Update Node.js to v20.19.6 #88
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
8016005 to
2646f48
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
2646f48 to
b98120b
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
4 times, most recently
from
f2db88b to
c473ffd
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
c473ffd to
d4a705e
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
2 times, most recently
from
cbec3bc to
50718dc
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
2 times, most recently
from
bcc18b6 to
7b9d90e
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
2 times, most recently
from
7ad8257 to
109c8c0
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
109c8c0 to
839ba3b
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
2 times, most recently
from
69a63a1 to
a835c65
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
a835c65 to
26bc4af
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
20.19.4->20.19.620.19.10->20.19.25Release Notes
nodejs/node (node)
v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @marco-ippolitoCompare Source
Notable Changes
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313Commits
0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547fba0025b9c] - build: usewindows-2025runner (Michaël Zasso) #596733456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #599566277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #595711788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #601125d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #597919f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689d0edb01d25] - deps: update googletest toeb2d85e(Node.js GitHub Bot) #59335576242ff39] - deps: V8: cherry-picka0d0d4f(Ho Cheung) #60716a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #59134556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #59134cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #59133acec79989e] - deps: V8: cherry-pick6b1b9bc(zhoumingtao) #59283e65b930aa7] - deps: V8: backport2e4c5cf(Michaël Zasso) #606541b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #60114a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #599322426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #59806e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #59562e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #595798a504d900a] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #590808c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #59591109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #594704f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #59445caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #58876082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #5911319a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #58504db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #583133b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291960d05ad7d] - doc: add history entries to--input-typesection (Antoine du Hamel) #5817520616f1750] - http2: do not crash on mismatched ping buffer length (René) #601359eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #59261dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #60070d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #60093de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #60094b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #60096e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #600907cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #54347bb108191aa] - meta: callcreate-release-post.ymlpost release (Aviv Keller) #603662a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #58646144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #60103409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #59857d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #59607b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #594872c8a73f95f] - src: remove duplicate assignment ofO_EXCLin node_constants.cc (Daniel Osvaldo R) #59049b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #599934b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #60068cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #597559543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #596404f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #596373ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #59563a7a109f926] - test: fix typos (Lee Jiho) #59330fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #60419bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #594140cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #5884076001f9480] - tools: remove unused actions frombuild-tarball.yml(Antoine du Hamel) #5978769904844bb] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #59785a6e7adb173] - tools: fix return value of try_check_compiler (theanarkh) #594346443ad2da5] - tools: drop deprecatedmacos-13runner (Richard Lau) #6067945ec702ef7] - tools: fixtools/make-v8.shfor clang (Richard Lau) #59893393ff7226e] - util: fix numericSeparator with negative fractional numbers (sangwook) #593799e8beff0f4] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #59446v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @marco-ippolitoCompare Source
Notable Changes
f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #583554e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #584993c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241Commits
ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #58270c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #58171d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #5886784d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #58213068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #58942edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #574980473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #586281218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #577680e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #56655a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #57335cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #5733582c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #5718043e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #5685591282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #58566b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #58711ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #57382142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #58712fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #58144c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #57386cded8e7e77] - dns: fix parse memory leaky (theanarkh) #58973182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #58404621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #57449b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #57426f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #583554e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #5891138e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #57318d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #57309d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #584998c3bc156ed] - doc: clarifypath.isAbsoluteis not path traversal mitigation (Eric Fortis) #57073e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #56835e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #57219026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #571833c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #570761db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #52607b73a1356ce] - doc: addmodule namespace objectlinks (Dario Piotrowicz) #5709309368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #570922c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #57090cd8259cb4e] - doc:modules.md: fixdistancedefinition (Alexander “weej” Jones) #570467b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #5709114fcfc242b] - doc: add a note aboutrequire('../common')in testing documentation (Aditi) #56953bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #57028acd4d7f269] - doc: improve documentation on argument validation (Aditi) #569544cd6b3ca73] - doc: buffer: fix typo onBuffer.copyBytesFrom(offsetoption (tpoisseau) #5701501220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #5700477a0505a32] - doc: update post sec release process (Rafael Gonzaga) #5690777dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #5653973e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #559479a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #5579104d9c5baeb] - doc: add scroll margin to links (Roman Reiss) #58982959a67f6ff] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #582918757a5532f] - doc: update release key for aduh95 (Antoine du Hamel) #588776fa0626327] - doc,src,test: fix typos (Noritaka Kobayashi) #584779991788e4a] - http: coerce content-length to number (Marco Ippolito) #57458ff5cf8a428] - http2: fix check forframe->hd.type(hanguanqiang) #576442f333b6c51] - lib: optimizeprepareStackTraceon builtin frames (Chengzhong Wu) #56299cdf985071f] - lib: suppress source map lookup exceptions (Chengzhong Wu) #56299faa08b14ed] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #57177a683cd1232] - meta: add IlyasShabi to collaborators (Ilyas Shabi) #58916b145bb28aa] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #585512c59789001] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #585504095337e96] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #58108631fed8e39] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #584567d2f7180b6] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #581101558551ea5] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #58106e1f12fe737] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #583561b78eb1313] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #581112b8449c39a] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #58107833b70bbc5] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #57966c6a88561f5] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #577189046ef4fb3] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #5771746388a4e2a] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #57715d3970685bd] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #5771447004ef37f] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #577134abe83ec03] - meta: add some clarification to the nomination process (James M Snell) #5750345e9b88363] - meta: remove collaborator self-nomination (Rich Trott) #57537d10949b7d8] - meta: edit collaborator nomination process (Antoine du Hamel) #57483704562fb7a] - meta: move ovflowd to emeritus (Claudio W.) #574433f981b8537] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #572577e1ff7b332] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #572538d4ec412b9] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) #57292cc2abb5d17] - meta: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (dependabot[bot]) #572594fad2b8758] - meta: bump actions/cache from 4.2.0 to 4.2.2 (dependabot[bot]) #572565f5bb8b986] - meta: bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot]) #57255e949359a56] - meta: bumpactions/setup-pythonfrom 5.3.0 to 5.4.0 (dependabot[bot]) #56867d3c5ad7510] - meta: bumppeter-evans/create-pull-requestfrom 7.0.5 to 7.0.6 (dependabot[bot]) #5686656decfe2d1] - meta: bumpcodecov/codecov-actionfrom 5.0.7 to 5.3.1 (dependabot[bot]) #5686452e518444d] - meta: bumpactions/cachefrom 4.1.2 to 4.2.0 (dependabot[bot]) #568629cac93d9c3] - meta: bumpactions/stalefrom 9.0.0 to 9.1.0 (dependabot[bot]) #56860ecf4252f7c] - meta: update last name for jkrems (Jan Martin) #57006e8beaaaedf] - meta: bumpactions/upload-artifactfrom 4.4.3 to 4.6.0 (dependabot[bot]) #568615462c257f8] - meta: bumpactions/setup-nodefrom 4.1.0 to 4.2.0 (dependabot[bot]) #5686889c37891a0] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #568892a0175c291] - meta: add @nodejs/url as codeowner (Chengzhong Wu) #56783c12aae1e78] - meta: bump github/codeql-action from 3.28.18 to 3.29.2 (dependabot[bot]) #589224ef09990f1] - meta: bump github/codeql-action from 3.28.16 to 3.28.18 (dependabot[bot]) #58552889654eb2c] - meta: bump github/codeql-action from 3.28.11 to 3.28.16 (dependabot[bot]) #58112091e5c1bb9] - meta: bump github/codeql-action from 3.28.10 to 3.28.13 (dependabot[bot]) #5771601415153de] - meta: bump github/codeql-action from 3.28.8 to 3.28.10 (dependabot[bot]) #5725472ea8aac34] - meta: bumpgithub/codeql-actionfrom 3.27.5 to 3.28.8 (dependabot[bot]) #5685999a271e588] - meta: bump step-security/harden-runner from 2.12.0 to 2.12.2 (dependabot[bot]) #58923b4c4c02490] - meta: bump step-security/harden-runner from 2.11.0 to 2.12.0 (dependabot[bot]) #581095361bb9157] - meta: bump step-security/harden-runner from 2.10.4 to 2.11.0 (dependabot[bot]) #5725828e33acf30] - meta: bumpstep-security/harden-runnerfrom 2.10.2 to 2.10.4 (dependabot[bot]) #56863fad773cede] - module: throw error when re-runing errored module jobs (Joyee Cheung) #589572531185423] - module: allow cycles in require() in the CJS handling in ESM loader (Joyee Cheung) #58598ed43b69689] - module: clarify cjs global-like error on ModuleJobSync (Carlos Espa) #564916e02db1b12] - module: handle instantiated async module jobs in require(esm) (Joyee Cheung) #58067badba50d30] - module: fix incorrect formatting in require(esm) cycle error message (haykam821) #57453939ecf8906] - module: handle cached linked async jobs in require(esm) (Joyee Cheung) #57187ba7f8a0353] - module: improve error message from asynchronicity in require(esm) (Joyee Cheung) #57126c1e7fa2586] - module: handle .mjs in .js handler in CommonJS (Joyee Cheung) #5559041f3dfd21b] - module: fix require.resolve() crash on non-string paths (Aditi) #56942043dcdd628] - os: fix GetInterfaceAddresses memory lieaky (theanarkh) #589409b74e9bfd9] - permission: ignore internalModuleStat on module loading (Rafael Gonzaga) #55797611a147b45] - readline: fix unresolved promise on abortion (Daniel Venable) #54030f891ae3421] - repl: avoid deprecatedrequire.extensionsin tab completion (baki gul) #586537ba44290bf] - repl: fix tab completion not working with computer string properties (Dario Piotrowicz) #58709eb842048b2] - src: do not format single string argument for THROW_ERR_* (Joyee Cheung) #571264f004937ec] - src: fixup errorhandling more in various places (James M Snell) #578525daa7fe2e2] - src: fix module buffer allocation (X-BW) #57738586b1be11b] - src: fix build when using shared simdutf (Antoine du Hamel) #58407563e61f012] - src: fix possible dereference of null pointer (Eusgor) #58459cbec07ea0b] - src: fix FIPS init error handling (Tobias Nießen) #5837980fb80e71b] - src: fix -Wunreachable-code in src/node_api.cc (Shelley Vohr) #589015e97719860] - test: skip test-http-imports on macos (Marco Ippolito) #5974569c43bdfcc] - test: fix internet/test-dns (Michaël Zasso) #596606fd58e0338] - tools: update coverage GitHub Actions to fixed version (Rich Trott) #59512eb7bbce73e] - tools: disable failing coverage jobs (Antoine du Hamel) #5877065b1669936] - util: fix formatting of objects with built-in Symbol.toPrimitive (Shima Ryuhei) #578328a29f13bec] - util: fix parseEnv incorrectly splitting multiple ‘=‘ in value (HEESEUNG) #57421077d5020c4] - v8: fix missing callback in heap utils destroy (Ruben Bridgewater) #5884634ae9f8b18] - vm: import call should return a promise in the current context (Chengzhong Wu) #583090dd3a8d6d1] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #589021b83a2bd2d] - zlib: remove mentions of unexposed Z_TREES constant (Jimmy Leung) #583719dc9604502] - zlib: fix pointer alignment (jhofstee) #57727Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.