nodejs/node
### [`v14.16.1`](https://togithub.com/nodejs/node/releases/v14.16.1)
[Compare Source](https://togithub.com/nodejs/node/compare/v14.16.0...v14.16.1)
This is a security release.
##### Notable Changes
Vulnerabilities fixed:
- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in
- Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in
- Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)
- This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in
- Impacts:
- All versions of the 14.x, 12.x and 10.x releases lines
##### Commits
- \[[`467be7a950`](https://togithub.com/nodejs/node/commit/467be7a950)] - **deps**: upgrade npm to 6.14.12 (Ruy Adorno) [#37918](https://togithub.com/nodejs/node/pull/37918)
- \[[`6bc8f58182`](https://togithub.com/nodejs/node/commit/6bc8f58182)] - **deps**: update archs files for OpenSSL-1.1.1k (Tobias Nießen) [#37938](https://togithub.com/nodejs/node/pull/37938)
- \[[`403a014ef6`](https://togithub.com/nodejs/node/commit/403a014ef6)] - **deps**: upgrade openssl sources to 1.1.1k (Tobias Nießen) [#37938](https://togithub.com/nodejs/node/pull/37938)
Configuration
:date: Schedule: "every 2 weeks on Monday before 7am" in timezone Europe/Berlin.
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box.
This PR contains the following updates:
14.16.0
->14.16.1
Release Notes
nodejs/node
### [`v14.16.1`](https://togithub.com/nodejs/node/releases/v14.16.1) [Compare Source](https://togithub.com/nodejs/node/compare/v14.16.0...v14.16.1) This is a security release. ##### Notable Changes Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it inConfiguration
:date: Schedule: "every 2 weeks on Monday before 7am" in timezone Europe/Berlin.
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.