7.4.3
Update urgency: SECURITY
: There are security fixes in the release.
- (CVE-2025-21605) An unauthenticated client can cause an unlimited growth of output buffers
- #13661
FUNCTION FLUSH
- memory leak when using jemalloc - #13793
WAITAOF
returns prematurely - #13853
SLAVEOF
- crash when clients are blocked on lazy free - #13863
RANDOMKEY
- infinite loop during client pause - #13877 ShardID inconsistency when both primary and replica support it
7.2.8
Update urgency: SECURITY
: There are security fixes in the release.
- (CVE-2025-21605) An unauthenticated client can cause an unlimited growth of output buffers
- #12817, #12905 Fix race condition issues between the main thread and module threads
- #13863
RANDOMKEY
- infinite loop during client pause - #13877 ShardID inconsistency when both primary and replica support it
2025-04-23, Version 22.15.0 'Jod' (LTS), @UlisesGascon prepared by @RafaelGSS
- [
3c88f3938b
] - (SEMVER-MINOR) assert: implement partial error comparison (Ruben Bridgewater) #57370 - [
db19a3f9fc
] - (SEMVER-MINOR) assert: improve partialDeepStrictEqual (Ruben Bridgewater) #57370 - [
1ee5f840b4
] - (SEMVER-MINOR) cli: allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018 - [
872ee0f2ac
] - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381 - [
03a0f3a56b
] - (SEMVER-MINOR) crypto: support --use-system-ca on Windows (Joyee Cheung) #56833 - [
94647bbdb2
] - (SEMVER-MINOR) crypto: added support for reading certificates from macOS system store (Tim Jacomb) #56599 - [
8f7b86a6e7
] - deps: update timezone to 2025a (Node.js GitHub Bot) #56876 - [
f9f611fb58
] - (SEMVER-MINOR) deps,tools: add zstd 1.5.6 (Jan Martin) #52100 - [
07a6d5f8cf
] - (SEMVER-MINOR) dns: add TLSA record query and parsing (Rithvik Vibhu) #52983 - [
d8a83ef2f3
] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241 - [
6b93ba723b
] - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698 - [
b2e44a8079
] - (SEMVER-MINOR) module: implement module.registerHooks() (Joyee Cheung) #55698 - [
dc91ae7471
] - (SEMVER-MINOR) process: add execve (Paolo Insogna) #56496 - [
bc672fcfdd
] - (SEMVER-MINOR) sqlite: allow returningArrayBufferView
s from user-defined functions (René) #56790 - [
5edee197ab
] - (SEMVER-MINOR) tls: implement tls.getCACertificates() (Joyee Cheung) #57107 - [
f9fe0e09ee
] - (SEMVER-MINOR) util: expose diff function used by the assertion errors (Giovanni Bucci) #57462 - [
673a424180
] - (SEMVER-MINOR) v8: add v8.getCppHeapStatistics() method (Aditi) #57146 - [
4991e5d826
] - (SEMVER-MINOR) zlib: add zstd support (Jan Martin) #52100
- [
ea70a379c3
] - assert: improve partialDeepStrictEqual performance (Ruben Bridgewater) #57509 - [
2b419d7e79
] - (SEMVER-MINOR) assert: implement partial error comparison (Ruben Bridgewater) #57370 - [
d817c17fd7
] - (SEMVER-MINOR) assert: improve partialDeepStrictEqual (Ruben Bridgewater) #57370 - [
7af0440073
] - assert: improve myers diff performance (Giovanni Bucci) #57279 - [
01cf5fb871
] - (SEMVER-MINOR) assert,util: improve performance (Ruben Bridgewater) #57370 - [
a58842cee4
] - (SEMVER-MINOR) benchmark: adjust assert runtimes (Ruben Bridgewater) #57370 - [
b20b3697aa
] - (SEMVER-MINOR) benchmark: skip running some assert benchmarks by default (Ruben Bridgewater) #57370 - [
ec5570fd1e
] - (SEMVER-MINOR) benchmark: add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370 - [
b991bf4ca6
] - benchmark: add a warmup on bench-openSync (Elves Vieira) #57051 - [
4a455bc806
] - build: fix update-wpt workflow (Jonas) #57468 - [
6ec397e61c
] - build: fix compatibility with V8'sdepot_tools
(Richard Lau) #57330 - [
475aaca336
] - build: print 'Formatting Markdown...' for long task markdown formatting (1ilsang) #57108 - [
73fced7a97
] - build: fix GN build failure (Cheng) #57013 - [
af05f91425
] - build: fix GN build of uv (Cheng) #56955 - [
fd3053e947
] - build: gyp exclude libm linking on macOS (deepak1556) #56901 - [
5ec6b9a50f
] - build: remove explicit linker call to libm on macOS (deepak1556) #56901 - [
a893da9be7
] - build: link with Security.framework in GN build (Cheng) #56895 - [
02cd8e0a50
] - build: do not put commands in sources variables (Cheng) #56885 - [
73dc8c2140
] - build: add double quotes around <(python) (Luigi Pinca) #56826 - [
65a3b5f73c
] - build: add build option suppress_all_error_on_warn (Michael Dawson) #56647 - [
424aacc942
] - build,win: disable node pch with ccache (Stefan Stojanovic) #57224 - [
901685c723
] - build,win: enable ccache (Stefan Stojanovic) #56847 - [
79987676c1
] - cli: clarify --cpu-prof-name allowed values (Eugenio Ceschia) #57433 - [
503d4237aa
] - (SEMVER-MINOR) cli: allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018 - [
ada572b733
] - crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports (Filip Skokan) #57450 - [
7e5aabde55
] - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381 - [
7ea6ac1e09
] - crypto: add support for intermediate certs in --use-system-ca (Tim Jacomb) #57164 - [
44b19ec534
] - crypto: support --use-system-ca on non-Windows and non-macOS (Joyee Cheung) #57009 - [
e21d126438
] - crypto: fix missing OPENSSL_NO_ENGINE guard (Shelley Vohr) #57012 - [
2fdf82b357
] - crypto: cleanup root certificates and skip PEM deserialization (Joyee Cheung) #56999 - [
03a0f3a56b
] - (SEMVER-MINOR) crypto: support --use-system-ca on Windows (Joyee Cheung) #56833 - [
bbdb10bc2c
] - crypto: fix X509* leak in --use-system-ca (Joyee Cheung) #56832 - [
5470cab6d3
] - crypto: add api to get openssl security level (Michael Dawson) #56601 - [
94647bbdb2
] - (SEMVER-MINOR) crypto: added support for reading certificates from macOS system store (Tim Jacomb) #56599 - [
caf81ca549
] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #57498 - [
1d703fe220
] - deps: update c-ares to v1.34.5 (Node.js GitHub Bot) #57792 - [
98457dfea3
] - deps: update undici to 6.21.2 (Matteo Collina) #57442 - [
4a852ba11b
] - deps: V8: cherry-pick c172ffc5bf54 (Choongwoo Han) #57437 - [
54a12e0bcc
] - deps: update googletest to 0bdccf4 (Node.js GitHub Bot) #57380 - [
2e350963e5
] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #57382 - [
95e5d01c25
] - deps: update amaro to 0.4.1 (marco-ippolito) #57121 - [
ef216deb05
] - deps: update amaro to 0.3.2 (marco-ippolito) #56916 - [
4ef4d6ecf6
] - deps: update amaro to 0.3.1 (Node.js GitHub Bot) #56785 - [
a8bf5ef4a7
] - deps: update simdjson to 3.12.2 (Node.js GitHub Bot) #57084 - [
0bd612bb32
] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #57335 - [
7d65f79306
] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #57335 - [
5c88c52491
] - deps: update corepack to 0.32.0 (Node.js GitHub Bot) #57265 - [
fa04bf4999
] - deps: update gyp file for ngtcp2 1.11.0 (Richard Lau) #57225 - [
ca6b07258d
] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #57180 - [
0a72b16fe1
] - deps: update ngtcp2 to 1.11.0 (Node.js GitHub Bot) #57179 - [
600fb41f54
] - deps: update sqlite to 3.49.1 (Node.js GitHub Bot) #57178 - [
7eb3b44010
] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #56655 - [
257d22e181
] - deps: update sqlite to 3.49.0 (Node.js GitHub Bot) #56654 - [
53a7bfce01
] - deps: V8: cherry-pick 9ab40592f697 (Levi Zim) #56781 - [
636f65cb1a
] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #56855 - [
8f7b86a6e7
] - deps: update timezone to 2025a (Node.js GitHub Bot) #56876 - [
db31276bfa
] - deps: update simdjson to 3.12.0 (Node.js GitHub Bot) #56874 - [
d1d58d6198
] - deps: update googletest to e235eb3 (Node.js GitHub Bot) #56873 - [
05b3dff275
] - deps: update simdjson to 3.11.6 (Node.js GitHub Bot) #56250 - [
f9f611fb58
] - (SEMVER-MINOR) deps,tools: add zstd 1.5.6 (Jan Martin) #52100 - [
ef212a41a7
] - dns: restore dns query cache ttl (Ethan Arrowood) #57640 - [
7a10b01e97
] - dns: remove redundant code using common variable (Deokjin Kim) #57386 - [
bc2603f086
] - (SEMVER-MINOR) dns: add TLSA record query and parsing (Rithvik Vibhu) #52983 - [
38a2e5d60b
] - doc: add gurgunday as triager (Gürgün Dayıoğlu) #57594 - [
b7ac0bd129
] - doc: clarify behaviour of node-api adjust function (Michael Dawson) #57463 - [
fa834896c8
] - doc: remove Corepack documentation (Antoine du Hamel) #57635 - [
8988173286
] - doc: remove mention of--require
not supporting ES modules (Huáng Jùnliàng) #57620 - [
3a7d179dbd
] - doc: mention reports should align with Node.js CoC (Rafael Gonzaga) #57607 - [
983c5087f6
] - doc: add section stating that very stale PRs should be closed (Dario Piotrowicz) #57541 - [
f4e1f702d4
] - doc: add bjohansebas as triager (Sebastian Beltran) #57564 - [
9b7fd6b076
] - doc: update support channels (Claudio W.) #57538 - [
ef624aff55
] - doc: remove cryptoStream API reference (Jonas) #57579 - [
4a2afc255a
] - doc: module resolution pseudocode corrections (Marcel Laverdet) #57080 - [
ee5059426d
] - doc: add history entry for DEP0190 inchild_process.md
(Antoine du Hamel) #57544 - [
4deebb4fca
] - doc: remove deprecated pattern inchild_process.md
(Antoine du Hamel) #57568 - [
6cd7b37d9c
] - doc: mark multiple experimental APIS as stable (James M Snell) #57510 - [
c2f1fa0928
] - doc: remove mertcanaltin from Triagers (Mert Can Altin) #57531 - [
9b6047e520
] - doc: recommend watching the collaborators repo in the onboarding doc (Darshan Sen) #57527 - [
bf1e297079
] - doc: remove mention of visa fees from onboarding doc (Darshan Sen) #57526 - [
1041331094
] - doc: deprecate passingargs
tospawn
andexecFile
(Antoine du Hamel) #57389 - [
06994d5a75
] - doc: remove some inconsistencies indeprecations.md
(Antoine du Hamel) #57512 - [
707f851ba3
] - doc: run license-builder (github-actions[bot]) #57511 - [
a7793195d6
] - doc: add new writing-docs contributing md (Dario Piotrowicz) #57502 - [
30d4a43b3d
] - doc: add node.js streams references to Web Streams doc (Dario Piotrowicz) #57393 - [
e08365980b
] - doc: prefer to sign commits under nodejs repository (Rafael Gonzaga) #57311 - [
c35e1f9048
] - doc: fixed the incorrect splitting of multiple words (letianpailove) #57454 - [
3e1f3bc2bb
] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #57449 - [
fef3f82a41
] - doc: add history info for --use-system-ca (Darshan Sen) #57432 - [
96afdf949d
] - doc: remove typo YAML snippet from tls.getCACertificates doc (Darshan Sen) #57459 - [
800d61d47e
] - doc: fix typo in sqlite.md (Tobias Nießen) #57473 - [
4876aee775
] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #57426 - [
2dd72c658f
] - doc: update maintaining-openssl.md for openssl (Richard Lau) #57413 - [
a49fd31f04
] - doc: add missingdeprecated
badges infs.md
(Yukihiro Hasegawa) #57384 - [
3a4ed77674
] - doc: add note about sync nodejs-private branches (Rafael Gonzaga) #57404 - [
1025e6dc7c
] - doc: update Xcode version used for arm64 and pkg (Michaël Zasso) #57104 - [
77b9e04a70
] - doc: improve type stripping documentation (Marco Ippolito) #56916 - [
3a75e8410d
] - doc: specificy support for erasable ts syntax (Marco Ippolito) #56916 - [
69f12f9686
] - doc: make first parameter optional inutil.getCallSites
(Deokjin Kim) #57387 - [
2b4e737ffb
] - doc: fix usage of module.registerSync in comment (Timo Kössler) #57328 - [
f320593958
] - doc: add Darshan back as voting TSC member (Michael Dawson) #57402 - [
2b7765469a
] - doc: revise webcrypto.md types, interfaces, and added versions (Filip Skokan) #57376 - [
649828c74a
] - doc: add info on how project manages social media (Michael Dawson) #57318 - [
2a2e1cfd71
] - doc: revisetsconfig.json
note (Steven) #57353 - [
17883b1d46
] - doc: use more clear name in getSystemErrorMessage's example (ikuma-t) #57310 - [
7feed9989b
] - doc: recommend settingnoEmit: true
intsconfig.json
(Steven) #57320 - [
fe707ab162
] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #57309 - [
f3c58ab693
] - doc: fix Windows ccache section position (Stefan Stojanovic) #57326 - [
e69170bacd
] - doc: update node-api version matrix (Chengzhong Wu) #57287 - [
0bc1fd2245
] - doc: recommenderasableSyntaxOnly
in ts docs (Rob Palmer) #57271 - [
068013744e
] - doc: clarifypath.isAbsolute
is not path traversal mitigation (Eric Fortis) #57073 - [
238b0e856e
] - doc: fix rendering of DEP0174 description (David Sanders) #56835 - [
db0bcefd14
] - doc: add 1ilsang to triage team (1ilsang) #57183 - [
52a593feab
] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241 - [
89f4475e32
] - doc: add missing assert return types (Colin Ihrig) #57219 - [
62b6d94c03
] - doc: add streamResetBurst and streamResetRate (Sujal Raj) #57195 - [
f150017e70
] - doc: add esm examples to node:util (Alfredo González) #56793 - [
99465ffa9c
] - doc: update options to filehandle.appendFile() (Hasegawa-Yukihiro) #56972 - [
6242520a90
] - doc: add additional caveat for fs.watch (Michael Dawson) #57150 - [
19cda4791a
] - doc: fix typo in Windows building instructions (Tim Jacomb) #57158 - [
ef206add59
] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #57076 - [
7243c1713d
] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #52607 - [
617fe71f67
] - doc: fix 'introduced_in' version in typescript module (1ilsang) #57109 - [
6cc15b8dc9
] - doc: fix link and history ofSourceMap
sections (Antoine du Hamel) #57098 - [
6be8189041
] - doc: addmodule namespace object
links (Dario Piotrowicz) #57093 - [
8611c4a3ea
] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #57092 - [
79da145a55
] - doc: update clang-cl on Windows building guide (Joyee Cheung) #57087 - [
845eaf91be
] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #57090 - [
42c5e23eb1
] - doc:modules.md
: fixdistance
definition (Alexander “weej” Jones) #57046 - [
bda851aaa3
] - doc: fix wrong verb form (Dario Piotrowicz) #57091 - [
64e13fd36e
] - doc: fix transpiler loader hooks documentation (Joyee Cheung) #57037 - [
51494d8b78
] - doc: add a note aboutrequire('../common')
in testing documentation (Aditi) #56953 - [
053b128e9c
] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #57028 - [
a20c62a00c
] - doc: improve documentation on argument validation (Aditi) #56954 - [
2921658813
] - doc: buffer: fix typo onBuffer.copyBytesFrom(
offset
option (tpoisseau) #57015 - [
6f4ab1c9b2
] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #57004 - [
5285facb3e
] - doc: move stability index after history section for consistency (Antoine du Hamel) #56997 - [
a7646e17ff
] - doc: addsignal
tofilehandle.writeFile()
options (Yukihiro Hasegawa) #56804 - [
ba031089e6
] - doc: run license-builder (github-actions[bot]) #56985 - [
afa6f93a32
] - doc: update history of stream.Readable.toWeb() (Jimmy Leung) #56928 - [
cc644de126
] - doc: make MDN links to global classes more consistent (Antoine du Hamel) #56924 - [
93bba4eee1
] - doc: make MDN links to global classes more consistent inassert.md
(Antoine du Hamel) #56920 - [
ad03c85f98
] - doc: make MDN links to global classes more consistent (Antoine du Hamel) #56923 - [
96c2a90dee
] - doc: make MDN links to global classes more consistent inutil.md
(Antoine du Hamel) #56922 - [
6bb73c0745
] - doc: make MDN links to global classes more consistent inbuffer.md
(Antoine du Hamel) #56921 - [
824cf35475
] - doc: update post sec release process (Rafael Gonzaga) #56907 - [
027749eb17
] - doc: update websocket link to avoid linking to self (Chengzhong Wu) #56897 - [
5dcb9d632b
] - doc: mark--env-file-if-exists
flag as experimental (Juan José) #56893 - [
4f6d751bf5
] - doc: fix typo in cjs example ofutil.styleText
(Deokjin Kim) #56769 - [
313d9db7a5
] - doc: clarify sqlite user-defined function behaviour (René) #56786 - [
eff42956c4
] - doc: correct customization hook types & clarify descriptions (Jacob Smith) #56454 - [
64180421c2
] - events: getMaxListeners detects 0 listeners (Matthew Aitken) #56807 - [
2de27787b4
] - fs: apply exclude function to root path (Rich Trott) #57420 - [
b6df9e350a
] - fs: handle UV_ENOTDIR infs.statSync
withthrowIfNoEntry
provided (Juan José Arboleda) #56996 - [
14b2d496a0
] - fs: makeFileHandle.readableWebStream
always create byte streams (Ian Kerins) #55461 - [
10d2f1d898
] - http: coerce content-length to number (Marco Ippolito) #57458 - [
9192b7fa25
] - http: be more generational GC friendly (ywave620) #56767 - [
1cf98a8788
] - inspector: convert event params to protocol without json (Chengzhong Wu) #57027 - [
6dcad868bb
] - inspector: skip promise hook in the inspector async hook (Joyee Cheung) #57148 - [
787e93f75a
] - inspector: add Network.Initiator in inspector protocol (Chengzhong Wu) #56805 - [
c7c04d0dc8
] - inspector: fix GN build (Cheng) #56798 - [
177da9c3c3
] - inspector: fix StringUtil::CharacterCount for unicodes (Chengzhong Wu) #56788 - [
1b5418eeea
] - lib: add warning when binding inspector to public IP (Demian Parkhomenko) #55736 - [
cc4d33842b
] - lib: limit split function calls to prevent excessive array length (Gürgün Dayıoğlu) #57501 - [
0546612d1d
] - lib: make getCallSites sourceMap option truly optional (James M Snell) #57388 - [
d7d54e6bf3
] - lib: optimize priority queue (Gürgün Dayıoğlu) #57100 - [
62761c73a1
] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #57177 - [
5dce55c376
] - meta: add some clarification to the nomination process (James M Snell) #57503 - [
a2a4cf1d95
] - meta: remove collaborator self-nomination (Rich Trott) #57537 - [
244f74b844
] - meta: edit collaborator nomination process (Antoine du Hamel) #57483 - [
dec204bb3f
] - meta: move ovflowd to emeritus (Claudio W.) #57443 - [
c0b8b84384
] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #57257 - [
14cbe292da
] - meta: bump github/codeql-action from 3.28.8 to 3.28.10 (dependabot[bot]) #57254 - [
69d2dd69e2
] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #57253 - [
5f3428ded6
] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) #57292 - [
3eea8c72fc
] - meta: bump actions/download-artifact from 4.1.8 to 4.1.9 (dependabot[bot]) #57260 - [
2508893edb
] - meta: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (dependabot[bot]) #57259 - [
fc09523f44
] - meta: bump step-security/harden-runner from 2.10.4 to 2.11.0 (dependabot[bot]) #57258 - [
b162402440
] - meta: bump actions/cache from 4.2.0 to 4.2.2 (dependabot[bot]) #57256 - [
f781be1332
] - meta: bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot]) #57255 - [
7934ad9fc0
] - meta: bumpactions/setup-python
from 5.3.0 to 5.4.0 (dependabot[bot]) #56867 - [
eb4fb9ce90
] - meta: bumppeter-evans/create-pull-request
from 7.0.5 to 7.0.6 (dependabot[bot]) #56866 - [
a14e7f1cc4
] - meta: bumpmozilla-actions/sccache-action
from 0.0.6 to 0.0.7 (dependabot[bot]) #56865 - [
6c8a9e3d0d
] - meta: bumpcodecov/codecov-action
from 5.0.7 to 5.3.1 (dependabot[bot]) #56864 - [
f438c27cbf
] - meta: bumpstep-security/harden-runner
from 2.10.2 to 2.10.4 (dependabot[bot]) #56863 - [
24b7fcb153
] - meta: bumpactions/cache
from 4.1.2 to 4.2.0 (dependabot[bot]) #56862 - [
a0afc47988
] - meta: bumpactions/stale
from 9.0.0 to 9.1.0 (dependabot[bot]) #56860 - [
8abf4e5d7d
] - meta: bumpgithub/codeql-action
from 3.27.5 to 3.28.8 (dependabot[bot]) #56859 - [
c5bff736e9
] - meta: add CODEOWNERS for SQLite (Colin Ihrig) #57147 - [
fd2abaa088
] - meta: update last name for jkrems (Jan Martin) #57006 - [
2383f00aae
] - meta: bumpactions/upload-artifact
from 4.4.3 to 4.6.0 (dependabot[bot]) #56861 - [
35b3140d03
] - meta: bumpactions/setup-node
from 4.1.0 to 4.2.0 (dependabot[bot]) #56868 - [
815fcef73d
] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #56889 - [
08001127a2
] - meta: add @nodejs/url as codeowner (Chengzhong Wu) #56783 - [
3ceda2a035
] - module: handle cached linked async jobs in require(esm) (Joyee Cheung) #57187 - [
4c29cc7e6b
] - module: add dynamic file-specific ESM warnings (Mert Can Altin) #56628 - [
d1845edd21
] - module: improve error message from asynchronicity in require(esm) (Joyee Cheung) #57126 - [
41fa7d3c21
] - module: allow omitting context in synchronous next hooks (Joyee Cheung) #57056 - [
deddecce3a
] - module: fix require.resolve() crash on non-string paths (Aditi) #56942 - [
926b887534
] - module: fixing url change in load sync hook chain (Vitalii Akimov) #56402 - [
6b93ba723b
] - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698 - [
b2e44a8079
] - (SEMVER-MINOR) module: implement module.registerHooks() (Joyee Cheung) #55698 - [
e79e67f6dc
] - net: validate non-string host for socket.connect (Daeyeon Jeong) #57198 - [
e23056212e
] - net: replace brand checks with identity checks (Yagiz Nizipli) #57341 - [
9c0d5e140b
] - net: emit an error when custom lookup resolves to a non-string address (Edy Silva) #57192 - [
2ce79787de
] - (SEMVER-MINOR) process: add execve (Paolo Insogna) #56496 - [
712db2232c
] - readline: add support forSymbol.dispose
(Antoine du Hamel) #57276 - [
55fb81c0f1
] - readline: fix unresolved promise on abortion (Daniel Venable) #54030 - [
dfcd9b1ac2
] - sea: suppress builtin warning with disableExperimentalSEAWarning option (koooge) #57086 - [
bd5c90654a
] - sqlite: add support for unknown named parameters (Colin Ihrig) #57552 - [
ec571382a4
] - sqlite: add DatabaseSync.prototype.isOpen (Colin Ihrig) #57522 - [
bb3bbed126
] - sqlite: add DatabaseSync.prototype[Symbol.dispose]() (Colin Ihrig) #57506 - [
6067bea027
] - sqlite: restore changes from #55373 (Colin Ihrig) #56908 - [
bc672fcfdd
] - (SEMVER-MINOR) sqlite: allow returningArrayBufferView
s from user-defined functions (René) #56790 - [
227603dc30
] - sqlite,test,doc: allow Buffer and URL as database location (Edy Silva) #56991 - [
9dd324467a
] - src: cleanup aliased_buffer.h (Mohammed Keyvanzadeh) #57395 - [
45a2b8532b
] - src: do not pass nullptr to std::string ctor (Charles Kerr) #57354 - [
854370a06c
] - src: fix process exit listeners not receiving unsettled tla codes (Dario Piotrowicz) #56872 - [
f7fb259193
] - src: refactor SubtleCrypto algorithm and length validations (Filip Skokan) #57319 - [
c7bcc2d6c8
] - src: allow embedder customization of OOMErrorHandler (Shelley Vohr) #57325 - [
fbd8862156
] - src: use Maybe<void> in ProcessEmitWarningSync (Daeyeon Jeong) #57250 - [
04de550289
] - src: make even more improvements to error handling (James M Snell) #57264 - [
f1c5e46f89
] - src: use cachedemit
v8::String (Daeyeon Jeong) #57249 - [
65b8e12689
] - src: refactor SubtleCrypto algorithm and length validations (Filip Skokan) #57273 - [
b6091a8b21
] - src: make more error handling improvements (James M Snell) #57262 - [
3bd8a6c76e
] - src: fix typo in comment (Antoine du Hamel) #57291 - [
f7e39385ae
] - src: improve error handling innode_messaging.cc
(James M Snell) #57211 - [
1bb561bede
] - src: improve error handling intty_wrap.cc
(James M Snell) #57211 - [
567d321a40
] - src: improve error handling intcp_wrap.cc
(James M Snell) #57211 - [
f8bee871f7
] - src: fix ThrowInvalidURL call in PathToFileURL (Daniel M Brasil) #57141 - [
817f7d0e2e
] - src: improve error handling in buffer and dotenv (James M Snell) #57189 - [
11ef7f9d9c
] - src: improve error handling in module_wrap (James M Snell) #57188 - [
3b08d718b1
] - src: improve error handling in spawn_sync (James M Snell) #57185 - [
9221c2ad87
] - src: detect whether the string is one byte representation or not (theweipeng) #56147 - [
e323694772
] - src: fix crash when lazy getter is invoked in a vm context (Chengzhong Wu) #57168 - [
9363b05a91
] - src: do not format single string argument for THROW_ERR_* (Joyee Cheung) #57126 - [
5d6a1bc35b
] - src: move instead of copy shared pointer in node_blob (Michaël Zasso) #57120 - [
5dab48fd9f
] - src: replace NewFromUtf8 with OneByteString where appropriate (James M Snell) #57096 - [
0fe60b478d
] - src: portdefineLazyProperties
to native code (Antoine du Hamel) #57081 - [
792959db1d
] - src: improve error handling in node_blob (James M Snell) #57078 - [
e05e2cfb1e
] - src: fix accessing empty string (Cheng) #57014 - [
619e52ce8d
] - src: lock the isolate properly in IsolateData destructor (Joyee Cheung) #57031 - [
844a4a884d
] - src: add self-assigment memcpy checks (Burkov Egor) #56986 - [
0d1e79740f
] - src: improve node::Dotenv trimming (Dario Piotrowicz) #56983 - [
50f164e23b
] - src: improve error handling in string_bytes/decoder (James M Snell) #56978 - [
93aa4393a4
] - src: improve error handling in process_wrap (James M Snell) #56977 - [
c1c824e38d
] - src: useargs.This()
in zlib (Michaël Zasso) #56988 - [
0a8e474bdc
] - src: add nullptr handling forNativeKeyObject
(Burkov Egor) #56900 - [
1ea6198a5a
] - src: disallow copy/move fns/constructors (Yagiz Nizipli) #56811 - [
e4100853cb
] - src: add a hard dependency v8_inspector_headers (Chengzhong Wu) #56805 - [
a1f92898c0
] - src: improve error handling in encoding_binding.cc (James M Snell) #56915 - [
dee8793d94
] - src: improve error handling in permission.cc (James M Snell) #56904 - [
f41bc4cfd7
] - src: improve error handling in node_sqlite (James M Snell) #56891 - [
e4df6181bf
] - src: improve error handling in node_os by removing ToLocalChecked (James M Snell) #56888 - [
2c96e7a32c
] - src: improve error handling in node_url (James M Snell) #56886 - [
36926ae8d8
] - src: add check for Bignum in GroupOrderSize (Burkov Egor) #56702 - [
a68f127a30
] - src: reduce string allocations on sqlite (Yagiz Nizipli) #57227 - [
e41b1735f1
] - stream: fix sizeAlgorithm validation in WritableStream (Daeyeon Jeong) #57280 - [
3bc877dc5c
] - test: add more number cases for buffer.indexOf (Meghan Denny) #57200 - [
cac9a4e832
] - test: update parallel/test-tls-dhe for OpenSSL 3.5 (Richard Lau) #57477 - [
3082ab3a64
] - test: module syntax should throw (Marco Ippolito) #57121 - [
9b0dfc9a44
] - test: update snapshots for amaro v0.3.2 (Marco Ippolito) #56916 - [
2defc35ea8
] - test: test runner run plan (Pietro Marchini) #57304 - [
ccb3df70be
] - test: update WPT for WebCryptoAPI to edd42c005c (Node.js GitHub Bot) #57365 - [
528103c5d0
] - test: simplify test-tls-connect-abort-controller.js (Yagiz Nizipli) #57338 - [
17e21e6eb5
] - test: useassert.match
intest-esm-import-meta
(Antoine du Hamel) #57290 - [
77bbee5184
] - test: update compression wpt (Yagiz Nizipli) #56960 - [
4fe88f8f53
] - Revert "test: temporary remove resource check from fs read-write" (Rafael Gonzaga) #56906 - [
766efc7758
] - test: more common.mustNotCall in net, tls (Meghan Denny) #57246 - [
562e635e11
] - test: swap assert.strictEqual() parameters (Luigi Pinca) #57217 - [
64fdfd5622
] - test: assert write return values in buffer-bigint64 (Meghan Denny) #57212 - [
dd538e7cf1
] - test: allow embedder running async context frame test (Shelley Vohr) #57193 - [
937bbeb2b6
] - test: resolve race condition in test-net-write-fully-async-* (Matteo Collina) #57022 - [
32df9f27d8
] - test: add doAppendAndCancel test (Hasegawa-Yukihiro) #56972 - [
90c98df258
] - test: fix test-without-async-context-frame.mjs in debug mode (Joyee Cheung) #57034 - [
974817c9fc
] - test: make eval snapshot comparison more flexible (Shelley Vohr) #57020 - [
09741cd129
] - test: simplify test-http2-client-promisify-connect-error (Luigi Pinca) #57144 - [
89f3feb364
] - test: improve error output of test-http2-client-promisify-connect-error (Antoine du Hamel) #57135 - [
25751eba4d
] - test: add case for unrecognised fields within pjson "exports" (Jacob Smith) #57026 - [
bf0b9fa7c0
] - test: remove unnecessary assert requiring from tests (Dario Piotrowicz) #57008 - [
8cfb2df466
] - test: reduce flakiness on test-net-write-fully-async-buffer (Yagiz Nizipli) #56971 - [
43c8c101da
] - test: remove flakiness on macOS test (Yagiz Nizipli) #56971 - [
bd47178f7f
] - test: improve timeout duration for debugger events (Yagiz Nizipli) #56970 - [
65694aa2fd
] - test: remove unnecessary syscall to cpuinfo (Yagiz Nizipli) #56968 - [
5633c4b2df
] - test: update webstorage wpt (Yagiz Nizipli) #56963 - [
2244a2776a
] - test: execute shell directly for refresh() (Yagiz Nizipli) #55051 - [
afae4b1216
] - test: change jenkins reporter (Carlos Espa) #56808 - [
b26592a7c4
] - test: fix race condition in test-child-process-bad-stdio (Colin Ihrig) #56845 - [
72c2279649
] - test: adjust check to use OpenSSL sec level (Michael Dawson) #56819 - [
9551b27651
] - test: test-crypto-scrypt.js doesn't need internals (Meghan Denny) #56673 - [
3095db84be
] - test: settest-fs-cp
as flaky (Stefan Stojanovic) #56799 - [
31f98d7ccd
] - test: search cctest files (Chengzhong Wu) #56791 - [
267f17d5f6
] - test: convert test_encoding_binding.cc to a JS test (Chengzhong Wu) #56791 - [
a875d7bdd1
] - test: test-crypto-prime.js doesn't need internals (Meghan Denny) #56675 - [
85482d69c6
] - test: temporary remove resource check from fs read-write (Rafael Gonzaga) #56789 - [
ec63d72f16
] - test: mark test-without-async-context-frame flaky on windows (James M Snell) #56753 - [
f16acc8521
] - test: remove unnecessary code (Luigi Pinca) #56784 - [
0573c19a97
] - test: marktest-esm-loader-hooks-inspect-wait
flaky (Richard Lau) #56803 - [
48e0fd3f13
] - test: update WPT for url to a23788b77a (Node.js GitHub Bot) #56779 - [
642959b87f
] - test: remove duplicate error reporter from ci (Carlos Espa) #56739 - [
2023237b4e
] - test,crypto: make tests work for BoringSSL (Shelley Vohr) #57021 - [
1b33b976ec
] - test_runner: refactor testPlan counter increse (Pietro Marchini) #56765 - [
d860f2bf42
] - test_runner: differentiate test types in enqueue dequeue events (Eddie Abbondanzio) #54049 - [
993bab646c
] - test_runner: print formatted errors on summary (Pietro Marchini) #56911 - [
3ed3ba438f
] - test_runner: allow special characters in snapshot keys (Carlos Espa) #57017 - [
d1da9a3a2f
] - timers: optimize timer functions with improved argument handling (Gürgün Dayıoğlu) #57072 - [
44aa13990a
] - timers: remove unnecessary allocation of _onTimeout (Gürgün Dayıoğlu) #57497 - [
401b965977
] - timers: remove unused parameter from insertGuarded (Gürgün Dayıoğlu) #57251 - [
9eac9c02c9
] - timers: simplify the compareTimersLists function (Gürgün Dayıoğlu) #57110 - [
01215af350
] - tls: remove unnecessary type check on normalize (Yagiz Nizipli) #57336 - [
f5e2b12a60
] - (SEMVER-MINOR) tls: implement tls.getCACertificates() (Joyee Cheung) #57107 - [
7a777cdb58
] - tools: fix WPT update cron string (Antoine du Hamel) #57665 - [
c6d90dbf9b
] - tools: remove stalled label on unstalled issues and PRs (Rich Trott) #57630 - [
96f7f64602
] - tools: update sccache to support GH cache changes (Michaël Zasso) #57573 - [
0b87027520
] - tools: bump @babel/helpers from 7.26.9 to 7.26.10 in /tools/eslint (dependabot[bot]) #57444 - [
7d561eb90c
] - tools: add config subspace (Marco Ippolito) #57239 - [
46efdbf59f
] - tools: import rather than require ESLint plugins (Michaël Zasso) #57315 - [
502bfaf876
] - tools: switch back to official OpenSSL (Richard Lau) #57301 - [
ea821f419d
] - tools: revert to use @stylistic/eslint-plugin-js v3 (Joyee Cheung) #57314 - [
bb857615d3
] - tools: add more details about rolling inspector_protocol (Chengzhong Wu) #57167 - [
3f29d39c1b
] - tools: bump the eslint group in /tools/eslint with 5 updates (dependabot[bot]) #57261 - [
b3caac83d4
] - tools: remove deps/zlib/GN-scraper.py (Chengzhong Wu) #57238 - [
ace99ffe79
] - tools: run Linux tests on GitHub arm64 runners as well (Dennis Ameling) #57162 - [
e65e6269b7
] - tools: consolidate 'introduced_in' check for docs (1ilsang) #57109 - [
890841e64b
] - tools: do not run major-release workflow on forks (Rich Trott) #57064 - [
e3f86c5a0c
] - tools: fix release URL computation in update-root-certs.mjs (Joyee Cheung) #56843 - [
280316f773
] - tools: add support forimport source
syntax in linter (Antoine du Hamel) #56992 - [
998b2ae3cd
] - tools: bump eslint version (dependabot[bot]) #56869 - [
ca4121b95a
] - tools: remove test-asan/ubsan workflows (Michaël Zasso) #56823 - [
866ac37255
] - tools: run macOS test workflow with Xcode 16.1 (Michaël Zasso) #56831 - [
55ca46ad8e
] - tools: update sccache and sccache-action (Michaël Zasso) #56815 - [
be9c1c93a8
] - tools: fix license-builder for inspector_protocol (Michaël Zasso) #56814 - [
6dab980fab
] - typings: fixImportModuleDynamicallyCallback
return type (Chengzhong Wu) #57160 - [
e301098854
] - util: avoid run debug when enabled is false (fengmk2) #57494 - [
17016d7722
] - (SEMVER-MINOR) util: expose diff function used by the assertion errors (Giovanni Bucci) #57462 - [
42b9e19f6b
] - util: enforce shouldColorize in styleText array arg (Marco Ippolito) #56722 - [
5ed6d8be40
] - (SEMVER-MINOR) v8: add v8.getCppHeapStatistics() method (Aditi) #57146 - [
c06d218b23
] - win,build: add option to enable Control Flow Guard (Hüseyin Açacak) #56605 - [
8202211140
] - win,test: disable test case failing with ClangCL (Stefan Stojanovic) #57397 - [
1a12b4c119
] - zlib: use modern class syntax for zstd classes (Yagiz Nizipli) #56965 - [
f9b3680268
] - zlib: make all zstd functions experimental (Yagiz Nizipli) #56964 - [
4991e5d826
] - (SEMVER-MINOR) zlib: add zstd support (Jan Martin) #52100
1.4.3
- Bump
@springio
/antora-extensions from 1.14.2 to 1.14.4 in /docs #1916 - Bump
@springio
/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs #1943 - Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 #1922
- Bump io.spring.security.release from 1.0.3 to 1.0.4 #1966
- Bump io.spring.security.release from 1.0.4 to 1.0.5 #1988
- Bump org.springframework.security:spring-security-bom from 6.4.3 to 6.4.4 #1936
- Bump org.springframework.security:spring-security-bom from 6.4.4 to 6.4.5 #1989
- Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 #1933
- Bump org.springframework:spring-framework-bom from 6.2.4 to 6.2.5 #1939
- Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #1980
- Bump spring-io/spring-doc-actions from 0.0.18 to 0.0.19 #1947
1.3.6
- Bump
@springio
/antora-extensions from 1.14.2 to 1.14.4 in /docs #1919 - Bump
@springio
/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs #1945 - Bump io.spring.security.release from 1.0.3 to 1.0.4 #1967
- Bump io.spring.security.release from 1.0.4 to 1.0.5 #1985
- Bump org.springframework.security:spring-security-bom from 6.3.7 to 6.3.8 #1934
- Bump org.springframework.security:spring-security-bom from 6.3.8 to 6.3.9 #1986
- Bump org.springframework:spring-framework-bom from 6.1.17 to 6.1.18 #1932
- Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19 #1978
1.5.0-RC1
- Add authorization server metadata for DPoP support #1951
- Add authorization server metadata for OAuth 2.0 Pushed Authorization Requests (PAR) #1975
- Enforce one-time use for request_uri used in PAR #1974
- request_uri used in PAR must be bound to the client #1971
- Use OAuth2ParameterNames.REQUEST_URI #1991
- Validate expiry for request_uri used in PAR #1973
- Verify DPoP Proof public key during refresh_token grant for public clients #1949
- Bump
@springio
/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs #1944 - Bump io.spring.security.release from 1.0.3 to 1.0.4 #1968
- Bump io.spring.security.release from 1.0.4 to 1.0.5 #1987
- Bump org.springframework.security:spring-security-bom from 6.5.0-M3 to 6.5.0-RC1 #1990
- Bump org.springframework:spring-framework-bom from 6.2.4 to 6.2.5 #1940
- Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #1979
- Bump spring-io/spring-doc-actions from 0.0.18 to 0.0.19 #1942
11.5.4
Download page What's new highlights
- Azure Monitor: Filter namespaces by resource group #103654, @alyssabull
- Azure: Add support for custom namespace and custom metrics variable queries #103650, @aangelisc
- Azure: Resource picker improvements #103638, @aangelisc
- Azure: Support more complex variable interpolation #103651, @aangelisc
- Azure: Variable editor and resource picker improvements #103657, @aangelisc
- Chore: Update CVE-affected dependencies #102709, @grambbledook
- DashboardScenePage: Correct slug in self referencing data links #103853, @Sergej-Vlasov
- Dependencies: Bump github.com/redis/go-redis/v9 to 9.6.3 to address CVE-2025-29923 #102865, @macabu
- Go: Bump to 1.24.2 #103525, @Proximyst
- Go: Bump to 1.24.2 (Enterprise)
- Prometheus: Add support for cloud partners Prometheus data sources #103942, @kevinwcyu
- InfluxDB: Fix nested variable interpolation #104095, @aangelisc
- LDAP test: Fix page crash #102683, @ashharrison90
- Security: Fix CVE-2025-3454
- Security: Fix CVE-2025-2703