Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tools: add version to maintaining-dependencies.md dependencies list and automate the update #48081

Merged
merged 2 commits into from
Jun 6, 2023

Conversation

fasenderos
Copy link
Contributor

@fasenderos fasenderos commented May 19, 2023

Add version to doc/contributing/maintaining/maintaining-dependencies.md dependencies list and automate the update
Refs: nodejs/security-wg#973

Most of the duplicated code in all the dependencies updaters has been moved in the utils.sh file

This is the list of all the dependencies:

  • acorn
  • ada
  • base64
  • brotli
  • c-ares
  • cjs-module-lexer
  • corepack
  • googletest
  • histogram
  • icu-small
  • llhttp
  • minimatch
  • nghttp2
  • ngtcp2
  • npm
  • openssl
  • postject
  • simdutf
  • undici
  • uv
  • uvwasi
  • V8
  • zlib

@nodejs-github-bot nodejs-github-bot added the tools Issues and PRs related to the tools directory. label May 19, 2023
@fasenderos
Copy link
Contributor Author

fasenderos commented May 20, 2023

  1. For corepack and histogram I was not able to locate the update script.
  2. The postject, undici and V8 update scripts seems to differ from the others because they don't commit any changes, so probably the dependency update is done in another way. Any hint?
  3. The zlib update script is currently under review of another PR that will change the update routine

@fasenderos fasenderos marked this pull request as ready for review May 20, 2023 13:13
Copy link
Member

@tniessen tniessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know that the existing update scripts are already not pretty, but I still don't think we should add duplicate code to all of them. Could you please DRY the logic?

@fasenderos
Copy link
Contributor Author

@tniessen I'm agree with you. I started recently to collaborate on node and I wasn't sure if I could (or not) create new files. Anyway if this refactor is ok, than I can continue with the other dependencies.

@fasenderos fasenderos marked this pull request as draft May 21, 2023 12:57
@fasenderos fasenderos marked this pull request as ready for review May 21, 2023 23:47
@marco-ippolito
Copy link
Member

marco-ippolito commented May 22, 2023

why do you say they dont commit any change? The commit is done in the action that triggers all these scripts:

commit-message: ${{ env.COMMIT_MSG }}

the version of undici is currently 5.22.1 https://github.com/nodejs/node/blob/main/deps/undici/src/package.json
you can update it with NEW_VERSION https://github.com/nodejs/node/blob/main/tools/dep_updaters/update-undici.sh
For zlib we might want to use latest version + commit hash.
For v8 we have automated only patch update so if it's a major update it has to be done manually.
postject should be like every other dependency

@fasenderos fasenderos force-pushed the deps-version branch 2 times, most recently from 7bf0db3 to ce7111a Compare May 23, 2023 10:01
@fasenderos
Copy link
Contributor Author

@marco-ippolito I have added version to undici, postject and V8 and refactored all these scripts by moving most of the duplicated code in the utils.sh file.

@marco-ippolito
Copy link
Member

marco-ippolito commented May 25, 2023

pr for histogram dep_updater : #48171 landed

Refs: nodejs/security-wg#973
Most of the duplicated code in all the dependencies updaters
has been moved in the `utils.sh` file
@fasenderos
Copy link
Contributor Author

@marco-ippolito added version for histogram.

Copy link
Member

@marco-ippolito marco-ippolito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marco-ippolito marco-ippolito added commit-queue Add this label to land a pull request using GitHub Actions. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. labels Jun 6, 2023
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Jun 6, 2023
@nodejs-github-bot nodejs-github-bot merged commit c541153 into nodejs:main Jun 6, 2023
@nodejs-github-bot
Copy link
Collaborator

Landed in c541153

@fasenderos fasenderos deleted the deps-version branch June 6, 2023 09:19
RafaelGSS pushed a commit that referenced this pull request Jul 3, 2023
Refs: nodejs/security-wg#973
Most of the duplicated code in all the dependencies updaters
has been moved in the `utils.sh` file

PR-URL: #48081
Refs: nodejs/security-wg#973
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
@RafaelGSS RafaelGSS mentioned this pull request Jul 3, 2023
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
Refs: nodejs/security-wg#973
Most of the duplicated code in all the dependencies updaters
has been moved in the `utils.sh` file

PR-URL: nodejs#48081
Refs: nodejs/security-wg#973
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
Refs: nodejs/security-wg#973
Most of the duplicated code in all the dependencies updaters
has been moved in the `utils.sh` file

PR-URL: nodejs#48081
Refs: nodejs/security-wg#973
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
@ruyadorno ruyadorno added the backport-requested-v18.x PRs awaiting manual backport to the v18.x-staging branch. label Aug 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-requested-v18.x PRs awaiting manual backport to the v18.x-staging branch. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. tools Issues and PRs related to the tools directory.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants