chore(deps): update node.js to v20.12.2

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
node	final	minor	20.2.0-alpine -> 20.12.2-alpine
@types/node (source)	devDependencies	major	^18.15.11 -> ^20.0.0

---

Release Notes

nodejs/node (node)

v20.12.2: 2024-04-10, Version 20.12.2 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Commits

• [69ffc6d50d] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#563

v20.12.1: 2024-04-03, Version 20.12.1 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release

Notable Changes

• CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
• CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
• llhttp version 9.2.1
• undici version 5.28.4

Commits

• [bd8f10a257] - deps: update undici to v5.28.4 (Matteo Collina) nodejs-private/node-private#576
• [5e34540a96] - http: do not allow OBS fold in headers by default (Paolo Insogna) nodejs-private/node-private#557
• [ba1ae6d188] - src: ensure to close stream when destroying session (Anna Henningsen) nodejs-private/node-private#561

v20.12.0: 2024-03-26, Version 20.12.0 'Iron' (LTS), @​richardlau

Compare Source

Notable Changes

crypto: implement crypto.hash()

This patch introduces a helper crypto.hash() that computes
a digest from the input at one shot. This can be 1.2-2x faster
than the object-based createHash() for smaller inputs (<= 5MB)
that are readily available (not streamed) and incur less memory
overhead since no intermediate objects will be created.

const crypto = require('node:crypto');

// Hashing a string and return the result as a hex-encoded string.
const string = 'Node.js';
// 10b3493287f831e81a438811a1ffba01f8cec4b7
console.log(crypto.hash('sha1', string));

Contributed by Joyee Cheung in #​51044.

Loading and parsing environment variables

• process.loadEnvFile(path):

  • Use this function to load the .env file. If no path is specified, it automatically loads the .env file in the current directory. Example: process.loadEnvFile().
  • Load a specific .env file by specifying its path. Example: process.loadEnvFile('./development.env').

• util.parseEnv(content):

  • Use this function to parse an existing string containing environment variable assignments.
  • Example usage: require('node:util').parseEnv('HELLO=world').

Contributed by Yagiz Nizipli in #​51476.

New connection attempt events

Three new events were added in the net.createConnection flow:

• connectionAttempt: Emitted when a new connection attempt is established. In case of Happy Eyeballs, this might emitted multiple times.
• connectionAttemptFailed: Emitted when a connection attempt failed. In case of Happy Eyeballs, this might emitted multiple times.
• connectionAttemptTimeout: Emitted when a connection attempt timed out. In case of Happy Eyeballs, this will not be emitted for the last attempt. This is not emitted at all if Happy Eyeballs is not used.

Additionally, a previous bug has been fixed where a new connection attempt could have been started after a previous one failed and after the connection was destroyed by the user.
This led to a failed assertion.

Contributed by Paolo Insogna in #​51045.

Permission Model changes

Node.js 20.12.0 comes with several fixes for the experimental permission model and two new semver-minor commits.
We're adding a new flag --allow-addons to enable addon usage when using the Permission Model.

$ node --experimental-permission --allow-addons

Contributed by Rafael Gonzaga in #​51183

And relative paths are now supported through the --allow-fs-* flags.
Therefore, with this release one can use:

$ node --experimental-permission --allow-fs-read=./index.js

To give only read access to the entrypoint of the application.

Contributed by Rafael Gonzaga and Carlos Espa in #​50758.

sea: support embedding assets

Users can now include assets by adding a key-path dictionary
to the configuration as the assets field. At build time, Node.js
would read the assets from the specified paths and bundle them into
the preparation blob. In the generated executable, users can retrieve
the assets using the sea.getAsset() and sea.getAssetAsBlob() API.

{
  "main": "/path/to/bundled/script.js",
  "output": "/path/to/write/the/generated/blob.blob",
  "assets": {
    "a.jpg": "/path/to/a.jpg",
    "b.txt": "/path/to/b.txt"
  }
}

The single-executable application can access the assets as follows:

const { getAsset } = require('node:sea');
// Returns a copy of the data in an ArrayBuffer
const image = getAsset('a.jpg');
// Returns a string decoded from the asset as UTF8.
const text = getAsset('b.txt', 'utf8');
// Returns a Blob containing the asset without copying.
const blob = getAssetAsBlob('a.jpg');

Contributed by Joyee Cheung in #​50960.

Support configurable snapshot through --build-snapshot-config flag

We are adding a new flag --build-snapshot-config to configure snapshots through a custom JSON configuration file.

$ node --build-snapshot-config=/path/to/myconfig.json

When using this flag, additional script files provided on the command line will
not be executed and instead be interpreted as regular command line arguments.

These changes were contributed by Joyee Cheung and Anna Henningsen in #​50453

Text Styling

• util.styleText(format, text): This function returns a formatted text considering the format passed.

A new API has been created to format text based on util.inspect.colors, enabling you to style text in different colors (such as red, blue, ...) and emphasis (italic, bold, ...).

const { styleText } = require('node:util');
const errorMessage = styleText('red', 'Error! Error!');
console.log(errorMessage);

Contributed by Rafael Gonzaga in #​51850.

vm: support using the default loader to handle dynamic import()

This patch adds support for using vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER as the
importModuleDynamically option in all vm APIs that take this option except vm.SourceTextModule. This allows users to have a shortcut to support dynamic import() in the compiled code without missing the compilation cache if they don't need customization of the loading process. We emit an experimental warning when the import() is actually handled by the default loader through this option instead of requiring --experimental-vm-modules.

const { Script, constants } = require('node:vm');
const { resolve } = require('node:path');
const { writeFileSync } = require('node:fs');

// Write test.js and test.txt to the directory where the current script
// being run is located.
writeFileSync(resolve(__dirname, 'test.mjs'),
              'export const filename = "./test.json";');
writeFileSync(resolve(__dirname, 'test.json'),
              '{"hello": "world"}');

// Compile a script that loads test.mjs and then test.json
// as if the script is placed in the same directory.
const script = new Script(
  `(async function() {
    const { filename } = await import('./test.mjs');
    return import(filename, { with: { type: 'json' } })
  })();`,
  {
    filename: resolve(__dirname, 'test-with-default.js'),
    importModuleDynamically: constants.USE_MAIN_CONTEXT_DEFAULT_LOADER,
  });

// { default: { hello: 'world' } }
script.runInThisContext().then(console.log);

Contributed by Joyee Cheung in #​51244.

Root certificates updated to NSS 3.98

Certificates added:

• Telekom Security TLS ECC Root 2020
• Telekom Security TLS RSA Root 2023

Certificates removed:

• Security Communication Root CA

Updated dependencies

• acorn updated to 8.11.3.
• ada updated to 2.7.6.
• base64 updated to 0.5.2.
• brotli updated to 1.1.0.
• c-ares updated to 1.27.0.
• corepack updated to 0.25.2.
• ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
• nghttp2 updated to 1.60.0.
• npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
• simdutf8 updated to 4.0.8.
• Timezone updated to 2024a.
• zlib updated to 1.3.0.1-motley-40e35a7.

Other notable changes

• [4f49e9d000] - (SEMVER-MINOR) build: build opt to set local location of headers (Michael Dawson) #​51525
• [ccdb01187b] - doc: add zcbenz to collaborators (Cheng Zhao) #​51812
• [481af53aea] - doc: add lemire to collaborators (Daniel Lemire) #​51572
• [5ba4d96525] - (SEMVER-MINOR) http2: add h2 compat support for appendHeader (Tim Perry) #​51412
• [0861498e8b] - (SEMVER-MINOR) http2: add server handshake utility (snek) #​51172
• [6b08d006ee] - (SEMVER-MINOR) http2: receive customsettings (Marten Richter) #​51323
• [7894989bf0] - (SEMVER-MINOR) lib: move encodingsMap to internal/util (Joyee Cheung) #​51044
• [a58c98ea85] - (SEMVER-MINOR) src: print string content better in BlobDeserializer (Joyee Cheung) #​50960
• [c3c0a3ee5c] - (SEMVER-MINOR) src: support multi-line values for .env file (IlyasShabi) #​51289
• [2a921966c6] - (SEMVER-MINOR) src: do not coerce dotenv paths (Tobias Nießen) #​51425
• [0dee86f295] - (SEMVER-MINOR) src: support configurable snapshot (Joyee Cheung) #​50453
• [ade6614067] - (SEMVER-MINOR) stream: add support for deflate-raw format to webstreams compression (Damian Krzeminski) #​50097
• [fe922f05e4] - (SEMVER-MINOR) timers: export timers.promises (Marco Ippolito) #​51246

Commits

• [cbda4e9fc5] - assert,crypto: make KeyObject and CryptoKey testable for equality (Filip Skokan) #​50897
• [92fca59647] - async_hooks,inspector: implement inspector api without async_wrap (Gabriel Bota) #​51501
• [029ca982dc] - benchmark: update iterations of benchmark/async_hooks/async-local- (Lei Shi) #​51420
• [350e9fee8d] - benchmark: update iterations of benchmark/domain/domain-fn-args.js (Lei Shi) #​51408
• [40fda97deb] - benchmark: update iterations of assert/deepequal-typedarrays.js (Lei Shi) #​51419
• [1b2e3b7049] - benchmark: update iterations of benchmark/assert/deepequal-map.js (Lei Shi) #​51416
• [7639259203] - benchmark: rename startup.js to startup-core.js (Joyee Cheung) #​51669
• [4be33b5577] - benchmark: remove dependency on unshipped tools (Adam Majer) #​51146
• [bd03a154a9] - benchmark: update iterations in benchmark/perf_hooks (Lei Shi) #​50869
• [19b943b909] - benchmark: update iterations in benchmark/crypto/aes-gcm-throughput.js (Lei Shi) #​50929
• [278c990dea] - benchmark: update iteration and size in benchmark/crypto/randomBytes.js (Lei Shi) #​50868
• [443d4fcff3] - benchmark: add undici websocket benchmark (Chenyu Yang) #​50586
• [3ab6143380] - benchmark: add create-hash benchmark (Joyee Cheung) #​51026
• [6a8ff09332] - benchmark: update interations and len in benchmark/util/text-decoder.js (Lei Shi) #​50938
• [22b53bc1fa] - benchmark: update iterations of benchmark/util/type-check.js (Lei Shi) #​50937
• [f56bda5109] - benchmark: update iterations in benchmark/util/normalize-encoding.js (Lei Shi) #​50934
• [4fc83e1ce3] - benchmark: update iterations in benchmark/util/inspect-array.js (Lei Shi) #​50933
• [0edddcfc19] - benchmark: update iterations in benchmark/util/format.js (Lei Shi) #​50932
• [f109961fd1] - benchmark: update iterations in benchmark/crypto/hkdf.js (Lei Shi) #​50866
• [1e923f11f2] - benchmark: update iterations in benchmark/crypto/get-ciphers.js (Lei Shi) #​50863
• [f13643da06] - benchmark: update number of iterations for util.inspect (kylo5aby) #​50651
• [03b19cbd2a] - bootstrap: improve snapshot unsupported builtin warnings (Joyee Cheung) #​50944
• [51ea5b60a9] - build: fix arm64 host cross-compilation in GN (Cheng Zhao) #​51903
• [9f5547afa2] - Revert "build: workaround for node-core-utils" (Richard Lau) #​51975
• [58255e73ae] - build: respect the NODE env variable in Makefile (Antoine du Hamel) #​51743
• [0a7419bf0b] - Revert "build: fix warning in cares under GN build" (Luigi Pinca) #​51865
• [4118174b85] - build: remove librt libs link for Android compatibility (BuShe Pie) #​51632
• [012da16b85] - build: do not rely on gn_helpers in GN build (Cheng Zhao) #​51439
• [93fcf52990] - build: fix warning in cares under GN build (Cheng Zhao) #​51687
• [2176495455] - build: fix building js2c with GN (Cheng Zhao) #​51818
• [d6e702f885] - build: encode non-ASCII Latin1 characters as one byte in JS2C (Joyee Cheung) #​51605
• [4f49e9d000] - (SEMVER-MINOR) build: build opt to set local location of headers (Michael Dawson) #​51525
• [8e84aad0ef] - build: use macOS m1 machines for testing (Yagiz Nizipli) #​51620
• [5fce1a17e2] - build: check before removing %config% link (liudonghua) #​51437
• [46d6dce1a8] - build: increase parallel executions in github (Yagiz Nizipli) #​51554
• [8b3ead1f3e] - build: remove copyright header in node.gni (Cheng Zhao) #​51535
• [d8b86ad363] - build: update GN build files for ngtcp2 (Cheng Zhao) #​51313
• [ba0ffddd2d] - build: fix for VScode "Reopen in Container" (Serg Kryvonos) #​51271
• [8b97e2e0a7] - build: add -flax-vector-conversions to V8 build (Michaël Zasso) #​51257
• [bd528c7dc0] - build: fix warnings from uv for gn build (Cheng Zhao) #​51069
• [ffe467b062] - build,tools: make addons tests work with GN (Cheng Zhao) #​50737
• [448d67109a] - (SEMVER-MINOR) crypto: implement crypto.hash() (Joyee Cheung) #​51044
• [48959dd2b4] - crypto: update root certificates to NSS 3.98 (Node.js GitHub Bot) #​51794
• [68e8b2c492] - crypto: use EVP_MD_fetch and cache EVP_MD for hashes (Joyee Cheung) #​51034
• [adb5d69621] - crypto: update CryptoKey symbol properties (Filip Skokan) #​50897
• [df0213fd3d] - deps: update nghttp2 to 1.60.0 (Node.js GitHub Bot) #​51948
• [208dd887a5] - deps: upgrade npm to 10.5.0 (npm team) #​51913
• [587e70e1ee] - deps: update corepack to 0.25.2 (Node.js GitHub Bot) #​51810
• [38343c4857] - deps: update c-ares to 1.27.0 (Node.js GitHub Bot) #​51846
• [c9974f621c] - deps: update c-ares to 1.26.0 (Node.js GitHub Bot) #​51582
• [0aa18e1a1c] - deps: update googletest to 6a59382 (Node.js GitHub Bot) #​51580
• [f871bc6ddc] - deps: update nghttp2 to 1.59.0 (Node.js GitHub Bot) #​51581
• [94f8ee8717] - deps: update corepack to 0.24.1 (Node.js GitHub Bot) #​51459
• [c23ce06e6b] - deps: update ada to 2.7.6 (Node.js GitHub Bot) #​51542
• [372ce69de1] - deps: update ada to 2.7.5 (Node.js GitHub Bot) #​51542
• [133719b2c9] - deps: update googletest to 7c07a86 (Node.js GitHub Bot) #​51458
• [35675aa07f] - deps: update acorn-walk to 8.3.2 (Node.js GitHub Bot) #​51457
• [ca73f55a22] - deps: update base64 to 0.5.2 (Node.js GitHub Bot) #​51455
• [c9dad18191] - deps: compile c-ares with C11 support (Michaël Zasso) #​51410
• [a727fa73ee] - deps: upgrade npm to 10.3.0 (npm team) #​51431
• [834bbfd039] - deps: update c-ares to 1.25.0 (Node.js GitHub Bot) #​51385
• [4c8fa3e7c2] - deps: update uvwasi to 0.0.20 and fixup tests (Michael Dawson) #​51355
• [bd183ef2af] - deps: add nghttp3/**/.deps to .gitignore (Luigi Pinca) #​51400
• [1d8169995c] - deps: update corepack to 0.24.0 (Node.js GitHub Bot) #​51318
• [4dfbbb8789] - deps: update acorn to 8.11.3 (Node.js GitHub Bot) #​51317
• [7d60877fa3] - deps: update brotli to 1.1.0 (Node.js GitHub Bot) #​50804
• [1b99a3f0af] - deps: update zlib to 1.3.0.1-motley-40e35a7 (Node.js GitHub Bot) #​51274
• [2270285839] - deps: update simdutf to 4.0.8 (Node.js GitHub Bot) #​51000
• [61d1535d84] - deps: V8: cherry-pick de611e6 (Keyhan Vakil) #​51200
• [04323fd595] - deps: update googletest to 530d5c8 (Node.js GitHub Bot) #​51191
• [454b4f8d7e] - deps: update acorn-walk to 8.3.1 (Node.js GitHub Bot) #​50457
• [cc693eb908] - deps: update acorn-walk to 8.3.0 (Node.js GitHub Bot) #​50457
• [09519c6655] - deps: update zlib to 1.3.0.1-motley-dd5fc13 (Node.js GitHub Bot) #​51105
• [a2f39e9168] - deps: V8: cherry-pick 0fd478b (Joyee Cheung) #​50572
• [1aaf156ea7] - deps: update zlib to 1.3-22124f5 (Node.js GitHub Bot) #​50910
• [3f4e254047] - deps: update googletest to 76bb2af (Node.js GitHub Bot) #​50555
• [702684c008] - deps: update googletest to b10fad3 (Node.js GitHub Bot) #​50555
• [4ee7f29657] - deps: update timezone to 2024a (Michaël Zasso) #​51723
• [452d74c8b6] - deps: update icu to 74.2 (Michaël Zasso) #​51723
• [e6fc5a5ee1] - deps: update timezone to 2023d (Node.js GitHub Bot) #​51461
• [4ee0f8306b] - deps: update icu to 74.1 (Node.js GitHub Bot) #​50515
• [cb49f31480] - deps: cherry-pick libuv/libuv@d09441c (Richard Lau) #​51976
• [ea50540c5e] - Revert "deps: V8: cherry-pick 13192d6" (kxxt) #​51495
• [6fd1617ab4] - doc: add policy for distribution (Geoffrey Booth) #​51918
• [fc0b389006] - doc: fix actual result of example is different in events (Deokjin Kim) #​51925
• [93d6d66339] - doc: clarify Corepack threat model (Antoine du Hamel) #​51917
• [276d1d1d65] - doc: add stability index to crypto.hash() (Joyee Cheung) #​51978
• [473af948b5] - doc: remove redundant backquote which breaks sentence (JounQin) #​51904
• [b52b249b05] - doc: update node-api/node-addon-api team link to sharing project news (Ulises Gascón) #​51877
• [a74c373ea4] - doc: add website team to sharing project news (Ulises Gascón) #​49002
• [b7ce547d41] - doc: update guide link for Event Loop (Shrujal Shah) #​51874
• [3dfee7ee33] - doc: change ExperimentalWarnings to ExperimentalWarning (Ameet Kaustav) #​51741
• [740d0679e7] - doc: add Paolo to TSC members (Michael Dawson) #​51825
• [3240a2f349] - doc: reserve 123 for Electron 30 (Keeley Hammond) #​51803
• [597e3db0f9] - doc: add mention to GPG_TTY (Rafael Gonzaga) #​51806
• [ccdb01187b] - doc: add zcbenz to collaborators (Cheng Zhao) #​51812
• [3a3de00437] - doc: add entry to stewards (Rafael Gonzaga) #​51760
• [06b882d2fa] - doc: update technical priorities for 2023 (Jean Burellier) #​47523
• [9a68b47fe1] - doc: mark isWebAssemblyCompiledModule eol (Marco Ippolito) #​51442
• [8016628710] - doc: fix globals.md introduction (Antoine du Hamel) #​51742
• [9ddbe4523f] - doc: updates for better json generating (Dmitry Semigradsky) #​51592
• [140cf26d47] - doc: document the GN build (Cheng Zhao) #​51676
• [ecfb3f18b3] - doc: fix uncaught exception example (Gabriel Schulhof) #​51638
• [b3157a08bf] - doc: clarify execution of after hook on test suite completion (Ognjen Jevremović) #​51523
• [1dae1873d9] - doc: fix dns.lookup and dnsPromises.lookup description (Duncan Chiu) #​51517
• [50df052087] - doc: note that path.normalize deviates from POSIX (Tobias Nießen) #​51513
• [481af53aea] - doc: add lemire to collaborators (Daniel Lemire) #​51572
• [dec0d5d19a] - doc: fix historical experimental fetch flag (Kenrick) #​51506
• [96c480b1a1] - doc: fix type of connectionAttempt parameter (Rafael Gonzaga) #​51490
• [76968ab112] - doc: remove reference to resolved child_process v8 issue (Ian Kerins) #​51467
• [bdd3a2a9fd] - doc: update typos (Aranđel Šarenac) #​51475
• [3532f5587c] - doc: add notes on inspector breakpoints (Chengzhong Wu) #​51417
• [0dffb9f049] - doc: add links in offboarding.md (Antoine du Hamel) #​51440
• [58d2442f0f] - doc: fix spelling mistake (u9g) #​51454
• [a09f440dbd] - doc: add check for security reverts (Michael Dawson) #​51376
• [401837bfc4] - doc: fix some policy scope typos (Tim Kuijsten) #​51234
• [f301f829ba] - doc: improve subtests documentation (Marco Ippolito) #​51379
• [1e40f552fd] - doc: add missing word in child_process.md (Joseph Joy) #​50370
• [42b4f0f5ab] - doc: fixup alignment of warning subsection (James M Snell) #​51374
• [b5bc597871] - doc: the GN files should use Node's license (Cheng Zhao) #​50694
• [01a41041d6] - doc: improve localWindowSize event descriptions (Davy Landman) #​51071
• [63aa27df10] - doc: mark --jitless as experimental (Antoine du Hamel) #​51247
• [c8233912e9] - doc: run license-builder (github-actions[bot]) #​51199
• [9e360df521] - doc: fix limitations and known issues in pm (Rafael Gonzaga) #​51184
• [52d8222d32] - doc: mention node:wasi in the Threat Model (Rafael Gonzaga) #​51211
• [cb3270e4c8] - doc: remove ambiguous 'considered' (Rich Trott) #​51207
• [979e183e0c] - doc: set exit code in custom test runner example (Matteo Collina) #​51056
• [eaadebb1f4] - doc: remove version from maintaining-dependencies.md (Antoine du Hamel) #​51195
• [256db6e056] - doc: mention native addons are restricted in pm (Rafael Gonzaga) #​51185
• [2a61602ab2] - doc: correct note on behavior of stats.isDirectory (Nick Reilingh) #​50946
• [184b8bea5b] - doc: fix TestsStream parent class (Jungku Lee) #​51181
• [c61597ffe4] - (SEMVER-MINOR) doc: add documentation for --build-snapshot-config (Anna Henningsen) #​50453
• [b88170d602] - doc: run license-builder (github-actions[bot]) #​51111
• [f2b4626ab8] - doc: deprecate hash constructor (Marco Ippolito) #​51077
• [6c241550cd] - doc: add note regarding --experimental-detect-module (Shubherthi Mitra) #​51089
• [8ee30ea900] - doc: correct tracingChannel.traceCallback() (Gerhard Stöbich) #​51068
• [1cd27b6eff] - doc: use length argument in pbkdf2Key (Tobias Nießen) #​51066
• [09ad974537] - doc: add deprecation notice to dirent.path (Antoine du Hamel) #​51059
• [1113e58f87] - doc: deprecate dirent.path (Antoine du Hamel) #​51020
• [37979d750e] - doc: add additional details about --input-type (Shubham Pandey) #​50796
• [3ff00e1e79] - doc: add procedure when CVEs don't get published (Rafael Gonzaga) #​50945
• [0930be6bd5] - doc: fix some errors in esm resolution algorithms (Christopher Jeffrey (JJ)) #​50898
• [ddc7964b03] - doc: reserve 121 for Electron 29 (Shelley Vohr) #​50957
• [625fd69b76] - doc: run license-builder (github-actions[bot]) #​50926
• [f18269607a] - doc: document non-node_modules-only runtime deprecation (Joyee Cheung) #​50748
• [5f8e7a0fdb] - doc: add doc for Unix abstract socket (theanarkh) #​50904
• [e0598787e0] - doc: remove flicker on page load on dark theme (Dima Demakov) #​50942
• [2a7047d933] - doc,crypto: further clarify RSA_PKCS1_PADDING support (Tobias Nießen) #​51799
• [31c4ba4dfd] - doc,crypto: add changelog and note about disabled RSA_PKCS1_PADDING (Filip Skokan) #​51782
• [90da41548f] - doc,module: clarify hook chain execution sequence (Jacob Smith) #​51884
• [bb7d7f3d1c] - errors: fix stacktrace of SystemError (uzlopak) #​49956
• [db7459b57b] - errors: improve hideStackFrames (Aras Abbasi) #​49990
• [a6b3569121] - esm: improve error when calling import.meta.resolve from data: URL (Antoine du Hamel) #​49516
• [38f4000905] - esm: fix hint on invalid module specifier (Antoine du Hamel) #​51223
• [e39e37bbd5] - esm: fix hook name in error message (Bruce MacNaughton) #​50466
• [d9b5cd533c] - events: no stopPropagation call in cancelBubble (mert.altin) #​50405
• [287a02c4b2] - fs: load rimraf lazily in fs/promises (Joyee Cheung) #​51617
• [bbd1351ef0] - fs: remove race condition for recursive watch on Linux (Matteo Collina) #​51406
• [1b7ccec5a7] - fs: update jsdoc for filehandle.createWriteStream and appendFile (Jungku Lee) #​51494
• [25056f5024] - fs: fix fs.promises.realpath for long paths on Windows (翠 / green) #​51032
• [a8fd01a5a2] - fs: make offset, position & length args in fh.read() optional (Pulkit Gupta) #​51087
• [721557c6d8] - fs: add missing jsdoc parameters to readSync (Yagiz Nizipli) #​51225
• [3ce9aacfcd] - fs: remove internalModuleReadJSON binding (Yagiz Nizipli) #​51224
• [65df2c6787] - fs: improve mkdtemp performance for buffer prefix (Yagiz Nizipli) #​51078
• [6705b48012] - fs: validate fd synchronously on c++ (Yagiz Nizipli) #​51027
• [afd5d67f89] - fs: throw fchownSync error from c++ (Yagiz Nizipli) #​51075
• [bac982bce5] - fs: update params in jsdoc for createReadStream and createWriteStream (Jungku Lee) #​51063
• [6764f0c9a8] - fs: improve error performance of readvSync (IlyasShabi) #​50100
• [0225fce776] - (SEMVER-MINOR) fs: introduce dirent.parentPath (Antoine du Hamel) #​50976
• [4adea6c405] - fs,test: add URL to string to fs.watch (Rafael Gonzaga) #​51346
• [6bf148e12b] - http: fix close return value mismatch between doc and implementation (kylo5aby) #​51797
• [66318602d0] - http: split set-cookie when using setHeaders (Marco Ippolito) #​51649
• [f7b53d05bd] - http: remove misleading warning (Luigi Pinca) #​51204
• [9062d30600] - http: do not override user-provided options object (KuthorX) #​33633
• [4e38dee4ee] - http: handle multi-value content-disposition header (Arsalan Ahmad) #​50977
• [b560bfbb84] - http2: close idle connections when allowHTTP1 is true (xsbchen) #​51569
• [5ba4d96525] - (SEMVER-MINOR) http2: add h2 compat support for appendHeader (Tim Perry) #​51412
• [0861498e8b] - (SEMVER-MINOR) http2: add server handshake utility (snek) #​51172
• [6b08d006ee] - (SEMVER-MINOR) http2: receive customsettings (Marten Richter) #​51323
• [23414a6120] - http2: addtl http/2 settings (Marten Richter) #​49025
• [3fe59ba224] - inspector: add NodeRuntime.waitingForDebugger event (mary marchini) #​51560
• [44f05e0d30] - lib: make sure close net server (theanarkh) #​51929
• [3be5ff9c45] - lib: return directly if udp socket close before lookup (theanarkh) #​51914
• [dcbf88f4c7] - lib: account for cwd access from snapshot serialization cb (Anna Henningsen) #​51901
• [da8fa484f8] - lib: fix http client socket path (theanarkh) #​51900
• [55011d2c71] - lib: only build the ESM facade for builtins when they are needed (Joyee Cheung) #​51669
• [7894989bf0] - (SEMVER-MINOR) lib: move encodingsMap to internal/util (Joyee Cheung) #​51044
• [9082cc557d] - lib: do not access process.noDeprecation at build time (Joyee Cheung) #​51447
• [6679e6b616] - lib: add assertion for user ESM execution (Joyee Cheung) #​51748
• [d6e8d03afc] - lib: create global console properties at snapshot build time (Joyee Cheung) #​51700
• [bd2a3c10ae] - lib: define FormData and fetch etc. in the built-in snapshot (Joyee Cheung) #​51598
• [da79876ef0] - lib: allow checking the test result from afterEach (Tim Stableford) #​51485
• [bff7e3cf7a] - lib: remove unnecessary refreshHrtimeBuffer() (Joyee Cheung) #​51446
• [562947e012] - lib: fix use of --frozen-intrinsics with --jitless (Antoine du Hamel) #​51248
• [7b83ef749e] - lib: move function declaration outside of loop (Sanjaiyan Parthipan) #​51242
• [0a85b0fd9d] - lib: reduce overhead of SafePromiseAllSettledReturnVoid calls (Antoine du Hamel) #​51243
• [f4d7f0498e] - lib: expose default prepareStackTrace (Chengzhong Wu) #​50827
• [5c7a9c8d4a] - lib: don't parse windows drive letters as schemes (华) #​50580
• [9da6384f5a] - lib: refactor to use validateFunction in diagnostics_channel (Deokjin Kim) #​50955
• [be3205ae24] - lib: streamline process.binding() handling (Joyee Cheung) #​50773
• [f4987eb91e] - lib,permission: handle buffer on fs.symlink (Rafael Gonzaga) #​51212
• [861e040b40] - lib,src: extract sourceMappingURL from module (unbyte) #​51690
• [8a082754e0] - lib,src: replace toUSVString with toWellFormed() (Yagiz Nizipli) #​47342
• [3badc1139c] - (SEMVER-MINOR) lib,src,permission: port path.resolve to C++ (Rafael Gonzaga) #​50758
• [4b3cc3ce18] - loader: speed up line length calc used by moduleProvider (Mudit) #​50969
• [960d67c51f] - meta: bump github/codeql-action from 3.23.2 to 3.24.6 (dependabot[bot]) #​51942
• [1783b93af2] - meta: bump actions/upload-artifact from 4.3.0 to 4.3.1 (dependabot[bot]) #​51941
• [1db603db2f] - meta: bump codecov/codecov-action from 4.0.1 to 4.1.0 (dependabot[bot]) #​51940
• [2ddec64d5a] - meta: bump actions/cache from 4.0.0 to 4.0.1 (dependabot[bot]) #​51939
• [92490421be] - meta: bump actions/download-artifact from 4.1.1 to 4.1.3 (dependabot[bot]) #​51938
• [f3fa2b72b8] - meta: bump actions/setup-node from 4.0.1 to 4.0.2 (dependabot[bot]) #​51937
• [a62b042e83] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​51726
• [491f9f9902] - meta: bump codecov/codecov-action from 3.1.4 to 4.0.1 (dependabot[bot]) #​51648
• [2765077a47] - meta: bump actions/download-artifact from 4.1.0 to 4.1.1 (dependabot[bot]) #​51644
• [152a07b854] - meta: bump actions/upload-artifact from 4.0.0 to 4.3.0 (dependabot[bot]) #​51643
• [53826920fb] - meta: bump step-security/harden-runner from 2.6.1 to 2.7.0 (dependabot[bot]) #​51641
• [3d1dc9b030] - meta: bump actions/cache from 3.3.2 to 4.0.0 (dependabot[bot]) #​51640
• [287bdf6bda] - meta: bump github/codeql-action from 3.22.12 to 3.23.2 (dependabot[bot]) #​51639
• [90068fb0f1] - meta: add .mailmap entry for le

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

Coverage Summary

Status	Category	Percentage	Covered / Total
🟢	Lines	76.77% / 60%	281 / 366
🟢	Statements	76.77% / 60%	281 / 366
🟢	Functions	100% / 75%	5 / 5
🟢	Branches	83.87% / 75%	52 / 62

File Coverage

File	Stmts	% Branch	% Funcs	% Lines	Uncovered Lines
index.ts	100%	100%	100%	100%
db/controller/controller.ts	72.96%	84.74%	100%	72.96%	164-230, 240-254, 259
db/route/route.ts	100%	100%	100%	100%
db/services/database.service.ts	91.66%	50%	100%	91.66%	22-23

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🟢	Lines	76.77% / 60%	281 / 366
🟢	Statements	76.77% / 60%	281 / 366
🟢	Functions	100% / 75%	5 / 5
🟢	Branches	83.87% / 75%	52 / 62

File Coverage

No changed files found.

Generated in workflow #230

[sonarcloud]

SonarCloud Quality Gate failed.   

0 Bugs
0 Vulnerabilities
3 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

[sonarcloud]

Quality Gate failed

Failed conditions

3 Security Hotspots

See analysis details on SonarCloud

[sonarcloud]

Quality Gate failed

Failed conditions
3 Security Hotspots

See analysis details on SonarCloud

[sonarcloud]

Quality Gate failed

Failed conditions
3 Security Hotspots

See analysis details on SonarCloud