Log message:
nodejs14: removed; life ended on 2023-04-30

Log message:
*: recursive bump for Python 3.11 as new default

Log message:
nodejs*: add upper bounds so only the requested version is pulled in

Log message:
*: recursive bump for ngtcp2 shlib major bump

Log message:
nodejs14: build and install npm; bump revision

Log message:
nodejs14: updated to 14.21.3

Version 14.21.3 'Fermium' (LTS)

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

* CVE-2023-23918: Node.js Permissions policies can be bypassed via \ 
process.mainModule (High)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA \ 
environment variable (Low)

Log message:
nodejs14: updated to 14.21.2

Version 14.21.2 'Fermium' (LTS)

Notable Changes

OpenSSL 1.1.1s

This OpenSSL version does not address any security vulnerabilities.

Root certificates updated to NSS 3.85

Time zone update to 2022f

Log message:
nodejs14: enable corepack, disable dtrace, bump revision

Log message:
nodejs14: updated to 14.21.1

Version 14.21.1 'Fermium' (LTS), @BethGriggs

This is a security release.

Notable changes

The following CVEs are fixed in this release:

* \ 
**[CVE-2022-43548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548)**: \ 
DNS rebinding in --inspect via invalid octal IP address (Medium)

Log message:
nodejs14: updated to 14.20.1

Version 14.20.1 'Fermium' (LTS)

This is a security release.

Notable changes

The following CVEs are fixed in this release:

CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
CVE-2022-32213: bypass via obs-fold mechanic (Medium)
CVE-2022-35256: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields \ 
(Medium)