meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-08 17:39:24 +00:00

Commit Graph

Author	SHA1	Message	Date
Gyorgy Sarvari	b483760dba	nodejs: mark CVE-2026-21710 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21710 The CVE is fixed in the current recipe version[1], but NVD tracks it without verison info. Mark it as patched in the recipe. [1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>	2026-04-13 15:28:25 -07:00
Gyorgy Sarvari	22a31ea701	nodejs: ignore fixed CVEs All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712, which does not affect v22 series, because it was introduced in a later version[2]. All these CVEs are tracked without version info by NVD at the time of creating this patch. [1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md [2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>	2026-04-06 09:46:31 -07:00
Jason Schonberg	d32cd27eaa	nodejs: upgrade 22.22.1 -> 22.22.2 This is the March 2026 security release. 2 high severity issues. 5 medium severity issues. 2 low severity issues. High priority fixes: CVE-2026-21637 CVE-2026-21710 Medium priority fixes: CVE-2026-21711 (affects only nodejs v25) CVE-2026-21712 (affects only nodejs v24 & v25) CVE-2026-21713 CVE-2026-21714 CVE-2026-21717 Low priority fixes: CVE-2026-21715 CVE-2026-21716 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>	2026-03-24 23:32:48 -07:00

Author

SHA1

Message

Date

Gyorgy Sarvari

b483760dba

nodejs: mark CVE-2026-21710 patched

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21710

The CVE is fixed in the current recipe version[1], but NVD tracks it
without verison info.

Mark it as patched in the recipe.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-04-13 15:28:25 -07:00

Gyorgy Sarvari

22a31ea701

nodejs: ignore fixed CVEs

All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712,
which does not affect v22 series, because it was introduced in a
later version[2]. All these CVEs are tracked without version info
by NVD at the time of creating this patch.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
[2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-04-06 09:46:31 -07:00

Jason Schonberg

d32cd27eaa

nodejs: upgrade 22.22.1 -> 22.22.2

This is the March 2026 security release.

  2 high severity issues.
  5 medium severity issues.
  2 low severity issues.

High priority fixes:
  CVE-2026-21637
  CVE-2026-21710

Medium priority fixes:
  CVE-2026-21711 (affects only nodejs v25)
  CVE-2026-21712 (affects only nodejs v24 & v25)
  CVE-2026-21713
  CVE-2026-21714
  CVE-2026-21717

Low priority fixes:
  CVE-2026-21715
  CVE-2026-21716

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-03-24 23:32:48 -07:00

3 Commits