chore(deps): update node.js to v23.6.1 #46

Merged

bizcochito merged 1 commits from renovate/node-23.x into main

2025-01-24 14:27:13 +00:00

bizcochito commented

2025-01-21 17:01:24 +00:00

Owner

This PR contains the following updates:

Package	Type	Update	Change
node	stage	patch	`23.6.0-alpine` -> `23.6.1-alpine`
node (source)		patch	`23.6.0` -> `23.6.1`

Release Notes

nodejs/node (node)

`v23.6.1`: 2025-01-21, Version 23.6.1 (Current), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Commits

[`f2ad4d3af8`](https://github.com/nodejs/node/commit/f2ad4d3af8)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#654](https://github.com/nodejs-private/node-private/pull/654)

[`0afc6f9600`](https://github.com/nodejs/node/commit/0afc6f9600)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (RafaelGSS) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555)

[`3c7686163e`](https://github.com/nodejs/node/commit/3c7686163e)] - **(CVE-2025-23085)** **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) [nodejs-private/node-private#650](https://github.com/nodejs-private/node-private/pull/650)

[`51938f023a`](https://github.com/nodejs/node/commit/51938f023a)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#629](https://github.com/nodejs-private/node-private/pull/629)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [node](https://github.com/nodejs/node) | stage | patch | `23.6.0-alpine` -> `23.6.1-alpine` | | [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | | patch | `23.6.0` -> `23.6.1` | --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v23.6.1`](https://github.com/nodejs/node/releases/tag/v23.6.1): 2025-01-21, Version 23.6.1 (Current), @RafaelGSS [Compare Source](https://github.com/nodejs/node/compare/v23.6.0...v23.6.1) This is a security release. ##### Notable Changes - CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High) - CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) - CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency update: - CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) ##### Commits - \[[`f2ad4d3af8`](https://github.com/nodejs/node/commit/f2ad4d3af8)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#654](https://github.com/nodejs-private/node-private/pull/654) - \[[`0afc6f9600`](https://github.com/nodejs/node/commit/0afc6f9600)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (RafaelGSS) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555) - \[[`3c7686163e`](https://github.com/nodejs/node/commit/3c7686163e)] - **(CVE-2025-23085)** **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) [nodejs-private/node-private#650](https://github.com/nodejs-private/node-private/pull/650) - \[[`51938f023a`](https://github.com/nodejs/node/commit/51938f023a)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#629](https://github.com/nodejs-private/node-private/pull/629) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

bizcochito added 1 commit 2025-01-21 17:01:25 +00:00

c260976600 chore(deps): update node.js to v23.6.1

bizcochito force-pushed renovate/node-23.x from c260976600 to 0a98f6fd35

2025-01-22 17:01:38 +00:00

Compare

bizcochito merged commit c038eacce4 into main

2025-01-24 14:27:13 +00:00

bizcochito referenced this issue from a commit

2025-01-24 14:27:15 +00:00

Merge pull request 'chore(deps): update node.js to v23.6.1' (#46) from renovate/node-23.x into main

bizcochito deleted branch renovate/node-23.x

2025-01-24 14:27:16 +00:00

No reviewers

No Label

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: fedi-image-bot/bot-image-moderation-fe#46

No description provided.