node-aix-ppc64 21.7.1 → 21.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +40 -3
- package/bin/node +0 -0
- package/include/node/node.exp +8 -8
- package/include/node/node_version.h +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,8 @@
|
|
|
8
8
|
</tr>
|
|
9
9
|
<tr>
|
|
10
10
|
<td>
|
|
11
|
+
<a href="#21.7.3">21.7.3</a><br/>
|
|
12
|
+
<a href="#21.7.2">21.7.2</a><br/>
|
|
11
13
|
<a href="#21.7.1">21.7.1</a><br/>
|
|
12
14
|
<a href="#21.7.0">21.7.0</a><br/>
|
|
13
15
|
<a href="#21.6.2">21.6.2</a><br/>
|
|
@@ -46,6 +48,41 @@
|
|
|
46
48
|
* [io.js](CHANGELOG_IOJS.md)
|
|
47
49
|
* [Archive](CHANGELOG_ARCHIVE.md)
|
|
48
50
|
|
|
51
|
+
<a id="21.7.3"></a>
|
|
52
|
+
|
|
53
|
+
## 2024-04-10, Version 21.7.3 (Current), @RafaelGSS
|
|
54
|
+
|
|
55
|
+
This is a security release.
|
|
56
|
+
|
|
57
|
+
### Notable Changes
|
|
58
|
+
|
|
59
|
+
* CVE-2024-27980 - Command injection via args parameter of `child_process.spawn` without shell option enabled on Windows
|
|
60
|
+
|
|
61
|
+
### Commits
|
|
62
|
+
|
|
63
|
+
* \[[`9095c914ed`](https://github.com/nodejs/node/commit/9095c914ed)] - **src**: disallow direct .bat and .cmd file spawning (Ben Noordhuis) [nodejs-private/node-private#562](https://github.com/nodejs-private/node-private/pull/562)
|
|
64
|
+
|
|
65
|
+
<a id="21.7.2"></a>
|
|
66
|
+
|
|
67
|
+
## 2024-04-03, Version 21.7.2 (Current), @RafaelGSS prepared by @marco-ippolito
|
|
68
|
+
|
|
69
|
+
This is a security release.
|
|
70
|
+
|
|
71
|
+
### Notable changes
|
|
72
|
+
|
|
73
|
+
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
|
|
74
|
+
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium)
|
|
75
|
+
* llhttp version 9.2.1
|
|
76
|
+
* undici version 6.11.1
|
|
77
|
+
|
|
78
|
+
### Commits
|
|
79
|
+
|
|
80
|
+
* \[[`3dfc10c851`](https://github.com/nodejs/node/commit/3dfc10c851)] - **deps**: update undici to 6.11.1 (Node.js GitHub Bot) [#52328](https://github.com/nodejs/node/pull/52328)
|
|
81
|
+
* \[[`aceea1c5e7`](https://github.com/nodejs/node/commit/aceea1c5e7)] - **deps**: update undici to 6.10.2 (Node.js GitHub Bot) [#52227](https://github.com/nodejs/node/pull/52227)
|
|
82
|
+
* \[[`5f0f96b275`](https://github.com/nodejs/node/commit/5f0f96b275)] - **deps**: update llhttp to 9.2.0 (Node.js GitHub Bot) [#51719](https://github.com/nodejs/node/pull/51719)
|
|
83
|
+
* \[[`1a65e98e22`](https://github.com/nodejs/node/commit/1a65e98e22)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#556](https://github.com/nodejs-private/node-private/pull/556)
|
|
84
|
+
* \[[`3bd39fb474`](https://github.com/nodejs/node/commit/3bd39fb474)] - **src**: ensure to close stream when destroying session (RafaelGSS) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
|
|
85
|
+
|
|
49
86
|
<a id="21.7.1"></a>
|
|
50
87
|
|
|
51
88
|
## 2024-03-08, Version 21.7.1 (Current), @targos
|
|
@@ -515,7 +552,7 @@ Node.js 21.6.0 comes with several fixes for the experimental permission model an
|
|
|
515
552
|
We're adding a new flag `--allow-addons` to enable addon usage when using the Permission Model.
|
|
516
553
|
|
|
517
554
|
```console
|
|
518
|
-
|
|
555
|
+
node --experimental-permission --allow-addons
|
|
519
556
|
```
|
|
520
557
|
|
|
521
558
|
Contributed by Rafael Gonzaga in [#51183](https://github.com/nodejs/node/pull/51183)
|
|
@@ -524,7 +561,7 @@ And relative paths are now supported through the `--allow-fs-*` flags.
|
|
|
524
561
|
Therefore, with this release one can use:
|
|
525
562
|
|
|
526
563
|
```console
|
|
527
|
-
|
|
564
|
+
node --experimental-permission --allow-fs-read=./index.js
|
|
528
565
|
```
|
|
529
566
|
|
|
530
567
|
To give only read access to the entrypoint of the application.
|
|
@@ -536,7 +573,7 @@ Contributed by Rafael Gonzaga and Carlos Espa in [#50758](https://github.com/nod
|
|
|
536
573
|
We are adding a new flag `--build-snapshot-config` to configure snapshots through a custom JSON configuration file.
|
|
537
574
|
|
|
538
575
|
```console
|
|
539
|
-
|
|
576
|
+
node --build-snapshot-config=/path/to/myconfig.json
|
|
540
577
|
```
|
|
541
578
|
|
|
542
579
|
When using this flag, additional script files provided on the command line will
|
package/bin/node
CHANGED
|
Binary file
|
package/include/node/node.exp
CHANGED
|
@@ -5980,15 +5980,15 @@ _GLOBAL__F__ZN2v88internal6torque5Block13SetInputTypesERKNS1_5StackIPKNS1_4TypeE
|
|
|
5980
5980
|
_GLOBAL__F__ZN2v88internal6torque9KytheData21AddConstantDefinitionEPKNS1_5ValueE
|
|
5981
5981
|
_GLOBAL__F__ZNK2v88internal6torque3cpp8Function22PrintDeclarationHeaderERSoi
|
|
5982
5982
|
_GLOBAL__F__ZNK2v88internal6torque4Rule9RunActionEPKNS1_4ItemERKNS1_11LexerResultE
|
|
5983
|
-
_GLOBAL__I_65535_0_.._deps_v8_src_common_ptr_compr.
|
|
5983
|
+
_GLOBAL__I_65535_0_.._deps_v8_src_common_ptr_compr.cc_87E8306D_0x7ad2cb38b5bbc8b2
|
|
5984
5984
|
_GLOBAL__I_65535_0_.._deps_v8_src_compiler_int64_lowering.cc_E21CEA7D_0x1ac90f5e4394c074
|
|
5985
|
-
_GLOBAL__I_65535_0_.._deps_v8_src_compiler_turboshaft_utils.
|
|
5985
|
+
_GLOBAL__I_65535_0_.._deps_v8_src_compiler_turboshaft_utils.cc_DFF67DD7_0x83b97329f83d321
|
|
5986
5986
|
_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_gdb_jit.cc_DFF67DD7_0xd5582dde01019a40
|
|
5987
5987
|
_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_objects_debug.cc_DFF67DD7_0xfc307f2e5da7a714
|
|
5988
5988
|
_GLOBAL__I_65535_0_.._deps_v8_src_execution_arguments.cc_DFF67DD7_0xca19078f607b442e
|
|
5989
5989
|
_GLOBAL__I_65535_0_.._deps_v8_src_execution_simulator_base.cc_7874F2D3_0x19fe1aa8a1fbc856
|
|
5990
|
-
_GLOBAL__I_65535_0_.._deps_v8_src_heap_evacuation_verifier.
|
|
5991
|
-
_GLOBAL__I_65535_0_.._deps_v8_src_heap_factory_base.
|
|
5990
|
+
_GLOBAL__I_65535_0_.._deps_v8_src_heap_evacuation_verifier.cc_FE345EE0_0x191434e6c1d5c8e3
|
|
5991
|
+
_GLOBAL__I_65535_0_.._deps_v8_src_heap_factory_base.cc_7874F2D3_0x12712529d4ebff30
|
|
5992
5992
|
_GLOBAL__I_65535_0_.._deps_v8_src_heap_heap_verifier.cc_7874F2D3_0x98e85742896c204e
|
|
5993
5993
|
_GLOBAL__I_65535_0_.._deps_v8_src_heap_objects_visiting.cc_DFF67DD7_0x4c0f84d7016fc70d
|
|
5994
5994
|
_GLOBAL__I_65535_0_.._deps_v8_src_objects_tagged_impl.cc_87E8306D_0xa1e14aa90c304163
|
|
@@ -5997,7 +5997,7 @@ _GLOBAL__I_65535_0_.._deps_v8_src_sandbox_code_pointer_table.cc_87E8306D_0x18b1e
|
|
|
5997
5997
|
_GLOBAL__I_65535_0_.._deps_v8_src_sandbox_external_pointer_table.cc_87E8306D_0xe024b3244e0d65d2
|
|
5998
5998
|
_GLOBAL__I_65535_0_.._deps_v8_src_sandbox_sandbox.cc_87E8306D_0xd1d01372b263d45d
|
|
5999
5999
|
_GLOBAL__I_65535_0_.._deps_v8_src_sandbox_testing.cc_7874F2D3_0x752cde940e7dfac2
|
|
6000
|
-
_GLOBAL__I_65535_0_.._src_connection_wrap.
|
|
6000
|
+
_GLOBAL__I_65535_0_.._src_connection_wrap.cc_E21CEA7D_0x4d37d11a258a2aed
|
|
6001
6001
|
_GLOBAL__I_65535_0_OPENSSL_ppccap_P
|
|
6002
6002
|
_GLOBAL__I_65535_0__Z16_register_configv
|
|
6003
6003
|
_GLOBAL__I_65535_0__Z17_register_symbolsv
|
|
@@ -88942,10 +88942,10 @@ llhttp__internal__c_test_flags_3
|
|
|
88942
88942
|
llhttp__internal__c_test_flags_4
|
|
88943
88943
|
llhttp__internal__c_test_lenient_flags
|
|
88944
88944
|
llhttp__internal__c_test_lenient_flags_1
|
|
88945
|
-
llhttp__internal__c_test_lenient_flags_19
|
|
88946
88945
|
llhttp__internal__c_test_lenient_flags_2
|
|
88947
|
-
|
|
88948
|
-
|
|
88946
|
+
llhttp__internal__c_test_lenient_flags_20
|
|
88947
|
+
llhttp__internal__c_test_lenient_flags_22
|
|
88948
|
+
llhttp__internal__c_test_lenient_flags_24
|
|
88949
88949
|
llhttp__internal__c_test_lenient_flags_3
|
|
88950
88950
|
llhttp__internal__c_test_lenient_flags_4
|
|
88951
88951
|
llhttp__internal__c_test_lenient_flags_7
|