chore(deps): update dependency node to v18.20.4

[angular-robot]

This PR contains the following updates:

Package	Type	Update	Change
node (source)		patch	18.20.0 -> 18.20.4
@types/node (source)	devDependencies	patch	18.19.39 -> 18.19.54

---

Release Notes

nodejs/node (node)

v18.20.4: 2024-07-08, Version 18.20.4 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
• CVE-2024-22020 - Bypass network import restriction via data URL (Medium)

Commits

• [85abedf1ff] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522
• [eccd63b865] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596

v18.20.3: 2024-05-21, Version 18.20.3 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.

A fix has also been included for compiling Node.js from source with newer versions of Clang.

The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies

• acorn updated to 8.11.3.
• acorn-walk updated to 8.3.2.
• ada updated to 2.7.8.
• c-ares updated to 1.28.1.
• corepack updated to 0.28.0.
• nghttp2 updated to 1.61.0.
• ngtcp2 updated to 1.3.0.
• npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324.
• simdutf updated to 5.2.4.
• zlib updated to 1.3.0.1-motley-7d77fb7.

Commits

• [0c260e10e7] - deps: update zlib to 1.3.0.1-motley-7d77fb7 (Node.js GitHub Bot) #​52516
• [1152d7f919] - deps: update zlib to 1.3.0.1-motley-24c07df (Node.js GitHub Bot) #​52199
• [755399db9d] - deps: update zlib to 1.3.0.1-motley-24342f6 (Node.js GitHub Bot) #​52123
• [af3e32073b] - deps: update ada to 2.7.8 (Node.js GitHub Bot) #​52517
• [e4ea2db58b] - deps: update c-ares to 1.28.1 (Node.js GitHub Bot) #​52285
• [14e857bea2] - deps: update corepack to 0.28.0 (Node.js GitHub Bot) #​52616
• [7f5dd44ca6] - deps: upgrade npm to 10.7.0 (npm team) #​52767
• [78f84ebb09] - deps: update ngtcp2 to 1.3.0 (Node.js GitHub Bot) #​51796
• [1f489a3753] - deps: update ngtcp2 to 1.2.0 (Node.js GitHub Bot) #​51584
• [3034968225] - deps: update ngtcp2 to 1.1.0 (Node.js GitHub Bot) #​51319
• [1aa9da467f] - deps: add nghttp3/**/.deps to .gitignore (Luigi Pinca) #​51400
• [28c0c78c9a] - deps: update ngtcp2 and nghttp3 (James M Snell) #​51291
• [8fd5a35364] - deps: upgrade npm to 10.5.2 (npm team) #​52458
• [2c53ff31c9] - deps: update acorn-walk to 8.3.2 (Node.js GitHub Bot) #​51457
• [12f28f33c2] - deps: update acorn to 8.11.3 (Node.js GitHub Bot) #​51317
• [dddb7eb3e0] - deps: update acorn-walk to 8.3.1 (Node.js GitHub Bot) #​50457
• [c86550e607] - deps: update acorn-walk to 8.3.0 (Node.js GitHub Bot) #​50457
• [9500817f66] - deps: update acorn to 8.11.2 (Node.js GitHub Bot) #​50460
• [7a8c7b6275] - deps: update ada to 2.7.7 (Node.js GitHub Bot) #​52028
• [b199889943] - deps: update corepack to 0.26.0 (Node.js GitHub Bot) #​52027
• [052b0ba0c6] - deps: upgrade npm to 10.5.1 (npm team) #​52351
• [209823d3af] - deps: update simdutf to 5.2.4 (Node.js GitHub Bot) #​52473
• [5114cbe18a] - deps: update simdutf to 5.2.3 (Yagiz Nizipli) #​52381
• [be30309ea0] - deps: update simdutf to 5.0.0 (Daniel Lemire) #​52138
• [b56f66e250] - deps: update simdutf to 4.0.9 (Node.js GitHub Bot) #​51655
• [a9f3b9d9d1] - deps: update nghttp2 to 1.61.0 (Node.js GitHub Bot) #​52395
• [1b6fa70620] - deps: update nghttp2 to 1.60.0 (Node.js GitHub Bot) #​51948
• [3c9dbbf4d4] - deps: update nghttp2 to 1.59.0 (Node.js GitHub Bot) #​51581
• [e28316da54] - deps: update nghttp2 to 1.58.0 (Node.js GitHub Bot) #​50441
• [678641f470] - deps: V8: cherry-pick d15d49b (Bo Anderson) #​52337
• [1147fee7d9] - doc: remove ableist language from crypto (Jamie King) #​52063
• [5e93eae972] - doc: add release key for marco-ippolito (marco-ippolito) #​52257
• [6689a98488] - http: remove closeIdleConnections function while calling server close (Kumar Rishav) #​52336
• [71616e8a8a] - node-api: make tsfn accept napi_finalize once more (Gabriel Schulhof) #​51801
• [d9d9e62474] - src: avoid draining platform tasks at FreeEnvironment (Chengzhong Wu) #​51290
• [e5fc8ec9fc] - test: skip v8-updates/test-linux-perf (Michaël Zasso) #​49639
• [351ef189ca] - test: v8: Add test-linux-perf-logger test suite (Luke Albao) #​50352
• [5cec2efc31] - test: reduce the number of requests and parsers (Luigi Pinca) #​50240
• [5186e453d9] - test: deflake test-http-regr-gh-2928 (Luigi Pinca) #​49574
• [c60cd67e1c] - test: skip test for dynamically linked OpenSSL (Richard Lau) #​52542

v18.20.2: 2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Commits

• [6627222409] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564

v18.20.1: 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
• CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
• llhttp version 9.2.1
• undici version 5.28.4

Commits

• [60d24938de] - deps: update undici to v5.28.4 (Matteo Collina) nodejs-private/node-private#577
• [5d4d5848cf] - http: do not allow OBS fold in headers by default (Paolo Insogna) nodejs-private/node-private#558
• [0fb816dbcc] - src: ensure to close stream when destroying session (Anna Henningsen) nodejs-private/node-private#561

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[angular-robot]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

/bin/sh: 1: pnpm: not found