chore(deps): update node.js to v24.13.1

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
node	final	patch	24.13.0-alpine → 24.13.1-alpine

---

Release Notes

nodejs/node (node)

v24.13.1: 2026-02-10, Version 24.13.1 'Krypton' (LTS), @​aduh95

Compare Source

Notable Changes

• [1f64d6841e] - build: add support for Python 3.14 (Christian Clauss) #​59983
• [30e500fc09] - cli: mark --heapsnapshot-near-heap-limit as stable (Joyee Cheung) #​60956
• [bc0a55f086] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #​61419
• [8a67c00bf5] - doc: mark --build-snapshot and --build-snapshot-config as stable (Joyee Cheung) #​60954
• [3999c2a910] - meta: add avivkeller to collaborators (Aviv Keller) #​61115
• [fa542fbae6] - meta: add gurgunday to collaborators (Gürgün Dayıoğlu) #​61094
• [ff11eda2f2] - meta: add Renegade334 to collaborators (Renegade334) #​60714
• [2e387fb969] - url: update ada to v3.4.2 and support unicode 17 (Yagiz Nizipli) #​61593
• [bb206782d4] - v8: mark v8.queryObjects() as stable (Joyee Cheung) #​60957

Commits

• [a73279c60d] - assert: use a set instead of an array for faster lookup (Ruben Bridgewater) #​61076
• [6a61bcd73c] - assert,util: fix deep comparison for sets and maps with mixed types (Ruben Bridgewater) #​61388
• [cf0eabcd42] - assert,util: improve deep comparison performance (Ruben Bridgewater) #​61076
• [ff3b9ac183] - benchmark: add SQLite benchmarks (Guilherme Araújo) #​61401
• [e1f7d68c94] - benchmark: use boolean options in benchmark tests (SeokhunEom) #​60129
• [91127c91cd] - benchmark: allow boolean option values (SeokhunEom) #​60129
• [170fda55f6] - benchmark: add microbench on isInsideNodeModules (Chengzhong Wu) #​60991
• [3976381b41] - benchmark: fix incorrect base64 input in byteLength benchmark (semimikoh) #​60841
• [c702fccd76] - benchmark: use typescript for import cjs benchmark (Joyee Cheung) #​60663
• [92c517c62d] - buffer: make methods work on Uint8Array instances (Neal Beeken) #​56578
• [be95382edb] - buffer: let Buffer.of use heap (Сковорода Никита Андреевич) #​60503
• [1f64d6841e] - build: test on Python 3.14 (Christian Clauss) #​59983
• [ea4687981b] - build: update android-patches/trap-handler.h.patch (Mo Luo) #​60369
• [b3a7a8c780] - build: update devcontainer.json to use paired nix env (Joyee Cheung) #​61414
• [7168d0b5e3] - build: add embedtest into native suite (Joyee Cheung) #​61357
• [e00755a977] - build: fix misplaced comma in ldflags (hqzing) #​61294
• [72fcc3ee9d] - build: fix crate vendor file checksums on windows (Chengzhong Wu) #​61329
• [76a73d68fd] - build: expose libplatform symbols in shared libnode (Joyee Cheung) #​61144
• [ef8d26ce5c] - build: fix inconsistent quoting in Makefile (Antoine du Hamel) #​60511
• [2d23968783] - build: remove temporal updater (Chengzhong Wu) #​61151
• [4c2655f1c2] - build: update test-wpt-report to use NODE instead of OUT_NODE (Filip Skokan) #​61024
• [eaea6821fc] - build: skip build-ci on actions with a separate test step (Chengzhong Wu) #​61073
• [dfd4e12037] - build: run embedtest with node_g when BUILDTYPE=Debug (Chengzhong Wu) #​60850
• [775c77234b] - build,tools: fix addon build deadlock on errors (Vladimir Morozov) #​61321
• [5deafc10fa] - build,win: improve logs when ClangCL is missing (Mike McCready) #​61438
• [e2481c5c6e] - build,win: update WinGet configurations to Python 3.14 (Mike McCready) #​61431
• [d2586b7e4c] - child_process: treat ipc length header as unsigned uint32 (Ryuhei Shima) #​61344
• [30e500fc09] - cli: mark --heapsnapshot-near-heap-limit as stable (Joyee Cheung) #​60956
• [2c7da15612] - cluster: fix port reuse between cluster (Ryuhei Shima) #​60141
• [bc0a55f086] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #​61419
• [2d5f20e9c3] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #​60741
• [fba95be188] - deps: update archs files for openssl-3.5.5 (Node.js GitHub Bot) #​61547
• [08697289e0] - deps: upgrade openssl sources to openssl-3.5.5 (Node.js GitHub Bot) #​61547
• [403c50c04d] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #​61510
• [3b24691aeb] - deps: upgrade npm to 11.8.0 (npm team) #​61466
• [2bba7efdc4] - deps: update googletest to 8508785 (Node.js GitHub Bot) #​61417
• [8f8c6f6162] - deps: update sqlite to 3.51.2 (Node.js GitHub Bot) #​61339
• [c46009053c] - deps: update icu to 78.2 (Node.js GitHub Bot) #​60523
• [b46b8dd91b] - deps: update ada to v3.4.0 (Yagiz Nizipli) #​61315
• [88c6b17e18] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #​61135
• [0030c05ba9] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #​61271
• [77437cff89] - deps: update nbytes to 0.1.2 (Node.js GitHub Bot) #​61270
• [fb0f05a937] - deps: update timezone to 2025c (Node.js GitHub Bot) #​61138
• [b426a47c05] - deps: nghttp2: revert 7784fa9 (Antoine du Hamel) #​61136
• [c07a38f700] - deps: update nghttp2 to 1.68.0 (nodejs-github-bot) #​61136
• [c2ddc9a18b] - deps: update simdjson to 4.2.4 (Node.js GitHub Bot) #​61056
• [f38cd6da8e] - deps: update googletest to 065127f (Node.js GitHub Bot) #​61055
• [a9a6a4cdb2] - deps: brotli: cherry-pick e230f47 (liujiahui) #​61003
• [5a40023aae] - deps: upgrade npm to 11.7.0 (npm team) #​61011
• [4121e7a413] - deps: update sqlite to 3.51.1 (Node.js GitHub Bot) #​60899
• [e8a09fc896] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #​60898
• [8df5862ee5] - deps: upgrade npm to 11.6.4 (npm team) #​60853
• [6c1c8cbdcc] - deps: update sqlite to 3.51.0 (Node.js GitHub Bot) #​60614
• [2d1efc7c1b] - deps: upgrade npm to 11.6.3 (npm team) #​60785
• [3a2de1c23b] - deps: update brotli to 1.2.0 (Node.js GitHub Bot) #​60540
• [58c5d40bd1] - deps: update simdjson to 4.2.2 (Node.js GitHub Bot) #​60740
• [e6b607ef50] - deps: update googletest to 1b96fa1 (Node.js GitHub Bot) #​60739
• [650c9e0305] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #​60543
• [ef1951d5d5] - deps: update inspector_protocol to 1b1bcbb (Node.js GitHub Bot) #​60705
• [eb068305dd] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #​60646
• [ee1d99131c] - deps: update simdjson to 4.2.1 (Node.js GitHub Bot) #​60644
• [23582967b7] - deps: V8: cherry-pick 1441665 (Domagoj Stolfa) #​60989
• [155eaedff2] - deps: V8: cherry-pick 394a805 (Lu Yahan) #​60962
• [c95a4a0f43] - deps: V8: backport bbaae8e (Lu Yahan) #​60962
• [6f123f186d] - doc: move Security-Team from TSC to SECURITY (Rafael Gonzaga) #​61495
• [2e3337d15b] - doc: added requestOCSP option to tls.connect (ikeyan) #​61064
• [f505f81577] - doc: restore @​ChALkeR to collaborators (Сковорода Никита Андреевич) #​61553
• [12fb95d0c9] - doc: update IBM/Red Hat volunteers with dedicated project time (Beth Griggs) #​61588
• [283ab61ed2] - doc: align Buffer.concat documentation with behavior (Gürgün Dayıoğlu) #​60405
• [fc9c906d5f] - doc: remove v prefix for version references (Mike McCready) #​61488
• [4a88ed09e8] - doc: mention constructor comparison in assert.deepStrictEqual (Hamza Kargin) #​60253
• [9b29d56491] - doc: add CVE delay mention (Rafael Gonzaga) #​61465
• [4815e4ac52] - doc: update previous version links in BUILDING (Mike McCready) #​61457
• [8a43244e6c] - doc: include OpenJSF handle for security stewards (Rafael Gonzaga) #​61454
• [89a7f184a1] - doc: clarify process.argv[1] behavior for -e/--eval (Jeevankumar S) #​61366
• [b4041aba1c] - doc: remove Windows Dev Home instructions from BUILDING (Mike McCready) #​61434
• [fa7830bac0] - doc: clarify TypedArray properties on Buffer (Roman Reiss) #​61355
• [45663c8956] - doc: update Python 3.14 manual install instructions (Windows) (Mike McCready) #​61428
• [0248357f26] - doc: note resume build should not be done on node-test-commit (Stewart X Addison) #​61373
• [b254bab513] - doc: refine WebAssembly error documentation (sangwook) #​61382
• [8aca37c6ef] - doc: add deprecation history for url.parse (Eng Zer Jun) #​61389
• [8047ac3aac] - doc: add marco and rafael in last sec release (Marco Ippolito) #​61383
• [61190bf4b4] - doc: packages: example of private import switch to internal (coderaiser) #​61343
• [346311c42f] - doc: add esm and cjs examples to node:v8 (Alfredo González) #​61328
• [c07c80717c] - doc: added 'secure' event to tls.TLSSocket (ikeyan) #​61066
• [9f68d30f11] - doc: restore @​watilde to collaborators (Daijiro Wachi) #​61350
• [a3b08ddb51] - doc: run license-builder (github-actions[bot]) #​61348
• [4990812dd9] - doc: document ALPNCallback option for TLSSocket constructor (ikeyan) #​61331
• [89e9d19693] - doc: update MDN links (Livia Medeiros) #​61062
• [dcffa88fec] - doc: correct description of error.stack accessor behavior (René) #​61090
• [31476cd4d1] - doc: add documentation for process.traceProcessWarnings (Alireza Ebrahimkhani) #​53641
• [99c783b9ec] - doc: add sqlite session disposal method (René) #​61273
• [c7764bed35] - doc: fix filename typo (Hardanish Singh) #​61297
• [0f16bca9d8] - doc: fix typos and grammar in BUILDING.md & onboarding.md (Hardanish Singh) #​61267
• [4b691b562d] - doc: mention --newVersion release script (Rafael Gonzaga) #​61255
• [32e56ab71f] - doc: correct typo in api contributing doc (Mike McCready) #​61260
• [9ebf1ffbeb] - doc: add PR-URL requirement for security backports (Rafael Gonzaga) #​61256
• [940f83d95d] - doc: add reusePort error behavior to net module (mag123c) #​61250
• [8881859ee0] - doc: note corepack package removal in distribution doc (Mike McCready) #​61207
• [03a1540cd1] - doc: fix tls.connect() timeout documentation (Azad Gupta) #​61079
• [816ce7530d] - doc: missing passed, error and passed properties on TestContext (Xavier Stouder) #​61185
• [d825c8858a] - doc: clarify threat model for application-level API exposure (Rafael Gonzaga) #​61184
• [a3dd30d0e0] - doc: correct options for net.Socket class and socket.connect (Xavier Stouder) #​61179
• [c3e776becd] - doc: document error event on readline InterfaceConstructor (Xavier Stouder) #​61170
• [05a6372d30] - doc: add a smooth scrolling effect to the sidebar (btea) #​59007
• [76a7eb09ef] - doc: fix test settime docs (Efe) #​61117
• [bcbbde6ccc] - doc: correct invalid collaborator profile (JJ) #​61091
• [084741d09d] - doc: add a tip about developer mode on Windows (Joyee Cheung) #​61112
• [ed4de371d3] - doc: exclude compile-time flag features from security policy (Matteo Collina) #​61109
• [3999c2a910] - doc: add @​avivkeller to collaborators (Aviv Keller) #​61115
• [f3ec066f1a] - doc: warn about short GCM tags visibly (Tobias Nießen) #​61082
• [fa542fbae6] - doc: add gurgunday to collaborators (Gürgün Dayıoğlu) #​61094
• [49f36722dc] - doc: mark sync module hooks as release candidate (Joyee Cheung) #​60960
• [a0adc6afd2] - doc: reorganize docs of module customization hooks (Joyee Cheung) #​60960
• [a4097ca048] - doc: mark crypto.hash as stable (Joyee Cheung) #​60994
• [8a67c00bf5] - doc: mark --build-snapshot and --build-snapshot-config as stable (Joyee Cheung) #​60954
• [0c83169c35] - doc: add File modes cross-references in fs methods (Mohit Raj Saxena) #​60286
• [dae815262a] - doc: add missing zstd to mjs example of zlib (Deokjin Kim) #​60915
• [28b284880e] - doc: clarify fileURLToPath security considerations (Rafael Gonzaga) #​60887
• [6c440af39b] - doc: show the use of string expressions in the SQLTagStore example (schliepa) #​60873
• [4c5b62209c] - doc: replace column with columnNumber in example of util.getCallSites (Deokjin Kim) #​60881
• [8875c9148e] - doc: correct spelling in BUILDING.md (Rich Trott) #​60875
• [d6cb762426] - doc: update debuglog examples to use 'foo-bar' instead of 'foo' (xiaoyao) #​60867
• [9eae518796] - doc: correct 'event handle' to 'event handler' in Utf8Stream drop event (Riddhi) #​60692
• [c3c3ed27c1] - doc: fix typos in changelogs (Rich Trott) #​60855
• [1b975e3017] - doc: mark module.register as active development (Chengzhong Wu) #​60849
• [6a6fc0c851] - doc: add fullName property to SuiteContext (PaulyBearCoding) #​60762
• [8347d734e6] - doc: add additional codemods for deprecation (Augustin Mauroy) #​60811
• [7cc87037c3] - doc: keep sidebar module visible when navigating docs (Botato) #​60410
• [1c6618f643] - doc: correct concurrency wording in test() documentation (Azad Gupta) #​60773
• [488208004e] - doc: clarify that CQ only picks up PRs targeting main (René) #​60731
• [34517940c2] - doc: clarify license section and add contributor note (KaleruMadhu) #​60590
• [f080721df4] - doc: correct and expand documentation for SQLTagStore (René) #​60200
• [be3d26709d] - doc: correct tls ALPNProtocols types (René) #​60143
• [ef82c53131] - doc: remove mention of SMS 2FA (Antoine du Hamel) #​60707
• [11b190f63e] - doc: add info about renamed flag in cli.md (Antoine du Hamel) #​60690
• [59db9bc654] - doc: fix incorrect slh-dsa oids in crypto.md (Artsiom Malakhau) #​60681
• [ad52750cf6] - doc: domain.add() does not accept timer objects (René) #​60675
• [2592d94e29] - doc: fix v24 changelog after security release (Marco Ippolito) #​61371
• [e0f4ad0af0] - doc,test: add documentation and test on how to use addons in SEA (Joyee Cheung) #​59582
• [13af640d94] - esm: ensure watch mode restarts after syntax errors (Xavier Stouder) #​61232
• [31afe95d15] - esm: avoid throw when module specifier is not url (Craig Macomber (Microsoft)) #​61000
• [311a04cf2d] - esm: improve error messages for ambiguous module syntax (mag123c) #​60376
• [cacef92937] - events: remove redundant todo (Gürgün Dayıoğlu) #​60595
• [42e1f72561] - events: remove eventtarget custom inspect branding (Efe) #​61128
• [fd8b61369b] - fs: remove duplicate getValidatedPath calls (Mert Can Altin) #​61359
• [9bb9fc7f2c] - fs: fix errorOnExist behavior for directory copy in fs.cp (Nicholas Paun) #​60946
• [55a3c70780] - fs: fix ENOTDIR in globSync when file is treated as dir (sangwook) #​61259
• [073a145095] - fs: remove duplicate fd validation in sync functions (Mert Can Altin) #​61361
• [b132ecdf60] - fs: validate statfs path (Efe) #​61230
• [0ed0a30f74] - fs: fix rmSync to handle non-ASCII characters (Yeaseen) #​61108
• [99632b1a3b] - fs: remove broken symlinks in rmSync (sangwook) #​61040
• [9cb6757a67] - fs: detect dot files when using globstar (Robin van Wijngaarden) #​61012
• [e22aad19e0] - gyp: aix: change gcc version detection so CXX="ccache g++" works (Stewart X Addison) #​61464
• [59d94ba7e7] - http: fix rawHeaders exceeding maxHeadersCount limit (Max Harari) #​61285
• [ae6a1fd40a] - http,https: fix double ERR_PROXY_TUNNEL emission (Shima Ryuhei) #​60699
• [53bfbaa4b1] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #​61402
• [14b421b677] - http2,zlib: prefer call() over apply() if argument list is not array (Livia Medeiros) #​60834
• [32b03d0604] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#750
• [4ef7a6c77e] - lib: backport _tls_common and _tls_wrap refactors (Dario Piotrowicz) #​57643
• [820e0a5cfa] - lib: fix typo in util.js comment (Taejin Kim) #​61365
• [8de391e1cb] - lib: fix TypeScript support check in jitless mode (sangwook) #​61382
• [f22f622b3e] - lib: add lint rules for reflective function calls (Michaël Zasso) #​60825
• [603f0bf8e1] - lib: implement all 1-byte encodings in js (Сковорода Никита Андреевич) #​61093
• [1c0a1aa5ef] - lib: gbk decoder is gb18030 decoder per spec (Сковорода Никита Андреевич) #​61099
• [2cf963df73] - lib: enforce use of URLParse (Antoine du Hamel) #​61016
• [bb90630470] - lib: use FastBuffer for empty buffer allocation (Gürgün Dayıoğlu) #​60558
• [10893a6f13] - lib: refactor JWK import PQC support check (Filip Skokan) #​60586
• [d43806291f] - lib,src: isInsideNodeModules should test on the first non-internal frame (Chengzhong Wu) #​60991
• [0bb8f5fe03] - lib,src,test: fix tests without SQLite (Antoine du Hamel) #​60906
• [f3fe0e7fc2] - lib,test: enforce use of assert.fail via a lint rule (Antoine du Hamel) #​61004
• [8b783d46ef] - meta: do not fast-track npm updates (Antoine du Hamel) #​61475
• [de4a11b50e] - meta: fix typos in issue template config (Daijiro Wachi) #​61399
• [97b1492783] - meta: label v8 module PRs (René) #​61325
• [9bf899b743] - meta: bump step-security/harden-runner from 2.13.2 to 2.14.0 (dependabot[bot]) #​61245
• [4df7134324] - meta: bump actions/setup-node from 6.0.0 to 6.1.0 (dependabot[bot]) #​61244
• [ff98f610d8] - meta: bump actions/cache from 4.3.0 to 5.0.1 (dependabot[bot]) #​61243
• [86950a41ab] - meta: bump github/codeql-action from 4.31.6 to 4.31.9 (dependabot[bot]) #​61241
• [96901b4828] - meta: bump codecov/codecov-action from 5.5.1 to 5.5.2 (dependabot[bot]) #​61240
• [c90fc7c0d3] - meta: bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 (dependabot[bot]) #​61237
• [f130d4b6de] - meta: move lukekarrys to emeritus (Node.js GitHub Bot) #​60985
• [416f34ccfc] - meta: bump actions/setup-python from 6.0.0 to 6.1.0 (dependabot[bot]) #​60927
• [2239939305] - meta: bump github/codeql-action from 4.31.3 to 4.31.6 (dependabot[bot]) #​60926
• [7f146b6a97] - meta: bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (dependabot[bot]) #​60924
• [d9020f0089] - meta: bump github/codeql-action from 4.31.2 to 4.31.3 (dependabot[bot]) #​60770
• [4bba259d3b] - meta: bump step-security/harden-runner from 2.13.1 to 2.13.2 (dependabot[bot]) #​60769
• [ff11eda2f2] - meta: add Renegade334 to collaborators (Renegade334) #​60714
• [e3b5593c0f] - module: fix sync resolve hooks for require with node: prefixes (Joyee Cheung) #​61088
• [edec5be805] - module: preserve URL in the parent created by createRequire() (Joyee Cheung) #​60974
• [5cc3596eb4] - node-api: fix node_api_create_object_with_properties name (Vladimir Morozov) #​61319
• [179162fe42] - node-api: use Node-API in comments (Vladimir Morozov) #​61320
• [b3fe457a89] - node-api: add napi_set_prototype (siaeyy) #​60711
• [1e13e84f16] - node-api: fix data race and use-after-free in napi_threadsafe_function (Mika Fischer) #​55877
• [36ce6d636d] - node-api: add support for Float16Array (Ilyas Shabi) #​58879
• [95e6659e2b] - node-api: support SharedArrayBuffer in napi_create_dataview (Kevin Eady) #​60473
• [54f58e2fb2] - os: freeze signals constant (Xavier Stouder) #​61038
• [31489310f8] - process: improve process.cwd() error message (TseIan) #​61164
• [f7450a90ed] - repl: move completion logic to internal module (Dario Piotrowicz) #​59889
• [27117625df] - sqlite: add some tests (Guilherme Araújo) #​61410
• [d56066ce8c] - sqlite: improve error messages for tag store (Pramit Sharma) #​61096
• [9d993be6c1] - sqlite: make SQLTagStore.prototype.size a getter (René) #​60246
• [ceaa200d16] - src: improve StringBytes::Encode perf on UTF8 (Сковорода Никита Андреевич) #​61131
• [034a5f2346] - src: add missing override specifier to Clean() (Tobias Nießen) #​61429
• [977f46cc20] - src: cache context lookup in vectored io loops (Mert Can Altin) #​61387
• [bb9e4e0784] - src: cache missing package.json files in the C++ package config cache (Michael Smith) #​60425
• [c1aa9f49cd] - src: use starts_with instead of rfind/find (Tobias Nießen) #​61426
• [d3676d0a82] - src: use C++ nullptr in sqlite (Tobias Nießen) #​61416
• [001be8aa7c] - src: use C++ nullptr in webstorage (Tobias Nießen) #​61407
• [4f832b1e3d] - src: fix pointer alignment (jhofstee) #​61336
• [a0a8c96fd1] - src: dump snapshot source with node:generate_default_snapshot_source (Joyee Cheung) #​61101
• [b6d3caeda8] - src: improve StringBytes::Encode perf on ASCII (Сковорода Никита Андреевич) #​61119
• [9c80e5ac87] - src: add HandleScope to edge loop in heap_utils (Mert Can Altin) #​60885
• [09ccd94312] - src: remove redundant CHECK (Tobias Nießen) #​61130
• [6008354b8a] - src: remove unused private field in SQLTagStore (Michaël Zasso) #​61027
• [7484a34a7d] - src: implement Windows-1252 encoding support and update related tests (Mert Can Altin) #​60893
• [47851db855] - src: fix off-thread cert loading in bundled cert mode (Joyee Cheung) #​60764
• [4702a8696b] - src: handle DER decoding errors from system certificates (Joyee Cheung) #​60787
• [19a4926965] - src: use static_cast instead of C-style cast (Michaël Zasso) #​60868
• [6529334dec] - src: add test flag to config file (Marco Ippolito) #​60798
• [d153b30773] - src: split inspector protocol domains files (Chengzhong Wu) #​60754
• [7191b847c6] - src,permission: fix permission.has on empty param (Rafael Gonzaga) #​60674
• [a188b954bb] - src,permission: add debug log on is_tree_granted (Rafael Gonzaga) #​60668
• [b483b5a8ea] - stream: export namespace object from internal end-of-stream module (René) #​61455
• [0472104536] - stream: fix isErrored/isWritable for WritableStreams (René) #​60905
• [dd13f1046f] - test: skip --build-sea tests on platforms where SEA is flaky (Joyee Cheung) #​61504
• [6c18bf26f4] - test: update WPT for url to 81a2aed (Node.js GitHub Bot) #​61509
• [f511c24d6b] - test: fix flaky debugger test (Ryuhei Shima) #​58324
• [41710ba953] - test: ensure removeListener event fires for once() listeners (sangwook) #​60137
• [0035f3fa0f] - test: delay writing the files only on macOS (Luigi Pinca) #​61532
• [99c29eb261] - test: add implicit test for fs dispose handling with using (Ilyas Shabi) #​61140
• [e349d34c8a] - test: check new WebCryptoAPI enum values (Filip Skokan) #​61406
• [e75617d25f] - test: split test-esm-loader-hooks (Joyee Cheung) #​61374
• [42110af62a] - test: aix: mark test-emit-on-destroyed as flaky (Stewart X Addison) #​61381
• [180fdbf188] - test: update url web-platform tests (Yagiz Nizipli) #​61315
• [4bac4ecd9d] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60761
• [39ca74e57e] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60759
• [7327b04875] - test: ensure assertions are reached on more tests (Antoine du Hamel) #​60726
• [fd6601c710] - test: asserts that import.meta.resolve invokes sync loader hooks (Chengzhong Wu) #​61158
• [da4d4d4fde] - test: check util.parseArgs argv parsing with actual process execution (René) #​61089
• [368b32d410] - test: update WPT for urlpattern to a2e15ad (Node.js GitHub Bot) #​61134
• [e880062de8] - test: make buffer sizes 32bit-aware in test-internal-util-construct-sab (René) #​61026
• [f2706e1166] - test: remove unneccessary repl magic_mode tests (Dario Piotrowicz) #​61053
• [327dd25f86] - test: skip sea tests on riscv64 (Stewart X Addison) #​61111
• [6da34027e2] - test: simplify test-cli-node-options-docs (Antoine du Hamel) #​61006
• [74df70d1da] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #​60995
• [5513338446] - test: update test426 fixtures (Rich Trott) #​60982
• [9f594f53a7] - test: update WPT for urlpattern to aed1f3d (Node.js GitHub Bot) #​60642
• [18e3b91bf1] - test: deflake test-repl-paste-big-data (Livia Medeiros) #​60975
• [28ecdc5c98] - test: skip SEA inspect test if inspector is not available (Livia

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled because a matching PR was automerged previously.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[railway-app]

🚅 Deployed to the simon.dev-pr-1597 environment in simon.dev

Service	Status	Web	Updated (UTC)
simon.dev	✅ Success (View Logs)	Web	Feb 12, 2026 at 6:16 pm

[claude]

Claude finished @renovate[bot]'s task in 1m 29s —— View job

---

Code Review: Node.js v24.13.0 → v24.13.1 Update

Review Complete ✅

---

Review Summary

Recommendation: ✅ APPROVE - This is a safe, well-managed patch update.

---

Detailed Analysis

1. Code Quality ✅

Change Overview:

• Single line change in Dockerfile (line 4)
• Node.js base image: 24.13.0-alpine → 24.13.1-alpine
• SHA256 digest updated: cd6fb7... → 4f696f...

Best Practices:

• ✅ Image pinning with SHA256 digest (excellent security practice)
• ✅ Using Alpine Linux for minimal image size
• ✅ Proper semantic versioning (patch update)
• ✅ Clean, well-structured multi-stage Dockerfile

---

2. Security 🔒

Security Updates in v24.13.1:

• CVE-2025-59465: TLSSocket default error handler vulnerability fixed
  • Impact: Prevents unhandled errors in TLS connections
  • Severity: Important to update
• Root Certificates Updated: NSS 3.119 (from 3.117)
  • Ensures latest trusted certificate authorities
• OpenSSL Updated: 3.5.5 (security patches included)

Docker Security:

• ✅ SHA256 digest pinning prevents man-in-the-middle attacks
• ✅ Renovate automatically updates the digest
• ✅ Non-root user execution (nextjs user with UID 1001)

---

3. Performance ⚡

Notable Performance Improvements:

• Deep comparison performance improvements in assert and util modules
• StringBytes encoding performance improvements (UTF-8, ASCII)
• Buffer allocation optimizations

Impact: Minor performance gains; no breaking changes or regressions expected.

---

4. Testing 🧪

Testing Considerations:

• ✅ This is a patch release (low risk)
• ✅ No breaking changes in v24.13.1
• ⚠️ Recommendation: Run existing test suite to verify compatibility
  • pnpm test should pass
  • Docker build should succeed
  • Production deployment should work seamlessly

Test Coverage:

• No test changes needed (Docker-only update)
• Existing tests will validate application compatibility

---

5. Documentation 📚

Documentation Updates:

• ✅ Renovate PR includes comprehensive release notes
• ✅ Commit message follows conventional commits: chore(deps): update node.js to v24.13.1
• ✅ No README updates needed (infrastructure change)

Notable Stable Features (marked stable in this release):

• --heapsnapshot-near-heap-limit CLI flag
• --build-snapshot and --build-snapshot-config flags
• v8.queryObjects() API
• crypto.hash() API

---

Additional Observations

Compatibility:

• ✅ Fully compatible with project's Node.js 24 requirement (per CLAUDE.md)
• ✅ No changes to package.json dependencies needed
• ✅ Alpine Linux version remains consistent

Dependencies Updated:

• npm: 11.8.0
• Corepack: 0.34.6
• V8, ICU, SQLite, and other core dependencies updated

Risk Assessment:

• Risk Level: ⬇️ Very Low
• Type: Patch release (bug fixes + security updates)
• Regression Risk: Minimal (extensively tested by Node.js team)
• Rollback: Easy (revert single line change)

---

Recommendations

1. Merge this PR - Security fixes and performance improvements justify immediate adoption
2. Monitor Railway deployment - The preview deployment will validate the update
3. No code changes required - Application code unaffected
4. Consider enabling Renovate auto-merge for future patch updates (if not already enabled)

---

Security Advisory

The CVE-2025-59465 fix addresses a TLSSocket error handling issue. Given this project uses Discord integration and external APIs over HTTPS, this security patch is recommended for production.

---

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.76%. Comparing base (8a3575c) to head (03b0cb9).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1597   +/-   ##
=======================================
  Coverage   97.76%   97.76%           
=======================================
  Files          49       49           
  Lines         896      896           
  Branches      156      156           
=======================================
  Hits          876      876           
  Misses          8        8           
  Partials       12       12           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.