chore(deps): lock file maintenance backend dependencies

[ggrossetie]

This PR contains the following updates:

Package	Type	Update	Change
		lockFileMaintenance	All locks refreshed
@sentry/node (source)	dependencies	minor	~10.38 -> ~10.40.0
@sentry/profiling-node (source)	dependencies	minor	~10.38 -> ~10.40.0
node (source)	volta	minor	24.13.0 -> 24.14.0
npm (source)	volta	minor	11.9.0 -> 11.11.0

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

getsentry/sentry-javascript (@​sentry/node)

v10.40.0

Compare Source

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#​19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@​tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@​sentry/tanstackstart-react/server';
  
  export default createStart({
    requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
    functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#​19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@​sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@​sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#​18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#​19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser().
  Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
  This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
  This could also trigger alerts, depending on your set thresholds and conditions.
  We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try!
  This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
  Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#​19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#​19265)
• feat(cloudflare): Instrument async KV API (#​19404)
• feat(core): Add framework-agnostic tunnel handler (#​18892)
• feat(deno): Export logs API from Deno SDK (#​19313)
• feat(deno): Export metrics API from Deno SDK (#​19305)
• feat(deno): instrument Deno.serve with async context support (#​19230)
• feat(deps): bump babel-loader from 8.2.5 to 10.0.0 (#​19303)
• feat(deps): bump body-parser from 1.20.4 to 2.2.2 (#​19191)
• feat(deps): Bump hono from 4.11.7 to 4.11.10 (#​19440)
• feat(deps): bump qs from 6.14.1 to 6.14.2 (#​19310)
• feat(deps): bump the opentelemetry group with 4 updates (#​19425)
• feat(feedback): Add setTheme() to dynamically update feedback widget color scheme (#​19430)
• feat(nextjs): Add sourcemaps.filesToDeleteAfterUpload as a top-level option (#​19280)
• feat(node): Add ignoreConnectSpans option to postgresIntegration (#​19291)
• feat(node): Bump to latest @​fastify/otel (#​19452)
• fix: Bump bundler plugins to v5 (#​19468)
• fix: updated the codecov config (#​19350)
• fix(aws-serverless): Prevent crash in isPromiseAllSettledResult with null/undefined array elements (#​19346)
• fix(bun) Export pinoIntegration from @​sentry/node (#​17990)
• fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map (#​19336)
• fix(core): Explicitly flush log buffer in client.close() (#​19371)
• fix(core): Langgraph state graph invoke accepts null to resume (#​19374)
• fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs (#​19400)
• fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 (#​19249)
• fix(deps): Bump to latest version of each minimatch major (#​19486)
• fix(nextjs): Apply environment from options if set (#​19274)
• fix(nextjs): Don't set sentry.drop_transaction attribute on spans when skipOpenTelemetrySetup is enabled (#​19333)
• fix(nextjs): Normalize trailing slashes in App Router route parameterization (#​19365)
• fix(nextjs): Return correct lastEventId for SSR pages (#​19240)
• fix(nextjs): Set parameterized transaction name for non-transaction events (#​19316)
• fix(node-core): Align pino mechanism type with spec conventions (#​19363)
• fix(nuxt): Use options.rootDir instead of options.srcDir (#​19343)

Internal Changes

- test(nextjs): Add bun e2e test app ([#​19318](https://redirect.github.com/getsentry/sentry-javascript/pull/19318)) - test(nextjs): Deactivate canary test for cf-workers ([#​19483](https://redirect.github.com/getsentry/sentry-javascript/pull/19483)) - tests(langchain): Fix langchain v1 internal error tests ([#​19409](https://redirect.github.com/getsentry/sentry-javascript/pull/19409)) - ref(nuxt): Remove `defineNitroPlugin` wrapper ([#​19334](https://redirect.github.com/getsentry/sentry-javascript/pull/19334)) - ref(cloudflare): Move internal files and functions around ([#​19369](https://redirect.github.com/getsentry/sentry-javascript/pull/19369)) - chore: Add external contributor to CHANGELOG.md ([#​19395](https://redirect.github.com/getsentry/sentry-javascript/pull/19395)) - chore: Add github action to notify stale PRs ([#​19361](https://redirect.github.com/getsentry/sentry-javascript/pull/19361)) - chore: add oxfmt changes to blame ignore rev list ([#​19366](https://redirect.github.com/getsentry/sentry-javascript/pull/19366)) - chore: Enhance AI integration guidelines with runtime-specific placem… ([#​19296](https://redirect.github.com/getsentry/sentry-javascript/pull/19296)) - chore: Ignore `lerna.json` for prettier ([#​19288](https://redirect.github.com/getsentry/sentry-javascript/pull/19288)) - chore: migrate to oxfmt ([#​19200](https://redirect.github.com/getsentry/sentry-javascript/pull/19200)) - chore: Revert to lerna v8 ([#​19294](https://redirect.github.com/getsentry/sentry-javascript/pull/19294)) - chore: Unignore HTML files and reformat with oxfmt ([#​19311](https://redirect.github.com/getsentry/sentry-javascript/pull/19311)) - chore(ci): Adapt max turns of triage issue agent ([#​19473](https://redirect.github.com/getsentry/sentry-javascript/pull/19473)) - chore(ci): Add `environment` to triage action ([#​19375](https://redirect.github.com/getsentry/sentry-javascript/pull/19375)) - chore(ci): Add `id-token: write` permission to triage workflow ([#​19381](https://redirect.github.com/getsentry/sentry-javascript/pull/19381)) - chore(ci): Move monorepo to nx ([#​19325](https://redirect.github.com/getsentry/sentry-javascript/pull/19325)) - chore(cursor): Add rules for fetching develop docs ([#​19377](https://redirect.github.com/getsentry/sentry-javascript/pull/19377)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2 ([#​19441](https://redirect.github.com/getsentry/sentry-javascript/pull/19441)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2-kit-tracing ([#​19446](https://redirect.github.com/getsentry/sentry-javascript/pull/19446)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages ([#​19462](https://redirect.github.com/getsentry/sentry-javascript/pull/19462)) - chore(deps-dev): Bump @​sveltejs/kit from 2.50.1 to 2.52.2 ([#​19442](https://redirect.github.com/getsentry/sentry-javascript/pull/19442)) - chore(deps-dev): bump @​testing-library/react from 13.0.0 to 15.0.5 ([#​19194](https://redirect.github.com/getsentry/sentry-javascript/pull/19194)) - chore(deps-dev): bump @​types/ember__debug from 3.16.5 to 4.0.8 ([#​19429](https://redirect.github.com/getsentry/sentry-javascript/pull/19429)) - chore(deps-dev): bump ember-resolver from 13.0.2 to 13.1.1 ([#​19301](https://redirect.github.com/getsentry/sentry-javascript/pull/19301)) - chore(deps): Bump @​actions/glob from 0.4.0 to 0.6.1 ([#​19427](https://redirect.github.com/getsentry/sentry-javascript/pull/19427)) - chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp ([#​19326](https://redirect.github.com/getsentry/sentry-javascript/pull/19326)) - chore(deps): Bump hono from 4.11.7 to 4.11.10 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#​19438](https://redirect.github.com/getsentry/sentry-javascript/pull/19438)) - chore(deps): Bump Sentry CLI to latest v2 ([#​19477](https://redirect.github.com/getsentry/sentry-javascript/pull/19477)) - chore(deps): Bump transitive dep `fast-xml-parser` ([#​19433](https://redirect.github.com/getsentry/sentry-javascript/pull/19433)) - chore(deps): upgrade tar to 7.5.9 to fix CVE-2026-26960 ([#​19445](https://redirect.github.com/getsentry/sentry-javascript/pull/19445)) - chore(github): Add `allowedTools` to Claude GitHub action ([#​19386](https://redirect.github.com/getsentry/sentry-javascript/pull/19386)) - chore(github): Add workflow to trigger `triage-issue` skill ([#​19358](https://redirect.github.com/getsentry/sentry-javascript/pull/19358)) - chore(github): Add write tool for markdown report ([#​19387](https://redirect.github.com/getsentry/sentry-javascript/pull/19387)) - chore(github): Change tool permission path ([#​19389](https://redirect.github.com/getsentry/sentry-javascript/pull/19389)) - chore(llm): Add `triage-issue` skill ([#​19356](https://redirect.github.com/getsentry/sentry-javascript/pull/19356)) - chore(llm): Better defense against prompt injection in triage skill ([#​19410](https://redirect.github.com/getsentry/sentry-javascript/pull/19410)) - chore(llm): Make cross-repo search optional and remove file cleanup ([#​19401](https://redirect.github.com/getsentry/sentry-javascript/pull/19401)) - chore(node-core): Make @​sentry/opentelemetry not a peer dep in node… ([#​19308](https://redirect.github.com/getsentry/sentry-javascript/pull/19308)) - chore(repo): Allow WebFetch for Sentry docs in Claude settings ([#​18890](https://redirect.github.com/getsentry/sentry-javascript/pull/18890)) - chore(repo): Increase number of concurrently running nx tasks ([#​19443](https://redirect.github.com/getsentry/sentry-javascript/pull/19443)) - chore(skills): Add security notes for injection defense ([#​19379](https://redirect.github.com/getsentry/sentry-javascript/pull/19379)) - chore(triage-action): Fix JSON parsing ([#​19471](https://redirect.github.com/getsentry/sentry-javascript/pull/19471)) - chore(triage-issue): Improve triage prompt for accuracy ([#​19454](https://redirect.github.com/getsentry/sentry-javascript/pull/19454)) - chore(triage-skill): Add GitHub parsing python util script ([#​19405](https://redirect.github.com/getsentry/sentry-javascript/pull/19405)) - chore(triage-skill): Increase `num_turns` and add script to post summary ([#​19456](https://redirect.github.com/getsentry/sentry-javascript/pull/19456)) - ci(fix-security-vulnerability): Add id token write permission ([#​19412](https://redirect.github.com/getsentry/sentry-javascript/pull/19412)) - ci(fix-security-vulnerability): Be specific about how to fetch the alert page ([#​19414](https://redirect.github.com/getsentry/sentry-javascript/pull/19414)) - ci(fix-security-vulnerability): Run fetch alert first before executing skill ([#​19418](https://redirect.github.com/getsentry/sentry-javascript/pull/19418)) - ci(fix-security-vulnerability): Use opus 4.6 ([#​19416](https://redirect.github.com/getsentry/sentry-javascript/pull/19416)) - ci(github): Add tilde to file path to not exact-match ([#​19392](https://redirect.github.com/getsentry/sentry-javascript/pull/19392)) - ci(triage-skill): Allow `Write` and remove `rm` permission ([#​19397](https://redirect.github.com/getsentry/sentry-javascript/pull/19397)) - ci(triage-skill): Run on opened issues ([#​19423](https://redirect.github.com/getsentry/sentry-javascript/pull/19423)) - docs(nuxt): Remove duplicated setup instructions ([#​19422](https://redirect.github.com/getsentry/sentry-javascript/pull/19422)) - feat(ci): Add security vulnerability skill action ([#​19355](https://redirect.github.com/getsentry/sentry-javascript/pull/19355))

Work in this release was contributed by @​LudvigHz and @​jadengis. Thank you for your contributions!

v10.39.0

Compare Source

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#​19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#​19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#​18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @​sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@​sentry/node-core/light';
  
  Sentry.init({
    dsn: '__DSN__',
  });

Other Changes

• feat(browser): Add mode option for the browser session integration (#​18997)
• feat(browser): Include culture context with events (#​19148)
• feat(browser): Trace continuation from server-timing headers (#​18673)
• feat(core,cloudflare): Enable certain fields with env variables (#​19245)
• feat(deps): bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 (#​19149)
• feat(deps): bump @​sentry/bundler-plugin-core from 4.8.0 to 4.9.0 (#​19190)
• feat(deps): Bump glob in @sentry/react-router (#​19162)
• feat(deps): bump hono from 4.11.1 to 4.11.7 (#​19068)
• feat(hono): Add base for Sentry Hono middleware (Cloudflare) (#​18787)
• feat(nextjs): Set cloudflare runtime (#​19084)
• feat(node-core): Add outgoing fetch trace propagation to light mode (#​19262)
• feat(react): Add lazyRouteManifest option to resolve lazy-route names (#​19086)
• feat(vercel-ai): Add rerank support and fix token attribute mapping (#​19144)
• fix(core): Avoid blocking the process for weightBasedFlushing (#​19174)
• fix(core): Avoid blocking the process when calling flush on empty buffer (#​19062)
• fix(core): Ensure partially set SDK metadata options are preserved (#​19102)
• fix(core): Fix truncation to only keep last message in vercel (#​19080)
• fix(core): Intercept .withResponse() to preserve OpenAI stream instrumentation (#​19122)
• fix(core): Prevent infinite recursion when event processor throws (#​19110)
• fix(core): Record client report with reason for HTTP 413 responses (#​19093)
• fix(core): Remove outdated _experiments.enableMetrics references from metrics JSDoc (#​19252)
• fix(core): Respect event.event_id in scope.captureEvent return value (#​19113)
• fix(core): use sessionId for MCP transport correlation (#​19172)
• fix(deps): Bump @nestjs/platform-express to 11.1.13 (#​19206)
• fix(deps): Bump diff to 5.2.2 (#​19228)
• fix(deps): Bump js-yaml to 3.14.2 and 4.1.1 (#​19216)
• fix(deps): Bump lodash to 4.17.23 (#​19211)
• fix(deps): Bump mdast-util-to-hast to 13.2.1 (#​19205)
• fix(deps): Bump node-forge to 1.3.2 (#​19183)
• fix(deps): Bump react-router to 6.30.3 (#​19212)
• fix(deps): Bump sinon to 21.0.1 in @sentry/ember (#​19246)
• fix(deps): Bump vite to 5.4.21 (#​19214)
• fix(nextjs): Expose an event id when captureUnderscoreErrorException captures an exception (#​19185)
• fix(nextjs): Populate SENTRY_SERVER_MODULES in Turbopack (#​19231)
• fix(node): Use snake_case for Fastify's request-handler op. (#​18729)
• fix(nuxt): Avoid logging database skip warning when debug is disabled (#​19095)
• fix(nuxt): Respect configured environment settings (#​19243)
• fix(profiling-node): 137 ABI should not be pruned for node 24 (#​19236)
• fix(replay): Improve error messages when compression worker fails to load (#​19008)
• fix(svelte): Bump svelte dev dependency to 3.59.2 (#​19208)
• fix(sveltekit): Detect used adapter via svelte.config.js (#​19270)
• fix(tanstackstart-react): Use auto.middleware.tanstackstart as middleware trace origin (#​19137)
• ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#​19254)
• ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#​19258)
• ref(sveltekit): Use untrack to read route id without invalidation (#​19272)

Internal Changes

• chore: Add cursor rules for AI integrations contributions (#​19167)
• chore: Add Makefiles for dev-packages to make it convenient to run tests (#​19203)
• chore: bump prettier to 3.8 (#​19198)
• chore(bugbot): Add rule to flag not-unref'd timers (#​19082)
• chore(deps-dev): bump @​sveltejs/kit from 2.49.5 to 2.50.1 (#​19089)
• chore(deps-dev): bump ts-node from 10.9.1 to 10.9.2 (#​19189)
• chore(deps-dev): bump vite from 3.2.11 to 5.4.21 (#​19227)
• chore(deps-dev): bump webpack from 5.95.0 to 5.104.1 (#​19199)
• chore(deps-dev): bump yaml from 2.2.2 to 2.8.2 (#​19087)
• chore(deps): Bump Apollo Server from v3 to v5 in integration tests (#​19202)
• chore(deps): Bump express in test utils + e2e apps (#​19159)
• chore(deps): Bump Lerna to v9 (#​19244)
• chore(deps): Bump mongoose in integration tests (#​19175)
• chore(deps): Bump solidjs to 1.9.11 to fix seroval alerts (#​19150)
• chore(deps): Bump webpack from 5.97.0 to 5.104.0 in ember-classic e2e test (#​19239)
• chore(deps): Bump webpack from 5.104.0 to 5.104.1 in ember-classic e2e test (#​19247)
• chore(e2e): Add banner to readme (#​19138)
• chore(llm): Add skill for fixing security vulnerabilities (#​19178)
• chore(node-core): Fix node-core integration test assertions (#​19219)
• ci: Ignore ticket creation for base branches other than develop/master (#​19103)
• ci(e2e): Remove nextjs-turbo canary tests (#​19118)
• ref: Removes unused eslint rule (via yarn fix) (#​19266)
• test(e2e): Bump nextjs-t3 to next 15 (#​19130)
• test(e2e): Migrate test app nextjs-turbo into nextjs-15 (#​19107)

Work in this release was contributed by @​limbonaut and @​rfoel. Thank you for your contributions!

nodejs/node (node)

v24.14.0: 2026-02-24, Version 24.14.0 'Krypton' (LTS), @​ruyadorno prepared by @​aduh95

Compare Source

Notable Changes

• [8b6d31d379] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #​61415
• [68da144b4e] - build,deps: replace cjs-module-lexer with merve (Yagiz Nizipli) #​61456
• [f3a24c76e4] - (SEMVER-MINOR) deps: add LIEF as a dependency (Joyee Cheung) #​61167
• [1948861d23] - (SEMVER-MINOR) events: repurpose events.listenerCount() to accept EventTargets (René) #​60214
• [d6f7c8d06f] - (SEMVER-MINOR) fs: add ignore option to fs.watch (Matteo Collina) #​61433
• [cb54b3ca6e] - (SEMVER-MINOR) http: add http.setGlobalProxyFromEnv() (Joyee Cheung) #​60953
• [35b1759d06] - (SEMVER-MINOR) module: allow subpath imports that start with #/ (Jan Martin) #​60864
• [2d72ea66f2] - (SEMVER-MINOR) process: preserve AsyncLocalStorage in queueMicrotask only when needed (Gürgün Dayıoğlu) #​60913
• [6f4a4f6c8e] - (SEMVER-MINOR) sea: split sea binary manipulation code (Joyee Cheung) #​61167
• [c0ceb9b065] - (SEMVER-MINOR) sqlite: enable defensive mode by default (Bart Louwers) #​61266
• [33d8e8303b] - (SEMVER-MINOR) sqlite: add sqlite prepare options args (Guilherme Araújo) #​61311
• [563ab699eb] - (SEMVER-MINOR) src: add initial support for ESM in embedder API (Joyee Cheung) #​61548
• [4c80031000] - (SEMVER-MINOR) stream: add bytes() method to node:stream/consumers (wantaek) #​60426
• [f5233df4ff] - (SEMVER-MINOR) stream: do not pass readable.compose() output via Readable.from() (René) #​60907
• [345a40fda3] - (SEMVER-MINOR) test: use fixture directories for sea tests (Joyee Cheung) #​61167
• [972f82411d] - (SEMVER-MINOR) test_runner: add env option to run function (Ethan Arrowood) #​61367
• [d77f98c4b6] - (SEMVER-MINOR) test_runner: support expecting a test-case to fail (Jacob Smith) #​60669
• [8e900af6ba] - (SEMVER-MINOR) util: add convertProcessSignalToExitCode utility (Erick Wendel) #​60963

Commits

• [180778fb9a] - assert: fix loose deepEqual arrays with undefined and null failing (Ruben Bridgewater) #​61587
• [8b6d31d379] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #​61415
• [83bcd38d35] - benchmark: add streaming TextDecoder benchmark (Сковорода Никита Андреевич) #​61549
• [4c105844c5] - build: add support for Visual Studio 2026 (Michaël Zasso) #​60727
• [1f84fd91d9] - build: skip sscache action on non-main branches (Joyee Cheung) #​61790
• [30601b680f] - build: add --shared-nbytes configure flag (Antoine du Hamel) #​61341
• [c6253eda49] - build: add --shared-hdr-histogram configure flag (Antoine du Hamel) #​61280
• [584c189037] - build: add --shared-gtest configure flag (Antoine du Hamel) #​61279
• [5998987881] - build: aix: deoptimize implementation-visitor.cc with --shared (Stewart X Addison) #​61550
• [68da144b4e] - build,deps: replace cjs-module-lexer with merve (Yagiz Nizipli) #​61456
• [6a4511bafb] - build,win: fix vs2022 compilation (Stefan Stojanovic) #​61530
• [2d6735db8a] - deps: upgrade npm to 11.9.0 (npm team) #​61685
• [699e2f8f81] - deps: update amaro to 1.1.7 (Node.js GitHub Bot) #​61730
• [7be76316d6] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #​61732
• [97e5a65013] - deps: update undici to 7.21.0 (Node.js GitHub Bot) #​61683
• [74e4710ee7] - deps: update googletest to 56efe39 (Node.js GitHub Bot) #​61605
• [b5113e2a2a] - deps: update amaro to 1.1.6 (Node.js GitHub Bot) #​61603
• [f3a24c76e4] - (SEMVER-MINOR) deps: add LIEF as a dependency (Joyee Cheung) #​61167
• [c370c3dc06] - (SEMVER-MINOR) deps: add tools and scripts to pull LIEF as a dependency (Joyee Cheung) #​61167
• [e54975e17d] - deps: V8: cherry-pick highway@dcc0ca1 (Richard Lau) #​61008
• [625b90b76b] - deps: update undici to 7.19.2 (Node.js GitHub Bot) #​61566
• [05e9a9fb5e] - deps: update undici to 7.19.1 (Node.js GitHub Bot) #​61514
• [3d41643e38] - deps: update undici to 7.19.0 (Node.js GitHub Bot) #​61470
• [17b363a66c] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #​61453
• [33d0a8c22d] - doc: clarify EventEmitter error handling in threat model (Matteo Collina) #​61701
• [5b8e72cf85] - doc: mention default option for test runner env (Steven) #​61659
• [f44e67fac2] - doc: fix --inspect security warning section (Tim Perry) #​61675
• [a0e09c9043] - doc: document url.format(urlString) as deprecated under DEP0169 (René) #​61644
• [5e719248fe] - doc: deprecation add more codemod (Augustin Mauroy) #​61642
• [8f5a3e5df4] - doc: fix grammatical error in README.md (ayj8201) #​61653
• [d52b535163] - doc: correct tools README Boxstarter link (Mike McCready) #​61638
• [4889dc4f59] - doc: update server.dropMaxConnection link (YuSheng Chen) #​61584
• [8e48e72f2a] - doc: clean up writing-and-running-benchmarks.md (Hardanish Singh) #​61345
• [1948861d23] - (SEMVER-MINOR) events: repurpose events.listenerCount() to accept EventTargets (René) #​60214
• [d6f7c8d06f] - (SEMVER-MINOR) fs: add ignore option to fs.watch (Matteo Collina) #​61433
• [2d7e5f9581] - http: implement slab allocation for HTTP header parsing (Mert Can Altin) #​61375
• [cb54b3ca6e] - (SEMVER-MINOR) http: add http.setGlobalProxyFromEnv() (Joyee Cheung) #​60953
• [6df8be48ce] - lib: use utf8 fast path for streaming TextDecoder (Сковорода Никита Андреевич) #​61549
• [830fff0aca] - lib: recycle queues (Robert Nagy) #​61461
• [069874bdbd] - lib: use StringPrototypeStartsWith from primordials in locks (Taejin Kim) #​61492
• [7824c7589e] - lib: unify ICU and no-ICU TextDecoder (Сковорода Никита Андреевич) #​61409
• [f81430702a] - lib: prefer call() over apply() if argument list is not array (Livia Medeiros) #​60796
• [a723f72e1e] - lib: add support for readable byte streams to .toWeb() (Hans Klunder) #​58664
• [b78d814b3d] - meta: persist sccache daemon until end of build workflows (René) #​61639
• [40a872a4b9] - meta: bump github/codeql-action from 4.31.9 to 4.32.0 (dependabot[bot]) #​61622
• [0637bdb3be] - meta: bump step-security/harden-runner from 2.14.0 to 2.14.1 (dependabot[bot]) #​61621
• [e8d9bd9fc5] - meta: bump actions/setup-python from 6.1.0 to 6.2.0 (dependabot[bot]) #​61627
• [c517df2b65] - meta: bump actions/setup-node from 6.1.0 to 6.2.0 (dependabot[bot]) #​61625
• [9a64f2f25d] - meta: bump actions/cache from 5.0.1 to 5.0.3 (dependabot[bot]) #​61624
• [0e5922e95e] - meta: bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (dependabot[bot]) #​61623
• [5da7b51091] - meta: bump actions/stale from 10.1.0 to 10.1.1 (dependabot[bot]) #​61620
• [c085c8a43f] - meta: bump actions/checkout from 6.0.1 to 6.0.2 (dependabot[bot]) #​61619
• [ce2acf0275] - meta: bump actions/download-artifact from 6.0.0 to 7.0.0 (dependabot[bot]) #​61242
• [629f0eaac5] - meta: bump actions/checkout from 6.0.0 to 6.0.1 (dependabot[bot]) #​61239
• [cd80d369c9] - meta: bump actions/upload-artifact from 5.0.0 to 6.0.0 (dependabot[bot]) #​61238
• [8c75e4e1fa] - meta: bump actions/checkout from 5.0.1 to 6.0.0 (dependabot[bot]) #​60925
• [5a9e9f4127] - meta: bump actions/checkout from 5.0.0 to 5.0.1 (dependabot[bot]) #​60767
• [1519251dd1] - module: do not invoke resolve hooks twice for imported cjs (Joyee Cheung) #​61529
• [8d7190b3fe] - module: do not wrap module._load when tracing is not enabled (Joyee Cheung) #​61479
• [35b1759d06] - (SEMVER-MINOR) module: allow subpath imports that start with #/ (Jan Martin) #​60864
• [7a83b38921] - net: defer synchronous destroy calls in internalConnect (RajeshKumar11) #​61658
• [16bab79421] - process: do not truncate long strings in --print (Mohamed Akram) #​61497
• [2d72ea66f2] - (SEMVER-MINOR) process: preserve AsyncLocalStorage in queueMicrotask only when needed (Gürgün Dayıoğlu) #​60913
• [9cc1c4604f] - repl: fix getters triggering side effects during completion (Dario Piotrowicz) #​61043
• [93703306a1] - repl: tab completion targets <class> instead of new <class> (Đỗ Trọng Hải) #​60319
• [6f4a4f6c8e] - (SEMVER-MINOR) sea: split sea binary manipulation code (Joyee Cheung) #​61167
• [46a2dad4db] - sqlite: avoid extra copy for large text binds (Ali Hassan) #​61580
• [f91a377f7e] - sqlite: use DictionaryTemplate for run() result (Mert Can Altin) #​61432
• [0e7571ae3e] - sqlite: change approach to fix segfault SQLTagStore (Bart Louwers) #​60462
• [8e8f70524a] - sqlite: reserve vectors space (Guilherme Araújo) #​61540
• [c0ceb9b065] - (SEMVER-MINOR) sqlite: enable defensive mode by default (Bart Louwers) #​61266
• [33d8e8303b] - (SEMVER-MINOR) sqlite: add sqlite prepare options args (Guilherme Araújo) #​61311
• [f0d8f37002] - src: elide heap allocation in structured clone implementation (Anna Henningsen) #​61703
• [db478c4336] - src: use simdutf for one-byte string UTF-8 write in stringBytes (Mert Can Altin) #​61696
• [563ab699eb] - (SEMVER-MINOR) src: add initial support for ESM in embedder API (Joyee Cheung) #​61548
• [da13186a15] - src: throw RangeError on failed ArrayBuffer BackingStore allocation (Chengzhong Wu) #​61480
• [4c80031000] - (SEMVER-MINOR) stream: add bytes() method to stream/consumers (wantaek) #​60426
• [f5233df4ff] - (SEMVER-MINOR) stream: do not pass readable.compose() output via Readable.from() (René) #​60907
• [ad04a469c8] - test: restraint version replacement pattern in snapshots (Chengzhong Wu) #​61748
• [2d3b4a8d65] - test: print stack immediately avoiding GC interleaving (Chengzhong Wu) #​61699
• [38f43a6d4e] - test: fix case-insensitive path matching on Windows (Matteo Collina) #​61682
• [06513f5ff2] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #​61629
• [9d79c66c61] - test: remove duplicate wpt tests (Filip Skokan) #​61617
• [eac9f4f401] - test: fix race condition in watch mode tests (Matteo Collina) #​61615
• [ecf5947575] - test: update WPT for url to e3c46fd (Node.js GitHub Bot) #​61602
• [356ff5fece] - test: use the skipIfNoWatch() utility function (Luigi Pinca) #​61531
• [4b2187aea2] - test: unify assertSnapshot common patterns (Chengzhong Wu) #​61590
• [8c25489d63] - test: split test-fs-watch-ignore-* (Luigi Pinca) #​61494
• [43b8a2b7e7] - test: add some validation for JSON doc output (Antoine du Hamel) #​61413
• [345a40fda3] - (SEMVER-MINOR) test: use fixture directories for sea tests (Joyee Cheung) #​61167
• [24cf6b8326] - test: reveal wpt evaluation errors in status files (Chengzhong Wu) #​61358
• [d4034dfb62] - test: forbid use of named imports for fixtures (Antoine du Hamel) #​61228
• [4f871ee897] - test: enforce better never-settling-promise detection (Antoine du Hamel) #​60976
• [8e9adedf02] - test: ensure assertions are reached on all tests (Antoine du Hamel) #​60845
• [273832802e] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60763
• [e06adcb52f] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60760
• [aeed0ccc02] - test: use RegExp.escape to improve test reliability (Antoine du Hamel) #​60803
• [74bcd0adab] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60728
• [407807b08e] - test: skip tests not passing without NODE_OPTIONS support (Antoine du Hamel) #​60912
• [a9e70cefb0] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60634
• [21b23cd0d0] - test_runner: fix test enqueue when test file has syntax error (Edy Silva) #​61573
• [6a4de694b2] - test_runner: fix passing expectFailure (Moshe Atlow) #​61568
• [6640de2b0f] - test_runner: differentiate todo and failure styles (Moshe Atlow) #​61564
• [972f82411d] - (SEMVER-MINOR) test_runner: add env option to run function (Ethan Arrowood) #​61367
• [d77f98c4b6] - (SEMVER-MINOR) **t

---

Configuration

📅 Schedule: Branch creation - "before 4am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[netlify]

✅ Deploy Preview for stylo-docs canceled.

Name	Link
🔨 Latest commit	fe784e5
🔍 Latest deploy log	https://app.netlify.com/projects/stylo-docs/deploys/699fb961f2369e000861ab46