From 68c0188f0d65bcd149721969c3bc5548bd58d865 Mon Sep 17 00:00:00 2001 From: TrueCharts Bot Date: Fri, 24 Jan 2025 03:31:42 +0100 Subject: [PATCH] =?UTF-8?q?chore(deps):=20update=20node.js=20v22.13.0=20?= =?UTF-8?q?=E2=86=92=20v22.13.1=20(#31030)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [node](https://nodejs.org) ([source](https://redirect.github.com/nodejs/node)) | patch | `22.13.0` -> `22.13.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes
nodejs/node (node) ### [`v22.13.1`](https://redirect.github.com/nodejs/node/releases/tag/v22.13.1): 2025-01-21, Version 22.13.1 'Jod' (LTS), @​RafaelGSS [Compare Source](https://redirect.github.com/nodejs/node/compare/v22.13.0...v22.13.1) This is a security release. ##### Notable Changes - CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High) - CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) - CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency update: - CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) ##### Commits - \[[`520da342e0`](https://redirect.github.com/nodejs/node/commit/520da342e0)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#662](https://redirect.github.com/nodejs-private/node-private/pull/662) - \[[`99f217369f`](https://redirect.github.com/nodejs/node/commit/99f217369f)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (Tobias NieรŸen) [nodejs-private/node-private#555](https://redirect.github.com/nodejs-private/node-private/pull/555) - \[[`984f735e35`](https://redirect.github.com/nodejs/node/commit/984f735e35)] - **(CVE-2025-23085)** **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) [nodejs-private/node-private#650](https://redirect.github.com/nodejs-private/node-private/pull/650) - \[[`2446870618`](https://redirect.github.com/nodejs/node/commit/2446870618)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#651](https://redirect.github.com/nodejs-private/node-private/pull/651)
--- ### Configuration ๐Ÿ“… **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). ๐Ÿšฆ **Automerge**: Enabled. โ™ป **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. ๐Ÿ”• **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). --- website/.nvmrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/.nvmrc b/website/.nvmrc index 6fa8dec4cd6..d5b283a3aca 100644 --- a/website/.nvmrc +++ b/website/.nvmrc @@ -1 +1 @@ -22.13.0 +22.13.1