Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update node.js to ~4.9.0 #10

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Oct 12, 2021

Mend Renovate

This PR contains the following updates:

Package Type Update Change
node engines minor ~4.1.1 -> ~4.9.0

Release Notes

nodejs/node

v4.9.1: 2018-03-29, Version 4.9.1 'Argon' (Maintenance), @​MylesBorins

Compare Source

Notable Changes

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the latest releases for PPC little
endian were built using GCC 4.9.X instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are doing this release to ensure that
the hosted binaries are adhering to our platform support contract.

v4.9.0: 2018-03-28, Version 4.9.0 'Argon' (Maintenance), @​MylesBorins

Compare Source

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

Notable Changes
  • Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that are known to impact Node.js.
  • Fix for 'path' module regular expression denial of service (CVE-2018-7158): A regular expression used for parsing POSIX an Windows paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted 'path' module functions.
  • Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The Node.js HTTP parser allowed for spaces inside Content-Length header values. Such values now lead to rejected connections in the same way as non-numeric values.
  • Update root certificates: 5 additional root certificates have been added to the Node.js binary and 30 have been removed.
Commits

v4.8.7: 2017-12-08, Version 4.8.7 'Argon' (Maintenance), @​MylesBorins

Compare Source

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

Notable Changes
  • deps:
    • openssl updated to 1.0.2n (Shigeki Ohtsu) #​17526
Commits

v4.8.6: 2017-11-07, Version 4.8.6 'Argon' (Maintenance), @​MylesBorins

Compare Source

This Maintenance release comes with 47 commits. This includes 26 commits which are updates to dependencies,
8 which are build / tool related, 4 which are doc related, and 2 which are test related.

This release includes a security update to openssl that has been deemed low severity for the Node.js project.

Notable Changes
  • crypto:
    • update root certificates (Ben Noordhuis) #​13279
    • update root certificates (Ben Noordhuis) #​12402
  • deps:
    • add support for more modern versions of INTL (Bruno Pagani) #​13040
    • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #​16691
    • upgrade openssl sources to 1.0.2l (Daniel Bevenius) #​13233
Commits

v4.8.5: Version 4.8.5 'Argon' (Maintenance), @​MylesBorins

Compare Source

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities.

Notable Changes
  • zlib:
    • CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#​95
Commits

v4.8.4

Compare Source

v4.8.3

Compare Source

v4.8.2

Compare Source

v4.8.1

Compare Source

v4.8.0

Compare Source

v4.7.3

Compare Source

v4.7.2

Compare Source

v4.7.1

Compare Source

v4.7.0

Compare Source

v4.6.2

Compare Source

v4.6.1

Compare Source

v4.6.0

Compare Source

v4.5.0

Compare Source

v4.4.7

Compare Source

v4.4.6

Compare Source

v4.4.5

Compare Source

v4.4.4

Compare Source

v4.4.3

Compare Source

v4.4.2

Compare Source

v4.4.1

Compare Source

v4.4.0

Compare Source

v4.3.2

Compare Source

v4.3.1

Compare Source

v4.3.0

Compare Source

v4.2.6

Compare Source

v4.2.5

Compare Source

v4.2.4

Compare Source

v4.2.3

Compare Source

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Copy link
Author

renovate bot commented Mar 24, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant