Commit 805e7546 authored by Mario Rodas's avatar Mario Rodas
Browse files

nodejs_16: 16.20.0 -> 16.20.1 

The following CVEs are fixed in this release:
- CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
- CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)

https://github.com/nodejs/node/releases/tag/v16.20.1
parent f96d41e4

pkgs/development/web/nodejs/v16.nix

+2 −2
Original line number Diff line number Diff line
@@ -10,8 +10,8 @@ let 
in

  buildNodejs {

    inherit enableNpm;

    version = "16.20.0";

    sha256 = "sha256-4JkPmSI05ApR/hH5LDgWyTp34bCBFF0912LNECY0U0k=";

    version = "16.20.1";

    sha256 = "sha256-g+AzgeJx8aVhkYjnrqnYXZt+EvW+KijOt41ySe0it/E=";

    patches = [

      ./disable-darwin-v8-system-instrumentation.patch

      ./bypass-darwin-xcrun-node16.patch