Commit 75f22e0d authored by Mario Rodas's avatar Mario Rodas
Browse files

nodejs_18: 18.16.0 -> 18.16.1 

The following CVEs are fixed in this release:
- CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
- CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)

https://github.com/nodejs/node/releases/tag/v18.16.1
parent 805e7546

pkgs/development/web/nodejs/v18.nix

+2 −2
Original line number Diff line number Diff line
@@ -9,8 +9,8 @@ let 
in

buildNodejs {

  inherit enableNpm;

  version = "18.16.0";

  sha256 = "sha256-M9gaIz4jWlCa3aSk8iCQCNBFkZed5rPw9nwckGCT8Rg=";

  version = "18.16.1";

  sha256 = "sha256-6EBPjI2J/f336Vu7xgZr0OVxrLpY9USSWZthX77v4nI=";

  patches = [

    ./disable-darwin-v8-system-instrumentation.patch

    ./bypass-darwin-xcrun-node16.patch