head 1.23; access; symbols pkgsrc-2026Q2:1.21.0.2 pkgsrc-2026Q2-base:1.21 pkgsrc-2026Q1:1.20.0.2 pkgsrc-2026Q1-base:1.20 pkgsrc-2025Q4:1.17.0.2 pkgsrc-2025Q4-base:1.17 pkgsrc-2025Q3:1.13.0.2 pkgsrc-2025Q3-base:1.13 pkgsrc-2025Q2:1.9.0.2 pkgsrc-2025Q2-base:1.9 pkgsrc-2025Q1:1.6.0.2 pkgsrc-2025Q1-base:1.6 pkgsrc-2024Q4:1.3.0.2 pkgsrc-2024Q4-base:1.3; locks; strict; comment @# @; 1.23 date 2026.06.24.14.17.21; author adam; state Exp; branches; next 1.22; commitid ynfUvNeQUrOuG3LG; 1.22 date 2026.06.22.08.56.20; author adam; state Exp; branches; next 1.21; commitid E8DWT7gMZ73mYLKG; 1.21 date 2026.05.22.08.06.31; author adam; state Exp; branches 1.21.2.1; next 1.20; commitid HddXy9BG3so2HMGG; 1.20 date 2026.03.25.16.40.16; author adam; state Exp; branches; next 1.19; commitid GFYeh6OanogLonzG; 1.19 date 2026.03.12.09.58.31; author adam; state Exp; branches; next 1.18; commitid LSLphwRc2NvPAFxG; 1.18 date 2026.01.14.19.08.19; author adam; state Exp; branches; next 1.17; commitid cAiZjyrcOG9btoqG; 1.17 date 2025.10.30.12.21.50; author adam; state Exp; branches; next 1.16; commitid idfJfMESVZVaFAgG; 1.16 date 2025.10.21.11.57.53; author adam; state Exp; branches; next 1.15; commitid emXg2bJ3bAKTOqfG; 1.15 date 2025.10.09.09.28.44; author adam; state Exp; branches; next 1.14; commitid BkZoN1XIPARJnSdG; 1.14 date 2025.09.29.18.25.00; author adam; state Exp; branches; next 1.13; commitid iY8KTZVz6mowFDcG; 1.13 date 2025.09.01.08.05.47; author adam; state Exp; branches; next 1.12; commitid wm9yCcJndXpP8Z8G; 1.12 date 2025.08.04.09.22.00; author adam; state Exp; branches; next 1.11; commitid QljoSzrtbB8Hso5G; 1.11 date 2025.07.17.07.24.21; author adam; state Exp; branches; next 1.10; commitid TjB5i721Teboo43G; 1.10 date 2025.06.30.16.31.39; author adam; state Exp; branches; next 1.9; commitid ouYAq0kef8rZXV0G; 1.9 date 2025.05.22.07.39.08; author adam; state Exp; branches; next 1.8; commitid EQ5tXExQaqtVgSVF; 1.8 date 2025.05.17.14.15.26; author adam; state Exp; branches; next 1.7; commitid WGKyMtyNJPgUCgVF; 1.7 date 2025.04.25.13.54.10; author adam; state Exp; branches; next 1.6; commitid 9aHAohF2B21odrSF; 1.6 date 2025.02.21.17.00.33; author adam; state Exp; branches; next 1.5; commitid dskjCcJ5Ea3RgmKF; 1.5 date 2025.01.22.11.00.28; author adam; state Exp; branches; next 1.4; commitid rZFDTrTOGuTgftGF; 1.4 date 2025.01.08.08.05.02; author adam; state Exp; branches; next 1.3; commitid wPZP99tzKj5XIEEF; 1.3 date 2024.12.04.09.13.26; author adam; state Exp; branches; next 1.2; commitid ObrA7BIABxl1eaAF; 1.2 date 2024.11.15.10.58.31; author adam; state Exp; branches; next 1.1; commitid swwcRZd9v83dqJxF; 1.1 date 2024.11.13.08.45.17; author adam; state Exp; branches; next ; commitid FmselcPyDWpaKsxF; 1.21.2.1 date 2026.07.13.13.40.46; author bsiegert; state Exp; branches; next ; commitid 8DPbjmq4EcvaSuNG; desc @@ 1.23 log @nodejs22: updated to 22.23.1 22.23.1 'Jod' (LTS) This release includes a fix for an unexpected behavior introduced by the recent security release (22.23.0). @ text @$NetBSD: distinfo,v 1.22 2026/06/22 08:56:20 adam Exp $ BLAKE2s (node-v22.23.1.tar.xz) = fd30e00c175c2fe475a00c2e6cf155c7d327d4106350979f543cf2d40b199299 SHA512 (node-v22.23.1.tar.xz) = 5eda22dae8b4724fa264b2f308966d87de914037b7cf675f045b3e0207acb8837e6ec4f6672985523b30ac918893a58f69e203dd6e698432ed31d3eb95f54a49 Size (node-v22.23.1.tar.xz) = 50507104 bytes SHA1 (patch-common.gypi) = 41fc3ddf9e43c0b0a3d6ef845e7ee2847f4e12ce SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf SHA1 (patch-deps_v8_src_base_platform_memory.h) = 0921b5eeecfe03b774f85a15628c559901e7fea8 SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1 SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8 SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 1ef988fe471cfcc49c45bdff7d9d64d07a7b0521 SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6 SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5 SHA1 (patch-deps_v8_src_heap_code-range.cc) = b281f76f4e3d8e562f596235049a6be7c5ff4de2 SHA1 (patch-deps_v8_tools_profiling_run-llprof.sh) = b19994d3195cc97424a3cc2ffd3ae02eacc6ffa8 SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa SHA1 (patch-src_compile__cache.cc) = 39a85bcb1ebe7c9bf7c431d6dc60dca5b9d63aaf SHA1 (patch-src_crypto_crypto__rsa.cc) = 84e5aa6e773d02dea56cb28ca0d45cf5c640a039 SHA1 (patch-src_inspector__agent.cc) = 3fd3d71f9d6013a6eb2a79e0442b31d2e2408a2f SHA1 (patch-src_node__postmortem__metadata.cc) = 9938482d724ad6636af5dc3fa719ec26ed8539ff SHA1 (patch-tools_gyp_pylib_gyp_generator_make.py) = bf48cd3b928797d347b8ad8344e3965ad11e5ea7 SHA1 (patch-tools_gyp_pylib_gyp_xcode__emulation.py) = 4ee24115f5e97ffbd23aaa6dc62f408d381d4e22 SHA1 (patch-tools_install.py) = ac296123fa498c7edee3a5735f2e24c862037813 SHA1 (patch-tools_v8_gypfiles_v8.gyp) = 8b1b0e2216f9e8025f8e623d5aa8af3f8d670804 @ 1.22 log @nodejs22: updated to 22.23.0 22.23.0 'Jod' (LTS) Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2026/05/22 08:06:31 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.23.0.tar.xz) = 192ec4a87ecba4119ae3a8de52e7f65b9285176fd996b6df1f44c7da07d9e333 SHA512 (node-v22.23.0.tar.xz) = bb8c7d03a616e0c45ff04df6ea377ff742ac99a6109cb1b441162dae0d9d52740701e0ac87f6d436de6b15216114e030453e99103e4e228f1401b392631a631d Size (node-v22.23.0.tar.xz) = 51343344 bytes @ 1.21 log @nodejs22: updated to 22.22.3 22.22.3 'Jod' (LTS) Bug fixes @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2026/03/25 16:40:16 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.22.3.tar.xz) = f9d9161faf78a8c477ab15c82652f362e6a43cfe5bf03d5d9187033a68723fad SHA512 (node-v22.22.3.tar.xz) = b5d3952772040c4de3865c147260a46fb53ab4e0fbf106172d4a2025de0ab02734bea91e4749d8937a20d70bd1b736a22447c308e34ef22dbfb51314328b83c2 Size (node-v22.22.3.tar.xz) = 51315600 bytes @ 1.21.2.1 log @Pullup ticket #7155 - requested by taca lang/nodejs22: security fix Revisions pulled up: - lang/nodejs22/Makefile 1.24 - lang/nodejs22/distinfo 1.22 --- Module Name: pkgsrc Committed By: adam Date: Mon Jun 22 08:56:21 UTC 2026 Modified Files: pkgsrc/lang/nodejs22: Makefile distinfo Log Message: nodejs22: updated to 22.23.0 22.23.0 'Jod' (LTS) Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (node-v22.23.0.tar.xz) = 192ec4a87ecba4119ae3a8de52e7f65b9285176fd996b6df1f44c7da07d9e333 SHA512 (node-v22.23.0.tar.xz) = bb8c7d03a616e0c45ff04df6ea377ff742ac99a6109cb1b441162dae0d9d52740701e0ac87f6d436de6b15216114e030453e99103e4e228f1401b392631a631d Size (node-v22.23.0.tar.xz) = 51343344 bytes @ 1.20 log @nodejs*: updated to 25.8.2, 24.14.1, 22.22.2, 20.20.2 Notable Changes (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2026/03/12 09:58:31 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.22.2.tar.xz) = 5a31d15c52eca6564f9296a543597703cddd6f36ba90065b1182a2e425151f9d SHA512 (node-v22.22.2.tar.xz) = 5a6af8f5cf5e8f61e01fc572db5454c5a5f213a2ee64d33523deba651261a7e4af93922602214b8f3b3eac9a4c169a1a8e0bde719cb38428862f69f568b24d54 Size (node-v22.22.2.tar.xz) = 51257208 bytes @ 1.19 log @nodejs22: updated to 22.22.1 22.22.1 'Jod' (LTS) Notable Changes - build: test on Python 3.14 (Christian Clauss) - cli: mark --heapsnapshot-near-heap-limit as stable (Joyee Cheung) - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) - doc: add avivkeller to collaborators (Aviv Keller) - doc: add gurgunday to collaborators (Gürgün Dayıoğlu) - meta: add Renegade334 to collaborators (Renegade334) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2026/01/14 19:08:19 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.22.1.tar.xz) = 7c8aa2904a5809636189d416e5482132218d02d27a33bc1fbe6b648a6a98512a SHA512 (node-v22.22.1.tar.xz) = 5222376b8af7cf0b9bfe801ce9e70f5d598f3497fad833cefc542a2f0a2c7d2d8ef93a9fb58394985a6d261006842138eb7bec7e2c1898468a23955a70e2f02f Size (node-v22.22.1.tar.xz) = 51271588 bytes @ 1.18 log @nodejs22: updated to 22.22.0 22.22.0 'Jod' (LTS) Notable Changes lib: (CVE-2025-59465) add TLSSocket default error handler (CVE-2025-55132) disable futimes when permission model is enabled lib,permission: (CVE-2025-55130) require full read and write to symlink APIs src: (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks src,lib: (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle tls: (CVE-2026-21637) route callback exceptions through error handlers @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2025/10/30 12:21:50 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.22.0.tar.xz) = a27c8c6a5c1d39a0e6e7d75d77190948256f22d13557b7c22e33715f23fe56de SHA512 (node-v22.22.0.tar.xz) = aa3d2fd4dd52649f5d9e7cb11b1d2261a5725fd1885b9bf48bb10770a9cbc16e8f69e28ea6d186b6c0bbac1b127a783e7239e9e63e1a5a973949aa9abecab3ea Size (node-v22.22.0.tar.xz) = 50902788 bytes a6 1 SHA1 (patch-configure) = a7325b6f208a23435105cbd89a5b024695572caf @ 1.17 log @nodejs22: updated to 22.21.1 22.21.1 'Jod' (LTS) Bug fixes @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2025/10/21 11:57:53 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.21.1.tar.xz) = 818654f742934cbd7f30fd1a3151d65354a9d953d3ff4b7d0c5b2c32f9ef00bd SHA512 (node-v22.21.1.tar.xz) = 6d3b7b25fb2d8f155ae887367f3ac2467d368049f1fe07767d29e69c95cdb25f0ec0b5825179db691942a877f04fbbaf22a86990354795d89194dd2854b84397 Size (node-v22.21.1.tar.xz) = 50151568 bytes @ 1.16 log @nodejs22: updated to 22.21.0 22.21.0 'Jod' (LTS) Notable Changes - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) - (SEMVER-MINOR) src: add percentage support to --max-old-space-size @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2025/10/09 09:28:44 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.21.0.tar.xz) = e45052df7855461261f7b114fd5679b191b90240538befbab0e71e88f5b2357a SHA512 (node-v22.21.0.tar.xz) = 51ee5e915ed63ef3dcbc04df2e03937e67cedf3a59a8ba038db3866aaf5395ee0b56be9ad1b63a3c303f60acd0a8853942068691adb8b6b3604ff08e5345920f Size (node-v22.21.0.tar.xz) = 50892568 bytes @ 1.15 log @nodejs22: fix build with Python 3.14 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2025/09/29 18:25:00 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.20.0.tar.xz) = 1a6de06795a60e9fe0bc793754f34840845715ecea9d2fec7e44ffa2504e54f4 SHA512 (node-v22.20.0.tar.xz) = 2f5287dc81e480f9b97775818b9f9717ebfb6e2c9ea4217cde22f9ac3d02f3c09c5e35384ddf2a310e5ba17cbb47182464a9fa6ff5c43a0cfd5a8a5eefe2ac90 Size (node-v22.20.0.tar.xz) = 50110384 bytes @ 1.14 log @nodejs22: updated to 22.20.0 22.20.0 'Jod' (LTS) Notable Changes OpenSSL updated to 3.5.2 For official Node.js builds, or builds using the default build configuration, Node.js now bundles OpenSSL 3.5.2. This update allows Node.js 22.x to be supported through to the planned End-of-Life date of 2027-04-30 as the previously bundled OpenSSL 3.0.x goes out of support in September 2026. This change does not affect third-party builds of Node.js that link to an external OpenSSL (or OpenSSL-compatible) library. Other notable changes - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) - doc: stabilize --disable-sigusr1 (Rafael Gonzaga) - doc: mark path.matchesGlob as stable (Aviv Keller) - (SEMVER-MINOR) http: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) - (SEMVER-MINOR) http2: add support for raw header arrays in h2Stream.respond() (Tim Perry) - inspector: add http2 tracking support (Darshan Sen) - (SEMVER-MINOR) sea: implement execArgvExtension (Joyee Cheung) - (SEMVER-MINOR) sea: support execArgv in sea config (Joyee Cheung) - (SEMVER-MINOR) stream: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) - (SEMVER-MINOR) test_runner: support object property mocking (Idan Goshen) - (SEMVER-MINOR) worker: add cpu profile APIs for worker (theanarkh) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2025/09/01 08:05:47 adam Exp $ d7 1 @ 1.13 log @nodejs22: updated to 22.19.0 22.19.0 'Jod' (LTS) Notable Changes - (SEMVER-MINOR) cli: add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) - (SEMVER-MINOR) cli: support ${pid} placeholder in --cpu-prof-name (Haram Jeong) - (SEMVER-MINOR) crypto: add tls.setDefaultCACertificates() (Joyee Cheung) - (SEMVER-MINOR) dns: support max timeout (theanarkh) - doc: update the instruction on how to verify releases (Antoine du Hamel) - (SEMVER-MINOR) esm: unflag --experimental-wasm-modules (Guy Bedford) - (SEMVER-MINOR) http: add server.keepAliveTimeoutBuffer option (Haram Jeong) - lib: docs deprecate _http_* (Sebastian Beltran) - (SEMVER-MINOR) net: update net.blocklist to allow file save and file management (alphaleadership) - (SEMVER-MINOR) process: add threadCpuUsage (Paolo Insogna) - (SEMVER-MINOR) zlib: add dictionary support to zstdCompress and zstdDecompress (lluisemper) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2025/08/04 09:22:00 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.19.0.tar.xz) = 80141574955c3e658335c63d8b405caa749444dacff54ba258e13e2825a2bfbd SHA512 (node-v22.19.0.tar.xz) = aefce510b74c9c9cc4bf4e68be1a8916b2e79e0382fedf1da5ec597cde7fd225501e76d1f024287b3b2b1c12139cc8020fcc4d6e4e96fba31cd17106de77f56a Size (node-v22.19.0.tar.xz) = 48853616 bytes @ 1.12 log @nodejs22: updated to 22.18.0 22.18.0 'Jod' (LTS) Notable Changes Type stripping is enabled by default Other notable changes - (SEMVER-MINOR) deps: update amaro to 1.1.0 (Node.js GitHub Bot) - (SEMVER-MINOR) doc: add all watch-mode related flags to node.1 (Dario Piotrowicz) - doc: add islandryu to collaborators (Shima Ryuhei) - (SEMVER-MINOR) esm: implement import.meta.main (Joe) - (SEMVER-MINOR) fs: allow correct handling of burst in fs-events with AsyncIterator (Philipp Dunkel) - (SEMVER-MINOR) permission: propagate permission model flags on spawn (Rafael Gonzaga) - (SEMVER-MINOR) sqlite: add support for readBigInts option in db connection level (Miguel Marcondes Filho) - (SEMVER-MINOR) src,permission: add support to permission.has(addon) (Rafael Gonzaga) - (SEMVER-MINOR) url: add fileURLToPathBuffer API (James M Snell) - (SEMVER-MINOR) watch: add --watch-kill-signal flag (Dario Piotrowicz) - (SEMVER-MINOR) worker: make Worker async disposable (James M Snell) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2025/07/17 07:24:21 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.18.0.tar.xz) = a065416bdb282c13e15a1c69ed967b7918f890e8c4db4f8a706bad78d1b6f9e3 SHA512 (node-v22.18.0.tar.xz) = f04133f03807f67dd77967204bbb25babd0b093b820c851225e75b8260d5e648f7462d629e67bff9c82b5c6995db6ba044a489daa1b84cc1cd445a87d28b4de4 Size (node-v22.18.0.tar.xz) = 48597780 bytes d13 1 a13 1 SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = bfe8972371ed0c4039bf3bf025d83b64ec508721 @ 1.11 log @nodejs22: updated to 22.17.1 22.17.1 'Jod' (LTS) Notable Changes (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize() @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2025/06/30 16:31:39 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.17.1.tar.xz) = 5126d3294dc732375d8ffd6755ac32e8cbb2e515928593cf5824622369e8b284 SHA512 (node-v22.17.1.tar.xz) = 17edb091d1ddf92c03a6e73cf393000a25b8dff3c0543bbe3912a24b4e3998a967fc0ed14640922eb54613ade455ae385346ab4191a4ab9a11ae1552fad87699 Size (node-v22.17.1.tar.xz) = 48453936 bytes @ 1.10 log @nodejs22: updated to 22.17.0 Version 22.17.0 'Jod' (LTS) ⚠️ Deprecations Instantiating node:http classes without new Constructing classes like IncomingMessage or ServerResponse without the new keyword is now discouraged. This clarifies API expectations and aligns with standard JavaScript behavior. It may warn or error in future versions. options.shell = "" in node:child_process Using an empty string for shell previously had undefined behavior. This change encourages explicit choices (e.g., shell: true or a shell path) and avoids relying on implementation quirks. HTTP/2 priority signaling The HTTP/2 prioritization API (e.g., stream.priority) is now deprecated due to poor real-world support. Applications should avoid using priority hints and expect future removal. ✅ Features graduated to stable assert.partialDeepStrictEqual() This method compares only a subset of properties in deep object comparisons, useful for flexible test assertions. Its stabilization means it's now safe for general use and won't change unexpectedly in future releases. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2025/05/22 07:39:08 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.17.0.tar.xz) = 627ecef8b1852420f2dd762a94a04d38ef0a250513d96ab9d2b09cfac405ed73 SHA512 (node-v22.17.0.tar.xz) = e42a6adf3246dcc1aefec8c28b2406b0c759bf901c03888455c3c4cf83043e783f0a7d8de99285858f5beddc8ac94fef59550e0501a7d8c64ab90781040f3a44 Size (node-v22.17.0.tar.xz) = 48823936 bytes @ 1.9 log @nodejs22: updated to 22.16.0 Version 22.16.0 'Jod' (LTS) Notable Changes - deps: update timezone to 2025b (Node.js GitHub Bot) - doc: add dario-piotrowicz to collaborators (Dario Piotrowicz) - (SEMVER-MINOR) doc: graduate multiple experimental apis (James M Snell) - (SEMVER-MINOR) esm: graduate import.meta properties (James M Snell) - (SEMVER-MINOR) esm: support top-level Wasm without package type (Guy Bedford) - (SEMVER-MINOR) sqlite: add StatementSync.prototype.columns() (Colin Ihrig) - (SEMVER-MINOR) src: set default config as node.config.json (Marco Ippolito) - (SEMVER-MINOR) src: create THROW_ERR_OPTIONS_BEFORE_BOOTSTRAPPING (Marco Ippolito) - (SEMVER-MINOR) src: add config file support (Marco Ippolito) - (SEMVER-MINOR) src: add ExecutionAsyncId getter for any Context (Attila Szegedi) - (SEMVER-MINOR) stream: preserve AsyncLocalStorage context in finished() (Gürgün Dayıoğlu) - (SEMVER-MINOR) util: add types.isFloat16Array() (Livia Medeiros) - (SEMVER-MINOR) worker: add worker.getHeapStatistics() (Matteo Collina) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2025/05/17 14:15:26 adam Exp $ d3 4 a6 4 BLAKE2s (node-v22.16.0.tar.xz) = ba0d5b292003448e4073eb649a16cd236952d1682c0093e63091e50da45c97ed SHA512 (node-v22.16.0.tar.xz) = 8d33efd7d6e15b212d0a24483f751705935ab8a0124c695103e96cd806b8c76d4639ac53bd4abf09e3e636ff301eba3546ead447e5e881a51ca87a72ab26e004 Size (node-v22.16.0.tar.xz) = 48547612 bytes SHA1 (patch-common.gypi) = a4dd4ba7e0dfd5838d7241e35447617bdc0f93df @ 1.8 log @nodejs22: updated to 22.15.1 22.15.1 'Jod' (LTS) Notable Changes (CVE-2025-23166) fix error handling on async crypto operation (CVE-2025-23165) add missing call to uv_fs_req_cleanup @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2025/04/25 13:54:10 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.15.1.tar.xz) = 44119f8342aca0656a4e45d71157cdfe337dc15935fe02a0fb422c1994635cde SHA512 (node-v22.15.1.tar.xz) = fcc15ecfcfd0d067ad3985809a2f2cfe47549aba715dcd88183ae01a77e8389d0ec57a1d9022107639b7cb4fc6a0b6bd4aa461f325e42cd8334dfaad633b7ba3 Size (node-v22.15.1.tar.xz) = 48443648 bytes @ 1.7 log @nodejs22: updated to 22.15.0 22.15.0 'Jod' (LTS) Notable Changes - (SEMVER-MINOR) assert: implement partial error comparison (Ruben Bridgewater) - (SEMVER-MINOR) assert: improve partialDeepStrictEqual (Ruben Bridgewater) - (SEMVER-MINOR) cli: allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) - (SEMVER-MINOR) crypto: support --use-system-ca on Windows (Joyee Cheung) - (SEMVER-MINOR) crypto: added support for reading certificates from macOS system store (Tim Jacomb) - deps: update timezone to 2025a (Node.js GitHub Bot) - (SEMVER-MINOR) deps,tools: add zstd 1.5.6 (Jan Martin) - (SEMVER-MINOR) dns: add TLSA record query and parsing (Rithvik Vibhu) - doc: add @@geeksilva97 to collaborators (Edy Silva) - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) - (SEMVER-MINOR) module: implement module.registerHooks() (Joyee Cheung) - (SEMVER-MINOR) process: add execve (Paolo Insogna) - (SEMVER-MINOR) sqlite: allow returning ArrayBufferViews from user-defined functions (René) - (SEMVER-MINOR) tls: implement tls.getCACertificates() (Joyee Cheung) - (SEMVER-MINOR) util: expose diff function used by the assertion errors (Giovanni Bucci) - (SEMVER-MINOR) v8: add v8.getCppHeapStatistics() method (Aditi) - (SEMVER-MINOR) zlib: add zstd support @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2025/02/21 17:00:33 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.15.0.tar.xz) = 3daa9e55e914f1549db3a77ef0cd032f0624b79dd64e3a2a8b8f1d5680d87454 SHA512 (node-v22.15.0.tar.xz) = ebe23100c69e8b33e892f32d9adcbd73123294bc74392ca845021a3524af04cfbcc295673e796ffe9ff1b9f23fad1e95b37dc02df3c68b1b6ce54c224d2588e4 Size (node-v22.15.0.tar.xz) = 48453184 bytes @ 1.6 log @nodejs22: updated to 22.14.0 Version 22.14.0 'Jod' (LTS) Notable Changes - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2025/01/22 11:00:28 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.14.0.tar.xz) = 10713468f02ff38b80796698f359e9494e469f39bf372787bbc503836b6a8014 SHA512 (node-v22.14.0.tar.xz) = 5a7854f51e6d969799e104b784a37027c20980058de0a19e2257daf0af036655526da01a9f7ea233c61a51e76faa533a3153bd1bb46f3d2832d96a8002689a98 Size (node-v22.14.0.tar.xz) = 47753700 bytes @ 1.5 log @nodejs22: updated to 22.13.1 Version 22.13.1 'Jod' (LTS) Notable Changes CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High) CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency update: CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2025/01/08 08:05:02 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.13.1.tar.xz) = 3e531bd0fb4cc7e7888b7d08495dea60008cdfc1690250172acea5096fe572a6 SHA512 (node-v22.13.1.tar.xz) = 711fbeacceec16b8808e5a41ead496347fee2304fc6ce095ad26c4413f52253c9f3a6cd78080e808c03c3dbe958d64359d2d6bb97a51e1b41e1cff903ce2aeb5 Size (node-v22.13.1.tar.xz) = 48041964 bytes d23 1 a23 1 SHA1 (patch-src_crypto_crypto__rsa.cc) = 9ffd8de2fac76014696c8dfac7ba200eab56f6f6 @ 1.4 log @nodejs22: updated to 22.13.0 Version 22.13.0 'Jod' (LTS) Stabilize Permission Model Graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2024/12/04 09:13:26 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.13.0.tar.xz) = f98a0ca284b3d636eae11b4411cbacb33b077f1757134ae2749915d76fe6252e SHA512 (node-v22.13.0.tar.xz) = 2d85588a37484fdcbadcf540224b75e9b7d78a62327c098c62a7a716735a54cd7447b514b275225ce782d406a528c96b508424278ed849ccd96ada69074056a2 Size (node-v22.13.0.tar.xz) = 47681488 bytes @ 1.3 log @nodejs22: updated to 22.12.0 Version 22.12.0 'Jod' (LTS) Notable Changes require(esm) is now enabled by default Added resizable ArrayBuffer support in Buffer Update root certificates to NSS 3.104 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2024/11/15 10:58:31 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.12.0.tar.xz) = f60c595dbdef63ecba21336da86860f7ae4d607b7d03aa4883699eb48b756555 SHA512 (node-v22.12.0.tar.xz) = 1d906ffa0c187d5c405b1bb0db6a01fcc9eb94ceb0a18e013129d81201d5ea68a57a7ac954383a5fd36f78fcd9f43cfd1cda1eaf0a2dd2fe0e988d752511d8f7 Size (node-v22.12.0.tar.xz) = 47625776 bytes @ 1.2 log @nodejsNN: fix building with ICU 76 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2024/11/13 08:45:17 adam Exp $ d3 3 a5 3 BLAKE2s (node-v22.11.0.tar.xz) = 4c7c455d840d56e5e90aefb3843819d40db56b6d9da551648ec4ed0df85072f3 SHA512 (node-v22.11.0.tar.xz) = f81f0d4a9606d14fcbfb8b73489f156bbbdfa5ece7a8c4036c1887df768324dc58c91b87367c6631b8a96d19fb0d7cd1414fb90ef1bc7b27f07c40f0480a0e8d Size (node-v22.11.0.tar.xz) = 47006780 bytes a6 1 SHA1 (patch-configure.py) = 983ed01cce632bc286e34c5845e338bf1128f99f @ 1.1 log @nodejs: updated to 23.2.0 Version 23.2.0 (Current) Notable Changes Update root certificates to NSS 3.104 This is the version of NSS that shipped in Firefox 131.0 on 2024-10-01. Certificates added: FIRMAPROFESIONAL CA ROOT-A WEB TWCA CYBER Root CA SecureSign Root CA12 SecureSign Root CA14 SecureSign Root CA15 Other notable changes - doc: move typescript support to active development (Marco Ippolito) - doc: add jazelly to collaborators (Jason Zhang) - (SEMVER-MINOR) fs: make dirent.path writable (Antoine du Hamel) - (SEMVER-MINOR) http: add diagnostic channel http.client.request.created (Marco Ippolito) - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) - (SEMVER-MINOR) module: add module.stripTypeScriptTypes (Marco Ippolito) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.273 2024/10/31 09:01:48 adam Exp $ d7 1 @