nodejs/node
### [`v16.17.1`](https://togithub.com/nodejs/node/releases/tag/v16.17.1)
[Compare Source](https://togithub.com/nodejs/node/compare/v16.17.0...v16.17.1)
This is a security release.
##### Notable changes
The following CVEs are fixed in this release:
- **[CVE-2022-32212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212)**: DNS rebinding in --inspect on macOS (High)
- **[CVE-2022-32213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213)**: bypass via obs-fold mechanic (Medium)
- **[CVE-2022-35255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255)**: Weak randomness in WebCrypto keygen
- **[CVE-2022-35256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256)**: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
More detailed information on each of the vulnerabilities can be found in [September 22nd 2022 Security Releases](https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/) blog post.
##### Commits
- \[[`a54283a638`](https://togithub.com/nodejs/node/commit/a54283a638)] - **crypto**: fix weak randomness in WebCrypto keygen (Ben Noordhuis) [nodejs-private/node-private#346](https://togithub.com/nodejs-private/node-private/pull/346)
- \[[`0713e21240`](https://togithub.com/nodejs/node/commit/0713e21240)] - **http**: disable chunked encoding when using OBS fold is used (Paolo Insogna) [nodejs-private/node-private#341](https://togithub.com/nodejs-private/node-private/pull/341)
- \[[`77fe2f32e4`](https://togithub.com/nodejs/node/commit/77fe2f32e4)] - **src**: fix IPv4 non routable validation (RafaelGSS) [nodejs-private/node-private#337](https://togithub.com/nodejs-private/node-private/pull/337)
Configuration
š Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
š¦ Automerge: Enabled.
ā» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
š Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
16.17.0->16.17.1Release Notes
nodejs/node
### [`v16.17.1`](https://togithub.com/nodejs/node/releases/tag/v16.17.1) [Compare Source](https://togithub.com/nodejs/node/compare/v16.17.0...v16.17.1) This is a security release. ##### Notable changes The following CVEs are fixed in this release: - **[CVE-2022-32212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212)**: DNS rebinding in --inspect on macOS (High) - **[CVE-2022-32213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213)**: bypass via obs-fold mechanic (Medium) - **[CVE-2022-35255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255)**: Weak randomness in WebCrypto keygen - **[CVE-2022-35256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256)**: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium) More detailed information on each of the vulnerabilities can be found in [September 22nd 2022 Security Releases](https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/) blog post. ##### Commits - \[[`a54283a638`](https://togithub.com/nodejs/node/commit/a54283a638)] - **crypto**: fix weak randomness in WebCrypto keygen (Ben Noordhuis) [nodejs-private/node-private#346](https://togithub.com/nodejs-private/node-private/pull/346) - \[[`0713e21240`](https://togithub.com/nodejs/node/commit/0713e21240)] - **http**: disable chunked encoding when using OBS fold is used (Paolo Insogna) [nodejs-private/node-private#341](https://togithub.com/nodejs-private/node-private/pull/341) - \[[`77fe2f32e4`](https://togithub.com/nodejs/node/commit/77fe2f32e4)] - **src**: fix IPv4 non routable validation (RafaelGSS) [nodejs-private/node-private#337](https://togithub.com/nodejs-private/node-private/pull/337)Configuration
š Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
š¦ Automerge: Enabled.
ā» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
š Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.