package/nodejs: security bump to version 12.22.6

Fixes the following security issues: - CVE-2021-37701: Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - CVE-2021-37712: Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - CVE-2021-37713: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - CVE-2021-39134: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist - CVE-2021-39135: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist For more details, see the advisory: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-18 18:11:30 +02:00 · 2021-09-18 18:11:30 +02:00 · e3bdcdd596
commit e3bdcdd596
parent edb6d5f00b
2 changed files with 3 additions and 3 deletions
--- a/package/nodejs/nodejs.hash
+++ b/package/nodejs/nodejs.hash
@ -1,5 +1,5 @@
-# From https://nodejs.org/dist/v12.22.5/SHASUMS256.txt
-sha256  f927ff6c2ac5a7234596031b18ba03febbcadd2650d375f1a3fd02426687fd14  node-v12.22.5.tar.xz
+# From https://nodejs.org/dist/v12.22.6/SHASUMS256.txt
+sha256  c2022f16b8f689620c3472c2b5261fdabbd0ab976bf9ac3b7db6747a2e9b0f7a  node-v12.22.6.tar.xz

 # Hash for license file
 sha256  221417a7ca275112a5ac54639b36ee3c5184e74631ea1e1b01b701293b655190  LICENSE
--- a/package/nodejs/nodejs.mk
+++ b/package/nodejs/nodejs.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-NODEJS_VERSION = 12.22.5
+NODEJS_VERSION = 12.22.6
 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
 NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
 NODEJS_DEPENDENCIES = host-python host-nodejs c-ares \