build: update node.js to v16.11.1

This MR contains the following updates:

Package	Type	Update	Change
node	final	minor	16.10.0-alpine -> 16.11.1-alpine
node	stage	minor	16.10.0-alpine -> 16.11.1-alpine

---

Release Notes

nodejs/node

v16.11.1

Compare Source

This is a security release.

Notable changes

• CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
• CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

Commits

• [af488f8dc8] - deps: update llhttp to 6.0.4 (Matteo Collina) nodejs-private/node-private#​284
• [2d1eefad98] - http: add regression test for smuggling content length (Matteo Collina) nodejs-private/node-private#​284
• [45d419ab1c] - http: add regression test for chunked smuggling (Matteo Collina) nodejs-private/node-private#​284

v16.11.0

Compare Source

Notable Changes

• crypto
  • update root certificates (Richard Lau) #​40280
• deps
  • upgrade npm to 8.0.0 (npm team) #​40369
  • update nghttp2 to v1.45.1 (thunder-coding) #​40206
  • update V8 to 9.4.146.19 (Michaël Zasso) #​40285
• tools
  • update certdata.txt (Richard Lau) #​40280

Commits

• [34f3021ca3] - benchmark: add util.toUSVString()'s benchmark (Khaidi Chu) #​40203
• [f83b9bcb6f] - build: support Python 3.10.0 (FrankQiu) #​40296
• [3148f9b64e] - build: check for duplicates in new AUTHORS entries (Rich Trott) #​40264
• [48c162d457] - build: set DESTCPU correctly for 'make binary' on Apple Silicon (Chris Heisterkamp) #​40147
• [7fbfb66d41] - build: limit update authors CI scope (Jiawen Geng) #​40219
• [a1bee94502] - build: pass a tuple of alternatives to str.endswith() (Christian Clauss) #​40017
• [eaf9d08332] - build: add --no-user for pip commands in Makefile (Rich Trott) #​40169
• [e22ca06ac4] - build: fix "test-internet.yml" workflows (SURYAMRATAP SINGH SURYAVANSHI) #​40177
• [4da73d09bf] - (SEMVER-MINOR) build: reset embedder string to "-node.0" (Michaël Zasso) #​40285
• [4b117fbc81] - console: use validators for consistency (Voltrex) #​39812
• [6489423187] - console: avoid unnecessary variables (Pancake) #​40183
• [9af2592e69] - crypto: update root certificates (Richard Lau) #​40280
• [2fa5e5011f] - crypto: handle initEDRaw pkey failure (Shelley Vohr) #​40188
• [7968c79301] - crypto: don't call callback twice in case crypto.randomBytes fails (Guilherme Bernal) #​40157
• [b89c7ae297] - deps: upgrade npm to 8.0.0 (npm team) #​40369
• [947f3dc9af] - deps: V8: patch jinja2 for Python 3.10 compat (Michaël Zasso) #​40296
• [685c7d43a5] - (SEMVER-MINOR) deps: update nghttp2 to v1.45.1 (thunder-coding) #​40206
• [e7046e0ff1] - deps: restore minimum ICU version to 68 (Michaël Zasso) #​39470
• [a3db2033d4] - (SEMVER-MINOR) deps: make V8 9.4 abi-compatible with 9.0 (Michaël Zasso) #​40285
• [5cc24e6d76] - deps: V8: cherry-pick 9a60704 (Jiawen Geng) #​40046
• [8de5eb88d3] - deps: V8: cherry-pick 5681a65 (Michaël Zasso) #​39945
• [150d816edb] - deps: V8: cherry-pick bdcda72 (Michaël Zasso) #​39945
• [807b68b430] - deps: V8: cherry-pick 00bb1a7 (Darshan Sen) #​39829
• [be016948df] - deps: silence irrelevant V8 warning (Michaël Zasso) #​38990
• [22dcd3e4dc] - deps: silence irrelevant V8 warnings (Michaël Zasso) #​37587
• [1aea6a771b] - deps: fix V8 build issue with inline methods (Jiawen Geng) #​40060
• [e9812157f0] - deps: make v8.h compatible with VS2015 (Joao Reis) #​32116
• [88ae710057] - deps: V8: forward declaration of Rtl*FunctionTable (Refael Ackermann) #​32116
• [e810f0766f] - deps: V8: patch register-arm64.h (Refael Ackermann) #​32116
• [b8aabd5622] - deps: V8: un-cherry-pick bd019bd (Refael Ackermann) #​32116
• [309c4f05df] - (SEMVER-MINOR) deps: update V8 to 9.4.146.19 (Michaël Zasso) #​40285
• [69eaaf6321] - doc: format general markdown files (Rich Trott) #​40322
• [dc9c31985c] - doc: fix the inline code-block at the NodeDhKeyGenParams class (Justin) #​40341
• [8d0546db39] - doc: correct the codeblock for hmacImportParams.hash (Justin) #​40340
• [1db2ffd008] - doc: fix typo in stream docs (Juan José Arboleda) #​40337
• [abfcbcd14c] - doc: update fast-track approval comment request (voltrexmaster) #​40316
• [e2cd2f44f2] - doc: fix CVE-2021-22940 references (Michaël Zasso) #​40308
• [88bdbf1e29] - doc: format markdown files in test directory (Rich Trott) #​40290
• [f71ac57a86] - doc: add triagers to the table of contents (FrankQiu) #​39969
• [a5218b5313] - doc: update Forrest Norvell's pronouns (Forrest L Norvell) #​40292
• [d2e54e5d0c] - doc: reorder stream 'readable' paragraphs (Vincent Weevers) #​40212
• [1d0a3e1a0c] - doc: fix typo in fs (Brian White) #​40257
• [66edb7bfe1] - doc: fix typo in fs.md (Arslan Ali) #​40254
• [614a7c21f8] - doc: fix typo in packages.md (Arslan Ali) #​40230
• [9fa6dfbe76] - doc: fix example of crypto.generateKeySync (Gary Ho) #​40225
• [9a2b94a142] - doc: update fs.watchFile doc (Clément Nardi) #​40134
• [a68f91c884] - doc: add version when diagnostics_channel APIs were added (Gerhard Stöbich) #​40208
• [6bf67909ad] - doc: fix typo in 'maxHeaderSize' (Rebhi Alfa) #​40164
• [73a127ba7b] - doc: fix buffer api example code's token error (m3m0ry) #​40125
• [59db8293f4] - doc: fix typo in async_hooks.md (xuchaobei) #​40187
• [779dfd199b] - doc: make version picker usable on mobile (Evan Lucas) #​39958
• [7bd62f4809] - doc: fix typos in http.md (Luigi Pinca) #​40161
• [94b415b980] - doc: add blank line between comments (Rich Trott) #​40160
• [847b451d88] - doc: update markdown files in src for upcoming linting/formatting (Rich Trott) #​40159
• [cea7395858] - doc: update benchmarks README.md for upcoming linting/formatting (Rich Trott) #​40158
• [c231745837] - doc: prepare markdown file for upcoming formatting/linting (Rich Trott) #​40156
• [7e58cda6e0] - doc: update tools .md files for upcoming lint/formatting (Rich Trott) #​40155
• [02a87b096c] - doc: update markdown formatting for *.md files (Rich Trott) #​40154
• [9b0e61a67f] - doc,src: update crypto/README.md (Tobias Nießen) #​40332
• [88e7bd073a] - events: allow dispatch many times without listener (MrBBot) #​39772
• [c7f3294d02] - (SEMVER-MINOR) fs: add stream utilities to FileHandle (Antoine du Hamel) #​40009
• [555af5b808] - http: remove 'data' and 'end' listener if client parser error (Matteo Collina) #​40244
• [22725f5bdd] - http: use 0 as default for requests limit (Artur K) #​40192
• [3d5eba8042] - lib: refactor to avoid unsafe array iteration (Antoine du Hamel) #​40271
• [547fc86371] - lib: use validateArray (Voltrex) #​39774
• [a37527ce8f] - meta: add mailmap entry for ratracegrad (Rich Trott) #​40291
• [a75a8f2ca0] - meta: update AUTHORS (Node.js GitHub Bot) #​40289
• [66ab278bae] - meta: add .mailmap entry for Jimbly (Rich Trott) #​40267
• [e040f2cf0d] - meta: add .mailmap entry for daguej (Rich Trott) #​40223
• [d64740fbb3] - meta: update AUTHORS (Node.js GitHub Bot) #​40217
• [9ee9e41f5c] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​40115
• [da6c82b425] - meta: update gdams contact information (Rich Trott) #​40233
• [a660017915] - meta: add .mailmap entry for kunalspathak (Rich Trott) #​40202
• [4d46bde22e] - meta: add mailmap entry for ralphtheninja (Rich Trott) #​40153
• [b856886d00] - meta: update mailmap for LakshmiSwethaG (Rich Trott) #​40172
• [972d921855] - module: fix ERR_REQUIRE_ESM for parentPath null (Guy Bedford) #​40145
• [344c03b2e6] - repl: skip EmptyStatements and return result with TLA (Mestery) #​40194
• [b694b0ca52] - src: use As() instead of Cast() for conversions (Darshan Sen) #​40287
• [383dbe940d] - src: implement changes suggested by @​addaleax (kokke) #​40128
• [a6112dd1de] - src: fix time-of-use vs time-of-check "bugs" (kokke) #​40128
• [bbf1ed7c78] - src: remove AllocatedBuffer from crypto_common.cc (Darshan Sen) #​40213
• [528f9228fd] - src: remove usage of AllocatedBuffer from udp_wrap.cc (Darshan Sen) #​40151
• [d36127d862] - src: move ToUSVString() to node_util.cc (Khaidi Chu) #​40204
• [bddf8c28d9] - src,crypto: eliminate code duplication between StatelessDiffieHellman* (Darshan Sen) #​40084
• [6a8689f1f9] - test: fix typo in test/common/index.js (Tobias Nießen) #​40297
• [dc0c2744cf] - test: suppress compiler warning in test_bigint (Daniel Bevenius) #​40253
• [18820bfa58] - tools: patch jinja2 for Python 3.10 compat (Michaël Zasso) #​40296
• [8d7710e6c3] - tools: update rollup entry in lint-md package.json (FrankQiu) #​40281
• [7bb4dc2406] - tools: update certdata.txt (Richard Lau) #​40280
• [f31b0c9700] - tools: update remark-preset-lint-node to 3.2.0 (Rich Trott) #​40278
• [9c4e7a5158] - tools: fix lint-md autolinking (Rich Trott) #​40181
• [26db6db87f] - tools: implement markdown formatting (Rich Trott) #​40181
• [67812e8c65] - tools: re-implement lint-md without unified-args (Rich Trott) #​40180
• [0232f94175] - tools: update remark-preset-lint-node to 3.1.0 (Rich Trott) #​40166
• [80fdedd184] - tools: fix find-inactive-collaborators for recent README change (Rich Trott) #​40163
• [ebf17102d1] - tools: extend default yamllint config (Michaël Zasso) #​40150
• [f7c82749a7] - tools: update V8 gypfiles for 9.4 (Michaël Zasso) #​39945
• [dd39422b8b] - typings: define types for symbols binding (Michaël Zasso) #​40143
• [ced8467e20] - typings: define types for worker and messaging bindings (Michaël Zasso) #​40143
• [66d3101677] - (SEMVER-MINOR) util: improve ansi escape code regex (Colin Ihrig) #​40214
• [f4164fa4c3] - (SEMVER-MINOR) util: expose stripVTControlCharacters() (Colin Ihrig) #​40214

---

Configuration

📅 Schedule: "after 10pm every weekday,before 5am every weekday,every weekend" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this MR, click this checkbox.

---

This MR has been generated by Renovate Bot.