package/nodejs: security bump to version 16.20.2

Fixes the following security issues:

CVE-2023-32002: Policies can be bypassed via Module._load (High)
CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nodejs/nodejs.hash

@@ -1,5 +1,5 @@
-# From https://nodejs.org/dist/v16.20.0/SHASUMS256.txt
-sha256  e0990f992234e40a51fe11f92c3816c93a77e1b081145d3dd762cd1026345349  node-v16.20.0.tar.xz
+# From https://nodejs.org/dist/v16.20.2/SHASUMS256.txt
+sha256  576f1a03c455e491a8d132b587eb6b3b84651fc8974bb3638433dd44d22c8f49  node-v16.20.2.tar.xz
 
 # Hash for license file
 sha256  ba325815d3df8819bebaf37cad67d6e1f82271e1e4a1189b53abd28e261977d6  LICENSE

package/nodejs/nodejs.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-NODEJS_VERSION = 16.20.0
+NODEJS_VERSION = 16.20.2
 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
 NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
 NODEJS_DEPENDENCIES = \