nodejs/node
### [`v19.6.1`](https://togithub.com/nodejs/node/releases/tag/v19.6.1): 2023-02-16, Version 19.6.1 (Current), @RafaelGSS
[Compare Source](https://togithub.com/nodejs/node/compare/v19.6.0...v19.6.1)
This is a security release.
##### Notable Changes
The following CVEs are fixed in this release:
- **[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919)**: OpenSSL errors not cleared in error stack (Medium)
- **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Experimental Policies bypass via `process.mainModule.require`(High)
- **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in [February 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/) blog post.
This security release includes OpenSSL security updates as outlined in the recent
[OpenSSL security advisory](https://www.openssl.org/news/secadv/20230207.txt) and `undici` security update.
##### Commits
- \[[`97d9d55d2f`](https://togithub.com/nodejs/node/commit/97d9d55d2f)] - **build**: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) [nodejs-private/node-private#374](https://togithub.com/nodejs-private/node-private/pull/374)
- \[[`8ac90e6372`](https://togithub.com/nodejs/node/commit/8ac90e6372)] - **crypto**: clear OpenSSL error on invalid ca cert (RafaelGSS) [nodejs-private/node-private#368](https://togithub.com/nodejs-private/node-private/pull/368)
- \[[`10a4c47e3a`](https://togithub.com/nodejs/node/commit/10a4c47e3a)] - **deps**: update undici to 5.19.1 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634)
- \[[`b10fc75e4a`](https://togithub.com/nodejs/node/commit/b10fc75e4a)] - **deps**: update undici to 5.18.0 (Node.js GitHub Bot) [#46502](https://togithub.com/nodejs/node/pull/46502)
- \[[`e9b64ea8b9`](https://togithub.com/nodejs/node/commit/e9b64ea8b9)] - **deps**: update undici to 5.17.1 (Node.js GitHub Bot) [#46502](https://togithub.com/nodejs/node/pull/46502)
- \[[`66a24cec47`](https://togithub.com/nodejs/node/commit/66a24cec47)] - **deps**: cherry-pick Windows ARM64 fix for openssl (Richard Lau) [#46573](https://togithub.com/nodejs/node/pull/46573)
- \[[`d8559aa6f5`](https://togithub.com/nodejs/node/commit/d8559aa6f5)] - **deps**: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) [#46573](https://togithub.com/nodejs/node/pull/46573)
- \[[`dc477f547d`](https://togithub.com/nodejs/node/commit/dc477f547d)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) [#46573](https://togithub.com/nodejs/node/pull/46573)
- \[[`2aae197670`](https://togithub.com/nodejs/node/commit/2aae197670)] - **lib**: makeRequireFunction patch when experimental policy (RafaelGSS) [nodejs-private/node-private#358](https://togithub.com/nodejs-private/node-private/pull/358)
- \[[`6d17b693ec`](https://togithub.com/nodejs/node/commit/6d17b693ec)] - **policy**: makeRequireFunction on mainModule.require (RafaelGSS) [nodejs-private/node-private#358](https://togithub.com/nodejs-private/node-private/pull/358)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
19.6.0-alpine->19.6.1-alpineRelease Notes
nodejs/node
### [`v19.6.1`](https://togithub.com/nodejs/node/releases/tag/v19.6.1): 2023-02-16, Version 19.6.1 (Current), @RafaelGSS [Compare Source](https://togithub.com/nodejs/node/compare/v19.6.0...v19.6.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - **[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919)**: OpenSSL errors not cleared in error stack (Medium) - **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Experimental Policies bypass via `process.mainModule.require`(High) - **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Insecure loading of ICU data through ICU_DATA environment variable (Low) More detailed information on each of the vulnerabilities can be found in [February 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/) blog post. This security release includes OpenSSL security updates as outlined in the recent [OpenSSL security advisory](https://www.openssl.org/news/secadv/20230207.txt) and `undici` security update. ##### Commits - \[[`97d9d55d2f`](https://togithub.com/nodejs/node/commit/97d9d55d2f)] - **build**: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) [nodejs-private/node-private#374](https://togithub.com/nodejs-private/node-private/pull/374) - \[[`8ac90e6372`](https://togithub.com/nodejs/node/commit/8ac90e6372)] - **crypto**: clear OpenSSL error on invalid ca cert (RafaelGSS) [nodejs-private/node-private#368](https://togithub.com/nodejs-private/node-private/pull/368) - \[[`10a4c47e3a`](https://togithub.com/nodejs/node/commit/10a4c47e3a)] - **deps**: update undici to 5.19.1 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634) - \[[`b10fc75e4a`](https://togithub.com/nodejs/node/commit/b10fc75e4a)] - **deps**: update undici to 5.18.0 (Node.js GitHub Bot) [#46502](https://togithub.com/nodejs/node/pull/46502) - \[[`e9b64ea8b9`](https://togithub.com/nodejs/node/commit/e9b64ea8b9)] - **deps**: update undici to 5.17.1 (Node.js GitHub Bot) [#46502](https://togithub.com/nodejs/node/pull/46502) - \[[`66a24cec47`](https://togithub.com/nodejs/node/commit/66a24cec47)] - **deps**: cherry-pick Windows ARM64 fix for openssl (Richard Lau) [#46573](https://togithub.com/nodejs/node/pull/46573) - \[[`d8559aa6f5`](https://togithub.com/nodejs/node/commit/d8559aa6f5)] - **deps**: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) [#46573](https://togithub.com/nodejs/node/pull/46573) - \[[`dc477f547d`](https://togithub.com/nodejs/node/commit/dc477f547d)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) [#46573](https://togithub.com/nodejs/node/pull/46573) - \[[`2aae197670`](https://togithub.com/nodejs/node/commit/2aae197670)] - **lib**: makeRequireFunction patch when experimental policy (RafaelGSS) [nodejs-private/node-private#358](https://togithub.com/nodejs-private/node-private/pull/358) - \[[`6d17b693ec`](https://togithub.com/nodejs/node/commit/6d17b693ec)] - **policy**: makeRequireFunction on mainModule.require (RafaelGSS) [nodejs-private/node-private#358](https://togithub.com/nodejs-private/node-private/pull/358)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.