Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update node dependencies (major) #1813

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update node dependencies (major) #1813

wants to merge 1 commit into from

Conversation

ggrossetie
Copy link
Member

@ggrossetie ggrossetie commented Dec 6, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
node (source) volta major 20.18.0 -> 22.13.1
pino-debug dependencies major 2.0.0 -> 3.0.0
pino-debug dependencies major ^2.0.0 -> ^3.0.0
react (source) dependencies major 18.3.1 -> 19.0.0
react-dom (source) dependencies major 18.3.1 -> 19.0.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

nodejs/node (node)

v22.13.1: 2025-01-21, Version 22.13.1 'Jod' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
  • CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
  • CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

  • CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits

v22.13.0: 2025-01-07, Version 22.13.0 'Jod' (LTS), @​ruyadorno

Compare Source

Notable Changes
Stabilize Permission Model

Upgrades the Permission Model status from Active Development to Stable.

Contributed by Rafael Gonzaga #​56201

Graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable

Following the merge of Curve25519 into the Web Cryptography API Editor's Draft the Ed25519 and X25519 algorithm identifiers are now stable and will no longer emit an ExperimentalWarning upon use.

Contributed by (Filip Skokan) #​56142

Other Notable Changes
  • [05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #​54630
  • [a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #​55604
  • [ba9d5397de] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
  • [f6d0c01303] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
  • [34c68827af] - doc: move typescript support to active development (Marco Ippolito) #​55536
  • [dd14b80350] - doc: add LJHarb to collaborators (Jordan Harband) #​56132
  • [5263086169] - (SEMVER-MINOR) doc: add report version and history section (Chengzhong Wu) #​56130
  • [8cb3c2018d] - (SEMVER-MINOR) doc: sort --report-exclude alphabetically (Rafael Gonzaga) #​55788
  • [55239a48b6] - (SEMVER-MINOR) doc,lib,src,test: unflag sqlite module (Colin Ihrig) #​55890
  • [7cbe3de1d8] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
  • [6575b76042] - (SEMVER-MINOR) module: add module.stripTypeScriptTypes (Marco Ippolito) #​55282
  • [bacfe6d5c9] - (SEMVER-MINOR) net: support blocklist in net.connect (theanarkh) #​56075
  • [b47888d390] - (SEMVER-MINOR) net: support blocklist for net.Server (theanarkh) #​56079
  • [566f0a1d25] - (SEMVER-MINOR) net: add SocketAddress.parse (James M Snell) #​56076
  • [ed7eab1421] - (SEMVER-MINOR) net: add net.BlockList.isBlockList(value) (James M Snell) #​56078
  • [ea4891856d] - (SEMVER-MINOR) process: deprecate features.{ipv6,uv} and features.tls_* (René) #​55545
  • [01eb308f26] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #​56068
  • [97c38352d0] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #​56213
  • [b4041e554a] - (SEMVER-MINOR) sqlite: add StatementSync.prototype.iterate method (tpoisseau) #​54213
  • [2e3ca1bbdd] - (SEMVER-MINOR) src: add cli option to preserve env vars on diagnostic reports (Rafael Gonzaga) #​55697
  • [bcfe9c80fc] - (SEMVER-MINOR) util: add sourcemap support to getCallSites (Marco Ippolito) #​55589
Commits

v22.12.0: 2024-12-03, Version 22.12.0 'Jod' (LTS), @​ruyadorno

Compare Source

Notable Changes
require(esm) is now enabled by default

Support for loading native ES modules using require() had been available on v20.x and v22.x under the command line flag --experimental-require-module, and available by default on v23.x. In this release, it is now no longer behind a flag on v22.x.

This feature is still experimental, and we are looking for user feedback to make more final tweaks before fully stabilizing it. For this reason, on v22.x, when the Node.js instance encounters a native ES module in require() for the first time, it will emit an experimental warning unless require() comes from a path that contains node_modules. If there happens to be any regressions caused by this feature, users can report it to the Node.js issue tracker. Meanwhile this feature can also be disabled using --no-experimental-require-module as a workaround.

With this feature enabled, Node.js will no longer throw ERR_REQUIRE_ESM if require() is used to load a ES module. It can, however, throw ERR_REQUIRE_ASYNC_MODULE if the ES module being loaded or its dependencies contain top-level await. When the ES module is loaded successfully by require(), the returned object will either be a ES module namespace object similar to what's returned by import(), or what gets exported as "module.exports" in the ES module.

Users can check process.features.require_module to see whether require(esm) is enabled in the current Node.js instance. For packages, the "module-sync" exports condition can be used as a way to detect require(esm) support in the current Node.js instance and allow both require() and import to load the same native ES module. See the documentation for more details about this feature.

Contributed by Joyee Cheung in #​55085

Added resizable ArrayBuffer support in Buffer

When a Buffer is created using a resizable ArrayBuffer, the Buffer length will now correctly change as the underlying ArrayBuffer size is changed.

const ab = new ArrayBuffer(10, { maxByteLength: 20 });
const buffer = Buffer.from(ab);
console.log(buffer.byteLength); 10
ab.resize(15);
console.log(buffer.byteLength); 15
ab.resize(5);
console.log(buffer.byteLength); 5

Contributed by James Snell in #​55377

Update root certificates to NSS 3.104

This is the version of NSS that shipped in Firefox 131.0 on 2024-10-01.

Certificates added:

  • FIRMAPROFESIONAL CA ROOT-A WEB
  • TWCA CYBER Root CA
  • SecureSign Root CA12
  • SecureSign Root CA14
  • SecureSign Root CA15

Contributed by Richard Lau in #​55681

Other Notable Changes
  • [4920869935] - (SEMVER-MINOR) assert: make assertion_error use Myers diff algorithm (Giovanni Bucci) #​54862
  • [ccffd3b819] - doc: enforce strict policy to semver-major releases (Rafael Gonzaga) #​55732
  • [acc6806900] - doc: add jazelly to collaborators (Jason Zhang) #​55531
  • [88d91e8bc2] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #​55333
  • [98bfc7dce5] - (SEMVER-MINOR) http: add diagnostic channel http.client.request.created (Marco Ippolito) #​55586
  • [337f61fb25] - (SEMVER-MINOR) lib: add UV_UDP_REUSEPORT for udp (theanarkh) #​55403
  • [1628c48ad6] - (SEMVER-MINOR) net: add UV_TCP_REUSEPORT for tcp (theanarkh) #​55408
  • [457e73f4c9] - (SEMVER-MINOR) sqlite: add support for SQLite Session Extension (Bart Louwers) #​54181
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@ggrossetie ggrossetie added the 🔗 dependencies Pull requests that update a dependency file label Dec 6, 2024
@ggrossetie
Copy link
Member Author

ggrossetie commented Dec 6, 2024
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: excalidraw/package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @excalidraw/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR!   react@"19.0.0" from the root project
npm ERR!   peer react@"^19.0.0" from [email protected]
npm ERR!   node_modules/react-dom
npm ERR!     react-dom@"19.0.0" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^17.0.2 || ^18.2.0" from @excalidraw/[email protected]
npm ERR! node_modules/@excalidraw/excalidraw
npm ERR!   @excalidraw/excalidraw@"0.17.6" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/react
npm ERR!   peer react@"^17.0.2 || ^18.2.0" from @excalidraw/[email protected]
npm ERR!   node_modules/@excalidraw/excalidraw
npm ERR!     @excalidraw/excalidraw@"0.17.6" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2025-01-26T17_31_09_769Z-debug-0.log

@ggrossetie ggrossetie force-pushed the renovate/major-node-dependencies branch from 8891406 to 4702d77 Compare January 26, 2025 02:29
@ggrossetie ggrossetie changed the title chore(deps): update node dependencies to v19 (major) chore(deps): update node dependencies (major) Jan 26, 2025
@ggrossetie ggrossetie force-pushed the renovate/major-node-dependencies branch 3 times, most recently from ef7896e to 02aca0e Compare January 27, 2025 17:08
@ggrossetie
Copy link
Member Author

ggrossetie commented Jan 27, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: excalidraw/package-lock.json
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: @excalidraw/[email protected]
npm error Found: [email protected]
npm error node_modules/react
npm error   react@"19.0.0" from the root project
npm error   peer react@"^19.0.0" from [email protected]
npm error   node_modules/react-dom
npm error     react-dom@"19.0.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer react@"^17.0.2 || ^18.2.0" from @excalidraw/[email protected]
npm error node_modules/@excalidraw/excalidraw
npm error   @excalidraw/excalidraw@"0.17.6" from the root project
npm error
npm error Conflicting peer dependency: [email protected]
npm error node_modules/react
npm error   peer react@"^17.0.2 || ^18.2.0" from @excalidraw/[email protected]
npm error   node_modules/@excalidraw/excalidraw
npm error     @excalidraw/excalidraw@"0.17.6" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2025-01-27T21_10_58_486Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2025-01-27T21_10_58_486Z-debug-0.log

@ggrossetie ggrossetie force-pushed the renovate/major-node-dependencies branch from 02aca0e to 11ed8a6 Compare January 27, 2025 18:46
@ggrossetie ggrossetie force-pushed the renovate/major-node-dependencies branch from 11ed8a6 to 5eec01c Compare January 27, 2025 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
🔗 dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ggrossetie