Update dependency node to v20

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
node		major	18.19.0 -> 20.11.0
@types/node (source)	devDependencies	minor	20.8.7 -> 20.11.16

---

Release Notes

nodejs/node (node)

v20.11.0

Compare Source

v20.10.0

Compare Source

v20.9.0

Compare Source

v20.8.1: 2023-10-13, Version 20.8.1 (Current), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-44487: nghttp2 Security Release (High)
• CVE-2023-45143: undici Security Release (High)
• CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
• CVE-2023-39331: Permission model improperly protects against path traversal (High)
• CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
• CVE-2023-39333: Code injection via WebAssembly export names (Low)

More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.

Commits

• [c86883e844] - deps: update nghttp2 to 1.57.0 (James M Snell) #​50121
• [2860631359] - deps: update undici to v5.26.3 (Matteo Collina) #​50153
• [cd37838bf8] - lib: let deps require node prefixed modules (Matthew Aitken) #​50047
• [f5c90b2951] - module: fix code injection through export names (Tobias Nießen) nodejs-private/node-private#461
• [fa5dae1944] - permission: fix Uint8Array path traversal (Tobias Nießen) nodejs-private/node-private#456
• [cd35275111] - permission: improve path traversal protection (Tobias Nießen) nodejs-private/node-private#456
• [a4cb7fc7c0] - policy: use tamper-proof integrity check function (Tobias Nießen) nodejs-private/node-private#462

v20.8.0: 2023-09-28, Version 20.8.0 (Current), @​ruyadorno

Compare Source

Notable Changes

Stream performance improvements

Performance improvements to writable and readable streams, improving the creation and destruction by ±15% and reducing the memory overhead each stream takes in Node.js

Contributed by Benjamin Gruenbaum in #​49745 and Raz Luvaton in #​49834.

Performance improvements for readable webstream, improving readable stream async iterator consumption by ±140% and improving readable stream pipeTo consumption by ±60%

Contributed by Raz Luvaton in #​49662 and #​49690.

Rework of memory management in vm APIs with the importModuleDynamically option

This rework addressed a series of long-standing memory leaks and use-after-free issues in the following APIs that support importModuleDynamically:

• vm.Script
• vm.compileFunction
• vm.SyntheticModule
• vm.SourceTextModule

This should enable affected users (in particular Jest users) to upgrade from older versions of Node.js.

Contributed by Joyee Cheung in #​48510.

Other notable changes

• [32d4d29d02] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #​49874
• [0e686d096b] - doc: deprecate fs.F_OK, fs.R_OK, fs.W_OK, fs.X_OK (Livia Medeiros) #​49683
• [a5dd057540] - doc: deprecate util.toUSVString (Yagiz Nizipli) #​49725
• [7b6a73172f] - doc: deprecate calling promisify on a function that returns a promise (Antoine du Hamel) #​49647
• [1beefd5f16] - esm: set all hooks as release candidate (Geoffrey Booth) #​49597
• [b0ce78a75b] - module: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) #​48510
• [4e578f8ab1] - module: fix leak of vm.SyntheticModule (Joyee Cheung) #​48510
• [69e4218772] - module: use symbol in WeakMap to manage host defined options (Joyee Cheung) #​48510
• [14ece0aa76] - (SEMVER-MINOR) src: allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) #​49279
• [9fd67fbff0] - stream: use bitmap in writable state (Raz Luvaton) #​49834
• [0ccd4638ac] - stream: use bitmap in readable state (Benjamin Gruenbaum) #​49745
• [7c5e322346] - stream: improve webstream readable async iterator performance (Raz Luvaton) #​49662
• [80b342cc38] - (SEMVER-MINOR) test_runner: accept testOnly in run (Moshe Atlow) #​49753
• [17a05b141d] - (SEMVER-MINOR) test_runner: add junit reporter (Moshe Atlow) #​49614

Commits

• [4879e3fbbe] - benchmark: add a benchmark for read() of ReadableStreams (Debadree Chatterjee) #​49622
• [78a6c73157] - benchmark: shorten pipe-to by reducing number of chunks (Raz Luvaton) #​49577
• [4126a6e4c9] - benchmark: fix webstream pipe-to (Raz Luvaton) #​49552
• [6010a91825] - bootstrap: do not expand argv1 for snapshots (Joyee Cheung) #​49506
• [8480280c4b] - bootstrap: only use the isolate snapshot when compiling code cache (Joyee Cheung) #​49288
• [b30754aa87] - build: run embedtest using node executable (Joyee Cheung) #​49506
• [31db0b8e2b] - build: add --write-snapshot-as-array-literals to configure.py (Joyee Cheung) #​49312
• [6fcb51d3ba] - debugger: use internal/url.URL instead of url.parse (LiviaMedeiros) #​49590
• [32d4d29d02] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #​49874
• [ad37cadc3f] - deps: V8: backport de9a5de (Joyee Cheung) #​49703
• [cdd1c66222] - deps: V8: cherry-pick b33bf2d (Joyee Cheung) #​49703
• [61d18d6473] - deps: update undici to 5.24.0 (Node.js GitHub Bot) #​49559
• [b8a4fef393] - deps: remove pthread-fixes.c from uv.gyp (Ben Noordhuis) #​49744
• [6c86c0683c] - deps: update googletest to d1467f5 (Node.js GitHub Bot) #​49676
• [1424404742] - deps: update nghttp2 to 1.56.0 (Node.js GitHub Bot) #​49582
• [15b54ff95d] - deps: update googletest to 8a6feab (Node.js GitHub Bot) #​49463
• [2ceab877c2] - deps: update corepack to 0.20.0 (Node.js GitHub Bot) #​49464
• [4814872ddc] - doc: fix DEP0176 number (LiviaMedeiros) #​49858
• [0e686d096b] - doc: deprecate fs.F_OK, fs.R_OK, fs.W_OK, fs.X_OK (Livia Medeiros) #​49683
• [5877c403a2] - doc: add mertcanaltin as a triager (mert.altin) #​49826
• [864fe56432] - doc: add git node backport way to the backporting guide (Raz Luvaton) #​49760
• [e0f93492d5] - doc: improve documentation about ICU data fallback (Joyee Cheung) #​49666
• [a5dd057540] - doc: deprecate util.toUSVString (Yagiz Nizipli) #​49725
• [774c1cfd52] - doc: add missing function call to example for util.promisify (Jungku Lee) #​49719
• [fe78a34845] - doc: update output of example in mimeParams.set() (Deokjin Kim) #​49718
• [4175ea33bd] - doc: add missed inspect with numericSeparator to example (Deokjin Kim) #​49717
• [3a88571972] - doc: fix history comments (Antoine du Hamel) #​49701
• [db4ab1ccbb] - doc: add missing history info for import.meta.resolve (Antoine du Hamel) #​49700
• [a304d1ee19] - doc: link maintaining deps to pull-request.md (Marco Ippolito) #​49716
• [35294486ad] - doc: fix print results in events (Jungku Lee) #​49548
• [9f0b0e15c9] - doc: alphabetize cli.md sections (Geoffrey Booth) #​49668
• [7b6a73172f] - doc: deprecate calling promisify on a function that returns a promise (Antoine du Hamel) #​49647
• [d316b32fff] - doc: update corepack.md to account for 0.20.0 changes (Antoine du Hamel) #​49486
• [c2eac7dc7c] - doc: remove @anonrig from performance initiative (Yagiz Nizipli) #​49641
• [3d839fbf87] - doc: mark Node.js 16 as End-of-Life (Richard Lau) #​49651
• [53fb5aead8] - doc: save user preference for JS flavor (Vidar Eldøy) #​49526
• [e3594d5658] - doc: update documentation for node:process warning (Shubham Pandey) #​49517
• [8e033c3963] - doc: rename possibly confusing variable and CSS class (Antoine du Hamel) #​49536
• [d0e0eb4bb3] - doc: update outdated history info (Antoine du Hamel) #​49530
• [b4724e2e3a] - doc: close a parenthesis (Sébastien Règne) #​49525
• [0471c5798e] - doc: cast GetInternalField() return type to v8::Value in addons.md (Joyee Cheung) #​49439
• [9f8bea3dda] - doc: fix documentation for input option in child_process (Ariel Weiss) #​49481
• [f3fea92f8a] - doc: fix missing imports in test.run code examples (Oshri Asulin) #​49489
• [e426b77b67] - doc: fix documentation for fs.createWriteStream highWaterMark option (Mert Can Altın) #​49456
• [2b119108ff] - doc: updated releasers instructions for node.js website (Claudio W) #​49427
• [b9d4a80183] - doc: edit import.meta.resolve documentation (Antoine du Hamel) #​49247
• [f67433f666] - doc,tools: switch to @node-core/utils (Michaël Zasso) #​49851
• [142e256fc5] - errors: improve classRegExp in errors.js (Uzlopak) #​49643
• [6377f1bce2] - errors: use determineSpecificType in more error messages (Antoine du Hamel) #​49580
• [05f0fcb4c4] - esm: identify parent importing a url with invalid host (Jacob Smith) #​49736
• [8a6f5fb8f3] - esm: fix return type of import.meta.resolve (Antoine du Hamel) #​49698
• [a6140f1b8c] - esm: update loaders warning (Geoffrey Booth) #​49633
• [521a9327e0] - esm: fix support for URL instances in register (Antoine du Hamel) #​49655
• [3a9ea0925a] - esm: clarify ERR_REQUIRE_ESM errors (Daniel Compton) #​49521
• [1beefd5f16] - esm: set all hooks as release candidate (Geoffrey Booth) #​49597
• [be48267888] - esm: remove return value for Module.register (Antoine du Hamel) #​49529
• [e74a075124] - esm: refactor test-esm-loader-resolve-type (Geoffrey Booth) #​49493
• [17823b3533] - esm: refactor test-esm-named-exports (Geoffrey Booth) #​49493
• [f34bd15ac1] - esm: refactor mocking test (Geoffrey Booth) #​49465
• [ec323bbd99] - fs: replace SetMethodNoSideEffect in node_file (CanadaHonk) #​49857
• [6acf800123] - fs: improve error performance for unlinkSync (CanadaHonk) #​49856
• [31702c9403] - fs: improve readFileSync with file descriptors (Yagiz Nizipli) #​49691
• [835f9fe7b9] - fs: fix file descriptor validator (Yagiz Nizipli) #​49752
• [b618fe262f] - fs: improve error performance of opendirSync (Yagiz Nizipli) #​49705
• [938471ef55] - fs: improve error performance of sync methods (Yagiz Nizipli) #​49593
• [db3fc6d087] - fs: fix readdir and opendir recursive with unknown file types (William Marlow) #​49603
• [0f020ed22d] - gyp: put cctest filenames in variables (Cheng Zhao) #​49178
• [0ce1e94d12] - lib: update encoding sets in WHATWG API (Jungku Lee) #​49610
• [efd6815a7a] - lib: fix internalBinding typings (Yagiz Nizipli) #​49742
• [1287d5b74e] - lib: allow byob reader for 'blob.stream()' (Debadree Chatterjee) #​49713
• [bbc710522d] - lib: reset the cwd cache before execution (Maël Nison) #​49684
• [f62d649e4d] - lib: use internal fileURLToPath (Deokjin Kim) #​49558
• [e515046941] - lib: use internal pathToFileURL (Livia Medeiros) #​49553
• [00608e8070] - lib: check SharedArrayBuffer availability in freeze_intrinsics.js (Milan Burda) #​49482
• [8bfbe7079c] - meta: fix linter error (Antoine du Hamel) #​49755
• [58f7a9e096] - meta: add primordials strategic initiative (Benjamin Gruenbaum) #​49706
• [5366027756] - meta: bump github/codeql-action from 2.21.2 to 2.21.5 (dependabot[bot]) #​49438
• [fe26b74082] - meta: bump rtCamp/action-slack-notify from 2.2.0 to 2.2.1 (dependabot[bot]) #​49437
• [b0ce78a75b] - module: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) #​48510
• [4e578f8ab1] - module: fix leak of vm.SyntheticModule (Joyee Cheung) #​48510
• [69e4218772] - module: use symbol in WeakMap to manage host defined options (Joyee Cheung) #​48510
• [96874e8fbc] - node-api: enable uncaught exceptions policy by default (Chengzhong Wu) #​49313
• [b931aeadfd] - perf_hooks: reduce overhead of new performance_entries (Vinicius Lourenço) #​49803
• [ad043bac31] - process: add custom dir support for heapsnapshot-signal (Jithil P Ponnan) #​47854
• [8a7c10194c] - repl: don't accumulate excess indentation in .load (Daniel X Moore) #​49461
• [10a2adeed5] - src: improve error message when ICU data cannot be initialized (Joyee Cheung) #​49666
• [ce37688bac] - src: remove unnecessary todo (Rafael Gonzaga) #​49227
• [f611583b71] - src: use SNAPSHOT_SERDES to log snapshot ser/deserialization (Joyee Cheung) #​49637
• [a597cb8457] - src: port Pipe to uv_pipe_bind2, uv_pipe_connect2 (Geoff Goodman) #​49667
• [fb21062338] - src: set --rehash-snapshot explicitly (Joyee Cheung) #​49556
• [14ece0aa76] - (SEMVER-MINOR) src: allow embedders to override NODE_MODULE_VERSION (Cheng Zhao) #​49279
• [4b5e23c71b] - src: set ModuleWrap internal fields only once (Joyee Cheung) #​49391
• [2d3f5c7cab] - src: fix fs_type_to_name default value (Mustafa Ateş Uzun) #​49239
• [cfbcb1059c] - src: fix comment on StreamResource (rogertyang) #​49193
• [39fb83ad16] - src: do not rely on the internal field being default to undefined (Joyee Cheung) #​49413
• [9fd67fbff0] - stream: use bitmap in writable state (Raz Luvaton) #​49834
• [0ccd4638ac] - stream: use bitmap in readable state (Benjamin Gruenbaum) #​49745
• [b29d927010] - stream: improve readable webstream pipeTo (Raz Luvaton) #​49690
• [7c5e322346] - stream: improve webstream readable async iterator performance (Raz Luvaton) #​49662
• [be211ef818] - test: deflake test-vm-contextified-script-leak (Joyee Cheung) #​49710
• [355f10dab2] - test: use checkIfCollectable in vm leak tests (Joyee Cheung) #​49671
• [17cfc531aa] - test: add checkIfCollectable to test/common/gc.js (Joyee Cheung) #​49671
• [e49a573752] - test: add os setPriority, getPriority test coverage (Wael) #​38771
• [5f02711522] - test: deflake test-runner-output (Moshe Atlow) #​49878
• [cd9754d6a7] - test: mark test-runner-output as flaky (Joyee Cheung) #​49854
• [5ad00424dd] - test: use mustSucceed instead of mustCall (SiddharthDevulapalli) #​49788
• [3db9b40081] - test: refactor test-readline-async-iterators into a benchmark (Shubham Pandey) #​49237
• [2cc5ad7859] - Revert "test: mark test-http-regr-gh-2928 as flaky" (Luigi Pinca) #​49708
• [e5185b053c] - test: use fs.constants for fs.access constants (Livia Medeiros) #​49685
• [b9e5b43462] - test: deflake test-http-regr-gh-2928 (Luigi Pinca) #​49574
• [1fffda504e] - test: fix argument computation in embedtest (Joyee Cheung) #​49506
• [6e56f2db52] - test: skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) #​49621
• [ab3afb330d] - test: mark test-runner-watch-mode as flaky (Joyee Cheung) #​49627
• [185d9b50db] - test: deflake test-tls-socket-close (Luigi Pinca) #​49575
• [c70c74a9e6] - test: show more info on failure in test-cli-syntax-require.js (Joyee Cheung) #​49561
• [ed7c6d1114] - test: mark test-http-regr-gh-2928 as flaky (Joyee Cheung) #​49565
• [3599eebab9] - test: use spawnSyncAndExitWithoutError in sea tests (Joyee Cheung) #​49543
• [f79b153e89] - test: use spawnSyncAndExitWithoutError in test/common/sea.js (Joyee Cheung) #​49543
• [c079c73769] - test: use setImmediate() in test-heapdump-shadowrealm.js (Joyee Cheung) #​49573
• [667a92493c] - test: skip test-child-process-pipe-dataflow.js on Windows (Joyee Cheung) #​49563
• [91af0a9a3c] - Revert "test: ignore the copied entry_point.c" (Chengzhong Wu) #​49515
• [567afc71b8] - test: avoid copying test source files (Chengzhong Wu) #​49515
• [ced25a976d] - test: increase coverage of Module.register and initialize hook (Antoine du Hamel) #​49532
• [be02fbdb8a] - test: isolate globalPreload tests (Geoffrey Booth) #​49545
• [f214428845] - test: split test-crypto-dh to avoid timeout on slow machines in the CI (Joyee Cheung) #​49492
• [3987094569] - test: make test-dotenv-node-options locale-independent (Livia Medeiros) #​49470
• [34c1741792] - test: add test for urlstrings usage in node:fs (Livia Medeiros) #​49471
• [c3c6c4f007] - test: make test-worker-prof more robust (Joyee Cheung) #​49274
• [843df1a4da] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #​49714
• [80b342cc38] - (SEMVER-MINOR) test_runner: accept testOnly in run (Moshe Atlow) #​49753
• [76865515b9] - test_runner: fix test runner watch mode when no positional arguments (Moshe Atlow) #​49578
• [17a05b141d] - (SEMVER-MINOR) test_runner: add junit reporter (Moshe Atlow) #​49614
• [5672e38457] - test_runner: add jsdocs to mock.js (Caio Borghi) #​49555
• [b4d42a8f2b] - test_runner: fix invalid timer call (Erick Wendel) #​49477
• [f755e6786b] - test_runner: add jsdocs to MockTimers (Erick Wendel) #​49476
• [e7285d4bf0] - test_runner: fix typescript coverage (Moshe Atlow) #​49406
• [07a2e29bf3] - tools: support updating @​reporters/github manually (Moshe Atlow) #​49871
• [5ac6722031] - tools: skip ruff on tools/node_modules (Moshe Atlow) #​49838
• [462228bd24] - tools: fix uvwasi updater (Michael Dawson) #​49682
• [ff81bfb958] - tools: update lint-md-dependencies to rollup@3.29.2 (Node.js GitHub Bot) #​49679
• [08ffc6344c] - tools: restrict internal code from using public url module (LiviaMedeiros) #​49590
• [728ebf6c97] - tools: update eslint to 8.49.0 (Node.js GitHub Bot) #​49586
• [20d038ffb1] - tools: update lint-md-dependencies to rollup@3.29.0 unified@11.0.3 (Node.js GitHub Bot) #​49584
• [210c15bd12] - tools: allow passing absolute path of config.gypi in js2c (Cheng Zhao) #​49162
• [e341efe173] - tools: configure never-stale label correctly (Michaël Zasso) #​49498
• [a8a8a498ce] - tools: update doc dependencies (Node.js GitHub Bot) #​49467
• [ac06607f9e] - typings: fix missing property in ExportedHooks (Antoine du Hamel) #​49567
• [097b59807a] - url: improve invalid url performance (Yagiz Nizipli) #​49692
• [7c2060cfac] - util: add getCwdSafe internal util fn (João Lenon) #​48434
• [c23c60f545] - zlib: disable CRC32 SIMD optimization (Luigi Pinca) #​49511

v20.7.0: 2023-09-18, Version 20.7.0 (Current), @​UlisesGascon

Compare Source

Notable Changes

• [022f1b70c1] - src: support multiple --env-file declarations (Yagiz Nizipli) #​49542
• [4a1d1cad61] - crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot) #​49341
• [a1a65f593c] - deps: upgrade npm to 10.1.0 (npm team) #​49570
• [6c2480cad9] - (SEMVER-MINOR) deps: upgrade npm to 10.0.0 (npm team) #​49423
• [bef900e56b] - doc: move and rename loaders section (Geoffrey Booth) #​49261
• [db4ce8a593] - doc: add release key for Ulises Gascon (Ulises Gascón) #​49196
• [11c85ffa98] - (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled (翠 / green) #​46391
• [ec51e25ed7] - src,permission: add multiple allow-fs-* flags (Carlos Espa) #​49047
• [efdc95fbc0] - (SEMVER-MINOR) test_runner: expose location of tests (Colin Ihrig) #​48975

Commits

• [e84515594e] - benchmark: use tmpdir.resolve() (Livia Medeiros) #​49137
• [f37444e896] - bootstrap: build code cache from deserialized isolate (Joyee Cheung) #​49099
• [af6dc1754d] - bootstrap: do not generate code cache in an unfinalized isolate (Joyee Cheung) #​49108
• [cade5716df] - build: add symlink to compile_commands.json file if needed (Juan José) #​49260
• [34a2590b05] - build: expand when we run internet tests (Michael Dawson) #​49218
• [f637fd46ab] - build: fix typo libray -> library (configure.py) (michalbiesek) #​49106
• [ef3d8dd493] - crypto: remove webcrypto EdDSA key checks and properties (Filip Skokan) #​49408
• [4a1d1cad61] - crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot) #​49341
• [7eb10a38ea] - crypto: remove getDefaultEncoding() (Tobias Nießen) #​49170
• [772496c030] - crypto: remove default encoding from DiffieHellman (Tobias Nießen) #​49169
• [c795083232] - crypto: remove default encoding from Hash/Hmac (Tobias Nießen) #​49167
• [08197aa010] - crypto: remove default encoding from sign/verify (Tobias Nießen) #​49145
• [a1a65f593c] - deps: upgrade npm to 10.1.0 (npm team) #​49570
• [6c2480cad9] - (SEMVER-MINOR) deps: upgrade npm to 10.0.0 (npm team) #​49423
• [84195d9584] - deps: add missing thread-common.c in uv.gyp (Santiago Gimeno) #​49410
• [5b70b68b3d] - deps: V8: cherry-pick eadaef5 (Adam Majer) #​49401
• [fe34d632e8] - deps: update zlib to 1.2.13.1-motley-f5fd0ad (Node.js GitHub Bot) #​49252
• [db4ce8a593] - doc: add release key for Ulises Gascon (Ulises Gascón) #​49196
• [e5f3a694cf] - doc: fix node-api call example (Chengzhong Wu) #​49395
• [021345a724] - doc: add news issue for Diagnostics WG (Michael Dawson) #​49306
• [f82347266b] - doc: clarify policy expectations (Rafael Gonzaga) #​48947
• [73cfd9c895] - doc: add print results for examples in StringDecoder (Jungku Lee) #​49326
• [63ab591416] - doc: update outdated reference to NIST SP 800-131A (Tobias Nießen) #​49316
• [935dfe2afd] - doc: use cjs as block code's type in MockTimers (Deokjin Kim) #​49309
• [7c0cd2fb87] - doc: update options.filter description for fs.cp (Shubham Pandey) #​49289
• [f72e79ea67] - doc: add riscv64 to list of architectures (Stewart X Addison) #​49284
• [d19c710064] - doc: avoid "not currently recommended" (Tobias Nießen) #​49300
• [ae656101c0] - doc: update module hooks docs (Geoffrey Booth) #​49265
• [fefbdb92f2] - doc: modify param description for end(),write() in StringDecoder (Jungku Lee) #​49285
• [59e66a1ebe] - doc: use NODE_API_SUPPORTED_VERSION_MAX in release doc (Cheng Zhao) #​49268
• [ac3b88449b] - doc: fix typo in stream.finished documentation (Antoine du Hamel) #​49271
• [7428ebf6c3] - doc: update description for percent_encode sets in WHATWG API (Jungku Lee) #​49258
• [bef900e56b] - doc: move and rename loaders section (Geoffrey Booth) #​49261
• [a22e0d9696] - doc: clarify use of Uint8Array for n-api (Fedor Indutny) #​48742
• [1704f24cb9] - doc: add signature for module.register (Geoffrey Booth) #​49251
• [5a363bb01b] - doc: caveat unavailability of import.meta.resolve in custom loaders (Jacob Smith) #​49242
• [8101f2b259] - doc: use same name in the doc as in the code (Hyunjin Kim) #​49216
• [edf278d60d] - doc: add notable-change label mention to PR template (Rafael Gonzaga) #​49188
• [3df2251a6a] - doc: add h1 summary to security release process (Rafael Gonzaga) #​49112
• [9fcd99a744] - doc: update to semver-minor releases by default (Rafael Gonzaga) #​49175
• [777931f499] - doc: fix wording in napi_async_init (Tobias Nießen) #​49180
• [f45c8e10c0] - doc,test: add known path resolution issue in permission model (Tobias Nießen) #​49155
• [a6cfea3f74] - esm: align sync and async load implementations (Antoine du Hamel) #​49152
• [9fac310b33] - fs: add the options param description in openAsBlob() (Yeseul Lee) #​49308
• [92772a8175] - fs: remove redundant code in readableWebStream() (Deokjin Kim) #​49298
• [88ba79b083] - fs: make sure to write entire buffer (Robert Nagy) #​49211
• [11c85ffa98] - (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled (翠 / green) #​46391
• [c12711ebfe] - lib: implement WeakReference on top of JS WeakRef (Joyee Cheung) #​49053
• [9a0891f88d] - meta: bump step-security/harden-runner from 2.5.0 to 2.5.1 (dependabot[bot]) #​49435
• [ae67f41ef1] - meta: bump actions/checkout from 3.5.3 to 3.6.0 (dependabot[bot]) #​49436
• [71b4411fb2] - meta: bump actions/setup-node from 3.7.0 to 3.8.1 (dependabot[bot]) #​49434
• [83b7d3a395] - meta: remove modules team from CODEOWNERS (Benjamin Gruenbaum) #​49412
• [81ff68c45c] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​49264
• [ab975233cc] - meta: mention nodejs/tsc when changing GH templates (Rafael Gonzaga) #​49189
• [ceaa5494de] - meta: add test/reporters to codeowners (Chemi Atlow) #​49186
• [de0a51b7cf] - net: improve performance of isIPv4 and isIPv6 (Uzlopak) #​49568
• [8d0913bf95] - net: use asserts in JS Socket Stream to catch races in future (Tim Perry) #​49400
• [2486836a7d] - net: fix crash due to simultaneous close/shutdown on JS Stream Sockets (Tim Perry) #​49400
• [7a808340cd] - node-api: fix compiler warning in node_api.h (Michael Graeb) #​49103
• [30f26a99f4] - permission: ensure to resolve path when calling mkdtemp (RafaelGSS) nodejs-private/node-private#440
• [5051c75a5b] - policy: fix path to URL conversion (Antoine du Hamel) #​49133
• [173aed4757] - report: fix recent coverity warning (Michael Dawson) #​48954
• [d7ff78b442] - sea: generate code cache with deserialized isolate (Joyee Cheung) #​49226
• [022f1b70c1] - src: support multiple --env-file declarations (Yagiz Nizipli) #​49542
• [154b1c2115] - src: don't overwrite environment from .env file (Phil Nash) #​49424
• [dc4de1c69b] - src: modify code for empty string (pluris) #​49336
• [701c46f967] - src: remove unused PromiseWrap-related code (Joyee Cheung) #​49335
• [4a094dc7af] - src: rename IsAnyByteSource to IsAnyBufferSource (Tobias Nießen) #​49346
• [55d6649175] - src: support snapshot deserialization in RAIIIsolate (Joyee Cheung) #​49226
• [dc092864ef] - src: remove unused function GetName() in node_perf (Jungku Lee) #​49244
• [f2552a410e] - src: use ARES_SUCCESS instead of 0 (Jungku Lee) #​49048
• [4a9ae31519] - src: add a condition if the argument of DomainToUnicode is empty (Jungku Lee) #​49097
• [f460362cdf] - src: remove C++ WeakReference implementation (Joyee Cheung) #​49053
• [2a35383b3e] - src: use per-realm GetBindingData() wherever applicable (Joyee Cheung) #​49007
• [184bbddcf5] - src: add per-realm GetBindingData() method (Joyee Cheung) #​49007
• [e9946885f9] - src: serialize both BaseObject slots (Joyee Cheung) #​48996
• [ec51e25ed7] - src,permission: add multiple allow-fs-* flags (Carlos Espa) #​49047
• [8aac95de4b] - stream: improve tee perf by reduce ReflectConstruct usages (Raz Luvaton) #​49546
• [0eea7fd8fb] - stream: use Buffer.from when constructor is a Buffer (Matthew Aitken) #​49250
• [b961d9bd52] - stream: add highWaterMark for the map operator (Raz Luvaton) [#​49249](ht

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.