kumquat-buildroot/package/nodejs
Peter Korsgaard a240f9da85 package/nodejs: security bump to version 16.20.0
Fixes the following security issues:

- CVE-2023-23918: Node.js Permissions policies can be bypassed via
  process.mainModule (High)

- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto
  library (Medium)

- CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA
  environment variable (Low)

- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
  injection in host headers (Medium)
  https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff

- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js
  fetch API (Low)
  https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w

For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases

Update LICENSE hash after an update of the openssl license snippet:
e7ed56f501

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-06-19 21:36:41 +02:00
..
0001-add-qemu-wrapper-support.patch
0002-check-if-uclibc-has-backtrace-support.patch
0003-include-obj-name-in-shared-intermediate.patch
0004-lib-internal-modules-cjs-loader.js-adjust-default-pa.patch
Config.in
Config.in.host
nodejs.hash package/nodejs: security bump to version 16.20.0 2023-06-19 21:36:41 +02:00
nodejs.mk package/nodejs: security bump to version 16.20.0 2023-06-19 21:36:41 +02:00
v8-qemu-wrapper.in