[Snyk] Upgrade kerberos from 2.0.1 to 2.2.1 #112
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade kerberos from 2.0.1 to 2.2.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 8 versions ahead of your current version.
The recommended version was released a month ago.
Release notes
Package name: kerberos
2.2.1 (2024-12-10)
The MongoDB Node.js team is pleased to announce version 2.2.1 of the
kerberos
package!Release Notes
Bug Fixes
bindings
(#220) (b07a5d2)Documentation
We invite you to try the
kerberos
library immediately, and report any issues to the NODE project.2.2.0 (2024-09-05)
The MongoDB Node.js team is pleased to announce version 2.2.0 of the
kerberos
package!Release Notes
protect
is now an option for KerberosClient.wrap()protect
can be provided toKerberosClient.wrap()
. When configured, wrapped message will be encrypted.Thanks @ arabull for this contribution!
Features
Documentation
We invite you to try the
kerberos
library immediately, and report any issues to the NODE project.2.1.2 (2024-08-12)
The MongoDB Node.js team is pleased to announce version 2.1.2 of the
kerberos
package!Release Notes
MacOS builds reverted to use dynamic linking
We recently made runtime linking with system kerberos libraries (#165) the default for Linux and MacOS (#188) platforms due to the fact that system kerberos libraries often link against the system SSL library. However, Node.js ships with it's own SSL library, and having both loaded when they are different versions would crash the addon. Inadvertently this did not work as intended on MacOS, so we're reverting the change for that platform, other platforms are unaffected.
Bug Fixes
Documentation
We invite you to try the
kerberos
library immediately, and report any issues to the NODE project.2.1.1 (2024-07-16)
The MongoDB Node.js team is pleased to announce version 2.1.1 of the
kerberos
package!Release Notes
Fix segfault when running kerberos on systems with 1.x OpenSSL versions and Node.js 18+
Kerberos depends on OpenSSL and Node.js always bundles a copy of OpenSSL. Unfortunately an incompatiblity arises when Node's SSL version is not compatible with the version that the system kerberos library was built with.
Kerberos will now load the system library by default with runtime dynamic linking. This enables us to specify that kerberos use the SSL version it was built against (RTLD_DEEPBIND) so it does not adopt the symbols available in Node.js' address space.
Starting in Node 18+ these Node's SSL symbols are from OpenSSL 3+, whereas on RHEL 8 the system SSL library is 1.1.1k.
Add Spectre Mitigation and Control Flow Guard
On Windows only, we have added the
SpectreMitigation
and/guard:cf
flags, thanks to a contribution from @ rzhao271! If you are building on Windows yourself you may need to install Spectre-mitigated libraries for Visual Studio. Those using the prebuilds should not need any changes.MacOS universal builds
In a previous PR we made our MacOS prebuilds be universal binaries so the same build works on both M1 and Intel. This PR moves the universal build flags under a condition so that when building a static library only the platform being built for is included.
Bug Fixes
Documentation
We invite you to try the
kerberos
library immediately, and report any issues to the NODE project.2.1.1-alpha.0 (2024-06-28)
The MongoDB Node.js team is pleased to announce version 2.1.1-alpha.0 of the
kerberos
package!Release Notes
Bug Fixes
Documentation
We invite you to try the
kerberos
library immediately, and report any issues to the NODE project.The MongoDB Node.js team is pleased to announce version 2.1.0 of the kerberos package!
Features
GYP_DEFINES='kerberos_use_rtld=true' npm i --build-from-source
We invite you to try the kerberos library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 2.0.3 of the kerberos package!
Features
We invite you to try the kerberos library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 2.0.2 of the kerberos package!
Features
We invite you to try the kerberos library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 2.0.1 of the kerberos package!
Bug Fixes
We invite you to try the kerberos library immediately, and report any issues to the NODE project.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: