chore: bump node to v16.17.0 (main) (#35350)

* chore: bump node in DEPS to v16.17.0

* chore: fixup asar patch

* lib: use null-prototype objects for property descriptors

https://github.com/nodejs/node/pull/43270

* src: make SecureContext fields private

https://github.com/nodejs/node/pull/43173

* crypto: remove Node.js-specific webcrypto extensions

https://github.com/nodejs/node/pull/43310

* test: refactor to top-level await

https://github.com/nodejs/node/pull/43500

* deps: cherry-pick two libuv fixes

https://github.com/nodejs/node/pull/43950

* src: slim down env-inl.h

https://github.com/nodejs/node/pull/43745

* util: add AggregateError.prototype.errors to inspect output

https://github.com/nodejs/node/pull/43646

* esm: improve performance & tidy tests

https://github.com/nodejs/node/pull/43784

* src: NodeArrayBufferAllocator delegates to v8's allocator

https://github.com/nodejs/node/pull/43594

* chore: update patch indices

* chore: update filenames

* src: refactor IsSupportedAuthenticatedMode

https://github.com/nodejs/node/pull/42368

* src: add --openssl-legacy-provider option

https://github.com/nodejs/node/pull/40478

* lib,src: add source map support for global eval

https://github.com/nodejs/node/pull/43428

* trace_events: trace net connect event

https://github.com/nodejs/node/pull/43903

* deps: update ICU to 71.1

https://github.com/nodejs/node/pull/42655

This fails the test because it's missing https://chromium-review.googlesource.com/c/chromium/deps/icu/+/3841093

* lib: give names to promisified exists() and question()

https://github.com/nodejs/node/pull/43218

* crypto: add CFRG curves to Web Crypto API

https://github.com/nodejs/node/pull/42507

* src: fix memory leak for v8.serialize

https://github.com/nodejs/node/pull/42695

This test does not work for Electron as they do not use V8's
ArrayBufferAllocator.

* buffer: fix atob input validation

https://github.com/nodejs/node/pull/42539

* src: fix ssize_t error from nghttp2.h

https://github.com/nodejs/node/pull/44393

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <[email protected]>

DEPS

@@ -4,7 +4,7 @@ vars = {
   'chromium_version':
     '106.0.5216.0',
   'node_version':
-    'v16.16.0',
+    'v16.17.0',
   'nan_version':
     '16fa32231e2ccd89d2804b3f765319128b20c4ac',
   'squirrel.mac_version':

lib/asar/fs-wrapper.ts

@@ -263,7 +263,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
   };
 
   const { lstat } = fs;
-  fs.lstat = function (pathArgument: string, options: any, callback: any) {
+  fs.lstat = (pathArgument: string, options: any, callback: any) => {
     const pathInfo = splitPath(pathArgument);
     if (typeof options === 'function') {
       callback = options;
@@ -382,10 +382,10 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
 
   fs.promises.realpath = util.promisify(fs.realpath.native);
 
-  const { exists } = fs;
-  fs.exists = (pathArgument: string, callback: any) => {
+  const { exists: nativeExists } = fs;
+  fs.exists = function exists (pathArgument: string, callback: any) {
     const pathInfo = splitPath(pathArgument);
-    if (!pathInfo.isAsar) return exists(pathArgument, callback);
+    if (!pathInfo.isAsar) return nativeExists(pathArgument, callback);
     const { asarPath, filePath } = pathInfo;
 
     const archive = getOrCreateArchive(asarPath);
@@ -399,9 +399,9 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
     nextTick(callback, [pathExists]);
   };
 
-  fs.exists[util.promisify.custom] = (pathArgument: string) => {
+  fs.exists[util.promisify.custom] = function exists (pathArgument: string) {
     const pathInfo = splitPath(pathArgument);
-    if (!pathInfo.isAsar) return exists[util.promisify.custom](pathArgument);
+    if (!pathInfo.isAsar) return nativeExists[util.promisify.custom](pathArgument);
     const { asarPath, filePath } = pathInfo;
 
     const archive = getOrCreateArchive(asarPath);

patches/node/.patches

@@ -19,8 +19,6 @@ fix_readbarrier_undefined_symbol_error_on_woa_arm64.patch
 fix_crash_caused_by_gethostnamew_on_windows_7.patch
 fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch
 fix_serdes_test.patch
-darwin_remove_eprototype_error_workaround_3405.patch
-darwin_translate_eprototype_to_econnreset_3413.patch
 darwin_bump_minimum_supported_version_to_10_15_3406.patch
 fix_failing_node_js_test_on_outdated.patch
 be_compatible_with_cppgc.patch
@@ -46,4 +44,4 @@ support_v8_sandboxed_pointers.patch
 build_ensure_v8_pointer_compression_sandbox_is_enabled_on_64bit.patch
 build_ensure_native_module_compilation_fails_if_not_using_a_new.patch
 fix_override_createjob_in_node_platform.patch
-buffer_fix_atob_input_validation.patch
+src_fix_ssize_t_error_from_nghttp2_h.patch

patches/node/be_compatible_with_cppgc.patch

@@ -45,36 +45,48 @@ This patch should be upstreamed to Node.
 
 See also: https://source.chromium.org/chromium/chromium/src/+/main:v8/include/v8-cppgc.h;l=70-76;drc=5a758a97032f0b656c3c36a3497560762495501a
 
-diff --git a/src/base_object-inl.h b/src/base_object-inl.h
-index bb1e8d4b46bce3bf08f730ac5d43f7113d17ae39..6da0669943fc6465ffc47a1c8c3dadfea6beb1c9 100644
---- a/src/base_object-inl.h
-+++ b/src/base_object-inl.h
-@@ -32,10 +32,21 @@
+diff --git a/src/base_object.h b/src/base_object.h
+index 842f763a56d75c55509534e3d44a8080dd283127..b6078fe83c82a5edec0f7652b8c2d1b6c2491ca4 100644
+--- a/src/base_object.h
++++ b/src/base_object.h
+@@ -40,7 +40,7 @@ class TransferData;
+ 
+ class BaseObject : public MemoryRetainer {
+  public:
+-  enum InternalFields { kSlot, kInternalFieldCount };
++  enum InternalFields { kWrapperType, kSlot, kInternalFieldCount };
  
- namespace node {
+   // Associates this object with `object`. It uses the 0th internal field for
+   // that, and in particular aborts if there is no such field.
+diff --git a/src/env.cc b/src/env.cc
+index 22be69ec30a5b8466caacc698c791494891e5dee..cc44d578df9e146aa72f8273c1271d6a3c00d610 100644
+--- a/src/env.cc
++++ b/src/env.cc
+@@ -2119,11 +2119,20 @@ void Environment::RunWeakRefCleanup() {
+   isolate()->ClearKeptObjects();
+ }
  
-+namespace {
 +// This just has to be different from the Chromium ones:
 +// https://source.chromium.org/chromium/chromium/src/+/main:gin/public/gin_embedders.h;l=18-23;drc=5a758a97032f0b656c3c36a3497560762495501a
 +// Otherwise, when Node is loaded in an isolate which uses cppgc, cppgc will
 +// misinterpret the data stored in the embedder fields and try to garbage
 +// collect them.
-+static uint16_t kNodeEmbedderId = 0x90de;
-+}
++uint16_t kNodeEmbedderId = 0x90de;
 +
- BaseObject::BaseObject(Environment* env, v8::Local<v8::Object> object)
+ // Not really any better place than env.cc at this moment.
+ BaseObject::BaseObject(Environment* env, Local<Object> object)
      : persistent_handle_(env->isolate(), object), env_(env) {
    CHECK_EQ(false, object.IsEmpty());
 -  CHECK_GT(object->InternalFieldCount(), 0);
 +  CHECK_GT(object->InternalFieldCount(), BaseObject::kSlot);
 +  object->SetAlignedPointerInInternalField(BaseObject::kWrapperType,
 +      &kNodeEmbedderId);
-   object->SetAlignedPointerInInternalField(
-       BaseObject::kSlot,
-       static_cast<void*>(this));
-@@ -151,7 +162,8 @@ bool BaseObject::IsWeakOrDetached() const {
+   object->SetAlignedPointerInInternalField(BaseObject::kSlot,
+                                            static_cast<void*>(this));
+   env->AddCleanupHook(DeleteMe, static_cast<void*>(this));
+@@ -2177,7 +2186,8 @@ void BaseObject::MakeWeak() {
  void BaseObject::LazilyInitializedJSTemplateConstructor(
-     const v8::FunctionCallbackInfo<v8::Value>& args) {
+     const FunctionCallbackInfo<Value>& args) {
    DCHECK(args.IsConstructCall());
 -  DCHECK_GT(args.This()->InternalFieldCount(), 0);
 +  DCHECK_GT(args.This()->InternalFieldCount(), BaseObject::kSlot);
@@ -82,16 +94,3 @@ index bb1e8d4b46bce3bf08f730ac5d43f7113d17ae39..6da0669943fc6465ffc47a1c8c3dadfe
    args.This()->SetAlignedPointerInInternalField(BaseObject::kSlot, nullptr);
  }
  
-diff --git a/src/base_object.h b/src/base_object.h
-index 1c63da92fd80c042d5ea729bdd70049cae51a141..3b8127e884187b21cebeabb39b60bd3010b62217 100644
---- a/src/base_object.h
-+++ b/src/base_object.h
-@@ -40,7 +40,7 @@ class TransferData;
- 
- class BaseObject : public MemoryRetainer {
-  public:
--  enum InternalFields { kSlot, kInternalFieldCount };
-+  enum InternalFields { kWrapperType, kSlot, kInternalFieldCount };
- 
-   // Associates this object with `object`. It uses the 0th internal field for
-   // that, and in particular aborts if there is no such field.

patches/node/buffer_fix_atob_input_validation.patch

@@ -1,89 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <[email protected]>
-Date: Tue, 23 Aug 2022 11:13:45 +0200
-Subject: buffer: fix `atob` input validation
-
-This patch combines:
-
-* https://github.com/nodejs/node/pull/42539
-* https://github.com/nodejs/node/pull/42662
-
-To bring the Node.js implementation of atob into alignment with the
-WHATWG spec.
-
-diff --git a/lib/buffer.js b/lib/buffer.js
-index 57d6cddbaa2e6bdd846a667897588dea18daeb42..7602d4049e9bb1c09440bc3af09ad5ad9c768308 100644
---- a/lib/buffer.js
-+++ b/lib/buffer.js
-@@ -23,8 +23,10 @@
- 
- const {
-   Array,
-+  ArrayFrom,
-   ArrayIsArray,
-   ArrayPrototypeForEach,
-+  ArrayPrototypeIndexOf,
-   MathFloor,
-   MathMin,
-   MathTrunc,
-@@ -1231,8 +1233,25 @@ function btoa(input) {
-   return buf.toString('base64');
- }
- 
--const kBase64Digits =
--  'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
-+// Refs: https://infra.spec.whatwg.org/#forgiving-base64-decode
-+const kForgivingBase64AllowedChars = [
-+  // ASCII whitespace
-+  // Refs: https://infra.spec.whatwg.org/#ascii-whitespace
-+  0x09, 0x0A, 0x0C, 0x0D, 0x20,
-+
-+  // Uppercase letters
-+  ...ArrayFrom({ length: 26 }, (_, i) => StringPrototypeCharCodeAt('A') + i),
-+
-+  // Lowercase letters
-+  ...ArrayFrom({ length: 26 }, (_, i) => StringPrototypeCharCodeAt('a') + i),
-+
-+  // Decimal digits
-+  ...ArrayFrom({ length: 10 }, (_, i) => StringPrototypeCharCodeAt('0') + i),
-+
-+  0x2B, // +
-+  0x2F, // /
-+  0x3D, // =
-+];
- 
- function atob(input) {
-   // The implementation here has not been performance optimized in any way and
-@@ -1241,11 +1260,31 @@ function atob(input) {
-   if (arguments.length === 0) {
-     throw new ERR_MISSING_ARGS('input');
-   }
-+
-   input = `${input}`;
-+  let nonAsciiWhitespaceCharCount = 0;
-+
-   for (let n = 0; n < input.length; n++) {
--    if (!kBase64Digits.includes(input[n]))
-+    const index = ArrayPrototypeIndexOf(
-+      kForgivingBase64AllowedChars,
-+      StringPrototypeCharCodeAt(input, n));
-+
-+    if (index > 4) {
-+      // The first 5 elements of `kForgivingBase64AllowedChars` are
-+      // ASCII whitespace char codes.
-+      nonAsciiWhitespaceCharCount++;
-+    } else if (index === -1) {
-       throw lazyDOMException('Invalid character', 'InvalidCharacterError');
-+    }
-   }
-+
-+  // See #3 - https://infra.spec.whatwg.org/#forgiving-base64
-+  if (nonAsciiWhitespaceCharCount % 4 === 1) {
-+    throw lazyDOMException(
-+      'The string to be decoded is not correctly encoded.',
-+      'InvalidCharacterError');
-+  }
-+
-   return Buffer.from(input, 'base64').toString('latin1');
- }
- 

patches/node/build_add_gn_build_files.patch

@@ -1008,10 +1008,10 @@ index 0000000000000000000000000000000000000000..2c9d2826c85bdd033f1df1d6188df636
 +}
 diff --git a/filenames.json b/filenames.json
 new file mode 100644
-index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6de1bd518
+index 0000000000000000000000000000000000000000..13fd1469ef0aa33853ddc6f31eda5b15f6312138
 --- /dev/null
 +++ b/filenames.json
-@@ -0,0 +1,616 @@
+@@ -0,0 +1,625 @@
 +// This file is automatically generated by generate_gn_filenames_json.py
 +// DO NOT EDIT
 +{
@@ -1147,6 +1147,7 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "lib/child_process.js",
 +    "lib/assert.js",
 +    "lib/_tls_wrap.js",
++    "lib/test.js",
 +    "lib/http2.js",
 +    "lib/inspector.js",
 +    "lib/os.js",
@@ -1242,6 +1243,11 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "lib/internal/http.js",
 +    "lib/internal/buffer.js",
 +    "lib/internal/trace_events_async_hooks.js",
++    "lib/internal/v8/startup_snapshot.js",
++    "lib/internal/test_runner/test.js",
++    "lib/internal/test_runner/harness.js",
++    "lib/internal/test_runner/utils.js",
++    "lib/internal/test_runner/tap_stream.js",
 +    "lib/internal/crypto/sig.js",
 +    "lib/internal/crypto/rsa.js",
 +    "lib/internal/crypto/aes.js",
@@ -1249,6 +1255,7 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "lib/internal/crypto/scrypt.js",
 +    "lib/internal/crypto/random.js",
 +    "lib/internal/crypto/keys.js",
++    "lib/internal/crypto/cfrg.js",
 +    "lib/internal/crypto/x509.js",
 +    "lib/internal/crypto/certificate.js",
 +    "lib/internal/crypto/ec.js",
@@ -1260,7 +1267,6 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "lib/internal/crypto/hash.js",
 +    "lib/internal/crypto/pbkdf2.js",
 +    "lib/internal/crypto/webcrypto.js",
-+    "lib/internal/crypto/dsa.js",
 +    "lib/internal/crypto/hashnames.js",
 +    "lib/internal/cluster/shared_handle.js",
 +    "lib/internal/cluster/round_robin_handle.js",
@@ -1293,6 +1299,8 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "lib/internal/util/debuglog.js",
 +    "lib/internal/util/inspect.js",
 +    "lib/internal/util/iterable_weak_map.js",
++    "lib/internal/util/parse_args/utils.js",
++    "lib/internal/util/parse_args/parse_args.js",
 +    "lib/internal/streams/add-abort-signal.js",
 +    "lib/internal/streams/compose.js",
 +    "lib/internal/streams/duplexify.js",
@@ -1342,7 +1350,9 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "lib/internal/main/eval_string.js",
 +    "lib/internal/main/check_syntax.js",
 +    "lib/internal/main/prof_process.js",
++    "lib/internal/main/test_runner.js",
 +    "lib/internal/main/worker_thread.js",
++    "lib/internal/main/mksnapshot.js",
 +    "lib/internal/main/inspect.js",
 +    "lib/internal/main/eval_stdin.js",
 +    "lib/internal/main/run_main_module.js",
@@ -1351,7 +1361,6 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "lib/internal/modules/esm/module_job.js",
 +    "lib/internal/modules/esm/assert.js",
 +    "lib/internal/modules/esm/fetch_module.js",
-+    "lib/internal/modules/esm/get_source.js",
 +    "lib/internal/modules/esm/translators.js",
 +    "lib/internal/modules/esm/resolve.js",
 +    "lib/internal/modules/esm/create_dynamic_module.js",
@@ -1387,6 +1396,7 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "lib/internal/perf/utils.js",
 +    "lib/internal/perf/observe.js",
 +    "lib/internal/perf/event_loop_delay.js",
++    "lib/internal/perf/resource_timing.js",
 +    "lib/internal/perf/event_loop_utilization.js",
 +    "lib/internal/policy/manifest.js",
 +    "lib/internal/policy/sri.js",
@@ -1523,8 +1533,6 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "src/aliased_buffer.h",
 +    "src/aliased_struct.h",
 +    "src/aliased_struct-inl.h",
-+    "src/allocated_buffer.h",
-+    "src/allocated_buffer-inl.h",
 +    "src/async_wrap.h",
 +    "src/async_wrap-inl.h",
 +    "src/base_object.h",
@@ -1589,6 +1597,7 @@ index 0000000000000000000000000000000000000000..a2cfdffcd7308b73c5c302ebc4b946c6
 +    "src/node_revert.h",
 +    "src/node_root_certs.h",
 +    "src/node_snapshotable.h",
++    "src/node_snapshot_builder.h",
 +    "src/node_sockaddr.h",
 +    "src/node_sockaddr-inl.h",
 +    "src/node_stat_watcher.h",
@@ -1869,7 +1878,7 @@ index 0000000000000000000000000000000000000000..d1d6b51e8c0c5bc6a5d09e217eb30483
 +  args = rebase_path(inputs + outputs, root_build_dir)
 +}
 diff --git a/src/node_version.h b/src/node_version.h
-index 0f1a9b52cccba1e54150494a7ee5b28961a8d59d..bb68b2dfef4a693d8a1d0fe056fe696254d12d09 100644
+index d79d640b693993ee9db938e857e34629410ca1e4..f7571a5e669c539bfdce14b18acdb778f8570383 100644
 --- a/src/node_version.h
 +++ b/src/node_version.h
 @@ -89,7 +89,10 @@
@@ -1996,10 +2005,10 @@ index 0000000000000000000000000000000000000000..2a92eccfa582df361f2a889c0d9b32c1
 +
 +  out_file.writelines(new_contents)
 diff --git a/tools/install.py b/tools/install.py
-index 8a050dfa7c8b771ceb30fd2b74dc47f3de96834c..ad3bee1660de26d3502c6247f23b091171a6416c 100755
+index a6d1f8b3caa8e24148b1930ea109508f8e612735..c80c1b8202ba59bd63340baca36df8bca5e1f81d 100755
 --- a/tools/install.py
 +++ b/tools/install.py
-@@ -172,17 +172,72 @@ def files(action):
+@@ -202,17 +202,72 @@ def files(action):
  def headers(action):
    def wanted_v8_headers(files_arg, dest):
      v8_headers = [
@@ -2082,7 +2091,7 @@ index 8a050dfa7c8b771ceb30fd2b74dc47f3de96834c..ad3bee1660de26d3502c6247f23b0911
      files_arg = [name for name in files_arg if name in v8_headers]
      action(files_arg, dest)
  
-@@ -209,7 +264,7 @@ def headers(action):
+@@ -239,7 +294,7 @@ def headers(action):
    if sys.platform.startswith('aix'):
      action(['out/Release/node.exp'], 'include/node/')
  

patches/node/build_ensure_native_module_compilation_fails_if_not_using_a_new.patch

@@ -7,7 +7,7 @@ Subject: build: ensure native module compilation fails if not using a new
 This should not be upstreamed, it is a quality-of-life patch for downstream module builders.
 
 diff --git a/common.gypi b/common.gypi
-index ca08deeb19f5fe9ee399ad809b24579fdaa10036..c68cf1eb0f9cdd2a8fe314237c1e790fe3690272 100644
+index 1294df8d3a276ce575b71e899adc39aa1c53d0ec..a71a41dfbfee57e23db6190192719ab254bc8f70 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -85,6 +85,8 @@
@@ -27,7 +27,7 @@ index ca08deeb19f5fe9ee399ad809b24579fdaa10036..c68cf1eb0f9cdd2a8fe314237c1e790f
      ],
  
      # Forcibly disable -Werror.  We support a wide range of compilers, it's
-@@ -393,6 +396,11 @@
+@@ -397,6 +400,11 @@
            }],
          ],
        }],
@@ -40,10 +40,10 @@ index ca08deeb19f5fe9ee399ad809b24579fdaa10036..c68cf1eb0f9cdd2a8fe314237c1e790f
          'defines': [
            'V8_COMPRESS_POINTERS',
 diff --git a/configure.py b/configure.py
-index 426afed7cd0a3a403d4b753af0b25f55024d0f71..6ab1469c07298c9083a77d0211727a6fff37267e 100755
+index 08894bf3908916d1cb639810c5e1b2afae74ff4d..19cbde58df38009258db145c5f7dbe73b0dc5cdf 100755
 --- a/configure.py
 +++ b/configure.py
-@@ -1427,6 +1427,7 @@ def configure_library(lib, output, pkgname=None):
+@@ -1447,6 +1447,7 @@ def configure_library(lib, output, pkgname=None):
  
  
  def configure_v8(o):
@@ -52,7 +52,7 @@ index 426afed7cd0a3a403d4b753af0b25f55024d0f71..6ab1469c07298c9083a77d0211727a6f
    o['variables']['v8_enable_lite_mode'] = 1 if options.v8_lite_mode else 0
    o['variables']['v8_enable_gdbjit'] = 1 if options.gdb else 0
 diff --git a/src/node.h b/src/node.h
-index 0b807cb25f9eb52b2100f0e2a7c25344790967cf..a41b09047d2c499a90225651a8324ad83a7712e3 100644
+index b6a26f8adf11959f94a00de0cbf9016fcc8707cb..38bbb20968772a4ba6bceddb04a83589f8582fc8 100644
 --- a/src/node.h
 +++ b/src/node.h
 @@ -22,6 +22,12 @@

patches/node/build_ensure_v8_pointer_compression_sandbox_is_enabled_on_64bit.patch

@@ -8,7 +8,7 @@ Aligns common.gypi with the current build flag state of //v8.
 Specifically enables `V8_ENABLE_SANDBOX`, `V8_SANDBOXED_POINTERS`, `V8_COMPRESS_POINTERS` and `V8_COMPRESS_POINTERS_IN_SHARED_CAGE`.
 
 diff --git a/common.gypi b/common.gypi
-index bdfe81d11cc50f492c93fe48f6946765b6fb5238..ca08deeb19f5fe9ee399ad809b24579fdaa10036 100644
+index 7224823f0df04da7a7626839f2205057d95155d2..1294df8d3a276ce575b71e899adc39aa1c53d0ec 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -65,6 +65,7 @@
@@ -27,7 +27,7 @@ index bdfe81d11cc50f492c93fe48f6946765b6fb5238..ca08deeb19f5fe9ee399ad809b24579f
        }],
        ['target_arch in "ppc64 s390x"', {
          'v8_enable_backtrace': 1,
-@@ -394,9 +396,15 @@
+@@ -398,9 +400,15 @@
        ['v8_enable_pointer_compression == 1', {
          'defines': [
            'V8_COMPRESS_POINTERS',
@@ -45,10 +45,10 @@ index bdfe81d11cc50f492c93fe48f6946765b6fb5238..ca08deeb19f5fe9ee399ad809b24579f
          'defines': ['V8_31BIT_SMIS_ON_64BIT_ARCH'],
        }],
 diff --git a/configure.py b/configure.py
-index fed2688c792486e5f86509eea0dd6d45f749a99d..426afed7cd0a3a403d4b753af0b25f55024d0f71 100755
+index 1a7023dece588631b8281c67b223204c1ebb5ee7..08894bf3908916d1cb639810c5e1b2afae74ff4d 100755
 --- a/configure.py
 +++ b/configure.py
-@@ -1439,6 +1439,7 @@ def configure_v8(o):
+@@ -1459,6 +1459,7 @@ def configure_v8(o):
    o['variables']['v8_use_siphash'] = 0 if options.without_siphash else 1
    o['variables']['v8_enable_pointer_compression'] = 1 if options.enable_pointer_compression else 0
    o['variables']['v8_enable_31bit_smis_on_64bit_arch'] = 1 if options.enable_pointer_compression else 0

patches/node/build_modify_js2c_py_to_allow_injection_of_original-fs_and_custom_embedder_js.patch

@@ -14,19 +14,21 @@ renderer/browser/worker/sandboxed bootstrap scripts).  These are loaded
 through LoadEmbedderJavaScriptSource()
 
 diff --git a/lib/internal/fs/watchers.js b/lib/internal/fs/watchers.js
-index b45af42d12ff7df8a9e125e87f51af3456811c23..c84ff7feb07aebf656ada7e37d812d9d8a81300f 100644
+index 7b820e70df1613a9f5565d6221b71354ff059560..405bda5d83c3312909439082ef69e8f266e53c2e 100644
 --- a/lib/internal/fs/watchers.js
 +++ b/lib/internal/fs/watchers.js
-@@ -290,10 +290,12 @@ function emitCloseNT(self) {
+@@ -290,11 +290,13 @@ function emitCloseNT(self) {
  
  // Legacy alias on the C++ wrapper object. This is not public API, so we may
  // want to runtime-deprecate it at some point. There's no hurry, though.
 -ObjectDefineProperty(FSEvent.prototype, 'owner', {
+-  __proto__: null,
 -  get() { return this[owner_symbol]; },
 -  set(v) { return this[owner_symbol] = v; }
 -});
 +if (!'owner' in FSEvent.prototype) {
 +  ObjectDefineProperty(FSEvent.prototype, 'owner', {
++    __proto__: null,
 +    get() { return this[owner_symbol]; },
 +    set(v) { return this[owner_symbol] = v; }
 +  });
@@ -47,10 +49,10 @@ index 5d20e1d6a86416c0de9f01a22b992aad889078d3..c836540c7d9328ae4646097ecc18023c
  
  NativeModuleLoader* NativeModuleLoader::GetInstance() {
 diff --git a/src/node_native_module.h b/src/node_native_module.h
-index 3be3f2364dd252bcdd668c699a0e7ae1e754e873..b2af1bce312ffca44e7005e11f92327e7cb240f6 100644
+index 7acd154d419de8fd1349a9811f68becec5902297..4981586b4b62cb642e10e1f737a136472ea50697 100644
 --- a/src/node_native_module.h
 +++ b/src/node_native_module.h
-@@ -44,6 +44,7 @@ class NativeModuleLoader {
+@@ -44,6 +44,7 @@ class NODE_EXTERN_PRIVATE NativeModuleLoader {
  
    // Generated by tools/js2c.py as node_javascript.cc
    void LoadJavaScriptSource();  // Loads data into source_

patches/node/chore_add_context_to_context_aware_module_prevention.patch

@@ -8,7 +8,7 @@ modules from being used in the renderer process. This should be upstreamed as
 a customizable error message.
 
 diff --git a/src/node_binding.cc b/src/node_binding.cc
-index e323f76261f2028ef58da74066f9112d8a5a8df2..bec34a61e0be78d863e476c75647e3496aa6a2c5 100644
+index 03e26027406e655ce876a9af689c7d97920c4327..d188b393ee1bd2ee7de6f4454dfa7785d4a5c52b 100644
 --- a/src/node_binding.cc
 +++ b/src/node_binding.cc
 @@ -4,6 +4,7 @@
@@ -19,7 +19,7 @@ index e323f76261f2028ef58da74066f9112d8a5a8df2..bec34a61e0be78d863e476c75647e349
  #include "util.h"
  
  #include <string>
-@@ -472,7 +473,12 @@ void DLOpen(const FunctionCallbackInfo<Value>& args) {
+@@ -473,7 +474,12 @@ void DLOpen(const FunctionCallbackInfo<Value>& args) {
        if (mp->nm_context_register_func == nullptr) {
          if (env->force_context_aware()) {
            dlib->Close();

patches/node/chore_allow_the_node_entrypoint_to_be_a_builtin_module.patch

@@ -8,10 +8,10 @@ they use themselves as the entry point. We should try to upstream some form
 of this.
 
 diff --git a/lib/internal/bootstrap/pre_execution.js b/lib/internal/bootstrap/pre_execution.js
-index b184a0d9ae3434af746be269495e9e4c80c58091..899d5a906683e8967746e10a6de452e99e236903 100644
+index 25a8464e4833ff4655db2fe37f4bd482dc147865..4b1f1b05b6c67f206f87618792fa528deb238d8d 100644
 --- a/lib/internal/bootstrap/pre_execution.js
 +++ b/lib/internal/bootstrap/pre_execution.js
-@@ -103,11 +103,13 @@ function patchProcessObject(expandArgv1) {
+@@ -122,11 +122,13 @@ function patchProcessObject(expandArgv1) {
    if (expandArgv1 && process.argv[1] &&
        !StringPrototypeStartsWith(process.argv[1], '-')) {
      // Expand process.argv[1] into a full path.
@@ -31,10 +31,10 @@ index b184a0d9ae3434af746be269495e9e4c80c58091..899d5a906683e8967746e10a6de452e9
    }
  
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index 5195ff2da0496f2bfb9112d336c38040f662087b..5c62e367f2dd7d112096551f1c34ee67ce1a5c3a 100644
+index 3a536aab1bdeea6829d76d6af48fdefe0e08908d..4e3388b0b1fe69f8aaff15e651f7f0201208a40f 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
-@@ -1079,6 +1079,13 @@ Module.prototype._compile = function(content, filename) {
+@@ -1100,6 +1100,13 @@ Module.prototype._compile = function(content, filename) {
    if (getOptionValue('--inspect-brk') && process._eval == null) {
      if (!resolvedArgv) {
        // We enter the repl if we're not given a filename argument.

patches/node/chore_read_nobrowserglobals_from_global_not_process.patch

@@ -7,10 +7,10 @@ This is used so that we can modify the flag at runtime where
 config can only be set at compile time.
 
 diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
-index 8c31d0202b70ec9784b4289a175a62fd9fd85f8c..2b4c7a933d7f87050f7342e6c3ae2070e3dde030 100644
+index 376680f015d09a2cf3ce62de1fdeb9c5ed4c300b..026b47299ff3633a57c57af1512a0921fdafb0c4 100644
 --- a/lib/internal/bootstrap/node.js
 +++ b/lib/internal/bootstrap/node.js
-@@ -209,7 +209,7 @@ const {
+@@ -210,7 +210,7 @@ const {
    queueMicrotask
  } = require('internal/process/task_queues');
  

patches/node/darwin_remove_eprototype_error_workaround_3405.patch

@@ -1,65 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ben Noordhuis <[email protected]>
-Date: Sun, 9 Jan 2022 12:20:15 +0100
-Subject: darwin: remove EPROTOTYPE error workaround (#3405)
-
-It's been reported in the past that OS X 10.10, because of a race
-condition in the XNU kernel, sometimes returns a transient EPROTOTYPE
-error when trying to write to a socket. Libuv handles that by retrying
-the operation until it succeeds or fails with a different error.
-
-Recently it's been reported that current versions of the operating
-system formerly known as OS X fail permanently with EPROTOTYPE under
-certain conditions, resulting in an infinite loop.
-
-Because Apple isn't exactly forthcoming with bug fixes or even details,
-I'm opting to simply remove the workaround and have the error bubble up.
-
-Refs: https://github.com/libuv/libuv/pull/482
-
-diff --git a/deps/uv/src/unix/stream.c b/deps/uv/src/unix/stream.c
-index 5858258d2868c3352e0e9e3313045aa29ff4a873..c5cd6ddc0b627eeb047e0cb08677f65b4601b89b 100644
---- a/deps/uv/src/unix/stream.c
-+++ b/deps/uv/src/unix/stream.c
-@@ -58,20 +58,6 @@ struct uv__stream_select_s {
-   fd_set* swrite;
-   size_t swrite_sz;
- };
--
--/* Due to a possible kernel bug at least in OS X 10.10 "Yosemite",
-- * EPROTOTYPE can be returned while trying to write to a socket that is
-- * shutting down. If we retry the write, we should get the expected EPIPE
-- * instead.
-- */
--# define RETRY_ON_WRITE_ERROR(errno) (errno == EINTR || errno == EPROTOTYPE)
--# define IS_TRANSIENT_WRITE_ERROR(errno, send_handle) \
--    (errno == EAGAIN || errno == EWOULDBLOCK || errno == ENOBUFS || \
--     (errno == EMSGSIZE && send_handle != NULL))
--#else
--# define RETRY_ON_WRITE_ERROR(errno) (errno == EINTR)
--# define IS_TRANSIENT_WRITE_ERROR(errno, send_handle) \
--    (errno == EAGAIN || errno == EWOULDBLOCK || errno == ENOBUFS)
- #endif /* defined(__APPLE__) */
- 
- static void uv__stream_connect(uv_stream_t*);
-@@ -866,17 +852,17 @@ static int uv__try_write(uv_stream_t* stream,
- 
-     do
-       n = sendmsg(uv__stream_fd(stream), &msg, 0);
--    while (n == -1 && RETRY_ON_WRITE_ERROR(errno));
-+    while (n == -1 && errno == EINTR);
-   } else {
-     do
-       n = uv__writev(uv__stream_fd(stream), iov, iovcnt);
--    while (n == -1 && RETRY_ON_WRITE_ERROR(errno));
-+    while (n == -1 && errno == EINTR);
-   }
- 
-   if (n >= 0)
-     return n;
- 
--  if (IS_TRANSIENT_WRITE_ERROR(errno, send_handle))
-+  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == ENOBUFS)
-     return UV_EAGAIN;
- 
-   return UV__ERR(errno);

patches/node/darwin_translate_eprototype_to_econnreset_3413.patch

@@ -1,44 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ben Noordhuis <[email protected]>
-Date: Wed, 12 Jan 2022 16:11:43 +0100
-Subject: darwin: translate EPROTOTYPE to ECONNRESET (#3413)
-
-macOS versions 10.10 and 10.15 - and presumbaly 10.11 to 10.14, too -
-have a bug where a race condition causes the kernel to return EPROTOTYPE
-because the socket isn't fully constructed.
-
-It's probably the result of the peer closing the connection and that is
-why libuv translates it to ECONNRESET.
-
-Previously, libuv retried until the EPROTOTYPE error went away but some
-VPN software causes the same behavior except the error is permanent, not
-transient, turning the retry mechanism into an infinite loop.
-
-Refs: https://github.com/libuv/libuv/pull/482
-Refs: https://github.com/libuv/libuv/pull/3405
-
-diff --git a/deps/uv/src/unix/stream.c b/deps/uv/src/unix/stream.c
-index c5cd6ddc0b627eeb047e0cb08677f65b4601b89b..b5b05a6a4a737f50b780b7c15717b4f465496fa8 100644
---- a/deps/uv/src/unix/stream.c
-+++ b/deps/uv/src/unix/stream.c
-@@ -865,6 +865,20 @@ static int uv__try_write(uv_stream_t* stream,
-   if (errno == EAGAIN || errno == EWOULDBLOCK || errno == ENOBUFS)
-     return UV_EAGAIN;
- 
-+#ifdef __APPLE__
-+  /* macOS versions 10.10 and 10.15 - and presumbaly 10.11 to 10.14, too -
-+   * have a bug where a race condition causes the kernel to return EPROTOTYPE
-+   * because the socket isn't fully constructed. It's probably the result of
-+   * the peer closing the connection and that is why libuv translates it to
-+   * ECONNRESET. Previously, libuv retried until the EPROTOTYPE error went
-+   * away but some VPN software causes the same behavior except the error is
-+   * permanent, not transient, turning the retry mechanism into an infinite
-+   * loop. See https://github.com/libuv/libuv/pull/482.
-+   */
-+  if (errno == EPROTOTYPE)
-+    return UV_ECONNRESET;
-+#endif  /* __APPLE__ */
-+
-   return UV__ERR(errno);
- }
- 

patches/node/expose_get_builtin_module_function.patch

@@ -9,10 +9,10 @@ modules to sandboxed renderers.
 TODO(codebytere): remove and replace with a public facing API.
 
 diff --git a/src/node_binding.cc b/src/node_binding.cc
-index 050c5dff0ad5fc0692e348741b820762d40bd498..e323f76261f2028ef58da74066f9112d8a5a8df2 100644
+index 29b9ccdaed8b109dcc93374ba9abc59b9d2ffdb9..03e26027406e655ce876a9af689c7d97920c4327 100644
 --- a/src/node_binding.cc
 +++ b/src/node_binding.cc
-@@ -614,6 +614,10 @@ void GetInternalBinding(const FunctionCallbackInfo<Value>& args) {
+@@ -615,6 +615,10 @@ void GetInternalBinding(const FunctionCallbackInfo<Value>& args) {
    args.GetReturnValue().Set(exports);
  }
  

patches/node/feat_add_knostartdebugsignalhandler_to_environment_to_prevent.patch

@@ -7,10 +7,10 @@ Subject: feat: add kNoStartDebugSignalHandler to Environment to prevent
 This patch should be upstreamed, it allows embedders to prevent the call to StartDebugSignalHandler which handles SIGUSR1 and starts the inspector agent.  Apps that have --inspect disabled also don't want SIGUSR1 to have this affect.
 
 diff --git a/src/env-inl.h b/src/env-inl.h
-index 4a34393cad7e071bf27947418be6b3d9bdd42f98..b9834a797c89f707d1e4978587af66ebf11591d4 100644
+index 71d3b65729a71caf157555bc6bba88eb3c3656e1..62c53acdb5f9c98fb7eade00802de2946f5c600c 100644
 --- a/src/env-inl.h
 +++ b/src/env-inl.h
-@@ -886,6 +886,10 @@ inline bool Environment::no_global_search_paths() const {
+@@ -672,6 +672,10 @@ inline bool Environment::no_global_search_paths() const {
           !options_->global_search_paths;
  }
  
@@ -22,10 +22,10 @@ index 4a34393cad7e071bf27947418be6b3d9bdd42f98..b9834a797c89f707d1e4978587af66eb
    return emit_filehandle_warning_;
  }
 diff --git a/src/env.h b/src/env.h
-index cda7a52fa1ffc66d7ba42de3a275f49093f8557d..86f3c718ada13ee71e5af87e1b3772f39274cf43 100644
+index ae234a99eb2d5f4f8f953b077f6261c8052f6346..6b18b6efd231d986c391a16966fdbc82a5d99eda 100644
 --- a/src/env.h
 +++ b/src/env.h
-@@ -1216,6 +1216,7 @@ class Environment : public MemoryRetainer {
+@@ -1203,6 +1203,7 @@ class Environment : public MemoryRetainer {
    inline bool tracks_unmanaged_fds() const;
    inline bool hide_console_windows() const;
    inline bool no_global_search_paths() const;
@@ -34,7 +34,7 @@ index cda7a52fa1ffc66d7ba42de3a275f49093f8557d..86f3c718ada13ee71e5af87e1b3772f3
    inline worker::Worker* worker_context() const;
    Environment* worker_parent_env() const;
 diff --git a/src/inspector_agent.cc b/src/inspector_agent.cc
-index 5fc533741d7c8d7a8471b3c3c6a334c0e9e43501..2c36a0b132cf1b21595ac39619b99d316ad81d9e 100644
+index 34bb11e7d7122cd2c659d45834be6889abec4ac1..f708933d8bd6a6dc6741d6af22665b37c56e333a 100644
 --- a/src/inspector_agent.cc
 +++ b/src/inspector_agent.cc
 @@ -690,8 +690,10 @@ bool Agent::Start(const std::string& path,
@@ -51,10 +51,10 @@ index 5fc533741d7c8d7a8471b3c3c6a334c0e9e43501..2c36a0b132cf1b21595ac39619b99d31
      parent_env_->AddCleanupHook([](void* data) {
        Environment* env = static_cast<Environment*>(data);
 diff --git a/src/node.h b/src/node.h
-index 0a9f5139276eb2e102b41a586adf61fa563b47d6..0b807cb25f9eb52b2100f0e2a7c25344790967cf 100644
+index 4eee4e96349ee49423d53819dd90a213f6a6e042..b6a26f8adf11959f94a00de0cbf9016fcc8707cb 100644
 --- a/src/node.h
 +++ b/src/node.h
-@@ -445,7 +445,11 @@ enum Flags : uint64_t {
+@@ -455,7 +455,11 @@ enum Flags : uint64_t {
    // This control is needed by embedders who may not want to initialize the V8
    // inspector in situations where one has already been created,
    // e.g. Blink's in Chromium.

patches/node/feat_initialize_asar_support.patch

@@ -6,18 +6,18 @@ Subject: feat: initialize asar support
 This patch initializes asar support in Node.js.
 
 diff --git a/lib/internal/bootstrap/pre_execution.js b/lib/internal/bootstrap/pre_execution.js
-index 8de57a5666131ff0c9f7ad844498e1bd3c357a70..b184a0d9ae3434af746be269495e9e4c80c58091 100644
+index 337b95133bc94e395229211c9a00a055b279fcc9..25a8464e4833ff4655db2fe37f4bd482dc147865 100644
 --- a/lib/internal/bootstrap/pre_execution.js
 +++ b/lib/internal/bootstrap/pre_execution.js
-@@ -84,6 +84,7 @@ function prepareMainThreadExecution(expandArgv1 = false) {
+@@ -94,6 +94,7 @@ function prepareMainThreadExecution(expandArgv1 = false,
    assert(!CJSLoader.hasLoadedAnyUserCJSModule);
    loadPreloadModules();
    initializeFrozenIntrinsics();
 +  setupAsarSupport();
  }
  
- function patchProcessObject(expandArgv1) {
-@@ -540,6 +541,10 @@ function loadPreloadModules() {
+ function refreshRuntimeOptions() {
+@@ -584,6 +585,10 @@ function loadPreloadModules() {
    }
  }
  
@@ -26,5 +26,5 @@ index 8de57a5666131ff0c9f7ad844498e1bd3c357a70..b184a0d9ae3434af746be269495e9e4c
 +}
 +
  module.exports = {
+   refreshRuntimeOptions,
    patchProcessObject,
-   setupCoverageHooks,

patches/node/fix_account_for_debugger_agent_race_condition.patch

@@ -9,18 +9,18 @@ errors. This is remedied by adding a small timeout to the test.
 
 We'll either upstream this or figure out a better solution.
 
-diff --git a/test/parallel/test-debugger-address.js b/test/parallel/test-debugger-address.js
-index bffc28ac916e8d241465f1e2649ab8aa4a15a0c7..079e668a3d1c505fa0a540fb1df87b32e603db48 100644
---- a/test/parallel/test-debugger-address.js
-+++ b/test/parallel/test-debugger-address.js
-@@ -59,6 +59,7 @@ function launchTarget(...args) {
-       cli = startCLI([`${host || '127.0.0.1'}:${port}`]);
-       return cli.waitForPrompt();
-     })
-+    .then(() => new Promise(resolve => setTimeout(resolve, 1000)))
-     .then(() => cli.command('sb("alive.js", 3)'))
-     .then(() => cli.waitFor(/break/))
-     .then(() => cli.waitForPrompt())
+diff --git a/test/parallel/test-debugger-address.mjs b/test/parallel/test-debugger-address.mjs
+index eab99c9b0e2fb387ef9a716396e41c7fc93e93bc..f33e85415e3a8d5df073acbf03aed5271e88a1a7 100644
+--- a/test/parallel/test-debugger-address.mjs
++++ b/test/parallel/test-debugger-address.mjs
+@@ -56,6 +56,7 @@ function launchTarget(...args) {
+     const { childProc, host, port } = await launchTarget('--inspect=0', script);
+     target = childProc;
+     cli = startCLI([`${host || '127.0.0.1'}:${port}`]);
++    await new Promise(resolve => setTimeout(resolve, 1000))
+     await cli.waitForPrompt();
+     await cli.command('sb("alive.js", 3)');
+     await cli.waitFor(/break/);
 diff --git a/test/sequential/test-debugger-pid.js b/test/sequential/test-debugger-pid.js
 index 0056113ecaecd3a176ee9539b7fda0132ef59963..3228d0ecc220b5c8c8034fea0dce20f8c38ac68c 100644
 --- a/test/sequential/test-debugger-pid.js

patches/node/fix_add_default_values_for_variables_in_common_gypi.patch

@@ -7,7 +7,7 @@ common.gypi is a file that's included in the node header bundle, despite
 the fact that we do not build node with gyp.
 
 diff --git a/common.gypi b/common.gypi
-index 3cfed562577978c41a256fc779f6a3a172e65b3d..96d512630e9727467aa523c2dfc1a4cf9275465b 100644
+index d68a4c9eafacfa37baf0c3e1a5eb40c70113cb54..fcd55b95b44050e4d88eeb0d3100ba6e6a5d5e78 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -84,6 +84,23 @@

patches/node/fix_add_v8_enable_reverse_jsargs_defines_in_common_gypi.patch

@@ -6,7 +6,7 @@ Subject: fix: add v8_enable_reverse_jsargs defines in common.gypi
 This can be removed once node upgrades V8 and inevitably has to do this exact same thing.  Also hi node people if you are looking at this.
 
 diff --git a/common.gypi b/common.gypi
-index 96d512630e9727467aa523c2dfc1a4cf9275465b..bdfe81d11cc50f492c93fe48f6946765b6fb5238 100644
+index fcd55b95b44050e4d88eeb0d3100ba6e6a5d5e78..7224823f0df04da7a7626839f2205057d95155d2 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -82,6 +82,8 @@
@@ -18,7 +18,7 @@ index 96d512630e9727467aa523c2dfc1a4cf9275465b..bdfe81d11cc50f492c93fe48f6946765
      ##### end V8 defaults #####
  
      # When building native modules using 'npm install' with the system npm,
-@@ -398,6 +400,9 @@
+@@ -402,6 +404,9 @@
        ['v8_enable_pointer_compression == 1 or v8_enable_31bit_smis_on_64bit_arch == 1', {
          'defines': ['V8_31BIT_SMIS_ON_64BIT_ARCH'],
        }],

patches/node/fix_crypto_tests_to_run_with_bssl.patch

@@ -31,7 +31,7 @@ index 4e3c32fdcd23fbe3e74bd5e624b739d224689f33..19d65aae7fa8ec9f9b907733ead17a20
  // Test Parallel Execution w/ KeyObject is threadsafe in openssl3
  {
 diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
-index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0de416463 100644
+index 162b451c5b459c566980c7d3476b3df0cef72871..db59d7fb8b46b5a6d4c77de7b5c492408351816d 100644
 --- a/test/parallel/test-crypto-authenticated.js
 +++ b/test/parallel/test-crypto-authenticated.js
 @@ -50,7 +50,9 @@ const errMessages = {
@@ -45,7 +45,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
      ['Use Cipheriv for counter mode of aes-192-gcm'],
      ['Use Cipheriv for counter mode of aes-192-ccm'],
      ['Use Cipheriv for counter mode of aes-192-ccm'],
-@@ -319,7 +321,9 @@ for (const test of TEST_CASES) {
+@@ -318,7 +320,9 @@ for (const test of TEST_CASES) {
  
  // Test that create(De|C)ipher(iv)? throws if the mode is CCM and an invalid
  // authentication tag length has been specified.
@@ -56,7 +56,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
    for (const authTagLength of [-1, true, false, NaN, 5.5]) {
      assert.throws(() => {
        crypto.createCipheriv('aes-256-ccm',
-@@ -407,6 +411,10 @@ for (const test of TEST_CASES) {
+@@ -406,6 +410,10 @@ for (const test of TEST_CASES) {
  // authentication tag has been specified.
  {
    for (const mode of ['ccm', 'ocb']) {
@@ -67,7 +67,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
      assert.throws(() => {
        crypto.createCipheriv(`aes-256-${mode}`,
                              'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
-@@ -441,7 +449,9 @@ for (const test of TEST_CASES) {
+@@ -440,7 +448,9 @@ for (const test of TEST_CASES) {
  }
  
  // Test that setAAD throws if an invalid plaintext length has been specified.
@@ -78,7 +78,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
    const cipher = crypto.createCipheriv('aes-256-ccm',
                                         'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
                                         'qkuZpJWCewa6S',
-@@ -462,7 +472,9 @@ for (const test of TEST_CASES) {
+@@ -461,7 +471,9 @@ for (const test of TEST_CASES) {
  }
  
  // Test that setAAD and update throw if the plaintext is too long.
@@ -89,7 +89,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
    for (const ivLength of [13, 12]) {
      const maxMessageSize = (1 << (8 * (15 - ivLength))) - 1;
      const key = 'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8';
-@@ -493,7 +505,9 @@ for (const test of TEST_CASES) {
+@@ -492,7 +504,9 @@ for (const test of TEST_CASES) {
  
  // Test that setAAD throws if the mode is CCM and the plaintext length has not
  // been specified.
@@ -100,7 +100,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
    assert.throws(() => {
      const cipher = crypto.createCipheriv('aes-256-ccm',
                                           'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
-@@ -518,7 +532,9 @@ for (const test of TEST_CASES) {
+@@ -517,7 +531,9 @@ for (const test of TEST_CASES) {
  }
  
  // Test that final() throws in CCM mode when no authentication tag is provided.
@@ -111,7 +111,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
    if (!common.hasFipsCrypto) {
      const key = Buffer.from('1ed2233fa2223ef5d7df08546049406c', 'hex');
      const iv = Buffer.from('7305220bca40d4c90e1791e9', 'hex');
-@@ -550,7 +566,9 @@ for (const test of TEST_CASES) {
+@@ -549,7 +565,9 @@ for (const test of TEST_CASES) {
  }
  
  // Test that an IV length of 11 does not overflow max_message_size_.
@@ -122,7 +122,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
    const key = 'x'.repeat(16);
    const iv = Buffer.from('112233445566778899aabb', 'hex');
    const options = { authTagLength: 8 };
-@@ -567,6 +585,10 @@ for (const test of TEST_CASES) {
+@@ -566,6 +584,10 @@ for (const test of TEST_CASES) {
    const iv = Buffer.from('0123456789ab', 'utf8');
  
    for (const mode of ['gcm', 'ocb']) {
@@ -133,7 +133,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
      for (const authTagLength of mode === 'gcm' ? [undefined, 8] : [8]) {
        const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, {
          authTagLength
-@@ -601,6 +623,10 @@ for (const test of TEST_CASES) {
+@@ -600,6 +622,10 @@ for (const test of TEST_CASES) {
    const opts = { authTagLength: 8 };
  
    for (const mode of ['gcm', 'ccm', 'ocb']) {
@@ -144,7 +144,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
      const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, opts);
      const ciphertext = Buffer.concat([cipher.update(plain), cipher.final()]);
      const tag = cipher.getAuthTag();
-@@ -623,7 +649,9 @@ for (const test of TEST_CASES) {
+@@ -622,7 +648,9 @@ for (const test of TEST_CASES) {
  // Test chacha20-poly1305 rejects invalid IV lengths of 13, 14, 15, and 16 (a
  // length of 17 or greater was already rejected).
  // - https://www.openssl.org/news/secadv/20190306.txt
@@ -155,7 +155,7 @@ index 3749895769ffc9947143aee9aeb126628262bc84..f769fc37dbd81d5a0219236921e0bcb0
    // Valid extracted from TEST_CASES, check that it detects IV tampering.
    const valid = {
      algo: 'chacha20-poly1305',
-@@ -669,6 +697,9 @@ for (const test of TEST_CASES) {
+@@ -667,6 +695,9 @@ for (const test of TEST_CASES) {
  
  {
    // CCM cipher without data should not crash, see https://github.com/nodejs/node/issues/38035.
@@ -538,10 +538,10 @@ index af2146982c7a3bf7bd7527f44e4b17a3b605026e..f6b91f675cfea367c608892dee078b56
    // Non-XOF hash functions should accept valid outputLength options as well.
    assert.strictEqual(crypto.createHash('sha224', { outputLength: 28 })
 diff --git a/test/parallel/test-crypto-hkdf.js b/test/parallel/test-crypto-hkdf.js
-index 16744201a935dcd25af4e0f446701b08fe08dd64..e7ef0b78a19fb755456d038fc676eedb2f71ff07 100644
+index 2d6689a486ddb6e42e53df2b1551af72dc5bc903..3b1a71e1396875c74e28ecbc058981c3c9d10a1f 100644
 --- a/test/parallel/test-crypto-hkdf.js
 +++ b/test/parallel/test-crypto-hkdf.js
-@@ -117,8 +117,6 @@ const algorithms = [
+@@ -122,8 +122,6 @@ const algorithms = [
    ['sha256', 'secret', 'salt', 'info', 10],
    ['sha512', 'secret', 'salt', '', 15],
  ];
@@ -948,10 +948,10 @@ index b06f2fa2c53ea72f9a66f0d002dd9281d0259a0f..864fffeebfad75d95416fd47efdea7f2
  
  const server = https.createServer(opts, (req, res) => {
 diff --git a/test/parallel/test-webcrypto-derivebits.js b/test/parallel/test-webcrypto-derivebits.js
-index 95c38f454fbb939c9f74f25ec946d0c8e94e4c41..882c01fd812f5ed880fa3482ede92695ad505ff3 100644
+index 442423954b10b2ee1696eb7db56eaa4c88492122..c65610245e7e328d5e844afc48f8f685c49be3b7 100644
 --- a/test/parallel/test-webcrypto-derivebits.js
 +++ b/test/parallel/test-webcrypto-derivebits.js
-@@ -39,6 +39,7 @@ const { internalBinding } = require('internal/test/binding');
+@@ -37,6 +37,7 @@ const { subtle } = require('crypto').webcrypto;
    test('P-521').then(common.mustCall());
  }
  
@@ -959,7 +959,7 @@ index 95c38f454fbb939c9f74f25ec946d0c8e94e4c41..882c01fd812f5ed880fa3482ede92695
  // Test HKDF bit derivation
  {
    async function test(pass, info, salt, hash, length, expected) {
-@@ -70,6 +71,7 @@ const { internalBinding } = require('internal/test/binding');
+@@ -68,6 +69,7 @@ const { subtle } = require('crypto').webcrypto;
  
    tests.then(common.mustCall());
  }
@@ -967,26 +967,52 @@ index 95c38f454fbb939c9f74f25ec946d0c8e94e4c41..882c01fd812f5ed880fa3482ede92695
  
  // Test PBKDF2 bit derivation
  {
+@@ -101,6 +103,7 @@ const { subtle } = require('crypto').webcrypto;
+   tests.then(common.mustCall());
+ }
+ 
++/*
+ // Test X25519 and X448 bit derivation
+ {
+   async function test(name) {
+@@ -126,3 +129,4 @@ const { subtle } = require('crypto').webcrypto;
+   test('X25519').then(common.mustCall());
+   test('X448').then(common.mustCall());
+ }
++*/
 diff --git a/test/parallel/test-webcrypto-derivekey.js b/test/parallel/test-webcrypto-derivekey.js
-index ee48a61f4ac8f5e8e4cec96eb03d75cb1c45f56a..5108bbf7499f29bafffda76f3c5270aae0271b44 100644
+index f8eb996000ec899abafbfd558f4f49bad2c69c9a..0bf5c7811eeccff6194d8df41887df0a86a53823 100644
 --- a/test/parallel/test-webcrypto-derivekey.js
 +++ b/test/parallel/test-webcrypto-derivekey.js
-@@ -48,6 +48,7 @@ const { internalBinding } = require('internal/test/binding');
+@@ -46,6 +46,7 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
    test('P-521').then(common.mustCall());
  }
  
 +/*
- // Test HKDF bit derivation
+ // Test HKDF key derivation
  {
    async function test(pass, info, salt, hash, expected) {
-@@ -84,6 +85,7 @@ const { internalBinding } = require('internal/test/binding');
+@@ -82,6 +83,7 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
  
    tests.then(common.mustCall());
  }
 +*/
  
- // Test PBKDF2 bit derivation
+ // Test PBKDF2 key derivation
  {
+@@ -151,6 +153,7 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
+   })().then(common.mustCall());
+ }
+ 
++/*
+ // Test X25519 and X448 key derivation
+ {
+   async function test(name) {
+@@ -185,3 +188,4 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
+   test('X25519').then(common.mustCall());
+   test('X448').then(common.mustCall());
+ }
++*/
 diff --git a/test/parallel/test-webcrypto-encrypt-decrypt-rsa.js b/test/parallel/test-webcrypto-encrypt-decrypt-rsa.js
 index 151eebd36c9765df086a020ba42920b2442b1b77..efe97ff2499cba909ac5500d827364fa389a0469 100644
 --- a/test/parallel/test-webcrypto-encrypt-decrypt-rsa.js
@@ -1000,26 +1026,23 @@ index 151eebd36c9765df086a020ba42920b2442b1b77..efe97ff2499cba909ac5500d827364fa
      });
  }
  
-diff --git a/test/parallel/test-webcrypto-export-import-rsa.js b/test/parallel/test-webcrypto-export-import-rsa.js
-index ab7aa77394ac9989514b7a184900092bd6753996..b0104ac45867a923a8c651e01e8c6975a62f7c61 100644
---- a/test/parallel/test-webcrypto-export-import-rsa.js
-+++ b/test/parallel/test-webcrypto-export-import-rsa.js
-@@ -481,6 +481,7 @@ const testVectors = [
-   await Promise.all(variations);
- })().then(common.mustCall());
+diff --git a/test/parallel/test-webcrypto-sign-verify.js b/test/parallel/test-webcrypto-sign-verify.js
+index 6c6b15781549a4b37781bf0b8014054dc5d8c746..142d41b169c836201660d78c19383f3ffc469407 100644
+--- a/test/parallel/test-webcrypto-sign-verify.js
++++ b/test/parallel/test-webcrypto-sign-verify.js
+@@ -105,6 +105,7 @@ const { subtle } = require('crypto').webcrypto;
+   test('hello world').then(common.mustCall());
+ }
  
 +/*
+ // Test Sign/Verify Ed25519
  {
-   const publicPem = fixtures.readKey('rsa_pss_public_2048.pem', 'ascii');
-   const privatePem = fixtures.readKey('rsa_pss_private_2048.pem', 'ascii');
-@@ -522,6 +523,7 @@ const testVectors = [
-     assert.strictEqual(jwk.alg, 'PS256');
-   })().then(common.mustCall());
+   async function test(data) {
+@@ -144,3 +145,4 @@ const { subtle } = require('crypto').webcrypto;
+ 
+   test('hello world').then(common.mustCall());
  }
 +*/
- 
- {
-   const ecPublic = crypto.createPublicKey(
 diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
 index 1094845c73e14313860ad476fb7baba2a11b5af4..51972b4b34b191ac59145889dbf2da5c0d407dbe 100644
 --- a/test/parallel/test-webcrypto-wrap-unwrap.js

patches/node/fix_expose_tracing_agent_and_use_tracing_tracingcontroller_instead.patch

@@ -7,10 +7,10 @@ Subject: fix: expose tracing::Agent and use tracing::TracingController instead
 This API is used by Electron to create Node's tracing controller.
 
 diff --git a/src/api/environment.cc b/src/api/environment.cc
-index 55b895c235f51eb7bcbd8cd4065b42a05208026a..1add2976e7c48e6704400b9ea0795b934ab0bfc2 100644
+index 5df88a9dbabf78b4e14b4124bdd466d5451ad0f6..9d33ebdc35516f65a977f7c1125453b0c99bee28 100644
 --- a/src/api/environment.cc
 +++ b/src/api/environment.cc
-@@ -461,6 +461,10 @@ MultiIsolatePlatform* GetMultiIsolatePlatform(IsolateData* env) {
+@@ -467,6 +467,10 @@ MultiIsolatePlatform* GetMultiIsolatePlatform(IsolateData* env) {
    return env->platform();
  }
  
@@ -22,10 +22,10 @@ index 55b895c235f51eb7bcbd8cd4065b42a05208026a..1add2976e7c48e6704400b9ea0795b93
      int thread_pool_size,
      node::tracing::TracingController* tracing_controller) {
 diff --git a/src/node.h b/src/node.h
-index 966edcd041be1bded2c3a86e5734d2849019c372..9b9ff1c86ceeaeca828328065e2ad5573ea17fc5 100644
+index 4be002ac18f7c33f0242e1a660525133bf25d752..be619162d17728c1eb2ddf740947067913d6a348 100644
 --- a/src/node.h
 +++ b/src/node.h
-@@ -118,6 +118,7 @@ namespace node {
+@@ -128,6 +128,7 @@ namespace node {
  
  namespace tracing {
  
@@ -33,7 +33,7 @@ index 966edcd041be1bded2c3a86e5734d2849019c372..9b9ff1c86ceeaeca828328065e2ad557
  class TracingController;
  
  }
-@@ -523,6 +524,8 @@ NODE_EXTERN v8::MaybeLocal<v8::Value> PrepareStackTraceCallback(
+@@ -533,6 +534,8 @@ NODE_EXTERN v8::MaybeLocal<v8::Value> PrepareStackTraceCallback(
  NODE_EXTERN MultiIsolatePlatform* GetMultiIsolatePlatform(Environment* env);
  NODE_EXTERN MultiIsolatePlatform* GetMultiIsolatePlatform(IsolateData* env);
  

patches/node/fix_failing_node_js_test_on_outdated.patch

@@ -12,10 +12,10 @@ This patch can be removed as soon as Node.js updates to a version of V8
 containing the above CL.
 
 diff --git a/test/parallel/test-v8-serdes.js b/test/parallel/test-v8-serdes.js
-index 586698129680cef29595c39e77c7d1c186f3d60a..43a3d9dd5907af6aa11b902b01f6ef7539768fbb 100644
+index 12f20ed1c9d386122dd20fdd84a7a0c9b9079ee1..14552eeb493e8eb5b7c05c531b9628d8bcb13aae 100644
 --- a/test/parallel/test-v8-serdes.js
 +++ b/test/parallel/test-v8-serdes.js
-@@ -155,7 +155,7 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
+@@ -163,7 +163,7 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
  }
  
  {
@@ -24,7 +24,7 @@ index 586698129680cef29595c39e77c7d1c186f3d60a..43a3d9dd5907af6aa11b902b01f6ef75
  
    const des = new v8.DefaultDeserializer(buf);
    des.readHeader();
-@@ -166,7 +166,7 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
+@@ -174,7 +174,7 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
    ser.writeValue(des.readValue());
  
    assert.deepStrictEqual(buf, ser.releaseBuffer());

patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch

@@ -16,11 +16,25 @@ Upstreams:
 - https://github.com/nodejs/node/pull/39138
 - https://github.com/nodejs/node/pull/39136
 
+diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
+index 6c663a2b21d0a29708700d0e19b8e30fa696a1d0..1e4ff83faec60887e8169e612ac1a956130d7e4a 100644
+--- a/src/crypto/crypto_cipher.cc
++++ b/src/crypto/crypto_cipher.cc
+@@ -25,7 +25,8 @@ using v8::Value;
+ namespace crypto {
+ namespace {
+ bool IsSupportedAuthenticatedMode(const EVP_CIPHER* cipher) {
+-  switch (EVP_CIPHER_mode(cipher)) {
++  const int mode = EVP_CIPHER_mode(cipher);
++  switch (mode) {
+   case EVP_CIPH_CCM_MODE:
+   case EVP_CIPH_GCM_MODE:
+ #ifndef OPENSSL_NO_OCB
 diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
-index a5aa39c23c1708ac27564a1a77a9f05fc07791e2..630a3400e74f20b1dbee17027c7dbe8688fed4b2 100644
+index ed1aea868d8385b6411103c614f4d12688c8cb30..4864d7cd6a310f31bfdda399996bd2c47977667a 100644
 --- a/src/crypto/crypto_common.cc
 +++ b/src/crypto/crypto_common.cc
-@@ -162,7 +162,7 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
+@@ -166,7 +166,7 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
    const unsigned char* buf;
    size_t len;
    size_t rem;
@@ -29,7 +43,7 @@ index a5aa39c23c1708ac27564a1a77a9f05fc07791e2..630a3400e74f20b1dbee17027c7dbe86
    if (!SSL_client_hello_get0_ext(
            ssl.get(),
            TLSEXT_TYPE_application_layer_protocol_negotiation,
-@@ -175,13 +175,15 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
+@@ -179,13 +179,15 @@ const char* GetClientHelloALPN(const SSLPointer& ssl) {
    len = (buf[0] << 8) | buf[1];
    if (len + 2 != rem) return nullptr;
    return reinterpret_cast<const char*>(buf + 3);
@@ -46,7 +60,7 @@ index a5aa39c23c1708ac27564a1a77a9f05fc07791e2..630a3400e74f20b1dbee17027c7dbe86
    if (!SSL_client_hello_get0_ext(
            ssl.get(),
            TLSEXT_TYPE_server_name,
-@@ -203,6 +205,8 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
+@@ -207,15 +209,20 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
    if (len + 2 > rem)
      return nullptr;
    return reinterpret_cast<const char*>(buf + 5);
@@ -55,18 +69,22 @@ index a5aa39c23c1708ac27564a1a77a9f05fc07791e2..630a3400e74f20b1dbee17027c7dbe86
  }
  
  const char* GetServerName(SSL* ssl) {
-@@ -210,7 +214,10 @@ const char* GetServerName(SSL* ssl) {
+   return SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
  }
  
- bool SetGroups(SecureContext* sc, const char* groups) {
+-bool SetGroups(SecureContext* sc, const char* groups) {
+-  return SSL_CTX_set1_groups_list(sc->ctx().get(), groups) == 1;
+-}
++ bool SetGroups(SecureContext* sc, const char* groups) {
 +#ifndef OPENSSL_IS_BORINGSSL
-   return SSL_CTX_set1_groups_list(**sc, groups) == 1;
++   return SSL_CTX_set1_groups_list(sc->ctx().get(), groups) == 1;
 +#endif
-+  return SSL_CTX_set1_curves_list(**sc, groups) == 1;
- }
++  return SSL_CTX_set1_curves_list(sc->ctx().get(), groups) == 1;
++ }
  
  const char* X509ErrorCode(long err) {  // NOLINT(runtime/int)
-@@ -1101,14 +1108,14 @@ MaybeLocal<Array> GetClientHelloCiphers(
+   const char* code = "UNSPECIFIED";
+@@ -1103,14 +1110,14 @@ MaybeLocal<Array> GetClientHelloCiphers(
      Environment* env,
      const SSLPointer& ssl) {
    EscapableHandleScope scope(env->isolate());
@@ -86,10 +104,10 @@ index a5aa39c23c1708ac27564a1a77a9f05fc07791e2..630a3400e74f20b1dbee17027c7dbe86
      if (!Set(env->context(),
               obj,
 diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc
-index b6ef5e5b1e004e663fbfd2578b82644cb53051e0..1d48ea6d022304b1e6a4f703fea790437edcc876 100644
+index c02e22bb542ff529e4d4fa32de63a07704b02b8e..38220d2e0d1a695f67bf7b9cb79a73fa199abeae 100644
 --- a/src/crypto/crypto_dh.cc
 +++ b/src/crypto/crypto_dh.cc
-@@ -143,13 +143,11 @@ void DiffieHellman::MemoryInfo(MemoryTracker* tracker) const {
+@@ -139,13 +139,11 @@ void DiffieHellman::MemoryInfo(MemoryTracker* tracker) const {
  bool DiffieHellman::Init(const char* p, int p_len, int g) {
    dh_.reset(DH_new());
    if (p_len <= 0) {
@@ -105,7 +123,7 @@ index b6ef5e5b1e004e663fbfd2578b82644cb53051e0..1d48ea6d022304b1e6a4f703fea79043
      return false;
    }
    BIGNUM* bn_p =
-@@ -167,21 +165,18 @@ bool DiffieHellman::Init(const char* p, int p_len, int g) {
+@@ -163,21 +161,18 @@ bool DiffieHellman::Init(const char* p, int p_len, int g) {
  bool DiffieHellman::Init(const char* p, int p_len, const char* g, int g_len) {
    dh_.reset(DH_new());
    if (p_len <= 0) {
@@ -130,7 +148,7 @@ index b6ef5e5b1e004e663fbfd2578b82644cb53051e0..1d48ea6d022304b1e6a4f703fea79043
      return false;
    }
    BIGNUM* bn_p =
-@@ -501,16 +496,20 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
+@@ -527,16 +522,20 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
      if (!BN_set_word(bn_g.get(), params->params.generator) ||
          !DH_set0_pqg(dh.get(), prime, nullptr, bn_g.get()))
        return EVPKeyCtxPointer();
@@ -152,7 +170,7 @@ index b6ef5e5b1e004e663fbfd2578b82644cb53051e0..1d48ea6d022304b1e6a4f703fea79043
      if (!param_ctx ||
          EVP_PKEY_paramgen_init(param_ctx.get()) <= 0 ||
          EVP_PKEY_CTX_set_dh_paramgen_prime_len(
-@@ -522,8 +521,10 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
+@@ -548,8 +547,10 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
          EVP_PKEY_paramgen(param_ctx.get(), &raw_params) <= 0) {
        return EVPKeyCtxPointer();
      }
@@ -189,10 +207,10 @@ index c7894baf00ee9ce4684f4c752f1c7c9b98163741..655895dbff8b88daa53c7b40a5feca42
      return EVPKeyCtxPointer();
  
 diff --git a/src/crypto/crypto_random.cc b/src/crypto/crypto_random.cc
-index fc88deb460314c2620d842ec30141bcd13109d60..c097ccfcffb1158317ba09e7c4beb725ccbab74f 100644
+index 648fda211c4305f0ce2f676159bd23e95b4844f8..147fe4a79bfa1e2063ab9ba2f16dda22f0c40e48 100644
 --- a/src/crypto/crypto_random.cc
 +++ b/src/crypto/crypto_random.cc
-@@ -150,7 +150,7 @@ Maybe<bool> RandomPrimeTraits::AdditionalConfig(
+@@ -147,7 +147,7 @@ Maybe<bool> RandomPrimeTraits::AdditionalConfig(
  
    params->bits = bits;
    params->safe = safe;
@@ -202,10 +220,10 @@ index fc88deb460314c2620d842ec30141bcd13109d60..c097ccfcffb1158317ba09e7c4beb725
      THROW_ERR_CRYPTO_OPERATION_FAILED(env, "could not generate prime");
      return Nothing<bool>();
 diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc
-index ae4550e9fde8120c35409e495d5b763a95546509..188a7efe76df2a1aa2eb2746f4d748361bba4fb4 100644
+index bd732a70a8ffe6212e06dddb352ca75cb45b50d3..cd025663f58d386e3b7c47823a7d6cf1a230e6a8 100644
 --- a/src/crypto/crypto_rsa.cc
 +++ b/src/crypto/crypto_rsa.cc
-@@ -621,10 +621,11 @@ Maybe<bool> GetRsaKeyDetail(
+@@ -626,10 +626,11 @@ Maybe<bool> GetRsaKeyDetail(
        }
  
        if (params->saltLength != nullptr) {
@@ -222,10 +240,10 @@ index ae4550e9fde8120c35409e495d5b763a95546509..188a7efe76df2a1aa2eb2746f4d74836
  
        if (target
 diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index e1ef170a9f17634d218492a2ce888c3a4365e097..f55e292fbbc75448b15dc9be0327ad2dedef49e0 100644
+index 58a5d88d7a10def618170550246fbf50685ac0a4..77af0661dbd056a38a8d7599b9e4f067f6b79f64 100644
 --- a/src/crypto/crypto_util.cc
 +++ b/src/crypto/crypto_util.cc
-@@ -508,24 +508,15 @@ Maybe<bool> Decorate(Environment* env, Local<Object> obj,
+@@ -534,24 +534,15 @@ Maybe<bool> Decorate(Environment* env, Local<Object> obj,
      V(BIO)                                                                    \
      V(PKCS7)                                                                  \
      V(X509V3)                                                                 \
@@ -251,7 +269,7 @@ index e1ef170a9f17634d218492a2ce888c3a4365e097..f55e292fbbc75448b15dc9be0327ad2d
      V(USER)                                                                   \
  
  #define V(name) case ERR_LIB_##name: lib = #name "_"; break;
-@@ -684,7 +675,7 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
+@@ -710,7 +701,7 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
    CHECK(args[0]->IsUint32());
    Environment* env = Environment::GetCurrent(args);
    uint32_t len = args[0].As<Uint32>()->Value();
@@ -260,7 +278,7 @@ index e1ef170a9f17634d218492a2ce888c3a4365e097..f55e292fbbc75448b15dc9be0327ad2d
    if (data == nullptr) {
      // There's no memory available for the allocation.
      // Return nothing.
-@@ -696,7 +687,7 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
+@@ -722,7 +713,7 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
            data,
            len,
            [](void* data, size_t len, void* deleter_data) {
@@ -269,7 +287,7 @@ index e1ef170a9f17634d218492a2ce888c3a4365e097..f55e292fbbc75448b15dc9be0327ad2d
            },
            data);
    Local<ArrayBuffer> buffer = ArrayBuffer::New(env->isolate(), store);
-@@ -704,10 +695,12 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
+@@ -730,10 +721,12 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
  }
  
  void SecureHeapUsed(const FunctionCallbackInfo<Value>& args) {
@@ -282,6 +300,19 @@ index e1ef170a9f17634d218492a2ce888c3a4365e097..f55e292fbbc75448b15dc9be0327ad2d
  }
  }  // namespace
  
+diff --git a/src/node_metadata.cc b/src/node_metadata.cc
+index 46d9be0dfcfdcf778ebaf0337517b7da3f68bc9b..435762f7df47459dc4e6e73a7c3d2376184bebcf 100644
+--- a/src/node_metadata.cc
++++ b/src/node_metadata.cc
+@@ -9,7 +9,7 @@
+ #include "v8.h"
+ #include "zlib.h"
+ 
+-#if HAVE_OPENSSL
++#if HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL)
+ #include <openssl/opensslv.h>
+ #endif  // HAVE_OPENSSL
+ 
 diff --git a/src/node_metadata.h b/src/node_metadata.h
 index 4486d5af2c1622c7c8f44401dc3ebb986d8e3c2e..db1769f1b3f1617ed8dbbea57b5e324183b42be2 100644
 --- a/src/node_metadata.h
@@ -295,3 +326,29 @@ index 4486d5af2c1622c7c8f44401dc3ebb986d8e3c2e..db1769f1b3f1617ed8dbbea57b5e3241
  #include <openssl/crypto.h>
  #endif  // HAVE_OPENSSL
  
+diff --git a/src/node_options.cc b/src/node_options.cc
+index b82100b6907891063a37023e6ad21f79fffade1e..d78005d41bebff4e8729400cf08ab67d27098448 100644
+--- a/src/node_options.cc
++++ b/src/node_options.cc
+@@ -5,7 +5,7 @@
+ #include "node_binding.h"
+ #include "node_external_reference.h"
+ #include "node_internals.h"
+-#if HAVE_OPENSSL
++#if HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL)
+ #include "openssl/opensslv.h"
+ #endif
+ 
+diff --git a/src/node_options.h b/src/node_options.h
+index 32e68086502f3eebe2dbe232b198d663db951125..cb4b6215ffbace04ecd4ad694ae00493847a7324 100644
+--- a/src/node_options.h
++++ b/src/node_options.h
+@@ -11,7 +11,7 @@
+ #include "node_mutex.h"
+ #include "util.h"
+ 
+-#if HAVE_OPENSSL
++#if 0
+ #include "openssl/opensslv.h"
+ #endif
+ 

patches/node/fix_preserve_proper_method_names_as-is_in_error_stack.patch

@@ -40,7 +40,7 @@ index 97b017f66e2395ca90fc7562b9043579911ddc62..1d21462c8cf63ddbbf9e3b785b553a31
      at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:*:*)
      at node:internal/main/run_main_module:*:*
 diff --git a/test/message/error_aggregateTwoErrors.out b/test/message/error_aggregateTwoErrors.out
-index d1dc13eacc303cc52003bd5820e7eeec8d48822b..eb85c92e63c850bbf8fbbe2c1600e783e0cd6066 100644
+index 02e8738d47f57af4c457c15a0c3acfe0a1783078..d82704d95c2df6df36261c1494625b73c6507293 100644
 --- a/test/message/error_aggregateTwoErrors.out
 +++ b/test/message/error_aggregateTwoErrors.out
 @@ -4,9 +4,9 @@ throw aggregateTwoErrors(err, originalError);
@@ -54,7 +54,31 @@ index d1dc13eacc303cc52003bd5820e7eeec8d48822b..eb85c92e63c850bbf8fbbe2c1600e783
 +    at Module._load (node:internal/modules/cjs/loader:*:*)
      at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:*:*)
      at node:internal/main/run_main_module:*:* {
-   code: 'ERR0'
+   code: 'ERR0',
+@@ -14,9 +14,9 @@ AggregateError: original
+     Error: original
+         at Object.<anonymous> (*test*message*error_aggregateTwoErrors.js:*:*)
+         at Module._compile (node:internal/modules/cjs/loader:*:*)
+-        at Object.Module._extensions..js (node:internal/modules/cjs/loader:*:*)
++        at Module._extensions..js (node:internal/modules/cjs/loader:*:*)
+         at Module.load (node:internal/modules/cjs/loader:*:*)
+-        at Function.Module._load (node:internal/modules/cjs/loader:*:*)
++        at Module._load (node:internal/modules/cjs/loader:*:*)
+         at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:*:*)
+         at node:internal/main/run_main_module:*:* {
+       code: 'ERR0'
+@@ -24,9 +24,9 @@ AggregateError: original
+     Error: second error
+         at Object.<anonymous> (*test*message*error_aggregateTwoErrors.js:*:*)
+         at Module._compile (node:internal/modules/cjs/loader:*:*)
+-        at Object.Module._extensions..js (node:internal/modules/cjs/loader:*:*)
++        at Module._extensions..js (node:internal/modules/cjs/loader:*:*)
+         at Module.load (node:internal/modules/cjs/loader:*:*)
+-        at Function.Module._load (node:internal/modules/cjs/loader:*:*)
++        at Module._load (node:internal/modules/cjs/loader:*:*)
+         at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:*:*)
+         at node:internal/main/run_main_module:*:* {
+       code: 'ERR1'
 diff --git a/test/message/error_exit.out b/test/message/error_exit.out
 index 2ef95b535dafe7b0a918b8d6a844e4c4a617818d..dc5e6e7d28cef3a23ca7ba2cfb1435cad55e2aeb 100644
 --- a/test/message/error_exit.out
@@ -251,6 +275,21 @@ index 3eb76ecbbef31cd224e27001b825bce210f4e170..1babe95e398c61cdd3a4e1fd82fe418e
 -    at Function.Module._load (node:internal/modules/cjs/loader:*)
 +    at Module._load (node:internal/modules/cjs/loader:*)
      at Module.require (node:internal/modules/cjs/loader:*)
+diff --git a/test/message/source_map_eval.out b/test/message/source_map_eval.out
+index 7cfd7c84fe65793cf01ee374506e18978774d730..533dbc6efc179c2d4cea844335e2863bf5741ad3 100644
+--- a/test/message/source_map_eval.out
++++ b/test/message/source_map_eval.out
+@@ -3,8 +3,8 @@ ReferenceError: alert is not defined
+     at eval (*tabs.coffee:1:14)
+     at Object.<anonymous> (*source_map_eval.js:8:1)
+     at Module._compile (node:internal/modules/cjs/loader:*)
+-    at Object.Module._extensions..js (node:internal/modules/cjs/loader:*)
++    at Module._extensions..js (node:internal/modules/cjs/loader:*)
+     at Module.load (node:internal/modules/cjs/loader:*)
+-    at Function.Module._load (node:internal/modules/cjs/loader:*)
++    at Module._load (node:internal/modules/cjs/loader:*)
+     at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:*)
+     at node:internal/main/run_main_module:*
 diff --git a/test/message/source_map_reference_error_tabs.out b/test/message/source_map_reference_error_tabs.out
 index bce1b5f8911d4b34d3165d7a4bc5195cbe29211d..d56ef13b20bf9ca333e8806e3905059583c1f991 100644
 --- a/test/message/source_map_reference_error_tabs.out

patches/node/fix_serdes_test.patch

@@ -6,10 +6,10 @@ Subject: fix serdes test
 The V8 wire format version changed.
 
 diff --git a/test/parallel/test-v8-serdes.js b/test/parallel/test-v8-serdes.js
-index 4dffedd3c32b4b1b6eb75e46f8bfb447260046bb..586698129680cef29595c39e77c7d1c186f3d60a 100644
+index ef9ef5945dba3b0748d5d0671f87eb20984de3c4..12f20ed1c9d386122dd20fdd84a7a0c9b9079ee1 100644
 --- a/test/parallel/test-v8-serdes.js
 +++ b/test/parallel/test-v8-serdes.js
-@@ -155,7 +155,7 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
+@@ -163,7 +163,7 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
  }
  
  {
@@ -18,7 +18,7 @@ index 4dffedd3c32b4b1b6eb75e46f8bfb447260046bb..586698129680cef29595c39e77c7d1c1
  
    const des = new v8.DefaultDeserializer(buf);
    des.readHeader();
-@@ -166,13 +166,13 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
+@@ -174,13 +174,13 @@ const hostObject = new (internalBinding('js_stream').JSStream)();
    ser.writeValue(des.readValue());
  
    assert.deepStrictEqual(buf, ser.releaseBuffer());

patches/node/json_parse_errors_made_user-friendly.patch

@@ -6,10 +6,10 @@ Subject: JSON.parse errors made user-friendly
 Update tests for  https://chromium-review.googlesource.com/c/v8/v8/+/3513684
 
 diff --git a/test/es-module/test-esm-data-urls.js b/test/es-module/test-esm-data-urls.js
-index 9d0deb70a1568c93ccdecbef59327ecb2a17ae5e..2ab8f2bdcf7cca1437df33668c4177a76b4dc3ca 100644
+index 5be45d0f7af3b6dd483fe3b185c76e41a1bf533b..c20dd4f9067203bf40d35c92c2ef1bb27ec14b99 100644
 --- a/test/es-module/test-esm-data-urls.js
 +++ b/test/es-module/test-esm-data-urls.js
-@@ -75,7 +75,7 @@ function createBase64URL(mime, body) {
+@@ -76,7 +76,7 @@ function createBase64URL(mime, body) {
        import('data:application/json;foo="test,",0',
          { assert: { type: 'json' } }), {
        name: 'SyntaxError',
@@ -19,21 +19,15 @@ index 9d0deb70a1568c93ccdecbef59327ecb2a17ae5e..2ab8f2bdcf7cca1437df33668c4177a7
    }
    {
 diff --git a/test/es-module/test-esm-invalid-pjson.js b/test/es-module/test-esm-invalid-pjson.js
-index cdbebb17b4bb34421a2f98c384650d495908885c..12247f15dbaddc0e06f1e6aff09faf7a035cf43a 100644
+index f3a38018637aa349ad79617ab9835e61d7058fe9..bc78b870c84c4baedecdd7ffc1157c86c307cebf 100644
 --- a/test/es-module/test-esm-invalid-pjson.js
 +++ b/test/es-module/test-esm-invalid-pjson.js
-@@ -17,11 +17,13 @@ child.stderr.on('data', (data) => {
- child.on('close', mustCall((code, signal) => {
-   strictEqual(code, 1);
-   strictEqual(signal, null);
-+  console.log('STDERR is: ', stderr);
-+  console.log('DONE STDERR');
-   ok(
-     stderr.includes(
-       `[ERR_INVALID_PACKAGE_CONFIG]: Invalid package config ${invalidJson} ` +
-       `while importing "invalid-pjson" from ${entry}. ` +
--      `Unexpected token } in JSON at position ${12 + checkoutEOL.length * 2}`
-+      `Expected ':' after property name in JSON at position ${12 + checkoutEOL.length * 2}`
-     ),
-     stderr);
- }));
+@@ -18,7 +18,7 @@ describe('ESM: Package.json', { concurrency: true }, () => {
+       stderr.includes(
+         `[ERR_INVALID_PACKAGE_CONFIG]: Invalid package config ${invalidJson} ` +
+         `while importing "invalid-pjson" from ${entry}. ` +
+-        `Unexpected token } in JSON at position ${12 + checkoutEOL.length * 2}`
++        `Expected ':' after property name in JSON at position ${12 + checkoutEOL.length * 2}`
+       ),
+       stderr
+     );

patches/node/pass_all_globals_through_require.patch

@@ -6,7 +6,7 @@ Subject: Pass all globals through "require"
 (cherry picked from commit 7d015419cb7a0ecfe6728431a4ed2056cd411d62)
 
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index b4902850c7fec5bb67c9566f40ca1cdd2ba17b55..200c352cfd7321c47f37776589cfca397cad5d25 100644
+index f1971c40a447b251f524717b906a5435bf0a0556..a65094ec21b0f40ab562608a9eeb36c5626cda31 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
 @@ -127,6 +127,13 @@ const {
@@ -23,7 +23,7 @@ index b4902850c7fec5bb67c9566f40ca1cdd2ba17b55..200c352cfd7321c47f37776589cfca39
  const {
    isProxy
  } = require('internal/util/types');
-@@ -1100,10 +1107,12 @@ Module.prototype._compile = function(content, filename) {
+@@ -1121,10 +1128,12 @@ Module.prototype._compile = function(content, filename) {
    if (requireDepth === 0) statCache = new SafeMap();
    if (inspectorWrapper) {
      result = inspectorWrapper(compiledWrapper, thisValue, exports,

patches/node/refactor_allow_embedder_overriding_of_internal_fs_calls.patch

@@ -7,7 +7,7 @@ We use this to allow node's 'fs' module to read from ASAR files as if they were
 a real filesystem.
 
 diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
-index dfae7675e16a6a81e40c69d85004fc841cadf738..8c31d0202b70ec9784b4289a175a62fd9fd85f8c 100644
+index 67cbdb9db09ca78f859032696c86f128bad64c46..376680f015d09a2cf3ce62de1fdeb9c5ed4c300b 100644
 --- a/lib/internal/bootstrap/node.js
 +++ b/lib/internal/bootstrap/node.js
 @@ -66,6 +66,10 @@ setupBuffer();
@@ -22,7 +22,7 @@ index dfae7675e16a6a81e40c69d85004fc841cadf738..8c31d0202b70ec9784b4289a175a62fd
  const nativeModule = internalBinding('native_module');
  
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index 200c352cfd7321c47f37776589cfca397cad5d25..5195ff2da0496f2bfb9112d336c38040f662087b 100644
+index a65094ec21b0f40ab562608a9eeb36c5626cda31..3a536aab1bdeea6829d76d6af48fdefe0e08908d 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
 @@ -86,7 +86,7 @@ const fs = require('fs');

patches/node/refactor_alter_child_process_fork_to_use_execute_script_with.patch

@@ -7,10 +7,10 @@ Subject: refactor: alter child_process.fork to use execute script with
 When forking a child script, we setup a special environment to make the Electron binary run like the upstream node. On Mac, we use the helper app as node binary.
 
 diff --git a/lib/child_process.js b/lib/child_process.js
-index 415010241cdabac42ea79601c464bae4a2081c78..5c202237ecdf32afe89b5a5b4dfc2cf648fb9d23 100644
+index 77b9ff35ff6ea780121aa1f4bb71850b9245965a..2a91c4820bebf55068c4d54a2e1133176de77a6d 100644
 --- a/lib/child_process.js
 +++ b/lib/child_process.js
-@@ -160,6 +160,15 @@ function fork(modulePath, args = [], options) {
+@@ -161,6 +161,15 @@ function fork(modulePath, args = [], options) {
      throw new ERR_CHILD_PROCESS_IPC_REQUIRED('options.stdio');
    }
  

patches/node/repl_fix_crash_when_sharedarraybuffer_disabled.patch

@@ -25,7 +25,7 @@ index a771b1813731edf4f0dd60f3505799e389f1d876..b9461677e2d7d1df192e752496e62cca
    bench.start();
    for (let i = 0; i < n; i++)
 diff --git a/lib/internal/main/worker_thread.js b/lib/internal/main/worker_thread.js
-index a8167b86ca2e5a11b2628e20063849e85a200a8c..110a3ed1637b642b1d83fb36549cced151b9c5cd 100644
+index e21c1b1fe2cc7f55d3782419913568f51f1a87ea..1b6a8242bbd9eeb901950f1b9016bc2b85af5951 100644
 --- a/lib/internal/main/worker_thread.js
 +++ b/lib/internal/main/worker_thread.js
 @@ -9,7 +9,7 @@ const {
@@ -37,7 +37,7 @@ index a8167b86ca2e5a11b2628e20063849e85a200a8c..110a3ed1637b642b1d83fb36549cced1
  } = primordials;
  
  const {
-@@ -146,6 +146,9 @@ port.on('message', (message) => {
+@@ -150,6 +150,9 @@ port.on('message', (message) => {
      const originalCwd = process.cwd;
  
      process.cwd = function() {
@@ -48,10 +48,10 @@ index a8167b86ca2e5a11b2628e20063849e85a200a8c..110a3ed1637b642b1d83fb36549cced1
        if (currentCounter === lastCounter)
          return cachedCwd;
 diff --git a/lib/internal/worker.js b/lib/internal/worker.js
-index 1d2cd8cefd2996c6a4f84ea08e6b4c53a22dc418..28b1a9a53b13036297a2ed3271c36cbe14c51a32 100644
+index 8e396195209b83dff572792a78ee75d12d1f6610..4bb09b6ab5c31206a622814cbcd793c434b885d4 100644
 --- a/lib/internal/worker.js
 +++ b/lib/internal/worker.js
-@@ -90,7 +90,8 @@ let cwdCounter;
+@@ -91,7 +91,8 @@ let cwdCounter;
  
  const environmentData = new SafeMap();
  

patches/node/src_allow_embedders_to_provide_a_custom_pageallocator_to.patch

@@ -12,10 +12,10 @@ allocator that does handle these cases.
 Upstreamed in https://github.com/nodejs/node/pull/38362.
 
 diff --git a/src/api/environment.cc b/src/api/environment.cc
-index 1add2976e7c48e6704400b9ea0795b934ab0bfc2..2abf5994405e8da2a04d1b23b75ccd3658398474 100644
+index 9d33ebdc35516f65a977f7c1125453b0c99bee28..9cbe99596b1b8c148ac076acf8a9623d6989d505 100644
 --- a/src/api/environment.cc
 +++ b/src/api/environment.cc
-@@ -475,8 +475,9 @@ MultiIsolatePlatform* CreatePlatform(
+@@ -481,8 +481,9 @@ MultiIsolatePlatform* CreatePlatform(
  
  MultiIsolatePlatform* CreatePlatform(
      int thread_pool_size,
@@ -27,7 +27,7 @@ index 1add2976e7c48e6704400b9ea0795b934ab0bfc2..2abf5994405e8da2a04d1b23b75ccd36
        .release();
  }
  
-@@ -486,8 +487,9 @@ void FreePlatform(MultiIsolatePlatform* platform) {
+@@ -492,8 +493,9 @@ void FreePlatform(MultiIsolatePlatform* platform) {
  
  std::unique_ptr<MultiIsolatePlatform> MultiIsolatePlatform::Create(
      int thread_pool_size,
@@ -40,10 +40,10 @@ index 1add2976e7c48e6704400b9ea0795b934ab0bfc2..2abf5994405e8da2a04d1b23b75ccd36
  
  MaybeLocal<Object> GetPerContextExports(Local<Context> context) {
 diff --git a/src/node.h b/src/node.h
-index 9b9ff1c86ceeaeca828328065e2ad5573ea17fc5..0a9f5139276eb2e102b41a586adf61fa563b47d6 100644
+index be619162d17728c1eb2ddf740947067913d6a348..4eee4e96349ee49423d53819dd90a213f6a6e042 100644
 --- a/src/node.h
 +++ b/src/node.h
-@@ -332,7 +332,8 @@ class NODE_EXTERN MultiIsolatePlatform : public v8::Platform {
+@@ -342,7 +342,8 @@ class NODE_EXTERN MultiIsolatePlatform : public v8::Platform {
  
    static std::unique_ptr<MultiIsolatePlatform> Create(
        int thread_pool_size,
@@ -53,7 +53,7 @@ index 9b9ff1c86ceeaeca828328065e2ad5573ea17fc5..0a9f5139276eb2e102b41a586adf61fa
  };
  
  enum IsolateSettingsFlags {
-@@ -529,7 +530,8 @@ NODE_EXTERN node::tracing::Agent* CreateAgent();
+@@ -539,7 +540,8 @@ NODE_EXTERN node::tracing::Agent* CreateAgent();
  NODE_DEPRECATED("Use MultiIsolatePlatform::Create() instead",
      NODE_EXTERN MultiIsolatePlatform* CreatePlatform(
          int thread_pool_size,

patches/node/src_fix_ssize_t_error_from_nghttp2_h.patch

@@ -0,0 +1,27 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Darshan Sen <[email protected]>
+Date: Thu, 25 Aug 2022 18:08:10 +0530
+Subject: src: fix ssize_t error from nghttp2.h
+
+The "node_http2.h" include reordering enforced by clang-format broke Electron's
+Node.js upgrade on Windows. ssize_t is a part of the POSIX standard and it's not
+available on Windows, so the fix for this is to typedef it on Windows like in
+https://github.com/nodejs/node/blob/bb4dff783ddb3b20c67041f7ccef796c335c2407/src/node.h#L212-L220.
+
+Refs: https://github.com/electron/electron/pull/35350#discussion_r954890551
+Signed-off-by: Darshan Sen <[email protected]>
+
+diff --git a/src/node_http2.h b/src/node_http2.h
+index 5bd715da8a269799ce8e6746a98184411dd859e0..6f3b93943b90e5984502f5d521b81bafad164fc7 100644
+--- a/src/node_http2.h
++++ b/src/node_http2.h
+@@ -5,6 +5,9 @@
+ 
+ // FIXME(joyeecheung): nghttp2.h needs stdint.h to compile on Windows
+ #include <cstdint>
++// clang-format off
++#include "node.h"  // nghttp2.h needs ssize_t
++// clang-format on
+ #include "nghttp2/nghttp2.h"
+ 
+ #include "env.h"

patches/node/src_update_importmoduledynamically.patch

@@ -10,7 +10,7 @@ Reviewed-By: Darshan Sen <[email protected]>
 Reviewed-By: Colin Ihrig <[email protected]>
 
 diff --git a/src/module_wrap.cc b/src/module_wrap.cc
-index aeb0d2cb37313bdbb00abe065c91362cac5dcb9a..1e049d7258d21c7d7049f393ecfa1b4f53325910 100644
+index b4b70ec1afd3eaa2489075156e7ccd7682ddd307..50ce8d510cb1a4299f3c161198ee6ed63fabc05f 100644
 --- a/src/module_wrap.cc
 +++ b/src/module_wrap.cc
 @@ -46,7 +46,6 @@ using v8::PrimitiveArray;
@@ -21,7 +21,7 @@ index aeb0d2cb37313bdbb00abe065c91362cac5dcb9a..1e049d7258d21c7d7049f393ecfa1b4f
  using v8::String;
  using v8::UnboundModuleScript;
  using v8::Undefined;
-@@ -559,7 +558,8 @@ MaybeLocal<Module> ModuleWrap::ResolveModuleCallback(
+@@ -553,7 +552,8 @@ MaybeLocal<Module> ModuleWrap::ResolveModuleCallback(
  
  static MaybeLocal<Promise> ImportModuleDynamically(
      Local<Context> context,
@@ -31,7 +31,7 @@ index aeb0d2cb37313bdbb00abe065c91362cac5dcb9a..1e049d7258d21c7d7049f393ecfa1b4f
      Local<String> specifier,
      Local<FixedArray> import_assertions) {
    Isolate* isolate = context->GetIsolate();
-@@ -574,7 +574,7 @@ static MaybeLocal<Promise> ImportModuleDynamically(
+@@ -568,7 +568,7 @@ static MaybeLocal<Promise> ImportModuleDynamically(
    Local<Function> import_callback =
      env->host_import_module_dynamically_callback();
  
@@ -40,7 +40,7 @@ index aeb0d2cb37313bdbb00abe065c91362cac5dcb9a..1e049d7258d21c7d7049f393ecfa1b4f
    if (options->Length() != HostDefinedOptions::kLength) {
      Local<Promise::Resolver> resolver;
      if (!Promise::Resolver::New(context).ToLocal(&resolver)) return {};
-@@ -588,11 +588,11 @@ static MaybeLocal<Promise> ImportModuleDynamically(
+@@ -582,11 +582,11 @@ static MaybeLocal<Promise> ImportModuleDynamically(
  
    Local<Value> object;
  

patches/node/support_v8_sandboxed_pointers.patch

@@ -7,10 +7,10 @@ This refactors several allocators to allocate within the V8 memory cage,
 allowing them to be compatible with the V8_SANDBOXED_POINTERS feature.
 
 diff --git a/src/api/environment.cc b/src/api/environment.cc
-index 2abf5994405e8da2a04d1b23b75ccd3658398474..b06e8529bb8ca2fa6d7f0735531bbbf39da6af12 100644
+index 9cbe99596b1b8c148ac076acf8a9623d6989d505..93d85d46dc6b3b30795b88ffa8070253f62e51bd 100644
 --- a/src/api/environment.cc
 +++ b/src/api/environment.cc
-@@ -80,19 +80,27 @@ MaybeLocal<Value> PrepareStackTraceCallback(Local<Context> context,
+@@ -80,6 +80,14 @@ MaybeLocal<Value> PrepareStackTraceCallback(Local<Context> context,
    return result;
  }
  
@@ -24,47 +24,12 @@ index 2abf5994405e8da2a04d1b23b75ccd3658398474..b06e8529bb8ca2fa6d7f0735531bbbf3
 +
  void* NodeArrayBufferAllocator::Allocate(size_t size) {
    void* ret;
--  if (zero_fill_field_ || per_process::cli_options->zero_fill_all_buffers)
--    ret = UncheckedCalloc(size);
-+  if (*zero_fill_field_ || per_process::cli_options->zero_fill_all_buffers)
-+    ret = allocator_->Allocate(size);
-   else
--    ret = UncheckedMalloc(size);
-+    ret = allocator_->AllocateUninitialized(size);
-   if (LIKELY(ret != nullptr))
-     total_mem_usage_.fetch_add(size, std::memory_order_relaxed);
-   return ret;
- }
- 
- void* NodeArrayBufferAllocator::AllocateUninitialized(size_t size) {
--  void* ret = node::UncheckedMalloc(size);
-+  void* ret = allocator_->AllocateUninitialized(size);
-   if (LIKELY(ret != nullptr))
-     total_mem_usage_.fetch_add(size, std::memory_order_relaxed);
-   return ret;
-@@ -100,7 +108,7 @@ void* NodeArrayBufferAllocator::AllocateUninitialized(size_t size) {
- 
- void* NodeArrayBufferAllocator::Reallocate(
-     void* data, size_t old_size, size_t size) {
--  void* ret = UncheckedRealloc<char>(static_cast<char*>(data), size);
-+  void* ret = allocator_->Reallocate(data, old_size, size);
-   if (LIKELY(ret != nullptr) || UNLIKELY(size == 0))
-     total_mem_usage_.fetch_add(size - old_size, std::memory_order_relaxed);
-   return ret;
-@@ -108,7 +116,7 @@ void* NodeArrayBufferAllocator::Reallocate(
- 
- void NodeArrayBufferAllocator::Free(void* data, size_t size) {
-   total_mem_usage_.fetch_sub(size, std::memory_order_relaxed);
--  free(data);
-+  allocator_->Free(data, size);
- }
- 
- DebuggingArrayBufferAllocator::~DebuggingArrayBufferAllocator() {
+   if (zero_fill_field_ || per_process::cli_options->zero_fill_all_buffers)
 diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index f55e292fbbc75448b15dc9be0327ad2dedef49e0..7719574859637aecc98f8a4b00ba6ebca8280631 100644
+index 77af0661dbd056a38a8d7599b9e4f067f6b79f64..c3584709c280a1eb8c9c4945b12ebf89245c54cc 100644
 --- a/src/crypto/crypto_util.cc
 +++ b/src/crypto/crypto_util.cc
-@@ -318,10 +318,35 @@ ByteSource& ByteSource::operator=(ByteSource&& other) noexcept {
+@@ -344,10 +344,35 @@ ByteSource& ByteSource::operator=(ByteSource&& other) noexcept {
    return *this;
  }
  
@@ -101,7 +66,7 @@ index f55e292fbbc75448b15dc9be0327ad2dedef49e0..7719574859637aecc98f8a4b00ba6ebc
    std::unique_ptr<BackingStore> ptr = ArrayBuffer::NewBackingStore(
        allocated_data_,
        size(),
-@@ -333,10 +358,11 @@ std::unique_ptr<BackingStore> ByteSource::ReleaseToBackingStore() {
+@@ -359,10 +384,11 @@ std::unique_ptr<BackingStore> ByteSource::ReleaseToBackingStore() {
    data_ = nullptr;
    size_ = 0;
    return ptr;
@@ -114,7 +79,7 @@ index f55e292fbbc75448b15dc9be0327ad2dedef49e0..7719574859637aecc98f8a4b00ba6ebc
    return ArrayBuffer::New(env->isolate(), std::move(store));
  }
  
-@@ -666,6 +692,16 @@ CryptoJobMode GetCryptoJobMode(v8::Local<v8::Value> args) {
+@@ -692,6 +718,16 @@ CryptoJobMode GetCryptoJobMode(v8::Local<v8::Value> args) {
  }
  
  namespace {
@@ -131,7 +96,7 @@ index f55e292fbbc75448b15dc9be0327ad2dedef49e0..7719574859637aecc98f8a4b00ba6ebc
  // SecureBuffer uses openssl to allocate a Uint8Array using
  // OPENSSL_secure_malloc. Because we do not yet actually
  // make use of secure heap, this has the same semantics as
-@@ -693,6 +729,7 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
+@@ -719,6 +755,7 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
    Local<ArrayBuffer> buffer = ArrayBuffer::New(env->isolate(), store);
    args.GetReturnValue().Set(Uint8Array::New(buffer, 0, len));
  }
@@ -140,10 +105,10 @@ index f55e292fbbc75448b15dc9be0327ad2dedef49e0..7719574859637aecc98f8a4b00ba6ebc
  void SecureHeapUsed(const FunctionCallbackInfo<Value>& args) {
  #ifndef OPENSSL_IS_BORINGSSL
 diff --git a/src/crypto/crypto_util.h b/src/crypto/crypto_util.h
-index c431159e6f77f8c86844bcadb86012b056d03372..9f57ac58d826cb0aae422ddca54e2136618c4bfe 100644
+index 07ea8e44da3e54b8c24fd2d57b3922d6ddd35781..6d0d93b5b7c0bd1d8342e81024712df029d7e618 100644
 --- a/src/crypto/crypto_util.h
 +++ b/src/crypto/crypto_util.h
-@@ -255,7 +255,7 @@ class ByteSource {
+@@ -254,7 +254,7 @@ class ByteSource {
    // Creates a v8::BackingStore that takes over responsibility for
    // any allocated data. The ByteSource will be reset with size = 0
    // after being called.
@@ -166,7 +131,7 @@ index c537a247f55ff070da1988fc8b7309b5692b5c18..59bfb597849cd5a94800d6c83b238ef7
      return ret;
  
 diff --git a/src/node_internals.h b/src/node_internals.h
-index d37be23cd63e82d4040777bd0e17ed449ec0b15b..eb84760593ff5fb5aa6a8104e8714099f24a67a0 100644
+index f7314c906e580664be445a8912030e17a3ac2fa4..99258ad0aa1e15ea1ba139fd0e83111e1436cc40 100644
 --- a/src/node_internals.h
 +++ b/src/node_internals.h
 @@ -97,7 +97,9 @@ bool InitializePrimordials(v8::Local<v8::Context> context);
@@ -180,18 +145,15 @@ index d37be23cd63e82d4040777bd0e17ed449ec0b15b..eb84760593ff5fb5aa6a8104e8714099
  
    void* Allocate(size_t size) override;  // Defined in src/node.cc
    void* AllocateUninitialized(size_t size) override;
-@@ -116,8 +118,10 @@ class NodeArrayBufferAllocator : public ArrayBufferAllocator {
+@@ -116,7 +118,7 @@ class NodeArrayBufferAllocator : public ArrayBufferAllocator {
    }
  
   private:
 -  uint32_t zero_fill_field_ = 1;  // Boolean but exposed as uint32 to JS land.
 +  uint32_t* zero_fill_field_ = nullptr;  // Boolean but exposed as uint32 to JS land.
    std::atomic<size_t> total_mem_usage_ {0};
-+
-+  std::unique_ptr<v8::ArrayBuffer::Allocator> allocator_{v8::ArrayBuffer::Allocator::NewDefaultAllocator()};
- };
  
- class DebuggingArrayBufferAllocator final : public NodeArrayBufferAllocator {
+   // Delegate to V8's allocator for compatibility with the V8 memory cage.
 diff --git a/src/node_serdes.cc b/src/node_serdes.cc
 index f6f0034bc24d09e3ad65491c7d6be0b9c9db1581..92d5020f293c98c81d3891a82f7320629bf9f926 100644
 --- a/src/node_serdes.cc

patches/node/worker_thread_add_asar_support.patch

@@ -7,10 +7,10 @@ This patch initializes asar support in workers threads in
 Node.js.
 
 diff --git a/lib/internal/bootstrap/pre_execution.js b/lib/internal/bootstrap/pre_execution.js
-index 899d5a906683e8967746e10a6de452e99e236903..4c459b58b5a048d9d8a4f15f4011e7cce68089f4 100644
+index 4b1f1b05b6c67f206f87618792fa528deb238d8d..8993197ebd9eb54ec918767e16d665caebbf3554 100644
 --- a/lib/internal/bootstrap/pre_execution.js
 +++ b/lib/internal/bootstrap/pre_execution.js
-@@ -563,6 +563,7 @@ module.exports = {
+@@ -609,6 +609,7 @@ module.exports = {
    loadPreloadModules,
    setupTraceCategoryState,
    setupInspectorHooks,
@@ -19,10 +19,10 @@ index 899d5a906683e8967746e10a6de452e99e236903..4c459b58b5a048d9d8a4f15f4011e7cc
    initializeCJSLoader,
    initializeWASI
 diff --git a/lib/internal/main/worker_thread.js b/lib/internal/main/worker_thread.js
-index 110a3ed1637b642b1d83fb36549cced151b9c5cd..50da62d11bf87c333322264f26e5b427efc7d46b 100644
+index 1b6a8242bbd9eeb901950f1b9016bc2b85af5951..af32601bc4bf0c7c61ee3ca0500bf26255081458 100644
 --- a/lib/internal/main/worker_thread.js
 +++ b/lib/internal/main/worker_thread.js
-@@ -29,6 +29,7 @@ const {
+@@ -30,6 +30,7 @@ const {
    initializeReport,
    initializeSourceMapsHandlers,
    loadPreloadModules,
@@ -30,7 +30,7 @@ index 110a3ed1637b642b1d83fb36549cced151b9c5cd..50da62d11bf87c333322264f26e5b427
    setupTraceCategoryState
  } = require('internal/bootstrap/pre_execution');
  
-@@ -158,6 +159,8 @@ port.on('message', (message) => {
+@@ -162,6 +163,8 @@ port.on('message', (message) => {
      };
      workerIo.sharedCwdCounter = cwdCounter;
  

script/node-disabled-tests.json

@@ -25,6 +25,7 @@
   "parallel/test-https-agent-session-reuse",
   "parallel/test-https-options-boolean-check",
   "parallel/test-icu-minimum-version",
+  "parallel/test-icu-env",
   "parallel/test-inspector-multisession-ws",
   "parallel/test-inspector-port-zero-cluster",
   "parallel/test-inspector-tracing-domain",
@@ -94,6 +95,7 @@
   "parallel/test-trace-events-file-pattern",
   "parallel/test-trace-events-fs-sync",
   "parallel/test-trace-events-metadata",
+  "parallel/test-trace-events-net",
   "parallel/test-trace-events-none",
   "parallel/test-trace-events-process-exit",
   "parallel/test-trace-events-promises",
@@ -102,16 +104,20 @@
   "parallel/test-trace-events-worker-metadata",
   "parallel/test-v8-untrusted-code-mitigations",
   "parallel/test-webcrypto-derivebits-node-dh",
+  "parallel/test-webcrypto-derivebits-cfrg",
+  "parallel/test-webcrypto-derivekey-cfrg",
   "parallel/test-webcrypto-ed25519-ed448",
   "parallel/test-webcrypto-encrypt-decrypt",
   "parallel/test-webcrypto-encrypt-decrypt-aes",
   "parallel/test-webcrypto-encrypt-decrypt-rsa",
+  "parallel/test-webcrypto-export-import-cfrg",
   "parallel/test-webcrypto-keygen",
   "parallel/test-webcrypto-rsa-pss-params",
   "parallel/test-webcrypto-sign-verify-node-dsa",
-  "parallel/test-webcrypto-x25519-x448",
+  "parallel/test-webcrypto-sign-verify-eddsa",
   "parallel/test-worker-debug",
   "parallel/test-worker-stdio",
+  "parallel/test-v8-serialize-leak",
   "parallel/test-zlib-unused-weak",
   "report/test-report-fatal-error",
   "report/test-report-getreport",