Open renovate[bot] opened 1 year ago
This PR contains the following updates:
^17.7.1
^17.8.1
^17.7.0
^6.7.0
^6.8.0
^4.0.6
^4.8.0
^8.57.0
^8.57.1
^4.4.1
^4.9.0
^3.0.1
^3.0.2
16
16.20.2
^17.1.0
^17.1.2
^3.17.4
^3.19.3
📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.
This PR contains the following updates:
^17.7.1->^17.8.1^17.7.0->^17.8.1^6.7.0->^6.8.0^4.0.6->^4.8.0^8.57.0->^8.57.1^4.4.1->^4.9.0^3.0.1->^3.0.216->16.20.216->16.20.2^17.1.0->^17.1.2^3.17.4->^3.19.3Release Notes
googleapis/nodejs-firestore (@google-cloud/firestore)
### [`v6.8.0`](https://redirect.github.com/googleapis/nodejs-firestore/blob/HEAD/CHANGELOG.md#680-2023-09-26) [Compare Source](https://redirect.github.com/googleapis/nodejs-firestore/compare/v6.7.0...v6.8.0) ##### Features - Publish proto definitions for SUM/AVG in Firestore ([#1856](https://redirect.github.com/googleapis/nodejs-firestore/issues/1856)) ([ac35b37](https://redirect.github.com/googleapis/nodejs-firestore/commit/ac35b372faf32f093d83af18d487f1b3f23ee673)) ##### Bug Fixes - **deps:** Use protobufjs v7.2.5 ([#1889](https://redirect.github.com/googleapis/nodejs-firestore/pull/1889)) - Add tests for multiple inequality support ([#1878](https://redirect.github.com/googleapis/nodejs-firestore/issues/1878)) ([8e621d5](https://redirect.github.com/googleapis/nodejs-firestore/commit/8e621d580396b7e3bc7e42dad0c63f91e999411f))googleapis/nodejs-pubsub (@google-cloud/pubsub)
### [`v4.8.0`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#480-2024-10-15) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.7.2...v4.8.0) ##### Features - Add ingestion Cloud Storage fields and Platform Logging fields to Topic ([#1974](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1974)) ([afec9a1](https://redirect.github.com/googleapis/nodejs-pubsub/commit/afec9a1ad3f665a71f08e748623f0fdaa332d17b)) - Return listing information for subscriptions created via Analytics Hub ([afec9a1](https://redirect.github.com/googleapis/nodejs-pubsub/commit/afec9a1ad3f665a71f08e748623f0fdaa332d17b)) ### [`v4.7.2`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#472-2024-09-13) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.7.1...v4.7.2) ##### Bug Fixes - Set MaxBytes for AckQueue ([#1963](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1963)) ([5945563](https://redirect.github.com/googleapis/nodejs-pubsub/commit/594556315f159f4197ffc0e7249ce1b0339c12ec)) ### [`v4.7.1`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#471-2024-08-26) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.7.0...v4.7.1) ##### Bug Fixes - **deps:** Update dependency [@opentelemetry/semantic-conventions](https://redirect.github.com/opentelemetry/semantic-conventions) to ~1.26.0 ([#1945](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1945)) ([f082869](https://redirect.github.com/googleapis/nodejs-pubsub/commit/f082869a185c059463654c76c744e44e7b28415e)) - **deps:** Update dependency protobufjs to ~7.4.0 ([#1959](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1959)) ([25946e0](https://redirect.github.com/googleapis/nodejs-pubsub/commit/25946e0d4fe794202984cdad6cf48121f72063cf)) - Propagate set options to LeaseManager (from [https://github.com/googleapis/nodejs-pubsub/pull/1880](https://redirect.github.com/googleapis/nodejs-pubsub/pull/1880)) ([#1954](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1954)) ([cdb0916](https://redirect.github.com/googleapis/nodejs-pubsub/commit/cdb0916bd30da67f5153c9aead09e7f505954253)) ### [`v4.7.0`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#470-2024-08-24) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.6.0...v4.7.0) ##### Features - Add support for OTel context propagation and harmonized spans ([#1833](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1833)) ([4b5c90d](https://redirect.github.com/googleapis/nodejs-pubsub/commit/4b5c90dc334e90cefb4da3c6fe9ce027b50aacb8)) ### [`v4.6.0`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#460-2024-07-12) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.5.0...v4.6.0) ##### Features - Add max messages batching for Cloud Storage subscriptions ([#1956](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1956)) ([90546f6](https://redirect.github.com/googleapis/nodejs-pubsub/commit/90546f634cc4e510185e20a4d1ba1c74ebc59b85)) - Add use_topic_schema for Cloud Storage Subscriptions ([#1948](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1948)) ([120fa1b](https://redirect.github.com/googleapis/nodejs-pubsub/commit/120fa1bca0516185e109260c69ea91eb7ddeecd0)) ##### Bug Fixes - **docs samples:** Update missing argv in sample metadata for push subscription ([#1946](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1946)) ([34b8c03](https://redirect.github.com/googleapis/nodejs-pubsub/commit/34b8c03f90618ba6ae506764b9d97d9db84dcada)) ### [`v4.5.0`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#450-2024-06-11) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.4.1...v4.5.0) ##### Features - Add service_account_email for export subscriptions ([#1927](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1927)) ([c532854](https://redirect.github.com/googleapis/nodejs-pubsub/commit/c53285473c2c0973baf5932e52d2d135958c6948)) ### [`v4.4.1`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#441-2024-05-30) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.4.0...v4.4.1) ##### Bug Fixes - An existing message `UpdateVehicleLocationRequest` is removed ([5451d15](https://redirect.github.com/googleapis/nodejs-pubsub/commit/5451d150e77d46a475e7a8e150a7f6b5d04d6448)) - An existing method `SearchFuzzedVehicles` is removed from service `VehicleService` ([5451d15](https://redirect.github.com/googleapis/nodejs-pubsub/commit/5451d150e77d46a475e7a8e150a7f6b5d04d6448)) - An existing method `UpdateVehicleLocation` is removed from service `VehicleService` ([5451d15](https://redirect.github.com/googleapis/nodejs-pubsub/commit/5451d150e77d46a475e7a8e150a7f6b5d04d6448)) - **deps:** Update dependency protobufjs to ~7.3.0 ([#1921](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1921)) ([c5afd34](https://redirect.github.com/googleapis/nodejs-pubsub/commit/c5afd3400cc8ff9f920b4b232c4e4a5fb41eb07b)) - Pull in new gax for protobufjs vuln fix ([#1925](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1925)) ([8024c6d](https://redirect.github.com/googleapis/nodejs-pubsub/commit/8024c6d2e4ce69f97fd8b64bb9f076e33d47c662)) ### [`v4.4.0`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#440-2024-05-03) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.3.3...v4.4.0) ##### Features - Add several fields to manage state of database encryption update ([#1904](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1904)) ([aba9aee](https://redirect.github.com/googleapis/nodejs-pubsub/commit/aba9aee0c8ecc840c150aa077892b7bb88f18eca)) ##### Bug Fixes - **deps:** Update dependency [@types/long](https://redirect.github.com/types/long) to v5 ([#1901](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1901)) ([d13d395](https://redirect.github.com/googleapis/nodejs-pubsub/commit/d13d395341efacf926a126bf756873922f6bbab7)) ### [`v4.3.3`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#433-2024-03-03) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.3.2...v4.3.3) ##### Bug Fixes - Add client library version to headers ([#1891](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1891)) ([6b59195](https://redirect.github.com/googleapis/nodejs-pubsub/commit/6b59195aed8b6c6576e50512aeca9123ad0cc016)) ### [`v4.3.2`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#432-2024-02-13) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.3.1...v4.3.2) ##### Bug Fixes - Update minimum google-gax versions for auth fixes ([#1888](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1888)) ([08acade](https://redirect.github.com/googleapis/nodejs-pubsub/commit/08acadee042c6a3b85344575d5d0be09ae6e4202)) ### [`v4.3.1`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#431-2024-02-08) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.3.0...v4.3.1) ##### Bug Fixes - Add option to manually control emulator auth handling, and fix heuristics for TPC ([#1861](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1861)) ([761cdc8](https://redirect.github.com/googleapis/nodejs-pubsub/commit/761cdc898c69715e6775d2f5913ead1fca2def02)) ### [`v4.3.0`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#430-2024-02-05) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.2.0...v4.3.0) ##### Features - Trusted Private Cloud support, use the universeDomain parameter ([#1878](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1878)) ([d89fd1d](https://redirect.github.com/googleapis/nodejs-pubsub/commit/d89fd1d90b352f0cc7a50a72c5fec4aab6660f8f)) ##### Bug Fixes - Updated google-gax required for TPC ([#1882](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1882)) ([1445856](https://redirect.github.com/googleapis/nodejs-pubsub/commit/144585699595b97f1a4cc28551e45fe23305f480)) ### [`v4.2.0`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#420-2024-02-01) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.1.1...v4.2.0) ##### Features - Add enforce_in_transit fields and optional annotations ([#1873](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1873)) ([09fc424](https://redirect.github.com/googleapis/nodejs-pubsub/commit/09fc4241c8782d2f60c1a78dda316628eca5f751)) - Add schema revision samples ([#1870](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1870)) ([044e149](https://redirect.github.com/googleapis/nodejs-pubsub/commit/044e1494d82fd64010f7c6f872982d659e753499)) ##### Bug Fixes - **deps:** Update dependency [@opentelemetry/semantic-conventions](https://redirect.github.com/opentelemetry/semantic-conventions) to ~1.20.0 ([#1871](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1871)) ([2ee0dba](https://redirect.github.com/googleapis/nodejs-pubsub/commit/2ee0dba67e6d66d9a678796de6172bcafd28796b)) - **deps:** Update dependency [@opentelemetry/semantic-conventions](https://redirect.github.com/opentelemetry/semantic-conventions) to ~1.21.0 ([#1876](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1876)) ([0fe61a9](https://redirect.github.com/googleapis/nodejs-pubsub/commit/0fe61a95b3bfc21bd1a5176c7fbd7f822ece5a5c)) ### [`v4.1.1`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#411-2024-01-05) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.1.0...v4.1.1) ##### Bug Fixes - Correct long audio synthesis HTTP binding ([#1867](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1867)) ([65940a4](https://redirect.github.com/googleapis/nodejs-pubsub/commit/65940a40fe8f2301690d26f769571a198f747dd3)) - **deps:** Update dependency [@opentelemetry/semantic-conventions](https://redirect.github.com/opentelemetry/semantic-conventions) to ~1.19.0 ([#1862](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1862)) ([92259f5](https://redirect.github.com/googleapis/nodejs-pubsub/commit/92259f5bffee05036f1746990b021299ea3ea4e7)) ### [`v4.1.0`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#410-2023-12-04) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.0.7...v4.1.0) ##### Features - Add `use_table_schema` field to BigQueryConfig ([#1858](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1858)) ([2875d83](https://redirect.github.com/googleapis/nodejs-pubsub/commit/2875d8383831563e5b748e96094faa94bf25fc15)) ### [`v4.0.7`](https://redirect.github.com/googleapis/nodejs-pubsub/blob/HEAD/CHANGELOG.md#407-2023-11-09) [Compare Source](https://redirect.github.com/googleapis/nodejs-pubsub/compare/v4.0.6...v4.0.7) ##### Bug Fixes - **deps:** Update dependency [@opentelemetry/semantic-conventions](https://redirect.github.com/opentelemetry/semantic-conventions) to ~1.18.0 ([#1852](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1852)) ([d9a0432](https://redirect.github.com/googleapis/nodejs-pubsub/commit/d9a0432a37c6d741c9694a5bcff047f4c85b2feb)) - Set x-goog-request-params for streaming pull request ([#1849](https://redirect.github.com/googleapis/nodejs-pubsub/issues/1849)) ([7b82ff0](https://redirect.github.com/googleapis/nodejs-pubsub/commit/7b82ff01e5c654b3e339dfdec5b3da8bf45da049))eslint/eslint (eslint)
### [`v8.57.1`](https://redirect.github.com/eslint/eslint/compare/v8.57.0...5b9414c501c58bfa85f41f96f821973c41e8ae74) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v8.57.0...v8.57.1)firebase/firebase-functions (firebase-functions)
### [`v4.9.0`](https://redirect.github.com/firebase/firebase-functions/releases/tag/v4.9.0) [Compare Source](https://redirect.github.com/firebase/firebase-functions/compare/v4.8.2...v4.9.0) - Add new 2nd gen Firestore auth context triggers. ([#1519](https://redirect.github.com/firebase/firebase-functions/issues/1519)) ### [`v4.8.2`](https://redirect.github.com/firebase/firebase-functions/releases/tag/v4.8.2) [Compare Source](https://redirect.github.com/firebase/firebase-functions/compare/v4.8.1...v4.8.2) Fix bug with CORS options for an array of one string ([#1544](https://redirect.github.com/firebase/firebase-functions/issues/1544)) ### [`v4.8.1`](https://redirect.github.com/firebase/firebase-functions/releases/tag/v4.8.1) [Compare Source](https://redirect.github.com/firebase/firebase-functions/compare/v4.8.0...v4.8.1) Fix bug where 1st gen functions eventually fail with stack too deep ([#1540](https://redirect.github.com/firebase/firebase-functions/issues/1540)) Make simple CORS options static for improved debugability ([#1536](https://redirect.github.com/firebase/firebase-functions/issues/1536)) ### [`v4.8.0`](https://redirect.github.com/firebase/firebase-functions/releases/tag/v4.8.0) [Compare Source](https://redirect.github.com/firebase/firebase-functions/compare/v4.7.0...v4.8.0) Add onInit callback function for global variable initialization ([#1531](https://redirect.github.com/firebase/firebase-functions/issues/1531)) ### [`v4.7.0`](https://redirect.github.com/firebase/firebase-functions/releases/tag/v4.7.0) [Compare Source](https://redirect.github.com/firebase/firebase-functions/compare/v4.6.0...v4.7.0) - Fixes access on deeply nested, nonexistent property. ([#1432](https://redirect.github.com/firebase/firebase-functions/issues/1432)) - Add IteratedDataSnapshot interface to match with firebase admin v12 ([#1517](https://redirect.github.com/firebase/firebase-functions/issues/1517)). - Make bucket parameterizeable in storage functions ([#1518](https://redirect.github.com/firebase/firebase-functions/issues/1518)) - Introduce helper library for select and multi-select input ([#1518](https://redirect.github.com/firebase/firebase-functions/issues/1518)) ### [`v4.6.0`](https://redirect.github.com/firebase/firebase-functions/releases/tag/v4.6.0) [Compare Source](https://redirect.github.com/firebase/firebase-functions/compare/v4.5.0...v4.6.0) - Wrap 2nd gen onCall functions with trace context. ([#1491](https://redirect.github.com/firebase/firebase-functions/issues/1491)) - Bump peer depdencies for firebase-admin to support 12.0.0. ([#1509](https://redirect.github.com/firebase/firebase-functions/issues/1509)) ### [`v4.5.0`](https://redirect.github.com/firebase/firebase-functions/releases/tag/v4.5.0) [Compare Source](https://redirect.github.com/firebase/firebase-functions/compare/v4.4.1...v4.5.0) - Remove HTTP server shutdown message. ([#1457](https://redirect.github.com/firebase/firebase-functions/issues/1457)) - Add features to task queue functions. ([#1423](https://redirect.github.com/firebase/firebase-functions/issues/1423)) - Add traces to V2 Firestore trigger logs. ([#1440](https://redirect.github.com/firebase/firebase-functions/issues/1440)) - Fix incorrectly parsed timestamps in auth blocking functions. ([#1472](https://redirect.github.com/firebase/firebase-functions/issues/1472)) - Add recaptcha verdict support for auth blocking functions ([#1458](https://redirect.github.com/firebase/firebase-functions/issues/1458))form-data/form-data (form-data)
### [`v3.0.2`](https://redirect.github.com/form-data/form-data/releases/tag/v3.0.2) [Compare Source](https://redirect.github.com/form-data/form-data/compare/v3.0.1...v3.0.2) ##### Fixes - npmignore temporary build files ([#532](https://redirect.github.com/form-data/form-data/issues/532)) - move util.isArray to Array.isArray ([#564](https://redirect.github.com/form-data/form-data/issues/564)) ##### Tests - migrate from travis to GHAnodejs/node (node)
### [`v16.20.2`](https://redirect.github.com/nodejs/node/releases/tag/v16.20.2): 2023-08-09, Version 16.20.2 'Gallium' (LTS), @RafaelGSS [Compare Source](https://redirect.github.com/nodejs/node/compare/v16.20.1...v16.20.2) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002): Policies can be bypassed via Module.\_load (High) - [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006): Policies can be bypassed by module.constructor.createRequire (Medium) - [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559): Policies can be bypassed via process.binding (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html). - [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html). - [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html) More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/) blog post. ##### Commits - \[[`40c3958a5a`](https://redirect.github.com/nodejs/node/commit/40c3958a5a)] - **deps**: update archs files for OpenSSL-1.1.1v (RafaelGSS) [#49043](https://redirect.github.com/nodejs/node/pull/49043) - \[[`a9ac9da89a`](https://redirect.github.com/nodejs/node/commit/a9ac9da89a)] - **deps**: fix openssl crypto clean (RafaelGSS) [#49043](https://redirect.github.com/nodejs/node/pull/49043) - \[[`362d4c7494`](https://redirect.github.com/nodejs/node/commit/362d4c7494)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1v (RafaelGSS) [#49043](https://redirect.github.com/nodejs/node/pull/49043) - \[[`d8ccfe9ad4`](https://redirect.github.com/nodejs/node/commit/d8ccfe9ad4)] - **policy**: handle Module.constructor and main.extensions bypass (RafaelGSS) [nodejs-private/node-private#445](https://redirect.github.com/nodejs-private/node-private/pull/445) - \[[`242aaa0caa`](https://redirect.github.com/nodejs/node/commit/242aaa0caa)] - **policy**: disable process.binding() when enabled (Tobias Nießen) [nodejs-private/node-private#459](https://redirect.github.com/nodejs-private/node-private/pull/459) ### [`v16.20.1`](https://redirect.github.com/nodejs/node/releases/tag/v16.20.1): 2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSS [Compare Source](https://redirect.github.com/nodejs/node/compare/v16.20.0...v16.20.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) - [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) - [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium) - [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium) - [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt). - [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt). - [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt) - c-ares vulnerabilities: - [GHSA-9g78-jv2r-p7vc](https://redirect.github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc) - [GHSA-8r8p-23f3-64c2](https://redirect.github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2) - [GHSA-54xr-f67r-4pc4](https://redirect.github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4) - [GHSA-x6mf-cxr9-8q6v](https://redirect.github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v) More detailed information on each of the vulnerabilities can be found in [June 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/) blog post. ##### Commits - \[[`5a92ea7a3b`](https://redirect.github.com/nodejs/node/commit/5a92ea7a3b)] - **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen) - \[[`5df04e893a`](https://redirect.github.com/nodejs/node/commit/5df04e893a)] - **deps**: set `CARES_RANDOM_FILE` for c-ares (Richard Lau) [#48156](https://redirect.github.com/nodejs/node/pull/48156) - \[[`c171cbd124`](https://redirect.github.com/nodejs/node/commit/c171cbd124)] - **deps**: update c-ares to 1.19.1 (RafaelGSS) [#48115](https://redirect.github.com/nodejs/node/pull/48115) - \[[`155d3aac02`](https://redirect.github.com/nodejs/node/commit/155d3aac02)] - **deps**: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) [#48369](https://redirect.github.com/nodejs/node/pull/48369) - \[[`8d4c8f8ebe`](https://redirect.github.com/nodejs/node/commit/8d4c8f8ebe)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1u (RafaelGSS) [#48369](https://redirect.github.com/nodejs/node/pull/48369) - \[[`1a5c9284eb`](https://redirect.github.com/nodejs/node/commit/1a5c9284eb)] - **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen) [nodejs-private/node-private#426](https://redirect.github.com/nodejs-private/node-private/pull/426) - \[[`e42ff4b018`](https://redirect.github.com/nodejs/node/commit/e42ff4b018)] - **http**: disable request smuggling via empty headers (Paolo Insogna) [nodejs-private/node-private#429](https://redirect.github.com/nodejs-private/node-private/pull/429) - \[[`10042683c8`](https://redirect.github.com/nodejs/node/commit/10042683c8)] - **msi**: do not create AppData\Roaming\npm (Tobias Nießen) [nodejs-private/node-private#408](https://redirect.github.com/nodejs-private/node-private/pull/408) - \[[`a6f4e87bc9`](https://redirect.github.com/nodejs/node/commit/a6f4e87bc9)] - **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS) [nodejs-private/node-private#416](https://redirect.github.com/nodejs-private/node-private/pull/416) - \[[`b77000f4d7`](https://redirect.github.com/nodejs/node/commit/b77000f4d7)] - **test**: allow SIGBUS in signal-handler abort test (Michaël Zasso) [#47851](https://redirect.github.com/nodejs/node/pull/47851) ### [`v16.20.0`](https://redirect.github.com/nodejs/node/releases/tag/v16.20.0): 2023-03-29, Version 16.20.0 'Gallium' (LTS), @BethGriggs [Compare Source](https://redirect.github.com/nodejs/node/compare/v16.19.1...v16.20.0) ##### Notable Changes - **deps:** - update undici to 5.20.0 (Node.js GitHub Bot) [#46711](https://redirect.github.com/nodejs/node/pull/46711) - update c-ares to 1.19.0 (Michaël Zasso) [#46415](https://redirect.github.com/nodejs/node/pull/46415) - upgrade npm to 8.19.4 (npm team) [#46677](https://redirect.github.com/nodejs/node/pull/46677) - update corepack to 0.17.0 (Node.js GitHub Bot) [#46842](https://redirect.github.com/nodejs/node/pull/46842) - **(SEMVER-MINOR)** **src**: add support for externally shared js builtins (Michael Dawson) [#44376](https://redirect.github.com/nodejs/node/pull/44376) ##### Commits - \[[`de6dd67790`](https://redirect.github.com/nodejs/node/commit/de6dd67790)] - **crypto**: avoid hang when no algorithm available (Richard Lau) [#46237](https://redirect.github.com/nodejs/node/pull/46237) - \[[`4617512788`](https://redirect.github.com/nodejs/node/commit/4617512788)] - **crypto**: ensure auth tag set for chacha20-poly1305 (Ben Noordhuis) [#46185](https://redirect.github.com/nodejs/node/pull/46185) - \[[`24972164fc`](https://redirect.github.com/nodejs/node/commit/24972164fc)] - **deps**: update undici to 5.20.0 (Node.js GitHub Bot) [#46711](https://redirect.github.com/nodejs/node/pull/46711) - \[[`85f88c6a8d`](https://redirect.github.com/nodejs/node/commit/85f88c6a8d)] - **deps**: V8: cherry-pick [`90be99f`](https://redirect.github.com/nodejs/node/commit/90be99fab31c) (Michaël Zasso) [#46646](https://redirect.github.com/nodejs/node/pull/46646) - \[[`b4ebe6d47b`](https://redirect.github.com/nodejs/node/commit/b4ebe6d47b)] - **deps**: update c-ares to 1.19.0 (Michaël Zasso) [#46415](https://redirect.github.com/nodejs/node/pull/46415) - \[[`56cbc7fdda`](https://redirect.github.com/nodejs/node/commit/56cbc7fdda)] - **deps**: V8: cherry-pick [`c2792e5`](https://redirect.github.com/nodejs/node/commit/c2792e58035f) (Jiawen Geng) [#44961](https://redirect.github.com/nodejs/node/pull/44961) - \[[`7af9bdb31e`](https://redirect.github.com/nodejs/node/commit/7af9bdb31e)] - **deps**: upgrade npm to 8.19.4 (npm team) [#46677](https://redirect.github.com/nodejs/node/pull/46677) - \[[`962a7471b5`](https://redirect.github.com/nodejs/node/commit/962a7471b5)] - **deps**: update corepack to 0.17.0 (Node.js GitHub Bot) [#46842](https://redirect.github.com/nodejs/node/pull/46842) - \[[`748bc96e35`](https://redirect.github.com/nodejs/node/commit/748bc96e35)] - **deps**: update corepack to 0.16.0 (Node.js GitHub Bot) [#46710](https://redirect.github.com/nodejs/node/pull/46710) - \[[`a467782499`](https://redirect.github.com/nodejs/node/commit/a467782499)] - **deps**: update corepack to 0.15.3 (Node.js GitHub Bot) [#46037](https://redirect.github.com/nodejs/node/pull/46037) - \[[`1913b6763d`](https://redirect.github.com/nodejs/node/commit/1913b6763d)] - **deps**: update corepack to 0.15.2 (Node.js GitHub Bot) [#45635](https://redirect.github.com/nodejs/node/pull/45635) - \[[`809371a15f`](https://redirect.github.com/nodejs/node/commit/809371a15f)] - **module**: require.resolve.paths returns null with node schema (MURAKAMI Masahiko) [#45147](https://redirect.github.com/nodejs/node/pull/45147) - \[[`086bb2f8d4`](https://redirect.github.com/nodejs/node/commit/086bb2f8d4)] - ***Revert*** "**src**: let http2 streams end after session close" (Rich Trott) [#46721](https://redirect.github.com/nodejs/node/pull/46721) - \[[`6a01d39120`](https://redirect.github.com/nodejs/node/commit/6a01d39120)] - **(SEMVER-MINOR)** **src**: add support for externally shared js builtins (Michael Dawson) [#44376](https://redirect.github.com/nodejs/node/pull/44376) - \[[`d081032a60`](https://redirect.github.com/nodejs/node/commit/d081032a60)] - **test**: fix test-net-connect-reset-until-connected (Vita Batrla) [#46781](https://redirect.github.com/nodejs/node/pull/46781) - \[[`efe1be47ec`](https://redirect.github.com/nodejs/node/commit/efe1be47ec)] - **test**: skip test depending on `overlapped-checker` when not available (Antoine du Hamel) [#45015](https://redirect.github.com/nodejs/node/pull/45015) - \[[`fc47d58abe`](https://redirect.github.com/nodejs/node/commit/fc47d58abe)] - **test**: remove cjs loader from stack traces (Geoffrey Booth) [#44197](https://redirect.github.com/nodejs/node/pull/44197) - \[[`cf76d0790d`](https://redirect.github.com/nodejs/node/commit/cf76d0790d)] - **test**: fix WPT title when no META title is present (Filip Skokan) [#46804](https://redirect.github.com/nodejs/node/pull/46804) - \[[`0d1485b924`](https://redirect.github.com/nodejs/node/commit/0d1485b924)] - **test**: fix default WPT titles (Filip Skokan) [#46778](https://redirect.github.com/nodejs/node/pull/46778) - \[[`088e9cde3d`](https://redirect.github.com/nodejs/node/commit/088e9cde3d)] - **test**: add WPTRunner support for variants and generating WPT reports (Filip Skokan) [#46498](https://redirect.github.com/nodejs/node/pull/46498) - \[[`908c4dff44`](https://redirect.github.com/nodejs/node/commit/908c4dff44)] - **test**: mark test-crypto-key-objects flaky on Linux (Richard Lau) [#46684](https://redirect.github.com/nodejs/node/pull/46684) - \[[`768e56227e`](https://redirect.github.com/nodejs/node/commit/768e56227e)] - **tools**: make `utils.SearchFiles` deterministic (Bruno Pitrus) [#44496](https://redirect.github.com/nodejs/node/pull/44496) ### [`v16.19.1`](https://redirect.github.com/nodejs/node/releases/tag/v16.19.1): 2023-02-16, Version 16.19.1 'Gallium' (LTS), @richardlau [Compare Source](https://redirect.github.com/nodejs/node/compare/v16.19.0...v16.19.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Node.js Permissions policies can be bypassed via process.mainModule (High) - **[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919)**: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) - **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) Fixed by an update to undici: - **[CVE-2023-23936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23936)**: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) - SeeConfiguration
📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.