chore: bump node to v22.13.1 (main) (#45307)

* chore: bump node in DEPS to v22.13.1

* chore: fixup GN build file

* https://github.com/nodejs/node/pull/55529
* https://github.com/nodejs/node/pull/55798
* https://github.com/nodejs/node/pull/55530

* module: simplify --inspect-brk handling

https://github.com/nodejs/node/pull/55679

* src: fix outdated js2c.cc references

https://github.com/nodejs/node/pull/56133

* crypto: include openssl/rand.h explicitly

https://github.com/nodejs/node/pull/55425

* build: use variable for crypto dep path

https://github.com/nodejs/node/pull/55928

* crypto: fix RSA_PKCS1_PADDING error message

https://github.com/nodejs/node/pull/55629

* build: use variable for simdutf path

https://github.com/nodejs/node/pull/56196

* test,crypto: make crypto tests work with BoringSSL

https://github.com/nodejs/node/pull/55491

* fix: suppress clang -Wdeprecated-declarations in libuv

https://github.com/libuv/libuv/pull/4486

* deps: update libuv to 1.49.1

https://github.com/nodejs/node/pull/55114

* test: make test-node-output-v8-warning more flexible

https://github.com/nodejs/node/pull/55401

* [v22.x] Revert "v8: enable maglev on supported architectures"

https://github.com/nodejs/node/pull/54384

* fix: potential WIN32_LEAN_AND_MEAN redefinition

https://github.com/c-ares/c-ares/pull/869

* deps: update nghttp2 to 1.64.0

https://github.com/nodejs/node/pull/55559

* src: provide workaround for container-overflow

https://github.com/nodejs/node/pull/55591

* build: use variable for simdutf path

https://github.com/nodejs/node/pull/56196

* chore: fixup patch indices

* fixup! module: simplify --inspect-brk handling

* lib: fix fs.readdir recursive async

https://github.com/nodejs/node/pull/56041

* lib: avoid excluding symlinks in recursive fs.readdir with filetypes

https://github.com/nodejs/node/pull/55714/

This doesn't currently play well with ASAR - this should be fixed in a follow up

* test: disable CJS permission test for config.main

This has diverged as a result of our revert of
src,lb: reducing C++ calls of esm legacy main resolve

* fixup! lib: fix fs.readdir recursive async

* deps: update libuv to 1.49.1

https://github.com/nodejs/node/pull/55114

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <[email protected]>

DEPS

@@ -4,7 +4,7 @@ vars = {
   'chromium_version':
     '134.0.6968.0',
   'node_version':
-    'v22.11.0',
+    'v22.13.1',
   'nan_version':
     'e14bdcd1f72d62bca1d541b66da43130384ec213',
   'squirrel.mac_version':

lib/node/asar-fs-wrapper.ts

@@ -24,6 +24,8 @@ const nextTick = (functionToCall: Function, args: any[] = []) => {
   process.nextTick(() => functionToCall(...args));
 };
 
+const binding = internalBinding('fs');
+
 // Cache asar archive objects.
 const cachedArchives = new Map<string, NodeJS.AsarArchive>();
 
@@ -705,7 +707,137 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
   };
 
   type ReaddirOptions = { encoding: BufferEncoding | null; withFileTypes?: false, recursive?: false } | undefined | null;
-  type ReaddirCallback = (err: NodeJS.ErrnoException | null, files: string[]) => void;
+  type ReaddirCallback = (err: NodeJS.ErrnoException | null, files?: string[]) => void;
+
+  const processReaddirResult = (args: any) => (args.context.withFileTypes ? handleDirents(args) : handleFilePaths(args));
+
+  function handleDirents ({ result, currentPath, context }: { result: any[], currentPath: string, context: any }) {
+    const length = result[0].length;
+    for (let i = 0; i < length; i++) {
+      const resultPath = path.join(currentPath, result[0][i]);
+      const info = splitPath(resultPath);
+
+      let type = result[1][i];
+      if (info.isAsar) {
+        const archive = getOrCreateArchive(info.asarPath);
+        if (!archive) return;
+        const stats = archive.stat(info.filePath);
+        if (!stats) continue;
+        type = stats.type;
+      }
+
+      const dirent = getDirent(currentPath, result[0][i], type);
+      const stat = internalBinding('fs').internalModuleStat(binding, resultPath);
+
+      context.readdirResults.push(dirent);
+      if (dirent.isDirectory() || stat === 1) {
+        context.pathsQueue.push(path.join(dirent.path, dirent.name));
+      }
+    }
+  }
+
+  function handleFilePaths ({ result, currentPath, context }: { result: string[], currentPath: string, context: any }) {
+    for (let i = 0; i < result.length; i++) {
+      const resultPath = path.join(currentPath, result[i]);
+      const relativeResultPath = path.relative(context.basePath, resultPath);
+      const stat = internalBinding('fs').internalModuleStat(binding, resultPath);
+      context.readdirResults.push(relativeResultPath);
+
+      if (stat === 1) {
+        context.pathsQueue.push(resultPath);
+      }
+    }
+  }
+
+  function readdirRecursive (basePath: string, options: ReaddirOptions, callback: ReaddirCallback) {
+    const context = {
+      withFileTypes: Boolean(options!.withFileTypes),
+      encoding: options!.encoding,
+      basePath,
+      readdirResults: [],
+      pathsQueue: [basePath]
+    };
+
+    let i = 0;
+
+    function read (pathArg: string) {
+      const req = new binding.FSReqCallback();
+      req.oncomplete = (err: any, result: string) => {
+        if (err) {
+          callback(err);
+          return;
+        }
+
+        if (result === undefined) {
+          callback(null, context.readdirResults);
+          return;
+        }
+
+        processReaddirResult({
+          result,
+          currentPath: pathArg,
+          context
+        });
+
+        if (i < context.pathsQueue.length) {
+          read(context.pathsQueue[i++]);
+        } else {
+          callback(null, context.readdirResults);
+        }
+      };
+
+      const pathInfo = splitPath(pathArg);
+      if (pathInfo.isAsar) {
+        let readdirResult;
+        const { asarPath, filePath } = pathInfo;
+
+        const archive = getOrCreateArchive(asarPath);
+        if (!archive) {
+          const error = createError(AsarError.INVALID_ARCHIVE, { asarPath });
+          nextTick(callback, [error]);
+          return;
+        }
+
+        readdirResult = archive.readdir(filePath);
+        if (!readdirResult) {
+          const error = createError(AsarError.NOT_FOUND, { asarPath, filePath });
+          nextTick(callback, [error]);
+          return;
+        }
+
+        // If we're in an asar dir, we need to ensure the result is in the same format as the
+        // native call to readdir withFileTypes i.e. an array of arrays.
+        if (context.withFileTypes) {
+          readdirResult = [
+            [...readdirResult], readdirResult.map((p: string) => {
+              return internalBinding('fs').internalModuleStat(binding, path.join(pathArg, p));
+            })
+          ];
+        }
+
+        processReaddirResult({
+          result: readdirResult,
+          currentPath: pathArg,
+          context
+        });
+
+        if (i < context.pathsQueue.length) {
+          read(context.pathsQueue[i++]);
+        } else {
+          callback(null, context.readdirResults);
+        }
+      } else {
+        binding.readdir(
+          pathArg,
+          context.encoding,
+          context.withFileTypes,
+          req
+        );
+      }
+    }
+
+    read(context.pathsQueue[i++]);
+  }
 
   const { readdir } = fs;
   fs.readdir = function (pathArgument: string, options: ReaddirOptions, callback: ReaddirCallback) {
@@ -720,7 +852,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
     }
 
     if (options?.recursive) {
-      nextTick(callback!, [null, readdirSyncRecursive(pathArgument, options)]);
+      readdirRecursive(pathArgument, options, callback);
       return;
     }
 
@@ -771,7 +903,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
     }
 
     if (options?.recursive) {
-      return readdirRecursive(pathArgument, options);
+      return readdirRecursivePromises(pathArgument, options);
     }
 
     const pathInfo = splitPath(pathArgument);
@@ -868,8 +1000,6 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
     return readPackageJSON(realPath, isESM, base, specifier);
   };
 
-  const binding = internalBinding('fs');
-
   const { internalModuleStat } = binding;
   internalBinding('fs').internalModuleStat = (receiver: unknown, pathArgument: string) => {
     const pathInfo = splitPath(pathArgument);
@@ -888,7 +1018,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
   };
 
   const { kUsePromises } = binding;
-  async function readdirRecursive (originalPath: string, options: ReaddirOptions) {
+  async function readdirRecursivePromises (originalPath: string, options: ReaddirOptions) {
     const result: any[] = [];
 
     const pathInfo = splitPath(originalPath);
@@ -992,11 +1122,13 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
   }
 
   function readdirSyncRecursive (basePath: string, options: ReaddirOptions) {
-    const withFileTypes = Boolean(options!.withFileTypes);
-    const encoding = options!.encoding;
-
-    const readdirResults: string[] = [];
-    const pathsQueue = [basePath];
+    const context = {
+      withFileTypes: Boolean(options!.withFileTypes),
+      encoding: options!.encoding,
+      basePath,
+      readdirResults: [] as any,
+      pathsQueue: [basePath]
+    };
 
     function read (pathArg: string) {
       let readdirResult;
@@ -1011,7 +1143,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
         if (!readdirResult) return;
         // If we're in an asar dir, we need to ensure the result is in the same format as the
         // native call to readdir withFileTypes i.e. an array of arrays.
-        if (withFileTypes) {
+        if (context.withFileTypes) {
           readdirResult = [
             [...readdirResult], readdirResult.map((p: string) => {
               return internalBinding('fs').internalModuleStat(binding, path.join(pathArg, p));
@@ -1021,52 +1153,27 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
       } else {
         readdirResult = binding.readdir(
           path.toNamespacedPath(pathArg),
-          encoding,
-          withFileTypes
+          context.encoding,
+          context.withFileTypes
         );
       }
 
-      if (readdirResult === undefined) return;
-
-      if (withFileTypes) {
-        const length = readdirResult[0].length;
-        for (let i = 0; i < length; i++) {
-          const resultPath = path.join(pathArg, readdirResult[0][i]);
-          const info = splitPath(resultPath);
-
-          let type = readdirResult[1][i];
-          if (info.isAsar) {
-            const archive = getOrCreateArchive(info.asarPath);
-            if (!archive) return;
-            const stats = archive.stat(info.filePath);
-            if (!stats) continue;
-            type = stats.type;
-          }
-
-          const dirent = getDirent(pathArg, readdirResult[0][i], type);
-
-          readdirResults.push(dirent);
-          if (dirent.isDirectory()) {
-            pathsQueue.push(path.join(dirent.path, dirent.name));
-          }
-        }
-      } else {
-        for (let i = 0; i < readdirResult.length; i++) {
-          const resultPath = path.join(pathArg, readdirResult[i]);
-          const relativeResultPath = path.relative(basePath, resultPath);
-          const stat = internalBinding('fs').internalModuleStat(binding, resultPath);
-
-          readdirResults.push(relativeResultPath);
-          if (stat === 1) pathsQueue.push(resultPath);
-        }
+      if (readdirResult === undefined) {
+        return;
       }
+
+      processReaddirResult({
+        result: readdirResult,
+        currentPath: pathArg,
+        context
+      });
     }
 
-    for (let i = 0; i < pathsQueue.length; i++) {
-      read(pathsQueue[i]);
+    for (let i = 0; i < context.pathsQueue.length; i++) {
+      read(context.pathsQueue[i]);
     }
 
-    return readdirResults;
+    return context.readdirResults;
   }
 
   // Calling mkdir for directory inside asar archive should throw ENOTDIR

patches/node/.patches

@@ -10,7 +10,6 @@ fix_handle_boringssl_and_openssl_incompatibilities.patch
 fix_crypto_tests_to_run_with_bssl.patch
 fix_account_for_debugger_agent_race_condition.patch
 fix_readbarrier_undefined_symbol_error_on_woa_arm64.patch
-fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch
 fix_serdes_test.patch
 feat_add_uv_loop_interrupt_on_io_change_option_to_uv_loop_configure.patch
 support_v8_sandboxed_pointers.patch
@@ -24,7 +23,6 @@ fix_do_not_resolve_electron_entrypoints.patch
 ci_ensure_node_tests_set_electron_run_as_node.patch
 fix_assert_module_in_the_renderer_process.patch
 fix_capture_embedder_exceptions_before_entering_v8.patch
-test_make_test-node-output-v8-warning_generic.patch
 fix_revert_src_lb_reducing_c_calls_of_esm_legacy_main_resolve.patch
 fix_remove_deprecated_errno_constants.patch
 build_enable_perfetto.patch
@@ -33,18 +31,15 @@ src_remove_dependency_on_wrapper-descriptor-based_cppheap.patch
 test_update_v8-stats_test_for_v8_12_6.patch
 src_do_not_use_soon-to-be-deprecated_v8_api.patch
 src_stop_using_deprecated_fields_of_fastapicallbackoptions.patch
-build_don_t_redefine_win32_lean_and_mean.patch
 build_compile_with_c_20_support.patch
 add_v8_taskpirority_to_foreground_task_runner_signature.patch
 cli_remove_deprecated_v8_flag.patch
 build_restore_clang_as_default_compiler_on_macos.patch
-fix_-wextra-semi_errors_in_nghttp2_helper_h.patch
 fix_remove_harmony-import-assertions_from_node_cc.patch
-win_almost_fix_race_detecting_esrch_in_uv_kill.patch
 chore_disable_deprecation_ftbfs_in_simdjson_header.patch
-src_provide_workaround_for_container-overflow.patch
 build_allow_unbundling_of_node_js_dependencies.patch
 test_use_static_method_names_in_call_stacks.patch
 build_use_third_party_simdutf.patch
 fix_remove_fastapitypedarray_usage.patch
 test_handle_explicit_resource_management_globals.patch
+linux_try_preadv64_pwritev64_before_preadv_pwritev_4683.patch

patches/node/build_add_gn_build_files.patch

@@ -21,28 +21,8 @@ index d6909b95886f4de3f0b953c2a2992f69066b7434..972955f9144aafcd3a3fe278b7aaad40
 +    cflags_c = [ "-Wdeprecated-literal-operator" ]
    }
  }
-diff --git a/deps/sqlite/unofficial.gni b/deps/sqlite/unofficial.gni
-index ebb3ffcd6d42b4c16b6865a91ccf4428cffe864b..00225afa1fb4205f1e02d9f185aeb97d642b3fd9 100644
---- a/deps/sqlite/unofficial.gni
-+++ b/deps/sqlite/unofficial.gni
-@@ -18,8 +18,14 @@ template("sqlite_gn_build") {
-     forward_variables_from(invoker, "*")
-     public_configs = [ ":sqlite_config" ]
-     sources = gypi_values.sqlite_sources
-+    cflags_c = [
-+      "-Wno-implicit-fallthrough",
-+      "-Wno-unreachable-code-break",
-+      "-Wno-unreachable-code-return",
-+      "-Wno-unreachable-code",
-+    ]
-     if (is_win) {
--      cflags_c = [
-+      cflags_c += [
-         "-Wno-sign-compare",
-         "-Wno-unused-but-set-variable",
-         "-Wno-unused-function",
 diff --git a/node.gni b/node.gni
-index 9dca810decebd75aab427e306b3cc37c80fb55c9..852f64fa9cfb50fe6e9ce7aa46be336d3196d5b8 100644
+index a2123cc6c6d21c53fafc8934203b3720393e7b11..245a43920c7baf000ba63192a84a4c3fd219be7d 100644
 --- a/node.gni
 +++ b/node.gni
 @@ -5,10 +5,10 @@
@@ -52,13 +32,13 @@ index 9dca810decebd75aab427e306b3cc37c80fb55c9..852f64fa9cfb50fe6e9ce7aa46be336d
 -  node_path = "//node"
 +  node_path = "//third_party/electron_node"
  
-   # The location of V8, use the one from node's deps by default.
+   # The location of V8 - use the one from node's deps by default.
 -  node_v8_path = "$node_path/deps/v8"
 +  node_v8_path = "//v8"
  
-   # The NODE_MODULE_VERSION defined in node_version.h.
-   node_module_version = exec_script("$node_path/tools/getmoduleversion.py", [], "value")
-@@ -38,7 +38,7 @@ declare_args() {
+   # The location of OpenSSL - use the one from node's deps by default.
+   node_openssl_path = "$node_path/deps/openssl"
+@@ -44,7 +44,7 @@ declare_args() {
    node_openssl_system_ca_path = ""
  
    # Initialize v8 platform during node.js startup.
@@ -67,15 +47,15 @@ index 9dca810decebd75aab427e306b3cc37c80fb55c9..852f64fa9cfb50fe6e9ce7aa46be336d
  
    # Custom build tag.
    node_tag = ""
-@@ -58,7 +58,16 @@ declare_args() {
+@@ -64,10 +64,16 @@ declare_args() {
    # TODO(zcbenz): There are few broken things for now:
    #   1. cross-os compilation is not supported.
    #   2. node_mksnapshot crashes when cross-compiling for x64 from arm64.
 -  node_use_node_snapshot = (host_os == target_os) && !(host_cpu == "arm64" && target_cpu == "x64")
 +  node_use_node_snapshot = false
-+
-+  # Build with Amaro (TypeScript utils).
-+  node_use_amaro = true
+ 
+   # Build with Amaro (TypeScript utils).
+   node_use_amaro = true
 +
 +  # Allows downstream packagers (eg. Linux distributions) to build against system shared libraries.
 +  use_system_cares = false
@@ -86,10 +66,10 @@ index 9dca810decebd75aab427e306b3cc37c80fb55c9..852f64fa9cfb50fe6e9ce7aa46be336d
  
  assert(!node_enable_inspector || node_use_openssl,
 diff --git a/src/node_builtins.cc b/src/node_builtins.cc
-index 1bec44f6f29b0b652e92d2bb336fdb74b85eee30..599b59873dbb17ae5e7463403859e088ffb86cda 100644
+index 9aaf5626fcfe4a9b168e069df0265df7b535b76e..ece9c4656919d8dc408112142367791628dd5f8b 100644
 --- a/src/node_builtins.cc
 +++ b/src/node_builtins.cc
-@@ -778,6 +778,7 @@ void BuiltinLoader::RegisterExternalReferences(
+@@ -779,6 +779,7 @@ void BuiltinLoader::RegisterExternalReferences(
    registry->Register(GetNatives);
  
    RegisterExternalReferencesForInternalizedBuiltinCode(registry);
@@ -98,11 +78,11 @@ index 1bec44f6f29b0b652e92d2bb336fdb74b85eee30..599b59873dbb17ae5e7463403859e088
  
  }  // namespace builtins
 diff --git a/src/node_builtins.h b/src/node_builtins.h
-index 1cb85b9058d06555382e565dc32192a9fa48ed9f..cec9be01abd107e8612f70daf19b4834e118ffcf 100644
+index a73de23a1debfdac66873e0baccf882e383bfc36..7ac5291be093773ee7efd39e77e01bf5d5ce5247 100644
 --- a/src/node_builtins.h
 +++ b/src/node_builtins.h
 @@ -74,6 +74,8 @@ using BuiltinCodeCacheMap =
- // Generated by tools/js2c.py as node_javascript.cc
+ // Generated by tools/js2c.cc as node_javascript.cc
  void RegisterExternalReferencesForInternalizedBuiltinCode(
      ExternalReferenceRegistry* registry);
 +void EmbedderRegisterExternalReferencesForInternalizedBuiltinCode(
@@ -110,32 +90,11 @@ index 1cb85b9058d06555382e565dc32192a9fa48ed9f..cec9be01abd107e8612f70daf19b4834
  
  // Handles compilation and caching of built-in JavaScript modules and
  // bootstrap scripts, whose source are bundled into the binary as static data.
-diff --git a/tools/generate_config_gypi.py b/tools/generate_config_gypi.py
-index 45b3ac5006140fb55aad0e6b78084b753a947a76..35cce2ea8fd85f21582962115ac455918d4c4553 100755
---- a/tools/generate_config_gypi.py
-+++ b/tools/generate_config_gypi.py
-@@ -21,7 +21,7 @@ import getnapibuildversion
- GN_RE = re.compile(r'(\w+)\s+=\s+(.*?)$', re.MULTILINE)
- 
- if sys.platform == 'win32':
--  GN = 'gn.exe'
-+  GN = 'gn.bat'
- else:
-   GN = 'gn'
- 
-@@ -65,6 +65,7 @@ def translate_config(out_dir, config, v8_config):
-           eval(config['node_builtin_shareable_builtins']),
-       'node_module_version': int(config['node_module_version']),
-       'node_use_openssl': config['node_use_openssl'],
-+      'node_use_amaro': config['node_use_amaro'],
-       'node_use_node_code_cache': config['node_use_node_code_cache'],
-       'node_use_node_snapshot': config['node_use_node_snapshot'],
-       'v8_enable_inspector':  # this is actually a node misnomer
 diff --git a/tools/install.py b/tools/install.py
-index bf54249b66c0d4e179deaae5a9fd55568e694fe0..31b94d2e4b532d3b8202b512e2d2f41d29a2a546 100755
+index 17515720ba9c85d533465365188021074a8d30f4..7232be863d517c8445059a57c5938c2cbdeaf81b 100755
 --- a/tools/install.py
 +++ b/tools/install.py
-@@ -285,6 +285,7 @@ def headers(options, action):
+@@ -291,6 +291,7 @@ def headers(options, action):
        'include/v8-promise.h',
        'include/v8-proxy.h',
        'include/v8-regexp.h',
@@ -302,22 +261,10 @@ index 65d0e1be42f0a85418491ebb548278cf431aa6a0..d4a31342f1c6107b029394c6e1d00a1d
    except Exception as e:
      print(str(e))
 diff --git a/unofficial.gni b/unofficial.gni
-index c3b311e4a7f5444b07d4d7028d4621806959804e..f6793b8bf22d6ac911a1977edaa881b6dbbe7ac7 100644
+index 9e496d99d7141bf42ef7374a3c676c7b333eeeab..3632d5bd21e277fcbd8d62dc65598a7f7c87f00e 100644
 --- a/unofficial.gni
 +++ b/unofficial.gni
-@@ -22,6 +22,11 @@ template("node_gn_build") {
-     } else {
-       defines += [ "HAVE_OPENSSL=0" ]
-     }
-+    if (node_use_amaro) {
-+      defines += [ "HAVE_AMARO=1" ]
-+    } else {
-+      defines += [ "HAVE_AMARO=0" ]
-+    }
-     if (node_use_v8_platform) {
-       defines += [ "NODE_USE_V8_PLATFORM=1" ]
-     } else {
-@@ -139,6 +144,7 @@ template("node_gn_build") {
+@@ -145,6 +145,7 @@ template("node_gn_build") {
      public_deps = [
        "deps/ada",
        "deps/uv",
@@ -325,15 +272,15 @@ index c3b311e4a7f5444b07d4d7028d4621806959804e..f6793b8bf22d6ac911a1977edaa881b6
        "deps/simdjson",
        "$node_v8_path",
      ]
-@@ -150,7 +156,6 @@ template("node_gn_build") {
+@@ -156,7 +157,6 @@ template("node_gn_build") {
        "deps/llhttp",
        "deps/nbytes",
        "deps/nghttp2",
 -      "deps/ngtcp2",
        "deps/postject",
-       "deps/simdutf",
        "deps/sqlite",
-@@ -159,7 +164,11 @@ template("node_gn_build") {
+       "deps/uvwasi",
+@@ -165,7 +165,11 @@ template("node_gn_build") {
        "$node_v8_path:v8_libplatform",
      ]
  
@@ -345,28 +292,24 @@ index c3b311e4a7f5444b07d4d7028d4621806959804e..f6793b8bf22d6ac911a1977edaa881b6
        "$target_gen_dir/node_javascript.cc",
      ] + gypi_values.node_sources
  
-@@ -178,8 +187,10 @@ template("node_gn_build") {
-       deps += [ "//third_party/icu" ]
+@@ -185,7 +189,7 @@ template("node_gn_build") {
      }
      if (node_use_openssl) {
--      deps += [ "deps/ncrypto" ]
--      public_deps += [ "deps/openssl" ]
-+      deps += [
-+        "deps/ncrypto",
-+        "//third_party/boringssl"
-+      ]
+       deps += [ "deps/ncrypto" ]
+-      public_deps += [ "$node_openssl_path" ]
++      public_deps += [ "//third_party/boringssl" ]
        sources += gypi_values.node_crypto_sources
      }
      if (node_enable_inspector) {
-@@ -276,6 +287,7 @@ template("node_gn_build") {
+@@ -282,6 +286,7 @@ template("node_gn_build") {
    }
  
    executable("node_js2c") {
 +    defines = []
      deps = [
-       "deps/simdutf",
        "deps/uv",
-@@ -286,26 +298,75 @@ template("node_gn_build") {
+       "$node_simdutf_path",
+@@ -292,26 +297,75 @@ template("node_gn_build") {
        "src/embedded_data.cc",
        "src/embedded_data.h",
      ]
@@ -452,7 +395,7 @@ index c3b311e4a7f5444b07d4d7028d4621806959804e..f6793b8bf22d6ac911a1977edaa881b6
      outputs = [ "$target_gen_dir/node_javascript.cc" ]
  
      # Get the path to node_js2c executable of the host toolchain.
-@@ -319,11 +380,11 @@ template("node_gn_build") {
+@@ -325,11 +379,11 @@ template("node_gn_build") {
          get_label_info(":node_js2c($host_toolchain)", "name") +
          host_executable_suffix
  

patches/node/build_allow_unbundling_of_node_js_dependencies.patch

@@ -14,10 +14,10 @@ We don't need to do this for zlib, as the existing gn workflow uses the same
 Upstreamed at https://github.com/nodejs/node/pull/55903
 
 diff --git a/unofficial.gni b/unofficial.gni
-index ddfbb97276b29df114ab455a2eed3b186b3af5d2..87bfc313dd1408e597e929ba93c8c0f52ae39ced 100644
+index 08a4ed939fb1482a897def94128282fdfd63dc62..23367db388ce9e83e123d4c6e8c6325266dd52dc 100644
 --- a/unofficial.gni
 +++ b/unofficial.gni
-@@ -152,7 +152,6 @@ template("node_gn_build") {
+@@ -153,7 +153,6 @@ template("node_gn_build") {
        ":run_node_js2c",
        "deps/cares",
        "deps/histogram",
@@ -25,7 +25,7 @@ index ddfbb97276b29df114ab455a2eed3b186b3af5d2..87bfc313dd1408e597e929ba93c8c0f5
        "deps/nbytes",
        "deps/nghttp2",
        "deps/postject",
-@@ -183,7 +182,17 @@ template("node_gn_build") {
+@@ -184,7 +183,17 @@ template("node_gn_build") {
        configs -= [ "//build/config/gcc:symbol_visibility_hidden" ]
        configs += [ "//build/config/gcc:symbol_visibility_default" ]
      }
@@ -44,7 +44,7 @@ index ddfbb97276b29df114ab455a2eed3b186b3af5d2..87bfc313dd1408e597e929ba93c8c0f5
      if (v8_enable_i18n_support) {
        deps += [ "//third_party/icu" ]
      }
-@@ -210,6 +219,19 @@ template("node_gn_build") {
+@@ -211,6 +220,19 @@ template("node_gn_build") {
        sources += node_inspector.node_inspector_sources +
                   node_inspector.node_inspector_generated_sources
      }

patches/node/build_compile_with_c_20_support.patch

@@ -10,7 +10,7 @@ V8 requires C++20 support as of https://chromium-review.googlesource.com/c/v8/v8
 This can be removed when Electron upgrades to a version of Node.js containing the required V8 version.
 
 diff --git a/common.gypi b/common.gypi
-index 34aaf439936c874bd4c8b7d4ffd69477abb40193..69d10c17ef3c5b0ce6173d1754a975df589d9b61 100644
+index 755bd203173a69564be203ad58c33eb50680b204..a7a0ffde7209de51ffcbf0db0ed7efcf09ad606d 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -518,7 +518,7 @@

patches/node/build_don_t_redefine_win32_lean_and_mean.patch

@@ -1,36 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <[email protected]>
-Date: Fri, 23 Aug 2024 16:50:19 +0200
-Subject: build: don't redefine WIN32_LEAN_AND_MEAN
-
-https://github.com/nodejs/node/pull/53722 added a new define for WIN32_LEAN_AND_MEAN
-without first checking to see if it was defined - other areas in c-ares do this so
-we should here as well. Compilation errors occur otherwise:
-
-../../third_party/electron_node/deps/cares/include\ares_build.h(168,11): error: 'WIN32_LEAN_AND_MEAN' macro redefined [-Werror,-Wmacro-redefined]
-  168 | #  define WIN32_LEAN_AND_MEAN
-      |           ^
-<command line>(25,9): note: previous definition is here
-   25 | #define WIN32_LEAN_AND_MEAN 1
-      |         ^
-1 error generated.
-[287 processes, 49437/51449 @ 48.5/s : 1018.562s] CC obj/third_party/electron_node/deps/cares/cares/ares__socket.obj
-FAILED: obj/third_party/electron_node/deps/cares/cares/ares__socket.obj
-
-This should be upstreamed.
-
-diff --git a/deps/cares/include/ares_build.h b/deps/cares/include/ares_build.h
-index 18a92606a817145302c73b5081b4c989799bc620..bafd26d9210d2347fec41f028e9e65088b83c48c 100644
---- a/deps/cares/include/ares_build.h
-+++ b/deps/cares/include/ares_build.h
-@@ -165,7 +165,9 @@
- #  define CARES_TYPEOF_ARES_SOCKLEN_T int
- 
- #elif defined(_WIN32)
--#  define WIN32_LEAN_AND_MEAN
-+#  ifndef WIN32_LEAN_AND_MEAN
-+#    define WIN32_LEAN_AND_MEAN
-+#  endif
- #  define CARES_TYPEOF_ARES_SOCKLEN_T int
- #  define CARES_HAVE_WINDOWS_H          1
- #  define CARES_HAVE_SYS_TYPES_H        1

patches/node/build_enable_perfetto.patch

@@ -64,7 +64,7 @@ index 251f51ec454f9cba4023b8b6729241ee753aac13..1de8cac6e3953ce9cab9db03530da327
  
  module.exports = {
 diff --git a/node.gyp b/node.gyp
-index 11474953b186c7b3ec2edb0539f34572e6c551b7..eeaaef8a06cdc2d17e89f9c719f9922e6e04ce92 100644
+index b21cfbf2fad024445e8d1ef8a6781141f788eb1a..55c6e01d9e879ce63524ec1504f8a23e00a2aa29 100644
 --- a/node.gyp
 +++ b/node.gyp
 @@ -174,7 +174,6 @@

patches/node/build_ensure_native_module_compilation_fails_if_not_using_a_new.patch

@@ -7,7 +7,7 @@ Subject: build: ensure native module compilation fails if not using a new
 This should not be upstreamed, it is a quality-of-life patch for downstream module builders.
 
 diff --git a/common.gypi b/common.gypi
-index cfb1fd6b53715dd2a39ab58b6a3bee0d8aef12bc..34aaf439936c874bd4c8b7d4ffd69477abb40193 100644
+index 5d74876ab28f8c10bb9543f7652478514414d8d2..755bd203173a69564be203ad58c33eb50680b204 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -86,6 +86,8 @@
@@ -40,10 +40,10 @@ index cfb1fd6b53715dd2a39ab58b6a3bee0d8aef12bc..34aaf439936c874bd4c8b7d4ffd69477
        # list in v8/BUILD.gn.
        ['v8_enable_v8_checks == 1', {
 diff --git a/configure.py b/configure.py
-index c4653f37f5a69b7cdbd6e4c32e0717ab40a00994..88db584318a4b0f95539baf1d0895d6039fb25ca 100755
+index 712ed40f77e54d52d5b3c52bb68e2b7d48879812..6bcb7450975636b5dbc689470663ee37903874d5 100755
 --- a/configure.py
 +++ b/configure.py
-@@ -1634,6 +1634,7 @@ def configure_library(lib, output, pkgname=None):
+@@ -1644,6 +1644,7 @@ def configure_library(lib, output, pkgname=None):
  def configure_v8(o, configs):
    set_configuration_variable(configs, 'v8_enable_v8_checks', release=1, debug=0)
  
@@ -52,7 +52,7 @@ index c4653f37f5a69b7cdbd6e4c32e0717ab40a00994..88db584318a4b0f95539baf1d0895d60
    o['variables']['v8_enable_javascript_promise_hooks'] = 1
    o['variables']['v8_enable_lite_mode'] = 1 if options.v8_lite_mode else 0
 diff --git a/src/node.h b/src/node.h
-index 0fec9477fd0f2a3c2aa68284131c510b0da0e025..c16204ad2a4787eeffe61eedda254d3a5509df8c 100644
+index e730bde9162df23ae0c0d52cfa594c1d7c4db28b..00de9a76d515290eba05aacada0942e611e11b22 100644
 --- a/src/node.h
 +++ b/src/node.h
 @@ -22,6 +22,12 @@

patches/node/build_modify_js2c_py_to_allow_injection_of_original-fs_and_custom_embedder_js.patch

@@ -10,7 +10,7 @@ JS errors and ensures embedder JS is loaded via LoadEmbedderJavaScriptSource.
 That method is generated by our modifications to js2c.cc in the BUILD.gn patch
 
 diff --git a/lib/internal/fs/watchers.js b/lib/internal/fs/watchers.js
-index f5ecc15159f457cd0b8069c0427b7c758c916c4e..c9ce67391f321989b0af48159b4da3ab8ffc3e65 100644
+index 411eab8136d5957ae8a491bc38ffbdc88e59f5da..63c93b5be09692d0d4b6bfbb214b173b50ccca43 100644
 --- a/lib/internal/fs/watchers.js
 +++ b/lib/internal/fs/watchers.js
 @@ -292,12 +292,13 @@ function emitCloseNT(self) {
@@ -34,7 +34,7 @@ index f5ecc15159f457cd0b8069c0427b7c758c916c4e..c9ce67391f321989b0af48159b4da3ab
  let kResistStopPropagation;
  
 diff --git a/src/node_builtins.cc b/src/node_builtins.cc
-index 599b59873dbb17ae5e7463403859e088ffb86cda..d23cb087de5cb3cd02ef0542fd2f34207f967ad2 100644
+index ece9c4656919d8dc408112142367791628dd5f8b..c6a5f8cab45e9c3503ae1bb576cf94b4ca817e2a 100644
 --- a/src/node_builtins.cc
 +++ b/src/node_builtins.cc
 @@ -34,6 +34,7 @@ using v8::Value;
@@ -46,12 +46,12 @@ index 599b59873dbb17ae5e7463403859e088ffb86cda..d23cb087de5cb3cd02ef0542fd2f3420
    AddExternalizedBuiltin(
        "internal/deps/cjs-module-lexer/lexer",
 diff --git a/src/node_builtins.h b/src/node_builtins.h
-index cec9be01abd107e8612f70daf19b4834e118ffcf..3d9c6b962423555257bad4ebaad9ebd821d00042 100644
+index 7ac5291be093773ee7efd39e77e01bf5d5ce5247..c3c987d535285be84026ad0c633650bd2067d22d 100644
 --- a/src/node_builtins.h
 +++ b/src/node_builtins.h
 @@ -138,6 +138,7 @@ class NODE_EXTERN_PRIVATE BuiltinLoader {
  
-   // Generated by tools/js2c.py as node_javascript.cc
+   // Generated by tools/js2c.cc as node_javascript.cc
    void LoadJavaScriptSource();  // Loads data into source_
 +  void LoadEmbedderJavaScriptSource();  // Loads embedder data into source_
    UnionBytes GetConfig();       // Return data for config.gypi

patches/node/build_restore_clang_as_default_compiler_on_macos.patch

@@ -11,7 +11,7 @@ node-gyp will use the result of `process.config` that reflects the environment
 in which the binary got built.
 
 diff --git a/common.gypi b/common.gypi
-index 69d10c17ef3c5b0ce6173d1754a975df589d9b61..2e3a04e90a6bb32b3437780502cf45a7acad75c0 100644
+index a7a0ffde7209de51ffcbf0db0ed7efcf09ad606d..20fd68eeb878b51f361d72070d87338db3d9a8d4 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -125,6 +125,7 @@

patches/node/build_use_third_party_simdutf.patch

@@ -6,46 +6,15 @@ Subject: build: use third_party/simdutf
 use the Chromium version of simdutf to avoid duplicate symbols
 
 diff --git a/node.gni b/node.gni
-index 461bff93e151c454cd0a9575daa01d3f7c0ec9c3..a1eab549b8686c24399f5206f9b611bcbce3d470 100644
+index 56a554175b805c1703f13d62041f8c80d6e94dd9..203b4abbc44df9e58083c819f61f9025104abdc6 100644
 --- a/node.gni
 +++ b/node.gni
-@@ -12,6 +12,8 @@ declare_args() {
- 
-   node_crypto_path = "//third_party/boringssl"
+@@ -14,7 +14,7 @@ declare_args() {
+   node_openssl_path = "//third_party/boringssl"
  
+   # The location of simdutf - use the one from node's deps by default.
+-  node_simdutf_path = "$node_path/deps/simdutf"
 +  node_simdutf_path = "//third_party/simdutf"
-+
+ 
    # The NODE_MODULE_VERSION defined in node_version.h.
    node_module_version = exec_script("$node_path/tools/getmoduleversion.py", [], "value")
- 
-diff --git a/unofficial.gni b/unofficial.gni
-index 87bfc313dd1408e597e929ba93c8c0f52ae39ced..4ef97ab65bdfacca4d6dbbc603da0218214b039d 100644
---- a/unofficial.gni
-+++ b/unofficial.gni
-@@ -155,7 +155,7 @@ template("node_gn_build") {
-       "deps/nbytes",
-       "deps/nghttp2",
-       "deps/postject",
--      "deps/simdutf",
-+      "$node_simdutf_path",
-       "deps/sqlite",
-       "deps/uvwasi",
-       "//third_party/zlib",
-@@ -310,7 +310,7 @@ template("node_gn_build") {
-   executable("node_js2c") {
-     defines = []
-     deps = [
--      "deps/simdutf",
-+      "$node_simdutf_path",
-       "deps/uv",
-     ]
-     sources = [
-@@ -417,7 +417,7 @@ template("node_gn_build") {
-       "deps/googletest",
-       "deps/googletest:gtest_main",
-       "deps/nbytes",
--      "deps/simdutf",
-+      "$node_simdutf_path",
-     ]
- 
-     sources = gypi_values.node_cctest_sources

patches/node/chore_allow_the_node_entrypoint_to_be_a_builtin_module.patch

@@ -8,30 +8,30 @@ they use themselves as the entry point. We should try to upstream some form
 of this.
 
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index ad8d41a06bde1ca22d0245fa49143e080365b5e1..69d7743767d025453e43d99b32235700d8122c9a 100644
+index ccd038dc136480cdd84a13e58f4012b71cd40928..5be90bc3df67751b55e67a05ac1c5b9a12d9c585 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
-@@ -1518,6 +1518,13 @@ Module.prototype._compile = function(content, filename, format) {
-   if (getOptionValue('--inspect-brk') && process._eval == null) {
-     if (!resolvedArgv) {
-       // We enter the repl if we're not given a filename argument.
-+      // process._firstFileName is used by Embedders to tell node what
-+      // the first "real" file is when they use themselves as the entry
-+      // point
-+      if (process._firstFileName) {
-+        resolvedArgv = process._firstFileName
-+        delete process._firstFileName
-+      } else
-       if (process.argv[1]) {
-         try {
-           resolvedArgv = Module._resolveFilename(process.argv[1], null, false);
+@@ -1563,6 +1563,13 @@ Module.prototype._compile = function(content, filename, format) {
+   this[kIsExecuting] = true;
+   if (this[kIsMainSymbol] && getOptionValue('--inspect-brk')) {
+     const { callAndPauseOnStart } = internalBinding('inspector');
++    // process._firstFileName is used by Embedders to tell node what
++    // the first "real" file is when they use themselves as the entry
++    // point
++    if (process._firstFileName) {
++      resolvedArgv = process._firstFileName;
++      delete process._firstFileName;
++    }
+     result = callAndPauseOnStart(compiledWrapper, thisValue, exports,
+                                  require, module, filename, dirname,
+                                  process, localGlobal, localBuffer);
 diff --git a/lib/internal/process/pre_execution.js b/lib/internal/process/pre_execution.js
-index 848ff7f142fc700dd3b4b7a6b14d3c537e0fd280..be3018296dd3c63a930328fa9cb1d902cc779b89 100644
+index 5d67892bb8e1fd265df414b3f41e62cdabbec873..89660076c41e1c05b26c17609a62a028c1e2ec5a 100644
 --- a/lib/internal/process/pre_execution.js
 +++ b/lib/internal/process/pre_execution.js
-@@ -245,12 +245,14 @@ function patchProcessObject(expandArgv1) {
-   if (expandArgv1 && process.argv[1] &&
-       !StringPrototypeStartsWith(process.argv[1], '-')) {
+@@ -243,12 +243,14 @@ function patchProcessObject(expandArgv1) {
+   // the entry point.
+   if (expandArgv1 && process.argv[1] && process.argv[1][0] !== '-') {
      // Expand process.argv[1] into a full path.
 -    const path = require('path');
 -    try {

patches/node/chore_disable_deprecation_ftbfs_in_simdjson_header.patch

@@ -11,10 +11,10 @@ Without this patch, building with simdjson fails with
 This patch can be removed once this is fixed upstream in simdjson.
 
 diff --git a/deps/simdjson/simdjson.h b/deps/simdjson/simdjson.h
-index ddb6f2e4e0a6edd23d5e16db07bc4bb18974d4aa..533dfea4d5fd3c7f6f7fdf0ea525479b11634fd3 100644
+index f21cd9381eef59ec43502c796fcaddb1b96525f5..e691fd24aa24d225f8c00fa5638be07265bfeeab 100644
 --- a/deps/simdjson/simdjson.h
 +++ b/deps/simdjson/simdjson.h
-@@ -3650,12 +3650,17 @@ inline std::ostream& operator<<(std::ostream& out, simdjson_result<padded_string
+@@ -3654,12 +3654,17 @@ inline std::ostream& operator<<(std::ostream& out, simdjson_result<padded_string
  
  } // namespace simdjson
  
@@ -32,7 +32,7 @@ index ddb6f2e4e0a6edd23d5e16db07bc4bb18974d4aa..533dfea4d5fd3c7f6f7fdf0ea525479b
  namespace simdjson {
  namespace internal {
  
-@@ -4033,6 +4038,9 @@ inline simdjson_result<padded_string> padded_string::load(std::string_view filen
+@@ -4037,6 +4042,9 @@ inline simdjson_result<padded_string> padded_string::load(std::string_view filen
  
  } // namespace simdjson
  
@@ -42,7 +42,7 @@ index ddb6f2e4e0a6edd23d5e16db07bc4bb18974d4aa..533dfea4d5fd3c7f6f7fdf0ea525479b
  inline simdjson::padded_string operator "" _padded(const char *str, size_t len) {
    return simdjson::padded_string(str, len);
  }
-@@ -4041,6 +4049,8 @@ inline simdjson::padded_string operator "" _padded(const char8_t *str, size_t le
+@@ -4045,6 +4053,8 @@ inline simdjson::padded_string operator "" _padded(const char8_t *str, size_t le
    return simdjson::padded_string(reinterpret_cast<const char8_t *>(str), len);
  }
  #endif
@@ -51,7 +51,7 @@ index ddb6f2e4e0a6edd23d5e16db07bc4bb18974d4aa..533dfea4d5fd3c7f6f7fdf0ea525479b
  #endif // SIMDJSON_PADDED_STRING_INL_H
  /* end file simdjson/padded_string-inl.h */
  /* skipped duplicate #include "simdjson/padded_string_view.h" */
-@@ -118280,4 +118290,4 @@ namespace simdjson {
+@@ -118292,4 +118302,4 @@ namespace simdjson {
  /* end file simdjson/ondemand.h */
  
  #endif // SIMDJSON_H

patches/node/chore_expose_importmoduledynamically_and.patch

@@ -11,7 +11,7 @@ its own blended handler between Node and Blink.
 Not upstreamable.
 
 diff --git a/lib/internal/modules/esm/utils.js b/lib/internal/modules/esm/utils.js
-index 2799af0f8dd4923ef5ccd372922ea39a66f93470..3012ea1da2db6b22dc6c6a1cac12ec4c5b44487a 100644
+index 99061e62976e7cb24be81e8632b0e21d1e9adf9a..bbc9311c059e8ab0328c5f92b21a6be57620717e 100644
 --- a/lib/internal/modules/esm/utils.js
 +++ b/lib/internal/modules/esm/utils.js
 @@ -30,7 +30,7 @@ const {
@@ -23,7 +23,7 @@ index 2799af0f8dd4923ef5ccd372922ea39a66f93470..3012ea1da2db6b22dc6c6a1cac12ec4c
  const {
    loadPreloadModules,
    initializeFrozenIntrinsics,
-@@ -276,12 +276,13 @@ let _forceDefaultLoader = false;
+@@ -274,12 +274,13 @@ let _forceDefaultLoader = false;
   * @param {boolean} [forceDefaultLoader=false] - A boolean indicating disabling custom loaders.
   */
  function initializeESM(forceDefaultLoader = false) {
@@ -40,10 +40,10 @@ index 2799af0f8dd4923ef5ccd372922ea39a66f93470..3012ea1da2db6b22dc6c6a1cac12ec4c
  
  /**
 diff --git a/src/module_wrap.cc b/src/module_wrap.cc
-index e2252639cf45184b72ebe669f7603bd5e6d92b9a..05353281c0a773d5cf5585cb1698126e17f677a0 100644
+index 8be6dbd1d0262ccbb2318de1d98e344e9b21a510..1509fc54fe9767e101b107509b4b2d6c821ce95d 100644
 --- a/src/module_wrap.cc
 +++ b/src/module_wrap.cc
-@@ -813,7 +813,7 @@ MaybeLocal<Module> ModuleWrap::ResolveModuleCallback(
+@@ -823,7 +823,7 @@ MaybeLocal<Module> ModuleWrap::ResolveModuleCallback(
    return module->module_.Get(isolate);
  }
  
@@ -52,7 +52,7 @@ index e2252639cf45184b72ebe669f7603bd5e6d92b9a..05353281c0a773d5cf5585cb1698126e
      Local<Context> context,
      Local<v8::Data> host_defined_options,
      Local<Value> resource_name,
-@@ -878,12 +878,13 @@ void ModuleWrap::SetImportModuleDynamicallyCallback(
+@@ -888,12 +888,13 @@ void ModuleWrap::SetImportModuleDynamicallyCallback(
    Realm* realm = Realm::GetCurrent(args);
    HandleScope handle_scope(isolate);
  
@@ -68,7 +68,7 @@ index e2252639cf45184b72ebe669f7603bd5e6d92b9a..05353281c0a773d5cf5585cb1698126e
  }
  
  void ModuleWrap::HostInitializeImportMetaObjectCallback(
-@@ -925,13 +926,14 @@ void ModuleWrap::SetInitializeImportMetaObjectCallback(
+@@ -935,13 +936,14 @@ void ModuleWrap::SetInitializeImportMetaObjectCallback(
    Realm* realm = Realm::GetCurrent(args);
    Isolate* isolate = realm->isolate();
  

patches/node/cli_remove_deprecated_v8_flag.patch

@@ -18,10 +18,10 @@ Reviewed-By: Michaël Zasso <[email protected]>
 Reviewed-By: Yagiz Nizipli <[email protected]>
 
 diff --git a/doc/api/cli.md b/doc/api/cli.md
-index 62d3d37a061f787babe44649143d45010ce90011..1f614cabf0f31d7adff9dd7a039ca591d805d3bd 100644
+index 770d2ca4fcf003352c2c12815ac885a7a5e67b7f..4af66f690e626b0159a88d58f6ee81391573ebab 100644
 --- a/doc/api/cli.md
 +++ b/doc/api/cli.md
-@@ -3177,7 +3177,6 @@ V8 options that are allowed are:
+@@ -3232,7 +3232,6 @@ V8 options that are allowed are:
  * `--disallow-code-generation-from-strings`
  * `--enable-etw-stack-walking`
  * `--expose-gc`
@@ -30,10 +30,10 @@ index 62d3d37a061f787babe44649143d45010ce90011..1f614cabf0f31d7adff9dd7a039ca591
  * `--jitless`
  * `--max-old-space-size`
 diff --git a/src/node_options.cc b/src/node_options.cc
-index 6f9a8d3e0884bc6e356413f2f39522a7109c86b5..ccf740bfd631aca608244b6b3998177ca5f47f75 100644
+index ec419cf96a14989338e3261b85c92b81ba8b50d9..5a4d536ff0d090fa6b43ea4cbd403d4aa23171c1 100644
 --- a/src/node_options.cc
 +++ b/src/node_options.cc
-@@ -929,11 +929,6 @@ PerIsolateOptionsParser::PerIsolateOptionsParser(
+@@ -970,11 +970,6 @@ PerIsolateOptionsParser::PerIsolateOptionsParser(
              "disallow eval and friends",
              V8Option{},
              kAllowedInEnvvar);

patches/node/enable_crashpad_linux_node_processes.patch

@@ -8,7 +8,7 @@ to child processes spawned with `ELECTRON_RUN_AS_NODE` which is used
 by the crashpad client to connect with the handler process.
 
 diff --git a/lib/child_process.js b/lib/child_process.js
-index 51fc6fe995d3cf8c70ad7bc3cecf1cc00f190b08..012ad108f44b73346d19d927afc78b57c18b7718 100644
+index bb27670112c1ea42c7ff00883fe4b684544d9cd4..4d4da798ce59ce42e42d1f05fccf07699c033d46 100644
 --- a/lib/child_process.js
 +++ b/lib/child_process.js
 @@ -61,6 +61,7 @@ let debug = require('internal/util/debuglog').debuglog(
@@ -27,7 +27,7 @@ index 51fc6fe995d3cf8c70ad7bc3cecf1cc00f190b08..012ad108f44b73346d19d927afc78b57
    args = [...execArgv, modulePath, ...args];
  
    if (typeof options.stdio === 'string') {
-@@ -615,6 +615,22 @@ function normalizeSpawnArguments(file, args, options) {
+@@ -609,6 +609,22 @@ function normalizeSpawnArguments(file, args, options) {
                      'options.windowsVerbatimArguments');
    }
  
@@ -50,7 +50,7 @@ index 51fc6fe995d3cf8c70ad7bc3cecf1cc00f190b08..012ad108f44b73346d19d927afc78b57
    if (options.shell) {
      validateArgumentNullCheck(options.shell, 'options.shell');
      const command = ArrayPrototypeJoin([file, ...args], ' ');
-@@ -648,7 +664,6 @@ function normalizeSpawnArguments(file, args, options) {
+@@ -642,7 +658,6 @@ function normalizeSpawnArguments(file, args, options) {
      ArrayPrototypeUnshift(args, file);
    }
  

patches/node/feat_add_uv_loop_interrupt_on_io_change_option_to_uv_loop_configure.patch

@@ -6,10 +6,10 @@ Subject: feat: add UV_LOOP_INTERRUPT_ON_IO_CHANGE option to uv_loop_configure
 https://github.com/libuv/libuv/pull/3308
 
 diff --git a/deps/uv/docs/src/loop.rst b/deps/uv/docs/src/loop.rst
-index 0f5ddfb3ca21b7e5b38d0a4ce4b9e77387597199..ba815202fb157aa82859ec0518523cf6f2ec6ba1 100644
+index d1f41e1c9f44838410326df23b1b175fa16ba199..dcf69093469b611a6f9db2bb84530456bc543301 100644
 --- a/deps/uv/docs/src/loop.rst
 +++ b/deps/uv/docs/src/loop.rst
-@@ -73,7 +73,15 @@ API
+@@ -86,6 +86,12 @@ API
  
        This option is necessary to use :c:func:`uv_metrics_idle_time`.
  
@@ -19,26 +19,21 @@ index 0f5ddfb3ca21b7e5b38d0a4ce4b9e77387597199..ba815202fb157aa82859ec0518523cf6
 +      This option is usually when implementing event loop integration, to make
 +      the polling of backend fd interrupt to recognize the changes of IO events.
 +
-     .. versionchanged:: 1.39.0 added the UV_METRICS_IDLE_TIME option.
-+    .. versionchanged:: 1.43.0 added the UV_LOOP_INTERRUPT_ON_IO_CHANGE option.
-+
- 
- .. c:function:: int uv_loop_close(uv_loop_t* loop)
+     - UV_LOOP_ENABLE_IO_URING_SQPOLL: Enable SQPOLL io_uring instance to handle
+       asynchronous file system operations.
  
 diff --git a/deps/uv/include/uv.h b/deps/uv/include/uv.h
-index a62b3fa69b1087847f37c7093954e19a07959b74..7f48b7daa87d1a5b14bc6f641b60f21263fa5ec3 100644
+index 9e450c5110fe57117b686bf683cc6631f37efaeb..f75a496071ac3396cbc6dec819eaab7294609deb 100644
 --- a/deps/uv/include/uv.h
 +++ b/deps/uv/include/uv.h
-@@ -260,7 +260,8 @@ typedef struct uv_metrics_s uv_metrics_t;
- 
+@@ -261,6 +261,7 @@ typedef struct uv_metrics_s uv_metrics_t;
  typedef enum {
    UV_LOOP_BLOCK_SIGNAL = 0,
--  UV_METRICS_IDLE_TIME
-+  UV_METRICS_IDLE_TIME,
-+  UV_LOOP_INTERRUPT_ON_IO_CHANGE
+   UV_METRICS_IDLE_TIME,
++  UV_LOOP_INTERRUPT_ON_IO_CHANGE,
+   UV_LOOP_USE_IO_URING_SQPOLL
+ #define UV_LOOP_USE_IO_URING_SQPOLL UV_LOOP_USE_IO_URING_SQPOLL
  } uv_loop_option;
- 
- typedef enum {
 diff --git a/deps/uv/src/unix/async.c b/deps/uv/src/unix/async.c
 index 0ff2669e30a628dbb2df9e28ba14b38cf14114e5..117190ef26338944b78dbed7380c631de8057223 100644
 --- a/deps/uv/src/unix/async.c
@@ -101,10 +96,10 @@ index 0ff2669e30a628dbb2df9e28ba14b38cf14114e5..117190ef26338944b78dbed7380c631d
  static int uv__async_start(uv_loop_t* loop) {
    int pipefd[2];
 diff --git a/deps/uv/src/unix/core.c b/deps/uv/src/unix/core.c
-index 965e7f775250cf9899266bc3aaf62eda69367264..45b3dec662b093a61af356e431416530b35343d2 100644
+index 0c52ccf2ad7b2dcae77a7bc4b3af9d1a1346ce18..13cd33a7d3031c5e19c9418a18217d1e4158c82e 100644
 --- a/deps/uv/src/unix/core.c
 +++ b/deps/uv/src/unix/core.c
-@@ -927,6 +927,9 @@ void uv__io_start(uv_loop_t* loop, uv__io_t* w, unsigned int events) {
+@@ -937,6 +937,9 @@ void uv__io_start(uv_loop_t* loop, uv__io_t* w, unsigned int events) {
      loop->watchers[w->fd] = w;
      loop->nfds++;
    }
@@ -114,7 +109,7 @@ index 965e7f775250cf9899266bc3aaf62eda69367264..45b3dec662b093a61af356e431416530
  }
  
  
-@@ -958,6 +961,9 @@ void uv__io_stop(uv_loop_t* loop, uv__io_t* w, unsigned int events) {
+@@ -968,6 +971,9 @@ void uv__io_stop(uv_loop_t* loop, uv__io_t* w, unsigned int events) {
    }
    else if (uv__queue_empty(&w->watcher_queue))
      uv__queue_insert_tail(&loop->watcher_queue, &w->watcher_queue);
@@ -124,7 +119,7 @@ index 965e7f775250cf9899266bc3aaf62eda69367264..45b3dec662b093a61af356e431416530
  }
  
  
-@@ -974,6 +980,9 @@ void uv__io_close(uv_loop_t* loop, uv__io_t* w) {
+@@ -984,6 +990,9 @@ void uv__io_close(uv_loop_t* loop, uv__io_t* w) {
  void uv__io_feed(uv_loop_t* loop, uv__io_t* w) {
    if (uv__queue_empty(&w->pending_queue))
      uv__queue_insert_tail(&loop->pending_queue, &w->pending_queue);
@@ -135,22 +130,21 @@ index 965e7f775250cf9899266bc3aaf62eda69367264..45b3dec662b093a61af356e431416530
  
  
 diff --git a/deps/uv/src/unix/loop.c b/deps/uv/src/unix/loop.c
-index a9468e8e19cbede795032980c47eb83aee1e0c68..2d28cf48efc3718de19b901b7e08b8a857d20740 100644
+index 179ee999d8052e779dc692aeb5b673d210aaa997..03cca2c491015e5ef958f61a0167d29dfc56e247 100644
 --- a/deps/uv/src/unix/loop.c
 +++ b/deps/uv/src/unix/loop.c
-@@ -217,6 +217,11 @@ int uv__loop_configure(uv_loop_t* loop, uv_loop_option option, va_list ap) {
-     return 0;
+@@ -224,6 +224,10 @@ int uv__loop_configure(uv_loop_t* loop, uv_loop_option option, va_list ap) {
    }
+ #endif
  
 +  if (option == UV_LOOP_INTERRUPT_ON_IO_CHANGE) {
 +    lfields->flags |= UV_LOOP_INTERRUPT_ON_IO_CHANGE;
 +    return 0;
 +  }
-+
+ 
    if (option != UV_LOOP_BLOCK_SIGNAL)
      return UV_ENOSYS;
- 
-@@ -226,3 +231,40 @@ int uv__loop_configure(uv_loop_t* loop, uv_loop_option option, va_list ap) {
+@@ -234,3 +238,40 @@ int uv__loop_configure(uv_loop_t* loop, uv_loop_option option, va_list ap) {
    loop->flags |= UV_LOOP_BLOCK_SIGPROF;
    return 0;
  }
@@ -192,7 +186,7 @@ index a9468e8e19cbede795032980c47eb83aee1e0c68..2d28cf48efc3718de19b901b7e08b8a8
 +  abort();
 +}
 diff --git a/deps/uv/src/uv-common.h b/deps/uv/src/uv-common.h
-index cd57e5a35153d0557351b60cce0c5be7a4468b60..660caef30b1637b8009de5e55ee34f48d17e4dd0 100644
+index 4baede2e506ee1787d554a0ec75bc9eb346fc8f2..385d4f420b50bfd2dc23f119d535c0442a3ce4e7 100644
 --- a/deps/uv/src/uv-common.h
 +++ b/deps/uv/src/uv-common.h
 @@ -144,6 +144,8 @@ int uv__loop_configure(uv_loop_t* loop, uv_loop_option option, va_list ap);
@@ -465,10 +459,10 @@ index 6e9917239aa5626dd56fffd6eb2469d3e63224bf..b0da9d1cddc69428e9fb3379d1338cf8
    MAKE_VALGRIND_HAPPY(loop);
    return 0;
 diff --git a/deps/uv/test/test-list.h b/deps/uv/test/test-list.h
-index d30f02faa8515ca3a995490d53f2e85fda11c6a2..a392f5e3d701b0d973db2bbc6553977ce55a8775 100644
+index e07bd61ecf73c122a553d5d8232a7478980751a5..21cf8c09edac15ba5ea010d54d3e158e0d1b7e5b 100644
 --- a/deps/uv/test/test-list.h
 +++ b/deps/uv/test/test-list.h
-@@ -276,6 +276,7 @@ TEST_DECLARE   (process_priority)
+@@ -279,6 +279,7 @@ TEST_DECLARE   (process_priority)
  TEST_DECLARE   (has_ref)
  TEST_DECLARE   (active)
  TEST_DECLARE   (embed)
@@ -476,7 +470,7 @@ index d30f02faa8515ca3a995490d53f2e85fda11c6a2..a392f5e3d701b0d973db2bbc6553977c
  TEST_DECLARE   (async)
  TEST_DECLARE   (async_null_cb)
  TEST_DECLARE   (eintr_handling)
-@@ -906,6 +907,7 @@ TASK_LIST_START
+@@ -919,6 +920,7 @@ TASK_LIST_START
    TEST_ENTRY  (active)
  
    TEST_ENTRY  (embed)

patches/node/fix_-wextra-semi_errors_in_nghttp2_helper_h.patch

@@ -1,60 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <[email protected]>
-Date: Wed, 16 Oct 2024 16:09:37 +0200
-Subject: fix: -Wextra-semi errors in nghttp2_helper.h
-
-Introduced in https://github.com/nodejs/node/pull/52966
-
-Upstreamed in https://github.com/nghttp2/nghttp2/pull/2258
-
-diff --git a/deps/nghttp2/lib/nghttp2_helper.h b/deps/nghttp2/lib/nghttp2_helper.h
-index 89b0d4f535db795cd1df582475c02b2f4d1ac98f..f5de6290dab0e17ae3aff10230dd8ad7414f9631 100644
---- a/deps/nghttp2/lib/nghttp2_helper.h
-+++ b/deps/nghttp2/lib/nghttp2_helper.h
-@@ -38,28 +38,28 @@
- #define nghttp2_max_def(SUFFIX, T)                                             \
-   static inline T nghttp2_max_##SUFFIX(T a, T b) { return a < b ? b : a; }
- 
--nghttp2_max_def(int8, int8_t);
--nghttp2_max_def(int16, int16_t);
--nghttp2_max_def(int32, int32_t);
--nghttp2_max_def(int64, int64_t);
--nghttp2_max_def(uint8, uint8_t);
--nghttp2_max_def(uint16, uint16_t);
--nghttp2_max_def(uint32, uint32_t);
--nghttp2_max_def(uint64, uint64_t);
--nghttp2_max_def(size, size_t);
-+nghttp2_max_def(int8, int8_t)
-+nghttp2_max_def(int16, int16_t)
-+nghttp2_max_def(int32, int32_t)
-+nghttp2_max_def(int64, int64_t)
-+nghttp2_max_def(uint8, uint8_t)
-+nghttp2_max_def(uint16, uint16_t)
-+nghttp2_max_def(uint32, uint32_t)
-+nghttp2_max_def(uint64, uint64_t)
-+nghttp2_max_def(size, size_t)
- 
- #define nghttp2_min_def(SUFFIX, T)                                             \
-   static inline T nghttp2_min_##SUFFIX(T a, T b) { return a < b ? a : b; }
- 
--nghttp2_min_def(int8, int8_t);
--nghttp2_min_def(int16, int16_t);
--nghttp2_min_def(int32, int32_t);
--nghttp2_min_def(int64, int64_t);
--nghttp2_min_def(uint8, uint8_t);
--nghttp2_min_def(uint16, uint16_t);
--nghttp2_min_def(uint32, uint32_t);
--nghttp2_min_def(uint64, uint64_t);
--nghttp2_min_def(size, size_t);
-+nghttp2_min_def(int8, int8_t)
-+nghttp2_min_def(int16, int16_t)
-+nghttp2_min_def(int32, int32_t)
-+nghttp2_min_def(int64, int64_t)
-+nghttp2_min_def(uint8, uint8_t)
-+nghttp2_min_def(uint16, uint16_t)
-+nghttp2_min_def(uint32, uint32_t)
-+nghttp2_min_def(uint64, uint64_t)
-+nghttp2_min_def(size, size_t)
- 
- #define lstreq(A, B, N) ((sizeof((A)) - 1) == (N) && memcmp((A), (B), (N)) == 0)
- 

patches/node/fix_add_default_values_for_variables_in_common_gypi.patch

@@ -7,7 +7,7 @@ common.gypi is a file that's included in the node header bundle, despite
 the fact that we do not build node with gyp.
 
 diff --git a/common.gypi b/common.gypi
-index de83a566724a36fff8b0c4ca9ba7e151a8c39f54..cfb1fd6b53715dd2a39ab58b6a3bee0d8aef12bc 100644
+index 62f26bb07d27a02aedf18fdd1191b282f9340cac..5d74876ab28f8c10bb9543f7652478514414d8d2 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -88,6 +88,23 @@

patches/node/fix_assert_module_in_the_renderer_process.patch

@@ -58,10 +58,10 @@ index 89ce587cac4506c4218a9316fe0b68070a7a8504..b74fb837fc1cfee839c8b5b8c0b9a6f8
  }
  
 diff --git a/src/node_options.cc b/src/node_options.cc
-index 3c42f9b87c11a0f88800d6709515c1c9e2972fc0..6f9a8d3e0884bc6e356413f2f39522a7109c86b5 100644
+index f70e0917f6caa66210107cdb2ef891685563ba96..ec419cf96a14989338e3261b85c92b81ba8b50d9 100644
 --- a/src/node_options.cc
 +++ b/src/node_options.cc
-@@ -1476,14 +1476,16 @@ void GetEmbedderOptions(const FunctionCallbackInfo<Value>& args) {
+@@ -1517,14 +1517,16 @@ void GetEmbedderOptions(const FunctionCallbackInfo<Value>& args) {
    }
    Isolate* isolate = args.GetIsolate();
  

patches/node/fix_crypto_tests_to_run_with_bssl.patch

@@ -11,7 +11,7 @@ before it's acceptable to upstream, as this patch comments out a couple
 of tests that upstream probably cares about.
 
 diff --git a/test/common/index.js b/test/common/index.js
-index b95e812c5a9fab59f742e1557e9f218155638af4..6d2566c43f16493cbb2a0f9469ed386c41686782 100644
+index d1eaf6e69f603b0a7037e44be6ef185283972090..e3f26d32dbad2e4ccb47dea028dbf1a855525cfb 100644
 --- a/test/common/index.js
 +++ b/test/common/index.js
 @@ -65,6 +65,8 @@ const opensslVersionNumber = (major = 0, minor = 0, patch = 0) => {
@@ -123,7 +123,7 @@ index 81a469c226c261564dee1e0b06b6571b18a41f1f..58b66045dba4201b7ebedd78b129420f
  
  const availableCurves = new Set(crypto.getCurves());
 diff --git a/test/parallel/test-crypto-dh-errors.js b/test/parallel/test-crypto-dh-errors.js
-index fcf1922bcdba733af6c22f142db4f7b099947757..9f72ae4e41a113e752f40795103c2af514538780 100644
+index 476ca64b4425b5b8b0fa2dc8352ee6f03d563813..2250a8f24a875d6af198426891870b450078ee5f 100644
 --- a/test/parallel/test-crypto-dh-errors.js
 +++ b/test/parallel/test-crypto-dh-errors.js
 @@ -32,9 +32,9 @@ for (const bits of [-1, 0, 1]) {
@@ -138,24 +138,6 @@ index fcf1922bcdba733af6c22f142db4f7b099947757..9f72ae4e41a113e752f40795103c2af5
      });
    }
  }
-@@ -43,7 +43,7 @@ for (const g of [-1, 1]) {
-   const ex = {
-     code: 'ERR_OSSL_DH_BAD_GENERATOR',
-     name: 'Error',
--    message: /bad generator/,
-+    message: /bad generator|BAD_GENERATOR/,
-   };
-   assert.throws(() => crypto.createDiffieHellman('abcdef', g), ex);
-   assert.throws(() => crypto.createDiffieHellman('abcdef', 'hex', g), ex);
-@@ -55,7 +55,7 @@ for (const g of [Buffer.from([]),
-   const ex = {
-     code: 'ERR_OSSL_DH_BAD_GENERATOR',
-     name: 'Error',
--    message: /bad generator/,
-+    message: /bad generator|BAD_GENERATOR/,
-   };
-   assert.throws(() => crypto.createDiffieHellman('abcdef', g), ex);
-   assert.throws(() => crypto.createDiffieHellman('abcdef', 'hex', g), ex);
 diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
 index 9ebe14011eed223994e0901bc22dcc582b4b0739..e78f90eb76380916ce7098fb517c83a954edb053 100644
 --- a/test/parallel/test-crypto-dh.js
@@ -319,19 +301,6 @@ index f1f14b472997e76bb4100edb1c6cf4fc24d1074d..5057e3f9bc5bb78aceffa5e79530f8ce
  });
  
  // No-pad encrypted string should return the same:
-diff --git a/test/parallel/test-crypto-private-decrypt-gh32240.js b/test/parallel/test-crypto-private-decrypt-gh32240.js
-index 1785f5eef3d202976666081d09850ed744d83446..e88227a215ba4f7fa196f7642ae694a57d55b3ca 100644
---- a/test/parallel/test-crypto-private-decrypt-gh32240.js
-+++ b/test/parallel/test-crypto-private-decrypt-gh32240.js
-@@ -24,7 +24,7 @@ const pkeyEncrypted =
-   pair.privateKey.export({
-     type: 'pkcs1',
-     format: 'pem',
--    cipher: 'aes128',
-+    cipher: 'aes-128-cbc',
-     passphrase: 'secret',
-   });
- 
 diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
 index 5f4fafdfffbf726b7cb39c472baa3df25c9794cf..d52376da2cddd90adcdf8a9b7dcd03e348d9f2b4 100644
 --- a/test/parallel/test-crypto-rsa-dsa.js
@@ -471,7 +440,7 @@ index 008ab129f0e019c659eecf5a76b7eb412c947fe3..6688f5d916f50e1e4fcfff1619c8634a
  
  cipher.end('Papaya!');  // Should not cause an unhandled exception.
 diff --git a/test/parallel/test-crypto-x509.js b/test/parallel/test-crypto-x509.js
-index 15e1f53bb05faf60fa808eb5901591d1512edf3c..329f0d00c869cd19580acea18c904cf9900fb816 100644
+index bd906c25b9ee194ff34fe5fb8ecb68d7a672138c..5b631a32d07bd916ff7cd847e52b26f694bd00c6 100644
 --- a/test/parallel/test-crypto-x509.js
 +++ b/test/parallel/test-crypto-x509.js
 @@ -96,8 +96,10 @@ const der = Buffer.from(
@@ -485,83 +454,15 @@ index 15e1f53bb05faf60fa808eb5901591d1512edf3c..329f0d00c869cd19580acea18c904cf9
    assert.strictEqual(
      x509.fingerprint,
      '8B:89:16:C4:99:87:D2:13:1A:64:94:36:38:A5:32:01:F0:95:3B:53');
-@@ -113,7 +115,7 @@ const der = Buffer.from(
-     '5A:42:63:E0:21:2F:D6:70:63:07:96:6F:27:A7:78:12:08:02:7A:8B'
-   );
-   assert.strictEqual(x509.keyUsage, undefined);
--  assert.strictEqual(x509.serialNumber, '147D36C1C2F74206DE9FAB5F2226D78ADB00A426');
-+  assert.match(x509.serialNumber, /147D36C1C2F74206DE9FAB5F2226D78ADB00A426/i);
- 
-   assert.deepStrictEqual(x509.raw, der);
- 
-@@ -255,6 +257,16 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
-   });
-   mc.port2.postMessage(x509);
- 
-+  const modulusOSSL = 'D456320AFB20D3827093DC2C4284ED04DFBABD56E1DDAE529E28B790CD42' +
-+                      '56DB273349F3735FFD337C7A6363ECCA5A27B7F73DC7089A96C6D886DB0C' +
-+                      '62388F1CDD6A963AFCD599D5800E587A11F908960F84ED50BA25A28303EC' +
-+                      'DA6E684FBE7BAEDC9CE8801327B1697AF25097CEE3F175E400984C0DB6A8' +
-+                      'EB87BE03B4CF94774BA56FFFC8C63C68D6ADEB60ABBE69A7B14AB6A6B9E7' +
-+                      'BAA89B5ADAB8EB07897C07F6D4FA3D660DFF574107D28E8F63467A788624' +
-+                      'C574197693E959CEA1362FFAE1BBA10C8C0D88840ABFEF103631B2E8F5C3' +
-+                      '9B5548A7EA57E8A39F89291813F45A76C448033A2B7ED8403F4BAA147CF3' +
-+                      '5E2D2554AA65CE49695797095BF4DC6B';
-+
-   // Verify that legacy encoding works
-   const legacyObjectCheck = {
-     subject: Object.assign({ __proto__: null }, {
-@@ -279,15 +291,7 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
-       'OCSP - URI': ['http://ocsp.nodejs.org/'],
-       'CA Issuers - URI': ['http://ca.nodejs.org/ca.cert']
-     }),
--    modulus: 'D456320AFB20D3827093DC2C4284ED04DFBABD56E1DDAE529E28B790CD42' +
--              '56DB273349F3735FFD337C7A6363ECCA5A27B7F73DC7089A96C6D886DB0C' +
--              '62388F1CDD6A963AFCD599D5800E587A11F908960F84ED50BA25A28303EC' +
--              'DA6E684FBE7BAEDC9CE8801327B1697AF25097CEE3F175E400984C0DB6A8' +
--              'EB87BE03B4CF94774BA56FFFC8C63C68D6ADEB60ABBE69A7B14AB6A6B9E7' +
--              'BAA89B5ADAB8EB07897C07F6D4FA3D660DFF574107D28E8F63467A788624' +
--              'C574197693E959CEA1362FFAE1BBA10C8C0D88840ABFEF103631B2E8F5C3' +
--              '9B5548A7EA57E8A39F89291813F45A76C448033A2B7ED8403F4BAA147CF3' +
--              '5E2D2554AA65CE49695797095BF4DC6B',
-+    modulusPattern: new RegExp(modulusOSSL, 'i'),
-     bits: 2048,
-     exponent: '0x10001',
-     valid_from: 'Sep  3 21:40:37 2022 GMT',
-@@ -300,7 +304,7 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
-       '51:62:18:39:E2:E2:77:F5:86:11:E8:C0:CA:54:43:7C:76:83:19:05:D0:03:' +
-       '24:21:B8:EB:14:61:FB:24:16:EB:BD:51:1A:17:91:04:30:03:EB:68:5F:DC:' +
-       '86:E1:D1:7C:FB:AF:78:ED:63:5F:29:9C:32:AF:A1:8E:22:96:D1:02',
--    serialNumber: '147D36C1C2F74206DE9FAB5F2226D78ADB00A426'
-+    serialNumberPattern: /147D36C1C2F74206DE9FAB5F2226D78ADB00A426/i
-   };
- 
-   const legacyObject = x509.toLegacyObject();
-@@ -309,7 +313,7 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
-   assert.deepStrictEqual(legacyObject.subject, legacyObjectCheck.subject);
-   assert.deepStrictEqual(legacyObject.issuer, legacyObjectCheck.issuer);
-   assert.deepStrictEqual(legacyObject.infoAccess, legacyObjectCheck.infoAccess);
--  assert.strictEqual(legacyObject.modulus, legacyObjectCheck.modulus);
-+  assert.match(legacyObject.modulus, legacyObjectCheck.modulusPattern);
-   assert.strictEqual(legacyObject.bits, legacyObjectCheck.bits);
-   assert.strictEqual(legacyObject.exponent, legacyObjectCheck.exponent);
-   assert.strictEqual(legacyObject.valid_from, legacyObjectCheck.valid_from);
-@@ -318,11 +322,12 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
-   assert.strictEqual(
-     legacyObject.fingerprint256,
-     legacyObjectCheck.fingerprint256);
--  assert.strictEqual(
-+  assert.match(
-     legacyObject.serialNumber,
--    legacyObjectCheck.serialNumber);
-+    legacyObjectCheck.serialNumberPattern);
+@@ -325,6 +327,7 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
+     legacyObjectCheck.serialNumberPattern);
  }
  
 +if (!common.openSSLIsBoringSSL) {
  {
    // This X.509 Certificate can be parsed by OpenSSL because it contains a
    // structurally sound TBSCertificate structure. However, the SPKI field of the
-@@ -361,6 +366,7 @@ UcXd/5qu2GhokrKU2cPttU+XAN2Om6a0
+@@ -363,6 +366,7 @@ UcXd/5qu2GhokrKU2cPttU+XAN2Om6a0
  
    assert.strictEqual(cert.checkIssued(cert), false);
  }
@@ -569,7 +470,7 @@ index 15e1f53bb05faf60fa808eb5901591d1512edf3c..329f0d00c869cd19580acea18c904cf9
  
  {
    // Test date parsing of `validFromDate` and `validToDate` fields, according to RFC 5280.
-@@ -398,8 +404,10 @@ UidvpWWipVLZgK+oDks+bKTobcoXGW9oXobiIYqslXPy
+@@ -400,8 +404,10 @@ UidvpWWipVLZgK+oDks+bKTobcoXGW9oXobiIYqslXPy
  -----END CERTIFICATE-----`.trim();
    const c1 = new X509Certificate(certPemUTCTime);
  
@@ -580,7 +481,7 @@ index 15e1f53bb05faf60fa808eb5901591d1512edf3c..329f0d00c869cd19580acea18c904cf9
  
    // The GeneralizedTime format is used for dates in 2050 or later.
    const certPemGeneralizedTime = `-----BEGIN CERTIFICATE-----
-@@ -433,6 +441,8 @@ CWwQO8JZjJqFtqtuzy2n+gLCvqePgG/gmSqHOPm2ZbLW
+@@ -435,6 +441,8 @@ CWwQO8JZjJqFtqtuzy2n+gLCvqePgG/gmSqHOPm2ZbLW
  -----END CERTIFICATE-----`.trim();
    const c2 = new X509Certificate(certPemGeneralizedTime);
  
@@ -684,7 +585,7 @@ index 543ee176fb6af38874fee9f14be76f3fdda11060..fef9f1bc2f9fc6c220cf47847e86e038
  }
  
 diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
-index da5600710560b22049eba1ef18bbb742d447a673..8917b96f666de916616af2fb3ce3a58d00af7438 100644
+index e0986e53c1103b63cf15002a7fa4ce8bc4844d90..33c8a2aa72c56dd4a98558aab2102f03fae2b3cf 100644
 --- a/test/parallel/test-https-agent-session-eviction.js
 +++ b/test/parallel/test-https-agent-session-eviction.js
 @@ -14,7 +14,7 @@ const options = {
@@ -696,35 +597,8 @@ index da5600710560b22049eba1ef18bbb742d447a673..8917b96f666de916616af2fb3ce3a58d
  };
  
  // Create TLS1.2 server
-diff --git a/test/parallel/test-tls-getcertificate-x509.js b/test/parallel/test-tls-getcertificate-x509.js
-index aa685ca9e09cf0d17ff4d5480089e9977dd51f72..ccafa427433922155c1afd5d95ba69d8108825ef 100644
---- a/test/parallel/test-tls-getcertificate-x509.js
-+++ b/test/parallel/test-tls-getcertificate-x509.js
-@@ -20,9 +20,7 @@ const server = tls.createServer(options, function(cleartext) {
- server.once('secureConnection', common.mustCall(function(socket) {
-   const cert = socket.getX509Certificate();
-   assert(cert instanceof X509Certificate);
--  assert.strictEqual(
--    cert.serialNumber,
--    '5B75D77EDC7FB5B7FA9F1424DA4C64FB815DCBDE');
-+  assert.match(cert.serialNumber, /5B75D77EDC7FB5B7FA9F1424DA4C64FB815DCBDE/i)
- }));
- 
- server.listen(0, common.mustCall(function() {
-@@ -33,10 +31,7 @@ server.listen(0, common.mustCall(function() {
-     const peerCert = socket.getPeerX509Certificate();
-     assert(peerCert.issuerCertificate instanceof X509Certificate);
-     assert.strictEqual(peerCert.issuerCertificate.issuerCertificate, undefined);
--    assert.strictEqual(
--      peerCert.issuerCertificate.serialNumber,
--      '147D36C1C2F74206DE9FAB5F2226D78ADB00A425'
--    );
-+    assert.match(peerCert.issuerCertificate.serialNumber, /147D36C1C2F74206DE9FAB5F2226D78ADB00A425/i);
-     server.close();
-   }));
-   socket.end('Hello');
 diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
-index 571f400cea574662bda6be8eecd22ceccaf75420..2296362dc625ee663df11927297ccf124233a19b 100644
+index a9c8775e2f112f2b5e1f4e80f22264f219bf6a9d..4550d28125379e6043962826b8e97b692d63804b 100644
 --- a/test/parallel/test-tls-getprotocol.js
 +++ b/test/parallel/test-tls-getprotocol.js
 @@ -27,7 +27,7 @@ const clientConfigs = [

patches/node/fix_do_not_resolve_electron_entrypoints.patch

@@ -6,10 +6,10 @@ Subject: fix: do not resolve electron entrypoints
 This wastes fs cycles and can result in strange behavior if this path actually exists on disk
 
 diff --git a/lib/internal/modules/esm/load.js b/lib/internal/modules/esm/load.js
-index 463e76cb1abc0c2fdddba4db2ca2e00f7c591e12..d7bc3c35c77b5bf9ec122b38248d0cf1f4d2a548 100644
+index c9d4a3536d0f60375ae623b48ca2fa7095c88d42..d818320fbbc430d06a0c2852e4723981d6e1a844 100644
 --- a/lib/internal/modules/esm/load.js
 +++ b/lib/internal/modules/esm/load.js
-@@ -111,7 +111,7 @@ async function defaultLoad(url, context = kEmptyObject) {
+@@ -109,7 +109,7 @@ async function defaultLoad(url, context = kEmptyObject) {
      source = null;
      format ??= 'builtin';
    } else if (format !== 'commonjs' || defaultType === 'module') {
@@ -19,7 +19,7 @@ index 463e76cb1abc0c2fdddba4db2ca2e00f7c591e12..d7bc3c35c77b5bf9ec122b38248d0cf1
        context = { __proto__: context, source };
      }
 diff --git a/lib/internal/modules/esm/translators.js b/lib/internal/modules/esm/translators.js
-index 45a0abc6423a4e53e070f3c117fac2a3554b188d..abd89e9cccba1060f8e76580d5bb338e65a710ea 100644
+index 0f138b1099b4833176e8a0ce681c745422efc24a..c7dd203e4bd5d611186300d9c0f2255afdf81684 100644
 --- a/lib/internal/modules/esm/translators.js
 +++ b/lib/internal/modules/esm/translators.js
 @@ -287,6 +287,9 @@ function cjsPreparseModuleExports(filename, source) {

patches/node/fix_expose_the_built-in_electron_module_via_the_esm_loader.patch

@@ -6,7 +6,7 @@ Subject: fix: expose the built-in electron module via the ESM loader
 This allows usage of `import { app } from 'electron'` and `import('electron')` natively in the browser + non-sandboxed renderer
 
 diff --git a/lib/internal/modules/esm/get_format.js b/lib/internal/modules/esm/get_format.js
-index 26d0bace6cdd3905f1248c5ad3fa794eb272252d..4ec1f4f6951be40f5fcb4c1cb3d1205e69434f23 100644
+index 9519f947b8dfdc69808839948c9cb8434a0acf0e..23ce72d479f638c33edffcea7c35f5da6cab7cae 100644
 --- a/lib/internal/modules/esm/get_format.js
 +++ b/lib/internal/modules/esm/get_format.js
 @@ -26,6 +26,7 @@ const protocolHandlers = {
@@ -18,10 +18,10 @@ index 26d0bace6cdd3905f1248c5ad3fa794eb272252d..4ec1f4f6951be40f5fcb4c1cb3d1205e
  
  /**
 diff --git a/lib/internal/modules/esm/load.js b/lib/internal/modules/esm/load.js
-index 8b157f0f461c7b92c567fffe4d99357dbc09aee7..605e812d515fc467001e4ab88fc15b4af3fd4aa2 100644
+index 5ba13096b98047ff33e4d44167c2a069ccc5e69d..a00b5979e3b5deb4ba315b4635c7e5d2801c376e 100644
 --- a/lib/internal/modules/esm/load.js
 +++ b/lib/internal/modules/esm/load.js
-@@ -121,7 +121,7 @@ async function defaultLoad(url, context = kEmptyObject) {
+@@ -119,7 +119,7 @@ async function defaultLoad(url, context = kEmptyObject) {
        // Now that we have the source for the module, run `defaultGetFormat` to detect its format.
        format = await defaultGetFormat(urlInstance, context);
  
@@ -30,7 +30,7 @@ index 8b157f0f461c7b92c567fffe4d99357dbc09aee7..605e812d515fc467001e4ab88fc15b4a
          // For backward compatibility reasons, we need to discard the source in
          // order for the CJS loader to re-fetch it.
          source = null;
-@@ -218,12 +218,13 @@ function throwIfUnsupportedURLScheme(parsed) {
+@@ -200,12 +200,13 @@ function throwIfUnsupportedURLScheme(parsed) {
      protocol !== 'file:' &&
      protocol !== 'data:' &&
      protocol !== 'node:' &&
@@ -46,10 +46,10 @@ index 8b157f0f461c7b92c567fffe4d99357dbc09aee7..605e812d515fc467001e4ab88fc15b4a
    }
  }
 diff --git a/lib/internal/modules/esm/resolve.js b/lib/internal/modules/esm/resolve.js
-index 35925ef0817273948b7a2128c6ddc12c91bc3cfd..ee2cc03892c01141b71571989b18eec387d3c766 100644
+index 61c043e35c6ce9ef9d7255e009162289e80eaf4d..0c41492aa9652112df0b839361570a832daf3b13 100644
 --- a/lib/internal/modules/esm/resolve.js
 +++ b/lib/internal/modules/esm/resolve.js
-@@ -772,6 +772,8 @@ function parsePackageName(specifier, base) {
+@@ -791,6 +791,8 @@ function parsePackageName(specifier, base) {
    return { packageName, packageSubpath, isScoped };
  }
  
@@ -58,7 +58,7 @@ index 35925ef0817273948b7a2128c6ddc12c91bc3cfd..ee2cc03892c01141b71571989b18eec3
  /**
   * Resolves a package specifier to a URL.
   * @param {string} specifier - The package specifier to resolve.
-@@ -785,6 +787,11 @@ function packageResolve(specifier, base, conditions) {
+@@ -804,6 +806,11 @@ function packageResolve(specifier, base, conditions) {
      return new URL('node:' + specifier);
    }
  
@@ -71,7 +71,7 @@ index 35925ef0817273948b7a2128c6ddc12c91bc3cfd..ee2cc03892c01141b71571989b18eec3
      parsePackageName(specifier, base);
  
 diff --git a/lib/internal/modules/esm/translators.js b/lib/internal/modules/esm/translators.js
-index 9b89c3e1d52a0f724dab451844d32df67f1eab9f..25ee090bbb4884d3e5f2530cc7153f9215754fae 100644
+index 491dc3f450733a9181096a145cfa508767682658..23ed971daebdda3cb627907ffa3626daaa5b5b7b 100644
 --- a/lib/internal/modules/esm/translators.js
 +++ b/lib/internal/modules/esm/translators.js
 @@ -182,7 +182,7 @@ function createCJSModuleWrap(url, source, isMain, loadCJS = loadCJSModule) {
@@ -106,10 +106,10 @@ index 9b89c3e1d52a0f724dab451844d32df67f1eab9f..25ee090bbb4884d3e5f2530cc7153f92
  // This translator function must be sync, as `require` is sync.
  translators.set('require-commonjs-typescript', (url, source, isMain) => {
 diff --git a/lib/internal/url.js b/lib/internal/url.js
-index 3cb186182947a14407e9d5c4d94ab0554298a658..e35ae9ac316ba2e5b8f562d353b2c5ae978abb63 100644
+index 14b0ef61d2f91cf48bba9aceefc55751e7ed5db2..6d6b32f65131d1d55aeeae27dd2970440d99b4bd 100644
 --- a/lib/internal/url.js
 +++ b/lib/internal/url.js
-@@ -1495,6 +1495,8 @@ function fileURLToPath(path, options = kEmptyObject) {
+@@ -1505,6 +1505,8 @@ function fileURLToPath(path, options = kEmptyObject) {
      path = new URL(path);
    else if (!isURL(path))
      throw new ERR_INVALID_ARG_TYPE('path', ['string', 'URL'], path);

patches/node/fix_expose_tracing_agent_and_use_tracing_tracingcontroller_instead.patch

@@ -22,7 +22,7 @@ index ad323fc800a33c010b0504a4aa55c107498dee26..e044f10284f31f1862b18be752a04b3b
      int thread_pool_size,
      node::tracing::TracingController* tracing_controller) {
 diff --git a/src/node.h b/src/node.h
-index 60598f54114b2424f10706e57d8aa50c4634bcb0..0fec9477fd0f2a3c2aa68284131c510b0da0e025 100644
+index 7726d3de1e82689655e8fceb4135eec303498572..e730bde9162df23ae0c0d52cfa594c1d7c4db28b 100644
 --- a/src/node.h
 +++ b/src/node.h
 @@ -133,6 +133,7 @@ struct SnapshotData;

patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch

@@ -17,15 +17,10 @@ Upstreams:
 - https://github.com/nodejs/node/pull/39136
 
 diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
-index 457bd2f6c5b18956d06c716fbfae429496fb352d..e954cb2e53f3d8c297d21ef9f698d824ca574106 100644
+index ac2d771555126a4f43b8c3a3fd299d40019e6622..769fe636ef2b5d02ecc9ff753e64d93ea5075700 100644
 --- a/deps/ncrypto/ncrypto.cc
 +++ b/deps/ncrypto/ncrypto.cc
-@@ -6,13 +6,11 @@
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
- #include <openssl/pkcs12.h>
-+#include <openssl/rand.h>
- #include <openssl/x509v3.h>
+@@ -11,9 +11,6 @@
  #if OPENSSL_VERSION_MAJOR >= 3
  #include <openssl/provider.h>
  #endif
@@ -35,7 +30,7 @@ index 457bd2f6c5b18956d06c716fbfae429496fb352d..e954cb2e53f3d8c297d21ef9f698d824
  
  namespace ncrypto {
  namespace {
-@@ -694,7 +692,7 @@ bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) {
+@@ -708,7 +705,7 @@ bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) {
  
    bool ok = true;
  
@@ -43,8 +38,8 @@ index 457bd2f6c5b18956d06c716fbfae429496fb352d..e954cb2e53f3d8c297d21ef9f698d824
 +  for (size_t i = 0; i < sk_GENERAL_NAME_num(names); i++) {
      GENERAL_NAME* gen = sk_GENERAL_NAME_value(names, i);
  
-     if (i != 0)
-@@ -720,7 +718,7 @@ bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext) {
+     if (i != 0) BIO_write(out.get(), ", ", 2);
+@@ -732,7 +729,7 @@ bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext) {
  
    bool ok = true;
  
@@ -52,13 +47,14 @@ index 457bd2f6c5b18956d06c716fbfae429496fb352d..e954cb2e53f3d8c297d21ef9f698d824
 +  for (size_t i = 0; i < sk_ACCESS_DESCRIPTION_num(descs); i++) {
      ACCESS_DESCRIPTION* desc = sk_ACCESS_DESCRIPTION_value(descs, i);
  
-     if (i != 0)
-@@ -857,13 +855,17 @@ BIOPointer X509View::getValidTo() const {
+     if (i != 0) BIO_write(out.get(), "\n", 1);
+@@ -874,13 +871,17 @@ BIOPointer X509View::getValidTo() const {
  
  int64_t X509View::getValidToTime() const {
    struct tm tp;
+-  ASN1_TIME_to_tm(X509_get0_notAfter(cert_), &tp);
 +#ifndef OPENSSL_IS_BORINGSSL
-   ASN1_TIME_to_tm(X509_get0_notAfter(cert_), &tp);
++   ASN1_TIME_to_tm(X509_get0_notAfter(cert_), &tp);
 +#endif
    return PortableTimeGM(&tp);
  }
@@ -71,21 +67,22 @@ index 457bd2f6c5b18956d06c716fbfae429496fb352d..e954cb2e53f3d8c297d21ef9f698d824
    return PortableTimeGM(&tp);
  }
  
-@@ -1043,7 +1045,11 @@ BIOPointer BIOPointer::NewMem() {
+@@ -1085,7 +1086,11 @@ BIOPointer BIOPointer::NewMem() {
  }
  
  BIOPointer BIOPointer::NewSecMem() {
+-  return BIOPointer(BIO_new(BIO_s_secmem()));
 +#ifdef OPENSSL_IS_BORINGSSL
 +  return BIOPointer(BIO_new(BIO_s_mem()));
 +#else
-   return BIOPointer(BIO_new(BIO_s_secmem()));
++   return BIOPointer(BIO_new(BIO_s_secmem()));
 +#endif
  }
  
  BIOPointer BIOPointer::New(const BIO_METHOD* method) {
-@@ -1098,8 +1104,10 @@ BignumPointer DHPointer::FindGroup(const std::string_view name,
-                                    FindGroupOption option) {
- #define V(n, p) if (EqualNoCase(name, n)) return BignumPointer(p(nullptr));
+@@ -1149,8 +1154,10 @@ BignumPointer DHPointer::FindGroup(const std::string_view name,
+ #define V(n, p)                                                                \
+   if (EqualNoCase(name, n)) return BignumPointer(p(nullptr));
    if (option != FindGroupOption::NO_SMALL_PRIMES) {
 +#ifndef OPENSSL_IS_BORINGSSL
      V("modp1", BN_get_rfc2409_prime_768);
@@ -94,7 +91,7 @@ index 457bd2f6c5b18956d06c716fbfae429496fb352d..e954cb2e53f3d8c297d21ef9f698d824
      V("modp5", BN_get_rfc3526_prime_1536);
    }
    V("modp14", BN_get_rfc3526_prime_2048);
-@@ -1171,11 +1179,13 @@ DHPointer::CheckPublicKeyResult DHPointer::checkPublicKey(const BignumPointer& p
+@@ -1223,11 +1230,13 @@ DHPointer::CheckPublicKeyResult DHPointer::checkPublicKey(
    int codes = 0;
    if (DH_check_pub_key(dh_.get(), pub_key.get(), &codes) != 1)
      return DHPointer::CheckPublicKeyResult::CHECK_FAILED;
@@ -110,10 +107,10 @@ index 457bd2f6c5b18956d06c716fbfae429496fb352d..e954cb2e53f3d8c297d21ef9f698d824
    }
    return CheckPublicKeyResult::NONE;
 diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h
-index 20b69dc67b13fd4f0bd44f7adf6a0d928a2c10c4..2320f92c50543fb9b426bce1c6d182bddf7658de 100644
+index fffa75ec718facc61cebf48f33ddc3909b9b9413..19757016a4f50e2f656a76bf60cb87e601845afe 100644
 --- a/deps/ncrypto/ncrypto.h
 +++ b/deps/ncrypto/ncrypto.h
-@@ -493,17 +493,21 @@ public:
+@@ -516,17 +516,21 @@ class DHPointer final {
      UNABLE_TO_CHECK_GENERATOR = DH_UNABLE_TO_CHECK_GENERATOR,
      NOT_SUITABLE_GENERATOR = DH_NOT_SUITABLE_GENERATOR,
      Q_NOT_PRIME = DH_CHECK_Q_NOT_PRIME,
@@ -136,33 +133,21 @@ index 20b69dc67b13fd4f0bd44f7adf6a0d928a2c10c4..2320f92c50543fb9b426bce1c6d182bd
      CHECK_FAILED = 512,
    };
    // Check to see if the given public key is suitable for this DH instance.
-diff --git a/deps/ncrypto/unofficial.gni b/deps/ncrypto/unofficial.gni
-index ea024af73e215b3cad5f08796ac405f419530c86..41061b524eea74330b8d2452635a38c48f21386b 100644
---- a/deps/ncrypto/unofficial.gni
-+++ b/deps/ncrypto/unofficial.gni
-@@ -27,6 +27,6 @@ template("ncrypto_gn_build") {
-     forward_variables_from(invoker, "*")
-     public_configs = [ ":ncrypto_config" ]
-     sources = gypi_values.ncrypto_sources
--    deps = [ "../openssl" ]
-+    deps = [ "$node_crypto_path" ]
-   }
- }
 diff --git a/node.gni b/node.gni
-index 852f64fa9cfb50fe6e9ce7aa46be336d3196d5b8..461bff93e151c454cd0a9575daa01d3f7c0ec9c3 100644
+index 245a43920c7baf000ba63192a84a4c3fd219be7d..56a554175b805c1703f13d62041f8c80d6e94dd9 100644
 --- a/node.gni
 +++ b/node.gni
-@@ -10,6 +10,8 @@ declare_args() {
-   # The location of V8, use the one from node's deps by default.
+@@ -11,7 +11,7 @@ declare_args() {
    node_v8_path = "//v8"
  
-+  node_crypto_path = "//third_party/boringssl"
-+
-   # The NODE_MODULE_VERSION defined in node_version.h.
-   node_module_version = exec_script("$node_path/tools/getmoduleversion.py", [], "value")
+   # The location of OpenSSL - use the one from node's deps by default.
+-  node_openssl_path = "$node_path/deps/openssl"
++  node_openssl_path = "//third_party/boringssl"
  
+   # The location of simdutf - use the one from node's deps by default.
+   node_simdutf_path = "$node_path/deps/simdutf"
 diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
-index a81ab8e95f2fc23e1e315fb9c69364934377a0c1..dbe12ba2413ef29ff06a7e8abde50000eaf277e2 100644
+index c7588583530cf291946d01cec807390d987706cf..495fb92355a7eadc2f7ec885a3b529988bb3bd02 100644
 --- a/src/crypto/crypto_cipher.cc
 +++ b/src/crypto/crypto_cipher.cc
 @@ -1080,7 +1080,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
@@ -174,9 +159,9 @@ index a81ab8e95f2fc23e1e315fb9c69364934377a0c1..dbe12ba2413ef29ff06a7e8abde50000
      int rsa_pkcs1_implicit_rejection =
          EVP_PKEY_CTX_ctrl_str(ctx.get(), "rsa_pkcs1_implicit_rejection", "1");
      // From the doc -2 means that the option is not supported.
-@@ -1096,6 +1096,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
-           "RSA_PKCS1_PADDING is no longer supported for private decryption,"
-           " this can be reverted with --security-revert=CVE-2024-PEND");
+@@ -1095,6 +1095,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
+           env,
+           "RSA_PKCS1_PADDING is no longer supported for private decryption");
      }
 +#endif
    }
@@ -440,10 +425,10 @@ index b557de774117e442d7f429e92d63a6e1faa236fd..0aca233ced39269b09c383e5b32d85cf
      return EVPKeyCtxPointer();
  
 diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc
-index 6af8d089ca6bcd73aff314638443610b9cc4bf7e..c84cbd5b4708e0c403ab0a1e1ddf5fc72eb3d148 100644
+index ac4103400e1e293909e7c524f4a1422c5f04e707..c44c11cbd533350d8bf149032c658d5585303b7d 100644
 --- a/src/crypto/crypto_keys.cc
 +++ b/src/crypto/crypto_keys.cc
-@@ -1059,6 +1059,7 @@ void KeyObjectHandle::GetAsymmetricKeyType(
+@@ -945,6 +945,7 @@ void KeyObjectHandle::GetAsymmetricKeyType(
  }
  
  bool KeyObjectHandle::CheckEcKeyData() const {
@@ -451,7 +436,7 @@ index 6af8d089ca6bcd73aff314638443610b9cc4bf7e..c84cbd5b4708e0c403ab0a1e1ddf5fc7
    MarkPopErrorOnReturn mark_pop_error_on_return;
  
    const auto& key = data_.GetAsymmetricKey();
-@@ -1075,6 +1076,9 @@ bool KeyObjectHandle::CheckEcKeyData() const {
+@@ -961,6 +962,9 @@ bool KeyObjectHandle::CheckEcKeyData() const {
  #else
    return EVP_PKEY_public_check(ctx.get()) == 1;
  #endif
@@ -554,7 +539,7 @@ index 12ee0cde0897024bccb0face49053544a0bcfcd7..8a6a36a3c31532ed585c287ba8cee140
  }  // namespace
  
 diff --git a/src/env.h b/src/env.h
-index 55124cd38e75ab67c092f6bf5c909a50e7232045..3ef093e612b23d5e1e7cacf56055e5f9818bcb02 100644
+index 16312e548e526b80ec9a230bc3c772f45685b61f..0a3f09ebc7e2e7c1f8b9499d4439e2ca90b86810 100644
 --- a/src/env.h
 +++ b/src/env.h
 @@ -50,7 +50,7 @@
@@ -566,7 +551,7 @@ index 55124cd38e75ab67c092f6bf5c909a50e7232045..3ef093e612b23d5e1e7cacf56055e5f9
  #include <openssl/evp.h>
  #endif
  
-@@ -1060,7 +1060,7 @@ class Environment final : public MemoryRetainer {
+@@ -1062,7 +1062,7 @@ class Environment final : public MemoryRetainer {
      kExitInfoFieldCount
    };
  
@@ -589,7 +574,7 @@ index c59e65ad1fe3fac23f1fc25ca77e6133d1ccaccd..f2f07434e076e2977755ef7dac7d489a
  #if NODE_OPENSSL_HAS_QUIC
  #include <openssl/quic.h>
 diff --git a/src/node_options.cc b/src/node_options.cc
-index d3b59690e917afcf725cbfb1232d6ed9f298ee3a..3c42f9b87c11a0f88800d6709515c1c9e2972fc0 100644
+index a03daec2bd74d7857d38238ea0479e36e054a7a3..f70e0917f6caa66210107cdb2ef891685563ba96 100644
 --- a/src/node_options.cc
 +++ b/src/node_options.cc
 @@ -6,7 +6,7 @@
@@ -602,7 +587,7 @@ index d3b59690e917afcf725cbfb1232d6ed9f298ee3a..3c42f9b87c11a0f88800d6709515c1c9
  #endif
  
 diff --git a/src/node_options.h b/src/node_options.h
-index fc7f898a6b9b6072c15d77710c20ed1ba580966b..f39dcad0a28ae483e6d0e5df3816693119ac823e 100644
+index ab6ea77b2e9ce54af44e21c29fcba929f117c41b..23923ccd645e810d84b0a08e57e486d012b5796b 100644
 --- a/src/node_options.h
 +++ b/src/node_options.h
 @@ -11,7 +11,7 @@
@@ -615,10 +600,10 @@ index fc7f898a6b9b6072c15d77710c20ed1ba580966b..f39dcad0a28ae483e6d0e5df38166931
  #endif
  
 diff --git a/unofficial.gni b/unofficial.gni
-index f6793b8bf22d6ac911a1977edaa881b6dbbe7ac7..ddfbb97276b29df114ab455a2eed3b186b3af5d2 100644
+index 3632d5bd21e277fcbd8d62dc65598a7f7c87f00e..08a4ed939fb1482a897def94128282fdfd63dc62 100644
 --- a/unofficial.gni
 +++ b/unofficial.gni
-@@ -150,7 +150,6 @@ template("node_gn_build") {
+@@ -151,7 +151,6 @@ template("node_gn_build") {
      ]
      deps = [
        ":run_node_js2c",
@@ -632,19 +617,6 @@ index f6793b8bf22d6ac911a1977edaa881b6dbbe7ac7..ddfbb97276b29df114ab455a2eed3b18
        "//third_party/zlib",
 +      "//third_party/brotli:dec",
 +      "//third_party/brotli:enc",
+       "$node_simdutf_path",
        "$node_v8_path:v8_libplatform",
      ]
- 
-@@ -187,10 +188,8 @@ template("node_gn_build") {
-       deps += [ "//third_party/icu" ]
-     }
-     if (node_use_openssl) {
--      deps += [
--        "deps/ncrypto",
--        "//third_party/boringssl"
--      ]
-+      deps += [ "deps/ncrypto" ]
-+      public_deps += [ "$node_crypto_path" ]
-       sources += gypi_values.node_crypto_sources
-     }
-     if (node_enable_inspector) {

patches/node/fix_lazyload_fs_in_esm_loaders_to_apply_asar_patches.patch

@@ -6,10 +6,10 @@ Subject: fix: lazyload fs in esm loaders to apply asar patches
 Changes { foo } from fs to just "fs.foo" so that our patching of fs is applied to esm loaders
 
 diff --git a/lib/internal/modules/esm/load.js b/lib/internal/modules/esm/load.js
-index 605e812d515fc467001e4ab88fc15b4af3fd4aa2..463e76cb1abc0c2fdddba4db2ca2e00f7c591e12 100644
+index a00b5979e3b5deb4ba315b4635c7e5d2801c376e..c9d4a3536d0f60375ae623b48ca2fa7095c88d42 100644
 --- a/lib/internal/modules/esm/load.js
 +++ b/lib/internal/modules/esm/load.js
-@@ -8,7 +8,7 @@ const { kEmptyObject } = require('internal/util');
+@@ -10,7 +10,7 @@ const {
  const { defaultGetFormat } = require('internal/modules/esm/get_format');
  const { validateAttributes, emitImportAssertionWarning } = require('internal/modules/esm/assert');
  const { getOptionValue } = require('internal/options');
@@ -18,7 +18,7 @@ index 605e812d515fc467001e4ab88fc15b4af3fd4aa2..463e76cb1abc0c2fdddba4db2ca2e00f
  
  const defaultType =
    getOptionValue('--experimental-default-type');
-@@ -40,8 +40,7 @@ async function getSource(url, context) {
+@@ -38,8 +38,7 @@ async function getSource(url, context) {
    const responseURL = href;
    let source;
    if (protocol === 'file:') {
@@ -28,7 +28,7 @@ index 605e812d515fc467001e4ab88fc15b4af3fd4aa2..463e76cb1abc0c2fdddba4db2ca2e00f
    } else if (protocol === 'data:') {
      const result = dataURLProcessor(url);
      if (result === 'failure') {
-@@ -65,7 +64,7 @@ function getSourceSync(url, context) {
+@@ -63,7 +62,7 @@ function getSourceSync(url, context) {
    const responseURL = href;
    let source;
    if (protocol === 'file:') {
@@ -38,7 +38,7 @@ index 605e812d515fc467001e4ab88fc15b4af3fd4aa2..463e76cb1abc0c2fdddba4db2ca2e00f
      const result = dataURLProcessor(url);
      if (result === 'failure') {
 diff --git a/lib/internal/modules/esm/resolve.js b/lib/internal/modules/esm/resolve.js
-index ee2cc03892c01141b71571989b18eec387d3c766..c13475102a75d65329908f44def06a60f4a2c4f1 100644
+index 0c41492aa9652112df0b839361570a832daf3b13..f2fbb576da23fc0a48b0c979a263aa2dbe3600eb 100644
 --- a/lib/internal/modules/esm/resolve.js
 +++ b/lib/internal/modules/esm/resolve.js
 @@ -25,7 +25,7 @@ const {
@@ -50,7 +50,7 @@ index ee2cc03892c01141b71571989b18eec387d3c766..c13475102a75d65329908f44def06a60
  const { getOptionValue } = require('internal/options');
  // Do not eagerly grab .manifest, it may be in TDZ
  const { sep, posix: { relative: relativePosixPath }, resolve } = require('path');
-@@ -259,7 +259,7 @@ function finalizeResolution(resolved, base, preserveSymlinks) {
+@@ -277,7 +277,7 @@ function finalizeResolution(resolved, base, preserveSymlinks) {
    }
  
    if (!preserveSymlinks) {
@@ -60,7 +60,7 @@ index ee2cc03892c01141b71571989b18eec387d3c766..c13475102a75d65329908f44def06a60
      });
      const { search, hash } = resolved;
 diff --git a/lib/internal/modules/esm/translators.js b/lib/internal/modules/esm/translators.js
-index 25ee090bbb4884d3e5f2530cc7153f9215754fae..45a0abc6423a4e53e070f3c117fac2a3554b188d 100644
+index 23ed971daebdda3cb627907ffa3626daaa5b5b7b..0f138b1099b4833176e8a0ce681c745422efc24a 100644
 --- a/lib/internal/modules/esm/translators.js
 +++ b/lib/internal/modules/esm/translators.js
 @@ -24,7 +24,7 @@ const {

patches/node/fix_remove_deprecated_errno_constants.patch

@@ -10,7 +10,7 @@ This change removes the usage of these constants to fix a compilation failure du
 See: https://github.com/llvm/llvm-project/pull/80542
 
 diff --git a/deps/uv/include/uv.h b/deps/uv/include/uv.h
-index 7f48b7daa87d1a5b14bc6f641b60f21263fa5ec3..0be470c9139a6da19414295a59f1a237cc3a50d7 100644
+index f75a496071ac3396cbc6dec819eaab7294609deb..30f9a05f2f508b55a7d7ae036612660068c8400e 100644
 --- a/deps/uv/include/uv.h
 +++ b/deps/uv/include/uv.h
 @@ -155,7 +155,6 @@ struct uv__queue {

patches/node/fix_remove_harmony-import-assertions_from_node_cc.patch

@@ -11,10 +11,10 @@ This patch can be removed when we upgrade to a V8 version that
 contains the above CL.
 
 diff --git a/src/node.cc b/src/node.cc
-index 1a2a43bdd37441400323a800c147fcb89f0d549a..ae0b40b40e601e86d22e223a764c20106ae29d70 100644
+index f4365c0eda7330bd02a921608951902f41004f77..b2b10ffb572f010992f221de752618fd56b5d50e 100644
 --- a/src/node.cc
 +++ b/src/node.cc
-@@ -804,7 +804,7 @@ static ExitCode ProcessGlobalArgsInternal(std::vector<std::string>* args,
+@@ -808,7 +808,7 @@ static ExitCode ProcessGlobalArgsInternal(std::vector<std::string>* args,
    }
    // TODO(nicolo-ribaudo): remove this once V8 doesn't enable it by default
    // anymore.

patches/node/fix_revert_src_lb_reducing_c_calls_of_esm_legacy_main_resolve.patch

@@ -15,7 +15,7 @@ to recognize asar files.
 This reverts commit 9cf2e1f55b8446a7cde23699d00a3be73aa0c8f1.
 
 diff --git a/lib/internal/modules/esm/resolve.js b/lib/internal/modules/esm/resolve.js
-index c13475102a75d65329908f44def06a60f4a2c4f1..e9fe83a675cb5bf681934e0f1c30a3cab447ba57 100644
+index f2fbb576da23fc0a48b0c979a263aa2dbe3600eb..97d3b4e9bd9303e1271bb62b1c9851da1100e019 100644
 --- a/lib/internal/modules/esm/resolve.js
 +++ b/lib/internal/modules/esm/resolve.js
 @@ -28,14 +28,13 @@ const { BuiltinModule } = require('internal/bootstrap/realm');

patches/node/fix_serdes_test.patch

@@ -6,10 +6,10 @@ Subject: fix serdes test
 The V8 wire format version changed.
 
 diff --git a/test/parallel/test-v8-serdes.js b/test/parallel/test-v8-serdes.js
-index 296e076a9f760d94293fe4310d6f3a081e3e59f4..be6deaf463977cc65e9f135008c3ce2b2919e22f 100644
+index c87ed89353af3b52362e8afcfbce42f1ae759774..3de1dbc5fe571b5b4abd767049eec25773268b48 100644
 --- a/test/parallel/test-v8-serdes.js
 +++ b/test/parallel/test-v8-serdes.js
-@@ -163,11 +163,11 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
+@@ -167,11 +167,11 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
  
  {
    // Test that an old serialized value can still be deserialized.
@@ -23,7 +23,7 @@ index 296e076a9f760d94293fe4310d6f3a081e3e59f4..be6deaf463977cc65e9f135008c3ce2b
  
    const value = des.readValue();
    assert.strictEqual(value, value.foo);
-@@ -202,7 +202,7 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
+@@ -206,7 +206,7 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
  {
    // Unaligned Uint16Array read, with padding in the underlying array buffer.
    let buf = Buffer.alloc(32 + 9);

patches/node/fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch

@@ -1,29 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: deepak1556 <[email protected]>
-Date: Tue, 16 Nov 2021 20:05:57 +0900
-Subject: fix: suppress clang -Wdeprecated-declarations in libuv
-
-Should be upstreamed.
-
-diff --git a/deps/uv/src/win/util.c b/deps/uv/src/win/util.c
-index a96cb915930a30a49ba55fd7d15ea48f0b471f89..3c15f348bd3a9a42afcf0e4d0182d2d6f3d05cb1 100644
---- a/deps/uv/src/win/util.c
-+++ b/deps/uv/src/win/util.c
-@@ -1537,10 +1537,17 @@ int uv_os_uname(uv_utsname_t* buffer) {
-     #ifdef _MSC_VER
-     #pragma warning(suppress : 4996)
-     #endif
-+    #ifdef __clang__
-+    #pragma clang diagnostic push
-+    #pragma clang diagnostic ignored "-Wdeprecated-declarations"
-+    #endif
-     if (GetVersionExW(&os_info) == 0) {
-       r = uv_translate_sys_error(GetLastError());
-       goto error;
-     }
-+    #ifdef __clang__
-+    #pragma clang diagnostic pop
-+    #endif
-   }
- 
-   /* Populate the version field. */

patches/node/linux_try_preadv64_pwritev64_before_preadv_pwritev_4683.patch

@@ -0,0 +1,51 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <[email protected]>
+Date: Tue, 28 Jan 2025 09:27:58 +0100
+Subject: linux: try preadv64/pwritev64 before preadv/pwritev (#4683)
+
+Fixes: https://github.com/libuv/libuv/issues/4678
+Refs: https://github.com/libuv/libuv/issues/4532
+
+diff --git a/deps/uv/src/unix/fs.c b/deps/uv/src/unix/fs.c
+index 239ecda16a7eb9b40453502cf0362ae66366cf72..1631d9340bc10c2ac4c3d53a63ed9bc10f3e1c7c 100644
+--- a/deps/uv/src/unix/fs.c
++++ b/deps/uv/src/unix/fs.c
+@@ -461,12 +461,7 @@ static ssize_t uv__pwritev_emul(int fd,
+ 
+ /* The function pointer cache is an uintptr_t because _Atomic void*
+  * doesn't work on macos/ios/etc...
+- * Disable optimization on armv7 to work around the bug described in
+- * https://github.com/libuv/libuv/issues/4532
+  */
+-#if defined(__arm__) && (__ARM_ARCH == 7)
+-__attribute__((optimize("O0")))
+-#endif
+ static ssize_t uv__preadv_or_pwritev(int fd,
+                                      const struct iovec* bufs,
+                                      size_t nbufs,
+@@ -479,7 +474,12 @@ static ssize_t uv__preadv_or_pwritev(int fd,
+   p = (void*) atomic_load_explicit(cache, memory_order_relaxed);
+   if (p == NULL) {
+ #ifdef RTLD_DEFAULT
+-    p = dlsym(RTLD_DEFAULT, is_pread ? "preadv" : "pwritev");
++    /* Try _LARGEFILE_SOURCE version of preadv/pwritev first,
++     * then fall back to the plain version, for libcs like musl.
++     */
++    p = dlsym(RTLD_DEFAULT, is_pread ? "preadv64" : "pwritev64");
++    if (p == NULL)
++      p = dlsym(RTLD_DEFAULT, is_pread ? "preadv" : "pwritev");
+     dlerror();  /* Clear errors. */
+ #endif  /* RTLD_DEFAULT */
+     if (p == NULL)
+@@ -487,10 +487,7 @@ static ssize_t uv__preadv_or_pwritev(int fd,
+     atomic_store_explicit(cache, (uintptr_t) p, memory_order_relaxed);
+   }
+ 
+-  /* Use memcpy instead of `f = p` to work around a compiler bug,
+-   * see https://github.com/libuv/libuv/issues/4532
+-   */
+-  memcpy(&f, &p, sizeof(p));
++  f = p;
+   return f(fd, bufs, nbufs, off);
+ }
+ 

patches/node/pass_all_globals_through_require.patch

@@ -6,10 +6,10 @@ Subject: Pass all globals through "require"
 (cherry picked from commit 7d015419cb7a0ecfe6728431a4ed2056cd411d62)
 
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index b0210e4d96348c77da9eabbe8f3d292337cd6ae4..ad8d41a06bde1ca22d0245fa49143e080365b5e1 100644
+index 236b2484049c43ee9d6b9c728561b80813b12982..ccd038dc136480cdd84a13e58f4012b71cd40928 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
-@@ -183,6 +183,13 @@ const {
+@@ -182,6 +182,13 @@ const {
    CHAR_FORWARD_SLASH,
  } = require('internal/constants');
  
@@ -23,18 +23,18 @@ index b0210e4d96348c77da9eabbe8f3d292337cd6ae4..ad8d41a06bde1ca22d0245fa49143e08
  const {
    isProxy,
  } = require('internal/util/types');
-@@ -1541,10 +1548,12 @@ Module.prototype._compile = function(content, filename, format) {
-   this[kIsExecuting] = true;
-   if (inspectorWrapper) {
-     result = inspectorWrapper(compiledWrapper, thisValue, exports,
--                              require, module, filename, dirname);
-+                              require, module, filename, dirname,
-+                              process, localGlobal, localBuffer);
+@@ -1557,10 +1564,12 @@ Module.prototype._compile = function(content, filename, format) {
+   if (this[kIsMainSymbol] && getOptionValue('--inspect-brk')) {
+     const { callAndPauseOnStart } = internalBinding('inspector');
+     result = callAndPauseOnStart(compiledWrapper, thisValue, exports,
+-                                 require, module, filename, dirname);
++                                 require, module, filename, dirname,
++                                 process, localGlobal, localBuffer);
    } else {
      result = ReflectApply(compiledWrapper, thisValue,
 -                          [exports, require, module, filename, dirname]);
-+                          [exports, require, module, filename,
-+                           dirname, process, localGlobal, localBuffer]);
++                          [exports, require, module, filename, dirname,
++                           process, localGlobal, localBuffer]);
    }
    this[kIsExecuting] = false;
    if (requireDepth === 0) { statCache = null; }

patches/node/src_provide_workaround_for_container-overflow.patch

@@ -1,45 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daniel Lemire <[email protected]>
-Date: Tue, 29 Oct 2024 12:28:47 -0400
-Subject: src: provide workaround for container-overflow
-
-Address a sanitizer error 'container-overflow', which happens only on systems where the
-standard library has been annotated to warn about reads between the std::string's end
-and the end of the its allocated memory (std::string:capacity). This reads are memory safe
-but they can also be a sign that there is a real bug. In the instance of issue 55584,
-it is not a bug, it is a false positive.
-
-In some instances, it is possible to indicate to the compiler that we want to disallow
-these checks to avoid the false positive, but I could not find documentation on this topic
-In a future release of simdjson, we will provide a more convenient function that
-avoids such ugly workaround.
-
-diff --git a/src/node_modules.cc b/src/node_modules.cc
-index dfd115a9eccc6b58d63a72ac450a1497354482dd..16a9f923148835daa95d3578e5941b284ff71434 100644
---- a/src/node_modules.cc
-+++ b/src/node_modules.cc
-@@ -100,11 +100,23 @@ const BindingData::PackageConfig* BindingData::GetPackageJSON(
-   if (ReadFileSync(&package_config.raw_json, path.data()) < 0) {
-     return nullptr;
-   }
-+  // In some systems, std::string is annotated to generate an
-+  // AddressSanitizer: container-overflow error when reading beyond the end of
-+  // the string even when we are still within the capacity of the string.
-+  // https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow
-+  // https://github.com/nodejs/node/issues/55584
-+  // The next lines are a workaround to avoid this false positive.
-+  size_t json_length = package_config.raw_json.size();
-+  package_config.raw_json.append(simdjson::SIMDJSON_PADDING, ' ');
-+  simdjson::padded_string_view json_view(package_config.raw_json.data(),
-+                                         json_length,
-+                                         package_config.raw_json.size());
-+  // End of workaround
- 
-   simdjson::ondemand::document document;
-   simdjson::ondemand::object main_object;
-   simdjson::error_code error =
--      binding_data->json_parser.iterate(package_config.raw_json).get(document);
-+      binding_data->json_parser.iterate(json_view).get(document);
- 
-   const auto throw_invalid_package_config = [error_context, path, realm]() {
-     if (error_context == nullptr) {

patches/node/src_remove_dependency_on_wrapper-descriptor-based_cppheap.patch

@@ -16,7 +16,7 @@ patch:
 (cherry picked from commit 30329d06235a9f9733b1d4da479b403462d1b326)
 
 diff --git a/src/env-inl.h b/src/env-inl.h
-index 3b041dd28ba32f028ecbb7d87b82f9ddee406b4f..5436c1a0f21e261f2eb2fdbb7f679d4f92a14ffd 100644
+index c460018af954e6333cd937059ae5dc81f179d8ca..d266eca6fc3300e657383feb4bb7a7194da79275 100644
 --- a/src/env-inl.h
 +++ b/src/env-inl.h
 @@ -62,31 +62,6 @@ inline uv_loop_t* IsolateData::event_loop() const {
@@ -52,7 +52,7 @@ index 3b041dd28ba32f028ecbb7d87b82f9ddee406b4f..5436c1a0f21e261f2eb2fdbb7f679d4f
    return &(wrapper_data_->cppgc_id);
  }
 diff --git a/src/env.cc b/src/env.cc
-index 130524cad713e8aa685feaa8c384fe4db9452500..21bc5b8a3326e759ce12b865e49029cf8ffe9995 100644
+index adb6cc1c2f1c0100b64e688d13e5ca81b1ae2775..579a15f0e1fdd97184ec81873dbc4547e747ec1d 100644
 --- a/src/env.cc
 +++ b/src/env.cc
 @@ -23,6 +23,7 @@
@@ -71,7 +71,7 @@ index 130524cad713e8aa685feaa8c384fe4db9452500..21bc5b8a3326e759ce12b865e49029cf
  using worker::Worker;
  
  int const ContextEmbedderTag::kNodeContextTag = 0x6e6f64;
-@@ -532,6 +532,14 @@ void IsolateData::CreateProperties() {
+@@ -531,6 +531,14 @@ void IsolateData::CreateProperties() {
    CreateEnvProxyTemplate(this);
  }
  
@@ -86,7 +86,7 @@ index 130524cad713e8aa685feaa8c384fe4db9452500..21bc5b8a3326e759ce12b865e49029cf
  constexpr uint16_t kDefaultCppGCEmbedderID = 0x90de;
  Mutex IsolateData::isolate_data_mutex_;
  std::unordered_map<uint16_t, std::unique_ptr<PerIsolateWrapperData>>
-@@ -569,36 +577,16 @@ IsolateData::IsolateData(Isolate* isolate,
+@@ -568,36 +576,16 @@ IsolateData::IsolateData(Isolate* isolate,
    v8::CppHeap* cpp_heap = isolate->GetCppHeap();
  
    uint16_t cppgc_id = kDefaultCppGCEmbedderID;
@@ -130,7 +130,7 @@ index 130524cad713e8aa685feaa8c384fe4db9452500..21bc5b8a3326e759ce12b865e49029cf
  
    {
      // GC could still be run after the IsolateData is destroyed, so we store
-@@ -630,11 +618,12 @@ IsolateData::~IsolateData() {
+@@ -629,11 +617,12 @@ IsolateData::~IsolateData() {
    }
  }
  
@@ -146,7 +146,7 @@ index 130524cad713e8aa685feaa8c384fe4db9452500..21bc5b8a3326e759ce12b865e49029cf
  
  void IsolateData::MemoryInfo(MemoryTracker* tracker) const {
 diff --git a/src/env.h b/src/env.h
-index 3ef093e612b23d5e1e7cacf56055e5f9818bcb02..9dfc1364c7206377b6d0d088b456c357c23a9151 100644
+index 0a3f09ebc7e2e7c1f8b9499d4439e2ca90b86810..d6f412cb13460f97f9444af397c8025c7a8bd290 100644
 --- a/src/env.h
 +++ b/src/env.h
 @@ -175,10 +175,6 @@ class NODE_EXTERN_PRIVATE IsolateData : public MemoryRetainer {
@@ -161,10 +161,10 @@ index 3ef093e612b23d5e1e7cacf56055e5f9818bcb02..9dfc1364c7206377b6d0d088b456c357
    inline MultiIsolatePlatform* platform() const;
    inline const SnapshotData* snapshot_data() const;
 diff --git a/src/node.h b/src/node.h
-index c16204ad2a4787eeffe61eedda254d3a5509df8c..c39f586e9c5e7e9db75d922d244ea8e4d6d56841 100644
+index 00de9a76d515290eba05aacada0942e611e11b22..e62501ae102a73408849fecdba703abe5c84e24d 100644
 --- a/src/node.h
 +++ b/src/node.h
-@@ -1561,24 +1561,14 @@ void RegisterSignalHandler(int signal,
+@@ -1555,24 +1555,14 @@ void RegisterSignalHandler(int signal,
                             bool reset_handler = false);
  #endif  // _WIN32
  

patches/node/src_stop_using_deprecated_fields_of_fastapicallbackoptions.patch

@@ -40,10 +40,10 @@ index c62a5b8952400ff0dd8818c31a3e07622b63725c..36f61f57e951e1abfeb2fedb831b55c6
    }
    HistogramBase* histogram;
 diff --git a/src/node_file.cc b/src/node_file.cc
-index 6b98a13099990918dc619c47124c8538bbee5e2d..307492bf3dfce7b4a476c448bec666b8116dc431 100644
+index 4bdbfa1be2c22f6a823acc380efe15c8d72f66ce..83f482612fae2d7ebf9bfd6817d334c239f8a218 100644
 --- a/src/node_file.cc
 +++ b/src/node_file.cc
-@@ -1060,22 +1060,10 @@ static int32_t FastInternalModuleStat(
+@@ -1060,13 +1060,8 @@ static int32_t FastInternalModuleStat(
      // NOLINTNEXTLINE(runtime/references) This is V8 api.
      FastApiCallbackOptions& options) {
    // This needs a HandleScope which needs an isolate.
@@ -54,20 +54,11 @@ index 6b98a13099990918dc619c47124c8538bbee5e2d..307492bf3dfce7b4a476c448bec666b8
 -  }
 -
 -  HandleScope scope(isolate);
--  Environment* env = Environment::GetCurrent(recv->GetCreationContextChecked());
 +  Environment* env = Environment::GetCurrent(options.isolate);
 +  HandleScope scope(env->isolate());
  
    auto path = std::filesystem::path(input.data, input.data + input.length);
--  if (!env->permission()->is_granted(
--          env, permission::PermissionScope::kFileSystemRead, path.string()))
--      [[unlikely]] {
--    options.fallback = true;
--    return -1;
--  }
  
-   switch (std::filesystem::status(path).type()) {
-     case std::filesystem::file_type::directory:
 diff --git a/src/node_wasi.cc b/src/node_wasi.cc
 index 468c2e59903fefe58d9c178d3afac3ef5b09f611..23a376e52e08a8af49dd47c47488552e01287426 100644
 --- a/src/node_wasi.cc

patches/node/support_v8_sandboxed_pointers.patch

@@ -143,7 +143,7 @@ index 8a6a36a3c31532ed585c287ba8cee14026d315b4..3d449b5853f359d63e1b88671a857bf9
  void SecureHeapUsed(const FunctionCallbackInfo<Value>& args) {
  #ifndef OPENSSL_IS_BORINGSSL
 diff --git a/src/crypto/crypto_util.h b/src/crypto/crypto_util.h
-index 922e77091d72172ed6cfc5e8477901e3608396c5..16a236c69caed6d60248c7973531a95adc8f2edb 100644
+index 5c717c6fdb0fc453fa6c0061077300926af31ed5..b5fbe8e964943ab6f3842b27638f20ff64a1c0c4 100644
 --- a/src/crypto/crypto_util.h
 +++ b/src/crypto/crypto_util.h
 @@ -268,7 +268,7 @@ class ByteSource {
@@ -189,10 +189,10 @@ index 9b9bb7be9a8daca98a2635bf13cb6d1d561ea5fb..81afe2b5f7398f0c20b340648ca75022
    Local<Value> ret;
    if (!Buffer::New(env, ab, 0, ab->ByteLength()).ToLocal(&ret)) return {};
 diff --git a/src/node_i18n.cc b/src/node_i18n.cc
-index 43bb68351bf0a68285e464601013bbdbd5d5df5f..4126bbff080548c91154a6dcc437359c82a6c771 100644
+index 0bcf10a0b35accb8d6d5fe9891d4f52b27d40346..606c2021242e6967ea4195af3e2493a7d5745dae 100644
 --- a/src/node_i18n.cc
 +++ b/src/node_i18n.cc
-@@ -107,7 +107,7 @@ namespace {
+@@ -104,7 +104,7 @@ namespace {
  
  template <typename T>
  MaybeLocal<Object> ToBufferEndian(Environment* env, MaybeStackBuffer<T>* buf) {
@@ -201,7 +201,7 @@ index 43bb68351bf0a68285e464601013bbdbd5d5df5f..4126bbff080548c91154a6dcc437359c
    if (ret.IsEmpty())
      return ret;
  
-@@ -184,7 +184,7 @@ MaybeLocal<Object> TranscodeLatin1ToUcs2(Environment* env,
+@@ -181,7 +181,7 @@ MaybeLocal<Object> TranscodeLatin1ToUcs2(Environment* env,
      return {};
    }
  
@@ -210,7 +210,7 @@ index 43bb68351bf0a68285e464601013bbdbd5d5df5f..4126bbff080548c91154a6dcc437359c
  }
  
  MaybeLocal<Object> TranscodeFromUcs2(Environment* env,
-@@ -229,7 +229,7 @@ MaybeLocal<Object> TranscodeUcs2FromUtf8(Environment* env,
+@@ -226,7 +226,7 @@ MaybeLocal<Object> TranscodeUcs2FromUtf8(Environment* env,
      return {};
    }
  
@@ -219,7 +219,7 @@ index 43bb68351bf0a68285e464601013bbdbd5d5df5f..4126bbff080548c91154a6dcc437359c
  }
  
  MaybeLocal<Object> TranscodeUtf8FromUcs2(Environment* env,
-@@ -253,7 +253,7 @@ MaybeLocal<Object> TranscodeUtf8FromUcs2(Environment* env,
+@@ -250,7 +250,7 @@ MaybeLocal<Object> TranscodeUtf8FromUcs2(Environment* env,
      return {};
    }
  
@@ -229,7 +229,7 @@ index 43bb68351bf0a68285e464601013bbdbd5d5df5f..4126bbff080548c91154a6dcc437359c
  
  constexpr const char* EncodingName(const enum encoding encoding) {
 diff --git a/src/node_internals.h b/src/node_internals.h
-index 85b666e11f5654afe2a2f192e629221f2133b165..bd8d65247ad3ba4878f1288ab2b66e3598982b09 100644
+index 000ba16303740d7e48dcaf7b7c2e16fd750ac599..6396dc8f1a9db806ca4a4b547914680fcbaed9a1 100644
 --- a/src/node_internals.h
 +++ b/src/node_internals.h
 @@ -117,7 +117,9 @@ v8::Maybe<void> InitializePrimordials(v8::Local<v8::Context> context);

patches/node/test_formally_mark_some_tests_as_flaky.patch

@@ -7,7 +7,7 @@ Instead of disabling the tests, flag them as flaky so they still run
 but don't cause CI failures on flakes.
 
 diff --git a/test/parallel/parallel.status b/test/parallel/parallel.status
-index 6b5b0ed739bc8600d46c2f65993b86a4092c680c..40beb6a5ec2e129181ce74afce4021bf88286989 100644
+index fd42444c7b216a4a1fa026efc1bbc1b5df8c7394..26f78764842aaaa781a9409dda2a7d3265351178 100644
 --- a/test/parallel/parallel.status
 +++ b/test/parallel/parallel.status
 @@ -5,6 +5,16 @@ prefix parallel
@@ -28,7 +28,7 @@ index 6b5b0ed739bc8600d46c2f65993b86a4092c680c..40beb6a5ec2e129181ce74afce4021bf
  test-net-write-fully-async-hex-string: PASS, FLAKY
  # https://github.com/nodejs/node/issues/52273
 diff --git a/test/sequential/sequential.status b/test/sequential/sequential.status
-index 073b29cce8dbca4c8d92ad666f9244ad511296db..338d20263f29a630febb96567f3cb708623bd09a 100644
+index 5f4445416d95fa588ccec309fd119cd40cfc8046..c0024ce74c619800ee812b1cac11297f82772356 100644
 --- a/test/sequential/sequential.status
 +++ b/test/sequential/sequential.status
 @@ -7,6 +7,18 @@ prefix sequential

patches/node/test_make_test-node-output-v8-warning_generic.patch

@@ -1,51 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <[email protected]>
-Date: Tue, 16 Jan 2024 14:53:31 +0100
-Subject: test: make test-node-output-v8-warning generic
-
-Ref https://github.com/nodejs/node/pull/50421.
-
-The above CL migrated python snapshot testing to JS, and in the process
-added string replace calls to change 'node' as a hardcoded string to an
-asterisk. This was initially fixed in https://github.com/nodejs/node/pull/36489
-before being regressed in the above, as that PR essentially makes the wildcard
-meaningless. Fix it for now by replacing the process.argv0 basename instead.
-
-Some form of fix for this should be upstreamed.
-
-diff --git a/test/parallel/test-node-output-v8-warning.mjs b/test/parallel/test-node-output-v8-warning.mjs
-index 309e904c49b7124b64831293e0473a5d35249081..6636144f5074811f95bbe53a62718c8084088bdc 100644
---- a/test/parallel/test-node-output-v8-warning.mjs
-+++ b/test/parallel/test-node-output-v8-warning.mjs
-@@ -2,11 +2,18 @@ import '../common/index.mjs';
- import * as fixtures from '../common/fixtures.mjs';
- import * as snapshot from '../common/assertSnapshot.js';
- import { describe, it } from 'node:test';
-+import { basename } from 'node:path';
- 
- function replaceNodeVersion(str) {
-   return str.replaceAll(process.version, '*');
- }
- 
-+function replaceExecName(str) {
-+  // Copied from lib/internal/process/warning.js
-+  const baseName = basename(process.argv0 || 'node', '.exe');
-+  return str.replaceAll(`${baseName} --`, '* --');
-+}
-+
- describe('v8 output', { concurrency: !process.env.TEST_PARALLEL }, () => {
-   function normalize(str) {
-     return str.replaceAll(snapshot.replaceWindowsPaths(process.cwd()), '')
-@@ -15,10 +22,10 @@ describe('v8 output', { concurrency: !process.env.TEST_PARALLEL }, () => {
-     .replaceAll('*test*', '*')
-     .replaceAll(/.*?\*fixtures\*v8\*/g, '(node:*) V8: *') // Replace entire path before fixtures/v8
-     .replaceAll('*fixtures*v8*', '*')
--    .replaceAll('node --', '* --');
-   }
-+
-   const common = snapshot
--    .transform(snapshot.replaceWindowsLineEndings, snapshot.replaceWindowsPaths, replaceNodeVersion);
-+    .transform(snapshot.replaceWindowsLineEndings, snapshot.replaceWindowsPaths, replaceNodeVersion, replaceExecName);
-   const defaultTransform = snapshot.transform(common, normalize);
-   const tests = [
-     { name: 'v8/v8_warning.js' },

patches/node/win_almost_fix_race_detecting_esrch_in_uv_kill.patch

@@ -1,70 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Santiago Gimeno <[email protected]>
-Date: Tue, 5 Mar 2024 14:54:59 +0100
-Subject: win: almost fix race detecting ESRCH in uv_kill
-
-It might happen that only using `WaitForSingleObject()` with timeout 0
-could return WAIT_TIMEOUT as the process might not have been signaled
-yet. To improve things, first use `GetExitCodeProcess()` and check
-that `status` is not `STILL_ACTIVE`. Then, to cover for the case that the exit
-code was actually `STILL_ACTIVE` use `WaitForSingleObject()`. This could
-still be prone to the race condition but only for that case.
-
-diff --git a/deps/uv/src/win/process.c b/deps/uv/src/win/process.c
-index 4e94dee90e13eede63d8e97ddc9992726f874ea9..f46f34289e8e7d3a2af914d89e6164b751a3e47d 100644
---- a/deps/uv/src/win/process.c
-+++ b/deps/uv/src/win/process.c
-@@ -1308,16 +1308,34 @@ static int uv__kill(HANDLE process_handle, int signum) {
-       /* Unconditionally terminate the process. On Windows, killed processes
-        * normally return 1. */
-       int err;
-+      DWORD status;
- 
-       if (TerminateProcess(process_handle, 1))
-         return 0;
- 
--      /* If the process already exited before TerminateProcess was called,.
-+      /* If the process already exited before TerminateProcess was called,
-        * TerminateProcess will fail with ERROR_ACCESS_DENIED. */
-       err = GetLastError();
--      if (err == ERROR_ACCESS_DENIED &&
--          WaitForSingleObject(process_handle, 0) == WAIT_OBJECT_0) {
--        return UV_ESRCH;
-+      if (err == ERROR_ACCESS_DENIED) {
-+        /* First check using GetExitCodeProcess() with status different from
-+         * STILL_ACTIVE (259). This check can be set incorrectly by the process,
-+         * though that is uncommon. */
-+        if (GetExitCodeProcess(process_handle, &status) &&
-+            status != STILL_ACTIVE) {
-+          return UV_ESRCH;
-+        }
-+
-+        /* But the process could have exited with code == STILL_ACTIVE, use then
-+         * WaitForSingleObject with timeout zero. This is prone to a race
-+         * condition as it could return WAIT_TIMEOUT because the handle might
-+         * not have been signaled yet.That would result in returning the wrong
-+         * error code here (UV_EACCES instead of UV_ESRCH), but we cannot fix
-+         * the kernel synchronization issue that TerminateProcess is
-+         * inconsistent with WaitForSingleObject with just the APIs available to
-+         * us in user space. */
-+        if (WaitForSingleObject(process_handle, 0) == WAIT_OBJECT_0) {
-+          return UV_ESRCH;
-+        }
-       }
- 
-       return uv_translate_sys_error(err);
-@@ -1325,6 +1343,14 @@ static int uv__kill(HANDLE process_handle, int signum) {
- 
-     case 0: {
-       /* Health check: is the process still alive? */
-+      DWORD status;
-+
-+      if (!GetExitCodeProcess(process_handle, &status))
-+        return uv_translate_sys_error(GetLastError());
-+
-+      if (status != STILL_ACTIVE)
-+        return UV_ESRCH;
-+
-       switch (WaitForSingleObject(process_handle, 0)) {
-         case WAIT_OBJECT_0:
-           return UV_ESRCH;

script/node-disabled-tests.json

@@ -1,6 +1,7 @@
 [
   "abort/test-abort-backtrace",
   "es-module/test-vm-compile-function-lineoffset",
+  "es-module/test-cjs-legacyMainResolve-permission.js",
   "parallel/test-async-context-frame",
   "parallel/test-bootstrap-modules",
   "parallel/test-child-process-fork-exec-path",
@@ -26,6 +27,7 @@
   "parallel/test-crypto-secure-heap",
   "parallel/test-dgram-send-cb-quelches-error",
   "parallel/test-domain-error-types",
+  "parallel/test-fs-readdir-types-symlinks",
   "parallel/test-fs-utimes-y2K38",
   "parallel/test-http2-clean-output",
   "parallel/test-http2-https-fallback",