Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency node to v20.16.0 #29

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ibm-mend-app[bot]
Copy link
Contributor

@ibm-mend-app ibm-mend-app bot commented May 12, 2024

This PR contains the following updates:

Package Update Change
node (source) minor 20.6.0 -> 20.16.0

Release Notes

nodejs/node (node)

v20.16.0: 2024-07-24, Version 20.16.0 'Iron' (LTS), @​marco-ippolito

Compare Source

process: add process.getBuiltinModule(id)

process.getBuiltinModule(id) provides a way to load built-in modules
in a globally available function. ES Modules that need to support
other environments can use it to conditionally load a Node.js built-in
when it is run in Node.js, without having to deal with the resolution
error that can be thrown by import in a non-Node.js environment or
having to use dynamic import() which either turns the module into
an asynchronous module, or turns a synchronous API into an asynchronous one.

if (globalThis.process?.getBuiltinModule) {
  // Run in Node.js, use the Node.js fs module.
  const fs = globalThis.process.getBuiltinModule('fs');
  // If `require()` is needed to load user-modules, use createRequire()
  const module = globalThis.process.getBuiltinModule('module');
  const require = module.createRequire(import.meta.url);
  const foo = require('foo');
}

If id specifies a built-in module available in the current Node.js process,
process.getBuiltinModule(id) method returns the corresponding built-in
module. If id does not correspond to any built-in module, undefined
is returned.

process.getBuiltinModule(id) accepts built-in module IDs that are recognized
by module.isBuiltin(id).

The references returned by process.getBuiltinModule(id) always point to
the built-in module corresponding to id even if users modify
require.cache so that require(id) returns something else.

Contributed by Joyee Cheung in #​52762

doc: doc-only deprecate OpenSSL engine-based APIs

OpenSSL 3 deprecated support for custom engines with a recommendation to switch to its new provider model.
The clientCertEngine option for https.request(), tls.createSecureContext(), and tls.createServer(); the privateKeyEngine and privateKeyIdentifier for tls.createSecureContext(); and crypto.setEngine() all depend on this functionality from OpenSSL.

Contributed by Richard Lau in #​53329

inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth

Debugger.setAsyncCallStackDepth was previously calling the enable function by mistake. As a result, when profiling using Chrome DevTools, the async hooks won't be turned off properly after receiving Debugger.setAsyncCallStackDepth with depth 0.

Contributed by Joyee Cheung in #​53473

Other Notable Changes
  • [09e2191432] - (SEMVER-MINOR) buffer: add .bytes() method to Blob (Matthew Aitken) #​53221
  • [394e00f41c] - (SEMVER-MINOR) doc: add context.assert docs (Colin Ihrig) #​53169
  • [a8601efa5e] - (SEMVER-MINOR) doc: improve explanation about built-in modules (Joyee Cheung) #​52762
  • [5e76c258f7] - doc: add StefanStojanovic to collaborators (StefanStojanovic) #​53118
  • [5e694026f1] - doc: add Marco Ippolito to TSC (Rafael Gonzaga) #​53008
  • [f3ba1eb72f] - (SEMVER-MINOR) net: add new net.server.listen tracing channel (Paolo Insogna) #​53136
  • [2bcce3255b] - (SEMVER-MINOR) src,permission: --allow-wasi & prevent WASI exec (Rafael Gonzaga) #​53124
  • [a03a4c7bdd] - (SEMVER-MINOR) test_runner: add context.fullName (Colin Ihrig) #​53169
  • [69b828f5a5] - (SEMVER-MINOR) util: support --no- for argument with boolean type for parseArgs (Zhenwei Jin) #​53107
Commits

v20.15.1: 2024-07-08, Version 20.15.1 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
  • CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
  • CVE-2024-22018 - fs.lstat bypasses permission model (Low)
  • CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
  • CVE-2024-37372 - Permission model improperly processes UNC paths (Low)
Commits

v20.15.0: 2024-06-20, Version 20.15.0 'Iron' (LTS), @​marco-ippolito

Compare Source

test_runner: support test plans

It is now possible to count the number of assertions and subtests that are expected to run within a test. If the number of assertions and subtests that run does not match the expected count, the test will fail.

test('top level test', (t) => {
  t.plan(2);
  t.assert.ok('some relevant assertion here');
  t.subtest('subtest', () => {});
});

Contributed by Colin Ihrig in #​52860

inspector: introduce the --inspect-wait flag

This release introduces the --inspect-wait flag, which allows debugger to wait for attachement. This flag is useful when you want to debug the code from the beginning. Unlike --inspect-brk, which breaks on the first line, this flag waits for debugger to be connected and then runs the code as soon as a session is established.

Contributed by Kohei Ueno in #​52734

zlib: expose zlib.crc32()

This release exposes the crc32() function from zlib to user-land.

It computes a 32-bit Cyclic Redundancy Check checksum of data. If
value is specified, it is used as the starting value of the checksum,
otherwise, 0 is used as the starting value.

The CRC algorithm is designed to compute checksums and to detect error
in data transmission. It's not suitable for cryptographic authentication.

const zlib = require('node:zlib');
const { Buffer } = require('node:buffer');

let crc = zlib.crc32('hello');  // 907060870
crc = zlib.crc32('world', crc);  // 4192936109

crc = zlib.crc32(Buffer.from('hello', 'utf16le'));  // 1427272415
crc = zlib.crc32(Buffer.from('world', 'utf16le'), crc);  // 4150509955

Contributed by Joyee Cheung in #​52692

cli: allow running wasm in limited vmem with --disable-wasm-trap-handler

By default, Node.js enables trap-handler-based WebAssembly bound
checks. As a result, V8 does not need to insert inline bound checks
int the code compiled from WebAssembly which may speedup WebAssembly
execution significantly, but this optimization requires allocating
a big virtual memory cage (currently 10GB). If the Node.js process
does not have access to a large enough virtual memory address space
due to system configurations or hardware limitations, users won't
be able to run any WebAssembly that involves allocation in this
virtual memory cage and will see an out-of-memory error.

$ ulimit -v 5000000
$ node -p "new WebAssembly.Memory({ initial: 10, maximum: 100 });"
[eval]:1
new WebAssembly.Memory({ initial: 10, maximum: 100 });
^

RangeError: WebAssembly.Memory(): could not allocate memory
    at [eval]:1:1
    at runScriptInThisContext (node:internal/vm:209:10)
    at node:internal/process/execution:118:14
    at [eval]-wrapper:6:24
    at runScript (node:internal/process/execution:101:62)
    at evalScript (node:internal/process/execution:136:3)
    at node:internal/main/eval_string:49:3

--disable-wasm-trap-handler disables this optimization so that
users can at least run WebAssembly (with a less optimial performance)
when the virtual memory address space available to their Node.js
process is lower than what the V8 WebAssembly memory cage needs.

Contributed by Joyee Cheung in #​52766

Other Notable Changes
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

@ibm-mend-app ibm-mend-app bot requested a review from a team as a code owner May 12, 2024 00:37
@ibm-mend-app ibm-mend-app bot force-pushed the whitesource-remediate/node-20.x branch from d6bd292 to 232cbb1 Compare May 29, 2024 00:37
@ibm-mend-app ibm-mend-app bot changed the title chore(deps): update dependency node to v20.13.1 chore(deps): update dependency node to v20.14.0 May 29, 2024
@ibm-mend-app ibm-mend-app bot force-pushed the whitesource-remediate/node-20.x branch from 232cbb1 to cd66a49 Compare June 21, 2024 00:40
@ibm-mend-app ibm-mend-app bot changed the title chore(deps): update dependency node to v20.14.0 chore(deps): update dependency node to v20.15.0 Jun 21, 2024
@github-actions github-actions bot enabled auto-merge (squash) June 21, 2024 00:40
github-actions[bot]
github-actions bot previously approved these changes Jun 21, 2024
@ibm-mend-app ibm-mend-app bot force-pushed the whitesource-remediate/node-20.x branch from cd66a49 to 5d9991e Compare July 9, 2024 00:32
@ibm-mend-app ibm-mend-app bot changed the title chore(deps): update dependency node to v20.15.0 chore(deps): update dependency node to v20.15.1 Jul 9, 2024
github-actions[bot]
github-actions bot previously approved these changes Jul 9, 2024
@ibm-mend-app ibm-mend-app bot changed the title chore(deps): update dependency node to v20.15.1 chore(deps): update dependency node to v20.16.0 Jul 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

0 participants