Releases: balena-io-modules/open-balena-base
Releases · balena-io-modules/open-balena-base
v18.0.24
Update dependency node to v22.13.1
Notable changes
- CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
- CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
- CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
- CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
- [
520da342e0] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#662 - [
99f217369f] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias Nießen) nodejs-private/node-private#555 - [
984f735e35] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650 - [
2446870618] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#651
nodejs/node (node)
v22.13.1: 2025-01-21, Version 22.13.1 'Jod' (LTS), @RafaelGSS
This is a security release.
Notable Changes
- CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
- CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
- CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
- CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits
- [
520da342e0] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#662 - [
99f217369f] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias Nießen) nodejs-private/node-private#555 - [
984f735e35] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650 - [
2446870618] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#651
List of commits
d416eb0 (Update dependency node to v22.13.1, 2025-01-21)
v18.0.23
Update dependency node to v22.13.0
Notable changes
- [
05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #54630 - [
a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604 - [
ba9d5397de] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #56087 - [
f6d0c01303] - doc: stabilize util.styleText (Rafael Gonzaga) #56265 - [
34c68827af] - doc: move typescript support to active development (Marco Ippolito) #55536 - [
dd14b80350] - doc: add LJHarb to collaborators (Jordan Harband) #56132 - [
5263086169] - (SEMVER-MINOR) doc: add report version and history section (Chengzhong Wu) #56130 - [
8cb3c2018d] - (SEMVER-MINOR) doc: sort --report-exclude alphabetically (Rafael Gonzaga) #55788 - [
55239a48b6] - (SEMVER-MINOR) doc,lib,src,test: unflag sqlite module (Colin Ihrig) #55890 - [
7cbe3de1d8] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 - [
6575b76042] - (SEMVER-MINOR) module: add module.stripTypeScriptTypes (Marco Ippolito) #55282 - [
bacfe6d5c9] - (SEMVER-MINOR) net: support blocklist in net.connect (theanarkh) #56075 - [
b47888d390] - (SEMVER-MINOR) net: support blocklist for net.Server (theanarkh) #56079 - [
566f0a1d25] - (SEMVER-MINOR) net: add SocketAddress.parse (James M Snell) #56076 - [
ed7eab1421] - (SEMVER-MINOR) net: add net.BlockList.isBlockList(value) (James M Snell) #56078 - [
ea4891856d] - (SEMVER-MINOR) process: deprecatefeatures.{ipv6,uv}andfeatures.tls_*(René) #55545 - [
01eb308f26] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 - [
97c38352d0] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 - [
b4041e554a] - (SEMVER-MINOR) sqlite: addStatementSync.prototype.iteratemethod (tpoisseau) #54213 - [
2e3ca1bbdd] - (SEMVER-MINOR) src: add cli option to preserve env vars on diagnostic reports (Rafael Gonzaga) #55697 - [
bcfe9c80fc] - (SEMVER-MINOR) util: add sourcemap support to getCallSites (Marco Ippolito) #55589 - [
e9024779c0] - assert: make Maps be partially compared in partialDeepStrictEqual (Giovanni Bucci) #56195 - [
4c13d8e587] - assert: make partialDeepStrictEqual work with ArrayBuffers (Giovanni Bucci) #56098 - [
a4fa31a86e] - assert: optimize partial comparison of twoSets (Antoine du Hamel) #55970 - [
5e1321abd7] - buffer: document concat zero-fill (Duncan) #55562 - [
be5ba7c648] - build: set DESTCPU correctly for 'make binary' on loongarch64 (吴小白) #56271 - [
38cf37ee2d] - build: fix missing fp16 dependency in d8 builds (Joyee Cheung) #56266 - [
dbb7557455] - build: add major release action (Rafael Gonzaga) #56199 - [
27cc90f3be] - build: fix C string encoding forPRODUCT_DIR_ABS(Anna Henningsen) #56111 - [
376561c2b4] - build: use variable for simdutf path (Shelley Vohr) #56196 - [
126ae15000] - build: allow overriding clang usage (Shelley Vohr) #56016 - [
97bb8f7c76] - build: remove defaults for create-release-proposal (Rafael Gonzaga) #56042 - [
a8fb1a06f3] - build: set node_arch to target_cpu in GN (Shelley Vohr) #55967 - [
9f48ca27f1] - build: use variable for crypto dep path (Shelley Vohr) #55928 - [
e47ccd2287] - build: fix GN build for sqlite (Cheng) #55912 - [
8d70b99a5a] - build: compile bundled simdutf conditionally (Jakub Jirutka) #55886 - [
826fd35242] - build: compile bundled simdjson conditionally (Jakub Jirutka) #55886 - [
1015b22085] - build: compile bundled ada conditionally (Jakub Jirutka) #55886 - [
77e2869ca6] - build: use glob for dependencies of out/Makefile (Richard Lau) #55789 - [
72e8e0684e] - crypto: graduate WebCryptoAPIEd25519and X25519 algorithms as stable (Filip Skokan) #56142 - [
fe2b344ddb] - crypto: ensure CryptoKey usages and algorithm are cached objects (Filip Skokan) #56108 - [
9ee9f524a7] - crypto: allow non-multiple of 8 in SubtleCrypto.deriveBits (Filip Skokan) #55296 - [
76f242d993] - deps: update nghttp3 to 1.6.0 (Node.js GitHub Bot) #56258 - [
c7ff2ea6b5] - deps: update simdutf to 5.6.4 (Node.js GitHub Bot) #56255 - [
04230be1ef] - deps: update libuv to 1.49.2 (Luigi Pinca) #56224 - [
88589b85b7] - deps: update c-ares to v1.34.4 (Node.js GitHub Bot) #56256 - [
5c2e0618f3] - deps: define V8_PRESERVE_MOST as no-op on Windows (Stefan Stojanovic) #56238 - [[
9f8f3c9658](https://togithub.com/nodejs/nod...
v18.0.22
Update dependency npm to v11
Notable changes
8a911da#7963 ls: removed design change pending section note (#7963) (@milaninfy)5319e48#7973 remove unnecessary sprintf-js files in node_modules (#7973)d369c77#7976[email protected]3b2951a#7976[email protected]a598b7b#7976[email protected]52bcaf6#7976[email protected]aabf345#7976[email protected]28e8761#7976[email protected]ecd7190#7976 dev dependency updates (@wraithgar)a07f4e0#7976@npmcli/[email protected](@wraithgar)687ab12#7970 remove pre-release mode from npm 11 and workspaces (#7970) (@wraithgar)- workspace:
@npmcli/[email protected] - workspace:
@npmcli/[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected]
npm/cli (npm)
v11.0.0
Documentation
8a911da#7963 ls: removed design change pending section note (#7963) (@milaninfy)
Dependencies
5319e48#7973 remove unnecessary sprintf-js files in node_modules (#7973)d369c77#7976[email protected]3b2951a#7976[email protected]a598b7b#7976[email protected]52bcaf6#7976[email protected]aabf345#7976[email protected]28e8761#7976[email protected]
Chores
ecd7190#7976 dev dependency updates (@wraithgar)a07f4e0#7976@npmcli/[email protected](@wraithgar)687ab12#7970 remove pre-release mode from npm 11 and workspaces (#7970) (@wraithgar)- workspace:
@npmcli/[email protected] - workspace:
@npmcli/[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected] - workspace:
[email protected]
List of commits
88c23f7 (Update dependency npm to v11, 2024-12-16)
v18.0.21
Update dependency npm to v10.9.2
Notable changes
ae9345e#7959@npmcli/[email protected]39a19b3#7959[email protected]93e2186#7956@npmcli/[email protected]bf0ea00#7956@npmcli/[email protected]c84baa3#7956[email protected]e642099#7956[email protected]
List of commits
951f021 (Update dependency npm to v10.9.2, 2024-12-04)
v18.0.20
Update dependency node to v22.12.0
Notable changes
List of commits
6c41780 (Update dependency node to v22.12.0, 2024-12-03)
v18.0.19
Update dependency npm to v10.9.1
Notable changes
c7fe0db#7924 perf: enable compile cache if present (#7924) (@H4ad)a221db7#7931[email protected]fbad17a#7931[email protected]65d2a86#7922@sigstore/[email protected]be45963#7922[email protected]fb0bfbd#7922[email protected]ccadf2a#7922[email protected]b25712e#7922[email protected]1c9e96f#7922[email protected]f13bc9c#7922[email protected]029060c#7922[email protected]9350950#7922@npmcli/[email protected]c003827#7922[email protected]d6194f5#7922[email protected]4ff29f6#7922[email protected]fd6f4fb#7922[email protected]b3f3004#7922[email protected]a1f9d48#7922[email protected]3ace1c1#7922 update arborist in mock-registry (@wraithgar)- workspace:
[email protected]
npm/cli (npm)
v10.9.1
Bug Fixes
Dependencies
a221db7#7931[email protected]fbad17a#7931[email protected]65d2a86#7922@sigstore/[email protected]be45963#7922[email protected]fb0bfbd#7922[email protected]ccadf2a#7922[email protected]b25712e#7922[email protected]1c9e96f#7922[email protected]f13bc9c#7922[email protected]029060c#7922[email protected]9350950#7922@npmcli/[email protected]c003827#7922[email protected]d6194f5#7922[email protected]4ff29f6#7922[email protected]fd6f4fb#7922[email protected]b3f3004#7922[email protected]a1f9d48#7922[email protected]
Chores
3ace1c1#7922 update arborist in mock-registry (@wraithgar)- workspace:
[email protected]
List of commits
ecc560e (Update dependency npm to v10.9.1, 2024-11-21)
v18.0.18
v18.0.17
Update dependency node to v22.11.0
Notable changes
nodejs/node (node)
v22.11.0: 2024-10-29, Version 22.11.0 'Jod' (LTS), @richardlau
Notable Changes
This release marks the transition of Node.js 22.x into Long Term Support (LTS)
with the codename 'Jod'. The 22.x release line now moves into "Active LTS"
and will remain so until October 2025. After that time, it will move into
"Maintenance" until end of life in April 2027.
Other than updating metadata, such as the process.release object, to reflect
that the release is LTS, no further changes from Node.js 22.10.0 are included.
OpenSSL 3.x
Official binaries for Node.js 22.x currently include OpenSSL 3.0.x (more
specifically, the quictls OpenSSL fork).
OpenSSL 3.0.x is the currently designated long term support version that is
scheduled to be supported until 7th September 2026, which is within the expected
lifetime of Node.js 22.x. We are expecting upstream OpenSSL to announce a
successor long term support version prior to that date and since OpenSSL now
follows a semantic versioning-like versioning scheme we expect to be able to
update to the next long term supported version of OpenSSL during the lifetime of
Node.js 22.x.
List of commits
5784aea (Update dependency node to v22.11.0, 2024-10-29)
v18.0.16
Update dependency node to v22.10.0
Notable changes
List of commits
1a74de9 (Update dependency node to v22.10.0, 2024-10-16)
v18.0.15
Update dependency npm to v10.9.0
Notable changes
4d57928#7766 devEngines (#7766) (@reggi)6ca609e#7789 ping and doctor commands fix for checking if registry is online (#7789) (@milaninfy)63d6a73#7783 package.json: add brief section on exports, link to Node.js docs (#7783) (@wheresrhys)366c07e#7776 remove incorrect note about npm install (#7776) (@wraithgar)60a7ee5#7803 hoist npm-normalize-package-bin20dd44f#7803 hoist minipass-fetch5795987#7803 update[email protected]99ccae3#7803 update[email protected]75786ad#7803 update@npmcli/[email protected]1c25a1d#7803 update@npmcli/[email protected]2d7fc3d#7803 update@npmcli/[email protected]1e09334#7803 update@npmcli/[email protected]820e983#7803 update@npmcli/[email protected]9cd6603#7803 update[email protected]b84d907#7803 update@npmcli/[email protected]53ed632#7803 update[email protected]ab40dab#7803 update[email protected]b1c4770#7803 update[email protected]8206c4f#7803 update[email protected]8b7dbc8#7803 update[email protected]f6909a0#7803 update[email protected]f9b2e18#7803 update[email protected]e7ab206#7803 update[email protected]b28dbb1#7803 update[email protected]d13a20b#7803 update[email protected]5208f74#7803 update[email protected]092f41f#7803 update[email protected]50a7bc8#7803 update[email protected]591130d#7803 update[email protected]be6ae96#7803 update[email protected]8d4060a#7803 update[email protected]105fa2b#7803 update[email protected]eae4f57#7803 update[email protected]7214149#7803 update[email protected]c4bed31#7803 update[email protected]f54b155#7803 update[email protected]6deae9e#7803 update[email protected]034c729#7803 update[email protected]ddb8be0#7803 update[email protected]538a4cc#7803 update@npmcli/[email protected]b80d048#7803 update@npmcli/[email protected]81137fc#7803 update@npmcli/[email protected]2076368#7803 update@npmcli/[email protected]feac87c#7803 update@npmcli/[email protected]dd90f9e#7803 update@npmcli/[email protected]95e2cb1#7810 ignore .github folder in release-please (@reggi)be1e6da#7803 update[email protected](@reggi)43f2374#7803 update[email protected](@reggi)bb03036#7803 update[email protected](@reggi)2072705#7803 update@npmcli/[email protected](@reggi)949d8f8#7803 engine ^18.17.0 || >=20.5.0 in package t...