fix(deps): update minor dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
node (source)	23.4.0 -> 23.7.0
postcss (source)	8.4.31 -> 8.5.2

---

Release Notes

nodejs/node (node)

v23.7.0: 2025-01-30, Version 23.7.0 (Current), @​aduh95

Compare Source

Notable Changes

• [36dd9ecc41] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [9414d3cbf1] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #​56489
• [9c5c3b3115] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #​56610
• [1e201fd5fd] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #​56385
• [48c813fb67] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #​56441
• [cf16123785] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #​56469
• [13bdd9c961] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #​56595
• [00a1943858] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #​56459
• [3143566045] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #​56434

Commits

• [334a3ac7c6] - assert: make myers_diff function more performant (Giovanni Bucci) #​56303
• [eb2bf460b7] - assert: make partialDeepStrictEqual work with urls and File prototypes (Giovanni Bucci) #​56231
• [d184453b90] - assert: show diff when doing partial comparisons (Giovanni Bucci) #​56211
• [4aa1afd607] - benchmark: add validateStream to styleText bench (Rafael Gonzaga) #​56556
• [8bbdb1203e] - child_process: fix parsing messages with splitted length field (Maksim Gorkov) #​56106
• [d83d89a08e] - crypto: add missing return value check (Michael Dawson) #​56615
• [36dd9ecc41] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [3915152c36] - crypto: fix checkPrime crash with large buffers (Santiago Gimeno) #​56559
• [c8d1dcb063] - crypto: fix warning of ignoring return value (Cheng) #​56527
• [1994eaaf52] - crypto: make generatePrime/checkPrime interruptible (James M Snell) #​56460
• [5f1ee05390] - deps: update corepack to 0.31.0 (Node.js GitHub Bot) #​56795
• [9cfac712b8] - deps: move inspector_protocol to deps (Chengzhong Wu) #​56649
• [b2ec816a31] - deps: macro ENODATA is deprecated in libc++ (Cheng) #​56698
• [edd9361499] - deps: fixup some minor coverity warnings (James M Snell) #​56612
• [9ffe3ad4b1] - deps: update libuv to 1.50.0 (Node.js GitHub Bot) #​56616
• [73ad3ca238] - deps: update amaro to 0.3.0 (Node.js GitHub Bot) #​56568
• [0657f6270a] - deps: update amaro to 0.2.2 (Node.js GitHub Bot) #​56568
• [47fad8cbc0] - deps: update simdutf to 6.0.3 (Node.js GitHub Bot) #​56567
• [c9a211ae29] - diagnostics_channel: capture console messages (Stephen Belanger) #​56292
• [cf5d2d6598] - doc: move anatoli to emeritus (Michael Dawson) #​56592
• [5dd08d10be] - doc: fix styles of the expandable TOC (Antoine du Hamel) #​56755
• [09fb3adf80] - doc: add "Skip to content" button (Antoine du Hamel) #​56750
• [ad012ca1f3] - doc: improve accessibility of expandable lists (Antoine du Hamel) #​56749
• [38acdb57eb] - doc: add note regarding commit message trailers (Dario Piotrowicz) #​56736
• [f4a9b134c0] - doc: fix typo in example code for util.styleText (Robin Mehner) #​56720
• [8a61aaa734] - doc: fix inconsistencies in WeakSet and WeakMap comparison details (Shreyans Pathak) #​56683
• [4ade128184] - doc: add RafaelGSS as latest sec release stewards (Rafael Gonzaga) #​56682
• [e1e1200b79] - doc: clarify cjs/esm diff in queueMicrotask() vs process.nextTick() (Dario Piotrowicz) #​56659
• [57a7b931fb] - doc: WeakSet and WeakMap comparison details (Shreyans Pathak) #​56648
• [56b21489f4] - doc: mention prepare --security (Rafael Gonzaga) #​56617
• [67f39b597a] - doc: tweak info on reposts in ambassador program (Michael Dawson) #​56589
• [6381e0761d] - doc: add type stripping to ambassadors program (Marco Ippolito) #​56598
• [9bd438acd3] - doc: improve internal documentation on built-in snapshot (Joyee Cheung) #​56505
• [f54118c84a] - doc: correct customization hook types & clarify descriptions (Jacob Smith) #​56454
• [6af5053153] - doc: document CLI way to open the nodejs/bluesky PR (Antoine du Hamel) #​56506
• [4a77a9e1eb] - doc: add history info for Permission Model (Antoine du Hamel) #​56707
• [097b8b4889] - doc: add note for features using InternalWorker with permission model (Antoine du Hamel) #​56706
• [f600466c73] - doc: add section about using npx with permission model (Rafael Gonzaga) #​56539
• [c2d5a0c629] - doc: update gcc-version for ubuntu-lts (Kunal Kumar) #​56553
• [202af46793] - doc: fix parentheses in options (Tobias Nießen) #​56563
• [4e4b0c63d0] - doc: fix location of NO_COLOR in CLI docs (Colin Ihrig) #​56525
• [92eeeb98a5] - doc: include CVE to EOL lines as sec release process (Rafael Gonzaga) #​56520
• [233a6a93a1] - doc: add esm examples to node:trace_events (Alfredo González) #​56514
• [d9cff6c73f] - doc: reserve NMV 133 for Electron 35 (Keeley Hammond) #​56513
• [6047fd7c5c] - doc: add message for Ambassadors to promote (Michael Dawson) #​56235
• [a4045c9488] - doc: allow request for TSC reviews via the GitHub UI (Antoine du Hamel) #​56493
• [dd3f94873e] - esm: fix jsdoc type refs to ModuleJobBase in esm/loader (Jacob Smith) #​56499
• [9414d3cbf1] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #​56489
• [4202045673] - http2: omit server name when HTTP2 host is IP address (islandryu) #​56530
• [f48a562776] - inspector: roll inspector_protocol (Chengzhong Wu) #​56649
• [9a954fbf4a] - inspector: add undici http tracking support (Chengzhong Wu) #​56488
• [f185e8a34a] - inspector: report loadingFinished until the response data is consumed (Chengzhong Wu) #​56372
• [2fb007fdce] - lib: allow skipping source maps in node_modules (Chengzhong Wu) #​56639
• [2f69dc2659] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​56580
• [0d869963e0] - meta: add codeowners of security release document (Rafael Gonzaga) #​56521
• [59510ab819] - module: fix bad require.resolve with option paths for . and .. (Dario Piotrowicz) #​56735
• [58d2dad67d] - module: integrate TypeScript into compile cache (Joyee Cheung) #​56629
• [9f99a6acb5] - module: use more defensive code when handling SWC errors (Antoine du Hamel) #​56646
• [7347d34053] - module: fixing url change in load sync hook chain (Vitalii Akimov) #​56402
• [9c5c3b3115] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #​56610
• [afd1f91a1e] - module: fix jsdoc for format parameter in cjs/loader (pacexy) #​56501
• [86d783fa51] - module: rethrow amaro error message (Marco Ippolito) #​56568
• [7b6df4a97a] - process: fix symbol key and mark experimental new node:process methods (Antoine du Hamel) #​56517
• [21362cc4f4] - punycode: limit deprecation warning (Colin Ihrig) #​56632
• [93f60a1c15] - sqlite: disable memstatus APIs at build time (Colin Ihrig) #​56541
• [1e201fd5fd] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #​56385
• [3aca628a11] - sqlite: enable SQL math functions (Colin Ihrig) #​56447
• [575251ae6a] - src: add nullptr handling from X509_STORE_new() (Burkov Egor) #​56700
• [8fb03d8f43] - src: move more crypto to ncrypto (James M Snell) #​56653
• [55a0135261] - src: add default value for RSACipherConfig mode field (Burkov Egor) #​56701
• [83c56da328] - src: fix build with GCC 15 (tjuhaszrh) #​56740
• [872d68d87c] - src: fix to generate path from wchar_t via wstring (yamachu) #​56696
• [2b6a82dcea] - src: replace NoArrayBufferZeroFillScope with v8 option (James M Snell) #​56658
• [a5f9023297] - src: initialize FSReqWrapSync in path that uses it (Michaël Zasso) #​56613
• [90f70ed8dd] - src: use cppgc to manage ContextifyContext (Joyee Cheung) #​56522
• [0b1ac9653e] - src: handle duplicate paths granted (Rafael Gonzaga) #​56591
• [33f5345002] - src: update ECKeyPointer in ncrypto (James M Snell) #​56526
• [c7b95fcf95] - src: update ECPointPointer in ncrypto (James M Snell) #​56526
• [c008b15108] - src: update ECGroupPointer in ncrypto (James M Snell) #​56526
• [5673dc7de7] - src: update ECDASSigPointer implementation in ncrypto (James M Snell) #​56526
• [87ba48b2c6] - src: cleaning up more crypto internals for ncrypto (James M Snell) #​56526
• [48c813fb67] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #​56441
• [50c65eed78] - src: fix undefined script name in error source (Chengzhong Wu) #​56502
• [b3c66d2493] - src: refactor --trace-env to reuse option selection and handling (Joyee Cheung) #​56293
• [17d59efe3c] - src: minor cleanups on OneByteString usage (James M Snell) #​56482
• [3e6e0106f6] - src: move more crypto impl detail to ncrypto dep (James M Snell) #​56421
• [5e1ddd5d4c] - src: fixup more ToLocalChecked uses in node_file (James M Snell) #​56484
• [aa3fd2f58f] - src: make some minor ToLocalChecked cleanups (James M Snell) #​56483
• [7dd8165b0b] - src: lock the thread properly in snapshot builder (Joyee Cheung) #​56327
• [edafab7248] - src: drain platform tasks before creating startup snapshot (Chengzhong Wu) #​56403
• [e1887d2c58] - src: use LocalVector in more places (James M Snell) #​56457
• [cf16123785] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #​56469
• [df78515664] - stream: fix typo in ReadableStreamBYOBReader.readIntoRequests (Mattias Buelens) #​56560
• [4ff79fb22a] - test: reduce number of written chunks (Luigi Pinca) #​56757
• [2e7b7b7674] - test: fix invalid common.mustSucceed() usage (Luigi Pinca) #​56756
• [0af368ce5e] - test: use strict mode in global setters test (Rich Trott) #​56742
• [e49f3e944c] - test: cleanup and simplify test-crypto-aes-wrap (James M Snell) #​56748
• [85f7bbf4e4] - test: do not use common.isMainThread (Luigi Pinca) #​56768
• [36b02bf1b1] - test: make some requires lazy in common/index (James M Snell) #​56715
• [bcb35c3fb7] - test: add test that uses multibyte for path and resolves modules (yamachu) #​56696
• [917f98b29c] - test: replace more uses of global with globalThis (James M Snell) #​56712
• [bf34a49206] - test: make common/index slightly less node.js specific (James M Snell) #​56712
• [ef2ed71389] - test: rely less on duplicative common test harness utilities (James M Snell) #​56712
• [e654c8b84a] - test: simplify common/index.js (James M Snell) #​56712
• [a62345e73b] - test: move hasMultiLocalhost to common/net (James M Snell) #​56716
• [6edf04ee5e] - test: move crypto related common utilities in common/crypto (James M Snell) #​56714
• [c7a132229f] - test: add missing test for env file (Jonas) #​56642
• [2a219eddf6] - test: enforce strict mode in test-zlib-const (Rich Trott) #​56689
• [f885496d9c] - test: fix localization data for ICU 74.2 (Antoine du Hamel) #​56661
• [eb3148fb5c] - test: use --permission instead of --experimental-permission (Rafael Gonzaga) #​56685
• [86d7ba09c4] - test: test-stream-compose.js doesn't need internals (Meghan Denny) #​56619
• [676276889e] - test: add maxCount and gcOptions to gcUntil() (Joyee Cheung) #​56522
• [5b7a012144] - test: add line break at end of file (Rafael Gonzaga) #​56588
• [27cfec619f] - test: mark test-worker-prof as flaky on smartos (Joyee Cheung) #​56583
• [7e58da68c1] - test: update ts eval snapshots (Marco Ippolito) #​56568
• [b1c54439ae] - test: update test-child-process-bad-stdio to use node:test (Colin Ihrig) #​56562
• [0d772a963e] - test: disable openssl 3.4.0 incompatible tests (Jelle van der Waa) #​56160
• [6fa6d699ff] - test: make test-crypto-hash compatible with OpenSSL > 3.4.0 (Jelle van der Waa) #​56160
• [90e12f2945] - test: clarify fork inherit permission flags (Rafael Gonzaga) #​56523
• [323f96f7b3] - test: add error only reporter for node:test (Carlos Espa) #​56438
• [cbbcaf9108] - test: mark test-http-server-request-timeouts-mixed as flaky (Joyee Cheung) #​56503
• [295db19ba2] - test: update error code in tls-psk-circuit for for OpenSSL 3.4 (sebastianas) #​56420
• [f7563780a6] - test: update compiled sqlite tests to match other tests (Colin Ihrig) #​56446
• [8feb2737e7] - test: add initial test426 coverage (Chengzhong Wu) #​56436
• [b9cd7895c0] - test: update test-set-http-max-http-headers to use node:test (Colin Ihrig) #​56439
• [332ce548cb] - test: update test-child-process-windows-hide to use node:test (Colin Ihrig) #​56437
• [e2668c0e00] - test_runner: print failing assertion only once with spec reporter (Pietro Marchini) #​56662
• [f97cd5b02b] - test_runner: remove unused errors (Pietro Marchini) #​56607
• [13bdd9c961] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #​56595
• [00a1943858] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #​56459
• [c4979ebfb2] - test_runner: run single test file benchmark (Pietro Marchini) #​56479
• [839a06e908] - test_runner: differentiate test types in enqueue dequeue events (Eddie Abbondanzio) #​54049
• [3143566045] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #​56434
• [3aa864904f] - test_runner: finish marking snapshot testing as stable (Colin Ihrig) #​56425
• [b7b0768cda] - tls: fix error stack conversion in cryptoErrorListToException() (Joyee Cheung) #​56554
• [8f59f5ba47] - tools: update doc to new version (Node.js GitHub Bot) #​56259
• [ebf4527730] - tools: update inspector_protocol roller (Chengzhong Wu) #​56649
• [649cf0c0f6] - tools: do not throw on missing create-release-proposal.sh (Antoine du Hamel) #​56704
• [69cb44e315] - tools: fix tools-deps-update (Daniel Lemire) #​56684
• [02f36ca11b] - tools: do not throw on missing create-release-proposal.sh (Antoine du Hamel) #​56695
• [bcc1c65066] - tools: fix permissions in lint-release-proposal workflow (Antoine du Hamel) #​56614
• [ab4cfef600] - tools: remove github reporter (Carlos Espa) #​56468
• [477e674a2a] - tools: edit create-release-proposal workflow (Antoine du Hamel) #​56540
• [5f6785b1cb] - tools: validate commit list as part of lint-release-commit (Antoine du Hamel) #​56291
• [2a0fbd8731] - tools: fix loong64 build failed (Xiao-Tao) #​56466
• [aea088f79e] - tools: disable unneeded rule ignoring in Python linting (Rich Trott) #​56429
• [7a0dd2d04f] - tools: use a configurable value for number of open dependabot PRs (Antoine du Hamel) #​56427
• [c249c9715a] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #​56426
• [a9d332a16f] - util: inspect: do not crash on an Error stack that contains a Symbol (Jordan Harband) #​56573
• [6a16012fd7] - util: inspect: do not crash on an Error with a regex name (Jordan Harband) #​56574
• [c7f16192f4] - util: rename CallSite.column to columnNumber (Chengzhong Wu) #​56584
• [e652781934] - util: do not crash on inspecting function with Symbol name (Jordan Harband) #​56572
• [d066acfcf9] - util: expose CallSite.scriptId (Chengzhong Wu) #​56551
• [e1b0f44d19] - watch: reload env file for --env-file-if-exists (Jonas) #​56643
• [538e19489f] - worker: refactor stdio to improve performance (Matteo Collina) #​56630
• [aab53e6965] - worker: flush stdout and stderr on exit (Matteo Collina) #​56428

v23.6.1: 2025-01-21, Version 23.6.1 (Current), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
• CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
• CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

• CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Commits

• [f2ad4d3af8] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#654
• [0afc6f9600] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (RafaelGSS) nodejs-private/node-private#555
• [3c7686163e] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650
• [51938f023a] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#629

v23.6.0: 2025-01-07, Version 23.6.0 (Current), @​marco-ippolito

Compare Source

Notable Changes

Unflagging --experimental-strip-types

This release enables the flag --experimental-strip-types by default.
Node.js will be able to execute TypeScript files without additional configuration:

node file.ts

There are some limitations in the supported syntax documented at https://nodejs.org/api/typescript.html#type-stripping
This feature is experimental and is subject to change.

Contributed by Marco Ippolito in #​56350

Other Notable Changes

• [c1023284c3] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #​56359
• [8dc39e5e2e] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #​56400
• [8b20cc212b] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #​56394

Commits

• [7b4d288116] - assert: make partialDeepStrictEqual throw when comparing [0] with [-0] (Giovanni) #​56237
• [0ec2ed0a0b] - build: fix GN build for ngtcp2 (Cheng) #​56300
• [ab3e64630b] - build: test macos-13 on GitHub actions (Michaël Zasso) #​56307
• [46fb69daca] - build: build v8 with -fvisibility=hidden on macOS (Joyee Cheung) #​56275
• [9d4930b993] - deps: update simdutf to 5.7.2 (Node.js GitHub Bot) #​56388
• [6afe36397e] - deps: update amaro to 0.2.1 (Node.js GitHub Bot) #​56390
• [195990a0ee] - deps: update googletest to 7d76a23 (Node.js GitHub Bot) #​56387
• [b9c0852fc6] - deps: update googletest to e54519b (Node.js GitHub Bot) #​56370
• [eaefd90128] - deps: update ngtcp2 to 1.10.0 (Node.js GitHub Bot) #​56334
• [06de0c65cf] - deps: update simdutf to 5.7.0 (Node.js GitHub Bot) #​56332
• [03df76cdec] - doc: add example for piping ReadableStream (Gabriel Schulhof) #​56415
• [38ce249b07] - doc: expand description of parseArg's default (Kevin Gibbons) #​54431
• [ecc718cef2] - doc: use <ul> instead of <ol> in SECURITY.md (Antoine du Hamel) #​56346
• [3db4809130] - doc: clarify that WASM is trusted (Matteo Collina) #​56345
• [384ccbacd5] - doc: update macOS and Xcode versions for releases (Michaël Zasso) #​56337
• [3943986e88] - doc: fix the crc32 documentation (Kevin Toshihiro Uehara) #​55898
• [710b8fc6ed] - doc: add entry to changelog about SQLite Session Extension (Bart Louwers) #​56318
• [4c978b4d77] - doc: fix links in module.md (Antoine du Hamel) #​56283
• [cdb631efe7] - esm: add experimental support for addon modules (Chengzhong Wu) #​55844
• [db83d2f0ee] - Revert "events: add hasEventListener util for validate" (origranot) #​56282
• [c2baae84ce] - lib: refactor execution.js (Marco Ippolito) #​56358
• [c1023284c3] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #​56359
• [e4b795ec4a] - lib: optimize prepareStackTrace on builtin frames (Chengzhong Wu) #​56299
• [d1b009b623] - lib: suppress source map lookup exceptions (Chengzhong Wu) #​56299
• [c2837f0805] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​56342
• [72336233f2] - meta: move MoLow to TSC regular member (Moshe Atlow) #​56276
• [4f77920a9d] - module: fix async resolution error within the sync findPackageJSON (Jacob Smith) #​56382
• [e5ba216501] - (SEMVER-MINOR) module: unflag --experimental-strip-types (Marco Ippolito) #​56350
• [959f133a22] - module: support eval with ts syntax detection (Marco Ippolito) #​56285
• [717cfa4fac] - module: use buffer.toString base64 (Chengzhong Wu) #​56315
• [c2f4d8d688] - node-api: define version 10 (Gabriel Schulhof) #​55676
• [417a8ebdec] - node-api: remove deprecated attribute from napi_module_register (Vladimir Morozov) #​56162
• [8dc39e5e2e] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #​56400
• [d194f1ab5f] - sqlite: pass conflict type to conflict resolution handler (Bart Louwers) #​56352
• [29f5d70452] - src: use v8::LocalVector consistently with other minor cleanups (James M Snell) #​56417
• [2a5543b78e] - src: use starts_with in fs_permission.cc (ishabi) #​55811
• [3a3f5c9a64] - stream: validate undefined sizeAlgorithm in WritableStream (Jason Zhang) #​56067
• [6e6f6b071a] - test: add ts eval snapshots (Marco Ippolito) #​56358
• [8a87e39052] - test: remove empty lines from snapshots (Marco Ippolito) #​56358
• [510649f617] - test: use unusual chars in the path to ensure our tests are robust (Antoine du Hamel) #​48409
• [54f6d681a0] - test: remove flaky designation (Luigi Pinca) #​56369
• [20ace0bb01] - test: remove test-worker-arraybuffer-zerofill flaky designation (Luigi Pinca) #​56364
• [b757e40525] - test: remove test-net-write-fully-async-hex-string flaky designation (Luigi Pinca) #​56365
• [64556baddc] - test: improve abort signal dropping test (Edy Silva) #​56339
• [accbdad329] - test: enable ts test on win arm64 (Marco Ippolito) #​56349
• [4188ee00d1] - test: deflake test-watch-file-shared-dependency (Luigi Pinca) #​56344
• [079cee0609] - test: skip test-sqlite-extensions when SQLite is not built by us (Antoine du Hamel) #​56341
• [96a38044ee] - test: increase spin for eventloop test on s390 (Michael Dawson) #​56228
• [c062ffc242] - test: add coverage for pipeline (jakecastelli) #​56278
• [d4404f0d0e] - test: migrate message eval tests from Python to JS (Yiyun Lei) #​50482
• [9369942745] - test: check typescript loader (Marco Ippolito) #​54657
• [4930244484] - test: remove async-hooks/test-writewrap flaky designation (Luigi Pinca) #​56048
• [7819bfec69] - test: deflake test-esm-loader-hooks-inspect-brk (Luigi Pinca) #​56050
• [e9762bf005] - test: add test case for listeners (origranot) #​56282
• [c1627e9d19] - test: make test-permission-sqlite-load-extension more robust (Antoine du Hamel) #​56295
• [97d854e1d5] - test_runner,cli: mark test isolation as stable (Colin Ihrig) #​56298
• [a4f336fdd4] - tools: fix require-common-first lint rule from subfolder (Antoine du Hamel) #​56325
• [dc3dafcb50] - tools: add release line label when opening release proposal (Antoine du Hamel) #​56317
• [2a5ac932ac] - url: use resolved path to convert UNC paths to URL (Antoine du Hamel) #​56302
• [8b20cc212b] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #​56394

v23.5.0: 2024-12-19, Version 23.5.0 (Current), @​aduh95

Compare Source

Notable Changes

WebCryptoAPI Ed25519 and X25519 algorithms are now stable

Following the merge of Curve25519 into the
Web Cryptography API Editor's Draft the
Ed25519 and X25519 algorithm identifiers are now stable and will no longer
emit an ExperimentalWarning upon use.

Contributed by Filip Skokan in #​56142.

On-thread hooks are back

This release introduces module.registerHooks() for registering module loader
customization hooks that are run for all modules loaded by require(), import
and functions returned by createRequire() in the same thread, which makes them
easier for CJS monkey-patchers to migrate to.

import assert from 'node:assert';
import { registerHooks, createRequire } from 'node:module';
import { writeFileSync } from 'node:fs';

writeFileSync('./bar.js', 'export const id = 123;', 'utf8');

registerHooks({
  resolve(specifier, context, nextResolve) {
    const replaced = specifier.replace('foo', 'bar');
    return nextResolve(replaced, context);
  },
  load(url, context, nextLoad) {
    const result = nextLoad(url, context);
    return {
      ...result,
      source: result.source.toString().replace('123', '456'),
    };
  },
});

// Checks that it works with require.
const require = createRequire(import.meta.url);
const required = require('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(required.id, 456);  // Replaced by load hook to 456

// Checks that it works with import.
const imported = await import('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(imported.id, 456);  // Replaced by load hook to 456

This complements the module.register() hooks - the new hooks fit better
internally and cover all corners in the module graph; whereas
module.register() previously could not cover require() while it was
on-thread, and still cannot cover createRequire() after being moved
off-thread.

They are also run in the same thread as the modules being loaded and where the
hooks are registered, which means they are easier to debug (no more
console.log() getting lost) and do not have the many deadlock issues haunting
the module.register() hooks. The new API also takes functions directly so that
it's easier for intermediate loader packages to take user options from files
that the hooks can't be aware of, like many existing CJS monkey-patchers do.

Contributed by Joyee Cheung in #​55698.

Other notable changes

• [59cae91465] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
• [72f79b44ed] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
• [b5a2c0777d] - (SEMVER-MINOR) module: add prefix-only modules to module.builtinModules (Jordan Harband) #​56185
• [9863d27566] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
• [8e780bc5ae] - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #​55698
• [65bc8e847f] - (SEMVER-MINOR) report: fix typos in report

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.