chore(deps): update dependency node to v18.18.2
This MR contains the following updates:
Package | Update | Change |
---|---|---|
node (source) | patch |
18.18.1 -> 18.18.2
|
MR created with the help of gitlab-org/frontend/renovate-gitlab-bot
Release Notes
nodejs/node
v18.18.2
: 2023-10-13, Version 18.18.2 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
-
CVE-2023-44487:
nghttp2
Security Release (High) -
CVE-2023-45143:
undici
Security Release (High) - CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
- CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Commits
- [
55028468db
] - deps: update undici to v5.26.3 (Matteo Collina) #50153 - [
a792bbc515
] - deps: update nghttp2 to 1.57.0 (James M Snell) #50121 - [
f6444defa4
] - deps: update nghttp2 to 1.56.0 (Node.js GitHub Bot) #49582 - [
7e9b08dfd4
] - deps: update nghttp2 to 1.55.1 (Node.js GitHub Bot) #48790 - [
85672c153f
] - deps: update nghttp2 to 1.55.0 (Node.js GitHub Bot) #48746 - [
300a902422
] - deps: update nghttp2 to 1.53.0 (Node.js GitHub Bot) #47997 - [
7d83ed0bf6
] - Revert "deps: update nghttp2 to 1.55.0" (Richard Lau) #50151 - [
1193ca5fdb
] - lib: let deps requirenode
prefixed modules (Matthew Aitken) #50047 - [
eaf9083cf1
] - module: fix code injection through export names (Tobias Nießen) nodejs-private/node-private#461 - [
1c538938cc
] - policy: use tamper-proof integrity check function (Tobias Nießen) nodejs-private/node-private#462
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.