Changelog

nodejs/node · · 20 commits

Crypto, QUIC, and diagnostics_channel move

Major crypto refactors and new APIs land alongside QUIC, inspector, fs.statfs, and diagnostics_channel upgrades.

nodejs-github-bot jasnell panva verycosy Qard guybedford GeoffreyBooth aduh95 lilianakatrina684-a11y cola119 Renegade334

Crypto key import paths are unified (panva1ccae7c)

Node now routes asymmetric key imports through a single KeyObjectHandle::Init() entry point, covering DER/PEM, JWK, and raw formats. That removes a lot of duplicated JS/C++ glue and makes key-handling behavior more consistent across createPublicKey(), createPrivateKey(), sign(), verify(), and WebCrypto.

diagnostics_channel gains bounded channels and scope helpers (Qardcb78a7f)

A new boundedChannel() API and store-scope helpers were added for synchronous tracing flows. This expands the module beyond full tracing channels and gives users cleaner lifecycle management for AsyncLocalStorage-bound instrumentation.

QUIC gets a sizable HTTP/3 and stream behavior update (jasnell57186e5, jasnell79b960a)

The QUIC stack picked up bug fixes and missing functionality, including blob wakeup handling, session/stream cleanup, and more complete HTTP/3 priority/shutdown behavior. The HTTP/3 implementation also now explicitly maps stream priorities and handles graceful GOAWAY processing.

Inspector Target now exposes target enumeration (cola119bf452bb)

The inspector protocol adds Target.getTargets, alongside a refactor that extracts a dedicated target manager. This makes worker/target tracking more structured and exposes target discovery to clients.

fs.statfs now exposes frsize (verycosyf8ee196)

statfs() results now include the filesystem fundamental block size (frsize) in both numeric and bigint forms. This matters because blocks, bfree, and bavail are defined in frsize units, so disk-usage calculations can now be accurate on filesystems where bsize differs.

Ed25519 context parameters are supported (panva9df9b66)

Signing and verification now accept a context for Ed25519 as well as Ed448/ML-DSA/SLH-DSA, aligning Node with OpenSSL’s Ed25519ctx support. The docs and tests were updated to reflect the expanded API surface.

Root certificates updated to NSS 3.121 (nodejs-github-bot7e3c244)

Node’s bundled CA set was refreshed with the latest NSS trust store data, adding and removing roots to match upstream. This keeps TLS validation current with browser ecosystem changes.

Wasm JS API WPT coverage expanded (guybedfordcd391b5, nodejs-github-bot404c3f9)

Web platform tests were updated for Wasm JS API and WebCrypto changes, including new ESM integration coverage. This helps keep Node aligned with upstream browser behavior for standards-based APIs.

Other misc changes

  • Documented deprecation of module.register() (GeoffreyBoothe9b5214)
  • Clarified collaborator guide language around experimental vs. deprecated features (aduh95f92c61f)
  • Fixed a typo in QUIC docs (lilianakatrina684-a11y60f19bc)
  • Updated docs layout for sqlite type conversion (Renegade334d587695)
  • Bumped ada to 3.4.4, googletest, nixpkgs, picomatch, and yaml (4 commits)
  • QUIC lint/format cleanup (jasnell1a88acb)
  • Minor doc/test upkeep across crypto, inspector, fs, and tooling