nodejs/node
### [`v12.22.6`](https://togithub.com/nodejs/node/releases/v12.22.6)
[Compare Source](https://togithub.com/nodejs/node/compare/v12.22.5...v12.22.6)
This is a security release.
##### Notable Changes
These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities [CVE-2021-32803](https://togithub.com/advisories/GHSA-r628-mhmh-qjhw)
and [CVE-2021-32804](https://togithub.com/advisories/GHSA-3jfq-g458-7qm9).
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.
You can read more about it in:
- [CVE-2021-37701](https://togithub.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc)
- [CVE-2021-37712](https://togithub.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p)
- [CVE-2021-37713](https://togithub.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh)
- [CVE-2021-39134](https://togithub.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc)
- [CVE-2021-39135](https://togithub.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2)
##### Commits
- \[[`a0154b586b`](https://togithub.com/nodejs/node/commit/a0154b586b)] - **deps**: update archs files for OpenSSL-1.1.1l (Richard Lau) [#39869](https://togithub.com/nodejs/node/pull/39869)
- \[[`7a95637eb7`](https://togithub.com/nodejs/node/commit/7a95637eb7)] - **deps**: upgrade openssl sources to 1.1.1l (Richard Lau) [#39869](https://togithub.com/nodejs/node/pull/39869)
- \[[`840b0ffff6`](https://togithub.com/nodejs/node/commit/840b0ffff6)] - **deps**: upgrade npm to 6.14.15 (Darcy Clarke) [#39856](https://togithub.com/nodejs/node/pull/39856)
Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box.
This PR contains the following updates:
12.22.5->12.22.6:information_source: Find our documentation at https://github.com/Financial-Times/next/wiki/Renovate.
Release Notes
nodejs/node
### [`v12.22.6`](https://togithub.com/nodejs/node/releases/v12.22.6) [Compare Source](https://togithub.com/nodejs/node/compare/v12.22.5...v12.22.6) This is a security release. ##### Notable Changes These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities [CVE-2021-32803](https://togithub.com/advisories/GHSA-r628-mhmh-qjhw) and [CVE-2021-32804](https://togithub.com/advisories/GHSA-3jfq-g458-7qm9). Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist. You can read more about it in: - [CVE-2021-37701](https://togithub.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc) - [CVE-2021-37712](https://togithub.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p) - [CVE-2021-37713](https://togithub.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh) - [CVE-2021-39134](https://togithub.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc) - [CVE-2021-39135](https://togithub.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2) ##### Commits - \[[`a0154b586b`](https://togithub.com/nodejs/node/commit/a0154b586b)] - **deps**: update archs files for OpenSSL-1.1.1l (Richard Lau) [#39869](https://togithub.com/nodejs/node/pull/39869) - \[[`7a95637eb7`](https://togithub.com/nodejs/node/commit/7a95637eb7)] - **deps**: upgrade openssl sources to 1.1.1l (Richard Lau) [#39869](https://togithub.com/nodejs/node/pull/39869) - \[[`840b0ffff6`](https://togithub.com/nodejs/node/commit/840b0ffff6)] - **deps**: upgrade npm to 6.14.15 (Darcy Clarke) [#39856](https://togithub.com/nodejs/node/pull/39856)Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.