On Fri, Feb 17, 2023 at 04:07:36PM +0100, Volker Schlecht wrote: > nodejs published a security release yesterday. > > The fixes relevant for the OpenBSD port are: > > * Node.js Permissions policies can be bypassed via process.mainModule (High) > (CVE-2023-23918) > * Node.js OpenSSL error handling issues in nodejs crypto library (Medium) > (CVE-2023-23919) > * Fetch API in Node.js did not protect against CRLF injection in host > headers (Medium) (CVE-2023-23936) > * Regular Expression Denial of Service in Headers in Node.js fetch API(Low) > (CVE-2023-24807) > > Note: It might be a good idea to have a look at whether it makes sense to > apply the equivalent of https://github.com/nodejs/node/commit/8393ebc72d to > textproc/icu4c (Cc: Maintainer aja@)
Look at the port, it's already the case.
