Update all non-major dependencies #193
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v3.4.1->v3.5.018.9.0-alpine->18.10.0-alpineRelease Notes
actions/setup-node
v3.5.0Compare Source
In scope of this release we add support for engines.node. The action will be able to grab the version form package.json#engines.node. https://github.com/actions/setup-node/pull/485. Moreover, we added support for Volta
Besides, we updated @actions/core to 1.9.1 and @actions/cache to 3.0.4
nodejs/node
v18.10.0Compare Source
Notable changes
policydocs to thepermissionsscope (Rafael Gonzaga) #44222ReadableByteStream.tee()(Daeyeon Jeong) #44505Commits
f497368679] - benchmark: fix startup benchmark (Evan Lucas) #447270c9a94684e] - benchmark: add stream destroy benchmark (SindreXie) #445339c5c1459a8] - bootstrap: clean up inspector console methods during serialization (Joyee Cheung) #4427919f67dba8a] - bootstrap: remove unused global parameter in per-context scripts (Joyee Cheung) #444729da11426f6] - build: remove redundant entry in crypto (Jiawen Geng) #4460470898b4e67] - build: rewritten the Android build system (BuShe Pie) #44207a733f7faac] - Revert "build: go faster, drop -fno-omit-frame-pointer" (Ben Noordhuis) #445661315a83333] - build: fix bad upstream merge (Stephen Gallagher) #44642993bd9b134] - crypto: restrict PBKDF2 args to signed int (Tobias Nießen) #44575ca5fb67b4e] - deps: update to ngtcp2 0.8.1 and nghttp3 0.7.0 (Tobias Nießen) #446228da1d6ebc4] - deps: update corepack to 0.14.1 (Node.js GitHub Bot) #44704d36c4a3088] - deps: update ngtcp2 update instructions (Tobias Nießen) #446197129106aa0] - deps: upgrade npm to 8.19.2 (npm team) #446323cc8f4bb56] - deps: update to uvwasi 0.0.13 (Colin Ihrig) #445244686579d4b] - dns: remove unnecessary parameter from validateOneOf (Yagiz Nizipli) #44635729dd95f1f] - dns: refactor default resolver (Joyee Cheung) #445416dc038262a] - doc: mention git node backport (RafaelGSS) #44764fd971f5176] - doc: ensure to revert node_version changes (Rafael Gonzaga) #44760f274b08f8e] - doc: fix description fornapi_get_cb_info()inn-api.md(Daeyeon Jeong) #447612502f2353d] - doc: update the deprecation for exit code to clarify its scope (Daeyeon Jeong) #44714064543d0ae] - doc: update guidance for adding new modules (Michael Dawson) #4457633a2f17534] - doc: add registry number for Electron 22 (Keeley Hammond) #4474810a0d75c26] - doc: include code examples for webstreams consumers (Lucas Santos) #443874dbe4a010c] - doc: mention where to push security commits (RafaelGSS) #4469182cb8151ad] - doc: remove extra space on threadpool usage (Connor Burton) #447346ef9af2748] - doc: make legacy banner slightly less bright (Rich Trott) #44665b209c83e66] - doc: improve building doc for Windows Powershell (Brian Muenzenmeyer) #4462505b17e9250] - doc: maintain only one list of MODP groups (Tobias Nießen) #44644ec1cbdb69b] - doc: add legendecas to TSC list (Michael Dawson) #446629341fb4446] - doc: remove comma in README.md (Taha-Chaudhry) #445993dabb44dda] - doc: use serial comma in report docs (Daeyeon Jeong) #44608226d90a95a] - doc: use serial comma in stream docs (Daeyeon Jeong) #446093f710fa636] - doc: remove empty line in YAML block (Claudio Wunder) #446174ad1b0abc3] - (SEMVER-MINOR) doc: deprecate modp1, modp2, and modp5 groups (Tobias Nießen) #445882d92610525] - doc: remove old OpenSSL ENGINE constants (Tobias Nießen) #4458903705639c4] - doc: fix heading levels for test runner hooks (Fabian Meyer) #446036c557346a7] - doc: fix errors in http.md (Luigi Pinca) #4458748d944b71c] - doc: fix vm.Script createCachedData example (Chengzhong Wu) #444872813323120] - doc: mention how to get commit release (Rafael Gonzaga) #44572ea7b44d474] - doc: fix link inprocess.md(Antoine du Hamel) #4459439b65d2fb7] - doc: do not use weak MODP group in example (Tobias Nießen) #44585f5549afd90] - doc: remove ebpf from supported tooling list (Rafael Gonzaga) #44549a3360b1f4f] - doc: emphasize that createCipher is never secure (Tobias Nießen) #445384e6f7862ba] - doc: document attribute Script.cachedDataRejected (Chengzhong Wu) #4445101e584ecab] - doc: move policy docs to the permissions scope (Rafael Gonzaga) #4422257dac53c22] - doc,crypto: cleanup removed pbkdf2 behaviours (Filip Skokan) #44733c209bd6fb9] - doc,inspector: document changes of inspector.close (Chengzhong Wu) #446289b3b7d6978] - esm,loader: tidy ESMLoader internals (Jacob Smith) #44701daf63d2fa3] - fs: fix typo in mkdir example (SergeyTsukanov) #4479185ab2f857f] - fs: remove unused option infs.fstatSync()(Livia Medeiros) #44613a6091f5496] - gyp: libnode for ios app embedding (chexiongsheng) #44210f158656e4c] - (SEMVER-MINOR) http: throw error on content-length mismatch (sidwebworks) #443781b160517f5] - inspector: expose inspector.close on workers (Chengzhong Wu) #44489a2eb55a2c9] - lib: don't matchsourceMappingURLin strings (Alan Agius) #446582baf532518] - lib: fix reference leak (falsandtru) #44499d8d34ae6bc] - lib: resetRegExpstatics before running user code (Antoine du Hamel) #44247eb3635184b] - lib,test: fix bug in InternalSocketAddress (Tobias Nießen) #4461874dc4d198f] - meta: update AUTHORS (Node.js GitHub Bot) #4477797d2ed7296] - meta: add mailmap entry for dnlup (Rich Trott) #4471635fbd2cc14] - meta: update AUTHORS (Node.js GitHub Bot) #44705c5c1bc40a2] - meta: move dnlup to emeriti (dnlup) #44667c62dfe0427] - meta: update test_runner in label-pr-config (Shrujal Shah) #44615fe56efd0bc] - meta: update AUTHORS (Node.js GitHub Bot) #445914436ffb536] - module: open stat/readPackage to mutations (Maël Nison) #44537f8ec946c82] - module: exports & imports map invalid slash deprecation (Guy Bedford) #4447764cb43a2b6] - node-api: add deprecation code of uncaught exception (Chengzhong Wu) #44624ce1704c2c7] - src: avoid using v8 on Isolate termination (Santiago Gimeno) #446693036b85d71] - src: remove <unistd.h> from node_os.cc (Tobias Nießen) #4466829f57b7899] - src: avoid copy when creating Blob (Tobias Nießen) #4461675cfb13ea6] - src: make ReqWrap weak (Rafael Gonzaga) #44074c12abb5ece] - src: make NearHeapLimitCallback() more robust (Joyee Cheung) #4458181ea507e8e] - src: dump isolate stats when process exits (daomingq) #44534687844822f] - src: consolidate environment cleanup queue (Chengzhong Wu) #443793d42aaaac0] - stream: handle a pending pull request from a released reader (Daeyeon Jeong) #4470273ad9db6c5] - stream: refactor use es2020 statement (SindreXie) #445330af6e420b3] - stream: removeabortReasonfromWritableStreamDefaultController(Daeyeon Jeong) #445402f2f8d5821] - (SEMVER-MINOR) stream: addReadableByteStream.tee()(Daeyeon Jeong) #44505667e8bf3fb] - stream: fixwritableStream.abort()(Daeyeon Jeong) #443273112d5dae0] - test: verify napi_remove_wrap with napi_delete_reference (Chengzhong Wu) #44754b512436841] - test: change promises to async/await (Madhulika Sharma) #44683858631f720] - test: use async/await in test-debugger-invalid-args (Nupur Chauhan) #446786c9ded810c] - test: update test-debugger-low-level to use await/async (Meghana Ramesh) #44688945aa74e57] - test: check that sysconf returns a positive value (Tobias Nießen) #4466679f0f48a6f] - test: change promise to async/await in debugger-watcher (“Pooja) #44687a56cb65bd6] - test: fix addon tests compilation with OpenSSL 1.1.1 (Adam Majer) #447258a68a80a06] - test: fix test-performance-measure (smitley) #4463755de0136b3] - test: improve lib/readline.js coverage (MURAKAMI Masahiko) #42686a3095d217f] - test: fixtest-replnot validating leaked globals properly (Antoine du Hamel) #446407db2974692] - test: ignore stale process cleanup failures on Windows (Joyee Cheung) #444806c35f338c3] - test: use python3 instead of python (Luigi Pinca) #4454520e04c6d44] - test: fix DebugSymbolsTest.ReqWrapList on PPC64LE (Daniel Bevenius) #44341eb25fe73b0] - test: add more cases for parse-encoding (Tony Gorez) #444275ab3bc9419] - test_runner: include stack of uncaught exceptions (Moshe Atlow) #44614752e1472e1] - tls: fix out-of-bounds read in ClientHelloParser (Tobias Nießen) #445800cddb0af99] - tools: add update-llhttp.sh (Paolo Insogna) #44652ef0dc47df9] - tools: fix typo in update-nghttp2.sh (Luigi Pinca) #446640df181a5a1] - tools: add timezone update workflow (Lenvin Gonsalves) #43988dd4348900d] - tools: update eslint to 8.23.1 (Node.js GitHub Bot) #44639b9cfb71e12] - tools: update lint-md-dependencies to @rollup/plugin-node-resolve@14.1.0 (Node.js GitHub Bot) #446385ae142d7ad] - tools: update gyp-next to v0.13.0 (Jiawen Geng) #446055dd86c3faf] - tools: update lint-md-dependencies to @rollup/plugin-node-resolve@14.0.1 (Node.js GitHub Bot) #44590caad4748cf] - tools: increase timeout of running WPT (Joyee Cheung) #445745db9779f14] - tools: fix shebang to use python3 by default (Himself65) #445319aa6a560e9] - v8: add setHeapSnapshotNearHeapLimit (theanarkh) #44420360b74e94f] - win: fix fs.realpath.native for long paths (StefanStojanovic) #44536v18.9.1Compare Source
This is a security release.
Notable changes
The following CVEs are fixed in this release:
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.
llhttp updated to 6.0.10
llhttpis updated to 6.0.10 which includes fixes for the following vulnerabilities.llhttpparser in thehttpmodule does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).llhttpparser in thehttpmodule does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).httpdoes not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).Commits
0c2a5723be] - crypto: fix weak randomness in WebCrypto keygen (Ben Noordhuis) nodejs-private/node-private#ffb6f4d51d] - deps: MacOS - fix location of OpenSSL config file (Michael Dawson) nodejs-private/node-private#34501bffcdd93] - http: disable chunked encoding when OBS fold is used (Paolo Insogna) nodejs-private/node-private#3412c379d341d] - src: fix IPv4 non routable validation (RafaelGSS) nodejs-private/node-private#337Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.