chore(deps): update dependency node to v18.15.0

[renovate]

This PR contains the following updates:

Package	Update	Change
node (source)	minor	18.14.0 -> 18.15.0

---

Release Notes

nodejs/node

v18.15.0: 2023-03-07, Version 18.15.0 'Hydrogen' (LTS), @​BethGriggs prepared by @​juanarbol

Compare Source

Notable Changes

• [63563f8a7a] - doc,lib,src,test: rename --test-coverage (Colin Ihrig) #​46017
• [28a775b32f] - test_runner: add initial code coverage support (Colin Ihrig) #​46017
• [4d50db14b3] - (SEMVER-MINOR) test_runner: add reporters (Moshe Atlow) #​45712
• [643545ab79] - (SEMVER-MINOR) fs: add statfs() functions (Colin Ihrig) #​46358
• [110ead9abb] - (SEMVER-MINOR) vm: expose cachedDataRejected for vm.compileFunction (Anna Henningsen) #​46320
• [02632b42cf] - (SEMVER-MINOR) v8: support gc profile (theanarkh) #​46255
• [f09b838408] - (SEMVER-MINOR) src,lib: add constrainedMemory API for process (theanarkh) #​46218
• [cb5bb12422] - (SEMVER-MINOR) buffer: add isAscii method (Yagiz Nizipli) #​46046

Commits

• [6f91c8e2ae] - benchmark: add trailing commas (Antoine du Hamel) #​46370
• [d0b9be21eb] - benchmark: remove buffer benchmarks redundancy (Brian White) #​45735
• [6468f30d0d] - benchmark: introduce benchmark combination filtering (Brian White) #​45735
• [cb5bb12422] - (SEMVER-MINOR) buffer: add isAscii method (Yagiz Nizipli) #​46046
• [ec61bb04c0] - build: export more OpenSSL symbols on Windows (Mohamed Akram) #​45486
• [7bae4333ce] - build: fix MSVC 2022 Release compilation (Vladimir Morozov (REDMOND)) #​46228
• [0f5f2d4470] - crypto: include hmac.h in crypto_util.h (Adam Langley) #​46279
• [91ece4161b] - crypto: avoid hang when no algorithm available (Richard Lau) #​46237
• [492fc95bdf] - deps: V8: cherry-pick 90be99f (Michaël Zasso) #​46646
• [732c77e3d9] - deps: update acorn to 8.8.2 (Node.js GitHub Bot) #​46363
• [8582f99ffb] - deps: update to uvwasi 0.0.15 (Colin Ihrig) #​46253
• [5453cd9940] - deps: V8: cherry-pick bf0bd48 (Michaël Zasso) #​45908
• [3ea53c5dc8] - deps: V8: cherry-pick c875e86 (sepehrst) #​46501
• [c04808de4b] - doc: correct the sed command for macOS in release process docs (Juan José) #​46397
• [8113220690] - doc: pass string to textEncoder.encode as input (Deokjin Kim) #​46421
• [129dccf5d2] - doc: add tip for session.post function (theanarkh) #​46354
• [919e581732] - doc: add documentation for socket.destroySoon() (Luigi Pinca) #​46337
• [fc15ac95a5] - doc: fix commit message using test instead of deps (Tony Gorez) #​46313
• [d153a93200] - doc: add v8 fast api contribution guidelines (Yagiz Nizipli) #​46199
• [dbf082d082] - doc: fix small typo error (0xflotus) #​46186
• [94421b4cfe] - doc: mark some parameters as optional in webstreams (Deokjin Kim) #​46269
• [5adb743511] - doc: update output of example in events.getEventListeners (Deokjin Kim) #​46268
• [63563f8a7a] - doc,lib,src,test: rename --test-coverage (Colin Ihrig) #​46017
• [4e88c7c813] - esm: delete preload mock test (Geoffrey Booth) #​46402
• [643545ab79] - (SEMVER-MINOR) fs: add statfs() functions (Colin Ihrig) #​46358
• [5019b5473f] - http: res.setHeaders first implementation (Marco Ippolito) #​46109
• [76622c4c60] - inspector: allow opening inspector when NODE_V8_COVERAGE is set (Moshe Atlow) #​46113
• [92f0747e03] - meta: update AUTHORS (Node.js GitHub Bot) #​46399
• [795251bc6f] - meta: update AUTHORS (Node.js GitHub Bot) #​46303
• [8865424c31] - meta: add .mailmap entry (Rich Trott) #​46303
• [5ed679407b] - meta: move evanlucas to emeritus (Evan Lucas) #​46274
• [403df210ac] - module: move test reporter loading (Geoffrey Booth) #​45923
• [2f7319e387] - readline: fix detection of carriage return (Antoine du Hamel) #​46306
• [73a8f46c4d] - Revert "src: let http2 streams end after session close" (Santiago Gimeno) #​46721
• [30d783f91a] - src: stop tracing agent before shutting down libuv (Santiago Gimeno) #​46380
• [1508d90fda] - src: get rid of fp arithmetic in ParseIPv4Host (Tobias Nießen) #​46326
• [bdb793a082] - src: use UNREACHABLE instead of CHECK(falsy) (Tobias Nießen) #​46317
• [116a33649b] - src: add support for ETW stack walking (José Dapena Paz) #​46203
• [b06298c98e] - src: refactor EndsInANumber in node_url.cc and adds IsIPv4NumberValid (Miguel Teixeira) #​46227
• [26f41b041c] - src: fix c++ exception on bad command line arg (Ben Noordhuis) #​46290
• [14da89f41a] - src: remove unreachable UNREACHABLE (Tobias Nießen) #​46281
• [18c4dd004b] - src: replace custom ASCII validation with simdutf one (Anna Henningsen) #​46271
• [cde375510f] - src: replace unreachable code with static_assert (Tobias Nießen) #​46250
• [f389b2f3fc] - src: use explicit C++17 fallthrough (Tobias Nießen) #​46251
• [8adaa1333c] - src: use CreateEnvironment instead of inlining its code where possible (Anna Henningsen) #​45886
• [f09b838408] - (SEMVER-MINOR) src,lib: add constrainedMemory API for process (theanarkh) #​46218
• [63e92eae63] - stream: remove brandchecks from stream duplexify (Debadree Chatterjee) #​46315
• [3acfe9bf92] - stream: fix readable stream as async iterator function (Erick Wendel) #​46147
• [de64315ccb] - test: fix WPT title when no META title is present (Filip Skokan) #​46804
• [162e3400ff] - test: fix default WPT titles (Filip Skokan) #​46778
• [5f422c4d70] - test: add WPTRunner support for variants and generating WPT reports (Filip Skokan) #​46498
• [4f5aff2557] - test: fix tap parser fails if a test logs a number (Pulkit Gupta) #​46056
• [32b020cf84] - test: fix tap escaping with and without --test (Pulkit Gupta) #​46311
• [f2bba1bcdb] - test: add trailing commas in test/node-api (Antoine du Hamel) #​46384
• [f2ebe66fda] - test: add trailing commas in test/message (Antoine du Hamel) #​46372
• [ed564a9985] - test: add trailing commas in test/pseudo-tty (Antoine du Hamel) #​46371
• [e4437dd409] - test: set common.bits to 64 for loong64 (Shi Pujin) #​45383
• [9d40aef736] - test: s390x zlib test case fixes (Adam Majer) #​46367
• [ed3fb52716] - test: fix logInTimeout is not function (theanarkh) #​46348
• [d05b0771be] - test: avoid trying to call sysctl directly (Adam Majer) #​46366
• [041aac3bbd] - test: avoid left behind child processes (Richard Lau) #​46276
• [837ddcb322] - test: add failing test for readline with carriage return (Alec Mev) #​46075
• [75b8db41c6] - test: reduce fs-write-optional-params flakiness (LiviaMedeiros) #​46238
• [c0d3fdaf63] - test,crypto: add CFRG curve vectors to wrap/unwrap tests (Filip Skokan) #​46406
• [f328f7b15e] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #​46267
• [1ef3c53e24] - test_runner: better handle async bootstrap errors (Colin Ihrig) #​46720
• [0a690efb76] - test_runner: add describe.only and it.only shorthands (Richie McColl) #​46604
• [28a1317efe] - test_runner: bootstrap reporters before running tests (Moshe Atlow) #​46737
• [cd3aaa8fac] - test_runner: emit test-only diagnostic warning (Richie McColl) #​46540
• [c19fa45a65] - test_runner: centralize CLI option handling (Colin Ihrig) #​46707
• [0898145e37] - test_runner: display skipped tests in spec reporter output (Richie McColl) #​46651
• [894d7117fa] - test_runner: parse non-ascii character correctly (Mert Can Altın) #​45736
• [5b3c606626] - test_runner: flatten TAP output when running using --test (Moshe Atlow) #​46440
• [391ff0dba4] - test_runner: allow nesting test within describe (Moshe Atlow) #​46544
• [ba784e87b4] - test_runner: fix missing test diagnostics (Moshe Atlow) #​46450
• [c5f16fb5fb] - test_runner: top-level diagnostics not ommited when running with --test (Pulkit Gupta) #​46441
• [28a775b32f] - test_runner: add initial code coverage support (Colin Ihrig) #​46017
• [0d999e373a] - test_runner: make built in reporters internal (Colin Ihrig) #​46092
• [79f4b426fe] - test_runner: report file in test runner events (Moshe Atlow) #​46030
• [4d50db14b3] - (SEMVER-MINOR) test_runner: add reporters (Moshe Atlow) #​45712
• [5fdf374c74] - test_runner: avoid swallowing of asynchronously thrown errors (MURAKAMI Masahiko) #​45264
• [23b875806c] - test_runner: update comment to comply with eslint no-fallthrough rule (Antoine du Hamel) #​46258
• [00c5495aa3] - tools: update eslint to 8.33.0 (Node.js GitHub Bot) #​46400
• [37a6ce1120] - tools: update doc to [email protected] [email protected] (Node.js GitHub Bot) #​46364
• [1eaafc7db4] - tools: update lint-md-dependencies to [email protected] (Node.js GitHub Bot) #​46398
• [a97774603b] - tools: require more trailing commas (Antoine du Hamel) #​46346
• [03e244a59b] - tools: update lint-md-dependencies (Node.js GitHub Bot) #​46302
• [60d714e0c3] - tools: allow icutrim.py to run on python2 (Michael Dawson) #​46263
• [b7950f50de] - tools: update eslint to 8.32.0 (Node.js GitHub Bot) #​46258
• [08bafc84f6] - url: refactor to use more primordials (Antoine du Hamel) #​45966
• [02632b42cf] - (SEMVER-MINOR) v8: support gc profile (theanarkh) #​46255
• [110ead9abb] - (SEMVER-MINOR) vm: expose cachedDataRejected for vm.compileFunction (Anna Henningsen) #​46320

v18.14.2: 2023-02-21, Version 18.14.2 'Hydrogen' (LTS), @​MylesBorins

Compare Source

Notable Changes

• [f864bef32a] - deps: upgrade npm to 9.5.0 (npm team) #​46673

Commits

• [880a65d7ff] - build: delete snapshot.blob file from the project (Juan José Arboleda) #​46626
• [cbea56efda] - deps: update undici to 5.20.0 (Node.js GitHub Bot) #​46711
• [f864bef32a] - deps: upgrade npm to 9.5.0 (npm team) #​46673
• [648041d568] - deps: upgrade npm to 9.4.0 (npm team) #​46353
• [5e1f213f3c] - deps: patch V8 to 10.2.154.26 (Michaël Zasso) #​46446

v18.14.1: 2023-02-16, Version 18.14.1 'Hydrogen' (LTS), @​RafaelGSS prepared by @​juanarbol

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
• CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
• CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
• CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
• CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent
OpenSSL security advisory.

Commits

• [8393ebc72d] - build: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) nodejs-private/node-private#​379
• [004e34d046] - crypto: clear OpenSSL error on invalid ca cert (RafaelGSS) #​46572
• [5e0142a852] - deps: cherry-pick Windows ARM64 fix for openssl (Richard Lau) #​46572
• [f71fe278a6] - deps: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) #​46572
• [2c6817e42b] - deps: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) #​46572
• [f0afa0bfe5] - deps: update undici to 5.19.1 (Node.js GitHub Bot) #​46634
• [c26a34c13e] - deps: update undici to 5.18.0 (Node.js GitHub Bot) #​46634
• [db93ee4a15] - deps: update undici to 5.17.1 (Node.js GitHub Bot) #​46634
• [b4e49fb02c] - deps: update undici to 5.16.0 (Node.js GitHub Bot) #​46634
• [90994e6a2c] - deps: update undici to 5.15.1 (Node.js GitHub Bot) #​46634
• [00302fc7ac] - deps: update undici to 5.15.0 (Node.js GitHub Bot) #​46634
• [0e3b796cc5] - lib: makeRequireFunction patch when experimental policy (RafaelGSS) nodejs-private/node-private#​371
• [7cccd5565f] - policy: makeRequireFunction on mainModule.require (RafaelGSS) nodejs-private/node-private#​371

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.