Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: nodejs/node
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v18.14.0
Choose a base ref
...
head repository: nodejs/node
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v18.14.1
Choose a head ref
  • 15 commits
  • 932 files changed
  • 5 contributors

Commits on Feb 2, 2023

  1. Working on v18.14.1 

    PR-URL: #46396
    @juanarbol
    juanarbol committed Feb 2, 2023

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    kamilmysliwiec Kamil Mysliwiec
    GPG key ID: 21ED9535110F047A
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e393d8a View commit details

Commits on Feb 15, 2023

  1. crypto: clear OpenSSL error on invalid ca cert 

    CVE-ID: CVE-2023-23919
PR-URL: nodejs-private/node-private#370
Refs: https://hackerone.com/bugs?report_id=1808596
Reviewed-By: Michael Dawson <midawson@redhat.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
    @RafaelGSS @juanarbol
    RafaelGSS authored and juanarbol committed Feb 15, 2023

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    kamilmysliwiec Kamil Mysliwiec
    GPG key ID: 21ED9535110F047A
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    004e34d View commit details

  2. build: build ICU with ICU_NO_USER_DATA_OVERRIDE 

    Backport-PR-URL: nodejs-private/node-private#379
CVE-ID: CVE-2023-23920
PR-URL: nodejs-private/node-private#374
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1625036
Reviewed-By: Richard Lau <rlau@redhat.com>
    @RafaelGSS @juanarbol
    RafaelGSS authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    8393ebc View commit details

  3. deps: update undici to 5.15.0 

    PR-URL: #46213
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
    @nodejs-github-bot @juanarbol
    nodejs-github-bot authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    00302fc View commit details

  4. deps: update undici to 5.15.1 

    PR-URL: #46213
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
    @nodejs-github-bot @juanarbol
    nodejs-github-bot authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    90994e6 View commit details

  5. deps: update undici to 5.16.0 

    PR-URL: #46213
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
    @nodejs-github-bot @juanarbol
    nodejs-github-bot authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    b4e49fb View commit details

  6. deps: update undici to 5.17.1 

    PR-URL: #46502
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
    @nodejs-github-bot @juanarbol
    nodejs-github-bot authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    db93ee4 View commit details

  7. deps: update undici to 5.18.0 

    PR-URL: #46502
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
    @nodejs-github-bot @juanarbol
    nodejs-github-bot authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    c26a34c View commit details

  8. deps: update undici to 5.19.1 

    PR-URL: #46634
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Juan JosΓ© Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
    @nodejs-github-bot @juanarbol
    nodejs-github-bot authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    f0afa0b View commit details

  9. deps: upgrade openssl sources to quictls/openssl-3.0.8+quic 

    This updates all sources in deps/openssl/openssl by:
    $ git clone git@github.com:quictls/openssl.git
    $ cd openssl
    $ git checkout openssl-3.0.8+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../../../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: #46572
Refs: https://mta.openssl.org/pipermail/openssl-announce/2023-February/000251.html
Reviewed-By: Richard Lau <rlau@redhat.com>
    @RafaelGSS @juanarbol
    RafaelGSS authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    2c6817e View commit details

  10. deps: update archs files for quictls/openssl-3.0.8+quic 

    After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl
    $ git commit

PR-URL: #46572
Refs: https://mta.openssl.org/pipermail/openssl-announce/2023-February/000251.html
Reviewed-By: Richard Lau <rlau@redhat.com>
    @RafaelGSS @juanarbol
    RafaelGSS authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    f71fe27 View commit details

  11. deps: cherry-pick Windows ARM64 fix for openssl 

    Original commit message:

    rsa: add msvc intrinsic for non x64 platforms

    _umul128() is x86_64 (x64) only, while __umulh() works everywhere, but
    doesn't generate optimal code on x64

PR-URL: #46572
Refs: openssl/openssl#20244
Refs: https://mta.openssl.org/pipermail/openssl-announce/2023-February/000251.html
Reviewed-By: Richard Lau <rlau@redhat.com>
    @richardlau @juanarbol
    richardlau authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    5e0142a View commit details

  12. policy: makeRequireFunction on mainModule.require 

    PR-URL: nodejs-private/node-private#358
Backport-PR-URL: nodejs-private/node-private#371
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
Co-authored-by: Bradley Farias <bradley.meck@gmail.com>
Reviewed-by: Bradley Farias <bradley.meck@gmail.com>
Reviewed-by: Michael Dawson <midawson@redhat.com>
    @RafaelGSS @bmeck @juanarbol
    2 people authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    7cccd55 View commit details

  13. lib: makeRequireFunction patch when experimental policy 

    PR-URL: nodejs-private/node-private#358
Backport-PR-URL: nodejs-private/node-private#371
Reviewed-by: Bradley Farias <bradley.meck@gmail.com>
Reviewed-by: Michael Dawson <midawson@redhat.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
    @RafaelGSS @juanarbol
    RafaelGSS authored and juanarbol committed Feb 15, 2023
    Copy the full SHA
    0e3b796 View commit details

  14. 2023-02-16, Version 18.14.1 'Hydrogen' (LTS) 

    This is a security release.

Notable changes:

The following CVEs are fixed in this release:

- CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
- OpenSSL 3.0.8
- undici 5.19.1

PR-URL: nodejs-private/node-private#386
    @juanarbol
    juanarbol committed Feb 15, 2023
    Copy the full SHA
    7bc2cf7 View commit details
Loading