🚀 Advanced: crypto: remove Argon2 KDF derivation from its job setup by panva · Pull Request #62863 · nodejs/node · GitHub

panva · 2026-04-21T10:37:42Z

Fixes: #62861

cc @jasnell @ranisalt

https://ci.nodejs.org/view/Node.js%20benchmark/job/benchmark-node-micro-benchmarks/1832/

Sync ~2x throughput. Perfectly matches the fix. Near-uniform ~100% improvement across configurations.
Async: ~2-3x throughput. Benchmarks can now overlap work across threads instead of serializing on the Argon2Job constructor.

Fixes: nodejs#62861 Signed-off-by: Filip Skokan <panva.ip@gmail.com>

nodejs-github-bot · 2026-04-21T10:37:47Z

Review requested:

@nodejs/crypto

codecov · 2026-04-21T11:57:44Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.62%. Comparing base (53b8d3c) to head (c1c57ec).
⚠️ Report is 84 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #62863   +/-   ##
=======================================
  Coverage   89.62%   89.62%           
=======================================
  Files         706      706           
  Lines      219137   219125   -12     
  Branches    41981    41977    -4     
=======================================
- Hits       196404   196397    -7     
+ Misses      14614    14606    -8     
- Partials     8119     8122    +3

Files with missing lines	Coverage Δ
src/crypto/crypto_argon2.cc	`64.13% <ø> (+1.63%)`	⬆️
src/node_errors.h	`86.48% <ø> (ø)`

... and 25 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

tniessen · 2026-04-21T12:50:04Z

+// For each mode, measure the constructor and the derivation separately and
+// assert that the constructor is a small fraction of the derivation. Pre-fix
+// the constructor ran a full KDF, so ctorNs was comparable to runNs. Post-fix
+// the constructor does no KDF work and must be orders of magnitude faster.
+//
+// For async mode the derivation happens on the thread pool, so runNs is
+// measured from the start of run() until ondone fires.
+
+// Sync: run() derives on the main thread and returns when done.
+{
+  const ctorStart = process.hrtime.bigint();
+  const job = new Argon2Job(kCryptoJobSync, ...kdfArgs);
+  const ctorNs = process.hrtime.bigint() - ctorStart;
+  const runStart = process.hrtime.bigint();
+  const { 0: err } = job.run();
+  const runNs = process.hrtime.bigint() - runStart;
+  assert.strictEqual(err, undefined);
+  assert.ok(ctorNs * 10n < runNs);
+}
+
+// Async: run() dispatches to the thread pool; measure until ondone fires.
+{
+  const ctorStart = process.hrtime.bigint();
+  const job = new Argon2Job(kCryptoJobAsync, ...kdfArgs);
+  const ctorNs = process.hrtime.bigint() - ctorStart;
+  const runStart = process.hrtime.bigint();
+  job.ondone = common.mustSucceed(() => {
+    const runNs = process.hrtime.bigint() - runStart;
+    assert.ok(ctorNs * 10n < runNs);
+  });
+  job.run();
+}


This sort of test is bound to become flaky at some point since it relies on timing of CPU-bound operations, which is inherently unpredictable if the system is under load.

Would it be possible to instead configure the job with unreasonably large parameters such that, if the job were to be run, the test would crash or timeout? We can still measure how long the constructor call takes and fail the test if it takes more than, say, five seconds.

that's why it's in pummel, not parallel.

load would affect both equally

We can still measure how long the constructor call takes

That's bound to be even more flaky "under load" than a comparison that checks for "orders of magnitude" of difference (* 10n)

Would it be possible to instead configure the job with unreasonably large parameters such that, if the job were to be run, the test would crash or timeout?

I feel uneasy about intentionally introducing tests that time out instead of fail.

I'm ready to forego the test entirely if it indeed turns out to be flaky.

Just in case it was not clear, my suggestion would be to skip running the job altogether and instead to only call the constructor. In the absence of a bug, that should terminate almost instantaneously. If there is a bug that causes the Argon2 computation to be performed during job setup, only then would the test take a considerable amount of time, or perhaps even time out. Catching that unlikely case by allowing a very long duration for the constructor call (five seconds or perhaps even longer) sounds less likely to end up being flaky to me than a relative comparison of the time of the constructor call versus the job execution.

In any case, this is not a blocking suggestion, just my two cents :-)

I understood, but

Catching that unlikely case by allowing a very long duration for the constructor call (five seconds or perhaps even longer) sounds less likely to end up being flaky to me than a relative comparison of the time of the constructor call versus the job execution

Can we set a test file specific timeout?

In any case, this is not a blocking suggestion, just my two cents :-)

I very much appreciate your suggestions, i'm just trying to figure out how to apply them in practice.

My understanding is that without this patch, the constructor of Argon2Job will already execute the Argon2 hash function, and this test is supposed to ensure that it does not.

const ctorStart = process.hrtime.bigint(); const job = new Argon2Job(kCryptoJobSync, ...hugeKdfArgsThatWouldTakeForever); const ctorNs = process.hrtime.bigint() - ctorStart; assert.ok(ctorNs < 60_000_000_000n);

If hugeKdfArgsThatWouldTakeForever.passes is sufficiently large (e.g., the maximum permitted value), the test should fail (without your patch) on any realistic hardware, either because the constructor does terminate but takes longer than 60 seconds or, and this is more likely, the test is executed using the standard Node.js test framework and will be killed due to a timeout. With the patch in place, it should terminate immediately.

The config would have to actually be one "that takes forever", in which case only the nodejs test framework can kill it because these two will never run

const ctorNs = process.hrtime.bigint() - ctorStart; assert.ok(ctorNs < 60_000_000_000n);

And that's the part i'm uneasy about, relying on the test runner to timeout the test/kill the process rather than the test being self contained.

If the config was one that doesn't take forever and we tried to find a hard value that it musn't take longer then than we're looking at flakyness again.

One could add a worker thread that kills the process after a timeout, but personally, I think it is fair to rely on the test runner to kill the process in the unlikely case that this precise bug will ever resurface. If you feel uneasy about that, it is perfectly fine to leave the test as is.

ranisalt · 2026-04-21T18:24:04Z

-    THROW_ERR_CRYPTO_INVALID_ARGON2_PARAMS(env);
-    return Nothing<void>();
-  }
-


I particularly don't mind, but the other KDF functions are checking the params in AdditionalConfig and Argon2 now does not. Probably not relevant to the end user. Catching an execution error later on is not an issue as your new tests cover this. Would ✔️

nodejs-github-bot · 2026-04-25T08:14:17Z

CI: https://ci.nodejs.org/job/node-test-pull-request/72920/

nodejs-github-bot · 2026-04-25T09:00:31Z

Landed in ce21c87

panva · 2026-04-26T08:38:51Z

Adding more dont-land labels as I investigate some more potential bugs.

panva · 2026-04-26T08:46:27Z

Adding more dont-land labels as I investigate some more potential bugs.

unconfirmed

Fixes: #62861 Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #62863 Fixes: #62861 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>

Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#62863 Backport-PR-URL: nodejs#63173 Fixes: nodejs#62861 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>

Fixes: nodejs#62861 Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#62863 Fixes: nodejs#62861 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>

This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [node](https://github.com/nodejs/node) | stage | minor | `24.15.0-trixie` → `24.16.0-trixie` | `24.17.0-trixie` | --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v24.16.0`](https://github.com/nodejs/node/releases/tag/v24.16.0): 2026-05-21, Version 24.16.0 'Krypton' (LTS), @aduh95 [Compare Source](nodejs/node@v24.15.0...v24.16.0) ##### Notable Changes - \[[`b267f6bca3`](nodejs/node@b267f6bca3)] - **(SEMVER-MINOR)** **crypto**: implement `randomUUIDv7()` (nabeel378) [#62553](nodejs/node#62553) - \[[`ec2451b9cd`](nodejs/node@ec2451b9cd)] - **(SEMVER-MINOR)** **debugger**: add edit-free runtime expression probes to `node inspect` (Joyee Cheung) [#62713](nodejs/node#62713) - \[[`9705f628d9`](nodejs/node@9705f628d9)] - **(SEMVER-MINOR)** **fs**: add signal option to `fs.stat()` (Mert Can Altin) [#57775](nodejs/node#57775) - \[[`40ccfdecf9`](nodejs/node@40ccfdecf9)] - **(SEMVER-MINOR)** **fs**: expose `frsize` field in `statfs` (Jinho Jang) [#62277](nodejs/node#62277) - \[[`d7188af5c9`](nodejs/node@d7188af5c9)] - **(SEMVER-MINOR)** **http**: harden `ClientRequest` options merge (Matteo Collina) [#63082](nodejs/node#63082) - \[[`aa1d8a9afc`](nodejs/node@aa1d8a9afc)] - **(SEMVER-MINOR)** **http**: add `req.signal` to `IncomingMessage` (Akshat) [#62541](nodejs/node#62541) - \[[`6f37f7e240`](nodejs/node@6f37f7e240)] - **(SEMVER-MINOR)** **stream**: propagate destruction in `duplexPair` (Ahmed Elhor) [#61098](nodejs/node#61098) - \[[`d14029be7f`](nodejs/node@d14029be7f)] - **(SEMVER-MINOR)** **test\_runner**: support test order randomization (Pietro Marchini) [#61747](nodejs/node#61747) - \[[`d142c584cd`](nodejs/node@d142c584cd)] - **(SEMVER-MINOR)** **test\_runner**: align mock timeout api (sangwook) [#62820](nodejs/node#62820) - \[[`01a9552585`](nodejs/node@01a9552585)] - **(SEMVER-MINOR)** **test\_runner**: add mock-timers support for `AbortSignal.timeout` (DeveloperViraj) [#60751](nodejs/node#60751) - \[[`00705a459a`](nodejs/node@00705a459a)] - **(SEMVER-MINOR)** **util**: colorize text with hex colors (Guilherme Araújo) [#61556](nodejs/node#61556) ##### Commits - \[[`dd72df060d`](nodejs/node@dd72df060d)] - **assert,util**: fix stale nested cycle memo entries (Ruben Bridgewater) [#62509](nodejs/node#62509) - \[[`add94f4bc3`](nodejs/node@add94f4bc3)] - **build**: track PDL files as inputs in inspector GN build (Robo) [#62888](nodejs/node#62888) - \[[`1b1eb9e334`](nodejs/node@1b1eb9e334)] - **build**: remove redundant -fuse-linker-plugin from GCC LTO flags (Daniel Lando) [#62667](nodejs/node#62667) - \[[`8752b604ec`](nodejs/node@8752b604ec)] - **crypto**: deduplicate and canonicalize CryptoKey usages (Filip Skokan) [#62902](nodejs/node#62902) - \[[`341947e7fd`](nodejs/node@341947e7fd)] - **crypto**: reject unintended raw key format string input (Filip Skokan) [#62974](nodejs/node#62974) - \[[`28a78747fc`](nodejs/node@28a78747fc)] - **crypto**: remove Argon2 KDF derivation from its job setup (Filip Skokan) [#62863](nodejs/node#62863) - \[[`16e8c2b54d`](nodejs/node@16e8c2b54d)] - **crypto**: fix unsigned conversion of 4-byte RSA publicExponent (DeepView Autofix) [#62839](nodejs/node#62839) - \[[`eeae754a87`](nodejs/node@eeae754a87)] - **crypto**: reject inherited key type names (Jonathan Lopes) [#62875](nodejs/node#62875) - \[[`9dd5540325`](nodejs/node@9dd5540325)] - **crypto**: add memory tracking for secureContext openssl objects (Mert Can Altin) [#59051](nodejs/node#59051) - \[[`b267f6bca3`](nodejs/node@b267f6bca3)] - **(SEMVER-MINOR)** **crypto**: implement randomUUIDv7() (nabeel378) [#62553](nodejs/node#62553) - \[[`7597d204c1`](nodejs/node@7597d204c1)] - **crypto**: add support for [`Ed25519`](nodejs/node@Ed25519) context parameter (Filip Skokan) [#62474](nodejs/node#62474) - \[[`4bf85845da`](nodejs/node@4bf85845da)] - **debugger**: move ProbeInspectorSession and helpers to separate files (Joyee Cheung) [#63013](nodejs/node#63013) - \[[`ec2451b9cd`](nodejs/node@ec2451b9cd)] - **(SEMVER-MINOR)** **debugger**: add edit-free runtime expression probes to `node inspect` (Joyee Cheung) [#62713](nodejs/node#62713) - \[[`83e98f77b7`](nodejs/node@83e98f77b7)] - **deps**: update corepack to 0.35.0 (Node.js GitHub Bot) [#63375](nodejs/node#63375) - \[[`ec8c6b939a`](nodejs/node@ec8c6b939a)] - **deps**: V8: cherry-pick [`657d8de`](nodejs/node@657d8de27427) (Guy Bedford) [#62784](nodejs/node#62784) - \[[`722c0c3274`](nodejs/node@722c0c3274)] - **deps**: update nghttp3 to 1.14.0 (Node.js GitHub Bot) [#61187](nodejs/node#61187) - \[[`5304db93d3`](nodejs/node@5304db93d3)] - **deps**: update nghttp3 to 1.13.1 (Node.js GitHub Bot) [#60046](nodejs/node#60046) - \[[`e073b3811d`](nodejs/node@e073b3811d)] - **deps**: update nghttp3 to 1.11.0 (James M Snell) [#59249](nodejs/node#59249) - \[[`1d00313fb2`](nodejs/node@1d00313fb2)] - **deps**: update ngtcp2 to 1.14.0 (James M Snell) [#59249](nodejs/node#59249) - \[[`8b3a4fc18f`](nodejs/node@8b3a4fc18f)] - **deps**: update amaro to 1.1.9 (Node.js GitHub Bot) [#63090](nodejs/node#63090) - \[[`62fe0cfcd1`](nodejs/node@62fe0cfcd1)] - **deps**: update llhttp to 9.4.1 (Node.js GitHub Bot) [#63045](nodejs/node#63045) - \[[`137e09c8e9`](nodejs/node@137e09c8e9)] - **deps**: update corepack to 0.34.7 (Node.js GitHub Bot) [#62810](nodejs/node#62810) - \[[`14a4cb8fbc`](nodejs/node@14a4cb8fbc)] - **deps**: update timezone to 2026b (Node.js GitHub Bot) [#62962](nodejs/node#62962) - \[[`3e1036583a`](nodejs/node@3e1036583a)] - **deps**: upgrade npm to 11.13.0 (npm team) [#62898](nodejs/node#62898) - \[[`01dfe5961c`](nodejs/node@01dfe5961c)] - **deps**: cherry-pick [libuv/libuv@`439a54b`](libuv/libuv@439a54b) (skooch) [#62881](nodejs/node#62881) - \[[`6cd368b10c`](nodejs/node@6cd368b10c)] - **deps**: update sqlite to 3.53.0 (Node.js GitHub Bot) [#62699](nodejs/node#62699) - \[[`f218a4f553`](nodejs/node@f218a4f553)] - **deps**: update nbytes to 0.1.4 (Node.js GitHub Bot) [#62698](nodejs/node#62698) - \[[`b47688524a`](nodejs/node@b47688524a)] - **deps**: update archs files for openssl-3.5.6 (Node.js GitHub Bot) [#62629](nodejs/node#62629) - \[[`d202e2d343`](nodejs/node@d202e2d343)] - **deps**: upgrade openssl sources to openssl-3.5.6 (Node.js GitHub Bot) [#62629](nodejs/node#62629) - \[[`2faba66341`](nodejs/node@2faba66341)] - **deps**: update minimatch to 10.2.5 (Node.js GitHub Bot) [#62594](nodejs/node#62594) - \[[`fa46c90c5d`](nodejs/node@fa46c90c5d)] - **deps**: update googletest to [`d72f9c8`](nodejs/node@d72f9c8) (Node.js GitHub Bot) [#62593](nodejs/node#62593) - \[[`099ded5713`](nodejs/node@099ded5713)] - **deps**: update simdjson to 4.6.1 (Node.js GitHub Bot) [#62592](nodejs/node#62592) - \[[`7ce95afe96`](nodejs/node@7ce95afe96)] - **deps**: libuv: cherry-pick [`aabb765`](nodejs/node@aabb7651de) (Santiago Gimeno) [#62561](nodejs/node#62561) - \[[`57ef845623`](nodejs/node@57ef845623)] - **deps**: update icu to 78.3 (Node.js GitHub Bot) [#62324](nodejs/node#62324) - \[[`493ac40e12`](nodejs/node@493ac40e12)] - **deps**: update libuv to 1.52.1 (Node.js GitHub Bot) [#61829](nodejs/node#61829) - \[[`b39508b368`](nodejs/node@b39508b368)] - **deps**: update undici to 7.25.0 (Node.js GitHub Bot) [#63011](nodejs/node#63011) - \[[`cb67a925e9`](nodejs/node@cb67a925e9)] - **deps**: use npm undici\@seven tag in `update-undici.sh` (Matteo Collina) [#62739](nodejs/node#62739) - \[[`aa1e0bc28b`](nodejs/node@aa1e0bc28b)] - **doc**: fix typos and inconsistencies in crypto.md and webcrypto.md (Filip Skokan) [#62828](nodejs/node#62828) - \[[`f2a1735ed9`](nodejs/node@f2a1735ed9)] - **doc**: fix duplicate word "to to" in util.styleText (Daijiro Wachi) [#62917](nodejs/node#62917) - \[[`b6378e215c`](nodejs/node@b6378e215c)] - **doc**: fix node-config-schema (Сковорода Никита Андреевич) [#61596](nodejs/node#61596) - \[[`233894a9ce`](nodejs/node@233894a9ce)] - **doc**: fix the TypeScript Execute (tsx) project link (David Thornton) [#63093](nodejs/node#63093) - \[[`5d97919f8f`](nodejs/node@5d97919f8f)] - **doc**: correct diagnostics\_channel built-in channel names (Bryan English) [#62995](nodejs/node#62995) - \[[`2a9ccc927e`](nodejs/node@2a9ccc927e)] - **doc**: use mjs/cjs blocks for callbackify null reason example (Daijiro Wachi) [#62884](nodejs/node#62884) - \[[`ef413b5358`](nodejs/node@ef413b5358)] - **doc**: fix typo in test.md (Rich Trott) [#62960](nodejs/node#62960) - \[[`76f21c5070`](nodejs/node@76f21c5070)] - **doc**: correct typo in PR contribution instructions (Mike McCready) [#62738](nodejs/node#62738) - \[[`ca02af1f7d`](nodejs/node@ca02af1f7d)] - **doc**: fix duplicate word "of of" in postMessageToThread (Daijiro Wachi) [#62917](nodejs/node#62917) - \[[`46c99ed526`](nodejs/node@46c99ed526)] - **doc**: fix duplicate word "for for" in compile cache (Daijiro Wachi) [#62917](nodejs/node#62917) - \[[`1a60851734`](nodejs/node@1a60851734)] - **doc**: fix typo in dns.lookup options description (Daijiro Wachi) [#62882](nodejs/node#62882) - \[[`169b5ea2ed`](nodejs/node@169b5ea2ed)] - **doc**: fix Argon2 parameter bounds (Tobias Nießen) [#62868](nodejs/node#62868) - \[[`9a3a190f4e`](nodejs/node@9a3a190f4e)] - **doc**: clarify diffieHellman.generateKeys recomputes same key (Kit Dallege) [#62205](nodejs/node#62205) - \[[`0fba9e87d6`](nodejs/node@0fba9e87d6)] - **doc**: remove Ayase-252 and meixg from triagger team (Antoine du Hamel) [#62841](nodejs/node#62841) - \[[`9c700f3446`](nodejs/node@9c700f3446)] - **doc**: clarify dns.lookup() callback signature when all is true (eungi) [#62800](nodejs/node#62800) - \[[`6b7280bc17`](nodejs/node@6b7280bc17)] - **doc**: add experimental modules lifetime policy (Paolo Insogna) [#62753](nodejs/node#62753) - \[[`ce47ea31c9`](nodejs/node@ce47ea31c9)] - **doc**: clarify process.\_debugProcess() in Permission Model (Fahad Khan) [#62537](nodejs/node#62537) - \[[`ba01633757`](nodejs/node@ba01633757)] - **doc**: fix typo in devcontainer guide (Rohan Santhosh Kumar) [#62687](nodejs/node#62687) - \[[`70b4d5839b`](nodejs/node@70b4d5839b)] - **doc**: clarify Backport-PR-URL metadata added automatically (Mike McCready) [#62668](nodejs/node#62668) - \[[`8126d1c3eb`](nodejs/node@8126d1c3eb)] - **doc**: update WPT test runner README.md (Filip Skokan) [#62680](nodejs/node#62680) - \[[`978afea4b5`](nodejs/node@978afea4b5)] - **doc**: fix spelling in release announcement guidance (Rohan Santhosh Kumar) [#62663](nodejs/node#62663) - \[[`1684ab8ff8`](nodejs/node@1684ab8ff8)] - **doc**: note non-monotonic clock in crypto.randomUUIDv7 (nabeel378) [#62600](nodejs/node#62600) - \[[`86d4f07930`](nodejs/node@86d4f07930)] - **doc**: update bug bounty program (Rafael Gonzaga) [#62590](nodejs/node#62590) - \[[`736ed8a08f`](nodejs/node@736ed8a08f)] - **doc**: document TransformStream transformer.cancel option (Tom Pereira) [#62566](nodejs/node#62566) - \[[`938af9be01`](nodejs/node@938af9be01)] - **doc**: mention test runner retry attemp is zero based (Moshe Atlow) [#62504](nodejs/node#62504) - \[[`94433e450f`](nodejs/node@94433e450f)] - **doc,src,test**: fix dead inspector help URL (semimikoh) [#62745](nodejs/node#62745) - \[[`ddf1f01659`](nodejs/node@ddf1f01659)] - **esm**: add `ERR_REQUIRE_ESM_RACE_CONDITION` (Antoine du Hamel) [#62462](nodejs/node#62462) - \[[`4a506acd16`](nodejs/node@4a506acd16)] - **fs**: add followSymlinks option to glob (Matteo Collina) [#62695](nodejs/node#62695) - \[[`f4ea495f9b`](nodejs/node@f4ea495f9b)] - **fs**: restore fs patchability in ESM loader (Joyee Cheung) [#62835](nodejs/node#62835) - \[[`63c111cd60`](nodejs/node@63c111cd60)] - **fs**: validate position argument before length === 0 early return (Edy Silva) [#62674](nodejs/node#62674) - \[[`9705f628d9`](nodejs/node@9705f628d9)] - **(SEMVER-MINOR)** **fs**: add signal option to fs.stat() (Mert Can Altin) [#57775](nodejs/node#57775) - \[[`40ccfdecf9`](nodejs/node@40ccfdecf9)] - **(SEMVER-MINOR)** **fs**: expose frsize field in statfs (Jinho Jang) [#62277](nodejs/node#62277) - \[[`717476a24e`](nodejs/node@717476a24e)] - **http**: emit 'drain' on OutgoingMessage only after buffers drain (Robert Nagy) [#62936](nodejs/node#62936) - \[[`d7188af5c9`](nodejs/node@d7188af5c9)] - **(SEMVER-MINOR)** **http**: harden ClientRequest options merge (Matteo Collina) [#63082](nodejs/node#63082) - \[[`64f15c274a`](nodejs/node@64f15c274a)] - **http**: fix leaked error listener on sync HTTP req create + destroy (Tim Perry) [#62872](nodejs/node#62872) - \[[`5c4798d799`](nodejs/node@5c4798d799)] - **http**: fix no\_proxy leading-dot suffix matching (Daijiro Wachi) [#62333](nodejs/node#62333) - \[[`9f3bc70ae5`](nodejs/node@9f3bc70ae5)] - **http**: cleanup pipeline queue (Robert Nagy) [#62534](nodejs/node#62534) - \[[`aa1d8a9afc`](nodejs/node@aa1d8a9afc)] - **(SEMVER-MINOR)** **http**: add req.signal to IncomingMessage (Akshat) [#62541](nodejs/node#62541) - \[[`900dc758ff`](nodejs/node@900dc758ff)] - **http2**: expose writable stream state on compat response (T) [#63003](nodejs/node#63003) - \[[`b3bfe35912`](nodejs/node@b3bfe35912)] - **inspector**: coerce key and value to string in webstorage events (Ali Hassan) [#62616](nodejs/node#62616) - \[[`3dc3fb6ad8`](nodejs/node@3dc3fb6ad8)] - **inspector**: return errors when CDP protocol event emission fails (Ryuhei Shima) [#62162](nodejs/node#62162) - \[[`4f3f21bd7c`](nodejs/node@4f3f21bd7c)] - **inspector**: auto collect webstorage data (Ryuhei Shima) [#62145](nodejs/node#62145) - \[[`36cc04189d`](nodejs/node@36cc04189d)] - **inspector**: initial support storage inspection (Ryuhei Shima) [#61139](nodejs/node#61139) - \[[`1718bc3b9b`](nodejs/node@1718bc3b9b)] - **inspector**: fix absolute URLs in network http (bugyaluwang) [#62955](nodejs/node#62955) - \[[`97e32c7a74`](nodejs/node@97e32c7a74)] - **lib**: avoid quadratic shift() in startup snapshot callback (Daijiro Wachi) [#62914](nodejs/node#62914) - \[[`25d2e999de`](nodejs/node@25d2e999de)] - **lib**: harden kKeyOps lookup with null prototype (Filip Skokan) [#62877](nodejs/node#62877) - \[[`37d3913c8f`](nodejs/node@37d3913c8f)] - **lib**: short-circuit WebIDL BufferSource SAB check (Filip Skokan) [#62833](nodejs/node#62833) - \[[`430c69d25f`](nodejs/node@430c69d25f)] - **lib**: use js-only implementation of `isDataView()` (René) [#62780](nodejs/node#62780) - \[[`3ba0add6a0`](nodejs/node@3ba0add6a0)] - **lib**: fix lint in internal/webstreams/util.js (Filip Skokan) [#62806](nodejs/node#62806) - \[[`9b95c41398`](nodejs/node@9b95c41398)] - **lib**: fix sequence argument handling in Blob constructor (Ms2ger) [#62179](nodejs/node#62179) - \[[`314dacdbee`](nodejs/node@314dacdbee)] - **lib**: improve Web Cryptography key validation ordering (Filip Skokan) [#62749](nodejs/node#62749) - \[[`3d18162430`](nodejs/node@3d18162430)] - **lib**: reject SharedArrayBuffer in web APIs per spec (Ali Hassan) [#62632](nodejs/node#62632) - \[[`ada3ce879d`](nodejs/node@ada3ce879d)] - **lib**: defer AbortSignal.any() following (sangwook) [#62367](nodejs/node#62367) - \[[`b2981ec7eb`](nodejs/node@b2981ec7eb)] - **meta**: bump actions/download-artifact from 8.0.0 to 8.0.1 (dependabot\[bot]) [#62549](nodejs/node#62549) - \[[`7cd20667b5`](nodejs/node@7cd20667b5)] - **meta**: bump github/codeql-action from 4.35.1 to 4.35.3 (dependabot\[bot]) [#63074](nodejs/node#63074) - \[[`91a07cfe9f`](nodejs/node@91a07cfe9f)] - **meta**: bump Mozilla-Actions/sccache-action from 0.0.9 to 0.0.10 (dependabot\[bot]) [#63073](nodejs/node#63073) - \[[`09e17fe47c`](nodejs/node@09e17fe47c)] - **meta**: add automation policy (Chengzhong Wu) [#62871](nodejs/node#62871) - \[[`59e7fb7986`](nodejs/node@59e7fb7986)] - **meta**: move VoltrexKeyva to emeritus (Matteo Collina) [#62895](nodejs/node#62895) - \[[`1e2915cfa6`](nodejs/node@1e2915cfa6)] - **meta**: bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (dependabot\[bot]) [#62845](nodejs/node#62845) - \[[`0253c6e2be`](nodejs/node@0253c6e2be)] - **meta**: bump step-security/harden-runner from 2.16.1 to 2.19.0 (dependabot\[bot]) [#62844](nodejs/node#62844) - \[[`f503675b86`](nodejs/node@f503675b86)] - **meta**: bump actions/setup-node from 6.3.0 to 6.4.0 (dependabot\[bot]) [#62842](nodejs/node#62842) - \[[`5e14e4d26e`](nodejs/node@5e14e4d26e)] - **meta**: broaden stale bot (Aviv Keller) [#62658](nodejs/node#62658) - \[[`795db76f87`](nodejs/node@795db76f87)] - **meta**: pass release version to release worker (flakey5) [#62777](nodejs/node#62777) - \[[`ef384fe39f`](nodejs/node@ef384fe39f)] - **meta**: add QUIC to CODEOWNERS (Tim Perry) [#62652](nodejs/node#62652) - \[[`67e0ac568d`](nodejs/node@67e0ac568d)] - **meta**: move Michael to emeritus (Michael Dawson) [#62536](nodejs/node#62536) - \[[`5dad616393`](nodejs/node@5dad616393)] - **meta**: populate apt list for slim runner in update-openssl workflow (René) [#62628](nodejs/node#62628) - \[[`a869d25d8a`](nodejs/node@a869d25d8a)] - **meta**: bump step-security/harden-runner from 2.15.0 to 2.16.1 (dependabot\[bot]) [#62550](nodejs/node#62550) - \[[`769efc0403`](nodejs/node@769efc0403)] - **meta**: bump actions/setup-node from 6.2.0 to 6.3.0 (dependabot\[bot]) [#62548](nodejs/node#62548) - \[[`73fcc2b055`](nodejs/node@73fcc2b055)] - **meta**: bump github/codeql-action from 4.32.4 to 4.35.1 (dependabot\[bot]) [#62547](nodejs/node#62547) - \[[`6c001246fe`](nodejs/node@6c001246fe)] - **meta**: bump codecov/codecov-action from 5.5.2 to 6.0.0 (dependabot\[bot]) [#62545](nodejs/node#62545) - \[[`5ee40d6a03`](nodejs/node@5ee40d6a03)] - **meta**: bump actions/cache from 5.0.3 to 5.0.4 (dependabot\[bot]) [#62543](nodejs/node#62543) - \[[`ca16ad8a05`](nodejs/node@ca16ad8a05)] - **meta**: require DCO signoff in commit message guidelines (James M Snell) [#62510](nodejs/node#62510) - \[[`db9497fc41`](nodejs/node@db9497fc41)] - **meta**: expand memory leak DoS criteria to all DoS (Joyee Cheung) [#62505](nodejs/node#62505) - \[[`13b7d08b8d`](nodejs/node@13b7d08b8d)] - **module**: remove duplicated checks from `_resolveFilename` (Antoine du Hamel) [#62729](nodejs/node#62729) - \[[`6b53efb53a`](nodejs/node@6b53efb53a)] - **module,win**: fix long subpath import (Stefan Stojanovic) [#62101](nodejs/node#62101) - \[[`841dfbf6fc`](nodejs/node@841dfbf6fc)] - **node-api**: update libuv ABI stability note (Chengzhong Wu) [#62789](nodejs/node#62789) - \[[`01090f2aa1`](nodejs/node@01090f2aa1)] - **node-api**: add napi\_create\_external\_sharedarraybuffer (Ben Noordhuis) [#62623](nodejs/node#62623) - \[[`87443b4355`](nodejs/node@87443b4355)] - **node-api**: execute tsfn finalizer after queue drains when aborted (Kevin Eady) [#61956](nodejs/node#61956) - \[[`e95570c054`](nodejs/node@e95570c054)] - **process**: handle rejections only when needed (Gürgün Dayıoğlu) [#62919](nodejs/node#62919) - \[[`37d49f3219`](nodejs/node@37d49f3219)] - **process**: optimize asyncHandledRejections by using FixedQueue (Gürgün Dayıoğlu) [#60854](nodejs/node#60854) - \[[`f697c55e38`](nodejs/node@f697c55e38)] - **quic**: add QuicEndpoint.listening & QuicStream.destroy() and tests (Tim Perry) [#62648](nodejs/node#62648) - \[[`c128942b69`](nodejs/node@c128942b69)] - **quic**: fixup token verification to handle zero expiration (James M Snell) [#62620](nodejs/node#62620) - \[[`abb881ec92`](nodejs/node@abb881ec92)] - **quic**: support multiple ALPN negotiation (James M Snell) [#62620](nodejs/node#62620) - \[[`476926c2ad`](nodejs/node@476926c2ad)] - **quic**: apply multiple TLS context improvements and SNI support (James M Snell) [#62620](nodejs/node#62620) - \[[`76d9c24b95`](nodejs/node@76d9c24b95)] - **quic**: implement rapidhash for hashing improvements (James M Snell) [#62620](nodejs/node#62620) - \[[`08726cd43d`](nodejs/node@08726cd43d)] - **quic**: move quic behind compile time flag (Matteo Collina) [#61444](nodejs/node#61444) - \[[`ea4f19aaa7`](nodejs/node@ea4f19aaa7)] - **quic**: use arena allocation for packets (James M Snell) [#62589](nodejs/node#62589) - \[[`21e9239e2a`](nodejs/node@21e9239e2a)] - **quic**: fixup linting/formatting issues (James M Snell) [#62387](nodejs/node#62387) - \[[`edeed4303b`](nodejs/node@edeed4303b)] - **quic**: update http3 impl details (James M Snell) [#62387](nodejs/node#62387) - \[[`7f3a85e6aa`](nodejs/node@7f3a85e6aa)] - **quic**: fix a handful of bugs and missing functionality (James M Snell) [#62387](nodejs/node#62387) - \[[`45c1ebddf8`](nodejs/node@45c1ebddf8)] - **quic**: copy options.certs buffer instead of detaching (Chengzhong Wu) [#61403](nodejs/node#61403) - \[[`a31a8ee680`](nodejs/node@a31a8ee680)] - **quic**: reduce boilerplate and other minor cleanups (James M Snell) [#59342](nodejs/node#59342) - \[[`3be70ff43a`](nodejs/node@3be70ff43a)] - **quic**: multiple fixups and updates (James M Snell) [#59342](nodejs/node#59342) - \[[`b91a93444c`](nodejs/node@b91a93444c)] - **quic**: update more of the quic to the new compile guard (James M Snell) [#59342](nodejs/node#59342) - \[[`ca0080c164`](nodejs/node@ca0080c164)] - **quic**: few additional small comment edits in cid.h (James M Snell) [#59342](nodejs/node#59342) - \[[`6553202d83`](nodejs/node@6553202d83)] - **quic**: fixup NO\_ERROR macro conflict on windows (James M Snell) [#59381](nodejs/node#59381) - \[[`6df1508ac2`](nodejs/node@6df1508ac2)] - **quic**: fixup windows coverage compile error (James M Snell) [#59381](nodejs/node#59381) - \[[`b2b0bf8b04`](nodejs/node@b2b0bf8b04)] - **quic**: update the guard to check openssl version (James M Snell) [#59249](nodejs/node#59249) - \[[`5556b154bd`](nodejs/node@5556b154bd)] - **quic**: start re-enabling quic with openssl 3.5 (James M Snell) [#59249](nodejs/node#59249) - \[[`2ca42c8263`](nodejs/node@2ca42c8263)] - **repl**: keep reference count for `process.on('newListener')` (Anna Henningsen) [#61895](nodejs/node#61895) - \[[`2f37f9177f`](nodejs/node@2f37f9177f)] - **sqlite**: use OneByte for ASCII text and internalize col names (Ali Hassan) [#61954](nodejs/node#61954) - \[[`3c96ae1b2f`](nodejs/node@3c96ae1b2f)] - **sqlite**: add serialize() and deserialize() (Ali Hassan) [#62579](nodejs/node#62579) - \[[`be4d2f3a4c`](nodejs/node@be4d2f3a4c)] - **sqlite**: enable Percentile extension (Jurj Andrei George) [#61295](nodejs/node#61295) - \[[`dafed453b2`](nodejs/node@dafed453b2)] - **src**: clean up experimental flag variables (Antoine du Hamel) [#62759](nodejs/node#62759) - \[[`dca1e6aeea`](nodejs/node@dca1e6aeea)] - **src**: expose help texts into node-config-schema.json (Pietro Marchini) [#58680](nodejs/node#58680) - \[[`28c4f44eb1`](nodejs/node@28c4f44eb1)] - **src**: add permission support to config file (Marco Ippolito) [#60746](nodejs/node#60746) - \[[`f49175b220`](nodejs/node@f49175b220)] - **src**: fix small compile warning in quic/streams.cc (James M Snell) [#60118](nodejs/node#60118) - \[[`c9d4a446d8`](nodejs/node@c9d4a446d8)] - **src**: cleanup quic TransportParams class (James M Snell) [#59884](nodejs/node#59884) - \[[`99bb02fd9e`](nodejs/node@99bb02fd9e)] - **src**: swap dotenv and config file parsing order (Marco Ippolito) [#63035](nodejs/node#63035) - \[[`ecb4d49b7b`](nodejs/node@ecb4d49b7b)] - **src**: add missing \<cstdlib> for abort() declaration (Charles Kerr) [#63001](nodejs/node#63001) - \[[`b6219b6362`](nodejs/node@b6219b6362)] - **src**: fix crash in GetErrorSource() for invalid using syntax (semimikoh) [#62770](nodejs/node#62770) - \[[`b5ca5ad4c5`](nodejs/node@b5ca5ad4c5)] - **src**: simplify `TCPWrap::Connect` signature (Anna Henningsen) [#62929](nodejs/node#62929) - \[[`ef7ffce7cf`](nodejs/node@ef7ffce7cf)] - **src**: use DCHECK in AsyncWrap::MakeCallback instead emiting a warning (Gerhard Stöbich) [#62795](nodejs/node#62795) - \[[`cd9890a5ab`](nodejs/node@cd9890a5ab)] - **src**: fix MaybeStackBuffer char\_traits deprecation warning (om-ghante) [#62507](nodejs/node#62507) - \[[`c70ff44aee`](nodejs/node@c70ff44aee)] - **src**: use context-free V8 message column getters (René) [#62778](nodejs/node#62778) - \[[`06c405f1d7`](nodejs/node@06c405f1d7)] - **src**: coerce `spawnSync` args to string once (Antoine du Hamel) [#62633](nodejs/node#62633) - \[[`6151999ad6`](nodejs/node@6151999ad6)] - **src**: use stack allocation for small string encoding (Ali Hassan) [#62431](nodejs/node#62431) - \[[`a71a4ac7a3`](nodejs/node@a71a4ac7a3)] - **src**: add contextify interceptor debug logs (Chengzhong Wu) [#62460](nodejs/node#62460) - \[[`ad9a2909c2`](nodejs/node@ad9a2909c2)] - **src**: workaround AIX libc++ std::filesystem bug (Richard Lau) [#62788](nodejs/node#62788) - \[[`7792f1ae47`](nodejs/node@7792f1ae47)] - **stream**: copyedit `webstreams/adapter.js` (Antoine du Hamel) [#63034](nodejs/node#63034) - \[[`1397d8ce5c`](nodejs/node@1397d8ce5c)] - **stream**: remove duplicated utility (Antoine du Hamel) [#63031](nodejs/node#63031) - \[[`ff86b1d64f`](nodejs/node@ff86b1d64f)] - **stream**: simplify `setPromiseHandled` utility (Antoine du Hamel) [#63032](nodejs/node#63032) - \[[`24a078149a`](nodejs/node@24a078149a)] - **stream**: validate ReadableStream.from iterator objects (Daeyeon Jeong) [#62911](nodejs/node#62911) - \[[`cfb1fa9680`](nodejs/node@cfb1fa9680)] - **stream**: reject duplicate nested transferables (Daeyeon Jeong) [#62831](nodejs/node#62831) - \[[`d0c913758a`](nodejs/node@d0c913758a)] - **stream**: ensuring cross-destruction in \_duplexify to prevent leaks (Daijiro Wachi) [#62824](nodejs/node#62824) - \[[`978f5c15d7`](nodejs/node@978f5c15d7)] - **stream**: simplify `readableStreamFromIterable` (Antoine du Hamel) [#62651](nodejs/node#62651) - \[[`3527646ba5`](nodejs/node@3527646ba5)] - **stream**: fix nested compose error propagation (Matteo Collina) [#62556](nodejs/node#62556) - \[[`dfb9edef4f`](nodejs/node@dfb9edef4f)] - **stream**: allow shared array buffer sources in writable webstream adapter (René) [#62163](nodejs/node#62163) - \[[`f00cdab627`](nodejs/node@f00cdab627)] - **stream**: simplify `createPromiseCallback` (Antoine du Hamel) [#62650](nodejs/node#62650) - \[[`3ed783535f`](nodejs/node@3ed783535f)] - **stream**: fix writev unhandled rejection in fromWeb (sangwook) [#62297](nodejs/node#62297) - \[[`29b196694c`](nodejs/node@29b196694c)] - **stream**: noop pause/resume on destroyed streams (Robert Nagy) [#62557](nodejs/node#62557) - \[[`d73dbb9fc8`](nodejs/node@d73dbb9fc8)] - **stream**: refactor duplexify to be less suceptible to prototype pollution (Antoine du Hamel) [#62559](nodejs/node#62559) - \[[`6f37f7e240`](nodejs/node@6f37f7e240)] - **(SEMVER-MINOR)** **stream**: propagate destruction in duplexPair (Ahmed Elhor) [#61098](nodejs/node#61098) - \[[`b8816580e9`](nodejs/node@b8816580e9)] - **test**: generate `localstorage.db` in a temp dir (Chengzhong Wu) [#62660](nodejs/node#62660) - \[[`31a863fd29`](nodejs/node@31a863fd29)] - **test**: update WPT for url to [`258f285`](nodejs/node@258f285de0) (Node.js GitHub Bot) [#63087](nodejs/node#63087) - \[[`d0d19bd8e3`](nodejs/node@d0d19bd8e3)] - **test**: update WPT for streams to [`f8f26a3`](nodejs/node@f8f26a372f) (Node.js GitHub Bot) [#62864](nodejs/node#62864) - \[[`f50ac5bc78`](nodejs/node@f50ac5bc78)] - **test**: improve config-file permission test coverage (Rafael Gonzaga) [#60929](nodejs/node#60929) - \[[`a0f90000f4`](nodejs/node@a0f90000f4)] - **test**: export isRiscv64 from common module (Jamie Magee) [#62609](nodejs/node#62609) - \[[`da4dd8646f`](nodejs/node@da4dd8646f)] - **test**: normalize known inspector crash as completion (Joyee Cheung) [#62851](nodejs/node#62851) - \[[`b7fdd94a4c`](nodejs/node@b7fdd94a4c)] - **test**: account for RFC 7919 FFDHE negotiation in OpenSSL 4.0 (Filip Skokan) [#62805](nodejs/node#62805) - \[[`375a993aaf`](nodejs/node@375a993aaf)] - **test**: skip tls-deprecated secp256k1 on OpenSSL 4.0 (Filip Skokan) [#62805](nodejs/node#62805) - \[[`698d8287d1`](nodejs/node@698d8287d1)] - **test**: use an always invalid cipher and cover OpenSSL 4.0 behaviours (Filip Skokan) [#62805](nodejs/node#62805) - \[[`036bc6f300`](nodejs/node@036bc6f300)] - **test**: use valid DER OCSP responses (Filip Skokan) [#62805](nodejs/node#62805) - \[[`3aa9938da8`](nodejs/node@3aa9938da8)] - **test**: skip test-tls-error-stack when engines are unsupported (Filip Skokan) [#62805](nodejs/node#62805) - \[[`947f1ae246`](nodejs/node@947f1ae246)] - **test**: accept renamed OpenSSL 4.0 error code and reason (Filip Skokan) [#62805](nodejs/node#62805) - \[[`afdd355622`](nodejs/node@afdd355622)] - **test**: update test/addons/openssl-binding for OpenSSL 4.0 (Filip Skokan) [#62805](nodejs/node#62805) - \[[`8637524a99`](nodejs/node@8637524a99)] - **test**: mark test-snapshot-reproducible flaky (Filip Skokan) [#62808](nodejs/node#62808) - \[[`c22d34134b`](nodejs/node@c22d34134b)] - **test**: check contextify contextual store behavior in strict mode (René) [#62571](nodejs/node#62571) - \[[`0b4e0d3c94`](nodejs/node@0b4e0d3c94)] - **test**: update tls junk data error expectations (Filip Skokan) [#62629](nodejs/node#62629) - \[[`85d83c2cdb`](nodejs/node@85d83c2cdb)] - **test**: ensure WPT report is in out/wpt (Filip Skokan) [#62637](nodejs/node#62637) - \[[`9e21711c60`](nodejs/node@9e21711c60)] - **test**: improve WPT runner summary (Filip Skokan) [#62636](nodejs/node#62636) - \[[`e04e2c9ac1`](nodejs/node@e04e2c9ac1)] - **test**: skip url WPT subtests instead of modifying test script (Filip Skokan) [#62635](nodejs/node#62635) - \[[`7b1211f88c`](nodejs/node@7b1211f88c)] - **test**: capture negative utimes mtime at call time (Yuya Inoue) [#62490](nodejs/node#62490) - \[[`f1a6e9fcc7`](nodejs/node@f1a6e9fcc7)] - **test**: allow skipping individual WPT subtests (Filip Skokan) [#62517](nodejs/node#62517) - \[[`23f927542e`](nodejs/node@23f927542e)] - **test**: use on-disk fixture for test-npm-install (Joyee Cheung) [#62584](nodejs/node#62584) - \[[`4739c45879`](nodejs/node@4739c45879)] - **test**: update WPT for url to [`7a3645b`](nodejs/node@7a3645b79a) (Node.js GitHub Bot) [#62591](nodejs/node#62591) - \[[`f68189b839`](nodejs/node@f68189b839)] - **test\_runner**: add `testId` to test events (Moshe Atlow) [#62772](nodejs/node#62772) - \[[`5c2770446e`](nodejs/node@5c2770446e)] - **test\_runner**: publish to TracingChannel for OTel instrumentation (Moshe Atlow) [#62502](nodejs/node#62502) - \[[`d14029be7f`](nodejs/node@d14029be7f)] - **(SEMVER-MINOR)** **test\_runner**: support test order randomization (Pietro Marchini) [#61747](nodejs/node#61747) - \[[`3f74a58979`](nodejs/node@3f74a58979)] - **test\_runner**: update node-config-schema (Pietro Marchini) [#58680](nodejs/node#58680) - \[[`60c83f6199`](nodejs/node@60c83f6199)] - **test\_runner**: fix failing suite hooks when marked with `todo` (Moshe Atlow) [#63097](nodejs/node#63097) - \[[`d142c584cd`](nodejs/node@d142c584cd)] - **(SEMVER-MINOR)** **test\_runner**: align mock timeout api (sangwook) [#62820](nodejs/node#62820) - \[[`3e72065ed6`](nodejs/node@3e72065ed6)] - **test\_runner**: fix suite rerun edge case (Moshe Atlow) [#62860](nodejs/node#62860) - \[[`01a9552585`](nodejs/node@01a9552585)] - **(SEMVER-MINOR)** **test\_runner**: add mock-timers support for AbortSignal.timeout (DeveloperViraj) [#60751](nodejs/node#60751) - \[[`dd43efffa6`](nodejs/node@dd43efffa6)] - **test\_runner**: add passed, attempt, and diagnostic to SuiteContext (Moshe Atlow) [#62504](nodejs/node#62504) - \[[`a12dc445cc`](nodejs/node@a12dc445cc)] - **tools**: add a check for clean git tree after tests (Antoine du Hamel) [#62661](nodejs/node#62661) - \[[`5b49178375`](nodejs/node@5b49178375)] - **tools**: use LTS Node.js in notify-on-push workflow (Nenad Spasenic) [#63084](nodejs/node#63084) - \[[`5a93bde5bb`](nodejs/node@5a93bde5bb)] - **tools**: update gr2m/create-or-update-pull-request-action to v1.10.1 (Mike McCready) [#63065](nodejs/node#63065) - \[[`b133019d19`](nodejs/node@b133019d19)] - **tools**: simplify `update-undici.sh` (Antoine du Hamel) [#63044](nodejs/node#63044) - \[[`04d3538074`](nodejs/node@04d3538074)] - **tools**: do not run `test-linux` on unrelated tools changes (Antoine du Hamel) [#63037](nodejs/node#63037) - \[[`4d396ac4a5`](nodejs/node@4d396ac4a5)] - **tools**: bump the eslint group in /tools/eslint with 4 updates (dependabot\[bot]) [#62848](nodejs/node#62848) - \[[`9354bf40e7`](nodejs/node@9354bf40e7)] - **tools**: update gyp-next to 0.22.1 (Node.js GitHub Bot) [#62961](nodejs/node#62961) - \[[`c23db1ca85`](nodejs/node@c23db1ca85)] - **tools**: fix commit linter for semver-major release proposals (Antoine du Hamel) [#62993](nodejs/node#62993) - \[[`6e097ee3f1`](nodejs/node@6e097ee3f1)] - **tools**: consolidate and simplify .editorconfig deps section (Daijiro Wachi) [#62887](nodejs/node#62887) - \[[`a47ea6d6ea`](nodejs/node@a47ea6d6ea)] - **tools**: set bot as author of tools-deps-update PRs (Antoine du Hamel) [#62856](nodejs/node#62856) - \[[`00e86f0471`](nodejs/node@00e86f0471)] - **tools**: bump brace-expansion from 5.0.4 to 5.0.5 in /tools/eslint (dependabot\[bot]) [#62458](nodejs/node#62458) - \[[`cd7e262e75`](nodejs/node@cd7e262e75)] - **tools**: bump brace-expansion in /tools/clang-format (dependabot\[bot]) [#62467](nodejs/node#62467) - \[[`bfc1319bc8`](nodejs/node@bfc1319bc8)] - **tools**: exclude [@node-core/doc-kit](https://github.com/node-core/doc-kit) from dependabot cooldown (Levi Zim) [#62775](nodejs/node#62775) - \[[`a932fbd10b`](nodejs/node@a932fbd10b)] - **tools**: re-enable undici WPTs in daily wpt.fyi job (Filip Skokan) [#62677](nodejs/node#62677) - \[[`f7bd9e3055`](nodejs/node@f7bd9e3055)] - **tools**: update gyp-next to 0.22.0 (Node.js GitHub Bot) [#62697](nodejs/node#62697) - \[[`c400d46d87`](nodejs/node@c400d46d87)] - **tools**: improve backport review script (Antoine du Hamel) [#62573](nodejs/node#62573) - \[[`be23b75814`](nodejs/node@be23b75814)] - **tools**: improve output for unexpected passes in WTP tests (Antoine du Hamel) [#62587](nodejs/node#62587) - \[[`609c013ece`](nodejs/node@609c013ece)] - **tools**: revert OpenSSL update workflow to ubuntu-latest (Richard Lau) [#62627](nodejs/node#62627) - \[[`81bac1ebfd`](nodejs/node@81bac1ebfd)] - **tools**: bump the eslint group in /tools/eslint with 2 updates (dependabot\[bot]) [#62552](nodejs/node#62552) - \[[`1fee26522d`](nodejs/node@1fee26522d)] - **tools**: allow triagers to queue a PR for CI until it's reviewed (Antoine du Hamel) [#62524](nodejs/node#62524) - \[[`332088f929`](nodejs/node@332088f929)] - **tools**: do not run `commit-lint` on release proposals (Antoine du Hamel) [#62523](nodejs/node#62523) - \[[`9a25fc8a4d`](nodejs/node@9a25fc8a4d)] - **url**: process crash via malformed UNC hostname in pathToFileURL() (Nicola Del Gobbo) [#62574](nodejs/node#62574) - \[[`7bd08ff60a`](nodejs/node@7bd08ff60a)] - **url**: optimize URLSearchParams set/delete duplicate handling (Gürgün Dayıoğlu) [#62266](nodejs/node#62266) - \[[`2d636388fa`](nodejs/node@2d636388fa)] - **url**: align default argument handling for URLPattern with webidl (Filip Skokan) [#62719](nodejs/node#62719) - \[[`00705a459a`](nodejs/node@00705a459a)] - **(SEMVER-MINOR)** **util**: colorize text with hex colors (Guilherme Araújo) [#61556](nodejs/node#61556) - \[[`0e2adb3e45`](nodejs/node@0e2adb3e45)] - **watch**: track worker entry files in watch mode (SudhansuBandha) [#62368](nodejs/node#62368) - \[[`c58fe38211`](nodejs/node@c58fe38211)] - **watch**: fix --env-file-if-exists crashing on linux if the file is missing (Efe) [#61870](nodejs/node#61870) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.walbeck.it/mwalbeck/docker-cyberchef/pulls/480

crypto: remove Argon2 KDF derivation from its job setup

c1c57ec

Fixes: nodejs#62861 Signed-off-by: Filip Skokan <panva.ip@gmail.com>

panva requested a review from ChALkeR April 21, 2026 10:37

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Apr 21, 2026

panva added request-ci Add this label to start a Jenkins CI on a PR. dont-land-on-v20.x dont-land-on-v22.x PRs that should not land on the v22.x-staging branch and should not be released in v22.x. labels Apr 21, 2026

tniessen reviewed Apr 21, 2026

View reviewed changes

ranisalt reviewed Apr 21, 2026

View reviewed changes

panva requested a review from jasnell April 24, 2026 10:40

anonrig approved these changes Apr 24, 2026

View reviewed changes

github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Apr 24, 2026

This comment was marked as outdated.

Sign in to view

panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 24, 2026

ChALkeR approved these changes Apr 24, 2026

View reviewed changes

This comment was marked as outdated.

Sign in to view

panva added the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 25, 2026

nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 25, 2026

nodejs-github-bot merged commit ce21c87 into nodejs:main Apr 25, 2026
112 of 113 checks passed

panva deleted the fix-argon2-validation branch April 25, 2026 09:01

panva added dont-land-on-v24.x PRs that should not land on the v24.x-staging branch and should not be released in v24.x. dont-land-on-v25.x dont-land-on-v26.x PRs that should not land on the v26.x-staging branch and should not be released in v26.x. labels Apr 26, 2026

panva removed dont-land-on-v26.x PRs that should not land on the v26.x-staging branch and should not be released in v26.x. dont-land-on-v25.x dont-land-on-v24.x PRs that should not land on the v24.x-staging branch and should not be released in v24.x. labels Apr 26, 2026

aduh95 mentioned this pull request May 5, 2026

2026-05-07, Version 26.1.0 #63137

Merged

panva added the backport-open-v24.x Indicate that the PR has an open backport label May 7, 2026

panva mentioned this pull request May 7, 2026

[v24.x backport] crypto,doc: selected crypto changes #63173

Merged

aduh95 added backported-to-v24.x PRs backported to the v24.x-staging branch. and removed backport-open-v24.x Indicate that the PR has an open backport labels May 9, 2026

github-actions Bot mentioned this pull request May 12, 2026

2026-05-21, Version 24.16.0 'Krypton' (LTS) #63263

Merged

aduh95 removed the lts-watch-v24.x PRs that may need to be released in v24.x label May 12, 2026

Uh oh!

Conversation

panva commented Apr 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nodejs-github-bot commented Apr 21, 2026

Uh oh!

codecov Bot commented Apr 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

tniessen Apr 21, 2026

Choose a reason for hiding this comment

Uh oh!

panva Apr 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

tniessen Apr 21, 2026

Choose a reason for hiding this comment

Uh oh!

panva Apr 21, 2026

Choose a reason for hiding this comment

Uh oh!

tniessen Apr 21, 2026

Choose a reason for hiding this comment

Uh oh!

panva Apr 21, 2026

Choose a reason for hiding this comment

Uh oh!

tniessen Apr 21, 2026

Choose a reason for hiding this comment

Uh oh!

ranisalt Apr 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

This comment was marked as outdated.

This comment was marked as outdated.

nodejs-github-bot commented Apr 25, 2026

Uh oh!

Uh oh!

nodejs-github-bot commented Apr 25, 2026

Uh oh!

panva commented Apr 26, 2026

Uh oh!

panva commented Apr 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

panva commented Apr 21, 2026 •

edited

Loading

codecov Bot commented Apr 21, 2026 •

edited

Loading

panva Apr 21, 2026 •

edited

Loading

ranisalt Apr 21, 2026 •

edited

Loading