Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update node.js to v22 #2403

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

backstage-goalie[bot]
Copy link
Contributor

@backstage-goalie backstage-goalie bot commented Dec 25, 2024

This PR contains the following updates:

Package Type Update Change
node (source) engines major 18 || 20 -> 22
@types/node (source) devDependencies major 18.19.68 -> 22.12.0
@types/node (source) devDependencies minor 22.10.5 -> 22.12.0
@types/node (source) devDependencies major ^18.18.7 -> ^22.0.0
node final major 20-bookworm-slim -> 22-bookworm-slim
node final major 18-bookworm-slim -> 22-bookworm-slim

Release Notes

nodejs/node (node)

v22.13.1: 2025-01-21, Version 22.13.1 'Jod' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
  • CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
  • CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

  • CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits

v22.13.0: 2025-01-07, Version 22.13.0 'Jod' (LTS), @​ruyadorno

Compare Source

Notable Changes
Stabilize Permission Model

Upgrades the Permission Model status from Active Development to Stable.

Contributed by Rafael Gonzaga #​56201

Graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable

Following the merge of Curve25519 into the Web Cryptography API Editor's Draft the Ed25519 and X25519 algorithm identifiers are now stable and will no longer emit an ExperimentalWarning upon use.

Contributed by (Filip Skokan) #​56142

Other Notable Changes
  • [05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #​54630
  • [a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #​55604
  • [ba9d5397de] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
  • [f6d0c01303] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
  • [34c68827af] - doc: move typescript support to active development (Marco Ippolito) #​55536
  • [dd14b80350] - doc: add LJHarb to collaborators (Jordan Harband) #​56132
  • [5263086169] - (SEMVER-MINOR) doc: add report version and history section (Chengzhong Wu) #​56130
  • [8cb3c2018d] - (SEMVER-MINOR) doc: sort --report-exclude alphabetically (Rafael Gonzaga) #​55788
  • [55239a48b6] - (SEMVER-MINOR) doc,lib,src,test: unflag sqlite module (Colin Ihrig) #​55890
  • [7cbe3de1d8] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
  • [6575b76042] - (SEMVER-MINOR) module: add module.stripTypeScriptTypes (Marco Ippolito) #​55282
  • [bacfe6d5c9] - (SEMVER-MINOR) net: support blocklist in net.connect (theanarkh) #​56075
  • [b47888d390] - (SEMVER-MINOR) net: support blocklist for net.Server (theanarkh) #​56079
  • [566f0a1d25] - (SEMVER-MINOR) net: add SocketAddress.parse (James M Snell) #​56076
  • [ed7eab1421] - (SEMVER-MINOR) net: add net.BlockList.isBlockList(value) (James M Snell) #​56078
  • [ea4891856d] - (SEMVER-MINOR) process: deprecate features.{ipv6,uv} and features.tls_* (René) #​55545
  • [01eb308f26] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #​56068
  • [97c38352d0] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #​56213
  • [b4041e554a] - (SEMVER-MINOR) sqlite: add StatementSync.prototype.iterate method (tpoisseau) #​54213
  • [2e3ca1bbdd] - (SEMVER-MINOR) src: add cli option to preserve env vars on diagnostic reports (Rafael Gonzaga) #​55697
  • [bcfe9c80fc] - (SEMVER-MINOR) util: add sourcemap support to getCallSites (Marco Ippolito) #​55589
Commits

v22.12.0: 2024-12-03, Version 22.12.0 'Jod' (LTS), @​ruyadorno

Compare Source

Notable Changes
require(esm) is now enabled by default

Support for loading native ES modules using require() had been available on v20.x and v22.x under the command line flag --experimental-require-module, and available by default on v23.x. In this release, it is now no longer behind a flag on v22.x.

This feature is still experimental, and we are looking for user feedback to make more final tweaks before fully stabilizing it. For this reason, on v22.x, when the Node.js instance encounters a native ES module in require() for the first time, it will emit an experimental warning unless require() comes from a path that contains node_modules. If there happens to be any regressions caused by this feature, users can report it to the Node.js issue tracker. Meanwhile this feature can also be disabled using --no-experimental-require-module as a workaround.

With this feature enabled, Node.js will no longer throw ERR_REQUIRE_ESM if require() is used to load a ES module. It can, however, throw ERR_REQUIRE_ASYNC_MODULE if the ES module being loaded or its dependencies contain top-level await. When the ES module is loaded successfully by require(), the returned object will either be a ES module namespace object similar to what's returned by import(), or what gets exported as "module.exports" in the ES module.

Users can check process.features.require_module to see whether require(esm) is enabled in the current Node.js instance. For packages, the "module-sync" exports condition can be used as a way to detect require(esm) support in the current Node.js instance and allow both require() and import to load the same native ES module. See the documentation for more details about this feature.

Contributed by Joyee Cheung in #​55085

Added resizable ArrayBuffer support in Buffer

When a Buffer is created using a resizable ArrayBuffer, the Buffer length will now correctly change as the underlying ArrayBuffer size is changed.

const ab = new ArrayBuffer(10, { maxByteLength: 20 });
const buffer = Buffer.from(ab);
console.log(buffer.byteLength); 10
ab.resize(15);
console.log(buffer.byteLength); 15
ab.resize(5);
console.log(buffer.byteLength); 5

Contributed by James Snell in #​55377

Update root certificates to NSS 3.104

This is the version of NSS that shipped in Firefox 131.0 on 2024-10-01.

Certificates added:

  • FIRMAPROFESIONAL CA ROOT-A WEB
  • TWCA CYBER Root CA
  • SecureSign Root CA12
  • SecureSign Root CA14
  • SecureSign Root CA15

Contributed by Richard Lau in #​55681

Other Notable Changes
  • [4920869935] - (SEMVER-MINOR) assert: make assertion_error use Myers diff algorithm (Giovanni Bucci) #​54862
  • [ccffd3b819] - doc: enforce strict policy to semver-major releases (Rafael Gonzaga) #​55732
  • [acc6806900] - doc: add jazelly to collaborators (Jason Zhang) #​55531
  • [88d91e8bc2] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #​55333
  • [98bfc7dce5] - (SEMVER-MINOR) http: add diagnostic channel http.client.request.created (Marco Ippolito) #​55586
  • [337f61fb25] - (SEMVER-MINOR) lib: add UV_UDP_REUSEPORT for udp (theanarkh) #​55403
  • [1628c48ad6] - (SEMVER-MINOR) net: add UV_TCP_REUSEPORT for tcp (theanarkh) #​55408
  • [457e73f4c9] - (SEMVER-MINOR) sqlite: add support for SQLite Session Extension (Bart Louwers) #​54181
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@backstage-goalie
Copy link
Contributor Author

backstage-goalie bot commented Dec 25, 2024

Changed Packages

Package Name Package Path Changeset Bump Current Version
backend workspaces/acr/packages/backend none v0.0.0
@backstage-community/plugin-acr workspaces/acr/plugins/acr patch v1.10.0
@backstage-community/plugin-analytics-module-matomo workspaces/analytics/plugins/analytics-module-matomo patch v1.10.0
@backstage-community/plugin-analytics-provider-segment workspaces/analytics/plugins/analytics-provider-segment patch v1.11.0
@backstage-community/plugin-announcements workspaces/announcements/plugins/announcements patch v0.1.6
@backstage-community/plugin-jfrog-artifactory workspaces/jfrog-artifactory/plugins/jfrog-artifactory patch v1.11.0
@backstage-community/plugin-kiali workspaces/kiali/plugins/kiali patch v1.36.2
@backstage-community/plugin-nexus-repository-manager workspaces/nexus-repository-manager/plugins/nexus-repository-manager patch v1.10.9
@backstage-community/plugin-ocm workspaces/ocm/plugins/ocm patch v5.2.6
@backstage-community/plugin-quay workspaces/quay/plugins/quay patch v1.16.0
@backstage-community/plugin-rbac-backend workspaces/rbac/plugins/rbac-backend patch v5.3.1
@backstage-community/plugin-rbac workspaces/rbac/plugins/rbac patch v1.34.0
app workspaces/redhat-argocd/packages/app none v0.0.9
@backstage-community/plugin-tekton workspaces/tekton/plugins/tekton patch v3.18.0
@backstage-community/plugin-topology workspaces/topology/plugins/topology patch v1.31.0

@backstage-goalie backstage-goalie bot changed the title Update Node.js to v22 chore(deps): update node.js to v22 Dec 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant