chore(deps): update node.js#210
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/node-24.x
branch
from
108c11e to
66143f5
Compare
renovate
Bot
changed the title
robbeverhelst
added a commit
that referenced
this pull request
Jun 13, 2026
* fix(deps): bundle renovate dependency updates Combines all open Renovate update PRs into a single change and refreshes generated clients so a new tsarr release is published on merge. - @biomejs/biome 2.4.15 -> 2.4.16 (+ biome.json schema) (#211) - Node.js 24.15.0 -> 24.16.0 (.nvmrc, .node-version, engines, workflows) (#210) - @hey-api/openapi-ts ^0.97.1 -> ^0.98.2, regenerated clients (#195) - @types/bun ^1.3.13 -> ^1.3.14 (#199) - bun runtime 1.3.13 -> 1.3.14 in CI workflows (#196) - lock file maintenance, configVersion 0 -> 1 (#206) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(deps): update semantic-release to ^25.0.5 Folds in Renovate #214 alongside the rest of the bundled updates. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(deps): update biome to v2.5.0 Renovate bumped #211 from 2.4.16 to 2.5.0. Bump the dependency and the biome.json $schema, and exclude static SVG logo assets from linting since 2.5.0's new noSvgWithoutTitle a11y rule flags them. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Owner
|
Superseded by #213, which bundled this update and merged to main. Closing to keep the queue clean. |
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/node-24.x
branch
2 times, most recently
from
66143f5 to
24f7599
Compare
renovate
Bot
force-pushed
the
renovate/node-24.x
branch
from
24f7599 to
fd9ea2f
Compare
renovate
Bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
24.16.0→24.17.024.16.0→24.17.0>=24.16.0→>=24.17.0Release Notes
nodejs/node (node)
v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @aduh95Compare Source
This is a security release.
Notable Changes
Commits
9e4dfc7bba] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878cb2aed980c] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890a8a0d12875] - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 (Tim Perry) #6289166e6203c1c] - (SEMVER-MAJOR) deps: update nghttp2 to 1.69.0 (Node.js GitHub Bot) #62891dd627ced27] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #63820684bae568f] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #638203a631e7f83] - deps: fix aix implicit declaration in OpenSSL (Abdirahim Musse) #62656cf44df3996] - deps: update undici to 7.28.0 (Node.js GitHub Bot) #63703138c70294b] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868be7e719c3f] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846cc7c11b4d1] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#8559224427b92] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867cf85d54839] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873a1bbc24f96] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870e3723ff2d6] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854a77af4867b] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#85431beb4f707] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#8578e75c73f91] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869actions/node-versions (node)
v24.17.0: 24.17.0Compare Source
Node.js 24.17.0
Configuration
📅 Schedule: (in timezone Europe/Brussels)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.