head 1.40; access; symbols pkgsrc-2025Q1:1.38.0.2 pkgsrc-2025Q1-base:1.38 pkgsrc-2024Q4:1.36.0.2 pkgsrc-2024Q4-base:1.36 pkgsrc-2024Q3:1.32.0.2 pkgsrc-2024Q3-base:1.32 pkgsrc-2024Q2:1.31.0.2 pkgsrc-2024Q2-base:1.31 pkgsrc-2024Q1:1.27.0.2 pkgsrc-2024Q1-base:1.27 pkgsrc-2023Q4:1.25.0.2 pkgsrc-2023Q4-base:1.25 pkgsrc-2023Q3:1.19.0.2 pkgsrc-2023Q3-base:1.19 pkgsrc-2023Q2:1.13.0.2 pkgsrc-2023Q2-base:1.13 pkgsrc-2023Q1:1.7.0.2 pkgsrc-2023Q1-base:1.7 pkgsrc-2022Q4:1.2.0.2 pkgsrc-2022Q4-base:1.2; locks; strict; comment @# @; 1.40 date 2025.05.07.05.57.55; author adam; state dead; branches; next 1.39; commitid 7UcA9tWwGD1kcWTF; 1.39 date 2025.04.17.21.51.21; author wiz; state Exp; branches; next 1.38; commitid xcIXAVA292fk6sRF; 1.38 date 2025.02.21.16.58.38; author adam; state Exp; branches; next 1.37; commitid KaoVku0TTNOfgmKF; 1.37 date 2025.01.22.10.59.34; author adam; state Exp; branches; next 1.36; commitid cIhsAuK5q1MWetGF; 1.36 date 2024.11.23.11.03.32; author adam; state Exp; branches; next 1.35; commitid h8aO7wMZ13AQbLyF; 1.35 date 2024.11.14.22.20.29; author wiz; state Exp; branches; next 1.34; commitid JmuDYqwL4erbdFxF; 1.34 date 2024.11.01.12.53.14; author wiz; state Exp; branches; next 1.33; commitid QB4Wk02mZPuBuWvF; 1.33 date 2024.11.01.00.52.27; author wiz; state Exp; branches; next 1.32; commitid QT27BdVP362gvSvF; 1.32 date 2024.08.13.08.55.18; author adam; state Exp; branches; next 1.31; commitid OFi7TLMNAO5aLDlF; 1.31 date 2024.05.31.05.42.29; author adam; state Exp; branches; next 1.30; commitid 17Jgl3xGdP9u47cF; 1.30 date 2024.05.29.16.33.14; author adam; state Exp; branches; next 1.29; commitid n8aFyEjEVZA0JUbF; 1.29 date 2024.04.11.14.49.35; author adam; state Exp; branches; next 1.28; commitid ydVD9pcvQQSQHJ5F; 1.28 date 2024.04.05.05.32.13; author adam; state Exp; branches; next 1.27; commitid 7ufGBXsaKjNBOU4F; 1.27 date 2024.02.14.21.26.59; author adam; state Exp; branches; next 1.26; commitid cbSkjYPSlRDMJrYE; 1.26 date 2024.01.11.09.42.46; author adam; state Exp; branches; next 1.25; commitid gypI4V6yvgSRV0UE; 1.25 date 2023.11.23.16.57.37; author jperkin; state Exp; branches; next 1.24; commitid wO2D7spIjH6BUKNE; 1.24 date 2023.11.08.13.19.50; author wiz; state Exp; branches; next 1.23; commitid PsuHTklAIsF4bOLE; 1.23 date 2023.10.24.22.09.37; author wiz; state Exp; branches; next 1.22; commitid MTsrqKm6aGrQAVJE; 1.22 date 2023.10.23.06.37.47; author wiz; state Exp; branches; next 1.21; commitid 4YdPmMYgk9hutIJE; 1.21 date 2023.10.16.19.16.58; author adam; state Exp; branches; next 1.20; commitid p2rEiVt1zac9USIE; 1.20 date 2023.10.12.11.34.23; author adam; state Exp; branches; next 1.19; commitid NS2mfsRBEztxtkIE; 1.19 date 2023.09.20.11.23.19; author adam; state Exp; branches; next 1.18; commitid CsQE880zmmLs7vFE; 1.18 date 2023.08.14.05.24.45; author wiz; state Exp; branches; next 1.17; commitid LOSB79OLVxvXjIAE; 1.17 date 2023.08.11.05.26.49; author adam; state Exp; branches; next 1.16; commitid w0A5c2nH7m6HqkAE; 1.16 date 2023.07.19.09.23.00; author adam; state Exp; branches; next 1.15; commitid FUcwOQrBXA9itoxE; 1.15 date 2023.07.18.18.25.29; author nia; state Exp; branches; next 1.14; commitid JS6o2z0bdmv3wjxE; 1.14 date 2023.07.11.06.13.10; author adam; state Exp; branches; next 1.13; commitid rf3Ps4a7VNQOGlwE; 1.13 date 2023.06.21.15.14.54; author adam; state Exp; branches; next 1.12; commitid Ew8o82ZalH2jkPtE; 1.12 date 2023.06.06.12.41.45; author riastradh; state Exp; branches; next 1.11; commitid xhspr6Z8JLQOWSrE; 1.11 date 2023.05.04.21.10.25; author wiz; state Exp; branches; next 1.10; commitid bzH4nzAeQDs7QGnE; 1.10 date 2023.04.27.12.15.11; author wiz; state Exp; branches; next 1.9; commitid 1O14Fll1Fkdi6KmE; 1.9 date 2023.04.26.19.44.09; author wiz; state Exp; branches; next 1.8; commitid WfFVfgSivm6tCEmE; 1.8 date 2023.04.19.17.40.30; author adam; state Exp; branches; next 1.7; commitid T0es3kmhnY6N9KlE; 1.7 date 2023.03.08.08.52.56; author adam; state Exp; branches; next 1.6; commitid CrUUvlRQp8pxAigE; 1.6 date 2023.02.23.07.56.46; author adam; state Exp; branches; next 1.5; commitid QyB4lcXg3RhfHCeE; 1.5 date 2023.02.17.11.58.36; author adam; state Exp; branches; next 1.4; commitid hpS1FLvRTnX9eSdE; 1.4 date 2023.02.03.11.49.19; author adam; state Exp; branches; next 1.3; commitid O7ae7dgd4hQPC4cE; 1.3 date 2023.01.11.17.33.48; author adam; state Exp; branches; next 1.2; commitid zIcRAKJamckKg99E; 1.2 date 2022.12.03.20.53.31; author adam; state Exp; branches; next 1.1; commitid 5SXy9XyTuQPgD94E; 1.1 date 2022.12.03.16.59.22; author adam; state Exp; branches; next ; commitid gW7euvk8GZqWk84E; desc @@ 1.40 log @nodejs18: removed; end of life @ text @# $NetBSD: Makefile,v 1.39 2025/04/17 21:51:21 wiz Exp $ DISTNAME= node-v18.20.7 EXTRACT_SUFX= .tar.xz USE_LANGUAGES= c gnu++17 USE_CXX_FEATURES+= c++17 charconv PKGREVISION= 1 .include "../../mk/bsd.prefs.mk" # XXX: figure out a way to add rpaths to torque MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib CONFIGURE_ARGS+= --shared-nghttp3 CONFIGURE_ARGS+= --shared-ngtcp2 CONFIGURE_ARGS+= --without-dtrace CHECK_INTERPRETER_SKIP+= lib/node_modules/corepack/shims/*.ps1 CHECK_PORTABILITY_SKIP+= deps/uv/autogen.sh CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/export_to_github.sh CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/test_cmake.sh CHECK_PORTABILITY_SKIP+= tools/macos-installer/pkgbuild/npm/scripts/preinstall .if ${MACHINE_ARCH} == "i386" # required for SSE2 code under i386. CXXFLAGS+= -mstackrealign .endif .PHONY: minusx post-install: minusx minusx: ${CHMOD} -x ${DESTDIR}${PREFIX}/lib/node_modules/corepack/shims/*.cmd .include "../../lang/nodejs/options.mk" # Node turns on -latomic for arm, mips and ppc. .if ${MACHINE_ARCH:M*arm*} || \ ${MACHINE_ARCH:M*powerpc*} || \ ${MACHINE_ARCH:M*mips*} .include "../../devel/libatomic/buildlink3.mk" .endif .include "../../lang/nodejs/Makefile.common" .include "../../net/ngtcp2/buildlink3.mk" .include "../../www/nghttp3/buildlink3.mk" .include "../../mk/atomic64.mk" .include "../../mk/bsd.pkg.mk" @ 1.39 log @*: recursive bump for icu 77 and libxml2 2.14 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38 2025/02/21 16:58:38 adam Exp $ @ 1.38 log @nodejs18: updated to 18.20.7 Version 18.20.7 'Hydrogen' (LTS) Notable Changes - crypto: update root certificates to NSS 3.107 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2025/01/22 10:59:34 adam Exp $ d10 1 @ 1.37 log @nodejs18: updated to 18.20.6 Version 18.20.6 'Hydrogen' (LTS) Notable Changes CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency update: CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.36 2024/11/23 11:03:32 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.20.6 @ 1.36 log @nodejs18: updated to 18.20.5 Version 18.20.5 'Hydrogen' (LTS) Notable Changes - esm: mark import attributes and JSON module as stable @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.35 2024/11/14 22:20:29 wiz Exp $ d3 1 a3 1 DISTNAME= node-v18.20.5 @ 1.35 log @*: recursive bump for icu 76 shlib major version bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.34 2024/11/01 12:53:14 wiz Exp $ d3 1 a3 1 DISTNAME= node-v18.20.4 a9 1 PKGREVISION= 3 a18 2 PYTHON_VERSIONS_INCOMPATIBLE= 27 @ 1.34 log @*: revbump for icu downgrade @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.33 2024/11/01 00:52:27 wiz Exp $ d10 1 a10 1 PKGREVISION= 2 @ 1.33 log @*: recursive bump for icu 76.1 shlib bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.32 2024/08/13 08:55:18 adam Exp $ d10 1 a10 1 PKGREVISION= 1 @ 1.32 log @nodejs18: updated to 18.20.4 Version 18.20.4 'Hydrogen' (LTS) This is a security release. Notable Changes CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) CVE-2024-22020 - Bypass network import restriction via data URL (Medium) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.31 2024/05/31 05:42:29 adam Exp $ d10 1 @ 1.31 log @nodejs18: updated to 18.20.3 Version 18.20.3 'Hydrogen' (LTS) Notable Changes This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections. A fix has also been included for compiling Node.js from source with newer versions of Clang. The list of keys used to sign releases has been synchronized with the current list from the main branch. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.30 2024/05/29 16:33:14 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.20.3 @ 1.30 log @revbump after icu and protobuf updates @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29 2024/04/11 14:49:35 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.20.2 a9 1 PKGREVISION= 1 @ 1.29 log @nodejs18: updated to 18.20.2 Version 18.20.2 'Hydrogen' (LTS) Notable Changes CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.28 2024/04/05 05:32:13 adam Exp $ d10 1 @ 1.28 log @nodejs18: updated to 18.20.1 Version 18.20.1 'Hydrogen' (LTS) Notable Changes CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium) llhttp version 9.2.1 undici version 5.28.4 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.27 2024/02/14 21:26:59 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.20.1 @ 1.27 log @nodejs18: updated to 18.19.1 Version 18.19.1 'Hydrogen' (LTS) Notable changes CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High) CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) undici version 5.28.3 npm version 10.2.4 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.26 2024/01/11 09:42:46 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.19.1 @ 1.26 log @nodejs18: updated to 18.19.0 Version 18.19.0 'Hydrogen' (LTS) Notable Changes npm updated to v10 After two months of baking time in Node.js 20, npm 10 is backported, so that all release lines include a supported version of npm. This release includes npm v10.2.3. ESM and customization hook changes Leverage loaders when resolving subsequent loaders Loaders now apply to subsequent loaders, for example: --experimental-loader ts-node --experimental-loader loader-written-in-typescript. New node:module API register for module customization hooks; new initialize hook There is a new API register available on node:module to specify a file that exports module customization hooks, and pass data to the hooks, and establish communication channels with them. The “define the file with the hooks” part was previously handled by a flag --experimental-loader, but when the hooks moved into a dedicated thread in 20.0.0 there was a need to provide a way to communicate between the main (application) thread and the hooks thread. This can now be done by calling register from the main thread and passing data, including MessageChannel instances. We encourage users to migrate to an approach that uses --import with register, such as: node --import ./file-that-calls-register.js ./app.js Using --import ensures that the customization hooks are registered before any application code runs, even the entry point. import.meta.resolve unflagged In ES modules, import.meta.resolve(specifier) can be used to get an absolute URL string to which specifier resolves, similar to require.resolve in CommonJS. This aligns Node.js with browsers and other server-side runtimes. --experimental-default-type flag to flip module defaults The new flag --experimental-default-type can be used to flip the default module system used by Node.js. Input that is already explicitly defined as ES modules or CommonJS, such as by a package.json "type" field or .mjs/.cjs file extension or the --input-type flag, is unaffected. What is currently implicitly CommonJS would instead be interpreted as ES modules under --experimental-default-type=module: String input provided via --eval or STDIN, if --input-type is unspecified. Files ending in .js or with no extension, if there is no package.json file present in the same folder or any parent folder. Files ending in .js or with no extension, if the nearest parent package.json field lacks a type field; unless the folder is inside a node_modules folder. In addition, extensionless files are interpreted as Wasm if --experimental-wasm-modules is passed and the file contains the "magic bytes" Wasm header. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.25 2023/11/23 16:57:37 jperkin Exp $ d3 1 a3 1 DISTNAME= node-v18.19.0 @ 1.25 log @nodejs*: Consolidate and fix python includes. Ensures that PYTHON_FOR_BUILD_ONLY is set prior to including pyversion.mk, and ensures python and its dependencies are not buildlinked. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2023/11/08 13:19:50 wiz Exp $ d3 1 a3 2 DISTNAME= node-v18.18.2 PKGREVISION= 3 @ 1.24 log @*: recursive bump for icu 74.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2023/10/24 22:09:37 wiz Exp $ a46 2 .include "../../lang/python/batteries-included.mk" .include "../../lang/python/tool.mk" d48 1 @ 1.23 log @*: bump for openssl 3 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2023/10/23 06:37:47 wiz Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.22 log @*: update for Python base package change Instead of depending on one of the removed packages (that are now included in the base Python packages), include batteries-included.mk to require a Python version that supplies them. Remove now included packages. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2023/10/16 19:16:58 adam Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.21 log @nodejs18: updated to 18.18.2 Version 18.18.2 'Hydrogen' (LTS) This is a security release. Notable Changes The following CVEs are fixed in this release: * CVE-2023-44487: `nghttp2` Security Release (High) * CVE-2023-45143: `undici` Security Release (High) * CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium) * CVE-2023-39333: Code injection via WebAssembly export names (Low) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2023/10/12 11:34:23 adam Exp $ d4 1 a10 2 TOOL_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat d47 2 @ 1.20 log @nodejs18: updated to 18.18.1 Version 18.18.1 'Hydrogen' (LTS) Notable Changes This release addresses some regressions that appeared in Node.js 18.18.0: * (Windows) FS can not handle certain characters in file name * 18 and 20 node images give error - Text file busy (after re-build images) * libuv update in 18.18.0 breaks webpack's thread-loader @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2023/09/20 11:23:19 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.18.1 @ 1.19 log @nodejs18: updated to 18.18.0 Version 18.18.0 'Hydrogen' (LTS) Notable Changes - **build**: sync libuv header change (Jiawen Geng) - **crypto**: update root certificates to NSS 3.93 (Node.js GitHub Bot) - **crypto**: update root certificates to NSS 3.90 (Node.js GitHub Bot) - **deps**: add missing thread-common.c in uv.gyp (Santiago Gimeno) - **deps**: upgrade to libuv 1.46.0 (Santiago Gimeno) - **deps**: upgrade to libuv 1.45.0 (Santiago Gimeno) - **doc**: add atlowChemi to collaborators (atlowChemi) - **doc**: add vmoroz to collaborators (Vladimir Morozov) - **doc**: add kvakil to collaborators (Keyhan Vakil) - **(SEMVER-MINOR)** **esm**: add `--import` flag (Moshe Atlow) - **(SEMVER-MINOR)** **events**: allow safely adding listener to abortSignal (Chemi Atlow) - **fs, stream**: initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) - **net**: add autoSelectFamily global getter and setter (Paolo Insogna) - **(SEMVER-MINOR)** **url**: add value argument to has and delete methods (Sankalp Shubham) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2023/08/14 05:24:45 wiz Exp $ d3 1 a3 1 DISTNAME= node-v18.18.0 @ 1.18 log @*: recursive bump for Python 3.11 as new default @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2023/08/11 05:26:49 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.17.1 a11 1 PKGREVISION= 1 @ 1.17 log @nodejs18: updated to 18.17.1 Version 18.17.1 'Hydrogen' (LTS) Notable Changes The following CVEs are fixed in this release: * CVE-2023-32002: Policies can be bypassed via Module.\_load (High) * CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium) * CVE-2023-32559: Policies can be bypassed via process.binding (Medium) * OpenSSL Security Releases @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2023/07/19 09:23:00 adam Exp $ d12 1 @ 1.16 log @nodejs18: updated to 18.17.0 Version 18.17.0 'Hydrogen' (LTS), @@danielleadams Notable Changes Ada 2.0 Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url. Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4, while also eliminating the need for the ICU requirement for URL hostname parsing. Web Crypto API Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations. This further improves interoperability with other implementations of Web Crypto API. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2023/07/18 18:25:29 nia Exp $ d3 1 a3 1 DISTNAME= node-v18.17.0 @ 1.15 log @lang: Adapt packages to USE_(CC|CXX)_FEATURES where possible @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2023/07/11 06:13:10 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.16.1 a11 1 PKGREVISION= 1 @ 1.14 log @revbump after nghttp3/ngtcp2 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2023/06/21 15:14:54 adam Exp $ d7 2 a8 2 # GCC_REQD+= 8 @ 1.13 log @nodejs18: updated to 18.16.1 Version 18.16.1 'Hydrogen' (LTS) This is a security release. Notable Changes The following CVEs are fixed in this release: * [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) * [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium) * [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium) * [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium) * OpenSSL Security Releases * [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt). * [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt). * [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt) * c-ares vulnerabilities: * [GHSA-9g78-jv2r-p7vc](https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc) * [GHSA-8r8p-23f3-64c2](https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2) * [GHSA-54xr-f67r-4pc4](https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4) * [GHSA-x6mf-cxr9-8q6v](https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2023/06/06 12:41:45 riastradh Exp $ d12 1 @ 1.12 log @Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/. Almost all uses, if not all of them, are wrong, according to the semantics of BUILD_DEPENDS (packages built for target available for use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for host available for use _as_ tools at build-time). No change to BUILD_DEPENDS as used correctly inside buildlink3. As proposed on tech-pkg: https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2023/05/04 21:10:25 wiz Exp $ d3 1 a3 2 DISTNAME= node-v18.16.0 PKGREVISION= 2 @ 1.11 log @nodejs18: require gcc8 for @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2023/04/27 12:15:11 wiz Exp $ d11 1 a11 1 BUILD_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat @ 1.10 log @*: recursive bump for nghttp3 shlib major change @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2023/04/26 19:44:09 wiz Exp $ d8 2 @ 1.9 log @*: recursive bump for ngtcp2 shlib major bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2023/04/19 17:40:30 adam Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.8 log @nodejs18: updated to 18.16.0 Version 18.16.0 'Hydrogen' (LTS) Notable changes Add initial support for single executable applications Replace url parser with Ada buffer: (SEMVER-MINOR) add Buffer.copyBytesFrom(...) (James M Snell) doc: add marco-ippolito to collaborators (Marco Ippolito) add debadree25 to collaborators (Debadree Chatterjee) add deokjinkim to collaborators (Deokjin Kim) events: (SEMVER-MINOR) add listener argument to listenerCount (Paolo Insogna) lib: (SEMVER-MINOR) add AsyncLocalStorage.bind() and .snapshot() (flakey5) (SEMVER-MINOR) add aborted() utility function (Debadree Chatterjee) src: (SEMVER-MINOR) allow optional Isolate termination in node::Stop() (Shelley Vohr) (SEMVER-MINOR) allow embedder control of code generation policy (Shelley Vohr) stream: (SEMVER-MINOR) add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) tls: (SEMVER-MINOR) support automatic DHE (Tobias Nießen) url: (SEMVER-MINOR) implement URLSearchParams size getter (James M Snell) worker: (SEMVER-MINOR) add support for worker name in inspector and trace_events (Debadree Chatterjee) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2023/03/08 08:52:56 adam Exp $ d4 1 @ 1.7 log @nodejs18: updated to 18.15.0 Version 18.15.0 'Hydrogen' (LTS) Notable Changes - doc,lib,src,test: rename --test-coverage (Colin Ihrig) - test_runner: add initial code coverage support (Colin Ihrig) - (SEMVER-MINOR) test_runner: add reporters (Moshe Atlow) - (SEMVER-MINOR) fs: add statfs() functions (Colin Ihrig) - (SEMVER-MINOR) vm: expose cachedDataRejected for vm.compileFunction (Anna Henningsen) - (SEMVER-MINOR) v8: support gc profile (theanarkh) - (SEMVER-MINOR) src,lib: add constrainedMemory API for process (theanarkh) - (SEMVER-MINOR) buffer: add isAscii method (Yagiz Nizipli) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2023/02/23 07:56:46 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.15.0 a14 2 CONFIGURE_ARGS+= --shared-brotli CONFIGURE_ARGS+= --shared-nghttp2 a16 1 CONFIGURE_ARGS+= --with-intl=system-icu d21 1 a26 4 REPLACE_NODEJS+= deps/corepack/dist/*.js .include "../../lang/nodejs/application.mk" CHECK_INTERPRETER_SKIP+= lib/node_modules/corepack/shims/*.ps1 a46 1 .include "../../archivers/brotli/buildlink3.mk" a47 4 .include "../../textproc/icu/buildlink3.mk" # Requires nghttp2_option_set_max_settings BUILDLINK_API_DEPENDS.nghttp2+= nghttp2>=1.41.0 .include "../../www/nghttp2/buildlink3.mk" @ 1.6 log @nodejs18: updated to 18.14.2 Version 18.14.2 'Hydrogen' (LTS) Notable Changes - deps: upgrade npm to 9.5.0 (npm team) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2023/02/17 11:58:36 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.14.2 @ 1.5 log @nodejs18: updated to 18.14.1 Version 18.14.1 'Hydrogen' (LTS) This is a security release. Notable Changes The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2023/02/03 11:49:19 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.14.1 @ 1.4 log @nodejs18: updated to 18.14.0 Version 18.14.0 'Hydrogen' (LTS) Notable changes Updated npm to 9.3.1 Based on the list of guidelines we've established on integrating npm and node, here is a grouped list of the breaking changes with the reasoning as to why they fit within the guidelines linked above. Note that all the breaking changes were made in 9.0.0. All subsequent minor and patch releases after npm@@9.0.0 do not contain any breaking changes. Engines Explanation: the node engines supported by npm@@9 make it safe to allow npm@@9 as the default in any LTS version of 14 or 16, as well as anything later than or including 18.0.0 npm is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0 Filesystem Explanation: when run as root previous versions of npm attempted to manage file ownership automatically on the user's behalf. this behavior was problematic in many cases and has been removed in favor of allowing users to manage their own filesystem permissions npm will no longer attempt to modify ownership of files it creates. Auth Explanation: any errors thrown from users having unsupported auth configurations will show npm config fix in the remediation instructions, which will allow the user to automatically have their auth config fixed. The presence of auth related settings that are not scoped to a specific registry found in a config file is no longer supported and will throw errors. Login Explanation: the default auth-type has changed and users can opt back into the old behavior with npm config set auth-type=legacy. login and adduser have also been seperated making each command more closely match it's name instead of being aliases for each other. Legacy auth types sso, saml & legacy have been consolidated into "legacy". auth-type defaults to "web" login and adduser are now separate commands that send different data to the registry. auth-type config values web and legacy only try their respective methods, npm no longer tries them all and waits to see which one doesn't fail. Tarball Packing Explanation: previously using multiple ignore/allow lists when packing was an undefined behavior, and now the order of operations is strictly defined when packing a tarball making it easier to follow and should only affect users relying on the previously undefined behavior. npm pack now follows a strict order of operations when applying ignore rules. If a files array is present in the package.json, then rules in .gitignore and .npmignore files from the root will be ignored. Display/Debug/Timing Info Explanation: these changes center around the display of information to the terminal including timing and debug log info. We do not anticipate these changes breaking any existing workflows. Links generated from git urls will now use HEAD instead of master as the default ref. timing has been removed as a value for --loglevel. --timing will show timing information regardless of --loglevel, except when --silent. When run with the --timing flag, npm now writes timing data to a file alongside the debug log data, respecting the logs-dir option and falling back to /_logs/ dir, instead of directly inside the cache directory. The timing file data is no longer newline delimited JSON, and instead each run will create a uniquely named -timing.json file, with the portion being the same as the debug log. npm now outputs some json errors on stdout. Previously npm would output all json formatted errors on stderr, making it difficult to parse as the stderr stream usually has logs already written to it. Config/Command Deprecations or Removals Explanation: install-links is the only config or command in the list that has an effect on package installs. We fixed a number of issues that came up during prereleases with this change. It will also only be applied to new package trees created without a package-lock.json file. Any install with an existing lock file will not be changed. Deprecate boolean install flags in favor of --install-strategy. npm config set will no longer accept deprecated or invalid config options. install-links config defaults to "true". node-version config has been removed. npm-version config has been removed. npm access subcommands have been renamed. npm birthday has been removed. npm set-script has been removed. npm bin has been removed (use npx or npm exec to execute binaries). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2023/01/11 17:33:48 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.14.0 @ 1.3 log @nodejs18: updated to 18.13.0 Version 18.13.0 'Hydrogen' (LTS), @@danielleadams Notable changes Add support for externally shared js builtins By default Node.js is built so that all dependencies are bundled into the Node.js binary itself. Some Node.js distributions prefer to manage dependencies externally. There are existing build options that allow dependencies with native code to be externalized. This commit adds additional options so that dependencies with JavaScript code (including WASM) can also be externalized. This addition does not affect binaries shipped by the Node.js project but will allow other distributions to externalize additional dependencies when needed. Introduce File Support function mocking on Node.js test runner build: disable v8 snapshot compression by default (Joyee Cheung) crypto: update root certificates (Luigi Pinca) deps: update ICU to 72.1 (Michaël Zasso) doc: add doc-only deprecation for headers/trailers setters (Rich Trott) add Rafael to the tsc (Michael Dawson) deprecate use of invalid ports in url.parse (Antoine du Hamel) add lukekarrys to collaborators (Luke Karrys) add anonrig to collaborators (Yagiz Nizipli) deprecate url.parse() (Rich Trott) lib: drop fetch experimental warning (Matteo Collina) net: (SEMVER-MINOR) add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) src: (SEMVER-MINOR) add uvwasi version (Jithil P Ponnan) (SEMVER-MINOR) add initial shadow realm support (Chengzhong Wu) test_runner: (SEMVER-MINOR) add t.after() hook (Colin Ihrig) (SEMVER-MINOR) don't use a symbol for runHook() (Colin Ihrig) tls: (SEMVER-MINOR) add "ca" property to certificate object (Ben Noordhuis) remove trustcor root ca certificates (Ben Noordhuis) tools: update certdata.txt (Luigi Pinca) util: add fast path for utf8 encoding (Yagiz Nizipli) improve textdecoder decode performance (Yagiz Nizipli) (SEMVER-MINOR) add MIME utilities (Bradley Farias) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2022/12/03 20:53:31 adam Exp $ d3 1 a3 1 DISTNAME= node-v18.13.0 @ 1.2 log @nodejs18: disable dtrace, depend on nghttp3 and ngtcp2, revision bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2022/12/03 16:59:22 adam Exp $ d3 1 a3 2 DISTNAME= node-v18.12.1 PKGREVISION= 1 d22 1 a22 1 PYTHON_VERSIONS_INCOMPATIBLE= 27 311 d24 1 @ 1.1 log @nodejs18: moved from nodejs, version 18.2.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.247 2022/11/23 12:09:44 adam Exp $ d4 1 d18 2 d21 1 d54 1 d59 1 @