import CS nodejs-22.15.0-1.module_el9_6+1228+42ce8270

2025-05-13 14:46:27 +00:00 · 2025-05-13 14:46:27 +00:00 · 8882ccb33e
commit 8882ccb33e
parent 820e1bbe57
3 changed files with 25 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
 SOURCES/icu4c-76_1-data-bin-b.zip
 SOURCES/icu4c-76_1-data-bin-l.zip
-SOURCES/node-v22.13.1-stripped.tar.gz
+SOURCES/node-v22.15.0-stripped.tar.gz
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@ -1,3 +1,3 @@
 d1c5586e6733b5c4790d05a76d47ad159ff31e9b SOURCES/icu4c-76_1-data-bin-b.zip
 547c6ffcb7833b1a14abd6114e0a1722144d410a SOURCES/icu4c-76_1-data-bin-l.zip
-20a992fe68e168bd5600ccc2bfe4e315b6db6e4b SOURCES/node-v22.13.1-stripped.tar.gz
+8244f4969653a2f2f29747240fcc3ab216fcdb82 SOURCES/node-v22.15.0-stripped.tar.gz
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@ -46,7 +46,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 2
+%global baserelease 1

 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}

@ -57,8 +57,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 22
-%global nodejs_minor 13
-%global nodejs_patch 1
+%global nodejs_minor 15
+%global nodejs_patch 0
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 127
 %global nodejs_abi %{nodejs_soversion}
@ -85,7 +85,7 @@

 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.34.4
+%global c_ares_version 1.34.5

 # llhttp - from deps/llhttp/include/llhttp.h
 %global llhttp_version 9.2.1
@ -100,7 +100,7 @@
 %global nghttp3_version 1.6.0

 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
-%global ngtcp2_version 1.9.1
+%global ngtcp2_version 1.11.0

 # ICU - from tools/icu/current_ver.dep
 %global icu_major 76
@ -112,7 +112,7 @@
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal

 # simdutf from deps/simdutf/simdutf.h
-%global simdutf_version 5.6.4
+%global simdutf_version 6.0.3

 # OpenSSL minimum version
 %global openssl11_minimum 1:1.1.1
@ -142,7 +142,7 @@
 %global histogram_version 0.11.8

 # sqlite - from deps/sqlite/sqlite3.h
-%global sqlite_version 3.47.2
+%global sqlite_version 3.49.1


 Name: nodejs
@ -319,7 +319,7 @@ Provides: bundled(simdutf) = %{simdutf_version}

 # Upstream has added a new URL parser that has no option to build as a shared
 # library (19.7.0+)
-Provides: bundled(ada) = 2.8.0
+Provides: bundled(ada) = 2.9.2


 # undici and cjs-module-lexer ship with pre-built WASM binaries.
@ -886,16 +886,28 @@ end


 %changelog
+* Thu Apr 24 2025 Tomas Juhasz <tjuhasz@redhat.com> - 1:22.15.0-1
+- Update to 22.15.0
+- Drop upstream patches
+
+* Tue Apr 22 2025 Tomas Juhasz <tjuhasz@redhat.com> - 1:22.13.1-4
+- Patch fix for sqlite CVE-2025-31498
+  Resolves: RHEL-87320
+
+* Mon Apr 14 2025 Tomas Juhasz <tjuhasz@redhat.com> - 1:22.13.1-3
+- Update c-ares to newest version with fix for CVE-2025-31498
+  Resolves: RHEL-86587
+
 * Mon Mar 03 2025 Andrei Radchenko <aradchen@redhat.com> - 1:22.13.1-2
 - Remove obsolete lua pretransaction script from spec file
-  Resolves: RHEL-83013
+  Resolves: RHEL-81119
 - Disable npm update notifications for users
-  Resolves: RHEL-81155
+  Resolves: RHEL-81079

 * Thu Jan 30 2025 Jan Staněk <jstanek@redhat.com> - 1:22.13.1-1
 - Update to version 22.13.1
  Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150
-  Resolves: RHEL-76360
+  Resolves: RHEL-76354

 * Mon Nov 04 2024 Jan Staněk <jstanek@redhat.com> - 1:22.11.0-1
 - Update to version 22.11.0