Mirror of packages feed https://git.openwrt.org/feed/packages/atom?h=master 2025-03-15T06:36:29Z 2025-03-15T06:36:29Z Hirokazu MORIKAWA 2025-03-10T00:29:09Z urn:sha1:853ea061b842eb8ad1d2a2c3252dca61086a7866 https://github.com/openwrt/packages/issues/26078 As a result of the discussion in this thread, the node.js package was changed to hostpkg only.
In addition, this fix uses the pre-built version distributed on nodejs. The use of pre-build is based on the suggestion of @artynet. The packages in the node module are successfully built, but the target node.js itself cannot be provided, so it cannot be used. Yarn, which is used in packages for web front ends, etc., can be used without any problems. Support for host builds other than linux x86_64. Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> 2025-02-17T10:51:17Z Hirokazu MORIKAWA 2025-02-17T04:06:16Z urn:sha1:21200cd0832e4b367159064ab94c4908b5b8eccc Notable Changes [82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #56566 [b7fe54fc88] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #56489 [3ac92ef607] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #56359 [1614e8e7bc] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #56610 [6d6cffa9cc] - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) #55412 [d35333ae18] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #56400 [07ff3ddcb5] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #56385 [94d3fe1b62] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #56441 [5afffb4415] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #56469 [697a851fb3] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #56595 [047537b48c] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #56459 [926cf84e95] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #56434 [c658a8afdf] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #56394 Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> 2025-01-24T07:55:15Z Hirokazu MORIKAWA 2025-01-23T05:27:18Z urn:sha1:643afd8977be40464ec2aed66972a754aa2585ac This is a security release. Notable Changes CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High) CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency update: CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> 2024-11-23T09:02:23Z Hirokazu MORIKAWA 2024-11-23T05:51:28Z urn:sha1:af7183fc30c6f1523571f0c5d4fb853568a73da1 Upgrade Version 22.11.0 'Jod' (LTS) Notable Changes This release marks the transition of Node.js 22.x into Long Term Support (LTS) with the codename 'Jod'. The 22.x release line now moves into "Active LTS" and will remain so until October 2025. After that time, it will move into "Maintenance" until end of life in April 2027. Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> 2024-08-27T08:04:53Z Hirokazu MORIKAWA 2024-08-26T02:26:15Z urn:sha1:0d50f273b23c5fda819264914f63db514d7e7ba8 Notable Changes module: support require()ing synchronous ESM graphs path: add matchesGlob method stream: expose DuplexPair API Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> 2024-05-14T12:01:33Z Hirokazu MORIKAWA 2024-05-14T09:08:46Z urn:sha1:fe8b0e85afe0870378c91fc732015db4a9c9c388 Update to v20.13.1 Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> 2024-04-07T10:01:08Z Hirokazu MORIKAWA 2024-04-07T02:34:45Z urn:sha1:ca3209a3b35cd80de39f9f4f2a263211191807cb This is a security release Notable Changes * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium) * llhttp version 9.2.1 * undici version 5.28.4 Changed to use gz according to main-snapshot Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> 2023-11-30T04:57:55Z Hirokazu MORIKAWA 2023-11-27T23:04:13Z urn:sha1:41e500535cade1552d65e040e723c0353059f481 Notable Changes * --experimental-default-type flag to flip module defaults * Detect ESM syntax in ambiguous JavaScript * New flush option in file system functions * Experimental WebSocket client * vm: fix V8 compilation cache support for vm.Script Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> 2023-11-01T16:25:22Z Hirokazu MORIKAWA 2023-11-01T01:03:48Z urn:sha1:3e51eef14c3be57d1a5ac3c1ecd4150aa5d8e639 node.js version 20.x is now active LTS. mipsel (pistachio) is no longer supported. Due to build difficulties, libuv shared libraries are not used. Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> 2023-06-21T02:27:48Z Hirokazu MORIKAWA 2023-06-21T02:27:48Z urn:sha1:286d1d11ae451e9e90897aacd7ae20ec76e2cab5 Update to v18.16.1 The following CVEs are fixed in this release: * CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium) * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium) * CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium) * OpenSSL Security Releases (Depends on shared library provided by OpenWrt) * OpenSSL security advisory 28th March. * OpenSSL security advisory 20th April. * OpenSSL security advisory 30th May * c-ares vulnerabilities: (Depends on shared library provided by OpenWrt) * GHSA-9g78-jv2r-p7vc * GHSA-8r8p-23f3-64c2 * GHSA-54xr-f67r-4pc4 * GHSA-x6mf-cxr9-8q6v Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>