Update Node.js to v20.18.2 #360

Merged

renovate-bot merged 1 commit from renovate/node-20.18.x into master 2025-01-22 20:12:28 +00:00

Conversation 0 Commits 1 Files changed 1 +1 -1

renovate-bot commented 2025-01-22 17:05:48 +00:00

Collaborator

Copy link

This PR contains the following updates:

Package	Type	Update	Change
node	stage	patch	20.18.1-bullseye -> 20.18.2-bullseye

---

Release Notes

nodejs/node (node)

v20.18.2: 2025-01-21, Version 20.18.2 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2025-23083 - throw on InternalWorker use when permission model is enabled (High)
• CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
• CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

• CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Commits

• [df8b9f2c3e] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#663
• [42d5821873] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias Nießen) nodejs-private/node-private#555
• [8187a4b9bb] - src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS)
• [389f239a28] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#652

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [node](https://github.com/nodejs/node) | stage | patch | `20.18.1-bullseye` -> `20.18.2-bullseye` | --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v20.18.2`](https://github.com/nodejs/node/releases/tag/v20.18.2): 2025-01-21, Version 20.18.2 &#x27;Iron&#x27; (LTS), @&#8203;RafaelGSS [Compare Source](https://github.com/nodejs/node/compare/v20.18.1...v20.18.2) This is a security release. ##### Notable Changes - CVE-2025-23083 - throw on InternalWorker use when permission model is enabled (High) - CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) - CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency update: - CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) ##### Commits - \[[`df8b9f2c3e`](https://github.com/nodejs/node/commit/df8b9f2c3e)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#663](https://github.com/nodejs-private/node-private/pull/663) - \[[`42d5821873`](https://github.com/nodejs/node/commit/42d5821873)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (Tobias Nießen) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555) - \[[`8187a4b9bb`](https://github.com/nodejs/node/commit/8187a4b9bb)] - **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) - \[[`389f239a28`](https://github.com/nodejs/node/commit/389f239a28)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#652](https://github.com/nodejs-private/node-private/pull/652) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMTcuMiIsInVwZGF0ZWRJblZlciI6IjM5LjExNy4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

renovate-bot added 1 commit 2025-01-22 17:05:48 +00:00

Update Node.js to v20.18.2 98816d457c

renovate-bot scheduled this pull request to auto merge when all checks succeed 2025-01-22 17:05:49 +00:00

renovate-bot force-pushed renovate/node-20.18.x from 98816d457c to 86d2b56a31 2025-01-22 20:05:36 +00:00 Compare

renovate-bot merged commit 86d2b56a31 into master 2025-01-22 20:12:28 +00:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: mwalbeck/docker-cyberchef#360

No description provided.