chore(deps): update node.js to v6.17.1 - autoclosed #131
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.
This PR contains the following updates:
6.14.3-alpine->6.17.1-alpineRelease Notes
nodejs/node (node)
v6.17.1: 2019-04-03, Version 6.17.1 'Boron' (LTS), @BethGriggsCompare Source
Node 6 is due to go End-of-Life on 2019-04-30.
Notable Changes
Execute()(Brian White) #25939Commits
c9d21a0c10] - build: set-blibpath:for AIX (Richard Lau) #254479ba5fd6bad] - build: only check REPLACEME & DEP...X for releases (Rod Vagg) #245751371a6f88b] - doc: simplify CODE_OF_CONDUCT.md (Rich Trott) #23989ad62971573] - doc: document that addMembership must be called once in a cluster (James M Snell) #237468080a9bf40] - http: fix error check inExecute()(Brian White) #25939aedc7120ea] - src: fix bootstrap_node on bsd (sylkat) #22663b5d464955a] - test: fix test-repl-envvars (Anna Henningsen) #25226v6.17.0Compare Source
v6.16.0: 2018-12-26, Version 6.16.0 'Boron' (LTS), @MylesBorinsCompare Source
The 6.15.0 security release introduced some unexpected breakages on the 6.x release line.
This is a special release to fix a regression in the HTTP binary upgrade response body and add
a missing CLI flag to adjust the max header size of the http parser.
Notable Changes
Commits
f233b160c9] - (SEMVER-MINOR) cli: add --max-http-header-size flag (cjihrig) #2481159f83d6896] - (SEMVER-MINOR) deps: cherry-pick http_parser_set_max_header_size (cjihrig) #24811c0c4de71f0] - (SEMVER-MINOR) http: add maxHeaderSize property (cjihrig) #248608a3e0c0697] - http: fix regression of binary upgrade response body (Matteo Collina) #25036v6.15.1: 2018-12-03, Version 6.15.1 'Boron' (LTS), @rvaggCompare Source
Notable Changes
This is a patch release to address a bad backport of the fix for "Slowloris HTTP Denial of Service" (CVE-2018-12122). Node.js 6.15.0 misapplies the headers timeout to an entire keep-alive HTTP session, resulting in prematurely disconnected sockets.
Commits
5d9005c359] - http: fix backport of Slowloris headers (Matteo Collina) #24796v6.15.0: 2018-11-27, Version 6.15.0 'Boron' (LTS), @rvaggCompare Source
This is a security release. All Node.js users should consult the security release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
Notable Changes
0.0.0.0. It now defaults to127.0.0.1. Reported by Ben Noordhuis. (CVE-2018-12120 / Ben Noordhuis).server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction withserver.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina)pathoption in HTTP client requests. Paths containing characters outside of the range\u0021-\u00ffwill now be rejected with aTypeError. This behavior can be reverted if necessary by supplying the--security-revert=CVE-2018-12116command line argument (this is not recommended). Reported as security concern for Node.js 6 and 8 by Arkadiy Tetelman (Lob), fixed by backporting a change by Benno Fünfstück applied to Node.js 10 and later. (CVE-2018-12116 / Matteo Collina)url.parse()with the'javascript:'protocol. Reported by Martin Bajanik (Kentico). (CVE-2018-12123 / Matteo Collina)Commits
4beba664e1] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/node#1836049fe7978f] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) nodejs/node#1389e9becec84d] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) nodejs/node#138978b3a5b2f7] - deps: copy all openssl header files to include dir (Sam Roberts) #245306120f2429e] - deps: upgrade openssl sources to 1.0.2q (Sam Roberts) #2453092231a56d9] - deps,http: http_parser set max header size to 8KB (Matteo Collina) nodejs-private/node-private#143dd20c0186f] - (SEMVER-MINOR) http: add --security-revert for CVE-2018-12116 (Matteo Collina) nodejs-private/node-private#146811b63c794] - (SEMVER-MINOR) http: disallow two-byte characters in URL path (Benno Fünfstück) nodejs-private/node-private#146618eebdd17] - (SEMVER-MINOR) http,https: protect against slow headers attack (Matteo Collina) nodejs-private/node-private#152b78d403da3] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) nodejs/node#138935344e87bf] - src: minor cleanup for node_revert (James M Snell) #14864a9791c9090] - src: make debugger listen on 127.0.0.1 by default (Ben Noordhuis) nodejs-private/node-private#1489c268d0492] - url: avoid hostname spoofing w/ javascript protocol (Matteo Collina) nodejs-private/node-private#145v6.14.4: 2018-08-15, Version 6.14.4 'Boron' (LTS), @rvaggCompare Source
This is a security release. All Node.js users should consult the security release summary at:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
Notable Changes
Buffer.write()for UCS-2 encoding (CVE-2018-12115)Commits
0052926476] - buffer: avoid overrun on UCS-2 string write (Rod Vagg) nodejs-private/node-private#138dbe6551b89] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) #18367829bbcacb] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) #1389cddca629b5] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) #1389e6014aed52] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #2232037ddce514d] - deps: upgrade openssl sources to 1.0.2p (Shigeki Ohtsu) #2232008a150fcca] - inspector: don't bind to 0.0.0.0 by default (Ben Noordhuis) #2137619b9d7fd77] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) #13897ccb0422fc] - test: fix error messages for OpenSSL-1.0.2p (Shigeki Ohtsu) #2232058b9497ca8] - test: update certificates and private keys (Fedor Indutny) #221849863e11ea8] - test: update keys/Makefile to clean and build all (Daniel Bevenius) #19975Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.