Closed renovate[bot] closed 4 months ago
This PR contains the following updates:
20.15.0
20.15.1
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
Thanks for the PR!
Deployments, as required, will be available below:
Please create PRs in draft mode. Mark as ready to enable:
After merge, new images are deployed in:
This PR contains the following updates:
20.15.0->20.15.1Release Notes
nodejs/node (node)
### [`v20.15.1`](https://togithub.com/nodejs/node/releases/tag/v20.15.1): 2024-07-08, Version 20.15.1 'Iron' (LTS), @RafaelGSS [Compare Source](https://togithub.com/nodejs/node/compare/v20.15.0...v20.15.1) This is a security release. ##### Notable Changes - CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) - CVE-2024-22020 - Bypass network import restriction via data URL (Medium) - CVE-2024-22018 - fs.lstat bypasses permission model (Low) - CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low) - CVE-2024-37372 - Permission model improperly processes UNC paths (Low) ##### Commits - \[[`60e184a6e4`](https://togithub.com/nodejs/node/commit/60e184a6e4)] - **lib,esm**: handle bypass network-import via data: (RafaelGSS) [nodejs-private/node-private#522](https://togithub.com/nodejs-private/node-private/pull/522) - \[[`025cbd6936`](https://togithub.com/nodejs/node/commit/025cbd6936)] - **lib,permission**: support fs.lstat (RafaelGSS) [nodejs-private/node-private#486](https://togithub.com/nodejs-private/node-private/pull/486) - \[[`d38ea17341`](https://togithub.com/nodejs/node/commit/d38ea17341)] - **lib,permission**: disable fchmod/fchown when pm enabled (RafaelGSS) [nodejs-private/node-private#584](https://togithub.com/nodejs-private/node-private/pull/584) - \[[`1ba624cd3b`](https://togithub.com/nodejs/node/commit/1ba624cd3b)] - **src**: handle permissive extension on cmd check (RafaelGSS) [nodejs-private/node-private#596](https://togithub.com/nodejs-private/node-private/pull/596) - \[[`2524d00c3d`](https://togithub.com/nodejs/node/commit/2524d00c3d)] - **src,permission**: fix UNC path resolution (RafaelGSS) [nodejs-private/node-private#581](https://togithub.com/nodejs-private/node-private/pull/581) - \[[`484cb0f13c`](https://togithub.com/nodejs/node/commit/484cb0f13c)] - **src,permission**: resolve path on fs_permission (Rafael Gonzaga) [#52761](https://togithub.com/nodejs/node/pull/52761)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
Thanks for the PR!
Deployments, as required, will be available below:
Please create PRs in draft mode. Mark as ready to enable:
After merge, new images are deployed in: