Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update node.js to v20 #305

Merged
merged 1 commit into from
Feb 27, 2024
Merged

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 22, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
node final major 18 -> 20 age adoption passing confidence
@types/node (source) devDependencies major 18.15.13 -> 20.11.20 age adoption passing confidence

Release Notes

nodejs/node (node)

v20.11.1: 2024-02-14, Version 20.11.1 'Iron' (LTS), @​RafaelGSS prepared by @​marco-ippolito

Compare Source

Notable changes

This is a security release.

Notable changes
  • CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
  • CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  • CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
  • CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
  • CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  • CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
  • CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
  • CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  • undici version 5.28.3
  • libuv version 1.48.0
  • OpenSSL version 3.0.13+quic1
Commits

v20.11.0: 2024-01-09, Version 20.11.0 'Iron' (LTS), @​UlisesGascon

Compare Source

Notable Changes
Commits

v20.10.0: 2023-11-22, Version 20.10.0 'Iron' (LTS), @​targos

Compare Source

Notable Changes
--experimental-default-type flag to flip module defaults

The new flag --experimental-default-type can be used to flip the default
module system used by Node.js. Input that is already explicitly defined as ES
modules or CommonJS, such as by a package.json "type" field or .mjs/.cjs
file extension or the --input-type flag, is unaffected. What is currently
implicitly CommonJS would instead be interpreted as ES modules under
--experimental-default-type=module:

  • String input provided via --eval or STDIN, if --input-type is unspecified.

  • Files ending in .js or with no extension, if there is no package.json file
    present in the same folder or any parent folder.

  • Files ending in .js or with no extension, if the nearest parent
    package.json field lacks a type field; unless the folder is inside a
    node_modules folder.

In addition, extensionless files are interpreted as Wasm if
--experimental-wasm-modules is passed and the file contains the "magic bytes"
Wasm header.

Contributed by Geoffrey Booth in #​49869.

Detect ESM syntax in ambiguous JavaScript

The new flag --experimental-detect-module can be used to automatically run ES
modules when their syntax can be detected. For “ambiguous” files, which are
.js or extensionless files with no package.json with a type field, Node.js
will parse the file to detect ES module syntax; if found, it will run the file
as an ES module, otherwise it will run the file as a CommonJS module. The same
applies to string input via --eval or STDIN.

We hope to make detection enabled by default in a future version of Node.js.
Detection increases startup time, so we encourage everyone—especially package
authors—to add a type field to package.json, even for the default
"type": "commonjs". The presence of a type field, or explicit extensions
such as .mjs or .cjs, will opt out of detection.

Contributed by Geoffrey Booth in #​50096.

New flush option in file system functions

When writing to files, it is possible that data is not immediately flushed to
permanent storage. This allows subsequent read operations to see stale data.
This PR adds a 'flush' option to the fs.writeFile family of functions which
forces the data to be flushed at the end of a successful write operation.

Contributed by Colin Ihrig in #​50009 and [#​50095](https://togithub.co


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title chore(deps): update node.js to v20 chore(deps): update node.js to v20 - autoclosed Oct 20, 2023
@renovate renovate bot closed this Oct 20, 2023
@renovate renovate bot deleted the renovate/node-20.x branch October 20, 2023 01:02
@renovate renovate bot changed the title chore(deps): update node.js to v20 - autoclosed chore(deps): update node.js to v20 Oct 24, 2023
@renovate renovate bot reopened this Oct 24, 2023
@renovate renovate bot restored the renovate/node-20.x branch October 24, 2023 00:10
@renovate renovate bot changed the title chore(deps): update node.js to v20 chore(deps): update dependency @types/node to v20 Oct 24, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from 7bc99a6 to a5ac82e Compare October 25, 2023 19:44
@renovate renovate bot force-pushed the renovate/node-20.x branch from a5ac82e to 1187205 Compare October 31, 2023 10:04
@renovate renovate bot force-pushed the renovate/node-20.x branch from 1187205 to f09d240 Compare November 7, 2023 22:47
@renovate renovate bot force-pushed the renovate/node-20.x branch 4 times, most recently from b26e518 to 2c67802 Compare November 22, 2023 03:10
@renovate renovate bot force-pushed the renovate/node-20.x branch 3 times, most recently from d133e1f to 0bb413a Compare November 29, 2023 21:50
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from 66d4f02 to 1347340 Compare December 3, 2023 10:03
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v20 chore(deps): update node.js to v20 Dec 3, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from 0325596 to be60ccf Compare December 7, 2023 09:59
@renovate renovate bot force-pushed the renovate/node-20.x branch from be60ccf to 396cb6b Compare December 18, 2023 02:04
@renovate renovate bot force-pushed the renovate/node-20.x branch from 396cb6b to 1b0e7f6 Compare December 30, 2023 01:09
@renovate renovate bot force-pushed the renovate/node-20.x branch 3 times, most recently from d6fdab4 to 7927278 Compare January 11, 2024 08:52
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from f669be2 to fe2b926 Compare January 15, 2024 12:44
@renovate renovate bot force-pushed the renovate/node-20.x branch 3 times, most recently from b55ade5 to 6031232 Compare January 17, 2024 06:49
@renovate renovate bot force-pushed the renovate/node-20.x branch 7 times, most recently from 2657418 to 2f827b3 Compare January 31, 2024 02:20
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from 25fa0b6 to 1c9a432 Compare February 2, 2024 17:58
@renovate renovate bot force-pushed the renovate/node-20.x branch 3 times, most recently from 4de1694 to e8ba0a7 Compare February 15, 2024 16:57
@renovate renovate bot force-pushed the renovate/node-20.x branch from e8ba0a7 to 98e4105 Compare February 22, 2024 19:23
@Benjamin-Park Benjamin-Park merged commit 10be0e4 into main Feb 27, 2024
6 checks passed
@Benjamin-Park Benjamin-Park deleted the renovate/node-20.x branch February 27, 2024 01:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant