community/nodejs-current: security upgrade to 13.11.0
Refs
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V13.md#13.8.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V13.md#13.9.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V13.md#13.10.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V13.md#13.10.1
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V13.md#13.11.0
There's security concerns in 13.4.0 https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
Closes !2674 (closed)
- CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
- CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
- CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.
Edited by Andy Postnikov