Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src,lib: stabilize permission model #56201

Merged
merged 3 commits into from
Dec 12, 2024

Conversation

RafaelGSS
Copy link
Member

@RafaelGSS RafaelGSS commented Dec 10, 2024

This PR upgrades the Permission Model from 1.1 (Active Development) to 2.0 (Stable).

I’ve been diving deep into the Permission Model since its release in Node.js 20.0.0, looking at its limitations and what’s been fixed so far. Most of the technical challenges have been addressed, except for how symlinks are handled. After a lot of research, it turns out this isn’t fixable due to how the Permission Model relies on file paths, making TOCTOU issues theoretically possible. This isn’t unique to Node.js though—even Deno’s permission system has similar behaviour (see this article).

Since the feature’s release, there’s been a shift in how we think about security in Node.js. We’ve leaned into a "Defense in Depth" approach—recognizing that no single feature will let you run untrusted code safely. Instead, these features are like seatbelts: they reduce risk significantly (let’s say 90% of cases, though that’s not a hard number) but won’t stop everything. This aligns with our threat model, and the Permission Model reflects that philosophy.

The only remaining "limitation" is symlink behaviour. Fixing this would require changing how the Permission Model works at a fundamental level. It’s not feasible because TOCTOU issues are always a possibility when operating on file paths. Importantly, this isn’t just a Node.js thing—other runtimes face the same challenge.

That said, symlinks aren’t a dealbreaker:

  • The Permission Model blocks symlink creation by default.
  • An attacker would need an exact map of existing symlinks in your system to do something harmful. That’s a very unlikely scenario.
  • If you explicitly allow access to something like /proc/, you’re responsible for understanding what that includes. The docs already cover this.

I have been talking with @tniessen in private as he has been indirectly involved in this feature (by raising concerns or suggestions). Some questions that he raised, and that I expect some of you might raise here too, were:

  • "Most importantly, is anyone actually using the permission model? What is the use case and what security expectations do these users have?"

As with any non-popular feature, it's hard to assess its usage in the ecosystem, but we have received some issues in the security-wg repository that could mean people are evaluating its usage:

I was also approached by many people on social media saying "thanks" for the feature and that they are looking forward to having it established. I also understand that testing a feature is different from using this feature in production.

  • "Following up on that, what security guarantees does the permission model provide, if any? Do those security guarantees actually match the security expectations of the people that actively use the permission model today?"

The Permission Model is most useful in development environments or scenarios where you want extra guardrails, but it doesn’t replace the core rule: don’t run untrusted code in Node.js.

If you configure it correctly, it’ll block most unwanted filesystem access, but it’s not a magic bullet. It’s a tool that works well when used as intended, and it complements Node.js’ broader security posture.


cc: @nodejs/security-wg

@RafaelGSS RafaelGSS added semver-major PRs that contain breaking changes and should be released in the next major version. notable-change PRs with changes that should be highlighted in changelogs. labels Dec 10, 2024
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/performance
  • @nodejs/security-wg

Copy link
Contributor

The notable-change PRs with changes that should be highlighted in changelogs. label has been added by @RafaelGSS.

Please suggest a text for the release notes if you'd like to include a more detailed summary, then proceed to update the PR description with the text or a link to the notable change suggested text comment. Otherwise, the commit will be placed in the Other Notable Changes section.

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Dec 10, 2024
@RafaelGSS RafaelGSS added the permission Issues and PRs related to the Permission Model label Dec 10, 2024
@RafaelGSS RafaelGSS force-pushed the move-permission-model-stable branch from 1a47bad to e1d0505 Compare December 10, 2024 03:10
Copy link

codecov bot commented Dec 10, 2024

Codecov Report

Attention: Patch coverage is 90.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 88.53%. Comparing base (f184a0a) to head (ab96885).
Report is 20 commits behind head on main.

Files with missing lines Patch % Lines
lib/internal/process/pre_execution.js 66.66% 1 Missing ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##             main   #56201   +/-   ##
=======================================
  Coverage   88.53%   88.53%           
=======================================
  Files         657      657           
  Lines      189858   189899   +41     
  Branches    36450    36464   +14     
=======================================
+ Hits       168089   168130   +41     
- Misses      14973    14977    +4     
+ Partials     6796     6792    -4     
Files with missing lines Coverage Δ
lib/internal/process/permission.js 69.44% <100.00%> (ø)
src/env.cc 85.45% <100.00%> (ø)
src/node_options.cc 87.98% <100.00%> (+0.10%) ⬆️
src/node_options.h 98.29% <100.00%> (ø)
lib/internal/process/pre_execution.js 90.69% <66.66%> (+0.13%) ⬆️

... and 26 files with indirect coverage changes

Copy link
Member

@mertcanaltin mertcanaltin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@targos
Copy link
Member

targos commented Dec 10, 2024

You could add a flag alias so this is not semver-major.

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@RafaelGSS RafaelGSS added dont-land-on-v18.x PRs that should not land on the v18.x-staging branch and should not be released in v18.x. semver-minor PRs that contain new features and should be released in the next minor version. and removed semver-major PRs that contain breaking changes and should be released in the next major version. labels Dec 10, 2024
Move permission model from 1.1 (Active Development)
to 2.0 (Stable).
@RafaelGSS RafaelGSS force-pushed the move-permission-model-stable branch from d45ac4b to b00914b Compare December 10, 2024 17:42
@RafaelGSS RafaelGSS added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Dec 10, 2024
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Dec 10, 2024
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

doc/api/cli.md Outdated Show resolved Hide resolved
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Dec 11, 2024
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@RafaelGSS RafaelGSS added the commit-queue Add this label to land a pull request using GitHub Actions. label Dec 12, 2024
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Dec 12, 2024
@nodejs-github-bot nodejs-github-bot merged commit be04d06 into nodejs:main Dec 12, 2024
60 checks passed
@nodejs-github-bot
Copy link
Collaborator

Landed in be04d06

RafaelGSS added a commit to RafaelGSS/node that referenced this pull request Dec 12, 2024
RafaelGSS added a commit to RafaelGSS/node that referenced this pull request Dec 12, 2024
targos pushed a commit that referenced this pull request Dec 13, 2024
Move permission model from 1.1 (Active Development)
to 2.0 (Stable).

PR-URL: #56201
Reviewed-By: Yagiz Nizipli <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Santiago Gimeno <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Stephen Belanger <[email protected]>
nodejs-github-bot added a commit that referenced this pull request Dec 18, 2024
Notable changes:

crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
module:
  * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201
stream:
  * (SEMVER-MINOR) handle generator destruction from Duplex.from() (Matthieu Sieben) #55096

PR-URL: #56310
aduh95 added a commit that referenced this pull request Dec 18, 2024
Notable changes:

crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
module:
  * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201
stream:
  * (SEMVER-MINOR) handle generator destruction from Duplex.from() (Matthieu Sieben) #55096

PR-URL: TODO
aduh95 pushed a commit that referenced this pull request Dec 18, 2024
Notable changes:

crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
module:
  * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201
stream:
  * (SEMVER-MINOR) handle generator destruction from Duplex.from() (Matthieu Sieben) #55096

PR-URL: #56310
aduh95 pushed a commit that referenced this pull request Dec 18, 2024
Move permission model from 1.1 (Active Development)
to 2.0 (Stable).

PR-URL: #56201
Reviewed-By: Yagiz Nizipli <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Santiago Gimeno <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Stephen Belanger <[email protected]>
aduh95 added a commit that referenced this pull request Dec 18, 2024
Notable changes:

crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
dgram:
  * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
module:
  * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201

PR-URL: #56310
aduh95 added a commit that referenced this pull request Dec 19, 2024
Notable changes:

crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
dgram:
  * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
module:
  * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201

PR-URL: #56310
ruyadorno pushed a commit that referenced this pull request Dec 20, 2024
Move permission model from 1.1 (Active Development)
to 2.0 (Stable).

PR-URL: #56201
Reviewed-By: Yagiz Nizipli <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Santiago Gimeno <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Stephen Belanger <[email protected]>
ruyadorno added a commit that referenced this pull request Dec 20, 2024
Notable changes:

assert:
  * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630
cli:
  * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604
crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
dgram:
  * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
  * move typescript support to active development (Marco Ippolito) #55536
  * add LJHarb to collaborators (Jordan Harband) #56132
  * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697
  * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697
doc,lib,src,test:
  * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890
module:
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282
  * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412
  * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412
net:
  * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075
  * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076
  * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078
  * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079
process:
  * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
  * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213
src:
  * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201
util:
  * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589

PR-URL: TODO
ruyadorno added a commit that referenced this pull request Dec 20, 2024
Notable changes:

assert:
  * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630
cli:
  * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604
crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
dgram:
  * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
  * move typescript support to active development (Marco Ippolito) #55536
  * add LJHarb to collaborators (Jordan Harband) #56132
  * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697
  * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697
doc,lib,src,test:
  * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890
module:
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282
  * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412
  * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412
net:
  * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075
  * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076
  * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078
  * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079
process:
  * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
  * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213
src:
  * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201
util:
  * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589

PR-URL: TODO
ruyadorno added a commit that referenced this pull request Dec 20, 2024
Notable changes:

assert:
  * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630
cli:
  * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604
crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
dgram:
  * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
  * move typescript support to active development (Marco Ippolito) #55536
  * add LJHarb to collaborators (Jordan Harband) #56132
  * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697
  * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697
doc,lib,src,test:
  * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890
module:
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282
  * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412
  * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412
net:
  * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075
  * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076
  * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078
  * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079
process:
  * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
  * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213
src:
  * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201
util:
  * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589

PR-URL: #56329
ruyadorno pushed a commit that referenced this pull request Dec 21, 2024
Move permission model from 1.1 (Active Development)
to 2.0 (Stable).

PR-URL: #56201
Reviewed-By: Yagiz Nizipli <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Santiago Gimeno <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Stephen Belanger <[email protected]>
ruyadorno added a commit that referenced this pull request Dec 21, 2024
Notable changes:

assert:
  * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630
cli:
  * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604
crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
dgram:
  * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
  * move typescript support to active development (Marco Ippolito) #55536
  * add LJHarb to collaborators (Jordan Harband) #56132
  * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697
  * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697
doc,lib,src,test:
  * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890
module:
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282
  * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412
  * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412
net:
  * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075
  * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076
  * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078
  * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079
process:
  * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
  * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213
src:
  * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201
util:
  * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589

PR-URL: #56329
ruyadorno added a commit that referenced this pull request Dec 21, 2024
Notable changes:

assert:
  * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630
cli:
  * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604
crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
dgram:
  * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
  * move typescript support to active development (Marco Ippolito) #55536
  * add LJHarb to collaborators (Jordan Harband) #56132
  * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697
  * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697
doc,lib,src,test:
  * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890
module:
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282
  * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412
  * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412
net:
  * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075
  * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076
  * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078
  * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079
process:
  * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
  * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213
src:
  * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201
util:
  * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589

PR-URL: #56329
ruyadorno added a commit that referenced this pull request Dec 21, 2024
Notable changes:

assert:
  * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630
cli:
  * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604
crypto:
  * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
dgram:
  * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087
doc:
  * stabilize util.styleText (Rafael Gonzaga) #56265
  * move typescript support to active development (Marco Ippolito) #55536
  * add LJHarb to collaborators (Jordan Harband) #56132
  * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697
  * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697
doc,lib,src,test:
  * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890
module:
  * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194
  * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282
  * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412
  * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412
net:
  * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075
  * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076
  * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078
  * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079
process:
  * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545
report:
  * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068
sqlite:
  * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213
  * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213
src:
  * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697
src,lib:
  * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201
util:
  * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589

PR-URL: #56329
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Dec 21, 2024
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `23.4.0` -> `23.5.0` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

### [`v23.5.0`](https://github.com/nodejs/node/releases/tag/v23.5.0): 2024-12-19, Version 23.5.0 (Current), @&#8203;aduh95

[Compare Source](nodejs/node@v23.4.0...v23.5.0)

##### Notable Changes

##### WebCryptoAPI [`Ed25519`](nodejs/node@Ed25519) and X25519 algorithms are now stable

Following the merge of Curve25519 into the
[Web Cryptography API Editor's Draft](https://w3c.github.io/webcrypto/) the
`Ed25519` and `X25519` algorithm identifiers are now stable and will no longer
emit an ExperimentalWarning upon use.

Contributed by Filip Skokan in [#&#8203;56142](nodejs/node#56142).

##### On-thread hooks are back

This release introduces `module.registerHooks()` for registering module loader
customization hooks that are run for all modules loaded by `require()`, `import`
and functions returned by `createRequire()` in the same thread, which makes them
easier for CJS monkey-patchers to migrate to.

```mjs
import assert from 'node:assert';
import { registerHooks, createRequire } from 'node:module';
import { writeFileSync } from 'node:fs';

writeFileSync('./bar.js', 'export const id = 123;', 'utf8');

registerHooks({
  resolve(specifier, context, nextResolve) {
    const replaced = specifier.replace('foo', 'bar');
    return nextResolve(replaced, context);
  },
  load(url, context, nextLoad) {
    const result = nextLoad(url, context);
    return {
      ...result,
      source: result.source.toString().replace('123', '456'),
    };
  },
});

// Checks that it works with require.
const require = createRequire(import.meta.url);
const required = require('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(required.id, 456);  // Replaced by load hook to 456

// Checks that it works with import.
const imported = await import('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(imported.id, 456);  // Replaced by load hook to 456
```

This complements the `module.register()` hooks - the new hooks fit better
internally and cover all corners in the module graph; whereas
`module.register()` previously could not cover `require()` while it was
on-thread, and still cannot cover `createRequire()` after being moved
off-thread.

They are also run in the same thread as the modules being loaded and where the
hooks are registered, which means they are easier to debug (no more
`console.log()` getting lost) and do not have the many deadlock issues haunting
the `module.register()` hooks. The new API also takes functions directly so that
it's easier for intermediate loader packages to take user options from files
that the hooks can't be aware of, like many existing CJS monkey-patchers do.

Contributed by Joyee Cheung in [#&#8203;55698](nodejs/node#55698).

##### Other notable changes

-   \[[`59cae91465`](nodejs/node@59cae91465)] - **(SEMVER-MINOR)** **dgram**: support blocklist in udp (theanarkh) [#&#8203;56087](nodejs/node#56087)
-   \[[`72f79b44ed`](nodejs/node@72f79b44ed)] - **doc**: stabilize util.styleText (Rafael Gonzaga) [#&#8203;56265](nodejs/node#56265)
-   \[[`b5a2c0777d`](nodejs/node@b5a2c0777d)] - **(SEMVER-MINOR)** **module**: add prefix-only modules to `module.builtinModules` (Jordan Harband) [#&#8203;56185](nodejs/node#56185)
-   \[[`9863d27566`](nodejs/node@9863d27566)] - **(SEMVER-MINOR)** **module**: only emit require(esm) warning under --trace-require-module (Joyee Cheung) [#&#8203;56194](nodejs/node#56194)
-   \[[`8e780bc5ae`](nodejs/node@8e780bc5ae)] - **(SEMVER-MINOR)** **module**: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) [#&#8203;55698](nodejs/node#55698)
-   \[[`65bc8e847f`](nodejs/node@65bc8e847f)] - **(SEMVER-MINOR)** **report**: fix typos in report keys and bump the version (Yuan-Ming Hsu) [#&#8203;56068](nodejs/node#56068)
-   \[[`0ab36e1937`](nodejs/node@0ab36e1937)] - **(SEMVER-MINOR)** **sqlite**: aggregate constants in a single property (Edigleysson Silva (Edy)) [#&#8203;56213](nodejs/node#56213)
-   \[[`efcc5d90c5`](nodejs/node@efcc5d90c5)] - **(SEMVER-MINOR)** **src,lib**: stabilize permission model (Rafael Gonzaga) [#&#8203;56201](nodejs/node#56201)

##### Commits

-   \[[`2314e4916e`](nodejs/node@2314e4916e)] - **assert**: make Maps be partially compared in partialDeepStrictEqual (Giovanni Bucci) [#&#8203;56195](nodejs/node#56195)
-   \[[`cfbdff7b45`](nodejs/node@cfbdff7b45)] - **assert**: make partialDeepStrictEqual work with ArrayBuffers (Giovanni Bucci) [#&#8203;56098](nodejs/node#56098)
-   \[[`f264dd6d20`](nodejs/node@f264dd6d20)] - **buffer**: document concat zero-fill (Duncan) [#&#8203;55562](nodejs/node#55562)
-   \[[`4831b87d83`](nodejs/node@4831b87d83)] - **build**: set DESTCPU correctly for 'make binary' on loongarch64 (吴小白) [#&#8203;56271](nodejs/node#56271)
-   \[[`1497bb405e`](nodejs/node@1497bb405e)] - **build**: fix missing fp16 dependency in d8 builds (Joyee Cheung) [#&#8203;56266](nodejs/node#56266)
-   \[[`445c8c7489`](nodejs/node@445c8c7489)] - **build**: add major release action (Rafael Gonzaga) [#&#8203;56199](nodejs/node#56199)
-   \[[`f4faedfa69`](nodejs/node@f4faedfa69)] - **build**: fix C string encoding for `PRODUCT_DIR_ABS` (Anna Henningsen) [#&#8203;56111](nodejs/node#56111)
-   \[[`6f49c8006c`](nodejs/node@6f49c8006c)] - **build**: use variable for simdutf path (Shelley Vohr) [#&#8203;56196](nodejs/node#56196)
-   \[[`fcaa2c82a6`](nodejs/node@fcaa2c82a6)] - **build**: fix GN build on macOS (Joyee Cheung) [#&#8203;56141](nodejs/node#56141)
-   \[[`08e5309f4f`](nodejs/node@08e5309f4f)] - ***Revert*** "**build**: avoid compiling with VS v17.12" (Gerhard Stöbich) [#&#8203;56151](nodejs/node#56151)
-   \[[`c2fb38cfdf`](nodejs/node@c2fb38cfdf)] - **crypto**: graduate WebCryptoAPI [`Ed25519`](nodejs/node@Ed25519) and X25519 algorithms as stable (Filip Skokan) [#&#8203;56142](nodejs/node#56142)
-   \[[`8658833884`](nodejs/node@8658833884)] - **deps**: update nghttp3 to 1.6.0 (Node.js GitHub Bot) [#&#8203;56258](nodejs/node#56258)
-   \[[`7c941d4610`](nodejs/node@7c941d4610)] - **deps**: update simdutf to 5.6.4 (Node.js GitHub Bot) [#&#8203;56255](nodejs/node#56255)
-   \[[`4e9113eada`](nodejs/node@4e9113eada)] - **deps**: update libuv to 1.49.2 (Luigi Pinca) [#&#8203;56224](nodejs/node#56224)
-   \[[`db6aba12e4`](nodejs/node@db6aba12e4)] - **deps**: update c-ares to v1.34.4 (Node.js GitHub Bot) [#&#8203;56256](nodejs/node#56256)
-   \[[`25bb462bc2`](nodejs/node@25bb462bc2)] - **deps**: define V8\_PRESERVE_MOST as no-op on Windows (Stefan Stojanovic) [#&#8203;56238](nodejs/node#56238)
-   \[[`54308c51bb`](nodejs/node@54308c51bb)] - **deps**: update sqlite to 3.47.2 (Node.js GitHub Bot) [#&#8203;56178](nodejs/node#56178)
-   \[[`59cae91465`](nodejs/node@59cae91465)] - **(SEMVER-MINOR)** **dgram**: support blocklist in udp (theanarkh) [#&#8203;56087](nodejs/node#56087)
-   \[[`52c18e605e`](nodejs/node@52c18e605e)] - **doc**: fix color contrast issue in light mode (Rich Trott) [#&#8203;56272](nodejs/node#56272)
-   \[[`72f79b44ed`](nodejs/node@72f79b44ed)] - **doc**: stabilize util.styleText (Rafael Gonzaga) [#&#8203;56265](nodejs/node#56265)
-   \[[`0d08756d0c`](nodejs/node@0d08756d0c)] - **doc**: clarify util.aborted resource usage (Kunal Kumar) [#&#8203;55780](nodejs/node#55780)
-   \[[`f94f21080b`](nodejs/node@f94f21080b)] - **doc**: add esm examples to node:repl (Alfredo González) [#&#8203;55432](nodejs/node#55432)
-   \[[`7a10ef88d9`](nodejs/node@7a10ef88d9)] - **doc**: add esm examples to node:readline (Alfredo González) [#&#8203;55335](nodejs/node#55335)
-   \[[`cc7a7c391b`](nodejs/node@cc7a7c391b)] - **doc**: fix 'which' to 'that' and add commas (Selveter Senitro) [#&#8203;56216](nodejs/node#56216)
-   \[[`c5b086250e`](nodejs/node@c5b086250e)] - **doc**: fix winget config path (Alex Yang) [#&#8203;56233](nodejs/node#56233)
-   \[[`71c38a24d4`](nodejs/node@71c38a24d4)] - **doc**: add esm examples to node:tls (Alfredo González) [#&#8203;56229](nodejs/node#56229)
-   \[[`394fffbbde`](nodejs/node@394fffbbde)] - **doc**: add esm examples to node:perf_hooks (Alfredo González) [#&#8203;55257](nodejs/node#55257)
-   \[[`7b2a6ee61e`](nodejs/node@7b2a6ee61e)] - **doc**: `sea.getRawAsset(key)` always returns an ArrayBuffer (沈鸿飞) [#&#8203;56206](nodejs/node#56206)
-   \[[`8092dcf27e`](nodejs/node@8092dcf27e)] - **doc**: update announce documentation for releases (Rafael Gonzaga) [#&#8203;56200](nodejs/node#56200)
-   \[[`2974667815`](nodejs/node@2974667815)] - **doc**: update blog link to /vulnerability (Rafael Gonzaga) [#&#8203;56198](nodejs/node#56198)
-   \[[`f3b3ff85e0`](nodejs/node@f3b3ff85e0)] - **doc**: call out import.meta is only supported in ES modules (Anton Kastritskii) [#&#8203;56186](nodejs/node#56186)
-   \[[`a9e67280e7`](nodejs/node@a9e67280e7)] - **doc**: add ambassador message - benefits of Node.js (Michael Dawson) [#&#8203;56085](nodejs/node#56085)
-   \[[`e4922ab15f`](nodejs/node@e4922ab15f)] - **doc**: fix incorrect link to style guide (Yuan-Ming Hsu) [#&#8203;56181](nodejs/node#56181)
-   \[[`114a3e5a05`](nodejs/node@114a3e5a05)] - **doc**: fix c++ addon hello world sample (Edigleysson Silva (Edy)) [#&#8203;56172](nodejs/node#56172)
-   \[[`f1c2d2f65e`](nodejs/node@f1c2d2f65e)] - **doc**: update blog release-post link (Ruy Adorno) [#&#8203;56123](nodejs/node#56123)
-   \[[`d48b5224c0`](nodejs/node@d48b5224c0)] - **doc**: fix module.md headings (Chengzhong Wu) [#&#8203;56131](nodejs/node#56131)
-   \[[`4cc0493a0b`](nodejs/node@4cc0493a0b)] - **fs**: make mutating `options` in Callback `readdir()` not affect results (LiviaMedeiros) [#&#8203;56057](nodejs/node#56057)
-   \[[`8d485f1c09`](nodejs/node@8d485f1c09)] - **fs**: make mutating `options` in Promises `readdir()` not affect results (LiviaMedeiros) [#&#8203;56057](nodejs/node#56057)
-   \[[`595851b5ed`](nodejs/node@595851b5ed)] - **fs,win**: fix readdir for named pipe (Hüseyin Açacak) [#&#8203;56110](nodejs/node#56110)
-   \[[`075b36b7b4`](nodejs/node@075b36b7b4)] - **http**: add setDefaultHeaders option to http.request (Tim Perry) [#&#8203;56112](nodejs/node#56112)
-   \[[`febd969c46`](nodejs/node@febd969c46)] - **http2**: remove duplicate codeblock (Vitaly Aminev) [#&#8203;55915](nodejs/node#55915)
-   \[[`b0ebd23e52`](nodejs/node@b0ebd23e52)] - **http2**: support ALPNCallback option (ZYSzys) [#&#8203;56187](nodejs/node#56187)
-   \[[`f10239fde7`](nodejs/node@f10239fde7)] - **lib**: remove redundant global regexps (Gürgün Dayıoğlu) [#&#8203;56182](nodejs/node#56182)
-   \[[`fd55d3cbdd`](nodejs/node@fd55d3cbdd)] - **lib**: clean up persisted signals when they are settled (Edigleysson Silva (Edy)) [#&#8203;56001](nodejs/node#56001)
-   \[[`889094fdbc`](nodejs/node@889094fdbc)] - **lib**: handle Float16Array in node:v8 serdes (Bartek Iwańczuk) [#&#8203;55996](nodejs/node#55996)
-   \[[`5aec513207`](nodejs/node@5aec513207)] - **lib**: disable default memory leak warning for AbortSignal (Lenz Weber-Tronic) [#&#8203;55816](nodejs/node#55816)
-   \[[`b5a2c0777d`](nodejs/node@b5a2c0777d)] - **(SEMVER-MINOR)** **module**: add prefix-only modules to `module.builtinModules` (Jordan Harband) [#&#8203;56185](nodejs/node#56185)
-   \[[`9863d27566`](nodejs/node@9863d27566)] - **(SEMVER-MINOR)** **module**: only emit require(esm) warning under --trace-require-module (Joyee Cheung) [#&#8203;56194](nodejs/node#56194)
-   \[[`5665e86da6`](nodejs/node@5665e86da6)] - **module**: prevent main thread exiting before esm worker ends (Shima Ryuhei) [#&#8203;56183](nodejs/node#56183)
-   \[[`8e780bc5ae`](nodejs/node@8e780bc5ae)] - **(SEMVER-MINOR)** **module**: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) [#&#8203;55698](nodejs/node#55698)
-   \[[`e5bb6c2303`](nodejs/node@e5bb6c2303)] - **(SEMVER-MINOR)** **module**: implement module.registerHooks() (Joyee Cheung) [#&#8203;55698](nodejs/node#55698)
-   \[[`f883bedceb`](nodejs/node@f883bedceb)] - **node-api**: allow napi_delete_reference in finalizers (Chengzhong Wu) [#&#8203;55620](nodejs/node#55620)
-   \[[`65bc8e847f`](nodejs/node@65bc8e847f)] - **(SEMVER-MINOR)** **report**: fix typos in report keys and bump the version (Yuan-Ming Hsu) [#&#8203;56068](nodejs/node#56068)
-   \[[`a6f0cfa468`](nodejs/node@a6f0cfa468)] - **sea**: only assert snapshot main function for main threads (Joyee Cheung) [#&#8203;56120](nodejs/node#56120)
-   \[[`0ab36e1937`](nodejs/node@0ab36e1937)] - **(SEMVER-MINOR)** **sqlite**: aggregate constants in a single property (Edigleysson Silva (Edy)) [#&#8203;56213](nodejs/node#56213)
-   \[[`4745798225`](nodejs/node@4745798225)] - **sqlite**: add support for custom functions (Colin Ihrig) [#&#8203;55985](nodejs/node#55985)
-   \[[`53cc0cc744`](nodejs/node@53cc0cc744)] - **sqlite**: support `db.loadExtension` (Alex Yang) [#&#8203;53900](nodejs/node#53900)
-   \[[`3968599702`](nodejs/node@3968599702)] - **src**: fix outdated js2c.cc references (Chengzhong Wu) [#&#8203;56133](nodejs/node#56133)
-   \[[`efcc5d90c5`](nodejs/node@efcc5d90c5)] - **(SEMVER-MINOR)** **src,lib**: stabilize permission model (Rafael Gonzaga) [#&#8203;56201](nodejs/node#56201)
-   \[[`a4a83613cb`](nodejs/node@a4a83613cb)] - **stream**: commit pull-into descriptors after filling from queue (Mattias Buelens) [#&#8203;56072](nodejs/node#56072)
-   \[[`3298ef4891`](nodejs/node@3298ef4891)] - **test**: remove test-sqlite-statement-sync flaky designation (Luigi Pinca) [#&#8203;56051](nodejs/node#56051)
-   \[[`1d8cc6179d`](nodejs/node@1d8cc6179d)] - **test**: use --permission over --experimental-permission (Rafael Gonzaga) [#&#8203;56239](nodejs/node#56239)
-   \[[`5d252b7a67`](nodejs/node@5d252b7a67)] - **test**: remove exludes for sea tests on PPC (Michael Dawson) [#&#8203;56217](nodejs/node#56217)
-   \[[`8288f57724`](nodejs/node@8288f57724)] - **test**: fix test-abortsignal-drop-settled-signals flakiness (Edigleysson Silva (Edy)) [#&#8203;56197](nodejs/node#56197)
-   \[[`683cc15796`](nodejs/node@683cc15796)] - **test**: move localizationd data from `test-icu-env` to external file (Livia Medeiros) [#&#8203;55618](nodejs/node#55618)
-   \[[`a0c4a5f122`](nodejs/node@a0c4a5f122)] - **test**: update WPT for url to [`6fa3fe8`](nodejs/node@6fa3fe8a92) (Node.js GitHub Bot) [#&#8203;56136](nodejs/node#56136)
-   \[[`a0e3926285`](nodejs/node@a0e3926285)] - **test**: remove `hasOpenSSL3x` utils (Antoine du Hamel) [#&#8203;56164](nodejs/node#56164)
-   \[[`041a49094e`](nodejs/node@041a49094e)] - **test**: update streams wpt (Mattias Buelens) [#&#8203;56072](nodejs/node#56072)
-   \[[`ea9a675f56`](nodejs/node@ea9a675f56)] - **test_runner**: exclude test files from coverage by default (Pietro Marchini) [#&#8203;56060](nodejs/node#56060)
-   \[[`118cd9998f`](nodejs/node@118cd9998f)] - **tools**: fix `node:` enforcement for docs (Antoine du Hamel) [#&#8203;56284](nodejs/node#56284)
-   \[[`c4c56daae8`](nodejs/node@c4c56daae8)] - **tools**: update github_reporter to 1.7.2 (Node.js GitHub Bot) [#&#8203;56205](nodejs/node#56205)
-   \[[`78743b1533`](nodejs/node@78743b1533)] - **tools**: add REPLACEME check to workflow (Mert Can Altin) [#&#8203;56251](nodejs/node#56251)
-   \[[`002ee71d9b`](nodejs/node@002ee71d9b)] - **tools**: use `github.actor` instead of bot username for release proposals (Antoine du Hamel) [#&#8203;56232](nodejs/node#56232)
-   \[[`d25d16efeb`](nodejs/node@d25d16efeb)] - ***Revert*** "**tools**: disable automated libuv updates" (Luigi Pinca) [#&#8203;56223](nodejs/node#56223)
-   \[[`b395e0c8c9`](nodejs/node@b395e0c8c9)] - **tools**: update gyp-next to 0.19.1 (Anna Henningsen) [#&#8203;56111](nodejs/node#56111)
-   \[[`a5aaf31c50`](nodejs/node@a5aaf31c50)] - **tools**: fix release proposal linter to support more than 1 folk preparing (Antoine du Hamel) [#&#8203;56203](nodejs/node#56203)
-   \[[`fa667d609e`](nodejs/node@fa667d609e)] - **tools**: remove has_absl_stringify from gyp file (Michaël Zasso) [#&#8203;56157](nodejs/node#56157)
-   \[[`65b541e70e`](nodejs/node@65b541e70e)] - **tools**: enable linter for `tools/icu/**` (Livia Medeiros) [#&#8203;56176](nodejs/node#56176)
-   \[[`28a4b6ff58`](nodejs/node@28a4b6ff58)] - **tools**: use commit title as MR title when creating release proposal (Antoine du Hamel) [#&#8203;56165](nodejs/node#56165)
-   \[[`e20eef659f`](nodejs/node@e20eef659f)] - **tools**: update gyp-next to 0.19.0 (Node.js GitHub Bot) [#&#8203;56158](nodejs/node#56158)
-   \[[`efcc829085`](nodejs/node@efcc829085)] - **tools**: bump the eslint group in /tools/eslint with 4 updates (dependabot\[bot]) [#&#8203;56099](nodejs/node#56099)
-   \[[`5620b2be8a`](nodejs/node@5620b2be8a)] - **tools**: improve release proposal MR opening (Antoine du Hamel) [#&#8203;56161](nodejs/node#56161)
-   \[[`3e17a8e78e`](nodejs/node@3e17a8e78e)] - **util**: harden more built-in classes against prototype pollution (Antoine du Hamel) [#&#8203;56225](nodejs/node#56225)
-   \[[`13815417c7`](nodejs/node@13815417c7)] - **util**: fix Latin1 decoding to return string output (Mert Can Altin) [#&#8203;56222](nodejs/node#56222)
-   \[[`77397c5013`](nodejs/node@77397c5013)] - **util**: do not rely on mutable `Object` and `Function`' `constructor` prop (Antoine du Hamel) [#&#8203;56188](nodejs/node#56188)
-   \[[`84f98e0a74`](nodejs/node@84f98e0a74)] - **v8,tools**: expose experimental wasm revectorize feature (Yolanda-Chen) [#&#8203;54896](nodejs/node#54896)
-   \[[`8325fa5c04`](nodejs/node@8325fa5c04)] - **worker**: fix crash when a worker joins after exit (Stephen Belanger) [#&#8203;56191](nodejs/node#56191)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS43Ny4wIiwidXBkYXRlZEluVmVyIjoiMzkuNzcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. dont-land-on-v18.x PRs that should not land on the v18.x-staging branch and should not be released in v18.x. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. notable-change PRs with changes that should be highlighted in changelogs. permission Issues and PRs related to the Permission Model semver-minor PRs that contain new features and should be released in the next minor version.
Projects
None yet
Development

Successfully merging this pull request may close these issues.