Update node.js and related components to fix CVEs #591

hohwille · 2021-07-08T11:28:59Z

As a user of devonfw-ide, I want to get secure software by default so that I am not vulnerable.

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

Currently we are using node v14.16.0 that is affected:

ide/scripts/src/main/resources/scripts/command/node

Line 21 in 10722e0

local software_version="${NODE_VERSION:-v14.16.0}"

We need to update to at least v14.17.2 or even v16.4.1.

hohwille added enhancement New feature or request update related to updating software or the entire devonfw-ide security related to IT-Security (e.g. vulnerability) labels Jul 8, 2021

hohwille added this to the release:2021.04.002 milestone Jul 8, 2021

hohwille linked a pull request Jul 8, 2021 that will close this issue

#592: update node v14.17.3 to fix CVEs #592

Merged

hohwille closed this as completed in #592 Jul 12, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update node.js and related components to fix CVEs #591

Update node.js and related components to fix CVEs #591

hohwille commented Jul 8, 2021

Update node.js and related components to fix CVEs #591

Update node.js and related components to fix CVEs #591

Comments

hohwille commented Jul 8, 2021