node-linux-arm64 20.19.0 → 20.19.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +46 -1
  2. package/bin/node +0 -0
  3. package/include/node/node_version.h +1 -1
  4. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -9,6 +9,8 @@
9
9
  </tr>
10
10
  <tr>
11
11
  <td>
12
+ <a href="#20.19.2">20.19.2</a><br/>
13
+ <a href="#20.19.1">20.19.1</a><br/>
12
14
  <a href="#20.19.0">20.19.0</a><br/>
13
15
  <a href="#20.18.3">20.18.3</a><br/>
14
16
  <a href="#20.18.2">20.18.2</a><br/>
@@ -69,6 +71,47 @@
69
71
  * [io.js](CHANGELOG_IOJS.md)
70
72
  * [Archive](CHANGELOG_ARCHIVE.md)
71
73
 
74
+ <a id="20.19.2"></a>
75
+
76
+ ## 2025-05-14, Version 20.19.2 'Iron' (LTS), @RafaelGSS
77
+
78
+ This is a security release.
79
+
80
+ ### Notable Changes
81
+
82
+ * (CVE-2025-23166) fix error handling on async crypto operation
83
+ * (CVE-2025-23167) (SEMVER-MAJOR) update llhttp to 9.2.0
84
+ * (CVE-2025-23165) add missing call to uv\_fs\_req\_cleanup
85
+
86
+ ### Commits
87
+
88
+ * \[[`eb25047b1b`](https://github.com/nodejs/node/commit/eb25047b1b)] - **deps**: update llhttp to 9.2.0 (Node.js GitHub Bot) [#51719](https://github.com/nodejs/node/pull/51719)
89
+ * \[[`12dcd8db08`](https://github.com/nodejs/node/commit/12dcd8db08)] - **deps**: update llhttp to 9.1.3 (Node.js GitHub Bot) [#50080](https://github.com/nodejs/node/pull/50080)
90
+ * \[[`190e45a291`](https://github.com/nodejs/node/commit/190e45a291)] - **(SEMVER-MAJOR)** **(CVE-2025-23167)** **deps**: update llhttp to 9.1.2 (Paolo Insogna) [#48981](https://github.com/nodejs/node/pull/48981)
91
+ * \[[`fc68c44e6a`](https://github.com/nodejs/node/commit/fc68c44e6a)] - **fs**: added test for missing call to uv\_fs\_req\_cleanup (Justin Nietzel) [#57811](https://github.com/nodejs/node/pull/57811)
92
+ * \[[`9e13bf0a81`](https://github.com/nodejs/node/commit/9e13bf0a81)] - **(CVE-2025-23165)** **fs**: add missing call to uv\_fs\_req\_cleanup (Justin Nietzel) [#57811](https://github.com/nodejs/node/pull/57811)
93
+ * \[[`bd0aa5d44c`](https://github.com/nodejs/node/commit/bd0aa5d44c)] - **(CVE-2024-27982)** **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#556](https://github.com/nodejs-private/node-private/pull/556)
94
+ * \[[`6c57465920`](https://github.com/nodejs/node/commit/6c57465920)] - **(CVE-2025-23166)** **src**: fix error handling on async crypto operations (RafaelGSS) [nodejs-private/node-private#710](https://github.com/nodejs-private/node-private/pull/710)
95
+
96
+ <a id="20.19.1"></a>
97
+
98
+ ## 2025-04-22, Version 20.19.1 'Iron' (LTS), @UlisesGascon prepared by @RafaelGSS
99
+
100
+ ### Notable Changes
101
+
102
+ * \[[`d5e73ce0f8`](https://github.com/nodejs/node/commit/d5e73ce0f8)] - **deps**: update undici to 6.21.2 (Matteo Collina) [#57442](https://github.com/nodejs/node/pull/57442)
103
+ * \[[`e4a6323ab2`](https://github.com/nodejs/node/commit/e4a6323ab2)] - **deps**: update c-ares to v1.34.5 (Node.js GitHub Bot) [#57792](https://github.com/nodejs/node/pull/57792)
104
+
105
+ ### Commits
106
+
107
+ * \[[`d5e73ce0f8`](https://github.com/nodejs/node/commit/d5e73ce0f8)] - **deps**: update undici to 6.21.2 (Matteo Collina) [#57442](https://github.com/nodejs/node/pull/57442)
108
+ * \[[`e4a6323ab2`](https://github.com/nodejs/node/commit/e4a6323ab2)] - **deps**: update c-ares to v1.34.5 (Node.js GitHub Bot) [#57792](https://github.com/nodejs/node/pull/57792)
109
+ * \[[`b2b9eb36af`](https://github.com/nodejs/node/commit/b2b9eb36af)] - **dns**: restore dns query cache ttl (Ethan Arrowood) [#57640](https://github.com/nodejs/node/pull/57640)
110
+ * \[[`07a99a5c0b`](https://github.com/nodejs/node/commit/07a99a5c0b)] - **doc**: correct status of require(esm) warning in v20 changelog (Joyee Cheung) [#57529](https://github.com/nodejs/node/pull/57529)
111
+ * \[[`d45517ccbf`](https://github.com/nodejs/node/commit/d45517ccbf)] - **meta**: bump Mozilla-Actions/sccache-action from 0.0.8 to 0.0.9 (dependabot\[bot]) [#57720](https://github.com/nodejs/node/pull/57720)
112
+ * \[[`fa93bb2633`](https://github.com/nodejs/node/commit/fa93bb2633)] - **test**: update parallel/test-tls-dhe for OpenSSL 3.5 (Richard Lau) [#57477](https://github.com/nodejs/node/pull/57477)
113
+ * \[[`29c032403c`](https://github.com/nodejs/node/commit/29c032403c)] - **tools**: update sccache to support GH cache changes (Michaël Zasso) [#57573](https://github.com/nodejs/node/pull/57573)
114
+
72
115
  <a id="20.19.0"></a>
73
116
 
74
117
  ## 2025-03-13, Version 20.19.0 'Iron' (LTS), @marco-ippolito
@@ -79,7 +122,9 @@
79
122
 
80
123
  Support for loading native ES modules using require() had been available on v20.x under the command line flag --experimental-require-module, and available by default on v22.x and v23.x. In this release, it is now no longer behind a flag on v20.x.
81
124
 
82
- This feature has been tested on v23.x and v22.x, and we are looking for user feedback from v20.x to make more final tweaks before fully stabilizing it. When the Node.js instance encounters a native ES module in require() somewhere outside `node_modules` for the first time, it will emit an experimental warning unless `require()` comes from a path that contains `node_modules`. If there happens to be any regressions caused by this feature, users can report it to the Node.js issue tracker. Meanwhile this feature can also be disabled using `--no-experimental-require-module` as a workaround.
125
+ This feature has been tested on v23.x and v22.x, and we are looking for user feedback from v20.x to make more final tweaks before fully stabilizing it.
126
+ It now no longer emits a warning unless `--trace-require-module` is explicitly used.
127
+ If there happens to be any regressions caused by this feature, users can report it to the Node.js issue tracker. Meanwhile this feature can also be disabled using `--no-experimental-require-module` as a workaround.
83
128
 
84
129
  With this feature enabled, Node.js will no longer throw `ERR_REQUIRE_ESM` if `require()` is used to load a ES module. It can, however, throw `ERR_REQUIRE_ASYNC_MODULE` if the ES module being loaded or its dependencies contain top-level `await`. When the ES module is loaded successfully by `require()`, the returned object will either be a ES module namespace object similar to what's returned by `import()`, or what gets exported as `"module.exports"` in the ES module.
85
130
 
package/bin/node CHANGED
Binary file
package/include/node/node_version.h CHANGED
@@ -24,7 +24,7 @@
24
24
 
25
25
  #define NODE_MAJOR_VERSION 20
26
26
  #define NODE_MINOR_VERSION 19
27
- #define NODE_PATCH_VERSION 0
27
+ #define NODE_PATCH_VERSION 2
28
28
 
29
29
  #define NODE_VERSION_IS_LTS 1
30
30
  #define NODE_VERSION_LTS_CODENAME "Iron"
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "node-linux-arm64",
3
- "version": "v20.19.0",
3
+ "version": "v20.19.2",
4
4
  "description": "node",
5
5
  "bin": {
6
6
  "node": "bin/node"