main/nodejs: security upgrade to 12.18.0 (!8796) · Merge requests · alpine / aports · GitLab

Tim Brust requested to merge timbru31/aports:feature/update-nodejs into master Jun 03, 2020

Node.js v12.18.0 was released to address three CVEs:

CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).

See https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V12.md#12.18.0 and https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/