Closed renovate[bot] closed 11 months ago
Latest commit: aaf305712b84e6da722be6a1f28f8a82b264cb86
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
This pull request is automatically built and testable in CodeSandbox.
To see build info of the built libraries, click here or the icon next to each commit SHA.
Because you closed this PR without merging, Renovate will ignore this update (>=14.21.3
). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps
array of your Renovate config.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
>=14
->>=14.21.3
Release Notes
nodejs/node (node)
### [`v14.21.3`](https://togithub.com/nodejs/node/releases/tag/v14.21.3): 2023-02-16, Version 14.21.3 'Fermium' (LTS), @richardlau [Compare Source](https://togithub.com/nodejs/node/compare/v14.21.2...v14.21.3) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Node.js Permissions policies can be bypassed via process.mainModule (High) - **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) More detailed information on each of the vulnerabilities can be found in [February 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/) blog post. This security release includes OpenSSL security updates as outlined in the recent [OpenSSL security advisory](https://www.openssl.org/news/secadv/20230207.txt). This security release also includes an npm update for Node.js 14 to address a number of CVEs which either do not affect Node.js or are low severity in the context of Node.js. You can get more details for the individual CVEs in [nodejs-dependency-vuln-assessments](https://togithub.com/nodejs/nodejs-dependency-vuln-assessments). ##### Commits - \[[`97a0443f13`](https://togithub.com/nodejs/node/commit/97a0443f13)] - **build**: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) [nodejs-private/node-private#374](https://togithub.com/nodejs-private/node-private/pull/374) - \[[`9e6221529b`](https://togithub.com/nodejs/node/commit/9e6221529b)] - **deps**: cherry-pick Windows ARM64 fix for openssl (Richard Lau) [#46566](https://togithub.com/nodejs/node/pull/46566) - \[[`0d5f86451d`](https://togithub.com/nodejs/node/commit/0d5f86451d)] - **deps**: update archs files for OpenSSL-1.1.1t (RafaelGSS) [#46566](https://togithub.com/nodejs/node/pull/46566) - \[[`8c11d17b40`](https://togithub.com/nodejs/node/commit/8c11d17b40)] - **deps**: upgrade openssl sources to 1.1.1t (RafaelGSS) [#46566](https://togithub.com/nodejs/node/pull/46566) - \[[`224e93c9ef`](https://togithub.com/nodejs/node/commit/224e93c9ef)] - **deps**: upgrade npm to 6.14.18 (Ruy Adorno) [#45936](https://togithub.com/nodejs/node/pull/45936) - \[[`d73ea4de13`](https://togithub.com/nodejs/node/commit/d73ea4de13)] - **doc**: clarify release notes for Node.js 14.21.2 (Richard Lau) [#45846](https://togithub.com/nodejs/node/pull/45846) - \[[`f7892c16be`](https://togithub.com/nodejs/node/commit/f7892c16be)] - **lib**: makeRequireFunction patch when experimental policy (RafaelGSS) [nodejs-private/node-private#358](https://togithub.com/nodejs-private/node-private/pull/358) - \[[`fa115ee8ac`](https://togithub.com/nodejs/node/commit/fa115ee8ac)] - **module**: protect against prototype mutation (Antoine du Hamel) [#44007](https://togithub.com/nodejs/node/pull/44007) - \[[`83975b7fb4`](https://togithub.com/nodejs/node/commit/83975b7fb4)] - **policy**: makeRequireFunction on mainModule.require (RafaelGSS) [nodejs-private/node-private#358](https://togithub.com/nodejs-private/node-private/pull/358) - \[[`a5f8798d7a`](https://togithub.com/nodejs/node/commit/a5f8798d7a)] - **test**: avoid left behind child processes (Richard Lau) [#46276](https://togithub.com/nodejs/node/pull/46276) ### [`v14.21.2`](https://togithub.com/nodejs/node/releases/tag/v14.21.2): 2022-12-13, Version 14.21.2 'Fermium' (LTS), @richardlau [Compare Source](https://togithub.com/nodejs/node/compare/v14.21.1...v14.21.2) ##### Notable Changes ##### OpenSSL 1.1.1s This update is a bugfix release and does not address any security vulnerabilities. ##### Root certificates updated to NSS 3.85 Certificates added: - Autoridad de Certificacion Firmaprofesional CIF [`A626340`](https://togithub.com/nodejs/node/commit/A62634068) - Certainly Root E1 - Certainly Root R1 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - HiPKI Root CA - G1 - ISRG Root X2 - Security Communication ECC RootCA1 - Security Communication RootCA3 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA Certificates removed: - Cybertrust Global Root - DST Root CA X3 - GlobalSign Root CA - R2 - Hellenic Academic and Research Institutions RootCA 2011 ##### Time zone update to 2022f Time zone data has been updated to 2022f. This includes changes to Daylight Savings Time (DST) for Fiji and Mexico. For more information, seeConfiguration
📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.