Package node: Information

  • Default inline alert: Version in the repository: 20.12.2-alt1

Source package: node
Version: 20.11.1-alt1
Latest version according to Repology
Build time:  Feb 27, 2024, 05:39 AM in the task #340942
Category: Development/Tools
Report package bug
Gear: https://git.altlinux.org/gears/n/node.git?a=tree;hb=58b5d5695f54…
Home page: http://nodejs.org/
License: MIT
Summary: Evented I/O for V8 Javascript
Description: 
Node.js is a server-side JavaScript environment that uses an asynchronous
event-driven model.  Node's goal is to provide an easy way to build scalable
network programs.
List of rpms provided by this srpm:
node (x86_64, ppc64le, i586, armh, aarch64)
node-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
node-devel (x86_64, ppc64le, i586, armh, aarch64)
node-doc (noarch)
npm (noarch)
Maintainer: Vitaly Lipatov
List of contributors:
Vitaly Lipatov
Alexey Shabalin
Pavel Skrylev
Dmitriy Kulik
Mikhail Pokidko
Vitaly Kuznetsov
ACL:
Vitaly Lipatov
    1. /proc
    2. curl
    3. gcc-c++
    4. gyp >= 0.14.0
    5. libbrotli-devel
    6. libcares-devel >= 1.20.1
    7. libicu-devel >= 7.3
    8. libnghttp2-devel >= 1.57.0
    9. libuv-devel >= 1.48.0
    10. openssl
    11. openssl-devel >= 3.0.8
    12. python3-devel
    13. python3-module-simplejson
    14. rpm-build-intro >= 2.1.14
    15. rpm-macros-features
    16. rpm-macros-nodejs
    17. zlib-devel >= 1.2.13

Last changed

Feb. 18, 2024 Vitaly Lipatov 20.11.1-alt1
- new version 20.11.1 (with rpmrb script)
- enable build npm subpackage
- CVE-2024-21892: Code injection and privilege escalation through Linux capabilities- (High)
- CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
- CVE-2024-21896: Path traversal by monkey-patching Buffer internals- (High)
- CVE-2024-22017: setuid() does not drop all privileges due to io_uring - (High)
- CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
- CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
- CVE-2024-21890: Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
- CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
- libuv >= 1.48.0
Feb. 5, 2024 Vitaly Lipatov 20.11.0-alt1
- new version 20.11.0 (with rpmrb script)
- set npm >= 10.2.4, c-ares >= 1.20.1
Nov. 2, 2023 Vitaly Lipatov 20.9.0-alt1
- 2023-10-24, Version 20.9.0 'Iron' (LTS)
- set npm >= 10.1.0, libuv >= 1.46.0, libicu >= 7.3, libnghttp2 >= 1.57.0
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top