Path to this page:
./
lang/nodejs18,
V8 JavaScript for clients and servers
Branch: CURRENT,
Version: 18.20.4nb3,
Package name: nodejs-18.20.4nb3,
Maintainer: pkgsrc-usersNode.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.
This package holds the 18.x LTS release.
Package options: openssl
Master sites:
Filesize: 39497.793 KB
Version history: (Expand)
- (2024-11-15) Updated to version: nodejs-18.20.4nb3
- (2024-11-01) Updated to version: nodejs-18.20.4nb2
- (2024-11-01) Updated to version: nodejs-18.20.4nb1
- (2024-08-13) Updated to version: nodejs-18.20.4
- (2024-05-31) Updated to version: nodejs-18.20.3
- (2024-05-29) Updated to version: nodejs-18.20.2nb1
CVS history: (Expand)
2024-04-11 16:49:35 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
nodejs18: updated to 18.20.2
Version 18.20.2 'Hydrogen' (LTS)
Notable Changes
CVE-2024-27980 - Command injection via args parameter of child_process.spawn \
without shell option enabled on Windows
|
2024-04-05 07:32:14 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message:
nodejs18: updated to 18.20.1
Version 18.20.1 'Hydrogen' (LTS)
Notable Changes
CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() \
leads to HTTP/2 server crash- (High)
CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
llhttp version 9.2.1
undici version 5.28.4
|
2024-02-14 22:26:59 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
nodejs18: updated to 18.19.1
Version 18.19.1 'Hydrogen' (LTS)
Notable changes
CVE-2024-21892 - Code injection and privilege escalation through Linux \
capabilities- (High)
CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk \
extension allows DoS attacks- (High)
CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of \
the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli \
decoding - (Medium)
undici version 5.28.3
npm version 10.2.4
|
2024-01-11 10:42:46 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
nodejs18: updated to 18.19.0
Version 18.19.0 'Hydrogen' (LTS)
Notable Changes
npm updated to v10
After two months of baking time in Node.js 20, npm 10 is backported, so that all \
release lines include a supported version of npm. This release includes npm \
v10.2.3.
ESM and customization hook changes
Leverage loaders when resolving subsequent loaders
Loaders now apply to subsequent loaders, for example: --experimental-loader \
ts-node --experimental-loader loader-written-in-typescript.
New node:module API register for module customization hooks; new initialize hook
There is a new API register available on node:module to specify a file that \
exports module customization hooks, and pass data to the hooks, and establish \
communication channels with them. The “define the file with the hooks” part \
was previously handled by a flag --experimental-loader, but when the hooks moved \
into a dedicated thread in 20.0.0 there was a need to provide a way to \
communicate between the main (application) thread and the hooks thread. This can \
now be done by calling register from the main thread and passing data, including \
MessageChannel instances.
We encourage users to migrate to an approach that uses --import with register, \
such as:
node --import ./file-that-calls-register.js ./app.js
Using --import ensures that the customization hooks are registered before any \
application code runs, even the entry point.
import.meta.resolve unflagged
In ES modules, import.meta.resolve(specifier) can be used to get an absolute URL \
string to which specifier resolves, similar to require.resolve in CommonJS. This \
aligns Node.js with browsers and other server-side runtimes.
--experimental-default-type flag to flip module defaults
The new flag --experimental-default-type can be used to flip the default module \
system used by Node.js. Input that is already explicitly defined as ES modules \
or CommonJS, such as by a package.json "type" field or .mjs/.cjs file \
extension or the --input-type flag, is unaffected. What is currently implicitly \
CommonJS would instead be interpreted as ES modules under \
--experimental-default-type=module:
String input provided via --eval or STDIN, if --input-type is unspecified.
Files ending in .js or with no extension, if there is no package.json file \
present in the same folder or any parent folder.
Files ending in .js or with no extension, if the nearest parent package.json \
field lacks a type field; unless the folder is inside a node_modules folder.
In addition, extensionless files are interpreted as Wasm if \
--experimental-wasm-modules is passed and the file contains the "magic \
bytes" Wasm header.
|
2023-11-23 17:57:37 by Jonathan Perkin | Files touched by this commit (5) |
Log message:
nodejs*: Consolidate and fix python includes.
Ensures that PYTHON_FOR_BUILD_ONLY is set prior to including pyversion.mk,
and ensures python and its dependencies are not buildlinked.
|
2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message:
*: recursive bump for icu 74.1
|
2023-11-02 14:20:35 by Adam Ciarcinski | Files touched by this commit (4) |
Log message:
nodejs18: allow build with Python 3.12
|
2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message:
*: bump for openssl 3
|