cloudflare/workerd
### [`v4.20230215.0`](https://togithub.com/cloudflare/workerd/compare/ae00720970b2cd9efead0fec1e2bb684cb59f5b0...35f6e039dbf4795b7c55a0f3913a66231e705e73)
[Compare Source](https://togithub.com/cloudflare/workerd/compare/ae00720970b2cd9efead0fec1e2bb684cb59f5b0...35f6e039dbf4795b7c55a0f3913a66231e705e73)
streetsidesoftware/cspell
### [`v6.26.3`](https://togithub.com/streetsidesoftware/cspell/blob/HEAD/CHANGELOG.md#6263-2023-02-16)
[Compare Source](https://togithub.com/streetsidesoftware/cspell/compare/v6.26.2...v6.26.3)
##### Bug Fixes
- Be able to read cache format from config ([#4190](https://togithub.com/streetsidesoftware/cspell/issues/4190)) ([6029893](https://togithub.com/streetsidesoftware/cspell/commit/60298938cd39669982ad1ca4293571242918761d))
### [`v6.26.2`](https://togithub.com/streetsidesoftware/cspell/blob/HEAD/CHANGELOG.md#6262-2023-02-16)
[Compare Source](https://togithub.com/streetsidesoftware/cspell/compare/v6.26.1...v6.26.2)
##### Bug Fixes
- `node:worker_threads` breaks on node 14 ([#4185](https://togithub.com/streetsidesoftware/cspell/issues/4185)) ([8654ac7](https://togithub.com/streetsidesoftware/cspell/commit/8654ac7161b0ac558e864cfc116a9ad9ce6dc32e))
nodejs/node
### [`v18.14.1`](https://togithub.com/nodejs/node/releases/tag/v18.14.1): 2023-02-16, Version 18.14.1 'Hydrogen' (LTS), @RafaelGSS prepared by @juanarbol
[Compare Source](https://togithub.com/nodejs/node/compare/v18.14.0...v18.14.1)
This is a security release.
##### Notable Changes
The following CVEs are fixed in this release:
- **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Node.js Permissions policies can be bypassed via process.mainModule (High)
- **[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919)**: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
- **[CVE-2023-23936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23936)**: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
- **[CVE-2023-24807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24807)**: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
- **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in [February 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/) blog post.
This security release includes OpenSSL security updates as outlined in the recent
[OpenSSL security advisory](https://www.openssl.org/news/secadv/20230207.txt).
##### Commits
- \[[`8393ebc72d`](https://togithub.com/nodejs/node/commit/8393ebc72d)] - **build**: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) [nodejs-private/node-private#379](https://togithub.com/nodejs-private/node-private/pull/379)
- \[[`004e34d046`](https://togithub.com/nodejs/node/commit/004e34d046)] - **crypto**: clear OpenSSL error on invalid ca cert (RafaelGSS) [#46572](https://togithub.com/nodejs/node/pull/46572)
- \[[`5e0142a852`](https://togithub.com/nodejs/node/commit/5e0142a852)] - **deps**: cherry-pick Windows ARM64 fix for openssl (Richard Lau) [#46572](https://togithub.com/nodejs/node/pull/46572)
- \[[`f71fe278a6`](https://togithub.com/nodejs/node/commit/f71fe278a6)] - **deps**: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) [#46572](https://togithub.com/nodejs/node/pull/46572)
- \[[`2c6817e42b`](https://togithub.com/nodejs/node/commit/2c6817e42b)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) [#46572](https://togithub.com/nodejs/node/pull/46572)
- \[[`f0afa0bfe5`](https://togithub.com/nodejs/node/commit/f0afa0bfe5)] - **deps**: update undici to 5.19.1 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634)
- \[[`c26a34c13e`](https://togithub.com/nodejs/node/commit/c26a34c13e)] - **deps**: update undici to 5.18.0 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634)
- \[[`db93ee4a15`](https://togithub.com/nodejs/node/commit/db93ee4a15)] - **deps**: update undici to 5.17.1 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634)
- \[[`b4e49fb02c`](https://togithub.com/nodejs/node/commit/b4e49fb02c)] - **deps**: update undici to 5.16.0 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634)
- \[[`90994e6a2c`](https://togithub.com/nodejs/node/commit/90994e6a2c)] - **deps**: update undici to 5.15.1 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634)
- \[[`00302fc7ac`](https://togithub.com/nodejs/node/commit/00302fc7ac)] - **deps**: update undici to 5.15.0 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634)
- \[[`0e3b796cc5`](https://togithub.com/nodejs/node/commit/0e3b796cc5)] - **lib**: makeRequireFunction patch when experimental policy (RafaelGSS) [nodejs-private/node-private#371](https://togithub.com/nodejs-private/node-private/pull/371)
- \[[`7cccd5565f`](https://togithub.com/nodejs/node/commit/7cccd5565f)] - **policy**: makeRequireFunction on mainModule.require (RafaelGSS) [nodejs-private/node-private#371](https://togithub.com/nodejs-private/node-private/pull/371)
Configuration
📅 Schedule: Branch creation - "every weekend" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
4.20230214.0
->4.20230215.0
6.26.1
->6.26.3
18.14.0
->18.14.1
Release Notes
cloudflare/workerd
### [`v4.20230215.0`](https://togithub.com/cloudflare/workerd/compare/ae00720970b2cd9efead0fec1e2bb684cb59f5b0...35f6e039dbf4795b7c55a0f3913a66231e705e73) [Compare Source](https://togithub.com/cloudflare/workerd/compare/ae00720970b2cd9efead0fec1e2bb684cb59f5b0...35f6e039dbf4795b7c55a0f3913a66231e705e73)streetsidesoftware/cspell
### [`v6.26.3`](https://togithub.com/streetsidesoftware/cspell/blob/HEAD/CHANGELOG.md#6263-2023-02-16) [Compare Source](https://togithub.com/streetsidesoftware/cspell/compare/v6.26.2...v6.26.3) ##### Bug Fixes - Be able to read cache format from config ([#4190](https://togithub.com/streetsidesoftware/cspell/issues/4190)) ([6029893](https://togithub.com/streetsidesoftware/cspell/commit/60298938cd39669982ad1ca4293571242918761d)) ### [`v6.26.2`](https://togithub.com/streetsidesoftware/cspell/blob/HEAD/CHANGELOG.md#6262-2023-02-16) [Compare Source](https://togithub.com/streetsidesoftware/cspell/compare/v6.26.1...v6.26.2) ##### Bug Fixes - `node:worker_threads` breaks on node 14 ([#4185](https://togithub.com/streetsidesoftware/cspell/issues/4185)) ([8654ac7](https://togithub.com/streetsidesoftware/cspell/commit/8654ac7161b0ac558e864cfc116a9ad9ce6dc32e))nodejs/node
### [`v18.14.1`](https://togithub.com/nodejs/node/releases/tag/v18.14.1): 2023-02-16, Version 18.14.1 'Hydrogen' (LTS), @RafaelGSS prepared by @juanarbol [Compare Source](https://togithub.com/nodejs/node/compare/v18.14.0...v18.14.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Node.js Permissions policies can be bypassed via process.mainModule (High) - **[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919)**: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) - **[CVE-2023-23936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23936)**: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) - **[CVE-2023-24807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24807)**: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) - **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) More detailed information on each of the vulnerabilities can be found in [February 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/) blog post. This security release includes OpenSSL security updates as outlined in the recent [OpenSSL security advisory](https://www.openssl.org/news/secadv/20230207.txt). ##### Commits - \[[`8393ebc72d`](https://togithub.com/nodejs/node/commit/8393ebc72d)] - **build**: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) [nodejs-private/node-private#379](https://togithub.com/nodejs-private/node-private/pull/379) - \[[`004e34d046`](https://togithub.com/nodejs/node/commit/004e34d046)] - **crypto**: clear OpenSSL error on invalid ca cert (RafaelGSS) [#46572](https://togithub.com/nodejs/node/pull/46572) - \[[`5e0142a852`](https://togithub.com/nodejs/node/commit/5e0142a852)] - **deps**: cherry-pick Windows ARM64 fix for openssl (Richard Lau) [#46572](https://togithub.com/nodejs/node/pull/46572) - \[[`f71fe278a6`](https://togithub.com/nodejs/node/commit/f71fe278a6)] - **deps**: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) [#46572](https://togithub.com/nodejs/node/pull/46572) - \[[`2c6817e42b`](https://togithub.com/nodejs/node/commit/2c6817e42b)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) [#46572](https://togithub.com/nodejs/node/pull/46572) - \[[`f0afa0bfe5`](https://togithub.com/nodejs/node/commit/f0afa0bfe5)] - **deps**: update undici to 5.19.1 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634) - \[[`c26a34c13e`](https://togithub.com/nodejs/node/commit/c26a34c13e)] - **deps**: update undici to 5.18.0 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634) - \[[`db93ee4a15`](https://togithub.com/nodejs/node/commit/db93ee4a15)] - **deps**: update undici to 5.17.1 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634) - \[[`b4e49fb02c`](https://togithub.com/nodejs/node/commit/b4e49fb02c)] - **deps**: update undici to 5.16.0 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634) - \[[`90994e6a2c`](https://togithub.com/nodejs/node/commit/90994e6a2c)] - **deps**: update undici to 5.15.1 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634) - \[[`00302fc7ac`](https://togithub.com/nodejs/node/commit/00302fc7ac)] - **deps**: update undici to 5.15.0 (Node.js GitHub Bot) [#46634](https://togithub.com/nodejs/node/pull/46634) - \[[`0e3b796cc5`](https://togithub.com/nodejs/node/commit/0e3b796cc5)] - **lib**: makeRequireFunction patch when experimental policy (RafaelGSS) [nodejs-private/node-private#371](https://togithub.com/nodejs-private/node-private/pull/371) - \[[`7cccd5565f`](https://togithub.com/nodejs/node/commit/7cccd5565f)] - **policy**: makeRequireFunction on mainModule.require (RafaelGSS) [nodejs-private/node-private#371](https://togithub.com/nodejs-private/node-private/pull/371)Configuration
📅 Schedule: Branch creation - "every weekend" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.