Request 1166618: Submit nodejs20 - openSUSE Build Service

This request is superseded by request 1166624 (Show diff)

Overview

Request 1166618 superseded

- Update to 20.12.1:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash- (High) (bsc#1222244)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length
Obfuscation- (Medium) (bsc#1222384)
* updated dependencies:
+ llhttp version 9.2.1
+ undici version 5.28.4 (bsc#1222530, bsc#1222603,
CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts

- Update to 20.12.0:
* crypto: implement crypto.hash()
* util: add loading and parsing environment variables
* new connection attempt events: connectionAttempt,
connectionAttemptFailed, connectionAttemptTimeout
* sea: support embedding assets
* support configurable snapshot through --build-snapshot-config flag
* util.styleText(format, text): This function returns a formatted
text considering the format passed.
* vm: support using the default loader to handle dynamic import()
- c-ares-fixes.patch: removed, upstreamed
- nodejs-libpath.patch, versioned.patch: refreshed

* libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)

Created by adamm about 2 months ago
In state superseded
Superseded by 1166624
Open review for licensedigger
Open review for factory-staging
Open review for opensuse-review-team

Submit nodejs20

Comments for request 1166618 0

Login required, please login in order to comment

Request History

adamm created request about 2 months ago

- Update to 20.12.1:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash- (High) (bsc#1222244)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length
Obfuscation- (Medium) (bsc#1222384)
* updated dependencies:
+ llhttp version 9.2.1
+ undici version 5.28.4 (bsc#1222530, bsc#1222603,
CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts

- Update to 20.12.0:
* crypto: implement crypto.hash()
* util: add loading and parsing environment variables
* new connection attempt events: connectionAttempt,
connectionAttemptFailed, connectionAttemptTimeout
* sea: support embedding assets
* support configurable snapshot through --build-snapshot-config flag
* util.styleText(format, text): This function returns a formatted
text considering the format passed.
* vm: support using the default loader to handle dynamic import()
- c-ares-fixes.patch: removed, upstreamed
- nodejs-libpath.patch, versioned.patch: refreshed

* libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)

factory-auto added opensuse-review-team as a reviewer about 2 months ago

Please review sources

factory-auto accepted review about 2 months ago

Check script succeeded

adamm superseded request about 2 months ago

superseded by 1166624

openSUSE Build Service is sponsored by