chore(deps): update node.js to v18.17.1 #3714

Merged

konrad merged 1 commits from renovate/node-18.x into main 2023-08-21 10:58:22 +00:00

Conversation 1 Commits 1 Files Changed 1 +1 -1

renovate commented 2023-08-09 18:06:33 +00:00

Member

Copy Link

This PR contains the following updates:

Package	Update	Change
node	patch	18.17.0 -> 18.17.1

---

Release Notes

nodejs/node

v18.17.1: 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-32002: Policies can be bypassed via Module._load (High)
• CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
• CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 14th July.
  • OpenSSL security advisory 19th July.
  • OpenSSL security advisory 31st July

More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

Commits

• [`fe3abdf82e`](https://github.com/nodejs/node/commit/fe3abdf82e)] - **deps**: update archs files for openssl-3.0.10+quic1 (Node.js GitHub Bot) [#​49036](https://github.com/nodejs/node/pull/49036)
  

• [`2c5a522d9c`](https://github.com/nodejs/node/commit/2c5a522d9c)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.10+quic1 (Node.js GitHub Bot) [#​49036](https://github.com/nodejs/node/pull/49036)
  

• [`15bced0bde`](https://github.com/nodejs/node/commit/15bced0bde)] - **policy**: handle Module.constructor and main.extensions bypass (RafaelGSS) [nodejs-private/node-private#​417](https://github.com/nodejs-private/node-private/pull/417)
  

• [`d4570fae35`](https://github.com/nodejs/node/commit/d4570fae35)] - **policy**: disable process.binding() when enabled (Tobias Nießen) [nodejs-private/node-private#​460](https://github.com/nodejs-private/node-private/pull/460)
  
  

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [node](https://github.com/nodejs/node) | patch | `18.17.0` -> `18.17.1` | --- ### Release Notes <details> <summary>nodejs/node</summary> ### [`v18.17.1`](https://github.com/nodejs/node/releases/tag/v18.17.1): 2023-08-09, Version 18.17.1 &#x27;Hydrogen&#x27; (LTS), @&#8203;RafaelGSS [Compare Source](https://github.com/nodejs/node/compare/v18.17.0...v18.17.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002): Policies can be bypassed via Module.\_load (High) - [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006): Policies can be bypassed by module.constructor.createRequire (Medium) - [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559): Policies can be bypassed via process.binding (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html). - [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html). - [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html) More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/) blog post. ##### Commits - \[[`fe3abdf82e`](https://github.com/nodejs/node/commit/fe3abdf82e)] - **deps**: update archs files for openssl-3.0.10+quic1 (Node.js GitHub Bot) [#&#8203;49036](https://github.com/nodejs/node/pull/49036) - \[[`2c5a522d9c`](https://github.com/nodejs/node/commit/2c5a522d9c)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.10+quic1 (Node.js GitHub Bot) [#&#8203;49036](https://github.com/nodejs/node/pull/49036) - \[[`15bced0bde`](https://github.com/nodejs/node/commit/15bced0bde)] - **policy**: handle Module.constructor and main.extensions bypass (RafaelGSS) [nodejs-private/node-private#&#8203;417](https://github.com/nodejs-private/node-private/pull/417) - \[[`d4570fae35`](https://github.com/nodejs/node/commit/d4570fae35)] - **policy**: disable process.binding() when enabled (Tobias Nießen) [nodejs-private/node-private#&#8203;460](https://github.com/nodejs-private/node-private/pull/460) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4yNC42IiwidXBkYXRlZEluVmVyIjoiMzUuMjQuNiJ9-->

renovate added the

dependencies

label 2023-08-09 18:06:33 +00:00

renovate added 1 commit 2023-08-09 18:06:35 +00:00

chore(deps): update node.js to v18.17.1 89ce2ee1d6

frederick commented 2023-08-09 18:10:34 +00:00

Member

Copy Link

Hi renovate!

Thank you for creating a PR!

I've deployed the changes of this PR on a preview environment under this URL: https://3714-renovate-node-18-x--vikunja-frontend-preview.netlify.app

You can use this url to view the changes live and test them out.
You will need to manually connect this to an api running somehwere. The easiest to use is https://try.vikunja.io/.

Have a nice day!

Beep boop, I'm a bot.

Hi renovate! Thank you for creating a PR! I've deployed the changes of this PR on a preview environment under this URL: https://3714-renovate-node-18-x--vikunja-frontend-preview.netlify.app You can use this url to view the changes live and test them out. You will need to manually connect this to an api running somehwere. The easiest to use is https://try.vikunja.io/. Have a nice day! > Beep boop, I'm a bot.

konrad merged commit 2b47e5faec into main 2023-08-21 10:58:22 +00:00

This repo is archived. You cannot comment on pull requests.

Reviewers

No reviewers

Labels

Clear labels   

area/internal-code

  

changes requested

  

confirmed

  

dependencies

  

duplicate

This issue or pull request already exists

  

good first issue

  

help wanted

Need some help

  

hosting

  

invalid

Something is wrong

  

kind/bug

Something is not working

  

kind/feature

New feature

  

question

More information is needed

  

wontfix

This won't be fixed

No Label

area/internal-code

changes requested

confirmed

dependencies

duplicate

good first issue

help wanted

hosting

invalid

kind/bug

kind/feature

question

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/frontend#3714

No description provided.