chore(deps): update all non-major dependencies with stable version (minor) #1298

kbadge: introduce kui tokens [KHCP-7694] (#1511) (86b7023)
sourcemaps: dont generate sourcemap as part of npm package [KHCP-7565] (#1516) (2eb5819)

`v8.85.0`

Compare Source

Features

kalert: introduce design tokens [KHCP-7693] (#1506) (33e8b8c)

8.84.8 (2023-07-07)

Bug Fixes

KTruncate, KMultiselect: add fix for ResizeObserver [KHCP-7734] (#1508) (ea47855)

8.84.7 (2023-07-06)

Bug Fixes

kcatalog: flakey test [khcp-7022] (#1495) (8c0babd)

8.84.6 (2023-07-06)

Bug Fixes

scss: autocompletion (#1505) (47f58ff)

8.84.5 (2023-07-06)

Bug Fixes

kpagination: cache issue [khcp-7908] (#1504) (4b3a49e)

8.84.4 (2023-07-06)

Bug Fixes

kmultiselect: always show lock [khcp-7963] (#1503) (13c4aac)

8.84.3 (2023-07-05)

Bug Fixes

kpagination: cache issue [khcp-7908] (#1502) (d9b579f)

8.84.2 (2023-07-05)

Bug Fixes

design token imports (#1501) (c812e85)

8.84.1 (2023-07-04)

Bug Fixes

deps: bump focus-trap from 7.4.3 to 7.5.1 (#1497) (3ef855f)

nodejs/node (node)

`v16.20.2`: 2023-08-09, Version 16.20.2 'Gallium' (LTS), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-32002: Policies can be bypassed via Module._load (High)
CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
OpenSSL Security Releases

More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

Commits

[40c3958a5a] - deps: update archs files for OpenSSL-1.1.1v (RafaelGSS) #49043
[a9ac9da89a] - deps: fix openssl crypto clean (RafaelGSS) #49043
[362d4c7494] - deps: upgrade openssl sources to OpenSSL_1_1_1v (RafaelGSS) #49043
[d8ccfe9ad4] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#445
[242aaa0caa] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#459

`v16.20.1`: 2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
OpenSSL Security Releases
c-ares vulnerabilities:

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Commits

[5a92ea7a3b] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen)
[5df04e893a] - deps: set CARES_RANDOM_FILE for c-ares (Richard Lau) #48156
[c171cbd124] - deps: update c-ares to 1.19.1 (RafaelGSS) #48115
[155d3aac02] - deps: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) #48369
[8d4c8f8ebe] - deps: upgrade openssl sources to OpenSSL_1_1_1u (RafaelGSS) #48369
[1a5c9284eb] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426
[e42ff4b018] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#429
[10042683c8] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408
[a6f4e87bc9] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416
[b77000f4d7] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851

`v16.20.0`: 2023-03-29, Version 16.20.0 'Gallium' (LTS), @BethGriggs

Compare Source

Notable Changes

deps:
- update undici to 5.20.0 (Node.js GitHub Bot) #46711
- update c-ares to 1.19.0 (Michaël Zasso) #46415
- upgrade npm to 8.19.4 (npm team) #46677
- update corepack to 0.17.0 (Node.js GitHub Bot) #46842
(SEMVER-MINOR) src: add support for externally shared js builtins (Michael Dawson) #44376

Commits

[de6dd67790] - crypto: avoid hang when no algorithm available (Richard Lau) #46237
[4617512788] - crypto: ensure auth tag set for chacha20-poly1305 (Ben Noordhuis) #46185
[24972164fc] - deps: update undici to 5.20.0 (Node.js GitHub Bot) #46711
[85f88c6a8d] - deps: V8: cherry-pick 90be99f (Michaël Zasso) #46646
[b4ebe6d47b] - deps: update c-ares to 1.19.0 (Michaël Zasso) #46415
[56cbc7fdda] - deps: V8: cherry-pick c2792e5 (Jiawen Geng) #44961
[7af9bdb31e] - deps: upgrade npm to 8.19.4 (npm team) #46677
[962a7471b5] - deps: update corepack to 0.17.0 (Node.js GitHub Bot) #46842
[748bc96e35] - deps: update corepack to 0.16.0 (Node.js GitHub Bot) #46710
[a467782499] - deps: update corepack to 0.15.3 (Node.js GitHub Bot) #46037
[1913b6763d] - deps: update corepack to 0.15.2 (Node.js GitHub Bot) #45635
[809371a15f] - module: require.resolve.paths returns null with node schema (MURAKAMI Masahiko) #45147
[086bb2f8d4] - Revert "src: let http2 streams end after session close" (Rich Trott) #46721
[6a01d39120] - (SEMVER-MINOR) src: add support for externally shared js builtins (Michael Dawson) #44376
[d081032a60] - test: fix test-net-connect-reset-until-connected (Vita Batrla) #46781
[efe1be47ec] - test: skip test depending on overlapped-checker when not available (Antoine du Hamel) #45015
[fc47d58abe] - test: remove cjs loader from stack traces (Geoffrey Booth) #44197
[cf76d0790d] - test: fix WPT title when no META title is present (Filip Skokan) #46804
[0d1485b924] - test: fix default WPT titles (Filip Skokan) #46778
[088e9cde3d] - test: add WPTRunner support for variants and generating WPT reports (Filip Skokan) #46498
[908c4dff44] - test: mark test-crypto-key-objects flaky on Linux (Richard Lau) #46684
[768e56227e] - tools: make utils.SearchFiles deterministic (Bruno Pitrus) #44496

Configuration

📅 Schedule: Branch creation - "every weekday" in timezone America/New_York, Automerge - "every weekday" in timezone America/New_York.

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

kongponents-bot · 2023-09-08T10:18:17Z

🎉 This PR is included in version 2.8.8 🎉

The release is available on:

Your semantic-release bot 📦🚀

renovate bot requested review from adamdehaven, kongponents-bot and jillztom as code owners September 8, 2023 05:47

renovate bot added dependencies Pull requests that update a dependency file renovate-bot labels Sep 8, 2023

renovate bot enabled auto-merge (squash) September 8, 2023 05:47

kongponents-bot approved these changes Sep 8, 2023

View reviewed changes

chore(deps): update all non-major dependencies with stable version

0c3fbf3

renovate bot force-pushed the renovate/all-minor-patch branch from a8c0696 to 0c3fbf3 Compare September 8, 2023 06:59

kongponents-bot approved these changes Sep 8, 2023

View reviewed changes

renovate bot merged commit 6257cfa into main Sep 8, 2023
3 checks passed

renovate bot deleted the renovate/all-minor-patch branch September 8, 2023 07:03

kongponents-bot added the released label Sep 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update all non-major dependencies with stable version (minor) #1298

chore(deps): update all non-major dependencies with stable version (minor) #1298

renovate bot commented Sep 8, 2023 •

edited by jira bot

Loading

kongponents-bot commented Sep 8, 2023

chore(deps): update all non-major dependencies with stable version (minor) #1298

chore(deps): update all non-major dependencies with stable version (minor) #1298

Conversation

renovate bot commented Sep 8, 2023 • edited by jira bot Loading

Release Notes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Reverts

Bug Fixes

Features

8.121.1 (2023-08-01)

Bug Fixes

Bug Fixes

Features

Features

Features

8.118.1 (2023-07-31)

Bug Fixes

Bug Fixes

Features

Features

8.116.2 (2023-07-28)

Bug Fixes

8.116.1 (2023-07-28)

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

Features

Features

Features

Features

Features

Features

Features

8.106.1 (2023-07-25)

Bug Fixes

Bug Fixes

Features

Features

Features

Features

8.102.1 (2023-07-24)

Bug Fixes

Bug Fixes

Features

Features

Features

Features

Features

Features

Bug Fixes

Features

Features

Features

8.93.2 (2023-07-19)

Bug Fixes

8.93.1 (2023-07-18)

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

8.91.1 (2023-07-14)

Bug Fixes

Bug Fixes

Features

Features

8.89.1 (2023-07-13)

Bug Fixes

Bug Fixes

Features

Features

Features

8.86.1 (2023-07-12)

Bug Fixes

renovate bot commented Sep 8, 2023 •

edited by jira bot

Loading