Skip to content

chore(deps): update dependency node to v22

GitLab Dependency Bot requested to merge gitlab-renovate-forks/gitlab-ui:renovate/major-22-nodejs-version into main

This MR contains the following updates:

Package Update Change
node (source) major 20.18.0 -> 22.11.0

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

Release Notes

nodejs/node (node)

v22.11.0: 2024-10-29, Version 22.11.0 'Jod' (LTS), @​richardlau

Compare Source

Notable Changes

This release marks the transition of Node.js 22.x into Long Term Support (LTS) with the codename 'Jod'. The 22.x release line now moves into "Active LTS" and will remain so until October 2025. After that time, it will move into "Maintenance" until end of life in April 2027.

Other than updating metadata, such as the process.release object, to reflect that the release is LTS, no further changes from Node.js 22.10.0 are included.

OpenSSL 3.x

Official binaries for Node.js 22.x currently include OpenSSL 3.0.x (more specifically, the quictls OpenSSL fork). OpenSSL 3.0.x is the currently designated long term support version that is scheduled to be supported until 7th September 2026, which is within the expected lifetime of Node.js 22.x. We are expecting upstream OpenSSL to announce a successor long term support version prior to that date and since OpenSSL now follows a semantic versioning-like versioning scheme we expect to be able to update to the next long term supported version of OpenSSL during the lifetime of Node.js 22.x.

v22.10.0: 2024-10-16, Version 22.10.0 (Current), @​aduh95

Compare Source

Notable Changes
New "module-sync" exports condition

This release introduces a "module-sync" exports condition that's enabled when require(esm) is enabled, so packages can supply a synchronous ES module to the Node.js module loader, no matter if it's being required or imported. This is similar to the "module" condition that bundlers have been using to support require(esm) in Node.js, and allows dual-package authors to opt into ESM-first only on newer versions of Node.js that supports require(esm) to avoid the dual-package hazard.

{
  "type": "module",
  "exports": {
    "node": {
      // On new version of Node.js, both require() and import get
      // the ESM version
      "module-sync": "./index.js",
      // On older version of Node.js, where "module-sync" and require(esm) are
      // not supported, use the CJS version to avoid dual-package hazard.
      // When package authors think it's time to drop support for older versions of
      // Node.js, they can remove the exports conditions and just use "main": "index.js".
      "default": "./dist/index.cjs"
    },
    // On any other environment, use the ESM version.
    "default": "./index.js"
  }
}

Or if the package is only meant to be run on Node.js and wants to fallback to CJS on older versions that don't have require(esm):

{
  "type": "module",
  "exports": {
    // On new version of Node.js, both require() and import get the ESM version
    "module-sync": "./index.js",
    // On older version of Node.js, where "module-sync" and require(esm) are
    // not supported, use the CJS version to avoid dual-package hazard.
    // When package authors think it's time to drop support for older versions of
    // Node.js, they can remove the exports conditions and just use "main": "index.js".
    "default": "./dist/index.cjs"
  }
}

For package authors: this only serves as a feature-detection mechanism for packages that wish to support both CJS and ESM users during the period when some active Node.js LTS versions support require(esm) while some older ones don't. When all active Node.js LTS lines support require(esm), packages can simplify their distributions by bumping the major version, dropping their CJS exports, and removing the module-sync exports condition (with only main or default targetting the ESM exports). If the package needs to support both bundlers and being run unbundled on Node.js during the transition period, use both module-sync and module and point them to the same ESM file. If the package already doesn't want to support older versions of Node.js that doesn't support require(esm), don't use this export condition.

For bundlers/tools: they should avoid implementing this stop-gap condition. Most existing bundlers implement the de-facto bundler standard module exports condition, and that should be enough to support users who want to bundle ESM from CJS consumers. Users who want both bundlers and Node.js to recognize the ESM exports can use both module/module-sync conditions during the transition period, and can drop module-sync+module when they no longer need to support older versions of Node.js. If tools do want to support this condition, it's recommended to make the resolution rules in the graph pointed by this condition match the Node.js native ESM rules to avoid divergence.

We ended up implementing a condition with a different name instead of reusing "module", because existing code in the ecosystem using the "module" condition sometimes also expect the module resolution for these ESM files to work in CJS style, which is supported by bundlers, but the native Node.js loader has intentionally made ESM resolution different from CJS resolution (e.g. forbidding import './noext' or import './directory'), so it would be breaking to implement a "module" condition without implementing the forbidden ESM resolution rules. For now, this just implements a new condition as semver-minor so it can be backported to older LTS.

Contributed by Joyee Cheung in #​54648.

node --run is now stable

This CLI flag runs a specified command from a package.json's "scripts" object.

For the following package.json:

{
  "scripts": {
    "test": "node --test-reporter junit --test ./test"
  }
}

You can run node --run test and that would start the test suite.

Contributed by Yagiz Nizipli in #​53763.

Other notable changes
  • [f0b441230a] - (SEMVER-MINOR) crypto: add KeyObject.prototype.toCryptoKey (Filip Skokan) #​55262
  • [349d2ed07b] - (SEMVER-MINOR) crypto: add Date fields for validTo and validFrom (Andrew Moon) #​54159
  • [bebc95ed58] - doc: add abmusse to collaborators (Abdirahim Musse) #​55086
  • [914db60159] - (SEMVER-MINOR) http2: expose nghttp2_option_set_stream_reset_rate_limit as an option (Maël Nison) #​54875
  • [f7c3b03759] - (SEMVER-MINOR) lib: propagate aborted state to dependent signals before firing events (jazelly) #​54826
  • [32261fc98a] - (SEMVER-MINOR) module: support loading entrypoint as url (RedYetiDev) #​54933
  • [06957ff355] - (SEMVER-MINOR) module: implement flushCompileCache() (Joyee Cheung) #​54971
  • [2dcf70c347] - (SEMVER-MINOR) module: throw when invalid argument is passed to enableCompileCache() (Joyee Cheung) #​54971
  • [f9b19d7c44] - (SEMVER-MINOR) module: write compile cache to temporary file and then rename it (Joyee Cheung) #​54971
  • [e95163b170] - (SEMVER-MINOR) process: add process.features.require_module (Joyee Cheung) #​55241
  • [4050f68e5d] - (SEMVER-MINOR) process: add process.features.typescript (Aviv Keller) #​54295
  • [86f7cb802d] - (SEMVER-MINOR) test_runner: support custom arguments in run() (Aviv Keller) #​55126
  • [b62f2f8259] - (SEMVER-MINOR) test_runner: add 'test:summary' event (Colin Ihrig) #​54851
  • [d7c708aec5] - (SEMVER-MINOR) test_runner: add support for coverage via run() (Chemi Atlow) #​53937
  • [5fda4a1498] - (SEMVER-MINOR) worker: add markAsUncloneable api (Jason Zhang) #​55234
Commits

v22.9.0: 2024-09-17, Version 22.9.0 (Current), @​RafaelGSS

Compare Source

New API to retrieve execution Stack Trace

A new API getCallSite has been introduced to the util module. This API allows users to retrieve the stacktrace of the current execution. Example:

const util = require('node:util');

function exampleFunction() {
  const callSites = util.getCallSite();

  console.log('Call Sites:');
  callSites.forEach((callSite, index) => {
    console.log(`CallSite ${index + 1}:`);
    console.log(`Function Name: ${callSite.functionName}`);
    console.log(`Script Name: ${callSite.scriptName}`);
    console.log(`Line Number: ${callSite.lineNumber}`);
    console.log(`Column Number: ${callSite.column}`);
  });
  // CallSite 1:
  // Function Name: exampleFunction
  // Script Name: /home/example.js
  // Line Number: 5
  // Column Number: 26

  // CallSite 2:
  // Function Name: anotherFunction
  // Script Name: /home/example.js
  // Line Number: 22
  // Column Number: 3

  // ...
}

// A function to simulate another stack layer
function anotherFunction() {
  exampleFunction();
}

anotherFunction();

Thanks to Rafael Gonzaga for making this work on #​54380.

Disable V8 Maglev

We have seen several crashes/unexpected JS behaviors with maglev on v22 (which ships V8 v12.4). The bugs lie in the codegen so it would be difficult for users to work around them or even figure out where the bugs are coming from. Some bugs are fixed in the upstream while some others probably remain.

As v22 will get stuck with V8 v12.4 as LTS, it will be increasingly difficult to backport patches for them even if the bugs are fixed. So disable it by default on v22 to reduce the churn and troubles for users.

Thanks to Joyee Cheung for making this work on #​54384

Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext

This releases introduces a new option to the API tls.createSecureContext. For now on users can use tls.createSecureContext({ allowPartialTrustChain: true }) to treat intermediate (non-self-signed) certificates in the trust CA certificate list as trusted.

Thanks to Anna Henningsen for making this work on #​54790

Other Notable Changes
  • [5c9599af5a] - src: create handle scope in FastInternalModuleStat (Joyee Cheung) #​54384
  • [e2307d87e8] - (SEMVER-MINOR) stream: relocate the status checking code in the onwritecomplete (YoonSoo_Shin) #​54032
Deprecations
  • [8433032948] - repl: doc-deprecate instantiating node:repl classes without new (Aviv Keller) #​54842
  • [8c4c85cf31] - zlib: deprecate instantiating classes without new (Yagiz Nizipli) #​54708
Commits

v22.8.0: 2024-09-03, Version 22.8.0 (Current), @​RafaelGSS

Compare Source

New JS API for compile cache

This release adds a new API module.enableCompileCache() that can be used to enable on-disk code caching of all modules loaded after this API is called. Previously this could only be enabled by the NODE_COMPILE_CACHE environment variable, so it could only set by end-users. This API allows tooling and library authors to enable caching of their own code. This is a built-in alternative to the v8-compile-cache/v8-compile-cache-lib packages, but have better performance and supports ESM.

Thanks to Joyee Cheung for working on this.

New option for vm.createContext() to create a context with a freezable globalThis

Node.js implements a flavor of vm.createContext() and friends that creates a context without contextifying its global object when vm.constants.DONT_CONTEXTIFY is used. This is suitable when users want to freeze the context (impossible when the global is contextified i.e. has interceptors installed) or speed up the global access if they don't need the interceptor behavior.

Thanks to Joyee Cheung for working on this.

Support for coverage thresholds

Node.js now supports requiring code coverage to meet a specific threshold before the process exits successfully. To use this feature, you need to enable the --experimental-test-coverage flag.

You can set thresholds for the following types of coverage:

  • Branch coverage: Use --test-coverage-branches=<threshold>
  • Function coverage: Use --test-coverage-functions=<threshold>
  • Line coverage: Use --test-coverage-lines=<threshold>

<threshold> should be an integer between 0 and 100. If an invalid value is provided, a TypeError will be thrown.

If the code coverage fails to meet the specified thresholds for any category, the process will exit with code 1.

For instance, to enforce a minimum of 80% line coverage and 60% branch coverage, you can run:

$ node --experimental-test-coverage --test-coverage-lines=80 --test-coverage-branches=60 example.js

Thanks Aviv Keller for working on this.

Other Notable Changes
  • [1f2cc2fa47] - (SEMVER-MINOR) src,lib: add performance.uvMetricsInfo (Rafael Gonzaga) #​54413
  • [1e01bdc0d0] - (SEMVER-MINOR) net: exclude ipv6 loopback addresses from server.listen (Giovanni Bucci) #​54264
  • [97fa075c2e] - (SEMVER-MINOR) test_runner: support running tests in process (Colin Ihrig) #​53927
  • [858b583c88] - (SEMVER-MINOR) test_runner: defer inheriting hooks until run() (Colin Ihrig) #​53927
Commits

v22.7.0: 2024-08-22, Version 22.7.0 (Current), @​RafaelGSS

Compare Source

Experimental transform types support

With the new flag --experimental-transform-types it is possible to enable the transformation of TypeScript-only syntax into JavaScript code.

This feature allows Node.js to support TypeScript syntax such as Enum and namespace.

Thanks to Marco Ippolito for making this work on #​54283.

Module syntax detection is now enabled by default.

Module syntax detection (the --experimental-detect-module flag) is now enabled by default. Use --no-experimental-detect-module to disable it if needed.

Syntax detection attempts to run ambiguous files as CommonJS, and if the module fails to parse as CommonJS due to ES module syntax, Node.js tries again and runs the file as an ES module. Ambiguous files are those with a .js or no extension, where the nearest parent package.json has no "type" field (either "type": "module" or "type": "commonjs"). Syntax detection should have no performance impact on CommonJS modules, but it incurs a slight performance penalty for ES modules; add "type": "module" to the nearest parent package.json file to eliminate the performance cost. A use case unlocked by this feature is the ability to use ES module syntax in extensionless scripts with no nearby package.json.

Thanks to Geoffrey Booth for making this work on #​53619.

Performance Improvements to Buffer

Performance of Node.js Buffers have been optimized through multiple MR's with significant improvements to the Buffer.copy and Buffer.write methods. These are used throughout the codebase and should give a nice boost across the board.

Thanks to Robert Nagy for making this work on #​54311, #​54324, and #​54087.

Other Notable Changes
  • [911de7dd6d] - (SEMVER-MINOR) inspector: support Network.loadingFailed event (Kohei Ueno) #​54246
  • [9ee4b16bd8] - (SEMVER-MINOR) lib: rewrite AsyncLocalStorage without async_hooks (Stephen Belanger) #​48528
Commits

v22.6.0: 2024-08-06, Version 22.6.0 (Current), @​RafaelGSS

Compare Source

Experimental TypeScript support via strip types

Node.js introduces the --experimental-strip-types flag for initial TypeScript support. This feature strips type annotations from .ts files, allowing them to run without transforming TypeScript-specific syntax. Current limitations include:

  • Supports only inline type annotations, not features like enums or namespaces.
  • Requires explicit file extensions in import and require statements.
  • Enforces the use of the type keyword for type imports to avoid runtime errors.
  • Disabled for TypeScript in node_modules by default.

Thanks Marco Ippolito for working on this.

Experimental Network Inspection Support in Node.js

This update introduces the initial support for network inspection in Node.js. Currently, this is an experimental feature, so you need to enable it using the --experimental-network-inspection flag. With this feature enabled, you can inspect network activities occurring within a JavaScript application.

To use network inspection, start your Node.js application with the following command:

$ node --inspect-wait --experimental-network-inspection index.js

Please note that the network inspection capabilities are in active development. We are actively working on enhancing this feature and will continue to expand its functionality in future updates.

Thanks Kohei Ueno for working on this.

Other Notable Changes
Commits

v22.5.1: 2024-07-19, Version 22.5.1 (Current), @​richardlau

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 22.5.0. The problem is known to display the following symptoms:

  • Crash with FATAL ERROR: v8::Object::GetCreationContextChecked No creation context available #​53902
  • npm errors with npm error Exit handler never called! npm/cli#7657
  • yarn hangs or outputs Usage Error: Couldn't find the node_modules state file - running an install might help (findPackageLocation) yarnpkg/berry#6398
Commits

v22.5.0: 2024-07-17, Version 22.5.0 (Current), @​RafaelGSS prepared by @​aduh95

Compare Source

Notable Changes
Commits

v22.4.1: 2024-07-08, Version 22.4.1 (Current), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
  • CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
  • CVE-2024-22018 - fs.lstat bypasses permission model (Low)
  • CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
  • CVE-2024-37372 - Permission model improperly processes UNC paths (Low)
Commits

v22.4.0: 2024-07-02, Version 22.4.0 (Current), @​targos

Compare Source

Notable Changes
Experimental Web Storage API
  • [9e30724b53] - (SEMVER-MINOR) deps,lib,src: add experimental web storage (Colin Ihrig) #​52435
API stability updates
Other Notable Changes
  • [df4762722c] - doc: doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #​53329
  • [ad5282e196] - inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #​53473
  • [e95af740fc] - (SEMVER-MINOR) lib: add diagnostics_channel events to module loading (RafaelGSS) #​44340
  • [50733a1abe] - (SEMVER-MINOR) util: support --no- for argument with boolean type for parseArgs (Zhenwei Jin) #​53107
Commits

v22.3.0: 2024-06-11, Version 22.3.0 (Current), @​RafaelGSS

Compare Source

Notable Changes
Commits

v22.2.0: 2024-05-15, Version 22.2.0 (Current), @​targos

Compare Source

Notable Changes
  • [fb85d38e80] - (SEMVER-MINOR) cli: allow running wasm in limited vmem with --disable-wasm-trap-handler (Joyee Cheung) #​52766
  • [23a0d3339f] - doc: add pimterry to collaborators (Tim Perry) #​52874
  • [7d7a762156] - (SEMVER-MINOR) fs: allow 'withFileTypes' to be used with globs (Aviv Keller) #​52837
  • [8748dd6477] - (SEMVER-MINOR) inspector: introduce the --inspect-wait flag (Kohei Ueno) #​52734
  • [9a7ae9b6c4] - lib,src: remove --experimental-policy (Rafael Gonzaga) #​52583
  • [1f7c2a93fc] - (SEMVER-MINOR) perf_hooks: add deliveryType and responseStatus fields (Matthew Aitken) #​51589
  • [2f59529dc5] - (SEMVER-MINOR) test_runner: support test plans (Colin Ihrig) #​52860
  • [6b4dac3eb5] - (SEMVER-MINOR) zlib: expose zlib.crc32() (Joyee Cheung) #​52692
Commits

v22.1.0: 2024-05-02, Version 22.1.0 (Current), @​targos prepared by @​aduh95

Compare Source

module: implement NODE_COMPILE_CACHE for automatic on-disk code caching

This patch implements automatic on-disk code caching that can be enabled via an environment variable NODE_COMPILE_CACHE=/path/to/cache/dir.

When set, whenever Node.js compiles a CommonJS or a ECMAScript Module, it will use on-disk V8 code cache persisted in the specified directory to speed up the compilation. This may slow down the first load of a module graph, but subsequent loads of the same module graph may get a significant speedup if the contents of the modules do not change. Locally, this speeds up loading of test/fixtures/snapshot/typescript.js from ~130ms to ~80ms.

To clean up the generated code cache, simply remove the directory. It will be recreated the next time the same directory is used for NODE_COMPILE_CACHE.

Compilation cache generated by one version of Node.js may not be used by a different version of Node.js. Cache generated by different versions of Node.js will be stored separately if the same directory is used to persist the cache, so they can co-exist.

Caveat: currently when using this with V8 JavaScript code coverage, the coverage being collected by V8 may be less precise in functions that are deserialized from the code cache. It's recommended to turn this off when running tests to generate precise coverage.

Contributed by Joyee Cheung in #​52535.

Other Notable Changes
  • [44ee04cf9f] - buffer: improve base64 and base64url performance (Yagiz Nizipli) #​52428
  • [3c37ce5710] - (SEMVER-MINOR) dns: add order option and support ipv6first (Paolo Insogna) #​52492
  • [3026401be1] - events,doc: mark CustomEvent as stable (Daeyeon Jeong) #​52618
  • [64428dc1c9] - (SEMVER-MINOR) lib, url: add a windows option to path parsing (Aviv Keller) #​52509
  • [d79ae74f71] - (SEMVER-MINOR) net: add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) #​52474
  • [43fa6a1a45] - (SEMVER-MINOR) src: add string_view overload to snapshot FromBlob (Anna Henningsen) #​52595
  • [c6fe433d42] - src,permission: throw async errors on async APIs (Rafael Gonzaga) #​52730
  • [e247a61d15] - (SEMVER-MINOR) test_runner: add --test-skip-pattern cli option (Aviv Keller) #​52529
  • [9b18df9dcb] - (SEMVER-MINOR) url: implement parse method for safer URL parsing (Ali Hassan) #​52280
Commits

v22.0.0: 2024-04-24, Version 22.0.0 (Current), @​RafaelGSS and @​marco-ippolito

Compare Source

We're excited to announce the release of Node.js 22! Highlights include require()ing ESM graphs, WebSocket client, updates of the V8 JavaScript engine, and more! As a reminder, Node.js 22 will enter long-term support (LTS) in October, but until then, it will be the "Current" release for the next six months. We encourage you to explore the new features and benefits offered by this latest release and evaluate their potential impact on your applications.

Other Notable Changes
Semver-Major Commits
Semver-Minor Commits
  • [128c60d906] - (SEMVER-MINOR) cli: implement node --run <script-in-package-json> (Yagiz Nizipli) #​52190
  • [f69946b905] - (SEMVER-MINOR) deps: update simdutf to 5.0.0 (Daniel Lemire) #​52138
  • [828ad42eee] - (SEMVER-MINOR) deps: update undici to 6.3.0 (Node.js GitHub Bot) #​51462
  • [05f8172188] - (SEMVER-MINOR) deps: update undici to 6.2.1 (Node.js GitHub Bot) #​51278
  • [a0c466810a] - (SEMVER-MINOR) doc: deprecate fs.Stats public constructor (Marco Ippolito) #​51879
  • [151d365ad1] - (SEMVER-MINOR) fs: expose glob and globSync (Moshe Atlow) #​51912
  • [5f7fad2605] - (SEMVER-MINOR) module: support require()ing synchronous ESM graphs (Joyee Cheung) #​51977
  • [009665fb56] - (SEMVER-MINOR) report: add --report-exclude-network option (Ethan Arrowood) #​51645
  • [80f86e5d02] - (SEMVER-MINOR) src: add C++ ProcessEmitWarningSync() (Joyee Cheung) #​51977
  • [78be0d0f1c] - (SEMVER-MINOR) src: add uv_get_available_memory to report and process (theanarkh) #​52023
  • [b34512e38e] - (SEMVER-MINOR) src: preload function for Environment (Cheng Zhao) #​51539
  • [7d258db1d7] - (SEMVER-MINOR) stream: support typed arrays (IlyasShabi) #​51866
  • [5276c0d5d4] - (SEMVER-MINOR) test_runner: add suite() (Colin Ihrig) #​52127
  • [84de97a61e] - (SEMVER-MINOR) test_runner: support forced exit (Colin Ihrig) #​52038
  • [aac5ad901d] - (SEMVER-MINOR) test_runner: add test:complete event to reflect execution order (Moshe Atlow) #​51909
  • [9a1e01c4ce] - (SEMVER-MINOR) util: support array of formats in util.styleText (Marco Ippolito) #​52040
  • [7f2d61f82a] - (SEMVER-MINOR) v8: implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) #​51927
  • [d1d5da22e4] - (SEMVER-MINOR) vm: harden module type checks (Chengzhong Wu) #​52162
Semver-Patch Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

  • [ ] If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports