./lang/nodejs14, V8 JavaScript for clients and servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 14.21.1nb1, Package name: nodejs-14.21.1nb1, Maintainer: pkgsrc-users

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the 14.x LTS release.



Package options: openssl

Master sites:

Filesize: 33851.184 KB

Version history: (Expand)


CVS history: (Expand)


   2022-12-03 22:34:38 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
nodejs14: enable corepack, disable dtrace, bump revision
   2022-11-23 14:15:03 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs14: updated to 14.21.1

Version 14.21.1 'Fermium' (LTS), @BethGriggs

This is a security release.

Notable changes

The following CVEs are fixed in this release:

* \ 
**[CVE-2022-43548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548)**: \ 
DNS rebinding in --inspect via invalid octal IP address (Medium)
   2022-09-27 09:54:19 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs14: updated to 14.20.1

Version 14.20.1 'Fermium' (LTS)

This is a security release.

Notable changes

The following CVEs are fixed in this release:

CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
CVE-2022-32213: bypass via obs-fold mechanic (Medium)
CVE-2022-35256: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields \ 
(Medium)
   2022-07-08 15:29:36 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs14: updated to 14.20.0

Version 14.20.0 'Fermium' (LTS)

Notable Changes
- (SEMVER-MAJOR) src,deps,build,test: add OpenSSL config appname (Daniel Bevenius)
- deps: upgrade openssl sources to 1.1.1q (RafaelGSS)
   2022-07-04 17:48:53 by Jonathan Perkin | Files touched by this commit (3)
Log message:
nodejs: Limit ABI depends to each release branch.

While not strictly true, it's required to avoid pbulk always choosing nodejs18
as the preferred dependency, which is incorrect on platforms where it does not
build (macOS 10.14) and NODE_VERSION_DEFAULT is set to 16.
   2022-06-01 22:08:15 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs14: updated to 14.19.3

Version 14.19.3 'Fermium' (LTS)

Notable Changes

This release updates OpenSSL to 1.1.1o. This update is not being treated as a \ 
security release as the issues addressed in OpenSSL 1.1.1o were assessed to not \ 
affect Node.js 14. See \ 
https://nodejs.org/en/blog/vulnerability/openssl-fixes-in-regular-releases-may2022/ \ 
for more information on how the May 2022 OpenSSL releases affects other Node.js \ 
release lines.
The list of GPG keys used to sign releases has been synchronized with the main \ 
branch.

Version 14.19.2 'Fermium' (LTS)

Notable Changes

doc:

New release key for Bryan English

npm:

Upgrade npm to v6.14.17.

V8:

V8 had a stack overflow issue affecting the vm module, cherry-picking \ 
cc9a8a37445e from V8 solves this issue.

Using getHeapSnapshot() was causing a Node.js crash due a V8 issue, this is \ 
fixed by backporting 367b0c1e7a32 from V8.
   2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | Package updated
Log message:
revbump for textproc/icu update
   2022-03-30 08:51:31 by Adam Ciarcinski | Files touched by this commit (26) | Package updated
Log message:
nodejs14: updated to 14.19.1 and moved to lang/nodejs14

Version 14.19.1 'Fermium' (LTS)

This is a security release.

Notable Changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Infinite loop in BN_mod_sqrt() reachable when parsing certificates \ 
(High)(CVE-2022-0778) More details are available at \ 
https://www.openssl.org/news/secadv/20220315.txt