---
- branch: MAIN
  date: Wed Jun  3 08:41:24 UTC 2020
  files:
  - new: '1.184'
    old: '1.183'
    path: pkgsrc/lang/nodejs/Makefile
    pathrev: pkgsrc/lang/nodejs/Makefile@1.184
    type: modified
  - new: '1.172'
    old: '1.171'
    path: pkgsrc/lang/nodejs/distinfo
    pathrev: pkgsrc/lang/nodejs/distinfo@1.172
    type: modified
  id: 20200603T084124Z.1c8a4c5caa8b0f35d5e49f033b03e7248ab1cc94
  log: |
    nodejs: updated to 14.4.0

    Version 14.4.0 (Current)

    Notable changes

    This is a security release.

    Vulnerabilities fixed:

    CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
    CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
    CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).

    Commits

    - crypto: update root certificates
    - (SEMVER-MINOR) deps: update nghttp2 to 1.41.0
    - (SEMVER-MINOR) http2: implement support for max settings entries
    - napi: fix memory corruption vulnerability
    - tls: emit session after verifying certificate
    - tools: update certdata.txt
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang/nodejs'
  unixtime: '1591173684'
  user: adam