nodejs
diff --git a/‎.github/workflows/commit-lint.yml‎
Lines changed: 5 additions & 1 deletion b/‎.github/workflows/commit-lint.yml‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎.github/workflows/linters.yml‎
Lines changed: 6 additions & 1 deletion b/‎.github/workflows/linters.yml‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎.github/workflows/notify-on-push.yml‎
Lines changed: 4 additions & 8 deletions b/‎.github/workflows/notify-on-push.yml‎
Lines changed: 4 additions & 8 deletions
diff --git a/‎.github/workflows/timezone-update.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/timezone-update.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/tools.yml‎
Lines changed: 0 additions & 8 deletions b/‎.github/workflows/tools.yml‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎BUILDING.md‎
Lines changed: 2 additions & 4 deletions b/‎BUILDING.md‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 24 additions & 15 deletions b/‎CHANGELOG.md‎
Lines changed: 24 additions & 15 deletions
diff --git a/‎Makefile‎
Lines changed: 7 additions & 3 deletions b/‎Makefile‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎SECURITY.md‎
Lines changed: 21 additions & 16 deletions b/‎SECURITY.md‎
Lines changed: 21 additions & 16 deletions
diff --git a/‎benchmark/buffers/buffer-bytelength-string.js‎
Lines changed: 1 addition & 1 deletion b/‎benchmark/buffers/buffer-bytelength-string.js‎
Lines changed: 1 addition & 1 deletion
@@ -1,6 +1,10 @@
 name: First commit message adheres to guidelines
 
-on: [pull_request]
+on:
+  pull_request:
+    branches:
+      - main
+      - v[0-9]+.x-staging
 
 env:
   NODE_VERSION: lts/*
 
@@ -154,7 +154,12 @@ jobs:
         run: |
           nix-shell -I nixpkgs=./tools/nix/pkgs.nix -p 'nixfmt-tree' --run '
             treefmt --quiet --ci
-          ' || git --no-pager diff --exit-code
+          ' && EXIT_CODE="$?" || EXIT_CODE="$?"
+          if [ "$EXIT_CODE" != "0" ]
+          then
+            git --no-pager diff || true
+            exit "$EXIT_CODE"
+          fi
 
   lint-py:
     if: github.event.pull_request.draft == false
 
@@ -30,20 +30,16 @@ jobs:
 
   validateCommitMessage:
     name: Notify on Push on `main` with invalid message
-    if: github.repository == 'nodejs/node'
     # cannot use ubuntu-slim here because rtCamp/action-slack-notify is dockerized
     runs-on: ubuntu-24.04-arm
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
-        with:
-          persist-credentials: false
-      - name: Check commit message
+      - name: Validate commits
+        run: echo "$COMMITS" | npx -q core-validate-commit -
         id: commit-check
-        run: npx -q core-validate-commit "$COMMIT"
         env:
-          COMMIT: ${{ github.event.after }}
+          COMMITS: ${{ toJSON(github.event.commits) }}
       - name: Slack Notification
-        if: ${{ failure() && steps.commit-check.conclusion == 'failure' }}
+        if: ${{ failure() && steps.commit-check.conclusion == 'failure' && github.repository == 'nodejs/node' }}
         uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661  # 2.3.3
         env:
           SLACK_COLOR: '#DE512A'
 
@@ -57,7 +57,7 @@ jobs:
         with:
           author: Node.js GitHub Bot <github-bot@iojs.org>
           body: |
-            This PR was generated by tools/timezone-update.yml.
+            This PR was generated by `.github/workflows/timezone-update.yml` and `tools/update-timezone.mjs`.
 
             Updates the ICU files as per the instructions present in https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-icu.md#time-zone-data
 
 
@@ -122,14 +122,6 @@ jobs:
             run: |
               make corepack-update
               echo "NEW_VERSION=$(node deps/corepack/dist/corepack.js --version)" >> $GITHUB_ENV
-          - id: doc-kit
-            subsystem: tools
-            label: tools
-            run: |
-              ./tools/dep_updaters/update-doc.sh > temp-output
-              cat temp-output
-              tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
-              rm temp-output
           - id: googletest
             subsystem: deps
             label: dependencies, test
 
@@ -404,11 +404,9 @@ If you are running tests before submitting a pull request, use:
 make -j4 test
 ```
 
-`make -j4 test` does a full check on the codebase, including running linters and
-documentation tests.
+`make -j4 test` does a full check on the codebase, including documentation tests.
 
-To run the linter without running tests, use
-`make lint`/`vcbuild lint`. It will lint JavaScript, C++, and Markdown files.
+To run the linter, use `make lint`/`vcbuild lint`. It will lint JavaScript, C++, and Markdown files.
 
 To fix auto fixable JavaScript linting errors, use `make lint-js-fix`.
 
 
@@ -41,7 +41,10 @@ release.
 </tr>
 <tr>
   <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V25.md#25.8.0">25.8.0</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V25.md#25.9.0">25.9.0</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V25.md#25.8.2">25.8.2</a><br/>
+<a href="doc/changelogs/CHANGELOG_V25.md#25.8.1">25.8.1</a><br/>
+<a href="doc/changelogs/CHANGELOG_V25.md#25.8.0">25.8.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V25.md#25.7.0">25.7.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V25.md#25.6.1">25.6.1</a><br/>
 <a href="doc/changelogs/CHANGELOG_V25.md#25.6.0">25.6.0</a><br/>
@@ -54,7 +57,8 @@ release.
 <a href="doc/changelogs/CHANGELOG_V25.md#25.0.0">25.0.0</a><br/>
   </td>
   <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V24.md#24.14.0">24.14.0</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V24.md#24.14.1">24.14.1</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V24.md#24.14.0">24.14.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V24.md#24.13.1">24.13.1</a><br/>
 <a href="doc/changelogs/CHANGELOG_V24.md#24.13.0">24.13.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V24.md#24.12.0">24.12.0</a><br/>
@@ -76,18 +80,22 @@ release.
 <a href="doc/changelogs/CHANGELOG_V24.md#24.0.0">24.0.0</a><br/>
   </td>
   <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V22.md#22.22.1">22.22.1</a></b><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.22.0">22.22.0</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.21.1">22.21.1</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.21.0">22.21.0</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.20.0">22.20.0</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.19.0">22.19.0</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.18.0">22.18.0</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.17.1">22.17.1</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.17.0">22.17.0</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.16.0">22.16.0</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.15.1">22.15.1</a><br/>
-<a href="doc/changelogs/CHANGELOG_V22.md#22.15.0">22.15.0</a><br/>
+<b><a href="doc/changelogs/CHANGELOG_V23.md#23.11.0">23.11.0</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.10.0">23.10.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.9.0">23.9.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.8.0">23.8.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.7.0">23.7.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.6.1">23.6.1</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.6.0">23.6.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.5.0">23.5.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.4.0">23.4.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.3.0">23.3.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.2.0">23.2.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.1.0">23.1.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V23.md#23.0.0">23.0.0</a><br/>
+  </td>
+  <td valign="top">
+<b><a href="doc/changelogs/CHANGELOG_V22.md#22.15.0">22.15.0</a></b><br/>
 <a href="doc/changelogs/CHANGELOG_V22.md#22.14.0">22.14.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V22.md#22.13.1">22.13.1</a><br/>
 <a href="doc/changelogs/CHANGELOG_V22.md#22.13.0">22.13.0</a><br/>
@@ -108,7 +116,8 @@ release.
 <a href="doc/changelogs/CHANGELOG_V22.md#22.0.0">22.0.0</a><br/>
   </td>
   <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V20.md#20.20.1">20.20.1</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V20.md#20.20.2">20.20.2</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V20.md#20.20.1">20.20.1</a><br/>
 <a href="doc/changelogs/CHANGELOG_V20.md#20.20.0">20.20.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V20.md#20.19.6">20.19.6</a><br/>
 <a href="doc/changelogs/CHANGELOG_V20.md#20.19.5">20.19.5</a><br/>
 
@@ -338,7 +338,7 @@ coverage-run-js: ## Run JavaScript tests with coverage.
 
 .PHONY: test
 # This does not run tests of third-party libraries inside deps.
-test: all ## Run default tests, linters, and build docs.
+test: all ## Run default tests and build docs.
 	$(MAKE) -s tooltest
 	$(MAKE) -s build-addons
 	$(MAKE) -s build-js-native-api-tests
@@ -348,7 +348,7 @@ test: all ## Run default tests, linters, and build docs.
 	$(MAKE) -s jstest
 
 .PHONY: test-only
-test-only: all  ## Run default tests, without linters or building the docs.
+test-only: all  ## Run default tests without building the docs.
 	$(MAKE) build-addons
 	$(MAKE) build-js-native-api-tests
 	$(MAKE) build-node-api-tests
@@ -384,7 +384,7 @@ ifeq ($(OSTYPE),os400)
 DOCBUILDSTAMP_PREREQS := $(DOCBUILDSTAMP_PREREQS) out/$(BUILDTYPE)/node.exp
 endif
 
-DOC_KIT ?= tools/doc/node_modules/@nodejs/doc-kit/bin/cli.mjs
+DOC_KIT ?= tools/doc/node_modules/@node-core/doc-kit/bin/cli.mjs
 
 node_use_openssl_and_icu = $(call available-node,"-p" \
 			 "process.versions.openssl != undefined && process.versions.icu != undefined")
@@ -856,6 +856,10 @@ out/doc/api: doc/api
 # Using grouped targets (&:) so Make knows one command produces all outputs
 ifeq ($(OSTYPE),aix)
 # TODO(@nodejs/web-infra): AIX is currently hanging during HTML minification
+$(apidocs_html) $(apidocs_json) out/doc/api/all.html out/doc/api/all.json:
+	@echo "Skipping $@ (not currently supported by $(OSTYPE) machines)"
+else ifeq ($(OSTYPE),os400)
+# TODO(@nodejs/web-infra): IBMi is currently hanging during HTML minification
 $(apidocs_html) $(apidocs_json) out/doc/api/all.html out/doc/api/all.json:
 	@echo "Skipping $@ (not currently supported by $(OSTYPE) machines)"
 else
 
@@ -152,28 +152,33 @@ does not trust is considered a vulnerability:
   the correct use of Node.js APIs.
 * The unavailability of the runtime, including the unbounded degradation of its
   performance.
-* Memory leaks qualify as vulnerabilities when all of the following criteria are met:
-  * The API is being correctly used.
-  * The API doesn't have a warning against its usage in a production environment.
-  * The API is public and documented.
-  * The API is on stable (2.0) status.
-  * The memory leak is significant enough to cause a denial of service quickly
-    or in a context not controlled by the user (for example, HTTP parsing).
-  * The memory leak is directly exploitable by an untrusted source without requiring application mistakes.
-  * The leak cannot be reasonably mitigated through standard operational practices (like process recycling).
-  * The leak occurs deterministically under normal usage patterns rather than edge cases.
-  * The leak occurs at a rate that would cause practical resource exhaustion within a practical timeframe under
-    typical workloads.
-  * The attack demonstrates [asymmetric resource consumption](https://cwe.mitre.org/data/definitions/405.html),
-    where the attacker expends significantly fewer resources than what's required by the server to process the
-    attack. Attacks requiring comparable resources on the attacker's side (which can be mitigated through common
-    practices like rate limiting) may not qualify.
 
 If Node.js loads configuration files or runs code by default (without a
 specific request from the user), and this is not documented, it is considered a
 vulnerability.
 Vulnerabilities related to this case may be fixed by a documentation update.
 
+#### Denial of Service (DoS) vulnerabilities
+
+For a behavior to be considered a DoS vulnerability, the PoC must meet the following criteria:
+
+* The API is being correctly used.
+* The API doesn't have a warning against its usage in a production environment.
+* The API is public and documented. If the API comes from JavaScript, the behavior must be
+  well-defined in the [ECMAScript specification](https://tc39.es/ecma262/).
+* The API has stable (2.0) status.
+* The behavior is significant enough to cause a denial of service quickly
+  or in a context not controlled by the Node.js application developer (for example, HTTP parsing).
+* The behavior is directly exploitable by an untrusted source without requiring application mistakes.
+* The behavior cannot be reasonably mitigated through standard operational practices (like process recycling).
+* The behavior occurs deterministically under normal usage patterns rather than edge cases.
+* The behavior occurs at a rate that would cause practical resource exhaustion within a practical timeframe under
+  typical workloads.
+* The attack demonstrates [asymmetric resource consumption](https://cwe.mitre.org/data/definitions/405.html),
+  where the attacker expends significantly fewer resources than what's required by the server to process the
+  attack. Attacks requiring comparable resources on the attacker's side (which can be mitigated through common
+  practices like rate limiting) may not qualify.
+
 **Node.js does NOT trust**:
 
 * Data received from the remote end of inbound network connections
 
@@ -4,7 +4,7 @@ const common = require('../common');
 const bench = common.createBenchmark(main, {
   type: ['one_byte', 'two_bytes', 'three_bytes',
          'four_bytes', 'latin1'],
-  encoding: ['utf8', 'base64'],
+  encoding: ['utf8', 'base64', 'latin1', 'hex'],
   repeat: [1, 2, 16, 256], // x16
   n: [4e6],
 });