Closed renovate[bot] closed 3 years ago
This PR contains the following updates:
12.16.3
12.20.2
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Enabled.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
:tada: This PR is included in version 1.1.6 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
This PR contains the following updates:
12.16.3
->12.20.2
Release Notes
nodejs/node
### [`v12.20.2`](https://togithub.com/nodejs/node/releases/v12.20.2) [Compare Source](https://togithub.com/nodejs/node/compare/v12.20.1...v12.20.2) ##### Notable changes - **deps**: - upgrade npm to 6.14.11 (Ruy Adorno) [#37173](https://togithub.com/nodejs/node/pull/37173) ##### Commits - \[[`e8a4e560ea`](https://togithub.com/nodejs/node/commit/e8a4e560ea)] - **async_hooks**: fix leak in AsyncLocalStorage exit (Stephen Belanger) [#35779](https://togithub.com/nodejs/node/pull/35779) - \[[`427968d266`](https://togithub.com/nodejs/node/commit/427968d266)] - **deps**: upgrade npm to 6.14.11 (Ruy Adorno) [#37173](https://togithub.com/nodejs/node/pull/37173) - \[[`cd9a8106be`](https://togithub.com/nodejs/node/commit/cd9a8106be)] - **http**: do not loop over prototype in Agent (Michaël Zasso) [#36410](https://togithub.com/nodejs/node/pull/36410) - \[[`4ac8f37800`](https://togithub.com/nodejs/node/commit/4ac8f37800)] - **http2**: check write not scheduled in scope destructor (David Halls) [#36241](https://togithub.com/nodejs/node/pull/36241) ### [`v12.20.1`](https://togithub.com/nodejs/node/releases/v12.20.1) [Compare Source](https://togithub.com/nodejs/node/compare/v12.20.0...v12.20.1) ##### Notable changes This is a security release. Vulnerabilities fixed: - **CVE-2020-8265**: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits - **CVE-2020-8287**: HTTP Request Smuggling in nodejs Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (Renovate configuration
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Enabled.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.