——————————————————————————–
Fedora Update Notification
FEDORA-2020-595ce5e3cc
2020-01-24 17:07:54.394618
——————————————————————————–

Name : nodejs
Product : Fedora 31
Version : 12.14.1
Release : 3.fc31
URL : http://nodejs.org/
Summary : JavaScript runtime
Description :
Node.js is a platform built on Chrome’s JavaScript runtime
for easily building fast, scalable network applications.
Node.js uses an event-driven, non-blocking I/O model that
makes it lightweight and efficient, perfect for data-intensive
real-time applications that run across distributed devices.

——————————————————————————–
Update Information:

Update to 12.14.1 Add new subpackage `nodejs-full-i18n` to provide non-English
locale and Unicode support.
——————————————————————————–
ChangeLog:

* Mon Jan 13 2020 Stephen Gallagher <sgallagh@redhat.com> – 1:12.14.1-3
– Fix issue with header symlinks in v8-devel
* Tue Jan 7 2020 Stephen Gallagher <sgallagh@redhat.com> – 1:12.14.1-2
– Drop unneeded dependency on http-parser-devel
* Tue Jan 7 2020 Stephen Gallagher <sgallagh@redhat.com> – 1:12.14.1-1
– Update to 12.14.1
– https://github.com/nodejs/node/blob/v12.14.1/doc/changelogs/CHANGELOG_V12.md
* Mon Jan 6 2020 Stephen Gallagher <sgallagh@redhat.com> – 1:12.14.0-2
– Update to 12.14.0
– https://github.com/nodejs/node/blob/v12.14.0/doc/changelogs/CHANGELOG_V12.md
– Add new subpackage nodejs-full-i18n to enable optional non-English locale
support
– Update documentation packaging for NPM
* Mon Dec 2 2019 Stephen Gallagher <sgallagh@redhat.com> – 1:12.13.1-1
– Update to 12.13.1
– https://github.com/nodejs/node/blob/v12.13.1/doc/changelogs/CHANGELOG_V12.md
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> – 1:12.13.0-6
– Add proper i18n support
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> – 1:12.13.0-5
– Fix issue with NPM docs being replaced with a symlink
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> – 1:12.13.0-2
– Simplify npmrc default configuration
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> – 1:12.13.0-1
– Update to 12.13.0 (LTS)
– https://github.com/nodejs/node/blob/v12.13.0/doc/changelogs/CHANGELOG_V12.md
– NPM no longer clobbers RPM-installed Node.js modules
– Drop no-longer needed patch to suppress `npm update -g npm` message
——————————————————————————–
References:

[ 1 ] Bug #1767147 – CVE-2019-17592 nodejs-csv-parse: regular expression denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1767147
[ 2 ] Bug #1788312 – CVE-2019-16776 nodejs: Arbitrary file write via constructed entry in the package.json bin field [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1788312
[ 3 ] Bug #1788306 – CVE-2019-16775 nodejs: Symlink reference outside of node_modules folder through the bin field upon installation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1788306
[ 4 ] Bug #1788302 – CVE-2019-16777 nodejs: Global node_modules Binary Overwrite via npm CLI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1788302
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-595ce5e3cc’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org