Bug 266591 - security/vuxml: Add nodejs September 22nd 2022 Security Releases
Summary: security/vuxml: Add nodejs September 22nd 2022 Security Releases
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Ports Security Team
URL: https://nodejs.org/en/blog/vulnerabil...
Keywords: security
Depends on:
Blocks:
 
Reported: 2022-09-25 07:29 UTC by Derek Schrock
Modified: 2024-02-13 06:33 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)
grahamperrin: merge-quarterly?

Attachments
Add nodejs September 22nd 2022 Security Releases (3.65 KB, patch)
2022-09-25 07:29 UTC, Derek Schrock 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Derek Schrock 2022-09-25 07:29:18 UTC 
Created attachment 236801 [details]
Add nodejs September 22nd 2022 Security Releases

multiple CVE for www/node18 www/node16 www/node14

https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/
Comment 1 Derek Schrock 2022-12-15 01:32:28 UTC 
I don't believe this has been applied.  ping?
Comment 2 Graham Perrin freebsd_committer freebsd_triage 2022-12-18 19:49:32 UTC 
Triage: 

* security release, merge to quarterly branch
* VuXML entries?
Comment 3 John Hein 2023-04-08 16:09:08 UTC 
Is there a group that might be able to review proposed vuxml additions like this other than the busy ports-secteam?
Comment 4 Jochen Neumeister freebsd_committer freebsd_triage 2024-02-12 13:00:56 UTC 
Is this PR still relevant or can it be closed?
Comment 5 Derek Schrock 2024-02-12 23:35:44 UTC 
Most likely it is not relevant, at least for the ports that are in the current tree and quarterly, and can be closed. However, the major issue is there has not been any Node.js CVEs reported in vuxml since 2022.