Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: fix order of setting cipher before setting cert and key #50186

Closed
wants to merge 5 commits into from

Conversation

kumarrishav
Copy link
Contributor

@kumarrishav kumarrishav commented Oct 14, 2023

Set the cipher list and cipher suite before anything.

Because @SECLEVEL= changes the security level and that affects subsequent operations.
Reducing SECLEVEL to 0 in ciphers retains compatibility with previous versions of OpenSSL like using a small key as ciphers are getting set before the cert and key get loaded.

Fixes: #36655
Fixes: #49549

Refs: https://github.com/orgs/nodejs/discussions/49634 https://github.com/orgs/nodejs/discussions/46545

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto
  • @nodejs/net

@nodejs-github-bot nodejs-github-bot added needs-ci PRs that need a full CI run. tls Issues and PRs related to the tls subsystem. labels Oct 14, 2023
@kumarrishav
Copy link
Contributor Author

based on the help and guidance from @bnoordhuis #36655 (comment)

@kumarrishav
Copy link
Contributor Author

kumarrishav commented Oct 14, 2023

Issue was found on node 18 but most likely it exists in node > 18 as well

@mcollina
Copy link
Member

Could you add a test for this change?

@kumarrishav
Copy link
Contributor Author

Could you add a test for this change?

@mcollina added the test.

It's based on #36655 (comment)

@kumarrishav kumarrishav reopened this Oct 16, 2023
@kumarrishav
Copy link
Contributor Author

@richardlau @mcollina @bnoordhuis Let me know if this is okay.

I assume we need to backport it to the node 18/20/21 branch as well?

@richardlau richardlau added the lts-watch-v18.x PRs that may need to be released in v18.x. label Oct 17, 2023
@kumarrishav
Copy link
Contributor Author

kumarrishav commented Oct 24, 2023

can we get some eyes on this? kinda blocked on my node.js server application

@kumarrishav
Copy link
Contributor Author

Thanks @jasnell for the approval. I guess I need one more for the merge.

@kumarrishav
Copy link
Contributor Author

can we get some attention on this one? Thanks

@kumarrishav
Copy link
Contributor Author

Can we get some review here? It’s been 3 weeks.

Appreciate your attention on this PR.

Node v18 upgrade for all of our https node.js server is currently on hold and waiting for this .

thank you

Cc @richardlau @mcollina

@nodejs-github-bot

This comment was marked as outdated.

@nodejs-github-bot
Copy link
Collaborator

@kumarrishav
Copy link
Contributor Author

We have 2 approvals now. What should be the next step here? and how to land it in v18.x and further and release the same

@nodejs-github-bot
Copy link
Collaborator

richardlau pushed a commit that referenced this pull request Nov 16, 2023
Set the cipher list and cipher suite before anything else
because @SECLEVEL=<n> changes the security level and
that affects subsequent operations.

Fixes: #36655
Fixes: #49549
Refs: https://github.com/orgs/nodejs/discussions/49634
Refs: https://github.com/orgs/nodejs/discussions/46545
Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
PR-URL: #50186
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Paolo Insogna <[email protected]>
@richardlau
Copy link
Member

Landed in 1e0b75c.

@richardlau richardlau closed this Nov 16, 2023
@richardlau richardlau added the lts-watch-v20.x PRs that may need to be released in v20.x label Nov 16, 2023
@kumarrishav
Copy link
Contributor Author

Thanks @richardlau 🙇

Do i need to do anything here to land it in v18 n v20? Also, when can we expect the release on the v18 version?

@richardlau
Copy link
Member

Thanks @richardlau 🙇

Do i need to do anything here to land it in v18 n v20? Also, when can we expect the release on the v18 version?

Not at this time. We'll let you know (usually if the commit fails to cherry-pick to the staging branches cleanly). Our release policy is that changes need to first be released in a current release (e.g. at this point in time a Node.js 21 release) and then be eligible for inclusion in LTS release lines (e.g. 18) two weeks after that.

targos pushed a commit that referenced this pull request Nov 23, 2023
Set the cipher list and cipher suite before anything else
because @SECLEVEL=<n> changes the security level and
that affects subsequent operations.

Fixes: #36655
Fixes: #49549
Refs: https://github.com/orgs/nodejs/discussions/49634
Refs: https://github.com/orgs/nodejs/discussions/46545
Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
PR-URL: #50186
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Paolo Insogna <[email protected]>
martenrichter pushed a commit to martenrichter/node that referenced this pull request Nov 26, 2023
Set the cipher list and cipher suite before anything else
because @SECLEVEL=<n> changes the security level and
that affects subsequent operations.

Fixes: nodejs#36655
Fixes: nodejs#49549
Refs: https://github.com/orgs/nodejs/discussions/49634
Refs: https://github.com/orgs/nodejs/discussions/46545
Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
PR-URL: nodejs#50186
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Paolo Insogna <[email protected]>
@RafaelGSS RafaelGSS mentioned this pull request Nov 28, 2023
@kumarrishav
Copy link
Contributor Author

@targos When should we land this on v18 and v20 branch?

UlisesGascon pushed a commit that referenced this pull request Dec 11, 2023
Set the cipher list and cipher suite before anything else
because @SECLEVEL=<n> changes the security level and
that affects subsequent operations.

Fixes: #36655
Fixes: #49549
Refs: https://github.com/orgs/nodejs/discussions/49634
Refs: https://github.com/orgs/nodejs/discussions/46545
Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
PR-URL: #50186
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Paolo Insogna <[email protected]>
@UlisesGascon UlisesGascon mentioned this pull request Dec 12, 2023
UlisesGascon pushed a commit that referenced this pull request Dec 19, 2023
Set the cipher list and cipher suite before anything else
because @SECLEVEL=<n> changes the security level and
that affects subsequent operations.

Fixes: #36655
Fixes: #49549
Refs: https://github.com/orgs/nodejs/discussions/49634
Refs: https://github.com/orgs/nodejs/discussions/46545
Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
PR-URL: #50186
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Paolo Insogna <[email protected]>
@kumarrishav
Copy link
Contributor Author

When can we expect it on v18 branch?

@UlisesGascon
Copy link
Member

When can we expect it on v18 branch?

Probably is going to take a while as v18 is in maintenance mode and currently there is no release planned (see) also it might require a decision to be made in order to include it.

Fore Reference:

Maintenance - Critical bug fixes and security updates. New features may be added at the discretion of the LTS team - typically only in cases where the new feature supports migration to later release lines. Release Phases

@kumarrishav
Copy link
Contributor Author

Ok. But this PR is related to bug fix only. Because of this we are unable to migrate to Node 18 and have to use Node 16.

codebytere added a commit to electron/electron that referenced this pull request Jan 16, 2024
This can't be enabled owing to BoringSSL incompatibilities.

nodejs/node#50186
codebytere added a commit to electron/electron that referenced this pull request Jan 16, 2024
This can't be enabled owing to BoringSSL incompatibilities.

nodejs/node#50186
codebytere added a commit to electron/electron that referenced this pull request Jan 18, 2024
This can't be enabled owing to BoringSSL incompatibilities.

nodejs/node#50186
jkleinsc pushed a commit to electron/electron that referenced this pull request Jan 18, 2024
This can't be enabled owing to BoringSSL incompatibilities.

nodejs/node#50186
codebytere added a commit to electron/electron that referenced this pull request Jan 18, 2024
This can't be enabled owing to BoringSSL incompatibilities.

nodejs/node#50186
jkleinsc pushed a commit to electron/electron that referenced this pull request Jan 18, 2024
* chore: bump node in DEPS to v20.11.0

* module: bootstrap module loaders in shadow realm

nodejs/node#48655

* src: add commit hash shorthand in zlib version

nodejs/node#50158

* v8,tools: expose necessary V8 defines

nodejs/node#50820

* esm: do not call getSource when format is commonjs

nodejs/node#50465

* esm: fallback to readFileSync when source is nullish

nodejs/node#50825

* vm: allow dynamic import with a referrer realm

nodejs/node#50360

* test: skip test-diagnostics-channel-memory-leak.js

nodejs/node#50327

* esm: do not call getSource when format is commonjs

nodejs/node#50465

* lib: fix assert throwing different error messages in ESM and CJS

nodejs/node#50634

* src: fix compatility with upcoming V8 12.1 APIs

nodejs/node#50709

* deps: update base64 to 0.5.1

nodejs/node#50629

* src: avoid silent coercion to signed/unsigned int

nodejs/node#50663

* src: fix compatility with upcoming V8 12.1 APIs

nodejs/node#50709

* chore: fix patch indices

* chore: update patches

* test: disable TLS cipher test

This can't be enabled owing to BoringSSL incompatibilities.

nodejs/node#50186

* fix: check for Buffer and global definition in shadow realm

nodejs/node#51239

* test: disable parallel/test-shadow-realm-custom-loader

Incompatible with our asar logic, resulting in the following failure:

> Failed to CompileAndCall electron script: electron/js2c/asar_bundle

* chore: remove deleted parallel/test-crypto-modp1-error test

* test: make test-node-output-v8-warning generic

nodejs/node#50421

* chore: fixup ModuleWrap patch

* test: match wpt/streams/transferable/transform-stream-members.any.js to upstream

* fix: sandbox is not enabled on arm

* chore: disable v8 sandbox on ia32/arm

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <[email protected]>
Co-authored-by: Cheng Zhao <[email protected]>
@richardlau richardlau added backported-to-v20.x PRs backported to the v20.x-staging branch. and removed lts-watch-v20.x PRs that may need to be released in v20.x labels Mar 19, 2024
richardlau pushed a commit that referenced this pull request Mar 19, 2024
Set the cipher list and cipher suite before anything else
because @SECLEVEL=<n> changes the security level and
that affects subsequent operations.

Fixes: #36655
Fixes: #49549
Refs: https://github.com/orgs/nodejs/discussions/49634
Refs: https://github.com/orgs/nodejs/discussions/46545
Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
PR-URL: #50186
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Paolo Insogna <[email protected]>
@richardlau richardlau added backported-to-v18.x PRs backported to the v18.x-staging branch. and removed lts-watch-v18.x PRs that may need to be released in v18.x. labels Mar 19, 2024
@richardlau richardlau mentioned this pull request Mar 20, 2024
jimsynz pushed a commit to jimsynz/cinder-space that referenced this pull request Mar 28, 2024
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `18.19.1` -> `18.20.0` |

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

### [`v18.20.0`](https://github.com/nodejs/node/releases/tag/v18.20.0): 2024-03-26, Version 18.20.0 &#x27;Hydrogen&#x27; (LTS), @&#8203;richardlau

[Compare Source](nodejs/node@v18.19.1...v18.20.0)

##### Notable Changes

##### Added support for import attributes

Support has been added for import attributes, to replace the old import
assertions syntax. This will aid migration by making the new syntax available
across all currently supported Node.js release lines.

This adds the `with` keyword which should be used in place of the previous
`assert` keyword, which will be removed in a future semver-major Node.js
release.

For example,

```console
import "foo" assert { ... }
```

should be replaced with

```console
import "foo" with { ... }
```

For more details, see

-   [#&#8203;50134](nodejs/node#50134)
-   [#&#8203;51622](nodejs/node#51622)

Contributed by Nicolò Ribaudo in [#&#8203;51136](nodejs/node#51136)
and Antoine du Hamel in [#&#8203;50140](nodejs/node#50140).

##### Doc deprecation for `dirent.path`

Please use newly added `dirent.parentPath` instead.

Contributed by Antoine du Hamel in [#&#8203;50976](nodejs/node#50976)
and [#&#8203;51020](nodejs/node#51020).

##### Experimental node-api feature flags

Introduces an experimental feature to segregate finalizers that affect GC state.
A new type called `node_api_nogc_env` has been introduced as the const version
of `napi_env` and `node_api_nogc_finalize` as a variant of `napi_finalize` that
accepts a `node_api_nogc_env` as its first argument.

This feature can be turned off by defining
`NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT`.

Contributed by Gabriel Schulhof in [#&#8203;50060](nodejs/node#50060).

##### Root certificates updated to NSS 3.98

Certificates added:

-   Telekom Security TLS ECC Root 2020
-   Telekom Security TLS RSA Root 2023

Certificates removed:

-   Security Communication Root CA

##### Updated dependencies

-   ada updated to 2.7.6.
-   base64 updated to 0.5.2.
-   c-ares updated to 1.27.0.
-   corepack updated to 0.25.2.
-   ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
-   npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
-   simdutf8 updated to 4.0.8.
-   Timezone updated to 2024a.
-   zlib updated to 1.3.0.1-motley-40e35a7.

##### vm: fix V8 compilation cache support for vm.Script

Previously repeated compilation of the same source code using `vm.Script`
stopped hitting the V8 compilation cache after v16.x when support for
`importModuleDynamically` was added to `vm.Script`, resulting in a performance
regression that blocked users (in particular Jest users) from upgrading from
v16.x.

The recent fixes allow the compilation cache to be hit again
for `vm.Script` when `--experimental-vm-modules` is not used even in the
presence of the `importModuleDynamically` option, so that users affected by the
performance regression can now upgrade. Ongoing work is also being done to
enable compilation cache support for `vm.CompileFunction`.

Contributed by Joyee Cheung in [#&#8203;49950](nodejs/node#49950)
and [#&#8203;50137](nodejs/node#50137).

##### Commits

-   \[[`c70383b8d4`](nodejs/node@c70383b8d4)] - **build**: support Python 3.12 (Shi Pujin) [#&#8203;50209](nodejs/node#50209)
-   \[[`4b960c3a4a`](nodejs/node@4b960c3a4a)] - **build**: fix incorrect g++ warning message (Richard Lau) [#&#8203;51695](nodejs/node#51695)
-   \[[`8fdea67694`](nodejs/node@8fdea67694)] - **crypto**: update root certificates to NSS 3.98 (Node.js GitHub Bot) [#&#8203;51794](nodejs/node#51794)
-   \[[`812b126dd9`](nodejs/node@812b126dd9)] - **deps**: V8: cherry-pick [`d90d453`](nodejs/node@d90d4533b053) (Michaël Zasso) [#&#8203;50077](nodejs/node#50077)
-   \[[`9ab8c3db87`](nodejs/node@9ab8c3db87)] - **deps**: update c-ares to 1.27.0 (Node.js GitHub Bot) [#&#8203;51846](nodejs/node#51846)
-   \[[`c688680387`](nodejs/node@c688680387)] - **deps**: update c-ares to 1.26.0 (Node.js GitHub Bot) [#&#8203;51582](nodejs/node#51582)
-   \[[`9498ac8a47`](nodejs/node@9498ac8a47)] - **deps**: compile c-ares with C11 support (Michaël Zasso) [#&#8203;51410](nodejs/node#51410)
-   \[[`8fb743642f`](nodejs/node@8fb743642f)] - **deps**: update c-ares to 1.25.0 (Node.js GitHub Bot) [#&#8203;51385](nodejs/node#51385)
-   \[[`7bea2d7c12`](nodejs/node@7bea2d7c12)] - **deps**: update zlib to 1.3.0.1-motley-40e35a7 (Node.js GitHub Bot) [#&#8203;51274](nodejs/node#51274)
-   \[[`57a38c8f75`](nodejs/node@57a38c8f75)] - **deps**: update zlib to 1.3.0.1-motley-dd5fc13 (Node.js GitHub Bot) [#&#8203;51105](nodejs/node#51105)
-   \[[`b0ca084a6b`](nodejs/node@b0ca084a6b)] - **deps**: update zlib to 1.3-22124f5 (Node.js GitHub Bot) [#&#8203;50910](nodejs/node#50910)
-   \[[`4b43823f37`](nodejs/node@4b43823f37)] - **deps**: update zlib to 1.2.13.1-motley-5daffc7 (Node.js GitHub Bot) [#&#8203;50803](nodejs/node#50803)
-   \[[`f0da591812`](nodejs/node@f0da591812)] - **deps**: update zlib to 1.2.13.1-motley-dfc48fc (Node.js GitHub Bot) [#&#8203;50456](nodejs/node#50456)
-   \[[`16d28a883a`](nodejs/node@16d28a883a)] - **deps**: update base64 to 0.5.2 (Node.js GitHub Bot) [#&#8203;51455](nodejs/node#51455)
-   \[[`13a9e81cb6`](nodejs/node@13a9e81cb6)] - **deps**: update base64 to 0.5.1 (Node.js GitHub Bot) [#&#8203;50629](nodejs/node#50629)
-   \[[`b4502d3ac5`](nodejs/node@b4502d3ac5)] - **deps**: update simdutf to 4.0.8 (Node.js GitHub Bot) [#&#8203;51000](nodejs/node#51000)
-   \[[`183cf8a74a`](nodejs/node@183cf8a74a)] - **deps**: update simdutf to 4.0.4 (Node.js GitHub Bot) [#&#8203;50772](nodejs/node#50772)
-   \[[`11ba8593ea`](nodejs/node@11ba8593ea)] - **deps**: update ada to 2.7.6 (Node.js GitHub Bot) [#&#8203;51542](nodejs/node#51542)
-   \[[`73a946d55c`](nodejs/node@73a946d55c)] - **deps**: update ada to 2.7.5 (Node.js GitHub Bot) [#&#8203;51542](nodejs/node#51542)
-   \[[`cc434c1a39`](nodejs/node@cc434c1a39)] - **deps**: update ada to 2.7.4 (Node.js GitHub Bot) [#&#8203;50815](nodejs/node#50815)
-   \[[`3a3808a6ae`](nodejs/node@3a3808a6ae)] - **deps**: upgrade npm to 10.5.0 (npm team) [#&#8203;51913](nodejs/node#51913)
-   \[[`c8876d765c`](nodejs/node@c8876d765c)] - **deps**: upgrade npm to 10.3.0 (npm team) [#&#8203;51431](nodejs/node#51431)
-   \[[`5aec3af460`](nodejs/node@5aec3af460)] - **deps**: update corepack to 0.25.2 (Node.js GitHub Bot) [#&#8203;51810](nodejs/node#51810)
-   \[[`a593985326`](nodejs/node@a593985326)] - **deps**: update corepack to 0.24.1 (Node.js GitHub Bot) [#&#8203;51459](nodejs/node#51459)
-   \[[`d1a9237bf5`](nodejs/node@d1a9237bf5)] - **deps**: update corepack to 0.24.0 (Node.js GitHub Bot) [#&#8203;51318](nodejs/node#51318)
-   \[[`adac0c7a63`](nodejs/node@adac0c7a63)] - **deps**: update corepack to 0.23.0 (Node.js GitHub Bot) [#&#8203;50563](nodejs/node#50563)
-   \[[`4a6f83e32a`](nodejs/node@4a6f83e32a)] - **deps**: escape Python strings correctly (Michaël Zasso) [#&#8203;50695](nodejs/node#50695)
-   \[[`c13969e52a`](nodejs/node@c13969e52a)] - **deps**: V8: cherry-pick [`ea996ad`](nodejs/node@ea996ad04a68) (Nicolò Ribaudo) [#&#8203;51136](nodejs/node#51136)
-   \[[`6fbf0ba5c3`](nodejs/node@6fbf0ba5c3)] - **deps**: V8: cherry-pick [`a0fd320`](nodejs/node@a0fd3209dda8) (Nicolò Ribaudo) [#&#8203;51136](nodejs/node#51136)
-   \[[`68fd7516e1`](nodejs/node@68fd7516e1)] - **deps**: update timezone to 2024a (Michaël Zasso) [#&#8203;51723](nodejs/node#51723)
-   \[[`f9b229ebe1`](nodejs/node@f9b229ebe1)] - **deps**: update icu to 74.2 (Michaël Zasso) [#&#8203;51723](nodejs/node#51723)
-   \[[`90c73d2eb4`](nodejs/node@90c73d2eb4)] - **deps**: update timezone to 2023d (Node.js GitHub Bot) [#&#8203;51461](nodejs/node#51461)
-   \[[`2a2bf57028`](nodejs/node@2a2bf57028)] - **deps**: update icu to 74.1 (Node.js GitHub Bot) [#&#8203;50515](nodejs/node#50515)
-   \[[`425e011e52`](nodejs/node@425e011e52)] - **deps**: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) [#&#8203;49874](nodejs/node#49874)
-   \[[`58c70344a2`](nodejs/node@58c70344a2)] - **deps**: V8: cherry-pick [`705e374`](nodejs/node@705e374124ae) (Joyee Cheung) [#&#8203;51004](nodejs/node#51004)
-   \[[`b0e88899e1`](nodejs/node@b0e88899e1)] - **deps**: V8: cherry-pick [`1fada6b`](nodejs/node@1fada6b36f8d) (Joyee Cheung) [#&#8203;51004](nodejs/node#51004)
-   \[[`d87a810b81`](nodejs/node@d87a810b81)] - **deps**: V8: cherry-pick [`3dd9576`](nodejs/node@3dd9576ce336) (Joyee Cheung) [#&#8203;51004](nodejs/node#51004)
-   \[[`6d50966876`](nodejs/node@6d50966876)] - **deps**: V8: cherry-pick [`94e8282`](nodejs/node@94e8282325a1) (Joyee Cheung) [#&#8203;51004](nodejs/node#51004)
-   \[[`fafbacdfec`](nodejs/node@fafbacdfec)] - **deps**: V8: cherry-pick [`9a98f96`](nodejs/node@9a98f96b6d68) (Joyee Cheung) [#&#8203;51004](nodejs/node#51004)
-   \[[`d4a530ed8d`](nodejs/node@d4a530ed8d)] - **deps**: V8: cherry-pick [`7f5daed`](nodejs/node@7f5daed62d47) (Joyee Cheung) [#&#8203;51004](nodejs/node#51004)
-   \[[`1ce901b164`](nodejs/node@1ce901b164)] - **deps**: V8: cherry-pick [`c400af4`](nodejs/node@c400af48b5ef) (Joyee Cheung) [#&#8203;51004](nodejs/node#51004)
-   \[[`f232064f35`](nodejs/node@f232064f35)] - **doc**: fix historical experimental fetch flag (Kenrick) [#&#8203;51506](nodejs/node#51506)
-   \[[`194ff6a40f`](nodejs/node@194ff6a40f)] - **(SEMVER-MINOR)** **doc**: add deprecation notice to `dirent.path` (Antoine du Hamel) [#&#8203;50976](nodejs/node#50976)
-   \[[`0f09267dc6`](nodejs/node@0f09267dc6)] - **(SEMVER-MINOR)** **doc**: deprecate `dirent.path` (Antoine du Hamel) [#&#8203;50976](nodejs/node#50976)
-   \[[`8bfb8f5b2f`](nodejs/node@8bfb8f5b2f)] - **doc,crypto**: further clarify RSA_PKCS1\_PADDING support (Tobias Nießen) [#&#8203;51799](nodejs/node#51799)
-   \[[`c7baf7b274`](nodejs/node@c7baf7b274)] - **doc,crypto**: add changelog and note about disabled RSA_PKCS1\_PADDING (Filip Skokan) [#&#8203;51782](nodejs/node#51782)
-   \[[`a193be3dc2`](nodejs/node@a193be3dc2)] - **esm**: use import attributes instead of import assertions (Antoine du Hamel) [#&#8203;50140](nodejs/node#50140)
-   \[[`26e8f7793e`](nodejs/node@26e8f7793e)] - **(SEMVER-MINOR)** **fs**: introduce `dirent.parentPath` (Antoine du Hamel) [#&#8203;50976](nodejs/node#50976)
-   \[[`5b5e5192f7`](nodejs/node@5b5e5192f7)] - **lib**: fix compileFunction throws range error for negative numbers (Jithil P Ponnan) [#&#8203;49855](nodejs/node#49855)
-   \[[`7552de6806`](nodejs/node@7552de6806)] - **module**: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) [#&#8203;48510](nodejs/node#48510)
-   \[[`2e05cf1c60`](nodejs/node@2e05cf1c60)] - **module**: fix leak of vm.SyntheticModule (Joyee Cheung) [#&#8203;48510](nodejs/node#48510)
-   \[[`a86a2e14a3`](nodejs/node@a86a2e14a3)] - **module**: use symbol in WeakMap to manage host defined options (Joyee Cheung) [#&#8203;48510](nodejs/node#48510)
-   \[[`32906ddcac`](nodejs/node@32906ddcac)] - **node-api**: segregate nogc APIs from rest via type system (Gabriel Schulhof) [#&#8203;50060](nodejs/node#50060)
-   \[[`1aa71c26ff`](nodejs/node@1aa71c26ff)] - **node-api**: factor out common code into macros (Gabriel Schulhof) [#&#8203;50664](nodejs/node#50664)
-   \[[`3d0b233f52`](nodejs/node@3d0b233f52)] - **node-api**: introduce experimental feature flags (Gabriel Schulhof) [#&#8203;50991](nodejs/node#50991)
-   \[[`96514a8b9f`](nodejs/node@96514a8b9f)] - **src**: iterate on import attributes array correctly (Michaël Zasso) [#&#8203;50703](nodejs/node#50703)
-   \[[`2c2892bf88`](nodejs/node@2c2892bf88)] - **src**: set ModuleWrap internal fields only once (Joyee Cheung) [#&#8203;49391](nodejs/node#49391)
-   \[[`ff334cb774`](nodejs/node@ff334cb774)] - **src**: cast v8::Object::GetInternalField() return value to v8::Value (Joyee Cheung) [#&#8203;48943](nodejs/node#48943)
-   \[[`270b519971`](nodejs/node@270b519971)] - **stream**: do not defer construction by one microtick (Matteo Collina) [#&#8203;52005](nodejs/node#52005)
-   \[[`95d7a75084`](nodejs/node@95d7a75084)] - **test**: fix dns test case failures after c-ares update to 1.21.0+ (Brad House) [#&#8203;50743](nodejs/node#50743)
-   \[[`cd613e5167`](nodejs/node@cd613e5167)] - **test**: handle relative https redirect (Richard Lau) [#&#8203;51121](nodejs/node#51121)
-   \[[`40f10eafcf`](nodejs/node@40f10eafcf)] - **test**: fix `internet/test-inspector-help-page` (Richard Lau) [#&#8203;51693](nodejs/node#51693)
-   \[[`5e426511b1`](nodejs/node@5e426511b1)] - **test**: deflake test-vm-contextified-script-leak (Joyee Cheung) [#&#8203;49710](nodejs/node#49710)
-   \[[`0b156c6d28`](nodejs/node@0b156c6d28)] - **test**: use checkIfCollectable in vm leak tests (Joyee Cheung) [#&#8203;49671](nodejs/node#49671)
-   \[[`1586c11b3c`](nodejs/node@1586c11b3c)] - **test**: add checkIfCollectable to test/common/gc.js (Joyee Cheung) [#&#8203;49671](nodejs/node#49671)
-   \[[`902d8b3d4b`](nodejs/node@902d8b3d4b)] - **test**: fix flaky http-chunk-extensions-limit test (Ethan Arrowood) [#&#8203;51943](nodejs/node#51943)
-   \[[`1743d2bdc1`](nodejs/node@1743d2bdc1)] - **test**: test surrogate pair filenames on windows (Mert Can Altın) [#&#8203;51800](nodejs/node#51800)
-   \[[`1c1a7ec22d`](nodejs/node@1c1a7ec22d)] - **test**: increase platform timeout zlib-brotli-16gb (Rafael Gonzaga) [#&#8203;51792](nodejs/node#51792)
-   \[[`931d02fe3e`](nodejs/node@931d02fe3e)] - **test, v8**: fix wrong import attributes test (Nicolò Ribaudo) [#&#8203;52184](nodejs/node#52184)
-   \[[`d9ea6c1f8d`](nodejs/node@d9ea6c1f8d)] - **tls**: fix order of setting cipher before setting cert and key (Kumar Rishav) [#&#8203;50186](nodejs/node#50186)
-   \[[`3184befa2e`](nodejs/node@3184befa2e)] - **tools**: fix update-icu.sh (Michaël Zasso) [#&#8203;51723](nodejs/node#51723)
-   \[[`06646e11be`](nodejs/node@06646e11be)] - **(SEMVER-MINOR)** **vm**: use import attributes instead of import assertions (Antoine du Hamel) [#&#8203;50141](nodejs/node#50141)
-   \[[`fe66e9d06e`](nodejs/node@fe66e9d06e)] - **vm**: reject in importModuleDynamically without --experimental-vm-modules (Joyee Cheung) [#&#8203;50137](nodejs/node#50137)
-   \[[`052e095c6b`](nodejs/node@052e095c6b)] - **vm**: use internal versions of compileFunction and Script (Joyee Cheung) [#&#8203;50137](nodejs/node#50137)
-   \[[`9f7899ed0a`](nodejs/node@9f7899ed0a)] - **vm**: unify host-defined option generation in vm.compileFunction (Joyee Cheung) [#&#8203;50137](nodejs/node#50137)
-   \[[`6291c107d0`](nodejs/node@6291c107d0)] - **vm**: use default HDO when importModuleDynamically is not set (Joyee Cheung) [#&#8203;49950](nodejs/node#49950)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIwLjAuMC1zZW1hbnRpYy1yZWxlYXNlIiwidXBkYXRlZEluVmVyIjoiMC4wLjAtc2VtYW50aWMtcmVsZWFzZSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Reviewed-on: https://harton.dev/cinder/cinder-space/pulls/25
Co-authored-by: Renovate Bot <[email protected]>
Co-committed-by: Renovate Bot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backported-to-v18.x PRs backported to the v18.x-staging branch. backported-to-v20.x PRs backported to the v20.x-staging branch. commit-queue-failed An error occurred while landing this pull request using GitHub Actions. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. needs-ci PRs that need a full CI run. tls Issues and PRs related to the tls subsystem.
Projects
None yet
7 participants