fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@babel/core (source)	7.28.4 -> 7.28.5			devDependencies	patch
@babel/preset-env (source)	7.28.3 -> 7.28.5			devDependencies	patch
@babel/preset-typescript (source)	7.27.1 -> 7.28.5			devDependencies	minor
@opentelemetry/auto-instrumentations-node (source)	^0.64.0 -> ^0.66.0			dependencies	minor
@opentelemetry/exporter-metrics-otlp-http (source)	^0.205.0 -> ^0.207.0			dependencies	minor
@opentelemetry/sdk-node (source)	^0.205.0 -> ^0.207.0			dependencies	minor
@types/node (source)	22.18.6 -> 22.18.12			devDependencies	patch
dotenv	17.2.2 -> 17.2.3			devDependencies	patch
esbuild	0.25.10 -> 0.25.11			devDependencies	patch
lint-staged	16.2.0 -> 16.2.6			devDependencies	patch
node (source)	22.19.0 -> 22.21.0				minor
ts-jest (source)	29.4.4 -> 29.4.5			devDependencies	patch
typedoc (source)	0.28.13 -> 0.28.14			devDependencies	patch
typescript (source)	5.9.2 -> 5.9.3			devDependencies	patch
webpack	5.101.3 -> 5.102.1			devDependencies	minor

---

Release Notes

babel/babel (@​babel/core)

v7.28.5

Compare Source

👓 Spec Compliance

• babel-parser
  • #​17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #​17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #​17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #​17521 Improve @babel/parser error typing (@​JLHwung)
  • #​17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #​17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #​17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #​17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #​17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #​17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

open-telemetry/opentelemetry-js-contrib (@​opentelemetry/auto-instrumentations-node)

v0.66.0

Compare Source

Features

• auto-instrumentations-node: add OpenAI instrumentation (#​3164) (d2b090e)
• deps: update deps matching '@​opentelemetry/*' (#​3187) (ab96334)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.53.0 to ^0.54.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.52.0 to ^0.53.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.52.0 to ^0.53.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.50.0 to ^0.51.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.22.0 to ^0.23.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.24.0 to ^0.25.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.50.0 to ^0.51.0
    • @​opentelemetry/instrumentation-express bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-fastify bumped from ^0.51.0 to ^0.52.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.26.0 to ^0.27.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.50.0 to ^0.51.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.54.0 to ^0.55.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.53.0 to ^0.54.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.54.0 to ^0.55.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.16.0 to ^0.17.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.51.0 to ^0.52.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.51.0 to ^0.52.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.50.0 to ^0.51.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.53.0 to ^0.54.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.52.0 to ^0.53.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.53.0 to ^0.54.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.53.0 to ^0.54.0
    • @​opentelemetry/instrumentation-net bumped from ^0.50.0 to ^0.51.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.4.0 to ^0.5.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.32.0 to ^0.33.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.53.0 to ^0.54.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.52.0 to ^0.53.0
    • @​opentelemetry/instrumentation-router bumped from ^0.51.0 to ^0.52.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.20.0 to ^0.21.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.53.0 to ^0.54.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.25.0 to ^0.26.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.17.0 to ^0.18.0
    • @​opentelemetry/instrumentation-winston bumped from ^0.51.0 to ^0.52.0
    • @​opentelemetry/resource-detector-alibaba-cloud bumped from ^0.31.9 to ^0.31.10
    • @​opentelemetry/resource-detector-aws bumped from ^2.6.0 to ^2.7.0
    • @​opentelemetry/resource-detector-azure bumped from ^0.14.0 to ^0.15.0
    • @​opentelemetry/resource-detector-container bumped from ^0.7.9 to ^0.7.10
    • @​opentelemetry/resource-detector-gcp bumped from ^0.41.0 to ^0.42.0

v0.65.0

Compare Source

Features

• deps: update deps matching '@​opentelemetry/*' (#​3145) (704c716)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.52.3 to ^0.53.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.57.2 to ^0.58.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.61.2 to ^0.62.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.51.4 to ^0.52.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.51.3 to ^0.52.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.49.2 to ^0.50.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.21.2 to ^0.22.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.23.3 to ^0.24.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.49.2 to ^0.50.0
    • @​opentelemetry/instrumentation-express bumped from ^0.54.3 to ^0.55.0
    • @​opentelemetry/instrumentation-fastify bumped from ^0.50.3 to ^0.51.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.25.2 to ^0.26.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.49.2 to ^0.50.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.53.3 to ^0.54.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.52.3 to ^0.53.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.53.3 to ^0.54.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.15.3 to ^0.16.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.50.2 to ^0.51.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.54.2 to ^0.55.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.50.3 to ^0.51.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.49.3 to ^0.50.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.58.3 to ^0.59.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.52.3 to ^0.53.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.51.3 to ^0.52.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.52.3 to ^0.53.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.52.2 to ^0.53.0
    • @​opentelemetry/instrumentation-net bumped from ^0.49.2 to ^0.50.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.31.3 to ^0.32.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.58.3 to ^0.59.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.52.3 to ^0.53.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.54.4 to ^0.55.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.51.2 to ^0.52.0
    • @​opentelemetry/instrumentation-router bumped from ^0.50.2 to ^0.51.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.19.2 to ^0.20.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.52.3 to ^0.53.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.24.3 to ^0.25.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.16.2 to ^0.17.0
    • @​opentelemetry/instrumentation-winston bumped from ^0.50.2 to ^0.51.0
    • @​opentelemetry/resource-detector-alibaba-cloud bumped from ^0.31.8 to ^0.31.9
    • @​opentelemetry/resource-detector-aws bumped from ^2.5.3 to ^2.6.0
    • @​opentelemetry/resource-detector-azure bumped from ^0.13.2 to ^0.14.0
    • @​opentelemetry/resource-detector-container bumped from ^0.7.8 to ^0.7.9
    • @​opentelemetry/resource-detector-gcp bumped from ^0.40.3 to ^0.41.0

v0.64.6

Compare Source

Bug Fixes

• force new release-please PR (#​3123) (0dab838)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.52.2 to ^0.52.3
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.57.1 to ^0.57.2
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.61.1 to ^0.61.2
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.51.3 to ^0.51.4
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.51.2 to ^0.51.3
    • @​opentelemetry/instrumentation-connect bumped from ^0.49.1 to ^0.49.2
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.21.1 to ^0.21.2
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.23.2 to ^0.23.3
    • @​opentelemetry/instrumentation-dns bumped from ^0.49.1 to ^0.49.2
    • @​opentelemetry/instrumentation-express bumped from ^0.54.2 to ^0.54.3
    • @​opentelemetry/instrumentation-fastify bumped from ^0.50.2 to ^0.50.3
    • @​opentelemetry/instrumentation-fs bumped from ^0.25.1 to ^0.25.2
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.49.1 to ^0.49.2
    • @​opentelemetry/instrumentation-graphql bumped from ^0.53.2 to ^0.53.3
    • @​opentelemetry/instrumentation-hapi bumped from ^0.52.2 to ^0.52.3
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.53.2 to ^0.53.3
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.15.2 to ^0.15.3
    • @​opentelemetry/instrumentation-knex bumped from ^0.50.1 to ^0.50.2
    • @​opentelemetry/instrumentation-koa bumped from ^0.54.1 to ^0.54.2
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.50.2 to ^0.50.3
    • @​opentelemetry/instrumentation-memcached bumped from ^0.49.2 to ^0.49.3
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.58.2 to ^0.58.3
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.52.2 to ^0.52.3
    • @​opentelemetry/instrumentation-mysql bumped from ^0.51.2 to ^0.51.3
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.52.2 to ^0.52.3
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.52.1 to ^0.52.2
    • @​opentelemetry/instrumentation-net bumped from ^0.49.1 to ^0.49.2
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.31.2 to ^0.31.3
    • @​opentelemetry/instrumentation-pg bumped from ^0.58.2 to ^0.58.3
    • @​opentelemetry/instrumentation-pino bumped from ^0.52.2 to ^0.52.3
    • @​opentelemetry/instrumentation-redis bumped from ^0.54.3 to ^0.54.4
    • @​opentelemetry/instrumentation-restify bumped from ^0.51.1 to ^0.51.2
    • @​opentelemetry/instrumentation-router bumped from ^0.50.1 to ^0.50.2
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.19.1 to ^0.19.2
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.52.2 to ^0.52.3
    • @​opentelemetry/instrumentation-tedious bumped from ^0.24.2 to ^0.24.3
    • @​opentelemetry/instrumentation-undici bumped from ^0.16.1 to ^0.16.2
    • @​opentelemetry/instrumentation-winston bumped from ^0.50.1 to ^0.50.2
    • @​opentelemetry/resource-detector-alibaba-cloud bumped from ^0.31.7 to ^0.31.8
    • @​opentelemetry/resource-detector-aws bumped from ^2.5.2 to ^2.5.3
    • @​opentelemetry/resource-detector-azure bumped from ^0.13.1 to ^0.13.2
    • @​opentelemetry/resource-detector-container bumped from ^0.7.7 to ^0.7.8
    • @​opentelemetry/resource-detector-gcp bumped from ^0.40.2 to ^0.40.3

v0.64.5

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.51.2 to ^0.51.3

open-telemetry/opentelemetry-js (@​opentelemetry/exporter-metrics-otlp-http)

v0.207.0

Compare Source

v0.206.0

Compare Source

motdotla/dotenv (dotenv)

v17.2.3

Compare Source

Changed

• Fixed typescript error definition (#​912)

evanw/esbuild (esbuild)

v0.25.11

Compare Source

• Add support for with { type: 'bytes' } imports (#​4292)

  The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

  import data from './image.png' with { type: 'bytes' }
  const view = new DataView(data.buffer, 0, 24)
  const width = view.getInt32(16)
  const height = view.getInt32(20)
  console.log('size:', width + '\xD7' + height)

• Lower CSS media query range syntax (#​3748, #​4293)

  With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

  @&#8203;media (640px <= width <= 960px) {
    main {
      display: flex;
    }
  }

  will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

  @​media (min-width: 640px) and (max-width: 960px) {
    main {
      display: flex;
    }
  }

lint-staged/lint-staged (lint-staged)

v16.2.6

Compare Source

Patch Changes

• #​1693 33d4502 Thanks @​Adrian-Baran-GY! - Fix problems with --continue-on-error option, where tasks might have still been killed (SIGINT) when one of them failed.

v16.2.5

Compare Source

Patch Changes

• #​1687 9e02d9d Thanks @​iiroj! - Fix unhandled promise rejection when spawning tasks (instead of the tasks themselves failing). Previously when a task failed to spawn, lint-staged also failed and the backup stash might not have been automatically restored.

v16.2.4

Compare Source

Patch Changes

• #​1682 0176038 Thanks @​iiroj! - Update dependencies, including [email protected] with bug fixes.

• #​1671 581a54e Thanks @​iiroj! - Speed up execution by only importing the yaml depedency if using YAML configuration files.

v16.2.3

Compare Source

Patch Changes

• #​1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

v16.2.2

Compare Source

Patch Changes

• #​1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

  Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

  % npx lint-staged --fail-on-changes
  ✔ Backed up original state in git stash (c18d55a3)
  ✔ Running tasks for staged files...
  ✖ Tasks modified files and --fail-on-changes was used!
  ↓ Cleaning up temporary files...
  
  ✖ lint-staged failed because `--fail-on-changes` was used.
  
  Any lost modifications can be restored from a git stash:
  
    > git stash list --format="%h %s"
    c18d55a3 On main: lint-staged automatic backup
    > git apply --index c18d55a3

v16.2.1

Compare Source

Patch Changes

• #​1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

  export default {
  ---  "*": (files: string[]) => void console.log('staged files', files)
  +++  "*": (files: readonly string[]) => void console.log('staged files', files)
  }

• #​1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

• #​1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

• #​1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

  Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

nodejs/node (node)

v22.21.0: 2025-10-20, Version 22.21.0 'Jod' (LTS), @​aduh95

Compare Source

Notable Changes

• [1486fedea1] - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) #​59151
• [bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) #​57165
• [af8b5fa29d] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [42102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #​58980
• [686ac49b82] - (SEMVER-MINOR) src: add percentage support to --max-old-space-size (Asaf Federman) #​59082

Commits

• [a71dd592e3] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #​59696
• [16c4b466f4] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #​59836
• [53cb9f3b6c] - build: add the missing macro definitions for OpenHarmony (hqzing) #​59804
• [ec5290fe01] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #​59809
• [1486fedea1] - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) #​59151
• [1f93913446] - crypto: use return await when returning Promises from async functions (Renegade334) #​59841
• [f488b2ff73] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #​59841
• [aed9fd5ac4] - crypto: avoid calls to promise.catch() (Renegade334) #​59841
• [37c2d186f0] - deps: update amaro to 1.1.4 (pmarchini) #​60044
• [28aea13419] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [ddbc1aa0bb] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [badbba2da9] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [48aaf98a08] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [e02a562ea6] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [7e0e86cb92] - deps: upgrade npm to 10.9.4 (npm team) #​60074
• [91dda5facf] - deps: update undici to 6.22.0 (Matteo Collina) #​60112
• [3a3220a2f0] - dgram: restore buffer optimization in fixBufferList (Yoo) #​59934
• [09bdcce6b8] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #​59910
• [b3eeb3bd13] - doc: provide alternative to url.parse() using WHATWG URL (Steven) #​59736
• [1ddaab1904] - doc: mention reverse proxy and include simple example (Steven) #​59736
• [3b3b71e99c] - doc: mark .env files support as stable (Santeri Hiltunen) #​59925
• [d37f67d1bd] - doc: remove optional title prefixes (Aviv Keller) #​60087
• [ca2dff63f9] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [3fca564a05] - doc: add automated migration info to deprecations (Augustin Mauroy) #​60022
• [4bc366fc16] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #​59954
• [4808dbdd9a] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [d6e303d645] - doc: update V8 fast API guidance (René) #​58999
• [0a3a3f729e] - doc: add security escalation policy (Ulises Gascón) #​59806
• [8fd669c70d] - doc: type improvement of file http.md (yusheng chen) #​58189
• [9833dc6060] - doc: rephrase dynamic import() description (Nam Yooseong) #​59224
• [2870a73681] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #​59851
• [85818db93c] - fs,win: do not add a second trailing slash in readdir (Gerhard Stöbich) #​59847
• [bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) #​57165
• [af8b5fa29d] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [758271ae66] - http: optimize checkIsHttpToken for short strings (방진혁) #​59832
• [42102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #​58980
• [a33ed9bf96] - inspector: ensure adequate memory allocation for Binary::toBase64 (René) #​59870
• [34c686be2b] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #​59687
• [12e553529c] - lib: add source map support for assert messages (Chengzhong Wu) #​59751
• [d2a70571f8] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #​59751
• [20a9e86b5d] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [c591cca15c] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #​60089
• [090ba141b1] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #​60091
• [a0ba6884a5] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #​60092
• [0feca0c541] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [7cd2b42d18] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [1f3b9d66ac] - meta: bump actions/cache from 4.2.4 to 4.3.0 (dependabot[bot]) #​60095
• [0fedbb3de7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [04590b8267] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [2bf0a9318f] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #​59914
• [e10dc7b81c] - module: allow overriding linked requests for a ModuleWrap (Chengzhong Wu) [#​59527](https://r

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 33e74ea

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.39%. Comparing base (f6bf474) to head (33e74ea).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1178      +/-   ##
==========================================
- Coverage   97.54%   97.39%   -0.15%     
==========================================
  Files          88       88              
  Lines        1346     1346              
  Branches      347      351       +4     
==========================================
- Hits         1313     1311       -2     
- Misses         29       31       +2     
  Partials        4        4              

Flag	Coverage Δ
test-coverage	97.39% <ø> (-0.15%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.