chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@hapi/hapi (source)	20.0.3 -> 20.1.0
eslint (source)	7.18.0 -> 7.21.0
eslint-config-goodway	3.0.0 -> 3.1.1
lodash (source)	4.17.20 -> 4.17.21
node	12.20.1 -> 12.21.0

---

Release Notes

hapijs/hapi

v20.1.0

Compare Source

eslint/eslint

v7.21.0

Compare Source

• 3cd5440 Upgrade: @​eslint/eslintrc to 0.4.0 (#​14147) (Brandon Mills)
• c0b8c71 Upgrade: Puppeteer to 7.1.0 (#​14122) (Tim van der Lippe)
• 08ae31e New: Implement cacheStrategy (refs eslint/rfcs#​63) (#​14119) (Manu Chambon)
• 5e51fd2 Update: do not ignore symbolic links (fixes #​13551, fixes #​13615) (#​14126) (Pig Fang)
• 87c43a5 Chore: improve a few comments and fix typos (#​14125) (Tobias Nießen)
• e19c51e Sponsors: Sync README with website (ESLint Jenkins)
• b8aea99 Fix: pluralize 'line' to 'lines' in max-lines-per-function description (#​14115) (Trevin Hofmann)
• f5b53e2 Sponsors: Sync README with website (ESLint Jenkins)
• eee1213 Sponsors: Sync README with website (ESLint Jenkins)
• 5c4d7ea Sponsors: Sync README with website (ESLint Jenkins)

v7.20.0

Compare Source

• f4ac3b0 Docs: fix sibling selector descriptions (#​14099) (Milos Djermanovic)
• 9d6063a Fix: Crash with esquery when using JSX (fixes #​13639) (#​14072) (Yosuke Ota)
• a0871f1 Docs: Triage process (#​14014) (Nicholas C. Zakas)
• ad90761 Update: add enforceForJSX option to no-unused-expressions rule (#​14012) (Duncan Beevers)
• d6c84af Fix: --init autoconfig shouldn't add deprecated rules (fixes #​14017) (#​14060) (Milos Djermanovic)
• 9b277a1 Fix: Support ENOTDIR error code in the folder existence checking utility (#​13973) (Constantine Genchevsky)
• 7aeb127 Upgrade: pin @​babel/code-frame@​7.12.11 (#​14067) (Milos Djermanovic)
• b4e2af5 Docs: Add more fields to bug report template (#​14039) (Nicholas C. Zakas)
• 96f1d49 Sponsors: Sync README with website (ESLint Jenkins)
• cb27b0a Build: package.json update for eslint-config-eslint release (ESLint Jenkins)
• 4cab165 Sponsors: Sync README with website (ESLint Jenkins)

v7.19.0

Compare Source

• ce7f061 Update: add shadowed variable loc to message in no-shadow (fixes #​13646) (#​13841) (t-mangoe)
• c60e23f Update: fix let logic in for-in and for-of loops in no-extra-parens (#​14011) (Milos Djermanovic)
• d76e8f6 Fix: no-useless-rename invalid autofix with parenthesized identifiers (#​14032) (Milos Djermanovic)
• 5800d92 Docs: Clarify stylistic rule update policy (#​14052) (Brandon Mills)
• 0ccf6d2 Docs: remove configuring.md (#​14036) (Milos Djermanovic)
• 65bb0ab Chore: Clean up new issue workflow (#​14040) (Nicholas C. Zakas)
• e1da90f Fix: nested indenting for offsetTernaryExpressions: true (fixes #​13971) (#​13972) (Chris Brody)
• 1a078b9 Update: check ternary : even if ? was reported in space-infix-ops (#​13963) (Milos Djermanovic)
• fb27422 Fix: extend prefer-const fixer range to whole declaration (fixes #​13899) (#​14033) (Nitin Kumar)
• e0b05c7 Docs: add a correct example to no-unsafe-optional-chaining (refs #​14029) (#​14050) (armin yahya)
• 46e836d Sponsors: Sync README with website (ESLint Jenkins)
• 3fc4fa4 Docs: update configuring links (#​14038) (Milos Djermanovic)
• 8561c21 Docs: fix broken links in configuring/README.md (#​14046) (Milos Djermanovic)
• 1c309eb Update: fix no-invalid-regexp false negatives with no flags specified (#​14018) (Milos Djermanovic)
• f6602d5 Docs: Reorganize Configuration Documentation (#​13837) (klkhan)
• c753b44 Sponsors: Sync README with website (ESLint Jenkins)
• a4fdb70 Docs: Fixed Typo (#​14007) (Yash Singh)
• f7ca481 Docs: Explain why we disable lock files (refs eslint/tsc-meetings#​234) (#​14006) (Brandon Mills)

GoodwayGroup/eslint-config-goodway

v3.1.1

Compare Source

Merged

• fix(deps): update dependency eslint to v7.21.0 #21

v3.1.0

Compare Source

Merged

• chore(deps): update eslint-plugin-import to v2.22.1 #20
• fix(deps): update dependency eslint to v7.20.0 #19
• fix(deps): update dependency eslint-config-airbnb-base to v14.2.1 #18
• fix(deps): update dependency eslint to v7.17.0 #17

lodash/lodash

v4.17.21

Compare Source

nodejs/node

v12.21.0

Compare Source

This is a security release.

Notable changes

Vulnerabilities fixed:

• CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
  • Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
• CVE-2021-22884: DNS rebinding in --inspect
  • Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
• CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
  • This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt

Commits

• [e69177a088] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #​37413
• [0633ae77e6] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #​37413
• [922ada7713] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#​246
• [1564752d55] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#​244

v12.20.2

Compare Source

Notable changes

• deps:
  • upgrade npm to 6.14.11 (Ruy Adorno) #​37173

Commits

• [e8a4e560ea] - async_hooks: fix leak in AsyncLocalStorage exit (Stephen Belanger) #​35779
• [427968d266] - deps: upgrade npm to 6.14.11 (Ruy Adorno) #​37173
• [cd9a8106be] - http: do not loop over prototype in Agent (Michaël Zasso) #​36410
• [4ac8f37800] - http2: check write not scheduled in scope destructor (David Halls) #​36241

---

Renovate configuration

📅 Schedule: "after 3am and before 10pm" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.