Node JS upgrade

[Anuj16]

Hi All,

There are two vulnerabilities in Node version that electron is using right now (8.9.3). (here).

Do we have any plan to go to latest version of Node? If yes then any tentative dates for the same?

[MarshallOfSound]

@Anuj16 Upgrading node is not an incredibly simple task but I'll look at backporting the fixes for those two CVE's.

As far as I can see CVE-2017-15897 was actually fixed in 8.9.3 (so we already have it)

The other one requires a backport of nodejs/node#17526

[MarshallOfSound]

Update 8.9.3 includes the fix for CVE-2017-15896 as well

[MarshallOfSound]

Closing this out as both CVE's are reported as fixed in 8.9.3 which we currently depend on:

nodejs/node@8a44289

[Anuj16]

@MarshallOfSound Thanks very much for the quick clarification.

[MarshallOfSound]

@Anuj16 No problem, also for future reference even though this particular issue is on the line of public knowledge can all future security related things go to security@electronjs.org 👍