V22.24.0 proposal#64533
Draft
juanarbol wants to merge 360 commits into
Draft
Conversation
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.3. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.3) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #61976 Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
As specified in WebIDL (<https://webidl.spec.whatwg.org/#js-dictionary>), the fields of a dictionary need to be read in lexicographical order. PR-URL: #61980 Reviewed-By: Jason Zhang <xzha4350@gmail.com> Reviewed-By: Mattias Buelens <mattias@buelens.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #61721 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
PR-URL: #61916 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
PR-URL: #62020 Reviewed-By: Jacob Smith <jacob@frende.me> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.3. - [Changelog](http://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.3) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #61977 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #62034 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Add validateHeaderName/validateHeaderValue checks for non-link headers and checkInvalidHeaderChar for the Link value in HTTP/1.1 writeEarlyHints, closing a CRLF injection gap where header names and values were concatenated into the raw response without validation. Also tighten linkValueRegExp to reject CR/LF inside the <...> URL portion of Link header values. PR-URL: #61897 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Tim Perry <pimterry@gmail.com>
PR-URL: #61972 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
The `path` property on `ClientRequest` was only validated at construction time. Add a getter/setter so that the same `INVALID_PATH_REGEX` check runs whenever `req.path` is reassigned, preventing invalid characters from reaching `_implicitHeader()`. PR-URL: #62030 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Tim Perry <pimterry@gmail.com>
It has better performance PR-URL: #61122 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Daniel Lemire <daniel@lemire.me> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day> Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: #62026 Reviewed-By: Jacob Smith <jacob@frende.me> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Release the async context frame in AsyncWrap::EmitDestroy to allow gc to collect it. This is in special relevant for reused resources like HTTPParser otherwise they might keep ALS stores alive. PR-URL: #61995 Fixes: #61882 Refs: #48528 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.2 to 2.15.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@5ef0c07...a90bcbc) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #62064 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.3 to 3.1.5. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.3...v3.1.5) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #62013 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
`changelog-maker` writes 10 character length short form SHA's. Explicitly set the `git log format` in the example to match. PR-URL: #62074 Reviewed-By: Tierney Cyren <hello@bnb.im> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Stewart X Addison <sxa@redhat.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #62076 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
When pipelined requests arrive in one TCP segment, llhttp_execute() parses them all in a single call. If a synchronous 'close' event handler invokes freeParser() mid-execution, cleanParser() nulls out parser state while llhttp_execute() is still on the stack, crashing on the next callback. Add an is_being_freed_ flag that freeParser() sets via parser.markFreed() before cleaning state. Proxy::Raw checks the flag before every callback and returns HPE_USER to abort execution early if set. PR-URL: #62095 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
This was invaluable for debugging the previous change, so I'm suggesting we add it regardless of it being a debugging-only API. PR-URL: #62103 Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Add incremental report writing after each spec completes and on worker errors so that reports survive if the process is killed before the exit handler runs. Add bytes() method to readAsFetch() to match the Response API used by newer WPT tests. PR-URL: #62107 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Mattias Buelens <mattias@buelens.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
If the current SHA is not found in the README for some reason, exit with an error. PR-URL: #62121 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...bbbca2d) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #62062 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@37930b1...70fc10c) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #62063 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
PR-URL: #62079 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
The timezone update script requires `icupkg` which doesn't appear to be available on `ubuntu-slim`. PR-URL: #62140 Fixes: #62109 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
* Make the intro less C++-centric * Give a GYP-less build example * Remove the duplicate Node-API documentation * Add an ESM example PR-URL: #62071 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: #58708 Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
PR-URL: #62170 Refs: https://redirect.github.com/web-platform-tests/wpt/pull/57614#pullrequestreview-3808145365 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: #63516 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com>
`validateInt32(keylen, 'keylen', 0)` lets `-0` through: `typeof -0` is
`'number'`, `Number.isInteger(-0)` is `true`, and `-0 < 0` is `false`.
The value then reaches the PBKDF2Job binding, whose `IsInt32()` check
fails (V8 boxes `-0` as a HeapNumber rather than a tagged SMI) and
aborts the process with SIGABRT.
Coerce `keylen` to `+0`
after validation so the binding sees a true Int32.
Reachable from any caller that forwards a JSON-parsed value,
since `JSON.parse('{"keylen":-0}').keylen` preserves the sign.
Mirror of the prior pbkdf2 fix. `validateInt32(keylen, 'keylen', 0)`
lets `-0` through (since `-0 < 0` is `false`), and the ScryptJob
binding's `IsInt32()` check at `crypto_scrypt.cc` aborts the process
with SIGABRT because V8 boxes `-0` as a HeapNumber rather than a
tagged SMI. Coerce `keylen` to `+0` after validation.
Signed-off-by: Jordan Harband <ljharb@gmail.com>
PR-URL: #63531
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This is the [`certdata.txt`][0] from NSS 3.123.1. This is the version of NSS that shipped in Firefox 151.0.1 on 2026-05-21 Certificates removed: - QuoVadis Root CA 2 - QuoVadis Root CA 3 - DigiCert Assured ID Root CA - DigiCert Global Root CA - DigiCert High Assurance EV Root CA - SwissSign Gold CA - G2 - SecureTrust CA - Secure Global CA - COMODO Certification Authority - Certigna - certSIGN ROOT CA - Izenpe.com - AffirmTrust Commercial - AffirmTrust Networking - AffirmTrust Premium - AffirmTrust Premium ECC - TeliaSonera Root CA v1 - Entrust Root Certification Authority - G2 - Entrust Root Certification Authority - EC1 - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority - GLOBALTRUST 2020 - GTS Root R2 - FIRMAPROFESIONAL CA ROOT-A WEB [0]: https://raw.githubusercontent.com/nss-dev/nss/refs/tags/NSS_3_123_1_RTM/lib/ckfw/builtins/certdata.txt PR-URL: #63527 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: #63515 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com>
The example claimed that posting a URL object via MessageChannel would print an empty object, but since v21.0.0 (commit d920b7c) it throws a DataCloneError. Update the example and surrounding text to reflect the current behavior. Fixes: #60504 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Kit Dallege <xaum.io@gmail.com> PR-URL: #62203 Fixes: #60504 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: #63479 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: RonGamzu <37371774+RonGamzu@users.noreply.github.com> PR-URL: #63465 Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Original commit message:
Fix a bug causing the session module to dereference a NULL pointer when applying a corrupt changeset.
FossilOrigin-Name: e807d4e3798efd532b3d78d1dfe513ed4fbd3cb793dd0ae5c30cae6031422b10
Refs: https://sqlite.org/src/info/e807d4e3798efd53
Signed-off-by: junius-sec <sksch323@naver.com>
PR-URL: #63525
Refs: https://hackerone.com/reports/3736889
Refs: sqlite/sqlite@b869ed6
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Guards scheduled jobs in daily.yml, codeql.yml, and scorecard.yml so they only run on nodejs/node, matching the pattern already used in tools.yml, stale.yml, and others. This prevents wasted Actions minutes and failed-run email notifications on forks. Signed-off-by: Jamie Magee <jamie.magee@gmail.com> PR-URL: #63565 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: #63405 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: #63583 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: #63586 Refs: nodejs/node-core-utils#1043 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Signed-off-by: Chengzhong Wu <cwu631@bloomberg.net> PR-URL: #63588 Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Signed-off-by: Chengzhong Wu <legendecas@gmail.com> PR-URL: #63591 Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Forward Node.js tail stream data through a pipe-style data listener instead of manually draining readable events. This keeps compose closer to the stream pipe hot path while preserving backpressure with pause and resume. Signed-off-by: Kamat, Trivikram <16024985+trivikr@users.noreply.github.com> Assisted-by: openai:gpt-5.5 PR-URL: #63593 Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
The 8 KiB default has been unchanged since 2015. With the threshold check `size < (Buffer.poolSize >>> 1)`, this means allocations of 4 KiB or larger bypass the pool entirely — including 4 KiB itself, a common page and HTTP-frame size. Raising the default to 64 KiB extends pool coverage to ~32 KiB allocations, capturing common sizes used by HTTP parsers, stream chunks, and small file reads. Throughput improvements on workers-k=8 fs.readFileSync benchmarks (Linux/glibc) at the affected sizes, with no regressions elsewhere: file size | 8 KiB pool | 64 KiB pool | delta -----------+--------------+---------------+------- 4 KiB | 326k ops/s | 360k ops/s | +10% 8 KiB | 202k ops/s | 254k ops/s | +26% 16 KiB | 148k ops/s | 181k ops/s | +23% 64 KiB | 86k ops/s | 87k ops/s | ~ 1 MiB | 12k ops/s | 13k ops/s | ~ Cost: +56 KiB RSS per realm at startup. Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: #63597 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: LiviaMedeiros <livia@cirno.name> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Defer non-critical warnings to the next event loop iteration when can_call_into_js() returns false. This prevents crashes when V8 emits warnings during REPL preview evaluation or other contexts where JavaScript execution is temporarily forbidden. When a warning is emitted inside DisallowJavascriptExecutionScope, ProcessEmitWarningGeneric cannot be called immediately. Instead, use env->SetImmediate() to queue the warning emission for after the scope exits. This preserves full warning formatting, deprecation codes, and --redirect-warnings routing. Signed-off-by: Divyanshu Sharma <Divyanshu88999@gmail.com> PR-URL: #63491 Fixes: #63473 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: #63609 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: #63621 Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Joyee Cheung <joyeec9h3@gmail.com> PR-URL: #63650 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Notable changes: async_hooks: * (SEMVER-MINOR) add trackPromises option to createHook() (Joyee Cheung) #61415 buffer: * (SEMVER-MINOR) increase Buffer.poolSize default to 64 KiB (Matteo Collina) #63597 cli: * (SEMVER-MINOR) add --max-heap-size option (tannal) #58708 console: * (SEMVER-MINOR) allow per-stream `inspectOptions` option (Anna Henningsen) #60082 crypto: * update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527 debugger: * (SEMVER-MINOR) add edit-free runtime expression probes to `node inspect` (Joyee Cheung) #62713 fs: * (SEMVER-MINOR) add signal option to fs.stat() (Mert Can Altin) #57775 * (SEMVER-MINOR) expose frsize field in statfs (Jinho Jang) #62277 * (SEMVER-MINOR) add `throwIfNoEntry` option for fs.stat and fs.promises.stat (Juan José) #61178 * (SEMVER-MINOR) add ignore option to fs.watch (Matteo Collina) #61433 http: * (SEMVER-MINOR) add writeInformation to send arbitrary 1xx status codes (Tim Perry) #63155 * (SEMVER-MINOR) add req.signal to IncomingMessage (Akshat) #62541 lib: * (SEMVER-MINOR) remove util.getCallSite (Rafael Gonzaga) #59980 net: * (SEMVER-MINOR) add `setTOS` and `getTOS` to `Socket` (Amol Yadav) #61503 node-api: * (SEMVER-MINOR) support SharedArrayBuffer in napi_create_dataview (Kevin Eady) #60473 * (SEMVER-MINOR) add napi_create_object_with_properties (Miguel Marcondes Filho) #59953 perf_hooks: * (SEMVER-MINOR) move non-standard performance properties to perf_hooks (Chengzhong Wu) #60370 sqlite: * (SEMVER-MINOR) add sqlite prepare options args (Guilherme Araújo) #61311 * (SEMVER-MINOR) create authorization api (Guilherme Araújo) #59928 src: * (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816 src,permission: * (SEMVER-MINOR) add --allow-inspector ability (Rafael Gonzaga) #59711 stream: * (SEMVER-MINOR) add bytes() method to stream/consumers (wantaek) #60426 * (SEMVER-MINOR) do not pass `readable.compose()` output via `Readable.from()` (René) #60907 test_runner: * (SEMVER-MINOR) align mock timeout api (sangwook) #62820 PR-URL: TODO
Collaborator
|
Review requested:
|
Member
Author
|
Ping @nodejs/releasers after #55020 landed, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
2026-07-21, Version 22.24.0 'Jod' (LTS), @juanarbol
Notable Changes
4239d07aad] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #61415aacafaee77] - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina) #6359702e2b017e2] - (SEMVER-MINOR) cli: add --max-heap-size option (tannal) #58708cc0d64f9c2] - (SEMVER-MINOR) console: allow per-streaminspectOptionsoption (Anna Henningsen) #60082c2822f848e] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527b0a8d04556] - (SEMVER-MINOR) debugger: add edit-free runtime expression probes tonode inspect(Joyee Cheung) #627132ebefe02f4] - (SEMVER-MINOR) fs: add signal option to fs.stat() (Mert Can Altin) #57775e77dd8d425] - (SEMVER-MINOR) fs: expose frsize field in statfs (Jinho Jang) #62277a8cb80f5e2] - (SEMVER-MINOR) fs: addthrowIfNoEntryoption for fs.stat and fs.promises.stat (Juan José) #61178ffbf579a9c] - (SEMVER-MINOR) fs: add ignore option to fs.watch (Matteo Collina) #614339313db841e] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #63155d95374b6fe] - (SEMVER-MINOR) http: add req.signal to IncomingMessage (Akshat) #625416384766d1d] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #599803017a5402f] - (SEMVER-MINOR) net: addsetTOSandgetTOStoSocket(Amol Yadav) #61503700df39d93] - (SEMVER-MINOR) node-api: support SharedArrayBuffer in napi_create_dataview (Kevin Eady) #60473864a2f1d90] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #599538b07e57adf] - (SEMVER-MINOR) perf_hooks: move non-standard performance properties to perf_hooks (Chengzhong Wu) #60370b68524efec] - (SEMVER-MINOR) sqlite: add sqlite prepare options args (Guilherme Araújo) #61311a899991ba7] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #5992850b8968596] - (CVE-2026-21712) src: handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#81671e857ff7f] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #59711d71a464807] - (SEMVER-MINOR) stream: add bytes() method to stream/consumers (wantaek) #60426097a23f79b] - (SEMVER-MINOR) stream: do not passreadable.compose()output viaReadable.from()(René) #609070142183b6b] - (SEMVER-MINOR) test_runner: align mock timeout api (sangwook) #62820Commits
ff01087bc1] - assert,util: fix stale nested cycle memo entries (Ruben Bridgewater) #625094239d07aad] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #614156e5732e257] - benchmark: fix destructuring in dgram/single-buffer (Ali Hassan) #62084403645707a] - benchmark: add startup benchmark for ESM entrypoint (Joyee Cheung) #61769c858f470ce] - benchmark: add streaming TextDecoder benchmark (Сковорода Никита Андреевич) #61549...[truncated]