From 970078d0645d4996c638bac986aa11fbf8a1da15 Mon Sep 17 00:00:00 2001 From: Dawid Sowa Date: Tue, 20 Aug 2024 21:07:36 +0200 Subject: [PATCH 01/11] Update elliptic to 6.5.7 (CVE-2024-42461) In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. See https://nvd.nist.gov/vuln/detail/CVE-2024-42461 https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 084298a..88082c0 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "install": "node-gyp-build || exit 0" }, "dependencies": { - "elliptic": "^6.5.4", + "elliptic": "^6.5.7", "node-addon-api": "^5.0.0", "node-gyp-build": "^4.2.0" }, From b61963c178cf9fe030b456c6e1368065b0c3eb19 Mon Sep 17 00:00:00 2001 From: Jonathan Underwood Date: Wed, 21 Aug 2024 11:43:39 +0900 Subject: [PATCH 02/11] Bump node version to current LTS (18) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index b186f86..f852c6d 100644 --- a/Makefile +++ b/Makefile @@ -9,10 +9,10 @@ prebuildify-cross = ./node_modules/.bin/prebuildify-cross # hack, otherwise GitHub Actions for Windows: # '.' is not recognized as an internal or external command, operable program or batch file. build-addon: - $(prebuildify) --target node@14.0.0 --napi --strip && node -p "process.platform" + $(prebuildify) --target node@18.0.0 --napi --strip && node -p "process.platform" build-addon-linux: - $(prebuildify-cross) -i centos7-devtoolset7 -i alpine --target node@14.0.0 --napi --strip + $(prebuildify-cross) -i centos7-devtoolset7 -i alpine --target node@18.0.0 --napi --strip nyc = ./node_modules/.bin/nyc From 37e40f660adfe6a25243d7bed74fe432d31c869a Mon Sep 17 00:00:00 2001 From: Jonathan Underwood Date: Wed, 21 Aug 2024 11:45:48 +0900 Subject: [PATCH 03/11] Bump node version in package.json to 18 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 88082c0..dceca5a 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,7 @@ "yargs": "^15.0.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=18.0.0" }, "gypfile": true } From 8a253e34cb3402b730cd73ab93bb34f1a7efd00e Mon Sep 17 00:00:00 2001 From: Jonathan Underwood Date: Wed, 21 Aug 2024 11:49:05 +0900 Subject: [PATCH 04/11] Bump prebuildify --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index dceca5a..237785e 100644 --- a/package.json +++ b/package.json @@ -39,8 +39,8 @@ "devDependencies": { "node-gyp": "^5.0.7", "nyc": "^15.0.0", - "prebuildify": "^5.0.0", - "prebuildify-cross": "^4.0.2", + "prebuildify": "^6.0.1", + "prebuildify-cross": "^5.1.0", "standard": "^14.3.1", "tap-dot": "^2.0.0", "tape": "^4.10.1", From 4cf4d4646be03af08b5210b7ed12a146b5f239b8 Mon Sep 17 00:00:00 2001 From: Kirill Fomichev Date: Thu, 17 Oct 2024 16:53:47 +0700 Subject: [PATCH 05/11] ci linux: patch prebuildify-cross --- .github/workflows/ci.yaml | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 213971b..c0bd767 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -45,7 +45,7 @@ jobs: node-version: ${{ steps.node-version-win.outputs.version }} - name: Install dependencies - run: yarn install --ignore-scripts + run: npm install --ignore-scripts - name: Build addon if: runner.os != 'Linux' @@ -75,7 +75,7 @@ jobs: submodules: true - name: Install dependencies - run: yarn install --ignore-scripts + run: npm install --ignore-scripts - name: Download macOS addon uses: actions/download-artifact@v1 @@ -142,7 +142,7 @@ jobs: fetch-depth: 1 - name: Install dependencies - run: yarn install --ignore-scripts + run: npm install --ignore-scripts - name: Run lint command run: make lint-js diff --git a/package.json b/package.json index 237785e..3fb015e 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "node-gyp": "^5.0.7", "nyc": "^15.0.0", "prebuildify": "^6.0.1", - "prebuildify-cross": "^5.1.0", + "prebuildify-cross": "github:fanatid/prebuildify-cross#9f7af67698f06e07d42304d9813a6f19aee5812c", "standard": "^14.3.1", "tap-dot": "^2.0.0", "tape": "^4.10.1", From 4ee213ad4fc715d489ae5fe7e713795344e9d9c7 Mon Sep 17 00:00:00 2001 From: Kirill Fomichev Date: Thu, 17 Oct 2024 16:58:45 +0700 Subject: [PATCH 06/11] ci: update actions --- .github/workflows/ci.yaml | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c0bd767..62caa80 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -18,7 +18,7 @@ jobs: - windows-2019 steps: - name: Fetch code - uses: actions/checkout@v1 + uses: actions/checkout@v4 with: submodules: true @@ -59,7 +59,7 @@ jobs: run: make test-tap - name: Upload prebuilds - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v4 with: name: addon-${{ runner.os }} path: prebuilds @@ -70,7 +70,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Fetch code - uses: actions/checkout@v1 + uses: actions/checkout@v4 with: submodules: true @@ -78,17 +78,17 @@ jobs: run: npm install --ignore-scripts - name: Download macOS addon - uses: actions/download-artifact@v1 + uses: actions/download-artifact@v4 with: name: addon-macOS - name: Download Linux addon - uses: actions/download-artifact@v1 + uses: actions/download-artifact@v4 with: name: addon-Linux - name: Download Windows addon - uses: actions/download-artifact@v1 + uses: actions/download-artifact@v4 with: name: addon-Windows @@ -103,7 +103,7 @@ jobs: run: echo "::set-output name=version::$(node -p 'require("./package.json").version')" - name: Upload package - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v4 with: name: package path: secp256k1-${{ steps.pkg-version.outputs.version }}.tgz @@ -113,11 +113,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Fetch code - uses: actions/checkout@v1 + uses: actions/checkout@v4 with: fetch-depth: 1 - - uses: actions/cache@v1 + - uses: actions/cache@v4 id: cache with: path: clang @@ -137,9 +137,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Fetch code - uses: actions/checkout@v1 - with: - fetch-depth: 1 + uses: actions/checkout@v4 - name: Install dependencies run: npm install --ignore-scripts From 25437bd8818f4e085e7e39aff5cdee1386396efd Mon Sep 17 00:00:00 2001 From: Kirill Fomichev Date: Thu, 17 Oct 2024 17:02:46 +0700 Subject: [PATCH 07/11] ci: try to fix node extraction for win --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 62caa80..2238445 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -36,7 +36,7 @@ jobs: - name: Get minimal Node.js version from package.json (Windows) id: node-version-win if: runner.os == 'Windows' - run: echo "::set-output name=version::$(node -p 'require(\"./package.json\").engines.node.match(/(\d+)\..*$/)[1]')" + run: echo "::set-output name=version::$(node -p 'require("./package.json").engines.node.match(/(\d+)\..*$/)[1]')" - name: Use Node.js ${{ steps.node-version-win.outputs.version }} (Windows) if: runner.os == 'Windows' From ea88543d3cfb5d6cddf3eab71f07f90e17b55dad Mon Sep 17 00:00:00 2001 From: Kirill Fomichev Date: Thu, 17 Oct 2024 17:09:53 +0700 Subject: [PATCH 08/11] ci: rm win node version --- .github/workflows/ci.yaml | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2238445..3dc60fd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -22,27 +22,14 @@ jobs: with: submodules: true - - name: Get minimal Node.js version from package.json (Linux & macOS) - id: node-version-nix - if: runner.os != 'Windows' + - name: Get minimal Node.js version from package.json + id: node-version run: echo "::set-output name=version::$(node -p 'require("./package.json").engines.node.match(/(\d+)\..*$/)[1]')" - - name: Use Node.js ${{ steps.node-version-nix.outputs.version }} (Linux & macOS) - if: runner.os != 'Windows' + - name: Use Node.js ${{ steps.node-version.outputs.version }} uses: actions/setup-node@v1 with: - node-version: ${{ steps.node-version-nix.outputs.version }} - - - name: Get minimal Node.js version from package.json (Windows) - id: node-version-win - if: runner.os == 'Windows' - run: echo "::set-output name=version::$(node -p 'require("./package.json").engines.node.match(/(\d+)\..*$/)[1]')" - - - name: Use Node.js ${{ steps.node-version-win.outputs.version }} (Windows) - if: runner.os == 'Windows' - uses: actions/setup-node@v1 - with: - node-version: ${{ steps.node-version-win.outputs.version }} + node-version: ${{ steps.node-version.outputs.version }} - name: Install dependencies run: npm install --ignore-scripts From ff4244dd5649a4df34d12c351131a45fd9ad418b Mon Sep 17 00:00:00 2001 From: Kirill Fomichev Date: Thu, 17 Oct 2024 17:15:51 +0700 Subject: [PATCH 09/11] ci: update node action --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3dc60fd..651fcde 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -27,7 +27,7 @@ jobs: run: echo "::set-output name=version::$(node -p 'require("./package.json").engines.node.match(/(\d+)\..*$/)[1]')" - name: Use Node.js ${{ steps.node-version.outputs.version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@v4 with: node-version: ${{ steps.node-version.outputs.version }} From 040a95a47d3808f9fd2d7cadf611bc0fa61a9c52 Mon Sep 17 00:00:00 2001 From: Kirill Fomichev Date: Thu, 17 Oct 2024 20:27:37 +0700 Subject: [PATCH 10/11] deps: update node-gyp to =10.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3fb015e..00881bf 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "node-gyp-build": "^4.2.0" }, "devDependencies": { - "node-gyp": "^5.0.7", + "node-gyp": "=10.1.0", "nyc": "^15.0.0", "prebuildify": "^6.0.1", "prebuildify-cross": "github:fanatid/prebuildify-cross#9f7af67698f06e07d42304d9813a6f19aee5812c", From 9c339f46a34472a2addc56ed0966af14987d6561 Mon Sep 17 00:00:00 2001 From: Kirill Fomichev Date: Thu, 17 Oct 2024 20:44:13 +0700 Subject: [PATCH 11/11] ci: fix download artifacts --- .github/workflows/ci.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 651fcde..ff5c658 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -80,7 +80,11 @@ jobs: name: addon-Windows - name: Move addons to one folder - run: mkdir prebuilds && mv ./addon-*/* ./prebuilds/ + run: | + mkdir prebuilds + mv darwin-arm64 prebuilds + mv linux-x64 prebuilds + mv win32-x64 prebuilds - name: Build package run: make package