diff options
| author | Myles Borins <mylesborins@github.com> | 2021-08-28 18:20:38 +0300 |
|---|---|---|
| committer | Myles Borins <mylesborins@github.com> | 2021-08-31 17:56:51 +0300 |
| commit | f172c5ad5b5ef126134f45c2626151a675dc4bf3 (patch) | |
| tree | c8598d90d7a08a4a40186069a3b16efe2c032da2 /doc/api | |
| parent | d989186cf2c357c3151f98e8a7915017a0fd94e8 (diff) | |
2021-08-31, Version 14.17.6 'Fermium' (LTS)
This is a security release.
Notable changes:
These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803 (https://github.com/advisories/GHSA-r628-mhmh-qjhw)
and CVE-2021-32804 (https://github.com/advisories/GHSA-3jfq-g458-7qm9).
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.
You can read more about it in:
* CVE-2021-37701: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
* CVE-2021-37712: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
* CVE-2021-37713: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
* CVE-2021-39134: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
* CVE-2021-39135: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
PR-URL: https://github.com/nodejs-private/node-private/pull/287
Diffstat (limited to 'doc/api')
0 files changed, 0 insertions, 0 deletions