Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: nodejs/node
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v14.17.5
Choose a base ref
...
head repository: nodejs/node
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v14.17.6
Choose a head ref
  • 5 commits
  • 424 files changed
  • 4 contributors

Commits on Aug 11, 2021

  1. Working on v14.17.6 

    PR-URL: nodejs-private/node-private#279
    @BethGriggs
    BethGriggs committed Aug 11, 2021
    Configuration menu
    Copy the full SHA
    6f4a72c View commit details
    Browse the repository at this point in the history

Commits on Aug 28, 2021

  1. deps: upgrade npm to 6.14.15 

    PR-URL: #39856
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
    @darcyclarke @MylesBorins
    darcyclarke authored and MylesBorins committed Aug 28, 2021
    Configuration menu
    Copy the full SHA
    4276984 View commit details
    Browse the repository at this point in the history

  2. deps: upgrade openssl sources to 1.1.1l 

    This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1l.tar.gz
    $ mv openssl-1.1.1l openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #39868
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
    @richardlau @MylesBorins
    richardlau authored and MylesBorins committed Aug 28, 2021
    Configuration menu
    Copy the full SHA
    7137262 View commit details
    Browse the repository at this point in the history

  3. deps: update archs files for OpenSSL-1.1.1l 

    After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #39868
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
    @richardlau @MylesBorins
    richardlau authored and MylesBorins committed Aug 28, 2021
    Configuration menu
    Copy the full SHA
    5b3f70b View commit details
    Browse the repository at this point in the history

Commits on Aug 30, 2021

  1. 2021-08-31, Version 14.17.6 'Fermium' (LTS) 

    This is a security release.

Notable changes:

These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803 (GHSA-r628-mhmh-qjhw)
and CVE-2021-32804 (GHSA-3jfq-g458-7qm9).
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.

You can read more about it in:

* CVE-2021-37701: GHSA-9r2w-394v-53qc
* CVE-2021-37712: GHSA-qq89-hq3f-393p
* CVE-2021-37713: GHSA-5955-9wpr-37jh
* CVE-2021-39134: GHSA-2h3h-q99f-3fhc
* CVE-2021-39135: GHSA-gmw6-94gg-2rc2

PR-URL: https://github.com/nodejs-private/node-private/pull/287
    @MylesBorins
    MylesBorins committed Aug 30, 2021
    Configuration menu
    Copy the full SHA
    4673ee1 View commit details
    Browse the repository at this point in the history
Loading