Log Message:
nodejs12: updated to 12.22.3

Version 12.22.3 'Erbium' (LTS)

Notable Changes

Node.js 12.22.2 introduced a regression in the Windows installer on non-English \ 
locales that is being fixed in this release. There is no need to download this \ 
release if you are not using the Windows installer.

Version 12.22.2 'Erbium' (LTS)

This is a security release.

Notable Changes

Vulnerabilities fixed:

CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() \ 
function which is used to convert strings to ASCII. This is called by Node's dns \ 
module's lookup() function and can lead to information disclosures or crashes. \ 
You can read more about it in \ 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918

CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation \ 
(Medium)
Node.js is vulnerable to local privilege escalation attacks under certain \ 
conditions on Windows platforms. More specifically, improper configuration of \ 
permissions in the installation directory allows an attacker to perform two \ 
different escalation attacks: PATH and DLL hijacking. You can read more about it \ 
in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921

CVE-2021-27290: npm upgrade - ssri Regular Expression Denial of Service (ReDoS) \ 
(High)
This is a vulnerability in the ssri npm mudule which may be vulnerable to denial \ 
of service attacks. You can read more about it in \ 
https://github.com/advisories/GHSA-vx3p-948g-6vhq

CVE-2021-23362: npm upgrade - hosted-git-info Regular Expression Denial of \ 
Service (ReDoS) (Medium)
This is a vulnerability in the hosted-git-info npm mudule which may be \ 
vulnerable to denial of service attacks. You can read more about it in \ 
https://nvd.nist.gov/vuln/detail/CVE-2021-23362