chore: bump node to v16.9.0 (main) (#30867)

Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>

DEPS

@@ -17,7 +17,7 @@ vars = {
   'chromium_version':
     '95.0.4629.0',
   'node_version':
-    'v16.8.0',
+    'v16.9.0',
   'nan_version':
     # The following commit hash of NAN is v2.14.2 with *only* changes to the
     # test suite. This should be updated to a specific tag when one becomes

patches/boringssl/.patches

@@ -2,3 +2,4 @@ expose_ripemd160.patch
 expose_aes-cfb.patch
 expose_des-ede3.patch
 fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch
+add_maskhash_to_rsa_pss_params_st_for_compat.patch

patches/boringssl/add_maskhash_to_rsa_pss_params_st_for_compat.patch

@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shelley Vohr <shelley.vohr@gmail.com>
+Date: Wed, 8 Sep 2021 10:59:51 +0200
+Subject: Add maskHash to rsa_pss_params_st for compat
+
+This CL adds a maskHash member to the rsa_pss_params_st struct for
+increased compatibility with OpenSSL.
+
+Node.js recently began to make use of this member in
+https://github.com/nodejs/node/pull/39851
+and without this member Electron sees compilation errors.
+
+Upstreamed at https://boringssl-review.googlesource.com/c/boringssl/+/49365
+
+diff --git a/include/openssl/x509.h b/include/openssl/x509.h
+index fa333ca057dd8e90a3e38c51db6269815de7b85f..0f4a6d79514739fb4c719f9e5b41db364e775417 100644
+--- a/include/openssl/x509.h
++++ b/include/openssl/x509.h
+@@ -1949,6 +1949,7 @@ typedef struct rsa_pss_params_st {
+   X509_ALGOR *maskGenAlgorithm;
+   ASN1_INTEGER *saltLength;
+   ASN1_INTEGER *trailerField;
++  X509_ALGOR *maskHash;
+ } RSA_PSS_PARAMS;
+ 
+ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)

patches/node/.patches

@@ -21,9 +21,7 @@ fix_allow_preventing_initializeinspector_in_env.patch
 src_allow_embedders_to_provide_a_custom_pageallocator_to.patch
 fix_crypto_tests_to_run_with_bssl.patch
 fix_account_for_debugger_agent_race_condition.patch
-fix_use_new_v8_error_message_property_access_format.patch
 add_should_read_node_options_from_env_option_to_disable_node_options.patch
 repl_fix_crash_when_sharedarraybuffer_disabled.patch
 fix_readbarrier_undefined_symbol_error_on_woa_arm64.patch
-src_remove_extra_semicolons_outside_fns.patch
 fix_-wunreachable-code-return.patch

patches/node/add_should_read_node_options_from_env_option_to_disable_node_options.patch

@@ -21,10 +21,10 @@ index 1cc7da1ce15f43905ce607adcc1a23ed9d92948a..16af6aec3791df1363682f1ed024c522
                           Isolate* isolate,
                           const std::vector<std::string>& args,
 diff --git a/src/env.h b/src/env.h
-index 33f34ed79452b004b5fb40e70cda6e3d0ee2d1e2..e729ff349931b512052ad3557c62af6808b36c38 100644
+index b38a69fc06a189569524df767dbbbe5c1985aa20..6b22cc4aaaf59d309d1bcebfbb3710ceeafd13e6 100644
 --- a/src/env.h
 +++ b/src/env.h
-@@ -1142,6 +1142,8 @@ class Environment : public MemoryRetainer {
+@@ -1145,6 +1145,8 @@ class Environment : public MemoryRetainer {
    inline double trigger_async_id();
    inline double get_default_trigger_async_id();
  

patches/node/build_add_gn_build_files.patch

@@ -968,10 +968,10 @@ index 0000000000000000000000000000000000000000..2c9d2826c85bdd033f1df1d6188df636
 +}
 diff --git a/filenames.json b/filenames.json
 new file mode 100644
-index 0000000000000000000000000000000000000000..42ae2a31b79f0b5d04d9794416364d14bffdce84
+index 0000000000000000000000000000000000000000..c0b0624028fddb4f7b409f42b357fdc404d810f3
 --- /dev/null
 +++ b/filenames.json
-@@ -0,0 +1,602 @@
+@@ -0,0 +1,603 @@
 +// This file is automatically generated by generate_gn_filenames_json.py
 +// DO NOT EDIT
 +{
@@ -1250,6 +1250,7 @@ index 0000000000000000000000000000000000000000..42ae2a31b79f0b5d04d9794416364d14
 +    "lib/internal/util/inspect.js",
 +    "lib/internal/util/iterable_weak_map.js",
 +    "lib/internal/streams/add-abort-signal.js",
++    "lib/internal/streams/compose.js",
 +    "lib/internal/streams/duplexify.js",
 +    "lib/internal/streams/destroy.js",
 +    "lib/internal/streams/legacy.js",
@@ -1780,7 +1781,7 @@ index 0000000000000000000000000000000000000000..d1d6b51e8c0c5bc6a5d09e217eb30483
 +  args = rebase_path(inputs + outputs, root_build_dir)
 +}
 diff --git a/src/node_version.h b/src/node_version.h
-index fc09960e70b4999635889615f584588ed1ca76d5..9b4de7c6015a700206c331c0c083e4aec200c939 100644
+index 0d3c9376bcdcdd19c4bb7f75d55edb59b2365763..b9cf999c2387cf47ae0df79fb4a0a726dd2f0143 100644
 --- a/src/node_version.h
 +++ b/src/node_version.h
 @@ -89,7 +89,10 @@
@@ -1924,10 +1925,10 @@ index 0000000000000000000000000000000000000000..3088ae4bdf814ae255c9805ebd393b2e
 +
 +  out_file.writelines(new_contents)
 diff --git a/tools/install.py b/tools/install.py
-index 24cf51e73199e60b4c24700e1074fe9bd0a399e6..195f231c76b87dd9d06824df80a3f06ee07d8dc8 100755
+index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..1256a61024e27506ae14405abc37d0a11f83fc64 100755
 --- a/tools/install.py
 +++ b/tools/install.py
-@@ -159,17 +159,71 @@ def files(action):
+@@ -170,17 +170,71 @@ def files(action):
  def headers(action):
    def wanted_v8_headers(files_arg, dest):
      v8_headers = [
@@ -2009,7 +2010,7 @@ index 24cf51e73199e60b4c24700e1074fe9bd0a399e6..195f231c76b87dd9d06824df80a3f06e
      files_arg = [name for name in files_arg if name in v8_headers]
      action(files_arg, dest)
  
-@@ -190,7 +244,7 @@ def headers(action):
+@@ -201,7 +255,7 @@ def headers(action):
    if sys.platform.startswith('aix'):
      action(['out/Release/node.exp'], 'include/node/')
  

patches/node/enable_31_bit_smis_on_64bit_arch_and_ptr_compression.patch

@@ -8,7 +8,7 @@ node modules will have different (wrong) ideas about how v8 structs are laid
 out in memory on 64-bit machines, and will summarily fail to work.
 
 diff --git a/common.gypi b/common.gypi
-index f1f921f92ed4d504f2cf41bded1821def565c9a3..9525a6639f084136ed25c9b1790a00a461f24b11 100644
+index 03f8adb56c7b9e7e0f6c5a9316d7555eec5c6d71..1abaf07de629a269d95c10dd7bcb3b3e6aec318e 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -64,7 +64,7 @@

patches/node/fix_-wunreachable-code-return.patch

@@ -5,6 +5,8 @@ Subject: fix: -Wunreachable-code-return
 
 Should be upstreamed.
 
+Upstreamed in https://github.com/nodejs/node/pull/40034.
+
 diff --git a/src/inspector_agent.cc b/src/inspector_agent.cc
 index 612ce2b78b41badccbbce0616dffd86de042738f..c4a3322c6d972fc2052af75b79389c522924d9c5 100644
 --- a/src/inspector_agent.cc

patches/node/fix_add_default_values_for_variables_in_common_gypi.patch

@@ -7,7 +7,7 @@ common.gypi is a file that's included in the node header bundle, despite
 the fact that we do not build node with gyp.
 
 diff --git a/common.gypi b/common.gypi
-index 8db2c0dec6ecfef968a945b570fdbd77ee62bdb8..f1f921f92ed4d504f2cf41bded1821def565c9a3 100644
+index 0f8999f407999451ecf5989b8504caf8eac7e9cf..03f8adb56c7b9e7e0f6c5a9316d7555eec5c6d71 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -81,6 +81,23 @@

patches/node/fix_add_v8_enable_reverse_jsargs_defines_in_common_gypi.patch

@@ -6,7 +6,7 @@ Subject: fix: add v8_enable_reverse_jsargs defines in common.gypi
 This can be removed once node upgrades V8 and inevitably has to do this exact same thing.  Also hi node people if you are looking at this.
 
 diff --git a/common.gypi b/common.gypi
-index 9525a6639f084136ed25c9b1790a00a461f24b11..7c3fb852e1eb0e4382b25e6406c7d6514cf4fd21 100644
+index 1abaf07de629a269d95c10dd7bcb3b3e6aec318e..1fa4d367840c817dbb9310cd0c7a9cc022e7dd61 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -65,6 +65,7 @@

patches/node/fix_allow_preventing_initializeinspector_in_env.patch

@@ -51,10 +51,10 @@ index 061897d95d8b5f61968c59260e609d7be724b88f..7c7ee3207089bf3e51db646a367bdd6d
    return emit_filehandle_warning_;
  }
 diff --git a/src/env.h b/src/env.h
-index 8760bc4361f199a2e3471c4ca435f8e178c78e7e..33f34ed79452b004b5fb40e70cda6e3d0ee2d1e2 100644
+index 4fd5be8e15029b65d61982aa32eba2cd27957fce..b38a69fc06a189569524df767dbbbe5c1985aa20 100644
 --- a/src/env.h
 +++ b/src/env.h
-@@ -1199,6 +1199,7 @@ class Environment : public MemoryRetainer {
+@@ -1202,6 +1202,7 @@ class Environment : public MemoryRetainer {
    inline bool owns_inspector() const;
    inline bool tracks_unmanaged_fds() const;
    inline bool hide_console_windows() const;

patches/node/fix_crypto_tests_to_run_with_bssl.patch

@@ -489,7 +489,7 @@ index af2146982c7a3bf7bd7527f44e4b17a3b605026e..f6b91f675cfea367c608892dee078b56
    // Non-XOF hash functions should accept valid outputLength options as well.
    assert.strictEqual(crypto.createHash('sha224', { outputLength: 28 })
 diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
-index aa03a0379a291a4632b68d428d4e1875d60166a3..a6862ace1fa73473b406fe4513b9e7a99296d365 100644
+index c2c47a9ce72f124c78f2743cf88ccd96d714fa1b..fcdbad0262fa1dd8a7858f255d0e5e45a470f72a 100644
 --- a/test/parallel/test-crypto-key-objects.js
 +++ b/test/parallel/test-crypto-key-objects.js
 @@ -307,11 +307,11 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
@@ -572,7 +572,7 @@ index aa03a0379a291a4632b68d428d4e1875d60166a3..a6862ace1fa73473b406fe4513b9e7a9
  {
    // Test RSA-PSS.
    {
-@@ -715,7 +717,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -767,7 +769,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
      }
    }
  }
@@ -582,7 +582,7 @@ index aa03a0379a291a4632b68d428d4e1875d60166a3..a6862ace1fa73473b406fe4513b9e7a9
    // Exporting an encrypted private key requires a cipher
    const privateKey = createPrivateKey(privatePem);
 diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js
-index ed5986e6bfd4211a1cc22fa94aaf68fc1013133f..08986a6793a39b275277c8bf188316f669a53c63 100644
+index 09d43317426e712f60d4eba380cd4e044e3f3cf8..43c274b96fbb1c4d8398e2d32b625da21e85d6a6 100644
 --- a/test/parallel/test-crypto-keygen.js
 +++ b/test/parallel/test-crypto-keygen.js
 @@ -297,6 +297,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
@@ -593,97 +593,116 @@ index ed5986e6bfd4211a1cc22fa94aaf68fc1013133f..08986a6793a39b275277c8bf188316f6
  {
    // Test RSA-PSS.
    generateKeyPair('rsa-pss', {
-@@ -339,7 +340,9 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -345,7 +346,9 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
      testSignVerify(publicKey, privateKey);
    }));
  }
 +*/
  
++/*
+ {
+   // 'rsa-pss' should not add a RSASSA-PSS-params sequence by default.
+   // Regression test for: https://github.com/nodejs/node/issues/39936
+@@ -368,7 +371,9 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+     assert.strictEqual(spki[3], 11, spki.toString('hex'));
+   }));
+ }
++*/
+ 
 +/*
  {
    const privateKeyEncoding = {
      type: 'pkcs8',
-@@ -409,6 +412,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -417,6 +422,9 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+     });
+   }));
+ }
++*/
++
++/*
+ {
+   // Test async DSA key object generation.
+   generateKeyPair('dsa', {
+@@ -438,7 +446,9 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
      });
    }));
  }
 +*/
  
++/*
  {
    // Test async elliptic curve key generation, e.g. for ECDSA, with a SEC1
-@@ -433,6 +437,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+   // private key.
-     testSignVerify(publicKey, privateKey);
+@@ -552,8 +562,10 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
-   }));
- 
-+  /*
-   // Test async elliptic curve key generation, e.g. for ECDSA, with a SEC1
-   // private key with paramEncoding explicit.
-   generateKeyPair('ec', {
-@@ -454,6 +459,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
- 
-     testSignVerify(publicKey, privateKey);
-   }));
-+  */
- 
-   // Do the same with an encrypted private key.
-   generateKeyPair('ec', {
-@@ -489,6 +495,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
      testSignVerify(publicKey, { key: privateKey, passphrase: 'secret' });
    }));
- 
-+  /*
-   // Do the same with an encrypted private key with paramEncoding explicit.
-   generateKeyPair('ec', {
-     namedCurve: 'prime256v1',
-@@ -522,6 +529,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
- 
-     testSignVerify(publicKey, { key: privateKey, passphrase: 'secret' });
-   }));
-+  */
  }
++*/
  
  {
-@@ -562,6 +570,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
-     });
-   }));
- 
 +  /*
    // Test async elliptic curve key generation, e.g. for ECDSA, with an encrypted
-   // private key with paramEncoding explicit.
+   // private key.
    generateKeyPair('ec', {
-@@ -686,6 +695,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -590,9 +602,11 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
-       }
+       passphrase: 'top secret'
-     }
+     });
-   });
+   }));
 +  */
- }
  
- // Test invalid parameter encoding.
+   // Test async elliptic curve key generation, e.g. for ECDSA, with an encrypted
-@@ -709,6 +719,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+   // private key with paramEncoding explicit.
++  /*
+   generateKeyPair('ec', {
+     namedCurve: 'P-256',
+     paramEncoding: 'explicit',
+@@ -627,15 +641,16 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+       passphrase: 'top secret'
+     });
+   }));
++  */
+ 
+   // Test async elliptic curve key generation with 'jwk' encoding
+   [
+-    ['ec', ['P-384', 'P-256', 'P-521', 'secp256k1']],
++  ['ec', ['P-384', 'P-256', 'P-521', /*'secp256k1'*/]],
+     ['rsa'],
+     ['ed25519'],
+-    ['ed448'],
++    // ['ed448'],
+     ['x25519'],
+-    ['x448'],
++    // ['x448'],
+   ].forEach((types) => {
+     const [type, options] = types;
+     switch (type) {
+@@ -738,6 +753,8 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
      message: "The property 'options.paramEncoding' is invalid. " +
        "Received 'otherEncoding'"
    });
++
 +  /*
    assert.throws(() => generateKeyPairSync('dsa', {
      modulusLength: 4096,
      publicKeyEncoding: {
-@@ -722,6 +733,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -751,6 +768,8 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
      code: 'ERR_CRYPTO_JWK_UNSUPPORTED_KEY_TYPE',
      message: 'Unsupported JWK Key Type.'
    });
 +  */
++
    assert.throws(() => generateKeyPairSync('ec', {
      namedCurve: 'secp224r1',
      publicKeyEncoding: {
-@@ -1060,6 +1072,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -1089,6 +1108,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
    }
  }
  
-+  /*
++/*
  // Test DSA parameters.
  {
    // Test invalid modulus lengths.
-@@ -1087,6 +1100,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -1116,6 +1136,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
      });
    }
  }
@@ -691,7 +710,7 @@ index ed5986e6bfd4211a1cc22fa94aaf68fc1013133f..08986a6793a39b275277c8bf188316f6
  
  // Test EC parameters.
  {
-@@ -1131,13 +1145,13 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -1160,13 +1181,13 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
    }));
  
    generateKeyPair('ec', {
@@ -708,7 +727,7 @@ index ed5986e6bfd4211a1cc22fa94aaf68fc1013133f..08986a6793a39b275277c8bf188316f6
      });
    }));
  }
-@@ -1145,7 +1159,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -1174,7 +1195,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
  // Test EdDSA key generation.
  {
    if (!/^1\.1\.0/.test(process.versions.openssl)) {
@@ -717,7 +736,7 @@ index ed5986e6bfd4211a1cc22fa94aaf68fc1013133f..08986a6793a39b275277c8bf188316f6
        generateKeyPair(keyType, common.mustSucceed((publicKey, privateKey) => {
          assert.strictEqual(publicKey.type, 'public');
          assert.strictEqual(publicKey.asymmetricKeyType, keyType);
-@@ -1159,6 +1173,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -1188,6 +1209,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
    }
  }
  
@@ -725,7 +744,7 @@ index ed5986e6bfd4211a1cc22fa94aaf68fc1013133f..08986a6793a39b275277c8bf188316f6
  // Test classic Diffie-Hellman key generation.
  {
    generateKeyPair('dh', {
-@@ -1271,6 +1286,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
+@@ -1300,6 +1322,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
      });
    }
  }
@@ -733,7 +752,7 @@ index ed5986e6bfd4211a1cc22fa94aaf68fc1013133f..08986a6793a39b275277c8bf188316f6
  
  // Test invalid key encoding types.
  {
-@@ -1471,6 +1487,7 @@ if (!common.hasOpenSSL3) {
+@@ -1500,6 +1523,7 @@ if (!common.hasOpenSSL3) {
      }, common.mustSucceed((publicKey, privateKey) => {
        assert.strictEqual(publicKey.type, 'public');
  
@@ -741,7 +760,7 @@ index ed5986e6bfd4211a1cc22fa94aaf68fc1013133f..08986a6793a39b275277c8bf188316f6
        for (const passphrase of ['', Buffer.alloc(0)]) {
          const privateKeyObject = createPrivateKey({
            passphrase,
-@@ -1478,6 +1495,7 @@ if (!common.hasOpenSSL3) {
+@@ -1507,6 +1531,7 @@ if (!common.hasOpenSSL3) {
          });
          assert.strictEqual(privateKeyObject.asymmetricKeyType, 'rsa');
        }
@@ -851,7 +870,7 @@ index 9afcb38616dafd6da1ab7b5843d68f4f796ca9a6..00d3381056a5a40c549f06d74c130149
  }
 +*/
 diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
-index 444135538ccff8a705806941843717be954ed143..fe07bbbf0b18ae4ff344cb972600d5ee3bd8ede3 100644
+index 6893f0c0e6d49a8e171ec9f156f74656dab9fd06..4c8ccd10e0dcd64669cccca1e8c2e5279d683595 100644
 --- a/test/parallel/test-crypto-sign-verify.js
 +++ b/test/parallel/test-crypto-sign-verify.js
 @@ -29,6 +29,7 @@ const keySize = 2048;
@@ -1220,6 +1239,23 @@ index 151eebd36c9765df086a020ba42920b2442b1b77..efe97ff2499cba909ac5500d827364fa
      });
  }
  
+diff --git a/test/parallel/test-webcrypto-export-import-rsa.js b/test/parallel/test-webcrypto-export-import-rsa.js
+index 04cf6388fc739d3eab0a8d47857590c7a9b84342..d111e697db652b98dd8a9eb7869b1a98ba6bca79 100644
+--- a/test/parallel/test-webcrypto-export-import-rsa.js
++++ b/test/parallel/test-webcrypto-export-import-rsa.js
+@@ -480,6 +480,7 @@ const testVectors = [
+   await Promise.all(variations);
+ })().then(common.mustCall());
+ 
++/*
+ {
+   const publicPem = fixtures.readKey('rsa_pss_public_2048.pem', 'ascii');
+   const privatePem = fixtures.readKey('rsa_pss_private_2048.pem', 'ascii');
+@@ -521,3 +522,4 @@ const testVectors = [
+     assert.strictEqual(jwk.alg, 'PS256');
+   })().then(common.mustCall());
+ }
++*/
 diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
 index 1094845c73e14313860ad476fb7baba2a11b5af4..51972b4b34b191ac59145889dbf2da5c0d407dbe 100644
 --- a/test/parallel/test-webcrypto-wrap-unwrap.js

patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch

@@ -221,8 +221,37 @@ index 7cb4513f9ad0eaadd055b169520ae1e5073b7e2d..50a6663966cdb147a702df21240fa449
    if (!params->prime) {
      THROW_ERR_CRYPTO_OPERATION_FAILED(env, "could not generate prime");
      return Nothing<bool>();
+diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc
+index 1bbf9a1753e4e2d82c55c4187489c22867d1d9bb..585af1674e129dc4d1c918d29fe9915bac8b4163 100644
+--- a/src/crypto/crypto_rsa.cc
++++ b/src/crypto/crypto_rsa.cc
+@@ -566,7 +566,7 @@ Maybe<bool> GetRsaKeyDetail(
+     // In that case, RSA_get0_pss_params does not return nullptr but all fields
+     // of the returned RSA_PSS_PARAMS will be set to nullptr.
+ 
+-    const RSA_PSS_PARAMS* params = RSA_get0_pss_params(rsa);
++    const RSA_PSS_PARAMS* params = nullptr; // RSA_get0_pss_params(rsa);
+     if (params != nullptr) {
+       int hash_nid = NID_sha1;
+       int mgf_nid = NID_mgf1;
+@@ -607,10 +607,11 @@ Maybe<bool> GetRsaKeyDetail(
+       }
+ 
+       if (params->saltLength != nullptr) {
+-        if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) {
+-          ThrowCryptoError(env, ERR_get_error(), "ASN1_INTEGER_get_in64 error");
+-          return Nothing<bool>();
+-        }
++        // TODO(codebytere): Upstream a shim to BoringSSL?
++        // if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) {
++        //   ThrowCryptoError(env, ERR_get_error(), "ASN1_INTEGER_get_in64 error");
++        //   return Nothing<bool>();
++        // }
+       }
+ 
+       if (target
 diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc
-index 7b113a8dcb06b0b0e1329ce0daf7305598ea6545..b04e53a7f24885ffb6639430988d0ffb524b028e 100644
+index 7846df17ffbe8b5ea3a685c46f73b5d28ad64b1f..2bf12b8b4a7e16adf9c1f58d72ae4f59a0b2b2a4 100644
 --- a/src/crypto/crypto_sig.cc
 +++ b/src/crypto/crypto_sig.cc
 @@ -110,7 +110,7 @@ unsigned int GetBytesOfRS(const ManagedEVPPKey& pkey) {

patches/node/fix_use_new_v8_error_message_property_access_format.patch

@@ -1,26 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <shelley.vohr@gmail.com>
-Date: Wed, 14 Jul 2021 21:09:22 -0700
-Subject: fix: use new V8 error message property access format
-
-Refs changes in https://chromium-review.googlesource.com/c/v8/v8/+/3013935
-
-This patch can be removed when Node.js updates to a version of V8
-which contains the above CL.
-
-diff --git a/test/parallel/test-fs-read.js b/test/parallel/test-fs-read.js
-index 5c9e59795fc39f871748d5971453e3b6e2238b6b..16cae5486671e3ee60be77d986b25805649798c7 100644
---- a/test/parallel/test-fs-read.js
-+++ b/test/parallel/test-fs-read.js
-@@ -80,7 +80,10 @@ assert.throws(
- 
- assert.throws(
-   () => fs.read(fd, { buffer: null }, common.mustNotCall()),
--  /TypeError: Cannot read property 'byteLength' of null/,
-+  {
-+    name: 'TypeError',
-+    message: 'Cannot read properties of null (reading \'byteLength\')'
-+  },
-   'throws when options.buffer is null'
- );
- 

patches/node/repl_fix_crash_when_sharedarraybuffer_disabled.patch

@@ -48,10 +48,10 @@ index 71a07a63a3636ab211746004ebab24a0058b08fc..e3ce67987ee3185a93750ebad72beab3
        if (currentCounter === lastCounter)
          return cachedCwd;
 diff --git a/lib/internal/worker.js b/lib/internal/worker.js
-index 931bce0c518fc3355a9f94a7760556b6f0b75b96..99baa3e7f747bb3b351cb13c6ed512f2bb88812a 100644
+index d59399bfefed10f85e0adac7ef9fefc0cb1ae67c..ad70afa311d0a0418d788920b42259f94c283006 100644
 --- a/lib/internal/worker.js
 +++ b/lib/internal/worker.js
-@@ -92,7 +92,8 @@ let cwdCounter;
+@@ -91,7 +91,8 @@ let cwdCounter;
  
  const environmentData = new SafeMap();
  

patches/node/src_remove_extra_semicolons_outside_fns.patch

@@ -1,21 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <shelley.vohr@gmail.com>
-Date: Wed, 18 Aug 2021 18:06:28 +0200
-Subject: src: remove extra semicolons outside fns
-
-Fixes several -Wc++98-compat-extra-semi issues.
-
-Upstreamed at https://github.com/nodejs/node/pull/39800.
-
-diff --git a/src/node_blob.cc b/src/node_blob.cc
-index c583d5e0a93791ae5ca42e3a6474790b7a43f824..4643da4c17496c7bc16bcde4b481e17f6f7de185 100644
---- a/src/node_blob.cc
-+++ b/src/node_blob.cc
-@@ -497,5 +497,5 @@ void Blob::RegisterExternalReferences(ExternalReferenceRegistry* registry) {
- 
- }  // namespace node
- 
--NODE_MODULE_CONTEXT_AWARE_INTERNAL(blob, node::Blob::Initialize);
--NODE_MODULE_EXTERNAL_REFERENCE(blob, node::Blob::RegisterExternalReferences);
-+NODE_MODULE_CONTEXT_AWARE_INTERNAL(blob, node::Blob::Initialize)
-+NODE_MODULE_EXTERNAL_REFERENCE(blob, node::Blob::RegisterExternalReferences)