2026-05-20, Version 26.2.0 (Current)#63440
Merged
Merged
Conversation
Signed-off-by: James M Snell <jasnell@gmail.com> Assisted-by: Opencode:Opus 4.6 PR-URL: #62876 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Robert Nagy <ronagy@icloud.com>
When Promise.race() or Promise.any() settles, V8 fires kPromiseResolveAfterResolved / kPromiseRejectAfterResolved for each "losing" promise. The PromiseRejectCallback in node_task_queue.cc was crossing into JS for these events, but since the multipleResolves event reached EOL in v25 (PR #58707), the JS handler does nothing. The unnecessary C++-to-JS boundary crossings accumulate references in a tight loop, causing OOM when using Promise.race() with immediately-resolving promises. Return early in PromiseRejectCallback() for these two events, skipping the JS callback entirely. Also remove the dead case branches and unused constant imports from the JS side. Move early returns for kPromiseResolveAfterResolved and kPromiseRejectAfterResolved before Number::New and CHECK(!callback), avoiding unnecessary work. Remove dead NODE_DEFINE_CONSTANT exports and fix comment placement in the JS switch statement. Bump test --max-old-space-size from 20 to 64 for safety on instrumented builds. Fixes: #51452 Refs: #60184 Refs: #61960 PR-URL: #62336 Refs: #51452 Reviewed-By: Jordan Harband <ljharb@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Signed-off-by: Mert Can Altin <mertgold60@gmail.com> PR-URL: #63144 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Replace the O(n) case-insensitive algorithm-name scan
with an O(1) SafeMap lookup. The map is pre-built at
module init alongside kSupportedAlgorithms.
Hoist the opts object literal used in normalizeAlgorithm
to module level to avoid allocating identical
{ prefix, context } objects on every call.
Pre-compute ObjectKeys() for simpleAlgorithmDictionaries
entries at module init to avoid allocating a new keys
array on every normalizeAlgorithm call.
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
PR-URL: #62756
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Replace object spread in nested WebIDL conversion options with stable-shape ordinary objects. This keeps hot dictionary and sequence conversion paths from allocating null-prototype spread results. Apply the same pattern to Web Crypto converter wrappers that override allowResizable or enable [EnforceRange]. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #62756 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: #63113 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #63104 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Signed-off-by: Marco Ippolito <marcoippolito54@gmail.com> PR-URL: #63033 Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: Marco Ippolito <marcoippolito54@gmail.com> PR-URL: #63033 Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Since they aren't built by default Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: #63149 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Tim Perry <pimterry@gmail.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: #63047 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: #62673 Reviewed-By: Daniel Lemire <daniel@lemire.me> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
- For imported CJS, if it's not customized by asynchronous hooks, make sure it won't use the quirky re-invented require in all cases. - When the imported CJS module is customized by synchronous hooks, in the synthetic module evalutation step, avoid calling the respective default step again. - Make the branching of loadCJSModuleWithModuleLoad() and loadCJSModuleWithSpecialRequire() more explicit, and fold the tentative fs read in the 'commonjs' translator into the share createCJSModuleWrap() helper instead of checking it twice in the same path. Signed-off-by: Joyee Cheung <joyeec9h3@gmail.com> PR-URL: #62920 Fixes: #63060 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #63134 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Move KeyObject type and handle storage behind NativeKeyObject and expose it to JS through a module-private slot reader, mirroring the CryptoKey hardening. Cache the native slot tuple in a private field and lazily derive secret and asymmetric metadata from the cached KeyObjectHandle. Update internal crypto, QUIC, and comparison callers to use private helpers instead of public KeyObject accessors. Keep getKeyObjectSlots restricted to internal/crypto/keys with an ESLint guard. Add regression coverage for brand checks, hidden slots, clone and transfer behavior, own-property reflection, and post-clone crypto operations. Extend the CryptoKey brand test to assert getSlots is not reachable through the public constructor or prototype chain. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #63111 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Clone CryptoKey algorithm dictionaries into null-prototype objects before storing or caching them internally. Copy nested hash dictionaries and publicExponent bytes so internal consumers and transferred keys do not observe user-mutable input objects or polluted Object.prototype fields. Keep public algorithm and inspect output as ordinary objects. Make the clone path check only own hash and publicExponent properties. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #63111 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Add ESLint rules that reject public KeyObject and CryptoKey accessor reads after internal brand checks. Internal code must use the private key helpers so it reads native-backed slots instead of user-replaceable properties. Add a separate rule that rejects instanceof checks against KeyObject and CryptoKey constructors, including the global CryptoKey constructor. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #63111 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: #63147 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Signed-off-by: geeksilva97 <edigleyssonsilva@gmail.com> PR-URL: #63152 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Signed-off-by: Renegade334 <contact.9a5d6388@renegade334.me.uk> PR-URL: #63132 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: #63131 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Signed-off-by: James M Snell <jasnell@gmail.com> Assisted-by: Opencode:Opus 4.6 PR-URL: #63157 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Tim Perry <pimterry@gmail.com>
PR-URL: #62812 Reviewed-By: James M Snell <jasnell@gmail.com>
Map BoringSSL's native renegotiation failure to ERR_TLS_RENEGOTIATION_UNSUPPORTED when TLSSocket#renegotiate() is called. This avoids exposing an implementation-specific OpenSSL error when the TLS backend does not support caller-initiated renegotiation. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #63161 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: #63177 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: #63177 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
The Platform support section of the single-executable-applications doc listed `macOS` without qualifying which architecture is supported. SEA on x64 macOS is not supported and is skipped in CI; only arm64 macOS is exercised. Refs: #62893 Signed-off-by: mokashang <64570909+mokashang@users.noreply.github.com> PR-URL: #63181 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: #63199 Reviewed-By: Jacob Smith <jacob@frende.me> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
PR-URL: #63377 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Trigger watch restarts by appending whitespace instead of rewriting watched modules. This avoids transient empty or partial ESM dependency contents while the restarted worker is loading. Use a separate temporary directory for each subtest so concurrent subtests do not share worker and dependency file names. Signed-off-by: Kamat, Trivikram <16024985+trivikr@users.noreply.github.com> Assisted-by: openai:gpt-5.5 PR-URL: #63384 Refs: https://github.com/nodejs/reliability/blob/main/reports/2026-05-17.md#jstest-failure Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Use performFileOperation() for test runner watch updates so the run() API path schedules a single delayed write instead of rewriting the file until the second run completes. Repeated writes can trigger another watch restart while the previous rerun is still active. The runner then terminates the in-flight child process with SIGTERM, which can make the captured output include both a failed file-level subtest and the next successful run. Also count only root summary duration lines when detecting completed runs. Signed-off-by: Kamat, Trivikram <16024985+trivikr@users.noreply.github.com> Assisted-by: openai:gpt-5.5 PR-URL: #63386 Refs: https://github.com/nodejs/reliability/blob/main/reports/2026-05-17.md#jstest-failure Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Collaborator
|
Review requested:
|
github-actions
Bot
added
release
aduh95
approved these changes
May 19, 2026
github-actions
Bot
removed
the
request-ci
Collaborator
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## v26.x #63440 +/- ##
==========================================
+ Coverage 89.68% 90.05% +0.36%
==========================================
Files 712 714 +2
Lines 221287 225899 +4612
Branches 42397 42739 +342
==========================================
+ Hits 198468 203427 +4959
+ Misses 14648 14246 -402
- Partials 8171 8226 +55
🚀 New features to boost your workflow:
|
Signed-off-by: Yu-Sheng Chen <samuel871211@gmail.com> PR-URL: #63259 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #62734 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Several prose references to HTTP, HTTPS, SSL, HPE_HEADER_OVERFLOW
and ECMAScript used the article "a" where the acronym starts with
a vowel sound and should take "an". The rule is based on
pronunciation, not spelling: HTTP is read "aitch-tee-tee-pee",
SSL is read "ess-es-el", ECMAScript is read "ek-mah-script",
and HPE is read "aitch-pee-ee" — all starting with a vowel sound.
Affected files:
* doc/api/crypto.md — "disable a SSL 3.0/TLS 1.0 vulnerability"
* doc/api/http.md — five occurrences ("a HTTP '400 Bad Request'",
"a HTTP '431 Request Header Fields Too Large'", "a HTTP/1.1 102
Processing message", two copies of "use a HTTP parser") plus
two references to "a HPE_HEADER_OVERFLOW"
* doc/api/http2.md — two code-sample comments reading
"// Detects if it is a HTTPS request or HTTP/2"
* doc/api/module.md — "compiles a CommonJS, a ECMAScript Module,
or a TypeScript module" (only the middle article changes; the
adjacent "a CommonJS" and "a TypeScript" are both correct)
* doc/api/tls.md — two references to "part of a SSL/TLS handshake"
in tlsSocket.getFinished() and tlsSocket.getPeerFinished()
No behavior changes, documentation only.
Signed-off-by: João Victor Oliveira <joao.oliveira@softtor.com.br>
PR-URL: #62696
Reviewed-By: Aviv Keller <me@aviv.sh>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Akhil Marsonya <akhil.marsonya27@gmail.com>
Reviewed-By: Jacob Smith <jacob@frende.me>
Use 127.0.0.1:10, matching existing refused-connection tests, instead of binding and releasing an ephemeral port that can be reused before the child process connects. Clear NO_PROXY and no_proxy so local proxy bypass settings do not skip the proxy connection attempt. Signed-off-by: Kamat, Trivikram <16024985+trivikr@users.noreply.github.com> Assisted-by: openai:gpt-5.5 PR-URL: #63395 Refs: https://github.com/nodejs/reliability/blob/main/reports/2026-05-15.md#jstest-failure Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
The test expects the worker to run out of memory during startup while creating the message port. With Maglev enabled, the tiny worker heap can be exhausted earlier while generating deoptimization data, which changes the failure mode. Disable Maglev so the induced OOM reaches the path covered by the test. Signed-off-by: Kamat, Trivikram <16024985+trivikr@users.noreply.github.com> Assisted-by: openai:gpt-5.5 PR-URL: #63398 Refs: https://github.com/nodejs/reliability/blob/main/reports/2026-05-18.md#jstest-failure Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com>
PR-URL: #63402 Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Debadree Chatterjee <debadree333@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: #63406 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Renegade334 <contact.9a5d6388@renegade334.me.uk> PR-URL: #63410 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Collaborator
Collaborator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
189d43a193] - doc: mark stream.compose stable (Matteo Collina) #62562f858c6140e] - (SEMVER-MINOR) fs: addTemporal.Instantsupport toStatsandBigIntStats(Livia Medeiros) #607890cbb3895df] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #63155Commits
9a394bab84] - benchmark: respect stream/iter broadcast backpressure (Trivikram Kamat) #63314ad98b4620b] - crypto: align verifyOneShot accepted types (Anshika Jain) #63280ba0736a847] - crypto: wire ML-DSA and ML-KEM for use when using BoringSSL (Filip Skokan) #632555573a6a4a8] - crypto: wire ChaCha20-Poly1305 in Web Cryptography when using BoringSSL (Filip Skokan) #632557dc563b8d6] - crypto: wire AES-KW in Web Cryptography when using BoringSSL (Filip Skokan) #63255b55e2b1f4d] - crypto: improve system certificate enumeration logic on macOS (Robo) #62576fd509a755a] - crypto: harden CryptoKey algorithm slots (Filip Skokan) #631118657df39e7] - crypto: harden KeyObject internal slots (Filip Skokan) #63111729274e046] - crypto: reject invalid raw key imports (Filip Skokan) #631348fc9cb9c01] - crypto: improve accuracy of SubtleCrypto.supports (Filip Skokan) #63104288065cb3f] - crypto: optimize normalizeAlgorithm dispatch hot path (Filip Skokan) #62756ecf3797d09] - debugger: disambiguate probe location binding (Joyee Cheung) #63286bdc57135fd] - debugger: add --help tonode inspectand improve docs (Joyee Cheung) #632012a6e6058e9] - deps: update undici to 8.3.0 (Node.js GitHub Bot) #63377327b927271] - deps: update corepack to 0.35.0 (Node.js GitHub Bot) #633755828fadf52] - deps: update sqlite to 3.53.1 (Node.js GitHub Bot) #63217fe127a999b] - deps: update simdjson to 4.6.4 (Node.js GitHub Bot) #62811a34c4ea159] - deps: V8: cherry-pick 435a2cdf664c (Matthias Liedtke) #63136ad91efcc43] - deps: cherry-pick libuv/libuv@a43e543 (Ali Hassan) #632225ea6c3ee7e] - deps: add missing static linking targets for libffi (Paolo Insogna) #63168c1f6ba22b4] - deps: update ngtcp2 to 1.22.1 (Node.js GitHub Bot) #62812f0d008439b] - doc: add Rust toolchain manual installation instructions Windows (Mike McCready) #6336768b1220fbd] - doc: remove inactive members from Triagers list (Antoine du Hamel) #63329189d43a193] - doc: mark stream.compose stable (Matteo Collina) #62562c4fb894039] - doc: fix CHANGELOG (Richard Lau) #632929f319a77e4] - doc: reference correct function in Module docs (Robin Malfait) #632472c13acc88e] - doc: replace Visual Studio 2022 Evergreen version reference with 17.14 (Mike McCready) #632117e42c336c9] - doc: recommend explicitly Tier 1 or 2 for production applications (Mike McCready) #63187d99e0bb6d5] - doc: document Temporal configure flags in BUILDING.md (ChrisJr404) #63248c0ea77b305] - doc: run license-builder (github-actions[bot]) #632328265aba0f4] - doc: add large pull requests contributing guide (Matteo Collina) #62829be241bacc8] - doc: remove unnecessary<!-- eslint-magic comments (Antoine du Hamel) #63200e0b1f092c3] - doc: fix inconsistencies in CJS code snippets (Antoine du Hamel) #63199a3feb15871] - doc: clarify SEA platform support excludes darwin-x64 (MJSHANG) #63181cafd7667fc] - doc: improve quic documentation (James M Snell) #631573c784edb6f] - doc: update release steps when post-release fails (Rafael Gonzaga) #631319de954e9be] - doc: fix deprecation list in 26.0.0 changelog (Antoine du Hamel) #6314720c553e456] - doc: add Hmac.digest() documentation-only deprecation (DEP0206) (Anshika Jain) #631213494eae2c8] - doc: document the latest-vX.x schema (Marco Ippolito) #63033c02413d29d] - doc: remove list of versions inBUILDING.md(Antoine du Hamel) #6311353f9a902a1] - doc,sqlite: document entryPoint argument for loadExtension (Edy Silva) #63152f858c6140e] - (SEMVER-MINOR) fs: addTemporal.Instantsupport toStatsandBigIntStats(Livia Medeiros) #60789b2ba62ca0e] - fs: makeDateproperties onStatsenumerable (LiviaMedeiros) #633280cbb3895df] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #63155f712e6856e] - http2: validate non-link headers in writeEarlyHints (Matteo Collina) #620173acadae676] - lib: fix typo idenity => identity (Daijiro Wachi) #63112460329e886] - lib: fixes validator message (Daijiro Wachi) #628239438c832b2] - lib: narrow ReadableStreamBYOBRequest.view return type to Uint8Array (RoomWithOutRoof) #63017c7d27c82c4] - lib: handle --permission-audit when propagating flags (Rafael Gonzaga) #630479f19915276] - lib: optimize webidl conversion options (Filip Skokan) #6275667d094a554] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #632359091398f3d] - meta: ignore AI assistants files (Matteo Collina) #6261296f19a16d0] - module: fix sync hook short-circuit in require() in imported CJS (Joyee Cheung) #6292045f3e3ef11] - node-api: support SharedArrayBuffer in napi_create_typedarray (Yilong Li) #62710d7afa617bb] - quic: send correct OpenSSL alert for ALPN mismatches (Tim Perry) #63193526313beb8] - quic: fixup quic stream variable chunk len (James M Snell) #632301613c7fe70] - quic: support --allow-net permissions (James M Snell) #6318472ab7444a8] - quic: remove unused env_ variable in session_manager.h/cc (James M Snell) #631772b55656778] - quic: remove unused binding variable in session.cc (James M Snell) #6317783f0d37400] - quic: ignore coverage for quic files (James M Snell) #631497e6b77b14d] - quic: complete the internal implementation of QUIC (James M Snell) #6287671372418f1] - repl: fix dedup comparing normalized line against raw history (Daijiro Wachi) #6288620f40c2c25] - sqlite: keep source database alive during backup (Matteo Collina) #62673592f741bd0] - src: simplify OpenSSL feature gates (Filip Skokan) #63255520ab7ad40] - src: add BoringSSL EVP enumeration fallback (Filip Skokan) #6320612be49acbc] - src: support multiple versions in node.config.json (Marco Ippolito) #63033296f907585] - src: remove unused using declarations in node_task_queue (Mert Can Altin) #631447703f11b3c] - src: skip JS callback for settled Promise.race losers (Felipe Coelho) #6233674ab710c3a] - src,sqlite: remove dead code (Edy Silva) #63204e49154f4c8] - stream: add sync iterable fast path to pipeTo (Trivikram Kamat) #63318537455e98d] - stream: fix merge handling for object-like sources (Trivikram Kamat) #63356e21b8a47f0] - stream: limit iter from sync iterable batches (Trivikram Kamat) #633243bdb64dc67] - stream: cache minimum cursor count in broadcast (Trivikram Kamat) #6332281819add6b] - stream: remove unnecessary check (Antoine du Hamel) #6303022e3579d74] - stream: avoid retrying accepted pipeTo writes (Trivikram Kamat) #63297691915ea94] - stream: validate broadcast writer writev chunks (Trivikram Kamat) #63300253f5f4ca2] - stream: uncork fromWritable writev on chunk error (Trivikram Kamat) #63295aa6913cc4a] - stream: validate fromWritable() options before cache (Trivikram Kamat) #632786c53ddb988] - stream: optimize single-slot push queue drain (Trivikram Kamat) #63274b568649f6f] - stream: preserve toReadableSync batch after backpressure (Trivikram Kamat) #63276cdcefd7e2f] - stream: cache minimum cursor count in share (Trivikram Kamat) #63262ba7000e4f7] - stream: minor stream/iter implementation edits (René) #6313231d89c4f59] - test: avoid repeated writes in watch helper (Trivikram Kamat) #633866f3587c773] - test: deflake watch mode worker test (Trivikram Kamat) #63384a57aebaa73] - test: update tls/crypto behaviour expectations when using BoringSSL (Filip Skokan) #63161b871cff2db] - test: relax test-memory-usage arrayBuffers check (inoway46) #6324425189bcb95] - test: reduce flakiness ofdifferent-registry-per-thread(Antoine du Hamel) #632445bdb1f8426] - test: fix flaky test-watch-mode-inspect timeout (Matteo Collina) #63361d57bd2bf59] - test: relax min assertion in test-performance-eventloopdelay (Marco) #63100014e1f00c1] - test: avoid flaky restart sync in debugger exceptions test (Yuya Inoue) #62055dd28ff8a80] - test: avoid initial-break wait in restart-message (inoway46) #62060e89a49a13a] - test: move FFI tests toNATIVE_SUITES(Antoine du Hamel) #6316551ef0258ba] - test: update WPT for wasm/jsapi to 288c467d35 (Node.js GitHub Bot) #63136c0175a9ba1] - test: use ERM to destroy sqlite database handles after tests (René) #6307683054e8aba] - test_runner: avoid hanging on incomplete v8 frames (Ali Hassan) #627044f1426d361] - test_runner: fix hooks test context (Moshe Atlow) #632856a4c4b7193] - test_runner: fix diagnostics channel context tracking (Moshe Atlow) #63283eba9c3481b] - test_runner: add tags option and tag-name filter (Chemi Atlow) #632212ba124f23b] - tls: add unsupported renegotiation error (Filip Skokan) #631617c5048495a] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #630756c574110a7] - tools: update gyp-next to 0.22.2 (Node.js GitHub Bot) #63374f14ed762b3] - tools: add boringssl to tools/nix/openssl-matrix.nix (Filip Skokan) #6320614d3924c48] - tools: fix test426 updater (Antoine du Hamel) #632710d017ece8d] - tools: filter V8 scripts for build toolchain (Richard Lau) #630693859a8700e] - tools: use different branch for tool updates on staging branches (Antoine du Hamel) #631104a32ed82bd] - tools: prevent lib code from reading KeyObject and CryptoKey accessors (Filip Skokan) #63111