github balena-io/open-balena v4.1.19
on GitHub

latest releases: v4.1.223, v4.1.222, v4.1.221...
4 months ago

Update dependency balena-io/balena-cli to v18.2.19

Notable changes

-actions/setup-node (actions/setup-node)

  • patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
  • minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]
    -balena-io-modules/etcher-sdk (etcher-sdk)
  • patch: use http2 to fix issues with url source [Edwin Joassart]
  • patch: remove CI workaround [Edwin Joassart]
  • patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]
    -dominictarr/event-stream (event-stream)
  • Removed support for Node versions 11 and below.
  • The verify() function no longer accepts unsigned tokens by default. ([8345030]auth0/node-jsonwebtoken@8345030)
  • RSA key size must be 2048 bits or greater. ([ecdf6cc]auth0/node-jsonwebtoken@ecdf6cc)
  • Key types must be valid for the signing / verification algorithm
  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
    -auth0/node-jsonwebtoken (jsonwebtoken)
balena-io/balena-cli (balena-io/balena-cli)

v18.2.19

Compare Source

93e597a (Remove unused package publish-release, 2024-07-05)

v18.2.18

Compare Source

Update actions/setup-node action to v4

Notable changes
actions/setup-node (actions/setup-node)
v4

Compare Source

List of commits

c30a1dc (Update actions/setup-node action to v4, 2024-07-02)

v18.2.17

Compare Source

Update dependency etcher-sdk to v9.1.0

Notable changes
  • patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
  • minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]
balena-io-modules/etcher-sdk (etcher-sdk)
v9.1.0

Compare Source

  • patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
  • minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]
List of commits

2d47eb5 (Update dependency etcher-sdk to v9.1.0, 2024-07-02)

v18.2.16

Compare Source

Update dependency etcher-sdk to v9.0.11

Notable changes
  • patch: use http2 to fix issues with url source [Edwin Joassart]
  • patch: remove CI workaround [Edwin Joassart]
  • patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]
balena-io-modules/etcher-sdk (etcher-sdk)
v9.0.11

Compare Source

  • patch: use http2 to fix issues with url source [Edwin Joassart]
v9.0.10

Compare Source

  • patch: remove CI workaround [Edwin Joassart]
v9.0.9

Compare Source

  • patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]
List of commits

6b56576 (Update dependency etcher-sdk to v9.0.11, 2024-07-02)

v18.2.15

Compare Source

Update dependency event-stream to v3.3.5

Notable changes
dominictarr/event-stream (event-stream)
v3.3.5

Compare Source

List of commits

b518067 (Update dependency event-stream to v3.3.5, 2024-07-02)

v18.2.14

Compare Source

Update dependency jsonwebtoken to v9 [SECURITY]

Notable changes
  • Removed support for Node versions 11 and below.
  • The verify() function no longer accepts unsigned tokens by default. ([8345030]auth0/node-jsonwebtoken@8345030)
  • RSA key size must be 2048 bits or greater. ([ecdf6cc]auth0/node-jsonwebtoken@ecdf6cc)
  • Key types must be valid for the signing / verification algorithm
  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
auth0/node-jsonwebtoken (jsonwebtoken)
v9.0.0

Compare Source

Breaking changes: See Migration from v8 to v9

Breaking changes
Security fixes
  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
List of commits

f05e499 (Update dependency jsonwebtoken to v9 [SECURITY], 2024-07-02)

v18.2.13

Compare Source

14e1255 (Update dependency @​types/prettyjson to ^0.0.33, 2024-07-02)

v18.2.12

Compare Source

7325e8d (Deduplicate dependencies, 2024-07-01)

v18.2.11

Compare Source

a29bd8d (Update dependency @​types/fast-levenshtein to v0.0.4, 2024-06-21)

List of commits

dc7fd06 (Update dependency balena-io/balena-cli to v18.2.19, 2024-07-05)

Check out latest releases or
releases around balena-io/open-balena v4.1.19

Don't miss a new open-balena release

NewReleases is sending notifications on new releases.

Get notifications