chore(deps): update node.js

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
node (source)	engines	minor	>=23.4.0 -> >=23.5.0
node	stage	minor	23.4.0-alpine -> 23.5.0-alpine
node	final	minor	23.4.0-alpine -> 23.5.0-alpine
node	final	minor	23.4.0-bookworm-slim -> 23.5.0-bookworm-slim

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

nodejs/node (node)

v23.5.0: 2024-12-19, Version 23.5.0 (Current), @​aduh95

Compare Source

Notable Changes

WebCryptoAPI Ed25519 and X25519 algorithms are now stable

Following the merge of Curve25519 into the
Web Cryptography API Editor's Draft the
Ed25519 and X25519 algorithm identifiers are now stable and will no longer
emit an ExperimentalWarning upon use.

Contributed by Filip Skokan in #​56142.

On-thread hooks are back

This release introduces module.registerHooks() for registering module loader
customization hooks that are run for all modules loaded by require(), import
and functions returned by createRequire() in the same thread, which makes them
easier for CJS monkey-patchers to migrate to.

import assert from 'node:assert';
import { registerHooks, createRequire } from 'node:module';
import { writeFileSync } from 'node:fs';

writeFileSync('./bar.js', 'export const id = 123;', 'utf8');

registerHooks({
  resolve(specifier, context, nextResolve) {
    const replaced = specifier.replace('foo', 'bar');
    return nextResolve(replaced, context);
  },
  load(url, context, nextLoad) {
    const result = nextLoad(url, context);
    return {
      ...result,
      source: result.source.toString().replace('123', '456'),
    };
  },
});

// Checks that it works with require.
const require = createRequire(import.meta.url);
const required = require('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(required.id, 456);  // Replaced by load hook to 456

// Checks that it works with import.
const imported = await import('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(imported.id, 456);  // Replaced by load hook to 456

This complements the module.register() hooks - the new hooks fit better
internally and cover all corners in the module graph; whereas
module.register() previously could not cover require() while it was
on-thread, and still cannot cover createRequire() after being moved
off-thread.

They are also run in the same thread as the modules being loaded and where the
hooks are registered, which means they are easier to debug (no more
console.log() getting lost) and do not have the many deadlock issues haunting
the module.register() hooks. The new API also takes functions directly so that
it's easier for intermediate loader packages to take user options from files
that the hooks can't be aware of, like many existing CJS monkey-patchers do.

Contributed by Joyee Cheung in #​55698.

Other notable changes

• [59cae91465] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
• [72f79b44ed] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
• [b5a2c0777d] - (SEMVER-MINOR) module: add prefix-only modules to module.builtinModules (Jordan Harband) #​56185
• [9863d27566] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
• [8e780bc5ae] - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #​55698
• [65bc8e847f] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #​56068
• [0ab36e1937] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #​56213
• [efcc5d90c5] - (SEMVER-MINOR) src,lib: stabilize permission model (Rafael Gonzaga) #​56201

Commits

• [2314e4916e] - assert: make Maps be partially compared in partialDeepStrictEqual (Giovanni Bucci) #​56195
• [cfbdff7b45] - assert: make partialDeepStrictEqual work with ArrayBuffers (Giovanni Bucci) #​56098
• [f264dd6d20] - buffer: document concat zero-fill (Duncan) #​55562
• [4831b87d83] - build: set DESTCPU correctly for 'make binary' on loongarch64 (吴小白) #​56271
• [1497bb405e] - build: fix missing fp16 dependency in d8 builds (Joyee Cheung) #​56266
• [445c8c7489] - build: add major release action (Rafael Gonzaga) #​56199
• [f4faedfa69] - build: fix C string encoding for PRODUCT_DIR_ABS (Anna Henningsen) #​56111
• [6f49c8006c] - build: use variable for simdutf path (Shelley Vohr) #​56196
• [fcaa2c82a6] - build: fix GN build on macOS (Joyee Cheung) #​56141
• [08e5309f4f] - Revert "build: avoid compiling with VS v17.12" (Gerhard Stöbich) #​56151
• [c2fb38cfdf] - crypto: graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #​56142
• [8658833884] - deps: update nghttp3 to 1.6.0 (Node.js GitHub Bot) #​56258
• [7c941d4610] - deps: update simdutf to 5.6.4 (Node.js GitHub Bot) #​56255
• [4e9113eada] - deps: update libuv to 1.49.2 (Luigi Pinca) #​56224
• [db6aba12e4] - deps: update c-ares to v1.34.4 (Node.js GitHub Bot) #​56256
• [25bb462bc2] - deps: define V8_PRESERVE_MOST as no-op on Windows (Stefan Stojanovic) #​56238
• [54308c51bb] - deps: update sqlite to 3.47.2 (Node.js GitHub Bot) #​56178
• [59cae91465] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
• [52c18e605e] - doc: fix color contrast issue in light mode (Rich Trott) #​56272
• [72f79b44ed] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
• [0d08756d0c] - doc: clarify util.aborted resource usage (Kunal Kumar) #​55780
• [f94f21080b] - doc: add esm examples to node:repl (Alfredo González) #​55432
• [7a10ef88d9] - doc: add esm examples to node:readline (Alfredo González) #​55335
• [cc7a7c391b] - doc: fix 'which' to 'that' and add commas (Selveter Senitro) #​56216
• [c5b086250e] - doc: fix winget config path (Alex Yang) #​56233
• [71c38a24d4] - doc: add esm examples to node:tls (Alfredo González) #​56229
• [394fffbbde] - doc: add esm examples to node:perf_hooks (Alfredo González) #​55257
• [7b2a6ee61e] - doc: sea.getRawAsset(key) always returns an ArrayBuffer (沈鸿飞) #​56206
• [8092dcf27e] - doc: update announce documentation for releases (Rafael Gonzaga) #​56200
• [2974667815] - doc: update blog link to /vulnerability (Rafael Gonzaga) #​56198
• [f3b3ff85e0] - doc: call out import.meta is only supported in ES modules (Anton Kastritskii) #​56186
• [a9e67280e7] - doc: add ambassador message - benefits of Node.js (Michael Dawson) #​56085
• [e4922ab15f] - doc: fix incorrect link to style guide (Yuan-Ming Hsu) #​56181
• [114a3e5a05] - doc: fix c++ addon hello world sample (Edigleysson Silva (Edy)) #​56172
• [f1c2d2f65e] - doc: update blog release-post link (Ruy Adorno) #​56123
• [d48b5224c0] - doc: fix module.md headings (Chengzhong Wu) #​56131
• [4cc0493a0b] - fs: make mutating options in Callback readdir() not affect results (LiviaMedeiros) #​56057
• [8d485f1c09] - fs: make mutating options in Promises readdir() not affect results (LiviaMedeiros) #​56057
• [595851b5ed] - fs,win: fix readdir for named pipe (Hüseyin Açacak) #​56110
• [075b36b7b4] - http: add setDefaultHeaders option to http.request (Tim Perry) #​56112
• [febd969c46] - http2: remove duplicate codeblock (Vitaly Aminev) #​55915
• [b0ebd23e52] - http2: support ALPNCallback option (ZYSzys) #​56187
• [f10239fde7] - lib: remove redundant global regexps (Gürgün Dayıoğlu) #​56182
• [fd55d3cbdd] - lib: clean up persisted signals when they are settled (Edigleysson Silva (Edy)) #​56001
• [889094fdbc] - lib: handle Float16Array in node:v8 serdes (Bartek Iwańczuk) #​55996
• [5aec513207] - lib: disable default memory leak warning for AbortSignal (Lenz Weber-Tronic) #​55816
• [b5a2c0777d] - (SEMVER-MINOR) module: add prefix-only modules to module.builtinModules (Jordan Harband) #​56185
• [9863d27566] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
• [5665e86da6] - module: prevent main thread exiting before esm worker ends (Shima Ryuhei) #​56183
• [8e780bc5ae] - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #​55698
• [e5bb6c2303] - (SEMVER-MINOR) module: implement module.registerHooks() (Joyee Cheung) #​55698
• [f883bedceb] - node-api: allow napi_delete_reference in finalizers (Chengzhong Wu) #​55620
• [65bc8e847f] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #​56068
• [a6f0cfa468] - sea: only assert snapshot main function for main threads (Joyee Cheung) #​56120
• [0ab36e1937] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #​56213
• [4745798225] - sqlite: add support for custom functions (Colin Ihrig) #​55985
• [53cc0cc744] - sqlite: support db.loadExtension (Alex Yang) #​53900
• [3968599702] - src: fix outdated js2c.cc references (Chengzhong Wu) #​56133
• [efcc5d90c5] - (SEMVER-MINOR) src,lib: stabilize permission model (Rafael Gonzaga) #​56201
• [a4a83613cb] - stream: commit pull-into descriptors after filling from queue (Mattias Buelens) #​56072
• [3298ef4891] - test: remove test-sqlite-statement-sync flaky designation (Luigi Pinca) #​56051
• [1d8cc6179d] - test: use --permission over --experimental-permission (Rafael Gonzaga) #​56239
• [5d252b7a67] - test: remove exludes for sea tests on PPC (Michael Dawson) #​56217
• [8288f57724] - test: fix test-abortsignal-drop-settled-signals flakiness (Edigleysson Silva (Edy)) #​56197
• [683cc15796] - test: move localizationd data from test-icu-env to external file (Livia Medeiros) #​55618
• [a0c4a5f122] - test: update WPT for url to 6fa3fe8 (Node.js GitHub Bot) #​56136
• [a0e3926285] - test: remove hasOpenSSL3x utils (Antoine du Hamel) #​56164
• [041a49094e] - test: update streams wpt (Mattias Buelens) #​56072
• [ea9a675f56] - test_runner: exclude test files from coverage by default (Pietro Marchini) #​56060
• [118cd9998f] - tools: fix node: enforcement for docs (Antoine du Hamel) #​56284
• [c4c56daae8] - tools: update github_reporter to 1.7.2 (Node.js GitHub Bot) #​56205
• [78743b1533] - tools: add REPLACEME check to workflow (Mert Can Altin) #​56251
• [002ee71d9b] - tools: use github.actor instead of bot username for release proposals (Antoine du Hamel) #​56232
• [d25d16efeb] - Revert "tools: disable automated libuv updates" (Luigi Pinca) #​56223
• [b395e0c8c9] - tools: update gyp-next to 0.19.1 (Anna Henningsen) #​56111
• [a5aaf31c50] - tools: fix release proposal linter to support more than 1 folk preparing (Antoine du Hamel) #​56203
• [fa667d609e] - tools: remove has_absl_stringify from gyp file (Michaël Zasso) #​56157
• [65b541e70e] - tools: enable linter for tools/icu/** (Livia Medeiros) #​56176
• [28a4b6ff58] - tools: use commit title as PR title when creating release proposal (Antoine du Hamel) #​56165
• [e20eef659f] - tools: update gyp-next to 0.19.0 (Node.js GitHub Bot) #​56158
• [efcc829085] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #​56099
• [5620b2be8a] - tools: improve release proposal PR opening (Antoine du Hamel) #​56161
• [3e17a8e78e] - util: harden more built-in classes against prototype pollution (Antoine du Hamel) #​56225
• [13815417c7] - util: fix Latin1 decoding to return string output (Mert Can Altin) #​56222
• [77397c5013] - util: do not rely on mutable Object and Function' constructor prop (Antoine du Hamel) #​56188
• [84f98e0a74] - v8,tools: expose experimental wasm revectorize feature (Yolanda-Chen) #​54896
• [8325fa5c04] - worker: fix crash when a worker joins after exit (Stephen Belanger) #​56191

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Summary by Sourcery

Build:

• Update Node.js base image to 23.5.0 for backstage, shop bff, shop ui, landing, storybook, and ui-next Dockerfiles.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR updates the Node.js engine from version 23.4.0 to 23.5.0 across multiple Dockerfiles and the shop UI package.json file.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Updated Node.js to 23.5.0	Updated the engines field in package.json to specify Node.js version 23.5.0 or later. Changed the base image in several Dockerfiles to use Node.js version 23.5.0-alpine or 23.5.0-bookworm-slim, depending on the specific Dockerfile and its requirements. These updates ensure that the application uses the latest Node.js features and security patches across all environments and build processes, maintaining consistency and improving performance and security across the application's various components and build stages, including the shop UI, BFF, and other boundaries, as well as the platform's Backstage setup. This update also affects development builders and other UI components like landing pages, Storybook, and the Next.js UI, ensuring a consistent Node.js version across the entire project's development and deployment lifecycle, from local development to production environments, and across different operating system distributions like Alpine and Bookworm Slim, catering to various deployment needs and optimization strategies. This comprehensive update ensures that all parts of the application benefit from the latest Node.js improvements and remain compatible with each other, reducing potential conflicts and simplifying maintenance in the long run. It also ensures that the application's build process remains efficient and secure by using up-to-date base images with the latest security patches and performance enhancements. This change is crucial for maintaining the application's stability, security, and performance over time, and it also simplifies future updates by ensuring a consistent foundation across all components and build stages. By updating the Node.js version in both the package.json and the Dockerfiles, the project ensures that the correct version is used consistently throughout the development and deployment process, avoiding potential version mismatches and ensuring a smooth and predictable build and runtime experience. This approach also helps to keep the project's dependencies up-to-date and secure, reducing the risk of vulnerabilities and ensuring that the application can take advantage of the latest Node.js features and performance improvements. This proactive approach to dependency management contributes to the overall health and maintainability of the project, making it easier to manage and update in the future and reducing the likelihood of encountering compatibility issues or security vulnerabilities. By updating the Node.js version across all relevant files and configurations, the project maintains a consistent and secure environment for development, testing, and deployment, ensuring that all components work together seamlessly and benefit from the latest improvements and security patches. This comprehensive update is a best practice for ensuring the long-term stability, security, and performance of the application and its supporting infrastructure, and it also simplifies future updates by establishing a consistent foundation across all parts of the project. This approach also helps to reduce technical debt and improve the overall quality and maintainability of the codebase, making it easier to manage and update in the future and reducing the likelihood of encountering compatibility issues or security vulnerabilities. By proactively updating dependencies and maintaining a consistent environment, the project can ensure its long-term health and stability, making it easier to adapt to future changes and requirements and reducing the risk of encountering unexpected issues or vulnerabilities. This comprehensive update is a best practice for ensuring the long-term stability, security, and performance of the application and its supporting infrastructure, and it also simplifies future updates by establishing a consistent foundation across all parts of the project. This approach also helps to reduce technical debt and improve the overall quality and maintainability of the codebase, making it easier to manage and update in the future and reducing the likelihood of encountering compatibility issues or security vulnerabilities. By proactively updating dependencies and maintaining a consistent environment, the project can ensure its long-term health and stability, making it easier to adapt to future changes and requirements and reducing the risk of encountering unexpected issues or vulnerabilities.	boundaries/shop/ui/package.json ops/dockerfile/boundaries/platform/backstage.Dockerfile ops/dockerfile/boundaries/shop/bff.Dockerfile ops/dockerfile/boundaries/shop/ui.Dockerfile ops/dockerfile/boundaries/ui/landing.Dockerfile ops/dockerfile/boundaries/ui/storybook.Dockerfile ops/dockerfile/boundaries/ui/ui-next.Dockerfile

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud