[Snyk] Upgrade kerberos from 2.0.1 to 2.2.0 #104
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade kerberos from 2.0.1 to 2.2.0. See this package in npm: kerberos See this project in Snyk: https://app.snyk.io/org/mednoun/project/94236254-5d7f-48e7-90bc-5d1bf4b4ce57?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade kerberos from 2.0.1 to 2.2.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 7 versions ahead of your current version.
The recommended version was released on 22 days ago.
Release notes
Package name: kerberos
-
2.2.0 - 2024-09-11
- NODE-6333: Allow callers to specify the 'protect' flag (#198) (515f4bf)
- Changelog
-
2.1.2 - 2024-08-12
- NODE-6320: macos runtime linking name conflict with SSL (#193) (d382b56)
- Changelog
-
2.1.1 - 2024-08-06
- MONGOSH-1808: only build universal macos binaries when creating loadable_library (#186) (ec3ab7a)
- NODE-6253: use runtime linking against system kerberos libraries by default (#188) (04044d2)
- NODE-6265: add Spectre Mitigation and CFG (#190) (54b9799)
- NODE-6108: allow building from source on latest Node.js 20.x (#172) (c1f7aca)
- Changelog
-
2.1.1-alpha.0 - 2024-06-28
- release versioning (#184) (a39dfcb)
- Changelog
-
2.1.0 - 2023-11-21
- NODE-5746: The kerberos library now provides the ability to build from source to use a runtime linked system kerberos library. To enable this flag use
-
2.0.3 - 2023-09-12
- NODE-5600: Resolves glibc compatibility issues. This fixes issues installing 2.0.2 on Node 16 due to the glibc requirement being too high.
-
2.0.2 - 2023-08-29
- NODE-5505: Resolves compiler warnings and downstream BinSkim issues, fixes string length casts on username.
-
2.0.1 - 2022-07-14
- NODE-4297: Update version of prebuild-install to v7.1.1
from kerberos GitHub release notes2.2.0 (2024-09-05)
The MongoDB Node.js team is pleased to announce version 2.2.0 of the
kerberospackage!Release Notes
protectis now an option for KerberosClient.wrap()protectcan be provided toKerberosClient.wrap(). When configured, wrapped message will be encrypted.Thanks @ arabull for this contribution!
Features
Documentation
We invite you to try the
kerberoslibrary immediately, and report any issues to the NODE project.2.1.2 (2024-08-12)
The MongoDB Node.js team is pleased to announce version 2.1.2 of the
kerberospackage!Release Notes
MacOS builds reverted to use dynamic linking
We recently made runtime linking with system kerberos libraries (#165) the default for Linux and MacOS (#188) platforms due to the fact that system kerberos libraries often link against the system SSL library. However, Node.js ships with it's own SSL library, and having both loaded when they are different versions would crash the addon. Inadvertently this did not work as intended on MacOS, so we're reverting the change for that platform, other platforms are unaffected.
Bug Fixes
Documentation
We invite you to try the
kerberoslibrary immediately, and report any issues to the NODE project.2.1.1 (2024-07-16)
The MongoDB Node.js team is pleased to announce version 2.1.1 of the
kerberospackage!Release Notes
Fix segfault when running kerberos on systems with 1.x OpenSSL versions and Node.js 18+
Kerberos depends on OpenSSL and Node.js always bundles a copy of OpenSSL. Unfortunately an incompatiblity arises when Node's SSL version is not compatible with the version that the system kerberos library was built with.
Kerberos will now load the system library by default with runtime dynamic linking. This enables us to specify that kerberos use the SSL version it was built against (RTLD_DEEPBIND) so it does not adopt the symbols available in Node.js' address space.
Starting in Node 18+ these Node's SSL symbols are from OpenSSL 3+, whereas on RHEL 8 the system SSL library is 1.1.1k.
Add Spectre Mitigation and Control Flow Guard
On Windows only, we have added the
SpectreMitigationand/guard:cfflags, thanks to a contribution from @ rzhao271! If you are building on Windows yourself you may need to install Spectre-mitigated libraries for Visual Studio. Those using the prebuilds should not need any changes.MacOS universal builds
In a previous PR we made our MacOS prebuilds be universal binaries so the same build works on both M1 and Intel. This PR moves the universal build flags under a condition so that when building a static library only the platform being built for is included.
Bug Fixes
Documentation
We invite you to try the
kerberoslibrary immediately, and report any issues to the NODE project.2.1.1-alpha.0 (2024-06-28)
The MongoDB Node.js team is pleased to announce version 2.1.1-alpha.0 of the
kerberospackage!Release Notes
Bug Fixes
Documentation
We invite you to try the
kerberoslibrary immediately, and report any issues to the NODE project.The MongoDB Node.js team is pleased to announce version 2.1.0 of the kerberos package!
Features
GYP_DEFINES='kerberos_use_rtld=true' npm i --build-from-sourceWe invite you to try the kerberos library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 2.0.3 of the kerberos package!
Features
We invite you to try the kerberos library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 2.0.2 of the kerberos package!
Features
We invite you to try the kerberos library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 2.0.1 of the kerberos package!
Bug Fixes
We invite you to try the kerberos library immediately, and report any issues to the NODE project.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: