node-linux-arm64 20.20.1 → 20.20.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +29 -0
  2. package/bin/node +0 -0
  3. package/include/node/common.gypi +1 -1
  4. package/include/node/node_version.h +1 -1
  5. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -9,6 +9,7 @@
9
9
  </tr>
10
10
  <tr>
11
11
  <td>
12
+ <a href="#20.20.2">20.20.2</a><br/>
12
13
  <a href="#20.20.1">20.20.1</a><br/>
13
14
  <a href="#20.20.0">20.20.0</a><br/>
14
15
  <a href="#20.19.6">20.19.6</a><br/>
@@ -77,6 +78,34 @@
77
78
  * [io.js](CHANGELOG_IOJS.md)
78
79
  * [Archive](CHANGELOG_ARCHIVE.md)
79
80
 
81
+ <a id="20.20.2"></a>
82
+
83
+ ## 2026-03-24, Version 20.20.2 'Iron' (LTS), @marco-ippolito
84
+
85
+ This is a security release.
86
+
87
+ ### Notable Changes
88
+
89
+ * (CVE-2026-21717) fix array index hash collision (Joyee Cheung) <https://github.com/nodejs-private/node-private/pull/834>
90
+ * (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) <https://github.com/nodejs-private/node-private/pull/822>
91
+ * (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) <https://github.com/nodejs-private/node-private/pull/821>
92
+ * (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) <https://github.com/nodejs-private/node-private/pull/795>
93
+ * (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) <https://github.com/nodejs-private/node-private/pull/794>
94
+ * (CVE-2026-21714) handle NGHTTP2\_ERR\_FLOW\_CONTROL error code (RafaelGSS) <https://github.com/nodejs-private/node-private/pull/832>
95
+ * (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) <https://github.com/nodejs-private/node-private/pull/819>
96
+
97
+ ### Commits
98
+
99
+ * \[[`cfb51fa9ce`](https://github.com/nodejs/node/commit/cfb51fa9ce)] - **(CVE-2026-21713)** **crypto**: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) [nodejs-private/node-private#831](https://github.com/nodejs-private/node-private/pull/831)
100
+ * \[[`f333d0be5f`](https://github.com/nodejs/node/commit/f333d0be5f)] - **deps**: V8: override `depot_tools` version (Richard Lau) [#62344](https://github.com/nodejs/node/pull/62344)
101
+ * \[[`2acd5d1226`](https://github.com/nodejs/node/commit/2acd5d1226)] - **deps**: update undici to v6.24.1 (Matteo Collina) [#62285](https://github.com/nodejs/node/pull/62285)
102
+ * \[[`af5c144ebc`](https://github.com/nodejs/node/commit/af5c144ebc)] - **(CVE-2026-21717)** **deps,build,test**: fix array index hash collision (Joyee Cheung) [nodejs-private/node-private#834](https://github.com/nodejs-private/node-private/pull/834)
103
+ * \[[`00ad47a28e`](https://github.com/nodejs/node/commit/00ad47a28e)] - **(CVE-2026-21710)** **http**: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) [nodejs-private/node-private#821](https://github.com/nodejs-private/node-private/pull/821)
104
+ * \[[`0123309566`](https://github.com/nodejs/node/commit/0123309566)] - **(CVE-2026-21716)** **permission**: include permission check on lib/fs/promises (RafaelGSS) [nodejs-private/node-private#840](https://github.com/nodejs-private/node-private/pull/840)
105
+ * \[[`00830712bc`](https://github.com/nodejs/node/commit/00830712bc)] - **(CVE-2026-21715)** **permission**: add permission check to realpath.native (RafaelGSS) [nodejs-private/node-private#838](https://github.com/nodejs-private/node-private/pull/838)
106
+ * \[[`a0c73425da`](https://github.com/nodejs/node/commit/a0c73425da)] - **(CVE-2026-21714)** **src**: handle NGHTTP2\_ERR\_FLOW\_CONTROL error code (RafaelGSS) [nodejs-private/node-private#832](https://github.com/nodejs-private/node-private/pull/832)
107
+ * \[[`cc3f294507`](https://github.com/nodejs/node/commit/cc3f294507)] - **(CVE-2026-21637)** **tls**: wrap SNICallback invocation in try/catch (Matteo Collina) [nodejs-private/node-private#839](https://github.com/nodejs-private/node-private/pull/839)
108
+
80
109
  <a id="20.20.1"></a>
81
110
 
82
111
  ## 2026-03-05, Version 20.20.1 'Iron' (LTS), @marco-ippolito
package/bin/node CHANGED
Binary file
package/include/node/common.gypi CHANGED
@@ -36,7 +36,7 @@
36
36
 
37
37
  # Reset this number to 0 on major V8 upgrades.
38
38
  # Increment by one for each non-official patch applied to deps/v8.
39
- 'v8_embedder_string': '-node.34',
39
+ 'v8_embedder_string': '-node.38',
40
40
 
41
41
  ##### V8 defaults for Node.js #####
42
42
 
package/include/node/node_version.h CHANGED
@@ -24,7 +24,7 @@
24
24
 
25
25
  #define NODE_MAJOR_VERSION 20
26
26
  #define NODE_MINOR_VERSION 20
27
- #define NODE_PATCH_VERSION 1
27
+ #define NODE_PATCH_VERSION 2
28
28
 
29
29
  #define NODE_VERSION_IS_LTS 1
30
30
  #define NODE_VERSION_LTS_CODENAME "Iron"
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "node-linux-arm64",
3
- "version": "20.20.1",
3
+ "version": "20.20.2",
4
4
  "description": "node",
5
5
  "repository": {
6
6
  "url": "git+https://github.com/aredridel/node-bin-gen.git"