ELBA-2025-35376
- ULN >
- Oracle Linux Errata repository >
- ELBA-2025-35376
ELBA-2025-35376 - yarnpkg Bug Fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2025-06-13 |
Description
[1.22.22-8]
- Refresh bundle tarball for CVE-2025-48387
[1.22.22-7]
- Fix CVE-2024-12905
[1.22.22-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
[1.22.22-5]
- Update bundled ws (CVE-2024-37890)
[1.22.22-4]
- Update bundled elliptic (CVE-2024-48949)
[1.22.22-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
[1.22.22-2]
- Backport patch for CVE-2024-4067
[1.22.22-1]
- Update to 1.22.22
[1.22.21-2]
- Backport patches for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234
[1.22.21-1]
- Update to 1.22.21
[1.22.19-8]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[1.22.19-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
[1.22.19-6]
- Rebuild (nodejs20)
[1.22.19-5]
- Add patch for CVE-2022-38900, proper fixes for CVE-2021-43138, CVE-2022-3517,
CVE-2020-7677
[1.22.19-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
[1.22.19-3]
- Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677
[1.22.19-2]
- Backport fix for CVE-2021-35065 for bundled glob-parent
[1.22.19-1]
- Update to 1.22.19
[1.22.17-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
[1.22.17-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Nov 23 2021 zsvetlik@redhat.com - 1.22.17-1
- Update to latest upstream release
- use --force in yarnpkg-tarball.sh to workaround dependency conflincts
[1.22.10-4]
- Work around broken brp-mangle-shebangs behavior (see RHBZ#1998924)
- Fix broken macro variable for legacy 'nodejs-yarn' binary name (RHBZ#1904279)
[1.22.10-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
[1.22.10-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Oct 09 2020 zsvetlik@redhat.com - 1.22.10-1
- Update to 1.22.10
- Resolves: RHBZ#1816262, RHBZ#1851876
- Long resolved CVEs, just not mentioned in changelog
[1.22.4-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
[1.22.4-2]
- Ensure Obsoletes + Provides stanza takes effect
- Fix broken author identity in changelog entries
[1.22.4-1]
- Rename to yarnpkg, remove symlink-deps macro
- Update to 1.22.4
[1.21.1-1]
- Resolves: RHBZ#1627748, #1687099, #1788329
- Update to 1.21.1
- Provides /usr/bin/yarn
- Resolves CVE-2019-10773
[1.13.0-4]
- Rename nodejs-yarn binary package to yarnpkg (similar to other distros)
- Use nodejs macros consistently throughout spec
- Make the tests fail the build if the tests fail
[1.13.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
[1.13.0-2]
- Remove executable bits from bundled tests
- Related: rhbz#1674073
[1.13.0-1]
- Update
[1.9.2-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
[1.9.2-1]
- Update to 1.9.2
[1.7.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[1.7.0-1]
- Update to 1.7.0
[1.6.0-1]
- Rebase, rebuild with new packaging
[1.5.1-2]
- Add requires_exclude_from macro
- rename nodejs-yarnpkg to yarn
[1.5.1-1]
- Rebase
[1.4.1-1]
- rebase
- package from GH, build with npm
[1.3.2-2]
- Add fedora readme so users are able to find renamed commands
- change source url
- rename license according to guidelines
[1.3.2-1]
- Initial build
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (x86_64) | yarnpkg-1.22.22-8.el8.src.rpm | 1d99e72c7b77aa1d71a0f6d48cb0d43020abdcb20341944d2b8ee5ec5d1f6dfb | - | ol8_x86_64_developer_EPEL |
| yarnpkg-1.22.22-8.el8.x86_64.rpm | 26c7b21748d5851b20945a9fecaad4dff1abf0db72f3ebd72157fb1c7164adeb | - | ol8_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
