github nodejs/node v20.19.5
2025-09-03, Version 20.19.5 'Iron' (LTS), @marco-ippolito
on GitHub

2 days ago

Notable Changes

Commits

  • [ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #58270
  • [c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #58171
  • [d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #58867
  • [84d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #58213
  • [068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #58942
  • [edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #57498
  • [0473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #58628
  • [1218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #57768
  • [0e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #56655
  • [a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #57335
  • [cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #57335
  • [82c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #57180
  • [43e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #56855
  • [91282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #58566
  • [b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #58711
  • [ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #57382
  • [142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #58712
  • [fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #58144
  • [c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #57386
  • [cded8e7e77] - dns: fix parse memory leaky (theanarkh) #58973
  • [182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #58404
  • [621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #57449
  • [b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #57426
  • [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #58355
  • [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308
  • [530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #58911
  • [38e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #57318
  • [d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #57309
  • [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #58499
  • [8c3bc156ed] - doc: clarify path.isAbsolute is not path traversal mitigation (Eric Fortis) #57073
  • [e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #56835
  • [e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #57219
  • [026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #57183
  • [3c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241
  • [ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #57076
  • [1db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #52607
  • [b73a1356ce] - doc: add module namespace object links (Dario Piotrowicz) #57093
  • [09368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #57092
  • [2c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #57090
  • [cd8259cb4e] - doc: modules.md: fix distance definition (Alexander “weej” Jones) #57046
  • [7b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #57091
  • [14fcfc242b] - doc: add a note about require('../common') in testing documentation (Aditi) #56953
  • [bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #57028
  • [acd4d7f269] - doc: improve documentation on argument validation (Aditi) #56954
  • [4cd6b3ca73] - doc: buffer: fix typo on Buffer.copyBytesFrom( offset option (tpoisseau) #57015
  • [01220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #57004
  • [77a0505a32] - doc: update post sec release process (Rafael Gonzaga) #56907
  • [77dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #56539
  • [73e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #55947
  • [9a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #55791
  • [04d9c5baeb] - doc: add scroll margin to links (Roman Reiss) #58982
  • [959a67f6ff] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291
  • [8757a5532f] - doc: update release key for aduh95 (Antoine du Hamel) #58877
  • [6fa0626327] - doc,src,test: fix typos (Noritaka Kobayashi) #58477
  • [9991788e4a] - http: coerce content-length to number (Marco Ippolito) #57458
  • [ff5cf8a428] - http2: fix check for frame->hd.type (hanguanqiang) #57644
  • [2f333b6c51] - lib: optimize prepareStackTrace on builtin frames (Chengzhong Wu) #56299
  • [cdf985071f] - lib: suppress source map lookup exceptions (Chengzhong Wu) #56299
  • [faa08b14ed] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #57177
  • [a683cd1232] - meta: add IlyasShabi to collaborators (Ilyas Shabi) #58916
  • [b145bb28aa] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #58551
  • [2c59789001] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #58550
  • [4095337e96] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #58108
  • [631fed8e39] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #58456
  • [7d2f7180b6] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #58110
  • [1558551ea5] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #58106
  • [e1f12fe737] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #58356
  • [1b78eb1313] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #58111
  • [2b8449c39a] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #58107
  • [833b70bbc5] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #57966
  • [c6a88561f5] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #57718
  • [9046ef4fb3] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #57717
  • [46388a4e2a] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #57715
  • [d3970685bd] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #57714
  • [47004ef37f] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #57713
  • [4abe83ec03] - meta: add some clarification to the nomination process (James M Snell) #57503
  • [45e9b88363] - meta: remove collaborator self-nomination (Rich Trott) #57537
  • [d10949b7d8] - meta: edit collaborator nomination process (Antoine du Hamel) #57483
  • [704562fb7a] - meta: move ovflowd to emeritus (Claudio W.) #57443
  • [3f981b8537] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #57257
  • [7e1ff7b332] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #57253
  • [8d4ec412b9] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) #57292
  • [cc2abb5d17] - meta: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (dependabot[bot]) #57259
  • [4fad2b8758] - meta: bump actions/cache from 4.2.0 to 4.2.2 (dependabot[bot]) #57256
  • [5f5bb8b986] - meta: bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot]) #57255
  • [e949359a56] - meta: bump actions/setup-python from 5.3.0 to 5.4.0 (dependabot[bot]) #56867
  • [d3c5ad7510] - meta: bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (dependabot[bot]) #56866
  • [56decfe2d1] - meta: bump codecov/codecov-action from 5.0.7 to 5.3.1 (dependabot[bot]) #56864
  • [52e518444d] - meta: bump actions/cache from 4.1.2 to 4.2.0 (dependabot[bot]) #56862
  • [9cac93d9c3] - meta: bump actions/stale from 9.0.0 to 9.1.0 (dependabot[bot]) #56860
  • [ecf4252f7c] - meta: update last name for jkrems (Jan Martin) #57006
  • [e8beaaaedf] - meta: bump actions/upload-artifact from 4.4.3 to 4.6.0 (dependabot[bot]) #56861
  • [5462c257f8] - meta: bump actions/setup-node from 4.1.0 to 4.2.0 (dependabot[bot]) #56868
  • [89c37891a0] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #56889
  • [2a0175c291] - meta: add @nodejs/url as codeowner (Chengzhong Wu) #56783
  • [c12aae1e78] - meta: bump github/codeql-action from 3.28.18 to 3.29.2 (dependabot[bot]) #58922
  • [4ef09990f1] - meta: bump github/codeql-action from 3.28.16 to 3.28.18 (dependabot[bot]) #58552
  • [889654eb2c] - meta: bump github/codeql-action from 3.28.11 to 3.28.16 (dependabot[bot]) #58112
  • [091e5c1bb9] - meta: bump github/codeql-action from 3.28.10 to 3.28.13 (dependabot[bot]) #57716
  • [01415153de] - meta: bump github/codeql-action from 3.28.8 to 3.28.10 (dependabot[bot]) #57254
  • [72ea8aac34] - meta: bump github/codeql-action from 3.27.5 to 3.28.8 (dependabot[bot]) #56859
  • [99a271e588] - meta: bump step-security/harden-runner from 2.12.0 to 2.12.2 (dependabot[bot]) #58923
  • [b4c4c02490] - meta: bump step-security/harden-runner from 2.11.0 to 2.12.0 (dependabot[bot]) #58109
  • [5361bb9157] - meta: bump step-security/harden-runner from 2.10.4 to 2.11.0 (dependabot[bot]) #57258
  • [28e33acf30] - meta: bump step-security/harden-runner from 2.10.2 to 2.10.4 (dependabot[bot]) #56863
  • [fad773cede] - module: throw error when re-runing errored module jobs (Joyee Cheung) #58957
  • [2531185423] - module: allow cycles in require() in the CJS handling in ESM loader (Joyee Cheung) #58598
  • [ed43b69689] - module: clarify cjs global-like error on ModuleJobSync (Carlos Espa) #56491
  • [6e02db1b12] - module: handle instantiated async module jobs in require(esm) (Joyee Cheung) #58067
  • [badba50d30] - module: fix incorrect formatting in require(esm) cycle error message (haykam821) #57453
  • [939ecf8906] - module: handle cached linked async jobs in require(esm) (Joyee Cheung) #57187
  • [ba7f8a0353] - module: improve error message from asynchronicity in require(esm) (Joyee Cheung) #57126
  • [c1e7fa2586] - module: handle .mjs in .js handler in CommonJS (Joyee Cheung) #55590
  • [41f3dfd21b] - module: fix require.resolve() crash on non-string paths (Aditi) #56942
  • [043dcdd628] - os: fix GetInterfaceAddresses memory lieaky (theanarkh) #58940
  • [9b74e9bfd9] - permission: ignore internalModuleStat on module loading (Rafael Gonzaga) #55797
  • [611a147b45] - readline: fix unresolved promise on abortion (Daniel Venable) #54030
  • [f891ae3421] - repl: avoid deprecated require.extensions in tab completion (baki gul) #58653
  • [7ba44290bf] - repl: fix tab completion not working with computer string properties (Dario Piotrowicz) #58709
  • [eb842048b2] - src: do not format single string argument for THROW_ERR_* (Joyee Cheung) #57126
  • [4f004937ec] - src: fixup errorhandling more in various places (James M Snell) #57852
  • [5daa7fe2e2] - src: fix module buffer allocation (X-BW) #57738
  • [586b1be11b] - src: fix build when using shared simdutf (Antoine du Hamel) #58407
  • [563e61f012] - src: fix possible dereference of null pointer (Eusgor) #58459
  • [cbec07ea0b] - src: fix FIPS init error handling (Tobias Nießen) #58379
  • [80fb80e71b] - src: fix -Wunreachable-code in src/node_api.cc (Shelley Vohr) #58901
  • [5e97719860] - test: skip test-http-imports on macos (Marco Ippolito) #59745
  • [69c43bdfcc] - test: fix internet/test-dns (Michaël Zasso) #59660
  • [6fd58e0338] - tools: update coverage GitHub Actions to fixed version (Rich Trott) #59512
  • [eb7bbce73e] - tools: disable failing coverage jobs (Antoine du Hamel) #58770
  • [65b1669936] - util: fix formatting of objects with built-in Symbol.toPrimitive (Shima Ryuhei) #57832
  • [8a29f13bec] - util: fix parseEnv incorrectly splitting multiple ‘=‘ in value (HEESEUNG) #57421
  • [077d5020c4] - v8: fix missing callback in heap utils destroy (Ruben Bridgewater) #58846
  • [34ae9f8b18] - vm: import call should return a promise in the current context (Chengzhong Wu) #58309
  • [0dd3a8d6d1] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #58902
  • [1b83a2bd2d] - zlib: remove mentions of unexposed Z_TREES constant (Jimmy Leung) #58371
  • [9dc9604502] - zlib: fix pointer alignment (jhofstee) #57727
Check out latest releases or
releases around nodejs/node v20.19.5

Don't miss a new node release

NewReleases is sending notifications on new releases.

Get notifications