algoliasearch-crawler-github-actions
algoliasearch-crawler-github-actions copied to clipboard
algolia
chore(deps): update node.js to v20
Note: This PR body was truncated due to platform limits.
This PR contains the following updates:
| Package | Type | Update | Change | Age | Confidence |
|---|---|---|---|---|---|
| node (source) | major | 16.19.1 → 20.20.0 |
|||
| node (source) | engines | major | ^16.14.2 → ^20.0.0 |
||
| @types/node (source) | devDependencies | major | 16.18.16 → 20.19.30 |
Release Notes
nodejs/node (node)
v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @marco-ippolito
This is a security release.
Notable Changes
lib:
- (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
- (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797 lib,permission:
- (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760 src:
- (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773 src,lib:
- (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759 tls:
- (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
Commits
- [
8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997 - [
97fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#792 - [
14fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802 - [
1febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797 - [
494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760 - [
d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773 - [
51f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759 - [
85f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @marco-ippolito
Notable Changes
- [
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [
082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113 - [
db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313
Commits
- [
0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547 - [
fba0025b9c] - build: usewindows-2025runner (Michaël Zasso) #59673 - [
3456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #59956 - [
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [
1788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #60112 - [
5d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #59791 - [
9f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689 - [
d0edb01d25] - deps: update googletest toeb2d85e(Node.js GitHub Bot) #59335 - [
576242ff39] - deps: V8: cherry-picka0d0d4f(Ho Cheung) #60716 - [
a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314 - [
fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #59134 - [
556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #59134 - [
cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #59133 - [
acec79989e] - deps: V8: cherry-pick6b1b9bc(zhoumingtao) #59283 - [
e65b930aa7] - deps: V8: backport2e4c5cf(Michaël Zasso) #60654 - [
1b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #60114 - [
a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #59932 - [
2426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #59806 - [
e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #59562 - [
e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #59579 - [
8a504d900a] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #59080 - [
8c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #59591 - [
109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #59470 - [
4f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #59445 - [
caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #58876 - [
082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113 - [
19a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #58504 - [
db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313 - [
3b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291 - [
960d05ad7d] - doc: add history entries to--input-typesection (Antoine du Hamel) #58175 - [
20616f1750] - http2: do not crash on mismatched ping buffer length (René) #60135 - [
9eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #59261 - [
dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #60070 - [
d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #60093 - [
de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #60094 - [
b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #60096 - [
e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #60090 - [
7cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #54347 - [
bb108191aa] - meta: callcreate-release-post.ymlpost release (Aviv Keller) #60366 - [
2a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #58646 - [
144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #60103 - [
409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #59857 - [
d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #59607 - [
b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #59487 - [
2c8a73f95f] - src: remove duplicate assignment ofO_EXCLin node_constants.cc (Daniel Osvaldo R) #59049 - [
b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #59993 - [
4b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #60068 - [
cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #59755 - [
9543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #59640 - [
4f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #59637 - [
3ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #59563 - [
a7a109f926] - test: fix typos (Lee Jiho) #59330 - [
fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #60419 - [
bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #59414 - [
0cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #58840 - [
76001f9480] - tools: remove unused actions frombuild-tarball.yml(Antoine du Hamel) #59787 - [
69904844bb] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #59785 - [
a6e7adb173] - tools: fix return value of try_check_compiler (theanarkh) #59434 - [
6443ad2da5] - tools: drop deprecatedmacos-13runner (Richard Lau) #60679 - [
45ec702ef7] - tools: fixtools/make-v8.shfor clang (Richard Lau) #59893 - [
393ff7226e] - util: fix numericSeparator with negative fractional numbers (sangwook) #59379 - [
9e8beff0f4] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #59446
v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @marco-ippolito
Notable Changes
- [
f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #58355 - [
4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308 - [
d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #58499 - [
3c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241
Commits
- [
ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #58270 - [
c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #58171 - [
d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #58867 - [
84d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #58213 - [
068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #58942 - [
edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #57498 - [
0473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #58628 - [
1218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #57768 - [
0e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #56655 - [
a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #57335 - [
cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #57335 - [
82c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #57180 - [
43e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #56855 - [
91282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #58566 - [
b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #58711 - [
ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #57382 - [
142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #58712 - [
fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #58144 - [
c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #57386 - [
cded8e7e77] - dns: fix parse memory leaky (theanarkh) #58973 - [
182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #58404 - [
621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #57449 - [
b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #57426 - [
f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #58355 - [
4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308 - [
530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #58911 - [
38e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #57318 - [
d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #57309 - [
d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #58499 - [
8c3bc156ed] - doc: clarifypath.isAbsoluteis not path traversal mitigation (Eric Fortis) #57073 - [
e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #56835 - [
e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #57219 - [
026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #57183 - [
3c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241 - [
ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #57076 - [
1db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #52607 - [
b73a1356ce] - doc: addmodule namespace objectlinks (Dario Piotrowicz) #57093 - [
09368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #57092 - [
2c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #57090 - [
cd8259cb4e] - doc:modules.md: fixdistancedefinition (Alexander “weej” Jones) #57046 - [
7b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #57091 - [
14fcfc242b] - doc: add a note aboutrequire('../common')in testing documentation (Aditi) #56953 - [
bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #57028 - [
acd4d7f269] - doc: improve documentation on argument validation (Aditi) #56954 - [
4cd6b3ca73] - doc: buffer: fix typo onBuffer.copyBytesFrom(offsetoption (tpoisseau) #57015 - [
01220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #57004 - [
77a0505a32] - doc: update post sec release process (Rafael Gonzaga) #56907 - [
77dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #56539 - [
73e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #55947 - [
9a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #55791 - [
04d9c5baeb] - doc: add scroll margin to links (Roman Reiss) #58982 - [
959a67f6ff] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291 - [
8757a5532f] - doc: update release key for aduh95 (Antoine du Hamel) #58877 - [
6fa0626327] - doc,src,test: fix typos (Noritaka Kobayashi) #58477 - [
9991788e4a] - http: coerce content-length to number (Marco Ippolito) #57458 - [
ff5cf8a428] - http2: fix check forframe->hd.type(hanguanqiang) #57644 - [
2f333b6c51] - lib: optimizeprepareStackTraceon builtin frames (Chengzhong Wu) #56299 - [
cdf985071f] - lib: suppress source map lookup exceptions (Chengzhong Wu) #56299 - [
faa08b14ed] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #57177 - [
a683cd1232] - meta: add IlyasShabi to collaborators (Ilyas Shabi) #58916 - [
b145bb28aa] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #58551 - [
2c59789001] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #58550 - [
4095337e96] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #58108 - [
631fed8e39] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #58456 - [
7d2f7180b6] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #58110 - [
1558551ea5] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #58106 - [
e1f12fe737] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #58356 - [
1b78eb1313] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #58111 - [
2b8449c39a] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #58107 - [
833b70bbc5] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #57966 - [
c6a88561f5] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #57718 - [
9046ef4fb3] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #57717 - [
46388a4e2a] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #57715 - [
d3970685bd] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #57714 - [
47004ef37f] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #57713 - [
4abe83ec03] - meta: add some clarification to the nomination process (James M Snell) #57503 - [
45e9b88363] - meta: remove collaborator self-nomination (Rich Trott) #57537 - [
d10949b7d8] - meta: edit collaborator nomination process (Antoine du Hamel) #57483 - [
704562fb7a] - meta: move ovflowd to emeritus (Claudio W.) #57443 - [
3f981b8537] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #57257 - [
7e1ff7b332] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #57253 - [
8d4ec412b9] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) #57292 - [
cc2abb5d17] - meta: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (dependabot[bot]) #57259 - [
4fad2b8758] - meta: bump actions/cache from 4.2.0 to 4.2.2 (dependabot[bot]) #57256 - [
5f5bb8b986] - meta: bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot]) #57255 - [
e949359a56] - meta: bumpactions/setup-pythonfrom 5.3.0 to 5.4.0 (dependabot[bot]) #56867 - [
d3c5ad7510] - meta: bumppeter-evans/create-pull-requestfrom 7.0.5 to 7.0.6 (dependabot[bot]) #56866 - [
56decfe2d1] - meta: bumpcodecov/codecov-actionfrom 5.0.7 to 5.3.1 (dependabot[bot]) #56864 - [
52e518444d] - meta: bumpactions/cachefrom 4.1.2 to 4.2.0 (dependabot[bot]) #56862 - [
9cac93d9c3] - meta: bumpactions/stalefrom 9.0.0 to 9.1.0 (dependabot[bot]) #56860 - [
ecf4252f7c] - meta: update last name for jkrems (Jan Martin) #57006 - [
e8beaaaedf] - meta: bumpactions/upload-artifactfrom 4.4.3 to 4.6.0 (dependabot[bot]) #56861 - [
5462c257f8] - meta: bumpactions/setup-nodefrom 4.1.0 to 4.2.0 (dependabot[bot]) #56868 - [
89c37891a0] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #56889 - [
2a0175c291] - meta: add @nodejs/url as codeowner (Chengzhong Wu) #56783 - [
c12aae1e78] - meta: bump github/codeql-action from 3.28.18 to 3.29.2 (dependabot[bot]) #58922 - [
4ef09990f1] - meta: bump github/codeql-action from 3.28.16 to 3.28.18 (dependabot[bot]) #58552 - [
889654eb2c] - meta: bump github/codeql-action from 3.28.11 to 3.28.16 (dependabot[bot]) #58112 - [
091e5c1bb9] - meta: bump github/codeql-action from 3.28.10 to 3.28.13 (dependabot[bot]) #57716 - [
01415153de] - meta: bump github/codeql-action from 3.28.8 to 3.28.10 (dependabot[bot]) #57254 - [
72ea8aac34] - meta: bumpgithub/codeql-actionfrom 3.27.5 to 3.28.8 (dependabot[bot]) #56859 - [
99a271e588] - meta: bump step-security/harden-runner from 2.12.0 to 2.12.2 (dependabot[bot]) #58923 - [
b4c4c02490] - meta: bump step-security/harden-runner from 2.11.0 to 2.12.0 (dependabot[bot]) #58109 - [
5361bb9157] - meta: bump step-security/harden-runner from 2.10.4 to 2.11.0 (dependabot[bot]) #57258 - [
28e33acf30] - meta: bumpstep-security/harden-runnerfrom 2.10.2 to 2.10.4 (dependabot[bot]) #56863 - [
fad773cede] - module: throw error when re-runing errored module jobs (Joyee Cheung) #58957 - [
2531185423] - module: allow cycles in require() in the CJS handling in ESM loader (Joyee Cheung) #58598 - [
ed43b69689] - module: clarify cjs global-like error on ModuleJobSync (Carlos Espa) #56491 - [
6e02db1b12] - module: handle instantiated async module jobs in require(esm) (Joyee Cheung) #58067 - [
badba50d30] - module: fix incorrect formatting in require(esm) cycle error message (haykam821) #57453 - [
939ecf8906] - module: handle cached linked async jobs in require(esm) (Joyee Cheung) #57187 - [
ba7f8a0353] - module: improve error message from asynchronicity in require(esm) (Joyee Cheung) #57126 - [
c1e7fa2586] - module: handle .mjs in .js handler in CommonJS (Joyee Cheung) #55590 - [
41f3dfd21b] - module: fix require.resolve() crash on non-string paths (Aditi) #56942 - [
043dcdd628] - os: fix GetInterfaceAddresses memory lieaky (theanarkh) #58940 - [
9b74e9bfd9] - permission: ignore internalModuleStat on module loading (Rafael Gonzaga) #55797 - [
611a147b45] - readline: fix unresolved promise on abortion (Daniel Venable) #54030 - [
f891ae3421] - repl: avoid deprecatedrequire.extensionsin tab completion (baki gul) #58653 - [
7ba44290bf] - repl: fix tab completion not working with computer string properties (Dario Piotrowicz) #58709 - [
eb842048b2] - src: do not format single string argument for THROW_ERR_* (Joyee Cheung) #57126 - [
4f004937ec] - src: fixup errorhandling more in various places (James M Snell) #57852 - [
5daa7fe2e2] - src: fix module buffer allocation (X-BW) #57738 - [
586b1be11b] - src: fix build when using shared simdutf (Antoine du Hamel) #58407 - [
563e61f012] - src: fix possible dereference of null pointer (Eusgor) #58459 - [
cbec07ea0b] - src: fix FIPS init error handling (Tobias Nießen) #58379 - [
80fb80e71b] - src: fix -Wunreachable-code in src/node_api.cc (Shelley Vohr) #58901 - [
5e97719860] - test: skip test-http-imports on macos (Marco Ippolito) #59745 - [
69c43bdfcc] - test: fix internet/test-dns (Michaël Zasso) #59660 - [
6fd58e0338] - tools: update coverage GitHub Actions to fixed version (Rich Trott) #59512 - [
eb7bbce73e] - tools: disable failing coverage jobs (Antoine du Hamel) #58770 - [
65b1669936] - util: fix formatting of objects with built-in Symbol.toPrimitive (Shima Ryuhei) #57832 - [
8a29f13bec] - util: fix parseEnv incorrectly splitting multiple ‘=‘ in value (HEESEUNG) #57421 - [
077d5020c4] - v8: fix missing callback in heap utils destroy (Ruben Bridgewater) #58846 - [
34ae9f8b18] - vm: import call should return a promise in the current context (Chengzhong Wu) #58309 - [
0dd3a8d6d1] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #58902 - [
1b83a2bd2d] - zlib: remove mentions of unexposed Z_TREES constant (Jimmy Leung) #58371 - [
9dc9604502] - zlib: fix pointer alignment (jhofstee) #57727
v20.19.4: 2025-07-15, Version 20.19.4 'Iron' (LTS), @RafaelGSS
This is a security release.
Notable Changes
- (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()
Commits
- [
db7b93fcef] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721
v20.19.3: 2025-06-23, Version 20.19.3 'Iron' (LTS), @marco-ippolito
Notable Changes
- [
c535a3c483] - crypto: graduate WebCryptoAPIEd25519and X25519 algorithms as stable (Filip Skokan) #56142 - [
af1dc63815] - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381 - [
01d63a4ddf] - deps: update timezone to 2025b (Node.js GitHub Bot) #57857 - [
b6daa344eb] - doc: add dario-piotrowicz to collaborators (Dario Piotrowicz) #58102
Commits
- [
fc1fa7a357] - build: use FILE_OFFSET_BITS=64 esp. on 32-bit arch (RafaelGSS) #58090 - [
79e0812181] - build: use glob for dependencies of out/Makefile (Richard Lau) #55789 - [
f56e62851a] - crypto: allow length=0 for HKDF and PBKDF2 in SubtleCrypto.deriveBits (Filip Skokan) #55866 - [
c535a3c483] - crypto: graduate WebCryptoAPIEd25519and X25519 algorithms as stable (Filip Skokan) #56142 - [
39925de8b1] - crypto: allow non-multiple of 8 in SubtleCrypto.deriveBits (Filip Skokan) #55296 - [
af1dc63815] - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381 - [
d09008add3] - deps: V8: cherry-pick1a3ecc2(Michaël Zasso) #58342 - [
fd56652425] - deps: V8: cherry-pick182d9c0(Andrey Kosyakov) #58342 - [
447481e829] - deps: V8: cherry-pick third_party/zlib@646b7f5(Hans Wennborg) #58342 - [
eb447168df] - deps: update simdutf to 6.4.2 (Node.js GitHub Bot) #57855 - [
01d63a4ddf] - deps: update timezone to 2025b (Node.js GitHub Bot) #57857 - [
10fb49f2a9] - deps: update icu to 77.1 (Node.js GitHub Bot) #57455 - [
f1dc7d0205] - deps: update corepack to 0.32.0 (Node.js GitHub Bot) #57265 - [
7a2e64bb8a] - deps: update simdutf to 6.4.0 (Node.js GitHub Bot) #56764 - [
e80669be0d] - doc: mention reports should align with Node.js CoC (Rafael Gonzaga) #57607 - [
7b2c0bc92e] - doc: add gurgunday as triager (Gürgün Dayıoğlu) #57594 - [
791e4879de] - doc: document REPL custom eval arguments (Dario Piotrowicz) #57690 - [
2917f09876] - doc: improved fetch docs (Alessandro Miliucci) #57296 - [
d940b15843] - doc: clarifyunhandledRejectionevents behaviors in process doc (Dario Piotrowicz) #57654 - [[`71c664f
Configuration
📅 Schedule: Branch creation - "after 4pm on friday,before 9am on monday,every weekend" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for algolia-ga-actions-netlify failed.
| Name | Link |
|---|---|
| Latest commit | f44483c256b80cf492bd3d9369d7b83da37ad2ed |
| Latest deploy log | https://app.netlify.com/sites/algolia-ga-actions-netlify/deploys/670016e58e073d0008c96d2a |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}