package/nodejs: security bump to version 16.18.1

Fixes the following security issue:

DNS rebinding in --inspect via invalid octal IP address (Medium) (CVE-2022-43548)

The Node.js rebinding protector for --inspect still allows invalid IP
address, specifically, the octal format.  An example of an octal IP address
is 1.09.0.0, the 09 octet is invalid because 9 is not a number in the base 8
number system.  Browsers such as Firefox (tested on latest version m105)
will still attempt to resolve this invalid octal address via DNS.  When
combined with an active --inspect session, such as when using VSCode, an
attacker can perform DNS rebinding and execute arbitrary code

Update license hash for an update of base64 (MIT license) and a change in
copyright year:

8ea9a71b15
9f14dc1a8f

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/nodejs/nodejs.hash

@@ -1,5 +1,5 @@
-# From https://nodejs.org/dist/v16.17.1/SHASUMS256.txt
-sha256  6721feb4152d56d2c6b358ce397abd5a7f1daf09ee2e25c5021b9b4d3f86a330  node-v16.17.1.tar.xz
+# From https://nodejs.org/dist/v16.18.1/SHASUMS256.txt
+sha256  1f8051a88f86f42064f4415fe7a980e59b0a502ecc8def583f6303bc4d445238  node-v16.18.1.tar.xz
 
 # Hash for license file
-sha256  69090e865afa7c62715b97f0712632d2923bd7a5faba91f94e4e75a2f9219d5e  LICENSE
+sha256  0bec08634ba79b5404f6b7f92ea850f3c2a06e27e6f83f2267e4f5e55ae33334  LICENSE

package/nodejs/nodejs.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-NODEJS_VERSION = 16.17.1
+NODEJS_VERSION = 16.18.1
 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
 NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
 NODEJS_DEPENDENCIES = \