Update node Docker tag to v18.17.1
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
node | ironbank-docker | patch |
18.17.0 -> 18.17.1
|
node | patch |
18.17.0 -> 18.17.1
|
|
node | stage | patch |
18.17.0 -> 18.17.1
|
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the logs for more information.
Release Notes
nodejs/node
v18.17.1
: 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
- CVE-2023-32002: Policies can be bypassed via Module._load (High)
- CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
- CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
- OpenSSL Security Releases
More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.
Commits
- [
fe3abdf82e
] - deps: update archs files for openssl-3.0.10+quic1 (Node.js GitHub Bot) #49036 - [
2c5a522d9c
] - deps: upgrade openssl sources to quictls/openssl-3.0.10+quic1 (Node.js GitHub Bot) #49036 - [
15bced0bde
] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#417 - [
d4570fae35
] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#460
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.