chore(deps): update node dependencies (major)

[ggrossetie]

This PR contains the following updates:

Package	Type	Update	Change
canvas	dependencies	major	2.11.2 -> 3.2.0
node (source)	volta	major	22.15.1 -> 24.11.0
pino (source)	dependencies	major	9.6.0 -> 10.1.0
pino-debug	dependencies	major	2.0.0 -> 4.0.1
pino-debug	dependencies	major	^2.0.0 -> ^4.0.0
react (source)	dependencies	major	18.3.1 -> 19.2.0
react-dom (source)	dependencies	major	18.3.1 -> 19.2.0
sinon (source)	devDependencies	major	19.0.5 -> 21.0.0
vega	dependencies	major	5.33.0 -> 6.2.0
vega-lite (source)	dependencies	major	5.23.0 -> 6.4.1
yargs (source)	dependencies	major	17.7.2 -> 18.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

Automattic/node-canvas (canvas)

v3.2.0

Compare Source

==================

Added

• Added ctx.lang to set the ISO language code for text

v3.1.2

Compare Source

==================

Fixed

• Fix crash when setting width/height on PDF, SVG canvas (#​2520)

v3.1.1

Compare Source

==================

Fixed

• Fix a crash when SVGs without width or height are loaded (#​2486)
• Fix fetching prebuilds during installation on certain newer versions of Node (#​2497)
• Fixed issue with fillText that was breaking subsequent fillText calls (#​2171)
• Fix svg rendering when the image is resized (#​2498)
• Fix measureText with direction rtl textAlign start/end
• Fix a crash in Node 24, due to external memory API change (#​2514)

v3.1.0

Compare Source

==================

Changed

• Replaced simple-get with Node.js builtin fetch (#​2309)
• ctx.font has a new C++ parser and is 2x-400x faster. Please file an issue if you experience different results, as caching has been removed.
• The restriction of registering fonts before a canvas is created has been removed. You can now register a font as late as right before the fillText call (#​1921)

Added

• Support for accessibility and links in PDFs
• ctx.direction is implemented: 'rtl' or 'ltr' set the base direction of text
• ctx.textAlign 'start' and 'end' are now 'right' and 'left' when ctx.direction === 'rtl'

Fixed

• Fix a crash in getImageData when the rectangle is entirely outside the canvas. (#​2024)
• Fix getImageData cropping the resulting ImageData when the given rectangle is partly outside the canvas. (#​1849)

v3.0.1

Compare Source

==================

Fixed

• Fixed accidental depenency on ambient DOM types

v3.0.0

Compare Source

==================

This release notably changes to using N-API. 🎉

Breaking

• Dropped support for Node.js 16.x and below.

Changed

• Migrated to N-API (by way of node-addon-api) and removed libuv and v8 dependencies
• Change from node-pre-gyp to prebuild-install
• Defer the initialization of the op variable to the default switch case to avoid a compiler warning. (#​2229)
• Use a default switch case with a null statement if some enum values aren't suppsed to be handled, this avoids a compiler warning. (#​2229)
• Migrate from librsvg's deprecated rsvg_handle_get_dimensions() and rsvg_handle_render_cairo() functions to the new rsvg_handle_get_intrinsic_size_in_pixels() and rsvg_handle_render_document() respectively. (#​2229)
• Avoid calling virtual methods in constructors/destructors to avoid bypassing virtual dispatch. (#​2229)
• Remove unused private field backend in the Backend class. (#​2229)
• Add Node.js v20 to CI. (#​2237)
• Replaced dtslint with tsd (#​2313)
• Changed PNG consts to static properties of Canvas class
• Reverted improved font matching on Linux (#​1572) because it doesn't work if fonts are installed. If you experience degraded font selection, please file an issue and use v3.0.0-rc3 in the meantime.

Added

• Added string tags to support class detection
• Throw Cairo errors in canvas.toBuffer()

Fixed

• Fix a case of use-after-free. (#​2229)
• Fix usage of garbage value by filling the allocated memory entirely with zeros if it's not modified. (#​2229)
• Fix a potential memory leak. (#​2229)
• Fix the wrong type of setTransform
• Fix the improper parsing of rgb functions issue. (#​2300)
• Fix issue related to improper parsing of leading and trailing whitespaces in CSS color. (#​2301)
• RGB functions should support real numbers now instead of just integers. (#​2339)
• Allow alternate or properly escaped quotes within font-family names
• Fix TextMetrics type to include alphabeticBaseline, emHeightAscent, and emHeightDescent properties
• Fix class properties should have defaults as standard js classes (#​2390)
• Fixed Exif orientation in JPEG files being ignored (#​1670)
• Align DOMMatrix/DOMPoint to spec by adding missing methods

nodejs/node (node)

v24.11.0: 2025-10-28, Version 24.11.0 'Krypton' (LTS), @​richardlau

Compare Source

Notable Changes

This release marks the transition of Node.js 24.x into Long Term Support (LTS)
with the codename 'Krypton'. It will continue to receive updates through to
the end of April 2028.

Other than updating metadata, such as the process.release object, to reflect
that the release is LTS, no further changes from Node.js 24.10.0 are included.

Known issue

An issue has been identified in the Node.js 24.x line with Buffer.allocUnsafe
unintentionally returning zero-filled buffers. This API is
documented to return uninitialized memory.
The documented behavior will be restored in the next Node.js 24.x LTS release to bring
it back in line with previous releases. For more information, see
#​60423.

v24.10.0: 2025-10-08, Version 24.10.0 (Current), @​RafaelGSS

Compare Source

Notable Changes

• [31bb476895] - (SEMVER-MINOR) console: allow per-stream inspectOptions option (Anna Henningsen) #​60082
• [3b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #​59980
• [18c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #​59928

Commits

• [e8cff3d51e] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #​59872
• [03294252ab] - benchmark: update count to n in permission startup (Bruno Rodrigues) #​59872
• [3c8a609d9b] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59872
• [7b2032b13e] - benchmark: adjust dgram offset-length len values (Bruno Rodrigues) #​59708
• [552d887aee] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59708
• [31bb476895] - (SEMVER-MINOR) console: allow per-stream inspectOptions option (Anna Henningsen) #​60082
• [0bf022d4c0] - console,util: improve array inspection performance (Ruben Bridgewater) #​60037
• [04d568e591] - deps: V8: cherry-pick f93055f (Olivier Flückiger) #​60105
• [621058b3bf] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [81b3009fe6] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [dc44c9f349] - deps: upgrade npm to 11.6.1 (npm team) #​60012
• [ec0f137198] - deps: update ada to 3.3.0 (Node.js GitHub Bot) #​60045
• [f490f91874] - deps: update amaro to 1.1.4 (pmarchini) #​60044
• [de7a7cd0d7] - deps: update ada to 3.2.9 (Node.js GitHub Bot) #​59987
• [a533e5b5db] - doc: add automated migration info to deprecations (Augustin Mauroy) #​60022
• [7fb8fe4875] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [24c1ef9846] - doc: remove optional title prefixes (Aviv Keller) #​60087
• [08b9eb8e19] - doc: mark .env files support as stable (Santeri Hiltunen) #​59925
• [66d90b8063] - doc: mention reverse proxy and include simple example (Steven) #​59736
• [14aa1119cb] - doc: provide alternative to url.parse() using WHATWG URL (Steven) #​59736
• [f9412324f6] - doc: fix typo of built-in module specifier in worker_threads (Deokjin Kim) #​59992
• [64e738a342] - doc,crypto: reorder ML-KEM in the asymmetric key types table (Filip Skokan) #​60067
• [1b25008b41] - http: improve writeEarlyHints by avoiding for-of loop (Haram Jeong) #​59958
• [35f9b6b28f] - inspector: improve batch diagnostic channel subscriptions (Chengzhong Wu) #​60009
• [3b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #​59980
• [c495e1fe57] - lib: optimize priority queue (Gürgün Dayıoğlu) #​60039
• [6be31fb9f3] - lib: implement passive listener behavior per spec (BCD1me) #​59995
• [c5e4aa763b] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [50fa1f4a76] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [def4ce976c] - meta: bump actions/cache from 4.2.4 to 4.3.0 (dependabot[bot]) #​60095
• [24b5abc0e9] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [8ccf2b0b34] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [78580147ef] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #​60092
• [705686b5c4] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #​60091
• [423a6bc744] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #​60089
• [9d9bd0fb4f] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [dbeee55824] - module: use sync cjs when importing cts (Marco Ippolito) #​60072
• [a722f677ac] - perf_hooks: fix histogram fast call signatures (Renegade334) #​59600
• [b3295b8353] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [cff4a7608a] - process: fix default env for process.execve (Richard Lau) #​60029
• [cd034e927f] - process: fix hrtime fast call signatures (Renegade334) #​59600
• [18c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #​59928
• [d949222043] - sqlite: replace ToLocalChecked and improve filter error handling (Edy Silva) #​60028
• [6417dc879e] - src: bring permissions macros in line with general C/C++ standards (Anna Henningsen) #​60053
• [e273c2020c] - src: update contextify to use DictionaryTemplate (James M Snell) #​60059
• [5f9ff60664] - src: remove AnalyzeTemporaryDtors option from .clang-tidy (iknoom) #​60008
• [9db54adccc] - src: update cares_wrap to use DictionaryTemplates (James M Snell) #​60033
• [fc0ceb7b82] - src: correct the error handling in StatementExecutionHelper (James M Snell) #​60040
• [3e8fdc1d8d] - src: remove unused variables from report (Moonki Choi) #​60047
• [d744324d8e] - src: avoid unnecessary string allocations in SPrintF impl (Anna Henningsen) #​60052
• [de65a5c719] - src: make ToLower/ToUpper input args more flexible (Anna Henningsen) #​60052
• [354026df5a] - src: allow std::string_view arguments to SPrintF() and friends (Anna Henningsen) #​60058
• [42f7d7cb20] - src: remove unnecessary std::string error messages (Anna Henningsen) #​60057
• [30c2c0fedd] - src: remove unnecessary shadowed functions on Utf8Value & BufferValue (Anna Henningsen) #​60056
• [eb99eec09b] - src: avoid unnecessary string -> char* -> string round trips (Anna Henningsen) #​60055
• [c1f1dbdce2] - src: remove useless dereferencing in THROW_... (Anna Henningsen) #​60054
• [ea0f5e575d] - src: fill options_args, options_env after vectors are finalized (iknoom) #​59945
• [415fff217a] - src: use RAII for uv_process_options_t (iknoom) #​59945
• [982b03ecbd] - test: mark test-runner-run-watch flaky on macOS (Richard Lau) #​60115
• [831a0d3d28] - test: ensure that the message event is fired (Luigi Pinca) #​59952
• [5538cfc1e8] - test: replace diagnostics_channel stackframe in output snapshots (Chengzhong Wu) #​60024
• [77ec400d90] - test: mark test-web-locks skip on IBM i (SRAVANI GUNDEPALLI) #​59996
• [1aaadb9e31] - test: ensure message event fires in worker message port test (Jarred Sumner) #​59885
• [1d5cc5e57a] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [c412b1855d] - test: expand tls-check-server-identity coverage (Diango Gavidia) #​60002
• [ad87975029] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [bad4b9b878] - test: add new startNewREPLSever testing utility (Dario Piotrowicz) #​59964
• [ef90b0f456] - test: verify tracing channel doesn't swallow unhandledRejection (Gerhard Stöbich) #​59974
• [d7285459fe] - timers: fix binding fast call signatures (Renegade334) #​59600
• [6529ae9b0c] - tools: add message on auto-fixing js lint issues in gh workflow (Dario Piotrowicz) #​59128
• [1ca116a6ea] - tools: verify signatures when updating nghttp* (Antoine du Hamel) #​60113
• [20d10a2398] - tools: use dependabot cooldown and move tools/doc (Rafael Gonzaga) #​59978
• [275c07064c] - typings: update 'types' binding (René) #​59692
• [8c21c4b286] - wasi: fix WasiFunction fast call signature (Renegade334) #​59600
• [b865074641] - win,tools: add description to signature (Martin Costello) #​59877

v24.9.0: 2025-09-25, Version 24.9.0 (Current), @​targos

Compare Source

Notable Changes

• [9b043a9096] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [a6456ab90a] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #​58378
• [5563361d22] - (SEMVER-MINOR) sqlite: add tagged template (0hm���️) #​58748
• [04013ee933] - (SEMVER-MINOR) worker: add heap profile API (theanarkh) #​59846

Commits

• [cbec4fd6de] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #​59696
• [9a4bbdc3c5] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #​59836
• [0b284d86e8] - build: add the missing macro definitions for OpenHarmony (hqzing) #​59804
• [43e6e54d66] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #​59809
• [039ac19154] - crypto: expose signatureAlgorithm on X509Certificate (Patrick Costa) #​59235
• [647c332704] - crypto: use return await when returning Promises from async functions (Renegade334) #​59841
• [8ed4587cf0] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #​59841
• [bb051c56ef] - crypto: avoid calls to promise.catch() (Renegade334) #​59841
• [05e560dd25] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [fa40d3a785] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [8c85570d18] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [b71125664e] - deps: update undici to 7.16.0 (Node.js GitHub Bot) #​59830
• [dea5dd7077] - dgram: restore buffer optimization in fixBufferList (Yoo) #​59934
• [b0c1e67532] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #​59910
• [0b37b594c3] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #​59954
• [1e723f9c6b] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [a28962a85c] - doc: update V8 fast API guidance (René) #​58999
• [bd767c5d1b] - doc: add security escalation policy (Ulises Gascón) #​59806
• [9df91e59e1] - doc: type improvement of file http.md (yusheng chen) #​58189
• [e4f571680b] - doc: deprecate closing fs.Dir on garbage collection (Livia Medeiros) #​59839
• [e9cb986fa5] - doc: rephrase dynamic import() description (Nam Yooseong) #​59224
• [026d4e33f7] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #​59851
• [2b2591db52] - esm: make hasAsyncGraph non-enumerable (Joyee Cheung) #​59905
• [993f05d323] - fs,win: do not add a second trailing slash in readdir (Gerhard Stöbich) #​59847
• [7aec53b607] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [83ae6102e7] - http: optimize checkIsHttpToken for short strings (방진혁) #​59832
• [6695067636] - http,https: handle IPv6 with proxies (Joyee Cheung) #​59894
• [c5d910a0a9] - http2: fix allowHttp1+Upgrade, broken by shouldUpgradeCallback (Tim Perry) #​59924
• [acada1fb82] - inspector: ensure adequate memory allocation for Binary::toBase64 (René) #​59870
• [396cc8ec65] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #​59687
• [fed1dac8de] - lib: update isDeepStrictEqual to support options (Miguel Marcondes Filho) #​59762
• [d785929fd7] - lib: add source map support for assert messages (Chengzhong Wu) #​59751
• [ff13d1d61e] - lib,src: cache ModuleWrap.hasAsyncGraph (Chengzhong Wu) #​59703
• [b200cd8470] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #​59751
• [e94c57301b] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #​59914
• [728472a57b] - module: only put directly require-d ESM into require.cache (Joyee Cheung) #​59874
• [be48760b93] - node-api: added SharedArrayBuffer api (Mert Can Altin) #​59071
• [f006a14522] - node-api: make napi_delete_reference use node_api_basic_env (Jeetu Suthar) #​59684
• [0f46c1c3b0] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [3eeb7b47ea] - sqlite: fix crash session extension callbacks with workers (Bart Louwers) #​59848
• [0fe53375ec] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #​58378
• [9a3e58a007] - (SEMVER-MINOR) sqlite: add tagged template (0hm☘️) #​58748
• [f14ed5ab7b] - src: simplify watchdog instantiations via std::optional (Anna Henningsen) #​59960
• [e330f03f84] - src: update crypto objects to use DictionaryTemplate (James M Snell) #​59942
• [69b5607cf4] - src: simplify is_callable by making it a concept (Tobias Nießen) #​58169
• [86150f3401] - src: rename private fields to follow naming convention (Moonki Choi) #​59923
• [d17f299539] - src: use DictionaryTemplate more in URLPattern (James M Snell) #​59892
• [ac784912ac] - src: reduce the nearest parent package JSON cache size (Michael Smith) #​59888
• [abecdcb536] - src: replace FIXED_ONE_BYTE_STRING with Environment-cached strings (Moonki Choi) #​59891
• [2bb152500b] - src: create strings in FIXED_ONE_BYTE_STRING as internalized (Anna Henningsen) #​59826
• [03116a7cd8] - src: remove std::array overload of FIXED_ONE_BYTE_STRING (Anna Henningsen) #​59826
• [8a5325d6e3] - src: ensure v8::Eternal is empty before setting it (Anna Henningsen) #​59825
• [f0c20ccd81] - src: remove unnecessary Environment::GetCurrent() calls (Moonki Choi) #​59814
• [213188e491] - stream: use new AsyncResource instead of bind (Matteo Collina) #​59867
• [ce8435b003] - test: testcase demonstrating issue 59541 (Eric Rannaud) #​59801
• [8f32746142] - test: guard write to proxy client if proxy connection is ended (Joyee Cheung) #​59742
• [6790093fcb] - tls: load bundled and extra certificates off-thread (Joyee Cheung) #​59856
• [f5d3f919d8] - tls: only do off-thread certificate loading on loading tls (Joyee Cheung) #​59856
• [87bbaa23a0] - tools: fix tools/make-v8.sh for clang (Richard Lau) #​59893
• [0d23fd525b] - tools: skip test-internet workflow for draft PRs (Michaël Zasso) #​59817
• [e17c73731a] - tools: copyedit build-tarball.yml (Antoine du Hamel) #​59808
• [97c4e1bac9] - typings: remove unused imports (Nam Yooseong) #​59880
• [8b29bbca76] - url: replaced slice with at (Mikhail) #​59181
• [6458867a6b] - url: add type checking to urlToHttpOptions() (simon-id) #​59753
• [3c62b3886f] - util: inspect objects with throwing Symbol.toStringTag (Ruben Bridgewater) #​59860
• [6133a82875] - util: fix debuglog.enabled not being present with callback logger (Ruben Bridgewater) #​59858
• [9347ddddf4] - vm: explain how to share promises between contexts w/ afterEvaluate (Eric Rannaud) #​59801
• [44ce971619] - vm: "afterEvaluate", evaluate() return a promise from the outer context (Eric Rannaud) #​59801
• [6e586a1409] - vm: expose hasTopLevelAwait on SourceTextModule (Chengzhong Wu) #​59865
• [49747a58a3] - (SEMVER-MINOR) worker: add heap profile API (theanarkh) #​59846
• [b970c0bbc2] - zlib: reduce code duplication (jhofstee) #​57810
• [9782ca2b1b] - zlib: implement fast path for crc32 (Gürgün Dayıoğlu) #​59813

v24.8.0: 2025-09-10, Version 24.8.0 (Current), @​targos

Compare Source

Notable Changes

HTTP/2 Network Inspection Support in Node.js

Node.js now supports inspection of HTTP/2 network calls in Chrome DevTools for Node.js.

Usage

Write a test.js script that makes HTTP/2 requests.

const http2 = require('node:http2');

const client = http2.connect('https://nghttp2.org');

const req = client.request([
  ':path', '/',
  ':method', 'GET',
]);

Run it with these options:

node --inspect-wait --experimental-network-inspection test.js

Open about:inspect on Google Chrome and click on Open dedicated DevTools for Node.
The Network tab will let you track your HTTP/2 calls.

Contributed by Darshan Sen in #​59611.

Other Notable Changes

• [7a8e2c251d] - (SEMVER-MINOR) crypto: support Ed448 and ML-DSA context parameter in node:crypto (Filip Skokan) #​59570
• [4b631be0b0] - (SEMVER-MINOR) crypto: support Ed448 and ML-DSA context parameter in Web Cryptography (Filip Skokan) #​59570
• [3e4b1e732c] - (SEMVER-MINOR) crypto: add KMAC Web Cryptography algorithms (Filip Skokan) #​59647
• [b1d28785b2] - (SEMVER-MINOR) crypto: add Argon2 Web Cryptography algorithms (Filip Skokan) #​59544
• [430691d1af] - (SEMVER-MINOR) crypto: support SLH-DSA KeyObject, sign, and verify (Filip Skokan) #​59537
• [d6d05ba397] - (SEMVER-MINOR) worker: add cpu profile APIs for worker (theanarkh) #​59428

Commits

• [d913872369] - assert: cap input size in myersDiff to avoid Int32Array overflow (Haram Jeong) #​59578
• [7bbbcf6666] - benchmark: sqlite prevent create both tables on prepare selects (Bruno Rodrigues) #​59709
• [44d7b92271] - benchmark: calibrate config array-vs-concat (Rafael Gonzaga) #​59587
• [7f347fc551] - build: fix getting OpenSSL version on Windows (Michaël Zasso) #​59609
• [4a317150d5] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #​59547
• [bda32af587] - build: use windows-2025 runner (Michaël Zasso) #​59673
• [a4a8ed8f6e] - build: compile bundled uvwasi conditionally (Carlo Cabrera) #​59622
• [d944a87761] - crypto: refactor subtle methods to use synchronous import (Filip Skokan) #​59771
• [7a8e2c251d] - (SEMVER-MINOR) crypto: support Ed448 and ML-DSA context parameter in node:crypto (Filip Skokan) #​59570
• [4b631be0b0] - (SEMVER-MINOR) crypto: support Ed448 and ML-DSA context parameter in Web Cryptography (Filip Skokan) #​59570
• [3e4b1e732c] - (SEMVER-MINOR) crypto: add KMAC Web Cryptography algorithms (Filip Skokan) #​59647
• [b1d28785b2] - (SEMVER-MINOR) crypto: add Argon2 Web Cryptography algorithms (Filip Skokan) #​59544
• [430691d1af] - (SEMVER-MINOR) crypto: support SLH-DSA KeyObject, sign, and verify (Filip Skokan) #​59537
• [0d1e53d935] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #​59791
• [68732cf426] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #​59689
• [f12c1ad961] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #​59335
• [45af6966ae] - deps: upgrade npm to 11.6.0 (npm team) #​59750
• [57617244a4] - deps: V8: cherry-pick 6b1b9bc (Xiao-Tao) #​59283
• [2e6225a747] - deps: update amaro to 1.1.2 (Node.js GitHub Bot) #​59616
• [1f7f6dfae6] - diagnostics_channel: revoke DEP0163 (René) #​59758
• [8671a6cdb3] - doc: stabilize --disable-sigusr1 (Rafael Gonzaga) #​59707
• [583b1b255d] - doc: update OpenSSL default security level to 2 (Jeetu Suthar) #​59723
• [9b5eb6eb50] - doc: fix missing links in the errors page (Nam Yooseong) #​59427
• [e7bf712c57] - doc: update "Type stripping in dependencies" section (Josh Kelley) #​59652
• [96db47f91e] - doc: add Miles Guicent as triager (Miles Guicent) #​59562
• [87f829bd0c] - doc: mark path.matchesGlob as stable (Aviv Keller) #​59572
• [062b2f705e] - doc: improve documentation for raw headers in HTTP/2 APIs (Tim Perry) #​59633
• [6ab9306370] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #​59579
• [c8d6b60da6] - doc: fix quic session instance typo (jakecastelli) #​59642
• [61d0a2d1ba] - doc: fix filehandle.read typo (Ruy Adorno) #​59635
• [3276bfa0d0] - doc: update migration recomendations for util.is**() deprecations (Augustin Mauroy) #​59269
• [11de6c7ebb] - doc: fix missing link to the Error documentation in the http page (Alexander Makarenko) #​59080
• [f5b6829bba] - doc,crypto: add description to the KEM and supports() methods (Filip Skokan) #​59644
• [5bfdc7ee74] - doc,crypto: cleanup unlinked and self method references webcrypto.md (Filip Skokan) #​59608
• [010458d061] - esm: populate separate cache for require(esm) in imported CJS (Joyee Cheung) #​59679
• [dbe6e63baf] - esm: fix missed renaming in ModuleJob.runSync (Joyee Cheung) #​59724
• [8eb0d9d834] - fs: fix wrong order of file names in cpSync error message (Nicholas Paun) #​59775
• [e69be5611f] - fs: fix dereference: false on cpSync (Nicholas Paun) #​59681
• [2865d2ac20] - http: unbreak keepAliveTimeoutBuffer (Robert Nagy) #​59784
• [ade1175475] - http: use cached '1.1' http version string (Robert Nagy) #​59717
• [74a09482de] - inspector: undici as shared-library should pass tests (Aras Abbasi) #​59837
• [772f8f415a] - inspector: add http2 tracking support (Darshan Sen) #​59611
• [3d225572d7] - Revert "lib: optimize writable stream buffer clearing" (Yoo) #​59743
• [4fd213ce73] - lib: fix isReadable and isWritable return type value (Gabriel Quaresma) #​59089
• [39befddb87] - lib: prefer TypedArrayPrototype primordials (Filip Skokan) #​59766
• [0748160d2e] - lib: fix DOMException subclass support (Chengzhong Wu) #​59680
• [1a93df808c] - lib: revert to using default derived class constructors (René) #​59650
• [bb0755df37] - meta: bump codecov/codecov-action (dependabot[bot]) #​59726
• [45d148d9be] - meta: bump actions/download-artifact from 4.3.0 to 5.0.0 (dependabot[bot]) #​59729
• [01b66b122e] - meta: bump github/codeql-action from 3.29.2 to 3.30.0 (dependabot[bot]) #​59728
• [34f7ab5502] - meta: bump actions/cache from 4.2.3 to 4.2.4 (dependabot[bot]) #​59727
• [[5806ea02af](https://redirect.github.com/nodejs/node/comm

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[ggrossetie]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: excalidraw/package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @excalidraw/excalidraw@0.17.6
npm ERR! Found: react@19.0.0
npm ERR! node_modules/react
npm ERR!   react@"19.0.0" from the root project
npm ERR!   peer react@"^19.0.0" from react-dom@19.0.0
npm ERR!   node_modules/react-dom
npm ERR!     react-dom@"19.0.0" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^17.0.2 || ^18.2.0" from @excalidraw/excalidraw@0.17.6
npm ERR! node_modules/@excalidraw/excalidraw
npm ERR!   @excalidraw/excalidraw@"0.17.6" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: react@18.3.1
npm ERR! node_modules/react
npm ERR!   peer react@"^17.0.2 || ^18.2.0" from @excalidraw/excalidraw@0.17.6
npm ERR!   node_modules/@excalidraw/excalidraw
npm ERR!     @excalidraw/excalidraw@"0.17.6" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2025-01-26T17_31_09_769Z-debug-0.log