Opened 3 months ago
Closed 3 months ago
Last modified 3 months ago
New point version.
For the moment, it looks as if the sed is still needed for building with system c-ares. The issue https://github.com/nodejs/node/pull/39739 was closed because upstream node thought the header from c-ares should be promoted to an interface and made public. That has apparently been done in c-ares https://github.com/c-ares/c-ares/pull/417 but there is not yet any new c-ares release.
2021-08-31, Version 14.17.6 'Fermium' (LTS), @MylesBorins
This is a security release.
These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.
You can read more about it in:
[5b3f70bfb5] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #39868
[71372625ae] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #39868
 - deps: upgrade npm to 6.14.15 (Darcy Clarke) #39856
Fixed at fef4473a627895d5ff53145ceacbe37ed96d6c39
I'll file an SA after I get up tomorrow.
SA filed (11.0-001)
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2021 Gerard Beekmans.