Notable Changes:
Experimental command-line argument parser API
Experimental ESM Loader Hooks API
Experimental test runner
Improved interoperability of the Web Crypto API
Dependency updates:
Updated Corepack to 0.12.1
Updated ICU to 71.1
Updated npm to 8.15.0
Updated Undici to 5.8.0
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 841b38f37a)
The uuid module has been split out into a separate package with the
update to Python 3.10.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit 52ae0a2018)
makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible
Quoting inner commit message:
This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.
While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.
Therefore I see no need to prevent them from running LuaJit
explicitly.
[^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit a4a484fbca)
Update to v16.16.0
Release for the following issues:
HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212)
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
No vulnerabilities related with openssl (uses system openssl)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 8db0d09823)
Description:
Update from v16.15.0
Changed handling of host's npm problems due to npm updates.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit fcfd2599d9)
Includes fix for CVE-2022-30634 (crypto/rand: Read hangs when passed
buffer larger than 1<<32 - 1).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 112cf09031)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit acd8384ede)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 20876aadf8)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 46ce0df523)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 005e114ddd)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit fb36a5226c)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 285efba8ea)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 3138eacbe3)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
The modification method is different from other node modules.
The reason is due to the npm@8 issue.
https://github.com/npm/cli/issues/4027
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit eee26dbac6)
This update also changes npm from v6 to v8.
This change also requires node module packages to be modified.
Each package will be updated later.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 28be0c92c2)
Includes fixes for:
* CVE-2022-24675 - encoding/pem: stack overflow
* CVE-2022-28327 - crypto/elliptic: generic P-256 panic when scalar has
too many leading zeroes
This also adds -buildvcs=false to omit VCS information in Go programs.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8c0477a895)
Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit bed8dc2132)