Releases: nodejs/node
Releases Β· nodejs/node
2025-10-20, Version 22.21.0 'Jod' (LTS), @aduh95
Notable Changes
- [
1486fedea1] - (SEMVER-MINOR) cli: add--use-env-proxy(Joyee Cheung) #59151 - [
bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch underNODE_USE_ENV_PROXY(Joyee Cheung) #57165 - [
af8b5fa29d] - (SEMVER-MINOR) http: addshouldUpgradeCallbackto let servers control HTTP upgrades (Tim Perry) #59824 - [
42102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support inhttp/https.requestandAgent(Joyee Cheung) #58980 - [
686ac49b82] - (SEMVER-MINOR) src: add percentage support to--max-old-space-size(Asaf Federman) #59082
Commits
- [
a71dd592e3] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #59696 - [
16c4b466f4] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #59836 - [
53cb9f3b6c] - build: add the missing macro definitions for OpenHarmony (hqzing) #59804 - [
ec5290fe01] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #59809 - [
1486fedea1] - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) #59151 - [
1f93913446] - crypto: usereturn awaitwhen returning Promises from async functions (Renegade334) #59841 - [
f488b2ff73] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #59841 - [
aed9fd5ac4] - crypto: avoid calls topromise.catch()(Renegade334) #59841 - [
37c2d186f0] - deps: update amaro to 1.1.4 (pmarchini) #60044 - [
28aea13419] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #60101 - [
ddbc1aa0bb] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #60101 - [
badbba2da9] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #59955 - [
48aaf98a08] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #59901 - [
e02a562ea6] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #59901 - [
7e0e86cb92] - deps: upgrade npm to 10.9.4 (npm team) #60074 - [
91dda5facf] - deps: update undici to 6.22.0 (Matteo Collina) #60112 - [
3a3220a2f0] - dgram: restore buffer optimization in fixBufferList (Yoo) #59934 - [
09bdcce6b8] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #59910 - [
b3eeb3bd13] - doc: provide alternative tourl.parse()using WHATWG URL (Steven) #59736 - [
1ddaab1904] - doc: mention reverse proxy and include simple example (Steven) #59736 - [
3b3b71e99c] - doc: mark.envfiles support as stable (Santeri Hiltunen) #59925 - [
d37f67d1bd] - doc: remove optional title prefixes (Aviv Keller) #60087 - [
ca2dff63f9] - doc: fix typo on child_process.md (Angelo Gazzola) #60114 - [
3fca564a05] - doc: add automated migration info to deprecations (Augustin Mauroy) #60022 - [
4bc366fc16] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias NieΓen) #59954 - [
4808dbdd9a] - doc: fix typo in section on microtask order (Tobias NieΓen) #59932 - [
d6e303d645] - doc: update V8 fast API guidance (RenΓ©) #58999 - [
0a3a3f729e] - doc: add security escalation policy (Ulises GascΓ³n) #59806 - [
8fd669c70d] - doc: type improvement of filehttp.md(yusheng chen) #58189 - [
9833dc6060] - doc: rephrase dynamic import() description (Nam Yooseong) #59224 - [
2870a73681] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #59851 - [
85818db93c] - fs,win: do not add a second trailing slash in readdir (Gerhard StΓΆbich) #59847 - [
bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) #57165 - [
af8b5fa29d] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #59824 - [
758271ae66] - http: optimize checkIsHttpToken for short strings (λ°©μ§ν) #59832 - [
42102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #58980 - [
a33ed9bf96] - inspector: ensure adequate memory allocation forBinary::toBase64(RenΓ©) #59870 - [
34c686be2b] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #59687 - [
12e553529c] - lib: add source map support for assert messages (Chengzhong Wu) #59751 - [
d2a70571f8] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #59751 - [
20a9e86b5d] - meta: move Michael to emeritus (Michael Dawson) #60070 - [
c591cca15c] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #60089 - [
090ba141b1] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #60091 - [
a0ba6884a5] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #60092 - [
0feca0c541] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #60093 - [
7cd2b42d18] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (depend...
2025-10-15, Version 25.0.0 (Current), @RafaelGSS
Node.js 25 is here! We have upgraded V8 to 14.1, bringing major JSON.stringify
performance improvements, built-in Uint8Array base64/hex conversion, and ongoing
WebAssembly and JIT pipeline optimizations.
This release doubles down on secure-by-default apps and web-standard APIs: the permission
model gains --allow-net, Web Storage is enabled by default, and ErrorEvent is now a global.
Weβve also removed or finalized long-deprecated APIs such as SlowBuffer,
and added quality-of-life improvements like a portable compile cache and JSPI for WebAssembly.
Notable Changes
- [
8bc7dfd16f] - build: test on Python 3.14 release candidate 3 (Christian Clauss) #59983 - [
663554abdf] - (SEMVER-MAJOR) lib: expose global ErrorEvent (Richie Bendall) #58920 - [
3312e4e946] - (SEMVER-MAJOR) src: unflag --experimental-webstorage by default (Daniel M Brasil) #57666 - [
462c74181d] - (SEMVER-MAJOR) src,permission: add --allow-net permission (Rafael Gonzaga) #58517
Deprecations and Removals
- [
d33f4b539a] - (SEMVER-MAJOR) assert: move assert.fail with multiple arguments to eol (James M Snell) #58532 - [
b21574d63b] - (SEMVER-MAJOR) assert: move CallTracker to EOL (James M Snell) #58006 - [
308b6bc6de] - (SEMVER-MAJOR) async_hooks: moveasyncResourceproperty on bound function to EOL (James M Snell) #58618 - [
daced4ab98] - (SEMVER-MAJOR) buffer: move SlowBuffer to EOL (Filip Skokan) #58220 - [
df16f0fd8d] - (SEMVER-MAJOR) child_process: move _channel to end-of-life (James M Snell) #58527 - [
a472745958] - (SEMVER-MAJOR) crypto: runtime-deprecate default shake128/256 output lengths (Filip Skokan) #59008 - [
c3b986853c] - (SEMVER-MAJOR) crypto: move deprecated hash and mgf1Hash options to EOL (James M Snell) #58706 - [
66632648ba] - (SEMVER-MAJOR) crypto: runtime deprecate ECDH.setPublicKey() (James M Snell) #58620 - [
a5f9ca1f77] - (SEMVER-MAJOR) dns: move falsy hostname in lookup to end-of-life (James M Snell) #58619 - [
2bb7667475] - (SEMVER-MAJOR) fs: move FileHandle close on GC to EOL (James M Snell) #58536 - [
eec0302088] - (SEMVER-MAJOR) fs: move rmdir recursive option to end-of-life (James M Snell) #58616 - [
25dd206c29] - (SEMVER-MAJOR) fs: removefs.F_OK,fs.R_OK,fs.W_OK,fs.X_OK(Livia Medeiros) #55862 - [
91dadf2897] - (SEMVER-MAJOR) http: deprecate writeHeader (Sebastian Beltran) #59060 - [
4e06a648ff] - (SEMVER-MAJOR) perf_hooks: move deprecated accessors to EOF (James M Snell) #58531 - [
a3dfca90d1] - (SEMVER-MAJOR) process: move multipleResolves event to EOL (James M Snell) #58707 - [
790acc8689] - (SEMVER-MAJOR) tls: move IP-address servername deprecation to eol (James M Snell) #58533 - [
3aaa2ebe19] - (SEMVER-MAJOR) url: move bad port deprecation in legacy url to end-of-life (James M Snell) #58617
Semver-Major Commits
- [
7c9fbc15bc] - (SEMVER-MAJOR) assert,util: fail promise comparison in deep equal checks (Ruben Bridgewater) #59448 - [
11222f1a27] - (SEMVER-MAJOR) assert,util: handle invalid dates as equal in deep comparison (Ruben Bridgewater) #57627 - [
acce2e8f87] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (MichaΓ«l Zasso) #59805 - [
8a87ba031b] - (SEMVER-MAJOR) build: bump minimum Clang version to 19 (MichaΓ«l Zasso) #59048 - [
21b131e93a] - (SEMVER-MAJOR) build: reset embedder string to "-node.0" (MichaΓ«l Zasso) #58064 - [
f31c88021b] - (SEMVER-MAJOR) build: stop distributing Corepack (Antoine du Hamel) #57617 - [
b3238442d8] - (SEMVER-MAJOR) deps: patch V8 for illumos (Dan McDonald) #59805 - [
2a1da3260d] - (SEMVER-MAJOR) deps: patch V8 to avoid duplicated zlib symbol (MichaΓ«l Zasso) #54077 - [
7772a2df9d] - (SEMVER-MAJOR) deps: update V8 to 14.1.146.11 (MichaΓ«l Zasso) #59805 - [
6d61175db0] - (SEMVER-MAJOR) deps: V8: backport 1d3362c55396 (Shu-yu Guo) #58064 - [
974773572e] - (SEMVER-MAJOR) deps: V8: cherry-pick 4f38995c8295 (Shu-yu Guo) #58064 - [
70bfc398e9] - (SEMVER-MAJOR) deps: V8: cherry-pick 044b9b6f589d (Rezvan Mahdavi Hezaveh) #58064 - [
6bfc525cf0] - (SEMVER-MAJOR) deps: V8: cherry-pick d2ad518a0b57 (Joyee Cheung) #58064 - [
754d28e34f] - (SEMVER-MAJOR) deps: V8: revert 6d6c1e680c7b (MichaΓ«l Zasso) #58064 - [
8c508b9399] - (SEMVER-MAJOR) deps: V8: revert e3cddbedb205 (MichaΓ«l Zasso) #58064 - [
88ca8287b6] - (SEMVER-MAJOR) deps: use std::map in MSVC STL for EphemeronRememberedSet (Joyee Cheung) #58064 - [
838e2332a5] - (SEMVER-MAJOR) deps: patch V8 for illumos (Dan McDonald) #58064 - [
3522731d9a] - (SEMVER-MAJOR) deps: remove problematic comment from v8-internal (MichaΓ«l Zasso) #58064 - [
d234475a33] - (SEMVER-MAJOR) deps: define V8_PRESERVE_MOST as no-op on Windows (Stefan Stojanovic) #58064 - [
a738eb4a7f] - (SEMVER-MAJOR) deps: fix FP16 bitcasts.h (Stefan Stojanovic) #58064 - [
1744c7d991] - (SEMVER-MAJOR) deps: patch V8 to avoid duplicated zlib symbol (MichaΓ«l Zasso) #58064 - [
fff0d1554d] - (SEMVER-MAJOR) deps: update V8 to 13.7.152.9 (MichaΓ«l Zasso) #58064 - [
968e2f47c8] - (SEMVER-MAJOR) dgram: move deprecated APIs to EOL (James M Snell) #58474 - [
5623194a6b] - (SEMVER-MAJOR) doc,src,test: replace use of deprecatedGetIsolate(MichaΓ«l Zasso) [#59805](#5980...
2025-10-08, Version 24.10.0 (Current), @RafaelGSS
Notable Changes
- [
31bb476895] - (SEMVER-MINOR) console: allow per-streaminspectOptionsoption (Anna Henningsen) #60082 - [
3b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #59980 - [
18c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme AraΓΊjo) #59928
Commits
- [
e8cff3d51e] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #59872 - [
03294252ab] - benchmark: update count to n in permission startup (Bruno Rodrigues) #59872 - [
3c8a609d9b] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #59872 - [
7b2032b13e] - benchmark: adjust dgram offset-length len values (Bruno Rodrigues) #59708 - [
552d887aee] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #59708 - [
31bb476895] - (SEMVER-MINOR) console: allow per-streaminspectOptionsoption (Anna Henningsen) #60082 - [
0bf022d4c0] - console,util: improve array inspection performance (Ruben Bridgewater) #60037 - [
04d568e591] - deps: V8: cherry-pick f93055fbd5aa (Olivier FlΓΌckiger) #60105 - [
621058b3bf] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #60101 - [
81b3009fe6] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #60101 - [
dc44c9f349] - deps: upgrade npm to 11.6.1 (npm team) #60012 - [
ec0f137198] - deps: update ada to 3.3.0 (Node.js GitHub Bot) #60045 - [
f490f91874] - deps: update amaro to 1.1.4 (pmarchini) #60044 - [
de7a7cd0d7] - deps: update ada to 3.2.9 (Node.js GitHub Bot) #59987 - [
a533e5b5db] - doc: add automated migration info to deprecations (Augustin Mauroy) #60022 - [
7fb8fe4875] - doc: fix typo on child_process.md (Angelo Gazzola) #60114 - [
24c1ef9846] - doc: remove optional title prefixes (Aviv Keller) #60087 - [
08b9eb8e19] - doc: mark.envfiles support as stable (Santeri Hiltunen) #59925 - [
66d90b8063] - doc: mention reverse proxy and include simple example (Steven) #59736 - [
14aa1119cb] - doc: provide alternative tourl.parse()using WHATWG URL (Steven) #59736 - [
f9412324f6] - doc: fix typo of built-in module specifier in worker_threads (Deokjin Kim) #59992 - [
64e738a342] - doc,crypto: reorder ML-KEM in the asymmetric key types table (Filip Skokan) #60067 - [
1b25008b41] - http: improve writeEarlyHints by avoiding for-of loop (Haram Jeong) #59958 - [
35f9b6b28f] - inspector: improve batch diagnostic channel subscriptions (Chengzhong Wu) #60009 - [
3b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #59980 - [
c495e1fe57] - lib: optimize priority queue (GΓΌrgΓΌn DayΔ±oΔlu) #60039 - [
6be31fb9f3] - lib: implement passive listener behavior per spec (BCD1me) #59995 - [
c5e4aa763b] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #60090 - [
50fa1f4a76] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #60096 - [
def4ce976c] - meta: bump actions/cache from 4.2.4 to 4.3.0 (dependabot[bot]) #60095 - [
24b5abc0e9] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #60094 - [
8ccf2b0b34] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #60093 - [
78580147ef] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #60092 - [
705686b5c4] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #60091 - [
423a6bc744] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #60089 - [
9d9bd0fb4f] - meta: move Michael to emeritus (Michael Dawson) #60070 - [
dbeee55824] - module: use sync cjs when importing cts (Marco Ippolito) #60072 - [
a722f677ac] - perf_hooks: fix histogram fast call signatures (Renegade334) #59600 - [
b3295b8353] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #60103 - [
cff4a7608a] - process: fix defaultenvforprocess.execve(Richard Lau) #60029 - [
cd034e927f] - process: fix hrtime fast call signatures (Renegade334) #59600 - [
18c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme AraΓΊjo) #59928 - [
d949222043] - sqlite: replaceToLocalCheckedand improve filter error handling (Edy Silva) #60028 - [
6417dc879e] - src: bring permissions macros in line with general C/C++ standards (Anna Henningsen) #60053 - [
e273c2020c] - src: update contextify to use DictionaryTemplate (James M Snell) #60059 - [
5f9ff60664] - src: removeAnalyzeTemporaryDtorsoption from .clang-tidy (iknoom) #60008 - [
9db54adccc] - src: update cares_wrap to use DictionaryTemplates (James M Snell) #60033 - [
fc0ceb7b82] - src: correct the error handling in StatementExecutionHelper (James M Snell) #60040 - [[
3e8fdc1d8d]...
2025-09-25, Version 24.9.0 (Current), @targos
Notable Changes
- [
9b043a9096] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #59824 - [
a6456ab90a] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #58378 - [
5563361d22] - (SEMVER-MINOR) sqlite: add tagged template (0hmβοΈ) #58748 - [
04013ee933] - (SEMVER-MINOR) worker: add heap profile API (theanarkh) #59846
Commits
- [
cbec4fd6de] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #59696 - [
9a4bbdc3c5] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #59836 - [
0b284d86e8] - build: add the missing macro definitions for OpenHarmony (hqzing) #59804 - [
43e6e54d66] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #59809 - [
039ac19154] - crypto: expose signatureAlgorithm on X509Certificate (Patrick Costa) #59235 - [
647c332704] - crypto: usereturn awaitwhen returning Promises from async functions (Renegade334) #59841 - [
8ed4587cf0] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #59841 - [
bb051c56ef] - crypto: avoid calls topromise.catch()(Renegade334) #59841 - [
05e560dd25] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #59955 - [
fa40d3a785] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #59901 - [
8c85570d18] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #59901 - [
b71125664e] - deps: update undici to 7.16.0 (Node.js GitHub Bot) #59830 - [
dea5dd7077] - dgram: restore buffer optimization in fixBufferList (Yoo) #59934 - [
b0c1e67532] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #59910 - [
0b37b594c3] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias NieΓen) #59954 - [
1e723f9c6b] - doc: fix typo in section on microtask order (Tobias NieΓen) #59932 - [
a28962a85c] - doc: update V8 fast API guidance (RenΓ©) #58999 - [
bd767c5d1b] - doc: add security escalation policy (Ulises GascΓ³n) #59806 - [
9df91e59e1] - doc: type improvement of filehttp.md(yusheng chen) #58189 - [
e4f571680b] - doc: deprecate closingfs.Diron garbage collection (Livia Medeiros) #59839 - [
e9cb986fa5] - doc: rephrase dynamic import() description (Nam Yooseong) #59224 - [
026d4e33f7] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #59851 - [
2b2591db52] - esm: make hasAsyncGraph non-enumerable (Joyee Cheung) #59905 - [
993f05d323] - fs,win: do not add a second trailing slash in readdir (Gerhard StΓΆbich) #59847 - [
7aec53b607] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #59824 - [
83ae6102e7] - http: optimize checkIsHttpToken for short strings (λ°©μ§ν) #59832 - [
6695067636] - http,https: handle IPv6 with proxies (Joyee Cheung) #59894 - [
c5d910a0a9] - http2: fix allowHttp1+Upgrade, broken by shouldUpgradeCallback (Tim Perry) #59924 - [
acada1fb82] - inspector: ensure adequate memory allocation forBinary::toBase64(RenΓ©) #59870 - [
396cc8ec65] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #59687 - [
fed1dac8de] - lib: update isDeepStrictEqual to support options (Miguel Marcondes Filho) #59762 - [
d785929fd7] - lib: add source map support for assert messages (Chengzhong Wu) #59751 - [
ff13d1d61e] - lib,src: cache ModuleWrap.hasAsyncGraph (Chengzhong Wu) #59703 - [
b200cd8470] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #59751 - [
e94c57301b] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #59914 - [
728472a57b] - module: only put directly require-d ESM into require.cache (Joyee Cheung) #59874 - [
be48760b93] - node-api: added SharedArrayBuffer api (Mert Can Altin) #59071 - [
f006a14522] - node-api: make napi_delete_reference use node_api_basic_env (Jeetu Suthar) #59684 - [
0f46c1c3b0] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #59857 - [
3eeb7b47ea] - sqlite: fix crash session extension callbacks with workers (Bart Louwers) #59848 - [
0fe53375ec] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #58378 - [
9a3e58a007] - (SEMVER-MINOR) sqlite: add tagged template (0hmβοΈ) #58748 - [
f14ed5ab7b] - src: simplify watchdog instantiations viastd::optional(Anna Henningsen) #59960 - [
e330f03f84] - src: update crypto objects to use DictionaryTemplate (James M Snell) #59942 - [
69b5607cf4] - src: simplify is_callable by making it a concept (Tobias NieΓen) #58169 - [
86150f3401] - src: rename private fields to follow naming convention (Moonki Choi) #59923 - [
d17f299539] - src: use DictionaryTemplate more in URLP...
2025-09-24, Version 22.20.0 'Jod' (LTS), @richardlau
v22.20.0
This tag was signed with the committerβs verified signature.
richardlau
Richard Lau
caa20e2
This commit was signed with the committerβs verified signature.
richardlau
Richard Lau
Notable Changes
OpenSSL updated to 3.5.2
For official Node.js builds, or builds using the default build configuration, Node.js now bundles OpenSSL 3.5.2. This update allows Node.js 22.x to be supported through to the planned End-of-Life date of 2027-04-30 as the previously bundled OpenSSL 3.0.x goes out of support in September 2026.
This change does not affect third-party builds of Node.js that link to an external OpenSSL (or OpenSSL-compatible) library.
Other notable changes
- [
5b83e1e0a2] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [
34b25fd97b] - doc: stabilize --disable-sigusr1 (Rafael Gonzaga) #59707 - [
bf41218ed9] - doc: markpath.matchesGlobas stable (Aviv Keller) #59572 - [
1dbad2058f] - (SEMVER-MINOR) http: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315 - [
062e837d5f] - (SEMVER-MINOR) http2: add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455 - [
b8066611c3] - inspector: add http2 tracking support (Darshan Sen) #59611 - [
9b7dd40da8] - (SEMVER-MINOR) sea: implement execArgvExtension (Joyee Cheung) #59560 - [
48bfbd3dca] - (SEMVER-MINOR) sea: support execArgv in sea config (Joyee Cheung) #59314 - [
cf06e74076] - (SEMVER-MINOR) stream: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464 - [
62bb80c17e] - (SEMVER-MINOR) test_runner: support object property mocking (Idan Goshen) #58438 - [
9e2aa23be9] - (SEMVER-MINOR) worker: add cpu profile APIs for worker (theanarkh) #59428
Commits
- [
b7b78fd565] - assert: cap input size in myersDiff to avoid Int32Array overflow (Haram Jeong) #59578 - [
9da50a6c53] - benchmark: sqlite prevent create both tables on prepare selects (Bruno Rodrigues) #59709 - [
4c1538770e] - benchmark: calibrate config array-vs-concat (Rafael Gonzaga) #59587 - [
fc3f82d683] - benchmark: calibrate config v8/serialize.js (Rafael Gonzaga) #59586 - [
e95c9b2950] - benchmark: reduce readfile-permission-enabled config (Rafael Gonzaga) #59589 - [
e4fea38b31] - benchmark: calibrate length of util.diff (Rafael Gonzaga) #59588 - [
c5d68c4a0f] - benchmark, test: replace CRLF variable with string literal (Lee Jiho) #59466 - [
129a1d673b] - build: fix getting OpenSSL version on Windows (MichaΓ«l Zasso) #59609 - [
9f53db7162] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547 - [
3839593e07] - build: usewindows-2025runner (MichaΓ«l Zasso) #59673 - [
e430464669] - build: compile bundled uvwasi conditionally (Carlo Cabrera) #59622 - [
e2c9cab0cd] - build: do not set-mminimal-tocwithclang(Richard Lau) #59484 - [
208bc810a1] - child_process: remove unsafe array iteration (hotpineapple) #59347 - [
d74799d90c] - crypto: load system CA certificates off thread (Joyee Cheung) #59550 - [
5b83e1e0a2] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [
d289b1d1af] - deps: V8: cherry-pick e3df60f3f5ab (Chengzhong Wu) #58691 - [
cf5d91e2a6] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #59791 - [
1cf24a0445] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689 - [
8638bd3f2e] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #59335 - [
3ff4eb5b37] - deps: update amaro to 1.1.2 (Node.js GitHub Bot) #59616 - [
4d268ac034] - deps: V8: cherry-pick 7b91e3e2cbaf (Milad Fa) #59485 - [
83410eb0e3] - deps: V8: cherry-pick 59d52e311bb1 (Milad Fa) #59485 - [
5780af02cb] - deps: update amaro to 1.1.1 (Node.js GitHub Bot) #59141 - [
2986eca821] - deps: V8: cherry-pick 6b1b9bca2a8 (zhoumingtao) #59283 - [
98e399b3ea] - deps: update archs files for openssl-3.5.2 (Node.js GitHub Bot) #59371 - [
2b983a7520] - deps: upgrade openssl sources to openssl-3.5.2 (Node.js GitHub Bot) #59371 - [
7ffbb42454] - deps: update archs files for openssl-3.5.1 (Node.js GitHub Bot) #59234 - [
bd48a60a75] - deps: upgrade openssl sources to openssl-3.5.1 (Node.js GitHub Bot) #59234 - [
24762a10ca] - deps: fix OpenSSL security level at 1 (Richard Lau) #59859 - [
1233e92d10] - diagnostics_channel: revoke DEP0163 (RenΓ©) #59758 - [
34b25fd97b] - doc: stabilize --disable-sigusr1 (Rafael Gonzaga) #59707 - [
d7adf8be64] - doc: update "Type stripping in dependencies" section (Josh Kelley) #59652 - [
a1d7e4fdbf] - doc: add Miles Guicent as triager (Miles Guicent) #59562 - [
bf41218ed9] - doc: markpath.matchesGlobas stable (Aviv Keller) #59572 - [
afaa1ccb74] - doc: improve documentation for raw headers in HTTP/2 APIs (Tim Perry) #59633 - [
b95ff56102] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #59579 - [
6ff939b8d3] - doc: fix filehandle.read typo (Ruy Adorno) #59635 - [
963bfa9d6f] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #59080 - [
0e10a8ea27] - **d...
2025-09-10, Version 24.8.0 (Current), @targos
Notable Changes
HTTP/2 Network Inspection Support in Node.js
Node.js now supports inspection of HTTP/2 network calls in Chrome DevTools for Node.js.
Usage
Write a test.js script that makes HTTP/2 requests.
const http2 = require('node:http2');
const client = http2.connect('https://nghttp2.org');
const req = client.request([
':path', '/',
':method', 'GET',
]);Run it with these options:
node --inspect-wait --experimental-network-inspection test.jsOpen about:inspect on Google Chrome and click on Open dedicated DevTools for Node.
The Network tab will let you track your HTTP/2 calls.
Contributed by Darshan Sen in #59611.
Other Notable Changes
- [
7a8e2c251d] - (SEMVER-MINOR) crypto: support Ed448 and ML-DSA context parameter in node:crypto (Filip Skokan) #59570 - [
4b631be0b0] - (SEMVER-MINOR) crypto: support Ed448 and ML-DSA context parameter in Web Cryptography (Filip Skokan) #59570 - [
3e4b1e732c] - (SEMVER-MINOR) crypto: add KMAC Web Cryptography algorithms (Filip Skokan) #59647 - [
b1d28785b2] - (SEMVER-MINOR) crypto: add Argon2 Web Cryptography algorithms (Filip Skokan) #59544 - [
430691d1af] - (SEMVER-MINOR) crypto: support SLH-DSA KeyObject, sign, and verify (Filip Skokan) #59537 - [
d6d05ba397] - (SEMVER-MINOR) worker: add cpu profile APIs for worker (theanarkh) #59428
Commits
- [
d913872369] - assert: cap input size in myersDiff to avoid Int32Array overflow (Haram Jeong) #59578 - [
7bbbcf6666] - benchmark: sqlite prevent create both tables on prepare selects (Bruno Rodrigues) #59709 - [
44d7b92271] - benchmark: calibrate config array-vs-concat (Rafael Gonzaga) #59587 - [
7f347fc551] - build: fix getting OpenSSL version on Windows (MichaΓ«l Zasso) #59609 - [
4a317150d5] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547 - [
bda32af587] - build: usewindows-2025runner (MichaΓ«l Zasso) #59673 - [
a4a8ed8f6e] - build: compile bundled uvwasi conditionally (Carlo Cabrera) #59622 - [
d944a87761] - crypto: refactor subtle methods to use synchronous import (Filip Skokan) #59771 - [
7a8e2c251d] - (SEMVER-MINOR) crypto: support Ed448 and ML-DSA context parameter in node:crypto (Filip Skokan) #59570 - [
4b631be0b0] - (SEMVER-MINOR) crypto: support Ed448 and ML-DSA context parameter in Web Cryptography (Filip Skokan) #59570 - [
3e4b1e732c] - (SEMVER-MINOR) crypto: add KMAC Web Cryptography algorithms (Filip Skokan) #59647 - [
b1d28785b2] - (SEMVER-MINOR) crypto: add Argon2 Web Cryptography algorithms (Filip Skokan) #59544 - [
430691d1af] - (SEMVER-MINOR) crypto: support SLH-DSA KeyObject, sign, and verify (Filip Skokan) #59537 - [
0d1e53d935] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #59791 - [
68732cf426] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689 - [
f12c1ad961] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #59335 - [
45af6966ae] - deps: upgrade npm to 11.6.0 (npm team) #59750 - [
57617244a4] - deps: V8: cherry-pick 6b1b9bca2a8 (Xiao-Tao) #59283 - [
2e6225a747] - deps: update amaro to 1.1.2 (Node.js GitHub Bot) #59616 - [
1f7f6dfae6] - diagnostics_channel: revoke DEP0163 (RenΓ©) #59758 - [
8671a6cdb3] - doc: stabilize --disable-sigusr1 (Rafael Gonzaga) #59707 - [
583b1b255d] - doc: update OpenSSL default security level to 2 (Jeetu Suthar) #59723 - [
9b5eb6eb50] - doc: fix missing links in theerrorspage (Nam Yooseong) #59427 - [
e7bf712c57] - doc: update "Type stripping in dependencies" section (Josh Kelley) #59652 - [
96db47f91e] - doc: add Miles Guicent as triager (Miles Guicent) #59562 - [
87f829bd0c] - doc: markpath.matchesGlobas stable (Aviv Keller) #59572 - [
062b2f705e] - doc: improve documentation for raw headers in HTTP/2 APIs (Tim Perry) #59633 - [
6ab9306370] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #59579 - [
c8d6b60da6] - doc: fix quic session instance typo (jakecastelli) #59642 - [
61d0a2d1ba] - doc: fix filehandle.read typo (Ruy Adorno) #59635 - [
3276bfa0d0] - doc: update migration recomendations forutil.is**()deprecations (Augustin Mauroy) #59269 - [
11de6c7ebb] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #59080 - [
f5b6829bba] - doc,crypto: add description to the KEM and supports() methods (Filip Skokan) #59644 - [
5bfdc7ee74] - doc,crypto: cleanup unlinked and self method references webcrypto.md (Filip Skokan) #59608 - [
010458d061] - esm: populate separate cache for require(esm) in imported CJS (Joyee Cheung) #59679 - [
dbe6e63baf] - esm: fix missed renaming in ModuleJob.runSync (Joyee Cheung) #59724 - [
8eb0d9d834] - fs: fix wrong order of file names in cpSync error message (Nicholas Paun) #59775 - [
e69be5611f] - fs: fix dereference: false on cpSync (Nicholas Paun) #59681 - [
2865d2ac20] - http: unbreak keepAliveTimeoutBuffer (Robert Nagy) #59784 - [
ade1175475] - http: use cached '1.1' http version string (Robert Nagy) #59717 - [
74a09482de] - inspector: undici as shared-library shoul...
2025-09-03, Version 20.19.5 'Iron' (LTS), @marco-ippolito
v20.19.5
This tag was signed with the committerβs verified signature.
marco-ippolito
Marco Ippolito
36ee08d
This commit was signed with the committerβs verified signature.
marco-ippolito
Marco Ippolito
Notable Changes
- [
f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #58355 - [
4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308 - [
d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #58499 - [
3c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241
Commits
- [
ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #58270 - [
c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #58171 - [
d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #58867 - [
84d5c4d244] - build: search for libnode.so in multiple places (Jan StanΔk) #58213 - [
068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #58942 - [
edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #57498 - [
0473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #58628 - [
1218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #57768 - [
0e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #56655 - [
a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #57335 - [
cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #57335 - [
82c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #57180 - [
43e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #56855 - [
91282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #58566 - [
b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #58711 - [
ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #57382 - [
142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #58712 - [
fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #58144 - [
c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #57386 - [
cded8e7e77] - dns: fix parse memory leaky (theanarkh) #58973 - [
182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #58404 - [
621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #57449 - [
b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #57426 - [
f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #58355 - [
4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308 - [
530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #58911 - [
38e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #57318 - [
d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #57309 - [
d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #58499 - [
8c3bc156ed] - doc: clarifypath.isAbsoluteis not path traversal mitigation (Eric Fortis) #57073 - [
e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #56835 - [
e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #57219 - [
026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #57183 - [
3c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241 - [
ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #57076 - [
1db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #52607 - [
b73a1356ce] - doc: addmodule namespace objectlinks (Dario Piotrowicz) #57093 - [
09368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #57092 - [
2c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #57090 - [
cd8259cb4e] - doc:modules.md: fixdistancedefinition (Alexander βweejβ Jones) #57046 - [
7b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #57091 - [
14fcfc242b] - doc: add a note aboutrequire('../common')in testing documentation (Aditi) #56953 - [
bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #57028 - [
acd4d7f269] - doc: improve documentation on argument validation (Aditi) #56954 - [
4cd6b3ca73] - doc: buffer: fix typo onBuffer.copyBytesFrom(offsetoption (tpoisseau) #57015 - [
01220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #57004 - [
77a0505a32] - doc: update post sec release process (Rafael Gonzaga) #56907 - [
77dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #56539 - [
73e51407b7] - doc: remove...
Contributors
geeksilva97
Assets 2
2025-08-28, Version 22.19.0 'Jod' (LTS), @aduh95
Notable Changes
- [
8e2076a24f] - (SEMVER-MINOR) cli: addNODE_USE_SYSTEM_CA=1(Joyee Cheung) #59276 - [
e592d739c2] - (SEMVER-MINOR) cli: support${pid}placeholder in--cpu-prof-name(Haram Jeong) #59072 - [
cda1dab6e2] - (SEMVER-MINOR) crypto: addtls.setDefaultCACertificates()(Joyee Cheung) #58822 - [
1f184513e9] - (SEMVER-MINOR) dns: support max timeout (theanarkh) #58440 - [
bace73a173] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113 - [
fa9a9e9c69] - (SEMVER-MINOR) esm: unflag--experimental-wasm-modules(Guy Bedford) #57038 - [
390a9dc20b] - (SEMVER-MINOR) http: addserver.keepAliveTimeoutBufferoption (Haram Jeong) #59243 - [
c12c5343ad] - lib: docs deprecate_http_*(Sebastian Beltran) #59293 - [
f57ee3d71f] - (SEMVER-MINOR) net: updatenet.blocklistto allow file save and file management (alphaleadership) #58087 - [
035da74c31] - (SEMVER-MINOR) process: addthreadCpuUsage(Paolo Insogna) #56467 - [
8e697d1884] - (SEMVER-MINOR) zlib: add dictionary support tozstdCompressandzstdDecompress(lluisemper) #59240
Commits
- [
73aa0ae37f] - assert: change utils to use index instead of for...of (λ°©μ§ν) #59278 - [
dfe3a11eed] - benchmark: remove deprecated _extend from benchmark (Rafael Gonzaga) #59228 - [
9b9d30042a] - benchmark: add fs warmup to writefile-promises (Bruno Rodrigues) #59215 - [
a663f7f954] - benchmark: add calibrate-n script (Rafael Gonzaga) #59186 - [
1b9b5bddd6] - benchmark: adjust configuration for string-decoder bench (Rafael Gonzaga) #59187 - [
d0ac3319f9] - benchmark: add --track to benchmark (Rafael Gonzaga) #59174 - [
2044968b86] - benchmark: small lint fix on _cli.js (Rafael Gonzaga) #59172 - [
4e519934cb] - benchmark: drop misc/punycode benchmark (Rafael Gonzaga) #59171 - [
07e173d969] - benchmark: fix sqlite-is-transaction (Rafael Gonzaga) #59170 - [
8440b6177f] - benchmark: reduce N for diagnostics_channel subscribe benchmark (Arthur Angelo) #59116 - [
8615ea6db0] - buffer: cache Environment::GetCurrent to avoid repeated calls (Mert Can Altin) #59043 - [
3deb5361d2] - build: fix node_use_sqlite for GN builds (Shelley Vohr) #59017 - [
0f0ce63116] - build: remove suppressions.supp (Rafael Gonzaga) #59079 - [
b30a2117dc] - build,deps,tools: prepare to update to OpenSSL 3.5 (Richard Lau) #58100 - [
8e2076a24f] - (SEMVER-MINOR) cli: add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) #59276 - [
e592d739c2] - (SEMVER-MINOR) cli: support${pid}placeholder in --cpu-prof-name (Haram Jeong) #59072 - [
b5571047ed] - crypto: prepare webcrypto key import/export for modern algorithms (Filip Skokan) #59284 - [
cda1dab6e2] - (SEMVER-MINOR) crypto: add tls.setDefaultCACertificates() (Joyee Cheung) #58822 - [
76dab34fb7] - deps: support madvise(3C) across ALL illumos revisions (Dan McDonald) #58237 - [
19d3ed64b6] - deps: update sqlite to 3.50.4 (Node.js GitHub Bot) #59337 - [
38bafc59e0] - deps: V8: backport 493cb53691be (Chengzhong Wu) #59238 - [
e8da171cc3] - deps: update sqlite to 3.50.3 (Node.js GitHub Bot) #59132 - [
fd4ba38ab6] - deps: update googletest to 7e17b15 (Node.js GitHub Bot) #59131 - [
f71f427b95] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #59134 - [
79c5a8f4d2] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #59134 - [
0dcc84cf53] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #59133 - [
1f184513e9] - (SEMVER-MINOR) dns: support max timeout (theanarkh) #58440 - [
f64f5df80e] - doc: fix--use-system-cahistory (Joyee Cheung) #59411 - [
e22aeaa38f] - doc: add missing section forsetReturnArraysinsqlite.md(Edy Silva) #59074 - [
e44ef07235] - doc: rename x509.extKeyUsage to x509.keyUsage (Filip Skokan) #59332 - [
2c5d0aac5e] - doc: fix Pbkdf2Params hash attribute heading (Filip Skokan) #59395 - [
fde94346e5] - doc: fix missing reference links for server.keepAliveTimeoutBuffer (Lee Jiho) #59356 - [
9af8bcea58] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #59344 - [
0edf17198f] - doc: run license-builder (github-actions[bot]) #59343 - [
7f767a2e38] - doc: correct orthographyeg.βe.g.(Jacob Smith) #59329 - [
a46ed50350] - doc: clarify the need of compiler compatible with c++20 (Rafael Gonzaga) #59297 - [
212263a305] - doc: clarify release candidate stability index (Filip Skokan) #59295 - [
ce93b8b556] - doc: add WDYT to glossary (btea) #59280 - [
ebaaf2c67f] - doc: add manpage entry for --use-system-ca (Joyee Cheung) #59273 - [
43b5a21916] - doc: add path.join and path.normalize clarification (Rafael Gonzaga) #59262 - [[
409c66d328](https://github.com/nodejs/node/commit/...
2025-08-27, Version 24.7.0 (Current), @targos
Notable Changes
Post-Quantum Cryptography in node:crypto
OpenSSL 3.5 on 24.x kicked off post-quantum cryptography efforts in Node.js by
allowing use of NIST's post-quantum cryptography standards for future-proofing
applications against quantum computing threats. The following post-quantum
algorithms are now available in node:crypto:
- ML-KEM (FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard) through new
crypto.encapsulate()andcrypto.decapsulate()methods. - ML-DSA (FIPS 204, Module-Lattice-Based Digital Signature Standard) in the existing
crypto.sign()andcrypto.verify()methods.
Contributed by Filip Skokan in #59259 and #59491.
Modern Algorithms in Web Cryptography API
The second substantial extension to the Web Cryptography API
(globalThis.crypto.subtle) was recently accepted for incubation by WICG.
The following algorithms and methods from this extension are now available in
the Node.js Web Cryptography API implementation:
- AES-OCB
- ChaCha20-Poly1305
- ML-DSA
- ML-KEM
- SHA-3
- SHAKE
subtle.getPublicKey()SubtleCrypto.supports()- ... with more coming in future releases.
Contributed by Filip Skokan in #59365, #59569, #59461, and #59539.
Node.js execution argument support in single executable applications
The single executable application configuration now supports additional fields
to specify Node.js execution arguments and control how they can be extended when
the application is run.
execArgvtakes an array of strings for the execution arguments to be used.execArgvExtensiontakes one of the following values:"none": No additional execution arguments are allowed."cli": Additional execution arguments can be provided via a special command-line flag--node-options="--flag1 --flag2=value"at run time."env"(default): Additional execution arguments can be provided via theNODE_OPTIONSenvironment variable at run time.
For example, with the following configuration:
{
"main": "/path/to/bundled/script.js",
"output": "/path/to/write/the/generated/blob.blob",
"execArgv": ["--no-warnings"],
"execArgvExtension": "cli",
}If the generated single executable application is named sea, then running:
sea --node-options="--max-old-space-size=4096" user-arg1 user-arg2Would be equivalent to running:
node --no-warnings --max-old-space-size=4096 /path/to/bundled/script.js user-arg1 user-arg2Contributed by Joyee Cheung in #59314 and #59560.
Root certificates updated to NSS 3.114
Certificates added:
- TrustAsia TLS ECC Root CA
- TrustAsia TLS RSA Root CA
- SwissSign RSA TLS Root CA 2022 - 1
Certificates removed:
- GlobalSign Root CA
- Entrust.net Premium 2048 Secure Server CA
- Baltimore CyberTrust Root
- Comodo AAA Services root
- XRamp Global CA Root
- Go Daddy Class 2 CA
- Starfield Class 2 CA
Other Notable Changes
- [
d3afc63c44] - (SEMVER-MINOR) crypto: add argon2() and argon2Sync() methods (Ranieri Althoff) #50353 - [
6ae202fcdf] - (SEMVER-MINOR) http: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315 - [
dafee05358] - (SEMVER-MINOR) http2: add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455 - [
8dc6f5b696] - (SEMVER-MINOR) stream: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464
Commits
- [
0fa22cbf7c] - benchmark: calibrate config v8/serialize.js (Rafael Gonzaga) #59586 - [
f5ece45b45] - benchmark: reduce readfile-permission-enabled config (Rafael Gonzaga) #59589 - [
8ebd4f4434] - benchmark: calibrate length of util.diff (Rafael Gonzaga) #59588 - [
7dee3ffd14] - benchmark: reflect current OpenSSL in crypto key benchmarks (Filip Skokan) #59459 - [
027b861ca1] - benchmark, test: replace CRLF variable with string literal (Lee Jiho) #59466 - [
89dd770889] - build: do not set-mminimal-tocwithclang(Richard Lau) #59484 - [
e13de4542f] - child_process: remove unsafe array iteration (hotpineapple) #59347 - [
89fe63551e] - crypto: load system CA certificates off thread (Joyee Cheung) #59550 - [
152c5ef518] - (SEMVER-MINOR) crypto: add AES-OCB Web Cryptography algorithm (Filip Skokan) #59539 - [
c6c418343d] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [
18a2ee5b6c] - (SEMVER-MINOR) crypto: support ML-KEM in Web Cryptography (Filip Skokan) #59569 - [
72937e5144] - crypto: require HMAC key length with SHA-3 hashes in Web Cryptography (Filip Skokan) #59567 - [
b7383186c7] - crypto: fix subtle.getPublicKey error for secret type key inputs (Filip Skokan) #59558 - [
2d05c046db] - crypto: return cached copies from CryptoKey algorithm and usages getters (Filip Skokan) #59538 - [
207ffbeb07] - crypto: use CryptoKey internal slots in Web Cryptography (Filip Skokan) #59538 - [
4276516781] - crypto: normalize RsaHashedKeyParams publicExponent (Filip Skokan) #59538 - [
14741539a7] - (SEMVER-MINOR) crypto: support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) #59491 - [
d3afc63c44] - (SEMVER-MINOR) crypto: add argon2() and argon2Sync() methods (Ranieri Althoff) #50353 - [
4fe383e45a] - (SEMVER-MINOR) crypto: support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) #59365 - [
a95386fbf9] - (SEMVER-MINOR) crypto: subject some algorithms in Web Cryptography on BoringSSL absence (Filip Skokan) #59365 - [
3f47a2fb63] - (SEMVER-MINOR) crypto: add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) #59365 - [
6fcce9058a] - (SEMVER-MINOR) crypto: add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) #59365 - [
76cde76429] - (SEMVER-MINOR) crypto: add SHA-3 Web Cryptography digest algorithms (Filip Skokan) #59365 - [
247d017501] - (SEMVER-MINOR) crypto: add SHAKE Web Cryptography digest algorithms (Filip Skokan) #59365 - [
f4fbcca5ce] - (SEMVER-MINOR) crypto: add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) #59365 - [
a55382214f] - (SEMVER-MINOR) crypto: support ML-DSA in Web Cryptography (Filip Skokan) #59365 - [
c38988c860] - crypto: fix EVPKeyCtxPointer::publicCheck() (Tobias NieΓen) #59471 - [[
61c3bcdc56](https://github.com...
2025-08-14, Version 24.6.0 (Current), @RafaelGSS
Notable Changes
- [
471fe712b3] - (SEMVER-MINOR) cli: add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) #59276 - [
38aedfbf73] - (SEMVER-MINOR) crypto: support ML-DSA KeyObject, sign, and verify (Filip Skokan) #59259 - [
201304537e] - (SEMVER-MINOR) zlib: add dictionary support to zstdCompress and zstdDecompress (lluisemper) #59240 - [
e79c93a5d0] - (SEMVER-MINOR) http: add server.keepAliveTimeoutBuffer option (Haram Jeong) #59243 - [
c144d69efc] - lib: docs deprecate _http_* (Sebastian Beltran) #59293 - [
aeb4de55a7] - (SEMVER-MINOR) fs: port SonicBoom module to fs module as Utf8Stream (James M Snell) #58897
Commits
- [
f7484575ff] - assert: change utils to use index instead of for...of (λ°©μ§ν) #59278 - [
269cd16185] - benchmark: remove deprecated _extend from benchmark (Rafael Gonzaga) #59228 - [
848e49c20b] - benchmark: add fs warmup to writefile-promises (Bruno Rodrigues) #59215 - [
8c609be1b1] - benchmark: add calibrate-n script (Rafael Gonzaga) #59186 - [
6a3bf772d8] - build: fix node_use_sqlite for GN builds (Shelley Vohr) #59017 - [
471fe712b3] - (SEMVER-MINOR) cli: add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) #59276 - [
38aedfbf73] - (SEMVER-MINOR) crypto: support ML-DSA KeyObject, sign, and verify (Filip Skokan) #59259 - [
a312e706cf] - crypto: prepare webcrypto key import/export for modern algorithms (Filip Skokan) #59284 - [
3a7c2c3a47] - deps: update ada to 3.2.7 (Node.js GitHub Bot) #59336 - [
8d9ceeaf6a] - deps: update archs files for openssl-3.5.2 (Node.js GitHub Bot) #59371 - [
33b06df354] - deps: upgrade openssl sources to openssl-3.5.2 (Node.js GitHub Bot) #59371 - [
fa70f1af77] - deps: support madvise(3C) across ALL illumos revisions (Dan McDonald) #58237 - [
f834a6be59] - deps: update undici to 7.13.0 (Node.js GitHub Bot) #59338 - [
db2417487e] - deps: update sqlite to 3.50.4 (Node.js GitHub Bot) #59337 - [
41978adb08] - deps: V8: backport 493cb53691be (Chengzhong Wu) #59238 - [
05667991ca] - deps: V8: backport 1c3e018e7d48 (Renegade334) #58818 - [
fd61588bb4] - doc: rename x509.extKeyUsage to x509.keyUsage (Filip Skokan) #59332 - [
a271ae4360] - doc: fix Pbkdf2Params hash attribute heading (Filip Skokan) #59395 - [
72cfff165b] - doc: fix missing reference links for server.keepAliveTimeoutBuffer (Lee Jiho) #59356 - [
8341916772] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #59344 - [
e3e489706b] - doc: run license-builder (github-actions[bot]) #59343 - [
46527e8cea] - doc: correct orthographyeg.βe.g.(Jacob Smith) #59329 - [
d140c3713e] - doc: clarify the need of compiler compatible with c++20 (Rafael Gonzaga) #59297 - [
95e9cabf9d] - doc: clarify release candidate stability index (Filip Skokan) #59295 - [
a056dd36d2] - doc: add WDYT to glossary (btea) #59280 - [
1e2c52f5c4] - doc: add manpage entry for --use-system-ca (Joyee Cheung) #59273 - [
31a46fdeb4] - doc: add path.join and path.normalize clarification (Rafael Gonzaga) #59262 - [
cff3725ff9] - doc: fix typo intest/common/README.md(Yoo) #59180 - [
31a9283591] - doc: add note on process memoryUsage (fengmk2) #59026 - [
5a98bff6b8] - doc: format safely fordoc-kit(Aviv Keller) #59229 - [
95b8b7ea5c] - domain: remove deprecated API call (Alex Yang) #59339 - [
2990f178bd] - fs: fix glob TypeError on restricted dirs (Sylphy-0xd3ac) #58674 - [
e2fb4caf9c] - fs: correct error message when FileHandle is transferred (Alex Yang) #59156 - [
aeb4de55a7] - (SEMVER-MINOR) fs: port SonicBoom module to fs module as Utf8Stream (James M Snell) #58897 - [
e79c93a5d0] - (SEMVER-MINOR) http: add server.keepAliveTimeoutBuffer option (Haram Jeong) #59243 - [
0fb005a53f] - http2: set Http2Stream#sentHeaders for raw headers (Darshan Sen) #59244 - [
e055539604] - lib: add trace-sigint APIs (theanarkh) #59040 - [
d2183d860a] - lib: optimize writable stream buffer clearing (Yoo) #59406 - [
47543a7e17] - lib: handle windows reserved device names on UNC (Rafael Gonzaga) #59286 - [
c6911f0717] - lib: do not modify prototype deprecated asyncResource (RafaelGSS) #59195 - [
3c88b769bb] - lib: restructure assert to become a class (Miguel Marcondes Filho) #58253 - [
e91b54df59] - lib: handle superscript variants on windows device (Rafael Gonzaga) #59261 - [
4ee467905d] - lib: use validateString (hotpineapple) #59296 - [
c144d69efc] - lib: docs deprecate _http_* (Sebastian Beltran) #59293 - [
c89b67e681] - lib: add type names in source mapped stack traces (Chengzhong Wu) #58976 - [
5b2363be8d] - lib: prefer AsyncIteratorPrototype primordial (RenΓ©) #59097 - [
41b4f4d694] - meta: cla...