[TASK] Update all
This MR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| @types/react (source) | 18.2.77 -> 18.2.78 |
 |
|
|
|
devDependencies | patch |
| node |
21.7.1-bookworm-slim -> 21.7.3-bookworm-slim
|
|
|
|
|
final | patch |
Update dependencies
-
Clone project
-
Checkout update branch
-
run
npm installand test everything -
If everything is fine and fixes are pushed, merge the MR
Release Notes
nodejs/node (node)
v21.7.3: 2024-04-10, Version 21.7.3 (Current), @RafaelGSS
This is a security release.
Notable Changes
- CVE-2024-27980 - Command injection via args parameter of
child_process.spawnwithout shell option enabled on Windows
Commits
- [
9095c914ed] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#562
v21.7.2: 2024-04-03, Version 21.7.2 (Current), @RafaelGSS prepared by @marco-ippolito
This is a security release.
Notable changes
- CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
- CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium)
- llhttp version 9.2.1
- undici version 6.11.1
Commits
- [
3dfc10c851] - deps: update undici to 6.11.1 (Node.js GitHub Bot) #52328 - [
aceea1c5e7] - deps: update undici to 6.10.2 (Node.js GitHub Bot) #52227 - [
5f0f96b275] - deps: update llhttp to 9.2.0 (Node.js GitHub Bot) #51719 - [
1a65e98e22] - http: do not allow OBS fold in headers by default (Paolo Insogna) nodejs-private/node-private#556 - [
3bd39fb474] - src: ensure to close stream when destroying session (Anna Henningsen) nodejs-private/node-private#561
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.