2025-09-24, Version 22.20.0 'Jod' (LTS)

[github-actions]

2025-09-24, Version 22.20.0 'Jod' (LTS), @richardlau

Notable Changes

OpenSSL updated to 3.5.2

For official Node.js builds, or builds using the default build configuration, Node.js now bundles OpenSSL 3.5.2. This update allows Node.js 22.x to be supported through to the planned End-of-Life date of 2027-04-30 as the previously bundled OpenSSL 3.0.x goes out of support in September 2026.

This change does not affect third-party builds of Node.js that link to an external OpenSSL (or OpenSSL-compatible) library.

Other notable changes

• [5b83e1e0a2] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571
• [34b25fd97b] - doc: stabilize --disable-sigusr1 (Rafael Gonzaga) #59707
• [bf41218ed9] - doc: mark path.matchesGlob as stable (Aviv Keller) #59572
• [1dbad2058f] - (SEMVER-MINOR) http: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315
• [062e837d5f] - (SEMVER-MINOR) http2: add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455
• [b8066611c3] - inspector: add http2 tracking support (Darshan Sen) #59611
• [9b7dd40da8] - (SEMVER-MINOR) sea: implement execArgvExtension (Joyee Cheung) #59560
• [48bfbd3dca] - (SEMVER-MINOR) sea: support execArgv in sea config (Joyee Cheung) #59314
• [cf06e74076] - (SEMVER-MINOR) stream: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464
• [62bb80c17e] - (SEMVER-MINOR) test_runner: support object property mocking (Idan Goshen) #58438
• [9e2aa23be9] - (SEMVER-MINOR) worker: add cpu profile APIs for worker (theanarkh) #59428

Commits

• [b7b78fd565] - assert: cap input size in myersDiff to avoid Int32Array overflow (Haram Jeong) #59578
• [9da50a6c53] - benchmark: sqlite prevent create both tables on prepare selects (Bruno Rodrigues) #59709
• [4c1538770e] - benchmark: calibrate config array-vs-concat (Rafael Gonzaga) #59587
• [fc3f82d683] - benchmark: calibrate config v8/serialize.js (Rafael Gonzaga) #59586
• [e95c9b2950] - benchmark: reduce readfile-permission-enabled config (Rafael Gonzaga) #59589
• [e4fea38b31] - benchmark: calibrate length of util.diff (Rafael Gonzaga) #59588
• [c5d68c4a0f] - benchmark, test: replace CRLF variable with string literal (Lee Jiho) #59466
• [129a1d673b] - build: fix getting OpenSSL version on Windows (Michaël Zasso) #59609
• [9f53db7162] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547
• [3839593e07] - build: use windows-2025 runner (Michaël Zasso) #59673
• [e430464669] - build: compile bundled uvwasi conditionally (Carlo Cabrera) #59622
• [e2c9cab0cd] - build: do not set -mminimal-toc with clang (Richard Lau) #59484
• [208bc810a1] - child_process: remove unsafe array iteration (hotpineapple) #59347
• [d74799d90c] - crypto: load system CA certificates off thread (Joyee Cheung) #59550
• [5b83e1e0a2] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571
• [d289b1d1af] - deps: V8: cherry-pick e3df60f3f5ab (Chengzhong Wu) #58691
• [cf5d91e2a6] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #59791
• [1cf24a0445] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689
• [8638bd3f2e] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #59335
• [3ff4eb5b37] - deps: update amaro to 1.1.2 (Node.js GitHub Bot) #59616
• [4d268ac034] - deps: V8: cherry-pick 7b91e3e2cbaf (Milad Fa) #59485
• [83410eb0e3] - deps: V8: cherry-pick 59d52e311bb1 (Milad Fa) #59485
• [5780af02cb] - deps: update amaro to 1.1.1 (Node.js GitHub Bot) #59141
• [2986eca821] - deps: V8: cherry-pick 6b1b9bca2a8 (zhoumingtao) #59283
• [98e399b3ea] - deps: update archs files for openssl-3.5.2 (Node.js GitHub Bot) #59371
• [2b983a7520] - deps: upgrade openssl sources to openssl-3.5.2 (Node.js GitHub Bot) #59371
• [7ffbb42454] - deps: update archs files for openssl-3.5.1 (Node.js GitHub Bot) #59234
• [bd48a60a75] - deps: upgrade openssl sources to openssl-3.5.1 (Node.js GitHub Bot) #59234
• [24762a10ca] - deps: fix OpenSSL security level at 1 (Richard Lau) #59859
• [1233e92d10] - diagnostics_channel: revoke DEP0163 (René) #59758
• [34b25fd97b] - doc: stabilize --disable-sigusr1 (Rafael Gonzaga) #59707
• [d7adf8be64] - doc: update "Type stripping in dependencies" section (Josh Kelley) #59652
• [a1d7e4fdbf] - doc: add Miles Guicent as triager (Miles Guicent) #59562
• [bf41218ed9] - doc: mark path.matchesGlob as stable (Aviv Keller) #59572
• [afaa1ccb74] - doc: improve documentation for raw headers in HTTP/2 APIs (Tim Perry) #59633
• [b95ff56102] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #59579
• [6ff939b8d3] - doc: fix filehandle.read typo (Ruy Adorno) #59635
• [963bfa9d6f] - doc: fix missing link to the Error documentation in the http page (Alexander Makarenko) #59080
• [0e10a8ea27] - doc: improve sqlite.backup() progress/fulfillment documentation (René) #59598
• [18ceefbabd] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #59591
• [66cdd00368] - doc: link to TypedArray.from() in signature (Aviv Keller) #59226
• [9f058ce7c0] - doc: fix typos in environment_variables.md (PhistucK) #59536
• [3cfec820e9] - doc: add security incident reponse plan (Rafael Gonzaga) #59470
• [46aa3434e6] - doc: clarify maxRSS unit in process.resourceUsage() (Alex Yang) #59511
• [adf98f600a] - doc: add missing Zstd strategy constants (RANDRIAMANANTENA Narindra Tiana Annaick) #59312
• [f335989942] - doc: fix the version tls.DEFAULT_CIPHERS was added (Allon Murienik) #59247
• [7fa14fcf54] - doc: clarify glob's exclude option behavior (hotpineapple) #59245
• [85b8d255c9] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #59445
• [16b1f7a602] - doc: add new environment variables doc page (Dario Piotrowicz) #59052
• [b4a43ed83a] - doc: add missing environment variables to manpage (amir lavasani) #58963
• [c923cfe898] - doc: fix links in test.md (Vas Sudanagunta) #58876
• [a93a8b5eda] - doc: mark type stripping as release candidate (Marco Ippolito) #57705
• [d302cb3bb2] - esm: add experimental support for addon modules (Chengzhong Wu) #55844
• [d55c3e7f0b] - esm: link modules synchronously when no async loader hooks are used (Joyee Cheung) #59519
• [9e1fbb620f] - esm: show race error message for inner module job race (Joyee Cheung) #59519
• [8c4dcd5199] - esm: sync-ify module translation (Joyee Cheung) #59453
• [71038932d3] - fs: fix wrong order of file names in cpSync error message (Nicholas Paun) #59775
• [5692dec451] - fs: fix dereference: false on cpSync (Nicholas Paun) #59681
• [dafd561d37] - fs: fix return value of fs APIs (theanarkh) #58996
• [da6e8cb75b] - http: unbreak keepAliveTimeoutBuffer (Robert Nagy) #59784
• [673a48f0a2] - http: use cached '1.1' http version string (Robert Nagy) #59717
• [1dbad2058f] - (SEMVER-MINOR) http: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315
• [062e837d5f] - (SEMVER-MINOR) http2: add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455
• [4d4fb51b89] - http2: report sent headers object in client stream dcs (Darshan Sen) #59419
• [b8066611c3] - inspector: add http2 tracking support (Darshan Sen) #59611
• [9b2c013032] - inspector: prevent propagation of promise hooks to noPromise hooks (Shima Ryuhei) #58841
• [a2329895e7] - lib: fix DOMException subclass support (Chengzhong Wu) #59680
• [edb9248bdd] - lib: make domexception a native error (Chengzhong Wu) #58691
• [ccf29cda19] - Revert "lib: optimize writable stream buffer clearing" (Yoo) #59743
• [f291eda277] - lib: fix isReadable and isWritable return type value (Gabriel Quaresma) #59089
• [10ae8684ea] - lib: revert to using default derived class constructors (René) #59650
• [5d3b80d62d] - lib: do not modify prototype deprecated asyncResource (encore) (Szymon Łągiewka) #59518
• [3c4541f878] - lib: simplify IPv6 checks in isLoopback() (Krishnadas) #59375
• [0b631bbffa] - lib: handle windows reserved device names on UNC (Rafael Gonzaga) #59286
• [297f62ba1f] - meta: bump codecov/codecov-action (dependabot[bot]) #59726
• [3dcd8446b6] - meta: bump actions/download-artifact from 4.3.0 to 5.0.0 (dependabot[bot]) #59729
• [d0d357f683] - meta: bump github/codeql-action from 3.29.2 to 3.30.0 (dependabot[bot]) #59728
• [2a0e264949] - meta: bump actions/cache from 4.2.3 to 4.2.4 (dependabot[bot]) #59727
• [0a013d1da1] - meta: bump actions/checkout from 4.2.2 to 5.0.0 (dependabot[bot]) #59725
• [c690b53d24] - meta: update devcontainer to the latest schema (Aviv Keller) #54347
• [61171c7756] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #58646
• [75bf3f4a87] - node-api: link to other programming language bindings (Chengzhong Wu) #59516
• [9a05107558] - node-api: clarify enum value ABI stability (Chengzhong Wu) #59085
• [658c31d60c] - path: refactor path joining logic for clarity and performance (Lee Jiho) #59781
• [9cc89f55f7] - path,win: fix bug in resolve and normalize (Hüseyin Açacak) #55623
• [24e825f8f5] - sea: implement sea.getAssetKeys() (Joyee Cheung) #59661
• [c66af21e55] - sea: allow using inspector command line flags with SEA (Joyee Cheung) #59568
• [9b7dd40da8] - (SEMVER-MINOR) sea: implement execArgvExtension (Joyee Cheung) #59560
• [48bfbd3dca] - (SEMVER-MINOR) sea: support execArgv in sea config (Joyee Cheung) #59314
• [5559456fe4] - sqlite: add sqlite-type symbol for DatabaseSync (Alex Yang) #59405
• [3478130da3] - sqlite: handle ?NNN parameters as positional (Edy Silva) #59350
• [312bc4e5d1] - sqlite: avoid useless call to FromMaybe() (Tobias Nießen) #59490
• [937e9bb1c6] - src: track BaseObjects with an efficient list (Chengzhong Wu) #55104
• [be2a5e170d] - src: track async resources via pointers to stack-allocated handles (Anna Henningsen) #59704
• [f232bf2c11] - src: fix build on NetBSD (Thomas Klausner) #59718
• [e9a685bc3d] - src: fix race on process exit and off thread CA loading (Chengzhong Wu) #59632
• [24428fc8fb] - src: add name for more threads (theanarkh) #59601
• [fd7559f8c3] - src: remove JSONParser (Joyee Cheung) #59619
• [8c296bac99] - src: enforce assumptions in FIXED_ONE_BYTE_STRING (Tobias Nießen) #58155
• [1b4885a3f2] - src: use simdjson to parse --snapshot-config (Joyee Cheung) #59473
• [9f798de6b0] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #59487
• [f764be27dc] - src: move shared_ptr objects in KeyObjectData (Tobias Nießen) #59472
• [d30287fe12] - src: iterate metadata version entries with std::array (Chengzhong Wu) #57866
• [b2bf620c7b] - src: internalize v8::ConvertableToTraceFormat in traces (Chengzhong Wu) #57866
• [b3c507c8ef] - src: remove duplicate assignment of O_EXCL in node_constants.cc (Daniel Osvaldo R) #59049
• [20aec239d4] - src: add Intel CET properties to large_pages.S (tjuhaszrh) #59363
• [8e0f9cd061] - src: remove unused DSAKeyExportJob (Filip Skokan) #59291
• [0c2b6df94f] - src,sqlite: refactor value conversion (Edy Silva) #59659
• [b95cfdf0e5] - stream: replace manual function validation with validateFunction (방진혁) #59529
• [cf06e74076] - (SEMVER-MINOR) stream: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464
• [903ebd373a] - test: skip more sea tests on Linux ppc64le (Richard Lau) #59755
• [e961060bb6] - test: fix internet/test-dns (Michaël Zasso) #59660
• [c2b22f50a8] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #59640
• [4ae958e59b] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #59637
• [d5b0a64598] - test: deflake test-http-keep-alive-empty-line (Luigi Pinca) #59595
• [eb311f1754] - test: use mustSucceed in test-repl-tab-complete-import (Sohyeon Kim) #59368
• [8e047e32be] - test: skip sea tests on Linux ppc64le (Richard Lau) #59563
• [4a250479d8] - test: rename test-net-server-drop-connections-in-cluster.js to -http- (Meghan Denny) #59532
• [d22f113aaf] - test: lazy-load internalTTy (Pietro Marchini) #59517
• [36dd856897] - test: fix test-setproctitle status when ps is not available (Antoine du Hamel) #59523
• [fd02295da6] - test: update WPT for WebCryptoAPI to ff26d9b307 (Node.js GitHub Bot) #59497
• [cce938c5f9] - test: make test-debug-process locale-independent (BCD1me) #59254
• [5a8f03df9e] - test: mark test-wasi-pthread as flaky (Joyee Cheung) #59488
• [94f6d6b969] - test: split test-wasi.js (Joyee Cheung) #59488
• [162ac9393c] - test: use case-insensitive path checking on Windows in fs.cpSync tests (Joyee Cheung) #59475
• [ce9d6776c9] - test: add missing hasPostData in test-inspector-emit-protocol-event (Shima Ryuhei) #59412
• [717ea2866d] - test: refactor error checks to use assert.ifError/mustSucceed (Sohyeon Kim) #59424
• [b1c3e4a17c] - test: fix typos (Lee Jiho) #59330
• [3f4bd94b1f] - test: skip test-watch-mode inspect when no inspector (James M Snell) #59440
• [8b7a8efe96] - test: exclude mock from coverage (Shima Ryuhei) #59348
• [f39352b55c] - test: split test-fs-cp.js (Joyee Cheung) #59408
• [fb4180e9f6] - test_runner: fix todo inheritance (Moshe Atlow) #59721
• [76bf6b908d] - test_runner: set mock timer's interval undefined (hotpineapple) #59479
• [0a05d06fcc] - test_runner: do not error when getting fullName of root context (René) #59377
• [3fdfb187d6] - test_runner: fix isSkipped check in junit (Sungwon) #59414
• [37c6f7d7d8] - test_runner: remove unused callee convertion (Alex Yang) #59221
• [57c30093e3] - test_runner: clean up promisified interval generation (René) #58824
• [88bf1bab91] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #58840
• [d3259d660a] - test_runner: prefer Atomics primordials (Renegade334) #58716
• [62bb80c17e] - (SEMVER-MINOR) test_runner: support object property mocking (Idan Goshen) #58438
• [4b19439dea] - tools: print appropriate output when test aborted (hotpineapple) #59794
• [847963bbba] - tools: use sparse checkout in build-tarball.yml (Antoine du Hamel) #59788
• [ef11d118a4] - tools: remove unused actions from build-tarball.yml (Antoine du Hamel) #59787
• [daa0615967] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #59785
• [fdc85e5045] - tools: add v8windbg target (Chengzhong Wu) #59767
• [25801b9009] - tools: improve error handling in node_mksnapshot (James M Snell) #59437
• [92100a813f] - tools: add sccache to test-internet workflow (Antoine du Hamel) #59720
• [5f0090af53] - tools: update gyp-next to 0.20.4 (Node.js GitHub Bot) #59690
• [31ee7fc3e9] - tools: add script to make reviewing backport PRs easier (Antoine du Hamel) #59161
• [45906b0d5c] - tools: update gyp-next to 0.20.3 (Node.js GitHub Bot) #59603
• [6197eeee9b] - tools: avoid parsing test files twice (Pietro Marchini) #59526
• [027ae4f67e] - tools: fix return value of try_check_compiler (theanarkh) #59434
• [77682b52a1] - tools: bump @eslint/plugin-kit from 0.3.3 to 0.3.4 in /tools/eslint (dependabot[bot]) #59271
• [91fa83fffd] - tools: disable nullability-completeness warnings (Michaël Zasso) #59392
• [079a68d392] - typings: add typing for 'uv' (방진혁) #59606
• [b8927967d9] - typings: add missing properties in ConfigBinding (Lee Jiho) #59585
• [9b66ce5ef7] - typings: add missing URLBinding methods (성우현 | Woohyun Sung) #59468
• [ba5b6597aa] - url: add err.input to ERR_INVALID_FILE_URL_PATH (Joyee Cheung) #59730
• [f660943471] - util: fix numericSeparator with negative fractional numbers (sangwook) #59379
• [aed1b883f1] - util: remove unnecessary template strings (btea) #59201
• [91e9b8d135] - util: remove outdated TODO comment (haramjeong) #59760
• [421ab3c294] - util: use getOptionValue('--no-deprecation') in deprecated() (haramjeong) #59760
• [7864ad13bb] - util: hide duplicated stack frames when using util.inspect (Ruben Bridgewater) #59447
• [a2d2003daa] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #59446
• [f64d0def94] - util: add some additional error classes to wellKnownPrototypes (Mark S. Miller) #59456
• [9807ffd6a0] - vm: expose import attributes on SourceTextModule.moduleRequests (Chengzhong Wu) #58829
• [f334e2d539] - wasi: fix clean target in test/wasi/Makefile (Antoine du Hamel) #59576
• [9e2aa23be9] - (SEMVER-MINOR) worker: add cpu profile APIs for worker (theanarkh) #59428
• [c5a93a3355] - worker: fix worker name with \0 (theanarkh) #59214
• [a5ed96bb97] - worker: add worker name to report (theanarkh) #58935
• [98cd7e27d4] - worker: add name for worker (theanarkh) #59213

[nodejs-github-bot]

Review requested:

• @nodejs/actions
• @nodejs/releasers
• @nodejs/security-wg
• @nodejs/v8-update

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/69330/
V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/6769/

CITGM
v22.19.0: https://ci.nodejs.org/job/citgm-smoker/3637/
v22.20.0 (this PR): https://ci.nodejs.org/job/citgm-smoker/3638/

No new failures in 3638 compared to 3637

$ ncu-ci citgm 3637 3638
--------------------------------------------------------------------------------
[1/1] Running CITGM: 3637
--------------------------------------------------------------------------------
✔  Summary data downloaded
✔  Results data downloaded
✔  Summary data downloaded
✔  Results data downloaded
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/3637/
Source     https://api.github.com/repos/nodejs/node/git/refs/tags/v22.19.0
Commit     [f8fe6858549f] 2025-08-28, Version 22.19.0 'Jod' (LTS)
Date       2025-08-27 00:06:26 +0100
Author     github <[email protected]>
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/3638/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v22.20.0-proposal
Commit     [caa20e28dc1f] 2025-09-24, Version 22.20.0 'Jod' (LTS)
Date       2025-09-22 18:39:21 +0000
Author     Richard Lau <[email protected]>
----------------------------------- Results ------------------------------------



SUCCESS: No new failures in 3638 compared to 3637

Release build with caa20e2: https://ci-release.nodejs.org/job/iojs+release/11270/

[richardlau]

The lint-release-commit failure is #59629 (comment). Since we ignored it for 24.7.0 I'm going to ignore it here as well.