Update Node.js to v18.20.6

[renovate]

This PR contains the following updates:

Package	Update	Change
node (source)	minor	18.17.1 -> 18.20.6

---

Release Notes

nodejs/node (node)

v18.20.6: 2025-01-21, Version 18.20.6 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
• CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

• CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Commits

• [c03ad5ed63] - build: use rclone instead of aws CLI (Michaël Zasso) #​55617
• [8232463294] - build, tools: drop leading / from r2dir (Richard Lau) #​53951
• [b26bcd3394] - build, tools: copy release assets to staging R2 bucket once built (flakey5) #​51394
• [56df127b7b] - build,tools: simplify upload of shasum signatures (Michaël Zasso) #​53892
• [a63e9372ed] - (CVE-2025-22150) deps: update undici to v5.28.5 (Matteo Collina) nodejs-private/node-private#657
• [da2d177f91] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias Nießen) nodejs-private/node-private#555
• [6cc8d58e6f] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650

v18.20.5: 2024-11-12, Version 18.20.5 'Hydrogen' (LTS), @​aduh95

Compare Source

Notable Changes

• [ac37e554a5] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #​55333

Commits

• [c2e6a8f215] - benchmark: fix napi/ref addon (Michaël Zasso) #​53233
• [4c2e07aaac] - build: pin doc workflow to Node.js 20 (Richard Lau) #​55755
• [6ba4ebd060] - build: fix build with Python 3.12 (Luigi Pinca) #​50582
• [c50f01399e] - crypto: ensure invalid SubtleCrypto JWK data import results in DataError (Filip Skokan) #​55041
• [5c46782137] - crypto: make deriveBits length parameter optional and nullable (Filip Skokan) #​53601
• [6e7274fa53] - crypto: reject dh,x25519,x448 in {Sign,Verify}Final (Huáng Jùnliàng) #​53774
• [d2442044db] - crypto: reject Ed25519/Ed448 in Sign/Verify prototypes (Filip Skokan) #​52340
• [93670de499] - deps: upgrade npm to 10.8.2 (npm team) #​53799
• [8531c95587] - deps: upgrade npm to 10.8.1 (npm team) #​53207
• [fd9933ea0f] - deps: upgrade npm to 10.8.0 (npm team) #​53014
• [03852495d7] - deps: update simdutf to 5.6.0 (Node.js GitHub Bot) #​55379
• [3597be4146] - deps: update simdutf to 5.5.0 (Node.js GitHub Bot) #​54434
• [52d2c03738] - deps: update simdutf to 5.3.4 (Node.js GitHub Bot) #​54312
• [dd882ac483] - deps: update simdutf to 5.3.1 (Node.js GitHub Bot) #​54196
• [5fb8e1b428] - deps: update simdutf to 5.3.0 (Node.js GitHub Bot) #​53837
• [c952fd886d] - deps: update simdutf to 5.2.8 (Node.js GitHub Bot) #​52727
• [a1ae050ed5] - deps: update simdutf to 5.2.6 (Node.js GitHub Bot) #​52727
• [96ec48da7f] - deps: update brotli to 1.1.0 (Node.js GitHub Bot) #​50804
• [11242bcfb4] - deps: update zlib to 1.3.0.1-motley-71660e1 (Node.js GitHub Bot) #​53464
• [64f98a9869] - deps: update zlib to 1.3.0.1-motley-c2469fd (Node.js GitHub Bot) #​53464
• [4b815550e0] - deps: update zlib to 1.3.0.1-motley-68e57e6 (Node.js GitHub Bot) #​53464
• [f6b2f68ce7] - deps: update zlib to 1.3.0.1-motley-8b7eff8 (Node.js GitHub Bot) #​53464
• [e151ebef86] - deps: update zlib to 1.3.0.1-motley-e432200 (Node.js GitHub Bot) #​53464
• [637a306e02] - deps: update zlib to 1.3.0.1-motley-887bb57 (Node.js GitHub Bot) #​53464
• [569a739569] - deps: update zlib to 1.3.0.1-motley-209717d (Node.js GitHub Bot) #​53156
• [033f1e2ba5] - deps: update zlib to 1.3.0.1-motley-4f653ff (Node.js GitHub Bot) #​53052
• [aaa857fc01] - deps: update ada to 2.8.0 (Node.js GitHub Bot) #​53254
• [d577321877] - deps: update acorn to 8.13.0 (Node.js GitHub Bot) #​55558
• [55b3c8a41f] - deps: update acorn-walk to 8.3.4 (Node.js GitHub Bot) #​54950
• [50a9456f1e] - deps: update acorn-walk to 8.3.3 (Node.js GitHub Bot) #​53466
• [f56cfe776b] - deps: update acorn to 8.12.1 (Node.js GitHub Bot) #​53465
• [fce3ab686d] - deps: update archs files for openssl-3.0.15+quic1 (Node.js GitHub Bot) #​55184
• [46c782486e] - deps: upgrade openssl sources to quictls/openssl-3.0.15+quic1 (Node.js GitHub Bot) #​55184
• [4a18581dc3] - deps: update corepack to 0.29.4 (Node.js GitHub Bot) #​54845
• [67e98831ab] - deps: update archs files for openssl-3.0.14+quic1 (Node.js GitHub Bot) #​54336
• [c60c6630af] - deps: upgrade openssl sources to quictls/openssl-3.0.14+quic1 (Node.js GitHub Bot) #​54336
• [935a506377] - deps: update corepack to 0.29.3 (Node.js GitHub Bot) #​54072
• [dbdfdd0226] - deps: update corepack to 0.29.2 (Node.js GitHub Bot) #​53838
• [395ee44608] - deps: update corepack to 0.28.2 (Node.js GitHub Bot) #​53253
• [6ba8bc0618] - deps: update c-ares to 1.29.0 (Node.js GitHub Bot) #​53155
• [81c3260cd2] - deps: update corepack to 0.28.1 (Node.js GitHub Bot) #​52946
• [e4739e9aa6] - doc: only apply content-visibility on all.html (Filip Skokan) #​53510
• [4d2ac5d98f] - doc: move release key for Myles Borins (Richard Lau) #​54059
• [1c4decc998] - doc: add release key for aduh95 (Antoine du Hamel) #​55349
• [a4f6f0918f] - doc: add names next to release key bash commands (Aviv Keller) #​52878
• [c679348f83] - errors: use determineSpecificType in more error messages (Antoine du Hamel) #​49580
• [3059262185] - esm: fix broken assertion in legacyMainResolve (Antoine du Hamel) #​55708
• [ac37e554a5] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #​55333
• [84b0ead758] - esm: fix hook name in error message (Bruce MacNaughton) #​50466
• [0092358d00] - http: handle multi-value content-disposition header (Arsalan Ahmad) #​50977
• [d814fe935c] - src: account for OpenSSL unexpected version (Shelley Vohr) #​54038
• [6615fe5db1] - src: fix dynamically linked OpenSSL version (Richard Lau) #​53456
• [d6114cb2e2] - test: fix test when compiled without engine support (Richard Lau) #​53232
• [ac3a39051c] - test: fix test-tls-junk-closes-server (Michael Dawson) #​55089
• [c8520ff7d2] - test: fix OpenSSL version checks (Richard Lau) #​53503
• [9824827937] - test: update tls test to support OpenSSL32 (Michael Dawson) #​55030
• [1a4d497936] - test: adjust tls-set-ciphers for OpenSSL32 (Michael Dawson) #​55016
• [341496a5a2] - test: add asserts to validate test assumptions (Michael Dawson) #​54997
• [37a2f7eaa4] - test: adjust key sizes to support OpenSSL32 (Michael Dawson) #​54972
• [75ff0cdf66] - test: update test to support OpenSSL32 (Michael Dawson) #​54968
• [b097d85dfe] - test: adjust test-tls-junk-server for OpenSSL32 (Michael Dawson) #​54926
• [e9997388a6] - test: adjust tls test for OpenSSL32 (Michael Dawson) #​54909
• [c7de027adb] - test: fix test test-tls-dhe for OpenSSL32 (Michael Dawson) #​54903
• [68156cbae1] - test: fix test-tls-client-mindhsize for OpenSSL32 (Michael Dawson) #​54739
• [d5b73e5683] - test: increase key size for ca2-cert.pem (Michael Dawson) #​54599
• [5316314755] - test: update TLS test for OpenSSL 3.2 (Richard Lau) #​54612
• [a1f0c87859] - test: fix test-tls-client-auth test for OpenSSL32 (Michael Dawson) #​54610
• [e9e3306426] - test: use assert.{s,deepS}trictEqual() (Sonny) #​54208
• [1320fb9475] - test: update TLS trace tests for OpenSSL >= 3.2 (Richard Lau) #​53229
• [cc3cdf7cc0] - test: check against run-time OpenSSL version (Richard Lau) #​53456
• [fc43c6803e] - test: update TLS tests for OpenSSL 3.2 (Richard Lau) #​53384
• [627d3993f0] - test: fix unreliable assumption in js-native-api/test_cannot_run_js (Joyee Cheung) #​51898
• [9f521f456e] - test: update tests for OpenSSL 3.0.14 (Richard Lau) #​53373
• [0fb652eba9] - tools: update gyp-next to v0.16.1 (Michaël Zasso) #​50380
• [fa72b2c2de] - tools: skip ruff on tools/gyp (Michaël Zasso) #​50380

v18.20.4

Compare Source

v18.20.3: 2024-05-21, Version 18.20.3 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.

A fix has also been included for compiling Node.js from source with newer versions of Clang.

The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies

• acorn updated to 8.11.3.
• acorn-walk updated to 8.3.2.
• ada updated to 2.7.8.
• c-ares updated to 1.28.1.
• corepack updated to 0.28.0.
• nghttp2 updated to 1.61.0.
• ngtcp2 updated to 1.3.0.
• npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324.
• simdutf updated to 5.2.4.
• zlib updated to 1.3.0.1-motley-7d77fb7.

Commits

• [0c260e10e7] - deps: update zlib to 1.3.0.1-motley-7d77fb7 (Node.js GitHub Bot) #​52516
• [1152d7f919] - deps: update zlib to 1.3.0.1-motley-24c07df (Node.js GitHub Bot) #​52199
• [755399db9d] - deps: update zlib to 1.3.0.1-motley-24342f6 (Node.js GitHub Bot) #​52123
• [af3e32073b] - deps: update ada to 2.7.8 (Node.js GitHub Bot) #​52517
• [e4ea2db58b] - deps: update c-ares to 1.28.1 (Node.js GitHub Bot) #​52285
• [14e857bea2] - deps: update corepack to 0.28.0 (Node.js GitHub Bot) #​52616
• [7f5dd44ca6] - deps: upgrade npm to 10.7.0 (npm team) #​52767
• [78f84ebb09] - deps: update ngtcp2 to 1.3.0 (Node.js GitHub Bot) #​51796
• [1f489a3753] - deps: update ngtcp2 to 1.2.0 (Node.js GitHub Bot) #​51584
• [3034968225] - deps: update ngtcp2 to 1.1.0 (Node.js GitHub Bot) #​51319
• [1aa9da467f] - deps: add nghttp3/**/.deps to .gitignore (Luigi Pinca) #​51400
• [28c0c78c9a] - deps: update ngtcp2 and nghttp3 (James M Snell) #​51291
• [8fd5a35364] - deps: upgrade npm to 10.5.2 (npm team) #​52458
• [2c53ff31c9] - deps: update acorn-walk to 8.3.2 (Node.js GitHub Bot) #​51457
• [12f28f33c2] - deps: update acorn to 8.11.3 (Node.js GitHub Bot) #​51317
• [dddb7eb3e0] - deps: update acorn-walk to 8.3.1 (Node.js GitHub Bot) #​50457
• [c86550e607] - deps: update acorn-walk to 8.3.0 (Node.js GitHub Bot) #​50457
• [9500817f66] - deps: update acorn to 8.11.2 (Node.js GitHub Bot) #​50460
• [7a8c7b6275] - deps: update ada to 2.7.7 (Node.js GitHub Bot) #​52028
• [b199889943] - deps: update corepack to 0.26.0 (Node.js GitHub Bot) #​52027
• [052b0ba0c6] - deps: upgrade npm to 10.5.1 (npm team) #​52351
• [209823d3af] - deps: update simdutf to 5.2.4 (Node.js GitHub Bot) #​52473
• [5114cbe18a] - deps: update simdutf to 5.2.3 (Yagiz Nizipli) #​52381
• [be30309ea0] - deps: update simdutf to 5.0.0 (Daniel Lemire) #​52138
• [b56f66e250] - deps: update simdutf to 4.0.9 (Node.js GitHub Bot) #​51655
• [a9f3b9d9d1] - deps: update nghttp2 to 1.61.0 (Node.js GitHub Bot) #​52395
• [1b6fa70620] - deps: update nghttp2 to 1.60.0 (Node.js GitHub Bot) #​51948
• [3c9dbbf4d4] - deps: update nghttp2 to 1.59.0 (Node.js GitHub Bot) #​51581
• [e28316da54] - deps: update nghttp2 to 1.58.0 (Node.js GitHub Bot) #​50441
• [678641f470] - deps: V8: cherry-pick d15d49b (Bo Anderson) #​52337
• [1147fee7d9] - doc: remove ableist language from crypto (Jamie King) #​52063
• [5e93eae972] - doc: add release key for marco-ippolito (marco-ippolito) #​52257
• [6689a98488] - http: remove closeIdleConnections function while calling server close (Kumar Rishav) #​52336
• [71616e8a8a] - node-api: make tsfn accept napi_finalize once more (Gabriel Schulhof) #​51801
• [d9d9e62474] - src: avoid draining platform tasks at FreeEnvironment (Chengzhong Wu) #​51290
• [e5fc8ec9fc] - test: skip v8-updates/test-linux-perf (Michaël Zasso) #​49639
• [351ef189ca] - test: v8: Add test-linux-perf-logger test suite (Luke Albao) #​50352
• [5cec2efc31] - test: reduce the number of requests and parsers (Luigi Pinca) #​50240
• [5186e453d9] - test: deflake test-http-regr-gh-2928 (Luigi Pinca) #​49574
• [c60cd67e1c] - test: skip test for dynamically linked OpenSSL (Richard Lau) #​52542

v18.20.2: 2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Commits

• [6627222409] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564

v18.20.1

Compare Source

v18.20.0

Compare Source

v18.19.1

Compare Source

v18.19.0

Compare Source

v18.18.2

Compare Source

v18.18.1: 2023-10-10, Version 18.18.1 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes

This release addresses some regressions that appeared in Node.js 18.18.0:

• (Windows) FS can not handle certain characters in file name #​48673
• 18 and 20 node images give error - Text file busy (after re-build images) nodejs/docker-node#1968
• libuv update in 18.18.0 breaks webpack's thread-loader #​49911

The libuv 1.45.0 and 1.46.0 updates that were released in Node.js 18.18.0 have been temporarily reverted.

Commits

• [3e3a75cc46] - Revert "build: sync libuv header change" (Richard Lau) #​50036
• [14ece2c479] - Revert "deps: upgrade to libuv 1.45.0" (Richard Lau) #​50036
• [022352acbe] - Revert "deps: upgrade to libuv 1.46.0" (Richard Lau) #​50036
• [d9f138189c] - Revert "deps: add missing thread-common.c in uv.gyp" (Richard Lau) #​50036
• [7a3e1ffbb8] - fs: make sure to write entire buffer (Robert Nagy) #​49211
• [04cba95a67] - test: add tmpdir.resolve() (Livia Medeiros) #​49079

v18.18.0: 2023-09-18, Version 18.18.0 'Hydrogen' (LTS), @​ruyadorno

Compare Source

Notable Changes

• [7dc731d4bf] - build: sync libuv header change (Jiawen Geng) #​48078
• [490fc004b0] - crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot) #​49341
• [dd8cd97d4d] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #​48416
• [ea23870bec] - deps: add missing thread-common.c in uv.gyp (Santiago Gimeno) #​48078
• [88855e0b1b] - deps: upgrade to libuv 1.46.0 (Santiago Gimeno) #​48078
• [fb2b80fca0] - deps: upgrade to libuv 1.45.0 (Santiago Gimeno) #​48078
• [249879e46c] - doc: add atlowChemi to collaborators (atlowChemi) #​48757
• [e8dc7bde6a] - doc: add vmoroz to collaborators (Vladimir Morozov) #​48527
• [a30f2fbcc1] - doc: add kvakil to collaborators (Keyhan Vakil) #​48449
• [c39b7c240e] - (SEMVER-MINOR) esm: add --import flag (Moshe Atlow) #​43942
• [a68a67f54d] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #​48596
• [3a8586bee2] - fs, stream: initial Symbol.dispose and Symbol.asyncDispose support (Moshe Atlow) #​48518
• [863bdb785d] - net: add autoSelectFamily global getter and setter (Paolo Insogna) #​45777
• [c59ae86ba0] - (SEMVER-MINOR) url: add value argument to has and delete methods (Sankalp Shubham) #​47885

Commits

• [d1f43317ea] - benchmark: add bar.R (Rafael Gonzaga) #​47729
• [4f74be3c92] - benchmark: refactor crypto oneshot (Filip Skokan) #​48267
• [fe9da9df0f] - benchmark: add crypto.create*Key (Filip Skokan) #​48284
• [9cb18b3e9d] - build: do not pass target toolchain flags to host toolchain (Ivan Trubach) #​48597
• [7dc731d4bf] - build: sync libuv header change (Jiawen Geng) #​48078
• [211a4f88a9] - build: update action to close stale PRs (Michael Dawson) #​48196
• [cc33a1864b] - child_process: harden against prototype pollution (Livia Medeiros) #​48726
• [b5df084e1e] - child_process: use addAbortListener (atlowChemi) #​48550
• [611db8df1a] - child_process: support Symbol.dispose (Moshe Atlow) #​48551
• [490fc004b0] - crypto: update root certificates to NSS 3.93 (Node.js GitHub Bot) #​49341
• [dd8cd97d4d] - crypto: update root certificates to NSS 3.90 (Node.js GitHub Bot) #​48416
• [b2bc839d4c] - crypto: remove OPENSSL_FIPS guard for OpenSSL 3 (Richard Lau) #​48392
• [c8da8c80b9] - deps: update nghttp2 to 1.55.0 (Node.js GitHub Bot) #​48746
• [7e04242dcb] - deps: update minimatch to 9.0.3 (Node.js GitHub Bot) #​48704
• [ea23870bec] - deps: add missing thread-common.c in uv.gyp (Santiago Gimeno) #​48078
• [88855e0b1b] - deps: upgrade to libuv 1.46.0 (Santiago Gimeno) #​48078
• [fb2b80fca0] - deps: upgrade to libuv 1.45.0 (Santiago Gimeno) #​48078
• [59fca4e09a] - deps: update acorn to 8.10.0 (Node.js GitHub Bot) #​48713
• [bcb255d5a8] - deps: V8: cherry-pick cb00db4 (Keyhan Vakil) #​48671
• [65a6c90fc6] - deps: update acorn to 8.9.0 (Node.js GitHub Bot) #​48484
• [6b6d5d91e9] - deps: update zlib to 1.2.13.1-motley-f81f385 (Node.js GitHub Bot) #​48541
• [56249b0770] - deps: update googletest to ec4fed9 (Node.js GitHub Bot) #​48538
• [8914a5204a] - deps: update minimatch to 9.0.2 (Node.js GitHub Bot) #​48542
• [1b960d9988] - deps: update icu to 73.2 (Node.js GitHub Bot) #​48502
• [f0e2e3c549] - deps: update zlib to 1.2.13.1-motley-3ca9f16 (Node.js GitHub Bot) #​48413
• [9cf8fe6b93] - deps: upgrade npm to 9.8.1 (npm team) #​48838
• [d9ff473ff3] - deps: upgrade npm to 9.8.0 (npm team) #​48665
• [4a6177daad] - deps: upgrade npm to 9.7.2 (npm team) #​48514
• [104b58feb1] - deps: update ada to 2.6.0 (Node.js GitHub Bot) #​48896
• [7f7a125d78] - deps: update corepack to 0.19.0 (Node.js GitHub Bot) #​48540
• [5e1eb451d1] - deps: update corepack to 0.18.1 (Node.js GitHub Bot) #​48483
• [3be53358bc] - deps: add loong64 config into openssl gypi (Shi Pujin) #​48043
• [555982c59e] - deps: upgrade npm to 9.7.1 (npm team) #​48378
• [3c03ec0832] - deps: update simdutf to 3.2.14 (Node.js GitHub Bot) #​48344
• [a2964a4583] - deps: update ada to 2.5.1 (Node.js GitHub Bot) #​48319
• [38f6e0d8cd] - deps: update zlib to 982b036 (Node.js GitHub Bot) #​48327
• [f4617a4f81] - deps: add loongarch64 into openssl Makefile and gen openssl-loongarch64 (Shi Pujin) #​46401
• [573eb4be12] - dgram: socket add asyncDispose (atlowChemi) #​48717
• [f3c4300e00] - dgram: use addAbortListener (atlowChemi) #​48550
• [d3041df738] - doc: expand on squashing and rebasing to land a PR (Chengzhong Wu) #​48751
• [249879e46c] - doc: add atlowChemi to collaborators (atlowChemi) #​48757
• [42ecd46d1f] - doc: fix ambiguity in http.md and https.md (an5er) #​48692
• [e78824e053] - doc: add release key for Ulises Gascon (Ulises Gascón) #​49196
• [1aa798d69f] - doc: clarify transform._transform() callback argument logic (Rafael Sofi-zada) #​48680
• [d723e870a2] - doc: mention git node release prepare (Rafael Gonzaga) #​48644
• [a9a1394388] - doc: fix options order (Luigi Pinca) #​48617
• [989ea6858f] - doc: update security release stewards (Rafael Gonzaga) #​48569
• [f436ac1803] - doc: update return type for describe (Shrujal Shah) #​48572
• [fbe89e6320] - doc: run license-builder (github-actions[bot]) #​48552
• [f18b287bc3] - doc: add description of autoAllocateChunkSize in ReadableStream (Debadree Chatterjee) #​48004
• [e2f3ed1444] - doc: fix filename type in watch result (Dmitry Semigradsky) #​48032
• [1fe75dc2b0] - doc: unnest mime and MIMEParams from MIMEType constructor (Dmitry Semigradsky) #​47950
• [e1339d58e8] - doc: update security-release-process.md (Rafael Gonzaga) #​48504
• [e8dc7bde6a] - doc: add vmoroz to collaborators (Vladimir Morozov) #​48527
• [f8ba672c7b] - doc: link to Runtime Keys in export conditions (Jacob Hummer) #​48408
• [0056cb93e9] - doc: update fs flags documentation (sinkhaha) #​48463
• [3cf3fb9479] - doc: revise error.md introduction (Antoine du Hamel) #​48423
• [7575d8b90e] - doc: add preveen-stack to triagers (Preveen P) #​48387
• [820aa550a4] - doc: refine when file is undefined in test events (Moshe Atlow) #​48451
• [a30f2fbcc1] - doc: add kvakil to collaborators (Keyhan Vakil) #​48449
• [239b4ea66f] - doc: mark --import as experimental (Moshe Atlow) #​44067
• [2a561aefe2] - doc: add additional info on TSFN dispatch (Michael Dawson) #​48367
• [5cc6eee30d] - doc: add link for news from security wg (Michael Dawson) #​48396
• [ffece88452] - doc: fix typo in events.md (Darshan Sen) #​48436
• [06513585dc] - doc: run license-builder (github-actions[bot]) #​48336
• [d9a800ee5c] - esm: fix emit deprecation on legacy main resolve (Antoine du Hamel) #​48664
• [c39b7c240e] - (SEMVER-MINOR) esm: add --import flag (Moshe Atlow) #​43942
• [a00464ee06] - esm: fix specifier resolution and symlinks (Zack Newsham) #​47674
• [3b8ec348b0] - events: fix bug listenerCount don't compare wrapped listener (yuzheng14) #​48592
• [a68a67f54d] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal (Chemi Atlow) #​48596
• [5354af3dab] - fs: call the callback with an error if writeSync fails (killa) #​47949
• [c3a27d1d3d] - fs: remove unneeded return statement (Luigi Pinca) #​48526
• [3a8586bee2] - fs, stream: initial Symbol.dispose and Symbol.asyncDispose support (Moshe Atlow) #​48518
• [01746c71df] - http: null the joinDuplicateHeaders property on cleanup (Luigi Pinca) #​48608
• [d47eb73a85] - http: remove useless ternary in test (geekreal) #​48481
• [977e9a38b4] - http: fix for handling on boot timers headers and request (Franciszek Koltuniuk) #​48291
• [be88f7cd22] - http2: use addAbortListener (atlowChemi) #​48550
• [7c7230a85c] - http2: send RST code 8 on AbortController signal (Devraj Mehta) #​48573
• [f74c2fc72a] - lib: use addAbortListener (atlowChemi) #​48550
• [db355d1f37] - lib: add option to force handling stopped events (Chemi Atlow) #​48301
• [5d682c55a5] - lib: reduce url getters on makeRequireFunction (Yagiz Nizipli) #​48492
• [5260f53e55] - lib: add support for inherited custom inspection methods (Antoine du Hamel) #​48306
• [69aaf8b1d1] - lib: remove invalid parameter to toASCII (Yagiz Nizipli) #​48878
• [51863b80e4] - meta: bump actions/checkout from 3.5.2 to 3.5.3 (dependabot[bot]) #​48625
• [7ec370991d] - meta: bump step-security/harden-runner from 2.4.0 to 2.4.1 (dependabot[bot]) #​48626
• [34b8e980d4] - meta: bump ossf/scorecard-action from 2.1.3 to 2.2.0 (dependabot[bot]) #​48628
• [dfed9a7da9] - meta: bump github/codeql-action from 2.3.6 to 2.20.1 (dependabot[bot]) #​48627
• [071eaadc5a] - module: add SourceMap.findOrigin (Isaac Z. Schlueter) #​47790
• [bf1525c549] - module: reduce url invocations in esm/load.js (Yagiz Nizipli) #​48337
• [f8921630a2] - net: server add asyncDispose (atlowChemi) #​48717
• [b5f53d9a0b] - net: fix family autoselection SSL connection handling (Paolo Insogna) #​48189
• [267439fc34] - net: rework autoSelectFamily implementation (Paolo Insogna) #​46587
• [d3637cdbbf] - net: fix address iteration with autoSelectFamily (Fedor Indutny) #​48258
• [e8289a83f1] - net: fix family autoselection timeout handling (Paolo Insogna) #​47860
• [863bdb785d] - net: add autoSelectFamily global getter and setter (Paolo Insogna) #​45777
• [04dc090bfa] - node-api: provide napi_define_properties fast path (Gabriel Schulhof) #​48440
• [feb6a54dc3] - node-api: implement external strings (Gabriel Schulhof) #​48339
• [121f74c463] - perf_hooks: convert maxSize to IDL value in setResourceTimingBufferSize (Chengzhong Wu) #​44902
• [804d880589] - permission: fix data types in PrintTree (Tobias Nießen) #​48770
• [7aaecce9bf] - permission: add debug log when inserting fs nodes (Rafael Gonzaga) #​48677
• [cb51ef2905] - readline: use addAbortListener (atlowChemi) #​48550
• [07065d0814] - report: disable js stack when no context is entered (Chengzhong Wu) #​48495
• [572b82ffef] - src: make BaseObject iteration order deterministic (Joyee Cheung) #​48702
• [3f65598a41] - src: remove kEagerCompile for CompileFunction (Keyhan Vakil) #​48671
• [f43eacac9b] - src: deduplicate X509 getter implementations (Tobias Nießen) #​48563
• [0c19621bdc] - src: fix uninitialized field access in AsyncHooks (Jan Olaf Krems) #​48566
• [0c38184d62] - src: fix Coverity issue regarding unnecessary copy (Yagiz Nizipli) #​48565
• [0d73009ba3] - src: refactor SplitString in util (Yagiz Nizipli) #​48491
• [[6c72622df9](https://redirect.g

---

Configuration

📅 Schedule: Branch creation - "after 9pm on sunday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (18.20.6). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.