From e07f1a78571a7a297621251441b3bd6d240948fe Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:24:19 -0500 Subject: [PATCH 01/12] feat(blog): create post for v25.6.0 (#8590) Co-authored-by: Create or Update Pull Request Action --- apps/site/pages/en/blog/release/v25.6.0.md | 141 +++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 apps/site/pages/en/blog/release/v25.6.0.md diff --git a/apps/site/pages/en/blog/release/v25.6.0.md b/apps/site/pages/en/blog/release/v25.6.0.md new file mode 100644 index 0000000000000..b2e3a3ec7529b --- /dev/null +++ b/apps/site/pages/en/blog/release/v25.6.0.md @@ -0,0 +1,141 @@ +--- +date: '2026-02-03T11:42:55.906Z' +category: release +title: Node.js 25.6.0 (Current) +layout: blog-post +author: Antoine du Hamel +--- + +## 2026-02-03, Version 25.6.0 (Current), @aduh95 + +### Notable Changes + +- \[[`796ff46ae6`](https://github.com/nodejs/node/commit/796ff46ae6)] - **(SEMVER-MINOR)** **async_hooks**: add `trackPromises` option to `createHook()` (Joyee Cheung) [#61415](https://github.com/nodejs/node/pull/61415) +- \[[`4cf94fae17`](https://github.com/nodejs/node/commit/4cf94fae17)] - **(SEMVER-MINOR)** **net**: add `setTOS` and `getTOS` to `Socket` (Amol Yadav) [#61503](https://github.com/nodejs/node/pull/61503) +- \[[`dce657071e`](https://github.com/nodejs/node/commit/dce657071e)] - **(SEMVER-MINOR)** **src**: add initial support for ESM in embedder API (Joyee Cheung) [#61548](https://github.com/nodejs/node/pull/61548) +- \[[`e62608bbcf`](https://github.com/nodejs/node/commit/e62608bbcf)] - **src**: improve `TextEncoder` encode performance with `simdutf` (Mert Can Altin) [#61496](https://github.com/nodejs/node/pull/61496) +- \[[`93938a4738`](https://github.com/nodejs/node/commit/93938a4738)] - **(SEMVER-MINOR)** **stream**: add `bytes()` method to `node:stream/consumers` (wantaek) [#60426](https://github.com/nodejs/node/pull/60426) +- \[[`5fe2582329`](https://github.com/nodejs/node/commit/5fe2582329)] - **(SEMVER-MINOR)** **test_runner**: add `env` option to `run` function (Ethan Arrowood) [#61367](https://github.com/nodejs/node/pull/61367) +- \[[`a181d0c43d`](https://github.com/nodejs/node/commit/a181d0c43d)] - **url**: update Ada to v3.4.2 and support Unicode 17 (Yagiz Nizipli) [#61593](https://github.com/nodejs/node/pull/61593) + +### Commits + +- \[[`9c8d1b0278`](https://github.com/nodejs/node/commit/9c8d1b0278)] - **assert**: fix loose deepEqual arrays with undefined and null failing (Ruben Bridgewater) [#61587](https://github.com/nodejs/node/pull/61587) +- \[[`796ff46ae6`](https://github.com/nodejs/node/commit/796ff46ae6)] - **(SEMVER-MINOR)** **async_hooks**: add trackPromises option to createHook() (Joyee Cheung) [#61415](https://github.com/nodejs/node/pull/61415) +- \[[`d23ee89693`](https://github.com/nodejs/node/commit/d23ee89693)] - **benchmark**: add streaming TextDecoder benchmark (Сковорода Никита Андреевич) [#61549](https://github.com/nodejs/node/pull/61549) +- \[[`8759db9d21`](https://github.com/nodejs/node/commit/8759db9d21)] - **buffer**: disallow ArrayBuffer transfer on pooled buffer (Chengzhong Wu) [#61372](https://github.com/nodejs/node/pull/61372) +- \[[`b2fb82946b`](https://github.com/nodejs/node/commit/b2fb82946b)] - **build**: add `--shared-lief` configure flag (Antoine du Hamel) [#61536](https://github.com/nodejs/node/pull/61536) +- \[[`0ef99de9da`](https://github.com/nodejs/node/commit/0ef99de9da)] - **build**: aix: deoptimize implementation-visitor.cc with --shared (Stewart X Addison) [#61550](https://github.com/nodejs/node/pull/61550) +- \[[`8f2083e73a`](https://github.com/nodejs/node/commit/8f2083e73a)] - **build**: enable -DV8_ENABLE_CHECKS flag (Ryuhei Shima) [#61327](https://github.com/nodejs/node/pull/61327) +- \[[`150910da70`](https://github.com/nodejs/node/commit/150910da70)] - **build,test**: add tests for binary linked with shared libnode (Joyee Cheung) [#61463](https://github.com/nodejs/node/pull/61463) +- \[[`fb7868ba98`](https://github.com/nodejs/node/commit/fb7868ba98)] - **build,win**: fix vs2022 compilation (Stefan Stojanovic) [#61530](https://github.com/nodejs/node/pull/61530) +- \[[`2c39a9234c`](https://github.com/nodejs/node/commit/2c39a9234c)] - **deps**: update undici to 7.19.2 (Node.js GitHub Bot) [#61566](https://github.com/nodejs/node/pull/61566) +- \[[`2a74379367`](https://github.com/nodejs/node/commit/2a74379367)] - **deps**: update archs files for openssl-3.5.5 (Node.js GitHub Bot) [#61547](https://github.com/nodejs/node/pull/61547) +- \[[`9e26a15c29`](https://github.com/nodejs/node/commit/9e26a15c29)] - **deps**: upgrade openssl sources to openssl-3.5.5 (Node.js GitHub Bot) [#61547](https://github.com/nodejs/node/pull/61547) +- \[[`f16b532e97`](https://github.com/nodejs/node/commit/f16b532e97)] - **deps**: update corepack to 0.34.6 (Node.js GitHub Bot) [#61510](https://github.com/nodejs/node/pull/61510) +- \[[`780e65c5c5`](https://github.com/nodejs/node/commit/780e65c5c5)] - **deps**: V8: cherry-pick c5ff7c4d6cde (Chengzhong Wu) [#61372](https://github.com/nodejs/node/pull/61372) +- \[[`2eb8e9d760`](https://github.com/nodejs/node/commit/2eb8e9d760)] - **deps**: update nghttp3 to 1.15.0 (Node.js GitHub Bot) [#61512](https://github.com/nodejs/node/pull/61512) +- \[[`a999edd8fd`](https://github.com/nodejs/node/commit/a999edd8fd)] - **deps**: update ngtcp2 to 1.20.0 (Node.js GitHub Bot) [#61511](https://github.com/nodejs/node/pull/61511) +- \[[`eedd3bb6b6`](https://github.com/nodejs/node/commit/eedd3bb6b6)] - **deps**: update undici to 7.19.1 (Node.js GitHub Bot) [#61514](https://github.com/nodejs/node/pull/61514) +- \[[`7d2bd59984`](https://github.com/nodejs/node/commit/7d2bd59984)] - **deps**: update undici to 7.19.0 (Node.js GitHub Bot) [#61470](https://github.com/nodejs/node/pull/61470) +- \[[`3ad4d9b11b`](https://github.com/nodejs/node/commit/3ad4d9b11b)] - **doc**: align Buffer.concat documentation with behavior (Gürgün Dayıoğlu) [#60405](https://github.com/nodejs/node/pull/60405) +- \[[`7e3eab5963`](https://github.com/nodejs/node/commit/7e3eab5963)] - **doc**: fix node-config-schema (Сковорода Никита Андреевич) [#61596](https://github.com/nodejs/node/pull/61596) +- \[[`cbcfaf9a35`](https://github.com/nodejs/node/commit/cbcfaf9a35)] - **doc**: update IBM/Red Hat volunteers with dedicated project time (Beth Griggs) [#61588](https://github.com/nodejs/node/pull/61588) +- \[[`3d68811d1a`](https://github.com/nodejs/node/commit/3d68811d1a)] - **doc**: regenerate `node.1` using `doc-kit` (Aviv Keller) [#61535](https://github.com/nodejs/node/pull/61535) +- \[[`71702c581a`](https://github.com/nodejs/node/commit/71702c581a)] - **doc**: restore @ChALkeR to collaborators (Сковорода Никита Андреевич) [#61553](https://github.com/nodejs/node/pull/61553) +- \[[`0ceb8cad59`](https://github.com/nodejs/node/commit/0ceb8cad59)] - **doc**: added `requestOCSP` option to `tls.connect` (ikeyan) [#61064](https://github.com/nodejs/node/pull/61064) +- \[[`da93e2178c`](https://github.com/nodejs/node/commit/da93e2178c)] - **doc**: move Security-Team from TSC to SECURITY (Rafael Gonzaga) [#61495](https://github.com/nodejs/node/pull/61495) +- \[[`4bea821b4c`](https://github.com/nodejs/node/commit/4bea821b4c)] - **lib**: use utf8 fast path for streaming TextDecoder (Сковорода Никита Андреевич) [#61549](https://github.com/nodejs/node/pull/61549) +- \[[`f05bad91d8`](https://github.com/nodejs/node/commit/f05bad91d8)] - **lib**: recycle queues (Robert Nagy) [#61461](https://github.com/nodejs/node/pull/61461) +- \[[`44b1927938`](https://github.com/nodejs/node/commit/44b1927938)] - **lib**: use StringPrototypeStartsWith from primordials in locks (Taejin Kim) [#61492](https://github.com/nodejs/node/pull/61492) +- \[[`a78259828a`](https://github.com/nodejs/node/commit/a78259828a)] - **lib**: unify ICU and no-ICU TextDecoder (Сковорода Никита Андреевич) [#61409](https://github.com/nodejs/node/pull/61409) +- \[[`a28ddd4594`](https://github.com/nodejs/node/commit/a28ddd4594)] - **module**: do not wrap module.\_load when tracing is not enabled (Joyee Cheung) [#61479](https://github.com/nodejs/node/pull/61479) +- \[[`4cf94fae17`](https://github.com/nodejs/node/commit/4cf94fae17)] - **(SEMVER-MINOR)** **net**: add `setTOS` and `getTOS` to `Socket` (Amol Yadav) [#61503](https://github.com/nodejs/node/pull/61503) +- \[[`b861451d57`](https://github.com/nodejs/node/commit/b861451d57)] - **process**: do not truncate long strings in `--print` (Mohamed Akram) [#61497](https://github.com/nodejs/node/pull/61497) +- \[[`4a2e184753`](https://github.com/nodejs/node/commit/4a2e184753)] - **sea**: print error information when fs operations fail (Joyee Cheung) [#61581](https://github.com/nodejs/node/pull/61581) +- \[[`45d25c47da`](https://github.com/nodejs/node/commit/45d25c47da)] - **sqlite**: change approach to fix segfault SQLTagStore (Bart Louwers) [#60462](https://github.com/nodejs/node/pull/60462) +- \[[`6993386320`](https://github.com/nodejs/node/commit/6993386320)] - **sqlite**: reserve vectors space (Guilherme Araújo) [#61540](https://github.com/nodejs/node/pull/61540) +- \[[`dce657071e`](https://github.com/nodejs/node/commit/dce657071e)] - **(SEMVER-MINOR)** **src**: add initial support for ESM in embedder API (Joyee Cheung) [#61548](https://github.com/nodejs/node/pull/61548) +- \[[`e62608bbcf`](https://github.com/nodejs/node/commit/e62608bbcf)] - **src**: improve textEncoder encode performance with simdutf (Mert Can Altin) [#61496](https://github.com/nodejs/node/pull/61496) +- \[[`0fce52d22c`](https://github.com/nodejs/node/commit/0fce52d22c)] - **src**: expose help texts into node-config-schema.json (Pietro Marchini) [#58680](https://github.com/nodejs/node/pull/58680) +- \[[`be644e2569`](https://github.com/nodejs/node/commit/be644e2569)] - **src**: throw RangeError on failed ArrayBuffer BackingStore allocation (Chengzhong Wu) [#61480](https://github.com/nodejs/node/pull/61480) +- \[[`93938a4738`](https://github.com/nodejs/node/commit/93938a4738)] - **(SEMVER-MINOR)** **stream**: add bytes() method to stream/consumers (wantaek) [#60426](https://github.com/nodejs/node/pull/60426) +- \[[`83b2bf8ea2`](https://github.com/nodejs/node/commit/83b2bf8ea2)] - **test**: split test-fs-watch-ignore-\* (Luigi Pinca) [#61494](https://github.com/nodejs/node/pull/61494) +- \[[`4726627443`](https://github.com/nodejs/node/commit/4726627443)] - **test**: aix: unflake test_threadsafe_function/test flaky on AIX (Stewart X Addison) [#61560](https://github.com/nodejs/node/pull/61560) +- \[[`6fbb0b7572`](https://github.com/nodejs/node/commit/6fbb0b7572)] - **test**: delay writing the files only on macOS (Luigi Pinca) [#61532](https://github.com/nodejs/node/pull/61532) +- \[[`0a952b88bb`](https://github.com/nodejs/node/commit/0a952b88bb)] - **test**: ensure removeListener event fires for once() listeners (sangwook) [#60137](https://github.com/nodejs/node/pull/60137) +- \[[`945b141c5d`](https://github.com/nodejs/node/commit/945b141c5d)] - **test**: fix flaky debugger test (Ryuhei Shima) [#58324](https://github.com/nodejs/node/pull/58324) +- \[[`256fc6770b`](https://github.com/nodejs/node/commit/256fc6770b)] - **test**: update WPT for url to 81a2aed262 (Node.js GitHub Bot) [#61509](https://github.com/nodejs/node/pull/61509) +- \[[`7725c8d596`](https://github.com/nodejs/node/commit/7725c8d596)] - **test**: skip --build-sea tests on platforms where SEA is flaky (Joyee Cheung) [#61504](https://github.com/nodejs/node/pull/61504) +- \[[`915d105ffd`](https://github.com/nodejs/node/commit/915d105ffd)] - **test_runner**: update node-config-schema (Pietro Marchini) [#58680](https://github.com/nodejs/node/pull/58680) +- \[[`fd8be14b33`](https://github.com/nodejs/node/commit/fd8be14b33)] - **test_runner**: fix passing `expectFailure` (Moshe Atlow) [#61568](https://github.com/nodejs/node/pull/61568) +- \[[`c0dd9826bd`](https://github.com/nodejs/node/commit/c0dd9826bd)] - **test_runner**: differentiate todo and failure styles (Moshe Atlow) [#61564](https://github.com/nodejs/node/pull/61564) +- \[[`5fe2582329`](https://github.com/nodejs/node/commit/5fe2582329)] - **(SEMVER-MINOR)** **test_runner**: add env option to run function (Ethan Arrowood) [#61367](https://github.com/nodejs/node/pull/61367) +- \[[`39bea2236e`](https://github.com/nodejs/node/commit/39bea2236e)] - **tools**: update gyp-next to 0.21.1 (Node.js GitHub Bot) [#61528](https://github.com/nodejs/node/pull/61528) +- \[[`d5beb4fe1c`](https://github.com/nodejs/node/commit/d5beb4fe1c)] - **tools**: move Quic dependencies behind ad-hoc flag (Antoine du Hamel) [#61446](https://github.com/nodejs/node/pull/61446) +- \[[`5c26087c29`](https://github.com/nodejs/node/commit/5c26087c29)] - **tools**: add LIEF to license builder (Chengzhong Wu) [#61523](https://github.com/nodejs/node/pull/61523) +- \[[`a181d0c43d`](https://github.com/nodejs/node/commit/a181d0c43d)] - **url**: update ada to v3.4.2 and support unicode 17 (Yagiz Nizipli) [#61593](https://github.com/nodejs/node/pull/61593) + +Windows 64-bit Installer: https://nodejs.org/dist/v25.6.0/node-v25.6.0-x64.msi \ +Windows ARM 64-bit Installer: https://nodejs.org/dist/v25.6.0/node-v25.6.0-arm64.msi \ +Windows 64-bit Binary: https://nodejs.org/dist/v25.6.0/win-x64/node.exe \ +Windows ARM 64-bit Binary: https://nodejs.org/dist/v25.6.0/win-arm64/node.exe \ +macOS 64-bit Installer: https://nodejs.org/dist/v25.6.0/node-v25.6.0.pkg \ +macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v25.6.0/node-v25.6.0-darwin-arm64.tar.gz \ +macOS Intel 64-bit Binary: https://nodejs.org/dist/v25.6.0/node-v25.6.0-darwin-x64.tar.gz \ +Linux 64-bit Binary: https://nodejs.org/dist/v25.6.0/node-v25.6.0-linux-x64.tar.xz \ +Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v25.6.0/node-v25.6.0-linux-ppc64le.tar.xz \ +Linux s390x 64-bit Binary: https://nodejs.org/dist/v25.6.0/node-v25.6.0-linux-s390x.tar.xz \ +AIX 64-bit Binary: https://nodejs.org/dist/v25.6.0/node-v25.6.0-aix-ppc64.tar.gz \ +ARMv8 64-bit Binary: https://nodejs.org/dist/v25.6.0/node-v25.6.0-linux-arm64.tar.xz \ +Source Code: https://nodejs.org/dist/v25.6.0/node-v25.6.0.tar.gz \ +Other release files: https://nodejs.org/dist/v25.6.0/ \ +Documentation: https://nodejs.org/docs/v25.6.0/api/ + +### SHASUMS + +``` +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +b85011754ca4e373f69e7e2e6c6d77fcafa089325f5a1c051742a9303abfcc51 node-v25.6.0-aix-ppc64.tar.gz +8d21c43d734400b1d63b1a48a0e08545e6920e6d810166ccc0887426448e4db0 node-v25.6.0-arm64.msi +5bfb537a913368152c5eba6aafe43ec834b23ee0ca4b96e5e18253937fe4103e node-v25.6.0-darwin-arm64.tar.gz +4404c6e228e8e0aa35c95cdd5d375021e900f771de1d8ba7e0fc8ce47a4c6b91 node-v25.6.0-darwin-arm64.tar.xz +b8bb25a7fd2fa5c638aa0fa9722ba351b5393ac5ca00aceea6578164b88e7761 node-v25.6.0-darwin-x64.tar.gz +633e0267b7a690437ad407e531e8708af288074711647ae89dc727e295ff12c2 node-v25.6.0-darwin-x64.tar.xz +6e6662d6081f36bb3896df42a331e9ccbb4286fda72daf7bc7fb5bfb18fa8ed0 node-v25.6.0-headers.tar.gz +233a11bf1c03a3a3ed2e635bc2d6d9c011d52a78f5147df44f3b7a27e1cafba1 node-v25.6.0-headers.tar.xz +2e66dabc6cb170347058132d164acca15b61503a0f998346c5134ce3072e003b node-v25.6.0-linux-arm64.tar.gz +e5509c8954771ea0f9291a65e71d2e3dee84b713cdd4e9a55432ca91b75a1922 node-v25.6.0-linux-arm64.tar.xz +76844c065754cbc0df946c185c048d9564508632b5f1899dc82e46fa586d7ad5 node-v25.6.0-linux-ppc64le.tar.gz +124460aae0eb06e66bf716dff0a3f5032759e68740db75b4d7afc9720315a741 node-v25.6.0-linux-ppc64le.tar.xz +54ec956b95461fefba40cbc202558cbe9b25c646bc251a49ff1ee2811a31594b node-v25.6.0-linux-s390x.tar.gz +9598e0fb01bc0da328129dbae7e2efa82730e65a0d074bc0bacb1c31abc8e0cf node-v25.6.0-linux-s390x.tar.xz +a218fdaee14cb399f6b33925d4615a4046ba8db144f6e883c3b81e78937429eb node-v25.6.0-linux-x64.tar.gz +f61908298ba1c8e1802ac00283cee678e0eb4035e1c74f094b06b1620423fcf2 node-v25.6.0-linux-x64.tar.xz +34188b91d682958b6a20822fbb93d99975f52bc777052da564802f82b10ef426 node-v25.6.0-win-arm64.7z +0124a8041cdde07c068c08fdcf4cdc59f83bde8d4b78dc9eca3b5d80672b9e40 node-v25.6.0-win-arm64.zip +b7836c90cfa8458234b21cca33958d289b113fed5609ac648b339f41bb4d3a46 node-v25.6.0-win-x64.7z +133686ade5cd1e1686afcf2d688530fc35afef649ddf6a491e4705610727bd23 node-v25.6.0-win-x64.zip +9a60c1001dc34d108f9e031d8fad2125d407c9a7efdb865e3e00b7c3a34a32d3 node-v25.6.0-x64.msi +335a3556a275302fcd47a5434e7946e0d6a5eafd984f762774ab59c057c24774 node-v25.6.0.pkg +4f9567884d604f900c13cf83919654a55e6808538ed88f25cc9cdfc84ebb70ea node-v25.6.0.tar.gz +9db6848c802b1981c0faeb71a5b8cc79913f82a747f7f1d50260c6d2f781ef7e node-v25.6.0.tar.xz +123b693d8befc1c92d2eb36380c203e061f684f488524569b42460b27f434565 win-arm64/node.exe +47750ee99207e5b621671565852cf7385f27bf664470886b9437137342a497c9 win-arm64/node.lib +551e4bea971fe2b619a02081a23e04cc5884c2c53abefe090b506c7a99a9a891 win-arm64/node_pdb.7z +6131eaeb067affbc2e2e0c505937af90fc3aa981a3aa82fe6390218292018274 win-arm64/node_pdb.zip +1448db441895712bf3eb82102cb6bac80f7b95a62c83ecbc856021d4f9e4d50c win-x64/node.exe +f7201b932d898bdbf78aee7add288d2263c4791f1502068ad11b6c14675c6324 win-x64/node.lib +1cdad9f74c065b8eb60fe913c28e27fa71daebeda805ec9ff90605929df74e84 win-x64/node_pdb.7z +9e8b51e31ebe03bd4e9b1a3fcdfdd0a9534b0c372a1e8c43696f6809fd44fb15 win-x64/node_pdb.zip + +-----BEGIN PGP SIGNATURE----- + +iHUEARYIAB0WIQRb6KP2yKXAHRBsCtggsaOQsWjTVgUCaYHeiAAKCRAgsaOQsWjT +VgDjAP0akxoTw9nCYELhzIH9cNc30Jg/YcOxxDxAcGmX4SohbQD+OnlXvqu2otYs +KUo2SVRj8TqZ+sEySyrVLpMC+911YAg= +=ged4 +-----END PGP SIGNATURE----- +``` From 143bf08775c6d9168293c5d898893ca47755e92e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:26:59 -0500 Subject: [PATCH 02/12] meta: bump chromaui/action from 13.3.4 to 13.3.5 (#8581) Bumps [chromaui/action](https://github.com/chromaui/action) from 13.3.4 to 13.3.5. - [Release notes](https://github.com/chromaui/action/releases) - [Commits](https://github.com/chromaui/action/compare/4c20b95e9d3209ecfdf9cd6aace6bbde71ba1694...07791f8243f4cb2698bf4d00426baf4b2d1cb7e0) --- updated-dependencies: - dependency-name: chromaui/action dependency-version: 13.3.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/chromatic.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index f51b214cedf87..107362f73aacb 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -62,7 +62,7 @@ jobs: - name: Start Visual Regression Tests (Chromatic) # This assigns the Environment Deployment for Storybook id: chromatic-deploy - uses: chromaui/action@4c20b95e9d3209ecfdf9cd6aace6bbde71ba1694 # v13.3.4 + uses: chromaui/action@07791f8243f4cb2698bf4d00426baf4b2d1cb7e0 # v13.3.5 with: workingDir: packages/ui-components buildScriptName: storybook:build From 72cb7afb4076575dcdca3958765cbad14e57968f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:27:11 -0500 Subject: [PATCH 03/12] meta: bump actions/cache from 5.0.1 to 5.0.3 (#8583) Bumps [actions/cache](https://github.com/actions/cache) from 5.0.1 to 5.0.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...cdf6c1fa76f9f475f3d7449005a359c84ca0f306) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- .github/workflows/lint-and-tests.yml | 4 ++-- .github/workflows/playwright-cloudflare-open-next.yml | 2 +- .github/workflows/playwright.yml | 2 +- .github/workflows/translations-sync.yml | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7002131771cce..0c52a4f851397 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,7 +53,7 @@ jobs: shell: cmd run: echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%" - - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ github.workspace }}/apps/site/.next/cache key: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }} diff --git a/.github/workflows/lint-and-tests.yml b/.github/workflows/lint-and-tests.yml index 5bd4c01adcb1b..7174a00bf82c8 100644 --- a/.github/workflows/lint-and-tests.yml +++ b/.github/workflows/lint-and-tests.yml @@ -49,7 +49,7 @@ jobs: use-version-file: true - name: Restore Lint Cache - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | .turbo/cache @@ -86,7 +86,7 @@ jobs: (github.event_name == 'pull_request' && startsWith(github.event.pull_request.head.ref, 'dependabot/') == false && github.event.pull_request.head.ref != 'chore/crowdin') - uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | .turbo/cache diff --git a/.github/workflows/playwright-cloudflare-open-next.yml b/.github/workflows/playwright-cloudflare-open-next.yml index 6741ad0ee7e83..ebabe74f01bb4 100644 --- a/.github/workflows/playwright-cloudflare-open-next.yml +++ b/.github/workflows/playwright-cloudflare-open-next.yml @@ -41,7 +41,7 @@ jobs: - name: Cache Playwright browsers id: playwright-cache - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ~/.cache/ms-playwright key: playwright-${{ runner.os }}-${{ steps.playwright-version.outputs.version }} diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index ac28788100f8f..f04f56daf9dee 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -67,7 +67,7 @@ jobs: - name: Cache Playwright browsers id: playwright-cache - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ~/.cache/ms-playwright key: playwright-${{ runner.os }}-${{ steps.playwright-version.outputs.version }} diff --git a/.github/workflows/translations-sync.yml b/.github/workflows/translations-sync.yml index d05becf5fc2f1..e14f8e5fb321c 100644 --- a/.github/workflows/translations-sync.yml +++ b/.github/workflows/translations-sync.yml @@ -74,7 +74,7 @@ jobs: fetch-depth: 2 - name: Restore Lint Cache - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | apps/site/.eslintmdcache @@ -112,7 +112,7 @@ jobs: branch: ${{ env.BRANCH_NAME }} - name: Save Lint Cache - uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | apps/site/.eslintmdcache From 6299d17c79ea729d79d9c6e5a1c9a42c65864559 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:27:24 -0500 Subject: [PATCH 04/12] meta: bump pnpm/action-setup from 4.1.0 to 4.2.0 (#8588) Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](https://github.com/pnpm/action-setup/compare/v4.1.0...41ff72655975bd51cab0327fa583b6e92b6d3061) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pnpm-updater.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pnpm-updater.yml b/.github/workflows/pnpm-updater.yml index 129500ad1e2b7..101ff5a2bcd68 100644 --- a/.github/workflows/pnpm-updater.yml +++ b/.github/workflows/pnpm-updater.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - name: Update pnpm and package.json id: update-pnpm From 57d8baf7a8589ae8c95b7c274c80830608ac7c6d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:27:37 -0500 Subject: [PATCH 05/12] meta: update pnpm from 10.28.0 to 10.28.2 (#8587) Co-authored-by: Create or Update Pull Request Action --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 36d2f8169bf62..55ee618b30a7b 100644 --- a/package.json +++ b/package.json @@ -52,7 +52,7 @@ "typescript": "catalog:", "typescript-eslint": "~8.50.1" }, - "packageManager": "pnpm@10.28.0", + "packageManager": "pnpm@10.28.2", "devEngines": { "runtime": { "name": "node", @@ -61,7 +61,7 @@ }, "packageManager": { "name": "pnpm", - "version": "10.28.0", + "version": "10.28.2", "onFail": "error" } } From 76bff1940b79d4ff6e1145a3b0ce17724b4c75cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:27:48 -0500 Subject: [PATCH 06/12] meta: bump crowdin/github-action from 2.13.0 to 2.14.0 (#8585) Bumps [crowdin/github-action](https://github.com/crowdin/github-action) from 2.13.0 to 2.14.0. - [Release notes](https://github.com/crowdin/github-action/releases) - [Commits](https://github.com/crowdin/github-action/compare/60debf382ee245b21794321190ad0501db89d8c1...b4b468cffefb50bdd99dd83e5d2eaeb63c880380) --- updated-dependencies: - dependency-name: crowdin/github-action dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/translations-sync.yml | 2 +- .github/workflows/translations-upload.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/translations-sync.yml b/.github/workflows/translations-sync.yml index e14f8e5fb321c..76c11ffe05da6 100644 --- a/.github/workflows/translations-sync.yml +++ b/.github/workflows/translations-sync.yml @@ -37,7 +37,7 @@ jobs: # see all the options at https://github.com/crowdin/github-action - name: Crowdin PR - uses: crowdin/github-action@60debf382ee245b21794321190ad0501db89d8c1 # v2.13.0 + uses: crowdin/github-action@b4b468cffefb50bdd99dd83e5d2eaeb63c880380 # v2.14.0 with: # do not upload anything - this is a one-way operation download upload_sources: false diff --git a/.github/workflows/translations-upload.yml b/.github/workflows/translations-upload.yml index 6fac126738fd9..90300b9fdd310 100644 --- a/.github/workflows/translations-upload.yml +++ b/.github/workflows/translations-upload.yml @@ -27,7 +27,7 @@ jobs: # see all the options at https://github.com/crowdin/github-action - name: crowdin action - uses: crowdin/github-action@60debf382ee245b21794321190ad0501db89d8c1 # v2.13.0 + uses: crowdin/github-action@b4b468cffefb50bdd99dd83e5d2eaeb63c880380 # v2.14.0 with: # only upload sources, ensuring this is a one-way operation upload_sources: true From 7e62e64fef29d733277451b68cac94fa4896f0f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:28:04 -0500 Subject: [PATCH 07/12] meta: bump actions/checkout from 6.0.1 to 6.0.2 (#8586) Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/bundle-compare.yml | 2 +- .github/workflows/lighthouse.yml | 2 +- .github/workflows/pnpm-updater.yml | 2 +- .github/workflows/publish-packages.yml | 2 +- .github/workflows/request-codeowner-review.yml | 2 +- .github/workflows/tmp-cloudflare-open-next-deploy.yml | 2 +- .github/workflows/translations-sync.yml | 2 +- .github/workflows/translations-upload.yml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/bundle-compare.yml b/.github/workflows/bundle-compare.yml index e2ca4bda57628..afb51bb2cb9a0 100644 --- a/.github/workflows/bundle-compare.yml +++ b/.github/workflows/bundle-compare.yml @@ -24,7 +24,7 @@ jobs: egress-policy: audit - name: Git Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download Stats (HEAD) uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml index 8d3cc737f5472..4cf85edffeb69 100644 --- a/.github/workflows/lighthouse.yml +++ b/.github/workflows/lighthouse.yml @@ -70,7 +70,7 @@ jobs: egress-policy: audit - name: Git Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # Provides the Pull Request commit SHA or the GitHub merge group ref ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }} diff --git a/.github/workflows/pnpm-updater.yml b/.github/workflows/pnpm-updater.yml index 101ff5a2bcd68..e5be2c90c35f8 100644 --- a/.github/workflows/pnpm-updater.yml +++ b/.github/workflows/pnpm-updater.yml @@ -26,7 +26,7 @@ jobs: egress-policy: audit - name: Git Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index 1b00bb45a1e99..d6bcbf67f92e2 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -60,7 +60,7 @@ jobs: echo "✅ Commit is verified and trusted." - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 2 # Need at least 2 commits to detect changes between commits diff --git a/.github/workflows/request-codeowner-review.yml b/.github/workflows/request-codeowner-review.yml index f5a9147140789..261a992c1be36 100644 --- a/.github/workflows/request-codeowner-review.yml +++ b/.github/workflows/request-codeowner-review.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Request Codeowner Reviews uses: pkgjs/request-codeowner-review@d39b61c5e1399655dce6287b3b119af93dee235a # v1.1.0 diff --git a/.github/workflows/tmp-cloudflare-open-next-deploy.yml b/.github/workflows/tmp-cloudflare-open-next-deploy.yml index e19aa64223733..594ae29987c5c 100644 --- a/.github/workflows/tmp-cloudflare-open-next-deploy.yml +++ b/.github/workflows/tmp-cloudflare-open-next-deploy.yml @@ -35,7 +35,7 @@ jobs: egress-policy: audit - name: Git Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 diff --git a/.github/workflows/translations-sync.yml b/.github/workflows/translations-sync.yml index 76c11ffe05da6..3bdabd3536f47 100644 --- a/.github/workflows/translations-sync.yml +++ b/.github/workflows/translations-sync.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.CROWDIN_GITHUB_BOT_TOKEN }} diff --git a/.github/workflows/translations-upload.yml b/.github/workflows/translations-upload.yml index 90300b9fdd310..1cdceabfa2683 100644 --- a/.github/workflows/translations-upload.yml +++ b/.github/workflows/translations-upload.yml @@ -23,7 +23,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # see all the options at https://github.com/crowdin/github-action - name: crowdin action From db97d6c0d72ffc5290d1bfdb81ddb74c2b955850 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:28:17 -0500 Subject: [PATCH 08/12] meta: bump patrickedqvist/wait-for-vercel-preview from 1.3.2 to 1.3.3 (#8584) Bumps [patrickedqvist/wait-for-vercel-preview](https://github.com/patrickedqvist/wait-for-vercel-preview) from 1.3.2 to 1.3.3. - [Release notes](https://github.com/patrickedqvist/wait-for-vercel-preview/releases) - [Commits](https://github.com/patrickedqvist/wait-for-vercel-preview/compare/06c79330064b0e6ef7a2574603b62d3c98789125...d7982701e6fcd3ae073bff929e408e004404d38d) --- updated-dependencies: - dependency-name: patrickedqvist/wait-for-vercel-preview dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lighthouse.yml | 2 +- .github/workflows/playwright.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml index 4cf85edffeb69..f9690210b7f7c 100644 --- a/.github/workflows/lighthouse.yml +++ b/.github/workflows/lighthouse.yml @@ -40,7 +40,7 @@ jobs: steps: - name: Capture Vercel Preview id: check_deployment - uses: patrickedqvist/wait-for-vercel-preview@06c79330064b0e6ef7a2574603b62d3c98789125 # v1.3.2 + uses: patrickedqvist/wait-for-vercel-preview@d7982701e6fcd3ae073bff929e408e004404d38d # v1.3.3 with: token: ${{ secrets.GITHUB_TOKEN }} max_timeout: 300 # timeout after 5 minutes diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index f04f56daf9dee..1a0bdf423cbda 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Capture Vercel Preview id: check_deployment - uses: patrickedqvist/wait-for-vercel-preview@06c79330064b0e6ef7a2574603b62d3c98789125 # v1.3.2 + uses: patrickedqvist/wait-for-vercel-preview@d7982701e6fcd3ae073bff929e408e004404d38d # v1.3.3 with: token: ${{ secrets.GITHUB_TOKEN }} max_timeout: 300 # timeout after 5 minutes From 0908cfa1f1b8c5a9ee5dacde24b519669a97e39f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:28:33 -0500 Subject: [PATCH 09/12] meta: bump actions/setup-node from 6.1.0 to 6.2.0 (#8582) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.1.0 to 6.2.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/395ad3262231945c25e8478fd5baf05154b1d79f...6044e13b5dc448c55e2357c09f80417699197238) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/tmp-cloudflare-open-next-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tmp-cloudflare-open-next-deploy.yml b/.github/workflows/tmp-cloudflare-open-next-deploy.yml index 594ae29987c5c..7d818973f682c 100644 --- a/.github/workflows/tmp-cloudflare-open-next-deploy.yml +++ b/.github/workflows/tmp-cloudflare-open-next-deploy.yml @@ -41,7 +41,7 @@ jobs: uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - name: Set up Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: # We want to ensure that the Node.js version running here respects our supported versions node-version-file: '.nvmrc' From fb4943d0be3d4286cb250dc98831cdfa3d6d63a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 08:28:46 -0500 Subject: [PATCH 10/12] meta: bump step-security/harden-runner from 2.14.0 to 2.14.1 (#8580) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.0 to 2.14.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/20cf305ff2072d973412fa9b1e3a4f227bda3c76...e3f713f2d8f53843e71c69a996d56f51aa9adfb9) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.14.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/bundle-compare.yml | 2 +- .github/workflows/lighthouse.yml | 2 +- .github/workflows/pnpm-updater.yml | 2 +- .github/workflows/publish-packages.yml | 2 +- .github/workflows/pull-request-label.yml | 2 +- .github/workflows/tmp-cloudflare-open-next-deploy.yml | 2 +- .github/workflows/translations-pr-lint.yml | 2 +- .github/workflows/translations-sync.yml | 2 +- .github/workflows/translations-upload.yml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/bundle-compare.yml b/.github/workflows/bundle-compare.yml index afb51bb2cb9a0..f7c3a4b37e2cb 100644 --- a/.github/workflows/bundle-compare.yml +++ b/.github/workflows/bundle-compare.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml index f9690210b7f7c..5f918acc97ea1 100644 --- a/.github/workflows/lighthouse.yml +++ b/.github/workflows/lighthouse.yml @@ -65,7 +65,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/pnpm-updater.yml b/.github/workflows/pnpm-updater.yml index e5be2c90c35f8..1074b20c03ee9 100644 --- a/.github/workflows/pnpm-updater.yml +++ b/.github/workflows/pnpm-updater.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index d6bcbf67f92e2..d345c6b5c4118 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -31,7 +31,7 @@ jobs: matrix: ${{ steps.generate-matrix.outputs.matrix }} steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/pull-request-label.yml b/.github/workflows/pull-request-label.yml index 5db76159159f0..cec6cc6b532c7 100644 --- a/.github/workflows/pull-request-label.yml +++ b/.github/workflows/pull-request-label.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/tmp-cloudflare-open-next-deploy.yml b/.github/workflows/tmp-cloudflare-open-next-deploy.yml index 7d818973f682c..d51a91f32af8a 100644 --- a/.github/workflows/tmp-cloudflare-open-next-deploy.yml +++ b/.github/workflows/tmp-cloudflare-open-next-deploy.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/translations-pr-lint.yml b/.github/workflows/translations-pr-lint.yml index 2f9529a86b96e..076fe7c11da0f 100644 --- a/.github/workflows/translations-pr-lint.yml +++ b/.github/workflows/translations-pr-lint.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/translations-sync.yml b/.github/workflows/translations-sync.yml index 3bdabd3536f47..9d7390b15d6d8 100644 --- a/.github/workflows/translations-sync.yml +++ b/.github/workflows/translations-sync.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/translations-upload.yml b/.github/workflows/translations-upload.yml index 1cdceabfa2683..877d26ea2b608 100644 --- a/.github/workflows/translations-upload.yml +++ b/.github/workflows/translations-upload.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit From 06ee026574c002324ef101c8daf9ac9e31b850cc Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Tue, 3 Feb 2026 08:29:08 -0500 Subject: [PATCH 11/12] learn(frame-graphs): update the ways to view flame graphs (#8555) * learn(frame-graphs): update the ways to view flame graphs Updated instructions for generating and visualizing flame graphs, including browser preview and local setup options. Signed-off-by: Sebastian Beltran * Update apps/site/pages/en/learn/diagnostics/flame-graphs.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Sebastian Beltran * fixup! --------- Signed-off-by: Sebastian Beltran Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- apps/site/pages/en/learn/diagnostics/flame-graphs.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/apps/site/pages/en/learn/diagnostics/flame-graphs.md b/apps/site/pages/en/learn/diagnostics/flame-graphs.md index 53245fef7cb35..16d38a220e689 100644 --- a/apps/site/pages/en/learn/diagnostics/flame-graphs.md +++ b/apps/site/pages/en/learn/diagnostics/flame-graphs.md @@ -40,12 +40,16 @@ perf record -e cycles:u -g -- node --perf-basic-prof --interpreted-frames-native 4. Disregard warnings unless they're saying you can't run perf due to missing packages; you may get some warnings about not being able to access kernel module samples which you're not after anyway. 5. Run `perf script > perfs.out` to generate the data file you'll visualize in a moment. It's useful to [apply some cleanup](#filtering-out-nodejs-internal-functions) for a more readable graph -6. Clone Brendan Gregg's FlameGraph tools: https://github.com/brendangregg/FlameGraph -7. Run `cat perfs.out | ./FlameGraph/stackcollapse-perf.pl | ./FlameGraph/flamegraph.pl --colors=js > profile.svg` +6. Preview or generate the flame graph: + - Browser preview (no local setup required): + - Upload the generated `perfs.out` file to to visualize the flame graph. -Now open the flame graph file in your favorite browser and watch it burn. It's color-coded so you can focus on the most saturated orange bars first. They're likely to represent CPU heavy functions. + - Clone Brendan Gregg's FlameGraph tools: https://github.com/brendangregg/FlameGraph + - Run `cat perfs.out | ./FlameGraph/stackcollapse-perf.pl | ./FlameGraph/flamegraph.pl --colors=js > profile.svg` and now open the flame graph file in your favorite browser and watch it burn -Worth mentioning - if you click an element of a flame graph a it will zoom-in on the section you clicked. +Once the flame graph is rendered, inspect the most saturated orange bars first. They're likely to represent CPU heavy functions. + +Worth mentioning - if you click an element of a flame graph it will zoom-in on the section you clicked. ### Using `perf` to sample a running process From c475ee690bd749a201757ce61942ecd5b7676dbd Mon Sep 17 00:00:00 2001 From: Aviv Keller Date: Tue, 3 Feb 2026 08:53:53 -0500 Subject: [PATCH 12/12] fix(CodeQL): more triggers (#8591) --- .github/workflows/codeql.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ba18b4a8ec1c6..d62bbce624f35 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -6,6 +6,7 @@ on: pull_request: # The branches below must be a subset of the branches above branches: ['main'] + types: [opened, synchronize, reopened, ready_for_review] schedule: - cron: '0 0 * * 1'