Request 1166624: Submit nodejs20 - openSUSE Build Service

This request supersedes: request 1166618 (Show diff)

Overview

Request 1166624 accepted

- Update to 20.12.1:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash- (High) (bsc#1222244)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length
Obfuscation- (Medium) (bsc#1222384)
* updated dependencies:
+ llhttp version 9.2.1
+ undici version 5.28.4 (bsc#1222530, bsc#1222603,
CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts
- fix_ci_tests.patch: add benchmark fix

- Update to 20.12.0:
* crypto: implement crypto.hash()
* util: add loading and parsing environment variables
* new connection attempt events: connectionAttempt,
connectionAttemptFailed, connectionAttemptTimeout
* sea: support embedding assets
* support configurable snapshot through --build-snapshot-config flag
* util.styleText(format, text): This function returns a formatted
text considering the format passed.
* vm: support using the default loader to handle dynamic import()
- c-ares-fixes.patch: removed, upstreamed
- nodejs-libpath.patch, versioned.patch: refreshed

* libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)

Created by adamm about 1 month ago
In state accepted
Supersedes 1166618

Submit nodejs20

Comments for request 1166624 0

Login required, please login in order to comment

Request History

adamm created request about 1 month ago

- Update to 20.12.1:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash- (High) (bsc#1222244)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length
Obfuscation- (Medium) (bsc#1222384)
* updated dependencies:
+ llhttp version 9.2.1
+ undici version 5.28.4 (bsc#1222530, bsc#1222603,
CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts
- fix_ci_tests.patch: add benchmark fix

- Update to 20.12.0:
* crypto: implement crypto.hash()
* util: add loading and parsing environment variables
* new connection attempt events: connectionAttempt,
connectionAttemptFailed, connectionAttemptTimeout
* sea: support embedding assets
* support configurable snapshot through --build-snapshot-config flag
* util.styleText(format, text): This function returns a formatted
text considering the format passed.
* vm: support using the default loader to handle dynamic import()
- c-ares-fixes.patch: removed, upstreamed
- nodejs-libpath.patch, versioned.patch: refreshed

* libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)

factory-auto added opensuse-review-team as a reviewer about 1 month ago

Please review sources

factory-auto accepted review about 1 month ago

Check script succeeded

staging-bot accepted review about 1 month ago

Picked "openSUSE:Factory:Staging:adi:48"

staging-bot added as a reviewer about 1 month ago

Being evaluated by staging project "openSUSE:Factory:Staging:adi:48"

licensedigger accepted review about 1 month ago

The legal review is accepted preliminary. The package may require actions later on.

dimstar accepted review about 1 month ago

anag+factory accepted review about 1 month ago

Staging Project openSUSE:Factory:Staging:adi:48 got accepted.

anag+factory approved review about 1 month ago

Staging Project openSUSE:Factory:Staging:adi:48 got accepted.

anag+factory accepted request about 1 month ago

Staging Project openSUSE:Factory:Staging:adi:48 got accepted.

openSUSE Build Service is sponsored by