chore(deps): update node.js to v18.16.1 #3622

Merged

konrad merged 1 commits from renovate/node-18.x into main 2023-06-21 05:39:06 +00:00

Conversation 1 Commits 1 Files Changed 1 +1 -1

renovate commented 2023-06-20 21:03:48 +00:00

Member

Copy Link

This PR contains the following updates:

Package	Update	Change
node	patch	18.16.0 -> 18.16.1

---

Release Notes

nodejs/node

v18.16.1: 2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
• CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
• CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
• CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
• CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 28th March.
  • OpenSSL security advisory 20th April.
  • OpenSSL security advisory 30th May
• c-ares vulnerabilities:
  • GHSA-9g78-jv2r-p7vc
  • GHSA-8r8p-23f3-64c2
  • GHSA-54xr-f67r-4pc4
  • GHSA-x6mf-cxr9-8q6v

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Commits

• [`bf3e2c8928`](https://github.com/nodejs/node/commit/bf3e2c8928)] - **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen) [nodejs-private/node-private#​393](https://github.com/nodejs-private/node-private/pull/393)
  

• [`70f9449072`](https://github.com/nodejs/node/commit/70f9449072)] - **deps**: set `CARES_RANDOM_FILE` for c-ares (Richard Lau) [#​48156](https://github.com/nodejs/node/pull/48156)
  

• [`35d4efb57b`](https://github.com/nodejs/node/commit/35d4efb57b)] - **deps**: update c-ares to 1.19.1 (RafaelGSS) [#​48115](https://github.com/nodejs/node/pull/48115)
  

• [`392dfedc77`](https://github.com/nodejs/node/commit/392dfedc77)] - **deps**: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) [#​48402](https://github.com/nodejs/node/pull/48402)
  

• [`46cd5fe38b`](https://github.com/nodejs/node/commit/46cd5fe38b)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) [#​48402](https://github.com/nodejs/node/pull/48402)
  

• [`7e3d2d85c2`](https://github.com/nodejs/node/commit/7e3d2d85c2)] - **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen) [nodejs-private/node-private#​426](https://github.com/nodejs-private/node-private/pull/426)
  

• [`4ff6ba050a`](https://github.com/nodejs/node/commit/4ff6ba050a)] - **http**: disable request smuggling via rempty headers (Paolo Insogna) [nodejs-private/node-private#​428](https://github.com/nodejs-private/node-private/pull/428)
  

• [`ab269129a6`](https://github.com/nodejs/node/commit/ab269129a6)] - **msi**: do not create AppData\Roaming\npm (Tobias Nießen) [nodejs-private/node-private#​408](https://github.com/nodejs-private/node-private/pull/408)
  

• [`925e8f5619`](https://github.com/nodejs/node/commit/925e8f5619)] - **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS) [nodejs-private/node-private#​416](https://github.com/nodejs-private/node-private/pull/416)
  

• [`d6fae8e47e`](https://github.com/nodejs/node/commit/d6fae8e47e)] - **test**: allow SIGBUS in signal-handler abort test (Michaël Zasso) [#​47851](https://github.com/nodejs/node/pull/47851)
  
  

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [node](https://github.com/nodejs/node) | patch | `18.16.0` -> `18.16.1` | --- ### Release Notes <details> <summary>nodejs/node</summary> ### [`v18.16.1`](https://github.com/nodejs/node/releases/tag/v18.16.1): 2023-06-20, Version 18.16.1 &#x27;Hydrogen&#x27; (LTS), @&#8203;RafaelGSS [Compare Source](https://github.com/nodejs/node/compare/v18.16.0...v18.16.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) - [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) - [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium) - [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium) - [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt). - [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt). - [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt) - c-ares vulnerabilities: - [GHSA-9g78-jv2r-p7vc](https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc) - [GHSA-8r8p-23f3-64c2](https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2) - [GHSA-54xr-f67r-4pc4](https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4) - [GHSA-x6mf-cxr9-8q6v](https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v) More detailed information on each of the vulnerabilities can be found in [June 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/) blog post. ##### Commits - \[[`bf3e2c8928`](https://github.com/nodejs/node/commit/bf3e2c8928)] - **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen) [nodejs-private/node-private#&#8203;393](https://github.com/nodejs-private/node-private/pull/393) - \[[`70f9449072`](https://github.com/nodejs/node/commit/70f9449072)] - **deps**: set `CARES_RANDOM_FILE` for c-ares (Richard Lau) [#&#8203;48156](https://github.com/nodejs/node/pull/48156) - \[[`35d4efb57b`](https://github.com/nodejs/node/commit/35d4efb57b)] - **deps**: update c-ares to 1.19.1 (RafaelGSS) [#&#8203;48115](https://github.com/nodejs/node/pull/48115) - \[[`392dfedc77`](https://github.com/nodejs/node/commit/392dfedc77)] - **deps**: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) [#&#8203;48402](https://github.com/nodejs/node/pull/48402) - \[[`46cd5fe38b`](https://github.com/nodejs/node/commit/46cd5fe38b)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) [#&#8203;48402](https://github.com/nodejs/node/pull/48402) - \[[`7e3d2d85c2`](https://github.com/nodejs/node/commit/7e3d2d85c2)] - **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen) [nodejs-private/node-private#&#8203;426](https://github.com/nodejs-private/node-private/pull/426) - \[[`4ff6ba050a`](https://github.com/nodejs/node/commit/4ff6ba050a)] - **http**: disable request smuggling via rempty headers (Paolo Insogna) [nodejs-private/node-private#&#8203;428](https://github.com/nodejs-private/node-private/pull/428) - \[[`ab269129a6`](https://github.com/nodejs/node/commit/ab269129a6)] - **msi**: do not create AppData\Roaming\npm (Tobias Nießen) [nodejs-private/node-private#&#8203;408](https://github.com/nodejs-private/node-private/pull/408) - \[[`925e8f5619`](https://github.com/nodejs/node/commit/925e8f5619)] - **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS) [nodejs-private/node-private#&#8203;416](https://github.com/nodejs-private/node-private/pull/416) - \[[`d6fae8e47e`](https://github.com/nodejs/node/commit/d6fae8e47e)] - **test**: allow SIGBUS in signal-handler abort test (Michaël Zasso) [#&#8203;47851](https://github.com/nodejs/node/pull/47851) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4yNC42IiwidXBkYXRlZEluVmVyIjoiMzUuMjQuNiJ9-->

renovate added the

dependencies

label 2023-06-20 21:03:48 +00:00

renovate added 1 commit 2023-06-20 21:03:48 +00:00

chore(deps): update node.js to v18.16.1 e54b5e88cc

frederick commented 2023-06-20 21:09:35 +00:00

Member

Copy Link

Hi renovate!

Thank you for creating a PR!

I've deployed the changes of this PR on a preview environment under this URL: https://3622-renovate-node-18-x--vikunja-frontend-preview.netlify.app

You can use this url to view the changes live and test them out.
You will need to manually connect this to an api running somehwere. The easiest to use is https://try.vikunja.io/.

Have a nice day!

Beep boop, I'm a bot.

Hi renovate! Thank you for creating a PR! I've deployed the changes of this PR on a preview environment under this URL: https://3622-renovate-node-18-x--vikunja-frontend-preview.netlify.app You can use this url to view the changes live and test them out. You will need to manually connect this to an api running somehwere. The easiest to use is https://try.vikunja.io/. Have a nice day! > Beep boop, I'm a bot.

konrad merged commit e54b5e88cc into main 2023-06-21 05:39:06 +00:00

konrad deleted branch renovate/node-18.x 2023-06-21 05:39:06 +00:00

This repo is archived. You cannot comment on pull requests.

Reviewers

No reviewers

Labels

Clear labels   

area/internal-code

  

changes requested

  

confirmed

  

dependencies

  

duplicate

This issue or pull request already exists

  

good first issue

  

help wanted

Need some help

  

hosting

  

invalid

Something is wrong

  

kind/bug

Something is not working

  

kind/feature

New feature

  

question

More information is needed

  

wontfix

This won't be fixed

No Label

area/internal-code

changes requested

confirmed

dependencies

duplicate

good first issue

help wanted

hosting

invalid

kind/bug

kind/feature

question

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/frontend#3622

No description provided.