<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-devtools/nodejs, branch kirkstone-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2025-01-23T00:12:54+00:00</updated>
<entry>
<title>meta-oe: Remove True option to getVar calls</title>
<updated>2025-01-23T00:12:54+00:00</updated>
<author>
<name>akash hadke</name>
<email>akash.hadke27@gmail.com</email>
</author>
<published>2025-01-10T11:09:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=198cf66134afa9d7631ee9a1e1a08d396fa58e8a'/>
<id>urn:sha1:198cf66134afa9d7631ee9a1e1a08d396fa58e8a</id>
<content type='text'>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.

Signed-off-by: Akash Hadke &lt;akash.hadke27@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: fix CVE-2023-46809</title>
<updated>2024-06-02T19:10:59+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2024-02-27T11:37:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=3eb9002ce702df3c6a6b4702672eea58143d95d8'/>
<id>urn:sha1:3eb9002ce702df3c6a6b4702672eea58143d95d8</id>
<content type='text'>
Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: fix CVE-2024-22025</title>
<updated>2024-06-02T19:09:02+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2024-02-27T11:37:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=17db7e96c4f0155cfbaf52caf1461ba76cd05fdd'/>
<id>urn:sha1:17db7e96c4f0155cfbaf52caf1461ba76cd05fdd</id>
<content type='text'>
Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: fix CVE-2024-22019</title>
<updated>2024-06-02T19:08:41+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2024-02-27T02:17:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=7b468c6f83352d288d8e01f663539c93a65bf884'/>
<id>urn:sha1:7b468c6f83352d288d8e01f663539c93a65bf884</id>
<content type='text'>
Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: Set CVE_PRODUCT to "node.js"</title>
<updated>2024-02-28T13:18:18+00:00</updated>
<author>
<name>virendra thakur</name>
<email>thakur.virendra1810@gmail.com</email>
</author>
<published>2024-02-09T06:11:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=1915dcb8e821404045e698ab871c0a12edc11e39'/>
<id>urn:sha1:1915dcb8e821404045e698ab871c0a12edc11e39</id>
<content type='text'>
Set CVE_PRODUCT to 'node.js' for nodjs recipe

Signed-off-by: virendra thakur &lt;virendrak@kpit.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: fix CVE-2022-25883</title>
<updated>2023-09-04T15:59:59+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-08-31T04:57:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d3ee870fb0acbda1c27aa58311547733cccb1df2'/>
<id>urn:sha1:d3ee870fb0acbda1c27aa58311547733cccb1df2</id>
<content type='text'>
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression
Denial of Service (ReDoS) via the function new Range, when untrusted user data is
provided as a range.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-25883

Upstream patches:
https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: upgrade 16.20.1 -&gt; 16.20.2</title>
<updated>2023-08-11T14:32:04+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-08-10T13:42:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=529620141e773080a6a7be4615fb7993204af883'/>
<id>urn:sha1:529620141e773080a6a7be4615fb7993204af883</id>
<content type='text'>
This release contains bug fixes only.
The following CVEs have been addressed:

CVE-2023-32002
CVE-2023-32006
CVE-2023-32559

$ git log --oneline v16.20.1..v16.20.2
dadbde963f (tag: v16.20.2) 2023-08-09, Version 16.20.2 'Gallium' (LTS)
d8ccfe9ad4 policy: handle Module.constructor and main.extensions bypass
242aaa0caa policy: disable process.binding() when enabled
40c3958a5a  deps: update archs files for OpenSSL-1.1.1v
a9ac9da89a deps: fix openssl crypto clean
362d4c7494 deps: upgrade openssl sources to OpenSSL_1_1_1v
7447de2794 Working on v16.20.2

https://github.com/nodejs/node/releases/tag/v16.20.2

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: upgrade 16.19.1 -&gt; 16.20.1</title>
<updated>2023-07-16T19:30:53+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-07-11T13:39:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8814f259022cca509b02f4703db2df53eeed70f3'/>
<id>urn:sha1:8814f259022cca509b02f4703db2df53eeed70f3</id>
<content type='text'>
Drop the gcc13.patch as it has been merged in 16.20.1
    56cbc7fdda deps: V8: cherry-pick c2792e58035f

The list of the CVEs are fixed in this relase:

    CVE-2023-30581
    CVE-2023-30585
    CVE-2023-30588
    CVE-2023-30589
    CVE-2023-30590

https://nodejs.org/en/blog/release/v16.20.0
https://nodejs.org/en/blog/release/v16.20.1

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: Fix build with gcc13</title>
<updated>2023-05-19T13:46:38+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2023-05-18T09:41:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4cc7363978f81736e09ec675748401346a00391a'/>
<id>urn:sha1:4cc7363978f81736e09ec675748401346a00391a</id>
<content type='text'>
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: Upgrade 16.19.0 -&gt; 16.19.1</title>
<updated>2023-03-13T12:58:37+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-03-10T16:31:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9cf4ebeb3de524009a73f49722489dc4aa183adb'/>
<id>urn:sha1:9cf4ebeb3de524009a73f49722489dc4aa183adb</id>
<content type='text'>
The following CVEs fixed in this version:
     CVE-2023-23918
     CVE-2023-23919
     CVE-2023-23920
     CVE-2023-23936
     CVE-2023-24807

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
