Update Node.js to v18 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
node	engines	major	16 -> 18
@types/node (source)	devDependencies	major	12.20.50 -> 18.18.6

---

Release Notes

nodejs/node (node)

v18.18.2

Compare Source

v18.18.1: 2023-10-10, Version 18.18.1 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes

This release addresses some regressions that appeared in Node.js 18.18.0:

• (Windows) FS can not handle certain characters in file name #​48673
• 18 and 20 node images give error - Text file busy (after re-build images) nodejs/docker-node#1968
• libuv update in 18.18.0 breaks webpack's thread-loader #​49911

The libuv 1.45.0 and 1.46.0 updates that were released in Node.js 18.18.0 have been temporarily reverted.

Commits

• [3e3a75cc46] - Revert "build: sync libuv header change" (Richard Lau) #​50036
• [14ece2c479] - Revert "deps: upgrade to libuv 1.45.0" (Richard Lau) #​50036
• [022352acbe] - Revert "deps: upgrade to libuv 1.46.0" (Richard Lau) #​50036
• [d9f138189c] - Revert "deps: add missing thread-common.c in uv.gyp" (Richard Lau) #​50036
• [7a3e1ffbb8] - fs: make sure to write entire buffer (Robert Nagy) #​49211
• [04cba95a67] - test: add tmpdir.resolve() (Livia Medeiros) #​49079

v18.17.1: 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-32002: Policies can be bypassed via Module._load (High)
• CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
• CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 14th July.
  • OpenSSL security advisory 19th July.
  • OpenSSL security advisory 31st July

More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

Commits

• [fe3abdf82e] - deps: update archs files for openssl-3.0.10+quic1 (Node.js GitHub Bot) #​49036
• [2c5a522d9c] - deps: upgrade openssl sources to quictls/openssl-3.0.10+quic1 (Node.js GitHub Bot) #​49036
• [15bced0bde] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#417
• [d4570fae35] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#460

v18.17.0: 2023-07-18, Version 18.17.0 'Hydrogen' (LTS), @​danielleadams

Compare Source

Notable Changes

Ada 2.0

Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements
to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url.

Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the
improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.

Contributed by Yagiz Nizipli and Daniel Lemire in #​47339

Web Crypto API

Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations.
This further improves interoperability with other implementations of Web Crypto API.

Contributed by Filip Skokan in #​46067

• crypto:
  • update root certificates to NSS 3.89 (Node.js GitHub Bot) #​47659
• dns:
  • (SEMVER-MINOR) expose getDefaultResultOrder (btea) #​46973
• doc:
  • add ovflowd to collaborators (Claudio Wunder) #​47844
  • add KhafraDev to collaborators (Matthew Aitken) #​47510
• events:
  • (SEMVER-MINOR) add getMaxListeners method (Matthew Aitken) #​47039
• fs:
  • (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #​47084
  • (SEMVER-MINOR) add recursive option to readdir and opendir (Ethan Arrowood) #​41439
  • (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #​47084
  • (SEMVER-MINOR) implement byob mode for readableWebStream() (Debadree Chatterjee) #​46933
• http:
  • (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #​47732
  • (SEMVER-MINOR) remove internal error in assignSocket (Matteo Collina) #​47723
  • (SEMVER-MINOR) add highWaterMark opt in http.createServer (HinataKah0) #​47405
• lib:
  • (SEMVER-MINOR) add webstreams to Duplex.from() (Debadree Chatterjee) #​46190
  • (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) #​47821
• module:
  • change default resolver to not throw on unknown scheme (Gil Tayar) #​47824
• node-api:
  • (SEMVER-MINOR) define version 9 (Chengzhong Wu) #​48151
  • (SEMVER-MINOR) deprecate napi_module_register (Vladimir Morozov) #​46319
• stream:
  • (SEMVER-MINOR) preserve object mode in compose (Raz Luvaton) #​47413
  • (SEMVER-MINOR) add setter & getter for default highWaterMark (#​46929) (Robert Nagy) #​46929
• test:
  • unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) #​48078
• test_runner:
  • (SEMVER-MINOR) add shorthands to test (Chemi Atlow) #​47909
  • (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) #​47686
  • (SEMVER-MINOR) execute before hook on test (Chemi Atlow) #​47586
  • (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow) #​47238
• tools:
  • update LICENSE and license-builder.sh (Santiago Gimeno) #​48078
• url:
  • (SEMVER-MINOR) implement URL.canParse (Matthew Aitken) #​47179
• wasi:
  • (SEMVER-MINOR) no longer require flag to enable wasi (Michael Dawson) #​47286

Commits

• [2ba08ac002] - benchmark: use cluster.isPrimary instead of cluster.isMaster (Deokjin Kim) #​48002
• [60ca69d96c] - benchmark: add eventtarget creation bench (Rafael Gonzaga) #​47774
• [d8233d96bb] - benchmark: add a benchmark for defaultResolve (Antoine du Hamel) #​47543
• [a1aabb6912] - benchmark: fix invalid requirementsURL (Deokjin Kim) #​47378
• [394c61caf9] - bootstrap: support namespaced builtins in snapshot scripts (Joyee Cheung) #​47467
• [0165a765a0] - bootstrap: do not expand process.argv[1] for snapshot entry points (Joyee Cheung) #​47466
• [cca557cdd9] - buffer: combine checking range of sourceStart in buf.copy (Deokjin Kim) #​47758
• [4c69be467c] - buffer: use private properties for brand checks in File (Matthew Aitken) #​47154
• [d002f9b6e2] - build: revert unkonwn ruff selector (Moshe Atlow) #​48753
• [93f77cb762] - build: set v8_enable_webassembly=false when lite mode is enabled (Cheng Shao) #​48248
• [1662e894f3] - build: add action to close stale PRs (Michael Dawson) #​48051
• [5ca437b288] - build: use pathlib for paths (Mohammed Keyvanzadeh) #​47581
• [72443bc54b] - build: refactor configure.py (Mohammed Keyvanzadeh) #​47667
• [d4eecb5be9] - build: add devcontainer configuration (Tierney Cyren) #​40825
• [803ed41144] - build: bump ossf/scorecard-action from 2.1.2 to 2.1.3 (dependabot[bot]) #​47367
• [48468c4413] - build: replace Python linter flake8 with ruff (Christian Clauss) #​47519
• [3ceb2c4387] - build: add node-core-utils to setup (Jiawen Geng) #​47442
• [fdc59b8e14] - build: bump github/codeql-action from 2.2.6 to 2.2.9 (dependabot[bot]) #​47366
• [3924893023] - build: update stale action from v7 to v8 (Rich Trott) #​47357
• [753185c5b0] - build: remove Python pip --no-user option (Christian Clauss) #​47372
• [67af0a6a2b] - build: avoid usage of pipes library (Mohammed Keyvanzadeh) #​47271
• [db910dd6b2] - build, deps, tools: avoid excessive LTO (Konstantin Demin) #​47313
• [35d1def891] - child_process: use signal.reason in child process abort (Debadree Chatterjee) #​47817
• [7692d2e7b9] - cluster: use ObjectPrototypeHasOwnProperty (Daeyeon Jeong) #​48141
• [7617772762] - crypto: use openssl's own memory BIOs in crypto_context.cc (GauriSpears) #​47160
• [8cabfe7c6e] - crypto: fix setEngine() when OPENSSL_NO_ENGINE set (Tobias Nießen) #​47977
• [de1338da05] - crypto: fix webcrypto private/secret import with empty usages (Filip Skokan) #​47877
• [27a696fda9] - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) #​47659
• [e2292f936e] - crypto: remove INT_MAX restriction in randomBytes (Tobias Nießen) #​47559
• [a5f214c00c] - crypto: replace THROW with CHECK for scrypt keylen (Tobias Nießen) #​47407
• [dd42214fd4] - crypto: unify validation of checkPrime checks (Tobias Nießen) #​47165
• [76e4d12fb3] - crypto: re-add padding for AES-KW wrapped JWKs (Filip Skokan) #​46563
• [9d894c17dd] - crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #​46067
• [6f3a8b45a5] - deps: update ada to 2.5.0 (Node.js GitHub Bot) #​48223
• [075b6db919] - deps: update ada to 2.4.2 (Node.js GitHub Bot) #​48092
• [a4ee1f652c] - deps: update ada to 2.4.1 (Node.js GitHub Bot) #​48036
• [81b514d3f0] - deps: update ada to 2.4.0 (Node.js GitHub Bot) #​47922
• [575ddf694f] - deps: update ada to 2.3.1 (Node.js GitHub Bot) #​47893
• [2d03d5f458] - deps: update ada to 2.3.0 (Node.js GitHub Bot) #​47737
• [42e690f2d5] - deps: update ada to 2.2.0 (Node.js GitHub Bot) #​47678
• [08dd271521] - deps: update ada to 2.1.0 (Node.js GitHub Bot) #​47598
• [96c50ba71f] - deps: update ada to 2.0.0 (Node.js GitHub Bot) #​47339
• [4d1c38b758] - deps: update zlib to 337322d (Node.js GitHub Bot) #​48218
• [74206b2549] - deps: update histogram 0.11.8 (Marco Ippolito) #​47742
• [fbb4b3775d] - deps: update histogram to 0.11.7 (Marco Ippolito) #​47742
• [e88c079022] - deps: update simdutf to 3.2.12 (Node.js GitHub Bot) #​48118
• [48bd1248b9] - deps: update minimatch to 9.0.1 (Node.js GitHub Bot) #​48094
• [d4572d31fa] - deps: update corepack to 0.18.0 (Node.js GitHub Bot) #​48091
• [8090d29dc4] - deps: update uvwasi to 0.0.18 (Node.js GitHub Bot) #​47866
• [169c8eea2e] - deps: update uvwasi to 0.0.17 (Node.js GitHub Bot) #​47866
• [6acbb23380] - deps: upgrade npm to 9.6.7 (npm team) #​48062
• [e8f2c0a58b] - deps: update undici to 5.22.1 (Node.js GitHub Bot) #​47994
• [9309fd3120] - deps: update simdutf to 3.2.9 (Node.js GitHub Bot) #​47983
• [b796d3560a] - deps: upgrade npm to 9.6.6 (npm team) #​47862
• [cce372e14e] - deps: V8: cherry-pick c5ab3e4 (Richard Lau) #​47736
• [7283486adb] - deps: update undici to 5.22.0 (Node.js GitHub Bot) #​47679
• [2ea6e03003] - deps: add minimatch as a dependency (Moshe Atlow) #​47499
• [261e1d23d1] - deps: update ICU to 73.1 release (Steven R. Loomis) #​47456
• [f532f9df5f] - deps: update undici to 5.21.2 (Node.js GitHub Bot) #​47508
• [dcb8c038b9] - deps: update simdutf to 3.2.8 (Node.js GitHub Bot) #​47507
• [6c8456d61f] - deps: update undici to 5.21.1 (Node.js GitHub Bot) #​47488
• [d3b2e8a438] - deps: update simdutf to 3.2.7 (Node.js GitHub Bot) #​47473
• [64a5fe0499] - deps: update corepack to 0.17.2 (Node.js GitHub Bot) #​47474
• [6f0f61a7d3] - deps: upgrade npm to 9.6.4 (npm team) #​47432
• [443a72e207] - deps: update zlib to upstream 5edb52d (Luigi Pinca) #​47151
• [dc3bc46914] - deps: update simdutf to 3.2.3 (Node.js GitHub Bot) #​47331
• [b2f2bebbc2] - deps: update timezone to 2023c (Node.js GitHub Bot) #​47302
• [c10729ffa7] - deps: upgrade npm to 9.6.3 (npm team) #​47325
• [420deac1de] - deps: update corepack to 0.17.1 (Node.js GitHub Bot) #​47156
• [966ba28491] - deps: V8: cherry-pick 3e4952c (Richard Lau) #​47236
• [fc6ab26824] - deps: update timezone to 2023b (Node.js GitHub Bot) #​47256
• [2700e70215] - deps: upgrade npm to 9.6.2 (npm team) #​47108
• [29ba98a0a5] - deps: V8: cherry-pick 975ff4d (Debadree Chatterjee) #​47209
• [be34777be8] - deps: cherry-pick win/arm64/clang fixes (Cheng Zhao) #​47011
• [b52aacb614] - deps: update uvwasi to v0.0.16 (Michael Dawson) #​46434
• [27a76cf5e0] - deps,test: update postject to 1.0.0-alpha.6 (Node.js GitHub Bot) #​48072
• [b171c1a3a4] - dgram: convert macro to template (Tobias Nießen) #​47891
• [709bf1c758] - (SEMVER-MINOR) dns: expose getDefaultResultOrder (btea) #​46973
• [2f202c93e7] - doc: clarify array args to Buffer.from() (Bryan English) #​48274
• [27f195f8d8] - doc: document watch option for node:test run() (Moshe Atlow) #​48256
• [7558ef350a] - doc: update documentation for FIPS support (Richard Lau) #​48194
• [f2bb1919e5] - doc: improve the documentation of the stdio option (Kumar Arnav) #​48110
• [a2aa52ba92] - doc: update Buffer.allocUnsafe description (sinkhaha) #​48183
• [19ad471d52] - doc: update codeowners with website team (Claudio Wunder) #​48197
• [67b2c2a98f] - doc: fix broken link to new folder doc/contributing/maintaining (Andrea Fassina) #​48205
• [795ca70815] - doc: add atlowChemi to triagers (Chemi Atlow) #​48104
• [e437a0aff1] - doc: fix typo in readline completer function section (Vadym) #​48188
• [92e0ea496d] - doc: remove broken link for keygen (Rich Trott) #​48176
• [fe15dae8e6] - doc: add auto intrinsic height to prevent jitter/flicker (Daniel Holbert) #​48195
• [230335e21f] - doc: add version info on the SEA docs (Antoine du Hamel) #​48173
• [e6f37d1b80] - doc: add Ruy to list of TSC members (Michael Dawson) #​48172
• [69205a250c] - doc: update socket.remote* properties documentation (Saba Kharanauli) #​48139
• [e4a5d6298c] - doc: update outdated section on TLSv1.3-PSK (Tobias Nießen) #​48123
• [d14018ed99] - doc: improve HMAC key recommendations (Tobias Nießen) #​48121
• [e9d4baf770] - doc: clarify mkdir() recursive behavior (Stephen Odogwu) #​48109
• [3e4a469139] - doc: fix typo in crypto legacy streams API section (Tobias Nießen) #​48122
• [bdf366ab88] - doc: update SEA source link (Rich Trott) #​48080
• [2a4f79a75f] - doc: clarify tty.isRaw (Roberto Vidal) #​48055
• [98c6e4be03] - doc: use secure key length for HMAC generateKey (Tobias Nießen) #​48052
• [8ae5c8cf9d] - doc: update broken EVP_BytesToKey link (Rich Trott) #​48064
• [3c713e7caa] - doc: update broken spkac link (Rich Trott) #​48063
• [c22f739e94] - doc: document node-api version process (Chengzhong Wu) #​47972
• [ce859f9f9f] - doc: fix typo in binding functions (Deokjin Kim) #​48003
• [070c3457b7] - doc: mark Node.js 14 as End-of-Life (Richard Lau) #​48023
• [3611027d8e] - doc: clarify CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED (Tobias Nießen) #​47976
• [dbffad958c] - doc: add missing deprecated blocks to cluster (Tobias Nießen) #​47981
• [035356f711] - doc: update description of global (Tobias Nießen) #​47969
• [081a6ffaea] - doc: update measure memory rejection information (Yash Ladha) #​41639
• [3460cf9c23] - doc: fix broken link to TC39 import attributes proposal (Rich Trott) #​47954
• [3b018c8aa9] - doc: fix broken link (Rich Trott) #​47953
• [244db960a9] - doc: remove broken link (Rich Trott) #​47942
• [2cc8715bb9] - doc: document make lint-md-clean (Matteo Collina) #​47926
• [b80e006c17] - doc: mark global object as legacy (Mert Can Altın) #​47819
• [bf4eb058f3] - doc: ntfs junction points must link to directories (Ben Noordhuis) #​47907
• [49875f0d69] - doc: fix params names (Dmitry Semigradsky) #​47853
• [94b5eaaf17] - doc: update supported version of FreeBSD to 12.4 (Michaël Zasso) #​47838
• [0114201825] - doc: swap Matteo with Rafael in the stewards (Rafael Gonzaga) #​47841
• [8bcfcc0af9] - doc: add valgrind suppression details (Kevin Eady) #​47760
• [75d397ecab] - doc: replace EOL versions in README (Tobias Nießen) #​47833
• [2b0c57cb80] - doc: add ovflowd to collaborators (Claudio Wunder) #​47844
• [be4966977c] - doc: update BUILDING.md previous versions links (Tobias Nießen) #​47835
• [a9e8a20fb8] - doc: create maintaining folder for deps (Marco Ippolito) #​47589
• [fd0f362d7c] - doc: remove MoLow from Triagers (Moshe Atlow) #​47792
• [0927c67ab6] - doc: fix typo in webstreams.md (Christian Takle) #​47766
• [994be578da] - doc: move BethGriggs to regular member (Rich Trott) #​47776
• [64d19f4678] - doc: move addaleax to TSC emeriti (Anna Henningsen) #​47752
• [33ec10e6b8] - doc: add link to news for Node.js core (Michael Dawson) #​47704
• [2a682b5efe] - doc: async_hooks asynchronous content example add mjs code (btea) #​47401
• [4f541c3ca3] - doc: clarify concurrency model of test runner (Tobias Nießen) #​47642
• [ffcff68f0d] - doc: fix typos (Mohammed Keyvanzadeh) #​47685
• [290b2b7afc] - doc: fix capitalization of ASan (Mohammed Keyvanzadeh) #​47676
• [b4ca788878] - doc: fix typos in SECURITY.md (Mohammed Keyvanzadeh) #​47677
• [971c545a47] - doc: update error code of buffer (Deokjin Kim) #​47617
• [ec5c919928] - doc: change offset of example in Buffer.copyBytesFrom (Deokjin Kim) #​47606
• [980bf052c7] - doc: remove markdown link from heading (Tobias Nießen) #​47585
• [e96451ec5e] - doc: fix release-post script location (Rafael Gonzaga) #​47517
• [61ea15339c] - doc: add link for news from uvwasi team (Michael Dawson) #​47531
• [d40bcdd73e] - doc: add missing setEncoding call in ESM example (Anna Henningsen) #​47558
• [924dc909b3] - doc: fix typo in util.types.isNativeError() (Julian Dax) #​47532
• [a24d72a6fb] - doc: add KhafraDev to collaborators (Matthew Aitken) #​47510
• [b0196378b6] - doc: create maintaining-brotli.md (Marco Ippolito) #​47380
• [3902be8fe8] - doc: info on handling unintended breaking changes (Michael Dawson) #​47426
• [670f9a591d] - doc: add performance initiative (Yagiz Nizipli) #​47424
• [89a5d04a8e] - doc: do not create a backup file (Luigi Pinca) #​47151
• [7f2bccc5d6] - doc: add MoLow to the TSC (Colin Ihrig) #​47436
• [7db2e889ac] - doc: add a note about os.cpus() returning an empty list (codedokode) #​47363
• [289a8e30d6] - doc: clarify reports are only evaluated on active versions (Rafael Gonzaga) #​47341
• [dc22edb4d2] - doc: remove Vladimir de Turckheim from Security release stewards (Vladimir de Turckheim) #​47318
• [3e74a74da3] - doc: add importing util to example of `process.report.getReport' (Deokjin Kim) #​47298
• [ece029f64e] - doc: vm.SourceTextModule() without context option (Axel Kittenberger) #​47295
• [c7227204cc] - doc: document process for sharing project news (Michael Dawson) #​47189
• [2865cbb4bd] - doc: revise example of assert.CallTracker (Deokjin Kim) #​47252
• [81ebaf2670] - doc: fix typo in SECURITY.md (Rich Trott) #​47282
• [faabd48f11] - doc: use serial comma in cli docs (Tobias Nießen) #​47262
• [3a85794089] - doc: improve example for Error.captureStackTrace() (Julian Dax) #​46886
• [2114fa472b] - doc: clarify http error events after calling destroy() (Zach Bjornson) #​46903
• [d15f522d1f] - doc: update output of example in AbortController (Deokjin Kim) #​47227
• [ab6588e343] - doc: drop one-week branch sync on major releases (Rafael Gonzaga) #​47149
• [6ac52e3061] - doc: fix grammar in the collaborator guide (Mohammed Keyvanzadeh) #​47245
• [13175774a6] - doc: update stream.reduce concurrency note (Raz Luvaton) #​47166
• [1e97ccd6d4] - doc: remove use of DEFAULT_ENCODING in PBKDF2 docs (Tobias Nießen) #​47181
• [d562a7c461] - doc: fix typos in async_context.md (Shubham Sharma) #​47155
• [9a11788cdf] - doc: update collaborator guide to reflect TSC changes (Rich Trott) #​47126
• [5fc2bb763f] - doc: clarify that fs.create{Read,Write}Stream support AbortSignal (Antoine du Hamel) #​47122
• [2dd3b0213e] - doc: improve documentation for util.types.isNativeError() (Julian Dax) #​46840
• [ce4636e36b] - doc: rename the startup performance initiative to startup snapshot (#​47111) (Joyee Cheung)
• [309d017f15] - doc: fix "maintaining dependencies" heading typos (Keyhan Vakil) #​47082
• [230a984eb3] - doc: include webstreams in finished() and Duplex.from() parameters (Debadree Chatterjee) #​46312
• [8651ea822e] - doc,fs: update description of fs.stat() method (Mert Can Altın) #​47654
• [e4539e1f19] - doc,test: update the v8.startupSnapshot doc and test the example (Joyee Cheung) #​47468
• [3dddc0175f] - doc,test: fix concurrency option of test() (Tobias Nießen) #​47734
• [563f9fe06a] - doc,vm: clarify usage of cachedData in vm.compileFunction() (Darshan Sen) #​48193
• [316016ffac] - esm: avoid accessing lazy getters for urls (Yagiz Nizipli) #​47542
• [e5e385d2b2] - esm: increase test coverage of edge cases (Antoine du Hamel) #​47033
• [061fb20660] - (SEMVER-MINOR) events: add getMaxListeners method (Matthew Aitken) #​47039
• [ed0b62cc01] - (SEMVER-MINOR) fs: add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #​47084
• [9b44c56c9a] - fs: make readdir recursive algorithm iterative (Ethan Arrowood) #​47650
• [7273ef53b3] - (SEMVER-MINOR) fs: add recursive option to readdir and opendir (Ethan Arrowood) #​41439
• [3f0636d2c1] - (SEMVER-MINOR) fs: add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #​47084
• [a0b9853251] - (SEMVER-MINOR) fs: implement byob mode for readableWebStream() (Debadree Chatterjee) #​46933
• [709e368708] - http: send implicit headers on HEAD with no body (Matteo Collina) #​48108
• [dc318f26c0] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #​47732
• [4b2a015642] - (SEMVER-MINOR) http: remove internal error in assignSocket (Matteo Collina) #​47723
• [7cef6aa721] - (SEMVER-MINOR) http: add highWaterMark opt in http.createServer (HinataKah0) #​47405
• [9186f3a0ef] - http2: improve nghttp2 error callback (Tobias Nießen) #​47840
• [cc7e5dd4cd] - inspector: add tips for Session (theanarkh) #​47195
• [70c0e882d3] - inspector: log response and requests in the inspector for debugging (Joyee Cheung) #​46941
• [6099d2d08b] - inspector: fix session.disconnect crash (theanarkh) #​46942
• [156292d44a] - lib: create weakRef only if any signals provided (Chemi Atlow) #​48448
• [efaa073303] - (SEMVER-MINOR) lib: implement AbortSignal.any() (Chemi Atlow) #​47821
• [c46b31f3bf] - lib: support FORCE_COLOR for non TTY streams (Moshe Atlow) #​48034
• [286c358832] - lib: do not disable linter for entire files (Antoine du Hamel) #​48299
• [a2552ab7c0] - lib: use existing isWindows variable (sinkhaha) #​48134
• [2b65625281] - lib: update comment (sinkhaha) #​47884
• [fa447b5120] - lib: use webidl DOMString converter in EventTarget (Matthew Aitken) #​47514
• [33f32dc318] - lib: define Event.isTrusted in the prototype (Santiago Gimeno) #​46974
• [50789a5e4a] - lib: refactor to use validateBuffer (Deokjin Kim) #​46489
• [3658abea26] - (SEMVER-MINOR) lib: add webstreams to Duplex.from() (Debadree Chatterjee) #​46190
• [fcf3781d22] - lib,src,test: lint codebase according new rules for v18.x (Juan José Arboleda) #​48697
• [b55dc53422] - meta: bump github/codeql-action from 2.3.3 to 2.3.6 (dependabot[bot]) #​48287
• [8ac4579d85] - meta: bump actions/setup-python from 4.6.0 to 4.6.1 (dependabot[bot]) #​48286
• [b1854fe9c1] - meta: bump codecov/codecov-action from 3.1.3 to 3.1.4 (dependabot[bot]) #​48285
• [d9448b8d93] - meta: remove dont-land-on-v14 auto labeling (Shrujal Shah) #​48031
• [bb859768b6] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​48010
• [af90fb939b] - meta: bump step-security/harden-runner from 2.3.1 to 2.4.0 (Rich Trott) #​47980
• [4dcf5e2052] - meta: bump github/codeql-action from 2.3.2 to 2.3.3 (Rich Trott) #​47979
• [dab3186ea2] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (Rich Trott) #​47968
• [546224c13c] - meta: add security-wg ping to permission.js (Rafael Gonzaga) #​47941
• [353dfbd2d6] - meta: bump step-security/harden-runner from 2.2.1 to 2.3.1 (dependabot[bot]) #​47808
• [20a5cc27ec] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (dependabot[bot]) #​47806
• [eef6442d8d] - meta: bump actions/checkout from 3.3.0 to 3.5.2 (dependabot[bot]) #​47805
• [e30e6a718a] - meta: remove extra space in scorecard workflow (Mestery) #​47805
• [2d13cdebc4] - meta: bump github/codeql-action from 2.2.9 to 2.3.2 (dependabot[bot]) #​47809
• [f0d8352ed8] - meta: bump codecov/codecov-action from 3.1.1 to 3.1.3 (dependabot[bot]) #​47807
• [7e95fba0ff] - meta: fix dependabot commit message (Mestery) #​47810
• [d31d9c7c28] - meta: ping nodejs/startup for startup test changes (Joyee Cheung) #​47771
• [077686055b] - meta: add mailmap entry for KhafraDev (Rich Trott) #​47512
• [e50eb6570a] - meta: ping security-wg team on permission model changes (Rafael Gonzaga) #​47483
• [2df1a36214] - meta: ping startup and realm team on src/node_realm* changes (Joyee Cheung) #​47448
• [c7dc6e321b] - meta: fix notable-change comment label url (Filip Skokan) #​47300
• [e859ca44d5] - meta: clarify the threat model to explain the JSON.parse case (Matteo Collina) #​47276
• [1f08f4848d] - meta: update link to collaborators discussion page (Michaël Zasso) #​47211
• [3b524cbf86] - meta: automate description requests when notable change label is added (Danielle Adams) #​47078
• [da16ca7c59] - meta: move TSC voting member(s) to regular member(s) (Node.js GitHub Bot) #​47180
• [0c80e60d7e] - meta: move TSC voting member to regular membership (Node.js GitHub Bot) #​46985
• [0edcfed895] - meta: update GOVERNANCE.md to reflect TSC charter changes (Rich Trott) #​47126
• [baada5d035] - meta: ask expected behavior reason in bug template (Ben Noordhuis) #​47049
• [5d75ec402e] - module: reduce the number of URL initializations (Yagiz Nizipli) #​48272
• [c5af5a4f4f] - module: change default resolver to not throw on unknown scheme (Gil Tayar) #​47824
• [cf8845d001] - module: block requiring test/reporters without scheme (Moshe Atlow) #​47831
• [ce7e6c6765] - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) #​48151
• [53c02b20b8] - node-api: add status napi_cannot_run_js (Gabriel Schulhof) #​47986
• [4b280d5361] - node-api: napi_ref on all types is experimental (Vladimir Morozov) #​47975
• [e2553b12e7] - (NODE-API-SEMVER-MAJOR) node-api: get Node API version used by addon (Vladimir Morozov) #​45715
• [[`

---

Configuration

📅 Schedule: Branch creation - "before 3am on Friday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 44af1ea

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[google-oss-bot]

Size Report ¹

Affected Products

• @firebase/firestore

  Type	Base (12f2559)	Merge (f51549c)	Diff
  browser	374 kB	374 kB	-48 B (-0.0%)
  esm5	359 kB	359 kB	-48 B (-0.0%)
  module	374 kB	374 kB	-48 B (-0.0%)
  react-native	374 kB	374 kB	-48 B (-0.0%)

• @firebase/firestore-lite

  Type	Base (12f2559)	Merge (f51549c)	Diff
  browser	109 kB	109 kB	-2 B (-0.0%)
  esm5	106 kB	106 kB	-2 B (-0.0%)
  module	109 kB	109 kB	-2 B (-0.0%)
  react-native	109 kB	109 kB	-2 B (-0.0%)

• bundle

  Type	Base (12f2559)	Merge (f51549c)	Diff
  firestore (Persistence)	302 kB	302 kB	-11 B (-0.0%)
  firestore (Query Cursors)	238 kB	238 kB	-56 B (-0.0%)
  firestore (Query)	236 kB	235 kB	-56 B (-0.0%)
  firestore (Read data once)	224 kB	224 kB	-56 B (-0.0%)
  firestore (Realtime updates)	226 kB	226 kB	-56 B (-0.0%)
  firestore (Transaction)	204 kB	204 kB	-9 B (-0.0%)
  firestore (Write data)	203 kB	203 kB	-7 B (-0.0%)
  firestore-lite (Transaction)	86.2 kB	86.2 kB	-2 B (-0.0%)

• firebase

  Type	Base (12f2559)	Merge (f51549c)	Diff
  firebase-compat.js	777 kB	777 kB	-48 B (-0.0%)
  firebase-firestore-compat.js	340 kB	340 kB	-48 B (-0.0%)
  firebase-firestore-lite.js	116 kB	116 kB	-2 B (-0.0%)
  firebase-firestore.js	434 kB	434 kB	-48 B (-0.0%)

Test Logs

• Base (12f2559): https://github.com/firebase/firebase-js-sdk/actions/runs/6537952685
• Merge (f51549c): https://github.com/firebase/firebase-js-sdk/actions/runs/6559817870

1. https://storage.googleapis.com/firebase-sdk-metric-reports/WWkMqVZv54.html

[google-oss-bot]

Size Analysis Report ¹

Affected Products

• @firebase/firestore

  • addDoc

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	123 kB	123 kB	-7 B (-0.0%)
    size-with-ext-deps	193 kB	193 kB	-7 B (-0.0%)

  • clearIndexedDbPersistence

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	26.5 kB	26.5 kB	+10 B (+0.0%)
    size-with-ext-deps	96.3 kB	96.3 kB	+10 B (+0.0%)

  • deleteDoc

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	114 kB	114 kB	-7 B (-0.0%)
    size-with-ext-deps	184 kB	184 kB	-7 B (-0.0%)

  • disableNetwork

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	102 kB	102 kB	-7 B (-0.0%)
    size-with-ext-deps	173 kB	173 kB	-7 B (-0.0%)

  • enableIndexedDbPersistence

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	186 kB	186 kB	+3 B (+0.0%)
    size-with-ext-deps	257 kB	257 kB	+3 B (+0.0%)

  • enableMultiTabIndexedDbPersistence

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	221 kB	221 kB	-11 B (-0.0%)
    size-with-ext-deps	293 kB	293 kB	-11 B (-0.0%)

  • enableNetwork

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	102 kB	102 kB	-7 B (-0.0%)
    size-with-ext-deps	173 kB	173 kB	-7 B (-0.0%)

  • executeWrite

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	113 kB	113 kB	-7 B (-0.0%)
    size-with-ext-deps	183 kB	183 kB	-7 B (-0.0%)

  • getAggregateFromServer

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	109 kB	109 kB	-7 B (-0.0%)
    size-with-ext-deps	180 kB	180 kB	-7 B (-0.0%)

  • getCountFromServer

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	110 kB	110 kB	-7 B (-0.0%)
    size-with-ext-deps	180 kB	180 kB	-7 B (-0.0%)

  • getDoc

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	143 kB	143 kB	-56 B (-0.0%)
    size-with-ext-deps	213 kB	213 kB	-56 B (-0.0%)

  • getDocFromServer

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	143 kB	143 kB	-56 B (-0.0%)
    size-with-ext-deps	213 kB	213 kB	-56 B (-0.0%)

  • getDocs

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	145 kB	145 kB	-56 B (-0.0%)
    size-with-ext-deps	215 kB	215 kB	-56 B (-0.0%)

  • getDocsFromServer

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	144 kB	144 kB	-56 B (-0.0%)
    size-with-ext-deps	215 kB	215 kB	-56 B (-0.0%)

  • loadBundle

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	112 kB	112 kB	-7 B (-0.0%)
    size-with-ext-deps	182 kB	182 kB	-7 B (-0.0%)

  • memoryLocalCache

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	99.4 kB	99.4 kB	-7 B (-0.0%)
    size-with-ext-deps	170 kB	170 kB	-7 B (-0.0%)

  • onSnapshot

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	145 kB	145 kB	-56 B (-0.0%)
    size-with-ext-deps	216 kB	216 kB	-56 B (-0.0%)

  • onSnapshotsInSync

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	135 kB	135 kB	-21 B (-0.0%)
    size-with-ext-deps	205 kB	205 kB	-21 B (-0.0%)

  • persistentLocalCache

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	183 kB	183 kB	+3 B (+0.0%)
    size-with-ext-deps	255 kB	255 kB	+3 B (+0.0%)

  • persistentMultipleTabManager

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	218 kB	218 kB	-11 B (-0.0%)
    size-with-ext-deps	290 kB	290 kB	-11 B (-0.0%)

  • persistentSingleTabManager

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	182 kB	182 kB	+3 B (+0.0%)
    size-with-ext-deps	254 kB	254 kB	+3 B (+0.0%)

  • runTransaction

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	123 kB	123 kB	-9 B (-0.0%)
    size-with-ext-deps	193 kB	193 kB	-9 B (-0.0%)

  • setDoc

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	122 kB	122 kB	-7 B (-0.0%)
    size-with-ext-deps	193 kB	193 kB	-7 B (-0.0%)

  • updateDoc

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	123 kB	123 kB	-7 B (-0.0%)
    size-with-ext-deps	193 kB	193 kB	-7 B (-0.0%)

  • waitForPendingWrites

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	103 kB	103 kB	-7 B (-0.0%)
    size-with-ext-deps	173 kB	173 kB	-7 B (-0.0%)

  • writeBatch

    Size

    Type	Base (12f2559)	Merge (f51549c)	Diff
    size	125 kB	125 kB	-7 B (-0.0%)
    size-with-ext-deps	195 kB	195 kB	-7 B (-0.0%)

Test Logs

• Base (12f2559): https://github.com/firebase/firebase-js-sdk/actions/runs/6537952685
• Merge (f51549c): https://github.com/firebase/firebase-js-sdk/actions/runs/6559817870

1. https://storage.googleapis.com/firebase-sdk-metric-reports/i12xnIALnj.html

[github-actions]

Changeset File Check ✅

• No modified packages are missing from the changeset file.
• No changeset formatting errors detected.