what stackpulse tracks
Node.js releases from GitHub
StackPulse watches Node.js release notes and keeps the original source link close to every summary.
#stacks/nodejs/runtime
Node.js release notes, breaking changes, and upgrade notes.
JavaScript runtime built on Chrome’s V8 engine StackPulse turns upstream changelogs into scannable summaries with risky changes, deprecations, migration notes, and source links.
releases
11
breaking
1
security
6
deprecated
0
migrations
0
upgrade risk
Breaking changes and deprecations
Risky changes are separated from normal feature notes so you can scan upgrade impact before changing production dependencies.
migration notes
Source-backed next steps
Migration steps and recommended actions are only shown when the upstream release notes support them.
# latest_releases
source-backedv22.23.0criticalbreakingsecurityJun 18, 2026
2026-06-18, Version 22.23.0 'Jod' (LTS), @aduh95
This release focuses on addressing multiple security vulnerabilities across various modules, including TLS, crypto, DNS, HTTP/2, and permissions. Several high and medium severity CVEs have been patched to improve security and stability.
affected
Users relying on HTTP/2 priority signaling or affected by the listed CVEs should upgrade immediately.
action
Upgrade to version 22.23.0 to address security vulnerabilities and breaking changes.
release_signals
-http2: remove support for priority signaling (Matteo Collina) – This is a breaking change for applications relying on HTTP/2 priority signaling.
!(CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
!(CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
!(CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
!(CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
!(CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium