1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
unleash.unleash/.node-version
renovate[bot] d263cbe6fb
chore(deps): update dependency node to v18.17.1 (#4530)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [node](https://togithub.com/nodejs/node) | patch | `18.17.0` ->
`18.17.1` |

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

###
[`v18.17.1`](https://togithub.com/nodejs/node/releases/tag/v18.17.1):
2023-08-09, Version 18.17.1 &#x27;Hydrogen&#x27; (LTS),
@&#8203;RafaelGSS

[Compare
Source](https://togithub.com/nodejs/node/compare/v18.17.0...v18.17.1)

This is a security release.

##### Notable Changes

The following CVEs are fixed in this release:

-
[CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002):
Policies can be bypassed via Module.\_load (High)
-
[CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006):
Policies can be bypassed by module.constructor.createRequire (Medium)
-
[CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559):
Policies can be bypassed via process.binding (Medium)
-   OpenSSL Security Releases
- [OpenSSL security advisory 14th
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html).
- [OpenSSL security advisory 19th
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html).
- [OpenSSL security advisory 31st
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html)

More detailed information on each of the vulnerabilities can be found in
[August 2023 Security
Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/)
blog post.

##### Commits

- \[[`fe3abdf82e`](https://togithub.com/nodejs/node/commit/fe3abdf82e)]
- **deps**: update archs files for openssl-3.0.10+quic1 (Node.js GitHub
Bot) [#&#8203;49036](https://togithub.com/nodejs/node/pull/49036)
- \[[`2c5a522d9c`](https://togithub.com/nodejs/node/commit/2c5a522d9c)]
- **deps**: upgrade openssl sources to quictls/openssl-3.0.10+quic1
(Node.js GitHub Bot)
[#&#8203;49036](https://togithub.com/nodejs/node/pull/49036)
- \[[`15bced0bde`](https://togithub.com/nodejs/node/commit/15bced0bde)]
- **policy**: handle Module.constructor and main.extensions bypass
(RafaelGSS)
[nodejs-private/node-private#417](https://togithub.com/nodejs-private/node-private/pull/417)
- \[[`d4570fae35`](https://togithub.com/nodejs/node/commit/d4570fae35)]
- **policy**: disable process.binding() when enabled (Tobias Nießen)
[nodejs-private/node-private#460](https://togithub.com/nodejs-private/node-private/pull/460)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi40My4yIiwidXBkYXRlZEluVmVyIjoiMzYuNDMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-08-17 14:58:58 +00:00

2 lines
8 B
Plaintext