Skip to content

Commit 67a9e32

Browse files
Update Node.js to v20.20.0 (#4783)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [node](https://redirect.github.com/nodejs/node) | final | minor | `20.19-alpine` → `20.20-alpine` | --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v20.20.0`](https://redirect.github.com/nodejs/node/releases/tag/v20.20.0): 2026-01-13, Version 20.20.0 &#x27;Iron&#x27; (LTS), @&#8203;marco-ippolito [Compare Source](https://redirect.github.com/nodejs/node/compare/v20.19.6...v20.20.0) This is a security release. ##### Notable Changes lib: - (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) [nodejs-private/node-private#802](https://redirect.github.com/nodejs-private/node-private/pull/802) - (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) [nodejs-private/node-private#797](https://redirect.github.com/nodejs-private/node-private/pull/797) lib,permission: - (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) [nodejs-private/node-private#760](https://redirect.github.com/nodejs-private/node-private/pull/760) src: - (CVE-2025-59466) rethrow stack overflow exceptions in async\_hooks (Matteo Collina) [nodejs-private/node-private#773](https://redirect.github.com/nodejs-private/node-private/pull/773) src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) [nodejs-private/node-private#759](https://redirect.github.com/nodejs-private/node-private/pull/759) tls: - (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) [nodejs-private/node-private#796](https://redirect.github.com/nodejs-private/node-private/pull/796) ##### Commits - \[[`8f9ba3f623`](https://redirect.github.com/nodejs/node/commit/8f9ba3f623)] - **deps**: update c-ares to v1.34.6 (Node.js GitHub Bot) [#&#8203;60997](https://redirect.github.com/nodejs/node/pull/60997) - \[[`97fc9b0eb7`](https://redirect.github.com/nodejs/node/commit/97fc9b0eb7)] - **deps**: update undici to 6.23.0 (Matteo Collina) [nodejs-private/node-private#792](https://redirect.github.com/nodejs-private/node-private/pull/792) - \[[`14fbbb510c`](https://redirect.github.com/nodejs/node/commit/14fbbb510c)] - **(CVE-2025-55132)** **lib**: disable futimes when permission model is enabled (RafaelGSS) [nodejs-private/node-private#802](https://redirect.github.com/nodejs-private/node-private/pull/802) - \[[`1febc48d5b`](https://redirect.github.com/nodejs/node/commit/1febc48d5b)] - **(CVE-2025-59465)** **lib**: add TLSSocket default error handler (RafaelGSS) [nodejs-private/node-private#797](https://redirect.github.com/nodejs-private/node-private/pull/797) - \[[`494f62dc23`](https://redirect.github.com/nodejs/node/commit/494f62dc23)] - **(CVE-2025-55130)** **lib,permission**: require full read and write to symlink APIs (RafaelGSS) [nodejs-private/node-private#760](https://redirect.github.com/nodejs-private/node-private/pull/760) - \[[`d7a5c587c0`](https://redirect.github.com/nodejs/node/commit/d7a5c587c0)] - **(CVE-2025-59466)** **src**: rethrow stack overflow exceptions in async\_hooks (Matteo Collina) [nodejs-private/node-private#773](https://redirect.github.com/nodejs-private/node-private/pull/773) - \[[`51f4de4b4a`](https://redirect.github.com/nodejs/node/commit/51f4de4b4a)] - **(CVE-2025-55131)** **src,lib**: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) [nodejs-private/node-private#759](https://redirect.github.com/nodejs-private/node-private/pull/759) - \[[`85f73e7057`](https://redirect.github.com/nodejs/node/commit/85f73e7057)] - **(CVE-2026-21637)** **tls**: route callback exceptions through error handlers (Matteo Collina) [nodejs-private/node-private#796](https://redirect.github.com/nodejs-private/node-private/pull/796) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Runroom/archetype-symfony). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
2 parents de1748d + ce29642 commit 67a9e32

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

.docker/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ COPY .docker/app/dev/61_extra.ini /etc/php${PHP_VERSION}/conf.d/
8080

8181
USER ${USER}
8282

83-
FROM node:20.19-alpine AS asset-builder
83+
FROM node:20.20-alpine AS asset-builder
8484

8585
WORKDIR /usr/app
8686

0 commit comments

Comments
 (0)