build(deps): bump node-libcurl from 4.1.0 to 5.1.2#3445
Open
dependabot[bot] wants to merge 19 commits into
Open
build(deps): bump node-libcurl from 4.1.0 to 5.1.2#3445dependabot[bot] wants to merge 19 commits into
dependabot[bot] wants to merge 19 commits into
Conversation
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/node-libcurl-5.1.2
branch
3 times, most recently
from
July 1, 2026 15:33
18d44d4 to
14555a4
Compare
Contributor
✅
|
Contributor
✅
|
Contributor
✅
|
Contributor
✅
|
Contributor
✅
|
Contributor
✅
|
Contributor
✅
|
Owner
|
@copilot resolve the merge conflicts in this pull request |
Contributor
Owner
|
@dependabot recreate |
Contributor
Author
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
Bumps [node-libcurl](https://github.com/JCMais/node-libcurl) from 4.1.0 to 5.1.2. - [Release notes](https://github.com/JCMais/node-libcurl/releases) - [Changelog](https://github.com/JCMais/node-libcurl/blob/develop/CHANGELOG.md) - [Commits](JCMais/node-libcurl@v4.1.0...v5.1.2) --- updated-dependencies: - dependency-name: node-libcurl dependency-version: 5.1.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
ardatan
force-pushed
the
dependabot/npm_and_yarn/node-libcurl-5.1.2
branch
from
July 14, 2026 11:56
e204244 to
ad0a4b9
Compare
node-libcurl 5 / libcurl 8 no longer tears down the TCP connection when pausing receive, so AbortSignal never reached the server and left open handles that broke Jest leak detection. Co-authored-by: Cursor <cursoragent@cursor.com>
Bun exercises native fetch on this path, and httpbin.org HTTPS hangs from GitHub Actions runners. Co-authored-by: Cursor <cursoragent@cursor.com>
node-libcurl 5 leaves a process-wide Multi that cannot be cleaned up (globalCleanup is a noop), which makes --detectLeaks fail for any suite that exercises it. Unit tests still cover the libcurl path. Co-authored-by: Cursor <cursoragent@cursor.com>
Stop short-circuiting to native Blobs, wrap native streams, and destroy body readers when collection finishes so Jest leak detection can GC. Co-authored-by: Cursor <cursoragent@cursor.com>
The package main entry eagerly requires node-libcurl, which reinstates the shared Multi even when Jest itself skips loading it for LEAK_TEST. Co-authored-by: Cursor <cursoragent@cursor.com>
libcurl 8 rejects the self-signed cert used by the http2 suite unless verification is disabled for that test. External httpbin HTTPS is skipped in CI in favor of the local httpbin service. Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Re-enable libcurl for Jest --detectLeaks. node-libcurl 5 made Curl.globalCleanup() a noop, so patch it to close the default Multi (lazy-created) and drain deferred cleanup after libcurl suites. Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
node-libcurl 5 only installs on supported Node versions; patch-package must not fail CI on older runtimes where the optional dependency is missing. Co-authored-by: Cursor <cursoragent@cursor.com>
Skipping these cases under LEAK_TEST hides real registry/blob leaks; rely on revokeObjectURL cleanup instead. Co-authored-by: Cursor <cursoragent@cursor.com>
Multi.close() in v5 stops the timeout but leaves the uv handle and ObjectWrap Ref alive, which pins Jest --detectLeaks isolates. Call CloseTimerAsync via a small N-API helper after dispose. Co-authored-by: Cursor <cursoragent@cursor.com>
Silent no-op left Jest detectLeaks red when the addon failed to load. Co-authored-by: Cursor <cursoragent@cursor.com>
Use Curl.setMulti with a package-owned Multi and release its uv timer via CloseTimerAsync so Jest --detectLeaks can collect suites that use libcurl. Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Closing Multi while Easy handles are still draining leaves uv/socket state that pins Jest --detectLeaks isolates. Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Duplicate CJS/ESM module instances under Jest left dispose unable to see the Multi created by fetchCurl, so CloseTimerAsync never ran. Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps node-libcurl from 4.1.0 to 5.1.2.
Release notes
Sourced from node-libcurl's releases.
... (truncated)
Changelog
Sourced from node-libcurl's changelog.
... (truncated)
Commits
1e0bbef5.1.24d0f347chore: prepare CHANGELOG for v5.1.2 release82ba321Merge branch 'develop' into master for v5.1.22c28d96fix: disable LTO/ThinLTO via gyp -D flags for Node 26 Windows buildsa222989fix: disable LTO/ThinLTO in binding.gyp for Windows + Node 26 builds2d8588b5.1.15d5e0cbchore: prepare CHANGELOG for v5.1.1 release2831f10Merge branch 'develop' into master for v5.1.17670677ci: reduce consumer test nesting from 12 to 4 to fit MSVC c1xx MAX_PATH [skip...11a13a8ci: actually fail the consumer test when the install fails [skip ci]Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for node-libcurl since your current version.
Install script changes
This version adds
preinstallscript that runs during installation. Review the package contents before updating.