75f22e0d83
The following CVEs are fixed in this release: - CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High) - CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) - CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium) - CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium) - CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium) https://github.com/nodejs/node/releases/tag/v18.16.1
21 lines
473 B
Nix
21 lines
473 B
Nix
{ callPackage, openssl, python3, enableNpm ? true }:
|
|
|
|
let
|
|
buildNodejs = callPackage ./nodejs.nix {
|
|
inherit openssl;
|
|
python = python3;
|
|
};
|
|
|
|
in
|
|
buildNodejs {
|
|
inherit enableNpm;
|
|
version = "18.16.1";
|
|
sha256 = "sha256-6EBPjI2J/f336Vu7xgZr0OVxrLpY9USSWZthX77v4nI=";
|
|
patches = [
|
|
./disable-darwin-v8-system-instrumentation.patch
|
|
./bypass-darwin-xcrun-node16.patch
|
|
./revert-arm64-pointer-auth.patch
|
|
./node-npm-build-npm-package-logic.patch
|
|
];
|
|
}
|