openSUSE Leap 16.0 Nodejs22 Important Denial of Service Fix 2026-20236-1

This update for nodejs22 fixes the following issues:

Update to 22.22.0:

- CVE-2025-55130: file system permissions bypass via crafted symlinks (bsc#1256569).

- CVE-2025-55131: timeout-based race conditions allow for allocations that contain leftover data from previous operations and lead to exposure of in-process secrets (bsc#1256570).

- CVE-2025-55132: a file's access and modification timestamps can be changed via `futimes()` even when the process has only read permissions (bsc#1256571).

- CVE-2025-59465: malformed HTTP/2 HEADERS frame with invalid HPACK data can cause a crash due to an unhandled error (bsc#1256573).

- CVE-2025-59466: uncatchable "Maximum call stack size exceeded" error when `async_hooks.createHook()` is enabled can lead to crash (bsc#1256574).

- CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service (bsc#1256576).

- CVE-2026-22036: undici: unbounded decompression chain...