summary refs log tree commit diff
diff options
context:
space:
mode:
authorJelle Licht <jlicht@fsfe.org>2021-10-28 14:11:45 +0200
committerJelle Licht <jlicht@fsfe.org>2021-11-15 22:43:24 +0100
commitf3cd70ff8c60ce51dfe8e37365caf1c787fcf62c (patch)
tree5c84067a9ca14227a186fc2ae13f38397e4c3b7e
parentcae7c3f3890a15ec5ed977966e5850fb3a93f9cd (diff)
downloadguix-f3cd70ff8c60ce51dfe8e37365caf1c787fcf62c.tar.gz
gnu: node-lts: Update to 14.18.1 [security fixes].
* gnu/packages/node.scm (node-lts): Update to 14.18.1.
[native-inputs]: Replace c-ares with c-ares-for-node.
[inputs]: Replace c-ares with c-ares-for-node.

Includes fixes for CVE-2021-22918, CVE-2021-22930, CVE-2021-22931,
CVE-2021-22939, and CVE-2021-22940.
-rw-r--r--gnu/packages/node.scm11
1 files changed, 7 insertions, 4 deletions
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 7a252e68be..dccf871d2c 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -647,14 +647,14 @@ source files.")
 (define-public node-lts
   (package
     (inherit node)
-    (version "14.16.0")
+    (version "14.18.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://nodejs.org/dist/v" version
                                   "/node-v" version ".tar.xz"))
               (sha256
                (base32
-                "19nz2mhmn6ikahxqyna1dn25pb5v3z9vsz9zb2flb6zp2yk4hxjf"))
+                "1vc9rypkgr5i5y946jnyr9jjpydxvm74p1s17rg2zayzvlddg89z"))
               (modules '((guix build utils)))
               (snippet
                `(begin
@@ -783,6 +783,9 @@ source files.")
                          '("test/parallel/test-dns.js"
                            "test/parallel/test-dns-lookupService-promises.js"))
 
+               ;; These tests require networking.
+               (delete-file "test/parallel/test-https-agent-unref-socket.js")
+
                ;; FIXME: This test fails randomly:
                ;; https://github.com/nodejs/node/issues/31213
                (delete-file "test/parallel/test-net-listen-after-destroying-stdin.js")
@@ -821,7 +824,7 @@ source files.")
                             "deps/llhttp/include/llhttp.h"))))))))
     (native-inputs
      `(;; Runtime dependencies for binaries used as a bootstrap.
-       ("c-ares" ,c-ares)
+       ("c-ares" ,c-ares-for-node)
        ("brotli" ,brotli)
        ("icu4c" ,icu4c-67)
        ("libuv" ,libuv-for-node)
@@ -837,7 +840,7 @@ source files.")
     (inputs
      `(("bash" ,bash)
        ("coreutils" ,coreutils)
-       ("c-ares" ,c-ares)
+       ("c-ares" ,c-ares-for-node)
        ("icu4c" ,icu4c-67)
        ("libuv" ,libuv-for-node)
        ("llhttp" ,llhttp-bootstrap)