chore(deps): update node.js to v22

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
node (source)		major	20 -> 22
node (source)	engines	major	>=18 <21 -> >=18 <23
@types/node (source)	devDependencies	major	20.17.22 -> 22.13.10
@types/node (source)	devDependencies	major	^20.12.12 -> ^22.0.0
node (source)		major	20.18.3 -> 22.14.0
node	final	major	20.18.3-alpine -> 22.14.0-alpine
node	stage	major	20.18.3-alpine -> 22.14.0-alpine

---

Release Notes

nodejs/node (node)

v22.14.0: 2025-02-11, Version 22.14.0 'Jod' (LTS), @​aduh95

Compare Source

Notable Changes

• [82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [b7fe54fc88] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #​56489
• [3ac92ef607] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #​56359
• [1614e8e7bc] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #​56610
• [6d6cffa9cc] - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) #​55412
• [d35333ae18] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #​56400
• [07ff3ddcb5] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #​56385
• [94d3fe1b62] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #​56441
• [5afffb4415] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #​56469
• [697a851fb3] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #​56595
• [047537b48c] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #​56459
• [926cf84e95] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #​56434
• [c658a8afdf] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #​56394

Commits

• [bad1ad8650] - assert: make myers_diff function more performant (Giovanni Bucci) #​56303
• [e222e36f3b] - assert: make partialDeepStrictEqual work with urls and File prototypes (Giovanni Bucci) #​56231
• [e232789fe2] - assert: show diff when doing partial comparisons (Giovanni Bucci) #​56211
• [c99de1fdcf] - assert: make partialDeepStrictEqual throw when comparing [0] with [-0] (Giovanni) #​56237
• [2386fd5840] - benchmark: add validateStream to styleText bench (Rafael Gonzaga) #​56556
• [b197dfa7ec] - build: fix GN build for ngtcp2 (Cheng) #​56300
• [2a3cdd34ff] - build: test macos-13 on GitHub actions (Michaël Zasso) #​56307
• [12f716be0a] - build: build v8 with -fvisibility=hidden on macOS (Joyee Cheung) #​56275
• [c5ca15bd34] - child_process: fix parsing messages with splitted length field (Maksim Gorkov) #​56106
• [8346b8fc2c] - crypto: add missing return value check (Michael Dawson) #​56615
• [82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [890eef20a1] - crypto: fix checkPrime crash with large buffers (Santiago Gimeno) #​56559
• [5edb7b5e87] - crypto: fix warning of ignoring return value (Cheng) #​56527
• [b89f123a0b] - crypto: make generatePrime/checkPrime interruptible (James M Snell) #​56460
• [63c1859e01] - deps: update corepack to 0.31.0 (Node.js GitHub Bot) #​56795
• [a48430d4d3] - deps: move inspector_protocol to deps (Chengzhong Wu) #​56649
• [74cccc824f] - deps: macro ENODATA is deprecated in libc++ (Cheng) #​56698
• [fa869ea0f2] - deps: fixup some minor coverity warnings (James M Snell) #​56612
• [1a4fa2b015] - deps: update amaro to 0.3.0 (Node.js GitHub Bot) #​56568
• [b47076fd82] - deps: update amaro to 0.2.2 (Node.js GitHub Bot) #​56568
• [46bd4b8731] - deps: update simdutf to 6.0.3 (Node.js GitHub Bot) #​56567
• [8ead9c693b] - deps: update simdutf to 5.7.2 (Node.js GitHub Bot) #​56388
• [18d4b502af] - deps: update amaro to 0.2.1 (Node.js GitHub Bot) #​56390
• [d938d7cc86] - deps: update googletest to 7d76a23 (Node.js GitHub Bot) #​56387
• [9761e7dccb] - deps: update googletest to e54519b (Node.js GitHub Bot) #​56370
• [8319dc6bc5] - deps: update ngtcp2 to 1.10.0 (Node.js GitHub Bot) #​56334
• [6eacd19d6a] - deps: update simdutf to 5.7.0 (Node.js GitHub Bot) #​56332
• [28bec2dda3] - diagnostics_channel: capture console messages (Stephen Belanger) #​56292
• [d519d33502] - doc: update macOS and Xcode versions for releases (Michaël Zasso) #​56337
• [fcfe650507] - doc: add note for features using InternalWorker with permission model (Antoine du Hamel) #​56706
• [efbba182b5] - doc: add entry to changelog about SQLite Session Extension (Bart Louwers) #​56318
• [31bf9c7dd9] - doc: move anatoli to emeritus (Michael Dawson) #​56592
• [6096e38c7c] - doc: fix styles of the expandable TOC (Antoine du Hamel) #​56755
• [d423638281] - doc: add "Skip to content" button (Antoine du Hamel) #​56750
• [edeb157d75] - doc: improve accessibility of expandable lists (Antoine du Hamel) #​56749
• [1a79e87687] - doc: add note regarding commit message trailers (Dario Piotrowicz) #​56736
• [927c7e47e4] - doc: fix typo in example code for util.styleText (Robin Mehner) #​56720
• [fade522538] - doc: fix inconsistencies in WeakSet and WeakMap comparison details (Shreyans Pathak) #​56683
• [55533bf147] - doc: add RafaelGSS as latest sec release stewards (Rafael Gonzaga) #​56682
• [8e978bdee1] - doc: clarify cjs/esm diff in queueMicrotask() vs process.nextTick() (Dario Piotrowicz) #​56659
• [ae360c30dc] - doc: WeakSet and WeakMap comparison details (Shreyans Pathak) #​56648
• [acd2a2fda5] - doc: mention prepare --security (Rafael Gonzaga) #​56617
• [d3c0a2831d] - doc: tweak info on reposts in ambassador program (Michael Dawson) #​56589
• [3299505b49] - doc: add type stripping to ambassadors program (Marco Ippolito) #​56598
• [b1a6ffa4e4] - doc: improve internal documentation on built-in snapshot (Joyee Cheung) #​56505
• [1641a28930] - doc: document CLI way to open the nodejs/bluesky PR (Antoine du Hamel) #​56506
• [2042628fda] - doc: add section about using npx with permission model (Rafael Gonzaga) #​56539
• [ace19a0263] - doc: update gcc-version for ubuntu-lts (Kunal Kumar) #​56553
• [4aa57b50f8] - doc: fix parentheses in options (Tobias Nießen) #​56563
• [b40b01b4d3] - doc: include CVE to EOL lines as sec release process (Rafael Gonzaga) #​56520
• [6701360113] - doc: add esm examples to node:trace_events (Alfredo González) #​56514
• [d3207cca3e] - doc: add message for Ambassadors to promote (Michael Dawson) #​56235
• [97ece4ae06] - doc: allow request for TSC reviews via the GitHub UI (Antoine du Hamel) #​56493
• [03f25055ab] - doc: add example for piping ReadableStream (Gabriel Schulhof) #​56415
• [516d07482c] - doc: expand description of parseArg's default (Kevin Gibbons) #​54431
• [a6491effcb] - doc: use <ul> instead of <ol> in SECURITY.md (Antoine du Hamel) #​56346
• [e4ec134b21] - doc: clarify that WASM is trusted (Matteo Collina) #​56345
• [0f7aed8a59] - doc: fix the crc32 documentation (Kevin Toshihiro Uehara) #​55898
• [721104a296] - doc: fix links in module.md (Antoine du Hamel) #​56283
• [928540d792] - doc: fix typos (Nathan Baulch) #​55066
• [e69d35f03b] - doc: add history info for Permission Model (Antoine du Hamel) #​56707
• [c6fd867ab5] - esm: fix jsdoc type refs to ModuleJobBase in esm/loader (Jacob Smith) #​56499
• [9cf9046bd7] - Revert "events: add hasEventListener util for validate" (origranot) #​56282
• [b7fe54fc88] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #​56489
• [6ca27c2a59] - http2: omit server name when HTTP2 host is IP address (islandryu) #​56530
• [9f1fa199bf] - inspector: roll inspector_protocol (Chengzhong Wu) #​56649
• [0dae4bb3ab] - inspector: add undici http tracking support (Chengzhong Wu) #​56488
• [2c6124cec4] - inspector: report loadingFinished until the response data is consumed (Chengzhong Wu) #​56372
• [96ec862ce2] - lib: refactor execution.js (Marco Ippolito) #​56358
• [3ac92ef607] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #​56359
• [d5bf3db0cf] - lib: allow skipping source maps in node_modules (Chengzhong Wu) #​56639
• [d33eaf2bcb] - lib: ensure FORCE_COLOR forces color output in non-TTY environments (Pietro Marchini) #​55404
• [dc003218a8] - lib: optimize prepareStackTrace on builtin frames (Chengzhong Wu) #​56299
• [df06524863] - lib: suppress source map lookup exceptions (Chengzhong Wu) #​56299
• [35335a5a66] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​56580
• [1faabdb150] - meta: add codeowners of security release document (Rafael Gonzaga) #​56521
• [b4ece22ef5] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​56342
• [9ec67e7ce0] - meta: move MoLow to TSC regular member (Moshe Atlow) #​56276
• [bae4b2e20a] - module: use more defensive code when handling SWC errors (Antoine du Hamel) #​56646
• [1614e8e7bc] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #​56610
• [174d88eab1] - module: support eval with ts syntax detection (Marco Ippolito) #​56285
• [299d6fa829] - module: fix jsdoc for format parameter in cjs/loader (pacexy) #​56501
• [0307e4dd59] - module: unify TypeScript and .mjs handling in CommonJS (Joyee Cheung) #​55590
• [1f4f9be93d] - module: fix async resolution error within the sync findPackageJSON (Jacob Smith) #​56382
• [bbedffa0f0] - module: simplify findPackageJSON implementation (Antoine du Hamel) #​55543
• [6d6cffa9cc] - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) #​55412
• [cd7ce18233] - module: fix bad require.resolve with option paths for . and .. (Dario Piotrowicz) #​56735
• [152df4da21] - module: rethrow amaro error message (Marco Ippolito) #​56568
• [acba5dc87e] - module: use buffer.toString base64 (Chengzhong Wu) #​56315
• [01e69be8ff] - node-api: define version 10 (Gabriel Schulhof) #​55676
• [724524528e] - node-api: remove deprecated attribute from napi_module_register (Vladimir Morozov) #​56162
• [c78e11064f] - process: remove support for undocumented symbol (Antoine du Hamel) #​56552
• [3f69b18a23] - process: fix symbol key and mark experimental new node:process methods (Antoine du Hamel) #​56517
• [d35333ae18] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #​56400
• [fa49f0f7d5] - punycode: limit deprecation warning (Colin Ihrig) #​56632
• [d77c7073b7] - sqlite: disable memstatus APIs at build time (Colin Ihrig) #​56541
• [07ff3ddcb5] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #​56385
• [b6c2e91365] - sqlite: enable SQL math functions (Colin Ihrig) #​56447
• [3462263e8b] - sqlite: pass conflict type to conflict resolution handler (Bart Louwers) #​56352
• [89ba3af743] - src: add nullptr handling from X509_STORE_new() (Burkov Egor) #​56700
• [89a7c82e0c] - src: add default value for RSACipherConfig mode field (Burkov Egor) #​56701
• [7bae51e62e] - src: fix build with GCC 15 (tjuhaszrh) #​56740
• [432a4b8bd6] - src: fix to generate path from wchar_t via wstring (yamachu) #​56696
• [8c9eaf82f0] - src: initialize FSReqWrapSync in path that uses it (Michaël Zasso) #​56613
• [bcdb42d40b] - src: handle duplicate paths granted (Rafael Gonzaga) #​56591
• [d6a7acc207] - src: update ECKeyPointer in ncrypto (James M Snell) #​56526
• [01922f8b1f] - src: update ECPointPointer in ncrypto (James M Snell) #​56526
• [2a3a36eceb] - src: update ECGroupPointer in ncrypto (James M Snell) #​56526
• [67c10cdacb] - src: update ECDASSigPointer implementation in ncrypto (James M Snell) #​56526
• [17f931c68b] - src: cleaning up more crypto internals for ncrypto (James M Snell) #​56526
• [94d3fe1b62] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #​56441
• [6594ee8dff] - src: fix undefined script name in error source (Chengzhong Wu) #​56502
• [b46bad3e91] - src: refactor --trace-env to reuse option selection and handling (Joyee Cheung) #​56293
• [76921b822b] - src: minor cleanups on OneByteString usage (James M Snell) #​56482
• [3f0d1dd4fe] - src: move more crypto impl detail to ncrypto dep (James M Snell) #​56421
• [04f623b283] - src: fixup more ToLocalChecked uses in node_file (James M Snell) #​56484
• [5aa436f5a1] - src: make some minor ToLocalChecked cleanups (James M Snell) #​56483
• [6eec5e7ec2] - src: lock the thread properly in snapshot builder (Joyee Cheung) #​56327
• [5614993968] - src: drain platform tasks before creating startup snapshot (Chengzhong Wu) #​56403
• [48493e9fd5] - src: use LocalVector in more places (James M Snell) #​56457
• [7e5ea0681e] - src: use v8::LocalVector consistently with other minor cleanups (James M Snell) #​56417
• [ad3d857f2b] - src: use starts_with in fs_permission.cc (ishabi) #​55811
• [5afffb4415] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #​56469
• [7d1676e72e] - stream: fix typo in ReadableStreamBYOBReader.readIntoRequests (Mattias Buelens) #​56560
• [e658ea6b26] - stream: validate undefined sizeAlgorithm in WritableStream (Jason Zhang) #​56067
• [e4f133c20c] - test: add ts eval snapshots (Marco Ippolito) #​56358
• [f041742400] - test: remove empty lines from snapshots (Marco Ippolito) #​56358
• [801cde91f6] - test: reduce number of written chunks (Luigi Pinca) #​56757
• [6fdf1879ab] - test: fix invalid common.mustSucceed() usage (Luigi Pinca) #​56756
• [d2bfbfa364] - test: use strict mode in global setters test (Rich Trott) #​56742
• [5c030da42f] - test: cleanup and simplify test-crypto-aes-wrap (James M Snell) #​56748
• [f1442d6eaf] - test: do not use common.isMainThread (Luigi Pinca) #​56768
• [49405bd9e7] - test: make some requires lazy in common/index (James M Snell) #​56715
• [52ef376788] - test: add test that uses multibyte for path and resolves modules (yamachu) #​56696
• [b811dea85a] - test: replace more uses of global with globalThis (James M Snell) #​56712
• [eb97076199] - test: make common/index slightly less node.js specific (James M Snell) #​56712
• [1795202d19] - test: rely less on duplicative common test harness utilities (James M Snell) #​56712
• [5be29a274e] - test: simplify common/index.js (James M Snell) #​56712
• [92e99780f0] - test: move hasMultiLocalhost to common/net (James M Snell) #​56716
• [1c3204a4cc] - test: move crypto related common utilities in common/crypto (James M Snell) #​56714
• [fe79d63be0] - test: add missing test for env file (Jonas) #​56642
• [e08af61537] - test: enforce strict mode in test-zlib-const (Rich Trott) #​56689
• [c96792d7f8] - test: fix localization data for ICU 74.2 (Antoine du Hamel) #​56661
• [48b72f1195] - test: use --permission instead of --experimental-permission (Rafael Gonzaga) #​56685
• [de81d90fce] - test: test-stream-compose.js doesn't need internals (Meghan Denny) #​56619
• [f5b8499ad0] - test: add maxCount and gcOptions to gcUntil() (Joyee Cheung) #​56522
• [d9e5a81041] - test: add line break at end of file (Rafael Gonzaga) #​56588
• [59be346fbf] - test: mark test-worker-prof as flaky on smartos (Joyee Cheung) #​56583
• [12a2cae9e5] - test: update test-child-process-bad-stdio to use node:test (Colin Ihrig) #​56562
• [2dc4a30e19] - test: disable openssl 3.4.0 incompatible tests (Jelle van der Waa) #​56160
• [1950fbf51d] - test: make test-crypto-hash compatible with OpenSSL > 3.4.0 (Jelle van der Waa) #​56160
• [a533420a91] - test: clarify fork inherit permission flags (Rafael Gonzaga) #​56523
• [697e799dc1] - test: add error only reporter for node:test (Carlos Espa) #​56438
• [4844fa212d] - test: mark test-http-server-request-timeouts-mixed as flaky (Joyee Cheung) #​56503
• [843c2389b9] - test: update error code in tls-psk-circuit for for OpenSSL 3.4 (sebastianas) #​56420
• [ccb2ddbd83] - test: update compiled sqlite tests to match other tests (Colin Ihrig) #​56446
• [b40f50324d] - test: add initial test426 coverage (Chengzhong Wu) #​56436
• [059f81e4fd] - test: update test-set-http-max-http-headers to use node:test (Colin Ihrig) #​56439
• [ec2940b418] - test: update test-child-process-windows-hide to use node:test (Colin Ihrig) #​56437
• [0362924880] - test: use unusual chars in the path to ensure our tests are robust (Antoine du Hamel) #​48409
• [b6c3869910] - test: improve abort signal dropping test (Edy Silva) #​56339
• [cc648ef923] - test: enable ts test on win arm64 (Marco Ippolito) #​56349
• [68819b4997] - test: deflake test-watch-file-shared-dependency (Luigi Pinca) #​56344
• [ca6ed2190c] - test: skip test-sqlite-extensions when SQLite is not built by us (Antoine du Hamel) #​56341
• [8ffeb8b58c] - test: increase spin for eventloop test on s390 (Michael Dawson) #​56228
• [6ae9950f08] - test: migrate message eval tests from Python to JS (Yiyun Lei) #​50482
• [4352bf69e9] - test: check typescript loader (Marco Ippolito) #​54657
• [406e7db9c3] - test: remove async-hooks/test-writewrap flaky designation (Luigi Pinca) #​56048
• [fa56ab2bba] - test: deflake test-esm-loader-hooks-inspect-brk (Luigi Pinca) #​56050
• [8e149aac99] - test: add test case for listeners (origranot) #​56282
• [a3f5ef22cd] - test: make test-permission-sqlite-load-extension more robust (Antoine du Hamel) #​56295
• [8cbb7cc838] - test_runner: print failing assertion only once with spec reporter (Pietro Marchini) #​56662
• [1f426bad9a] - test_runner: remove unused errors (Pietro Marchini) #​56607
• [697a851fb3] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #​56595
• [047537b48c] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #​56459
• [19b4aa4b14] - test_runner: run single test file benchmark (Pietro Marchini) #​56479
• [926cf84e95] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #​56434
• [fb4661a4cf] - test_runner: finish marking snapshot testing as stable (Colin Ihrig) #​56425
• [900c6c3940] - tls: fix error stack conversion in cryptoErrorListToException() (Joyee Cheung) #​56554
• [e9f185b658] - tools: update doc to new version (Node.js GitHub Bot) #​56259
• [7644c7e619] - tools: update inspector_protocol roller (Chengzhong Wu) #​56649
• [362272b0a4] - tools: do not throw on missing create-release-proposal.sh (Antoine du Hamel) #​56704
• [df8b835953] - tools: fix tools-deps-update (Daniel Lemire) #​56684
• [feba5d3274] - tools: do not throw on missing create-release-proposal.sh (Antoine du Hamel) #​56695
• [9827f7d395] - tools: fix permissions in lint-release-proposal workflow (Antoine du Hamel) #​56614
• [14c562c0dc] - tools: remove github reporter (Carlos Espa) #​56468
• [ed1785d0ae] - tools: edit create-release-proposal workflow (Antoine du Hamel) #​56540
• [294e4c42f5] - tools: validate commit list as part of lint-release-commit (Antoine du Hamel) #​56291
• [98d3474267] - tools: fix loong64 build failed (Xiao-Tao) #​56466
• [3e729ceec8] - tools: disable unneeded rule ignoring in Python linting (Rich Trott) #​56429
• [d5c05328e2] - tools: use a configurable value for number of open dependabot PRs (Antoine du Hamel) #​56427
• [1705cbe002] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #​56426
• [53b29b0469] - tools: fix require-common-first lint rule from subfolder (Antoine du Hamel) #​56325
• [105c4ed4fb] - tools: add release line label when opening release proposal (Antoine du Hamel) #​56317
• [30f61f4aa5] - url: use resolved path to convert UNC paths to URL (Antoine du Hamel) #​56302
• [a0aef4dfb6] - util: inspect: do not crash on an Error stack that contains a Symbol (Jordan Harband) #​56573
• [a8a060341f] - util: inspect: do not crash on an Error with a regex name (Jordan Harband) #​56574
• [ea66bf3553] - util: rename CallSite.column to columnNumber (Chengzhong Wu) #​56584
• [9cdc3b373c] - util: do not crash on inspecting function with Symbol name (Jordan Harband) #​56572
• [0bfbb68569] - util: expose CallSite.scriptId (Chengzhong Wu) #​56551
• [5dd7116e09] - watch: reload env file for --env-file-if-exists (Jonas) #​56643
• [c658a8afdf] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #​56394
• [2e5d038f48] - worker: refactor stdio to improve performance (Matteo Collina) #​56630
• [f959805d01] - worker: flush stdout and stderr on exit (Matteo Collina) #​56428

v22.13.1: 2025-01-21, Version 22.13.1 'Jod' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
• CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
• CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

• CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Commits

• [520da342e0] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#662
• [99f217369f] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias Nießen) nodejs-private/node-private#555
• [984f735e35] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650
• [2446870618] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#651

v22.13.0: 2025-01-07, Version 22.13.0 'Jod' (LTS), @​ruyadorno

Compare Source

Notable Changes

Stabilize Permission Model

Upgrades the Permission Model status from Active Development to Stable.

Contributed by Rafael Gonzaga #​56201

Graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable

Following the merge of Curve25519 into the Web Cryptography API Editor's Draft the Ed25519 and X25519 algorithm identifiers are now stable and will no longer emit an ExperimentalWarning upon use.

Contributed by (Filip Skokan) #​56142

Other Notable Changes

• [05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #​54630
• [a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #​55604
• [ba9d5397de] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
• [f6d0c01303] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
• [34c68827af] - doc: move typescript support to active development (Marco Ippolito) #​55536
• [dd14b80350] - doc: add LJHarb to collaborators (Jordan Harband) #​56132
• [5263086169] - (SEMVER-MINOR) doc: add report version and history section (Chengzhong Wu) #​56130
• [8cb3c2018d] - (SEMVER-MINOR) doc: sort --report-exclude alphabetically (Rafael Gonzaga) #​55788
• [55239a48b6] - (SEMVER-MINOR) doc,lib,src,test: unflag sqlite module (Colin Ihrig) #​55890
• [7cbe3de1d8] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
• [[6575b76042](https://redirect.github.com/no

---

Configuration

📅 Schedule: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
unleash-monorepo-frontend	🛑 Canceled (Inspect)			Mar 10, 2025 3:30pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
unleash-docs	⬜️ Ignored (Inspect)	Visit Preview		Mar 10, 2025 3:30pm

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@types/node	^22.0.0	🟢 6.8	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/29 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/node	22.13.10	🟢 6.8	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/29 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/node	22.13.10	🟢 6.8	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/29 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/undici-types	6.20.0	🟢 8.1	Details Check Score Reason Binary-Artifacts 🟢 8 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 27 out of 27 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 8 Found 19/22 approved changesets -- score normalized to 8 Contributors 🟢 10 project has 75 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• frontend/package.json
• frontend/yarn.lock
• package.json
• yarn.lock