🔼 Updates node Docker tag to v12.20.1
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
node | final | patch |
12.20.0-alpine -> 12.20.1-alpine
|
Release Notes
nodejs/node
v12.20.1
Notable changes
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt
Commits
- [
5de5354918
] - deps: update http-parser to http-parser@ec8b5ee
(Richard Lau) nodejs-private/node-private#236 - [
2eacfbec68
] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #36571 - [
96ec482d90
] - deps: update archs files for OpenSSL-1.1.1i (Myles Borins) #36521 - [
7ec0eb408b
] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #36521 - [
76ea9c5a7a
] - deps: upgrade npm to 6.14.9 (Myles Borins) #36450 - [
420244e4d9
] - http: unsetF_CHUNKED
on newTransfer-Encoding
(Matteo Collina) nodejs-private/node-private#236 - [
4a30ac8c75
] - http: add test for http transfer encoding smuggling (Richard Lau) nodejs-private/node-private#236 - [
92d430917a
] - http: unsetF_CHUNKED
on newTransfer-Encoding
(Fedor Indutny) nodejs-private/node-private#236 - [
5b00de7d67
] - src: retain pointers to WriteWrap/ShutdownWrap (James M Snell) nodejs-private/node-private#230
Renovate configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.