Changelog
nodejs (14.16.0~dfsg-1) UNRELEASED; urgency=medium
[ Jérémy Lal ]
* New upstream version 14.16.0~dfsg
Fixed vulnerabilities:
+ CVE-2021-22883: HTTP2 'unknownProtocol' cause DoS
by resource exhaustion
+ CVE-2021-22884: localhost6 DNS rebinding in --inspect
* Refresh make-doc patch
* Patch to always use pure javascript cjs lexer
* copyright: cjs-module-lexer is expat
* copyright: exclude cjs-module-lexer unbuildable files
* copyright: fix some copyright years
* copyright: shjs is no longer used
* lintian-overrides: false positive for a unicode regexp
[ Xavier Guimard ]
* Embed @types/node 14
* Provides node-types-node (Closes: #979698)
* Use secure copyright file specification URI.
* Set upstream metadata fields: Security-Contact.
* Bump debhelper compatibility level to 13
* Declare compliance with policy 4.5.1
* Use secure URI in Homepage field.
* Add "Rules-Requires-Root: no"
* Modernize debian/watch
* Add ctype=nodejs to component(s)
* Update d/copyright urls
-- Jérémy Lal <email address hidden> Wed, 03 Mar 2021 23:38:32 +0100
