AlexRogalskiy / screenshots

📸 Styled Screenshots API
https://styled-screenshots.vercel.app/
GNU General Public License v3.0
3 stars 1 forks source link

:arrow_up: Updates node to v20 - autoclosed #865

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Update Change
node major 14.16.0 -> 20.8.1

Release Notes

nodejs/node (node) ### [`v20.8.1`](https://togithub.com/nodejs/node/releases/tag/v20.8.1): 2023-10-13, Version 20.8.1 (Current), @​RafaelGSS [Compare Source](https://togithub.com/nodejs/node/compare/v18.18.2...v20.8.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High) - [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High) - [CVE-2023-39332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39332): Path traversal through path stored in Uint8Array (High) - [CVE-2023-39331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39331): Permission model improperly protects against path traversal (High) - [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium) - [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low) More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post. ##### Commits - \[[`c86883e844`](https://togithub.com/nodejs/node/commit/c86883e844)] - **deps**: update nghttp2 to 1.57.0 (James M Snell) [#​50121](https://togithub.com/nodejs/node/pull/50121) - \[[`2860631359`](https://togithub.com/nodejs/node/commit/2860631359)] - **deps**: update undici to v5.26.3 (Matteo Collina) [#​50153](https://togithub.com/nodejs/node/pull/50153) - \[[`cd37838bf8`](https://togithub.com/nodejs/node/commit/cd37838bf8)] - **lib**: let deps require `node` prefixed modules (Matthew Aitken) [#​50047](https://togithub.com/nodejs/node/pull/50047) - \[[`f5c90b2951`](https://togithub.com/nodejs/node/commit/f5c90b2951)] - **module**: fix code injection through export names (Tobias Nießen) [nodejs-private/node-private#461](https://togithub.com/nodejs-private/node-private/pull/461) - \[[`fa5dae1944`](https://togithub.com/nodejs/node/commit/fa5dae1944)] - **permission**: fix Uint8Array path traversal (Tobias Nießen) [nodejs-private/node-private#456](https://togithub.com/nodejs-private/node-private/pull/456) - \[[`cd35275111`](https://togithub.com/nodejs/node/commit/cd35275111)] - **permission**: improve path traversal protection (Tobias Nießen) [nodejs-private/node-private#456](https://togithub.com/nodejs-private/node-private/pull/456) - \[[`a4cb7fc7c0`](https://togithub.com/nodejs/node/commit/a4cb7fc7c0)] - **policy**: use tamper-proof integrity check function (Tobias Nießen) [nodejs-private/node-private#462](https://togithub.com/nodejs-private/node-private/pull/462) ### [`v18.18.2`](https://togithub.com/nodejs/node/compare/v18.18.1...v18.18.2) [Compare Source](https://togithub.com/nodejs/node/compare/v18.18.1...v18.18.2) ### [`v18.18.1`](https://togithub.com/nodejs/node/releases/tag/v18.18.1): 2023-10-10, Version 18.18.1 'Hydrogen' (LTS), @​richardlau [Compare Source](https://togithub.com/nodejs/node/compare/v18.18.0...v18.18.1) ##### Notable Changes This release addresses some regressions that appeared in Node.js 18.18.0: - (Windows) FS can not handle certain characters in file name [#​48673](https://togithub.com/nodejs/node/issues/48673) - 18 and 20 node images give error - Text file busy (after re-build images) [nodejs/docker-node#1968](https://togithub.com/nodejs/docker-node/issues/1968) - libuv update in 18.18.0 breaks webpack's thread-loader [#​49911](https://togithub.com/nodejs/node/issues/49911) The libuv 1.45.0 and 1.46.0 updates that were released in Node.js 18.18.0 have been temporarily reverted. ##### Commits - \[[`3e3a75cc46`](https://togithub.com/nodejs/node/commit/3e3a75cc46)] - ***Revert*** "**build**: sync libuv header change" (Richard Lau) [#​50036](https://togithub.com/nodejs/node/pull/50036) - \[[`14ece2c479`](https://togithub.com/nodejs/node/commit/14ece2c479)] - ***Revert*** "**deps**: upgrade to libuv 1.45.0" (Richard Lau) [#​50036](https://togithub.com/nodejs/node/pull/50036) - \[[`022352acbe`](https://togithub.com/nodejs/node/commit/022352acbe)] - ***Revert*** "**deps**: upgrade to libuv 1.46.0" (Richard Lau) [#​50036](https://togithub.com/nodejs/node/pull/50036) - \[[`d9f138189c`](https://togithub.com/nodejs/node/commit/d9f138189c)] - ***Revert*** "**deps**: add missing thread-common.c in uv.gyp" (Richard Lau) [#​50036](https://togithub.com/nodejs/node/pull/50036) - \[[`7a3e1ffbb8`](https://togithub.com/nodejs/node/commit/7a3e1ffbb8)] - **fs**: make sure to write entire buffer (Robert Nagy) [#​49211](https://togithub.com/nodejs/node/pull/49211) - \[[`04cba95a67`](https://togithub.com/nodejs/node/commit/04cba95a67)] - **test**: add `tmpdir.resolve()` (Livia Medeiros) [#​49079](https://togithub.com/nodejs/node/pull/49079) ### [`v18.18.0`](https://togithub.com/nodejs/node/releases/tag/v18.18.0): 2023-09-18, Version 18.18.0 'Hydrogen' (LTS), @​ruyadorno [Compare Source](https://togithub.com/nodejs/node/compare/v18.17.1...v18.18.0) ##### Notable Changes - \[[`7dc731d4bf`](https://togithub.com/nodejs/node/commit/7dc731d4bf)] - **build**: sync libuv header change (Jiawen Geng) [#​48078](https://togithub.com/nodejs/node/pull/48078) - \[[`490fc004b0`](https://togithub.com/nodejs/node/commit/490fc004b0)] - **crypto**: update root certificates to NSS 3.93 (Node.js GitHub Bot) [#​49341](https://togithub.com/nodejs/node/pull/49341) - \[[`dd8cd97d4d`](https://togithub.com/nodejs/node/commit/dd8cd97d4d)] - **crypto**: update root certificates to NSS 3.90 (Node.js GitHub Bot) [#​48416](https://togithub.com/nodejs/node/pull/48416) - \[[`ea23870bec`](https://togithub.com/nodejs/node/commit/ea23870bec)] - **deps**: add missing thread-common.c in uv.gyp (Santiago Gimeno) [#​48078](https://togithub.com/nodejs/node/pull/48078) - \[[`88855e0b1b`](https://togithub.com/nodejs/node/commit/88855e0b1b)] - **deps**: upgrade to libuv 1.46.0 (Santiago Gimeno) [#​48078](https://togithub.com/nodejs/node/pull/48078) - \[[`fb2b80fca0`](https://togithub.com/nodejs/node/commit/fb2b80fca0)] - **deps**: upgrade to libuv 1.45.0 (Santiago Gimeno) [#​48078](https://togithub.com/nodejs/node/pull/48078) - \[[`249879e46c`](https://togithub.com/nodejs/node/commit/249879e46c)] - **doc**: add atlowChemi to collaborators (atlowChemi) [#​48757](https://togithub.com/nodejs/node/pull/48757) - \[[`e8dc7bde6a`](https://togithub.com/nodejs/node/commit/e8dc7bde6a)] - **doc**: add vmoroz to collaborators (Vladimir Morozov) [#​48527](https://togithub.com/nodejs/node/pull/48527) - \[[`a30f2fbcc1`](https://togithub.com/nodejs/node/commit/a30f2fbcc1)] - **doc**: add kvakil to collaborators (Keyhan Vakil) [#​48449](https://togithub.com/nodejs/node/pull/48449) - \[[`c39b7c240e`](https://togithub.com/nodejs/node/commit/c39b7c240e)] - **(SEMVER-MINOR)** **esm**: add `--import` flag (Moshe Atlow) [#​43942](https://togithub.com/nodejs/node/pull/43942) - \[[`a68a67f54d`](https://togithub.com/nodejs/node/commit/a68a67f54d)] - **(SEMVER-MINOR)** **events**: allow safely adding listener to abortSignal (Chemi Atlow) [#​48596](https://togithub.com/nodejs/node/pull/48596) - \[[`3a8586bee2`](https://togithub.com/nodejs/node/commit/3a8586bee2)] - **fs, stream**: initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) [#​48518](https://togithub.com/nodejs/node/pull/48518) - \[[`863bdb785d`](https://togithub.com/nodejs/node/commit/863bdb785d)] - **net**: add autoSelectFamily global getter and setter (Paolo Insogna) [#​45777](https://togithub.com/nodejs/node/pull/45777) - \[[`c59ae86ba0`](https://togithub.com/nodejs/node/commit/c59ae86ba0)] - **(SEMVER-MINOR)** **url**: add value argument to has and delete methods (Sankalp Shubham) [#​47885](https://togithub.com/nodejs/node/pull/47885) ##### Commits - \[[`d1f43317ea`](https://togithub.com/nodejs/node/commit/d1f43317ea)] - **benchmark**: add bar.R (Rafael Gonzaga) [#​47729](https://togithub.com/nodejs/node/pull/47729) - \[[`4f74be3c92`](https://togithub.com/nodejs/node/commit/4f74be3c92)] - **benchmark**: refactor crypto oneshot (Filip Skokan) [#​48267](https://togithub.com/nodejs/node/pull/48267) - \[[`fe9da9df0f`](https://togithub.com/nodejs/node/commit/fe9da9df0f)] - **benchmark**: add crypto.create\*Key (Filip Skokan) [#​48284](https://togithub.com/nodejs/node/pull/48284) - \[[`9cb18b3e9d`](https://togithub.com/nodejs/node/commit/9cb18b3e9d)] - **build**: do not pass target toolchain flags to host toolchain (Ivan Trubach) [#​48597](https://togithub.com/nodejs/node/pull/48597) - \[[`7dc731d4bf`](https://togithub.com/nodejs/node/commit/7dc731d4bf)] - **build**: sync libuv header change (Jiawen Geng) [#​48078](https://togithub.com/nodejs/node/pull/48078) - \[[`211a4f88a9`](https://togithub.com/nodejs/node/commit/211a4f88a9)] - **build**: update action to close stale PRs (Michael Dawson) [#​48196](https://togithub.com/nodejs/node/pull/48196) - \[[`cc33a1864b`](https://togithub.com/nodejs/node/commit/cc33a1864b)] - **child_process**: harden against prototype pollution (Livia Medeiros) [#​48726](https://togithub.com/nodejs/node/pull/48726) - \[[`b5df084e1e`](https://togithub.com/nodejs/node/commit/b5df084e1e)] - **child_process**: use addAbortListener (atlowChemi) [#​48550](https://togithub.com/nodejs/node/pull/48550) - \[[`611db8df1a`](https://togithub.com/nodejs/node/commit/611db8df1a)] - **child_process**: support `Symbol.dispose` (Moshe Atlow) [#​48551](https://togithub.com/nodejs/node/pull/48551) - \[[`490fc004b0`](https://togithub.com/nodejs/node/commit/490fc004b0)] - **crypto**: update root certificates to NSS 3.93 (Node.js GitHub Bot) [#​49341](https://togithub.com/nodejs/node/pull/49341) - \[[`dd8cd97d4d`](https://togithub.com/nodejs/node/commit/dd8cd97d4d)] - **crypto**: update root certificates to NSS 3.90 (Node.js GitHub Bot) [#​48416](https://togithub.com/nodejs/node/pull/48416) - \[[`b2bc839d4c`](https://togithub.com/nodejs/node/commit/b2bc839d4c)] - **crypto**: remove OPENSSL_FIPS guard for OpenSSL 3 (Richard Lau) [#​48392](https://togithub.com/nodejs/node/pull/48392) - \[[`c8da8c80b9`](https://togithub.com/nodejs/node/commit/c8da8c80b9)] - **deps**: update nghttp2 to 1.55.0 (Node.js GitHub Bot) [#​48746](https://togithub.com/nodejs/node/pull/48746) - \[[`7e04242dcb`](https://togithub.com/nodejs/node/commit/7e04242dcb)] - **deps**: update minimatch to 9.0.3 (Node.js GitHub Bot) [#​48704](https://togithub.com/nodejs/node/pull/48704) - \[[`ea23870bec`](https://togithub.com/nodejs/node/commit/ea23870bec)] - **deps**: add missing thread-common.c in uv.gyp (Santiago Gimeno) [#​48078](https://togithub.com/nodejs/node/pull/48078) - \[[`88855e0b1b`](https://togithub.com/nodejs/node/commit/88855e0b1b)] - **deps**: upgrade to libuv 1.46.0 (Santiago Gimeno) [#​48078](https://togithub.com/nodejs/node/pull/48078) - \[[`fb2b80fca0`](https://togithub.com/nodejs/node/commit/fb2b80fca0)] - **deps**: upgrade to libuv 1.45.0 (Santiago Gimeno) [#​48078](https://togithub.com/nodejs/node/pull/48078) - \[[`59fca4e09a`](https://togithub.com/nodejs/node/commit/59fca4e09a)] - **deps**: update acorn to 8.10.0 (Node.js GitHub Bot) [#​48713](https://togithub.com/nodejs/node/pull/48713) - \[[`bcb255d5a8`](https://togithub.com/nodejs/node/commit/bcb255d5a8)] - **deps**: V8: cherry-pick [`cb00db4`](https://togithub.com/nodejs/node/commit/cb00db4dba6c) (Keyhan Vakil) [#​48671](https://togithub.com/nodejs/node/pull/48671) - \[[`65a6c90fc6`](https://togithub.com/nodejs/node/commit/65a6c90fc6)] - **deps**: update acorn to 8.9.0 (Node.js GitHub Bot) [#​48484](https://togithub.com/nodejs/node/pull/48484) - \[[`6b6d5d91e9`](https://togithub.com/nodejs/node/commit/6b6d5d91e9)] - **deps**: update zlib to 1.2.13.1-motley-f81f385 (Node.js GitHub Bot) [#​48541](https://togithub.com/nodejs/node/pull/48541) - \[[`56249b0770`](https://togithub.com/nodejs/node/commit/56249b0770)] - **deps**: update googletest to [`ec4fed9`](https://togithub.com/nodejs/node/commit/ec4fed9) (Node.js GitHub Bot) [#​48538](https://togithub.com/nodejs/node/pull/48538) - \[[`8914a5204a`](https://togithub.com/nodejs/node/commit/8914a5204a)] - **deps**: update minimatch to 9.0.2 (Node.js GitHub Bot) [#​48542](https://togithub.com/nodejs/node/pull/48542) - \[[`1b960d9988`](https://togithub.com/nodejs/node/commit/1b960d9988)] - **deps**: update icu to 73.2 (Node.js GitHub Bot) [#​48502](https://togithub.com/nodejs/node/pull/48502) - \[[`f0e2e3c549`](https://togithub.com/nodejs/node/commit/f0e2e3c549)] - **deps**: update zlib to 1.2.13.1-motley-3ca9f16 (Node.js GitHub Bot) [#​48413](https://togithub.com/nodejs/node/pull/48413) - \[[`9cf8fe6b93`](https://togithub.com/nodejs/node/commit/9cf8fe6b93)] - **deps**: upgrade npm to 9.8.1 (npm team) [#​48838](https://togithub.com/nodejs/node/pull/48838) - \[[`d9ff473ff3`](https://togithub.com/nodejs/node/commit/d9ff473ff3)] - **deps**: upgrade npm to 9.8.0 (npm team) [#​48665](https://togithub.com/nodejs/node/pull/48665) - \[[`4a6177daad`](https://togithub.com/nodejs/node/commit/4a6177daad)] - **deps**: upgrade npm to 9.7.2 (npm team) [#​48514](https://togithub.com/nodejs/node/pull/48514) - \[[`104b58feb1`](https://togithub.com/nodejs/node/commit/104b58feb1)] - **deps**: update ada to 2.6.0 (Node.js GitHub Bot) [#​48896](https://togithub.com/nodejs/node/pull/48896) - \[[`7f7a125d78`](https://togithub.com/nodejs/node/commit/7f7a125d78)] - **deps**: update corepack to 0.19.0 (Node.js GitHub Bot) [#​48540](https://togithub.com/nodejs/node/pull/48540) - \[[`5e1eb451d1`](https://togithub.com/nodejs/node/commit/5e1eb451d1)] - **deps**: update corepack to 0.18.1 (Node.js GitHub Bot) [#​48483](https://togithub.com/nodejs/node/pull/48483) - \[[`3be53358bc`](https://togithub.com/nodejs/node/commit/3be53358bc)] - **deps**: add loong64 config into openssl gypi (Shi Pujin) [#​48043](https://togithub.com/nodejs/node/pull/48043) - \[[`555982c59e`](https://togithub.com/nodejs/node/commit/555982c59e)] - **deps**: upgrade npm to 9.7.1 (npm team) [#​48378](https://togithub.com/nodejs/node/pull/48378) - \[[`3c03ec0832`](https://togithub.com/nodejs/node/commit/3c03ec0832)] - **deps**: update simdutf to 3.2.14 (Node.js GitHub Bot) [#​48344](https://togithub.com/nodejs/node/pull/48344) - \[[`a2964a4583`](https://togithub.com/nodejs/node/commit/a2964a4583)] - **deps**: update ada to 2.5.1 (Node.js GitHub Bot) [#​48319](https://togithub.com/nodejs/node/pull/48319) - \[[`38f6e0d8cd`](https://togithub.com/nodejs/node/commit/38f6e0d8cd)] - **deps**: update zlib to [`982b036`](https://togithub.com/nodejs/node/commit/982b036) (Node.js GitHub Bot) [#​48327](https://togithub.com/nodejs/node/pull/48327) - \[[`f4617a4f81`](https://togithub.com/nodejs/node/commit/f4617a4f81)] - **deps**: add loongarch64 into openssl Makefile and gen openssl-loongarch64 (Shi Pujin) [#​46401](https://togithub.com/nodejs/node/pull/46401) - \[[`573eb4be12`](https://togithub.com/nodejs/node/commit/573eb4be12)] - **dgram**: socket add `asyncDispose` (atlowChemi) [#​48717](https://togithub.com/nodejs/node/pull/48717) - \[[`f3c4300e00`](https://togithub.com/nodejs/node/commit/f3c4300e00)] - **dgram**: use addAbortListener (atlowChemi) [#​48550](https://togithub.com/nodejs/node/pull/48550) - \[[`d3041df738`](https://togithub.com/nodejs/node/commit/d3041df738)] - **doc**: expand on squashing and rebasing to land a PR (Chengzhong Wu) [#​48751](https://togithub.com/nodejs/node/pull/48751) - \[[`249879e46c`](https://togithub.com/nodejs/node/commit/249879e46c)] - **doc**: add atlowChemi to collaborators (atlowChemi) [#​48757](https://togithub.com/nodejs/node/pull/48757) - \[[`42ecd46d1f`](https://togithub.com/nodejs/node/commit/42ecd46d1f)] - **doc**: fix ambiguity in http.md and https.md (an5er) [#​48692](https://togithub.com/nodejs/node/pull/48692) - \[[`e78824e053`](https://togithub.com/nodejs/node/commit/e78824e053)] - **doc**: add release key for Ulises Gascon (Ulises Gascón) [#​49196](https://togithub.com/nodejs/node/pull/49196) - \[[`1aa798d69f`](https://togithub.com/nodejs/node/commit/1aa798d69f)] - **doc**: clarify transform.\_transform() callback argument logic (Rafael Sofi-zada) [#​48680](https://togithub.com/nodejs/node/pull/48680) - \[[`d723e870a2`](https://togithub.com/nodejs/node/commit/d723e870a2)] - **doc**: mention git node release prepare (Rafael Gonzaga) [#​48644](https://togithub.com/nodejs/node/pull/48644) - \[[`a9a1394388`](https://togithub.com/nodejs/node/commit/a9a1394388)] - **doc**: fix options order (Luigi Pinca) [#​48617](https://togithub.com/nodejs/node/pull/48617) - \[[`989ea6858f`](https://togithub.com/nodejs/node/commit/989ea6858f)] - **doc**: update security release stewards (Rafael Gonzaga) [#​48569](https://togithub.com/nodejs/node/pull/48569) - \[[`f436ac1803`](https://togithub.com/nodejs/node/commit/f436ac1803)] - **doc**: update return type for describe (Shrujal Shah) [#​48572](https://togithub.com/nodejs/node/pull/48572) - \[[`fbe89e6320`](https://togithub.com/nodejs/node/commit/fbe89e6320)] - **doc**: run license-builder (github-actions\[bot]) [#​48552](https://togithub.com/nodejs/node/pull/48552) - \[[`f18b287bc3`](https://togithub.com/nodejs/node/commit/f18b287bc3)] - **doc**: add description of autoAllocateChunkSize in ReadableStream (Debadree Chatterjee) [#​48004](https://togithub.com/nodejs/node/pull/48004) - \[[`e2f3ed1444`](https://togithub.com/nodejs/node/commit/e2f3ed1444)] - **doc**: fix `filename` type in `watch` result (Dmitry Semigradsky) [#​48032](https://togithub.com/nodejs/node/pull/48032) - \[[`1fe75dc2b0`](https://togithub.com/nodejs/node/commit/1fe75dc2b0)] - **doc**: unnest `mime` and `MIMEParams` from MIMEType constructor (Dmitry Semigradsky) [#​47950](https://togithub.com/nodejs/node/pull/47950) - \[[`e1339d58e8`](https://togithub.com/nodejs/node/commit/e1339d58e8)] - **doc**: update security-release-process.md (Rafael Gonzaga) [#​48504](https://togithub.com/nodejs/node/pull/48504) - \[[`e8dc7bde6a`](https://togithub.com/nodejs/node/commit/e8dc7bde6a)] - **doc**: add vmoroz to collaborators (Vladimir Morozov) [#​48527](https://togithub.com/nodejs/node/pull/48527) - \[[`f8ba672c7b`](https://togithub.com/nodejs/node/commit/f8ba672c7b)] - **doc**: link to Runtime Keys in export conditions (Jacob Hummer) [#​48408](https://togithub.com/nodejs/node/pull/48408) - \[[`0056cb93e9`](https://togithub.com/nodejs/node/commit/0056cb93e9)] - **doc**: update fs flags documentation (sinkhaha) [#​48463](https://togithub.com/nodejs/node/pull/48463) - \[[`3cf3fb9479`](https://togithub.com/nodejs/node/commit/3cf3fb9479)] - **doc**: revise `error.md` introduction (Antoine du Hamel) [#​48423](https://togithub.com/nodejs/node/pull/48423) - \[[`7575d8b90e`](https://togithub.com/nodejs/node/commit/7575d8b90e)] - **doc**: add preveen-stack to triagers (Preveen P) [#​48387](https://togithub.com/nodejs/node/pull/48387) - \[[`820aa550a4`](https://togithub.com/nodejs/node/commit/820aa550a4)] - **doc**: refine when file is undefined in test events (Moshe Atlow) [#​48451](https://togithub.com/nodejs/node/pull/48451) - \[[`a30f2fbcc1`](https://togithub.com/nodejs/node/commit/a30f2fbcc1)] - **doc**: add kvakil to collaborators (Keyhan Vakil) [#​48449](https://togithub.com/nodejs/node/pull/48449) - \[[`239b4ea66f`](https://togithub.com/nodejs/node/commit/239b4ea66f)] - **doc**: mark `--import` as experimental (Moshe Atlow) [#​44067](https://togithub.com/nodejs/node/pull/44067) - \[[`2a561aefe2`](https://togithub.com/nodejs/node/commit/2a561aefe2)] - **doc**: add additional info on TSFN dispatch (Michael Dawson) [#​48367](https://togithub.com/nodejs/node/pull/48367) - \[[`5cc6eee30d`](https://togithub.com/nodejs/node/commit/5cc6eee30d)] - **doc**: add link for news from security wg (Michael Dawson) [#​48396](https://togithub.com/nodejs/node/pull/48396) - \[[`ffece88452`](https://togithub.com/nodejs/node/commit/ffece88452)] - **doc**: fix typo in events.md (Darshan Sen) [#​48436](https://togithub.com/nodejs/node/pull/48436) - \[[`06513585dc`](https://togithub.com/nodejs/node/commit/06513585dc)] - **doc**: run license-builder (github-actions\[bot]) [#​48336](https://togithub.com/nodejs/node/pull/48336) - \[[`d9a800ee5c`](https://togithub.com/nodejs/node/commit/d9a800ee5c)] - **esm**: fix emit deprecation on legacy main resolve (Antoine du Hamel) [#​48664](https://togithub.com/nodejs/node/pull/48664) - \[[`c39b7c240e`](https://togithub.com/nodejs/node/commit/c39b7c240e)] - **(SEMVER-MINOR)** **esm**: add `--import` flag (Moshe Atlow) [#​43942](https://togithub.com/nodejs/node/pull/43942) - \[[`a00464ee06`](https://togithub.com/nodejs/node/commit/a00464ee06)] - **esm**: fix specifier resolution and symlinks (Zack Newsham) [#​47674](https://togithub.com/nodejs/node/pull/47674) - \[[`3b8ec348b0`](https://togithub.com/nodejs/node/commit/3b8ec348b0)] - **events**: fix bug listenerCount don't compare wrapped listener (yuzheng14) [#​48592](https://togithub.com/nodejs/node/pull/48592) - \[[`a68a67f54d`](https://togithub.com/nodejs/node/commit/a68a67f54d)] - **(SEMVER-MINOR)** **events**: allow safely adding listener to abortSignal (Chemi Atlow) [#​48596](https://togithub.com/nodejs/node/pull/48596) - \[[`5354af3dab`](https://togithub.com/nodejs/node/commit/5354af3dab)] - **fs**: call the callback with an error if writeSync fails (killa) [#​47949](https://togithub.com/nodejs/node/pull/47949) - \[[`c3a27d1d3d`](https://togithub.com/nodejs/node/commit/c3a27d1d3d)] - **fs**: remove unneeded return statement (Luigi Pinca) [#​48526](https://togithub.com/nodejs/node/pull/48526) - \[[`3a8586bee2`](https://togithub.com/nodejs/node/commit/3a8586bee2)] - **fs, stream**: initial `Symbol.dispose` and `Symbol.asyncDispose` support (Moshe Atlow) [#​48518](https://togithub.com/nodejs/node/pull/48518) - \[[`01746c71df`](https://togithub.com/nodejs/node/commit/01746c71df)] - **http**: null the joinDuplicateHeaders property on cleanup (Luigi Pinca) [#​48608](https://togithub.com/nodejs/node/pull/48608) - \[[`d47eb73a85`](https://togithub.com/nodejs/node/commit/d47eb73a85)] - **http**: remove useless ternary in test (geekreal) [#​48481](https://togithub.com/nodejs/node/pull/48481) - \[[`977e9a38b4`](https://togithub.com/nodejs/node/commit/977e9a38b4)] - **http**: fix for handling on boot timers headers and request (Franciszek Koltuniuk) [#​48291](https://togithub.com/nodejs/node/pull/48291) - \[[`be88f7cd22`](https://togithub.com/nodejs/node/commit/be88f7cd22)] - **http2**: use addAbortListener (atlowChemi) [#​48550](https://togithub.com/nodejs/node/pull/48550) - \[[`7c7230a85c`](https://togithub.com/nodejs/node/commit/7c7230a85c)] - **http2**: send RST code 8 on AbortController signal (Devraj Mehta) [#​48573](https://togithub.com/nodejs/node/pull/48573) - \[[`f74c2fc72a`](https://togithub.com/nodejs/node/commit/f74c2fc72a)] - **lib**: use addAbortListener (atlowChemi) [#​48550](https://togithub.com/nodejs/node/pull/48550) - \[[`db355d1f37`](https://togithub.com/nodejs/node/commit/db355d1f37)] - **lib**: add option to force handling stopped events (Chemi Atlow) [#​48301](https://togithub.com/nodejs/node/pull/48301) - \[[`5d682c55a5`](https://togithub.com/nodejs/node/commit/5d682c55a5)] - **lib**: reduce url getters on `makeRequireFunction` (Yagiz Nizipli) [#​48492](https://togithub.com/nodejs/node/pull/48492) - \[[`5260f53e55`](https://togithub.com/nodejs/node/commit/5260f53e55)] - **lib**: add support for inherited custom inspection methods (Antoine du Hamel) [#​48306](https://togithub.com/nodejs/node/pull/48306) - \[[`69aaf8b1d1`](https://togithub.com/nodejs/node/commit/69aaf8b1d1)] - **lib**: remove invalid parameter to toASCII (Yagiz Nizipli) [#​48878](https://togithub.com/nodejs/node/pull/48878) - \[[`51863b80e4`](https://togithub.com/nodejs/node/commit/51863b80e4)] - **meta**: bump actions/checkout from 3.5.2 to 3.5.3 (dependabot\[bot]) [#​48625](https://togithub.com/nodejs/node/pull/48625) - \[[`7ec370991d`](https://togithub.com/nodejs/node/commit/7ec370991d)] - **meta**: bump step-security/harden-runner from 2.4.0 to 2.4.1 (dependabot\[bot]) [#​48626](https://togithub.com/nodejs/node/pull/48626) - \[[`34b8e980d4`](https://togithub.com/nodejs/node/commit/34b8e980d4)] - **meta**: bump ossf/scorecard-action from 2.1.3 to 2.2.0 (dependabot\[bot]) [#​48628](https://togithub.com/nodejs/node/pull/48628) - \[[`dfed9a7da9`](https://togithub.com/nodejs/node/commit/dfed9a7da9)] - **meta**: bump github/codeql-action from 2.3.6 to 2.20.1 (dependabot\[bot]) [#​48627](https://togithub.com/nodejs/node/pull/48627) - \[[`071eaadc5a`](https://togithub.com/nodejs/node/commit/071eaadc5a)] - **module**: add SourceMap.findOrigin (Isaac Z. Schlueter) [#​47790](https://togithub.com/nodejs/node/pull/47790) - \[[`bf1525c549`](https://togithub.com/nodejs/node/commit/bf1525c549)] - **module**: reduce url invocations in esm/load.js (Yagiz Nizipli) [#​48337](https://togithub.com/nodejs/node/pull/48337) - \[[`f8921630a2`](https://togithub.com/nodejs/node/commit/f8921630a2)] - **net**: server add `asyncDispose` (atlowChemi) [#​48717](https://togithub.com/nodejs/node/pull/48717) - \[[`b5f53d9a0b`](https://togithub.com/nodejs/node/commit/b5f53d9a0b)] - **net**: fix family autoselection SSL connection handling (Paolo Insogna) [#​48189](https://togithub.com/nodejs/node/pull/48189) - \[[`267439fc34`](https://togithub.com/nodejs/node/commit/267439fc34)] - **net**: rework autoSelectFamily implementation (Paolo Insogna) [#​46587](https://togithub.com/nodejs/node/pull/46587) - \[[`d3637cdbbf`](https://togithub.com/nodejs/node/commit/d3637cdbbf)] - **net**: fix address iteration with autoSelectFamily (Fedor Indutny) [#​48258](https://togithub.com/nodejs/node/pull/48258) - \[[`e8289a83f1`](https://togithub.com/nodejs/node/commit/e8289a83f1)] - **net**: fix family autoselection timeout handling (Paolo Insogna) [#​47860](https://togithub.com/nodejs/node/pull/47860) - \[[`863bdb785d`](https://togithub.com/nodejs/node/commit/863bdb785d)] - **net**: add autoSelectFamily global getter and setter (Paolo Insogna) [#​45777](https://togithub.com/nodejs/node/pull/45777) - \[[`04dc090bfa`](https://togithub.com/nodejs/node/commit/04dc090bfa)] - **node-api**: provide napi_define_properties fast path (Gabriel Schulhof) [#​48440](https://togithub.com/nodejs/node/pull/48440) - \[[`feb6a54dc3`](https://togithub.com/nodejs/node/commit/feb6a54dc3)] - **node-api**: implement external strings (Gabriel Schulhof) [#​48339](https://togithub.com/nodejs/node/pull/48339) - \[[`121f74c463`](https://togithub.com/nodejs/node/commit/121f74c463)] - **perf_hooks**: convert maxSize to IDL value in setResourceTimingBufferSize (Chengzhong Wu) [#​44902](https://togithub.com/nodejs/node/pull/44902) - \[[`804d880589`](https://togithub.com/nodejs/node/commit/804d880589)] - **permission**: fix data types in PrintTree (Tobias Nießen) [#​48770](https://togithub.com/nodejs/node/pull/48770) - \[[`7aaecce9bf`](https://togithub.com/nodejs/node/commit/7aaecce9bf)] - **permission**: add debug log when inserting fs nodes (Rafael Gonzaga) [#​48677](https://togithub.com/nodejs/node/pull/48677) - \[[`cb51ef2905`](https://togithub.com/nodejs/node/commit/cb51ef2905)] - **readline**: use addAbortListener (atlowChemi) [#​48550](https://togithub.com/nodejs/node/pull/48550) - \[[`07065d0814`](https://togithub.com/nodejs/node/commit/07065d0814)] - **report**: disable js stack when no context is entered (Chengzhong Wu) [#​48495](https://togithub.com/nodejs/node/pull/48495) - \[[`572b82ffef`](https://togithub.com/nodejs/node/commit/572b82ffef)] - **src**: make BaseObject iteration order deterministic (Joyee Cheung) [#​48702](https://togithub.com/nodejs/node/pull/48702) - \[[`3f65598a41`](https://togithub.com/nodejs/node/commit/3f65598a41)] - **src**: remove kEagerCompile for CompileFunction (Keyhan Vakil) [#​48671](https://togithub.com/nodejs/node/pull/48671) - \[[`f43eacac9b`](https://togithub.com/nodejs/node/commit/f43eacac9b)] - **src**: deduplicate X509 getter implementations (Tobias Nießen) [#​48563](https://togithub.com/nodejs/node/pull/48563) - \[[`0c19621bdc`](https://togithub.com/nodejs/node/commit/0c19621bdc)] - **src**: fix uninitialized field access in AsyncHooks (Jan Olaf Krems) [#​48566](https://togithub.com/nodejs/node/pull/48566) - \[[`0c38184d62`](https://togithub.com/nodejs/node/commit/0c38184d62)] - **src**: fix Coverity issue regarding unnecessary copy (Yagiz Nizipli) [#​48565](https://togithub.com/nodejs/node/pull/48565) - \[[`0d73009ba3`](https://togithub.com/nodejs/node/commit/0d73009ba3)] - **src**: refactor `SplitString` in util (Yagiz Nizipli) [#​48491](https://togithub.com/nodejs/node/pull/48491) - \[[`6c72622df9`](https://togithub.com/nodejs/node/commit/6c72622df9)] - **src**: handle wasm out of bound in osx will raise SIGBUS correctly (Congcong Cai) [#​46561](https://togithub.com/nodejs/node/pull/46561) - \[[`e4261809b0`](https://togithub.com/nodejs/node/commit/e4261809b0)] - **src**: replace idna functions with ada::idna (Yagiz Nizipli) [#​47735](https://togithub.com/nodejs/node/pull/47735) - \[[`3dd82b1820`](https://togithub.com/nodejs/node/commit/3dd82b1820)] - **stream**: use addAbortListener (atlowChemi) [#​48550](https://togithub.com/nodejs/node/pull/48550) - \[[`786fbdb824`](https://togithub.com/nodejs/node/commit/786fbdb824)] - **stream**: fix premature pipeline end (Robert Nagy) [#​48435](https://togithub.com/nodejs/node/pull/48435) - \[[`c224e1b255`](https://togithub.com/nodejs/node/commit/c224e1b255)] - **stream**: fix deadlock when pipeing to full sink (Robert Nagy) [#​48691](https://togithub.com/nodejs/node/pull/48691) - \[[`2c75b9ece2`](https://togithub.com/nodejs/node/commit/2c75b9ece2)] - **test**: fix flaky test-string-decode.js on x86 (Stefan Stojanovic) [#​48750](https://togithub.com/nodejs/node/pull/48750) - \[[`279c4f64c1`](https://togithub.com/nodejs/node/commit/279c4f64c1)] - **test**: mark test-http-regr-[gh-2928](https://togithub.com/nodejs/node/issues/2928) as flaky (Joyee Cheung) [#​49565](https://togithub.com/nodejs/node/pull/49565) - \[[`01eacccd9a`](https://togithub.com/nodejs/node/commit/01eacccd9a)] - **test**: deflake test-net-throttle (Luigi Pinca) [#​48599](https://togithub.com/nodejs/node/pull/48599) - \[[`33886b271c`](https://togithub.com/nodejs/node/commit/33886b271c)] - **test**: move test-net-throttle to parallel (Luigi Pinca) [#​48599](https://togithub.com/nodejs/node/pull/48599) - \[[`a79112b5f4`](https://togithub.com/nodejs/node/commit/a79112b5f4)] - ***Revert*** "**test**: remove test-crypto-keygen flaky designation" (Luigi Pinca) [#​48652](https://togithub.com/nodejs/node/pull/48652) - \[[`6ec57984db`](https://togithub.com/nodejs/node/commit/6ec57984db)] - **test**: add missing assertions to test-runner-cli (Moshe Atlow) [#​48593](https://togithub.com/nodejs/node/pull/48593) - \[[`dd1805e802`](https://togithub.com/nodejs/node/commit/dd1805e802)] - **test**: remove test-crypto-keygen flaky designation (Luigi Pinca) [#​48575](https://togithub.com/nodejs/node/pull/48575) - \[[`df9a9afc99`](https://togithub.com/nodejs/node/commit/df9a9afc99)] - **test**: remove test-timers-immediate-queue flaky designation (Luigi Pinca) [#​48575](https://togithub.com/nodejs/node/pull/48575) - \[[`3ae96ae380`](https://togithub.com/nodejs/node/commit/3ae96ae380)] - **test**: make IsolateData per-isolate in cctest (Joyee Cheung) [#​48450](https://togithub.com/nodejs/node/pull/48450) - \[[`f2ce8e0c06`](https://togithub.com/nodejs/node/commit/f2ce8e0c06)] - **test**: define NAPI_VERSION before including node_api.h (Chengzhong Wu) [#​48376](https://togithub.com/nodejs/node/pull/48376) - \[[`13ac0a5e26`](https://togithub.com/nodejs/node/commit/13ac0a5e26)] - **test**: remove unnecessary noop function args to `mustNotCall()` (Antoine du Hamel) [#​48513](https://togithub.com/nodejs/node/pull/48513) - \[[`8fdd4c55b3`](https://togithub.com/nodejs/node/commit/8fdd4c55b3)] - **test**: skip test-runner-watch-mode on IBMi (Moshe Atlow) [#​48473](https://togithub.com/nodejs/node/pull/48473) - \[[`9d90409241`](https://togithub.com/nodejs/node/commit/9d90409241)] - **test**: fix flaky test-watch-mode (Moshe Atlow) [#​48147](https://togithub.com/nodejs/node/pull/48147) - \[[`27a4bc7c32`](https://togithub.com/nodejs/node/commit/27a4bc7c32)] - **test**: add missing \ include for std::find (Sam James) [#​48380](https://togithub.com/nodejs/node/pull/48380) - \[[`cb92c4b9fe`](https://togithub.com/nodejs/node/commit/cb92c4b9fe)] - **test**: update url web-platform tests (Yagiz Nizipli) [#​48319](https://togithub.com/nodejs/node/pull/48319) - \[[`f35c4d3190`](https://togithub.com/nodejs/node/commit/f35c4d3190)] - **test**: ignore the copied entry_point.c (Luigi Pinca) [#​48297](https://togithub.com/nodejs/node/pull/48297) - \[[`41d1e6888f`](https://togithub.com/nodejs/node/commit/41d1e6888f)] - **test**: refactor test-gc-http-client-timeout (Luigi Pinca) [#​48292](https://togithub.com/nodejs/node/pull/48292) - \[[`125bca621a`](https://togithub.com/nodejs/node/commit/125bca621a)] - **test**: update encoding web-platform tests (Yagiz Nizipli) [#​48320](https://togithub.com/nodejs/node/pull/48320) - \[[`e9ac111d02`](https://togithub.com/nodejs/node/commit/e9ac111d02)] - **test**: update FileAPI web-platform tests (Yagiz Nizipli) [#​48322](https://togithub.com/nodejs/node/pull/48322) - \[[`3da57d17f5`](https://togithub.com/nodejs/node/commit/3da57d17f5)] - **test**: update user-timing web-platform tests (Yagiz Nizipli) [#​48321](https://togithub.com/nodejs/node/pull/48321) - \[[`c728b8a29b`](https://togithub.com/nodejs/node/commit/c728b8a29b)] - **test**: fix `test-net-autoselectfamily` for kernel without IPv6 support (Livia Medeiros) [#​45856](https://togithub.com/nodejs/node/pull/45856) - \[[`6de7aa1d19`](https://togithub.com/nodejs/node/commit/6de7aa1d19)] - **test**: move `test-tls-autoselectfamily-servername` to `test/internet` (Antoine du Hamel) [#​47029](https://togithub.com/nodejs/node/pull/47029) - \[[`2de9868292`](https://togithub.com/nodejs/node/commit/2de9868292)] - **test**: validate host with commas on url.parse (Yagiz Nizipli) [#​48878](https://togithub.com/nodejs/node/pull/48878) - \[[`e7d2e8ef2a`](https://togithub.com/nodejs/node/commit/e7d2e8ef2a)] - **test**: delete test-net-bytes-per-incoming-chunk-overhead (Michaël Zasso) [#​48811](https://togithub.com/nodejs/node/pull/48811) - \[[`f5494fa1b0`](https://togithub.com/nodejs/node/commit/f5494fa1b0)] - **test_runner**: fixed `test` shorthands return type (Shocker) [#​48555](https://togithub.com/nodejs/node/pull/48555) - \[[`7051cafdfa`](https://togithub.com/nodejs/node/commit/7051cafdfa)] - **test_runner**: make `--test-name-pattern` recursive (Moshe Atlow) [#​48382](https://togithub.com/nodejs/node/pull/48382) - \[[`f302286442`](https://togithub.com/nodejs/node/commit/f302286442)] - **test_runner**: refactor coverage report output for readability (Damien Seguin) [#​47791](https://togithub.com/nodejs/node/pull/47791) - \[[`7822a541e5`](https://togithub.com/nodejs/node/commit/7822a541e5)] - **timers**: support Symbol.dispose (Moshe Atlow) [#​48633](https://togithub.com/nodejs/node/pull/48633) - \[[`3eeca52db1`](https://togithub.com/nodejs/node/commit/3eeca52db1)] - **tls**: fix bugs of double TLS (rogertyang) [#​48969](https://togithub.com/nodejs/node/pull/48969) - \[[`4826379516`](https://togithub.com/nodejs/node/commit/4826379516)] - **tools**: run fetch_deps.py with Python 3 (Richard Lau) [#​48729](https://togithub.com/nodejs/node/pull/48729) - \[[`e2688c8d79`](https://togithub.com/nodejs/node/commit/e2688c8d79)] - **tools**: update doc to unist-util-select@5.0.0 unist-util-visit@5.0.0 (Node.js GitHub Bot) [#​48714](https://togithub.com/nodejs/node/pull/48714) - \[[`7399481096`](https://togithub.com/nodejs/node/commit/7399481096)] - **tools**: update lint-md-dependencies to rollup@3.26.2 (Node.js GitHub Bot) [#​48705](https://togithub.com/nodejs/node/pull/48705) - \[[`31c07153ce`](https://togithub.com/nodejs/node/commit/31c07153ce)] - **tools**: update eslint to 8.44.0 (Node.js GitHub Bot) [#​48632](https://togithub.com/nodejs/node/pull/48632) - \[[`4e53f51e24`](https://togithub.com/nodejs/node/commit/4e53f51e24)] - **tools**: update lint-md-dependencies to rollup@3.26.0 (Node.js GitHub Bot) [#​48631](https://togithub.com/nodejs/node/pull/48631) - \[[`7d52950a96`](https://togithub.com/nodejs/node/commit/7d52950a96)] - **tools**: update lint-md-dependencies (Node.js GitHub Bot) [#​48544](https://togithub.com/nodejs/node/pull/48544) - \[[`e168eab3ee`](https://togithub.com/nodejs/node/commit/e168eab3ee)] - **tools**: update lint-md-dependencies (Node.js GitHub Bot) [#​48486](https://togithub.com/nodejs/node/pull/48486) - \[[`9711bc24f6`](https://togithub.com/nodejs/node/commit/9711bc24f6)] - **tools**: replace sed with perl (Luigi Pinca) [#​48499](https://togithub.com/nodejs/node/pull/48499) - \[[`9c1937c0a7`](https://togithub.com/nodejs/node/commit/9c1937c0a7)] - **tools**: update eslint to 8.43.0 (Node.js GitHub Bot) [#​48487](https://togithub.com/nodejs/node/pull/48487) - \[[`9449f05ab1`](https://togithub.com/nodejs/node/commit/9449f05ab1)] - **tools**: update doc to to-vfile@8.0.0 (Node.js GitHub Bot) [#​48485](https://togithub.com/nodejs/node/pull/48485) - \[[`79dcd968b1`](https://togithub.com/nodejs/node/commit/79dcd968b1)] - **tools**: prepare tools/doc for to-vfile 8.0.0 (Rich Trott) [#​48485](https://togithub.com/nodejs/node/pull/48485) - \[[`538f388ac0`](https://togithub.com/nodejs/node/commit/538f388ac0)] - **tools**: update lint-md-dependencies (Node.js GitHub Bot) [#​48417](https://togithub.com/nodejs/node/pull/48417) - \[[`01bc10dcd5`](https://togithub.com/nodejs/node/commit/01bc10dcd5)] - **tools**: update create-or-update-pull-request-action (Richard Lau) [#​48398](https://togithub.com/nodejs/node/pull/48398) - \[[`590a072657`](https://togithub.com/nodejs/node/commit/590a072657)] - **tools**: update eslint-plugin-jsdoc (Richard Lau) [#​48393](https://togithub.com/nodejs/node/pull/48393) - \[[`6a5805491e`](https://togithub.com/nodejs/node/commit/6a5805491e)] - **tools**: update eslint to 8.42.0 (Node.js GitHub Bot) [#​48328](https://togithub.com/nodejs/node/pull/48328) - \[[`2eb13e3986`](https://togithub.com/nodejs/node/commit/2eb13e3986)] - **tools**: disable jsdoc/no-defaults rule (Luigi Pinca) [#​48328](https://togithub.com/nodejs/node/pull/48328) - \[[`3363cfa6c7`](https://togithub.com/nodejs/node/commit/3363cfa6c7)] - **typings**: remove unused primordials (Yagiz Nizipli) [#​48509](https://togithub.com/nodejs/node/pull/48509) - \[[`c59ae86ba0`](https://togithub.com/nodejs/node/commit/c59ae86ba0)] - **(SEMVER-MINOR)** **url**: add value argument to has and delete methods (Sankalp Shubham) [#​47885](https://togithub.com/nodejs/node/pull/47885) - \[[`f59c9636f4`](https://togithub.com/nodejs/node/commit/f59c9636f4)] - **url**: conform to origin getter spec changes (Yagiz Nizipli) [#​48319](https://togithub.com/nodejs/node/pull/48319) - \[[`0beb5ab93d`](https://togithub.com/nodejs/node/commit/0beb5ab93d)] - **url**: ensure getter access do not mutate observable symbols (Antoine du Hamel) [#​48897](https://togithub.com/nodejs/node/pull/48897) - \[[`0a022c496d`](https://togithub.com/nodejs/node/commit/0a022c496d)] - **util**: use `primordials.ArrayPrototypeIndexOf` instead of mutable method (DaisyDogs07) [#​48586](https://togithub.com/nodejs/node/pull/48586) ### [`v18.17.1`](https://togithub.com/nodejs/node/releases/tag/v18.17.1): 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @​RafaelGSS [Compare Source](https://togithub.com/nodejs/node/compare/v18.17.0...v18.17.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002): Policies can be bypassed via Module.\_load (High) - [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006): Policies can be bypassed by module.constructor.createRequire (Medium) - [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559): Policies can be bypassed via process.binding (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html). - [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html). - [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html) More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/) blog post. ##### Commits - \[[`fe3abdf82e`](https://togithub.com/nodejs/node/commit/fe3abdf82e)] - **deps**: update archs files for openssl-3.0.10+quic1 (Node.js GitHub Bot) [#​49036](https://togithub.com/nodejs/node/pull/49036) - \[[`2c5a522d9c`](https://togithub.com/nodejs/node/commit/2c5a522d9c)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.10+quic1 (Node.js GitHub Bot) [#​49036](https://togithub.com/nodejs/node/pull/49036) - \[[`15bced0bde`](https://togithub.com/nodejs/node/commit/15bced0bde)] - **policy**: handle Module.constructor and main.extensions bypass (RafaelGSS) [nodejs-private/node-private#417](https://togithub.com/nodejs-private/node-private/pull/417) - \[[`d4570fae35`](https://togithub.com/nodejs/node/commit/d4570fae35)] - **policy**: disable process.binding() when enabled (Tobias Nießen) [nodejs-private/node-private#460](https://togithub.com/nodejs-private/node-private/pull/460) ### [`v18.17.0`](https://togithub.com/nodejs/node/releases/tag/v18.17.0): 2023-07-18, Version 18.17.0 'Hydrogen' (LTS), @​danielleadams [Compare Source](https://togithub.com/nodejs/node/compare/v18.16.1...v18.17.0) ##### Notable Changes ##### Ada 2.0 Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url. Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4, while also eliminating the need for the ICU requirement for URL hostname parsing. Contributed by Yagiz Nizipli and Daniel Lemire in [#​47339](https://togithub.com/nodejs/node/pull/47339) ##### Web Crypto API Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations. This further improves interoperability with other implementations of Web Crypto API. Contributed by Filip Skokan in [#​46067](https://togithub.com/nodejs/node/pull/46067) - **crypto**: - update root certificates to NSS 3.89 (Node.js GitHub Bot) [#​47659](https://togithub.com/nodejs/node/pull/47659) - **dns**: - **(SEMVER-MINOR)** expose getDefaultResultOrder (btea) [#​46973](https://togithub.com/nodejs/node/pull/46973) - **doc**: - add ovflowd to collaborators (Claudio Wunder) [#​47844](https://togithub.com/nodejs/node/pull/47844) - add KhafraDev to collaborators (Matthew Aitken) [#​47510](https://togithub.com/nodejs/node/pull/47510) - **events**: - **(SEMVER-MINOR)** add getMaxListeners method (Matthew Aitken) [#​47039](https://togithub.com/nodejs/node/pull/47039) - **fs**: - **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#​47084](https://togithub.com/nodejs/node/pull/47084) - **(SEMVER-MINOR)** add recursive option to readdir and opendir (Ethan Arrowood) [#​41439](https://togithub.com/nodejs/node/pull/41439) - **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#​47084](https://togithub.com/nodejs/node/pull/47084) - **(SEMVER-MINOR)** implement byob mode for readableWebStream() (Debadree Chatterjee) [#​46933](https://togithub.com/nodejs/node/pull/46933) - **http**: - **(SEMVER-MINOR)** prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) [#​47732](https://togithub.com/nodejs/node/pull/47732) - **(SEMVER-MINOR)** remove internal error in assignSocket (Matteo Collina) [#​47723](https://togithub.com/nodejs/node/pull/47723) - **(SEMVER-MINOR)** add highWaterMark opt in http.createServer (HinataKah0) [#​47405](https://togithub.com/nodejs/node/pull/47405) - **lib**: - **(SEMVER-MINOR)** add webstreams to Duplex.from() (Debadree Chatterjee) [#​46190](https://togithub.com/nodejs/node/pull/46190) - **(SEMVER-MINOR)** implement AbortSignal.any() (Chemi Atlow) [#​47821](https://togithub.com/nodejs/node/pull/47821) - **module**: - change default resolver to not throw on unknown scheme (Gil Tayar) [#​47824](https://togithub.com/nodejs/node/pull/47824) - **node-api**: - **(SEMVER-MINOR)** define version 9 (Chengzhong Wu) [#​48151](https://togithub.com/nodejs/node/pull/48151) - **(SEMVER-MINOR)** deprecate napi_module_register (Vladimir Morozov) [#​46319](https://togithub.com/nodejs/node/pull/46319) - **stream**: - **(SEMVER-MINOR)** preserve object mode in compose (Raz Luvaton) [#​47413](https://togithub.com/nodejs/node/pull/47413) - **(SEMVER-MINOR)** add setter & getter for default highWaterMark ([#​46929](https://togithub.com/nodejs/node/issues/46929)) (Robert Nagy) [#​46929](https://togithub.com/nodejs/node/pull/46929) - **test**: - unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) [#​48078](https://togithub.com/nodejs/node/pull/48078) - **test_runner**: - **(SEMVER-MINOR)** add shorthands to `test` (Chemi Atlow) [#​47909](https://togithub.com/nodejs/node/pull/47909) - **(SEMVER-MINOR)** support combining coverage reports (Colin Ihrig) [#​47686](https://togithub.com/nodejs/node/pull/47686) - **(SEMVER-MINOR)** execute before hook on test (Chemi Atlow) [#​47586](https://togithub.com/nodejs/node/pull/47586) - **(SEMVER-MINOR)** expose reporter for use in run api (Chemi Atlow) [#​47238](https://togithub.com/nodejs/node/pull/47238) - **tools**: - update LICENSE and license-builder.sh (Santiago Gimeno) [#​48078](https://togithub.com/nodejs/node/pull/48078) - **url**: - **(SEMVER-MINOR)** implement URL.canParse (Matthew Aitken) [#​47179](https://togithub.com/nodejs/node/pull/47179) - **wasi**: - **(SEMVER-MINOR)** no longer require flag to enable wasi (Michael Dawson) [#​47286](https://togithub.com/nodejs/node/pull/47286) ##### Commits - \[[`2ba08ac002`](https://togithub.com/nodejs/node/commit/2ba08ac002)] - **benchmark**: use `cluster.isPrimary` instead of `cluster.isMaster` (Deokjin Kim) [#​48002](https://togithub.com/nodejs/node/pull/48002) - \[[`60ca69d96c`](https://togithub.com/nodejs/node/commit/60ca69d96c)] - **benchmark**: add eventtarget creation bench (Rafael Gonzaga) [#​47774](https://togithub.com/nodejs/node/pull/47774) - \[[`d8233d96bb`](https://togithub.com/nodejs/node/commit/d8233d96bb)] - **benchmark**: add a benchmark for `defaultResolve` (Antoine du Hamel) [#​47543](https://togithub.com/nodejs/node/pull/47543) - \[[`a1aabb6912`](https://togithub.com/nodejs/node/commit/a1aabb6912)] - **benchmark**: fix invalid requirementsURL (Deokjin Kim) [#​47378](https://togithub.com/nodejs/node/pull/47378) - \[[`394c61caf9`](https://togithub.com/nodejs/node/commit/394c61caf9)] - **bootstrap**: support namespaced builtins in snapshot scripts (Joyee Cheung) [#​47467](https://togithub.com/nodejs/node/pull/47467) - \[[`0165a765a0`](https://togithub.com/nodejs/node/commit/0165a765a0)] - **bootstrap**: do not expand process.argv\[1] for snapshot entry points (Joyee Cheung) [#​47466](https://togithub.com/nodejs/node/pull/47466) - \[[`cca557cdd9`](https://togithub.com/nodejs/node/commit/cca557cdd9)] - **buffer**: combine checking range of sourceStart in `buf.copy` (Deokjin Kim) [#​47758](https://togithub.com/nodejs/node/pull/47758) - \[[`4c69be467c`](https://togithub.com/nodejs/node/commit/4c69be467c)] - **buffer**: use private properties for brand checks in File (Matthew Aitken) [#​47154](https://togithub.com/nodejs/node/pull/47154) - \[[`d002f9b6e2`](https://togithub.com/nodejs/node/commit/d002f9b6e2)] - **build**: revert unkonwn ruff selector (Moshe Atlow) [#​48753](https://togithub.com/nodejs/node/pull/48753) - \[[`93f77cb762`](https://togithub.com/nodejs/node/commit/93f77cb762)] - **build**: set v8\_enable_webassembly=false when lite mode is enabled (Cheng Shao) [#​48248](https://togithub.com/nodejs/node/pull/48248) - \[[`1662e894f3`](https://togithub.com/nodejs/node/commit/1662e894f3)] - **build**: add action to close stale PRs (Michael Dawson) [#​48051](https://togithub.com/nodejs/node/pull/48051) - \[[`5ca437b288`](https://togithub.com/nodejs/node/commit/5ca437b288)] - **build**: use pathlib for paths (Mohammed Keyvanzadeh) [#​47581](https://togithub.com/nodejs/node/pull/47581) - \[[`72443bc54b`](https://togithub.com/nodejs/node/commit/72443bc54b)] - **build**: refactor configure.py (Mohammed Keyvanzadeh) [#​47667](https://togithub.com/nodejs/node/pull/47667) - \[[`d4eecb5be9`](https://togithub.com/nodejs/node/commit/d4eecb5be9)] - **build**: add devcontainer configuration (Tierney Cyren) [#​40825](https://togithub.com/nodejs/node/pull/40825) - \[[`803ed41144`](https://togithub.com/nodejs/node/commit/803ed41144)] - **build**: bump ossf/scorecard-action from 2.1.2 to 2.1.3 (dependabot\[bot]) [#​47367](https://togithub.com/nodejs/node/pull/47367) - \[[`48468c4413`](https://togithub.com/nodejs/node/commit/48468c4413)] - **build**: replace Python linter flake8 with ruff (Christian Clauss) [#​47519](https://togithub.com/nodejs/node/pull/47519) - \[[`3ceb2c4387`](https://togithub.com/nodejs/node/commit/3ceb2c4387)] - **build**: add node-core-utils to setup (Jiawen Geng) [#​47442](https://togithub.com/nodejs/node/pull/47442) - \[[`fdc59b8e14`](https://togithub.com/nodejs/node/commit/fdc59b8e14)] - **build**: bump github/codeql-action from 2.2.6 to 2.2.9 (dependabot\[bot]) [#​47366](https://togithub.com/nodejs/node/pull/47366) - \[[`3924893023`](https://togithub.com/nodejs/node/commit/3924893023)] - **build**: update stale action from v7 to v8 (Rich Trott) [#​47357](https://togithub.com/nodejs/node/pull/47357) - \[[`753185c5b0`](https://togithub.com/nodejs/node/commit/753185c5b0)] - **build**: remove Python pip `--no-user` option (Christian Clauss) [#​47372](https://togithub.com/nodejs/node/pull/47372) - \[[`67af0a6a2b`](https://togithub.com/nodejs/node/commit/67af0a6a2b)] - **build**: avoid usage of pipes library (Mohammed Keyvanzadeh) [#​47271](https://togithub.com/nodejs/node/pull/47271) - \[[`db910dd6b2`](https://togithub.com/nodejs/node/commit/db910dd6b2)] - **build, deps, tools**: avoid excessive LTO (Konstantin Demin) [#​47313](https://togithub.com/nodejs/node/pull/47313) - \[[`35d1def891`](https://togithub.com/nodejs/node/commit/35d1def891)] - **child_process**: use signal.reason in child process abort (Debadree Chatterjee) [#​47817](https://togithub.com/nodejs/node/pull/47817) - \[[`7692d2e7b9`](https://togithub.com/nodejs/node/commit/7692d2e7b9)] - **cluster**: use ObjectPrototypeHasOwnProperty (Daeyeon Jeong) [#​48141](https://togithub.com/nodejs/node/pull/48141) - \[[`7617772762`](https://togithub.com/nodejs/node/commit/7617772762)] - **crypto**: use openssl's own memory BIOs in crypto_context.cc (GauriSpears) [#​47160](https://togithub.com/nodejs/node/pull/47160) - \[[`8cabfe7c6e`](https://togithub.com/nodejs/node/commit/8cabfe7c6e)] - **crypto**: fix setEngine() when OPENSSL_NO_ENGINE set (Tobias Nießen) [#​47977](https://togithub.com/nodejs/node/pull/47977) - \[[`de1338da05`](https://togithub.com/nodejs/node/commit/de1338da05)] - **crypto**: fix webcrypto private/secret import with empty usages (Filip Skokan) [#​47877](https://togithub.com/nodejs/node/pull/47877) - \[[`27a696fda9`](https://togithub.com/nodejs/node/commit/27a696fda9)] - **crypto**: update root certificates to NSS 3.89 (Node.js GitHub Bot) [#​47659](https://togithub.com/nodejs/node/pull/47659) - \[[`e2292f936e`](https://togithub.com/nodejs/node/commit/e2292f936e)] - **crypto**: remove INT_MAX restriction in randomBytes (Tobias Nießen) [#​47559](https://togithub.com/nodejs/node/pull/47559) - \[[`a5f214c00c`](https://togithub.com/nodejs/node/commit/a5f214c00c)] - **crypto**: replace THROW with CHECK for scrypt keylen (Tobias Nießen) [#​47407](https://togithub.com/nodejs/node/pull/47407) - \[[`dd42214fd4`](https://togithub.com/nodejs/node/commit/dd42214fd4)] - **crypto**: unify validation of checkPrime checks (Tobias Nießen) [#​47165](https://togithub.com/nodejs/node/pull/47165) - \[[`76e4d12fb3`](https://togithub.com/nodejs/node/commit/76e4d12fb3)] - **crypto**: re-add padding for AES-KW wrapped JWKs (Filip Skokan) [#​46563](https://togithub.com/nodejs/node/pull/46563) - \[[`9d894c17dd`](https://togithub.com/nodejs/node/commit/9d894c17dd)] - **crypto**: use WebIDL converters in WebCryptoAPI (Filip Skokan) [#​46067](https://togithub.com/nodejs/node/pull/46067) - \[[`6f3a8b45a5`](https://togithub.com/nodejs/node/commit/6f3a8b45a5)] - **deps**: update ada to 2.5.0 (Node.js GitHub Bot) [#​48223](https://togithub.com/nodejs/node/pull/48223) - \[[`075b6db919`](https://togithub.com/nodejs/node/commit/075b6db919)] - **deps**: update ada to 2.4.2 (Node.js GitHub Bot) [#​48092](https://togithub.com/nodejs/node/pull/48092) - \[[`a4ee1f652c`](https://togithub.com/nodejs/node/commit/a4ee1f652c)] - **deps**: update ada to 2.4.1 (Node.js GitHub Bot) [#​48036](https://togithub.com/nodejs/node/pull/48036) - \[[`81b514d3f0`](https://togithub.com/nodejs/node/commit/81b514d3f0)] - **deps**: update ada to 2.4.0 (Node.js GitHub Bot) [#​47922](https://togithub.com/nodejs/node/pull/47922) - \[[`575ddf694f`](https://togithub.com/nodejs/node/commit/575ddf694f)] - **deps**: update ada to 2.3.1 (Node.js GitHub Bot) [#​47893](https://togithub.com/nodejs/node/pull/47893) - \[[`2d03d5f458`](https://togithub.com/nodejs/node/commit/2d03d5f458)] - **deps**: update ada to 2.3.0 (Node.js GitHub Bot) [#​47737](https://togithub.com/nodejs/node/pull/47737) - \[[`42e690f2d5`](https://togithub.com/nodejs/node/commit/42e690f2d5)] - **deps**: update ada to 2.2.0 (Node.js GitHub Bot) [#​47678](https://togithub.com/nodejs/node/pull/47678) - \[[`08dd271521`](https://togithub.com/nodejs/node/commit/08dd271521)] - **deps**: update ada to 2.1.0 (Node.js GitHub Bot) [#​47598](https://togithub.com/nodejs/node/pull/47598) - \[[`96c50ba71f`](https://togithub.com/nodejs/node/commit/96c50ba71f)] - **deps**: update ada to 2.0.0 (Node.js GitHub Bot) [#​47339](https://togithub.com/nodejs/node/pull/47339) - \[[`4d1c38b758`](https://togithub.com/nodejs/node/commit/4d1c38b758)] - **deps**: update zlib to [`337322d`](https://togithub.com/nodejs/node/commit/337322d) (Node.js GitHub Bot) [#​48218](https://togithub.com/nodejs/node/pull/48218) - \[[`74206b2549`](https://togithub.com/nodejs/node/commit/74206b2549)] - **deps**: update histogram 0.11.8 (Marco Ippolito) [#​47742](https://togithub.com/nodejs/node/pull/47742) - \[[`fbb4b3775d`](https://togithub.com/nodejs/node/commit/fbb4b3775d)] - **deps**: update histogram to 0.11.7 (Marco Ippolito) [#​47742](https://togithub.com/nodejs/node/pull/47742) - \[[`e88c079022`](https://togithub.com/nodejs/node/commit/e88c079022)] - **deps**: update simdutf to 3.2.12 (Node.js GitHub Bot) [#​48118](https://togithub.com/nodejs/node/pull/48118) - \[[`48bd1248b9`](https://togithub.com/nodejs/node/commit/48bd1248b9)] - **deps**: update minimatch to 9.0.1 (Node.js GitHub Bot) [#​48094](https://togithub.com/nodejs/node/pull/48094) - \[[`d4572d31fa`](https://togithub.com/nodejs/node/commit/d4572d31fa)] - **deps**: update corepack to 0.18.0 (Node.js GitHub Bot) [#​48091](https://togithub.com/nodejs/node/pull/48091) - \[[`8090d29dc4`](https://togithub.com/nodejs/node/commit/8090d29dc4)] - **deps**: update uvwasi to 0.0.18 (Node.js GitHub Bot) [#​47866](https://togithub.com/nodejs/node/pull/47866) - \[[`169c8eea2e`](https://togithub.com/nodejs/node/commit/169c8eea2e)] - **deps**: update uvwasi to 0.0.17 (Node.js GitHub Bot) [#​47866](https://togithub.com/nodejs/node/pull/47866) - \[[`6acbb23380`](https://togithub.com/nodejs/node/commit/6acbb23380)] - **deps**: upgrade npm to 9.6.7 (npm team)

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Moscow, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.

viezly[bot] commented 1 year ago

Pull request by bot. No need to analyze

github-actions[bot] commented 1 year ago

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.

github-actions[bot] commented 1 year ago

Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.

github-actions[bot] commented 1 year ago

Hello from PR Helper

Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.

If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.