diff options
author | adam <adam@pkgsrc.org> | 2021-04-07 06:21:06 +0000 |
---|---|---|
committer | adam <adam@pkgsrc.org> | 2021-04-07 06:21:06 +0000 |
commit | 80023cdba2ad35aa43db58a58bc0af850dd96f6f (patch) | |
tree | c918f723df4b22cc0fda6a03d89b169a5d38c343 /lang/nodejs12 | |
parent | 736013b97ba16b940b310d1d37b856095d8935de (diff) | |
download | pkgsrc-80023cdba2ad35aa43db58a58bc0af850dd96f6f.tar.gz |
nodejs12: updated to 12.22.1
Version 12.22.1 'Erbium' (LTS)
This is a security release.
Notable Changes
Vulnerabilities fixed:
CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines
Version 12.22.0 'Erbium' (LTS)
Notable changes
The legacy HTTP parser is runtime deprecated
The legacy HTTP parser, selected by the --http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation provided) at the end of April 2021. It will now warn on use but otherwise continue to function and may be removed in a future Node.js 12.x release.
The default HTTP parser based on llhttp is not affected. By default it is stricter than the now deprecated legacy HTTP parser. If interoperability with HTTP implementations that send invalid HTTP headers is required, the HTTP parser can be started in a less secure mode with the --insecure-http-parser command line option.
ES Modules
ES Modules are now considered stable.
node-api
Updated to node-api version 8 and added an experimental API to allow retrieval of the add-on file name.
New API's to control code coverage data collection
v8.stopCoverage() and v8.takeCoverage() have been added.
New API to monitor event loop utilization by Worker threads
worker.performance.eventLoopUtilization() has been added.
Diffstat (limited to 'lang/nodejs12')
-rw-r--r-- | lang/nodejs12/Makefile | 4 | ||||
-rw-r--r-- | lang/nodejs12/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/lang/nodejs12/Makefile b/lang/nodejs12/Makefile index 90627a538c3..00226f5cc12 100644 --- a/lang/nodejs12/Makefile +++ b/lang/nodejs12/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.31 2021/02/24 11:10:11 adam Exp $ +# $NetBSD: Makefile,v 1.32 2021/04/07 06:21:06 adam Exp $ -DISTNAME= node-v12.21.0 +DISTNAME= node-v12.22.1 EXTRACT_SUFX= .tar.xz USE_LANGUAGES= c gnu++14 diff --git a/lang/nodejs12/distinfo b/lang/nodejs12/distinfo index 34bdd9d6e2c..388572ae614 100644 --- a/lang/nodejs12/distinfo +++ b/lang/nodejs12/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.22 2021/02/24 11:10:11 adam Exp $ +$NetBSD: distinfo,v 1.23 2021/04/07 06:21:06 adam Exp $ -SHA1 (node-v12.21.0.tar.xz) = 675637f5fad3b32c2f5830b43f3b2be0bbda1626 -RMD160 (node-v12.21.0.tar.xz) = 1e024ad17c8d0ef941d889e953cbae47e8ef7812 -SHA512 (node-v12.21.0.tar.xz) = 48df48a12657e3a2366cd80a1a7040365b7a90053676230f1f93f253a1fcdafc5bc1df5b5ec5c13f616277b5feb7e7653cd145ab9c23222bf7702d7cd1fa74eb -Size (node-v12.21.0.tar.xz) = 23650552 bytes +SHA1 (node-v12.22.1.tar.xz) = a4bd1a34dfb82960f098f3a9aab04470c0315581 +RMD160 (node-v12.22.1.tar.xz) = 840b4f5835a00136164d9950709957d476cf14bf +SHA512 (node-v12.22.1.tar.xz) = eaead633611bda04ab9be200aeddf3b4004b8104e9c6af246023b8008003dd3a7103e1508ea690443e59c6591521b04a2d71c7344343f2a20d1c935ef51c66a0 +Size (node-v12.22.1.tar.xz) = 23650180 bytes SHA1 (patch-common.gypi) = a3fa3b5b974f910b3c8fea640ded4dca262e1ba8 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 |