node-radius
node-radius copied to clipboard
Published
20 hours ago •
retailnext
retailnext
Update dependency node to 4.9
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| node (source) | minor | 4.3 -> 4.9 |
Release Notes
nodejs/node (node)
v4.9.1: 2018-03-29, Version 4.9.1 'Argon' (Maintenance), @MylesBorins
Notable Changes
No additional commits.
Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the latest releases for PPC little endian were built using GCC 4.9.X instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based environments. This has been fixed in our infrastructure and we are doing this release to ensure that the hosted binaries are adhering to our platform support contract.
v4.9.0: 2018-03-28, Version 4.9.0 'Argon' (Maintenance), @MylesBorins
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
- CVE-2018-7158
- CVE-2018-7159
Notable Changes
- Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that are known to impact Node.js.
-
Fix for
'path'module regular expression denial of service (CVE-2018-7158): A regular expression used for parsing POSIX an Windows paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted'path'module functions. -
Reject spaces in HTTP
Content-Lengthheader values (CVE-2018-7159): The Node.js HTTP parser allowed for spaces insideContent-Lengthheader values. Such values now lead to rejected connections in the same way as non-numeric values. - Update root certificates: 5 additional root certificates have been added to the Node.js binary and 30 have been removed.
Commits
- [
497ff3cd4f] - crypto: update root certificates (Ben Noordhuis) #19322 - [
514709e41f] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836 - [
5108108606] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389 - [
d67d0a63d9] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389 - [
6af057ecc8] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #19638 - [
b50cd3359d] - deps: upgrade openssl sources to 1.0.2o (Shigeki Ohtsu) #19638 - [
da6e24c8d6] - deps: reject interior blanks in Content-Length (Ben Noordhuis) nodejs-private/http-parser-private#1 - [
7ebc9981e0] - deps: upgrade http-parser to v2.8.0 (Ben Noordhuis) nodejs-private/http-parser-private#1 - [
6fd2cc93a6] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389 - [
bf00665af6] - path: unwind regular expressions in Windows (Myles Borins) - [
4196fcf23e] - path: unwind regular expressions in POSIX (Myles Borins) - [
625986b699] - src: drop CNNIC+StartCom certificate whitelisting (Ben Noordhuis) #19322 - [
ebc46448a4] - tools: update certdata.txt (Ben Noordhuis) #19322
v4.8.7: 2017-12-08, Version 4.8.7 'Argon' (Maintenance), @MylesBorins
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
- CVE-2017-15896
- CVE-2017-3738 (from the openssl project)
Notable Changes
-
deps:
- openssl updated to 1.0.2n (Shigeki Ohtsu) #17526
Commits
- [
4f8fae3493] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #17526 - [
eacd090e7b] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836 - [
3e6b0b0d13] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389 - [
b0ed4c52af] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389 - [
dd6a2dff1e] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #17526 - [
b3afedfbe9] - deps: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) #17526 - [
f7eb162d0d] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
v4.8.6: 2017-11-07, Version 4.8.6 'Argon' (Maintenance), @MylesBorins
This Maintenance release comes with 47 commits. This includes 26 commits which are updates to dependencies, 8 which are build / tool related, 4 which are doc related, and 2 which are test related.
This release includes a security update to openssl that has been deemed low severity for the Node.js project.
Notable Changes
- crypto:
- deps:
Commits
- [
e064ae62e4] - build: fix make test-v8 (Ben Noordhuis) #15562 - [
a7f7a87a1b] - build: run test-hash-seed at the end of test-v8 (Michaël Zasso) #14219 - [
05e8b1b7d9] - build: codesign tarball binary on macOS (Evan Lucas) #14179 - [
e2b6fdf93e] - build: avoid /docs/api and /docs/doc/api upload (Rod Vagg) #12957 - [
59d35c0775] - build,tools: do not force codesign prefix (Evan Lucas) #14179 - [
210fa72e9e] - crypto: update root certificates (Ben Noordhuis) #13279 - [
752b46a259] - crypto: update root certificates (Ben Noordhuis) #12402 - [
3640ba4acb] - crypto: clear err stack after ECDH::BufferToPoint (Ryan Kelly) #13275 - [
545235fc4b] - deps: add missing #include "unicode/normlzr.h" (Bruno Pagani) #13040 - [
ea09a1c3e6] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691 - [
68661a95b5] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836 - [
bdcb2525fb] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389 - [
3f93ffee89] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389 - [
16fbd9da0d] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691 - [
55e15ec820] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691 - [
9c3e246ffe] - deps: backport4e18190from V8 upstream (jshin) #15562 - [
43d1ac3a62] - deps: backportbff3074from V8 upstream (Myles Borins) #15562 - [
b259fd3bd5] - deps: cherry pickd7f813bfrom V8 upstream (akos.palfi) #15562 - [
85800c4ba4] - deps: backporte28183bfrom upstream V8 (karl) #15562 - [
06eb181916] - deps: update openssl asm and asm_obsolete files (Daniel Bevenius) #13233 - [
c0fe1fccc3] - deps: update openssl config files (Daniel Bevenius) #13233 - [
523eb60424] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836 - [
0aacd5a8cd] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389 - [
80c48c0720] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389 - [
bbd92b4676] - deps: copy all openssl header files to include dir (Daniel Bevenius) #13233 - [
8507f0fb5d] - deps: upgrade openssl sources to 1.0.2l (Daniel Bevenius) #13233 - [
9bfada8f0c] - deps: add example of comparing OpenSSL changes (Daniel Bevenius) #13234 - [
71f9cdf241] - deps: cherry-pick09db540,686558d from V8 upstream (Jesse Rosenberger) #14829 - [
751f1ac08e] - Revert "deps: backporte093a04,09db540from upstream V8" (Jesse Rosenberger) #14829 - [
ed6298c7de] - deps: cherry-pick18ea996from c-ares upstream (Anna Henningsen) #13883 - [
639180adfa] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #12913 - [
9ba73e1797] - deps: cherry-pick4ae5993from upstream OpenSSL (Shigeki Ohtsu) #12913 - [
f8e282e51c] - doc: fix typo in zlib.md (Luigi Pinca) #16480 - [
532a2941cb] - doc: add missing make command to UPGRADING.md (Daniel Bevenius) #13233 - [
1db33296cb] - doc: add entry for subprocess.killed property (Rich Trott) #14578 - [
0fa09dfd77] - doc: changechildtosubprocess(Rich Trott) #14578 - [
43bbfafaef] - docs: Fix broken links in crypto.md (Zuzana Svetlikova) #15182 - [
1bde7f5cef] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389 - [
e69f47b686] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389 - [
cb92f93cd5] - test: remove internal headers from addons (Gibson Fahnestock) #7947 - [
5d9164c315] - test: move test-cluster-debug-port to sequential (Oleksandr Kushchak) #16292 - [
07c912e849] - tools: update certdata.txt (Ben Noordhuis) #13279 - [
c40bffcb88] - tools: update certdata.txt (Ben Noordhuis) #12402 - [
161162713f] - tools: be explicit about including key-id (Myles Borins) #13309 - [
0c820c092b] - v8: fix stack overflow in recursive method (Ben Noordhuis) #12460 - [
a1f992975f] - zlib: fix crash when initializing failed (Anna Henningsen) #14666 - [
31bf595b94] - zlib: fix node crashing on invalid options (Alexey Orlenko) #13098
v4.8.5: Version 4.8.5 'Argon' (Maintenance), @MylesBorins
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities.
Notable Changes
-
zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95
Commits
- [
f5defa2a7c] - zlib: gracefully set windowBits from 8 to 9 (Myles Borins) nodejs-private/node-private#95
v4.8.4
v4.8.3
v4.8.2
v4.8.1
v4.8.0
v4.7.3
v4.7.2
v4.7.1
v4.7.0
v4.6.2
v4.6.1
v4.6.0
v4.5.0
v4.4.7
v4.4.6
v4.4.5
v4.4.4
v4.4.3
v4.4.2
v4.4.1
v4.4.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}