This is a security release.
These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803 and CVE-2021-32804.
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.
FreeBSD-specific note: As c-ares does not expose `ares_nameser.h` to the public yet, add it as a local patch and is to be removed once c-ares will install the file (scheduled for version `1.17.3`)
PR: 257903
Security: CVE-2021-37701
Security: CVE-2021-37712
Security: CVE-2021-37713
Security: CVE-2021-39134
Security: CVE-2021-39135