<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-devtools/nodejs, branch whinlatter</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=whinlatter</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=whinlatter'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-05-08T01:52:44+00:00</updated>
<entry>
<title>nodejs: mark CVE-2026-21710 patched</title>
<updated>2026-05-08T01:52:44+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-26T11:50:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=3f2293398fdd5834f771e1a33422529215a90715'/>
<id>urn:sha1:3f2293398fdd5834f771e1a33422529215a90715</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21710

The CVE is fixed in the current recipe version[1], but NVD tracks it
without verison info.

Mark it as patched in the recipe.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
(cherry picked from commit b483760dba76bb66bad820ea0246a38692c28c45)
Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nodejs: ignore fixed CVEs</title>
<updated>2026-04-24T15:43:20+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-07T09:19:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=6c4868d3f7a9d60a1cc22a8a273ae5e5c59c199f'/>
<id>urn:sha1:6c4868d3f7a9d60a1cc22a8a273ae5e5c59c199f</id>
<content type='text'>
All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712,
which does not affect v22 series, because it was introduced in a
later version[2]. All these CVEs are tracked without version info
by NVD at the time of creating this patch.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
[2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nodejs: upgrade 22.22.1 -&gt; 22.22.2</title>
<updated>2026-04-24T15:43:20+00:00</updated>
<author>
<name>Jason Schonberg</name>
<email>schonm@gmail.com</email>
</author>
<published>2026-04-07T09:19:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=2c70222d32886a2f8f6698c2a563e9ea61cd791b'/>
<id>urn:sha1:2c70222d32886a2f8f6698c2a563e9ea61cd791b</id>
<content type='text'>
This is the March 2026 security release.

  2 high severity issues.
  5 medium severity issues.
  2 low severity issues.

High priority fixes:
  CVE-2026-21637
  CVE-2026-21710

Medium priority fixes:
  CVE-2026-21711 (affects only nodejs v25)
  CVE-2026-21712 (affects only nodejs v24 &amp; v25)
  CVE-2026-21713
  CVE-2026-21714
  CVE-2026-21717

Low priority fixes:
  CVE-2026-21715
  CVE-2026-21716

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2

Signed-off-by: Jason Schonberg &lt;schonm@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
(cherry picked from commit d32cd27eaaa13b296c268df234d2fb2cefa62946)
Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nodejs: upgrade 22.22.0 -&gt; 22.22.1</title>
<updated>2026-04-24T15:43:20+00:00</updated>
<author>
<name>Jason Schonberg</name>
<email>schonm@gmail.com</email>
</author>
<published>2026-04-07T09:19:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=de8e685a660ac746f42f75827e3ec0abc1e8c95c'/>
<id>urn:sha1:de8e685a660ac746f42f75827e3ec0abc1e8c95c</id>
<content type='text'>
License Update: Add sorttable.js under the MIT license - https://github.com/nodejs/node/pull/61348/files
  Update minimatch to the Blue Oak Model License - https://github.com/nodejs/node/commit/e72da8c7544727f90b857ba86b8c7755e631fe96

Changelog: https://github.com/nodejs/node/releases/tag/v22.22.1

Signed-off-by: Jason Schonberg &lt;schonm@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit db05f827bb680d6e12e27ed55adf6b32688f7466)
Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nodejs: upgrade 22.21.1 -&gt; 22.22.0</title>
<updated>2026-02-03T02:37:27+00:00</updated>
<author>
<name>Jason Schonberg</name>
<email>schonm@gmail.com</email>
</author>
<published>2026-02-02T21:13:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=bbbc6c50d4a584614bd8ef6157dc2d10e2a44c95'/>
<id>urn:sha1:bbbc6c50d4a584614bd8ef6157dc2d10e2a44c95</id>
<content type='text'>
This is the December 2025 security release that the nodejs team released
January 13, 2026.

  3 high severity issues.
  4 medium severity issues.
  1 low severity issue.

High priority fixes:
  CVE-2025-55131
  CVE-2025-55130
  CVE-2025-59465

Medium priority fixes:
  CVE-2025-59466
  CVE-2025-59464
  CVE-2026-21636 *
  CVE-2026-21637

Low priority fixes:
  CVE-2025-55132

* note that this medium priority CVE only effects Nodejs v25.

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0

Signed-off-by: Jason Schonberg &lt;schonm@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 0bb156371e433cf3e9fdc4291da2319d63a83575)
Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nodejs: remove extra CVE_PRODUCT</title>
<updated>2026-01-20T04:45:16+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-01-19T08:27:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=5508b827fbc973f309b486c0320fdb2b2d8ce42c'/>
<id>urn:sha1:5508b827fbc973f309b486c0320fdb2b2d8ce42c</id>
<content type='text'>
CVE_PRODUCT is specified twice - the second instance only duplicates one
value from the first instance.

Remove this extra CVE_PRODUCT.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 6ff92524842233efb68eb92d4bf7637ef378900d)
Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nodejs: fix gcc compile failed for 32 bit arm target</title>
<updated>2025-10-30T16:37:15+00:00</updated>
<author>
<name>Hongxu Jia</name>
<email>hongxu.jia@windriver.com</email>
</author>
<published>2025-10-30T05:15:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=fe7aaabb1c30cf263738dbf5df927650809e8074'/>
<id>urn:sha1:fe7aaabb1c30cf263738dbf5df927650809e8074</id>
<content type='text'>
Use gcc to compile failed for 32 bit arm target

$ echo 'MACHINE = "qemuarm"' &gt;&gt; conf/local.conf
$ bitbake nodejs
...
 2645 |         );
      |         ^
../deps/llhttp/src/llhttp.c:2643:11: error: incompatible type for argument 1 of 'vandq_u16'
 2643 |           vcgeq_u8(input, vdupq_n_u8(' ')),
      |           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |           |
      |           uint8x16_t
...

Use '-flax-vector-conversions' to permit conversions between vectors
with differing element types or numbers of subparts

Signed-off-by: Hongxu Jia &lt;hongxu.jia@windriver.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: upgrade 22.21.0 -&gt; 22.21.1</title>
<updated>2025-10-29T17:14:13+00:00</updated>
<author>
<name>Jason Schonberg</name>
<email>schonm@gmail.com</email>
</author>
<published>2025-10-28T22:27:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=aa302fbb99cc55f515cde16d02b98c74ed0f1400'/>
<id>urn:sha1:aa302fbb99cc55f515cde16d02b98c74ed0f1400</id>
<content type='text'>
Changelog: https://github.com/nodejs/node/releases/tag/v22.21.1

Signed-off-by: Jason Schonberg &lt;schonm@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: upgrade 22.20.0 -&gt; 22.21.0</title>
<updated>2025-10-21T02:46:58+00:00</updated>
<author>
<name>Jason Schonberg</name>
<email>schonm@gmail.com</email>
</author>
<published>2025-10-21T02:35:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=a2299f5fb1f481db93f4d99cf7866f69c6a99674'/>
<id>urn:sha1:a2299f5fb1f481db93f4d99cf7866f69c6a99674</id>
<content type='text'>
Changelog: https://github.com/nodejs/node/releases/tag/v22.21.0

Signed-off-by: Jason Schonberg &lt;schonm@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: upgrade 22.19.0 -&gt; 22.20.0</title>
<updated>2025-09-24T21:17:45+00:00</updated>
<author>
<name>Jason Schonberg</name>
<email>schonm@gmail.com</email>
</author>
<published>2025-09-24T21:09:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=fbcfd9a9f5407482e4a87ece40fa7c3e373d5172'/>
<id>urn:sha1:fbcfd9a9f5407482e4a87ece40fa7c3e373d5172</id>
<content type='text'>
Chagelog: https://github.com/nodejs/node/releases/tag/v22.20.0

Signed-off-by: Jason Schonberg &lt;schonm@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
