Commit 84777cf
build: bump Node to 24.18 for June 2026 security releases (#354)
The June 18 2026 Node.js security releases fix several HIGH/MEDIUM CVEs
on the 24.x line, with 24.17.0 as the first patched release. The service
images were pinned to 24.15, below that line. Bump to 24.18-alpine3.23
(latest 24.x) to pick up the fixes, including:
- CVE-2026-48618 (HIGH) TLS wildcard-depth auth bypass
- CVE-2026-48933 (HIGH) WebCrypto AES integer overflow crash
- CVE-2026-48928/48930/48934 (MEDIUM) TLS/SNI identity verification bypasses
- CVE-2026-48619 (MEDIUM) unbounded HTTP/2 memory growth via ORIGIN frames
Advisory: https://nodejs.org/en/blog/vulnerability/june-2026-security-releases
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent 6511fcb commit 84777cf
1 file changed
Lines changed: 2 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | | - | |
| 2 | + | |
3 | 3 | | |
4 | 4 | | |
5 | 5 | | |
| |||
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
20 | | - | |
| 20 | + | |
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
| |||
0 commit comments