PR-URL: https://github.com/nodejs/node/pull/47619
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Refs: https://github.com/nodejs/node/pull/47446
PR-URL: https://github.com/nodejs/node/pull/47701
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Deokjin Kim <deokjin81.kim@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
This is the certdata.txt[0] from NSS 3.89, released on 2023-03-09.
This is the version of NSS that shipped in Firefox 112 on
2023-04-11.
Certificates removed:
- Network Solutions Certificate Authority
- EC-ACC
- Staat der Nederlanden EV Root CA
[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_89_RTM/lib/ckfw/builtins/certdata.txt
PR-URL: https://github.com/nodejs/node/pull/47659
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
When searching for the latest certdata.txt, check that the file
exists on the remote server.
PR-URL: https://github.com/nodejs/node/pull/47607
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This reverts commit c05689ea6b952ad75c02513f1394c6f3d730bc9d.
PR-URL: https://github.com/nodejs/node/pull/47627
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>
GoogleTest follows the Abseil Live at Head philosophy, and rarely
creates tags or GitHub releases, so instead, follow Google's
recommendation and update to the upstream HEAD every once in a while.
The tricky bit is properly updating googletest.gyp, and this script
might fail doing so in the future.
Refs: https://github.com/nodejs/security-wg/issues/828
PR-URL: https://github.com/nodejs/node/pull/47482
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs/node/pull/47422
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
PR-URL: https://github.com/nodejs/node/pull/46930
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Automates the steps from `doc/contributing/maintaining-root-certs.md`.
Extend "Tools and deps update" workflow to use the new script to update
the root certificates.
PR-URL: https://github.com/nodejs/node/pull/47425
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Don't link intermediate executables with LTO in order to speed up
overall build time.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/47313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/44490
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Christian Clauss <cclauss@me.com>
signtool still defaults to SHA1, which is vulnerable to certain
collisions. This switches to SHA256, which is stronger and which also
matches the hash function used by the signing certificate.
Technically, `/fd certHash` would be a better choice, but I don't know
if it is widely supported.
PR-URL: https://github.com/nodejs/node/pull/47206
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/47175
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Christian Clauss <cclauss@me.com>
PR-URL: https://github.com/nodejs/node/pull/47044
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Add a Github Action that checks for new versions of the `OpenSSL`
library, and creates a PR to update it if a newer version than the one
present in the repo is found.
Refs: https://github.com/nodejs/security-wg/issues/828
PR-URL: https://github.com/nodejs/node/pull/45605
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
