mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-06 18:09:44 +03:00
2ebde3d966
Fixes the following security vulnerabilities (in npm):
- CVE-2019-16775: Versions of the npm CLI prior to 6.13.3 are vulnerable to
an Arbitrary File Write. It is possible for packages to create symlinks
to files outside of thenode_modules folder through the bin field upon
installation
https://www.npmjs.com/advisories/1436
- CVE-2019-16776: Versions of the npm CLI prior to 6.13.3 are vulnerable to
an Arbitrary File Write. It fails to prevent access to folders outside of
the intended node_modules folder through the bin field
https://www.npmjs.com/advisories/1434
- CVE-2019-16777: Versions of the npm CLI prior to 6.13.4 are vulnerable to
an Arbitrary File Overwrite. It fails to prevent existing
globally-installed binaries to be overwritten by other package
installations
https://www.npmjs.com/advisories/1437
For further details, see the upstream announcements:
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 65b89f393d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 lines
255 B
Plaintext
6 lines
255 B
Plaintext
# From https://nodejs.org/dist/v12.14.0/SHASUMS256.txt
|
|
sha256 088a217ba2af641b8cc15be29f6e2956b8a33e6badb85596bbc2cdea9df9be71 node-v12.14.0.tar.xz
|
|
|
|
# Hash for license file
|
|
sha256 950bbc741dc021489c47683e34e7637e9b96fb4a1f430b2f77a744130516e293 LICENSE
|