Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Node.js version on Windows to 22.13.1 #1675

Merged
merged 2 commits into from
Jan 27, 2025
Merged

Bump Node.js version on Windows to 22.13.1 #1675

merged 2 commits into from
Jan 27, 2025

Conversation

jenkins-infra-updatecli[bot]
Copy link
Contributor

@jenkins-infra-updatecli jenkins-infra-updatecli bot commented Jan 21, 2025
edited
Loading

Bump Node.js version on Windows

Update Node.js version in the test harness

change detected: * key "$.command.nodejs.stdout[0]" updated from "22.13.0" to "22.13.1", in file "tests/goss-windows.yaml"

22.13.1 
Release published on the 2025-01-21 17:02:58 +0000 UTC at the url https://github.com/nodejs/node/releases/tag/v22.13.1




This is a security release.

### Notable Changes

* CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
* CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR\_PROTO (Medium)
* CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

* CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

### Commits

* \[[`520da342e0`](https://github.com/nodejs/node/commit/520da342e0)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#662](https://github.com/nodejs-private/node-private/pull/662)
* \[[`99f217369f`](https://github.com/nodejs/node/commit/99f217369f)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (Tobias Nießen) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555)
* \[[`984f735e35`](https://github.com/nodejs/node/commit/984f735e35)] - **(CVE-2025-23085)** **src**: fix HTTP2 mem leak on premature close and ERR\_PROTO (RafaelGSS) [nodejs-private/node-private#650](https://github.com/nodejs-private/node-private/pull/650)
* \[[`2446870618`](https://github.com/nodejs/node/commit/2446870618)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#651](https://github.com/nodejs-private/node-private/pull/651)
Update Node.js version in provisioning environment for Windows

change detected: * key "$.nodejs_windows_version" updated from "22.13.0" to "22.13.1", in file "provisioning/tools-versions.yml"

22.13.1 
Release published on the 2025-01-21 17:02:58 +0000 UTC at the url https://github.com/nodejs/node/releases/tag/v22.13.1




This is a security release.

### Notable Changes

* CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
* CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR\_PROTO (Medium)
* CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

* CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

### Commits

* \[[`520da342e0`](https://github.com/nodejs/node/commit/520da342e0)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#662](https://github.com/nodejs-private/node-private/pull/662)
* \[[`99f217369f`](https://github.com/nodejs/node/commit/99f217369f)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (Tobias Nießen) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555)
* \[[`984f735e35`](https://github.com/nodejs/node/commit/984f735e35)] - **(CVE-2025-23085)** **src**: fix HTTP2 mem leak on premature close and ERR\_PROTO (RafaelGSS) [nodejs-private/node-private#650](https://github.com/nodejs-private/node-private/pull/650)
* \[[`2446870618`](https://github.com/nodejs/node/commit/2446870618)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#651](https://github.com/nodejs-private/node-private/pull/651)
Jenkins pipeline link
Updatecli logo

Created automatically by Updatecli

Options:

Most of Updatecli configuration is done via its manifest(s).

  • If you close this pull request, Updatecli will automatically reopen it, the next time it runs.
  • If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.

Feel free to report any issues at github.com/updatecli/updatecli.
If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!

@jenkins-infra-updatecli jenkins-infra-updatecli bot added enhancement New feature or request nodejs labels Jan 21, 2025
@jenkins-infra-updatecli jenkins-infra-updatecli bot force-pushed the updatecli_main_eb69fe92114964f03294b658c024e65769d967dde5c405697ff91c1a41dad263 branch 3 times, most recently from 3d31fd4 to 2715747 Compare January 23, 2025 17:48
@jenkins-infra-updatecli jenkins-infra-updatecli bot force-pushed the updatecli_main_eb69fe92114964f03294b658c024e65769d967dde5c405697ff91c1a41dad263 branch from d5e19b0 to 196fbc3 Compare January 23, 2025 17:49
@dduportal dduportal merged commit ae90542 into main Jan 27, 2025
2 checks passed
@dduportal dduportal deleted the updatecli_main_eb69fe92114964f03294b658c024e65769d967dde5c405697ff91c1a41dad263 branch January 27, 2025 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request nodejs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dduportal @jenkins-infra-bot