[Maintainer Update] lang/node v22.22.0

Mon, 19 Jan 2026 08:28:30 -0800 

Security update for lang/node:

https://nodejs.org/en/blog/release/v22.22.0

Fixes
CVE-2025-59465 add TLSSocket default error handler
CVE-2025-55132 disable futimes when permission model is enabled
CVE-2025-55130 require full read and write to symlink APIs
CVE-2025-59466 rethrow stack overflow exceptions in async_hooks
CVE-2025-55131 refactor unsafe buffer creation to remove zero-fill toggle
CVE-2026-21637 route callback exceptions through error handlers

In addition, use the port version of textproc/simdutf.

Builds fine on amd64 and arm64, no v8 changes, no fallout noticeable over the
weekend on my machines.

ok?

Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/node/Makefile,v
diff -u -p -r1.161 Makefile
--- Makefile    29 Oct 2025 19:13:56 -0000      1.161
+++ Makefile    19 Jan 2026 16:18:49 -0000
@@ -5,7 +5,7 @@ USE_WXNEEDED =          Yes
 
 COMMENT = JavaScript runtime built on Chrome's V8 JavaScript engine
 
-NODE_VERSION =         v22.21.1
+NODE_VERSION =         v22.22.0
 DISTFILES =            ${DISTNAME}-headers.tar.gz \
                        ${DISTNAME}.tar.xz
 DIST_TUPLE =           github qbit node-pledge 1.1.3 \
@@ -28,7 +28,7 @@ MODULES =             lang/python
 
 WANTLIB += c execinfo m pthread ${COMPILER_LIBCXX}
 WANTLIB += z brotlienc brotlidec
-WANTLIB += icudata icui18n icuuc cares nghttp2 nghttp3 uv
+WANTLIB += icudata icui18n icuuc cares nghttp2 nghttp3 uv simdutf
 WANTLIB += lib/${EOPENSSL_VSN}/ssl lib/${EOPENSSL_VSN}/crypto
 
 COMPILER =             base-clang ports-gcc
@@ -50,6 +50,7 @@ CONFIGURE_ARGS =      --prefix=${PREFIX} \
                        --shared-libuv \
                        --shared-nghttp2 \
                        --shared-nghttp3 \
+                       --shared-simdutf \
                        --shared-zlib \
                        --shared-openssl \
                        --shared-openssl-libpath=${EOPENSSL_LIB} \
@@ -68,6 +69,7 @@ LIB_DEPENDS +=                archivers/brotli \
                        net/libcares \
                        security/openssl/${OPENSSL_VSN} \
                        textproc/icu4c \
+                       textproc/simdutf \
                        www/nghttp2 \
                        www/nghttp3
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/node/distinfo,v
diff -u -p -r1.94 distinfo
--- distinfo    29 Oct 2025 19:13:56 -0000      1.94
+++ distinfo    19 Jan 2026 16:18:49 -0000
@@ -1,6 +1,6 @@
-SHA256 (node-v22.21.1-headers.tar.gz) = 
F/6AGLBR6c4lWGjDAeSzBRlBhUecCxgx+GJfqWBXyeU=
-SHA256 (node-v22.21.1.tar.xz) = SH1z/U2wDcJCDWWagiGxgaeTf7xbxz8xwwsWgK1t7Wo=
+SHA256 (node-v22.22.0-headers.tar.gz) = 
ZwSU8MxnQFlZYiLGDl24T76AyEnX/7HD+9IOT1W46oU=
+SHA256 (node-v22.22.0.tar.xz) = TBOAErtTUvSYIqjz5tHbceAGOdDDbVtnVvkeTG8wtoM=
 SHA256 (qbit-node-pledge-1.1.3.tar.gz) = 
fEaXvLg6hYEJ69K+mgQFizf8DiJY2/DtyFJB/pEanVU=
-SIZE (node-v22.21.1-headers.tar.gz) = 10198420
-SIZE (node-v22.21.1.tar.xz) = 50151568
+SIZE (node-v22.22.0-headers.tar.gz) = 10178130
+SIZE (node-v22.22.0.tar.xz) = 50902788
 SIZE (qbit-node-pledge-1.1.3.tar.gz) = 3167

Reply via email to