chore: bump node to v20.16.0 (30-x-y) (#43025)

chore: bump node to v20.16.0

Co-authored-by: Shelley Vohr <[email protected]>

.github/actions/checkout/action.yml

@@ -100,6 +100,7 @@ runs:
             echo "There were changes to the patches when applying."
             echo "Check the CI artifacts for a patch you can apply to fix it."
             echo "======================================================================"
+            cat ../../patches/update-patches.patch
             exit 1
           fi
         fi

DEPS

@@ -4,7 +4,7 @@ vars = {
   'chromium_version':
     '124.0.6367.243',
   'node_version':
-    'v20.15.1',
+    'v20.16.0',
   'nan_version':
     'e14bdcd1f72d62bca1d541b66da43130384ec213',
   'squirrel.mac_version':

patches/node/.patches

@@ -41,3 +41,6 @@ test_match_wpt_streams_transferable_transform-stream-members_any_js.patch
 build_ensure_v8_pointer_compression_sandbox_is_enabled_on_64bit.patch
 fix_revert_src_lb_reducing_c_calls_of_esm_legacy_main_resolve.patch
 deprecate_vector_v8_local_in_v8.patch
+src_account_for_openssl_unexpected_version.patch
+windows_32bit_config_change_callback_needs_to_be_stdcall.patch
+fix_building_with_unicode.patch

patches/node/build_add_gn_build_files.patch

@@ -537,10 +537,10 @@ index 0e69d7383762f6b81c5b57698aa9d121d5a9c401..35bbeb37acc7ccb14b4b8a644ec3d4c7
          cflags_c = [
            "-mavx512vl",
 diff --git a/deps/cares/BUILD.gn b/deps/cares/BUILD.gn
-index ac19ac73ed1e24c61cb679f3851685b79cfc8b39..3f253daee0f9b1faa50857f61d76de001bd8947e 100644
+index ac19ac73ed1e24c61cb679f3851685b79cfc8b39..087e27424f3997575e4e089a57955d04b8802321 100644
 --- a/deps/cares/BUILD.gn
 +++ b/deps/cares/BUILD.gn
-@@ -1,14 +1,163 @@
+@@ -1,14 +1,170 @@
 -##############################################################################
 -#                                                                            #
 -#                       DO NOT EDIT THIS FILE!                               #
@@ -582,6 +582,8 @@ index ac19ac73ed1e24c61cb679f3851685b79cfc8b39..3f253daee0f9b1faa50857f61d76de00
 +    "src/lib/ares__htable_strvp.h",
 +    "src/lib/ares__htable_szvp.c",
 +    "src/lib/ares__htable_szvp.h",
++    "src/lib/ares__htable_vpvp.c",
++    "src/lib/ares__htable_vpvp.h",
 +    "src/lib/ares__iface_ips.c",
 +    "src/lib/ares__iface_ips.h",
 +    "src/lib/ares__llist.c",
@@ -607,6 +609,7 @@ index ac19ac73ed1e24c61cb679f3851685b79cfc8b39..3f253daee0f9b1faa50857f61d76de00
 +    "src/lib/ares_dns_record.c",
 +    "src/lib/ares_dns_private.h",
 +    "src/lib/ares_dns_write.c",
++    "src/lib/ares_event_configchg.c",
 +    "src/lib/ares_event.h",
 +    "src/lib/ares_event_win32.h",
 +    "src/lib/ares_event_epoll.c",
@@ -711,7 +714,11 @@ index ac19ac73ed1e24c61cb679f3851685b79cfc8b39..3f253daee0f9b1faa50857f61d76de00
 -cares_gn_build("cares") {
 +  if (is_mac) {
 +    include_dirs += [ "config/darwin" ]
-+    sources += [ "config/darwin/ares_config.h" ]
++    sources += [
++      "config/darwin/ares_config.h",
++      "src/lib/ares_sysconfig_mac.c",
++      "src/lib/thirdparty/apple/dnsinfo.h",
++    ]
 +  }
  }
 diff --git a/deps/googletest/BUILD.gn b/deps/googletest/BUILD.gn
@@ -1256,10 +1263,10 @@ index 0000000000000000000000000000000000000000..af9cbada10203b387fb9732b346583b1
 +}
 diff --git a/filenames.json b/filenames.json
 new file mode 100644
-index 0000000000000000000000000000000000000000..d18a59b6629849588e31f977e8d537ff5b11f7e4
+index 0000000000000000000000000000000000000000..7fed188f922a6754907411046ba4a977049394ea
 --- /dev/null
 +++ b/filenames.json
-@@ -0,0 +1,738 @@
+@@ -0,0 +1,740 @@
 +// This file is automatically generated by generate_gn_filenames_json.py
 +// DO NOT EDIT
 +{
@@ -1846,6 +1853,7 @@ index 0000000000000000000000000000000000000000..d18a59b6629849588e31f977e8d537ff
 +    "src/permission/fs_permission.cc",
 +    "src/permission/inspector_permission.cc",
 +    "src/permission/permission.cc",
++    "src/permission/wasi_permission.cc",
 +    "src/permission/worker_permission.cc",
 +    "src/pipe_wrap.cc",
 +    "src/process_wrap.cc",
@@ -1967,6 +1975,7 @@ index 0000000000000000000000000000000000000000..d18a59b6629849588e31f977e8d537ff
 +    "src/permission/fs_permission.h",
 +    "src/permission/inspector_permission.h",
 +    "src/permission/permission.h",
++    "src/permission/wasi_permission.h",
 +    "src/permission/worker_permission.h",
 +    "src/pipe_wrap.h",
 +    "src/req_wrap.h",

patches/node/build_only_create_cppgc_heap_on_non-32_bit_platforms.patch

@@ -33,10 +33,10 @@ index 7d201bb6b822f0401c3be2bc52d65bc71463748b..38f4b5afb9e667f0958008847224fa7a
      node_platform = "win32"
    } else if (target_os == "mac") {
 diff --git a/src/env.cc b/src/env.cc
-index 7bd5edf61c339daa1e1b0df8e2e91680948641de..401bc2fc819b85baba2509de6cd4dbcde5f67559 100644
+index ea0ae4e08ec7dd98721bc89d2fe80fa47eaddfec..cad55dc4458cc64d701b53975f817b1552660d73 100644
 --- a/src/env.cc
 +++ b/src/env.cc
-@@ -557,7 +557,8 @@ IsolateData::IsolateData(Isolate* isolate,
+@@ -569,7 +569,8 @@ IsolateData::IsolateData(Isolate* isolate,
      // for embedder ID, V8 could accidentally enable cppgc on them. So
      // safe guard against this.
      DCHECK_NE(descriptor.wrappable_type_index, BaseObject::kSlot);
@@ -46,7 +46,7 @@ index 7bd5edf61c339daa1e1b0df8e2e91680948641de..401bc2fc819b85baba2509de6cd4dbcd
      cpp_heap_ = CppHeap::Create(
          platform,
          CppHeapCreateParams{
-@@ -565,6 +566,7 @@ IsolateData::IsolateData(Isolate* isolate,
+@@ -577,6 +578,7 @@ IsolateData::IsolateData(Isolate* isolate,
              WrapperDescriptor(
                  BaseObject::kEmbedderType, BaseObject::kSlot, cppgc_id)});
      isolate->AttachCppHeap(cpp_heap_.get());

patches/node/chore_allow_the_node_entrypoint_to_be_a_builtin_module.patch

@@ -26,7 +26,7 @@ index 155485dbab0d46bb225fa40e99f555d805659c4f..8183cffe9d7060571c08f696abb7c090
          try {
            resolvedArgv = Module._resolveFilename(process.argv[1], null, false);
 diff --git a/lib/internal/process/pre_execution.js b/lib/internal/process/pre_execution.js
-index 16e291484bfe85d5614557f070ab0d2ae59655d4..b4272f01e84d7fec263dcad444d92459743780a8 100644
+index 8fad2fe617e4f8d2364b8c9d3cfb27c265f08b5b..710af646aaf97f88ac2ee003d8f83388ccf9a84f 100644
 --- a/lib/internal/process/pre_execution.js
 +++ b/lib/internal/process/pre_execution.js
 @@ -244,12 +244,14 @@ function patchProcessObject(expandArgv1) {

patches/node/ci_ensure_node_tests_set_electron_run_as_node.patch

@@ -45,10 +45,10 @@ index f995c170540ffaa80b1b5f8b95dbd8f52bbd5431..6455dbdd015477e16c414b6d21131393
          fixtures.path(name),
          transform ?? defaultTransform,
 diff --git a/test/parallel/test-node-output-errors.mjs b/test/parallel/test-node-output-errors.mjs
-index c0acee2bfc8c124e9d9b254041589a49c8301b8f..0e266899ffc0918b2f94e8f636043a6ec5f0870f 100644
+index 84f20a77dda367fe1ada8d616c7b6813d39efd43..27d16d74884a006ba01b777f5a20339b4906197b 100644
 --- a/test/parallel/test-node-output-errors.mjs
 +++ b/test/parallel/test-node-output-errors.mjs
-@@ -61,21 +61,22 @@ describe('errors output', { concurrency: true }, () => {
+@@ -59,21 +59,22 @@ describe('errors output', { concurrency: true }, () => {
      { name: 'errors/events_unhandled_error_subclass.js', transform: errTransform },
      { name: 'errors/if-error-has-good-stack.js', transform: errTransform },
      { name: 'errors/throw_custom_error.js', transform: errTransform },
@@ -69,11 +69,11 @@ index c0acee2bfc8c124e9d9b254041589a49c8301b8f..0e266899ffc0918b2f94e8f636043a6e
 -    { skip: skipForceColors, name: 'errors/force_colors.js',
 -      transform: forceColorsTransform, env: { FORCE_COLOR: 1 } },
 +    // { skip: skipForceColors, name: 'errors/force_colors.js',
-+      // transform: forceColorsTransform, env: { FORCE_COLOR: 1 } },
++    //   transform: forceColorsTransform, env: { FORCE_COLOR: 1 } },
    ];
    for (const { name, transform = defaultTransform, env, skip = false } of tests) {
      it(name, { skip }, async () => {
 +      if (env) env.ELECTRON_RUN_AS_NODE = 1;
-       await snapshot.spawnAndAssert(fixtures.path(name), transform, { env });
+       await snapshot.spawnAndAssert(fixtures.path(name), transform, { env: { ...env, ...process.env } });
      });
    }

patches/node/fix_-wshadow_warning.patch

@@ -28,7 +28,7 @@ In file included from ../../third_party/electron_node/src/env-inl.h:32:
 1 error generated.
 
 diff --git a/src/util.h b/src/util.h
-index cd4fe2e422a7843f5a3f0f4b336a8625a0b24bcf..8edd50e598d8612144b8da9236e63f9079b99156 100644
+index 3ae876e5484f0ebacfae6749cc336f42cd69bf14..8e9e8289de249119d6b8078abe32db6b885dfaab 100644
 --- a/src/util.h
 +++ b/src/util.h
 @@ -146,9 +146,9 @@ void DumpJavaScriptBacktrace(FILE* fp);

patches/node/fix_assert_module_in_the_renderer_process.patch

@@ -58,10 +58,10 @@ index f9d29f0065b1de63a62cfdce74a9705c22dd87d7..3f44160f1bd40fc2d4658f10edf0d0b3
  }
  
 diff --git a/src/node_options.cc b/src/node_options.cc
-index 753311e15f161547be4277016efe11cc57d351db..8e98b76e29824565739010b885375d63c992bdf8 100644
+index 28fbd93c5d4a6f379844e10e556920b7614910d8..53cf93719bea001db09697b56f197815549dc953 100644
 --- a/src/node_options.cc
 +++ b/src/node_options.cc
-@@ -1317,6 +1317,11 @@ void GetEmbedderOptions(const FunctionCallbackInfo<Value>& args) {
+@@ -1321,6 +1321,11 @@ void GetEmbedderOptions(const FunctionCallbackInfo<Value>& args) {
    Local<Context> context = env->context();
    Local<Object> ret = Object::New(isolate);
  

patches/node/fix_building_with_unicode.patch

@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Keeley Hammond <[email protected]>
+Date: Thu, 25 Jul 2024 15:29:12 -0700
+Subject: fix: building with UNICODE
+
+Use the unicode version of 'RegOpenKeyEx' to avoid compilation error on string type.
+
+Backport of https://github.com/c-ares/c-ares/pull/802.
+
+diff --git a/deps/cares/src/lib/ares_event_configchg.c b/deps/cares/src/lib/ares_event_configchg.c
+index c9b39f7b3358f37e61fb95e440695a9b590c2090..b33141ce3a30dd92509de8a4aff1a7fc76a5b915 100644
+--- a/deps/cares/src/lib/ares_event_configchg.c
++++ b/deps/cares/src/lib/ares_event_configchg.c
+@@ -319,15 +319,15 @@ ares_status_t ares_event_configchg_init(ares_event_configchg_t **configchg,
+   /* Monitor HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces
+    * and HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
+    * for changes via RegNotifyChangeKeyValue() */
+-  if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+-        "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces",
++  if (RegOpenKeyExW(HKEY_LOCAL_MACHINE,
++        L"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces",
+         0, KEY_NOTIFY, &c->regip4) != ERROR_SUCCESS) {
+     status = ARES_ESERVFAIL;
+     goto done;
+   }
+ 
+-  if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+-        "SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces",
++  if (RegOpenKeyExW(HKEY_LOCAL_MACHINE,
++        L"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces",
+         0, KEY_NOTIFY, &c->regip6) != ERROR_SUCCESS) {
+     status = ARES_ESERVFAIL;
+     goto done;

patches/node/fix_capture_embedder_exceptions_before_entering_v8.patch

@@ -24,7 +24,7 @@ index 69e2a389f9e1480a1a4ba37f5df5356b42f7d52d..0c29b00298b44b97f88a63aa5b89f1c2
        wrap->object()->Has(env->context(), env->handle_onclose_symbol())
        .FromMaybe(false)) {
 diff --git a/src/node_contextify.cc b/src/node_contextify.cc
-index ca8575e9a21b9a0b8089484a04abe702b2fe6d4e..df1d9cb4fd0442ec6ce6164a136b7a5fbcbe5b67 100644
+index d873792ab95e41d54579f552c6c1fa43447ca4cd..708fa03d088e67a50dc4e69bb3f2cc14529dc3f1 100644
 --- a/src/node_contextify.cc
 +++ b/src/node_contextify.cc
 @@ -460,6 +460,7 @@ bool ContextifyContext::IsStillInitializing(const ContextifyContext* ctx) {

patches/node/fix_crypto_tests_to_run_with_bssl.patch

@@ -31,7 +31,7 @@ index 4e3c32fdcd23fbe3e74bd5e624b739d224689f33..19d65aae7fa8ec9f9b907733ead17a20
  // Test Parallel Execution w/ KeyObject is threadsafe in openssl3
  {
 diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
-index 6178445adbc634160c3c3ca699a36868f894e544..ff4dc2f7d527b5eb1fa442ba6b0f9ba04af39357 100644
+index 59dd3b69c4bdf6dbd7b5e4f03df74caac551d459..1e0f9ce4c979683530afdf83ac3dc095acad2eb8 100644
 --- a/test/parallel/test-crypto-authenticated.js
 +++ b/test/parallel/test-crypto-authenticated.js
 @@ -48,7 +48,9 @@ const errMessages = {
@@ -381,7 +381,7 @@ index fcf1922bcdba733af6c22f142db4f7b099947757..9f72ae4e41a113e752f40795103c2af5
    assert.throws(() => crypto.createDiffieHellman('abcdef', g), ex);
    assert.throws(() => crypto.createDiffieHellman('abcdef', 'hex', g), ex);
 diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
-index 3b738b7f47ec59ba718a92e3a0024fed45a9c87c..fabf5775a263804f5974b10cf73c6886d59bf1fa 100644
+index fb580e1b315445182538c56fc114742ce896bf4c..36014fe7cb411016d72a7f4ab118923d12e97898 100644
 --- a/test/parallel/test-crypto-dh.js
 +++ b/test/parallel/test-crypto-dh.js
 @@ -55,18 +55,17 @@ const crypto = require('crypto');
@@ -594,6 +594,19 @@ index 5f4fafdfffbf726b7cb39c472baa3df25c9794cf..73bb53b0405b20f51b13326cc70e5275
    assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
  }
 +*/
+diff --git a/test/parallel/test-crypto-scrypt.js b/test/parallel/test-crypto-scrypt.js
+index 61bd65fc92678c24baa3c0eb9ffb1ead64ace70b..cb690351696a811210b9d990ee4cde3cfb2a3446 100644
+--- a/test/parallel/test-crypto-scrypt.js
++++ b/test/parallel/test-crypto-scrypt.js
+@@ -178,7 +178,7 @@ for (const options of bad) {
+ 
+ for (const options of toobig) {
+   const expected = {
+-    message: /Invalid scrypt params:.*memory limit exceeded/,
++    message: /Invalid scrypt params/,
+     code: 'ERR_CRYPTO_INVALID_SCRYPT_PARAMS',
+   };
+   assert.throws(() => crypto.scrypt('pass', 'salt', 1, options, () => {}),
 diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
 index 56e5c16c2867f019caccf42f228193cae6167150..dc585c44db9894ae57a5e11d453af03e1ea4f211 100644
 --- a/test/parallel/test-crypto-sign-verify.js

patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch

@@ -48,10 +48,10 @@ index 67cd4f2adf15e7d8511f561c54163b1842e971af..7e0e1a62289289b8362870ba4869c974
  
    const EVP_MD* digest = nullptr;
 diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
-index ee1c7931a5c83eec00fe05807ddb97572fe70cc9..8e297e57fdbc9fd42beb6e4a33cc91b9dd7316b8 100644
+index 962018583360a137639682d4aec8b0ebad2f3070..f8ec40885905abbbe0da0f285ff9e83694c2b620 100644
 --- a/src/crypto/crypto_common.cc
 +++ b/src/crypto/crypto_common.cc
-@@ -158,7 +158,7 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
+@@ -166,7 +166,7 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
    const unsigned char* buf;
    size_t len;
    size_t rem;
@@ -60,7 +60,7 @@ index ee1c7931a5c83eec00fe05807ddb97572fe70cc9..8e297e57fdbc9fd42beb6e4a33cc91b9
    if (!SSL_client_hello_get0_ext(
            ssl.get(),
            TLSEXT_TYPE_application_layer_protocol_negotiation,
-@@ -171,13 +171,15 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
+@@ -179,13 +179,15 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
    len = (buf[0] << 8) | buf[1];
    if (len + 2 != rem) return nullptr;
    return reinterpret_cast<const char*>(buf + 3);
@@ -77,7 +77,7 @@ index ee1c7931a5c83eec00fe05807ddb97572fe70cc9..8e297e57fdbc9fd42beb6e4a33cc91b9
    if (!SSL_client_hello_get0_ext(
            ssl.get(),
            TLSEXT_TYPE_server_name,
-@@ -199,6 +201,8 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
+@@ -207,6 +209,8 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
    if (len + 2 > rem)
      return nullptr;
    return reinterpret_cast<const char*>(buf + 5);
@@ -86,7 +86,7 @@ index ee1c7931a5c83eec00fe05807ddb97572fe70cc9..8e297e57fdbc9fd42beb6e4a33cc91b9
  }
  
  const char* GetServerName(SSL* ssl) {
-@@ -206,7 +210,10 @@ const char* GetServerName(SSL* ssl) {
+@@ -214,7 +218,10 @@ const char* GetServerName(SSL* ssl) {
  }
  
  bool SetGroups(SecureContext* sc, const char* groups) {
@@ -116,8 +116,21 @@ index ee1c7931a5c83eec00fe05807ddb97572fe70cc9..8e297e57fdbc9fd42beb6e4a33cc91b9
      Local<Object> obj = Object::New(env->isolate());
      if (!Set(env->context(),
               obj,
+@@ -1104,8 +1111,11 @@ MaybeLocal<Object> GetEphemeralKey(Environment* env, const SSLPointer& ssl) {
+ 
+   EscapableHandleScope scope(env->isolate());
+   Local<Object> info = Object::New(env->isolate());
++#ifndef OPENSSL_IS_BORINGSSL
+   if (!SSL_get_peer_tmp_key(ssl.get(), &raw_key)) return scope.Escape(info);
+-
++#else
++  if (!SSL_get_server_tmp_key(ssl.get(), &raw_key)) return scope.Escape(info);
++#endif
+   Local<Context> context = env->context();
+   crypto::EVPKeyPointer key(raw_key);
+ 
 diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
-index 6e5bbe07d0c337b36f3157c2e6404fdc91849fd1..7ec682833213de9054a8c30751436d12baaea235 100644
+index e26e64834bee7fd9cd4e18bfe69a4f41d51fa8e9..a5b1ec5ea6284ab9892d5a2e576f369ae3bbac91 100644
 --- a/src/crypto/crypto_context.cc
 +++ b/src/crypto/crypto_context.cc
 @@ -63,7 +63,7 @@ inline X509_STORE* GetOrCreateRootCertStore() {
@@ -253,7 +266,7 @@ index 3fa4a415dc911a13afd90dfb31c1ed4ad0fd268f..fa48dffc31342c44a1c1207b9d4c3dc7
      return EVPKeyCtxPointer();
  
 diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc
-index c5dd2fb8fce40f2bf6f9a8543047ffb50cc08084..d850af9257cc194ee385130ce3cd2c0101b2455f 100644
+index a4979cf5586a7be6308a917eb020bedafa17f683..e4705482c6d45138deac84c59d8192bb2a284a76 100644
 --- a/src/crypto/crypto_keys.cc
 +++ b/src/crypto/crypto_keys.cc
 @@ -1241,6 +1241,7 @@ void KeyObjectHandle::GetAsymmetricKeyType(
@@ -369,7 +382,7 @@ index 5734d8fdc5505e1586f571c19b840bd56e9c9f1f..3034b114e081e2b32dd5b71653927a41
  }  // namespace
  
 diff --git a/src/env.h b/src/env.h
-index 3b3724d6c7156b87555be31470e75b1cf28b5e3f..910c69b6d1d17ef25201dbb39d3d074f4f3f011f 100644
+index cd8db07919dc4d00675bbaae976e8fa1fcc16028..2310c89227f08cdcca6c4965cc163031af303626 100644
 --- a/src/env.h
 +++ b/src/env.h
 @@ -49,7 +49,7 @@
@@ -381,7 +394,7 @@ index 3b3724d6c7156b87555be31470e75b1cf28b5e3f..910c69b6d1d17ef25201dbb39d3d074f
  #include <openssl/evp.h>
  #endif
  
-@@ -1036,7 +1036,7 @@ class Environment : public MemoryRetainer {
+@@ -1038,7 +1038,7 @@ class Environment : public MemoryRetainer {
      kExitInfoFieldCount
    };
  
@@ -391,7 +404,7 @@ index 3b3724d6c7156b87555be31470e75b1cf28b5e3f..910c69b6d1d17ef25201dbb39d3d074f
    // We declare another alias here to avoid having to include crypto_util.h
    using EVPMDPointer = DeleteFnPtr<EVP_MD, EVP_MD_free>;
 diff --git a/src/node_metadata.cc b/src/node_metadata.cc
-index 844c5ac2c2b948b3be35cb3e447717a510a463a6..72a75ee0bf391ea508441f49413f85c5b735b259 100644
+index 985d44b3cd1f1aa5c09f99e868083f2e48c7e32b..5856292b5450f697cdb57de30bafd3e907a7964d 100644
 --- a/src/node_metadata.cc
 +++ b/src/node_metadata.cc
 @@ -21,7 +21,7 @@
@@ -400,7 +413,7 @@ index 844c5ac2c2b948b3be35cb3e447717a510a463a6..72a75ee0bf391ea508441f49413f85c5
  
 -#if HAVE_OPENSSL
 +#if HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL)
- #include <openssl/opensslv.h>
+ #include <openssl/crypto.h>
  #if NODE_OPENSSL_HAS_QUIC
  #include <openssl/quic.h>
 diff --git a/src/node_metadata.h b/src/node_metadata.h
@@ -417,7 +430,7 @@ index cf051585e779e2b03bd7b95fe5008b89cc7f8162..9de49c6828468fdf846dcd4ad445390f
  #if NODE_OPENSSL_HAS_QUIC
  #include <openssl/quic.h>
 diff --git a/src/node_options.cc b/src/node_options.cc
-index 7110b4d984b72fa8c9bef2cbe6e37b1871e14d08..753311e15f161547be4277016efe11cc57d351db 100644
+index 1ba0bfcd9b3096c4bffe518ad08973edb895e8c3..28fbd93c5d4a6f379844e10e556920b7614910d8 100644
 --- a/src/node_options.cc
 +++ b/src/node_options.cc
 @@ -6,7 +6,7 @@
@@ -430,7 +443,7 @@ index 7110b4d984b72fa8c9bef2cbe6e37b1871e14d08..753311e15f161547be4277016efe11cc
  #endif
  
 diff --git a/src/node_options.h b/src/node_options.h
-index 3c67c3680b045786dafb8435f5b311c3f386a943..546c3979e2c8d7498aa92df4c89ee867c6485080 100644
+index 1357e5b42869e8e3a30d2bf6db0faed565d99754..49c6d8b4162977a926e36bad7183a10502b2beaf 100644
 --- a/src/node_options.h
 +++ b/src/node_options.h
 @@ -11,7 +11,7 @@

patches/node/refactor_allow_embedder_overriding_of_internal_fs_calls.patch

@@ -7,7 +7,7 @@ We use this to allow node's 'fs' module to read from ASAR files as if they were
 a real filesystem.
 
 diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
-index d42e766555a83ec7421b13c2bf75bfd28f086102..57125a271394dda0d3aa3a261ba087c978582c29 100644
+index 12262f40ce123440a9a0f974386cfbe8511f4459..f3c15b61d33bdae44de528e106fcc6f930f1c388 100644
 --- a/lib/internal/bootstrap/node.js
 +++ b/lib/internal/bootstrap/node.js
 @@ -134,6 +134,10 @@ process.domain = null;

patches/node/src_account_for_openssl_unexpected_version.patch

@@ -0,0 +1,45 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shelley Vohr <[email protected]>
+Date: Thu, 25 Jul 2024 12:19:41 +0200
+Subject: src: account for OpenSSL unexpected version
+
+Fixes a crash that occurs because the logic to parse for an OpenSSL
+version didn't account for OpenSSL_version returning a value that
+doesn't match the expected pattern of OpenSSL 1.1.0i 14 Aug 2018.
+In Electron's case, OpenSSL_version returns just BoringSSL, which in
+combination with the search logic not accounting for the delimiter not
+being present caused an out-of-bounds crash:
+
+out_of_range was thrown in -fno-exceptions mode with message "basic_string"
+
+This fixes that by checking for the null terminator and returning 0.0.0
+when the target delimiter isn't present.
+
+Upstreamed at https://github.com/nodejs/node/pull/54038
+
+diff --git a/src/node_metadata.cc b/src/node_metadata.cc
+index 5856292b5450f697cdb57de30bafd3e907a7964d..6cb32b187151b0416fbe29cf4b61543e828cea20 100644
+--- a/src/node_metadata.cc
++++ b/src/node_metadata.cc
+@@ -48,14 +48,19 @@ Metadata metadata;
+ 
+ #if HAVE_OPENSSL
+ static constexpr size_t search(const char* s, char c, size_t n = 0) {
+-  return *s == c ? n : search(s + 1, c, n + 1);
++  return *s == '\0' ? n : (*s == c ? n : search(s + 1, c, n + 1));
+ }
+ 
+ static inline std::string GetOpenSSLVersion() {
+   // sample openssl version string format
+   // for reference: "OpenSSL 1.1.0i 14 Aug 2018"
+   const char* version = OpenSSL_version(OPENSSL_VERSION);
+-  const size_t start = search(version, ' ') + 1;
++  const size_t first_space = search(version, ' ');
++  if (version[first_space] == '\0') {
++    return std::string("0.0.0");
++  }
++
++  const size_t start = first_space + 1;
+   const size_t len = search(&version[start], ' ');
+   return std::string(version, start, len);
+ }

patches/node/test_formally_mark_some_tests_as_flaky.patch

@@ -7,7 +7,7 @@ Instead of disabling the tests, flag them as flaky so they still run
 but don't cause CI failures on flakes.
 
 diff --git a/test/parallel/parallel.status b/test/parallel/parallel.status
-index 8840bd004ba87aa4a310b381310bb9612b96d861..892980bb90e433b16756f33c554b299ecc185eb4 100644
+index c2b988f9b2f76940c1c6b05af13898ba2062ba72..d45260cee87349cc8642d814dd11b904bdcf3762 100644
 --- a/test/parallel/parallel.status
 +++ b/test/parallel/parallel.status
 @@ -5,6 +5,16 @@ prefix parallel
@@ -24,9 +24,9 @@ index 8840bd004ba87aa4a310b381310bb9612b96d861..892980bb90e433b16756f33c554b299e
 +test-cluster-bind-privileged-port: PASS, FLAKY
 +test-cluster-shared-handle-bind-privileged-port: PASS, FLAKY
 +test-debugger-random-port-with-inspect-port: PASS, FLAKY
- 
- # https://github.com/nodejs/node/issues/51862
- test-fs-read-stream-concurrent-reads: PASS, FLAKY
+ # https://github.com/nodejs/node/issues/52273
+ test-net-write-fully-async-hex-string: PASS, FLAKY
+ # https://github.com/nodejs/node/issues/52273
 diff --git a/test/sequential/sequential.status b/test/sequential/sequential.status
 index ccab879b6e5fcdcc0d3a4b790b97db94d92f1a59..11339325697ae98f6996101163679590451c0b81 100644
 --- a/test/sequential/sequential.status

patches/node/test_match_wpt_streams_transferable_transform-stream-members_any_js.patch

@@ -7,7 +7,7 @@ Subject: test: match wpt/streams/transferable/transform-stream-members.any.js
 All four of this calls should fail - see third_party/blink/web_tests/external/wpt/streams/transferable/transform-stream-members.any-expected.txt
 
 diff --git a/test/wpt/status/streams.json b/test/wpt/status/streams.json
-index 8d6a4c6d2fe27b349ca8a4cbcdc51c3eec06ede9..1e7af48a149ba2c8bed01cd6584e59dc0bc6b676 100644
+index 3b6e0ce6429f9dddb0b1a6882ce9e3a5158300e5..7ec49a378bfc84728b473d5df69675fff1dfdfef 100644
 --- a/test/wpt/status/streams.json
 +++ b/test/wpt/status/streams.json
 @@ -50,7 +50,9 @@

patches/node/windows_32bit_config_change_callback_needs_to_be_stdcall.patch

@@ -0,0 +1,34 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Keeley Hammond <[email protected]>
+Date: Thu, 25 Jul 2024 15:26:37 -0700
+Subject: windows 32bit: config change callback needs to be stdcall
+
+Patch of upstream fix: https://github.com/c-ares/c-ares/commit/8f265c9d5109e5665136396d347c0a93ea78999e
+
+diff --git a/deps/cares/src/lib/ares_event_configchg.c b/deps/cares/src/lib/ares_event_configchg.c
+index b7c5ad8c75b6218cf36283fb6d0f8cd702224b87..c9b39f7b3358f37e61fb95e440695a9b590c2090 100644
+--- a/deps/cares/src/lib/ares_event_configchg.c
++++ b/deps/cares/src/lib/ares_event_configchg.c
+@@ -239,9 +239,10 @@ void ares_event_configchg_destroy(ares_event_configchg_t *configchg)
+ 
+ 
+ #  ifndef __WATCOMC__
+-static void ares_event_configchg_ip_cb(PVOID                 CallerContext,
+-                                       PMIB_IPINTERFACE_ROW  Row,
+-                                       MIB_NOTIFICATION_TYPE NotificationType)
++static void NETIOAPI_API_
++  ares_event_configchg_ip_cb(PVOID                 CallerContext,
++                             PMIB_IPINTERFACE_ROW  Row,
++                             MIB_NOTIFICATION_TYPE NotificationType)
+ {
+   ares_event_configchg_t *configchg = CallerContext;
+   (void)Row;
+@@ -308,7 +309,7 @@ ares_status_t ares_event_configchg_init(ares_event_configchg_t **configchg,
+    *       that didn't get triggered either.
+    */
+   if (NotifyIpInterfaceChange(
+-        AF_UNSPEC, (PIPINTERFACE_CHANGE_CALLBACK)ares_event_configchg_ip_cb,
++        AF_UNSPEC, ares_event_configchg_ip_cb,
+         *configchg, FALSE, &c->ifchg_hnd) != NO_ERROR) {
+     status = ARES_ESERVFAIL;
+     goto done;

script/node-disabled-tests.json

@@ -35,6 +35,7 @@
   "parallel/test-module-loading-globalpaths",
   "parallel/test-openssl-ca-options",
   "parallel/test-process-versions",
+  "parallel/test-process-get-builtin",
   "parallel/test-repl",
   "parallel/test-repl-underscore",
   "parallel/test-single-executable-blob-config",