import nodejs-16.14.0-5.module+el8.7.0+15110+f25e9602

This commit is contained in:
CentOS Sources 2022-05-30 18:27:50 +00:00 committed by Stepan Oksanichenko
parent c9742fd2a5
commit 8480dfa089
5 changed files with 467 additions and 57 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/icu4c-69_1-src.tgz
SOURCES/node-v16.13.1-stripped.tar.gz
SOURCES/icu4c-70_1-src.tgz
SOURCES/node-v16.14.0-stripped.tar.gz

View File

@ -1,2 +1,2 @@
620a71c84428758376baa0fb81a581c3daa866ce SOURCES/icu4c-69_1-src.tgz
09e2ea9b62a6e92a73c34e2997ec237ebd04141f SOURCES/node-v16.13.1-stripped.tar.gz
f7c1363edee6be7de8b624ffbb801892b3417d4e SOURCES/icu4c-70_1-src.tgz
8c33c1ca00dab24a6ce4d1100a6fbc4493d82797 SOURCES/node-v16.14.0-stripped.tar.gz

View File

@ -0,0 +1,397 @@
From 730dd78c897a28c3df0468ed1fc42d5817badefe Mon Sep 17 00:00:00 2001
From: Ruy Adorno <ruyadorno@hotmail.com>
Date: Wed, 2 Feb 2022 22:10:22 -0500
Subject: [PATCH] fix(ci): lock file validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Make sure to validate any lock file (either package-lock.json or
npm-shrinkwrap.json) against the current install. This will properly
throw an error in case any of the dependencies being installed don't
match the dependencies that are currently listed in the lock file.
Fixes: https://github.com/npm/cli/issues/2701
Fixes: https://github.com/npm/cli/issues/3947
Signed-off-by: Jan Staněk <jstanek@redhat.com>
---
deps/npm/lib/commands/ci.js | 23 ++++++
deps/npm/lib/utils/validate-lockfile.js | 29 +++++++
.../smoke-tests/index.js.test.cjs | 11 +++
.../test/lib/commands/ci.js.test.cjs | 13 +++
.../lib/utils/validate-lockfile.js.test.cjs | 35 ++++++++
deps/npm/test/lib/commands/ci.js | 82 +++++++++++++++++++
deps/npm/test/lib/utils/validate-lockfile.js | 82 +++++++++++++++++++
7 files changed, 275 insertions(+)
create mode 100644 deps/npm/lib/utils/validate-lockfile.js
create mode 100644 deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
create mode 100644 deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
create mode 100644 deps/npm/test/lib/utils/validate-lockfile.js
diff --git a/deps/npm/lib/commands/ci.js b/deps/npm/lib/commands/ci.js
index 2c2f8da..376a85d 100644
--- a/deps/npm/lib/commands/ci.js
+++ b/deps/npm/lib/commands/ci.js
@@ -6,6 +6,7 @@ const runScript = require('@npmcli/run-script')
const fs = require('fs')
const readdir = util.promisify(fs.readdir)
const log = require('../utils/log-shim.js')
+const validateLockfile = require('../utils/validate-lockfile.js')
const removeNodeModules = async where => {
const rimrafOpts = { glob: false }
@@ -55,6 +56,28 @@ class CI extends ArboristWorkspaceCmd {
}),
removeNodeModules(where),
])
+
+ // retrieves inventory of packages from loaded virtual tree (lock file)
+ const virtualInventory = new Map(arb.virtualTree.inventory)
+
+ // build ideal tree step needs to come right after retrieving the virtual
+ // inventory since it's going to erase the previous ref to virtualTree
+ await arb.buildIdealTree()
+
+ // verifies that the packages from the ideal tree will match
+ // the same versions that are present in the virtual tree (lock file)
+ // throws a validation error in case of mismatches
+ const errors = validateLockfile(virtualInventory, arb.idealTree.inventory)
+ if (errors.length) {
+ throw new Error(
+ '`npm ci` can only install packages when your package.json and ' +
+ 'package-lock.json or npm-shrinkwrap.json are in sync. Please ' +
+ 'update your lock file with `npm install` ' +
+ 'before continuing.\n\n' +
+ errors.join('\n') + '\n'
+ )
+ }
+
await arb.reify(opts)
const ignoreScripts = this.npm.config.get('ignore-scripts')
diff --git a/deps/npm/lib/utils/validate-lockfile.js b/deps/npm/lib/utils/validate-lockfile.js
new file mode 100644
index 0000000..29161ec
--- /dev/null
+++ b/deps/npm/lib/utils/validate-lockfile.js
@@ -0,0 +1,29 @@
+// compares the inventory of package items in the tree
+// that is about to be installed (idealTree) with the inventory
+// of items stored in the package-lock file (virtualTree)
+//
+// Returns empty array if no errors found or an array populated
+// with an entry for each validation error found.
+function validateLockfile (virtualTree, idealTree) {
+ const errors = []
+
+ // loops through the inventory of packages resulted by ideal tree,
+ // for each package compares the versions with the version stored in the
+ // package-lock and adds an error to the list in case of mismatches
+ for (const [key, entry] of idealTree.entries()) {
+ const lock = virtualTree.get(key)
+
+ if (!lock) {
+ errors.push(`Missing: ${entry.name}@${entry.version} from lock file`)
+ continue
+ }
+
+ if (entry.version !== lock.version) {
+ errors.push(`Invalid: lock file's ${lock.name}@${lock.version} does ` +
+ `not satisfy ${entry.name}@${entry.version}`)
+ }
+ }
+ return errors
+}
+
+module.exports = validateLockfile
diff --git a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
index c1316e0..5fa3977 100644
--- a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
+++ b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
@@ -40,6 +40,17 @@ Configuration fields: npm help 7 config
npm {CWD}
+`
+
+exports[`smoke-tests/index.js TAP npm ci > should throw mismatch deps in lock file error 1`] = `
+npm ERR! \`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing.
+npm ERR!
+npm ERR! Invalid: lock file's abbrev@1.0.4 does not satisfy abbrev@1.1.1
+npm ERR!
+
+npm ERR! A complete log of this run can be found in:
+
+
`
exports[`smoke-tests/index.js TAP npm diff > should have expected diff output 1`] = `
diff --git a/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
new file mode 100644
index 0000000..d6a7471
--- /dev/null
+++ b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
@@ -0,0 +1,13 @@
+/* IMPORTANT
+ * This snapshot file is auto-generated, but designed for humans.
+ * It should be checked into source control and tracked carefully.
+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
+ * Make sure to inspect the output below. Do not ignore changes!
+ */
+'use strict'
+exports[`test/lib/commands/ci.js TAP should throw error when ideal inventory mismatches virtual > must match snapshot 1`] = `
+\`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing.
+
+Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0
+
+`
diff --git a/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
new file mode 100644
index 0000000..98a5126
--- /dev/null
+++ b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
@@ -0,0 +1,35 @@
+/* IMPORTANT
+ * This snapshot file is auto-generated, but designed for humans.
+ * It should be checked into source control and tracked carefully.
+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
+ * Make sure to inspect the output below. Do not ignore changes!
+ */
+'use strict'
+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on idealTree > should have missing entries error 1`] = `
+Array [
+ "Missing: baz@3.0.0 from lock file",
+]
+`
+
+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on virtualTree > should have no errors if finding virtualTree extra items 1`] = `
+Array []
+`
+
+exports[`test/lib/utils/validate-lockfile.js TAP identical inventory for both idealTree and virtualTree > should have no errors on identical inventories 1`] = `
+Array []
+`
+
+exports[`test/lib/utils/validate-lockfile.js TAP mismatching versions on inventory > should have errors for each mismatching version 1`] = `
+Array [
+ "Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0",
+ "Invalid: lock file's bar@2.0.0 does not satisfy bar@3.0.0",
+]
+`
+
+exports[`test/lib/utils/validate-lockfile.js TAP missing virtualTree inventory > should have errors for each mismatching version 1`] = `
+Array [
+ "Missing: foo@1.0.0 from lock file",
+ "Missing: bar@2.0.0 from lock file",
+ "Missing: baz@3.0.0 from lock file",
+]
+`
diff --git a/deps/npm/test/lib/commands/ci.js b/deps/npm/test/lib/commands/ci.js
index 537d078..e077c99 100644
--- a/deps/npm/test/lib/commands/ci.js
+++ b/deps/npm/test/lib/commands/ci.js
@@ -19,6 +19,17 @@ t.test('should ignore scripts with --ignore-scripts', async t => {
this.reify = () => {
REIFY_CALLED = true
}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
},
})
@@ -99,6 +110,17 @@ t.test('should use Arborist and run-script', async t => {
this.reify = () => {
t.ok(true, 'reify is called')
}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
},
rimraf: (path, ...args) => {
actualRimrafs++
@@ -138,6 +160,17 @@ t.test('should pass flatOptions to Arborist.reify', async t => {
this.reify = async (options) => {
t.equal(options.production, true, 'should pass flatOptions to Arborist.reify')
}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
},
})
const npm = mockNpm({
@@ -218,6 +251,17 @@ t.test('should remove existing node_modules before installing', async t => {
const nodeModules = contents.filter((path) => path.startsWith('node_modules'))
t.same(nodeModules, ['node_modules'], 'should only have the node_modules directory')
}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
},
})
@@ -231,3 +275,41 @@ t.test('should remove existing node_modules before installing', async t => {
await ci.exec(null)
})
+
+t.test('should throw error when ideal inventory mismatches virtual', async t => {
+ const CI = t.mock('../../../lib/commands/ci.js', {
+ '../../../lib/utils/reify-finish.js': async () => {},
+ '@npmcli/run-script': ({ event }) => {},
+ '@npmcli/arborist': function () {
+ this.loadVirtual = async () => {}
+ this.reify = () => {}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '2.0.0' }],
+ ]),
+ }
+ },
+ })
+
+ const npm = mockNpm({
+ globalDir: 'path/to/node_modules/',
+ prefix: 'foo',
+ config: {
+ global: false,
+ 'ignore-scripts': true,
+ },
+ })
+ const ci = new CI(npm)
+
+ try {
+ await ci.exec([])
+ } catch (err) {
+ t.matchSnapshot(err.message)
+ }
+})
diff --git a/deps/npm/test/lib/utils/validate-lockfile.js b/deps/npm/test/lib/utils/validate-lockfile.js
new file mode 100644
index 0000000..25939c5
--- /dev/null
+++ b/deps/npm/test/lib/utils/validate-lockfile.js
@@ -0,0 +1,82 @@
+const t = require('tap')
+const validateLockfile = require('../../../lib/utils/validate-lockfile.js')
+
+t.test('identical inventory for both idealTree and virtualTree', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ]),
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ])
+ ),
+ 'should have no errors on identical inventories'
+ )
+})
+
+t.test('extra inventory items on idealTree', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ]),
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ['baz', { name: 'baz', version: '3.0.0' }],
+ ])
+ ),
+ 'should have missing entries error'
+ )
+})
+
+t.test('extra inventory items on virtualTree', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ['baz', { name: 'baz', version: '3.0.0' }],
+ ]),
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ])
+ ),
+ 'should have no errors if finding virtualTree extra items'
+ )
+})
+
+t.test('mismatching versions on inventory', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ]),
+ new Map([
+ ['foo', { name: 'foo', version: '2.0.0' }],
+ ['bar', { name: 'bar', version: '3.0.0' }],
+ ])
+ ),
+ 'should have errors for each mismatching version'
+ )
+})
+
+t.test('missing virtualTree inventory', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([]),
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ['baz', { name: 'baz', version: '3.0.0' }],
+ ])
+ ),
+ 'should have errors for each mismatching version'
+ )
+})
--
2.35.1

View File

@ -128,7 +128,7 @@ echo "$ICUMD5 $ICUTARBALL" > icu.md5
md5sum -c icu.md5
rm -f icu.md5 SHASUMS256.txt
rhpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
rm -f node-v${version}.tar.gz

View File

@ -6,15 +6,31 @@
%global with_debug 0
%endif
# bundle dependencies that are not available as Fedora modules
# The following macros control the usage of dependencies bundled from upstream.
#
# When to use what:
# - Regular (presumably non-modular) build: use neither (the default in Fedora)
# - Early bootstrapping build that is not intended to be shipped:
# use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix
# - Build with some dependencies not avalaible in necessary versions (i.e. module build):
# use --with=bundled; will bundle deps, but do not add the suffix
#
# create bootstrapping build with bundled deps and extra release suffix
%bcond_with bootstrap
# bundle dependencies that are not available as Fedora modules
%if %{with bootstrap}
%bcond_without bundled
%else
%bcond_with bundled
%endif
%bcond_without python3_fixup
# == Master Relase ==
# This is used by both the nodejs package and the npm subpackage thar
# This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end.
%global baserelease 3
%global baserelease 5
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -25,8 +41,8 @@
# than a Fedora release lifecycle.
%global nodejs_epoch 1
%global nodejs_major 16
%global nodejs_minor 13
%global nodejs_patch 1
%global nodejs_minor 14
%global nodejs_patch 0
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 93
@ -63,7 +79,7 @@
# libuv - from deps/uv/include/uv/version.h
%global libuv_major 1
%global libuv_minor 42
%global libuv_minor 43
%global libuv_patch 0
%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
@ -86,7 +102,7 @@
%global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
# ICU - from tools/icu/current_ver.dep
%global icu_major 69
%global icu_major 70
%global icu_minor 1
%global icu_version %{icu_major}.%{icu_minor}
@ -118,14 +134,14 @@
# npm - from deps/npm/package.json
%global npm_epoch 1
%global npm_major 8
%global npm_minor 1
%global npm_patch 2
%global npm_minor 3
%global npm_patch 1
%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
# uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_major 0
%global uvwasi_minor 0
%global uvwasi_patch 11
%global uvwasi_patch 12
%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
# histogram_c - assumed from timestamps
@ -171,6 +187,9 @@ Source7: nodejs_native.attr
# Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
# CVE-2021-43616
Patch2: 0001-fix-ci-lock-file-validation.patch
BuildRequires: make
BuildRequires: python3-devel
BuildRequires: zlib-devel
@ -185,14 +204,18 @@ BuildRequires: chrpath
BuildRequires: libatomic
BuildRequires: systemtap-sdt-devel
%if %{with bootstrap}
Provides: bundled(libuv) = %{libuv_version}
Provides: bundled(nghttp2) = %{nghttp2_version}
%if %{with bundled}
Provides: bundled(libuv) = %{libuv_version}
%else
BuildRequires: libuv-devel >= 1:%{libuv_version}
Requires: libuv >= 1:%{libuv_version}
Requires: libuv >= 1:%{libuv_version}
%endif
%if %{with bundled}
Provides: bundled(nghttp2) = %{nghttp2_version}
%else
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
Requires: libnghttp2 >= %{nghttp2_version}
Requires: libnghttp2 >= %{nghttp2_version}
%endif
# Temporarily bundle llhttp because the upstream doesn't
@ -285,9 +308,7 @@ Requires: zlib-devel%{?_isa}
Requires: brotli-devel%{?_isa}
Requires: nodejs-packaging
%if %{with bootstrap}
# deps are bundled
%else
%if %{without bundled}
Requires: libuv-devel%{?_isa}
%endif
@ -376,45 +397,26 @@ export CXX='g++'
# build with debugging symbols and add defines from libuv (#892601)
# Node's v8 breaks with GCC 6 because of incorrect usage of methods on
# NULL objects. We need to pass -fno-delete-null-pointer-checks
export CFLAGS='%{optflags} \
-D_LARGEFILE_SOURCE \
-D_FILE_OFFSET_BITS=64 \
-DZLIB_CONST \
-fno-delete-null-pointer-checks'
export CXXFLAGS='%{optflags} \
-D_LARGEFILE_SOURCE \
-D_FILE_OFFSET_BITS=64 \
-DZLIB_CONST \
-fno-delete-null-pointer-checks'
# Explicit new lines in C(XX)FLAGS can break naive build scripts
export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' ' ')"
export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' ' ')"
extra_cflags=(
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64
-DZLIB_CONST
-fno-delete-null-pointer-checks
)
export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}"
export LDFLAGS="%{build_ldflags}"
%if %{with bootstrap}
%{__python3} configure.py --prefix=%{_prefix} \
--shared-openssl \
--shared-zlib \
--shared-brotli \
--with-dtrace \
--with-intl=small-icu \
--openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM
%else
%{__python3} configure.py --prefix=%{_prefix} \
--shared-openssl \
--shared-zlib \
--shared-brotli \
--shared-libuv \
--shared-nghttp2 \
%{!?with_bundled:--shared-libuv} \
%{!?with_bundled:--shared-nghttp2} \
--with-dtrace \
--with-intl=small-icu \
--with-icu-default-data-dir=%{icudatadir} \
--openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM
%endif
%if %{?with_debug} == 1
# Setting BUILDTYPE=Debug builds both release and debug binaries
@ -500,7 +502,7 @@ cp -pr deps/npm/man/* %{buildroot}%{_mandir}/
rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man
ln -sf %{_mandir} %{buildroot}%{_prefix}/lib/node_modules/npm/man
# Install Gatsby HTML documentation to %{_pkgdocdir}
# Install Gatsby HTML documentation to %%{_pkgdocdir}
cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
@ -521,7 +523,7 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \
-exec chmod -x {} \;
# The above command is a little overzealous. Add a few permissions back.
chmod 0775 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
# Corepack contains a number of executable"shims", including some for Windows
@ -677,6 +679,7 @@ end
%doc %{_mandir}/man7/config.7*
%doc %{_mandir}/man7/developers.7*
%doc %{_mandir}/man7/orgs.7*
%doc %{_mandir}/man7/logging.7*
%doc %{_mandir}/man7/registry.7*
%doc %{_mandir}/man7/removal.7*
%doc %{_mandir}/man7/scope.7*
@ -692,17 +695,27 @@ end
%changelog
* Mon Apr 25 2022 Jan Staněk <jstanek@redhat.com> - 1:16.14.0-5
- Unify configure calls into single command
- Refactor bootstrap-related parts
- Decouple dependency bundling from bootstrapping
* Mon Apr 11 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.14.0-4
- Apply lock file validation fixes
- Resolves: CVE-2021-43616
- Resolves: RHBZ#2070013
* Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-3
- Resolves: RHBZ#2027610
- Resolves: RHBZ#2026329
- Add corepack to spec
* Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-2
- Resolves: RHBZ#2027610
- Resolves: RHBZ#2026329
- Update npm version test
* Thu Dec 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-1
- Resolves: RHBZ#2027644, RHBZ#2027643, RHBZ#2027638, RHBZ#2027633
- Resolves: RHBZ#2027610
- Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920
- Resolves: RHBZ#2026329
- Rebase to LTS release and to fix multiple low and medium CVEs
* Mon Sep 13 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.8.0-1