Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update docker images (non-major) #385

Open
wants to merge 1 commit into
base: next
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 20, 2022

This PR contains the following updates:

Package Type Update Change
cimg/node docker minor 18.9.1 -> 18.20.5
cimg/redis docker minor 7.0.4 -> 7.4.1
mongo patch 6.0.1 -> 6.0.19
mongo docker patch 6.0.1-focal -> 6.0.4-focal
node final minor 18.7.0-buster-slim -> 18.20.3-buster-slim
redis minor 7.0.4 -> 7.4.1

Release Notes

nodejs/node (node)

v18.20.3: 2024-05-21, Version 18.20.3 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.

A fix has also been included for compiling Node.js from source with newer versions of Clang.

The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies
  • acorn updated to 8.11.3.
  • acorn-walk updated to 8.3.2.
  • ada updated to 2.7.8.
  • c-ares updated to 1.28.1.
  • corepack updated to 0.28.0.
  • nghttp2 updated to 1.61.0.
  • ngtcp2 updated to 1.3.0.
  • npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324.
  • simdutf updated to 5.2.4.
  • zlib updated to 1.3.0.1-motley-7d77fb7.
Commits

v18.20.2: 2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Commits

v18.20.1: 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
  • CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
  • llhttp version 9.2.1
  • undici version 5.28.4
Commits

v18.20.0: 2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes
Added support for import attributes

Support has been added for import attributes, to replace the old import
assertions syntax. This will aid migration by making the new syntax available
across all currently supported Node.js release lines.

This adds the with keyword which should be used in place of the previous
assert keyword, which will be removed in a future semver-major Node.js
release.

For example,

import "foo" assert { ... }

should be replaced with

import "foo" with { ... }

For more details, see

Contributed by Nicolò Ribaudo in #​51136
and Antoine du Hamel in #​50140.

Doc deprecation for dirent.path

Please use newly added dirent.parentPath instead.

Contributed by Antoine du Hamel in #​50976
and #​51020.

Experimental node-api feature flags

Introduces an experimental feature to segregate finalizers that affect GC state.
A new type called node_api_nogc_env has been introduced as the const version
of napi_env and node_api_nogc_finalize as a variant of napi_finalize that
accepts a node_api_nogc_env as its first argument.

This feature can be turned off by defining
NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT.

Contributed by Gabriel Schulhof in #​50060.

Root certificates updated to NSS 3.98

Certificates added:

  • Telekom Security TLS ECC Root 2020
  • Telekom Security TLS RSA Root 2023

Certificates removed:

  • Security Communication Root CA
Updated dependencies
  • ada updated to 2.7.6.
  • base64 updated to 0.5.2.
  • c-ares updated to 1.27.0.
  • corepack updated to 0.25.2.
  • ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
  • npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
  • simdutf8 updated to 4.0.8.
  • Timezone updated to 2024a.
  • zlib updated to 1.3.0.1-motley-40e35a7.
vm: fix V8 compilation cache support for vm.Script

Previously repeated compilation of the same source code using vm.Script
stopped hitting the V8 compilation cache after v16.x when support for
importModuleDynamically was added to vm.Script, resulting in a performance
regression that blocked users (in particular Jest users) from upgrading from
v16.x.

The recent fixes allow the compilation cache to be hit again
for vm.Script when --experimental-vm-modules is not used even in the
presence of the importModuleDynamically option, so that users affected by the
performance regression can now upgrade. Ongoing work is also being done to
enable compilation cache support for vm.CompileFunction.

Contributed by Joyee Cheung in #​49950
and #​50137.

Commits

v18.19.1: 2024-02-14, Version 18.19.1 'Hydrogen' (LTS), @​RafaelGSS prepared by @​marco-ippolito

Compare Source

Notable changes

This is a security release.

Notable changes
  • CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
  • CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  • CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  • CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  • undici version 5.28.3
  • npm version 10.2.4
Commits

v18.19.0: 2023-11-29, Version 18.19.0 'Hydrogen' (LTS), @​targos

Compare Source

Notable Changes
npm updated to v10

After two months of baking time in Node.js 20, npm 10 is backported, so that all
release lines include a supported version of npm. This release includes npm v10.2.3.

Refer to nodejs/Release#884 for the plan to land npm 10.

ESM and customization hook changes
Leverage loaders when resolving subsequent loaders

Loaders now apply to subsequent loaders, for example: --experimental-loader ts-node --experimental-loader loader-written-in-typescript.

Contributed by Maël Nison in #​43772.

New node:module API register for module customization hooks; new initialize hook

There is a new API register available on node:module to specify a file that exports module customization hooks, and pass data to the hooks, and establish communication channels with them. The “define the file with the hooks” part was previously handled by a flag --experimental-loader, but when the hooks moved into a dedicated thread in 20.0.0 there was a need to provide a way to communicate between the main (application) thread and the hooks thread. This can now be done by calling register from the main thread and passing data, including MessageChannel instances.

We encourage users to migrate to an approach that uses --import with register, such as:

node --import ./file-that-calls-register.js ./app.js

Using --import ensures that the customization hooks are registered before any application code runs, even the entry point.

Contributed by João Lenon and Jacob Smith in #​46826, Izaak Schroeder and Jacob Smith in #​48842 and #​48559.

import.meta.resolve unflagged

In ES modules, import.meta.resolve(specifier)
can be used to get an absolute URL string to which specifier resolves, similar
to require.resolve in CommonJS. This aligns Node.js with browsers and other server-side runtimes.

Contributed by Guy Bedford in #​49028.

--experimental-default-type flag to flip module defaults

The new flag --experimental-default-type can be used to flip the default
module system used by Node.js. Input that is already explicitly defined as ES
modules or CommonJS, such as by a package.json "type" field or .mjs/.cjs
file extension or the --input-type flag, is unaffected. What is currently
implicitly CommonJS would instead be interpreted as ES modules under
--experimental-default-type=module:

  • String input provided via --eval or STDIN, if --input-type is unspecified.

  • Files ending in .js or with no extension, if there is no package.json file
    present in the same folder or any parent folder.

  • Files ending in .js or with no extension, if the nearest parent
    package.json field lacks a type field; unless the folder is inside a
    node_modules folder.

In addition, extensionless files are interpreted as Wasm if
--experimental-wasm-modules is passed and the file contains the "magic bytes"
Wasm header.

Contributed by Geoffrey Booth in #​49869.

Other ESM-related changes
  • [ed2d46f4cc] - doc: move and rename loaders section (Geoffrey Booth) #​49261
  • [92734d4480] - esm: use import attributes instead of import assertions (Antoine du Hamel) #​50140
  • [e96f7ef881] - (SEMVER-MINOR) vm: use import attributes instead of import assertions (Antoine du Hamel) #​50141
Test runner changes

Many changes to the built-in test runner have been backported. This includes
the following additions:

Other notable changes
  • [0c4a84e8e9] - (SEMVER-MINOR) deps: update uvwasi to 0.0.19 (Node.js GitHub Bot) #​49908
  • [fae60c5841] - stream: use bitmap in readable state (Benjamin Gruenbaum) #​49745
  • [17246be158] - (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled (翠 / green) #​46391
  • [2e9f7284a1] - (SEMVER-MINOR) lib: add tracing channel to diagnostics_channel (Stephen Belanger) #​44943
  • [cc7bf1f641] - (SEMVER-MINOR) src: add cjs_module_lexer_version base64_version (Jithil P Ponnan) #​45629
  • [b5d16cd8f0] - (SEMVER-MINOR) tls: add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) #​45190
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Aug 20, 2022
@renovate renovate bot force-pushed the renovate/docker branch from 5508e8c to af34a67 Compare August 24, 2022 23:58
@renovate renovate bot changed the title chore(deps): update mongo docker tag to v5.0.11 chore(deps): update docker images (non-major) Aug 24, 2022
@renovate renovate bot changed the title chore(deps): update docker images (non-major) chore(deps): update node docker tag to v18.8.0 Aug 25, 2022
@renovate renovate bot changed the title chore(deps): update node docker tag to v18.8.0 chore(deps): update docker images (non-major) Aug 25, 2022
@renovate renovate bot force-pushed the renovate/docker branch from af34a67 to e724375 Compare August 26, 2022 15:26
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from d6491a1 to 0172d53 Compare September 9, 2022 01:08
@renovate renovate bot changed the title chore(deps): update docker images (non-major) chore(deps): update docker images (non-major) to v18.9.0 Sep 18, 2022
@renovate renovate bot changed the title chore(deps): update docker images (non-major) to v18.9.0 chore(deps): update docker images (non-major) Sep 18, 2022
@renovate renovate bot force-pushed the renovate/docker branch 6 times, most recently from acd09ee to d3bfb2b Compare September 29, 2022 07:35
@codecov
Copy link

codecov bot commented Sep 29, 2022

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (3883ea7) to head (9d75547).

Current head 9d75547 differs from pull request most recent head f99b048

Please upload reports for the commit f99b048 to get more accurate results.

Additional details and impacted files
@@             Coverage Diff              @@
##             next      #385       +/-   ##
============================================
+ Coverage   35.96%   100.00%   +64.03%     
============================================
  Files         185         3      -182     
  Lines        2703         8     -2695     
  Branches      496         0      -496     
============================================
- Hits          972         8      -964     
+ Misses       1726         0     -1726     
+ Partials        5         0        -5     
Flag Coverage Δ
component ?
e2e 100.00% <ø> (ø)
unit ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from 9d75547 to 4037f0f Compare October 3, 2022 17:45
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from 3bf88f0 to 6972fed Compare October 17, 2022 19:06
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from ee39d78 to ba2232d Compare October 27, 2022 10:52
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from f577117 to 3a74fd2 Compare November 10, 2022 19:11
@renovate renovate bot force-pushed the renovate/docker branch from 3a74fd2 to bf3a3ef Compare November 16, 2022 20:32
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from 855279d to 0e4e0fd Compare March 17, 2023 03:42
@renovate renovate bot force-pushed the renovate/docker branch from 0e4e0fd to 3ca90ff Compare March 30, 2023 21:54
@renovate renovate bot force-pushed the renovate/docker branch from 8b7ea66 to 98d6c25 Compare November 4, 2023 04:01
@renovate renovate bot force-pushed the renovate/docker branch 3 times, most recently from 09a8423 to ae60323 Compare December 2, 2023 03:27
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from e4a3f2f to ab106e8 Compare January 11, 2024 01:18
@renovate renovate bot force-pushed the renovate/docker branch from ab106e8 to 2a04094 Compare January 19, 2024 03:46
@renovate renovate bot force-pushed the renovate/docker branch from 2a04094 to d698b19 Compare February 16, 2024 00:52
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from 3758f57 to ea32e9d Compare March 1, 2024 19:16
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from 51737da to b1b05fd Compare March 27, 2024 20:27
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from 39e56f4 to 14570a3 Compare April 4, 2024 16:25
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from b17c9ad to 115d359 Compare April 11, 2024 20:01
@renovate renovate bot force-pushed the renovate/docker branch from 115d359 to 86480bb Compare April 18, 2024 21:04
@renovate renovate bot force-pushed the renovate/docker branch 2 times, most recently from 3ea30e9 to c54079e Compare May 21, 2024 22:00
@renovate renovate bot force-pushed the renovate/docker branch from c54079e to f99b048 Compare June 29, 2024 05:08
@renovate renovate bot force-pushed the renovate/docker branch from f99b048 to d69a8dc Compare July 9, 2024 12:48
@renovate renovate bot force-pushed the renovate/docker branch from d69a8dc to 14ed059 Compare July 30, 2024 04:04
@renovate renovate bot force-pushed the renovate/docker branch from 14ed059 to f995ad8 Compare August 6, 2024 07:31
@renovate renovate bot force-pushed the renovate/docker branch from f995ad8 to 74535e2 Compare August 22, 2024 01:57
@renovate renovate bot force-pushed the renovate/docker branch 3 times, most recently from ee570d5 to 524b1d5 Compare October 7, 2024 22:54
@renovate renovate bot force-pushed the renovate/docker branch from 524b1d5 to 814a9ea Compare October 26, 2024 04:28
@renovate renovate bot force-pushed the renovate/docker branch from 814a9ea to 6eac51c Compare November 13, 2024 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants