v16.2.0 release proposal

.github/CODEOWNERS

@@ -115,3 +115,7 @@
 /lib/internal/bootstrap/* @nodejs/startup
 /tools/code_cache/* @nodejs/startup
 /tools/snapshot/* @nodejs/startup
+
+# V8
+/deps/v8/* @nodejs/v8-update
+/tools/v8_gypfiles/* @nodejs/v8-update

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,9 +1,9 @@
 <!--
 Before submitting a pull request, please read
-https://github.com/nodejs/node/blob/master/CONTRIBUTING.md.
+https://github.com/nodejs/node/blob/HEAD/CONTRIBUTING.md.
 
 Commit message formatting guidelines:
-https://github.com/nodejs/node/blob/master/doc/guides/contributing/pull-requests.md#commit-message-guidelines
+https://github.com/nodejs/node/blob/HEAD/doc/guides/contributing/pull-requests.md#commit-message-guidelines
 
 For code changes:
 1. Include tests for any bug fixes or new features.

.github/workflows/build-tarball.yml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - master
+      - main
       - v[0-9]+.x-staging
       - v[0-9]+.x
 

.github/workflows/build-windows.yml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - master
+      - main
       - canary
       - v[0-9]+.x-staging
       - v[0-9]+.x

.github/workflows/commit-queue.yml

@@ -28,7 +28,7 @@ jobs:
           # See https://github.com/nodejs/node-core-utils/pull/486
           fetch-depth: 0
           # A personal token is required because pushing with GITHUB_TOKEN will
-          # prevent commits from running CI after they land on master. It needs
+          # prevent commits from running CI after they land. It needs
           # to be set here because `checkout` configures GitHub authentication
           # for push as well.
           token: ${{ secrets.GH_USER_TOKEN }}
@@ -63,15 +63,13 @@ jobs:
           owner: ${{ env.OWNER }}
           repo: ${{ env.REPOSITORY }}
           # Commit queue is only enabled for the default branch on the repository
-          # TODO(mmarchini): get the default branch programmatically instead of
-          # assuming `master`
-          base_ref: "master"
+          base_ref: ${{ github.repository.default_branch }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Configure node-core-utils
         run: |
-          ncu-config set branch master
+          ncu-config set branch ${{ github.repository.default_branch }}
           ncu-config set upstream origin
           ncu-config set username "${{ secrets.GH_USER_NAME }}"
           ncu-config set token "${{ secrets.GH_USER_TOKEN }}"

.github/workflows/coverage-linux.yml

@@ -10,6 +10,7 @@ on:
   push:
     branches:
       - master
+      - main
     paths-ignore:
       - 'doc/**'
       - 'deps/**'

.github/workflows/coverage-windows.yml

@@ -10,6 +10,7 @@ on:
   push:
     branches:
       - master
+      - main
     paths-ignore:
       - 'doc/**'
       - 'deps/**'

.github/workflows/linters.yml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - master
+      - main
       - v[0-9]+.x-staging
       - v[0-9]+.x
 

.github/workflows/misc.yml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - master
+      - main
       - v[0-9]+.x-staging
       - v[0-9]+.x
 

.github/workflows/notify-force-push.yml

@@ -2,6 +2,7 @@ on:
   push:
     branches:
       - master
+      - main
 
 name: Notify on Force Push
 jobs:
@@ -17,7 +18,7 @@ jobs:
         SLACK_ICON: https://github.com/nodejs.png?size=48
         SLACK_TITLE: '${{ github.actor }} force-pushed to ${{ github.ref }}'
         SLACK_MESSAGE: |
-          A commit was force-pushed to <https://github.com/${{ github.repository }}/tree/master|${{ github.repository }}@master> by <https://github.com/${{ github.actor }}|${{ github.actor }}>
+          A commit was force-pushed to <https://github.com/${{ github.repository }}/tree/${{ github.repository.default_branch }}|${{ github.repository }}@${{ github.repository.default_branch }}> by <https://github.com/${{ github.actor }}|${{ github.actor }}>
 
           Before: <https://github.com/${{ github.repository }}/commit/${{ github.event.before }}|${{ github.event.before }}>
           After: <https://github.com/${{ github.repository }}/commit/${{ github.event.after }}|${{ github.event.after }}>

.github/workflows/test-asan.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - master
+      - main
       - canary
       - v[0-9]+.x-staging
       - v[0-9]+.x

.github/workflows/test-linux.yml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - master
+      - main
       - canary
       - v[0-9]+.x-staging
       - v[0-9]+.x

.github/workflows/test-macos.yml

@@ -7,6 +7,7 @@ on:
   push:
     branches:
       - master
+      - main
       - canary
       - v[0-9]+.x-staging
       - v[0-9]+.x

BUILDING.md

@@ -246,8 +246,6 @@ Installation via Linux package manager can be achieved with:
 
 FreeBSD and OpenBSD users may also need to install `libexecinfo`.
 
-Python 3 users may also need to install `python3-distutils`.
-
 #### macOS prerequisites
 
 * Xcode Command Line Tools >= 11 for macOS
@@ -271,11 +269,6 @@ $ ./configure
 $ make -j4
 ```
 
-If you run into a `No module named 'distutils.spawn'` error when executing
-`./configure`, please try `python3 -m pip install --upgrade setuptools` or
-`sudo apt install python3-distutils -y`.
-For more information, see <https://github.com/nodejs/node/issues/30189>.
-
 The `-j4` option will cause `make` to run 4 simultaneous compilation jobs which
 may reduce build time. For more information, see the
 [GNU Make Documentation](https://www.gnu.org/software/make/manual/html_node/Parallel.html).
@@ -563,7 +556,7 @@ to run it again before invoking `make -j4`.
 * [Python 3.9](https://www.microsoft.com/en-us/p/python-39/9p7qfqmjrfp7)
 * The "Desktop development with C++" workload from
   [Visual Studio 2019](https://visualstudio.microsoft.com/downloads/) or
-  the "Visual C++ build tools" workload from the
+  the "C++ build tools" workload from the
   [Build Tools](https://visualstudio.microsoft.com/downloads/#build-tools-for-visual-studio-2019),
   with the default optional components
 * Basic Unix tools required for some tests,
@@ -660,7 +653,7 @@ $ make
 
 ## `Intl` (ECMA-402) support
 
-[Intl](https://github.com/nodejs/node/blob/master/doc/api/intl.md) support is
+[Intl](https://github.com/nodejs/node/blob/HEAD/doc/api/intl.md) support is
 enabled by default.
 
 ### Build with full ICU support (all locales supported by ICU)
@@ -766,7 +759,135 @@ as `deps/icu` (You'll have: `deps/icu/source/...`)
 
 ## Building Node.js with FIPS-compliant OpenSSL
 
-The current version of Node.js does not support FIPS.
+The current version of Node.js does not support FIPS when statically linking
+(the default) with OpenSSL 1.1.1 but for dynamically linking it is possible
+to enable FIPS using the configuration flag `--openssl-is-fips`.
+
+### Configuring and building quictls/openssl for FIPS
+
+For quictls/openssl 3.0 it is possible to enable FIPS when dynamically linking.
+Node.js currently uses openssl-3.0.0+quic which can be configured as
+follows:
+```console
+$ git clone git@github.com:quictls/openssl.git
+$ cd openssl
+$ ./config --prefix=/path/to/install/dir/ shared enable-fips linux-x86_64
+```
+This can be compiled and installed using the following commands:
+```console
+$ make -j8
+$ make install_ssldirs
+$ make install_fips
+```
+
+After the FIPS module and configuration file have been installed by the above
+instructions we also need to update `/path/to/install/dir/ssl/openssl.cnf` to
+use the generated FIPS configuration file (`fipsmodule.cnf`):
+```text
+.include fipsmodule.cnf
+
+# List of providers to load
+[provider_sect]
+default = default_sect
+# The fips section name should match the section name inside the
+# included /path/to/install/dir/ssl/fipsmodule.cnf.
+fips = fips_sect
+
+[default_sect]
+activate = 1
+```
+
+In the above case OpenSSL is not installed in the default location so two
+environment variables need to be set, `OPENSSL_CONF`, and `OPENSSL_MODULES`
+which should point to the OpenSSL configuration file and the directory where
+OpenSSL modules are located:
+```console
+$ export OPENSSL_CONF=/path/to/install/dir/ssl/openssl.cnf
+$ export OPENSSL_MODULES=/path/to/install/dir/lib/ossl-modules
+```
+
+Node.js can then be configured to enable FIPS:
+```console
+$ ./configure --shared-openssl --shared-openssl-libpath=/path/to/install/dir/lib --shared-openssl-includes=/path/to/install/dir/include --shared-openssl-libname=crypto,ssl --openssl-is-fips
+$ export LD_LIBRARY_PATH=/path/to/install/dir/lib
+$ make -j8
+```
+
+Verify the produced executable:
+```console
+$ ldd ./node
+    linux-vdso.so.1 (0x00007ffd7917b000)
+    libcrypto.so.81.3 => /path/to/install/dir/lib/libcrypto.so.81.3 (0x00007fd911321000)
+    libssl.so.81.3 => /path/to/install/dir/lib/libssl.so.81.3 (0x00007fd91125e000)
+    libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007fd911232000)
+    libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007fd911039000)
+    libm.so.6 => /usr/lib64/libm.so.6 (0x00007fd910ef3000)
+    libgcc_s.so.1 => /usr/lib64/libgcc_s.so.1 (0x00007fd910ed9000)
+    libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007fd910eb5000)
+    libc.so.6 => /usr/lib64/libc.so.6 (0x00007fd910cec000)
+    /lib64/ld-linux-x86-64.so.2 (0x00007fd9117f2000)
+```
+If the `ldd` command says that `libcrypto` cannot be found one needs to set
+`LD_LIBRARY_PATH` to point to the directory used above for
+`--shared-openssl-libpath` (see previous step).
+
+Verify the OpenSSL version:
+```console
+$ ./node -p process.versions.openssl
+3.0.0-alpha16+quic
+```
+
+Verify that FIPS is available:
+```console
+$ ./node -p 'process.config.variables.openssl_is_fips'
+true
+$ ./node --enable-fips -p 'crypto.getFips()'
+1
+```
+
+FIPS support can then be enable via the OpenSSL configuration file or
+using `--enable-fips` or `--force-fips` command line options to the Node.js
+executable. See sections
+[Enabling FIPS using Node.js options](#enabling-fips-using-node.js-options) and
+[Enabling FIPS using OpenSSL config](#enabling-fips-using-openssl-config) below.
+
+### Enabling FIPS using Node.js options
+This is done using one of the Node.js options `--enable-fips` or
+`--force-fips`, for example:
+```console
+$ node --enable-fips -p 'crypto.getFips()'
+```
+
+### Enabling FIPS using OpenSSL config
+This example show that using OpenSSL's configuration file, FIPS can be enabled
+without specifying the `--enable-fips` or `--force-fips` options by setting
+`default_properties = fips=yes` in the FIPS configuration file. See
+[link](https://github.com/openssl/openssl/blob/master/README-FIPS.md#loading-the-fips-module-at-the-same-time-as-other-providers)
+for details.
+
+For this to work the OpenSSL configuration file (default openssl.cnf) needs to
+be updated. The following shows an example:
+```console
+openssl_conf = openssl_init
+
+.include /path/to/install/dir/ssl/fipsmodule.cnf
+
+[openssl_init]
+providers = prov
+alg_section = algorithm_sect
+
+[prov]
+fips = fips_sect
+default = default_sect
+
+[default_sect]
+activate = 1
+
+[algorithm_sect]
+default_properties = fips=yes
+```
+After this change Node.js can be run without the `--enable-fips` or `--force-fips`
+options.
 
 ## Building Node.js with external core modules
 
@@ -804,4 +925,4 @@ When Node.js is built (with an intention to distribute) with an ABI
 incompatible with the official Node.js builds (e.g. using a ABI incompatible
 version of a dependency), please reserve and use a custom `NODE_MODULE_VERSION`
 by opening a pull request against the registry available at
-<https://github.com/nodejs/node/blob/master/doc/abi_version_registry.json>.
+<https://github.com/nodejs/node/blob/HEAD/doc/abi_version_registry.json>.

CHANGELOG.md

@@ -33,7 +33,8 @@ release.
 </tr>
 <tr>
     <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V16.md#16.1.0">16.1.0</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V16.md#16.2.0">16.2.0</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V16.md#16.1.0">16.1.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V16.md#16.0.0">16.0.0</a><br/>
     </td>
     <td valign="top">

GOVERNANCE.md

@@ -173,5 +173,5 @@ The TSC follows a [Consensus Seeking][] decision-making model per the
 
 [Collaborators discussion page]: https://github.com/orgs/nodejs/teams/collaborators/discussions
 [Consensus Seeking]: https://en.wikipedia.org/wiki/Consensus-seeking_decision-making
-[TSC Charter]: https://github.com/nodejs/TSC/blob/master/TSC-Charter.md
+[TSC Charter]: https://github.com/nodejs/TSC/blob/HEAD/TSC-Charter.md
 [nodejs/node]: https://github.com/nodejs/node

README.md

@@ -176,7 +176,7 @@ For information about the governance of the Node.js project, see
 * [fhinkel](https://github.com/fhinkel) -
 **Franziska Hinkelmann** <franziska.hinkelmann@gmail.com> (she/her)
 * [gabrielschulhof](https://github.com/gabrielschulhof) -
-**Gabriel Schulhof** <gabriel.schulhof@intel.com>
+**Gabriel Schulhof** <gabrielschulhof@gmail.com>
 * [gireeshpunathil](https://github.com/gireeshpunathil) -
 **Gireesh Punathil** <gpunathi@in.ibm.com> (he/him)
 * [jasnell](https://github.com/jasnell) -
@@ -314,7 +314,7 @@ For information about the governance of the Node.js project, see
 * [Flarna](https://github.com/Flarna) -
 **Gerhard Stöbich** <deb2001-github@yahoo.de>  (he/they)
 * [gabrielschulhof](https://github.com/gabrielschulhof) -
-**Gabriel Schulhof** <gabriel.schulhof@intel.com>
+**Gabriel Schulhof** <gabrielschulhof@gmail.com>
 * [gdams](https://github.com/gdams) -
 **George Adams** <george.adams@uk.ibm.com> (he/him)
 * [geek](https://github.com/geek) -
@@ -681,13 +681,13 @@ Other keys used to sign some previous releases:
 Node.js is available under the
 [MIT license](https://opensource.org/licenses/MIT). Node.js also includes
 external libraries that are available under a variety of licenses.  See
-[LICENSE](https://github.com/nodejs/node/blob/master/LICENSE) for the full
+[LICENSE](https://github.com/nodejs/node/blob/HEAD/LICENSE) for the full
 license text.
 
-[Code of Conduct]: https://github.com/nodejs/admin/blob/master/CODE_OF_CONDUCT.md
+[Code of Conduct]: https://github.com/nodejs/admin/blob/HEAD/CODE_OF_CONDUCT.md
 [Contributing to the project]: CONTRIBUTING.md
 [Node.js Website]: https://nodejs.org/
 [OpenJS Foundation]: https://openjsf.org/
-[Strategic Initiatives]: https://github.com/nodejs/TSC/blob/master/Strategic-Initiatives.md
+[Strategic Initiatives]: https://github.com/nodejs/TSC/blob/HEAD/Strategic-Initiatives.md
 [Technical values and prioritization]: doc/guides/technical-values.md
-[Working Groups]: https://github.com/nodejs/TSC/blob/master/WORKING_GROUPS.md
+[Working Groups]: https://github.com/nodejs/TSC/blob/HEAD/WORKING_GROUPS.md

SECURITY.md

@@ -26,7 +26,7 @@ maintainers and should also be coordinated through the Node.js Ecosystem
 Security Team via [HackerOne](https://hackerone.com/nodejs-ecosystem).
 
 Details regarding this process can be found in the
-[Security Working Group repository](https://github.com/nodejs/security-wg/blob/master/processes/third_party_vuln_process.md).
+[Security Working Group repository](https://github.com/nodejs/security-wg/blob/HEAD/processes/third_party_vuln_process.md).
 
 Thank you for improving the security of Node.js and its ecosystem. Your efforts
 and responsible disclosure are greatly appreciated and will be acknowledged.

benchmark/_http-benchmarkers.js

@@ -5,7 +5,7 @@ const path = require('path');
 const fs = require('fs');
 
 const requirementsURL =
-  'https://github.com/nodejs/node/blob/master/benchmark/writing-and-running-benchmarks.md#http-benchmark-requirements';
+  'https://github.com/nodejs/node/blob/HEAD/benchmark/writing-and-running-benchmarks.md#http-benchmark-requirements';
 
 // The port used by servers and wrk
 exports.PORT = Number(process.env.PORT) || 12346;