This repository was archived by the owner on May 19, 2022. It is now read-only.
Open
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Scan Summary
| Tool | Critical | High | Medium | Low | Status |
|---|---|---|---|---|---|
| Dependency Scan (nodejs) | 0 | 0 | 3 | 0 | ✅ |
| Security Audit for Infrastructure | 3 | 10 | 1 | 6 | ❌ |
Recommendation
Please review the findings from Code scanning alerts before approving this pull request. You can also configure the build rules or add suppressions to customize this bot 👍
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
18.1.0-alpine->18.2.0-alpineRelease Notes
nodejs/node
v18.2.0Compare Source
Notable Changes
OpenSSL 3.0.3
This update can be treated as a security release as the issues addressed in OpenSSL 3.0.3 slightly affect Node.js 18.
See https://nodejs.org/en/blog/vulnerability/openssl-fixes-in-regular-releases-may2022/ for more information on how the May 2022 OpenSSL releases affect other Node.js release lines.
8e54c19a6e] - deps: update archs files for quictls/openssl-3.0.3+quic (RafaelGSS) #430226365bf808e] - deps: upgrade openssl sources to quictls/openssl-3.0.3 (RafaelGSS) #43022Other Notable Changes
13c333e533] - Revert "deps: add template for generated headers" (Daniel Bevenius) #42978d128356a7f] - deps: update undici to 5.2.0 (Node.js GitHub Bot) #430592df1624f80] - deps: upgrade npm to 8.9.0 (npm team) #429686365bf808e] - deps: upgrade openssl sources to quictls/openssl-3.0.3 (RafaelGSS) #430224a3f678e70] - doc: add LiviaMedeiros to collaborators (LiviaMedeiros) #43039686c4c1f6f] - doc: add release key for Juan Arboleda (Juan José) #42961784d84cf34] - (SEMVER-MINOR) fs: addread(buffer[, options])versions (LiviaMedeiros) #427682f192c4be0] - (SEMVER-MINOR) http: added connection closing methods (Paolo Insogna) #42812c92e291beb] - (SEMVER-MINOR) perf_hooks: add PerformanceResourceTiming (RafaelGSS) #42725Commits
7cac7bb806] - assert: fix CallTracker wraps the function causes the length to be lost (OneNail) #42909e74a8da287] - assert: makeassert.failless affected by prototype tampering (Antoine du Hamel) #429181146806673] - bootstrap: stop delaying instantiation of maps in per-context scripts (Darshan Sen) #42934a20310d171] - bootstrap: use a context snapshotted with primordials in workers (Joyee Cheung) #428679ee7d9eb15] - bootstrap: fix wasm_web_api external reference registration (Joyee Cheung) #42903cec678a00e] - build: set ASAN workaround (Richard Lau) #430857c4df42caa] - build: disable windows-2022 temporarily (Jiawen Geng) #430930eb32ed976] - build: fix various shared library build issues (William Marlow) #4185048f4a714b2] - build: fix indeterminacy of icu_locales value (Sergey Nazaryev) #4286519c060fd84] - crypto: adjust minimum length in generateKey('hmac', ...) (LiviaMedeiros) #42944183bcc0699] - crypto: clean up parameter validation in HKDF (Tobias Nießen) #42924946f57c7bc] - debugger: fix inconsistent inspector output of exec new Map() (Kohei Ueno) #42423d128356a7f] - deps: update undici to 5.2.0 (Node.js GitHub Bot) #43059a9703a55ef] - deps: remove opensslconf template headers (Daniel Bevenius) #43035a4a4f7134b] - deps: fix llhttp version number (Michael Dawson) #430298e54c19a6e] - deps: update archs files for quictls/openssl-3.0.3+quic (RafaelGSS) #430226365bf808e] - deps: upgrade openssl sources to quictls/openssl-3.0.3 (RafaelGSS) #43022e8121ae7fe] - deps: regenerate OpenSSL archs files (Daniel Bevenius) #4297813c333e533] - Revert "deps: add template for generated headers" (Daniel Bevenius) #429782df1624f80] - deps: upgrade npm to 8.9.0 (npm team) #42968f53ed9d1bb] - doc: use serial comma in fs docs (Tobias Nießen) #43104839824aca8] - doc: use serial comma in events docs (Tobias Nießen) #431139629c74080] - doc: use serial comma in modules docs (Tobias Nießen) #4310376096c2d4a] - doc: use serial comma in util docs (Tobias Nießen) #430631e9de0dd5a] - doc: remove git:// protocol, adjust nits in onboarding.md (LiviaMedeiros) #43045eb630d7ef9] - doc: add maintaining info for shared libary option (Michael Dawson) #425173816a97bae] - doc: add detail for how to update llhttp (Michael Dawson) #43028330e267a57] - doc: use serial comma in buffer docs (Tobias Nießen) #430480957212390] - doc: use consistent method symbol (Paolo Insogna) #4297422cb7104cb] - doc: add Rafael to the security steward for NearForm (Matteo Collina) #42966ef177da3f1] - doc: mark some node-api functions as experimental (NickNaso) #429874a3f678e70] - doc: add LiviaMedeiros to collaborators (LiviaMedeiros) #43039c988a0ed26] - doc: use serial comma in http docs (Tobias Nießen) #430264de918b4c1] - doc: add the preferred name for @himself65 (Himself65) #43024686c4c1f6f] - doc: add release key for Juan Arboleda (Juan José) #4296164e0aa116d] - doc: rename N-API to Node-API in test/README.md (Daeyeon Jeong) #4294665d64553c0] - doc: use serial comma in tls docs (Tobias Nießen) #43001840e61e745] - doc: improve commit message example for releases (Juan José) #42954ba3ad7c665] - doc: use serial comma in cluster docs (Tobias Nießen) #429893ab3086008] - doc: fix errors in Web Streams doc (OneNail) #428621fbfee2497] - doc: fix examples in cluster.md (OneNail) #428891237c742f4] - doc: add additional step to security release process (Michael Dawson) #4291688692d8fd6] - doc: add section regarding property definition inprimordials.md(Antoine du Hamel) #42921924670f3af] - doc: clarify some default values infs.md(LiviaMedeiros) #42892becca06f9b] - fs: remove unnecessary ?? operator (Morgan Roderick) #43073784d84cf34] - (SEMVER-MINOR) fs: addread(buffer[, options])versions (LiviaMedeiros) #427682f192c4be0] - (SEMVER-MINOR) http: added connection closing methods (Paolo Insogna) #42812bfbf965eb0] - http2: compat support for array headers (OneNail) #4290146a44b3011] - lib: move WebAssembly Web API into separate file (Tobias Nießen) #42993c64b8d3282] - lib,test: enable wasm/webapi/empty-body WPT (Tobias Nießen) #42960ddd271ec2b] - meta: add mailmap entry for ShogunPanda (Paolo Insogna) #43094174ff972f0] - meta: update .mailmap for recent README name change (Rich Trott) #4302716df8ad7c3] - meta: update AUTHORS (Node.js GitHub Bot) #430040ec32d0715] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #42937037ff3da6d] - node-api: explicitly set __cdecl for API functions (Vladimir Morozov) #42780e2462a2f98] - node-api: fix napi_get_all_property_names (Vladimir Morozov) #42463c92e291beb] - (SEMVER-MINOR) perf_hooks: add PerformanceResourceTiming (RafaelGSS) #42725c535db1195] - src: delete AllocatedBuffer (Darshan Sen) #430085dc79298e1] - src: remove unnecessary comment (Kohei Ueno) #4295238e4c15534] - src: always signal V8 for intercepted properties (Michaël Zasso) #42963cacff07e75] - src: fix memory leak for v8.serialize (liuxingbaoyu) #426958cfc18e4db] - src,crypto: remove uses of AllocatedBuffer from crypto_rsa.cc (Darshan Sen) #428520670843b24] - test: fix dangerous .map intest/parallel/test-http-set-trailers.js(LiviaMedeiros) #430879eb8bf1d26] - test: reduce flakiness oftest-fs-read-position-validation.mjs(LiviaMedeiros) #4299941d2f6e8c5] - test: rename handlewrap.hasref tests (Daeyeon Jeong) #42754e058f47277] - test: improve observable ICU behaviour coverage (LiviaMedeiros) #42683d23debb4cb] - test: validate webstream encoder/decoder inspector (Yoshiki Kurihara) #42747b1c18edaa9] - test: usemustSucceedinstead ofmustCallwithassert.ifError(MURAKAMI Masahiko) #428062dc795687a] - test: improvelib/internal/webstreams/readablestream.jscoverage (MURAKAMI Masahiko) #42823d746207dc2] - test: fix test-crypto-fips.js under shared OpenSSL (Vita Batrla) #4294756c47b5101] - test: use consistent timeouts (Paolo Insogna) #4289368ed3c88d9] - test: add test for position validation in fs.read() and fs.readSync() (LiviaMedeiros) #4283772b90fd5f5] - test: reduce impact of flaky HTTP server tests (Tobias Nießen) #42926531a0a9980] - tools: update lint-md-dependencies to rollup@2.73.0 (Node.js GitHub Bot) #4310764daaca46d] - tools: update eslint to 8.15.0 (Node.js GitHub Bot) #4300579872382ef] - tools: refactor lint-sh.js to esm module (Feng Yu) #42942265ecdfe07] - tools: update lint-md-dependencies (Node.js GitHub Bot) #43003e9e1f1e194] - typings: fixos.cpusinvalid return type (Himself65) #4300655ef6e81cb] - wasm: add missing init reported by coverity (Michael Dawson) #428975470578008] - worker: fix stream racing with terminate (Keyhan Vakil) #42874Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.