[BUMP] Update node to v18 (major)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
cimg/node	docker	major	16.20.2 -> 18.17.0	18.17.1
node		major	16.20.2 -> 18.17.1
node	engines	major	^v16.20.2 -> ^v18.17.1

---

Release Notes

nodejs/node (node)

v18.17.1: 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-32002: Policies can be bypassed via Module._load (High)
• CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
• CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 14th July.
  • OpenSSL security advisory 19th July.
  • OpenSSL security advisory 31st July

More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

Commits

• [fe3abdf82e] - deps: update archs files for openssl-3.0.10+quic1 (Node.js GitHub Bot) #​49036
• [2c5a522d9c] - deps: upgrade openssl sources to quictls/openssl-3.0.10+quic1 (Node.js GitHub Bot) #​49036
• [15bced0bde] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#417
• [d4570fae35] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#460

v18.17.0: 2023-07-18, Version 18.17.0 'Hydrogen' (LTS), @​danielleadams

Compare Source

Notable Changes

Ada 2.0

Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements
to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url.

Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the
improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.

Contributed by Yagiz Nizipli and Daniel Lemire in #​47339

Web Crypto API

Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations.
This further improves interoperability with other implementations of Web Crypto API.

Contributed by Filip Skokan in #​46067

• crypto:
  • update root certificates to NSS 3.89 (Node.js GitHub Bot) #​47659
• dns:
  • (SEMVER-MINOR) expose getDefaultResultOrder (btea) #​46973
• doc:
  • add ovflowd to collaborators (Claudio Wunder) #​47844
  • add KhafraDev to collaborators (Matthew Aitken) #​47510
• events:
  • (SEMVER-MINOR) add getMaxListeners method (Matthew Aitken) #​47039
• fs:
  • (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #​47084
  • (SEMVER-MINOR) add recursive option to readdir and opendir (Ethan Arrowood) #​41439
  • (SEMVER-MINOR) add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #​47084
  • (SEMVER-MINOR) implement byob mode for readableWebStream() (Debadree Chatterjee) #​46933
• http:
  • (SEMVER-MINOR) prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #​47732
  • (SEMVER-MINOR) remove internal error in assignSocket (Matteo Collina) #​47723
  • (SEMVER-MINOR) add highWaterMark opt in http.createServer (HinataKah0) #​47405
• lib:
  • (SEMVER-MINOR) add webstreams to Duplex.from() (Debadree Chatterjee) #​46190
  • (SEMVER-MINOR) implement AbortSignal.any() (Chemi Atlow) #​47821
• module:
  • change default resolver to not throw on unknown scheme (Gil Tayar) #​47824
• node-api:
  • (SEMVER-MINOR) define version 9 (Chengzhong Wu) #​48151
  • (SEMVER-MINOR) deprecate napi_module_register (Vladimir Morozov) #​46319
• stream:
  • (SEMVER-MINOR) preserve object mode in compose (Raz Luvaton) #​47413
  • (SEMVER-MINOR) add setter & getter for default highWaterMark (#​46929) (Robert Nagy) #​46929
• test:
  • unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) #​48078
• test_runner:
  • (SEMVER-MINOR) add shorthands to test (Chemi Atlow) #​47909
  • (SEMVER-MINOR) support combining coverage reports (Colin Ihrig) #​47686
  • (SEMVER-MINOR) execute before hook on test (Chemi Atlow) #​47586
  • (SEMVER-MINOR) expose reporter for use in run api (Chemi Atlow) #​47238
• tools:
  • update LICENSE and license-builder.sh (Santiago Gimeno) #​48078
• url:
  • (SEMVER-MINOR) implement URL.canParse (Matthew Aitken) #​47179
• wasi:
  • (SEMVER-MINOR) no longer require flag to enable wasi (Michael Dawson) #​47286

Commits

• [2ba08ac002] - benchmark: use cluster.isPrimary instead of cluster.isMaster (Deokjin Kim) #​48002
• [60ca69d96c] - benchmark: add eventtarget creation bench (Rafael Gonzaga) #​47774
• [d8233d96bb] - benchmark: add a benchmark for defaultResolve (Antoine du Hamel) #​47543
• [a1aabb6912] - benchmark: fix invalid requirementsURL (Deokjin Kim) #​47378
• [394c61caf9] - bootstrap: support namespaced builtins in snapshot scripts (Joyee Cheung) #​47467
• [0165a765a0] - bootstrap: do not expand process.argv[1] for snapshot entry points (Joyee Cheung) #​47466
• [cca557cdd9] - buffer: combine checking range of sourceStart in buf.copy (Deokjin Kim) #​47758
• [4c69be467c] - buffer: use private properties for brand checks in File (Matthew Aitken) #​47154
• [d002f9b6e2] - build: revert unkonwn ruff selector (Moshe Atlow) #​48753
• [93f77cb762] - build: set v8_enable_webassembly=false when lite mode is enabled (Cheng Shao) #​48248
• [1662e894f3] - build: add action to close stale PRs (Michael Dawson) #​48051
• [5ca437b288] - build: use pathlib for paths (Mohammed Keyvanzadeh) #​47581
• [72443bc54b] - build: refactor configure.py (Mohammed Keyvanzadeh) #​47667
• [d4eecb5be9] - build: add devcontainer configuration (Tierney Cyren) #​40825
• [803ed41144] - build: bump ossf/scorecard-action from 2.1.2 to 2.1.3 (dependabot[bot]) #​47367
• [48468c4413] - build: replace Python linter flake8 with ruff (Christian Clauss) #​47519
• [3ceb2c4387] - build: add node-core-utils to setup (Jiawen Geng) #​47442
• [fdc59b8e14] - build: bump github/codeql-action from 2.2.6 to 2.2.9 (dependabot[bot]) #​47366
• [3924893023] - build: update stale action from v7 to v8 (Rich Trott) #​47357
• [753185c5b0] - build: remove Python pip --no-user option (Christian Clauss) #​47372
• [67af0a6a2b] - build: avoid usage of pipes library (Mohammed Keyvanzadeh) #​47271
• [db910dd6b2] - build, deps, tools: avoid excessive LTO (Konstantin Demin) #​47313
• [35d1def891] - child_process: use signal.reason in child process abort (Debadree Chatterjee) #​47817
• [7692d2e7b9] - cluster: use ObjectPrototypeHasOwnProperty (Daeyeon Jeong) #​48141
• [7617772762] - crypto: use openssl's own memory BIOs in crypto_context.cc (GauriSpears) #​47160
• [8cabfe7c6e] - crypto: fix setEngine() when OPENSSL_NO_ENGINE set (Tobias Nießen) #​47977
• [de1338da05] - crypto: fix webcrypto private/secret import with empty usages (Filip Skokan) #​47877
• [27a696fda9] - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) #​47659
• [e2292f936e] - crypto: remove INT_MAX restriction in randomBytes (Tobias Nießen) #​47559
• [a5f214c00c] - crypto: replace THROW with CHECK for scrypt keylen (Tobias Nießen) #​47407
• [dd42214fd4] - crypto: unify validation of checkPrime checks (Tobias Nießen) #​47165
• [76e4d12fb3] - crypto: re-add padding for AES-KW wrapped JWKs (Filip Skokan) #​46563
• [9d894c17dd] - crypto: use WebIDL converters in WebCryptoAPI (Filip Skokan) #​46067
• [6f3a8b45a5] - deps: update ada to 2.5.0 (Node.js GitHub Bot) #​48223
• [075b6db919] - deps: update ada to 2.4.2 (Node.js GitHub Bot) #​48092
• [a4ee1f652c] - deps: update ada to 2.4.1 (Node.js GitHub Bot) #​48036
• [81b514d3f0] - deps: update ada to 2.4.0 (Node.js GitHub Bot) #​47922
• [575ddf694f] - deps: update ada to 2.3.1 (Node.js GitHub Bot) #​47893
• [2d03d5f458] - deps: update ada to 2.3.0 (Node.js GitHub Bot) #​47737
• [42e690f2d5] - deps: update ada to 2.2.0 (Node.js GitHub Bot) #​47678
• [08dd271521] - deps: update ada to 2.1.0 (Node.js GitHub Bot) #​47598
• [96c50ba71f] - deps: update ada to 2.0.0 (Node.js GitHub Bot) #​47339
• [4d1c38b758] - deps: update zlib to 337322d (Node.js GitHub Bot) #​48218
• [74206b2549] - deps: update histogram 0.11.8 (Marco Ippolito) #​47742
• [fbb4b3775d] - deps: update histogram to 0.11.7 (Marco Ippolito) #​47742
• [e88c079022] - deps: update simdutf to 3.2.12 (Node.js GitHub Bot) #​48118
• [48bd1248b9] - deps: update minimatch to 9.0.1 (Node.js GitHub Bot) #​48094
• [d4572d31fa] - deps: update corepack to 0.18.0 (Node.js GitHub Bot) #​48091
• [8090d29dc4] - deps: update uvwasi to 0.0.18 (Node.js GitHub Bot) #​47866
• [169c8eea2e] - deps: update uvwasi to 0.0.17 (Node.js GitHub Bot) #​47866
• [6acbb23380] - deps: upgrade npm to 9.6.7 (npm team) #​48062
• [e8f2c0a58b] - deps: update undici to 5.22.1 (Node.js GitHub Bot) #​47994
• [9309fd3120] - deps: update simdutf to 3.2.9 (Node.js GitHub Bot) #​47983
• [b796d3560a] - deps: upgrade npm to 9.6.6 (npm team) #​47862
• [cce372e14e] - deps: V8: cherry-pick c5ab3e4 (Richard Lau) #​47736
• [7283486adb] - deps: update undici to 5.22.0 (Node.js GitHub Bot) #​47679
• [2ea6e03003] - deps: add minimatch as a dependency (Moshe Atlow) #​47499
• [261e1d23d1] - deps: update ICU to 73.1 release (Steven R. Loomis) #​47456
• [f532f9df5f] - deps: update undici to 5.21.2 (Node.js GitHub Bot) #​47508
• [dcb8c038b9] - deps: update simdutf to 3.2.8 (Node.js GitHub Bot) #​47507
• [6c8456d61f] - deps: update undici to 5.21.1 (Node.js GitHub Bot) #​47488
• [d3b2e8a438] - deps: update simdutf to 3.2.7 (Node.js GitHub Bot) #​47473
• [64a5fe0499] - deps: update corepack to 0.17.2 (Node.js GitHub Bot) #​47474
• [6f0f61a7d3] - deps: upgrade npm to 9.6.4 (npm team) #​47432
• [443a72e207] - deps: update zlib to upstream 5edb52d (Luigi Pinca) #​47151
• [dc3bc46914] - deps: update simdutf to 3.2.3 (Node.js GitHub Bot) #​47331
• [b2f2bebbc2] - deps: update timezone to 2023c (Node.js GitHub Bot) #​47302
• [c10729ffa7] - deps: upgrade npm to 9.6.3 (npm team) #​47325
• [420deac1de] - deps: update corepack to 0.17.1 (Node.js GitHub Bot) #​47156
• [966ba28491] - deps: V8: cherry-pick 3e4952c (Richard Lau) #​47236
• [fc6ab26824] - deps: update timezone to 2023b (Node.js GitHub Bot) #​47256
• [2700e70215] - deps: upgrade npm to 9.6.2 (npm team) #​47108
• [29ba98a0a5] - deps: V8: cherry-pick 975ff4d (Debadree Chatterjee) #​47209
• [be34777be8] - deps: cherry-pick win/arm64/clang fixes (Cheng Zhao) #​47011
• [b52aacb614] - deps: update uvwasi to v0.0.16 (Michael Dawson) #​46434
• [27a76cf5e0] - deps,test: update postject to 1.0.0-alpha.6 (Node.js GitHub Bot) #​48072
• [b171c1a3a4] - dgram: convert macro to template (Tobias Nießen) #​47891
• [709bf1c758] - (SEMVER-MINOR) dns: expose getDefaultResultOrder (btea) #​46973
• [2f202c93e7] - doc: clarify array args to Buffer.from() (Bryan English) #​48274
• [27f195f8d8] - doc: document watch option for node:test run() (Moshe Atlow) #​48256
• [7558ef350a] - doc: update documentation for FIPS support (Richard Lau) #​48194
• [f2bb1919e5] - doc: improve the documentation of the stdio option (Kumar Arnav) #​48110
• [a2aa52ba92] - doc: update Buffer.allocUnsafe description (sinkhaha) #​48183
• [19ad471d52] - doc: update codeowners with website team (Claudio Wunder) #​48197
• [67b2c2a98f] - doc: fix broken link to new folder doc/contributing/maintaining (Andrea Fassina) #​48205
• [795ca70815] - doc: add atlowChemi to triagers (Chemi Atlow) #​48104
• [e437a0aff1] - doc: fix typo in readline completer function section (Vadym) #​48188
• [92e0ea496d] - doc: remove broken link for keygen (Rich Trott) #​48176
• [fe15dae8e6] - doc: add auto intrinsic height to prevent jitter/flicker (Daniel Holbert) #​48195
• [230335e21f] - doc: add version info on the SEA docs (Antoine du Hamel) #​48173
• [e6f37d1b80] - doc: add Ruy to list of TSC members (Michael Dawson) #​48172
• [69205a250c] - doc: update socket.remote* properties documentation (Saba Kharanauli) #​48139
• [e4a5d6298c] - doc: update outdated section on TLSv1.3-PSK (Tobias Nießen) #​48123
• [d14018ed99] - doc: improve HMAC key recommendations (Tobias Nießen) #​48121
• [e9d4baf770] - doc: clarify mkdir() recursive behavior (Stephen Odogwu) #​48109
• [3e4a469139] - doc: fix typo in crypto legacy streams API section (Tobias Nießen) #​48122
• [bdf366ab88] - doc: update SEA source link (Rich Trott) #​48080
• [2a4f79a75f] - doc: clarify tty.isRaw (Roberto Vidal) #​48055
• [98c6e4be03] - doc: use secure key length for HMAC generateKey (Tobias Nießen) #​48052
• [8ae5c8cf9d] - doc: update broken EVP_BytesToKey link (Rich Trott) #​48064
• [3c713e7caa] - doc: update broken spkac link (Rich Trott) #​48063
• [c22f739e94] - doc: document node-api version process (Chengzhong Wu) #​47972
• [ce859f9f9f] - doc: fix typo in binding functions (Deokjin Kim) #​48003
• [070c3457b7] - doc: mark Node.js 14 as End-of-Life (Richard Lau) #​48023
• [3611027d8e] - doc: clarify CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED (Tobias Nießen) #​47976
• [dbffad958c] - doc: add missing deprecated blocks to cluster (Tobias Nießen) #​47981
• [035356f711] - doc: update description of global (Tobias Nießen) #​47969
• [081a6ffaea] - doc: update measure memory rejection information (Yash Ladha) #​41639
• [3460cf9c23] - doc: fix broken link to TC39 import attributes proposal (Rich Trott) #​47954
• [3b018c8aa9] - doc: fix broken link (Rich Trott) #​47953
• [244db960a9] - doc: remove broken link (Rich Trott) #​47942
• [2cc8715bb9] - doc: document make lint-md-clean (Matteo Collina) #​47926
• [b80e006c17] - doc: mark global object as legacy (Mert Can Altın) #​47819
• [bf4eb058f3] - doc: ntfs junction points must link to directories (Ben Noordhuis) #​47907
• [49875f0d69] - doc: fix params names (Dmitry Semigradsky) #​47853
• [94b5eaaf17] - doc: update supported version of FreeBSD to 12.4 (Michaël Zasso) #​47838
• [0114201825] - doc: swap Matteo with Rafael in the stewards (Rafael Gonzaga) #​47841
• [8bcfcc0af9] - doc: add valgrind suppression details (Kevin Eady) #​47760
• [75d397ecab] - doc: replace EOL versions in README (Tobias Nießen) #​47833
• [2b0c57cb80] - doc: add ovflowd to collaborators (Claudio Wunder) #​47844
• [be4966977c] - doc: update BUILDING.md previous versions links (Tobias Nießen) #​47835
• [a9e8a20fb8] - doc: create maintaining folder for deps (Marco Ippolito) #​47589
• [fd0f362d7c] - doc: remove MoLow from Triagers (Moshe Atlow) #​47792
• [0927c67ab6] - doc: fix typo in webstreams.md (Christian Takle) #​47766
• [994be578da] - doc: move BethGriggs to regular member (Rich Trott) #​47776
• [64d19f4678] - doc: move addaleax to TSC emeriti (Anna Henningsen) #​47752
• [33ec10e6b8] - doc: add link to news for Node.js core (Michael Dawson) #​47704
• [2a682b5efe] - doc: async_hooks asynchronous content example add mjs code (btea) #​47401
• [4f541c3ca3] - doc: clarify concurrency model of test runner (Tobias Nießen) #​47642
• [ffcff68f0d] - doc: fix typos (Mohammed Keyvanzadeh) #​47685
• [290b2b7afc] - doc: fix capitalization of ASan (Mohammed Keyvanzadeh) #​47676
• [b4ca788878] - doc: fix typos in SECURITY.md (Mohammed Keyvanzadeh) #​47677
• [971c545a47] - doc: update error code of buffer (Deokjin Kim) #​47617
• [ec5c919928] - doc: change offset of example in Buffer.copyBytesFrom (Deokjin Kim) #​47606
• [980bf052c7] - doc: remove markdown link from heading (Tobias Nießen) #​47585
• [e96451ec5e] - doc: fix release-post script location (Rafael Gonzaga) #​47517
• [61ea15339c] - doc: add link for news from uvwasi team (Michael Dawson) #​47531
• [d40bcdd73e] - doc: add missing setEncoding call in ESM example (Anna Henningsen) #​47558
• [924dc909b3] - doc: fix typo in util.types.isNativeError() (Julian Dax) #​47532
• [a24d72a6fb] - doc: add KhafraDev to collaborators (Matthew Aitken) #​47510
• [b0196378b6] - doc: create maintaining-brotli.md (Marco Ippolito) #​47380
• [3902be8fe8] - doc: info on handling unintended breaking changes (Michael Dawson) #​47426
• [670f9a591d] - doc: add performance initiative (Yagiz Nizipli) #​47424
• [89a5d04a8e] - doc: do not create a backup file (Luigi Pinca) #​47151
• [7f2bccc5d6] - doc: add MoLow to the TSC (Colin Ihrig) #​47436
• [7db2e889ac] - doc: add a note about os.cpus() returning an empty list (codedokode) #​47363
• [289a8e30d6] - doc: clarify reports are only evaluated on active versions (Rafael Gonzaga) #​47341
• [dc22edb4d2] - doc: remove Vladimir de Turckheim from Security release stewards (Vladimir de Turckheim) #​47318
• [3e74a74da3] - doc: add importing util to example of `process.report.getReport' (Deokjin Kim) #​47298
• [ece029f64e] - doc: vm.SourceTextModule() without context option (Axel Kittenberger) #​47295
• [c7227204cc] - doc: document process for sharing project news (Michael Dawson) #​47189
• [2865cbb4bd] - doc: revise example of assert.CallTracker (Deokjin Kim) #​47252
• [81ebaf2670] - doc: fix typo in SECURITY.md (Rich Trott) #​47282
• [faabd48f11] - doc: use serial comma in cli docs (Tobias Nießen) #​47262
• [3a85794089] - doc: improve example for Error.captureStackTrace() (Julian Dax) #​46886
• [2114fa472b] - doc: clarify http error events after calling destroy() (Zach Bjornson) #​46903
• [d15f522d1f] - doc: update output of example in AbortController (Deokjin Kim) #​47227
• [ab6588e343] - doc: drop one-week branch sync on major releases (Rafael Gonzaga) #​47149
• [6ac52e3061] - doc: fix grammar in the collaborator guide (Mohammed Keyvanzadeh) #​47245
• [13175774a6] - doc: update stream.reduce concurrency note (Raz Luvaton) #​47166
• [1e97ccd6d4] - doc: remove use of DEFAULT_ENCODING in PBKDF2 docs (Tobias Nießen) #​47181
• [d562a7c461] - doc: fix typos in async_context.md (Shubham Sharma) #​47155
• [9a11788cdf] - doc: update collaborator guide to reflect TSC changes (Rich Trott) #​47126
• [5fc2bb763f] - doc: clarify that fs.create{Read,Write}Stream support AbortSignal (Antoine du Hamel) #​47122
• [2dd3b0213e] - doc: improve documentation for util.types.isNativeError() (Julian Dax) #​46840
• [ce4636e36b] - doc: rename the startup performance initiative to startup snapshot (#​47111) (Joyee Cheung)
• [309d017f15] - doc: fix "maintaining dependencies" heading typos (Keyhan Vakil) #​47082
• [230a984eb3] - doc: include webstreams in finished() and Duplex.from() parameters (Debadree Chatterjee) #​46312
• [8651ea822e] - doc,fs: update description of fs.stat() method (Mert Can Altın) #​47654
• [e4539e1f19] - doc,test: update the v8.startupSnapshot doc and test the example (Joyee Cheung) #​47468
• [3dddc0175f] - doc,test: fix concurrency option of test() (Tobias Nießen) #​47734
• [563f9fe06a] - doc,vm: clarify usage of cachedData in vm.compileFunction() (Darshan Sen) #​48193
• [316016ffac] - esm: avoid accessing lazy getters for urls (Yagiz Nizipli) #​47542
• [e5e385d2b2] - esm: increase test coverage of edge cases (Antoine du Hamel) #​47033
• [061fb20660] - (SEMVER-MINOR) events: add getMaxListeners method (Matthew Aitken) #​47039
• [ed0b62cc01] - (SEMVER-MINOR) fs: add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #​47084
• [9b44c56c9a] - fs: make readdir recursive algorithm iterative (Ethan Arrowood) #​47650
• [7273ef53b3] - (SEMVER-MINOR) fs: add recursive option to readdir and opendir (Ethan Arrowood) #​41439
• [3f0636d2c1] - (SEMVER-MINOR) fs: add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) #​47084
• [a0b9853251] - (SEMVER-MINOR) fs: implement byob mode for readableWebStream() (Debadree Chatterjee) #​46933
• [709e368708] - http: send implicit headers on HEAD with no body (Matteo Collina) #​48108
• [dc318f26c0] - (SEMVER-MINOR) http: prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) #​47732
• [4b2a015642] - (SEMVER-MINOR) http: remove internal error in assignSocket (Matteo Collina) #​47723
• [7cef6aa721] - (SEMVER-MINOR) http: add highWaterMark opt in http.createServer (HinataKah0) #​47405
• [9186f3a0ef] - http2: improve nghttp2 error callback (Tobias Nießen) #​47840
• [cc7e5dd4cd] - inspector: add tips for Session (theanarkh) #​47195
• [70c0e882d3] - inspector: log response and requests in the inspector for debugging (Joyee Cheung) #​46941
• [6099d2d08b] - inspector: fix session.disconnect crash (theanarkh) #​46942
• [156292d44a] - lib: create weakRef only if any signals provided (Chemi Atlow) #​48448
• [efaa073303] - (SEMVER-MINOR) lib: implement AbortSignal.any() (Chemi Atlow) #​47821
• [c46b31f3bf] - lib: support FORCE_COLOR for non TTY streams (Moshe Atlow) #​48034
• [286c358832] - lib: do not disable linter for entire files (Antoine du Hamel) #​48299
• [a2552ab7c0] - lib: use existing isWindows variable (sinkhaha) #​48134
• [2b65625281] - lib: update comment (sinkhaha) #​47884
• [fa447b5120] - lib: use webidl DOMString converter in EventTarget (Matthew Aitken) #​47514
• [33f32dc318] - lib: define Event.isTrusted in the prototype (Santiago Gimeno) #​46974
• [50789a5e4a] - lib: refactor to use validateBuffer (Deokjin Kim) #​46489
• [3658abea26] - (SEMVER-MINOR) lib: add webstreams to Duplex.from() (Debadree Chatterjee) #​46190
• [fcf3781d22] - lib,src,test: lint codebase according new rules for v18.x (Juan José Arboleda) #​48697
• [b55dc53422] - meta: bump github/codeql-action from 2.3.3 to 2.3.6 (dependabot[bot]) #​48287
• [8ac4579d85] - meta: bump actions/setup-python from 4.6.0 to 4.6.1 (dependabot[bot]) #​48286
• [b1854fe9c1] - meta: bump codecov/codecov-action from 3.1.3 to 3.1.4 (dependabot[bot]) #​48285
• [d9448b8d93] - meta: remove dont-land-on-v14 auto labeling (Shrujal Shah) #​48031
• [bb859768b6] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​48010
• [af90fb939b] - meta: bump step-security/harden-runner from 2.3.1 to 2.4.0 (Rich Trott) #​47980
• [4dcf5e2052] - meta: bump github/codeql-action from 2.3.2 to 2.3.3 (Rich Trott) #​47979
• [dab3186ea2] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (Rich Trott) #​47968
• [546224c13c] - meta: add security-wg ping to permission.js (Rafael Gonzaga) #​47941
• [353dfbd2d6] - meta: bump step-security/harden-runner from 2.2.1 to 2.3.1 (dependabot[bot]) #​47808
• [20a5cc27ec] - meta: bump actions/setup-python from 4.5.0 to 4.6.0 (dependabot[bot]) #​47806
• [eef6442d8d] - meta: bump actions/checkout from 3.3.0 to 3.5.2 (dependabot[bot]) #​47805
• [e30e6a718a] - meta: remove extra space in scorecard workflow (Mestery) #​47805
• [2d13cdebc4] - meta: bump github/codeql-action from 2.2.9 to 2.3.2 (dependabot[bot]) #​47809
• [f0d8352ed8] - meta: bump codecov/codecov-action from 3.1.1 to 3.1.3 (dependabot[bot]) #​47807
• [7e95fba0ff] - meta: fix dependabot commit message (Mestery) #​47810
• [d31d9c7c28] - meta: ping nodejs/startup for startup test changes (Joyee Cheung) #​47771
• [077686055b] - meta: add mailmap entry for KhafraDev (Rich Trott) #​47512
• [e50eb6570a] - meta: ping security-wg team on permission model changes (Rafael Gonzaga) #​47483
• [2df1a36214] - meta: ping startup and realm team on src/node_realm* changes (Joyee Cheung) #​47448
• [c7dc6e321b] - meta: fix notable-change comment label url (Filip Skokan) #​47300
• [e859ca44d5] - meta: clarify the threat model to explain the JSON.parse case (Matteo Collina) #​47276
• [1f08f4848d] - meta: update link to collaborators discussion page (Michaël Zasso) #​47211
• [3b524cbf86] - meta: automate description requests when notable change label is added (Danielle Adams) #​47078
• [da16ca7c59] - meta: move TSC voting member(s) to regular member(s) (Node.js GitHub Bot) #​47180
• [0c80e60d7e] - meta: move TSC voting member to regular membership (Node.js GitHub Bot) #​46985
• [0edcfed895] - meta: update GOVERNANCE.md to reflect TSC charter changes (Rich Trott) #​47126
• [baada5d035] - meta: ask expected behavior reason in bug template (Ben Noordhuis) #​47049
• [5d75ec402e] - module: reduce the number of URL initializations (Yagiz Nizipli) #​48272
• [c5af5a4f4f] - module: change default resolver to not throw on unknown scheme (Gil Tayar) #​47824
• [cf8845d001] - module: block requiring test/reporters without scheme (Moshe Atlow) #​47831
• [ce7e6c6765] - (SEMVER-MINOR) node-api: define version 9 (Chengzhong Wu) #​48151
• [53c02b20b8] - node-api: add status napi_cannot_run_js (Gabriel Schulhof) #​47986
• [4b280d5361] - node-api: napi_ref on all types is experimental (Vladimir Morozov) #​47975
• [e2553b12e7] - (NODE-API-SEMVER-MAJOR) node-api: get Node API version used by addon (Vladimir Morozov) #​45715
• [beaad7f692] - node-api: test passing NULL to napi_define_class (Gabriel Schulhof) #​47567
• [6ab892780c] - node-api: test passing NULL to number APIs (Gabriel Schulhof) #​47549
• [a67e5ea89c] - node-api: remove unused mark_arraybuffer_as_untransferable (Chengzhong Wu) #​47557
• [7019d48ba1] - (SEMVER-MINOR) node-api: deprecate napi_module_register (Vladimir Morozov) #​46319
• [395c56bd7c] - node-api: extend type-tagging to externals (Gabriel Schulhof) #​47141
• [6e66371eee] - node-api: document node-api shutdown finalization (Chengzhong Wu) #​45903
• [d8d2d33efb] - node-api: verify cleanup hooks order (Chengzhong Wu) #​46692
• [b34eaf393e] - path: indicate index of wrong resolve() parameter (sosoba) #​47660
• [13bc5488a1] - permission: remove unused function declaration (Deokjin Kim) #​47957
• [5f8aef477e] - quic: address recent coverity warning (Michael Dawson) #​47753
• [75d7024ecd] - quic: add more QUIC implementation (James M Snell) #​47494
• [24840832bd] - quic: add more QUIC impl (James M Snell) #​47348
• [114b8479b4] - readline: fix issue with newline-less last line (Ian Harris) #​47317
• [e668efac6b] - repl: preserve preview on ESCAPE key press (Xuguang Mei) #​46878
• [7306b0f733] - sea: fix memory leak detected by asan (Darshan Sen) #​47309
• [1f2c91f98a] - src: use std::array for passing argv in node::url (Anna Henningsen) #​47035
• [36bf06904f] - src: add Realm document in the src README.md (Chengzhong Wu) #​47932
• [5445835671] - src: check node_extra_ca_certs after openssl cfg (Raghu Saxena) #​48159
• [[eb96856555](https://togithub.com/nodejs/node/commit/eb

---

Configuration

📅 Schedule: Branch creation - "every 1 hour every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[pix-bot-github]

Une fois l'application déployée, elle sera accessible à cette adresse https://bot-pr284.review.pix.fr
Les variables d'environnement seront accessibles sur scalingo https://dashboard.scalingo.com/apps/osc-fr1/pix-bot-review-pr284/environment

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.