node.js-18.18.2

[Bruce Dubbs]

New minor version.

[martyj19]

Needs a slight adjustment to accept Python 3.12. With this change, it does build.

[Bruce Dubbs]

Fixed at commits

a149290653 Update to node.js-18.18.2
73ac81bdd4 Add a fix for node-js if Python-3.12 is installed
a768ca48ac Update to xfconf-4.18.2.
5bc7f94afd Update to libsigc++-2.12.1.
f1baf8d6ae Update to harfbuzz-8.2.2.

[ken@…]

from ​https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.18.2

The following CVEs are fixed in this release:

CVE-2023-44487: nghttp2 Security Release (High)

CVE-2023-45143: undici Security Release (High)

CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)

CVE-2023-39333: Code injection via WebAssembly export names (Low)

Details of these, and other CVEs fixed in v20.8.1 at ​https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

The first of those was fixed by updating the shipped nghttp2 to v1.57.0, so does not apply to BLFS IFF system nghttpd is used.

Reopening to belatedly flag as a security update and to raise an advisory.

[ken@…]

SA 12.0 026 created.

Something breaks the xml validation, for hte moment I cannot spot where.

[ken@…]

Error was in an older advisory.