2025-10-28, Version 25.1.0 (Current)

[github-actions]

Notable Changes

• [4395fe14b9] - (SEMVER-MINOR)http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778
• [2e55c6ad04] - (SEMVER-MINOR)sqlite: allow setting defensive flag (Bart Louwers) #60217
• [f437204491] - (SEMVER-MINOR)src: add watch config namespace (Marco Ippolito) #60178

Commits

• [bb27766bd5] - benchmark: improve cpu.sh for safety and usability (Nam Yooseong) #60162
• [e600711c20] - benchmark: add benchmark for leaf source text modules (Joyee Cheung) #60205
• [1bbcdf9039] - benchmark: add vm.SourceTextModule benchmark (Joyee Cheung) #59396
• [22fa6bd28b] - build: ibmi follow aix visibility (SRAVANI GUNDEPALLI) #60360
• [931028400e] - build: use call command when calling python configure (Jacob Nichols) #60098
• [17fde3f3d1] - build: build v8 with -fvisibility=hidden -fvisibility-inlines-hidden (Joyee Cheung) #56290
• [04cc7aae5e] - build: remove V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE defs (Joyee Cheung) #60296
• [8a2053060d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #59956
• [fe91c0f755] - deps: update simdjson to 4.0.7 (Node.js GitHub Bot) #59883
• [aacfc0d212] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314
• [8596891a71] - deps: update inspector_protocol to af7f5a8173fdbc29f0835ec94395932e328b (Node.js GitHub Bot) #60312
• [21bcd0eb2f] - deps: V8: cherry-pick 3d0f462a17ff (Joyee Cheung) #59396
• [673558501c] - deps: update googletest to 279f847 (Node.js GitHub Bot) #60219
• [425a1879b1] - doc: mention more codemods in deprecations.md (Augustin Mauroy) #60243
• [563e1317f3] - doc: remove unnecessary statement of web storage (Deokjin Kim) #60363
• [064c8c5cfd] - doc: add missing CAA type to dns.resolveAny() & dnsPromises.resolveAny() (Jimmy Leung) #58899
• [99e357af35] - doc: use any for worker_threads.Worker 'error' event argument err (Jonas Geiler) #60300
• [8ccff0d934] - doc: update decorator documentation to reflect actual policy (Muhammad Salman Aziz) #60288
• [bac70c6ef3] - doc: document wildcard supported by tools/test.py (Joyee Cheung) #60265
• [8492bc6a88] - doc: add --heap-snapshot-on-oom to useful v8 flag (jakecastelli) #60260
• [0f0d3c0e47] - doc: fix blob.bytes() heading level (XTY) #60252
• [8c8525cf93] - doc: fix not working code example in vm docs (Artur Gawlik) #60224
• [8a6de3866c] - doc, assert: correct order of changes entries (Gerhard Stöbich) #60304
• [6bacb6555a] - doc, module: change async customization hooks to experimental (Gerhard Stöbich) #60302
• [6f3b16df16] - esm: use index-based resolution callbacks (Joyee Cheung) #59396
• [95644a432c] - http: lazy allocate cookies array (Robert Nagy) #59734
• [4395fe14b9] - (SEMVER-MINOR)http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778
• [f1aa1eaaf5] - inspector: add network payload buffer size limits (Chengzhong Wu) #60236
• [64fc625bf9] - inspector: support handshake response for websocket inspection (Shima Ryuhei) #60225
• [0ecbb806a8] - lib: fix typo in createBlobReaderStream (SeokHun) #60132
• [ffec5927fd] - meta: fix typo in test-shared workflow name (Ronit Sabhaya) #60321
• [a02897e157] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #60325
• [59223a7831] - meta: loop userland-migrations in deprecations (Chengzhong Wu) #60299
• [2d48d17696] - module: refactor and clarify async loader hook customizations (Joyee Cheung) #60278
• [be1b84fd93] - module: handle null source from async loader hooks in sync hooks (Joyee Cheung) #59929
• [063fbd87d3] - msi: fix WiX warnings (Stefan Stojanovic) #60251
• [2e55c6ad04] - (SEMVER-MINOR)sqlite: allow setting defensive flag (Bart Louwers) #60217
• [dc93d6988a] - src: fix timing of snapshot serialize callback (Joyee Cheung) #60434
• [267e1b3817] - src: add COUNT_GENERIC_USAGE utility for tests (Joyee Cheung) #60434
• [4a5d7a4c2a] - src: conditionally disable source phase imports by default (Shelley Vohr) #60364
• [f437204491] - (SEMVER-MINOR)src: add watch config namespace (Marco Ippolito) #60178
• [36837fa0f9] - src: use cached primordials_string (Sohyeon Kim) #60255
• [df8396ad37] - src: replace Environment::GetCurrent with args.GetIsolate (Sohyeon Kim) #60256
• [5dd670b2b9] - src: initial enablement of IsolateGroups (James M Snell) #60254
• [afdb362933] - src: use Utf8Value and TwoByteValue instead of V8 helpers (Anna Henningsen) #60244
• [a40e533e72] - src: add a default branch for module phase (Chengzhong Wu) #60261
• [42729f07ee] - src: stop using deprecated v8::Context::GetIsolate (Michaël Zasso) #60223
• [7a6542c205] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #60419
• [29a5855a4f] - test: ensure assertions are reachable in test/addons (Antoine du Hamel) #60142
• [12773d19c4] - test: increase debugger waitFor timeout on macOS (Chengzhong Wu) #60367
• [0b38de3e9e] - test: put helper in test-runner-output into common (Joyee Cheung) #60330
• [6de2407c44] - test: fix small compile warning in test_network_requests_buffer.cc (xiaocainiao633) #60281
• [4b23ac8613] - test: fix status when compiled without inspector (Antoine du Hamel) #60289
• [a07f32e326] - test: split test-runner-watch-mode-kill-signal (Joyee Cheung) #60298
• [30451d32d7] - test: fix incorrect calculation in test-perf-hooks.js (Joyee Cheung) #60271
• [e3c3b48f1c] - test: ignore EPIPE errors in https proxy invalid URL test (Joyee Cheung) #60269
• [405a9c4c5f] - test: parallelize test-without-async-context-frame correctly (Joyee Cheung) #60273
• [ffeebebc71] - test: make test-worker-prof more tolerant (Joyee Cheung) #60272
• [26b01bf170] - test: skip sea tests on x64 macOS (Joyee Cheung) #60250
• [8caae1a05b] - test: move sea tests into test/sea (Joyee Cheung) #60250
• [3d183e3e9f] - test,crypto: fix conditional SHA3-* skip on BoringSSL (Filip Skokan) #60379
• [e83dbcba94] - test,crypto: sha3 algorithms aren't supported with BoringSSL (Shelley Vohr) #60374
• [3d89331496] - test_runner: use module.registerHooks in module mocks (Joyee Cheung) #60326
• [377e8ce85a] - tls: avoid external memory leak on invalid protocol versions (Shelley Vohr) #60390
• [ae4858c1f6] - tools: add an option to generate lighter archives (Antoine du Hamel) #60294
• [cb615b1a2e] - tools: skip test-shared workflow for draft PRs (Michaël Zasso) #60365
• [03b034731e] - tools: disable inspector on macOS-shared to reduce flakiness (Antoine du Hamel) #60320
• [f402b4e1d1] - tools: show diff alongside the error in Nix linter (Antoine du Hamel) #60301
• [5d5c8483fb] - tools: run CI with shared libs on GHA (Antoine du Hamel) #60121
• [e8fdd8d2e8] - tools: update gyp-next to 0.20.5 (Node.js GitHub Bot) #60313
• [6e8b029a21] - tools: limit inspector protocol PR title length (Chengzhong Wu) #60324
• [a5073086c6] - tools: fix inspector_protocol updater (Chengzhong Wu) #60277
• [47fa765bff] - tools: optimize wildcard execution in tools/test.py (Joyee Cheung) #60266
• [11ebb0447d] - tools: add C++ lint rule to avoid using String::Utf8Value (Anna Henningsen) #60244
• [14f3189670] - tools: add inspector_protocol updater (Chengzhong Wu) #60245
• [ef4c596fc6] - typings: add missing properties and method in Worker (Woohyun Sung) #60257
• [09ae6fc065] - typings: add missing properties in HTTPParser (Woohyun Sung) #60257
• [9ecaf41f8e] - typings: delete undefined property in ConfigBinding (Woohyun Sung) #60257
• [4a86016e86] - util: use more defensive code when inspecting error objects (Antoine du Hamel) #60139
• [9e6d6cec59] - util: mark special properties when inspecting them (Ruben Bridgewater) #60131
• [79b2387fd9] - vm: make vm.Module.evaluate() conditionally synchronous (Joyee Cheung) #60205
• [e5559f3be3] - win: upgrade Visual Studio workload from 2019 to 2022 (Jiawen Geng) #60318

[nodejs-github-bot]

Review requested:

• @nodejs/actions
• @nodejs/build
• @nodejs/gyp
• @nodejs/performance
• @nodejs/security-wg
• @nodejs/tsc

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/69915/
CITGM (v25.x): https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/3652/
CITGM (v25.1.0-proposal): https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/3653/
📦: https://ci-release.nodejs.org/job/iojs+release/11359/

[codecov]

Codecov Report

❌ Patch coverage is 94.40628% with 57 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.58%. Comparing base (0b3a10d) to head (1da054d).
⚠️ Report is 85 commits behind head on v25.x.

Files with missing lines	Patch %	Lines
src/module_wrap.cc	73.46%	5 Missing and 8 partials ⚠️
src/node_sqlite.cc	67.64%	4 Missing and 7 partials ⚠️
lib/internal/util/inspect.js	92.23%	8 Missing ⚠️
lib/internal/test_runner/mock/mock.js	84.84%	4 Missing and 1 partial ⚠️
src/inspector/network_agent.cc	87.87%	2 Missing and 2 partials ⚠️
src/string_bytes.cc	33.33%	4 Missing ⚠️
src/api/environment.cc	80.00%	1 Missing and 1 partial ⚠️
src/node_util.cc	87.50%	0 Missing and 2 partials ⚠️
src/permission/permission.cc	60.00%	1 Missing and 1 partial ⚠️
lib/_http_outgoing.js	75.00%	1 Missing ⚠️
... and 5 more

Additional details and impacted files

@@ Coverage Diff @@## v25.x #60436 +/- ## ======================================== Coverage 88.57% 88.58% ======================================== Files 704 704 Lines 208162 207731 -431 Branches 40012 40027 +15 ======================================== - Hits 184387 184014 -373 + Misses 15820 15760 -60 - Partials 7955 7957 +2 

Files with missing lines	Coverage Δ
lib/_http_incoming.js	99.35% <100.00%> (+0.01%)	⬆️
lib/_http_server.js	97.43% <100.00%> (+0.04%)	⬆️
lib/internal/blob.js	99.80% <100.00%> (ø)
lib/internal/inspector/network_undici.js	91.46% <100.00%> (-0.21%)	⬇️
lib/internal/main/mksnapshot.js	95.87% <ø> (-0.04%)	⬇️
lib/internal/main/worker_thread.js	94.44% <100.00%> (+0.03%)	⬆️
lib/internal/modules/cjs/loader.js	97.97% <100.00%> (+0.04%)	⬆️
lib/internal/modules/customization_hooks.js	100.00% <100.00%> (ø)
lib/internal/modules/esm/hooks.js	91.89% <100.00%> (+1.20%)	⬆️
lib/internal/modules/esm/load.js	93.27% <100.00%> (-1.04%)	⬇️
... and 41 more

... and 99 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Renegade334]

#60351 is a fix for a behaviour regression in v25.0.0 – probably not enough time to get it through, but would be ideal if it were doable.

[ChALkeR]

I am highly surprised that disabling zero-fill on allocUnsafe is not included in notable changes
#60434 (comment)

It's not even included in the changelog at all
Was that intentional? Could that be amended?