nodejs_20: mark as insecure

2026-06-05 21:03:40 +00:00 · 2026-04-19 01:21:34 +02:00
parent 5affd239b8
commit ca4100c3c0
2 changed files with 2 additions and 2 deletions
--- a/doc/languages-frameworks/javascript.section.md
+++ b/doc/languages-frameworks/javascript.section.md
@@ -359,7 +359,7 @@ It is highly recommended to use a pinned version of pnpm (i.e., `pnpm_9` or `pnp
 +let
 +  # Optionally override pnpm to use a custom nodejs version
 +  # Make sure that the same nodejs version is referenced in nativeBuildInputs
-+  # pnpm = pnpm_10.override { nodejs = nodejs_20; };
+  # pnpm = pnpm_10.override { nodejs = nodejs-slim_22; };
 +in
 stdenv.mkDerivation (finalAttrs: {
   pname = "foo";
--- a/pkgs/development/web/nodejs/nodejs.nix
+++ b/pkgs/development/web/nodejs/nodejs.nix
@@ -678,7 +678,7 @@ let
        broken =
          !canExecute && !canEmulate && (stdenv.buildPlatform.parsed.cpu != stdenv.hostPlatform.parsed.cpu);
        mainProgram = "node";
-        knownVulnerabilities = lib.optional (lib.versionOlder version "18") "This NodeJS release has reached its end of life. See https://nodejs.org/en/about/releases/.";
+        knownVulnerabilities = lib.optional (lib.versionOlder version "22") "This NodeJS release has reached its end of life. See https://nodejs.org/en/about/releases/.";
      };

      passthru.python = python; # to ensure nodeEnv uses the same version