chore(deps): update node.js to v14.15.4 #334
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/node-14.x
branch
from
b1f1270 to
0e29a72
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/node-14.x
branch
from
0e29a72 to
b82ef03
Compare
renovate
bot
changed the title
|
🎉 This PR is included in version 1.1.3 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
14.15.1->14.15.4Release Notes
nodejs/node
v14.15.4Compare Source
This is a security release.
Notable Changes
Vulnerabilities fixed:
CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
Node.js. You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
CVE-2020-8265: use-after-free in TLSWrap (High)
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller as
part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits.
CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)
a http request. For example, two Transfer-Encoding header fields. In
this case Node.js identifies the first header field and ignores the
second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
Commits
305c0f4977] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #36571d62c650f75] - deps: update archs files for OpenSSL-1.1.1i (Myles Borins) #365212de2672eb5] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #365217ecac8143f] - http: add test for http transfer encoding smuggling (Matteo Collina) nodejs-private/node-private#228641f786bb1] - http: unsetF_CHUNKEDon newTransfer-Encoding(Matteo Collina) nodejs-private/node-private#2284f8772f9b7] - src: retain pointers to WriteWrap/ShutdownWrap (James M Snell) nodejs-private/node-private#23v14.15.3Compare Source
Notable Changes
Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See #36550 for more details.
Commits
4264d9aa67] - Revert "http: lazy create IncomingMessage.headers" (Beth Griggs) #36553v14.15.2Compare Source
Notable Changes
Commits
c508bfc66b] - assert: refactor to use more primordials (Antoine du Hamel) #35998a9d3a0df29] - assert,repl: enable ecmaVersion 2021 in acorn parser (Michaël Zasso) #358276d43c8dd69] - async_hooks: refactor to use more primordials (Antoine du Hamel) #36168029ea16a24] - async_hooks: fix leak in AsyncLocalStorage exit (Stephen Belanger) #35779d49e0ca73a] - benchmark: fix build warnings (Gabriel Schulhof) #36157d027be0551] - benchmark: ignore build artifacts for napi addons (Richard Lau) #35970fdb1c0d31c] - benchmark: remove modules that require intl (Richard Lau) #35968f6487960b5] - benchmark: make the benchmark tool work with Node 10 (Joyee Cheung) #3581721d3ccf5df] - benchmark: add startup benchmark for loading public modules (Joyee Cheung) #358160477e000bf] - bootstrap: refactor to use more primordials (Antoine du Hamel) #35999699bb348d9] - build: replace which with command -v (raisinten) #36118304e269001] - build: try “python3” as a last resort for 3.x (Ole André Vadla Ravnås) #359836bafe04911] - build: conditionally clear vcinstalldir (Brian Ingenito) #36009f498127c41] - build: fix zlib inlining for IA-32 (raisinten) #35679f33fa264cc] - build: fix lint-js-fix target (Antoine du Hamel) #3592767d31827ac] - build: add vcbuilt test-doc target (Antoine du Hamel) #357082a8c2ddcb1] - build: add license-builder GitHub Action (Tierney Cyren) #357126c61b9372b] - build: use make functions instead of echo (Antoine du Hamel) #357074813d913e3] - build: use GITHUB_ENV file to set env variables (Michaël Zasso) #3563871e0f33751] - build: do not install jq in workflows (Michaël Zasso) #356388ab7f258d4] - build, tools: look for local installation of NASM (Richard Lau) #3601450552facb7] - build,tools: gitHub Actions: use Node.js Fermium (Antoine du Hamel) #3584077b7c985f6] - build,tools: add lint-js-doc target (Antoine du Hamel) #35708929e1272ee] - cluster: refactor to use more primordials (Antoine du Hamel) #36011568e6177c9] - console: use more primordials (Antoine du Hamel) #357346cea3152fe] - deps: upgrade npm to 6.14.9 (Myles Borins) #36450d2ee676eb9] - deps: cherry-pick9a49b22from V8 upstream (Daniel Bevenius) #359397367e6c6be] - deps: update acorn to v8.0.4 (Michaël Zasso) #357914937a34be6] - deps: fix typo in zlib.gyp that break arm-fpu-neon build (lucasg) #356591e8dfb9d2c] - deps: upgrade to [email protected] (Guy Bedford) #359280356963f0e] - deps: update to [email protected] (Guy Bedford) #35901172be4ffe0] - deps: upgrade to [email protected] (Guy Bedford) #358711f7740691d] - deps: update to [email protected] (Guy Bedford) #3574547bd445e56] - doc: remove stray comma in url.md (Rich Trott) #361752f76a75fc6] - doc: revise agent.destroy() text (Rich Trott) #3616372fb6f88ab] - doc: add compatibility/interop technical value (Geoffrey Booth) #35323f5efd54727] - doc: de-emphasize wrapping in napi_define_class (Gabriel Schulhof) #361598a7c2b951d] - doc: clarify text about process not responding (Rich Trott) #36117800e1db83d] - doc: esm docs consolidation and reordering (Guy Bedford) #360464fad888fe1] - doc: move shigeki to emeritus (Rich Trott) #36093c088434b4d] - doc: document the error when cwd not exists in child_process.spawn (FeelyChau) #345054dbbbaa2e9] - doc: fix typo in debugger.md (Rich Trott) #36066d796bc7348] - doc: update list styles for remark-parse@9 rendering (Rich Trott) #360496daf204f32] - doc: escape asterisk in cctest gtest-filter (raisinten) #360349470bf5872] - doc: move v8.getHeapCodeStatistics() (Rich Trott) #3602730cd797c15] - doc: add note regarding file structure in src/README.md (Denys Otrishko) #35000cddcfcde9f] - doc: advise users to import the full set of trusted release keys (Reşat SABIQ) #326551ca1f262a5] - doc: fix crypto doc linter errors (Antoine du Hamel) #36035b11725eb9e] - doc: revise v8.getHeapSnapshot() (Rich Trott) #35849990facbc3e] - doc: update core-validate-commit link in guide (Daijiro Wachi) #35938773685c2a4] - doc: update benchmark CI test indicator in README (Rich Trott) #35945c90571ff2a] - doc: add new wordings to the API description (Pooja D.P) #355886259c2d231] - doc: option --prof documentation help added (krank2me) #3499198e4b77b89] - doc: fix release-schedule link in backport guide (Daijiro Wachi) #3592051ce1a2fa8] - doc: update tables in README files for linting changes (Rich Trott) #35905513bed2776] - doc: temporarily disable list-item-bullet-indent (Nick Schonning) #35647733c9da1e9] - doc: disable no-undefined-references workarounds (Nick Schonning) #356476e1612fa15] - doc: adjust table alignment for remark v13 (Nick Schonning) #35647a15dede26d] - doc: move bnoordhuis to emeritus (Ben Noordhuis) #3586526e42939f2] - doc: add on statement in the APIs docs (Pooja D.P) #356109486f5fc37] - doc: move ronkorving to emeritus (Rich Trott) #358283f3d2d781b] - doc: recommend test-doc instead of lint-md (Antoine du Hamel) #357088131d954d9] - doc: fix reference to googletest test fixture (Tobias Nießen) #3581334d6ca3bef] - doc: add conditional example for setBreakpoint() (Chris Opperwall) #3582329849743b8] - doc: make small improvements to REPL doc (Rich Trott) #3580802f9a2a77a] - doc: update MessagePort documentation for EventTarget inheritance (Anna Henningsen) #358399c7d4bd0f3] - doc: use case-sensitive in the example (Pooja D.P) #35624600cffae3c] - doc: consolidate and clarify breakOnSigInt text (Rich Trott) #357870de3f564b2] - doc: add a subsystems header in pull-requests.md (Pooja D.P) #3571847b4b2be29] - doc: add require statement in the example (Pooja D.P) #3555477cfcba7c8] - doc: modified memory set statement set size (Pooja D.P) #3551741937f76f0] - doc: use kbd element in readline doc prose (Rich Trott) #35737eee62b05f6] - doc: fix header level in fs.md (ax1) #3577163533d7d56] - doc: remove stability warning in v8 module doc (Rich Trott) #3577462bf1a63d6] - doc: mark optional parameters in timers.md (Vse Mozhe Buty) #357644dc5e4a354] - doc: add a example code to API doc property (Pooja D.P) #357388ef0652566] - doc: update console.error example (Lee, Bonggi) #3496447ba12265e] - doc: improve text for breakOnSigint (Rich Trott) #35692c0d9756163] - doc: this prints replaced with this is printed (Pooja D.P) #355152feb86e635] - doc: update package.json field definitions (Myles Borins) #35741d0d67c67c0] - doc: add Installing Node.js header in BUILDING.md (Pooja D.P) #357107c089ad04c] - doc: use kbd element in readline doc (Rich Trott) #35698ba623ef35a] - doc: add release key for Danielle Adams (Danielle Adams) #35545df4043bed3] - doc: use kbd element in os doc (Rich Trott) #356564d72e982de] - doc: add a statement in the documentation. (Pooja D.P) #35585238885288d] - doc: clarify experimental API elements in vm.md (Rich Trott) #35594806a269a83] - doc: importModuleDynamically gets Script, not Module (Simen Bekkhus) #355936c4e697f56] - doc: fix EventEmitter examples (Sourav Shaw) #33513f6ebd81693] - doc: add example code for process.getgroups() (Pooja D.P) #356252c342662e5] - doc: use kbd element in tty doc (Rich Trott) #35613f723335f9e] - doc: remove documentation for stream._construct() (Luigi Pinca) #36119e71b4baa88] - doc: Remove reference to io.js (Hussaina Begum Nandyala) #356184faf71b474] - doc,crypto: added sign/verify method changes about dsaEncoding (Filip Skokan) #35480e9d485f878] - doc,esm: document experimental warning removal (Antoine du Hamel) #3575017c3fc67cf] - doc,fs: document value of stats.isDirectory on symbolic links (coderaiser) #27413fc17ead531] - doc,net: document socket.timeout (Brandon Kobel) #34543dc589b541f] - doc,src,test: revise C++ code for linter update (Rich Trott) #357190a944a42c0] - doc,stream: write(chunk, encoding, cb) encoding can be null (dev-script) #35372be79250aad] - doc,test: update v8 method doc and comment (Rich Trott) #357958fdf077efc] - doc,url: fix url.hostname example (Rishabh Mehan) #337353a08afc402] - domain: refactor to use more primordials (Antoine du Hamel) #358858d672b8e53] - esm: refactor to use more primordials (Antoine du Hamel) #36019570a8bfe12] - events: port some wpt tests (Benjamin Gruenbaum) #336218ef4557c65] - events: make eventTarget.removeAllListeners() return this (Luigi Pinca) #35805d27e56356b] - fs: remove experimental from promises.rmdir recursive (Anders Kaseorg) #361318d84bdc46b] - fs: filehandle read now accepts object as argument (Nikola Glavina) #341807c3b6f17e3] - fs: replace finally with PromisePrototypeFinally (Baruch Odem (Rothkoff)) #359952f692c4cc6] - fs: remove unnecessary Function#bind() in fs/promises (Ben Noordhuis) #352085f0c8142b7] - fs: remove unused assignment (Rich Trott) #35642e2b8734d20] - gyp,build: consistent shared library location (Rod Vagg) #3563545aee0d25e] - http: fix typo in comment (Hollow Man) #36193b58725c4c0] - http: lazy create IncomingMessage.headers (Robert Nagy) #3528171c3efe278] - http2: check write not scheduled in scope destructor (David Halls) #36241ab2b066fc1] - http2: delay session.receive() by a tick (Szymon Marczak) #35985c4e17cfa25] - http2: add has method to proxySocketHandler (masx200) #35197c455b848d9] - http2: centralise socket event binding in Http2Session (Momtchil Momtchev) #35772dce01fd27f] - http2: move events to the JSStreamSocket (Momtchil Momtchev) #3577292bd7b522a] - http2: fix error stream write followed by destroy (David Halls) #35951ec9fae96bc] - http2: fix reinjection check (Momtchil Momtchev) #3567857f2fe0609] - http2: reinject data received before http2 is attached (Momtchil Momtchev) #356782dbaaf92e5] - http2: remove unsupported %.* specifier (Momtchil Momtchev) #35694de3c8045ac] - lib: refactor to use more primordials (Antoine du Hamel) #3587541d997cc72] - lib: use primordials when calling methods of Error (Antoine du Hamel) #35837d58a466da0] - lib: honor setUncaughtExceptionCaptureCallback (Gireesh Punathil) #355951fdf72765b] - module: only try to enrich CJS syntax errors (Michaël Zasso) #3569181b0562c62] - n-api: clean up binding creation (Gabriel Schulhof) #361707a01e241ee] - n-api: fix test_async_context warnings (Gabriel Schulhof) #36171dde727e72f] - n-api: improve consistency of how we get context (Michael Dawson) #3606808657e7e11] - n-api: factor out calling pattern (Gabriel Schulhof) #3611388aa4e0d25] - n-api: unlink reference during its destructor (Gabriel Schulhof) #359331cb50c17d3] - n-api: napi_make_callback emit async init with resource of async_context (legendecas) #32930f1e84f4dd8] - n-api: revert change to finalization (Michael Dawson) #35777e16124979d] - querystring: reduce memory usage by Int8Array (sapics) #341795c81a1071e] - src: refactor using-declarations node_env_var.cc (raisinten) #361282770cd941e] - src: remove duplicate logic for getting buffer (Yash Ladha) #34553f2300390aa] - src: create helper for reading Uint32BE (Juan José Arboleda) #3494434c870e9f0] - src: use MaybeLocal.ToLocal instead of IsEmpty (Daniel Bevenius) #3571600d9499b14] - src: large pages support in illumos/solaris systems (David Carlier) #343207c99885a9b] - stream: fix thrown object reference (Gil Pedersen) #360651cefb7e710] - stream: fix regression on duplex end (Momtchil Momtchev) #35941d1fd3f27e4] - stream: remove redundant context from comments (Yash Ladha) #35728fb14acb22c] - stream: move to internal/streams (Matteo Collina) #3523940d59281f7] - test: update comments in test-fs-read-offset-null (Rich Trott) #36152a563f79d80] - test: fix typo in inspector-helper.js (Luigi Pinca) #361273e77536c6b] - test: deflake test-http-destroyed-socket-write2 (Luigi Pinca) #36120402e29a87c] - test: make test-http2-client-jsstream-destroy.js reliable (Rich Trott) #36129b6aa42c349] - test: add test for fs.read when offset key is null (mayank agarwal) #359188516c2ef90] - test: improve test-stream-duplex-readable-end (Luigi Pinca) #36056b53068ec0d] - test: add util.inspect test for null maxStringLength (Rich Trott) #360863029872631] - test: replace var with const (Aleksandr Krutko) #36069b05cdfee64] - test: remove flaky designation for fixed test (Rich Trott) #35961002005f537] - test: improve error message for policy failures (Bradley Meck) #356331453de1381] - test: update old comment style test_util.cc (raisinten) #35884de375e16f4] - test: add missing ref comments to parallel.status (Rich Trott) #35896cab65fbe63] - test: mark test-worker-eventlooputil flaky (Myles Borins) #358864ed4b64293] - test: mark test-http2-respond-file-error-pipe-offset flaky (Myles Borins) #35883a5b94180fe] - test: fix reference to WPT testharness.js (Tobias Nießen) #358143bb7f3602b] - test: add onerror test cases to policy (Daijiro Wachi) #357970aba12218a] - test: add upstream test cases to encoding (Daijiro Wachi) #35794f535d6252f] - test: add test for listen callback runtime binding (H Adinarayana) #35657d62e72b341] - test: refactor test-https-host-headers (himself65) #3280570cb70812d] - test: add common.mustSucceed (Tobias Nießen) #35086226c1800a8] - test: check for AbortController existence (James M Snell) #3561641aac465cc] - timers: correct explanation in comment (Turner Jabbour) #35437713d1ebe75] - tools: bump [email protected] to [email protected] (Rich Trott) #36106127a4fb810] - tools: only use 2 cores for macos action (Myles Borins) #3616975e49b833b] - tools: remove bashisms from license builder script (Antoine du Hamel) #3612228d6283f96] - tools: hide commit queue action link (Antoine du Hamel) #36124b7441ea4d2] - tools: update doc tools to [email protected] (Rich Trott) #360495a41282ef5] - tools: enforce use of single quotes in editorconfig (Antoine du Hamel) #3602023dd2b00dd] - tools: fix config serialization w/ long strings (Ole André Vadla Ravnås) #359824664681220] - tools: don't print gold linker warning w/o flag (Myles Borins) #35955dfd6ad9d99] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #35866d177cb3993] - tools: bump cpplint to 1.5.1 (Rich Trott) #35866b19a85ed2a] - tools: add update-npm script (Myles Borins) #3582207e5d35d14] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #35719c7301533de] - tools: bump cpplint to 1.5.0 (Rich Trott) #35719985efdfa09] - tools: update gyp-next to v0.6.2 (Michaël Zasso) #35690baca8ee873] - tools: update gyp-next to v0.6.0 (Ujjwal Sharma) #356353e7598da9b] - tools,doc: enable ecmaVersion 2021 in acorn parser (Antoine du Hamel) #35994dfb353b882] - util: fix to inspect getters that access this (raisinten) #360521906f19e49] - vm: refactor to use more primordials (Antoine du Hamel) #36023ffe517b40d] - win, build: fix build time on Windows (Bartosz Sosnowski) #35932c4c8541621] - win,build,tools: support VS prerelease (Baruch Odem) #36033f59e225675] - zlib: test BrotliCompress throws invalid arg value (raisinten) #35830Renovate configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.