⬆️ Updates Node.js to v26

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
node (source)	engines	major	>= v8.17.0 → >= 26.2.0
node	uses-with	major	12.x → 26.2.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

nodejs/node (node)

v26.2.0: 2026-05-20, Version 26.2.0 (Current), @​aduh95

Compare Source

Notable Changes

• [189d43a193] - doc: mark stream.compose stable (Matteo Collina) #​62562
• [f858c6140e] - (SEMVER-MINOR) fs: add Temporal.Instant support to Stats and BigIntStats (Livia Medeiros) #​60789
• [0cbb3895df] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #​63155

Commits

• [9a394bab84] - benchmark: respect stream/iter broadcast backpressure (Trivikram Kamat) #​63314
• [ad98b4620b] - crypto: align verifyOneShot accepted types (Anshika Jain) #​63280
• [ba0736a847] - crypto: wire ML-DSA and ML-KEM for use when using BoringSSL (Filip Skokan) #​63255
• [5573a6a4a8] - crypto: wire ChaCha20-Poly1305 in Web Cryptography when using BoringSSL (Filip Skokan) #​63255
• [7dc563b8d6] - crypto: wire AES-KW in Web Cryptography when using BoringSSL (Filip Skokan) #​63255
• [b55e2b1f4d] - crypto: improve system certificate enumeration logic on macOS (Robo) #​62576
• [fd509a755a] - crypto: harden CryptoKey algorithm slots (Filip Skokan) #​63111
• [8657df39e7] - crypto: harden KeyObject internal slots (Filip Skokan) #​63111
• [729274e046] - crypto: reject invalid raw key imports (Filip Skokan) #​63134
• [8fc9cb9c01] - crypto: improve accuracy of SubtleCrypto.supports (Filip Skokan) #​63104
• [288065cb3f] - crypto: optimize normalizeAlgorithm dispatch hot path (Filip Skokan) #​62756
• [ecf3797d09] - debugger: disambiguate probe location binding (Joyee Cheung) #​63286
• [bdc57135fd] - debugger: add --help to node inspect and improve docs (Joyee Cheung) #​63201
• [2a6e6058e9] - deps: update undici to 8.3.0 (Node.js GitHub Bot) #​63377
• [327b927271] - deps: update corepack to 0.35.0 (Node.js GitHub Bot) #​63375
• [5828fadf52] - deps: update sqlite to 3.53.1 (Node.js GitHub Bot) #​63217
• [fe127a999b] - deps: update simdjson to 4.6.4 (Node.js GitHub Bot) #​62811
• [a34c4ea159] - deps: V8: cherry-pick 435a2cd (Matthias Liedtke) #​63136
• [ad91efcc43] - deps: cherry-pick libuv/libuv@a43e543 (Ali Hassan) #​63222
• [5ea6c3ee7e] - deps: add missing static linking targets for libffi (Paolo Insogna) #​63168
• [c1f6ba22b4] - deps: update ngtcp2 to 1.22.1 (Node.js GitHub Bot) #​62812
• [7b8767ef76] - doc: remove unsupported template type from v8.md (René) #​63410
• [b2ec1880b1] - doc: fix promise nomenclature in stream_iter.md (Antoine du Hamel) #​63406
• [cf6cbbd39d] - doc: fix article usage before vowel-sound acronyms (joao-oliveira-softtor) #​62696
• [da05065d98] - doc: remove the bi-monthly contributor spotlight section (Claudio Wunder) #​62734
• [c31f320fba] - doc: update http2's push and trailers events with rawHeaders param (YuSheng Chen) #​63259
• [f0d008439b] - doc: add Rust toolchain manual installation instructions Windows (Mike McCready) #​63367
• [68b1220fbd] - doc: remove inactive members from Triagers list (Antoine du Hamel) #​63329
• [189d43a193] - doc: mark stream.compose stable (Matteo Collina) #​62562
• [c4fb894039] - doc: fix CHANGELOG (Richard Lau) #​63292
• [9f319a77e4] - doc: reference correct function in Module docs (Robin Malfait) #​63247
• [2c13acc88e] - doc: replace Visual Studio 2022 Evergreen version reference with 17.14 (Mike McCready) #​63211
• [7e42c336c9] - doc: recommend explicitly Tier 1 or 2 for production applications (Mike McCready) #​63187
• [d99e0bb6d5] - doc: document Temporal configure flags in BUILDING.md (ChrisJr404) #​63248
• [c0ea77b305] - doc: run license-builder (github-actions[bot]) #​63232
• [8265aba0f4] - doc: add large pull requests contributing guide (Matteo Collina) #​62829
• [be241bacc8] - doc: remove unnecessary <!-- eslint- magic comments (Antoine du Hamel) #​63200
• [e0b1f092c3] - doc: fix inconsistencies in CJS code snippets (Antoine du Hamel) #​63199
• [a3feb15871] - doc: clarify SEA platform support excludes darwin-x64 (MJSHANG) #​63181
• [cafd7667fc] - doc: improve quic documentation (James M Snell) #​63157
• [3c784edb6f] - doc: update release steps when post-release fails (Rafael Gonzaga) #​63131
• [9de954e9be] - doc: fix deprecation list in 26.0.0 changelog (Antoine du Hamel) #​63147
• [20c553e456] - doc: add Hmac.digest() documentation-only deprecation (DEP0206) (Anshika Jain) #​63121
• [3494eae2c8] - doc: document the latest-vX.x schema (Marco Ippolito) #​63033
• [c02413d29d] - doc: remove list of versions in BUILDING.md (Antoine du Hamel) #​63113
• [53f9a902a1] - doc,sqlite: document entryPoint argument for loadExtension (Edy Silva) #​63152
• [f858c6140e] - (SEMVER-MINOR) fs: add Temporal.Instant support to Stats and BigIntStats (Livia Medeiros) #​60789
• [b2ba62ca0e] - fs: make Date properties on Stats enumerable (LiviaMedeiros) #​63328
• [0cbb3895df] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #​63155
• [f712e6856e] - http2: validate non-link headers in writeEarlyHints (Matteo Collina) #​62017
• [3acadae676] - lib: fix typo idenity => identity (Daijiro Wachi) #​63112
• [460329e886] - lib: fixes validator message (Daijiro Wachi) #​62823
• [9438c832b2] - lib: narrow ReadableStreamBYOBRequest.view return type to Uint8Array (RoomWithOutRoof) #​63017
• [c7d27c82c4] - lib: handle --permission-audit when propagating flags (Rafael Gonzaga) #​63047
• [9f19915276] - lib: optimize webidl conversion options (Filip Skokan) #​62756
• [771afd626a] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​63402
• [67d094a554] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​63235
• [9091398f3d] - meta: ignore AI assistants files (Matteo Collina) #​62612
• [96f19a16d0] - module: fix sync hook short-circuit in require() in imported CJS (Joyee Cheung) #​62920
• [45f3e3ef11] - node-api: support SharedArrayBuffer in napi_create_typedarray (Yilong Li) #​62710
• [d7afa617bb] - quic: send correct OpenSSL alert for ALPN mismatches (Tim Perry) #​63193
• [526313beb8] - quic: fixup quic stream variable chunk len (James M Snell) #​63230
• [1613c7fe70] - quic: support --allow-net permissions (James M Snell) #​63184
• [72ab7444a8] - quic: remove unused env_ variable in session_manager.h/cc (James M Snell) #​63177
• [2b55656778] - quic: remove unused binding variable in session.cc (James M Snell) #​63177
• [83f0d37400] - quic: ignore coverage for quic files (James M Snell) #​63149
• [7e6b77b14d] - quic: complete the internal implementation of QUIC (James M Snell) #​62876
• [71372418f1] - repl: fix dedup comparing normalized line against raw history (Daijiro Wachi) #​62886
• [20f40c2c25] - sqlite: keep source database alive during backup (Matteo Collina) #​62673
• [592f741bd0] - src: simplify OpenSSL feature gates (Filip Skokan) #​63255
• [520ab7ad40] - src: add BoringSSL EVP enumeration fallback (Filip Skokan) #​63206
• [12be49acbc] - src: support multiple versions in node.config.json (Marco Ippolito) #​63033
• [296f907585] - src: remove unused using declarations in node_task_queue (Mert Can Altin) #​63144
• [7703f11b3c] - src: skip JS callback for settled Promise.race losers (Felipe Coelho) #​62336
• [74ab710c3a] - src,sqlite: remove dead code (Edy Silva) #​63204
• [e49154f4c8] - stream: add sync iterable fast path to pipeTo (Trivikram Kamat) #​63318
• [537455e98d] - stream: fix merge handling for object-like sources (Trivikram Kamat) #​63356
• [e21b8a47f0] - stream: limit iter from sync iterable batches (Trivikram Kamat) #​63324
• [3bdb64dc67] - stream: cache minimum cursor count in broadcast (Trivikram Kamat) #​63322
• [81819add6b] - stream: remove unnecessary check (Antoine du Hamel) #​63030
• [22e3579d74] - stream: avoid retrying accepted pipeTo writes (Trivikram Kamat) #​63297
• [691915ea94] - stream: validate broadcast writer writev chunks (Trivikram Kamat) #​63300
• [253f5f4ca2] - stream: uncork fromWritable writev on chunk error (Trivikram Kamat) #​63295
• [aa6913cc4a] - stream: validate fromWritable() options before cache (Trivikram Kamat) #​63278
• [6c53ddb988] - stream: optimize single-slot push queue drain (Trivikram Kamat) #​63274
• [b568649f6f] - stream: preserve toReadableSync batch after backpressure (Trivikram Kamat) #​63276
• [cdcefd7e2f] - stream: cache minimum cursor count in share (Trivikram Kamat) #​63262
• [ba7000e4f7] - stream: minor stream/iter implementation edits (René) #​63132
• [c694999ab8] - test: disable Maglev in near-heap-limit worker test (Trivikram Kamat) #​63398
• [a6d6d51c1b] - test: deflake connection refused proxy tests (Trivikram Kamat) #​63395
• [31d89c4f59] - test: avoid repeated writes in watch helper (Trivikram Kamat) #​63386
• [6f3587c773] - test: deflake watch mode worker test (Trivikram Kamat) #​63384
• [a57aebaa73] - test: update tls/crypto behaviour expectations when using BoringSSL (Filip Skokan) #​63161
• [b871cff2db] - test: relax test-memory-usage arrayBuffers check (inoway46) #​63244
• [25189bcb95] - test: reduce flakiness of different-registry-per-thread (Antoine du Hamel) #​63244
• [5bdb1f8426] - test: fix flaky test-watch-mode-inspect timeout (Matteo Collina) #​63361
• [d57bd2bf59] - test: relax min assertion in test-performance-eventloopdelay (Marco) #​63100
• [014e1f00c1] - test: avoid flaky restart sync in debugger exceptions test (Yuya Inoue) #​62055
• [dd28ff8a80] - test: avoid initial-break wait in restart-message (inoway46) #​62060
• [e89a49a13a] - test: move FFI tests to NATIVE_SUITES (Antoine du Hamel) #​63165
• [51ef0258ba] - test: update WPT for wasm/jsapi to 288c467 (Node.js GitHub Bot) #​63136
• [c0175a9ba1] - test: use ERM to destroy sqlite database handles after tests (René) #​63076
• [83054e8aba] - test_runner: avoid hanging on incomplete v8 frames (Ali Hassan) #​62704
• [4f1426d361] - test_runner: fix hooks test context (Moshe Atlow) #​63285
• [6a4c4b7193] - test_runner: fix diagnostics channel context tracking (Moshe Atlow) #​63283
• [eba9c3481b] - test_runner: add tags option and tag-name filter (Chemi Atlow) #​63221
• [2ba124f23b] - tls: add unsupported renegotiation error (Filip Skokan) #​63161
• [7c5048495a] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #​63075
• [6c574110a7] - tools: update gyp-next to 0.22.2 (Node.js GitHub Bot) #​63374
• [f14ed762b3] - tools: add boringssl to tools/nix/openssl-matrix.nix (Filip Skokan) #​63206
• [14d3924c48] - tools: fix test426 updater (Antoine du Hamel) #​63271
• [0d017ece8d] - tools: filter V8 scripts for build toolchain (Richard Lau) #​63069
• [3859a8700e] - tools: use different branch for tool updates on staging branches (Antoine du Hamel) #​63110
• [4a32ed82bd] - tools: prevent lib code from reading KeyObject and CryptoKey accessors (Filip Skokan) #​63111

v24.16.0: 2026-05-21, Version 24.16.0 'Krypton' (LTS), @​aduh95

Compare Source

Notable Changes

• [b267f6bca3] - (SEMVER-MINOR) crypto: implement randomUUIDv7() (nabeel378) #​62553
• [ec2451b9cd] - (SEMVER-MINOR) debugger: add edit-free runtime expression probes to node inspect (Joyee Cheung) #​62713
• [9705f628d9] - (SEMVER-MINOR) fs: add signal option to fs.stat() (Mert Can Altin) #​57775
• [40ccfdecf9] - (SEMVER-MINOR) fs: expose frsize field in statfs (Jinho Jang) #​62277
• [d7188af5c9] - (SEMVER-MINOR) http: harden ClientRequest options merge (Matteo Collina) #​63082
• [aa1d8a9afc] - (SEMVER-MINOR) http: add req.signal to IncomingMessage (Akshat) #​62541
• [6f37f7e240] - (SEMVER-MINOR) stream: propagate destruction in duplexPair (Ahmed Elhor) #​61098
• [d14029be7f] - (SEMVER-MINOR) test_runner: support test order randomization (Pietro Marchini) #​61747
• [d142c584cd] - (SEMVER-MINOR) test_runner: align mock timeout api (sangwook) #​62820
• [01a9552585] - (SEMVER-MINOR) test_runner: add mock-timers support for AbortSignal.timeout (DeveloperViraj) #​60751
• [00705a459a] - (SEMVER-MINOR) util: colorize text with hex colors (Guilherme Araújo) #​61556

Commits

• [dd72df060d] - assert,util: fix stale nested cycle memo entries (Ruben Bridgewater) #​62509
• [add94f4bc3] - build: track PDL files as inputs in inspector GN build (Robo) #​62888
• [1b1eb9e334] - build: remove redundant -fuse-linker-plugin from GCC LTO flags (Daniel Lando) #​62667
• [8752b604ec] - crypto: deduplicate and canonicalize CryptoKey usages (Filip Skokan) #​62902
• [341947e7fd] - crypto: reject unintended raw key format string input (Filip Skokan) #​62974
• [28a78747fc] - crypto: remove Argon2 KDF derivation from its job setup (Filip Skokan) #​62863
• [16e8c2b54d] - crypto: fix unsigned conversion of 4-byte RSA publicExponent (DeepView Autofix) #​62839
• [eeae754a87] - crypto: reject inherited key type names (Jonathan Lopes) #​62875
• [9dd5540325] - crypto: add memory tracking for secureContext openssl objects (Mert Can Altin) #​59051
• [b267f6bca3] - (SEMVER-MINOR) crypto: implement randomUUIDv7() (nabeel378) #​62553
• [7597d204c1] - crypto: add support for Ed25519 context parameter (Filip Skokan) #​62474
• [4bf85845da] - debugger: move ProbeInspectorSession and helpers to separate files (Joyee Cheung) #​63013
• [ec2451b9cd] - (SEMVER-MINOR) debugger: add edit-free runtime expression probes to node inspect (Joyee Cheung) #​62713
• [83e98f77b7] - deps: update corepack to 0.35.0 (Node.js GitHub Bot) #​63375
• [ec8c6b939a] - deps: V8: cherry-pick 657d8de (Guy Bedford) #​62784
• [722c0c3274] - deps: update nghttp3 to 1.14.0 (Node.js GitHub Bot) #​61187
• [5304db93d3] - deps: update nghttp3 to 1.13.1 (Node.js GitHub Bot) #​60046
• [e073b3811d] - deps: update nghttp3 to 1.11.0 (James M Snell) #​59249
• [1d00313fb2] - deps: update ngtcp2 to 1.14.0 (James M Snell) #​59249
• [8b3a4fc18f] - deps: update amaro to 1.1.9 (Node.js GitHub Bot) #​63090
• [62fe0cfcd1] - deps: update llhttp to 9.4.1 (Node.js GitHub Bot) #​63045
• [137e09c8e9] - deps: update corepack to 0.34.7 (Node.js GitHub Bot) #​62810
• [14a4cb8fbc] - deps: update timezone to 2026b (Node.js GitHub Bot) #​62962
• [3e1036583a] - deps: upgrade npm to 11.13.0 (npm team) #​62898
• [01dfe5961c] - deps: cherry-pick libuv/libuv@439a54b (skooch) #​62881
• [6cd368b10c] - deps: update sqlite to 3.53.0 (Node.js GitHub Bot) #​62699
• [f218a4f553] - deps: update nbytes to 0.1.4 (Node.js GitHub Bot) #​62698
• [b47688524a] - deps: update archs files for openssl-3.5.6 (Node.js GitHub Bot) #​62629
• [d202e2d343] - deps: upgrade openssl sources to openssl-3.5.6 (Node.js GitHub Bot) #​62629
• [2faba66341] - deps: update minimatch to 10.2.5 (Node.js GitHub Bot) #​62594
• [fa46c90c5d] - deps: update googletest to d72f9c8 (Node.js GitHub Bot) #​62593
• [099ded5713] - deps: update simdjson to 4.6.1 (Node.js GitHub Bot) #​62592
• [7ce95afe96] - deps: libuv: cherry-pick aabb765 (Santiago Gimeno) #​62561
• [57ef845623] - deps: update icu to 78.3 (Node.js GitHub Bot) #​62324
• [493ac40e12] - deps: update libuv to 1.52.1 (Node.js GitHub Bot) #​61829
• [b39508b368] - deps: update undici to 7.25.0 (Node.js GitHub Bot) #​63011
• [cb67a925e9] - deps: use npm undici@​seven tag in update-undici.sh (Matteo Collina) #​62739
• [aa1e0bc28b] - doc: fix typos and inconsistencies in crypto.md and webcrypto.md (Filip Skokan) #​62828
• [f2a1735ed9] - doc: fix duplicate word "to to" in util.styleText (Daijiro Wachi) #​62917
• [b6378e215c] - doc: fix node-config-schema (Сковорода Никита Андреевич) #​61596
• [233894a9ce] - doc: fix the TypeScript Execute (tsx) project link (David Thornton) #​63093
• [5d97919f8f] - doc: correct diagnostics_channel built-in channel names (Bryan English) #​62995
• [2a9ccc927e] - doc: use mjs/cjs blocks for callbackify null reason example (Daijiro Wachi) #​62884
• [ef413b5358] - doc: fix typo in test.md (Rich Trott) #​62960
• [76f21c5070] - doc: correct typo in PR contribution instructions (Mike McCready) #​62738
• [ca02af1f7d] - doc: fix duplicate word "of of" in postMessageToThread (Daijiro Wachi) #​62917
• [46c99ed526] - doc: fix duplicate word "for for" in compile cache (Daijiro Wachi) #​62917
• [1a60851734] - doc: fix typo in dns.lookup options description (Daijiro Wachi) #​62882
• [169b5ea2ed] - doc: fix Argon2 parameter bounds (Tobias Nießen) #​62868
• [9a3a190f4e] - doc: clarify diffieHellman.generateKeys recomputes same key (Kit Dallege) #​62205
• [0fba9e87d6] - doc: remove Ayase-252 and meixg from triagger team (Antoine du Hamel) #​62841
• [9c700f3446] - doc: clarify dns.lookup() callback signature when all is true (eungi) #​62800
• [6b7280bc17] - doc: add experimental modules lifetime policy (Paolo Insogna) #​62753
• [ce47ea31c9] - doc: clarify process._debugProcess() in Permission Model (Fahad Khan) #​62537
• [ba01633757] - doc: fix typo in devcontainer guide (Rohan Santhosh Kumar) #​62687
• [70b4d5839b] - doc: clarify Backport-PR-URL metadata added automatically (Mike McCready) #​62668
• [8126d1c3eb] - doc: update WPT test runner README.md (Filip Skokan) #​62680
• [978afea4b5] - doc: fix spelling in release announcement guidance (Rohan Santhosh Kumar) #​62663
• [1684ab8ff8] - doc: note non-monotonic clock in crypto.randomUUIDv7 (nabeel378) #​62600
• [86d4f07930] - doc: update bug bounty program (Rafael Gonzaga) #​62590
• [736ed8a08f] - doc: document TransformStream transformer.cancel option (Tom Pereira) #​62566
• [938af9be01] - doc: mention test runner retry attemp is zero based (Moshe Atlow) #​62504
• [94433e450f] - doc,src,test: fix dead inspector help URL (semimikoh) #​62745
• [ddf1f01659] - esm: add ERR_REQUIRE_ESM_RACE_CONDITION (Antoine du Hamel) #​62462
• [4a506acd16] - fs: add followSymlinks option to glob (Matteo Collina) #​62695
• [f4ea495f9b] - fs: restore fs patchability in ESM loader (Joyee Cheung) #​62835
• [63c111cd60] - fs: validate position argument before length === 0 early return (Edy Silva) #​62674
• [9705f628d9] - (SEMVER-MINOR) fs: add signal option to fs.stat() (Mert Can Altin) #​57775
• [40ccfdecf9] - (SEMVER-MINOR) fs: expose frsize field in statfs (Jinho Jang) #​62277
• [717476a24e] - http: emit 'drain' on OutgoingMessage only after buffers drain (Robert Nagy) #​62936
• [d7188af5c9] - (SEMVER-MINOR) http: harden ClientRequest options merge (Matteo Collina) #​63082
• [64f15c274a] - http: fix leaked error listener on sync HTTP req create + destroy (Tim Perry) #​62872
• [5c4798d799] - http: fix no_proxy leading-dot suffix matching (Daijiro Wachi) #​62333
• [9f3bc70ae5] - http: cleanup pipeline queue (Robert Nagy) #​62534
• [aa1d8a9afc] - (SEMVER-MINOR) http: add req.signal to IncomingMessage (Akshat) #​62541
• [900dc758ff] - http2: expose writable stream state on compat response (T) #​63003
• [b3bfe35912] - inspector: coerce key and value to string in webstorage events (Ali Hassan) #​62616
• [3dc3fb6ad8] - inspector: return errors when CDP protocol event emission fails (Ryuhei Shima) #​62162
• [4f3f21bd7c] - inspector: auto collect webstorage data (Ryuhei Shima) #​62145
• [36cc04189d] - inspector: initial support storage inspection (Ryuhei Shima) #​61139
• [1718bc3b9b] - inspector: fix absolute URLs in network http (bugyaluwang) #​62955
• [97e32c7a74] - lib: avoid quadratic shift() in startup snapshot callback (Daijiro Wachi) #​62914
• [25d2e999de] - lib: harden kKeyOps lookup with null prototype (Filip Skokan) #​62877
• [37d3913c8f] - lib: short-circuit WebIDL BufferSource SAB check (Filip Skokan) #​62833
• [430c69d25f] - lib: use js-only implementation of isDataView() (René) #​62780
• [3ba0add6a0] - lib: fix lint in internal/webstreams/util.js (Filip Skokan) #​62806
• [9b95c41398] - lib: fix sequence argument handling in Blob constructor (Ms2ger) #​62179
• [314dacdbee] - lib: improve Web Cryptography key validation ordering (Filip Skokan) #​62749
• [3d18162430] - lib: reject SharedArrayBuffer in web APIs per spec (Ali Hassan) #​62632
• [ada3ce879d] - lib: defer AbortSignal.any() following (sangwook) #​62367
• [b2981ec7eb] - meta: bump actions/download-artifact from 8.0.0 to 8.0.1 (dependabot[bot]) #​62549
• [7cd20667b5] - meta: bump github/codeql-action from 4.35.1 to 4.35.3 (dependabot[bot]) #​63074
• [91a07cfe9f] - meta: bump Mozilla-Actions/sccache-action from 0.0.9 to 0.0.10 (dependabot[bot]) #​63073
• [09e17fe47c] - meta: add automation policy (Chengzhong Wu) #​62871
• [59e7fb7986] - meta: move VoltrexKeyva to emeritus (Matteo Collina) #​62895
• [1e2915cfa6] - meta: bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (dependabot[bot]) #​62845
• [0253c6e2be] - meta: bump step-security/harden-runner from 2.16.1 to 2.19.0 (dependabot[bot]) #​62844
• [f503675b86] - meta: bump actions/setup-node from 6.3.0 to 6.4.0 (dependabot[bot]) #​62842
• [5e14e4d26e] - meta: broaden stale bot (Aviv Keller) #​62658
• [795db76f87] - meta: pass release version to release worker (flakey5) #​62777
• [ef384fe39f] - meta: add QUIC to CODEOWNERS (Tim Perry) #​62652
• [67e0ac568d] - meta: move Michael to emeritus (Michael Dawson) #​62536
• [5dad616393] - meta: populate apt list for slim runner in update-openssl workflow (René) #​62628
• [a869d25d8a] - meta: bump step-security/harden-runner from 2.15.0 to 2.16.1 (dependabot[bot]) #​62550
• [769efc0403] - meta: bump actions/setup-node from 6.2.0 to 6.3.0 (dependabot[bot]) #​62548
• [73fcc2b055] - meta: bump github/codeql-action from 4.32.4 to 4.35.1 (dependabot[bot]) #​62547
• [6c001246fe] - meta: bump codecov/codecov-action from 5.5.2 to 6.0.0 (dependabot[bot]) #​62545
• [5ee40d6a03] - meta: bump actions/cache from 5.0.3 to 5.0.4 (dependabot[bot]) #​62543
• [ca16ad8a05] - meta: require DCO signoff in commit message guidelines (James M Snell) #​62510
• [db9497fc41] - meta: expand memory leak DoS criteria to all DoS (Joyee Cheung) #​62505
• [13b7d08b8d] - module: remove duplicated checks from _resolveFilename (Antoine du Hamel) #​62729
• [6b53efb53a] - module,win: fix long subpath import (Stefan Stojanovic) #​62101
• [841dfbf6fc] - node-api: update libuv ABI stability note (Chengzhong Wu) #​62789
• [01090f2aa1] - node-api: add napi_create_external_sharedarraybuffer (Ben Noordhuis) #​62623
• [87443b4355] - node-api: execute tsfn finalizer after queue drains when aborted (Kevin Eady) #​61956
• [e95570c054] - process: handle rejections only when needed (Gürgün Dayıoğlu) #​62919
• [37d49f3219] - process: optimize asyncHandledRejections by using FixedQueue (Gürgün Dayıoğlu) #​60854
• [f697c55e38] - quic: add QuicEndpoint.listening & QuicStream.destroy() and tests (Tim Perry) #​62648
• [c128942b69] - quic: fixup token verification to handle zero expiration (James M Snell) #​62620
• [abb881ec92] - quic: support multiple ALPN negotiation (James M Snell) #​62620
• [476926c2ad] - quic: apply multiple TLS context improvements and SNI support (James M Snell) #​62620
• [76d9c24b95] - quic: implement rapidhash for hashing improvements (James M Snell) #​62620
• [08726cd43d] - quic: move quic behind compile time flag (Matteo Collina) #​61444
• [ea4f19aaa7] - quic: use arena allocation for packets (James M Snell) #​62589
• [21e9239e2a] - quic: fixup linting/formatting issues (James M Snell) #​62387
• [edeed4303b] - quic: update http3 impl

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Moscow)

• Branch creation
  • "after 10pm every weekday,before 5am every weekday,every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[ghost]

🏷️ [bumpr]
Next version:v2.0.2
Changes:v2.0.1...AlexRogalskiy:renovate/node-26.x

[ghost]

🏷️ [bumpr]
Next version:v2.0.2
Changes:v2.0.1...AlexRogalskiy:renovate/node-26.x

[ghost]

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.