Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update node.js to v21.6.2 #408

Merged
merged 1 commit into from
Feb 16, 2024
Merged

chore(deps): update node.js to v21.6.2 #408

merged 1 commit into from
Feb 16, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 16, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
node final patch 21.6.1 -> 21.6.2

Release Notes

nodejs/node (node)

v21.6.2: 2024-02-14, Version 21.6.2 (Current), @​RafaelGSS

Compare Source

Notable changes

This is a security release.

Notable changes
  • CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
  • CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  • CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
  • CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
  • CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  • CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
  • CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
  • CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  • undici version 5.28.3
  • libuv version 1.48.0
  • OpenSSL version 3.0.13+quic1
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Feb 16, 2024
edited
Loading

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: d6b860d
Status: ✅  Deploy successful!
Preview URL: https://5e66107f.johannes-6eh.pages.dev
Branch Preview URL: https://renovate-node-21-x.johannes-6eh.pages.dev

View logs

@renovate renovate bot added the type/dependencies Issue or PR related to dependencies label Feb 16, 2024
@renovate renovate bot enabled auto-merge (squash) February 16, 2024 01:06
@github-actions GitHub Actions
Copy link

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 95.67% 177 / 185
🔵 Statements 95.67% 177 / 185
🔵 Functions 75% 3 / 4
🔵 Branches 90.9% 10 / 11
File CoverageNo changed files found.
Generated in workflow #924

@renovate renovate bot merged commit 148448c into main Feb 16, 2024
5 checks passed
@renovate renovate bot deleted the renovate/node-21.x branch February 16, 2024 01:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type/dependencies Issue or PR related to dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants