From 5fbeae5fa37edfe24630984f4792de1dad6bdb01 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 24 2022 23:05:42 +0000 Subject: import nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185 --- diff --git a/.gitignore b/.gitignore index a873a8a..8692d82 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/icu4c-70_1-src.tgz -SOURCES/node-v16.14.0-stripped.tar.gz +SOURCES/node-v16.16.0-stripped.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 9c15be1..c2ce414 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,2 +1,2 @@ f7c1363edee6be7de8b624ffbb801892b3417d4e SOURCES/icu4c-70_1-src.tgz -8c33c1ca00dab24a6ce4d1100a6fbc4493d82797 SOURCES/node-v16.14.0-stripped.tar.gz +17d4c0f6337149c1171c478dbebc8c224ebd0778 SOURCES/node-v16.16.0-stripped.tar.gz diff --git a/SOURCES/0001-fix-ci-lock-file-validation.patch b/SOURCES/0001-fix-ci-lock-file-validation.patch deleted file mode 100644 index 81ff06a..0000000 --- a/SOURCES/0001-fix-ci-lock-file-validation.patch +++ /dev/null @@ -1,397 +0,0 @@ -From 730dd78c897a28c3df0468ed1fc42d5817badefe Mon Sep 17 00:00:00 2001 -From: Ruy Adorno -Date: Wed, 2 Feb 2022 22:10:22 -0500 -Subject: [PATCH] fix(ci): lock file validation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Make sure to validate any lock file (either package-lock.json or -npm-shrinkwrap.json) against the current install. This will properly -throw an error in case any of the dependencies being installed don't -match the dependencies that are currently listed in the lock file. - -Fixes: https://github.com/npm/cli/issues/2701 -Fixes: https://github.com/npm/cli/issues/3947 -Signed-off-by: Jan Staněk ---- - deps/npm/lib/commands/ci.js | 23 ++++++ - deps/npm/lib/utils/validate-lockfile.js | 29 +++++++ - .../smoke-tests/index.js.test.cjs | 11 +++ - .../test/lib/commands/ci.js.test.cjs | 13 +++ - .../lib/utils/validate-lockfile.js.test.cjs | 35 ++++++++ - deps/npm/test/lib/commands/ci.js | 82 +++++++++++++++++++ - deps/npm/test/lib/utils/validate-lockfile.js | 82 +++++++++++++++++++ - 7 files changed, 275 insertions(+) - create mode 100644 deps/npm/lib/utils/validate-lockfile.js - create mode 100644 deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs - create mode 100644 deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs - create mode 100644 deps/npm/test/lib/utils/validate-lockfile.js - -diff --git a/deps/npm/lib/commands/ci.js b/deps/npm/lib/commands/ci.js -index 2c2f8da..376a85d 100644 ---- a/deps/npm/lib/commands/ci.js -+++ b/deps/npm/lib/commands/ci.js -@@ -6,6 +6,7 @@ const runScript = require('@npmcli/run-script') - const fs = require('fs') - const readdir = util.promisify(fs.readdir) - const log = require('../utils/log-shim.js') -+const validateLockfile = require('../utils/validate-lockfile.js') - - const removeNodeModules = async where => { - const rimrafOpts = { glob: false } -@@ -55,6 +56,28 @@ class CI extends ArboristWorkspaceCmd { - }), - removeNodeModules(where), - ]) -+ -+ // retrieves inventory of packages from loaded virtual tree (lock file) -+ const virtualInventory = new Map(arb.virtualTree.inventory) -+ -+ // build ideal tree step needs to come right after retrieving the virtual -+ // inventory since it's going to erase the previous ref to virtualTree -+ await arb.buildIdealTree() -+ -+ // verifies that the packages from the ideal tree will match -+ // the same versions that are present in the virtual tree (lock file) -+ // throws a validation error in case of mismatches -+ const errors = validateLockfile(virtualInventory, arb.idealTree.inventory) -+ if (errors.length) { -+ throw new Error( -+ '`npm ci` can only install packages when your package.json and ' + -+ 'package-lock.json or npm-shrinkwrap.json are in sync. Please ' + -+ 'update your lock file with `npm install` ' + -+ 'before continuing.\n\n' + -+ errors.join('\n') + '\n' -+ ) -+ } -+ - await arb.reify(opts) - - const ignoreScripts = this.npm.config.get('ignore-scripts') -diff --git a/deps/npm/lib/utils/validate-lockfile.js b/deps/npm/lib/utils/validate-lockfile.js -new file mode 100644 -index 0000000..29161ec ---- /dev/null -+++ b/deps/npm/lib/utils/validate-lockfile.js -@@ -0,0 +1,29 @@ -+// compares the inventory of package items in the tree -+// that is about to be installed (idealTree) with the inventory -+// of items stored in the package-lock file (virtualTree) -+// -+// Returns empty array if no errors found or an array populated -+// with an entry for each validation error found. -+function validateLockfile (virtualTree, idealTree) { -+ const errors = [] -+ -+ // loops through the inventory of packages resulted by ideal tree, -+ // for each package compares the versions with the version stored in the -+ // package-lock and adds an error to the list in case of mismatches -+ for (const [key, entry] of idealTree.entries()) { -+ const lock = virtualTree.get(key) -+ -+ if (!lock) { -+ errors.push(`Missing: ${entry.name}@${entry.version} from lock file`) -+ continue -+ } -+ -+ if (entry.version !== lock.version) { -+ errors.push(`Invalid: lock file's ${lock.name}@${lock.version} does ` + -+ `not satisfy ${entry.name}@${entry.version}`) -+ } -+ } -+ return errors -+} -+ -+module.exports = validateLockfile -diff --git a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs -index c1316e0..5fa3977 100644 ---- a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs -+++ b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs -@@ -40,6 +40,17 @@ Configuration fields: npm help 7 config - - npm {CWD} - -+` -+ -+exports[`smoke-tests/index.js TAP npm ci > should throw mismatch deps in lock file error 1`] = ` -+npm ERR! \`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing. -+npm ERR! -+npm ERR! Invalid: lock file's abbrev@1.0.4 does not satisfy abbrev@1.1.1 -+npm ERR! -+ -+npm ERR! A complete log of this run can be found in: -+ -+ - ` - - exports[`smoke-tests/index.js TAP npm diff > should have expected diff output 1`] = ` -diff --git a/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs -new file mode 100644 -index 0000000..d6a7471 ---- /dev/null -+++ b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs -@@ -0,0 +1,13 @@ -+/* IMPORTANT -+ * This snapshot file is auto-generated, but designed for humans. -+ * It should be checked into source control and tracked carefully. -+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests. -+ * Make sure to inspect the output below. Do not ignore changes! -+ */ -+'use strict' -+exports[`test/lib/commands/ci.js TAP should throw error when ideal inventory mismatches virtual > must match snapshot 1`] = ` -+\`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing. -+ -+Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0 -+ -+` -diff --git a/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs -new file mode 100644 -index 0000000..98a5126 ---- /dev/null -+++ b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs -@@ -0,0 +1,35 @@ -+/* IMPORTANT -+ * This snapshot file is auto-generated, but designed for humans. -+ * It should be checked into source control and tracked carefully. -+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests. -+ * Make sure to inspect the output below. Do not ignore changes! -+ */ -+'use strict' -+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on idealTree > should have missing entries error 1`] = ` -+Array [ -+ "Missing: baz@3.0.0 from lock file", -+] -+` -+ -+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on virtualTree > should have no errors if finding virtualTree extra items 1`] = ` -+Array [] -+` -+ -+exports[`test/lib/utils/validate-lockfile.js TAP identical inventory for both idealTree and virtualTree > should have no errors on identical inventories 1`] = ` -+Array [] -+` -+ -+exports[`test/lib/utils/validate-lockfile.js TAP mismatching versions on inventory > should have errors for each mismatching version 1`] = ` -+Array [ -+ "Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0", -+ "Invalid: lock file's bar@2.0.0 does not satisfy bar@3.0.0", -+] -+` -+ -+exports[`test/lib/utils/validate-lockfile.js TAP missing virtualTree inventory > should have errors for each mismatching version 1`] = ` -+Array [ -+ "Missing: foo@1.0.0 from lock file", -+ "Missing: bar@2.0.0 from lock file", -+ "Missing: baz@3.0.0 from lock file", -+] -+` -diff --git a/deps/npm/test/lib/commands/ci.js b/deps/npm/test/lib/commands/ci.js -index 537d078..e077c99 100644 ---- a/deps/npm/test/lib/commands/ci.js -+++ b/deps/npm/test/lib/commands/ci.js -@@ -19,6 +19,17 @@ t.test('should ignore scripts with --ignore-scripts', async t => { - this.reify = () => { - REIFY_CALLED = true - } -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } - }, - }) - -@@ -99,6 +110,17 @@ t.test('should use Arborist and run-script', async t => { - this.reify = () => { - t.ok(true, 'reify is called') - } -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } - }, - rimraf: (path, ...args) => { - actualRimrafs++ -@@ -138,6 +160,17 @@ t.test('should pass flatOptions to Arborist.reify', async t => { - this.reify = async (options) => { - t.equal(options.production, true, 'should pass flatOptions to Arborist.reify') - } -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } - }, - }) - const npm = mockNpm({ -@@ -218,6 +251,17 @@ t.test('should remove existing node_modules before installing', async t => { - const nodeModules = contents.filter((path) => path.startsWith('node_modules')) - t.same(nodeModules, ['node_modules'], 'should only have the node_modules directory') - } -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } - }, - }) - -@@ -231,3 +275,41 @@ t.test('should remove existing node_modules before installing', async t => { - - await ci.exec(null) - }) -+ -+t.test('should throw error when ideal inventory mismatches virtual', async t => { -+ const CI = t.mock('../../../lib/commands/ci.js', { -+ '../../../lib/utils/reify-finish.js': async () => {}, -+ '@npmcli/run-script': ({ event }) => {}, -+ '@npmcli/arborist': function () { -+ this.loadVirtual = async () => {} -+ this.reify = () => {} -+ this.buildIdealTree = () => {} -+ this.virtualTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ]), -+ } -+ this.idealTree = { -+ inventory: new Map([ -+ ['foo', { name: 'foo', version: '2.0.0' }], -+ ]), -+ } -+ }, -+ }) -+ -+ const npm = mockNpm({ -+ globalDir: 'path/to/node_modules/', -+ prefix: 'foo', -+ config: { -+ global: false, -+ 'ignore-scripts': true, -+ }, -+ }) -+ const ci = new CI(npm) -+ -+ try { -+ await ci.exec([]) -+ } catch (err) { -+ t.matchSnapshot(err.message) -+ } -+}) -diff --git a/deps/npm/test/lib/utils/validate-lockfile.js b/deps/npm/test/lib/utils/validate-lockfile.js -new file mode 100644 -index 0000000..25939c5 ---- /dev/null -+++ b/deps/npm/test/lib/utils/validate-lockfile.js -@@ -0,0 +1,82 @@ -+const t = require('tap') -+const validateLockfile = require('../../../lib/utils/validate-lockfile.js') -+ -+t.test('identical inventory for both idealTree and virtualTree', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]), -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]) -+ ), -+ 'should have no errors on identical inventories' -+ ) -+}) -+ -+t.test('extra inventory items on idealTree', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]), -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ['baz', { name: 'baz', version: '3.0.0' }], -+ ]) -+ ), -+ 'should have missing entries error' -+ ) -+}) -+ -+t.test('extra inventory items on virtualTree', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ['baz', { name: 'baz', version: '3.0.0' }], -+ ]), -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]) -+ ), -+ 'should have no errors if finding virtualTree extra items' -+ ) -+}) -+ -+t.test('mismatching versions on inventory', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ]), -+ new Map([ -+ ['foo', { name: 'foo', version: '2.0.0' }], -+ ['bar', { name: 'bar', version: '3.0.0' }], -+ ]) -+ ), -+ 'should have errors for each mismatching version' -+ ) -+}) -+ -+t.test('missing virtualTree inventory', async t => { -+ t.matchSnapshot( -+ validateLockfile( -+ new Map([]), -+ new Map([ -+ ['foo', { name: 'foo', version: '1.0.0' }], -+ ['bar', { name: 'bar', version: '2.0.0' }], -+ ['baz', { name: 'baz', version: '3.0.0' }], -+ ]) -+ ), -+ 'should have errors for each mismatching version' -+ ) -+}) --- -2.35.1 - diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index ed02cca..b2ebdbf 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -1,9 +1,9 @@ -%global with_debug 0 +%bcond_with debug # PowerPC, s390x and aarch64 segfault during Debug builds # https://github.com/nodejs/node/issues/20642 %ifarch %{power64} s390x aarch64 -%global with_debug 0 +%bcond_with debug %endif # The following macros control the usage of dependencies bundled from upstream. @@ -30,7 +30,7 @@ # This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 5 +%global baserelease 3 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -41,7 +41,7 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 16 -%global nodejs_minor 14 +%global nodejs_minor 16 %global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h @@ -74,7 +74,7 @@ # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_major 6 %global llhttp_minor 0 -%global llhttp_patch 4 +%global llhttp_patch 7 %global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch} # libuv - from deps/uv/include/uv/version.h @@ -85,8 +85,8 @@ # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h %global nghttp2_major 1 -%global nghttp2_minor 45 -%global nghttp2_patch 1 +%global nghttp2_minor 47 +%global nghttp2_patch 0 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch} # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h @@ -134,8 +134,8 @@ # npm - from deps/npm/package.json %global npm_epoch 1 %global npm_major 8 -%global npm_minor 3 -%global npm_patch 1 +%global npm_minor 11 +%global npm_patch 0 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # uvwasi - from deps/uvwasi/include/uvwasi.h @@ -156,8 +156,6 @@ # base npm version number is increasing. %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} -# Node.js 16.9.1 and later comes with an experimental package management tool -%global corepack_version 0.10.0 Name: nodejs Epoch: %{nodejs_epoch} @@ -187,9 +185,6 @@ Source7: nodejs_native.attr # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch -# CVE-2021-43616 -Patch2: 0001-fix-ci-lock-file-validation.patch - BuildRequires: make BuildRequires: python3-devel BuildRequires: zlib-devel @@ -281,7 +276,6 @@ Provides: bundled(icu) = %{icu_version} # or there's no option to built it as a shared dependency, so we bundle them Provides: bundled(uvwasi) = %{uvwasi_version} Provides: bundled(histogram) = %{histogram_version} -Provides: bundled(corepack) = %{corepack_version} # Make sure we keep NPM up to date when we update Node.js %if 0%{?rhel} < 8 @@ -397,6 +391,7 @@ export CXX='g++' # build with debugging symbols and add defines from libuv (#892601) # Node's v8 breaks with GCC 6 because of incorrect usage of methods on # NULL objects. We need to pass -fno-delete-null-pointer-checks + extra_cflags=( -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 @@ -412,13 +407,14 @@ export LDFLAGS="%{build_ldflags}" --shared-brotli \ %{!?with_bundled:--shared-libuv} \ %{!?with_bundled:--shared-nghttp2} \ - --with-dtrace \ + %{?with_bundled:--without-dtrace}%{!?with_bundled:--with-dtrace} \ --with-intl=small-icu \ --with-icu-default-data-dir=%{icudatadir} \ + --without-corepack \ --openssl-use-def-ca-store \ --openssl-default-cipher-list=PROFILE=SYSTEM -%if %{?with_debug} == 1 +%if %{with debug} # Setting BUILDTYPE=Debug builds both release and debug binaries make BUILDTYPE=Debug %{?_smp_mflags} %else @@ -464,7 +460,7 @@ rm -rf %{buildroot} chmod 0755 %{buildroot}/%{_bindir}/node chrpath --delete %{buildroot}%{_bindir}/node -%if %{?with_debug} == 1 +%if %{with debug} # Install the debug binary and set its permissions install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g %endif @@ -526,11 +522,6 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \ chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js -# Corepack contains a number of executable"shims", including some for Windows -# PowerShell. Drop the executable bit for those so we don't pick up an -# automatic dependency on /usr/bin/pwsh that we cannot satisfy. -chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1 - # Drop the NPM default configuration in place mkdir -p %{buildroot}%{_sysconfdir} cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc @@ -554,7 +545,6 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/* %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')" # Ensure we have npm and that the version matches -# NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')" NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')" # Make sure i18n support is working @@ -633,12 +623,10 @@ end %dir %{_datadir}/systemtap/tapset %{_datadir}/systemtap/tapset/node.stp -# corepack -%{_bindir}/corepack -%{_prefix}/lib/node_modules/corepack - +%if %{without bundled} %dir %{_usr}/lib/dtrace %{_usr}/lib/dtrace/node.d +%endif %{_rpmconfigdir}/fileattrs/nodejs_native.attr %{_rpmconfigdir}/nodejs_native.req @@ -648,9 +636,7 @@ end %files devel -%if %{?with_debug} == 1 -%{_bindir}/node_g -%endif +%{?with_debug:%{_bindir}/node_g} %{_includedir}/node %{_datadir}/node/common.gypi %{_pkgdocdir}/gdbinit @@ -695,15 +681,24 @@ end %changelog -* Mon Apr 25 2022 Jan Staněk - 1:16.14.0-5 -- Unify configure calls into single command -- Refactor bootstrap-related parts -- Decouple dependency bundling from bootstrapping +* Fri Aug 05 2022 Zuzana Svetlikova - 1:16.16.0-3 +- Fix build +- Resolves: RHBZ#2111416 + +* Fri Aug 05 2022 Zuzana Svetlikova - 1:16.16.0-2 +- Refactor spec +- Resolves: RHBZ#2111416 + +* Tue Jul 26 2022 Zuzana Svetlikova - 1:16.16.0-1 +- Rebase to latest version +- Resolves: RHBZ#2106369 +- CVE fixes for CVE-2022-32212/3/4/5 +- Resolves: #2109578, #2109581, #2109584, #2109588 * Mon Apr 11 2022 Zuzana Svetlikova - 1:16.14.0-4 - Apply lock file validation fixes -- Resolves: CVE-2021-43616 -- Resolves: RHBZ#2070013 +- Resolves CVE-2021-43616 +- Resolves: RHBZ#2070012 * Mon Dec 06 2021 Zuzana Svetlikova - 1:16.13.1-3 - Resolves: RHBZ#2026329