chore(deps): update non-major

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
chalk	^4.0.0 → ^4.1.2			dependencies	patch
eslint (source)	^8.57.0 → ^8.57.1			devDependencies	patch
eslint-config-prettier	^9.1.0 → ^9.1.2			devDependencies	patch
eslint-config-sanity (source)	^7.1.2 → ^7.1.4			devDependencies	patch
groq-js	^1.26.0 → ^1.30.0			dependencies	minor
node (source)	20.14.0 → 20.20.2				minor
prettier (source)	^3.3.1 → ^3.8.2			devDependencies	minor	3.8.3

---

Release Notes

eslint/eslint (eslint)

v8.57.1

Compare Source

prettier/eslint-config-prettier (eslint-config-prettier)

v9.1.2

Compare Source

sanity-io/eslint-config-sanity (eslint-config-sanity)

v7.1.4

Compare Source

Bug Fixes

• update deps (#​84) (4f1e812)

v7.1.3

Compare Source

Bug Fixes

• deps: Update linters to v8 (#​77) (4b19efa)

sanity-io/groq-js (groq-js)

v1.30.0

Compare Source

Features

• include line/column info on groq syntax errors (#​343) (d9c4770)

v1.29.0

Compare Source

Features

• typeEvaluator: add support for sanity::projectId() and sanity::dataset() (#​339) (ceadaa6)

v1.28.0

Compare Source

Features

• parser: add support for parsing text::semanticSimilarity (#​335) (ccf4df9)

v1.27.1

Compare Source

Bug Fixes

• typeEvaluator: global::now() should return string (47865dc)
• typeEvaluator: match should return false for dateTimes (9080a9a)

v1.27.0

Compare Source

Features

• typeEvaluator: add support for user::attributes() (c791ab8)

nodejs/node (node)

v20.20.2: 2026-03-24, Version 20.20.2 'Iron' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-21717) fix array index hash collision (Joyee Cheung)
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan)
• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina)
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS)pull/795>
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS)
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS)
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina)

Commits

• [cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831
• [f333d0be5f] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [2acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #​62285
• [af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#834
• [00ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [0123309566] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#840
• [00830712bc] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#838
• [a0c73425da] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cc3f294507] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#839

v20.20.1: 2026-03-05, Version 20.20.1 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [91a66e671c] - build: test on Python 3.14 (Christian Clauss) #​59983
• [f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #​61419
• [80feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #​60741

Commits

• [6f580d5399] - assert: fix deepEqual always return true on URL (Xuguang Mei) #​50853
• [91a66e671c] - build: test on Python 3.14 (Christian Clauss) #​59983
• [cc4f7af6f3] - build: skip sscache action on non-main branches (Joyee Cheung) #​61790
• [f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #​61419
• [80feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #​60741
• [fa88cc07e2] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #​60662
• [88b2eec88a] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #​61830
• [5c053264f1] - deps: V8: backport 6a0a25a (Vivian Wang) #​61687
• [4a398699d0] - deps: update googletest to 5a9c3f9 (Node.js GitHub Bot) #​61731
• [4fa43adf15] - deps: update googletest to 56efe39 (Node.js GitHub Bot) #​61605
• [1a855d490c] - deps: update googletest to 8508785 (Node.js GitHub Bot) #​61417
• [d8a9359826] - deps: update icu to 78.2 (Node.js GitHub Bot) #​60523
• [e79cd3a0bb] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #​61928
• [0707ade464] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #​61925
• [dc5a3cddef] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #​61827
• [46043b94c7] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #​61135
• [6be15a596e] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #​61271
• [10881404cd] - deps: update timezone to 2025c (Node.js GitHub Bot) #​61138
• [1594a78c85] - deps: update googletest to 065127f (Node.js GitHub Bot) #​61055
• [7fa2ee1933] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #​60898
• [09259532ef] - deps: update googletest to 1b96fa1 (Node.js GitHub Bot) #​60739
• [aa8bdb6886] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #​60646
• [cc849fde27] - deps: update googletest to 279f847 (Node.js GitHub Bot) #​60219
• [a99ba553a2] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [6349a79f5f] - deps: update googletest to 7e17b15 (Node.js GitHub Bot) #​59131
• [8ba759f1a0] - deps: update googletest to 35b75a2 (Node.js GitHub Bot) #​58710
• [927d906850] - deps: update googletest to e9092b1 (Node.js GitHub Bot) #​58565
• [bf8919f5c2] - deps: update googletest to 0bdccf4 (Node.js GitHub Bot) #​57380
• [ae6231dac0] - deps: update googletest to e235eb3 (Node.js GitHub Bot) #​56873
• [0561c62e85] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #​61732
• [f0ef221b0d] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #​60543
• [15bd0da404] - deps: update archs files for openssl (Antoine du Hamel) #​61912
• [04d439323f] - deps: upgrade openssl sources to openssl-3.0.19 (Antoine du Hamel) #​61912
• [2ea16d3bd6] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #​61510
• [622f973d1c] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #​60842
• [2cd265d8b9] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #​60643
• [65e839687b] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #​60550
• [2dc99d2771] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #​61453
• [2c7b84b1d8] - doc: fix typo in http.md (Michael Solomon) #​59354
• [a84b42667c] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #​59344
• [ffd0ada45f] - doc: fix typo in test/common/README.md (Yoo) #​59180
• [b4d9d006e7] - doc: fix broken sentence in URL.parse (Superchupu) #​59164
• [45e9971d9c] - doc: fix typo in writing-test.md (SeokHun) #​59123
• [e9fd10b5d6] - doc: fix fetch subsections in globals.md (Antoine du Hamel) #​58933
• [3715dd1c2b] - doc: fix wrong RFC number in http2 (Deokjin Kim) #​58753
• [098c017eac] - doc: punctuation fix for Node-API versioning clarification (Jiacai Liu) #​58599
• [545bf434e1] - doc: fix typo of file http.md, outgoingMessage.setTimeout section (yusheng chen) #​58188
• [b3d6683e7b] - doc: support toolchain with Visual Studio 2019 & 2022 only (Mike McCready) #​61450
• [8fdde5d110] - doc: fix v20 changelog after security release (Marco Ippolito) #​61371
• [31d04599be] - http: fix keep-alive not timing out after post-request empty line (Shima Ryuhei) #​58178
• [5ec7d1eba0] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #​61402
• [5c091d5a96] - meta: persist sccache daemon until end of build workflows (René) #​61639
• [183353aba0] - path,win: fix bug in resolve and normalize (Hüseyin Açacak) #​55623
• [dbe9e5091b] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #​61948
• [4106bfc775] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #​60995
• [de51937306] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #​60565
• [368b221be3] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #​61629
• [e134912a33] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #​59158
• [5630170d3e] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #​58478
• [1e5363bb63] - test: mark test-http2-debug as flaky on LinuxONE (Richard Lau) #​58494
• [662998787a] - test: set test-fs-cp as flaky (Stefan Stojanovic) #​56799
• [0807127339] - test: mark test-esm-loader-hooks-inspect-wait flaky (Richard Lau) #​56803
• [6320cd0721] - test: skip strace test with shared openssl (Richard Lau) #​61987
• [83b9f8ee02] - tools: make nodedownload module compatible with Python 3.14 (Lumír 'Frenzy' Balhar) #​58752
• [6cf9b5786e] - tools: enforce removal of lts-watch-* labels on release proposals (Antoine du Hamel) #​61672
• [cd4161499c] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #​61663
• [6dc2a99a0d] - tools: validate release commit diff as part of lint-release-proposal (Antoine du Hamel) #​61440
• [5014f22332] - tools: add read permission to workflows that read contents (Antoine du Hamel) #​58255
• [6c3ad2a5a3] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #​61903
• [1abada9c34] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #​61899
• [f260e40127] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #​61759
• [64beca5e01] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #​61734

v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
  lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
  src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
  src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
  tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

Commits

• [8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #​60997
• [97fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#792
• [14fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• [1febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [51f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [85f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313

Commits

• [0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #​59547
• [fba0025b9c] - build: use windows-2025 runner (Michaël Zasso) #​59673
• [3456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #​59956
• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [1788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #​60112
• [5d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #​59791
• [9f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #​59689
• [d0edb01d25] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #​59335
• [576242ff39] - deps: V8: cherry-pick a0d0d4f (Ho Cheung) #​60716
• [a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #​60314
• [fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #​59133
• [acec79989e] - deps: V8: cherry-pick 6b1b9bc (zhoumingtao) #​59283
• [e65b930aa7] - deps: V8: backport 2e4c5cf (Michaël Zasso) #​60654
• [1b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [2426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #​59806
• [e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #​59562
• [e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #​59579
• [8a504d900a] - doc: fix missing link to the Error documentation in the http page (Alexander Makarenko) #​59080
• [8c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #​59591
• [109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #​59470
• [4f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #​59445
• [caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #​58876
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [19a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #​58504
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313
• [3b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [960d05ad7d] - doc: add history entries to --input-type section (Antoine du Hamel) #​58175
• [20616f1750] - http2: do not crash on mismatched ping buffer length (René) #​60135
• [9eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #​59261
• [dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [7cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #​54347
• [bb108191aa] - meta: call create-release-post.yml post release (Aviv Keller) #​60366
• [2a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #​58646
• [144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #​59607
• [b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #​59487
• [2c8a73f95f] - src: remove duplicate assignment of O_EXCL in node_constants.cc (Daniel Osvaldo R) #​59049
• [b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [4b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #​59755
• [9543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #​59640
• [4f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #​59637
• [3ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #​59563
• [a7a109f926] - test: fix typos (Lee Jiho) #​59330
• [fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #​60419
• [bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #​59414
• [0cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #​58840
• [76001f9480] - tools: remove unused actions from build-tarball.yml (Antoine du Hamel) #​59787
• [69904844bb] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #​59785
• [a6e7adb173] - tools: fix return value of try_check_compiler (theanarkh) #​59434
• [6443ad2da5] - tools: drop deprecated macos-13 runner (Richard Lau) #​60679
• [45ec702ef7] - tools: fix tools/make-v8.sh for clang (Richard Lau) #​59893
• [393ff7226e] - util: fix numericSeparator with negative fractional numbers (sangwook) #​59379
• [9e8beff0f4] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #​59446

v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241

Commits

• [ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #​58270
• [c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #​58171
• [d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #​58867
• [84d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #​58213
• [068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #​58942
• [edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #​57498
• [0473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #​58628
• [1218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #​57768
• [0e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #​56655
• [a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [82c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #​57180
• [43e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #​56855
• [91282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #​58566
• [b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #​58711
• [ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #​57382
• [142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #​58712
• [fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #​58144
• [c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #​57386
• [cded8e7e77] - dns: fix parse memory leaky (theanarkh) #​58973
• [182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #​58404
• [621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #​57449
• [b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #​57426
• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #​58911
• [38e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #​57318
• [d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #​57309
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [8c3bc156ed] - doc: clarify path.isAbsolute is not path traversal mitigation (Eric Fortis) #​57073
• [e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #​56835
• [e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #​57219
• [026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #​57183
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241
• [ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #​57076
• [1db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #​52607
• [b73a1356ce] - doc: add module namespace object links (Dario Piotrowicz) #​57093
• [09368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #​57092
• [2c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #​57090
• [cd8259cb4e] - doc: modules.md: fix distance definition (Alexander “weej” Jones) #​57046
• [7b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #​57091
• [14fcfc242b] - doc: add a note about require('../common') in testing documentation (Aditi) #​56953
• [bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #​57028
• [acd4d7f269] - doc: improve documentation on argument validation (Aditi) #​56954
• [4cd6b3ca73] - doc: buffer: fix typo on Buffer.copyBytesFrom( offset option (tpoisseau) #​57015
• [01220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #​57004
• [[77a0505a32](https://redirect.gi

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 3am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​eslint@​8.57.0 ⏵ 8.57.1	+1		+1
	npm/​eslint-config-prettier@​9.1.0 ⏵ 9.1.2
	npm/​eslint-config-sanity@​7.1.2 ⏵ 7.1.4	+2		+1	+1
	npm/​prettier@​3.3.3 ⏵ 3.8.3	+1		+1
	npm/​groq-js@​1.26.0 ⏵ 1.30.0			+1	+1

View full report