src: call V8::ExternalMemoryAccounter::Update instead of V8::ExternalMemoryAccounter::Increase to report memory difference to V8
#59623
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review requested:
|
nodejs-github-bot
added
c++
Call `V8::ExternalMemoryAccounter::Update` instead of `V8::ExternalMemoryAccounter::Increase` to report memory difference to V8 Calling `V8::ExternalMemoryAccounter::Increase` with a signed integer on 32-bit platforms causes instances where GC inside GC takes place leading to a crash in certain cases. During GC, native objects are destructed. In destructor for `CompressionStream` class used by zlib, memory release information is passed onto `V8::ExternalMemoryAccounter::Increase()` instead of `V8::ExternalMemoryAccounter::Decrease()` which triggers V8's memory limits, thus triggering GC inside GC which leads to crash. Bug initially introduced in commit 1d5d7b6 For full report see https://hackerone.com/reports/3302484
thunder-coding
force-pushed
the
hackerone-3302484
branch
from
33e25b6 to
9d77c41
Compare
thunder-coding
added a commit
to termux/termux-packages
that referenced
this pull request
Aug 25, 2025
zlib.createDeflate().write() The plan was to do a coordinated disclosure with upstream as it is a crash that was happening on all 32-bit Linux binaries, but upstream is not willing to block releases for failures for 32-bit Linux, so we'll have to go ahead and patch this ourselves. The fix has also been sent upstream as in nodejs/node#59623 Full writeup of the security report can be found on https://hackerone.com/reports/3302484 Closes #25455
termux-pacman-bot
added a commit
to termux-pacman/termux-packages
that referenced
this pull request
Aug 25, 2025
zlib.createDeflate().write() The plan was to do a coordinated disclosure with upstream as it is a crash that was happening on all 32-bit Linux binaries, but upstream is not willing to block releases for failures for 32-bit Linux, so we'll have to go ahead and patch this ourselves. The fix has also been sent upstream as in nodejs/node#59623 Full writeup of the security report can be found on https://hackerone.com/reports/3302484 Closes termux/termux-packages#25455
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #59623 +/- ##
==========================================
- Coverage 89.84% 89.83% -0.02%
==========================================
Files 667 667
Lines 196260 196260
Branches 38563 38562 -1
==========================================
- Hits 176332 176310 -22
- Misses 12382 12416 +34
+ Partials 7546 7534 -12
🚀 New features to boost your workflow:
|
algitbot
pushed a commit
to alpinelinux/aports
that referenced
this pull request
Sep 3, 2025
This happens due to incorrect V8 API usage leading to GC inside GC. Full report can be found on https://hackerone.com/reports/3302484 Bug originally reported over on termux/termux-packages#25455 Patch submitted upstream as well: nodejs/node#59623
thunder-coding
added a commit
to thunder-coding/freebsd-ports
that referenced
this pull request
Sep 8, 2025
This commit fixes crashes of nodejs on 32 bit due to incorrect V8 API usage leading to GC inside GC situations. Bug originally reported in termux/termux-packages#25455 Fix sent upstream in nodejs/node#59623 Full report of the crash https://hackerone.com/reports/3302484
This was referenced Sep 8, 2025
legendecas
approved these changes
Sep 9, 2025
legendecas
added
request-ci
github-actions
bot
removed
the
request-ci
legendecas
added
the
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in d58343e |
targos
pushed a commit
that referenced
this pull request
Sep 10, 2025
Call `V8::ExternalMemoryAccounter::Update` instead of `V8::ExternalMemoryAccounter::Increase` to report memory difference to V8 Calling `V8::ExternalMemoryAccounter::Increase` with a signed integer on 32-bit platforms causes instances where GC inside GC takes place leading to a crash in certain cases. During GC, native objects are destructed. In destructor for `CompressionStream` class used by zlib, memory release information is passed onto `V8::ExternalMemoryAccounter::Increase()` instead of `V8::ExternalMemoryAccounter::Decrease()` which triggers V8's memory limits, thus triggering GC inside GC which leads to crash. Bug initially introduced in commit 1d5d7b6 For full report see https://hackerone.com/reports/3302484 PR-URL: #59623 Reviewed-By: Chengzhong Wu <[email protected]>
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Sep 12, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `24.7.0` -> `24.8.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v24.8.0`](https://github.com/nodejs/node/releases/tag/v24.8.0): 2025-09-10, Version 24.8.0 (Current), @​targos [Compare Source](nodejs/node@v24.7.0...v24.8.0) ##### Notable Changes ##### HTTP/2 Network Inspection Support in Node.js Node.js now supports inspection of HTTP/2 network calls in Chrome DevTools for Node.js. ##### Usage Write a `test.js` script that makes HTTP/2 requests. ```js const http2 = require('node:http2'); const client = http2.connect('https://nghttp2.org'); const req = client.request([ ':path', '/', ':method', 'GET', ]); ``` Run it with these options: ```bash node --inspect-wait --experimental-network-inspection test.js ``` Open `about:inspect` on Google Chrome and click on `Open dedicated DevTools for Node`. The `Network` tab will let you track your HTTP/2 calls. Contributed by Darshan Sen in [#​59611](nodejs/node#59611). ##### Other Notable Changes - \[[`7a8e2c251d`](nodejs/node@7a8e2c251d)] - **(SEMVER-MINOR)** **crypto**: support Ed448 and ML-DSA context parameter in node:crypto (Filip Skokan) [#​59570](nodejs/node#59570) - \[[`4b631be0b0`](nodejs/node@4b631be0b0)] - **(SEMVER-MINOR)** **crypto**: support Ed448 and ML-DSA context parameter in Web Cryptography (Filip Skokan) [#​59570](nodejs/node#59570) - \[[`3e4b1e732c`](nodejs/node@3e4b1e732c)] - **(SEMVER-MINOR)** **crypto**: add KMAC Web Cryptography algorithms (Filip Skokan) [#​59647](nodejs/node#59647) - \[[`b1d28785b2`](nodejs/node@b1d28785b2)] - **(SEMVER-MINOR)** **crypto**: add Argon2 Web Cryptography algorithms (Filip Skokan) [#​59544](nodejs/node#59544) - \[[`430691d1af`](nodejs/node@430691d1af)] - **(SEMVER-MINOR)** **crypto**: support SLH-DSA KeyObject, sign, and verify (Filip Skokan) [#​59537](nodejs/node#59537) - \[[`d6d05ba397`](nodejs/node@d6d05ba397)] - **(SEMVER-MINOR)** **worker**: add cpu profile APIs for worker (theanarkh) [#​59428](nodejs/node#59428) ##### Commits - \[[`d913872369`](nodejs/node@d913872369)] - **assert**: cap input size in myersDiff to avoid Int32Array overflow (Haram Jeong) [#​59578](nodejs/node#59578) - \[[`7bbbcf6666`](nodejs/node@7bbbcf6666)] - **benchmark**: sqlite prevent create both tables on prepare selects (Bruno Rodrigues) [#​59709](nodejs/node#59709) - \[[`44d7b92271`](nodejs/node@44d7b92271)] - **benchmark**: calibrate config array-vs-concat (Rafael Gonzaga) [#​59587](nodejs/node#59587) - \[[`7f347fc551`](nodejs/node@7f347fc551)] - **build**: fix getting OpenSSL version on Windows (Michaël Zasso) [#​59609](nodejs/node#59609) - \[[`4a317150d5`](nodejs/node@4a317150d5)] - **build**: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) [#​59547](nodejs/node#59547) - \[[`bda32af587`](nodejs/node@bda32af587)] - **build**: use `windows-2025` runner (Michaël Zasso) [#​59673](nodejs/node#59673) - \[[`a4a8ed8f6e`](nodejs/node@a4a8ed8f6e)] - **build**: compile bundled uvwasi conditionally (Carlo Cabrera) [#​59622](nodejs/node#59622) - \[[`d944a87761`](nodejs/node@d944a87761)] - **crypto**: refactor subtle methods to use synchronous import (Filip Skokan) [#​59771](nodejs/node#59771) - \[[`7a8e2c251d`](nodejs/node@7a8e2c251d)] - **(SEMVER-MINOR)** **crypto**: support Ed448 and ML-DSA context parameter in node:crypto (Filip Skokan) [#​59570](nodejs/node#59570) - \[[`4b631be0b0`](nodejs/node@4b631be0b0)] - **(SEMVER-MINOR)** **crypto**: support Ed448 and ML-DSA context parameter in Web Cryptography (Filip Skokan) [#​59570](nodejs/node#59570) - \[[`3e4b1e732c`](nodejs/node@3e4b1e732c)] - **(SEMVER-MINOR)** **crypto**: add KMAC Web Cryptography algorithms (Filip Skokan) [#​59647](nodejs/node#59647) - \[[`b1d28785b2`](nodejs/node@b1d28785b2)] - **(SEMVER-MINOR)** **crypto**: add Argon2 Web Cryptography algorithms (Filip Skokan) [#​59544](nodejs/node#59544) - \[[`430691d1af`](nodejs/node@430691d1af)] - **(SEMVER-MINOR)** **crypto**: support SLH-DSA KeyObject, sign, and verify (Filip Skokan) [#​59537](nodejs/node#59537) - \[[`0d1e53d935`](nodejs/node@0d1e53d935)] - **deps**: update uvwasi to 0.0.23 (Node.js GitHub Bot) [#​59791](nodejs/node#59791) - \[[`68732cf426`](nodejs/node@68732cf426)] - **deps**: update histogram to 0.11.9 (Node.js GitHub Bot) [#​59689](nodejs/node#59689) - \[[`f12c1ad961`](nodejs/node@f12c1ad961)] - **deps**: update googletest to [`eb2d85e`](nodejs/node@eb2d85e) (Node.js GitHub Bot) [#​59335](nodejs/node#59335) - \[[`45af6966ae`](nodejs/node@45af6966ae)] - **deps**: upgrade npm to 11.6.0 (npm team) [#​59750](nodejs/node#59750) - \[[`57617244a4`](nodejs/node@57617244a4)] - **deps**: V8: cherry-pick [`6b1b9bc`](nodejs/node@6b1b9bca2a8) (Xiao-Tao) [#​59283](nodejs/node#59283) - \[[`2e6225a747`](nodejs/node@2e6225a747)] - **deps**: update amaro to 1.1.2 (Node.js GitHub Bot) [#​59616](nodejs/node#59616) - \[[`1f7f6dfae6`](nodejs/node@1f7f6dfae6)] - **diagnostics\_channel**: revoke DEP0163 (René) [#​59758](nodejs/node#59758) - \[[`8671a6cdb3`](nodejs/node@8671a6cdb3)] - **doc**: stabilize --disable-sigusr1 (Rafael Gonzaga) [#​59707](nodejs/node#59707) - \[[`583b1b255d`](nodejs/node@583b1b255d)] - **doc**: update OpenSSL default security level to 2 (Jeetu Suthar) [#​59723](nodejs/node#59723) - \[[`9b5eb6eb50`](nodejs/node@9b5eb6eb50)] - **doc**: fix missing links in the `errors` page (Nam Yooseong) [#​59427](nodejs/node#59427) - \[[`e7bf712c57`](nodejs/node@e7bf712c57)] - **doc**: update "Type stripping in dependencies" section (Josh Kelley) [#​59652](nodejs/node#59652) - \[[`96db47f91e`](nodejs/node@96db47f91e)] - **doc**: add Miles Guicent as triager (Miles Guicent) [#​59562](nodejs/node#59562) - \[[`87f829bd0c`](nodejs/node@87f829bd0c)] - **doc**: mark `path.matchesGlob` as stable (Aviv Keller) [#​59572](nodejs/node#59572) - \[[`062b2f705e`](nodejs/node@062b2f705e)] - **doc**: improve documentation for raw headers in HTTP/2 APIs (Tim Perry) [#​59633](nodejs/node#59633) - \[[`6ab9306370`](nodejs/node@6ab9306370)] - **doc**: update install\_tools.bat free disk space (Stefan Stojanovic) [#​59579](nodejs/node#59579) - \[[`c8d6b60da6`](nodejs/node@c8d6b60da6)] - **doc**: fix quic session instance typo (jakecastelli) [#​59642](nodejs/node#59642) - \[[`61d0a2d1ba`](nodejs/node@61d0a2d1ba)] - **doc**: fix filehandle.read typo (Ruy Adorno) [#​59635](nodejs/node#59635) - \[[`3276bfa0d0`](nodejs/node@3276bfa0d0)] - **doc**: update migration recomendations for `util.is**()` deprecations (Augustin Mauroy) [#​59269](nodejs/node#59269) - \[[`11de6c7ebb`](nodejs/node@11de6c7ebb)] - **doc**: fix missing link to the Error documentation in the `http` page (Alexander Makarenko) [#​59080](nodejs/node#59080) - \[[`f5b6829bba`](nodejs/node@f5b6829bba)] - **doc,crypto**: add description to the KEM and supports() methods (Filip Skokan) [#​59644](nodejs/node#59644) - \[[`5bfdc7ee74`](nodejs/node@5bfdc7ee74)] - **doc,crypto**: cleanup unlinked and self method references webcrypto.md (Filip Skokan) [#​59608](nodejs/node#59608) - \[[`010458d061`](nodejs/node@010458d061)] - **esm**: populate separate cache for require(esm) in imported CJS (Joyee Cheung) [#​59679](nodejs/node#59679) - \[[`dbe6e63baf`](nodejs/node@dbe6e63baf)] - **esm**: fix missed renaming in ModuleJob.runSync (Joyee Cheung) [#​59724](nodejs/node#59724) - \[[`8eb0d9d834`](nodejs/node@8eb0d9d834)] - **fs**: fix wrong order of file names in cpSync error message (Nicholas Paun) [#​59775](nodejs/node#59775) - \[[`e69be5611f`](nodejs/node@e69be5611f)] - **fs**: fix dereference: false on cpSync (Nicholas Paun) [#​59681](nodejs/node#59681) - \[[`2865d2ac20`](nodejs/node@2865d2ac20)] - **http**: unbreak keepAliveTimeoutBuffer (Robert Nagy) [#​59784](nodejs/node#59784) - \[[`ade1175475`](nodejs/node@ade1175475)] - **http**: use cached '1.1' http version string (Robert Nagy) [#​59717](nodejs/node#59717) - \[[`74a09482de`](nodejs/node@74a09482de)] - **inspector**: undici as shared-library should pass tests (Aras Abbasi) [#​59837](nodejs/node#59837) - \[[`772f8f415a`](nodejs/node@772f8f415a)] - **inspector**: add http2 tracking support (Darshan Sen) [#​59611](nodejs/node#59611) - \[[`3d225572d7`](nodejs/node@3d225572d7)] - ***Revert*** "**lib**: optimize writable stream buffer clearing" (Yoo) [#​59743](nodejs/node#59743) - \[[`4fd213ce73`](nodejs/node@4fd213ce73)] - **lib**: fix isReadable and isWritable return type value (Gabriel Quaresma) [#​59089](nodejs/node#59089) - \[[`39befddb87`](nodejs/node@39befddb87)] - **lib**: prefer TypedArrayPrototype primordials (Filip Skokan) [#​59766](nodejs/node#59766) - \[[`0748160d2e`](nodejs/node@0748160d2e)] - **lib**: fix DOMException subclass support (Chengzhong Wu) [#​59680](nodejs/node#59680) - \[[`1a93df808c`](nodejs/node@1a93df808c)] - **lib**: revert to using default derived class constructors (René) [#​59650](nodejs/node#59650) - \[[`bb0755df37`](nodejs/node@bb0755df37)] - **meta**: bump `codecov/codecov-action` (dependabot\[bot]) [#​59726](nodejs/node#59726) - \[[`45d148d9be`](nodejs/node@45d148d9be)] - **meta**: bump actions/download-artifact from 4.3.0 to 5.0.0 (dependabot\[bot]) [#​59729](nodejs/node#59729) - \[[`01b66b122e`](nodejs/node@01b66b122e)] - **meta**: bump github/codeql-action from 3.29.2 to 3.30.0 (dependabot\[bot]) [#​59728](nodejs/node#59728) - \[[`34f7ab5502`](nodejs/node@34f7ab5502)] - **meta**: bump actions/cache from 4.2.3 to 4.2.4 (dependabot\[bot]) [#​59727](nodejs/node#59727) - \[[`5806ea02af`](nodejs/node@5806ea02af)] - **meta**: bump actions/checkout from 4.2.2 to 5.0.0 (dependabot\[bot]) [#​59725](nodejs/node#59725) - \[[`f667215583`](nodejs/node@f667215583)] - **path**: refactor path joining logic for clarity and performance (Lee Jiho) [#​59781](nodejs/node#59781) - \[[`0340fe92a6`](nodejs/node@0340fe92a6)] - **repl**: do not cause side effects in tab completion (Anna Henningsen) [#​59774](nodejs/node#59774) - \[[`a414c1eb51`](nodejs/node@a414c1eb51)] - **repl**: fix REPL completion under unary expressions (Kingsword) [#​59744](nodejs/node#59744) - \[[`c206f8dd87`](nodejs/node@c206f8dd87)] - **repl**: add isValidParentheses check before wrap input (Xuguang Mei) [#​59607](nodejs/node#59607) - \[[`0bf9775ee2`](nodejs/node@0bf9775ee2)] - **sea**: implement sea.getAssetKeys() (Joyee Cheung) [#​59661](nodejs/node#59661) - \[[`bf26b478d8`](nodejs/node@bf26b478d8)] - **sea**: allow using inspector command line flags with SEA (Joyee Cheung) [#​59568](nodejs/node#59568) - \[[`92128a8fe2`](nodejs/node@92128a8fe2)] - **src**: use DictionaryTemplate for node\_url\_pattern (James M Snell) [#​59802](nodejs/node#59802) - \[[`bcb29fb84f`](nodejs/node@bcb29fb84f)] - **src**: correctly report memory changes to V8 (Yaksh Bariya) [#​59623](nodejs/node#59623) - \[[`44c24657d3`](nodejs/node@44c24657d3)] - **src**: fixup node\_messaging error handling (James M Snell) [#​59792](nodejs/node#59792) - \[[`2cd6a3b7ec`](nodejs/node@2cd6a3b7ec)] - **src**: track async resources via pointers to stack-allocated handles (Anna Henningsen) [#​59704](nodejs/node#59704) - \[[`34d752586f`](nodejs/node@34d752586f)] - **src**: fix build on NetBSD (Thomas Klausner) [#​59718](nodejs/node#59718) - \[[`15fa779ac5`](nodejs/node@15fa779ac5)] - **src**: fix race on process exit and off thread CA loading (Chengzhong Wu) [#​59632](nodejs/node#59632) - \[[`15cbd3966a`](nodejs/node@15cbd3966a)] - **src**: separate module.hasAsyncGraph and module.hasTopLevelAwait (Joyee Cheung) [#​59675](nodejs/node#59675) - \[[`88d1ca8990`](nodejs/node@88d1ca8990)] - **src**: use non-deprecated Get/SetPrototype methods (Michaël Zasso) [#​59671](nodejs/node#59671) - \[[`56ac9a2d46`](nodejs/node@56ac9a2d46)] - **src**: migrate WriteOneByte to WriteOneByteV2 (Chengzhong Wu) [#​59634](nodejs/node#59634) - \[[`3d88aa9f2f`](nodejs/node@3d88aa9f2f)] - **src**: remove duplicate code (theanarkh) [#​59649](nodejs/node#59649) - \[[`0718a70b2a`](nodejs/node@0718a70b2a)] - **src**: add name for more threads (theanarkh) [#​59601](nodejs/node#59601) - \[[`0379a8b254`](nodejs/node@0379a8b254)] - **src**: remove JSONParser (Joyee Cheung) [#​59619](nodejs/node#59619) - \[[`90d0a1b2e9`](nodejs/node@90d0a1b2e9)] - **src,sqlite**: refactor value conversion (Edy Silva) [#​59659](nodejs/node#59659) - \[[`5e025c7ca7`](nodejs/node@5e025c7ca7)] - **stream**: replace manual function validation with validateFunction (방진혁) [#​59529](nodejs/node#59529) - \[[`155a999bed`](nodejs/node@155a999bed)] - **test**: skip tests failing when run under root (Livia Medeiros) [#​59779](nodejs/node#59779) - \[[`6313706c69`](nodejs/node@6313706c69)] - **test**: update WPT for urlpattern to [`cff1ac1`](nodejs/node@cff1ac1123) (Node.js GitHub Bot) [#​59602](nodejs/node#59602) - \[[`41245ad4c7`](nodejs/node@41245ad4c7)] - **test**: skip more sea tests on Linux ppc64le (Richard Lau) [#​59755](nodejs/node#59755) - \[[`df63d37ec4`](nodejs/node@df63d37ec4)] - **test**: fix internet/test-dns (Michaël Zasso) [#​59660](nodejs/node#59660) - \[[`1f6c335e82`](nodejs/node@1f6c335e82)] - **test**: mark test-inspector-network-fetch as flaky again (Joyee Cheung) [#​59640](nodejs/node#59640) - \[[`1798683df1`](nodejs/node@1798683df1)] - **test**: skip test-fs-cp\* tests that are constantly failing on Windows (Joyee Cheung) [#​59637](nodejs/node#59637) - \[[`4c48ec09e5`](nodejs/node@4c48ec09e5)] - **test**: deflake test-http-keep-alive-empty-line (Luigi Pinca) [#​59595](nodejs/node#59595) - \[[`dcdb259e85`](nodejs/node@dcdb259e85)] - **test\_runner**: fix todo inheritance (Moshe Atlow) [#​59721](nodejs/node#59721) - \[[`24177973a2`](nodejs/node@24177973a2)] - **test\_runner**: set mock timer's interval undefined (hotpineapple) [#​59479](nodejs/node#59479) - \[[`83d11f8a7a`](nodejs/node@83d11f8a7a)] - **tools**: print appropriate output when test aborted (hotpineapple) [#​59794](nodejs/node#59794) - \[[`1eca2cc548`](nodejs/node@1eca2cc548)] - **tools**: use sparse checkout in `build-tarball.yml` (Antoine du Hamel) [#​59788](nodejs/node#59788) - \[[`89fa1a929d`](nodejs/node@89fa1a929d)] - **tools**: remove unused actions from `build-tarball.yml` (Antoine du Hamel) [#​59787](nodejs/node#59787) - \[[`794ca3511d`](nodejs/node@794ca3511d)] - **tools**: do not attempt to compress tgz archive (Antoine du Hamel) [#​59785](nodejs/node#59785) - \[[`377bdb9b7e`](nodejs/node@377bdb9b7e)] - **tools**: add v8windbg target (Chengzhong Wu) [#​59767](nodejs/node#59767) - \[[`6696d1d6c9`](nodejs/node@6696d1d6c9)] - **tools**: improve error handling in node\_mksnapshot (James M Snell) [#​59437](nodejs/node#59437) - \[[`8dbd0f13e8`](nodejs/node@8dbd0f13e8)] - **tools**: add sccache to `test-internet` workflow (Antoine du Hamel) [#​59720](nodejs/node#59720) - \[[`6523c2d7d9`](nodejs/node@6523c2d7d9)] - **tools**: update gyp-next to 0.20.4 (Node.js GitHub Bot) [#​59690](nodejs/node#59690) - \[[`19d633f40c`](nodejs/node@19d633f40c)] - **tools**: add script to make reviewing backport MRs easier (Antoine du Hamel) [#​59161](nodejs/node#59161) - \[[`15e547b3a4`](nodejs/node@15e547b3a4)] - **typings**: add typing for 'uv' (방진혁) [#​59606](nodejs/node#59606) - \[[`ad5cfcc901`](nodejs/node@ad5cfcc901)] - **typings**: add missing properties in ConfigBinding (Lee Jiho) [#​59585](nodejs/node#59585) - \[[`70d2d6d479`](nodejs/node@70d2d6d479)] - **url**: add err.input to ERR\_INVALID\_FILE\_URL\_PATH (Joyee Cheung) [#​59730](nodejs/node#59730) - \[[`e476e43c17`](nodejs/node@e476e43c17)] - **util**: fix numericSeparator with negative fractional numbers (sangwook) [#​59379](nodejs/node#59379) - \[[`b2e8f40d15`](nodejs/node@b2e8f40d15)] - **util**: remove unnecessary template strings (btea) [#​59201](nodejs/node#59201) - \[[`6f79450ea2`](nodejs/node@6f79450ea2)] - **util**: remove outdated TODO comment (haramjeong) [#​59760](nodejs/node#59760) - \[[`32731432ef`](nodejs/node@32731432ef)] - **util**: use getOptionValue('--no-deprecation') in deprecated() (haramjeong) [#​59760](nodejs/node#59760) - \[[`65e4e68c90`](nodejs/node@65e4e68c90)] - **util**: hide duplicated stack frames when using util.inspect (Ruben Bridgewater) [#​59447](nodejs/node#59447) - \[[`2086f3365f`](nodejs/node@2086f3365f)] - **vm**: sync-ify SourceTextModule linkage (Chengzhong Wu) [#​59000](nodejs/node#59000) - \[[`c16163511d`](nodejs/node@c16163511d)] - **wasi**: fix `clean` target in `test/wasi/Makefile` (Antoine du Hamel) [#​59576](nodejs/node#59576) - \[[`2e54411cb6`](nodejs/node@2e54411cb6)] - **worker**: optimize cpu profile implement (theanarkh) [#​59683](nodejs/node#59683) - \[[`d6d05ba397`](nodejs/node@d6d05ba397)] - **(SEMVER-MINOR)** **worker**: add cpu profile APIs for worker (theanarkh) [#​59428](nodejs/node#59428) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45OS45IiwidXBkYXRlZEluVmVyIjoiNDEuOTkuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
richardlau
added
the
dont-land-on-v22.x
|
Marking as dont-land-on-v22.x as it appears to need newer version of V8 than is in Node.js 22. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Calling
V8::ExternalMemoryAccounter::Increasewith a signed integer on32-bit platforms causes instances where GC inside GC takes place leading
to a crash in certain cases.
During GC, native objects are destructed. In destructor for
CompressionStreamclass used by zlib, memory release information ispassed onto
V8::ExternalMemoryAccounter::Increase()instead ofV8::ExternalMemoryAccounter::Decrease()which triggers V8's memorylimits, thus triggering GC inside GC which leads to crash.
Bug initially introduced in commit
1d5d7b6
For full report see https://hackerone.com/reports/3302484