bizcochito
/
website
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 7 Wiki Activity

chore(deps): update node.js to v23.6.1 #22

Merged
bizcochito merged 1 commits from renovate/node-23.x into master 2025-01-24 14:28:04 +00:00
Conversation 0 Commits 1 Files Changed 2 +3 -3
bizcochito commented 2025-01-21 17:07:33 +00:00
Owner
Copy Link

This PR contains the following updates:

Package Type Update Change
node final patch 23.6.0-alpine -> 23.6.1-alpine
node stage patch 23.6.0-alpine -> 23.6.1-alpine
node (source) patch 23.6.0 -> 23.6.1

Release Notes

nodejs/node (node)

v23.6.1: 2025-01-21, Version 23.6.1 (Current), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
  • CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
  • CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

  • CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits
  • [`f2ad4d3af8`](https://github.com/nodejs/node/commit/f2ad4d3af8)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#654](https://github.com/nodejs-private/node-private/pull/654)

  • [`0afc6f9600`](https://github.com/nodejs/node/commit/0afc6f9600)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (RafaelGSS) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555)

  • [`3c7686163e`](https://github.com/nodejs/node/commit/3c7686163e)] - **(CVE-2025-23085)** **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) [nodejs-private/node-private#650](https://github.com/nodejs-private/node-private/pull/650)

  • [`51938f023a`](https://github.com/nodejs/node/commit/51938f023a)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#629](https://github.com/nodejs-private/node-private/pull/629)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [node](https://github.com/nodejs/node) | final | patch | `23.6.0-alpine` -> `23.6.1-alpine` | | [node](https://github.com/nodejs/node) | stage | patch | `23.6.0-alpine` -> `23.6.1-alpine` | | [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | | patch | `23.6.0` -> `23.6.1` | --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v23.6.1`](https://github.com/nodejs/node/releases/tag/v23.6.1): 2025-01-21, Version 23.6.1 (Current), @&#8203;RafaelGSS [Compare Source](https://github.com/nodejs/node/compare/v23.6.0...v23.6.1) This is a security release. ##### Notable Changes - CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High) - CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) - CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency update: - CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) ##### Commits - \[[`f2ad4d3af8`](https://github.com/nodejs/node/commit/f2ad4d3af8)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#654](https://github.com/nodejs-private/node-private/pull/654) - \[[`0afc6f9600`](https://github.com/nodejs/node/commit/0afc6f9600)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (RafaelGSS) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555) - \[[`3c7686163e`](https://github.com/nodejs/node/commit/3c7686163e)] - **(CVE-2025-23085)** **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) [nodejs-private/node-private#650](https://github.com/nodejs-private/node-private/pull/650) - \[[`51938f023a`](https://github.com/nodejs/node/commit/51938f023a)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#629](https://github.com/nodejs-private/node-private/pull/629) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMjAuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEyMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->
bizcochito added 1 commit 2025-01-21 17:07:33 +00:00
bizcochito force-pushed renovate/node-23.x from b4f5ca372e to 1d4370d1a2 2025-01-21 20:07:12 +00:00 Compare
bizcochito force-pushed renovate/node-23.x from 1d4370d1a2 to fa61b3ab31 2025-01-22 17:09:15 +00:00 Compare
bizcochito merged commit f8ef6632e6 into master 2025-01-24 14:28:04 +00:00
bizcochito deleted branch renovate/node-23.x 2025-01-24 14:28:04 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
Admin

Sysadmin issue

  
Code

Coding feature

  
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
Admin
Code
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: bizcochito/website#22
No description provided.
Delete Branch "renovate/node-23.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?