- Fixed multiple high‑severity CVEs (nghttp2, undici, path traversal, integrity check bypass, code injection) in version 20.8.1
- Updated dependencies: nghttp2 to 1.57.0 and undici to v5.26.3
- Patched internal modules to block Uint8Array path traversal, improve path traversal protection, and prevent WebAssembly export name injection
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.