Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: update OpenSSL to 3.0.13+quic1 #51614

Closed
wants to merge 2 commits into from
Closed

deps: update OpenSSL to 3.0.13+quic1 #51614

wants to merge 2 commits into from

Conversation

nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot nodejs-github-bot commented Jan 31, 2024
edited by richardlau

This is an automated update of OpenSSL to 3.0.13+quic1.

PR created via https://github.com/nodejs/node/actions/runs/7726382211/job/21062547257

@nodejs-github-bot nodejs-github-bot added the dependencies Pull requests that update a dependency file. label Jan 31, 2024
@nodejs-github-bot
Copy link
Collaborator Author

Review requested:

  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. labels Jan 31, 2024
@richardlau richardlau added request-ci Add this label to start a Jenkins CI on a PR. commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. labels Jan 31, 2024
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jan 31, 2024
@nodejs-github-bot
Copy link
Collaborator Author

CI: https://ci.nodejs.org/job/node-test-pull-request/56975/

mhdawson
mhdawson approved these changes Jan 31, 2024
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber stamp LGTM

@aduh95 aduh95 added the commit-queue Add this label to land a pull request using GitHub Actions. label Jan 31, 2024
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Feb 2, 2024
@nodejs-github-bot
Copy link
Collaborator Author

Landed in 68885d5...f09e9ad

nodejs-github-bot added a commit that referenced this pull request Feb 2, 2024
@nodejs-github-bot
deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1
a8176e5 
PR-URL: #51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
nodejs-github-bot added a commit that referenced this pull request Feb 2, 2024
@nodejs-github-bot
deps: update archs files for openssl-3.0.13+quic1
f09e9ad 
PR-URL: #51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@richardlau richardlau deleted the actions/tools-update-openssl branch February 2, 2024 13:00
rdw-msft pushed a commit to rdw-msft/node that referenced this pull request Feb 9, 2024
@nodejs-github-bot @rdw-msft
deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1
24d8d9c 
PR-URL: nodejs#51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
rdw-msft pushed a commit to rdw-msft/node that referenced this pull request Feb 9, 2024
@nodejs-github-bot @rdw-msft
deps: update archs files for openssl-3.0.13+quic1
cf08c9f 
PR-URL: nodejs#51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@openpef openpef mentioned this pull request Feb 12, 2024
Closed
RafaelGSS pushed a commit that referenced this pull request Feb 14, 2024
@marco-ippolito @RafaelGSS
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
2a5a150 
This is a security release.

Notable changes:

crypto:
  * update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525
deps:
  * upgrade npm to 10.2.4 (npm team) #50751
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com//pull/51614
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) #51614
http:
  * add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#520
lib:
  * update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#536
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) nodejs-private/node-private#505
test:
  * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) #49621
tools:
  * add macOS notarization verification step (Ulises Gascón) #50833
  * use macOS keychain to notarize the releases (Ulises Gascón) #50715
  * remove unused file (Ulises Gascon) #50622
  * add macOS notarization stapler (Ulises Gascón) #50625
  * improve macOS notarization process output readability (Ulises Gascón) #50389
  * remove unused `version` function (Ulises Gascón) #50390
win,tools:
  * upgrade Windows signing to smctl (Stefan Stojanovic) #50956
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#542

PR-URL: nodejs-private/node-private#545
RafaelGSS pushed a commit that referenced this pull request Feb 14, 2024
@marco-ippolito @RafaelGSS
2024-02-14, Version 20.11.1 'Iron' (LTS)
5405aa5 
This is a security release.

Notable changes:

crypto:
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525
deps:
  * upgrade libuv to 1.48.0 (Santiago Gimeno) #51699
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614
  * disable io\_uring support in libuv by default (Tobias Nießen) nodejs-private/node-private#529
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) #51737
fs:
  * protect against modified Buffer internals in possiblyTransformPath (Tobias Nießen) nodejs-private/node-private#49
http:
  * add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#519
lib:
  * update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#539
  * use cache fs internals against path traversal (RafaelGSS) nodejs-private/node-private#516
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) nodejs-private/node-private#505
src,deps:
  * disable setuid() etc if io\_uring enabled (Tobias Nießen) nodejs-private/node-private#529
test,doc:
  * clarify wildcard usage (RafaelGSS) nodejs-private/node-private#517
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#541

PR-URL: nodejs-private/node-private#544
erikolofsson pushed a commit to Malterlib/node that referenced this pull request Feb 19, 2024
@santigimeno @erikolofsson
deps: fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806
2bd8ed6 
Refs: GHSA-f74f-cvh7-c6q6
PR-URL: nodejs#51614
marco-ippolito pushed a commit to marco-ippolito/node that referenced this pull request Feb 19, 2024
@nodejs-github-bot @marco-ippolito
deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1
0f53e14 
PR-URL: nodejs#51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
marco-ippolito pushed a commit to marco-ippolito/node that referenced this pull request Feb 19, 2024
@nodejs-github-bot @marco-ippolito
deps: update archs files for openssl-3.0.13+quic1
780cfec 
PR-URL: nodejs#51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
rdw-msft pushed a commit to rdw-msft/node that referenced this pull request Mar 20, 2024
@marco-ippolito @rdw-msft
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
d3b30e1 
This is a security release.

Notable changes:

crypto:
  * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs#50805
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
  * upgrade npm to 10.2.4 (npm team) nodejs#50751
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs#51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/pull/51614
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs#51614
http:
  * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520
lib:
  * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
test:
  * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs#49621
tools:
  * add macOS notarization verification step (Ulises Gascón) nodejs#50833
  * use macOS keychain to notarize the releases (Ulises Gascón) nodejs#50715
  * remove unused file (Ulises Gascon) nodejs#50622
  * add macOS notarization stapler (Ulises Gascón) nodejs#50625
  * improve macOS notarization process output readability (Ulises Gascón) nodejs#50389
  * remove unused `version` function (Ulises Gascón) nodejs#50390
win,tools:
  * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs#50956
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542

PR-URL: https://github.com/nodejs-private/node-private/pull/545
rdw-msft pushed a commit to rdw-msft/node that referenced this pull request Mar 20, 2024
@marco-ippolito @rdw-msft
2024-02-14, Version 20.11.1 'Iron' (LTS)
85cabdf 
This is a security release.

Notable changes:

crypto:
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
  * upgrade libuv to 1.48.0 (Santiago Gimeno) nodejs#51699
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs#51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs#51614
  * disable io\_uring support in libuv by default (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/529
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs#51737
fs:
  * protect against modified Buffer internals in possiblyTransformPath (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/49
http:
  * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/519
lib:
  * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/539
  * use cache fs internals against path traversal (RafaelGSS) https://github.com/nodejs-private/node-private/pull/516
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
src,deps:
  * disable setuid() etc if io\_uring enabled (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/529
test,doc:
  * clarify wildcard usage (RafaelGSS) https://github.com/nodejs-private/node-private/pull/517
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/541

PR-URL: https://github.com/nodejs-private/node-private/pull/544
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1
22ec7d9 
PR-URL: nodejs/node#51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
deps: update archs files for openssl-3.0.13+quic1
dc79310 
PR-URL: nodejs/node#51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
deps: fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806
919f40b 
Refs: GHSA-f74f-cvh7-c6q6
PR-URL: nodejs/node#51614
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
1ddeb10 
This is a security release.

Notable changes:

crypto:
  * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs/node#50805
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
  * upgrade npm to 10.2.4 (npm team) nodejs/node#50751
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs/node#51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/node/pull/51614
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs/node#51614
http:
  * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520
lib:
  * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
test:
  * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs/node#49621
tools:
  * add macOS notarization verification step (Ulises Gascón) nodejs/node#50833
  * use macOS keychain to notarize the releases (Ulises Gascón) nodejs/node#50715
  * remove unused file (Ulises Gascon) nodejs/node#50622
  * add macOS notarization stapler (Ulises Gascón) nodejs/node#50625
  * improve macOS notarization process output readability (Ulises Gascón) nodejs/node#50389
  * remove unused `version` function (Ulises Gascón) nodejs/node#50390
win,tools:
  * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs/node#50956
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542

PR-URL: https://github.com/nodejs-private/node-private/pull/545
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1
4ab7ea5 
PR-URL: nodejs/node#51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
deps: update archs files for openssl-3.0.13+quic1
ab95574 
PR-URL: nodejs/node#51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
deps: fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806
f428618 
Refs: GHSA-f74f-cvh7-c6q6
PR-URL: nodejs/node#51614
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
d02cd45 
This is a security release.

Notable changes:

crypto:
  * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs/node#50805
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
  * upgrade npm to 10.2.4 (npm team) nodejs/node#50751
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs/node#51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/node/pull/51614
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs/node#51614
http:
  * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520
lib:
  * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
test:
  * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs/node#49621
tools:
  * add macOS notarization verification step (Ulises Gascón) nodejs/node#50833
  * use macOS keychain to notarize the releases (Ulises Gascón) nodejs/node#50715
  * remove unused file (Ulises Gascon) nodejs/node#50622
  * add macOS notarization stapler (Ulises Gascón) nodejs/node#50625
  * improve macOS notarization process output readability (Ulises Gascón) nodejs/node#50389
  * remove unused `version` function (Ulises Gascón) nodejs/node#50390
win,tools:
  * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs/node#50956
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542

PR-URL: https://github.com/nodejs-private/node-private/pull/545
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lpinca lpinca lpinca approved these changes

@richardlau richardlau richardlau approved these changes

@mhdawson mhdawson mhdawson approved these changes

@RafaelGSS RafaelGSS RafaelGSS approved these changes

@marco-ippolito marco-ippolito marco-ippolito approved these changes

Assignees
No one assigned
Labels
commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@nodejs-github-bot @lpinca @richardlau @mhdawson @RafaelGSS @marco-ippolito @aduh95