Fedora: 2020-595ce5e3cc Critical: Nodejs 12.14.1 Update for Locale Support

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

Update to 12.14.1 Add new subpackage `nodejs-full-i18n` to provide non-English

locale and Unicode support.

* Mon Jan 13 2020 Stephen Gallagher - 1:12.14.1-3

- Fix issue with header symlinks in v8-devel

* Tue Jan 7 2020 Stephen Gallagher - 1:12.14.1-2

- Drop unneeded dependency on http-parser-devel

* Tue Jan 7 2020 Stephen Gallagher - 1:12.14.1-1

- Update to 12.14.1

- https://github.com/nodejs/node/blob/v12.14.1/doc/changelogs/CHANGELOG_V12.md

* Mon Jan 6 2020 Stephen Gallagher - 1:12.14.0-2

- Update to 12.14.0

- https://github.com/nodejs/node/blob/v12.14.0/doc/changelogs/CHANGELOG_V12.md

- Add new subpackage nodejs-full-i18n to enable optional non-English locale

support

- Update documentation packaging for NPM

* Mon Dec 2 2019 Stephen Gallagher - 1:12.13.1-1

- Update to 12.13.1

- https://github.com/nodejs/node/blob/v12.13.1/doc/changelogs/CHANGELOG_V12.md

* Tue Oct 29 2019 Stephen Gallagher - 1:12.13.0-6

- Add proper i18n support

* Tue Oct 29 2019 Stephen Gallagher - 1:12.13.0-5

- Fix issue with NPM docs being replaced with a symlink

* Mon Oct 28 2019 Stephen Gallagher - 1:12.13.0-2

- Simplify npmrc default configuration

* Mon Oct 28 2019 Stephen Gallagher - 1:12.13.0-1

- Update to 12.13.0 (LTS)

- https://github.com/nodejs/node/blob/v12.13.0/doc/changelogs/CHANGELOG_V12.md

- NPM no longer clobbers RPM-installed Node.js modules

- Drop no-longer needed patch to suppress `npm update -g npm` message

[ 1 ] Bug #1767147 - CVE-2019-17592 nodejs-csv-parse: regular expression denial of service [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1767147

[ 2 ] Bug #1788312 - CVE-2019-16776 nodejs: Arbitrary file write via constructed entry in the package.json bin field [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1788312

[ 3 ] Bug #1788306 - CVE-2019-16775 nodejs: Symlink reference outside of node_modules folder through the bin field upon installation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1788306

[ 4 ] Bug #1788302 - CVE-2019-16777 nodejs: Global node_modules Binary Overwrite via npm CLI [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1788302

su -c 'dnf upgrade --advisory FEDORA-2020-595ce5e3cc' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/