a11y-theme-builder icon indicating copy to clipboard operation
a11y-theme-builder copied to clipboard

Published 20 hours ago verified publisher icon finos

Update node Docker tag to v18.20.4

Open renovate[bot] opened this issue 8 months ago • 1 comments

Mend Renovate

This PR contains the following updates:

Package Type Update Change
node final minor 18.19-bookworm-slim -> 18.20-bookworm-slim

Release Notes

nodejs/node (node)

v18.20.4: 2024-07-08, Version 18.20.4 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
  • CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
Commits

v18.20.3: 2024-05-21, Version 18.20.3 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.

A fix has also been included for compiling Node.js from source with newer versions of Clang.

The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies
  • acorn updated to 8.11.3.
  • acorn-walk updated to 8.3.2.
  • ada updated to 2.7.8.
  • c-ares updated to 1.28.1.
  • corepack updated to 0.28.0.
  • nghttp2 updated to 1.61.0.
  • ngtcp2 updated to 1.3.0.
  • npm updated to 10.7.0. Includes a fix from [email protected] to limit the number of open connections npm/cli#7324.
  • simdutf updated to 5.2.4.
  • zlib updated to 1.3.0.1-motley-7d77fb7.
Commits

v18.20.2: 2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Commits

v18.20.1: 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
  • CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
  • llhttp version 9.2.1
  • undici version 5.28.4
Commits

v18.20.0: 2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes
Added support for import attributes

Support has been added for import attributes, to replace the old import assertions syntax. This will aid migration by making the new syntax available across all currently supported Node.js release lines.

This adds the with keyword which should be used in place of the previous assert keyword, which will be removed in a future semver-major Node.js release.

For example,

import "foo" assert { ... }

should be replaced with

import "foo" with { ... }

For more details, see

Contributed by Nicolò Ribaudo in #​51136 and Antoine du Hamel in #​50140.

Doc deprecation for dirent.path

Please use newly added dirent.parentPath instead.

Contributed by Antoine du Hamel in #​50976 and #​51020.

Experimental node-api feature flags

Introduces an experimental feature to segregate finalizers that affect GC state. A new type called node_api_nogc_env has been introduced as the const version of napi_env and node_api_nogc_finalize as a variant of napi_finalize that accepts a node_api_nogc_env as its first argument.

This feature can be turned off by defining NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT.

Contributed by Gabriel Schulhof in #​50060.

Root certificates updated to NSS 3.98

Certificates added:

  • Telekom Security TLS ECC Root 2020
  • Telekom Security TLS RSA Root 2023

Certificates removed:

  • Security Communication Root CA
Updated dependencies
  • ada updated to 2.7.6.
  • base64 updated to 0.5.2.
  • c-ares updated to 1.27.0.
  • corepack updated to 0.25.2.
  • ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
  • npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
  • simdutf8 updated to 4.0.8.
  • Timezone updated to 2024a.
  • zlib updated to 1.3.0.1-motley-40e35a7.
vm: fix V8 compilation cache support for vm.Script

Previously repeated compilation of the same source code using vm.Script stopped hitting the V8 compilation cache after v16.x when support for importModuleDynamically was added to vm.Script, resulting in a performance regression that blocked users (in particular Jest users) from upgrading from v16.x.

The recent fixes allow the compilation cache to be hit again for vm.Script when --experimental-vm-modules is not used even in the presence of the importModuleDynamically option, so that users affected by the performance regression can now upgrade. Ongoing work is also being done to enable compilation cache support for vm.CompileFunction.

Contributed by Joyee Cheung in #​49950 and #​50137.

Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] avatar Jun 08 '24 08:06 renovate[bot]