node: bump to 14.17.4

July 2021 Security Releases: Use after free on close http2 on stream canceling (High) (CVE-2021-22930) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
breakings · Aug 1, 2021 · a0ef785 · a0ef785
1 parent 832aea7
commit a0ef785
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lang/node/Makefile b/lang/node/Makefile
@@ -13,9 +13,9 @@ PKG_HASH:=d72fc2c244603b4668da94081dc4d6067d467fdfa026e06a274012f16600480c
 PATCH_DIR:=./patches/v10.x
 else
 ifeq ($(CONFIG_NODEJS_14),y)
-PKG_VERSION:=v14.17.1
+PKG_VERSION:=v14.17.4
 PKG_RELEASE:=1
-PKG_HASH:=ddf1d2d56ddf35ecd98c5ea5ddcd690b245899f289559b4330c921255f5a247f
+PKG_HASH:=ae7bf4e784f8c8027ffa1e3757f37d2bd5925d0c48988c4d7f07e4515853cf2c
 PATCH_DIR:=./patches/v14.x
 else
 PKG_VERSION:=v12.22.1

diff --git a/lang/node/patches/v14.x/003-path.patch b/lang/node/patches/v14.x/003-path.patch
@@ -1,6 +1,6 @@
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
-@@ -1202,7 +1202,8 @@ Module._initPaths = function() {
+@@ -1189,7 +1189,8 @@ Module._initPaths = function() {
      path.resolve(process.execPath, '..') :
      path.resolve(process.execPath, '..', '..');