tjuhasz
c2ec07a455
Update to version 22.23.1
...
Resolves: RHEL-176172
Resolves: RHEL-189392
Resolves: RHEL-189368
Resolves: RHEL-189350
Resolves: RHEL-186004
Fixes CVE-2026-12151 by updating deps/undici to version 6.27.0.
Advisory: https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q
Also fixes following CVEs:
CVE-2026-48618 tls: normalize hostname for server identity checks.
CVE-2026-48933 crypto: guard WebCrypto cipher output length.
CVE-2026-48937 deps: fix integration issues with the latest nghttp2.
CVE-2026-48930 dns,net: reject hostnames with embedded NUL bytes.
CVE-2026-48619 http2: cap originSet size to prevent unbounded memory growth.
CVE-2026-48615 lib,test: redact proxy credentials in tunnel errors.
CVE-2026-48934 tls: bind reusable sessions to authenticated host.
CVE-2026-48928 tls: fix case-sensitive SNI context matching.
CVE-2026-48617 permission: handle process.chdir on writereport.
CVE-2026-48931 http: fix response queue poisoning in http.Agent.
CVE-2026-48935 permission: disable FileHandle utimes with permission model.
Update blog: https://nodejs.org/en/blog/release/v22.23.0
Drop downstream nghttp2 patch
2026-07-07 13:18:07 +02:00
Andrei Radchenko
fda37c709c
Update to version 22.22.2
...
- introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135
- disabled failing tests in nghttp2 due to newer version
- patch for npm/braces CVE-2026-25547
Resolves: RHEL-154022
Fixes: CVE-2026-1528 CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547
2026-03-30 11:21:06 +02:00
tjuhasz
a29e9f2417
Update to 22.22.0
...
Resolves: RHEL-120083
2026-01-14 14:43:10 +01:00
Andrei Radchenko
564ee6cb93
Update to version 22.19.0
...
Resolves: RHEL-111929
2025-08-29 12:20:01 +02:00
Andrei Radchenko
7babf4e874
Update to version 22.16.0
...
Resolves: RHEL-92850 RHEL-88877 RHEL-91594
2025-05-27 11:53:01 +02:00
tjuhasz
bb89f4e32a
Update to version 22.15.0
...
Drop upstream patches
Fixes CVE-2025-31498
Resolves: RHEL-86578
2025-04-24 15:22:33 +02:00
Tomas Juhasz
94b14b879e
Updated to version 22.13.1
...
Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150
Resolves: RHEL-76035
2025-01-27 14:46:22 +01:00
Jan Staněk
f7b68b0302
Update to version 22.11.0 (LTS)
...
Resolves: RHEL-68125
2024-11-19 16:47:40 +01:00
Jan Staněk
5333dec092
Import SRPM from Fedora
...
Resolves: RHELPLAN-170634
2024-08-06 14:03:45 +02:00