chore: bump node to v18.17.1 (main) (#39457)

* chore: bump node in DEPS to v18.17.1

* chore: update patches

* policy: disable process.binding() when enabled

https://github.com/nodejs/node/commit/d4570fae358693b8f7fec05294b9bb92a966226d

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <[email protected]>

DEPS

@@ -4,7 +4,7 @@ vars = {
   'chromium_version':
     '117.0.5921.0',
   'node_version':
-    'v18.17.0',
+    'v18.17.1',
   'nan_version':
     '16fa32231e2ccd89d2804b3f765319128b20c4ac',
   'squirrel.mac_version':

patches/node/build_add_gn_build_files.patch

@@ -2185,7 +2185,7 @@ index 0000000000000000000000000000000000000000..4ab828dcbf322a9e28674e48c4a6868b
 +  args = rebase_path(inputs + outputs, root_build_dir)
 +}
 diff --git a/src/node_version.h b/src/node_version.h
-index 5509ad145e59ce62341a479c2b2fdc377ede1c30..0bbfeabf2966734d5c6b143be89d7a914e7d9b99 100644
+index 1e898ffcc9104bc50079a9850dc89767199c646e..0f5c5f1cc0845b5d005697d8ab1ab6167c541ced 100644
 --- a/src/node_version.h
 +++ b/src/node_version.h
 @@ -89,7 +89,10 @@

patches/node/chore_allow_the_node_entrypoint_to_be_a_builtin_module.patch

@@ -8,7 +8,7 @@ they use themselves as the entry point. We should try to upstream some form
 of this.
 
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index 8ce3d78839944ddd15bed299d89aeb61a7fd53e5..b3a54aecb06b07834e38f9c94c5246df31c7a47a 100644
+index 001343b74ce236f89dca030c0fc9dd0299df0b39..6f277daf4ce846f093f634c473daec07939b4558 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
 @@ -1230,6 +1230,13 @@ Module.prototype._compile = function(content, filename) {

patches/node/feat_initialize_asar_support.patch

@@ -5,6 +5,20 @@ Subject: feat: initialize asar support
 
 This patch initializes asar support in Node.js.
 
+diff --git a/lib/internal/process/policy.js b/lib/internal/process/policy.js
+index 8e07cb92118c84b2bc1156532cae8b033b9a48f4..2073a024ad548fe80e84cafee012b003454d6c93 100644
+--- a/lib/internal/process/policy.js
++++ b/lib/internal/process/policy.js
+@@ -39,9 +39,6 @@ module.exports = ObjectFreeze({
+     process.binding = function binding(_module) {
+       throw new ERR_ACCESS_DENIED('process.binding');
+     };
+-    process._linkedBinding = function _linkedBinding(_module) {
+-      throw new ERR_ACCESS_DENIED('process._linkedBinding');
+-    };
+   },
+ 
+   get manifest() {
 diff --git a/lib/internal/process/pre_execution.js b/lib/internal/process/pre_execution.js
 index 250a43c5455b4f9ff72dd3a34d5b0aa270f43cc6..2e35cbba2ac02494c44821af395fe0195b1ab6b5 100644
 --- a/lib/internal/process/pre_execution.js
@@ -27,3 +41,14 @@ index 250a43c5455b4f9ff72dd3a34d5b0aa270f43cc6..2e35cbba2ac02494c44821af395fe019
  function patchProcessObject(expandArgv1) {
    const binding = internalBinding('process_methods');
    binding.patchProcessObject(process);
+diff --git a/test/fixtures/policy/process-binding/app.js b/test/fixtures/policy/process-binding/app.js
+index 16e26d12a160286b1b6aaeb64b15668b05b9865b..a287d0a2363acbf24077eec040116f96ef18a7b3 100644
+--- a/test/fixtures/policy/process-binding/app.js
++++ b/test/fixtures/policy/process-binding/app.js
+@@ -5,6 +5,3 @@ const assert = require('assert');
+ assert.throws(() => { process.binding(); }, {
+   code: 'ERR_ACCESS_DENIED'
+ });
+-assert.throws(() => { process._linkedBinding(); }, {
+-  code: 'ERR_ACCESS_DENIED'
+-});

patches/node/pass_all_globals_through_require.patch

@@ -6,7 +6,7 @@ Subject: Pass all globals through "require"
 (cherry picked from commit 7d015419cb7a0ecfe6728431a4ed2056cd411d62)
 
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index ebf53afd41454cd2c87050f3c086a9df7021202b..83702fbab45f57f40319a5bbd7e2c7baf217c384 100644
+index 88bb870a8fd2e5458cd47f76dc88b952de6c0303..4aa672675b5cf16b609d81d360e8be8c1a345bd8 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
 @@ -142,6 +142,13 @@ const {

patches/node/refactor_allow_embedder_overriding_of_internal_fs_calls.patch

@@ -22,7 +22,7 @@ index 07c6d5e9351a96aeca1179c20287dc3fb7ec1eab..13ea68c96fd415f976aab0f291a1b7c6
  // release cycle, remove the Proxy and setter and update the
  // getter to either return a read-only object or always return
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index 83702fbab45f57f40319a5bbd7e2c7baf217c384..8ce3d78839944ddd15bed299d89aeb61a7fd53e5 100644
+index 4aa672675b5cf16b609d81d360e8be8c1a345bd8..001343b74ce236f89dca030c0fc9dd0299df0b39 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
 @@ -94,7 +94,7 @@ const fs = require('fs');

shell/common/node_bindings.cc

@@ -258,13 +258,9 @@ bool IsAllowedOption(base::StringPiece option) {
 // See https://nodejs.org/api/cli.html#cli_node_options_options
 void SetNodeOptions(base::Environment* env) {
   // Options that are unilaterally disallowed
-  static constexpr auto disallowed = base::MakeFixedFlatSet<base::StringPiece>({
-      "--enable-fips",
-      "--force-fips",
-      "--openssl-config",
-      "--use-bundled-ca",
-      "--use-openssl-ca",
-  });
+  static constexpr auto disallowed = base::MakeFixedFlatSet<base::StringPiece>(
+      {"--enable-fips", "--force-fips", "--openssl-config", "--use-bundled-ca",
+       "--use-openssl-ca", "--experimental-policy"});
 
   static constexpr auto pkg_opts = base::MakeFixedFlatSet<base::StringPiece>({
       "--http-parser",