From e456b79af756d29fc24c3e2c85904e12d3fa05d8 Mon Sep 17 00:00:00 2001 From: tjuhasz Date: Tue, 4 Nov 2025 11:02:43 +0100 Subject: [PATCH 1/3] Rebuild for nodejs-packaging Recently, Node.js changed the way node modules are installed to allow for better parallel functionality and easier unbundling of certain parts of Node.js. Previously, Node.js was using a symlink, %{_libdir}/node_modules, which pointed to a versioned path, e.g., %{_libdir}/node_modules_22. This has changed to using a global %{_libdir}/node_modules static shared folder for generic modules and %{_libdir}/node_modules_XX for version-specific modules. This change is better described in the Fedora change proposal wiki: https://fedoraproject.org/wiki/Changes/NodejsNodeModulesPath. This also needed to be reflected in nodejs-packaging macros, which forces a rebuild of dependent packages. --- yarnpkg.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yarnpkg.spec b/yarnpkg.spec index 1411a4d..41fce7d 100644 --- a/yarnpkg.spec +++ b/yarnpkg.spec @@ -12,7 +12,7 @@ Name: yarnpkg Version: 1.22.22 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Fast, reliable, and secure dependency management. License: BSD-2-Clause URL: https://github.com/yarnpkg/yarn From 8dd4bce5fc524a1fb503c00a7979acb74cc9f259 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Wed, 3 Dec 2025 14:13:22 +0100 Subject: [PATCH 2/3] Refresh bundle --- .gitignore | 1 + sources | 2 +- yarnpkg.spec | 5 ++++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index eb7fdc3..a1b6061 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ /yarnpkg-v1.22.22-bundled-20250624.tar.gz /yarnpkg-v1.22.22-bundled-20250728.tar.gz /yarnpkg-v1.22.22-bundled-20250930.tar.gz +/yarnpkg-v1.22.22-bundled-20251203.tar.gz diff --git a/sources b/sources index 8a66190..b1beda2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (yarnpkg-v1.22.22-bundled-20250930.tar.gz) = c6ed6537c82961002eefd2b6051abc18ea29e5ece420ca8c6df0a7ec686e564e32f75dac97092e92e21c95a0d15ee278ad2f06d1cd832223f16cfd439160d502 +SHA512 (yarnpkg-v1.22.22-bundled-20251203.tar.gz) = afcf0f4e3719a1d41e60b8e9a9633291161f3a7b04b67d85b3f12cfd9dce8abf9fef3f7be2eab90f3e8efa49e564342175a20ca1e305665a1d453a116b1f79d2 diff --git a/yarnpkg.spec b/yarnpkg.spec index 41fce7d..41fb0c5 100644 --- a/yarnpkg.spec +++ b/yarnpkg.spec @@ -8,7 +8,7 @@ # don't require bundled modules %global __requires_exclude_from ^(%{nodejs_sitelib}/yarn/lib/.*|%{nodejs_sitelib}/yarn/bin/yarn(|\\.cmd|\\.ps1|pkg.*))$ -%global bundledate 20250930 +%global bundledate 20251203 Name: yarnpkg Version: 1.22.22 @@ -92,6 +92,9 @@ if [[ $(%{buildroot}%{_bindir}/yarn --version) == %{version} ]] ; then echo PASS %changelog +* Wed Dec 03 2025 Sandro Mani - 1.22.22-13 +- Refresh bundle, fixes CVE-2025-64756 + * Tue Sep 30 2025 Sandro Mani - 1.22.22-12 - Regenerate bundle, fixes CVE-2025-59343 - Patch out eslint and commitizen devDependencies to reduce dependencies From 18d61cf14152e830c7c588b1c106ccee0bf8c9d2 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Wed, 3 Dec 2025 14:17:20 +0100 Subject: [PATCH 3/3] Bump release --- yarnpkg.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/yarnpkg.spec b/yarnpkg.spec index 41fb0c5..1fa8989 100644 --- a/yarnpkg.spec +++ b/yarnpkg.spec @@ -12,7 +12,7 @@ Name: yarnpkg Version: 1.22.22 -Release: 13%{?dist} +Release: 14%{?dist} Summary: Fast, reliable, and secure dependency management. License: BSD-2-Clause URL: https://github.com/yarnpkg/yarn @@ -92,6 +92,9 @@ if [[ $(%{buildroot}%{_bindir}/yarn --version) == %{version} ]] ; then echo PASS %changelog +* Wed Dec 03 2025 Sandro Mani - 1.22.22-14 +- Bump release + * Wed Dec 03 2025 Sandro Mani - 1.22.22-13 - Refresh bundle, fixes CVE-2025-64756