chore(deps): update dependency node to v24.9.0

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Update	Change
node (source)	minor	24.7.0 -> 24.9.0

---

Release Notes

nodejs/node (node)

v24.9.0: 2025-09-25, Version 24.9.0 (Current), @​targos

Compare Source

Notable Changes

• [9b043a9096] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [a6456ab90a] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #​58378
• [5563361d22] - (SEMVER-MINOR) sqlite: add tagged template (0hm☘️) #​58748
• [04013ee933] - (SEMVER-MINOR) worker: add heap profile API (theanarkh) #​59846

Commits

• [cbec4fd6de] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #​59696
• [9a4bbdc3c5] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #​59836
• [0b284d86e8] - build: add the missing macro definitions for OpenHarmony (hqzing) #​59804
• [43e6e54d66] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #​59809
• [039ac19154] - crypto: expose signatureAlgorithm on X509Certificate (Patrick Costa) #​59235
• [647c332704] - crypto: use return await when returning Promises from async functions (Renegade334) #​59841
• [8ed4587cf0] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #​59841
• [bb051c56ef] - crypto: avoid calls to promise.catch() (Renegade334) #​59841
• [05e560dd25] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [fa40d3a785] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [8c85570d18] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [b71125664e] - deps: update undici to 7.16.0 (Node.js GitHub Bot) #​59830
• [dea5dd7077] - dgram: restore buffer optimization in fixBufferList (Yoo) #​59934
• [b0c1e67532] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #​59910
• [0b37b594c3] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #​59954
• [1e723f9c6b] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [a28962a85c] - doc: update V8 fast API guidance (René) #​58999
• [bd767c5d1b] - doc: add security escalation policy (Ulises Gascón) #​59806
• [9df91e59e1] - doc: type improvement of file http.md (yusheng chen) #​58189
• [e4f571680b] - doc: deprecate closing fs.Dir on garbage collection (Livia Medeiros) #​59839
• [e9cb986fa5] - doc: rephrase dynamic import() description (Nam Yooseong) #​59224
• [026d4e33f7] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #​59851
• [2b2591db52] - esm: make hasAsyncGraph non-enumerable (Joyee Cheung) #​59905
• [993f05d323] - fs,win: do not add a second trailing slash in readdir (Gerhard Stöbich) #​59847
• [7aec53b607] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [83ae6102e7] - http: optimize checkIsHttpToken for short strings (방진혁) #​59832
• [6695067636] - http,https: handle IPv6 with proxies (Joyee Cheung) #​59894
• [c5d910a0a9] - http2: fix allowHttp1+Upgrade, broken by shouldUpgradeCallback (Tim Perry) #​59924
• [acada1fb82] - inspector: ensure adequate memory allocation for Binary::toBase64 (René) #​59870
• [396cc8ec65] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #​59687
• [fed1dac8de] - lib: update isDeepStrictEqual to support options (Miguel Marcondes Filho) #​59762
• [d785929fd7] - lib: add source map support for assert messages (Chengzhong Wu) #​59751
• [ff13d1d61e] - lib,src: cache ModuleWrap.hasAsyncGraph (Chengzhong Wu) #​59703
• [b200cd8470] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #​59751
• [e94c57301b] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #​59914
• [728472a57b] - module: only put directly require-d ESM into require.cache (Joyee Cheung) #​59874
• [be48760b93] - node-api: added SharedArrayBuffer api (Mert Can Altin) #​59071
• [f006a14522] - node-api: make napi_delete_reference use node_api_basic_env (Jeetu Suthar) #​59684
• [0f46c1c3b0] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [3eeb7b47ea] - sqlite: fix crash session extension callbacks with workers (Bart Louwers) #​59848
• [0fe53375ec] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #​58378
• [9a3e58a007] - (SEMVER-MINOR) sqlite: add tagged template (0hm☘️) #​58748
• [f14ed5ab7b] - src: simplify watchdog instantiations via std::optional (Anna Henningsen) #​59960
• [e330f03f84] - src: update crypto objects to use DictionaryTemplate (James M Snell) #​59942
• [69b5607cf4] - src: simplify is_callable by making it a concept (Tobias Nießen) #​58169
• [86150f3401] - src: rename private fields to follow naming convention (Moonki Choi) #​59923
• [d17f299539] - src: use DictionaryTemplate more in URLPattern (James M Snell) #​59892
• [ac784912ac] - src: reduce the nearest parent package JSON cache size (Michael Smith) #​59888
• [abecdcb536] - src: replace FIXED_ONE_BYTE_STRING with Environment-cached strings (Moonki Choi) #​59891
• [2bb152500b] - src: create strings in FIXED_ONE_BYTE_STRING as internalized (Anna Henningsen) #​59826
• [03116a7cd8] - src: remove std::array overload of FIXED_ONE_BYTE_STRING (Anna Henningsen) #​59826
• [8a5325d6e3] - src: ensure v8::Eternal is empty before setting it (Anna Henningsen) #​59825
• [f0c20ccd81] - src: remove unnecessary Environment::GetCurrent() calls (Moonki Choi) #​59814
• [213188e491] - stream: use new AsyncResource instead of bind (Matteo Collina) #​59867
• [ce8435b003] - test: testcase demonstrating issue 59541 (Eric Rannaud) #​59801
• [8f32746142] - test: guard write to proxy client if proxy connection is ended (Joyee Cheung) #​59742
• [6790093fcb] - tls: load bundled and extra certificates off-thread (Joyee Cheung) #​59856
• [f5d3f919d8] - tls: only do off-thread certificate loading on loading tls (Joyee Cheung) #​59856
• [87bbaa23a0] - tools: fix tools/make-v8.sh for clang (Richard Lau) #​59893
• [0d23fd525b] - tools: skip test-internet workflow for draft PRs (Michaël Zasso) #​59817
• [e17c73731a] - tools: copyedit build-tarball.yml (Antoine du Hamel) #​59808
• [97c4e1bac9] - typings: remove unused imports (Nam Yooseong) #​59880
• [8b29bbca76] - url: replaced slice with at (Mikhail) #​59181
• [6458867a6b] - url: add type checking to urlToHttpOptions() (simon-id) #​59753
• [3c62b3886f] - util: inspect objects with throwing Symbol.toStringTag (Ruben Bridgewater) #​59860
• [6133a82875] - util: fix debuglog.enabled not being present with callback logger (Ruben Bridgewater) #​59858
• [9347ddddf4] - vm: explain how to share promises between contexts w/ afterEvaluate (Eric Rannaud) #​59801
• [44ce971619] - vm: "afterEvaluate", evaluate() return a promise from the outer context (Eric Rannaud) #​59801
• [6e586a1409] - vm: expose hasTopLevelAwait on SourceTextModule (Chengzhong Wu) #​59865
• [49747a58a3] - (SEMVER-MINOR) worker: add heap profile API (theanarkh) #​59846
• [b970c0bbc2] - zlib: reduce code duplication (jhofstee) #​57810
• [9782ca2b1b] - zlib: implement fast path for crc32 (Gürgün Dayıoğlu) #​59813

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

• Minor version update: Node.js v24.7.0 → v24.9.0 is a minor version bump within the same major release
• New features added: HTTP upgrade callback control, SQLite improvements, Worker heap profiling API
• No breaking changes: All changes are marked as SEMVER-MINOR, indicating backward compatibility
• No security fixes reported: The release notes do not mention any critical security patches
• Internal improvements: Most changes are performance optimizations, bug fixes, and dependency updates

🎯 Impact Scope Investigation

• Mise configuration only: The change only affects mise.toml (Node.js runtime version specification)
• No package.json engines constraint: The project doesn't specify Node.js version requirements in package.json
• CI/CD compatibility: GitHub Actions uses mise-action which will automatically use the updated Node.js version
• Runtime compatibility: The codebase uses basic Node.js APIs (process.argv, console.log) that are stable across minor versions
• Build target: The build script targets "node" generically without version-specific features
• No version-specific dependencies: No usage of newly introduced APIs or deprecated features

💡 Recommended Actions

• Immediate merge: This update is safe to merge without any code modifications
• No migration required: The codebase doesn't use any APIs that would be affected by this update
• CI validation: The existing CI pipeline will automatically validate the new Node.js version
• Monitor: Watch for any unexpected issues after deployment, though none are anticipated

🔗 Reference Links

• Node.js v24.9.0 Release Notes
• GitHub Release
• Node.js v24.x Release Schedule

This update represents a routine maintenance upgrade with new features but no breaking changes. The simple TypeScript CLI application will continue to function identically with the new Node.js version.

Generated by koki-develop/claude-renovate-review