react-instagram-embed
react-instagram-embed copied to clipboard
sugarshin
Update Node.js to v14.17.6 - abandoned
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| node | patch | 14.17.3 -> 14.17.6 |
Release Notes
nodejs/node
v14.17.6: 2021-08-31, Version 14.17.6 'Fermium' (LTS), @MylesBorins
This is a security release.
Notable Changes
These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.
You can read more about it in:
Commits
- [
5b3f70bfb5] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #39868 - [
71372625ae] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #39868 - [
4276984803] - deps: upgrade npm to 6.14.15 (Darcy Clarke) #39856
v14.17.5: 2021-08-11, Version 14.17.5 'Fermium' (LTS), @BethGriggs
This is a security release.
Notable Changes
-
CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
- Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
-
CVE-2021-22940: Use after free on close http2 on stream canceling (High)
- Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940.
-
CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
- If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.
Commits
- [
4923b59e0b] - deps: update c-ares to 1.17.2 (Beth Griggs) #39724 - [
847a4c6a8a] - deps: reflect c-ares source tree (Beth Griggs) #39653 - [
33208e2f89] - deps: apply missed updates from c-ares 1.17.1 (Beth Griggs) #39653 - [
af5c1af9a4] - http2: add tests for cancel event while client is paused reading (Akshay K) #39622 - [
434872e838] - http2: update handling of rst_stream with error code NGHTTP2_CANCEL (Akshay K) #39622 - [
35b86110e4] - tls: validate "rejectUnauthorized: undefined" (Matteo Collina) nodejs-private/node-private#276
v14.17.4: 2021-07-29, Version 14.17.4 'Fermium' (LTS), @richardlau
This is a security release.
Notable Changes
-
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
- Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
This releases also fixes some regressions with internationalization introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.
Commits
- [
86477b2b53] - benchmark: output JSON-compatible numbers (Michaël Zasso) #38778 - [
f9693cf0a0] - benchmark: fix http elapsed time (Antoine du Hamel) #38743 - [
1ab4f81abc] - build: fix building with external builtins (Momtchil Momtchev) #39091 - [
a657f250f1] - build: reconfigure when gyp files change on Windows (Joyee Cheung) #39066 - [
6962c647d6] - Revert "build: work around bug in MSBuild v16.10.0" (Michaël Zasso) #38977 - [
069cf59e56] - build: make build-addons errors fail the build (Richard Lau) #38983 - [
d341561ae0] - build: fix commit-queue default branch (Mary Marchini) #38998 - [
0736dd833a] - build: don't pass python override to V8 build (Richard Lau) #38969 - [
49a000683a] - build: correct Xcode spelling in .gitignore (bl-ue) #38895 - [
1ffbe3d5da] - build: remove outdated dont-land-on-v6.x label (Michaël Zasso) #38886 - [
7f53a0b349] - build: add lto build to CI (Jiawen Geng) #38567 - [
a6f8ba8f0c] - build: allow LTO with Clang 3.9.1+ (Jesse Chan) #38751 - [
b5b1d1fb79] - build: replace non-POSIX test -a|o (Issam E. Maghni) #38731 - [
fc2b1ec308] - child_process: refactor to usevalidateBoolean(Qingyu Deng) #38927 - [
55ea29eedd] - child_process: retain reference to data with advanced serialization (Anna Henningsen) #38728 - [
716ee1531c] - debugger: rename internal library for clarity (Rich Trott) #39080 - [
b7ee9d8287] - debugger: use ERR_DEBUGGER_STARTUP_ERROR in _inspect.js (Rich Trott) #39024 - [
5d4d23dcf3] - debugger: use error codes in debugger REPL (Rich Trott) #39024 - [
a3991d7c18] - debugger: use ERR_DEBUGGER_ERROR in debugger client (Rich Trott) #39024 - [
052e1c5385] - debugger: removed unused function argument (Rich Trott) #38850 - [
f9a4dcb30c] - debugger: refactorinspect_replto use primordials (Antoine du Hamel) #38551 - [
ad8056659f] - debugger: refactor to use internal modules (Antoine du Hamel) #38550 - [
b5724a1984] - debugger: disable only the lint rules required by current file state (Rich Trott) #38529 - [
34659f2b7a] - debugger: avoid non-ASCII char in code file (Rich Trott) #38529 - [
ae90756582] - debugger: wrap lines longer than 80 chars (Rich Trott) #38529 - [
b30ff35a36] - debugger: align message with Node.js standard (Rich Trott) #38400 - [
d74d67f207] - debugger: remove unnecessary boilerplate copyright comment (Rich Trott) #38952 - [
e58f938ab3] - debugger: enable linter oninternal/inspector/inspect_client(Antoine du Hamel) #38417 - [
249acd5e69] - debugger: reduce scope of eslint disable comment (Rich Trott) #38946 - [
0ef5e088c0] - debugger: revise async iterator usage to comply with lint rules (Rich Trott) #38847 - [
79bfb0416b] - debugger: wait for V8 debugger to be enabled (Michaël Zasso) #38811 - [
721edeffd3] - debugger: refactorinternal/inspector/_inspectto use more primordials (Antoine du Hamel) #38406 - [
21ecee1b4b] - debugger: add usage example for--port(Rafael Gonzaga) #38400 - [
cde72213d1] - Revert "debugger: rename internal library for clarity" (Antoine du Hamel) #39446 - [
4c2b813799] - debugger: rename internal library for clarity (Rich Trott) #39080 - [
61da371251] - debugger: apply automatic lint fixes for inspect_repl.js (Rich Trott) #38411 - [
8dd1f70fe3] - debugger: apply automatic lint fixes for _inspect.js (Rich Trott) #38411 - [
fb0ab4c034] - debugger: removed unused function argument (Rich Trott) #38850 - [
9e28c6c946] - debugger: fix race condition/deadlock on initialization (Rich Trott) #38161 - [
a8924fa0fb] - debugger: replace internal use of deprecated API (Rich Trott) #38161 - [
22afb7cbe6] - debugger: allow longer time to connect (Rich Trott) #38161 - [
b172e6f436] - debugger: accommodate line chunking in Windows (Rich Trott) #38161 - [
1da692185a] - debugger: fix inspect restart on Windows (Rich Trott) #38161 - [
0321c5b194] - debugger: remove unused code (Rich Trott) #38161 - [
8bd2a3926a] - debugger: move node-inspect to internal library (Rich Trott) #38161 - [
acf5279c39] - deps: upgrade npm to 6.14.14 (Darcy Clarke) #39553 - [
4efefe02a8] - deps: V8: backportae7bfb3(Michaël Zasso) #39051 - [
5039f21396] - deps: V8: backport16ffec9(Michaël Zasso) #39051 - [
9b69069f71] - deps: V8: cherry-pickb0a7f56(Michaël Zasso) #39051 - [
4213e97d26] - deps: V8: cherry-pick81181a8(thomasmichaelwallace) #39187 - [
ccecea5f72] - deps: restore minimum ICU version to 65 (Richard Lau) #39068 - [
7557e74cf4] - deps: V8: update build dependencies (Michaël Zasso) #39244 - [
a60a960406] - deps: V8: cherry-pick8959494(Michaël Zasso) #39244 - [
7fdd6ecbb4] - deps: V8: cherry-pick0b3a4ec(Michaël Zasso) #39244 - [
4be2e878b7] - deps: V8: cherry-pick7c182bd(Michaël Zasso) #39244 - [
a83b01a4af] - deps: V8: cherry-pick92e6d33(Michaël Zasso) #39244 - [
17eb561184] - deps: V8: backport1b1eda0(Michaël Zasso) #39244 - [
04032fa1a3] - doc: remove references to deleted freenode channels (devsnek) #39047 - [
797bd73849] - doc: add missing parameter types (Voltrex) #39013 - [
e474e984e5] - doc: clarify that only one Python version is required to build (bl-ue) #38894 - [
cd48ee71d9] - doc: fixed typo in process.md (Derevianchenko Maksym) #38941 - [
41fcbad2b2] - doc: add missing semis after classes (Darshan Sen) #38931 - [
b40529643b] - doc: mark util.inherits as legacy (Voltrex) #38896 - [
b2d836b1ea] - doc: clarify whenreadable._read(...)is called (Shaun Keys) #38726 - [
e36d2a6d6a] - doc: fixed typo in n-api.md (julianjany) #38822 - [
b4f60bb523] - doc: use "Long Term Support" in collaborator guide (Rich Trott) #38841 - [
7a9850a5fb] - doc: use "Long Term Support" in technical values doc (Rich Trott) #38841 - [
dfe9698db0] - doc: use "Long Term Support" in README (Philip) #38839 - [
8699e622fc] - doc: fix grammar infs.md(yotamselementor) #38818 - [
826ae9b2e2] - doc: fixup code sample in http.md (TodorTotev) #38776 - [
8049b69b7f] - doc: document null target pattern (Guy Bedford) #38724 - [
4d9129eb71] - doc: update code examples fornode:urlmodule (fisker Cheung) #38645 - [
2ff671e4c4] - doc,url: clarify domainTo* when built without ICU (Darshan Sen) #38789 - [
9b993edca8] - errors: add ERR_DEBUGGER_STARTUP_ERROR (Rich Trott) #39024 - [
cfccf13e84] - errors: add ERR_DEBUGGER_ERROR (Rich Trott) #39024 - [
bb9a9adc2b] - errors: don't rekey on primitive type (Benjamin Coe) #39025 - [
d48b91ea2b] - http2: on receiving rst_stream with cancel code add it to pending list (Akshay K) #39423 - [
d8cc2fffd6] - lib: add primordials.SafeArrayIterator (Antoine du Hamel) #36532 - [
e3223edb89] - lib: harden lint checks for globals (Antoine du Hamel) #38419 - [
d4f96bb926] - lib: enforce usingprimordials.globalThisinstead ofglobal(Antoine du Hamel) #38230 - [
ea9003a559] - lib: addglobalThisto primordials (Antoine du Hamel) #38211 - [
097a7874d3] - lib: remove semicolon in preparation for babel/eslint-parser update (Rich Trott) #39094 - [
199fe32cbc] - lib: make internal/options lazy (Joyee Cheung) #38993 - [
2bc2a232af] - lib: add JSDoc typings for child_process (Voltrex) #38222 - [
b0a1984d4d] - lib: fix typos (bl-ue) #38846 - [
6c061d5f2c] - meta: update label-pr-config (Michaël Zasso) #38950 - [
afb61786b9] - module: fix legacynodespecifier resolution to resolve"main"field (Antoine du Hamel) #38979 - [
cd3305a9e4] - node-api: avoid SecondPassCallback crash (Michael Dawson) #38899 - [
e7f266e93d] - src: use SPrintF in ProcessEmitWarning (Darshan Sen) #38758 - [
43fe6c1d27] - src: cleanup uv_fs_t regardless of success or not (legendecas) #38996 - [
dcfb182546] - src: refactor to use locale functions (Darshan Sen) #39014 - [
bee477b000] - src: throw error in LoadBuiltinModuleSource when reading fails (Joyee Cheung) #38904 - [
ff7cc8f9ef] - src: add not-weak DCHECK to PersistentToLocal::Strong (Anna Henningsen) #38875 - [
981217e48a] - src: replaceautos in node_api.cc (Khaidi Chu) #38852 - [
73e199d963] - src: fix typos (bl-ue) #38845 - [
2d32031724] - src: use HandleScope in StreamReq::Done() (Darshan Sen) #38720 - [
2c11d3ec0a] - src: remove commented code innode_file.cc(Juan José Arboleda) #38693 - [
846a138f54] - src: write named pipe info in diagnostic report (legendecas) #38637 - [
7d82200861] - src: replaceautos in node_contextify.cc (Khaidi Chu) #38644 - [
51da7d2048] - src,url: separate some tables out of node_url.cc (Khaidi Chu) #38988 - [
45c2ea3b72] - test: add NumberFormat resolvedOptions test (Richard Lau) #39401 - [
6b2fea38d1] - test: move inspector-cli tests to sequential (Rich Trott) #39079 - [
6447cab7be] - test: improve buffer coverage (Rongjian Zhang) #38538 - [
6f1862eab3] - test: fix name of variable in inspector-cli test (Tobias Nießen) #38869 - [
40093504bc] - test: fix typo (Houssem Chebab) #39045 - [
ab28f9b9a1] - test: remove obsolete TLS test (Rich Trott) #39001 - [
b3b59953fe] - test: improve coverage of lib/events.js (Rongjian Zhang) #38582 - [
c99a09f05f] - test: http outgoing _headers setter null (ycjcl868) #38881 - [
660a97b1d5] - test: suppress warning in test_environment.cc (Daniel Bevenius) #38868 - [
0cca16ac4c] - test: improve coverage of fs internal utils (Rongjian Zhang) #38746 - [
fecad40f27] - test: fix writefile with fd (Nitzan Uziely) #38820 - [
01f00faaa8] - test: simplify test-path-resolve.js (himself65) #38671 - [
504bfd7a88] - test: improve coverage forquestionin readline (Qingyu Deng) #38799 - [
eb91932e77] - test: os, replace custom flatten method with built-in Array.flat (Wael Almattar) #38770 - [
aeea252b96] - test: improve coverage of lib/_http_outgoing.js (Rongjian Zhang) #38734 - [
e265d8ee1b] - test: give js-native-api tests consistent names (Gabriel Schulhof) #38692 - [
99fd8bfc6a] - test: fix flaky inspector-cli tests when breakpionts are restored (Rich Trott) #38431 - [
4d3a1fad28] - test: extend timeout on debugger tests for slower machines (Rich Trott) #38161 - [
dd2642b5db] - test: fix comment typo (Rich Trott) #38161 - [
193ea8fd91] - test: fix test-inspector-cli-address (Rich Trott) #38161 - [
a62826bbe6] - test,debugger: migrate node-inspect tests to core (Rich Trott) #38161 - [
ab45ace9bd] - tools: update babel-eslint-parser to 7.14.5 (Rich Trott) #39094 - [
b8e63b3c08] - tools: update ESLint to 7.29.0 (Rich Trott) #39083 - [
54a250e79c] - tools: update doctool dependencies, migrate to ESM (Michaël Zasso) #38966 - [
443db64eed] - tools: avoid crashing CQ when git push fails (Antoine du Hamel) #36861 - [
547f88b149] - tools: fix typo in commit-queue.sh (bl-ue) #39000 - [
1023433a81] - tools: update ESLint to 7.28.0 (Luigi Pinca) #38955 - [
9b4ae8fbb0] - tools: bump remark-preset-lint-node to 2.3.0 (Rich Trott) #38910 - [
2ad0719e86] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #38851 - [
b7686d0c1e] - tools: bump cpplint to 1.5.5 (Rich Trott) #38851 - [
2ec7c9de57] - tools: remove exception for Node.js 8 and earlier (Rich Trott) #38840 - [
1dc71da302] - tools: update setup-node to setup-node@v2 (pengjie) #38825 - [
fc219d862c] - tools: remove node-inspect from license (Rich Trott) #38161 - [
4bb0bd0f0e] - tools,doc: forbid CJS globals in ESM code snippets (Antoine du Hamel) #38889 - [
58154ce426] - typings: add JSDoc typings for https (Voltrex) #38589 - [
6ea1368a67] - typings: add JSDoc typings for events (Voltrex) #38712 - [
b6942a6138] - url,src: simplify ipv6 logic by using uv_inet_pton (Khaidi Chu) #38842 - [
dd00547ada] - vm: use missing validator (Voltrex) #38935 - [
2c28e00685] - worker: do not look up context twice in PostMessage (Anna Henningsen) #38784
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Edited/Blocked Notification
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠️ Warning: custom changes will be lost.