Security update for nim (important)

An update that fixes 9 vulnerabilities is now available.

Description:

This update for nim fixes the following issues:

Includes upstream security fixes for:

• (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a CR-LF
  injection
• (boo#1175334, CVE-2020-15692) mishandle of argument to
  browsers.openDefaultBrowser
• (boo#1175332, CVE-2020-15694) httpClient.get().contentLength() fails to
  properly validate the server response
• (boo#1192712, CVE-2021-41259) null byte accepted in getContent function,
  leading to URI validation bypass
• (boo#1185948, CVE-2021-29495) stdlib httpClient does not validate peer
  certificates by default
• (boo#1185085, CVE-2021-21374) Improper verification of the SSL/TLS
  certificate
• (boo#1185084, CVE-2021-21373) “nimble refresh” falls back to a non-TLS
  URL in case of error
• (boo#1185083, CVE-2021-21372) doCmd can be leveraged to execute
  arbitrary commands
• (boo#1181705, CVE-2020-15690) Standard library asyncftpclient lacks a
  check for newline character

Update to 1.6.6

• standard library use consistent styles for variable names so it can be
  used in projects which force a consistent style with
  –styleCheck:usages option.
• ARC/ORC are now considerably faster at method dispatching, bringing its
  performance back on the level of the refc memory management.
• Full changelog:
  https://nim-lang.org/blog/2022/05/05/version-166-released.html

• Previous updates and changelogs:

• 1.6.4: https://nim-lang.org/blog/2022/02/08/version-164-released.html
• 1.6.2: https://nim-lang.org/blog/2021/12/17/version-162-released.html
• 1.6.0: https://nim-lang.org/blog/2021/10/19/version-160-released.html
• 1.4.8: https://nim-lang.org/blog/2021/05/25/version-148-released.html
• 1.4.6:
  https://nim-lang.org/blog/2021/04/15/versions-146-and-1212-released.html
• 1.4.4:
  https://nim-lang.org/blog/2021/02/23/versions-144-and-1210-released.html
• 1.4.2: https://nim-lang.org/blog/2020/12/01/version-142-released.html
• 1.4.0: https://nim-lang.org/blog/2020/10/16/version-140-released.html

update to 1.2.16

• oids: switch from PRNG to random module
• nimc.rst: fix table markup
• nimRawSetjmp: support Windows
• correctly enable chronos
• bigints are not supposed to work on 1.2.x
• disable nimpy
• misc bugfixes
• fixes a ‘mixin’ statement handling regression [backport:1.2

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Backports SLE-15-SP4:

  zypper in -t patch openSUSE-2022-10101=1