renovate[bot]
dfdd21685b
chore(deps): update website npm packages ( #3597 )
...
[](https://renovatebot.com )
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
|
[@codemirror/autocomplete](https://togithub.com/codemirror/autocomplete )
| [`^6.12.0` ->
`^6.16.2`](https://renovatebot.com/diffs/npm/@codemirror%2fautocomplete/6.16.2/6.16.2 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| dependencies | patch |
| [@codemirror/commands](https://togithub.com/codemirror/commands ) |
[`^6.3.3` ->
`^6.6.0`](https://renovatebot.com/diffs/npm/@codemirror%2fcommands/6.5.0/6.6.0 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| dependencies | minor |
|
[@codemirror/lang-javascript](https://togithub.com/codemirror/lang-javascript )
| [`^6.2.1` ->
`^6.2.2`](https://renovatebot.com/diffs/npm/@codemirror%2flang-javascript/6.2.2/6.2.2 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| dependencies | patch |
| [@codemirror/language](https://togithub.com/codemirror/language ) |
[`^6.10.0` ->
`^6.10.2`](https://renovatebot.com/diffs/npm/@codemirror%2flanguage/6.10.1/6.10.2 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| dependencies | patch |
| [@codemirror/lint](https://togithub.com/codemirror/lint ) | [`^6.4.2`
->
`^6.8.0`](https://renovatebot.com/diffs/npm/@codemirror%2flint/6.8.0/6.8.0 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| dependencies | patch |
| [@codemirror/state](https://togithub.com/codemirror/state ) | [`^6.4.0`
->
`^6.4.1`](https://renovatebot.com/diffs/npm/@codemirror%2fstate/6.4.1/6.4.1 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| dependencies | patch |
| [@codemirror/view](https://togithub.com/codemirror/view ) | [`^6.23.0`
->
`^6.27.0`](https://renovatebot.com/diffs/npm/@codemirror%2fview/6.26.3/6.27.0 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| dependencies | minor |
| [node](https://nodejs.org )
([source](https://togithub.com/nodejs/node )) | [`>=16.13.0` ->
`>=16.20.2`](https://renovatebot.com/diffs/npm/node/v16.13.0/v16.20.2 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| engines | minor |
| [pnpm](https://pnpm.io ) ([source](https://togithub.com/pnpm/pnpm )) |
[`9.1.4` -> `9.2.0`](https://renovatebot.com/diffs/npm/pnpm/9.1.4/9.2.0 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| packageManager | minor |
| [pnpm](https://pnpm.io ) ([source](https://togithub.com/pnpm/pnpm )) |
[`>=8.0.0` ->
`>=8.15.8`](https://renovatebot.com/diffs/npm/pnpm/8.0.0/8.15.8 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| engines | minor |
| [vite](https://vitejs.dev )
([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite )) |
[`^5.0.12` ->
`^5.2.13`](https://renovatebot.com/diffs/npm/vite/5.2.12/5.2.13 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | patch |
---
### Release Notes
<details>
<summary>codemirror/commands (@​codemirror/commands)</summary>
###
[`v6.6.0`](https://togithub.com/codemirror/commands/blob/HEAD/CHANGELOG.md#660-2024-06-04 )
[Compare
Source](https://togithub.com/codemirror/commands/compare/6.5.0...6.6.0 )
##### New features
The new `toggleTabFocusMode` and `temporarilySetTabFocusMode` commands
provide control over the view's tab-focus mode.
The default keymap now binds Ctrl-m (Shift-Alt-m on macOS) to
`toggleTabFocusMode`.
</details>
<details>
<summary>codemirror/language (@​codemirror/language)</summary>
###
[`v6.10.2`](https://togithub.com/codemirror/language/blob/HEAD/CHANGELOG.md#6102-2024-06-03 )
[Compare
Source](https://togithub.com/codemirror/language/compare/6.10.1...6.10.2 )
##### Bug fixes
Fix an infinite loop that could occur when enabling `bidiIsolates` in
documents with both bidirectional text and very long lines.
</details>
<details>
<summary>codemirror/view (@​codemirror/view)</summary>
###
[`v6.27.0`](https://togithub.com/codemirror/view/blob/HEAD/CHANGELOG.md#6270-2024-06-04 )
[Compare
Source](https://togithub.com/codemirror/view/compare/6.26.4...6.27.0 )
##### New features
The new `setTabFocusMode` method can be used to control whether the
editor disables key bindings for Tab and Shift-Tab.
###
[`v6.26.4`](https://togithub.com/codemirror/view/blob/HEAD/CHANGELOG.md#6264-2024-06-04 )
[Compare
Source](https://togithub.com/codemirror/view/compare/6.26.3...6.26.4 )
##### Bug fixes
Fix an issue where commands with an optional second argument would get
the keyboard event in that argument when called from a keymap.
Fix an issue that could cause the cursor to be rendered on the wrong
side of a zero-length block widget.
Fix an issue where `drawSelection` got confused by block widgets in
line-wrapped editors in some situations.
Don't hide the native selection in widgets that have focus.
Make sure that clicking an unfocusable editor still remove focus from
any other focused elements.
Fix a crash when loading the package in a non-browser environment.
Stop mouse selection when the user types.
</details>
<details>
<summary>nodejs/node (node)</summary>
###
[`v16.20.2`](https://togithub.com/nodejs/node/releases/tag/v16.20.2 ):
2023-08-09, Version 16.20.2 'Gallium' (LTS), @​RafaelGSS
[Compare
Source](https://togithub.com/nodejs/node/compare/v16.20.1...v16.20.2 )
This is a security release.
##### Notable Changes
The following CVEs are fixed in this release:
-
[CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002 ):
Policies can be bypassed via Module.\_load (High)
-
[CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006 ):
Policies can be bypassed by module.constructor.createRequire (Medium)
-
[CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559 ):
Policies can be bypassed via process.binding (Medium)
- OpenSSL Security Releases
- [OpenSSL security advisory 14th
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html ).
- [OpenSSL security advisory 19th
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html ).
- [OpenSSL security advisory 31st
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html )
More detailed information on each of the vulnerabilities can be found in
[August 2023 Security
Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/ )
blog post.
##### Commits
- \[[`40c3958a5a`](https://togithub.com/nodejs/node/commit/40c3958a5a )]
- **deps**: update archs files for OpenSSL-1.1.1v (RafaelGSS)
[#​49043](https://togithub.com/nodejs/node/pull/49043 )
- \[[`a9ac9da89a`](https://togithub.com/nodejs/node/commit/a9ac9da89a )]
- **deps**: fix openssl crypto clean (RafaelGSS)
[#​49043](https://togithub.com/nodejs/node/pull/49043 )
- \[[`362d4c7494`](https://togithub.com/nodejs/node/commit/362d4c7494 )]
- **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1v (RafaelGSS)
[#​49043](https://togithub.com/nodejs/node/pull/49043 )
- \[[`d8ccfe9ad4`](https://togithub.com/nodejs/node/commit/d8ccfe9ad4 )]
- **policy**: handle Module.constructor and main.extensions bypass
(RafaelGSS)
[nodejs-private/node-private#445 ](https://togithub.com/nodejs-private/node-private/pull/445 )
- \[[`242aaa0caa`](https://togithub.com/nodejs/node/commit/242aaa0caa )]
- **policy**: disable process.binding() when enabled (Tobias Nießen)
[nodejs-private/node-private#459 ](https://togithub.com/nodejs-private/node-private/pull/459 )
###
[`v16.20.1`](https://togithub.com/nodejs/node/releases/tag/v16.20.1 ):
2023-06-20, Version 16.20.1 'Gallium' (LTS), @​RafaelGSS
[Compare
Source](https://togithub.com/nodejs/node/compare/v16.20.0...v16.20.1 )
This is a security release.
##### Notable Changes
The following CVEs are fixed in this release:
-
[CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581 ):
`mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
-
[CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585 ):
Privilege escalation via Malicious Registry Key manipulation during
Node.js installer repair process (Medium)
-
[CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588 ):
Process interuption due to invalid Public Key information in x509
certificates (Medium)
-
[CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589 ):
HTTP Request Smuggling via Empty headers separated by CR (Medium)
-
[CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590 ):
DiffieHellman does not generate keys after setting a private key
(Medium)
- OpenSSL Security Releases
- [OpenSSL security advisory 28th
March](https://www.openssl.org/news/secadv/20230328.txt ).
- [OpenSSL security advisory 20th
April](https://www.openssl.org/news/secadv/20230420.txt ).
- [OpenSSL security advisory 30th
May](https://www.openssl.org/news/secadv/20230530.txt )
- c-ares vulnerabilities:
-
[GHSA-9g78-jv2r-p7vc](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc )
-
[GHSA-8r8p-23f3-64c2](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 )
-
[GHSA-54xr-f67r-4pc4](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 )
-
[GHSA-x6mf-cxr9-8q6v](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v )
More detailed information on each of the vulnerabilities can be found in
[June 2023 Security
Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/ )
blog post.
##### Commits
- \[[`5a92ea7a3b`](https://togithub.com/nodejs/node/commit/5a92ea7a3b )]
- **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen)
- \[[`5df04e893a`](https://togithub.com/nodejs/node/commit/5df04e893a )]
- **deps**: set `CARES_RANDOM_FILE` for c-ares (Richard Lau)
[#​48156](https://togithub.com/nodejs/node/pull/48156 )
- \[[`c171cbd124`](https://togithub.com/nodejs/node/commit/c171cbd124 )]
- **deps**: update c-ares to 1.19.1 (RafaelGSS)
[#​48115](https://togithub.com/nodejs/node/pull/48115 )
- \[[`155d3aac02`](https://togithub.com/nodejs/node/commit/155d3aac02 )]
- **deps**: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS)
[#​48369](https://togithub.com/nodejs/node/pull/48369 )
- \[[`8d4c8f8ebe`](https://togithub.com/nodejs/node/commit/8d4c8f8ebe )]
- **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1u (RafaelGSS)
[#​48369](https://togithub.com/nodejs/node/pull/48369 )
- \[[`1a5c9284eb`](https://togithub.com/nodejs/node/commit/1a5c9284eb )]
- **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen)
[nodejs-private/node-private#426 ](https://togithub.com/nodejs-private/node-private/pull/426 )
- \[[`e42ff4b018`](https://togithub.com/nodejs/node/commit/e42ff4b018 )]
- **http**: disable request smuggling via empty headers (Paolo Insogna)
[nodejs-private/node-private#429 ](https://togithub.com/nodejs-private/node-private/pull/429 )
- \[[`10042683c8`](https://togithub.com/nodejs/node/commit/10042683c8 )]
- **msi**: do not create AppData\Roaming\npm (Tobias Nießen)
[nodejs-private/node-private#408 ](https://togithub.com/nodejs-private/node-private/pull/408 )
- \[[`a6f4e87bc9`](https://togithub.com/nodejs/node/commit/a6f4e87bc9 )]
- **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS)
[nodejs-private/node-private#416 ](https://togithub.com/nodejs-private/node-private/pull/416 )
- \[[`b77000f4d7`](https://togithub.com/nodejs/node/commit/b77000f4d7 )]
- **test**: allow SIGBUS in signal-handler abort test (Michaël Zasso)
[#​47851](https://togithub.com/nodejs/node/pull/47851 )
###
[`v16.20.0`](https://togithub.com/nodejs/node/releases/tag/v16.20.0 ):
2023-03-29, Version 16.20.0 'Gallium' (LTS),
@​BethGriggs
[Compare
Source](https://togithub.com/nodejs/node/compare/v16.19.1...v16.20.0 )
##### Notable Changes
- **deps:**
- update undici to 5.20.0 (Node.js GitHub Bot)
[#​46711](https://togithub.com/nodejs/node/pull/46711 )
- update c-ares to 1.19.0 (Michaël Zasso)
[#​46415](https://togithub.com/nodejs/node/pull/46415 )
- upgrade npm to 8.19.4 (npm team)
[#​46677](https://togithub.com/nodejs/node/pull/46677 )
- update corepack to 0.17.0 (Node.js GitHub Bot)
[#​46842](https://togithub.com/nodejs/node/pull/46842 )
- **(SEMVER-MINOR)** **src**: add support for externally shared js
builtins (Michael Dawson)
[#​44376](https://togithub.com/nodejs/node/pull/44376 )
##### Commits
- \[[`de6dd67790`](https://togithub.com/nodejs/node/commit/de6dd67790 )]
- **crypto**: avoid hang when no algorithm available (Richard Lau)
[#​46237](https://togithub.com/nodejs/node/pull/46237 )
- \[[`4617512788`](https://togithub.com/nodejs/node/commit/4617512788 )]
- **crypto**: ensure auth tag set for chacha20-poly1305 (Ben Noordhuis)
[#​46185](https://togithub.com/nodejs/node/pull/46185 )
- \[[`24972164fc`](https://togithub.com/nodejs/node/commit/24972164fc )]
- **deps**: update undici to 5.20.0 (Node.js GitHub Bot)
[#​46711](https://togithub.com/nodejs/node/pull/46711 )
- \[[`85f88c6a8d`](https://togithub.com/nodejs/node/commit/85f88c6a8d )]
- **deps**: V8: cherry-pick
[`90be99f`](https://togithub.com/nodejs/node/commit/90be99fab31c )
(Michaël Zasso)
[#​46646](https://togithub.com/nodejs/node/pull/46646 )
- \[[`b4ebe6d47b`](https://togithub.com/nodejs/node/commit/b4ebe6d47b )]
- **deps**: update c-ares to 1.19.0 (Michaël Zasso)
[#​46415](https://togithub.com/nodejs/node/pull/46415 )
- \[[`56cbc7fdda`](https://togithub.com/nodejs/node/commit/56cbc7fdda )]
- **deps**: V8: cherry-pick
[`c2792e5`](https://togithub.com/nodejs/node/commit/c2792e58035f )
(Jiawen Geng)
[#​44961](https://togithub.com/nodejs/node/pull/44961 )
- \[[`7af9bdb31e`](https://togithub.com/nodejs/node/commit/7af9bdb31e )]
- **deps**: upgrade npm to 8.19.4 (npm team)
[#​46677](https://togithub.com/nodejs/node/pull/46677 )
- \[[`962a7471b5`](https://togithub.com/nodejs/node/commit/962a7471b5 )]
- **deps**: update corepack to 0.17.0 (Node.js GitHub Bot)
[#​46842](https://togithub.com/nodejs/node/pull/46842 )
- \[[`748bc96e35`](https://togithub.com/nodejs/node/commit/748bc96e35 )]
- **deps**: update corepack to 0.16.0 (Node.js GitHub Bot)
[#​46710](https://togithub.com/nodejs/node/pull/46710 )
- \[[`a467782499`](https://togithub.com/nodejs/node/commit/a467782499 )]
- **deps**: update corepack to 0.15.3 (Node.js GitHub Bot)
[#​46037](https://togithub.com/nodejs/node/pull/46037 )
- \[[`1913b6763d`](https://togithub.com/nodejs/node/commit/1913b6763d )]
- **deps**: update corepack to 0.15.2 (Node.js GitHub Bot)
[#​45635](https://togithub.com/nodejs/node/pull/45635 )
- \[[`809371a15f`](https://togithub.com/nodejs/node/commit/809371a15f )]
- **module**: require.resolve.paths returns null with node schema
(MURAKAMI Masahiko)
[#​45147](https://togithub.com/nodejs/node/pull/45147 )
- \[[`086bb2f8d4`](https://togithub.com/nodejs/node/commit/086bb2f8d4 )]
- ***Revert*** "**src**: let http2 streams end after session close"
(Rich Trott)
[#​46721](https://togithub.com/nodejs/node/pull/46721 )
- \[[`6a01d39120`](https://togithub.com/nodejs/node/commit/6a01d39120 )]
- **(SEMVER-MINOR)** **src**: add support for externally shared js
builtins (Michael Dawson)
[#​44376](https://togithub.com/nodejs/node/pull/44376 )
- \[[`d081032a60`](https://togithub.com/nodejs/node/commit/d081032a60 )]
- **test**: fix test-net-connect-reset-until-connected (Vita Batrla)
[#​46781](https://togithub.com/nodejs/node/pull/46781 )
- \[[`efe1be47ec`](https://togithub.com/nodejs/node/commit/efe1be47ec )]
- **test**: skip test depending on `overlapped-checker` when not
available (Antoine du Hamel)
[#​45015](https://togithub.com/nodejs/node/pull/45015 )
- \[[`fc47d58abe`](https://togithub.com/nodejs/node/commit/fc47d58abe )]
- **test**: remove cjs loader from stack traces (Geoffrey Booth)
[#​44197](https://togithub.com/nodejs/node/pull/44197 )
- \[[`cf76d0790d`](https://togithub.com/nodejs/node/commit/cf76d0790d )]
- **test**: fix WPT title when no META title is present (Filip Skokan)
[#​46804](https://togithub.com/nodejs/node/pull/46804 )
- \[[`0d1485b924`](https://togithub.com/nodejs/node/commit/0d1485b924 )]
- **test**: fix default WPT titles (Filip Skokan)
[#​46778](https://togithub.com/nodejs/node/pull/46778 )
- \[[`088e9cde3d`](https://togithub.com/nodejs/node/commit/088e9cde3d )]
- **test**: add WPTRunner support for variants and generating WPT
reports (Filip Skokan)
[#​46498](https://togithub.com/nodejs/node/pull/46498 )
- \[[`908c4dff44`](https://togithub.com/nodejs/node/commit/908c4dff44 )]
- **test**: mark test-crypto-key-objects flaky on Linux (Richard Lau)
[#​46684](https://togithub.com/nodejs/node/pull/46684 )
- \[[`768e56227e`](https://togithub.com/nodejs/node/commit/768e56227e )]
- **tools**: make `utils.SearchFiles` deterministic (Bruno Pitrus)
[#​44496](https://togithub.com/nodejs/node/pull/44496 )
###
[`v16.19.1`](https://togithub.com/nodejs/node/releases/tag/v16.19.1 ):
2023-02-16, Version 16.19.1 'Gallium' (LTS),
@​richardlau
[Compare
Source](https://togithub.com/nodejs/node/compare/v16.19.0...v16.19.1 )
This is a security release.
##### Notable Changes
The following CVEs are fixed in this release:
-
**[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918 )**:
Node.js Permissions policies can be bypassed via process.mainModule
(High)
-
**[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919 )**:
Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
-
**[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920 )**:
Node.js insecure loading of ICU data through ICU_DATA environment
variable (Low)
Fixed by an update to undici:
-
**[CVE-2023-23936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23936 )**:
Fetch API in Node.js did not protect against CRLF injection in host
headers (Medium)
- See
<https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff >
for more information.
-
**[CVE-2023-24807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24807 )**:
Regular Expression Denial of Service in Headers in Node.js fetch API
(Low)
- See
<https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w >
for more information.
More detailed information on each of the vulnerabilities can be found in
[February 2023 Security
Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/ )
blog post.
This security release includes OpenSSL security updates as outlined in
the recent
[OpenSSL security
advisory](https://www.openssl.org/news/secadv/20230207.txt ).
##### Commits
- \[[`7fef050447`](https://togithub.com/nodejs/node/commit/7fef050447 )]
- **build**: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS)
[nodejs-private/node-private#374 ](https://togithub.com/nodejs-private/node-private/pull/374 )
- \[[`b558e9f476`](https://togithub.com/nodejs/node/commit/b558e9f476 )]
- **crypto**: clear OpenSSL error on invalid ca cert (RafaelGSS)
[nodejs-private/node-private#375 ](https://togithub.com/nodejs-private/node-private/pull/375 )
- \[[`160adb7ffc`](https://togithub.com/nodejs/node/commit/160adb7ffc )]
- **crypto**: clear OpenSSL error queue after calling
X509\_check_private_key() (Filip Skokan)
[#​45495](https://togithub.com/nodejs/node/pull/45495 )
- \[[`d0ece30948`](https://togithub.com/nodejs/node/commit/d0ece30948 )]
- **crypto**: clear OpenSSL error queue after calling X509\_verify()
(Takuro Sato)
[#​45377](https://togithub.com/nodejs/node/pull/45377 )
- \[[`2d9ae4f184`](https://togithub.com/nodejs/node/commit/2d9ae4f184 )]
- **deps**: update undici to v5.19.1 (Matteo Collina)
[nodejs-private/node-private#388 ](https://togithub.com/nodejs-private/node-private/pull/388 )
- \[[`d80e8312fd`](https://togithub.com/nodejs/node/commit/d80e8312fd )]
- **deps**: cherry-pick Windows ARM64 fix for openssl (Richard Lau)
[#​46568](https://togithub.com/nodejs/node/pull/46568 )
- \[[`de5c8d2c2f`](https://togithub.com/nodejs/node/commit/de5c8d2c2f )]
- **deps**: update archs files for quictls/openssl-1.1.1t+quic
(RafaelGSS) [#​46568](https://togithub.com/nodejs/node/pull/46568 )
- \[[`1a8ccfe908`](https://togithub.com/nodejs/node/commit/1a8ccfe908 )]
- **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1t+quic
(RafaelGSS) [#​46568](https://togithub.com/nodejs/node/pull/46568 )
- \[[`693789780b`](https://togithub.com/nodejs/node/commit/693789780b )]
- **doc**: clarify release notes for Node.js 16.19.0 (Richard Lau)
[#​45846](https://togithub.com/nodejs/node/pull/45846 )
- \[[`f95ef064f4`](https://togithub.com/nodejs/node/commit/f95ef064f4 )]
- **lib**: makeRequireFunction patch when experimental policy
(RafaelGSS)
[nodejs-private/node-private#358 ](https://togithub.com/nodejs-private/node-private/pull/358 )
- \[[`b02d895137`](https://togithub.com/nodejs/node/commit/b02d895137 )]
- **policy**: makeRequireFunction on mainModule.require (RafaelGSS)
[nodejs-private/node-private#358 ](https://togithub.com/nodejs-private/node-private/pull/358 )
- \[[`d7f83c420c`](https://togithub.com/nodejs/node/commit/d7f83c420c )]
- **test**: avoid left behind child processes (Richard Lau)
[#​46276](https://togithub.com/nodejs/node/pull/46276 )
###
[`v16.19.0`](https://togithub.com/nodejs/node/releases/tag/v16.19.0 ):
2022-12-13, Version 16.19.0 'Gallium' (LTS),
@​richardlau
[Compare
Source](https://togithub.com/nodejs/node/compare/v16.18.1...v16.19.0 )
##### Notable Changes
##### OpenSSL 1.1.1s
This update is a bugfix release and does not address any security
vulnerabilities.
##### Root certificates updated to NSS 3.85
Certificates added:
- Autoridad de Certificacion Firmaprofesional CIF
[`A626340`](https://togithub.com/nodejs/node/commit/A62634068 )
- Certainly Root E1
- Certainly Root R1
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- HiPKI Root CA - G1
- ISRG Root X2
- Security Communication ECC RootCA1
- Security Communication RootCA3
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
Certificates removed:
- Cybertrust Global Root
- DST Root CA X3
- GlobalSign Root CA - R2
- Hellenic Academic and Research Institutions RootCA 2011
##### Time zone update to 2022f
Time zone data has been updated to 2022f. This includes changes to
Daylight
Savings Time (DST) for Fiji and Mexico. For more information, see
<https://mm.icann.org/pipermail/tz-announce/2022-October/000075.html >.
##### Other Notable Changes
- \[[`33707dcd03`](https://togithub.com/nodejs/node/commit/33707dcd03 )]
- **dgram**: add dgram send queue info (theanarkh)
[#​44149](https://togithub.com/nodejs/node/pull/44149 )
Dependency updates:
- \[[`3b2b70d792`](https://togithub.com/nodejs/node/commit/3b2b70d792 )]
- **deps**: upgrade npm to 8.19.3 (npm team)
[#​45322](https://togithub.com/nodejs/node/pull/45322 )
Experimental features:
- \[[`1e0dcd1ee0`](https://togithub.com/nodejs/node/commit/1e0dcd1ee0 )]
- **cli**: add `--watch` (Moshe Atlow)
[#​44366](https://togithub.com/nodejs/node/pull/44366 )
- \[[`8c73279ebb`](https://togithub.com/nodejs/node/commit/8c73279ebb )]
- **util**: add default value option to parsearg (Manuel Spigolon)
[#​44631](https://togithub.com/nodejs/node/pull/44631 )
##### Commits
- \[[`bbef3c42f6`](https://togithub.com/nodejs/node/commit/bbef3c42f6 )]
- **build**: add version info to timezone update PR (Darshan Sen)
[#​45021](https://togithub.com/nodejs/node/pull/45021 )
- \[[`cc2c7648e0`](https://togithub.com/nodejs/node/commit/cc2c7648e0 )]
- **build**: support Python 3.11 (Luigi Pinca)
[#​45191](https://togithub.com/nodejs/node/pull/45191 )
- \[[`ac24c80663`](https://togithub.com/nodejs/node/commit/ac24c80663 )]
- **build**: remove redundant condition from common.gypi (Richard Lau)
[#​45076](https://togithub.com/nodejs/node/pull/45076 )
- \[[`03dcbe3030`](https://togithub.com/nodejs/node/commit/03dcbe3030 )]
- **build**: fix bad upstream merge (Stephen Gallagher)
[#​44642](https://togithub.com/nodejs/node/pull/44642 )
- \[[`1e0dcd1ee0`](https://togithub.com/nodejs/node/commit/1e0dcd1ee0 )]
- **cli**: add `--watch` (Moshe Atlow)
[#​44366](https://togithub.com/nodejs/node/pull/44366 )
- \[[`96d131665e`](https://togithub.com/nodejs/node/commit/96d131665e )]
- **cluster**: use inspector utils (Moshe Atlow)
[#​44592](https://togithub.com/nodejs/node/pull/44592 )
- \[[`704836033a`](https://togithub.com/nodejs/node/commit/704836033a )]
- **crypto**: update root certificates (Luigi Pinca)
[#​45490](https://togithub.com/nodejs/node/pull/45490 )
- \[[`5a776d4a69`](https://togithub.com/nodejs/node/commit/5a776d4a69 )]
- **deps**: update timezone to 2022f (Richard Lau)
[#​45613](https://togithub.com/nodejs/node/pull/45613 )
- \[[`3b2b70d792`](https://togithub.com/nodejs/node/commit/3b2b70d792 )]
- **deps**: upgrade npm to 8.19.3 (npm team)
[#​45322](https://togithub.com/nodejs/node/pull/45322 )
- \[[`9fbc8b21db`](https://togithub.com/nodejs/node/commit/9fbc8b21db )]
- **deps**: update corepack to 0.15.1 (Node.js GitHub Bot)
[#​45331](https://togithub.com/nodejs/node/pull/45331 )
- \[[`87e3d002ca`](https://togithub.com/nodejs/node/commit/87e3d002ca )]
- **deps**: update corepack to 0.15.0 (Node.js GitHub Bot)
[#​45235](https://togithub.com/nodejs/node/pull/45235 )
- \[[`e972ff7b13`](https://togithub.com/nodejs/node/commit/e972ff7b13 )]
- **deps**: V8: backport
[`bbd800c`](https://togithub.com/nodejs/node/commit/bbd800c6e359 )
(Chengzhong Wu)
[#​44947](https://togithub.com/nodejs/node/pull/44947 )
- \[[`af9d8217c0`](https://togithub.com/nodejs/node/commit/af9d8217c0 )]
- **deps**: V8: cherry-pick
[`b953542`](https://togithub.com/nodejs/node/commit/b95354290941 )
(Chengzhong Wu)
[#​44947](https://togithub.com/nodejs/node/pull/44947 )
- \[[`38202d321b`](https://togithub.com/nodejs/node/commit/38202d321b )]
- **deps**: update undici to 5.12.0 (Node.js GitHub Bot)
[#​45236](https://togithub.com/nodejs/node/pull/45236 )
- \[[`7c0da6adf9`](https://togithub.com/nodejs/node/commit/7c0da6adf9 )]
- **deps**: update archs files for OpenSSL-1.1.1s (RafaelGSS)
[#​45274](https://togithub.com/nodejs/node/pull/45274 )
- \[[`1149ead6f7`](https://togithub.com/nodejs/node/commit/1149ead6f7 )]
- **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1s (RafaelGSS)
[#​45274](https://togithub.com/nodejs/node/pull/45274 )
- \[[`cd54bce4f5`](https://togithub.com/nodejs/node/commit/cd54bce4f5 )]
- **deps**: update timezone (Node.js GitHub Bot)
[#​44950](https://togithub.com/nodejs/node/pull/44950 )
- \[[`2901abe4f0`](https://togithub.com/nodejs/node/commit/2901abe4f0 )]
- **deps**: update undici to 5.11.0 (Node.js GitHub Bot)
[#​44929](https://togithub.com/nodejs/node/pull/44929 )
- \[[`c80cf97033`](https://togithub.com/nodejs/node/commit/c80cf97033 )]
- **deps**: update corepack to 0.14.2 (Node.js GitHub Bot)
[#​44775](https://togithub.com/nodejs/node/pull/44775 )
- \[[`33707dcd03`](https://togithub.com/nodejs/node/commit/33707dcd03 )]
- **dgram**: add dgram send queue info (theanarkh)
[#​44149](https://togithub.com/nodejs/node/pull/44149 )
- \[[`c708d9bb94`](https://togithub.com/nodejs/node/commit/c708d9bb94 )]
- **doc**: fix typo in parseArgs default value (Tobias Nießen)
[#​45083](https://togithub.com/nodejs/node/pull/45083 )
- \[[`5a0efa05d2`](https://togithub.com/nodejs/node/commit/5a0efa05d2 )]
- **node-api**: handle no support for external buffers (Michael Dawson)
[#​45181](https://togithub.com/nodejs/node/pull/45181 )
- \[[`db31de634e`](https://togithub.com/nodejs/node/commit/db31de634e )]
- **readline**: refactor to avoid unsafe regex primordials (Antoine du
Hamel) [#​43475](https://togithub.com/nodejs/node/pull/43475 )
- \[[`fbc52e5729`](https://togithub.com/nodejs/node/commit/fbc52e5729 )]
- **src**: disambiguate terms used to refer to builtins and addons
(Joyee Cheung)
[#​44135](https://togithub.com/nodejs/node/pull/44135 )
- \[[`953072d3db`](https://togithub.com/nodejs/node/commit/953072d3db )]
- **src**: let http2 streams end after session close (Santiago Gimeno)
[#​45153](https://togithub.com/nodejs/node/pull/45153 )
- \[[`54608d8dc3`](https://togithub.com/nodejs/node/commit/54608d8dc3 )]
- **src**: split property helpers from node::Environment (Chengzhong Wu)
[#​44056](https://togithub.com/nodejs/node/pull/44056 )
- \[[`6733556783`](https://togithub.com/nodejs/node/commit/6733556783 )]
- **test**: add test to validate changelogs for releases (Richard Lau)
[#​45325](https://togithub.com/nodejs/node/pull/45325 )
- \[[`821d832cef`](https://togithub.com/nodejs/node/commit/821d832cef )]
- **test**: mark test-watch-mode\* as flaky on all platforms (Pierrick
Bouvier) [#​45049](https://togithub.com/nodejs/node/pull/45049 )
- \[[`02a18eac69`](https://togithub.com/nodejs/node/commit/02a18eac69 )]
- **test**: fix test-runner-inspect (Moshe Atlow)
[#​44620](https://togithub.com/nodejs/node/pull/44620 )
- \[[`197df63f74`](https://togithub.com/nodejs/node/commit/197df63f74 )]
- **test**: add a test to ensure the correctness of timezone upgrades
(Darshan Sen)
[#​45299](https://togithub.com/nodejs/node/pull/45299 )
- \[[`42e9d8016a`](https://togithub.com/nodejs/node/commit/42e9d8016a )]
- **test**: fix textdecoder test for small-icu builds (Richard Lau)
[#​45225](https://togithub.com/nodejs/node/pull/45225 )
- \[[`6d736a56d8`](https://togithub.com/nodejs/node/commit/6d736a56d8 )]
- **test**: fix watch mode test flake (Moshe Atlow)
[#​44739](https://togithub.com/nodejs/node/pull/44739 )
- \[[`543d3d2bf3`](https://togithub.com/nodejs/node/commit/543d3d2bf3 )]
- **test**: deflake watch mode tests (Moshe Atlow)
[#​44621](https://togithub.com/nodejs/node/pull/44621 )
- \[[`97f6caf4eb`](https://togithub.com/nodejs/node/commit/97f6caf4eb )]
- **test**: split watch mode inspector tests to sequential (Moshe Atlow)
[#​44551](https://togithub.com/nodejs/node/pull/44551 )
- \[[`499750ff7a`](https://togithub.com/nodejs/node/commit/499750ff7a )]
- **test**: update list of known globals (Antoine du Hamel)
[#​45255](https://togithub.com/nodejs/node/pull/45255 )
- \[[`64d343af74`](https://togithub.com/nodejs/node/commit/64d343af74 )]
- **test_runner**: support using `--inspect` with `--test` (Moshe Atlow)
[#​44520](https://togithub.com/nodejs/node/pull/44520 )
- \[[`99ee5e484d`](https://togithub.com/nodejs/node/commit/99ee5e484d )]
- **test_runner**: fix `duration_ms` to be milliseconds (Moshe Atlow)
[#​44450](https://togithub.com/nodejs/node/pull/44450 )
- \[[`37e909251c`](https://togithub.com/nodejs/node/commit/37e909251c )]
- **test_runner**: support programmatically running `--test` (Moshe
Atlow) [#​44241](https://togithub.com/nodejs/node/pull/44241 )
- \[[`0ae5694f88`](https://togithub.com/nodejs/node/commit/0ae5694f88 )]
- **tools**: update certdata.txt (Luigi Pinca)
[#​45490](https://togithub.com/nodejs/node/pull/45490 )
- \[[`891368cefd`](https://togithub.com/nodejs/node/commit/891368cefd )]
- **tools**: remove faulty early termination logic from
update-timezone.mjs (Darshan Sen)
[#​44870](https://togithub.com/nodejs/node/pull/44870 )
- \[[`543493c242`](https://togithub.com/nodejs/node/commit/543493c242 )]
- **tools**: fix timezone update tool (Darshan Sen)
[#​44870](https://togithub.com/nodejs/node/pull/44870 )
- \[[`c77f660b75`](https://togithub.com/nodejs/node/commit/c77f660b75 )]
- **tools**: fix `create-or-update-pull-request-action` hash on GHA
(Antoine du Hamel)
[#​45166](https://togithub.com/nodejs/node/pull/45166 )
- \[[`58c30dd049`](https://togithub.com/nodejs/node/commit/58c30dd049 )]
- **tools**: update gr2m/create-or-update-pull-request-action (Luigi
Pinca) [#​45022](https://togithub.com/nodejs/node/pull/45022 )
- \[[`749a4b3e5e`](https://togithub.com/nodejs/node/commit/749a4b3e5e )]
- **tools**: use Python 3.11 in GitHub Actions workflows (Luigi Pinca)
[#​45191](https://togithub.com/nodejs/node/pull/45191 )
- \[[`6f541d99a5`](https://togithub.com/nodejs/node/commit/6f541d99a5 )]
- **tools**: have test-asan use ubuntu-20.04 (Filip Skokan)
[#​45581](https://togithub.com/nodejs/node/pull/45581 )
- \[[`e7ed56f501`](https://togithub.com/nodejs/node/commit/e7ed56f501 )]
- **tools**: make license-builder.sh comply with shellcheck 0.8.0 (Rich
Trott) [#​41258](https://togithub.com/nodejs/node/pull/41258 )
- \[[`cc819b4bf8`](https://togithub.com/nodejs/node/commit/cc819b4bf8 )]
- **tools**: fix typo in `avoid-prototype-pollution` lint rule (Antoine
du Hamel) [#​44446](https://togithub.com/nodejs/node/pull/44446 )
- \[[`254358c81e`](https://togithub.com/nodejs/node/commit/254358c81e )]
- **tools**: refactor `avoid-prototype-pollution` lint rule (Antoine du
Hamel) [#​43476](https://togithub.com/nodejs/node/pull/43476 )
- \[[`8c73279ebb`](https://togithub.com/nodejs/node/commit/8c73279ebb )]
- **util**: add default value option to parsearg (Manuel Spigolon)
[#​44631](https://togithub.com/nodejs/node/pull/44631 )
###
[`v16.18.1`](https://togithub.com/nodejs/node/releases/tag/v16.18.1 ):
2022-11-04, Version 16.18.1 'Gallium' (LTS),
@​BethGriggs
[Compare
Source](https://togithub.com/nodejs/node/compare/v16.18.0...v16.18.1 )
This is a security release.
##### Notable changes
The following CVEs are fixed in this release:
-
**[CVE-2022-43548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548 )**:
DNS rebinding in --inspect via invalid octal IP address (Medium)
More detailed information on each of the vulnerabilities can be found in
[November 2022 Security
Releases](https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/ )
blog post.
##### Commits
- \[[`9ffddd7098`](https://togithub.com/nodejs/node/commit/9ffddd7098 )]
- **inspector**: harden IP address validation again (Tobias Nießen)
[nodejs-private/node-private#354 ](https://togithub.com/nodejs-private/node-private/pull/354 )
###
[`v16.18.0`](https://togithub.com/nodejs/node/releases/tag/v16.18.0 ):
2022-10-12, Version 16.18.0 'Gallium' (LTS), @​juanarbol
[Compare
Source](https://togithub.com/nodejs/node/compare/v16.17.1...v16.18.0 )
##### Notable changes
- \[[`1cc050eaa8`](https://togithub.com/nodejs/node/commit/1cc050eaa8 )]
- **(SEMVER-MINOR)** **assert**: add `getCalls` and `reset` to
callTracker (Moshe Atlow)
[#​44191](https://togithub.com/nodejs/node/pull/44191 )
- \[[`e5c9975f11`](https://togithub.com/nodejs/node/commit/e5c9975f11 )]
- **(SEMVER-MINOR)** **crypto**: allow zero-length secret KeyObject
(Filip Skokan)
[#​44201](https://togithub.com/nodejs/node/pull/44201 )
- \[[`317cd051ce`](https://togithub.com/nodejs/node/commit/317cd051ce )]
- **(SEMVER-MINOR)** **crypto**: allow zero-length IKM in HKDF and in
webcrypto PBKDF2 (Filip Skokan)
[#​44201](https://togithub.com/nodejs/node/pull/44201 )
- \[[`f80bdc5ef3`](https://togithub.com/nodejs/node/commit/f80bdc5ef3 )]
- **(SEMVER-MINOR)** **doc**: deprecate modp1, modp2, and modp5 groups
(Tobias Nießen)
[#​44588](https://togithub.com/nodejs/node/pull/44588 )
- \[[`8398e98b1b`](https://togithub.com/nodejs/node/commit/8398e98b1b )]
- **(SEMVER-MINOR)** **http**: make idle http parser count configurable
(theanarkh) [#​43974](https://togithub.com/nodejs/node/pull/43974 )
- \[[`2cd2f56962`](https://togithub.com/nodejs/node/commit/2cd2f56962 )]
- **(SEMVER-MINOR)** **http**: throw error on content-length mismatch
(sidwebworks)
[#​44378](https://togithub.com/nodejs/node/pull/44378 )
- \[[`6be761e8a9`](https://togithub.com/nodejs/node/commit/6be761e8a9 )]
- **(SEMVER-MINOR)** **lib**: add diagnostics channel for process and
worker (theanarkh)
[#​44045](https://togithub.com/nodejs/node/pull/44045 )
- \[[`1400796cef`](https://togithub.com/nodejs/node/commit/1400796cef )]
- **(SEMVER-MINOR)** **net,tls**: pass a valid socket on
`tlsClientError` (Daeyeon Jeong)
[#​44021](https://togithub.com/nodejs/node/pull/44021 )
- \[[`092239a7f1`](https://togithub.com/nodejs/node/commit/092239a7f1 )]
- **(SEMVER-MINOR)** **net**: add local family (theanarkh)
[#​43975](https://togithub.com/nodejs/node/pull/43975 )
- \[[`381e11e18e`](https://togithub.com/nodejs/node/commit/381e11e18e )]
- **(SEMVER-MINOR)** **report**: expose report public native apis
(Chengzhong Wu)
[#​44255](https://togithub.com/nodejs/node/pull/44255 )
- \[[`2ba547aa5b`](https://togithub.com/nodejs/node/commit/2ba547aa5b )]
- **(SEMVER-MINOR)** **src**: expose environment RequestInterrupt api
(Chengzhong Wu)
[#​44362](https://togithub.com/nodejs/node/pull/44362 )
- \[[`6ed3367155`](https://togithub.com/nodejs/node/commit/6ed3367155 )]
- **(SEMVER-MINOR)** **stream**: add `ReadableByteStream.tee()` (Daeyeon
Jeong) [#​44505](https://togithub.com/nodejs/node/pull/44505 )
- \[[`0fbedac6ce`](https://togithub.com/nodejs/node/commit/0fbedac6ce )]
- **(SEMVER-MINOR)** **test_runner**: add before/after/each hooks (Moshe
Atlow) [#​43730](https://togithub.com/nodejs/node/pull/43730 )
- \[[`70563b53c5`](https://togithub.com/nodejs/node/commit/70563b53c5 )]
- **(SEMVER-MINOR)** **util**: add `maxArrayLength` option to Set and
Map (Kohei Ueno)
[#​43576](https://togithub.com/nodejs/node/pull/43576 )
##### Commits
- \[[`1cc050eaa8`](https://togithub.com/nodejs/node/commit/1cc050eaa8 )]
- **(SEMVER-MINOR)** **assert**: add `getCalls` and `reset` to
callTracker (Moshe Atlow)
[#​44191](https://togithub.com/nodejs/node/pull/44191 )
- \[[`2e87cdd1e6`](https://togithub.com/nodejs/node/commit/2e87cdd1e6 )]
- **benchmark**: fix startup benchmark (Evan Lucas)
[#​44727](https://togithub.com/nodejs/node/pull/44727 )
- \[[`29c0f9ef30`](https://togithub.com/nodejs/node/commit/29c0f9ef30 )]
- **benchmark**: add stream destroy benchmark (SindreXie)
[#​44533](https://togithub.com/nodejs/node/pull/44533 )
- \[[`f01bb58c1e`](https://togithub.com/nodejs/node/commit/f01bb58c1e )]
- **bootstrap**: update comments in bootstrap/node.js (Joyee Cheung)
[#​44726](https://togithub.com/nodejs/node/pull/44726 )
- \[[`db151e182f`](https://togithub.com/nodejs/node/commit/db151e182f )]
- **bootstrap**: stop delaying instantiation of maps in per-context
scripts (Darshan Sen)
[#​42934](https://togithub.com/nodejs/node/pull/42934 )
- \[[`f700074c57`](https://togithub.com/nodejs/node/commit/f700074c57 )]
- **buffer**: fix `atob` input validation (Austin Kelleher)
[#​42662](https://togithub.com/nodejs/node/pull/42662 )
- \[[`e10095a759`](https://togithub.com/nodejs/node/commit/e10095a759 )]
- **build**: update timezone-update.yml (Alex)
[#​44717](https://togithub.com/nodejs/node/pull/44717 )
- \[[`bec2ede687`](https://togithub.com/nodejs/node/commit/bec2ede687 )]
- **build**: remove redundant entry in crypto (Jiawen Geng)
[#​44604](https://togithub.com/nodejs/node/pull/44604 )
- \[[`7b3a2c3353`](https://togithub.com/nodejs/node/commit/7b3a2c3353 )]
- **build**: rewritten the Android build system (BuShe Pie)
[#​44207](https://togithub.com/nodejs/node/pull/44207 )
- \[[`e96bb14942`](https://togithub.com/nodejs/node/commit/e96bb14942 )]
- **build**: add --libdir flag to configure (Stephen Gallagher)
[#​44361](https://togithub.com/nodejs/node/pull/44361 )
- \[[`2a4491b34d`](https://togithub.com/nodejs/node/commit/2a4491b34d )]
- **build**: added NINJA env to customize ninja binary (Jeff Dickey)
[#​44293](https://togithub.com/nodejs/node/pull/44293 )
- \[[`aaad7a64b4`](https://togithub.com/nodejs/node/commit/aaad7a64b4 )]
- **build**: enable pointer authentication for branch protection on
arm64 (Jeremiah Gowdy)
[#​43200](https://togithub.com/nodejs/node/pull/43200 )
- \[[`041bb54143`](https://togithub.com/nodejs/node/commit/041bb54143 )]
- **build**: add workflow to label flaky-test platform (Rafael Gonzaga)
[#​44042](https://togithub.com/nodejs/node/pull/44042 )
- \[[`58d85c1109`](https://togithub.com/nodejs/node/commit/58d85c1109 )]
- **build**: optimized and fixed building configuration to Android
(BuShe) [#​44016](https://togithub.com/nodejs/node/pull/44016 )
- \[[`5cd8b7bc8b`](https://togithub.com/nodejs/node/commit/5cd8b7bc8b )]
- **build**: allow test-internet on forks if not scheduled (Rich Trott)
[#​44073](https://togithub.com/nodejs/node/pull/44073 )
- \[[`9698be9347`](https://togithub.com/nodejs/node/commit/9698be9347 )]
- **build**: skip test-internet run on forks (Rich Trott)
[#​44054](https://togithub.com/nodejs/node/pull/44054 )
- \[[`25e6f48e4a`](https://togithub.com/nodejs/node/commit/25e6f48e4a )]
- **child_process**: remove lookup of undefined property (Colin Ihrig)
[#​44766](https://togithub.com/nodejs/node/pull/44766 )
- \[[`a3bdd07321`](https://togithub.com/nodejs/node/commit/a3bdd07321 )]
- **cluster**: fix cluster rr distribute error (theanarkh)
[#​44202](https://togithub.com/nodejs/node/pull/44202 )
- \[[`317cd051ce`](https://togithub.com/nodejs/node/commit/317cd051ce )]
- **(SEMVER-MINOR)** **crypto**: allow zero-length IKM in HKDF and in
webcrypto PBKDF2 (Filip Skokan)
[#​44201](https://togithub.com/nodejs/node/pull/44201 )
- \[[`e5c9975f11`](https://togithub.com/nodejs/node/commit/e5c9975f11 )]
- **(SEMVER-MINOR)** **crypto**: allow zero-length secret KeyObject
(Filip Skokan)
[#​44201](https://togithub.com/nodejs/node/pull/44201 )
- \[[`7e705d8d74`](https://togithub.com/nodejs/node/commit/7e705d8d74 )]
- **crypto**: fix webcrypto deriveBits validations (Filip Skokan)
[#​44173](https://togithub.com/nodejs/node/pull/44173 )
- \[[`7ad2a268b9`](https://togithub.com/nodejs/node/commit/7ad2a268b9 )]
- **crypto**: fix webcrypto EC key namedCurve validation errors (Filip
Skokan) [#​44172](https://togithub.com/nodejs/node/pull/44172 )
- \[[`2c938d73ff`](https://togithub.com/nodejs/node/commit/2c938d73ff )]
- **crypto**: fix webcrypto operation errors to be OperationError (Filip
Skokan) [#​44171](https://togithub.com/nodejs/node/pull/44171 )
- \[[`a6e2cb40a6`](https://togithub.com/nodejs/node/commit/a6e2cb40a6 )]
- **crypto**: fix webcrypto generateKey() AES key length validation
error (Filip Skokan)
[#​44170](https://togithub.com/nodejs/node/pull/44170 )
- \[[`7e07cce24b`](https://togithub.com/nodejs/node/commit/7e07cce24b )]
- **crypto**: use EVP_PKEY_CTX_set_dsa_paramgen_q_bits when available
(David Benjamin)
[#​44561](https://togithub.com/nodejs/node/pull/44561 )
- \[[`1fc6394741`](https://togithub.com/nodejs/node/commit/1fc6394741 )]
- **crypto**: restrict PBKDF2 args to signed int (Tobias Nießen)
[#​44575](https://togithub.com/nodejs/node/pull/44575 )
- \[[`9a52ee7577`](https://togithub.com/nodejs/node/commit/9a52ee7577 )]
- **crypto**: handle invalid prepareAsymmetricKey JWK inputs (Filip
Skokan) [#​44475](https://togithub.com/nodejs/node/pull/44475 )
- \[[`7100baee40`](https://togithub.com/nodejs/node/commit/7100baee40 )]
- **crypto**: use actual option name in error message (Tobias Nießen)
[#​44455](https://togithub.com/nodejs/node/pull/44455 )
- \[[`579e066c3a`](https://togithub.com/nodejs/node/commit/579e066c3a )]
- **crypto**: add digest name to INVALID_DIGEST errors (Tobias Nießen)
[#​44468](https://togithub.com/nodejs/node/pull/44468 )
- \[[`566d80f622`](https://togithub.com/nodejs/node/commit/566d80f622 )]
- **crypto**: improve RSA-PSS digest error messages (Tobias Nießen)
[#​44307](https://togithub.com/nodejs/node/pull/44307 )
- \[[`f717c1e06a`](https://togithub.com/nodejs/node/commit/f717c1e06a )]
- **debugger**: decrease timeout used to wait for the port to be free
(Joyee Cheung)
[#​44359](https://togithub.com/nodejs/node/pull/44359 )
- \[[`0f2fcaf771`](https://togithub.com/nodejs/node/commit/0f2fcaf771 )]
- **deps**: update to ngtcp2 0.8.1 and nghttp3 0.7.0 (Tobias Nießen)
[#​44622](https://togithub.com/nodejs/node/pull/44622 )
- \[[`1a8aada69d`](https://togithub.com/nodejs/node/commit/1a8aada69d )]
- **deps**: update corepack to 0.14.1 (Node.js GitHub Bot)
[#​44704](https://togithub.com/nodejs/node/pull/44704 )
- \[[`e4f18b4f34`](https://togithub.com/nodejs/node/commit/e4f18b4f34 )]
- **deps**: update ngtcp2 update instructions (Tobias Nießen)
[#​44619](https://togithub.com/nodejs/node/pull/44619 )
- \[[`21b5ab1494`](https://togithub.com/nodejs/node/commit/21b5ab1494 )]
- **deps**: upgrade npm to 8.19.2 (npm team)
[#​44632](https://togithub.com/nodejs/node/pull/44632 )
- \[[`916b319e7a`](https://togithub.com/nodejs/node/commit/916b319e7a )]
- **deps**: update to uvwasi 0.0.13 (Colin Ihrig)
[#​44524](https://togithub.com/nodejs/node/pull/44524 )
- \[[`67cbbcc902`](https://togithub.com/nodejs/node/commit/67cbbcc902 )]
- **deps**: update corepack to 0.14.0 (Node.js GitHub Bot)
[#​44509](https://togithub.com/nodejs/node/pull/44509 )
- \[[`9f14dc1a8f`](https://togithub.com/nodejs/node/commit/9f14dc1a8f )]
- **deps**: update Acorn to v8.8.0 (Michaël Zasso)
[#​44437](https://togithub.com/nodejs/node/pull/44437 )
- \[[`1811a6aaa8`](https://togithub.com/nodejs/node/commit/1811a6aaa8 )]
- **deps**: update icu tzdata to 2022b (Matías Zúñiga)
[#​44283](https://togithub.com/nodejs/node/pull/44283 )
- \[[`0c4953cbd1`](https://togithub.com/nodejs/node/commit/0c4953cbd1 )]
- **deps**: update undici to 5.9.1 (Node.js GitHub Bot)
[#​44319](https://togithub.com/nodejs/node/pull/44319 )
- \[[`8a921fea74`](https://togithub.com/nodejs/node/commit/8a921fea74 )]
- **deps**: upgrade npm to 8.19.1 (npm team)
[#​44486](https://togithub.com/nodejs/node/pull/44486 )
- \[[`763a63c14b`](https://togithub.com/nodejs/node/commit/763a63c14b )]
- **deps**: update corepack to 0.13.0 (Node.js GitHub Bot)
[#​44318](https://togithub.com/nodejs/node/pull/44318 )
- \[[`fdb699c84a`](https://togithub.com/nodejs/node/commit/fdb699c84a )]
- **deps**: upgrade npm to 8.18.0 (npm team)
[#​44263](https://togithub.com/nodejs/node/pull/44263 )
- \[[`2a44872f96`](https://togithub.com/nodejs/node/commit/2a44872f96 )]
- **deps**: update corepack to 0.12.3 (Node.js GitHub Bot)
[#​44229](https://togithub.com/nodejs/node/pull/44229 )
- \[[`48967e4b34`](https://togithub.com/nodejs/node/commit/48967e4b34 )]
- **deps**: upgrade npm to 8.17.0 (npm team)
[#​44205](https://togithub.com/nodejs/node/pull/44205 )
- \[[`0484122f71`](https://togithub.com/nodejs/node/commit/0484122f71 )]
- **deps**: update undici to 5.8.2 (Node.js GitHub Bot)
[#​44187](https://togithub.com/nodejs/node/pull/44187 )
- \[[`e404ac7eed`](https://togithub.com/nodejs/node/commit/e404ac7eed )]
- **deps**: update undici to 5.8.1 (Node.js GitHub Bot)
[#​44158](https://togithub.com/nodejs/node/pull/44158 )
- \[[`9a5ee5e9e3`](https://togithub.com/nodejs/node/commit/9a5ee5e9e3 )]
- **deps**: update corepack to 0.12.2 (Node.js GitHub Bot)
[#​44159](https://togithub.com/nodejs/node/pull/44159 )
- \[[`3657cb277b`](https://togithub.com/nodejs/node/commit/3657cb277b )]
- **deps**: remove unnecessary file (Brian White)
[#​44133](https://togithub.com/nodejs/node/pull/44133 )
- \[[`d66a807596`](https://togithub.com/nodejs/node/commit/d66a807596 )]
- **deps**: upgrade npm to 8.16.0 (npm team)
[#​44119](https://togithub.com/nodejs/node/pull/44119 )
- \[[`ec998be61c`](https://togithub.com/nodejs/node/commit/ec998be61c )]
- **deps**: upgrade npm to 8.15.1 (npm team)
[#​44013](https://togithub.com/nodejs/node/pull/44013 )
- \[[`e9e856ae95`](https://togithub.com/nodejs/node/commit/e9e856ae95 )]
- **deps**: upgrade base64 to
[`dc6a41c`](https://togithub.com/nodejs/node/commit/dc6a41ce36e ) (Brian
White) [#​44032](https://togithub.com/nodejs/node/pull/44032 )
- \[[`8ea9a71b15`](https://togithub.com/nodejs/node/commit/8ea9a71b15 )]
- **deps,src**: use SIMD for normal base64 encoding (Brian White)
[#​39775](https://togithub.com/nodejs/node/pull/39775 )
- \[[`969a12be4b`](https://togithub.com/nodejs/node/commit/969a12be4b )]
- **doc**: remove "currently" and comma splice from child_process.md
(Rich Trott)
[#​44789](https://togithub.com/nodejs/node/pull/44789 )
- \[[`5e4a2e94a1`](https://togithub.com/nodejs/node/commit/5e4a2e94a1 )]
- **doc**: mention git node backport (RafaelGSS)
[#​44764](https://togithub.com/nodejs/node/pull/44764 )
- \[[`618c9c8260`](https://togithub.com/nodejs/node/commit/618c9c8260 )]
- **doc**: ensure to revert node_version changes (Rafael Gonzaga)
[#​44760](https://togithub.com/nodejs/node/pull/44760 )
- \[[`e0fe11c189`](https://togithub.com/nodejs/node/commit/e0fe11c189 )]
- **doc**: fix description for `napi_get_cb_info()` in `n-api.md`
(Daeyeon Jeong)
[#​44761](https://togithub.com/nodejs/node/pull/44761 )
- \[[`895719da65`](https://togithub.com/nodejs/node/commit/895719da65 )]
- **doc**: fix v16.17.1 security release changelog (Ruy Adorno)
[#​44759](https://togithub.com/nodejs/node/pull/44759 )
- \[[`fe832a0647`](https://togithub.com/nodejs/node/commit/fe832a0647 )]
- **doc**: update the deprecation for exit code to clarify its scope
(Daeyeon Jeong)
[#​44714](https://togithub.com/nodejs/node/pull/44714 )
- \[[`3872abd9a6`](https://togithub.com/nodejs/node/commit/3872abd9a6 )]
- **doc**: update guidance for adding new modules (Michael Dawson)
[#​44576](https://togithub.com/nodejs/node/pull/44576 )
- \[[`f381a1e86a`](https://togithub.com/nodejs/node/commit/f381a1e86a )]
- **doc**: add registry number for Electron 22 (Keeley Hammond)
[#​44748](https://togithub.com/nodejs/node/pull/44748 )
- \[[`8d3cb6c08a`](https://togithub.com/nodejs/node/commit/8d3cb6c08a )]
- **doc**: include code examples for webstreams consumers (Lucas Santos)
[#​44387](https://togithub.com/nodejs/node/pull/44387 )
- \[[`9e83c00e0b`](https://togithub.com/nodejs/node/commit/9e83c00e0b )]
- **doc**: mention where to push security commits (RafaelGSS)
[#​44691](https://togithub.com/nodejs/node/pull/44691 )
- \[[`bc9f8d24ce`](https://togithub.com/nodejs/node/commit/bc9f8d24ce )]
- **doc**: remove extra space on threadpool usage (Connor Burton)
[#​44734](https://togithub.com/nodejs/node/pull/44734 )
- \[[`3e38ba53cc`](https://togithub.com/nodejs/node/commit/3e38ba53cc )]
- **doc**: make legacy banner slightly less bright (Rich Trott)
[#​44665](https://togithub.com/nodejs/node/pull/44665 )
- \[[`0f88588f52`](https://togithub.com/nodejs/node/commit/0f88588f52 )]
- **doc**: improve building doc for Windows Powershell (Brian
Muenzenmeyer)
[#​44625](https://togithub.com/nodejs/node/pull/44625 )
- \[[`5ee0127540`](https://togithub.com/nodejs/node/commit/5ee0127540 )]
- **doc**: maintain only one list of MODP groups (Tobias Nießen)
[#​44644](https://togithub.com/nodejs/node/pull/44644 )
- \[[`6881ecb0e2`](https://togithub.com/nodejs/node/commit/6881ecb0e2 )]
- **doc**: add legendecas to TSC list (Michael Dawson)
[#​44662](https://togithub.com/nodejs/node/pull/44662 )
- \[[`3614f5ace3`](https://togithub.com/nodejs/node/commit/3614f5ace3 )]
- **doc**: remove comma in README.md (Taha-Chaudhry)
[#​44599](https://togithub.com/nodejs/node/pull/44599 )
- \[[`c9af43616c`](https://togithub.com/nodejs/node/commit/c9af43616c )]
- **doc**: use serial comma in report docs (Daeyeon Jeong)
[#​44608](https://togithub.com/nodejs/node/pull/44608 )
- \[[`ff9ef61646`](https://togithub.com/nodejs/node/commit/ff9ef61646 )]
- **doc**: use serial comma in stream docs (Daeyeon Jeong)
[#​44609](https://togithub.com/nodejs/node/pull/44609 )
- \[[`90eaae3ef1`](https://togithub.com/nodejs/node/commit/90eaae3ef1 )]
- **doc**: remove empty line in YAML block (Claudio Wunder)
[#​44617](https://togithub.com/nodejs/node/pull/44617 )
- \[[`f80bdc5ef3`](https://togithub.com/nodejs/node/commit/f80bdc5ef3 )]
- **(SEMVER-MINOR)** **doc**: deprecate modp1, modp2, and modp5 groups
(Tobias Nießen)
[#​44588](https://togithub.com/nodejs/node/pull/44588 )
- \[[`9fac6dd1c1`](https://togithub.com/nodejs/node/commit/9fac6dd1c1 )]
- **doc**: remove old OpenSSL ENGINE constants (Tobias Nießen)
[#​44589](https://togithub.com/nodejs/node/pull/44589 )
- \[[`53543c6d81`](https://togithub.com/nodejs/node/commit/53543c6d81 )]
- **doc**: fix heading levels for test runner hooks (Fabian Meyer)
[#​44603](http
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 10am on monday" in timezone
Asia/Shanghai, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/ ). View
repository job log
[here](https://developer.mend.io/github/oxc-project/oxc ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-09 22:34:30 +00:00
renovate[bot]
2fd433fed7
chore(deps): update rust crates ( #3595 )
...
[](https://renovatebot.com )
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [base64](https://togithub.com/marshallpierce/rust-base64 ) |
workspace.dependencies | patch | `0.22.0` -> `0.22.1` |
| [bpaf](https://togithub.com/pacak/bpaf ) | workspace.dependencies |
patch | `0.9.11` -> `0.9.12` |
| [flate2](https://togithub.com/rust-lang/flate2-rs ) |
workspace.dependencies | patch | `1.0.29` -> `1.0.30` |
| [insta](https://insta.rs/ )
([source](https://togithub.com/mitsuhiko/insta )) |
workspace.dependencies | patch | `1.38.0` -> `1.39.0` |
| [mimalloc](https://togithub.com/purpleprotocol/mimalloc_rust ) |
workspace.dependencies | patch | `0.1.41` -> `0.1.42` |
| [napi](https://togithub.com/napi-rs/napi-rs ) | workspace.dependencies
| patch | `2` -> `2.16.6` |
| [napi-build](https://togithub.com/napi-rs/napi-rs ) |
workspace.dependencies | patch | `2` -> `2.1.3` |
| [napi-derive](https://togithub.com/napi-rs/napi-rs ) |
workspace.dependencies | patch | `2` -> `2.16.5` |
| [num-bigint](https://togithub.com/rust-num/num-bigint ) |
workspace.dependencies | patch | `0.4.4` -> `0.4.5` |
| [num-traits](https://togithub.com/rust-num/num-traits ) |
workspace.dependencies | patch | `0.2.18` -> `0.2.19` |
| [ouroboros](https://togithub.com/someguynamedjosh/ouroboros ) |
workspace.dependencies | patch | `0.18.3` -> `0.18.4` |
| [oxc_resolver](https://togithub.com/oxc-project/oxc-resolver ) |
workspace.dependencies | patch | `1.7.0` -> `1.8.1` |
| [petgraph](https://togithub.com/petgraph/petgraph ) |
workspace.dependencies | patch | `0.6.4` -> `0.6.5` |
| [phf](https://togithub.com/rust-phf/rust-phf ) | workspace.dependencies
| patch | `0.11` -> `0.11.2` |
| [proc-macro2](https://togithub.com/dtolnay/proc-macro2 ) |
workspace.dependencies | patch | `1.0.81` -> `1.0.85` |
| [regex](https://togithub.com/rust-lang/regex ) | workspace.dependencies
| patch | `1.10.4` -> `1.10.5` |
| [serde](https://serde.rs )
([source](https://togithub.com/serde-rs/serde )) | workspace.dependencies
| patch | `1.0.199` -> `1.0.203` |
| [serde_json](https://togithub.com/serde-rs/json ) |
workspace.dependencies | patch | `1.0.116` -> `1.0.117` |
| [textwrap](https://togithub.com/mgeisler/textwrap ) |
workspace.dependencies | patch | `0.16.0` -> `0.16.1` |
| [tokio](https://tokio.rs )
([source](https://togithub.com/tokio-rs/tokio )) | workspace.dependencies
| patch | `1` -> `1.38.0` |
| [tracing-subscriber](https://tokio.rs )
([source](https://togithub.com/tokio-rs/tracing )) |
workspace.dependencies | patch | `0.3` -> `0.3.18` |
| [trybuild](https://togithub.com/dtolnay/trybuild ) |
workspace.dependencies | patch | `1.0.93` -> `1.0.96` |
| [unicode-id-start](https://togithub.com/Boshen/unicode-id-start ) |
workspace.dependencies | patch | `1` -> `1.1.2` |
| [unicode-width](https://togithub.com/unicode-rs/unicode-width ) |
workspace.dependencies | patch | `0.1.12` -> `0.1.13` |
| [wasm-bindgen](https://rustwasm.github.io/ )
([source](https://togithub.com/rustwasm/wasm-bindgen )) |
workspace.dependencies | patch | `0.2` -> `0.2.92` |
---
### Release Notes
<details>
<summary>rust-lang/regex (regex)</summary>
###
[`v1.10.5`](https://togithub.com/rust-lang/regex/blob/HEAD/CHANGELOG.md#1105-2024-06-09 )
[Compare
Source](https://togithub.com/rust-lang/regex/compare/1.10.4...1.10.5 )
\===================
This is a new patch release with some minor fixes.
Bug fixes:
- [BUG #​1203](https://togithub.com/rust-lang/regex/pull/1203 ):
Escape invalid UTF-8 when in the `Debug` impl of `regex::bytes::Match`.
</details>
<details>
<summary>unicode-rs/unicode-width (unicode-width)</summary>
###
[`v0.1.13`](https://togithub.com/unicode-rs/unicode-width/compare/v0.1.12...v0.1.13 )
[Compare
Source](https://togithub.com/unicode-rs/unicode-width/compare/v0.1.12...v0.1.13 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 10am on monday" in timezone
Asia/Shanghai, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/ ). View
repository job log
[here](https://developer.mend.io/github/oxc-project/oxc ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-09 17:56:49 +00:00
renovate[bot]
76cd2ecdc8
chore(deps): update npm packages ( #3593 )
...
[](https://renovatebot.com )
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [axios](https://axios-http.com )
([source](https://togithub.com/axios/axios )) | [`^1.6.8` ->
`^1.7.2`](https://renovatebot.com/diffs/npm/axios/1.7.2/1.7.2 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
| [pnpm](https://pnpm.io ) ([source](https://togithub.com/pnpm/pnpm )) |
[`9.1.4` -> `9.2.0`](https://renovatebot.com/diffs/npm/pnpm/9.1.4/9.2.0 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
| [tar](https://togithub.com/isaacs/node-tar ) | [`^7.0.1` ->
`^7.2.0`](https://renovatebot.com/diffs/npm/tar/7.2.0/7.2.0 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
---
### Release Notes
<details>
<summary>pnpm/pnpm (pnpm)</summary>
### [`v9.2.0`](https://togithub.com/pnpm/pnpm/releases/tag/v9.2.0 )
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v9.1.4...v9.2.0 )
#### Minor Changes
- If `package-manager-strict-version` is set to `true`, pnpm will fail
if its version doesn't exactly match the version in the "packageManager"
field of `package.json`.
#### Patch Changes
- Update `@yarnpkg/pnp` to the latest version, fixing issue with `node:`
imports [#​8161](https://togithub.com/pnpm/pnpm/issues/8161 ).
- Deduplicate bin names to prevent race condition and corrupted bin
scripts [#​7833](https://togithub.com/pnpm/pnpm/issues/7833 ).
- pnpm doesn't fail if its version doesn't match the one specified in
the "packageManager" field of `package.json`
[#​8087](https://togithub.com/pnpm/pnpm/issues/8087 ).
- `exec` now also streams prefixed output when `--recursive` or
`--parallel` is specified just as `run` does
[#​8065](https://togithub.com/pnpm/pnpm/issues/8065 ).
#### Platinum Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes "
target="_blank"><img src="https://pnpm.io/img/users/bit.svg "
width="80"></a>
</td>
<td align="center" valign="middle">
<a href="https://figma.com/?utm_source=pnpm&utm_medium=release_notes "
target="_blank"><img src="https://pnpm.io/img/users/figma.svg "
width="80"></a>
</td>
</tr>
</tbody>
</table>
#### Gold Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/discord.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/discord_light.svg " />
<img src="https://pnpm.io/img/users/discord.svg " width="220" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://prisma.io/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/prisma.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/prisma_light.svg " />
<img src="https://pnpm.io/img/users/prisma.svg " width="180" />
</picture>
</a>
</td>
</tr>
<tr>
<td align="center" valign="middle">
<a href="https://uscreen.de/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/uscreen.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/uscreen_light.svg " />
<img src="https://pnpm.io/img/users/uscreen.svg " width="180" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a
href="https://www.jetbrains.com/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/jetbrains.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/jetbrains.svg " />
<img src="https://pnpm.io/img/users/jetbrains.svg " width="85" />
</picture>
</a>
</td>
</tr>
<tr>
<td align="center" valign="middle">
<a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/nx.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/nx_light.svg " />
<img src="https://pnpm.io/img/users/nx.svg " width="120" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a
href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/coderabbit.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/coderabbit_light.svg " />
<img src="https://pnpm.io/img/users/coderabbit.svg " width="220" />
</picture>
</a>
</td>
</tr>
</tbody>
</table>
#### Our Silver Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a
href="https://leniolabs.com/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<img src="https://pnpm.io/img/users/leniolabs.jpg " width="80">
</a>
</td>
<td align="center" valign="middle">
<a href="https://vercel.com/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/vercel.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/vercel_light.svg " />
<img src="https://pnpm.io/img/users/vercel.svg " width="180" />
</picture>
</a>
</td>
</tr>
<tr>
<td align="center" valign="middle">
<a href="https://depot.dev/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/depot.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/depot_light.svg " />
<img src="https://pnpm.io/img/users/depot.svg " width="200" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://moonrepo.dev/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/moonrepo.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/moonrepo_light.svg " />
<img src="https://pnpm.io/img/users/moonrepo.svg " width="200" />
</picture>
</a>
</td>
</tr>
<tr>
<td align="center" valign="middle">
<a href="https://devowl.io/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/devowlio.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/devowlio.svg " />
<img src="https://pnpm.io/img/users/devowlio.svg " width="200" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://macpaw.com/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/macpaw.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/macpaw_light.svg " />
<img src="https://pnpm.io/img/users/macpaw.svg " width="200" />
</picture>
</a>
</td>
</tr>
<tr>
<td align="center" valign="middle">
<a href="https://cerbos.dev/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/cerbos.svg " />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/cerbos_light.svg " />
<img src="https://pnpm.io/img/users/cerbos.svg " width="180" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a
href="https://vpsserver.com/en-us/?utm_source=pnpm&utm_medium=release_notes "
target="_blank">
<img src="https://pnpm.io/img/users/vpsserver.svg " width="180" />
</a>
</td>
</tr>
</tbody>
</table>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 10am on monday" in timezone
Asia/Shanghai, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/ ). View
repository job log
[here](https://developer.mend.io/github/oxc-project/oxc ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-09 17:50:05 +00:00
Don Isaac
129f91e444
feat(span): port over more methods from TextRange ( #3592 )
...
Ports over more utility methods from `TextRange`, as per feedback in
[this
comment](https://github.com/oxc-project/oxc/pull/3589#discussion_r1632169132 )
from #3589
2024-06-10 00:59:00 +08:00
Don Isaac
f0b689d115
fix(linter): panic in jsdoc/require-param ( #3590 )
2024-06-08 18:44:22 -04:00
overlookmotel
3ae567de9d
refactor(transformer): remove dead code ( #3588 )
...
Remove a commented-out line of dead code.
2024-06-08 12:54:58 +00:00
overlookmotel
fa116448c9
refactor(linter): pass Rc by value ( #3587 )
...
Same as #3586 .
2024-06-08 11:19:02 +00:00
overlookmotel
7d61832284
refactor(semantic): pass Rc by value ( #3586 )
...
Same as #3550 .
`Rc<T>` is already a reference, so instead of passing an `&Rc<T>` to a function and then `Rc::clone()` it in the function, it's better to clone it first and pass `Rc<T>` to the function.
`Rc<T>` and `&Rc<T>` are both 8 bytes, so it introduces no additional overhead to the function call, and reduces indirection.
This is a very small optimization. Am only submitting these changes for purpose of code tidying - making the patterns around `Rc` consistent and optimal throughout the codebase.
We should probably look if we can remove some of these `Rc`s entirely and replace them with plain `&` refs. I suspect `Rc` is not actually required in most places and we're only using it to avoid dealing with lifetimes, but it's sub-optimal as `Rc::clone` has a cost, whereas copying a `&` ref has none.
2024-06-08 11:18:58 +00:00
Boshen
b09092c9ec
ci: use personal access token to push tag
2024-06-08 17:05:14 +08:00
github-actions[bot]
6bdd74c476
Release crates v0.13.5 ( #3584 )
...
## [0.13.5] - 2024-06-08
### Bug Fixes
- 48bb97e
2024-06-08 16:44:50 +08:00
Boshen
060819894d
chore: crates should only publish src and examples directory
2024-06-08 16:35:16 +08:00
Boshen
4b67f8e45b
chore: only publish src
2024-06-08 16:31:47 +08:00
Boshen
48bb97e53a
fix(traverse): do not publish the build script
2024-06-08 16:31:21 +08:00
Boshen
053f19dd19
chore: format toml files
2024-06-08 11:48:14 +08:00
Boshen
5339883ada
fix: relax unicode-id-start version so user can decide which unicode version to use
2024-06-08 11:48:13 +08:00
Don Isaac
3e694573df
up(linter): add fixer for no-useless-spread ( #3583 )
...
Only fixes array spreads for now.
---------
Co-authored-by: Boshen <boshenc@gmail.com>
2024-06-08 11:38:38 +08:00
Boshen
532510d714
ci: fix tag push for release_crates
2024-06-07 17:52:19 +08:00
github-actions[bot]
d215e3d906
Release crates v0.13.4 ( #3582 )
...
## [0.13.4] - 2024-06-07
### Features
- 5c8e16c#3561 ) (Dunqing)
- 646b993#3553 ) (Dunqing)
- a939ddd#3563 ) (Dunqing)
- e8a20f8#3559 )
(Dunqing)
- ee9a215#3532 ) (Dunqing)
### Bug Fixes
- affb2c8#3512 ) (Dunqing)
- f6939cb#3551 ) (overlookmotel)
- 7982b93#3549 )
(overlookmotel)
- c00598b#3524 )
(overlookmotel)
### Performance
- 37cdc13#3577 )
(overlookmotel)
- 9f467b8#3535 )
(overlookmotel)
- ac394f0#3534 )
(overlookmotel)
### Documentation
- 1d3c0d7#3543 ) (Don Isaac)
### Refactor
- f2113ae#3576 )
(overlookmotel)
- 0948124#3550 ) (overlookmotel)
- e4d74ac#3541 ) (overlookmotel)
- 73b7864#3540 )
(overlookmotel)
- 6978269#3533 ) (Dunqing)
Co-authored-by: Boshen <Boshen@users.noreply.github.com>
2024-06-07 17:41:11 +08:00
Boshen
05342c6080
ci: fix release oxlint
2024-06-07 17:33:37 +08:00
Boshen
f849efa550
chore: fix build-wasm command
2024-06-07 17:05:46 +08:00
github-actions[bot]
8cbf937e84
Release oxlint v0.4.3 ( #3581 )
...
## [0.4.3] - 2024-06-07
### Features
- 1fb9d23#3544 ) (Don Isaac)
- 6506d08#3531 ) (Don Isaac)
- daf559f#3436 ) (cinchen)
- 4c17bc6#3321 ) (谭光志)
- 4a075cc#3554 ) (Yuji
Sugiura)
- 747500a#3458 )
(Yuji Sugiura)
- 6b39654#3504 ) (Wang Wenzhe)
- 0cdb45a#3465 )
(IWANABETHATGUY)
### Bug Fixes
- b188778#3457 ) (rzvxa)
- 350cd91#3461 ) (Dunqing)
Co-authored-by: Boshen <Boshen@users.noreply.github.com>
2024-06-07 16:39:51 +08:00
Boshen
e0bfd85254
ci: pass changelog to action-gh-release
2024-06-07 16:30:41 +08:00
overlookmotel
3d0e790401
improve(transformer): create Atom for react import source lazily ( #3578 )
...
In JSX transform:
* Don't generate an `Atom` for react importer unless it's needed.
* Re-use the same string slice as `jsx_runtime_importer`.
* Reduce size of `Bindings`.
2024-06-07 16:18:46 +08:00
Yuji Sugiura
4a075cccd6
feat(linter/jsdoc): Implement require-param rule ( #3554 )
...
Part of #1170
>
https://github.com/gajus/eslint-plugin-jsdoc/blob/main/docs/rules/require-param.md
NOTE: `config.useDefaultObjectProperties` is not implemented for now.
2024-06-07 15:58:16 +08:00
Dunqing
a939ddd096
feat(transformer/typescript): remove more typescript ast nodes ( #3563 )
...
Remove more TypeScript related AST
2024-06-07 05:04:28 +00:00
Dunqing
5c8e16c976
feat(coverage): second transformer build does not print typescript ( #3561 )
...
Currently, we lack a test to check if the TS AST has been completely deleted. I have thought of a way to test it. Let's have our idempotency test print the TypeScript code the first time and the second time print the JavaScript code only. If the two results do not match, it means that there are still undeleted TS ASTs or other bugs. Since ideally the TS ASTs are completely deleted, the two results should be the same.
2024-06-07 05:04:25 +00:00
Dunqing
e8a20f8d50
feat(transformer/typescript): remove typescript ast nodes ( #3559 )
...
According to Babel tests feedback, remove some known ts AST nodes.
There are still many TS AST nodes that need to be deleted
2024-06-07 05:04:22 +00:00
overlookmotel
37cdc13030
perf(transformer): faster checks if JSX plugin enabled ( #3577 )
...
Checks for whether JSX transforms are enabled are on a hot path. Make them as fast as possible:
1. Only check a single bool.
2. Store flags directly in `self` rather than behind a reference.
2024-06-07 03:16:41 +00:00
overlookmotel
f2113aea27
refactor(transformer): reduce cloning and referencing Rcs ( #3576 )
...
Similar to #3550 . Avoid cloning an `Rc` in one place and pass `Rc`s as
values not references in others.
2024-06-07 01:24:01 +08:00
Boshen
1dbc23417d
chore: regenerate changelogs with commit id and author
2024-06-07 01:22:28 +08:00
Boshen
7ddd3a6d11
chore: change no-constructor-return to pedantic
2024-06-07 00:13:47 +08:00
Boshen
101d0ccefa
ci: trigger ecosystem ci and website task from prepare_release_oxlint
2024-06-07 00:09:42 +08:00
Boshen
08fdb267b4
chore: update CHANGELOG.md
2024-06-06 20:24:19 +08:00
Boshen
2cdc4085f7
ci: only run "update rules" when rules.rs changes
2024-06-06 16:04:41 +08:00
Boshen
604b7cf92b
ci: prepare release oxlint
2024-06-06 16:04:41 +08:00
rzvxa
60f89d1fcf
improvement(semantic/cfg): better throw control flow. ( #3473 )
...
https://github.com/rzvxa/oxlint-ecosystem-ci/actions/runs/9306698136
2024-06-06 07:55:50 +00:00
rzvxa
987a3f36a8
improvement(linter/react): use CFG for detecting cyclic subgraphs in rules-of-hooks. ( #3454 )
2024-06-06 07:55:44 +00:00
rzvxa
61bae74f76
improvement(semantic/cfg): better CFG API ( #3472 )
2024-06-06 07:55:37 +00:00
rzvxa
3c7ee85ce4
improvement(semantic/cfg): better break and continue flow. ( #3462 )
...
This PR adds a new edge type called `Jump` to distinguish between normal edges and jumps.
There is also a control flow context which is used to keep track of cfg scopes and labels. It replaces the old `preserve_state` and `restore_state`.
It corrects some mistakes - such as labeled blocks especially labeled continue which wasn't easy to implement with the old approach - in the old control flow but other than that it is mostly refactored to have a more declarative API instead of a procedural approach.
2024-06-06 07:55:31 +00:00
Boshen
769227b7b4
chore: regenerate changelogs
2024-06-06 15:51:53 +08:00
Dunqing
0007ee47be
chore(coverage, transformer_conformance): print all AST whether or not they are Typecript AST ( #3556 )
...
We have a conclusion that codegen will print whatever is in the AST,
instead of having an option to enable printing TypeScript syntax. I plan
to remove codegen's `enable_typescript` option after we strip out all
typescript AST in the transformer typescript plugin.
---------
Co-authored-by: Boshen <boshenc@gmail.com>
2024-06-06 15:45:20 +08:00
Boshen
6db4d7dc09
chore: update cliff.toml
2024-06-06 15:09:07 +08:00
Boshen
509ed2bcf3
ci: update prepare release crates; regenerate the changelogs
2024-06-06 14:28:51 +08:00
Yuji Sugiura
747500ac5a
feat(linter/jsdoc): Implement require-returns-type rule ( #3458 )
...
Part of #1170
>
https://github.com/gajus/eslint-plugin-jsdoc/blob/main/docs/rules/require-returns-type.md
2024-06-06 14:11:39 +08:00
Don Isaac
1fb9d234a6
feat(linter): add fixer for no-useless-fallback-in-spread rule ( #3544 )
2024-06-06 13:59:42 +08:00
rzvxa
ff3f37dbbd
improvement(semantic/cfg): better control flow for ForStatements. ( #3453 )
...
similar to #3451 and #3452
2024-06-06 05:41:08 +00:00
rzvxa
91c999546c
improvement(semantic/cfg): better control flow for DoWhileStatements. ( #3452 )
...
similar to #3451
2024-06-06 05:41:06 +00:00
rzvxa
0012094188
improvement(semantic/cfg): better control flow for WhileStatements. ( #3451 )
...
Fixes a simple cfg issue, previously it wouldn't follow the body subgraph correctly.
2024-06-06 05:41:04 +00:00
rzvxa
209a99d49f
improvement(semantic/cfg): rework basic blocks. ( #3381 )
...
I've replaced the `BasicBlockElement` with an `Instruction` type which would keep both the instruction kind and its associated AstNodeId.
I also removed the register scheme in the control flow in favor of a simpler approach using explicit enums.
https://github.com/oxc-project/oxc/pull/3381#issuecomment-2126622774
2024-06-06 05:41:01 +00:00
Dunqing
646b9937ee
feat(coverage/transformer): handle @jsx option ( #3553 )
...
if has`@jsx: react`, configure transformer options to match `@jsx: react` behavior
2024-06-06 05:34:22 +00:00
