crypto: add AES-OCB Web Cryptography algorithm #59539

panva · 2025-08-19T14:06:22Z

Adds AES-OCB to SubtleCrypto as per https://wicg.github.io/webcrypto-modern-algos/#aes-ocb

nodejs-github-bot · 2025-08-19T14:06:28Z

Review requested:

@nodejs/crypto
@nodejs/security-wg

panva · 2025-08-19T14:45:56Z

doc/api/webcrypto.md

@@ -2178,6 +2212,8 @@ The length (in bytes) of the random salt to use.

 [^modern-algos]: See [Modern Algorithms in the Web Cryptography API][]

+[^openssl30]: Requires OpenSSL >= 3.0


FYI I gated AES-OCB behind OpenSSL >= 3.0 because in 1.1.1 it was producing ciphertexts that did not match the vectors. It could decrypt the vectors but was itself producing invalid ciphertexts.

codecov · 2025-08-19T15:02:23Z

Codecov Report

❌ Patch coverage is 79.48718% with 24 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.85%. Comparing base (589ef79) to head (1239398).
⚠️ Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
lib/internal/crypto/aes.js	77.35%	11 Missing and 1 partial ⚠️
src/crypto/crypto_aes.cc	47.82%	6 Missing and 6 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #59539      +/-   ##
==========================================
+ Coverage   89.83%   89.85%   +0.01%     
==========================================
  Files         667      667              
  Lines      196062   196169     +107     
  Branches    38501    38535      +34     
==========================================
+ Hits       176133   176264     +131     
+ Misses      12397    12360      -37     
- Partials     7532     7545      +13

Files with missing lines	Coverage Δ
lib/internal/crypto/keys.js	`95.18% <100.00%> (+<0.01%)`	⬆️
lib/internal/crypto/util.js	`95.13% <100.00%> (+0.06%)`	⬆️
lib/internal/crypto/webcrypto.js	`96.16% <100.00%> (+0.08%)`	⬆️
lib/internal/crypto/webidl.js	`98.76% <100.00%> (+0.02%)`	⬆️
src/crypto/crypto_aes.h	`33.33% <ø> (ø)`
lib/internal/crypto/aes.js	`88.12% <77.35%> (-1.85%)`	⬇️
src/crypto/crypto_aes.cc	`50.66% <47.82%> (-0.04%)`	⬇️

... and 31 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

nodejs-github-bot · 2025-08-19T16:47:31Z

CI: https://ci.nodejs.org/job/node-test-pull-request/68748/

nodejs-github-bot · 2025-08-24T07:47:11Z

CI: https://ci.nodejs.org/job/node-test-pull-request/68843/

nodejs-github-bot · 2025-08-24T09:47:22Z

Landed in 8692e60

PR-URL: #59539 Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]>

Notable changes: crypto: * (SEMVER-MINOR) add AES-OCB Web Cryptography algorithm (Filip Skokan) #59539 * update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 * (SEMVER-MINOR) support ML-KEM in Web Cryptography (Filip Skokan) #59569 * (SEMVER-MINOR) support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) #59491 * (SEMVER-MINOR) add argon2() and argon2Sync() methods (Ranieri Althoff) #50353 * (SEMVER-MINOR) support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) subject some algorithms in Web Cryptography on BoringSSL absence (Filip Skokan) #59365 * (SEMVER-MINOR) add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) #59365 * (SEMVER-MINOR) add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) add SHA-3 Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SHAKE Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-DSA in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-KEM KeyObject (Filip Skokan) #59461 doc: * (SEMVER-MINOR) compress Web Cryptography Algorithm matrix (Filip Skokan) #59365 http: * (SEMVER-MINOR) add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315 http2: * (SEMVER-MINOR) add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455 lib: * (SEMVER-MINOR) refactor kSupportedAlgorithms (Filip Skokan) #59365 sea: * (SEMVER-MINOR) support execArgv in sea config (Joyee Cheung) #59314 stream: * (SEMVER-MINOR) add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464 test: * (SEMVER-MINOR) add Web Cryptography wrap/unwrap vectors (Filip Skokan) #59365 * (SEMVER-MINOR) cleanup test-webcrypto-supports (Filip Skokan) #59365 PR-URL: #59629

Notable changes: crypto: * update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 * (SEMVER-MINOR) add AES-OCB Web Cryptography algorithm (Filip Skokan) #59539 * (SEMVER-MINOR) support ML-KEM in Web Cryptography (Filip Skokan) #59569 * (SEMVER-MINOR) support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) #59491 * (SEMVER-MINOR) add argon2() and argon2Sync() methods (Ranieri Althoff) #50353 * (SEMVER-MINOR) support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) #59365 * (SEMVER-MINOR) add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) add SHA-3 Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SHAKE Web Cryptography digest algorithms (Filip Skokan) #59365 * (SEMVER-MINOR) add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-DSA in Web Cryptography (Filip Skokan) #59365 * (SEMVER-MINOR) support ML-KEM KeyObject (Filip Skokan) #59461 http: * (SEMVER-MINOR) add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315 http2: * (SEMVER-MINOR) add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455 sea: * (SEMVER-MINOR) support execArgv in sea config (Joyee Cheung) #59314 stream: * (SEMVER-MINOR) add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464 PR-URL: #59629

Notable changes: crypto: * update root certificates to NSS 3.114 (Node.js GitHub Bot) nodejs#59571 * (SEMVER-MINOR) add AES-OCB Web Cryptography algorithm (Filip Skokan) nodejs#59539 * (SEMVER-MINOR) support ML-KEM in Web Cryptography (Filip Skokan) nodejs#59569 * (SEMVER-MINOR) support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) nodejs#59491 * (SEMVER-MINOR) add argon2() and argon2Sync() methods (Ranieri Althoff) nodejs#50353 * (SEMVER-MINOR) support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add SHA-3 Web Cryptography digest algorithms (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add SHAKE Web Cryptography digest algorithms (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) support ML-DSA in Web Cryptography (Filip Skokan) nodejs#59365 * (SEMVER-MINOR) support ML-KEM KeyObject (Filip Skokan) nodejs#59461 http: * (SEMVER-MINOR) add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) nodejs#59315 http2: * (SEMVER-MINOR) add support for raw header arrays in h2Stream.respond() (Tim Perry) nodejs#59455 sea: * (SEMVER-MINOR) support execArgv in sea config (Joyee Cheung) nodejs#59314 stream: * (SEMVER-MINOR) add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) nodejs#59464 PR-URL: nodejs#59629

This MR contains the following updates: | Package | Update | Change | |---|---|---| | [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `24.6.0` -> `24.7.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v24.7.0`](https://github.com/nodejs/node/releases/tag/v24.7.0): 2025-08-27, Version 24.7.0 (Current), @targos [Compare Source](nodejs/node@v24.6.0...v24.7.0) ##### Notable Changes ##### Post-Quantum Cryptography in `node:crypto` OpenSSL 3.5 on 24.x kicked off post-quantum cryptography efforts in Node.js by allowing use of NIST's post-quantum cryptography standards for future-proofing applications against quantum computing threats. The following post-quantum algorithms are now available in `node:crypto`: - ML-KEM (FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard) through new `crypto.encapsulate()` and `crypto.decapsulate()` methods. - ML-DSA (FIPS 204, Module-Lattice-Based Digital Signature Standard) in the existing `crypto.sign()` and `crypto.verify()` methods. Contributed by Filip Skokan in [#59259](nodejs/node#59259) and [#59491](nodejs/node#59491). ##### Modern Algorithms in Web Cryptography API The second substantial [extension to the Web Cryptography API](https://wicg.github.io/webcrypto-modern-algos/) (`globalThis.crypto.subtle`) was recently accepted for incubation by WICG. The following algorithms and methods from this extension are now available in the Node.js Web Cryptography API implementation: - AES-OCB - ChaCha20-Poly1305 - ML-DSA - ML-KEM - SHA-3 - SHAKE - `subtle.getPublicKey()` - `SubtleCrypto.supports()` - ... with more coming in future releases. Contributed by Filip Skokan in [#59365](nodejs/node#59365), [#59569](nodejs/node#59569), [#59461](nodejs/node#59461), and [#59539](nodejs/node#59539). ##### Node.js execution argument support in single executable applications The single executable application configuration now supports additional fields to specify Node.js execution arguments and control how they can be extended when the application is run. - `execArgv` takes an array of strings for the execution arguments to be used. - `execArgvExtension` takes one of the following values: - `"none"`: No additional execution arguments are allowed. - `"cli"`: Additional execution arguments can be provided via a special command-line flag `--node-options="--flag1 --flag2=value"` at run time. - `"env"` (default): Additional execution arguments can be provided via the `NODE_OPTIONS` environment variable at run time. For example, with the following configuration: ```json { "main": "/path/to/bundled/script.js", "output": "/path/to/write/the/generated/blob.blob", "execArgv": ["--no-warnings"], "execArgvExtension": "cli", } ``` If the generated single executable application is named `sea`, then running: ```console sea --node-options="--max-old-space-size=4096" user-arg1 user-arg2 ``` Would be equivalent to running: ```console node --no-warnings --max-old-space-size=4096 /path/to/bundled/script.js user-arg1 user-arg2 ``` Contributed by Joyee Cheung in [#59314](nodejs/node#59314) and [#59560](nodejs/node#59560). ##### Root certificates updated to NSS 3.114 Certificates added: - TrustAsia TLS ECC Root CA - TrustAsia TLS RSA Root CA - SwissSign RSA TLS Root CA 2022 - 1 Certificates removed: - GlobalSign Root CA - Entrust.net Premium 2048 Secure Server CA - Baltimore CyberTrust Root - Comodo AAA Services root - XRamp Global CA Root - Go Daddy Class 2 CA - Starfield Class 2 CA ##### Other Notable Changes - \[[`d3afc63c44`](nodejs/node@d3afc63c44)] - **(SEMVER-MINOR)** **crypto**: add argon2() and argon2Sync() methods (Ranieri Althoff) [#50353](nodejs/node#50353) - \[[`6ae202fcdf`](nodejs/node@6ae202fcdf)] - **(SEMVER-MINOR)** **http**: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) [#59315](nodejs/node#59315) - \[[`dafee05358`](nodejs/node@dafee05358)] - **(SEMVER-MINOR)** **http2**: add support for raw header arrays in h2Stream.respond() (Tim Perry) [#59455](nodejs/node#59455) - \[[`8dc6f5b696`](nodejs/node@8dc6f5b696)] - **(SEMVER-MINOR)** **stream**: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) [#59464](nodejs/node#59464) ##### Commits - \[[`0fa22cbf7c`](nodejs/node@0fa22cbf7c)] - **benchmark**: calibrate config v8/serialize.js (Rafael Gonzaga) [#59586](nodejs/node#59586) - \[[`f5ece45b45`](nodejs/node@f5ece45b45)] - **benchmark**: reduce readfile-permission-enabled config (Rafael Gonzaga) [#59589](nodejs/node#59589) - \[[`8ebd4f4434`](nodejs/node@8ebd4f4434)] - **benchmark**: calibrate length of util.diff (Rafael Gonzaga) [#59588](nodejs/node#59588) - \[[`7dee3ffd14`](nodejs/node@7dee3ffd14)] - **benchmark**: reflect current OpenSSL in crypto key benchmarks (Filip Skokan) [#59459](nodejs/node#59459) - \[[`027b861ca1`](nodejs/node@027b861ca1)] - **benchmark, test**: replace CRLF variable with string literal (Lee Jiho) [#59466](nodejs/node#59466) - \[[`89dd770889`](nodejs/node@89dd770889)] - **build**: do not set `-mminimal-toc` with `clang` (Richard Lau) [#59484](nodejs/node#59484) - \[[`e13de4542f`](nodejs/node@e13de4542f)] - **child\_process**: remove unsafe array iteration (hotpineapple) [#59347](nodejs/node#59347) - \[[`89fe63551e`](nodejs/node@89fe63551e)] - **crypto**: load system CA certificates off thread (Joyee Cheung) [#59550](nodejs/node#59550) - \[[`152c5ef518`](nodejs/node@152c5ef518)] - **(SEMVER-MINOR)** **crypto**: add AES-OCB Web Cryptography algorithm (Filip Skokan) [#59539](nodejs/node#59539) - \[[`c6c418343d`](nodejs/node@c6c418343d)] - **crypto**: update root certificates to NSS 3.114 (Node.js GitHub Bot) [#59571](nodejs/node#59571) - \[[`18a2ee5b6c`](nodejs/node@18a2ee5b6c)] - **(SEMVER-MINOR)** **crypto**: support ML-KEM in Web Cryptography (Filip Skokan) [#59569](nodejs/node#59569) - \[[`72937e5144`](nodejs/node@72937e5144)] - **crypto**: require HMAC key length with SHA-3 hashes in Web Cryptography (Filip Skokan) [#59567](nodejs/node#59567) - \[[`b7383186c7`](nodejs/node@b7383186c7)] - **crypto**: fix subtle.getPublicKey error for secret type key inputs (Filip Skokan) [#59558](nodejs/node#59558) - \[[`2d05c046db`](nodejs/node@2d05c046db)] - **crypto**: return cached copies from CryptoKey algorithm and usages getters (Filip Skokan) [#59538](nodejs/node#59538) - \[[`207ffbeb07`](nodejs/node@207ffbeb07)] - **crypto**: use CryptoKey internal slots in Web Cryptography (Filip Skokan) [#59538](nodejs/node#59538) - \[[`4276516781`](nodejs/node@4276516781)] - **crypto**: normalize RsaHashedKeyParams publicExponent (Filip Skokan) [#59538](nodejs/node#59538) - \[[`14741539a7`](nodejs/node@14741539a7)] - **(SEMVER-MINOR)** **crypto**: support ML-KEM, DHKEM, and RSASVE key encapsulation mechanisms (Filip Skokan) [#59491](nodejs/node#59491) - \[[`d3afc63c44`](nodejs/node@d3afc63c44)] - **(SEMVER-MINOR)** **crypto**: add argon2() and argon2Sync() methods (Ranieri Althoff) [#50353](nodejs/node#50353) - \[[`4fe383e45a`](nodejs/node@4fe383e45a)] - **(SEMVER-MINOR)** **crypto**: support ML-DSA spki/pkcs8 key formats in Web Cryptography (Filip Skokan) [#59365](nodejs/node#59365) - \[[`a95386fbf9`](nodejs/node@a95386fbf9)] - **(SEMVER-MINOR)** **crypto**: subject some algorithms in Web Cryptography on BoringSSL absence (Filip Skokan) [#59365](nodejs/node#59365) - \[[`3f47a2fb63`](nodejs/node@3f47a2fb63)] - **(SEMVER-MINOR)** **crypto**: add ChaCha20-Poly1305 Web Cryptography algorithm (Filip Skokan) [#59365](nodejs/node#59365) - \[[`6fcce9058a`](nodejs/node@6fcce9058a)] - **(SEMVER-MINOR)** **crypto**: add subtle.getPublicKey() utility function in Web Cryptography (Filip Skokan) [#59365](nodejs/node#59365) - \[[`76cde76429`](nodejs/node@76cde76429)] - **(SEMVER-MINOR)** **crypto**: add SHA-3 Web Cryptography digest algorithms (Filip Skokan) [#59365](nodejs/node#59365) - \[[`247d017501`](nodejs/node@247d017501)] - **(SEMVER-MINOR)** **crypto**: add SHAKE Web Cryptography digest algorithms (Filip Skokan) [#59365](nodejs/node#59365) - \[[`f4fbcca5ce`](nodejs/node@f4fbcca5ce)] - **(SEMVER-MINOR)** **crypto**: add SubtleCrypto.supports feature detection in Web Cryptography (Filip Skokan) [#59365](nodejs/node#59365) - \[[`a55382214f`](nodejs/node@a55382214f)] - **(SEMVER-MINOR)** **crypto**: support ML-DSA in Web Cryptography (Filip Skokan) [#59365](nodejs/node#59365) - \[[`c38988c860`](nodejs/node@c38988c860)] - **crypto**: fix EVPKeyCtxPointer::publicCheck() (Tobias Nießen) [#59471](nodejs/node#59471) - \[[`61c3bcdc56`](nodejs/node@61c3bcdc56)] - **(SEMVER-MINOR)** **crypto**: support ML-KEM KeyObject (Filip Skokan) [#59461](nodejs/node#59461) - \[[`0821b446fb`](nodejs/node@0821b446fb)] - **deps**: update undici to 7.14.0 (Node.js GitHub Bot) [#59507](nodejs/node#59507) - \[[`b3af17c065`](nodejs/node@b3af17c065)] - **deps**: V8: cherry-pick [`7b91e3e`](nodejs/node@7b91e3e2cbaf) (Milad Fa) [#59485](nodejs/node#59485) - \[[`9b69baf146`](nodejs/node@9b69baf146)] - **deps**: V8: cherry-pick [`59d52e3`](nodejs/node@59d52e311bb1) (Milad Fa) [#59485](nodejs/node#59485) - \[[`b4f202c2f1`](nodejs/node@b4f202c2f1)] - **doc**: improve `sqlite.backup()` progress/fulfillment documentation (René) [#59598](nodejs/node#59598) - \[[`40b217a2f9`](nodejs/node@40b217a2f9)] - **doc**: clarify experimental platform vulnerability policy (Matteo Collina) [#59591](nodejs/node#59591) - \[[`cf84fffea5`](nodejs/node@cf84fffea5)] - **doc**: link to `TypedArray.from()` in signature (Aviv Keller) [#59226](nodejs/node#59226) - \[[`4bf6ed0bf5`](nodejs/node@4bf6ed0bf5)] - **doc**: fix typos in `environment_variables.md` (PhistucK) [#59536](nodejs/node#59536) - \[[`1784c35a49`](nodejs/node@1784c35a49)] - **doc**: add security incident reponse plan (Rafael Gonzaga) [#59470](nodejs/node#59470) - \[[`b962560240`](nodejs/node@b962560240)] - **doc**: clarify maxRSS unit in `process.resourceUsage()` (Alex Yang) [#59511](nodejs/node#59511) - \[[`e6a6cdb9df`](nodejs/node@e6a6cdb9df)] - **doc**: add missing Zstd strategy constants (RANDRIAMANANTENA Narindra Tiana Annaick) [#59312](nodejs/node#59312) - \[[`a6a31cb467`](nodejs/node@a6a31cb467)] - **(SEMVER-MINOR)** **doc**: compress Web Cryptography Algorithm matrix (Filip Skokan) [#59365](nodejs/node#59365) - \[[`8f8960cfcb`](nodejs/node@8f8960cfcb)] - **doc**: fix the version tls.DEFAULT\_CIPHERS was added (Allon Murienik) [#59247](nodejs/node#59247) - \[[`9e76089f1a`](nodejs/node@9e76089f1a)] - **doc**: clarify glob's exclude option behavior (hotpineapple) [#59245](nodejs/node#59245) - \[[`dd5f835af7`](nodejs/node@dd5f835af7)] - **doc**: add RafaelGSS as performance strategic lead (Rafael Gonzaga) [#59445](nodejs/node#59445) - \[[`2b7a7a525e`](nodejs/node@2b7a7a525e)] - **doc,crypto**: add supported asymmetric key types section (Filip Skokan) [#59492](nodejs/node#59492) - \[[`2fafe4c3bb`](nodejs/node@2fafe4c3bb)] - **esm**: link modules synchronously when no async loader hooks are used (Joyee Cheung) [#59519](nodejs/node#59519) - \[[`5347c4997a`](nodejs/node@5347c4997a)] - **esm**: show race error message for inner module job race (Joyee Cheung) [#59519](nodejs/node#59519) - \[[`b56d8af2fe`](nodejs/node@b56d8af2fe)] - **esm**: sync-ify module translation (Joyee Cheung) [#59453](nodejs/node#59453) - \[[`b4a23d6a69`](nodejs/node@b4a23d6a69)] - **http**: trim off brackets from IPv6 addresses with string operations (Krishnadas PC) [#59420](nodejs/node#59420) - \[[`6ae202fcdf`](nodejs/node@6ae202fcdf)] - **(SEMVER-MINOR)** **http**: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) [#59315](nodejs/node#59315) - \[[`dafee05358`](nodejs/node@dafee05358)] - **(SEMVER-MINOR)** **http2**: add support for raw header arrays in h2Stream.respond() (Tim Perry) [#59455](nodejs/node#59455) - \[[`b7ea39d860`](nodejs/node@b7ea39d860)] - **http2**: report sent headers object in client stream dcs (Darshan Sen) [#59419](nodejs/node#59419) - \[[`ebe9272dae`](nodejs/node@ebe9272dae)] - **inspector**: initial support websocket inspection (Shima Ryuhei) [#59404](nodejs/node#59404) - \[[`b35041c7dc`](nodejs/node@b35041c7dc)] - **inspector**: prevent propagation of promise hooks to noPromise hooks (Shima Ryuhei) [#58841](nodejs/node#58841) - \[[`fe7176d7c6`](nodejs/node@fe7176d7c6)] - **lib**: do not modify prototype deprecated asyncResource (encore) (Szymon Łągiewka) [#59518](nodejs/node#59518) - \[[`93fc80a1e2`](nodejs/node@93fc80a1e2)] - **(SEMVER-MINOR)** **lib**: refactor kSupportedAlgorithms (Filip Skokan) [#59365](nodejs/node#59365) - \[[`9a12f71ad9`](nodejs/node@9a12f71ad9)] - **lib**: simplify IPv6 checks in isLoopback() (Krishnadas) [#59375](nodejs/node#59375) - \[[`566fb04c82`](nodejs/node@566fb04c82)] - **meta**: update devcontainer to the latest schema (Aviv Keller) [#54347](nodejs/node#54347) - \[[`389a24bbff`](nodejs/node@389a24bbff)] - **module**: allow overriding linked requests for a ModuleWrap (Chengzhong Wu) [#59527](nodejs/node#59527) - \[[`7880978fe3`](nodejs/node@7880978fe3)] - **module**: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) [#58646](nodejs/node#58646) - \[[`99128d9244`](nodejs/node@99128d9244)] - **node-api**: link to other programming language bindings (Chengzhong Wu) [#59516](nodejs/node#59516) - \[[`65c870e6cb`](nodejs/node@65c870e6cb)] - **node-api**: clarify enum value ABI stability (Chengzhong Wu) [#59085](nodejs/node#59085) - \[[`352d63541a`](nodejs/node@352d63541a)] - **sea**: implement execArgvExtension (Joyee Cheung) [#59560](nodejs/node#59560) - \[[`c6e3d5d98d`](nodejs/node@c6e3d5d98d)] - **(SEMVER-MINOR)** **sea**: support execArgv in sea config (Joyee Cheung) [#59314](nodejs/node#59314) - \[[`e7084df4db`](nodejs/node@e7084df4db)] - **sqlite**: add sqlite-type symbol for DatabaseSync (Alex Yang) [#59405](nodejs/node#59405) - \[[`e2b6bdc640`](nodejs/node@e2b6bdc640)] - **sqlite**: handle ?NNN parameters as positional (Edy Silva) [#59350](nodejs/node#59350) - \[[`99e4a12731`](nodejs/node@99e4a12731)] - **sqlite**: avoid useless call to FromMaybe() (Tobias Nießen) [#59490](nodejs/node#59490) - \[[`dfd4962e5f`](nodejs/node@dfd4962e5f)] - **src**: enforce assumptions in FIXED\_ONE\_BYTE\_STRING (Tobias Nießen) [#58155](nodejs/node#58155) - \[[`93a368df04`](nodejs/node@93a368df04)] - **src**: use simdjson to parse --snapshot-config (Joyee Cheung) [#59473](nodejs/node#59473) - \[[`716750fcf8`](nodejs/node@716750fcf8)] - **src**: fix order of CHECK\_NOT\_NULL/dereference (Tobias Nießen) [#59487](nodejs/node#59487) - \[[`44a8ecf8d4`](nodejs/node@44a8ecf8d4)] - **src**: assert memory calc for max-old-space-size-percentage (Asaf Federman) [#59460](nodejs/node#59460) - \[[`3462b46fca`](nodejs/node@3462b46fca)] - **src**: use simdjson::pad (0hm☘️) [#59391](nodejs/node#59391) - \[[`3e1551d845`](nodejs/node@3e1551d845)] - **src**: move shared\_ptr objects in KeyObjectData (Tobias Nießen) [#59472](nodejs/node#59472) - \[[`c022c1f85a`](nodejs/node@c022c1f85a)] - **src**: add internal GetOptionsAsFlags (Pietro Marchini) [#59138](nodejs/node#59138) - \[[`c0f08454a3`](nodejs/node@c0f08454a3)] - **src**: iterate metadata version entries with std::array (Chengzhong Wu) [#57866](nodejs/node#57866) - \[[`f87836f3ae`](nodejs/node@f87836f3ae)] - **src**: internalize `v8::ConvertableToTraceFormat` in traces (Chengzhong Wu) [#57866](nodejs/node#57866) - \[[`852b8e46d8`](nodejs/node@852b8e46d8)] - **src**: remove duplicate assignment of `O_EXCL` in node\_constants.cc (Daniel Osvaldo R) [#59049](nodejs/node#59049) - \[[`64ffde608f`](nodejs/node@64ffde608f)] - **src**: add Intel CET properties to large\_pages.S (tjuhaszrh) [#59363](nodejs/node#59363) - \[[`823dce32ec`](nodejs/node@823dce32ec)] - **src**: update OpenSSL pqc checks (Filip Skokan) [#59436](nodejs/node#59436) - \[[`8dc6f5b696`](nodejs/node@8dc6f5b696)] - **(SEMVER-MINOR)** **stream**: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) [#59464](nodejs/node#59464) - \[[`b2b8383755`](nodejs/node@b2b8383755)] - **test**: use mustSucceed in test-repl-tab-complete-import (Sohyeon Kim) [#59368](nodejs/node#59368) - \[[`e3ad5cc2c6`](nodejs/node@e3ad5cc2c6)] - **test**: skip sea tests on Linux ppc64le (Richard Lau) [#59563](nodejs/node#59563) - \[[`f78f47ca5a`](nodejs/node@f78f47ca5a)] - **test**: support standalone env comment in tests (Pietro Marchini) [#59546](nodejs/node#59546) - \[[`0e8bc2c7ac`](nodejs/node@0e8bc2c7ac)] - **test**: rename test-net-server-drop-connections-in-cluster.js to -http- (Meghan Denny) [#59532](nodejs/node#59532) - \[[`ed339580af`](nodejs/node@ed339580af)] - **test**: lazy-load internalTTy (Pietro Marchini) [#59517](nodejs/node#59517) - \[[`fe86bc6da8`](nodejs/node@fe86bc6da8)] - **test**: fix `test-setproctitle` status when `ps` is not available (Antoine du Hamel) [#59523](nodejs/node#59523) - \[[`e517792973`](nodejs/node@e517792973)] - **test**: add parseTestMetadata support (Pietro Marchini) [#59503](nodejs/node#59503) - \[[`31092972d6`](nodejs/node@31092972d6)] - **test**: update WPT for WebCryptoAPI to [`ff26d9b`](nodejs/node@ff26d9b307) (Node.js GitHub Bot) [#59497](nodejs/node#59497) - \[[`16afd103cc`](nodejs/node@16afd103cc)] - **(SEMVER-MINOR)** **test**: add Web Cryptography wrap/unwrap vectors (Filip Skokan) [#59365](nodejs/node#59365) - \[[`5598baf34e`](nodejs/node@5598baf34e)] - **(SEMVER-MINOR)** **test**: cleanup test-webcrypto-supports (Filip Skokan) [#59365](nodejs/node#59365) - \[[`e7809d6ddb`](nodejs/node@e7809d6ddb)] - **test**: make test-debug-process locale-independent (BCD1me) [#59254](nodejs/node#59254) - \[[`ca7856e73c`](nodejs/node@ca7856e73c)] - **test**: mark test-wasi-pthread as flaky (Joyee Cheung) [#59488](nodejs/node#59488) - \[[`0ecd82197f`](nodejs/node@0ecd82197f)] - **test**: split test-wasi.js (Joyee Cheung) [#59488](nodejs/node#59488) - \[[`0930c218d6`](nodejs/node@0930c218d6)] - **test**: deflake connection refused proxy tests (Joyee Cheung) [#59476](nodejs/node#59476) - \[[`7f457f886a`](nodejs/node@7f457f886a)] - **test**: use case-insensitive path checking on Windows in fs.cpSync tests (Joyee Cheung) [#59475](nodejs/node#59475) - \[[`37809115f9`](nodejs/node@37809115f9)] - **test**: add missing hasPostData in test-inspector-emit-protocol-event (Shima Ryuhei) [#59412](nodejs/node#59412) - \[[`f4722b1672`](nodejs/node@f4722b1672)] - **test**: refactor error checks to use assert.ifError/mustSucceed (Sohyeon Kim) [#59424](nodejs/node#59424) - \[[`9ff71a672d`](nodejs/node@9ff71a672d)] - **test**: fix typos (Lee Jiho) [#59330](nodejs/node#59330) - \[[`9a7700da62`](nodejs/node@9a7700da62)] - **test**: skip test-watch-mode inspect when no inspector (James M Snell) [#59440](nodejs/node#59440) - \[[`e964c4334e`](nodejs/node@e964c4334e)] - **test\_runner**: do not error when getting `fullName` of root context (René) [#59377](nodejs/node#59377) - \[[`e076f7857c`](nodejs/node@e076f7857c)] - **test\_runner**: add option to rerun only failed tests (Moshe Atlow) [#59443](nodejs/node#59443) - \[[`eb8b1939a4`](nodejs/node@eb8b1939a4)] - **test\_runner**: fix isSkipped check in junit (Sungwon) [#59414](nodejs/node#59414) - \[[`4e02ea1c52`](nodejs/node@4e02ea1c52)] - **tools**: update gyp-next to 0.20.3 (Node.js GitHub Bot) [#59603](nodejs/node#59603) - \[[`99da7fbe11`](nodejs/node@99da7fbe11)] - **tools**: avoid parsing test files twice (Pietro Marchini) [#59526](nodejs/node#59526) - \[[`9a6a8e319b`](nodejs/node@9a6a8e319b)] - **tools**: update coverage GitHub Actions to fixed version (Rich Trott) [#59512](nodejs/node#59512) - \[[`8d28236aff`](nodejs/node@8d28236aff)] - **tools**: fix return value of try\_check\_compiler (theanarkh) [#59434](nodejs/node#59434) - \[[`52ab64ec3a`](nodejs/node@52ab64ec3a)] - **tools**: bump [@eslint/plugin-kit](https://github.com/eslint/plugin-kit) from 0.3.3 to 0.3.4 in /tools/eslint (dependabot\[bot]) [#59271](nodejs/node#59271) - \[[`baa22893bb`](nodejs/node@baa22893bb)] - **typings**: add missing URLBinding methods (성우현 | Woohyun Sung) [#59468](nodejs/node#59468) - \[[`b68e0d1eca`](nodejs/node@b68e0d1eca)] - **util**: fix error's namespaced node\_modules highlighting using inspect (Ruben Bridgewater) [#59446](nodejs/node#59446) - \[[`15ae21b88a`](nodejs/node@15ae21b88a)] - **util**: add some additional error classes to `wellKnownPrototypes` (Mark S. Miller) [#59456](nodejs/node#59456) - \[[`c38b7cfa35`](nodejs/node@c38b7cfa35)] - **worker**: fix worker name with \0 (theanarkh) [#59214](nodejs/node#59214) - \[[`f54ace694a`](nodejs/node@f54ace694a)] - **worker**: add worker name to report (theanarkh) [#58935](nodejs/node#58935) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Aug 19, 2025

panva force-pushed the webcrypto-aes-ocb branch from 6930654 to 60c144e Compare August 19, 2025 14:07