node-linux-arm64 18.20.0 → 18.20.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +35 -0
  2. package/bin/node +0 -0
  3. package/include/node/node_version.h +1 -1
  4. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -9,6 +9,8 @@
9
9
  </tr>
10
10
  <tr>
11
11
  <td>
12
+ <a href="#18.20.2">18.20.2</a><br/>
13
+ <a href="#18.20.1">18.20.1</a><br/>
12
14
  <a href="#18.20.0">18.20.0</a><br/>
13
15
  <a href="#18.19.1">18.19.1</a><br/>
14
16
  <a href="#18.19.0">18.19.0</a><br/>
@@ -65,6 +67,39 @@
65
67
  * [io.js](CHANGELOG_IOJS.md)
66
68
  * [Archive](CHANGELOG_ARCHIVE.md)
67
69
 
70
+ <a id="18.20.2"></a>
71
+
72
+ ## 2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS
73
+
74
+ This is a security release.
75
+
76
+ ### Notable Changes
77
+
78
+ * CVE-2024-27980 - Command injection via args parameter of `child_process.spawn` without shell option enabled on Windows
79
+
80
+ ### Commits
81
+
82
+ * \[[`6627222409`](https://github.com/nodejs/node/commit/6627222409)] - **src**: disallow direct .bat and .cmd file spawning (Ben Noordhuis) [nodejs-private/node-private#564](https://github.com/nodejs-private/node-private/pull/564)
83
+
84
+ <a id="18.20.1"></a>
85
+
86
+ ## 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @RafaelGSS
87
+
88
+ This is a security release.
89
+
90
+ ### Notable Changes
91
+
92
+ * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
93
+ * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
94
+ * llhttp version 9.2.1
95
+ * undici version 5.28.4
96
+
97
+ ### Commits
98
+
99
+ * \[[`60d24938de`](https://github.com/nodejs/node/commit/60d24938de)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#577](https://github.com/nodejs-private/node-private/pull/577)
100
+ * \[[`5d4d5848cf`](https://github.com/nodejs/node/commit/5d4d5848cf)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#558](https://github.com/nodejs-private/node-private/pull/558)
101
+ * \[[`0fb816dbcc`](https://github.com/nodejs/node/commit/0fb816dbcc)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
102
+
68
103
  <a id="18.20.0"></a>
69
104
 
70
105
  ## 2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @richardlau
package/bin/node CHANGED
Binary file
package/include/node/node_version.h CHANGED
@@ -24,7 +24,7 @@
24
24
 
25
25
  #define NODE_MAJOR_VERSION 18
26
26
  #define NODE_MINOR_VERSION 20
27
- #define NODE_PATCH_VERSION 0
27
+ #define NODE_PATCH_VERSION 2
28
28
 
29
29
  #define NODE_VERSION_IS_LTS 1
30
30
  #define NODE_VERSION_LTS_CODENAME "Hydrogen"
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "node-linux-arm64",
3
- "version": "v18.20.0",
3
+ "version": "v18.20.2",
4
4
  "description": "node",
5
5
  "bin": {
6
6
  "node": "bin/node"