deps: update elysia to 1.4.25 (1.4.25)

…int.generate()

`ServerEntryPoint.source` defaults to `undefined`, and accessing its
`.contents` or `.path.text` fields before `generate()` has been called
causes a segfault. This happens when `bun:main` is resolved in contexts
where `entry_point.generate()` is skipped (HTML entry points) or never
called (test runner).

Add a `generated` flag to `ServerEntryPoint` and guard both access
sites:
- `getHardcodedModule()` in ModuleLoader.zig (returns null instead of
crashing)
- `_resolve()` in VirtualMachine.zig (falls through to normal
resolution)

### What does this PR do?

### How did you verify your code works?

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>

packages/bun-usockets/certdata.txt

@@ -23196,557 +23196,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-#
-# Certificate "CommScope Public Trust ECC Root-01"
-#
-# Issuer: CN=CommScope Public Trust ECC Root-01,O=CommScope,C=US
-# Serial Number:43:70:82:77:cf:4d:5d:34:f1:ca:ae:32:2f:37:f7:f4:7f:75:a0:9e
-# Subject: CN=CommScope Public Trust ECC Root-01,O=CommScope,C=US
-# Not Valid Before: Wed Apr 28 17:35:43 2021
-# Not Valid After : Sat Apr 28 17:35:42 2046
-# Fingerprint (SHA-256): 11:43:7C:DA:7B:B4:5E:41:36:5F:45:B3:9A:38:98:6B:0D:E0:0D:EF:34:8E:0C:7B:B0:87:36:33:80:0B:C3:8B
-# Fingerprint (SHA1): 07:86:C0:D8:DD:8E:C0:80:98:06:98:D0:58:7A:EF:DE:A6:CC:A2:5D
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "CommScope Public Trust ECC Root-01"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\105\103\103\040\122\157\157\164\055\060\061
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\105\103\103\040\122\157\157\164\055\060\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\103\160\202\167\317\115\135\064\361\312\256\062\057\067
-\367\364\177\165\240\236
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\035\060\202\001\243\240\003\002\001\002\002\024\103
-\160\202\167\317\115\135\064\361\312\256\062\057\067\367\364\177
-\165\240\236\060\012\006\010\052\206\110\316\075\004\003\003\060
-\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061\022
-\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143\157
-\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157\155
-\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124\162
-\165\163\164\040\105\103\103\040\122\157\157\164\055\060\061\060
-\036\027\015\062\061\060\064\062\070\061\067\063\065\064\063\132
-\027\015\064\066\060\064\062\070\061\067\063\065\064\062\132\060
-\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061\022
-\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143\157
-\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157\155
-\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124\162
-\165\163\164\040\105\103\103\040\122\157\157\164\055\060\061\060
-\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201
-\004\000\042\003\142\000\004\113\066\351\256\127\136\250\160\327
-\320\217\164\142\167\303\136\172\252\345\266\242\361\170\375\002
-\176\127\335\221\171\234\154\271\122\210\124\274\057\004\276\270
-\315\366\020\321\051\354\265\320\240\303\360\211\160\031\273\121
-\145\305\103\234\303\233\143\235\040\203\076\006\013\246\102\104
-\205\021\247\112\072\055\351\326\150\057\110\116\123\053\007\077
-\115\275\271\254\167\071\127\243\102\060\100\060\017\006\003\125
-\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003
-\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003
-\125\035\016\004\026\004\024\216\007\142\300\120\335\306\031\006
-\000\106\164\004\367\363\256\175\165\115\060\060\012\006\010\052
-\206\110\316\075\004\003\003\003\150\000\060\145\002\061\000\234
-\063\337\101\343\043\250\102\066\046\227\065\134\173\353\333\113
-\370\252\213\163\125\025\134\254\170\051\017\272\041\330\304\240
-\330\321\003\335\155\321\071\075\304\223\140\322\343\162\262\002
-\060\174\305\176\210\323\120\365\036\045\350\372\116\165\346\130
-\226\244\065\137\033\145\352\141\232\160\043\265\015\243\233\222
-\122\157\151\240\214\215\112\320\356\213\016\313\107\216\320\215
-\021
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "CommScope Public Trust ECC Root-01"
-# Issuer: CN=CommScope Public Trust ECC Root-01,O=CommScope,C=US
-# Serial Number:43:70:82:77:cf:4d:5d:34:f1:ca:ae:32:2f:37:f7:f4:7f:75:a0:9e
-# Subject: CN=CommScope Public Trust ECC Root-01,O=CommScope,C=US
-# Not Valid Before: Wed Apr 28 17:35:43 2021
-# Not Valid After : Sat Apr 28 17:35:42 2046
-# Fingerprint (SHA-256): 11:43:7C:DA:7B:B4:5E:41:36:5F:45:B3:9A:38:98:6B:0D:E0:0D:EF:34:8E:0C:7B:B0:87:36:33:80:0B:C3:8B
-# Fingerprint (SHA1): 07:86:C0:D8:DD:8E:C0:80:98:06:98:D0:58:7A:EF:DE:A6:CC:A2:5D
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "CommScope Public Trust ECC Root-01"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\007\206\300\330\335\216\300\200\230\006\230\320\130\172\357\336
-\246\314\242\135
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\072\100\247\374\003\214\234\070\171\057\072\242\154\266\012\026
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\105\103\103\040\122\157\157\164\055\060\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\103\160\202\167\317\115\135\064\361\312\256\062\057\067
-\367\364\177\165\240\236
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "CommScope Public Trust ECC Root-02"
-#
-# Issuer: CN=CommScope Public Trust ECC Root-02,O=CommScope,C=US
-# Serial Number:28:fd:99:60:41:47:a6:01:3a:ca:14:7b:1f:ef:f9:68:08:83:5d:7d
-# Subject: CN=CommScope Public Trust ECC Root-02,O=CommScope,C=US
-# Not Valid Before: Wed Apr 28 17:44:54 2021
-# Not Valid After : Sat Apr 28 17:44:53 2046
-# Fingerprint (SHA-256): 2F:FB:7F:81:3B:BB:B3:C8:9A:B4:E8:16:2D:0F:16:D7:15:09:A8:30:CC:9D:73:C2:62:E5:14:08:75:D1:AD:4A
-# Fingerprint (SHA1): 3C:3F:EF:57:0F:FE:65:93:86:9E:A0:FE:B0:F6:ED:8E:D1:13:C7:E5
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "CommScope Public Trust ECC Root-02"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\105\103\103\040\122\157\157\164\055\060\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\105\103\103\040\122\157\157\164\055\060\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\050\375\231\140\101\107\246\001\072\312\024\173\037\357
-\371\150\010\203\135\175
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\034\060\202\001\243\240\003\002\001\002\002\024\050
-\375\231\140\101\107\246\001\072\312\024\173\037\357\371\150\010
-\203\135\175\060\012\006\010\052\206\110\316\075\004\003\003\060
-\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061\022
-\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143\157
-\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157\155
-\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124\162
-\165\163\164\040\105\103\103\040\122\157\157\164\055\060\062\060
-\036\027\015\062\061\060\064\062\070\061\067\064\064\065\064\132
-\027\015\064\066\060\064\062\070\061\067\064\064\065\063\132\060
-\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061\022
-\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143\157
-\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157\155
-\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124\162
-\165\163\164\040\105\103\103\040\122\157\157\164\055\060\062\060
-\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201
-\004\000\042\003\142\000\004\170\060\201\350\143\036\345\353\161
-\121\017\367\007\007\312\071\231\174\116\325\017\314\060\060\013
-\217\146\223\076\317\275\305\206\275\371\261\267\264\076\264\007
-\310\363\226\061\363\355\244\117\370\243\116\215\051\025\130\270
-\325\157\177\356\154\042\265\260\257\110\105\012\275\250\111\224
-\277\204\103\260\333\204\112\003\043\031\147\152\157\301\156\274
-\006\071\067\321\210\042\367\243\102\060\100\060\017\006\003\125
-\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003
-\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003
-\125\035\016\004\026\004\024\346\030\165\377\357\140\336\204\244
-\365\106\307\336\112\125\343\062\066\171\365\060\012\006\010\052
-\206\110\316\075\004\003\003\003\147\000\060\144\002\060\046\163
-\111\172\266\253\346\111\364\175\122\077\324\101\004\256\200\103
-\203\145\165\271\205\200\070\073\326\157\344\223\206\253\217\347
-\211\310\177\233\176\153\012\022\125\141\252\021\340\171\002\060
-\167\350\061\161\254\074\161\003\326\204\046\036\024\270\363\073
-\073\336\355\131\374\153\114\060\177\131\316\105\351\163\140\025
-\232\114\360\346\136\045\042\025\155\302\207\131\320\262\216\152
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "CommScope Public Trust ECC Root-02"
-# Issuer: CN=CommScope Public Trust ECC Root-02,O=CommScope,C=US
-# Serial Number:28:fd:99:60:41:47:a6:01:3a:ca:14:7b:1f:ef:f9:68:08:83:5d:7d
-# Subject: CN=CommScope Public Trust ECC Root-02,O=CommScope,C=US
-# Not Valid Before: Wed Apr 28 17:44:54 2021
-# Not Valid After : Sat Apr 28 17:44:53 2046
-# Fingerprint (SHA-256): 2F:FB:7F:81:3B:BB:B3:C8:9A:B4:E8:16:2D:0F:16:D7:15:09:A8:30:CC:9D:73:C2:62:E5:14:08:75:D1:AD:4A
-# Fingerprint (SHA1): 3C:3F:EF:57:0F:FE:65:93:86:9E:A0:FE:B0:F6:ED:8E:D1:13:C7:E5
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "CommScope Public Trust ECC Root-02"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\074\077\357\127\017\376\145\223\206\236\240\376\260\366\355\216
-\321\023\307\345
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\131\260\104\325\145\115\270\134\125\031\222\002\266\321\224\262
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\105\103\103\040\122\157\157\164\055\060\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\050\375\231\140\101\107\246\001\072\312\024\173\037\357
-\371\150\010\203\135\175
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "CommScope Public Trust RSA Root-01"
-#
-# Issuer: CN=CommScope Public Trust RSA Root-01,O=CommScope,C=US
-# Serial Number:3e:03:49:81:75:16:74:31:8e:4c:ab:d5:c5:90:29:96:c5:39:10:dd
-# Subject: CN=CommScope Public Trust RSA Root-01,O=CommScope,C=US
-# Not Valid Before: Wed Apr 28 16:45:54 2021
-# Not Valid After : Sat Apr 28 16:45:53 2046
-# Fingerprint (SHA-256): 02:BD:F9:6E:2A:45:DD:9B:F1:8F:C7:E1:DB:DF:21:A0:37:9B:A3:C9:C2:61:03:44:CF:D8:D6:06:FE:C1:ED:81
-# Fingerprint (SHA1): 6D:0A:5F:F7:B4:23:06:B4:85:B3:B7:97:64:FC:AC:75:F5:33:F2:93
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "CommScope Public Trust RSA Root-01"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\122\123\101\040\122\157\157\164\055\060\061
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\122\123\101\040\122\157\157\164\055\060\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\076\003\111\201\165\026\164\061\216\114\253\325\305\220
-\051\226\305\071\020\335
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\154\060\202\003\124\240\003\002\001\002\002\024\076
-\003\111\201\165\026\164\061\216\114\253\325\305\220\051\226\305
-\071\020\335\060\015\006\011\052\206\110\206\367\015\001\001\013
-\005\000\060\116\061\013\060\011\006\003\125\004\006\023\002\125
-\123\061\022\060\020\006\003\125\004\012\014\011\103\157\155\155
-\123\143\157\160\145\061\053\060\051\006\003\125\004\003\014\042
-\103\157\155\155\123\143\157\160\145\040\120\165\142\154\151\143
-\040\124\162\165\163\164\040\122\123\101\040\122\157\157\164\055
-\060\061\060\036\027\015\062\061\060\064\062\070\061\066\064\065
-\065\064\132\027\015\064\066\060\064\062\070\061\066\064\065\065
-\063\132\060\116\061\013\060\011\006\003\125\004\006\023\002\125
-\123\061\022\060\020\006\003\125\004\012\014\011\103\157\155\155
-\123\143\157\160\145\061\053\060\051\006\003\125\004\003\014\042
-\103\157\155\155\123\143\157\160\145\040\120\165\142\154\151\143
-\040\124\162\165\163\164\040\122\123\101\040\122\157\157\164\055
-\060\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015
-\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
-\002\001\000\260\110\145\243\015\035\102\343\221\155\235\204\244
-\141\226\022\302\355\303\332\043\064\031\166\366\352\375\125\132
-\366\125\001\123\017\362\314\214\227\117\271\120\313\263\001\104
-\126\226\375\233\050\354\173\164\013\347\102\153\125\316\311\141
-\262\350\255\100\074\272\271\101\012\005\117\033\046\205\217\103
-\265\100\265\205\321\324\161\334\203\101\363\366\105\307\200\242
-\204\120\227\106\316\240\014\304\140\126\004\035\007\133\106\245
-\016\262\113\244\016\245\174\356\370\324\142\003\271\223\152\212
-\024\270\160\370\056\202\106\070\043\016\164\307\153\101\267\320
-\051\243\235\200\260\176\167\223\143\102\373\064\203\073\163\243
-\132\041\066\353\107\372\030\027\331\272\146\302\223\244\217\374
-\135\244\255\374\120\152\225\254\274\044\063\321\275\210\177\206
-\365\365\262\163\052\217\174\257\010\362\032\230\077\251\201\145
-\077\301\214\211\305\226\060\232\012\317\364\324\310\064\355\235
-\057\274\215\070\206\123\356\227\237\251\262\143\224\027\215\017
-\334\146\052\174\122\121\165\313\231\216\350\075\134\277\236\073
-\050\215\203\002\017\251\237\162\342\054\053\263\334\146\227\000
-\100\320\244\124\216\233\135\173\105\066\046\326\162\103\353\317
-\300\352\015\334\316\022\346\175\070\237\005\047\250\227\076\351
-\121\306\154\005\050\301\002\017\351\030\155\354\275\234\006\324
-\247\111\364\124\005\153\154\060\361\353\003\325\352\075\152\166
-\302\313\032\050\111\115\177\144\340\372\053\332\163\203\201\377
-\221\003\275\224\273\344\270\216\234\062\143\315\237\273\150\201
-\261\204\133\257\066\277\167\356\035\177\367\111\233\122\354\322
-\167\132\175\221\235\115\302\071\055\344\272\202\370\157\362\116
-\036\017\116\346\077\131\245\043\334\075\207\250\050\130\050\321
-\361\033\066\333\117\304\377\341\214\133\162\214\307\046\003\047
-\243\071\012\001\252\300\262\061\140\203\042\241\117\022\011\001
-\021\257\064\324\317\327\256\142\323\005\007\264\061\165\340\015
-\155\127\117\151\207\371\127\251\272\025\366\310\122\155\241\313
-\234\037\345\374\170\250\065\232\237\101\024\316\245\264\316\224
-\010\034\011\255\126\345\332\266\111\232\112\352\143\030\123\234
-\054\056\303\002\003\001\000\001\243\102\060\100\060\017\006\003
-\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
-\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
-\003\125\035\016\004\026\004\024\067\135\246\232\164\062\302\302
-\371\307\246\025\020\131\270\344\375\345\270\155\060\015\006\011
-\052\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000
-\257\247\317\336\377\340\275\102\215\115\345\042\226\337\150\352
-\175\115\052\175\320\255\075\026\134\103\347\175\300\206\350\172
-\065\143\361\314\201\310\306\013\350\056\122\065\244\246\111\220
-\143\121\254\064\254\005\073\127\000\351\323\142\323\331\051\325
-\124\276\034\020\221\234\262\155\376\131\375\171\367\352\126\320
-\236\150\124\102\217\046\122\342\114\337\057\227\246\057\322\007
-\230\250\363\140\135\113\232\130\127\210\357\202\345\372\257\154
-\201\113\222\217\100\232\223\106\131\313\137\170\026\261\147\076
-\102\013\337\050\331\260\255\230\040\276\103\174\321\136\032\011
-\027\044\215\173\135\225\351\253\301\140\253\133\030\144\200\373
-\255\340\006\175\035\312\131\270\363\170\051\147\306\126\035\257
-\266\265\164\052\166\241\077\373\165\060\237\224\136\073\245\140
-\363\313\134\014\342\016\311\140\370\311\037\026\212\046\335\347
-\047\177\353\045\246\212\275\270\055\066\020\232\261\130\115\232
-\150\117\140\124\345\366\106\023\216\210\254\274\041\102\022\255
-\306\112\211\175\233\301\330\055\351\226\003\364\242\164\014\274
-\000\035\277\326\067\045\147\264\162\213\257\205\275\352\052\003
-\217\314\373\074\104\044\202\342\001\245\013\131\266\064\215\062
-\013\022\015\353\047\302\375\101\327\100\074\162\106\051\300\214
-\352\272\017\361\006\223\056\367\234\250\364\140\076\243\361\070
-\136\216\023\301\263\072\227\207\077\222\312\170\251\034\257\320
-\260\033\046\036\276\160\354\172\365\063\230\352\134\377\053\013
-\004\116\103\335\143\176\016\247\116\170\003\225\076\324\055\060
-\225\021\020\050\056\277\240\002\076\377\136\131\323\005\016\225
-\137\123\105\357\153\207\325\110\315\026\246\226\203\341\337\263
-\006\363\301\024\333\247\354\034\213\135\220\220\015\162\121\347
-\141\371\024\312\257\203\217\277\257\261\012\131\135\334\134\327
-\344\226\255\133\140\035\332\256\227\262\071\331\006\365\166\000
-\023\370\150\114\041\260\065\304\334\125\262\311\301\101\132\034
-\211\300\214\157\164\240\153\063\115\265\001\050\375\255\255\211
-\027\073\246\232\204\274\353\214\352\304\161\044\250\272\051\371
-\010\262\047\126\065\062\137\352\071\373\061\232\325\031\314\360
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "CommScope Public Trust RSA Root-01"
-# Issuer: CN=CommScope Public Trust RSA Root-01,O=CommScope,C=US
-# Serial Number:3e:03:49:81:75:16:74:31:8e:4c:ab:d5:c5:90:29:96:c5:39:10:dd
-# Subject: CN=CommScope Public Trust RSA Root-01,O=CommScope,C=US
-# Not Valid Before: Wed Apr 28 16:45:54 2021
-# Not Valid After : Sat Apr 28 16:45:53 2046
-# Fingerprint (SHA-256): 02:BD:F9:6E:2A:45:DD:9B:F1:8F:C7:E1:DB:DF:21:A0:37:9B:A3:C9:C2:61:03:44:CF:D8:D6:06:FE:C1:ED:81
-# Fingerprint (SHA1): 6D:0A:5F:F7:B4:23:06:B4:85:B3:B7:97:64:FC:AC:75:F5:33:F2:93
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "CommScope Public Trust RSA Root-01"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\155\012\137\367\264\043\006\264\205\263\267\227\144\374\254\165
-\365\063\362\223
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\016\264\025\274\207\143\135\135\002\163\324\046\070\150\163\330
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\122\123\101\040\122\157\157\164\055\060\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\076\003\111\201\165\026\164\061\216\114\253\325\305\220
-\051\226\305\071\020\335
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "CommScope Public Trust RSA Root-02"
-#
-# Issuer: CN=CommScope Public Trust RSA Root-02,O=CommScope,C=US
-# Serial Number:54:16:bf:3b:7e:39:95:71:8d:d1:aa:00:a5:86:0d:2b:8f:7a:05:4e
-# Subject: CN=CommScope Public Trust RSA Root-02,O=CommScope,C=US
-# Not Valid Before: Wed Apr 28 17:16:43 2021
-# Not Valid After : Sat Apr 28 17:16:42 2046
-# Fingerprint (SHA-256): FF:E9:43:D7:93:42:4B:4F:7C:44:0C:1C:3D:64:8D:53:63:F3:4B:82:DC:87:AA:7A:9F:11:8F:C5:DE:E1:01:F1
-# Fingerprint (SHA1): EA:B0:E2:52:1B:89:93:4C:11:68:F2:D8:9A:AC:22:4C:A3:8A:57:AE
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "CommScope Public Trust RSA Root-02"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\122\123\101\040\122\157\157\164\055\060\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\122\123\101\040\122\157\157\164\055\060\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\124\026\277\073\176\071\225\161\215\321\252\000\245\206
-\015\053\217\172\005\116
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\154\060\202\003\124\240\003\002\001\002\002\024\124
-\026\277\073\176\071\225\161\215\321\252\000\245\206\015\053\217
-\172\005\116\060\015\006\011\052\206\110\206\367\015\001\001\013
-\005\000\060\116\061\013\060\011\006\003\125\004\006\023\002\125
-\123\061\022\060\020\006\003\125\004\012\014\011\103\157\155\155
-\123\143\157\160\145\061\053\060\051\006\003\125\004\003\014\042
-\103\157\155\155\123\143\157\160\145\040\120\165\142\154\151\143
-\040\124\162\165\163\164\040\122\123\101\040\122\157\157\164\055
-\060\062\060\036\027\015\062\061\060\064\062\070\061\067\061\066
-\064\063\132\027\015\064\066\060\064\062\070\061\067\061\066\064
-\062\132\060\116\061\013\060\011\006\003\125\004\006\023\002\125
-\123\061\022\060\020\006\003\125\004\012\014\011\103\157\155\155
-\123\143\157\160\145\061\053\060\051\006\003\125\004\003\014\042
-\103\157\155\155\123\143\157\160\145\040\120\165\142\154\151\143
-\040\124\162\165\163\164\040\122\123\101\040\122\157\157\164\055
-\060\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015
-\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
-\002\001\000\341\372\016\373\150\000\022\310\115\325\254\042\304
-\065\001\073\305\124\345\131\166\143\245\177\353\301\304\152\230
-\275\062\215\027\200\353\135\272\321\142\075\045\043\031\065\024
-\351\177\211\247\033\142\074\326\120\347\064\225\003\062\261\264
-\223\042\075\247\342\261\355\346\173\116\056\207\233\015\063\165
-\012\336\252\065\347\176\345\066\230\242\256\045\236\225\263\062
-\226\244\053\130\036\357\077\376\142\064\110\121\321\264\215\102
-\255\140\332\111\152\225\160\335\322\000\342\314\127\143\002\173
-\226\335\111\227\133\222\116\225\323\371\313\051\037\030\112\370
-\001\052\322\143\011\156\044\351\211\322\345\307\042\114\334\163
-\206\107\000\252\015\210\216\256\205\175\112\351\273\063\117\016
-\122\160\235\225\343\174\155\226\133\055\075\137\241\203\106\135
-\266\343\045\270\174\247\031\200\034\352\145\103\334\221\171\066
-\054\164\174\362\147\006\311\211\311\333\277\332\150\277\043\355
-\334\153\255\050\203\171\057\354\070\245\015\067\001\147\047\232
-\351\063\331\063\137\067\241\305\360\253\075\372\170\260\347\054
-\237\366\076\237\140\340\357\110\351\220\105\036\005\121\170\032
-\054\022\054\134\050\254\015\242\043\236\064\217\005\346\242\063
-\316\021\167\023\324\016\244\036\102\037\206\315\160\376\331\056
-\025\075\035\273\270\362\123\127\333\314\306\164\051\234\030\263
-\066\165\070\056\017\124\241\370\222\037\211\226\117\273\324\356
-\235\351\073\066\102\265\012\073\052\324\144\171\066\020\341\371
-\221\003\053\173\040\124\315\015\031\032\310\101\062\064\321\260
-\231\341\220\036\001\100\066\265\267\372\251\345\167\165\244\042
-\201\135\260\213\344\047\022\017\124\210\306\333\205\164\346\267
-\300\327\246\051\372\333\336\363\223\227\047\004\125\057\012\157
-\067\305\075\023\257\012\000\251\054\213\034\201\050\327\357\206
-\061\251\256\362\156\270\312\152\054\124\107\330\052\210\056\257
-\301\007\020\170\254\021\242\057\102\360\067\305\362\270\126\335
-\016\142\055\316\055\126\176\125\362\247\104\366\053\062\364\043
-\250\107\350\324\052\001\170\317\152\303\067\250\236\145\322\054
-\345\372\272\063\301\006\104\366\346\317\245\015\247\146\010\064
-\212\054\363\002\003\001\000\001\243\102\060\100\060\017\006\003
-\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
-\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
-\003\125\035\016\004\026\004\024\107\320\347\261\042\377\235\054
-\365\331\127\140\263\261\261\160\225\357\141\172\060\015\006\011
-\052\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000
-\206\151\261\115\057\351\237\117\042\223\150\216\344\041\231\243
-\316\105\123\033\163\104\123\000\201\141\315\061\343\010\272\201
-\050\050\172\222\271\266\250\310\103\236\307\023\046\115\302\330
-\345\125\234\222\135\120\330\302\053\333\376\346\250\227\317\122
-\072\044\303\145\144\134\107\061\243\145\065\023\303\223\271\367
-\371\121\227\273\244\360\142\207\305\326\006\323\227\203\040\251
-\176\273\266\041\302\245\015\204\000\341\362\047\020\203\272\335
-\003\201\325\335\150\303\146\020\310\321\166\264\263\157\051\236
-\000\371\302\051\365\261\223\031\122\151\032\054\114\240\213\340
-\025\232\061\057\323\210\225\131\156\345\304\263\120\310\024\010
-\112\233\213\023\203\261\244\162\262\073\166\063\101\334\334\252
-\246\007\157\035\044\022\237\310\166\275\057\331\216\364\054\356
-\267\322\070\020\044\066\121\057\343\134\135\201\041\247\332\273
-\116\377\346\007\250\376\271\015\047\154\273\160\132\125\172\023
-\351\361\052\111\151\307\137\207\127\114\103\171\155\072\145\351
-\060\134\101\356\353\167\245\163\022\210\350\277\175\256\345\304
-\250\037\015\216\034\155\120\002\117\046\030\103\336\217\125\205
-\261\013\067\005\140\311\125\071\022\004\241\052\317\161\026\237
-\066\121\111\277\160\073\236\147\234\373\173\171\311\071\034\170
-\254\167\221\124\232\270\165\012\201\122\227\343\146\141\153\355
-\076\070\036\226\141\125\341\221\124\214\355\214\044\037\201\311
-\020\232\163\231\053\026\116\162\000\077\124\033\370\215\272\213
-\347\024\326\266\105\117\140\354\226\256\303\057\002\116\135\235
-\226\111\162\000\262\253\165\134\017\150\133\035\145\302\137\063
-\017\036\017\360\073\206\365\260\116\273\234\367\352\045\005\334
-\255\242\233\113\027\001\276\102\337\065\041\035\255\253\256\364
-\277\256\037\033\323\342\073\374\263\162\163\034\233\050\220\211
-\023\075\035\301\000\107\011\226\232\070\033\335\261\317\015\302
-\264\104\363\226\225\316\062\072\217\064\234\340\027\307\136\316
-\256\015\333\207\070\345\077\133\375\233\031\341\061\101\172\160
-\252\043\153\001\341\105\114\315\224\316\073\236\055\347\210\002
-\042\364\156\350\310\354\326\074\363\271\262\327\167\172\254\173
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "CommScope Public Trust RSA Root-02"
-# Issuer: CN=CommScope Public Trust RSA Root-02,O=CommScope,C=US
-# Serial Number:54:16:bf:3b:7e:39:95:71:8d:d1:aa:00:a5:86:0d:2b:8f:7a:05:4e
-# Subject: CN=CommScope Public Trust RSA Root-02,O=CommScope,C=US
-# Not Valid Before: Wed Apr 28 17:16:43 2021
-# Not Valid After : Sat Apr 28 17:16:42 2046
-# Fingerprint (SHA-256): FF:E9:43:D7:93:42:4B:4F:7C:44:0C:1C:3D:64:8D:53:63:F3:4B:82:DC:87:AA:7A:9F:11:8F:C5:DE:E1:01:F1
-# Fingerprint (SHA1): EA:B0:E2:52:1B:89:93:4C:11:68:F2:D8:9A:AC:22:4C:A3:8A:57:AE
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "CommScope Public Trust RSA Root-02"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\352\260\342\122\033\211\223\114\021\150\362\330\232\254\042\114
-\243\212\127\256
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\341\051\371\142\173\166\342\226\155\363\324\327\017\256\037\252
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\022\060\020\006\003\125\004\012\014\011\103\157\155\155\123\143
-\157\160\145\061\053\060\051\006\003\125\004\003\014\042\103\157
-\155\155\123\143\157\160\145\040\120\165\142\154\151\143\040\124
-\162\165\163\164\040\122\123\101\040\122\157\157\164\055\060\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\124\026\277\073\176\071\225\161\215\321\252\000\245\206
-\015\053\217\172\005\116
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 #
 # Certificate "D-Trust SBR Root CA 1 2022"
 #

packages/bun-usockets/src/crypto/root_certs.h

@@ -3182,96 +3182,6 @@ static struct us_cert_string_t root_certs[] = {
 "MvHVI5TWWA==\n"
 "-----END CERTIFICATE-----",.len=869},
 
-/* CommScope Public Trust ECC Root-01 */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMwTjELMAkG\n"
-"A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1Ymxp\n"
-"YyBUcnVzdCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNaFw00NjA0MjgxNzM1NDJaME4x\n"
-"CzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQ\n"
-"dWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16o\n"
-"cNfQj3Rid8NeeqrltqLxeP0CflfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOc\n"
-"w5tjnSCDPgYLpkJEhRGnSjot6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMB\n"
-"Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggq\n"
-"hkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg2NED3W3R\n"
-"OT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liWpDVfG2XqYZpwI7UNo5uSUm9poIyNStDuiw7L\n"
-"R47QjRE=\n"
-"-----END CERTIFICATE-----",.len=792},
-
-/* CommScope Public Trust ECC Root-02 */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMwTjELMAkG\n"
-"A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1Ymxp\n"
-"YyBUcnVzdCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRaFw00NjA0MjgxNzQ0NTNaME4x\n"
-"CzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQ\n"
-"dWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l\n"
-"63FRD/cHB8o5mXxO1Q/MMDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/u\n"
-"bCK1sK9IRQq9qEmUv4RDsNuESgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMB\n"
-"Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggq\n"
-"hkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/nich/m35r\n"
-"ChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs73u1Z/GtMMH9ZzkXpc2AVmkzw5l4lIhVtwodZ\n"
-"0LKOag==\n"
-"-----END CERTIFICATE-----",.len=792},
-
-/* CommScope Public Trust RSA Root-01 */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQELBQAwTjEL\n"
-"MAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1\n"
-"YmxpYyBUcnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1NTRaFw00NjA0MjgxNjQ1NTNa\n"
-"ME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29w\n"
-"ZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3QtMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\n"
-"AoICAQCwSGWjDR1C45FtnYSkYZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2b\n"
-"KOx7dAvnQmtVzslhsuitQDy6uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBW\n"
-"BB0HW0alDrJLpA6lfO741GIDuZNqihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3Oj\n"
-"WiE260f6GBfZumbCk6SP/F2krfxQapWsvCQz0b2If4b19bJzKo98rwjyGpg/qYFlP8GMicWW\n"
-"MJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/cZip8UlF1y5mO6D1cv547KI2DAg+pn3LiLCuz\n"
-"3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTifBSeolz7pUcZsBSjBAg/pGG3svZwG1KdJ\n"
-"9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/kQO9lLvkuI6cMmPNn7togbGEW682v3fu\n"
-"HX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JOHg9O5j9ZpSPcPYeoKFgo0fEbNttPxP/hjFtyjMcm\n"
-"AyejOQoBqsCyMWCDIqFPEgkBEa801M/XrmLTBQe0MXXgDW1XT2mH+VepuhX2yFJtocucH+X8\n"
-"eKg1mp9BFM6ltM6UCBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD\n"
-"AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm45P3luG0wDQYJ\n"
-"KoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6NWPxzIHI\n"
-"xgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQnmhUQo8mUuJM3y+X\n"
-"pi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+QgvfKNmwrZggvkN80V4aCRck\n"
-"jXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2vtrV0KnahP/t1MJ+UXjulYPPLXAziDslg\n"
-"+MkfFoom3ecnf+slpoq9uC02EJqxWE2aaE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0\n"
-"DLwAHb/WNyVntHKLr4W96ioDj8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/x\n"
-"BpMu95yo9GA+o/E4Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054\n"
-"A5U+1C0wlREQKC6/oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHn\n"
-"YfkUyq+Dj7+vsQpZXdxc1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVocicCMb3Sg\n"
-"azNNtQEo/a2tiRc7ppqEvOuM6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw\n"
-"-----END CERTIFICATE-----",.len=1935},
-
-/* CommScope Public Trust RSA Root-02 */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQELBQAwTjEL\n"
-"MAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1\n"
-"YmxpYyBUcnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2NDNaFw00NjA0MjgxNzE2NDJa\n"
-"ME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29w\n"
-"ZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3QtMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\n"
-"AoICAQDh+g77aAASyE3VrCLENQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mn\n"
-"G2I81lDnNJUDMrG0kyI9p+Kx7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0\n"
-"SFHRtI1CrWDaSWqVcN3SAOLMV2MCe5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxz\n"
-"hkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2WWy09X6GDRl224yW4fKcZgBzqZUPckXk2LHR88mcG\n"
-"yYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rpM9kzXzehxfCrPfp4sOcsn/Y+n2Dg70jpkEUe\n"
-"BVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIfhs1w/tkuFT0du7jyU1fbzMZ0KZwYszZ1\n"
-"OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5kQMreyBUzQ0ZGshBMjTRsJnhkB4BQDa1\n"
-"t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3wNemKfrb3vOTlycEVS8KbzfFPROvCgCpLIscgSjX\n"
-"74Yxqa7ybrjKaixUR9gqiC6vwQcQeKwRoi9C8DfF8rhW3Q5iLc4tVn5V8qdE9isy9COoR+jU\n"
-"KgF4z2rDN6ieZdIs5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD\n"
-"AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7GxcJXvYXowDQYJ\n"
-"KoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqBKCh6krm2\n"
-"qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3+VGXu6TwYofF1gbT\n"
-"l4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbymeAPnCKfWxkxlSaRosTKCL4BWa\n"
-"MS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3NyqpgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv\n"
-"41xdgSGn2rtO/+YHqP65DSdsu3BaVXoT6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u\n"
-"5cSoHw2OHG1QAk8mGEPej1WFsQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FU\n"
-"mrh1CoFSl+NmYWvtPjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jau\n"
-"wy8CTl2dlklyALKrdVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670\n"
-"v64fG9PiO/yzcnMcmyiQiRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17Org3bhzjl\n"
-"P1v9mxnhMUF6cKojawHhRUzNlM47ni3niAIi9G7oyOzWPPO5std3eqx7\n"
-"-----END CERTIFICATE-----",.len=1935},
-
 /* Telekom Security TLS ECC Root 2020 */
 {.str="-----BEGIN CERTIFICATE-----\n"
 "MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQswCQYDVQQG\n"

src/bun.js/ModuleLoader.zig

@@ -1140,14 +1140,14 @@ export fn Bun__runVirtualModule(globalObject: *JSGlobalObject, specifier_ptr: *c
 fn getHardcodedModule(jsc_vm: *VirtualMachine, specifier: bun.String, hardcoded: HardcodedModule) ?ResolvedSource {
     analytics.Features.builtin_modules.insert(hardcoded);
     return switch (hardcoded) {
-        .@"bun:main" => .{
+        .@"bun:main" => if (jsc_vm.entry_point.generated) .{
             .allocator = null,
             .source_code = bun.String.cloneUTF8(jsc_vm.entry_point.source.contents),
             .specifier = specifier,
             .source_url = specifier,
             .tag = .esm,
             .source_code_needs_deref = true,
-        },
+        } else null,
         .@"bun:internal-for-testing" => {
             if (!Environment.isDebug) {
                 if (!is_allowed_to_use_internal_testing_apis)

src/bun.js/VirtualMachine.zig

@@ -1616,7 +1616,7 @@ fn _resolve(
     if (strings.eqlComptime(std.fs.path.basename(specifier), Runtime.Runtime.Imports.alt_name)) {
         ret.path = Runtime.Runtime.Imports.Name;
         return;
-    } else if (strings.eqlComptime(specifier, main_file_name)) {
+    } else if (strings.eqlComptime(specifier, main_file_name) and jsc_vm.entry_point.generated) {
         ret.result = null;
         ret.path = jsc_vm.entry_point.source.path.text;
         return;

src/bun.js/api/server/NodeHTTPResponse.zig

@@ -468,6 +468,17 @@ pub fn writeHead(this: *NodeHTTPResponse, globalObject: *jsc.JSGlobalObject, cal
         return globalObject.ERR(.HTTP_HEADERS_SENT, "Stream already started", .{}).throw();
     }
 
+    // Validate status message does not contain invalid characters (defense-in-depth
+    // against HTTP response splitting). Matches Node.js checkInvalidHeaderChar:
+    // rejects any char not in [\t\x20-\x7e\x80-\xff].
+    if (status_message_slice.len > 0) {
+        for (status_message_slice.slice()) |c| {
+            if (c != '\t' and (c < 0x20 or c == 0x7f)) {
+                return globalObject.ERR(.INVALID_CHAR, "Invalid character in statusMessage", .{}).throw();
+            }
+        }
+    }
+
     do_it: {
         if (status_message_slice.len == 0) {
             if (HTTPStatusText.get(@intCast(status_code))) |status_message| {

src/bun.js/bindings/JSX509CertificatePrototype.cpp

@@ -560,6 +560,8 @@ JSC_DEFINE_CUSTOM_GETTER(jsX509CertificateGetter_infoAccess, (JSGlobalObject * g
         return JSValue::encode(jsUndefined());
 
     BUF_MEM* bptr = bio;
+    if (!bptr)
+        return JSValue::encode(jsUndefined());
     return JSValue::encode(undefinedIfEmpty(jsString(vm, String::fromUTF8(std::span(bptr->data, bptr->length)))));
 }
 
@@ -602,20 +604,10 @@ JSC_DEFINE_CUSTOM_GETTER(jsX509CertificateGetter_issuerCertificate, (JSGlobalObj
         return {};
     }
 
-    auto issuerCert = thisObject->view().getIssuer();
-    if (!issuerCert)
-        return JSValue::encode(jsUndefined());
-
-    auto bio = issuerCert.get();
-
-    BUF_MEM* bptr = nullptr;
-    BIO_get_mem_ptr(bio, &bptr);
-    std::span<const uint8_t> span(reinterpret_cast<const uint8_t*>(bptr->data), bptr->length);
-    auto* zigGlobalObject = defaultGlobalObject(globalObject);
-    auto* structure = zigGlobalObject->m_JSX509CertificateClassStructure.get(zigGlobalObject);
-    auto jsIssuerCert = JSX509Certificate::create(vm, structure, globalObject, span);
-    RETURN_IF_EXCEPTION(scope, {});
-    return JSValue::encode(jsIssuerCert);
+    // issuerCertificate is only available when the certificate was obtained from
+    // a TLS connection with a peer certificate chain. For certificates parsed
+    // directly from PEM/DER data, it is always undefined (matching Node.js behavior).
+    return JSValue::encode(jsUndefined());
 }
 
 JSC_DEFINE_CUSTOM_GETTER(jsX509CertificateGetter_publicKey, (JSGlobalObject * globalObject, EncodedJSValue thisValue, PropertyName))

src/bun.js/bindings/stripANSI.cpp

@@ -42,6 +42,13 @@ static std::optional<WTF::String> stripANSI(const std::span<const Char> input)
         // Append everything before the escape sequence
         result.append(std::span { start, escPos });
         const auto newPos = ANSI::consumeANSI(escPos, end);
+        if (newPos == escPos) {
+            // No ANSI found
+            result.append(std::span { escPos, escPos + 1 });
+            start = escPos + 1;
+            continue;
+        }
+
         ASSERT(newPos > start);
         ASSERT(newPos <= end);
         foundANSI = true;

src/bundler/entry_points.zig

@@ -150,6 +150,7 @@ pub const ClientEntryPoint = struct {
 
 pub const ServerEntryPoint = struct {
     source: logger.Source = undefined,
+    generated: bool = false,
 
     pub fn generate(
         entry: *ServerEntryPoint,
@@ -230,6 +231,7 @@ pub const ServerEntryPoint = struct {
         entry.source = logger.Source.initPathString(name, code);
         entry.source.path.text = name;
         entry.source.path.namespace = "server-entry";
+        entry.generated = true;
     }
 };
 

src/shell/builtin/cp.zig

@@ -266,8 +266,8 @@ pub const ShellCpOutputTask = OutputTask(Cp, .{
 
 const ShellCpOutputTaskVTable = struct {
     pub fn writeErr(this: *Cp, childptr: anytype, errbuf: []const u8) ?Yield {
+        this.state.exec.output_waiting += 1;
         if (this.bltn().stderr.needsIO()) |safeguard| {
-            this.state.exec.output_waiting += 1;
             return this.bltn().stderr.enqueue(childptr, errbuf, safeguard);
         }
         _ = this.bltn().writeNoIO(.stderr, errbuf);
@@ -279,8 +279,8 @@ const ShellCpOutputTaskVTable = struct {
     }
 
     pub fn writeOut(this: *Cp, childptr: anytype, output: *OutputSrc) ?Yield {
+        this.state.exec.output_waiting += 1;
         if (this.bltn().stdout.needsIO()) |safeguard| {
-            this.state.exec.output_waiting += 1;
             return this.bltn().stdout.enqueue(childptr, output.slice(), safeguard);
         }
         _ = this.bltn().writeNoIO(.stdout, output.slice());

src/shell/builtin/ls.zig

@@ -175,8 +175,8 @@ pub const ShellLsOutputTask = OutputTask(Ls, .{
 const ShellLsOutputTaskVTable = struct {
     pub fn writeErr(this: *Ls, childptr: anytype, errbuf: []const u8) ?Yield {
         log("ShellLsOutputTaskVTable.writeErr(0x{x}, {s})", .{ @intFromPtr(this), errbuf });
+        this.state.exec.output_waiting += 1;
         if (this.bltn().stderr.needsIO()) |safeguard| {
-            this.state.exec.output_waiting += 1;
             return this.bltn().stderr.enqueue(childptr, errbuf, safeguard);
         }
         _ = this.bltn().writeNoIO(.stderr, errbuf);
@@ -190,8 +190,8 @@ const ShellLsOutputTaskVTable = struct {
 
     pub fn writeOut(this: *Ls, childptr: anytype, output: *OutputSrc) ?Yield {
         log("ShellLsOutputTaskVTable.writeOut(0x{x}, {s})", .{ @intFromPtr(this), output.slice() });
+        this.state.exec.output_waiting += 1;
         if (this.bltn().stdout.needsIO()) |safeguard| {
-            this.state.exec.output_waiting += 1;
             return this.bltn().stdout.enqueue(childptr, output.slice(), safeguard);
         }
         log("ShellLsOutputTaskVTable.writeOut(0x{x}, {s}) no IO", .{ @intFromPtr(this), output.slice() });

src/shell/builtin/mkdir.zig

@@ -129,8 +129,8 @@ pub const ShellMkdirOutputTask = OutputTask(Mkdir, .{
 
 const ShellMkdirOutputTaskVTable = struct {
     pub fn writeErr(this: *Mkdir, childptr: anytype, errbuf: []const u8) ?Yield {
+        this.state.exec.output_waiting += 1;
         if (this.bltn().stderr.needsIO()) |safeguard| {
-            this.state.exec.output_waiting += 1;
             return this.bltn().stderr.enqueue(childptr, errbuf, safeguard);
         }
         _ = this.bltn().writeNoIO(.stderr, errbuf);
@@ -142,8 +142,8 @@ const ShellMkdirOutputTaskVTable = struct {
     }
 
     pub fn writeOut(this: *Mkdir, childptr: anytype, output: *OutputSrc) ?Yield {
+        this.state.exec.output_waiting += 1;
         if (this.bltn().stdout.needsIO()) |safeguard| {
-            this.state.exec.output_waiting += 1;
             const slice = output.slice();
             log("THE SLICE: {d} {s}", .{ slice.len, slice });
             return this.bltn().stdout.enqueue(childptr, slice, safeguard);

src/shell/builtin/seq.zig

@@ -46,12 +46,14 @@ pub fn start(this: *@This()) Yield {
 
     const maybe1 = iter.next().?;
     const int1 = std.fmt.parseFloat(f32, bun.sliceTo(maybe1, 0)) catch return this.fail("seq: invalid argument\n");
+    if (!std.math.isFinite(int1)) return this.fail("seq: invalid argument\n");
     this._end = int1;
     if (this._start > this._end) this.increment = -1;
 
     const maybe2 = iter.next();
     if (maybe2 == null) return this.do();
     const int2 = std.fmt.parseFloat(f32, bun.sliceTo(maybe2.?, 0)) catch return this.fail("seq: invalid argument\n");
+    if (!std.math.isFinite(int2)) return this.fail("seq: invalid argument\n");
     this._start = int1;
     this._end = int2;
     if (this._start < this._end) this.increment = 1;
@@ -60,6 +62,7 @@ pub fn start(this: *@This()) Yield {
     const maybe3 = iter.next();
     if (maybe3 == null) return this.do();
     const int3 = std.fmt.parseFloat(f32, bun.sliceTo(maybe3.?, 0)) catch return this.fail("seq: invalid argument\n");
+    if (!std.math.isFinite(int3)) return this.fail("seq: invalid argument\n");
     this._start = int1;
     this.increment = int2;
     this._end = int3;

src/shell/builtin/touch.zig

@@ -132,8 +132,8 @@ pub const ShellTouchOutputTask = OutputTask(Touch, .{
 
 const ShellTouchOutputTaskVTable = struct {
     pub fn writeErr(this: *Touch, childptr: anytype, errbuf: []const u8) ?Yield {
+        this.state.exec.output_waiting += 1;
         if (this.bltn().stderr.needsIO()) |safeguard| {
-            this.state.exec.output_waiting += 1;
             return this.bltn().stderr.enqueue(childptr, errbuf, safeguard);
         }
         _ = this.bltn().writeNoIO(.stderr, errbuf);
@@ -145,8 +145,8 @@ const ShellTouchOutputTaskVTable = struct {
     }
 
     pub fn writeOut(this: *Touch, childptr: anytype, output: *OutputSrc) ?Yield {
+        this.state.exec.output_waiting += 1;
         if (this.bltn().stdout.needsIO()) |safeguard| {
-            this.state.exec.output_waiting += 1;
             const slice = output.slice();
             log("THE SLICE: {d} {s}", .{ slice.len, slice });
             return this.bltn().stdout.enqueue(childptr, slice, safeguard);

src/shell/states/CondExpr.zig

@@ -168,6 +168,8 @@ fn commandImplStart(this: *CondExpr) Yield {
         .@"-d",
         .@"-f",
         => {
+            // Empty string expansion produces no args; the path doesn't exist.
+            if (this.args.items.len == 0) return this.parent.childDone(this, 1);
             this.state = .waiting_stat;
             return this.doStat();
         },

test/bundler/bundler_compile.test.ts

@@ -416,7 +416,8 @@ describe("bundler", () => {
         const db = new Database("test.db");
         const query = db.query(\`select "Hello world" as message\`);
         if (query.get().message !== "Hello world") throw "fail from sqlite";
-        const icon = await fetch("https://bun.sh/favicon.ico").then(x=>x.arrayBuffer())
+        const icon = new Uint8Array(256);
+        for (let i = 0; i < 256; i++) icon[i] = i;
         if(icon.byteLength < 100) throw "fail from icon";
         if (typeof getRandomSeed() !== 'number') throw "fail from bun:jsc";
         const server = serve({

test/js/bun/http/bun-serve-html-entry.test.ts

@@ -634,3 +634,42 @@ test.concurrent("bun serve files with correct Content-Type headers", async () =>
     // The process will be automatically cleaned up by 'await using'
   }
 });
+
+test("importing bun:main from HTML entry preload does not crash", async () => {
+  const dir = tempDirWithFiles("html-entry-bun-main", {
+    "index.html": /*html*/ `
+      <!DOCTYPE html>
+      <html>
+        <head><title>Test</title></head>
+        <body><h1>Hello</h1></body>
+      </html>
+    `,
+    "preload.mjs": /*js*/ `
+      try {
+        await import("bun:main");
+      } catch {}
+      // Signal that preload ran successfully without crashing
+      console.log("PRELOAD_OK");
+    `,
+  });
+
+  await using proc = Bun.spawn({
+    cmd: [bunExe(), "--preload", "./preload.mjs", "index.html", "--port=0"],
+    env: bunEnv,
+    cwd: dir,
+    stdout: "pipe",
+    stderr: "pipe",
+  });
+
+  const decoder = new TextDecoder();
+  let text = "";
+  for await (const chunk of proc.stdout) {
+    text += decoder.decode(chunk, { stream: true });
+    if (text.includes("http://")) break;
+  }
+
+  expect(text).toContain("PRELOAD_OK");
+
+  proc.kill();
+  await proc.exited;
+});

test/js/bun/http/fixtures/cert.key

@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCIzOJskt6VkEJY
-XKSJv/Gdil3XYkjk3NVc/+m+kzqnkTRbPtT9w+IGWgmJhuf9DJPLCwHFAEFarVwV
-x16Q0PbU4ajXaLRHEYGhrH10oTMjQnJ24xVm26mxRXPQa5vaLpWJqNyIdNLIQLe+
-UXUOzSGGsFTRMAjvYrkzjBe4ZUnaZV+aFY/ug0jfzeA1dJjzKZs6+yTJRbsuWUEb
-8MsDmT4v+kBZDKdaDn7AFDWRVqx/38BnqsRzkM0CxpnyT2kRzw5zQajIE13gdTJo
-1EHvYSUkkxrY5m30Rl9BuBBZBjhMzOHq0fYVVooHO+sf4XHPgvFTTxJum85u7J1J
-oEUjrLKtAgMBAAECggEACInVNhaiqu4infZGVMy0rXMV8VwSlapM7O2SLtFsr0nK
-XUmaLK6dvGzBPKK9dxdiYCFzPlMKQTkhzsAvYFWSmm3tRmikG+11TFyCRhXLpc8/
-ark4vD9Io6ZkmKUmyKLwtXNjNGcqQtJ7RXc7Ga3nAkueN6JKZHqieZusXVeBGQ70
-YH1LKyVNBeJggbj+g9rqaksPyNJQ8EWiNTJkTRQPazZ0o1VX/fzDFyr/a5npFtHl
-4BHfafv9o1Xyr70Kie8CYYRJNViOCN+ylFs7Gd3XRaAkSkgMT/7DzrHdEM2zrrHK
-yNg2gyDVX9UeEJG2X5UtU0o9BVW7WBshz/2hqIUHoQKBgQC8zsRFvC7u/rGr5vRR
-mhZZG+Wvg03/xBSuIgOrzm+Qie6mAzOdVmfSL/pNV9EFitXt1yd2ROo31AbS7Evy
-Bm/QVKr2mBlmLgov3B7O/e6ABteooOL7769qV/v+yo8VdEg0biHmsfGIIXDe3Lwl
-OT0XwF9r/SeZLbw1zfkSsUVG/QKBgQC5fANM3Dc9LEek+6PHv5+eC1cKkyioEjUl
-/y1VUD00aABI1TUcdLF3BtFN2t/S6HW0hrP3KwbcUfqC25k+GDLh1nM6ZK/gI3Yn
-IGtCHxtE3S6jKhE9QcK/H+PzGVKWge9SezeYRP0GHJYDrTVTA8Kt9HgoZPPeReJl
-+Ss9c8ThcQKBgECX6HQHFnNzNSufXtSQB7dCoQizvjqTRZPxVRoxDOABIGExVTYt
-umUhPtu5AGyJ+/hblEeU+iBRbGg6qRzK8PPwE3E7xey8MYYAI5YjL7YjISKysBUL
-AhM6uJ6Jg/wOBSnSx8xZ8kzlS+0izUda1rjKeprCSArSp8IsjlrDxPStAoGAEcPr
-+P+altRX5Fhpvmb/Hb8OTif8G+TqjEIdkG9H/W38oP0ywg/3M2RGxcMx7txu8aR5
-NjI7zPxZFxF7YvQkY3cLwEsGgVxEI8k6HLIoBXd90Qjlb82NnoqqZY1GWL4HMwo0
-L/Rjm6M/Rwje852Hluu0WoIYzXA6F/Q+jPs6nzECgYAxx4IbDiGXuenkwSF1SUyj
-NwJXhx4HDh7U6EO/FiPZE5BHE3BoTrFu3o1lzverNk7G3m+j+m1IguEAalHlukYl
-rip9iUISlKYqbYZdLBoLwHAfHhszdrjqn8/v6oqbB5yR3HXjPFUWJo0WJ2pqJp56
-ZshgmQQ/5Khoj6x0/dMPSg==
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCt7iqkEIco372h
+v19q0zjaYbm6gzxEnR45UjpQYqgztq4QHicD80mqIkCBCYknFxhwxhNn+Y3g5RWQ
+dReplpQbkneqRVp+qixMvu2FmOA4zRRoqObP7FyF1Yusvmroe0Y9SP2xTTmA9Zo7
+3paywPUIuZ9eKGwIiFTtj1yQ1FdghLhzZgxcf3LHEHRkGnxgxxNITFxh4nd6fGIj
+NqM5fQAY8z35lMXdeWjrhtaqgFYB+Z20YY0X7LJx39vYao0wqW8sZjX88TqHI1zX
+WLpUk6UK9RqaNza5xc80wV+9/zjhr3dc1FRjBxI1DS/ufo33dUfvilxv9/LtWwUn
+KfKLns9LAgMBAAECggEAAacPHM2G7GBIm/9rCr6tvihNgD8M685zOOZAqGYn9CqY
+cYHC4gtF/L2U6CBj2pNAoCwo3LXUkD+6r7MYKXAgqQg3HTCM4rwFbhD1rU8FVHfh
+OL0QwwZ2ut95DVdjoxTAlEN9ZcdSFc//llMJ1cF8lxoVvKFc4cv3uCI2mcaJk858
+iABfJLl3yfdv1xtpAuOfXf66sXbAmn5NQfN0qTEg2iOdgb4BUee5Wb35MakDQb6+
+/s7/bWB+ublZzYt12ChIh1jkBBHaGyQ8mFnPj99ZAJdFjAzi6ydoJ0a2rCVY7Ugs
+bkhnzDUtAaHKxo9JXaqIwbUaVFkX8dDhbg82dJrWUQKBgQDb7hNR0bJFW845N19M
+74p2PM+0dIiVzwxAg4E2dXDVe39awO/tw8Vu1o1+NPFhWAzGcidP7pAHmPEgRTVO
+7LA2P3CDXpkAEx5E0QW6QWZGqHfSa3+P1AvetvAV+OxtlDphcNeLApY16TUVOKZg
+SZlxW2e0dZylbHewgLBTIV9wUQKBgQDKdML+JD18WfenPeowsw8HzKdaw01iGiV1
+fvTjEXu6YxPPynWFMuj5gjBQodXM2vv0EsQBAPKYfe0nzRFL2kNuYs7TLoaNxqkp
+DNfJ2Ww5OSg7Mp76XgppeKKlsXLyUMYHHrDh6MRi5jvWtiHRpaNmV3cHMRs22c+B
+cqKP5Zma2wKBgCPNnS2Lsrbh3C+qWQRgVq0q9zFMa1PgEgGKpwVjlwvaAACZOjX9
+0e1aVkx+d/E98U55FPdJQf9Koa58NdJ0a7dZGor4YnYFpr7TPFh2/xxvnpoN0AVt
+IsWOCIW7MVohcGOeiChkMmnyXibnQwaX1LgEhlx1bRvtDYsZWBsgarYRAoGAARvo
+oYnDSHYZtDHToZapg2pslEOzndD02ZLrdn73BYtbZWz/fc5MlmlPKHHqgOfGL40W
+w8akjY9LCEfIS3kTm3wxE9kSZZ5r+MyYNgPZ4upcPQ7G7iortm4xveSd85PbsdhK
+McKbqMsIEuIGh2Z34ayi+0galQ9WYqglGdKxJ7cCgYEAuSPBHa+en0xaraZNRvMk
+OfV9Su/wrpR3TXSeo0E1mZHLwq1JwulpfO1SjxTH5uOJtG0tusl122wfm0KjrXUO
+vG5/It+X4u1Nv9oWj+z1+EV4fQrQ/Coqcc1r+5w1yzfURkKlHh74jbK5Yy/KfXrE
+eqbbJD40tKhY8ho15D3iCSo=
 -----END PRIVATE KEY-----

test/js/bun/http/fixtures/cert.pem

@@ -1,23 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIUN7coIsdMcLo9amZfkwogu0YkeLEwDQYJKoZIhvcNAQEL
+MIIEDDCCAvSgAwIBAgIUbddWE2woW5e96uC4S2fd2M0AsFAwDQYJKoZIhvcNAQEL
 BQAwfjELMAkGA1UEBhMCU0UxDjAMBgNVBAgMBVN0YXRlMREwDwYDVQQHDAhMb2Nh
 dGlvbjEaMBgGA1UECgwRT3JnYW5pemF0aW9uIE5hbWUxHDAaBgNVBAsME09yZ2Fu
-aXphdGlvbmFsIFVuaXQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA5MjExNDE2
-MjNaFw0yNDA5MjAxNDE2MjNaMH4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVTdGF0
+aXphdGlvbmFsIFVuaXQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yNjAyMTMyMzEx
+MjlaFw0zNjAyMTEyMzExMjlaMH4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVTdGF0
 ZTERMA8GA1UEBwwITG9jYXRpb24xGjAYBgNVBAoMEU9yZ2FuaXphdGlvbiBOYW1l
 MRwwGgYDVQQLDBNPcmdhbml6YXRpb25hbCBVbml0MRIwEAYDVQQDDAlsb2NhbGhv
-c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIzOJskt6VkEJYXKSJ
-v/Gdil3XYkjk3NVc/+m+kzqnkTRbPtT9w+IGWgmJhuf9DJPLCwHFAEFarVwVx16Q
-0PbU4ajXaLRHEYGhrH10oTMjQnJ24xVm26mxRXPQa5vaLpWJqNyIdNLIQLe+UXUO
-zSGGsFTRMAjvYrkzjBe4ZUnaZV+aFY/ug0jfzeA1dJjzKZs6+yTJRbsuWUEb8MsD
-mT4v+kBZDKdaDn7AFDWRVqx/38BnqsRzkM0CxpnyT2kRzw5zQajIE13gdTJo1EHv
-YSUkkxrY5m30Rl9BuBBZBjhMzOHq0fYVVooHO+sf4XHPgvFTTxJum85u7J1JoEUj
-rLKtAgMBAAGjXDBaMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD
-ATAUBgNVHREEDTALgglsb2NhbGhvc3QwHQYDVR0OBBYEFNzx4Rfs9m8XR5ML0WsI
-sorKmB4PMA0GCSqGSIb3DQEBCwUAA4IBAQB87iQy8R0fiOky9WTcyzVeMaavS3MX
-iTe1BRn1OCyDq+UiwwoNz7zdzZJFEmRtFBwPNFOe4HzLu6E+7yLFR552eYRHlqIi
-/fiLb5JiZfPtokUHeqwELWBsoXtU8vKxViPiLZ09jkWOPZWo7b/xXd6QYykBfV91
-usUXLzyTD2orMagpqNksLDGS3p3ggHEJBZtRZA8R7kPEw98xZHznOQpr26iv8kYz
-ZWdLFoFdwgFBSfxePKax5rfo+FbwdrcTX0MhbORyiu2XsBAghf8s2vKDkHg2UQE8
-haonxFYMFaASfaZ/5vWKYDTCJkJ67m/BtkpRafFEO+ad1i1S61OjfxH4
+c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt7iqkEIco372hv19q
+0zjaYbm6gzxEnR45UjpQYqgztq4QHicD80mqIkCBCYknFxhwxhNn+Y3g5RWQdRep
+lpQbkneqRVp+qixMvu2FmOA4zRRoqObP7FyF1Yusvmroe0Y9SP2xTTmA9Zo73pay
+wPUIuZ9eKGwIiFTtj1yQ1FdghLhzZgxcf3LHEHRkGnxgxxNITFxh4nd6fGIjNqM5
+fQAY8z35lMXdeWjrhtaqgFYB+Z20YY0X7LJx39vYao0wqW8sZjX88TqHI1zXWLpU
+k6UK9RqaNza5xc80wV+9/zjhr3dc1FRjBxI1DS/ufo33dUfvilxv9/LtWwUnKfKL
+ns9LAgMBAAGjgYEwfzAdBgNVHQ4EFgQUQCpSY7ODhdyD6pdZHvfHoWRXWsIwHwYD
+VR0jBBgwFoAUQCpSY7ODhdyD6pdZHvfHoWRXWsIwDwYDVR0TAQH/BAUwAwEB/zAs
+BgNVHREEJTAjgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJ
+KoZIhvcNAQELBQADggEBAGKTIzGQsOqfD0+x15F2cu7FKjIo1ua0OiILAhPqGX65
+kGcetjC/dJip2bGnw1NjG9WxEJNZ4YcsGrwh9egfnXXmfHNL0wzx/LTo2oysbXsN
+nEj+cmzw3Lwjn/ywJc+AC221/xrmDfm3m/hMzLqncnj23ZAHqkXTSp5UtSMs+UDQ
+my0AJOvsDGPVKHQsAX3JDjKHaoVJn4YqpHcIGmpjrNcQSvwUocDHPcC0ywco6SgF
+Ylzy2bwWWdPd9Cz9JkAMb95nWc7Rwf/nxAqCjJFzKEisvrx7VZ+QSVI0nqJzt8V1
+pbtWYH5gMFVstU3ghWdSLbAk4XufGYrIWAlA5mqjQ4o=
 -----END CERTIFICATE-----

test/js/bun/http/proxy.test.js

@@ -221,8 +221,14 @@ describe.concurrent(() => {
     ["''", "''"],
     ['""', '""'],
   ])("test proxy env, http_proxy=%s https_proxy=%s", async (http_proxy, https_proxy) => {
+    using localServer = Bun.serve({
+      port: 0,
+      fetch() {
+        return new Response("OK");
+      },
+    });
     const { exited, stderr: stream } = Bun.spawn({
-      cmd: [bunExe(), "-e", 'await fetch("https://example.com")'],
+      cmd: [bunExe(), "-e", `await fetch("${localServer.url}")`],
       env: {
         ...bunEnv,
         http_proxy: http_proxy,

test/js/bun/shell/shell-cmdsub-crash.test.ts

@@ -0,0 +1,48 @@
+import { describe, expect, test } from "bun:test";
+import { bunEnv, bunExe, tempDir } from "harness";
+
+// Regression test for use-after-poison in builtin OutputTask callbacks
+// inside command substitution $().
+//
+// The bug: output_waiting was only incremented for async writes but
+// output_done was always incremented, so when stdout is sync (.pipe
+// in cmdsub) the counter check `output_done >= output_waiting` fires
+// prematurely, calling done() and freeing the builtin while IOWriter
+// callbacks are still pending.
+//
+// Repro requires many ls tasks with errors — listing many entries
+// alongside non-existent paths reliably triggers the ASAN
+// use-after-poison.
+
+describe("builtins in command substitution with errors should not crash", () => {
+  test("ls with errors in command substitution", async () => {
+    // Create a temp directory with many files to produce output,
+    // and include non-existent paths to produce errors.
+    const files: Record<string, string> = {};
+    for (let i = 0; i < 50; i++) {
+      files[`file${i}.txt`] = `content${i}`;
+    }
+    using dir = tempDir("shell-cmdsub", files);
+
+    await using proc = Bun.spawn({
+      cmd: [
+        bunExe(),
+        "-e",
+        `
+        import { $ } from "bun";
+        $.throws(false);
+        await $\`echo $(ls $TEST_DIR/* /nonexistent_path_1 /nonexistent_path_2)\`;
+        console.log("done");
+      `,
+      ],
+      env: { ...bunEnv, TEST_DIR: String(dir) },
+      stderr: "pipe",
+      stdout: "pipe",
+    });
+
+    const [stdout, stderr, exitCode] = await Promise.all([proc.stdout.text(), proc.stderr.text(), proc.exited]);
+
+    expect(stdout).toContain("done");
+    expect(exitCode).toBe(0);
+  });
+});

test/js/bun/shell/shell-seq-condexpr.test.ts

@@ -0,0 +1,85 @@
+import { expect, test } from "bun:test";
+import { bunEnv, bunExe } from "harness";
+
+test("seq inf does not hang", async () => {
+  await using proc = Bun.spawn({
+    cmd: [
+      bunExe(),
+      "-e",
+      `import { $ } from "bun"; $.throws(false); const r = await $\`seq inf\`; process.exit(r.exitCode)`,
+    ],
+    env: bunEnv,
+    stderr: "pipe",
+  });
+
+  const [stdout, stderr, exitCode] = await Promise.all([proc.stdout.text(), proc.stderr.text(), proc.exited]);
+
+  expect(stderr).toContain("invalid argument");
+  expect(exitCode).toBe(1);
+}, 10_000);
+
+test("seq nan does not hang", async () => {
+  await using proc = Bun.spawn({
+    cmd: [
+      bunExe(),
+      "-e",
+      `import { $ } from "bun"; $.throws(false); const r = await $\`seq nan\`; process.exit(r.exitCode)`,
+    ],
+    env: bunEnv,
+    stderr: "pipe",
+  });
+
+  const [stdout, stderr, exitCode] = await Promise.all([proc.stdout.text(), proc.stderr.text(), proc.exited]);
+
+  expect(stderr).toContain("invalid argument");
+  expect(exitCode).toBe(1);
+}, 10_000);
+
+test("seq -inf does not hang", async () => {
+  await using proc = Bun.spawn({
+    cmd: [
+      bunExe(),
+      "-e",
+      `import { $ } from "bun"; $.throws(false); const r = await $\`seq -- -inf\`; process.exit(r.exitCode)`,
+    ],
+    env: bunEnv,
+    stderr: "pipe",
+  });
+
+  const [stdout, stderr, exitCode] = await Promise.all([proc.stdout.text(), proc.stderr.text(), proc.exited]);
+
+  expect(stderr).toContain("invalid argument");
+  expect(exitCode).toBe(1);
+}, 10_000);
+
+test('[[ -d "" ]] does not crash', async () => {
+  await using proc = Bun.spawn({
+    cmd: [
+      bunExe(),
+      "-e",
+      `import { $ } from "bun"; $.throws(false); const r = await $\`[[ -d "" ]]\`; process.exit(r.exitCode)`,
+    ],
+    env: bunEnv,
+    stderr: "pipe",
+  });
+
+  const [stdout, stderr, exitCode] = await Promise.all([proc.stdout.text(), proc.stderr.text(), proc.exited]);
+
+  expect(exitCode).toBe(1);
+}, 10_000);
+
+test('[[ -f "" ]] does not crash', async () => {
+  await using proc = Bun.spawn({
+    cmd: [
+      bunExe(),
+      "-e",
+      `import { $ } from "bun"; $.throws(false); const r = await $\`[[ -f "" ]]\`; process.exit(r.exitCode)`,
+    ],
+    env: bunEnv,
+    stderr: "pipe",
+  });
+
+  const [stdout, stderr, exitCode] = await Promise.all([proc.stdout.text(), proc.stderr.text(), proc.exited]);
+
+  expect(exitCode).toBe(1);
+}, 10_000);

test/js/bun/sqlite/sqlite.test.js

@@ -1,7 +1,7 @@
 import { spawnSync } from "bun";
 import { constants, Database, SQLiteError } from "bun:sqlite";
 import { describe, expect, it } from "bun:test";
-import { existsSync, readdirSync, realpathSync, writeFileSync } from "fs";
+import { readdirSync, realpathSync } from "fs";
 import { bunEnv, bunExe, isMacOS, isMacOSVersionAtLeast, isWindows, tempDirWithFiles } from "harness";
 import { tmpdir } from "os";
 import path from "path";
@@ -846,13 +846,15 @@ it("db.transaction()", () => {
 
 // this bug was fixed by ensuring FinalObject has no more than 64 properties
 it("inlineCapacity #987", async () => {
-  const path = tmpbase + "bun-987.db";
-  if (!existsSync(path)) {
-    const arrayBuffer = await (await fetch("https://github.com/oven-sh/bun/files/9265429/logs.log")).arrayBuffer();
-    writeFileSync(path, arrayBuffer);
-  }
-
-  const db = new Database(path);
+  const db = new Database(":memory:");
+  // Create schema matching the original regression test (media + logs tables)
+  db.exec(`
+    CREATE TABLE media (id INTEGER PRIMARY KEY, mid TEXT, name TEXT, url TEXT, duration INTEGER);
+    CREATE TABLE logs (mid INTEGER, duration INTEGER, start INTEGER, did TEXT, vid TEXT);
+    INSERT INTO media VALUES (1, 'm1', 'Test Media', 'http://test', 120);
+    INSERT INTO logs VALUES (1, 60, 1654100000, 'd1', 'v1');
+    INSERT INTO logs VALUES (1, 45, 1654200000, 'd2', 'v2');
+  `);
 
   const query = `SELECT
   media.mid,

test/js/bun/test/parallel/test-https-should-work-when-sending-request-with-agent-false.ts

@@ -1,7 +1,20 @@
+import { tls } from "harness";
 import https from "node:https";
 
+using server = Bun.serve({
+  port: 0,
+  tls,
+  fetch() {
+    return new Response("OK");
+  },
+});
+
 const { promise, resolve, reject } = Promise.withResolvers();
-const client = https.request("https://example.com/", { agent: false });
+const client = https.request(`https://localhost:${server.port}/`, {
+  agent: false,
+  ca: tls.cert,
+  rejectUnauthorized: true,
+});
 client.on("error", reject);
 client.on("close", resolve);
 client.end();

test/js/node/async_hooks/AsyncLocalStorage.test.ts

@@ -212,10 +212,16 @@ describe("async context passes through", () => {
     expect(s.getStore()).toBe(undefined);
   });
   test("fetch", async () => {
+    using server = Bun.serve({
+      port: 0,
+      fetch() {
+        return new Response("OK");
+      },
+    });
     const s = new AsyncLocalStorage<string>();
     await s.run("value", async () => {
       expect(s.getStore()).toBe("value");
-      const response = await fetch("https://bun.sh") //
+      const response = await fetch(server.url) //
         .then(r => {
           expect(s.getStore()).toBe("value");
           return true;

test/js/node/http/node-http.test.ts

@@ -5,7 +5,7 @@
  *
  * A handful of older tests do not run in Node in this file. These tests should be updated to run in Node, or deleted.
  */
-import { bunEnv, bunExe, exampleSite, randomPort } from "harness";
+import { bunEnv, bunExe, exampleSite, randomPort, tls as tlsCert } from "harness";
 import { createTest } from "node-harness";
 import { EventEmitter, once } from "node:events";
 import nodefs, { unlinkSync } from "node:fs";
@@ -1081,9 +1081,19 @@ describe("node:http", () => {
   });
 
   test("should not decompress gzip, issue#4397", async () => {
+    using server = Bun.serve({
+      port: 0,
+      tls: tlsCert,
+      fetch() {
+        const body = Bun.gzipSync(Buffer.from("<html>Hello</html>"));
+        return new Response(body, {
+          headers: { "content-encoding": "gzip" },
+        });
+      },
+    });
     const { promise, resolve } = Promise.withResolvers();
     https
-      .request("https://bun.sh/", { headers: { "accept-encoding": "gzip" } }, res => {
+      .request(server.url, { ca: tlsCert.cert, headers: { "accept-encoding": "gzip" } }, res => {
         res.on("data", function cb(chunk) {
           resolve(chunk);
           res.off("data", cb);
@@ -1632,6 +1642,75 @@ describe("HTTP Server Security Tests - Advanced", () => {
     });
   });
 
+  describe("Response Splitting Protection", () => {
+    test("rejects CRLF in statusMessage set via property assignment followed by res.end()", async () => {
+      const { promise: errorPromise, resolve: resolveError } = Promise.withResolvers<Error>();
+      server.on("request", (req, res) => {
+        res.statusCode = 200;
+        res.statusMessage = "OK\r\nSet-Cookie: admin=true";
+        try {
+          res.end("body");
+        } catch (e: any) {
+          resolveError(e);
+          res.statusMessage = "OK";
+          res.end("safe");
+        }
+      });
+
+      const response = (await sendRequest("GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n")) as string;
+      const err = await errorPromise;
+      expect((err as any).code).toBe("ERR_INVALID_CHAR");
+      // The injected Set-Cookie header must NOT appear in the response
+      expect(response).not.toInclude("Set-Cookie: admin=true");
+    });
+
+    test("rejects CRLF in statusMessage set via property assignment followed by res.write()", async () => {
+      const { promise: errorPromise, resolve: resolveError } = Promise.withResolvers<Error>();
+      server.on("request", (req, res) => {
+        res.statusCode = 200;
+        res.statusMessage = "OK\r\nX-Injected: evil";
+        try {
+          res.write("chunk");
+        } catch (e: any) {
+          resolveError(e);
+          res.statusMessage = "OK";
+          res.end("safe");
+        }
+      });
+
+      const response = (await sendRequest("GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n")) as string;
+      const err = await errorPromise;
+      expect((err as any).code).toBe("ERR_INVALID_CHAR");
+      expect(response).not.toInclude("X-Injected: evil");
+    });
+
+    test("rejects CRLF in statusMessage passed to writeHead()", async () => {
+      server.on("request", (req, res) => {
+        expect(() => {
+          res.writeHead(200, "OK\r\nX-Injected: evil");
+        }).toThrow(/Invalid character in statusMessage/);
+        res.writeHead(200, "OK");
+        res.end("safe");
+      });
+
+      const response = (await sendRequest("GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n")) as string;
+      expect(response).not.toInclude("X-Injected");
+      expect(response).toInclude("safe");
+    });
+
+    test("allows valid statusMessage without control characters", async () => {
+      server.on("request", (req, res) => {
+        res.statusCode = 200;
+        res.statusMessage = "Everything Is Fine";
+        res.end("ok");
+      });
+
+      const response = (await sendRequest("GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n")) as string;
+      expect(response).toInclude("200 Everything Is Fine");
+      expect(response).toInclude("ok");
+    });
+  });
+
   test("Server should not crash in clientError is emitted when calling destroy", async () => {
     await using server = http.createServer(async (req, res) => {
       res.end("Hello World");

test/js/node/http2/node-http2.test.js

@@ -821,60 +821,74 @@ for (const nodeExecutable of [nodeExe(), bunExe()]) {
             expect(typeof settings.maxHeaderListSize).toBe("number");
             expect(typeof settings.maxHeaderSize).toBe("number");
           };
-          const { promise, resolve, reject } = Promise.withResolvers();
-          const client = http2.connect("https://www.example.com");
-          client.on("error", reject);
-          expect(client.connecting).toBeTrue();
-          expect(client.alpnProtocol).toBeUndefined();
-          expect(client.encrypted).toBeTrue();
-          expect(client.closed).toBeFalse();
-          expect(client.destroyed).toBeFalse();
-          expect(client.originSet.length).toBe(1);
-          expect(client.pendingSettingsAck).toBeTrue();
-          assertSettings(client.localSettings);
-          expect(client.remoteSettings).toBeNull();
-          const headers = { ":path": "/" };
-          const req = client.request(headers);
-          expect(req.closed).toBeFalse();
-          expect(req.destroyed).toBeFalse();
-          // we always asign a stream id to the request
-          expect(req.pending).toBeFalse();
-          expect(typeof req.id).toBe("number");
-          expect(req.session).toBeDefined();
-          expect(req.sentHeaders).toEqual({
-            ":authority": "www.example.com",
-            ":method": "GET",
-            ":path": "/",
-            ":scheme": "https",
+          const h2Server = http2.createSecureServer({ ...TLS_CERT, allowHTTP1: false });
+          h2Server.on("stream", (stream, headers) => {
+            stream.respond({ ":status": 200 });
+            stream.end("OK");
           });
-          expect(req.sentTrailers).toBeUndefined();
-          expect(req.sentInfoHeaders.length).toBe(0);
-          expect(req.scheme).toBe("https");
-          let response_headers = null;
-          req.on("response", (headers, flags) => {
-            response_headers = headers;
-          });
-          req.resume();
-          req.on("end", () => {
-            resolve();
-          });
-          await promise;
-          expect(response_headers[":status"]).toBe(200);
-          const settings = client.remoteSettings;
-          const localSettings = client.localSettings;
-          assertSettings(settings);
-          assertSettings(localSettings);
-          expect(settings).toEqual(client.remoteSettings);
-          expect(localSettings).toEqual(client.localSettings);
-          client.destroy();
-          expect(client.connecting).toBeFalse();
-          expect(client.alpnProtocol).toBe("h2");
-          expect(client.pendingSettingsAck).toBeFalse();
-          expect(client.destroyed).toBeTrue();
-          expect(client.closed).toBeTrue();
-          expect(req.closed).toBeTrue();
-          expect(req.destroyed).toBeTrue();
-          expect(req.rstCode).toBe(http2.constants.NGHTTP2_NO_ERROR);
+          const { promise: listenPromise, resolve: listenResolve } = Promise.withResolvers();
+          h2Server.listen(0, () => listenResolve());
+          await listenPromise;
+          const serverAddress = h2Server.address();
+          const serverUrl = `https://localhost:${serverAddress.port}`;
+          try {
+            const { promise, resolve, reject } = Promise.withResolvers();
+            const client = http2.connect(serverUrl, TLS_OPTIONS);
+            client.on("error", reject);
+            expect(client.connecting).toBeTrue();
+            expect(client.alpnProtocol).toBeUndefined();
+            expect(client.encrypted).toBeTrue();
+            expect(client.closed).toBeFalse();
+            expect(client.destroyed).toBeFalse();
+            expect(client.originSet.length).toBe(1);
+            expect(client.pendingSettingsAck).toBeTrue();
+            assertSettings(client.localSettings);
+            expect(client.remoteSettings).toBeNull();
+            const headers = { ":path": "/" };
+            const req = client.request(headers);
+            expect(req.closed).toBeFalse();
+            expect(req.destroyed).toBeFalse();
+            // we always asign a stream id to the request
+            expect(req.pending).toBeFalse();
+            expect(typeof req.id).toBe("number");
+            expect(req.session).toBeDefined();
+            expect(req.sentHeaders).toEqual({
+              ":authority": `localhost:${serverAddress.port}`,
+              ":method": "GET",
+              ":path": "/",
+              ":scheme": "https",
+            });
+            expect(req.sentTrailers).toBeUndefined();
+            expect(req.sentInfoHeaders.length).toBe(0);
+            expect(req.scheme).toBe("https");
+            let response_headers = null;
+            req.on("response", (headers, flags) => {
+              response_headers = headers;
+            });
+            req.resume();
+            req.on("end", () => {
+              resolve();
+            });
+            await promise;
+            expect(response_headers[":status"]).toBe(200);
+            const settings = client.remoteSettings;
+            const localSettings = client.localSettings;
+            assertSettings(settings);
+            assertSettings(localSettings);
+            expect(settings).toEqual(client.remoteSettings);
+            expect(localSettings).toEqual(client.localSettings);
+            client.destroy();
+            expect(client.connecting).toBeFalse();
+            expect(client.alpnProtocol).toBe("h2");
+            expect(client.pendingSettingsAck).toBeFalse();
+            expect(client.destroyed).toBeTrue();
+            expect(client.closed).toBeTrue();
+            expect(req.closed).toBeTrue();
+            expect(req.destroyed).toBeTrue();
+            expect(req.rstCode).toBe(http2.constants.NGHTTP2_NO_ERROR);
+          } finally {
+            h2Server.close();
+          }
         });
         it("ping events should work", async () => {
           await using server = await nodeEchoServer(paddingStrategy);

test/js/web/fetch/fetch.test.ts

@@ -577,19 +577,27 @@ describe("fetch", () => {
   });
 
   it.concurrent('redirect: "follow"', async () => {
+    using target = Bun.serve({
+      port: 0,
+      tls,
+      fetch() {
+        return new Response("redirected!");
+      },
+    });
     using server = Bun.serve({
       port: 0,
       fetch(req) {
         return new Response(null, {
           status: 302,
           headers: {
-            Location: "https://example.com",
+            Location: target.url.href,
           },
         });
       },
     });
     const response = await fetch(`http://${server.hostname}:${server.port}`, {
       redirect: "follow",
+      tls: { ca: tls.cert },
     });
     expect(response.status).toBe(200);
     expect(response.headers.get("location")).toBe(null);
@@ -734,8 +742,15 @@ it.concurrent("simultaneous HTTPS fetch", async () => {
 });
 
 it.concurrent("website with tlsextname", async () => {
-  // irony
-  await fetch("https://bun.sh", { method: "HEAD" });
+  using server = Bun.serve({
+    port: 0,
+    tls,
+    fetch() {
+      return new Response("OK");
+    },
+  });
+  const resp = await fetch(server.url, { method: "HEAD", tls: { ca: tls.cert } });
+  expect(resp.status).toBe(200);
 });
 
 function testBlobInterface(blobbyConstructor: { (..._: any[]): any }, hasBlobFn?: boolean) {

test/js/web/fetch/fetch.tls.test.ts

@@ -30,94 +30,110 @@ async function createServer(cert: TLSOptions, callback: (port: number) => Promis
 
 describe.concurrent("fetch-tls", () => {
   it("can handle multiple requests with non native checkServerIdentity", async () => {
-    async function request() {
-      let called = false;
-      const result = await fetch("https://www.example.com", {
-        keepalive: false,
-        tls: {
-          checkServerIdentity(hostname: string, cert: tls.PeerCertificate) {
-            called = true;
-            return tls.checkServerIdentity(hostname, cert);
-          },
-        },
-      }).then((res: Response) => res.blob());
-      expect(result?.size).toBeGreaterThan(0);
-      expect(called).toBe(true);
-    }
-    const promises = [];
-    for (let i = 0; i < 5; i++) {
-      promises.push(request());
-    }
-    await Promise.all(promises);
-  });
-
-  it("fetch with valid tls should not throw", async () => {
-    const promises = [`https://example.com`, `https://www.example.com`].map(async url => {
-      const result = await fetch(url, { keepalive: false }).then((res: Response) => res.blob());
-      expect(result?.size).toBeGreaterThan(0);
-    });
-
-    await Promise.all(promises);
-  });
-
-  it("fetch with valid tls and non-native checkServerIdentity should work", async () => {
-    for (const isBusy of [true, false]) {
-      let count = 0;
-      const promises = [`https://example.com`, `https://www.example.com`].map(async url => {
-        await fetch(url, {
+    await createServer(CERT_LOCALHOST_IP, async port => {
+      async function request() {
+        let called = false;
+        const result = await fetch(`https://localhost:${port}`, {
           keepalive: false,
           tls: {
+            ca: validTls.cert,
             checkServerIdentity(hostname: string, cert: tls.PeerCertificate) {
-              count++;
-              expect(url).toContain(hostname);
+              called = true;
               return tls.checkServerIdentity(hostname, cert);
             },
           },
         }).then((res: Response) => res.blob());
-      });
-      if (isBusy) {
-        const start = performance.now();
-        while (performance.now() - start < 500) {}
+        expect(result?.size).toBeGreaterThan(0);
+        expect(called).toBe(true);
+      }
+      const promises = [];
+      for (let i = 0; i < 5; i++) {
+        promises.push(request());
       }
       await Promise.all(promises);
-      expect(count).toBe(2);
-    }
+    });
+  });
+
+  it("fetch with valid tls should not throw", async () => {
+    await createServer(CERT_LOCALHOST_IP, async port => {
+      const urls = [`https://localhost:${port}`, `https://127.0.0.1:${port}`];
+      const promises = urls.map(async url => {
+        const result = await fetch(url, { keepalive: false, tls: { ca: validTls.cert } }).then((res: Response) =>
+          res.blob(),
+        );
+        expect(result?.size).toBeGreaterThan(0);
+      });
+
+      await Promise.all(promises);
+    });
   });
 
   it("fetch with valid tls and non-native checkServerIdentity should work", async () => {
-    let count = 0;
-    const promises = [`https://example.com`, `https://www.example.com`].map(async url => {
-      await fetch(url, {
-        keepalive: false,
-        tls: {
-          checkServerIdentity(hostname: string, cert: tls.PeerCertificate) {
-            count++;
-            expect(url).toContain(hostname);
-            throw new Error("CustomError");
-          },
-        },
-      });
+    await createServer(CERT_LOCALHOST_IP, async port => {
+      for (const isBusy of [true, false]) {
+        let count = 0;
+        const urls = [`https://localhost:${port}`, `https://127.0.0.1:${port}`];
+        const promises = urls.map(async url => {
+          await fetch(url, {
+            keepalive: false,
+            tls: {
+              ca: validTls.cert,
+              checkServerIdentity(hostname: string, cert: tls.PeerCertificate) {
+                count++;
+                return tls.checkServerIdentity(hostname, cert);
+              },
+            },
+          }).then((res: Response) => res.blob());
+        });
+        if (isBusy) {
+          const start = performance.now();
+          while (performance.now() - start < 500) {}
+        }
+        await Promise.all(promises);
+        expect(count).toBe(2);
+      }
+    });
+  });
+
+  it("fetch with valid tls and non-native checkServerIdentity that throws should reject", async () => {
+    await createServer(CERT_LOCALHOST_IP, async port => {
+      let count = 0;
+      const urls = [`https://localhost:${port}`, `https://127.0.0.1:${port}`];
+      const promises = urls.map(async url => {
+        await fetch(url, {
+          keepalive: false,
+          tls: {
+            ca: validTls.cert,
+            checkServerIdentity(hostname: string, cert: tls.PeerCertificate) {
+              count++;
+              throw new Error("CustomError");
+            },
+          },
+        });
+      });
+      const start = performance.now();
+      while (performance.now() - start < 1000) {}
+      expect((await Promise.allSettled(promises)).every(p => p.status === "rejected")).toBe(true);
+      expect(count).toBe(2);
     });
-    const start = performance.now();
-    while (performance.now() - start < 1000) {}
-    expect((await Promise.allSettled(promises)).every(p => p.status === "rejected")).toBe(true);
-    expect(count).toBe(2);
   });
 
   it("fetch with rejectUnauthorized: false should not call checkServerIdentity", async () => {
-    let count = 0;
+    await createServer(CERT_LOCALHOST_IP, async port => {
+      let count = 0;
 
-    await fetch("https://example.com", {
-      keepalive: false,
-      tls: {
-        rejectUnauthorized: false,
-        checkServerIdentity(hostname: string, cert: tls.PeerCertificate) {
-          count++;
-          return tls.checkServerIdentity(hostname, cert);
+      await fetch(`https://localhost:${port}`, {
+        keepalive: false,
+        tls: {
+          rejectUnauthorized: false,
+          checkServerIdentity(hostname: string, cert: tls.PeerCertificate) {
+            count++;
+            return tls.checkServerIdentity(hostname, cert);
+          },
         },
-      },
-    }).then((res: Response) => res.blob());
-    expect(count).toBe(0);
+      }).then((res: Response) => res.blob());
+      expect(count).toBe(0);
+    });
   });
 
   it("fetch with self-sign tls should throw", async () => {
@@ -152,20 +168,23 @@ describe.concurrent("fetch-tls", () => {
   });
 
   it("fetch with checkServerIdentity failing should throw", async () => {
-    try {
-      await fetch(`https://example.com`, {
-        keepalive: false,
-        tls: {
-          checkServerIdentity() {
-            return new Error("CustomError");
+    await createServer(CERT_LOCALHOST_IP, async port => {
+      try {
+        await fetch(`https://localhost:${port}`, {
+          keepalive: false,
+          tls: {
+            ca: validTls.cert,
+            checkServerIdentity() {
+              return new Error("CustomError");
+            },
           },
-        },
-      }).then((res: Response) => res.blob());
+        }).then((res: Response) => res.blob());
 
-      expect.unreachable();
-    } catch (e: any) {
-      expect(e.message).toBe("CustomError");
-    }
+        expect.unreachable();
+      } catch (e: any) {
+        expect(e.message).toBe("CustomError");
+      }
+    });
   });
 
   it("fetch with self-sign certificate tls + rejectUnauthorized: false should not throw", async () => {

test/js/workerd/html-rewriter.test.js

@@ -109,13 +109,22 @@ describe("HTMLRewriter", () => {
     await gcTick();
     let content;
     {
+      using contentServer = Bun.serve({
+        port: 0,
+        fetch(req) {
+          return new Response("<h1>Hello from content server</h1>", {
+            headers: { "Content-Type": "text/html" },
+          });
+        },
+      });
+
       using server = Bun.serve({
         port: 0,
         fetch(req) {
           return new HTMLRewriter()
             .on("div", {
               async element(element) {
-                content = await fetch("https://www.example.com/").then(res => res.text());
+                content = await fetch(`http://localhost:${contentServer.port}/`).then(res => res.text());
                 element.setInnerContent(content, { html: true });
               },
             })

test/regression/fixtures/cert.key

@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCIzOJskt6VkEJY
-XKSJv/Gdil3XYkjk3NVc/+m+kzqnkTRbPtT9w+IGWgmJhuf9DJPLCwHFAEFarVwV
-x16Q0PbU4ajXaLRHEYGhrH10oTMjQnJ24xVm26mxRXPQa5vaLpWJqNyIdNLIQLe+
-UXUOzSGGsFTRMAjvYrkzjBe4ZUnaZV+aFY/ug0jfzeA1dJjzKZs6+yTJRbsuWUEb
-8MsDmT4v+kBZDKdaDn7AFDWRVqx/38BnqsRzkM0CxpnyT2kRzw5zQajIE13gdTJo
-1EHvYSUkkxrY5m30Rl9BuBBZBjhMzOHq0fYVVooHO+sf4XHPgvFTTxJum85u7J1J
-oEUjrLKtAgMBAAECggEACInVNhaiqu4infZGVMy0rXMV8VwSlapM7O2SLtFsr0nK
-XUmaLK6dvGzBPKK9dxdiYCFzPlMKQTkhzsAvYFWSmm3tRmikG+11TFyCRhXLpc8/
-ark4vD9Io6ZkmKUmyKLwtXNjNGcqQtJ7RXc7Ga3nAkueN6JKZHqieZusXVeBGQ70
-YH1LKyVNBeJggbj+g9rqaksPyNJQ8EWiNTJkTRQPazZ0o1VX/fzDFyr/a5npFtHl
-4BHfafv9o1Xyr70Kie8CYYRJNViOCN+ylFs7Gd3XRaAkSkgMT/7DzrHdEM2zrrHK
-yNg2gyDVX9UeEJG2X5UtU0o9BVW7WBshz/2hqIUHoQKBgQC8zsRFvC7u/rGr5vRR
-mhZZG+Wvg03/xBSuIgOrzm+Qie6mAzOdVmfSL/pNV9EFitXt1yd2ROo31AbS7Evy
-Bm/QVKr2mBlmLgov3B7O/e6ABteooOL7769qV/v+yo8VdEg0biHmsfGIIXDe3Lwl
-OT0XwF9r/SeZLbw1zfkSsUVG/QKBgQC5fANM3Dc9LEek+6PHv5+eC1cKkyioEjUl
-/y1VUD00aABI1TUcdLF3BtFN2t/S6HW0hrP3KwbcUfqC25k+GDLh1nM6ZK/gI3Yn
-IGtCHxtE3S6jKhE9QcK/H+PzGVKWge9SezeYRP0GHJYDrTVTA8Kt9HgoZPPeReJl
-+Ss9c8ThcQKBgECX6HQHFnNzNSufXtSQB7dCoQizvjqTRZPxVRoxDOABIGExVTYt
-umUhPtu5AGyJ+/hblEeU+iBRbGg6qRzK8PPwE3E7xey8MYYAI5YjL7YjISKysBUL
-AhM6uJ6Jg/wOBSnSx8xZ8kzlS+0izUda1rjKeprCSArSp8IsjlrDxPStAoGAEcPr
-+P+altRX5Fhpvmb/Hb8OTif8G+TqjEIdkG9H/W38oP0ywg/3M2RGxcMx7txu8aR5
-NjI7zPxZFxF7YvQkY3cLwEsGgVxEI8k6HLIoBXd90Qjlb82NnoqqZY1GWL4HMwo0
-L/Rjm6M/Rwje852Hluu0WoIYzXA6F/Q+jPs6nzECgYAxx4IbDiGXuenkwSF1SUyj
-NwJXhx4HDh7U6EO/FiPZE5BHE3BoTrFu3o1lzverNk7G3m+j+m1IguEAalHlukYl
-rip9iUISlKYqbYZdLBoLwHAfHhszdrjqn8/v6oqbB5yR3HXjPFUWJo0WJ2pqJp56
-ZshgmQQ/5Khoj6x0/dMPSg==
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCt7iqkEIco372h
+v19q0zjaYbm6gzxEnR45UjpQYqgztq4QHicD80mqIkCBCYknFxhwxhNn+Y3g5RWQ
+dReplpQbkneqRVp+qixMvu2FmOA4zRRoqObP7FyF1Yusvmroe0Y9SP2xTTmA9Zo7
+3paywPUIuZ9eKGwIiFTtj1yQ1FdghLhzZgxcf3LHEHRkGnxgxxNITFxh4nd6fGIj
+NqM5fQAY8z35lMXdeWjrhtaqgFYB+Z20YY0X7LJx39vYao0wqW8sZjX88TqHI1zX
+WLpUk6UK9RqaNza5xc80wV+9/zjhr3dc1FRjBxI1DS/ufo33dUfvilxv9/LtWwUn
+KfKLns9LAgMBAAECggEAAacPHM2G7GBIm/9rCr6tvihNgD8M685zOOZAqGYn9CqY
+cYHC4gtF/L2U6CBj2pNAoCwo3LXUkD+6r7MYKXAgqQg3HTCM4rwFbhD1rU8FVHfh
+OL0QwwZ2ut95DVdjoxTAlEN9ZcdSFc//llMJ1cF8lxoVvKFc4cv3uCI2mcaJk858
+iABfJLl3yfdv1xtpAuOfXf66sXbAmn5NQfN0qTEg2iOdgb4BUee5Wb35MakDQb6+
+/s7/bWB+ublZzYt12ChIh1jkBBHaGyQ8mFnPj99ZAJdFjAzi6ydoJ0a2rCVY7Ugs
+bkhnzDUtAaHKxo9JXaqIwbUaVFkX8dDhbg82dJrWUQKBgQDb7hNR0bJFW845N19M
+74p2PM+0dIiVzwxAg4E2dXDVe39awO/tw8Vu1o1+NPFhWAzGcidP7pAHmPEgRTVO
+7LA2P3CDXpkAEx5E0QW6QWZGqHfSa3+P1AvetvAV+OxtlDphcNeLApY16TUVOKZg
+SZlxW2e0dZylbHewgLBTIV9wUQKBgQDKdML+JD18WfenPeowsw8HzKdaw01iGiV1
+fvTjEXu6YxPPynWFMuj5gjBQodXM2vv0EsQBAPKYfe0nzRFL2kNuYs7TLoaNxqkp
+DNfJ2Ww5OSg7Mp76XgppeKKlsXLyUMYHHrDh6MRi5jvWtiHRpaNmV3cHMRs22c+B
+cqKP5Zma2wKBgCPNnS2Lsrbh3C+qWQRgVq0q9zFMa1PgEgGKpwVjlwvaAACZOjX9
+0e1aVkx+d/E98U55FPdJQf9Koa58NdJ0a7dZGor4YnYFpr7TPFh2/xxvnpoN0AVt
+IsWOCIW7MVohcGOeiChkMmnyXibnQwaX1LgEhlx1bRvtDYsZWBsgarYRAoGAARvo
+oYnDSHYZtDHToZapg2pslEOzndD02ZLrdn73BYtbZWz/fc5MlmlPKHHqgOfGL40W
+w8akjY9LCEfIS3kTm3wxE9kSZZ5r+MyYNgPZ4upcPQ7G7iortm4xveSd85PbsdhK
+McKbqMsIEuIGh2Z34ayi+0galQ9WYqglGdKxJ7cCgYEAuSPBHa+en0xaraZNRvMk
+OfV9Su/wrpR3TXSeo0E1mZHLwq1JwulpfO1SjxTH5uOJtG0tusl122wfm0KjrXUO
+vG5/It+X4u1Nv9oWj+z1+EV4fQrQ/Coqcc1r+5w1yzfURkKlHh74jbK5Yy/KfXrE
+eqbbJD40tKhY8ho15D3iCSo=
 -----END PRIVATE KEY-----

test/regression/fixtures/cert.pem

@@ -1,23 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIUN7coIsdMcLo9amZfkwogu0YkeLEwDQYJKoZIhvcNAQEL
+MIIEDDCCAvSgAwIBAgIUbddWE2woW5e96uC4S2fd2M0AsFAwDQYJKoZIhvcNAQEL
 BQAwfjELMAkGA1UEBhMCU0UxDjAMBgNVBAgMBVN0YXRlMREwDwYDVQQHDAhMb2Nh
 dGlvbjEaMBgGA1UECgwRT3JnYW5pemF0aW9uIE5hbWUxHDAaBgNVBAsME09yZ2Fu
-aXphdGlvbmFsIFVuaXQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA5MjExNDE2
-MjNaFw0yNDA5MjAxNDE2MjNaMH4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVTdGF0
+aXphdGlvbmFsIFVuaXQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yNjAyMTMyMzEx
+MjlaFw0zNjAyMTEyMzExMjlaMH4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVTdGF0
 ZTERMA8GA1UEBwwITG9jYXRpb24xGjAYBgNVBAoMEU9yZ2FuaXphdGlvbiBOYW1l
 MRwwGgYDVQQLDBNPcmdhbml6YXRpb25hbCBVbml0MRIwEAYDVQQDDAlsb2NhbGhv
-c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIzOJskt6VkEJYXKSJ
-v/Gdil3XYkjk3NVc/+m+kzqnkTRbPtT9w+IGWgmJhuf9DJPLCwHFAEFarVwVx16Q
-0PbU4ajXaLRHEYGhrH10oTMjQnJ24xVm26mxRXPQa5vaLpWJqNyIdNLIQLe+UXUO
-zSGGsFTRMAjvYrkzjBe4ZUnaZV+aFY/ug0jfzeA1dJjzKZs6+yTJRbsuWUEb8MsD
-mT4v+kBZDKdaDn7AFDWRVqx/38BnqsRzkM0CxpnyT2kRzw5zQajIE13gdTJo1EHv
-YSUkkxrY5m30Rl9BuBBZBjhMzOHq0fYVVooHO+sf4XHPgvFTTxJum85u7J1JoEUj
-rLKtAgMBAAGjXDBaMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD
-ATAUBgNVHREEDTALgglsb2NhbGhvc3QwHQYDVR0OBBYEFNzx4Rfs9m8XR5ML0WsI
-sorKmB4PMA0GCSqGSIb3DQEBCwUAA4IBAQB87iQy8R0fiOky9WTcyzVeMaavS3MX
-iTe1BRn1OCyDq+UiwwoNz7zdzZJFEmRtFBwPNFOe4HzLu6E+7yLFR552eYRHlqIi
-/fiLb5JiZfPtokUHeqwELWBsoXtU8vKxViPiLZ09jkWOPZWo7b/xXd6QYykBfV91
-usUXLzyTD2orMagpqNksLDGS3p3ggHEJBZtRZA8R7kPEw98xZHznOQpr26iv8kYz
-ZWdLFoFdwgFBSfxePKax5rfo+FbwdrcTX0MhbORyiu2XsBAghf8s2vKDkHg2UQE8
-haonxFYMFaASfaZ/5vWKYDTCJkJ67m/BtkpRafFEO+ad1i1S61OjfxH4
+c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt7iqkEIco372hv19q
+0zjaYbm6gzxEnR45UjpQYqgztq4QHicD80mqIkCBCYknFxhwxhNn+Y3g5RWQdRep
+lpQbkneqRVp+qixMvu2FmOA4zRRoqObP7FyF1Yusvmroe0Y9SP2xTTmA9Zo73pay
+wPUIuZ9eKGwIiFTtj1yQ1FdghLhzZgxcf3LHEHRkGnxgxxNITFxh4nd6fGIjNqM5
+fQAY8z35lMXdeWjrhtaqgFYB+Z20YY0X7LJx39vYao0wqW8sZjX88TqHI1zXWLpU
+k6UK9RqaNza5xc80wV+9/zjhr3dc1FRjBxI1DS/ufo33dUfvilxv9/LtWwUnKfKL
+ns9LAgMBAAGjgYEwfzAdBgNVHQ4EFgQUQCpSY7ODhdyD6pdZHvfHoWRXWsIwHwYD
+VR0jBBgwFoAUQCpSY7ODhdyD6pdZHvfHoWRXWsIwDwYDVR0TAQH/BAUwAwEB/zAs
+BgNVHREEJTAjgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJ
+KoZIhvcNAQELBQADggEBAGKTIzGQsOqfD0+x15F2cu7FKjIo1ua0OiILAhPqGX65
+kGcetjC/dJip2bGnw1NjG9WxEJNZ4YcsGrwh9egfnXXmfHNL0wzx/LTo2oysbXsN
+nEj+cmzw3Lwjn/ywJc+AC221/xrmDfm3m/hMzLqncnj23ZAHqkXTSp5UtSMs+UDQ
+my0AJOvsDGPVKHQsAX3JDjKHaoVJn4YqpHcIGmpjrNcQSvwUocDHPcC0ywco6SgF
+Ylzy2bwWWdPd9Cz9JkAMb95nWc7Rwf/nxAqCjJFzKEisvrx7VZ+QSVI0nqJzt8V1
+pbtWYH5gMFVstU3ghWdSLbAk4XufGYrIWAlA5mqjQ4o=
 -----END CERTIFICATE-----

test/regression/issue/27014.test.ts

@@ -0,0 +1,8 @@
+import { expect, test } from "bun:test";
+
+// https://github.com/oven-sh/bun/issues/27014
+test("Bun.stripANSI does not hang on non-ANSI control characters", () => {
+  const s = "\u0016zo\u00BAd\u0019\u00E8\u00E0\u0013?\u00C1+\u0014d\u00D3\u00E9";
+  const result = Bun.stripANSI(s);
+  expect(result).toBe(s);
+});

test/regression/issue/27025.test.ts

@@ -0,0 +1,31 @@
+import { expect, test } from "bun:test";
+import { X509Certificate } from "crypto";
+import { readFileSync } from "fs";
+import { join } from "path";
+
+const certPem = readFileSync(join(import.meta.dir, "../../js/node/test/fixtures/keys/agent1-cert.pem"));
+
+test("issuerCertificate should return undefined for directly-parsed certificates without crashing", () => {
+  const cert = new X509Certificate(certPem);
+
+  // issuerCertificate is only populated for certificates obtained from TLS
+  // connections with a peer certificate chain. For directly parsed certs,
+  // it should be undefined (matching Node.js behavior).
+  expect(cert.issuerCertificate).toBeUndefined();
+});
+
+test("X509Certificate properties should not crash on valid certificates", () => {
+  const cert = new X509Certificate(certPem);
+
+  // These should all work without segfaulting
+  expect(cert.subject).toBeDefined();
+  expect(cert.issuer).toBeDefined();
+  expect(cert.validFrom).toBeDefined();
+  expect(cert.validTo).toBeDefined();
+  expect(cert.fingerprint).toBeDefined();
+  expect(cert.fingerprint256).toBeDefined();
+  expect(cert.fingerprint512).toBeDefined();
+  expect(cert.serialNumber).toBeDefined();
+  expect(cert.raw).toBeInstanceOf(Uint8Array);
+  expect(cert.ca).toBe(false);
+});

test/vendor.json

@@ -2,6 +2,6 @@
   {
     "package": "elysia",
     "repository": "https://github.com/elysiajs/elysia",
-    "tag": "1.4.12"
+    "tag": "1.4.25"
   }
 ]