Remove vendored ICU locale core and update dependencies#64568
Remove vendored ICU locale core and update dependencies#64568piyyy314 wants to merge 75 commits into
Conversation
Delete the vendored icu_locale_core source files under deps/crates/vendor/icu_locale_core (extensions, parser, subtags, helpers, serde, etc.). Also update deps/undici/src/package-lock.json. This cleans up the repository by removing the bundled ICU4X locale core implementation; package-lock.json was modified as part of dependency updates. Co-Authored-By: Copilot <198982749+Copilot@users.noreply.github.com> Signed-off-by: Mohamad <Pitty313@proton.me>
Co-Authored-By: Copilot <198982749+Copilot@users.noreply.github.com> Signed-off-by: Mohamad <Pitty313@proton.me>
…-pr workflow Agent-Logs-Url: https://github.com/piyyy314/node/sessions/740ddfc9-e12f-462f-b678-05bba5e0c683 Co-authored-by: piyyy314 <192450738+piyyy314@users.noreply.github.com>
Agent-Logs-Url: https://github.com/piyyy314/node/sessions/71e34f59-0243-4f85-9dc7-390a2fc659d8 Co-authored-by: piyyy314 <192450738+piyyy314@users.noreply.github.com>
…112100354 [WIP] Fix failing GitHub Actions job 74112100354 due to missing repo-token
Agent-Logs-Url: https://github.com/piyyy314/node/sessions/71e34f59-0243-4f85-9dc7-390a2fc659d8 Co-authored-by: piyyy314 <192450738+piyyy314@users.noreply.github.com>
Agent-Logs-Url: https://github.com/piyyy314/node/sessions/2329a111-6482-4023-9660-b1a86b1156c7 Co-authored-by: piyyy314 <192450738+piyyy314@users.noreply.github.com>
…logic fix: add missing icu_locale_core src files to vendor tree
… src/ files Agent-Logs-Url: https://github.com/piyyy314/node/sessions/2765e39c-b30e-4ec3-9cc3-c25f06df8b2a Co-authored-by: piyyy314 <192450738+piyyy314@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6682284...27d5ce7) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…ation Updating workflow configuration for GitHub actions
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 1eb2ef646ac0255473d23a5907ad7b04ce94065c to 5f2d7c5294214f71b873db4b969586b980625e71. - [Release notes](https://github.com/cachix/cachix-action/releases) - [Changelog](https://github.com/cachix/cachix-action/blob/master/RELEASE.md) - [Commits](cachix/cachix-action@1eb2ef6...5f2d7c5) --- updated-dependencies: - dependency-name: cachix/cachix-action dependency-version: 5f2d7c5294214f71b873db4b969586b980625e71 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 31.10.5 to 31.10.6. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md) - [Commits](cachix/install-nix-action@ab73962...8aa0397) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-version: 31.10.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.0 to 2.19.3. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@8d3c67d...ab7a940) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.3 to 4.35.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e46ed2c...9e0d7b8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…/cachix-action-5f2d7c5294214f71b873db4b969586b980625e71 meta: bump cachix/cachix-action from 1eb2ef646ac0255473d23a5907ad7b04ce94065c to 5f2d7c5294214f71b873db4b969586b980625e71
…/install-nix-action-31.10.6 meta: bump cachix/install-nix-action from 31.10.5 to 31.10.6
…ecurity/harden-runner-2.19.3 meta: bump step-security/harden-runner from 2.19.0 to 2.19.3
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/commits) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…rkflow execution
Fix security vulnerabilities by bumping brace-expansion to 5.0.6 and js-yaml to 4.2.0.
…vulnerabilities tools: fix moderate severity vulnerabilities in brace-expansion and js-yaml
…encies Merge PR #32: workflow fixes and Dependabot dependency bumps
…-issues Harden CodeQL workflow runner and expand scan coverage
Bumps [piscina](https://github.com/piscinajs/piscina) from 5.1.4 to 5.2.0. - [Release notes](https://github.com/piscinajs/piscina/releases) - [Changelog](https://github.com/piscinajs/piscina/blob/v5.2.0/CHANGELOG.md) - [Commits](piscinajs/piscina@v5.1.4...v5.2.0) --- updated-dependencies: - dependency-name: piscina dependency-version: 5.2.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the doc group in /tools/doc with 1 update: [@node-core/doc-kit](https://github.com/nodejs/doc-kit). Updates `@node-core/doc-kit` from 1.3.6 to 1.3.10 - [Commits](https://github.com/nodejs/doc-kit/commits) --- updated-dependencies: - dependency-name: "@node-core/doc-kit" dependency-version: 1.3.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: doc ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [undici](https://github.com/nodejs/undici) from 6.24.1 to 6.27.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.24.1...v6.27.0) --- updated-dependencies: - dependency-name: undici dependency-version: 6.27.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…c/piscina-5.2.0 tools: bump piscina from 5.1.4 to 5.2.0 in /tools/doc
…c/doc-f07adab6b4 tools: bump @node-core/doc-kit from 1.3.6 to 1.3.10 in /tools/doc in the doc group
…c/undici-6.27.0 tools: bump undici from 6.24.1 to 6.27.0 in /tools/doc
|
Review requested:
|
There was a problem hiding this comment.
Pull request overview
This PR primarily updates tooling dependencies and refreshes multiple GitHub Actions workflow pins/configuration, with additional CI guardrails around tarball contents. It also introduces several repository-root shell scripts that automate merging PRs across unrelated repositories, which does not align with the PR title/purpose.
Changes:
- Bump Node.js repo tooling dependencies (ESLint toolchain, doc-kit, js-yaml) and update corresponding lockfiles.
- Update pinned GitHub Actions revisions across many workflows; tweak a few workflows’ behavior (commit-lint selection logic, PR labeling permissions/runner).
- Add a build-tarball CI step to verify Rust vendoring presence in produced tarballs; add new
merge-*.shscripts for bulk PR management.
Reviewed changes
Copilot reviewed 36 out of 40 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/lint-md/package-lock.json | Updates js-yaml dependency resolution details. |
| tools/eslint/package.json | Bumps ESLint/Babel/related dependencies for repo lint tooling. |
| tools/eslint/package-lock.json | Lockfile updates for the ESLint tooling dependency bumps. |
| tools/doc/package.json | Updates @node-core/doc-kit version used by docs tooling. |
| merge-prs.sh | Adds a repo-root script to merge PRs across external repos (unrelated to Node.js). |
| merge-all-prs.sh | Adds a bulk merge/close automation script for many external repos (unrelated to Node.js). |
| merge-all-features.sh | Adds a bulk merge/close automation script for many external repos (unrelated to Node.js). |
| deps/v8/test/mjsunit/regress/regress-3039.js | Removes a stray no-op semicolon from a V8 regression test. |
| .github/workflows/update-wpt.yml | Updates pinned actions/checkout revision. |
| .github/workflows/update-v8.yml | Updates pinned actions/checkout and actions/cache revisions. |
| .github/workflows/update-openssl.yml | Updates pinned actions/checkout revision. |
| .github/workflows/tools.yml | Updates pinned actions/checkout and cachix/install-nix-action revisions. |
| .github/workflows/timezone-update.yml | Updates pinned actions/checkout revisions. |
| .github/workflows/test-shared.yml | Updates pinned actions/checkout, cachix/* action revisions. |
| .github/workflows/test-macos.yml | Updates pinned actions/checkout revision. |
| .github/workflows/test-linux.yml | Updates pinned actions/checkout revision. |
| .github/workflows/test-internet.yml | Updates pinned actions/checkout revision. |
| .github/workflows/stale.yml | Updates pinned actions/stale revision. |
| .github/workflows/scorecard.yml | Updates pinned harden-runner/checkout/codeql upload revisions. |
| .github/workflows/linters.yml | Updates pinned actions/checkout revision. |
| .github/workflows/lint-release-proposal.yml | Updates pinned actions/checkout revision. |
| .github/workflows/license-builder.yml | Updates pinned actions/checkout revision. |
| .github/workflows/label-pr.yml | Adjusts permissions/runner/token usage for PR labeling workflow. |
| .github/workflows/find-inactive-tsc.yml | Updates pinned actions/checkout revisions. |
| .github/workflows/find-inactive-collaborators.yml | Updates pinned actions/checkout revision. |
| .github/workflows/doc.yml | Updates pinned actions/checkout revision. |
| .github/workflows/daily.yml | Updates pinned actions/checkout revision. |
| .github/workflows/daily-wpt-fyi.yml | Updates pinned actions/checkout revisions. |
| .github/workflows/create-release-proposal.yml | Updates pinned actions/checkout revision. |
| .github/workflows/coverage-windows.yml | Adds Rust version pin; updates pinned checkout/codecov action revisions. |
| .github/workflows/coverage-linux.yml | Updates pinned checkout/codecov action revisions. |
| .github/workflows/coverage-linux-without-intl.yml | Updates pinned checkout/codecov action revisions. |
| .github/workflows/commit-queue.yml | Updates pinned actions/checkout revision. |
| .github/workflows/commit-lint.yml | Updates pinned checkout; changes commit selection logic for validation. |
| .github/workflows/codeql.yml | Switches runner; updates pinned checkout/codeql action revisions. |
| .github/workflows/close-stalled.yml | Updates pinned actions/stale revision. |
| .github/workflows/build-tarball.yml | Updates pinned checkout; adds tarball validation for vendored Rust crates. |
| .github/codeql-config.yml | Configures additional CodeQL query suites and keeps ignored paths. |
Files not reviewed (2)
- tools/eslint/package-lock.json: Generated file
- tools/lint-md/package-lock.json: Generated file
Comments suppressed due to low confidence (1)
.github/workflows/coverage-windows.yml:77
- The workflow now pins
RUSTC_VERSION, but the Rust setup step only runsrustup override setwithout ensuring that the requested toolchain is installed on the runner. This makes the job dependent on what thewindows-2025image happens to include and can start failing when the preinstalled toolchains change.
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
|
@copilot Fix the code for all comments in this review thread. When a review comment includes a suggested change, apply the suggestion exactly. Do not make changes beyond what is described in the linked review thread. |
No description provided.