Update Node.js to v24 - abandoned

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
node	major	22-alpine → 24-alpine

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

nodejs/node (node)

v24.13.0: 2026-01-13, Version 24.13.0 'Krypton' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
  lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
  src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
  src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
  tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

Commits

• [2092785d01] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #​60997
• [3e58b7f2af] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #​61283
• [4ba536a5a6] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [89adaa21fd] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
• [7302b4dae1] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [ac030753c4] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [20075692fe] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [20591b0618] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

v24.12.0: 2025-12-10, Version 24.12.0 'Krypton' (LTS), @​targos

Compare Source

Notable Changes

• [1a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #​59778
• [ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #​59982
• [8987159234] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #​60600
• [92c484ebf4] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #​59953
• [b11bc5984e] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #​60217
• [e7da5b4b7d] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #​60178
• [a7f7d10c06] - (SEMVER-MINOR) src: add an option to make compile cache portable (Aditi) #​58797
• [92ea669240] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #​59711
• [05d7509bd2] - (SEMVER-MINOR) v8: add cpu profile (theanarkh) #​59807

Commits

• [e4a23a35ac] - benchmark: focus on import.meta intialization in import-meta benchmark (Joyee Cheung) #​60603
• [b6114ae5c9] - benchmark: add per-suite setup option (Joyee Cheung) #​60574
• [ac8e90af7c] - buffer: speed up concat via TypedArray#set (Gürgün Dayıoğlu) #​60399
• [acbc8ca13e] - build: upgrade Python linter ruff, add rules ASYNC,PERF (Christian Clauss) #​59984
• [f97a609a07] - console: optimize single-string logging (Gürgün Dayıoğlu) #​60422
• [6cd9bdc580] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #​60662
• [0fafe24d9b] - crypto: fix argument validation in crypto.timingSafeEqual fast path (Joyee Cheung) #​60538
• [54421e0419] - debugger: fix event listener leak in the run command (Joyee Cheung) #​60464
• [c361a628b4] - deps: V8: cherry-pick 72b0e27 (pthier) #​60732
• [c70f4588dd] - deps: V8: cherry-pick 6bb32bd (Erik Corry) #​60732
• [881fe784c5] - deps: V8: cherry-pick 0dd2318 (Erik Corry) #​60732
• [457c33efcc] - deps: V8: cherry-pick df20105 (Erik Corry) #​60732
• [0bf45a829c] - deps: V8: backport e5dbbba (Darshan Sen) #​60524
• [4993bdc476] - deps: V8: cherry-pick 5ba9200 (Juan José Arboleda) #​60620
• [1e9abe0078] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #​60842
• [3f704ed08f] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #​60643
• [04e360fdb1] - deps: V8: cherry-pick 06bf293, 146962d and e0fb10b (Michaël Zasso) #​60713
• [fcbd8dbbde] - deps: patch V8 to 13.6.233.17 (Michaël Zasso) #​60712
• [28e9433f39] - deps: V8: cherry-pick 8735658 (Joyee Cheung) #​60069
• [3cac85b243] - deps: V8: backport 2e4c5cf (Michaël Zasso) #​60654
• [1daece1970] - deps: call OPENSSL_free after ANS1_STRING_to_UTF8 (Rafael Gonzaga) #​60609
• [5f55a9c9ea] - deps: nghttp2: revert 7784fa9 (Antoine du Hamel) #​59790
• [1d9e7c1f4d] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #​59790
• [3140415068] - deps: update simdjson to 4.1.0 (Node.js GitHub Bot) #​60542
• [d911f9f1b8] - deps: update amaro to 1.1.5 (Node.js GitHub Bot) #​60541
• [daaaf04a32] - deps: V8: cherry-pick 2abc613 (Richard Lau) #​60177
• [b4f63ee5f8] - doc: update Collaborators list to reflect hybrist handle change (Antoine du Hamel) #​60650
• [effcf7a8ab] - doc: fix link in --env-file=file section (N. Bighetti) #​60563
• [7011736703] - doc: fix linter issues (Antoine du Hamel) #​60636
• [5cc79d8945] - doc: add missing history entry for sqlite.md (Antoine du Hamel) #​60607
• [bbc649057c] - doc: correct values/references for buffer.kMaxLength (René) #​60305
• [ea7ecb517b] - doc: recommend events.once to manage 'close' event (Dan Fabulich) #​60017
• [58bff04cc2] - doc: highlight module loading difference between import and require (Ajay A) #​59815
• [bbcbff9b4d] - doc: add CJS code snippets in sqlite.md (Allon Murienik) #​60395
• [f8af33d5a7] - doc: fix typo in process.unref documentation (우혁) #​59698
• [df105dc351] - doc: add some entries to glossary.md (Mohataseem Khan) #​59277
• [4955cb2b5b] - doc: improve agent.createConnection docs for http and https agents (JaeHo Jang) #​58205
• [6283bb5cc9] - doc: fix pseudo code in modules.md (chirsz) #​57677
• [d5059ea537] - doc: add missing variable in code snippet (Koushil Mankali) #​55478
• [900de373ae] - doc: add missing word in single-executable-applications.md (Konstantin Tsabolov) #​53864
• [5735044c8b] - doc: fix typo in http.md (Michael Solomon) #​59354
• [2dee6df831] - doc: update devcontainer.json and add documentation (Joyee Cheung) #​60472
• [8f2d98d7d2] - doc: add haramj as triager (Haram Jeong) #​60348
• [bbd7fdfff4] - doc: clarify require(esm) description (dynst) #​60520
• [33ad11a764] - doc: instantiate resolver object (Donghoon Nam) #​60476
• [81a61274f3] - doc: correct module loading descriptions (Joyee Cheung) #​60346
• [77911185fe] - doc: clarify --use-system-ca support status (Joyee Cheung) #​60340
• [185f6e95d9] - doc,crypto: link keygen to supported types (Filip Skokan) #​60585
• [772d6c6608] - doc,src,lib: clarify experimental status of Web Storage support (Antoine du Hamel) #​60708
• [ad98e11ac2] - esm: use sync loading/resolving on non-loader-hook thread (Joyee Cheung) #​60380
• [1a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #​59778
• [5703ce68bc] - http: replace startsWith with strict equality (btea) #​59394
• [2b696ffad8] - http2: add diagnostics channels for client stream request body (Darshan Sen) #​60480
• [dbdf4cb5a5] - inspector: inspect HTTP response body (Chengzhong Wu) #​60572
• [9dc9a7d33d] - inspector: support inspecting HTTP/2 request and response bodies (Darshan Sen) #​60483
• [89fa2befe4] - inspector: fix crash when receiving non json message (Shima Ryuhei) #​60388
• [ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #​59982
• [33baaf42c8] - lib: replace global SharedArrayBuffer constructor with bound method (Renegade334) #​60497
• [b047586a08] - meta: bump actions/download-artifact from 5.0.0 to 6.0.0 (dependabot[bot]) #​60532
• [64192176d7] - meta: bump actions/upload-artifact from 4.6.2 to 5.0.0 (dependabot[bot]) #​60531
• [af6d4a6b9b] - meta: bump github/codeql-action from 3.30.5 to 4.31.2 (dependabot[bot]) #​60533
• [c17276fd24] - meta: bump actions/setup-node from 5.0.0 to 6.0.0 (dependabot[bot]) #​60529
• [6e8b52a7dc] - meta: bump actions/stale from 10.0.0 to 10.1.0 (dependabot[bot]) #​60528
• [a12658595b] - meta: call create-release-post.yml post release (Aviv Keller) #​60366
• [8987159234] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #​60600
• [36da413663] - module: fix directory option in the enableCompileCache() API (Joyee Cheung) #​59931
• [92c484ebf4] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #​59953
• [545162b0d4] - node-api: use local files for instanceof test (Vladimir Morozov) #​60190
• [526c011d89] - perf_hooks: fix stack overflow error (Antoine du Hamel) #​60084
• [1de0476939] - perf_hooks: move non-standard performance properties to perf_hooks (Chengzhong Wu) #​60370
• [07ec1239ef] - repl: fix pasting after moving the cursor to the left (Ruben Bridgewater) #​60470
• [b11bc5984e] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #​60217
• [273c9661fd] - sqlite,doc: fix StatementSync section (Edy Silva) #​60474
• [d92ec21a4c] - src: use CP_UTF8 for wide file names on win32 (Fedor Indutny) #​60575
• [baef0468ed] - src: move Node-API version detection to where it is used (Anna Henningsen) #​60512
• [e7da5b4b7d] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #​60178
• [a7f7d10c06] - (SEMVER-MINOR) src: add an option to make compile cache portable (Aditi) #​58797
• [566add0b19] - src: avoid C strings in more C++ exception throws (Anna Henningsen) #​60592
• [9b796347c1] - src: add internal binding for constructing SharedArrayBuffers (Renegade334) #​60497
• [3b01cbb411] - src: move napi_addon_register_func to node_api_types.h (Anna Henningsen) #​60512
• [02fb7f4ecb] - src: remove unconditional NAPI_EXPERIMENTAL in node.h (Chengzhong Wu) #​60345
• [bd09ae24e4] - src: clean up generic counter implementation (Anna Henningsen) #​60447
• [cd6bf51dbd] - src: add enum handle for ToStringHelper + formatting (Burkov Egor) #​56829
• [92ea669240] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #​59711
• [ac3dbe48f7] - stream: don't try to read more if reading (Robert Nagy) #​60454
• [790288a93b] - test: ensure assertions are reachable in test/internet (Antoine du Hamel) #​60513
• [0a85132989] - test: fix status when compiled without inspector (Antoine du Hamel) #​60289
• [2f57673172] - test: deflake test-perf-hooks-timerify-histogram-sync (Joyee Cheung) #​60639
• [09726269de] - test: apply a delay to watch-mode-kill-signal tests (Joyee Cheung) #​60610
• [45537b9562] - test: async iife in repl (Tony Gorez) #​44878
• [4ca81f101d] - test: parallelize sea tests when there's enough disk space (Joyee Cheung) #​60604
• [ea71e96191] - test: only show overridden env in child process failures (Joyee Cheung) #​60556
• [06b2e348c7] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60498
• [de9c8cb670] - test: ensure assertions are reachable in test/es-module (Antoine du Hamel) #​60501
• [75bc40fced] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60485
• [1a6084cfd3] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60500
• [2c651c90cf] - test: split test-perf-hooks-timerify (Joyee Cheung) #​60568
• [6e8b5f7345] - test: add more logs to test-esm-loader-hooks-inspect-wait (Joyee Cheung) #​60466
• [9dea7ffa30] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #​60565
• [0b3c3b710a] - test: split test-esm-wasm.js (Joyee Cheung) #​60491
• [a15b795b34] - test: correct conditional secure heap flags test (Shelley Vohr) #​60385
• [38b77b3a44] - test: fix flaky test-watch-mode-kill-signal-* (Joyee Cheung) #​60443
• [e8d7598057] - test: capture stack trace in debugger timeout errors (Joyee Cheung) #​60457
• [674befeb81] - test: ensure assertions are reachable in test/sequential (Antoine du Hamel) #​60412
• [952c08a735] - test: ensure assertions are reachable in more folders (Antoine du Hamel) #​60411
• [bbca57584b] - test: split test-runner-watch-mode (Joyee Cheung) #​60391
• [e78e0cf6e7] - test: move test-runner-watch-mode helper into common (Joyee Cheung) #​60391
• [84576ef021] - test: ensure assertions are reachable in test/addons (Antoine du Hamel) #​60142
• [1659078c11] - test: ignore EPIPE errors in https proxy invalid URL test (Joyee Cheung) #​60269
• [79ffee80ec] - test: ensure assertions are reachable in test/client-proxy (Antoine du Hamel) #​60175
• [e5a812243a] - test: ensure assertions are reachable in test/async-hooks (Antoine du Hamel) #​60150
• [e924fd72e3] - test,crypto: handle a few more BoringSSL tests (Shelley Vohr) #​59030
• [a55ac11611] - test,crypto: update x448 and ed448 expectation when on boringssl (Shelley Vohr) #​60387
• [55d5e9ec73] - tls: fix leak on invalid protocol method (Shelley Vohr) #​60427
• [5763c96e7c] - tools: replace invalid expression in dependabot config (Riddhi) #​60649
• [b6e21b47d7] - tools: skip unaffected GHA jobs for changes in test/internet (Antoine du Hamel) #​60517
• [999664c76d] - tools: do not use short hashes for deps versioning to avoid collision (Antoine du Hamel) #​60407
• [ada856d0fb] - tools: only add test reporter args when node:test is used (Joyee Cheung) #​60551
• [1812c56bb3] - tools: fix update-icu script (Michaël Zasso) #​60521
• [747040438a] - tools: fix linter for semver-major release proposals (Antoine du Hamel) #​60481
• [f170551e40] - tools: fix failing release-proposal linter for LTS transitions (Antoine du Hamel) #​60465
• [2db4ea0ce4] - tools: remove undici from daily wpt.fyi job (Filip Skokan) #​60444
• [2a85aa4e7b] - tools: add lint rule to ensure assertions are reached (Antoine du Hamel) #​60125
• [48299ef5fb] - tools,doc: update JavaScript primitive types to match MDN Web Docs (JustApple) #​60581
• [7ec04cf936] - util: fix stylize of special properties in inspect (Ge Gao) #​60479
• [05d7509bd2] - (SEMVER-MINOR) v8: add cpu profile (theanarkh) #​59807
• [884fe884a1] - vm: hint module identifier in instantiate errors (Chengzhong Wu) #​60199
• [a2caf19f70] - watch: fix interaction with multiple env files (Marco Ippolito) #​60605

v24.11.1: 2025-11-11, Version 24.11.1 'Krypton' (LTS), @​aduh95

Compare Source

Notable Changes

The known issue relating to Buffer.allocUnsafe incorrectly zero-filling buffers
has now been addressed and now returns uninitialized memory as documented in the
Buffer.allocUnsafe
documentation.

Commits

• [0a15ccf3f4] - benchmark: improve cpu.sh for safety and usability (Nam Yooseong) #​60162
• [a1c7d1dac9] - benchmark: add benchmark for leaf source text modules (Joyee Cheung) #​60205
• [99e2acf46b] - benchmark: add vm.SourceTextModule benchmark (Joyee Cheung) #​59396
• [c01c72b407] - benchmark: use non-deprecated WriteUtf8V2 method (Michaël Zasso) #​60173
• [a42dbd138e] - build: ibmi follow aix visibility (SRAVANI GUNDEPALLI) #​60360
• [5673a54a5d] - build: use call command when calling python configure (Jacob Nichols) #​60098
• [c67cb727cb] - build: build v8 with -fvisibility=hidden -fvisibility-inlines-hidden (Joyee Cheung) #​56290
• [b03f7b93b1] - build: remove V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE defs (Joyee Cheung) #​60296
• [2505568531] - build, src: fix include paths for vtune files (Rahul) #​59999
• [95330b036f] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #​59956
• [c221d892ef] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #​60550
• [bc00aa4c77] - deps: update simdjson to 4.0.7 (Node.js GitHub Bot) #​59883
• [d03b89ec53] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #​60314
• [b7882090de] - deps: update inspector_protocol to af7f5a8 (Node.js GitHub Bot) #​60312
• [7007f9dd65] - deps: update googletest to 279f847 (Node.js GitHub Bot) #​60219
• [a56aa9ffa8] - deps: upgrade npm to 11.6.2 (npm team) #​60168
• [0bf8952721] - doc: mention more codemods in deprecations.md (Augustin Mauroy) #​60243
• [2473ca77f6] - doc: add missing CAA type to dns.resolveAny() & dnsPromises.resolveAny() (Jimmy Leung) #​58899
• [39ddd8522e] - doc: use any for worker_threads.Worker 'error' event argument err (Jonas Geiler) #​60300
• [eaa825fd97] - doc: update decorator documentation to reflect actual policy (Muhammad Salman Aziz) #​60288
• [a744e42282] - doc: document wildcard supported by tools/test.py (Joyee Cheung) #​60265
• [ec0d5beb09] - doc: add --heap-snapshot-on-oom to useful v8 flag (jakecastelli) #​60260
• [13da0df12a] - doc: fix blob.bytes() heading level (XTY) #​60252
• [8e771632b7] - doc: fix not working code example in vm docs (Artur Gawlik) #​60224
• [70c2080bff] - doc: improve code snippet alternative of url.parse() using WHATWG URL (Steven) #​60209
• [beadcf176e] - doc: createSQLTagStore -> createTagStore (Aviv Keller) #​60182
• [b0da3b9c6a] - doc: use markdown when branch-diff major release (Rafael Gonzaga) #​60179
• [688115aa6b] - doc: update teams in collaborator-guide.md and add links (Bart Louwers) #​60065
• [923082a064] - doc: disambiguate top-level worker_threads module exports (René) #​59890
• [7be4330870] - doc: add known issue to v24.11.0 release notes (Richard Lau) #​60467
• [4d8f62aeaf] - doc, module: change async customization hooks to experimental (Gerhard Stöbich) #​60302
• [d86a118bbd] - http: lazy allocate cookies array (Robert Nagy) #​59734
• [8c256d4139] - http: fix http client leaky with double response (theanarkh) #​60062
• [265e9d59fa] - http2: rename variable to additionalPseudoHeaders (Tobias Nießen) #​60208
• [65bec037e2] - http2: do not crash on mismatched ping buffer length (René) #​60135
• [9b83ef53b7] - inspector: add network payload buffer size limits (Chengzhong Wu) #​60236
• [03ac05c458] - inspector: support handshake response for websocket inspection (Shima Ryuhei) #​60225
• [aa04f06190] - lib: fix typo in createBlobReaderStream (SeokHun) #​60132
• [5aea1a429e] - lib: fix constructor in _errnoException stack tree (SeokHun) #​60156
• [4f7745acc7] - lib: fix typo in QuicSessionStats (SeokHun) #​60155
• [f8725861ea] - lib: remove redundant destroyHook checks (Gürgün Dayıoğlu) #​60120
• [696c20bf3f] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​60325
• [90434ff99a] - meta: loop userland-migrations in deprecations (Chengzhong Wu) #​60299
• [ffbc0ae60a] - module: refactor and clarify async loader hook customizations (Joyee Cheung) #​60278
• [6ed6062f7d] - module: handle null source from async loader hooks in sync hooks (Joyee Cheung) #​59929
• [a2871baed2] - msi: fix WiX warnings (Stefan Stojanovic) #​60251
• [6199541d67] - src: fix timing of snapshot serialize callback (Joyee Cheung) #​60434
• [13b687959a] - src: add COUNT_GENERIC_USAGE utility for tests (Joyee Cheung) #​60434
• [a587623b4f] - src: conditionally disable source phase imports by default (Shelley Vohr) #​60364
• [e483267995] - src: use cached primordials_string (Sohyeon Kim) #​60255
• [4c9a64fbaf] - src: replace Environment::GetCurrent with args.GetIsolate (Sohyeon Kim) #​60256
• [eb8a0493d1] - src: initial enablement of IsolateGroups (James M Snell) #​60254
• [463c6450cf] - src: use Utf8Value and TwoByteValue instead of V8 helpers (Anna Henningsen) #​60244
• [b370e02789] - src: add a default branch for module phase (Chengzhong Wu) #​60261
• [4e1c5c5601] - src: make additional cleanups in node locks impl (James M Snell) #​60061
• [f00d4c10fc] - src: update locks to use DictionaryTemplate (James M Snell) #​60061
• [1c8716e97c] - test: increase debugger waitFor timeout on macOS (Chengzhong Wu) #​60367
• [17b4f38e9c] - test: put helper in test-runner-output into common (Joyee Cheung) #​60330
• [43b9ea8389] - test: fix small compile warning in test_network_requests_buffer.cc (xiaocainiao633) #​60281
• [38a62980ad] - test: split test-runner-watch-mode-kill-signal (Joyee Cheung) #​60298
• [34e4c8c84f] - test: fix incorrect calculation in test-perf-hooks.js (Joyee Cheung) #​60271
• [4481feb17b] - test: parallelize test-without-async-context-frame correctly (Joyee Cheung) #​60273
• [91ea9b06e0] - test: skip sea tests on x64 macOS (Joyee Cheung) #​60250
• [cedba09e60] - test: move sea tests into test/sea (Joyee Cheung) #​60250
• [635af55e12] - Revert "test: ensure message event fires in worker message port test" (Luigi Pinca) #​60126
• [68f678028e] - test: skip tests that cause timeouts on IBM i (SRAVANI GUNDEPALLI) #​60148
• [cc3a70598c] - test: deflake test-fs-promises-watch-iterator (Luigi Pinca) #​60060
• [3d784dd766] - test: prepare junit file attribute normalization (sangwook) #​59432
• [84974d97ad] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #​60419
• [fabf8e4975] - test,crypto: fix conditional SHA3-* skip on BoringSSL (Filip Skokan) #​60379
• [8faa494bf2] - test,crypto: sha3 algorithms aren't supported with BoringSSL (Shelley Vohr) #​60374
• [538a00c0f6] - test,doc: skip --max-old-space-size-percentage on 32-bit platforms (Asaf Federman) #​60144
• [9ac5dbb694] - test_runner: use module.registerHooks in module mocks (Joyee Cheung) #​60326
• [f6ff6e7166] - test_runner: fix suite timeout (Moshe Atlow) #​59853
• [455bfeb52d] - test_runner: add junit file attribute support (sangwook) #​59432
• [223c5e105d] - tools: update gyp-next to 0.20.5 (Node.js GitHub Bot) #​60313
• [2949408fc1] - tools: limit inspector protocol PR title length (Chengzhong Wu) #​60324
• [b36a898650] - tools: fix inspector_protocol updater (Chengzhong Wu) #​60277
• [d60f002b62] - tools: optimize wildcard execution in tools/test.py (Joyee Cheung) #​60266
• [9d4e422419] - tools: add inspector_protocol updater (Chengzhong Wu) #​60245
• [2f93a9894f] - tools: use cooldown property correctly (Rafael Gonzaga) #​60134
• [9468ade95d] - typings: add missing properties and method in Worker (Woohyun Sung) #​60257
• [f611ec0a9e] - typings: add missing properties in HTTPParser (Woohyun Sung) #​60257
• [301c1347a1] - typings: delete undefined property in ConfigBinding (Woohyun Sung) #​60257
• [80fdb3d39b] - typings: add buffer internalBinding typing (방진혁) #​60163
• [8cb3b77039] - util: use more defensive code when inspecting error objects (Antoine du Hamel) #​60139
• [748d4f6430] - util: mark special properties when inspecting them (Ruben Bridgewater) #​60131
• [6183a759d7] - vm: make vm.Module.evaluate() conditionally synchronous (Joyee Cheung) #​60205
• [4b8506628f] - win: upgrade Visual Studio workload from 2019 to 2022 (Jiawen Geng) #​60318

v24.11.0: 2025-10-28, Version 24.11.0 'Krypton' (LTS), @​richardlau

Compare Source

Notable Changes

This release marks the transition of Node.js 24.x into Long Term Support (LTS)
with the codename 'Krypton'. It will continue to receive updates through to
the end of April 2028.

Other than updating metadata, such as the process.release object, to reflect
that the release is LTS, no further changes from Node.js 24.10.0 are included.

v24.10.0: 2025-10-08, Version 24.10.0 (Current), @​RafaelGSS

Compare Source

Notable Changes

• [31bb476895] - (SEMVER-MINOR) console: allow per-stream inspectOptions option (Anna Henningsen) #​60082
• [3b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #​59980
• [18c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #​59928

Commits

• [e8cff3d51e] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #​59872
• [03294252ab] - benchmark: update count to n in permission startup (Bruno Rodrigues) #​59872
• [[3c8a609d9b](https://redirect.github.com/nodejs/node/comm

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.39%. Comparing base (f9ecdf7) to head (029259e).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2347      +/-   ##
==========================================
+ Coverage   65.33%   65.39%   +0.06%     
==========================================
  Files         403      403              
  Lines       39231    39231              
==========================================
+ Hits        25631    25656      +25     
+ Misses      11615    11590      -25     
  Partials     1985     1985              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[ChrisJBurns]

@eleftherias Thanks for the approval. We spoke with @dmjb on Slack and he mentioned reservations on merging this due to compatibility with other servers on older versions of Node. @danbarr mentioned using @JAORMX's Dockyard to test some compatibility but not sure what your thoughts are here and where it would fit in priorities. Node 22 isn't an active version of Node anymore but it is still in the maintenance window for bug fixes I believe. I'd like to avoid this being something we just forget about and stray too far behind but at the same time, I'm not sure where this fits with priorities?

[danbarr]

Pulling from the Slack thread; worth noting that npx doesn't compile the MCP server source. It downloads and executes the already-compiled binary package, so the compatibility range is dramatically wider than for example Python version bumps might be (where we've definitely seen issues).

I've personally seen MCP servers that are built upstream with Node 18 run just fine using npx under Node 24. MCP servers are typically not so complex that they'd be impacted by node-level runtime API breaking changes.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.