patches: bump to Node 12.22.2, 14.17.2 and 16.4.1 #203
Conversation
|
@leerob , @robertsLando : I decided to wait for the imminent security releases: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases . As such, this PR is not going to be merged in its current form. Instead, I will update it with the new versions that contain the security patches. Just a heads up, it is preferable that we can complete the full cycle (update patches -> release pkg-fetch -> release pkg) ASAP when there are security updates. By the way, I think we probably should deprecate and issue security advisories for older versions of pkg-fetch. Recent versions are probably still OK, but legacy ones (pre-3.0) miss a lot of Node.js security updates (many are critical). IMHO we don't have to match the severity of Node.js, but even a "low" or "moderate" advisory can allow users to notice the issue, and bump the version. What do you think? |
jesec
force-pushed
the
pr/patches-14.17.1-16.4.0
branch
from
c31db7a
to
159bce9
Compare
jesec
changed the title
|
Please publish 3.2.2 to npm when you have time. 👍 |
|
Done! |
No description provided.