[automatic] Publish 4 advisories for nghttp2_jll and libnode_jll

[jlsec-bot]

This action searched --project=nghttp2, checking 7 (+0) advisories from NVD and 3 (+1) from EUVD for advisories that pertain here. It identified 4 advisories as being related to the Julia package(s): nghttp2_jll, and libnode_jll.

1 advisories apply to the latest version of a package and do not have a patch

• CVE-2023-44487 for packages: nghttp2_jll, and libnode_jll
  • nghttp2_jll computed ["< 1.58.0+0"]. Its latest version (1.67.1+0) has components: {nghttp2 = "1.67.1", nghttp2-libs = "*"}
  • libnode_jll computed [">= 18.12.1+0"]. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
    • nodejs:node.js at >= 18.0.0, < 18.18.2 mapped to [>= 18.12.1+0], includes the latest version`

3 advisories found concrete vulnerable ranges

• CVE-2020-11080 for packages: nghttp2_jll
  • nghttp2_jll computed ["< 1.41.0+0"]. Its latest version (1.67.1+0) has components: {nghttp2 = "1.67.1", nghttp2-libs = "*"}
  • libnode_jll has no vulnerable versions; some versions contain vulnerable nodejs:node.js. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
• CVE-2023-35945 for packages: nghttp2_jll
  • nghttp2_jll computed ["< 1.58.0+0"]. Its latest version (1.67.1+0) has components: {nghttp2 = "1.67.1", nghttp2-libs = "*"}
• CVE-2024-28182 for packages: nghttp2_jll
  • nghttp2_jll computed ["< 1.61.0+0"]. Its latest version (1.67.1+0) has components: {nghttp2 = "1.67.1", nghttp2-libs = "*"}