Merge branch 'main' into sync-sec-release

nodejs · Jun 13, 2024 · 424d2e7 · 424d2e7
2 parents cef5010 + e3e19b3
commit 424d2e7
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 16 deletions.
diff --git a/lib/github/templates/security-pre-release.md b/lib/github/templates/security-pre-release.md
@@ -18,6 +18,10 @@ releases lines on or shortly after, %RELEASE_DATE% in order to address:
 
 %IMPACT%
 
+It's important to note that End-of-Life versions are always affected when a security release occurs.
+To ensure your system's security, please use an up-to-date version as outlined in our
+[Release Schedule](https://github.com/nodejs/release#release-schedule).
+
 ## Release timing
 
 Releases will be available on, or shortly after, %RELEASE_DATE%.

diff --git a/lib/prepare_security.js b/lib/prepare_security.js
@@ -248,8 +248,7 @@ export default class PrepareSecurityRelease {
         });
 
       try {
-        const prUrl = dep.replace('https://github.com/', 'https://api.github.com/repos/').replace('pull', 'pulls');
-        const res = await this.req.getPullRequest(prUrl);
+        const res = await this.req.getPullRequest(dep);
         const { html_url, title } = res;
         deps.push({
           name,

diff --git a/lib/request.js b/lib/request.js
@@ -77,7 +77,8 @@ export default class Request {
     return this.json(url, options);
   }
 
-  async getPullRequest(url) {
+  async getPullRequest(fullUrl) {
+    const prUrl = fullUrl.replace('https://github.com/', 'https://api.github.com/repos/').replace('pull', 'pulls');
     const options = {
       method: 'GET',
       headers: {
@@ -86,7 +87,7 @@ export default class Request {
         Accept: 'application/vnd.github+json'
       }
     };
-    return this.json(url, options);
+    return this.json(prUrl, options);
   }
 
   async createPullRequest(title, body, { owner, repo, head, base }) {

diff --git a/lib/security-release/security-release.js b/lib/security-release/security-release.js
@@ -173,16 +173,24 @@ export async function pickReport(report, { cli }) {
     defaultAnswer: await getSupportedVersions()
   });
 
-  let patchAuthors = await cli.prompt(
-    'Add github username of the authors of the patch (split by comma if multiple)', {
-      questionType: 'input',
-      defaultAnswer: ''
-    });
-
-  if (!patchAuthors) {
-    patchAuthors = [];
+  let prURL = '';
+  let patchAuthors = [];
+  if (custom_field_values.data.length) {
+    prURL = custom_field_values.data[0].attributes.value;
+    const { user } = await req.getPullRequest(prURL);
+    patchAuthors = [user.login];
   } else {
-    patchAuthors = patchAuthors.split(',').map((p) => p.trim());
+    patchAuthors = await cli.prompt(
+      'Add github username of the authors of the patch (split by comma if multiple)', {
+        questionType: 'input',
+        defaultAnswer: ''
+      });
+
+    if (!patchAuthors) {
+      patchAuthors = [];
+    } else {
+      patchAuthors = patchAuthors.split(',').map((p) => p.trim());
+    }
   }
 
   const summaryContent = getSummary(report);
@@ -194,6 +202,7 @@ export async function pickReport(report, { cli }) {
     severity: reportSeverity,
     summary: summaryContent ?? '',
     patchAuthors,
+    prURL,
     affectedVersions: versions.split(',').map((v) => v.replace('v', '').trim()),
     link,
     reporter: reporter.data.attributes.username

diff --git a/lib/voting_session.js b/lib/voting_session.js
@@ -114,7 +114,7 @@ export default class VotingSession extends Session {
     const body = 'I would like to close this vote, and for this effect, I\'m revealing my ' +
                  `key part:\n\n${'```'}\n${keyPart}\n${'```'}\n`;
     if (this.postComment) {
-      const { html_url } = await this.req.json(`https://api.github.com/repos/${this.owner}/${this.repo}/issues/${this.prid}/comments`, {
+      const { message, html_url } = await this.req.json(`https://api.github.com/repos/${this.owner}/${this.repo}/issues/${this.prid}/comments`, {
         agent: this.req.proxyAgent,
         method: 'POST',
         headers: {
@@ -124,13 +124,23 @@ export default class VotingSession extends Session {
         },
         body: JSON.stringify({ body })
       });
-      this.cli.log('Comment posted at:', html_url);
-    } else if (isGhAvailable()) {
+      if (html_url) {
+        this.cli.log(`Comment posted at: ${html_url}`);
+        return;
+      } else {
+        this.cli.warn(message);
+        this.cli.error('Failed to post comment');
+      }
+    }
+    if (isGhAvailable()) {
       this.cli.log('\nRun the following command to post the comment:\n');
       this.cli.log(
         `gh pr comment ${this.prid} --repo ${this.owner}/${this.repo} ` +
         `--body-file - <<'EOF'\n${body}\nEOF`
       );
+    } else {
+      this.cli.log('\nPost the following comment on the PR thread:\n');
+      this.cli.log(body);
     }
   }
 }