2021-08-31, Version 14.17.6 'Fermium' (LTS), @MylesBorins

This is a security release.

Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803
and CVE-2021-32804.
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.

You can read more about it in:

• CVE-2021-37701
• CVE-2021-37712
• CVE-2021-37713
• CVE-2021-39134
• CVE-2021-39135

Commits

• [5b3f70bfb5] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #39868
• [71372625ae] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #39868
• [4276984803] - deps: upgrade npm to 6.14.15 (Darcy Clarke) #39856