⬆️ Updates Node.js to v26

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
node (source)	engines	major	>= v8.17.0 → >= 26.3.1
node	uses-with	major	12.x → 26.3.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

nodejs/node (node)

v26.3.1: 2026-06-18, Version 26.3.1 (Current), @​aduh95

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
• (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
• (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
• (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
• (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
• (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
• (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
• (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
• (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
• (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
• (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) – Low

Commits

• [98fbc89211] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878
• [110840f2c7] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890
• [8d36d522b2] - deps: update undici to 8.5.0 (Node.js GitHub Bot) #​63903
• [2e6d03993a] - deps: update undici to 8.4.0 (Node.js GitHub Bot) #​63779
• [5a17d5b07a] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [362725d4e5] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [bd1214ab01] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868
• [bc0b53813e] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846
• [87d847bc70] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#855
• [9308084fcb] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867
• [a67dd46891] - (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) nodejs-private/node-private#885
• [7057c3f16c] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873
• [6bc17a6b51] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870
• [c8668beff8] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854
• [d1be630415] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#854
• [a14c158bb3] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#857
• [ebda73470d] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869

v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
• (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
• (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
• (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
• (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
• (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
• (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
• (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
• (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
• (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
• (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low

Commits

• [9e4dfc7bba] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878
• [cb2aed980c] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890
• [a8a0d12875] - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 (Tim Perry) #​62891
• [66e6203c1c] - (SEMVER-MAJOR) deps: update nghttp2 to 1.69.0 (Node.js GitHub Bot) #​62891
• [dd627ced27] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [684bae568f] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [3a631e7f83] - deps: fix aix implicit declaration in OpenSSL (Abdirahim Musse) #​62656
• [cf44df3996] - deps: update undici to 7.28.0 (Node.js GitHub Bot) #​63703
• [138c70294b] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868
• [be7e719c3f] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846
• [cc7c11b4d1] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#855
• [9224427b92] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867
• [cf85d54839] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873
• [a1bbc24f96] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870
• [e3723ff2d6] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854
• [a77af4867b] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#854
• [31beb4f707] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#857
• [8e75c73f91] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869

v24.16.0: 2026-05-21, Version 24.16.0 'Krypton' (LTS), @​aduh95

Compare Source

Notable Changes

• [b267f6bca3] - (SEMVER-MINOR) crypto: implement randomUUIDv7() (nabeel378) #​62553
• [ec2451b9cd] - (SEMVER-MINOR) debugger: add edit-free runtime expression probes to node inspect (Joyee Cheung) #​62713
• [9705f628d9] - (SEMVER-MINOR) fs: add signal option to fs.stat() (Mert Can Altin) #​57775
• [40ccfdecf9] - (SEMVER-MINOR) fs: expose frsize field in statfs (Jinho Jang) #​62277
• [d7188af5c9] - (SEMVER-MINOR) http: harden ClientRequest options merge (Matteo Collina) #​63082
• [aa1d8a9afc] - (SEMVER-MINOR) http: add req.signal to IncomingMessage (Akshat) #​62541
• [6f37f7e240] - (SEMVER-MINOR) stream: propagate destruction in duplexPair (Ahmed Elhor) #​61098
• [d14029be7f] - (SEMVER-MINOR) test_runner: support test order randomization (Pietro Marchini) #​61747
• [d142c584cd] - (SEMVER-MINOR) test_runner: align mock timeout api (sangwook) #​62820
• [01a9552585] - (SEMVER-MINOR) test_runner: add mock-timers support for AbortSignal.timeout (DeveloperViraj) #​60751
• [00705a459a] - (SEMVER-MINOR) util: colorize text with hex colors (Guilherme Araújo) #​61556

Commits

• [dd72df060d] - assert,util: fix stale nested cycle memo entries (Ruben Bridgewater) #​62509
• [add94f4bc3] - build: track PDL files as inputs in inspector GN build (Robo) #​62888
• [1b1eb9e334] - build: remove redundant -fuse-linker-plugin from GCC LTO flags (Daniel Lando) #​62667
• [8752b604ec] - crypto: deduplicate and canonicalize CryptoKey usages (Filip Skokan) #​62902
• [341947e7fd] - crypto: reject unintended raw key format string input (Filip Skokan) #​62974
• [28a78747fc] - crypto: remove Argon2 KDF derivation from its job setup (Filip Skokan) #​62863
• [16e8c2b54d] - crypto: fix unsigned conversion of 4-byte RSA publicExponent (DeepView Autofix) #​62839
• [eeae754a87] - crypto: reject inherited key type names (Jonathan Lopes) #​62875
• [9dd5540325] - crypto: add memory tracking for secureContext openssl objects (Mert Can Altin) #​59051
• [b267f6bca3] - (SEMVER-MINOR) crypto: implement randomUUIDv7() (nabeel378) #​62553
• [7597d204c1] - crypto: add support for Ed25519 context parameter (Filip Skokan) #​62474
• [4bf85845da] - debugger: move ProbeInspectorSession and helpers to separate files (Joyee Cheung) #​63013
• [ec2451b9cd] - (SEMVER-MINOR) debugger: add edit-free runtime expression probes to node inspect (Joyee Cheung) #​62713
• [83e98f77b7] - deps: update corepack to 0.35.0 (Node.js GitHub Bot) #​63375
• [ec8c6b939a] - deps: V8: cherry-pick 657d8de (Guy Bedford) #​62784
• [722c0c3274] - deps: update nghttp3 to 1.14.0 (Node.js GitHub Bot) #​61187
• [5304db93d3] - deps: update nghttp3 to 1.13.1 (Node.js GitHub Bot) #​60046
• [e073b3811d] - deps: update nghttp3 to 1.11.0 (James M Snell) #​59249
• [1d00313fb2] - deps: update ngtcp2 to 1.14.0 (James M Snell) #​59249
• [8b3a4fc18f] - deps: update amaro to 1.1.9 (Node.js GitHub Bot) #​63090
• [62fe0cfcd1] - deps: update llhttp to 9.4.1 (Node.js GitHub Bot) #​63045
• [137e09c8e9] - deps: update corepack to 0.34.7 (Node.js GitHub Bot) #​62810
• [14a4cb8fbc] - deps: update timezone to 2026b (Node.js GitHub Bot) #​62962
• [3e1036583a] - deps: upgrade npm to 11.13.0 (npm team) #​62898
• [01dfe5961c] - deps: cherry-pick libuv/libuv@439a54b (skooch) #​62881
• [6cd368b10c] - deps: update sqlite to 3.53.0 (Node.js GitHub Bot) #​62699
• [f218a4f553] - deps: update nbytes to 0.1.4 (Node.js GitHub Bot) #​62698
• [b47688524a] - deps: update archs files for openssl-3.5.6 (Node.js GitHub Bot) #​62629
• [d202e2d343] - deps: upgrade openssl sources to openssl-3.5.6 (Node.js GitHub Bot) #​62629
• [2faba66341] - deps: update minimatch to 10.2.5 (Node.js GitHub Bot) #​62594
• [fa46c90c5d] - deps: update googletest to d72f9c8 (Node.js GitHub Bot) #​62593
• [099ded5713] - deps: update simdjson to 4.6.1 (Node.js GitHub Bot) #​62592
• [7ce95afe96] - deps: libuv: cherry-pick aabb765 (Santiago Gimeno) #​62561
• [57ef845623] - deps: update icu to 78.3 (Node.js GitHub Bot) #​62324
• [493ac40e12] - deps: update libuv to 1.52.1 (Node.js GitHub Bot) #​61829
• [b39508b368] - deps: update undici to 7.25.0 (Node.js GitHub Bot) #​63011
• [cb67a925e9] - deps: use npm undici@​seven tag in update-undici.sh (Matteo Collina) #​62739
• [aa1e0bc28b] - doc: fix typos and inconsistencies in crypto.md and webcrypto.md (Filip Skokan) #​62828
• [f2a1735ed9] - doc: fix duplicate word "to to" in util.styleText (Daijiro Wachi) #​62917
• [b6378e215c] - doc: fix node-config-schema (Сковорода Никита Андреевич) #​61596
• [233894a9ce] - doc: fix the TypeScript Execute (tsx) project link (David Thornton) #​63093
• [5d97919f8f] - doc: correct diagnostics_channel built-in channel names (Bryan English) #​62995
• [2a9ccc927e] - doc: use mjs/cjs blocks for callbackify null reason example (Daijiro Wachi) #​62884
• [ef413b5358] - doc: fix typo in test.md (Rich Trott) #​62960
• [76f21c5070] - doc: correct typo in PR contribution instructions (Mike McCready) #​62738
• [ca02af1f7d] - doc: fix duplicate word "of of" in postMessageToThread (Daijiro Wachi) #​62917
• [46c99ed526] - doc: fix duplicate word "for for" in compile cache (Daijiro Wachi) #​62917
• [1a60851734] - doc: fix typo in dns.lookup options description (Daijiro Wachi) #​62882
• [169b5ea2ed] - doc: fix Argon2 parameter bounds (Tobias Nießen) #​62868
• [9a3a190f4e] - doc: clarify diffieHellman.generateKeys recomputes same key (Kit Dallege) #​62205
• [0fba9e87d6] - doc: remove Ayase-252 and meixg from triagger team (Antoine du Hamel) #​62841
• [9c700f3446] - doc: clarify dns.lookup() callback signature when all is true (eungi) #​62800
• [6b7280bc17] - doc: add experimental modules lifetime policy (Paolo Insogna) #​62753
• [ce47ea31c9] - doc: clarify process._debugProcess() in Permission Model (Fahad Khan) #​62537
• [ba01633757] - doc: fix typo in devcontainer guide (Rohan Santhosh Kumar) #​62687
• [70b4d5839b] - doc: clarify Backport-PR-URL metadata added automatically (Mike McCready) #​62668
• [8126d1c3eb] - doc: update WPT test runner README.md (Filip Skokan) #​62680
• [978afea4b5] - doc: fix spelling in release announcement guidance (Rohan Santhosh Kumar) #​62663
• [1684ab8ff8] - doc: note non-monotonic clock in crypto.randomUUIDv7 (nabeel378) #​62600
• [86d4f07930] - doc: update bug bounty program (Rafael Gonzaga) #​62590
• [736ed8a08f] - doc: document TransformStream transformer.cancel option (Tom Pereira) #​62566
• [938af9be01] - doc: mention test runner retry attemp is zero based (Moshe Atlow) #​62504
• [94433e450f] - doc,src,test: fix dead inspector help URL (semimikoh) #​62745
• [ddf1f01659] - esm: add ERR_REQUIRE_ESM_RACE_CONDITION (Antoine du Hamel) #​62462
• [4a506acd16] - fs: add followSymlinks option to glob (Matteo Collina) #​62695
• [f4ea495f9b] - fs: restore fs patchability in ESM loader (Joyee Cheung) #​62835
• [63c111cd60] - fs: validate position argument before length === 0 early return (Edy Silva) #​62674
• [9705f628d9] - (SEMVER-MINOR) fs: add signal option to fs.stat() (Mert Can Altin) #​57775
• [40ccfdecf9] - (SEMVER-MINOR) fs: expose frsize field in statfs (Jinho Jang) #​62277
• [717476a24e] - http: emit 'drain' on OutgoingMessage only after buffers drain (Robert Nagy) #​62936
• [d7188af5c9] - (SEMVER-MINOR) http: harden ClientRequest options merge (Matteo Collina) #​63082
• [64f15c274a] - http: fix leaked error listener on sync HTTP req create + destroy (Tim Perry) #​62872
• [5c4798d799] - http: fix no_proxy leading-dot suffix matching (Daijiro Wachi) #​62333
• [9f3bc70ae5] - http: cleanup pipeline queue (Robert Nagy) #​62534
• [aa1d8a9afc] - (SEMVER-MINOR) http: add req.signal to IncomingMessage (Akshat) #​62541
• [900dc758ff] - http2: expose writable stream state on compat response (T) #​63003
• [b3bfe35912] - inspector: coerce key and value to string in webstorage events (Ali Hassan) #​62616
• [3dc3fb6ad8] - inspector: return errors when CDP protocol event emission fails (Ryuhei Shima) #​62162
• [4f3f21bd7c] - inspector: auto collect webstorage data (Ryuhei Shima) #​62145
• [36cc04189d] - inspector: initial support storage inspection (Ryuhei Shima) #​61139
• [1718bc3b9b] - inspector: fix absolute URLs in network http (bugyaluwang) #​62955
• [97e32c7a74] - lib: avoid quadratic shift() in startup snapshot callback (Daijiro Wachi) #​62914
• [25d2e999de] - lib: harden kKeyOps lookup with null prototype (Filip Skokan) #​62877
• [37d3913c8f] - lib: short-circuit WebIDL BufferSource SAB check (Filip Skokan) #​62833
• [430c69d25f] - lib: use js-only implementation of isDataView() (René) #​62780
• [3ba0add6a0] - lib: fix lint in internal/webstreams/util.js (Filip Skokan) #​62806
• [9b95c41398] - lib: fix sequence argument handling in Blob constructor (Ms2ger) #​62179
• [314dacdbee] - lib: improve Web Cryptography key validation ordering (Filip Skokan) #​62749
• [3d18162430] - lib: reject SharedArrayBuffer in web APIs per spec (Ali Hassan) #​62632
• [ada3ce879d] - lib: defer AbortSignal.any() following (sangwook) #​62367
• [b2981ec7eb] - meta: bump actions/download-artifact from 8.0.0 to 8.0.1 (dependabot[bot]) #​62549
• [7cd20667b5] - meta: bump github/codeql-action from 4.35.1 to 4.35.3 (dependabot[bot]) #​63074
• [91a07cfe9f] - meta: bump Mozilla-Actions/sccache-action from 0.0.9 to 0.0.10 (dependabot[bot]) #​63073
• [09e17fe47c] - meta: add automation policy (Chengzhong Wu) #​62871
• [59e7fb7986] - meta: move VoltrexKeyva to emeritus (Matteo Collina) #​62895
• [1e2915cfa6] - meta: bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (dependabot[bot]) #​62845
• [0253c6e2be] - meta: bump step-security/harden-runner from 2.16.1 to 2.19.0 (dependabot[bot]) #​62844
• [f503675b86] - meta: bump actions/setup-node from 6.3.0 to 6.4.0 (dependabot[bot]) #​62842
• [5e14e4d26e] - meta: broaden stale bot (Aviv Keller) #​62658
• [795db76f87] - meta: pass release version to release worker (flakey5) #​62777
• [ef384fe39f] - meta: add QUIC to CODEOWNERS (Tim Perry) #​62652
• [67e0ac568d] - meta: move Michael to emeritus (Michael Dawson) #​62536
• [5dad616393] - meta: populate apt list for slim runner in update-openssl workflow (René) #​62628
• [a869d25d8a] - meta: bump step-security/harden-runner from 2.15.0 to 2.16.1 (dependabot[bot]) #​62550
• [769efc0403] - meta: bump actions/setup-node from 6.2.0 to 6.3.0 (dependabot[bot]) #​62548
• [73fcc2b055] - meta: bump github/codeql-action from 4.32.4 to 4.35.1 (dependabot[bot]) #​62547
• [6c001246fe] - meta: bump codecov/codecov-action from 5.5.2 to 6.0.0 (dependabot[bot]) #​62545
• [5ee40d6a03] - meta: bump actions/cache from 5.0.3 to 5.0.4 (dependabot[bot]) #​62543
• [ca16ad8a05] - meta: require DCO signoff in commit message guidelines (James M Snell) #​62510
• [db9497fc41] - meta: expand memory leak DoS criteria to all DoS (Joyee Cheung) #​62505
• [13b7d08b8d] - module: remove duplicated checks from _resolveFilename (Antoine du Hamel) #​62729
• [6b53efb53a] - module,win: fix long subpath import (Stefan Stojanovic) #​62101
• [841dfbf6fc] - node-api: update libuv ABI stability note (Chengzhong Wu) #​62789
• [01090f2aa1] - node-api: add napi_create_external_sharedarraybuffer (Ben Noordhuis) #​62623
• [87443b4355] - node-api: execute tsfn finalizer after queue drains when aborted (Kevin Eady) #​61956
• [e95570c054] - process: handle rejections only when needed (Gürgün Dayıoğlu) #​62919
• [37d49f3219] - process: optimize asyncHandledRejections by using FixedQueue (Gürgün Dayıoğlu) #​60854
• [f697c55e38] - quic: add QuicEndpoint.listening & QuicStream.destroy() and tests (Tim Perry) #​62648
• [c128942b69] - quic: fixup token verification to handle zero expiration (James M Snell) #​62620
• [abb881ec92] - quic: support multiple ALPN negotiation (James M Snell) #​62620
• [476926c2ad] - quic: apply multiple TLS context improvements and SNI support (James M Snell) #​62620
• [76d9c24b95] - quic: implement rapidhash for hashing improvements (James M Snell) #​62620
• [08726cd43d] - quic: move quic behind compile time flag (Matteo Collina) #​61444
• [ea4f19aaa7] - quic: use arena allocation for packets (James M Snell) #​62589
• [21e9239e2a] - quic: fixup linting/formatting issues (James M Snell) #​62387
• [edeed4303b] - quic: update http3 impl details (James M Snell) #​62387
• [7f3a85e6aa] - quic: fix a handful of bugs and missing functionality (James M Snell) #​62387
• [45c1ebddf8] - quic: copy options.certs buffer instead of detaching (Chengzhong Wu) #​61403
• [a31a8ee680] - quic: reduce boilerplate and other minor cleanups (James M Snell) #​59342
• [3be70ff43a] - quic: multiple fixups and updates (James M Snell) #​59342
• [b91a93444c] - quic: update more of the quic to the new compile guard (James M Snell) #​59342
• [ca0080c164] - quic: few additional small comment edits in cid.h (James M Snell) #​59342
• [6553202d83] - quic: fixup NO_ERROR macro conflict on windows (James M Snell) #​59381
• [6df1508ac2] - quic: fixup windows coverage compile error (James M Snell) #​59381
• [b2b0bf8b04] - quic: update the guard to check openssl version (James M Snell) #​59249
• [5556b154bd] - quic: start re-enabling quic with openssl 3.5 (James M Snell) #​59249
• [2ca42c8263] - repl: keep reference count for process.on('newListener') (Anna Henningsen) #​61895
• [2f37f9177f] - sqlite: use OneByte for ASCII text and internalize col names (Ali Hassan) #​61954
• [3c96ae1b2f] - sqlite: add serialize() and deserialize() (Ali Hassan) #​62579
• [be4d2f3a4c] - sqlite: enable Percentile extension (Jurj Andrei George) #​61295
• [dafed453b2] - src: clean up experimental flag variables (Antoine du Hamel) #​62759
• [dca1e6aeea] - src: expose help texts into node-config-schema.json (Pietro Marchini) #​58680
• [28c4f44eb1] - src: add permission support to config file (Marco Ippolito) #​60746
• [f49175b220] - src: fix small compile warning in quic/streams.cc (James M Snell) #​60118
• [c9d4a446d8] - src: cleanup quic TransportParams class (James M Snell) #​59884
• [99bb02fd9e] - src: swap dotenv and config file parsing order (Marco Ippolito) #​63035
• [ecb4d49b7b] - src: add missing <cstdlib> for abort() declaration (Charles Kerr) #​63001
• [b6219b6362] - src: fix crash in GetErrorSource() for invalid using syntax (semimikoh) #​62770
• [b5ca5ad4c5] - src: simplify TCPWrap::Connect signature (Anna Henningsen) #​62929
• [ef7ffce7cf] - src: use DCHECK in AsyncWrap::MakeCallback instead emiting a warning (Gerhard Stöbich) #​62795
• [cd9890a5ab] - src: fix MaybeStackBuffer char_traits deprecation warning (om-ghante) #​62507
• [c70ff44aee] - src: use context-free V8 message column getters (René) #​62778
• [06c405f1d7] - src: coerce spawnSync args to string once (Antoine du Hamel) #​62633
• [6151999ad6] - src: use stack allocation for small string encoding (Ali Hassan) #​62431
• [a71a4ac7a3] - src: add contextify interceptor debug logs (Chengzhong Wu) #​62460
• [ad9a2909c2] - src: workaround AIX libc++ std::filesystem bug (Richard Lau) #​62788
• [7792f1ae47] - stream: copyedit webstreams/adapter.js (Antoine du Hamel) #​63034
• [1397d8ce5c] - stream: remove duplicated utility (Antoine du Hamel) #​63031
• [ff86b1d64f] - stream: simplify setPromiseHandled utility (Antoine du Hamel) #​63032
• [24a078149a] - stream: validate ReadableStream.from iterator objects (Daeyeon Jeong) #​62911
• [cfb1fa9680] - stream: reject duplicate nested transferables (Daeyeon Jeong) #​62831
• [d0c913758a] - stream: ensuring cross-destruction in _duplexify to prevent leaks (Daijiro Wachi) #​62824
• [978f5c15d7] - stream: simplify readableStreamFromIterable (Antoine du Hamel) #​62651
• [3527646ba5] - stream: fix nested compose error propagation (Matteo Collina) #​62556
• [dfb9edef4f] - stream: allow shared array buffer sources in writable webstream adapter (René) #​62163
• [f00cdab627] - stream: simplify createPromiseCallback (Antoine du Hamel) #​62650
• [3ed783535f] - stream: fix writev unhandled rejection in fromWeb (sangwook) #​62297
• [29b196694c] - stream: noop pause/resume on destroyed streams (Robert Nagy) #​62557
• [d73dbb9fc8] - stream: refactor duplexify to be less suceptible to prototype pollution (Antoine du Hamel) #​62559
• [6f37f7e240] - (SEMVER-MINOR) stream: propagate destruction in duplexPair (Ahmed Elhor) #​61098
• [b8816580e9] - test: generate localstorage.db in a temp dir (Chengzhong Wu) #​62660
• [31a863fd29] - test: update WPT for url to 258f285 (Node.js GitHub Bot) #​63087
• [d0d19bd8e3] - test: update WPT for streams to f8f26a3 (Node.js GitHub Bot) #​62864
• [f50ac5bc78] - test: improve config-file permission test coverage (Rafael Gonzaga) #​60929
• [a0f90000f4] - test: export isRiscv64 from common module (Jamie Magee) #​62609
• [da4dd8646f] - test: normalize known inspector crash as completion (Joyee Cheung) #​62851
• [b7fdd94a4c] - test: account for RFC 7919 FFDHE negotiation in OpenSSL 4.0 (Filip Skokan) #​62805
• [375a993aaf] - test: skip tls-deprecated secp256k1 on OpenSSL 4.0 (Filip Skokan) #​62805
• [698d8287d1] - test: use an always invalid cipher and cover OpenSSL 4.0 behaviours (Filip Skokan) #​62805
• [036bc6f300] - test: use valid DER OCSP responses (Filip Skokan) #​62805
• [3aa9938da8] - test: skip test-tls-error-stack when engines are unsupported (Filip Skokan) #​62805
• [947f1ae246] - test: accept renamed OpenSSL 4.0 error code and reason (Filip Skokan) #​62805
• [afdd355622] - test: update test/addons/openssl-binding for OpenSSL 4.0 (Filip Skokan) #​62805
• [8637524a99] - test: mark test-snapshot-reproducible flaky (Filip Skokan) #​62808
• [c22d34134b] - test: check contextify contextual store behavior in strict mode (René) #​62571
• [0b4e0d3c94] - test: update tls junk data error expectations (Filip Skokan) #​62629
• [85d83c2cdb] - test: ensure WPT report is in out/wpt (Filip Skokan) #​62637
• [9e21711c60] - test: improve WPT runner summary (Filip Skokan) #​62636
• [e04e2c9ac1] - test: skip url WPT subtests instead of modifying test script (Filip Skokan) #​62635
• [7b1211f88c] - test: capture negative utimes mtime at call time (Yuya Inoue) #​62490
• [f1a6e9fcc7] - test: allow skipping individual WPT subtests (Filip Skokan) #​62517
• [23f927542e] - test: use on-disk fixture fo

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Moscow)

• Branch creation
  • "after 10pm every weekday,before 5am every weekday,every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🏷️ [bumpr]
Next version:v2.0.2
Changes:v2.0.1...AlexRogalskiy:renovate/node-26.x

[github-actions]

🏷️ [bumpr]
Next version:v2.0.2
Changes:v2.0.1...AlexRogalskiy:renovate/node-26.x

[github-actions]

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.