./lang/nodejs, V8 JavaScript for clients and servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 23.2.0nb1, Package name: nodejs-23.2.0nb1, Maintainer: pkgsrc-users

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the latest release.


Required to run:
[textproc/icu] [net/libcares] [security/openssl] [devel/libuv] [lang/gcc49-libs] [www/nghttp2]

Required to build:
[lang/python27] [sysutils/lockf] [lang/gcc49] [pkgtools/cwrappers]

Package options: openssl

Master sites:

Filesize: 46608.875 KB

Version history: (Expand)

CVS history: (Expand)


   2024-04-11 14:14:09 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.7.3

Version 21.7.3 (Current)
This is a security release.
Notable Changes
CVE-2024-27980 - Command injection via args parameter of child_process.spawn \ 
without shell option enabled on Windows
   2024-04-05 07:31:10 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.7.2

Version 21.7.2 (Current)

Notable changes
CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() \ 
leads to HTTP/2 server crash- (High)
CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium)
llhttp version 9.2.1
undici version 6.11.1
   2024-03-20 14:39:23 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.7.1

Version 21.7.1 (Current)

Notable Changes
This release reverts 51389, which landed in Node.js 21.7.0. It is a documented \ 
feature that t.after() hooks are run even if a test has no subtests. The hook \ 
can be used to clean up the test itself.
   2024-03-07 18:07:43 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
nodejs: updated to 21.7.0

Version 21.7.0 (Current)

Text Styling
Loading and parsing environment variables
Support for multi-line values for .env file
sea: support embedding assets
vm: support using the default loader to handle dynamic import()
crypto: implement crypto.hash()
   2024-02-14 22:15:56 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.6.2

Version 21.6.2 (Current)

Notable changes

CVE-2024-21892 - Code injection and privilege escalation through Linux \ 
capabilities- (High)
CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk \ 
extension allows DoS attacks- (High)
CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of \ 
the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
CVE-2024-21891 - Multiple permission model bypasses due to improper path \ 
traversal sequence sanitization - (Medium)
CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and \ 
--allow-fs-write (Medium)
CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli \ 
decoding - (Medium)
undici version 5.28.3
libuv version 1.48.0
OpenSSL version 3.0.13+quic1
   2024-01-25 18:11:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.6.1

Version 21.6.1 (Current)

Notable Changes

This release fixes a bug in undici using WebStreams
   2024-01-22 17:49:18 by Adam Ciarcinski | Files touched by this commit (31) 
Log message:
nodejs16: removed; end-of-life
   2024-01-18 13:33:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.6.0

Version 21.6.0 (Current)

New connection attempt events
Changes to the Permission Model
Support configurable snapshot through --build-snapshot-config flag
timers: export timers.promises