Skip to content

chore(deps): bump node-libcurl from 5.0.0-3 to 5.0.1 #1420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kdev merged 1 commit into from
Nov 24, 2025
Merged

chore(deps): bump node-libcurl from 5.0.0-3 to 5.0.1 #1420

kdev merged 1 commit into from
Nov 24, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025
edited
Loading

Bumps node-libcurl from 5.0.0-3 to 5.0.1.

Changelog

Sourced from node-libcurl's changelog.

[5.0.1] - 2025-11-13

Fixed

  • Building from source on macOS would not work properly.

[5.0.0] - 2025-01-13

Breaking Change

  • The prebuilt binary is now built with libcurl 8.17.0. Every breaking change introduced by libcurl 8 is also a breaking change for this version. 
    Version: libcurl/8.17.0 OpenSSL/3.5.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.7 libidn2/2.1.1 libssh2/1.10.0 nghttp2/1.66.0 ngtcp2/1.17.0 nghttp3/1.12.0 OpenLDAP/2.6.9
Protocols: dict, file, ftp, ftps, gopher, gophers, http, https, imap, imaps, ldap, ldaps, mqtt, pop3, pop3s, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp, ws, wss
Features: AsynchDNS, IDN, IPv6, Largefile, NTLM, SSL, libz, brotli, TLS-SRP, HTTP2, UnixSockets, HTTPS-proxy, alt-svc
  • Minimum supported Electron version is now Electron v38.0.0 (moving forward prebuilt binaries will only be available for the latest 2 versions of Electron).
  • Mininum supported libcurl version is now libcurl 7.81.0.
  • Windows 32-bit support is now dropped.
  • Minimum supported versions:
    • Node.js >= v22.20.0 (which bundles OpenSSL 3.5.2).
    • Electron >= v38.0.0.
    • libcurl >= v7.81.0.
    • Ubuntu >= v22.04.
    • Alpine >= 3.21
    • C++ compilers supporting c++20
  • Errors thrown by the addon are now instances of one of the following classes:
    • CurlEasyError
    • CurlMultiError
    • CurlSharedError These classes extends the CurlError class. Previously the addon used to throw only native Javascript errors, such as Error, TypeError, etc. The curly related errors also inherit from the CurlError class, and do not have a isCurlError property anymore. Any caught error thrown from user callbacks will be added as the cause property of the error.
  • Every Easy handle is now initialized with default CA certificates from Node.js's tls module, by using the result of the getCACertificates function. This is done using CURLOPT_CAINFO_BLOB. This is a breaking change if you were passing custom CA certificates before using CAINFO, as CURLOPT_CAINFO_BLOB takes priority over it. If that is the case, you can avoid the default behavior by calling setOpt("CAINFO_BLOB", null) on the Easy handle. The TLS certificate is loaded into memory only once for each JavaScript context.
  • HSTSREADFUNCTION callback now receives an object with the maxHostLengthBytes property, which is the maximum length of the host name that can be returned by the callback.
  • The minimum macOS version is now Sonoma (13)
  • Curl.globalCleanup is a no-op now. The addon will automatically call curl_global_cleanup when the process exits. This method will be removed in a future major version.
  • Curl.globalInit is a no-op now. The addon will automatically call curl_global_init when the process starts. This method will be removed in a future major version.

Fixed

  • CurlHttpVersion.V3 not being set to the proper value (was not set to 30)

Added

  • Prebuilt binaries have HTTP/3 support enabled across all platforms. This is supported by licurl when building with OpenSSL >= 3.5 and nghttp3 >= 1.66. To use OpenSSL >= 3.5 a Node.js version >= 22.20.0 is required.
  • The addon has been rewritten to use N-API, which will streamline the process of supporting newer Node.js versions in the future.
  • The addon is now worker threads safe. See examples/22-worker-threads.js for usage example.
  • Added native WebSocket support (requires libcurl >= 7.86.0):
    • Easy.wsRecv(buffer) - Receive WebSocket frames with metadata
    • Easy.wsSend(buffer, flags, fragsize?) - Send WebSocket frames (text, binary, ping, pong, close)
    • Easy.wsMeta() - Get WebSocket frame metadata
    • CurlWs enum for WebSocket frame flags (Text, Binary, Close, Ping, Pong, Cont, Offset)
    • CurlWsOptions enum for WebSocket options (RawMode, NoAutoPong)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from kdev as a code owner November 24, 2025 08:19
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 24, 2025
@socket-security
Copy link

socket-security bot commented Nov 24, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednode-libcurl@​5.0.0-3 ⏵ 5.0.199 +21100100 +192 +2100

View full report

@dependabot
chore(deps): bump node-libcurl from 5.0.0-3 to 5.0.1
896247d 
Bumps [node-libcurl](https://github.com/JCMais/node-libcurl) from 5.0.0-3 to 5.0.1.
- [Release notes](https://github.com/JCMais/node-libcurl/releases)
- [Changelog](https://github.com/JCMais/node-libcurl/blob/develop/CHANGELOG.md)
- [Commits](JCMais/node-libcurl@v5.0.0-3...v5.0.1)

---
updated-dependencies:
- dependency-name: node-libcurl
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/dev/node-libcurl-5.0.1 branch from 50e0844 to 896247d Compare November 24, 2025 10:30
@kdev kdev merged commit 944d068 into dev Nov 24, 2025
7 checks passed
@kdev kdev deleted the dependabot/npm_and_yarn/dev/node-libcurl-5.0.1 branch November 24, 2025 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kdev kdev kdev approved these changes

Assignees

@kdev kdev

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kdev