chore(deps): update node.js to v19.7.0

This MR contains the following updates:

Package	Type	Update	Change
node	image	minor	19.6.0 -> 19.7.0

---

Release Notes

nodejs/node

v19.7.0

Compare Source

Notable Changes

• [60a612607e] - deps: upgrade npm to 9.5.0 (npm team) #​46673
• [7d6c27eab1] - deps: add ada as a dependency (Yagiz Nizipli) #​46410
• [a79a8bf85a] - doc: add debadree25 to collaborators (Debadree Chatterjee) #​46716
• [0c2c322ee6] - doc: add deokjinkim to collaborators (Deokjin Kim) #​46444
• [9b23309f53] - doc,lib,src,test: rename --test-coverage (Colin Ihrig) #​46017
• [8590eb4830] - (SEMVER-MINOR) lib: add aborted() utility function (Debadree Chatterjee) #​46494
• [164bfe82cc] - (SEMVER-MINOR) src: add initial support for single executable applications (Darshan Sen) #​45038
• [f3908411fd] - (SEMVER-MINOR) src: allow optional Isolate termination in node::Stop() (Shelley Vohr) #​46583
• [c34bac2fed] - (SEMVER-MINOR) src: allow blobs in addition to FILE*s in embedder snapshot API (Anna Henningsen) #​46491
• [683a1f8f3e] - (SEMVER-MINOR) src: allow snapshotting from the embedder API (Anna Henningsen) #​45888
• [658d2f4710] - (SEMVER-MINOR) src: make build_snapshot a per-Isolate option, rather than a global one (Anna Henningsen) #​45888
• [6801d3753c] - (SEMVER-MINOR) src: add snapshot support for embedder API (Anna Henningsen) #​45888
• [e77d538d32] - (SEMVER-MINOR) src: allow embedder control of code generation policy (Shelley Vohr) #​46368
• [633d3f292d] - (SEMVER-MINOR) stream: add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) #​46273
• [6119289251] - test_runner: add initial code coverage support (Colin Ihrig) #​46017
• [a51fe3c663] - url: replace url-parser with ada (Yagiz Nizipli) #​46410

Commits

• [731a7ae9da] - async_hooks: add async local storage propagation benchmarks (Chengzhong Wu) #​46414
• [05ad792a07] - async_hooks: remove experimental onPropagate option (James M Snell) #​46386
• [6b21170b10] - benchmark: add trailing commas in benchmark/path (Antoine du Hamel) #​46628
• [4b89ec409f] - benchmark: add trailing commas in benchmark/http (Antoine du Hamel) #​46609
• [ff95eb7386] - benchmark: add trailing commas in benchmark/crypto (Antoine du Hamel) #​46553
• [638d9b8d4b] - benchmark: add trailing commas in benchmark/url (Antoine du Hamel) #​46551
• [7524871a9b] - benchmark: add trailing commas in benchmark/http2 (Antoine du Hamel) #​46552
• [9d9b3f856f] - benchmark: add trailing commas in benchmark/process (Antoine du Hamel) #​46481
• [6c69ad6d43] - benchmark: add trailing commas in benchmark/misc (Antoine du Hamel) #​46474
• [7f8b292bee] - benchmark: add trailing commas in benchmark/buffers (Antoine du Hamel) #​46473
• [897e3c2782] - benchmark: add trailing commas in benchmark/module (Antoine du Hamel) #​46461
• [7760d40c04] - benchmark: add trailing commas in benchmark/net (Antoine du Hamel) #​46439
• [8b88d605ca] - benchmark: add trailing commas in benchmark/util (Antoine du Hamel) #​46438
• [2c8c9f978d] - benchmark: add trailing commas in benchmark/async_hooks (Antoine du Hamel) #​46424
• [b364b9bd60] - benchmark: add trailing commas in benchmark/fs (Antoine du Hamel) #​46426
• [e15ddba7e7] - build: add GitHub Action for coverage with --without-intl (Rich Trott) #​37954
• [c781a48097] - build: do not disable inspector when intl is disabled (Rich Trott) #​37954
• [b4deb2fcd5] - crypto: don't assume FIPS is disabled by default (Michael Dawson) #​46532
• [60a612607e] - deps: upgrade npm to 9.5.0 (npm team) #​46673
• [6c997035fc] - deps: update corepack to 0.16.0 (Node.js GitHub Bot) #​46710
• [2ed3875eee] - deps: update undici to 5.20.0 (Node.js GitHub Bot) #​46711
• [20cb13bf7f] - deps: update ada to v1.0.1 (Yagiz Nizipli) #​46550
• [c0983cfc06] - deps: copy postject-api.h and LICENSE to the deps folder (Darshan Sen) #​46582
• [7d6c27eab1] - deps: add ada as a dependency (Yagiz Nizipli) #​46410
• [7e7e2d037b] - deps: update c-ares to 1.19.0 (Michaël Zasso) #​46415
• [a79a8bf85a] - doc: add debadree25 to collaborators (Debadree Chatterjee) #​46716
• [6a8b04d709] - doc: move bcoe to emeriti (Benjamin Coe) #​46703
• [a0a6ee0f54] - doc: add response.strictContentLength to documentation (Marco Ippolito) #​46627
• [ffdd64dce3] - doc: remove unused functions from example of streamConsumers.text (Deokjin Kim) #​46581
• [c771d66864] - doc: fix test runner examples (Richie McColl) #​46565
• [375bb22df9] - doc: update test concurrency description / default values (richiemccoll) #​46457
• [a7beac04ba] - doc: enrich test command with executable (Tony Gorez) #​44347
• [aef57cd290] - doc: fix wrong location of requestTimeout's default value (Deokjin Kim) #​46423
• [0c2c322ee6] - doc: add deokjinkim to collaborators (Deokjin Kim) #​46444
• [31d3e3c486] - doc: fix -C flag usage (三咲智子 Kevin Deng) #​46388
• [905a6756a3] - doc: add note about major release rotation (Rafael Gonzaga) #​46436
• [33a98c42fa] - doc: update threat model based on discussions (Michael Dawson) #​46373
• [9b23309f53] - doc,lib,src,test: rename --test-coverage (Colin Ihrig) #​46017
• [f192b83800] - esm: misc test refactors (Geoffrey Booth) #​46631
• [7f2cdd36cf] - http: add note about clientError event (Paolo Insogna) #​46584
• [d8c527f24f] - http: use v8::Array::New() with a prebuilt vector (Joyee Cheung) #​46447
• [fa600fe003] - lib: add trailing commas in internal/process (Antoine du Hamel) #​46687
• [4aebee63f0] - lib: do not crash using workers with disabled shared array buffers (Ruben Bridgewater) #​41023
• [a740908588] - lib: delete module findPath unused params (sinkhaha) #​45371
• [8b46c763d9] - lib: enforce use of trailing commas in more files (Antoine du Hamel) #​46655
• [aae0020e27] - lib: enforce use of trailing commas for functions (Antoine du Hamel) #​46629
• [da9ebaf138] - lib: predeclare Event.isTrusted prop descriptor (Santiago Gimeno) #​46527
• [35570e970e] - lib: tighten AbortSignal.prototype.throwIfAborted implementation (Antoine du Hamel) #​46521
• [8590eb4830] - (SEMVER-MINOR) lib: add aborted() utility function (Debadree Chatterjee) #​46494
• [5d1a729f76] - meta: update AUTHORS (Node.js GitHub Bot) #​46624
• [cb9b9ad879] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​46513
• [17b82c85d9] - meta: update AUTHORS (Node.js GitHub Bot) #​46504
• [bb14a2b098] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​46411
• [152a3c7d1d] - process: print versions by sort (Himself65) #​46428
• [164bfe82cc] - (SEMVER-MINOR) src: add initial support for single executable applications (Darshan Sen) #​45038
• [f3908411fd] - (SEMVER-MINOR) src: allow optional Isolate termination in node::Stop() (Shelley Vohr) #​46583
• [bdba600d32] - src: remove icu usage from node_string.cc (Yagiz Nizipli) #​46548
• [31fb2e22a0] - src: add fflush() to SnapshotData::ToFile() (Anna Henningsen) #​46531
• [c34bac2fed] - (SEMVER-MINOR) src: allow blobs in addition to FILE*s in embedder snapshot API (Anna Henningsen) #​46491
• [c3325bfc0d] - src: make edge names in BaseObjects more descriptive in heap snapshots (Joyee Cheung) #​46492
• [3c5db8f419] - src: avoid leaking snapshot fp on error (Tobias Nießen) #​46497
• [1a808a4aad] - src: check return value of ftell() (Tobias Nießen) #​46495
• [f72f643549] - src: remove unused includes from main thread (Yagiz Nizipli) #​46471
• [60c2a863da] - src: use string_view instead of std::string& (Yagiz Nizipli) #​46471
• [f35f6d2218] - src: use simdutf utf8 to utf16 instead of icu (Yagiz Nizipli) #​46471
• [00b81c7afe] - src: replace icu with simdutf for char counts (Yagiz Nizipli) #​46472
• [683a1f8f3e] - (SEMVER-MINOR) src: allow snapshotting from the embedder API (Anna Henningsen) #​45888
• [658d2f4710] - (SEMVER-MINOR) src: make build_snapshot a per-Isolate option, rather than a global one (Anna Henningsen) #​45888
• [6801d3753c] - (SEMVER-MINOR) src: add snapshot support for embedder API (Anna Henningsen) #​45888
• [95065c3185] - src: add additional utilities to crypto::SecureContext (James M Snell) #​45912
• [efc59d0843] - src: add KeyObjectHandle::HasInstance (James M Snell) #​45912
• [a8a2d0e2b1] - src: add GetCurrentCipherName/Version to crypto_common (James M Snell) #​45912
• [6cf860d3d6] - src: back snapshot I/O with a std::vector sink (Joyee Cheung) #​46463
• [e77d538d32] - (SEMVER-MINOR) src: allow embedder control of code generation policy (Shelley Vohr) #​46368
• [7756438c81] - stream: add trailing commas in webstream source files (Antoine du Hamel) #​46685
• [6b64a945c6] - stream: add trailing commas in stream source files (Antoine du Hamel) #​46686
• [633d3f292d] - (SEMVER-MINOR) stream: add abort signal for ReadableStream and WritableStream (Debadree Chatterjee) #​46273
• [f91260b32a] - stream: refactor to use validateAbortSignal (Antoine du Hamel) #​46520
• [6bf7388b62] - stream: allow transfer of readable byte streams (MrBBot) #​45955
• [c2068537fa] - stream: add pipeline() for webstreams (Debadree Chatterjee) #​46307
• [4cf4b41c56] - stream: add suport for abort signal in finished() for webstreams (Debadree Chatterjee) #​46403
• [b844a09fa5] - stream: dont access Object.prototype.type during TransformStream init (Debadree Chatterjee) #​46389
• [6ad01fd7b5] - test: fix test-net-autoselectfamily for kernel without IPv6 support (Livia Medeiros) #​45856
• [2239e24306] - test: fix assertions in test-snapshot-dns-lookup* (Tobias Nießen) #​46618
• [c4ca98e786] - test: cover publicExponent validation in OpenSSL (Tobias Nießen) #​46632
• [e60d3f2b1d] - test: add WPTRunner support for variants and generating WPT reports (Filip Skokan) #​46498
• [217f2f6e2a] - test: add trailing commas in test/pummel (Antoine du Hamel) #​46610
• [641e1771c8] - test: enable api-invalid-label.any.js in encoding WPTs (Filip Skokan) #​46506
• [89aa161173] - test: fix tap parser fails if a test logs a number (Pulkit Gupta) #​46056
• [faba8d4a30] - test: add trailing commas in test/js-native-api (Antoine du Hamel) #​46385
• [d556ccdd26] - test: make more crypto tests work with BoringSSL (Shelley Vohr) #​46429
• [c7f29b24a6] - test: add trailing commas in test/known_issues (Antoine du Hamel) #​46408
• [a66e7ca6c5] - test: add trailing commas in test/internet (Antoine du Hamel) #​46407
• [0f75633086] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #​46575
• [ddf5002782] - test_runner: parse non-ascii character correctly (Mert Can Altın) #​45736
• [5b748114d2] - test_runner: allow nesting test within describe (Moshe Atlow) #​46544
• [c526f9f70a] - test_runner: fix missing test diagnostics (Moshe Atlow) #​46450
• [b31aabb101] - test_runner: top-level diagnostics not ommited when running with --test (Pulkit Gupta) #​46441
• [6119289251] - test_runner: add initial code coverage support (Colin Ihrig) #​46017
• [6f24f0621e] - timers: cleanup no-longer relevant TODOs in timers/promises (James M Snell) #​46499
• [1cd22e7d19] - tools: fix bug in prefer-primordials lint rule (Antoine du Hamel) #​46659
• [87df34ac28] - tools: fix update-ada script (Yagiz Nizipli) #​46550
• [f62b58a623] - tools: add a daily wpt.fyi synchronized report upload (Filip Skokan) #​46498
• [803f00aa32] - tools: update eslint to 8.34.0 (Node.js GitHub Bot) #​46625
• [f87216bdb2] - tools: update lint-md-dependencies to rollup@3.15.0 to-vfile@7.2.4 (Node.js GitHub Bot) #​46623
• [8ee9e48560] - tools: update doc to remark-html@15.0.2 to-vfile@7.2.4 (Node.js GitHub Bot) #​46622
• [148c5d9239] - tools: update lint-md-dependencies to rollup@3.13.0 vfile-reporter@7.0.5 (Node.js GitHub Bot) #​46503
• [51c6c61a58] - tools: update ESLint custom rules to not use the deprecated format (Antoine du Hamel) #​46460
• [a51fe3c663] - url: replace url-parser with ada (Yagiz Nizipli) #​46410
• [129c9e7180] - url: remove unused URL::ToFilePath() (Yagiz Nizipli) #​46487
• [9a604d67c3] - url: remove unused URL::toObject (Yagiz Nizipli) #​46486
• [d6fbebda54] - url: remove unused setURLConstructor function (Yagiz Nizipli) #​46485
• [17b3ee33c2] - vm: properly support symbols on globals (Nicolas DUBIEN) #​46458

v19.6.1

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-23919: OpenSSL errors not cleared in error stack (Medium)
• CVE-2023-23918: Experimental Policies bypass via process.mainModule.require(High)
• CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable (Low)

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent OpenSSL security advisory and undici security update.

Commits

• [97d9d55d2f] - build: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) nodejs-private/node-private#​374
• [8ac90e6372] - crypto: clear OpenSSL error on invalid ca cert (RafaelGSS) nodejs-private/node-private#​368
• [10a4c47e3a] - deps: update undici to 5.19.1 (Node.js GitHub Bot) #​46634
• [b10fc75e4a] - deps: update undici to 5.18.0 (Node.js GitHub Bot) #​46502
• [e9b64ea8b9] - deps: update undici to 5.17.1 (Node.js GitHub Bot) #​46502
• [66a24cec47] - deps: cherry-pick Windows ARM64 fix for openssl (Richard Lau) #​46573
• [d8559aa6f5] - deps: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) #​46573
• [dc477f547d] - deps: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) #​46573
• [2aae197670] - lib: makeRequireFunction patch when experimental policy (RafaelGSS) nodejs-private/node-private#​358
• [6d17b693ec] - policy: makeRequireFunction on mainModule.require (RafaelGSS) nodejs-private/node-private#​358

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, click this checkbox.

---

This MR has been generated by Renovate Bot.