node: january 13, 2026 Security Releases

HOST BUILD ONLY

Update to 22.22.0
This is a security release.
Notable Changes

    (CVE-2025-59465) add TLSSocket default error handler
    (CVE-2025-55132) disable futimes when permission model is enabled
    lib,permission:
    (CVE-2025-55130) require full read and write to symlink APIs
    src:
    (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks
    src,lib:
    (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle
    tls:
    (CVE-2026-21637) route callback exceptions through error handlers

Signed-off-by: Hirokazu MORIKAWA <redacted>

diff --git a/lang/node/Makefile b/lang/node/Makefile
index 87e4846eb205ca399214004ad0dd9027165bf18d..fa8a1eabf12565ac56343512ed28612530209913 100644 (file)
--- a/lang/node/Makefile
+++ b/lang/node/Makefile
@@ -8,15 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=node
-PKG_VERSION:=22.14.0
+PKG_VERSION:=22.22.0
 PKG_RELEASE:=1
 NODE_MODULE_VERSION:=127
 
 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://nodejs.org/dist/v$(PKG_VERSION)
-PKG_HASH:=6c4e31ed5702dc45cfd8c435af56a36a474427e1bd7afe74c346136060beba8a
+PKG_HASH:=5a4585d7f26bfb283267194b299243efea5ee6edd2fbf887825469b4ac94aece
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
-NODEJS_BIN_SUM:=9d942932535988091034dc94cc5f42b6dc8784d6366df3a36c4c9ccb3996f0c2
+NODEJS_BIN_SUM:=c33c39ed9c80deddde77c960d00119918b9e352426fd604ba41638d6526a4744
 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-v$(PKG_VERSION)
 
 PKG_MAINTAINER:=Hirokazu MORIKAWA <morikw2@gmail.com>, Adrian Panella <ianchi74@outlook.com>