search

gagoar / use-herald-action

GitHub action to add reviewers, subscribers, labels, and assignees to your PR. You can validate your PR template as well.
https://gagoar.github.io/use-herald-action/
MIT License
53 stars 7 forks source link

Update Node.js to v14.17.6 #477

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Type Update Change
node patch 14.17.5 -> 14.17.6
@types/node devDependencies patch 14.17.11 -> 14.17.17

Release Notes

nodejs/node ### [`v14.17.6`](https://togithub.com/nodejs/node/releases/v14.17.6) [Compare Source](https://togithub.com/nodejs/node/compare/v14.17.5...v14.17.6) This is a security release. ##### Notable Changes These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities [CVE-2021-32803](https://togithub.com/advisories/GHSA-r628-mhmh-qjhw) and [CVE-2021-32804](https://togithub.com/advisories/GHSA-3jfq-g458-7qm9). Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist. You can read more about it in: - [CVE-2021-37701](https://togithub.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc) - [CVE-2021-37712](https://togithub.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p) - [CVE-2021-37713](https://togithub.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh) - [CVE-2021-39134](https://togithub.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc) - [CVE-2021-39135](https://togithub.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2) ##### Commits - \[[`5b3f70bfb5`](https://togithub.com/nodejs/node/commit/5b3f70bfb5)] - **deps**: update archs files for OpenSSL-1.1.1l (Richard Lau) [#​39868](https://togithub.com/nodejs/node/pull/39868) - \[[`71372625ae`](https://togithub.com/nodejs/node/commit/71372625ae)] - **deps**: upgrade openssl sources to 1.1.1l (Richard Lau) [#​39868](https://togithub.com/nodejs/node/pull/39868) - \[[`4276984803`](https://togithub.com/nodejs/node/commit/4276984803)] - **deps**: upgrade npm to 6.14.15 (Darcy Clarke) [#​39856](https://togithub.com/nodejs/node/pull/39856)

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

This PR has been generated by WhiteSource Renovate. View repository job log here.

codecov[bot] commented 2 years ago

Codecov Report

Merging #477 (28a8df6) into master (83fa553) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##            master      #477   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            8         8           
  Lines          342       342           
  Branches        51        51           
=========================================
  Hits           342       342
Flag Coverage Δ
unittests 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 83fa553...28a8df6. Read the comment docs.