conventional-changelog/commitlint (@commitlint/config-conventional)
### [`v17.6.6`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@commitlint/config-conventional/CHANGELOG.md#1766-httpsgithubcomconventional-changelogcommitlintcomparev1765v1766-2023-06-24)
[Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v17.6.5...v17.6.6)
**Note:** Version bump only for package [@commitlint/config-conventional](https://togithub.com/commitlint/config-conventional)
stryker-mutator/stryker-js (@stryker-mutator/core)
### [`v7.1.0`](https://togithub.com/stryker-mutator/stryker-js/blob/HEAD/packages/core/CHANGELOG.md#710-httpsgithubcomstryker-mutatorstryker-jscomparev702v710-2023-06-24)
[Compare Source](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.2...v7.1.0)
##### Bug Fixes
- **deps:** update dependency commander to v11 ([#4304](https://togithub.com/stryker-mutator/stryker-js/issues/4304)) ([f9d5673](https://togithub.com/stryker-mutator/stryker-js/commit/f9d567383584929da43b8dec99d4ac9b2762cb11))
- **deps:** update dependency glob to v10.3.0 ([#4321](https://togithub.com/stryker-mutator/stryker-js/issues/4321)) ([72615b6](https://togithub.com/stryker-mutator/stryker-js/commit/72615b66517ab053df040a6cfbecc20da478e8b6))
##### Features
- **init:** use registry.npmjs.com for queries ([#4298](https://togithub.com/stryker-mutator/stryker-js/issues/4298)) ([a952edf](https://togithub.com/stryker-mutator/stryker-js/commit/a952edf7795aecc8119215d1a8662c61b917dc0b))
- **init:** use vitest runner for vue projects ([#4327](https://togithub.com/stryker-mutator/stryker-js/issues/4327)) ([ab7313d](https://togithub.com/stryker-mutator/stryker-js/commit/ab7313d113b8144e25401e33c3f29b1b82e5db45))
#### [7.0.2](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.1...v7.0.2) (2023-06-08)
##### Bug Fixes
- **deps:** update dependency get-port to v7 ([#4260](https://togithub.com/stryker-mutator/stryker-js/issues/4260)) ([c9d384c](https://togithub.com/stryker-mutator/stryker-js/commit/c9d384c5894cf22c61eb108629a3caf7a77208e4))
- **deps:** update dependency tslib to v2.5.3 ([#4255](https://togithub.com/stryker-mutator/stryker-js/issues/4255)) ([8084d15](https://togithub.com/stryker-mutator/stryker-js/commit/8084d15ded945958ac3b5b27935cc2f3822f5bc8))
#### [7.0.1](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.0...v7.0.1) (2023-06-03)
**Note:** Version bump only for package [@stryker-mutator/core](https://togithub.com/stryker-mutator/core)
stryker-mutator/stryker-js (@stryker-mutator/mocha-runner)
### [`v7.1.0`](https://togithub.com/stryker-mutator/stryker-js/blob/HEAD/packages/mocha-runner/CHANGELOG.md#710-httpsgithubcomstryker-mutatorstryker-jscomparev702v710-2023-06-24)
[Compare Source](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.2...v7.1.0)
**Note:** Version bump only for package [@stryker-mutator/mocha-runner](https://togithub.com/stryker-mutator/mocha-runner)
#### [7.0.2](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.1...v7.0.2) (2023-06-08)
**Note:** Version bump only for package [@stryker-mutator/mocha-runner](https://togithub.com/stryker-mutator/mocha-runner)
#### [7.0.1](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.0...v7.0.1) (2023-06-03)
##### Bug Fixes
- **deps:** update `@stryker-mutator/core` peer dep ([9dd4a76](https://togithub.com/stryker-mutator/stryker-js/commit/9dd4a767d30830861a3e997266a6491fae799acd))
stryker-mutator/stryker-js (@stryker-mutator/typescript-checker)
### [`v7.1.0`](https://togithub.com/stryker-mutator/stryker-js/blob/HEAD/packages/typescript-checker/CHANGELOG.md#710-httpsgithubcomstryker-mutatorstryker-jscomparev702v710-2023-06-24)
[Compare Source](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.2...v7.1.0)
**Note:** Version bump only for package [@stryker-mutator/typescript-checker](https://togithub.com/stryker-mutator/typescript-checker)
#### [7.0.2](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.1...v7.0.2) (2023-06-08)
**Note:** Version bump only for package [@stryker-mutator/typescript-checker](https://togithub.com/stryker-mutator/typescript-checker)
#### [7.0.1](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.0...v7.0.1) (2023-06-03)
##### Bug Fixes
- **deps:** update `@stryker-mutator/core` peer dep ([9dd4a76](https://togithub.com/stryker-mutator/stryker-js/commit/9dd4a767d30830861a3e997266a6491fae799acd))
typescript-eslint/typescript-eslint (@typescript-eslint/eslint-plugin)
### [`v5.60.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#5601-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5600v5601-2023-06-26)
[Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.60.0...v5.60.1)
**Note:** Version bump only for package [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)
You can read about our [versioning strategy](https://main--typescript-eslint.netlify.app/users/versioning) and [releases](https://main--typescript-eslint.netlify.app/users/releases) on our website.
typescript-eslint/typescript-eslint (@typescript-eslint/parser)
### [`v5.60.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#5601-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5600v5601-2023-06-26)
[Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.60.0...v5.60.1)
**Note:** Version bump only for package [@typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)
You can read about our [versioning strategy](https://main--typescript-eslint.netlify.app/users/versioning) and [releases](https://main--typescript-eslint.netlify.app/users/releases) on our website.
conventional-changelog/commitlint (commitlint)
### [`v17.6.6`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@alias/commitlint/CHANGELOG.md#1766-httpsgithubcomconventional-changelogcommitlintcomparev1765v1766-2023-06-24)
[Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v17.6.5...v17.6.6)
**Note:** Version bump only for package commitlint
gajus/eslint-plugin-jsdoc (eslint-plugin-jsdoc)
### [`v46.3.0`](https://togithub.com/gajus/eslint-plugin-jsdoc/releases/tag/v46.3.0)
[Compare Source](https://togithub.com/gajus/eslint-plugin-jsdoc/compare/v46.2.6...v46.3.0)
##### Bug Fixes
- make name required on `[@template](https://togithub.com/template)` for non-JSDoc modes ([467441b](https://togithub.com/gajus/eslint-plugin-jsdoc/commit/467441b4d0593a8c43bd7527d528507cef057fa1))
##### Features
- **`match-description`:** ensure `[@desc](https://togithub.com/desc)` checked by default; check more desc-like tags by default; check non-empty tags; [#233](https://togithub.com/gajus/eslint-plugin-jsdoc/issues/233) ([1b9d9e4](https://togithub.com/gajus/eslint-plugin-jsdoc/commit/1b9d9e4c85c30112813d4d6cfe8b4c9825956c22))
github/codeql-action (github/codeql-action)
### [`v2.20.1`](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1)
[Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1)
nodejs/node (node)
### [`v20.3.1`](https://togithub.com/nodejs/node/releases/tag/v20.3.1): 2023-06-20, Version 20.3.1 (Current), @RafaelGSS
[Compare Source](https://togithub.com/nodejs/node/compare/v20.2.0...v20.3.1)
This is a security release.
##### Notable Changes
The following CVEs are fixed in this release:
- [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
- [CVE-2023-30584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30584): Path Traversal Bypass in Experimental Permission Model (High)
- [CVE-2023-30587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30587): Bypass of Experimental Permission Model via Node.js Inspector (High)
- [CVE-2023-30582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30582): Inadequate Permission Model Allows Unauthorized File Watching (Medium)
- [CVE-2023-30583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30583): Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
- [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- [CVE-2023-30586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30586): Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
- [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium)
- [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium)
- [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium)
- OpenSSL Security Releases
- [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt).
- [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt).
- [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt)
More detailed information on each of the vulnerabilities can be found in [June 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/) blog post.
##### Commits
- \[[`dac08dafc9`](https://togithub.com/nodejs/node/commit/dac08dafc9)] - **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen) [nodejs-private/node-private#393](https://togithub.com/nodejs-private/node-private/pull/393)
- \[[`d274c3babc`](https://togithub.com/nodejs/node/commit/d274c3babc)] - **crypto,https,tls**: disable engines if perms enabled (Tobias Nießen) [nodejs-private/node-private#409](https://togithub.com/nodejs-private/node-private/pull/409)
- \[[`5621c1de38`](https://togithub.com/nodejs/node/commit/5621c1de38)] - **deps**: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) [#48402](https://togithub.com/nodejs/node/pull/48402)
- \[[`771caa9f1c`](https://togithub.com/nodejs/node/commit/771caa9f1c)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) [#48402](https://togithub.com/nodejs/node/pull/48402)
- \[[`0459bf9c99`](https://togithub.com/nodejs/node/commit/0459bf9c99)] - **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen) [nodejs-private/node-private#426](https://togithub.com/nodejs-private/node-private/pull/426)
- \[[`27e20501aa`](https://togithub.com/nodejs/node/commit/27e20501aa)] - **http**: disable request smuggling via empty headers (Paolo Insogna) [nodejs-private/node-private#427](https://togithub.com/nodejs-private/node-private/pull/427)
- \[[`9c17e335f1`](https://togithub.com/nodejs/node/commit/9c17e335f1)] - **msi**: do not create AppData\Roaming\npm (Tobias Nießen) [nodejs-private/node-private#408](https://togithub.com/nodejs-private/node-private/pull/408)
- \[[`b51124c637`](https://togithub.com/nodejs/node/commit/b51124c637)] - **permission**: handle fs path traversal (RafaelGSS) [nodejs-private/node-private#403](https://togithub.com/nodejs-private/node-private/pull/403)
- \[[`ebc5927adc`](https://togithub.com/nodejs/node/commit/ebc5927adc)] - **permission**: handle fs.openAsBlob (RafaelGSS) [nodejs-private/node-private#405](https://togithub.com/nodejs-private/node-private/pull/405)
- \[[`c39a43bff5`](https://togithub.com/nodejs/node/commit/c39a43bff5)] - **permission**: handle fs.watchFile (RafaelGSS) [nodejs-private/node-private#404](https://togithub.com/nodejs-private/node-private/pull/404)
- \[[`d0a8264ec9`](https://togithub.com/nodejs/node/commit/d0a8264ec9)] - **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS) [nodejs-private/node-private#416](https://togithub.com/nodejs-private/node-private/pull/416)
- \[[`3df13d5a79`](https://togithub.com/nodejs/node/commit/3df13d5a79)] - **src,permission**: restrict inspector when pm enabled (RafaelGSS) [nodejs-private/node-private#410](https://togithub.com/nodejs-private/node-private/pull/410)
sinonjs/sinon (sinon)
### [`v15.2.0`](https://togithub.com/sinonjs/sinon/blob/HEAD/CHANGES.md#1520)
[Compare Source](https://togithub.com/sinonjs/sinon/compare/v15.1.2...v15.2.0)
- [`66b0081e`](https://togithub.com/sinonjs/sinon/commit/66b0081e1f9673b14277882faa10aaa1e3b564ff)
Use fake-timers v10.1.0 re-released as v10.3.0 (Carl-Erik Kopseng)
> Version 10.2.0 of fake-timers had an unexpected breaking
> change. We re-released 10.1.0 as 10.3.0 to force users
> into jumping over the deprecated version.
>
> v10.2.0 was re-released as v11.0.0 and will be part of
> the next Sinon major
- [`a79ccaeb`](https://togithub.com/sinonjs/sinon/commit/a79ccaeb20bbb558902ae77b20bd026719de3004)
Support callable instances ([#2517](https://togithub.com/sinonjs/sinon/issues/2517)) (bojavou)
> - Support callable instances
>
> - Clean prettier lint
>
> ***
>
> Co-authored-by: - <->
- [`d220c995`](https://togithub.com/sinonjs/sinon/commit/d220c99516ddb644d3702b4736bdfd311a2b05ec)
fix: bundling compatibility with webpack@5 ([#2519](https://togithub.com/sinonjs/sinon/issues/2519)) (Avi Vahl)
> - fix: bundling compatibility with webpack@5
>
> when using webpack v5 to bundle code that calls `require('sinon')` (cjs) , it would have defaulted to "exports->require" and fail with multiple node-api requirements (util, timers, etc.)
>
> this patch ensures that anyone who bundles sinon for browser gets the (browser-compatible) esm version.
>
> tested on both webpack v5 and v4. should be noted that v4 worked even without this patch, as it automatically injected polyfills. v5 no longer does so. with this PR, people using webpack@4 to bundle sinon at least see size improvement, as the polyfills are no longer required.
>
> - fix: revert change for package.json -> "browser"
>
> browserify doesn't seem to like esm. leave that entry point alone, and ensure "exports" -> "browser" (which webpack@5 uses) is esm.
*Released by [Carl-Erik Kopseng](https://togithub.com/fatso83) on 2023-06-20.*
Configuration
📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
17.6.5
->17.6.6
7.0.2
->7.1.0
7.0.2
->7.1.0
7.0.2
->7.1.0
5.60.0
->5.60.1
5.60.0
->5.60.1
17.6.5
->17.6.6
46.2.6
->46.3.0
v2.20.0
->v2.20.1
20.2.0
->20.3.1
15.1.2
->15.2.0
Release Notes
conventional-changelog/commitlint (@commitlint/config-conventional)
### [`v17.6.6`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@commitlint/config-conventional/CHANGELOG.md#1766-httpsgithubcomconventional-changelogcommitlintcomparev1765v1766-2023-06-24) [Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v17.6.5...v17.6.6) **Note:** Version bump only for package [@commitlint/config-conventional](https://togithub.com/commitlint/config-conventional)stryker-mutator/stryker-js (@stryker-mutator/core)
### [`v7.1.0`](https://togithub.com/stryker-mutator/stryker-js/blob/HEAD/packages/core/CHANGELOG.md#710-httpsgithubcomstryker-mutatorstryker-jscomparev702v710-2023-06-24) [Compare Source](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.2...v7.1.0) ##### Bug Fixes - **deps:** update dependency commander to v11 ([#4304](https://togithub.com/stryker-mutator/stryker-js/issues/4304)) ([f9d5673](https://togithub.com/stryker-mutator/stryker-js/commit/f9d567383584929da43b8dec99d4ac9b2762cb11)) - **deps:** update dependency glob to v10.3.0 ([#4321](https://togithub.com/stryker-mutator/stryker-js/issues/4321)) ([72615b6](https://togithub.com/stryker-mutator/stryker-js/commit/72615b66517ab053df040a6cfbecc20da478e8b6)) ##### Features - **init:** use registry.npmjs.com for queries ([#4298](https://togithub.com/stryker-mutator/stryker-js/issues/4298)) ([a952edf](https://togithub.com/stryker-mutator/stryker-js/commit/a952edf7795aecc8119215d1a8662c61b917dc0b)) - **init:** use vitest runner for vue projects ([#4327](https://togithub.com/stryker-mutator/stryker-js/issues/4327)) ([ab7313d](https://togithub.com/stryker-mutator/stryker-js/commit/ab7313d113b8144e25401e33c3f29b1b82e5db45)) #### [7.0.2](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.1...v7.0.2) (2023-06-08) ##### Bug Fixes - **deps:** update dependency get-port to v7 ([#4260](https://togithub.com/stryker-mutator/stryker-js/issues/4260)) ([c9d384c](https://togithub.com/stryker-mutator/stryker-js/commit/c9d384c5894cf22c61eb108629a3caf7a77208e4)) - **deps:** update dependency tslib to v2.5.3 ([#4255](https://togithub.com/stryker-mutator/stryker-js/issues/4255)) ([8084d15](https://togithub.com/stryker-mutator/stryker-js/commit/8084d15ded945958ac3b5b27935cc2f3822f5bc8)) #### [7.0.1](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.0...v7.0.1) (2023-06-03) **Note:** Version bump only for package [@stryker-mutator/core](https://togithub.com/stryker-mutator/core)stryker-mutator/stryker-js (@stryker-mutator/mocha-runner)
### [`v7.1.0`](https://togithub.com/stryker-mutator/stryker-js/blob/HEAD/packages/mocha-runner/CHANGELOG.md#710-httpsgithubcomstryker-mutatorstryker-jscomparev702v710-2023-06-24) [Compare Source](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.2...v7.1.0) **Note:** Version bump only for package [@stryker-mutator/mocha-runner](https://togithub.com/stryker-mutator/mocha-runner) #### [7.0.2](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.1...v7.0.2) (2023-06-08) **Note:** Version bump only for package [@stryker-mutator/mocha-runner](https://togithub.com/stryker-mutator/mocha-runner) #### [7.0.1](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.0...v7.0.1) (2023-06-03) ##### Bug Fixes - **deps:** update `@stryker-mutator/core` peer dep ([9dd4a76](https://togithub.com/stryker-mutator/stryker-js/commit/9dd4a767d30830861a3e997266a6491fae799acd))stryker-mutator/stryker-js (@stryker-mutator/typescript-checker)
### [`v7.1.0`](https://togithub.com/stryker-mutator/stryker-js/blob/HEAD/packages/typescript-checker/CHANGELOG.md#710-httpsgithubcomstryker-mutatorstryker-jscomparev702v710-2023-06-24) [Compare Source](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.2...v7.1.0) **Note:** Version bump only for package [@stryker-mutator/typescript-checker](https://togithub.com/stryker-mutator/typescript-checker) #### [7.0.2](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.1...v7.0.2) (2023-06-08) **Note:** Version bump only for package [@stryker-mutator/typescript-checker](https://togithub.com/stryker-mutator/typescript-checker) #### [7.0.1](https://togithub.com/stryker-mutator/stryker-js/compare/v7.0.0...v7.0.1) (2023-06-03) ##### Bug Fixes - **deps:** update `@stryker-mutator/core` peer dep ([9dd4a76](https://togithub.com/stryker-mutator/stryker-js/commit/9dd4a767d30830861a3e997266a6491fae799acd))typescript-eslint/typescript-eslint (@typescript-eslint/eslint-plugin)
### [`v5.60.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#5601-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5600v5601-2023-06-26) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.60.0...v5.60.1) **Note:** Version bump only for package [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) You can read about our [versioning strategy](https://main--typescript-eslint.netlify.app/users/versioning) and [releases](https://main--typescript-eslint.netlify.app/users/releases) on our website.typescript-eslint/typescript-eslint (@typescript-eslint/parser)
### [`v5.60.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#5601-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5600v5601-2023-06-26) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.60.0...v5.60.1) **Note:** Version bump only for package [@typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) You can read about our [versioning strategy](https://main--typescript-eslint.netlify.app/users/versioning) and [releases](https://main--typescript-eslint.netlify.app/users/releases) on our website.conventional-changelog/commitlint (commitlint)
### [`v17.6.6`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@alias/commitlint/CHANGELOG.md#1766-httpsgithubcomconventional-changelogcommitlintcomparev1765v1766-2023-06-24) [Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v17.6.5...v17.6.6) **Note:** Version bump only for package commitlintgajus/eslint-plugin-jsdoc (eslint-plugin-jsdoc)
### [`v46.3.0`](https://togithub.com/gajus/eslint-plugin-jsdoc/releases/tag/v46.3.0) [Compare Source](https://togithub.com/gajus/eslint-plugin-jsdoc/compare/v46.2.6...v46.3.0) ##### Bug Fixes - make name required on `[@template](https://togithub.com/template)` for non-JSDoc modes ([467441b](https://togithub.com/gajus/eslint-plugin-jsdoc/commit/467441b4d0593a8c43bd7527d528507cef057fa1)) ##### Features - **`match-description`:** ensure `[@desc](https://togithub.com/desc)` checked by default; check more desc-like tags by default; check non-empty tags; [#233](https://togithub.com/gajus/eslint-plugin-jsdoc/issues/233) ([1b9d9e4](https://togithub.com/gajus/eslint-plugin-jsdoc/commit/1b9d9e4c85c30112813d4d6cfe8b4c9825956c22))github/codeql-action (github/codeql-action)
### [`v2.20.1`](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1)nodejs/node (node)
### [`v20.3.1`](https://togithub.com/nodejs/node/releases/tag/v20.3.1): 2023-06-20, Version 20.3.1 (Current), @RafaelGSS [Compare Source](https://togithub.com/nodejs/node/compare/v20.2.0...v20.3.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) - [CVE-2023-30584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30584): Path Traversal Bypass in Experimental Permission Model (High) - [CVE-2023-30587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30587): Bypass of Experimental Permission Model via Node.js Inspector (High) - [CVE-2023-30582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30582): Inadequate Permission Model Allows Unauthorized File Watching (Medium) - [CVE-2023-30583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30583): Bypass of Experimental Permission Model via fs.openAsBlob() (Medium) - [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) - [CVE-2023-30586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30586): Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium) - [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium) - [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium) - [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt). - [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt). - [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt) More detailed information on each of the vulnerabilities can be found in [June 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/) blog post. ##### Commits - \[[`dac08dafc9`](https://togithub.com/nodejs/node/commit/dac08dafc9)] - **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen) [nodejs-private/node-private#393](https://togithub.com/nodejs-private/node-private/pull/393) - \[[`d274c3babc`](https://togithub.com/nodejs/node/commit/d274c3babc)] - **crypto,https,tls**: disable engines if perms enabled (Tobias Nießen) [nodejs-private/node-private#409](https://togithub.com/nodejs-private/node-private/pull/409) - \[[`5621c1de38`](https://togithub.com/nodejs/node/commit/5621c1de38)] - **deps**: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) [#48402](https://togithub.com/nodejs/node/pull/48402) - \[[`771caa9f1c`](https://togithub.com/nodejs/node/commit/771caa9f1c)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) [#48402](https://togithub.com/nodejs/node/pull/48402) - \[[`0459bf9c99`](https://togithub.com/nodejs/node/commit/0459bf9c99)] - **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen) [nodejs-private/node-private#426](https://togithub.com/nodejs-private/node-private/pull/426) - \[[`27e20501aa`](https://togithub.com/nodejs/node/commit/27e20501aa)] - **http**: disable request smuggling via empty headers (Paolo Insogna) [nodejs-private/node-private#427](https://togithub.com/nodejs-private/node-private/pull/427) - \[[`9c17e335f1`](https://togithub.com/nodejs/node/commit/9c17e335f1)] - **msi**: do not create AppData\Roaming\npm (Tobias Nießen) [nodejs-private/node-private#408](https://togithub.com/nodejs-private/node-private/pull/408) - \[[`b51124c637`](https://togithub.com/nodejs/node/commit/b51124c637)] - **permission**: handle fs path traversal (RafaelGSS) [nodejs-private/node-private#403](https://togithub.com/nodejs-private/node-private/pull/403) - \[[`ebc5927adc`](https://togithub.com/nodejs/node/commit/ebc5927adc)] - **permission**: handle fs.openAsBlob (RafaelGSS) [nodejs-private/node-private#405](https://togithub.com/nodejs-private/node-private/pull/405) - \[[`c39a43bff5`](https://togithub.com/nodejs/node/commit/c39a43bff5)] - **permission**: handle fs.watchFile (RafaelGSS) [nodejs-private/node-private#404](https://togithub.com/nodejs-private/node-private/pull/404) - \[[`d0a8264ec9`](https://togithub.com/nodejs/node/commit/d0a8264ec9)] - **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS) [nodejs-private/node-private#416](https://togithub.com/nodejs-private/node-private/pull/416) - \[[`3df13d5a79`](https://togithub.com/nodejs/node/commit/3df13d5a79)] - **src,permission**: restrict inspector when pm enabled (RafaelGSS) [nodejs-private/node-private#410](https://togithub.com/nodejs-private/node-private/pull/410)sinonjs/sinon (sinon)
### [`v15.2.0`](https://togithub.com/sinonjs/sinon/blob/HEAD/CHANGES.md#1520) [Compare Source](https://togithub.com/sinonjs/sinon/compare/v15.1.2...v15.2.0) - [`66b0081e`](https://togithub.com/sinonjs/sinon/commit/66b0081e1f9673b14277882faa10aaa1e3b564ff) Use fake-timers v10.1.0 re-released as v10.3.0 (Carl-Erik Kopseng) > Version 10.2.0 of fake-timers had an unexpected breaking > change. We re-released 10.1.0 as 10.3.0 to force users > into jumping over the deprecated version. > > v10.2.0 was re-released as v11.0.0 and will be part of > the next Sinon major - [`a79ccaeb`](https://togithub.com/sinonjs/sinon/commit/a79ccaeb20bbb558902ae77b20bd026719de3004) Support callable instances ([#2517](https://togithub.com/sinonjs/sinon/issues/2517)) (bojavou) > - Support callable instances > > - Clean prettier lint > > *** > > Co-authored-by: - <-> - [`d220c995`](https://togithub.com/sinonjs/sinon/commit/d220c99516ddb644d3702b4736bdfd311a2b05ec) fix: bundling compatibility with webpack@5 ([#2519](https://togithub.com/sinonjs/sinon/issues/2519)) (Avi Vahl) > - fix: bundling compatibility with webpack@5 > > when using webpack v5 to bundle code that calls `require('sinon')` (cjs) , it would have defaulted to "exports->require" and fail with multiple node-api requirements (util, timers, etc.) > > this patch ensures that anyone who bundles sinon for browser gets the (browser-compatible) esm version. > > tested on both webpack v5 and v4. should be noted that v4 worked even without this patch, as it automatically injected polyfills. v5 no longer does so. with this PR, people using webpack@4 to bundle sinon at least see size improvement, as the polyfills are no longer required. > > - fix: revert change for package.json -> "browser" > > browserify doesn't seem to like esm. leave that entry point alone, and ensure "exports" -> "browser" (which webpack@5 uses) is esm. *Released by [Carl-Erik Kopseng](https://togithub.com/fatso83) on 2023-06-20.*Configuration
📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.