Update Node.js to v16.20.1

[renovate]

This PR contains the following updates:

Package	Update	Change
node	patch	16.20.0 -> 16.20.1

---

Release Notes

nodejs/node

v16.20.1: 2023-06-20, Version 16.20.1 'Gallium' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
• CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
• CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
• CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
• CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 28th March.
  • OpenSSL security advisory 20th April.
  • OpenSSL security advisory 30th May
• c-ares vulnerabilities:
  • GHSA-9g78-jv2r-p7vc
  • GHSA-8r8p-23f3-64c2
  • GHSA-54xr-f67r-4pc4
  • GHSA-x6mf-cxr9-8q6v

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Commits

• [5a92ea7a3b] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen)
• [5df04e893a] - deps: set CARES_RANDOM_FILE for c-ares (Richard Lau) #​48156
• [c171cbd124] - deps: update c-ares to 1.19.1 (RafaelGSS) #​48115
• [155d3aac02] - deps: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) #​48369
• [8d4c8f8ebe] - deps: upgrade openssl sources to OpenSSL_1_1_1u (RafaelGSS) #​48369
• [1a5c9284eb] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#​426
• [e42ff4b018] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#​429
• [10042683c8] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#​408
• [a6f4e87bc9] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#​416
• [b77000f4d7] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #​47851

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (2db0af6) 38.49% compared to head (1c09890) 38.49%.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #201   +/-   ##
=======================================
  Coverage   38.49%   38.49%           
=======================================
  Files           8        8           
  Lines        1626     1626           
=======================================
  Hits          626      626           
  Misses        964      964           
  Partials       36       36           

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.