Skip to content

V22.24.0 proposal#64533

Draft
juanarbol wants to merge 360 commits into
v22.xfrom
v22.24.0-proposal
Draft

V22.24.0 proposal#64533
juanarbol wants to merge 360 commits into
v22.xfrom
v22.24.0-proposal

Conversation

@juanarbol

Copy link
Copy Markdown
Member

2026-07-21, Version 22.24.0 'Jod' (LTS), @juanarbol

Notable Changes

  • [4239d07aad] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #61415
  • [aacafaee77] - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina) #63597
  • [02e2b017e2] - (SEMVER-MINOR) cli: add --max-heap-size option (tannal) #58708
  • [cc0d64f9c2] - (SEMVER-MINOR) console: allow per-stream inspectOptions option (Anna Henningsen) #60082
  • [c2822f848e] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527
  • [b0a8d04556] - (SEMVER-MINOR) debugger: add edit-free runtime expression probes to node inspect (Joyee Cheung) #62713
  • [2ebefe02f4] - (SEMVER-MINOR) fs: add signal option to fs.stat() (Mert Can Altin) #57775
  • [e77dd8d425] - (SEMVER-MINOR) fs: expose frsize field in statfs (Jinho Jang) #62277
  • [a8cb80f5e2] - (SEMVER-MINOR) fs: add throwIfNoEntry option for fs.stat and fs.promises.stat (Juan José) #61178
  • [ffbf579a9c] - (SEMVER-MINOR) fs: add ignore option to fs.watch (Matteo Collina) #61433
  • [9313db841e] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #63155
  • [d95374b6fe] - (SEMVER-MINOR) http: add req.signal to IncomingMessage (Akshat) #62541
  • [6384766d1d] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #59980
  • [3017a5402f] - (SEMVER-MINOR) net: add setTOS and getTOS to Socket (Amol Yadav) #61503
  • [700df39d93] - (SEMVER-MINOR) node-api: support SharedArrayBuffer in napi_create_dataview (Kevin Eady) #60473
  • [864a2f1d90] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #59953
  • [8b07e57adf] - (SEMVER-MINOR) perf_hooks: move non-standard performance properties to perf_hooks (Chengzhong Wu) #60370
  • [b68524efec] - (SEMVER-MINOR) sqlite: add sqlite prepare options args (Guilherme Araújo) #61311
  • [a899991ba7] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #59928
  • [50b8968596] - (CVE-2026-21712) src: handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816
  • [71e857ff7f] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #59711
  • [d71a464807] - (SEMVER-MINOR) stream: add bytes() method to stream/consumers (wantaek) #60426
  • [097a23f79b] - (SEMVER-MINOR) stream: do not pass readable.compose() output via Readable.from() (René) #60907
  • [0142183b6b] - (SEMVER-MINOR) test_runner: align mock timeout api (sangwook) #62820

Commits

  • [ff01087bc1] - assert,util: fix stale nested cycle memo entries (Ruben Bridgewater) #62509
  • [4239d07aad] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #61415
  • [6e5732e257] - benchmark: fix destructuring in dgram/single-buffer (Ali Hassan) #62084
  • [403645707a] - benchmark: add startup benchmark for ESM entrypoint (Joyee Cheung) #61769
  • [c858f470ce] - benchmark: add streaming TextDecoder benchmark (Сковорода Никита Андреевич) #61549
    ...[truncated]

dependabot Bot and others added 30 commits July 16, 2026 09:04
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.3.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.3)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61976
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #61773
Refs: #61762
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
As specified in WebIDL (<https://webidl.spec.whatwg.org/#js-dictionary>),
the fields of a dictionary need to be read in lexicographical order.

PR-URL: #61980
Reviewed-By: Jason Zhang <xzha4350@gmail.com>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #61721
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
PR-URL: #61916
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
PR-URL: #62020
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Bumps [minimatch](https://github.com/isaacs/minimatch)
from 3.1.2 to 3.1.3.
- [Changelog](http://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.3)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61977
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #62034
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Add validateHeaderName/validateHeaderValue checks for non-link
headers and checkInvalidHeaderChar for the Link value in HTTP/1.1
writeEarlyHints, closing a CRLF injection gap where header names
and values were concatenated into the raw response without
validation.

Also tighten linkValueRegExp to reject CR/LF inside the <...>
URL portion of Link header values.

PR-URL: #61897
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
PR-URL: #61972
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
The `path` property on `ClientRequest` was only validated at
construction time. Add a getter/setter so that the same
`INVALID_PATH_REGEX` check runs whenever `req.path` is reassigned,
preventing invalid characters from reaching `_implicitHeader()`.

PR-URL: #62030
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
It has better performance

PR-URL: #61122
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Daniel Lemire <daniel@lemire.me>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: #62026
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Release the async context frame in AsyncWrap::EmitDestroy to allow
gc to collect it.

This is in special relevant for reused resources like HTTPParser
otherwise they might keep ALS stores alive.

PR-URL: #61995
Fixes: #61882
Refs: #48528
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.2 to 2.15.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@5ef0c07...a90bcbc)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #62064
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.3 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.3...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #62013
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Signed-off-by: marcopiraccini <marco.piraccini@gmail.com>
PR-URL: #62040
Fixes: #62036
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
`changelog-maker` writes 10 character length short form SHA's.
Explicitly set the `git log format` in the example to match.

PR-URL: #62074
Reviewed-By: Tierney Cyren <hello@bnb.im>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Stewart X Addison <sxa@redhat.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #62076
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
When pipelined requests arrive in one TCP segment, llhttp_execute()
parses them all in a single call. If a synchronous 'close' event
handler invokes freeParser() mid-execution, cleanParser() nulls out
parser state while llhttp_execute() is still on the stack, crashing on
 the next callback.

Add an is_being_freed_ flag that freeParser() sets via
parser.markFreed() before cleaning state. Proxy::Raw checks the flag
before every callback and returns HPE_USER to abort execution early if
set.

PR-URL: #62095
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
This was invaluable for debugging the previous change,
so I'm suggesting we add it regardless of it being a
debugging-only API.

PR-URL: #62103
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Add incremental report writing after each spec completes and on
worker errors so that reports survive if the process is killed
before the exit handler runs.

Add bytes() method to readAsFetch() to match the Response API
used by newer WPT tests.

PR-URL: #62107
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
If the current SHA is not found in the README for some reason,
exit with an error.

PR-URL: #62121
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b7c566a...bbbca2d)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #62062
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@37930b1...70fc10c)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #62063
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
PR-URL: #62079
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
The timezone update script requires `icupkg` which doesn't
appear to be available on `ubuntu-slim`.

PR-URL: #62140
Fixes: #62109
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
* Make the intro less C++-centric
* Give a GYP-less build example
* Remove the duplicate Node-API documentation
* Add an ESM example

PR-URL: #62071
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: #58708
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
aduh95 and others added 23 commits July 16, 2026 09:05
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63516
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com>
`validateInt32(keylen, 'keylen', 0)` lets `-0` through: `typeof -0` is
`'number'`, `Number.isInteger(-0)` is `true`, and `-0 < 0` is `false`.
The value then reaches the PBKDF2Job binding, whose `IsInt32()` check
fails (V8 boxes `-0` as a HeapNumber rather than a tagged SMI) and
aborts the process with SIGABRT.
Coerce `keylen` to `+0`
after validation so the binding sees a true Int32.

Reachable from any caller that forwards a JSON-parsed value,
since `JSON.parse('{"keylen":-0}').keylen` preserves the sign.

Mirror of the prior pbkdf2 fix. `validateInt32(keylen, 'keylen', 0)`
lets `-0` through (since `-0 < 0` is `false`), and the ScryptJob
binding's `IsInt32()` check at `crypto_scrypt.cc` aborts the process
with SIGABRT because V8 boxes `-0` as a HeapNumber rather than a
tagged SMI. Coerce `keylen` to `+0` after validation.

Signed-off-by: Jordan Harband <ljharb@gmail.com>
PR-URL: #63531
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This is the [`certdata.txt`][0] from NSS 3.123.1.

This is the version of NSS that shipped in Firefox 151.0.1 on 2026-05-21

Certificates removed:
- QuoVadis Root CA 2
- QuoVadis Root CA 3
- DigiCert Assured ID Root CA
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
- SwissSign Gold CA - G2
- SecureTrust CA
- Secure Global CA
- COMODO Certification Authority
- Certigna
- certSIGN ROOT CA
- Izenpe.com
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- TeliaSonera Root CA v1
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
- GLOBALTRUST 2020
- GTS Root R2
- FIRMAPROFESIONAL CA ROOT-A WEB

[0]: https://raw.githubusercontent.com/nss-dev/nss/refs/tags/NSS_3_123_1_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #63527
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63515
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com>
The example claimed that posting a URL object via MessageChannel would
print an empty object, but since v21.0.0 (commit d920b7c) it
throws a DataCloneError. Update the example and surrounding text to
reflect the current behavior.

Fixes: #60504

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
PR-URL: #62203
Fixes: #60504
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: #63479
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: RonGamzu <37371774+RonGamzu@users.noreply.github.com>
PR-URL: #63465
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Original commit message:

    Fix a bug causing the session module to dereference a NULL pointer when applying a corrupt changeset.
    FossilOrigin-Name: e807d4e3798efd532b3d78d1dfe513ed4fbd3cb793dd0ae5c30cae6031422b10

Refs: https://sqlite.org/src/info/e807d4e3798efd53
Signed-off-by: junius-sec <sksch323@naver.com>
PR-URL: #63525
Refs: https://hackerone.com/reports/3736889
Refs: sqlite/sqlite@b869ed6
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Guards scheduled jobs in daily.yml, codeql.yml, and scorecard.yml so
they only run on nodejs/node, matching the pattern already used in
tools.yml, stale.yml, and others. This prevents wasted Actions minutes
and failed-run email notifications on forks.

Signed-off-by: Jamie Magee <jamie.magee@gmail.com>
PR-URL: #63565
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63405
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63414
Fixes: #63412
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
PR-URL: #62331
Refs: #61478
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Aviv Keller <me@aviv.sh>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Signed-off-by: Renegade334 <contact.9a5d6388@renegade334.me.uk>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: #63583
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63586
Refs: nodejs/node-core-utils#1043
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Signed-off-by: Chengzhong Wu <cwu631@bloomberg.net>
PR-URL: #63588
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Signed-off-by: Chengzhong Wu <legendecas@gmail.com>
PR-URL: #63591
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Forward Node.js tail stream data through a pipe-style data listener
instead of manually draining readable events. This keeps compose closer
to the stream pipe hot path while preserving backpressure with pause
and resume.

Signed-off-by: Kamat, Trivikram <16024985+trivikr@users.noreply.github.com>
Assisted-by: openai:gpt-5.5
PR-URL: #63593
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
The 8 KiB default has been unchanged since 2015. With the threshold
check `size < (Buffer.poolSize >>> 1)`, this means allocations of 4 KiB
or larger bypass the pool entirely — including 4 KiB itself, a common
page and HTTP-frame size.

Raising the default to 64 KiB extends pool coverage to ~32 KiB
allocations, capturing common sizes used by HTTP parsers, stream
chunks, and small file reads.

Throughput improvements on workers-k=8 fs.readFileSync benchmarks
(Linux/glibc) at the affected sizes, with no regressions elsewhere:

  file size  |  8 KiB pool  |  64 KiB pool  |  delta
  -----------+--------------+---------------+-------
   4 KiB     |  326k ops/s  |  360k ops/s   |  +10%
   8 KiB     |  202k ops/s  |  254k ops/s   |  +26%
  16 KiB     |  148k ops/s  |  181k ops/s   |  +23%
  64 KiB     |   86k ops/s  |   87k ops/s   |   ~
   1 MiB     |   12k ops/s  |   13k ops/s   |   ~

Cost: +56 KiB RSS per realm at startup.
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63597
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: LiviaMedeiros <livia@cirno.name>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Defer non-critical warnings to the next event loop iteration when
can_call_into_js() returns false. This prevents crashes when V8
emits warnings during REPL preview evaluation or other contexts
where JavaScript execution is temporarily forbidden.

When a warning is emitted inside DisallowJavascriptExecutionScope,
ProcessEmitWarningGeneric cannot be called immediately. Instead,
use env->SetImmediate() to queue the warning emission for after
the scope exits. This preserves full warning formatting, deprecation
codes, and --redirect-warnings routing.

Signed-off-by: Divyanshu Sharma <Divyanshu88999@gmail.com>
PR-URL: #63491
Fixes: #63473
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63609
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63621
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Joyee Cheung <joyeec9h3@gmail.com>
PR-URL: #63650
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Notable changes:

async_hooks:
  * (SEMVER-MINOR) add trackPromises option to createHook() (Joyee Cheung) #61415
buffer:
  * (SEMVER-MINOR) increase Buffer.poolSize default to 64 KiB (Matteo Collina) #63597
cli:
  * (SEMVER-MINOR) add --max-heap-size option (tannal) #58708
console:
  * (SEMVER-MINOR) allow per-stream `inspectOptions` option (Anna Henningsen) #60082
crypto:
  * update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527
debugger:
  * (SEMVER-MINOR) add edit-free runtime expression probes to `node inspect` (Joyee Cheung) #62713
fs:
  * (SEMVER-MINOR) add signal option to fs.stat() (Mert Can Altin) #57775
  * (SEMVER-MINOR) expose frsize field in statfs (Jinho Jang) #62277
  * (SEMVER-MINOR) add `throwIfNoEntry` option for fs.stat and fs.promises.stat (Juan José) #61178
  * (SEMVER-MINOR) add ignore option to fs.watch (Matteo Collina) #61433
http:
  * (SEMVER-MINOR) add writeInformation to send arbitrary 1xx status codes (Tim Perry) #63155
  * (SEMVER-MINOR) add req.signal to IncomingMessage (Akshat) #62541
lib:
  * (SEMVER-MINOR) remove util.getCallSite (Rafael Gonzaga) #59980
net:
  * (SEMVER-MINOR) add `setTOS` and `getTOS` to `Socket` (Amol Yadav) #61503
node-api:
  * (SEMVER-MINOR) support SharedArrayBuffer in napi_create_dataview (Kevin Eady) #60473
  * (SEMVER-MINOR) add napi_create_object_with_properties (Miguel Marcondes Filho) #59953
perf_hooks:
  * (SEMVER-MINOR) move non-standard performance properties to perf_hooks (Chengzhong Wu) #60370
sqlite:
  * (SEMVER-MINOR) add sqlite prepare options args (Guilherme Araújo) #61311
  * (SEMVER-MINOR) create authorization api (Guilherme Araújo) #59928
src:
  * (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816
src,permission:
  * (SEMVER-MINOR) add --allow-inspector ability (Rafael Gonzaga) #59711
stream:
  * (SEMVER-MINOR) add bytes() method to stream/consumers (wantaek) #60426
  * (SEMVER-MINOR) do not pass `readable.compose()` output via `Readable.from()` (René) #60907
test_runner:
  * (SEMVER-MINOR) align mock timeout api (sangwook) #62820

PR-URL: TODO
@juanarbol juanarbol requested a review from a team as a code owner July 16, 2026 14:33
@nodejs-github-bot

Copy link
Copy Markdown
Collaborator

Review requested:

  • @nodejs/actions
  • @nodejs/releasers
  • @nodejs/tsc

@nodejs-github-bot nodejs-github-bot added meta Issues and PRs related to the general management of the project. tools Issues and PRs related to the tools directory. v22.x Issues that can be reproduced on v22.x or PRs targeting the v22.x-staging branch. labels Jul 16, 2026
@juanarbol

Copy link
Copy Markdown
Member Author

Ping @nodejs/releasers after #55020 landed, test/parallel/test-zlib-bytes-read.js got removed from the git tree, is it ok if I push the lint fix commit directly into v22.x-staging?

@marco-ippolito marco-ippolito marked this pull request as draft July 16, 2026 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

meta Issues and PRs related to the general management of the project. tools Issues and PRs related to the tools directory. v22.x Issues that can be reproduced on v22.x or PRs targeting the v22.x-staging branch.

Projects

None yet

Development

Successfully merging this pull request may close these issues.