2025-09-25, Version 24.9.0 (Current)

[github-actions]

2025-09-25, Version 24.9.0 (Current), @targos

Notable Changes

• [9b043a9096] - (SEMVER-MINOR)http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #59824
• [a6456ab90a] - (SEMVER-MINOR)sqlite: cleanup ERM support and export Session class (James M Snell) #58378
• [5563361d22] - (SEMVER-MINOR)sqlite: add tagged template (0hm☘️) #58748
• [04013ee933] - (SEMVER-MINOR)worker: add heap profile API (theanarkh) #59846

Commits

• [cbec4fd6de] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #59696
• [9a4bbdc3c5] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #59836
• [0b284d86e8] - build: add the missing macro definitions for OpenHarmony (hqzing) #59804
• [43e6e54d66] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #59809
• [039ac19154] - crypto: expose signatureAlgorithm on X509Certificate (Patrick Costa) #59235
• [647c332704] - crypto: use return await when returning Promises from async functions (Renegade334) #59841
• [8ed4587cf0] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #59841
• [bb051c56ef] - crypto: avoid calls to promise.catch() (Renegade334) #59841
• [05e560dd25] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #59955
• [fa40d3a785] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #59901
• [8c85570d18] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #59901
• [b71125664e] - deps: update undici to 7.16.0 (Node.js GitHub Bot) #59830
• [dea5dd7077] - dgram: restore buffer optimization in fixBufferList (Yoo) #59934
• [b0c1e67532] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #59910
• [0b37b594c3] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #59954
• [1e723f9c6b] - doc: fix typo in section on microtask order (Tobias Nießen) #59932
• [a28962a85c] - doc: update V8 fast API guidance (René) #58999
• [bd767c5d1b] - doc: add security escalation policy (Ulises Gascón) #59806
• [9df91e59e1] - doc: type improvement of file http.md (yusheng chen) #58189
• [e4f571680b] - doc: deprecate closing fs.Dir on garbage collection (Livia Medeiros) #59839
• [e9cb986fa5] - doc: rephrase dynamic import() description (Nam Yooseong) #59224
• [026d4e33f7] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #59851
• [2b2591db52] - esm: make hasAsyncGraph non-enumerable (Joyee Cheung) #59905
• [993f05d323] - fs,win: do not add a second trailing slash in readdir (Gerhard Stöbich) #59847
• [7aec53b607] - (SEMVER-MINOR)http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #59824
• [83ae6102e7] - http: optimize checkIsHttpToken for short strings (방진혁) #59832
• [6695067636] - http,https: handle IPv6 with proxies (Joyee Cheung) #59894
• [c5d910a0a9] - http2: fix allowHttp1+Upgrade, broken by shouldUpgradeCallback (Tim Perry) #59924
• [acada1fb82] - inspector: ensure adequate memory allocation for Binary::toBase64 (René) #59870
• [396cc8ec65] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #59687
• [fed1dac8de] - lib: update isDeepStrictEqual to support options (Miguel Marcondes Filho) #59762
• [d785929fd7] - lib: add source map support for assert messages (Chengzhong Wu) #59751
• [ff13d1d61e] - lib,src: cache ModuleWrap.hasAsyncGraph (Chengzhong Wu) #59703
• [b200cd8470] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #59751
• [e94c57301b] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #59914
• [728472a57b] - module: only put directly require-d ESM into require.cache (Joyee Cheung) #59874
• [be48760b93] - node-api: added SharedArrayBuffer api (Mert Can Altin) #59071
• [f006a14522] - node-api: make napi_delete_reference use node_api_basic_env (Jeetu Suthar) #59684
• [0f46c1c3b0] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #59857
• [3eeb7b47ea] - sqlite: fix crash session extension callbacks with workers (Bart Louwers) #59848
• [0fe53375ec] - (SEMVER-MINOR)sqlite: cleanup ERM support and export Session class (James M Snell) #58378
• [9a3e58a007] - (SEMVER-MINOR)sqlite: add tagged template (0hm☘️) #58748
• [f14ed5ab7b] - src: simplify watchdog instantiations via std::optional (Anna Henningsen) #59960
• [e330f03f84] - src: update crypto objects to use DictionaryTemplate (James M Snell) #59942
• [69b5607cf4] - src: simplify is_callable by making it a concept (Tobias Nießen) #58169
• [86150f3401] - src: rename private fields to follow naming convention (Moonki Choi) #59923
• [d17f299539] - src: use DictionaryTemplate more in URLPattern (James M Snell) #59892
• [ac784912ac] - src: reduce the nearest parent package JSON cache size (Michael Smith) #59888
• [abecdcb536] - src: replace FIXED_ONE_BYTE_STRING with Environment-cached strings (Moonki Choi) #59891
• [2bb152500b] - src: create strings in FIXED_ONE_BYTE_STRING as internalized (Anna Henningsen) #59826
• [03116a7cd8] - src: remove std::array overload of FIXED_ONE_BYTE_STRING (Anna Henningsen) #59826
• [8a5325d6e3] - src: ensure v8::Eternal is empty before setting it (Anna Henningsen) #59825
• [f0c20ccd81] - src: remove unnecessary Environment::GetCurrent() calls (Moonki Choi) #59814
• [213188e491] - stream: use new AsyncResource instead of bind (Matteo Collina) #59867
• [ce8435b003] - test: testcase demonstrating issue 59541 (Eric Rannaud) #59801
• [8f32746142] - test: guard write to proxy client if proxy connection is ended (Joyee Cheung) #59742
• [6790093fcb] - tls: load bundled and extra certificates off-thread (Joyee Cheung) #59856
• [f5d3f919d8] - tls: only do off-thread certificate loading on loading tls (Joyee Cheung) #59856
• [87bbaa23a0] - tools: fix tools/make-v8.sh for clang (Richard Lau) #59893
• [0d23fd525b] - tools: skip test-internet workflow for draft PRs (Michaël Zasso) #59817
• [e17c73731a] - tools: copyedit build-tarball.yml (Antoine du Hamel) #59808
• [97c4e1bac9] - typings: remove unused imports (Nam Yooseong) #59880
• [8b29bbca76] - url: replaced slice with at (Mikhail) #59181
• [6458867a6b] - url: add type checking to urlToHttpOptions() (simon-id) #59753
• [3c62b3886f] - util: inspect objects with throwing Symbol.toStringTag (Ruben Bridgewater) #59860
• [6133a82875] - util: fix debuglog.enabled not being present with callback logger (Ruben Bridgewater) #59858
• [9347ddddf4] - vm: explain how to share promises between contexts w/ afterEvaluate (Eric Rannaud) #59801
• [44ce971619] - vm: "afterEvaluate", evaluate() return a promise from the outer context (Eric Rannaud) #59801
• [6e586a1409] - vm: expose hasTopLevelAwait on SourceTextModule (Chengzhong Wu) #59865
• [49747a58a3] - (SEMVER-MINOR)worker: add heap profile API (theanarkh) #59846
• [b970c0bbc2] - zlib: reduce code duplication (jhofstee) #57810
• [9782ca2b1b] - zlib: implement fast path for crc32 (Gürgün Dayıoğlu) #59813

[nodejs-github-bot]

Review requested:

• @nodejs/actions
• @nodejs/crypto
• @nodejs/gyp
• @nodejs/performance
• @nodejs/security-wg
• @nodejs/tsc

[targos]

CITGM (this PR): https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/3639/
CITGM (v24.8.0): https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/3640/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/69348/

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.42%. Comparing base (f9ec1b6) to head (31c6e70).
⚠️ Report is 75 commits behind head on v24.x.

Additional details and impacted files

@@ Coverage Diff @@## v24.x #59997 +/- ## ========================================== - Coverage 90.03% 89.42% -0.61%  ========================================== Files 661 663 +2 Lines 197565 198291 +726 Branches 38614 38635 +21 ========================================== - Hits 177871 177325 -546 - Misses 12095 13291 +1196 - Partials 7599 7675 +76 

see 163 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/69361/

[targos]

@nodejs/releasers given the results in https://ci.nodejs.org/job/node-test-commit-osx/66924/#showFailuresLink and the current macOS CI issues, do you agree to release with a red macOS CI?

[targos]

Release 📦: https://ci-release.nodejs.org/job/iojs+release/11275/

[RafaelGSS]

@nodejs/releasers given the results in https://ci.nodejs.org/job/node-test-commit-osx/66924/#showFailuresLink and the current macOS CI issues, do you agree to release with a red macOS CI?

+1

Those tests have been passed on different OSX environments, so it's reasonable.

[richardlau]

@nodejs/releasers given the results in https://ci.nodejs.org/job/node-test-commit-osx/66924/#showFailuresLink and the current macOS CI issues, do you agree to release with a red macOS CI?

+1 from me

[MikeMcC399]

@targos

https://nodejs.org/download/release/latest/ is still showing Node.js 24.8.0 as latest.

Will this correct itself or should I open a separate issue?

[targos]

mmh I'm not sure. It's supposed to happen automatically quickly after the release. @nodejs/web-infra

[MikeMcC399]

@targos

It's supposed to happen automatically quickly after the release. @nodejs/web-infra

It's also my experience that it happens automatically. I don't have access to @nodejs/web-infra so I presume it's a private repo. Please let me know if I should post elsewhere, otherwise I will hang back and wait. Thanks!

[ovflowd]

Thanks for flagging, GHA runner settings changed, causing the runs to failure on promotion: https://github.com/nodejs/release-cloudflare-worker/actions/runs/18024267556

[ovflowd]

Fixed: nodejs/release-cloudflare-worker#605

[MikeMcC399]

@ovflowd Thanks for fixing! Looks good from where I am viewing as well. 🙂