Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Node.js to v20.18.2 #1307

Open
wants to merge 1 commit into
base: 23.11
Choose a base branch
from
Open

Update Node.js to v20.18.2 #1307

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 23, 2024

This PR contains the following updates:

Package Update Change
node minor 20.5.1-alpine -> 20.18.2-alpine

Release Notes

nodejs/node (node)

v20.18.2: 2025-01-21, Version 20.18.2 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2025-23083 - throw on InternalWorker use when permission model is enabled (High)
  • CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
  • CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

  • CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits

v20.18.1: 2024-11-20, Version 20.18.1 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes
Commits

v20.18.0: 2024-10-03, Version 20.18.0 'Iron' (LTS), @​targos

Compare Source

Notable Changes
Experimental Network Inspection Support in Node.js

This update introduces the initial support for network inspection in Node.js.
Currently, this is an experimental feature, so you need to enable it using the --experimental-network-inspection flag.
With this feature enabled, you can inspect network activities occurring within a JavaScript application.

To use network inspection, start your Node.js application with the following command:

$ node --inspect-wait --experimental-network-inspection index.js

Please note that the network inspection capabilities are in active development.
We are actively working on enhancing this feature and will continue to expand its functionality in future updates.

Contributed by Kohei Ueno in #​53593 and #​54246

Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext

This releases introduces a new option to the API tls.createSecureContext. From
now on, tls.createSecureContext({ allowPartialTrustChain: true }) can be used
to treat intermediate (non-self-signed) certificates in the trust CA certificate
list as trusted.

Contributed by Anna Henningsen in #​54790

New option for vm.createContext() to create a context with a freezable globalThis

Node.js implements a flavor of vm.createContext() and friends that creates a context without contextifying its global
object when vm.constants.DONT_CONTEXTIFY is used. This is suitable when users want to freeze the context
(impossible when the global is contextified i.e. has interceptors installed) or speed up the global access if they
don't need the interceptor behavior.

Contributed by Joyee Cheung in #​54394

Deprecations
  • [64aa31f6e5] - repl: doc-deprecate instantiating node:repl classes without new (Aviv Keller) #​54842
  • [4c52ee3d7f] - zlib: deprecate instantiating classes without new (Yagiz Nizipli) #​54708
Other Notable Changes
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from khs1994 as a code owner November 23, 2024 14:28
@renovate renovate bot added the renovateapp label Nov 23, 2024
@renovate renovate bot force-pushed the renovate/node-20.x branch from 8075aff to d11f5f0 Compare January 22, 2025 22:11
@renovate renovate bot changed the title Update Node.js to v20.18.1 Update Node.js to v20.18.2 Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

1 participant