chore(deps): update node.js to v16.20.2 #142
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
16.19.1
->16.20.2
Release Notes
nodejs/node (node)
v16.20.2
: 2023-08-09, Version 16.20.2 'Gallium' (LTS), @RafaelGSSCompare Source
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.
Commits
40c3958a5a
] - deps: update archs files for OpenSSL-1.1.1v (RafaelGSS) #49043a9ac9da89a
] - deps: fix openssl crypto clean (RafaelGSS) #49043362d4c7494
] - deps: upgrade openssl sources to OpenSSL_1_1_1v (RafaelGSS) #49043d8ccfe9ad4
] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#445242aaa0caa
] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#459v16.20.1
: 2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSSCompare Source
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
mainModule.__proto__
Bypass Experimental Policy Mechanism (High)More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.
Commits
5a92ea7a3b
] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen)5df04e893a
] - deps: setCARES_RANDOM_FILE
for c-ares (Richard Lau) #48156c171cbd124
] - deps: update c-ares to 1.19.1 (RafaelGSS) #48115155d3aac02
] - deps: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) #483698d4c8f8ebe
] - deps: upgrade openssl sources to OpenSSL_1_1_1u (RafaelGSS) #483691a5c9284eb
] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426e42ff4b018
] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#42910042683c8
] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408a6f4e87bc9
] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416b77000f4d7
] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851v16.20.0
: 2023-03-29, Version 16.20.0 'Gallium' (LTS), @BethGriggsCompare Source
Notable Changes
Commits
de6dd67790
] - crypto: avoid hang when no algorithm available (Richard Lau) #462374617512788
] - crypto: ensure auth tag set for chacha20-poly1305 (Ben Noordhuis) #4618524972164fc
] - deps: update undici to 5.20.0 (Node.js GitHub Bot) #4671185f88c6a8d
] - deps: V8: cherry-pick90be99f
(Michaël Zasso) #46646b4ebe6d47b
] - deps: update c-ares to 1.19.0 (Michaël Zasso) #4641556cbc7fdda
] - deps: V8: cherry-pickc2792e5
(Jiawen Geng) #449617af9bdb31e
] - deps: upgrade npm to 8.19.4 (npm team) #46677962a7471b5
] - deps: update corepack to 0.17.0 (Node.js GitHub Bot) #46842748bc96e35
] - deps: update corepack to 0.16.0 (Node.js GitHub Bot) #46710a467782499
] - deps: update corepack to 0.15.3 (Node.js GitHub Bot) #460371913b6763d
] - deps: update corepack to 0.15.2 (Node.js GitHub Bot) #45635809371a15f
] - module: require.resolve.paths returns null with node schema (MURAKAMI Masahiko) #45147086bb2f8d4
] - Revert "src: let http2 streams end after session close" (Rich Trott) #467216a01d39120
] - (SEMVER-MINOR) src: add support for externally shared js builtins (Michael Dawson) #44376d081032a60
] - test: fix test-net-connect-reset-until-connected (Vita Batrla) #46781efe1be47ec
] - test: skip test depending onoverlapped-checker
when not available (Antoine du Hamel) #45015fc47d58abe
] - test: remove cjs loader from stack traces (Geoffrey Booth) #44197cf76d0790d
] - test: fix WPT title when no META title is present (Filip Skokan) #468040d1485b924
] - test: fix default WPT titles (Filip Skokan) #46778088e9cde3d
] - test: add WPTRunner support for variants and generating WPT reports (Filip Skokan) #46498908c4dff44
] - test: mark test-crypto-key-objects flaky on Linux (Richard Lau) #46684768e56227e
] - tools: makeutils.SearchFiles
deterministic (Bruno Pitrus) #44496Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.