Releases: nodejs/node
Releases · nodejs/node
2026-01-13, Version 25.3.0 (Current), @RafaelGSS
This is a security release.
Notable Changes
lib:
- (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#750
permission: - (CVE-2026-21636) add network check on pipe_wrap connect (RafaelGSS) nodejs-private/node-private#784
- (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
- (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
src: - (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
tls: - (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#790
Commits
- [
a6a74b89a7] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997 - [
5100614e26] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #61283 - [
f0a8916887] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#750 - [
b4b887c5f7] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748 - [
26be208039] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760 - [
bdf5873d44] - (CVE-2026-21636) permission: add network check on pipe_wrap connect (RafaelGSS) nodejs-private/node-private#784 - [
0578e3e921] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773 - [
4d6b55a6d1] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759 - [
c357a39e14] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#790
2026-01-13, Version 24.13.0 'Krypton' (LTS), @marco-ippolito
v24.13.0
This tag was signed with the committer’s verified signature.
marco-ippolito
Marco Ippolito
This is a security release.
Notable Changes
lib:
- (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
- (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
lib,permission: - (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
src: - (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
tls: - (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
Commits
- [
2092785d01] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997 - [
3e58b7f2af] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #61283 - [
4ba536a5a6] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797 - [
89adaa21fd] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748 - [
7302b4dae1] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760 - [
ac030753c4] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773 - [
20075692fe] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759 - [
20591b0618] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
2026-01-13, Version 22.22.0 'Jod' (LTS), @marco-ippolito
v22.22.0
This tag was signed with the committer’s verified signature.
marco-ippolito
Marco Ippolito
This is a security release.
Notable Changes
lib:
- (CVE-2025-59465) add TLSSocket default error handler
- (CVE-2025-55132) disable futimes when permission model is enabled
lib,permission: - (CVE-2025-55130) require full read and write to symlink APIs
src: - (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks
src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle
tls: - (CVE-2026-21637) route callback exceptions through error handlers
Commits
- [
6badf4e6f4] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997 - [
37509c3ff0] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#791 - [
eb8e41f8db] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797 - [
ebbf942a83] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748 - [
6b4849583a] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760 - [
ddadc31f09] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773 - [
d4d9f3915f] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759 - [
25d6799df6] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
2026-01-13, Version 20.20.0 'Iron' (LTS), @marco-ippolito
v20.20.0
This tag was signed with the committer’s verified signature.
marco-ippolito
Marco Ippolito
This is a security release.
Notable Changes
lib:
- (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
- (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
lib,permission: - (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
src: - (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
tls: - (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
Commits
- [
8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997 - [
97fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#792 - [
14fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802 - [
1febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797 - [
494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760 - [
d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773 - [
51f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759 - [
85f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
2025-12-10, Version 24.12.0 'Krypton' (LTS), @targos
Notable Changes
- [
1a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778 - [
ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #59982 - [
8987159234] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #60600 - [
92c484ebf4] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #59953 - [
b11bc5984e] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217 - [
e7da5b4b7d] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178 - [
a7f7d10c06] - (SEMVER-MINOR) src: add an option to make compile cache portable (Aditi) #58797 - [
92ea669240] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #59711 - [
05d7509bd2] - (SEMVER-MINOR) v8: add cpu profile (theanarkh) #59807
Commits
- [
e4a23a35ac] - benchmark: focus on import.meta intialization in import-meta benchmark (Joyee Cheung) #60603 - [
b6114ae5c9] - benchmark: add per-suite setup option (Joyee Cheung) #60574 - [
ac8e90af7c] - buffer: speed up concat via TypedArray#set (Gürgün Dayıoğlu) #60399 - [
acbc8ca13e] - build: upgrade Python linter ruff, add rules ASYNC,PERF (Christian Clauss) #59984 - [
f97a609a07] - console: optimize single-string logging (Gürgün Dayıoğlu) #60422 - [
6cd9bdc580] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #60662 - [
0fafe24d9b] - crypto: fix argument validation in crypto.timingSafeEqual fast path (Joyee Cheung) #60538 - [
54421e0419] - debugger: fix event listener leak in the run command (Joyee Cheung) #60464 - [
c361a628b4] - deps: V8: cherry-pick 72b0e27bd936 (pthier) #60732 - [
c70f4588dd] - deps: V8: cherry-pick 6bb32bd2c194 (Erik Corry) #60732 - [
881fe784c5] - deps: V8: cherry-pick 0dd2318b5237 (Erik Corry) #60732 - [
457c33efcc] - deps: V8: cherry-pick df20105ccf36 (Erik Corry) #60732 - [
0bf45a829c] - deps: V8: backport e5dbbbadcbff (Darshan Sen) #60524 - [
4993bdc476] - deps: V8: cherry-pick 5ba9200cd046 (Juan José Arboleda) #60620 - [
1e9abe0078] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #60842 - [
3f704ed08f] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #60643 - [
04e360fdb1] - deps: V8: cherry-pick 06bf293610ef, 146962dda8d2 and e0fb10b5148c (Michaël Zasso) #60713 - [
fcbd8dbbde] - deps: patch V8 to 13.6.233.17 (Michaël Zasso) #60712 - [
28e9433f39] - deps: V8: cherry-pick 87356585659b (Joyee Cheung) #60069 - [
3cac85b243] - deps: V8: backport 2e4c5cf9b112 (Michaël Zasso) #60654 - [
1daece1970] - deps: call OPENSSL_free after ANS1_STRING_to_UTF8 (Rafael Gonzaga) #60609 - [
5f55a9c9ea] - deps: nghttp2: revert 7784fa979d0b (Antoine du Hamel) #59790 - [
1d9e7c1f4d] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #59790 - [
3140415068] - deps: update simdjson to 4.1.0 (Node.js GitHub Bot) #60542 - [
d911f9f1b8] - deps: update amaro to 1.1.5 (Node.js GitHub Bot) #60541 - [
daaaf04a32] - deps: V8: cherry-pick 2abc61361dd4 (Richard Lau) #60177 - [
b4f63ee5f8] - doc: update Collaborators list to reflect hybrist handle change (Antoine du Hamel) #60650 - [
effcf7a8ab] - doc: fix link in--env-file=filesection (N. Bighetti) #60563 - [
7011736703] - doc: fix linter issues (Antoine du Hamel) #60636 - [
5cc79d8945] - doc: add missing history entry forsqlite.md(Antoine du Hamel) #60607 - [
bbc649057c] - doc: correct values/references for buffer.kMaxLength (René) #60305 - [
ea7ecb517b] - doc: recommend events.once to manage 'close' event (Dan Fabulich) #60017 - [
58bff04cc2] - doc: highlight module loading difference between import and require (Ajay A) #59815 - [
bbcbff9b4d] - doc: add CJS code snippets insqlite.md(Allon Murienik) #60395 - [
f8af33d5a7] - doc: fix typo inprocess.unrefdocumentation (우혁) #59698 - [
df105dc351] - doc: add some entries toglossary.md(Mohataseem Khan) #59277 - [
4955cb2b5b] - doc: improve agent.createConnection docs for http and https agents (JaeHo Jang) #58205 - [
6283bb5cc9] - doc: fix pseudo code in modules.md (chirsz) #57677 - [
d5059ea537] - doc: add missing variable in code snippet (Koushil Mankali) #55478 - [
900de373ae] - doc: add missing word insingle-executable-applications.md(Konstantin Tsabolov) #53864 - [
5735044c8b] - doc: fix typo in http.md (Michael Solomon) #59354 - [
2dee6df831] - doc: update devcontainer.json and add documentation (Joyee Cheung) #60472 - [
8f2d98d7d2] - doc: add haramj as triager (Haram Jeong) #60348 - [[
bbd7fdfff4](https://gith...
2025-11-25, Version 20.19.6 'Iron' (LTS), @marco-ippolito
v20.19.6
This tag was signed with the committer’s verified signature.
marco-ippolito
Marco Ippolito
6a530fe
This commit was signed with the committer’s verified signature.
marco-ippolito
Marco Ippolito
Notable Changes
- [
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [
082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113 - [
db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313
Commits
- [
0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547 - [
fba0025b9c] - build: usewindows-2025runner (Michaël Zasso) #59673 - [
3456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #59956 - [
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [
1788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #60112 - [
5d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #59791 - [
9f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689 - [
d0edb01d25] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #59335 - [
576242ff39] - deps: V8: cherry-pick a0d0d4fc4f19 (Ho Cheung) #60716 - [
a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314 - [
fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #59134 - [
556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #59134 - [
cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #59133 - [
acec79989e] - deps: V8: cherry-pick 6b1b9bca2a8 (zhoumingtao) #59283 - [
e65b930aa7] - deps: V8: backport 2e4c5cf9b112 (Michaël Zasso) #60654 - [
1b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #60114 - [
a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #59932 - [
2426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #59806 - [
e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #59562 - [
e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #59579 - [
8a504d900a] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #59080 - [
8c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #59591 - [
109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #59470 - [
4f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #59445 - [
caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #58876 - [
082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113 - [
19a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #58504 - [
db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313 - [
3b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291 - [
960d05ad7d] - doc: add history entries to--input-typesection (Antoine du Hamel) #58175 - [
20616f1750] - http2: do not crash on mismatched ping buffer length (René) #60135 - [
9eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #59261 - [
dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #60070 - [
d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #60093 - [
de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #60094 - [
b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #60096 - [
e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #60090 - [
7cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #54347 - [
bb108191aa] - meta: callcreate-release-post.ymlpost release (Aviv Keller) #60366 - [
2a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #58646 - [
144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #60103 - [
409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #59857 - [
d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #59607 - [
b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #59487 - [
2c8a73f95f] - src: remove duplicate assignment ofO_EXCLin node_constants.cc (Daniel Osvaldo R) #59049 - [
b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #59993 - [
4b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #60068 - [
cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #59755 - [
9543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) [#59640](https://github.com/nodejs/node...
2025-11-17, Version 25.2.1 (Current), @aduh95
This release reverts the spec-compliant behavior of sometimes throwing on localStorage
access. We received feedback that this change on an experimental API was too breaking
for a semver-minor release, so we decided to push it back for Node.js 26.0.0.
Commits
- [
ff89b7b6c7] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #60662 - [
5316b580eb] - deps: V8: backport 2e4c5cf9b112 (Michaël Zasso) #60654 - [
ca878bc90e] - doc,src,lib: clarify experimental status of Web Storage support (Antoine du Hamel) #60708 - [
a4dee613fd] - Revert "lib: throw from localStorage getter on missing storage path" (Antoine du Hamel) #60750
2025-11-11, Version 25.2.0 (Current), @aduh95
Notable Changes
- [
a37c01e6a1] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #59982 - [
4fbb1ab101] - lib: throw from localStorage getter on missing storage path (René) #60351 - [
727560a96d] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #60600 - [
506b79e888] - (SEMVER-MINOR) net: increase network family autoselection timeout to 500ms (Rod Vagg) #60334 - [
166c72ec02] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #59953 - [
399b340022] - (SEMVER-MINOR) v8: adding total_allocated_bytes to HeapStatistics (Caio Lima) #60573
Commits
- [
d5158a0a2d] - benchmark: focus on import.meta intialization in import-meta benchmark (Joyee Cheung) #60603 - [
26a5305fa9] - benchmark: add per-suite setup option (Joyee Cheung) #60574 - [
4810e4b82d] - buffer: speed up concat via TypedArray#set (Gürgün Dayıoğlu) #60399 - [
94a94a6b3a] - console: optimize single-string logging (Gürgün Dayıoğlu) #60422 - [
ad376c31db] - crypto: fix argument validation in crypto.timingSafeEqual fast path (Joyee Cheung) #60538 - [
dc38a45a55] - debugger: fix event listener leak in the run command (Joyee Cheung) #60464 - [
a61e5d8e05] - deps: call OPENSSL_free after ANS1_STRING_to_UTF8 (Rafael Gonzaga) #60609 - [
51e5030afa] - deps: nghttp2: revert 7784fa979d0b (Antoine du Hamel) #59790 - [
eef838f499] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #59790 - [
13120a43d4] - deps: update simdjson to 4.1.0 (Node.js GitHub Bot) #60542 - [
6e1b23dab8] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #60550 - [
a02e05c486] - deps: update amaro to 1.1.5 (Node.js GitHub Bot) #60541 - [
b9ba3a7947] - deps: V8: backport fe81545e6d14 (Caio Lima) #60429 - [
07bcd28494] - deps: V8: cherry-pick 7ef6a001762 (Xiao-Tao) #60259 - [
3e11658243] - doc: update Collaborators list to reflect hybrist handle change (Antoine du Hamel) #60650 - [
b8e40e4d38] - doc: fix link in--env-file=filesection (N. Bighetti) #60563 - [
9558c1c0df] - doc: fix linter issues (Antoine du Hamel) #60636 - [
cdf70de563] - doc: add missing history entry forsqlite.md(Antoine du Hamel) #60607 - [
e3c5dcf1ea] - doc: correct values/references for buffer.kMaxLength (René) #60305 - [
a25d76c924] - doc: recommend events.once to manage 'close' event (Dan Fabulich) #60017 - [
795f32bf91] - doc: highlight module loading difference between import and require (Ajay A) #59815 - [
212775410b] - doc: add CJS code snippets insqlite.md(Allon Murienik) #60395 - [
263c06096d] - doc: fix typo inprocess.unrefdocumentation (우혁) #59698 - [
356bdae408] - doc: add some entries toglossary.md(Mohataseem Khan) #59277 - [
9632c398de] - doc: improve agent.createConnection docs for http and https agents (JaeHo Jang) #58205 - [
f72880dbe3] - doc: fix pseudo code in modules.md (chirsz) #57677 - [
a9c70cefe8] - doc: add missing variable in code snippet (Koushil Mankali) #55478 - [
2892d151d4] - doc: add missing word insingle-executable-applications.md(Konstantin Tsabolov) #53864 - [
9c99ab6571] - doc: fix typo in http.md (Michael Solomon) #59354 - [
3446cf375f] - doc: update devcontainer.json and add documentation (Joyee Cheung) #60472 - [
519c537875] - doc: add haramj as triager (Haram Jeong) #60348 - [
62889d7e99] - doc: clarify require(esm) description (dynst) #60520 - [
0b9ef68705] - doc: instantiate resolver object (Donghoon Nam) #60476 - [
cd5c1ad29f] - doc: correct module loading descriptions (Joyee Cheung) #60346 - [
74719dad7a] - doc: clarify Linux runtime requirements for >=25 (Joyee Cheung) #60484 - [
ca39540785] - doc: clarify --use-system-ca support status (Joyee Cheung) #60340 - [
dbf204c714] - doc,crypto: link keygen to supported types (Filip Skokan) #60585 - [
3bcf86d56d] - esm: use sync loading/resolving on non-loader-hook thread (Joyee Cheung) #60380 - [
69b3d2c845] - http: replace startsWith with strict equality (btea) #59394 - [
a38e2f5975] - http2: add diagnostics channels for client stream request body (Darshan Sen) #60480 - [
c047e73a00] - inspector: inspect HTTP response body (Chengzhong Wu) #60572 - [
d2087bae92] - inspector: support inspecting HTTP/2 request and response bodies (Darshan Sen) #60483 - [
003121c475] - inspector: fix crash when receiving non json message (Shima Ryuhei) #60388 - [
a37c01e6a1] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #59982 - [
219d2e978d] - lib: replace global SharedArrayBuffer constructor with bound method (Renegade334) #60497 - [
4fbb1ab101] - lib: throw from localStorage getter on missing storage path (René) #60351
...
2025-11-11, Version 24.11.1 'Krypton' (LTS), @aduh95
Notable Changes
The known issue relating to Buffer.allocUnsafe incorrectly zero-filling buffers
has now been addressed and now returns uninitialized memory as documented in the
Buffer.allocUnsafe
documentation.
Commits
- [
0a15ccf3f4] - benchmark: improve cpu.sh for safety and usability (Nam Yooseong) #60162 - [
a1c7d1dac9] - benchmark: add benchmark for leaf source text modules (Joyee Cheung) #60205 - [
99e2acf46b] - benchmark: add vm.SourceTextModule benchmark (Joyee Cheung) #59396 - [
c01c72b407] - benchmark: use non-deprecated WriteUtf8V2 method (Michaël Zasso) #60173 - [
a42dbd138e] - build: ibmi follow aix visibility (SRAVANI GUNDEPALLI) #60360 - [
5673a54a5d] - build: use call command when calling python configure (Jacob Nichols) #60098 - [
c67cb727cb] - build: build v8 with -fvisibility=hidden -fvisibility-inlines-hidden (Joyee Cheung) #56290 - [
b03f7b93b1] - build: remove V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE defs (Joyee Cheung) #60296 - [
2505568531] - build, src: fix include paths for vtune files (Rahul) #59999 - [
95330b036f] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #59956 - [
c221d892ef] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #60550 - [
bc00aa4c77] - deps: update simdjson to 4.0.7 (Node.js GitHub Bot) #59883 - [
d03b89ec53] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314 - [
b7882090de] - deps: update inspector_protocol to af7f5a8173fdbc29f0835ec94395932e328b (Node.js GitHub Bot) #60312 - [
7007f9dd65] - deps: update googletest to 279f847 (Node.js GitHub Bot) #60219 - [
a56aa9ffa8] - deps: upgrade npm to 11.6.2 (npm team) #60168 - [
0bf8952721] - doc: mention more codemods indeprecations.md(Augustin Mauroy) #60243 - [
2473ca77f6] - doc: add missing CAA type to dns.resolveAny() & dnsPromises.resolveAny() (Jimmy Leung) #58899 - [
39ddd8522e] - doc: useanyforworker_threads.Worker'error' event argumenterr(Jonas Geiler) #60300 - [
eaa825fd97] - doc: update decorator documentation to reflect actual policy (Muhammad Salman Aziz) #60288 - [
a744e42282] - doc: document wildcard supported by tools/test.py (Joyee Cheung) #60265 - [
ec0d5beb09] - doc: add --heap-snapshot-on-oom to useful v8 flag (jakecastelli) #60260 - [
13da0df12a] - doc: fixblob.bytes()heading level (XTY) #60252 - [
8e771632b7] - doc: fix not working code example in vm docs (Artur Gawlik) #60224 - [
70c2080bff] - doc: improve code snippet alternative of url.parse() using WHATWG URL (Steven) #60209 - [
beadcf176e] - doc:createSQLTagStore->createTagStore(Aviv Keller) #60182 - [
b0da3b9c6a] - doc: use markdown when branch-diff major release (Rafael Gonzaga) #60179 - [
688115aa6b] - doc: update teams in collaborator-guide.md and add links (Bart Louwers) #60065 - [
923082a064] - doc: disambiguate top-levelworker_threadsmodule exports (René) #59890 - [
7be4330870] - doc: add known issue to v24.11.0 release notes (Richard Lau) #60467 - [
4d8f62aeaf] - doc, module: change async customization hooks to experimental (Gerhard Stöbich) #60302 - [
d86a118bbd] - http: lazy allocate cookies array (Robert Nagy) #59734 - [
8c256d4139] - http: fix http client leaky with double response (theanarkh) #60062 - [
265e9d59fa] - http2: rename variable to additionalPseudoHeaders (Tobias Nießen) #60208 - [
65bec037e2] - http2: do not crash on mismatched ping buffer length (René) #60135 - [
9b83ef53b7] - inspector: add network payload buffer size limits (Chengzhong Wu) #60236 - [
03ac05c458] - inspector: support handshake response for websocket inspection (Shima Ryuhei) #60225 - [
aa04f06190] - lib: fix typo in createBlobReaderStream (SeokHun) #60132 - [
5aea1a429e] - lib: fix constructor in _errnoException stack tree (SeokHun) #60156 - [
4f7745acc7] - lib: fix typo in QuicSessionStats (SeokHun) #60155 - [
f8725861ea] - lib: remove redundant destroyHook checks (Gürgün Dayıoğlu) #60120 - [
696c20bf3f] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #60325 - [
90434ff99a] - meta: loop userland-migrations in deprecations (Chengzhong Wu) #60299 - [
ffbc0ae60a] - module: refactor and clarify async loader hook customizations (Joyee Cheung) #60278 - [
6ed6062f7d] - module: handle null source from async loader hooks in sync hooks (Joyee Cheung) #59929 - [
a2871baed2] - msi: fix WiX warnings (Stefan Stojanovic) #60251 - [
6199541d67] - src: fix timing of snapshot serialize callback (Joyee Cheung) #60434 - [
13b687959a] - src: add COUNT_GENERIC_USAGE utility for tests (Joyee Cheung) #60434 - [
a587623b4f] - src: conditionally disable source phase imports by default (Shelley Vohr) #60364 - [
e483267995] - src: use cached primordials_string (Sohyeon Kim) #60255 - [[
4c9a64fbaf](https://github.com...
2025-10-28, Version 25.1.0 (Current), @aduh95
Notable Changes
- [
4395fe14b9] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778 - [
2e55c6ad04] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217 - [
f437204491] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178
Commits
- [
bb27766bd5] - benchmark: improve cpu.sh for safety and usability (Nam Yooseong) #60162 - [
e600711c20] - benchmark: add benchmark for leaf source text modules (Joyee Cheung) #60205 - [
1bbcdf9039] - benchmark: add vm.SourceTextModule benchmark (Joyee Cheung) #59396 - [
22fa6bd28b] - build: ibmi follow aix visibility (SRAVANI GUNDEPALLI) #60360 - [
931028400e] - build: use call command when calling python configure (Jacob Nichols) #60098 - [
17fde3f3d1] - build: build v8 with -fvisibility=hidden -fvisibility-inlines-hidden (Joyee Cheung) #56290 - [
04cc7aae5e] - build: remove V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE defs (Joyee Cheung) #60296 - [
8a2053060d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #59956 - [
fe91c0f755] - deps: update simdjson to 4.0.7 (Node.js GitHub Bot) #59883 - [
aacfc0d212] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314 - [
8596891a71] - deps: update inspector_protocol to af7f5a8173fdbc29f0835ec94395932e328b (Node.js GitHub Bot) #60312 - [
21bcd0eb2f] - deps: V8: cherry-pick 3d0f462a17ff (Joyee Cheung) #59396 - [
673558501c] - deps: update googletest to 279f847 (Node.js GitHub Bot) #60219 - [
425a1879b1] - doc: mention more codemods indeprecations.md(Augustin Mauroy) #60243 - [
563e1317f3] - doc: remove unnecessary statement of web storage (Deokjin Kim) #60363 - [
064c8c5cfd] - doc: add missing CAA type to dns.resolveAny() & dnsPromises.resolveAny() (Jimmy Leung) #58899 - [
99e357af35] - doc: useanyforworker_threads.Worker'error' event argumenterr(Jonas Geiler) #60300 - [
8ccff0d934] - doc: update decorator documentation to reflect actual policy (Muhammad Salman Aziz) #60288 - [
bac70c6ef3] - doc: document wildcard supported by tools/test.py (Joyee Cheung) #60265 - [
8492bc6a88] - doc: add --heap-snapshot-on-oom to useful v8 flag (jakecastelli) #60260 - [
0f0d3c0e47] - doc: fixblob.bytes()heading level (XTY) #60252 - [
8c8525cf93] - doc: fix not working code example in vm docs (Artur Gawlik) #60224 - [
8a6de3866c] - doc, assert: correct order of changes entries (Gerhard Stöbich) #60304 - [
6bacb6555a] - doc, module: change async customization hooks to experimental (Gerhard Stöbich) #60302 - [
6f3b16df16] - esm: use index-based resolution callbacks (Joyee Cheung) #59396 - [
95644a432c] - http: lazy allocate cookies array (Robert Nagy) #59734 - [
4395fe14b9] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778 - [
f1aa1eaaf5] - inspector: add network payload buffer size limits (Chengzhong Wu) #60236 - [
64fc625bf9] - inspector: support handshake response for websocket inspection (Shima Ryuhei) #60225 - [
0ecbb806a8] - lib: fix typo in createBlobReaderStream (SeokHun) #60132 - [
ffec5927fd] - meta: fix typo in test-shared workflow name (Ronit Sabhaya) #60321 - [
a02897e157] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #60325 - [
59223a7831] - meta: loop userland-migrations in deprecations (Chengzhong Wu) #60299 - [
2d48d17696] - module: refactor and clarify async loader hook customizations (Joyee Cheung) #60278 - [
be1b84fd93] - module: handle null source from async loader hooks in sync hooks (Joyee Cheung) #59929 - [
063fbd87d3] - msi: fix WiX warnings (Stefan Stojanovic) #60251 - [
2e55c6ad04] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217 - [
dc93d6988a] - src: fix timing of snapshot serialize callback (Joyee Cheung) #60434 - [
267e1b3817] - src: add COUNT_GENERIC_USAGE utility for tests (Joyee Cheung) #60434 - [
4a5d7a4c2a] - src: conditionally disable source phase imports by default (Shelley Vohr) #60364 - [
f437204491] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178 - [
36837fa0f9] - src: use cached primordials_string (Sohyeon Kim) #60255 - [
df8396ad37] - src: replace Environment::GetCurrent with args.GetIsolate (Sohyeon Kim) #60256 - [
5dd670b2b9] - src: initial enablement of IsolateGroups (James M Snell) #60254 - [
afdb362933] - src: useUtf8ValueandTwoByteValueinstead of V8 helpers (Anna Henningsen) #60244 - [
a40e533e72] - src: add a default branch for module phase (Chengzhong Wu) #60261 - [
42729f07ee] - src: stop using deprecated v8::Context::GetIsolate (Michaël Zasso) #60223 - [
7a6542c205] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #60419 - [[
29a5855a4f](https://github.com/...