Path to this page:
./
lang/nodejs,
V8 JavaScript for clients and servers
Branch: CURRENT,
Version: 22.9.0,
Package name: nodejs-22.9.0,
Maintainer: pkgsrc-usersNode.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.
This package holds the latest release.
Required to run:[
textproc/icu] [
net/libcares] [
security/openssl] [
devel/libuv] [
lang/gcc49-libs] [
www/nghttp2]
Required to build:[
lang/python27] [
sysutils/lockf] [
lang/gcc49] [
pkgtools/cwrappers]
Package options: openssl
Master sites:
Filesize: 45850.008 KB
Version history: (Expand)
- (2024-09-18) Updated to version: nodejs-22.9.0
- (2024-09-09) Updated to version: nodejs-22.8.0
- (2024-08-23) Updated to version: nodejs-22.7.0
- (2024-08-13) Updated to version: nodejs-22.6.0
- (2024-07-21) Updated to version: nodejs-22.5.1
- (2024-07-11) Updated to version: nodejs-22.4.1
CVS history: (Expand)
2024-04-11 14:14:09 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
nodejs: updated to 21.7.3
Version 21.7.3 (Current)
This is a security release.
Notable Changes
CVE-2024-27980 - Command injection via args parameter of child_process.spawn \
without shell option enabled on Windows
|
2024-04-05 07:31:10 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
nodejs: updated to 21.7.2
Version 21.7.2 (Current)
Notable changes
CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() \
leads to HTTP/2 server crash- (High)
CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium)
llhttp version 9.2.1
undici version 6.11.1
|
2024-03-20 14:39:23 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
nodejs: updated to 21.7.1
Version 21.7.1 (Current)
Notable Changes
This release reverts 51389, which landed in Node.js 21.7.0. It is a documented \
feature that t.after() hooks are run even if a test has no subtests. The hook \
can be used to clean up the test itself.
|
2024-03-07 18:07:43 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message:
nodejs: updated to 21.7.0
Version 21.7.0 (Current)
Text Styling
Loading and parsing environment variables
Support for multi-line values for .env file
sea: support embedding assets
vm: support using the default loader to handle dynamic import()
crypto: implement crypto.hash()
|
2024-02-14 22:15:56 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
nodejs: updated to 21.6.2
Version 21.6.2 (Current)
Notable changes
CVE-2024-21892 - Code injection and privilege escalation through Linux \
capabilities- (High)
CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk \
extension allows DoS attacks- (High)
CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of \
the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
CVE-2024-21891 - Multiple permission model bypasses due to improper path \
traversal sequence sanitization - (Medium)
CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and \
--allow-fs-write (Medium)
CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli \
decoding - (Medium)
undici version 5.28.3
libuv version 1.48.0
OpenSSL version 3.0.13+quic1
|
2024-01-25 18:11:34 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
nodejs: updated to 21.6.1
Version 21.6.1 (Current)
Notable Changes
This release fixes a bug in undici using WebStreams
|
2024-01-22 17:49:18 by Adam Ciarcinski | Files touched by this commit (31) |
Log message:
nodejs16: removed; end-of-life
|
2024-01-18 13:33:06 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
nodejs: updated to 21.6.0
Version 21.6.0 (Current)
New connection attempt events
Changes to the Permission Model
Support configurable snapshot through --build-snapshot-config flag
timers: export timers.promises
|