Skip to content
This repository has been archived by the owner on Apr 8, 2022. It is now read-only.

chore(deps): update node.js to v14.17.3 #72

Merged
merged 1 commit into from
Jul 16, 2021
Merged

chore(deps): update node.js to v14.17.3 #72

merged 1 commit into from
Jul 16, 2021

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented May 31, 2021
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Update Change
node patch v14.17.1 -> 14.17.3

Release Notes

nodejs/node

v14.17.3

Compare Source

Notable Changes

Node.js 14.17.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

Commits

v14.17.2

Compare Source

This is a security release.

Notable Changes

Vulnerabilities fixed:

  • CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
    • Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
  • CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
    • Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921
Commits

Configuration

📅 Schedule: "before 3am on the first day of the month" in timezone Asia/Tokyo.

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added the renovate label May 31, 2021
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 7d06989 to 70af6cd Compare June 11, 2021 23:50
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 70af6cd to af7e4a4 Compare June 14, 2021 18:40
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 7397302 to 312f55c Compare June 26, 2021 09:22
@renovate renovate bot changed the title chore(deps): update babel monorepo chore(deps): update babel monorepo - autoclosed Jul 16, 2021
@renovate renovate bot closed this Jul 16, 2021
@renovate renovate bot deleted the renovate/all-minor-patch branch July 16, 2021 02:27
@renovate renovate bot changed the title chore(deps): update babel monorepo - autoclosed chore(deps): update babel monorepo Jul 16, 2021
@renovate renovate bot restored the renovate/all-minor-patch branch July 16, 2021 03:02
@renovate renovate bot reopened this Jul 16, 2021
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 312f55c to 93b0073 Compare July 16, 2021 03:55
@renovate renovate bot changed the title chore(deps): update babel monorepo chore(deps): update node.js to v14.17.3 Jul 16, 2021
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 93b0073 to 0c5c24c Compare July 16, 2021 03:56
@renovate renovate bot merged commit 42f0be5 into master Jul 16, 2021
@renovate renovate bot deleted the renovate/all-minor-patch branch July 16, 2021 04:26
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot