Update node Docker tag to v14.15.4 #19
Loading…
Reference in New Issue
No description provided.
Delete Branch "renovate/node-14.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
14.15.3-alpine
->14.15.4-alpine
Release Notes
nodejs/node
v14.15.4
Compare Source
This is a security release.
Notable Changes
Vulnerabilities fixed:
CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
Node.js. You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
CVE-2020-8265: use-after-free in TLSWrap (High)
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller as
part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits.
CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)
a http request. For example, two Transfer-Encoding header fields. In
this case Node.js identifies the first header field and ignores the
second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
Commits
Renovate configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.