2026-05-13, Version 22.22.3 'Jod' (LTS), @marco-ippolito#63250
Open
marco-ippolito wants to merge 85 commits into
Open
2026-05-13, Version 22.22.3 'Jod' (LTS), @marco-ippolito#63250marco-ippolito wants to merge 85 commits into
marco-ippolito wants to merge 85 commits into
Conversation
Otherwise if the ESM happens to be cached separately by the ESM loader before it gets loaded with `require(esm)` from within an imported CJS file (which uses a re-invented require() with a couple of quirks, including a separate cache), it won't be able to load the esm properly from the cache. PR-URL: #59679 Backport-PR-URL: #62029 Refs: #59666 Refs: #52697 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Fixes: #61801
This reduces the impact of https://redirect.github.com/nodejs/node/pull/59679 by delaying the require.cache population of ESM until they are directly required. After that, it's necessary for them to be in the cache to maintain correctness. PR-URL: #59874 Backport-PR-URL: #62029 Refs: #59868 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Fixes: #61801
This relaxes the validation in sync hooks so that it accepts the quirky nullish source returned by the default step of the async loader when the module being loaded is CommonJS. When there are no customization hooks registered, a saner synchronous default load step is used to use a property instead of a reset nullish source to signify that the module should go through the CJS monkey patching routes and reduce excessive reloading from disk. PR-URL: #59929 Backport-PR-URL: #62029 Fixes: #59384 Fixes: #57327 Refs: #59666 Refs: https://github.com/dygabo/load_module_test Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Jacob Smith <jacob@frende.me> Fixes: #61801
Previously, when require()-ing builtins with the node: prefix, the sync resolve hooks were not properly invoked, and load hooks could not override the builtin's format. This fixes the handling and enables redirecting prefixed built-ins to on-disk files and overriding them with other module types via hooks. PR-URL: #61088 Backport-PR-URL: #62029 Fixes: #60005 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Fixes: #61801
This prevents clobbering the stack traces with another internal frame and removes the unnecessary hoops from step-debugging. PR-URL: #61479 Backport-PR-URL: #62029 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Fixes: #61801
Previously the resolve hook can be invoked twice from the synthetic module evaluation step of imported CJS in the extra module._load() call that's invoked on the resolved full path. Add an option to avoid it, since the resolution and loading has already been done before. PR-URL: #61529 Backport-PR-URL: #62029 Fixes: #57125 Refs: #55808 Refs: #56241 Reviewed-By: Jacob Smith <jacob@frende.me> Fixes: #61801
Node.js 22 is using Undici 6 rather than the latest version. Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: #63012 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
The update script for undici requires Docker, which is not available on `ubuntu-slim`. PR-URL: #62024 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
PR-URL: #61785 Backport-PR-URL: #63190 Fixes: #61690 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Stefan Stojanovic <stefan.stojanovic@janeasystems.com> Reviewed-By: Tierney Cyren <hello@bnb.im> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Signed-off-by: Mike McCready <66998419+MikeMcC399@users.noreply.github.com>
Original commit message:
[wasm][exnref] Fix broken abstract casts
ref.test, ref.cast, br_on_cast, br_on_cast_fail allow arbitrary heap
types, so they also allow exnref and noexnref.
This CL also fixes the missing type checks in the js to wasm wrapper.
Bug: v8:14398
Change-Id: Ieefb9a8e99d3d7a4b175db60f55b7fa9a96c5203
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5372489
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#92867}
Refs: v8/v8@5f1342c
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Do not allow exnref at the wasm/JS boundary
R=mliedtke@chromium.org
Bug: v8:14398
Change-Id: I5bb75a83e9de9f838d8e530c77c89aa031f473f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5381603
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#92944}
Refs: v8/v8@b2f3aea
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Fix null value for constant expressions
Bug: v8:14398
Change-Id: Ia00d2de97a897d608d6c043b6e267c7d6313a18b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5402583
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#93107}
Refs: v8/v8@c734674
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Implement special behavior of WA.JSTag in try_table.
This commit ports the changes from 4e79015dc28659a8a031f06580e902720b35674c
to `CatchCase`, i.e., the `try_table` instruction. In addition, it
implements the same changes in Turboshaft, for which the implementation
of exceptions initially came from 2c1c14d30c61fa4fa19184369e587cb663bd8580
and already contained the `JSTag` handling for `CatchException`.
This commit addresses part of https://issues.chromium.org/issues/333067164
but not all. Only catching with `try_table` is fixed. `throw` remains
unchanged.
Change-Id: I7bad031e28eaf609fb12e7706d0b6a7cc63fa09d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5435077
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#93303}
Refs: v8/v8@692f3d5
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Fix default value for null exnref
R=manoskouk@chromium.org
Bug: 332081797
Change-Id: Ied777935946c880a78e2011040a4d9ab19a4ddd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5444544
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#93310}
Refs: v8/v8@cf03d55
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Update WA.JSTag semantics
According to the last spec updates:
- Passing WebAssembly.JSTag to the WebAssembly.Exception constructor is
not allowed in JS,
- Throwing an exception with the JSTag in wasm is allowed, but the
exception should conceptually be "unwrapped" when it exits wasm, and
JS should observe the raw externref. Instead, we simply throw the
externref in this case, which has the same observable behavior and is
consistent with how JSTag has been implemented so far.
R=ahaas@chromium.org
Bug: 333067164
Change-Id: I6f43df8d254dd7450137d99ff7cc9cbffb697663
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5454404
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#93398}
Refs: v8/v8@b8f91e5
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][liftoff][arm64] Fix DropExceptionValueAtOffset
We cannot exit the iteration early, we must update all entries
in the cache state.
Fixed: 343748812
Change-Id: I8353acb7bd0edc4b979db92e44d24cb9028fd92b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5596273
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#94244}
Refs: v8/v8@910cb91733dc
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm] Add missing type canonicalization for exceptions JS API
When we encode a JS value in a wasm exception, canonicalize the type
stored in the tag's signature first. Canonicalize it using the tag's
original module by storing the instance on the tag object.
R=jkummerow@chromium.org
Bug: 346197738
Change-Id: I7575fd79c792d98e4a11c00b466700f0ab82d164
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5613375
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#94335}
Refs: v8/v8@89dc6eab605c
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Accept exnref subtypes for throw_ref
Only accepting a strict exnref type was incorrect in two cases:
- the stack-polymorphic case, with the bottom type
- a noexn param
R=jkummerow@chromium.org
Fixed: 332931390
Change-Id: I80c96a7026f2469e6a3ce54344c2d5e617b78be7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5904414
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#96387}
Refs: v8/v8@323942700cfe
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Reject non-nullable exnref in JS import/export
R=jkummerow@chromium.org
Change-Id: I0ba2deb1a9671d87e76fea7bfe76df9eee56442a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920338
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#96489}
Refs: v8/v8@63b8849d73ae
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Fix catchless try_table
If the try_table does not have a catch handler, we don't update the
{current_catch_} index or set the {previous_catch} field of the block
when we enter it. Therefore also skip the reverse operation when the
block ends.
R=clemensb@chromium.org
Fixed: 372261626
Change-Id: Ib3a23e32f9d0ec153d6a00733d96b52cf040e8bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920086
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#96481}
Refs: v8/v8@8e214ec
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm] Fix default externref/exnref reference
- The default nullexternref should be null instead of undefined
- The default exnref/nullexnref should be null instead of wasm_null
R=mliedtke@chromium.org
Fixed: 372285204,372269618
Change-Id: Id5addce2b196f7ba81aac3c2dd9447a91ed2ce2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5922878
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#96531}
Refs: v8/v8@e7ccf0a
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Accept non-nullable exn catch type
R=jkummerow@chromium.org
Fixed: 373681572
Change-Id: Iecfc86d2ce6592a6f442bc3504ddde58ff236f64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5938956
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#96637}
Refs: v8/v8@7cb6188
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][js-api] Fix exception handling in Exception
Calling `Get` on the third argument can throw. If so, return
immediately.
R=thibaudm@chromium.org
Fixed: 372993873
Change-Id: I70ec0d0421833a60151f6bcdc9c386f6ad864256
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5937803
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#96627}
Refs: v8/v8@b96e40d
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][exnref] Use wasm_null for exnref
A JS null caught in wasm as an exnref with catch_(all_)ref should be
observably different from a null exnref: a JS null should behave like a
regular JS exception with null as the externref package, while a null
exnref is the actual null value for this type. In particular, a JS
null exception can be rethrown while a null exnref cannot.
Represent null exnrefs with wasm_null instead of JS null to avoid the
confusion.
R=jkummerow@chromium.org
Fixed: 374790906
Change-Id: If9f16a24407ee7d1399613255c3f14e0a6ebef9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5953226
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#96782}
Refs: v8/v8@9997fc013952
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm] Disallow v128 in exception handling JS API
R=jkummerow@chromium.org
Fixed: 395214627
Change-Id: Ief84b0fd79a87e539dfbfed31d475926f0f0a288
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6249317
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#98608}
Refs: v8/v8@1b27e4674f11
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[wasm][eh] Fix getArg() when exception has an S128
We cannot read an S128 exception value from JS, but we can read a value
at a higher index in the exception. So accept S128 values when we
compute the encoded index.
R=mliedtke@chromium.org
Fixed: 403675482
Change-Id: I7cc0238310863b6d579fcbe0a216ddce6f760c8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6367014
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#99305}
Refs: v8/v8@85b390089e51
PR-URL: #62783
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
In TextEncoder.encodeInto, the destination buffer's byte length is
read as a size_t but then implicitly narrowed to int when passed as
the capacity argument to v8::String::WriteUtf8. When the destination
view is larger than INT_MAX (2,147,483,647 bytes), the narrowing
conversion underflows to a negative value, V8 treats it as "no
capacity", and writes 0 bytes - returning { read: 0, written: 0 }
even though the buffer has plenty of room.
Clamp the capacity to INT_MAX before passing it to WriteUtf8. This
is sufficient because the source string in encodeInto is bounded in
practice and never requires more than INT_MAX bytes to encode; only
the destination view length can exceed INT_MAX.
This issue is already fixed on main and v24.x as a side effect of
PR #58070, which migrated to the non-deprecated WriteUtf8V2 method
whose capacity parameter is size_t. WriteUtf8V2 is not available in
v22.x's V8 version, so this minimal patch fixes only the EncodeInto
path instead of backporting the full migration.
Refs: #58070
Fixes: #62610
Signed-off-by: semimikoh <ejffjeosms@gmail.com>
PR-URL: #62621
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Drop the bounded subarray case, remove the unnecessary error code check, and use a 2**31 byte Uint8Array directly instead of slicing an offset subarray. Signed-off-by: semimikoh <ejffjeosms@gmail.com> PR-URL: #62621 Fixes: #62610 Refs: #58070 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
PR-URL: #62463 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Jordan Harband <ljharb@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com>
The docs stated "HTTP requires the Date header in responses" which oversimplifies the actual requirement. Per RFC 9110 Section 6.6.1, the Date header is required only in most responses (2xx/3xx/4xx from servers with a clock), not all. Reference the specific RFC section. Fixes: #42619 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> PR-URL: #62206 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
The Reset() method did not check the write_in_progress_ flag before resetting the compression stream. This allowed reset() to free the compression library's internal state while a worker thread was still using it during an async write, causing a use-after-free. Add a write_in_progress_ guard to Reset() that throws an error if a write is in progress, matching the existing pattern used by Close() and Write(). PR-URL: TODO Refs: https://hackerone.com/reports/3609132 PR-URL: #62325 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Juan José Arboleda <soyjuanarbol@gmail.com> PR-URL: #61754 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Stewart X Addison <sxa@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Node.js/Armaro has never supported `module`-keyword namespaces. Even with `transform-types` on. This removes the incorrect mention. PR-URL: #61839 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Jacob Smith <jacob@frende.me>
PR-URL: #61505 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: #61942 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com>
PR-URL: #61986 Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Ilyas Shabi <ilyasshabi94@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #61992 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Jacob Smith <jacob@frende.me> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Harshitha K P <harshitha014@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #61876 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Aviv Keller <me@aviv.sh>
PR-URL: #62075 Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com>
Add explicit wording that fs.ReadStream and fs.WriteStream should not
be constructed directly, matching the existing pattern used by fs.Stats
("not to be created directly using the new keyword"). The factory
functions fs.createReadStream() and fs.createWriteStream() are the
supported API.
Fixes: #40546
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PR-URL: #62208
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Refs: nodejs/node-core-utils@89df053 PR-URL: #62355 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Aviv Keller <me@aviv.sh>
PR-URL: #62423 Refs: nodejs-private/security-release#71 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Collaborator
|
Review requested:
|
marco-ippolito
added a commit
that referenced
this pull request
May 11, 2026
bc2919c to
aedff39
Compare
aedff39 to
fdfa0ff
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commits
4f780905c5] - crypto: fix potential null pointer dereference when BIO_meth_new() fails (Nora Dossche) #617884a09efb947] - crypto: update root certificates to NSS 3.121 (Node.js GitHub Bot) #62485e4c0d99839] - deps: update timezone to 2026a (Node.js GitHub Bot) #621640226c8dd7a] - deps: update simdjson to 4.5.0 (Node.js GitHub Bot) #62382e742ab748c] - deps: update sqlite to 3.51.3 (Node.js GitHub Bot) #6225673cac0571a] - deps: update amaro to 1.1.8 (Node.js GitHub Bot) #62151ae5c162b93] - deps: update amaro to 1.1.7 (Node.js GitHub Bot) #61730b819cb9977] - deps: update amaro to 1.1.6 (Node.js GitHub Bot) #61603bbcce09dc7] - deps: update sqlite to 3.52.0 (Node.js GitHub Bot) #6215022ff2d81ce] - deps: update simdjson to 4.3.1 (Node.js GitHub Bot) #61930f49b51d75c] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #619281a5cec0d49] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925d339497688] - deps: update nbytes to 0.1.3 (Node.js GitHub Bot) #618793ff8ffd459] - deps: remove stale OpenSSL arch configs (René) #61834b8ddbc1e9a] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #61827ffda97afd4] - deps: update googletest to 2461743991f9aa53e9a3625eafcbacd81a3c74cd (Node.js GitHub Bot) #6248479aa32cf4f] - deps: update googletest to 73a63ea05dc8ca29ec1d2c1d66481dd0de1950f1 (Node.js GitHub Bot) #61927b6957e13b6] - deps: update archs files for openssl-3.5.6 (Node.js GitHub Bot) #626293a27669063] - deps: upgrade openssl sources to openssl-3.5.6 (Node.js GitHub Bot) #62629d568a1bb53] - deps: upgrade npm to 10.9.8 (npm team) #62463ec11f3c1d5] - deps: V8: backport 85b390089e51 (Thibaud Michaud) #6278308609712ed] - deps: V8: backport 1b27e4674f11 (Thibaud Michaud) #62783dcc60d5ab2] - deps: V8: backport 9997fc013952 (Thibaud Michaud) #627831d1f4451fb] - deps: V8: cherry-pick b96e40d5ac85 (Clemens Backes) #627832268567237] - deps: V8: cherry-pick 7cb6188cf913 (Thibaud Michaud) #6278392804cdbea] - deps: V8: cherry-pick e7ccf0af1bdd (Thibaud Michaud) #62783eae2c27a40] - deps: V8: cherry-pick 8e214ec3ec8c (Thibaud Michaud) #62783a1799a49bb] - deps: V8: backport 63b8849d73ae (Thibaud Michaud) #62783a2df2d8731] - deps: V8: backport 323942700cfe (Thibaud Michaud) #62783e3d65c7dca] - deps: V8: backport 89dc6eab605c (Thibaud Michaud) #627835e7db133de] - deps: V8: backport 910cb91733dc (Jakob Kummerow) #62783d0c24a28af] - deps: V8: cherry-pick b8f91e510e0f (Thibaud Michaud) #62783d358687824] - deps: V8: cherry-pick cf03d55db2a0 (Thibaud Michaud) #6278367c8b2c349] - deps: V8: cherry-pick 692f3d526a38 (Sébastien Doeraene) #6278371e5a59ffd] - deps: V8: cherry-pick c734674e03f9 (Manos Koukoutos) #62783f0dbe81c7b] - deps: V8: cherry-pick b2f3aea23a01 (Thibaud Michaud) #62783d333f480c3] - deps: V8: cherry-pick 5f1342c20b59 (Matthias Liedtke) #62783db722725bb] - deps: use npm undici@six tag inupdate-undici.sh(Matteo Collina) #630129b57979d9c] - doc: add Rafael to last security release steward (Rafael Gonzaga) #62423d8075585bf] - doc: add path to vulnerabilities.json mention (Rafael Gonzaga) #623556ec9a70204] - doc: clarify fs.ReadStream and fs.WriteStream are not constructable (Kit Dallege) #622081fc86fcb6e] - doc: add note (and caveat) formock.moduleabout customization hooks (Jacob Smith) #62075491be80bd9] - doc: add efekrskl as triager (Efe) #6187618558293a3] - doc: fix module.stripTypeScriptTypes indentation (René) #619928e20976522] - doc: explicitly mention Slack handle (Rafael Gonzaga) #6198670b8e6b4fb] - doc: rename invalidfunctionparameter (René) #619424045c76f6c] - doc: clarify status of feature request issues (Antoine du Hamel) #61505c54652f2aa] - doc: remove incorrect mention ofmoduleintypescript.md(Rob Palmer) #618399fad6cedf5] - doc: clarify async caveats forevents.once()(René) #615722f1e5733fe] - doc: update Juan's security steward info (Juan José) #61754a64bdb5068] - doc: fix overstated Date header requirement in response.sendDate (Kit Dallege) #6220602797de923] - doc: fix small environment_variables typo (chris) #62279f22ebdc809] - doc: fix small logic error in DETECT_MODULE_SYNTAX (René) #620259f4508062a] - doc: fix methods being documented as properties inprocess.md(Antoine du Hamel) #617653ea39ff135] - doc: fix dropdown menu being obscured at <600px due to stacking context (Jeff) #61735c22445079b] - doc: fix spacing in process message event (Aviv Keller) #6175632831b5223] - doc: fix broken links of net.md (YuSheng Chen) #61673005508d509] - doc: remove obsolete Boxstarter automated install (Mike McCready) #6178537c2fd6f7d] - esm: fix path normalization infinalizeResolution(Antoine du Hamel) #620801769d74613] - esm: populate separate cache for require(esm) in imported CJS (Joyee Cheung) #59679ee02966ffc] - http: fix keep-alive socket reuse race in requestOnFinish (Martin Slota) #617102fdb5ce6cc] - http2: fix FileHandle leak in respondWithFile (sangwook) #61707aa2c1eca04] - lib: fix source map url parse in dynamic imports (Chengzhong Wu) #61990785b00cbeb] - meta: pass release version to release worker (flakey5) #62777447fb9a0b5] - meta: persist sccache daemon until end of build workflows (René) #616395065a0acb3] - module: do not invoke resolve hooks twice for imported cjs (Joyee Cheung) #615299a2e21305d] - module: do not wrap module._load when tracing is not enabled (Joyee Cheung) #61479b9240bc063] - module: fix sync resolve hooks for require with node: prefixes (Joyee Cheung) #610882e91b28aaf] - module: handle null source from async loader hooks in sync hooks (Joyee Cheung) #5992939147c154e] - module: use sync cjs when importing cts (Marco Ippolito) #6007212a2462b2c] - module: only put directly require-d ESM into require.cache (Joyee Cheung) #59874cf39566277] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #61948578a9a9230] - src: clamp WriteUtf8 capacity to INT_MAX in EncodeInto (semimikoh) #6262157c3035fec] - stream: fix decoded fromList chunk boundary check (Thomas Watson) #6188457fb008bb8] - test: update tls junk data error expectations (Filip Skokan) #62629363f9a9d18] - test: skiptest-urlon--shared-adabuilds (Antoine du Hamel) #62019daaead342b] - test: simplify encodeInto large buffer regression test (semimikoh) #62621ecfa766b41] - tools: fix auto-start-ci (Antoine du Hamel) #6190017c0a610af] - tools: fix parsing of commit trailers inlint-release-proposalGHA (Antoine du Hamel) #6207789ad7dc63b] - tools: enforce removal oflts-watch-*labels on release proposals (Antoine du Hamel) #616725f9bb8ef0c] - tools: revert tools GHA workflow to ubuntu-latest (Richard Lau) #62024977ef80ac1] - url: process crash via malformed UNC hostname in pathToFileURL() (Nicola Del Gobbo) #62574ad8f518a81] - zlib: fix use-after-free when reset() is called during write (Matteo Collina) #62325