chore(deps): update node.js to v18.20.5 #39
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
18.19-bullseye
->18.20-bullseye
18.19.1-alpine
->18.20.5-alpine
18.19.1
->18.20.5
18.19.1-slim
->18.20.5-slim
Release Notes
nodejs/node (node)
v18.20.5
: 2024-11-12, Version 18.20.5 'Hydrogen' (LTS), @aduh95Compare Source
Notable Changes
ac37e554a5
] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #55333Commits
c2e6a8f215
] - benchmark: fix napi/ref addon (Michaël Zasso) #532334c2e07aaac
] - build: pin doc workflow to Node.js 20 (Richard Lau) #557556ba4ebd060
] - build: fix build with Python 3.12 (Luigi Pinca) #50582c50f01399e
] - crypto: ensure invalid SubtleCrypto JWK data import results in DataError (Filip Skokan) #550415c46782137
] - crypto: make deriveBits length parameter optional and nullable (Filip Skokan) #536016e7274fa53
] - crypto: reject dh,x25519,x448 in {Sign,Verify}Final (Huáng Jùnliàng) #53774d2442044db
] - crypto: rejectEd25519
/Ed448 in Sign/Verify prototypes (Filip Skokan) #5234093670de499
] - deps: upgrade npm to 10.8.2 (npm team) #537998531c95587
] - deps: upgrade npm to 10.8.1 (npm team) #53207fd9933ea0f
] - deps: upgrade npm to 10.8.0 (npm team) #5301403852495d7
] - deps: update simdutf to 5.6.0 (Node.js GitHub Bot) #553793597be4146
] - deps: update simdutf to 5.5.0 (Node.js GitHub Bot) #5443452d2c03738
] - deps: update simdutf to 5.3.4 (Node.js GitHub Bot) #54312dd882ac483
] - deps: update simdutf to 5.3.1 (Node.js GitHub Bot) #541965fb8e1b428
] - deps: update simdutf to 5.3.0 (Node.js GitHub Bot) #53837c952fd886d
] - deps: update simdutf to 5.2.8 (Node.js GitHub Bot) #52727a1ae050ed5
] - deps: update simdutf to 5.2.6 (Node.js GitHub Bot) #5272796ec48da7f
] - deps: update brotli to 1.1.0 (Node.js GitHub Bot) #5080411242bcfb4
] - deps: update zlib to 1.3.0.1-motley-71660e1 (Node.js GitHub Bot) #5346464f98a9869
] - deps: update zlib to 1.3.0.1-motley-c2469fd (Node.js GitHub Bot) #534644b815550e0
] - deps: update zlib to 1.3.0.1-motley-68e57e6 (Node.js GitHub Bot) #53464f6b2f68ce7
] - deps: update zlib to 1.3.0.1-motley-8b7eff8 (Node.js GitHub Bot) #53464e151ebef86
] - deps: update zlib to 1.3.0.1-motley-e432200 (Node.js GitHub Bot) #53464637a306e02
] - deps: update zlib to 1.3.0.1-motley-887bb57 (Node.js GitHub Bot) #53464569a739569
] - deps: update zlib to 1.3.0.1-motley-209717d (Node.js GitHub Bot) #53156033f1e2ba5
] - deps: update zlib to 1.3.0.1-motley-4f653ff (Node.js GitHub Bot) #53052aaa857fc01
] - deps: update ada to 2.8.0 (Node.js GitHub Bot) #53254d577321877
] - deps: update acorn to 8.13.0 (Node.js GitHub Bot) #5555855b3c8a41f
] - deps: update acorn-walk to 8.3.4 (Node.js GitHub Bot) #5495050a9456f1e
] - deps: update acorn-walk to 8.3.3 (Node.js GitHub Bot) #53466f56cfe776b
] - deps: update acorn to 8.12.1 (Node.js GitHub Bot) #53465fce3ab686d
] - deps: update archs files for openssl-3.0.15+quic1 (Node.js GitHub Bot) #5518446c782486e
] - deps: upgrade openssl sources to quictls/openssl-3.0.15+quic1 (Node.js GitHub Bot) #551844a18581dc3
] - deps: update corepack to 0.29.4 (Node.js GitHub Bot) #5484567e98831ab
] - deps: update archs files for openssl-3.0.14+quic1 (Node.js GitHub Bot) #54336c60c6630af
] - deps: upgrade openssl sources to quictls/openssl-3.0.14+quic1 (Node.js GitHub Bot) #54336935a506377
] - deps: update corepack to 0.29.3 (Node.js GitHub Bot) #54072dbdfdd0226
] - deps: update corepack to 0.29.2 (Node.js GitHub Bot) #53838395ee44608
] - deps: update corepack to 0.28.2 (Node.js GitHub Bot) #532536ba8bc0618
] - deps: update c-ares to 1.29.0 (Node.js GitHub Bot) #5315581c3260cd2
] - deps: update corepack to 0.28.1 (Node.js GitHub Bot) #52946e4739e9aa6
] - doc: only apply content-visibility on all.html (Filip Skokan) #535104d2ac5d98f
] - doc: move release key for Myles Borins (Richard Lau) #540591c4decc998
] - doc: add release key for aduh95 (Antoine du Hamel) #55349a4f6f0918f
] - doc: add names next to release key bash commands (Aviv Keller) #52878c679348f83
] - errors: usedetermineSpecificType
in more error messages (Antoine du Hamel) #495803059262185
] - esm: fix broken assertion inlegacyMainResolve
(Antoine du Hamel) #55708ac37e554a5
] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #5533384b0ead758
] - esm: fix hook name in error message (Bruce MacNaughton) #504660092358d00
] - http: handle multi-value content-disposition header (Arsalan Ahmad) #50977d814fe935c
] - src: account for OpenSSL unexpected version (Shelley Vohr) #540386615fe5db1
] - src: fix dynamically linked OpenSSL version (Richard Lau) #53456d6114cb2e2
] - test: fix test when compiled without engine support (Richard Lau) #53232ac3a39051c
] - test: fix test-tls-junk-closes-server (Michael Dawson) #55089c8520ff7d2
] - test: fix OpenSSL version checks (Richard Lau) #535039824827937
] - test: update tls test to support OpenSSL32 (Michael Dawson) #550301a4d497936
] - test: adjust tls-set-ciphers for OpenSSL32 (Michael Dawson) #55016341496a5a2
] - test: add asserts to validate test assumptions (Michael Dawson) #5499737a2f7eaa4
] - test: adjust key sizes to support OpenSSL32 (Michael Dawson) #5497275ff0cdf66
] - test: update test to support OpenSSL32 (Michael Dawson) #54968b097d85dfe
] - test: adjust test-tls-junk-server for OpenSSL32 (Michael Dawson) #54926e9997388a6
] - test: adjust tls test for OpenSSL32 (Michael Dawson) #54909c7de027adb
] - test: fix test test-tls-dhe for OpenSSL32 (Michael Dawson) #5490368156cbae1
] - test: fix test-tls-client-mindhsize for OpenSSL32 (Michael Dawson) #54739d5b73e5683
] - test: increase key size for ca2-cert.pem (Michael Dawson) #545995316314755
] - test: update TLS test for OpenSSL 3.2 (Richard Lau) #54612a1f0c87859
] - test: fix test-tls-client-auth test for OpenSSL32 (Michael Dawson) #54610e9e3306426
] - test: use assert.{s,deepS}trictEqual() (Sonny) #542081320fb9475
] - test: update TLS trace tests for OpenSSL >= 3.2 (Richard Lau) #53229cc3cdf7cc0
] - test: check against run-time OpenSSL version (Richard Lau) #53456fc43c6803e
] - test: update TLS tests for OpenSSL 3.2 (Richard Lau) #53384627d3993f0
] - test: fix unreliable assumption in js-native-api/test_cannot_run_js (Joyee Cheung) #518989f521f456e
] - test: update tests for OpenSSL 3.0.14 (Richard Lau) #533730fb652eba9
] - tools: update gyp-next to v0.16.1 (Michaël Zasso) #50380fa72b2c2de
] - tools: skip ruff on tools/gyp (Michaël Zasso) #50380v18.20.4
: 2024-07-08, Version 18.20.4 'Hydrogen' (LTS), @RafaelGSSCompare Source
This is a security release.
Notable Changes
Commits
85abedf1ff
] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522eccd63b865
] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596v18.20.3
: 2024-05-21, Version 18.20.3 'Hydrogen' (LTS), @richardlauCompare Source
Notable Changes
This release fixes a regression introduced in Node.js 18.19.0 where
http.server.close()
was incorrectly closing idle connections.A fix has also been included for compiling Node.js from source with newer versions of Clang.
The list of keys used to sign releases has been synchronized with the current list from the
main
branch.Updated dependencies
Commits
0c260e10e7
] - deps: update zlib to 1.3.0.1-motley-7d77fb7 (Node.js GitHub Bot) #525161152d7f919
] - deps: update zlib to 1.3.0.1-motley-24c07df (Node.js GitHub Bot) #52199755399db9d
] - deps: update zlib to 1.3.0.1-motley-24342f6 (Node.js GitHub Bot) #52123af3e32073b
] - deps: update ada to 2.7.8 (Node.js GitHub Bot) #52517e4ea2db58b
] - deps: update c-ares to 1.28.1 (Node.js GitHub Bot) #5228514e857bea2
] - deps: update corepack to 0.28.0 (Node.js GitHub Bot) #526167f5dd44ca6
] - deps: upgrade npm to 10.7.0 (npm team) #5276778f84ebb09
] - deps: update ngtcp2 to 1.3.0 (Node.js GitHub Bot) #517961f489a3753
] - deps: update ngtcp2 to 1.2.0 (Node.js GitHub Bot) #515843034968225
] - deps: update ngtcp2 to 1.1.0 (Node.js GitHub Bot) #513191aa9da467f
] - deps: add nghttp3/**/.deps to .gitignore (Luigi Pinca) #5140028c0c78c9a
] - deps: update ngtcp2 and nghttp3 (James M Snell) #512918fd5a35364
] - deps: upgrade npm to 10.5.2 (npm team) #524582c53ff31c9
] - deps: update acorn-walk to 8.3.2 (Node.js GitHub Bot) #5145712f28f33c2
] - deps: update acorn to 8.11.3 (Node.js GitHub Bot) #51317dddb7eb3e0
] - deps: update acorn-walk to 8.3.1 (Node.js GitHub Bot) #50457c86550e607
] - deps: update acorn-walk to 8.3.0 (Node.js GitHub Bot) #504579500817f66
] - deps: update acorn to 8.11.2 (Node.js GitHub Bot) #504607a8c7b6275
] - deps: update ada to 2.7.7 (Node.js GitHub Bot) #52028b199889943
] - deps: update corepack to 0.26.0 (Node.js GitHub Bot) #52027052b0ba0c6
] - deps: upgrade npm to 10.5.1 (npm team) #52351209823d3af
] - deps: update simdutf to 5.2.4 (Node.js GitHub Bot) #524735114cbe18a
] - deps: update simdutf to 5.2.3 (Yagiz Nizipli) #52381be30309ea0
] - deps: update simdutf to 5.0.0 (Daniel Lemire) #52138b56f66e250
] - deps: update simdutf to 4.0.9 (Node.js GitHub Bot) #51655a9f3b9d9d1
] - deps: update nghttp2 to 1.61.0 (Node.js GitHub Bot) #523951b6fa70620
] - deps: update nghttp2 to 1.60.0 (Node.js GitHub Bot) #519483c9dbbf4d4
] - deps: update nghttp2 to 1.59.0 (Node.js GitHub Bot) #51581e28316da54
] - deps: update nghttp2 to 1.58.0 (Node.js GitHub Bot) #50441678641f470
] - deps: V8: cherry-pickd15d49b
(Bo Anderson) #523371147fee7d9
] - doc: remove ableist language from crypto (Jamie King) #520635e93eae972
] - doc: add release key for marco-ippolito (marco-ippolito) #522576689a98488
] - http: remove closeIdleConnections function while calling server close (Kumar Rishav) #5233671616e8a8a
] - node-api: make tsfn accept napi_finalize once more (Gabriel Schulhof) #51801d9d9e62474
] - src: avoid draining platform tasks at FreeEnvironment (Chengzhong Wu) #51290e5fc8ec9fc
] - test: skip v8-updates/test-linux-perf (Michaël Zasso) #49639351ef189ca
] - test: v8: Add test-linux-perf-logger test suite (Luke Albao) #503525cec2efc31
] - test: reduce the number of requests and parsers (Luigi Pinca) #502405186e453d9
] - test: deflake test-http-regr-gh-2928 (Luigi Pinca) #49574c60cd67e1c
] - test: skip test for dynamically linked OpenSSL (Richard Lau) #52542v18.20.2
: 2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSSCompare Source
This is a security release.
Notable Changes
child_process.spawn
without shell option enabled on WindowsCommits
6627222409
] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564v18.20.1
: 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @RafaelGSSCompare Source
This is a security release.
Notable Changes
Commits
60d24938de
] - deps: update undici to v5.28.4 (Matteo Collina) nodejs-private/node-private#5775d4d5848cf
] - http: do not allow OBS fold in headers by default (Paolo Insogna) nodejs-private/node-private#5580fb816dbcc
] - src: ensure to close stream when destroying session (Anna Henningsen) nodejs-private/node-private#561v18.20.0
: 2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @richardlauCompare Source
Notable Changes
Added support for import attributes
Support has been added for import attributes, to replace the old import
assertions syntax. This will aid migration by making the new syntax available
across all currently supported Node.js release lines.
This adds the
with
keyword which should be used in place of the previousassert
keyword, which will be removed in a future semver-major Node.jsrelease.
For example,
import "foo" assert { ... }
should be replaced with
import "foo" with { ... }
For more details, see
Contributed by Nicolò Ribaudo in #51136
and Antoine du Hamel in #50140.
Doc deprecation for
dirent.path
Please use newly added
dirent.parentPath
instead.Contributed by Antoine du Hamel in #50976
and #51020.
Experimental node-api feature flags
Introduces an experimental feature to segregate finalizers that affect GC state.
A new type called
node_api_nogc_env
has been introduced as the const versionof
napi_env
andnode_api_nogc_finalize
as a variant ofnapi_finalize
thataccepts a
node_api_nogc_env
as its first argument.This feature can be turned off by defining
NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT
.Contributed by Gabriel Schulhof in #50060.
Root certificates updated to NSS 3.98
Certificates added:
Certificates removed:
Updated dependencies
vm: fix V8 compilation cache support for vm.Script
Previously repeated compilation of the same source code using
vm.Script
stopped hitting the V8 compilation cache after v16.x when support for
importModuleDynamically
was added tovm.Script
, resulting in a performanceregression that blocked users (in particular Jest users) from upgrading from
v16.x.
The recent fixes allow the compilation cache to be hit again
for
vm.Script
when--experimental-vm-modules
is not used even in thepresence of the
importModuleDynamically
option, so that users affected by theperformance regression can now upgrade. Ongoing work is also being done to
enable compilation cache support for
vm.CompileFunction
.Contributed by Joyee Cheung in #49950
and #50137.
Commits
c70383b8d4
] - build: support Python 3.12 (Shi Pujin) #502094b960c3a4a
] - build: fix incorrect g++ warning message (Richard Lau) #516958fdea67694
] - crypto: update root certificates to NSS 3.98 (Node.js GitHub Bot) #51794812b126dd9
] - deps: V8: cherry-pickd90d453
(Michaël Zasso) #500779ab8c3db87
] - deps: update c-ares to 1.27.0 (Node.js GitHub Bot) #51846c688680387
] - deps: update c-ares to 1.26.0 (Node.js GitHub Bot) #515829498ac8a47
] - deps: compile c-ares with C11 support (Michaël Zasso) #514108fb743642f
] - deps: update c-ares to 1.25.0 (Node.js GitHub Bot) #513857bea2d7c12
] - deps: update zlib to 1.3.0.1-motley-40e35a7 (Node.js GitHub Bot) #5127457a38c8f75
] - deps: update zlib to 1.3.0.1-motley-dd5fc13 (Node.js GitHub Bot) #51105b0ca084a6b
] - deps: update zlib to 1.3-22124f5 (Node.js GitHub Bot) #509104b43823f37
] - deps: update zlib to 1.2.13.1-motley-5daffc7 (Node.js GitHub Bot) #50803f0da591812
] - deps: update zlib to 1.2.13.1-motley-dfc48fc (Node.js GitHub Bot) #5045616d28a883a
] - deps: update base64 to 0.5.2 (Node.js GitHub Bot) #5145513a9e81cb6
] - deps: update base64 to 0.5.1 (Node.js GitHub Bot) #50629b4502d3ac5
] - deps: update simdutf to 4.0.8 (Node.js GitHub Bot) #51000183cf8a74a
] - deps: update simdutf to 4.0.4 (Node.js GitHub Bot) #5077211ba8593ea
] - deps: update ada to 2.7.6 (Node.js GitHub Bot) #5154273a946d55c
] - deps: update ada to 2.7.5 (Node.js GitHub Bot) #51542cc434c1a39
] - deps: update ada to 2.7.4 (Node.js GitHub Bot) #508153a3808a6ae
] - deps: upgrade npm to 10.5.0 (npm team) #51913c8876d765c
] - deps: upgrade npm to 10.3.0 (npm team) #514315aec3af460
] - deps: update corepack to 0.25.2 (Node.js GitHub Bot) #51810a593985326
] - deps: update corepack to 0.24.1 (Node.js GitHub Bot) #51459d1a9237bf5
] - deps: update corepack to 0.24.0 (Node.js GitHub Bot) #51318adac0c7a63
] - deps: update corepack to 0.23.0 (Node.js GitHub Bot) #505634a6f83e32a
] - deps: escape Python strings correctly (Michaël Zasso) #50695c13969e52a
] - deps: V8: cherry-pickea996ad
(Nicolò Ribaudo) #511366fbf0ba5c3
] - deps: V8: cherry-picka0fd320
(Nicolò Ribaudo) #5113668fd7516e1
] - deps: update timezone to 2024a (Michaël Zasso) #51723f9b229ebe1
] - deps: update icu to 74.2 (Michaël Zasso) #5172390c73d2eb4
] - deps: update timezone to 2023d (Node.js GitHub Bot) #514612a2bf57028
] - deps: update icu to 74.1 (Node.js GitHub Bot) #50515425e011e52
] - deps: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) #4987458c70344a2
] - deps: V8: cherry-pick705e374
(Joyee Cheung) #51004b0e88899e1
] - deps: V8: cherry-pick1fada6b
(Joyee Cheung) #51004d87a810b81
] - deps: V8: cherry-pick3dd9576
(Joyee Cheung) #510046d50966876
] - deps: V8: cherry-pick94e8282
(Joyee Cheung) #51004fafbacdfec
] - deps: V8: cherry-pick9a98f96
(Joyee Cheung) #51004d4a530ed8d
] - deps: V8: cherry-pick7f5daed
(Joyee Cheung) #510041ce901b164
] - deps: V8: cherry-pickc400af4
(Joyee Cheung) #51004f232064f35
] - doc: fix historical experimental fetch flag (Kenrick) #51506194ff6a40f
] - (SEMVER-MINOR) doc: add deprecation notice todirent.path
(Antoine du Hamel) #509760f09267dc6
] - (SEMVER-MINOR) doc: deprecatedirent.path
(Antoine du Hamel) #509768bfb8f5b2f
] - doc,crypto: further clarify RSA_PKCS1_PADDING support (Tobias Nießen) #51799c7baf7b274
] - doc,crypto: add changelog and note about disabled RSA_PKCS1_PADDING (Filip Skokan) #51782a193be3dc2
] - esm: use import attributes instead of import assertions (Antoine du Hamel) #5014026e8f7793e
] - (SEMVER-MINOR) fs: introducedirent.parentPath
(Antoine du Hamel) #509765b5e5192f7
] - lib: fix compileFunction throws range error for negative numbers (Jithil P Ponnan) #498557552de6806
] - module: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) #485102e05cf1c60
] - module: fix leak of vm.SyntheticModule (Joyee Cheung) #48510a86a2e14a3
] - module: use symbol in WeakMap to manage host defined options (Joyee Cheung) #4851032906ddcac
] - node-api: segregate nogc APIs from rest via type system (Gabriel Schulhof) #500601aa71c26ff
] - node-api: factor out common code into macros (Gabriel Schulhof) #506643d0b233f52
] - node-api: introduce experimental feature flags (Gabriel Schulhof) #5099196514a8b9f
] - src: iterate on import attributes array correctly (Michaël Zasso) #507032c2892bf88
] - src: set ModuleWrap internal fields only once (Joyee Cheung) #49391ff334cb774
] - src: cast v8::Object::GetInternalField() return value to v8::Value (Joyee Cheung) #48943270b519971
] - stream: do not defer construction by one microtick (Matteo Collina) #5200595d7a75084
] - test: fix dns test case failures after c-ares update to 1.21.0+ (Brad House) #50743cd613e5167
] - test: handle relative https redirect (Richard Lau) #5112140f10eafcf
] - test: fixinternet/test-inspector-help-page
(Richard Lau) #516935e426511b1
] - test: deflake test-vm-contextified-script-leak (Joyee Cheung) #497100b156c6d28
] - test: use checkIfCollectable in vm leak tests (Joyee Cheung) #496711586c11b3c
] - test: add checkIfCollectable to test/common/gc.js (Joyee Cheung) #49671902d8b3d4b
] - test: fix flaky http-chunk-extensions-limit test (Ethan Arrowood) #519431743d2bdc1
] - test: test surrogate pair filenames on windows (Mert Can Altın) #518001c1a7ec22d
] - test: increase platform timeout zlib-brotli-16gb (Rafael Gonzaga) #51792931d02fe3e
] - test, v8: fix wrong import attributes test (Nicolò Ribaudo) #52184d9ea6c1f8d
] - tls: fix order of setting cipher before setting cert and key (Kumar Rishav) #501863184befa2e
] - tools: fix update-icu.sh (Michaël Zasso) #5172306646e11be
] - (SEMVER-MINOR) vm: use import attributes instead of import assertions (Antoine du Hamel) #50141fe66e9d06e
] - vm: reject in importModuleDynamically without --experimental-vm-modules (Joyee Cheung) #50137052e095c6b
] - vm: use internal versions of compileFunction and Script (Joyee Cheung) #501379f7899ed0a
] - vm: unify host-defined option generation in vm.compileFunction (Joyee Cheung) #501376291c107d0
] - vm: use default HDO when importModuleDynamically is not set (Joyee Cheung) #49950Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.