Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Node.js to v20.11.1 #6220

Merged
merged 1 commit into from
Mar 2, 2024
Merged

Update Node.js to v20.11.1 #6220

merged 1 commit into from
Mar 2, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 2, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
node docker patch 20.11.0 -> 20.11.1 age adoption passing confidence
@types/node (source) devDependencies patch 20.11.19 -> 20.11.24 age adoption passing confidence

Release Notes

nodejs/node (node)

v20.11.1: 2024-02-14, Version 20.11.1 'Iron' (LTS), @​RafaelGSS prepared by @​marco-ippolito

Compare Source

Notable changes

This is a security release.

Notable changes
  • CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
  • CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  • CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
  • CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
  • CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  • CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
  • CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
  • CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  • undici version 5.28.3
  • libuv version 1.48.0
  • OpenSSL version 3.0.13+quic1
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added dependencies use for pull requests that update a dependency file filigran team use to identify PR from the Filigran team labels Mar 2, 2024
Copy link

codecov bot commented Mar 2, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 66.67%. Comparing base (5fbd7bb) to head (8dab71f).
Report is 6 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #6220      +/-   ##
==========================================
+ Coverage   66.65%   66.67%   +0.01%     
==========================================
  Files         541      541              
  Lines       64408    64408              
  Branches     5251     5252       +1     
==========================================
+ Hits        42934    42941       +7     
+ Misses      21474    21467       -7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@SamuelHassine SamuelHassine merged commit 78d7fa7 into master Mar 2, 2024
8 checks passed
@SamuelHassine SamuelHassine deleted the renovate/node-20.x branch March 2, 2024 11:49
aHenryJard pushed a commit that referenced this pull request Mar 4, 2024
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Goumies pushed a commit that referenced this pull request Mar 13, 2024
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Archidoit pushed a commit that referenced this pull request Jun 6, 2024
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies use for pull requests that update a dependency file filigran team use to identify PR from the Filigran team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant