Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update node docker tag to v20 #1113

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 15, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
node final major 16-alpine -> 20-alpine age adoption passing confidence
node stage major 16-alpine -> 20-alpine age adoption passing confidence
@types/node (source) devDependencies major 16.10.2 -> 20.14.14 age adoption passing confidence

Release Notes

nodejs/node (node)

v20.16.0: 2024-07-24, Version 20.16.0 'Iron' (LTS), @​marco-ippolito

Compare Source

process: add process.getBuiltinModule(id)

process.getBuiltinModule(id) provides a way to load built-in modules
in a globally available function. ES Modules that need to support
other environments can use it to conditionally load a Node.js built-in
when it is run in Node.js, without having to deal with the resolution
error that can be thrown by import in a non-Node.js environment or
having to use dynamic import() which either turns the module into
an asynchronous module, or turns a synchronous API into an asynchronous one.

if (globalThis.process?.getBuiltinModule) {
  // Run in Node.js, use the Node.js fs module.
  const fs = globalThis.process.getBuiltinModule('fs');
  // If `require()` is needed to load user-modules, use createRequire()
  const module = globalThis.process.getBuiltinModule('module');
  const require = module.createRequire(import.meta.url);
  const foo = require('foo');
}

If id specifies a built-in module available in the current Node.js process,
process.getBuiltinModule(id) method returns the corresponding built-in
module. If id does not correspond to any built-in module, undefined
is returned.

process.getBuiltinModule(id) accepts built-in module IDs that are recognized
by module.isBuiltin(id).

The references returned by process.getBuiltinModule(id) always point to
the built-in module corresponding to id even if users modify
require.cache so that require(id) returns something else.

Contributed by Joyee Cheung in #​52762

doc: doc-only deprecate OpenSSL engine-based APIs

OpenSSL 3 deprecated support for custom engines with a recommendation to switch to its new provider model.
The clientCertEngine option for https.request(), tls.createSecureContext(), and tls.createServer(); the privateKeyEngine and privateKeyIdentifier for tls.createSecureContext(); and crypto.setEngine() all depend on this functionality from OpenSSL.

Contributed by Richard Lau in #​53329

inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth

Debugger.setAsyncCallStackDepth was previously calling the enable function by mistake. As a result, when profiling using Chrome DevTools, the async hooks won't be turned off properly after receiving Debugger.setAsyncCallStackDepth with depth 0.

Contributed by Joyee Cheung in #​53473

Other Notable Changes
  • [09e2191432] - (SEMVER-MINOR) buffer: add .bytes() method to Blob (Matthew Aitken) #​53221
  • [394e00f41c] - (SEMVER-MINOR) doc: add context.assert docs (Colin Ihrig) #​53169
  • [a8601efa5e] - (SEMVER-MINOR) doc: improve explanation about built-in modules (Joyee Cheung) #​52762
  • [5e76c258f7] - doc: add StefanStojanovic to collaborators (StefanStojanovic) #​53118
  • [5e694026f1] - doc: add Marco Ippolito to TSC (Rafael Gonzaga) #​53008
  • [f3ba1eb72f] - (SEMVER-MINOR) net: add new net.server.listen tracing channel (Paolo Insogna) #​53136
  • [2bcce3255b] - (SEMVER-MINOR) src,permission: --allow-wasi & prevent WASI exec (Rafael Gonzaga) #​53124
  • [a03a4c7bdd] - (SEMVER-MINOR) test_runner: add context.fullName (Colin Ihrig) #​53169
  • [69b828f5a5] - (SEMVER-MINOR) util: support --no- for argument with boolean type for parseArgs (Zhenwei Jin) #​53107
Commits

v20.15.1: 2024-07-08, Version 20.15.1 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
  • CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
  • CVE-2024-22018 - fs.lstat bypasses permission model (Low)
  • CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
  • CVE-2024-37372 - Permission model improperly processes UNC paths (Low)
Commits

v20.15.0: 2024-06-20, Version 20.15.0 'Iron' (LTS), @​marco-ippolito

Compare Source

test_runner: support test plans

It is now possible to count the number of assertions and subtests that are expected to run within a test. If the number of assertions and subtests that run does not match the expected count, the test will fail.

test('top level test', (t) => {
  t.plan(2);
  t.assert.ok('some relevant assertion here');
  t.subtest('subtest', () => {});
});

Contributed by Colin Ihrig in #​52860

inspector: introduce the --inspect-wait flag

This release introduces the --inspect-wait flag, which allows debugger to wait for attachement. This flag is useful when you want to debug the code from the beginning. Unlike --inspect-brk, which breaks on the first line, this flag waits for debugger to be connected and then runs the code as soon as a session is established.

Contributed by Kohei Ueno in #​52734

zlib: expose zlib.crc32()

This release exposes the crc32() function from zlib to user-land.

It computes a 32-bit Cyclic Redundancy Check checksum of data. If
value is specified, it is used as the starting value of the checksum,
otherwise, 0 is used as the starting value.

The CRC algorithm is designed to compute checksums and to detect error
in data transmission. It's not suitable for cryptographic authentication.

const zlib = require('node:zlib');
const { Buffer } = require('node:buffer');

let crc = zlib.crc32('hello');  // 907060870
crc = zlib.crc32('world', crc);  // 4192936109

crc = zlib.crc32(Buffer.from('hello', 'utf16le'));  // 1427272415
crc = zlib.crc32(Buffer.from('world', 'utf16le'), crc);  // 4150509955

Contributed by Joyee Cheung in #​52692

cli: allow running wasm in limited vmem with --disable-wasm-trap-handler

By default, Node.js enables trap-handler-based WebAssembly bound
checks. As a result, V8 does not need to insert inline bound checks
int the code compiled from WebAssembly which may speedup WebAssembly
execution significantly, but this optimization requires allocating
a big virtual memory cage (currently 10GB). If the Node.js process
does not have access to a large enough virtual memory address space
due to system configurations or hardware limitations, users won't
be able to run any WebAssembly that involves allocation in this
virtual memory cage and will see an out-of-memory error.

$ ulimit -v 5000000
$ node -p "new WebAssembly.Memory({ initial: 10, maximum: 100 });"
[eval]:1
new WebAssembly.Memory({ initial: 10, maximum: 100 });
^

RangeError: WebAssembly.Memory(): could not allocate memory
    at [eval]:1:1
    at runScriptInThisContext (node:internal/vm:209:10)
    at node:internal/process/execution:118:14
    at [eval]-wrapper:6:24
    at runScript (node:internal/process/execution:101:62)
    at evalScript (node:internal/process/execution:136:3)
    at node:internal/main/eval_string:49:3

--disable-wasm-trap-handler disables this optimization so that
users can at least run WebAssembly (with a less optimial performance)
when the virtual memory address space available to their Node.js
process is lower than what the V8 WebAssembly memory cage needs.

Contributed by Joyee Cheung in #​52766

Other Notable Changes
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title chore(deps): update node.js to v20 chore(deps): update node.js to v20 - autoclosed Oct 20, 2023
@renovate renovate bot closed this Oct 20, 2023
@renovate renovate bot deleted the renovate/node-20.x branch October 20, 2023 00:12
@renovate renovate bot changed the title chore(deps): update node.js to v20 - autoclosed chore(deps): update node.js to v20 Oct 24, 2023
@renovate renovate bot reopened this Oct 24, 2023
@renovate renovate bot restored the renovate/node-20.x branch October 24, 2023 00:19
@renovate renovate bot changed the title chore(deps): update node.js to v20 chore(deps): update dependency @types/node to v20 Oct 24, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch 5 times, most recently from fb867e0 to 5ed5513 Compare October 25, 2023 19:33
@renovate renovate bot force-pushed the renovate/node-20.x branch 5 times, most recently from ae55af7 to cd61be3 Compare November 23, 2023 21:50
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from c99c99e to 67aa064 Compare November 29, 2023 21:58
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from 8608812 to e759f5e Compare December 3, 2023 12:10
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v20 chore(deps): update node.js to v20 Dec 3, 2023
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from ea5c3ff to 7d51373 Compare December 10, 2023 08:44
@renovate renovate bot force-pushed the renovate/node-20.x branch 4 times, most recently from bb9a829 to 01ed381 Compare April 9, 2024 06:30
@renovate renovate bot force-pushed the renovate/node-20.x branch 3 times, most recently from a6f6a89 to f47cae2 Compare May 8, 2024 12:23
@renovate renovate bot force-pushed the renovate/node-20.x branch 6 times, most recently from e7bbbe7 to dd6754b Compare June 5, 2024 11:11
@renovate renovate bot force-pushed the renovate/node-20.x branch 6 times, most recently from 3500c32 to d86ddd2 Compare June 22, 2024 08:30
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from 2371dd7 to af91f3d Compare July 23, 2024 18:39
@renovate renovate bot force-pushed the renovate/node-20.x branch 2 times, most recently from e138334 to 2d93713 Compare August 2, 2024 10:41
@renovate renovate bot changed the title chore(deps): update node.js to v20 chore(deps): update node docker tag to v20 Aug 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants