Update Node.js to v10.23.1

[renovate]

This PR contains the following updates:

Package	Update	Change
node	patch	v10.23.0 -> 10.23.1

---

Release Notes

nodejs/node

v10.23.1

Compare Source

Notable changes

This is a security release.

Vulnerabilities fixed:

• CVE-2020-8265: use-after-free in TLSWrap (High)
  Affected Node.js versions are vulnerable to a use-after-free bug in its
  TLS implementation. When writing to a TLS enabled socket,
  node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
  allocated WriteWrap object as first argument. If the DoWrite method does
  not return an error, this object is passed back to the caller as part of
  a StreamWriteResult structure. This may be exploited to corrupt memory
  leading to a Denial of Service or potentially other exploits
• CVE-2020-8287: HTTP Request Smuggling in nodejs
  Affected versions of Node.js allow two copies of a header field in a
  http request. For example, two Transfer-Encoding header fields. In this
  case Node.js identifies the first header field and ignores the second.
  This can lead to HTTP Request Smuggling
  (https://cwe.mitre.org/data/definitions/444.html).
• CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
  This is a vulnerability in OpenSSL which may be exploited through Node.js.
  You can read more about it in
  https://www.openssl.org/news/secadv/20201208.txt

Commits

• [bd44b0ee7f] - build,win: accept Python 3 if 2 is not available (João Reis) #​29236
• [d5c9b09bdc] - build,win: find Python in paths with spaces (João Reis) #​29236
• [323a6f114a] - deps: update http-parser to http-parser@ec8b5ee (Richard Lau) nodejs-private/node-private#​235
• [f08d0fef64] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #​36571
• [b0608b574a] - deps: update archs files for OpenSSL-1.1.1i (Richard Lau) #​36541
• [d936e1833f] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #​36541
• [9c4970715c] - deps: upgrade npm to 6.14.9 (Myles Borins) #​36450
• [aa6b97fb99] - http: add test for http transfer encoding smuggling (Richard Lau) nodejs-private/node-private#​235
• [fc70ce08f5] - http: unset F_CHUNKED on new Transfer-Encoding (Fedor Indutny) nodejs-private/node-private#​235
• [7f178663eb] - src: use unique_ptr for WriteWrap (Daniel Bevenius) nodejs-private/node-private#​238
• [357e2857c8] - test: add test-tls-use-after-free-regression (Daniel Bevenius) nodejs-private/node-private#​238

---

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[codecov]

Codecov Report

Merging #799 (300efb7) into master (795c415) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #799   +/-   ##
=======================================
  Coverage   47.86%   47.86%           
=======================================
  Files          33       33           
  Lines        1519     1519           
  Branches       61       61           
=======================================
  Hits          727      727           
  Misses        792      792           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 795c415...300efb7. Read the comment docs.