diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 63e76a27fab182..f85c224898db30 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -14,6 +14,3 @@ Contributors guide: https://github.com/nodejs/node/blob/master/CONTRIBUTING.md
 - [ ] tests and/or benchmarks are included
 - [ ] documentation is changed or added
 - [ ] commit message follows [commit guidelines](https://github.com/nodejs/node/blob/master/doc/guides/contributing/pull-requests.md#commit-message-guidelines)
-
-##### Affected core subsystem(s)
-<!-- Provide affected core subsystem(s) (like doc, cluster, crypto, etc). -->
diff --git a/Makefile b/Makefile
index 84f2f3fb28af66..e9afdc87e72758 100644
--- a/Makefile
+++ b/Makefile
@@ -172,13 +172,13 @@ coverage-build: all
 		$(NODE) ./deps/npm install istanbul-merge --no-save --no-package-lock; fi
 	if [ ! -d node_modules/nyc ]; then \
 		$(NODE) ./deps/npm install nyc --no-save --no-package-lock; fi
-	if [ ! -d gcovr ]; then git clone --depth=1 \
+	if [ ! -d gcovr ]; then git clone -b 3.4 --depth=1 \
 		--single-branch git://github.com/gcovr/gcovr.git; fi
 	if [ ! -d build ]; then git clone --depth=1 \
 		--single-branch https://github.com/nodejs/build.git; fi
-	if [ ! -f gcovr/gcovr/gcov.py.orig ]; then \
-		(cd gcovr && patch -b -N -p1 < \
-		"$(CURDIR)/build/jenkins/scripts/coverage/gcovr-patches.diff"); fi
+	if [ ! -f gcovr/scripts/gcovr.orig ]; then \
+		(cd gcovr && patch -N -p1 < \
+		"$(CURDIR)/build/jenkins/scripts/coverage/gcovr-patches-3.4.diff"); fi
 	if [ -d lib_ ]; then $(RM) -r lib; mv lib_ lib; fi
 	mv lib lib_
 	$(NODE) ./node_modules/.bin/nyc instrument --extension .js --extension .mjs lib_/ lib/
@@ -203,7 +203,7 @@ coverage-test: coverage-build
 	(cd lib && .$(NODE) ../node_modules/.bin/nyc report \
 		--temp-directory "$(CURDIR)/.cov_tmp" \
 		--report-dir "../coverage")
-	-(cd out && PYTHONPATH=$(CURDIR)/gcovr $(PYTHON) -m gcovr --gcov-exclude='.*deps' \
+	-(cd out && "../gcovr/scripts/gcovr" --gcov-exclude='.*deps' \
 		--gcov-exclude='.*usr' -v -r Release/obj.target \
 		--html --html-detail -o ../coverage/cxxcoverage.html \
 		--gcov-executable="$(GCOV)")
diff --git a/common.gypi b/common.gypi
index 5752c17168d50a..5a5409cb0c610f 100644
--- a/common.gypi
+++ b/common.gypi
@@ -27,7 +27,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.20',
+    'v8_embedder_string': '-node.22',
 
     # Enable disassembler for `--print-code` v8 options
     'v8_enable_disassembler': 1,
diff --git a/deps/v8/src/api.cc b/deps/v8/src/api.cc
index bd4a0fde702a7b..5c559ceb8adbc1 100644
--- a/deps/v8/src/api.cc
+++ b/deps/v8/src/api.cc
@@ -889,8 +889,7 @@ void ResourceConstraints::ConfigureDefaults(uint64_t physical_memory,
                                             uint64_t virtual_memory_limit) {
   set_max_semi_space_size_in_kb(
       i::Heap::ComputeMaxSemiSpaceSize(physical_memory));
-  set_max_old_space_size(
-      static_cast<int>(i::Heap::ComputeMaxOldGenerationSize(physical_memory)));
+  set_max_old_space_size(i::Heap::ComputeMaxOldGenerationSize(physical_memory));
   set_max_zone_pool_size(i::AccountingAllocator::kMaxPoolSize);
 
   if (virtual_memory_limit > 0 && i::kRequiresCodeRange) {
@@ -905,7 +904,9 @@ void ResourceConstraints::ConfigureDefaults(uint64_t physical_memory,
 void SetResourceConstraints(i::Isolate* isolate,
                             const ResourceConstraints& constraints) {
   size_t semi_space_size = constraints.max_semi_space_size_in_kb();
-  int old_space_size = constraints.max_old_space_size();
+  size_t old_space_size =
+      static_cast<size_t>(
+          static_cast<unsigned int>(constraints.max_old_space_size()));
   size_t code_range_size = constraints.code_range_size();
   size_t max_pool_size = constraints.max_zone_pool_size();
   if (semi_space_size != 0 || old_space_size != 0 || code_range_size != 0) {
diff --git a/deps/v8/src/bootstrapper.cc b/deps/v8/src/bootstrapper.cc
index dc211962685b77..950436493caa04 100644
--- a/deps/v8/src/bootstrapper.cc
+++ b/deps/v8/src/bootstrapper.cc
@@ -5299,6 +5299,11 @@ Genesis::Genesis(
     if (!InstallDebuggerNatives()) return;
   }
 
+  if (FLAG_disallow_code_generation_from_strings) {
+    native_context()->set_allow_code_gen_from_strings(
+        isolate->heap()->false_value());
+  }
+
   ConfigureUtilsObject(context_type);
 
   // Check that the script context table is empty except for the 'this' binding.
diff --git a/deps/v8/src/flag-definitions.h b/deps/v8/src/flag-definitions.h
index bcb5a2c982b5a7..315cc2b6cd4380 100644
--- a/deps/v8/src/flag-definitions.h
+++ b/deps/v8/src/flag-definitions.h
@@ -161,12 +161,14 @@ struct MaybeBoolFlag {
 #define DEFINE_INT(nam, def, cmt) FLAG(INT, int, nam, def, cmt)
 #define DEFINE_UINT(nam, def, cmt) FLAG(UINT, unsigned int, nam, def, cmt)
 #define DEFINE_FLOAT(nam, def, cmt) FLAG(FLOAT, double, nam, def, cmt)
+#define DEFINE_SIZE_T(nam, def, cmt) FLAG(SIZE_T, size_t, nam, def, cmt)
 #define DEFINE_STRING(nam, def, cmt) FLAG(STRING, const char*, nam, def, cmt)
 #define DEFINE_ARGS(nam, cmt) FLAG(ARGS, JSArguments, nam, {0 COMMA NULL}, cmt)
 
 #define DEFINE_ALIAS_BOOL(alias, nam) FLAG_ALIAS(BOOL, bool, alias, nam)
 #define DEFINE_ALIAS_INT(alias, nam) FLAG_ALIAS(INT, int, alias, nam)
 #define DEFINE_ALIAS_FLOAT(alias, nam) FLAG_ALIAS(FLOAT, double, alias, nam)
+#define DEFINE_ALIAS_SIZE_T(alias, nam) FLAG_ALIAS(SIZE_T, size_t, alias, nam)
 #define DEFINE_ALIAS_STRING(alias, nam) \
   FLAG_ALIAS(STRING, const char*, alias, nam)
 #define DEFINE_ALIAS_ARGS(alias, nam) FLAG_ALIAS(ARGS, JSArguments, alias, nam)
@@ -553,18 +555,18 @@ DEFINE_BOOL(trace_opt_verbose, false, "extra verbose compilation tracing")
 DEFINE_IMPLICATION(trace_opt_verbose, trace_opt)
 
 // Garbage collections flags.
-DEFINE_INT(min_semi_space_size, 0,
-           "min size of a semi-space (in MBytes), the new space consists of two"
-           "semi-spaces")
-DEFINE_INT(max_semi_space_size, 0,
-           "max size of a semi-space (in MBytes), the new space consists of two"
-           "semi-spaces")
+DEFINE_SIZE_T(min_semi_space_size, 0,
+              "min size of a semi-space (in MBytes), the new space consists of "
+              "two semi-spaces")
+DEFINE_SIZE_T(max_semi_space_size, 0,
+              "max size of a semi-space (in MBytes), the new space consists of "
+              "two semi-spaces")
 DEFINE_INT(semi_space_growth_factor, 2, "factor by which to grow the new space")
 DEFINE_BOOL(experimental_new_space_growth_heuristic, false,
             "Grow the new space based on the percentage of survivors instead "
             "of their absolute value.")
-DEFINE_INT(max_old_space_size, 0, "max size of the old space (in Mbytes)")
-DEFINE_INT(initial_old_space_size, 0, "initial old space size (in Mbytes)")
+DEFINE_SIZE_T(max_old_space_size, 0, "max size of the old space (in Mbytes)")
+DEFINE_SIZE_T(initial_old_space_size, 0, "initial old space size (in Mbytes)")
 DEFINE_BOOL(gc_global, false, "always perform global GCs")
 DEFINE_INT(gc_interval, -1, "garbage collect after <n> allocations")
 DEFINE_INT(retain_maps_for_n_gc, 2,
@@ -732,6 +734,8 @@ DEFINE_BOOL(expose_trigger_failure, false, "expose trigger-failure extension")
 DEFINE_INT(stack_trace_limit, 10, "number of stack frames to capture")
 DEFINE_BOOL(builtins_in_stack_traces, false,
             "show built-in functions in stack traces")
+DEFINE_BOOL(disallow_code_generation_from_strings, false,
+            "disallow eval and friends")
 
 // builtins.cc
 DEFINE_BOOL(allow_unsafe_function_constructor, false,
diff --git a/deps/v8/src/flags.cc b/deps/v8/src/flags.cc
index 9fdc5d04be84dd..5a727514689c1a 100644
--- a/deps/v8/src/flags.cc
+++ b/deps/v8/src/flags.cc
@@ -5,6 +5,7 @@
 #include "src/flags.h"
 
 #include <cctype>
+#include <cerrno>
 #include <cstdlib>
 #include <sstream>
 
@@ -40,6 +41,7 @@ struct Flag {
     TYPE_INT,
     TYPE_UINT,
     TYPE_FLOAT,
+    TYPE_SIZE_T,
     TYPE_STRING,
     TYPE_ARGS
   };
@@ -82,6 +84,11 @@ struct Flag {
     return reinterpret_cast<double*>(valptr_);
   }
 
+  size_t* size_t_variable() const {
+    DCHECK(type_ == TYPE_SIZE_T);
+    return reinterpret_cast<size_t*>(valptr_);
+  }
+
   const char* string_value() const {
     DCHECK(type_ == TYPE_STRING);
     return *reinterpret_cast<const char**>(valptr_);
@@ -120,6 +127,11 @@ struct Flag {
     return *reinterpret_cast<const double*>(defptr_);
   }
 
+  size_t size_t_default() const {
+    DCHECK(type_ == TYPE_SIZE_T);
+    return *reinterpret_cast<const size_t*>(defptr_);
+  }
+
   const char* string_default() const {
     DCHECK(type_ == TYPE_STRING);
     return *reinterpret_cast<const char* const *>(defptr_);
@@ -143,6 +155,8 @@ struct Flag {
         return *uint_variable() == uint_default();
       case TYPE_FLOAT:
         return *float_variable() == float_default();
+      case TYPE_SIZE_T:
+        return *size_t_variable() == size_t_default();
       case TYPE_STRING: {
         const char* str1 = string_value();
         const char* str2 = string_default();
@@ -174,6 +188,9 @@ struct Flag {
       case TYPE_FLOAT:
         *float_variable() = float_default();
         break;
+      case TYPE_SIZE_T:
+        *size_t_variable() = size_t_default();
+        break;
       case TYPE_STRING:
         set_string_value(string_default(), false);
         break;
@@ -202,6 +219,8 @@ static const char* Type2String(Flag::FlagType type) {
     case Flag::TYPE_UINT:
       return "uint";
     case Flag::TYPE_FLOAT: return "float";
+    case Flag::TYPE_SIZE_T:
+      return "size_t";
     case Flag::TYPE_STRING: return "string";
     case Flag::TYPE_ARGS: return "arguments";
   }
@@ -228,6 +247,9 @@ std::ostream& operator<<(std::ostream& os, const Flag& flag) {  // NOLINT
     case Flag::TYPE_FLOAT:
       os << *flag.float_variable();
       break;
+    case Flag::TYPE_SIZE_T:
+      os << *flag.size_t_variable();
+      break;
     case Flag::TYPE_STRING: {
       const char* str = flag.string_value();
       os << (str ? str : "NULL");
@@ -360,6 +382,27 @@ static Flag* FindFlag(const char* name) {
   return NULL;
 }
 
+template <typename T>
+bool TryParseUnsigned(Flag* flag, const char* arg, const char* value,
+                      char** endp, T* out_val) {
+  // We do not use strtoul because it accepts negative numbers.
+  // Rejects values >= 2**63 when T is 64 bits wide but that
+  // seems like an acceptable trade-off.
+  uint64_t max = static_cast<uint64_t>(std::numeric_limits<T>::max());
+  errno = 0;
+  int64_t val = static_cast<int64_t>(strtoll(value, endp, 10));
+  if (val < 0 || static_cast<uint64_t>(val) > max || errno != 0) {
+    PrintF(stderr,
+           "Error: Value for flag %s of type %s is out of bounds "
+           "[0-%" PRIu64
+           "]\n"
+           "Try --help for options\n",
+           arg, Type2String(flag->type()), max);
+    return false;
+  }
+  *out_val = static_cast<T>(val);
+  return true;
+}
 
 // static
 int FlagList::SetFlagsFromCommandLine(int* argc,
@@ -425,27 +468,21 @@ int FlagList::SetFlagsFromCommandLine(int* argc,
         case Flag::TYPE_INT:
           *flag->int_variable() = static_cast<int>(strtol(value, &endp, 10));
           break;
-        case Flag::TYPE_UINT: {
-          // We do not use strtoul because it accepts negative numbers.
-          int64_t val = static_cast<int64_t>(strtoll(value, &endp, 10));
-          if (val < 0 || val > std::numeric_limits<unsigned int>::max()) {
-            PrintF(stderr,
-                   "Error: Value for flag %s of type %s is out of bounds "
-                   "[0-%" PRIu64
-                   "]\n"
-                   "Try --help for options\n",
-                   arg, Type2String(flag->type()),
-                   static_cast<uint64_t>(
-                       std::numeric_limits<unsigned int>::max()));
+        case Flag::TYPE_UINT:
+          if (!TryParseUnsigned(flag, arg, value, &endp,
+                                flag->uint_variable())) {
             return_code = j;
-            break;
           }
-          *flag->uint_variable() = static_cast<unsigned int>(val);
           break;
-        }
         case Flag::TYPE_FLOAT:
           *flag->float_variable() = strtod(value, &endp);
           break;
+        case Flag::TYPE_SIZE_T:
+          if (!TryParseUnsigned(flag, arg, value, &endp,
+                                flag->size_t_variable())) {
+            return_code = j;
+          }
+          break;
         case Flag::TYPE_STRING:
           flag->set_string_value(value ? StrDup(value) : NULL, true);
           break;
diff --git a/deps/v8/src/heap/heap.cc b/deps/v8/src/heap/heap.cc
index b13ec784f56358..5120975cb12628 100644
--- a/deps/v8/src/heap/heap.cc
+++ b/deps/v8/src/heap/heap.cc
@@ -5463,8 +5463,8 @@ bool Heap::ConfigureHeap(size_t max_semi_space_size_in_kb,
 
   // The new space size must be a power of two to support single-bit testing
   // for containment.
-  max_semi_space_size_ = base::bits::RoundUpToPowerOfTwo32(
-      static_cast<uint32_t>(max_semi_space_size_));
+  max_semi_space_size_ = static_cast<size_t>(base::bits::RoundUpToPowerOfTwo64(
+      static_cast<uint64_t>(max_semi_space_size_)));
 
   if (max_semi_space_size_ == kMaxSemiSpaceSizeInKB * KB) {
     // Start with at least 1*MB semi-space on machines with a lot of memory.
diff --git a/deps/v8/src/heap/heap.h b/deps/v8/src/heap/heap.h
index 7b877703855c88..f1e65b8a5f0968 100644
--- a/deps/v8/src/heap/heap.h
+++ b/deps/v8/src/heap/heap.h
@@ -584,15 +584,15 @@ class Heap {
 #endif
 
   // Semi-space size needs to be a multiple of page size.
-  static const int kMinSemiSpaceSizeInKB =
+  static const size_t kMinSemiSpaceSizeInKB =
       1 * kPointerMultiplier * ((1 << kPageSizeBits) / KB);
-  static const int kMaxSemiSpaceSizeInKB =
+  static const size_t kMaxSemiSpaceSizeInKB =
       16 * kPointerMultiplier * ((1 << kPageSizeBits) / KB);
 
   // The old space size has to be a multiple of Page::kPageSize.
   // Sizes are in MB.
-  static const int kMinOldGenerationSize = 128 * kPointerMultiplier;
-  static const int kMaxOldGenerationSize = 1024 * kPointerMultiplier;
+  static const size_t kMinOldGenerationSize = 128 * kPointerMultiplier;
+  static const size_t kMaxOldGenerationSize = 1024 * kPointerMultiplier;
 
   static const int kTraceRingBufferSize = 512;
   static const int kStacktraceBufferSize = 512;
@@ -1293,10 +1293,10 @@ class Heap {
   size_t MaxOldGenerationSize() { return max_old_generation_size_; }
 
   static size_t ComputeMaxOldGenerationSize(uint64_t physical_memory) {
-    const int old_space_physical_memory_factor = 4;
-    int computed_size =
-        static_cast<int>(physical_memory / i::MB /
-                         old_space_physical_memory_factor * kPointerMultiplier);
+    const size_t old_space_physical_memory_factor = 4;
+    size_t computed_size = static_cast<size_t>(
+        physical_memory / i::MB / old_space_physical_memory_factor *
+        kPointerMultiplier);
     return Max(Min(computed_size, kMaxOldGenerationSize),
                kMinOldGenerationSize);
   }
@@ -1308,11 +1308,11 @@ class Heap {
     uint64_t capped_physical_memory =
         Max(Min(physical_memory, max_physical_memory), min_physical_memory);
     // linearly scale max semi-space size: (X-A)/(B-A)*(D-C)+C
-    int semi_space_size_in_kb =
-        static_cast<int>(((capped_physical_memory - min_physical_memory) *
-                          (kMaxSemiSpaceSizeInKB - kMinSemiSpaceSizeInKB)) /
-                             (max_physical_memory - min_physical_memory) +
-                         kMinSemiSpaceSizeInKB);
+    size_t semi_space_size_in_kb =
+        static_cast<size_t>(((capped_physical_memory - min_physical_memory) *
+                             (kMaxSemiSpaceSizeInKB - kMinSemiSpaceSizeInKB)) /
+                                (max_physical_memory - min_physical_memory) +
+                            kMinSemiSpaceSizeInKB);
     return RoundUp(semi_space_size_in_kb, (1 << kPageSizeBits) / KB);
   }
 
diff --git a/deps/v8/test/mjsunit/disallow-codegen-from-strings.js b/deps/v8/test/mjsunit/disallow-codegen-from-strings.js
new file mode 100644
index 00000000000000..30d1b967d5f128
--- /dev/null
+++ b/deps/v8/test/mjsunit/disallow-codegen-from-strings.js
@@ -0,0 +1,9 @@
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --disallow-code-generation-from-strings
+
+assertThrows("1 + 1", EvalError);
+assertThrows(() => eval("1 + 1"), EvalError);
+assertThrows(() => Function("x", "return x + 1"), EvalError);
diff --git a/doc/api/_toc.md b/doc/api/_toc.md
index 420fb362fa537a..b8002fb78163ac 100644
--- a/doc/api/_toc.md
+++ b/doc/api/_toc.md
@@ -1,5 +1,9 @@
 @// NB(chrisdickinson): if you move this file, be sure to update tools/doc/html.js to
 @// point at the new location.
+@// tools/doc/html.js to point at the new location.
+
+<!--introduced_in=v0.10.0-->
+
 * [About these Docs](documentation.html)
 * [Usage & Example](synopsis.html)
 
diff --git a/doc/api/fs.md b/doc/api/fs.md
index 34320bcf1fdafa..f59d58c7466a02 100644
--- a/doc/api/fs.md
+++ b/doc/api/fs.md
@@ -2529,8 +2529,19 @@ changes:
 * `callback` {Function}
   * `err` {Error}
 
-Asynchronous rename(2). No arguments other than a possible exception are given
-to the completion callback.
+Asynchronously rename file at `oldPath` to the pathname provided
+as `newPath`. In the case that `newPath` already exists, it will
+be overwritten. No arguments other than a possible exception are
+given to the completion callback.
+
+See also: rename(2).
+
+```js
+fs.rename('oldFile.txt', 'newFile.txt', (err) => {
+  if (err) throw err;
+  console.log('Rename complete!');
+});
+```
 
 ## fs.renameSync(oldPath, newPath)
 <!-- YAML
diff --git a/doc/api/perf_hooks.md b/doc/api/perf_hooks.md
index 5bef91eafb7603..27bcc8bf99e829 100644
--- a/doc/api/perf_hooks.md
+++ b/doc/api/perf_hooks.md
@@ -181,7 +181,8 @@ added: v8.5.0
 
 * Returns: {number}
 
-Returns the current high resolution millisecond timestamp.
+Returns the current high resolution millisecond timestamp, where 0 represents
+the start of the current `node` process.
 
 ### performance.timeOrigin
 <!-- YAML
@@ -190,8 +191,8 @@ added: v8.5.0
 
 * {number}
 
-The [`timeOrigin`][] specifies the high resolution millisecond timestamp from
-which all performance metric durations are measured.
+The [`timeOrigin`][] specifies the high resolution millisecond timestamp at
+which the current `node` process began, measured in Unix time.
 
 ### performance.timerify(fn)
 <!-- YAML
@@ -302,7 +303,8 @@ added: v8.5.0
 * {number}
 
 The high resolution millisecond timestamp at which the Node.js process
-completed bootstrap.
+completed bootstrapping. If bootstrapping has not yet finished, the property
+has the value of -1.
 
 ### performanceNodeTiming.clusterSetupEnd
 <!-- YAML
@@ -311,7 +313,8 @@ added: v8.5.0
 
 * {number}
 
-The high resolution millisecond timestamp at which cluster processing ended.
+The high resolution millisecond timestamp at which cluster processing ended. If
+cluster processing has not yet ended, the property has the value of -1.
 
 ### performanceNodeTiming.clusterSetupStart
 <!-- YAML
@@ -321,6 +324,7 @@ added: v8.5.0
 * {number}
 
 The high resolution millisecond timestamp at which cluster processing started.
+If cluster processing has not yet started, the property has the value of -1.
 
 ### performanceNodeTiming.loopExit
 <!-- YAML
@@ -330,7 +334,8 @@ added: v8.5.0
 * {number}
 
 The high resolution millisecond timestamp at which the Node.js event loop
-exited.
+exited. If the event loop has not yet exited, the property has the value of -1.
+It can only have a value of not -1 in a handler of the [`'exit'`][] event.
 
 ### performanceNodeTiming.loopStart
 <!-- YAML
@@ -340,7 +345,8 @@ added: v8.5.0
 * {number}
 
 The high resolution millisecond timestamp at which the Node.js event loop
-started.
+started. If the event loop has not yet started (e.g., in the first tick of the
+main script), the property has the value of -1.
 
 ### performanceNodeTiming.moduleLoadEnd
 <!-- YAML
@@ -395,8 +401,9 @@ added: v8.5.0
 
 * {number}
 
-The high resolution millisecond timestamp at which third_party_main processing
-ended.
+The high resolution millisecond timestamp at which third\_party\_main
+processing ended. If third\_party\_main processing has not yet ended, the
+property has the value of -1.
 
 ### performanceNodeTiming.thirdPartyMainStart
 <!-- YAML
@@ -405,8 +412,9 @@ added: v8.5.0
 
 * {number}
 
-The high resolution millisecond timestamp at which third_party_main processing
-started.
+The high resolution millisecond timestamp at which third\_party\_main
+processing started. If third\_party\_main processing has not yet started, the
+property has the value of -1.
 
 ### performanceNodeTiming.v8Start
 <!-- YAML
@@ -642,6 +650,7 @@ obs.observe({ entryTypes: ['function'], buffered: true });
 require('some-module');
 ```
 
+[`'exit'`]: process.html#process_event_exit
 [`timeOrigin`]: https://w3c.github.io/hr-time/#dom-performance-timeorigin
 [Async Hooks]: async_hooks.html
 [W3C Performance Timeline]: https://w3c.github.io/performance-timeline/
diff --git a/doc/guides/contributing/pull-requests.md b/doc/guides/contributing/pull-requests.md
index 4fd2de923a0e48..7ac8389e313349 100644
--- a/doc/guides/contributing/pull-requests.md
+++ b/doc/guides/contributing/pull-requests.md
@@ -401,10 +401,10 @@ seem unfamiliar, refer to this
 All Pull Requests require "sign off" in order to land. Whenever a contributor
 reviews a Pull Request they may find specific details that they would like to
 see changed or fixed. These may be as simple as fixing a typo, or may involve
-substantive changes to the code you have written. In general, such requests
-are intended to be helpful, but at times may come across as abrupt or unhelpful,
-especially requests to change things that do not include concrete suggestions
-on *how* to change them.
+substantive changes to the code you have written. While such requests are
+intended to be helpful, they may come across as abrupt or unhelpful, especially
+requests to change things that do not include concrete suggestions on *how* to
+change them.
 
 Try not to be discouraged. If you feel that a particular review is unfair,
 say so, or contact one of the other contributors in the project and seek their
@@ -610,8 +610,8 @@ however, will stay intact on the Pull Request page.
 For the size of "one logical change",
 [0b5191f](https://github.com/nodejs/node/commit/0b5191f15d0f311c804d542b67e2e922d98834f8)
 can be a good example. It touches the implementation, the documentation,
-and the tests, but is still one logical change. In general, the tests should
-always pass when each individual commit lands on the master branch.
+and the tests, but is still one logical change. All tests should always pass
+when each individual commit lands on the master branch.
 
 ### Getting Approvals for Your Pull Request
 
diff --git a/doc/onboarding-extras.md b/doc/onboarding-extras.md
index 30e0e7579f36aa..fa2d1ae02d9b60 100644
--- a/doc/onboarding-extras.md
+++ b/doc/onboarding-extras.md
@@ -5,42 +5,43 @@
 | Subsystem                                | Maintainers                                                           |
 | ---                                      | ---                                                                   |
 | `benchmark/*`                            | @nodejs/benchmarking, @mscdex                                         |
-| `bootstrap_node.js`                      | @fishrock123                                                          |
+| `bootstrap_node.js`                      | @nodejs/process                                                       |
 | `doc/*`, `*.md`                          | @nodejs/documentation                                                 |
 | `lib/assert`                             | @nodejs/testing                                                       |
 | `lib/async_hooks`                        | @nodejs/async\_hooks for bugs/reviews (+ @nodejs/diagnostics for API) |
 | `lib/buffer`                             | @nodejs/buffer                                                        |
-| `lib/child_process`                      | @bnoordhuis, @cjihrig                                                 |
-| `lib/cluster`                            | @bnoordhuis, @cjihrig, @mcollina                                      |
+| `lib/child_process`                      | @nodejs/child\_process                                                |
+| `lib/cluster`                            | @nodejs/cluster                                                       |
 | `lib/{crypto,tls,https}`                 | @nodejs/crypto                                                        |
-| `lib/dgram`                              | @cjihrig, @mcollina                                                   |
-| `lib/domains`                            | @misterdjules                                                         |
+| `lib/dgram`                              | @nodejs/dgram                                                         |
+| `lib/domains`                            | @nodejs/domains                                                       |
 | `lib/fs`, `src/{fs,file}`                | @nodejs/fs                                                            |
 | `lib/{_}http{*}`                         | @nodejs/http                                                          |
 | `lib/inspector.js`, `src/inspector_*`    | @nodejs/v8-inspector                                                  |
 | `lib/internal/url`, `src/node_url`       | @nodejs/url                                                           |
 | `lib/net`                                | @bnoordhuis, @indutny, @nodejs/streams                                |
-| `lib/repl`                               | @addaleax, @fishrock123                                               |
+| `lib/repl`                               | @nodejs/repl                                                          |
 | `lib/{_}stream{*}`                       | @nodejs/streams                                                       |
-| `lib/timers`                             | @fishrock123, @misterdjules                                           |
-| `lib/util`                               | @bnoordhuis, @cjihrig, @evanlucas                                     |
-| `lib/zlib`                               | @addaleax, @bnoordhuis, @indutny                                      |
+| `lib/timers`                             | @nodejs/timers                                                        |
+| `lib/util`                               | @nodejs/util                                                          |
+| `lib/zlib`                               | @nodejs/zlib                                                          |
 | `src/async-wrap.*`                       | @nodejs/async\_hooks                                                  |
 | `src/node_api.*`                         | @nodejs/n-api                                                         |
 | `src/node_crypto.*`                      | @nodejs/crypto                                                        |
 | `test/*`                                 | @nodejs/testing                                                       |
-| `tools/node_modules/eslint`, `.eslintrc` | @not-an-aardvark, @silverwind, @trott                                 |
+| `tools/node_modules/eslint`, `.eslintrc` | @nodejs/linting                                                       |
 | build                                    | @nodejs/build                                                         |
 | `src/module_wrap.*`, `lib/internal/loader/*`, `lib/internal/vm/Module.js` | @nodejs/modules                      |
 | GYP                                      | @nodejs/gyp                                                           |
 | performance                              | @nodejs/performance                                                   |
 | platform specific                        | @nodejs/platform-{aix,arm,freebsd,macos,ppc,smartos,s390,windows}     |
 | python code                              | @nodejs/python                                                        |
-| upgrading c-ares                         | @jbergstroem                                                          |
-| upgrading http-parser                    | @jbergstroem, @nodejs/http                                            |
-| upgrading libuv                          | @saghul                                                               |
+| upgrading c-ares                         | @rvagg                                                                |
+| upgrading http-parser                    | @nodejs/http, @nodejs/http2                                           |
+| upgrading libuv                          | @nodejs/libuv                                                         |
 | upgrading npm                            | @fishrock123, @MylesBorins                                            |
 | upgrading V8                             | @nodejs/v8, @nodejs/post-mortem                                       |
+| Embedded use or delivery of Node.js      | @nodejs/delivery-channels                                             |
 
 When things need extra attention, are controversial, or `semver-major`:
 @nodejs/tsc
diff --git a/lib/internal/loader/ModuleJob.js b/lib/internal/loader/ModuleJob.js
index f79cc6cfe1d94a..b3553fc7235d95 100644
--- a/lib/internal/loader/ModuleJob.js
+++ b/lib/internal/loader/ModuleJob.js
@@ -50,10 +50,11 @@ class ModuleJob {
   }
 
   async instantiate() {
-    if (this.instantiated) {
-      return this.instantiated;
+    if (!this.instantiated) {
+      return this.instantiated = this._instantiate();
     }
-    return this.instantiated = this._instantiate();
+    await this.instantiated;
+    return this.module;
   }
 
   // This method instantiates the module associated with this job and its
diff --git a/lib/perf_hooks.js b/lib/perf_hooks.js
index 6fd6e4a6b768ce..bd1bee19fc2a54 100644
--- a/lib/perf_hooks.js
+++ b/lib/perf_hooks.js
@@ -8,6 +8,7 @@ const {
   observerCounts,
   setupObservers,
   timeOrigin,
+  timeOriginTimestamp,
   timerify,
   constants
 } = process.binding('performance');
@@ -145,6 +146,13 @@ function now() {
   return hr[0] * 1000 + hr[1] / 1e6;
 }
 
+function getMilestoneTimestamp(milestoneIdx) {
+  const ns = milestones[milestoneIdx];
+  if (ns === -1)
+    return ns;
+  return ns / 1e6 - timeOrigin;
+}
+
 class PerformanceNodeTiming {
   constructor() {}
 
@@ -157,7 +165,7 @@ class PerformanceNodeTiming {
   }
 
   get startTime() {
-    return timeOrigin;
+    return 0;
   }
 
   get duration() {
@@ -165,59 +173,64 @@ class PerformanceNodeTiming {
   }
 
   get nodeStart() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_NODE_START];
+    return getMilestoneTimestamp(NODE_PERFORMANCE_MILESTONE_NODE_START);
   }
 
   get v8Start() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_V8_START];
+    return getMilestoneTimestamp(NODE_PERFORMANCE_MILESTONE_V8_START);
   }
 
   get environment() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_ENVIRONMENT];
+    return getMilestoneTimestamp(NODE_PERFORMANCE_MILESTONE_ENVIRONMENT);
   }
 
   get loopStart() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_LOOP_START];
+    return getMilestoneTimestamp(NODE_PERFORMANCE_MILESTONE_LOOP_START);
   }
 
   get loopExit() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_LOOP_EXIT];
+    return getMilestoneTimestamp(NODE_PERFORMANCE_MILESTONE_LOOP_EXIT);
   }
 
   get bootstrapComplete() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_BOOTSTRAP_COMPLETE];
+    return getMilestoneTimestamp(NODE_PERFORMANCE_MILESTONE_BOOTSTRAP_COMPLETE);
   }
 
   get thirdPartyMainStart() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_THIRD_PARTY_MAIN_START];
+    return getMilestoneTimestamp(
+      NODE_PERFORMANCE_MILESTONE_THIRD_PARTY_MAIN_START);
   }
 
   get thirdPartyMainEnd() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_THIRD_PARTY_MAIN_END];
+    return getMilestoneTimestamp(
+      NODE_PERFORMANCE_MILESTONE_THIRD_PARTY_MAIN_END);
   }
 
   get clusterSetupStart() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_CLUSTER_SETUP_START];
+    return getMilestoneTimestamp(
+      NODE_PERFORMANCE_MILESTONE_CLUSTER_SETUP_START);
   }
 
   get clusterSetupEnd() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_CLUSTER_SETUP_END];
+    return getMilestoneTimestamp(NODE_PERFORMANCE_MILESTONE_CLUSTER_SETUP_END);
   }
 
   get moduleLoadStart() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_MODULE_LOAD_START];
+    return getMilestoneTimestamp(NODE_PERFORMANCE_MILESTONE_MODULE_LOAD_START);
   }
 
   get moduleLoadEnd() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_MODULE_LOAD_END];
+    return getMilestoneTimestamp(NODE_PERFORMANCE_MILESTONE_MODULE_LOAD_END);
   }
 
   get preloadModuleLoadStart() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_PRELOAD_MODULE_LOAD_START];
+    return getMilestoneTimestamp(
+      NODE_PERFORMANCE_MILESTONE_PRELOAD_MODULE_LOAD_START);
   }
 
   get preloadModuleLoadEnd() {
-    return milestones[NODE_PERFORMANCE_MILESTONE_PRELOAD_MODULE_LOAD_END];
+    return getMilestoneTimestamp(
+      NODE_PERFORMANCE_MILESTONE_PRELOAD_MODULE_LOAD_END);
   }
 
   [kInspect]() {
@@ -466,11 +479,11 @@ class Performance extends PerformanceObserverEntryList {
   }
 
   get timeOrigin() {
-    return timeOrigin;
+    return timeOriginTimestamp;
   }
 
   now() {
-    return now();
+    return now() - timeOrigin;
   }
 
   mark(name) {
@@ -549,8 +562,9 @@ class Performance extends PerformanceObserverEntryList {
 
   [kInspect]() {
     return {
-      timeOrigin,
-      nodeTiming
+      maxEntries: this.maxEntries,
+      nodeTiming: this.nodeTiming,
+      timeOrigin: this.timeOrigin
     };
   }
 }
diff --git a/lib/util.js b/lib/util.js
index 318a4cef24c93d..cd6321cfe5270e 100644
--- a/lib/util.js
+++ b/lib/util.js
@@ -333,9 +333,10 @@ inspect.colors = Object.assign(Object.create(null), {
 });
 
 // Don't use 'blue' not visible on cmd.exe
+const windows = process.platform === 'win32';
 inspect.styles = Object.assign(Object.create(null), {
   'special': 'cyan',
-  'number': 'yellow',
+  'number': windows ? 'yellow' : 'blue',
   'boolean': 'yellow',
   'undefined': 'grey',
   'null': 'bold',
diff --git a/node.gyp b/node.gyp
index 7da486ff6d8c7b..1f47e88a3132fe 100644
--- a/node.gyp
+++ b/node.gyp
@@ -359,9 +359,10 @@
         'src/node_internals.h',
         'src/node_javascript.h',
         'src/node_mutex.h',
-        'src/node_platform.h',
         'src/node_perf.h',
         'src/node_perf_common.h',
+        'src/node_persistent.h',
+        'src/node_platform.h',
         'src/node_root_certs.h',
         'src/node_version.h',
         'src/node_watchdog.h',
diff --git a/src/async_wrap.cc b/src/async_wrap.cc
index 93bd3d4864fd5d..cd9f26d7782d46 100644
--- a/src/async_wrap.cc
+++ b/src/async_wrap.cc
@@ -410,8 +410,8 @@ static void DisablePromiseHook(const FunctionCallbackInfo<Value>& args) {
 class DestroyParam {
  public:
   double asyncId;
-  v8::Persistent<Object> target;
-  v8::Persistent<Object> propBag;
+  Persistent<Object> target;
+  Persistent<Object> propBag;
 };
 
 
@@ -426,8 +426,6 @@ void AsyncWrap::WeakCallback(const v8::WeakCallbackInfo<DestroyParam>& info) {
   if (val->IsFalse()) {
     AsyncWrap::EmitDestroy(env, p->asyncId);
   }
-  p->target.Reset();
-  p->propBag.Reset();
   delete p;
 }
 
diff --git a/src/base_object-inl.h b/src/base_object-inl.h
index 900fc2b3edb9ca..51ef46599667df 100644
--- a/src/base_object-inl.h
+++ b/src/base_object-inl.h
@@ -42,12 +42,7 @@ inline BaseObject::BaseObject(Environment* env, v8::Local<v8::Object> handle)
 }
 
 
-inline BaseObject::~BaseObject() {
-  CHECK(persistent_handle_.IsEmpty());
-}
-
-
-inline v8::Persistent<v8::Object>& BaseObject::persistent() {
+inline Persistent<v8::Object>& BaseObject::persistent() {
   return persistent_handle_;
 }
 
@@ -65,8 +60,7 @@ inline Environment* BaseObject::env() const {
 template <typename Type>
 inline void BaseObject::WeakCallback(
     const v8::WeakCallbackInfo<Type>& data) {
-  std::unique_ptr<Type> self(data.GetParameter());
-  self->persistent().Reset();
+  delete data.GetParameter();
 }
 
 
diff --git a/src/base_object.h b/src/base_object.h
index 965683d029e43e..478499bbfeb5b2 100644
--- a/src/base_object.h
+++ b/src/base_object.h
@@ -24,6 +24,7 @@
 
 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 
+#include "node_persistent.h"
 #include "v8.h"
 
 namespace node {
@@ -33,18 +34,13 @@ class Environment;
 class BaseObject {
  public:
   inline BaseObject(Environment* env, v8::Local<v8::Object> handle);
-  inline virtual ~BaseObject();
+  virtual ~BaseObject() = default;
 
   // Returns the wrapped object.  Returns an empty handle when
   // persistent.IsEmpty() is true.
   inline v8::Local<v8::Object> object();
 
-  // The parent class is responsible for calling .Reset() on destruction
-  // when the persistent handle is strong because there is no way for
-  // BaseObject to know when the handle goes out of scope.
-  // Weak handles have been reset by the time the destructor runs but
-  // calling .Reset() again is harmless.
-  inline v8::Persistent<v8::Object>& persistent();
+  inline Persistent<v8::Object>& persistent();
 
   inline Environment* env() const;
 
@@ -71,7 +67,7 @@ class BaseObject {
   // position of members in memory are predictable. For more information please
   // refer to `doc/guides/node-postmortem-support.md`
   friend int GenDebugSymbols();
-  v8::Persistent<v8::Object> persistent_handle_;
+  Persistent<v8::Object> persistent_handle_;
   Environment* env_;
 };
 
diff --git a/src/cares_wrap.cc b/src/cares_wrap.cc
index 165a8cda20618b..b8da20346692c3 100644
--- a/src/cares_wrap.cc
+++ b/src/cares_wrap.cc
@@ -598,7 +598,6 @@ class QueryWrap : public AsyncWrap {
   ~QueryWrap() override {
     CHECK_EQ(false, persistent().IsEmpty());
     ClearWrap(object());
-    persistent().Reset();
   }
 
   // Subclasses should implement the appropriate Send method.
diff --git a/src/env-inl.h b/src/env-inl.h
index 0a2adae2bb0ade..f647f428c324ff 100644
--- a/src/env-inl.h
+++ b/src/env-inl.h
@@ -357,9 +357,6 @@ inline Environment::~Environment() {
 
   context()->SetAlignedPointerInEmbedderData(kContextEmbedderDataIndex,
                                              nullptr);
-#define V(PropertyName, TypeName) PropertyName ## _.Reset();
-  ENVIRONMENT_STRONG_PERSISTENT_PROPERTIES(V)
-#undef V
 
   delete[] heap_statistics_buffer_;
   delete[] heap_space_statistics_buffer_;
@@ -541,8 +538,8 @@ void Environment::CreateImmediate(native_immediate_callback cb,
   native_immediate_callbacks_.push_back({
     cb,
     data,
-    std::unique_ptr<v8::Persistent<v8::Object>>(obj.IsEmpty() ?
-        nullptr : new v8::Persistent<v8::Object>(isolate_, obj)),
+    std::unique_ptr<Persistent<v8::Object>>(obj.IsEmpty() ?
+        nullptr : new Persistent<v8::Object>(isolate_, obj)),
     ref
   });
   immediate_info()->count_inc(1);
diff --git a/src/env.cc b/src/env.cc
index ca023125c2627c..455f5980731f3f 100644
--- a/src/env.cc
+++ b/src/env.cc
@@ -296,13 +296,24 @@ void Environment::RunAndClearNativeImmediates() {
     size_t ref_count = 0;
     std::vector<NativeImmediateCallback> list;
     native_immediate_callbacks_.swap(list);
-    for (const auto& cb : list) {
-      cb.cb_(this, cb.data_);
-      if (cb.keep_alive_)
-        cb.keep_alive_->Reset();
-      if (cb.refed_)
-        ref_count++;
-    }
+    auto drain_list = [&]() {
+      v8::TryCatch try_catch(isolate());
+      for (auto it = list.begin(); it != list.end(); ++it) {
+        it->cb_(this, it->data_);
+        if (it->refed_)
+          ref_count++;
+        if (UNLIKELY(try_catch.HasCaught())) {
+          FatalException(isolate(), try_catch);
+          // Bail out, remove the already executed callbacks from list
+          // and set up a new TryCatch for the other pending callbacks.
+          std::move_backward(it, list.end(), list.begin() + (list.end() - it));
+          list.resize(list.end() - it);
+          return true;
+        }
+      }
+      return false;
+    };
+    while (drain_list()) {}
 
 #ifdef DEBUG
     CHECK_GE(immediate_info()->count(), count);
diff --git a/src/env.h b/src/env.h
index 86612bf354d2b3..b08b767cb7cba1 100644
--- a/src/env.h
+++ b/src/env.h
@@ -800,7 +800,7 @@ class Environment {
   struct NativeImmediateCallback {
     native_immediate_callback cb_;
     void* data_;
-    std::unique_ptr<v8::Persistent<v8::Object>> keep_alive_;
+    std::unique_ptr<Persistent<v8::Object>> keep_alive_;
     bool refed_;
   };
   std::vector<NativeImmediateCallback> native_immediate_callbacks_;
@@ -811,8 +811,7 @@ class Environment {
                              v8::Local<v8::Promise> promise,
                              v8::Local<v8::Value> parent);
 
-#define V(PropertyName, TypeName)                                             \
-  v8::Persistent<TypeName> PropertyName ## _;
+#define V(PropertyName, TypeName) Persistent<TypeName> PropertyName ## _;
   ENVIRONMENT_STRONG_PERSISTENT_PROPERTIES(V)
 #undef V
 
diff --git a/src/handle_wrap.cc b/src/handle_wrap.cc
index 7dcafa2ce6e842..a3b0209eb3121f 100644
--- a/src/handle_wrap.cc
+++ b/src/handle_wrap.cc
@@ -98,11 +98,6 @@ HandleWrap::HandleWrap(Environment* env,
 }
 
 
-HandleWrap::~HandleWrap() {
-  CHECK(persistent().IsEmpty());
-}
-
-
 void HandleWrap::OnClose(uv_handle_t* handle) {
   HandleWrap* wrap = static_cast<HandleWrap*>(handle->data);
   Environment* env = wrap->env();
@@ -120,7 +115,6 @@ void HandleWrap::OnClose(uv_handle_t* handle) {
     wrap->MakeCallback(env->onclose_string(), 0, nullptr);
 
   ClearWrap(wrap->object());
-  wrap->persistent().Reset();
   delete wrap;
 }
 
diff --git a/src/handle_wrap.h b/src/handle_wrap.h
index 19fd36891a2fed..e7a335f5140253 100644
--- a/src/handle_wrap.h
+++ b/src/handle_wrap.h
@@ -75,7 +75,6 @@ class HandleWrap : public AsyncWrap {
              v8::Local<v8::Object> object,
              uv_handle_t* handle,
              AsyncWrap::ProviderType provider);
-  ~HandleWrap() override;
 
  private:
   friend class Environment;
diff --git a/src/inspector_agent.cc b/src/inspector_agent.cc
index 7ba1a144711524..e143d316d2e6fa 100644
--- a/src/inspector_agent.cc
+++ b/src/inspector_agent.cc
@@ -30,7 +30,6 @@ using v8::HandleScope;
 using v8::Isolate;
 using v8::Local;
 using v8::Object;
-using v8::Persistent;
 using v8::String;
 using v8::Value;
 
diff --git a/src/inspector_agent.h b/src/inspector_agent.h
index 0555f5e18c2129..56fb407930fac5 100644
--- a/src/inspector_agent.h
+++ b/src/inspector_agent.h
@@ -97,7 +97,7 @@ class Agent {
 
  private:
   void ToggleAsyncHook(v8::Isolate* isolate,
-                       const v8::Persistent<v8::Function>& fn);
+                       const Persistent<v8::Function>& fn);
 
   node::Environment* parent_env_;
   std::unique_ptr<NodeInspectorClient> client_;
@@ -109,8 +109,8 @@ class Agent {
 
   bool pending_enable_async_hook_;
   bool pending_disable_async_hook_;
-  v8::Persistent<v8::Function> enable_async_hook_function_;
-  v8::Persistent<v8::Function> disable_async_hook_function_;
+  Persistent<v8::Function> enable_async_hook_function_;
+  Persistent<v8::Function> disable_async_hook_function_;
 };
 
 }  // namespace inspector
diff --git a/src/inspector_js_api.cc b/src/inspector_js_api.cc
index 428d8391f2581a..1cced9420aea6c 100644
--- a/src/inspector_js_api.cc
+++ b/src/inspector_js_api.cc
@@ -19,7 +19,6 @@ using v8::Local;
 using v8::MaybeLocal;
 using v8::NewStringType;
 using v8::Object;
-using v8::Persistent;
 using v8::String;
 using v8::Value;
 
@@ -85,10 +84,6 @@ class JSBindingsConnection : public AsyncWrap {
     inspector->Connect(&delegate_);
   }
 
-  ~JSBindingsConnection() override {
-    callback_.Reset();
-  }
-
   void OnMessage(Local<Value> value) {
     MakeCallback(callback_.Get(env()->isolate()), 1, &value);
   }
@@ -112,7 +107,6 @@ class JSBindingsConnection : public AsyncWrap {
     delegate_.Disconnect();
     if (!persistent().IsEmpty()) {
       ClearWrap(object());
-      persistent().Reset();
     }
     delete this;
   }
diff --git a/src/module_wrap.cc b/src/module_wrap.cc
index 24e73cc3e101c6..6393b4600940a9 100644
--- a/src/module_wrap.cc
+++ b/src/module_wrap.cc
@@ -59,9 +59,6 @@ ModuleWrap::~ModuleWrap() {
       break;
     }
   }
-
-  module_.Reset();
-  context_.Reset();
 }
 
 void ModuleWrap::New(const FunctionCallbackInfo<Value>& args) {
@@ -215,8 +212,6 @@ void ModuleWrap::Instantiate(const FunctionCallbackInfo<Value>& args) {
       module->InstantiateModule(context, ModuleWrap::ResolveCallback);
 
   // clear resolve cache on instantiate
-  for (auto& entry : obj->resolve_cache_)
-    entry.second.Reset();
   obj->resolve_cache_.clear();
 
   if (!ok.FromMaybe(false)) {
diff --git a/src/module_wrap.h b/src/module_wrap.h
index bedf665165c8f6..04f27decc2aeb4 100644
--- a/src/module_wrap.h
+++ b/src/module_wrap.h
@@ -49,11 +49,11 @@ class ModuleWrap : public BaseObject {
       v8::Local<v8::String> specifier,
       v8::Local<v8::Module> referrer);
 
-  v8::Persistent<v8::Module> module_;
-  v8::Persistent<v8::String> url_;
+  Persistent<v8::Module> module_;
+  Persistent<v8::String> url_;
   bool linked_ = false;
-  std::unordered_map<std::string, v8::Persistent<v8::Promise>> resolve_cache_;
-  v8::Persistent<v8::Context> context_;
+  std::unordered_map<std::string, Persistent<v8::Promise>> resolve_cache_;
+  Persistent<v8::Context> context_;
 };
 
 }  // namespace loader
diff --git a/src/node.cc b/src/node.cc
index 0e862e8d2c4dbc..35a1d5cb598d5b 100644
--- a/src/node.cc
+++ b/src/node.cc
@@ -2472,46 +2472,82 @@ node_module* get_linked_module(const char* name) {
 }
 
 struct DLib {
-  std::string filename_;
+#ifdef __POSIX__
+  static const int kDefaultFlags = RTLD_LAZY;
+#else
+  static const int kDefaultFlags = 0;
+#endif
+
+  inline DLib(const char* filename, int flags)
+      : filename_(filename), flags_(flags), handle_(nullptr) {}
+
+  inline bool Open();
+  inline void Close();
+  inline void* GetSymbolAddress(const char* name);
+
+  const std::string filename_;
+  const int flags_;
   std::string errmsg_;
   void* handle_;
-  int flags_;
+#ifndef __POSIX__
+  uv_lib_t lib_;
+#endif
+
+  DISALLOW_COPY_AND_ASSIGN(DLib);
+};
+
 
 #ifdef __POSIX__
-  static const int kDefaultFlags = RTLD_LAZY;
+bool DLib::Open() {
+  handle_ = dlopen(filename_.c_str(), flags_);
+  if (handle_ != nullptr)
+    return true;
+  errmsg_ = dlerror();
+  return false;
+}
 
-  bool Open() {
-    handle_ = dlopen(filename_.c_str(), flags_);
-    if (handle_ != nullptr)
-      return true;
-    errmsg_ = dlerror();
-    return false;
-  }
+void DLib::Close() {
+  if (handle_ == nullptr) return;
+  dlclose(handle_);
+  handle_ = nullptr;
+}
 
-  void Close() {
-    if (handle_ != nullptr)
-      dlclose(handle_);
-  }
+void* DLib::GetSymbolAddress(const char* name) {
+  return dlsym(handle_, name);
+}
 #else  // !__POSIX__
-  static const int kDefaultFlags = 0;
-  uv_lib_t lib_;
-
-  bool Open() {
-    int ret = uv_dlopen(filename_.c_str(), &lib_);
-    if (ret == 0) {
-      handle_ = static_cast<void*>(lib_.handle);
-      return true;
-    }
-    errmsg_ = uv_dlerror(&lib_);
-    uv_dlclose(&lib_);
-    return false;
+bool DLib::Open() {
+  int ret = uv_dlopen(filename_.c_str(), &lib_);
+  if (ret == 0) {
+    handle_ = static_cast<void*>(lib_.handle);
+    return true;
   }
+  errmsg_ = uv_dlerror(&lib_);
+  uv_dlclose(&lib_);
+  return false;
+}
 
-  void Close() {
-    uv_dlclose(&lib_);
-  }
+void DLib::Close() {
+  if (handle_ == nullptr) return;
+  uv_dlclose(&lib_);
+  handle_ = nullptr;
+}
+
+void* DLib::GetSymbolAddress(const char* name) {
+  void* address;
+  if (0 == uv_dlsym(&lib_, name, &address)) return address;
+  return nullptr;
+}
 #endif  // !__POSIX__
-};
+
+using InitializerCallback = void (*)(Local<Object> exports,
+                                     Local<Value> module,
+                                     Local<Context> context);
+
+inline InitializerCallback GetInitializerCallback(DLib* dlib) {
+  const char* name = "node_register_module_v" STRINGIFY(NODE_MODULE_VERSION);
+  return reinterpret_cast<InitializerCallback>(dlib->GetSymbolAddress(name));
+}
 
 // DLOpen is process.dlopen(module, filename, flags).
 // Used to load 'module.node' dynamically shared objects.
@@ -2521,6 +2557,7 @@ struct DLib {
 // cache that's a plain C list or hash table that's shared across contexts?
 static void DLOpen(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
+  auto context = env->context();
 
   CHECK_EQ(modpending, nullptr);
 
@@ -2530,16 +2567,21 @@ static void DLOpen(const FunctionCallbackInfo<Value>& args) {
   }
 
   int32_t flags = DLib::kDefaultFlags;
-  if (args.Length() > 2 && !args[2]->Int32Value(env->context()).To(&flags)) {
+  if (args.Length() > 2 && !args[2]->Int32Value(context).To(&flags)) {
     return env->ThrowTypeError("flag argument must be an integer.");
   }
 
-  Local<Object> module =
-      args[0]->ToObject(env->context()).ToLocalChecked();  // Cast
+  Local<Object> module;
+  Local<Object> exports;
+  Local<Value> exports_v;
+  if (!args[0]->ToObject(context).ToLocal(&module) ||
+      !module->Get(context, env->exports_string()).ToLocal(&exports_v) ||
+      !exports_v->ToObject(context).ToLocal(&exports)) {
+    return;  // Exception pending.
+  }
+
   node::Utf8Value filename(env->isolate(), args[1]);  // Cast
-  DLib dlib;
-  dlib.filename_ = *filename;
-  dlib.flags_ = flags;
+  DLib dlib(*filename, flags);
   bool is_opened = dlib.Open();
 
   // Objects containing v14 or later modules will have registered themselves
@@ -2554,17 +2596,22 @@ static void DLOpen(const FunctionCallbackInfo<Value>& args) {
 #ifdef _WIN32
     // Windows needs to add the filename into the error message
     errmsg = String::Concat(errmsg,
-                            args[1]->ToString(env->context()).ToLocalChecked());
+                            args[1]->ToString(context).ToLocalChecked());
 #endif  // _WIN32
     env->isolate()->ThrowException(Exception::Error(errmsg));
     return;
   }
 
   if (mp == nullptr) {
-    dlib.Close();
-    env->ThrowError("Module did not self-register.");
+    if (auto callback = GetInitializerCallback(&dlib)) {
+      callback(exports, module, context);
+    } else {
+      dlib.Close();
+      env->ThrowError("Module did not self-register.");
+    }
     return;
   }
+
   if (mp->nm_version == -1) {
     if (env->EmitNapiWarning()) {
       if (ProcessEmitWarning(env, "N-API is an experimental feature and could "
@@ -2601,22 +2648,8 @@ static void DLOpen(const FunctionCallbackInfo<Value>& args) {
   mp->nm_link = modlist_addon;
   modlist_addon = mp;
 
-  Local<String> exports_string = env->exports_string();
-  MaybeLocal<Value> maybe_exports =
-      module->Get(env->context(), exports_string);
-
-  if (maybe_exports.IsEmpty() ||
-      maybe_exports.ToLocalChecked()->ToObject(env->context()).IsEmpty()) {
-    dlib.Close();
-    return;
-  }
-
-  Local<Object> exports =
-      maybe_exports.ToLocalChecked()->ToObject(env->context())
-          .FromMaybe(Local<Object>());
-
   if (mp->nm_context_register_func != nullptr) {
-    mp->nm_context_register_func(exports, module, env->context(), mp->nm_priv);
+    mp->nm_context_register_func(exports, module, context, mp->nm_priv);
   } else if (mp->nm_register_func != nullptr) {
     mp->nm_register_func(exports, module, mp->nm_priv);
   } else {
diff --git a/src/node.h b/src/node.h
index 89dbdfc727b0c5..44d9ca9c77c18b 100644
--- a/src/node.h
+++ b/src/node.h
@@ -532,6 +532,9 @@ extern "C" NODE_EXTERN void node_module_register(void* mod);
     }                                                                 \
   }
 
+// Usage: `NODE_MODULE(NODE_GYP_MODULE_NAME, InitializerFunction)`
+// If no NODE_MODULE is declared, Node.js looks for the well-known
+// symbol `node_register_module_v${NODE_MODULE_VERSION}`.
 #define NODE_MODULE(modname, regfunc)                                 \
   NODE_MODULE_X(modname, regfunc, NULL, 0)  // NOLINT (readability/null_usage)
 
diff --git a/src/node_api.cc b/src/node_api.cc
index 2c5f3066f728b1..63ce1d8e86955e 100644
--- a/src/node_api.cc
+++ b/src/node_api.cc
@@ -31,17 +31,11 @@ struct napi_env__ {
       : isolate(_isolate),
         last_error(),
         loop(_loop) {}
-  ~napi_env__() {
-    last_exception.Reset();
-    wrap_template.Reset();
-    function_data_template.Reset();
-    accessor_data_template.Reset();
-  }
   v8::Isolate* isolate;
-  v8::Persistent<v8::Value> last_exception;
-  v8::Persistent<v8::ObjectTemplate> wrap_template;
-  v8::Persistent<v8::ObjectTemplate> function_data_template;
-  v8::Persistent<v8::ObjectTemplate> accessor_data_template;
+  node::Persistent<v8::Value> last_exception;
+  node::Persistent<v8::ObjectTemplate> wrap_template;
+  node::Persistent<v8::ObjectTemplate> function_data_template;
+  node::Persistent<v8::ObjectTemplate> accessor_data_template;
   napi_extended_error_info last_error;
   int open_handle_scopes = 0;
   int open_callback_scopes = 0;
@@ -274,13 +268,13 @@ static_assert(sizeof(v8::Local<v8::Value>) == sizeof(napi_value),
   "Cannot convert between v8::Local<v8::Value> and napi_value");
 
 static
-napi_deferred JsDeferredFromV8Persistent(v8::Persistent<v8::Value>* local) {
+napi_deferred JsDeferredFromNodePersistent(node::Persistent<v8::Value>* local) {
   return reinterpret_cast<napi_deferred>(local);
 }
 
 static
-v8::Persistent<v8::Value>* V8PersistentFromJsDeferred(napi_deferred local) {
-  return reinterpret_cast<v8::Persistent<v8::Value>*>(local);
+node::Persistent<v8::Value>* NodePersistentFromJsDeferred(napi_deferred local) {
+  return reinterpret_cast<node::Persistent<v8::Value>*>(local);
 }
 
 static
@@ -360,7 +354,7 @@ class Finalizer {
   void* _finalize_hint;
 };
 
-// Wrapper around v8::Persistent that implements reference counting.
+// Wrapper around node::Persistent that implements reference counting.
 class Reference : private Finalizer {
  private:
   Reference(napi_env env,
@@ -381,16 +375,6 @@ class Reference : private Finalizer {
     }
   }
 
-  ~Reference() {
-    // The V8 Persistent class currently does not reset in its destructor:
-    // see NonCopyablePersistentTraits::kResetInDestructor = false.
-    // (Comments there claim that might change in the future.)
-    // To avoid memory leaks, it is better to reset at this time, however
-    // care must be taken to avoid attempting this after the Isolate has
-    // shut down, for example via a static (atexit) destructor.
-    _persistent.Reset();
-  }
-
  public:
   void* Data() {
     return _finalize_data;
@@ -470,7 +454,7 @@ class Reference : private Finalizer {
     }
   }
 
-  v8::Persistent<v8::Value> _persistent;
+  node::Persistent<v8::Value> _persistent;
   uint32_t _refcount;
   bool _delete_self;
 };
@@ -846,8 +830,8 @@ napi_status ConcludeDeferred(napi_env env,
   CHECK_ARG(env, result);
 
   v8::Local<v8::Context> context = env->isolate->GetCurrentContext();
-  v8::Persistent<v8::Value>* deferred_ref =
-      V8PersistentFromJsDeferred(deferred);
+  node::Persistent<v8::Value>* deferred_ref =
+      NodePersistentFromJsDeferred(deferred);
   v8::Local<v8::Value> v8_deferred =
       v8::Local<v8::Value>::New(env->isolate, *deferred_ref);
 
@@ -857,7 +841,6 @@ napi_status ConcludeDeferred(napi_env env,
       v8_resolver->Resolve(context, v8impl::V8LocalValueFromJsValue(result)) :
       v8_resolver->Reject(context, v8impl::V8LocalValueFromJsValue(result));
 
-  deferred_ref->Reset();
   delete deferred_ref;
 
   RETURN_STATUS_IF_FALSE(env, success.FromMaybe(false), napi_generic_failure);
@@ -3493,10 +3476,10 @@ napi_status napi_create_promise(napi_env env,
   CHECK_MAYBE_EMPTY(env, maybe, napi_generic_failure);
 
   auto v8_resolver = maybe.ToLocalChecked();
-  auto v8_deferred = new v8::Persistent<v8::Value>();
+  auto v8_deferred = new node::Persistent<v8::Value>();
   v8_deferred->Reset(env->isolate, v8_resolver);
 
-  *deferred = v8impl::JsDeferredFromV8Persistent(v8_deferred);
+  *deferred = v8impl::JsDeferredFromNodePersistent(v8_deferred);
   *promise = v8impl::JsValueFromV8LocalValue(v8_resolver->GetPromise());
   return GET_RETURN_STATUS(env);
 }
diff --git a/src/node_buffer.cc b/src/node_buffer.cc
index dff9d3c0995e02..f9a807602f612c 100644
--- a/src/node_buffer.cc
+++ b/src/node_buffer.cc
@@ -78,7 +78,6 @@ using v8::Local;
 using v8::Maybe;
 using v8::MaybeLocal;
 using v8::Object;
-using v8::Persistent;
 using v8::String;
 using v8::Uint32Array;
 using v8::Uint8Array;
@@ -103,7 +102,6 @@ class CallbackInfo {
                       FreeCallback callback,
                       char* data,
                       void* hint);
-  ~CallbackInfo();
   Persistent<ArrayBuffer> persistent_;
   FreeCallback const callback_;
   char* const data_;
@@ -147,11 +145,6 @@ CallbackInfo::CallbackInfo(Isolate* isolate,
 }
 
 
-CallbackInfo::~CallbackInfo() {
-  persistent_.Reset();
-}
-
-
 void CallbackInfo::WeakCallback(
     const WeakCallbackInfo<CallbackInfo>& data) {
   CallbackInfo* self = data.GetParameter();
diff --git a/src/node_contextify.cc b/src/node_contextify.cc
index aac72514575695..f49a2362769bc2 100644
--- a/src/node_contextify.cc
+++ b/src/node_contextify.cc
@@ -50,7 +50,6 @@ using v8::NamedPropertyHandlerConfiguration;
 using v8::Nothing;
 using v8::Object;
 using v8::ObjectTemplate;
-using v8::Persistent;
 using v8::PropertyAttribute;
 using v8::PropertyCallbackInfo;
 using v8::PropertyDescriptor;
@@ -110,11 +109,6 @@ ContextifyContext::ContextifyContext(
 }
 
 
-ContextifyContext::~ContextifyContext() {
-  context_.Reset();
-}
-
-
 // This is an object that just keeps an internal pointer to this
 // ContextifyContext.  It's passed to the NamedPropertyHandler.  If we
 // pass the main JavaScript context object we're embedded in, then the
@@ -1158,11 +1152,6 @@ class ContextifyScript : public BaseObject {
       : BaseObject(env, object) {
     MakeWeak<ContextifyScript>(this);
   }
-
-
-  ~ContextifyScript() override {
-    script_.Reset();
-  }
 };
 
 
diff --git a/src/node_contextify.h b/src/node_contextify.h
index c2b5b4dd9c93aa..e6b7e0a9e080f2 100644
--- a/src/node_contextify.h
+++ b/src/node_contextify.h
@@ -15,13 +15,12 @@ class ContextifyContext {
   enum { kSandboxObjectIndex = 1 };
 
   Environment* const env_;
-  v8::Persistent<v8::Context> context_;
+  Persistent<v8::Context> context_;
 
  public:
   ContextifyContext(Environment* env,
                     v8::Local<v8::Object> sandbox_obj,
                     v8::Local<v8::Object> options_obj);
-  ~ContextifyContext();
 
   v8::Local<v8::Value> CreateDataWrapper(Environment* env);
   v8::Local<v8::Context> CreateV8Context(Environment* env,
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index eb62fc1bcdc315..3e630926b5547a 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -43,12 +43,14 @@
 // StartComAndWoSignData.inc
 #include "StartComAndWoSignData.inc"
 
-#include <algorithm>
 #include <errno.h>
 #include <limits.h>  // INT_MAX
 #include <math.h>
 #include <stdlib.h>
 #include <string.h>
+
+#include <algorithm>
+#include <memory>
 #include <vector>
 
 #define THROW_AND_RETURN_IF_NOT_STRING_OR_BUFFER(val, prefix)                  \
@@ -107,7 +109,6 @@ using v8::MaybeLocal;
 using v8::Null;
 using v8::Object;
 using v8::ObjectTemplate;
-using v8::Persistent;
 using v8::PropertyAttribute;
 using v8::ReadOnly;
 using v8::Signature;
@@ -115,6 +116,12 @@ using v8::String;
 using v8::Value;
 
 
+struct StackOfX509Deleter {
+  void operator()(STACK_OF(X509)* p) const { sk_X509_pop_free(p, X509_free); }
+};
+
+using StackOfX509 = std::unique_ptr<STACK_OF(X509), StackOfX509Deleter>;
+
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 static void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e,
                          const BIGNUM** d) {
@@ -839,17 +846,15 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx,
   int ret = 0;
   unsigned long err = 0;  // NOLINT(runtime/int)
 
-  // Read extra certs
-  STACK_OF(X509)* extra_certs = sk_X509_new_null();
-  if (extra_certs == nullptr) {
+  StackOfX509 extra_certs(sk_X509_new_null());
+  if (!extra_certs)
     goto done;
-  }
 
   while ((extra = PEM_read_bio_X509(in,
                                     nullptr,
                                     NoPasswordCallback,
                                     nullptr))) {
-    if (sk_X509_push(extra_certs, extra))
+    if (sk_X509_push(extra_certs.get(), extra))
       continue;
 
     // Failure, free all certs
@@ -867,13 +872,11 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx,
     goto done;
   }
 
-  ret = SSL_CTX_use_certificate_chain(ctx, x, extra_certs, cert, issuer);
+  ret = SSL_CTX_use_certificate_chain(ctx, x, extra_certs.get(), cert, issuer);
   if (!ret)
     goto done;
 
  done:
-  if (extra_certs != nullptr)
-    sk_X509_pop_free(extra_certs, X509_free);
   if (extra != nullptr)
     X509_free(extra);
   if (x != nullptr)
@@ -2002,109 +2005,128 @@ static Local<Object> X509ToObject(Environment* env, X509* cert) {
 }
 
 
-// TODO(indutny): Split it into multiple smaller functions
+static Local<Object> AddIssuerChainToObject(X509** cert,
+                                            Local<Object> object,
+                                            StackOfX509 peer_certs,
+                                            Environment* const env) {
+  Local<Context> context = env->isolate()->GetCurrentContext();
+  *cert = sk_X509_delete(peer_certs.get(), 0);
+  for (;;) {
+    int i;
+    for (i = 0; i < sk_X509_num(peer_certs.get()); i++) {
+      X509* ca = sk_X509_value(peer_certs.get(), i);
+      if (X509_check_issued(ca, *cert) != X509_V_OK)
+        continue;
+
+      Local<Object> ca_info = X509ToObject(env, ca);
+      object->Set(context, env->issuercert_string(), ca_info).FromJust();
+      object = ca_info;
+
+      // NOTE: Intentionally freeing cert that is not used anymore.
+      X509_free(*cert);
+
+      // Delete cert and continue aggregating issuers.
+      *cert = sk_X509_delete(peer_certs.get(), i);
+      break;
+    }
+
+    // Issuer not found, break out of the loop.
+    if (i == sk_X509_num(peer_certs.get()))
+      break;
+  }
+  return object;
+}
+
+
+static StackOfX509 CloneSSLCerts(X509** cert,
+                                 const STACK_OF(X509)* const ssl_certs) {
+  StackOfX509 peer_certs(sk_X509_new(nullptr));
+  if (*cert != nullptr)
+    sk_X509_push(peer_certs.get(), *cert);
+  for (int i = 0; i < sk_X509_num(ssl_certs); i++) {
+    *cert = X509_dup(sk_X509_value(ssl_certs, i));
+    if (*cert == nullptr)
+      return StackOfX509();
+    if (!sk_X509_push(peer_certs.get(), *cert))
+      return StackOfX509();
+  }
+  return peer_certs;
+}
+
+
+static Local<Object> GetLastIssuedCert(X509** cert,
+                                       const SSL* const ssl,
+                                       Local<Object> issuer_chain,
+                                       Environment* const env) {
+  Local<Context> context = env->isolate()->GetCurrentContext();
+  while (X509_check_issued(*cert, *cert) != X509_V_OK) {
+    X509* ca;
+    if (SSL_CTX_get_issuer(SSL_get_SSL_CTX(ssl), *cert, &ca) <= 0)
+      break;
+
+    Local<Object> ca_info = X509ToObject(env, ca);
+    issuer_chain->Set(context, env->issuercert_string(), ca_info).FromJust();
+    issuer_chain = ca_info;
+
+    // NOTE: Intentionally freeing cert that is not used anymore.
+    X509_free(*cert);
+
+    // Delete cert and continue aggregating issuers.
+    *cert = ca;
+  }
+  return issuer_chain;
+}
+
+
 template <class Base>
 void SSLWrap<Base>::GetPeerCertificate(
     const FunctionCallbackInfo<Value>& args) {
   Base* w;
   ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
   Environment* env = w->ssl_env();
-  Local<Context> context = env->context();
 
   ClearErrorOnReturn clear_error_on_return;
 
   Local<Object> result;
-  Local<Object> info;
+  // Used to build the issuer certificate chain.
+  Local<Object> issuer_chain;
 
   // NOTE: This is because of the odd OpenSSL behavior. On client `cert_chain`
-  // contains the `peer_certificate`, but on server it doesn't
+  // contains the `peer_certificate`, but on server it doesn't.
   X509* cert = w->is_server() ? SSL_get_peer_certificate(w->ssl_) : nullptr;
   STACK_OF(X509)* ssl_certs = SSL_get_peer_cert_chain(w->ssl_);
-  STACK_OF(X509)* peer_certs = nullptr;
-  if (cert == nullptr && ssl_certs == nullptr)
-    goto done;
-
-  if (cert == nullptr && sk_X509_num(ssl_certs) == 0)
+  if (cert == nullptr && (ssl_certs == nullptr || sk_X509_num(ssl_certs) == 0))
     goto done;
 
-  // Short result requested
+  // Short result requested.
   if (args.Length() < 1 || !args[0]->IsTrue()) {
-    result = X509ToObject(env,
-                          cert == nullptr ? sk_X509_value(ssl_certs, 0) : cert);
+    X509* target_cert = cert;
+    if (target_cert == nullptr)
+      target_cert = sk_X509_value(ssl_certs, 0);
+    result = X509ToObject(env, target_cert);
     goto done;
   }
 
-  // Clone `ssl_certs`, because we are going to destruct it
-  peer_certs = sk_X509_new(nullptr);
-  if (cert != nullptr)
-    sk_X509_push(peer_certs, cert);
-  for (int i = 0; i < sk_X509_num(ssl_certs); i++) {
-    cert = X509_dup(sk_X509_value(ssl_certs, i));
-    if (cert == nullptr)
-      goto done;
-    if (!sk_X509_push(peer_certs, cert))
-      goto done;
-  }
-
-  // First and main certificate
-  cert = sk_X509_value(peer_certs, 0);
-  result = X509ToObject(env, cert);
-  info = result;
-
-  // Put issuer inside the object
-  cert = sk_X509_delete(peer_certs, 0);
-  while (sk_X509_num(peer_certs) > 0) {
-    int i;
-    for (i = 0; i < sk_X509_num(peer_certs); i++) {
-      X509* ca = sk_X509_value(peer_certs, i);
-      if (X509_check_issued(ca, cert) != X509_V_OK)
-        continue;
-
-      Local<Object> ca_info = X509ToObject(env, ca);
-      info->Set(context, env->issuercert_string(), ca_info).FromJust();
-      info = ca_info;
-
-      // NOTE: Intentionally freeing cert that is not used anymore
-      X509_free(cert);
-
-      // Delete cert and continue aggregating issuers
-      cert = sk_X509_delete(peer_certs, i);
-      break;
-    }
-
-    // Issuer not found, break out of the loop
-    if (i == sk_X509_num(peer_certs))
-      break;
-  }
-
-  // Last certificate should be self-signed
-  while (X509_check_issued(cert, cert) != X509_V_OK) {
-    X509* ca;
-    if (SSL_CTX_get_issuer(SSL_get_SSL_CTX(w->ssl_), cert, &ca) <= 0)
-      break;
-
-    Local<Object> ca_info = X509ToObject(env, ca);
-    info->Set(context, env->issuercert_string(), ca_info).FromJust();
-    info = ca_info;
+  if (auto peer_certs = CloneSSLCerts(&cert, ssl_certs)) {
+    // First and main certificate.
+    cert = sk_X509_value(peer_certs.get(), 0);
+    result = X509ToObject(env, cert);
 
-    // NOTE: Intentionally freeing cert that is not used anymore
-    X509_free(cert);
+    issuer_chain =
+        AddIssuerChainToObject(&cert, result, std::move(peer_certs), env);
+    issuer_chain = GetLastIssuedCert(&cert, w->ssl_, issuer_chain, env);
+    // Last certificate should be self-signed.
+    if (X509_check_issued(cert, cert) == X509_V_OK)
+      issuer_chain->Set(env->context(),
+                        env->issuercert_string(),
+                        issuer_chain).FromJust();
 
-    // Delete cert and continue aggregating issuers
-    cert = ca;
+    CHECK_NE(cert, nullptr);
   }
 
-  // Self-issued certificate
-  if (X509_check_issued(cert, cert) == X509_V_OK)
-    info->Set(context, env->issuercert_string(), info).FromJust();
-
-  CHECK_NE(cert, nullptr);
-
  done:
   if (cert != nullptr)
     X509_free(cert);
-  if (peer_certs != nullptr)
-    sk_X509_pop_free(peer_certs, X509_free);
   if (result.IsEmpty())
     result = Object::New(env->isolate());
   args.GetReturnValue().Set(result);
@@ -2804,7 +2826,6 @@ void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) {
   if (cons->HasInstance(ctx)) {
     SecureContext* sc;
     ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>());
-    w->sni_context_.Reset();
     w->sni_context_.Reset(env->isolate(), ctx);
 
     int rv;
@@ -3156,25 +3177,23 @@ inline CheckResult CheckWhitelistedServerCert(X509_STORE_CTX* ctx) {
   unsigned char hash[CNNIC_WHITELIST_HASH_LEN];
   unsigned int hashlen = CNNIC_WHITELIST_HASH_LEN;
 
-  STACK_OF(X509)* chain = X509_STORE_CTX_get1_chain(ctx);
-  CHECK_NE(chain, nullptr);
-  CHECK_GT(sk_X509_num(chain), 0);
+  StackOfX509 chain(X509_STORE_CTX_get1_chain(ctx));
+  CHECK(chain);
+  CHECK_GT(sk_X509_num(chain.get()), 0);
 
   // Take the last cert as root at the first time.
-  X509* root_cert = sk_X509_value(chain, sk_X509_num(chain)-1);
+  X509* root_cert = sk_X509_value(chain.get(), sk_X509_num(chain.get())-1);
   X509_NAME* root_name = X509_get_subject_name(root_cert);
 
   if (!IsSelfSigned(root_cert)) {
-    root_cert = FindRoot(chain);
+    root_cert = FindRoot(chain.get());
     CHECK_NE(root_cert, nullptr);
     root_name = X509_get_subject_name(root_cert);
   }
 
-  X509* leaf_cert = sk_X509_value(chain, 0);
-  if (!CheckStartComOrWoSign(root_name, leaf_cert)) {
-    sk_X509_pop_free(chain, X509_free);
+  X509* leaf_cert = sk_X509_value(chain.get(), 0);
+  if (!CheckStartComOrWoSign(root_name, leaf_cert))
     return CHECK_CERT_REVOKED;
-  }
 
   // When the cert is issued from either CNNNIC ROOT CA or CNNNIC EV
   // ROOT CA, check a hash of its leaf cert if it is in the whitelist.
@@ -3187,13 +3206,10 @@ inline CheckResult CheckWhitelistedServerCert(X509_STORE_CTX* ctx) {
     void* result = bsearch(hash, WhitelistedCNNICHashes,
                            arraysize(WhitelistedCNNICHashes),
                            CNNIC_WHITELIST_HASH_LEN, compar);
-    if (result == nullptr) {
-      sk_X509_pop_free(chain, X509_free);
+    if (result == nullptr)
       return CHECK_CERT_REVOKED;
-    }
   }
 
-  sk_X509_pop_free(chain, X509_free);
   return CHECK_OK;
 }
 
@@ -3601,7 +3617,8 @@ void Connection::GetServername(const FunctionCallbackInfo<Value>& args) {
   ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder());
 
   if (conn->is_server() && !conn->servername_.IsEmpty()) {
-    args.GetReturnValue().Set(conn->servername_);
+    args.GetReturnValue().Set(
+        PersistentToLocal(args.GetIsolate(), conn->servername_));
   } else {
     args.GetReturnValue().Set(false);
   }
@@ -5562,7 +5579,6 @@ class PBKDF2Request : public AsyncWrap {
     keylen_ = 0;
 
     ClearWrap(object());
-    persistent().Reset();
   }
 
   uv_work_t* work_req() {
@@ -5729,7 +5745,6 @@ class RandomBytesRequest : public AsyncWrap {
 
   ~RandomBytesRequest() override {
     ClearWrap(object());
-    persistent().Reset();
   }
 
   uv_work_t* work_req() {
diff --git a/src/node_crypto.h b/src/node_crypto.h
index b866117f844358..f1efa811985681 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -225,14 +225,6 @@ class SSLWrap {
       SSL_SESSION_free(next_sess_);
       next_sess_ = nullptr;
     }
-
-#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-    sni_context_.Reset();
-#endif
-
-#ifdef NODE__HAVE_TLSEXT_STATUS_CB
-    ocsp_response_.Reset();
-#endif  // NODE__HAVE_TLSEXT_STATUS_CB
   }
 
   inline SSL* ssl() const { return ssl_; }
@@ -354,11 +346,11 @@ class SSLWrap {
   ClientHelloParser hello_parser_;
 
 #ifdef NODE__HAVE_TLSEXT_STATUS_CB
-  v8::Persistent<v8::Object> ocsp_response_;
+  Persistent<v8::Object> ocsp_response_;
 #endif  // NODE__HAVE_TLSEXT_STATUS_CB
 
 #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-  v8::Persistent<v8::Value> sni_context_;
+  Persistent<v8::Value> sni_context_;
 #endif
 
   friend class SecureContext;
@@ -380,13 +372,13 @@ class Connection : public AsyncWrap, public SSLWrap<Connection> {
   void NewSessionDoneCb();
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
-  v8::Persistent<v8::Object> npnProtos_;
-  v8::Persistent<v8::Value> selectedNPNProto_;
+  Persistent<v8::Object> npnProtos_;
+  Persistent<v8::Value> selectedNPNProto_;
 #endif
 
 #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-  v8::Persistent<v8::Object> sniObject_;
-  v8::Persistent<v8::String> servername_;
+  Persistent<v8::Object> sniObject_;
+  Persistent<v8::String> servername_;
 #endif
 
   size_t self_size() const override { return sizeof(*this); }
diff --git a/src/node_file.cc b/src/node_file.cc
index 9df13be5bd2dff..10655e54e54e90 100644
--- a/src/node_file.cc
+++ b/src/node_file.cc
@@ -366,7 +366,8 @@ class fs_req_wrap {
     After(uv_req);                                                            \
     req_wrap = nullptr;                                                       \
   } else {                                                                    \
-    args.GetReturnValue().Set(req_wrap->persistent());                        \
+    args.GetReturnValue().Set(                                                \
+        PersistentToLocal(env->isolate(), req_wrap->persistent()));           \
   }
 
 #define ASYNC_CALL(func, req, encoding, ...)                                  \
@@ -1140,7 +1141,8 @@ static void WriteString(const FunctionCallbackInfo<Value>& args) {
     return;
   }
 
-  return args.GetReturnValue().Set(req_wrap->persistent());
+  return args.GetReturnValue().Set(
+      PersistentToLocal(env->isolate(), req_wrap->persistent()));
 }
 
 
diff --git a/src/node_http2.cc b/src/node_http2.cc
index 5240ea8b5ca864..7650969f8639ce 100644
--- a/src/node_http2.cc
+++ b/src/node_http2.cc
@@ -278,8 +278,6 @@ Http2Session::Http2Settings::Http2Settings(
 Http2Session::Http2Settings::~Http2Settings() {
   if (!object().IsEmpty())
     ClearWrap(object());
-  persistent().Reset();
-  CHECK(persistent().IsEmpty());
 }
 
 // Generates a Buffer that contains the serialized payload of a SETTINGS
@@ -533,10 +531,6 @@ Http2Session::Http2Session(Environment* env,
 
 Http2Session::~Http2Session() {
   CHECK_EQ(flags_ & SESSION_STATE_HAS_SCOPE, 0);
-  if (!object().IsEmpty())
-    ClearWrap(object());
-  persistent().Reset();
-  CHECK(persistent().IsEmpty());
   DEBUG_HTTP2SESSION(this, "freeing nghttp2 session");
   nghttp2_session_del(session_);
 }
@@ -1706,6 +1700,14 @@ void Http2Session::OnStreamRead(ssize_t nread, const uv_buf_t& buf) {
   stream_buf_ = uv_buf_init(nullptr, 0);
 }
 
+bool Http2Session::HasWritesOnSocketForStream(Http2Stream* stream) {
+  for (const nghttp2_stream_write& wr : outgoing_buffers_) {
+    if (wr.req_wrap != nullptr && wr.req_wrap->stream() == stream)
+      return true;
+  }
+  return false;
+}
+
 // Every Http2Session session is tightly bound to a single i/o StreamBase
 // (typically a net.Socket or tls.TLSSocket). The lifecycle of the two is
 // tightly coupled with all data transfer between the two happening at the
@@ -1759,15 +1761,11 @@ Http2Stream::Http2Stream(
 
 
 Http2Stream::~Http2Stream() {
+  DEBUG_HTTP2STREAM(this, "tearing down stream");
   if (session_ != nullptr) {
     session_->RemoveStream(this);
     session_ = nullptr;
   }
-
-  if (!object().IsEmpty())
-    ClearWrap(object());
-  persistent().Reset();
-  CHECK(persistent().IsEmpty());
 }
 
 // Notify the Http2Stream that a new block of HEADERS is being processed.
@@ -1845,7 +1843,7 @@ inline void Http2Stream::Destroy() {
     Http2Stream* stream = static_cast<Http2Stream*>(data);
     // Free any remaining outgoing data chunks here. This should be done
     // here because it's possible for destroy to have been called while
-    // we still have qeueued outbound writes.
+    // we still have queued outbound writes.
     while (!stream->queue_.empty()) {
       nghttp2_stream_write& head = stream->queue_.front();
       if (head.req_wrap != nullptr)
@@ -1853,7 +1851,11 @@ inline void Http2Stream::Destroy() {
       stream->queue_.pop();
     }
 
-    delete stream;
+    // We can destroy the stream now if there are no writes for it
+    // already on the socket. Otherwise, we'll wait for the garbage collector
+    // to take care of cleaning up.
+    if (!stream->session()->HasWritesOnSocketForStream(stream))
+      delete stream;
   }, this, this->object());
 
   statistics_.end_time = uv_hrtime();
@@ -2784,8 +2786,6 @@ Http2Session::Http2Ping::Http2Ping(
 Http2Session::Http2Ping::~Http2Ping() {
   if (!object().IsEmpty())
     ClearWrap(object());
-  persistent().Reset();
-  CHECK(persistent().IsEmpty());
 }
 
 void Http2Session::Http2Ping::Send(uint8_t* payload) {
diff --git a/src/node_http2.h b/src/node_http2.h
index 217c19c09287af..8f6662a0160bec 100644
--- a/src/node_http2.h
+++ b/src/node_http2.h
@@ -878,6 +878,9 @@ class Http2Session : public AsyncWrap, public StreamListener {
   // Removes a stream instance from this session
   inline void RemoveStream(Http2Stream* stream);
 
+  // Indicates whether there currently exist outgoing buffers for this stream.
+  bool HasWritesOnSocketForStream(Http2Stream* stream);
+
   // Write data to the session
   inline ssize_t Write(const uv_buf_t* bufs, size_t nbufs);
 
diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc
index d4044f8bbeea7b..207310f4068f43 100644
--- a/src/node_http_parser.cc
+++ b/src/node_http_parser.cc
@@ -157,7 +157,6 @@ class Parser : public AsyncWrap, public StreamListener {
 
   ~Parser() override {
     ClearWrap(object());
-    persistent().Reset();
   }
 
 
diff --git a/src/node_internals.h b/src/node_internals.h
index ced92da3216a28..af716c83997c78 100644
--- a/src/node_internals.h
+++ b/src/node_internals.h
@@ -25,6 +25,7 @@
 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 
 #include "node.h"
+#include "node_persistent.h"
 #include "util-inl.h"
 #include "env-inl.h"
 #include "uv.h"
@@ -214,7 +215,7 @@ class Environment;
 template <class TypeName>
 inline v8::Local<TypeName> PersistentToLocal(
     v8::Isolate* isolate,
-    const v8::Persistent<TypeName>& persistent);
+    const Persistent<TypeName>& persistent);
 
 // Creates a new context with Node.js-specific tweaks.  Currently, it removes
 // the `v8BreakIterator` property from the global `Intl` object if present.
diff --git a/src/node_perf.cc b/src/node_perf.cc
index 8ee805a8382c4e..1f7f127a837527 100644
--- a/src/node_perf.cc
+++ b/src/node_perf.cc
@@ -3,6 +3,10 @@
 
 #include <vector>
 
+#ifdef __POSIX__
+#include <sys/time.h>  // gettimeofday
+#endif
+
 namespace node {
 namespace performance {
 
@@ -21,13 +25,38 @@ using v8::Object;
 using v8::String;
 using v8::Value;
 
+// Microseconds in a second, as a float.
+#define MICROS_PER_SEC 1e6
+// Microseconds in a millisecond, as a float.
+#define MICROS_PER_MILLIS 1e3
+
+// https://w3c.github.io/hr-time/#dfn-time-origin
 const uint64_t timeOrigin = PERFORMANCE_NOW();
+// https://w3c.github.io/hr-time/#dfn-time-origin-timestamp
+const double timeOriginTimestamp = GetCurrentTimeInMicroseconds();
 uint64_t performance_node_start;
 uint64_t performance_v8_start;
 
 uint64_t performance_last_gc_start_mark_ = 0;
 v8::GCType performance_last_gc_type_ = v8::GCType::kGCTypeAll;
 
+double GetCurrentTimeInMicroseconds() {
+#ifdef _WIN32
+// The difference between the Unix Epoch and the Windows Epoch in 100-ns ticks.
+#define TICKS_TO_UNIX_EPOCH 116444736000000000LL
+  FILETIME ft;
+  GetSystemTimeAsFileTime(&ft);
+  uint64_t filetime_int = static_cast<uint64_t>(ft.dwHighDateTime) << 32 |
+                          ft.dwLowDateTime;
+  // FILETIME is measured in terms of 100 ns. Convert that to 1 us (1000 ns).
+  return (filetime_int - TICKS_TO_UNIX_EPOCH) / 10.;
+#else
+  struct timeval tp;
+  gettimeofday(&tp, nullptr);
+  return MICROS_PER_SEC * tp.tv_sec + tp.tv_usec;
+#endif
+}
+
 // Initialize the performance entry object properties
 inline void InitObject(const PerformanceEntry& entry, Local<Object> obj) {
   Environment* env = entry.env();
@@ -372,6 +401,12 @@ void Init(Local<Object> target,
                             v8::Number::New(isolate, timeOrigin / 1e6),
                             attr).ToChecked();
 
+  target->DefineOwnProperty(
+      context,
+      FIXED_ONE_BYTE_STRING(isolate, "timeOriginTimestamp"),
+      v8::Number::New(isolate, timeOriginTimestamp / MICROS_PER_MILLIS),
+      attr).ToChecked();
+
   target->DefineOwnProperty(context,
                             env->constants_string(),
                             constants,
diff --git a/src/node_perf.h b/src/node_perf.h
index f1b182b4e3dcc7..fbb9b2ad0414b1 100644
--- a/src/node_perf.h
+++ b/src/node_perf.h
@@ -22,6 +22,10 @@ using v8::Local;
 using v8::Object;
 using v8::Value;
 
+extern const uint64_t timeOrigin;
+
+double GetCurrentTimeInMicroseconds();
+
 static inline PerformanceMilestone ToPerformanceMilestoneEnum(const char* str) {
 #define V(name, label)                                                        \
   if (strcmp(str, label) == 0) return NODE_PERFORMANCE_MILESTONE_##name;
@@ -77,11 +81,11 @@ class PerformanceEntry {
     return ToPerformanceEntryTypeEnum(type().c_str());
   }
 
-  double startTime() const { return startTime_ / 1e6; }
+  double startTime() const { return startTimeNano() / 1e6; }
 
   double duration() const { return durationNano() / 1e6; }
 
-  uint64_t startTimeNano() const { return startTime_; }
+  uint64_t startTimeNano() const { return startTime_ - timeOrigin; }
 
   uint64_t durationNano() const { return endTime_ - startTime_; }
 
diff --git a/src/node_perf_common.h b/src/node_perf_common.h
index 435a4cffe5a753..7ff57359ba5cb8 100644
--- a/src/node_perf_common.h
+++ b/src/node_perf_common.h
@@ -4,6 +4,7 @@
 #include "node.h"
 #include "v8.h"
 
+#include <algorithm>
 #include <map>
 #include <string>
 
@@ -76,7 +77,10 @@ class performance_state {
       isolate,
       offsetof(performance_state_internal, observers),
       NODE_PERFORMANCE_ENTRY_TYPE_INVALID,
-      root) {}
+      root) {
+    for (size_t i = 0; i < milestones.Length(); i++)
+      milestones[i] = -1.;
+  }
 
   AliasedBuffer<uint8_t, v8::Uint8Array> root;
   AliasedBuffer<double, v8::Float64Array> milestones;
diff --git a/src/node_persistent.h b/src/node_persistent.h
new file mode 100644
index 00000000000000..762842dd4bd373
--- /dev/null
+++ b/src/node_persistent.h
@@ -0,0 +1,30 @@
+#ifndef SRC_NODE_PERSISTENT_H_
+#define SRC_NODE_PERSISTENT_H_
+
+#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
+
+#include "v8.h"
+
+namespace node {
+
+template <typename T>
+struct ResetInDestructorPersistentTraits {
+  static const bool kResetInDestructor = true;
+  template <typename S, typename M>
+  // Disallow copy semantics by leaving this unimplemented.
+  inline static void Copy(
+      const v8::Persistent<S, M>&,
+      v8::Persistent<T, ResetInDestructorPersistentTraits<T>>*);
+};
+
+// v8::Persistent does not reset the object slot in its destructor.  That is
+// acknowledged as a flaw in the V8 API and expected to change in the future
+// but for now node::Persistent is the easier and safer alternative.
+template <typename T>
+using Persistent = v8::Persistent<T, ResetInDestructorPersistentTraits<T>>;
+
+}  // namespace node
+
+#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
+
+#endif  // SRC_NODE_PERSISTENT_H_
diff --git a/src/node_zlib.cc b/src/node_zlib.cc
index 8ef4383e0355de..388630d507a433 100644
--- a/src/node_zlib.cc
+++ b/src/node_zlib.cc
@@ -46,7 +46,6 @@ using v8::HandleScope;
 using v8::Local;
 using v8::Number;
 using v8::Object;
-using v8::Persistent;
 using v8::String;
 using v8::Uint32Array;
 using v8::Value;
diff --git a/src/req_wrap-inl.h b/src/req_wrap-inl.h
index 4a7984e649c733..11b1389fa0e771 100644
--- a/src/req_wrap-inl.h
+++ b/src/req_wrap-inl.h
@@ -25,7 +25,6 @@ template <typename T>
 ReqWrap<T>::~ReqWrap() {
   CHECK_EQ(req_.data, this);  // Assert that someone has called Dispatched().
   CHECK_EQ(false, persistent().IsEmpty());
-  persistent().Reset();
 }
 
 template <typename T>
diff --git a/src/stream_base-inl.h b/src/stream_base-inl.h
index 008f9c01513bc0..81adf7a866b927 100644
--- a/src/stream_base-inl.h
+++ b/src/stream_base-inl.h
@@ -223,8 +223,8 @@ inline StreamWriteResult StreamBase::Write(
   return StreamWriteResult { async, err, req_wrap };
 }
 
-template<typename OtherBase, bool kResetPersistent>
-SimpleShutdownWrap<OtherBase, kResetPersistent>::SimpleShutdownWrap(
+template <typename OtherBase>
+SimpleShutdownWrap<OtherBase>::SimpleShutdownWrap(
     StreamBase* stream,
     v8::Local<v8::Object> req_wrap_obj)
   : ShutdownWrap(stream, req_wrap_obj),
@@ -234,14 +234,9 @@ SimpleShutdownWrap<OtherBase, kResetPersistent>::SimpleShutdownWrap(
   Wrap(req_wrap_obj, static_cast<AsyncWrap*>(this));
 }
 
-template<typename OtherBase, bool kResetPersistent>
-SimpleShutdownWrap<OtherBase, kResetPersistent>::~SimpleShutdownWrap() {
+template <typename OtherBase>
+SimpleShutdownWrap<OtherBase>::~SimpleShutdownWrap() {
   ClearWrap(static_cast<AsyncWrap*>(this)->object());
-  if (kResetPersistent) {
-    auto& persistent = static_cast<AsyncWrap*>(this)->persistent();
-    CHECK_EQ(persistent.IsEmpty(), false);
-    persistent.Reset();
-  }
 }
 
 inline ShutdownWrap* StreamBase::CreateShutdownWrap(
@@ -249,8 +244,8 @@ inline ShutdownWrap* StreamBase::CreateShutdownWrap(
   return new SimpleShutdownWrap<AsyncWrap>(this, object);
 }
 
-template<typename OtherBase, bool kResetPersistent>
-SimpleWriteWrap<OtherBase, kResetPersistent>::SimpleWriteWrap(
+template <typename OtherBase>
+SimpleWriteWrap<OtherBase>::SimpleWriteWrap(
     StreamBase* stream,
     v8::Local<v8::Object> req_wrap_obj)
   : WriteWrap(stream, req_wrap_obj),
@@ -260,14 +255,9 @@ SimpleWriteWrap<OtherBase, kResetPersistent>::SimpleWriteWrap(
   Wrap(req_wrap_obj, static_cast<AsyncWrap*>(this));
 }
 
-template<typename OtherBase, bool kResetPersistent>
-SimpleWriteWrap<OtherBase, kResetPersistent>::~SimpleWriteWrap() {
+template <typename OtherBase>
+SimpleWriteWrap<OtherBase>::~SimpleWriteWrap() {
   ClearWrap(static_cast<AsyncWrap*>(this)->object());
-  if (kResetPersistent) {
-    auto& persistent = static_cast<AsyncWrap*>(this)->persistent();
-    CHECK_EQ(persistent.IsEmpty(), false);
-    persistent.Reset();
-  }
 }
 
 inline WriteWrap* StreamBase::CreateWriteWrap(
diff --git a/src/stream_base.h b/src/stream_base.h
index 59b8ee7b7221f0..8af05059f49e47 100644
--- a/src/stream_base.h
+++ b/src/stream_base.h
@@ -322,7 +322,7 @@ class StreamBase : public StreamResource {
 // `OtherBase` must have a constructor that matches the `AsyncWrap`
 // constructors’s (Environment*, Local<Object>, AsyncWrap::Provider) signature
 // and be a subclass of `AsyncWrap`.
-template <typename OtherBase, bool kResetPersistentOnDestroy = true>
+template <typename OtherBase>
 class SimpleShutdownWrap : public ShutdownWrap, public OtherBase {
  public:
   SimpleShutdownWrap(StreamBase* stream,
@@ -333,7 +333,7 @@ class SimpleShutdownWrap : public ShutdownWrap, public OtherBase {
   size_t self_size() const override { return sizeof(*this); }
 };
 
-template <typename OtherBase, bool kResetPersistentOnDestroy = true>
+template <typename OtherBase>
 class SimpleWriteWrap : public WriteWrap, public OtherBase {
  public:
   SimpleWriteWrap(StreamBase* stream,
diff --git a/src/stream_wrap.cc b/src/stream_wrap.cc
index e1df9edd39e151..27fe48d1165c75 100644
--- a/src/stream_wrap.cc
+++ b/src/stream_wrap.cc
@@ -264,8 +264,8 @@ void LibuvStreamWrap::SetBlocking(const FunctionCallbackInfo<Value>& args) {
   args.GetReturnValue().Set(uv_stream_set_blocking(wrap->stream(), enable));
 }
 
-typedef SimpleShutdownWrap<ReqWrap<uv_shutdown_t>, false> LibuvShutdownWrap;
-typedef SimpleWriteWrap<ReqWrap<uv_write_t>, false> LibuvWriteWrap;
+typedef SimpleShutdownWrap<ReqWrap<uv_shutdown_t>> LibuvShutdownWrap;
+typedef SimpleWriteWrap<ReqWrap<uv_write_t>> LibuvWriteWrap;
 
 ShutdownWrap* LibuvStreamWrap::CreateShutdownWrap(Local<Object> object) {
   return new LibuvShutdownWrap(this, object);
diff --git a/src/tcp_wrap.cc b/src/tcp_wrap.cc
index a0a58fb1b5cc8d..61b08217b8f129 100644
--- a/src/tcp_wrap.cc
+++ b/src/tcp_wrap.cc
@@ -174,11 +174,6 @@ TCPWrap::TCPWrap(Environment* env, Local<Object> object, ProviderType provider)
 }
 
 
-TCPWrap::~TCPWrap() {
-  CHECK(persistent().IsEmpty());
-}
-
-
 void TCPWrap::SetNoDelay(const FunctionCallbackInfo<Value>& args) {
   TCPWrap* wrap;
   ASSIGN_OR_RETURN_UNWRAP(&wrap,
diff --git a/src/tcp_wrap.h b/src/tcp_wrap.h
index a7f6b1901981f6..2ab50f1fdcdfab 100644
--- a/src/tcp_wrap.h
+++ b/src/tcp_wrap.h
@@ -55,7 +55,6 @@ class TCPWrap : public ConnectionWrap<TCPWrap, uv_tcp_t> {
 
   TCPWrap(Environment* env, v8::Local<v8::Object> object,
           ProviderType provider);
-  ~TCPWrap();
 
   static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void SetNoDelay(const v8::FunctionCallbackInfo<v8::Value>& args);
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
index 18b56afece9e09..7ff49522438d65 100644
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@@ -86,12 +86,7 @@ TLSWrap::TLSWrap(Environment* env,
 TLSWrap::~TLSWrap() {
   enc_in_ = nullptr;
   enc_out_ = nullptr;
-
   sc_ = nullptr;
-
-#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-  sni_context_.Reset();
-#endif  // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
 }
 
 
@@ -852,7 +847,6 @@ int TLSWrap::SelectSNIContextCallback(SSL* s, int* ad, void* arg) {
     return SSL_TLSEXT_ERR_NOACK;
   }
 
-  p->sni_context_.Reset();
   p->sni_context_.Reset(env->isolate(), ctx);
 
   SecureContext* sc = Unwrap<SecureContext>(ctx.As<Object>());
diff --git a/src/util-inl.h b/src/util-inl.h
index c5a25c91ffb088..d07cfea9227fbe 100644
--- a/src/util-inl.h
+++ b/src/util-inl.h
@@ -168,7 +168,7 @@ inline ContainerOfHelper<Inner, Outer> ContainerOf(Inner Outer::*field,
 template <class TypeName>
 inline v8::Local<TypeName> PersistentToLocal(
     v8::Isolate* isolate,
-    const v8::Persistent<TypeName>& persistent) {
+    const Persistent<TypeName>& persistent) {
   if (persistent.IsWeak()) {
     return WeakPersistentToLocal(isolate, persistent);
   } else {
@@ -178,15 +178,15 @@ inline v8::Local<TypeName> PersistentToLocal(
 
 template <class TypeName>
 inline v8::Local<TypeName> StrongPersistentToLocal(
-    const v8::Persistent<TypeName>& persistent) {
+    const Persistent<TypeName>& persistent) {
   return *reinterpret_cast<v8::Local<TypeName>*>(
-      const_cast<v8::Persistent<TypeName>*>(&persistent));
+      const_cast<Persistent<TypeName>*>(&persistent));
 }
 
 template <class TypeName>
 inline v8::Local<TypeName> WeakPersistentToLocal(
     v8::Isolate* isolate,
-    const v8::Persistent<TypeName>& persistent) {
+    const Persistent<TypeName>& persistent) {
   return v8::Local<TypeName>::New(isolate, persistent);
 }
 
diff --git a/src/util.h b/src/util.h
index 21c566a4ca6cd6..7c679952d5fb1f 100644
--- a/src/util.h
+++ b/src/util.h
@@ -24,6 +24,7 @@
 
 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 
+#include "node_persistent.h"
 #include "v8.h"
 
 #include <assert.h>
@@ -218,7 +219,7 @@ inline ContainerOfHelper<Inner, Outer> ContainerOf(Inner Outer::*field,
 template <class TypeName>
 inline v8::Local<TypeName> PersistentToLocal(
     v8::Isolate* isolate,
-    const v8::Persistent<TypeName>& persistent);
+    const Persistent<TypeName>& persistent);
 
 // Unchecked conversion from a non-weak Persistent<T> to Local<TLocal<T>,
 // use with care!
@@ -227,12 +228,12 @@ inline v8::Local<TypeName> PersistentToLocal(
 // scope, it will destroy the reference to the object.
 template <class TypeName>
 inline v8::Local<TypeName> StrongPersistentToLocal(
-    const v8::Persistent<TypeName>& persistent);
+    const Persistent<TypeName>& persistent);
 
 template <class TypeName>
 inline v8::Local<TypeName> WeakPersistentToLocal(
     v8::Isolate* isolate,
-    const v8::Persistent<TypeName>& persistent);
+    const Persistent<TypeName>& persistent);
 
 // Convenience wrapper around v8::String::NewFromOneByte().
 inline v8::Local<v8::String> OneByteString(v8::Isolate* isolate,
diff --git a/test/addons/hello-world/binding.cc b/test/addons/hello-world/binding.cc
index 944f5631956d15..ba6a22d7196d26 100644
--- a/test/addons/hello-world/binding.cc
+++ b/test/addons/hello-world/binding.cc
@@ -6,8 +6,12 @@ void Method(const v8::FunctionCallbackInfo<v8::Value>& args) {
   args.GetReturnValue().Set(v8::String::NewFromUtf8(isolate, "world"));
 }
 
-void init(v8::Local<v8::Object> exports) {
+#define CONCAT(a, b) CONCAT_HELPER(a, b)
+#define CONCAT_HELPER(a, b) a##b
+#define INITIALIZER CONCAT(node_register_module_v, NODE_MODULE_VERSION)
+
+extern "C" NODE_MODULE_EXPORT void INITIALIZER(v8::Local<v8::Object> exports,
+                                               v8::Local<v8::Value> module,
+                                               v8::Local<v8::Context> context) {
   NODE_SET_METHOD(exports, "hello", Method);
 }
-
-NODE_MODULE(NODE_GYP_MODULE_NAME, init)
diff --git a/test/es-module/test-esm-cyclic-dynamic-import.mjs b/test/es-module/test-esm-cyclic-dynamic-import.mjs
new file mode 100644
index 00000000000000..c8dfff919c2f7e
--- /dev/null
+++ b/test/es-module/test-esm-cyclic-dynamic-import.mjs
@@ -0,0 +1,3 @@
+// Flags: --experimental-modules
+import '../common';
+import('./test-esm-cyclic-dynamic-import');
diff --git a/test/parallel/test-crypto-hmac.js b/test/parallel/test-crypto-hmac.js
index 92fa16f98cda44..0597891e0041a7 100644
--- a/test/parallel/test-crypto-hmac.js
+++ b/test/parallel/test-crypto-hmac.js
@@ -269,7 +269,12 @@ for (let i = 0, l = rfc4231.length; i < l; i++) {
       expected,
       `Test HMAC-${hash} rfc 4231 case ${i + 1}: ${actual} must be ${expected}`
     );
-    assert.strictEqual(actual, strRes, 'Should get same result from stream');
+    assert.strictEqual(
+      actual,
+      strRes,
+      `Should get same result from stream (hash: ${hash} and case: ${i + 1})` +
+      ` => ${actual} must be ${strRes}`
+    );
   }
 }
 
diff --git a/test/parallel/test-http2-client-setNextStreamID-errors.js b/test/parallel/test-http2-client-setNextStreamID-errors.js
new file mode 100644
index 00000000000000..0c982061b857e1
--- /dev/null
+++ b/test/parallel/test-http2-client-setNextStreamID-errors.js
@@ -0,0 +1,59 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const http2 = require('http2');
+
+const server = http2.createServer();
+server.on('stream', (stream) => {
+  stream.respond();
+  stream.end('ok');
+});
+
+const types = {
+  boolean: true,
+  function: () => {},
+  number: 1,
+  object: {},
+  array: [],
+  null: null,
+  symbol: Symbol('test')
+};
+
+server.listen(0, common.mustCall(() => {
+  const client = http2.connect(`http://localhost:${server.address().port}`);
+
+  client.on('connect', () => {
+    const outOfRangeNum = 2 ** 31;
+    common.expectsError(
+      () => client.setNextStreamID(outOfRangeNum),
+      {
+        type: RangeError,
+        code: 'ERR_OUT_OF_RANGE',
+        message: 'The value of "id" is out of range.' +
+           ' It must be > 0 and <= 2147483647. Received ' + outOfRangeNum
+      }
+    );
+
+    // should throw if something other than number is passed to setNextStreamID
+    Object.entries(types).forEach(([type, value]) => {
+      if (type === 'number') {
+        return;
+      }
+
+      common.expectsError(
+        () => client.setNextStreamID(value),
+        {
+          type: TypeError,
+          code: 'ERR_INVALID_ARG_TYPE',
+          message: 'The "id" argument must be of type number'
+        }
+      );
+    });
+
+    server.close();
+    client.close();
+  });
+}));
diff --git a/test/parallel/test-http2-client-write-empty-string.js b/test/parallel/test-http2-client-write-empty-string.js
index c10698d417038d..8b8cb3d6404e1e 100644
--- a/test/parallel/test-http2-client-write-empty-string.js
+++ b/test/parallel/test-http2-client-write-empty-string.js
@@ -1,12 +1,13 @@
 'use strict';
 
 const assert = require('assert');
-const http2 = require('http2');
 
 const common = require('../common');
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
+const http2 = require('http2');
+
 for (const chunkSequence of [
   [ '' ],
   [ '', '' ]
diff --git a/test/parallel/test-http2-write-finishes-after-stream-destroy.js b/test/parallel/test-http2-write-finishes-after-stream-destroy.js
new file mode 100644
index 00000000000000..3b2dd4bcd4e548
--- /dev/null
+++ b/test/parallel/test-http2-write-finishes-after-stream-destroy.js
@@ -0,0 +1,62 @@
+// Flags: --expose-gc
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+const assert = require('assert');
+const http2 = require('http2');
+const makeDuplexPair = require('../common/duplexpair');
+
+// Make sure the Http2Stream destructor works, since we don't clean the
+// stream up like we would otherwise do.
+process.on('exit', global.gc);
+
+{
+  const { clientSide, serverSide } = makeDuplexPair();
+
+  let serverSideHttp2Stream;
+  let serverSideHttp2StreamDestroyed = false;
+  const server = http2.createServer();
+  server.on('stream', common.mustCall((stream, headers) => {
+    serverSideHttp2Stream = stream;
+    stream.respond({
+      'content-type': 'text/html',
+      ':status': 200
+    });
+
+    const originalWrite = serverSide._write;
+    serverSide._write = (buf, enc, cb) => {
+      if (serverSideHttp2StreamDestroyed) {
+        serverSide.destroy();
+        serverSide.write = () => {};
+      } else {
+        setImmediate(() => {
+          originalWrite.call(serverSide, buf, enc, () => setImmediate(cb));
+        });
+      }
+    };
+
+    // Enough data to fit into a single *session* window,
+    // not enough data to fit into a single *stream* window.
+    stream.write(Buffer.alloc(40000));
+  }));
+
+  server.emit('connection', serverSide);
+
+  const client = http2.connect('http://localhost:80', {
+    createConnection: common.mustCall(() => clientSide)
+  });
+
+  const req = client.request({ ':path': '/' });
+
+  req.on('response', common.mustCall((headers) => {
+    assert.strictEqual(headers[':status'], 200);
+  }));
+
+  req.on('data', common.mustCallAtLeast(() => {
+    if (!serverSideHttp2StreamDestroyed) {
+      serverSideHttp2Stream.destroy();
+      serverSideHttp2StreamDestroyed = true;
+    }
+  }));
+}
diff --git a/test/parallel/test-performance.js b/test/parallel/test-performance.js
index ba15479050f9e1..d262e1f1f149d1 100644
--- a/test/parallel/test-performance.js
+++ b/test/parallel/test-performance.js
@@ -7,6 +7,12 @@ const { performance } = require('perf_hooks');
 assert(performance);
 assert(performance.nodeTiming);
 assert.strictEqual(typeof performance.timeOrigin, 'number');
+// Use a fairly large epsilon value, since we can only guarantee that the node
+// process started up in 20 seconds.
+assert(Math.abs(performance.timeOrigin - Date.now()) < 20000);
+
+const inited = performance.now();
+assert(inited < 20000);
 
 {
   const entries = performance.getEntries();
@@ -104,23 +110,81 @@ assert.strictEqual(typeof performance.timeOrigin, 'number');
 assert.strictEqual(performance.nodeTiming.name, 'node');
 assert.strictEqual(performance.nodeTiming.entryType, 'node');
 
-[
-  'startTime',
-  'duration',
-  'nodeStart',
-  'v8Start',
-  'bootstrapComplete',
-  'environment',
-  'loopStart',
-  'loopExit',
-  'thirdPartyMainStart',
-  'thirdPartyMainEnd',
-  'clusterSetupStart',
-  'clusterSetupEnd',
-  'moduleLoadStart',
-  'moduleLoadEnd',
-  'preloadModuleLoadStart',
-  'preloadModuleLoadEnd'
-].forEach((i) => {
-  assert.strictEqual(typeof performance.nodeTiming[i], 'number');
+function checkNodeTiming(props) {
+  for (const prop of Object.keys(props)) {
+    if (props[prop].around !== undefined) {
+      assert.strictEqual(typeof performance.nodeTiming[prop], 'number');
+      const delta = performance.nodeTiming[prop] - props[prop].around;
+      assert(Math.abs(delta) < 1000);
+    } else {
+      assert.strictEqual(performance.nodeTiming[prop], props[prop]);
+    }
+  }
+}
+
+checkNodeTiming({
+  name: 'node',
+  entryType: 'node',
+  startTime: 0,
+  duration: { around: performance.now() },
+  nodeStart: { around: 0 },
+  v8Start: { around: 0 },
+  bootstrapComplete: -1,
+  environment: { around: 0 },
+  loopStart: -1,
+  loopExit: -1,
+  thirdPartyMainStart: -1,
+  thirdPartyMainEnd: -1,
+  clusterSetupStart: -1,
+  clusterSetupEnd: -1,
+  moduleLoadStart: { around: inited },
+  moduleLoadEnd: { around: inited },
+  preloadModuleLoadStart: { around: inited },
+  preloadModuleLoadEnd: { around: inited },
+});
+
+setTimeout(() => {
+  checkNodeTiming({
+    name: 'node',
+    entryType: 'node',
+    startTime: 0,
+    duration: { around: performance.now() },
+    nodeStart: { around: 0 },
+    v8Start: { around: 0 },
+    bootstrapComplete: { around: inited },
+    environment: { around: 0 },
+    loopStart: { around: inited },
+    loopExit: -1,
+    thirdPartyMainStart: -1,
+    thirdPartyMainEnd: -1,
+    clusterSetupStart: -1,
+    clusterSetupEnd: -1,
+    moduleLoadStart: { around: inited },
+    moduleLoadEnd: { around: inited },
+    preloadModuleLoadStart: { around: inited },
+    preloadModuleLoadEnd: { around: inited },
+  });
+}, 2000);
+
+process.on('exit', () => {
+  checkNodeTiming({
+    name: 'node',
+    entryType: 'node',
+    startTime: 0,
+    duration: { around: performance.now() },
+    nodeStart: { around: 0 },
+    v8Start: { around: 0 },
+    bootstrapComplete: { around: inited },
+    environment: { around: 0 },
+    loopStart: { around: inited },
+    loopExit: { around: performance.now() },
+    thirdPartyMainStart: -1,
+    thirdPartyMainEnd: -1,
+    clusterSetupStart: -1,
+    clusterSetupEnd: -1,
+    moduleLoadStart: { around: inited },
+    moduleLoadEnd: { around: inited },
+    preloadModuleLoadStart: { around: inited },
+    preloadModuleLoadEnd: { around: inited },
+  });
 });
diff --git a/tools/icu/iculslocs.cc b/tools/icu/iculslocs.cc
index 3ceb8d2a4d81d0..a6931d3a9a62d6 100644
--- a/tools/icu/iculslocs.cc
+++ b/tools/icu/iculslocs.cc
@@ -55,6 +55,7 @@ Japanese, it doesn't *claim* to have Japanese.
 #include <unicode/ures.h>
 #include <unicode/udata.h>
 #include <unicode/putil.h>
+#include <stdio.h>
 
 const char* PROG = "iculslocs";
 const char* NAME = U_ICUDATA_NAME;  // assume ICU data