2026-02-24, Version 24.14.0 'Krypton' (LTS)#61924
Draft
github-actions[bot] wants to merge 115 commits intov24.xfrom
Draft
2026-02-24, Version 24.14.0 'Krypton' (LTS)#61924github-actions[bot] wants to merge 115 commits intov24.xfrom
github-actions[bot] wants to merge 115 commits intov24.xfrom
Conversation
PR-URL: #61470 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #61514 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #61566 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Matthew Aitken <maitken033380023@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Wrap pskCallback and ALPNCallback invocations in try-catch blocks to route exceptions through owner.destroy() instead of letting them become uncaught exceptions. This prevents remote attackers from crashing TLS servers or causing resource exhaustion. Fixes: https://hackerone.com/reports/3473882 PR-URL: nodejs-private/node-private#782 PR-URL: nodejs-private/node-private#790 CVE-ID: CVE-2026-21637
PR-URL: #60634 Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Add support for the creation of ReadableByteStream to Readable.toWeb()
and Duplex.toWeb()
This enables the use of .getReader({ mode: "byob" }) on
e.g. socket().toWeb()
Refs: #56004 (comment)
Refs: https://developer.mozilla.org/en-US/docs/Web/API/Streams_API/Using_readable_byte_streams
PR-URL: #58664
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@08c6903...93cb6ef) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #60767 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: hainenber <dotronghai96@gmail.com> PR-URL: #60319 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
PR-URL: #60796 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #60214 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #60925 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
It's a common ecosystem pattern to map a source root directory to `@/` but it requires special tooling support. This turns `#/*` into a more realistic alternative for that pattern. PR-URL: #60864 Reviewed-By: Guy Bedford <guybedford@gmail.com> Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Claudio Wunder <cwunder@gnome.org> Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com>
PR-URL: #60912 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
This adds an API to dynamically enable built-in proxy support for all of fetch() and http.request()/https.request(), so that users do not have to be aware of them all and configure them one by one. PR-URL: #60953 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Tim Perry <pimterry@gmail.com>
Add convertProcessSignalToExitCode() to convert signal names to POSIX exit codes (128 + signal number). Exposed in public util API. Refs: #60720 PR-URL: #60963 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
PR-URL: #61043 Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Aviv Keller <me@aviv.sh>
PR-URL: #60913 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@330a01c...b7c566a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #61238 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@1af3b93...8e8c483) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #61239 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@018cc2c...37930b1) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> PR-URL: #61242 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Original commit message:
Fix for GCC 15 compiler error on PPC8/PPC9/PPC10
Refs: google/highway@dcc0ca1
PR-URL: #61008
Fixes: #60992
Refs: google/highway#2443
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
PR-URL: #60728 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: #60803 Reviewed-By: LiviaMedeiros <livia@cirno.name> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #60760 Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #60763 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
PR-URL: #60845 Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: #60892 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
PR-URL: #60891 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Tests should be explicit regarding whether a promise is expected to settle, and the test should fail when the behavior does not meet expectations. PR-URL: #60976 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Erick Wendel <erick.workspace@gmail.com>
PR-URL: #61672 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Tierney Cyren <hello@bnb.im>
Defer socket.destroy() calls in internalConnect and internalConnectMultiple to the next tick. This ensures that error handlers have a chance to be set up before errors are emitted, particularly important when using http.request with a custom lookup function that returns synchronously. Previously, if a synchronous lookup function returned an IP that triggered an immediate error (e.g., via blockList), the error would be emitted before the HTTP client had set up its error handler (which happens via process.nextTick in onSocket). This caused unhandled 'error' events. Fixes: #48771 PR-URL: #61658 Refs: #51038 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Jason Zhang <xzha4350@gmail.com>
On Windows, file paths are case-insensitive but string comparison is case-sensitive. When the drive letter case differs between the computed project root and the actual output (e.g., 'C:/' vs 'c:/'), the path replacement in transformProjectRoot() would fail. This fix uses case-insensitive regex replacement on Windows to ensure paths are correctly normalized in snapshot tests regardless of drive letter casing. Refs: nodejs/reliability#1453 PR-URL: #61682 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Stefan Stojanovic <stefan.stojanovic@janeasystems.com> Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
PR-URL: #61683 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>
PR-URL: #61675 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Tierney Cyren <hello@bnb.im> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
When binding UTF-8 strings to prepared statements, transfer ownership of malloc-backed Utf8Value buffers to SQLite to avoid an extra copy for large strings. Use sqlite3_bind_blob64() when binding BLOB parameters. PR-URL: #61580 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com>
PR-URL: #61696 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Daniel Lemire <daniel@lemire.me> Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
PR-URL: #61659 Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Jacob Smith <jacob@frende.me> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tierney Cyren <hello@bnb.im> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
`require(mod)` does not keep the mod in require cache if mod throws synchronously. This fixes the tests to print the stack immediately in case that source map cache could be cleaned up when the CJS module is reclaimed by GC in the next event loop tick. PR-URL: #61699 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Add documentation explaining that applications are expected to attach 'error' event handlers to EventEmitters that can emit errors, including HTTP streams. Crashes resulting from missing error handlers are not considered denial-of-service vulnerabilities in Node.js. PR-URL: #61701 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Small perf improvement:
$ node benchmark/compare.js --runs 100 \
> --old ./node-0da120f879 --new ./node \
> --filter structured-clone misc > comparison.csv && \
> npx node-benchmark-compare comparison.csv
[00:02:15|% 100| 1/1 files | 200/200 runs | 3/3 configs]: Done
confidence improvement accuracy (*) (**) (***)
misc/structured-clone.js n=10000 type='arraybuffer' ** 1.81 % ±1.28% ±1.68% ±2.16%
misc/structured-clone.js n=10000 type='object' * 0.62 % ±0.55% ±0.73% ±0.93%
misc/structured-clone.js n=10000 type='string' *** 8.30 % ±1.46% ±1.92% ±2.47%
Be aware that when doing many comparisons the risk of a false-positive result increases.
In this case, there are 3 comparisons, you can thus expect the following amount of false-positive results:
0.15 false positives, when considering a 5% risk acceptance (*, **, ***),
0.03 false positives, when considering a 1% risk acceptance (**, ***),
0.00 false positives, when considering a 0.1% risk acceptance (***)
PR-URL: #61703
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
PR-URL: #61732 Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #61730 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #61685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
PR-URL: #61748 Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #61279 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
PR-URL: #61280 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
PR-URL: #61341 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Aviv Keller <me@aviv.sh> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #61456 Reviewed-By: Guy Bedford <guybedford@gmail.com> Reviewed-By: Daniel Lemire <daniel@lemire.me> Reviewed-By: Richard Lau <richard.lau@ibm.com>
To reduce cache thrashing. PR-URL: #61790 Refs: #61436 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Tierney Cyren <hello@bnb.im> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #61742 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com>
PR-URL: #61734 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: #61759 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Notable changes: async_hooks: * (SEMVER-MINOR) add trackPromises option to createHook() (Joyee Cheung) #61415 build,deps: * replace cjs-module-lexer with merve (Yagiz Nizipli) #61456 deps: * (SEMVER-MINOR) add LIEF as a dependency (Joyee Cheung) #61167 * (SEMVER-MINOR) add tools and scripts to pull LIEF as a dependency (Joyee Cheung) #61167 events: * (SEMVER-MINOR) repurpose `events.listenerCount()` to accept EventTargets (René) #60214 fs: * (SEMVER-MINOR) add ignore option to fs.watch (Matteo Collina) #61433 http: * (SEMVER-MINOR) add http.setGlobalProxyFromEnv() (Joyee Cheung) #60953 module: * (SEMVER-MINOR) allow subpath imports that start with `#/` (Jan Martin) #60864 process: * (SEMVER-MINOR) preserve AsyncLocalStorage in queueMicrotask only when needed (Gürgün Dayıoğlu) #60913 sea: * (SEMVER-MINOR) split sea binary manipulation code (Joyee Cheung) #61167 sqlite: * (SEMVER-MINOR) enable defensive mode by default (Bart Louwers) #61266 * (SEMVER-MINOR) add sqlite prepare options args (Guilherme Araújo) #61311 src: * (SEMVER-MINOR) add initial support for ESM in embedder API (Joyee Cheung) #61548 stream: * (SEMVER-MINOR) add bytes() method to stream/consumers (wantaek) #60426 * (SEMVER-MINOR) do not pass `readable.compose()` output via `Readable.from()` (René) #60907 test: * (SEMVER-MINOR) use fixture directories for sea tests (Joyee Cheung) #61167 test_runner: * (SEMVER-MINOR) add env option to run function (Ethan Arrowood) #61367 * (SEMVER-MINOR) support expecting a test-case to fail (Jacob Smith) #60669 util: * (SEMVER-MINOR) add convertProcessSignalToExitCode utility (Erick Wendel) #60963 PR-URL: #61924
github-actions
bot
added
release
Collaborator
|
Review requested:
|
Collaborator
|
CI: https://ci.nodejs.org/job/node-test-pull-request/71397/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
2026-02-24, Version 24.14.0 'Krypton' (LTS), @aduh95
Notable Changes
feedfd5827] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #614155cfc06522c] - build,deps: replace cjs-module-lexer with merve (Yagiz Nizipli) #61456943e5b4ca8] - (SEMVER-MINOR) deps: add LIEF as a dependency (Joyee Cheung) #6116775d7fc26dd] - (SEMVER-MINOR) deps: add tools and scripts to pull LIEF as a dependency (Joyee Cheung) #61167fa46e8f65e] - (SEMVER-MINOR) events: repurposeevents.listenerCount()to accept EventTargets (René) #60214bbd6307076] - (SEMVER-MINOR) fs: add ignore option to fs.watch (Matteo Collina) #614337424eaa8ff] - (SEMVER-MINOR) http: add http.setGlobalProxyFromEnv() (Joyee Cheung) #609531cf109d6da] - (SEMVER-MINOR) module: allow subpath imports that start with#/(Jan Martin) #60864a18cd1d117] - (SEMVER-MINOR) process: preserve AsyncLocalStorage in queueMicrotask only when needed (Gürgün Dayıoğlu) #609132524612f68] - (SEMVER-MINOR) sea: split sea binary manipulation code (Joyee Cheung) #611671967aec35e] - (SEMVER-MINOR) sqlite: enable defensive mode by default (Bart Louwers) #61266655d2bc32a] - (SEMVER-MINOR) sqlite: add sqlite prepare options args (Guilherme Araújo) #6131173c213db29] - (SEMVER-MINOR) src: add initial support for ESM in embedder API (Joyee Cheung) #615481b9d2a0889] - (SEMVER-MINOR) stream: add bytes() method to stream/consumers (wantaek) #60426239bf340ec] - (SEMVER-MINOR) stream: do not passreadable.compose()output viaReadable.from()(René) #609077a95dffabb] - (SEMVER-MINOR) test: use fixture directories for sea tests (Joyee Cheung) #61167ce4cc0a041] - (SEMVER-MINOR) test_runner: add env option to run function (Ethan Arrowood) #61367bae6111785] - (SEMVER-MINOR) test_runner: support expecting a test-case to fail (Jacob Smith) #606695f18ad31e2] - (SEMVER-MINOR) util: add convertProcessSignalToExitCode utility (Erick Wendel) #60963Commits
d4c6fcb5e4] - assert: fix loose deepEqual arrays with undefined and null failing (Ruben Bridgewater) #61587feedfd5827] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #614159975bd81f1] - benchmark: add streaming TextDecoder benchmark (Сковорода Никита Андреевич) #6154960bf051e37] - build: skip sscache action on non-main branches (Joyee Cheung) #61790cd2afa6176] - build: add--shared-nbytesconfigure flag (Antoine du Hamel) #613419e6b305e28] - build: add--shared-hdr-histogramconfigure flag (Antoine du Hamel) #61280009471590e] - build: add--shared-gtestconfigure flag (Antoine du Hamel) #61279a4fc77781f] - build: aix: deoptimize implementation-visitor.cc with --shared (Stewart X Addison) #615505cfc06522c] - build,deps: replace cjs-module-lexer with merve (Yagiz Nizipli) #614561a9daa3d49] - deps: upgrade npm to 11.9.0 (npm team) #616858bdb112a75] - deps: update amaro to 1.1.7 (Node.js GitHub Bot) #61730bc19ba9d7e] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #61732b607f04dd3] - deps: update undici to 7.21.0 (Node.js GitHub Bot) #6168342c00259c4] - deps: update googletest to 56efe3983185e3f37e43415d1afa97e3860f187f (Node.js GitHub Bot) #616053587fdf69a] - deps: update amaro to 1.1.6 (Node.js GitHub Bot) #61603943e5b4ca8] - (SEMVER-MINOR) deps: add LIEF as a dependency (Joyee Cheung) #6116775d7fc26dd] - (SEMVER-MINOR) deps: add tools and scripts to pull LIEF as a dependency (Joyee Cheung) #61167b6cb8cd918] - deps: V8: cherry-pick highway@dcc0ca1cd42 (Richard Lau) #61008625b90b76b] - deps: update undici to 7.19.2 (Node.js GitHub Bot) #6156605e9a9fb5e] - deps: update undici to 7.19.1 (Node.js GitHub Bot) #615143d41643e38] - deps: update undici to 7.19.0 (Node.js GitHub Bot) #6147029f6eb56da] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #61453fcab7875cc] - doc: clarify EventEmitter error handling in threat model (Matteo Collina) #61701ed9a93bca3] - doc: mention default option for test runner env (Steven) #6165919a64cb2e3] - doc: fix --inspect security warning section (Tim Perry) #6167585a7494b8c] - doc: documenturl.format(urlString)as deprecated under DEP0169 (René) #61644c57cd3397a] - doc: deprecation add more codemod (Augustin Mauroy) #61642b9356459b8] - doc: fix grammatical error in README.md (ayj8201) #6165372a920bf19] - doc: correct tools README Boxstarter link (Mike McCready) #61638c276a46405] - doc: updateserver.dropMaxConnectionlink (YuSheng Chen) #615843b27cc8dd5] - doc: clean up writing-and-running-benchmarks.md (Hardanish Singh) #61345fa46e8f65e] - (SEMVER-MINOR) events: repurposeevents.listenerCount()to accept EventTargets (René) #60214bbd6307076] - (SEMVER-MINOR) fs: add ignore option to fs.watch (Matteo Collina) #61433c940fd5883] - http: implement slab allocation for HTTP header parsing (Mert Can Altin) #613757424eaa8ff] - (SEMVER-MINOR) http: add http.setGlobalProxyFromEnv() (Joyee Cheung) #60953c44e0175fe] - lib: use utf8 fast path for streaming TextDecoder (Сковорода Никита Андреевич) #61549e6e829c6a0] - lib: recycle queues (Robert Nagy) #6146160d74d5ec6] - lib: use StringPrototypeStartsWith from primordials in locks (Taejin Kim) #61492bab6374e60] - lib: unify ICU and no-ICU TextDecoder (Сковорода Никита Андреевич) #614091ad165a6ab] - lib: prefercall()overapply()if argument list is not array (Livia Medeiros) #60796b764b84b2c] - lib: add support for readable byte streams to .toWeb() (Hans Klunder) #58664c04af9a5a1] - meta: persist sccache daemon until end of build workflows (René) #616396a2f81e05b] - meta: bump github/codeql-action from 4.31.9 to 4.32.0 (dependabot[bot]) #616223746b7e9ee] - meta: bump step-security/harden-runner from 2.14.0 to 2.14.1 (dependabot[bot]) #616218979e8a865] - meta: bump actions/setup-python from 6.1.0 to 6.2.0 (dependabot[bot]) #616272d5ef8101e] - meta: bump actions/setup-node from 6.1.0 to 6.2.0 (dependabot[bot]) #61625ecd93efb54] - meta: bump actions/cache from 5.0.1 to 5.0.3 (dependabot[bot]) #61624f3d7a38934] - meta: bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (dependabot[bot]) #616234b62aa8f08] - meta: bump actions/stale from 10.1.0 to 10.1.1 (dependabot[bot]) #61620a27eef9c73] - meta: bump actions/checkout from 6.0.1 to 6.0.2 (dependabot[bot]) #61619a0c992cfc7] - meta: bump actions/download-artifact from 6.0.0 to 7.0.0 (dependabot[bot]) #612427285f16e2b] - meta: bump actions/checkout from 6.0.0 to 6.0.1 (dependabot[bot]) #61239dffba04624] - meta: bump actions/upload-artifact from 5.0.0 to 6.0.0 (dependabot[bot]) #61238fa8b635b67] - meta: bump actions/checkout from 5.0.1 to 6.0.0 (dependabot[bot]) #60925f999960ee8] - meta: bump actions/checkout from 5.0.0 to 5.0.1 (dependabot[bot]) #60767875dd5b819] - module: do not invoke resolve hooks twice for imported cjs (Joyee Cheung) #615293cbd36ac51] - module: do not wrap module._load when tracing is not enabled (Joyee Cheung) #614791cf109d6da] - (SEMVER-MINOR) module: allow subpath imports that start with#/(Jan Martin) #608640d1943af73] - net: defer synchronous destroy calls in internalConnect (RajeshKumar11) #61658924d9a5ceb] - process: do not truncate long strings in--print(Mohamed Akram) #61497a18cd1d117] - (SEMVER-MINOR) process: preserve AsyncLocalStorage in queueMicrotask only when needed (Gürgün Dayıoğlu) #60913bdae3301d9] - repl: fix getters triggering side effects during completion (Dario Piotrowicz) #6104380d6a48d74] - repl: tab completion targets<class>instead ofnew <class>(Đỗ Trọng Hải) #603192524612f68] - (SEMVER-MINOR) sea: split sea binary manipulation code (Joyee Cheung) #61167901cfd76ac] - sqlite: avoid extra copy for large text binds (Ali Hassan) #61580fbb4756a61] - sqlite: use DictionaryTemplate for run() result (Mert Can Altin) #614324db719b912] - sqlite: change approach to fix segfault SQLTagStore (Bart Louwers) #60462f292042df1] - sqlite: reserve vectors space (Guilherme Araújo) #615401967aec35e] - (SEMVER-MINOR) sqlite: enable defensive mode by default (Bart Louwers) #61266655d2bc32a] - (SEMVER-MINOR) sqlite: add sqlite prepare options args (Guilherme Araújo) #61311ef61bc925d] - src: elide heap allocation in structured clone implementation (Anna Henningsen) #617030958855fb8] - src: use simdutf for one-byte string UTF-8 write in stringBytes (Mert Can Altin) #6169673c213db29] - (SEMVER-MINOR) src: add initial support for ESM in embedder API (Joyee Cheung) #615486a7461a3f6] - src: throw RangeError on failed ArrayBuffer BackingStore allocation (Chengzhong Wu) #614801b9d2a0889] - (SEMVER-MINOR) stream: add bytes() method to stream/consumers (wantaek) #60426239bf340ec] - (SEMVER-MINOR) stream: do not passreadable.compose()output viaReadable.from()(René) #60907cd5ddd1e52] - test: restraint version replacement pattern in snapshots (Chengzhong Wu) #617480431ee9858] - test: print stack immediately avoiding GC interleaving (Chengzhong Wu) #616998fac12f780] - test: fix case-insensitive path matching on Windows (Matteo Collina) #6168248a430412d] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #6162993c083c08f] - test: remove duplicate wpt tests (Filip Skokan) #6161729f2baa472] - test: fix race condition in watch mode tests (Matteo Collina) #61615410234adff] - test: update WPT for url to e3c46fdf55 (Node.js GitHub Bot) #61602ca64d15bc0] - test: use the skipIfNoWatch() utility function (Luigi Pinca) #6153136668f5894] - test: unify assertSnapshot common patterns (Chengzhong Wu) #6159024977b7d3f] - test: split test-fs-watch-ignore-* (Luigi Pinca) #614949b82fd0c80] - test: add some validation for JSON doc output (Antoine du Hamel) #614137a95dffabb] - (SEMVER-MINOR) test: use fixture directories for sea tests (Joyee Cheung) #61167cfceb22503] - test: reveal wpt evaluation errors in status files (Chengzhong Wu) #613583e4255d828] - test: forbid use of named imports for fixtures (Antoine du Hamel) #612283dfb47fe41] - test: enforce better never-settling-promise detection (Antoine du Hamel) #60976e5470526de] - test: ensure assertions are reached on all tests (Antoine du Hamel) #608450ff565a8d0] - test: ensure assertions are reached on more tests (Antoine du Hamel) #607632a5c3ff82a] - test: ensure assertions are reached on more tests (Antoine du Hamel) #607608b08f90509] - test: useRegExp.escapeto improve test reliability (Antoine du Hamel) #60803f1ab938cb9] - test: ensure assertions are reached on more tests (Antoine du Hamel) #60728a4edda09e8] - test: skip tests not passing withoutNODE_OPTIONSsupport (Antoine du Hamel) #60912b896ab4731] - test: ensure assertions are reached on more tests (Antoine du Hamel) #6063444bd38b88f] - test_runner: fix test enqueue when test file has syntax error (Edy Silva) #615732f6b136de9] - test_runner: fix passingexpectFailure(Moshe Atlow) #615684f906183a3] - test_runner: differentiate todo and failure styles (Moshe Atlow) #61564ce4cc0a041] - (SEMVER-MINOR) test_runner: add env option to run function (Ethan Arrowood) #61367bae6111785] - (SEMVER-MINOR) test_runner: support expecting a test-case to fail (Jacob Smith) #60669ebe01cc708] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#790f7847b7fc8] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61759f1f54d4954] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #6173423a39fbcfe] - tools: use ubuntu-latest runner innotify-on-pushworkflow (Antoine du Hamel) #6174257d9a8af36] - tools: enforce removal oflts-watch-*labels on release proposals (Antoine du Hamel) #616726b5d7b2777] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #61663edf27c4285] - tools: add LIEF to license builder (Chengzhong Wu) #61523b48012f99e] - tools: enforce trailing commas intest/es-module(Antoine du Hamel) #6089121b84fcf7b] - tools: enforce trailing commas intest/sequential(Antoine du Hamel) #6089238c6db9b2f] - tools,win: upgrade install additional tools to Visual Studio 2026 (Mike McCready) #615625f18ad31e2] - (SEMVER-MINOR) util: add convertProcessSignalToExitCode utility (Erick Wendel) #60963