Subject: CVS commit: pkgsrc/lang/nodejs10
From: Adam Ciarcinski
Date: 2020-06-03 11:25:38
Message id: 20200603092538.ED106FB27@cvs.NetBSD.org

Log Message:
nodejs10: updated to 10.21.0

Version 10.21.0 'Dubnium' (LTS)

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory \ 
corruption (High).
CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).

Commits

- deps: fix OPENSSLDIR on Windows
- deps: backport ICU-20958 to fix CVE-2020-10531
- (SEMVER-MINOR) deps: update nghttp2 to 1.41.0
- (SEMVER-MINOR) http2: implement support for max settings entries
- napi: fix memory corruption vulnerability

Files:
RevisionActionfile
1.13modifypkgsrc/lang/nodejs10/Makefile
1.6modifypkgsrc/lang/nodejs10/buildlink3.mk
1.7modifypkgsrc/lang/nodejs10/distinfo