[js] Update Node.js 25.7.0 → 25.8.0

[depfu]

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

Release Notes

25.8.0

Notable Changes

• [e55eddea2a] - build, doc: use new api doc tooling (flakey5) #57343
• [4c181e2277] - (SEMVER-MINOR) sqlite: add limits property to DatabaseSync (Mert Can Altin) #61298
• [46ee1eddd7] - (SEMVER-MINOR) src: add C++ support for diagnostics channels (RafaelGSS) #61869
• [9ddd1a9c27] - (SEMVER-MINOR) src,permission: add --permission-audit (RafaelGSS) #61869
• [0d97ec4044] - (SEMVER-MINOR) test_runner: expose worker ID for concurrent test execution (Ali Hassan) #61394

Commits

• [940b58c8c1] - buffer: optimize buffer.concat performance (Mert Can Altin) #61721
• [0589b0e5a1] - build: fix GN for new merve dep (Shelley Vohr) #61984
• [f3d3968dcd] - Revert "build: add temporal test on GHA windows" (Antoine du Hamel) #61810
• [e55eddea2a] - build, doc: use new api doc tooling (flakey5) #57343
• [b7715292f8] - child_process: add tracing channel for spawn (Marco) #61836
• [a32a598748] - crypto: fix missing nullptr check on RSA_new() (ndossche) #61888
• [dc384f95b3] - crypto: fix handling of null BUF_MEM* in ToV8Value() (Nora Dossche) #61885
• [3337b095db] - crypto: fix potential null pointer dereference when BIO_meth_new() fails (Nora Dossche) #61788
• [51ded81139] - deps: update undici to 7.22.0 (Node.js GitHub Bot) #62035
• [8aa2fde931] - deps: update minimatch to 10.2.4 (Node.js GitHub Bot) #62016
• [57dc092eaf] - deps: upgrade npm to 11.11.0 (npm team) #61994
• [705bbd60a9] - deps: update simdjson to 4.3.1 (Node.js GitHub Bot) #61930
• [4d411d72e5] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #61928
• [f53a32ab84] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925
• [9b483fbb27] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #61830
• [bdc18940ad] - doc: expand SECURITY.md with non-vulnerability examples (Rafael Gonzaga) #61972
• [4e54c103cb] - doc: separate in-types and out-types in SQLite conversion docs (René) #62034
• [ca78ebbeaa] - doc: fix small logic error in DETECT_MODULE_SYNTAX (René) #62025
• [e6b131f3fe] - doc: fix module.stripTypeScriptTypes indentation (René) #61992
• [7508540e19] - doc: update DEP0040 (punycode) to application type deprecation (Mike McCready) #61916
• [33a364cb62] - doc: explicitly mention Slack handle (Rafael Gonzaga) #61986
• [46a61922bd] - doc: support toolchain Visual Studio 2022 & 2026 + Windows 11 SDK (Mike McCready) #61864
• [dc12a257aa] - doc: rename invalid function parameter (René) #61942
• [6259abcf55] - http: validate ClientRequest path on set (Matteo Collina) #62030
• [dafdc0a5b8] - http: validate headers in writeEarlyHints (Richard Clarke) #61897
• [3c94b56fa6] - inspector: unwrap internal/debugger/inspect imports (René) #61974
• [8a24c17648] - lib: improve argument handling in Blob constructor (Ms2ger) #61980
• [21d4baf256] - meta: bump github/codeql-action from 4.32.0 to 4.32.4 (dependabot[bot]) #61911
• [59a726a8e3] - meta: bump step-security/harden-runner from 2.14.1 to 2.14.2 (dependabot[bot]) #61909
• [0072b7f991] - meta: bump actions/stale from 10.1.1 to 10.2.0 (dependabot[bot]) #61908
• [3d160cd049] - module: run require.resolve through module.registerHooks() (Joyee Cheung) #62028
• [999bf22f47] - repl: keep reference count for process.on('newListener') (Anna Henningsen) #61895
• [4c181e2277] - (SEMVER-MINOR) sqlite: add limits property to DatabaseSync (Mert Can Altin) #61298
• [aee2a18257] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #61948
• [46ee1eddd7] - (SEMVER-MINOR) src: add C++ support for diagnostics channels (RafaelGSS) #61869
• [9ddd1a9c27] - (SEMVER-MINOR) src,permission: add --permission-audit (RafaelGSS) #61869
• [ea2df2a16f] - stream: fix pipeTo to defer writes per WHATWG spec (Matteo Collina) #61800
• [aa0c7b09e0] - test: remove unnecessary process.exit calls from test files (Antoine du Hamel) #62020
• [ad96a6578f] - test: skip test-url on --shared-ada builds (Antoine du Hamel) #62019
• [7c72a31e4b] - test: skip strace test with shared openssl (Richard Lau) #61987
• [604456c163] - test: avoid flaky debugger restart waits (Yuya Inoue) #61773
• [4890d6bd43] - test_runner: run afterEach on runtime skip (Igor Shevelenkov) #61525
• [fce2930110] - test_runner: expose expectFailure message (sangwook) #61563
• [0d97ec4044] - (SEMVER-MINOR) test_runner: expose worker ID for concurrent test execution (Ali Hassan) #61394
• [243e6b2009] - test_runner: replace native methods with primordials (Ayoub Mabrouk) #61219
• [bf1ed7e647] - tls: forward keepAlive, keepAliveInitialDelay, noDelay to socket (Sergey Zelenov) #62004
• [746d0cebbf] - tools: fix parsing of commit trailers in lint-release-proposal GHA (Antoine du Hamel) #62077
• [0f15079d94] - tools: remove custom logic for skipping test-strace-openat-openssl (Antoine du Hamel) #62038
• [54a055a59d] - tools: bump minimatch from 3.1.2 to 3.1.3 in /tools/clang-format (dependabot[bot]) #61977
• [a28744cb62] - tools: fix permissions for merve update script (Richard Lau) #62023
• [31e7936354] - tools: revert tools GHA workflow to ubuntu-latest (Richard Lau) #62024
• [0a96a16e1f] - tools: bump minimatch from 3.1.2 to 3.1.3 in /tools/eslint (dependabot[bot]) #61976
• [f279233412] - tools: roll back to x86 runner on scorecard.yml (Antoine du Hamel) #61944
• [192c0382f4] - util: add fast path to stripVTControlCharacters (Hiroki Osame) #61833

---

All Depfu comment commands

@​depfu refresh

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Pauses all engine updates and closes this PR