Update Node.js to v16

[renovate]

This PR contains the following updates:

Package	Type	Update	New value	References	Sourcegraph
node	engines	major	>=v16.13.2	source
@types/node	devDependencies	major	16.11.21	source

---

Release Notes

nodejs/node

v16.13.2

Compare Source

This is a security release.

Notable changes

Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.

Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44531 after publication.

Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)

Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.

Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44532 after publication.

Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)

Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.

Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.

More details will be available at CVE-2021-44533 after publication.

Prototype pollution via console.table properties (Low)(CVE-2022-21824)

Due to the formatting logic of the console.table() function it was not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be __proto__. The prototype pollution has very limited control, in that it only allows an empty string to be assigned numerical keys of the object prototype.

Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to.

More details will be available at CVE-2022-21824 after publication.

Thanks to Patrik Oldsberg (rugvip) for reporting this vulnerability.

Commits

• [8dd4ca4537] - console: fix prototype pollution via console.table (Tobias Nießen) nodejs-private/node-private#​307
• [e52882da4c] - crypto,tls: implement safe x509 GeneralName format (Tobias Nießen) nodejs-private/node-private#​300
• [9a0a189b0b] - src: add cve reverts and associated tests (Michael Dawson) nodejs-private/node-private#​300
• [4a262d42bc] - src: remove unused x509 functions (Tobias Nießen) nodejs-private/node-private#​300
• [965536fe3d] - tls: fix handling of x509 subject and issuer (Tobias Nießen) nodejs-private/node-private#​300
• [a2cbfa95ff] - tls: drop support for URI alternative names (Tobias Nießen) nodejs-private/node-private#​300

v16.13.1

Compare Source

Notable Changes

• [c14eb2325d] - deps: upgrade npm to 8.1.2 (npm team) #​40643
• [a901b6c53c] - deps: update c-ares to 1.18.1 (Richard Lau) #​40660
  • This release contains a c-ares update to fix a regression introduced in Node.js v16.6.2 resolving CNAME records containing underscores (#​39780).
• [755c08573f] - doc: add VoltrexMaster to collaborators (voltrexmaster) #​40566
• [881dd7ba2a] - lib: fix regular expression to detect `/` and `\` (Francesco Trotta) #​40325

Commits

• [996bc6e840] - benchmark: increase crypto DSA keygen params (Brian White) #​40416
• [27009092c8] - build: skip long-running Actions for README-only modifications (Rich Trott) #​40571
• [4581997ed0] - build: disable v8 pointer compression on 32bit archs (Cheng Zhao) #​40418
• [17433060d4] - build: fix actions pull request's branch (Mestery) #​40494
• [bfdd32fa62] - build: avoid run find inactive authors on forked repo (Jiawen Geng) #​40465
• [134e8afc59] - build: update codeowners-validator to 0.6 (FrankQiu) #​40307
• [de125a556c] - crypto: avoid double free (Michael Dawson) #​40380
• [c14eb2325d] - deps: upgrade npm to 8.1.2 (npm team) #​40643
• [a901b6c53c] - deps: update c-ares to 1.18.1 (Richard Lau) #​40660
• [76e2c3769e] - deps: upgrade npm to 8.1.1 (npm team) #​40554
• [91c3cf5d0a] - deps: V8: cherry-pick 422dc37 (Ray Wang) #​40450
• [769336ab8c] - deps: add riscv64 config into openssl gypi (Lu Yahan) #​40473
• [76d1b5d868] - deps: patch V8 to 9.4.146.24 (Michaël Zasso) #​40616
• [23d11a1dd9] - dgram: fix send with out of bounds offset + length (Nitzan Uziely) #​40568
• [45bdc77dc0] - doc: update cjs-module-lexer repo link (Guy Bedford) #​40707
• [de5c5c8509] - doc: remove --experimental-modules documentation (FrankQiu) #​38974
• [befac5ddd9] - doc: update tracking issues of startup performance (Joyee Cheung) #​40629
• [3cb74d72f8] - doc: fix markdown syntax and HTML tag misses (ryan) #​40608
• [eea061f8f1] - doc: use 'GitHub Actions workflow' instead (Mestery) #​40586
• [7a6e833677] - doc: add node: url scheme (Daniel Nalborczyk) #​40573
• [d72fb7df4a] - doc: call cwd function (Daniel Nalborczyk) #​40573
• [d732ff4614] - doc: remove unused imports (Daniel Nalborczyk) #​40573
• [e2114e21f4] - doc: add info on project's usage of coverity (Michael Dawson) #​40506
• [d38077babe] - doc: fix typo in changelogs (Luigi Pinca) #​40585
• [7c7f8791c6] - doc: update onboarding task (Rich Trott) #​40570
• [0a7c4ff248] - doc: simplify ccache instructions (Rich Trott) #​40550
• [5593dd1b25] - doc: fix macOS environment variables for ccache (Rich Trott) #​40550
• [2d4a042675] - doc: improve async_context introduction (Michaël Zasso) #​40560
• [9fcfef09ac] - doc: use GFM footnotes in webcrypto.md (Rich Trott) #​40477
• [579f01c0a3] - doc: describe buffer limit of v8.serialize (Ray Wang) #​40243
• [3b6cf090a0] - doc: use GFM footnotes in maintaining-V8.md (#​40476) (Rich Trott) #​40476
• [dea701004e] - doc: fix fs.symlink code example (Juan José Arboleda) #​40414
• [595117ff0b] - doc: explain backport labels (Stephen Belanger) #​40520
• [042f01e3ed] - doc: fix entry for Slack channel in onboarding.md (Rich Trott) #​40563
• [755c08573f] - doc: add VoltrexMaster to collaborators (voltrexmaster) #​40566
• [c029d0b61f] - doc: document considerations for inclusion in core (Rich Trott) #​40338
• [836fc274e4] - Revert "doc: fix typo in stream docs" (Luigi Pinca) #​40819
• [b3a12767a4] - doc: update link in onboarding doc (Rich Trott) #​40539
• [aa47c9f38f] - doc: clarify behavior of napi_extended_error_info (Michael Dawson) #​40458
• [bf88328bdc] - doc: add updating expected assets to release guide (Richard Lau) #​40470
• [621266afc7] - doc: format doc/api/*.md with markdown formatter (Rich Trott) #​40403
• [7b746381ce] - doc: specify that maxFreeSockets is per host (Luigi Pinca) #​40483
• [934dcc85c3] - doc: update Collaborator guide to reflect GitHub web UI update (Antoine du Hamel) #​40456
• [4724e07476] - doc: indicate n-api out params that may be NULL (Isaac Brodsky) #​40371
• [3b1499c971] - doc: update CHANGELOG.md for Node.js 16.13.0 (Richard Lau) #​40617
• [881dd7ba2a] - lib: fix regular expression to detect `/` and `\` (Francesco Trotta) #​40325
• [0a8c33123e] - lib,url: correct URL's argument to pass idlharness (Khaidi Chu) #​39848
• [480f0e1d20] - meta: use form schema for flaky test template (Michaël Zasso) #​40737
• [55ff97342d] - meta: update AUTHORS (Node.js GitHub Bot) #​40668
• [ef46cb428d] - meta: consolidate AUTHORS entries for brettkiefer (Rich Trott) #​40599
• [7230b6d33d] - meta: consolidate AUTHORS entries for alexzherdev (Rich Trott) #​40620
• [9e12ed4f68] - meta: consolidate AUTHORS entries for Azard (Rich Trott) #​40619
• [97aa8e42b8] - meta: move Fishrock123 to emeritus (Jeremiah Senkpiel) #​40596
• [7b1c89f357] - meta: consolidate AUTHORS entries for clakech (Rich Trott) #​40589
• [0003cb6b3b] - meta: consolidate AUTHORS entries for darai0512 (Rich Trott) #​40569
• [7590bacec1] - meta: update AUTHORS (Node.js GitHub Bot) #​40580
• [a5475df083] - meta: consolidate AUTHORS entries for dfabulich (Rich Trott) #​40527
• [c021a7f169] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​40464
• [d64cf1706c] - meta: add Richard Lau to TSC list in README.md (Rich Trott) #​40523
• [d09b8239bf] - meta: consolidate AUTHORS entries for dguo (Rich Trott) #​40517
• [66192060e7] - meta: consolidate AUTHORS entries for cxreg (Rich Trott) #​40490
• [b4f51276cb] - meta: update AUTHORS (Node.js GitHub Bot) #​40485
• [2a2b549a28] - meta: consolidate AUTHORS entries for emanuelbuholzer (Rich Trott) #​40469
• [618bbbf2f4] - meta: consolidate AUTHORS entries for ebickle (Rich Trott) #​40447
• [06706e8dd2] - meta: add typings to label-pr-config (Mestery) #​40401
• [e2c9e1ccdd] - meta: consolidate AUTHORS entries for evantorrie (Rich Trott) #​40430
• [dab574e937] - policy: fix message for invalid manifest specifier (Rich Trott) #​40574
• [58de6cebb6] - process: refactor execution (Voltrex) #​40664
• [bc0eb0a3ea] - src: make LoadEnvironment with string work with builtin modules path (Michaël Zasso) #​40607
• [2c8a6ec28e] - src: remove usage of AllocatedBuffer from node_http2 (Darshan Sen) #​40584
• [59c26a2b2c] - src: fix #endif description in crypto_keygen.h (Tobias Nießen) #​40639
• [789fef1309] - src: throw error instead of assertion (Ray Wang) #​40243
• [7a8a6deee7] - src: register external references in os bindings (Joyee Cheung) #​40239
• [7bb3d43432] - src: register external references in crypto bindings (Joyee Cheung) #​40239
• [143c881ccb] - src: add missing inialization in agent.h (Michael Dawson) #​40379
• [c15afda79f] - src: get embedder options on-demand (Joyee Cheung) #​40357
• [ff3b7d228e] - src: ensure V8 initialized before marking milestone (Shelley Vohr) #​40405
• [774bc46327] - src,crypto: remove AllocatedBuffer from crypto_cipher.cc (Darshan Sen) #​40400
• [4030eff3d6] - src,fs: remove ToLocalChecked() call from fs::AfterMkdirp() (Darshan Sen) #​40386
• [3ac99a2417] - src,stream: remove *Check*() calls from non-Initialize() functions (Darshan Sen) #​40425
• [36d3b123a0] - stream: support array of streams in promises pipeline (Mestery) #​40193
• [01ffe0316c] - test: deflake child-process-pipe-dataflow (Luigi Pinca) #​40838
• [63b44fc429] - test: skip macos sandbox test with builtin modules path (Michaël Zasso) #​40607
• [3d50997ccb] - test: add semicolon after chunk size (Luigi Pinca) #​40487
• [f114e35115] - test: deflake http2-cancel-while-client-reading (Luigi Pinca) #​40659
• [f778fa230b] - test: test crypto.setEngine() using an actual engine (Darshan Sen) #​40481
• [b9533c592a] - test: use conventional argument order in assertion (Tobias Nießen) #​40591
• [e72c95c580] - test: fix test description (Luigi Pinca) #​40486
• [af4e682758] - test: pass URL's toascii.window.js WPT (Khaidi Chu) #​39910
• [6de88bc5ed] - test: adjust CLI flags test to ignore blank lines in doc (Rich Trott) #​40403
• [8226690097] - test: mark test-policy-integrity flaky on Windows (Rich Trott) #​40684
• [50c6666b37] - test: fix test-datetime-change-notify after daylight change (Piotr Rybak) #​40684
• [9227f2af79] - test: split test-crypto-dh.js (Joyee Cheung) #​40451
• [c593cff0af] - test,doc: correct documentation for runBenchmark() (Rich Trott) #​40683
• [aef809f5c8] - test,tools: increase pummel/benchmark test timeout from 4x to 6x (Rich Trott) #​40684
• [908f6447cd] - test,tools: increase timeout for benchmark tests (Rich Trott) #​40684
• [64c6575f44] - tools: simplify and fix commit queue (Michaël Zasso) #​40742
• [cba8eaf264] - tools: ensure the PR was not pushed before merging (Antoine du Hamel) #​40747
• [1c8590e1fe] - tools: update ESLint to 8.2.0 (Luigi Pinca) #​40734
• [18800dee0a] - tools: use GitHub Squash and Merge feature when using CQ (Antoine du Hamel) #​40666
• [48a785edb7] - tools: fix bug in prefer-primordials ESLint rule (Antoine du Hamel) #​40628
• [adde2a7a8c] - tools: add script to update c-ares (Richard Lau) #​40660
• [c12ce898e8] - tools: abort CQ session when landing several commits (Antoine du Hamel) #​40577
• [dd08e532a2] - tools: fix commit-lint workflow (Antoine du Hamel) #​40673
• [b4a80dba79] - tools: avoid fetch extra commits when validating commit messages (Antoine du Hamel) #​39128
• [2a53995442] - tools: update ESLint to 8.1.0 (Luigi Pinca) #​40582
• [8648e50183] - tools: fix formatting of warning message in update-authors.js (Rich Trott) #​40600
• [59de0f703f] - tools: udpate doc tools to accommodate GFM footnotes (Rich Trott) #​40477
• [abf3b84d77] - tools: add support for import assertions in linter (Antoine du Hamel) #​39924
• [04c2cbecb9] - tools: update tools/lint-md dependencies to support GFM footnotes (Rich Trott) #​40445
• [a9990876f7] - tools: update lint-md dependencies (Rich Trott) #​40404
• [f45814bad1] - tools,meta: remove exclusions from AUTHORS (Rich Trott) #​40648
• [7d550ad966] - tty: support more CI services in getColorDepth (Richie Bendall) #​40385
• [cdea5b671b] - typings: add more bindings typings (Mestery) #​40415
• [67c7d11f1a] - typings: add JSDoc typings for inspector (Voltrex) #​38390
• [fbe0323ebf] - typings: improve internal bindings typings (Mestery) #​40411
• [63ab0031c3] - typings: separate internalBinding typings (Mestery) #​40409

v16.13.0

Compare Source

Notable Changes

This release marks the transition of Node.js 16.x into Long Term Support (LTS)
with the codename 'Gallium'. The 16.x release line now moves into "Active LTS"
and will remain so until October 2022. After that time, it will move into
"Maintenance" until end of life in April 2024.

v16.12.0

Compare Source

Notable Changes

Experimental ESM Loader Hooks API

Node.js ESM Loader hooks have been consolidated to represent the steps involved needed to facilitate future loader chaining:

1. resolve: resolve [+ getFormat]
2. load: getFormat + getSource + transformSource

For consistency, getGlobalPreloadCode has been renamed to globalPreload.

A loader exporting obsolete hook(s) will trigger a single deprecation warning (per loader) listing the errant hooks.

Contributed by Jacob Smith, Geoffrey Booth, and Bradley Farias - https://github.com/nodejs/node/pull/37468

Other Notable Changes

• [8fdabcb918] - deps: upgrade npm to 8.1.0 (npm team) #​40463
• [d1d9f2de30] - doc: deprecate (doc-only) http abort related (dr-js) #​36670
• [4116b6c907] - (SEMVER-MINOR) vm: add support for import assertions in dynamic imports (Antoine du Hamel) #​40249

Commits

• [8bb3951e41] - build: remove duplicate check for authors.yml (Rich Trott) #​40393
• [2de57edced] - build: make scripts in gyp run with right python (Cheng Zhao) #​39730
• [a8926d199d] - crypto: remove incorrect constructor invocation (gc) #​40300
• [8fdabcb918] - deps: upgrade npm to 8.1.0 (npm team) #​40463
• [dca5ac1539] - deps: suppress zlib compiler warnings (Daniel Bevenius) #​40343
• [91c3bf6a7f] - deps: upgrade Corepack to 0.10 (Maël Nison) #​40374
• [7e02124a06] - dgram: add nread assertion to UDPWrap::OnRecv (Darshan Sen) #​40295
• [2d409ed29e] - dns: refactor and use validators (Voltrex) #​40022
• [dc7291dab8] - doc: remove ESLint comments which were breaking the CJS/ESM toggles (Mark Skelton) #​40408
• [85b7385115] - doc: add pronouns for tniessen to README (Tobias Nießen) #​40412
• [1d5857c9f4] - doc: format changelogs (Rich Trott) #​40388
• [5eb9402b50] - doc: fix missing variable in deepStrictEqual example (OliverOdo) #​40396
• [6f77d1a1d5] - doc: fix asyncLocalStorage.run() description (Constantine Kim) #​40381
• [93a48e02dc] - doc: fix typos in n-api docs (Ignacio Carbajo) #​40402
• [fb7afb91c2] - doc: format doc/guides using format-md task (Rich Trott) #​40358
• [6c091c7878] - doc: improve phrasing in fs.md (Arslan Ali) #​40255
• [38d81380ac] - doc: add link to core promises tracking issue (Michael Dawson) #​40355
• [71a94aa82a] - doc: correct ESM load hook table header (Jacob Smith) #​40234
• [5b074affb4] - doc: fix typo in esm.md (Mason Malone) #​40273
• [3b3aaa0a37] - doc: fix typo in ESM example (Tobias Nießen) #​40275
• [f848553fb8] - doc: assign missing deprecation number (Michaël Zasso) #​40324
• [d1d9f2de30] - doc: deprecate (doc-only) http abort related (dr-js) #​36670
• [1ef2cf8413] - doc: anchor link parity between markdown and html-generated docs (foxxyz) #​39304
• [3743406b0a] - (SEMVER-MINOR) esm: consolidate ESM loader hooks (Jacob Smith) #​37468
• [168020e1c8] - lib: refactor to use let (gdccwxx) #​40364
• [bcd59d70bb] - meta: consolidate AUTHORS entries for gabrielschulhof (Rich Trott) #​40420
• [80b4245db8] - meta: consolidate AUTHORS information for geirha (Rich Trott) #​40406
• [93cecb4700] - meta: consolidate duplicate AUTHORS entries for hassaanp (Rich Trott) #​40391
• [fff3135909] - meta: update AUTHORS (Node.js GitHub Bot) #​40392
• [122481713d] - meta: consolidate AUTHORS entry for thw0rted (Rich Trott) #​40387
• [7f50313fcc] - meta: update label-pr-config (Mestery) #​40199
• [5668182665] - meta: use .mailmap to consolidate AUTHORS entries for ide (Rich Trott) #​40367
• [bc86084a3e] - net: check if option is undefined (Daijiro Wachi) #​40344
• [4564a93e5e] - net: remove unused ObjectKeys (Daijiro Wachi) #​40344
• [dbb2e6f429] - net: check objectMode first and then readble || writable (Daijiro Wachi) #​40344
• [a672be57c8] - net: throw error to object mode in Socket (Daijiro Wachi) #​40344
• [faf9e28c36] - src: remove usage of AllocatedBuffer from stream_* (Darshan Sen) #​40293
• [857af2ba99] - src: add missing initialization (Michael Dawson) #​40370
• [2bfa87edbc] - stream: fix fromAsyncGen (Robert Nagy) #​40499
• [1e15137e71] - test: replace common port with specific number (Daijiro Wachi) #​40344
• [6f6b99c302] - test: fix typos in whatwg-webstreams explanations (Tobias Nießen) #​40389
• [641b1bb052] - test: add test for readStream.path when fd is specified (Qingyu Deng) #​40359
• [07dae7ff50] - test: replace .then chains with await (gdccwxx) #​40348
• [d8a36ee1de] - test: fix "test/common/debugger" identify async function (gdccwxx) #​40348
• [13d6a56c7d] - test: improve test coverage of fs.ReadStream with FileHandle (Antoine du Hamel) #​40018
• [50f91ab059] - tools: udpate @​babel/eslint-parser (Rich Trott) #​40394
• [3611073145] - tools: remove @​babel/plugin-syntax-import-assertions (Rich Trott) #​40394
• [b72d693a3a] - tools: remove @​bable/plugin-syntax-class-properties (Rich Trott) #​40394
• [d6a99b77da] - tools: remove @​babel/plugin-syntax-top-level-await (Rich Trott) #​40394
• [d9157aa5fe] - tools: update ESLint to 8.0.0 (Rich Trott) #​40394
• [43b97c7984] - tools: prepare ESLint rules for 8.0.0 requirements (Rich Trott) #​40394
• [282b6eb4b0] - tools: fix ESLint update scripts (Rich Trott) #​40394
• [c3a744f7bf] - tools: warn about duplicates when generating AUTHORS file (Rich Trott) #​40304
• [7733b5e55d] - typings: define types for os binding (Michaël Zasso) #​40222
• [ca9a854877] - typings: add missing types to options and util bindings (Michaël Zasso) #​40222
• [c3a7a0bd59] - typings: define types for timers binding (Michaël Zasso) #​40222
• [65b51d05fa] - typings: fix declaration of primordials (Michaël Zasso) #​40222
• [5f3f3a5128] - v8: remove --harmony-top-level-await (Geoffrey Booth) #​40226
• [4116b6c907] - (SEMVER-MINOR) vm: add support for import assertions in dynamic imports (Antoine du Hamel) #​40249

v16.11.1

Compare Source

This is a security release.

Notable changes

• CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
• CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

Commits

• [af488f8dc8] - deps: update llhttp to 6.0.4 (Matteo Collina) nodejs-private/node-private#​284
• [2d1eefad98] - http: add regression test for smuggling content length (Matteo Collina) nodejs-private/node-private#​284
• [45d419ab1c] - http: add regression test for chunked smuggling (Matteo Collina) nodejs-private/node-private#​284

v16.11.0

Compare Source

Notable Changes

• crypto
  • update root certificates (Richard Lau) #​40280
• deps
  • upgrade npm to 8.0.0 (npm team) #​40369
  • update nghttp2 to v1.45.1 (thunder-coding) #​40206
  • update V8 to 9.4.146.19 (Michaël Zasso) #​40285
• tools
  • update certdata.txt (Richard Lau) #​40280

Commits

• [34f3021ca3] - benchmark: add util.toUSVString()'s benchmark (Khaidi Chu) #​40203
• [f83b9bcb6f] - build: support Python 3.10.0 (FrankQiu) #​40296
• [3148f9b64e] - build: check for duplicates in new AUTHORS entries (Rich Trott) #​40264
• [48c162d457] - build: set DESTCPU correctly for 'make binary' on Apple Silicon (Chris Heisterkamp) #​40147
• [7fbfb66d41] - build: limit update authors CI scope (Jiawen Geng) #​40219
• [a1bee94502] - build: pass a tuple of alternatives to str.endswith() (Christian Clauss) #​40017
• [eaf9d08332] - build: add --no-user for pip commands in Makefile (Rich Trott) #​40169
• [e22ca06ac4] - build: fix "test-internet.yml" workflows (SURYAPRATAP SINGH SURYAVANSHI) #​40177
• [4da73d09bf] - (SEMVER-MINOR) build: reset embedder string to "-node.0" (Michaël Zasso) #​40285
• [4b117fbc81] - console: use validators for consistency (Voltrex) #​39812
• [6489423187] - console: avoid unnecessary variables (Pancake) #​40183
• [9af2592e69] - crypto: update root certificates (Richard Lau) #​40280
• [2fa5e5011f] - crypto: handle initEDRaw pkey failure (Shelley Vohr) #​40188
• [7968c79301] - crypto: don't call callback twice in case crypto.randomBytes fails (Guilherme Bernal) #​40157
• [b89c7ae297] - deps: upgrade npm to 8.0.0 (npm team) #​40369
• [947f3dc9af] - deps: V8: patch jinja2 for Python 3.10 compat (Michaël Zasso) #​40296
• [685c7d43a5] - (SEMVER-MINOR) deps: update nghttp2 to v1.45.1 (thunder-coding) #​40206
• [e7046e0ff1] - deps: restore minimum ICU version to 68 (Michaël Zasso) #​39470
• [a3db2033d4] - (SEMVER-MINOR) deps: make V8 9.4 abi-compatible with 9.0 (Michaël Zasso) #​40285
• [5cc24e6d76] - deps: V8: cherry-pick 9a60704 (Jiawen Geng) #​40046
• [8de5eb88d3] - deps: V8: cherry-pick 5681a65 (Michaël Zasso) #​39945
• [150d816edb] - deps: V8: cherry-pick bdcda72 (Michaël Zasso) #​39945
• [807b68b430] - deps: V8: cherry-pick 00bb1a7 (Darshan Sen) #​39829
• [be016948df] - deps: silence irrelevant V8 warning (Michaël Zasso) #​38990
• [22dcd3e4dc] - deps: silence irrelevant V8 warnings (Michaël Zasso) #​37587
• [1aea6a771b] - deps: fix V8 build issue with inline methods (Jiawen Geng) #​40060
• [e9812157f0] - deps: make v8.h compatible with VS2015 (Joao Reis) #​32116
• [88ae710057] - deps: V8: forward declaration of Rtl*FunctionTable (Refael Ackermann) #​32116
• [e810f0766f] - deps: V8: patch register-arm64.h (Refael Ackermann) #​32116
• [b8aabd5622] - deps: V8: un-cherry-pick bd019bd (Refael Ackermann) #​32116
• [309c4f05df] - (SEMVER-MINOR) deps: update V8 to 9.4.146.19 (Michaël Zasso) #​40285
• [69eaaf6321] - doc: format general markdown files (Rich Trott) #​40322
• [dc9c31985c] - doc: fix the inline code-block at the NodeDhKeyGenParams class (Justin) #​40341
• [8d0546db39] - doc: correct the codeblock for hmacImportParams.hash (Justin) #​40340
• [1db2ffd008] - doc: fix typo in stream docs (Juan José Arboleda) #​40337
• [abfcbcd14c] - doc: update fast-track approval comment request (voltrexmaster) #​40316
• [e2cd2f44f2] - doc: fix CVE-2021-22940 references (Michaël Zasso) #​40308
• [88bdbf1e29] - doc: format markdown files in test directory (Rich Trott) #​40290
• [f71ac57a86] - doc: add triagers to the table of contents (FrankQiu) #​39969
• [a5218b5313] - doc: update Forrest Norvell's pronouns (Forrest L Norvell) #​40292
• [d2e54e5d0c] - doc: reorder stream 'readable' paragraphs (Vincent Weevers) #​40212
• [1d0a3e1a0c] - doc: fix typo in fs (Brian White) #​40257
• [66edb7bfe1] - doc: fix typo in fs.md (Arslan Ali) #​40254
• [614a7c21f8] - doc: fix typo in packages.md (Arslan Ali) #​40230
• [9fa6dfbe76] - doc: fix example of crypto.generateKeySync (Gary Ho) #​40225
• [9a2b94a142] - doc: update fs.watchFile doc (Clément Nardi) #​40134
• [a68f91c884] - doc: add version when diagnostics_channel APIs were added (Gerhard Stöbich) #​40208
• [6bf67909ad] - doc: fix typo in 'maxHeaderSize' (Rebhi Alfa) #​40164
• [73a127ba7b] - doc: fix buffer api example code's token error (m3m0ry) #​40125
• [59db8293f4] - doc: fix typo in async_hooks.md (xuchaobei) #​40187
• [779dfd199b] - doc: make version picker usable on mobile (Evan Lucas) #​39958
• [7bd62f4809] - doc: fix typos in http.md (Luigi Pinca) #​40161
• [94b415b980] - doc: add blank line between comments (Rich Trott) #​40160
• [847b451d88] - doc: update markdown files in src for upcoming linting/formatting (Rich Trott) #​40159
• [cea7395858] - doc: update benchmarks README.md for upcoming linting/formatting (Rich Trott) #​40158
• [c231745837] - doc: prepare markdown file for upcoming formatting/linting (Rich Trott) #​40156
• [7e58cda6e0] - doc: update tools .md files for upcoming lint/formatting (Rich Trott) #​40155
• [02a87b096c] - doc: update markdown formatting for *.md files (Rich Trott) #​40154
• [9b0e61a67f] - doc,src: update crypto/README.md (Tobias Nießen) #​40332
• [88e7bd073a] - events: allow dispatch many times without listener (MrBBot) [#​39772](ht

---

Configuration

📅 Schedule: "on the 1st through 7th day of the month" in timezone America/Los_Angeles.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[renovate]

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will ignore this upgrade and you will not receive PRs for any future 16.x releases. However, if you upgrade to 16.x manually then Renovate will reenable minor and patch updates automatically.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.