chore(deps): update node.js to v24 #285
Conversation
📝 WalkthroughWalkthroughTwo Sequence Diagram(s)🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #285 +/- ##
===========================
===========================
🚀 New features to boost your workflow:
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/node-24.x
branch
2 times, most recently
from
5f1f9fe to
580252b
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In @.nvmrc:
- Line 1: The Node.js version was bumped to 24.12.0 which is a major jump with
breaking changes; run the full test suite under Node 24, rebuild native modules
(npm rebuild / yarn rebuild), and verify package.json for native dependencies
(node-gyp, sqlite3, bcrypt, etc.), then test crypto/TLS paths and API
usage—search code for deprecated/removed APIs such as url.parse, SlowBuffer,
fs.truncate(fd), tls.createSecurePair and update to supported alternatives;
ensure any native addon is rebuilt and CI uses Node 24 before merging.
📜 Review details
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (2)
.nvmrcsrc/test/vscode-notebook-perf/.nvmrc
🔇 Additional comments (1)
src/test/vscode-notebook-perf/.nvmrc (1)
1-1: Consistent with root.nvmrc.Both files updated together—ensures test environment matches project runtime.
.nvmrc
Outdated
| @@ -1 +1 @@ | |||
| 22.21.1 | |||
| 24.12.0 | |||
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Node.js 24.12.0 breaking changes migration guide from Node.js 22
💡 Result:
Below is a concise migration checklist and the key breaking/behavior changes to watch for when moving from Node.js 22 → 24.12.0 (LTS). Sources: Node.js v22→v24 migration notes and the v24.12.0 release notes. [1][2]
- Quick summary of highest-impact breaking changes
- OpenSSL 3.5: default security level = 2 — short RSA/DSA/DH (<2048) and ECC (<224) keys and RC4 cipher suites are prohibited; test TLS/crypto usage. [1]
- V8 → 13.6: new globals/features (Float16Array, RegExp.escape, Error.isError, explicit resource management). Native addons must be rebuilt and may require V8 API updates (NODE-API recommended). [1][2]
- AsyncLocalStorage now uses AsyncContextFrame by default — verify context propagation. [2]
- URLPattern is global — adjust imports if you previously imported it. [2]
- Stricter runtime argument validation / behavioral changes: fetch() compliance, AbortSignal validation, stream/pipe errors now throwing, Buffer behavior changes, Windows path-handling fixes — run tests. [1]
- Removed/deprecated APIs and runtime deprecations you may rely on: tls.createSecurePair, fs.truncate(fd), dirent.path, SlowBuffer, url.parse() (runtime-deprecated, use WHATWG URL), process.execve on Windows, various undocumented process bindings; file-constants getters (fs.F_OK etc.) warn — replace usages. [1][2]
- Build/toolchain changes: minimum gcc 12.2 on Linux/AIX, Xcode 16.1 on macOS; MSVC support removed on Windows (ClangCL required to build). [1]
- Concrete migration steps (recommended order)
- Run your test-suite on Node.js 24 (CI job or local): fix failing tests first (argument validation and stream errors are common failure sources). [1]
- Rebuild native modules: npm rebuild / node-gyp rebuild / reinstall to ensure compatibility with V8 13.6; prefer NODE-API for native addons to reduce churn. [1]
- Run the Node.js codemods for automated fixes (examples provided by Node.js): e.g., fs-access-mode-constants, crypto-rsa-pss-update, fs-truncate-to-ftruncate, process-assert-to-node-assert (npx codemod run …). [1]
- Address crypto/TLS: ensure keys/ciphers meet OpenSSL 3.5 requirements; test external connections and certificate handling. [1]
- Replace deprecated APIs: migrate url.parse → WHATWG URL, stop using SlowBuffer, stop relying on removed internals. [1][2]
- Inspect async context usage (AsyncLocalStorage), URLPattern usage, and any code that relied on older Buffer behavior or lax argument validation. [1][2]
- Update build toolchains if you compile Node from source (gcc/Xcode/ClangCL) and CI images accordingly. [1]
- Upgrade dependent packages (especially native modules and npm-based tools) and check compatibility notes for npm 11 bundled with Node 24. [2]
- Run security and static-analysis checks, then deploy to a staging environment and smoke-test. [1]
- Resources and commands
- Node.js official migration page (v22→v24) — includes detailed breaking changes and codemod list. [1]
- Node.js v24.12.0 release notes for specific fixes/semver-minor/commits. [2]
- Typical commands:
- npx codemod run @nodejs/ (see migration page). [1]
- npm rebuild / npm ci (reinstall native modules).
- Run full test matrix on Node 24 in CI.
If you want, I can:
- produce a short grep/codemod plan for your repo (list of patterns to search and exact codemods to run), or
- scan your package.json + native deps and give a prioritized list of likely breakages.
Sources:
[1] Node.js: “v22 to v24” migration notes (Node.js official).
[2] Node.js: “v24.12.0” release notes (Node.js official).
🌐 Web query:
Node.js 24.12.0 security advisories known issues LTS
💡 Result:
Short summary — Node.js v24.12.0 (LTS) — security advisories & known issues
-
Official v24.12.0 release notes (v24.12.0 published 2025-12-10) — normal LTS changes and minor features; no new single‑version emergency security advisory called out in the tag. [1]
-
Recent security advisories affecting the 24.x line you should track (examples patched on 24.x or relevant to 24.x):
- Multiple CVEs and security releases published in 2025 (May / July) addressing DoS, HTTP/2 crashes, ReadFileUtf8 memory leak, HashDoS (V8 rapidhash), request‑smuggling / Content‑Length handling, privilege/capability environment handling (CVE-2024-21892 and related), and other issues — these affect 24.x and were fixed in the 24.x security/patch releases. See the Node.js security release posts. [2][3]
-
Known issue history relevant to 24.x LTS:
- Buffer.allocUnsafe returned zero‑filled buffers in 24.11.0; restored behavior in the next LTS patch. (Noted in Node.js releases). [1]
- V8/rapidhash HashDoS and other CVEs (July 2025 security release) were announced for the 24.x line. [3]
-
Practical recommendations:
- Run the latest 24.x LTS patch (v24.12.0 is LTS as of 2025‑12‑10) and apply any subsequent security patch releases from nodejs.org immediately.
- Subscribe to Node.js security release posts and monitor CVE trackers (NVD/Snyk) for new advisories affecting 24.x. [2][4]
Sources
- Node.js v24.12.0 release tag / notes (GitHub releases). [GitHub nodejs/node — v24.12.0]. [1]
- Node.js Project security release posts (May / July 2025 security releases listing CVEs affecting 24.x). [Node.js security blog]. [2]
- Summaries / trackers referencing CVEs affecting v24.x (HashDoS / ReadFileUtf8 / CVE listings). [stack.watch / HKCERT / Node.js CN vulnerability posts]. [3]
- Snyk package security page for [email protected] (vulnerability scanning/status). [Snyk]. [4]
If you want, I can: (a) list the specific CVE IDs and which 24.x patch fixed each, or (b) fetch the latest security patches released after v24.12.0 and produce a one‑line remediation checklist. Which would you prefer?
🏁 Script executed:
#!/bin/bash
# Search for Node.js API calls that might be affected by breaking changes
rg -n --type=ts --type=js 'process\.(version|versions|release)' --max-count=10
rg -n --type=ts --type=js 'require\(["\']node:' --max-count=10
rg -n --type=ts --type=js 'require\(["\']v8' --max-count=10Repository: deepnote/vscode-deepnote
Length of output: 373
🏁 Script executed:
# Check for Node.js/npm related config files
git ls-files | grep -E '(package\.json|\.npmrc|engines)'Repository: deepnote/vscode-deepnote
Length of output: 172
Major version jump confirmed—breaking changes require testing.
Node.js 22 → 24 introduces significant breaking changes (OpenSSL 3.5 stricter crypto validation, V8 13.6 requiring native module rebuilds, removed APIs like tls.createSecurePair, stricter argument validation). v24.12.0 is stable LTS, but run your test suite and check package.json for native dependencies. Rebuild any native modules (npm rebuild); prioritize testing crypto/TLS and API deprecations (check for url.parse(), SlowBuffer, fs.truncate(fd) usage).
🤖 Prompt for AI Agents
In @.nvmrc at line 1, The Node.js version was bumped to 24.12.0 which is a major
jump with breaking changes; run the full test suite under Node 24, rebuild
native modules (npm rebuild / yarn rebuild), and verify package.json for native
dependencies (node-gyp, sqlite3, bcrypt, etc.), then test crypto/TLS paths and
API usage—search code for deprecated/removed APIs such as url.parse, SlowBuffer,
fs.truncate(fd), tls.createSecurePair and update to supported alternatives;
ensure any native addon is rebuilt and CI uses Node 24 before merging.
1a97886 to
6709a85
Compare
renovate
bot
force-pushed
the
renovate/node-24.x
branch
from
6709a85 to
fe87eca
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In @.nvmrc:
- Line 1: Replace the invalid Node version in .nvmrc from "24.13.0" to the
actual latest "24.12.0", then update package.json to ensure @types/node aligns
(change any pinned or careted node types version to ^22.15.1 if you want Node 24
compatibility) and edit CONTRIBUTING.md to replace any references to "22.15.1"
so all files (.nvmrc, package.json, CONTRIBUTING.md) consistently reference the
corrected versions; update the version strings exactly where they appear (look
for the literal "24.13.0" in .nvmrc, "@types/node" dependency entry in
package.json, and the node version mention in CONTRIBUTING.md).
📜 Review details
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (2)
.nvmrcsrc/test/vscode-notebook-perf/.nvmrc
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Build & Test
🔇 Additional comments (1)
src/test/vscode-notebook-perf/.nvmrc (1)
1-1: Consistent with root.nvmrcupdate.Test environment matches the root configuration. Ensure this version is validated (see root
.nvmrcverification).
| @@ -1 +1 @@ | |||
| 22.21.1 | |||
| 24.13.0 | |||
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Node.js 24.13.0 release breaking changes
💡 Result:
Do you mean Node.js (the runtime) version v24.13.0? If so I’ll fetch the official Node.js release notes/changelog and list the breaking changes. Confirm and I’ll proceed.
🏁 Script executed:
#!/bin/bash
# Find all files referencing Node.js versions
# Check package.json for engines field
fd -t f 'package\.json$' --exec jq -r '.engines.node // empty' {} \; 2>/dev/null | grep -v '^$' | head -20
# Check CI configs (GitHub Actions, etc.)
rg -n 'node-version|node_version|NODE_VERSION' --type yaml --type yml 2>/dev/null | head -20
# Check Dockerfiles for Node references
rg -n 'FROM node:|NODE_VERSION' --type dockerfile 2>/dev/null | head -20
# Check all .nvmrc files
find . -name '.nvmrc' -type f 2>/dev/null | xargs cat 2>/dev/null
# Check .tool-versions (asdf compatibility)
find . -name '.tool-versions' -type f 2>/dev/null | xargs grep -H 'nodejs\|node' 2>/dev/null
# Search for hardcoded version references (22.x - old version)
rg '22\.\d+\.\d+' --type-not lock -g '!.nvmrc' 2>/dev/null | head -20Repository: deepnote/vscode-deepnote
Length of output: 2044
🌐 Web query:
Node.js v24.13.0 official release
💡 Result:
There is no official Node.js v24.13.0 release as of January 13, 2026 — the latest official v24 patch on the Node.js site is v24.12.0 (published December 10, 2025). [1][2]
Sources:
- Node.js Releases (shows v24 last updated Dec 10, 2025). [1]
- Official v24 download index (latest-v24.x directory lists node-v24.12.0 files dated Dec 10, 2025). [2]
🏁 Script executed:
#!/bin/bash
# Search for all remaining Node version references
# Check for all 22.x references
echo "=== Node 22.x references ==="
rg '22\.\d+' -g '!node_modules' -g '!*.lock' -g '!.git' 2>/dev/null | head -30
# Check all config files mentioning versions
echo "=== Version specs in key files ==="
fd -t f '(package\.json|\.nvmrc|\.tool-versions|Dockerfile|docker-compose|\.github)' -x grep -l 'node\|version' {} \; 2>/dev/null | head -20
# Search for Node version in GitHub Actions workflows
echo "=== GitHub Actions node versions ==="
find .github -name '*.yml' -o -name '*.yaml' 2>/dev/null | xargs grep -n 'node-version\|with.*node' 2>/dev/nullRepository: deepnote/vscode-deepnote
Length of output: 36827
Invalid Node.js version: 24.13.0 does not exist.
Node.js v24.13.0 is not an official release—the latest v24 is v24.12.0 (Dec 10, 2025). Correct .nvmrc to 24.12.0 and update package.json (@types/node: ^22.15.1) and CONTRIBUTING.md (still mentions 22.15.1) for consistency.
🤖 Prompt for AI Agents
In @.nvmrc at line 1, Replace the invalid Node version in .nvmrc from "24.13.0"
to the actual latest "24.12.0", then update package.json to ensure @types/node
aligns (change any pinned or careted node types version to ^22.15.1 if you want
Node 24 compatibility) and edit CONTRIBUTING.md to replace any references to
"22.15.1" so all files (.nvmrc, package.json, CONTRIBUTING.md) consistently
reference the corrected versions; update the version strings exactly where they
appear (look for the literal "24.13.0" in .nvmrc, "@types/node" dependency entry
in package.json, and the node version mention in CONTRIBUTING.md).
This PR contains the following updates:
22.21.1→24.13.0Release Notes
nodejs/node (node)
v24.13.0: 2026-01-13, Version 24.13.0 'Krypton' (LTS), @marco-ippolitoCompare Source
This is a security release.
Notable Changes
lib:
lib,permission:
src:
src,lib:
tls:
Commits
2092785d01] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #609973e58b7f2af] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #612834ba536a5a6] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#79789adaa21fd] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#7487302b4dae1] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760ac030753c4] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#77320075692fe] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#75920591b0618] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796v24.12.0: 2025-12-10, Version 24.12.0 'Krypton' (LTS), @targosCompare Source
Notable Changes
1a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #599828987159234] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #6060092c484ebf4] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #59953b11bc5984e] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217e7da5b4b7d] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178a7f7d10c06] - (SEMVER-MINOR) src: add an option to make compile cache portable (Aditi) #5879792ea669240] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #5971105d7509bd2] - (SEMVER-MINOR) v8: add cpu profile (theanarkh) #59807Commits
e4a23a35ac] - benchmark: focus on import.meta intialization in import-meta benchmark (Joyee Cheung) #60603b6114ae5c9] - benchmark: add per-suite setup option (Joyee Cheung) #60574ac8e90af7c] - buffer: speed up concat via TypedArray#set (Gürgün Dayıoğlu) #60399acbc8ca13e] - build: upgrade Python linter ruff, add rules ASYNC,PERF (Christian Clauss) #59984f97a609a07] - console: optimize single-string logging (Gürgün Dayıoğlu) #604226cd9bdc580] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #606620fafe24d9b] - crypto: fix argument validation in crypto.timingSafeEqual fast path (Joyee Cheung) #6053854421e0419] - debugger: fix event listener leak in the run command (Joyee Cheung) #60464c361a628b4] - deps: V8: cherry-pick72b0e27(pthier) #60732c70f4588dd] - deps: V8: cherry-pick6bb32bd(Erik Corry) #60732881fe784c5] - deps: V8: cherry-pick0dd2318(Erik Corry) #60732457c33efcc] - deps: V8: cherry-pickdf20105(Erik Corry) #607320bf45a829c] - deps: V8: backporte5dbbba(Darshan Sen) #605244993bdc476] - deps: V8: cherry-pick5ba9200(Juan José Arboleda) #606201e9abe0078] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #608423f704ed08f] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #6064304e360fdb1] - deps: V8: cherry-pick06bf293,146962dande0fb10b(Michaël Zasso) #60713fcbd8dbbde] - deps: patch V8 to 13.6.233.17 (Michaël Zasso) #6071228e9433f39] - deps: V8: cherry-pick8735658(Joyee Cheung) #600693cac85b243] - deps: V8: backport2e4c5cf(Michaël Zasso) #606541daece1970] - deps: call OPENSSL_free after ANS1_STRING_to_UTF8 (Rafael Gonzaga) #606095f55a9c9ea] - deps: nghttp2: revert7784fa9(Antoine du Hamel) #597901d9e7c1f4d] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #597903140415068] - deps: update simdjson to 4.1.0 (Node.js GitHub Bot) #60542d911f9f1b8] - deps: update amaro to 1.1.5 (Node.js GitHub Bot) #60541daaaf04a32] - deps: V8: cherry-pick2abc613(Richard Lau) #60177b4f63ee5f8] - doc: update Collaborators list to reflect hybrist handle change (Antoine du Hamel) #60650effcf7a8ab] - doc: fix link in--env-file=filesection (N. Bighetti) #605637011736703] - doc: fix linter issues (Antoine du Hamel) #606365cc79d8945] - doc: add missing history entry forsqlite.md(Antoine du Hamel) #60607bbc649057c] - doc: correct values/references for buffer.kMaxLength (René) #60305ea7ecb517b] - doc: recommend events.once to manage 'close' event (Dan Fabulich) #6001758bff04cc2] - doc: highlight module loading difference between import and require (Ajay A) #59815bbcbff9b4d] - doc: add CJS code snippets insqlite.md(Allon Murienik) #60395f8af33d5a7] - doc: fix typo inprocess.unrefdocumentation (우혁) #59698df105dc351] - doc: add some entries toglossary.md(Mohataseem Khan) #592774955cb2b5b] - doc: improve agent.createConnection docs for http and https agents (JaeHo Jang) #582056283bb5cc9] - doc: fix pseudo code in modules.md (chirsz) #57677d5059ea537] - doc: add missing variable in code snippet (Koushil Mankali) #55478900de373ae] - doc: add missing word insingle-executable-applications.md(Konstantin Tsabolov) #538645735044c8b] - doc: fix typo in http.md (Michael Solomon) #593542dee6df831] - doc: update devcontainer.json and add documentation (Joyee Cheung) #604728f2d98d7d2] - doc: add haramj as triager (Haram Jeong) #60348bbd7fdfff4] - doc: clarify require(esm) description (dynst) #6052033ad11a764] - doc: instantiate resolver object (Donghoon Nam) #6047681a61274f3] - doc: correct module loading descriptions (Joyee Cheung) #6034677911185fe] - doc: clarify --use-system-ca support status (Joyee Cheung) #60340185f6e95d9] - doc,crypto: link keygen to supported types (Filip Skokan) #60585772d6c6608] - doc,src,lib: clarify experimental status of Web Storage support (Antoine du Hamel) #60708ad98e11ac2] - esm: use sync loading/resolving on non-loader-hook thread (Joyee Cheung) #603801a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #597785703ce68bc] - http: replace startsWith with strict equality (btea) #593942b696ffad8] - http2: add diagnostics channels for client stream request body (Darshan Sen) #60480dbdf4cb5a5] - inspector: inspect HTTP response body (Chengzhong Wu) #605729dc9a7d33d] - inspector: support inspecting HTTP/2 request and response bodies (Darshan Sen) #6048389fa2befe4] - inspector: fix crash when receiving non json message (Shima Ryuhei) #60388ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #5998233baaf42c8] - lib: replace global SharedArrayBuffer constructor with bound method (Renegade334) #60497b047586a08] - meta: bump actions/download-artifact from 5.0.0 to 6.0.0 (dependabot[bot]) #6053264192176d7] - meta: bump actions/upload-artifact from 4.6.2 to 5.0.0 (dependabot[bot]) #60531af6d4a6b9b] - meta: bump github/codeql-action from 3.30.5 to 4.31.2 (dependabot[bot]) #60533c17276fd24] - meta: bump actions/setup-node from 5.0.0 to 6.0.0 (dependabot[bot]) #605296e8b52a7dc] - meta: bump actions/stale from 10.0.0 to 10.1.0 (dependabot[bot]) #60528a12658595b] - meta: callcreate-release-post.ymlpost release (Aviv Keller) #603668987159234] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #6060036da413663] - module: fix directory option in the enableCompileCache() API (Joyee Cheung) #5993192c484ebf4] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #59953545162b0d4] - node-api: use local files for instanceof test (Vladimir Morozov) #60190526c011d89] - perf_hooks: fix stack overflow error (Antoine du Hamel) #600841de0476939] - perf_hooks: move non-standard performance properties to perf_hooks (Chengzhong Wu) #6037007ec1239ef] - repl: fix pasting after moving the cursor to the left (Ruben Bridgewater) #60470b11bc5984e] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217273c9661fd] - sqlite,doc: fix StatementSync section (Edy Silva) #60474d92ec21a4c] - src: use CP_UTF8 for wide file names on win32 (Fedor Indutny) #60575baef0468ed] - src: move Node-API version detection to where it is used (Anna Henningsen) #60512e7da5b4b7d] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178a7f7d10c06] - (SEMVER-MINOR) src: add an option to make compile cache portable (Aditi) #58797566add0b19] - src: avoid C strings in more C++ exception throws (Anna Henningsen) #605929b796347c1] - src: add internal binding for constructing SharedArrayBuffers (Renegade334) #604973b01cbb411] - src: movenapi_addon_register_functonode_api_types.h(Anna Henningsen) #6051202fb7f4ecb] - src: remove unconditional NAPI_EXPERIMENTAL in node.h (Chengzhong Wu) #60345bd09ae24e4] - src: clean up generic counter implementation (Anna Henningsen) #60447cd6bf51dbd] - src: add enum handle for ToStringHelper + formatting (Burkov Egor) #5682992ea669240] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #59711ac3dbe48f7] - stream: don't try to read more if reading (Robert Nagy) #60454790288a93b] - test: ensure assertions are reachable intest/internet(Antoine du Hamel) #605130a85132989] - test: fix status when compiled without inspector (Antoine du Hamel) #602892f57673172] - test: deflake test-perf-hooks-timerify-histogram-sync (Joyee Cheung) #6063909726269de] - test: apply a delay towatch-mode-kill-signaltests (Joyee Cheung) #6061045537b9562] - test: async iife in repl (Tony Gorez) #448784ca81f101d] - test: parallelize sea tests when there's enough disk space (Joyee Cheung) #60604ea71e96191] - test: only show overridden env in child process failures (Joyee Cheung) #6055606b2e348c7] - test: ensure assertions are reached on more tests (Antoine du Hamel) #60498de9c8cb670] - test: ensure assertions are reachable intest/es-module(Antoine du Hamel) #6050175bc40fced] - test: ensure assertions are reached on more tests (Antoine du Hamel) #604851a6084cfd3] - test: ensure assertions are reached on more tests (Antoine du Hamel) #605002c651c90cf] - test: split test-perf-hooks-timerify (Joyee Cheung) #605686e8b5f7345] - test: add more logs to test-esm-loader-hooks-inspect-wait (Joyee Cheung) #604669dea7ffa30] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #605650b3c3b710a] - test: split test-esm-wasm.js (Joyee Cheung) #60491a15b795b34] - test: correct conditional secure heap flags test (Shelley Vohr) #6038538b77b3a44] - test: fix flaky test-watch-mode-kill-signal-* (Joyee Cheung) #60443e8d7598057] - test: capture stack trace in debugger timeout errors (Joyee Cheung) #60457674befeb81] - test: ensure assertions are reachable intest/sequential(Antoine du Hamel) #60412952c08a735] - test: ensure assertions are reachable in more folders (Antoine du Hamel) #60411bbca57584b] - test: split test-runner-watch-mode (Joyee Cheung) #60391e78e0cf6e7] - test: move test-runner-watch-mode helper into common (Joyee Cheung) #6039184576ef021] - test: ensure assertions are reachable intest/addons(Antoine du Hamel) #601421659078c11] - test: ignore EPIPE errors in https proxy invalid URL test (Joyee Cheung) #6026979ffee80ec] - test: ensure assertions are reachable intest/client-proxy(Antoine du Hamel) #60175e5a812243a] - test: ensure assertions are reachable intest/async-hooks(Antoine du Hamel) #60150e924fd72e3] - test,crypto: handle a few more BoringSSL tests (Shelley Vohr) #59030a55ac11611] - test,crypto: update x448 and ed448 expectation when on boringssl (Shelley Vohr) #6038755d5e9ec73] - tls: fix leak on invalid protocol method (Shelley Vohr) #604275763c96e7c] - tools: replace invalid expression in dependabot config (Riddhi) #60649b6e21b47d7] - tools: skip unaffected GHA jobs for changes intest/internet(Antoine du Hamel) #60517999664c76d] - tools: do not use short hashes for deps versioning to avoid collision (Antoine du Hamel) #60407ada856d0fb] - tools: only add test reporter args when node:test is used (Joyee Cheung) #605511812c56bb3] - tools: fix update-icu script (Michaël Zasso) #60521747040438a] - tools: fix linter for semver-major release proposals (Antoine du Hamel) #60481f170551e40] - tools: fix failing release-proposal linter for LTS transitions (Antoine du Hamel) #604652db4ea0ce4] - tools: remove undici from daily wpt.fyi job (Filip Skokan) #604442a85aa4e7b] - tools: add lint rule to ensure assertions are reached (Antoine du Hamel) #6012548299ef5fb] - tools,doc: update JavaScript primitive types to match MDN Web Docs (JustApple) #605817ec04cf936] - util: fix stylize of special properties in inspect (Ge Gao) #6047905d7509bd2] - (SEMVER-MINOR) v8: add cpu profile (theanarkh) #59807884fe884a1] - vm: hint module identifier in instantiate errors (Chengzhong Wu) #60199a2caf19f70] - watch: fix interaction with multiple env files (Marco Ippolito) #60605v24.11.1Compare Source
v24.11.0Compare Source
v24.10.0: 2025-10-08, Version 24.10.0 (Current), @RafaelGSSCompare Source
Notable Changes
31bb476895] - (SEMVER-MINOR) console: allow per-streaminspectOptionsoption (Anna Henningsen) #600823b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #5998018c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #59928Commits
e8cff3d51e] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #5987203294252ab] - benchmark: update count to n in permission startup (Bruno Rodrigues) #598723c8a609d9b] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #598727b2032b13e] - benchmark: adjust dgram offset-length len values (Bruno Rodrigues) #59708552d887aee] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #5970831bb476895] - (SEMVER-MINOR) console: allow per-streaminspectOptionsoption (Anna Henningsen) #600820bf022d4c0] - console,util: improve array inspection performance (Ruben Bridgewater) #6003704d568e591] - deps: V8: cherry-pickf93055f(Olivier Flückiger) #60105621058b3bf] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #6010181b3009fe6] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #60101dc44c9f349] - deps: upgrade npm to 11.6.1 (npm team) #60012ec0f137198] - deps: update ada to 3.3.0 (Node.js GitHub Bot) #60045f490f91874] - deps: update amaro to 1.1.4 (pmarchini) #60044de7a7cd0d7] - deps: update ada to 3.2.9 (Node.js GitHub Bot) #59987a533e5b5db] - doc: add automated migration info to deprecations (Augustin Mauroy) #600227fb8fe4875] - doc: fix typo on child_process.md (Angelo Gazzola) #6011424c1ef9846] - doc: remove optional title prefixes (Aviv Keller) #6008708b9eb8e19] - doc: mark.envfiles support as stable (Santeri Hiltunen) #5992566d90b8063] - doc: mention reverse proxy and include simple example (Steven) #5973614aa1119cb] - doc: provide alternative tourl.parse()using WHATWG URL (Steven) #59736f9412324f6] - doc: fix typo of built-in module specifier in worker_threads (Deokjin Kim) #5999264e738a342] - doc,crypto: reorder ML-KEM in the asymmetric key types table (Filip Skokan) #600671b25008b41] - http: improve writeEarlyHints by avoiding for-of loop (Haram Jeong) #5995835f9b6b28f] - inspector: improve batch diagnostic channel subscriptions (Chengzhong Wu) #600093b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #59980c495e1fe57] - lib: optimize priority queue (Gürgün Dayıoğlu) #600396be31fb9f3] - lib: implement passive listener behavior per spec (BCD1me) #59995c5e4aa763b] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #6009050fa1f4a76] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #60096def4ce976c] - meta: bump actions/cache from 4.2.4 to 4.3.0 (dependabot[bot]) #6009524b5abc0e9] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #600948ccf2b0b34] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #6009378580147ef] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #60092705686b5c4] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #60091423a6bc744] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #600899d9bd0fb4f] - meta: move Michael to emeritus (Michael Dawson) #60070dbeee55824] - module: use sync cjs when importing cts (Marco Ippolito) #60072a722f677ac] - perf_hooks: fix histogram fast call signatures (Renegade334) #59600b3295b8353] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #60103cff4a7608a] - process: fix defaultenvforprocess.execve(Richard Lau) #60029cd034e927f] - process: fix hrtime fast call signatures (Renegade334) #5960018c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #59928d949222043] - sqlite: replaceToLocalCheckedand improve filter error handling (Edy Silva) #600286417dc879e] - src: bring permissions macros in line with general C/C++ standards (Anna Henningsen) #60053e273c2020c] - src: update contextify to use DictionaryTemplate (James M Snell) #600595f9ff60664] - src: removeAnalyzeTemporaryDtorsoption from .clang-tidy (iknoom) #600089db54adccc] - src: update cares_wrap to use DictionaryTemplates (James M Snell) #60033fc0ceb7b82] - src: correct the error handling in StatementExecutionHelper (James M Snell) #600403e8fdc1d8d] - src: remove unused variables from report (Moonki Choi) #60047d744324d8e] - src: avoid unnecessary string allocations in SPrintF impl (Anna Henningsen) #60052de65a5c719] - src: make ToLower/ToUpper input args more flexible (Anna Henningsen) #60052354026df5a] - src: allowstd::string_viewarguments toSPrintF()and friends (Anna Henningsen) #6005842f7d7cb20] - src: remove unnecessarystd::stringerror messages (Anna Henningsen) #6005730c2c0fedd] - src: remove unnecessary shadowed functions on Utf8Value & BufferValue (Anna Henningsen) #60056eb99eec09b] - src: avoid unnecessary string ->char*-> string round trips (Anna Henningsen) #60055c1f1dbdce2] - src: remove useless dereferencing inTHROW_...(Anna Henningsen) #60054ea0f5e575d] - src: filloptions_args,options_envafter vectors are finalized (iknoom) #59945415fff217a] - src: use RAII for uv_process_options_t (iknoom) #59945982b03ecbd] - test: marktest-runner-run-watchflaky on macOS (Richard Lau) #60115831a0d3d28] - test: ensure that the message event is fired (Luigi Pinca) #599525538cfc1e8] - test: replace diagnostics_channel stackframe in output snapshots (Chengzhong Wu) #6002477ec400d90] - test: mark test-web-locks skip on IBM i (SRAVANI GUNDEPALLI) #599961aaadb9e31] - test: ensure message event fires in worker message port test (Jarred Sumner) #598851d5cc5e57a] - test: mark sea tests flaky on macOS x64 (Richard Lau) #60068c412b1855d] - test: expand tls-check-server-identity coverage (Diango Gavidia) #60002ad87975029] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #59993bad4b9b878] - test: add newstartNewREPLSevertesting utility (Dario Piotrowicz) #59964ef90b0f456] - test: verify tracing channel doesn't swallow unhandledRejection (Gerhard Stöbich) #59974d7285459fe] - timers: fix binding fast call signatures (Renegade334) #596006529ae9b0c] - tools: add message on auto-fixing js lint issues in gh workflow (Dario Piotrowicz) #591281ca116a6ea] - tools: verify signatures when updating nghttp* (Antoine du Hamel) #6011320d10a2398] - tools: use dependabot cooldown and move tools/doc (Rafael Gonzaga) #59978275c07064c] - typings: update 'types' binding (René) #596928c21c4b286] - wasi: fix WasiFunction fast call signature (Renegade334) #59600b865074641] - win,tools: add description to signature (Martin Costello) #59877v24.9.0: 2025-09-25, Version 24.9.0 (Current), @targosCompare Source
Notable Changes
9b043a9096] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #59824a6456ab90a] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #583785563361d22] - (SEMVER-MINOR) sqlite: add tagged template (0hm☘️) #5874804013ee933] - (SEMVER-MINOR) worker: add heap profile API (theanarkh) #59846Commits
cbec4fd6de] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #596969a4bbdc3c5] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #598360b284d86e8] - build: add the missing macro definitions for OpenHarmony (hqzing) #5980443e6e54d66] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #59809039ac19154] - crypto: expose signatureAlgorithm on X509Certificate (Patrick Costa) #59235647c332704] - crypto: usereturn awaitwhen returning Promises from async functions (Renegade334) #598418ed4587cf0] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #59841bb051c56ef] - crypto: avoid calls topromise.catch()(Renegade334) #5984105e560dd25] - deps: update googletest to50b8600(Node.js GitHub Bot) #59955fa40d3a785] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #599018c85570d18] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #59901b71125664e] - deps: update undici to 7.16.0 (Node.js GitHub Bot) #59830dea5dd7077] - dgram: restore buffer optimization in fixBufferList (Yoo) #59934b0c1e67532] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #599100b37b594c3] - doc: use "WebAssembly" instead of "Web AssemConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.