Overview
Request 1166624 accepted
- Update to 20.12.1:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash- (High) (bsc#1222244)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length
Obfuscation- (Medium) (bsc#1222384)
* updated dependencies:
+ llhttp version 9.2.1
+ undici version 5.28.4 (bsc#1222530, bsc#1222603,
CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts
- fix_ci_tests.patch: add benchmark fix
- Update to 20.12.0:
* crypto: implement crypto.hash()
* util: add loading and parsing environment variables
* new connection attempt events: connectionAttempt,
connectionAttemptFailed, connectionAttemptTimeout
* sea: support embedding assets
* support configurable snapshot through --build-snapshot-config flag
* util.styleText(format, text): This function returns a formatted
text considering the format passed.
* vm: support using the default loader to handle dynamic import()
- c-ares-fixes.patch: removed, upstreamed
- nodejs-libpath.patch, versioned.patch: refreshed
* libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)
Request History
adamm created request
- Update to 20.12.1:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash- (High) (bsc#1222244)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length
Obfuscation- (Medium) (bsc#1222384)
* updated dependencies:
+ llhttp version 9.2.1
+ undici version 5.28.4 (bsc#1222530, bsc#1222603,
CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts
- fix_ci_tests.patch: add benchmark fix
- Update to 20.12.0:
* crypto: implement crypto.hash()
* util: add loading and parsing environment variables
* new connection attempt events: connectionAttempt,
connectionAttemptFailed, connectionAttemptTimeout
* sea: support embedding assets
* support configurable snapshot through --build-snapshot-config flag
* util.styleText(format, text): This function returns a formatted
text considering the format passed.
* vm: support using the default loader to handle dynamic import()
- c-ares-fixes.patch: removed, upstreamed
- nodejs-libpath.patch, versioned.patch: refreshed
* libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
staging-bot accepted review
Picked "openSUSE:Factory:Staging:adi:48"
staging-bot added as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:48"
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
dimstar accepted review
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:adi:48 got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:adi:48 got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:adi:48 got accepted.