chore(deps): update dependency node to v18.18.0

This MR contains the following updates:

Package	Update	Change
node	minor	18.17.0 -> 18.18.0
node (source)	minor	18.17.1 -> 18.18.0

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

---

Release Notes

nodejs/node

v18.18.0: 2023-09-18, Version 18.18.0 'Hydrogen' (LTS), @​ruyadorno

Compare Source

Notable Changes

• [7dc731d4bf] - build: sync libuv header change (Jiawen Geng) #​48078
• [490fc004b0] - crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot) #​49341
• [dd8cd97d4d] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #​48416
• [ea23870bec] - deps: add missing thread-common.c in uv.gyp (Santiago Gimeno) #​48078
• [88855e0b1b] - deps: upgrade to libuv 1.46.0 (Santiago Gimeno) #​48078
• [fb2b80fca0] - deps: upgrade to libuv 1.45.0 (Santiago Gimeno) #​48078
• [249879e46c] - doc: add atlowChemi to collaborators (atlowChemi) #​48757
• [e8dc7bde6a] - doc: add vmoroz to collaborators (Vladimir Morozov) #​48527
• [a30f2fbcc1] - doc: add kvakil to collaborators (Keyhan Vakil) #​48449
• [c39b7c240e] - (SEMVER-MINOR) esm: add --import flag (Moshe Atlow) #​43942
• [a68a67f54d] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #​48596
• [3a8586bee2] - fs, stream: initial Symbol.dispose and Symbol.asyncDispose support (Moshe Atlow) #​48518
• [863bdb785d] - net: add autoSelectFamily global getter and setter (Paolo Insogna) #​45777
• [c59ae86ba0] - (SEMVER-MINOR) url: add value argument to has and delete methods (Sankalp Shubham) #​47885

Commits

• [d1f43317ea] - benchmark: add bar.R (Rafael Gonzaga) #​47729
• [4f74be3c92] - benchmark: refactor crypto oneshot (Filip Skokan) #​48267
• [fe9da9df0f] - benchmark: add crypto.create*Key (Filip Skokan) #​48284
• [9cb18b3e9d] - build: do not pass target toolchain flags to host toolchain (Ivan Trubach) #​48597
• [7dc731d4bf] - build: sync libuv header change (Jiawen Geng) #​48078
• [211a4f88a9] - build: update action to close stale MRs (Michael Dawson) #​48196
• [cc33a1864b] - child_process: harden against prototype pollution (Livia Medeiros) #​48726
• [b5df084e1e] - child_process: use addAbortListener (atlowChemi) #​48550
• [611db8df1a] - child_process: support Symbol.dispose (Moshe Atlow) #​48551
• [490fc004b0] - crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot) #​49341
• [dd8cd97d4d] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #​48416
• [b2bc839d4c] - crypto: remove OPENSSL_FIPS guard for OpenSSL 3 (Richard Lau) #​48392
• [c8da8c80b9] - deps: update nghttp2 to 1.55.0 (Node.js GitHub Bot) #​48746
• [7e04242dcb] - deps: update minimatch to 9.0.3 (Node.js GitHub Bot) #​48704
• [ea23870bec] - deps: add missing thread-common.c in uv.gyp (Santiago Gimeno) #​48078
• [88855e0b1b] - deps: upgrade to libuv 1.46.0 (Santiago Gimeno) #​48078
• [fb2b80fca0] - deps: upgrade to libuv 1.45.0 (Santiago Gimeno) #​48078
• [59fca4e09a] - deps: update acorn to 8.10.0 (Node.js GitHub Bot) #​48713
• [bcb255d5a8] - deps: V8: cherry-pick cb00db4 (Keyhan Vakil) #​48671
• [65a6c90fc6] - deps: update acorn to 8.9.0 (Node.js GitHub Bot) #​48484
• [6b6d5d91e9] - deps: update zlib to 1.2.13.1-motley-f81f385 (Node.js GitHub Bot) #​48541
• [56249b0770] - deps: update googletest to ec4fed9 (Node.js GitHub Bot) #​48538
• [8914a5204a] - deps: update minimatch to 9.0.2 (Node.js GitHub Bot) #​48542
• [1b960d9988] - deps: update icu to 73.2 (Node.js GitHub Bot) #​48502
• [f0e2e3c549] - deps: update zlib to 1.2.13.1-motley-3ca9f16 (Node.js GitHub Bot) #​48413
• [9cf8fe6b93] - deps: upgrade npm to 9.8.1 (npm team) #​48838
• [d9ff473ff3] - deps: upgrade npm to 9.8.0 (npm team) #​48665
• [4a6177daad] - deps: upgrade npm to 9.7.2 (npm team) #​48514
• [104b58feb1] - deps: update ada to 2.6.0 (Node.js GitHub Bot) #​48896
• [7f7a125d78] - deps: update corepack to 0.19.0 (Node.js GitHub Bot) #​48540
• [5e1eb451d1] - deps: update corepack to 0.18.1 (Node.js GitHub Bot) #​48483
• [3be53358bc] - deps: add loong64 config into openssl gypi (Shi Pujin) #​48043
• [555982c59e] - deps: upgrade npm to 9.7.1 (npm team) #​48378
• [3c03ec0832] - deps: update simdutf to 3.2.14 (Node.js GitHub Bot) #​48344
• [a2964a4583] - deps: update ada to 2.5.1 (Node.js GitHub Bot) #​48319
• [38f6e0d8cd] - deps: update zlib to 982b036 (Node.js GitHub Bot) #​48327
• [f4617a4f81] - deps: add loongarch64 into openssl Makefile and gen openssl-loongarch64 (Shi Pujin) #​46401
• [573eb4be12] - dgram: socket add asyncDispose (atlowChemi) #​48717
• [f3c4300e00] - dgram: use addAbortListener (atlowChemi) #​48550
• [d3041df738] - doc: expand on squashing and rebasing to land a MR (Chengzhong Wu) #​48751
• [249879e46c] - doc: add atlowChemi to collaborators (atlowChemi) #​48757
• [42ecd46d1f] - doc: fix ambiguity in http.md and https.md (an5er) #​48692
• [e78824e053] - doc: add release key for Ulises Gascon (Ulises Gascón) #​49196
• [1aa798d69f] - doc: clarify transform._transform() callback argument logic (Rafael Sofi-zada) #​48680
• [d723e870a2] - doc: mention git node release prepare (Rafael Gonzaga) #​48644
• [a9a1394388] - doc: fix options order (Luigi Pinca) #​48617
• [989ea6858f] - doc: update security release stewards (Rafael Gonzaga) #​48569
• [f436ac1803] - doc: update return type for describe (Shrujal Shah) #​48572
• [fbe89e6320] - doc: run license-builder (github-actions[bot]) #​48552
• [f18b287bc3] - doc: add description of autoAllocateChunkSize in ReadableStream (Debadree Chatterjee) #​48004
• [e2f3ed1444] - doc: fix filename type in watch result (Dmitry Semigradsky) #​48032
• [1fe75dc2b0] - doc: unnest mime and MIMEParams from MIMEType constructor (Dmitry Semigradsky) #​47950
• [e1339d58e8] - doc: update security-release-process.md (Rafael Gonzaga) #​48504
• [e8dc7bde6a] - doc: add vmoroz to collaborators (Vladimir Morozov) #​48527
• [f8ba672c7b] - doc: link to Runtime Keys in export conditions (Jacob Hummer) #​48408
• [0056cb93e9] - doc: update fs flags documentation (sinkhaha) #​48463
• [3cf3fb9479] - doc: revise error.md introduction (Antoine du Hamel) #​48423
• [7575d8b90e] - doc: add preveen-stack to triagers (Preveen P) #​48387
• [820aa550a4] - doc: refine when file is undefined in test events (Moshe Atlow) #​48451
• [a30f2fbcc1] - doc: add kvakil to collaborators (Keyhan Vakil) #​48449
• [239b4ea66f] - doc: mark --import as experimental (Moshe Atlow) #​44067
• [2a561aefe2] - doc: add additional info on TSFN dispatch (Michael Dawson) #​48367
• [5cc6eee30d] - doc: add link for news from security wg (Michael Dawson) #​48396
• [ffece88452] - doc: fix typo in events.md (Darshan Sen) #​48436
• [06513585dc] - doc: run license-builder (github-actions[bot]) #​48336
• [d9a800ee5c] - esm: fix emit deprecation on legacy main resolve (Antoine du Hamel) #​48664
• [c39b7c240e] - (SEMVER-MINOR) esm: add --import flag (Moshe Atlow) #​43942
• [a00464ee06] - esm: fix specifier resolution and symlinks (Zack Newsham) #​47674
• [3b8ec348b0] - events: fix bug listenerCount don't compare wrapped listener (yuzheng14) #​48592
• [a68a67f54d] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #​48596
• [5354af3dab] - fs: call the callback with an error if writeSync fails (killa) #​47949
• [c3a27d1d3d] - fs: remove unneeded return statement (Luigi Pinca) #​48526
• [3a8586bee2] - fs, stream: initial Symbol.dispose and Symbol.asyncDispose support (Moshe Atlow) #​48518
• [01746c71df] - http: null the joinDuplicateHeaders property on cleanup (Luigi Pinca) #​48608
• [d47eb73a85] - http: remove useless ternary in test (geekreal) #​48481
• [977e9a38b4] - http: fix for handling on boot timers headers and request (Franciszek Koltuniuk) #​48291
• [be88f7cd22] - http2: use addAbortListener (atlowChemi) #​48550
• [7c7230a85c] - http2: send RST code 8 on AbortController signal (Devraj Mehta) #​48573
• [f74c2fc72a] - lib: use addAbortListener (atlowChemi) #​48550
• [db355d1f37] - lib: add option to force handling stopped events (Chemi Atlow) #​48301
• [5d682c55a5] - lib: reduce url getters on makeRequireFunction (Yagiz Nizipli) #​48492
• [5260f53e55] - lib: add support for inherited custom inspection methods (Antoine du Hamel) #​48306
• [69aaf8b1d1] - lib: remove invalid parameter to toASCII (Yagiz Nizipli) #​48878
• [51863b80e4] - meta: bump actions/checkout from 3.5.2 to 3.5.3 (dependabot[bot]) #​48625
• [7ec370991d] - meta: bump step-security/harden-runner from 2.4.0 to 2.4.1 (dependabot[bot]) #​48626
• [34b8e980d4] - meta: bump ossf/scorecard-action from 2.1.3 to 2.2.0 (dependabot[bot]) #​48628
• [dfed9a7da9] - meta: bump github/codeql-action from 2.3.6 to 2.20.1 (dependabot[bot]) #​48627
• [071eaadc5a] - module: add SourceMap.findOrigin (Isaac Z. Schlueter) #​47790
• [bf1525c549] - module: reduce url invocations in esm/load.js (Yagiz Nizipli) #​48337
• [f8921630a2] - net: server add asyncDispose (atlowChemi) #​48717
• [b5f53d9a0b] - net: fix family autoselection SSL connection handling (Paolo Insogna) #​48189
• [267439fc34] - net: rework autoSelectFamily implementation (Paolo Insogna) #​46587
• [d3637cdbbf] - net: fix address iteration with autoSelectFamily (Fedor Indutny) #​48258
• [e8289a83f1] - net: fix family autoselection timeout handling (Paolo Insogna) #​47860
• [863bdb785d] - net: add autoSelectFamily global getter and setter (Paolo Insogna) #​45777
• [04dc090bfa] - node-api: provide napi_define_properties fast path (Gabriel Schulhof) #​48440
• [feb6a54dc3] - node-api: implement external strings (Gabriel Schulhof) #​48339
• [121f74c463] - perf_hooks: convert maxSize to IDL value in setResourceTimingBufferSize (Chengzhong Wu) #​44902
• [804d880589] - permission: fix data types in PrintTree (Tobias Nießen) #​48770
• [7aaecce9bf] - permission: add debug log when inserting fs nodes (Rafael Gonzaga) #​48677
• [cb51ef2905] - readline: use addAbortListener (atlowChemi) #​48550
• [07065d0814] - report: disable js stack when no context is entered (Chengzhong Wu) #​48495
• [572b82ffef] - src: make BaseObject iteration order deterministic (Joyee Cheung) #​48702
• [3f65598a41] - src: remove kEagerCompile for CompileFunction (Keyhan Vakil) #​48671
• [f43eacac9b] - src: deduplicate X509 getter implementations (Tobias Nießen) #​48563
• [0c19621bdc] - src: fix uninitialized field access in AsyncHooks (Jan Olaf Krems) #​48566
• [0c38184d62] - src: fix Coverity issue regarding unnecessary copy (Yagiz Nizipli) #​48565
• [0d73009ba3] - src: refactor SplitString in util (Yagiz Nizipli) #​48491
• [6c72622df9] - src: handle wasm out of bound in osx will raise SIGBUS correctly (Congcong Cai) #​46561
• [e4261809b0] - src: replace idna functions with ada::idna (Yagiz Nizipli) #​47735
• [3dd82b1820] - stream: use addAbortListener (atlowChemi) #​48550
• [786fbdb824] - stream: fix premature pipeline end (Robert Nagy) #​48435
• [c224e1b255] - stream: fix deadlock when pipeing to full sink (Robert Nagy) #​48691
• [2c75b9ece2] - test: fix flaky test-string-decode.js on x86 (Stefan Stojanovic) #​48750
• [279c4f64c1] - test: mark test-http-regr-gh-2928 as flaky (Joyee Cheung) #​49565
• [01eacccd9a] - test: deflake test-net-throttle (Luigi Pinca) #​48599
• [33886b271c] - test: move test-net-throttle to parallel (Luigi Pinca) #​48599
• [a79112b5f4] - Revert "test: remove test-crypto-keygen flaky designation" (Luigi Pinca) #​48652
• [6ec57984db] - test: add missing assertions to test-runner-cli (Moshe Atlow) #​48593
• [dd1805e802] - test: remove test-crypto-keygen flaky designation (Luigi Pinca) #​48575
• [df9a9afc99] - test: remove test-timers-immediate-queue flaky designation (Luigi Pinca) #​48575
• [3ae96ae380] - test: make IsolateData per-isolate in cctest (Joyee Cheung) #​48450
• [f2ce8e0c06] - test: define NAPI_VERSION before including node_api.h (Chengzhong Wu) #​48376
• [13ac0a5e26] - test: remove unnecessary noop function args to mustNotCall() (Antoine du Hamel) #​48513
• [8fdd4c55b3] - test: skip test-runner-watch-mode on IBMi (Moshe Atlow) #​48473
• [9d90409241] - test: fix flaky test-watch-mode (Moshe Atlow) #​48147
• [27a4bc7c32] - test: add missing <algorithm> include for std::find (Sam James) #​48380
• [cb92c4b9fe] - test: update url web-platform tests (Yagiz Nizipli) #​48319
• [f35c4d3190] - test: ignore the copied entry_point.c (Luigi Pinca) #​48297
• [41d1e6888f] - test: refactor test-gc-http-client-timeout (Luigi Pinca) #​48292
• [125bca621a] - test: update encoding web-platform tests (Yagiz Nizipli) #​48320
• [e9ac111d02] - test: update FileAPI web-platform tests (Yagiz Nizipli) #​48322
• [3da57d17f5] - test: update user-timing web-platform tests (Yagiz Nizipli) #​48321
• [c728b8a29b] - test: fix test-net-autoselectfamily for kernel without IPv6 support (Livia Medeiros) #​45856
• [6de7aa1d19] - test: move test-tls-autoselectfamily-servername to test/internet (Antoine du Hamel) #​47029
• [2de9868292] - test: validate host with commas on url.parse (Yagiz Nizipli) #​48878
• [e7d2e8ef2a] - test: delete test-net-bytes-per-incoming-chunk-overhead (Michaël Zasso) #​48811
• [f5494fa1b0] - test_runner: fixed test shorthands return type (Shocker) #​48555
• [7051cafdfa] - test_runner: make --test-name-pattern recursive (Moshe Atlow) #​48382
• [f302286442] - test_runner: refactor coverage report output for readability (Damien Seguin) #​47791
• [7822a541e5] - timers: support Symbol.dispose (Moshe Atlow) #​48633
• [3eeca52db1] - tls: fix bugs of double TLS (rogertyang) #​48969
• [4826379516] - tools: run fetch_deps.py with Python 3 (Richard Lau) #​48729
• [e2688c8d79] - tools: update doc to unist-util-select@5.0.0 unist-util-visit@5.0.0 (Node.js GitHub Bot) #​48714
• [7399481096] - tools: update lint-md-dependencies to rollup@3.26.2 (Node.js GitHub Bot) #​48705
• [31c07153ce] - tools: update eslint to 8.44.0 (Node.js GitHub Bot) #​48632
• [4e53f51e24] - tools: update lint-md-dependencies to rollup@3.26.0 (Node.js GitHub Bot) #​48631
• [7d52950a96] - tools: update lint-md-dependencies (Node.js GitHub Bot) #​48544
• [e168eab3ee] - tools: update lint-md-dependencies (Node.js GitHub Bot) #​48486
• [9711bc24f6] - tools: replace sed with perl (Luigi Pinca) #​48499
• [9c1937c0a7] - tools: update eslint to 8.43.0 (Node.js GitHub Bot) #​48487
• [9449f05ab1] - tools: update doc to to-vfile@8.0.0 (Node.js GitHub Bot) #​48485
• [79dcd968b1] - tools: prepare tools/doc for to-vfile 8.0.0 (Rich Trott) #​48485
• [538f388ac0] - tools: update lint-md-dependencies (Node.js GitHub Bot) #​48417
• [01bc10dcd5] - tools: update create-or-update-pull-request-action (Richard Lau) #​48398
• [590a072657] - tools: update eslint-plugin-jsdoc (Richard Lau) #​48393
• [6a5805491e] - tools: update eslint to 8.42.0 (Node.js GitHub Bot) #​48328
• [2eb13e3986] - tools: disable jsdoc/no-defaults rule (Luigi Pinca) #​48328
• [3363cfa6c7] - typings: remove unused primordials (Yagiz Nizipli) #​48509
• [c59ae86ba0] - (SEMVER-MINOR) url: add value argument to has and delete methods (Sankalp Shubham) #​47885
• [f59c9636f4] - url: conform to origin getter spec changes (Yagiz Nizipli) #​48319
• [0beb5ab93d] - url: ensure getter access do not mutate observable symbols (Antoine du Hamel) #​48897
• [0a022c496d] - util: use primordials.ArrayPrototypeIndexOf instead of mutable method (DaisyDogs07) #​48586

v18.17.1: 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-32002: Policies can be bypassed via Module._load (High)
• CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
• CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 14th July.
  • OpenSSL security advisory 19th July.
  • OpenSSL security advisory 31st July

More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

Commits

• [fe3abdf82e] - deps: update archs files for openssl-3.0.10+quic1 (Node.js GitHub Bot) #​49036
• [2c5a522d9c] - deps: upgrade openssl sources to quictls/openssl-3.0.10+quic1 (Node.js GitHub Bot) #​49036
• [15bced0bde] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#​417
• [d4570fae35] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#​460

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.