unboundsoftware/schemas
6
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 33 Activity

chore(deps): update node.js to v24.17.0 #870

Merged
renovate merged 1 commits from renovate/node-24.x into main 2026-06-21 19:19:58 +00:00
Conversation 0 Commits 1 Files Changed 1
+1 -1
renovate commented 2026-06-21 19:09:26 +00:00
Owner
Copy Link
Copy Source

This PR contains the following updates:

Package Type Update Change
node final minor 24.16.0-alpine24.17.0-alpine

Release Notes

nodejs/node (node)

v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes
  • (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
  • (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
  • (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
  • (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
  • (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
  • (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
  • (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
  • (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
  • (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
  • (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
  • (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
Commits

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [node](https://github.com/nodejs/node) | final | minor | `24.16.0-alpine` → `24.17.0-alpine` | --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v24.17.0`](https://github.com/nodejs/node/releases/tag/v24.17.0): 2026-06-18, Version 24.17.0 'Krypton' (LTS), @&#8203;aduh95 [Compare Source](https://github.com/nodejs/node/compare/v24.16.0...v24.17.0) This is a security release. ##### Notable Changes - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low ##### Commits - \[[`9e4dfc7bba`](https://github.com/nodejs/node/commit/9e4dfc7bba)] - **(CVE-2026-48933)** **crypto**: guard WebCrypto cipher output length (Filip Skokan) [nodejs-private/node-private#878](https://github.com/nodejs-private/node-private/pull/878) - \[[`cb2aed980c`](https://github.com/nodejs/node/commit/cb2aed980c)] - **deps**: update llhttp to 9.4.2 (Antoine du Hamel) [nodejs-private/node-private#890](https://github.com/nodejs-private/node-private/pull/890) - \[[`a8a0d12875`](https://github.com/nodejs/node/commit/a8a0d12875)] - **(CVE-2026-48937)** **deps**: fix integration issues with the latest nghttp2 (Tim Perry) [#&#8203;62891](https://github.com/nodejs/node/pull/62891) - \[[`66e6203c1c`](https://github.com/nodejs/node/commit/66e6203c1c)] - **(SEMVER-MAJOR)** **deps**: update nghttp2 to 1.69.0 (Node.js GitHub Bot) [#&#8203;62891](https://github.com/nodejs/node/pull/62891) - \[[`dd627ced27`](https://github.com/nodejs/node/commit/dd627ced27)] - **deps**: update archs files for openssl-3.5.7 (Node.js GitHub Bot) [#&#8203;63820](https://github.com/nodejs/node/pull/63820) - \[[`684bae568f`](https://github.com/nodejs/node/commit/684bae568f)] - **deps**: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) [#&#8203;63820](https://github.com/nodejs/node/pull/63820) - \[[`3a631e7f83`](https://github.com/nodejs/node/commit/3a631e7f83)] - **deps**: fix aix implicit declaration in OpenSSL (Abdirahim Musse) [#&#8203;62656](https://github.com/nodejs/node/pull/62656) - \[[`cf44df3996`](https://github.com/nodejs/node/commit/cf44df3996)] - **deps**: update undici to 7.28.0 (Node.js GitHub Bot) [#&#8203;63703](https://github.com/nodejs/node/pull/63703) - \[[`138c70294b`](https://github.com/nodejs/node/commit/138c70294b)] - **(CVE-2026-48930)** **dns,net**: reject hostnames with embedded NUL bytes (Matteo Collina) [nodejs-private/node-private#868](https://github.com/nodejs-private/node-private/pull/868) - \[[`be7e719c3f`](https://github.com/nodejs/node/commit/be7e719c3f)] - **(CVE-2026-48931)** **http**: fix response queue poisoning in http.Agent (Matteo Collina) [nodejs-private/node-private#846](https://github.com/nodejs-private/node-private/pull/846) - \[[`cc7c11b4d1`](https://github.com/nodejs/node/commit/cc7c11b4d1)] - **(CVE-2026-48619)** **http2**: cap originSet size to prevent unbounded memory growth (Matteo Collina) [nodejs-private/node-private#855](https://github.com/nodejs-private/node-private/pull/855) - \[[`9224427b92`](https://github.com/nodejs/node/commit/9224427b92)] - **(CVE-2026-48615)** **lib,test**: redact proxy credentials in tunnel errors (Matteo Collina) [nodejs-private/node-private#867](https://github.com/nodejs-private/node-private/pull/867) - \[[`cf85d54839`](https://github.com/nodejs/node/commit/cf85d54839)] - **(CVE-2026-48935)** **permission**: disable FileHandle utimes with permission model (RafaelGSS) [nodejs-private/node-private#873](https://github.com/nodejs-private/node-private/pull/873) - \[[`a1bbc24f96`](https://github.com/nodejs/node/commit/a1bbc24f96)] - **(CVE-2026-48617)** **permission**: handle process.chdir on writereport (RafaelGSS) [nodejs-private/node-private#870](https://github.com/nodejs-private/node-private/pull/870) - \[[`e3723ff2d6`](https://github.com/nodejs/node/commit/e3723ff2d6)] - **test**: add session reuse host verification regressions (Matteo Collina) [nodejs-private/node-private#854](https://github.com/nodejs-private/node-private/pull/854) - \[[`a77af4867b`](https://github.com/nodejs/node/commit/a77af4867b)] - **(CVE-2026-48934)** **tls**: bind reusable sessions to authenticated host (Matteo Collina) [nodejs-private/node-private#854](https://github.com/nodejs-private/node-private/pull/854) - \[[`31beb4f707`](https://github.com/nodejs/node/commit/31beb4f707)] - **(CVE-2026-48928)** **tls**: fix case-sensitive SNI context matching (Matteo Collina) [nodejs-private/node-private#857](https://github.com/nodejs-private/node-private/pull/857) - \[[`8e75c73f91`](https://github.com/nodejs/node/commit/8e75c73f91)] - **(CVE-2026-48618)** **tls**: normalize hostname for server identity checks (Matteo Collina) [nodejs-private/node-private#869](https://github.com/nodejs-private/node-private/pull/869) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate added 1 commit 2026-06-21 19:09:28 +00:00
chore(deps): update node.js to v24.17.0
renovate/stability-days Updates have met minimum release age requirement
Details
schemas / check (pull_request) Successful in 2m31s
Details
schemas / vulnerabilities (pull_request) Successful in 1m45s
Details
schemas / check-release (pull_request) Successful in 2m52s
Details
pre-commit / pre-commit (pull_request) Successful in 5m54s
Details
schemas / build (pull_request) Successful in 5m14s
Details
schemas / deploy-prod (pull_request) Has been skipped
Details
7ba46cdbba
renovate scheduled this pull request to auto merge when all checks succeed 2026-06-21 19:09:29 +00:00
renovate merged commit 2b85a65f3c into main 2026-06-21 19:19:58 +00:00
renovate deleted branch renovate/node-24.x 2026-06-21 19:20:00 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
go
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
acctest (Shiny Acctest) argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unboundsoftware/schemas#870
Delete Branch "renovate/node-24.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?