[pkgsrc/trunk]: pkgsrc/lang/nodejs nodejs: updated to 14.18.1

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d0149dd20f07
branches:  trunk
changeset: 768342:d0149dd20f07
user:      adam <adam%pkgsrc.org@localhost>
date:      Wed Oct 20 09:14:19 2021 +0000

description:
nodejs: updated to 14.18.1

Version 14.18.1 'Fermium' (LTS)

This is a security release.

Notable changes

CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after 
publication.
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 
after publication.

diffstat:

 lang/nodejs/Makefile |  4 ++--
 lang/nodejs/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (28 lines):

diff -r 66be70a4e786 -r d0149dd20f07 lang/nodejs/Makefile
--- a/lang/nodejs/Makefile      Wed Oct 20 09:13:02 2021 +0000
+++ b/lang/nodejs/Makefile      Wed Oct 20 09:14:19 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.220 2021/09/29 19:21:34 adam Exp $
+# $NetBSD: Makefile,v 1.221 2021/10/20 09:14:19 adam Exp $
 
-DISTNAME=      node-v14.18.0
+DISTNAME=      node-v14.18.1
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++14
diff -r 66be70a4e786 -r d0149dd20f07 lang/nodejs/distinfo
--- a/lang/nodejs/distinfo      Wed Oct 20 09:13:02 2021 +0000
+++ b/lang/nodejs/distinfo      Wed Oct 20 09:14:19 2021 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.203 2021/10/07 14:21:02 nia Exp $
+$NetBSD: distinfo,v 1.204 2021/10/20 09:14:19 adam Exp $
 
-RMD160 (node-v14.18.0.tar.xz) = fe966ce9c1a6c41bd5525a12416797ee5d00b37b
-SHA512 (node-v14.18.0.tar.xz) = 0603e2466bf89b57e404e2992dda25012866a347489fb811a9757aea07056fc4f346236adf44a56d52c442f5f298f4dfdfc961f8582cd194d062beeb80c60cbf
-Size (node-v14.18.0.tar.xz) = 33698388 bytes
+RMD160 (node-v14.18.1.tar.xz) = b05b1189139ba2d60d7f8d9370c1fc37f2ca37e7
+SHA512 (node-v14.18.1.tar.xz) = a92d6f392e960008efd0c1f48471a3e294aa5292065fb31acc62723e8924f7f1a22bb02f3ab51a440f6e190bdee3c1667a275808c6b76d053a77aa6d7ad68aef
+Size (node-v14.18.1.tar.xz) = 33693816 bytes
 SHA1 (patch-common.gypi) = f0bd2962bf7c8466db24b35a35154897ecad6316
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3