node-linux-arm64 25.2.0 → 25.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +49 -0
  2. package/bin/node +0 -0
  3. package/include/node/common.gypi +1 -1
  4. package/include/node/config.gypi +1 -1
  5. package/include/node/node_version.h +1 -1
  6. package/package.json +1 -1
  7. package/share/man/man1/node.1 +2 -2
package/CHANGELOG.md CHANGED
@@ -8,6 +8,8 @@
8
8
  </tr>
9
9
  <tr>
10
10
  <td>
11
+ <a href="#25.3.0">25.3.0</a><br/>
12
+ <a href="#25.2.1">25.2.1</a><br/>
11
13
  <a href="#25.2.0">25.2.0</a><br/>
12
14
  <a href="#25.1.0">25.1.0</a><br/>
13
15
  <a href="#25.0.0">25.0.0</a><br/>
@@ -42,6 +44,53 @@
42
44
  * [io.js](CHANGELOG_IOJS.md)
43
45
  * [Archive](CHANGELOG_ARCHIVE.md)
44
46
 
47
+ <a id="25.3.0"></a>
48
+
49
+ ## 2026-01-13, Version 25.3.0 (Current), @RafaelGSS
50
+
51
+ This is a security release.
52
+
53
+ ### Notable Changes
54
+
55
+ lib:
56
+
57
+ * (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) <https://github.com/nodejs-private/node-private/pull/750>
58
+ permission:
59
+ * (CVE-2026-21636) add network check on pipe\_wrap connect (RafaelGSS) <https://github.com/nodejs-private/node-private/pull/784>
60
+ * (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) <https://github.com/nodejs-private/node-private/pull/760>
61
+ * (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) <https://github.com/nodejs-private/node-private/pull/748>
62
+ src:
63
+ * (CVE-2025-59466) rethrow stack overflow exceptions in async\_hooks (Matteo Collina) <https://github.com/nodejs-private/node-private/pull/773>
64
+ src,lib:
65
+ * (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) <https://github.com/nodejs-private/node-private/pull/759>
66
+ tls:
67
+ * (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) <https://github.com/nodejs-private/node-private/pull/790>
68
+
69
+ ### Commits
70
+
71
+ * \[[`a6a74b89a7`](https://github.com/nodejs/node/commit/a6a74b89a7)] - **deps**: update c-ares to v1.34.6 (Node.js GitHub Bot) [#60997](https://github.com/nodejs/node/pull/60997)
72
+ * \[[`5100614e26`](https://github.com/nodejs/node/commit/5100614e26)] - **deps**: update undici to 7.18.2 (Node.js GitHub Bot) [#61283](https://github.com/nodejs/node/pull/61283)
73
+ * \[[`f0a8916887`](https://github.com/nodejs/node/commit/f0a8916887)] - **(CVE-2025-59465)** **lib**: add TLSSocket default error handler (RafaelGSS) [nodejs-private/node-private#750](https://github.com/nodejs-private/node-private/pull/750)
74
+ * \[[`b4b887c5f7`](https://github.com/nodejs/node/commit/b4b887c5f7)] - **(CVE-2025-55132)** **lib**: disable futimes when permission model is enabled (RafaelGSS) [nodejs-private/node-private#748](https://github.com/nodejs-private/node-private/pull/748)
75
+ * \[[`26be208039`](https://github.com/nodejs/node/commit/26be208039)] - **(CVE-2025-55130)** **lib,permission**: require full read and write to symlink APIs (RafaelGSS) [nodejs-private/node-private#760](https://github.com/nodejs-private/node-private/pull/760)
76
+ * \[[`bdf5873d44`](https://github.com/nodejs/node/commit/bdf5873d44)] - **(CVE-2026-21636)** **permission**: add network check on pipe\_wrap connect (RafaelGSS) [nodejs-private/node-private#784](https://github.com/nodejs-private/node-private/pull/784)
77
+ * \[[`0578e3e921`](https://github.com/nodejs/node/commit/0578e3e921)] - **(CVE-2025-59466)** **src**: rethrow stack overflow exceptions in async\_hooks (Matteo Collina) [nodejs-private/node-private#773](https://github.com/nodejs-private/node-private/pull/773)
78
+ * \[[`4d6b55a6d1`](https://github.com/nodejs/node/commit/4d6b55a6d1)] - **(CVE-2025-55131)** **src,lib**: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) [nodejs-private/node-private#759](https://github.com/nodejs-private/node-private/pull/759)
79
+ * \[[`c357a39e14`](https://github.com/nodejs/node/commit/c357a39e14)] - **(CVE-2026-21637)** **tls**: route callback exceptions through error handlers (Matteo Collina) [nodejs-private/node-private#790](https://github.com/nodejs-private/node-private/pull/790)
80
+
81
+ <a id="25.2.1"></a>
82
+
83
+ ## 2025-11-17, Version 25.2.1 (Current), @aduh95
84
+
85
+ ### Notable Changes
86
+
87
+ ### Commits
88
+
89
+ * \[[`ff89b7b6c7`](https://github.com/nodejs/node/commit/ff89b7b6c7)] - **crypto**: ensure documented RSA-PSS saltLength default is used (Filip Skokan) [#60662](https://github.com/nodejs/node/pull/60662)
90
+ * \[[`5316b580eb`](https://github.com/nodejs/node/commit/5316b580eb)] - **deps**: V8: backport 2e4c5cf9b112 (Michaël Zasso) [#60654](https://github.com/nodejs/node/pull/60654)
91
+ * \[[`ca878bc90e`](https://github.com/nodejs/node/commit/ca878bc90e)] - **doc,src,lib**: clarify experimental status of Web Storage support (Antoine du Hamel) [#60708](https://github.com/nodejs/node/pull/60708)
92
+ * \[[`a4dee613fd`](https://github.com/nodejs/node/commit/a4dee613fd)] - _**Revert**_ "**lib**: throw from localStorage getter on missing storage path" (Antoine du Hamel) [#60750](https://github.com/nodejs/node/pull/60750)
93
+
45
94
  <a id="25.2.0"></a>
46
95
 
47
96
  ## 2025-11-11, Version 25.2.0 (Current), @aduh95
package/bin/node CHANGED
Binary file
package/include/node/common.gypi CHANGED
@@ -38,7 +38,7 @@
38
38
 
39
39
  # Reset this number to 0 on major V8 upgrades.
40
40
  # Increment by one for each non-official patch applied to deps/v8.
41
- 'v8_embedder_string': '-node.13',
41
+ 'v8_embedder_string': '-node.14',
42
42
 
43
43
  ##### V8 defaults for Node.js #####
44
44
 
package/include/node/config.gypi CHANGED
@@ -27,7 +27,7 @@
27
27
  'icu_small': 'false',
28
28
  'icu_ver_major': '77',
29
29
  'libdir': 'lib',
30
- 'llvm_version': '19.1',
30
+ 'llvm_version': '20.1',
31
31
  'napi_build_version': '10',
32
32
  'node_builtin_shareable_builtins': [ 'deps/cjs-module-lexer/lexer.js',
33
33
  'deps/cjs-module-lexer/dist/lexer.js',
package/include/node/node_version.h CHANGED
@@ -23,7 +23,7 @@
23
23
  #define SRC_NODE_VERSION_H_
24
24
 
25
25
  #define NODE_MAJOR_VERSION 25
26
- #define NODE_MINOR_VERSION 2
26
+ #define NODE_MINOR_VERSION 3
27
27
  #define NODE_PATCH_VERSION 0
28
28
 
29
29
  #define NODE_VERSION_IS_LTS 0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "node-linux-arm64",
3
- "version": "25.2.0",
3
+ "version": "25.3.0",
4
4
  "description": "node",
5
5
  "repository": {
6
6
  "url": "git+https://github.com/aredridel/node-bin-gen.git"
package/share/man/man1/node.1 CHANGED
@@ -207,8 +207,8 @@ Enable experimental support for the EventSource Web API.
207
207
  .It Fl -no-experimental-websocket
208
208
  Disable experimental support for the WebSocket API.
209
209
  .
210
- .It Fl -no-webstorage
211
- Disable webstorage.
210
+ .It Fl -no-experimental-webstorage
211
+ Disable experimental support for the Web Storage API.
212
212
  .
213
213
  .It Fl -no-experimental-repl-await
214
214
  Disable top-level await keyword support in REPL.