chore(deps): update node.js to v24.17.0#356
Merged
Merged
Conversation
| datasource | package | from | to | | ------------ | ------- | -------- | -------- | | node-version | node | v24.16.0 | v24.17.0 | Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
martincostello
approved these changes
Jun 20, 2026
martincostello
approved these changes
Jun 20, 2026
zeitlinger
added a commit
that referenced
this pull request
Jun 24, 2026
## Summary - add a CI safeguard pass for `lychee` that checks all links across all link-checkable files - keep the existing changed-file behavior for normal runs, plus the existing optional local-only full pass - add regression coverage and update the lychee docs/help text ## Why PR #356 failed because a README link still pointed at `lint.yml` after that file had been renamed elsewhere. The stale link lived in an unchanged file, so Flint's default changed-file link checking did not catch it earlier. This left a gap where unrelated PRs could fail later on broken documentation links. ## Root cause `lychee` defaulted to checking all links only in changed files. Unless the docs file itself changed, stale remote links in unchanged files were skipped. ## Impact CI now catches stale links in unchanged documentation sooner, while local runs keep the narrower changed-file behavior unless explicitly configured otherwise. ## Validation - `cargo test` - `mise run lint:fix` --------- Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
zeitlinger
approved these changes
Jun 25, 2026
Merged
zeitlinger
pushed a commit
that referenced
this pull request
Jun 25, 2026
## 🤖 New release * `flint`: 0.22.5 -> 0.22.6 <details><summary><i><b>Changelog</b></i></summary><p> <blockquote> ## [0.22.6](v0.22.5...v0.22.6) - 2026-06-25 ### Added - check all links in CI ([#365](#365)) ### Fixed - *(renovate-deps)* normalize tracked snapshot ordering ([#364](#364)) ### Other - *(deps)* update node.js to v24.17.0 ([#356](#356)) - link to Flint blog post ([#368](#368)) - *(deps)* update taiki-e/install-action action to v2.82.2 ([#367](#367)) - *(deps)* update taiki-e/install-action action to v2.82.1 ([#366](#366)) - *(deps)* pin dependencies ([#363](#363)) - *(deps)* lock file maintenance ([#362](#362)) - *(deps)* update mise to v2026.6.11 ([#361](#361)) - *(deps)* update taiki-e/install-action action to v2.82.0 ([#358](#358)) - *(deps)* update dependency actions/checkout to v7 ([#359](#359)) - *(deps)* update dependency jdx/mise-action to v4.2.0 ([#357](#357)) - *(deps)* update taiki-e/install-action action to v2.81.11 ([#355](#355)) - update permissions ([#354](#354)) - *(deps)* lock file maintenance ([#353](#353)) - *(deps)* update mise to v2026.6.3 ([#352](#352)) - *(deps)* update taiki-e/install-action action to v2.81.10 ([#351](#351)) - *(deps)* update grafana/shared-workflows/lint-pr-title action to v1.2.3 ([#350](#350)) - *(deps)* update taiki-e/install-action action to v2.81.9 ([#349](#349)) - *(deps)* update taiki-e/install-action action to v2.81.8 ([#347](#347)) - *(deps)* update taiki-e/install-action action to v2.81.7 ([#346](#346)) - *(deps)* update taiki-e/install-action action to v2.81.6 ([#345](#345)) - *(deps)* lock file maintenance ([#342](#342)) - *(deps)* update dependency mise to v2026.6.0 ([#341](#341)) - *(deps)* update taiki-e/install-action action to v2.81.5 ([#343](#343)) - *(deps)* update dependency jdx/mise-action to v4.1.0 ([#340](#340)) - *(deps)* update taiki-e/install-action action to v2.81.4 ([#339](#339)) - *(deps)* update taiki-e/install-action action to v2.81.3 ([#338](#338)) - *(deps)* update dependency go to v1.26.4 ([#337](#337)) - *(deps)* update dependency actions/checkout to v6.0.3 ([#336](#336)) - *(deps)* update taiki-e/install-action action to v2.81.2 ([#335](#335)) - use shared workflow for PR title lint ([#318](#318)) - note zizmor drift from upstream tag movement ([#334](#334)) - *(deps)* update taiki-e/install-action action to v2.81.1 ([#333](#333)) - *(deps)* update taiki-e/install-action action to v2.81.0 ([#332](#332)) - *(deps)* update taiki-e/install-action action to v2.80.0 ([#331](#331)) </blockquote> </p></details> --- This PR was generated with [release-plz](https://github.com/release-plz/release-plz/). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
24.16.0→24.17.0v24.18.0Release Notes
nodejs/node (node)
v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @aduh95Compare Source
This is a security release.
Notable Changes
Commits
9e4dfc7bba] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878cb2aed980c] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890a8a0d12875] - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 (Tim Perry) #6289166e6203c1c] - (SEMVER-MAJOR) deps: update nghttp2 to 1.69.0 (Node.js GitHub Bot) #62891dd627ced27] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #63820684bae568f] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #638203a631e7f83] - deps: fix aix implicit declaration in OpenSSL (Abdirahim Musse) #62656cf44df3996] - deps: update undici to 7.28.0 (Node.js GitHub Bot) #63703138c70294b] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868be7e719c3f] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846cc7c11b4d1] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#8559224427b92] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867cf85d54839] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873a1bbc24f96] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870e3723ff2d6] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854a77af4867b] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#85431beb4f707] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#8578e75c73f91] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
Need help?
You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.