Closed
Bug 1792227
Opened 2 years ago
Closed 2 years ago
Update node to v16.17.1
Categories
(Firefox Build System :: Toolchains, defect)
Firefox Build System
Toolchains
Tracking
(firefox-esr102 fixed, firefox106 fixed, firefox107 fixed)
RESOLVED
FIXED
107 Branch
People
(Reporter: RyanVM, Assigned: RyanVM)
References
()
Details
Attachments
(1 file)
48 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
RyanVM
:
approval-mozilla-esr102+
|
Details | Review |
Notable changes
The following CVEs are fixed in this release:
- CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
- CVE-2022-32213: bypass via obs-fold mechanic (Medium)
- CVE-2022-35255: Weak randomness in WebCrypto keygen
- CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
We'd also be moving from v16.16 to v16.17, which has a longer changelog:
https://nodejs.org/en/blog/release/v16.17.0/
Assignee | ||
Comment 1•2 years ago
|
||
Assignee | ||
Comment 2•2 years ago
|
||
Updated•2 years ago
|
Assignee: nobody → ryanvm
Status: NEW → ASSIGNED
Pushed by rvandermeulen@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c5082613b6f2 Update node to v16.17.1. r=firefox-build-system-reviewers,ahochheiden
Comment 4•2 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox107:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 107 Branch
Assignee | ||
Comment 5•2 years ago
|
||
Comment on attachment 9296001 [details]
Bug 1792227 - Update node to v16.17.1.
Beta/Release Uplift Approval Request
- User impact if declined: Not much, this is mostly used in our build system. It would be good to have, though.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Just a minor nodejs point release to fix known security issues.
- String changes made/needed:
- Is Android affected?: No
Attachment #9296001 -
Flags: approval-mozilla-esr102?
Attachment #9296001 -
Flags: approval-mozilla-beta?
Comment 6•2 years ago
|
||
Comment on attachment 9296001 [details]
Bug 1792227 - Update node to v16.17.1.
Approved for 106.0b7, thanks.
Attachment #9296001 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 7•2 years ago
|
||
bugherder uplift |
status-firefox106:
--- → fixed
Assignee | ||
Comment 8•2 years ago
|
||
Comment on attachment 9296001 [details]
Bug 1792227 - Update node to v16.17.1.
Approved for 102.4esr.
Attachment #9296001 -
Flags: approval-mozilla-esr102? → approval-mozilla-esr102+
Assignee | ||
Comment 9•2 years ago
|
||
bugherder uplift |
status-firefox-esr102:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•