Update Node.js to v22.18.0#89
Merged
Merged
Conversation
Contributor
|
renovate
Bot
force-pushed
the
renovate/node-22.x
branch
from
8a80d61 to
a740379
Compare
renovate
Bot
force-pushed
the
renovate/node-22.x
branch
from
a740379 to
763d0d8
Compare
renovate
Bot
force-pushed
the
renovate/node-22.x
branch
from
763d0d8 to
fa84bad
Compare
johanrd
added a commit
to johanrd/table
that referenced
this pull request
Aug 25, 2025
* main: (21 commits) Prepare Release using 'release-plan' remove unused @ts-expect-error pass through generics of resize handle consistency make sure generics are passed into helpers Update pnpm to v10.14.0 (universal-ember#90) Update Node.js to v22.18.0 (universal-ember#89) Update dependency @babel/runtime to v7.28.2 (universal-ember#91) Update dependency @embroider/addon-shim to v1.10.0 (universal-ember#76) Update dependency @babel/runtime to v7.27.6 (universal-ember#85) Update dependency ember-resources to v7.0.6 (universal-ember#81) Update dependency ember-modify-based-class-resource to v1.1.2 (universal-ember#83) Update dependency ember-modifier to v4.2.2 (universal-ember#82) Update pnpm to v10.12.1 (universal-ember#86) Update Node.js to v22.16.0 (universal-ember#79) Update pnpm to v10.11.0 (universal-ember#70) Update dependency @babel/runtime to v7.27.1 (universal-ember#78) Update dependency reactiveweb to v1.4.1 (universal-ember#77) Update dependency vite to v6.2.7 [SECURITY] (universal-ember#80) Update dependency @babel/runtime to v7.27.0 (universal-ember#69) ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
22.16.0->22.18.0Release Notes
nodejs/node (node)
v22.18.0Compare Source
v22.17.1Compare Source
v22.17.0: 2025-06-24, Version 22.17.0 'Jod' (LTS), @aduh95Compare Source
Notable Changes
Instantiating
node:httpclasses withoutnewConstructing classes like
IncomingMessageorServerResponsewithout thenewkeyword is now discouraged. This clarifies API expectations and aligns with standard
JavaScript behavior. It may warn or error in future versions.
Contributed by Yagiz Nizipli in #58518.
options.shell = ""innode:child_processUsing an empty string for
shellpreviously had undefined behavior. This changeencourages explicit choices (e.g.,
shell: trueor a shell path) and avoidsrelying on implementation quirks.
Contributed by Antoine du Hamel and Renegade334 #58564.
HTTP/2 priority signaling
The HTTP/2 prioritization API (e.g.,
stream.priority) is now deprecated due topoor real-world support. Applications should avoid using priority hints and expect future removal.
Contributed by Matteo Collina and Antoine du Hamel #58313.
✅ Features graduated to stable
assert.partialDeepStrictEqual()This method compares only a subset of properties in deep object comparisons,
useful for flexible test assertions. Its stabilization means it's now safe for
general use and won't change unexpectedly in future releases.
Contributed by Ruben Bridgewater in #57370.
Miscellaneous
dirent.parentPathfilehandle.readableWebStream()fs.glob()fs.openAsBlob()node:readline/promisesport.hasRef()readable.compose()readable.iterator()readable.readableAbortedreadable.readableDidReadDuplex.fromWeb()Duplex.toWeb()Readable.fromWeb()Readable.isDisturbed()Readable.toWeb()stream.isErrored()stream.isReadable()URL.createObjectURL()URL.revokeObjectURL()v8.setHeapSnapshotNearHeapLimit()Writable.fromWeb()Writable.toWeb()writable.writableAbortedERR_INPUT_TYPE_NOT_ALLOWEDERR_UNKNOWN_FILE_EXTENSIONERR_UNKNOWN_MODULE_FORMATERR_USE_AFTER_CLOSEContributed by James M Snell in
#57513 and
#58541.
Semver-minor features
🔧
fs.FileHandle.readableWebStreamgetsautoCloseoptionThis gives developers explicit control over whether the file descriptor should
be closed when the stream ends. Helps avoid subtle resource leaks.
Contributed by James M Snell in #58548.
🔧
fs.Dirnow supports explicit resource managementThis improves ergonomics around async iteration of directories. Developers can
now manually control when a directory is closed using
.close()or withSymbol.asyncDispose.Contributed by Antoine du Hamel in #58206.
📊
http2gains diagnostics channel:http2.server.stream.finishAdds observability support for when a stream finishes. Useful for logging,
monitoring, and debugging HTTP/2 behavior without patching internals.
Contributed by Darshan Sen in #58560.
🔐 Permissions: implicit allow-fs-read to entrypoint
Node.js permissions model now allows read access to the entry file by default.
It makes running permission-restricted apps smoother while preserving security.
Contributed by Rafael Gonzaga in #58579.
🎨
util.styleText()adds'none'styleThis lets developers remove styling cleanly without hacks. Useful for overriding
inherited terminal styles when composing styled strings.
Contributed by James M Snell in #58437.
🧑💻 Community updates
0105c13556] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #584993b857735ef] - doc: add JonasBa to collaborators (Jonas Badalic) #58355fdf7612735] - doc: add puskin to collaborators (Giovanni Bucci) #58308Commits
ffe7e1ace0] - (SEMVER-MINOR) assert: mark partialDeepStrictEqual() as stable (Ruben Bridgewater) #57370269931f289] - async_hooks: ensure AsyncLocalStore instances work isolated (Gerhard Stöbich) #581499e0746a4ff] - benchmark: fix broken fs.cpSync benchmark (Dario Piotrowicz) #58472dee8cb5bcb] - benchmark: add more options to cp-sync (Sonny) #58278e840fd5b85] - benchmark: fix typo in method name for error-stack (Miguel Marcondes Filho) #58128b9a16e97e0] - buffer: give names toBuffer.prototype.*Write()functions (Livia Medeiros) #58258d56a5e40af] - buffer: use constexpr where possible (Yagiz Nizipli) #58141215587feca] - build: add support for OpenHarmony operating system (hqzing) #583509bcef6821c] - build: fix uvwasi pkgname (Antoine du Hamel) #582707c3883c2ae] - build: search for libnode.so in multiple places (Jan Staněk) #582133f954accb3] - build: fix pointer compression builds (Joyee Cheung) #5817104c8f59f84] - build: use FILE_OFFSET_BITS=64 esp. on 32-bit arch (RafaelGSS) #580908c2cf3a372] - build: use //third_party/simdutf by default in GN (Shelley Vohr) #58115cff8006792] - child_process: give names toChildProcessfunctions (Livia Medeiros) #583706816d779b6] - child_process: give names to promisifiedexec()andexecFile()(LiviaMedeiros) #579165572cecca4] - crypto: expose crypto.constants.OPENSSL_IS_BORINGSSL (Shelley Vohr) #58387d6aa02889c] - deps: use proper C standard when building libuv (Yaksh Bariya) #58587375a6413d5] - deps: update simdjson to 3.12.3 (Node.js GitHub Bot) #57682e0cd138e52] - deps: update googletest toe9092b1(Node.js GitHub Bot) #5856531e592631f] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #58566386c24260b] - deps: update sqlite to 3.50.0 (Node.js GitHub Bot) #58272f84998d40b] - deps: update OpenSSL gen container to Ubuntu 22.04 (Michaël Zasso) #58432d49fd29859] - deps: update llhttp to 9.3.0 (Fedor Indutny) #58144e397980a1a] - deps: update libuv to 1.51.0 (Node.js GitHub Bot) #58124a28c33645c] - dns: fix dns query cache implementation (Ethan Arrowood) #584046939b0c624] - doc: fix the order ofprocess.mdsections (Allon Murienik) #584031ca253c363] - doc: add support link for panva (Filip Skokan) #585918319edbcf6] - doc: update metadata for _transformState deprecation (James M Snell) #58530697d258136] - doc: deprecate passing an empty string tooptions.shell(Antoine du Hamel) #58564132fc804e8] - doc: correct formatting of example definitions for--test-shard(Jacob Smith) #585717d0df646f6] - doc: clarify DEP0194 scope (Antoine du Hamel) #585041e6d7da0ce] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #583135a917bc1d0] - doc: explain child_process code and signal null values everywhere (Darshan Sen) #584790105c13556] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #584992bdc87cd64] - doc: updategit node releaseexample (Antoine du Hamel) #5847528f9b43186] - doc: add missing options.info for ZstdOptions (Jimmy Leung) #58360e19496dfc1] - doc: add missing options.info for BrotliOptions (Jimmy Leung) #583597f905863db] - doc: clarify x509.checkIssued only checks metadata (Filip Skokan) #584575cc97df637] - doc: add links to parent class fornode:zlibclasses (Antoine du Hamel) #5843336e0d5539b] - doc: remove remaining uses of@@​wellknownsyntax (René) #584132f36f8e863] - doc: clarify behavior of --watch-path and --watch flags (Juan Ignacio Benito) #581363b857735ef] - doc: add JonasBa to collaborators (Jonas Badalic) #583559d5e969bb6] - doc: add latest security release steward (Rafael Gonzaga) #58339b22bb03167] - doc: fix CryptoKey.algorithm type and other interfaces in webcrypto.md (Filip Skokan) #58294670f31060b] - doc: mark the callback argument of crypto.generatePrime as mandatory (Allon Murienik) #5829939d9a61239] - doc: remove comma delimiter mention on permissions doc (Rafael Gonzaga) #58297573b0b7bfe] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291a5a686a3ae] - doc: update commit-queue documentation (Dario Piotrowicz) #58275fdf7612735] - doc: add puskin to collaborators (Giovanni Bucci) #58308be492a1708] - doc: update stability status for diagnostics_channel to experimental (Idan Goshen) #582617d00fc2206] - doc: clarify napi_get_value_string_* for bufsize 0 (Tobias Nießen) #58158c8500a2c4a] - doc: fix typo of filehttp.md,outgoingMessage.setTimeoutsection (yusheng chen) #5818834a9b856c3] - doc: update return types for eventNames method in EventEmitter (Yukihiro Hasegawa) #58083faedee59d2] - doc: fix typo in benchmark script path (Miguel Marcondes Filho) #58129570d8d3f10] - doc: clarify future Corepack removal in v25+ (Trivikram Kamat) #57825a71b9fc2ff] - doc: mark multiple APIs stable (James M Snell) #5751373a97d47f3] - doc,lib: update source map links to ECMA426 (Chengzhong Wu) #585978b41429499] - doc,src,test: fix typos (Noritaka Kobayashi) #584770cea14ec7f] - errors: show url of unsupported attributes in the error message (Aditi) #58303b9586bf898] - (SEMVER-MINOR) fs: add autoClose option to FileHandle readableWebStream (James M Snell) #5854872a1b061f3] - fs: unexpose internal constants (Chengzhong Wu) #583275c36510dec] - fs: add support forURLforfs.glob'scwdoption (Antoine du Hamel) #581823642b0d944] - fs: improve cpSync no-filter copyDir performance (Dario Piotrowicz) #5846124865bc7e8] - fs: improvecpSyncdest overriding performance (Dario Piotrowicz) #581601b3847694d] - (SEMVER-MINOR) fs: add toDirsupport for explicit resource management (Antoine du Hamel) #58206cff62e3265] - fs: ensuredir.read()does not throw synchronously (Antoine du Hamel) #58228cb39e4ca1f] - fs: glob is stable, so should not emit experimental warnings (Théo LUDWIG) #58236597bfefbe1] - http: deprecate instantiating classes without new (Yagiz Nizipli) #585185298da0102] - http: remove unused functions and add todos (Yagiz Nizipli) #58143cff440e0fa] - http,https: give names to anonymous or misnamed functions (Livia Medeiros) #5818043bf1f619a] - http2: add raw header array support to h2Session.request() (Tim Perry) #57917e8a0f5b063] - http2: add lenient flag for RFC-9113 (Carlos Fuentes) #5811649cb90d4a5] - (SEMVER-MINOR) http2: add diagnostics channel 'http2.server.stream.finish' (Darshan Sen) #585606a56c68728] - http2: add diagnostics channel 'http2.server.stream.error' (Darshan Sen) #5851259806b41d3] - http2: add diagnostics channel 'http2.server.stream.start' (Darshan Sen) #58449d3d662ae47] - http2: remove no longer userful options.selectPadding (Jimmy Leung) #58373dec6c9af8c] - http2: add diagnostics channel 'http2.server.stream.created' (Darshan Sen) #583909e98899986] - http2: add diagnostics channel 'http2.client.stream.close' (Darshan Sen) #5832986610389d8] - http2: add diagnostics channel 'http2.client.stream.finish' (Darshan Sen) #583172d3071671e] - http2: add diagnostics channel 'http2.client.stream.error' (Darshan Sen) #583066c3e426d6f] - http2: add diagnostics channel 'http2.client.stream.start' (Darshan Sen) #58292b99d131a61] - http2: add diagnostics channel 'http2.client.stream.created' (Darshan Sen) #58246b0644330f5] - http2: give name to promisifiedconnect()(LiviaMedeiros) #579164092d3611a] - inspector: add mimeType and charset support to Network.Response (Shima Ryuhei) #58192d7d8599f7c] - inspector: add protocol method Network.dataReceived (Chengzhong Wu) #58001aabafbc28f] - inspector: support for worker inspection in chrome devtools (Shima Ryuhei) #5675920d978de9a] - lib: make ERM functions into wrappers returning undefined (Livia Medeiros) #5840013567eac5f] - (SEMVER-MINOR) lib: graduate error codes that have been around for years (James M Snell) #58541342b5a0d7a] - lib: remove no-mixed-operators eslint rule (Ruben Bridgewater) #58375af7baef75a] - lib: fix sourcemaps with ts module mocking (Marco Ippolito) #581938f73f42d4e] - meta: bump github/codeql-action from 3.28.16 to 3.28.18 (dependabot[bot]) #585525dfedbeb86] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #5855153c50f66f5] - meta: bump step-security/harden-runner from 2.11.0 to 2.12.0 (dependabot[bot]) #58109a1a7024831] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #58550a379988ef6] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #58108f6a46c87f2] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #5845698b6aa0dcd] - meta: bump github/codeql-action from 3.28.11 to 3.28.16 (dependabot[bot]) #581125202b262e3] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #58110d97616ac6e] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #58106f4065074cf] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #58356e6d1224e54] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #5811126da160ab2] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #581074cc4195493] - module: handle instantiated async module jobs in require(esm) (Joyee Cheung) #5806772fac71b92] - module: clarify cjs global-like error on ModuleJobSync (Carlos Espa) #56491fecd841c93] - net: always publish to 'net.client.socket' diagnostics channel (Darshan Sen) #5834925ee328d2b] - path: improve path.resolve() performance when used as process.cwd() (Ruben Bridgewater) #583626fd1b23260] - permission: remove useless conditional (Juan José) #585145b2cca51a3] - report: use uv_getrusage_thread in report (theanarkh) #5840563ec23e84b] - sqlite: add build option to build without sqlite (Michael Dawson) #581229d8677bff5] - sqlite: handle thrown errors in result callback (Colin Ihrig) #584263490c75760] - sqlite: setnameandlengthonsqlite.backup()(Livia Medeiros) #5825150bdd94e0b] - src: update std::vector<v8::Local<T>> to use v8::LocalVector<T> (Aditi) #585007de58417cc] - src: env_vars caching and local variable scope optimization (Mert Can Altin) #576246d99ec33a4] - src: fix FIPS init error handling (Tobias Nießen) #583794c23a9575e] - src: fix possible dereference of null pointer (Eusgor) #58459eb143e902b] - src: fix -Wreturn-stack-address error (Shelley Vohr) #5843931058b8785] - src: reorganize ContextifyFunction methods (Chengzhong Wu) #584347521077299] - src: improve CompileFunctionAndCacheResult error handling (Chengzhong Wu) #584340c9efccb12] - src: fix build when using shared simdutf (Antoine du Hamel) #58407aa00f5946f] - src: add a variant of ToV8Value() for primitive arrays (Aditi) #5757629a11506fc] - src: remove unusedcheckMessagePortinternal binding (Dario Piotrowicz) #582670ce3feed5b] - src: remove unusedshouldRetryAsESMinternal binding (Dario Piotrowicz) #58265517219613d] - src: add a couple fast apis in node_os (James M Snell) #582103f834da09e] - src: fix module buffer allocation (X-BW) #57738a793706db0] - src: remove overzealous tcsetattr error check (Ben Noordhuis) #582005656c74517] - src: remove NonCopyableMaybe (Tobias Nießen) #58168cab242334b] - src: improve parsing of boolean options (Edy Silva) #58039a5df778150] - src,lib: obtain sourceURL in magic comments from V8 (Chengzhong Wu) #58389bd6743b434] - src,permission: implicit allow-fs-read to app entrypoint (Rafael Gonzaga) #585795bd99e4a4d] - stream: making DecompressionStream spec compilent for trailing junk (0hm☘️) #583166582b19488] - test: reduce flakiness in test-heapdump-http2 (Joyee Cheung) #581480f6a262744] - test: improve flakiness detection on stack corruption tests (Darshan Sen) #58601983affaea2] - test: mark timeouts & flaky test as flaky on IBM i (Abdirahim Musse) #585833603362b6f] - test: rewrite test-child-process-spawn-args (Michaël Zasso) #5854693900b0c17] - test: make sqlite-database-sync tests work with system sqlite (Jelle Licht) #585077d505f4185] - test: force slow JSON.stringify path for overflow (Shelley Vohr) #581812e8570b8f9] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #584781f1e194c0f] - test: update WPT for WebCryptoAPI to591c95c(Node.js GitHub Bot) #58176d822632d91] - test: remove --no-warnings flag (Tobias Nießen) #5842401377713d7] - test: add tests ensuring worker threads cannot access internals (Joe) #5833299a20902fc] - test: leverage process.features.openssl_is_boringssl in test (Shelley Vohr) #58421b3e0cf1b15] - test: fix test-buffer-tostring-range on allocation failure (Joyee Cheung) #584161d4b3451c5] - test: skip in test-buffer-tostring-rangeerror on allocation failure (Joyee Cheung) #58415612c393c71] - test: fix missing edge case in test-blob-slice-with-large-size (Joyee Cheung) #58414b11b9cdad8] - test: make crypto tests work with BoringSSL (Shelley Vohr) #5811799711ee548] - test: test reordering of setAAD and setAuthTag (Tobias Nießen) #58396828aaaa3f7] - test: switch from deprecatedoptparsetoargparse(Aviv Keller) #582249af305408e] - test: do not skip OCB decryption in FIPS mode (Tobias Nießen) #583829527c876bf] - test: show more information in test-http2-debug upon failure (Joyee Cheung) #583919be0601112] - test: remove loop over single element (Tobias Nießen) #5836840a03d3d14] - test: add chacha20-poly1305 to auth tag order test (Tobias Nießen) #58367cccb15df7e] - test: skip wasm-allocation tests for pointer compression builds (Joyee Cheung) #58171f18041ae8e] - test: remove references to create(De|C)ipher (Tobias Nießen) #58363ca8d66c1fc] - test: remove unnecessaryconsole.logfrom test-repl-null-thrown (Dario Piotrowicz) #58281455372023d] - test: allowtmpDir.pathto be modified (Aviv Keller) #581731f1fab60c7] - test: fix executable flags (Livia Medeiros) #582508bafc0f061] - test: deflake test-http2-client-socket-destroy (Luigi Pinca) #5821297aac9f17a] - test: skip test-buffer-tostring-rangeerror when low on memory (Ruben Bridgewater) #581422896760da1] - test: marktest-http2-debugas flaky on LinuxONE (Richard Lau) #584947327d14780] - test: reduce iteration count in test-child-process-stdout-flush-exit (Antoine du Hamel) #582731bd7a2edf9] - test_runner: support mocking json modules (Jacob Smith) #58007a3877c53b1] - test_runner: add level parameter to reporter.diagnostic (Jacopo Martinelli) #57923253772c2d9] - tools: bump the eslint group in/tools/eslintwith 6 updates (dependabot[bot]) #58549b7feda97b0] - tools: disable failing coverage jobs (Antoine du Hamel) #587708a47096093] - tools: ignoredeps/andbenchmark/for CodeQL (Rafael Gonzaga) #5825470be158126] - tools: add read permission to workflows that read contents (Antoine du Hamel) #58255e4373be766] - tools: exclude deps/v8/tools from CodeQL scans (Rich Trott) #5813223ceb364d4] - tools: bump the eslint group in /tools/eslint with 6 updates (dependabot[bot]) #581055b6ced3255] - tty: improve color terminal color detection (Ruben Bridgewater) #581467be70979c6] - tty: use terminal VT mode on Windows (Anna Henningsen) #58358b7d7ffe793] - typings: add inspector internalBinding typing (Shima Ryuhei) #584920056d1a2e2] - typings: remove no longer validFixedSizeBlobCopyJobtype (Dario Piotrowicz) #58305581c0738f9] - typings: remove no longer validrevokeDataObjecttype (Dario Piotrowicz) #583051db1c870f0] - typings: add missing typings forTypedArray(Jason Zhang) #582486d3f43c9a6] - url: improve performance of the format function (Giovanni Bucci) #5709954288bdb42] - (SEMVER-MINOR) util: add 'none' style to styleText (James M Snell) #584376af5358f9c] - util: add internalassignFunctionName()function (LiviaMedeiros) #579169f2e5aad38] - vm: import call should return a promise in the current context (Chengzhong Wu) #5830992304a5e62] - watch: fix watch args not being properly filtered (Dario Piotrowicz) #58279539df8e98d] - win,tools: use Azure Trusted Signing (Stefan Stojanovic) #58502ef66357637] - worker: give names toMessagePortfunctions (Livia Medeiros) #58307b3cd847528] - zlib: remove mentions of unexposed Z_TREES constant (Jimmy Leung) #58371Configuration
📅 Schedule: Branch creation - "after 9pm on sunday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.