chore(deps): update all non-major dependencies (!189) · Merge requests · Information Services / DevOps / Infrastructure / Docker Images

This MR contains the following updates:

Package	Change	Type	Update
PyYAML (source)	`==6.0.2` -> `==6.0.3`		patch
golang	`1.24-alpine` -> `1.25-alpine`	stage	minor
node	`22.11-alpine3.20` -> `22.16-alpine3.20`	final	minor
psf/black	`25.1.0` -> `25.9.0`	repository	minor
requests (source, changelog)	`==2.32.4` -> `==2.32.5`		patch
uis/devops/continuous-delivery/ci-templates	`v7.5.0` -> `v7.17.2`	repository	minor

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

yaml/pyyaml (PyYAML)

`v6.0.3`

Compare Source

What's Changed

Support for Python 3.14 and free-threading (experimental).

Full Changelog: https://github.com/yaml/pyyaml/compare/6.0.2...6.0.3

nodejs/node (node)

`v22.16.0`: 2025-05-21, Version 22.16.0 'Jod' (LTS), @aduh95

Compare Source

Notable Changes

[c3ceaebb7a] - deps: update timezone to 2025b (Node.js GitHub Bot) #57857
[5059a746ec] - doc: add dario-piotrowicz to collaborators (Dario Piotrowicz) #58102
[c8ceaaf397] - (SEMVER-MINOR) doc: graduate multiple experimental apis (James M Snell) #57765
[e21b37d9df] - (SEMVER-MINOR) esm: graduate import.meta properties (James M Snell) #58011
[832640c35e] - (SEMVER-MINOR) esm: support top-level Wasm without package type (Guy Bedford) #57610
[c510391d2f] - (SEMVER-MINOR) sqlite: add StatementSync.prototype.columns() (Colin Ihrig) #57490
[5d1230bec0] - (SEMVER-MINOR) src: set default config as node.config.json (Marco Ippolito) #57171
[30bb1ccbb0] - (SEMVER-MINOR) src: create THROW_ERR_OPTIONS_BEFORE_BOOTSTRAPPING (Marco Ippolito) #57016
[0350c6f478] - (SEMVER-MINOR) src: add config file support (Marco Ippolito) #57016
[e1d3a9e192] - (SEMVER-MINOR) src: add ExecutionAsyncId getter for any Context (Attila Szegedi) #57820
[0ec912f452] - (SEMVER-MINOR) stream: preserve AsyncLocalStorage context in finished() (Gürgün Dayıoğlu) #57865
[43490c8797] - (SEMVER-MINOR) util: add types.isFloat16Array() (Livia Medeiros) #57879
[dda6ca9172] - (SEMVER-MINOR) worker: add worker.getHeapStatistics() (Matteo Collina) #57888

Commits

[4252dc798c] - assert: support Float16Array in loose deep equality checks (Livia Medeiros) #57881
[1c7396b078] - assert,util: fix constructor lookup in deep equal comparison (Ruben Bridgewater) #57876
[1ded5f25c8] - assert,util: improve deep object comparison performance (Ruben Bridgewater) #57648
[696b5f85ca] - assert,util: improve unequal number comparison performance (Ruben Bridgewater) #57619
[775ee4d40f] - assert,util: improve array comparison (Ruben Bridgewater) #57619
[3766992ba4] - benchmark: add sqlite prepare select get (Vinícius Lourenço) #58040
[8390276be3] - benchmark: add sqlite prepare select all (Vinícius Lourenço) #58040
[6a9b79e5c1] - benchmark: add sqlite is transaction (Vinícius Lourenço) #58040
[f689f98344] - benchmark: add sqlite prepare insert (Vinícius Lourenço) #58040
[14a82804d7] - benchmark: disambiguate filename and dirname read perf (Antoine du Hamel) #58056
[e7e8256d35] - buffer: avoid creating unnecessary environment (Yagiz Nizipli) #58053
[d7d8e8e994] - buffer: define global v8::CFunction objects as const (Mert Can Altin) #57676
[f37633e85a] - build: use $(BUILDTYPE) when cleaning coverage files (Aviv Keller) #57995
[e5bf67fe77] - build: define python when generating out/Makefile (Aviv Keller) #57970
[718f874ae0] - build: fix zstd libname (Antoine du Hamel) #57999
[53c5fdcae1] - crypto: fix cross-realm SharedArrayBuffer validation (Antoine du Hamel) #57974
[78f4ffee5d] - crypto: fix cross-realm check of ArrayBuffer (Felipe Forbeck) #57828
[f606352b63] - crypto: forbid passing Float16Array to getRandomValues() (Livia Medeiros) #57880
[23c4e941c2] - crypto: remove BoringSSL dh-primes addition (Shelley Vohr) #57023
[8339d9bc14] - deps: V8: cherry-pick f915fa4 (Chengzhong Wu) #55484
[c2111dd126] - deps: V8: backport e5dbbba (Darshan Sen) #58120
[4cc49be951] - deps: update zstd to 1.5.7 (Node.js GitHub Bot) #57940
[c956d37c84] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #57768
[c3ceaebb7a] - deps: update timezone to 2025b (Node.js GitHub Bot) #57857
[b5cd0eb590] - deps: update simdutf to 6.4.2 (Node.js GitHub Bot) #57855
[3eb6b814e9] - deps: update simdutf to 6.4.0 (Node.js GitHub Bot) #56764
[0be9fa3218] - deps: update icu to 77.1 (Node.js GitHub Bot) #57455
[d5cf4254fb] - doc: add HBSPS as triager (Wiyeong Seo) #57980
[ad0861dba0] - doc: add ambassaor message (Brian Muenzenmeyer) #57600
[0d3ec1aafe] - doc: fix misaligned options in vm.compileFunction() (Jimmy Leung) #58145
[1f70baf3b0] - doc: add missing options.signal to readlinePromises.createInterface() (Jimmy Leung) #55456
[ec6a48621f] - doc: fix typo of file zlib.md (yusheng chen) #58093
[37e360e386] - doc: make stability labels more consistent (Antoine du Hamel) #57516
[2b5d63d36e] - doc: allow the $schema property in node.config.json (Remco Haszing) #57560
[a2063638e2] - doc: fix AsyncLocalStorage example response changes after node v18 (Naor Tedgi (Abu Emma)) #57969
[474c2b14c3] - doc: mark Node.js 18 as End-of-Life (Richard Lau) #58084
[5059a746ec] - doc: add dario-piotrowicz to collaborators (Dario Piotrowicz) #58102
[1eec170fc3] - doc: fix formatting of import.meta.filename section (Antoine du Hamel) #58079
[7f108de525] - doc: fix env variable name in util.styleText (Antoine du Hamel) #58072
[54b3f7fffc] - doc: add returns for https.get (Eng Zer Jun) #58025
[66f2c605a8] - doc: fix typo in buffer.md (chocolateboy) #58052
[b0256dd42b] - doc: correct deprecation type of assert.CallTracker (René) #57997
[581439c9e6] - doc: mark devtools integration section as active development (Chengzhong Wu) #57886
[a2a2a2f027] - doc: fix typo in module.md (Alex Schwartz) #57889
[c0ec4e2935] - doc: increase z-index of header element (Dario Piotrowicz) #57851
[93d19ec6cd] - doc: add missing TS formats for load hooks (Antoine du Hamel) #57837
[f5ea06c61f] - doc: clarify the multi REPL example (Dario Piotrowicz) #57759
[80c4fe1b70] - doc: fix deprecation type for DEP0148 (Livia Medeiros) #57785
[01cad99da0] - doc: list DOMException as a potential error raised by Node.js (Chengzhong Wu) #57783
[a08b714a46] - doc: add missing v0.x changelog entries (Antoine du Hamel) #57779
[d0b48350fd] - doc: fix typo in writing-docs (Sebastian Beltran) #57776
[bde3725f8b] - doc: clarify examples section in REPL doc (Dario Piotrowicz) #57762
[c8ceaaf397] - (SEMVER-MINOR) doc: graduate multiple experimental apis (James M Snell) #57765
[92428c2609] - doc: explicitly state that corepack will be removed in v25+ (Trivikram Kamat) #57747
[298969e1dd] - doc: update position type to integer | null in fs (Yukihiro Hasegawa) #57745
[a9d28e27c9] - doc: update CI instructions (Antoine du Hamel) #57743
[133d2878a1] - doc: update example of using await in REPL (Dario Piotrowicz) #57653
[fc5f126629] - doc: add back mention of visa fees to onboarding doc (Darshan Sen) #57730
[945f4ac538] - doc: process.execve is only unavailable for Windows (Yaksh Bariya) #57726
[f3b885bb5e] - doc: clarify unhandledRejection events behaviors in process doc (Dario Piotrowicz) #57654
[7326dda5b0] - doc: improved fetch docs (Alessandro Miliucci) #57296
[6906c5eb1f] - doc: document REPL custom eval arguments (Dario Piotrowicz) #57690
[47a7564e8f] - doc: classify Chrome DevTools Protocol as tier 2 (Chengzhong Wu) #57634
[e274cc1310] - doc: replace NOTE that does not render properly (Colin Ihrig) #57484
[bef06b11df] - esm: avoid import.meta setup costs for unused properties (Antoine du Hamel) #57286
[e21b37d9df] - (SEMVER-MINOR) esm: graduate import.meta properties (James M Snell) #58011
[832640c35e] - (SEMVER-MINOR) esm: support top-level Wasm without package type (Guy Bedford) #57610
[8f643471ef] - fs: improve globSync performance (Rich Trott) #57725
[bf9e17ecc6] - http2: use args.This() instead of args.Holder() (Joyee Cheung) #58004
[137717354f] - http2: fix graceful session close (Kushagra Pandey) #57808
[9baf580269] - http2: fix check for frame->hd.type (hanguanqiang) #57644
[b8189242b2] - http2: skip writeHead if stream is closed (Shima Ryuhei) #57686
[4e02a1650a] - lib: remove unused file fetch_module (Michaël Zasso) #55880
[d9700fef26] - lib: avoid StackOverflow on serializeError (Chengzhong Wu) #58075
[f3a16b6d9c] - lib: resolve the issue of not adhering to the specified buffer size (0hm☘️🏳️‍⚧️) #55896
[d4fc282f73] - lib: fix AbortSignal.any() with timeout signals (Gürgün Dayıoğlu) #57867
[f7e2902861] - lib: use Map primordial for ActiveAsyncContextFrame (Gürgün Dayıoğlu) #57670
[8652b0e168] - meta: set nodejs/config as codeowner (Marco Ippolito) #57237
[e98504ed95] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #57966
[340731bea0] - meta: fix subsystem in commit title (Luigi Pinca) #57945
[d767cbffcf] - meta: bump Mozilla-Actions/sccache-action from 0.0.8 to 0.0.9 (dependabot[bot]) #57720
[575f904b13] - meta: bump actions/download-artifact from 4.1.9 to 4.2.1 (dependabot[bot]) #57719
[acd323c069] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #57718
[21246fec20] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #57717
[97f32d5849] - meta: bump github/codeql-action from 3.28.10 to 3.28.13 (dependabot[bot]) #57716
[90ddbb8cfa] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #57715
[728425d03e] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #57714
[1f799140e0] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #57713
[021b174a1f] - module: tidy code string concat → string templates (Jacob Smith) #55820
[44c5718476] - module: fix incorrect formatting in require(esm) cycle error message (haykam821) #57453
[bb09b4d4ae] - module: improve getPackageType performance (Dario Piotrowicz) #57599
[9e6054e715] - module: remove unnecessary readPackage function (Dario Piotrowicz) #57596
[4a8db273ba] - node-api: add nested object wrap and napi_ref test (Chengzhong Wu) #57981
[3c65058f20] - node-api: convert NewEnv to node_napi_env__::New (Vladimir Morozov) #57834
[a4105db1f7] - os: fix netmask format check condition in getCIDR function (Wiyeong Seo) #57324
[248c938139] - process: disable building execve on IBM i (Abdirahim Musse) #57883
[972275697a] - repl: deprecate repl.builtinModules (Dario Piotrowicz) #57508
[7485309d7e] - sqlite: add location method (Edy Silva) #57860
[c12cd2a190] - sqlite: add timeout options to DatabaseSync (Edy Silva) #57752
[5e0503a967] - sqlite: add setReturnArrays method to StatementSync (Gürgün Dayıoğlu) #57542
[ed9d2fd51a] - sqlite: enable common flags (Edy Silva) #57621
[06dcb318bc] - sqlite: refactor prepared statement iterator (Colin Ihrig) #57569
[c510391d2f] - (SEMVER-MINOR) sqlite: add StatementSync.prototype.columns() (Colin Ihrig) #57490
[4e24456a1a] - sqlite: reset statement immediately in run() (Colin Ihrig) #57350
[a9a6891b0b] - sqlite: fix coverity warnings related to backup() (Colin Ihrig) #56961
[d2e1bcf3d4] - sqlite: fix use-after-free in StatementSync due to premature GC (Divy Srivastava) #56840
[cfe15ca7b4] - sqlite: handle conflicting SQLite and JS errors (Colin Ihrig) #56787
[0e999eb65f] - sqlite: add getter to detect transactions (Colin Ihrig) #57925
[20b27331c0] - sqlite, test: expose sqlite online backup api (Edy Silva) #56253
[8856712171] - sqlite,doc,test: add aggregate function (Edy Silva) #56600
[120050db97] - sqlite,src: refactor sqlite value conversion (Edy Silva) #57571
[4c5555d558] - src: initialize privateSymbols for per_context (Jason Zhang) #57479
[d2ce9023b1] - src: ensure primordials are initialized exactly once (Chengzhong Wu) #57519
[06179be6ca] - src: disable abseil deadlock detection (Chengzhong Wu) #57582
[5121c47990] - src: fix node_config_file.h compilation error in GN build (Cheng) #57210
[5d1230bec0] - (SEMVER-MINOR) src: set default config as node.config.json (Marco Ippolito) #57171
[ccee741c43] - src: namespace config file flags (Marco Ippolito) #57170
[30bb1ccbb0] - (SEMVER-MINOR) src: create THROW_ERR_OPTIONS_BEFORE_BOOTSTRAPPING (Marco Ippolito) #57016
[0350c6f478] - (SEMVER-MINOR) src: add config file support (Marco Ippolito) #57016
[eef37d00cb] - src: add more debug logs and comments in NodePlatform (Joyee Cheung) #58047
[678e8f57c0] - src: add dcheck_eq for Object::New constructor calls (Jonas) #57943
[aee45e2036] - src: move windows specific fns to _WIN32 (Yagiz Nizipli) #57951
[6206a8edbc] - src: improve thread safety of TaskQueue (Shelley Vohr) #57910
[03936f31c1] - src: fixup errorhandling more in various places (James M Snell) #57852
[010dd91a19] - src: fix typo in comments (Edy Silva) #57868
[e00c1ecbd2] - src: add BaseObjectPtr nullptr operations (Chengzhong Wu) #56585
[648ad252e1] - src: remove void* -> char* -> void* casts (Tobias Nießen) #57791
[680b434a62] - src: improve error handing in node_messaging (James M Snell) #57760
[18f5301747] - src: remove unused detachArrayBuffer method (Yagiz Nizipli) #58055
[065e8cd670] - src: use macros to reduce code duplication is cares_wrap (James M Snell) #57937
[39af5d678f] - src: improve error handling in cares_wrap (James M Snell) #57937
[ca020fdc4e] - src: fix -Wunreachable-code-return in node_sea (Shelley Vohr) #57664
[32b6e7094a] - src: change DCHECK to CHECK (Wuli Zuo) #57948
[e1d3a9e192] - (SEMVER-MINOR) src: add ExecutionAsyncId getter for any Context (Attila Szegedi) #57820
[96243a723a] - src: update std::vector<v8::Local<T>> to use v8::LocalVector<T> (Aditi) #57646
[0f2cbc17c7] - src: update std::vector<v8::Local<T>> to use v8::LocalVector<T> (Aditi) #57642
[d1c6f861d5] - src: update std::vector<v8::Local<T>> to use v8::LocalVector<T> (Aditi) #57578
[ab0d3a38db] - src: improve error message for invalid child stdio type in spawn_sync (Dario Piotrowicz) #57589
[24b182e7b3] - src: implement util.types fast API calls (Ruben Bridgewater) #57819
[dda6423be9] - src: enter and lock isolate properly in json parser (Joyee Cheung) #57823
[4754c693f8] - src: improve error handling in node_env_var.cc (Antoine du Hamel) #57767
[db483bbe63] - src: improve error handling in node_http2 (James M Snell) #57764
[b0277700d6] - src: improve error handling in crypto_x509 (James M Snell) #57757
[353587f984] - src: improve error handling in callback.cc (James M Snell) #57758
[bec053ab20] - src: remove unused variable in crypto_x509.cc (Michaël Zasso) #57754
[38a329a857] - src: fix kill signal 0 on Windows (Stefan Stojanovic) #57695
[70bb387f82] - src: fix inefficient usage of v8_inspector::StringView (Simon Zünd) #52372
[be038f0273] - src,permission: make ERR_ACCESS_DENIED more descriptive (Rafael Gonzaga) #57585
[0ec912f452] - (SEMVER-MINOR) stream: preserve AsyncLocalStorage context in finished() (Gürgün Dayıoğlu) #57865
[6ffb66f82f] - test: fix permission fixtures lint (Rafael Gonzaga) #55819
[fd37891186] - test: add repl preview timeout test (Chengzhong Wu) #55484
[1be5a8c1b4] - test: skip test-config-json-schema with quic (Richard Lau) #57225
[e90583b657] - test: add more coverage to node_config_file (Marco Ippolito) #57170
[df2a36bfcc] - test: remove deadlock workaround (Joyee Cheung) #58047
[103034b051] - test: prevent extraneous HOSTNAME substitution in test-runner-output (René) #58076
[3e58f81a38] - test: update WPT for WebCryptoAPI to b48efd6 (Node.js GitHub Bot) #58044
[2f4e4164a3] - test: add missing newlines to repl .exit writes (Dario Piotrowicz) #58041
[b40769292e] - test: add fast api tests for getLibuvNow() (Yagiz Nizipli) #58022
[cbd5768d47] - test: add ALS test using http agent keep alive (Gerhard Stöbich) #58017
[9e31ab502a] - test: deflake test-http2-options-max-headers-block-length (Luigi Pinca) #57959
[13f8f9cc12] - test: rename to getCallSites (Wuli Zuo) #57948
[92dce6ed6b] - test: force GC in test-file-write-stream4 (Luigi Pinca) #57930
[aa755d3acf] - test: enable skipped colorize test (Shima Ryuhei) #57887
[331f44c78c] - test: update WPT for WebCryptoAPI to 164426a (Node.js GitHub Bot) #57854
[4aaa8438b4] - test: add test for frame count being 0.5 (Jake Yuesong Li) #57732
[fb51d3a0c5] - test: fix the decimal fractions explaination (Jake Yuesong Li) #57732
[c6a45a9087] - Revert "test: add tests for REPL custom evals" (Tobias Nießen) #57793
[f3a4d03963] - test: add tests for REPL custom evals (Dario Piotrowicz) #57691
[a3be0df337] - test: update expected error message for macOS (Antoine du Hamel) #57742
[a7e73a0a74] - test: fix dangling promise in test_runner no isolation test setup (Jacob Smith) #57595
[edb7dd1ec7] - test_runner: match minimum file column to 'all files' (Shima Ryuhei) #57848
[c56f495e83] - tools: extract target abseil to abseil.gyp (Chengzhong Wu) #57289
[1b37161a27] - tools: ignore V8 tests in CodeQL scans (Rich Trott) #58081
[23386308dd] - tools: enable CodeQL config file (Rich Trott) #58036
[9c21abc169] - tools: ignore test directory in CodeQL scans (Rich Trott) #57978
[f210a1530d] - tools: add semver-major release support to release-lint (Antoine du Hamel) #57892
[234c417e98] - tools: add codeql nightly (Rafael Gonzaga) #57788
[938f1532da] - tools: edit create-release-proposal workflow to handle pr body length (Elves Vieira) #57841
[b362339f72] - tools: add zstd updater to workflow (KASEYA\yahor.siarheyenka) #57831
[61180db9c0] - tools: remove unused osx-pkg-postinstall.sh (Antoine du Hamel) #57667
[3ae04c94eb] - tools: do not use temp files when merging MRs (Antoine du Hamel) #57790
[d623c2c2b4] - tools: update gyp-next to 0.20.0 (Node.js GitHub Bot) #57683
[43ea4c532a] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #57721
[5703147470] - tools: enable linter in test/fixtures/source-map/output (Antoine du Hamel) #57700
[80d58c372d] - tools: enable linter in test/fixtures/errors (Antoine du Hamel) #57701
[ef5275b7be] - tools: enable linter in test/fixtures/test-runner/output (Antoine du Hamel) #57698
[631733e41f] - tools: enable linter in test/fixtures/eval (Antoine du Hamel) #57699
[6d0128695f] - tools: enable linter on some fixtures file (Antoine du Hamel) #57674
[f4d7cbae89] - tools: update ESLint to 9.23 (Antoine du Hamel) #57673
[5a39a24cd1] - typings: fix ModulesBinding types (Antoine du Hamel) #55549
[2df7ce9ebd] - util: fix parseEnv handling of invalid lines (Augustin Mauroy) #57798
[416052a9f2] - util: fix formatting of objects with built-in Symbol.toPrimitive (Shima Ryuhei) #57832
[43490c8797] - (SEMVER-MINOR) util: add types.isFloat16Array() (Livia Medeiros) #57879
[30060e13d3] - util: preserve length of deprecated functions (Livia Medeiros) #57806
[9837e08a84] - util: fix parseEnv incorrectly splitting multiple ‘=‘ in value (HEESEUNG) #57421
[af41dd3c07] - watch: clarify completion/failure watch mode messages (Dario Piotrowicz) #57926
[7229a29b47] - watch: check parent and child path properly (Jason Zhang) #57425
[1b5a7c6dc8] - win: fix SIGQUIT on ClangCL (Stefan Stojanovic) #57659
[e935c3c6f2] - worker: add ESM version examples to worker docs (fisker Cheung) #57645
[dda6ca9172] - (SEMVER-MINOR) worker: add worker.getHeapStatistics() (Matteo Collina) #57888
[f2159f2a44] - zlib: fix pointer alignment (jhofstee) #57727

`v22.15.1`: 2025-05-14, Version 22.15.1 'Jod' (LTS), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

(CVE-2025-23166) fix error handling on async crypto operation
(CVE-2025-23165) add missing call to uv_fs_req_cleanup

Commits

[edaf54da00] - fs: added test for missing call to uv_fs_req_cleanup (Justin Nietzel) #57811
[9f403e98ef] - (CVE-2025-23165) fs: add missing call to uv_fs_req_cleanup (Justin Nietzel) #57811
[f4494d38f1] - (CVE-2025-23166) src: fix error handling on async crypto operations (RafaelGSS) nodejs-private/node-private#709

`v22.15.0`: 2025-04-23, Version 22.15.0 'Jod' (LTS), @UlisesGascon prepared by @RafaelGSS

Compare Source

Notable Changes

[3c88f3938b] - (SEMVER-MINOR) assert: implement partial error comparison (Ruben Bridgewater) #57370
[db19a3f9fc] - (SEMVER-MINOR) assert: improve partialDeepStrictEqual (Ruben Bridgewater) #57370
[1ee5f840b4] - (SEMVER-MINOR) cli: allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
[872ee0f2ac] - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
[03a0f3a56b] - (SEMVER-MINOR) crypto: support --use-system-ca on Windows (Joyee Cheung) #56833
[94647bbdb2] - (SEMVER-MINOR) crypto: added support for reading certificates from macOS system store (Tim Jacomb) #56599
[8f7b86a6e7] - deps: update timezone to 2025a (Node.js GitHub Bot) #56876
[f9f611fb58] - (SEMVER-MINOR) deps,tools: add zstd 1.5.6 (Jan Martin) #52100
[07a6d5f8cf] - (SEMVER-MINOR) dns: add TLSA record query and parsing (Rithvik Vibhu) #52983
[d8a83ef2f3] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241
[6b93ba723b] - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
[b2e44a8079] - (SEMVER-MINOR) module: implement module.registerHooks() (Joyee Cheung) #55698
[dc91ae7471] - (SEMVER-MINOR) process: add execve (Paolo Insogna) #56496
[bc672fcfdd] - (SEMVER-MINOR) sqlite: allow returning ArrayBufferViews from user-defined functions (René) #56790
[5edee197ab] - (SEMVER-MINOR) tls: implement tls.getCACertificates() (Joyee Cheung) #57107
[f9fe0e09ee] - (SEMVER-MINOR) util: expose diff function used by the assertion errors (Giovanni Bucci) #57462
[673a424180] - (SEMVER-MINOR) v8: add v8.getCppHeapStatistics() method (Aditi) #57146
[4991e5d826] - (SEMVER-MINOR) zlib: add zstd support (Jan Martin) #52100

Commits

[ea70a379c3] - assert: improve partialDeepStrictEqual performance (Ruben Bridgewater) #57509
[2b419d7e79] - (SEMVER-MINOR) assert: implement partial error comparison (Ruben Bridgewater) #57370
[d817c17fd7] - (SEMVER-MINOR) assert: improve partialDeepStrictEqual (Ruben Bridgewater) #57370
[7af0440073] - assert: improve myers diff performance (Giovanni Bucci) #57279
[01cf5fb871] - (SEMVER-MINOR) assert,util: improve performance (Ruben Bridgewater) #57370
[a58842cee4] - (SEMVER-MINOR) benchmark: adjust assert runtimes (Ruben Bridgewater) #57370
[b20b3697aa] - (SEMVER-MINOR) benchmark: skip running some assert benchmarks by default (Ruben Bridgewater) #57370
[ec5570fd1e] - (SEMVER-MINOR) benchmark: add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
[b991bf4ca6] - benchmark: add a warmup on bench-openSync (Elves Vieira) #57051
[4a455bc806] - build: fix update-wpt workflow (Jonas) #57468
[6ec397e61c] - build: fix compatibility with V8's depot_tools (Richard Lau) #57330
[475aaca336] - build: print 'Formatting Markdown...' for long task markdown formatting (1ilsang) #57108
[73fced7a97] - build: fix GN build failure (Cheng) #57013
[af05f91425] - build: fix GN build of uv (Cheng) #56955
[fd3053e947] - build: gyp exclude libm linking on macOS (deepak1556) #56901
[5ec6b9a50f] - build: remove explicit linker call to libm on macOS (deepak1556) #56901
[a893da9be7] - build: link with Security.framework in GN build (Cheng) #56895
[02cd8e0a50] - build: do not put commands in sources variables (Cheng) #56885
[73dc8c2140] - build: add double quotes around <(python) (Luigi Pinca) #56826
[65a3b5f73c] - build: add build option suppress_all_error_on_warn (Michael Dawson) #56647
[424aacc942] - build,win: disable node pch with ccache (Stefan Stojanovic) #57224
[901685c723] - build,win: enable ccache (Stefan Stojanovic) #56847
[79987676c1] - cli: clarify --cpu-prof-name allowed values (Eugenio Ceschia) #57433
[503d4237aa] - (SEMVER-MINOR) cli: allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
[ada572b733] - crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports (Filip Skokan) #57450
[7e5aabde55] - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
[7ea6ac1e09] - crypto: add support for intermediate certs in --use-system-ca (Tim Jacomb) #57164
[44b19ec534] - crypto: support --use-system-ca on non-Windows and non-macOS (Joyee Cheung) #57009
[e21d126438] - crypto: fix missing OPENSSL_NO_ENGINE guard (Shelley Vohr) #57012
[2fdf82b357] - crypto: cleanup root certificates and skip PEM deserialization (Joyee Cheung) #56999
[03a0f3a56b] - (SEMVER-MINOR) crypto: support --use-system-ca on Windows (Joyee Cheung) #56833
[bbdb10bc2c] - crypto: fix X509* leak in --use-system-ca (Joyee Cheung) #56832
[5470cab6d3] - crypto: add api to get openssl security level (Michael Dawson) #56601
[94647bbdb2] - (SEMVER-MINOR) crypto: added support for reading certificates from macOS system store (Tim Jacomb) #56599
[caf81ca549] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #57498
[1d703fe220] - deps: update c-ares to v1.34.5 (Node.js GitHub Bot) #57792
[98457dfea3] - deps: update undici to 6.21.2 (Matteo Collina) #57442
[4a852ba11b] - deps: V8: cherry-pick c172ffc (Choongwoo Han) #57437
[54a12e0bcc] - deps: update googletest to 0bdccf4 (Node.js GitHub Bot) #57380
[2e350963e5] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #57382
[95e5d01c25] - deps: update amaro to 0.4.1 (marco-ippolito) #57121
[ef216deb05] - deps: update amaro to 0.3.2 (marco-ippolito) #56916
[4ef4d6ecf6] - deps: update amaro to 0.3.1 (Node.js GitHub Bot) #56785
[a8bf5ef4a7] - deps: update simdjson to 3.12.2 (Node.js GitHub Bot) #57084
[0bd612bb32] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #57335
[7d65f79306] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #57335
[5c88c52491] - deps: update corepack to 0.32.0 (Node.js GitHub Bot) #57265
[fa04bf4999] - deps: update gyp file for ngtcp2 1.11.0 (Richard Lau) #57225
[ca6b07258d] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #57180
[0a72b16fe1] - deps: update ngtcp2 to 1.11.0 (Node.js GitHub Bot) #57179
[600fb41f54] - deps: update sqlite to 3.49.1 (Node.js GitHub Bot) #57178
[7eb3b44010] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #56655
[257d22e181] - deps: update sqlite to 3.49.0 (Node.js GitHub Bot) #56654
[53a7bfce01] - deps: V8: cherry-pick 9ab4059 (Levi Zim) #56781
[636f65cb1a] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #56855
[8f7b86a6e7] - deps: update timezone to 2025a (Node.js GitHub Bot) #56876
[db31276bfa] - deps: update simdjson to 3.12.0 (Node.js GitHub Bot) #56874
[d1d58d6198] - deps: update googletest to e235eb3 (Node.js GitHub Bot) #56873
[05b3dff275] - deps: update simdjson to 3.11.6 (Node.js GitHub Bot) #56250
[f9f611fb58] - (SEMVER-MINOR) deps,tools: add zstd 1.5.6 (Jan Martin) #52100
[ef212a41a7] - dns: restore dns query cache ttl (Ethan Arrowood) #57640
[7a10b01e97] - dns: remove redundant code using common variable (Deokjin Kim) #57386
[bc2603f086] - (SEMVER-MINOR) dns: add TLSA record query and parsing (Rithvik Vibhu) #52983
[38a2e5d60b] - doc: add gurgunday as triager (Gürgün Dayıoğlu) #57594
[b7ac0bd129] - doc: clarify behaviour of node-api adjust function (Michael Dawson) #57463
[fa834896c8] - doc: remove Corepack documentation (Antoine du Hamel) #57635
[8988173286] - doc: remove mention of --require not supporting ES modules (Huáng Jùnliàng) #57620
[3a7d179dbd] - doc: mention reports should align with Node.js CoC (Rafael Gonzaga) #57607
[983c5087f6] - doc: add section stating that very stale MRs should be closed (Dario Piotrowicz) #57541
[f4e1f702d4] - doc: add bjohansebas as triager (Sebastian Beltran) #57564
[9b7fd6b076] - doc: update support channels (Claudio W.) #57538
[ef624aff55] - doc: remove cryptoStream API reference (Jonas) #57579
[4a2afc255a] - doc: module resolution pseudocode corrections (Marcel Laverdet) #57080
[ee5059426d] - doc: add history entry for DEP0190 in child_process.md (Antoine du Hamel) #57544
[4deebb4fca] - doc: remove deprecated pattern in child_process.md (Antoine du Hamel) #57568
[6cd7b37d9c] - doc: mark multiple experimental APIS as stable (James M Snell) #57510
[c2f1fa0928] - doc: remove mertcanaltin from Triagers (Mert Can Altin) #57531
[9b6047e520] - doc: recommend watching the collaborators repo in the onboarding doc (Darshan Sen) #57527
[bf1e297079] - doc: remove mention of visa fees from onboarding doc (Darshan Sen) #57526
[1041331094] - doc: deprecate passing args to spawn and execFile (Antoine du Hamel) #57389
[06994d5a75] - doc: remove some inconsistencies in deprecations.md (Antoine du Hamel) #57512
[707f851ba3] - doc: run license-builder (github-actions[bot]) #57511
[a7793195d6] - doc: add new writing-docs contributing md (Dario Piotrowicz) #57502
[30d4a43b3d] - doc: add node.js streams references to Web Streams doc (Dario Piotrowicz) #57393
[e08365980b] - doc: prefer to sign commits under nodejs repository (Rafael Gonzaga) #57311
[c35e1f9048] - doc: fixed the incorrect splitting of multiple words (letianpailove) #57454
[3e1f3bc2bb] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #57449
[fef3f82a41] - doc: add history info for --use-system-ca (Darshan Sen) #57432
[96afdf949d] - doc: remove typo YAML snippet from tls.getCACertificates doc (Darshan Sen) #57459
[800d61d47e] - doc: fix typo in sqlite.md (Tobias Nießen) #57473
[4876aee775] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #57426
[2dd72c658f] - doc: update maintaining-openssl.md for openssl (Richard Lau) #57413
[a49fd31f04] - doc: add missing deprecated badges in fs.md (Yukihiro Hasegawa) #57384
[3a4ed77674] - doc: add note about sync nodejs-private branches (Rafael Gonzaga) #57404
[1025e6dc7c] - doc: update Xcode version used for arm64 and pkg (Michaël Zasso) #57104
[77b9e04a70] - doc: improve type stripping documentation (Marco Ippolito) #56916
[3a75e8410d] - doc: specificy support for erasable ts syntax (Marco Ippolito) #56916
[69f12f9686] - doc: make first parameter optional in util.getCallSites (Deokjin Kim) #57387
[2b4e737ffb] - doc: fix usage of module.registerSync in comment (Timo Kössler) #57328
[f320593958] - doc: add Darshan back as voting TSC member (Michael Dawson) #57402
[2b7765469a] - doc: revise webcrypto.md types, interfaces, and added versions (Filip Skokan) #57376
[649828c74a] - doc: add info on how project manages social media (Michael Dawson) #57318
[2a2e1cfd71] - doc: revise tsconfig.json note (Steven) #57353
[17883b1d46] - doc: use more clear name in getSystemErrorMessage's example (ikuma-t) #57310
[7feed9989b] - doc: recommend setting noEmit: true in tsconfig.json (Steven) #57320
[fe707ab162] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #57309
[f3c58ab693] - doc: fix Windows ccache section position (Stefan Stojanovic) #57326
[e69170bacd] - doc: update node-api version matrix (Chengzhong Wu) #57287
[0bc1fd2245] - doc: recommend erasableSyntaxOnly in ts docs (Rob Palmer) #57271
[068013744e] - doc: clarify path.isAbsolute is not path traversal mitigation (Eric Fortis) #57073
[238b0e856e] - doc: fix rendering of DEP0174 description (David Sanders) #56835
[db0bcefd14] - doc: add 1ilsang to triage team (1ilsang) #57183
[52a593feab] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241
[89f4475e32] - doc: add missing assert return types (Colin Ihrig) #57219
[62b6d94c03] - doc: add streamResetBurst and streamResetRate (Sujal Raj) #57195
[f150017e70] - doc: add esm examples to node:util (Alfredo González) #56793
[99465ffa9c] - doc: update options to filehandle.appendFile() (Hasegawa-Yukihiro) #56972
[6242520a90] - doc: add additional caveat for fs.watch (Michael Dawson) #57150
[19cda4791a] - doc: fix typo in Windows building instructions (Tim Jacomb) #57158
[ef206add59] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #57076
[7243c1713d] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #52607
[617fe71f67] - doc: fix 'introduced_in' version in typescript module (1ilsang) #57109
[6cc15b8dc9] - doc: fix link and history of SourceMap sections (Antoine du Hamel) #57098
[6be8189041] - doc: add module namespace object links (Dario Piotrowicz) #57093
[8611c4a3ea] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #57092
[79da145a55] - doc: update clang-cl on Windows building guide (Joyee Cheung) #57087
[845eaf91be] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #57090
[42c5e23eb1] - doc: modules.md: fix distance definition (Alexander “weej” Jones) #57046
[bda851aaa3] - doc: fix wrong verb form (Dario Piotrowicz) #57091
[64e13fd36e] - doc: fix transpiler loader hooks documentation (Joyee Cheung) #57037
[51494d8b78] - doc: add a note about require('../common') in testing documentation (Aditi) #56953
[053b128e9c] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #57028
[a20c62a00c] - doc: improve documentation on argument validation (Aditi) #56954
[2921658813] - doc: buffer: fix typo on Buffer.copyBytesFrom( offset option (tpoisseau) #57015
[6f4ab1c9b2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #57004
[5285facb3e] - doc: move stability index after history section for consistency (Antoine du Hamel) #56997
[a7646e17ff] - doc: add signal to filehandle.writeFile() options (Yukihiro Hasegawa) #56804
[ba031089e6] - doc: run license-builder (github-actions[bot]) #56985
[afa6f93a32] - doc: update history of stream.Readable.toWeb() (Jimmy Leung) #56928
[cc644de126] - doc: make MDN links to global classes more consistent (Antoine du Hamel) #56924
[93bba4eee1] - doc: make MDN links to global classes more consistent in assert.md (Antoine du Hamel) #56920
[ad03c85f98] - doc: make MDN links to global classes more consistent (Antoine du Hamel) #56923
[96c2a90dee] - doc: make MDN links to global classes more consistent in util.md (Antoine du Hamel) #56922
[6bb73c0745] - doc: make MDN links to global classes more consistent in buffer.md (Antoine du Hamel) #56921
[824cf35475] - doc: update post sec release process (Rafael Gonzaga) #56907
[027749eb17] - doc: update websocket link to avoid linking to self (Chengzhong Wu) #56897
[5dcb9d632b] - doc: mark --env-file-if-exists flag as experimental (Juan José) #56893
[4f6d751bf5] - doc: fix typo in cjs example of util.styleText (Deokjin Kim) #56769
[313d9db7a5] - doc: clarify sqlite user-defined function behaviour (René) #56786
[eff42956c4] - doc: correct customization hook types & clarify descriptions (Jacob Smith) #56454
[64180421c2] - events: getMaxListeners detects 0 listeners (Matthew Aitken) #56807
[2de27787b4] - fs: apply exclude function to root path (Rich Trott) #57420
[b6df9e350a] - fs: handle UV_ENOTDIR in fs.statSync with throwIfNoEntry provided (Juan José Arboleda) #56996
[14b2d496a0] - fs: make FileHandle.readableWebStream always create byte streams (Ian Kerins) #55461
[10d2f1d898] - http: coerce content-length to number (Marco Ippolito) #57458
[9192b7fa25] - http: be more generational GC friendly (ywave620) #56767
[1cf98a8788] - inspector: convert event params to protocol without json (Chengzhong Wu) #57027
[6dcad868bb] - inspector: skip promise hook in the inspector async hook (Joyee Cheung) #57148
[787e93f75a] - inspector: add Network.Initiator in inspector protocol (Chengzhong Wu) #56805
[c7c04d0dc8] - inspector: fix GN build (Cheng) #56798
[177da9c3c3] - inspector: fix StringUtil::CharacterCount for unicodes (Chengzhong Wu) #56788
[1b5418eeea] - lib: add warning when binding inspector to public IP (Demian Parkhomenko) #55736
[cc4d33842b] - lib: limit split function calls to prevent excessive array length (Gürgün Dayıoğlu) #57501
[0546612d1d] - lib: make getCallSites sourceMap option truly optional (James M Snell) #57388
[d7d54e6bf3] - lib: optimize priority queue (Gürgün Dayıoğlu) #57100
[62761c73a1] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #57177
[5dce55c376] - meta: add some clarification to the nomination process (James M Snell) #57503
[a2a4cf1d95] - meta: remove collaborator self-nomination (Rich Trott) #57537
[244f74b844] - meta: edit collaborator nomination process (Antoine du Hamel) #57483
[dec204bb3f] - meta: move ovflowd to emeritus (Claudio W.) #57443
[c0b8b84384] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #57257
[14cbe292da] - meta: bump github/codeql-action from 3.28.8 to 3.28.10 (dependabot[bot]) #57254
[69d2dd69e2] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #57253
[5f3428ded6] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) #57292
[3eea8c72fc] - meta: bump actions/download-artifact from 4.1.8 to 4.1.9 (dependabot[bot]) #57260
[2508893edb] - meta: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (dependabot[bot]) #57259
[fc09523f44] - meta: bump step-security/harden-runner from 2.10.4 to 2.11.0 (dependabot[bot]) #57258
[b162402440] - meta: bump actions/cache from 4.2.0 to 4.2.2 (dependabot[bot]) #57256
[f781be1332] - meta: bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot]) #57255
[7934ad9fc0] - meta: bump actions/setup-python from 5.3.0 to 5.4.0 (dependabot[bot]) #56867
[eb4fb9ce90] - meta: bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (dependabot[bot]) #56866
[a14e7f1cc4] - meta: bump mozilla-actions/sccache-action from 0.0.6 to 0.0.7 (dependabot[bot]) #56865
[6c8a9e3d0d] - meta: bump codecov/codecov-action from 5.0.7 to 5.3.1 (dependabot[bot]) #56864
[f438c27cbf] - meta: bump step-security/harden-runner from 2.10.2 to 2.10.4 (dependabot[bot]) #56863
[24b7fcb153] - meta: bump actions/cache from 4.1.2 to 4.2.0 (dependabot[bot]) #56862
[a0afc47988] - meta: bump actions/stale from 9.0.0 to 9.1.0 (dependabot[bot]) #56860
[8abf4e5d7d] - meta: bump github/codeql-action from 3.27.5 to 3.28.8 (dependabot[bot]) #56859
[c5bff736e9] - meta: add CODEOWNERS for SQLite (Colin Ihrig) #57147
[fd2abaa088] - meta: update last name for jkrems (Jan Martin) #57006
[2383f00aae] - meta: bump actions/upload-artifact from 4.4.3 to 4.6.0 (dependabot[bot]) #56861
[35b3140d03] - meta: bump actions/setup-node from 4.1.0 to 4.2.0 (dependabot[bot]) #56868
[815fcef73d] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #56889
[08001127a2] - meta: add @nodejs/url as codeowner (Chengzhong Wu) #56783
[3ceda2a035] - module: handle cached linked async jobs in require(esm) (Joyee Cheung) #57187
[4c29cc7e6b] - module: add dynamic file-specific ESM warnings (Mert Can Altin) #56628
[d1845edd21] - module: improve error message from asynchronicity in require(esm) (Joyee Cheung) #57126
[41fa7d3c21] - module: allow omitting context in synchronous next hooks (Joyee Cheung) #57056
[deddecce3a] - module: fix require.resolve() crash on non-string paths (Aditi) #56942
[926b887534] - module: fixing url change in load sync hook chain (Vitalii Akimov) #56402
[6b93ba723b] - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
[b2e44a8079] - (SEMVER-MINOR) module: implement module.registerHooks() (Joyee Cheung) #55698
[e79e67f6dc] - net: validate non-string host for socket.connect (Daeyeon Jeong) #57198
[e23056212e] - net: replace brand checks with identity checks (Yagiz Nizipli) #57341
[9c0d5e140b] - net: emit an error when custom lookup resolves to a non-string address (Edy Silva) #57192
[2ce79787de] - (SEMVER-MINOR) process: add execve (Paolo Insogna) #56496
[712db2232c] - readline: add support for Symbol.dispose (Antoine du Hamel) #57276
[55fb81c0f1] - readline: fix unresolved promise on abortion (Daniel Venable) #54030
[dfcd9b1ac2] - sea: suppress builtin warning with disableExperimentalSEAWarning option (koooge) #57086
[bd5c90654a] - sqlite: add support for unknown named parameters (Colin Ihrig) #57552
[ec571382a4] - sqlite: add DatabaseSync.prototype.isOpen (Colin Ihrig) #57522
[bb3bbed126] - sqlite: add DatabaseSync.prototype[Symbol.dispose]() (Colin Ihrig) #57506
[6067bea027] - sqlite: restore changes from #55373 (Colin Ihrig) #56908
[bc672fcfdd] - (SEMVER-MINOR) sqlite: allow returning ArrayBufferViews from user-defined functions (René) #56790
[227603dc30] - sqlite,test,doc: allow Buffer and URL as database location (Edy Silva) #56991
[9dd324467a] - src: cleanup aliased_buffer.h (Mohammed Keyvanzadeh) #57395
[45a2b8532b] - src: do not pass nullptr to std::string ctor (Charles Kerr) #57354
[854370a06c] - src: fix process exit listeners not receiving unsettled tla codes (Dario Piotrowicz) #56872
[f7fb259193] - src: refactor SubtleCrypto algorithm and length validations (Filip Skokan) #57319
[c7bcc2d6c8] - src: allow embedder customization of OOMErrorHandler (Shelley Vohr) #57325
[fbd8862156] - src: use Maybe<void> in ProcessEmitWarningSync (Daeyeon Jeong) #57250
[04de550289] - src: make even more improvements to error handling (James M Snell) #57264
[f1c5e46f89] - src: use cached emit v8::String (Daeyeon Jeong) #57249
[65b8e12689] - src: refactor SubtleCrypto algorithm and length validations (Filip Skokan) #57273
[b6091a8b21] - src: make more error handling improvements (James M Snell) #57262
[3bd8a6c76e] - src: fix typo in comment (Antoine du Hamel) #57291
[f7e39385ae] - src: improve error handling in node_messaging.cc (James M Snell) #57211
[1bb561bede] - src: improve error handling in tty_wrap.cc (James M Snell) #57211
[567d321a40] - src: improve error handling in tcp_wrap.cc (James M Snell) #57211
[f8bee871f7] - src: fix ThrowInvalidURL call in PathToFileURL (Daniel M Brasil) #57141
[817f7d0e2e] - src: improve error handling in buffer and dotenv (James M Snell) #57189
[11ef7f9d9c] - src: improve error handling in module_wrap (James M Snell) #57188
[3b08d718b1] - src: improve error handling in spawn_sync (James M Snell) #57185
[9221c2ad87] - src: detect whether the string is one byte representation or not (theweipeng) #56147
[e323694772] - src: fix crash when lazy getter is invoked in a vm context (Chengzhong Wu) #57168
[9363b05a91] - src: do not format single string argument for THROW_ERR_* (Joyee Cheung) #57126
[5d6a1bc35b] - src: move instead of copy shared pointer in node_blob (Michaël Zasso) #57120
[5dab48fd9f] - src: replace NewFromUtf8 with OneByteString where appropriate (James M Snell) #57096
[0fe60b478d] - src: port defineLazyProperties to native code (Antoine du Hamel) #57081
[792959db1d] - src: improve error handling in node_blob (James M Snell) #57078
[e05e2cfb1e] - src: fix accessing empty string (Cheng) #57014
[619e52ce8d] - src: lock the isolate properly in IsolateData destructor (Joyee Cheung) #57031
[844a4a884d] - src: add self-assigment memcpy checks (Burkov Egor) #56986
[0d1e79740f] - src: improve node::Dotenv trimming (Dario Piotrowicz) #56983
[50f164e23b] - src: improve error handling in string_bytes/decoder (James M Snell) #56978
[93aa4393a4] - src: improve error handling in process_wrap (James M Snell) #56977
[c1c824e38d] - src: use args.This() in zlib (Michaël Zasso) #56988
[0a8e474bdc] - src: add nullptr handling for NativeKeyObject (Burkov Egor) #56900
[1ea6198a5a] - src: disallow copy/move fns/constructors (Yagiz Nizipli) #56811
[e4100853cb] - src: add a hard dependency v8_inspector_headers (Chengzhong Wu) #56805
[a1f92898c0] - src: improve error handling in encoding_binding.cc (James M Snell) #56915
[dee8793d94] - src: improve error handling in permission.cc (James M Snell) #56904
[f41bc4cfd7] - src: improve error handling in node_sqlite (James M Snell) #56891
[e4df6181bf] - src: improve error handling in node_os by removing ToLocalChecked (James M Snell) #56888
[2c96e7a32c] - src: improve error handling in node_url (James M Snell) #56886
[36926ae8d8] - src: add check for Bignum in GroupOrderSize (Burkov Egor) #56702
[a68f127a30] - src: reduce string allocations on sqlite (Yagiz Nizipli) #57227
[e41b1735f1] - stream: fix sizeAlgorithm validation in WritableStream (Daeyeon Jeong) #57280
[3bc877dc5c] - test: add more number cases for buffer.indexOf (Meghan Denny) #57200
[cac9a4e832] - test: update parallel/test-tls-dhe for OpenSSL 3.5 (Richard Lau) #57477
[3082ab3a64] - test: module syntax should throw (Marco Ippolito) #57121
[9b0dfc9a44] - test: update snapshots for amaro v0.3.2 (Marco Ippolito) #56916
[2defc35ea8] - test: test runner run plan (Pietro Marchini) #57304
[ccb3df70be] - test: update WPT for WebCryptoAPI to edd42c0 (Node.js GitHub Bot) #57365
[528103c5d0] - test: simplify test-tls-connect-abort-controller.js (Yagiz Nizipli) #57338
[17e21e6eb5] - test: use assert.match in test-esm-import-meta (Antoine du Hamel) #57290
[77bbee5184] - test: update compression wpt (Yagiz Nizipli) #56960
[4fe88f8f53] - Revert "test: temporary remove resource check from fs read-write" (Rafael Gonzaga) #56906
[766efc7758] - test: more common.mustNotCall in net, tls (Meghan Denny) #57246
[562e635e11] - test: swap assert.strictEqual() parameters (Luigi Pinca) #57217
[64fdfd5622] - test: assert write return values in buffer-bigint64 (Meghan Denny) #57212
[dd538e7cf1] - test: allow embedder running async context frame test (Shelley Vohr) #57193
[937bbeb2b6] - test: resolve race condition in test-net-write-fully-async-* (Matteo Collina) #57022
[32df9f27d8] - test: add doAppendAndCancel test (Hasegawa-Yukihiro) #56972
[90c98df258] - test: fix test-without-async-context-frame.mjs in debug mode (Joyee Cheung) #57034
[974817c9fc] - test: make eval snapshot comparison more flexible (Shelley Vohr) #57020
[09741cd129] - test: simplify test-http2-client-promisify-connect-error (Luigi Pinca) #57144
[89f3feb364] - test: improve error output of test-http2-client-promisify-connect-error (Antoine du Hamel) #57135
[25751eba4d] - test: add case for unrecognised fields within pjson "exports" (Jacob Smith) #57026
[bf0b9fa7c0] - test: remove unnecessary assert requiring from tests (Dario Piotrowicz) #57008
[8cfb2df466] - test: reduce flakiness on test-net-write-fully-async-buffer (Yagiz Nizipli) #56971
[43c8c101da] - test: remove flakiness on macOS test (Yagiz Nizipli) #56971
[bd47178f7f] - test: improve timeout duration for debugger events (Yagiz Nizipli) #56970
[65694aa2fd] - test: remove unnecessary syscall to cpuinfo (Yagiz Nizipli) #56968
[5633c4b2df] - test: update webstorage wpt (Yagiz Nizipli) #56963
[2244a2776a] - test: execute shell directly for refresh() (Yagiz Nizipli) #55051
[afae4b1216] - test: change jenkins reporter (Carlos Espa) #56808
[b26592a7c4] - test: fix race condition in test-child-process-bad-stdio (Colin Ihrig) #56845
[72c2279649] - test: adjust check to use OpenSSL sec level (Michael Dawson) #56819
[9551b27651] - test: test-crypto-scrypt.js doesn't need internals (Meghan Denny) #56673
[3095db84be] - test: set test-fs-cp as flaky (Stefan Stojanovic) #56799
[31f98d7ccd] - test: search cctest files (Chengzhong Wu) #56791
[267f17d5f6] - test: convert test_encoding_binding.cc to a JS test (Chengzhong Wu) #56791
[a875d7bdd1] - test: test-crypto-prime.js doesn't need internals (Meghan Denny) #56675
[85482d69c6] - test: temporary remove resource check from fs read-write (Rafael Gonzaga) #56789
[ec63d72f16] - test: mark test-without-async-context-frame flaky on windows (James M Snell) #56753
[f16acc8521] - test: remove unnecessary code (Luigi Pinca) #56784
[0573c19a97] - test: mark test-esm-loader-hooks-inspect-wait flaky (Richard Lau) #56803
[48e0fd3f13] - test: update WPT for url to a23788b (Node.js GitHub Bot) #56779
[642959b87f] - test: remove duplicate error reporter from ci (Carlos Espa) #56739
[2023237b4e] - test,crypto: make tests work for BoringSSL (Shelley Vohr) #57021
[1b33b976ec] - test_runner: refactor testPlan counter increse (Pietro Marchini) #56765
[d860f2bf42] - test_runner: differentiate test types in enqueue dequeue events (Eddie Abbondanzio) #54049
[993bab646c] - test_runner: print formatted errors on summary (Pietro Marchini) #56911
[3ed3ba438f] - test_runner: allow special characters in snapshot keys (Carlos Espa) #57017
[d1da9a3a2f] - timers: optimize timer functions with improved argument handling (Gürgün Dayıoğlu) #57072
[44aa13990a] - timers: remove unnecessary allocation of _onTimeout (Gürgün Dayıoğlu) #57497
[401b965977] - timers: remove unused parameter from insertGuarded (Gürgün Dayıoğlu) #57251
[9eac9c02c9] - timers: simplify the compareTimersLists function (Gürgün Dayıoğlu) #57110
[01215af350] - tls: remove unnecessary type check on normalize (Yagiz Nizipli) #57336
[f5e2b12a60] - (SEMVER-MINOR) tls: implement tls.getCACertificates() (Joyee Cheung) #57107
[7a777cdb58] - tools: fix WPT update cron string (Antoine du Hamel) #57665
[c6d90dbf9b] - tools: remove stalled label on unstalled issues and MRs (Rich Trott) #57630
[96f7f64602] - tools: update sccache to support GH cache changes (Michaël Zasso) #57573
[0b87027520] - tools: bump @babel/helpers from 7.26.9 to 7.26.10 in /tools/eslint (dependabot[bot]) #57444
[7d561eb90c] - tools: add config subspace (Marco Ippolito) #57239
[46efdbf59f] - tools: import rather than require ESLint plugins (Michaël Zasso) #57315
[502bfaf876] - tools: switch back to official OpenSSL (Richard Lau) #57301
[ea821f419d] - tools: revert to use @stylistic/eslint-plugin-js v3 (Joyee Cheung) #57314
[bb857615d3] - tools: add more details about rolling inspector_protocol (Chengzhong Wu) #57167
[3f29d39c1b] - tools: bump the eslint group in /tools/eslint with 5 updates (dependabot[bot]) #57261
[b3caac83d4] - tools: remove deps/zlib/GN-scraper.py (Chengzhong Wu) #57238
[ace99ffe79] - tools: run Linux tests on GitHub arm64 runners as well (Dennis Ameling) #57162
[e65e6269b7] - tools: consolidate 'introduced_in' check for docs (1ilsang) #57109
[890841e64b] - tools: do not run major-release workflow on forks (Rich Trott) #57064
[e3f86c5a0c] - tools: fix release URL computation in update-root-certs.mjs (Joyee Cheung) #56843
[280316f773] - tools: add support for import source syntax in linter (Antoine du Hamel) #56992
[998b2ae3cd] - tools: bump eslint version (dependabot[bot]) #56869
[ca4121b95a] - tools: remove test-asan/ubsan workflows (Michaël Zasso) #56823
[866ac37255] - tools: run macOS test workflow with Xcode 16.1 (Michaël Zasso) #56831
[55ca46ad8e] - tools: update sccache and sccache-action (Michaël Zasso) #56815
[be9c1c93a8] - tools: fix license-builder for inspector_protocol (Michaël Zasso) #56814
[6dab980fab] - typings: fix ImportModuleDynamicallyCallback return type (Chengzhong Wu) #57160
[e301098854] - util: avoid run debug when enabled is false (fengmk2) #57494
[17016d7722] - (SEMVER-MINOR) util: expose diff function used by the assertion errors (Giovanni Bucci) #57462
[42b9e19f6b] - util: enforce shouldColorize in styleText array arg (Marco Ippolito) #56722
[5ed6d8be40] - (SEMVER-MINOR) v8: add v8.getCppHeapStatistics() method (Aditi) #57146
[c06d218b23] - win,build: add option to enable Control Flow Guard (Hüseyin Açacak) #56605
[8202211140] - win,test: disable test case failing with ClangCL (Stefan Stojanovic) #57397
[1a12b4c119] - zlib: use modern class syntax for zstd classes (Yagiz Nizipli) #56965
[f9b3680268] - zlib: make all zstd functions experimental (Yagiz Nizipli) #56964
[4991e5d826] - (SEMVER-MINOR) zlib: add zstd support (Jan Martin) #52100

`v22.14.0`: 2025-02-11, Version 22.14.0 'Jod' (LTS), @aduh95

Compare Source

Notable Changes

[82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #56566
[b7fe54fc88] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #56489
[3ac92ef607] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #56359
[1614e8e7bc] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #56610
[6d6cffa9cc] - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) #55412
[d35333ae18] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #56400
[07ff3ddcb5] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #56385
[94d3fe1b62] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #56441
[5afffb4415] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #56469
[697a851fb3] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #56595
[047537b48c] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #56459
[926cf84e95] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #56434
[c658a8afdf] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #56394

Commits

[bad1ad8650] - assert: make myers_diff function more performant (Giovanni Bucci) #56303
[e222e36f3b] - assert: make partialDeepStrictEqual work with urls and File prototypes (Giovanni Bucci) #56231
[e232789fe2] - assert: show diff when doing partial comparisons (Giovanni Bucci) #56211
[c99de1fdcf] - assert: make partialDeepStrictEqual throw when comparing [0] with [-0] (Giovanni) #56237
[2386fd5840] - benchmark: add validateStream to styleText bench (Rafael Gonzaga) #56556
[b197dfa7ec] - build: fix GN build for ngtcp2 (Cheng) #56300
[2a3cdd34ff] - build: test macos-13 on GitHub actions (Michaël Zasso) #56307
[12f716be0a] - build: build v8 with -fvisibility=hidden on macOS (Joyee Cheung) #56275
[c5ca15bd34] - child_process: fix parsing messages with splitted length field (Maksim Gorkov) #56106
[8346b8fc2c] - crypto: add missing return value check (Michael Dawson) #56615
[82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #56566
[890eef20a1] - crypto: fix checkPrime crash with large buffers (Santiago Gimeno) #56559
[5edb7b5e87] - crypto: fix warning of ignoring return value (Cheng) #56527
[b89f123a0b] - crypto: make generatePrime/checkPrime interruptible (James M Snell) #56460
[63c1859e01] - deps: update corepack to 0.31.0 (Node.js GitHub Bot) #56795
[a48430d4d3] - deps: move inspector_protocol to deps (Chengzhong Wu) #56649
[74cccc824f] - deps: macro ENODATA is deprecated in libc++ (Cheng) #56698
[fa869ea0f2] - deps: fixup some minor coverity warnings (James M Snell) #56612
[1a4fa2b015] - deps: update amaro to 0.3.0 (Node.js GitHub Bot) #56568
[b47076fd82] - deps: update amaro to 0.2.2 (Node.js GitHub Bot) #56568
[46bd4b8731] - deps: update simdutf to 6.0.3 (Node.js GitHub Bot) #56567
[8ead9c693b] - deps: update simdutf to 5.7.2 (Node.js GitHub Bot) #56388
[18d4b502af] - deps: update amaro to 0.2.1 (Node.js GitHub Bot) #56390
[d938d7cc86] - deps: update googletest to 7d76a23 (Node.js GitHub Bot) #56387
[9761e7dccb] - deps: update googletest to e54519b (Node.js GitHub Bot) #56370
[8319dc6bc5] - deps: update ngtcp2 to 1.10.0 (Node.js GitHub Bot) #56334
[6eacd19d6a] - deps: update simdutf to 5.7.0 (Node.js GitHub Bot) #56332
[28bec2dda3] - diagnostics_channel: capture console messages (Stephen Belanger) #56292
[d519d33502] - doc: update macOS and Xcode versions for releases (Michaël Zasso) #56337
[fcfe650507] - doc: add note for features using InternalWorker with permission model (Antoine du Hamel) #56706
[efbba182b5] - doc: add entry to changelog about SQLite Session Extension (Bart Louwers) #56318
[31bf9c7dd9] - doc: move anatoli to emeritus (Michael Dawson) #56592
[6096e38c7c] - doc: fix styles of the expandable TOC (Antoine du Hamel) #56755
[d423638281] - doc: add "Skip to content" button (Antoine du Hamel) #56750
[edeb157d75] - doc: improve accessibility of expandable lists (Antoine du Hamel) #56749
[1a79e87687] - doc: add note regarding commit message trailers (Dario Piotrowicz) #56736
[927c7e47e4] - doc: fix typo in example code for util.styleText (Robin Mehner) #56720
[fade522538] - doc: fix inconsistencies in WeakSet and WeakMap comparison details (Shreyans Pathak) #56683
[55533bf147] - doc: add RafaelGSS as latest sec release stewards (Rafael Gonzaga) #56682
[8e978bdee1] - doc: clarify cjs/esm diff in queueMicrotask() vs process.nextTick() (Dario Piotrowicz) #56659
[ae360c30dc] - doc: WeakSet and WeakMap comparison details (Shreyans Pathak) #56648
[acd2a2fda5] - doc: mention prepare --security (Rafael Gonzaga) #56617
[d3c0a2831d] - doc: tweak info on reposts in ambassador program (Michael Dawson) #56589
[3299505b49] - doc: add type stripping to ambassadors program (Marco Ippolito) #56598
[b1a6ffa4e4] - doc: improve internal documentation on built-in snapshot (Joyee Cheung) #56505
[1641a28930] - doc: document CLI way to open the nodejs/bluesky MR (Antoine du Hamel) #56506
[2042628fda] - doc: add section about using npx with permission model (Rafael Gonzaga) #56539
[ace19a0263] - doc: update gcc-version for ubuntu-lts (Kunal Kumar) #56553
[4aa57b50f8] - doc: fix parentheses in options (Tobias Nießen) #56563
[b40b01b4d3] - doc: include CVE to EOL lines as sec release process (Rafael Gonzaga) #56520
[6701360113] - doc: add esm examples to node:trace_events (Alfredo González) #56514
[d3207cca3e] - doc: add message for Ambassadors to promote (Michael Dawson) #56235
[97ece4ae06] - doc: allow request for TSC reviews via the GitHub UI (Antoine du Hamel) #56493
[03f25055ab] - doc: add example for piping ReadableStream (Gabriel Schulhof) #56415
[516d07482c] - doc: expand description of parseArg's default (Kevin Gibbons) #54431
[a6491effcb] - doc: use <ul> instead of <ol> in SECURITY.md (Antoine du Hamel) #56346
[e4ec134b21] - doc: clarify that WASM is trusted (Matteo Collina) #56345
[0f7aed8a59] - doc: fix the crc32 documentation (Kevin Toshihiro Uehara) #55898
[721104a296] - doc: fix links in module.md (Antoine du Hamel) #56283
[928540d792] - doc: fix typos (Nathan Baulch) #55066
[e69d35f03b] - doc: add history info for Permission Model (Antoine du Hamel) #56707
[c6fd867ab5] - esm: fix jsdoc type refs to ModuleJobBase in esm/loader (Jacob Smith) #56499
[9cf9046bd7] - Revert "events: add hasEventListener util for validate" (origranot) #56282
[b7fe54fc88] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #56489
[6ca27c2a59] - http2: omit server name when HTTP2 host is IP address (islandryu) #56530
[9f1fa199bf] - inspector: roll inspector_protocol (Chengzhong Wu) #56649
[0dae4bb3ab] - inspector: add undici http tracking support (Chengzhong Wu) #56488
[2c6124cec4] - inspector: report loadingFinished until the response data is consumed (Chengzhong Wu) #56372
[96ec862ce2] - lib: refactor execution.js (Marco Ippolito) #56358
[3ac92ef607] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #56359
[d5bf3db0cf] - lib: allow skipping source maps in node_modules (Chengzhong Wu) #56639
[d33eaf2bcb] - lib: ensure FORCE_COLOR forces color output in non-TTY environments (Pietro Marchini) #55404
[dc003218a8] - lib: optimize prepareStackTrace on builtin frames (Chengzhong Wu) #56299
[df06524863] - lib: suppress source map lookup exceptions (Chengzhong Wu) #56299
[35335a5a66] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #56580
[1faabdb150] - meta: add codeowners of security release document (Rafael Gonzaga) #56521
[b4ece22ef5] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #56342
[9ec67e7ce0] - meta: move MoLow to TSC regular member (Moshe Atlow) #56276
[bae4b2e20a] - module: use more defensive code when handling SWC errors (Antoine du Hamel) #56646
[1614e8e7bc] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #56610
[174d88eab1] - module: support eval with ts syntax detection (Marco Ippolito) #56285
[299d6fa829] - module: fix jsdoc for format parameter in cjs/loader (pacexy) #56501
[0307e4dd59] - module: unify TypeScript and .mjs handling in CommonJS (Joyee Cheung) #55590
[1f4f9be93d] - module: fix async resolution error within the sync findPackageJSON (Jacob Smith) #56382
[bbedffa0f0] - module: simplify findPackageJSON implementation (Antoine du Hamel) #55543
[6d6cffa9cc] - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) #55412
[cd7ce18233] - module: fix bad require.resolve with option paths for . and .. (Dario Piotrowicz) #56735
[152df4da21] - module: rethrow amaro error message (Marco Ippolito) #56568
[acba5dc87e] - module: use buffer.toString base64 (Chengzhong Wu) #56315
[01e69be8ff] - node-api: define version 10 (Gabriel Schulhof) #55676
[724524528e] - node-api: remove deprecated attribute from napi_module_register (Vladimir Morozov) #56162
[c78e11064f] - process: remove support for undocumented symbol (Antoine du Hamel) #56552
[3f69b18a23] - process: fix symbol key and mark experimental new node:process methods (Antoine du Hamel) #56517
[d35333ae18] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #56400
[fa49f0f7d5] - punycode: limit deprecation warning (Colin Ihrig) #56632
[d77c7073b7] - sqlite: disable memstatus APIs at build time (Colin Ihrig) #56541
[07ff3ddcb5] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #56385
[b6c2e91365] - sqlite: enable SQL math functions (Colin Ihrig) #56447
[3462263e8b] - sqlite: pass conflict type to conflict resolution handler (Bart Louwers) #56352
[89ba3af743] - src: add nullptr handling from X509_STORE_new() (Burkov Egor) #56700
[89a7c82e0c] - src: add default value for RSACipherConfig mode field (Burkov Egor) #56701
[7bae51e62e] - src: fix build with GCC 15 (tjuhaszrh) #56740
[432a4b8bd6] - src: fix to generate path from wchar_t via wstring (yamachu) #56696
[8c9eaf82f0] - src: initialize FSReqWrapSync in path that uses it (Michaël Zasso) #56613
[bcdb42d40b] - src: handle duplicate paths granted (Rafael Gonzaga) #56591
[d6a7acc207] - src: update ECKeyPointer in ncrypto (James M Snell) #56526
[01922f8b1f] - src: update ECPointPointer in ncrypto (James M Snell) #56526
[2a3a36eceb] - src: update ECGroupPointer in ncrypto (James M Snell) #56526
[67c10cdacb] - src: update ECDASSigPointer implementation in ncrypto (James M Snell) #56526
[17f931c68b] - src: cleaning up more crypto internals for ncrypto (James M Snell) #56526
[94d3fe1b62] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #56441
[6594ee8dff] - src: fix undefined script name in error source (Chengzhong Wu) #56502
[b46bad3e91] - src: refactor --trace-env to reuse option selection and handling (Joyee Cheung) #56293
[76921b822b] - src: minor cleanups on OneByteString usage (James M Snell) #56482
[3f0d1dd4fe] - src: move more crypto impl detail to ncrypto dep (James M Snell) #56421
[04f623b283] - src: fixup more ToLocalChecked uses in node_file (James M Snell) #56484
[5aa436f5a1] - src: make some minor ToLocalChecked cleanups (James M Snell) #56483
[6eec5e7ec2] - src: lock the thread properly in snapshot builder (Joyee Cheung) #56327
[5614993968] - src: drain platform tasks before creating startup snapshot (Chengzhong Wu) #56403
[48493e9fd5] - src: use LocalVector in more places (James M Snell) #56457
[7e5ea0681e] - src: use v8::LocalVector consistently with other minor cleanups (James M Snell) #56417
[ad3d857f2b] - src: use starts_with in fs_permission.cc (ishabi) #55811
[5afffb4415] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #56469
[7d1676e72e] - stream: fix typo in ReadableStreamBYOBReader.readIntoRequests (Mattias Buelens) #56560
[e658ea6b26] - stream: validate undefined sizeAlgorithm in WritableStream (Jason Zhang) #56067
[e4f133c20c] - test: add ts eval snapshots (Marco Ippolito) #56358
[f041742400] - test: remove empty lines from snapshots (Marco Ippolito) #56358
[801cde91f6] - test: reduce number of written chunks (Luigi Pinca) #56757
[6fdf1879ab] - test: fix invalid common.mustSucceed() usage (Luigi Pinca) #56756
[d2bfbfa364] - test: use strict mode in global setters test (Rich Trott) #56742
[5c030da42f] - test: cleanup and simplify test-crypto-aes-wrap (James M Snell) #56748
[f1442d6eaf] - test: do not use common.isMainThread (Luigi Pinca) #56768
[49405bd9e7] - test: make some requires lazy in common/index (James M Snell) #56715
[52ef376788] - test: add test that uses multibyte for path and resolves modules (yamachu) #56696
[b811dea85a] - test: replace more uses of global with globalThis (James M Snell) #56712
[eb97076199] - test: make common/index slightly less node.js specific (James M Snell) #56712
[1795202d19] - test: rely less on duplicative common test harness utilities (James M Snell) #56712
[5be29a274e] - test: simplify common/index.js (James M Snell) #56712
[92e99780f0] - test: move hasMultiLocalhost to common/net (James M Snell) #56716
[1c3204a4cc] - test: move crypto related common utilities in common/crypto (James M Snell) #56714
[fe79d63be0] - test: add missing test for env file (Jonas) #56642
[e08af61537] - test: enforce strict mode in test-zlib-const (Rich Trott) #56689
[c96792d7f8] - test: fix localization data for ICU 74.2 (Antoine du Hamel) #56661
[48b72f1195] - test: use --permission instead of --experimental-permission (Rafael Gonzaga) #56685
[de81d90fce] - test: test-stream-compose.js doesn't need internals (Meghan Denny) #56619
[f5b8499ad0] - test: add maxCount and gcOptions to gcUntil() (Joyee Cheung) #56522
[d9e5a81041] - test: add line break at end of file (Rafael Gonzaga) #56588
[59be346fbf] - test: mark test-worker-prof as flaky on smartos (Joyee Cheung) #56583
[12a2cae9e5] - test: update test-child-process-bad-stdio to use node:test (Colin Ihrig) #56562
[2dc4a30e19] - test: disable openssl 3.4.0 incompatible tests (Jelle van der Waa) #56160
[1950fbf51d] - test: make test-crypto-hash compatible with OpenSSL > 3.4.0 (Jelle van der Waa) #56160
[a533420a91] - test: clarify fork inherit permission flags (Rafael Gonzaga) #56523
[697e799dc1] - test: add error only reporter for node:test (Carlos Espa) #56438
[4844fa212d] - test: mark test-http-server-request-timeouts-mixed as flaky (Joyee Cheung) #56503
[843c2389b9] - test: update error code in tls-psk-circuit for for OpenSSL 3.4 (sebastianas) #56420
[ccb2ddbd83] - test: update compiled sqlite tests to match other tests (Colin Ihrig) #56446
[b40f50324d] - test: add initial test426 coverage (Chengzhong Wu) #56436
[059f81e4fd] - test: update test-set-http-max-http-headers to use node:test (Colin Ihrig) #56439
[ec2940b418] - test: update test-child-process-windows-hide to use node:test (Colin Ihrig) #56437
[0362924880] - test: use unusual chars in the path to ensure our tests are robust (Antoine du Hamel) #48409
[b6c3869910] - test: improve abort signal dropping test (Edy Silva) #56339
[cc648ef923] - test: enable ts test on win arm64 (Marco Ippolito) #56349
[68819b4997] - test: deflake test-watch-file-shared-dependency (Luigi Pinca) #56344
[ca6ed2190c] - test: skip test-sqlite-extensions when SQLite is not built by us (Antoine du Hamel) #56341
[8ffeb8b58c] - test: increase spin for eventloop test on s390 (Michael Dawson) #56228
[6ae9950f08] - test: migrate message eval tests from Python to JS (Yiyun Lei) #50482
[4352bf69e9] - test: check typescript loader (Marco Ippolito) #54657
[406e7db9c3] - test: remove async-hooks/test-writewrap flaky designation (Luigi Pinca) #56048
[fa56ab2bba] - test: deflake test-esm-loader-hooks-inspect-brk (Luigi Pinca) #56050
[8e149aac99] - test: add test case for listeners (origranot) #56282
[a3f5ef22cd] - test: make test-permission-sqlite-load-extension more robust (Antoine du Hamel) #56295
[8cbb7cc838] - test_runner: print failing assertion only once with spec reporter (Pietro Marchini) #56662
[1f426bad9a] - test_runner: remove unused errors (Pietro Marchini) #56607
[697a851fb3] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #56595
[047537b48c] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #56459
[19b4aa4b14] - test_runner: run single test file benchmark (Pietro Marchini) #56479
[926cf84e95] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #56434
[fb4661a4cf] - test_runner: finish marking snapshot testing as stable (Colin Ihrig) #56425
[900c6c3940] - tls: fix error stack conversion in cryptoErrorListToException() (Joyee Cheung) #56554
[e9f185b658] - tools: update doc to new version (Node.js GitHub Bot) #56259
[7644c7e619] - tools: update inspector_protocol roller (Chengzhong Wu) #56649
[362272b0a4] - tools: do not throw on missing create-release-proposal.sh (Antoine du Hamel) #56704
[df8b835953] - tools: fix tools-deps-update (Daniel Lemire) #56684
[feba5d3274] - tools: do not throw on missing create-release-proposal.sh (Antoine du Hamel) #56695
[9827f7d395] - tools: fix permissions in lint-release-proposal workflow (Antoine du Hamel) #56614
[14c562c0dc] - tools: remove github reporter (Carlos Espa) #56468
[ed1785d0ae] - tools: edit create-release-proposal workflow (Antoine du Hamel) #56540
[294e4c42f5] - tools: validate commit list as part of lint-release-commit (Antoine du Hamel) #56291
[98d3474267] - tools: fix loong64 build failed (Xiao-Tao) #56466
[3e729ceec8] - tools: disable unneeded rule ignoring in Python linting (Rich Trott) #56429
[d5c05328e2] - tools: use a configurable value for number of open dependabot MRs (Antoine du Hamel) #56427
[1705cbe002] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #56426
[53b29b0469] - tools: fix require-common-first lint rule from subfolder (Antoine du Hamel) #56325
[105c4ed4fb] - tools: add release line label when opening release proposal (Antoine du Hamel) #56317
[30f61f4aa5] - url: use resolved path to convert UNC paths to URL (Antoine du Hamel) #56302
[a0aef4dfb6] - util: inspect: do not crash on an Error stack that contains a Symbol (Jordan Harband) #56573
[a8a060341f] - util: inspect: do not crash on an Error with a regex name (Jordan Harband) #56574
[ea66bf3553] - util: rename CallSite.column to columnNumber (Chengzhong Wu) #56584
[9cdc3b373c] - util: do not crash on inspecting function with Symbol name (Jordan Harband) #56572
[0bfbb68569] - util: expose CallSite.scriptId (Chengzhong Wu) #56551
[5dd7116e09] - watch: reload env file for --env-file-if-exists (Jonas) #56643
[c658a8afdf] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #56394
[2e5d038f48] - worker: refactor stdio to improve performance (Matteo Collina) #56630
[f959805d01] - worker: flush stdout and stderr on exit (Matteo Collina) #56428

`v22.13.1`: 2025-01-21, Version 22.13.1 'Jod' (LTS), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Commits

[520da342e0] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#662
[99f217369f] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias Nießen) nodejs-private/node-private#555
[984f735e35] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650
[2446870618] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#651

`v22.13.0`: 2025-01-07, Version 22.13.0 'Jod' (LTS), @ruyadorno

Compare Source

Notable Changes

Stabilize Permission Model

Upgrades the Permission Model status from Active Development to Stable.

Contributed by Rafael Gonzaga #56201

Graduate WebCryptoAPI `Ed25519` and X25519 algorithms as stable

Following the merge of Curve25519 into the Web Cryptography API Editor's Draft the Ed25519 and X25519 algorithm identifiers are now stable and will no longer emit an ExperimentalWarning upon use.

Contributed by (Filip Skokan) #56142

Other Notable Changes

[05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #54630
[a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604
[ba9d5397de] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #56087
[f6d0c01303] - doc: stabilize util.styleText (Rafael Gonzaga) #56265
[34c68827af] - doc: move typescript support to active development (Marco Ippolito) #55536
[dd14b80350] - doc: add LJHarb to collaborators (Jordan Harband) #56132
[5263086169] - (SEMVER-MINOR) doc: add report version and history section (Chengzhong Wu) #56130
[8cb3c2018d] - (SEMVER-MINOR) doc: sort --report-exclude alphabetically (Rafael Gonzaga) #55788
[55239a48b6] - (SEMVER-MINOR) doc,lib,src,test: unflag sqlite module (Colin Ihrig) #55890
[7cbe3de1d8] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
[6575b76042] - (SEMVER-MINOR) module: add module.stripTypeScriptTypes (Marco Ippolito) #55282
[bacfe6d5c9] - (SEMVER-MINOR) net: support blocklist in net.connect (theanarkh) #56075
[b47888d390] - (SEMVER-MINOR) net: support blocklist for net.Server (theanarkh) #56079
[566f0a1d25] - (SEMVER-MINOR) net: add SocketAddress.parse (James M Snell) #56076
[ed7eab1421] - (SEMVER-MINOR) net: add net.BlockList.isBlockList(value) (James M Snell) #56078
[ea4891856d] - (SEMVER-MINOR) process: deprecate features.{ipv6,uv} and features.tls_* (René) #55545
[01eb308f26] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
[97c38352d0] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
[b4041e554a] - (SEMVER-MINOR) sqlite: add StatementSync.prototype.iterate method (tpoisseau) #54213
[2e3ca1bbdd] - (SEMVER-MINOR) src: add cli option to preserve env vars on diagnostic reports (Rafael Gonzaga) #55697
[bcfe9c80fc] - (SEMVER-MINOR) util: add sourcemap support to getCallSites (Marco Ippolito) #55589

Commits

[e9024779c0] - assert: make Maps be partially compared in partialDeepStrictEqual (Giovanni Bucci) #56195
[4c13d8e587] - assert: make partialDeepStrictEqual work with ArrayBuffers (Giovanni Bucci) #56098
[a4fa31a86e] - assert: optimize partial comparison of two Sets (Antoine du Hamel) #55970
[05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #54630
[5e1321abd7] - buffer: document concat zero-fill (Duncan) #55562
[be5ba7c648] - build: set DESTCPU correctly for 'make binary' on loongarch64 (吴小白) #56271
[38cf37ee2d] - build: fix missing fp16 dependency in d8 builds (Joyee Cheung) #56266
[dbb7557455] - build: add major release action (Rafael Gonzaga) #56199
[27cc90f3be] - build: fix C string encoding for PRODUCT_DIR_ABS (Anna Henningsen) #56111
[376561c2b4] - build: use variable for simdutf path (Shelley Vohr) #56196
[126ae15000] - build: allow overriding clang usage (Shelley Vohr) #56016
[97bb8f7c76] - build: remove defaults for create-release-proposal (Rafael Gonzaga) #56042
[a8fb1a06f3] - build: set node_arch to target_cpu in GN (Shelley Vohr) #55967
[9f48ca27f1] - build: use variable for crypto dep path (Shelley Vohr) #55928
[e47ccd2287] - build: fix GN build for sqlite (Cheng) #55912
[8d70b99a5a] - build: compile bundled simdutf conditionally (Jakub Jirutka) #55886
[826fd35242] - build: compile bundled simdjson conditionally (Jakub Jirutka) #55886
[1015b22085] - build: compile bundled ada conditionally (Jakub Jirutka) #55886
[77e2869ca6] - build: use glob for dependencies of out/Makefile (Richard Lau) #55789
[a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604
[72e8e0684e] - crypto: graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
[fe2b344ddb] - crypto: ensure CryptoKey usages and algorithm are cached objects (Filip Skokan) #56108
[9ee9f524a7] - crypto: allow non-multiple of 8 in SubtleCrypto.deriveBits (Filip Skokan) #55296
[76f242d993] - deps: update nghttp3 to 1.6.0 (Node.js GitHub Bot) #56258
[c7ff2ea6b5] - deps: update simdutf to 5.6.4 (Node.js GitHub Bot) #56255
[04230be1ef] - deps: update libuv to 1.49.2 (Luigi Pinca) #56224
[88589b85b7] - deps: update c-ares to v1.34.4 (Node.js GitHub Bot) #56256
[5c2e0618f3] - deps: define V8_PRESERVE_MOST as no-op on Windows (Stefan Stojanovic) #56238
[9f8f3c9658] - deps: update sqlite to 3.47.2 (Node.js GitHub Bot) #56178
[17b6931d3b] - deps: update ngtcp2 to 1.9.1 (Node.js GitHub Bot) #56095
[22b453b619] - deps: upgrade npm to 10.9.2 (npm team) #56135
[d7eb41b382] - deps: update sqlite to 3.47.1 (Node.js GitHub Bot) #56094
[669c722aa9] - deps: update zlib to 1.3.0.1-motley-82a5fec (Node.js GitHub Bot) #55980
[f61a0454d2] - deps: update corepack to 0.30.0 (Node.js GitHub Bot) #55977
[d98bf0b891] - deps: update ngtcp2 to 1.9.0 (Node.js GitHub Bot) #55975
[fc362624bf] - deps: update simdutf to 5.6.3 (Node.js GitHub Bot) #55973
[f61dcc4df4] - deps: upgrade npm to 10.9.1 (npm team) #55951
[bfe7982491] - deps: update zlib to 1.3.0.1-motley-7e2e4d7 (Node.js GitHub Bot) #54432
[d714367ef8] - deps: update simdjson to 3.10.1 (Node.js GitHub Bot) #54678
[ccc9b105ec] - deps: update simdutf to 5.6.2 (Node.js GitHub Bot) #55889
[ba9d5397de] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #56087
[7ddbf94849] - dgram: check udp buffer size to avoid fd leak (theanarkh) #56084
[360d68de0f] - doc: fix color contrast issue in light mode (Rich Trott) #56272
[f6d0c01303] - doc: stabilize util.styleText (Rafael Gonzaga) #56265
[9436c3c949] - doc: clarify util.aborted resource usage (Kunal Kumar) #55780
[b1cec2cef9] - doc: add esm examples to node:repl (Alfredo González) #55432
[d6a84cf781] - doc: add esm examples to node:readline (Alfredo González) #55335
[a11ac1c0f2] - doc: fix 'which' to 'that' and add commas (Selveter Senitro) #56216
[5331df7911] - doc: fix winget config path (Alex Yang) #56233
[7a8071b43c] - doc: add esm examples to node:tls (Alfredo González) #56229
[7d8c1e72d5] - doc: add esm examples to node:perf_hooks (Alfredo González) #55257
[ea53c4b1ae] - doc: sea.getRawAsset(key) always returns an ArrayBuffer (沈鸿飞) #56206
[7a94100a3e] - doc: update announce documentation for releases (Rafael Gonzaga) #56200
[44c4e57e32] - doc: update blog link to /vulnerability (Rafael Gonzaga) #56198
[5e5b4b0cbd] - doc: call out import.meta is only supported in ES modules (Anton Kastritskii) #56186
[a83de32d35] - doc: add ambassador message - benefits of Node.js (Michael Dawson) #56085
[bb880dd21a] - doc: fix incorrect link to style guide (Yuan-Ming Hsu) #56181
[39ce902e58] - doc: fix c++ addon hello world sample (Edigleysson Silva (Edy)) #56172
[19c72c4acc] - doc: update blog release-post link (Ruy Adorno) #56123
[b667cc4669] - doc: fix module.md headings (Chengzhong Wu) #56131
[34c68827af] - doc: move typescript support to active development (Marco Ippolito) #55536
[c4a97d810b] - doc: mention -a flag for the release script (Ruy Adorno) #56124
[dd14b80350] - doc: add LJHarb to collaborators (Jordan Harband) #56132
[2feb0781ed] - doc: add create-release-action to process (Rafael Gonzaga) #55993
[71f6263942] - doc: rename file to advocacy-ambassador-program.md (Tobias Nießen) #56046
[8efa240500] - doc: remove unused import from sample code (Blended Bram) #55570
[e64cef8bf4] - doc: add FAQ to releases section (Rafael Gonzaga) #55992
[4bb0f30f92] - doc: move history entry to class description (Luigi Pinca) #55991
[6d02bd6873] - doc: add history entry for textEncoder.encodeInto() (Luigi Pinca) #55990
[e239382ed8] - doc: improve GN build documentation a bit (Shelley Vohr) #55968
[78b6aef6bc] - doc: fix deprecation codes (Filip Skokan) #56018
[474bf80a44] - doc: remove confusing and outdated sentence (Luigi Pinca) #55988
[57381076c5] - doc: deprecate passing invalid types in fs.existsSync (Carlos Espa) #55892
[e529cf6b26] - doc: add doc for PerformanceObserver.takeRecords() (skyclouds2001) #55786
[a6ef0f6f6e] - doc: add vetted courses to the ambassador benefits (Matteo Collina) #55934
[63526049f2] - doc: order node:crypto APIs alphabetically (Julian Gassner) #55831
[36080b7b61] - doc: doc how to add message for promotion (Michael Dawson) #55843
[12b2ad4287] - doc: add esm example for zlib (Leonardo Peixoto) #55946
[352daac296] - doc: fix typo (Alex Yang) #56125
[6e7e9a126d] - doc: document approach for building wasm in deps (Michael Dawson) #55940
[0b3ac05422] - doc: remove RedYetiDev from triagers team (Aviv Keller) #55947
[20be5e2f80] - doc: add esm examples to node:timers (Alfredo González) #55857
[3ba9b57436] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #55791
[3e6b3a9a8b] - doc: include git node release --promote to steps (Rafael Gonzaga) #55835
[5bdfde8dc6] - doc: add history entry for import assertion removal (Antoine du Hamel) #55883
[c842146c05] - doc: add a note on console stream behavior (Gireesh Punathil) #55616
[5263086169] - (SEMVER-MINOR) doc: add report version and history section (Chengzhong Wu) #56130
[8cb3c2018d] - (SEMVER-MINOR) doc: sort --report-exclude alphabetically (Rafael Gonzaga) #55788
[55239a48b6] - (SEMVER-MINOR) doc,lib,src,test: unflag sqlite module (Colin Ihrig) #55890
[04d7c7a349] - fs: make mutating options in Callback readdir() not affect results (LiviaMedeiros) #56057
[92bcd528e7] - fs: make mutating options in Promises readdir() not affect results (LiviaMedeiros) #56057
[3a55bd9448] - fs: lazily load ReadFileContext (Gürgün Dayıoğlu) #55998
[0331b3fdd3] - fs,win: fix readdir for named pipe (Hüseyin Açacak) #56110
[79152b54e9] - http: add setDefaultHeaders option to http.request (Tim Perry) #56112
[19782855a8] - http: don't emit error after destroy (Robert Nagy) #55457
[8494512c17] - http2: remove duplicate codeblock (Vitaly Aminev) #55915
[d2f82223d1] - http2: support ALPNCallback option (ZYSzys) #56187
[2616f1247a] - http2: fix memory leak caused by premature listener removing (ywave620) #55966
[598fe048f2] - lib: remove redundant global regexps (Gürgün Dayıoğlu) #56182
[a3c8739530] - lib: clean up persisted signals when they are settled (Edigleysson Silva (Edy)) #56001
[11144ab158] - lib: handle Float16Array in node:v8 serdes (Bartek Iwańczuk) #55996
[81c94a32e4] - lib: disable default memory leak warning for AbortSignal (Lenz Weber-Tronic) #55816
[68dda61420] - lib: add validation for options in compileFunction (Taejin Kim) #56023
[d2007aec28] - lib: fix fs.readdir recursive async (Rafael Gonzaga) #56041
[0571d5556f] - lib: avoid excluding symlinks in recursive fs.readdir with filetypes (Juan José) #55714
[843943d0ce] - meta: bump github/codeql-action from 3.27.0 to 3.27.5 (dependabot[bot]) #56103
[1529027f03] - meta: bump actions/checkout from 4.1.7 to 4.2.2 (dependabot[bot]) #56102
[8e265de9f5] - meta: bump step-security/harden-runner from 2.10.1 to 2.10.2 (dependabot[bot]) #56101
[0fba3a3b9b] - meta: bump actions/setup-node from 4.0.3 to 4.1.0 (dependabot[bot]) #56100
[2e3fdfdb19] - meta: add releasers as CODEOWNERS to proposal action (Rafael Gonzaga) #56043
[7cbe3de1d8] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
[8a5429c9b3] - module: prevent main thread exiting before esm worker ends (Shima Ryuhei) #56183
[6575b76042] - (SEMVER-MINOR) module: add module.stripTypeScriptTypes (Marco Ippolito) #55282
[0794861bc3] - module: simplify ts under node_modules check (Marco Ippolito) #55440
[28a11adf14] - module: mark evaluation rejection in require(esm) as handled (Joyee Cheung) #56122
[bacfe6d5c9] - (SEMVER-MINOR) net: support blocklist in net.connect (theanarkh) #56075
[566f0a1d25] - (SEMVER-MINOR) net: add SocketAddress.parse (James M Snell) #56076
[ed7eab1421] - (SEMVER-MINOR) net: add net.BlockList.isBlockList(value) (James M Snell) #56078
[b47888d390] - (SEMVER-MINOR) net: support blocklist for net.Server (theanarkh) #56079
[481770a38f] - node-api: allow napi_delete_reference in finalizers (Chengzhong Wu) #55620
[2beb4f1f8c] - permission: ignore internalModuleStat on module loading (Rafael Gonzaga) #55797
[ea4891856d] - (SEMVER-MINOR) process: deprecate features.{ipv6,uv} and features.tls_* (René) #55545
[c907b2f358] - quic: update more QUIC implementation (James M Snell) #55986
[43c25e2e0d] - quic: multiple updates to quic impl (James M Snell) #55971
[01eb308f26] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
[1cfa31fb82] - sea: only assert snapshot main function for main threads (Joyee Cheung) #56120
[97c38352d0] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
[2268c1ea8b] - sqlite: add support for custom functions (Colin Ihrig) #55985
[f5c6955722] - sqlite: support db.loadExtension (Alex Yang) #53900
[9a60bea6b7] - sqlite: deps include sqlite3ext.h (Alex Yang) #56010
[b4041e554a] - (SEMVER-MINOR) sqlite: add StatementSync.prototype.iterate method (tpoisseau) #54213
[2889e8da04] - src: fix outdated js2c.cc references (Chengzhong Wu) #56133
[5ce020b0c9] - src: use spaceship operator in SocketAddress (James M Snell) #56059
[a32fa30847] - src: add missing qualifiers to env.cc (Yagiz Nizipli) #56062
[974b7b61ef] - src: use std::string_view for process emit fns (Yagiz Nizipli) #56086
[4559fac862] - src: remove dead code in async_wrap (Gerhard Stöbich) #56065
[e42e4b20be] - src: avoid copy on getV8FastApiCallCount (Yagiz Nizipli) #56081
[c188660e8b] - src: fix check fd (theanarkh) #56000
[d894cb76ff] - src: safely remove the last line from dotenv (Shima Ryuhei) #55982
[2ca9f4b65a] - src: fix kill signal on Windows (Hüseyin Açacak) #55514
[2e3ca1bbdd] - (SEMVER-MINOR) src: add cli option to preserve env vars on dr (Rafael Gonzaga) #55697
[359fff1c4e] - src,build: add no user defined deduction guides of CTAD check (Chengzhong Wu) #56071
[57bb983215] - (SEMVER-MINOR) src,lib: stabilize permission model (Rafael Gonzaga) #56201
[d352b0465a] - stream: commit pull-into descriptors after filling from queue (Mattias Buelens) #56072
[eef9bd1bf6] - test: remove test-sqlite-statement-sync flaky designation (Luigi Pinca) #56051
[8718135a5d] - test: use --permission over --experimental-permission (Rafael Gonzaga) #56239
[9c68d4f180] - test: remove exludes for sea tests on PPC (Michael Dawson) #56217
[c5d0472968] - test: fix test-abortsignal-drop-settled-signals flakiness (Edigleysson Silva (Edy)) #56197
[4adf518689] - test: move localizationd data from test-icu-env to external file (Livia Medeiros) #55618
[02383b4267] - test: update WPT for url to 6fa3fe8 (Node.js GitHub Bot) #56136
[0e24eebf24] - test: remove hasOpenSSL3x utils (Antoine du Hamel) #56164
[381e705385] - test: update streams wpt (Mattias Buelens) #56072
[ad107ca0d9] - test: remove test-fs-utimes flaky designation (Luigi Pinca) #56052
[e15c5dab79] - test: ensure cli.md is in alphabetical order (Antoine du Hamel) #56025
[d0302e7d2d] - test: update WPT for WebCryptoAPI to 3e3374e (Node.js GitHub Bot) #56093
[a0b1e8f400] - test: update WPT for WebCryptoAPI to 76dfa54 (Node.js GitHub Bot) #56093
[211f058a12] - test: move test-worker-arraybuffer-zerofill to parallel (Luigi Pinca) #56053
[c52bc5d71c] - test: update WPT for url to 67880a4 (Node.js GitHub Bot) #55999
[1a78bde8d4] - test: make HTTP/1.0 connection test more robust (Arne Keller) #55959
[ff7b1445a0] - test: convert readdir test to use test runner (Thomas Chetwin) #55750
[b296b5a4e4] - test: make x509 crypto tests work with BoringSSL (Shelley Vohr) #55927
[97458ad74b] - test: fix determining lower priority (Livia Medeiros) #55908
[bb4aa7a296] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #55997
[fb98fa4967] - test_runner: refactor Promise chain in run() (Colin Ihrig) #55958
[18c94961f8] - test_runner: refactor build Promise in Suite() (Colin Ihrig) #55958
[bf3967fd3a] - test_runner: simplify hook running logic (Colin Ihrig) #55963
[8c065dc61e] - test_runner: mark context.plan() as stable (Colin Ihrig) #55895
[8ff082cf48] - test_runner: mark snapshot testing as stable (Colin Ihrig) #55897
[7ae125cef4] - tools: fix node: enforcement for docs (Antoine du Hamel) #56284
[0b489116a3] - tools: update github_reporter to 1.7.2 (Node.js GitHub Bot) #56205
[5306819fac] - tools: add REPLACEME check to workflow (Mert Can Altin) #56251
[4e3cab44cb] - tools: use github.actor instead of bot username for release proposals (Antoine du Hamel) #56232
[3e8938463a] - Revert "tools: disable automated libuv updates" (Luigi Pinca) #56223
[98ea499e36] - tools: update gyp-next to 0.19.1 (Anna Henningsen) #56111
[2e76cd2a8b] - tools: fix release proposal linter to support more than 1 folk preparing (Antoine du Hamel) #56203
[9fa0e41665] - tools: enable linter for tools/icu/** (Livia Medeiros) #56176
[d6e1efcc59] - tools: use commit title as MR title when creating release proposal (Antoine du Hamel) #56165
[a88e4ce55e] - tools: update gyp-next to 0.19.0 (Node.js GitHub Bot) #56158
[bd0760efbc] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #56099
[c5b1cf4b12] - tools: improve release proposal MR opening (Antoine du Hamel) #56161
[12baefb13d] - tools: update create-release-proposal workflow (Antoine du Hamel) #56054
[e6e1495f1a] - tools: fix update-undici script (Michaël Zasso) #56069
[ed635c90da] - tools: allow dispatch of tools.yml from forks (Antoine du Hamel) #56008
[1e628d1f37] - tools: fix nghttp3 updater script (Antoine du Hamel) #56007
[1af3599b7e] - tools: filter release keys to reduce interactivity (Antoine du Hamel) #55950
[1893be4a9c] - tools: update WPT updater (Antoine du Hamel) #56003
[f89bd2ba8a] - tools: add WPT updater for specific subsystems (Mert Can Altin) #54460
[61901372d5] - tools: use tokenless Codecov uploads (Michaël Zasso) #55943
[312bb4dff8] - tools: lint js in doc/**/*.md (Livia Medeiros) #55904
[7b476f637c] - tools: add linter for release commit proposals (Antoine du Hamel) #55923
[22d7017191] - tools: fix riscv64 build failed (Lu Yahan) #52888
[f4f777f4d2] - tools: bump cross-spawn from 7.0.3 to 7.0.5 in /tools/eslint (dependabot[bot]) #55894
[a648e4c44a] - util: harden more built-in classes against prototype pollution (Antoine du Hamel) #56225
[4a1b51b5a9] - util: fix Latin1 decoding to return string output (Mert Can Altin) #56222
[9e98e86604] - util: do not rely on mutable Object and Function' constructor prop (Antoine du Hamel) #56188
[374eb415fd] - util: add fast path for Latin1 decoding (Mert Can Altin) #55275
[bcfe9c80fc] - (SEMVER-MINOR) util: add sourcemap support to getCallSites (Marco Ippolito) #55589
[2aa77c8a8f] - v8,tools: expose experimental wasm revectorize feature (Yolanda-Chen) #54896
[bfd11d7661] - worker: fix crash when a worker joins after exit (Stephen Belanger) #56191

`v22.12.0`: 2024-12-03, Version 22.12.0 'Jod' (LTS), @ruyadorno

Compare Source

Notable Changes

require(esm) is now enabled by default

Support for loading native ES modules using require() had been available on v20.x and v22.x under the command line flag --experimental-require-module, and available by default on v23.x. In this release, it is now no longer behind a flag on v22.x.

This feature is still experimental, and we are looking for user feedback to make more final tweaks before fully stabilizing it. For this reason, on v22.x, when the Node.js instance encounters a native ES module in require() for the first time, it will emit an experimental warning unless require() comes from a path that contains node_modules. If there happens to be any regressions caused by this feature, users can report it to the Node.js issue tracker. Meanwhile this feature can also be disabled using --no-experimental-require-module as a workaround.

With this feature enabled, Node.js will no longer throw ERR_REQUIRE_ESM if require() is used to load a ES module. It can, however, throw ERR_REQUIRE_ASYNC_MODULE if the ES module being loaded or its dependencies contain top-level await. When the ES module is loaded successfully by require(), the returned object will either be a ES module namespace object similar to what's returned by import(), or what gets exported as "module.exports" in the ES module.

Users can check process.features.require_module to see whether require(esm) is enabled in the current Node.js instance. For packages, the "module-sync" exports condition can be used as a way to detect require(esm) support in the current Node.js instance and allow both require() and import to load the same native ES module. See the documentation for more details about this feature.

Contributed by Joyee Cheung in #55085

Added resizable `ArrayBuffer` support in `Buffer`

When a Buffer is created using a resizable ArrayBuffer, the Buffer length will now correctly change as the underlying ArrayBuffer size is changed.

const ab = new ArrayBuffer(10, { maxByteLength: 20 });
const buffer = Buffer.from(ab);
console.log(buffer.byteLength); 10
ab.resize(15);
console.log(buffer.byteLength); 15
ab.resize(5);
console.log(buffer.byteLength); 5

Contributed by James Snell in #55377

Update root certificates to NSS 3.104

This is the version of NSS that shipped in Firefox 131.0 on 2024-10-01.

Certificates added:

FIRMAPROFESIONAL CA ROOT-A WEB
TWCA CYBER Root CA
SecureSign Root CA12
SecureSign Root CA14
SecureSign Root CA15

Contributed by Richard Lau in #55681

Other Notable Changes

[4920869935] - (SEMVER-MINOR) assert: make assertion_error use Myers diff algorithm (Giovanni Bucci) #54862
[ccffd3b819] - doc: enforce strict policy to semver-major releases (Rafael Gonzaga) #55732
[acc6806900] - doc: add jazelly to collaborators (Jason Zhang) #55531
[88d91e8bc2] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #55333
[98bfc7dce5] - (SEMVER-MINOR) http: add diagnostic channel http.client.request.created (Marco Ippolito) #55586
[337f61fb25] - (SEMVER-MINOR) lib: add UV_UDP_REUSEPORT for udp (theanarkh) #55403
[1628c48ad6] - (SEMVER-MINOR) net: add UV_TCP_REUSEPORT for tcp (theanarkh) #55408
[457e73f4c9] - (SEMVER-MINOR) sqlite: add support for SQLite Session Extension (Bart Louwers) #54181

Commits

[f6885e1c68] - assert: fix the string length check for printing the simple diff (Giovanni Bucci) #55474
[907484f04d] - assert: fix deepEqual always return true on URL (Xuguang Mei) #50853
[301844e249] - assert: differentiate cases where cause is undefined or missing (Antoine du Hamel) #55738
[89ccd3e3f4] - assert: fix deepStrictEqual on errors when cause is not undefined (Edigleysson Silva (Edy)) #55406
[4920869935] - (SEMVER-MINOR) assert: make assertion_error use Myers diff algorithm (Giovanni Bucci) #54862
[c67aec368e] - benchmark: add test-reporters (Aviv Keller) #55757
[49774cc2c0] - benchmark: add test_runner/mock-fn (Aviv Keller) #55771
[4caaeb47b2] - benchmark: add nodeTiming.uvmetricsinfo bench (RafaelGSS) #55614
[cac58564a1] - benchmark: add --runs support to run.js (Rafael Gonzaga) #55158
[5c3ee886fc] - benchmark: adjust byte size for buffer-copy (Rafael Gonzaga) #55295
[6023e1bdb2] - (SEMVER-MINOR) buffer: make Buffer work with resizable ArrayBuffer (James M Snell) #55377
[a6c00c2204] - build: add create release proposal action (Rafael Gonzaga) #55690
[b4e413933b] - build: implement node_use_amaro flag in GN build (Cheng) #55798
[d1db202d4a] - build: apply cpp linting and formatting to ncrypto (Aviv Keller) #55362
[8c670496da] - build: use rclone instead of aws CLI (Michaël Zasso) #55617
[827e2065bd] - build: stop pre-compiling lint-md (Aviv Keller) #55266
[c3ca978d9c] - build: fix building with system icu 76 (Michael Cho) #55563
[23e3287bbe] - build: fix GN arg used in generate_config_gypi.py (Shelley Vohr) #55530
[2b561abb0d] - build: fix GN build for sqlite and nghttp2 (Shelley Vohr) #55529
[7008f29d79] - build: fix GN build for cares/uv deps (Cheng) #55477
[6ee94a394f] - build: fix uninstall script for AIX 7.1 (Cloorc) #55438
[edbbd4a374] - build: conditionally compile bundled sqlite (Richard Lau) #55409
[3d8e3a657c] - build: tidy up cares.gyp (Richard Lau) #55445
[f0c12e8fcb] - build: synchronize list of c-ares source files (Richard Lau) #55445
[8daa8a62f8] - build: fix path concatenation (Mohammed Keyvanzadeh) #55387
[12faf0466e] - build: fix make errors that occur in Makefile (minkyu_kim) #55287
[a21be0294d] - build,win: enable pch for clang-cl (Stefan Stojanovic) #55249
[7ed058cd00] - cli: add --heap-prof flag available to NODE_OPTIONS (Juan José) #54259
[c26b1bfe6a] - crypto: allow length=0 for HKDF and PBKDF2 in SubtleCrypto.deriveBits (Filip Skokan) #55866
[a1201d0392] - crypto: update root certificates to NSS 3.104 (Richard Lau) #55681
[20483aab7a] - crypto: fix RSA_PKCS1_PADDING error message (Richard Lau) #55629
[d345662d50] - crypto: include openssl/rand.h explicitly (Shelley Vohr) #55425
[166ab3209d] - deps: update simdutf to 5.6.1 (Node.js GitHub Bot) #55850
[934979e12e] - deps: update undici to 6.21.0 (Node.js GitHub Bot) #55851
[af77f66424] - deps: update c-ares to v1.34.3 (Node.js GitHub Bot) #55803
[948a88d2f4] - deps: update icu to 76.1 (Node.js GitHub Bot) #55551
[fa4c58a983] - deps: update acorn to 8.14.0 (Node.js GitHub Bot) #55699
[c91155f22e] - deps: update sqlite to 3.47.0 (Node.js GitHub Bot) #55557
[d1cb7af95c] - deps: update amaro to 0.2.0 (Node.js GitHub Bot) #55601
[655e5600cb] - deps: update nghttp2 to 1.64.0 (Node.js GitHub Bot) #55559
[992450c469] - deps: update acorn to 8.13.0 (Node.js GitHub Bot) #55558
[abd2bd4f64] - deps: update undici to 6.20.1 (Node.js GitHub Bot) #55503
[7dc2c2edad] - deps: update googletest to df1544b (Node.js GitHub Bot) #55465
[fa9329c024] - deps: update c-ares to v1.34.2 (Node.js GitHub Bot) #55463
[41a2bcd335] - deps: update ada to 2.9.1 (Node.js GitHub Bot) #54679
[a3b793defd] - deps: update simdutf to 5.6.0 (Node.js GitHub Bot) #55379
[551b8f897d] - deps: update c-ares to v1.34.1 (Node.js GitHub Bot) #55369
[26861eaf4e] - Revert "deps: disable io_uring support in libuv by default" (Santiago Gimeno) #55114
[41c50bc15e] - deps: update libuv to 1.49.1 (Santiago Gimeno) #55114
[26fcc04084] - deps: update amaro to 0.1.9 (Node.js GitHub Bot) #55348
[0ee6715921] - diagnostics_channel: fix unsubscribe during publish (simon-id) #55116
[bf68733e7f] - dns: stop using deprecated ares_query (Aviv Keller) #55430
[ef6707eb9b] - dns: honor the order option (Luigi Pinca) #55392
[0f3810f3e5] - doc: add added tag and fix typo sqlite.md (Bart Louwers) #56012
[d1bd0ef1b7] - doc: remove non-working example (Antoine du Hamel) #55856
[824ac650ed] - doc: add node:sqlite to mandatory node: prefix list (翠 / green) #55846
[b3ea42d887] - doc: add -S flag release preparation example (Antoine du Hamel) #55836
[0bd5d8b9d9] - doc: clarify UV_THREADPOOL_SIZE env var usage (Preveen P) #55832
[27b0236a99] - doc: add notable-change mention to sec release (Rafael Gonzaga) #55830
[476075bada] - doc: fix history info for URL.prototype.toJSON (Antoine du Hamel) #55818
[2743b7b1d3] - doc: correct max-semi-space-size statement (Joe Bowbeer) #55812
[3013870093] - doc: update unflag info of import.meta.resolve (skyclouds2001) #55810
[27bcd103e7] - doc: run license-builder (github-actions[bot]) #55813
[72d4b30ead] - doc: clarify triager role (Gireesh Punathil) #55775
[a30defe9dd] - doc: clarify removal of experimental API does not require a deprecation (Antoine du Hamel) #55746
[ccffd3b819] - doc: enforce strict policy to semver-major releases (Rafael Gonzaga) #55732
[b6d2a4e816] - doc: add path aliases typescript doc (Carlos Espa) #55766
[a435affa11] - doc: add esm example in path.md (Aviv Keller) #55745
[91443c2711] - doc: consistent use of word child process (Gireesh Punathil) #55654
[83fb0079d4] - doc: clarity to available addon options (Preveen P) #55715
[6ca851457a] - doc: update --max-semi-space-size description (Joe Bowbeer) #55495
[e17fffc0ff] - doc: broken PerformanceObserver code sample (Dom Harrington) #54227
[8bd5777f0f] - doc: add write flag when open file as the demo code's intention (robberfree) #54626
[f1e0e0ba55] - doc: remove mention of ECDH-ES in crypto.diffieHellman (Filip Skokan) #55611
[1d60b7ec97] - doc: improve c++ embedder API doc (Gireesh Punathil) #55597
[bbf51d7000] - doc: capitalize "MIT License" (Aviv Keller) #55575
[0e69f6d123] - doc: add suggested tsconfig for type stripping (Marco Ippolito) #55534
[67beb37f50] - doc: add esm examples to node:string_decoder (Alfredo González) #55507
[acc6806900] - doc: add jazelly to collaborators (Jason Zhang) #55531
[a6b3ed54ae] - doc: changed the command used to verify SHASUMS256 (adriancuadrado) #55420
[0ad7ca4f1d] - doc: move dual package shipping docs to separate repo (Joyee Cheung) #55444
[e99a98ddfd] - doc: add note about stdio streams in child_process (Ederin (Ed) Igharoro) #55322
[20302851a9] - doc: add isBigIntObject to documentation (leviscar) #55450
[50d983e80b] - doc: remove outdated remarks about highWaterMark in fs (Ian Kerins) #55462
[07c2fb2045] - doc: move Danielle Adams key to old gpg keys (RafaelGSS) #55399
[41b045170d] - doc: move Bryan English key to old gpg keys (RafaelGSS) #55399
[13724dcc20] - doc: move Beth Griggs keys to old gpg keys (RafaelGSS) #55399
[0230fb1ead] - doc: spell out condition restrictions (Jan Martin) #55187
[66e41f044d] - doc: add instructions for WinGet build (Hüseyin Açacak) #55356
[23d89da3f1] - doc: add missing return values in buffer docs (Karl Horky) #55273
[6e7b33a0ef] - doc: fix ambasador markdown list (Rafael Gonzaga) #55361
[d8c552a060] - doc: edit onboarding guide to clarify when mailmap addition is needed (Antoine du Hamel) #55334
[c7f82ec978] - doc: fix the return type of outgoingMessage.setHeaders() (Jimmy Leung) #55290
[f1b9791694] - doc: update require(ESM) history and stability status (Antoine du Hamel) #55199
[9ffd2dd43b] - doc: consolidate history table of CustomEvent (Edigleysson Silva (Edy)) #55758
[64fb9e6516] - doc: add history entries for JSON modules stabilization (Antoine du Hamel) #55855
[ae2ae2fef1] - esm: fix import.meta.resolve crash (Marco Ippolito) #55777
[15dd43dd6e] - esm: add a fallback when importer in not a file (Antoine du Hamel) #55471
[aed758d270] - esm: fix inconsistency with importAssertion in resolve hook (Wei Zhu) #55365
[88d91e8bc2] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #55333
[a2c8de7fba] - events: add hasEventListener util for validate (Sunghoon) #55230
[4f84cdc8a2] - events: optimize EventTarget.addEventListener (Robert Nagy) #55312
[c17601557b] - fs: prevent unwanted dependencyOwners removal (Carlos Espa) #55565
[4dd609c685] - fs: fix bufferSize option for opendir recursive (Ethan Arrowood) #55744
[d695bd4c4f] - fs: pass correct path to DirentFromStats during glob (Aviv Keller) #55071
[5357338b8e] - fs: use wstring on Windows paths (jazelly) #55171
[0a7f301a36] - http: add diagnostic channel http.server.response.created (Marco Ippolito) #55622
[98bfc7dce5] - (SEMVER-MINOR) http: add diagnostic channel http.client.request.created (Marco Ippolito) #55586
[d2430ee363] - http2: fix client async storage persistence (Orgad Shaneh) #55460
[753cbede2a] - lib: remove startsWith/endsWith primordials for char checks (Gürgün Dayıoğlu) #55407
[6e3e99c81e] - lib: prefer logical assignment (Aviv Keller) #55044
[03902ebb74] - lib: replace createDeferredPromise util with Promise.withResolvers (Yagiz Nizipli) #54836
[ee17fcd6f3] - lib: prefer symbol to number in webidl type function (Antoine du Hamel) #55737
[18f0f07e92] - lib: implement webidl dictionary converter and use it in structuredClone (Jason Zhang) #55489
[bcead24e24] - lib: prefer number to string in webidl type function (Jason Zhang) #55489
[d48c5da039] - lib: convert transfer sequence to array in js (Jason Zhang) #55317
[cefce4cbb0] - lib: remove unnecessary optional chaining (Gürgün Dayıoğlu) #55728
[f2561fdeec] - lib: use Promise.withResolvers() in timers (Yagiz Nizipli) #55720
[337f61fb25] - (SEMVER-MINOR) lib: add UV_UDP_REUSEPORT for udp (theanarkh) #55403
[4f89059f63] - lib: add flag to drop connection when running in cluster mode (theanarkh) #54927
[29f7325e73] - lib: test_runner#mock:timers respeced timeout_max behaviour (BadKey) #55375
[68bcec64b8] - lib: remove settled dependant signals when they are GCed (Edigleysson Silva (Edy)) #55354
[3f8a5d8a28] - meta: bump actions/setup-python from 5.2.0 to 5.3.0 (dependabot[bot]) #55688
[644ad5d60d] - meta: bump actions/setup-node from 4.0.4 to 4.1.0 (dependabot[bot]) #55687
[334fa69c31] - meta: bump rtCamp/action-slack-notify from 2.3.0 to 2.3.2 (dependabot[bot]) #55686
[fb3fa8bee2] - meta: bump actions/upload-artifact from 4.4.0 to 4.4.3 (dependabot[bot]) #55685
[1aca3a8289] - meta: bump actions/cache from 4.0.2 to 4.1.2 (dependabot[bot]) #55684
[a6c73eb9c2] - meta: bump actions/checkout from 4.2.0 to 4.2.2 (dependabot[bot]) #55683
[06445bc4e3] - meta: bump github/codeql-action from 3.26.10 to 3.27.0 (dependabot[bot]) #55682
[37bafce2d8] - meta: make review-wanted message minimal (Aviv Keller) #55607
[4cca54b161] - meta: show MR/issue title on review-wanted (Aviv Keller) #55606
[68decbf935] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #55381
[07fc40d823] - meta: assign CODEOWNERS for /deps/ncrypto/* (Filip Skokan) #55426
[139e8f1579] - meta: change color to blue notify review-wanted (Rafael Gonzaga) #55423
[c0614dc92c] - meta: bump codecov/codecov-action from 4.5.0 to 4.6.0 (dependabot[bot]) #55222
[47b6c6748b] - meta: bump github/codeql-action from 3.26.6 to 3.26.10 (dependabot[bot]) #55221
[6c836aa97e] - meta: bump step-security/harden-runner from 2.9.1 to 2.10.1 (dependabot[bot]) #55220
[c81c818a21] - module: throw ERR_NO_TYPESCRIPT when compiled without amaro (Marco Ippolito) #55332
[d6d1479fcc] - module: simplify --inspect-brk handling (Joyee Cheung) #55679
[91fdec3a52] - module: fix error thrown from require(esm) hitting TLA repeatedly (Joyee Cheung) #55520
[cb527a925d] - module: do not warn when require(esm) comes from node_modules (Joyee Cheung) #55960
[16119f206f] - module: trim off internal stack frames for require(esm) warnings (Joyee Cheung) #55496
[28b5b9a57d] - module: allow ESM that failed to be required to be re-imported (Joyee Cheung) #55502
[6ac3400960] - module: include module information in require(esm) warning (Joyee Cheung) #55397
[fcdd6167d8] - module: check --experimental-require-module separately from detection (Joyee Cheung) #55250
[d8c34ced43] - module: use kNodeModulesRE to detect node_modules (Joyee Cheung) #55243
[545c069eb5] - module: support 'module.exports' interop export in require(esm) (Guy Bedford) #54563
[58d6871c45] - (SEMVER-MINOR) module: unflag --experimental-require-module (Joyee Cheung) #55085
[1628c48ad6] - (SEMVER-MINOR) net: add UV_TCP_REUSEPORT for tcp (theanarkh) #55408
[a5590083cd] - node-api: add napi_create_buffer_from_arraybuffer method (Mert Can Altin) #54505
[21ec855feb] - os: improve path check with direct index access (Mert Can Altin) #55434
[1fdaa15226] - report: fix network queries in getReport libuv with exclude-network (Adrien Foulon) #55602
[457e73f4c9] - (SEMVER-MINOR) sqlite: add support for SQLite Session Extension (Bart Louwers) #54181
[428701a6d8] - sqlite: improve error handling using MaybeLocal (Tobias Nießen) #55571
[4e5878536a] - sqlite: add readOnly option (Tobias Nießen) #55567
[8c35ad12de] - sqlite: refactor open options (Tobias Nießen) #55442
[c3c403040a] - sqlite: cache column names in stmt.all() (Fedor Indutny) #55373
[6858f7a4d3] - src: use env strings to create sqlite results (Michaël Zasso) #55785
[db01eaf318] - src: improve node:os userInfo performance (Yagiz Nizipli) #55719
[383d28489d] - src: provide workaround for container-overflow (Daniel Lemire) #55591
[3477b6b4a5] - src: move more key related stuff to ncrypto (James M Snell) #55368
[38c047e38f] - src: refactor ECDHBitsJob signature (Filip Skokan) #55610
[acbb62902a] - src: fix dns crash when failed to create NodeAresTask (theanarkh) #55521
[547cab9433] - src: use NewFromUtf8Literal in NODE_DEFINE_CONSTANT (Charles Kerr) #55581
[231fe7b953] - src: do not run IsWindowsBatchFile on non-windows (Yagiz Nizipli) #55560
[bde374ee6a] - src: remove icu based ToASCII and ToUnicode (Yagiz Nizipli) #55156
[6ad23e74be] - src: fix winapi_strerror error string (Hüseyin Açacak) #55207
[63bc40550b] - src: remove uv__node_patch_is_using_io_uring (Santiago Gimeno) #55114
[2af72a7671] - src: implement IsInsideNodeModules() in C++ (Joyee Cheung) #55286
[e14fb2defb] - src,lib: optimize nodeTiming.uvMetricsInfo (RafaelGSS) #55614
[e14dba3ee5] - src,lib: introduce util.getSystemErrorMessage(err) (Juan José) #54075
[8f59c41d52] - stream: propagate AbortSignal reason (Marvin ROGER) #55473
[7acb96362c] - test: increase coverage of pathToFileURL (Antoine du Hamel) #55493
[5861135ddb] - test: improve test coverage for child process message sending (Juan José) #55710
[554d4ace2f] - test: ensure that test priority is not higher than current priority (Livia Medeiros) #55739
[b0ce62a9bd] - test: add buffer to fs_permission tests (Rafael Gonzaga) #55734
[9d9ad81d54] - test: improve test coverage for ServerResponse (Juan José) #55711
[273f84e01c] - test: update performance-timeline wpt (RedYetiDev) #55197
[89c9c46185] - test: ignore unrelated events in FW watch tests (Carlos Espa) #55605
[fc69080669] - test: refactor some esm tests (Antoine du Hamel) #55472
[a80c166733] - test: split up test-runner-mock-timers test (Julian Gassner) #55506
[8c2fc11f7c] - test: remove unneeded listeners (Luigi Pinca) #55486
[1c5872dbde] - test: avoid apply() calls with large amount of elements (Livia Medeiros) #55501
[2194eb4909] - test: increase test coverage for http.OutgoingMessage.appendHeader() (Juan José) #55467
[ad7e81379a] - test: make test-node-output-v8-warning more flexible (Shelley Vohr) #55401
[6aeeaa719b] - test: fix addons and node-api test assumptions (Antoine du Hamel) #55441
[73ab14fd8f] - test: update wpt test for webmessaging/broadcastchannel (devstone) #55205
[ded1b68d10] - test: deflake test-cluster-shared-handle-bind-privileged-port (Aviv Keller) #55378
[0e873c3031] - test: update console wpt (Aviv Keller) #55192
[832300533b] - test: remove duplicate tests (Luigi Pinca) #55393
[310a734c1b] - test: update test_util.cc for coverage (minkyu_kim) #55291
[254badd480] - test: update compression wpt (Aviv Keller) #55191
[c52a808ac9] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #55703
[445d117b67] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #55512
[cd0d748ede] - test,crypto: make crypto tests work with BoringSSL (Shelley Vohr) #55491
[8bac7c27c8] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #55427
[363e7d5a76] - test_runner: error on mocking an already mocked date (Aviv Keller) #55858
[f41d329e98] - test_runner: add support for scheduler.wait on mock timers (Erick Wendel) #55244
[b9200c33ae] - test_runner: require --enable-source-maps for sourcemap coverage (Aviv Keller) #55359
[f11d93d8ef] - tools: enforce ordering of error codes in errors.md (Antoine du Hamel) #55324
[85ca31a90a] - tools: bump @eslint/plugin-kit from 0.2.0 to 0.2.3 in /tools/eslint (dependabot[bot]) #55875
[506aac567b] - tools: fix exclude labels for commit-queue (Richard Lau) #55809
[14ffac9995] - tools: make commit-queue check blocked label (Marco Ippolito) #55781
[eb22ec87e6] - tools: remove non-existent file from eslint config (Aviv Keller) #55772
[5844565fb2] - tools: fix c-ares updater script for Node.js 18 (Richard Lau) #55717
[0a79ebd257] - tools: update ESLint to 9.14.0 (dependabot[bot]) #55689
[12543d560a] - tools: use util.parseArgs in lint-md (Aviv Keller) #55694
[d95aa244c2] - tools: fix root certificate updater (Richard Lau) #55681
[3626891f8e] - tools: compact jq output in daily-wpt-fyi.yml action (Filip Skokan) #55695
[02c902e68a] - tools: run daily WPT.fyi report on all supported releases (Filip Skokan) #55619
[456b02351b] - tools: lint README lists more strictly (Antoine du Hamel) #55625
[83a5983c7d] - tools: update lint-md-dependencies (Node.js GitHub Bot) #55470
[72b4a8df6a] - tools: update gyp-next to 0.18.3 (Node.js GitHub Bot) #55464
[6b6e6a5590] - tools: add script to synch c-ares source lists (Richard Lau) #55445
[a6c444291b] - tools: fix typos (Nathan Baulch) #55061
[d5e915ba5d] - tools: add polyfilled option to prefer-primordials rule (Antoine du Hamel) #55318
[c8e7f767b7] - typings: add missing type of ArrayBufferPrototypeGetByteLength (Wuli Zuo) #55439
[6317f77942] - url: refactor pathToFileURL to native (Antoine du Hamel) #55476
[5418d40256] - url: handle "unsafe" characters properly in pathToFileURL (Antoine du Hamel) #54545
[fce8c32c19] - util: do not mark experimental feature as deprecated (Antoine du Hamel) #55740
[940d22ffe1] - (SEMVER-MINOR) util: fix util.getCallSites plurality (Chengzhong Wu) #55626
[42ac0c2af3] - util: do not catch on circular @@toStringTag errors (Aviv Keller) #55544

psf/black (psf/black)

`v25.9.0`

Compare Source

Highlights

Remove support for pre-python 3.7 await/async as soft keywords/variable names (#4676)

Stable style

Fix crash while formatting a long del statement containing tuples (#4628)
Fix crash while formatting expressions using the walrus operator in complex with statements (#4630)
Handle # fmt: skip followed by a comment at the end of file (#4635)
Fix crash when a tuple appears in the as clause of a with statement (#4634)
Fix crash when tuple is used as a context manager inside a with statement (#4646)
Fix crash when formatting a \ followed by a \r followed by a comment (#4663)
Fix crash on a \\r\n (#4673)
Fix crash on await ... (where ... is a literal Ellipsis) (#4676)
Fix crash on parenthesized expression inside a type parameter bound (#4684)
Fix crash when using line ranges excluding indented single line decorated items (#4670)

Preview style

Fix a bug where one-liner functions/conditionals marked with # fmt: skip would still be formatted (#4552)
Improve multiline_string_handling with ternaries and dictionaries (#4657)
Fix a bug where string_processing would not split f-strings directly after expressions (#4680)
Wrap the in clause of comprehensions across lines if necessary (#4699)
Remove parentheses around multiple exception types in except and except* without as. (#4720)
Add \r style newlines to the potential newlines to normalize file newlines both from and to (#4710)

Parser

Rewrite tokenizer to improve performance and compliance (#4536)
Fix bug where certain unusual expressions (e.g., lambdas) were not accepted in type parameter bounds and defaults. (#4602)

Performance

Avoid using an extra process when running with only one worker (#4734)

Integrations

Fix the version check in the vim file to reject Python 3.8 (#4567)
Enhance GitHub Action psf/black to read Black version from an additional section in pyproject.toml: [project.dependency-groups] (#4606)
Build gallery docker image with python3-slim and reduce image size (#4686)

Documentation

Add FAQ entry for windows emoji not displaying (#4714)

psf/requests (requests)

`v2.32.5`

Compare Source

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.
Dropped support for Python 3.8 following its end of support.

uis/devops/continuous-delivery/ci-templates (uis/devops/continuous-delivery/ci-templates)

`v7.17.2`: 7.17.2

Compare Source

7.17.2 (2025-09-25)

Bug Fixes

mandatory-jobs: reduce cpu and memory requests for SAST jobs (9d3526a)

`v7.17.1`: 7.17.1

Compare Source

7.17.1 (2025-09-25)

Bug Fixes

pre-commit: certdir variable must be an empty string (d608c55)

`v7.17.0`: 7.17.0

Compare Source

7.17.0 (2025-09-24)

Features

mandatory-jobs: increase runner resources for failing SAST jobs (cfb7fd5)

`v7.16.0`: 7.16.0

Compare Source

7.16.0 (2025-09-19)

Features

🎸 Move standard job to Generic GKE Runner (59d2a0e)

`v7.15.2`: 7.15.2

Compare Source

7.15.2 (2025-09-17)

`v7.15.1`: 7.15.1

Compare Source

7.15.1 (2025-09-11)

Bug Fixes

maven.gitlab-ci.yml: moved PUBLISH_NEW_VERSION within .maven:publish script (e02809e)
maven.gitlab-ci.yml: updated semantic commit message pattern matching and logic (b9ad541)
maven.gitlab-ci.yml: updated semantic commit message pattern matching and logic (e8071e1)
maven.gitlab-ci.yml: updated semantic commit message pattern matching and logic (2574c8c)