1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-28 00:06:53 +01:00
unleash.unleash/.node-version
renovate[bot] 7578bf31ee
chore(deps): update node.js to v14.21.3 (#3223)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [node](https://togithub.com/nodejs/node) | patch | `14.21.2` ->
`14.21.3` |

---

### Release Notes

<details>
<summary>nodejs/node</summary>

###
[`v14.21.3`](https://togithub.com/nodejs/node/releases/tag/v14.21.3):
2023-02-16, Version 14.21.3 &#x27;Fermium&#x27; (LTS),
@&#8203;richardlau

[Compare
Source](https://togithub.com/nodejs/node/compare/v14.21.2...v14.21.3)

This is a security release.

##### Notable Changes

The following CVEs are fixed in this release:

-
**[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**:
Node.js Permissions policies can be bypassed via process.mainModule
(High)
-
**[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**:
Node.js insecure loading of ICU data through ICU_DATA environment
variable (Low)

More detailed information on each of the vulnerabilities can be found in
[February 2023 Security
Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/)
blog post.

This security release includes OpenSSL security updates as outlined in
the recent
[OpenSSL security
advisory](https://www.openssl.org/news/secadv/20230207.txt).

This security release also includes an npm update for Node.js 14 to
address a number
of CVEs which either do not affect Node.js or are low severity in the
context of Node.js. You
can get more details for the individual CVEs in

[nodejs-dependency-vuln-assessments](https://togithub.com/nodejs/nodejs-dependency-vuln-assessments).

##### Commits

- \[[`97a0443f13`](https://togithub.com/nodejs/node/commit/97a0443f13)]
- **build**: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS)
[nodejs-private/node-private#&#8203;374](https://togithub.com/nodejs-private/node-private/pull/374)
- \[[`9e6221529b`](https://togithub.com/nodejs/node/commit/9e6221529b)]
- **deps**: cherry-pick Windows ARM64 fix for openssl (Richard Lau)
[#&#8203;46566](https://togithub.com/nodejs/node/pull/46566)
- \[[`0d5f86451d`](https://togithub.com/nodejs/node/commit/0d5f86451d)]
- **deps**: update archs files for OpenSSL-1.1.1t (RafaelGSS)
[#&#8203;46566](https://togithub.com/nodejs/node/pull/46566)
- \[[`8c11d17b40`](https://togithub.com/nodejs/node/commit/8c11d17b40)]
- **deps**: upgrade openssl sources to 1.1.1t (RafaelGSS)
[#&#8203;46566](https://togithub.com/nodejs/node/pull/46566)
- \[[`224e93c9ef`](https://togithub.com/nodejs/node/commit/224e93c9ef)]
- **deps**: upgrade npm to 6.14.18 (Ruy Adorno)
[#&#8203;45936](https://togithub.com/nodejs/node/pull/45936)
- \[[`d73ea4de13`](https://togithub.com/nodejs/node/commit/d73ea4de13)]
- **doc**: clarify release notes for Node.js 14.21.2 (Richard Lau)
[#&#8203;45846](https://togithub.com/nodejs/node/pull/45846)
- \[[`f7892c16be`](https://togithub.com/nodejs/node/commit/f7892c16be)]
- **lib**: makeRequireFunction patch when experimental policy
(RafaelGSS)
[nodejs-private/node-private#&#8203;358](https://togithub.com/nodejs-private/node-private/pull/358)
- \[[`fa115ee8ac`](https://togithub.com/nodejs/node/commit/fa115ee8ac)]
- **module**: protect against prototype mutation (Antoine du Hamel)
[#&#8203;44007](https://togithub.com/nodejs/node/pull/44007)
- \[[`83975b7fb4`](https://togithub.com/nodejs/node/commit/83975b7fb4)]
- **policy**: makeRequireFunction on mainModule.require (RafaelGSS)
[nodejs-private/node-private#&#8203;358](https://togithub.com/nodejs-private/node-private/pull/358)
- \[[`a5f8798d7a`](https://togithub.com/nodejs/node/commit/a5f8798d7a)]
- **test**: avoid left behind child processes (Richard Lau)
[#&#8203;46276](https://togithub.com/nodejs/node/pull/46276)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM0LjE1My4yIn0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-03-01 18:18:31 +00:00

2 lines
8 B
Plaintext