Update product-os/flowzone action to v22.9.22

[klutchell-renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
product-os/flowzone	action	patch	v22.9.3 → v22.9.22

---

Release Notes

product-os/flowzone (product-os/flowzone)

v22.9.22

Compare Source

Update product-os/setup-awscli-action action to v0.0.34

Notable changes

• Update actions/cache action to v5 [balena-renovate[bot]]
• Revert flowzone pinning to master [Kyle Harding]
• Update crazy-max/ghaction-import-gpg action to v7 [balena-renovate[bot]]
• Update product-os/flowzone digest to 8ea01d3 [balena-renovate[bot]]

product-os/setup-awscli-action (product-os/setup-awscli-action)

v0.0.34

Compare Source

(2026-03-27)

• Update actions/cache action to v5 [balena-renovate[bot]]

v0.0.33

Compare Source

(2026-03-27)

• Revert flowzone pinning to master [Kyle Harding]

v0.0.32

Compare Source

(2026-03-27)

• Update crazy-max/ghaction-import-gpg action to v7 [balena-renovate[bot]]

v0.0.31

Compare Source

(2026-03-27)

• Update product-os/flowzone digest to 8ea01d3 [balena-renovate[bot]]

List of commits

4c3108d (Update product-os/setup-awscli-action action to v0.0.34, 2026-03-27)

v22.9.21

Compare Source

Update product-os/setup-awscli-action action to v0.0.30

Notable changes

• Update product-os/flowzone digest to 3eb3c97 [balena-renovate[bot]]
• Update product-os/flowzone digest to 7b49c1e [balena-renovate[bot]]

product-os/setup-awscli-action (product-os/setup-awscli-action)

v0.0.30

Compare Source

(2026-03-26)

• Update product-os/flowzone digest to 3eb3c97 [balena-renovate[bot]]
• Update product-os/flowzone digest to 7b49c1e [balena-renovate[bot]]

List of commits

2c62191 (Update product-os/setup-awscli-action action to v0.0.30, 2026-03-26)

v22.9.20

Compare Source

Update product-os/setup-awscli-action action to v0.0.29

Notable changes

• Update product-os/flowzone digest to 8d926e2 [balena-renovate[bot]]

product-os/setup-awscli-action (product-os/setup-awscli-action)

v0.0.29

Compare Source

(2026-03-26)

• Update product-os/flowzone digest to 8d926e2 [balena-renovate[bot]]

List of commits

76179a0 (Update product-os/setup-awscli-action action to v0.0.29, 2026-03-26)

v22.9.19

Compare Source

Update product-os/setup-awscli-action action to v0.0.28

Notable changes

• Update product-os/flowzone digest to 20a58d6 [balena-renovate[bot]]

product-os/setup-awscli-action (product-os/setup-awscli-action)

v0.0.28

Compare Source

(2026-03-26)

• Update product-os/flowzone digest to 20a58d6 [balena-renovate[bot]]

List of commits

fcf3ffe (Update product-os/setup-awscli-action action to v0.0.28, 2026-03-26)

v22.9.18

Compare Source

Update product-os/setup-awscli-action action to v0.0.27

Notable changes

• Update product-os/flowzone digest to 7b1359d [balena-renovate[bot]]

product-os/setup-awscli-action (product-os/setup-awscli-action)

v0.0.27

Compare Source

(2026-03-26)

• Update product-os/flowzone digest to 7b1359d [balena-renovate[bot]]

List of commits

4055711 (Update product-os/setup-awscli-action action to v0.0.27, 2026-03-26)

v22.9.17

Compare Source

Update product-os/setup-awscli-action action to v0.0.26

Notable changes

• Update product-os/flowzone digest to 7b87702 [balena-renovate[bot]]

product-os/setup-awscli-action (product-os/setup-awscli-action)

v0.0.26

Compare Source

(2026-03-26)

• Update product-os/flowzone digest to 7b87702 [balena-renovate[bot]]

List of commits

d167c3f (Update product-os/setup-awscli-action action to v0.0.26, 2026-03-26)

v22.9.16

Compare Source

Update product-os/setup-awscli-action action to v0.0.25

Notable changes

• Update product-os/flowzone digest to cc9836f [balena-renovate[bot]]

product-os/setup-awscli-action (product-os/setup-awscli-action)

v0.0.25

Compare Source

(2026-03-26)

• Update product-os/flowzone digest to cc9836f [balena-renovate[bot]]

List of commits

314e4bb (Update product-os/setup-awscli-action action to v0.0.25, 2026-03-26)

v22.9.15

Compare Source

Update product-os/setup-awscli-action action to v0.0.24

Notable changes

• Update product-os/flowzone digest to b79645a [balena-renovate[bot]]

product-os/setup-awscli-action (product-os/setup-awscli-action)

v0.0.24

Compare Source

(2026-03-26)

• Update product-os/flowzone digest to b79645a [balena-renovate[bot]]

List of commits

915f4ae (Update product-os/setup-awscli-action action to v0.0.24, 2026-03-26)

v22.9.14

Compare Source

Update product-os/setup-awscli-action action to v0.0.23

Notable changes

• Update product-os/flowzone digest to 4815186 [balena-renovate[bot]]
• Update product-os/flowzone digest to 267495d [balena-renovate[bot]]
• Update product-os/flowzone digest to f955793 [balena-renovate[bot]]
• Update product-os/flowzone digest to 8b1df62 [balena-renovate[bot]]
• Update product-os/flowzone digest to 8674dc5 [balena-renovate[bot]]
• Update product-os/flowzone digest to eb703ea [balena-renovate[bot]]
• Pin product-os/flowzone action to 54776e8 [balena-renovate[bot]]

product-os/setup-awscli-action (product-os/setup-awscli-action)

v0.0.23

Compare Source

(2026-03-26)

• Update product-os/flowzone digest to 4815186 [balena-renovate[bot]]

v0.0.22

Compare Source

(2026-03-26)

• Update product-os/flowzone digest to 267495d [balena-renovate[bot]]

v0.0.21

Compare Source

(2026-03-25)

• Update product-os/flowzone digest to f955793 [balena-renovate[bot]]

v0.0.20

Compare Source

(2026-03-25)

• Update product-os/flowzone digest to 8b1df62 [balena-renovate[bot]]

v0.0.19

Compare Source

(2026-03-25)

• Update product-os/flowzone digest to 8674dc5 [balena-renovate[bot]]

v0.0.18

Compare Source

(2026-03-25)

• Update product-os/flowzone digest to eb703ea [balena-renovate[bot]]

v0.0.17

Compare Source

(2026-03-24)

• Pin product-os/flowzone action to 54776e8 [balena-renovate[bot]]

List of commits

652251e (Update product-os/setup-awscli-action action to v0.0.23, 2026-03-26)

v22.9.13

Compare Source

Update dependency node to v24.14.1

Notable changes

• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
• (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
• (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low
• [6fae244080] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#828
• [cc0910c62e] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) nodejs-private/node-private#822
• [80cb042cf3] - deps: update undici to 7.24.4 (Node.js GitHub Bot) #​62271
• [f5b8667dc2] - deps: update undici to 7.24.3 (Node.js GitHub Bot) #​62233
• [08852637d9] - deps: update undici to 7.22.0 (Node.js GitHub Bot) #​62035
• [61097db9fb] - deps: upgrade npm to 11.11.0 (npm team) #​61994
• [9ac0f9f81e] - deps: upgrade npm to 11.10.1 (npm team) #​61892
• [3dab3c4698] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [87521e99d1] - deps: V8: backport 1361b2a (Joyee Cheung) nodejs-private/node-private#828
• [045013366f] - deps: V8: backport 185f0fe (Joyee Cheung) nodejs-private/node-private#828
• [af22629ea8] - deps: V8: backport 0a8b1cd (snek) nodejs-private/node-private#828
• [380ea72eef] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [d6b6051e08] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
• [bfdecef9da] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
• [c015edf313] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cba66c48a5] - (CVE-2026-21712) src: handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816
• [df8fbfb93d] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

nodejs/node (node)

v24.14.1: 2026-03-24, Version 24.14.1 'Krypton' (LTS), @​&#​8203;RafaelGSS prepared by @​&#​8203;juanarbol

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
• (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
• (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low

Commits

• [6fae244080] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#828
• [cc0910c62e] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) nodejs-private/node-private#822
• [80cb042cf3] - deps: update undici to 7.24.4 (Node.js GitHub Bot) #​62271
• [f5b8667dc2] - deps: update undici to 7.24.3 (Node.js GitHub Bot) #​62233
• [08852637d9] - deps: update undici to 7.22.0 (Node.js GitHub Bot) #​62035
• [61097db9fb] - deps: upgrade npm to 11.11.0 (npm team) #​61994
• [9ac0f9f81e] - deps: upgrade npm to 11.10.1 (npm team) #​61892
• [3dab3c4698] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [87521e99d1] - deps: V8: backport 1361b2a (Joyee Cheung) nodejs-private/node-private#828
• [045013366f] - deps: V8: backport 185f0fe (Joyee Cheung) nodejs-private/node-private#828
• [af22629ea8] - deps: V8: backport 0a8b1cd (snek) nodejs-private/node-private#828
• [380ea72eef] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [d6b6051e08] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
• [bfdecef9da] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
• [c015edf313] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cba66c48a5] - (CVE-2026-21712) src: handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816
• [df8fbfb93d] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

List of commits

e9bbb16 (Update dependency node to v24.14.1, 2026-03-26)

v22.9.12

Compare Source

Update dependency node-22 to v22.22.2

Notable changes

• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) - Medium
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
• (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low
• [6f14ee5101] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#809
• [52a52ef619] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#822
• [30a3ab11e2] - (CVE-2026-21717) deps: V8: cherry-pick aac14dd (Joyee Cheung) nodejs-private/node-private#809
• [e3f4d6a42e] - (CVE-2026-21717) deps: V8: backport 1361b2a (Joyee Cheung) nodejs-private/node-private#809
• [7dc00fa5f4] - (CVE-2026-21717) deps: V8: backport 185f0fe (Joyee Cheung) nodejs-private/node-private#809
• [076acd052d] - (CVE-2026-21717) deps: V8: backport 0a8b1cd (snek) nodejs-private/node-private#809
• [963c60a951] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [a688117d5d] - deps: upgrade npm to 10.9.7 (npm team) #​62330
• [859c8c761b] - deps: update undici to v6.24.1 (Matteo Collina) #​62285
• [d5ed384a2f] - deps: upgrade npm to 10.9.6 (npm team) #​62215
• [a2fe9fd81a] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [73deff77c1] - lib: backport _tls_common and _tls_wrap refactors (Dario Piotrowicz) #​57643
• [06fc3436f6] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
• [db48d9c675] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
• [2a6105a63b] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [91b970886f] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

nodejs/node (node-22)

v22.22.2: 2026-03-24, Version 22.22.2 'Jod' (LTS), @​&#​8203;RafaelGSS prepared by @​&#​8203;aduh95

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) - Medium
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
• (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low

Commits

• [6f14ee5101] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#809
• [52a52ef619] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#822
• [30a3ab11e2] - (CVE-2026-21717) deps: V8: cherry-pick aac14dd (Joyee Cheung) nodejs-private/node-private#809
• [e3f4d6a42e] - (CVE-2026-21717) deps: V8: backport 1361b2a (Joyee Cheung) nodejs-private/node-private#809
• [7dc00fa5f4] - (CVE-2026-21717) deps: V8: backport 185f0fe (Joyee Cheung) nodejs-private/node-private#809
• [076acd052d] - (CVE-2026-21717) deps: V8: backport 0a8b1cd (snek) nodejs-private/node-private#809
• [963c60a951] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [a688117d5d] - deps: upgrade npm to 10.9.7 (npm team) #​62330
• [859c8c761b] - deps: update undici to v6.24.1 (Matteo Collina) #​62285
• [d5ed384a2f] - deps: upgrade npm to 10.9.6 (npm team) #​62215
• [a2fe9fd81a] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [73deff77c1] - lib: backport _tls_common and _tls_wrap refactors (Dario Piotrowicz) #​57643
• [06fc3436f6] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
• [db48d9c675] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
• [2a6105a63b] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [91b970886f] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

List of commits

8e6ed4d (Update dependency node-22 to v22.22.2, 2026-03-26)

v22.9.11

Compare Source

Update dependency node-24 to v24.14.1

Notable changes

• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
• (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
• (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low
• [6fae244080] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#828
• [cc0910c62e] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) nodejs-private/node-private#822
• [80cb042cf3] - deps: update undici to 7.24.4 (Node.js GitHub Bot) #​62271
• [f5b8667dc2] - deps: update undici to 7.24.3 (Node.js GitHub Bot) #​62233
• [08852637d9] - deps: update undici to 7.22.0 (Node.js GitHub Bot) #​62035
• [61097db9fb] - deps: upgrade npm to 11.11.0 (npm team) #​61994
• [9ac0f9f81e] - deps: upgrade npm to 11.10.1 (npm team) #​61892
• [3dab3c4698] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [87521e99d1] - deps: V8: backport 1361b2a (Joyee Cheung) nodejs-private/node-private#828
• [045013366f] - deps: V8: backport 185f0fe (Joyee Cheung) nodejs-private/node-private#828
• [af22629ea8] - deps: V8: backport 0a8b1cd (snek) nodejs-private/node-private#828
• [380ea72eef] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [d6b6051e08] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
• [bfdecef9da] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
• [c015edf313] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cba66c48a5] - (CVE-2026-21712) src: handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816
• [df8fbfb93d] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

nodejs/node (node-24)

v24.14.1: 2026-03-24, Version 24.14.1 'Krypton' (LTS), @​&#​8203;RafaelGSS prepared by @​&#​8203;juanarbol

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
• (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
• (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low

Commits

• [6fae244080] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#828
• [cc0910c62e] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) nodejs-private/node-private#822
• [80cb042cf3] - deps: update undici to 7.24.4 (Node.js GitHub Bot) #​62271
• [f5b8667dc2] - deps: update undici to 7.24.3 (Node.js GitHub Bot) #​62233
• [08852637d9] - deps: update undici to 7.22.0 (Node.js GitHub Bot) #​62035
• [61097db9fb] - deps: upgrade npm to 11.11.0 (npm team) #​61994
• [9ac0f9f81e] - deps: upgrade npm to 11.10.1 (npm team) #​61892
• [3dab3c4698] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [87521e99d1] - deps: V8: backport 1361b2a (Joyee Cheung) nodejs-private/node-private#828
• [045013366f] - deps: V8: backport 185f0fe (Joyee Cheung) nodejs-private/node-private#828
• [af22629ea8] - deps: V8: backport 0a8b1cd (snek) nodejs-private/node-private#828
• [380ea72eef] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [d6b6051e08] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
• [bfdecef9da] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
• [c015edf313] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cba66c48a5] - (CVE-2026-21712) src: handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816
• [df8fbfb93d] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

List of commits

31ccb36 (Update dependency node-24 to v24.14.1, 2026-03-25)

v22.9.10

Compare Source

Update dependency node to v20.20.2

Notable changes

• (CVE-2026-21717) fix array index hash collision (Joyee Cheung)
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan)
• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina)
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS)pull/795>
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS)
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS)
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina)
• [cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831
• [f333d0be5f] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [2acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #​62285
• [af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#834
• [00ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [0123309566] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#840
• [00830712bc] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#838
• [a0c73425da] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cc3f294507] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#839

nodejs/node (node)

v20.20.2: 2026-03-24, Version 20.20.2 'Iron' (LTS), @​&#​8203;marco-ippolito

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-21717) fix array index hash collision (Joyee Cheung)
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan)
• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina)
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS)pull/795>
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS)
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS)
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina)

Commits

• [cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831
• [f333d0be5f] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [2acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #​62285
• [af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#834
• [00ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [0123309566] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#840
• [00830712bc] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#838
• [a0c73425da] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cc3f294507] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#839

List of commits

becc6a7 (Update dependency node to v20.20.2, 2026-03-25)

v22.9.9

Compare Source

Update dependency yaml to v2.8.3 [SECURITY]

Notable changes

• Add trailingComma ToString option for multiline flow formatting (#​670)
• Catch stack overflow during node composition (1e84ebb)

eemeli/yaml (yaml)

v2.8.3

Compare Source

• Add trailingComma ToString option for multiline flow formatting (#​670)
• Catch stack overflow during node composition (1e84ebb)

List of commits

8dbc121 (Update dependency yaml to v2.8.3 [SECURITY], 2026-03-25)

v22.9.8

Compare Source

8d4c5f6 (Pin dependencies, 2026-03-25)

v22.9.7

Compare Source

Update pre-commit hook renovatebot/pre-commit-hooks to v43.91.2

Notable changes

renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)

v43.91.2

Compare Source

See https://github.com/renovatebot/renovate/releases/tag/43.91.2 for more changes

v43.91.1

Compare Source

See https://github.com/renovatebot/renovate/releases/tag/43.91.1 for more changes

v43.90.1

Compare Source

See https://github.com/renovatebot/renovate/releases/tag/43.90.1 for more changes

v43.90.0

Compare Source

See https://github.com/renovatebot/renovate/releases/tag/43.90.0 for more changes

v43.89.8

Compare Source

See https://github.com/renovatebot/renovate/releases/tag/43.89.8 for more changes

v43.89.7

Compare Source

See https://github.com/renovatebot/renovate/releases/tag/43.89.7 for more changes

v43.89.6

Compare Source

See https://github.com/renovatebot/renovate/releases/tag/43.89.6 for more changes

v43.89.5

Compare Source

See https://github.com/renovatebot/renovate/releases/tag/43.89.5 for more changes

v43.89.4

Compare Source

See <https://github.com/renovatebot/renovate/releases/tag/4

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.