nodejs/node (node)
### [`v9.11.2`](https://togithub.com/nodejs/node/releases/tag/v9.11.2): 2018-06-12, Version 9.11.2 (Current), @evanlucas
[Compare Source](https://togithub.com/nodejs/node/compare/v9.10.1...v9.11.2)
##### Notable Changes
- **Fixes memory exhaustion DoS** (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream.
- **buffer** (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang
- **http2**
- (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
- (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
- **tls** (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving
##### Commits
- \[[`65ed3213ca`](https://togithub.com/nodejs/node/commit/65ed3213ca)] - **deps**: update to nghttp2 1.32.0 (James M Snell) [nodejs-private/node-private#124](https://togithub.com/nodejs-private/node-private/pull/124)
- \[[`f0af3b09bd`](https://togithub.com/nodejs/node/commit/f0af3b09bd)] - **doc**: buffer.fill() can zero-fill on invalid input (Сковорода Никита Андреевич) [nodejs-private/node-private#120](https://togithub.com/nodejs-private/node-private/pull/120)
- \[[`828159fcd4`](https://togithub.com/nodejs/node/commit/828159fcd4)] - **http2**: fixup http2stream cleanup and other nits (James M Snell) [nodejs-private/node-private#122](https://togithub.com/nodejs-private/node-private/pull/122)
- \[[`be103eba41`](https://togithub.com/nodejs/node/commit/be103eba41)] - **src**: re-add `Realloc()` shrink after reading stream data (Anna Henningsen) [nodejs-private/node-private#129](https://togithub.com/nodejs-private/node-private/pull/129)
- \[[`555696df51`](https://togithub.com/nodejs/node/commit/555696df51)] - **src**: avoid hanging on Buffer#fill 0-length input (Сковорода Никита Андреевич) [nodejs-private/node-private#120](https://togithub.com/nodejs-private/node-private/pull/120)
- \[[`7684ba63c4`](https://togithub.com/nodejs/node/commit/7684ba63c4)] - **test**: add tls write error regression test (Shigeki Ohtsu) [nodejs-private/node-private#130](https://togithub.com/nodejs-private/node-private/pull/130)
- \[[`0ab90acaf3`](https://togithub.com/nodejs/node/commit/0ab90acaf3)] - **test**: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) [nodejs-private/node-private#124](https://togithub.com/nodejs-private/node-private/pull/124)
- \[[`84f23d2f12`](https://togithub.com/nodejs/node/commit/84f23d2f12)] - **tls**: fix SSL write error handling (Anna Henningsen) [nodejs-private/node-private#130](https://togithub.com/nodejs-private/node-private/pull/130)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v9.10.1
->9.11.2
Release Notes
nodejs/node (node)
### [`v9.11.2`](https://togithub.com/nodejs/node/releases/tag/v9.11.2): 2018-06-12, Version 9.11.2 (Current), @evanlucas [Compare Source](https://togithub.com/nodejs/node/compare/v9.10.1...v9.11.2) ##### Notable Changes - **Fixes memory exhaustion DoS** (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. - **buffer** (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang - **http2** - (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup - (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0 - **tls** (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving ##### Commits - \[[`65ed3213ca`](https://togithub.com/nodejs/node/commit/65ed3213ca)] - **deps**: update to nghttp2 1.32.0 (James M Snell) [nodejs-private/node-private#124](https://togithub.com/nodejs-private/node-private/pull/124) - \[[`f0af3b09bd`](https://togithub.com/nodejs/node/commit/f0af3b09bd)] - **doc**: buffer.fill() can zero-fill on invalid input (Сковорода Никита Андреевич) [nodejs-private/node-private#120](https://togithub.com/nodejs-private/node-private/pull/120) - \[[`828159fcd4`](https://togithub.com/nodejs/node/commit/828159fcd4)] - **http2**: fixup http2stream cleanup and other nits (James M Snell) [nodejs-private/node-private#122](https://togithub.com/nodejs-private/node-private/pull/122) - \[[`be103eba41`](https://togithub.com/nodejs/node/commit/be103eba41)] - **src**: re-add `Realloc()` shrink after reading stream data (Anna Henningsen) [nodejs-private/node-private#129](https://togithub.com/nodejs-private/node-private/pull/129) - \[[`555696df51`](https://togithub.com/nodejs/node/commit/555696df51)] - **src**: avoid hanging on Buffer#fill 0-length input (Сковорода Никита Андреевич) [nodejs-private/node-private#120](https://togithub.com/nodejs-private/node-private/pull/120) - \[[`7684ba63c4`](https://togithub.com/nodejs/node/commit/7684ba63c4)] - **test**: add tls write error regression test (Shigeki Ohtsu) [nodejs-private/node-private#130](https://togithub.com/nodejs-private/node-private/pull/130) - \[[`0ab90acaf3`](https://togithub.com/nodejs/node/commit/0ab90acaf3)] - **test**: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) [nodejs-private/node-private#124](https://togithub.com/nodejs-private/node-private/pull/124) - \[[`84f23d2f12`](https://togithub.com/nodejs/node/commit/84f23d2f12)] - **tls**: fix SSL write error handling (Anna Henningsen) [nodejs-private/node-private#130](https://togithub.com/nodejs-private/node-private/pull/130)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.