Update Node.js to v14.17.6 - autoclosed (!66) · Merge requests · Water Mission Area / Internet of Water / waterdataui

igswsihw-wmadepbot requested to merge renovate/node-14.x into main Sep 01, 2021

This MR contains the following updates:

Package	Type	Update	Change
node	engines	patch	`14.17.5` -> `14.17.6`

Release Notes

nodejs/node

`v14.17.6`

Compare Source

This is a security release.

Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.

You can read more about it in:

Commits

[5b3f70bfb5] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #39868
[71372625ae] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #39868
[4276984803] - deps: upgrade npm to 6.14.15 (Darcy Clarke) #39856

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box.

This MR has been generated by Renovate Bot.

Edited Sep 09, 2021 by igswsihw-wmadepbot

Update Node.js to v14.17.6 - autoclosed

Release Notes

v14.17.6

Notable Changes

Commits

Configuration

Merge request reports

`v14.17.6`