Skip to content

chore(deps): update dependency node to v24.7.0 #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 3, 2025
Merged

chore(deps): update dependency node to v24.7.0 #17

merged 1 commit into from
Sep 3, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 3, 2025

This PR contains the following updates:

Package Update Change
node (source) minor 24.6.0 -> 24.7.0

Release Notes

nodejs/node (node)

v24.7.0: 2025-08-27, Version 24.7.0 (Current), @​targos

Compare Source

Notable Changes
Post-Quantum Cryptography in node:crypto

OpenSSL 3.5 on 24.x kicked off post-quantum cryptography efforts in Node.js by
allowing use of NIST's post-quantum cryptography standards for future-proofing
applications against quantum computing threats. The following post-quantum
algorithms are now available in node:crypto:

  • ML-KEM (FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard) through new crypto.encapsulate() and crypto.decapsulate() methods.
  • ML-DSA (FIPS 204, Module-Lattice-Based Digital Signature Standard) in the existing crypto.sign() and crypto.verify() methods.

Contributed by Filip Skokan in #​59259 and #​59491.

Modern Algorithms in Web Cryptography API

The second substantial extension to the Web Cryptography API
(globalThis.crypto.subtle) was recently accepted for incubation by WICG.
The following algorithms and methods from this extension are now available in
the Node.js Web Cryptography API implementation:

  • AES-OCB
  • ChaCha20-Poly1305
  • ML-DSA
  • ML-KEM
  • SHA-3
  • SHAKE
  • subtle.getPublicKey()
  • SubtleCrypto.supports()
  • ... with more coming in future releases.

Contributed by Filip Skokan in #​59365, #​59569, #​59461, and #​59539.

Node.js execution argument support in single executable applications

The single executable application configuration now supports additional fields
to specify Node.js execution arguments and control how they can be extended when
the application is run.

  • execArgv takes an array of strings for the execution arguments to be used.
  • execArgvExtension takes one of the following values:
    • "none": No additional execution arguments are allowed.
    • "cli": Additional execution arguments can be provided via a special command-line flag --node-options="--flag1 --flag2=value" at run time.
    • "env" (default): Additional execution arguments can be provided via the NODE_OPTIONS environment variable at run time.

For example, with the following configuration:

{
  "main": "/path/to/bundled/script.js",
  "output": "/path/to/write/the/generated/blob.blob",
  "execArgv": ["--no-warnings"],
  "execArgvExtension": "cli",
}

If the generated single executable application is named sea, then running:

sea --node-options="--max-old-space-size=4096" user-arg1 user-arg2

Would be equivalent to running:

node --no-warnings --max-old-space-size=4096 /path/to/bundled/script.js user-arg1 user-arg2

Contributed by Joyee Cheung in #​59314 and #​59560.

Root certificates updated to NSS 3.114

Certificates added:

  • TrustAsia TLS ECC Root CA
  • TrustAsia TLS RSA Root CA
  • SwissSign RSA TLS Root CA 2022 - 1

Certificates removed:

  • GlobalSign Root CA
  • Entrust.net Premium 2048 Secure Server CA
  • Baltimore CyberTrust Root
  • Comodo AAA Services root
  • XRamp Global CA Root
  • Go Daddy Class 2 CA
  • Starfield Class 2 CA
Other Notable Changes
  • [d3afc63c44] - (SEMVER-MINOR) crypto: add argon2() and argon2Sync() methods (Ranieri Althoff) #​50353
  • [6ae202fcdf] - (SEMVER-MINOR) http: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #​59315
  • [dafee05358] - (SEMVER-MINOR) http2: add support for raw header arrays in h2Stream.respond() (Tim Perry) #​59455
  • [8dc6f5b696] - (SEMVER-MINOR) stream: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #​59464
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Sep 3, 2025

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Major Changes in Node.js v24.7.0:

  • Post-Quantum Cryptography: New ML-KEM and ML-DSA algorithms in node:crypto
  • Modern Web Cryptography API Extensions: New algorithms including AES-OCB, ChaCha20-Poly1305, SHA-3, SHAKE
  • Single Executable Applications: New execArgv and execArgvExtension configuration options
  • Root Certificate Updates: Updated to NSS 3.114 with certificate additions/removals
  • Minor API Additions: New HTTP Agent options, HTTP2 raw header support, Brotli compression stream support, Argon2 crypto methods

Breaking Changes:

  • None identified for this minor version update (24.6.0 → 24.7.0)

Security Fixes:

  • Root certificate updates improve security posture
  • Post-quantum cryptography additions future-proof against quantum computing threats

🎯 Impact Scope Investigation

Codebase Analysis Results:

  • Node.js Usage: Minimal direct Node.js API usage found
    • process.argv usage in src/index.ts:13 - Standard and stable API
    • Build script uses standard filesystem operations via Bun
  • Crypto Usage: No direct Node.js crypto module usage detected
  • Dependencies: Simple dependency tree with only commander runtime dependency
  • Configuration:
    • Uses TypeScript with modern ESNext target
    • Bun build system targeting Node.js runtime
    • Only changes required are in mise.toml (Node version specification)

Dependency Impact:

  • No breaking changes affecting current dependencies
  • Commander.js remains compatible with Node.js 24.7.0

💡 Recommended Actions

Immediate Actions:

  1. Safe to merge immediately - No breaking changes affect this codebase
  2. The PR only updates the Node.js version in mise.toml from 24.6.0 to 24.7.0

Optional Follow-up:

  • Consider leveraging new post-quantum cryptography features if future crypto requirements arise
  • New Web Cryptography API extensions are available but not needed for current functionality

Verification Steps:

  • No code changes required
  • Existing build and lint commands should continue working
  • TypeScript compilation remains unaffected

🔗 Reference Links

Generated by koki-develop/claude-renovate-review

@koki-develop koki-develop merged commit 61be959 into main Sep 3, 2025
6 checks passed
@koki-develop koki-develop deleted the renovate/node-24.x branch September 3, 2025 07:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@koki-develop