[pkgsrc/trunk]: pkgsrc/lang/nodejs12 nodejs12: updated to 12.22.1

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5f3e414de035
branches:  trunk
changeset: 449874:5f3e414de035
user:      adam <adam%pkgsrc.org@localhost>
date:      Wed Apr 07 06:21:06 2021 +0000

description:
nodejs12: updated to 12.22.1

Version 12.22.1 'Erbium' (LTS)

This is a security release.

Notable Changes

Vulnerabilities fixed:

CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines


Version 12.22.0 'Erbium' (LTS)

Notable changes

The legacy HTTP parser is runtime deprecated

The legacy HTTP parser, selected by the --http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation provided) 
at the end of April 2021. It will now warn on use but otherwise continue to function and may be removed in a future Node.js 12.x release.

The default HTTP parser based on llhttp is not affected. By default it is stricter than the now deprecated legacy HTTP parser. If interoperability with HTTP implementations that send invalid HTTP 
headers is required, the HTTP parser can be started in a less secure mode with the --insecure-http-parser command line option.

ES Modules

ES Modules are now considered stable.

node-api

Updated to node-api version 8 and added an experimental API to allow retrieval of the add-on file name.

New API's to control code coverage data collection

v8.stopCoverage() and v8.takeCoverage() have been added.

New API to monitor event loop utilization by Worker threads

worker.performance.eventLoopUtilization() has been added.

diffstat:

 lang/nodejs12/Makefile |   4 ++--
 lang/nodejs12/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r b2aa02682571 -r 5f3e414de035 lang/nodejs12/Makefile
--- a/lang/nodejs12/Makefile    Wed Apr 07 06:19:21 2021 +0000
+++ b/lang/nodejs12/Makefile    Wed Apr 07 06:21:06 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.31 2021/02/24 11:10:11 adam Exp $
+# $NetBSD: Makefile,v 1.32 2021/04/07 06:21:06 adam Exp $
 
-DISTNAME=      node-v12.21.0
+DISTNAME=      node-v12.22.1
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++14
diff -r b2aa02682571 -r 5f3e414de035 lang/nodejs12/distinfo
--- a/lang/nodejs12/distinfo    Wed Apr 07 06:19:21 2021 +0000
+++ b/lang/nodejs12/distinfo    Wed Apr 07 06:21:06 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.22 2021/02/24 11:10:11 adam Exp $
+$NetBSD: distinfo,v 1.23 2021/04/07 06:21:06 adam Exp $
 
-SHA1 (node-v12.21.0.tar.xz) = 675637f5fad3b32c2f5830b43f3b2be0bbda1626
-RMD160 (node-v12.21.0.tar.xz) = 1e024ad17c8d0ef941d889e953cbae47e8ef7812
-SHA512 (node-v12.21.0.tar.xz) = 48df48a12657e3a2366cd80a1a7040365b7a90053676230f1f93f253a1fcdafc5bc1df5b5ec5c13f616277b5feb7e7653cd145ab9c23222bf7702d7cd1fa74eb
-Size (node-v12.21.0.tar.xz) = 23650552 bytes
+SHA1 (node-v12.22.1.tar.xz) = a4bd1a34dfb82960f098f3a9aab04470c0315581
+RMD160 (node-v12.22.1.tar.xz) = 840b4f5835a00136164d9950709957d476cf14bf
+SHA512 (node-v12.22.1.tar.xz) = eaead633611bda04ab9be200aeddf3b4004b8104e9c6af246023b8008003dd3a7103e1508ea690443e59c6591521b04a2d71c7344343f2a20d1c935ef51c66a0
+Size (node-v12.22.1.tar.xz) = 23650180 bytes
 SHA1 (patch-common.gypi) = a3fa3b5b974f910b3c8fea640ded4dca262e1ba8
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3