chore(deps): update node.js to v22.22.0 #121
No reviewers
Labels
No labels
bug
duplicate
enhancement
help wanted
invalid
question
renovate-bot
renovate-security
security
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
mCaptcha/pow_sha256-polyfill!121
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/node-22.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
22.20.0->22.22.0Release Notes
nodejs/node (node)
v22.22.0: 2026-01-13, Version 22.22.0 'Jod' (LTS), @marco-ippolitoCompare Source
This is a security release.
Notable Changes
lib:
lib,permission:
src:
src,lib:
tls:
Commits
6badf4e6f4] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #6099737509c3ff0] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#791eb8e41f8db] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797ebbf942a83] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#7486b4849583a] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760ddadc31f09] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773d4d9f3915f] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#75925d6799df6] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796v22.21.1: 2025-10-28, Version 22.21.1 'Jod' (LTS), @aduh95Compare Source
Commits
af33e8e668] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #598726764ce8756] - benchmark: update count to n in permission startup (Bruno Rodrigues) #598724e8d99f0dc] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #59872af0a8ba7f8] - benchmark: adjust dgram offset-length len values (Bruno Rodrigues) #5970878efd1be4a] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #59708df72dc96e9] - console,util: improve array inspection performance (Ruben Bridgewater) #60037ef67d09f50] - http: improve writeEarlyHints by avoiding for-of loop (Haram Jeong) #5995823468fd76b] - http2: fix allowHttp1+Upgrade, broken by shouldUpgradeCallback (Tim Perry) #5992456abc4ac76] - lib: optimize priority queue (Gürgün Dayıoğlu) #60039ea5cfd98c5] - lib: implement passive listener behavior per spec (BCD1me) #59995c2dd6eed2f] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #6010381a3055710] - process: fix defaultenvforprocess.execve(Richard Lau) #60029fe492c7ace] - process: fix hrtime fast call signatures (Renegade334) #5960076b4cab8fc] - src: bring permissions macros in line with general C/C++ standards (Anna Henningsen) #6005321970970c7] - src: removeAnalyzeTemporaryDtorsoption from .clang-tidy (iknoom) #60008609c063e81] - src: remove unused variables from report (Moonki Choi) #60047987841a773] - src: avoid unnecessary string allocations in SPrintF impl (Anna Henningsen) #600526e386c0632] - src: make ToLower/ToUpper input args more flexible (Anna Henningsen) #60052c3be1226c7] - src: allowstd::string_viewarguments toSPrintF()and friends (Anna Henningsen) #60058764d35647d] - src: remove unnecessarystd::stringerror messages (Anna Henningsen) #600571289ef89ec] - src: remove unnecessary shadowed functions on Utf8Value & BufferValue (Anna Henningsen) #60056d1fb8a538d] - src: avoid unnecessary string ->char*-> string round trips (Anna Henningsen) #6005554b439fb5a] - src: filloptions_args,options_envafter vectors are finalized (iknoom) #59945c7c597e2ca] - src: use RAII for uv_process_options_t (iknoom) #59945b928ea9716] - test: ensure that the message event is fired (Luigi Pinca) #59952e4b95a5158] - test: replace diagnostics_channel stackframe in output snapshots (Chengzhong Wu) #600244206406694] - test: mark test-web-locks skip on IBM i (SRAVANI GUNDEPALLI) #5999626394cd5bf] - test: expand tls-check-server-identity coverage (Diango Gavidia) #60002b58df47995] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #59993af3a59dba8] - test: verify tracing channel doesn't swallow unhandledRejection (Gerhard Stöbich) #59974cee362242b] - timers: fix binding fast call signatures (Renegade334) #5960040fea57fdd] - tools: add message on auto-fixing js lint issues in gh workflow (Dario Piotrowicz) #59128aac90d351b] - tools: verify signatures when updating nghttp* (Antoine du Hamel) #601139fae03c7d9] - tools: use dependabot cooldown and move tools/doc (Rafael Gonzaga) #5997881548abdf6] - wasi: fix WasiFunction fast call signature (Renegade334) #59600v22.21.0: 2025-10-20, Version 22.21.0 'Jod' (LTS), @aduh95Compare Source
Notable Changes
1486fedea1] - (SEMVER-MINOR) cli: add--use-env-proxy(Joyee Cheung) #59151bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch underNODE_USE_ENV_PROXY(Joyee Cheung) #57165af8b5fa29d] - (SEMVER-MINOR) http: addshouldUpgradeCallbackto let servers control HTTP upgrades (Tim Perry) #5982442102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support inhttp/https.requestandAgent(Joyee Cheung) #58980686ac49b82] - (SEMVER-MINOR) src: add percentage support to--max-old-space-size(Asaf Federman) #59082Commits
a71dd592e3] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #5969616c4b466f4] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #5983653cb9f3b6c] - build: add the missing macro definitions for OpenHarmony (hqzing) #59804ec5290fe01] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #598091486fedea1] - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) #591511f93913446] - crypto: usereturn awaitwhen returning Promises from async functions (Renegade334) #59841f488b2ff73] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #59841aed9fd5ac4] - crypto: avoid calls topromise.catch()(Renegade334) #5984137c2d186f0] - deps: update amaro to 1.1.4 (pmarchini) #6004428aea13419] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #60101ddbc1aa0bb] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #60101badbba2da9] - deps: update googletest to50b8600(Node.js GitHub Bot) #5995548aaf98a08] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #59901e02a562ea6] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #599017e0e86cb92] - deps: upgrade npm to 10.9.4 (npm team) #6007491dda5facf] - deps: update undici to 6.22.0 (Matteo Collina) #601123a3220a2f0] - dgram: restore buffer optimization in fixBufferList (Yoo) #5993409bdcce6b8] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #59910b3eeb3bd13] - doc: provide alternative tourl.parse()using WHATWG URL (Steven) #597361ddaab1904] - doc: mention reverse proxy and include simple example (Steven) #597363b3b71e99c] - doc: mark.envfiles support as stable (Santeri Hiltunen) #59925d37f67d1bd] - doc: remove optional title prefixes (Aviv Keller) #60087ca2dff63f9] - doc: fix typo on child_process.md (Angelo Gazzola) #601143fca564a05] - doc: add automated migration info to deprecations (Augustin Mauroy) #600224bc366fc16] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #599544808dbdd9a] - doc: fix typo in section on microtask order (Tobias Nießen) #59932d6e303d645] - doc: update V8 fast API guidance (René) #589990a3a3f729e] - doc: add security escalation policy (Ulises Gascón) #598068fd669c70d] - doc: type improvement of filehttp.md(yusheng chen) #581899833dc6060] - doc: rephrase dynamic import() description (Nam Yooseong) #592242870a73681] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #5985185818db93c] - fs,win: do not add a second trailing slash in readdir (Gerhard Stöbich) #59847bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) #57165af8b5fa29d] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #59824758271ae66] - http: optimize checkIsHttpToken for short strings (방진혁) #5983242102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #58980a33ed9bf96] - inspector: ensure adequate memory allocation forBinary::toBase64(René) #5987034c686be2b] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #5968712e553529c] - lib: add source map support for assert messages (Chengzhong Wu) #59751d2a70571f8] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #5975120a9e86b5d] - meta: move Michael to emeritus (Michael Dawson) #60070c591cca15c] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #60089090ba141b1] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #60091a0ba6884a5] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #600920feca0c541] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #600937cd2b42d18] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #600941f3b9d66ac] - meta: bump actions/cache from 4.2.4 to 4.3.0 (dependabot[bot]) #600950fedbb3de7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #6009604590b8267] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #600902bf0a9318f] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #59914e10dc7b81c] - module: allow overriding linked requests for a ModuleWrap (Chengzhong Wu) #595272237142369] - module: link module with a module request record (Chengzhong Wu) #588866d24b88fbc] - node-api: added SharedArrayBuffer api (Mert Can Altin) #590714cc84c96f4] - node-api: make napi_delete_reference use node_api_basic_env (Jeetu Suthar) #59684e790eb6b50] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #5985799ea08dc43] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #59607e4a4f63019] - sqlite: fix crash session extension callbacks with workers (Bart Louwers) #5984842c5544b97] - src: assert memory calc for max-old-space-size-percentage (Asaf Federman) #59460686ac49b82] - (SEMVER-MINOR) src: add percentage support to --max-old-space-size (Asaf Federman) #5908284701ff668] - src: clear all linked module caches once instantiated (Chengzhong Wu) #591178e182e561f] - src: remove unnecessaryEnvironment::GetCurrent()calls (Moonki Choi) #59814c9cde35c4d] - src: simplify is_callable by making it a concept (Tobias Nießen) #58169892b425ee1] - src: rename private fields to follow naming convention (Moonki Choi) #5992336b68db7f5] - src: reduce the nearest parent package JSON cache size (Michael Smith) #5988826b40bad02] - src: replace FIXED_ONE_BYTE_STRING with Environment-cached strings (Moonki Choi) #5989134dcb7dc32] - src: create strings inFIXED_ONE_BYTE_STRINGas internalized (Anna Henningsen) #598264d748add05] - src: removestd::arrayoverload ofFIXED_ONE_BYTE_STRING(Anna Henningsen) #59826bb6fd7c2d1] - src: ensurev8::Eternalis empty before setting it (Anna Henningsen) #598257a91282bf9] - src: use simdjson::pad (0hm☘️) #59391ba00875f01] - stream: use new AsyncResource instead of bind (Matteo Collina) #59867ebec3ef68b] - (SEMVER-MINOR) test: move http proxy tests to test/client-proxy (Joyee Cheung) #589807067d79fb3] - test: mark sea tests flaky on macOS x64 (Richard Lau) #60068ca1942c9d5] - test: testcase demonstrating issue 59541 (Eric Rannaud) #59801660d57355e] - test,doc: skip --max-old-space-size-percentage on 32-bit platforms (Asaf Federman) #6014419a7b1ef26] - tls: load bundled and extra certificates off-thread (Joyee Cheung) #59856095e7a81fc] - tls: only do off-thread certificate loading on loading tls (Joyee Cheung) #59856c42c1204c7] - tools: fixtools/make-v8.shfor clang (Richard Lau) #59893b632a1d98d] - tools: skip test-internet workflow for draft PRs (Michaël Zasso) #598176021c3ac76] - tools: copyeditbuild-tarball.yml(Antoine du Hamel) #59808ef005d0c9b] - typings: update 'types' binding (René) #5969228ef564ecd] - typings: remove unused imports (Nam Yooseong) #59880f88752ddb6] - url: replaced slice with at (Mikhail) #5918124c224960c] - url: add type checking to urlToHttpOptions() (simon-id) #59753f2fbcc576d] - util: fix debuglog.enabled not being present with callback logger (Ruben Bridgewater) #598586277058e43] - vm: sync-ify SourceTextModule linkage (Chengzhong Wu) #590005bf21a4309] - vm: explain how to share promises between contexts w/ afterEvaluate (Eric Rannaud) #59801312b33a083] - vm: "afterEvaluate", evaluate() return a promise from the outer context (Eric Rannaud) #598011eadab863c] - win,tools: add description to signature (Martin Costello) #59877816e1befb1] - zlib: reduce code duplication (jhofstee) #57810Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
3116699065to580528afeachore(deps): update node.js to v22.21.0to chore(deps): update node.js to v22.21.1580528afeatoc94b142a54chore(deps): update node.js to v22.21.1to chore(deps): update node.js to v22.22.0View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.