Skip to content

chore(deps): update node.js to v24.17.0#356

Merged
renovate-sh-app[bot] merged 2 commits into
mainfrom
grafanarenovatebot/node-24.x
Jun 25, 2026
Merged

chore(deps): update node.js to v24.17.0#356
renovate-sh-app[bot] merged 2 commits into
mainfrom
grafanarenovatebot/node-24.x

Conversation

@renovate-sh-app

@renovate-sh-app renovate-sh-app Bot commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change Pending
node (source) minor 24.16.024.17.0 v24.18.0

Release Notes

nodejs/node (node)

v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes
  • (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
  • (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
  • (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
  • (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
  • (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
  • (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
  • (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
  • (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
  • (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
  • (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
  • (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
Commits

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.

| datasource   | package | from     | to       |
| ------------ | ------- | -------- | -------- |
| node-version | node    | v24.16.0 | v24.17.0 |


Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
@renovate-sh-app renovate-sh-app Bot requested a review from a team as a code owner June 20, 2026 01:22
@renovate-sh-app renovate-sh-app Bot enabled auto-merge (squash) June 20, 2026 01:22
zeitlinger added a commit that referenced this pull request Jun 24, 2026
## Summary
- add a CI safeguard pass for `lychee` that checks all links across all
link-checkable files
- keep the existing changed-file behavior for normal runs, plus the
existing optional local-only full pass
- add regression coverage and update the lychee docs/help text

## Why
PR #356 failed because a README link still pointed at `lint.yml` after
that file had been renamed elsewhere. The stale link lived in an
unchanged file, so Flint's default changed-file link checking did not
catch it earlier. This left a gap where unrelated PRs could fail later
on broken documentation links.

## Root cause
`lychee` defaulted to checking all links only in changed files. Unless
the docs file itself changed, stale remote links in unchanged files were
skipped.

## Impact
CI now catches stale links in unchanged documentation sooner, while
local runs keep the narrower changed-file behavior unless explicitly
configured otherwise.

## Validation
- `cargo test`
- `mise run lint:fix`

---------

Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
@renovate-sh-app renovate-sh-app Bot merged commit 9a4adab into main Jun 25, 2026
14 checks passed
@renovate-sh-app renovate-sh-app Bot deleted the grafanarenovatebot/node-24.x branch June 25, 2026 12:38
@github-actions github-actions Bot mentioned this pull request Jun 25, 2026
zeitlinger pushed a commit that referenced this pull request Jun 25, 2026
## 🤖 New release

* `flint`: 0.22.5 -> 0.22.6

<details><summary><i><b>Changelog</b></i></summary><p>

<blockquote>

## [0.22.6](v0.22.5...v0.22.6)
- 2026-06-25

### Added

- check all links in CI
([#365](#365))

### Fixed

- *(renovate-deps)* normalize tracked snapshot ordering
([#364](#364))

### Other

- *(deps)* update node.js to v24.17.0
([#356](#356))
- link to Flint blog post
([#368](#368))
- *(deps)* update taiki-e/install-action action to v2.82.2
([#367](#367))
- *(deps)* update taiki-e/install-action action to v2.82.1
([#366](#366))
- *(deps)* pin dependencies
([#363](#363))
- *(deps)* lock file maintenance
([#362](#362))
- *(deps)* update mise to v2026.6.11
([#361](#361))
- *(deps)* update taiki-e/install-action action to v2.82.0
([#358](#358))
- *(deps)* update dependency actions/checkout to v7
([#359](#359))
- *(deps)* update dependency jdx/mise-action to v4.2.0
([#357](#357))
- *(deps)* update taiki-e/install-action action to v2.81.11
([#355](#355))
- update permissions ([#354](#354))
- *(deps)* lock file maintenance
([#353](#353))
- *(deps)* update mise to v2026.6.3
([#352](#352))
- *(deps)* update taiki-e/install-action action to v2.81.10
([#351](#351))
- *(deps)* update grafana/shared-workflows/lint-pr-title action to
v1.2.3 ([#350](#350))
- *(deps)* update taiki-e/install-action action to v2.81.9
([#349](#349))
- *(deps)* update taiki-e/install-action action to v2.81.8
([#347](#347))
- *(deps)* update taiki-e/install-action action to v2.81.7
([#346](#346))
- *(deps)* update taiki-e/install-action action to v2.81.6
([#345](#345))
- *(deps)* lock file maintenance
([#342](#342))
- *(deps)* update dependency mise to v2026.6.0
([#341](#341))
- *(deps)* update taiki-e/install-action action to v2.81.5
([#343](#343))
- *(deps)* update dependency jdx/mise-action to v4.1.0
([#340](#340))
- *(deps)* update taiki-e/install-action action to v2.81.4
([#339](#339))
- *(deps)* update taiki-e/install-action action to v2.81.3
([#338](#338))
- *(deps)* update dependency go to v1.26.4
([#337](#337))
- *(deps)* update dependency actions/checkout to v6.0.3
([#336](#336))
- *(deps)* update taiki-e/install-action action to v2.81.2
([#335](#335))
- use shared workflow for PR title lint
([#318](#318))
- note zizmor drift from upstream tag movement
([#334](#334))
- *(deps)* update taiki-e/install-action action to v2.81.1
([#333](#333))
- *(deps)* update taiki-e/install-action action to v2.81.0
([#332](#332))
- *(deps)* update taiki-e/install-action action to v2.80.0
([#331](#331))
</blockquote>


</p></details>

---
This PR was generated with
[release-plz](https://github.com/release-plz/release-plz/).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants