Open
Conversation
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
630e037 to
940c21f
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
940c21f to
bab3f3c
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
bab3f3c to
3237c93
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
2 times, most recently
from
2b1fb75 to
e74829b
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
2 times, most recently
from
e58a596 to
a1c7386
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/node-20.x
branch
3 times, most recently
from
ab92f3c to
59ba17a
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
3 times, most recently
from
bcd00fb to
1575719
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
2 times, most recently
from
afc9438 to
1b65584
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
1b65584 to
ae461b6
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
ae461b6 to
49413ba
Compare
renovate
bot
force-pushed
the
renovate/node-20.x
branch
from
49413ba to
e23f15a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
20.19.5→20.20.120.9.0→20.19.3720.19.5→20.20.1Release Notes
nodejs/node (node)
v20.20.1: 2026-03-05, Version 20.20.1 'Iron' (LTS), @marco-ippolitoCompare Source
Notable Changes
91a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741Commits
6f580d5399] - assert: fix deepEqual always return true on URL (Xuguang Mei) #5085391a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983cc4f7af6f3] - build: skip sscache action on non-main branches (Joyee Cheung) #61790f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741fa88cc07e2] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #6066288b2eec88a] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #618305c053264f1] - deps: V8: backport6a0a25a(Vivian Wang) #616874a398699d0] - deps: update googletest to5a9c3f9(Node.js GitHub Bot) #617314fa43adf15] - deps: update googletest to56efe39(Node.js GitHub Bot) #616051a855d490c] - deps: update googletest to8508785(Node.js GitHub Bot) #61417d8a9359826] - deps: update icu to 78.2 (Node.js GitHub Bot) #60523e79cd3a0bb] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #619280707ade464] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925dc5a3cddef] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #6182746043b94c7] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #611356be15a596e] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #6127110881404cd] - deps: update timezone to 2025c (Node.js GitHub Bot) #611381594a78c85] - deps: update googletest to065127f(Node.js GitHub Bot) #610557fa2ee1933] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #6089809259532ef] - deps: update googletest to1b96fa1(Node.js GitHub Bot) #60739aa8bdb6886] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #60646cc849fde27] - deps: update googletest to279f847(Node.js GitHub Bot) #60219a99ba553a2] - deps: update googletest to50b8600(Node.js GitHub Bot) #599556349a79f5f] - deps: update googletest to7e17b15(Node.js GitHub Bot) #591318ba759f1a0] - deps: update googletest to35b75a2(Node.js GitHub Bot) #58710927d906850] - deps: update googletest toe9092b1(Node.js GitHub Bot) #58565bf8919f5c2] - deps: update googletest to0bdccf4(Node.js GitHub Bot) #57380ae6231dac0] - deps: update googletest toe235eb3(Node.js GitHub Bot) #568730561c62e85] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #61732f0ef221b0d] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #6054315bd0da404] - deps: update archs files for openssl (Antoine du Hamel) #6191204d439323f] - deps: upgrade openssl sources to openssl-3.0.19 (Antoine du Hamel) #619122ea16d3bd6] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #61510622f973d1c] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #608422cd265d8b9] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #6064365e839687b] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #605502dc99d2771] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #614532c7b84b1d8] - doc: fix typo in http.md (Michael Solomon) #59354a84b42667c] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #59344ffd0ada45f] - doc: fix typo intest/common/README.md(Yoo) #59180b4d9d006e7] - doc: fix broken sentence inURL.parse(Superchupu) #5916445e9971d9c] - doc: fix typo in writing-test.md (SeokHun) #59123e9fd10b5d6] - doc: fixfetchsubsections inglobals.md(Antoine du Hamel) #589333715dd1c2b] - doc: fix wrong RFC number in http2 (Deokjin Kim) #58753098c017eac] - doc: punctuation fix for Node-API versioning clarification (Jiacai Liu) #58599545bf434e1] - doc: fix typo of filehttp.md,outgoingMessage.setTimeoutsection (yusheng chen) #58188b3d6683e7b] - doc: support toolchain with Visual Studio 2019 & 2022 only (Mike McCready) #614508fdde5d110] - doc: fix v20 changelog after security release (Marco Ippolito) #6137131d04599be] - http: fix keep-alive not timing out after post-request empty line (Shima Ryuhei) #581785ec7d1eba0] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #614025c091d5a96] - meta: persist sccache daemon until end of build workflows (René) #61639183353aba0] - path,win: fix bug in resolve and normalize (Hüseyin Açacak) #55623dbe9e5091b] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #619484106bfc775] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #60995de51937306] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #60565368b221be3] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #61629e134912a33] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #591585630170d3e] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #584781e5363bb63] - test: marktest-http2-debugas flaky on LinuxONE (Richard Lau) #58494662998787a] - test: settest-fs-cpas flaky (Stefan Stojanovic) #567990807127339] - test: marktest-esm-loader-hooks-inspect-waitflaky (Richard Lau) #568036320cd0721] - test: skip strace test with shared openssl (Richard Lau) #6198783b9f8ee02] - tools: make nodedownload module compatible with Python 3.14 (Lumír 'Frenzy' Balhar) #587526cf9b5786e] - tools: enforce removal oflts-watch-*labels on release proposals (Antoine du Hamel) #61672cd4161499c] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #616636dc2a99a0d] - tools: validate release commit diff as part oflint-release-proposal(Antoine du Hamel) #614405014f22332] - tools: add read permission to workflows that read contents (Antoine du Hamel) #582556c3ad2a5a3] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #619031abada9c34] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #61899f260e40127] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #6175964beca5e01] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61734v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @marco-ippolitoCompare Source
This is a security release.
Notable Changes
lib:
lib,permission:
src:
src,lib:
tls:
Commits
8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #6099797fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#79214fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#8021febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#77351f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#75985f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @marco-ippolitoCompare Source
Notable Changes
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313Commits
0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547fba0025b9c] - build: usewindows-2025runner (Michaël Zasso) #596733456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #599566277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #595711788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #601125d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #597919f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689d0edb01d25] - deps: update googletest toeb2d85e(Node.js GitHub Bot) #59335576242ff39] - deps: V8: cherry-picka0d0d4f(Ho Cheung) #60716a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #59134556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #59134cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #59133acec79989e] - deps: V8: cherry-pick6b1b9bc(zhoumingtao) #59283e65b930aa7] - deps: V8: backport2e4c5cf(Michaël Zasso) #606541b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #60114a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #599322426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #59806e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #59562e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #595798a504d900a] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #590808c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #59591109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #594704f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #59445caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #58876082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #5911319a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #58504db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #583133b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291960d05ad7d] - doc: add history entries to--input-typesection (Antoine du Hamel) #5817520616f1750] - http2: do not crash on mismatched ping buffer length (René) #601359eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #59261dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #60070d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #60093de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #60094b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #60096e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #600907cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #54347bb108191aa] - meta: callcreate-release-post.ymlpost release (Aviv Keller) #603662a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #58646144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #60103409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #59857d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #59607b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #594872c8a73f95f] - src: remove duplicate assignment ofO_EXCLin node_constants.cc (Daniel Osvaldo R) #59049b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #599934b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #60068cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #597559543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #596404f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #596373ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #59563a7a109f926] - test: fix typos (Lee Jiho) #59330fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #60419bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #594140cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #5884076001f9480] - tools: remove unused actions frombuild-tarball.yml(Antoine du Hamel) #5978769904844bb] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #59785a6e7adb173] - tools: fix return value of try_check_compiler (theanarkh) #594346443ad2da5] - tools: drop deprecatedmacos-13runner (Richard Lau) #6067945ec702ef7] - tools: fixtools/make-v8.shfor clang (Richard Lau) #59893393ff7226e] - util: fix numericSeparator with negative fractional numbers (sangwook) #593799e8beff0f4] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #59446actions/node-versions (node)
v20.20.1: 20.20.1Compare Source
Node.js 20.20.1
v20.20.0: 20.20.0Compare Source
Node.js 20.20.0
v20.19.6: 20.19.6Compare Source
Node.js 20.19.6
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.