Log Message:
nodejs: updated to 14.17.6

Version 14.17.6 'Fermium' (LTS)

This is a security release.

Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which \ 
are related to the initial reports and subsequent remediation of node-tar \ 
vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security \ 
review of node-tar and additional external bounty reports have resulted in \ 
another 5 CVE being remediated in core npm CLI dependencies including node-tar, \ 
and npm arborist.

Version 14.17.5 'Fermium' (LTS)

This is a security release.

Notable Changes

CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in \ 
domain names (High)
Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to \ 
missing input validation of hostnames returned by Domain Name Servers in the \ 
Node.js DNS library which can lead to the output of wrong hostnames (leading to \ 
Domain Hijacking) and injection vulnerabilities in applications using the \ 
library. You can read more about it at \ 
https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js was vulnerable to a use after free attack where an attacker might be \ 
able to exploit memory corruption to change process behavior. This release \ 
includes a follow-up fix for CVE-2021-22930 as the issue was not completely \ 
resolved by the previous fix. You can read more about it at \ 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930.
CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
If the Node.js HTTPS API was used incorrectly and "undefined" was in \ 
passed for the "rejectUnauthorized" parameter, no error was returned \ 
and connections to servers with an expired certificate would have been accepted. \ 
You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.