Update node Docker tag to v12.22.7 (!83) · Merge requests · Iron Bank Containers / Opensource / nodejs / nodejs12

renovate requested to merge renovate/node into development Oct 13, 2021

This MR contains the following updates:

Package	Type	Update	Change
node	ironbank-docker	patch	`12.22.6` -> `12.22.7`
node		patch	`12.22.6` -> `12.22.7`
node	stage	patch	`12.22.6` -> `12.22.7`

nodejs/node

This is a security release.

CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
- The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
- The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

[21a2e554e3] - deps: update llhttp to 2.1.4 (Fedor Indutny) nodejs-private/node-private#286
[d5d3a03246] - http: add regression test for smuggling content length (Matteo Collina) nodejs-private/node-private#286
[0858587f21] - http: add regression test for chunked smuggling (Matteo Collina) nodejs-private/node-private#286

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

This MR has been generated by Renovate Bot.

Update node Docker tag to v12.22.7