65b89f393d
Fixes the following security vulnerabilities (in npm): - CVE-2019-16775: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation https://www.npmjs.com/advisories/1436 - CVE-2019-16776: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field https://www.npmjs.com/advisories/1434 - CVE-2019-16777: Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations https://www.npmjs.com/advisories/1437 For further details, see the upstream announcements: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| 0001-check-if-uclibc-has-backtrace-support.patch | ||
| Config.in | ||
| nodejs.hash | ||
| nodejs.mk | ||