Releases: balena-io/deploy-to-balena-action
v2.0.74
Update dependency balena-io/balena-cli to v18.2.33
Notable changes
-actions/setup-node (actions/setup-node)
- patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
- minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]
-balena-io-modules/etcher-sdk (etcher-sdk) - patch: use http2 to fix issues with url source [Edwin Joassart]
- patch: remove CI workaround [Edwin Joassart]
- patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]
-dominictarr/event-stream (event-stream) - Removed support for Node versions 11 and below.
- The verify() function no longer accepts unsigned tokens by default. ([
8345030
]auth0/node-jsonwebtoken@8345030) - RSA key size must be 2048 bits or greater. ([
ecdf6cc
]auth0/node-jsonwebtoken@ecdf6cc) - Key types must be valid for the signing / verification algorithm
- security: fixes
Arbitrary File Write via verify function
- CVE-2022-23529 - security: fixes
Insecure default algorithm in jwt.verify() could lead to signature validation bypass
- CVE-2022-23540 - security: fixes
Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
- CVE-2022-23541 - security: fixes
Unrestricted key type could lead to legacy keys usage
- CVE-2022-23539
-auth0/node-jsonwebtoken (jsonwebtoken) - Update @actions/artifact dependency by @bethanyj28 in https://github.com/actions/download-artifact/pull/325
- updating
@actions/artifact
dependency to v2.1.6 by @eggyhead in https://github.com/actions/download-artifact/pull/324 - Update readme with v3/v2/v1 deprecation notice by @robherley in https://github.com/actions/download-artifact/pull/322
- Update dependencies
@actions/core
to v1.10.1 and@actions/artifact
to v2.1.5 - Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/307
- Update release-new-action-version.yml by @konradpabjan in https://github.com/actions/download-artifact/pull/292
- Update toolkit dependency with updated unzip logic by @bethanyj28 in https://github.com/actions/download-artifact/pull/299
- Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/303
- @bethanyj28 made their first contribution in https://github.com/actions/download-artifact/pull/299
- Bump @actions/artifacts to latest version to include updated GHES host check
- Fix transient request timeouts https://github.com/actions/download-artifact/issues/249
- Bump
@actions/artifacts
to latest version
-actions/download-artifact (actions/download-artifact)
balena-io/balena-cli (balena-io/balena-cli)
v18.2.33
v18.2.32
v18.2.31
a39a772
(Deduplicate dependencies, 2024-07-15)
efa0d67
(deploy: Use the sdk's pine instance with balena-compose, 2024-07-15)
232b967
(Update balena-sdk to 19.7.3, 2024-07-13)
v18.2.30
4e101e2
(Omit unicode control character escapes from test logs, 2024-07-13)
9f9fd97
(Deduplicate dependencies, 2024-07-13)
v18.2.29
3c64e13
(Update balena-preload from 15.0.5 to 15.0.6, 2024-07-11)
v18.2.28
79fcd95
(Downgrade pinejs-client-request to 7.4.2 to unblock the sdk update, 2024-07-12)
33199ac
(Update balena-sdk to 19.7.2, 2024-07-12)
v18.2.27
1702f8b
(Update balena-sdk to 19.5.5, 2024-07-12)
v18.2.26
1bc0f74
(Drop unused dependencies, 2024-07-11)
f65215e
(Move dependencies that should be dev only as devDependencies, 2024-07-11)
v18.2.25
b1073ca
(Fix complete generation intermitency, 2024-07-10)
e659e35
(Bump oclif to v4, 2024-07-10)
v18.2.24
19a60bb
(Update mocha from 8.4.0 to 10.6.0, 2024-07-10)
d1a6f75
(Override inline-source-cli with non-vulnerable dependency, 2024-07-10)
v18.2.23
7273656
(Replace resin-discoverable-services with bonjour-service, 2024-07-09)
v18.2.22
1749937
(Remove unused dependency minimatch, 2024-07-10)
v18.2.21
6c89ba4
(Bump resin-discoverable-services from 2.0.4 to 2.0.5, 2024-07-09)
v18.2.20
b6d1afa
(Audit fix dependencies, 2024-07-05)
v18.2.19
93e597a
(Remove unused package publish-release
, 2024-07-05)
v18.2.18
Update actions/setup-node action to v4
Notable changes
List of commits
c30a1dc
(Update actions/setup-node action to v4, 2024-07-02)
v18.2.17
[Compare Source](https://github.com/balena-i...
v2.0.73
Update Node.js to v18.20.4
Notable changes
- CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
- CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
- [
85abedf1ff
] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522 - [
eccd63b865
] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596
nodejs/node (node)
v18.20.4
: 2024-07-08, Version 18.20.4 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
Notable Changes
- CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
- CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
Commits
- [
85abedf1ff
] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522 - [
eccd63b865
] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596
List of commits
45ef26f (Update Node.js to v18.20.4, 2024-07-25)