diff --git a/.gitignore b/.gitignore index 70c83ad..b01ba47 100644 --- a/.gitignore +++ b/.gitignore @@ -1,12 +1,41 @@ -SOURCES/cjs-module-lexer-1.2.2.tar.gz -SOURCES/icu4c-71_1-src.tgz -SOURCES/node-v18.12.1-stripped.tar.gz -SOURCES/undici-5.11.0.tar.gz -SOURCES/wasi-sdk-wasi-sdk-11.tar.gz -SOURCES/wasi-sdk-wasi-sdk-14.tar.gz -/cjs-module-lexer-1.2.2.tar.gz +/node-v10.7.0-stripped.tar.gz +/node-v10.11.0-stripped.tar.gz +/node-v10.14.1-stripped.tar.gz +/node-v12.4.0-stripped.tar.gz +/node-v12.13.1-stripped.tar.gz +/node-v12.14.1-stripped.tar.gz +/node-v12.16.1-stripped.tar.gz +/node-v14.2.0-stripped.tar.gz +/icu4c-66_1-src.tgz +/node-v14.3.0-stripped.tar.gz +/icu4c-67_1-src.tgz +/node-v14.4.0-stripped.tar.gz +/node-v14.11.0-stripped.tar.gz +/node-v14.15.0-stripped.tar.gz +/node-v14.15.4-stripped.tar.gz +/node-v14.16.0-stripped.tar.gz +/node-v16.1.0-stripped.tar.gz +/icu4c-69_1-src.tgz +/node-v16.4.2-stripped.tar.gz +/node-v16.6.2-stripped.tar.gz +/node-v16.7.0-stripped.tar.gz +/node-v16.8.0-stripped.tar.gz +/node-v16.13.1-stripped.tar.gz +/node-v16.14.0-stripped.tar.gz +/icu4c-70_1-src.tgz +/node-v18.2.0-stripped.tar.gz /icu4c-71_1-src.tgz +/node-v18.6.0-stripped.tar.gz +/node-v18.8.0-stripped.tar.gz +/cjs-module-lexer-1.2.2.tar.gz +/undici-5.7.0.tar.gz +/undici-5.8.2.tar.gz +/wasi-sdk-wasi-sdk-14.tar.gz +/wasi-sdk-wasi-sdk-11.tar.gz +/node-v18.9.1-stripped.tar.gz +/undici-5.10.0.tar.gz /node-v18.12.1-stripped.tar.gz /undici-5.11.0.tar.gz -/wasi-sdk-wasi-sdk-11.tar.gz -/wasi-sdk-wasi-sdk-14.tar.gz +/node-v18.14.2-stripped.tar.gz +/icu4c-72_1-src.tgz +/undici-5.20.0.tar.gz diff --git a/0001-Disable-running-gyp-on-shared-deps.patch b/0001-Disable-running-gyp-on-shared-deps.patch index 90d5b8f..046a7e3 100644 --- a/0001-Disable-running-gyp-on-shared-deps.patch +++ b/0001-Disable-running-gyp-on-shared-deps.patch @@ -1,29 +1,18 @@ -From 2abb9e98751595936ac1c867b3f08695f5bcf22c Mon Sep 17 00:00:00 2001 -From: Zuzana Svetlikova -Date: Fri, 17 Apr 2020 12:59:44 +0200 -Subject: [PATCH] Disable running gyp on shared deps - -Signed-off-by: rpm-build ---- - Makefile | 2 +- - node.gyp | 17 ----------------- - 2 files changed, 1 insertion(+), 18 deletions(-) - diff --git a/Makefile b/Makefile -index 9c01f8f..133a3d0 100644 +index 9401346623..c9d3da24c5 100644 --- a/Makefile +++ b/Makefile -@@ -148,7 +148,7 @@ with-code-cache test-code-cache: +@@ -169,7 +169,7 @@ with-code-cache test-code-cache: $(warning '$@' target is a noop) out/Makefile: config.gypi common.gypi node.gyp \ - deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \ + deps/llhttp/llhttp.gyp \ + deps/simdutf/simdutf.gyp \ tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp - $(PYTHON) tools/gyp_node.py -f make diff --git a/node.gyp b/node.gyp -index 8f131ac..dce5fdc 100644 +index cec24aed03..13af00f40d 100644 --- a/node.gyp +++ b/node.gyp @@ -429,23 +429,6 @@ @@ -41,7 +30,7 @@ index 8f131ac..dce5fdc 100644 - 'inputs': [ '<(opensslconfig)', ], - 'outputs': [ '<(opensslconfig_internal)', ], - 'action': [ -- 'python', 'tools/copyfile.py', +- '<(python)', 'tools/copyfile.py', - '<(opensslconfig)', - '<(opensslconfig_internal)', - ], @@ -50,6 +39,3 @@ index 8f131ac..dce5fdc 100644 }], ], }, # node_core_target_name --- -2.37.3 - diff --git a/0001-fix-ci-lock-file-validation.patch b/0001-fix-ci-lock-file-validation.patch deleted file mode 100644 index 81ff06a..0000000 --- a/0001-fix-ci-lock-file-validation.patch +++ /dev/null @@ -1,397 +0,0 @@ -From 730dd78c897a28c3df0468ed1fc42d5817badefe Mon Sep 17 00:00:00 2001 -From: Ruy Adorno -Date: Wed, 2 Feb 2022 22:10:22 -0500 -Subject: [PATCH] fix(ci): lock file validation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Make sure to validate any lock file (either package-lock.json or -npm-shrinkwrap.json) against the current install. This will properly -throw an error in case any of the dependencies being installed don't -match the dependencies that are currently listed in the lock file. - -Fixes: https://github.com/npm/cli/issues/2701 -Fixes: https://github.com/npm/cli/issues/3947 -Signed-off-by: Jan Staněk ---- - deps/npm/lib/commands/ci.js | 23 ++++++ - deps/npm/lib/utils/validate-lockfile.js | 29 +++++++ - .../smoke-tests/index.js.test.cjs | 11 +++ - .../test/lib/commands/ci.js.test.cjs | 13 +++ - .../lib/utils/validate-lockfile.js.test.cjs | 35 ++++++++ - deps/npm/test/lib/commands/ci.js | 82 +++++++++++++++++++ - deps/npm/test/lib/utils/validate-lockfile.js | 82 +++++++++++++++++++ - 7 files changed, 275 insertions(+) - create mode 100644 deps/npm/lib/utils/validate-lockfile.js - create mode 100644 deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs - create mode 100644 deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs - create mode 100644 deps/npm/test/lib/utils/validate-lockfile.js - -diff --git a/deps/npm/lib/commands/ci.js b/deps/npm/lib/commands/ci.js -index 2c2f8da..376a85d 100644 ---- a/deps/npm/lib/commands/ci.js -+++ b/deps/npm/lib/commands/ci.js -@@ -6,6 +6,7 @@ const runScript = require('@npmcli/run-script') - const fs = require('fs') - const readdir = util.promisify(fs.readdir) - const log = require('../utils/log-shim.js') -+const validateLockfile = require('../utils/validate-lockfile.js') - - const removeNodeModules = async where => { - const rimrafOpts = { glob: false } -@@ -55,6 +56,28 @@ class CI extends ArboristWorkspaceCmd { - }), - removeNodeModules(where), - ]) -+ -+ // retrieves inventory of packages from loaded virtual tree (lock file) -+ const virtualInventory = new Map(arb.virtualTree.inventory) -+ -+ // build ideal tree step needs to come right after retrieving the virtual -+ // inventory since it's going to erase the previous ref to virtualTree -+ await arb.buildIdealTree() -+ -+ // verifies that the packages from the ideal tree will match -+ // the same versions that are present in the virtual tree (lock file) -+ // throws a validation error in case of mismatches -+ const errors = validateLockfile(virtualInventory, arb.idealTree.inventory) -+ if (errors.length) { -+ throw new Error( -+ '`npm ci` can only install packages when your package.json and ' + -+ 'package-lock.json or npm-shrinkwrap.json are in sync. Please ' + -+ 'update your lock file with `npm install` ' + -+ 'before continuing.\n\n' + -+ errors.join('\n') + '\n' -+ ) -+ } -+ - await arb.reify(opts) - - const ignoreScripts = this.npm.config.get('ignore-scripts') -diff --git a/deps/npm/lib/utils/validate-lockfile.js b/deps/npm/lib/utils/validate-lockfile.js -new file mode 100644 -index 0000000..29161ec ---- /dev/null -+++ b/deps/npm/lib/utils/validate-lockfile.js -@@ -0,0 +1,29 @@ -+// compares the inventory of package items in the tree -+// that is about to be installed (idealTree) with the inventory -+// of items stored in the package-lock file (virtualTree) -+// -+// Returns empty array if no errors found or an array populated -+// with an entry for each validation error found. -+function validateLockfile (virtualTree, idealTree) { -+ const errors = [] -+ -+ // loops through the inventory of packages resulted by ideal tree, -+ // for each package compares the versions with the version stored in the -+ // package-lock and adds an error to the list in case of mismatches -+ for (const [key, entry] of idealTree.entries()) { -+ const lock = virtualTree.get(key) -+ -+ if (!lock) { -+ errors.push(`Missing: ${entry.name}@${entry.version} from lock file`) -+ continue -+ } -+ -+ if (entry.version !== lock.version) { -+ errors.push(`Invalid: lock file's ${lock.name}@${lock.version} does ` + -+ `not satisfy ${entry.name}@${entry.version}`) -+ } -+ } -+ return errors -+} -+ -+module.exports = validateLockfile -diff --git a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs -index c1316e0..5fa3977 100644 ---- a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs -+++ b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs -@@ -40,6 +40,17 @@ Configuration fields: npm help 7 config - - npm {CWD} - -+` -+ -+exports[`smoke-tests/index.js TAP npm ci > should throw mismatch deps in lock file error 1`] = ` -+npm ERR! \`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing. -+npm ERR! -+npm ERR! Invalid: lock file's abbrev@1.0.4 does not satisfy abbrev@1.1.1 -+npm ERR! -+ -+npm ERR! A complete log of this run can be found in: -+ -+ - ` - - exports[`smoke-tests/index.js TAP npm diff > should have expected diff output 1`] = ` -diff --git a/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs -new file mode 100644 -index 0000000..d6a7471 ---- /dev/null -+++ b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs -@@ -0,0 +1,13 @@ -+/* IMPORTANT -+ * This snapshot file is auto-generated, but designed for humans. -+ * It should be checked into source control and tracked carefully. -+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests. -+ * Make sure to inspect the output below. Do not ignore changes! -+ */ -+'use strict' -+exports[`test/lib/commands/ci.js TAP should throw error when ideal inventory mismatches virtual > must match snapshot 1`] = ` -+\`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing. -+ -+Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0 -+ -+` -diff --git a/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs -new file mode 100644 -index 0000000..98a5126 ---- /dev/null -+++ b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs -@@ -0,0 +1,35 @@ -+/* IMPORTANT -+ * This snapshot file is auto-generated, but designed for humans. -+ * It should be checked into source control and tracked carefully. -+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests. -+ * Make sure to inspect the output below. Do not ignore changes! -+ */ -+'use strict' -+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on idealTree > should have missing entries error 1`] = ` -+Array [ -+ "Missing: baz@3.0.0 from lock file", -+] -+` -+ -+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on virtualTree > should have no errors if finding virtualTree extra items 1`] = ` -+Array [] -+` -+ -+exports[`test/lib/utils/validate-lockfile.js TAP identical inventory for both idealTree and virtualTree > should have no errors on identical inventories 1`] = ` -+Array [] -+` -+ -+exports[`test/lib/utils/validate-lockfile.js TAP mismatching versions on inventory > should have errors for each mismatching version 1`] = ` -+Array [ -+ "Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0", -+ "Invalid: lock file's bar@2.0.0 does not satisfy bar@3.0.0", -+] -+` -+ -+exports[`test/lib/utils/validate-lockfile.js TAP missing virtualTree inventory > should have errors for each mismatching version 1`] = ` -+Array [ -+ "Missing: foo@1.0.0 from lock file", -+ "Missing: bar@2.0.0 from lock file", -+ "Missing: baz@3.0.0 from lock file", -+] -+` -diff --git a/deps/npm/test/lib/commands/ci.js b/deps/npm/test/lib/commands/ci.js -index 537d078..e077c99 100644 ---- a/deps/npm/test/lib/commands/ci.js -+++ b/deps/npm/test/lib/commands/ci.js -@@ -19,6 +19,17 @@ t.test('should ignore scripts with --ignore-scripts', async t => { - this.reify = () => { - REIFY_CALLED = true - } -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } - }, - }) - -@@ -99,6 +110,17 @@ t.test('should use Arborist and run-script', async t => { - this.reify = () => { - t.ok(true, 'reify is called') - } -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } - }, - rimraf: (path, ...args) => { - actualRimrafs++ -@@ -138,6 +160,17 @@ t.test('should pass flatOptions to Arborist.reify', async t => { - this.reify = async (options) => { - t.equal(options.production, true, 'should pass flatOptions to Arborist.reify') - } -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } - }, - }) - const npm = mockNpm({ -@@ -218,6 +251,17 @@ t.test('should remove existing node_modules before installing', async t => { - const nodeModules = contents.filter((path) => path.startsWith('node_modules')) - t.same(nodeModules, ['node_modules'], 'should only have the node_modules directory') - } -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } - }, - }) - -@@ -231,3 +275,41 @@ t.test('should remove existing node_modules before installing', async t => { - - await ci.exec(null) - }) -+ -+t.test('should throw error when ideal inventory mismatches virtual', async t => { -+ const CI = t.mock('../../../lib/commands/ci.js', { -+ '../../../lib/utils/reify-finish.js': async () => {}, -+ '@npmcli/run-script': ({ event }) => {}, -+ '@npmcli/arborist': function () { -+ this.loadVirtual = async () => {} -+ this.reify = () => {} -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '2.0.0' }], -+ ]), -+ } -+ }, -+ }) -+ -+ const npm = mockNpm({ -+ globalDir: 'path/to/node_modules/', -+ prefix: 'foo', -+ config: { -+ global: false, -+ 'ignore-scripts': true, -+ }, -+ }) -+ const ci = new CI(npm) -+ -+ try { -+ await ci.exec([]) -+ } catch (err) { -+ t.matchSnapshot(err.message) -+ } -+}) -diff --git a/deps/npm/test/lib/utils/validate-lockfile.js b/deps/npm/test/lib/utils/validate-lockfile.js -new file mode 100644 -index 0000000..25939c5 ---- /dev/null -+++ b/deps/npm/test/lib/utils/validate-lockfile.js -@@ -0,0 +1,82 @@ -+const t = require('tap') -+const validateLockfile = require('../../../lib/utils/validate-lockfile.js') -+ -+t.test('identical inventory for both idealTree and virtualTree', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]), -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]) -+ ), -+ 'should have no errors on identical inventories' -+ ) -+}) -+ -+t.test('extra inventory items on idealTree', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]), -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ['baz', { name: 'baz', version: '3.0.0' }], -+ ]) -+ ), -+ 'should have missing entries error' -+ ) -+}) -+ -+t.test('extra inventory items on virtualTree', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ['baz', { name: 'baz', version: '3.0.0' }], -+ ]), -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]) -+ ), -+ 'should have no errors if finding virtualTree extra items' -+ ) -+}) -+ -+t.test('mismatching versions on inventory', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]), -+ new Map([ -+ ['foo', { name: 'foo', version: '2.0.0' }], -+ ['bar', { name: 'bar', version: '3.0.0' }], -+ ]) -+ ), -+ 'should have errors for each mismatching version' -+ ) -+}) -+ -+t.test('missing virtualTree inventory', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([]), -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ['baz', { name: 'baz', version: '3.0.0' }], -+ ]) -+ ), -+ 'should have errors for each mismatching version' -+ ) -+}) --- -2.35.1 - diff --git a/0002-Install-both-binaries-and-use-libdir.patch b/0002-Install-both-binaries-and-use-libdir.patch deleted file mode 100644 index 4abfc3e..0000000 --- a/0002-Install-both-binaries-and-use-libdir.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff --git a/configure.py b/configure.py -index 895a0869cb..791c3e4a62 100755 ---- a/configure.py -+++ b/configure.py -@@ -722,6 +722,12 @@ parser.add_argument('--shared', - help='compile shared library for embedding node in another project. ' + - '(This mode is not officially supported for regular applications)') - -+parser.add_argument('--libdir', -+ action='store', -+ dest='libdir', -+ default='lib', -+ help='a directory to install the shared library into') -+ - parser.add_argument('--without-v8-platform', - action='store_true', - dest='without_v8_platform', -@@ -1293,6 +1299,7 @@ def configure_node(o): - o['variables']['node_no_browser_globals'] = b(options.no_browser_globals) - - o['variables']['node_shared'] = b(options.shared) -+ o['variables']['libdir'] = options.libdir - node_module_version = getmoduleversion.get_version() - - if options.dest_os == 'android': -diff --git a/tools/install.py b/tools/install.py -index 045d406d84..b3ef454199 100755 ---- a/tools/install.py -+++ b/tools/install.py -@@ -121,22 +121,19 @@ def subdir_files(path, dest, action): - - def files(action): - is_windows = sys.platform == 'win32' -- output_file = 'node' - output_prefix = 'out/Release/' -+ output_libprefix = output_prefix - -- if 'false' == variables.get('node_shared'): -- if is_windows: -- output_file += '.exe' -+ if is_windows: -+ output_bin = 'node.exe' -+ output_lib = 'node.dll' - else: -- if is_windows: -- output_file += '.dll' -- else: -- output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix') -+ output_bin = 'node' -+ output_lib = 'libnode.' + variables.get('shlib_suffix') - -- if 'false' == variables.get('node_shared'): -- action([output_prefix + output_file], 'bin/' + output_file) -- else: -- action([output_prefix + output_file], 'lib/' + output_file) -+ action([output_prefix + output_bin], 'bin/' + output_bin) -+ if 'true' == variables.get('node_shared'): -+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib) - - if 'true' == variables.get('node_use_dtrace'): - action(['out/Release/node.d'], 'lib/dtrace/node.d') diff --git a/0002-deps-http-cache-semantics-Don-t-use-regex-to-trim-wh.patch b/0002-deps-http-cache-semantics-Don-t-use-regex-to-trim-wh.patch new file mode 100644 index 0000000..278ba06 --- /dev/null +++ b/0002-deps-http-cache-semantics-Don-t-use-regex-to-trim-wh.patch @@ -0,0 +1,45 @@ +From df574e2999dc6c2c38138bd0c3ec61dfafe9c929 Mon Sep 17 00:00:00 2001 +From: Kornel +Date: Fri, 27 Jan 2023 01:20:38 +0000 +Subject: [PATCH] deps(http-cache-semantics): Don't use regex to trim + whitespace + +Signed-off-by: rpm-build +--- + deps/npm/node_modules/http-cache-semantics/index.js | 6 +++--- + deps/npm/node_modules/http-cache-semantics/package.json | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/deps/npm/node_modules/http-cache-semantics/index.js b/deps/npm/node_modules/http-cache-semantics/index.js +index 4f6c2f3..39d58a7 100644 +--- a/deps/npm/node_modules/http-cache-semantics/index.js ++++ b/deps/npm/node_modules/http-cache-semantics/index.js +@@ -79,10 +79,10 @@ function parseCacheControl(header) { + + // TODO: When there is more than one value present for a given directive (e.g., two Expires header fields, multiple Cache-Control: max-age directives), + // the directive's value is considered invalid. Caches are encouraged to consider responses that have invalid freshness information to be stale +- const parts = header.trim().split(/\s*,\s*/); // TODO: lame parsing ++ const parts = header.trim().split(/,/); + for (const part of parts) { +- const [k, v] = part.split(/\s*=\s*/, 2); +- cc[k] = v === undefined ? true : v.replace(/^"|"$/g, ''); // TODO: lame unquoting ++ const [k, v] = part.split(/=/, 2); ++ cc[k.trim()] = v === undefined ? true : v.trim().replace(/^"|"$/g, ''); + } + + return cc; +diff --git a/deps/npm/node_modules/http-cache-semantics/package.json b/deps/npm/node_modules/http-cache-semantics/package.json +index 897798d..79c020a 100644 +--- a/deps/npm/node_modules/http-cache-semantics/package.json ++++ b/deps/npm/node_modules/http-cache-semantics/package.json +@@ -1,6 +1,6 @@ + { + "name": "http-cache-semantics", +- "version": "4.1.0", ++ "version": "4.1.1", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "repository": "https://github.com/kornelski/http-cache-semantics.git", + "main": "index.js", +-- +2.39.2 + diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index c190bde..0000000 --- a/gating.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- !Policy -product_versions: - - rhel-9 -decision_context: osci_compose_gate -rules: - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} diff --git a/nodejs.spec b/nodejs.spec index fc9afa8..afae4c5 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -17,7 +17,7 @@ # # create bootstrapping build with bundled deps and extra release suffix %bcond_with bootstrap -# bundle dependencies that are not available as Fedora modules +# bundle dependencies that are not available in CentOS %if %{with bootstrap} %bcond_without bundled %else @@ -41,8 +41,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 18 -%global nodejs_minor 12 -%global nodejs_patch 1 +%global nodejs_minor 14 +%global nodejs_patch 2 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 108 @@ -58,7 +58,7 @@ %global v8_major 10 %global v8_minor 2 %global v8_build 154 -%global v8_patch 15 +%global v8_patch 26 # V8 presently breaks ABI at least every x.y release while never bumping SONAME %global v8_abi %{v8_major}.%{v8_minor} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} @@ -79,13 +79,13 @@ # libuv - from deps/uv/include/uv/version.h %global libuv_major 1 -%global libuv_minor 43 -%global libuv_patch 0 +%global libuv_minor 44 +%global libuv_patch 2 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h %global nghttp2_major 1 -%global nghttp2_minor 47 +%global nghttp2_minor 51 %global nghttp2_patch 0 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch} @@ -102,7 +102,7 @@ %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch} # ICU - from tools/icu/current_ver.dep -%global icu_major 71 +%global icu_major 72 %global icu_minor 1 %global icu_version %{icu_major}.%{icu_minor} @@ -120,6 +120,12 @@ %global icu_flag full-icu %endif +# simduft from deps/simdutf/simdutf.h +%global simduft_major 2 +%global simduft_minor 0 +%global simduft_patch 7 +%global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch} + # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -133,9 +139,9 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_major 8 -%global npm_minor 19 -%global npm_patch 2 +%global npm_major 9 +%global npm_minor 5 +%global npm_patch 0 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # uvwasi - from deps/uvwasi/include/uvwasi.h @@ -197,9 +203,9 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.11.0.tar.gz -# Adjustments: rm -f undici-5.11.0/lib/llhttp/llhttp*.wasm* -Source111: undici-5.11.0.tar.gz +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.20.0.tar.gz +# Adjustments: rm -f undici-5.20.0/lib/llhttp/llhttp*.wasm* +Source111: undici-5.20.0.tar.gz # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in. # Version source: build/Dockerfile Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz @@ -299,6 +305,7 @@ Provides: bundled(icu) = %{icu_version} Provides: bundled(uvwasi) = %{uvwasi_version} Provides: bundled(histogram) = %{histogram_version} Provides: bundled(corepack) = %{corepack_version} +Provides: bundled(simduft) = %{simduft_version} # Make sure we keep NPM up to date when we update Node.js %if 0%{?rhel} < 8 @@ -388,6 +395,8 @@ The API documentation for the Node.js JavaScript runtime. # remove bundled dependencies that we aren't building rm -rf deps/zlib rm -rf deps/brotli +rm -rf deps/v8/third_party/jinja2 +rm -rf tools/inspector_protocol/jinja2 # Replace any instances of unversioned python' with python3 %if %{with python3_fixup} @@ -714,6 +723,15 @@ end %changelog +* Tue Mar 21 2023 Zuzana Svetlikova - 1:18.14.2-2 +- Provide simduft + +* Tue Mar 21 2023 Zuzana Svetlikova - 1:18.14.2-1 +- Rebase to 18.14.2 +- Resolves: #2178086 +- Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 +- Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 + * Fri Nov 18 2022 Jan Staněk - 1:18.12.1-2 - Update version of bundled histogram diff --git a/package.cfg b/package.cfg deleted file mode 100644 index ceab82f..0000000 --- a/package.cfg +++ /dev/null @@ -1,2 +0,0 @@ -[koji] -targets = master f34 f33 diff --git a/sources b/sources index 8d9356f..2040f2e 100644 --- a/sources +++ b/sources @@ -1,6 +1,6 @@ +SHA512 (node-v18.14.2-stripped.tar.gz) = 484bf91004dec6b3e60f5f01ac994a888425f68f649c80893786806e4f48e68d63f5be1e22d1ec6f57ff99edf85fecd33d86b159e3684ce89f7583d34d9e3a48 +SHA512 (icu4c-72_1-src.tgz) = 848c341b37c0ff077e34a95d92c6200d5aaddd0ee5e06134101a74e04deb08256a5e817c8aefab020986abe810b7827dd7b2169a60dacd250c298870518dcae8 +SHA512 (undici-5.20.0.tar.gz) = 75a4c164081bbc8114aceeb48680db003cb014d7f92f157d03e9a36c775606a4bede5dbba236ba1722a651ab91968cb192eeae671ec1024f826c4b452d4e20ff SHA512 (cjs-module-lexer-1.2.2.tar.gz) = e2134c4541efec2f32d5fa5fd5151511a599ecd08e85fbfc8d56cbd0f3b2a404a9b1c072a601e4237e229ed12859abf6f52201ee0f55fcd0e43f49d0017e7cd1 -SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912 -SHA512 (node-v18.12.1-stripped.tar.gz) = d9078377840d25c27f44be154de6c1da88be3feb36165b95786c8929abaf360388e070a6336821d2147a3c7972ac7707d8fe24de834e7ff2251c8a6d74e2768e -SHA512 (undici-5.11.0.tar.gz) = 28d13caae0d6fe31136e8ae74e8feb82aadeada01603b1c99d39d97183d5ed2d4594b985150d8e986259081d3dd2a467e47a6d2eb0da185df93376fee114e26a SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645