CVS commit: pkgsrc/lang/nodejs18

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Jun 21 15:14:55 UTC 2023

Modified Files:
        pkgsrc/lang/nodejs18: Makefile distinfo

Log Message:
nodejs18: updated to 18.16.1

Version 18.16.1 'Hydrogen' (LTS)

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

* [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium)
* [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium)
* [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
  * [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt).
  * [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt).
  * [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt)
* c-ares vulnerabilities:
  * [GHSA-9g78-jv2r-p7vc](https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc)
  * [GHSA-8r8p-23f3-64c2](https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2)
  * [GHSA-54xr-f67r-4pc4](https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4)
  * [GHSA-x6mf-cxr9-8q6v](https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v)


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/nodejs18/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/nodejs18/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs18/Makefile
diff -u pkgsrc/lang/nodejs18/Makefile:1.12 pkgsrc/lang/nodejs18/Makefile:1.13
--- pkgsrc/lang/nodejs18/Makefile:1.12  Tue Jun  6 12:41:45 2023
+++ pkgsrc/lang/nodejs18/Makefile       Wed Jun 21 15:14:54 2023
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.12 2023/06/06 12:41:45 riastradh Exp $
+# $NetBSD: Makefile,v 1.13 2023/06/21 15:14:54 adam Exp $
 
-DISTNAME=      node-v18.16.0
-PKGREVISION=   2
+DISTNAME=      node-v18.16.1
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++17

Index: pkgsrc/lang/nodejs18/distinfo
diff -u pkgsrc/lang/nodejs18/distinfo:1.7 pkgsrc/lang/nodejs18/distinfo:1.8
--- pkgsrc/lang/nodejs18/distinfo:1.7   Wed Apr 19 17:40:30 2023
+++ pkgsrc/lang/nodejs18/distinfo       Wed Jun 21 15:14:54 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.7 2023/04/19 17:40:30 adam Exp $
+$NetBSD: distinfo,v 1.8 2023/06/21 15:14:54 adam Exp $
 
-BLAKE2s (node-v18.16.0.tar.xz) = fb3661bb96b87488278dc2e578b2d3ca46ce814e53389456b15eb5d6fc05f9e9
-SHA512 (node-v18.16.0.tar.xz) = 608ce5db97ce2d851f381c7991f635c5e0927ae79037649b482c7e197479341b7c6560644e25f4d65ece8aa80c5763a0e044349a5be210fa33fbbf97a96462bd
-Size (node-v18.16.0.tar.xz) = 40467860 bytes
+BLAKE2s (node-v18.16.1.tar.xz) = 6b517e025d0d0cab1f952399b7acea0df81b8a7bb08c969215825f2cbe9bdd6a
+SHA512 (node-v18.16.1.tar.xz) = 15488a06aa31666a0af4470f08910b8a1df53d78cce597ddfdc0c6aebb77ae66138540d47ab0d4ab6d58d1c55226e3e2c0cfec641b2c55b417427171b1ace48c
+Size (node-v18.16.1.tar.xz) = 40462540 bytes
 SHA1 (patch-common.gypi) = 333fffbc32b36391c347c6cb9ef00d66ca5d6341
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = 0a07799ec675f2426f7c2d7a7d80fd422250f260