2026-03-05, Version 20.20.1 'Iron' (LTS), @marco-ippolito#62088
Open
marco-ippolito wants to merge 75 commits intov20.xfrom
Open
2026-03-05, Version 20.20.1 'Iron' (LTS), @marco-ippolito#62088marco-ippolito wants to merge 75 commits intov20.xfrom
marco-ippolito wants to merge 75 commits intov20.xfrom
Conversation
PR-URL: #60550 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
PR-URL: #60643 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
PR-URL: #60842 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #61371 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
PR-URL: #61510 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
To reduce cache thrashing. PR-URL: #61790 Refs: #61436 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Tierney Cyren <hello@bnb.im> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #61734 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: #61759 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #61899 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Collaborator
|
Review requested:
|
nodejs-github-bot
added
meta
marco-ippolito
added a commit
that referenced
this pull request
Mar 3, 2026
marco-ippolito
force-pushed
the
v20.20.1-proposal
branch
from
b4ab4e6 to
86330d6
Compare
marco-ippolito
changed the title
marco-ippolito
added
release
PR-URL: #61903 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
`parallel/test-strace-openat-openssl` was added to check explicitly
for a list of known files that would be opened for a set workload
(`require("crypto")`). This is not reliable when Node.js is linked
to an external/shared OpenSSL library (e.g. it might be configured
to load configuration files from a different default location and/or
load more than one configuration file) so skip this test when Node.js
is built in that way.
PR-URL: #61987
Fixes: #61966
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: #61912 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
PR-URL: #61912 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Not having this permission is OK because the repo is public, but on private forks, it fails the checkout step. PR-URL: #58255 Reviewed-By: LiviaMedeiros <livia@cirno.name> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: #60662 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This is the certdata.txt[0] from NSS 3.117. This is the version of NSS that shipped in Firefox 145.0 on 2025-11-11. Certificates added: - OISTE Server Root ECC G1 - OISTE Server Root RSA G1 [0] https://raw.githubusercontent.com/nss-dev/nss/refs/tags/NSS_3_117_RTM/lib/ckfw/builtins/certdata.txt PR-URL: #60741 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
The HTTP/2 spec (RFC 7540) defines SETTINGS_INITIAL_WINDOW_SIZE maximum as 2^31-1. Values above this must be treated as a FLOW_CONTROL_ERROR. Previously, Node.js allowed values up to 2^32-1 which caused nghttp2_submit_settings() to return NGHTTP2_ERR_INVALID_ARGUMENT, triggering an uncatchable assertion failure and crashing the process. This change adds proper validation to reject values >= 2^31 with a catchable RangeError before they reach nghttp2. PR-URL: #61402 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Tim Perry <pimterry@gmail.com>
Python v3.14 -- October 7th * https://www.python.org/download/pre-releases * https://www.python.org/downloads/release/python-3140rc3 PR-URL: #59983 Backport-PR-URL: #61370 Co-authored-by: Mike McCready <66998419+MikeMcC399@users.noreply.github.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Stefan Stojanovic <stefan.stojanovic@janeasystems.com> Reviewed-By: Stewart X Addison <sxa@redhat.com> Refs: #60874
PR-URL: #61605 Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #61731 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #58188 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
PR-URL: #58599 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Priority signaling was deprecated in RFC 9113(not 1993). Refs: #58313 PR-URL: #58753 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
PR-URL: #58933 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Corrects the misspelling of "optimial" to "optimal". PR-URL: #59123 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
PR-URL: #59164 Refs: https://developer.mozilla.org/en-US/docs/Web/API/URL/parse_static#return_value Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Corrects the misspelling of "unmask" to "umask" PR-URL: #59180 Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Add missing preposition "by" to clarify how to change the global dispatcher. PR-URL: #59344 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #59354 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: theanarkh <theratliter@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
`test-esm-loader-hooks-inspect-wait` is occasionally crashing on more platforms than Linux. Mark the test as flaky on those platforms as well. PR-URL: #56803 Refs: #54346 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #56799 Refs: #56794 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
When the spawned child process gets closed with a signal, the exit code is not set and that is why the exit code assertion was failing. This change adjusts the test to check the signal and if it is truthy, it doesn't assert the exit code and instead logs the signal and continues the rest of the assertions. Refs: #58463 (comment) Refs: #58199 Refs: #58463 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #58478 Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
The test was flaky because the histogram sampling might not have completed before the assertions ran. By using setImmediate before disabling the histogram and checking values, we give the event loop a chance to record final samples on slower systems. Also added an explicit check for histogram.count > 0 to provide a clearer error message if no samples are recorded. Refs: nodejs/reliability#1450 PR-URL: #61629 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
PR-URL: #60565 Refs: #60494 Refs: https://github.com/nodejs/reliability/blob/main/reports/2025-11-03.md Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: Stewart X Addison <sxa@ibm.com> PR-URL: #60995 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Original commit message:
[riscv] Fix sp handling in MacroAssembler::LeaveFrame
Keep sp <= fp to ensure that data right above fp doesn't get clobbered
by an inopportune signal and its handler.
Such clobbering can happen in e.g. Node.js when JIT-compiled code is
interrupted by a SIGCHLD handler.
Bug: None
Change-Id: Ief0836032ada7942e89f081f7605f61632c4d414
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7540554
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu (LuYahan) <yahan@iscas.ac.cn>
Reviewed-by: Rezvan Mahdavi Hezaveh <rezvan@chromium.org>
Cr-Commit-Position: refs/heads/main@{#105069}
Refs: v8/v8@6a0a25a
Co-authored-by: kxxt <rsworktech@outlook.com>
PR-URL: #61687
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
PR-URL: #61830 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com>
marco-ippolito
force-pushed
the
v20.20.1-proposal
branch
from
86330d6 to
431329f
Compare
Collaborator
Collaborator
Collaborator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Notable Changes
91a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741Commits
6f580d5399] - assert: fix deepEqual always return true on URL (Xuguang Mei) #5085391a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983cc4f7af6f3] - build: skip sscache action on non-main branches (Joyee Cheung) #61790f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741fa88cc07e2] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #60662bf2415ea1e] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #61830fc56c1a2cb] - deps: V8: backport 6a0a25abaed3 (Vivian Wang) #616870a6f543c86] - deps: update googletest to 5a9c3f9e8d9b90bbbe8feb32902146cb8f7c1757 (Node.js GitHub Bot) #6173160d535cb40] - deps: update googletest to 56efe3983185e3f37e43415d1afa97e3860f187f (Node.js GitHub Bot) #61605fb50a77d4a] - deps: update googletest to 85087857ad10bd407cd6ed2f52f7ea9752db621f (Node.js GitHub Bot) #61417ddb36883c1] - deps: update icu to 78.2 (Node.js GitHub Bot) #605235cc0b3f9c8] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #6192834d4427473] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #619258249f96c40] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #61827a0476a2576] - deps: brotli: cherry-pick e230f474b87 (liujiahui) #61003feed278cd6] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #61135ab6d450dbe] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #61271fe2e48d7eb] - deps: update timezone to 2025c (Node.js GitHub Bot) #6113845f289a530] - deps: update googletest to 065127f1e4b46c5f14fc73cf8d323c221f9dc68e (Node.js GitHub Bot) #610559377812dd0] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #60898ad30baaa59] - deps: update brotli to 1.2.0 (Node.js GitHub Bot) #6054009259532ef] - deps: update googletest to 1b96fa13f549387b7549cc89e1a785cf143a1a50 (Node.js GitHub Bot) #60739aa8bdb6886] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #60646cc849fde27] - deps: update googletest to 279f847 (Node.js GitHub Bot) #60219a99ba553a2] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #599556349a79f5f] - deps: update googletest to 7e17b15 (Node.js GitHub Bot) #591318ba759f1a0] - deps: update googletest to 35b75a2 (Node.js GitHub Bot) #58710927d906850] - deps: update googletest to e9092b1 (Node.js GitHub Bot) #58565bf8919f5c2] - deps: update googletest to 0bdccf4 (Node.js GitHub Bot) #57380ae6231dac0] - deps: update googletest to e235eb3 (Node.js GitHub Bot) #568730561c62e85] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #61732f0ef221b0d] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #6054315bd0da404] - deps: update archs files for openssl (Antoine du Hamel) #6191204d439323f] - deps: upgrade openssl sources to openssl-3.0.19 (Antoine du Hamel) #619122ea16d3bd6] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #61510622f973d1c] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #608422cd265d8b9] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #6064365e839687b] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #605502dc99d2771] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #61453d33e2f6daa] - doc: fix typo in http.md (Michael Solomon) #59354e3eaab6824] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #593445f60840534] - doc: fix typo intest/common/README.md(Yoo) #5918000362e417f] - doc: fix broken sentence inURL.parse(Superchupu) #591644c795ba114] - doc: fix typo in writing-test.md (SeokHun) #5912388a6cf2945] - doc: fixfetchsubsections inglobals.md(Antoine du Hamel) #58933e9d1d92c2f] - doc: fix wrong RFC number in http2 (Deokjin Kim) #587532424f53796] - doc: punctuation fix for Node-API versioning clarification (Jiacai Liu) #58599f549588dec] - doc: fix typo of filehttp.md,outgoingMessage.setTimeoutsection (yusheng chen) #58188b3d6683e7b] - doc: support toolchain with Visual Studio 2019 & 2022 only (Mike McCready) #614508fdde5d110] - doc: fix v20 changelog after security release (Marco Ippolito) #613716a44459dd8] - http: fix keep-alive not timing out after post-request empty line (Shima Ryuhei) #581785ec7d1eba0] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #614025c091d5a96] - meta: persist sccache daemon until end of build workflows (René) #61639183353aba0] - path,win: fix bug in resolve and normalize (Hüseyin Açacak) #55623dbe9e5091b] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #61948443168311e] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #60995722793f2d2] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #60565929f7dccac] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #61629a00cd9dfc8] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #59158718c6ff067] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #5847829ed1f91b1] - test: marktest-http2-debugas flaky on LinuxONE (Richard Lau) #5849433c20dc5b7] - test: settest-fs-cpas flaky (Stefan Stojanovic) #56799e86bdaefd6] - test: marktest-esm-loader-hooks-inspect-waitflaky (Richard Lau) #568036320cd0721] - test: skip strace test with shared openssl (Richard Lau) #6198711deb1ddea] - tools: make nodedownload module compatible with Python 3.14 (Lumír 'Frenzy' Balhar) #587526cf9b5786e] - tools: enforce removal oflts-watch-*labels on release proposals (Antoine du Hamel) #61672cd4161499c] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #616636dc2a99a0d] - tools: validate release commit diff as part oflint-release-proposal(Antoine du Hamel) #614405014f22332] - tools: add read permission to workflows that read contents (Antoine du Hamel) #582556c3ad2a5a3] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #619031abada9c34] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #61899f260e40127] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #6175964beca5e01] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61734