Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.5
->4.9
Release Notes
nodejs/node
v4.9.1
Compare Source
Notable Changes
No additional commits.
Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the latest releases for PPC little
endian were built using GCC 4.9.X instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are doing this release to ensure that
the hosted binaries are adhering to our platform support contract.
v4.9.0
Compare Source
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
Notable Changes
'path'
module regular expression denial of service (CVE-2018-7158): A regular expression used for parsing POSIX an Windows paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted'path'
module functions.Content-Length
header values (CVE-2018-7159): The Node.js HTTP parser allowed for spaces insideContent-Length
header values. Such values now lead to rejected connections in the same way as non-numeric values.Commits
497ff3cd4f
] - crypto: update root certificates (Ben Noordhuis) #19322514709e41f
] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#18365108108606
] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389d67d0a63d9
] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#13896af057ecc8
] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #19638b50cd3359d
] - deps: upgrade openssl sources to 1.0.2o (Shigeki Ohtsu) #19638da6e24c8d6
] - deps: reject interior blanks in Content-Length (Ben Noordhuis) nodejs-private/http-parser-private#17ebc9981e0
] - deps: upgrade http-parser to v2.8.0 (Ben Noordhuis) nodejs-private/http-parser-private#16fd2cc93a6
] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389bf00665af6
] - path: unwind regular expressions in Windows (Myles Borins)4196fcf23e
] - path: unwind regular expressions in POSIX (Myles Borins)625986b699
] - src: drop CNNIC+StartCom certificate whitelisting (Ben Noordhuis) #19322ebc46448a4
] - tools: update certdata.txt (Ben Noordhuis) #19322v4.8.7
Compare Source
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
Notable Changes
Commits
4f8fae3493
] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #17526eacd090e7b
] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#18363e6b0b0d13
] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389b0ed4c52af
] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389dd6a2dff1e
] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #17526b3afedfbe9
] - deps: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) #17526f7eb162d0d
] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389v4.8.6
Compare Source
This Maintenance release comes with 47 commits. This includes 26 commits which are updates to dependencies,
8 which are build / tool related, 4 which are doc related, and 2 which are test related.
This release includes a security update to openssl that has been deemed low severity for the Node.js project.
Notable Changes
Commits
e064ae62e4
] - build: fix make test-v8 (Ben Noordhuis) #15562a7f7a87a1b
] - build: run test-hash-seed at the end of test-v8 (Michaël Zasso) #1421905e8b1b7d9
] - build: codesign tarball binary on macOS (Evan Lucas) #14179e2b6fdf93e
] - build: avoid /docs/api and /docs/doc/api upload (Rod Vagg) #1295759d35c0775
] - build,tools: do not force codesign prefix (Evan Lucas) #14179210fa72e9e
] - crypto: update root certificates (Ben Noordhuis) #13279752b46a259
] - crypto: update root certificates (Ben Noordhuis) #124023640ba4acb
] - crypto: clear err stack after ECDH::BufferToPoint (Ryan Kelly) #13275545235fc4b
] - deps: add missing #include "unicode/normlzr.h" (Bruno Pagani) #13040ea09a1c3e6
] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #1669168661a95b5
] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836bdcb2525fb
] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#13893f93ffee89
] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#138916fbd9da0d
] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #1669155e15ec820
] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #166919c3e246ffe
] - deps: backport4e18190
from V8 upstream (jshin) #1556243d1ac3a62
] - deps: backportbff3074
from V8 upstream (Myles Borins) #15562b259fd3bd5
] - deps: cherry pickd7f813b
from V8 upstream (akos.palfi) #1556285800c4ba4
] - deps: backporte28183b
from upstream V8 (karl) #1556206eb181916
] - deps: update openssl asm and asm_obsolete files (Daniel Bevenius) #13233c0fe1fccc3
] - deps: update openssl config files (Daniel Bevenius) #13233523eb60424
] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#18360aacd5a8cd
] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#138980c48c0720
] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389bbd92b4676
] - deps: copy all openssl header files to include dir (Daniel Bevenius) #132338507f0fb5d
] - deps: upgrade openssl sources to 1.0.2l (Daniel Bevenius) #132339bfada8f0c
] - deps: add example of comparing OpenSSL changes (Daniel Bevenius) #1323471f9cdf241
] - deps: cherry-pick09db540
,686558d from V8 upstream (Jesse Rosenberger) #14829751f1ac08e
] - Revert "deps: backporte093a04
,09db540
from upstream V8" (Jesse Rosenberger) #14829ed6298c7de
] - deps: cherry-pick18ea996
from c-ares upstream (Anna Henningsen) #13883639180adfa
] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #129139ba73e1797
] - deps: cherry-pick4ae5993
from upstream OpenSSL (Shigeki Ohtsu) #12913f8e282e51c
] - doc: fix typo in zlib.md (Luigi Pinca) #16480532a2941cb
] - doc: add missing make command to UPGRADING.md (Daniel Bevenius) #132331db33296cb
] - doc: add entry for subprocess.killed property (Rich Trott) #145780fa09dfd77
] - doc: changechild
tosubprocess
(Rich Trott) #1457843bbfafaef
] - docs: Fix broken links in crypto.md (Zuzana Svetlikova) #151821bde7f5cef
] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389e69f47b686
] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389cb92f93cd5
] - test: remove internal headers from addons (Gibson Fahnestock) #79475d9164c315
] - test: move test-cluster-debug-port to sequential (Oleksandr Kushchak) #1629207c912e849
] - tools: update certdata.txt (Ben Noordhuis) #13279c40bffcb88
] - tools: update certdata.txt (Ben Noordhuis) #12402161162713f
] - tools: be explicit about including key-id (Myles Borins) #133090c820c092b
] - v8: fix stack overflow in recursive method (Ben Noordhuis) #12460a1f992975f
] - zlib: fix crash when initializing failed (Anna Henningsen) #1466631bf595b94
] - zlib: fix node crashing on invalid options (Alexey Orlenko) #13098v4.8.5
Compare Source
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities.
Notable Changes
Commits
f5defa2a7c
] - zlib: gracefully set windowBits from 8 to 9 (Myles Borins) nodejs-private/node-private#95v4.8.4
Compare Source
v4.8.3
Compare Source
v4.8.2
Compare Source
v4.8.1
Compare Source
v4.8.0
Compare Source
v4.7.3
Compare Source
v4.7.2
Compare Source
v4.7.1
Compare Source
v4.7.0
Compare Source
v4.6.2
Compare Source
v4.6.1
Compare Source
v4.6.0
Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.