pluralsh
chore(frontend): update node.js to v18.16.1
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| node | engines | patch | 18.16.0 -> 18.16.1 |
Release Notes
nodejs/node (node)
v18.16.1: 2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
-
CVE-2023-30581:
mainModule.__proto__Bypass Experimental Policy Mechanism (High) - CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
- OpenSSL Security Releases
- c-ares vulnerabilities:
More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.
Commits
- [
bf3e2c8928] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen) nodejs-private/node-private#393 - [
70f9449072] - deps: setCARES_RANDOM_FILEfor c-ares (Richard Lau) #48156 - [
35d4efb57b] - deps: update c-ares to 1.19.1 (RafaelGSS) #48115 - [
392dfedc77] - deps: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
46cd5fe38b] - deps: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402 - [
7e3d2d85c2] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426 - [
4ff6ba050a] - http: disable request smuggling via rempty headers (Paolo Insogna) nodejs-private/node-private#428 - [
ab269129a6] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408 - [
925e8f5619] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416 - [
d6fae8e47e] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Renovate Bot.
![plural-renovate[bot] avatar](https://avatars.githubusercontent.com/in/259360?v=4 "Published by a pub.dev verified publisher"){kind=small}
Visit the preview URL for this PR (updated for commit 187df41):
https://pluralsh-console--pr493-renovate-frontend-no-ss9leeiu.web.app
(expires Sat, 22 Jun 2024 20:49:45 GMT)
🔥 via Firebase Hosting GitHub Action 🌎
Sign: dd1ffa0705acc6ef7d6db370e6bd6fc390e945ce
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
⚠ Artifact update problem
Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: assets/yarn.lock
/usr/local/bin/yarn: line 4: .: filename argument required
.: usage: . filename [arguments]
/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23025
const isURL = URL.canParse(range);
^
TypeError: URL.canParse is not a function
at parseSpec (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23025:21)
at loadSpec (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23088:11)
at async Engine.findProjectSpec (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23262:22)
at async Engine.executePackageManagerRequest (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23314:24)
at async Object.runMain (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:24007:5)
Node.js v18.16.1
File name: assets/e2e/yarn.lock
/usr/local/bin/yarn: line 4: .: filename argument required
.: usage: . filename [arguments]
/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23025
const isURL = URL.canParse(range);
^
TypeError: URL.canParse is not a function
at parseSpec (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23025:21)
at loadSpec (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23088:11)
at async Engine.findProjectSpec (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23262:22)
at async Engine.executePackageManagerRequest (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:23314:24)
at async Object.runMain (/opt/containerbase/tools/corepack/0.28.2/node_modules/corepack/dist/lib/corepack.cjs:24007:5)
Node.js v18.16.1