Whistle 无法在 Node.js v21.6.2 上启动

[bbaa-bbaa]

相关 Package: https://github.com/avwo/starting CVE-2024-22017 当前保留未公开 搜索相关 Changelog(https://nodejs.org/en/blog/release/v21.6.2) 指出

CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)

CVE-2024-22017 是与 setuid 相关的漏洞

node:internal/bootstrap/switches/does_own_process_state:87
      const result = method(id);
                     ^

Error: setgid() disabled: io_uring may be enabled. See CVE-2024-22017.
    at process.setgid (node:internal/bootstrap/switches/does_own_process_state:87:22)
    at Object.setSudoGid (/home/bbaa/.config/yarn/global/node_modules/starting/lib/util.js:19:13)
    at Object.<anonymous> (/home/bbaa/.config/yarn/global/node_modules/starting/lib/bootstrap.js:4:6)
    at Module._compile (node:internal/modules/cjs/loader:1378:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1437:10)
    at Module.load (node:internal/modules/cjs/loader:1212:32)
    at Module._load (node:internal/modules/cjs/loader:1028:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:142:12)
    at node:internal/main/run_main_module:28:49 {
  code: 'ERR_INVALID_STATE'
}

[avwo]

重新安装 Whistle 并重启试试

[bbaa-bbaa]

已确认starting 8.0.2修复了此问题