[v24.x backport] crypto, WebCrypto, and WebIDL updates#63563
Open
panva wants to merge 86 commits into
Open
Conversation
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: nodejs#63113 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Signed-off-by: Marco Ippolito <marcoippolito54@gmail.com> PR-URL: nodejs#63033 Reviewed-By: Pietro Marchini <pietro.marchini94@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: anshikakalpana <anshikajain196872@gmail.com> PR-URL: nodejs#63121 Refs: nodejs#62838 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: nodejs#62673 Reviewed-By: Daniel Lemire <daniel@lemire.me> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
- For imported CJS, if it's not customized by asynchronous hooks, make sure it won't use the quirky re-invented require in all cases. - When the imported CJS module is customized by synchronous hooks, in the synthetic module evalutation step, avoid calling the respective default step again. - Make the branching of loadCJSModuleWithModuleLoad() and loadCJSModuleWithSpecialRequire() more explicit, and fold the tentative fs read in the 'commonjs' translator into the share createCJSModuleWrap() helper instead of checking it twice in the same path. Signed-off-by: Joyee Cheung <joyeec9h3@gmail.com> PR-URL: nodejs#62920 Fixes: nodejs#63060 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Signed-off-by: Renegade334 <contact.9a5d6388@renegade334.me.uk> PR-URL: nodejs#63076 Refs: nodejs#63052 Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Edy Silva <edigleyssonsilva@gmail.com>
Signed-off-by: geeksilva97 <edigleyssonsilva@gmail.com> PR-URL: nodejs#63152 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: nodejs#63131 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Map BoringSSL's native renegotiation failure to ERR_TLS_RENEGOTIATION_UNSUPPORTED when TLSSocket#renegotiate() is called. This avoids exposing an implementation-specific OpenSSL error when the TLS backend does not support caller-initiated renegotiation. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63161 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: nodejs#63177 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
The Platform support section of the single-executable-applications doc listed `macOS` without qualifying which architecture is supported. SEA on x64 macOS is not supported and is skipped in CI; only arm64 macOS is exercised. Refs: nodejs#62893 Signed-off-by: mokashang <64570909+mokashang@users.noreply.github.com> PR-URL: nodejs#63181 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: nodejs#63200 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Jacob Smith <jacob@frende.me> Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Ignore CLAUDE.md and AGENTS.md in .gitignore, and exclude them from markdown and ESLint linting. Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: nodejs#62612 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Follow WHATWG streams spec update: whatwg/streams#1367 ReadableStreamBYOBRequest.view is always constructed as a Uint8Array. This changes the documented return type from ArrayBufferView to Uint8Array per the updated spec. Fixes: nodejs#62952 Signed-off-by: Jah-yee <166608075+Jah-yee@users.noreply.github.com> PR-URL: nodejs#63017 Reviewed-By: Mattias Buelens <mattias@buelens.com> Reviewed-By: Jason Zhang <xzha4350@gmail.com>
- Exclude routine dependency/WPT/bot PRs from the policy - Replace design document requirement with detailed PR description - Clarify dependency commit ordering for squash landing - Remove splitting strategies that contradict self-contained PRs - Add links from CONTRIBUTING.md, pull-requests.md, collaborator-guide.md Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: nodejs#62829 Fixes: nodejs#62752 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day> Reviewed-By: Ruy Adorno <ruy@vlt.sh>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: nodejs#63110 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
- Add `--help` / `-h` to `node inspect` covering both interactive and non-interactive probe modes. The help text is printed when `--help`/`-h` appears before any positional argument to avoid hijacking `--help` passed to a child script. - Improve the documentation of probe mode and add examples, explain same-location probe coalescing, TDZ caveat for let/const bindings, basename matching and exit code behavior. Also move it to a section parallel to interactive mode. Remove recommendation of evaluating structured expressions as that is prone to missing info in JSON mode. Drive-by: When probe mode exits due to invalid arguments, exit with `kInvalidCommandLineArgument` (9) instead of `kGenericUserError` (1). Signed-off-by: Joyee Cheung <joyeec9h3@gmail.com> PR-URL: nodejs#63201 Reviewed-By: Jan Martin <jan.krems@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Aviv Keller <me@aviv.sh>
Original commit message:
unix: fix pedantic compiler warnings (nodejs#5052)
Fixes: libuv/libuv#5051
Fixes: nodejs#63196
Refs: libuv/libuv#5052
Refs: libuv/libuv@a43e543
PR-URL: nodejs#63222
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Signed-off-by: geeksilva97 <edigleyssonsilva@gmail.com> PR-URL: nodejs#63204 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Chemi Atlow <chemi@atlow.co.il> Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
Original commit message:
[wasm] Update WebAssembly.Exception JS API
WebIDL specifies the existence of a
`WebAssembly.Exception.prototype.stack` getter.
WebIDL also expects the constructor to have 2 parameters (plus an
optional one).
https://webassembly.github.io/spec/js-api/#exceptions
Bug: 336347912, 42204334
Change-Id: I128e976a84f942dcf9b93a157534b15fad0f9215
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7697976
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#106215}
Refs: v8/v8@435a2cd
PR-URL: nodejs#63136
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
1) Fixed macOS default for missing kSecTrustSettingsResult When kSecTrustSettingsResult is absent from a trust settings dictionary, Apple specifies kSecTrustSettingsResultTrustRoot as the default value. Previously, the trust result evaluation (deny check, self-issued check, TrustAsRoot check) was inside the block that only executed when kSecTrustSettingsResult was explicitly present. When the key was absent, the function fell through to return UNSPECIFIED, incorrectly rejecting self-signed certificates that should have been trusted via the default. Move the trust result evaluation outside the conditional block so the default value of kSecTrustSettingsResultTrustRoot flows through the same code path as explicit values. This aligns with Chromium's trust_store_mac.cc implementation. 2) Fix CFRelease leak in IsTrustDictionaryTrustedForPolicy: the CFDictionaryRef returned by SecPolicyCopyProperties(policy_ref) was not released when the policy OID matched kSecPolicyAppleSSL. 3) Deduplicate certificates: SecItemCopyMatching can return the same certificate from multiple keychains. 4) Filter expired certificates. Signed-off-by: deepak1556 <hop2deep@gmail.com> PR-URL: nodejs#62576 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
PR-URL: nodejs#63232 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
PR-URL: nodejs#62823 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: nodejs#63112 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Aviv Keller <me@aviv.sh>
Signed-off-by: umuoy1 <burningdian@gmail.com> PR-URL: nodejs#62710 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Vladimir Morozov <vmorozov@microsoft.com>
PR-URL: nodejs#63235 Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Signed-off-by: Mike McCready <66998419+MikeMcC399@users.noreply.github.com> PR-URL: nodejs#63187 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Mike McCready <66998419+MikeMcC399@users.noreply.github.com> PR-URL: nodejs#63211 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Stefan Stojanovic <stefan.stojanovic@janeasystems.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com> PR-URL: nodejs#63165 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Signed-off-by: Robin Malfait <malfait.robin@gmail.com> PR-URL: nodejs#63247 Reviewed-By: René <contact.9a5d6388@renegade334.me.uk> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Clone CryptoKey algorithm dictionaries into null-prototype objects before storing or caching them internally. Copy nested hash dictionaries and publicExponent bytes so internal consumers and transferred keys do not observe user-mutable input objects or polluted Object.prototype fields. Keep public algorithm and inspect output as ordinary objects. Make the clone path check only own hash and publicExponent properties. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63111 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Add ESLint rules that reject public KeyObject and CryptoKey accessor reads after internal brand checks. Internal code must use the private key helpers so it reads native-backed slots instead of user-replaceable properties. Add a separate rule that rejects instanceof checks against KeyObject and CryptoKey constructors, including the global CryptoKey constructor. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63111 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
BoringSSL declares EVP_CIPHER_do_all_sorted and EVP_MD_do_all_sorted, but stock no-decrepit builds do not provide those symbols. Add a Node build flag that keeps ncrypto and its dependents on a local BoringSSL fallback list when libdecrepit is absent. Keep embedders that provide the EVP enumeration symbols on the normal OpenSSL-compatible path, matching Electron's patched BoringSSL build. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63206 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Add OPENSSL_WITH_* feature macros for crypto capabilities that vary by OpenSSL version and use those instead of repeating version checks. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63255 Refs: electron/electron#36256 Refs: electron/electron#41720 Refs: electron/electron#51127 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63255 Refs: electron/electron#36256 Refs: electron/electron#41720 Refs: electron/electron#51127 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63255 Refs: electron/electron#36256 Refs: electron/electron#41720 Refs: electron/electron#51127 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63255 Refs: electron/electron#36256 Refs: electron/electron#41720 Refs: electron/electron#51127 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Add a WebCrypto-specific CryptoJob mode that returns a promise from run() and resolves it when native work is finished. Encode job output directly as Web Crypto values, including CryptoKey instances and CryptoKeyPair dictionaries. Convert operation-specific setup failures from AdditionalConfig into OperationError rejections. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63363 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Remove async function wrappers from SubtleCrypto methods while keeping their public promise-returning behaviour. Route method entry points through a shared helper that converts synchronous validation errors into rejected promises. Let the internal implementations return native job promises directly. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63363 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Pass CryptoKey handles directly into KDF jobs instead of exporting secret bytes in lib. Normalize HKDF, PBKDF2, and Argon2 around the same job construction pattern so WebCrypto derivation paths avoid extra key material copies and keep operation failures in native job handling. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63363 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
Avoid re-wrapping native WebCrypto promises with PromiseResolve(), since resolving a promise can read its user-mutated constructor. Add a helper for chaining internal WebCrypto job promises without consulting Promise species state, and use it for intermediate job results. Also align JWK wrapping and unwrapping with the spec's fresh-global JSON handling by detaching internal JWK values from user prototypes. Use the internal UTF-8 encoder/decoder bindings instead of shared TextEncoder/TextDecoder prototype methods. Expand the WebCrypto prototype pollution regression test to cover SubtleCrypto methods, export formats, zero-length KDF results, JWK toJSON/kty pollution, and encoder/decoder prototype poisoning. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63363 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: René <contact.9a5d6388@renegade334.me.uk>
PR-URL: nodejs#63417 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Rework lib/internal/webidl.js into a documented shared converter module that follows the Web IDL conversion algorithms more closely. Improvements: - Add documented converters and helper factories for primitive values, dictionaries, enums, sequences, interfaces, required arguments, integers, `Uint8Array`, and `BufferSource`. - Move WebCrypto onto the shared converters, while keeping compatibility wrappers for its existing `BufferSource` and `BigInteger` behavior. - Use shared converters from Blob, Performance, Web Locks, and structured clone option handling. - Add benchmarks for `ConvertToInt` and WebCrypto Web IDL converter hot paths. - Add focused tests for core converters, WebCrypto converters, integer conversion, and buffer source behavior. Fixes: - Make the shared `BufferSource` and `Uint8Array` converters reject resizable `ArrayBuffer` and growable `SharedArrayBuffer` backing stores unless explicitly allowed. WebCrypto preserves its legacy resizable backing-store behavior through compatibility wrappers until a semver-major follow-up can opt in to the stricter behavior. - Use Web IDL `ToNumber` and `ToString` behavior for BigInt, Symbol, and object primitive conversion. - Use exact BigInt modulo for 64-bit `ConvertToInt` wrapping and document the final Number approximation behavior. - Normalize mathematical modulo results to `+0` where Web IDL requires it. - Process inherited dictionaries in least-derived to most-derived order, sorting members only within each dictionary level. - Use `IteratorComplete` truthiness for sequence conversion. - Cover detached buffers, resizable-backed views, growable-backed views, cross-realm buffer sources, mutation-after-call behavior, inherited dictionary member order, and sequence iterator completion behavior. Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#62979 Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Instead of first discarding the top 24 bits of the argument and then checking that the low 8 bits are within the expected range, first check that the original 32-bit integer is within the expected range and then discard the top 24 bits. PR-URL: nodejs#62763 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Xuguang Mei <meixuguang@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This comment was marked as outdated.
This comment was marked as outdated.
aduh95
reviewed
May 26, 2026
aduh95
approved these changes
May 26, 2026
This comment was marked as outdated.
This comment was marked as outdated.
Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#62645 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#63161 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Collaborator
panva
added
the
author ready
Contributor
|
Should #63584 be included here? |
Member
Author
|
#62645 is there |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#63363 should release on v26.x first before this goes in