Skip to content

V22.23.2 proposal#64567

Open
juanarbol wants to merge 331 commits into
v22.xfrom
v22.23.2-proposal
Open

V22.23.2 proposal#64567
juanarbol wants to merge 331 commits into
v22.xfrom
v22.23.2-proposal

Conversation

@juanarbol

@juanarbol juanarbol commented Jul 17, 2026

Copy link
Copy Markdown
Member

2026-07-22, Version 22.23.2 'Jod' (LTS), @juanarbol

Notable Changes

  • [f0a40d436d] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527

Commits

  • [90f90ae20e] - assert,util: fix stale nested cycle memo entries (Ruben Bridgewater) #62509
  • [38984dfc94] - benchmark: fix destructuring in dgram/single-buffer (Ali Hassan) #62084
  • [c19212397c] - benchmark: add startup benchmark for ESM entrypoint (Joyee Cheung) #61769
  • [9310acbaa6] - benchmark: add streaming TextDecoder benchmark (Сковорода Никита Андреевич) #61549
  • [8ec00f4711] - buffer: optimize buffer.concat performance (Mert Can Altin) #61721
  • [f957397cd2] - build: def NODE_USE_NODE_CODE_CACHE only used in node_mksnapshot (Chengzhong Wu) #63588
  • [830dd0d6ff] - build: track PDL files as inputs in inspector GN build (Robo) #62888
  • [3bc2bac693] - build: remove redundant -fuse-linker-plugin from GCC LTO flags (Daniel Lando) #62667
  • [3e8ad4c05f] - build: support empty libname flags in configure.py (Antoine du Hamel) #62477
  • [d27545601d] - build: fix timezone-update path references (Chengzhong Wu) #62280
  • [aa9c749048] - build: use path-ignore in GHA coverage-windows.yml (Chengzhong Wu) #61811
  • [bf1769ea0c] - build: generate_config_gypi.py generates valid JSON (Shelley Vohr) #61791
  • [3df472c6db] - build: build with v8 gdbjit support on supported platform (Joyee Cheung) #61010
  • [4fe705f33b] - build: add --debug-symbols to build with -g without enabling DCHECKs (Joyee Cheung) #61100
  • [6923e097f6] - build: aix: deoptimize implementation-visitor.cc with --shared (Stewart X Addison) #61550
  • [56b1198459] - build: expose libplatform symbols in shared libnode (Joyee Cheung) #61144
  • [16535de5a7] - build: ibmi follow aix visibility (SRAVANI GUNDEPALLI) #60360
  • [86c44d5109] - build: build v8 with -fvisibility=hidden -fvisibility-inlines-hidden (Joyee Cheung) #56290
  • [afb7270785] - child_process: add tracing channel for spawn (Marco) #61836
  • [f0a40d436d] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527
  • [0249248863] - crypto: coerce -0 keylen to +0 in pbkdf2 and scrypt (Jordan Harband) #63531
  • [ac2f8f340c] - crypto: improve system certificate enumeration logic on macOS (Robo) #62576
  • [7ea06c192b] - crypto: fix unsigned conversion of 4-byte RSA publicExponent (DeepView Autofix) #62839
  • [f417abd4e4] - crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts (Tim Perry) #62254

...truncated, see the whole changelog here

@juanarbol
juanarbol requested a review from a team as a code owner July 17, 2026 22:17
@nodejs-github-bot

Copy link
Copy Markdown
Collaborator

Review requested:

  • @nodejs/actions
  • @nodejs/releasers

@nodejs-github-bot nodejs-github-bot added meta Issues and PRs related to the general management of the project. tools Issues and PRs related to the tools directory. v22.x Issues that can be reproduced on v22.x or PRs targeting the v22.x-staging branch. labels Jul 17, 2026
@juanarbol juanarbol mentioned this pull request Jul 17, 2026
juanarbol added a commit that referenced this pull request Jul 17, 2026
Notable changes:

crypto:
  * update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527

PR-URL: #64567
@juanarbol
juanarbol force-pushed the v22.23.2-proposal branch from aaebb74 to 1b5ffc1 Compare July 17, 2026 22:18
@panva panva added the release Issues and PRs related to Node.js releases. label Jul 18, 2026
juanarbol added a commit that referenced this pull request Jul 19, 2026
Notable changes:

crypto:
  * update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527

PR-URL: #64567
@juanarbol
juanarbol force-pushed the v22.23.2-proposal branch from 1b5ffc1 to c7ce3f2 Compare July 19, 2026 21:01
dependabot Bot and others added 19 commits July 19, 2026 17:30
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@e3f713f...5ef0c07)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61909
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.0 to 4.32.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b20883b...89a39a4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61911
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
PR-URL: #61944
Refs: #61903
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
PR-URL: #61833
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Replace native methods with primordials.

PR-URL: #61219
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Reviewed-By: Jordan Harband <ljharb@gmail.com>
Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Signed-off-by: marcopiraccini <marco.piraccini@gmail.com>
PR-URL: #61836
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
The WHATWG Streams spec requires that pipeTo's chunk handling must
queue a microtask before calling the write algorithm. This ensures
that enqueue() does not synchronously trigger writes.

Previously, PipeToReadableStreamReadRequest[kChunk] would synchronously
call writableStreamDefaultWriterWrite(), which violated the spec and
caused the WPT test "enqueue() must not synchronously call write
algorithm" to fail.

Fix by wrapping the write operation in queueMicrotask(), which defers
it to the next microtask as required by the spec.

Refs: whatwg/streams#1243
PR-URL: #61800
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
Signed-off-by: Igor <igorshevelenkov4@gmail.com>
PR-URL: #61525
Fixes: #61462
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com>
Reviewed-By: Jacob Smith <jacob@frende.me>
PR-URL: #61974
Refs: #38161
Reviewed-By: Kohei Ueno <kohei.ueno119@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.3.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.3)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61976
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #61773
Refs: #61762
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
As specified in WebIDL (<https://webidl.spec.whatwg.org/#js-dictionary>),
the fields of a dictionary need to be read in lexicographical order.

PR-URL: #61980
Reviewed-By: Jason Zhang <xzha4350@gmail.com>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #61721
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
PR-URL: #61916
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
PR-URL: #62020
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Bumps [minimatch](https://github.com/isaacs/minimatch)
from 3.1.2 to 3.1.3.
- [Changelog](http://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.3)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: #61977
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: #62034
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Add validateHeaderName/validateHeaderValue checks for non-link
headers and checkInvalidHeaderChar for the Link value in HTTP/1.1
writeEarlyHints, closing a CRLF injection gap where header names
and values were concatenated into the raw response without
validation.

Also tighten linkValueRegExp to reject CR/LF inside the <...>
URL portion of Link header values.

PR-URL: #61897
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
PR-URL: #61972
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
jasnell and others added 29 commits July 19, 2026 17:31
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: #63483
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Signed-off-by: Daijiro Wachi <daijiro.wachi@gmail.com>
PR-URL: #63511
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #63373
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63516
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com>
`validateInt32(keylen, 'keylen', 0)` lets `-0` through: `typeof -0` is
`'number'`, `Number.isInteger(-0)` is `true`, and `-0 < 0` is `false`.
The value then reaches the PBKDF2Job binding, whose `IsInt32()` check
fails (V8 boxes `-0` as a HeapNumber rather than a tagged SMI) and
aborts the process with SIGABRT.
Coerce `keylen` to `+0`
after validation so the binding sees a true Int32.

Reachable from any caller that forwards a JSON-parsed value,
since `JSON.parse('{"keylen":-0}').keylen` preserves the sign.

Mirror of the prior pbkdf2 fix. `validateInt32(keylen, 'keylen', 0)`
lets `-0` through (since `-0 < 0` is `false`), and the ScryptJob
binding's `IsInt32()` check at `crypto_scrypt.cc` aborts the process
with SIGABRT because V8 boxes `-0` as a HeapNumber rather than a
tagged SMI. Coerce `keylen` to `+0` after validation.

Signed-off-by: Jordan Harband <ljharb@gmail.com>
PR-URL: #63531
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This is the [`certdata.txt`][0] from NSS 3.123.1.

This is the version of NSS that shipped in Firefox 151.0.1 on 2026-05-21

Certificates removed:
- QuoVadis Root CA 2
- QuoVadis Root CA 3
- DigiCert Assured ID Root CA
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
- SwissSign Gold CA - G2
- SecureTrust CA
- Secure Global CA
- COMODO Certification Authority
- Certigna
- certSIGN ROOT CA
- Izenpe.com
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- TeliaSonera Root CA v1
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
- GLOBALTRUST 2020
- GTS Root R2
- FIRMAPROFESIONAL CA ROOT-A WEB

[0]: https://raw.githubusercontent.com/nss-dev/nss/refs/tags/NSS_3_123_1_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #63527
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63515
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com>
The example claimed that posting a URL object via MessageChannel would
print an empty object, but since v21.0.0 (commit d920b7c) it
throws a DataCloneError. Update the example and surrounding text to
reflect the current behavior.

Fixes: #60504

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
PR-URL: #62203
Fixes: #60504
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: #63479
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: RonGamzu <37371774+RonGamzu@users.noreply.github.com>
PR-URL: #63465
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Original commit message:

    Fix a bug causing the session module to dereference a NULL pointer when applying a corrupt changeset.
    FossilOrigin-Name: e807d4e3798efd532b3d78d1dfe513ed4fbd3cb793dd0ae5c30cae6031422b10

Refs: https://sqlite.org/src/info/e807d4e3798efd53
Signed-off-by: junius-sec <sksch323@naver.com>
PR-URL: #63525
Refs: https://hackerone.com/reports/3736889
Refs: sqlite/sqlite@b869ed6
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Guards scheduled jobs in daily.yml, codeql.yml, and scorecard.yml so
they only run on nodejs/node, matching the pattern already used in
tools.yml, stale.yml, and others. This prevents wasted Actions minutes
and failed-run email notifications on forks.

Signed-off-by: Jamie Magee <jamie.magee@gmail.com>
PR-URL: #63565
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63405
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63414
Fixes: #63412
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
PR-URL: #62331
Refs: #61478
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Aviv Keller <me@aviv.sh>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Signed-off-by: Renegade334 <contact.9a5d6388@renegade334.me.uk>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: #63583
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63586
Refs: nodejs/node-core-utils#1043
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Signed-off-by: Chengzhong Wu <cwu631@bloomberg.net>
PR-URL: #63588
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Signed-off-by: Chengzhong Wu <legendecas@gmail.com>
PR-URL: #63591
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Forward Node.js tail stream data through a pipe-style data listener
instead of manually draining readable events. This keeps compose closer
to the stream pipe hot path while preserving backpressure with pause
and resume.

Signed-off-by: Kamat, Trivikram <16024985+trivikr@users.noreply.github.com>
Assisted-by: openai:gpt-5.5
PR-URL: #63593
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Defer non-critical warnings to the next event loop iteration when
can_call_into_js() returns false. This prevents crashes when V8
emits warnings during REPL preview evaluation or other contexts
where JavaScript execution is temporarily forbidden.

When a warning is emitted inside DisallowJavascriptExecutionScope,
ProcessEmitWarningGeneric cannot be called immediately. Instead,
use env->SetImmediate() to queue the warning emission for after
the scope exits. This preserves full warning formatting, deprecation
codes, and --redirect-warnings routing.

Signed-off-by: Divyanshu Sharma <Divyanshu88999@gmail.com>
PR-URL: #63491
Fixes: #63473
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #63609
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63621
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Joyee Cheung <joyeec9h3@gmail.com>
PR-URL: #63650
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
PR-URL: #62962
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Original commit message:

    Fixes #1056

    The commit
    c-ares/c-ares@1d1b3d4
    refactored the function to use wide strings, but didn't touch this
    check. Because an empty wide string would now be size 2 and not 1, the
    empty string would go on and cause the DNS domain list to be replaced
    with nothing.

    Signed-off-by: @dankmeme01

Refs: c-ares/c-ares@8ba37af
PR-URL: #64110
Fixes: #62347
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #64330
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #63752
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Notable changes:

crypto:
  * update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #63527

PR-URL: #64567
@juanarbol
juanarbol force-pushed the v22.23.2-proposal branch from c7ce3f2 to 743915d Compare July 19, 2026 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

meta Issues and PRs related to the general management of the project. release Issues and PRs related to Node.js releases. tools Issues and PRs related to the tools directory. v22.x Issues that can be reproduced on v22.x or PRs targeting the v22.x-staging branch.

Projects

None yet

Development

Successfully merging this pull request may close these issues.