Package node: Information

    Source package: node
    Version: 20.11.1-alt2
    Latest version according to Repology
    Build time:  Mar 2, 2024, 01:30 AM in the task #341768
    Report package bug
    Home page: http://nodejs.org/

    License: MIT
    Summary: Evented I/O for V8 Javascript
    Description: 
    Node.js is a server-side JavaScript environment that uses an asynchronous
    event-driven model.  Node's goal is to provide an easy way to build scalable
    network programs.

    List of rpms provided by this srpm:
    node (x86_64, ppc64le, i586, armh, aarch64)
    node-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
    node-devel (x86_64, ppc64le, i586, armh, aarch64)
    node-doc (noarch)
    npm (noarch)

    Maintainer: Vitaly Lipatov



      1. /proc
      2. curl
      3. gcc-c++
      4. gyp >= 0.14.0
      5. libcares-devel >= 1.20.1
      6. libnghttp2-devel >= 1.57.0
      7. libicu-devel >= 7.3
      8. libbrotli-devel
      9. python3-devel
      10. openssl
      11. openssl-devel >= 3.0.8
      12. python3-module-simplejson
      13. libuv-devel >= 1.48.0
      14. zlib-devel >= 1.2.13
      15. rpm-build-intro >= 2.1.14
      16. rpm-macros-features
      17. rpm-macros-nodejs

    Last changed


    March 1, 2024 Vitaly Lipatov 20.11.1-alt2
    - fix npm config get user-agent output again (ALT bug 43430)
    Feb. 18, 2024 Vitaly Lipatov 20.11.1-alt1
    - new version 20.11.1 (with rpmrb script)
    - enable build npm subpackage
    - CVE-2024-21892: Code injection and privilege escalation through Linux capabilities- (High)
    - CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
    - CVE-2024-21896: Path traversal by monkey-patching Buffer internals- (High)
    - CVE-2024-22017: setuid() does not drop all privileges due to io_uring - (High)
    - CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
    - CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
    - CVE-2024-21890: Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
    - CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
    - libuv >= 1.48.0
    Feb. 5, 2024 Vitaly Lipatov 20.11.0-alt1
    - new version 20.11.0 (with rpmrb script)
    - set npm >= 10.2.4, c-ares >= 1.20.1