Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
10.22.0
->10.24.1
Release Notes
nodejs/node
v10.24.1
: 2021-04-06, Version 10.24.1 'Dubnium' (LTS), @mylesborinsCompare Source
This is a security release.
Notable Changes
Vulerabilties fixed:
Commits
5e526b96ce
] - deps: upgrade npm to 6.14.12 (Ruy Adorno) #37918781cb6df5c
] - deps: update archs files for OpenSSL-1.1.1k (Tobias Nießen) #379405db0a05a90
] - deps: upgrade openssl sources to 1.1.1k (Tobias Nießen) #37940v10.24.0
: 2021-02-23, Version 10.24.0 'Dubnium' (LTS), @richardlauCompare Source
This is a security release.
Notable changes
Vulnerabilities fixed:
Commits
0afcb4f6bb
] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37415447be941cd
] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #374153f2e9dc40c
] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246d1cf6a9b0f
] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244v10.23.3
: 2021-02-09, Version 10.23.3 'Dubnium' (LTS), @richardlauCompare Source
Notable changes
The update to npm 6.14.11 has been relanded so that npm correctly reports its version.
Commits
953a85035d
] - crypto: fix crash when calling digest after piping (Tobias Nießen) #28251fe2c98003e
] - deps: upgrade npm to 6.14.11 (Ruy Adorno) #371737b7fb43b8a
] - Revert "deps: upgrade npm to 6.14.11" (Richard Lau) #372781c6fbd6ffe
] - test: add test that verifies crypto stream pipeline (Evan Lucas) #37009v10.23.2
: 2021-01-26, Version 10.23.2 'Dubnium' (LTS), @richardlauCompare Source
Notable changes
Release keys have been synchronized with the main branch.
Commits
cc6b69557a
] - deps: upgrade npm to 6.14.11 (Darcy Clarke) #36838aefb66528a
] - doc: update contact information for @BethGriggs (Beth Griggs) #3545108931481d8
] - doc: update contact information for richardlau (Richard Lau) #35450bc0617f4ea
] - doc: update release key for Danielle Adams (Danielle Adams) #36793d7c09fcfd3
] - doc: add release key for Danielle Adams (Danielle Adams) #35545ac49d415b0
] - doc: add release key for Ruy Adorno (Ruy Adorno) #34628b8426ae3ce
] - doc: add release key for Richard Lau (Richard Lau) #34397v10.23.1
: 2021-01-04, Version 10.23.1 'Dubnium' (LTS), @richardlauCompare Source
Notable changes
This is a security release.
Vulnerabilities fixed:
Affected Node.js versions are vulnerable to a use-after-free bug in its
TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method does
not return an error, this object is passed back to the caller as part of
a StreamWriteResult structure. This may be exploited to corrupt memory
leading to a Denial of Service or potentially other exploits
Affected versions of Node.js allow two copies of a header field in a
http request. For example, two Transfer-Encoding header fields. In this
case Node.js identifies the first header field and ignores the second.
This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
Commits
bd44b0ee7f
] - build,win: accept Python 3 if 2 is not available (João Reis) #29236d5c9b09bdc
] - build,win: find Python in paths with spaces (João Reis) #29236323a6f114a
] - deps: update http-parser to http-parser@ec8b5ee
(Richard Lau) nodejs-private/node-private#235f08d0fef64
] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #36571b0608b574a
] - deps: update archs files for OpenSSL-1.1.1i (Richard Lau) #36541d936e1833f
] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #365419c4970715c
] - deps: upgrade npm to 6.14.9 (Myles Borins) #36450aa6b97fb99
] - http: add test for http transfer encoding smuggling (Richard Lau) nodejs-private/node-private#235fc70ce08f5
] - http: unsetF_CHUNKED
on newTransfer-Encoding
(Fedor Indutny) nodejs-private/node-private#2357f178663eb
] - src: use unique_ptr for WriteWrap (Daniel Bevenius) nodejs-private/node-private#238357e2857c8
] - test: add test-tls-use-after-free-regression (Daniel Bevenius) nodejs-private/node-private#238v10.23.0
: 2020-10-27, Version 10.23.0 'Dubnium' (LTS), @richardlauCompare Source
Notable changes
Commits
b83f9a56fc
] - build: expose napi_build_version variable (NickNaso) #27835020ba1a2b8
] - build: enable backtrace when V8 is built for PPC and S390x (Michaël Zasso) #32113eee9412a8c
] - deps: upgrade npm to 6.14.8 (Ruy Adorno) #34834038593d5ff
] - deps: upgrade npm to 6.14.7 (claudiahdz) #344683564424625
] - deps: V8: cherry-pickeec10a2
(Stephen Belanger) #33778e9e86e1b60
] - http2: support non-empty DATA frame with END_STREAM flag (Carlos Lopez) #33875751820b6c2
] - http2,doc: minor fixes (Alba Mendez) #2804454c2bc2e62
] - (SEMVER-MINOR) n-api: create N-API version 7 (Gabriel Schulhof) #351992eb627301c
] - src: allows escaping NODE_OPTIONS with backslashes (Maël Nison) #240655170d14b36
] - test: fix test-linux-perf flakiness (Matheus Marchini) #2761521b86d7f19
] - test,v8: skip less and stabilize test-linux-perf.js (Refael Ackermann) #27364ee11ab50a7
] - tools: add debug entitlements for macOS 10.15+ (Gabriele Greco) #34378v10.22.1
: 2020-09-15, Version 10.22.1 'Dubnium' (LTS), @BethGriggsCompare Source
Notable changes
This is a security release.
Vulnerabilities fixed:
Commits
57badcf93e
] - deps: libuv: cherry-pick0e6e862
(Colin Ihrig) libuv/libuv#2966Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.