Skip to content

V22.23.2 proposal#64567

Open
juanarbol wants to merge 329 commits into
v22.xfrom
v22.23.2-proposal
Open

V22.23.2 proposal#64567
juanarbol wants to merge 329 commits into
v22.xfrom
v22.23.2-proposal

Conversation

@juanarbol

@juanarbol juanarbol commented Jul 17, 2026

Copy link
Copy Markdown
Member

2026-07-22, Version 22.23.2 'Jod' (LTS), @juanarbol

Notable Changes

  • [0d2e56f102] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527

Commits

  • [b77faa0764] - assert,util: fix stale nested cycle memo entries (Ruben Bridgewater) #62509
  • [7f93b96fae] - benchmark: fix destructuring in dgram/single-buffer (Ali Hassan) #62084
  • [fb8db1567d] - benchmark: add startup benchmark for ESM entrypoint (Joyee Cheung) #61769
  • [087971eae4] - benchmark: add streaming TextDecoder benchmark (Сковорода Никита Андреевич) #61549
  • [8bd68dbf74] - buffer: optimize buffer.concat performance (Mert Can Altin) #61721
  • [93198696a6] - build: def NODE_USE_NODE_CODE_CACHE only used in node_mksnapshot (Chengzhong Wu) #63588
  • [bd583162d1] - build: track PDL files as inputs in inspector GN build (Robo) #62888
  • [38629eba04] - build: remove redundant -fuse-linker-plugin from GCC LTO flags (Daniel Lando) #62667
  • [7dce78b77a] - build: support empty libname flags in configure.py (Antoine du Hamel) #62477
  • [872307b866] - build: fix timezone-update path references (Chengzhong Wu) #62280
    ...truncated, see the whole changelog here

mcollina and others added 30 commits July 17, 2026 17:07
Add internal fast paths to improve webstreams performance without
changing the public API or breaking spec compliance.

1. ReadableStreamDefaultReader.read() fast path:
   When data is already buffered in the controller's queue, return
   PromiseResolve() directly without creating a DefaultReadRequest
   object. This is spec-compliant because read() returns a Promise,
   and resolved promises still run callbacks in the microtask queue.

2. pipeTo() batch read fast path:
   When data is buffered, batch reads directly from the controller
   queue up to highWaterMark without creating
   PipeToReadableStreamReadRequest objects per chunk. Respects
   backpressure by checking desiredSize after each write.

Benchmark results:
  - pipeTo:          ~11% faster (***)
  - buffered read(): ~17-20% faster (***)

Co-Authored-By: Malte Ubl <malte@vercel.com>
PR-URL: #61807
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
PR-URL: #61874
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tierney Cyren <hello@bnb.im>
PR-URL: #61498
Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Bumps [actions/stale](https://github.com/actions/stale) from 10.1.1 to 10.2.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@9971854...b5d41d4)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61908
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@e3f713f...5ef0c07)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61909
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.0 to 4.32.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b20883b...89a39a4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61911
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
PR-URL: #61944
Refs: #61903
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
PR-URL: #61833
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Replace native methods with primordials.

PR-URL: #61219
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Reviewed-By: Jordan Harband <ljharb@gmail.com>
Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Signed-off-by: marcopiraccini <marco.piraccini@gmail.com>
PR-URL: #61836
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
The WHATWG Streams spec requires that pipeTo's chunk handling must
queue a microtask before calling the write algorithm. This ensures
that enqueue() does not synchronously trigger writes.

Previously, PipeToReadableStreamReadRequest[kChunk] would synchronously
call writableStreamDefaultWriterWrite(), which violated the spec and
caused the WPT test "enqueue() must not synchronously call write
algorithm" to fail.

Fix by wrapping the write operation in queueMicrotask(), which defers
it to the next microtask as required by the spec.

Refs: whatwg/streams#1243
PR-URL: #61800
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
Signed-off-by: Igor <igorshevelenkov4@gmail.com>
PR-URL: #61525
Fixes: #61462
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com>
Reviewed-By: Jacob Smith <jacob@frende.me>
PR-URL: #61974
Refs: #38161
Reviewed-By: Kohei Ueno <kohei.ueno119@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.3.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.3)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61976
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #61773
Refs: #61762
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
As specified in WebIDL (<https://webidl.spec.whatwg.org/#js-dictionary>),
the fields of a dictionary need to be read in lexicographical order.

PR-URL: #61980
Reviewed-By: Jason Zhang <xzha4350@gmail.com>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #61721
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
PR-URL: #61916
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
PR-URL: #62020
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Bumps [minimatch](https://github.com/isaacs/minimatch)
from 3.1.2 to 3.1.3.
- [Changelog](http://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.3)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61977
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #62034
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Add validateHeaderName/validateHeaderValue checks for non-link
headers and checkInvalidHeaderChar for the Link value in HTTP/1.1
writeEarlyHints, closing a CRLF injection gap where header names
and values were concatenated into the raw response without
validation.

Also tighten linkValueRegExp to reject CR/LF inside the <...>
URL portion of Link header values.

PR-URL: #61897
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
PR-URL: #61972
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
The `path` property on `ClientRequest` was only validated at
construction time. Add a getter/setter so that the same
`INVALID_PATH_REGEX` check runs whenever `req.path` is reassigned,
preventing invalid characters from reaching `_implicitHeader()`.

PR-URL: #62030
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
It has better performance

PR-URL: #61122
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Daniel Lemire <daniel@lemire.me>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: #62026
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Release the async context frame in AsyncWrap::EmitDestroy to allow
gc to collect it.

This is in special relevant for reused resources like HTTPParser
otherwise they might keep ALS stores alive.

PR-URL: #61995
Fixes: #61882
Refs: #48528
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.2 to 2.15.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@5ef0c07...a90bcbc)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #62064
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.3 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.3...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #62013
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Signed-off-by: marcopiraccini <marco.piraccini@gmail.com>
PR-URL: #62040
Fixes: #62036
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
aduh95 and others added 21 commits July 17, 2026 17:11
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63516
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com>
`validateInt32(keylen, 'keylen', 0)` lets `-0` through: `typeof -0` is
`'number'`, `Number.isInteger(-0)` is `true`, and `-0 < 0` is `false`.
The value then reaches the PBKDF2Job binding, whose `IsInt32()` check
fails (V8 boxes `-0` as a HeapNumber rather than a tagged SMI) and
aborts the process with SIGABRT.
Coerce `keylen` to `+0`
after validation so the binding sees a true Int32.

Reachable from any caller that forwards a JSON-parsed value,
since `JSON.parse('{"keylen":-0}').keylen` preserves the sign.

Mirror of the prior pbkdf2 fix. `validateInt32(keylen, 'keylen', 0)`
lets `-0` through (since `-0 < 0` is `false`), and the ScryptJob
binding's `IsInt32()` check at `crypto_scrypt.cc` aborts the process
with SIGABRT because V8 boxes `-0` as a HeapNumber rather than a
tagged SMI. Coerce `keylen` to `+0` after validation.

Signed-off-by: Jordan Harband <ljharb@gmail.com>
PR-URL: #63531
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This is the [`certdata.txt`][0] from NSS 3.123.1.

This is the version of NSS that shipped in Firefox 151.0.1 on 2026-05-21

Certificates removed:
- QuoVadis Root CA 2
- QuoVadis Root CA 3
- DigiCert Assured ID Root CA
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
- SwissSign Gold CA - G2
- SecureTrust CA
- Secure Global CA
- COMODO Certification Authority
- Certigna
- certSIGN ROOT CA
- Izenpe.com
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- TeliaSonera Root CA v1
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
- GLOBALTRUST 2020
- GTS Root R2
- FIRMAPROFESIONAL CA ROOT-A WEB

[0]: https://raw.githubusercontent.com/nss-dev/nss/refs/tags/NSS_3_123_1_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #63527
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63515
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com>
The example claimed that posting a URL object via MessageChannel would
print an empty object, but since v21.0.0 (commit d920b7c) it
throws a DataCloneError. Update the example and surrounding text to
reflect the current behavior.

Fixes: #60504

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
PR-URL: #62203
Fixes: #60504
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: #63479
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: RonGamzu <37371774+RonGamzu@users.noreply.github.com>
PR-URL: #63465
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Original commit message:

    Fix a bug causing the session module to dereference a NULL pointer when applying a corrupt changeset.
    FossilOrigin-Name: e807d4e3798efd532b3d78d1dfe513ed4fbd3cb793dd0ae5c30cae6031422b10

Refs: https://sqlite.org/src/info/e807d4e3798efd53
Signed-off-by: junius-sec <sksch323@naver.com>
PR-URL: #63525
Refs: https://hackerone.com/reports/3736889
Refs: sqlite/sqlite@b869ed6
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Guards scheduled jobs in daily.yml, codeql.yml, and scorecard.yml so
they only run on nodejs/node, matching the pattern already used in
tools.yml, stale.yml, and others. This prevents wasted Actions minutes
and failed-run email notifications on forks.

Signed-off-by: Jamie Magee <jamie.magee@gmail.com>
PR-URL: #63565
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63405
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63414
Fixes: #63412
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
PR-URL: #62331
Refs: #61478
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Aviv Keller <me@aviv.sh>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Signed-off-by: Renegade334 <contact.9a5d6388@renegade334.me.uk>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: #63583
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63586
Refs: nodejs/node-core-utils#1043
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Signed-off-by: Chengzhong Wu <cwu631@bloomberg.net>
PR-URL: #63588
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Signed-off-by: Chengzhong Wu <legendecas@gmail.com>
PR-URL: #63591
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Forward Node.js tail stream data through a pipe-style data listener
instead of manually draining readable events. This keeps compose closer
to the stream pipe hot path while preserving backpressure with pause
and resume.

Signed-off-by: Kamat, Trivikram <16024985+trivikr@users.noreply.github.com>
Assisted-by: openai:gpt-5.5
PR-URL: #63593
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Defer non-critical warnings to the next event loop iteration when
can_call_into_js() returns false. This prevents crashes when V8
emits warnings during REPL preview evaluation or other contexts
where JavaScript execution is temporarily forbidden.

When a warning is emitted inside DisallowJavascriptExecutionScope,
ProcessEmitWarningGeneric cannot be called immediately. Instead,
use env->SetImmediate() to queue the warning emission for after
the scope exits. This preserves full warning formatting, deprecation
codes, and --redirect-warnings routing.

Signed-off-by: Divyanshu Sharma <Divyanshu88999@gmail.com>
PR-URL: #63491
Fixes: #63473
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63609
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63621
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Joyee Cheung <joyeec9h3@gmail.com>
PR-URL: #63650
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
@juanarbol
juanarbol requested a review from a team as a code owner July 17, 2026 22:17
@nodejs-github-bot

Copy link
Copy Markdown
Collaborator

Review requested:

  • @nodejs/actions
  • @nodejs/releasers

@nodejs-github-bot nodejs-github-bot added meta Issues and PRs related to the general management of the project. tools Issues and PRs related to the tools directory. v22.x Issues that can be reproduced on v22.x or PRs targeting the v22.x-staging branch. labels Jul 17, 2026
@juanarbol juanarbol mentioned this pull request Jul 17, 2026
Notable changes:

crypto:
  * update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527

PR-URL: #64567
@juanarbol
juanarbol force-pushed the v22.23.2-proposal branch from aaebb74 to 1b5ffc1 Compare July 17, 2026 22:18
@panva panva added the release Issues and PRs related to Node.js releases. label Jul 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

meta Issues and PRs related to the general management of the project. release Issues and PRs related to Node.js releases. tools Issues and PRs related to the tools directory. v22.x Issues that can be reproduced on v22.x or PRs targeting the v22.x-staging branch.

Projects

None yet

Development

Successfully merging this pull request may close these issues.