Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Node.js to v14.21.3 #321

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Node.js to v14.21.3 #321

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Mar 19, 2022

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
node minor 14.19.0 -> 14.21.3 age adoption passing confidence
@types/node (source) devDependencies patch 14.18.12 -> 14.18.53 age adoption passing confidence

Release Notes

nodejs/node (node)

v14.21.3: 2023-02-16, Version 14.21.3 'Fermium' (LTS), @​richardlau

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

  • CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
  • CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent
OpenSSL security advisory.

This security release also includes an npm update for Node.js 14 to address a number
of CVEs which either do not affect Node.js or are low severity in the context of Node.js. You
can get more details for the individual CVEs in
nodejs-dependency-vuln-assessments.

Commits

v14.21.2: 2022-12-13, Version 14.21.2 'Fermium' (LTS), @​richardlau

Compare Source

Notable Changes
OpenSSL 1.1.1s

This update is a bugfix release and does not address any security
vulnerabilities.

Root certificates updated to NSS 3.85

Certificates added:

  • Autoridad de Certificacion Firmaprofesional CIF A626340
  • Certainly Root E1
  • Certainly Root R1
  • D-TRUST BR Root CA 1 2020
  • D-TRUST EV Root CA 1 2020
  • DigiCert TLS ECC P384 Root G5
  • DigiCert TLS RSA4096 Root G5
  • E-Tugra Global Root CA ECC v3
  • E-Tugra Global Root CA RSA v3
  • HiPKI Root CA - G1
  • ISRG Root X2
  • Security Communication ECC RootCA1
  • Security Communication RootCA3
  • Telia Root CA v2
  • vTrus ECC Root CA
  • vTrus Root CA

Certificates removed:

  • Cybertrust Global Root
  • DST Root CA X3
  • GlobalSign Root CA - R2
  • Hellenic Academic and Research Institutions RootCA 2011
Time zone update to 2022f

Time zone data has been updated to 2022f. This includes changes to Daylight
Savings Time (DST) for Fiji and Mexico. For more information, see
https://mm.icann.org/pipermail/tz-announce/2022-October/000075.html.

Commits

v14.21.1: 2022-11-04, Version 14.21.1 'Fermium' (LTS), @​BethGriggs

Compare Source

This is a security release.

Notable changes

The following CVEs are fixed in this release:

  • CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)

More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post.

Commits

v14.21.0: 2022-11-01, Version 14.21.0 'Fermium' (LTS), @​danielleadams

Compare Source

Notable changes
  • deps:
    • update corepack to 0.14.2 (Node.js GitHub Bot) #​44775
  • src:
    • add --openssl-shared-config option (Daniel Bevenius) #​43124
Commits

v14.20.1: 2022-09-23, Version 14.20.1 'Fermium' (LTS), @​bengl

Compare Source

This is a security release.

Notable changes

The following CVEs are fixed in this release:

More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.

Commits

v14.20.0: 2022-07-07, Version 14.20.0 'Fermium' (LTS), @​danielleadams prepared by @​juanarbol

Compare Source

This is a security release.

Notable Changes
Commits

v14.19.3: 2022-05-17, Version 14.19.3 'Fermium' (LTS), @​richardlau

Compare Source

Notable Changes
  • This release updates OpenSSL to 1.1.1o. This update is not being treated as a security release as the issues addressed in OpenSSL 1.1.1o were assessed to not affect Node.js 14. See https://nodejs.org/en/blog/vulnerability/openssl-fixes-in-regular-releases-may2022/ for more information on how the May 2022 OpenSSL releases affects other Node.js release lines.
  • The list of GPG keys used to sign releases has been synchronized with the main branch.
Commits

v14.19.2: 2022-05-04, Version 14.19.2 'Fermium' (LTS), @​BethGriggs prepared by @​juanarbol

Compare Source

Notable Changes

doc:

  • New release key for Bryan English

Learn more at: #​42102
Contributed by Bryan English (@​bengl)

npm:

  • Upgrade npm to v6.14.17.

Learn more at: #​42900
Contributed by Ruy Adorno (@​ruyadorno)

V8:

  • V8 had a stack overflow issue affecting the vm module, cherry-picking cc9a8a37445e
    from V8 solves this issue.

Learn more at: #​41826
Contributed by Gus Caplan (@​devsnek)

  • Using getHeapSnapshot() was causing a Node.js crash due a V8 issue, this is fixed by backporting 367b0c1e7a32
    from V8.

Learn more at: #​42637
Contributed by Chengzhong Wu (@​legendecas)

Commits

v14.19.1: 2022-03-17, Version 14.19.1 'Fermium' (LTS), @​richardlau

Compare Source

This is a security release.

Notable Changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/node-14.x branch 3 times, most recently from b32fb5d to 28c778f Compare April 26, 2022 22:25
@renovate renovate bot changed the title Update Node.js to v14.19.1 Update Node.js to v14.19.2 May 4, 2022
@renovate renovate bot force-pushed the renovate/node-14.x branch 2 times, most recently from 63bb81e to 93de812 Compare May 12, 2022 23:34
@renovate renovate bot changed the title Update Node.js to v14.19.2 Update Node.js to v14.19.3 Jun 23, 2022
@renovate renovate bot changed the title Update Node.js to v14.19.3 Update Node.js to v14.21.3 Mar 18, 2023
@renovate renovate bot force-pushed the renovate/node-14.x branch 3 times, most recently from 7aef22b to 42fccb8 Compare March 31, 2023 21:43
@renovate renovate bot force-pushed the renovate/node-14.x branch 3 times, most recently from 210debe to 30d16bf Compare June 16, 2023 04:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants