v17.9.1 proposal #43256

ruyadorno · 2022-05-30T20:41:26Z

2022-06-01, Version 17.9.1 (Current), @ruyadorno

Notable Changes

Upgrade npm to 8.11.0

Update to OpenSSL 3.0.3

This update can be treated as a security release as the issues addressed in OpenSSL 3.0.3 slightly affect Node.js 17.
See https://nodejs.org/en/blog/vulnerability/openssl-fixes-in-regular-releases-may2022/ for more information on how the May 2022 OpenSSL releases affect other Node.js release lines.

Commits

[17fef6e] - deps: upgrade npm to 8.11.0 ([email protected]) deps: upgrade npm to 8.11.0 #43210
[d0b53c0] - deps: upgrade npm to 8.10.0 ([email protected]) deps: upgrade npm to 8.10.0 #43061
[72630d1] - deps: upgrade npm to 8.9.0 (npm-robot) deps: upgrade npm to 8.9.0 #42968
[93d58c3] - deps: upgrade npm to 8.8.0 (npm-robot) deps: upgrade npm to 8.8.0 #42886
[34e6edd] - deps: upgrade npm to 8.7.0 ([email protected]) deps: upgrade npm to 8.7.0 #42744
[02f8b0c] - deps: upgrade npm to 8.6.0 (npm team) deps: upgrade npm to 8.6.0 #42550
[871eace] - deps: update archs files for quictls/openssl-3.0.3 (RafaelGSS) [v17.x] deps: update OpenSSL 3.0.3+quic #43025
[05fb807] - deps: upgrade openssl sources to quictls/openssl-3.0.3 (RafaelGSS) [v17.x] deps: update OpenSSL 3.0.3+quic #43025

This updates all sources in deps/openssl/openssl by: $ git clone [email protected]:quictls/openssl.git $ cd openssl $ git checkout openssl-3.0.3+quic $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../../../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl PR-URL: #43025 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-May/000223.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Beth Griggs <[email protected]>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl $ git commit PR-URL: #43025 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-May/000223.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Beth Griggs <[email protected]>

PR-URL: #42550 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Mestery <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Tierney Cyren <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Darshan Sen <[email protected]>

PR-URL: #42744 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

PR-URL: #42886 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Mestery <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

PR-URL: #42968 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]>

PR-URL: #43061 Reviewed-By: Ruy Adorno <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]>

PR-URL: #43210 Reviewed-By: Ruy Adorno <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Beth Griggs <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>