chore(deps): update dependency node to v20 - abandoned

[ethpandaops-renovatebot]

This PR contains the following updates:

Package	Type	Update	Change	Pending
node (source)		major	18.14.1 -> 20.15.1	v20.16.0
node (source)	volta	major	18.14.1 -> 20.15.1	v20.16.0
@types/node (source)	dependencies	major	18.14.4 -> 20.14.11	20.14.14 (+2)

---

Release Notes

nodejs/node (node)

v20.15.1: 2024-07-08, Version 20.15.1 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
• CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
• CVE-2024-22018 - fs.lstat bypasses permission model (Low)
• CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
• CVE-2024-37372 - Permission model improperly processes UNC paths (Low)

Commits

• [60e184a6e4] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522
• [025cbd6936] - lib,permission: support fs.lstat (RafaelGSS) nodejs-private/node-private#486
• [d38ea17341] - lib,permission: disable fchmod/fchown when pm enabled (RafaelGSS) nodejs-private/node-private#584
• [1ba624cd3b] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596
• [2524d00c3d] - src,permission: fix UNC path resolution (RafaelGSS) nodejs-private/node-private#581
• [484cb0f13c] - src,permission: resolve path on fs_permission (Rafael Gonzaga) #​52761

v20.15.0: 2024-06-20, Version 20.15.0 'Iron' (LTS), @​marco-ippolito

Compare Source

test_runner: support test plans

It is now possible to count the number of assertions and subtests that are expected to run within a test. If the number of assertions and subtests that run does not match the expected count, the test will fail.

test('top level test', (t) => {
  t.plan(2);
  t.assert.ok('some relevant assertion here');
  t.subtest('subtest', () => {});
});

Contributed by Colin Ihrig in #​52860

inspector: introduce the --inspect-wait flag

This release introduces the --inspect-wait flag, which allows debugger to wait for attachement. This flag is useful when you want to debug the code from the beginning. Unlike --inspect-brk, which breaks on the first line, this flag waits for debugger to be connected and then runs the code as soon as a session is established.

Contributed by Kohei Ueno in #​52734

zlib: expose zlib.crc32()

This release exposes the crc32() function from zlib to user-land.

It computes a 32-bit Cyclic Redundancy Check checksum of data. If
value is specified, it is used as the starting value of the checksum,
otherwise, 0 is used as the starting value.

The CRC algorithm is designed to compute checksums and to detect error
in data transmission. It's not suitable for cryptographic authentication.

const zlib = require('node:zlib');
const { Buffer } = require('node:buffer');

let crc = zlib.crc32('hello');  // 907060870
crc = zlib.crc32('world', crc);  // 4192936109

crc = zlib.crc32(Buffer.from('hello', 'utf16le'));  // 1427272415
crc = zlib.crc32(Buffer.from('world', 'utf16le'), crc);  // 4150509955

Contributed by Joyee Cheung in #​52692

cli: allow running wasm in limited vmem with --disable-wasm-trap-handler

By default, Node.js enables trap-handler-based WebAssembly bound
checks. As a result, V8 does not need to insert inline bound checks
int the code compiled from WebAssembly which may speedup WebAssembly
execution significantly, but this optimization requires allocating
a big virtual memory cage (currently 10GB). If the Node.js process
does not have access to a large enough virtual memory address space
due to system configurations or hardware limitations, users won't
be able to run any WebAssembly that involves allocation in this
virtual memory cage and will see an out-of-memory error.

$ ulimit -v 5000000
$ node -p "new WebAssembly.Memory({ initial: 10, maximum: 100 });"
[eval]:1
new WebAssembly.Memory({ initial: 10, maximum: 100 });
^

RangeError: WebAssembly.Memory(): could not allocate memory
    at [eval]:1:1
    at runScriptInThisContext (node:internal/vm:209:10)
    at node:internal/process/execution:118:14
    at [eval]-wrapper:6:24
    at runScript (node:internal/process/execution:101:62)
    at evalScript (node:internal/process/execution:136:3)
    at node:internal/main/eval_string:49:3

--disable-wasm-trap-handler disables this optimization so that
users can at least run WebAssembly (with a less optimial performance)
when the virtual memory address space available to their Node.js
process is lower than what the V8 WebAssembly memory cage needs.

Contributed by Joyee Cheung in #​52766

Other Notable Changes

• [12512c3d0e] - doc: add pimterry to collaborators (Tim Perry) #​52874
• [9d485b40bb] - (SEMVER-MINOR) tools: fix get_asan_state() in tools/test.py (Joyee Cheung) #​52766
• [e98c305f52] - (SEMVER-MINOR) tools: support max_virtual_memory test configuration (Joyee Cheung) #​52766
• [dce0300896] - (SEMVER-MINOR) tools: support != in test status files (Joyee Cheung) #​52766

Commits

• [227093bfec] - assert: add deep equal check for more Error type (Zhenwei Jin) #​51805
• [184cfe5a71] - benchmark: filter non-present deps from start-cli-version (Adam Majer) #​51746
• [8b3e83bb53] - buffer: even faster atob (Daniel Lemire) #​52443
• [8d628c3255] - buffer: use size_t instead of uint32_t to avoid segmentation fault (Xavier Stouder) #​48033
• [16ae2b2933] - buffer: remove lines setting indexes to integer value (Zhenwei Jin) #​52588
• [48c15d0dcd] - build: remove deprecated calls for argument groups (Mohammed Keyvanzadeh) #​52913
• [1be8232d17] - build: drop base64 dep in GN build (Cheng) #​52856
• [918962d6e7] - build: make simdjson a public dep in GN build (Cheng) #​52755
• [5215b6fd8e] - build, tools: copy release assets to staging R2 bucket once built (flakey5) #​51394
• [473fa73857] - (SEMVER-MINOR) cli: allow running wasm in limited vmem with --disable-wasm-trap-handler (Joyee Cheung) #​52766
• [954d2aded4] - cluster: replace forEach with for-of loop (Jérôme Benoit) #​50317
• [794e450ea7] - console: colorize console error and warn (Jithil P Ponnan) #​51629
• [0fb7c18f10] - crypto: fix duplicated switch-case return values (Mustafa Ateş UZUN) #​49030
• [cd1415c8b2] - Revert "crypto: make timingSafeEqual faster for Uint8Array" (Tobias Nießen) #​53390
• [b774544bb1] - deps: enable unbundling of simdjson, simdutf, ada (Daniel Lemire) #​52924
• [da4dbfc5fd] - doc: remove reference to AUTHORS file (Marco Ippolito) #​52960
• [2f3f2ff8af] - doc: update hljs with the latest styles (Aviv Keller) #​52911
• [3a1d17a9b1] - doc: mention quicker way to build docs (Alex Crawford) #​52937
• [be309bd19d] - doc: mention push.followTags config (Rafael Gonzaga) #​52906
• [e62c6e2684] - doc: document pipeline with end option (Alois Klink) #​48970
• [af27225cf6] - doc: add example for execFileSync method and ref to stdio (Evan Shortiss) #​39412
• [086626f9b1] - doc: add examples and notes to http server.close et al (mary marchini) #​49091
• [3aa3337a00] - doc: fix dns.lookup family 0 and all descriptions (Adam Jones) #​51653
• [585f2a2e7f] - doc: update fs.realpath documentation (sinkhaha) #​48170
• [4bf3d44e1d] - doc: update fs read documentation for clarity (Mert Can Altin) #​52453
• [ae5d47dde3] - doc: watermark string behavior (Benjamin Gruenbaum) #​52842
• [1e429d10d3] - doc: exclude commits with baking-for-lts (Marco Ippolito) #​52896
• [3df3e37cdb] - doc: add names next to release key bash commands (Aviv Keller) #​52878
• [12512c3d0e] - doc: add pimterry to collaborators (Tim Perry) #​52874
• [97e0fef019] - doc: add more definitions to GLOSSARY.md (Aviv Keller) #​52798
• [91fadac162] - doc: make docs more welcoming and descriptive for newcomers (Serkan Özel) #​38056
• [a3b20126fd] - doc: add OpenSSL errors to API docs (John Lamp) #​34213
• [9587ae9b5b] - doc: simplify copy-pasting of branch-diff commands (Antoine du Hamel) #​52757
• [6ea72a53c3] - doc: add test_runner to subsystem (Raz Luvaton) #​52774
• [972eafd983] - events: update MaxListenersExceededWarning message log (sinkhaha) #​51921
• [74753ed1fe] - events: add stop propagation flag to Event.stopImmediatePropagation (Mickael Meausoone) #​39463
• [75dd009649] - events: replace NodeCustomEvent with CustomEvent (Feng Yu) #​43876
• [7d38c2e012] - fs: keep fs.promises.readFile read until EOF is reached (Zhenwei Jin) #​52178
• [8cb13120d3] - (SEMVER-MINOR) inspector: introduce the --inspect-wait flag (Kohei Ueno) #​52734
• [d5ab1de1fd] - meta: move @anonrig to TSC regular member (Yagiz Nizipli) #​52932
• [f82d086e90] - path: fix toNamespacedPath on Windows (Hüseyin Açacak) #​52915
• [121ea13b50] - process: improve event-loop (Aras Abbasi) #​52108
• [eceac784aa] - repl: fix disruptive autocomplete without inspector (Nitzan Uziely) #​40661
• [89a910be82] - src: fix Worker termination in inspector.waitForDebugger (Daeyeon Jeong) #​52527
• [033f985e8a] - src: use S_ISDIR to check if the file is a directory (theanarkh) #​52164
• [95128399f8] - src: allow preventing debug signal handler start (Shelley Vohr) #​46681
• [b162aeae9e] - src: fix typo Unabled -> Unable (Simon Siefke) #​52820
• [2dcbf1894a] - src: avoid unused variable 'error' warning (Michaël Zasso) #​52886
• [978ee0a635] - src: only apply fix in main thread (Paolo Insogna) #​52702
• [8fc52b38c6] - src: fix test local edge case (Paolo Insogna) #​52702
• [d02907ecc4] - src: remove misplaced windows code under posix guard in node.cc (Ali Hassan) #​52545
• [af29120fa7] - stream: use ByteLengthQueuingStrategy when not in objectMode (Jason) #​48847
• [a5f3dd137c] - string_decoder: throw an error when writing a too long buffer (zhenweijin) #​52215
• [65fa95d57d] - test: add Debugger.setInstrumentationBreakpoint known issue (Konstantin Ulitin) #​31137
• [0513e07805] - test: use for-of instead of forEach (Gibby Free) #​49790
• [1d01325928] - test: verify request payload is uploaded consistently (Austin Wright) #​34066
• [7dda156872] - test: add fuzzer for native/js string conversion (Adam Korczynski) #​51120
• [5fb829b340] - test: add fuzzer for ClientHelloParser (AdamKorcz) #​51088
• [cc74bf789f] - test: fix broken env fuzzer by initializing process (AdamKorcz) #​51080
• [800b6f65cf] - test: replace forEach() in test-stream-pipe-unpipe-stream (Dario) #​50786
• [d08c9a6a31] - test: test pipeline end on transform streams (Alois Klink) #​48970
• [0be8123ede] - test: improve coverage of lib/readline.js (Rongjian Zhang) #​38646
• [410224415c] - test: updated for each to for of in test file (lyannel) #​50308
• [556e9a2127] - test: move test-http-server-request-timeouts-mixed to sequential (Madhuri) #​45722
• [0638274c07] - test: fix DNS cancel tests (Szymon Marczak) #​44432
• [311bdc62bd] - test: add http agent to executionAsyncResource (psj-tar-gz) #​34966
• [6001b164ab] - test: reduce memory usage of test-worker-stdio (Adam Majer) #​37769
• [986bfa26e9] - test: add common.expectRequiredModule() (Joyee Cheung) #​52868
• [2246d4fd1e] - test: crypto-rsa-dsa testing for dynamic openssl (Michael Dawson) #​52781
• [1dce5dea0b] - test: skip some console tests on dumb terminal (Adam Majer) #​37770
• [0addeb240c] - test: skip v8-updates/test-linux-perf-logger (Michaël Zasso) #​52821
• [56e19e38f3] - test: drop test-crypto-timing-safe-equal-benchmarks (Rafael Gonzaga) #​52751
• [0c5e58958c] - test, crypto: use correct object on assert (响马) #​51820
• [d54aa47ec1] - (SEMVER-MINOR) test_runner: support test plans (Colin Ihrig) #​52860
• [0289a023a5] - test_runner: fix watch mode race condition (Moshe Atlow) #​52954
• [cf817e192e] - test_runner: preserve hook promise when executed twice (Moshe Atlow) #​52791
• [de541235fe] - tools: fix v8-update workflow (Michaël Zasso) #​52957
• [f6290bc327] - tools: add --certify-safe to nci-ci (Matteo Collina) #​52940
• [0830b3115d] - tools: fix doc update action (Marco Ippolito) #​52890
• [9d485b40bb] - (SEMVER-MINOR) tools: fix get_asan_state() in tools/test.py (Joyee Cheung) #​52766
• [e98c305f52] - (SEMVER-MINOR) tools: support max_virtual_memory test configuration (Joyee Cheung) #​52766
• [dce0300896] - (SEMVER-MINOR) tools: support != in test status files (Joyee Cheung) #​52766
• [57006001ec] - tools: prepare custom rules for ESLint v9 (Michaël Zasso) #​52889
• [403a4a7557] - tools: update lint-md-dependencies to rollup@4.17.2 (Node.js GitHub Bot) #​52836
• [01eff5860e] - tools: update gr2m/create-or-update-pull-request-action (Antoine du Hamel) #​52843
• [514f01ed59] - tools: use sccache GitHub action (Michaël Zasso) #​52839
• [8f8fb91927] - tools: specify a commit-message for V8 update workflow (Antoine du Hamel) #​52844
• [b83fbf8709] - tools: fix V8 update workflow (Antoine du Hamel) #​52822
• [be9d6f2176] - url,tools,benchmark: replace deprecated substr() (Jungku Lee) #​51546
• [7603a51d45] - util: fix %s format behavior with Symbol.toPrimitive (Chenyu Yang) #​50992
• [d7eba50cf3] - util: improve isInsideNodeModules (uzlopak) #​52147
• [4ae4f7e517] - watch: allow listening for grouped changes (Matthieu Sieben) #​52722
• [1ff8f318c0] - watch: enable passthrough ipc in watch mode (Zack) #​50890
• [739adf90b1] - watch: fix arguments parsing (Moshe Atlow) #​52760
• [5161d95c30] - (SEMVER-MINOR) zlib: expose zlib.crc32() (Joyee Cheung) #​52692

v20.14.0: 2024-05-28, Version 20.14.0 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [28d2baa17c] - src,permission: throw async errors on async APIs (Rafael Gonzaga) #​52730
• [77e2bf029a] - (SEMVER-MINOR) test_runner: support forced exit (Colin Ihrig) #​52038

Commits

• [e3ad05d8b0] - deps: V8: cherry-pick 500de8b (Richard Lau) #​52676
• [053282e661] - deps: V8: backport c4be0a9 (Richard Lau) #​52183
• [200dadb879] - deps: V8: cherry-pick f8d5e57 (Richard Lau) #​52183
• [f5cd125e02] - deps: update googletest to fa6de7f (Node.js GitHub Bot) #​52949
• [bbbfd7f4e1] - deps: update corepack to 0.28.1 (Node.js GitHub Bot) #​52946
• [7ba30a57a6] - deps: update simdutf to 5.2.8 (Node.js GitHub Bot) #​52727
• [b21a480a28] - deps: update simdutf to 5.2.6 (Node.js GitHub Bot) #​52727
• [6cfad60d97] - deps: update googletest to 2d16ed0 (Node.js GitHub Bot) #​51657
• [34708d1429] - deps: update googletest to d83fee1 (Node.js GitHub Bot) #​51657
• [c1d3e558e8] - deps: update googletest to 5a37b51 (Node.js GitHub Bot) #​51657
• [69959d0fca] - deps: update googletest to 5197b1a (Node.js GitHub Bot) #​51657
• [c8305f6057] - deps: update googletest to eff443c (Node.js GitHub Bot) #​51657
• [760b788704] - deps: update googletest to c231e6f (Node.js GitHub Bot) #​51657
• [301541cc8f] - deps: update googletest to e4fdb87 (Node.js GitHub Bot) #​51657
• [981d57e401] - deps: update googletest to 5df0241 (Node.js GitHub Bot) #​51657
• [a1817f534d] - deps: update googletest to b75ecf1 (Node.js GitHub Bot) #​51657
• [42070ca189] - deps: update googletest to 4565741 (Node.js GitHub Bot) #​51657
• [edc3e5d056] - deps: update uvwasi to 0.0.21 (Node.js GitHub Bot) #​52863
• [26b1231ffb] - deps: upgrade npm to 10.7.0 (npm team) #​52767
• [e6d9fbece2] - doc: update process.versions properties (ishabi) #​52736
• [8c1f837c0a] - doc: remove mold use on mac for speeding up build (Cong Zhang) #​52252
• [d9c5114694] - doc: fix grammatical mistake (codershiba) #​52808
• [b350f435b7] - meta: add mailmap entry for legendecas (Chengzhong Wu) #​52795
• [61f9f12eff] - meta: bump actions/checkout from 4.1.1 to 4.1.4 (dependabot[bot]) #​52787
• [ac563667d6] - meta: bump github/codeql-action from 3.24.9 to 3.25.3 (dependabot[bot]) #​52786
• [70611d7924] - meta: bump actions/upload-artifact from 4.3.1 to 4.3.3 (dependabot[bot]) #​52785
• [30482ea273] - meta: bump actions/download-artifact from 4.1.4 to 4.1.7 (dependabot[bot]) #​52784
• [d1607cdebb] - meta: bump codecov/codecov-action from 4.1.1 to 4.3.1 (dependabot[bot]) #​52783
• [21f1b6bfc3] - meta: bump step-security/harden-runner from 2.7.0 to 2.7.1 (dependabot[bot]) #​52782
• [0c6019a222] - meta: standardize regex (Aviv Keller) #​52693
• [28d2baa17c] - src,permission: throw async errors on async APIs (Rafael Gonzaga) #​52730
• [cffd2cc0c9] - Revert "stream: revert fix cloned webstreams not being unref'd" (Marco Ippolito) #​53144
• [3dd96f1fab] - stream: implement TransformStream cleanup using "transformer.cancel" (Debadree Chatterjee) #​50126
• [8e7e778e01] - test: skip v8-updates/test-linux-perf (Michaël Zasso) #​49639
• [f8e18869e9] - test: replace always-opt flag with alway-turbofan (Michaël Zasso) #​50115
• [a501860d63] - test_runner: don't await the same promise for each test (Colin Ihrig) #​52185
• [e2ae4367f4] - test_runner: run top level tests in a microtask (Colin Ihrig) #​52092
• [77e2bf029a] - (SEMVER-MINOR) test_runner: support forced exit (Colin Ihrig) #​52038
• [b7bc63565e] - test_runner: ignore todo flag when running suites (Colin Ihrig) #​52117
• [be587e3ae3] - test_runner: use paths for test locations (Colin Ihrig) #​52010
• [743281ab25] - test_runner: support source mapped test locations (Colin Ihrig) #​52010
• [4051316d95] - tools: update lint-md-dependencies to rollup@4.17.0 (Node.js GitHub Bot) #​52729

v20.13.1: 2024-05-09, Version 20.13.1 'Iron' (LTS), @​marco-ippolito

Compare Source

2024-05-09, Version 20.13.1 'Iron' (LTS), @​marco-ippolito

Revert "tools: install npm PowerShell scripts on Windows"

Due to a regression in the npm installation on Windows, this commit reverts the change that installed npm PowerShell scripts on Windows.

Commits

• [b7d80802cc] - Revert "tools: install npm PowerShell scripts on Windows" (marco-ippolito) #​52897

v20.13.0: 2024-05-07, Version 20.13.0 'Iron' (LTS), @​marco-ippolito

Compare Source

2024-05-07, Version 20.13.0 'Iron' (LTS), @​marco-ippolito

buffer: improve base64 and base64url performance

The performance of the base64 and base64url encoding and decoding functions has been improved significantly.

Contributed by Yagiz Nizipli in #​52428

crypto: deprecate implicitly shortened GCM tags

This release, introduces a doc-only deprecation of using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option.

Contributed by Tobias Nießen in #​52345

events,doc: mark CustomEvent as stable

From this release CustomEvent has been marked stable.

Contributed by Daeyeon Jeong in #​52618

fs: add stacktrace to fs/promises

Sync functions in fs throwed an error with a stacktrace which is helpful for debugging. But functions in fs/promises throwed an error without a stacktrace. This commit adds stacktraces by calling Error.captureStacktrace and re-throwing the error.

Contributed by 翠 / green in #​49849

report: add --report-exclude-network option

New option --report-exclude-network, also available as report.excludeNetwork, enables the user to exclude networking interfaces in their diagnostic report. On some systems, this can cause the report to take minutes to generate so this option can be used to optimize that.

Contributed by Ethan Arrowood in #​51645

src: add uv_get_available_memory to report and process

From this release it is possible to get the available memory in the system by calling process.getAvailableMemory().

Contributed by theanarkh #​52023

stream: support typed arrays

This commit adds support for typed arrays in streams.

Contributed by IlyasShabi #​51866

util: support array of formats in util.styleText

It is now possible to pass an array of format strings to util.styleText to apply multiple formats to the same text.

console.log(util.styleText(['underline', 'italic'], 'My italic underlined message'));

Contributed by Marco Ippolito in #​52040

v8: implement v8.queryObjects() for memory leak regression testing

This is similar to the queryObjects() console API provided by the Chromium DevTools console. It can be used to search for objects that have the matching constructor on its prototype chain in the heap after a full garbage collection, which can be useful for memory leak regression tests.
To avoid surprising results, users should avoid using this API on constructors whose implementation they don't control, or on constructors that can be invoked by other parties in the application.

To avoid accidental leaks, this API does not return raw references to the objects found. By default, it returns the count of the objects found. If options.format is 'summary', it returns an array containing brief string representations for each object. The visibility provided in this API is similar to what the heap snapshot provides, while users can save the cost of serialization and parsing and directly filer the target objects during the search.

We have been using this API internally for the test suite, which has been more stable than any other leak regression testing strategies in the CI. With a public implementation we can now use the public API instead.

const { queryObjects } = require('node:v8');
class A { foo = 'bar'; }
console.log(queryObjects(A)); // 0
let a = new A();
console.log(queryObjects(A)); // 1
// [ "A { foo: 'bar' }" ]
console.log(queryObjects(A, { format: 'summary' }));

// Release the object.
a = null;
// Search again. queryObjects() includes a full garbage collection
// so a should disappear.
console.log(queryObjects(A)); // 0

class B extends A { bar = 'qux'; }
// The child class B's prototype has A's prototype on its prototype chain
// so the prototype object shows up too.
console.log(queryObjects(A, { format: 'summary' })); // [ A {}' ]

Contributed by Joyee Cheung in #​51927

watch: mark as stable

From this release Watch Mode is considered stable.
When in watch mode, changes in the watched files cause the Node.js process to restart.

Contributed by Moshe Atlow in #​52074

Other Notable Changes

• [f8ad30048d] - benchmark: add AbortSignal.abort benchmarks (Raz Luvaton) #​52408
• [3b41da9a56] - (SEMVER-MINOR) deps: update simdutf to 5.0.0 (Daniel Lemire) #​52138
• [0a08c4a7b3] - (SEMVER-MINOR) deps: update undici to 6.3.0 (Node.js GitHub Bot) #​51462
• [f1b7bda4f5] - (SEMVER-MINOR) deps: update undici to 6.2.1 (Node.js GitHub Bot) #​51278
• [4acca8ed84] - (SEMVER-MINOR) dns: add order option and support ipv6first (Paolo Insogna) #​52492
• [cc67720ff9] - doc: update release gpg keyserver (marco-ippolito) #​52257
• [c2def7df96] - doc: add release key for marco-ippolito (marco-ippolito) #​52257
• [807c89cb26] - doc: add UlisesGascon as a collaborator (Ulises Gascón) #​51991
• [5e78a20ef9] - (SEMVER-MINOR) doc: deprecate fs.Stats public constructor (Marco Ippolito) #​51879
• [722fe64ff7] - (SEMVER-MINOR) lib, url: add a windows option to path parsing (Aviv Keller) #​52509
• [d116fa1568] - (SEMVER-MINOR) net: add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) #​52474
• [6af7b78b0d] - (SEMVER-MINOR) src: add string_view overload to snapshot FromBlob (Anna Henningsen) #​52595
• [b3a11b574b] - (SEMVER-MINOR) src: preload function for Environment (Cheng Zhao) #​51539
• [41646d9c9e] - (SEMVER-MINOR) test_runner: add suite() (Colin Ihrig) #​52127
• [fc9ba17f6c] - (SEMVER-MINOR) test_runner: add test:complete event to reflect execution order (Moshe Atlow) #​51909

Commits

• [6fdd748b21] - benchmark: reduce the buffer size for blob (Debadree Chatterjee) #​52548
• [2274d0c868] - benchmark: inherit stdio/stderr instead of pipe (Ali Hassan) #​52456
• [0300598315] - benchmark: add ipc support to spawn stdio config (Ali Hassan) #​52456
• [f8ad30048d] - benchmark: add AbortSignal.abort benchmarks (Raz Luvaton) #​52408
• [7508d48736] - benchmark: conditionally use spawn with taskset for cpu pinning (Ali Hassan) #​52253
• [ea8e72e185] - benchmark: add toNamespacedPath bench (Rafael Gonzaga) #​52236
• [c00715cc1e] - benchmark: add style-text benchmark (Rafael Gonzaga) #​52004
• [1c1a6935ee] - buffer: add missing ARG_TYPE(ArrayBuffer) for isUtf8 (Jungku Lee) #​52477
• [1b2aff7dce] - buffer: improve base64 and base64url performance (Yagiz Nizipli) #​52428
• [328bded5ab] - buffer: improve btoa performance (Yagiz Nizipli) #​52427
• [e67bc34326] - buffer: use simdutf for atob implementation (Yagiz Nizipli) #​52381
• [5abddb45d8] - build: fix typo in node.gyp (Michaël Zasso) #​52719
• [7d1f304f5e] - build: fix headers install for shared mode on Win (Segev Finer) #​52442
• [6826bbf267] - build: fix arm64 cross-compilation bug on non-arm machines (Mahdi Sharifi) #​52559
• [6e85bc431a] - build: temporary disable ubsan (Rafael Gonzaga) #​52560
• [297368a1ed] - build: fix arm64 cross-compilation (Michaël Zasso) #​51256
• [93bddb598f] - build,tools: add test-ubsan ci (Rafael Gonzaga) #​46297
• [20bb16582f] - build,tools,node-api: fix building node-api tests for Windows Debug (Vladimir Morozov) #​52632
• [9af15cfff1] - child_process: use internal addAbortListener (Chemi Atlow) #​52081
• [a4847c4619] - crypto: simplify assertions in Safe*Print (David Benjamin) #​49709
• [0ec4d9d734] - crypto: enable NODE_EXTRA_CA_CERTS with BoringSSL (Shelley Vohr) #​52217
• [03e05b092c] - crypto: deprecate implicitly shortened GCM tags (Tobias Nießen) #​52345
• [0f784c96ba] - crypto: make timingSafeEqual faster for Uint8Array (Tobias Nießen) #​52341
• [739958e472] - crypto: reject Ed25519/Ed448 in Sign/Verify prototypes (Filip Skokan) #​52340
• [197b61f210] - crypto: validate RSA-PSS saltLength in subtle.sign and subtle.verify (Filip Skokan) #​52262
• [a6eede33f3] - crypto: fix input validation in crypto.hash (Antoine du Hamel) #​52070
• [bfa4986e5d] - deps: update corepack to 0.28.0 (Node.js GitHub Bot) #​52616
• [70546698d7] - deps: update ada to 2.7.8 (Node.js GitHub Bot) #​52517
• [a135027f84] - deps: update icu to 75.1 (Node.js GitHub Bot) #​52573
• [c96f1043d4] - deps: update undici to 6.13.0 (Node.js GitHub Bot) #​52493
• [9c330b610b] - deps: update zlib to 1.3.0.1-motley-7d77fb7 (Node.js GitHub Bot) #​52516
• [7e5bbeebab] - deps: update nghttp2 to 1.61.0 (Node.js GitHub Bot) #​52395
• [b42a4735d9] - deps: update minimatch to 9.0.4 (Node.js GitHub Bot) #​52524
• [d34fd21bc2] - deps: update simdutf to 5.2.4 (Node.js GitHub Bot) #​52473
• [ecc180f830] - deps: upgrade npm to 10.5.2 (npm team) #​52458
• [606c183344] - deps: update simdutf to 5.2.3 (Yagiz Nizipli) #​52381
• [0a103e99fe] - deps: upgrade npm to 10.5.1 (npm team) #​52351
• [cce861e670] - deps: update c-ares to 1.28.1 (Node.js GitHub Bot) #​52285
• [5258b547ea] - deps: update undici to 6.11.1 (Node.js GitHub Bot) #​52328
• [923a77c80a] - deps: update undici to 6.10.2 (Node.js GitHub Bot) #​52227
• [bd3c6a231c] - deps: update zlib to 1.3.0.1-motley-24c07df (Node.js GitHub Bot) #​52199
• [3b41da9a56] - (SEMVER-MINOR) deps: update simdutf to 5.0.0 (Daniel Lemire) #​52138
• [d6f9ca385c] - deps: update zlib to 1.3.0.1-motley-24342f6 (Node.js GitHub Bot) #​52123
• [f5512897b0] - deps: update corepack to 0.26.0 (Node.js GitHub Bot) #​52027
• [d891275178] - deps: update ada to 2.7.7 (Node.js GitHub Bot) #​52028
• [18838f2db3] - deps: update simdutf to 4.0.9 (Node.js GitHub Bot) #​51655
• [503c034abc] - deps: update undici to 6.6.2 (Node.js GitHub Bot) #​51667
• [256bcba52e] - deps: update undici to 6.6.0 (Node.js GitHub Bot) #​51630
• [7a1e321d95] - deps: update undici to 6.4.0 (Node.js GitHub Bot) #​51527
• [dde9e08224] - deps: update ngtcp2 to 1.1.0 (Node.js GitHub Bot) #​51319
• [0a08c4a7b3] - (SEMVER-MINOR) deps: update undici to 6.3.0 (Node.js GitHub Bot) #​51462
• [f1b7bda4f5] - (SEMVER-MINOR) deps: update undici to 6.2.1 (Node.js GitHub Bot) #​51278
• [ecadd638cd] - deps: V8: remove references to non-existent flags (Richard Lau) #​52256
• [27d364491f] - dgram: use internal addAbortListener (Chemi Atlow) #​52081
• [b94d11935a] - diagnostics_channel: early-exit tracing channel trace methods (Stephen Belanger) #​51915
• [4acca8ed84] - (SEMVER-MINOR) dns: add order option and support ipv6first (Paolo Insogna) #​52492
• [bcc06ac5a9] - doc: remove relative limitation to pm (Rafael Gonzaga) #​52648
• [4d5ef4f7af] - doc: fix info string causing duplicated code blocks (Mathieu Leenhardt) #​52660
• [d5a316f5ea] - doc: run license-builder (github-actions[bot]) #​52631
• [d7434fe411] - doc: deprecate --experimental-policy (RafaelGSS) #​52602
• [02a83d89f7] - doc: add info on contributor spotlight program (Michael Dawson) #​52598
• [a905eaace1] - doc: correct unsafe URL example in http docs (Malte Legenhausen) #​52555
• [69c21a6522] - doc: replace U+00A0 with U+0020 (Luigi Pinca) #​52590
• [5df34c7d0a] - doc: sort options alphabetically (Luigi Pinca) #​52589
• [b49464bc9d] - doc: correct stream.finished changes (KaKa) #​52551
• [4d051ba89b] - doc: add RedYetiDev to triage team (Aviv Keller) #​52556
• [4ed55bf16c] - doc: fix issue detected in markdown lint update (Rich Trott) #​52566
• [a8bc40fd07] - doc: update test runner coverage limitations (Moshe Atlow) #​52515
• [17d5ba9fed] - doc:

---

Configuration

📅 Schedule: Branch creation - "every 2 weeks on Tuesday" in timezone Europe/Berlin, Automerge - "after 9am every weekday except Friday or Monday,before 11am every weekday except Friday or Monday" in timezone Europe/Berlin.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[ethpandaops-renovatebot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[ethpandaops-renovatebot]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.