Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update node.js to v20.12.2 #22

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 10, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
node final minor 20.2.0-alpine -> 20.12.2-alpine age adoption passing confidence
@types/node (source) devDependencies major ^18.15.11 -> ^20.0.0 age adoption passing confidence

Release Notes

nodejs/node (node)

v20.12.2: 2024-04-10, Version 20.12.2 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Commits

v20.12.1: 2024-04-03, Version 20.12.1 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release

Notable Changes
  • CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
  • CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
  • llhttp version 9.2.1
  • undici version 5.28.4
Commits

v20.12.0: 2024-03-26, Version 20.12.0 'Iron' (LTS), @​richardlau

Compare Source

Notable Changes
crypto: implement crypto.hash()

This patch introduces a helper crypto.hash() that computes
a digest from the input at one shot. This can be 1.2-2x faster
than the object-based createHash() for smaller inputs (<= 5MB)
that are readily available (not streamed) and incur less memory
overhead since no intermediate objects will be created.

const crypto = require('node:crypto');

// Hashing a string and return the result as a hex-encoded string.
const string = 'Node.js';
// 10b3493287f831e81a438811a1ffba01f8cec4b7
console.log(crypto.hash('sha1', string));

Contributed by Joyee Cheung in #​51044.

Loading and parsing environment variables
  • process.loadEnvFile(path):

    • Use this function to load the .env file. If no path is specified, it automatically loads the .env file in the current directory. Example: process.loadEnvFile().
    • Load a specific .env file by specifying its path. Example: process.loadEnvFile('./development.env').
  • util.parseEnv(content):

    • Use this function to parse an existing string containing environment variable assignments.
    • Example usage: require('node:util').parseEnv('HELLO=world').

Contributed by Yagiz Nizipli in #​51476.

New connection attempt events

Three new events were added in the net.createConnection flow:

  • connectionAttempt: Emitted when a new connection attempt is established. In case of Happy Eyeballs, this might emitted multiple times.
  • connectionAttemptFailed: Emitted when a connection attempt failed. In case of Happy Eyeballs, this might emitted multiple times.
  • connectionAttemptTimeout: Emitted when a connection attempt timed out. In case of Happy Eyeballs, this will not be emitted for the last attempt. This is not emitted at all if Happy Eyeballs is not used.

Additionally, a previous bug has been fixed where a new connection attempt could have been started after a previous one failed and after the connection was destroyed by the user.
This led to a failed assertion.

Contributed by Paolo Insogna in #​51045.

Permission Model changes

Node.js 20.12.0 comes with several fixes for the experimental permission model and two new semver-minor commits.
We're adding a new flag --allow-addons to enable addon usage when using the Permission Model.

$ node --experimental-permission --allow-addons

Contributed by Rafael Gonzaga in #​51183

And relative paths are now supported through the --allow-fs-* flags.
Therefore, with this release one can use:

$ node --experimental-permission --allow-fs-read=./index.js

To give only read access to the entrypoint of the application.

Contributed by Rafael Gonzaga and Carlos Espa in #​50758.

sea: support embedding assets

Users can now include assets by adding a key-path dictionary
to the configuration as the assets field. At build time, Node.js
would read the assets from the specified paths and bundle them into
the preparation blob. In the generated executable, users can retrieve
the assets using the sea.getAsset() and sea.getAssetAsBlob() API.

{
  "main": "/path/to/bundled/script.js",
  "output": "/path/to/write/the/generated/blob.blob",
  "assets": {
    "a.jpg": "/path/to/a.jpg",
    "b.txt": "/path/to/b.txt"
  }
}

The single-executable application can access the assets as follows:

const { getAsset } = require('node:sea');
// Returns a copy of the data in an ArrayBuffer
const image = getAsset('a.jpg');
// Returns a string decoded from the asset as UTF8.
const text = getAsset('b.txt', 'utf8');
// Returns a Blob containing the asset without copying.
const blob = getAssetAsBlob('a.jpg');

Contributed by Joyee Cheung in #​50960.

Support configurable snapshot through --build-snapshot-config flag

We are adding a new flag --build-snapshot-config to configure snapshots through a custom JSON configuration file.

$ node --build-snapshot-config=/path/to/myconfig.json

When using this flag, additional script files provided on the command line will
not be executed and instead be interpreted as regular command line arguments.

These changes were contributed by Joyee Cheung and Anna Henningsen in #​50453

Text Styling
  • util.styleText(format, text): This function returns a formatted text considering the format passed.

A new API has been created to format text based on util.inspect.colors, enabling you to style text in different colors (such as red, blue, ...) and emphasis (italic, bold, ...).

const { styleText } = require('node:util');
const errorMessage = styleText('red', 'Error! Error!');
console.log(errorMessage);

Contributed by Rafael Gonzaga in #​51850.

vm: support using the default loader to handle dynamic import()

This patch adds support for using vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER as the
importModuleDynamically option in all vm APIs that take this option except vm.SourceTextModule. This allows users to have a shortcut to support dynamic import() in the compiled code without missing the compilation cache if they don't need customization of the loading process. We emit an experimental warning when the import() is actually handled by the default loader through this option instead of requiring --experimental-vm-modules.

const { Script, constants } = require('node:vm');
const { resolve } = require('node:path');
const { writeFileSync } = require('node:fs');

// Write test.js and test.txt to the directory where the current script
// being run is located.
writeFileSync(resolve(__dirname, 'test.mjs'),
              'export const filename = "./test.json";');
writeFileSync(resolve(__dirname, 'test.json'),
              '{"hello": "world"}');

// Compile a script that loads test.mjs and then test.json
// as if the script is placed in the same directory.
const script = new Script(
  `(async function() {
    const { filename } = await import('./test.mjs');
    return import(filename, { with: { type: 'json' } })
  })();`,
  {
    filename: resolve(__dirname, 'test-with-default.js'),
    importModuleDynamically: constants.USE_MAIN_CONTEXT_DEFAULT_LOADER,
  });

// { default: { hello: 'world' } }
script.runInThisContext().then(console.log);

Contributed by Joyee Cheung in #​51244.

Root certificates updated to NSS 3.98

Certificates added:

  • Telekom Security TLS ECC Root 2020
  • Telekom Security TLS RSA Root 2023

Certificates removed:

  • Security Communication Root CA
Updated dependencies
  • acorn updated to 8.11.3.
  • ada updated to 2.7.6.
  • base64 updated to 0.5.2.
  • brotli updated to 1.1.0.
  • c-ares updated to 1.27.0.
  • corepack updated to 0.25.2.
  • ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
  • nghttp2 updated to 1.60.0.
  • npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
  • simdutf8 updated to 4.0.8.
  • Timezone updated to 2024a.
  • zlib updated to 1.3.0.1-motley-40e35a7.
Other notable changes
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@github-actions
Copy link
Contributor

github-actions bot commented Jun 10, 2023

Coverage Summary

Status Category Percentage Covered / Total
🟢 Lines 96.29% / 75% 52 / 54
🟢 Statements 96.29% / 75% 52 / 54
🟢 Functions 100% / 75% 2 / 2
🟢 Branches 87.5% / 75% 7 / 8
File Coverage
File Stmts % Branch % Funcs % Lines Uncovered Lines
index.ts 96.29% 87.5% 100% 96.29% 44-45

@renovate renovate bot force-pushed the renovate/node-20.x branch from b9733c6 to c5398f4 Compare June 21, 2023 19:55
@renovate renovate bot changed the title chore(deps): update node.js to v20.3.0 chore(deps): update node.js to v20.3.1 Jun 21, 2023
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@renovate renovate bot force-pushed the renovate/node-20.x branch from c5398f4 to 8694565 Compare July 10, 2023 22:31
@renovate renovate bot changed the title chore(deps): update node.js to v20.3.1 chore(deps): update node.js to v20.4.0 Jul 10, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch from 8694565 to a420150 Compare July 21, 2023 21:45
@renovate renovate bot changed the title chore(deps): update node.js to v20.4.0 chore(deps): update node.js to v20.5.0 Jul 21, 2023
@renovate renovate bot changed the title chore(deps): update node.js to v20.5.0 chore(deps): update node.js to v20.5.1 Aug 10, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch from a420150 to 4504382 Compare August 10, 2023 20:26
@renovate renovate bot force-pushed the renovate/node-20.x branch from 4504382 to c599c0f Compare September 6, 2023 00:51
@renovate renovate bot changed the title chore(deps): update node.js to v20.5.1 chore(deps): update node.js to v20.6.0 Sep 6, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Sep 6, 2023

Coverage Report

Status Category Percentage Covered / Total
🟢 Lines 96.29% / 75% 52 / 54
🟢 Statements 96.29% / 75% 52 / 54
🟢 Functions 100% / 75% 2 / 2
🟢 Branches 87.5% / 75% 7 / 8
File CoverageNo changed files found.
Generated in workflow #230

@renovate renovate bot force-pushed the renovate/node-20.x branch from c599c0f to 46c8917 Compare September 11, 2023 20:31
@renovate renovate bot changed the title chore(deps): update node.js to v20.6.0 chore(deps): update node.js to v20.6.1 Sep 11, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch from 46c8917 to fe9d9b6 Compare September 20, 2023 01:16
@renovate renovate bot changed the title chore(deps): update node.js to v20.6.1 chore(deps): update node.js to v20.7.0 Sep 20, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch from fe9d9b6 to 71cbb71 Compare September 29, 2023 22:46
@renovate renovate bot changed the title chore(deps): update node.js to v20.7.0 chore(deps): update node.js to v20.8.0 Sep 29, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch from 71cbb71 to c8583b5 Compare October 16, 2023 18:03
@renovate renovate bot changed the title chore(deps): update node.js to v20.8.0 chore(deps): update node.js to v20.8.1 Oct 16, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from 7e316de to 7a9651c Compare October 25, 2023 20:23
@renovate renovate bot changed the title chore(deps): update node.js to v20.8.1 chore(deps): update node.js to v20.9.0 Oct 25, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch from 7a9651c to 8ceee3c Compare November 23, 2023 13:42
@renovate renovate bot changed the title chore(deps): update node.js to v20.9.0 chore(deps): update node.js to v20.10.0 Nov 23, 2023
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 3 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

@renovate renovate bot force-pushed the renovate/node-20.x branch from 8ceee3c to 3ef80de Compare January 11, 2024 02:11
@renovate renovate bot changed the title chore(deps): update node.js to v20.10.0 chore(deps): update node.js to v20.11.0 Jan 11, 2024
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions

3 Security Hotspots

See analysis details on SonarCloud

@renovate renovate bot force-pushed the renovate/node-20.x branch from 3ef80de to bc1649b Compare February 16, 2024 00:44
@renovate renovate bot changed the title chore(deps): update node.js to v20.11.0 chore(deps): update node.js to v20.11.1 Feb 16, 2024
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
3 Security Hotspots

See analysis details on SonarCloud

@renovate renovate bot force-pushed the renovate/node-20.x branch from bc1649b to fb37417 Compare March 27, 2024 16:11
@renovate renovate bot changed the title chore(deps): update node.js to v20.11.1 chore(deps): update node.js to v20.12.0 Mar 27, 2024
@renovate renovate bot force-pushed the renovate/node-20.x branch from fb37417 to c9dcc51 Compare April 4, 2024 17:33
@renovate renovate bot changed the title chore(deps): update node.js to v20.12.0 chore(deps): update node.js to v20.12.1 Apr 4, 2024
@renovate renovate bot force-pushed the renovate/node-20.x branch from c9dcc51 to c8d275a Compare April 11, 2024 14:58
@renovate renovate bot changed the title chore(deps): update node.js to v20.12.1 chore(deps): update node.js to v20.12.2 Apr 11, 2024
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
3 Security Hotspots

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants