hackariens / angular

Templates pour la création d'un nouveau projet angular
0 stars 1 forks source link

chore(deps): update node.js to v16.20.1 - autoclosed #166

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Update Change
node minor 16.19.0 -> 16.20.1

Release Notes

nodejs/node ### [`v16.20.1`](https://togithub.com/nodejs/node/releases/tag/v16.20.1): 2023-06-20, Version 16.20.1 'Gallium' (LTS), @​RafaelGSS [Compare Source](https://togithub.com/nodejs/node/compare/v16.20.0...v16.20.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) - [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) - [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium) - [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium) - [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt). - [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt). - [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt) - c-ares vulnerabilities: - [GHSA-9g78-jv2r-p7vc](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc) - [GHSA-8r8p-23f3-64c2](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2) - [GHSA-54xr-f67r-4pc4](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4) - [GHSA-x6mf-cxr9-8q6v](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v) More detailed information on each of the vulnerabilities can be found in [June 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/) blog post. ##### Commits - \[[`5a92ea7a3b`](https://togithub.com/nodejs/node/commit/5a92ea7a3b)] - **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen) - \[[`5df04e893a`](https://togithub.com/nodejs/node/commit/5df04e893a)] - **deps**: set `CARES_RANDOM_FILE` for c-ares (Richard Lau) [#​48156](https://togithub.com/nodejs/node/pull/48156) - \[[`c171cbd124`](https://togithub.com/nodejs/node/commit/c171cbd124)] - **deps**: update c-ares to 1.19.1 (RafaelGSS) [#​48115](https://togithub.com/nodejs/node/pull/48115) - \[[`155d3aac02`](https://togithub.com/nodejs/node/commit/155d3aac02)] - **deps**: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) [#​48369](https://togithub.com/nodejs/node/pull/48369) - \[[`8d4c8f8ebe`](https://togithub.com/nodejs/node/commit/8d4c8f8ebe)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1u (RafaelGSS) [#​48369](https://togithub.com/nodejs/node/pull/48369) - \[[`1a5c9284eb`](https://togithub.com/nodejs/node/commit/1a5c9284eb)] - **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen) [nodejs-private/node-private#​426](https://togithub.com/nodejs-private/node-private/pull/426) - \[[`e42ff4b018`](https://togithub.com/nodejs/node/commit/e42ff4b018)] - **http**: disable request smuggling via empty headers (Paolo Insogna) [nodejs-private/node-private#​429](https://togithub.com/nodejs-private/node-private/pull/429) - \[[`10042683c8`](https://togithub.com/nodejs/node/commit/10042683c8)] - **msi**: do not create AppData\Roaming\npm (Tobias Nießen) [nodejs-private/node-private#​408](https://togithub.com/nodejs-private/node-private/pull/408) - \[[`a6f4e87bc9`](https://togithub.com/nodejs/node/commit/a6f4e87bc9)] - **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS) [nodejs-private/node-private#​416](https://togithub.com/nodejs-private/node-private/pull/416) - \[[`b77000f4d7`](https://togithub.com/nodejs/node/commit/b77000f4d7)] - **test**: allow SIGBUS in signal-handler abort test (Michaël Zasso) [#​47851](https://togithub.com/nodejs/node/pull/47851) ### [`v16.20.0`](https://togithub.com/nodejs/node/releases/tag/v16.20.0): 2023-03-29, Version 16.20.0 'Gallium' (LTS), @​BethGriggs [Compare Source](https://togithub.com/nodejs/node/compare/v16.19.1...v16.20.0) ##### Notable Changes - **deps:** - update undici to 5.20.0 (Node.js GitHub Bot) [#​46711](https://togithub.com/nodejs/node/pull/46711) - update c-ares to 1.19.0 (Michaël Zasso) [#​46415](https://togithub.com/nodejs/node/pull/46415) - upgrade npm to 8.19.4 (npm team) [#​46677](https://togithub.com/nodejs/node/pull/46677) - update corepack to 0.17.0 (Node.js GitHub Bot) [#​46842](https://togithub.com/nodejs/node/pull/46842) - **(SEMVER-MINOR)** **src**: add support for externally shared js builtins (Michael Dawson) [#​44376](https://togithub.com/nodejs/node/pull/44376) ##### Commits - \[[`de6dd67790`](https://togithub.com/nodejs/node/commit/de6dd67790)] - **crypto**: avoid hang when no algorithm available (Richard Lau) [#​46237](https://togithub.com/nodejs/node/pull/46237) - \[[`4617512788`](https://togithub.com/nodejs/node/commit/4617512788)] - **crypto**: ensure auth tag set for chacha20-poly1305 (Ben Noordhuis) [#​46185](https://togithub.com/nodejs/node/pull/46185) - \[[`24972164fc`](https://togithub.com/nodejs/node/commit/24972164fc)] - **deps**: update undici to 5.20.0 (Node.js GitHub Bot) [#​46711](https://togithub.com/nodejs/node/pull/46711) - \[[`85f88c6a8d`](https://togithub.com/nodejs/node/commit/85f88c6a8d)] - **deps**: V8: cherry-pick [`90be99f`](https://togithub.com/nodejs/node/commit/90be99fab31c) (Michaël Zasso) [#​46646](https://togithub.com/nodejs/node/pull/46646) - \[[`b4ebe6d47b`](https://togithub.com/nodejs/node/commit/b4ebe6d47b)] - **deps**: update c-ares to 1.19.0 (Michaël Zasso) [#​46415](https://togithub.com/nodejs/node/pull/46415) - \[[`56cbc7fdda`](https://togithub.com/nodejs/node/commit/56cbc7fdda)] - **deps**: V8: cherry-pick [`c2792e5`](https://togithub.com/nodejs/node/commit/c2792e58035f) (Jiawen Geng) [#​44961](https://togithub.com/nodejs/node/pull/44961) - \[[`7af9bdb31e`](https://togithub.com/nodejs/node/commit/7af9bdb31e)] - **deps**: upgrade npm to 8.19.4 (npm team) [#​46677](https://togithub.com/nodejs/node/pull/46677) - \[[`962a7471b5`](https://togithub.com/nodejs/node/commit/962a7471b5)] - **deps**: update corepack to 0.17.0 (Node.js GitHub Bot) [#​46842](https://togithub.com/nodejs/node/pull/46842) - \[[`748bc96e35`](https://togithub.com/nodejs/node/commit/748bc96e35)] - **deps**: update corepack to 0.16.0 (Node.js GitHub Bot) [#​46710](https://togithub.com/nodejs/node/pull/46710) - \[[`a467782499`](https://togithub.com/nodejs/node/commit/a467782499)] - **deps**: update corepack to 0.15.3 (Node.js GitHub Bot) [#​46037](https://togithub.com/nodejs/node/pull/46037) - \[[`1913b6763d`](https://togithub.com/nodejs/node/commit/1913b6763d)] - **deps**: update corepack to 0.15.2 (Node.js GitHub Bot) [#​45635](https://togithub.com/nodejs/node/pull/45635) - \[[`809371a15f`](https://togithub.com/nodejs/node/commit/809371a15f)] - **module**: require.resolve.paths returns null with node schema (MURAKAMI Masahiko) [#​45147](https://togithub.com/nodejs/node/pull/45147) - \[[`086bb2f8d4`](https://togithub.com/nodejs/node/commit/086bb2f8d4)] - ***Revert*** "**src**: let http2 streams end after session close" (Rich Trott) [#​46721](https://togithub.com/nodejs/node/pull/46721) - \[[`6a01d39120`](https://togithub.com/nodejs/node/commit/6a01d39120)] - **(SEMVER-MINOR)** **src**: add support for externally shared js builtins (Michael Dawson) [#​44376](https://togithub.com/nodejs/node/pull/44376) - \[[`d081032a60`](https://togithub.com/nodejs/node/commit/d081032a60)] - **test**: fix test-net-connect-reset-until-connected (Vita Batrla) [#​46781](https://togithub.com/nodejs/node/pull/46781) - \[[`efe1be47ec`](https://togithub.com/nodejs/node/commit/efe1be47ec)] - **test**: skip test depending on `overlapped-checker` when not available (Antoine du Hamel) [#​45015](https://togithub.com/nodejs/node/pull/45015) - \[[`fc47d58abe`](https://togithub.com/nodejs/node/commit/fc47d58abe)] - **test**: remove cjs loader from stack traces (Geoffrey Booth) [#​44197](https://togithub.com/nodejs/node/pull/44197) - \[[`cf76d0790d`](https://togithub.com/nodejs/node/commit/cf76d0790d)] - **test**: fix WPT title when no META title is present (Filip Skokan) [#​46804](https://togithub.com/nodejs/node/pull/46804) - \[[`0d1485b924`](https://togithub.com/nodejs/node/commit/0d1485b924)] - **test**: fix default WPT titles (Filip Skokan) [#​46778](https://togithub.com/nodejs/node/pull/46778) - \[[`088e9cde3d`](https://togithub.com/nodejs/node/commit/088e9cde3d)] - **test**: add WPTRunner support for variants and generating WPT reports (Filip Skokan) [#​46498](https://togithub.com/nodejs/node/pull/46498) - \[[`908c4dff44`](https://togithub.com/nodejs/node/commit/908c4dff44)] - **test**: mark test-crypto-key-objects flaky on Linux (Richard Lau) [#​46684](https://togithub.com/nodejs/node/pull/46684) - \[[`768e56227e`](https://togithub.com/nodejs/node/commit/768e56227e)] - **tools**: make `utils.SearchFiles` deterministic (Bruno Pitrus) [#​44496](https://togithub.com/nodejs/node/pull/44496) ### [`v16.19.1`](https://togithub.com/nodejs/node/releases/tag/v16.19.1): 2023-02-16, Version 16.19.1 'Gallium' (LTS), @​richardlau [Compare Source](https://togithub.com/nodejs/node/compare/v16.19.0...v16.19.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Node.js Permissions policies can be bypassed via process.mainModule (High) - **[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919)**: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) - **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) Fixed by an update to undici: - **[CVE-2023-23936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23936)**: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) - See for more information. - **[CVE-2023-24807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24807)**: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) - See for more information. More detailed information on each of the vulnerabilities can be found in [February 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/) blog post. This security release includes OpenSSL security updates as outlined in the recent [OpenSSL security advisory](https://www.openssl.org/news/secadv/20230207.txt). ##### Commits - \[[`7fef050447`](https://togithub.com/nodejs/node/commit/7fef050447)] - **build**: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) [nodejs-private/node-private#​374](https://togithub.com/nodejs-private/node-private/pull/374) - \[[`b558e9f476`](https://togithub.com/nodejs/node/commit/b558e9f476)] - **crypto**: clear OpenSSL error on invalid ca cert (RafaelGSS) [nodejs-private/node-private#​375](https://togithub.com/nodejs-private/node-private/pull/375) - \[[`160adb7ffc`](https://togithub.com/nodejs/node/commit/160adb7ffc)] - **crypto**: clear OpenSSL error queue after calling X509\_check_private_key() (Filip Skokan) [#​45495](https://togithub.com/nodejs/node/pull/45495) - \[[`d0ece30948`](https://togithub.com/nodejs/node/commit/d0ece30948)] - **crypto**: clear OpenSSL error queue after calling X509\_verify() (Takuro Sato) [#​45377](https://togithub.com/nodejs/node/pull/45377) - \[[`2d9ae4f184`](https://togithub.com/nodejs/node/commit/2d9ae4f184)] - **deps**: update undici to v5.19.1 (Matteo Collina) [nodejs-private/node-private#​388](https://togithub.com/nodejs-private/node-private/pull/388) - \[[`d80e8312fd`](https://togithub.com/nodejs/node/commit/d80e8312fd)] - **deps**: cherry-pick Windows ARM64 fix for openssl (Richard Lau) [#​46568](https://togithub.com/nodejs/node/pull/46568) - \[[`de5c8d2c2f`](https://togithub.com/nodejs/node/commit/de5c8d2c2f)] - **deps**: update archs files for quictls/openssl-1.1.1t+quic (RafaelGSS) [#​46568](https://togithub.com/nodejs/node/pull/46568) - \[[`1a8ccfe908`](https://togithub.com/nodejs/node/commit/1a8ccfe908)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1t+quic (RafaelGSS) [#​46568](https://togithub.com/nodejs/node/pull/46568) - \[[`693789780b`](https://togithub.com/nodejs/node/commit/693789780b)] - **doc**: clarify release notes for Node.js 16.19.0 (Richard Lau) [#​45846](https://togithub.com/nodejs/node/pull/45846) - \[[`f95ef064f4`](https://togithub.com/nodejs/node/commit/f95ef064f4)] - **lib**: makeRequireFunction patch when experimental policy (RafaelGSS) [nodejs-private/node-private#​358](https://togithub.com/nodejs-private/node-private/pull/358) - \[[`b02d895137`](https://togithub.com/nodejs/node/commit/b02d895137)] - **policy**: makeRequireFunction on mainModule.require (RafaelGSS) [nodejs-private/node-private#​358](https://togithub.com/nodejs-private/node-private/pull/358) - \[[`d7f83c420c`](https://togithub.com/nodejs/node/commit/d7f83c420c)] - **test**: avoid left behind child processes (Richard Lau) [#​46276](https://togithub.com/nodejs/node/pull/46276)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.