node: July 8, 2024 Security Releases

This is a security release.

Notable Changes

    CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
    CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
    CVE-2024-22018 - fs.lstat bypasses permission model (Low)
    CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
    CVE-2024-37372 - Permission model improperly processes UNC paths (Low)

Signed-off-by: Hirokazu MORIKAWA <redacted>

diff --git a/lang/node/Makefile b/lang/node/Makefile
index b50a1f60340f3c71de7fab9f0790d435b87acafa..b483b4370437f46805235ea7991130f511a68ff8 100644 (file)
--- a/lang/node/Makefile
+++ b/lang/node/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=node
-PKG_VERSION:=v20.15.0
+PKG_VERSION:=v20.15.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
-PKG_HASH:=01e2c034467a324a33e778c81f2808dff13d289eaa9307d3e9b06c171e4d932d
+PKG_HASH:=da228a0c27922f02001d9a781793696432096ab2da658eb77d7fc21693f4c5cb
 
 PKG_MAINTAINER:=Hirokazu MORIKAWA <morikw2@gmail.com>, Adrian Panella <ianchi74@outlook.com>
 PKG_LICENSE:=MIT