2021-08-31, Version 12.22.6 'Erbium' (LTS), @MylesBorins

This is a security release.

Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803
and CVE-2021-32804.
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.

You can read more about it in:

• CVE-2021-37701
• CVE-2021-37712
• CVE-2021-37713
• CVE-2021-39134
• CVE-2021-39135

Commits

• [a0154b586b] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #39869
• [7a95637eb7] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #39869
• [840b0ffff6] - deps: upgrade npm to 6.14.15 (Darcy Clarke) #39856