Security update to v18.19.1
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/
Fixes
CVE-2024-24758 (in the bundled version of undici)
CVE-2024-22019
CVE-2024-21896
CVE-2024-22017
CVE-2023-46809
CVE-2024-21891
CVE-2024-21890
The diff to v18.19.0 is rather small, v8 isn't affected and none of our patches
need to be updated. I built and tested on amd64 (with IBT) and arm64 (without
IBT) and rebuilt www/mozilla-firefox succesfully.
PLIST churn due to update of npm, as usual.
ok?
Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/node/Makefile,v
retrieving revision 1.131
diff -u -p -r1.131 Makefile
--- Makefile 7 Dec 2023 17:01:26 -0000 1.131
+++ Makefile 15 Feb 2024 09:15:39 -0000
@@ -5,7 +5,7 @@ USE_WXNEEDED = Yes
COMMENT = JavaScript runtime built on Chrome's V8 JavaScript engine
-NODE_VERSION = v18.19.0
+NODE_VERSION = v18.19.1
PLEDGE_VER = 1.1.3
DISTFILES = ${DISTNAME}-headers.tar.gz \
${DISTNAME}.tar.xz
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/node/distinfo,v
retrieving revision 1.74
diff -u -p -r1.74 distinfo
--- distinfo 7 Dec 2023 17:01:26 -0000 1.74
+++ distinfo 15 Feb 2024 09:15:39 -0000
@@ -1,6 +1,6 @@
SHA256 (node-pledge-1.1.3.tar.gz) =
fEaXvLg6hYEJ69K+mgQFizf8DiJY2/DtyFJB/pEanVU=
-SHA256 (node-v18.19.0-headers.tar.gz) =
5VgggY3FL9HPOoY4DGJEqHI74lUdl9fQdo2XFrKW4N0=
-SHA256 (node-v18.19.0.tar.xz) = 9StBryBZapq9jtdSQYN+xDlFRoIhRIu/hBNh4gkYGbY=
+SHA256 (node-v18.19.1-headers.tar.gz) =
JrnSZiPunJa/SfEq8t34CtUfdO4hmh78TOvCl+983ps=
+SHA256 (node-v18.19.1.tar.xz) = CQ+WouzeCAtrOCxtZCvKXQvkcCp4y1Vb578CsgvRbe0=
SIZE (node-pledge-1.1.3.tar.gz) = 3167
-SIZE (node-v18.19.0-headers.tar.gz) = 8716497
-SIZE (node-v18.19.0.tar.xz) = 41248748
+SIZE (node-v18.19.1-headers.tar.gz) = 8716368
+SIZE (node-v18.19.1.tar.xz) = 41250068
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/lang/node/pkg/PLIST,v
retrieving revision 1.59
diff -u -p -r1.59 PLIST
--- pkg/PLIST 7 Dec 2023 17:01:28 -0000 1.59
+++ pkg/PLIST 15 Feb 2024 09:15:39 -0000
@@ -105,10 +105,6 @@ lib/node_modules/@isaacs/cliui/build/lib
lib/node_modules/@isaacs/cliui/build/lib/index.js
lib/node_modules/@isaacs/cliui/index.mjs
lib/node_modules/@isaacs/cliui/node_modules/
-lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/
-lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/index.js
-lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/license
-lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json
lib/node_modules/@isaacs/cliui/node_modules/emoji-regex/
lib/node_modules/@isaacs/cliui/node_modules/emoji-regex/LICENSE-MIT.txt
lib/node_modules/@isaacs/cliui/node_modules/emoji-regex/RGI_Emoji.js
@@ -123,10 +119,6 @@ lib/node_modules/@isaacs/cliui/node_modu
lib/node_modules/@isaacs/cliui/node_modules/string-width/index.js
lib/node_modules/@isaacs/cliui/node_modules/string-width/license
lib/node_modules/@isaacs/cliui/node_modules/string-width/package.json
-lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/
-lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/index.js
-lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/license
-lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json
lib/node_modules/@isaacs/cliui/package.json
lib/node_modules/@isaacs/string-locale-compare/
lib/node_modules/@isaacs/string-locale-compare/LICENSE
@@ -141,26 +133,6 @@ lib/node_modules/@npmcli/agent/lib/error
lib/node_modules/@npmcli/agent/lib/index.js
lib/node_modules/@npmcli/agent/lib/options.js
lib/node_modules/@npmcli/agent/lib/proxy.js
-lib/node_modules/@npmcli/agent/node_modules/
-lib/node_modules/@npmcli/agent/node_modules/agent-base/
-lib/node_modules/@npmcli/agent/node_modules/agent-base/dist/
-lib/node_modules/@npmcli/agent/node_modules/agent-base/dist/helpers.js
-lib/node_modules/@npmcli/agent/node_modules/agent-base/dist/index.js
-lib/node_modules/@npmcli/agent/node_modules/agent-base/package.json
-lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/
-lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/LICENSE
-lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/dist/
-lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/dist/index.js
-lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/package.json
-lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/
-lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/dist/
-lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/dist/index.js
-lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/dist/parse-proxy-response.js
-lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/package.json
-lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/
-lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/dist/
-lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/dist/index.js
-lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/package.json
lib/node_modules/@npmcli/agent/package.json
lib/node_modules/@npmcli/arborist/
lib/node_modules/@npmcli/arborist/LICENSE.md
@@ -255,6 +227,11 @@ lib/node_modules/@npmcli/disparity-color
lib/node_modules/@npmcli/disparity-colors/LICENSE
lib/node_modules/@npmcli/disparity-colors/lib/
lib/node_modules/@npmcli/disparity-colors/lib/index.js
+lib/node_modules/@npmcli/disparity-colors/node_modules/
+lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/
+lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/index.js
+lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/license
+lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/package.json
lib/node_modules/@npmcli/disparity-colors/package.json
lib/node_modules/@npmcli/fs/
lib/node_modules/@npmcli/fs/LICENSE.md
@@ -509,6 +486,11 @@ lib/node_modules/abort-controller/dist/a
lib/node_modules/abort-controller/package.json
lib/node_modules/abort-controller/polyfill.js
lib/node_modules/abort-controller/polyfill.mjs
+lib/node_modules/agent-base/
+lib/node_modules/agent-base/dist/
+lib/node_modules/agent-base/dist/helpers.js
+lib/node_modules/agent-base/dist/index.js
+lib/node_modules/agent-base/package.json
lib/node_modules/aggregate-error/
lib/node_modules/aggregate-error/index.js
lib/node_modules/aggregate-error/license
@@ -640,6 +622,15 @@ lib/node_modules/cli-columns/
lib/node_modules/cli-columns/color.js
lib/node_modules/cli-columns/index.js
lib/node_modules/cli-columns/license
+lib/node_modules/cli-columns/node_modules/
+lib/node_modules/cli-columns/node_modules/ansi-regex/
+lib/node_modules/cli-columns/node_modules/ansi-regex/index.js
+lib/node_modules/cli-columns/node_modules/ansi-regex/license
+lib/node_modules/cli-columns/node_modules/ansi-regex/package.json
+lib/node_modules/cli-columns/node_modules/strip-ansi/
+lib/node_modules/cli-columns/node_modules/strip-ansi/index.js
+lib/node_modules/cli-columns/node_modules/strip-ansi/license
+lib/node_modules/cli-columns/node_modules/strip-ansi/package.json
lib/node_modules/cli-columns/package.json
lib/node_modules/cli-columns/test.js
lib/node_modules/cli-table3/
@@ -685,6 +676,15 @@ lib/node_modules/columnify/LICENSE
lib/node_modules/columnify/Makefile
lib/node_modules/columnify/columnify.js
lib/node_modules/columnify/index.js
+lib/node_modules/columnify/node_modules/
+lib/node_modules/columnify/node_modules/ansi-regex/
+lib/node_modules/columnify/node_modules/ansi-regex/index.js
+lib/node_modules/columnify/node_modules/ansi-regex/license
+lib/node_modules/columnify/node_modules/ansi-regex/package.json
+lib/node_modules/columnify/node_modules/strip-ansi/
+lib/node_modules/columnify/node_modules/strip-ansi/index.js
+lib/node_modules/columnify/node_modules/strip-ansi/license
+lib/node_modules/columnify/node_modules/strip-ansi/package.json
lib/node_modules/columnify/package.json
lib/node_modules/columnify/utils.js
lib/node_modules/columnify/width.js
@@ -974,6 +974,15 @@ lib/node_modules/gauge/lib/template-item
lib/node_modules/gauge/lib/theme-set.js
lib/node_modules/gauge/lib/themes.js
lib/node_modules/gauge/lib/wide-truncate.js
+lib/node_modules/gauge/node_modules/
+lib/node_modules/gauge/node_modules/ansi-regex/
+lib/node_modules/gauge/node_modules/ansi-regex/index.js
+lib/node_modules/gauge/node_modules/ansi-regex/license
+lib/node_modules/gauge/node_modules/ansi-regex/package.json
+lib/node_modules/gauge/node_modules/strip-ansi/
+lib/node_modules/gauge/node_modules/strip-ansi/index.js
+lib/node_modules/gauge/node_modules/strip-ansi/license
+lib/node_modules/gauge/node_modules/strip-ansi/package.json
lib/node_modules/gauge/package.json
lib/node_modules/glob/
lib/node_modules/glob/LICENSE
@@ -1051,15 +1060,15 @@ lib/node_modules/graceful-fs/graceful-fs
lib/node_modules/graceful-fs/legacy-streams.js
lib/node_modules/graceful-fs/package.json
lib/node_modules/graceful-fs/polyfills.js
-lib/node_modules/has/
lib/node_modules/has-unicode/
lib/node_modules/has-unicode/LICENSE
lib/node_modules/has-unicode/index.js
lib/node_modules/has-unicode/package.json
-lib/node_modules/has/LICENSE-MIT
-lib/node_modules/has/package.json
-lib/node_modules/has/src/
-lib/node_modules/has/src/index.js
+lib/node_modules/hasown/
+lib/node_modules/hasown/LICENSE
+lib/node_modules/hasown/index.js
+lib/node_modules/hasown/package.json
+lib/node_modules/hasown/tsconfig.json
lib/node_modules/hosted-git-info/
lib/node_modules/hosted-git-info/LICENSE
lib/node_modules/hosted-git-info/lib/
@@ -1072,6 +1081,16 @@ lib/node_modules/http-cache-semantics/
lib/node_modules/http-cache-semantics/LICENSE
lib/node_modules/http-cache-semantics/index.js
lib/node_modules/http-cache-semantics/package.json
+lib/node_modules/http-proxy-agent/
+lib/node_modules/http-proxy-agent/LICENSE
+lib/node_modules/http-proxy-agent/dist/
+lib/node_modules/http-proxy-agent/dist/index.js
+lib/node_modules/http-proxy-agent/package.json
+lib/node_modules/https-proxy-agent/
+lib/node_modules/https-proxy-agent/dist/
+lib/node_modules/https-proxy-agent/dist/index.js
+lib/node_modules/https-proxy-agent/dist/parse-proxy-response.js
+lib/node_modules/https-proxy-agent/package.json
lib/node_modules/iconv-lite/
lib/node_modules/iconv-lite/LICENSE
lib/node_modules/iconv-lite/encodings/
@@ -1290,14 +1309,12 @@ lib/node_modules/libnpmversion/package.j
lib/node_modules/lru-cache/
lib/node_modules/lru-cache/LICENSE
lib/node_modules/lru-cache/dist/
-lib/node_modules/lru-cache/dist/cjs/
-lib/node_modules/lru-cache/dist/cjs/index.js
-lib/node_modules/lru-cache/dist/cjs/index.min.js
-lib/node_modules/lru-cache/dist/cjs/package.json
-lib/node_modules/lru-cache/dist/mjs/
-lib/node_modules/lru-cache/dist/mjs/index.js
-lib/node_modules/lru-cache/dist/mjs/index.min.js
-lib/node_modules/lru-cache/dist/mjs/package.json
+lib/node_modules/lru-cache/dist/commonjs/
+lib/node_modules/lru-cache/dist/commonjs/index.js
+lib/node_modules/lru-cache/dist/commonjs/package.json
+lib/node_modules/lru-cache/dist/esm/
+lib/node_modules/lru-cache/dist/esm/index.js
+lib/node_modules/lru-cache/dist/esm/package.json
lib/node_modules/lru-cache/package.json
lib/node_modules/make-fetch-happen/
lib/node_modules/make-fetch-happen/LICENSE
@@ -2125,6 +2142,7 @@ lib/node_modules/npm/node_modules/@sigst
lib/node_modules/npm/node_modules/@tufjs
lib/node_modules/npm/node_modules/abbrev
lib/node_modules/npm/node_modules/abort-controller
+lib/node_modules/npm/node_modules/agent-base
lib/node_modules/npm/node_modules/aggregate-error
lib/node_modules/npm/node_modules/ansi-regex
lib/node_modules/npm/node_modules/ansi-styles
@@ -2175,10 +2193,12 @@ lib/node_modules/npm/node_modules/functi
lib/node_modules/npm/node_modules/gauge
lib/node_modules/npm/node_modules/glob
lib/node_modules/npm/node_modules/graceful-fs
-lib/node_modules/npm/node_modules/has
lib/node_modules/npm/node_modules/has-unicode
+lib/node_modules/npm/node_modules/hasown
lib/node_modules/npm/node_modules/hosted-git-info
lib/node_modules/npm/node_modules/http-cache-semantics
+lib/node_modules/npm/node_modules/http-proxy-agent
+lib/node_modules/npm/node_modules/https-proxy-agent
lib/node_modules/npm/node_modules/iconv-lite
lib/node_modules/npm/node_modules/ieee754
lib/node_modules/npm/node_modules/ignore-walk
@@ -2270,6 +2290,7 @@ lib/node_modules/npm/node_modules/signal
lib/node_modules/npm/node_modules/sigstore
lib/node_modules/npm/node_modules/smart-buffer
lib/node_modules/npm/node_modules/socks
+lib/node_modules/npm/node_modules/socks-proxy-agent
lib/node_modules/npm/node_modules/spdx-correct
lib/node_modules/npm/node_modules/spdx-exceptions
lib/node_modules/npm/node_modules/spdx-expression-parse
@@ -2669,6 +2690,10 @@ lib/node_modules/smart-buffer/docs/
lib/node_modules/smart-buffer/docs/ROADMAP.md
lib/node_modules/smart-buffer/package.json
lib/node_modules/socks/
+lib/node_modules/socks-proxy-agent/
+lib/node_modules/socks-proxy-agent/dist/
+lib/node_modules/socks-proxy-agent/dist/index.js
+lib/node_modules/socks-proxy-agent/package.json
lib/node_modules/socks/LICENSE
lib/node_modules/socks/build/
lib/node_modules/socks/build/client/
@@ -2720,9 +2745,27 @@ lib/node_modules/string-width/
lib/node_modules/string-width-cjs/
lib/node_modules/string-width-cjs/index.js
lib/node_modules/string-width-cjs/license
+lib/node_modules/string-width-cjs/node_modules/
+lib/node_modules/string-width-cjs/node_modules/ansi-regex/
+lib/node_modules/string-width-cjs/node_modules/ansi-regex/index.js
+lib/node_modules/string-width-cjs/node_modules/ansi-regex/license
+lib/node_modules/string-width-cjs/node_modules/ansi-regex/package.json
+lib/node_modules/string-width-cjs/node_modules/strip-ansi/
+lib/node_modules/string-width-cjs/node_modules/strip-ansi/index.js
+lib/node_modules/string-width-cjs/node_modules/strip-ansi/license
+lib/node_modules/string-width-cjs/node_modules/strip-ansi/package.json
lib/node_modules/string-width-cjs/package.json
lib/node_modules/string-width/index.js
lib/node_modules/string-width/license
+lib/node_modules/string-width/node_modules/
+lib/node_modules/string-width/node_modules/ansi-regex/
+lib/node_modules/string-width/node_modules/ansi-regex/index.js
+lib/node_modules/string-width/node_modules/ansi-regex/license
+lib/node_modules/string-width/node_modules/ansi-regex/package.json
+lib/node_modules/string-width/node_modules/strip-ansi/
+lib/node_modules/string-width/node_modules/strip-ansi/index.js
+lib/node_modules/string-width/node_modules/strip-ansi/license
+lib/node_modules/string-width/node_modules/strip-ansi/package.json
lib/node_modules/string-width/package.json
lib/node_modules/string_decoder/
lib/node_modules/string_decoder/LICENSE
@@ -2733,6 +2776,11 @@ lib/node_modules/strip-ansi/
lib/node_modules/strip-ansi-cjs/
lib/node_modules/strip-ansi-cjs/index.js
lib/node_modules/strip-ansi-cjs/license
+lib/node_modules/strip-ansi-cjs/node_modules/
+lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/
+lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/index.js
+lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/license
+lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/package.json
lib/node_modules/strip-ansi-cjs/package.json
lib/node_modules/strip-ansi/index.js
lib/node_modules/strip-ansi/license
@@ -2908,18 +2956,23 @@ lib/node_modules/wrap-ansi/
lib/node_modules/wrap-ansi-cjs/
lib/node_modules/wrap-ansi-cjs/index.js
lib/node_modules/wrap-ansi-cjs/license
+lib/node_modules/wrap-ansi-cjs/node_modules/
+lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/
+lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/index.js
+lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/license
+lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/package.json
+lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/
+lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/index.js
+lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/license
+lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/package.json
+lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/
+lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/index.js
+lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/license
+lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/package.json
lib/node_modules/wrap-ansi-cjs/package.json
lib/node_modules/wrap-ansi/index.js
lib/node_modules/wrap-ansi/license
lib/node_modules/wrap-ansi/node_modules/
-lib/node_modules/wrap-ansi/node_modules/ansi-regex/
-lib/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
-lib/node_modules/wrap-ansi/node_modules/ansi-regex/license
-lib/node_modules/wrap-ansi/node_modules/ansi-regex/package.json
-lib/node_modules/wrap-ansi/node_modules/ansi-styles/
-lib/node_modules/wrap-ansi/node_modules/ansi-styles/index.js
-lib/node_modules/wrap-ansi/node_modules/ansi-styles/license
-lib/node_modules/wrap-ansi/node_modules/ansi-styles/package.json
lib/node_modules/wrap-ansi/node_modules/emoji-regex/
lib/node_modules/wrap-ansi/node_modules/emoji-regex/LICENSE-MIT.txt
lib/node_modules/wrap-ansi/node_modules/emoji-regex/RGI_Emoji.js
@@ -2934,10 +2987,6 @@ lib/node_modules/wrap-ansi/node_modules/
lib/node_modules/wrap-ansi/node_modules/string-width/index.js
lib/node_modules/wrap-ansi/node_modules/string-width/license
lib/node_modules/wrap-ansi/node_modules/string-width/package.json
-lib/node_modules/wrap-ansi/node_modules/strip-ansi/
-lib/node_modules/wrap-ansi/node_modules/strip-ansi/index.js
-lib/node_modules/wrap-ansi/node_modules/strip-ansi/license
-lib/node_modules/wrap-ansi/node_modules/strip-ansi/package.json
lib/node_modules/wrap-ansi/package.json
lib/node_modules/write-file-atomic/
lib/node_modules/write-file-atomic/LICENSE.md
