chore: bump node to v20.15.0 (31-x-y) (#42614)

* chore: bump node in DEPS to v20.15.0

* doc: Add OpenSSL errors to API docs

https://github.com/nodejs/node/pull/34213

* test: crypto-rsa-dsa testing for dynamic openssl

https://github.com/nodejs/node/pull/52781

* src: allow preventing debug signal handler start

https://github.com/nodejs/node/pull/46681

* cli: allow running wasm in limited vmemory with --disable-wasm-trap-handler

https://github.com/nodejs/node/pull/52766

* chore: fixup patch indices

* chore: update patches

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <[email protected]>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>

DEPS

@@ -4,7 +4,7 @@ vars = {
   'chromium_version':
     '126.0.6478.114',
   'node_version':
-    'v20.14.0',
+    'v20.15.0',
   'nan_version':
     'e14bdcd1f72d62bca1d541b66da43130384ec213',
   'squirrel.mac_version':

patches/node/.patches

@@ -13,7 +13,6 @@ fix_account_for_debugger_agent_race_condition.patch
 fix_readbarrier_undefined_symbol_error_on_woa_arm64.patch
 fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch
 fix_serdes_test.patch
-feat_add_knostartdebugsignalhandler_to_environment_to_prevent.patch
 feat_add_uv_loop_interrupt_on_io_change_option_to_uv_loop_configure.patch
 support_v8_sandboxed_pointers.patch
 build_ensure_native_module_compilation_fails_if_not_using_a_new.patch
@@ -33,7 +32,6 @@ fix_assert_module_in_the_renderer_process.patch
 fix_add_trusted_space_and_trusted_lo_space_to_the_v8_heap.patch
 win_process_avoid_assert_after_spawning_store_app_4152.patch
 chore_remove_use_of_deprecated_kmaxlength.patch
-feat_optionally_prevent_calling_v8_enablewebassemblytraphandler.patch
 build_only_create_cppgc_heap_on_non-32_bit_platforms.patch
 src_update_default_v8_platform_to_override_functions_with_location.patch
 fix_capture_embedder_exceptions_before_entering_v8.patch

patches/node/build_ensure_native_module_compilation_fails_if_not_using_a_new.patch

@@ -40,10 +40,10 @@ index 9a27610992612b59eadcc8e481683cf1e6a5dbb6..1fad20645d059ad5f3efaa9279f582f9
        # list in v8/BUILD.gn.
        ['v8_enable_v8_checks == 1', {
 diff --git a/configure.py b/configure.py
-index 11c0df455451d4ab4bea066a8361246cbf10bf1d..c30052f02f97df78e0d9294784cb3efb3fd2d1a7 100755
+index f189ba2bf09fc248b3c1ce3c3535b939a4160ad2..2c24db93618f88f5f07e95a3edf63fb7942ac009 100755
 --- a/configure.py
 +++ b/configure.py
-@@ -1501,6 +1501,7 @@ def configure_library(lib, output, pkgname=None):
+@@ -1559,6 +1559,7 @@ def configure_library(lib, output, pkgname=None):
  
  
  def configure_v8(o):

patches/node/build_ensure_v8_pointer_compression_sandbox_is_enabled_on_64bit.patch

@@ -22,10 +22,10 @@ index 1fad20645d059ad5f3efaa9279f582f99cb1006b..4fbb33550e8a044b92997a42eb6603f1
        ['target_arch in "ppc64 s390x"', {
          'v8_enable_backtrace': 1,
 diff --git a/configure.py b/configure.py
-index c30052f02f97df78e0d9294784cb3efb3fd2d1a7..5fb89e56fde52d01b3806ec4e8549cbeb5ffca66 100755
+index 2c24db93618f88f5f07e95a3edf63fb7942ac009..4e6dc7378e4435b90246eb072379cea1bfdad09c 100755
 --- a/configure.py
 +++ b/configure.py
-@@ -1515,6 +1515,7 @@ def configure_v8(o):
+@@ -1573,6 +1573,7 @@ def configure_v8(o):
    o['variables']['v8_use_siphash'] = 0 if options.without_siphash else 1
    o['variables']['v8_enable_maglev'] = 1 if options.v8_enable_maglev else 0
    o['variables']['v8_enable_pointer_compression'] = 1 if options.enable_pointer_compression else 0

patches/node/build_only_create_cppgc_heap_on_non-32_bit_platforms.patch

@@ -33,7 +33,7 @@ index 2ce1e8a7dcca2ba153d387d11970c72b5f43c167..590303d1b78e2c28d7c3338196b12fcf
      node_platform = "win32"
    } else if (target_os == "mac") {
 diff --git a/src/env.cc b/src/env.cc
-index 5c75e5b99d9415163640ab90f5891c0fee067a88..5f8bb37d117d82123b81f5f4b32735150184fa74 100644
+index 7bd5edf61c339daa1e1b0df8e2e91680948641de..401bc2fc819b85baba2509de6cd4dbcde5f67559 100644
 --- a/src/env.cc
 +++ b/src/env.cc
 @@ -557,7 +557,8 @@ IsolateData::IsolateData(Isolate* isolate,

patches/node/feat_add_knostartdebugsignalhandler_to_environment_to_prevent.patch

@@ -1,69 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Samuel Attard <[email protected]>
-Date: Mon, 7 Mar 2022 16:36:28 -0800
-Subject: feat: add kNoStartDebugSignalHandler to Environment to prevent
- SIGUSR1 handling
-
-This patch should be upstreamed, it allows embedders to prevent the call to StartDebugSignalHandler which handles SIGUSR1 and starts the inspector agent.  Apps that have --inspect disabled also don't want SIGUSR1 to have this affect.
-
-diff --git a/src/env-inl.h b/src/env-inl.h
-index 099e7352e68af6179f143741c626d8f539b568bb..63ce35ba68b48a55d8150395304bf86c2bf23aae 100644
---- a/src/env-inl.h
-+++ b/src/env-inl.h
-@@ -677,6 +677,10 @@ inline bool Environment::no_global_search_paths() const {
-          !options_->global_search_paths;
- }
- 
-+inline bool Environment::should_start_debug_signal_handler() const {
-+  return (flags_ & EnvironmentFlags::kNoStartDebugSignalHandler) == 0;
-+}
-+
- inline bool Environment::no_browser_globals() const {
-   // configure --no-browser-globals
- #ifdef NODE_NO_BROWSER_GLOBALS
-diff --git a/src/env.h b/src/env.h
-index c0c99456471788d40218152291a32db5fbdf1101..910c69b6d1d17ef25201dbb39d3d074f4f3f011f 100644
---- a/src/env.h
-+++ b/src/env.h
-@@ -801,6 +801,7 @@ class Environment : public MemoryRetainer {
-   inline bool tracks_unmanaged_fds() const;
-   inline bool hide_console_windows() const;
-   inline bool no_global_search_paths() const;
-+  inline bool should_start_debug_signal_handler() const;
-   inline bool no_browser_globals() const;
-   inline uint64_t thread_id() const;
-   inline worker::Worker* worker_context() const;
-diff --git a/src/inspector_agent.cc b/src/inspector_agent.cc
-index 63c8ae14abb3dee3c4a628d1042c2e9e25688806..4e1eb17dd174e18a814fce6b170d75d161937ace 100644
---- a/src/inspector_agent.cc
-+++ b/src/inspector_agent.cc
-@@ -717,8 +717,10 @@ bool Agent::Start(const std::string& path,
-                               StartIoThreadAsyncCallback));
-     uv_unref(reinterpret_cast<uv_handle_t*>(&start_io_thread_async));
-     start_io_thread_async.data = this;
--    // Ignore failure, SIGUSR1 won't work, but that should not block node start.
--    StartDebugSignalHandler();
-+    if (parent_env_->should_start_debug_signal_handler()) {
-+      // Ignore failure, SIGUSR1 won't work, but that should not block node start.
-+      StartDebugSignalHandler();
-+    }
- 
-     parent_env_->AddCleanupHook([](void* data) {
-       Environment* env = static_cast<Environment*>(data);
-diff --git a/src/node.h b/src/node.h
-index 24dd1d9fe8de5993863f9fcd0ce7f65ec5460cce..c267ed1eeaa2d8b6ecd5a1563a4e9440bf0cca00 100644
---- a/src/node.h
-+++ b/src/node.h
-@@ -658,7 +658,11 @@ enum Flags : uint64_t {
-   // This control is needed by embedders who may not want to initialize the V8
-   // inspector in situations where one has already been created,
-   // e.g. Blink's in Chromium.
--  kNoCreateInspector = 1 << 9
-+  kNoCreateInspector = 1 << 9,
-+  // Controls where or not the InspectorAgent for this Environment should
-+  // call StartDebugSignalHandler.  This control is needed by embedders who may
-+  // not want to allow other processes to start the V8 inspector.
-+  kNoStartDebugSignalHandler = 1 << 10
- };
- }  // namespace EnvironmentFlags
- 

patches/node/feat_optionally_prevent_calling_v8_enablewebassemblytraphandler.patch

@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <[email protected]>
-Date: Thu, 16 Nov 2023 16:48:10 +0100
-Subject: feat: optionally prevent calling V8::EnableWebAssemblyTrapHandler
-
-V8::EnableWebAssemblyTrapHandler can be called only once or it will
-hard crash. We need to prevent Node.js calling it in the event it has
-already been called.
-
-This should be upstreamed.
-
-diff --git a/src/node.cc b/src/node.cc
-index 3e4f1b5d730865fae61f8bfbc58c14c6a59fb33a..7478ef81eb9b275eb5f45b528582e5bbd30e60ec 100644
---- a/src/node.cc
-+++ b/src/node.cc
-@@ -650,6 +650,7 @@ static void PlatformInit(ProcessInitializationFlags::Flags flags) {
- #endif
-     }
- #endif  // defined(_WIN32)
-+  if (!(flags & ProcessInitializationFlags::kNoEnableWasmTrapHandler))
-     V8::EnableWebAssemblyTrapHandler(false);
- #endif  // NODE_USE_V8_WASM_TRAP_HANDLER
-   }
-diff --git a/src/node.h b/src/node.h
-index e55256996f2c85b0ae3854cbd1b83ca88a3e22cb..76e2459eceed127e69c686f26fd5bd369b81f1af 100644
---- a/src/node.h
-+++ b/src/node.h
-@@ -275,6 +275,10 @@ enum Flags : uint32_t {
-   kNoInitializeCppgc = 1 << 13,
-   // Initialize the process for predictable snapshot generation.
-   kGeneratePredictableSnapshot = 1 << 14,
-+  // Do not initialize the Web Assembly trap handler. This is used by
-+  // embedders to account for the case where it may already have been
-+  // initialized - calling it more than once will hard crash.
-+  kNoEnableWasmTrapHandler = 1 << 15,
- 
-   // Emulate the behavior of InitializeNodeWithArgs() when passing
-   // a flags argument to the InitializeOncePerProcess() replacement

patches/node/fix_assert_module_in_the_renderer_process.patch

@@ -58,10 +58,10 @@ index f9d29f0065b1de63a62cfdce74a9705c22dd87d7..3f44160f1bd40fc2d4658f10edf0d0b3
  }
  
 diff --git a/src/node_options.cc b/src/node_options.cc
-index dae3237abc95362db81a1f529becfac43454d709..ee8e6f342bf4956c5f186337b6c051e1d62a6dcd 100644
+index 753311e15f161547be4277016efe11cc57d351db..8e98b76e29824565739010b885375d63c992bdf8 100644
 --- a/src/node_options.cc
 +++ b/src/node_options.cc
-@@ -1301,6 +1301,11 @@ void GetEmbedderOptions(const FunctionCallbackInfo<Value>& args) {
+@@ -1317,6 +1317,11 @@ void GetEmbedderOptions(const FunctionCallbackInfo<Value>& args) {
    Local<Context> context = env->context();
    Local<Object> ret = Object::New(isolate);
  

patches/node/fix_crypto_tests_to_run_with_bssl.patch

@@ -549,7 +549,7 @@ index 1785f5eef3d202976666081d09850ed744d83446..e88227a215ba4f7fa196f7642ae694a5
    });
  
 diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
-index ecda345989789d0745b631385e7411305c1c6375..542a0a16f3f2eba4efd31e807a3bc34b6752d798 100644
+index 5f4fafdfffbf726b7cb39c472baa3df25c9794cf..73bb53b0405b20f51b13326cc70e52755c674366 100644
 --- a/test/parallel/test-crypto-rsa-dsa.js
 +++ b/test/parallel/test-crypto-rsa-dsa.js
 @@ -28,12 +28,11 @@ const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
@@ -577,10 +577,10 @@ index ecda345989789d0745b631385e7411305c1c6375..542a0a16f3f2eba4efd31e807a3bc34b
 -  if (padding === constants.RSA_PKCS1_PADDING) {
 +  // BoringSSL does not support RSA_PKCS1_PADDING.
 +  if (false) {
-     // TODO(richardlau): see if it's possible to determine implicit rejection
-     // support when dynamically linked against OpenSSL.
      if (!process.config.variables.node_shared_openssl) {
-@@ -419,7 +419,7 @@ assert.throws(() => {
+       assert.throws(() => {
+         crypto.privateDecrypt({
+@@ -466,7 +466,7 @@ assert.throws(() => {
    assert.strictEqual(verify2.verify(publicKey, signature, 'hex'), true);
  }
  
@@ -589,7 +589,7 @@ index ecda345989789d0745b631385e7411305c1c6375..542a0a16f3f2eba4efd31e807a3bc34b
  //
  // Test DSA signing and verification
  //
-@@ -494,3 +494,4 @@ const input = 'I AM THE WALRUS';
+@@ -541,3 +541,4 @@ const input = 'I AM THE WALRUS';
  
    assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
  }

patches/node/fix_expose_tracing_agent_and_use_tracing_tracingcontroller_instead.patch

@@ -22,7 +22,7 @@ index cdc2f7aaa8efd8b5d9090455c92d81b2bef460b7..12414204361e7227f7f7736a07388ade
      int thread_pool_size,
      node::tracing::TracingController* tracing_controller) {
 diff --git a/src/node.h b/src/node.h
-index 58c021f67e92c3fdcb4b173c00acae0722994222..24dd1d9fe8de5993863f9fcd0ce7f65ec5460cce 100644
+index 7047a667f7f1b2a09aa409b2933aad4b3a4af929..c267ed1eeaa2d8b6ecd5a1563a4e9440bf0cca00 100644
 --- a/src/node.h
 +++ b/src/node.h
 @@ -133,6 +133,7 @@ struct SnapshotData;
@@ -33,7 +33,7 @@ index 58c021f67e92c3fdcb4b173c00acae0722994222..24dd1d9fe8de5993863f9fcd0ce7f65e
  class TracingController;
  
  }
-@@ -824,6 +825,8 @@ NODE_EXTERN void GetNodeReport(Environment* env,
+@@ -828,6 +829,8 @@ NODE_EXTERN void GetNodeReport(Environment* env,
  NODE_EXTERN MultiIsolatePlatform* GetMultiIsolatePlatform(Environment* env);
  NODE_EXTERN MultiIsolatePlatform* GetMultiIsolatePlatform(IsolateData* env);
  

patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch

@@ -48,7 +48,7 @@ index 67cd4f2adf15e7d8511f561c54163b1842e971af..7e0e1a62289289b8362870ba4869c974
  
    const EVP_MD* digest = nullptr;
 diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
-index 3517c39ad0b71a4d3efefeee2a3d55b70494bc1d..7164e539880e6d33ee1ea1fb77bae8adf4095708 100644
+index ee1c7931a5c83eec00fe05807ddb97572fe70cc9..8e297e57fdbc9fd42beb6e4a33cc91b9dd7316b8 100644
 --- a/src/crypto/crypto_common.cc
 +++ b/src/crypto/crypto_common.cc
 @@ -158,7 +158,7 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
@@ -77,7 +77,7 @@ index 3517c39ad0b71a4d3efefeee2a3d55b70494bc1d..7164e539880e6d33ee1ea1fb77bae8ad
    if (!SSL_client_hello_get0_ext(
            ssl.get(),
            TLSEXT_TYPE_server_name,
-@@ -199,15 +201,20 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
+@@ -199,6 +201,8 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
    if (len + 2 > rem)
      return nullptr;
    return reinterpret_cast<const char*>(buf + 5);
@@ -86,22 +86,18 @@ index 3517c39ad0b71a4d3efefeee2a3d55b70494bc1d..7164e539880e6d33ee1ea1fb77bae8ad
  }
  
  const char* GetServerName(SSL* ssl) {
-   return SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+@@ -206,7 +210,10 @@ const char* GetServerName(SSL* ssl) {
  }
  
--bool SetGroups(SecureContext* sc, const char* groups) {
--  return SSL_CTX_set1_groups_list(sc->ctx().get(), groups) == 1;
--}
-+ bool SetGroups(SecureContext* sc, const char* groups) {
+ bool SetGroups(SecureContext* sc, const char* groups) {
 +#ifndef OPENSSL_IS_BORINGSSL
-+   return SSL_CTX_set1_groups_list(sc->ctx().get(), groups) == 1;
+   return SSL_CTX_set1_groups_list(sc->ctx().get(), groups) == 1;
 +#endif
 +  return SSL_CTX_set1_curves_list(sc->ctx().get(), groups) == 1;
-+ }
+ }
  
- const char* X509ErrorCode(long err) {  // NOLINT(runtime/int)
-   const char* code = "UNSPECIFIED";
-@@ -1042,14 +1049,14 @@ MaybeLocal<Array> GetClientHelloCiphers(
+ // When adding or removing errors below, please also update the list in the API
+@@ -1044,14 +1051,14 @@ MaybeLocal<Array> GetClientHelloCiphers(
      Environment* env,
      const SSLPointer& ssl) {
    EscapableHandleScope scope(env->isolate());
@@ -375,7 +371,7 @@ index 5734d8fdc5505e1586f571c19b840bd56e9c9f1f..3034b114e081e2b32dd5b71653927a41
  }  // namespace
  
 diff --git a/src/env.h b/src/env.h
-index 904dda4caf9695acec72bd95ba235b92b07eabe2..c0c99456471788d40218152291a32db5fbdf1101 100644
+index 3b3724d6c7156b87555be31470e75b1cf28b5e3f..910c69b6d1d17ef25201dbb39d3d074f4f3f011f 100644
 --- a/src/env.h
 +++ b/src/env.h
 @@ -49,7 +49,7 @@
@@ -387,7 +383,7 @@ index 904dda4caf9695acec72bd95ba235b92b07eabe2..c0c99456471788d40218152291a32db5
  #include <openssl/evp.h>
  #endif
  
-@@ -1035,7 +1035,7 @@ class Environment : public MemoryRetainer {
+@@ -1036,7 +1036,7 @@ class Environment : public MemoryRetainer {
      kExitInfoFieldCount
    };
  
@@ -423,7 +419,7 @@ index cf051585e779e2b03bd7b95fe5008b89cc7f8162..9de49c6828468fdf846dcd4ad445390f
  #if NODE_OPENSSL_HAS_QUIC
  #include <openssl/quic.h>
 diff --git a/src/node_options.cc b/src/node_options.cc
-index 937ce44696175dc80edabcd9fc2709a6716d1a66..dae3237abc95362db81a1f529becfac43454d709 100644
+index 7110b4d984b72fa8c9bef2cbe6e37b1871e14d08..753311e15f161547be4277016efe11cc57d351db 100644
 --- a/src/node_options.cc
 +++ b/src/node_options.cc
 @@ -6,7 +6,7 @@
@@ -436,7 +432,7 @@ index 937ce44696175dc80edabcd9fc2709a6716d1a66..dae3237abc95362db81a1f529becfac4
  #endif
  
 diff --git a/src/node_options.h b/src/node_options.h
-index 0a2f5512f689f87b73aa582782c484f73a4ebc43..e1985f2188eec6869521aecd39d2d74d5cc1616a 100644
+index 3c67c3680b045786dafb8435f5b311c3f386a943..546c3979e2c8d7498aa92df4c89ee867c6485080 100644
 --- a/src/node_options.h
 +++ b/src/node_options.h
 @@ -11,7 +11,7 @@

patches/node/fix_revert_src_lb_reducing_c_calls_of_esm_legacy_main_resolve.patch

@@ -142,7 +142,7 @@ index 30f6abd5d2d3fb7aceaa6191ebd99642e34d9ee4..cd5f59a5c27afd74f68c920a6ab5b8bc
  
  const encodedSepRegEx = /%2F|%5C/i;
 diff --git a/src/node_file.cc b/src/node_file.cc
-index 0ec5c6f4845e7b1f279caabca43a06ab41193d00..1e66de2fb7860a0d0dcab6c7bded90a048886cf8 100644
+index b0aa53420c4efb45ccb129cd4db5579de9f3e401..3e3aa383f54f45ab6dd134be29a2dbcf35760163 100644
 --- a/src/node_file.cc
 +++ b/src/node_file.cc
 @@ -19,14 +19,11 @@

patches/node/test_formally_mark_some_tests_as_flaky.patch

@@ -7,7 +7,7 @@ Instead of disabling the tests, flag them as flaky so they still run
 but don't cause CI failures on flakes.
 
 diff --git a/test/parallel/parallel.status b/test/parallel/parallel.status
-index 54de053b4046b283fd4bb5b74531723dfa52dfce..762c15fa661314095a1352eeac07bef544883585 100644
+index 8840bd004ba87aa4a310b381310bb9612b96d861..892980bb90e433b16756f33c554b299ecc185eb4 100644
 --- a/test/parallel/parallel.status
 +++ b/test/parallel/parallel.status
 @@ -5,6 +5,16 @@ prefix parallel

script/node-disabled-tests.json

@@ -160,5 +160,6 @@
   "sequential/test-single-executable-application-snapshot-and-code-cache",
   "sequential/test-single-executable-application-use-code-cache",
   "sequential/test-tls-connect",
-  "wpt/test-webcrypto"
+  "wpt/test-webcrypto",
+  "wasm-allocation/test-wasm-allocation"
 ]

shell/common/node_bindings.cc

@@ -531,10 +531,15 @@ void NodeBindings::Initialize(v8::Local<v8::Context> context) {
 
   // Parse and set Node.js cli flags.
   std::vector<std::string> args = ParseNodeCliFlags();
+
+  // V8::EnableWebAssemblyTrapHandler can be called only once or it will
+  // hard crash. We need to prevent Node.js calling it in the event it has
+  // already been called.
+  node::per_process::cli_options->disable_wasm_trap_handler = true;
+
   uint64_t process_flags =
       node::ProcessInitializationFlags::kNoInitializeV8 |
-      node::ProcessInitializationFlags::kNoInitializeNodeV8Platform |
-      node::ProcessInitializationFlags::kNoEnableWasmTrapHandler;
+      node::ProcessInitializationFlags::kNoInitializeNodeV8Platform;
 
   // We do not want the child processes spawned from the utility process
   // to inherit the custom stdio handles created for the parent.