Skip to content

main/nodejs: security upgrade to 12.18.0

Tim Brust requested to merge timbru31/aports:feature/update-nodejs into master

Node.js v12.18.0 was released to address three CVEs:

  • CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
  • CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
  • CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).

See https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V12.md#12.18.0 and https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/

@jirutka

Merge request reports

Loading