mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity
23,633 Commits 64 Branches 0 Tags
244f64762e0a8da86c22e9a88028f8139f9ce757
Commit Graph

7 Commits

Author SHA1 Message Date
akash hadke 198cf66134 meta-oe: Remove True option to getVar calls 
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.

Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-01-22 19:12:54 -05:00
Archana Polampalli 3eb9002ce7 nodejs: fix CVE-2023-46809 
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-02 15:10:59 -04:00
Archana Polampalli 17db7e96c4 nodejs: fix CVE-2024-22025 
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-02 15:09:02 -04:00
Archana Polampalli 7b468c6f83 nodejs: fix CVE-2024-22019 
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-02 15:08:41 -04:00
virendra thakur 1915dcb8e8 nodejs: Set CVE_PRODUCT to "node.js" 
Set CVE_PRODUCT to 'node.js' for nodjs recipe

Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-02-28 08:18:18 -05:00
Polampalli, Archana d3ee870fb0 nodejs: fix CVE-2022-25883 
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression
Denial of Service (ReDoS) via the function new Range, when untrusted user data is
provided as a range.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-25883

Upstream patches:
https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-09-04 11:59:59 -04:00
Polampalli, Archana 529620141e nodejs: upgrade 16.20.1 -> 16.20.2 
This release contains bug fixes only.
The following CVEs have been addressed:

CVE-2023-32002
CVE-2023-32006
CVE-2023-32559

$ git log --oneline v16.20.1..v16.20.2
dadbde963f (tag: v16.20.2) 2023-08-09, Version 16.20.2 'Gallium' (LTS)
d8ccfe9ad4 policy: handle Module.constructor and main.extensions bypass
242aaa0caa policy: disable process.binding() when enabled
40c3958a5a  deps: update archs files for OpenSSL-1.1.1v
a9ac9da89a deps: fix openssl crypto clean
362d4c7494 deps: upgrade openssl sources to OpenSSL_1_1_1v
7447de2794 Working on v16.20.2

https://github.com/nodejs/node/releases/tag/v16.20.2

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-08-11 10:32:04 -04:00