🤖 Merge PR DefinitelyTyped#73910 node: v24.10 by @Renegade334

Author: Renegade334

types/node/console.d.ts

@@ -431,9 +431,10 @@ declare module "node:console" {
                 colorMode?: boolean | "auto" | undefined;
                 /**
                  * Specifies options that are passed along to
-                 * [`util.inspect()`](https://nodejs.org/docs/latest-v24.x/api/util.html#utilinspectobject-options).
+                 * `util.inspect()`. Can be an options object or, if different options
+                 * for stdout and stderr are desired, a `Map` from stream objects to options.
                  */
-                inspectOptions?: InspectOptions | undefined;
+                inspectOptions?: InspectOptions | ReadonlyMap<NodeJS.WritableStream, InspectOptions> | undefined;
                 /**
                  * Set group indentation.
                  * @default 2

types/node/package.json

@@ -1,7 +1,7 @@
 {
     "private": true,
     "name": "@types/node",
-    "version": "24.9.9999",
+    "version": "24.10.9999",
     "nonNpm": "conflict",
     "nonNpmDescription": "Node.js",
     "projects": [

types/node/sqlite.d.ts

@@ -329,6 +329,64 @@ declare module "node:sqlite" {
             func: (...args: SQLOutputValue[]) => SQLInputValue,
         ): void;
         function(name: string, func: (...args: SQLOutputValue[]) => SQLInputValue): void;
+        /**
+         * Sets an authorizer callback that SQLite will invoke whenever it attempts to
+         * access data or modify the database schema through prepared statements.
+         * This can be used to implement security policies, audit access, or restrict certain operations.
+         * This method is a wrapper around [`sqlite3_set_authorizer()`](https://sqlite.org/c3ref/set_authorizer.html).
+         *
+         * When invoked, the callback receives five arguments:
+         *
+         * * `actionCode` {number} The type of operation being performed (e.g.,
+         *   `SQLITE_INSERT`, `SQLITE_UPDATE`, `SQLITE_SELECT`).
+         * * `arg1` {string|null} The first argument (context-dependent, often a table name).
+         * * `arg2` {string|null} The second argument (context-dependent, often a column name).
+         * * `dbName` {string|null} The name of the database.
+         * * `triggerOrView` {string|null} The name of the trigger or view causing the access.
+         *
+         * The callback must return one of the following constants:
+         *
+         * * `SQLITE_OK` - Allow the operation.
+         * * `SQLITE_DENY` - Deny the operation (causes an error).
+         * * `SQLITE_IGNORE` - Ignore the operation (silently skip).
+         *
+         * ```js
+         * import { DatabaseSync, constants } from 'node:sqlite';
+         * const db = new DatabaseSync(':memory:');
+         *
+         * // Set up an authorizer that denies all table creation
+         * db.setAuthorizer((actionCode) => {
+         *   if (actionCode === constants.SQLITE_CREATE_TABLE) {
+         *     return constants.SQLITE_DENY;
+         *   }
+         *   return constants.SQLITE_OK;
+         * });
+         *
+         * // This will work
+         * db.prepare('SELECT 1').get();
+         *
+         * // This will throw an error due to authorization denial
+         * try {
+         *   db.exec('CREATE TABLE blocked (id INTEGER)');
+         * } catch (err) {
+         *   console.log('Operation blocked:', err.message);
+         * }
+         * ```
+         * @since v24.10.0
+         * @param callback The authorizer function to set, or `null` to
+         * clear the current authorizer.
+         */
+        setAuthorizer(
+            callback:
+                | ((
+                    actionCode: number,
+                    arg1: string | null,
+                    arg2: string | null,
+                    dbName: string | null,
+                    triggerOrView: string | null,
+                ) => number)
+                | null,
+        ): void;
         /**
          * Whether the database is currently open or not.
          * @since v22.15.0
@@ -826,5 +884,54 @@ declare module "node:sqlite" {
          * @since v22.12.0
          */
         const SQLITE_CHANGESET_ABORT: number;
+        /**
+         * Deny the operation and cause an error to be returned.
+         * @since v24.10.0
+         */
+        const SQLITE_DENY: number;
+        /**
+         * Ignore the operation and continue as if it had never been requested.
+         * @since 24.10.0
+         */
+        const SQLITE_IGNORE: number;
+        /**
+         * Allow the operation to proceed normally.
+         * @since v24.10.0
+         */
+        const SQLITE_OK: number;
+        const SQLITE_CREATE_INDEX: number;
+        const SQLITE_CREATE_TABLE: number;
+        const SQLITE_CREATE_TEMP_INDEX: number;
+        const SQLITE_CREATE_TEMP_TABLE: number;
+        const SQLITE_CREATE_TEMP_TRIGGER: number;
+        const SQLITE_CREATE_TEMP_VIEW: number;
+        const SQLITE_CREATE_TRIGGER: number;
+        const SQLITE_CREATE_VIEW: number;
+        const SQLITE_DELETE: number;
+        const SQLITE_DROP_INDEX: number;
+        const SQLITE_DROP_TABLE: number;
+        const SQLITE_DROP_TEMP_INDEX: number;
+        const SQLITE_DROP_TEMP_TABLE: number;
+        const SQLITE_DROP_TEMP_TRIGGER: number;
+        const SQLITE_DROP_TEMP_VIEW: number;
+        const SQLITE_DROP_TRIGGER: number;
+        const SQLITE_DROP_VIEW: number;
+        const SQLITE_INSERT: number;
+        const SQLITE_PRAGMA: number;
+        const SQLITE_READ: number;
+        const SQLITE_SELECT: number;
+        const SQLITE_TRANSACTION: number;
+        const SQLITE_UPDATE: number;
+        const SQLITE_ATTACH: number;
+        const SQLITE_DETACH: number;
+        const SQLITE_ALTER_TABLE: number;
+        const SQLITE_REINDEX: number;
+        const SQLITE_ANALYZE: number;
+        const SQLITE_CREATE_VTABLE: number;
+        const SQLITE_DROP_VTABLE: number;
+        const SQLITE_FUNCTION: number;
+        const SQLITE_SAVEPOINT: number;
+        const SQLITE_COPY: number;
+        const SQLITE_RECURSIVE: number;
     }
 }

types/node/test/console.ts

@@ -18,11 +18,13 @@ import { createWriteStream } from "node:fs";
             colorMode: "auto",
             ignoreErrors: true,
             groupIndentation: 2,
+            inspectOptions: { depth: 1 },
         };
         consoleInstance = new console.Console(opts);
         consoleInstance = new console.Console({
             stdout: writeStream,
             colorMode: false,
+            inspectOptions: new Map([[writeStream, { depth: 1 }]]),
         });
         consoleInstance = new console.Console({
             stdout: writeStream,

types/node/test/sqlite.ts

@@ -163,3 +163,14 @@ import { TextEncoder } from "node:util";
     tagStore.db; // $ExpectType DatabaseSync
     tagStore.clear();
 }
+
+{
+    const db = new DatabaseSync(":memory:");
+
+    db.setAuthorizer((actionCode) => {
+        if (actionCode === constants.SQLITE_CREATE_TABLE) {
+            return constants.SQLITE_DENY;
+        }
+        return constants.SQLITE_OK;
+    });
+}

types/node/url.d.ts

@@ -71,20 +71,44 @@ declare module "url" {
      * A `URIError` is thrown if the `auth` property is present but cannot be decoded.
      *
      * `url.parse()` uses a lenient, non-standard algorithm for parsing URL
-     * strings. It is prone to security issues such as [host name spoofing](https://hackerone.com/reports/678487) and incorrect handling of usernames and passwords. Do not use with untrusted
-     * input. CVEs are not issued for `url.parse()` vulnerabilities. Use the `WHATWG URL` API instead.
+     * strings. It is prone to security issues such as [host name spoofing](https://hackerone.com/reports/678487)
+     * and incorrect handling of usernames and passwords. Do not use with untrusted
+     * input. CVEs are not issued for `url.parse()` vulnerabilities. Use the
+     * [WHATWG URL](https://nodejs.org/docs/latest-v24.x/api/url.html#the-whatwg-url-api) API instead, for example:
+     *
+     * ```js
+     * function getURL(req) {
+     *   const proto = req.headers['x-forwarded-proto'] || 'https';
+     *   const host = req.headers['x-forwarded-host'] || req.headers.host || 'example.com';
+     *   return new URL(req.url || '/', `${proto}://${host}`);
+     * }
+     * ```
+     *
+     * The example above assumes well-formed headers are forwarded from a reverse
+     * proxy to your Node.js server. If you are not using a reverse proxy, you should
+     * use the example below:
+     *
+     * ```js
+     * function getURL(req) {
+     *   return new URL(req.url || '/', 'https://example.com');
+     * }
+     * ```
      * @since v0.1.25
      * @deprecated Use the WHATWG URL API instead.
      * @param urlString The URL string to parse.
-     * @param [parseQueryString=false] If `true`, the `query` property will always be set to an object returned by the {@link querystring} module's `parse()` method. If `false`, the `query` property
-     * on the returned URL object will be an unparsed, undecoded string.
-     * @param [slashesDenoteHost=false] If `true`, the first token after the literal string `//` and preceding the next `/` will be interpreted as the `host`. For instance, given `//foo/bar`, the
-     * result would be `{host: 'foo', pathname: '/bar'}` rather than `{pathname: '//foo/bar'}`.
+     * @param parseQueryString If `true`, the `query` property will always
+     * be set to an object returned by the [`querystring`](https://nodejs.org/docs/latest-v24.x/api/querystring.html) module's `parse()`
+     * method. If `false`, the `query` property on the returned URL object will be an
+     * unparsed, undecoded string. **Default:** `false`.
+     * @param slashesDenoteHost If `true`, the first token after the literal
+     * string `//` and preceding the next `/` will be interpreted as the `host`.
+     * For instance, given `//foo/bar`, the result would be
+     * `{host: 'foo', pathname: '/bar'}` rather than `{pathname: '//foo/bar'}`.
+     * **Default:** `false`.
      */
-    function parse(urlString: string): UrlWithStringQuery;
     function parse(
         urlString: string,
-        parseQueryString: false | undefined,
+        parseQueryString?: false,
         slashesDenoteHost?: boolean,
     ): UrlWithStringQuery;
     function parse(urlString: string, parseQueryString: true, slashesDenoteHost?: boolean): UrlWithParsedQuery;