Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update node docker tag to v23 #519

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 19, 2024

This PR contains the following updates:

Package Type Update Change
node final major 18.12.1-alpine -> 23.7.0-alpine
node stage major 18.12.1-alpine -> 23.7.0-alpine

Release Notes

nodejs/node (node)

v23.7.0: 2025-01-30, Version 23.7.0 (Current), @​aduh95

Compare Source

Notable Changes
  • [36dd9ecc41] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
  • [9414d3cbf1] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #​56489
  • [9c5c3b3115] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #​56610
  • [1e201fd5fd] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #​56385
  • [48c813fb67] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #​56441
  • [cf16123785] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #​56469
  • [13bdd9c961] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #​56595
  • [00a1943858] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #​56459
  • [3143566045] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #​56434
Commits

v23.6.1: 2025-01-21, Version 23.6.1 (Current), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
  • CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
  • CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

  • CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits

v23.6.0: 2025-01-07, Version 23.6.0 (Current), @​marco-ippolito

Compare Source

Notable Changes
Unflagging --experimental-strip-types

This release enables the flag --experimental-strip-types by default.
Node.js will be able to execute TypeScript files without additional configuration:

node file.ts

There are some limitations in the supported syntax documented at https://nodejs.org/api/typescript.html#type-stripping
This feature is experimental and is subject to change.

Contributed by Marco Ippolito in #​56350

Other Notable Changes
  • [c1023284c3] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #​56359
  • [8dc39e5e2e] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #​56400
  • [8b20cc212b] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #​56394
Commits

v23.5.0: 2024-12-19, Version 23.5.0 (Current), @​aduh95

Compare Source

Notable Changes
WebCryptoAPI Ed25519 and X25519 algorithms are now stable

Following the merge of Curve25519 into the
Web Cryptography API Editor's Draft the
Ed25519 and X25519 algorithm identifiers are now stable and will no longer
emit an ExperimentalWarning upon use.

Contributed by Filip Skokan in #​56142.

On-thread hooks are back

This release introduces module.registerHooks() for registering module loader
customization hooks that are run for all modules loaded by require(), import
and functions returned by createRequire() in the same thread, which makes them
easier for CJS monkey-patchers to migrate to.

import assert from 'node:assert';
import { registerHooks, createRequire } from 'node:module';
import { writeFileSync } from 'node:fs';

writeFileSync('./bar.js', 'export const id = 123;', 'utf8');

registerHooks({
  resolve(specifier, context, nextResolve) {
    const replaced = specifier.replace('foo', 'bar');
    return nextResolve(replaced, context);
  },
  load(url, context, nextLoad) {
    const result = nextLoad(url, context);
    return {
      ...result,
      source: result.source.toString().replace('123', '456'),
    };
  },
});

// Checks that it works with require.
const require = createRequire(import.meta.url);
const required = require('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(required.id, 456);  // Replaced by load hook to 456

// Checks that it works with import.
const imported = await import('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(imported.id, 456);  // Replaced by load hook to 456

This complements the module.register() hooks - the new hooks fit better
internally and cover all corners in the module graph; whereas
module.register() previously could not cover require() while it was
on-thread, and still cannot cover createRequire() after being moved
off-thread.

They are also run in the same thread as the modules being loaded and where the
hooks are registered, which means they are easier to debug (no more
console.log() getting lost) and do not have the many deadlock issues haunting
the module.register() hooks. The new API also takes functions directly so that
it's easier for intermediate loader packages to take user options from files
that the hooks can't be aware of, like many existing CJS monkey-patchers do.

Contributed by Joyee Cheung in #​55698.

Other notable changes
  • [59cae91465] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
  • [72f79b44ed] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
  • [b5a2c0777d] - (SEMVER-MINOR) module: add prefix-only modules to module.builtinModules (Jordan Harband) #​56185
  • [9863d27566] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
  • [8e780bc5ae] - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #​55698
  • [65bc8e847f] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #​56068
  • [0ab36e1937] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #​56213
  • [efcc5d90c5] - (SEMVER-MINOR) src,lib: stabilize permission model (Rafael Gonzaga) #​56201
Commits

Configuration

📅 Schedule: Branch creation - "* * * * 0,6" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Oct 19, 2024
@renovate renovate bot force-pushed the renovate/node-23.x branch from 298d6ce to a3013e3 Compare October 25, 2024 20:16
@renovate renovate bot force-pushed the renovate/node-23.x branch 2 times, most recently from 91f72de to df47042 Compare November 21, 2024 23:10
@renovate renovate bot force-pushed the renovate/node-23.x branch from df47042 to 0cd1a80 Compare December 11, 2024 02:42
@renovate renovate bot force-pushed the renovate/node-23.x branch from 0cd1a80 to ddda2c8 Compare December 20, 2024 19:07
@renovate renovate bot force-pushed the renovate/node-23.x branch from ddda2c8 to c18367d Compare January 8, 2025 05:30
@renovate renovate bot force-pushed the renovate/node-23.x branch from c18367d to 98c2f37 Compare January 22, 2025 19:21
@renovate renovate bot force-pushed the renovate/node-23.x branch from 98c2f37 to 7fcee0a Compare January 31, 2025 22:34
@renovate renovate bot force-pushed the renovate/node-23.x branch from 13f78a7 to 222c83b Compare February 7, 2025 10:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants