chore(deps): update node.js to v20

[renovate]

This PR contains the following updates:

Package	Update	Change
node	major	16.19.0 -> 20.3.1

---

Release Notes

nodejs/node

v20.3.1: 2023-06-20, Version 20.3.1 (Current), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
• CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
• CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
• CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
• CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
• CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
• CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
• CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
• CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
• CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 28th March.
  • OpenSSL security advisory 20th April.
  • OpenSSL security advisory 30th May

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Commits

• [dac08dafc9] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen) nodejs-private/node-private#​393
• [d274c3babc] - crypto,https,tls: disable engines if perms enabled (Tobias Nießen) nodejs-private/node-private#​409
• [5621c1de38] - deps: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) #​48402
• [771caa9f1c] - deps: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) #​48402
• [0459bf9c99] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#​426
• [27e20501aa] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#​427
• [9c17e335f1] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#​408
• [b51124c637] - permission: handle fs path traversal (RafaelGSS) nodejs-private/node-private#​403
• [ebc5927adc] - permission: handle fs.openAsBlob (RafaelGSS) nodejs-private/node-private#​405
• [c39a43bff5] - permission: handle fs.watchFile (RafaelGSS) nodejs-private/node-private#​404
• [d0a8264ec9] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#​416
• [3df13d5a79] - src,permission: restrict inspector when pm enabled (RafaelGSS) nodejs-private/node-private#​410

v20.3.0: 2023-06-08, Version 20.3.0 (Current), @​targos

Compare Source

Notable Changes

• [bfcb3d1d9a] - deps: upgrade to libuv 1.45.0, including significant performance improvements to file system operations on Linux (Santiago Gimeno) #​48078
• [5094d1b292] - doc: add Ruy Adorno to list of TSC members (Michael Dawson) #​48172
• [2f5dbca690] - doc: mark Node.js 14 as End-of-Life (Richard Lau) #​48023
• [b1828b325e] - (SEMVER-MINOR) lib: implement AbortSignal.any() (Chemi Atlow) #​47821
• [f380953103] - module: change default resolver to not throw on unknown scheme (Gil Tayar) #​47824
• [a94f87ed99] - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) #​48151
• [9e2b13dfa7] - stream: deprecate asIndexedPairs (Chemi Atlow) #​48102

Commits

• [35c96156d1] - benchmark: use cluster.isPrimary instead of cluster.isMaster (Deokjin Kim) #​48002
• [3e6e3abf32] - bootstrap: throw ERR_NOT_SUPPORTED_IN_SNAPSHOT in unsupported operation (Joyee Cheung) #​47887
• [c480559347] - bootstrap: put is_building_snapshot state in IsolateData (Joyee Cheung) #​47887
• [50c0a15535] - build: set v8_enable_webassembly=false when lite mode is enabled (Cheng Shao) #​48248
• [4562805cf6] - build: speed up compilation of mksnapshot output (Keyhan Vakil) #​48162
• [8b89f13933] - build: add action to close stale PRs (Michael Dawson) #​48051
• [5d92202220] - build: replace js2c.py with js2c.cc (Joyee Cheung) #​46997
• [6cf2adc36e] - cluster: use ObjectPrototypeHasOwnProperty (Daeyeon Jeong) #​48141
• [f564b03c38] - crypto: use openssl's own memory BIOs in crypto_context.cc (GauriSpears) #​47160
• [ac8dd61fc3] - crypto: remove default encoding from cipher (Tobias Nießen) #​47998
• [15c2de4407] - crypto: fix setEngine() when OPENSSL_NO_ENGINE set (Tobias Nießen) #​47977
• [9e2dd5b5e2] - deps: update zlib to 337322d (Node.js GitHub Bot) #​48218
• [bfcb3d1d9a] - deps: upgrade to libuv 1.45.0 (Santiago Gimeno) #​48078
• [13930f092f] - deps: update ada to 2.5.0 (Node.js GitHub Bot) #​48223
• [3047caebec] - deps: set CARES_RANDOM_FILE for c-ares (Richard Lau) #​48156
• [0db79a0872] - deps: update histogram 0.11.8 (Marco Ippolito) #​47742
• [99af6716f5] - deps: update histogram to 0.11.7 (Marco Ippolito) #​47742
• [d4922bc985] - deps: update c-ares to 1.19.1 (Node.js GitHub Bot) #​48115
• [f6ccdb289f] - deps: update simdutf to 3.2.12 (Node.js GitHub Bot) #​48118
• [3ed0afc778] - deps: update minimatch to 9.0.1 (Node.js GitHub Bot) #​48094
• [df7540fb73] - deps: update ada to 2.4.2 (Node.js GitHub Bot) #​48092
• [07df5c48e8] - deps: update corepack to 0.18.0 (Node.js GitHub Bot) #​48091
• [d95a5bb559] - deps: update uvwasi to 0.0.18 (Node.js GitHub Bot) #​47866
• [443477e041] - deps: update uvwasi to 0.0.17 (Node.js GitHub Bot) #​47866
• [03f67d6d6d] - deps: upgrade npm to 9.6.7 (npm team) #​48062
• [d3e3a911fd] - deps: update nghttp2 to 1.53.0 (Node.js GitHub Bot) #​47997
• [f7c4daaf67] - deps: update ada to 2.4.1 (Node.js GitHub Bot) #​48036
• [c6a752560d] - deps: add loongarch64 into openssl Makefile and gen openssl-loongarch64 (Shi Pujin) #​46401
• [d194241716] - deps: update undici to 5.22.1 (Node.js GitHub Bot) #​47994
• [02e919f4a2] - deps,test: update postject to 1.0.0-alpha.6 (Node.js GitHub Bot) #​48072
• [2c19f596ad] - doc: clarify array args to Buffer.from() (Bryan English) #​48274
• [d681e5f456] - doc: document watch option for node:test run() (Moshe Atlow) #​48256
• [96e54ddbca] - doc: reserve 117 for Electron 26 (Calvin) #​48245
• [9aff8c7818] - doc: update documentation for FIPS support (Richard Lau) #​48194
• [8c5338648f] - doc: improve the documentation of the stdio option (Kumar Arnav) #​48110
• [11918d705f] - doc: update Buffer.allocUnsafe description (sinkhaha) #​48183
• [2b51ee5e22] - doc: update codeowners with website team (Claudio Wunder) #​48197
• [360df25d04] - doc: fix broken link to new folder doc/contributing/maintaining (Andrea Fassina) #​48205
• [13e95e21a4] - doc: add atlowChemi to triagers (Chemi Atlow) #​48104
• [5f83ce530f] - doc: fix typo in readline completer function section (Vadym) #​48188
• [3c82165d27] - doc: remove broken link for keygen (Rich Trott) #​48176
• [0ca90a1e6d] - doc: add auto intrinsic height to prevent jitter/flicker (Daniel Holbert) #​48195
• [f117855092] - doc: add version info on the SEA docs (Antoine du Hamel) #​48173
• [5094d1b292] - doc: add Ruy to list of TSC members (Michael Dawson) #​48172
• [39d8140227] - doc: update socket.remote* properties documentation (Saba Kharanauli) #​48139
• [5497c13efe] - doc: update outdated section on TLSv1.3-PSK (Tobias Nießen) #​48123
• [281dfaf727] - doc: improve HMAC key recommendations (Tobias Nießen) #​48121
• [bd311b6c70] - doc: clarify mkdir() recursive behavior (Stephen Odogwu) #​48109
• [5b061c8922] - doc: fix typo in crypto legacy streams API section (Tobias Nießen) #​48122
• [10ccb2bd81] - doc: update SEA source link (Rich Trott) #​48080
• [415bf7f532] - doc: clarify tty.isRaw (Roberto Vidal) #​48055
• [0ac4b33c76] - doc: correct line break for Windows terminals (Alex Schwartz) #​48083
• [f30ba5c320] - doc: fix Windows code snippet tags (Antoine du Hamel) #​48100
• [12fef9b68c] - doc: harmonize fenced code snippet flags (Antoine du Hamel) #​48082
• [13f163eace] - doc: use secure key length for HMAC generateKey (Tobias Nießen) #​48052
• [1e3e7c9f33] - doc: update broken EVP_BytesToKey link (Rich Trott) #​48064
• [5917ba1838] - doc: update broken spkac link (Rich Trott) #​48063
• [0e4a3b7db1] - doc: document node-api version process (Chengzhong Wu) #​47972
• [85bbaa94ea] - doc: update process.versions properties (Saba Kharanauli) #​48019
• [7660eb591a] - doc: fix typo in binding functions (Deokjin Kim) #​48003
• [2f5dbca690] - doc: mark Node.js 14 as End-of-Life (Richard Lau) #​48023
• [3b94a739f2] - doc: clarify CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED (Tobias Nießen) #​47976
• [9e381cfa89] - doc: add heading for permission model limitations (Tobias Nießen) #​47989
• [802db923e0] - doc,vm: clarify usage of cachedData in vm.compileFunction() (Darshan Sen) #​48193
• [11a3434810] - esm: remove support for arrays in import internal method (Antoine du Hamel) #​48296
• [3b00f3afef] - esm: handle globalPreload hook returning a nullish value (Antoine du Hamel) #​48249
• [3c7846d7e1] - esm: handle more error types thrown from the loader thread (Antoine du Hamel) #​48247
• [60ce2bcabc] - http: send implicit headers on HEAD with no body (Matteo Collina) #​48108
• [72de4e7170] - lib: do not disable linter for entire files (Antoine du Hamel) #​48299
• [10cc60fc91] - lib: use existing isWindows variable (sinkhaha) #​48134
• [a90010aae9] - lib: support FORCE_COLOR for non TTY streams (Moshe Atlow) #​48034
• [b1828b325e] - (SEMVER-MINOR) lib: implement AbortSignal.any() (Chemi Atlow) #​47821
• [8f1b86961f] - meta: bump github/codeql-action from 2.3.3 to 2.3.6 (dependabot[bot]) #​48287
• [1b87ccdf70] - meta: bump actions/setup-python from 4.6.0 to 4.6.1 (dependabot[bot]) #​48286
• [10715aea26] - meta: bump codecov/codecov-action from 3.1.3 to 3.1.4 (dependabot[bot]) #​48285
• [79f73778ab] - meta: remove dont-land-on-v14 auto labeling (Shrujal Shah) #​48031
• [9c5711f3ea] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​48010
• [6d6bf3ee52] - module: reduce the number of URL initializations (Yagiz Nizipli) #​48272
• [f380953103] - module: change default resolver to not throw on unknown scheme (Gil Tayar) #​47824
• [950185b0c0] - net: fix address iteration with autoSelectFamily (Fedor Indutny) #​48258
• [5ddca72e62] - net: fix family autoselection SSL connection handling (Paolo Insogna) #​48189
• [750e53ca3c] - net: fix family autoselection timeout handling (Paolo Insogna) #​47860
• [a94f87ed99] - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) #​48151
• [e834979818] - node-api: add status napi_cannot_run_js (Gabriel Schulhof) #​47986
• [eafe0c3ec6] - node-api: napi_ref on all types is experimental (Vladimir Morozov) #​47975
• [9a034746f5] - src: add Realm document in the src README.md (Chengzhong Wu) #​47932
• [b8f4070f71] - src: check node_extra_ca_certs after openssl cfg (Raghu Saxena) #​48159
• [0347a18056] - src: include missing header in node_sea.h (Joyee Cheung) #​48152
• [45c3782c20] - src: remove INT_MAX asserts in SecretKeyGenTraits (Tobias Nießen) #​48053
• [b25e7045ad] - src: avoid prototype access in binding templates (Joyee Cheung) #​47913
• [33aa373eec] - src: use Blob{Des|S}erializer for SEA blobs (Joyee Cheung) #​47962
• [9e2b13dfa7] - stream: deprecate asIndexedPairs (Chemi Atlow) #​48102
• [96c323dee2] - test: mark test-child-process-pipe-dataflow as flaky (Moshe Atlow) #​48334
• [9875885357] - test: adapt tests for OpenSSL 3.1 (OttoHollmann) #​47859
• [3440d7c6bf] - test: unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) #​48078
• [215b2bc72c] - test: fix zlib version regex (Luigi Pinca) #​48227
• [e12ee59d26] - test: use lower security level in s_client (Luigi Pinca) #​48192
• [1dabc7390c] - Revert "test: unskip negative-settimeout.any.js WPT" (Filip Skokan) #​48182
• [c1c4796a86] - test: mark test_cannot_run_js as flaky (Keyhan Vakil) #​48181
• [8c49d74002] - test: fix flaky test-runner-watch-mode (Moshe Atlow) #​48144
• [6388766862] - test: skip test-http-pipeline-flood on IBM i (Abdirahim Musse) #​48048
• [8d2a3b1952] - test: ignore helper files in WPTs (Filip Skokan) #​48079
• [7a96d825fd] - test: move test-cluster-primary-error flaky test (Yagiz Nizipli) #​48039
• [a80dd3a8b3] - test: fix suite signal (Benjamin Gruenbaum) #​47800
• [a41cfd183f] - test: fix parsing test flags (Daeyeon Jeong) #​48012
• [4d4e506f2b] - test,doc,sea: run SEA tests on ppc64 (Darshan Sen) #​48111
• [44411fc40c] - test_runner: apply runOnly on suites (Moshe Atlow) #​48279
• [3f259b7a30] - test_runner: emit test:watch:drained event (Moshe Atlow) #​48259
• [c9f8e8c562] - test_runner: stop watch mode when abortSignal aborted (Moshe Atlow) #​48259
• [f3268d64cb] - test_runner: fix global after hook (Moshe Atlow) #​48231
• [15336c3139] - test_runner: remove redundant check from coverage (Colin Ihrig) #​48070
• [750d3e8606] - test_runner: pass FORCE_COLOR to child process (Moshe Atlow) #​48057
• [3278542243] - test_runner: dont split lines on test:stdout (Moshe Atlow) #​48057
• [027c531766] - test_runner: fix test deserialize edge cases (Moshe Atlow) #​48106
• [2b797a6d39] - test_runner: delegate stderr and stdout formatting to reporter (Shiba) #​48045
• [23d310bee8] - test_runner: display dot report as wide as the terminal width (Raz Luvaton) #​48038
• [fd2620dcf1] - tls: reapply servername on happy eyeballs connect (Fedor Indutny) #​48255
• [62f847d0b3] - tools: update rollup lint-md-dependencies (Node.js GitHub Bot) #​48329
• [3e97826a66] - Revert "tools: open issue when update workflow fails" (Marco Ippolito) #​48312
• [5f08bfe35f] - tools: don't gitignore base64 config.h (Ben Noordhuis) #​48174
• [ded0e2d755] - tools: update LICENSE and license-builder.sh (Santiago Gimeno) #​48078
• [07aa264366] - tools: automate histogram update (Marco Ippolito) #​48171
• [1416b75eaa] - tools: use shasum instead of sha256sum (Luigi Pinca) #​48229
• [b81e9d9b7b] - tools: harmonize dep_updaters scripts (Antoine du Hamel) #​48201
• [a60bc41e53] - tools: deps update authenticate github api request (Andrea Fassina) #​48200
• [7478ed014e] - tools: order dependency jobs alphabetically (Luca) #​48184
• [568a705799] - tools: refactor v8_pch config (Michaël Zasso) #​47364
• [801573ba46] - tools: log and verify sha256sum (Andrea Fassina) #​48088
• [db62325e18] - tools: open issue when update workflow fails (Marco Ippolito) #​48018
• [ad8a68856d] - tools: alphabetize CODEOWNERS (Rich Trott) #​48124
• [4cf5a9edaf] - tools: use latest upstream commit for zlib updates (Andrea Fassina) #​48054
• [8d93af381b] - tools: add security-wg as dep updaters owner (Marco Ippolito) #​48113
• [5325be1d99] - tools: port js2c.py to C++ (Joyee Cheung) #​46997
• [6c60d90277] - tools: fix race condition when npm installing (Tobias Nießen) #​48101
• [0ab840a58f] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #​48098
• [a298193378] - tools: update cpplint to 1.6.1 (Yagiz Nizipli) #​48098
• [f6725751b7] - tools: update eslint to 8.41.0 (Node.js GitHub Bot) #​48097
• [6539361f4e] - tools: update lint-md-dependencies (Node.js GitHub Bot) #​48096
• [5d94dbb951] - tools: update doc to remark-parse@10.0.2 (Node.js GitHub Bot) #​48095
• [2226088048] - tools: add debug logs (Marco Ippolito) #​48060
• [0c8c383583] - tools: fix zconf.h path (Luigi Pinca) #​48089
• [6adaf4c648] - tools: update remark-preset-lint-node to 4.0.0 (Node.js GitHub Bot) #​47995
• [92b3334231] - url: clean vertical alignment of docs (Robin Ury) #​48037
• [ebb6536775] - url: call ada::can_parse directly (Yagiz Nizipli) #​47919
• [ed4514294a] - vm: properly handle defining symbol props (Nicolas DUBIEN) #​47572

v20.2.0: 2023-05-16, Version 20.2.0 (Current), @​targos

Compare Source

Notable Changes

• [c092df9094] - doc: add ovflowd to collaborators (Claudio Wunder) #​47844
• [4197a9a5a0] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #​47732
• [c4596b9ce7] - (SEMVER-MINOR) sea: add option to disable the experimental SEA warning (Darshan Sen) #​47588
• [17befe008c] - (SEMVER-MINOR) test_runner: add skip, todo, and only shorthands to test (Chemi Atlow) #​47909
• [a0634d7f89] - (SEMVER-MINOR) url: add value argument to URLSearchParams has and delete methods (Sankalp Shubham) #​47885

Commits

• [456fca0d9c] - bootstrap: initialize per-isolate properties of bindings separately (Joyee Cheung) #​47768
• [d6d12bf978] - bootstrap: log isolate data info in mksnapshot debug logs (Joyee Cheung) #​47768
• [e457d89a1b] - buffer: combine checking range of sourceStart in buf.copy (Deokjin Kim) #​47758
• [00668fcfb4] - child_process: use signal.reason in child process abort (Debadree Chatterjee) #​47817
• [d7993474ea] - crypto: remove default encoding from scrypt (Tobias Nießen) #​47943
• [09fb74a7cc] - crypto: fix webcrypto private/secret import with empty usages (Filip Skokan) #​47877
• [e9c6ee74f3] - crypto: remove default encoding from pbkdf2 (Tobias Nießen) #​47869
• [b7f13a8679] - deps: update simdutf to 3.2.9 (Node.js GitHub Bot) #​47983
• [b16f6da153] - deps: V8: cherry-pick 5f025d1 (Michaël Zasso) #​47610
• [99f8fcab45] - deps: V8: cherry-pick a8a11a8 (Michaël Zasso) #​47610
• [c2b14b4c78] - deps: update ada to 2.4.0 (Node.js GitHub Bot) #​47922
• [cad42e7a56] - deps: V8: cherry-pick 1b471b7 (Lu Yahan) #​47399
• [7b2f17ca59] - deps: upgrade npm to 9.6.6 (npm team) #​47862
• [d23b1af562] - deps: update ada to 2.3.1 (Node.js GitHub Bot) #​47893
• [72340c98fb] - dgram: convert macro to template (Tobias Nießen) #​47891
• [9be922892f] - dns: call ada::idna::to_ascii directly from c++ (Yagiz Nizipli) #​47920
• [4a1e97156a] - doc: add missing deprecated blocks to cluster (Tobias Nießen) #​47981
• [13118a19ee] - doc: update description of global (Tobias Nießen) #​47969
• [372796440b] - doc: update measure memory rejection information (Yash Ladha) #​41639
• [7ecc6740e4] - doc: fix broken link to TC39 import attributes proposal (Rich Trott) #​47954
• [b9771c95c7] - doc: fix broken link (Rich Trott) #​47953
• [6f5ba92e61] - doc: remove broken link (Rich Trott) #​47942
• [c9ffc555f1] - doc: document make lint-md-clean (Matteo Collina) #​47926
• [7ed99e8ba5] - doc: mark global object as legacy (Mert Can Altın) #​47819
• [bf39f2d252] - doc: ntfs junction points must link to directories (Ben Noordhuis) #​47907
• [4dfc3890d8] - doc: improve permission.has description (Daeyeon Jeong) #​47875
• [93f1aa2856] - doc: fix params names (Dmitry Semigradsky) #​47853
• [9a362aa2fb] - doc: update supported version of FreeBSD to 12.4 (Michaël Zasso) #​47838
• [89c70dc6e6] - doc: add stability experimental to pm (Rafael Gonzaga) #​47890
• [f96fb2eee7] - doc: swap Matteo with Rafael in the stewards (Rafael Gonzaga) #​47841
• [1666a146e3] - doc: add valgrind suppression details (Kevin Eady) #​47760
• [e53e8231ff] - doc: replace EOL versions in README (Tobias Nießen) #​47833
• [c092df9094] - doc: add ovflowd to collaborators (Claudio Wunder) #​47844
• [f7106765b3] - doc: update BUILDING.md previous versions links (Tobias Nießen) #​47835
• [811b43c215] - doc,test: update the v8.startupSnapshot doc and test the example (Joyee Cheung) #​47468
• [1ec640ac70] - esm: do not use 'beforeExit' on the main thread (Antoine du Hamel) #​47964
• [106dc612d6] - fs: make readdir recursive algorithm iterative (Ethan Arrowood) #​47650
• [a0da2348a8] - fs: move fs_use_promises_symbol to per-isolate symbols (Joyee Cheung) #​47768
• [4197a9a5a0] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #​47732
• [a4d6543598] - http2: improve nghttp2 error callback (Tobias Nießen) #​47840
• [a4fed6c580] - lib: update comment (sinkhaha) #​47884
• [fd8bec7b2b] - meta: bump step-security/harden-runner from 2.3.1 to 2.4.0 (Rich Trott) #​47980
• [f5b4b6d5dc] - meta: bump github/codeql-action from 2.3.2 to 2.3.3 (Rich Trott) #​47979
• [c05c0a2359] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (Rich Trott) #​47968
• [2a3d6d97cb] - meta: add security-wg ping to permission.js (Rafael Gonzaga) #​47941
• [6c158e8dd1] - meta: bump step-security/harden-runner from 2.2.1 to 2.3.1 (dependabot[bot]) #​47808
• [f7a8094d37] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (dependabot[bot]) #​47806
• [0f58e48792] - meta: bump actions/checkout from 3.3.0 to 3.5.2 (dependabot[bot]) #​47805
• [652b06dd82] - meta: remove extra space in scorecard workflow (Mestery) #​47805
• [9f06eaccaf] - meta: bump github/codeql-action from 2.2.9 to 2.3.2 (dependabot[bot]) #​47809
• [977fd7cf35] - meta: bump codecov/codecov-action from 3.1.1 to 3.1.3 (dependabot[bot]) #​47807
• [c19385c154] - module: refactor to use normalizeRequirableId in the CJS module loader (Darshan Sen) #​47896
• [739113f2fc] - module: block requiring test/reporters without scheme (Moshe Atlow) #​47831
• [f489c6710c] - (NODE-API-SEMVER-MAJOR) node-api: get Node API version used by addon (Vladimir Morozov) #​45715
• [7222f9d74b] - path: indicate index of wrong resolve() parameter (sosoba) #​47660
• [7dd32f1536] - permission: remove unused function declaration (Deokjin Kim) #​47957
• [af86625a05] - permission: resolve reference to absolute path only for fs permission (Daeyeon Jeong) #​47930
• [1625ae11fe] - quic: address recent coverity warning (Michael Dawson) #​47753
• [c4596b9ce7] - (SEMVER-MINOR) sea: add option to disable the experimental SEA warning (Darshan Sen) #​47588
• [1a7fc186bc] - sea: allow requiring core modules with the "node:" prefix (Darshan Sen) #​47779
• [786a1c5398] - src: deduplicate X509Certificate::Fingerprint* (Tobias Nießen) #​47978
• [060c1d502b] - src: stop copying code cache, part 2 (Keyhan Vakil) #​47958
• [1aec718619] - (SEMVER-MINOR) src: add cjs_module_lexer_version base64_version (Jithil P Ponnan) #​45629
• [0c06bfd8dc] - src: move BlobSerializerDeserializer to a separate header file (Darshan Sen) #​47933
• [bd553e7521] - src: rename SKIP_CHECK_SIZE to SKIP_CHECK_STRLEN (Tobias Nießen) #​47845
• [190596c189] - src: register external references for source code (Keyhan Vakil) #​47055
• [4293cc47f4] - src: support V8 experimental shared values in messaging (Shu-yu Guo) #​47706
• [9bc5d78f0c] - src: register ext reference for Fingerprint512 (Tobias Nießen) #​47892
• [a11507e23b] - src: stop copying code cache (Keyhan Vakil) #​47144
• [515c9b8de6] - src: clarify the parameter name in Permission::Apply (Daeyeon Jeong) #​47874
• [c4217613f5] - src: fix creating an ArrayBuffer from a Blob created with openAsBlob (Daeyeon Jeong) #​47691
• [4bc17fd67b] - src: avoid strcmp() with Utf8Value (Tobias Nießen) #​47827
• [d358317f70] - src: get binding data store directly from the realm (Joyee Cheung) #​47437
• [b04d51a0b5] - src: prefer data accessor of string and vector (Mohammed Keyvanzadeh) #​47750
• [2952cc576c] - src: add per-isolate SetFastMethod and Set[Fast]MethodNoSideEffect (Joyee Cheung) #​47768
• [010d2ecf94] - test: mark test-esm-loader-http-imports as flaky (Tobias Nießen) #​47987
• [bb33c74c07] - test: add getRandomValues return length (Jithil P Ponnan) #​46357
• [6e019586f7] - test: unskip negative-settimeout.any.js WPT (Filip Skokan) #​47946
• [8f547afe5f] - test: use appropriate usages for a negative import test (Filip Skokan) #​47878
• [7e34f77518] - test: fix webcrypto wrap unwrap tests (Filip Skokan) #​47876
• [30f4f35244] - test: fix output tests when path includes node version (Moshe Atlow) #​47843
• [54607bfd68] - test: reduce WPT concurrency (Filip Skokan) #​47834
• [17945a2495] - test: migrate a pseudo_tty test to use assertSnapshot (Moshe Atlow) #​47803
• [c9233679e8] - test: fix WPT state when process exits but workers are still running (Filip Skokan) #​47826
• [34bfb69b5b] - test: migrate message tests to use assertSnapshot (Moshe Atlow) #​47498
• [d25c785c2a] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #​47851
• [aa2c7e00d7] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #​47921
• [da27542058] - test_runner: use v8.serialize instead of TAP (Moshe Atlow) #​47867
• [17befe008c] - (SEMVER-MINOR) test_runner: add shorthands to test (Chemi Atlow) #​47909
• [42db1d50a0] - test_runner: fix ordering of test hooks (Phil Nash) #​47931
• [d81c54e3a8] - test_runner: omit inaccessible files from coverage (Colin Ihrig) #​47850
• [a4e261e910] - tools: debug log for nghttp3 (Marco Ippolito) #​47992
• [f6ff318d4c] - tools: automate icu-small update (Marco Ippolito) #​47727
• [706c305381] - tools: update lint-md-dependencies to rollup@3.21.5 (Node.js GitHub Bot) #​47903
• [e22c686ca9] - tools: update eslint to 8.40.0 (Node.js GitHub Bot) #​47906
• [36f7cfac93] - tools: update eslint to 8.39.0 (Node.js GitHub Bot) #​47789
• [7323902a40] - tools: fix jsdoc lint (Moshe Atlow) #​47789
• [a0634d7f89] - (SEMVER-MINOR) url: add value argument to has and delete methods (Sankalp Shubham) #​47885
• [1b06c1e003] - url: improve isURL detection (Yagiz Nizipli) #​47886
• [2bd869d20c] - vm: fix crash when setting __proto__ on context's globalThis (Feng Yu) #​47939
• [e6685f9e82] - vm,lib: refactor microtaskQueue assignment logic (Khaidi Chu) #​47765
• [47fea13dac] - worker: support more cases when (de)serializing errors (Moshe Atlow) #​47925
• [6f3876c035] - worker: use snapshot in workers spawned by workers (Joyee Cheung) #​47731

v20.1.0: 2023-05-03, Version 20.1.0 (Current), @​targos

Compare Source

Notable Changes

• [[5e99598639](https://togithub.com/nodejs/node/commit/

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.