Update Node.js #44

renovate · 2023-10-01T10:01:47Z

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
node	engines	patch	`>=16.20.0` -> `>=16.20.2`
@types/node (source)	devDependencies	patch	`^16.18.3` -> `^16.18.58`

Release Notes

nodejs/node (node)

`v16.20.2`: 2023-08-09, Version 16.20.2 'Gallium' (LTS), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-32002: Policies can be bypassed via Module._load (High)
CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
OpenSSL Security Releases

More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

Commits

[40c3958a5a] - deps: update archs files for OpenSSL-1.1.1v (RafaelGSS) #49043
[a9ac9da89a] - deps: fix openssl crypto clean (RafaelGSS) #49043
[362d4c7494] - deps: upgrade openssl sources to OpenSSL_1_1_1v (RafaelGSS) #49043
[d8ccfe9ad4] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#445
[242aaa0caa] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#459

`v16.20.1`: 2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
OpenSSL Security Releases
c-ares vulnerabilities:

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Commits

[5a92ea7a3b] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen)
[5df04e893a] - deps: set CARES_RANDOM_FILE for c-ares (Richard Lau) #48156
[c171cbd124] - deps: update c-ares to 1.19.1 (RafaelGSS) #48115
[155d3aac02] - deps: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) #48369
[8d4c8f8ebe] - deps: upgrade openssl sources to OpenSSL_1_1_1u (RafaelGSS) #48369
[1a5c9284eb] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426
[e42ff4b018] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#429
[10042683c8] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408
[a6f4e87bc9] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416
[b77000f4d7] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate · 2023-10-11T21:55:20Z

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.

jakubmazanec force-pushed the renovate/node-16.x branch from 17cdf54 to 0896c6b Compare October 1, 2023 10:02

jakubmazanec force-pushed the development branch from 1f2348e to a0c9549 Compare October 1, 2023 10:29

renovate bot force-pushed the renovate/node-16.x branch from 0896c6b to 1d93735 Compare October 1, 2023 10:29

jakubmazanec force-pushed the renovate/node-16.x branch from 1d93735 to 429da9d Compare October 1, 2023 10:30

jakubmazanec force-pushed the development branch 2 times, most recently from af707d0 to 61c12db Compare October 1, 2023 10:46

renovate bot changed the title ~~Update Node.js to >=16.20.2~~ Update dependency @types/node to ^16.18.55 Oct 1, 2023

renovate bot force-pushed the renovate/node-16.x branch from 429da9d to 9ff15f1 Compare October 1, 2023 10:47

jakubmazanec force-pushed the renovate/node-16.x branch from 9ff15f1 to 097abb9 Compare October 1, 2023 10:47

jakubmazanec force-pushed the development branch from 61c12db to 8112e0a Compare October 1, 2023 10:58

renovate bot changed the title ~~Update dependency @types/node to ^16.18.55~~ Update Node.js to >=16.20.2 Oct 1, 2023

renovate bot force-pushed the renovate/node-16.x branch from 097abb9 to a036e29 Compare October 1, 2023 10:59

jakubmazanec force-pushed the renovate/node-16.x branch 2 times, most recently from 0017a74 to b569b59 Compare October 1, 2023 11:00

renovate bot force-pushed the renovate/node-16.x branch from b569b59 to 2b24293 Compare October 1, 2023 11:01

jakubmazanec force-pushed the renovate/node-16.x branch 2 times, most recently from daee513 to 72abbc0 Compare October 1, 2023 11:03

renovate bot force-pushed the renovate/node-16.x branch from 72abbc0 to 1b3299f Compare October 1, 2023 11:04

jakubmazanec force-pushed the renovate/node-16.x branch from 1b3299f to b6b5001 Compare October 1, 2023 11:05

renovate bot force-pushed the renovate/node-16.x branch from b6b5001 to cf506f9 Compare October 1, 2023 11:06

jakubmazanec force-pushed the renovate/node-16.x branch 2 times, most recently from 7d292c3 to e337c10 Compare October 1, 2023 11:07

renovate bot force-pushed the renovate/node-16.x branch from e337c10 to 7865f01 Compare October 1, 2023 11:08

jakubmazanec force-pushed the renovate/node-16.x branch 2 times, most recently from 2ae87b4 to f894f4b Compare October 1, 2023 11:10

renovate bot force-pushed the renovate/node-16.x branch from f894f4b to a38d171 Compare October 1, 2023 11:10

jakubmazanec force-pushed the renovate/node-16.x branch 2 times, most recently from b1cf894 to 7d818db Compare October 1, 2023 11:12

renovate bot force-pushed the renovate/node-16.x branch from 7d818db to b87a04b Compare October 1, 2023 11:13

jakubmazanec force-pushed the renovate/node-16.x branch from b87a04b to d920bc0 Compare October 1, 2023 11:14

jakubmazanec force-pushed the renovate/node-16.x branch 3 times, most recently from fc0e4a0 to 2d95956 Compare October 11, 2023 12:50

renovate bot force-pushed the renovate/node-16.x branch from 2d95956 to 6eff94d Compare October 11, 2023 12:51

jakubmazanec force-pushed the development branch from f7b8487 to f5862ec Compare October 11, 2023 12:51

renovate bot force-pushed the renovate/node-16.x branch from 6eff94d to d64e7d6 Compare October 11, 2023 12:53

jakubmazanec force-pushed the development branch from f5862ec to f39cf15 Compare October 11, 2023 13:13

renovate bot force-pushed the renovate/node-16.x branch from d64e7d6 to 3473dcd Compare October 11, 2023 13:14

jakubmazanec force-pushed the renovate/node-16.x branch from 3473dcd to 8a96e6a Compare October 11, 2023 13:15

renovate bot force-pushed the renovate/node-16.x branch from 8a96e6a to 44a6a06 Compare October 11, 2023 13:17

jakubmazanec force-pushed the renovate/node-16.x branch from 44a6a06 to 0c69ee4 Compare October 11, 2023 13:19

renovate bot force-pushed the renovate/node-16.x branch from 0c69ee4 to 5fcf1b4 Compare October 11, 2023 13:20

jakubmazanec force-pushed the renovate/node-16.x branch from 5fcf1b4 to d1212bb Compare October 11, 2023 13:22

renovate bot force-pushed the renovate/node-16.x branch from d1212bb to 898dcb8 Compare October 11, 2023 13:23

jakubmazanec force-pushed the development branch 2 times, most recently from f03212c to c260b52 Compare October 11, 2023 21:39

renovate bot force-pushed the renovate/node-16.x branch from f79008d to c62f24a Compare October 11, 2023 21:53

jakubmazanec force-pushed the development branch from c260b52 to 1e0b923 Compare October 12, 2023 21:19

Update Node.js to >=16.20.2

8be3308

jakubmazanec force-pushed the renovate/node-16.x branch from 543e40b to 6911d99 Compare October 12, 2023 21:55

jakubmazanec changed the title ~~Update Node.js to >=16.20.2~~ Update Node.js Oct 12, 2023

jakubmazanec force-pushed the renovate/node-16.x branch from 6911d99 to b7f011e Compare October 12, 2023 22:01

jakubmazanec previously approved these changes Oct 12, 2023

View reviewed changes

Update

3ac9fee

jakubmazanec dismissed their stale review via 3ac9fee October 12, 2023 22:09

jakubmazanec force-pushed the renovate/node-16.x branch from b7f011e to 3ac9fee Compare October 12, 2023 22:09

jakubmazanec approved these changes Oct 12, 2023

View reviewed changes

jakubmazanec merged commit 01fc14d into development Oct 12, 2023

jakubmazanec deleted the renovate/node-16.x branch October 12, 2023 23:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Node.js #44

Update Node.js #44

renovate bot commented Oct 1, 2023 •

edited

Loading

renovate bot commented Oct 11, 2023

Update Node.js #44

Update Node.js #44

Conversation

renovate bot commented Oct 1, 2023 • edited Loading

Release Notes

v16.20.2: 2023-08-09, Version 16.20.2 'Gallium' (LTS), @​RafaelGSS

Notable Changes

Commits

v16.20.1: 2023-06-20, Version 16.20.1 'Gallium' (LTS), @​RafaelGSS

Notable Changes

Commits

Configuration

renovate bot commented Oct 11, 2023

Edited/Blocked Notification

renovate bot commented Oct 1, 2023 •

edited

Loading

`v16.20.2`: 2023-08-09, Version 16.20.2 'Gallium' (LTS), @RafaelGSS

`v16.20.1`: 2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSS