chore: bump node to v16.15.0 (main) (#33947)

* chore: bump node in DEPS to v16.15.0

* chore: update patches

* src: allow preventing InitializeInspector in env

https://github.com/nodejs/node/pull/35025

* chore: update node gn filenames

* crypto: change default check(Host|Email) behavior

* Revert "crypto: change default check(Host|Email) behavior"

This reverts commit 1f1eb23702fe9dfc09470248d6c1a673f42b80fe.

* update node crypto tests to work with boringssl

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <[email protected]>

DEPS

@@ -4,7 +4,7 @@ vars = {
   'chromium_version':
     '102.0.4999.0',
   'node_version':
-    'v16.14.2',
+    'v16.15.0',
   'nan_version':
     # The following commit hash of NAN is v2.14.2 with *only* changes to the
     # test suite. This should be updated to a specific tag when one becomes

patches/node/.patches

@@ -13,7 +13,6 @@ chore_read_nobrowserglobals_from_global_not_process.patch
 enable_31_bit_smis_on_64bit_arch_and_ptr_compression.patch
 fix_handle_boringssl_and_openssl_incompatibilities.patch
 fix_add_v8_enable_reverse_jsargs_defines_in_common_gypi.patch
-fix_allow_preventing_initializeinspector_in_env.patch
 src_allow_embedders_to_provide_a_custom_pageallocator_to.patch
 fix_crypto_tests_to_run_with_bssl.patch
 fix_account_for_debugger_agent_race_condition.patch
@@ -22,7 +21,6 @@ fix_readbarrier_undefined_symbol_error_on_woa_arm64.patch
 chore_fix_-wimplicit-fallthrough.patch
 fix_crash_caused_by_gethostnamew_on_windows_7.patch
 fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch
-fix_don_t_create_console_window_when_creating_process.patch
 fix_serdes_test.patch
 darwin_remove_eprototype_error_workaround_3405.patch
 darwin_translate_eprototype_to_econnreset_3413.patch

patches/node/build_add_gn_build_files.patch

@@ -973,10 +973,10 @@ index 0000000000000000000000000000000000000000..2c9d2826c85bdd033f1df1d6188df636
 +}
 diff --git a/filenames.json b/filenames.json
 new file mode 100644
-index 0000000000000000000000000000000000000000..d2d196a59037ed32800ab6981c6a7424afb63ca5
+index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6de1bd518
 --- /dev/null
 +++ b/filenames.json
-@@ -0,0 +1,612 @@
+@@ -0,0 +1,616 @@
 +// This file is automatically generated by generate_gn_filenames_json.py
 +// DO NOT EDIT
 +{
@@ -1233,6 +1233,7 @@ index 0000000000000000000000000000000000000000..d2d196a59037ed32800ab6981c6a7424
 +    "lib/internal/cluster/primary.js",
 +    "lib/internal/cluster/utils.js",
 +    "lib/internal/cluster/child.js",
++    "lib/internal/webstreams/compression.js",
 +    "lib/internal/webstreams/util.js",
 +    "lib/internal/webstreams/writablestream.js",
 +    "lib/internal/webstreams/readablestream.js",
@@ -1314,6 +1315,7 @@ index 0000000000000000000000000000000000000000..d2d196a59037ed32800ab6981c6a7424
 +    "lib/internal/modules/package_json_reader.js",
 +    "lib/internal/modules/esm/module_job.js",
 +    "lib/internal/modules/esm/assert.js",
++    "lib/internal/modules/esm/fetch_module.js",
 +    "lib/internal/modules/esm/get_source.js",
 +    "lib/internal/modules/esm/translators.js",
 +    "lib/internal/modules/esm/resolve.js",
@@ -1323,6 +1325,7 @@ index 0000000000000000000000000000000000000000..d2d196a59037ed32800ab6981c6a7424
 +    "lib/internal/modules/esm/initialize_import_meta.js",
 +    "lib/internal/modules/esm/module_map.js",
 +    "lib/internal/modules/esm/get_format.js",
++    "lib/internal/modules/esm/formats.js",
 +    "lib/internal/modules/esm/loader.js",
 +    "lib/internal/modules/cjs/helpers.js",
 +    "lib/internal/modules/cjs/loader.js",
@@ -1381,7 +1384,8 @@ index 0000000000000000000000000000000000000000..d2d196a59037ed32800ab6981c6a7424
 +    "deps/acorn/acorn/dist/acorn.js",
 +    "deps/acorn/acorn-walk/dist/walk.js",
 +    "deps/cjs-module-lexer/lexer.js",
-+    "deps/cjs-module-lexer/dist/lexer.js"
++    "deps/cjs-module-lexer/dist/lexer.js",
++    "deps/undici/undici.js"
 +  ],
 +  "node_sources": [
 +    "src/api/async_resource.cc",
@@ -1795,7 +1799,7 @@ index 0000000000000000000000000000000000000000..d1d6b51e8c0c5bc6a5d09e217eb30483
 +  args = rebase_path(inputs + outputs, root_build_dir)
 +}
 diff --git a/src/node_version.h b/src/node_version.h
-index 41081f82714169f3bf388c3a8c2d9aa78e21a3f4..48c0d2655789a0528dfea0a60f756aacb48a6f60 100644
+index 29c9be6366d63be7b340b35cea141e4d7e7f71cc..587735f2ddc0e5d93edd8644d121c6fb31fc4378 100644
 --- a/src/node_version.h
 +++ b/src/node_version.h
 @@ -89,7 +89,10 @@

patches/node/chore_allow_the_node_entrypoint_to_be_a_builtin_module.patch

@@ -8,10 +8,10 @@ they use themselves as the entry point. We should try to upstream some form
 of this.
 
 diff --git a/lib/internal/bootstrap/pre_execution.js b/lib/internal/bootstrap/pre_execution.js
-index 3c5e6fe40070f52d8b3f4e9757485845c1d6dbed..2af6b11c97ecdca3c40792ab35c69b07b9db76a0 100644
+index b184a0d9ae3434af746be269495e9e4c80c58091..899d5a906683e8967746e10a6de452e99e236903 100644
 --- a/lib/internal/bootstrap/pre_execution.js
 +++ b/lib/internal/bootstrap/pre_execution.js
-@@ -95,11 +95,13 @@ function patchProcessObject(expandArgv1) {
+@@ -103,11 +103,13 @@ function patchProcessObject(expandArgv1) {
    if (expandArgv1 && process.argv[1] &&
        !StringPrototypeStartsWith(process.argv[1], '-')) {
      // Expand process.argv[1] into a full path.
@@ -31,10 +31,10 @@ index 3c5e6fe40070f52d8b3f4e9757485845c1d6dbed..2af6b11c97ecdca3c40792ab35c69b07
    }
  
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index caca939942cb721a3efde7005b0a987a19237a8b..2d30a56a87ff8657cddb3d9e6af5bd9f81deffdb 100644
+index 5195ff2da0496f2bfb9112d336c38040f662087b..5c62e367f2dd7d112096551f1c34ee67ce1a5c3a 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
-@@ -1077,6 +1077,13 @@ Module.prototype._compile = function(content, filename) {
+@@ -1079,6 +1079,13 @@ Module.prototype._compile = function(content, filename) {
    if (getOptionValue('--inspect-brk') && process._eval == null) {
      if (!resolvedArgv) {
        // We enter the repl if we're not given a filename argument.

patches/node/chore_fix_-wimplicit-fallthrough.patch

@@ -18,10 +18,10 @@ index 8bfecba74d4d90e9fbf0e2cd301118e4adc6cba8..63e1149f0c4a39cb944114e5824d6074
      "-Wno-unreachable-code-return",
      "-Wno-unused-but-set-variable",
 diff --git a/deps/nghttp2/lib/nghttp2_hd.c b/deps/nghttp2/lib/nghttp2_hd.c
-index 5e8693152599215261e47b152d565bbd9a0083e7..6d54e91dea6d77ad8925ad0452fd2a0a36f35f73 100644
+index 30ee9b88920c0a0bb8f8b714e3deabe0207cac40..010edf48f614c23e971df0f37716275cc1656469 100644
 --- a/deps/nghttp2/lib/nghttp2_hd.c
 +++ b/deps/nghttp2/lib/nghttp2_hd.c
-@@ -1891,7 +1891,7 @@ ssize_t nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
+@@ -1892,7 +1892,7 @@ ssize_t nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
          rv = NGHTTP2_ERR_HEADER_COMP;
          goto fail;
        }
@@ -30,7 +30,7 @@ index 5e8693152599215261e47b152d565bbd9a0083e7..6d54e91dea6d77ad8925ad0452fd2a0a
      case NGHTTP2_HD_STATE_INFLATE_START:
      case NGHTTP2_HD_STATE_OPCODE:
        if ((*in & 0xe0u) == 0x20u) {
-@@ -2001,7 +2001,7 @@ ssize_t nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
+@@ -2002,7 +2002,7 @@ ssize_t nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
        inflater->left = 0;
        inflater->shift = 0;
        DEBUGF("inflatehd: huffman encoded=%d\n", inflater->huffman_encoded != 0);
@@ -39,7 +39,7 @@ index 5e8693152599215261e47b152d565bbd9a0083e7..6d54e91dea6d77ad8925ad0452fd2a0a
      case NGHTTP2_HD_STATE_NEWNAME_READ_NAMELEN:
        rfin = 0;
        rv = hd_inflate_read_len(inflater, &rfin, in, last, 7, NGHTTP2_HD_MAX_NV);
-@@ -2085,7 +2085,7 @@ ssize_t nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
+@@ -2086,7 +2086,7 @@ ssize_t nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
        inflater->left = 0;
        inflater->shift = 0;
        DEBUGF("inflatehd: huffman encoded=%d\n", inflater->huffman_encoded != 0);
@@ -49,7 +49,7 @@ index 5e8693152599215261e47b152d565bbd9a0083e7..6d54e91dea6d77ad8925ad0452fd2a0a
        rfin = 0;
        rv = hd_inflate_read_len(inflater, &rfin, in, last, 7, NGHTTP2_HD_MAX_NV);
 diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
-index 36f1179f72a22595dda0b98927d87e2098cad4df..f007dbf410b1bdc5d1f603aa85c3a4f0704e9741 100644
+index 380a47c1b1e82b015c271e2818aed0baf982aa2d..2f3997709cd07f6f8294f985f60b2e1e4b85a2cf 100644
 --- a/deps/nghttp2/lib/nghttp2_session.c
 +++ b/deps/nghttp2/lib/nghttp2_session.c
 @@ -2644,10 +2644,10 @@ static int session_after_frame_sent1(nghttp2_session *session) {

patches/node/chore_read_nobrowserglobals_from_global_not_process.patch

@@ -7,7 +7,7 @@ This is used so that we can modify the flag at runtime where
 config can only be set at compile time.
 
 diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
-index 085dd7e09d31fb1800b3596cc068637e1956ba52..9e0f811b2a37f45a9d8162dff7c9d5c935b856d6 100644
+index 8c31d0202b70ec9784b4289a175a62fd9fd85f8c..2b4c7a933d7f87050f7342e6c3ae2070e3dde030 100644
 --- a/lib/internal/bootstrap/node.js
 +++ b/lib/internal/bootstrap/node.js
 @@ -209,7 +209,7 @@ const {

patches/node/enable_31_bit_smis_on_64bit_arch_and_ptr_compression.patch

@@ -8,7 +8,7 @@ node modules will have different (wrong) ideas about how v8 structs are laid
 out in memory on 64-bit machines, and will summarily fail to work.
 
 diff --git a/common.gypi b/common.gypi
-index b86c3f3bbeddfa57c223ff066451fd3e1ce1315d..59e6a857060a35ca52cff2b44bc412a3f5e8eece 100644
+index 3fd1d4ddddc109dfd87f4ba6115948f1c31b1261..7ffd577817d3c6ae7164dd3945479aedcee9640e 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -64,7 +64,7 @@
@@ -20,7 +20,7 @@ index b86c3f3bbeddfa57c223ff066451fd3e1ce1315d..59e6a857060a35ca52cff2b44bc412a3
  
      # Disable V8 untrusted code mitigations.
      # See https://github.com/v8/v8/wiki/Untrusted-code-mitigations
-@@ -130,6 +130,9 @@
+@@ -133,6 +133,9 @@
          'v8_enable_pointer_compression': 0,
          'v8_enable_31bit_smis_on_64bit_arch': 0,
        }],

patches/node/feat_add_knostartdebugsignalhandler_to_environment_to_prevent.patch

@@ -7,11 +7,11 @@ Subject: feat: add kNoStartDebugSignalHandler to Environment to prevent
 This patch should be upstreamed, it allows embedders to prevent the call to StartDebugSignalHandler which handles SIGUSR1 and starts the inspector agent.  Apps that have --inspect disabled also don't want SIGUSR1 to have this affect.
 
 diff --git a/src/env-inl.h b/src/env-inl.h
-index 2da8174fe9e4209f4705af0a1cf8bca5928f088c..954602f3fc7c3344509bb57530840bb1dfeacab3 100644
+index 4a34393cad7e071bf27947418be6b3d9bdd42f98..b9834a797c89f707d1e4978587af66ebf11591d4 100644
 --- a/src/env-inl.h
 +++ b/src/env-inl.h
-@@ -886,6 +886,10 @@ inline bool Environment::should_initialize_inspector() const {
-   return (flags_ & EnvironmentFlags::kNoInitializeInspector) == 0;
+@@ -886,6 +886,10 @@ inline bool Environment::no_global_search_paths() const {
+          !options_->global_search_paths;
  }
  
 +inline bool Environment::should_start_debug_signal_handler() const {
@@ -22,22 +22,22 @@ index 2da8174fe9e4209f4705af0a1cf8bca5928f088c..954602f3fc7c3344509bb57530840bb1
    return emit_filehandle_warning_;
  }
 diff --git a/src/env.h b/src/env.h
-index 2554c530f2ca7078ed0cca03968b31f56027231b..1fbf965788f9c68d2999f38b40d39579f746d768 100644
+index cda7a52fa1ffc66d7ba42de3a275f49093f8557d..86f3c718ada13ee71e5af87e1b3772f39274cf43 100644
 --- a/src/env.h
 +++ b/src/env.h
 @@ -1216,6 +1216,7 @@ class Environment : public MemoryRetainer {
+   inline bool tracks_unmanaged_fds() const;
    inline bool hide_console_windows() const;
    inline bool no_global_search_paths() const;
-   inline bool should_initialize_inspector() const;
 +  inline bool should_start_debug_signal_handler() const;
    inline uint64_t thread_id() const;
    inline worker::Worker* worker_context() const;
    Environment* worker_parent_env() const;
 diff --git a/src/inspector_agent.cc b/src/inspector_agent.cc
-index fd9f514b9b6a7b7b1c1a6f5fe834f51266156596..14565f6885b3f88194b3b8efb340a4099ca1966c 100644
+index 5fc533741d7c8d7a8471b3c3c6a334c0e9e43501..2c36a0b132cf1b21595ac39619b99d316ad81d9e 100644
 --- a/src/inspector_agent.cc
 +++ b/src/inspector_agent.cc
-@@ -680,8 +680,10 @@ bool Agent::Start(const std::string& path,
+@@ -690,8 +690,10 @@ bool Agent::Start(const std::string& path,
                                StartIoThreadAsyncCallback));
      uv_unref(reinterpret_cast<uv_handle_t*>(&start_io_thread_async));
      start_io_thread_async.data = this;
@@ -51,19 +51,19 @@ index fd9f514b9b6a7b7b1c1a6f5fe834f51266156596..14565f6885b3f88194b3b8efb340a409
      parent_env_->AddCleanupHook([](void* data) {
        Environment* env = static_cast<Environment*>(data);
 diff --git a/src/node.h b/src/node.h
-index b2b766f242e02593631be087fceaf63f71d74284..535df2d8dfb48ddc4d01e94565fdc527aed15ef7 100644
+index 0a9f5139276eb2e102b41a586adf61fa563b47d6..0b807cb25f9eb52b2100f0e2a7c25344790967cf 100644
 --- a/src/node.h
 +++ b/src/node.h
-@@ -444,7 +444,11 @@ enum Flags : uint64_t {
-   // Controls whether or not the Environment should call InitializeInspector.
+@@ -445,7 +445,11 @@ enum Flags : uint64_t {
    // This control is needed by embedders who may not want to initialize the V8
-   // inspector in situations where it already exists.
--  kNoInitializeInspector = 1 << 8
-+  kNoInitializeInspector = 1 << 8,
+   // inspector in situations where one has already been created,
+   // e.g. Blink's in Chromium.
+-  kNoCreateInspector = 1 << 9
++  kNoCreateInspector = 1 << 9,
 +  // Controls where or not the InspectorAgent for this Environment should
 +  // call StartDebugSignalHandler.  This control is needed by embedders who may
 +  // not want to allow other processes to start the V8 inspector.
-+  kNoStartDebugSignalHandler = 1 << 9
++  kNoStartDebugSignalHandler = 1 << 10
  };
  }  // namespace EnvironmentFlags
  

patches/node/feat_initialize_asar_support.patch

@@ -6,10 +6,10 @@ Subject: feat: initialize asar support
 This patch initializes asar support in Node.js.
 
 diff --git a/lib/internal/bootstrap/pre_execution.js b/lib/internal/bootstrap/pre_execution.js
-index f21ba048b4863863e6c7b740f410775776a7649a..3c5e6fe40070f52d8b3f4e9757485845c1d6dbed 100644
+index 8de57a5666131ff0c9f7ad844498e1bd3c357a70..b184a0d9ae3434af746be269495e9e4c80c58091 100644
 --- a/lib/internal/bootstrap/pre_execution.js
 +++ b/lib/internal/bootstrap/pre_execution.js
-@@ -76,6 +76,7 @@ function prepareMainThreadExecution(expandArgv1 = false) {
+@@ -84,6 +84,7 @@ function prepareMainThreadExecution(expandArgv1 = false) {
    assert(!CJSLoader.hasLoadedAnyUserCJSModule);
    loadPreloadModules();
    initializeFrozenIntrinsics();
@@ -17,7 +17,7 @@ index f21ba048b4863863e6c7b740f410775776a7649a..3c5e6fe40070f52d8b3f4e9757485845
  }
  
  function patchProcessObject(expandArgv1) {
-@@ -477,6 +478,10 @@ function loadPreloadModules() {
+@@ -540,6 +541,10 @@ function loadPreloadModules() {
    }
  }
  

patches/node/fix_add_default_values_for_variables_in_common_gypi.patch

@@ -7,10 +7,10 @@ common.gypi is a file that's included in the node header bundle, despite
 the fact that we do not build node with gyp.
 
 diff --git a/common.gypi b/common.gypi
-index be30169cf58d9759320f1763ede7e0ce89be3aa2..b86c3f3bbeddfa57c223ff066451fd3e1ce1315d 100644
+index bdc2c105abeddc4c8e434ead05ebc0d7d82cfae8..3fd1d4ddddc109dfd87f4ba6115948f1c31b1261 100644
 --- a/common.gypi
 +++ b/common.gypi
-@@ -81,6 +81,23 @@
+@@ -84,6 +84,23 @@
  
      ##### end V8 defaults #####
  

patches/node/fix_add_v8_enable_reverse_jsargs_defines_in_common_gypi.patch

@@ -6,7 +6,7 @@ Subject: fix: add v8_enable_reverse_jsargs defines in common.gypi
 This can be removed once node upgrades V8 and inevitably has to do this exact same thing.  Also hi node people if you are looking at this.
 
 diff --git a/common.gypi b/common.gypi
-index 59e6a857060a35ca52cff2b44bc412a3f5e8eece..7741f97758282d1c601eecf263cb4ce1510be284 100644
+index 7ffd577817d3c6ae7164dd3945479aedcee9640e..6674f9f9b8880c40db579664fa40f62ad0139368 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -65,6 +65,7 @@
@@ -17,7 +17,7 @@ index 59e6a857060a35ca52cff2b44bc412a3f5e8eece..7741f97758282d1c601eecf263cb4ce1
  
      # Disable V8 untrusted code mitigations.
      # See https://github.com/v8/v8/wiki/Untrusted-code-mitigations
-@@ -79,6 +80,7 @@
+@@ -82,6 +83,7 @@
      # TODO(refack): make v8-perfetto happen
      'v8_use_perfetto': 0,
  
@@ -25,7 +25,7 @@ index 59e6a857060a35ca52cff2b44bc412a3f5e8eece..7741f97758282d1c601eecf263cb4ce1
      ##### end V8 defaults #####
  
      # When building native modules using 'npm install' with the system npm,
-@@ -398,6 +400,9 @@
+@@ -401,6 +403,9 @@
        ['v8_enable_pointer_compression == 1 or v8_enable_31bit_smis_on_64bit_arch == 1', {
          'defines': ['V8_31BIT_SMIS_ON_64BIT_ARCH'],
        }],

patches/node/fix_allow_preventing_initializeinspector_in_env.patch

@@ -1,81 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <[email protected]>
-Date: Tue, 22 Sep 2020 19:44:30 -0700
-Subject: fix: allow preventing InitializeInspector in env
-
-https://github.com/nodejs/node/commit/8c5ad1392f30cfe6b107e9bd85f4cb918ba04aab
-made it such that env->InitializeInspector was called in CreateEnvironment
-no matter what, which creates an issue for Electron, as the V8 inspector
-already exists in the renderer process and therefore we only want to
-initialize it in the browser process. This adds a new
-EnvironmentFlags option which allows preventing that invocation.
-
-diff --git a/src/api/environment.cc b/src/api/environment.cc
-index 523d252e08974a10f9a53fb46d3345669cec3380..5bf19a0dda42849159d954181058897c45d280fd 100644
---- a/src/api/environment.cc
-+++ b/src/api/environment.cc
-@@ -344,12 +344,14 @@ Environment* CreateEnvironment(
-   Environment* env = new Environment(
-       isolate_data, context, args, exec_args, nullptr, flags, thread_id);
- #if HAVE_INSPECTOR
--  if (inspector_parent_handle) {
--    env->InitializeInspector(
--        std::move(static_cast<InspectorParentHandleImpl*>(
--            inspector_parent_handle.get())->impl));
--  } else {
--    env->InitializeInspector({});
-+  if (env->should_initialize_inspector()) {
-+    if (inspector_parent_handle) {
-+      env->InitializeInspector(
-+          std::move(static_cast<InspectorParentHandleImpl*>(
-+              inspector_parent_handle.get())->impl));
-+    } else {
-+      env->InitializeInspector({});
-+    }
-   }
- #endif
- 
-diff --git a/src/env-inl.h b/src/env-inl.h
-index e679780900abc9f6b6d1d6baa52576df278be8c7..2da8174fe9e4209f4705af0a1cf8bca5928f088c 100644
---- a/src/env-inl.h
-+++ b/src/env-inl.h
-@@ -882,6 +882,10 @@ inline bool Environment::no_global_search_paths() const {
-          !options_->global_search_paths;
- }
- 
-+inline bool Environment::should_initialize_inspector() const {
-+  return (flags_ & EnvironmentFlags::kNoInitializeInspector) == 0;
-+}
-+
- bool Environment::filehandle_close_warning() const {
-   return emit_filehandle_warning_;
- }
-diff --git a/src/env.h b/src/env.h
-index 7aa5822abf11f1858d1ef8551cfc7a8c3d931f1e..2554c530f2ca7078ed0cca03968b31f56027231b 100644
---- a/src/env.h
-+++ b/src/env.h
-@@ -1215,6 +1215,7 @@ class Environment : public MemoryRetainer {
-   inline bool tracks_unmanaged_fds() const;
-   inline bool hide_console_windows() const;
-   inline bool no_global_search_paths() const;
-+  inline bool should_initialize_inspector() const;
-   inline uint64_t thread_id() const;
-   inline worker::Worker* worker_context() const;
-   Environment* worker_parent_env() const;
-diff --git a/src/node.h b/src/node.h
-index 70518ba49b3bcbfaf2e46ba8ddc3f04236bc27b8..7ca7502e086190c87ae6a61dca2192253894e906 100644
---- a/src/node.h
-+++ b/src/node.h
-@@ -439,7 +439,11 @@ enum Flags : uint64_t {
-   // $HOME/.node_modules and $NODE_PATH. This is used by standalone apps that
-   // do not expect to have their behaviors changed because of globally
-   // installed modules.
--  kNoGlobalSearchPaths = 1 << 7
-+  kNoGlobalSearchPaths = 1 << 7,
-+  // Controls whether or not the Environment should call InitializeInspector.
-+  // This control is needed by embedders who may not want to initialize the V8
-+  // inspector in situations where it already exists.
-+  kNoInitializeInspector = 1 << 8
- };
- }  // namespace EnvironmentFlags
- 

patches/node/fix_crypto_tests_to_run_with_bssl.patch

@@ -31,7 +31,7 @@ index 4e3c32fdcd23fbe3e74bd5e624b739d224689f33..19d65aae7fa8ec9f9b907733ead17a20
  // Test Parallel Execution w/ KeyObject is threadsafe in openssl3
  {
 diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
-index 21c5af6cfe3e5eef64fc2d4dcc63c55b1d79ad51..b21eb4b97ad778304b3a4e8d549e109614350dfb 100644
+index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0de416463 100644
 --- a/test/parallel/test-crypto-authenticated.js
 +++ b/test/parallel/test-crypto-authenticated.js
 @@ -50,7 +50,9 @@ const errMessages = {
@@ -739,7 +739,7 @@ index d1782359277dc52d7a60830a6dd958544d610e6b..4c781f062bc505b860b821773070551f
 +  assert.match(legacyObject.serialNumber, legacyObjectCheck.serialNumberPattern);
  }
 diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
-index 58441be4d093f06cac3d47e2fa752f2354a49f8a..36a91946c8ad23250a47c433c1216ec9cb14f0e1 100644
+index a8ceb169de2b3de73f062083c42292babc673e73..a3bb574d0e5dc85b4ba3fb0b3bd8782fbb8c8700 100644
 --- a/test/parallel/test-crypto.js
 +++ b/test/parallel/test-crypto.js
 @@ -67,7 +67,7 @@ assert.throws(() => {
@@ -769,16 +769,16 @@ index 58441be4d093f06cac3d47e2fa752f2354a49f8a..36a91946c8ad23250a47c433c1216ec9
           !('opensslErrorStack' in err);
  });
  
-@@ -137,8 +137,6 @@ assert(crypto.getHashes().includes('sha1'));
+@@ -150,8 +150,6 @@ assert(crypto.getHashes().includes('sha1'));
  assert(crypto.getHashes().includes('sha256'));
  assert(!crypto.getHashes().includes('SHA1'));
  assert(!crypto.getHashes().includes('SHA256'));
 -assert(crypto.getHashes().includes('RSA-SHA1'));
 -assert(!crypto.getHashes().includes('rsa-sha1'));
  validateList(crypto.getHashes());
- 
- // Assume that we have at least secp384r1.
-@@ -172,7 +170,7 @@ const encodingError = {
+ // Make sure all of the hashes are supported by OpenSSL
+ for (const algo of crypto.getHashes())
+@@ -188,7 +186,7 @@ const encodingError = {
  // hex input that's not a power of two should throw, not assert in C++ land.
  ['createCipher', 'createDecipher'].forEach((funcName) => {
    assert.throws(
@@ -787,7 +787,7 @@ index 58441be4d093f06cac3d47e2fa752f2354a49f8a..36a91946c8ad23250a47c433c1216ec9
      (error) => {
        assert.ok(!('opensslErrorStack' in error));
        if (common.hasFipsCrypto) {
-@@ -224,15 +222,15 @@ assert.throws(() => {
+@@ -240,15 +238,15 @@ assert.throws(() => {
      library: 'rsa routines',
    } : {
      name: 'Error',
@@ -808,7 +808,7 @@ index 58441be4d093f06cac3d47e2fa752f2354a49f8a..36a91946c8ad23250a47c433c1216ec9
  if (!common.hasOpenSSL3) {
    assert.throws(() => {
      // The correct header inside `rsa_private_pkcs8_bad.pem` should have been
-@@ -260,7 +258,7 @@ if (!common.hasOpenSSL3) {
+@@ -276,7 +274,7 @@ if (!common.hasOpenSSL3) {
      return true;
    });
  }
@@ -1010,3 +1010,36 @@ index 1094845c73e14313860ad476fb7baba2a11b5af4..51972b4b34b191ac59145889dbf2da5c
  };
  
  function generateWrappingKeys() {
+diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js
+index 99418e4c0bf21c26d5ba0ad9d617419abc625593..fc129b26ea13895353d6ede26bb2d91695c94ba4 100644
+--- a/test/parallel/test-x509-escaping.js
++++ b/test/parallel/test-x509-escaping.js
+@@ -425,11 +425,11 @@ const { hasOpenSSL3 } = common;
+   assert.strictEqual(certX509.subjectAltName, 'DNS:evil.example.com');
+ 
+   // The newer X509Certificate API allows customizing this behavior:
+-  assert.strictEqual(certX509.checkHost(servername), servername);
++  assert.strictEqual(certX509.checkHost(servername), undefined);
+   assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
+                      undefined);
+   assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
+-                     servername);
++                     undefined);
+   assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
+                      undefined);
+ 
+@@ -464,11 +464,11 @@ const { hasOpenSSL3 } = common;
+   assert.strictEqual(certX509.subjectAltName, 'IP Address:1.2.3.4');
+ 
+   // The newer X509Certificate API allows customizing this behavior:
+-  assert.strictEqual(certX509.checkHost(servername), servername);
++  assert.strictEqual(certX509.checkHost(servername), undefined);
+   assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
+-                     servername);
++                     undefined);
+   assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
+-                     servername);
++                     undefined);
+   assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
+                      undefined);
+ 

patches/node/fix_don_t_create_console_window_when_creating_process.patch

@@ -1,25 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Raymond Zhao <[email protected]>
-Date: Tue, 4 Jan 2022 16:11:41 -0800
-Subject: fix: Don't create console window when creating process
-
-This patch prevents console windows from being created during
-execSync calls, or spawnSync calls where shell is true. Otherwise,
-Windows users will see command prompts pop up for those calls.
-
-The patch has been upstreamed at https://github.com/nodejs/node/pull/41412.
-
-diff --git a/src/spawn_sync.cc b/src/spawn_sync.cc
-index 1141aceae984fba6ed07cd272a79d4007b9b03fe..afd08519d7f8974adff4060513f6160519a0b6b3 100644
---- a/src/spawn_sync.cc
-+++ b/src/spawn_sync.cc
-@@ -810,6 +810,9 @@ Maybe<int> SyncProcessRunner::ParseOptions(Local<Value> js_value) {
-   if (js_win_hide->BooleanValue(isolate))
-     uv_process_options_.flags |= UV_PROCESS_WINDOWS_HIDE;
- 
-+  if (env()->hide_console_windows())
-+    uv_process_options_.flags |= UV_PROCESS_WINDOWS_HIDE_CONSOLE;
-+
-   Local<Value> js_wva =
-       js_options->Get(context, env()->windows_verbatim_arguments_string())
-           .ToLocalChecked();

patches/node/fix_expose_tracing_agent_and_use_tracing_tracingcontroller_instead.patch

@@ -7,10 +7,10 @@ Subject: fix: expose tracing::Agent and use tracing::TracingController instead
 This API is used by Electron to create Node's tracing controller.
 
 diff --git a/src/api/environment.cc b/src/api/environment.cc
-index 0fb750c5abbe00740f2095ec397c823e26666199..523d252e08974a10f9a53fb46d3345669cec3380 100644
+index 55b895c235f51eb7bcbd8cd4065b42a05208026a..1add2976e7c48e6704400b9ea0795b934ab0bfc2 100644
 --- a/src/api/environment.cc
 +++ b/src/api/environment.cc
-@@ -459,6 +459,10 @@ MultiIsolatePlatform* GetMultiIsolatePlatform(IsolateData* env) {
+@@ -461,6 +461,10 @@ MultiIsolatePlatform* GetMultiIsolatePlatform(IsolateData* env) {
    return env->platform();
  }
  
@@ -22,7 +22,7 @@ index 0fb750c5abbe00740f2095ec397c823e26666199..523d252e08974a10f9a53fb46d334566
      int thread_pool_size,
      node::tracing::TracingController* tracing_controller) {
 diff --git a/src/node.h b/src/node.h
-index 5b1404ff8e290a505a1143b582494e9a3319a183..70518ba49b3bcbfaf2e46ba8ddc3f04236bc27b8 100644
+index 966edcd041be1bded2c3a86e5734d2849019c372..9b9ff1c86ceeaeca828328065e2ad5573ea17fc5 100644
 --- a/src/node.h
 +++ b/src/node.h
 @@ -118,6 +118,7 @@ namespace node {
@@ -33,7 +33,7 @@ index 5b1404ff8e290a505a1143b582494e9a3319a183..70518ba49b3bcbfaf2e46ba8ddc3f042
  class TracingController;
  
  }
-@@ -518,6 +519,8 @@ NODE_EXTERN v8::MaybeLocal<v8::Value> PrepareStackTraceCallback(
+@@ -523,6 +524,8 @@ NODE_EXTERN v8::MaybeLocal<v8::Value> PrepareStackTraceCallback(
  NODE_EXTERN MultiIsolatePlatform* GetMultiIsolatePlatform(Environment* env);
  NODE_EXTERN MultiIsolatePlatform* GetMultiIsolatePlatform(IsolateData* env);
  

patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch

@@ -17,10 +17,10 @@ Upstreams:
 - https://github.com/nodejs/node/pull/39136
 
 diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
-index f830da2cfba18ae2f7ad02fa862122780c956c80..51b26af969d5c84c741563297fda45426038d199 100644
+index a5aa39c23c1708ac27564a1a77a9f05fc07791e2..630a3400e74f20b1dbee17027c7dbe8688fed4b2 100644
 --- a/src/crypto/crypto_common.cc
 +++ b/src/crypto/crypto_common.cc
-@@ -176,7 +176,7 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
+@@ -162,7 +162,7 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
    const unsigned char* buf;
    size_t len;
    size_t rem;
@@ -29,7 +29,7 @@ index f830da2cfba18ae2f7ad02fa862122780c956c80..51b26af969d5c84c741563297fda4542
    if (!SSL_client_hello_get0_ext(
            ssl.get(),
            TLSEXT_TYPE_application_layer_protocol_negotiation,
-@@ -189,13 +189,15 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
+@@ -175,13 +175,15 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
    len = (buf[0] << 8) | buf[1];
    if (len + 2 != rem) return nullptr;
    return reinterpret_cast<const char*>(buf + 3);
@@ -46,7 +46,7 @@ index f830da2cfba18ae2f7ad02fa862122780c956c80..51b26af969d5c84c741563297fda4542
    if (!SSL_client_hello_get0_ext(
            ssl.get(),
            TLSEXT_TYPE_server_name,
-@@ -217,6 +219,8 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
+@@ -203,6 +205,8 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
    if (len + 2 > rem)
      return nullptr;
    return reinterpret_cast<const char*>(buf + 5);
@@ -55,7 +55,7 @@ index f830da2cfba18ae2f7ad02fa862122780c956c80..51b26af969d5c84c741563297fda4542
  }
  
  const char* GetServerName(SSL* ssl) {
-@@ -224,7 +228,10 @@ const char* GetServerName(SSL* ssl) {
+@@ -210,7 +214,10 @@ const char* GetServerName(SSL* ssl) {
  }
  
  bool SetGroups(SecureContext* sc, const char* groups) {
@@ -66,7 +66,7 @@ index f830da2cfba18ae2f7ad02fa862122780c956c80..51b26af969d5c84c741563297fda4542
  }
  
  const char* X509ErrorCode(long err) {  // NOLINT(runtime/int)
-@@ -1126,14 +1133,14 @@ MaybeLocal<Array> GetClientHelloCiphers(
+@@ -1101,14 +1108,14 @@ MaybeLocal<Array> GetClientHelloCiphers(
      Environment* env,
      const SSLPointer& ssl) {
    EscapableHandleScope scope(env->isolate());
@@ -304,7 +304,7 @@ index e1ef170a9f17634d218492a2ce888c3a4365e097..8dffad89c80e0906780d1b26ba9a65ba
  }  // namespace
  
 diff --git a/src/crypto/crypto_util.h b/src/crypto/crypto_util.h
-index 5060fc3f2fbd67d8b33975f2512cbd7cf7fedf1a..4f86810f8366b490ca2293cd1a811e69a199f708 100644
+index c431159e6f77f8c86844bcadb86012b056d03372..0ce3a8f219a2952f660ff72a6ce36ee109add649 100644
 --- a/src/crypto/crypto_util.h
 +++ b/src/crypto/crypto_util.h
 @@ -16,7 +16,9 @@

patches/node/pass_all_globals_through_require.patch

@@ -6,7 +6,7 @@ Subject: Pass all globals through "require"
 (cherry picked from commit 7d015419cb7a0ecfe6728431a4ed2056cd411d62)
 
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index cfe2982bf22c245d3249a743e341c9948d98c18b..2c188ae0b5cb86493a7fd701c343b36370369f20 100644
+index b4902850c7fec5bb67c9566f40ca1cdd2ba17b55..200c352cfd7321c47f37776589cfca397cad5d25 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
 @@ -127,6 +127,13 @@ const {
@@ -23,7 +23,7 @@ index cfe2982bf22c245d3249a743e341c9948d98c18b..2c188ae0b5cb86493a7fd701c343b363
  const {
    isProxy
  } = require('internal/util/types');
-@@ -1098,10 +1105,12 @@ Module.prototype._compile = function(content, filename) {
+@@ -1100,10 +1107,12 @@ Module.prototype._compile = function(content, filename) {
    if (requireDepth === 0) statCache = new SafeMap();
    if (inspectorWrapper) {
      result = inspectorWrapper(compiledWrapper, thisValue, exports,

patches/node/refactor_allow_embedder_overriding_of_internal_fs_calls.patch

@@ -7,7 +7,7 @@ We use this to allow node's 'fs' module to read from ASAR files as if they were
 a real filesystem.
 
 diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
-index 1393cc20f45db69c9e133e25ac9428fcb6d81100..085dd7e09d31fb1800b3596cc068637e1956ba52 100644
+index dfae7675e16a6a81e40c69d85004fc841cadf738..8c31d0202b70ec9784b4289a175a62fd9fd85f8c 100644
 --- a/lib/internal/bootstrap/node.js
 +++ b/lib/internal/bootstrap/node.js
 @@ -66,6 +66,10 @@ setupBuffer();
@@ -22,7 +22,7 @@ index 1393cc20f45db69c9e133e25ac9428fcb6d81100..085dd7e09d31fb1800b3596cc068637e
  const nativeModule = internalBinding('native_module');
  
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index 2c188ae0b5cb86493a7fd701c343b36370369f20..caca939942cb721a3efde7005b0a987a19237a8b 100644
+index 200c352cfd7321c47f37776589cfca397cad5d25..5195ff2da0496f2bfb9112d336c38040f662087b 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
 @@ -86,7 +86,7 @@ const fs = require('fs');

patches/node/refactor_alter_child_process_fork_to_use_execute_script_with.patch

@@ -7,7 +7,7 @@ Subject: refactor: alter child_process.fork to use execute script with
 When forking a child script, we setup a special environment to make the Electron binary run like the upstream node. On Mac, we use the helper app as node binary.
 
 diff --git a/lib/child_process.js b/lib/child_process.js
-index a7ef8ba1e4af1aaabf88ea424b0a101397f7eb16..9cd99a7440ee4d2273fe94a0d51b4bf4051f612d 100644
+index 415010241cdabac42ea79601c464bae4a2081c78..5c202237ecdf32afe89b5a5b4dfc2cf648fb9d23 100644
 --- a/lib/child_process.js
 +++ b/lib/child_process.js
 @@ -160,6 +160,15 @@ function fork(modulePath, args = [], options) {

patches/node/repl_fix_crash_when_sharedarraybuffer_disabled.patch

@@ -25,7 +25,7 @@ index a771b1813731edf4f0dd60f3505799e389f1d876..b9461677e2d7d1df192e752496e62cca
    bench.start();
    for (let i = 0; i < n; i++)
 diff --git a/lib/internal/main/worker_thread.js b/lib/internal/main/worker_thread.js
-index 65827ecd593ffb050484152fc6d31411fd3e4dcc..2e5d6b01d86e34549c1c7a3d3128350cad2b0c47 100644
+index a8167b86ca2e5a11b2628e20063849e85a200a8c..110a3ed1637b642b1d83fb36549cced151b9c5cd 100644
 --- a/lib/internal/main/worker_thread.js
 +++ b/lib/internal/main/worker_thread.js
 @@ -9,7 +9,7 @@ const {
@@ -37,7 +37,7 @@ index 65827ecd593ffb050484152fc6d31411fd3e4dcc..2e5d6b01d86e34549c1c7a3d3128350c
  } = primordials;
  
  const {
-@@ -142,6 +142,9 @@ port.on('message', (message) => {
+@@ -146,6 +146,9 @@ port.on('message', (message) => {
      const originalCwd = process.cwd;
  
      process.cwd = function() {

patches/node/src_allow_embedders_to_provide_a_custom_pageallocator_to.patch

@@ -12,7 +12,7 @@ allocator that does handle these cases.
 Upstreamed in https://github.com/nodejs/node/pull/38362.
 
 diff --git a/src/api/environment.cc b/src/api/environment.cc
-index 5bf19a0dda42849159d954181058897c45d280fd..03078ff3869fcd17101f1cdaf77f725dbbfa43e8 100644
+index 1add2976e7c48e6704400b9ea0795b934ab0bfc2..2abf5994405e8da2a04d1b23b75ccd3658398474 100644
 --- a/src/api/environment.cc
 +++ b/src/api/environment.cc
 @@ -475,8 +475,9 @@ MultiIsolatePlatform* CreatePlatform(
@@ -40,7 +40,7 @@ index 5bf19a0dda42849159d954181058897c45d280fd..03078ff3869fcd17101f1cdaf77f725d
  
  MaybeLocal<Object> GetPerContextExports(Local<Context> context) {
 diff --git a/src/node.h b/src/node.h
-index 7ca7502e086190c87ae6a61dca2192253894e906..b2b766f242e02593631be087fceaf63f71d74284 100644
+index 9b9ff1c86ceeaeca828328065e2ad5573ea17fc5..0a9f5139276eb2e102b41a586adf61fa563b47d6 100644
 --- a/src/node.h
 +++ b/src/node.h
 @@ -332,7 +332,8 @@ class NODE_EXTERN MultiIsolatePlatform : public v8::Platform {
@@ -53,7 +53,7 @@ index 7ca7502e086190c87ae6a61dca2192253894e906..b2b766f242e02593631be087fceaf63f
  };
  
  enum IsolateSettingsFlags {
-@@ -528,7 +529,8 @@ NODE_EXTERN node::tracing::Agent* CreateAgent();
+@@ -529,7 +530,8 @@ NODE_EXTERN node::tracing::Agent* CreateAgent();
  NODE_DEPRECATED("Use MultiIsolatePlatform::Create() instead",
      NODE_EXTERN MultiIsolatePlatform* CreatePlatform(
          int thread_pool_size,

patches/node/worker_thread_add_asar_support.patch

@@ -7,10 +7,10 @@ This patch initializes asar support in workers threads in
 Node.js.
 
 diff --git a/lib/internal/bootstrap/pre_execution.js b/lib/internal/bootstrap/pre_execution.js
-index 2af6b11c97ecdca3c40792ab35c69b07b9db76a0..e79ce2b79a5f88a315ac013b6e12534ba1531d6b 100644
+index 899d5a906683e8967746e10a6de452e99e236903..4c459b58b5a048d9d8a4f15f4011e7cce68089f4 100644
 --- a/lib/internal/bootstrap/pre_execution.js
 +++ b/lib/internal/bootstrap/pre_execution.js
-@@ -498,6 +498,7 @@ module.exports = {
+@@ -563,6 +563,7 @@ module.exports = {
    loadPreloadModules,
    setupTraceCategoryState,
    setupInspectorHooks,
@@ -19,10 +19,10 @@ index 2af6b11c97ecdca3c40792ab35c69b07b9db76a0..e79ce2b79a5f88a315ac013b6e12534b
    initializeCJSLoader,
    initializeWASI
 diff --git a/lib/internal/main/worker_thread.js b/lib/internal/main/worker_thread.js
-index 2e5d6b01d86e34549c1c7a3d3128350cad2b0c47..74ab84ca39a01269925ca0e326e4aa8894fce8a1 100644
+index 110a3ed1637b642b1d83fb36549cced151b9c5cd..50da62d11bf87c333322264f26e5b427efc7d46b 100644
 --- a/lib/internal/main/worker_thread.js
 +++ b/lib/internal/main/worker_thread.js
-@@ -27,6 +27,7 @@ const {
+@@ -29,6 +29,7 @@ const {
    initializeReport,
    initializeSourceMapsHandlers,
    loadPreloadModules,
@@ -30,7 +30,7 @@ index 2e5d6b01d86e34549c1c7a3d3128350cad2b0c47..74ab84ca39a01269925ca0e326e4aa88
    setupTraceCategoryState
  } = require('internal/bootstrap/pre_execution');
  
-@@ -154,6 +155,8 @@ port.on('message', (message) => {
+@@ -158,6 +159,8 @@ port.on('message', (message) => {
      };
      workerIo.sharedCwdCounter = cwdCounter;
  

shell/common/node_bindings.cc

@@ -480,7 +480,7 @@ node::Environment* NodeBindings::CreateEnvironment(
     // in renderer processes this should be blink. We need to tell Node.js
     // not to register its handler (overriding blinks) in non-browser processes.
     flags |= node::EnvironmentFlags::kNoRegisterESMLoader |
-             node::EnvironmentFlags::kNoInitializeInspector;
+             node::EnvironmentFlags::kNoCreateInspector;
   }
 
   if (!electron::fuses::IsNodeCliInspectEnabled()) {