Update node Docker tag to v14.16.1 #24

Merged
samuel-p merged 1 commit from renovate/node-14.16.x into master 2021-04-25 13:42:38 +00:00
Collaborator

This PR contains the following updates:

Package Type Update Change
node final patch 14.16.0-alpine -> 14.16.1-alpine

Release Notes

nodejs/node

v14.16.1

Compare Source

This is a security release.

Notable Changes

Vulnerabilities fixed:

  • CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
  • CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
  • CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
Commits

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box.

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [node](https://github.com/nodejs/node) | final | patch | `14.16.0-alpine` -> `14.16.1-alpine` | --- ### Release Notes <details> <summary>nodejs/node</summary> ### [`v14.16.1`](https://github.com/nodejs/node/releases/v14.16.1) [Compare Source](https://github.com/nodejs/node/compare/v14.16.0...v14.16.1) This is a security release. ##### Notable Changes Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in <https://www.openssl.org/news/secadv/20210325.txt> - Impacts: - All versions of the 15.x, 14.x, 12.x and 10.x releases lines - **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High) - This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in <https://www.openssl.org/news/secadv/20210325.txt> - Impacts: - All versions of the 15.x, 14.x, 12.x and 10.x releases lines - **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High) - This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in <https://github.com/advisories/GHSA-c4w7-xm78-47vh> - Impacts: - All versions of the 14.x, 12.x and 10.x releases lines ##### Commits - \[[`467be7a950`](https://github.com/nodejs/node/commit/467be7a950)] - **deps**: upgrade npm to 6.14.12 (Ruy Adorno) [#&#8203;37918](https://github.com/nodejs/node/pull/37918) - \[[`6bc8f58182`](https://github.com/nodejs/node/commit/6bc8f58182)] - **deps**: update archs files for OpenSSL-1.1.1k (Tobias Nießen) [#&#8203;37938](https://github.com/nodejs/node/pull/37938) - \[[`403a014ef6`](https://github.com/nodejs/node/commit/403a014ef6)] - **deps**: upgrade openssl sources to 1.1.1k (Tobias Nießen) [#&#8203;37938](https://github.com/nodejs/node/pull/37938) </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻️ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
renovate-bot added 1 commit 2021-04-25 04:00:47 +00:00
Update node Docker tag to v14.16.1
All checks were successful
continuous-integration/drone/push Build is passing
e50eaf59e2
samuel-p was assigned by renovate-bot 2021-04-25 04:00:47 +00:00
samuel-p merged commit 64b53d4a62 into master 2021-04-25 13:42:38 +00:00
This repo is archived. You cannot comment on pull requests.
No reviewers
No milestone
No project
No assignees
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: samuel-p/cachet-monitor#24
No description provided.