Skip to content

Update Node.js to v24.18.0#10505

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/node-24.x
Open

Update Node.js to v24.18.0#10505
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/node-24.x

Conversation

@renovate

@renovate renovate Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
node (source) minor 24.16.024.18.0

Release Notes

nodejs/node (node)

v24.18.0: 2026-06-23, Version 24.18.0 'Krypton' (LTS), @​richardlau prepared by @​sxa

Compare Source

Notable Changes
  • [e07e7a31e1] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #​63527
  • [44c8ebcbd6] - http: avoid stream listeners on idle agent sockets (Matteo Collina) #​64004
  • [d3ef4122ee] - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina) #​63597
  • [bb2857b85a] - (SEMVER-MINOR) crypto: align key argument names in docs and error messages (Filip Skokan) #​62527
  • [b9d5e87880] - (SEMVER-MINOR) crypto: accept key data in crypto.diffieHellman() and cleanup DH jobs (Filip Skokan) #​62527
  • [ccd756d61e] - (SEMVER-MINOR) crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms (Filip Skokan) #​62183
  • [4c9251fc09] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #​63155
  • [8c989ec4a3] - (SEMVER-MINOR) inspector: expose precise coverage start to JS runtime (sangwook) #​63079
  • [3f54c8ba32] - Revert "stream: noop pause/resume on destroyed streams" (Stewart X Addison) #​63834
Commits

v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes
  • (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
  • (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
  • (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
  • (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
  • (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
  • (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
  • (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
  • (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
  • (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
  • (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
  • (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
Commits

Configuration

📅 Schedule: (in timezone Europe/London)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • "after 9am and before 12pm on monday,after 9am and before 12pm on tuesday,after 9am and before 12pm on wednesday,after 9am and before 12pm on thursday"

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested review from a team as code owners June 23, 2026 12:14
@renovate renovate Bot force-pushed the renovate/node-24.x branch from 23fd1f7 to b72c3c3 Compare June 23, 2026 23:10
@renovate renovate Bot changed the title Update Node.js to v24.17.0 Update Node.js to v24.18.0 Jun 24, 2026
@renovate renovate Bot force-pushed the renovate/node-24.x branch 22 times, most recently from ae5c8c5 to e2db9b4 Compare June 30, 2026 09:52
@renovate renovate Bot force-pushed the renovate/node-24.x branch 2 times, most recently from c38bbfe to a93a2da Compare July 1, 2026 11:12
@renovate renovate Bot force-pushed the renovate/node-24.x branch 13 times, most recently from 721d0d9 to 792e7ca Compare July 10, 2026 12:58
@renovate renovate Bot force-pushed the renovate/node-24.x branch 15 times, most recently from 4e81c53 to 0e0d4f9 Compare July 14, 2026 22:14
@renovate renovate Bot force-pushed the renovate/node-24.x branch from 0e0d4f9 to 2a8a181 Compare July 14, 2026 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants