Open renovate[bot] opened 4 years ago
This PR contains the following updates:
10.18.1
10.21.0
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
This PR contains the following updates:
10.18.1->10.21.010.18.1->10.21.0Release Notes
nodejs/node
### [`v10.21.0`](https://togithub.com/nodejs/node/releases/v10.21.0) [Compare Source](https://togithub.com/nodejs/node/compare/v10.20.1...v10.21.0) ##### Notable changes This is a security release. Vulnerabilities fixed: - **CVE-2020-8174**: napi_get_value_string_\*() allows various kinds of memory corruption (High). - **CVE-2020-10531**: ICU-20958 Prevent SEGV_MAPERR in append (High). - **CVE-2020-11080**: HTTP/2 Large Settings Frame DoS (Low). ##### Commits - \[[`0ad7970256`](https://togithub.com/nodejs/node/commit/0ad7970256)] - **deps**: fix OPENSSLDIR on Windows (Shigeki Ohtsu) [#29456](https://togithub.com/nodejs/node/pull/29456) - \[[`bd78c6ea46`](https://togithub.com/nodejs/node/commit/bd78c6ea46)] - **deps**: backport ICU-20958 to fix CVE-2020-10531 (Richard Lau) [#33572](https://togithub.com/nodejs/node/pull/33572) - \[[`33e9a12241`](https://togithub.com/nodejs/node/commit/33e9a12241)] - **(SEMVER-MINOR)** **deps**: update nghttp2 to 1.41.0 (James M Snell) [nodejs-private/node-private#204](https://togithub.com/nodejs-private/node-private/pull/204) - \[[`881c244a4e`](https://togithub.com/nodejs/node/commit/881c244a4e)] - **(SEMVER-MINOR)** **http2**: implement support for max settings entries (James M Snell) [nodejs-private/node-private#204](https://togithub.com/nodejs-private/node-private/pull/204) - \[[`cd9827f105`](https://togithub.com/nodejs/node/commit/cd9827f105)] - **napi**: fix memory corruption vulnerability (Tobias Nießen) [nodejs-private/node-private#203](https://togithub.com/nodejs-private/node-private/pull/203) ### [`v10.20.1`](https://togithub.com/nodejs/node/releases/v10.20.1) [Compare Source](https://togithub.com/nodejs/node/compare/v10.20.0...v10.20.1) ##### Notable changes Due to release process failures, Node.js v10.20.0 shipped with source and header tarballs that did not properly match the final release commit that was used to build the binaries. We recommend that Node.js v10.20.0 not be used, particularly in any applications using native add-ons or where compiling Node.js from source is involved. Node.js v10.20.1 is a clean release with the correct sources and is strongly recommended in place of v10.20.0. ### [`v10.20.0`](https://togithub.com/nodejs/node/releases/v10.20.0) [Compare Source](https://togithub.com/nodejs/node/compare/v10.19.0...v10.20.0) ##### macOS package notarization and a change in builder configuration The macOS binaries for this release, and future 10.x releases, are now being compiled on macOS 10.15 (Catalina) with Xcode 11 to support package notarization, a requirement for installing .pkg files on macOS 10.15 and later. Previous builds of Node.js 10.x were compiled on macOS 10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion). As binaries are still being compiled to support a minimum of macOS 10.7 (Lion) we do not anticipate this having a negative impact on Node.js 10.x users with older versions of macOS. ##### Notable changes - **buffer**: add {read|write}Big\[U]Int64{BE|LE} methods (garygsc) [#19691](https://togithub.com/nodejs/node/pull/19691) - **build**: macOS package notarization (Rod Vagg) [#31459](https://togithub.com/nodejs/node/pull/31459) - **deps**: - update npm to 6.14.3 (Myles Borins) [#32368](https://togithub.com/nodejs/node/pull/32368) - upgrade openssl sources to 1.1.1e (Hassaan Pasha) [#32328](https://togithub.com/nodejs/node/pull/32328) - upgrade to libuv 1.34.2 (cjihrig) [#31477](https://togithub.com/nodejs/node/pull/31477) - **n-api**: - add napi_get_all_property_names (himself65) [#30006](https://togithub.com/nodejs/node/pull/30006) - add APIs for per-instance state management (Gabriel Schulhof) [#28682](https://togithub.com/nodejs/node/pull/28682) - define release 6 [#32058](https://togithub.com/nodejs/node/pull/32058) - turn NAPI_CALL_INTO_MODULE into a function (Anna Henningsen) [#26128](https://togithub.com/nodejs/node/pull/26128) - **tls**: - expose keylog event on TLSSocket (Alba Mendez) [#27654](https://togithub.com/nodejs/node/pull/27654) - support TLS min/max protocol defaults in CLI (Sam Roberts) [#27946](https://togithub.com/nodejs/node/pull/27946) - **url**: handle quasi-WHATWG URLs in urlToOptions() (cjihrig) [#26226](https://togithub.com/nodejs/node/pull/26226) ##### Commits - \[[`64744a282e`](https://togithub.com/nodejs/node/commit/64744a282e)] - **(SEMVER-MINOR)** **buffer**: add {read|write}Big\[U]Int64{BE|LE} methods (garygsc) [#19691](https://togithub.com/nodejs/node/pull/19691) - \[[`8a0ed8f1ff`](https://togithub.com/nodejs/node/commit/8a0ed8f1ff)] - **build**: macOS package notarization (Rod Vagg) [#31459](https://togithub.com/nodejs/node/pull/31459) - \[[`42af3b861a`](https://togithub.com/nodejs/node/commit/42af3b861a)] - **build,win**: fix goto exit in vcbuild (João Reis) [#30931](https://togithub.com/nodejs/node/pull/30931) - \[[`b164a2e3bf`](https://togithub.com/nodejs/node/commit/b164a2e3bf)] - **console**: add trace-events for time and count (James M Snell) [#23703](https://togithub.com/nodejs/node/pull/23703) - \[[`04cd67f85e`](https://togithub.com/nodejs/node/commit/04cd67f85e)] - **deps**: upgrade npm to 6.14.4 (Ruy Adorno) [#32495](https://togithub.com/nodejs/node/pull/32495) - \[[`8d85a43d99`](https://togithub.com/nodejs/node/commit/8d85a43d99)] - **deps**: update term-size with signed version (Rod Vagg) [#31459](https://togithub.com/nodejs/node/pull/31459) - \[[`76033c5495`](https://togithub.com/nodejs/node/commit/76033c5495)] - **deps**: update archs files for OpenSSL-1.1.1e (Hassaan Pasha) [#32328](https://togithub.com/nodejs/node/pull/32328) - \[[`64c184836b`](https://togithub.com/nodejs/node/commit/64c184836b)] - **deps**: adjust openssl configuration for 1.1.1e (Hassaan Pasha) [#32328](https://togithub.com/nodejs/node/pull/32328) - \[[`c8f5ab2089`](https://togithub.com/nodejs/node/commit/c8f5ab2089)] - **deps**: upgrade openssl sources to 1.1.1e (Hassaan Pasha) [#32328](https://togithub.com/nodejs/node/pull/32328) - \[[`bf26c44c92`](https://togithub.com/nodejs/node/commit/bf26c44c92)] - **deps**: remove \*.pyc files from deps/npm (Ben Noordhuis) [#32387](https://togithub.com/nodejs/node/pull/32387) - \[[`c2b3cf61ce`](https://togithub.com/nodejs/node/commit/c2b3cf61ce)] - **deps**: update npm to 6.14.3 (Myles Borins) [#32368](https://togithub.com/nodejs/node/pull/32368) - \[[`8cae4dde91`](https://togithub.com/nodejs/node/commit/8cae4dde91)] - **deps**: upgrade npm to 6.14.1 (Isaac Z. Schlueter) [#31977](https://togithub.com/nodejs/node/pull/31977) - \[[`47046aa5a9`](https://togithub.com/nodejs/node/commit/47046aa5a9)] - **deps**: openssl: cherry-pick [`4dcb150`](https://togithub.com/nodejs/node/commit/4dcb150ea30f) (Adam Majer) [#32002](https://togithub.com/nodejs/node/pull/32002) - \[[`098704c85d`](https://togithub.com/nodejs/node/commit/098704c85d)] - **deps**: upgrade to libuv 1.34.2 (Colin Ihrig) [#31477](https://togithub.com/nodejs/node/pull/31477) - \[[`4b1cccc4ce`](https://togithub.com/nodejs/node/commit/4b1cccc4ce)] - **deps**: upgrade to libuv 1.34.1 (Colin Ihrig) [#31332](https://togithub.com/nodejs/node/pull/31332) - \[[`fff6162693`](https://togithub.com/nodejs/node/commit/fff6162693)] - **(SEMVER-MINOR)** **deps**: upgrade to libuv 1.34.0 (Colin Ihrig) [#30783](https://togithub.com/nodejs/node/pull/30783) - \[[`6826ef0568`](https://togithub.com/nodejs/node/commit/6826ef0568)] - **deps**: upgrade to libuv 1.33.1 (Colin Ihrig) [#29996](https://togithub.com/nodejs/node/pull/29996) - \[[`aed7ca4fb0`](https://togithub.com/nodejs/node/commit/aed7ca4fb0)] - **deps**: upgrade to libuv 1.32.0 (Colin Ihrig) [#29508](https://togithub.com/nodejs/node/pull/29508) - \[[`794abbc758`](https://togithub.com/nodejs/node/commit/794abbc758)] - **deps**: upgrade to libuv 1.31.0 (Colin Ihrig) [#29070](https://togithub.com/nodejs/node/pull/29070) - \[[`ed71f55a54`](https://togithub.com/nodejs/node/commit/ed71f55a54)] - **deps**: upgrade to libuv 1.30.1 (Colin Ihrig) [#28511](https://togithub.com/nodejs/node/pull/28511) - \[[`7cde563235`](https://togithub.com/nodejs/node/commit/7cde563235)] - **deps**: upgrade to libuv 1.30.0 (Colin Ihrig) [#28449](https://togithub.com/nodejs/node/pull/28449) - \[[`b53ce6e6c5`](https://togithub.com/nodejs/node/commit/b53ce6e6c5)] - **deps**: upgrade to libuv 1.29.1 (Colin Ihrig) [#27718](https://togithub.com/nodejs/node/pull/27718) - \[[`9b2b66b7d8`](https://togithub.com/nodejs/node/commit/9b2b66b7d8)] - **deps**: V8: cherry-pick [`d89f4ef`](https://togithub.com/nodejs/node/commit/d89f4ef1cd62) (Milad Farazmand) [#31753](https://togithub.com/nodejs/node/pull/31753) - \[[`7eac95981e`](https://togithub.com/nodejs/node/commit/7eac95981e)] - **deps**: upgrade npm to 6.13.7 (Michael Perrotte) [#31558](https://togithub.com/nodejs/node/pull/31558) - \[[`db24641fbe`](https://togithub.com/nodejs/node/commit/db24641fbe)] - **deps**: upgrade npm to 6.13.6 (Ruy Adorno) [#31304](https://togithub.com/nodejs/node/pull/31304) - \[[`2e3d511cff`](https://togithub.com/nodejs/node/commit/2e3d511cff)] - **doc**: correct version metadata for Readable.from (Dave Vandyke) [#32639](https://togithub.com/nodejs/node/pull/32639) - \[[`34c1c2a82b`](https://togithub.com/nodejs/node/commit/34c1c2a82b)] - **doc**: add missing version metadata for Readable.from (Anna Henningsen) [#28695](https://togithub.com/nodejs/node/pull/28695) - \[[`aa7d369c72`](https://togithub.com/nodejs/node/commit/aa7d369c72)] - **doc**: update releaser list in README.md (Myles Borins) [#32577](https://togithub.com/nodejs/node/pull/32577) - \[[`05f5b3ecc4`](https://togithub.com/nodejs/node/commit/05f5b3ecc4)] - **doc**: remove em dashes (Rich Trott) [#32080](https://togithub.com/nodejs/node/pull/32080) - \[[`ffa9f9bd1b`](https://togithub.com/nodejs/node/commit/ffa9f9bd1b)] - **doc**: fix changelog for v10.18.1 (Andrew Hughes) [#31358](https://togithub.com/nodejs/node/pull/31358) - \[[`0177464b0e`](https://togithub.com/nodejs/node/commit/0177464b0e)] - **doc,tools**: get altDocs versions from CHANGELOG.md (Richard Lau) [#27661](https://togithub.com/nodejs/node/pull/27661) - \[[`e9c590ea00`](https://togithub.com/nodejs/node/commit/e9c590ea00)] - **(SEMVER-MINOR)** **n-api**: define release 6 (Gabriel Schulhof) [#32058](https://togithub.com/nodejs/node/pull/32058) - \[[`239377b654`](https://togithub.com/nodejs/node/commit/239377b654)] - **(SEMVER-MINOR)** **n-api**: correct instance data tests (Gabriel Schulhof) [#32488](https://togithub.com/nodejs/node/pull/32488) - \[[`ecbb331be0`](https://togithub.com/nodejs/node/commit/ecbb331be0)] - **(SEMVER-MINOR)** **n-api**: add napi_get_all_property_names (himself65) [#30006](https://togithub.com/nodejs/node/pull/30006) - \[[`f29fb14cf6`](https://togithub.com/nodejs/node/commit/f29fb14cf6)] - **(SEMVER-MINOR)** **n-api**: add APIs for per-instance state management (Gabriel Schulhof) [#28682](https://togithub.com/nodejs/node/pull/28682) - \[[`20177b9946`](https://togithub.com/nodejs/node/commit/20177b9946)] - **n-api**: turn NAPI_CALL_INTO_MODULE into a function (Anna Henningsen) [#26128](https://togithub.com/nodejs/node/pull/26128) - \[[`017909b847`](https://togithub.com/nodejs/node/commit/017909b847)] - **test**: fix tool path in test-doctool-versions.js (Richard Lau) [#32645](https://togithub.com/nodejs/node/pull/32645) - \[[`1ea70d641d`](https://togithub.com/nodejs/node/commit/1ea70d641d)] - **test**: fix flaky doctool and test (Rich Trott) [#29979](https://togithub.com/nodejs/node/pull/29979) - \[[`89692ff19b`](https://togithub.com/nodejs/node/commit/89692ff19b)] - **test**: end tls connection with some data (Sam Roberts) [#32328](https://togithub.com/nodejs/node/pull/32328) - \[[`9bd1317764`](https://togithub.com/nodejs/node/commit/9bd1317764)] - **test**: mark empty udp tests flaky on OS X (Sam Roberts) [#31936](https://togithub.com/nodejs/node/pull/31936) - \[[`5484e061b5`](https://togithub.com/nodejs/node/commit/5484e061b5)] - **test**: scale keepalive timeouts for slow machines (Ben Noordhuis) [#30834](https://togithub.com/nodejs/node/pull/30834) - \[[`3f9cec3f51`](https://togithub.com/nodejs/node/commit/3f9cec3f51)] - **test**: add debugging output to test-net-listen-after-destroy-stdin (Rich Trott) [#31698](https://togithub.com/nodejs/node/pull/31698) - \[[`f1a8791316`](https://togithub.com/nodejs/node/commit/f1a8791316)] - **test**: allow EAI_FAIL in test-http-dns-error.js (Colin Ihrig) [#27500](https://togithub.com/nodejs/node/pull/27500) - \[[`4b9a77909b`](https://togithub.com/nodejs/node/commit/4b9a77909b)] - **test**: mark tests as flaky (João Reis) [#30848](https://togithub.com/nodejs/node/pull/30848) - \[[`a8fd8a1a61`](https://togithub.com/nodejs/node/commit/a8fd8a1a61)] - **test**: mark http2 tests as flaky on 10.x (AshCripps) [#31887](https://togithub.com/nodejs/node/pull/31887) - \[[`2315270cb6`](https://togithub.com/nodejs/node/commit/2315270cb6)] - **test**: try to stabalize test-child-process-fork-exec-path.js (Refael Ackermann) [#27277](https://togithub.com/nodejs/node/pull/27277) - \[[`a2b0e9ef6a`](https://togithub.com/nodejs/node/commit/a2b0e9ef6a)] - **(SEMVER-MINOR)** **tls**: expose keylog event on TLSSocket (Alba Mendez) [#27654](https://togithub.com/nodejs/node/pull/27654) - \[[`1cfb45732a`](https://togithub.com/nodejs/node/commit/1cfb45732a)] - **(SEMVER-MINOR)** **tls**: support TLS min/max protocol defaults in CLI (Sam Roberts) [#27946](https://togithub.com/nodejs/node/pull/27946) - \[[`a175b8d3a7`](https://togithub.com/nodejs/node/commit/a175b8d3a7)] - **tools**: only fetch previous versions when necessary (Richard Lau) [#32518](https://togithub.com/nodejs/node/pull/32518) - \[[`3756be8511`](https://togithub.com/nodejs/node/commit/3756be8511)] - **tools**: add NODE_TEST_NO_INTERNET to the doc builder (Joyee Cheung) [#31849](https://togithub.com/nodejs/node/pull/31849) - \[[`ac1ea7312a`](https://togithub.com/nodejs/node/commit/ac1ea7312a)] - **tools**: make doctool work if no internet available (Richard Lau) [#30214](https://togithub.com/nodejs/node/pull/30214) - \[[`f235eea8b3`](https://togithub.com/nodejs/node/commit/f235eea8b3)] - **tools**: unify make-v8.sh for ppc64le and s390x (Richard Lau) [#31628](https://togithub.com/nodejs/node/pull/31628) - \[[`61e2d4856d`](https://togithub.com/nodejs/node/commit/61e2d4856d)] - **tools**: use CC instead of CXX when pointing to gcc (Milad Farazmand) [#30817](https://togithub.com/nodejs/node/pull/30817) - \[[`4390674624`](https://togithub.com/nodejs/node/commit/4390674624)] - **url**: handle quasi-WHATWG URLs in urlToOptions() (Colin Ihrig) [#26226](https://togithub.com/nodejs/node/pull/26226) - \[[`dc61e09feb`](https://togithub.com/nodejs/node/commit/dc61e09feb)] - **v8**: fix load elimination liveness checks (Ben Noordhuis) [#31613](https://togithub.com/nodejs/node/pull/31613) ### [`v10.19.0`](https://togithub.com/nodejs/node/releases/v10.19.0) [Compare Source](https://togithub.com/nodejs/node/compare/v10.18.1...v10.19.0) ##### Notable changes This is a security release. Vulnerabilities fixed: - **CVE-2019-15606**: HTTP header values do not have trailing OWS trimmed. - **CVE-2019-15605**: HTTP request smuggling using malformed Transfer-Encoding header. - **CVE-2019-15604**: Remotely trigger an assertion on a TLS server with a malformed certificate string. Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the `--insecure-http-parser` command line flag, or the `insecureHTTPParser` http option. Using the insecure HTTP parser should be avoided. ##### Commits - \[[`f940bee3b7`](https://togithub.com/nodejs/node/commit/f940bee3b7)] - **crypto**: fix assertion caused by unsupported ext (Fedor Indutny) [nodejs-private/node-private#175](https://togithub.com/nodejs-private/node-private/pull/175) - \[[`49f4220ce5`](https://togithub.com/nodejs/node/commit/49f4220ce5)] - **deps**: upgrade http-parser to v2.9.3 (Sam Roberts) [nodejs-private/http-parser-private#4](https://togithub.com/nodejs-private/http-parser-private/pull/4) - \[[`a28e5cc1ed`](https://togithub.com/nodejs/node/commit/a28e5cc1ed)] - **(SEMVER-MINOR)** **deps**: upgrade http-parser to v2.9.1 (Sam Roberts) [#30471](https://togithub.com/nodejs/node/pull/30471) - \[[`0082f62d9c`](https://togithub.com/nodejs/node/commit/0082f62d9c)] - **(SEMVER-MINOR)** **http**: make --insecure-http-parser configurable per-stream or per-server (Anna Henningsen) [#31448](https://togithub.com/nodejs/node/pull/31448) - \[[`a9849c0ff6`](https://togithub.com/nodejs/node/commit/a9849c0ff6)] - **(SEMVER-MINOR)** **http**: opt-in insecure HTTP header parsing (Sam Roberts) [#30567](https://togithub.com/nodejs/node/pull/30567) - \[[`2eee90e959`](https://togithub.com/nodejs/node/commit/2eee90e959)] - **http**: strip trailing OWS from header values (Sam Roberts) [nodejs-private/node-private#191](https://togithub.com/nodejs-private/node-private/pull/191) - \[[`e2c8f89b75`](https://togithub.com/nodejs/node/commit/e2c8f89b75)] - **test**: using TE to smuggle reqs is not possible (Sam Roberts) [nodejs-private/node-private#192](https://togithub.com/nodejs-private/node-private/pull/192) - \[[`d616722f65`](https://togithub.com/nodejs/node/commit/d616722f65)] - **test**: check that --insecure-http-parser works (Sam Roberts) [#31253](https://togithub.com/nodejs/node/pull/31253)Renovate configuration
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by WhiteSource Renovate. View repository job log here.