS. This \ 
aligns Node.js with browsers and other server-side runtimes.

New node:module API register for module customization hooks; new initialize hook

There is a new API register available on node:module to specify a file that \ 
exports module customization hooks, and pass data to the hooks, and establish \ 
communication channels with them. The “define the file with the hooks” part \ 
was previously handled by a flag --experimental-loader, but when the hooks moved \ 
into a dedicated thread in 20.0.0 there was a need to provide a way to \ 
communicate between the main (application) thread and the hooks thread. This can \ 
now be done by calling register from the main thread and passing data, including \ 
MessageChannel instances.

We encourage users to migrate to an approach that uses --import with register, \ 
such as:

node --import ./file-that-calls-register.js ./app.js
Using --import ensures that the customization hooks are registered before any \ 
application code runs, even the entry point.

Module customization load hook can now support CommonJS
   2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247)
Log message:
*: recursive bump for Python 3.11 as new default
   2023-08-11 07:25:17 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 20.5.1

Version 20.5.1 (Current)

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-32002: Policies can be bypassed via Module._load (High)
CVE-2023-32558: process.binding() can bypass the permission model through path \ 
traversal (High)
CVE-2023-32004: Permission model can be bypassed by specifying a path traversal \ 
sequence in a Buffer (High)
CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
CVE-2023-32005: fs.statfs can bypass the permission model (Low)
CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission \ 
model (Low)
OpenSSL Security Releases
   2023-07-27 10:43:16 by Jonathan Perkin | Files touched by this commit (1)
Log message:
nodejs: Add missing CONFLICTS/SUPERSEDES for npm.
   2023-07-25 08:42:43 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
nodejs: updated to 20.5.0

Version 20.5.0 (Current)

Notable Changes

doc: add atlowChemi to collaborators (atlowChemi)
(SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow)
fs: add a fast-path for readFileSync utf-8 (Yagiz Nizipli)
(SEMVER-MINOR) test_runner: add shards support (Raz Luvaton)
   2023-07-18 20:25:29 by Nia Alarie | Files touched by this commit (4)
Log message:
lang: Adapt packages to USE_(CC|CXX)_FEATURES where possible