--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-8eb9c9fdf1
2023-03-06 02:14:15.000080
--------------------------------------------------------------------------------
Name : nodejs18
Product : Fedora 37
Version : 18.14.2
Release : 5.fc37
URL :
http://nodejs.org/
Summary : JavaScript runtime
Description :
Node.js is a platform built on Chrome's JavaScript runtime \
for easily building fast, scalable network applications. \
Node.js uses an event-driven, non-blocking I/O model that \
makes it lightweight and efficient, perfect for data-intensive \
real-time applications that run across distributed devices.}
--------------------------------------------------------------------------------
Update Information:
## 2023-02-21, Version 18.14.2 'Hydrogen' (LTS), @MylesBorins ### Notable
Changes * \[[`f864bef32a`](https://github.com/nodejs/node/commit/f864bef32a)] -
**deps**: upgrade npm to 9.5.0 (npm team)
[#46673](https://github.com/nodejs/node/pull/46673) ### Commits *
\[[`880a65d7ff`](https://github.com/nodejs/node/commit/880a65d7ff)] - **build**:
delete `snapshot.blob` file from the project (Juan Jos�� Arboleda)
[#46626](https://github.com/nodejs/node/pull/46626) *
\[[`cbea56efda`](https://github.com/nodejs/node/commit/cbea56efda)] - **deps**:
update undici to 5.20.0 (Node.js GitHub Bot)
[#46711](https://github.com/nodejs/node/pull/46711) *
\[[`f864bef32a`](https://github.com/nodejs/node/commit/f864bef32a)] - **deps**:
upgrade npm to 9.5.0 (npm team)
[#46673](https://github.com/nodejs/node/pull/46673) *
\[[`648041d568`](https://github.com/nodejs/node/commit/648041d568)] - **deps**:
upgrade npm to 9.4.0 (npm team)
[#46353](https://github.com/nodejs/node/pull/46353) *
\[[`5e1f213f3c`](https://github.com/nodejs/node/commit/5e1f213f3c)] - **deps**:
patch V8 to 10.2.154.26 (Micha��l Zasso)
[#46446](https://github.com/nodejs/node/pull/46446) <a
id="18.14.1"></a> ##
2023-02-16, Version 18.14.1 'Hydrogen' (LTS), @RafaelGSS prepared by @juanarbol
This is a security release. ### Notable Changes The following CVEs are fixed
in this release: * **[CVE-2023-23918](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2023-23918)**: Node.js Permissions policies can be
bypassed via process.mainModule (High) *
**[CVE-2023-23919](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2023-23919)**: Node.js OpenSSL error handling issues in
nodejs crypto library (Medium) * **[CVE-2023-23936](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2023-23936)**: Fetch API in Node.js did not protect
against CRLF injection in host headers (Medium) *
**[CVE-2023-24807](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2023-24807)**: Regular Expression Denial of Service in
Headers in Node.js fetch API (Low) *
**[CVE-2023-23920](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2023-23920)**: Node.js insecure loading of ICU data
through ICU\_DATA environment variable (Low) More detailed information on each
of the vulnerabilities can be found in [February 2023 Security
Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-
releases/) blog post. This security release includes OpenSSL security updates
as outlined in the recent [OpenSSL security
advisory](https://www.openssl.org/news/secadv/20230207.txt). ### Commits *
\[[`8393ebc72d`](https://github.com/nodejs/node/commit/8393ebc72d)] - **build**:
build ICU with ICU\_NO\_USER\_DATA\_OVERRIDE (RafaelGSS) [nodejs-private/node-
private#379](https://github.com/nodejs-private/node-private/pull/379) *
\[[`004e34d046`](https://github.com/nodejs/node/commit/004e34d046)] -
**crypto**: clear OpenSSL error on invalid ca cert (RafaelGSS)
[#46572](https://github.com/nodejs/node/pull/46572) *
\[[`5e0142a852`](https://github.com/nodejs/node/commit/5e0142a852)] - **deps**:
cherry-pick Windows ARM64 fix for openssl (Richard Lau)
[#46572](https://github.com/nodejs/node/pull/46572) *
\[[`f71fe278a6`](https://github.com/nodejs/node/commit/f71fe278a6)] - **deps**:
update archs files for quictls/openssl-3.0.8+quic (RafaelGSS)
[#46572](https://github.com/nodejs/node/pull/46572) *
\[[`2c6817e42b`](https://github.com/nodejs/node/commit/2c6817e42b)] - **deps**:
upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS)
[#46572](https://github.com/nodejs/node/pull/46572) *
\[[`f0afa0bfe5`](https://github.com/nodejs/node/commit/f0afa0bfe5)] - **deps**:
update undici to 5.19.1 (Node.js GitHub Bot)
[#46634](https://github.com/nodejs/node/pull/46634) *
\[[`c26a34c13e`](https://github.com/nodejs/node/commit/c26a34c13e)] - **deps**:
update undici to 5.18.0 (Node.js GitHub Bot)
[#46634](https://github.com/nodejs/node/pull/46634) *
\[[`db93ee4a15`](https://github.com/nodejs/node/commit/db93ee4a15)] - **deps**:
update undici to 5.17.1 (Node.js GitHub Bot)
[#46634](https://github.com/nodejs/node/pull/46634) *
\[[`b4e49fb02c`](https://github.com/nodejs/node/commit/b4e49fb02c)] - **deps**:
update undici to 5.16.0 (Node.js GitHub Bot)
[#46634](https://github.com/nodejs/node/pull/46634) *
\[[`90994e6a2c`](https://github.com/nodejs/node/commit/90994e6a2c)] - **deps**:
update undici to 5.15.1 (Node.js GitHub Bot)
[#46634](https://github.com/nodejs/node/pull/46634) *
\[[`00302fc7ac`](https://github.com/nodejs/node/commit/00302fc7ac)] - **deps**:
update undici to 5.15.0 (Node.js GitHub Bot)
[#46634](https://github.com/nodejs/node/pull/46634) *
\[[`0e3b796cc5`](https://github.com/nodejs/node/commit/0e3b796cc5)] - **lib**:
makeRequireFunction patch when experimental policy (RafaelGSS) [nodejs-
private/node-private#371](https://github.com/nodejs-private/node-
private/pull/371) *
\[[`7cccd5565f`](https://github.com/nodejs/node/commit/7cccd5565f)] -
**policy**: makeRequireFunction on mainModule.require (RafaelGSS) [nodejs-
private/node-private#371](https://github.com/nodejs-private/node-
private/pull/371)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 1 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.14.2-5
- template: Re-sync from nodejs20
* Thu Feb 23 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.14.2-4
- Also drop patch from specfile
* Thu Feb 23 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.14.2-3
- Drop unneeded patch
* Tue Feb 21 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.14.2-2
- Update to latest version of nodejs-sources.sh
* Tue Feb 21 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.14.2-1
- Update to 18.14.2
* Fri Feb 17 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.14.1-1
- Update to v18.14.1
-
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#
18.14.1
- packaging: Drop vestigial package.cfg file.
- packaging: Fix spec template
- packaging: Make nodejs-sources.sh clean up after itself
* Fri Jan 27 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.13.0-8
- Set Node.js 18.x as the default for RHEL 10
* Mon Jan 23 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.13.0-7
- sources: Fix typo preventing upload
* Mon Jan 23 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.13.0-6
- sources: Use spec template for ICU URL
* Mon Jan 23 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.13.0-5
- Fix important typo
* Mon Jan 23 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.13.0-4
- Fix v8 symlinks
* Mon Jan 23 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.13.0-3
- Rework nodejs-sources.sh
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:18.13.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 16 2023 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.13.0-1
- Update to 18.13.0
* Tue Dec 13 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.12.1-6
- Disable gating for now
* Mon Dec 12 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.12.1-5
- Use requires instead of conflicts for -docs
* Mon Dec 12 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.12.1-4
- Add pretrans scriptlet for node_modules
* Mon Dec 12 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.12.1-3
- Add proper npm obsoletes
* Mon Dec 12 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.12.1-2
- Drop redundant default definition
* Mon Dec 12 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.12.1-1
- Enable parallel-installation
* Fri Jun 17 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.4.0-1
- Update to Node.js 18.4.0
-
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.m...
* Thu Jun 9 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.3.0-2
- Fix conflict between x86_64 and i686 installs of nodejs-devel
* Tue Jun 7 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.3.0-1
- Update to Node.js 18.3.0
-
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.m...
* Tue May 17 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.2.0-1
- Update to Node.js 18.2.0
-
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.m...
* Fri May 6 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.1.0-2
- Fix incorrect epoch in v8-devel dependency
* Thu May 5 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.1.0-1
- Update to Node.js 18.1.0
-
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.m...
* Thu Apr 28 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:18.0.0-1
- First release of Node.js 18.x
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-8eb9c9fdf1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------