chore: π€ update node.js to v20.20.2#724
Merged
renovate[bot] merged 1 commit intomainfrom Apr 3, 2026
Merged
Conversation
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
20.12.2β20.20.220.12.8β20.19.3720.19.39(+1)Release Notes
nodejs/node (node)
v20.20.2: 2026-03-24, Version 20.20.2 'Iron' (LTS), @βmarco-ippolitoCompare Source
This is a security release.
Notable Changes
Commits
cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831f333d0be5f] - deps: V8: overridedepot_toolsversion (Richard Lau) #β623442acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #β62285af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#83400ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#8210123309566] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#84000830712bc] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#838a0c73425da] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832cc3f294507] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#839v20.20.1: 2026-03-05, Version 20.20.1 'Iron' (LTS), @βmarco-ippolitoCompare Source
Notable Changes
91a66e671c] - build: test on Python 3.14 (Christian Clauss) #β59983f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #β6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #β60741Commits
6f580d5399] - assert: fix deepEqual always return true on URL (Xuguang Mei) #β5085391a66e671c] - build: test on Python 3.14 (Christian Clauss) #β59983cc4f7af6f3] - build: skip sscache action on non-main branches (Joyee Cheung) #β61790f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #β6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #β60741fa88cc07e2] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #β6066288b2eec88a] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #β618305c053264f1] - deps: V8: backport6a0a25a(Vivian Wang) #β616874a398699d0] - deps: update googletest to5a9c3f9(Node.js GitHub Bot) #β617314fa43adf15] - deps: update googletest to56efe39(Node.js GitHub Bot) #β616051a855d490c] - deps: update googletest to8508785(Node.js GitHub Bot) #β61417d8a9359826] - deps: update icu to 78.2 (Node.js GitHub Bot) #β60523e79cd3a0bb] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #β619280707ade464] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #β61925dc5a3cddef] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #β6182746043b94c7] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #β611356be15a596e] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #β6127110881404cd] - deps: update timezone to 2025c (Node.js GitHub Bot) #β611381594a78c85] - deps: update googletest to065127f(Node.js GitHub Bot) #β610557fa2ee1933] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #β6089809259532ef] - deps: update googletest to1b96fa1(Node.js GitHub Bot) #β60739aa8bdb6886] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #β60646cc849fde27] - deps: update googletest to279f847(Node.js GitHub Bot) #β60219a99ba553a2] - deps: update googletest to50b8600(Node.js GitHub Bot) #β599556349a79f5f] - deps: update googletest to7e17b15(Node.js GitHub Bot) #β591318ba759f1a0] - deps: update googletest to35b75a2(Node.js GitHub Bot) #β58710927d906850] - deps: update googletest toe9092b1(Node.js GitHub Bot) #β58565bf8919f5c2] - deps: update googletest to0bdccf4(Node.js GitHub Bot) #β57380ae6231dac0] - deps: update googletest toe235eb3(Node.js GitHub Bot) #β568730561c62e85] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #β61732f0ef221b0d] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #β6054315bd0da404] - deps: update archs files for openssl (Antoine du Hamel) #β6191204d439323f] - deps: upgrade openssl sources to openssl-3.0.19 (Antoine du Hamel) #β619122ea16d3bd6] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #β61510622f973d1c] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #β608422cd265d8b9] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #β6064365e839687b] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #β605502dc99d2771] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #β614532c7b84b1d8] - doc: fix typo in http.md (Michael Solomon) #β59354a84b42667c] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #β59344ffd0ada45f] - doc: fix typo intest/common/README.md(Yoo) #β59180b4d9d006e7] - doc: fix broken sentence inURL.parse(Superchupu) #β5916445e9971d9c] - doc: fix typo in writing-test.md (SeokHun) #β59123e9fd10b5d6] - doc: fixfetchsubsections inglobals.md(Antoine du Hamel) #β589333715dd1c2b] - doc: fix wrong RFC number in http2 (Deokjin Kim) #β58753098c017eac] - doc: punctuation fix for Node-API versioning clarification (Jiacai Liu) #β58599545bf434e1] - doc: fix typo of filehttp.md,outgoingMessage.setTimeoutsection (yusheng chen) #β58188b3d6683e7b] - doc: support toolchain with Visual Studio 2019 & 2022 only (Mike McCready) #β614508fdde5d110] - doc: fix v20 changelog after security release (Marco Ippolito) #β6137131d04599be] - http: fix keep-alive not timing out after post-request empty line (Shima Ryuhei) #β581785ec7d1eba0] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #β614025c091d5a96] - meta: persist sccache daemon until end of build workflows (RenΓ©) #β61639183353aba0] - path,win: fix bug in resolve and normalize (HΓΌseyin AΓ§acak) #β55623dbe9e5091b] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #β619484106bfc775] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #β60995de51937306] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #β60565368b221be3] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #β61629e134912a33] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #β591585630170d3e] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #β584781e5363bb63] - test: marktest-http2-debugas flaky on LinuxONE (Richard Lau) #β58494662998787a] - test: settest-fs-cpas flaky (Stefan Stojanovic) #β567990807127339] - test: marktest-esm-loader-hooks-inspect-waitflaky (Richard Lau) #β568036320cd0721] - test: skip strace test with shared openssl (Richard Lau) #β6198783b9f8ee02] - tools: make nodedownload module compatible with Python 3.14 (LumΓr 'Frenzy' Balhar) #β587526cf9b5786e] - tools: enforce removal oflts-watch-*labels on release proposals (Antoine du Hamel) #β61672cd4161499c] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #β616636dc2a99a0d] - tools: validate release commit diff as part oflint-release-proposal(Antoine du Hamel) #β614405014f22332] - tools: add read permission to workflows that read contents (Antoine du Hamel) #β582556c3ad2a5a3] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #β619031abada9c34] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #β61899f260e40127] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #β6175964beca5e01] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #β61734v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @βmarco-ippolitoCompare Source
This is a security release.
Notable Changes
lib:
lib,permission:
src:
src,lib:
tls:
Commits
8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #β6099797fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#79214fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#8021febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#77351f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Π‘ΠΊΠΎΠ²ΠΎΡΠΎΠ΄Π° ΠΠΈΠΊΠΈΡΠ° ΠΠ½Π΄ΡΠ΅Π΅Π²ΠΈΡ) nodejs-private/node-private#75985f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @βmarco-ippolitoCompare Source
Notable Changes
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #β59571082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #β59113db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #β58313Commits
0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #β59547fba0025b9c] - build: usewindows-2025runner (MichaΓ«l Zasso) #β596733456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #β599566277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #β595711788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #β601125d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #β597919f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #β59689d0edb01d25] - deps: update googletest toeb2d85e(Node.js GitHub Bot) #β59335576242ff39] - deps: V8: cherry-picka0d0d4f(Ho Cheung) #β60716a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #β60314fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #β59134556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #β59134cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #β59133acec79989e] - deps: V8: cherry-pick6b1b9bc(zhoumingtao) #β59283e65b930aa7] - deps: V8: backport2e4c5cf(MichaΓ«l Zasso) #β606541b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #β60114a2bcb217c6] - doc: fix typo in section on microtask order (Tobias NieΓen) #β599322426d3f3ff] - doc: add security escalation policy (Ulises GascΓ³n) #β59806e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #β59562e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #β595798a504d900a] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #β590808c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #β59591109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #β594704f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #β59445caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #β58876082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #β5911319a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #β58504db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #β583133b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #β58291960d05ad7d] - doc: add history entries to--input-typesection (Antoine du Hamel) #β5817520616f1750] - http2: do not crash on mismatched ping buffer length (RenΓ©) #β601359eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #β59261dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #β60070d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #β60093de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #β60094b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #β60096e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #β600907cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #β54347bb108191aa] - meta: callcreate-release-post.ymlpost release (Aviv Keller) #β603662a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #β58646144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #β60103409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #β59857d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #β59607b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias NieΓen) #β594872c8a73f95f] - src: remove duplicate assignment ofO_EXCLin node_constants.cc (Daniel Osvaldo R) #β59049b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #β599934b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #β60068cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #β597559543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #β596404f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #β596373ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #β59563a7a109f926] - test: fix typos (Lee Jiho) #β59330fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #β60419bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #β594140cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #β5884076001f9480] - tools: remove unused actions frombuild-tarball.yml(Antoine du Hamel) #β5978769904844bb] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #β59785a6e7adb173] - tools: fix return value of try_check_compiler (theanarkh) #β594346443ad2da5] - tools: drop deprecatedmacos-13runner (Richard Lau) #β6067945ec702ef7] - tools: fixtools/make-v8.shfor clang (Richard Lau) #β59893393ff7226e] - util: fix numericSeparator with negative fractional numbers (sangwook) #β593799e8beff0f4] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #β59446v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @βmarco-ippolitoCompare Source
Notable Changes
f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #β583554e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #β58308d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #β584993c6206cac9] - doc: add @βgeeksilva97 to collaborators (Edy Silva) #β57241Commits
ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #β58270c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #β58171d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #β5886784d5c4d244] - build: search for libnode.so in multiple places (Jan StanΔk) #β58213068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #β58942edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #β574980473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #β586281218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #β577680e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #β56655a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #β57335cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #β5733582c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #β5718043e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #β5685591282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #β58566b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #β58711ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #β57382142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #β58712fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #β58144c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #β57386cded8e7e77] - dns: fix parse memory leaky (theanarkh) #β58973182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #β58404621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #β57449b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #β57426f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #β583554e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #β58308530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #β5891138e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #β57318d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #β57309d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #β584998c3bc156ed] - doc: clarifypath.isAbsoluteis not path traversal mitigation (Eric Fortis) #β57073e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #β56835e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #β57219026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #β571833c6206cac9] - doc: add @βgeeksilva97 to collaborators (Edy Silva) #β57241ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #β570761db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #β52607b73a1356ce] - doc: addmodule namespace objectlinks (Dario Piotrowicz) #β5709309368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #β570922c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #β57090cd8259cb4e] - doc:modules.md: fixdistancedefinition (Alexander βweejβ Jones) #β570467b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #β5709114fcfc242b] - doc: add a note aboutrequire('../common')in testing documentation (Aditi) #β56953bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #β57028acd4d7f269] - doc: improve documentation on argument validation (Aditi) #β569544cd6b3ca73] - doc: buffer: fix typo onBuffer.copyBytesFrom(offsetoption (tpoisseau) #β5701501220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #β5700477a0505a32] - doc: update post sec release process (Rafael Gonzaga) #β5690777dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #β5653973e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #β559479a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #β5579104d9c5baeb] - doc: add scroll margin to links (Roman Reiss) #β58982959a67f6ff] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #β582918757a5532f] - doc: update release key for aduh95 (Antoine du Hamel) #β588776fa0626327] - doc,src,test: fix typos (Noritaka Kobayashi) #β584779991788e4a] - http: coerce content-length to number (Marco Ippolito) #β57458ff5cf8a428] - http2: fix check forframe->hd.type(hanguanqiang) #β576442f333b6c51] - lib: optimizeprepareStackTraceon builtin frames (Chengzhong Wu) #β56299cdf985071f] - lib: suppress source map lookup exceptions (Chengzhong Wu) #β56299faa08b14ed] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #β57177a683cd1232] - meta: add IlyasShabi to collaborators (Ilyas Shabi) #β58916b145bb28aa] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #β585512c59789001] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #β585504095337e96] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #β58108631fed8e39] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #β584567d2f7180b6] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #β581101558551ea5] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #β58106e1f12fe737] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #β583561b78eb1313] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #β581112b8449c39a] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #β58107833b70bbc5] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #β57966c6a88561f5] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #β577189046ef4fb3] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #β5771746388a4e2a] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #β57715d3970685bd] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #β5771447004ef37f] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #β577134abe83ec03](https://redirect.github.com/nodeConfiguration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.