---
- branch: MAIN
  date: Fri Feb 17 11:58:37 UTC 2023
  files:
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/lang/nodejs18/Makefile
    pathrev: pkgsrc/lang/nodejs18/Makefile@1.5
    type: modified
  - new: '1.4'
    old: '1.3'
    path: pkgsrc/lang/nodejs18/distinfo
    pathrev: pkgsrc/lang/nodejs18/distinfo@1.4
    type: modified
  id: 20230217T115837Z.36fc9661a7d4ce0aa107828810da4173d9b4f4eb
  log: |
    nodejs18: updated to 18.14.1

    Version 18.14.1 'Hydrogen' (LTS)

    This is a security release.

    Notable Changes

    The following CVEs are fixed in this release:

    CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
    CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
    CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
    CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
    CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang/nodejs18'
  unixtime: '1676635117'
  user: adam