Closed renovate[bot] closed 4 months ago
This PR contains the following updates:
20.15.0
20.15.1
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
20.15.0->20.15.1Release Notes
nodejs/node (node)
### [`v20.15.1`](https://togithub.com/nodejs/node/releases/tag/v20.15.1): 2024-07-08, Version 20.15.1 'Iron' (LTS), @RafaelGSS [Compare Source](https://togithub.com/nodejs/node/compare/v20.15.0...v20.15.1) This is a security release. ##### Notable Changes - CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) - CVE-2024-22020 - Bypass network import restriction via data URL (Medium) - CVE-2024-22018 - fs.lstat bypasses permission model (Low) - CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low) - CVE-2024-37372 - Permission model improperly processes UNC paths (Low) ##### Commits - \[[`60e184a6e4`](https://togithub.com/nodejs/node/commit/60e184a6e4)] - **lib,esm**: handle bypass network-import via data: (RafaelGSS) [nodejs-private/node-private#522](https://togithub.com/nodejs-private/node-private/pull/522) - \[[`025cbd6936`](https://togithub.com/nodejs/node/commit/025cbd6936)] - **lib,permission**: support fs.lstat (RafaelGSS) [nodejs-private/node-private#486](https://togithub.com/nodejs-private/node-private/pull/486) - \[[`d38ea17341`](https://togithub.com/nodejs/node/commit/d38ea17341)] - **lib,permission**: disable fchmod/fchown when pm enabled (RafaelGSS) [nodejs-private/node-private#584](https://togithub.com/nodejs-private/node-private/pull/584) - \[[`1ba624cd3b`](https://togithub.com/nodejs/node/commit/1ba624cd3b)] - **src**: handle permissive extension on cmd check (RafaelGSS) [nodejs-private/node-private#596](https://togithub.com/nodejs-private/node-private/pull/596) - \[[`2524d00c3d`](https://togithub.com/nodejs/node/commit/2524d00c3d)] - **src,permission**: fix UNC path resolution (RafaelGSS) [nodejs-private/node-private#581](https://togithub.com/nodejs-private/node-private/pull/581) - \[[`484cb0f13c`](https://togithub.com/nodejs/node/commit/484cb0f13c)] - **src,permission**: resolve path on fs_permission (Rafael Gonzaga) [#52761](https://togithub.com/nodejs/node/pull/52761)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.