From 3d5f717b7a47fc49b6ae67af7e087da0cfc33a64 Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Sun, 5 Apr 2026 08:04:53 +0900 Subject: [PATCH] node: bump to 22.22.2 This is a security release. Notable Changes * (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High * (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High * (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) - Medium * (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium * (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium * (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low * (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low Signed-off-by: Hirokazu MORIKAWA --- lang/node/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/node/Makefile b/lang/node/Makefile index fa8a1eabf1..ac4550d70a 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=node -PKG_VERSION:=22.22.0 +PKG_VERSION:=22.22.2 PKG_RELEASE:=1 NODE_MODULE_VERSION:=127 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nodejs.org/dist/v$(PKG_VERSION) -PKG_HASH:=5a4585d7f26bfb283267194b299243efea5ee6edd2fbf887825469b4ac94aece +PKG_HASH:=f4b9606f33aef725a77b6292460102b48b80902571a8bb94cd769837ee0577df PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION) -NODEJS_BIN_SUM:=c33c39ed9c80deddde77c960d00119918b9e352426fd604ba41638d6526a4744 +NODEJS_BIN_SUM:=978978a635eef872fa68beae09f0aad0bbbae6757e444da80b570964a97e62a3 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-v$(PKG_VERSION) PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella