crypto: update root-certificates to 3.96 #54680

nodejs-github-bot · 2024-09-01T00:34:27Z

This is an automated update of root-certificates to 3.96.

This is the certdata.txt[0] from NSS 3.96, released on 2023-12-14. This is the version of NSS that shipped in Firefox 122 on 2024-01-23. Certificates added: - Security Communication Root CA Certificates removed: - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 [0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_96_RTM/lib/ckfw/builtins/certdata.txt

github-actions · 2024-09-01T00:34:42Z

The notable-change PRs with changes that should be highlighted in changelogs. label has been added by @nodejs-github-bot.

Please suggest a text for the release notes if you'd like to include a more detailed summary, then proceed to update the PR description with the text or a link to the notable change suggested text comment. Otherwise, the commit will be placed in the Other Notable Changes section.

codecov · 2024-09-01T02:12:57Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 87.60%. Comparing base (4c844a2) to head (64b19b2).
Report is 610 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #54680      +/-   ##
==========================================
+ Coverage   87.33%   87.60%   +0.27%     
==========================================
  Files         650      650              
  Lines      182832   182832              
  Branches    35067    35380     +313     
==========================================
+ Hits       159670   160168     +498     
+ Misses      16421    15933     -488     
+ Partials     6741     6731      -10

see 60 files with indirect coverage changes

jasnell · 2024-09-08T17:18:39Z

PR is currently blocked from landing by unreliable CI. Looks like the OSX runner is jammed up.

nodejs-github-bot · 2024-09-14T14:24:09Z

CI: https://ci.nodejs.org/job/node-test-pull-request/62427/

nodejs-github-bot · 2024-09-21T15:47:48Z

CI: https://ci.nodejs.org/job/node-test-pull-request/62626/

cirospaciari · 2024-10-01T17:02:50Z

@jasnell looks like this PR downgrades to 3.96 current is 3.98 #51794
Firefox: 128 uses 3.101 and 131 is using 3.104

targos · 2024-10-01T19:23:28Z

The update script looks at https://wiki.mozilla.org/NSS:Release_Versions to determine the latest version.
There needs to be a date in the "NSS/NSPR Release from branch" column.
I don't know why 3.98 isn't there anymore.

richardlau · 2024-10-01T19:44:11Z

The update script looks at https://wiki.mozilla.org/NSS:Release_Versions to determine the latest version. There needs to be a date in the "NSS/NSPR Release from branch" column. I don't know 3.98 isn't there anymore.

FTR it was there in Feb when #51794 was opened: https://wiki.mozilla.org/index.php?title=NSS:Release_Versions&oldid=1249985

richardlau · 2024-11-01T18:57:24Z

I've opened #55681 to fix the update script and update the root certificates.

richardlau · 2024-11-03T19:54:42Z

Superseded by #55681.

nodejs-github-bot added crypto Issues and PRs related to the crypto subsystem. notable-change PRs with changes that should be highlighted in changelogs. labels Sep 1, 2024

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Sep 1, 2024

richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Sep 1, 2024

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 1, 2024