Fixes the following security issues:
- CVE-2023-23918: Node.js Permissions policies can be bypassed via
process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto
library (Medium)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA
environment variable (Low)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
injection in host headers (Medium)
https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js
fetch API (Low)
https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases
Update LICENSE hash after an update of the openssl license snippet:
e7ed56f501
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
a240f9da85