On Thu, Feb 15, 2024 at 06:55:48PM +0100, Volker Schlecht wrote:
> Security update to v18.19.1
>
> https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/
>
> Fixes
> CVE-2024-24758 (in the bundled version of undici)
> CVE-2024-22019
> CVE-2024-21896
> CVE-2024-22017
> CVE-2023-46809
> CVE-2024-21891
> CVE-2024-21890
>
> The diff to v18.19.0 is rather small, v8 isn't affected and none of our
> patches
> need to be updated. I built and tested on amd64 (with IBT) and arm64 (without
> IBT) and rebuilt www/mozilla-firefox succesfully.
>
> PLIST churn due to update of npm, as usual.
>
> ok?
Builds fine and no issues on (brief) testing. ok thfr@
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/lang/node/Makefile,v
> retrieving revision 1.131
> diff -u -p -r1.131 Makefile
> --- Makefile 7 Dec 2023 17:01:26 -0000 1.131
> +++ Makefile 15 Feb 2024 09:15:39 -0000
> @@ -5,7 +5,7 @@ USE_WXNEEDED = Yes
>
> COMMENT = JavaScript runtime built on Chrome's V8 JavaScript engine
>
> -NODE_VERSION = v18.19.0
> +NODE_VERSION = v18.19.1
> PLEDGE_VER = 1.1.3
> DISTFILES = ${DISTNAME}-headers.tar.gz \
> ${DISTNAME}.tar.xz
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/lang/node/distinfo,v
> retrieving revision 1.74
> diff -u -p -r1.74 distinfo
> --- distinfo 7 Dec 2023 17:01:26 -0000 1.74
> +++ distinfo 15 Feb 2024 09:15:39 -0000
> @@ -1,6 +1,6 @@
> SHA256 (node-pledge-1.1.3.tar.gz) =
> fEaXvLg6hYEJ69K+mgQFizf8DiJY2/DtyFJB/pEanVU=
> -SHA256 (node-v18.19.0-headers.tar.gz) =
> 5VgggY3FL9HPOoY4DGJEqHI74lUdl9fQdo2XFrKW4N0=
> -SHA256 (node-v18.19.0.tar.xz) = 9StBryBZapq9jtdSQYN+xDlFRoIhRIu/hBNh4gkYGbY=
> +SHA256 (node-v18.19.1-headers.tar.gz) =
> JrnSZiPunJa/SfEq8t34CtUfdO4hmh78TOvCl+983ps=
> +SHA256 (node-v18.19.1.tar.xz) = CQ+WouzeCAtrOCxtZCvKXQvkcCp4y1Vb578CsgvRbe0=
> SIZE (node-pledge-1.1.3.tar.gz) = 3167
> -SIZE (node-v18.19.0-headers.tar.gz) = 8716497
> -SIZE (node-v18.19.0.tar.xz) = 41248748
> +SIZE (node-v18.19.1-headers.tar.gz) = 8716368
> +SIZE (node-v18.19.1.tar.xz) = 41250068
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/lang/node/pkg/PLIST,v
> retrieving revision 1.59
> diff -u -p -r1.59 PLIST
> --- pkg/PLIST 7 Dec 2023 17:01:28 -0000 1.59
> +++ pkg/PLIST 15 Feb 2024 09:15:39 -0000
> @@ -105,10 +105,6 @@ lib/node_modules/@isaacs/cliui/build/lib
> lib/node_modules/@isaacs/cliui/build/lib/index.js
> lib/node_modules/@isaacs/cliui/index.mjs
> lib/node_modules/@isaacs/cliui/node_modules/
> -lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/
> -lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/index.js
> -lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/license
> -lib/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json
> lib/node_modules/@isaacs/cliui/node_modules/emoji-regex/
> lib/node_modules/@isaacs/cliui/node_modules/emoji-regex/LICENSE-MIT.txt
> lib/node_modules/@isaacs/cliui/node_modules/emoji-regex/RGI_Emoji.js
> @@ -123,10 +119,6 @@ lib/node_modules/@isaacs/cliui/node_modu
> lib/node_modules/@isaacs/cliui/node_modules/string-width/index.js
> lib/node_modules/@isaacs/cliui/node_modules/string-width/license
> lib/node_modules/@isaacs/cliui/node_modules/string-width/package.json
> -lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/
> -lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/index.js
> -lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/license
> -lib/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json
> lib/node_modules/@isaacs/cliui/package.json
> lib/node_modules/@isaacs/string-locale-compare/
> lib/node_modules/@isaacs/string-locale-compare/LICENSE
> @@ -141,26 +133,6 @@ lib/node_modules/@npmcli/agent/lib/error
> lib/node_modules/@npmcli/agent/lib/index.js
> lib/node_modules/@npmcli/agent/lib/options.js
> lib/node_modules/@npmcli/agent/lib/proxy.js
> -lib/node_modules/@npmcli/agent/node_modules/
> -lib/node_modules/@npmcli/agent/node_modules/agent-base/
> -lib/node_modules/@npmcli/agent/node_modules/agent-base/dist/
> -lib/node_modules/@npmcli/agent/node_modules/agent-base/dist/helpers.js
> -lib/node_modules/@npmcli/agent/node_modules/agent-base/dist/index.js
> -lib/node_modules/@npmcli/agent/node_modules/agent-base/package.json
> -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/
> -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/LICENSE
> -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/dist/
> -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/dist/index.js
> -lib/node_modules/@npmcli/agent/node_modules/http-proxy-agent/package.json
> -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/
> -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/dist/
> -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/dist/index.js
> -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/dist/parse-proxy-response.js
> -lib/node_modules/@npmcli/agent/node_modules/https-proxy-agent/package.json
> -lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/
> -lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/dist/
> -lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/dist/index.js
> -lib/node_modules/@npmcli/agent/node_modules/socks-proxy-agent/package.json
> lib/node_modules/@npmcli/agent/package.json
> lib/node_modules/@npmcli/arborist/
> lib/node_modules/@npmcli/arborist/LICENSE.md
> @@ -255,6 +227,11 @@ lib/node_modules/@npmcli/disparity-color
> lib/node_modules/@npmcli/disparity-colors/LICENSE
> lib/node_modules/@npmcli/disparity-colors/lib/
> lib/node_modules/@npmcli/disparity-colors/lib/index.js
> +lib/node_modules/@npmcli/disparity-colors/node_modules/
> +lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/
> +lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/index.js
> +lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/license
> +lib/node_modules/@npmcli/disparity-colors/node_modules/ansi-styles/package.json
> lib/node_modules/@npmcli/disparity-colors/package.json
> lib/node_modules/@npmcli/fs/
> lib/node_modules/@npmcli/fs/LICENSE.md
> @@ -509,6 +486,11 @@ lib/node_modules/abort-controller/dist/a
> lib/node_modules/abort-controller/package.json
> lib/node_modules/abort-controller/polyfill.js
> lib/node_modules/abort-controller/polyfill.mjs
> +lib/node_modules/agent-base/
> +lib/node_modules/agent-base/dist/
> +lib/node_modules/agent-base/dist/helpers.js
> +lib/node_modules/agent-base/dist/index.js
> +lib/node_modules/agent-base/package.json
> lib/node_modules/aggregate-error/
> lib/node_modules/aggregate-error/index.js
> lib/node_modules/aggregate-error/license
> @@ -640,6 +622,15 @@ lib/node_modules/cli-columns/
> lib/node_modules/cli-columns/color.js
> lib/node_modules/cli-columns/index.js
> lib/node_modules/cli-columns/license
> +lib/node_modules/cli-columns/node_modules/
> +lib/node_modules/cli-columns/node_modules/ansi-regex/
> +lib/node_modules/cli-columns/node_modules/ansi-regex/index.js
> +lib/node_modules/cli-columns/node_modules/ansi-regex/license
> +lib/node_modules/cli-columns/node_modules/ansi-regex/package.json
> +lib/node_modules/cli-columns/node_modules/strip-ansi/
> +lib/node_modules/cli-columns/node_modules/strip-ansi/index.js
> +lib/node_modules/cli-columns/node_modules/strip-ansi/license
> +lib/node_modules/cli-columns/node_modules/strip-ansi/package.json
> lib/node_modules/cli-columns/package.json
> lib/node_modules/cli-columns/test.js
> lib/node_modules/cli-table3/
> @@ -685,6 +676,15 @@ lib/node_modules/columnify/LICENSE
> lib/node_modules/columnify/Makefile
> lib/node_modules/columnify/columnify.js
> lib/node_modules/columnify/index.js
> +lib/node_modules/columnify/node_modules/
> +lib/node_modules/columnify/node_modules/ansi-regex/
> +lib/node_modules/columnify/node_modules/ansi-regex/index.js
> +lib/node_modules/columnify/node_modules/ansi-regex/license
> +lib/node_modules/columnify/node_modules/ansi-regex/package.json
> +lib/node_modules/columnify/node_modules/strip-ansi/
> +lib/node_modules/columnify/node_modules/strip-ansi/index.js
> +lib/node_modules/columnify/node_modules/strip-ansi/license
> +lib/node_modules/columnify/node_modules/strip-ansi/package.json
> lib/node_modules/columnify/package.json
> lib/node_modules/columnify/utils.js
> lib/node_modules/columnify/width.js
> @@ -974,6 +974,15 @@ lib/node_modules/gauge/lib/template-item
> lib/node_modules/gauge/lib/theme-set.js
> lib/node_modules/gauge/lib/themes.js
> lib/node_modules/gauge/lib/wide-truncate.js
> +lib/node_modules/gauge/node_modules/
> +lib/node_modules/gauge/node_modules/ansi-regex/
> +lib/node_modules/gauge/node_modules/ansi-regex/index.js
> +lib/node_modules/gauge/node_modules/ansi-regex/license
> +lib/node_modules/gauge/node_modules/ansi-regex/package.json
> +lib/node_modules/gauge/node_modules/strip-ansi/
> +lib/node_modules/gauge/node_modules/strip-ansi/index.js
> +lib/node_modules/gauge/node_modules/strip-ansi/license
> +lib/node_modules/gauge/node_modules/strip-ansi/package.json
> lib/node_modules/gauge/package.json
> lib/node_modules/glob/
> lib/node_modules/glob/LICENSE
> @@ -1051,15 +1060,15 @@ lib/node_modules/graceful-fs/graceful-fs
> lib/node_modules/graceful-fs/legacy-streams.js
> lib/node_modules/graceful-fs/package.json
> lib/node_modules/graceful-fs/polyfills.js
> -lib/node_modules/has/
> lib/node_modules/has-unicode/
> lib/node_modules/has-unicode/LICENSE
> lib/node_modules/has-unicode/index.js
> lib/node_modules/has-unicode/package.json
> -lib/node_modules/has/LICENSE-MIT
> -lib/node_modules/has/package.json
> -lib/node_modules/has/src/
> -lib/node_modules/has/src/index.js
> +lib/node_modules/hasown/
> +lib/node_modules/hasown/LICENSE
> +lib/node_modules/hasown/index.js
> +lib/node_modules/hasown/package.json
> +lib/node_modules/hasown/tsconfig.json
> lib/node_modules/hosted-git-info/
> lib/node_modules/hosted-git-info/LICENSE
> lib/node_modules/hosted-git-info/lib/
> @@ -1072,6 +1081,16 @@ lib/node_modules/http-cache-semantics/
> lib/node_modules/http-cache-semantics/LICENSE
> lib/node_modules/http-cache-semantics/index.js
> lib/node_modules/http-cache-semantics/package.json
> +lib/node_modules/http-proxy-agent/
> +lib/node_modules/http-proxy-agent/LICENSE
> +lib/node_modules/http-proxy-agent/dist/
> +lib/node_modules/http-proxy-agent/dist/index.js
> +lib/node_modules/http-proxy-agent/package.json
> +lib/node_modules/https-proxy-agent/
> +lib/node_modules/https-proxy-agent/dist/
> +lib/node_modules/https-proxy-agent/dist/index.js
> +lib/node_modules/https-proxy-agent/dist/parse-proxy-response.js
> +lib/node_modules/https-proxy-agent/package.json
> lib/node_modules/iconv-lite/
> lib/node_modules/iconv-lite/LICENSE
> lib/node_modules/iconv-lite/encodings/
> @@ -1290,14 +1309,12 @@ lib/node_modules/libnpmversion/package.j
> lib/node_modules/lru-cache/
> lib/node_modules/lru-cache/LICENSE
> lib/node_modules/lru-cache/dist/
> -lib/node_modules/lru-cache/dist/cjs/
> -lib/node_modules/lru-cache/dist/cjs/index.js
> -lib/node_modules/lru-cache/dist/cjs/index.min.js
> -lib/node_modules/lru-cache/dist/cjs/package.json
> -lib/node_modules/lru-cache/dist/mjs/
> -lib/node_modules/lru-cache/dist/mjs/index.js
> -lib/node_modules/lru-cache/dist/mjs/index.min.js
> -lib/node_modules/lru-cache/dist/mjs/package.json
> +lib/node_modules/lru-cache/dist/commonjs/
> +lib/node_modules/lru-cache/dist/commonjs/index.js
> +lib/node_modules/lru-cache/dist/commonjs/package.json
> +lib/node_modules/lru-cache/dist/esm/
> +lib/node_modules/lru-cache/dist/esm/index.js
> +lib/node_modules/lru-cache/dist/esm/package.json
> lib/node_modules/lru-cache/package.json
> lib/node_modules/make-fetch-happen/
> lib/node_modules/make-fetch-happen/LICENSE
> @@ -2125,6 +2142,7 @@ lib/node_modules/npm/node_modules/@sigst
> lib/node_modules/npm/node_modules/@tufjs
> lib/node_modules/npm/node_modules/abbrev
> lib/node_modules/npm/node_modules/abort-controller
> +lib/node_modules/npm/node_modules/agent-base
> lib/node_modules/npm/node_modules/aggregate-error
> lib/node_modules/npm/node_modules/ansi-regex
> lib/node_modules/npm/node_modules/ansi-styles
> @@ -2175,10 +2193,12 @@ lib/node_modules/npm/node_modules/functi
> lib/node_modules/npm/node_modules/gauge
> lib/node_modules/npm/node_modules/glob
> lib/node_modules/npm/node_modules/graceful-fs
> -lib/node_modules/npm/node_modules/has
> lib/node_modules/npm/node_modules/has-unicode
> +lib/node_modules/npm/node_modules/hasown
> lib/node_modules/npm/node_modules/hosted-git-info
> lib/node_modules/npm/node_modules/http-cache-semantics
> +lib/node_modules/npm/node_modules/http-proxy-agent
> +lib/node_modules/npm/node_modules/https-proxy-agent
> lib/node_modules/npm/node_modules/iconv-lite
> lib/node_modules/npm/node_modules/ieee754
> lib/node_modules/npm/node_modules/ignore-walk
> @@ -2270,6 +2290,7 @@ lib/node_modules/npm/node_modules/signal
> lib/node_modules/npm/node_modules/sigstore
> lib/node_modules/npm/node_modules/smart-buffer
> lib/node_modules/npm/node_modules/socks
> +lib/node_modules/npm/node_modules/socks-proxy-agent
> lib/node_modules/npm/node_modules/spdx-correct
> lib/node_modules/npm/node_modules/spdx-exceptions
> lib/node_modules/npm/node_modules/spdx-expression-parse
> @@ -2669,6 +2690,10 @@ lib/node_modules/smart-buffer/docs/
> lib/node_modules/smart-buffer/docs/ROADMAP.md
> lib/node_modules/smart-buffer/package.json
> lib/node_modules/socks/
> +lib/node_modules/socks-proxy-agent/
> +lib/node_modules/socks-proxy-agent/dist/
> +lib/node_modules/socks-proxy-agent/dist/index.js
> +lib/node_modules/socks-proxy-agent/package.json
> lib/node_modules/socks/LICENSE
> lib/node_modules/socks/build/
> lib/node_modules/socks/build/client/
> @@ -2720,9 +2745,27 @@ lib/node_modules/string-width/
> lib/node_modules/string-width-cjs/
> lib/node_modules/string-width-cjs/index.js
> lib/node_modules/string-width-cjs/license
> +lib/node_modules/string-width-cjs/node_modules/
> +lib/node_modules/string-width-cjs/node_modules/ansi-regex/
> +lib/node_modules/string-width-cjs/node_modules/ansi-regex/index.js
> +lib/node_modules/string-width-cjs/node_modules/ansi-regex/license
> +lib/node_modules/string-width-cjs/node_modules/ansi-regex/package.json
> +lib/node_modules/string-width-cjs/node_modules/strip-ansi/
> +lib/node_modules/string-width-cjs/node_modules/strip-ansi/index.js
> +lib/node_modules/string-width-cjs/node_modules/strip-ansi/license
> +lib/node_modules/string-width-cjs/node_modules/strip-ansi/package.json
> lib/node_modules/string-width-cjs/package.json
> lib/node_modules/string-width/index.js
> lib/node_modules/string-width/license
> +lib/node_modules/string-width/node_modules/
> +lib/node_modules/string-width/node_modules/ansi-regex/
> +lib/node_modules/string-width/node_modules/ansi-regex/index.js
> +lib/node_modules/string-width/node_modules/ansi-regex/license
> +lib/node_modules/string-width/node_modules/ansi-regex/package.json
> +lib/node_modules/string-width/node_modules/strip-ansi/
> +lib/node_modules/string-width/node_modules/strip-ansi/index.js
> +lib/node_modules/string-width/node_modules/strip-ansi/license
> +lib/node_modules/string-width/node_modules/strip-ansi/package.json
> lib/node_modules/string-width/package.json
> lib/node_modules/string_decoder/
> lib/node_modules/string_decoder/LICENSE
> @@ -2733,6 +2776,11 @@ lib/node_modules/strip-ansi/
> lib/node_modules/strip-ansi-cjs/
> lib/node_modules/strip-ansi-cjs/index.js
> lib/node_modules/strip-ansi-cjs/license
> +lib/node_modules/strip-ansi-cjs/node_modules/
> +lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/
> +lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/index.js
> +lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/license
> +lib/node_modules/strip-ansi-cjs/node_modules/ansi-regex/package.json
> lib/node_modules/strip-ansi-cjs/package.json
> lib/node_modules/strip-ansi/index.js
> lib/node_modules/strip-ansi/license
> @@ -2908,18 +2956,23 @@ lib/node_modules/wrap-ansi/
> lib/node_modules/wrap-ansi-cjs/
> lib/node_modules/wrap-ansi-cjs/index.js
> lib/node_modules/wrap-ansi-cjs/license
> +lib/node_modules/wrap-ansi-cjs/node_modules/
> +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/
> +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/index.js
> +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/license
> +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/package.json
> +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/
> +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/index.js
> +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/license
> +lib/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/package.json
> +lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/
> +lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/index.js
> +lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/license
> +lib/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/package.json
> lib/node_modules/wrap-ansi-cjs/package.json
> lib/node_modules/wrap-ansi/index.js
> lib/node_modules/wrap-ansi/license
> lib/node_modules/wrap-ansi/node_modules/
> -lib/node_modules/wrap-ansi/node_modules/ansi-regex/
> -lib/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
> -lib/node_modules/wrap-ansi/node_modules/ansi-regex/license
> -lib/node_modules/wrap-ansi/node_modules/ansi-regex/package.json
> -lib/node_modules/wrap-ansi/node_modules/ansi-styles/
> -lib/node_modules/wrap-ansi/node_modules/ansi-styles/index.js
> -lib/node_modules/wrap-ansi/node_modules/ansi-styles/license
> -lib/node_modules/wrap-ansi/node_modules/ansi-styles/package.json
> lib/node_modules/wrap-ansi/node_modules/emoji-regex/
> lib/node_modules/wrap-ansi/node_modules/emoji-regex/LICENSE-MIT.txt
> lib/node_modules/wrap-ansi/node_modules/emoji-regex/RGI_Emoji.js
> @@ -2934,10 +2987,6 @@ lib/node_modules/wrap-ansi/node_modules/
> lib/node_modules/wrap-ansi/node_modules/string-width/index.js
> lib/node_modules/wrap-ansi/node_modules/string-width/license
> lib/node_modules/wrap-ansi/node_modules/string-width/package.json
> -lib/node_modules/wrap-ansi/node_modules/strip-ansi/
> -lib/node_modules/wrap-ansi/node_modules/strip-ansi/index.js
> -lib/node_modules/wrap-ansi/node_modules/strip-ansi/license
> -lib/node_modules/wrap-ansi/node_modules/strip-ansi/package.json
> lib/node_modules/wrap-ansi/package.json
> lib/node_modules/write-file-atomic/
> lib/node_modules/write-file-atomic/LICENSE.md
