| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Notable Changes
* --experimental-default-type flag to flip module defaults
* Detect ESM syntax in ambiguous JavaScript
* New flush option in file system functions
* Experimental WebSocket client
* vm: fix V8 compilation cache support for vm.Script
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
node.js version 20.x is now active LTS.
mipsel (pistachio) is no longer supported.
Due to build difficulties, libuv shared libraries are not used.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to v18.16.1
The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 28th March.
* OpenSSL security advisory 20th April.
* OpenSSL security advisory 30th May
* c-ares vulnerabilities: (Depends on shared library provided by OpenWrt)
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
| |
Update to v18.14.2
Support for OpenSSL v3.0.x
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thursday February 16 2023 Security Releases
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Notable Changes
*OpenSSL 1.1.1s
*Root certificates updated to NSS 3.85
*Time zone update to 2022f
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
| |
Update to v16.18.0
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Notable Changes:
Experimental command-line argument parser API
Experimental ESM Loader Hooks API
Experimental test runner
Improved interoperability of the Web Crypto API
Dependency updates:
Updated Corepack to 0.12.1
Updated ICU to 71.1
Updated npm to 8.15.0
Updated Undici to 5.8.0
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
| |
Description:
Update from v16.15.0
Changed handling of host's npm problems due to npm updates.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
| |
This update also changes npm from v6 to v8.
This change also requires node module packages to be modified.
Each package will be updated later.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
| |
October 12th 2021 Security Releases:
HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)
HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
July 2021 Security Releases:
Use after free on close http2 on stream canceling (High) (CVE-2021-22930)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
| |
Notable Changes:
deps: update ICU to 69.1 (Michaƫl Zasso)
errors: align source-map stacks with spec (Benjamin Coe)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Notable Changes:
Diagnostics channel (experimental module)
UUID support in the crypto module
Experimental support for AbortController and AbortSignal
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Maintainer: me @ianchi
Compile tested: head r15324-920b692, aarch64, x86_64
Run tested: (qemu 5.2.0) aarch64, x86_64
Description:
Update to v14.15.3
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
| |
Update to v14.15.1
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
| |
Update to v12.20.0
Take over maintainership from John Crispin
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
| |
Update to v12.19.0
Fixes for the removal of MIPS FPU emulator support.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
upgrade npm to 6.14.6
update openssl to 1.1.1g
Vulnerabilities fixed:
* CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
* CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
* CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
| |
Add some new APIs
V8 was updated to 7.8.279.23. This includes performance improvements to object
destructuring, RegExp match failures and WebAssembly startup time.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
| |
Update to v12.15.0
Support Python3 : https://github.com/openwrt/packages/issues/8893
Preparing to deprecate nosnapshot builds.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fixes several CVEs.
Added PKG_CPE_ID for proper CVE tracking.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
Version bump to 8.10.0
Refreshed patches
Added npx install
Added 004-node_crypto-remove-std.patch
Additional patch fixes node_cypto compile failure:
./src/node_crypto.cc:5626:32: error: expected unqualified-id before '('
Signed-off-by: Arturo Rinaldi <arty.net2@gmail.com>
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
|
| |
|
|
| |
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
| |
Signed-off-by: Adrian Panella <ianchi74@outlook.com>
|
| |
|
|
|
|
| |
While we're at it, also enable parallel builds.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
add node-js 0.12 and a few gyp bindings
Signed-off-by: John Crispin <blogic@openwrt.org>
|