From 987aacaded33e94548cb22904c7fb828fd73e804 Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Wed, 3 Jul 2024 18:31:01 -0300 Subject: [PATCH 1/6] fix: handle dependencies empty on sec release blog (#828) --- lib/security_blog.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/security_blog.js b/lib/security_blog.js index 7fe25ea1..8239c1d5 100644 --- a/lib/security_blog.js +++ b/lib/security_blog.js @@ -232,9 +232,10 @@ export default class SecurityBlog { } getDependencyUpdatesTemplate(dependencyUpdates) { - if (!dependencyUpdates) return ''; - let template = 'This security release includes the following dependency' + - ' updates to address public vulnerabilities:\n\n'; + if (typeof dependencyUpdates !== 'object') return ''; + if (Object.keys(dependencyUpdates).length === 0) return ''; + let template = '\nThis security release includes the following dependency' + + ' updates to address public vulnerabilities:\n'; for (const dependencyUpdate of Object.values(dependencyUpdates)) { for (const dependency of dependencyUpdate) { const title = dependency.title.substring(dependency.title.indexOf(':') + ':'.length).trim(); From 09cf7fd7e7c41f1d7b946e2cfaf1c30f5d1af6f5 Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Tue, 16 Jul 2024 15:57:03 -0300 Subject: [PATCH 2/6] lib: sort affected versions ASC (#831) * fix: sort affected versions ASC * fixup! fix: sort affected versions ASC * fixup! fixup! fix: sort affected versions ASC --- lib/security_blog.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/security_blog.js b/lib/security_blog.js index 8239c1d5..c0987bfe 100644 --- a/lib/security_blog.js +++ b/lib/security_blog.js @@ -331,7 +331,12 @@ export default class SecurityBlog { affectedVersions.add(affectedVersion); } } - return Array.from(affectedVersions).join(', '); + const parseToNumber = str => +(str.match(/[\d.]+/g)[0]); + return Array.from(affectedVersions) + .sort((a, b) => { + return parseToNumber(a) > parseToNumber(b) ? -1 : 1; + }) + .join(', '); } getSecurityPreReleaseTemplate() { From 88c31eb6bbea0ec44797c7287bafad2678d5ea46 Mon Sep 17 00:00:00 2001 From: Yagiz Nizipli Date: Fri, 26 Jul 2024 08:58:58 -0400 Subject: [PATCH 3/6] fix: listr overriding parent task (#836) --- lib/update-v8/applyNodeChanges.js | 6 ++---- lib/update-v8/backport.js | 13 ++++++------- lib/update-v8/majorUpdate.js | 6 ++---- lib/update-v8/minorUpdate.js | 6 ++---- lib/update-v8/updateV8Clone.js | 6 ++---- lib/update-v8/updateVersionNumbers.js | 6 ++---- 6 files changed, 16 insertions(+), 27 deletions(-) diff --git a/lib/update-v8/applyNodeChanges.js b/lib/update-v8/applyNodeChanges.js index 806e1d25..5ac5b9af 100644 --- a/lib/update-v8/applyNodeChanges.js +++ b/lib/update-v8/applyNodeChanges.js @@ -1,7 +1,5 @@ import path from 'node:path'; -import { Listr } from 'listr2'; - import { getNodeV8Version, filterForVersion, @@ -19,10 +17,10 @@ const nodeChanges = [ export default function applyNodeChanges() { return { title: 'Apply Node-specific changes', - task: async(ctx) => { + task: async(ctx, task) => { const v8Version = await getNodeV8Version(ctx.nodeDir); const list = filterForVersion(nodeChanges, v8Version); - return new Listr(list.map((change) => change.task())); + return task.newListr(list.map((change) => change.task())); } }; } diff --git a/lib/update-v8/backport.js b/lib/update-v8/backport.js index c57095cd..7f27430e 100644 --- a/lib/update-v8/backport.js +++ b/lib/update-v8/backport.js @@ -4,7 +4,6 @@ import { } from 'node:fs'; import inquirer from 'inquirer'; -import { Listr } from 'listr2'; import { ListrEnquirerPromptAdapter } from '@listr2/prompt-adapter-enquirer'; import { shortSha } from '../utils.js'; @@ -50,8 +49,8 @@ export function doBackport(options) { return { title: 'V8 commit backport', - task: () => { - return new Listr(todo); + task: (ctx, task) => { + return task.newListr(todo); } }; }; @@ -164,8 +163,8 @@ function applyPatches() { function applyAndCommitPatches() { return { title: 'Apply and commit patches to deps/v8', - task: (ctx) => { - return new Listr(ctx.patches.map(applyPatchTask)); + task: (ctx, task) => { + return task.newListr(ctx.patches.map(applyPatchTask)); } }; } @@ -173,7 +172,7 @@ function applyAndCommitPatches() { function applyPatchTask(patch) { return { title: `Commit ${shortSha(patch.sha)}`, - task: (ctx) => { + task: (ctx, task) => { const todo = [ { title: 'Apply patch', @@ -188,7 +187,7 @@ function applyPatchTask(patch) { } } todo.push(commitPatch(patch)); - return new Listr(todo); + return task.newListr(todo); } }; } diff --git a/lib/update-v8/majorUpdate.js b/lib/update-v8/majorUpdate.js index 4ac91005..0ca3f8a1 100644 --- a/lib/update-v8/majorUpdate.js +++ b/lib/update-v8/majorUpdate.js @@ -1,8 +1,6 @@ import path from 'node:path'; import { promises as fs } from 'node:fs'; -import { Listr } from 'listr2'; - import { getCurrentV8Version } from './common.js'; import { getNodeV8Version, @@ -19,8 +17,8 @@ import { forceRunAsync } from '../run.js'; export default function majorUpdate() { return { title: 'Major V8 update', - task: () => { - return new Listr([ + task: (ctx, task) => { + return task.newListr([ getCurrentV8Version(), checkoutBranch(), removeDepsV8(), diff --git a/lib/update-v8/minorUpdate.js b/lib/update-v8/minorUpdate.js index e64ed8e5..d14f007a 100644 --- a/lib/update-v8/minorUpdate.js +++ b/lib/update-v8/minorUpdate.js @@ -2,8 +2,6 @@ import { spawn } from 'node:child_process'; import path from 'node:path'; import { promises as fs } from 'node:fs'; -import { Listr } from 'listr2'; - import { getCurrentV8Version } from './common.js'; import { isVersionString } from './util.js'; import { forceRunAsync } from '../run.js'; @@ -11,8 +9,8 @@ import { forceRunAsync } from '../run.js'; export default function minorUpdate() { return { title: 'Minor V8 update', - task: () => { - return new Listr([ + task: (ctx, task) => { + return task.newListr([ getCurrentV8Version(), getLatestV8Version(), doMinorUpdate() diff --git a/lib/update-v8/updateV8Clone.js b/lib/update-v8/updateV8Clone.js index f078e826..8b270313 100644 --- a/lib/update-v8/updateV8Clone.js +++ b/lib/update-v8/updateV8Clone.js @@ -1,15 +1,13 @@ import { promises as fs } from 'node:fs'; -import { Listr } from 'listr2'; - import { v8Git } from './constants.js'; import { forceRunAsync } from '../run.js'; export default function updateV8Clone() { return { title: 'Update local V8 clone', - task: () => { - return new Listr([fetchOrigin(), createClone()]); + task: (ctx, task) => { + return task.newListr([fetchOrigin(), createClone()]); } }; }; diff --git a/lib/update-v8/updateVersionNumbers.js b/lib/update-v8/updateVersionNumbers.js index 5c832e08..545ece19 100644 --- a/lib/update-v8/updateVersionNumbers.js +++ b/lib/update-v8/updateVersionNumbers.js @@ -1,15 +1,13 @@ import path from 'node:path'; import { promises as fs } from 'node:fs'; -import { Listr } from 'listr2'; - import { getNodeV8Version } from './util.js'; export default function updateVersionNumbers() { return { title: 'Update version numbers', - task: () => { - return new Listr([resetEmbedderString(), bumpNodeModule()]); + task: (ctx, task) => { + return task.newListr([resetEmbedderString(), bumpNodeModule()]); } }; }; From 25ea9923c6cff813766678332130a8c4fdf93edb Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Mon, 29 Jul 2024 10:50:35 -0300 Subject: [PATCH 4/6] feat: use sec release template in PR description (#832) * feat: use sec release template in PR description * fixup! feat: use sec release template in PR description --- lib/prepare_security.js | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/lib/prepare_security.js b/lib/prepare_security.js index ed18e502..4ffb90fe 100644 --- a/lib/prepare_security.js +++ b/lib/prepare_security.js @@ -6,7 +6,6 @@ import { NEXT_SECURITY_RELEASE_BRANCH, NEXT_SECURITY_RELEASE_FOLDER, NEXT_SECURITY_RELEASE_REPOSITORY, - PLACEHOLDERS, checkoutOnSecurityReleaseBranch, commitAndPushVulnerabilitiesJSON, validateDate, @@ -37,22 +36,15 @@ export default class PrepareSecurityRelease { const createVulnerabilitiesJSON = await this.promptVulnerabilitiesJSON(); let securityReleasePRUrl; + const content = await this.buildDescription(releaseDate, securityReleasePRUrl); if (createVulnerabilitiesJSON) { - securityReleasePRUrl = await this.startVulnerabilitiesJSONCreation(releaseDate); + securityReleasePRUrl = await this.startVulnerabilitiesJSONCreation(releaseDate, content); } - const createIssue = await this.promptCreateRelaseIssue(); - - if (createIssue) { - const content = await this.buildIssue(releaseDate, securityReleasePRUrl); - await createIssue( - this.title, content, this.repository, { cli: this.cli, repository: this.repository }); - }; - this.cli.ok('Done!'); } - async startVulnerabilitiesJSONCreation(releaseDate) { + async startVulnerabilitiesJSONCreation(releaseDate, content) { // checkout on the next-security-release branch checkoutOnSecurityReleaseBranch(this.cli, this.repository); @@ -87,7 +79,7 @@ export default class PrepareSecurityRelease { if (!createPr) return; // create pr on the security-release repo - return this.createPullRequest(); + return this.createPullRequest(content); } promptCreatePR() { @@ -143,11 +135,9 @@ export default class PrepareSecurityRelease { { defaultAnswer: true }); } - async buildIssue(releaseDate, securityReleasePRUrl = PLACEHOLDERS.vulnerabilitiesPRURL) { + async buildDescription() { const template = await this.getSecurityIssueTemplate(); - const content = template.replace(PLACEHOLDERS.releaseDate, releaseDate) - .replace(PLACEHOLDERS.vulnerabilitiesPRURL, securityReleasePRUrl); - return content; + return template; } async chooseReports() { @@ -185,11 +175,11 @@ export default class PrepareSecurityRelease { return fullPath; } - async createPullRequest() { + async createPullRequest(content) { const { owner, repo } = this.repository; const response = await this.req.createPullRequest( this.title, - 'List of vulnerabilities to be included in the next security release', + content ?? 'List of vulnerabilities to be included in the next security release', { owner, repo, From d796dd5eac383177624a2c4b9284770c99ec3968 Mon Sep 17 00:00:00 2001 From: Aviv Keller <38299977+RedYetiDev@users.noreply.github.com> Date: Wed, 7 Aug 2024 10:47:30 -0400 Subject: [PATCH 5/6] fix(git-node): ignore codecov check suite (#838) --- lib/pr_checker.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/pr_checker.js b/lib/pr_checker.js index 7d00ca92..b37314e4 100644 --- a/lib/pr_checker.js +++ b/lib/pr_checker.js @@ -29,6 +29,7 @@ const GITHUB_SUCCESS_CONCLUSIONS = ['SUCCESS', 'NEUTRAL', 'SKIPPED']; const FAST_TRACK_RE = /^Fast-track has been requested by @(.+?)\. Please 👍 to approve\.$/; const FAST_TRACK_MIN_APPROVALS = 2; const GIT_CONFIG_GUIDE_URL = 'https://github.com/nodejs/node/blob/99b1ada/doc/guides/contributing/pull-requests.md#step-1-fork'; +const IGNORED_CHECK_SLUGS = ['dependabot', 'codecov']; // eslint-disable-next-line no-extend-native Array.prototype.findLastIndex ??= function findLastIndex(fn) { @@ -373,9 +374,9 @@ export default class PRChecker { // GitHub new Check API for (const { status, conclusion, app } of checkSuites.nodes) { - if (app && app.slug === 'dependabot') { - // Ignore Dependabot check suites. They are expected to show up - // sometimes and never complete. + if (app && IGNORED_CHECK_SLUGS.includes(app.slug)) { + // Ignore Dependabot and Codecov check suites. + // They are expected to show up sometimes and never complete. continue; } From 61586c92da2a586dac91d997e02a9f712b2f13dd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 21:09:03 +0200 Subject: [PATCH 6/6] chore(main): release 5.4.0 (#830) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- CHANGELOG.md | 14 ++++++++++++++ package.json | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ec4ee023..dd1d8b11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # Changelog +## [5.4.0](https://github.com/nodejs/node-core-utils/compare/v5.3.1...v5.4.0) (2024-08-07) + + +### Features + +* use sec release template in PR description ([#832](https://github.com/nodejs/node-core-utils/issues/832)) ([25ea992](https://github.com/nodejs/node-core-utils/commit/25ea9923c6cff813766678332130a8c4fdf93edb)) + + +### Bug Fixes + +* **git-node:** ignore codecov check suite ([#838](https://github.com/nodejs/node-core-utils/issues/838)) ([d796dd5](https://github.com/nodejs/node-core-utils/commit/d796dd5eac383177624a2c4b9284770c99ec3968)) +* handle dependencies empty on sec release blog ([#828](https://github.com/nodejs/node-core-utils/issues/828)) ([987aaca](https://github.com/nodejs/node-core-utils/commit/987aacaded33e94548cb22904c7fb828fd73e804)) +* listr overriding parent task ([#836](https://github.com/nodejs/node-core-utils/issues/836)) ([88c31eb](https://github.com/nodejs/node-core-utils/commit/88c31eb6bbea0ec44797c7287bafad2678d5ea46)) + ## [5.3.1](https://github.com/nodejs/node-core-utils/compare/v5.3.0...v5.3.1) (2024-07-03) diff --git a/package.json b/package.json index 42c7fb59..a0fd2135 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@node-core/utils", - "version": "5.3.1", + "version": "5.4.0", "description": "Utilities for Node.js core collaborators", "type": "module", "engines": {