chore(deps): update node.js to v24.5.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
node	final	minor	24.4.1-alpine3.21 -> 24.5.0-alpine3.21
@types/node (source)	devDependencies	minor	24.1.0 -> 24.2.1

---

Release Notes

nodejs/node (node)

v24.5.0: 2025-07-31, Version 24.5.0 (Current), @​aduh95

Compare Source

Notable Changes

Upgrade to OpenSSL 3.5

This release is distributed with OpenSSL 3.5.1, following the announcement that
OpenSSL 3.5 will be supported until April 2030, while Node.js 24 will be
supported until April 2028. Read more about OpenSSL support in their blog post:
https://openssl-library.org/post/2025-02-20-openssl-3.5-lts/.

Contributed by Richard Lau in #​58100.

Unflag --experimental-wasm-modules

Node.js supports both source phase imports and instance phase imports to WebAssembly
modules and for WASM imports to JavaScript, in line with the current Phase 3
WebAssembly ESM Integration proposal.
The implementation and the specification are still subject to change.

Contributed by Guy Bedford in #​57038.

Built-in proxy support in request() and Agent

node:http and node:https now support proxies. When NODE_USE_ENV_PROXY
is set to 1, the default global agent would parse the http_proxy/HTTP_PROXY,
https_proxy/HTTPS_PROXY, no_proxy/NO_PROXY settings from the
environment variables, and proxy the requests sent through the built-in http/https
client accordingly.

To use global proxy support from the command line:

NODE_USE_ENV_PROXY=1 HTTP_PROXY=http://proxy.example.com:8080 HTTPS_PROXY=http://proxy.example.com:8080 NO_PROXY=localhost,127.0.0.1 node client.js

In addition, http.Agent and https.Agent now support the custom proxyEnv options.

const agent = new https.Agent({ proxyEnv: { HTTPS_PROXY: 'http://proxy.example.com:8080' } });

For reference, fetch() already supports NODE_USE_ENV_PROXY as of Node.js 24.0.0.

Contributed by Joyee Cheung in #​58980.

Add setDefaultCACertificates() to node:tls

This API allows dynamically configuring CA certificates that will be used by the
Node.js TLS clients by default.

Once called, the provided certificates will become the default CA certificate list
returned by tls.getCACertificates('default') and used by TLS connections that
don't specify their own CA certificates.

To add system CA certificates to the default bundle (which includes the Mozilla
CA certificates):

tls.setDefaultCACertificates(tls.getCACertificates('default').concat(tls.getCACertificates('system')));

Contributed by Joyee Cheung in #​58822.

Other notable changes

• [d5640ca58a] - (SEMVER-MINOR) cli: support ${pid} placeholder in --cpu-prof-name (Haram Jeong) #​59072
• [c52aaacfc5] - (SEMVER-MINOR) dns: support max timeout (theanarkh) #​58440
• [927742b342] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [f753645cd8] - (SEMVER-MINOR) net: update net.blocklist to allow file save and file management (alphaleadership) #​58087
• [9791ff3480] - (SEMVER-MINOR) worker: add web locks api (ishabi) #​58666

Commits

• [5457c7a8a1] - benchmark: adjust configuration for string-decoder bench (Rafael Gonzaga) #​59187
• [28538f2255] - benchmark: add --track to benchmark (Rafael Gonzaga) #​59174
• [a28d804497] - benchmark: small lint fix on _cli.js (Rafael Gonzaga) #​59172
• [09717eb68e] - benchmark: drop misc/punycode benchmark (Rafael Gonzaga) #​59171
• [ad6757ef02] - benchmark: fix sqlite-is-transaction (Rafael Gonzaga) #​59170
• [7fc3143f61] - benchmark: reduce N for diagnostics_channel subscribe benchmark (Arthur Angelo) #​59116
• [f2812723a0] - buffer: cache Environment::GetCurrent to avoid repeated calls (Mert Can Altin) #​59043
• [e3e729ca60] - build: remove suppressions.supp (Rafael Gonzaga) #​59079
• [dc66422768] - build,deps,tools: prepare to update to OpenSSL 3.5 (Richard Lau) #​58100
• [f5da4947d9] - cli: add --use-env-proxy (Joyee Cheung) #​59151
• [d5640ca58a] - (SEMVER-MINOR) cli: support ${pid} placeholder in --cpu-prof-name (Haram Jeong) #​59072
• [eeeb40e95b] - (SEMVER-MINOR) crypto: add tls.setDefaultCACertificates() (Joyee Cheung) #​58822
• [135fca5b72] - crypto: avoid copying buffers to UTF-8 strings in crypto.hash() (Renegade334) #​59067
• [998cef10e3] - deps: update archs files for openssl-3.5.1 (Node.js GitHub Bot) #​59234
• [1f06ca956a] - deps: upgrade openssl sources to openssl-3.5.1 (Node.js GitHub Bot) #​59234
• [55a90eed8d] - deps: upgrade npm to 11.5.1 (npm team) #​59199
• [2b5d451ae0] - deps: update amaro to 1.1.1 (Node.js GitHub Bot) #​59141
• [af789d9b5c] - deps: update undici to 7.12.0 (Node.js GitHub Bot) #​59135
• [a34e44545e] - deps: update sqlite to 3.50.3 (Node.js GitHub Bot) #​59132
• [bfe4781c7d] - deps: update googletest to 7e17b15 (Node.js GitHub Bot) #​59131
• [72adf52e51] - deps: update ada to 3.2.6 (Node.js GitHub Bot) #​58966
• [2a5f35b589] - deps: V8: cherry-pick 3d750c2 (Michaël Zasso) #​58750
• [3f813eaba7] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [fb52d0d8df] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [f122602f9d] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #​59133
• [c52aaacfc5] - (SEMVER-MINOR) dns: support max timeout (theanarkh) #​58440
• [927742b342] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [9a8d2020ad] - doc: copyedit SECURITY.md (Rich Trott) #​59190
• [3da5bc0668] - doc: fix broken sentence in URL.parse (Superchupu) #​59164
• [06cd7461e0] - doc: improve onboarding instructions (Joyee Cheung) #​59159
• [dfb72d158b] - doc: add constraints for mem leak to threat model (Rafael Gonzaga) #​58917
• [51b8dfd5c6] - doc: add Aditi-1400 to collaborators (Aditi) #​59157
• [4ffa756ce3] - doc: avoid suggesting testing fast api with intense loop (Chengzhong Wu) #​59111
• [6f81b274f7] - doc: fix typo in writing-test.md (SeokHun) #​59123
• [88e434e687] - doc: add new environment variables doc page (Dario Piotrowicz) #​59052
• [b1a318d706] - doc: update release key for aduh95 (Antoine du Hamel) #​58877
• [34c49000c9] - doc: add missing section for setReturnArrays in sqlite.md (Edy Silva) #​59074
• [9b2e965aff] - doc: add RafaelGSS as steward July 25 (Rafael Gonzaga) #​59078
• [2d1dcb87e6] - doc: clarify ERR_FS_FILE_TOO_LARGE to reflect fs.readFile() I/O limit (Haram Jeong) #​59050
• [999b5e51e7] - doc: run license-builder (github-actions[bot]) #​59056
• [1940a2cb46] - doc: fix typed list formatting (Aviv Keller) #​59019
• [6cb5e0d22f] - doc: refine util.parseArgs default definition (Slayer95) #​58958
• [d2e7f8e13a] - doc: remove unused import in zlib.md (coderaiser) #​59041
• [9d02960149] - doc: add missing environment variables to manpage (amir lavasani) #​58963
• [45ffdb34fb] - doc: add stability index to the --watch-kill-signal flag (Dario Piotrowicz) #​58997
• [3924c43600] - doc: add missing <code> blocks (Antoine du Hamel) #​58995
• [cb95e183f3] - doc: add scroll margin to links (Roman Reiss) #​58982
• [c9ded6ba15] - doc: add sponsorship link to RafaelGSS (Rafael Gonzaga) #​58983
• [b919fe0447] - (SEMVER-MINOR) esm: unflag --experimental-wasm-modules (Guy Bedford) #​57038
• [71bb6cd077] - esm: js-string Wasm builtins in ESM Integration (Guy Bedford) #​59020
• [8d869e6d62] - fs: fix return value of fs APIs (theanarkh) #​58996
• [7f654cee9e] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #​58980
• [85d6a28f4f] - inspector: initial support for Network.loadNetworkResource (Shima Ryuhei) #​58077
• [cfaa299f2e] - lib: fix incorrect ArrayBufferPrototypeGetDetached primordial type (Dario Piotrowicz) #​58978
• [d555db22ad] - lib: flag to conditionally modify proto on deprecate (Rafael Gonzaga) #​58928
• [96c9dd79e6] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​59140
• [324d9fc9d4] - meta: enable jsdoc/check-tag-names rule (Yagiz Nizipli) #​58521
• [04c751463b] - meta: add marco-ippolito to security release stewards (Marco Ippolito) #​58944
• [fe0195fdcc] - module: fix conditions override in synchronous resolve hooks (Joyee Cheung) #​59011
• [515b581d47] - module: throw error when re-runing errored module jobs (Joyee Cheung) #​58957
• [f753645cd8] - (SEMVER-MINOR) net: update net.blocklist to allow file save and file management (alphaleadership) #​58087
• [15e6c28d82] - node-api,doc: update links to ecma262 with section names (Chengzhong Wu) #​59087
• [f67b686551] - perf_hooks: do not expose SafeMap via Histogram wrapper (René) #​59094
• [3d2f919f7c] - process: make execve's args argument optional (Allon Murienik) #​58412
• [1a44265810] - repl: handle errors from getters during completion (Shima Ryuhei) #​59044
• [467dbd31e6] - repl: fix repl crashing on variable declarations without init (Dario Piotrowicz) #​59032
• [3a3eb6852d] - repl: improve REPL disabling completion on proxies and getters (Dario Piotrowicz) #​58891
• [55838e79b8] - src: call unmask after install signal handler (theanarkh) #​59059
• [77649ad93b] - src: use FastStringKey for TrackV8FastApiCall (Anna Henningsen) #​59148
• [86babf9c4b] - src: use C++20 consteval for FastStringKey (Anna Henningsen) #​59148
• [88b99eeae1] - src: remove declarations of removed BaseObject static fns (Anna Henningsen) #​59093
• [d89390fc8f] - src: add cache to nearest parent package json (Ilyas Shabi) #​59086
• [21780075e4] - src: check import attributes value types as strings (Chengzhong Wu) #​58986
• [ef89c2fac9] - src,test: fix config file parsing for flags defaulted to true (Edy Silva) #​59110
• [1e990866e0] - test: mark web lock held test as flaky (Ilyas Shabi) #​59144
• [ba8e95a785] - test: use mustSucceed in test-fs-read (Sungwon) #​59204
• [39978f507f] - test: prepare test-crypto-rsa-dsa for newer OpenSSL (Richard Lau) #​58100
• [1c3aadb9d6] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #​59158
• [a0d22e9c51] - test: remove timeout in test-https-proxy-request-handshake-failure (Joyee Cheung) #​59165
• [7e0a0fccc1] - test: expand linting rules around assert w literal messages (Anna Henningsen) #​59147
• [c6070046c3] - test: update WPT for WebCryptoAPI to ab08796 (Node.js GitHub Bot) #​59129
• [15d8cc908e] - test: update WPT for WebCryptoAPI to 19d82c5 (Node.js GitHub Bot) #​59129
• [83023e5144] - test: skip tests that cause timeouts on IBM i (Abdirahim Musse) #​59014
• [82d4175ec3] - test: update startCLI to set --port=0 by default (Dario Piotrowicz) #​59042
• [16dc53c143] - (SEMVER-MINOR) test: move http proxy tests to test/client-proxy (Joyee Cheung) #​58980
• [a9511a6066] - test: mark test-inspector-network-fetch as flaky on Windows (Joyee Cheung) #​59091
• [1cffcc02a3] - test: add missing port=0 arg in test-debugger-extract-function-name (Dario Piotrowicz) #​58977
• [83cdf1701b] - test_runner: clean up promisified interval generation (René) #​58824
• [195d6038dc] - tools: clarify README linter error message (Joyee Cheung) #​59160
• [51f578a3bf] - tools: add support for URLs to PR commits in merge.sh (Antoine du Hamel) #​59162
• [20be9012eb] - tools: bump @​eslint/plugin-kit from 0.3.1 to 0.3.3 in /tools/eslint (dependabot[bot]) #​59119
• [623e264e93] - tools: ignore CVE mention when linting release proposals (Antoine du Hamel) #​59037
• [0e547e09ab] - tools,test: enforce best practices to detect never settling promises (Antoine du Hamel) #​58992
• [075d1968db] - util: respect nested formats in styleText (Alex Yang) #​59098
• [9791ff3480] - (SEMVER-MINOR) worker: add web locks api (ishabi) #​58666

---

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled because a matching PR was automerged previously.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.