Le mer. 19 juil. 2023 à 21:51, Jérémy Lal <kapo...@melix.org> a écrit :
> > > Le mer. 19 juil. 2023 à 14:18, Moritz Mühlenhoff <j...@inutil.org> a > écrit : > >> Am Fri, Jun 30, 2023 at 08:12:37PM +0200 schrieb Jérémy Lal: >> > Hi, >> > >> > Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso <car...@debian.org> >> a >> > écrit : >> > >> > > Source: nodejs >> > > Version: 18.13.0+dfsg1-1 >> > > Severity: important >> > > Tags: security upstream >> > > X-Debbugs-Cc: car...@debian.org, Debian Security Team < >> > > t...@security.debian.org> >> > > >> > > Hi, >> > > >> > > The following vulnerabilities were published for nodejs. >> > > >> > > CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and >> > > CVE-2023-30590[3]. >> > > >> > > >> > > If you fix the vulnerabilities please also make sure to include the >> > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. >> > > >> > >> > It would be interesting to know if we adopt the same plan we had with >> > security team: >> > full upstream updates in the same branch, 18.x here. >> >> Ack, let's do that. Could you prepare bookworm-security updates >> based on 18.17.0 (after it has landed in unstable)? > > nodejs 18.19.0 has landed in testing. It rebuilds fine in bookworm, and test-suite-during-build pass on amd64. It also requires "node-undici", precisely for that change: node-undici (5.28.2+dfsg1+~cs23.11.12.3-2) unstable; urgency=medium * Build and publish undici-types, needed by new @types/node Is there a way to deal with this ? Jérémy