Security update to v18.19.1 https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/
Fixes CVE-2024-24758 (in the bundled version of undici) CVE-2024-22019 CVE-2024-21896 CVE-2024-22017 CVE-2023-46809 CVE-2024-21891 CVE-2024-21890 The diff to v18.19.0 is rather small, v8 isn't affected and none of our patches need to be updated. I built and tested on amd64 (with IBT) and arm64 (without IBT) and rebuilt www/mozilla-firefox succesfully. PLIST churn due to update of npm, as usual. ok?
Index: Makefile =================================================================== RCS file: /cvs/ports/lang/node/Makefile,v retrieving revision 1.131 diff -u -p -r1.131 Makefile --- Makefile 7 Dec 2023 17:01:26 -0000 1.131 +++ Makefile 15 Feb 2024 09:15:39 -0000 @@ -5,7 +5,7 @@ USE_WXNEEDED = Yes COMMENT = JavaScript runtime built on Chrome's V8 JavaScript engine -NODE_VERSION = v18.19.0 +NODE_VERSION = v18.19.1 PLEDGE_VER = 1.1.3 DISTFILES = ${DISTNAME}-headers.tar.gz \ ${DISTNAME}.tar.xz Index: distinfo =================================================================== RCS file: /cvs/ports/lang/node/distinfo,v retrieving revision 1.74 diff -u -p -r1.74 distinfo --- distinfo 7 Dec 2023 17:01:26 -0000 1.74 +++ distinfo 15 Feb 2024 09:15:39 -0000 @@ -1,6 +1,6 @@ SHA256 (node-pledge-1.1.3.tar.gz) = fEaXvLg6hYEJ69K+mgQFizf8DiJY2/DtyFJB/pEanVU= -SHA256 (node-v18.19.0-headers.tar.gz) = 5VgggY3FL9HPOoY4DGJEqHI74lUdl9fQdo2XFrKW4N0= -SHA256 (node-v18.19.0.tar.xz) = 9StBryBZapq9jtdSQYN+xDlFRoIhRIu/hBNh4gkYGbY= +SHA256 (node-v18.19.1-headers.tar.gz) = JrnSZiPunJa/SfEq8t34CtUfdO4hmh78TOvCl+983ps= +SHA256 (node-v18.19.1.tar.xz) = CQ+WouzeCAtrOCxtZCvKXQvkcCp4y1Vb578CsgvRbe0= SIZE (node-pledge-1.1.3.tar.gz) = 3167 -SIZE (node-v18.19.0-headers.tar.gz) = 8716497 -SIZE (node-v18.19.0.tar.xz) = 41248748 +SIZE (node-v18.19.1-headers.tar.gz) = 8716368 +SIZE (node-v18.19.1.tar.xz) = 41250068 Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/lang/node/pkg/PLIST,v retrieving revision 1.59 diff -u -p -r1.59 PLIST --- pkg/PLIST 7 Dec 2023 17:01:28 -0000 1.59 +++ pkg/PLIST 15 Feb 2024 09:15:39 -0000 @@ -105,10 +105,6 @@ lib/node_modules/@isaacs/cliui/build/lib lib/node_modules/@isaacs/cliui/build/lib/index.js lib/node_modules/@isaacs/cliui/index.mjs lib/node_modules/@isaacs/cliui/node_modules/ -lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/ -lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/index.js -lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/license -lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json lib/node_modules/@isaacs/cliui/node_modules/emoji-regex/ lib/node_modules/@isaacs/cliui/node_modules/emoji-regex/LICENSE-MIT.txt lib/node_modules/@isaacs/cliui/node_modules/emoji-regex/RGI_Emoji.js @@ -123,10 +119,6 @@ lib/node_modules/@isaacs/cliui/node_modu lib/node_modules/@isaacs/cliui/node_modules/string-width/index.js lib/node_modules/@isaacs/cliui/node_modules/string-width/license lib/node_modules/@isaacs/cliui/node_modules/string-width/package.json -lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/ -lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/index.js -lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/license -lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json lib/node_modules/@isaacs/cliui/package.json lib/node_modules/@isaacs/string-locale-compare/ lib/node_modules/@isaacs/string-locale-compare/LICENSE @@ -141,26 +133,6 @@ lib/node_modules/@npmcli/agent/lib/error lib/node_modules/@npmcli/agent/lib/index.js lib/node_modules/@npmcli/agent/lib/options.js lib/node_modules/@npmcli/agent/lib/proxy.js -lib/node_modules/@npmcli/agent/node_modules/ -lib/node_modules/@npmcli/agent/node_modules/agent-base/ -lib/node_modules/@npmcli/agent/node_modules/agent-base/dist/ -lib/node_modules/@npmcli/agent/node_modules/agent-base/dist/helpers.js -lib/node_modules/@npmcli/agent/node_modules/agent-base/dist/index.js -lib/node_modules/@npmcli/agent/node_modules/agent-base/package.json -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/ -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/LICENSE -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/dist/ -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/dist/index.js -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/package.json -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/ -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/dist/ -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/dist/index.js -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/dist/parse-proxy-response.js -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/package.json -lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/ -lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/dist/ -lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/dist/index.js -lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/package.json lib/node_modules/@npmcli/agent/package.json lib/node_modules/@npmcli/arborist/ lib/node_modules/@npmcli/arborist/LICENSE.md @@ -255,6 +227,11 @@ lib/node_modules/@npmcli/disparity-color lib/node_modules/@npmcli/disparity-colors/LICENSE lib/node_modules/@npmcli/disparity-colors/lib/ lib/node_modules/@npmcli/disparity-colors/lib/index.js +lib/node_modules/@npmcli/disparity-colors/node_modules/ +lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/ +lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/index.js +lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/license +lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/package.json lib/node_modules/@npmcli/disparity-colors/package.json lib/node_modules/@npmcli/fs/ lib/node_modules/@npmcli/fs/LICENSE.md @@ -509,6 +486,11 @@ lib/node_modules/abort-controller/dist/a lib/node_modules/abort-controller/package.json lib/node_modules/abort-controller/polyfill.js lib/node_modules/abort-controller/polyfill.mjs +lib/node_modules/agent-base/ +lib/node_modules/agent-base/dist/ +lib/node_modules/agent-base/dist/helpers.js +lib/node_modules/agent-base/dist/index.js +lib/node_modules/agent-base/package.json lib/node_modules/aggregate-error/ lib/node_modules/aggregate-error/index.js lib/node_modules/aggregate-error/license @@ -640,6 +622,15 @@ lib/node_modules/cli-columns/ lib/node_modules/cli-columns/color.js lib/node_modules/cli-columns/index.js lib/node_modules/cli-columns/license +lib/node_modules/cli-columns/node_modules/ +lib/node_modules/cli-columns/node_modules/ansi-regex/ +lib/node_modules/cli-columns/node_modules/ansi-regex/index.js +lib/node_modules/cli-columns/node_modules/ansi-regex/license +lib/node_modules/cli-columns/node_modules/ansi-regex/package.json +lib/node_modules/cli-columns/node_modules/strip-ansi/ +lib/node_modules/cli-columns/node_modules/strip-ansi/index.js +lib/node_modules/cli-columns/node_modules/strip-ansi/license +lib/node_modules/cli-columns/node_modules/strip-ansi/package.json lib/node_modules/cli-columns/package.json lib/node_modules/cli-columns/test.js lib/node_modules/cli-table3/ @@ -685,6 +676,15 @@ lib/node_modules/columnify/LICENSE lib/node_modules/columnify/Makefile lib/node_modules/columnify/columnify.js lib/node_modules/columnify/index.js +lib/node_modules/columnify/node_modules/ +lib/node_modules/columnify/node_modules/ansi-regex/ +lib/node_modules/columnify/node_modules/ansi-regex/index.js +lib/node_modules/columnify/node_modules/ansi-regex/license +lib/node_modules/columnify/node_modules/ansi-regex/package.json +lib/node_modules/columnify/node_modules/strip-ansi/ +lib/node_modules/columnify/node_modules/strip-ansi/index.js +lib/node_modules/columnify/node_modules/strip-ansi/license +lib/node_modules/columnify/node_modules/strip-ansi/package.json lib/node_modules/columnify/package.json lib/node_modules/columnify/utils.js lib/node_modules/columnify/width.js @@ -974,6 +974,15 @@ lib/node_modules/gauge/lib/template-item lib/node_modules/gauge/lib/theme-set.js lib/node_modules/gauge/lib/themes.js lib/node_modules/gauge/lib/wide-truncate.js +lib/node_modules/gauge/node_modules/ +lib/node_modules/gauge/node_modules/ansi-regex/ +lib/node_modules/gauge/node_modules/ansi-regex/index.js +lib/node_modules/gauge/node_modules/ansi-regex/license +lib/node_modules/gauge/node_modules/ansi-regex/package.json +lib/node_modules/gauge/node_modules/strip-ansi/ +lib/node_modules/gauge/node_modules/strip-ansi/index.js +lib/node_modules/gauge/node_modules/strip-ansi/license +lib/node_modules/gauge/node_modules/strip-ansi/package.json lib/node_modules/gauge/package.json lib/node_modules/glob/ lib/node_modules/glob/LICENSE @@ -1051,15 +1060,15 @@ lib/node_modules/graceful-fs/graceful-fs lib/node_modules/graceful-fs/legacy-streams.js lib/node_modules/graceful-fs/package.json lib/node_modules/graceful-fs/polyfills.js -lib/node_modules/has/ lib/node_modules/has-unicode/ lib/node_modules/has-unicode/LICENSE lib/node_modules/has-unicode/index.js lib/node_modules/has-unicode/package.json -lib/node_modules/has/LICENSE-MIT -lib/node_modules/has/package.json -lib/node_modules/has/src/ -lib/node_modules/has/src/index.js +lib/node_modules/hasown/ +lib/node_modules/hasown/LICENSE +lib/node_modules/hasown/index.js +lib/node_modules/hasown/package.json +lib/node_modules/hasown/tsconfig.json lib/node_modules/hosted-git-info/ lib/node_modules/hosted-git-info/LICENSE lib/node_modules/hosted-git-info/lib/ @@ -1072,6 +1081,16 @@ lib/node_modules/http-cache-semantics/ lib/node_modules/http-cache-semantics/LICENSE lib/node_modules/http-cache-semantics/index.js lib/node_modules/http-cache-semantics/package.json +lib/node_modules/http-proxy-agent/ +lib/node_modules/http-proxy-agent/LICENSE +lib/node_modules/http-proxy-agent/dist/ +lib/node_modules/http-proxy-agent/dist/index.js +lib/node_modules/http-proxy-agent/package.json +lib/node_modules/https-proxy-agent/ +lib/node_modules/https-proxy-agent/dist/ +lib/node_modules/https-proxy-agent/dist/index.js +lib/node_modules/https-proxy-agent/dist/parse-proxy-response.js +lib/node_modules/https-proxy-agent/package.json lib/node_modules/iconv-lite/ lib/node_modules/iconv-lite/LICENSE lib/node_modules/iconv-lite/encodings/ @@ -1290,14 +1309,12 @@ lib/node_modules/libnpmversion/package.j lib/node_modules/lru-cache/ lib/node_modules/lru-cache/LICENSE lib/node_modules/lru-cache/dist/ -lib/node_modules/lru-cache/dist/cjs/ -lib/node_modules/lru-cache/dist/cjs/index.js -lib/node_modules/lru-cache/dist/cjs/index.min.js -lib/node_modules/lru-cache/dist/cjs/package.json -lib/node_modules/lru-cache/dist/mjs/ -lib/node_modules/lru-cache/dist/mjs/index.js -lib/node_modules/lru-cache/dist/mjs/index.min.js -lib/node_modules/lru-cache/dist/mjs/package.json +lib/node_modules/lru-cache/dist/commonjs/ +lib/node_modules/lru-cache/dist/commonjs/index.js +lib/node_modules/lru-cache/dist/commonjs/package.json +lib/node_modules/lru-cache/dist/esm/ +lib/node_modules/lru-cache/dist/esm/index.js +lib/node_modules/lru-cache/dist/esm/package.json lib/node_modules/lru-cache/package.json lib/node_modules/make-fetch-happen/ lib/node_modules/make-fetch-happen/LICENSE @@ -2125,6 +2142,7 @@ lib/node_modules/npm/node_modules/@sigst lib/node_modules/npm/node_modules/@tufjs lib/node_modules/npm/node_modules/abbrev lib/node_modules/npm/node_modules/abort-controller +lib/node_modules/npm/node_modules/agent-base lib/node_modules/npm/node_modules/aggregate-error lib/node_modules/npm/node_modules/ansi-regex lib/node_modules/npm/node_modules/ansi-styles @@ -2175,10 +2193,12 @@ lib/node_modules/npm/node_modules/functi lib/node_modules/npm/node_modules/gauge lib/node_modules/npm/node_modules/glob lib/node_modules/npm/node_modules/graceful-fs -lib/node_modules/npm/node_modules/has lib/node_modules/npm/node_modules/has-unicode +lib/node_modules/npm/node_modules/hasown lib/node_modules/npm/node_modules/hosted-git-info lib/node_modules/npm/node_modules/http-cache-semantics +lib/node_modules/npm/node_modules/http-proxy-agent +lib/node_modules/npm/node_modules/https-proxy-agent lib/node_modules/npm/node_modules/iconv-lite lib/node_modules/npm/node_modules/ieee754 lib/node_modules/npm/node_modules/ignore-walk @@ -2270,6 +2290,7 @@ lib/node_modules/npm/node_modules/signal lib/node_modules/npm/node_modules/sigstore lib/node_modules/npm/node_modules/smart-buffer lib/node_modules/npm/node_modules/socks +lib/node_modules/npm/node_modules/socks-proxy-agent lib/node_modules/npm/node_modules/spdx-correct lib/node_modules/npm/node_modules/spdx-exceptions lib/node_modules/npm/node_modules/spdx-expression-parse @@ -2669,6 +2690,10 @@ lib/node_modules/smart-buffer/docs/ lib/node_modules/smart-buffer/docs/ROADMAP.md lib/node_modules/smart-buffer/package.json lib/node_modules/socks/ +lib/node_modules/socks-proxy-agent/ +lib/node_modules/socks-proxy-agent/dist/ +lib/node_modules/socks-proxy-agent/dist/index.js +lib/node_modules/socks-proxy-agent/package.json lib/node_modules/socks/LICENSE lib/node_modules/socks/build/ lib/node_modules/socks/build/client/ @@ -2720,9 +2745,27 @@ lib/node_modules/string-width/ lib/node_modules/string-width-cjs/ lib/node_modules/string-width-cjs/index.js lib/node_modules/string-width-cjs/license +lib/node_modules/string-width-cjs/node_modules/ +lib/node_modules/string-width-cjs/node_modules/ansi-regex/ +lib/node_modules/string-width-cjs/node_modules/ansi-regex/index.js +lib/node_modules/string-width-cjs/node_modules/ansi-regex/license +lib/node_modules/string-width-cjs/node_modules/ansi-regex/package.json +lib/node_modules/string-width-cjs/node_modules/strip-ansi/ +lib/node_modules/string-width-cjs/node_modules/strip-ansi/index.js +lib/node_modules/string-width-cjs/node_modules/strip-ansi/license +lib/node_modules/string-width-cjs/node_modules/strip-ansi/package.json lib/node_modules/string-width-cjs/package.json lib/node_modules/string-width/index.js lib/node_modules/string-width/license +lib/node_modules/string-width/node_modules/ +lib/node_modules/string-width/node_modules/ansi-regex/ +lib/node_modules/string-width/node_modules/ansi-regex/index.js +lib/node_modules/string-width/node_modules/ansi-regex/license +lib/node_modules/string-width/node_modules/ansi-regex/package.json +lib/node_modules/string-width/node_modules/strip-ansi/ +lib/node_modules/string-width/node_modules/strip-ansi/index.js +lib/node_modules/string-width/node_modules/strip-ansi/license +lib/node_modules/string-width/node_modules/strip-ansi/package.json lib/node_modules/string-width/package.json lib/node_modules/string_decoder/ lib/node_modules/string_decoder/LICENSE @@ -2733,6 +2776,11 @@ lib/node_modules/strip-ansi/ lib/node_modules/strip-ansi-cjs/ lib/node_modules/strip-ansi-cjs/index.js lib/node_modules/strip-ansi-cjs/license +lib/node_modules/strip-ansi-cjs/node_modules/ +lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/ +lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/index.js +lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/license +lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/package.json lib/node_modules/strip-ansi-cjs/package.json lib/node_modules/strip-ansi/index.js lib/node_modules/strip-ansi/license @@ -2908,18 +2956,23 @@ lib/node_modules/wrap-ansi/ lib/node_modules/wrap-ansi-cjs/ lib/node_modules/wrap-ansi-cjs/index.js lib/node_modules/wrap-ansi-cjs/license +lib/node_modules/wrap-ansi-cjs/node_modules/ +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/ +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/index.js +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/license +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/package.json +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/ +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/index.js +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/license +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/package.json +lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/ +lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/index.js +lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/license +lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/package.json lib/node_modules/wrap-ansi-cjs/package.json lib/node_modules/wrap-ansi/index.js lib/node_modules/wrap-ansi/license lib/node_modules/wrap-ansi/node_modules/ -lib/node_modules/wrap-ansi/node_modules/ansi-regex/ -lib/node_modules/wrap-ansi/node_modules/ansi-regex/index.js -lib/node_modules/wrap-ansi/node_modules/ansi-regex/license -lib/node_modules/wrap-ansi/node_modules/ansi-regex/package.json -lib/node_modules/wrap-ansi/node_modules/ansi-styles/ -lib/node_modules/wrap-ansi/node_modules/ansi-styles/index.js -lib/node_modules/wrap-ansi/node_modules/ansi-styles/license -lib/node_modules/wrap-ansi/node_modules/ansi-styles/package.json lib/node_modules/wrap-ansi/node_modules/emoji-regex/ lib/node_modules/wrap-ansi/node_modules/emoji-regex/LICENSE-MIT.txt lib/node_modules/wrap-ansi/node_modules/emoji-regex/RGI_Emoji.js @@ -2934,10 +2987,6 @@ lib/node_modules/wrap-ansi/node_modules/ lib/node_modules/wrap-ansi/node_modules/string-width/index.js lib/node_modules/wrap-ansi/node_modules/string-width/license lib/node_modules/wrap-ansi/node_modules/string-width/package.json -lib/node_modules/wrap-ansi/node_modules/strip-ansi/ -lib/node_modules/wrap-ansi/node_modules/strip-ansi/index.js -lib/node_modules/wrap-ansi/node_modules/strip-ansi/license -lib/node_modules/wrap-ansi/node_modules/strip-ansi/package.json lib/node_modules/wrap-ansi/package.json lib/node_modules/write-file-atomic/ lib/node_modules/write-file-atomic/LICENSE.md