Skip to content

crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports #57450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 16, 2025
Merged

crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports #57450

merged 1 commit into from
Mar 16, 2025

Conversation

panva
Copy link
Member

@panva panva commented Mar 13, 2025
edited
Loading

While working on SHA-3 addition to webcrypto and updating the test suite I noticed that RSA import JWK "alg" values were forced to e.g. PS256 (depending on the digest) even for RSA-OAEP and RSASSA-PKCS1-v1_5 algorithms which should be rejected.

While debugging this I noticed that

  1. the expected JWK "alg" prefix (RS, PS, RSA-OAEP) is not checked at all; and after fixing that by using the right normalizeHashName context that;
  2. the JWK "alg" is not checked as a case-sensitive value

In this PR I made the following changes:

  • normalizeHashName is now case sensitive (as the need for its lowercasing went away when I've implemented the proper WebCryptoAPI normalize algorithm routine in crypto: use WebIDL converters in WebCryptoAPI #46067)
  • RSA JWK alg check uses the right RSA algorithm type context

I've updated tests to

  • use the expected "alg" value on valid tests
  • added tests checking for a rejection when alg mismatch happens (e.g. alg: PS256 instead of RS256 on RSASSA-PKCS1-v1_5 algorithm)
  • added tests checking for a rejection when alg values were lowercased

You can verify the prior bugged behaviour with the following script

Details 
const jwk = {
  kty: 'RSA',
  n:
    'zZn4sRGfjQos56yL_Qy1R9NI-THMnFynn94g5RxA6wGrJh4BJT3x6I9x0IbpS3q-d' +
    '4ORA6R2vuDMh8dDFRr9RDH6XY-gUScc9U5Jz3UA2KmVfsCbnUPvcAmMV_ENA7_TF0' +
    'ivVjuIFodyDTx7EKHNVTrHHSlrbt7spbmcivs23Zc',
  e: 'AQAB',
};

const results = await Promise.allSettled([
  crypto.subtle.importKey(
    'jwk',
    {
      ...jwk,
      alg: 'RS256', // RS256 is not a valid alg value for RSA-PSS
    },
    {
      name: 'RSA-PSS',
      hash: 'SHA-256',
    },
    false,
    ['verify']
  ),
  crypto.subtle.importKey(
    'jwk',
    {
      ...jwk,
      alg: 'ps256', // alg values are case-sensitive
    },
    {
      name: 'RSA-PSS',
      hash: 'SHA-256',
    },
    false,
    ['verify']
  ),
]);

results.forEach((result, i) => {
  if (result.status === 'rejected') {
    console.log('vector', i, 'correctly rejected with', result.reason.name);
  } else {
    console.log('vector', i, 'missing expected rejection');
  }
});

@panva panva added confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem. webcrypto labels Mar 13, 2025
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added the needs-ci PRs that need a full CI run. label Mar 13, 2025
@panva panva added web-standards Issues and PRs related to Web APIs needs-ci PRs that need a full CI run. and removed needs-ci PRs that need a full CI run. labels Mar 13, 2025
@codecov Codecov
Copy link

codecov bot commented Mar 13, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.21%. Comparing base (3329efe) to head (131cf21).
Report is 27 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #57450   +/-   ##
=======================================
  Coverage   90.20%   90.21%           
=======================================
  Files         629      629           
  Lines      184948   184947    -1     
  Branches    36204    36214   +10     
=======================================
+ Hits       166837   166853   +16     
+ Misses      11057    11048    -9     
+ Partials     7054     7046    -8
Files with missing lines Coverage Δ
lib/internal/crypto/hashnames.js 100.00% <100.00%> (+2.38%) ⬆️
lib/internal/crypto/rsa.js 92.14% <100.00%> (+0.08%) ⬆️

... and 35 files with indirect coverage changes

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Mar 14, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 14, 2025
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/65758/

@panva
Copy link
Member Author

panva commented Mar 16, 2025

cc @nodejs/web-standards

@panva panva added the commit-queue Add this label to land a pull request using GitHub Actions. label Mar 16, 2025
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Mar 16, 2025
@nodejs-github-bot nodejs-github-bot merged commit 0cfc471 into nodejs:main Mar 16, 2025
87 checks passed
@nodejs-github-bot
Copy link
Collaborator

Landed in 0cfc471

@panva panva deleted the fix-webcrypto-jwk-import-alg-checks branch March 16, 2025 15:39
aduh95 pushed a commit that referenced this pull request Mar 23, 2025
@panva @aduh95
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
cc42ee8 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
@github-actions github-actions bot mentioned this pull request Mar 30, 2025
Merged
RafaelGSS pushed a commit that referenced this pull request Apr 1, 2025
@panva @RafaelGSS
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
330fcbd 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
RafaelGSS pushed a commit that referenced this pull request Apr 1, 2025
@panva @RafaelGSS
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
4a727be 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
@RafaelGSS RafaelGSS mentioned this pull request Apr 8, 2025
Open
RafaelGSS pushed a commit to RafaelGSS/node that referenced this pull request Apr 8, 2025
@panva @RafaelGSS
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
f74e053 
PR-URL: nodejs#57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
@aduh95 aduh95 mentioned this pull request Apr 11, 2025
Merged
RafaelGSS pushed a commit that referenced this pull request Apr 14, 2025
@panva @RafaelGSS
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
2efd541 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
RafaelGSS pushed a commit that referenced this pull request Apr 14, 2025
@panva @RafaelGSS
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
3fa9e90 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
aduh95 pushed a commit that referenced this pull request Apr 14, 2025
@panva @aduh95
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
e68b4c1 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
aduh95 pushed a commit that referenced this pull request Apr 14, 2025
@panva @aduh95
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
36e4be2 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
aduh95 pushed a commit that referenced this pull request Apr 15, 2025
@panva @aduh95
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
fdad1ae 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
RafaelGSS pushed a commit that referenced this pull request Apr 16, 2025
@panva @RafaelGSS
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
f277c96 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
RafaelGSS pushed a commit that referenced this pull request Apr 17, 2025
@panva @RafaelGSS
crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports
ada572b 
PR-URL: #57450
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Apr 20, 2025
@tmeijn
build(deps): update node to v23.11.0
e073dc8 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `23.10.0` -> `23.11.0` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

### [`v23.11.0`](https://github.com/nodejs/node/releases/tag/v23.11.0): 2025-04-01, Version 23.11.0 (Current), @&#8203;aduh95

[Compare Source](nodejs/node@v23.10.0...v23.11.0)

##### Notable Changes

-   \[[`64b086740a`](nodejs/node@64b086740a)] - **(SEMVER-MINOR)** **assert**: implement partial error comparison (Ruben Bridgewater) [#&#8203;57370](nodejs/node#57370)
-   \[[`053cef70e0`](nodejs/node@053cef70e0)] - **(SEMVER-MINOR)** **crypto**: add optional callback to `crypto.diffieHellman` (Filip Skokan) [#&#8203;57274](nodejs/node#57274)
-   \[[`f8aff90235`](nodejs/node@f8aff90235)] - **(SEMVER-MINOR)** **process**: add `execve` (Paolo Insogna) [#&#8203;56496](nodejs/node#56496)
-   \[[`4b04c92d7d`](nodejs/node@4b04c92d7d)] - **(SEMVER-MINOR)** **sqlite**: add `StatementSync.prototype.columns()` (Colin Ihrig) [#&#8203;57490](nodejs/node#57490)
-   \[[`1b8d1d3a3a`](nodejs/node@1b8d1d3a3a)] - **(SEMVER-MINOR)** **util**: expose diff function used by the assertion errors (Giovanni Bucci) [#&#8203;57462](nodejs/node#57462)

##### Commits

-   \[[`7b72396c8b`](nodejs/node@7b72396c8b)] - **assert**: improve partialDeepStrictEqual performance (Ruben Bridgewater) [#&#8203;57509](nodejs/node#57509)
-   \[[`64b086740a`](nodejs/node@64b086740a)] - **(SEMVER-MINOR)** **assert**: implement partial error comparison (Ruben Bridgewater) [#&#8203;57370](nodejs/node#57370)
-   \[[`f694d7de0e`](nodejs/node@f694d7de0e)] - **(SEMVER-MINOR)** **assert**: improve partialDeepStrictEqual (Ruben Bridgewater) [#&#8203;57370](nodejs/node#57370)
-   \[[`80d9d5653f`](nodejs/node@80d9d5653f)] - **(SEMVER-MINOR)** **assert,util**: improve performance (Ruben Bridgewater) [#&#8203;57370](nodejs/node#57370)
-   \[[`d52a71f832`](nodejs/node@d52a71f832)] - **(SEMVER-MINOR)** **benchmark**: adjust assert runtimes (Ruben Bridgewater) [#&#8203;57370](nodejs/node#57370)
-   \[[`7592cf4cd7`](nodejs/node@7592cf4cd7)] - **(SEMVER-MINOR)** **benchmark**: skip running some assert benchmarks by default (Ruben Bridgewater) [#&#8203;57370](nodejs/node#57370)
-   \[[`e4cc54a746`](nodejs/node@e4cc54a746)] - **(SEMVER-MINOR)** **benchmark**: add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) [#&#8203;57370](nodejs/node#57370)
-   \[[`de48407011`](nodejs/node@de48407011)] - **build**: fix update-wpt workflow (Jonas) [#&#8203;57468](nodejs/node#57468)
-   \[[`52cd0954f9`](nodejs/node@52cd0954f9)] - **cli**: clarify --cpu-prof-name allowed values (Eugenio Ceschia) [#&#8203;57433](nodejs/node#57433)
-   \[[`7611fc14de`](nodejs/node@7611fc14de)] - **crypto**: fix output of privateDecrypt with zero-length data (Filip Skokan) [#&#8203;57575](nodejs/node#57575)
-   \[[`cc42ee8fc7`](nodejs/node@cc42ee8fc7)] - **crypto**: ensure expected JWK alg in SubtleCrypto.importKey RSA imports (Filip Skokan) [#&#8203;57450](nodejs/node#57450)
-   \[[`053cef70e0`](nodejs/node@053cef70e0)] - **(SEMVER-MINOR)** **crypto**: add optional callback to crypto.diffieHellman (Filip Skokan) [#&#8203;57274](nodejs/node#57274)
-   \[[`1f08864fd7`](nodejs/node@1f08864fd7)] - **debugger**: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) [#&#8203;57498](nodejs/node#57498)
-   \[[`162b2828eb`](nodejs/node@162b2828eb)] - **deps**: update undici to 6.21.2 (Matteo Collina) [#&#8203;57442](nodejs/node#57442)
-   \[[`43bea6bb80`](nodejs/node@43bea6bb80)] - **deps**: V8: cherry-pick [`c172ffc`](nodejs/node@c172ffc5bf54) (Choongwoo Han) [#&#8203;57437](nodejs/node#57437)
-   \[[`99f93afb9d`](nodejs/node@99f93afb9d)] - **deps**: update ada to v3.2.1 (Yagiz Nizipli) [#&#8203;57429](nodejs/node#57429)
-   \[[`30e5658f12`](nodejs/node@30e5658f12)] - **deps**: update googletest to [`0bdccf4`](nodejs/node@0bdccf4) (Node.js GitHub Bot) [#&#8203;57380](nodejs/node#57380)
-   \[[`573467c070`](nodejs/node@573467c070)] - **deps**: update acorn to 8.14.1 (Node.js GitHub Bot) [#&#8203;57382](nodejs/node#57382)
-   \[[`affeaac0c7`](nodejs/node@affeaac0c7)] - **doc**: add gurgunday as triager (Gürgün Dayıoğlu) [#&#8203;57594](nodejs/node#57594)
-   \[[`4ed1a098f5`](nodejs/node@4ed1a098f5)] - **doc**: clarify behaviour of node-api adjust function (Michael Dawson) [#&#8203;57463](nodejs/node#57463)
-   \[[`921041b284`](nodejs/node@921041b284)] - **doc**: remove Corepack documentation (Antoine du Hamel) [#&#8203;57635](nodejs/node#57635)
-   \[[`99dbd8b391`](nodejs/node@99dbd8b391)] - **doc**: remove mention of `--require` not supporting ES modules (Huáng Jùnliàng) [#&#8203;57620](nodejs/node#57620)
-   \[[`8c76b2949e`](nodejs/node@8c76b2949e)] - **doc**: mention reports should align with Node.js CoC (Rafael Gonzaga) [#&#8203;57607](nodejs/node#57607)
-   \[[`ee1c78a7a3`](nodejs/node@ee1c78a7a3)] - **doc**: add section stating that very stale MRs should be closed (Dario Piotrowicz) [#&#8203;57541](nodejs/node#57541)
-   \[[`595e9e5ad6`](nodejs/node@595e9e5ad6)] - **doc**: add bjohansebas as triager (Sebastian Beltran) [#&#8203;57564](nodejs/node#57564)
-   \[[`3742d2a198`](nodejs/node@3742d2a198)] - **doc**: update support channels (Claudio W.) [#&#8203;57538](nodejs/node#57538)
-   \[[`717c44dead`](nodejs/node@717c44dead)] - **doc**: make stability labels more consistent (Antoine du Hamel) [#&#8203;57516](nodejs/node#57516)
-   \[[`b4576a6f57`](nodejs/node@b4576a6f57)] - **doc**: remove cryptoStream API reference (Jonas) [#&#8203;57579](nodejs/node#57579)
-   \[[`2c4f894036`](nodejs/node@2c4f894036)] - **doc**: module resolution pseudocode corrections (Marcel Laverdet) [#&#8203;57080](nodejs/node#57080)
-   \[[`c45894f90c`](nodejs/node@c45894f90c)] - **doc**: add history entry for DEP0190 in `child_process.md` (Antoine du Hamel) [#&#8203;57544](nodejs/node#57544)
-   \[[`c21068b696`](nodejs/node@c21068b696)] - **doc**: remove deprecated pattern in `child_process.md` (Antoine du Hamel) [#&#8203;57568](nodejs/node#57568)
-   \[[`87e0dda352`](nodejs/node@87e0dda352)] - **doc**: mark multiple experimental APIS as stable (James M Snell) [#&#8203;57510](nodejs/node#57510)
-   \[[`d637763e4e`](nodejs/node@d637763e4e)] - **doc**: remove mertcanaltin from Triagers (Mert Can Altin) [#&#8203;57531](nodejs/node#57531)
-   \[[`ee6025495d`](nodejs/node@ee6025495d)] - **doc**: recommend watching the collaborators repo in the onboarding doc (Darshan Sen) [#&#8203;57527](nodejs/node#57527)
-   \[[`706b64638b`](nodejs/node@706b64638b)] - **doc**: remove mention of visa fees from onboarding doc (Darshan Sen) [#&#8203;57526](nodejs/node#57526)
-   \[[`176d951bd0`](nodejs/node@176d951bd0)] - **doc**: deprecate passing `args` to `spawn` and `execFile` (Antoine du Hamel) [#&#8203;57389](nodejs/node#57389)
-   \[[`5c05ba119b`](nodejs/node@5c05ba119b)] - **doc**: remove some inconsistencies in `deprecations.md` (Antoine du Hamel) [#&#8203;57512](nodejs/node#57512)
-   \[[`9d5be4bb8c`](nodejs/node@9d5be4bb8c)] - **doc**: run license-builder (github-actions\[bot]) [#&#8203;57511](nodejs/node#57511)
-   \[[`273607edb4`](nodejs/node@273607edb4)] - **doc**: add new writing-docs contributing md (Dario Piotrowicz) [#&#8203;57502](nodejs/node#57502)
-   \[[`e28c723f24`](nodejs/node@e28c723f24)] - **doc**: add node.js streams references to Web Streams doc (Dario Piotrowicz) [#&#8203;57393](nodejs/node#57393)
-   \[[`47296492ba`](nodejs/node@47296492ba)] - **doc**: replace NOTEs that do not render properly (Colin Ihrig) [#&#8203;57484](nodejs/node#57484)
-   \[[`db9c37f792`](nodejs/node@db9c37f792)] - **doc**: prefer to sign commits under nodejs repository (Rafael Gonzaga) [#&#8203;57311](nodejs/node#57311)
-   \[[`e5e3987ae7`](nodejs/node@e5e3987ae7)] - **doc**: fixed the incorrect splitting of multiple words (letianpailove) [#&#8203;57454](nodejs/node#57454)
-   \[[`91a824e43b`](nodejs/node@91a824e43b)] - **doc**: add review guidelines for collaborator nominations (Antoine du Hamel) [#&#8203;57449](nodejs/node#57449)
-   \[[`2a5fcb2172`](nodejs/node@2a5fcb2172)] - **doc**: fix typo in `url.md` (Allon Murienik) [#&#8203;57467](nodejs/node#57467)
-   \[[`17ccf9282f`](nodejs/node@17ccf9282f)] - **doc**: add history info for --use-system-ca (Darshan Sen) [#&#8203;57432](nodejs/node#57432)
-   \[[`9adaaeb965`](nodejs/node@9adaaeb965)] - **doc**: remove typo YAML snippet from tls.getCACertificates doc (Darshan Sen) [#&#8203;57459](nodejs/node#57459)
-   \[[`ee4e855f8e`](nodejs/node@ee4e855f8e)] - **doc**: fix typo in sqlite.md (Tobias Nießen) [#&#8203;57473](nodejs/node#57473)
-   \[[`8cb3441443`](nodejs/node@8cb3441443)] - **doc**: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) [#&#8203;57426](nodejs/node#57426)
-   \[[`27f183ad03`](nodejs/node@27f183ad03)] - **doc**: update maintaining-openssl.md for openssl (Richard Lau) [#&#8203;57413](nodejs/node#57413)
-   \[[`ca67145d60`](nodejs/node@ca67145d60)] - **doc**: add missing `deprecated` badges in `fs.md` (Yukihiro Hasegawa) [#&#8203;57384](nodejs/node#57384)
-   \[[`3687390510`](nodejs/node@3687390510)] - **doc**: fix small typo in `process.md` (Felix Rieseberg) [#&#8203;57333](nodejs/node#57333)
-   \[[`097d9926e3`](nodejs/node@097d9926e3)] - **doc**: add note about sync nodejs-private branches (Rafael Gonzaga) [#&#8203;57404](nodejs/node#57404)
-   \[[`5006627969`](nodejs/node@5006627969)] - **fs**: apply exclude function to root path (Rich Trott) [#&#8203;57420](nodejs/node#57420)
-   \[[`0583c3db92`](nodejs/node@0583c3db92)] - **http**: coerce content-length to number (Marco Ippolito) [#&#8203;57458](nodejs/node#57458)
-   \[[`2a580b9332`](nodejs/node@2a580b9332)] - **lib**: add warning when binding inspector to public IP (Demian Parkhomenko) [#&#8203;55736](nodejs/node#55736)
-   \[[`fda56b9837`](nodejs/node@fda56b9837)] - **lib**: limit split function calls to prevent excessive array length (Gürgün Dayıoğlu) [#&#8203;57501](nodejs/node#57501)
-   \[[`d5a26f6525`](nodejs/node@d5a26f6525)] - **lib**: make getCallSites sourceMap option truly optional (James M Snell) [#&#8203;57388](nodejs/node#57388)
-   \[[`00a5b18043`](nodejs/node@00a5b18043)] - **meta**: add some clarification to the nomination process (James M Snell) [#&#8203;57503](nodejs/node#57503)
-   \[[`d0c96c463c`](nodejs/node@d0c96c463c)] - **meta**: remove collaborator self-nomination (Rich Trott) [#&#8203;57537](nodejs/node#57537)
-   \[[`a9a93f31ee`](nodejs/node@a9a93f31ee)] - **meta**: edit collaborator nomination process (Antoine du Hamel) [#&#8203;57483](nodejs/node#57483)
-   \[[`0ca362f5f2`](nodejs/node@0ca362f5f2)] - **meta**: move ovflowd to emeritus (Claudio W.) [#&#8203;57443](nodejs/node#57443)
-   \[[`f8aff90235`](nodejs/node@f8aff90235)] - **(SEMVER-MINOR)** **process**: add execve (Paolo Insogna) [#&#8203;56496](nodejs/node#56496)
-   \[[`e8d4a31d4b`](nodejs/node@e8d4a31d4b)] - **sqlite**: add support for unknown named parameters (Colin Ihrig) [#&#8203;57552](nodejs/node#57552)
-   \[[`5652da642d`](nodejs/node@5652da642d)] - **sqlite**: add DatabaseSync.prototype.isOpen (Colin Ihrig) [#&#8203;57522](nodejs/node#57522)
-   \[[`5c976f16cd`](nodejs/node@5c976f16cd)] - **sqlite**: add DatabaseSync.prototype\[Symbol.dispose]\() (Colin Ihrig) [#&#8203;57506](nodejs/node#57506)
-   \[[`4b04c92d7d`](nodejs/node@4b04c92d7d)] - **(SEMVER-MINOR)** **sqlite**: add StatementSync.prototype.columns() (Colin Ihrig) [#&#8203;57490](nodejs/node#57490)
-   \[[`7f5e31645c`](nodejs/node@7f5e31645c)] - **src**: ensure primordials are initialized exactly once (Chengzhong Wu) [#&#8203;57519](nodejs/node#57519)
-   \[[`9611980f58`](nodejs/node@9611980f58)] - **src**: improve error handling in multiple files (James M Snell) [#&#8203;57507](nodejs/node#57507)
-   \[[`3ddc5cd875`](nodejs/node@3ddc5cd875)] - **src**: cache urlpattern properties (JonasBa) [#&#8203;57465](nodejs/node#57465)
-   \[[`b9d9ee4da2`](nodejs/node@b9d9ee4da2)] - **src**: make minor cleanups in encoding_binding.cc (James M Snell) [#&#8203;57448](nodejs/node#57448)
-   \[[`f8acf2dd2a`](nodejs/node@f8acf2dd2a)] - **src**: make minor cleanups in compile_cache.cc (James M Snell) [#&#8203;57448](nodejs/node#57448)
-   \[[`6ee15c6509`](nodejs/node@6ee15c6509)] - **src**: define urlpattern components using a macro (JonasBa) [#&#8203;57452](nodejs/node#57452)
-   \[[`4ab3c1690a`](nodejs/node@4ab3c1690a)] - **src**: cleanup crypto more (James M Snell) [#&#8203;57323](nodejs/node#57323)
-   \[[`5be80b1748`](nodejs/node@5be80b1748)] - **src**: refine ncrypto more (James M Snell) [#&#8203;57300](nodejs/node#57300)
-   \[[`6a13319a6e`](nodejs/node@6a13319a6e)] - **src**: cleanup aliased_buffer.h (Mohammed Keyvanzadeh) [#&#8203;57395](nodejs/node#57395)
-   \[[`3cff7f80bb`](nodejs/node@3cff7f80bb)] - **src**: suggest --use-system-ca when a certificate error occurs (Aditi) [#&#8203;57362](nodejs/node#57362)
-   \[[`3d372ad9f3`](nodejs/node@3d372ad9f3)] - **test**: update WPT for urlpattern to [`6ceca69`](nodejs/node@6ceca69d26) (Node.js GitHub Bot) [#&#8203;57486](nodejs/node#57486)
-   \[[`481ea665af`](nodejs/node@481ea665af)] - **test**: add more number cases for buffer.indexOf (Meghan Denny) [#&#8203;57200](nodejs/node#57200)
-   \[[`27b01ed4e7`](nodejs/node@27b01ed4e7)] - **test**: update parallel/test-tls-dhe for OpenSSL 3.5 (Richard Lau) [#&#8203;57477](nodejs/node#57477)
-   \[[`8f7debcf41`](nodejs/node@8f7debcf41)] - **timers**: optimize timer functions with improved argument handling (Gürgün Dayıoğlu) [#&#8203;57072](nodejs/node#57072)
-   \[[`d4abd9d3fb`](nodejs/node@d4abd9d3fb)] - **timers**: remove unnecessary allocation of \_onTimeout (Gürgün Dayıoğlu) [#&#8203;57497](nodejs/node#57497)
-   \[[`f8f81c8ba2`](nodejs/node@f8f81c8ba2)] - **timers**: remove unused parameter from insertGuarded (Gürgün Dayıoğlu) [#&#8203;57251](nodejs/node#57251)
-   \[[`c4fdb27b51`](nodejs/node@c4fdb27b51)] - **tls**: remove unnecessary type check on normalize (Yagiz Nizipli) [#&#8203;57336](nodejs/node#57336)
-   \[[`ad5dcc5798`](nodejs/node@ad5dcc5798)] - **tools**: fix WPT update cron string (Antoine du Hamel) [#&#8203;57665](nodejs/node#57665)
-   \[[`7faa482588`](nodejs/node@7faa482588)] - **tools**: remove stalled label on unstalled issues and MRs (Rich Trott) [#&#8203;57630](nodejs/node#57630)
-   \[[`e3bb26da2b`](nodejs/node@e3bb26da2b)] - **tools**: update sccache to support GH cache changes (Michaël Zasso) [#&#8203;57573](nodejs/node#57573)
-   \[[`f0c9f505d9`](nodejs/node@f0c9f505d9)] - **tools**: bump [@&#8203;babel/helpers](https://github.com/babel/helpers) from 7.26.9 to 7.26.10 in /tools/eslint (dependabot\[bot]) [#&#8203;57444](nodejs/node#57444)
-   \[[`a40ff1f646`](nodejs/node@a40ff1f646)] - **url**: fix constructor error message for URLPattern (jakecastelli) [#&#8203;57482](nodejs/node#57482)
-   \[[`f36bee4b89`](nodejs/node@f36bee4b89)] - **util**: avoid run debug when enabled is false (fengmk2) [#&#8203;57494](nodejs/node#57494)
-   \[[`1b8d1d3a3a`](nodejs/node@1b8d1d3a3a)] - **(SEMVER-MINOR)** **util**: expose diff function used by the assertion errors (Giovanni Bucci) [#&#8203;57462](nodejs/node#57462)
-   \[[`1f7b08a317`](nodejs/node@1f7b08a317)] - **win,test**: disable test case failing with ClangCL (Stefan Stojanovic) [#&#8203;57397](nodejs/node#57397)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMzAuMiIsInVwZGF0ZWRJblZlciI6IjM5LjIzMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@anonrig anonrig anonrig approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. web-standards Issues and PRs related to Web APIs webcrypto
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@panva @nodejs-github-bot @jasnell @anonrig