nodejs/node
### [`v12.22.1`](https://togithub.com/nodejs/node/releases/v12.22.1)
[Compare Source](https://togithub.com/nodejs/node/compare/v12.22.0...v12.22.1)
This is a security release.
##### Notable Changes
Vulnerabilities fixed:
- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in
- Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in
- Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)
- This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in
- Impacts:
- All versions of the 14.x, 12.x and 10.x releases lines
##### Commits
- \[[`c947f1a0e1`](https://togithub.com/nodejs/node/commit/c947f1a0e1)] - **deps**: upgrade npm to 6.14.12 (Ruy Adorno) [#37918](https://togithub.com/nodejs/node/pull/37918)
- \[[`51a753c06f`](https://togithub.com/nodejs/node/commit/51a753c06f)] - **deps**: update archs files for OpenSSL-1.1.1k (Tobias Nießen) [#37939](https://togithub.com/nodejs/node/pull/37939)
- \[[`c85a519b48`](https://togithub.com/nodejs/node/commit/c85a519b48)] - **deps**: upgrade openssl sources to 1.1.1k (Tobias Nießen) [#37939](https://togithub.com/nodejs/node/pull/37939)
Configuration
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Enabled.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box.
This PR contains the following updates:
12.22.0->12.22.1Release Notes
nodejs/node
### [`v12.22.1`](https://togithub.com/nodejs/node/releases/v12.22.1) [Compare Source](https://togithub.com/nodejs/node/compare/v12.22.0...v12.22.1) This is a security release. ##### Notable Changes Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it inConfiguration
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Enabled.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.