Update Node.js to v4.9.1 #16
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/node-4.x
branch
from
efc4b04
to
1131836
Compare
renovate
bot
force-pushed
the
renovate/node-4.x
branch
from
1131836
to
7c84d11
Compare
renovate
bot
force-pushed
the
renovate/node-4.x
branch
from
7c84d11
to
59778a8
Compare
renovate
bot
changed the title
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.2->4.9Release Notes
nodejs/node (node)
v4.9.1: 2018-03-29, Version 4.9.1 'Argon' (Maintenance), @MylesBorinsCompare Source
Notable Changes
No additional commits.
Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the latest releases for PPC little
endian were built using GCC 4.9.X instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are doing this release to ensure that
the hosted binaries are adhering to our platform support contract.
v4.9.0: 2018-03-28, Version 4.9.0 'Argon' (Maintenance), @MylesBorinsCompare Source
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
Notable Changes
'path'module regular expression denial of service (CVE-2018-7158): A regular expression used for parsing POSIX an Windows paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted'path'module functions.Content-Lengthheader values (CVE-2018-7159): The Node.js HTTP parser allowed for spaces insideContent-Lengthheader values. Such values now lead to rejected connections in the same way as non-numeric values.Commits
497ff3cd4f] - crypto: update root certificates (Ben Noordhuis) #19322514709e41f] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#18365108108606] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389d67d0a63d9] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#13896af057ecc8] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #19638b50cd3359d] - deps: upgrade openssl sources to 1.0.2o (Shigeki Ohtsu) #19638da6e24c8d6] - deps: reject interior blanks in Content-Length (Ben Noordhuis) nodejs-private/http-parser-private#17ebc9981e0] - deps: upgrade http-parser to v2.8.0 (Ben Noordhuis) nodejs-private/http-parser-private#16fd2cc93a6] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389bf00665af6] - path: unwind regular expressions in Windows (Myles Borins)4196fcf23e] - path: unwind regular expressions in POSIX (Myles Borins)625986b699] - src: drop CNNIC+StartCom certificate whitelisting (Ben Noordhuis) #19322ebc46448a4] - tools: update certdata.txt (Ben Noordhuis) #19322v4.8.7: 2017-12-08, Version 4.8.7 'Argon' (Maintenance), @MylesBorinsCompare Source
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
Notable Changes
Commits
4f8fae3493] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #17526eacd090e7b] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#18363e6b0b0d13] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389b0ed4c52af] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389dd6a2dff1e] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #17526b3afedfbe9] - deps: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) #17526f7eb162d0d] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389v4.8.6: 2017-11-07, Version 4.8.6 'Argon' (Maintenance), @MylesBorinsCompare Source
This Maintenance release comes with 47 commits. This includes 26 commits which are updates to dependencies,
8 which are build / tool related, 4 which are doc related, and 2 which are test related.
This release includes a security update to openssl that has been deemed low severity for the Node.js project.
Notable Changes
Commits
e064ae62e4] - build: fix make test-v8 (Ben Noordhuis) #15562a7f7a87a1b] - build: run test-hash-seed at the end of test-v8 (Michaël Zasso) #1421905e8b1b7d9] - build: codesign tarball binary on macOS (Evan Lucas) #14179e2b6fdf93e] - build: avoid /docs/api and /docs/doc/api upload (Rod Vagg) #1295759d35c0775] - build,tools: do not force codesign prefix (Evan Lucas) #14179210fa72e9e] - crypto: update root certificates (Ben Noordhuis) #13279752b46a259] - crypto: update root certificates (Ben Noordhuis) #124023640ba4acb] - crypto: clear err stack after ECDH::BufferToPoint (Ryan Kelly) #13275545235fc4b] - deps: add missing #include "unicode/normlzr.h" (Bruno Pagani) #13040ea09a1c3e6] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #1669168661a95b5] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836bdcb2525fb] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#13893f93ffee89] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#138916fbd9da0d] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #1669155e15ec820] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #166919c3e246ffe] - deps: backport4e18190from V8 upstream (jshin) #1556243d1ac3a62] - deps: backportbff3074from V8 upstream (Myles Borins) #15562b259fd3bd5] - deps: cherry pickd7f813bfrom V8 upstream (akos.palfi) #1556285800c4ba4] - deps: backporte28183bfrom upstream V8 (karl) #1556206eb181916] - deps: update openssl asm and asm_obsolete files (Daniel Bevenius) #13233c0fe1fccc3] - deps: update openssl config files (Daniel Bevenius) #13233523eb60424] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#18360aacd5a8cd] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#138980c48c0720] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389bbd92b4676] - deps: copy all openssl header files to include dir (Daniel Bevenius) #132338507f0fb5d] - deps: upgrade openssl sources to 1.0.2l (Daniel Bevenius) #132339bfada8f0c] - deps: add example of comparing OpenSSL changes (Daniel Bevenius) #1323471f9cdf241] - deps: cherry-pick09db540,686558d from V8 upstream (Jesse Rosenberger) #14829751f1ac08e] - Revert "deps: backporte093a04,09db540from upstream V8" (Jesse Rosenberger) #14829ed6298c7de] - deps: cherry-pick18ea996from c-ares upstream (Anna Henningsen) #13883639180adfa] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #129139ba73e1797] - deps: cherry-pick4ae5993from upstream OpenSSL (Shigeki Ohtsu) #12913f8e282e51c] - doc: fix typo in zlib.md (Luigi Pinca) #16480532a2941cb] - doc: add missing make command to UPGRADING.md (Daniel Bevenius) #132331db33296cb] - doc: add entry for subprocess.killed property (Rich Trott) #145780fa09dfd77] - doc: changechildtosubprocess(Rich Trott) #1457843bbfafaef] - docs: Fix broken links in crypto.md (Zuzana Svetlikova) #151821bde7f5cef] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389e69f47b686] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389cb92f93cd5] - test: remove internal headers from addons (Gibson Fahnestock) #79475d9164c315] - test: move test-cluster-debug-port to sequential (Oleksandr Kushchak) #1629207c912e849] - tools: update certdata.txt (Ben Noordhuis) #13279c40bffcb88] - tools: update certdata.txt (Ben Noordhuis) #12402161162713f] - tools: be explicit about including key-id (Myles Borins) #133090c820c092b] - v8: fix stack overflow in recursive method (Ben Noordhuis) #12460a1f992975f] - zlib: fix crash when initializing failed (Anna Henningsen) #1466631bf595b94] - zlib: fix node crashing on invalid options (Alexey Orlenko) #13098v4.8.5: Version 4.8.5 'Argon' (Maintenance), @MylesBorinsCompare Source
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities.
Notable Changes
Commits
f5defa2a7c] - zlib: gracefully set windowBits from 8 to 9 (Myles Borins) nodejs-private/node-private#95v4.8.4Compare Source
v4.8.3Compare Source
v4.8.2Compare Source
v4.8.1Compare Source
v4.8.0Compare Source
v4.7.3Compare Source
v4.7.2Compare Source
v4.7.1Compare Source
v4.7.0Compare Source
v4.6.2Compare Source
v4.6.1Compare Source
v4.6.0Compare Source
v4.5.0Compare Source
v4.4.7Compare Source
v4.4.6Compare Source
v4.4.5Compare Source
v4.4.4Compare Source
Moved to doc/changelogs/CHANGELOG_V4.md#4.4.4.
v4.4.3Compare Source
v4.4.2Compare Source
Moved to doc/changelogs/CHANGELOG_V4.md#4.4.2.
v4.4.1Compare Source
Moved to doc/changelogs/CHANGELOG_V4.md#4.4.1.
v4.4.0Compare Source
Moved to doc/changelogs/CHANGELOG_V4.md#4.4.0.
v4.3.2Compare Source
Moved to doc/changelogs/CHANGELOG_V4.md#4.3.2.
v4.3.1Compare Source
Moved to doc/changelogs/CHANGELOG_V4.md#4.3.1.
v4.3.0Compare Source
Moved to doc/changelogs/CHANGELOG_V4.md#4.3.0.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.