fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@google-cloud/firestore (source)	^7.11.0 → ^7.11.6			dependencies	patch
@google-cloud/pubsub (source)	^3.4.1 → ^3.7.5			dependencies	patch
firebase-tools	^13.29.2 → ^13.35.1			dependencies	minor
node (source)	20 → 20.20.2				minor
node (source)	16 → 16.20.2			engines	minor
node (source)	20 → 20.20.2			engines	minor
node	20.x → 20.20.2			uses-with	minor
npm (source)	^8.19.0 → ^8.19.4			engines	patch
uglify-js	^3.17.4 → ^3.19.3			dependencies	minor

---

Release Notes

googleapis/google-cloud-node (@​google-cloud/firestore)

v7.11.6

Bug Fixes

• Pool.ts: add even more logging (c508d1b)

v7.11.5

Bug Fixes

• Pool.ts: add more detailed logging for client garbage collection (#​2420) (1bbca46)

v7.11.4

Bug Fixes

• Improve debug logging for the internal client pool. Added client IDs to debug log statements for client management. (99918f1)

v7.11.3

Bug Fixes

• Improve performance of the UTF-8 string comparison logic (#​2380) (bc6a03e)

v7.11.2

Bug Fixes

• Firestore Client caching stub in bad state issue (#​2365) (04ad0a4)

v7.11.1

Bug Fixes

• Aggregate query readtime bug (#​2331) (9ac0394)
• Bump default deadline on CreateDatabase and RestoreDatabase to 2 minutes (#​2274) (d559080)
• Close default BulkWriter upon terminate. (#​2276) (1e714a8)
• Correctly escape field paths with multiple backslashes or backticks (#​2259) (#​2261) (7056ba7)
• Do not send page size with auto-paginate. Fixes warnings in listCollections and listDocuments. (#​2336) (844b4ca)
• Finalize fixing typings for headers in generator (#​2287) (c6c85b6)
• Prevent crashes if an inactive stream receives an error. (#​2283) (f58fe79)
• Remove unused "long" dependency from firestore proto (#​2324) (5937b93)
• Sort document reference by long type id (#​2257) (3fd0de9)
• Sort strings in UTF-8 encoded byte order (#​2275) (a2950e0)
• Use lazy encoding for utf-8 encoded string comparison (#​2299) (e8777e1)

firebase/firebase-tools (firebase-tools)

v13.35.1

Compare Source

• Fix bug where functions:artifacts:setpolicy command's --none option didn't work as expected (#​8330)

v13.35.0

Compare Source

• Added support for generated Angular SDKs for Data Connect
• App Hosting emulator can now load secret env vars. (#​8305)
• Fixed webframeworks deployments when using multiple hosting sites in firebase.json. (#​8314)
• Added a new command to setup a cleanup policy for functions artifacts. (#​8268)
• Added support for 3rd party builders for Angular. (#​7557)
• Fixed GCF V2 artifact cleanup by correctly encoding artifact names to match GCF V2's format. (#​8318)
• Increase emulator UI body parser limit to match Storage emulator maximum. (#​8329)
• Fixed Data Connect setup issues for fresh databases due to IAM user not being created. (#​8335)
• Fixed an issue where ext:install used POSIX file seperators on Windows machines. (#​8326)
• Updated the Firebase Data Connect local toolkit to v1.9.2, which adds support for generated Angular SDKs and updates Dart SDK fields to follow best practices. (#​8347)
• Fixed an issue where credentials from firebase login would not be correctly provided to the Data Connect emulator.
• Fixed misleading comments in firebase init dataconnect connector.yaml template.
• Improved Data Connect SQL permissions to better handle tables owned by IAM roles. (#​8339)
• Fixed an issue where the Data Connect emulator would crash after some SQL errors.

v13.34.0

Compare Source

• Fix webframeworks deployments when using site in firebase.json. (#​8295)
• Add support for brownfield project onboard dataconnect:sql:setup. (#​8150)
• Update the Firebase Data Connect local toolkit to v1.8.5, which includes the following changes: (#​8310)
  • Fix the Int and Int64 scalars to correctly validate the int32 and int64 ranges, respectively.
  • Fix the generated web SDK so that pnpm properly uses the link functionality.

v13.33.0

Compare Source

• Fixed issue where apps:init fails to detect the output directory when it was run in a directory where app was the only module.
• Set LOG_EXECUTION_ID=true by default for Cloud Functions (2nd gen) to improve debugging by displaying execution IDs in logs. (#​8276)
• Fix bug where function deployment no-oped for functions in bad state. (#​8289)
• Updated the Firebase Data Connect local toolkit to v1.8.4 which includes the following changes: (#​8290)
  • React hooks for mutations without args no longer require undefined to be passed when calling mutate.
  • Fixed import resolution when moduleResolution is set to bundler.
  • React code generation will now generate a README explaining how to use generated query and mutation hook functions.
  • Fixed an issue where React developers have to pass in an empty object even when all fields are optional.
  • Fixed an issue where FirebaseError wasn't being passed into UseMutationOptions.

v13.32.0

Compare Source

• Replaced VSCODE_CWD check to address issues running in VSCode environments. (#​7471)
• Added initial delay when loading python functions (#​8239)
• Enforced webframeworks enablement only on webframeworks sites (#​8168)
• Fixed issue where apps:init throws an error upon app creation.
• Reenabled prompts for unused service deletion in deploy --only.
• Update Firebase Data Connect local toolkit to v1.8.3, which includes the following changes: (#​8263)
  • Adds a _metadata.distance field to vector similarity search results
  • Fixes auth and request.auth when the request is unauthenticated
  • Fixes an issue with hanging commas in import statements in the generated Web SDK
  • Fixes an issue where the additional union type { __angular?: true } breaks type inference in the generated Web SDK

v13.31.2

Compare Source

• Fixed an issue where --import path was incorrectly resolved for the Data Connect emulator. (#​8219)
• Updated the Firebase Data Connect local toolkit to v1.8.2 which fixes an issue with a missing FirebaseError import. (#​8232)

v13.31.1

Compare Source

• Fixed issue where firebase init dataconnect would crash on React-based web apps.
• Updated the Firebase Data Connect local toolkit to v.1.8.1, which:
  • Fixed issue where users who are using a version lower than 11.3.0 of firebase get a "missing import" error.

v13.31.0

Compare Source

• Switched Data Connect from v1beta API to v1 API.
• Added code generation of React hooks for Data Connect
• Genkit init improvements around gcloud login and flow input values.
• Added new command apps:init under experimental flag (appsinit) that automatically detects what SDK to download and places the file in the corresponding place.
• Removed dependencies on some packages and methods that caused deprecation warnings on Node 22.
• Fixes symbol generation when uploading Unity 6 symbols to Crashlytics. (#​7867)
• Fixed SSR issues in Angular 19 by adding support for default and reqHandler exports. (#​8145)
• Added Angular 19 as supported version. (#​8145)
• Fixed appdistribution:testers:list raising an error when a tester is not part of any group. (#​8191)
• Updated the Firebase Data Connect local toolkit to v1.8.0, which includes several changes: (#​8210)
  • Adds support for the v1 Data Connect API in the emulator
  • Adds support for generated React SDKs
  • Fixes @check to also be evaluated for admin auth
  • Fixes CEL expressions to be able to access @redact fields

v13.30.0

Compare Source

• Fixed issue where Extensions deployment fails due to *.firebasestorage.app not being recognized as a valid Storage bucket name. (#​8152)
• Fixes issue with custom 404 pages not being returned in Next.js in the emulator (#​8035).
• Annotate onCallGenkit functions to allow for future Firebase Console annotations (#​8135)
• Adds genkit 1.0.0 template (#​8144)

v13.29.3

Compare Source

• Fixed a Data Connect emulator issue where prepared statements would be persisted after terminated connections.
• Added a warning when deploying a Genkit function without a secret as this is likely a bug (#​8138)
• Fixed .env.* files for web frameworks in Windows (#​8086)
• Updated the Firebase Data Connect local toolkit to v1.7.7, which includes fixes in Dart code generation around required argument typing, and changes the emulator to always serve local connector sources and surface errors if they're invalid or schema migration fails. (#​8153)

nodejs/node (node)

v20.20.2: 2026-03-24, Version 20.20.2 'Iron' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-21717) fix array index hash collision (Joyee Cheung)
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan)
• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina)
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS)pull/795>
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS)
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS)
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina)

Commits

• [cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831
• [f333d0be5f] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [2acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #​62285
• [af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#834
• [00ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [0123309566] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#840
• [00830712bc] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#838
• [a0c73425da] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cc3f294507] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#839

v20.20.1: 2026-03-05, Version 20.20.1 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [91a66e671c] - build: test on Python 3.14 (Christian Clauss) #​59983
• [f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #​61419
• [80feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #​60741

Commits

• [6f580d5399] - assert: fix deepEqual always return true on URL (Xuguang Mei) #​50853
• [91a66e671c] - build: test on Python 3.14 (Christian Clauss) #​59983
• [cc4f7af6f3] - build: skip sscache action on non-main branches (Joyee Cheung) #​61790
• [f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #​61419
• [80feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #​60741
• [fa88cc07e2] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #​60662
• [88b2eec88a] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #​61830
• [5c053264f1] - deps: V8: backport 6a0a25a (Vivian Wang) #​61687
• [4a398699d0] - deps: update googletest to 5a9c3f9 (Node.js GitHub Bot) #​61731
• [4fa43adf15] - deps: update googletest to 56efe39 (Node.js GitHub Bot) #​61605
• [1a855d490c] - deps: update googletest to 8508785 (Node.js GitHub Bot) #​61417
• [d8a9359826] - deps: update icu to 78.2 (Node.js GitHub Bot) #​60523
• [e79cd3a0bb] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #​61928
• [0707ade464] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #​61925
• [dc5a3cddef] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #​61827
• [46043b94c7] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #​61135
• [6be15a596e] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #​61271
• [10881404cd] - deps: update timezone to 2025c (Node.js GitHub Bot) #​61138
• [1594a78c85] - deps: update googletest to 065127f (Node.js GitHub Bot) #​61055
• [7fa2ee1933] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #​60898
• [09259532ef] - deps: update googletest to 1b96fa1 (Node.js GitHub Bot) #​60739
• [aa8bdb6886] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #​60646
• [cc849fde27] - deps: update googletest to 279f847 (Node.js GitHub Bot) #​60219
• [a99ba553a2] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [6349a79f5f] - deps: update googletest to 7e17b15 (Node.js GitHub Bot) #​59131
• [8ba759f1a0] - deps: update googletest to 35b75a2 (Node.js GitHub Bot) #​58710
• [927d906850] - deps: update googletest to e9092b1 (Node.js GitHub Bot) #​58565
• [bf8919f5c2] - deps: update googletest to 0bdccf4 (Node.js GitHub Bot) #​57380
• [ae6231dac0] - deps: update googletest to e235eb3 (Node.js GitHub Bot) #​56873
• [0561c62e85] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #​61732
• [f0ef221b0d] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #​60543
• [15bd0da404] - deps: update archs files for openssl (Antoine du Hamel) #​61912
• [04d439323f] - deps: upgrade openssl sources to openssl-3.0.19 (Antoine du Hamel) #​61912
• [2ea16d3bd6] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #​61510
• [622f973d1c] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #​60842
• [2cd265d8b9] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #​60643
• [65e839687b] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #​60550
• [2dc99d2771] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #​61453
• [2c7b84b1d8] - doc: fix typo in http.md (Michael Solomon) #​59354
• [a84b42667c] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #​59344
• [ffd0ada45f] - doc: fix typo in test/common/README.md (Yoo) #​59180
• [b4d9d006e7] - doc: fix broken sentence in URL.parse (Superchupu) #​59164
• [45e9971d9c] - doc: fix typo in writing-test.md (SeokHun) #​59123
• [e9fd10b5d6] - doc: fix fetch subsections in globals.md (Antoine du Hamel) #​58933
• [3715dd1c2b] - doc: fix wrong RFC number in http2 (Deokjin Kim) #​58753
• [098c017eac] - doc: punctuation fix for Node-API versioning clarification (Jiacai Liu) #​58599
• [545bf434e1] - doc: fix typo of file http.md, outgoingMessage.setTimeout section (yusheng chen) #​58188
• [b3d6683e7b] - doc: support toolchain with Visual Studio 2019 & 2022 only (Mike McCready) #​61450
• [8fdde5d110] - doc: fix v20 changelog after security release (Marco Ippolito) #​61371
• [31d04599be] - http: fix keep-alive not timing out after post-request empty line (Shima Ryuhei) #​58178
• [5ec7d1eba0] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #​61402
• [5c091d5a96] - meta: persist sccache daemon until end of build workflows (René) #​61639
• [183353aba0] - path,win: fix bug in resolve and normalize (Hüseyin Açacak) #​55623
• [dbe9e5091b] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #​61948
• [4106bfc775] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #​60995
• [de51937306] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #​60565
• [368b221be3] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #​61629
• [e134912a33] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #​59158
• [5630170d3e] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #​58478
• [1e5363bb63] - test: mark test-http2-debug as flaky on LinuxONE (Richard Lau) #​58494
• [662998787a] - test: set test-fs-cp as flaky (Stefan Stojanovic) #​56799
• [0807127339] - test: mark test-esm-loader-hooks-inspect-wait flaky (Richard Lau) #​56803
• [6320cd0721] - test: skip strace test with shared openssl (Richard Lau) #​61987
• [83b9f8ee02] - tools: make nodedownload module compatible with Python 3.14 (Lumír 'Frenzy' Balhar) #​58752
• [6cf9b5786e] - tools: enforce removal of lts-watch-* labels on release proposals (Antoine du Hamel) #​61672
• [cd4161499c] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #​61663
• [6dc2a99a0d] - tools: validate release commit diff as part of lint-release-proposal (Antoine du Hamel) #​61440
• [5014f22332] - tools: add read permission to workflows that read contents (Antoine du Hamel) #​58255
• [6c3ad2a5a3] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #​61903
• [1abada9c34] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #​61899
• [f260e40127] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #​61759
• [64beca5e01] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #​61734

v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
  lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
  src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
  src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
  tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

Commits

• [8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #​60997
• [97fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#792
• [14fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• [1febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [51f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [85f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313

Commits

• [0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #​59547
• [fba0025b9c] - build: use windows-2025 runner (Michaël Zasso) #​59673
• [3456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #​59956
• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [1788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #​60112
• [5d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #​59791
• [9f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #​59689
• [d0edb01d25] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #​59335
• [576242ff39] - deps: V8: cherry-pick a0d0d4f (Ho Cheung) #​60716
• [a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #​60314
• [fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #​59133
• [acec79989e] - deps: V8: cherry-pick 6b1b9bc (zhoumingtao) #​59283
• [e65b930aa7] - deps: V8: backport 2e4c5cf (Michaël Zasso) #​60654
• [1b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [2426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #​59806
• [e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #​59562
• [e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #​59579
• [8a504d900a] - doc: fix missing link to the Error documentation in the http page (Alexander Makarenko) #​59080
• [8c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #​59591
• [109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #​59470
• [4f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #​59445
• [caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #​58876
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [19a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #​58504
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313
• [3b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [960d05ad7d] - doc: add history entries to --input-type section (Antoine du Hamel) #​58175
• [20616f1750] - http2: do not crash on mismatched ping buffer length (René) #​60135
• [9eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #​59261
• [dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [7cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #​54347
• [bb108191aa] - meta: call create-release-post.yml post release (Aviv Keller) #​60366
• [2a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #​58646
• [144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #​59607
• [b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #​59487
• [2c8a73f95f] - src: remove duplicate assignment of O_EXCL in node_constants.cc (Daniel Osvaldo R) #​59049
• [b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [4b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #​59755
• [9543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #​59640
• [4f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #​59637
• [3ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #​59563
• [a7a109f926] - test: fix typos (Lee Jiho) #​59330
• [fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #​60419
• [bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #​59414
• [0cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #​58840
• [76001f9480] - tools: remove unused actions from `build-tar

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.