housekeeping: Update Node.js to v16.20.2 (#2759)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [node](https://togithub.com/nodejs/node) | stage | minor |
`16.19.1-buster` -> `16.20.2-buster` |

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

###
[`v16.20.2`](https://togithub.com/nodejs/node/releases/tag/v16.20.2):
2023-08-09, Version 16.20.2 &#x27;Gallium&#x27; (LTS), @&#8203;RafaelGSS

[Compare
Source](https://togithub.com/nodejs/node/compare/v16.20.1...v16.20.2)

This is a security release.

##### Notable Changes

The following CVEs are fixed in this release:

-
[CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002):
Policies can be bypassed via Module.\_load (High)
-
[CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006):
Policies can be bypassed by module.constructor.createRequire (Medium)
-
[CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559):
Policies can be bypassed via process.binding (Medium)
-   OpenSSL Security Releases
- [OpenSSL security advisory 14th
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html).
- [OpenSSL security advisory 19th
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html).
- [OpenSSL security advisory 31st
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html)

More detailed information on each of the vulnerabilities can be found in
[August 2023 Security
Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/)
blog post.

##### Commits

- \[[`40c3958a5a`](https://togithub.com/nodejs/node/commit/40c3958a5a)]
- **deps**: update archs files for OpenSSL-1.1.1v (RafaelGSS)
[#&#8203;49043](https://togithub.com/nodejs/node/pull/49043)
- \[[`a9ac9da89a`](https://togithub.com/nodejs/node/commit/a9ac9da89a)]
- **deps**: fix openssl crypto clean (RafaelGSS)
[#&#8203;49043](https://togithub.com/nodejs/node/pull/49043)
- \[[`362d4c7494`](https://togithub.com/nodejs/node/commit/362d4c7494)]
- **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1v (RafaelGSS)
[#&#8203;49043](https://togithub.com/nodejs/node/pull/49043)
- \[[`d8ccfe9ad4`](https://togithub.com/nodejs/node/commit/d8ccfe9ad4)]
- **policy**: handle Module.constructor and main.extensions bypass
(RafaelGSS)
[nodejs-private/node-private#445](https://togithub.com/nodejs-private/node-private/pull/445)
- \[[`242aaa0caa`](https://togithub.com/nodejs/node/commit/242aaa0caa)]
- **policy**: disable process.binding() when enabled (Tobias Nießen)
[nodejs-private/node-private#459](https://togithub.com/nodejs-private/node-private/pull/459)

###
[`v16.20.1`](https://togithub.com/nodejs/node/releases/tag/v16.20.1):
2023-06-20, Version 16.20.1 &#x27;Gallium&#x27; (LTS), @&#8203;RafaelGSS

[Compare
Source](https://togithub.com/nodejs/node/compare/v16.20.0...v16.20.1)

This is a security release.

##### Notable Changes

The following CVEs are fixed in this release:

-
[CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581):
`mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
-
[CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585):
Privilege escalation via Malicious Registry Key manipulation during
Node.js installer repair process (Medium)
-
[CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588):
Process interuption due to invalid Public Key information in x509
certificates (Medium)
-
[CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589):
HTTP Request Smuggling via Empty headers separated by CR (Medium)
-
[CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590):
DiffieHellman does not generate keys after setting a private key
(Medium)
-   OpenSSL Security Releases
- [OpenSSL security advisory 28th
March](https://www.openssl.org/news/secadv/20230328.txt).
- [OpenSSL security advisory 20th
April](https://www.openssl.org/news/secadv/20230420.txt).
- [OpenSSL security advisory 30th
May](https://www.openssl.org/news/secadv/20230530.txt)
-   c-ares vulnerabilities:
-
[GHSA-9g78-jv2r-p7vc](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc)
-
[GHSA-8r8p-23f3-64c2](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2)
-
[GHSA-54xr-f67r-4pc4](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4)
-
[GHSA-x6mf-cxr9-8q6v](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v)

More detailed information on each of the vulnerabilities can be found in
[June 2023 Security
Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/)
blog post.

##### Commits

- \[[`5a92ea7a3b`](https://togithub.com/nodejs/node/commit/5a92ea7a3b)]
- **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen)
- \[[`5df04e893a`](https://togithub.com/nodejs/node/commit/5df04e893a)]
- **deps**: set `CARES_RANDOM_FILE` for c-ares (Richard Lau)
[#&#8203;48156](https://togithub.com/nodejs/node/pull/48156)
- \[[`c171cbd124`](https://togithub.com/nodejs/node/commit/c171cbd124)]
- **deps**: update c-ares to 1.19.1 (RafaelGSS)
[#&#8203;48115](https://togithub.com/nodejs/node/pull/48115)
- \[[`155d3aac02`](https://togithub.com/nodejs/node/commit/155d3aac02)]
- **deps**: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS)
[#&#8203;48369](https://togithub.com/nodejs/node/pull/48369)
- \[[`8d4c8f8ebe`](https://togithub.com/nodejs/node/commit/8d4c8f8ebe)]
- **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1u (RafaelGSS)
[#&#8203;48369](https://togithub.com/nodejs/node/pull/48369)
- \[[`1a5c9284eb`](https://togithub.com/nodejs/node/commit/1a5c9284eb)]
- **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen)
[nodejs-private/node-private#426](https://togithub.com/nodejs-private/node-private/pull/426)
- \[[`e42ff4b018`](https://togithub.com/nodejs/node/commit/e42ff4b018)]
- **http**: disable request smuggling via empty headers (Paolo Insogna)
[nodejs-private/node-private#429](https://togithub.com/nodejs-private/node-private/pull/429)
- \[[`10042683c8`](https://togithub.com/nodejs/node/commit/10042683c8)]
- **msi**: do not create AppData\Roaming\npm (Tobias Nießen)
[nodejs-private/node-private#408](https://togithub.com/nodejs-private/node-private/pull/408)
- \[[`a6f4e87bc9`](https://togithub.com/nodejs/node/commit/a6f4e87bc9)]
- **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS)
[nodejs-private/node-private#416](https://togithub.com/nodejs-private/node-private/pull/416)
- \[[`b77000f4d7`](https://togithub.com/nodejs/node/commit/b77000f4d7)]
- **test**: allow SIGBUS in signal-handler abort test (Michaël Zasso)
[#&#8203;47851](https://togithub.com/nodejs/node/pull/47851)

###
[`v16.20.0`](https://togithub.com/nodejs/node/releases/tag/v16.20.0):
2023-03-29, Version 16.20.0 &#x27;Gallium&#x27; (LTS),
@&#8203;BethGriggs

[Compare
Source](https://togithub.com/nodejs/node/compare/v16.19.1...v16.20.0)

##### Notable Changes

-   **deps:**
- update undici to 5.20.0 (Node.js GitHub Bot)
[#&#8203;46711](https://togithub.com/nodejs/node/pull/46711)
- update c-ares to 1.19.0 (Michaël Zasso)
[#&#8203;46415](https://togithub.com/nodejs/node/pull/46415)
- upgrade npm to 8.19.4 (npm team)
[#&#8203;46677](https://togithub.com/nodejs/node/pull/46677)
- update corepack to 0.17.0 (Node.js GitHub Bot)
[#&#8203;46842](https://togithub.com/nodejs/node/pull/46842)
- **(SEMVER-MINOR)** **src**: add support for externally shared js
builtins (Michael Dawson)
[#&#8203;44376](https://togithub.com/nodejs/node/pull/44376)

##### Commits

- \[[`de6dd67790`](https://togithub.com/nodejs/node/commit/de6dd67790)]
- **crypto**: avoid hang when no algorithm available (Richard Lau)
[#&#8203;46237](https://togithub.com/nodejs/node/pull/46237)
- \[[`4617512788`](https://togithub.com/nodejs/node/commit/4617512788)]
- **crypto**: ensure auth tag set for chacha20-poly1305 (Ben Noordhuis)
[#&#8203;46185](https://togithub.com/nodejs/node/pull/46185)
- \[[`24972164fc`](https://togithub.com/nodejs/node/commit/24972164fc)]
- **deps**: update undici to 5.20.0 (Node.js GitHub Bot)
[#&#8203;46711](https://togithub.com/nodejs/node/pull/46711)
- \[[`85f88c6a8d`](https://togithub.com/nodejs/node/commit/85f88c6a8d)]
- **deps**: V8: cherry-pick
[`90be99f`](https://togithub.com/nodejs/node/commit/90be99fab31c)
(Michaël Zasso)
[#&#8203;46646](https://togithub.com/nodejs/node/pull/46646)
- \[[`b4ebe6d47b`](https://togithub.com/nodejs/node/commit/b4ebe6d47b)]
- **deps**: update c-ares to 1.19.0 (Michaël Zasso)
[#&#8203;46415](https://togithub.com/nodejs/node/pull/46415)
- \[[`56cbc7fdda`](https://togithub.com/nodejs/node/commit/56cbc7fdda)]
- **deps**: V8: cherry-pick
[`c2792e5`](https://togithub.com/nodejs/node/commit/c2792e58035f)
(Jiawen Geng)
[#&#8203;44961](https://togithub.com/nodejs/node/pull/44961)
- \[[`7af9bdb31e`](https://togithub.com/nodejs/node/commit/7af9bdb31e)]
- **deps**: upgrade npm to 8.19.4 (npm team)
[#&#8203;46677](https://togithub.com/nodejs/node/pull/46677)
- \[[`962a7471b5`](https://togithub.com/nodejs/node/commit/962a7471b5)]
- **deps**: update corepack to 0.17.0 (Node.js GitHub Bot)
[#&#8203;46842](https://togithub.com/nodejs/node/pull/46842)
- \[[`748bc96e35`](https://togithub.com/nodejs/node/commit/748bc96e35)]
- **deps**: update corepack to 0.16.0 (Node.js GitHub Bot)
[#&#8203;46710](https://togithub.com/nodejs/node/pull/46710)
- \[[`a467782499`](https://togithub.com/nodejs/node/commit/a467782499)]
- **deps**: update corepack to 0.15.3 (Node.js GitHub Bot)
[#&#8203;46037](https://togithub.com/nodejs/node/pull/46037)
- \[[`1913b6763d`](https://togithub.com/nodejs/node/commit/1913b6763d)]
- **deps**: update corepack to 0.15.2 (Node.js GitHub Bot)
[#&#8203;45635](https://togithub.com/nodejs/node/pull/45635)
- \[[`809371a15f`](https://togithub.com/nodejs/node/commit/809371a15f)]
- **module**: require.resolve.paths returns null with node schema
(MURAKAMI Masahiko)
[#&#8203;45147](https://togithub.com/nodejs/node/pull/45147)
- \[[`086bb2f8d4`](https://togithub.com/nodejs/node/commit/086bb2f8d4)]
- ***Revert*** "**src**: let http2 streams end after session close"
(Rich Trott)
[#&#8203;46721](https://togithub.com/nodejs/node/pull/46721)
- \[[`6a01d39120`](https://togithub.com/nodejs/node/commit/6a01d39120)]
- **(SEMVER-MINOR)** **src**: add support for externally shared js
builtins (Michael Dawson)
[#&#8203;44376](https://togithub.com/nodejs/node/pull/44376)
- \[[`d081032a60`](https://togithub.com/nodejs/node/commit/d081032a60)]
- **test**: fix test-net-connect-reset-until-connected (Vita Batrla)
[#&#8203;46781](https://togithub.com/nodejs/node/pull/46781)
- \[[`efe1be47ec`](https://togithub.com/nodejs/node/commit/efe1be47ec)]
- **test**: skip test depending on `overlapped-checker` when not
available (Antoine du Hamel)
[#&#8203;45015](https://togithub.com/nodejs/node/pull/45015)
- \[[`fc47d58abe`](https://togithub.com/nodejs/node/commit/fc47d58abe)]
- **test**: remove cjs loader from stack traces (Geoffrey Booth)
[#&#8203;44197](https://togithub.com/nodejs/node/pull/44197)
- \[[`cf76d0790d`](https://togithub.com/nodejs/node/commit/cf76d0790d)]
- **test**: fix WPT title when no META title is present (Filip Skokan)
[#&#8203;46804](https://togithub.com/nodejs/node/pull/46804)
- \[[`0d1485b924`](https://togithub.com/nodejs/node/commit/0d1485b924)]
- **test**: fix default WPT titles (Filip Skokan)
[#&#8203;46778](https://togithub.com/nodejs/node/pull/46778)
- \[[`088e9cde3d`](https://togithub.com/nodejs/node/commit/088e9cde3d)]
- **test**: add WPTRunner support for variants and generating WPT
reports (Filip Skokan)
[#&#8203;46498](https://togithub.com/nodejs/node/pull/46498)
- \[[`908c4dff44`](https://togithub.com/nodejs/node/commit/908c4dff44)]
- **test**: mark test-crypto-key-objects flaky on Linux (Richard Lau)
[#&#8203;46684](https://togithub.com/nodejs/node/pull/46684)
- \[[`768e56227e`](https://togithub.com/nodejs/node/commit/768e56227e)]
- **tools**: make `utils.SearchFiles` deterministic (Bruno Pitrus)
[#&#8203;44496](https://togithub.com/nodejs/node/pull/44496)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log [here](https://developer.mend.io/github/lyft/clutch).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi40MC4zIiwidXBkYXRlZEluVmVyIjoiMzYuNDAuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Dockerfile

@@ -1,5 +1,5 @@
 # Frontend build.
-FROM node:16.19.1-buster as nodebuild
+FROM node:16.20.2-buster as nodebuild
 COPY ./frontend ./frontend
 COPY ./tools/install-yarn.sh ./tools/install-yarn.sh
 COPY ./tools/preflight-checks.sh ./tools/preflight-checks.sh