Update Node.js to v20.19.6

[renovate]

This PR contains the following updates:

Package	Update	Change
node (source)	minor	20.13.1 -> 20.19.6

---

Release Notes

nodejs/node (node)

v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313

Commits

• [0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #​59547
• [fba0025b9c] - build: use windows-2025 runner (Michaël Zasso) #​59673
• [3456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #​59956
• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [1788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #​60112
• [5d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #​59791
• [9f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #​59689
• [d0edb01d25] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #​59335
• [576242ff39] - deps: V8: cherry-pick a0d0d4f (Ho Cheung) #​60716
• [a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #​60314
• [fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #​59133
• [acec79989e] - deps: V8: cherry-pick 6b1b9bc (zhoumingtao) #​59283
• [e65b930aa7] - deps: V8: backport 2e4c5cf (Michaël Zasso) #​60654
• [1b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [2426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #​59806
• [e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #​59562
• [e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #​59579
• [8a504d900a] - doc: fix missing link to the Error documentation in the http page (Alexander Makarenko) #​59080
• [8c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #​59591
• [109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #​59470
• [4f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #​59445
• [caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #​58876
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [19a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #​58504
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313
• [3b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [960d05ad7d] - doc: add history entries to --input-type section (Antoine du Hamel) #​58175
• [20616f1750] - http2: do not crash on mismatched ping buffer length (René) #​60135
• [9eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #​59261
• [dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [7cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #​54347
• [bb108191aa] - meta: call create-release-post.yml post release (Aviv Keller) #​60366
• [2a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #​58646
• [144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #​59607
• [b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #​59487
• [2c8a73f95f] - src: remove duplicate assignment of O_EXCL in node_constants.cc (Daniel Osvaldo R) #​59049
• [b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [4b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #​59755
• [9543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #​59640
• [4f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #​59637
• [3ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #​59563
• [a7a109f926] - test: fix typos (Lee Jiho) #​59330
• [fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #​60419
• [bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #​59414
• [0cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #​58840
• [76001f9480] - tools: remove unused actions from build-tarball.yml (Antoine du Hamel) #​59787
• [69904844bb] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #​59785
• [a6e7adb173] - tools: fix return value of try_check_compiler (theanarkh) #​59434
• [6443ad2da5] - tools: drop deprecated macos-13 runner (Richard Lau) #​60679
• [45ec702ef7] - tools: fix tools/make-v8.sh for clang (Richard Lau) #​59893
• [393ff7226e] - util: fix numericSeparator with negative fractional numbers (sangwook) #​59379
• [9e8beff0f4] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #​59446

v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241

Commits

• [ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #​58270
• [c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #​58171
• [d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #​58867
• [84d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #​58213
• [068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #​58942
• [edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #​57498
• [0473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #​58628
• [1218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #​57768
• [0e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #​56655
• [a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [82c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #​57180
• [43e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #​56855
• [91282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #​58566
• [b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #​58711
• [ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #​57382
• [142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #​58712
• [fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #​58144
• [c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #​57386
• [cded8e7e77] - dns: fix parse memory leaky (theanarkh) #​58973
• [182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #​58404
• [621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #​57449
• [b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #​57426
• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #​58911
• [38e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #​57318
• [d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #​57309
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [8c3bc156ed] - doc: clarify path.isAbsolute is not path traversal mitigation (Eric Fortis) #​57073
• [e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #​56835
• [e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #​57219
• [026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #​57183
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241
• [ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #​57076
• [1db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #​52607
• [b73a1356ce] - doc: add module namespace object links (Dario Piotrowicz) #​57093
• [09368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #​57092
• [2c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #​57090
• [cd8259cb4e] - doc: modules.md: fix distance definition (Alexander “weej” Jones) #​57046
• [7b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #​57091
• [14fcfc242b] - doc: add a note about require('../common') in testing documentation (Aditi) #​56953
• [bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #​57028
• [acd4d7f269] - doc: improve documentation on argument validation (Aditi) #​56954
• [4cd6b3ca73] - doc: buffer: fix typo on Buffer.copyBytesFrom( offset option (tpoisseau) #​57015
• [01220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #​57004
• [77a0505a32] - doc: update post sec release process (Rafael Gonzaga) #​56907
• [77dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #​56539
• [73e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #​55947
• [9a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #​55791
• [04d9c5baeb] - doc: add scroll margin to links (Roman Reiss) #​58982
• [959a67f6ff] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [8757a5532f] - doc: update release key for aduh95 (Antoine du Hamel) #​58877
• [6fa0626327] - doc,src,test: fix typos (Noritaka Kobayashi) #​58477
• [9991788e4a] - http: coerce content-length to number (Marco Ippolito) #​57458
• [ff5cf8a428] - http2: fix check for frame->hd.type (hanguanqiang) #​57644
• [2f333b6c51] - lib: optimize prepareStackTrace on builtin frames (Chengzhong Wu) #​56299
• [cdf985071f] - lib: suppress source map lookup exceptions (Chengzhong Wu) #​56299
• [faa08b14ed] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #​57177
• [a683cd1232] - meta: add IlyasShabi to collaborators (Ilyas Shabi) #​58916
• [b145bb28aa] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #​58551
• [2c59789001] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #​58550
• [4095337e96] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #​58108
• [631fed8e39] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​58456
• [7d2f7180b6] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #​58110
• [1558551ea5] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #​58106
• [e1f12fe737] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #​58356
• [1b78eb1313] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #​58111
• [2b8449c39a] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #​58107
• [833b70bbc5] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #​57966
• [c6a88561f5] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #​57718
• [9046ef4fb3] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #​57717
• [46388a4e2a] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #​57715
• [d3970685bd] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #​57714
• [47004ef37f] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #​57713
• [4abe83ec03] - meta: add some clarification to the nomination process (James M Snell) #​57503
• [45e9b88363] - meta: remove collaborator self-nomination (Rich Trott) #​57537
• [d10949b7d8] - meta: edit collaborator nomination process (Antoine du Hamel) #​57483
• [704562fb7a] - meta: move ovflowd to emeritus (Claudio W.) #​57443
• [3f981b8537] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #​57257
• [7e1ff7b332] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #​57253
• [8d4ec412b9] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) #​57292
• [cc2abb5d17] - meta: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (dependabot[bot]) #​57259
• [4fad2b8758] - meta: bump actions/cache from 4.2.0 to 4.2.2 (dependabot[bot]) #​57256
• [5f5bb8b986] - meta: bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot]) #​57255
• [e949359a56] - meta: bump actions/setup-python from 5.3.0 to 5.4.0 (dependabot[bot]) #​56867
• [d3c5ad7510] - meta: bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (dependabot[bot]) #​56866
• [56decfe2d1] - meta: bump codecov/codecov-action from 5.0.7 to 5.3.1 (dependabot[bot]) #​56864
• [52e518444d] - meta: bump actions/cache from 4.1.2 to 4.2.0 (dependabot[bot]) #​56862
• [9cac93d9c3] - meta: bump actions/stale from 9.0.0 to 9.1.0 (dependabot[bot]) #​56860
• [ecf4252f7c] - meta: update last name for jkrems (Jan Martin) #​57006
• [e8beaaaedf] - meta: bump actions/upload-artifact from 4.4.3 to 4.6.0 (dependabot[bot]) #​56861
• [5462c257f8] - meta: bump actions/setup-node from 4.1.0 to 4.2.0 (dependabot[bot]) #​56868
• [89c37891a0] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​56889
• [2a0175c291] - meta: add @​nodejs/url as codeowner (Chengzhong Wu) #​56783
• [c12aae1e78] - meta: bump github/codeql-action from 3.28.18 to 3.29.2 (dependabot[bot]) #​58922
• [4ef09990f1] - meta: bump github/codeql-action from 3.28.16 to 3.28.18 (dependabot[bot]) #​58552
• [889654eb2c] - meta: bump github/codeql-action from 3.28.11 to 3.28.16 (dependabot[bot]) #​58112
• [091e5c1bb9] - meta: bump github/codeql-action from 3.28.10 to 3.28.13 (dependabot[bot]) #​57716
• [01415153de] - meta: bump github/codeql-action from 3.28.8 to 3.28.10 (dependabot[bot]) #​57254
• [72ea8aac34] - meta: bump github/codeql-action from 3.27.5 to 3.28.8 (dependabot[bot]) #​56859
• [99a271e588] - meta: bump step-security/harden-runner from 2.12.0 to 2.12.2 (dependabot[bot]) #​58923
• [b4c4c02490] - meta: bump step-security/harden-runner from 2.11.0 to 2.12.0 (dependabot[bot]) #​58109
• [5361bb9157] - meta: bump step-security/harden-runner from 2.10.4 to 2.11.0 (dependabot[bot]) #​57258
• [28e33acf30] - meta: bump step-security/harden-runner from 2.10.2 to 2.10.4 (dependabot[bot]) #​56863
• [fad773cede] - module: throw error when re-runing errored module jobs (Joyee Cheung) #​58957
• [2531185423] - module: allow cycles in require() in the CJS handling in ESM loader (Joyee Cheung) #​58598
• [ed43b69689] - module: clarify cjs global-like error on ModuleJobSync (Carlos Espa) #​56491
• [6e02db1b12] - module: handle instantiated async module jobs in require(esm) (Joyee Cheung) #​58067
• [badba50d30] - module: fix incorrect formatting in require(esm) cycle error message (haykam821) #​57453
• [939ecf8906] - module: handle cached linked async jobs in require(esm) (Joyee Cheung) #​57187
• [ba7f8a0353] - module: improve error message from asynchronicity in require(esm) (Joyee Cheung) #​57126
• [c1e7fa2586] - module: handle .mjs in .js handler in CommonJS (Joyee Cheung) #​55590
• [41f3dfd21b] - module: fix require.resolve() crash on non-string paths (Aditi) #​56942
• [043dcdd628] - os: fix GetInterfaceAddresses memory lieaky (theanarkh) #​58940
• [9b74e9bfd9] - permission: ignore internalModuleStat on module loading (Rafael Gonzaga) #​55797
• [611a147b45] - readline: fix unresolved promise on abortion (Daniel Venable) #​54030
• [f891ae3421] - repl: avoid deprecated require.extensions in tab completion (baki gul) #​58653
• [7ba44290bf] - repl: fix tab completion not working with computer string properties (Dario Piotrowicz) #​58709
• [eb842048b2] - src: do not format single string argument for THROW_ERR_* (Joyee Cheung) #​57126
• [4f004937ec] - src: fixup errorhandling more in various places (James M Snell) #​57852
• [5daa7fe2e2] - src: fix module buffer allocation (X-BW) #​57738
• [586b1be11b] - src: fix build when using shared simdutf (Antoine du Hamel) #​58407
• [563e61f012] - src: fix possible dereference of null pointer (Eusgor) #​58459
• [cbec07ea0b] - src: fix FIPS init error handling (Tobias Nießen) #​58379
• [80fb80e71b] - src: fix -Wunreachable-code in src/node_api.cc (Shelley Vohr) #​58901
• [5e97719860] - test: skip test-http-imports on macos (Marco Ippolito) #​59745
• [69c43bdfcc] - test: fix internet/test-dns (Michaël Zasso) #​59660
• [6fd58e0338] - tools: update coverage GitHub Actions to fixed version (Rich Trott) #​59512
• [eb7bbce73e] - tools: disable failing coverage jobs (Antoine du Hamel) #​58770
• [65b1669936] - util: fix formatting of objects with built-in Symbol.toPrimitive (Shima Ryuhei) #​57832
• [8a29f13bec] - util: fix parseEnv incorrectly splitting multiple ‘=‘ in value (HEESEUNG) #​57421
• [077d5020c4] - v8: fix missing callback in heap utils destroy (Ruben Bridgewater) #​58846
• [34ae9f8b18] - vm: import call should return a promise in the current context (Chengzhong Wu) #​58309
• [0dd3a8d6d1] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #​58902
• [1b83a2bd2d] - zlib: remove mentions of unexposed Z_TREES constant (Jimmy Leung) #​58371
• [9dc9604502] - zlib: fix pointer alignment (jhofstee) #​57727

v20.19.4: 2025-07-15, Version 20.19.4 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()

Commits

• [db7b93fcef] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721

v20.19.3: 2025-06-23, Version 20.19.3 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [c535a3c483] - crypto: graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #​56142
• [af1dc63815] - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) #​57381
• [01d63a4ddf] - deps: update timezone to 2025b (Node.js GitHub Bot) #​57857
• [b6daa344eb] - doc: add dario-piotrowicz to collaborators (Dario Piotrowicz) #​58102

Commits

• [fc1fa7a357] - build: use FILE_OFFSET_BITS=64 esp. on 32-bit arch (RafaelGSS) #​58090
• [79e0812181] - build: use glob for dependencies of out/Makefile (Richard Lau) #​55789
• [f56e62851a] - crypto: allow length=0 for HKDF and PBKDF2 in SubtleCrypto.deriveBits (Filip Skokan) #​55866
• [c535a3c483] - crypto: graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #​56142
• [39925de8b1] - crypto: allow non-multiple of 8 in SubtleCrypto.deriveBits (Filip Skokan) #​55296
• [af1dc63815] - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) #​57381
• [d09008add3] - deps: V8: cherry-pick 1a3ecc2 (Michaël Zasso) #​58342
• [fd56652425] - deps: V8: cherry-pick 182d9c0 (Andrey Kosyakov) #​58342
• [447481e829] - deps: V8: cherry-pick third_party/zlib@646b7f5 (Hans Wennborg) #​58342
• [eb447168df] - deps: update simdutf to 6.4.2 (Node.js GitHub Bot) #​57855
• [01d63a4ddf] - deps: update timezone to 2025b (Node.js GitHub Bot) #​57857
• [10fb49f2a9] - deps: update icu to 77.1 (Node.js GitHub Bot) #​57455
• [f1dc7d0205] - deps: update corepack to 0.32.0 (Node.js GitHub Bot) #​57265
• [7a2e64bb8a] - deps: update simdutf to 6.4.0 (Node.js GitHub Bot) #​56764
• [e80669be0d] - doc: mention reports should align with Node.js CoC (Rafael Gonzaga) #​57607
• [7b2c0bc92e] - doc: add gurgunday as triager (Gürgün Dayıoğlu) #​57594
• [791e4879de] - doc: document REPL custom eval arguments (Dario Piotrowicz) #​57690
• [2917f09876] - doc: improved fetch docs (Alessandro Miliucci) #​57296
• [d940b15843] - doc: clarify unhandledRejection events behaviors in process doc (Dario Piotrowicz) #​57654
• [71c664fab7] - doc: update position type to integer | null in fs (Yukihiro Hasegawa) #​57745
• [0c0fbfa9c6] - doc: add missing v0.x changelog entries (Antoine du Hamel) #​57779
• [e99462c9fc] - doc: correct deprecation type of assert.CallTracker (René) #​57997
• [c7e92696ef] - doc: add returns for https.get (Eng Zer Jun) #​58025
• [ccc42b69ce] - doc: fix env variable name in util.styleText (Antoine du Hamel) #​58072
• [b6daa344eb] - doc: add dario-piotrowicz to collaborators (Dario Piotrowicz) #​58102
• [e5d6a3df16] - doc: fix AsyncLocalStorage example response changes after node v18 (Naor Tedgi (Abu Emma)) #​57969
• [f006411998] - doc: fix typo of file zlib.md (yusheng chen) #​58093
• [5193735df4] - doc: add missing options.signal to readlinePromises.createInterface() (Jimmy Leung) #​55456
• [fd44af730f] - doc: fix misaligned options in vm.compileFunction() (Jimmy Leung) #​58145
• [0fdcc0ddcd] - doc: add ambassaor message (Brian Muenzenmeyer) #​57600
• [5ca9616bd3] - doc: increase z-index of header element (Dario Piotrowicz) #​57851
• [81342d10f0] - doc: fix deprecation type for DEP0148 (Livia Medeiros) #​57785
• [776becfe01] - doc: remove mention of --require not supporting ES modules (Huáng Jùnliàng) #​57620
• [3140a8f133] - doc: add missing deprecated badges in fs.md (Yukihiro Hasegawa) #​57384
• [441ce24ae3] - doc: deprecate passing invalid types in fs.existsSync (Carlos Espa) #​55892
• [0556f54544] - http: correctly translate HTTP method (Paolo Insogna) #​52701
• [c2c6d2b035] - http: be more generational GC friendly (ywave620) #​56767
• [cdf3fa241c] - http2: skip writeHead if stream is closed (Shima Ryuhei) #​57686
• [bbd5aec785] - http2: fix graceful session close (Kushagra Pandey) #​57808
• [b427ae4f34] - meta: remove build-windows.yml (Aviv Keller) #​54662
• [49e624f554] - os: fix netmask format check condition in getCIDR function (Wiyeong Seo) #​57324
• [d582954434] - src: remove unused variable in crypto_x509.cc (Michaël Zasso) [#​57754](https://redirect.github.com/nodejs/node/pull/57754

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
web-components	Ready	Preview	Comment	Nov 28, 2025 1:15am

[github-actions]

To increment version on merge, please add one of patch (default), minor, or major label to this PR.