Hi,
the attached patch updates lang/node to 12.22.7, fixing
CVE-2021-22959
CVE-2021-22960
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
The update affects only their http parser.
OK?
regards,
Volker
Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/node/Makefile,v
retrieving revision 1.91
diff -u -p -r1.91 Makefile
--- Makefile 7 Sep 2021 21:12:52 -0000 1.91
+++ Makefile 12 Oct 2021 19:16:13 -0000
@@ -11,12 +11,11 @@ USE_WXNEEDED = Yes
COMMENT = V8 JavaScript for clients and servers
-NODE_VERSION = v12.22.6
+NODE_VERSION = v12.22.7
PLEDGE_VER = 1.1.2
DISTFILES = node-pledge-{}${PLEDGE_VER}.tar.gz:0 \
${DISTNAME}-headers.tar.gz \
${DISTNAME}.tar.gz
-REVISION = 0
DISTNAME = node-${NODE_VERSION}
PKGNAME = ${DISTNAME:S/v//g}
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/node/distinfo,v
retrieving revision 1.54
diff -u -p -r1.54 distinfo
--- distinfo 3 Sep 2021 20:47:30 -0000 1.54
+++ distinfo 12 Oct 2021 19:16:13 -0000
@@ -1,6 +1,6 @@
SHA256 (node-pledge-1.1.2.tar.gz) = zY/JcbZ32mmtqWXXNn3/9aTh7Y3F6fAAaADDA8SYwEk=
-SHA256 (node-v12.22.6-headers.tar.gz) = habLAI3EDpej0fjjgl2LdCEOy+59DVF30bgMlC81dqg=
-SHA256 (node-v12.22.6.tar.gz) = AnY9z2UyqZcUOwPB99I1UqO9Gd3K0f0kJZVtt1lsvJw=
+SHA256 (node-v12.22.7-headers.tar.gz) = PnbTCdY+FOf8rOGORV+0pWA8O5QZpB04d59lVAV6IWc=
+SHA256 (node-v12.22.7.tar.gz) = 9+rqL5+9Cbj87sQNZKABMpKOuLVaWHwtClY1NuPaknM=
SIZE (node-pledge-1.1.2.tar.gz) = 3155
-SIZE (node-v12.22.6-headers.tar.gz) = 572706
-SIZE (node-v12.22.6.tar.gz) = 53310849
+SIZE (node-v12.22.7-headers.tar.gz) = 572450
+SIZE (node-v12.22.7.tar.gz) = 53318807
