chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@apollo/server (source)	4.12.0 → 4.13.0			devDependencies	minor
@changesets/changelog-github (source)	0.5.1 → 0.6.0			devDependencies	minor
@changesets/cli (source)	2.29.2 → 2.30.0			devDependencies	minor
cspell (source)	8.19.2 → 8.19.4			devDependencies	patch
form-data	4.0.4 → 4.0.5			devDependencies	patch
graphql	16.11.0 → 16.13.2			devDependencies	minor
node (source)	20.19.1 → 20.20.2			volta	minor
npm (source)	10.9.2 → 10.9.8			volta	patch
prettier (source)	3.5.3 → 3.8.1			devDependencies	minor
secops	2.0.7 → 2.0.9			orb	patch
ts-jest (source)	29.3.2 → 29.4.9			devDependencies	minor
typescript (source)	5.8.3 → 5.9.3			devDependencies	minor

---

Release Notes

apollographql/apollo-server (@​apollo/server)

v4.13.0

Compare Source

Minor Changes

• #​8180 e9d49d1 Thanks @​github-actions! - ⚠️ SECURITY @apollo/server/standalone:

  The default configuration of startStandaloneServer was vulnerable to denial of service (DoS) attacks through specially crafted request bodies with exotic character set encodings.

  In accordance with RFC 7159, we now only accept request bodies encoded in UTF-8, UTF-16 (LE or BE), or UTF-32 (LE or BE).
  Any other character set will be rejected with a 415 Unsupported Media Type error.
  Additionally, upstream libraries used by this version of Apollo Server may not support all of these encodings, so some requests may still fail even if they pass this check.

  If you were not using startStandaloneServer, you were not affected by this vulnerability.

  Generally, please note that we provide startStandaloneServer as a convenience tool for quickly getting started with Apollo Server.
  For production deployments, we recommend using Apollo Server with a more fully-featured web server framework such as Express, Koa, or Fastify, where you have more control over security-related configuration options.

  Also please note that Apollo Server 4.x is considered EOL as of January 26, 2026, and Apollo no longer commits to providing support or updates for it. Please prioritize migrating to Apollo Server 5.x for continued support and updates.

v4.12.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.12.1

Compare Source

Patch Changes

• #​8064 41f98d4 Thanks @​glasser! - Update README.md to recommend Express v5 integration now that Express v5 is released.

changesets/changesets (@​changesets/changelog-github)

v0.6.0

Compare Source

Minor Changes

• #​1850 fd0bc2e Thanks @​mixelburg! - Linkify issue references in changelog entries.

Patch Changes

• #​1810 27fd8f4 Thanks @​hirasso! - Replace deprecated String.prototype.trimRight with String.prototype.trimEnd

• Updated dependencies [d4b8ad8, e462d89]:

  • @​changesets/get-github-info@​0.8.0

v0.5.2

Compare Source

streetsidesoftware/cspell (cspell)

v8.19.4

Compare Source

Note: Version bump only for package cspell

v8.19.3

Compare Source

Note: Version bump only for package cspell

form-data/form-data (form-data)

v4.0.5

Compare Source

Commits

• [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
• [Dev Deps] update @ljharb/eslint-config, eslint 5822467
• [Fix] set Symbol.toStringTag in the proper place 76d0dee

graphql/graphql-js (graphql)

v16.13.2

Compare Source

v16.13.1

Compare Source

v16.13.1 (2026-03-04)

Docs 📝

• #​4433 docs: move
  migrate from express graphql guide to graphqlJS docs
  (@​sarahxsanders)

Internal 🏠

• #​4608 internal:
  backport new release flow from 17.x.x
  (@​yaacovCR)

Committers: 2

• Sarah Sanders(@​sarahxsanders)
• Yaacov Rydzinski (@​yaacovCR)

v16.13.0

Compare Source

v16.12.0: 16.12.0

Compare Source

v16.12.0 (2025-11-01)

New Feature 🚀

• #​4482 Implement changes for executable descriptions (@​JoviDeCroock)
• #​4493 Backport schema coordinates (@​JoviDeCroock)

Bug Fix 🐞

• #​4392 Catch unhandled exception in abstract resolution (@​JoviDeCroock)

Docs 📝

28 PRs were merged

• #​4374 docs: testing graphQL servers (@​sarahxsanders)
• #​4376 docs: type generation for graphql servers (@​sarahxsanders)
• #​4380 docs: add guides for custom scalars (@​sarahxsanders)
• #​4381 docs: anatomy of a resolver (@​sarahxsanders)
• #​4382 docs: understanding graphql errors (@​sarahxsanders)
• #​4383 docs: N+1 problem and DataLoader (@​sarahxsanders)
• #​4391 docs: cursor-based pagination guide (@​sarahxsanders)
• #​4393 docs: add page on abstract types (@​sarahxsanders)
• #​4394 docs: editorial on abstract types page (@​benjie)
• #​4395 docs: editorial for recent documentation updates (@​benjie)
• #​4396 docs: add page on authorization strategies (@​sarahxsanders)
• #​4398 docs: update "going to production" guide (@​sarahxsanders)
• #​4399 Update mutations-and-input-types.mdx (@​roman-lakhnov)
• #​4400 Remove CJS from docs (@​JoviDeCroock)
• #​4401 docs: add guide on directives (@​sarahxsanders)
• #​4402 docs: add guide for operation complexity controls (@​sarahxsanders)
• #​4405 docs: add guide on nullability (@​sarahxsanders)
• #​4406 docs: add guide on subscriptions (@​sarahxsanders)
• #​4411 docs: add guide on caching strategies (@​sarahxsanders)
• #​4414 docs: guide on scaling your API (@​sarahxsanders)
• #​4416 Editorial for #​4405 (nullability) (@​benjie)
• #​4417 Indicate that field arguments should always be preferred over directives (@​benjie)
• #​4418 docs: trusted documents (@​benjie)
• #​4419 docs: cleanup and fixes (@​sarahxsanders)
• #​4436 Suggestions for federation links (@​Urigo)
• #​4444 Fix navigation (@​JoviDeCroock)
• #​4452 fix(docs/mutations-and-input-types.mdx): root being inside of SDL (@​alesculek)
• #​4473 docs: remove fourth permutation of the visit API (@​janmeier)

Polish 💅

• #​4453 Remove oneof validation from values of correct type (@​JoviDeCroock)

Internal 🏠

3 PRs were merged

• #​4390 Add the version support policy (@​benjie)
• #​4412 internal: use empty merge commit to clean up git diff from 16.x.x (@​yaacovCR)
• #​4479 updated location of ModelSim gitignore file (@​magicmark)

Committers: 9

• Aleš Culek(@​alesculek)
• Benjie(@​benjie)
• Jan Aagaard Meier(@​janmeier)
• Jovi De Croock(@​JoviDeCroock)
• Mark Larah(@​magicmark)
• null(@​roman-lakhnov)
• Sarah Sanders(@​sarahxsanders)
• Uri Goldshtein(@​Urigo)
• Yaacov Rydzinski (@​yaacovCR)

nodejs/node (node)

v20.20.2: 2026-03-24, Version 20.20.2 'Iron' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-21717) fix array index hash collision (Joyee Cheung)
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan)
• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina)
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS)pull/795>
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS)
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS)
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina)

Commits

• [cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831
• [f333d0be5f] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [2acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #​62285
• [af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#834
• [00ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [0123309566] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#840
• [00830712bc] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#838
• [a0c73425da] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cc3f294507] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#839

v20.20.1: 2026-03-05, Version 20.20.1 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [91a66e671c] - build: test on Python 3.14 (Christian Clauss) #​59983
• [f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #​61419
• [80feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #​60741

Commits

• [6f580d5399] - assert: fix deepEqual always return true on URL (Xuguang Mei) #​50853
• [91a66e671c] - build: test on Python 3.14 (Christian Clauss) #​59983
• [cc4f7af6f3] - build: skip sscache action on non-main branches (Joyee Cheung) #​61790
• [f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #​61419
• [80feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #​60741
• [fa88cc07e2] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #​60662
• [88b2eec88a] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #​61830
• [5c053264f1] - deps: V8: backport 6a0a25a (Vivian Wang) #​61687
• [4a398699d0] - deps: update googletest to 5a9c3f9 (Node.js GitHub Bot) #​61731
• [4fa43adf15] - deps: update googletest to 56efe39 (Node.js GitHub Bot) #​61605
• [1a855d490c] - deps: update googletest to 8508785 (Node.js GitHub Bot) #​61417
• [d8a9359826] - deps: update icu to 78.2 (Node.js GitHub Bot) #​60523
• [e79cd3a0bb] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #​61928
• [0707ade464] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #​61925
• [dc5a3cddef] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #​61827
• [46043b94c7] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #​61135
• [6be15a596e] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #​61271
• [10881404cd] - deps: update timezone to 2025c (Node.js GitHub Bot) #​61138
• [1594a78c85] - deps: update googletest to 065127f (Node.js GitHub Bot) #​61055
• [7fa2ee1933] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #​60898
• [09259532ef] - deps: update googletest to 1b96fa1 (Node.js GitHub Bot) #​60739
• [aa8bdb6886] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #​60646
• [cc849fde27] - deps: update googletest to 279f847 (Node.js GitHub Bot) #​60219
• [a99ba553a2] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [6349a79f5f] - deps: update googletest to 7e17b15 (Node.js GitHub Bot) #​59131
• [8ba759f1a0] - deps: update googletest to 35b75a2 (Node.js GitHub Bot) #​58710
• [927d906850] - deps: update googletest to e9092b1 (Node.js GitHub Bot) #​58565
• [bf8919f5c2] - deps: update googletest to 0bdccf4 (Node.js GitHub Bot) #​57380
• [ae6231dac0] - deps: update googletest to e235eb3 (Node.js GitHub Bot) #​56873
• [0561c62e85] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #​61732
• [f0ef221b0d] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #​60543
• [15bd0da404] - deps: update archs files for openssl (Antoine du Hamel) #​61912
• [04d439323f] - deps: upgrade openssl sources to openssl-3.0.19 (Antoine du Hamel) #​61912
• [2ea16d3bd6] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #​61510
• [622f973d1c] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #​60842
• [2cd265d8b9] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #​60643
• [65e839687b] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #​60550
• [2dc99d2771] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #​61453
• [2c7b84b1d8] - doc: fix typo in http.md (Michael Solomon) #​59354
• [a84b42667c] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #​59344
• [ffd0ada45f] - doc: fix typo in test/common/README.md (Yoo) #​59180
• [b4d9d006e7] - doc: fix broken sentence in URL.parse (Superchupu) #​59164
• [45e9971d9c] - doc: fix typo in writing-test.md (SeokHun) #​59123
• [e9fd10b5d6] - doc: fix fetch subsections in globals.md (Antoine du Hamel) #​58933
• [3715dd1c2b] - doc: fix wrong RFC number in http2 (Deokjin Kim) #​58753
• [098c017eac] - doc: punctuation fix for Node-API versioning clarification (Jiacai Liu) #​58599
• [545bf434e1] - doc: fix typo of file http.md, outgoingMessage.setTimeout section (yusheng chen) #​58188
• [b3d6683e7b] - doc: support toolchain with Visual Studio 2019 & 2022 only (Mike McCready) #​61450
• [8fdde5d110] - doc: fix v20 changelog after security release (Marco Ippolito) #​61371
• [31d04599be] - http: fix keep-alive not timing out after post-request empty line (Shima Ryuhei) #​58178
• [5ec7d1eba0] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #​61402
• [5c091d5a96] - meta: persist sccache daemon until end of build workflows (René) #​61639
• [183353aba0] - path,win: fix bug in resolve and normalize (Hüseyin Açacak) #​55623
• [dbe9e5091b] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #​61948
• [4106bfc775] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #​60995
• [de51937306] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #​60565
• [368b221be3] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #​61629
• [e134912a33] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #​59158
• [5630170d3e] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #​58478
• [1e5363bb63] - test: mark test-http2-debug as flaky on LinuxONE (Richard Lau) #​58494
• [662998787a] - test: set test-fs-cp as flaky (Stefan Stojanovic) #​56799
• [0807127339] - test: mark test-esm-loader-hooks-inspect-wait flaky (Richard Lau) #​56803
• [6320cd0721] - test: skip strace test with shared openssl (Richard Lau) #​61987
• [83b9f8ee02] - tools: make nodedownload module compatible with Python 3.14 (Lumír 'Frenzy' Balhar) #​58752
• [6cf9b5786e] - tools: enforce removal of lts-watch-* labels on release proposals (Antoine du Hamel) #​61672
• [cd4161499c] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #​61663
• [6dc2a99a0d] - tools: validate release commit diff as part of lint-release-proposal (Antoine du Hamel) #​61440
• [5014f22332] - tools: add read permission to workflows that read contents (Antoine du Hamel) #​58255
• [6c3ad2a5a3] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #​61903
• [1abada9c34] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #​61899
• [f260e40127] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #​61759
• [64beca5e01] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #​61734

v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
  lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
  src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
  src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
  tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

Commits

• [8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #​60997
• [97fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#792
• [14fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• [1febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [51f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [85f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313

Commits

• [0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #​59547
• [fba0025b9c] - build: use windows-2025 runner (Michaël Zasso) #​59673
• [3456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #​59956
• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [1788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #​60112
• [5d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #​59791
• [9f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #​59689
• [d0edb01d25] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #​59335
• [576242ff39] - deps: V8: cherry-pick a0d0d4f (Ho Cheung) #​60716
• [a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #​60314
• [fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #​59133
• [acec79989e] - deps: V8: cherry-pick 6b1b9bc (zhoumingtao) #​59283
• [e65b930aa7] - deps: V8: backport 2e4c5cf (Michaël Zasso) #​60654
• [1b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [2426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #​59806
• [e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #​59562
• [e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #​59579
• [8a504d900a] - doc: fix missing link to the Error documentation in the http page (Alexander Makarenko) #​59080
• [8c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #​59591
• [109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #​59470
• [4f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #​59445
• [caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #​58876
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [19a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #​58504
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313
• [3b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [960d05ad7d] - doc: add history entries to --input-type section (Antoine du Hamel) #​58175
• [20616f1750] - http2: do not crash on mismatched ping buffer length (René) #​60135
• [9eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #​59261
• [dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [7cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #​54347
• [bb108191aa] - meta: call create-release-post.yml post release (Aviv Keller) #​60366
• [2a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #​58646
• [144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #​59607
• [b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #​59487
• [2c8a73f95f] - src: remove duplicate assignment of O_EXCL in node_constants.cc (Daniel Osvaldo R) #​59049
• [b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [4b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #​59755
• [9543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #​59640
• [4f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #​59637
• [3ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #​59563
• [a7a109f926] - test: fix typos (Lee Jiho) #​59330
• [fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #​60419
• [bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #​59414
• [[0cace96472](https://redirect.github.com/nodejs/node

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.