chore: Attempt to merge in updates from yao-pkg#1
Open
spotandjake wants to merge 67 commits intograin-lang:mainfrom
Open
chore: Attempt to merge in updates from yao-pkg#1spotandjake wants to merge 67 commits intograin-lang:mainfrom
spotandjake wants to merge 67 commits intograin-lang:mainfrom
Conversation
Co-authored-by: dashrath <dashrath.yadav@postman.com>
* feat: node 22.15.0 patch * updated version in patches.json * feat: node 22.15.1 patch * update patch file name --------- Co-authored-by: dashrath <dashrath.yadav@postman.com> Co-authored-by: Daniel Lando <daniel.sorridi@gmail.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Daniel Lando <daniel.sorridi@gmail.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Daniel Lando <daniel.sorridi@gmail.com>
…t extraction in OpenAI API integration
…stderr redirection
…ompt structure, and improve response handling
## Node.js Patch Update to v20.19.5 This PR updates the Node.js patch to version 20.19.5. The workflow automatically attempts to resolve patch conflicts using AI when the OpenAI API key is available. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…ao-pkg#107) This PR adds Node24 support **Node/V8 changes:** - Move to new V8 syntax for some constructs (e.g. Cast<>) - Tracked down two issues which caused the read-only snapshot to be different across platforms: - in `read-only-serializer:258` the "live" pointer gets overwritten by the encoded slot (EncodedTagged). If V8_COMPRESS_POINTERS is not enabled, EncodedTagged is 4 bytes, but the live pointer is 8 bytes. memcpy() only copies EncodeTagged leaving 4bytes of "garbage" (=previous upper pointer half) which is semi-random per run - fixed this by clearing the whole value first - the CSA_HOLE_SECURITY_CHECK macro somehow leaves a string with a platform-dependent filename in the readonly heap as a constant, replaced that with "placeholder" - add PKG_TRACE_READONLY_HEAP blocks for debugging further snapshot issues Those fixes partially fix the sourceless cross-build issues introduced in Node 22 - For my test builds linux/linuxstatic/alpine/win on x64 are now compatible again. The heap contents on macos builds and other arm64 is wildly different, not sure why. I don't think this kind of compatibility is a goal for the V8 snapshot implementation in general. (This affects Node SEA as well, but SEA always has the source to fall back onto, which incurs a small performance hit) **Build Changes:** - Update linux/linuxcross build to use gcc 12 (required for Node 24) - For aloine/linuxstatic: Node 24 doesn't build on the muslcc image used previously, the image is unmaintained (although the toolchain builder isn't, we could build our own image) - Moved alpine/linuxstatic to native Alpine x64/arm64 toolchains, which seems to work quite well - Some minor upgrades to the Windows build, but had to enable `full-icu` for now because the ICU code gen step crashes with `small-icu` on the GH action build runners (not on my Windows test machine though) - Moved the macos build to macos 14 which is now required for Node 24 - x64 is now cross-built from arm64 because GH doesn't offer free macos14 x64 build workers - Removed all builds for Node 18 and older - **Notes:** - Needs more testing, I did some basic testing for x64 builds as well as macos/arm64 - I added a backport of the snapshot-determinism fixes to the latest Node 22 patch
…lelization (yao-pkg#113) ### Problem The macOS x64 build was timing out when using `macos-14` runners with `MAKE_JOB_COUNT=2`, likely due to cross-compilation overhead. ### Solution - Changed `runs-on` from `macos-14` to `macos-15-intel` to use native Intel hardware - Increased `MAKE_JOB_COUNT` from `2` to `4` to utilize all 4 CPU cores available on Intel runners ### Result Resolves build timeout issues for macOS x64 builds by eliminating cross-compilation and maximising CPU utilization. Tested Build: https://github.com/nrranjithnr/pkg-fetch/actions/runs/17977769583
## Node.js Patch Update to v24.9.0 This PR updates the Node.js patch to version 24.9.0. The workflow automatically attempts to resolve patch conflicts using AI when the OpenAI API key is available. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…ao-pkg#117) This PR addresses high severity security vulnerabilities in the `tar-fs` dependency by upgrading from version 2.1.1 to 3.1.1. ## Security Issues Fixed This update resolves the vulnerabilities referenced in: - [GHSA-8cj5-5rvv-wf4v](GHSA-8cj5-5rvv-wf4v) - [GHSA-vj76-c3g6-qr5v](GHSA-vj76-c3g6-qr5v) ## Changes - Updated `tar-fs` dependency from `^2.1.1` to `^3.1.1` in `package.json` - Regenerated `yarn.lock` with the new dependency tree ## Compatibility The upgrade maintains full backward compatibility with existing code. The current usage of `tar.extract()` with `strip` and `map` options continues to work identically: ```typescript const extract = tar.extract(nodePath, { strip: 1, map: (header) => { // existing logic unchanged return header; }, }); ``` ## Testing All existing functionality has been verified: - ✅ Node.js source archive extraction works correctly - ✅ Patch application continues to function as expected - ✅ Build and lint processes pass without issues - ✅ `test_patch.sh` script completes successfully - ✅ No new security vulnerabilities introduced The upgrade resolves the security issues while maintaining all existing functionality with zero breaking changes. <!-- START COPILOT CODING AGENT SUFFIX --> <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>Bump tar-fs (high severity vulnerabilities)</issue_title> > <issue_description>See: > GHSA-8cj5-5rvv-wf4v > GHSA-vj76-c3g6-qr5v > </issue_description> > > <agent_instructions>Bump tar-fs to fix security vulnerability, ensure tests are passing</agent_instructions> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details> Fixes yao-pkg#116 <!-- START COPILOT CODING AGENT TIPS --> --- 💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: robertsLando <11502495+robertsLando@users.noreply.github.com>
## Summary Allow linuxstatic platform builds for ppc64 architecture by bypassing the platform validation check. ## Changes - Modified the platform validation logic in `lib/index.ts` to skip the platform mismatch check when building for ppc64 architecture - Added `&& arch !== 'ppc64'` condition to allow linuxstatic builds on ppc64 without validation errors ## Impact - Users can now build linuxstatic binaries for ppc64 architecture without platform validation blocking the process - No breaking changes to existing functionality - Maintains existing platform validation for other architectures except ppc64 ## Use Case This enables building static Linux binaries on ppc64 systems, which is particularly useful for PowerPC environments that need statically linked executables. --------- Co-authored-by: Daniel Lando <daniel.sorridi@gmail.com>
Replace the inline release-it configuration with a dedicated .release-it.json file for better organization and maintainability.
Use Ubuntu Jammy for cross-building Linux ARM64 binaries using GCC 12 Fixes yao-pkg#122
## Node.js Patch Update to v22.20.0
This PR updates the Node.js patch to version 22.20.0.
The workflow automatically attempts to resolve patch conflicts using AI
when the OpenAI API key is available.
### AI Resolution Details
Processing section 1/1 for ./src/node_options.cc...
Found 1 reject files to process
Processing: ./src/node_options.cc.rej -> ./src/node_options.cc
Prompt for OpenAI API:
I have a Git patch that failed to apply. Here's the specific section
that needs to be fixed:
REJECTED PATCH HUNK:
```
@@ -319,6 +319,7 @@
// TODO(addaleax): Make that unnecessary.
DebugOptionsParser::DebugOptionsParser() {
+ return;
#ifndef DISABLE_SINGLE_EXECUTABLE_APPLICATION
if (sea::IsSingleExecutable()) return;
#endif
```
CURRENT FILE SECTION (lines 314-329):
```
args, exec_args, v8_args, options, required_env_settings, errors);
}
// XXX: If you add an option here, please also add it to doc/node.1 and
// doc/api/cli.md
// TODO(addaleax): Make that unnecessary.
DebugOptionsParser::DebugOptionsParser() {
AddOption("--inspect-port",
"set host:port for inspector",
&DebugOptions::host_port,
kAllowedInEnvvar);
AddAlias("--debug-port", "--inspect-port");
AddOption("--inspect",
"activate inspector on host:port (default: 127.0.0.1:9229)",
```
Please apply the intended changes from the rejected hunk to this file
section. Return ONLY the corrected file section content, preserving the
exact line structure and formatting. Do not add explanations or markdown
formatting.
RESOLVED CONTENT for ./src/node_options.cc:
```
args, exec_args, v8_args, options, required_env_settings, errors);
}
// XXX: If you add an option here, please also add it to doc/node.1 and
// doc/api/cli.md
// TODO(addaleax): Make that unnecessary.
DebugOptionsParser::DebugOptionsParser() {
return;
AddOption("--inspect-port",
"set host:port for inspector",
&DebugOptions::host_port,
kAllowedInEnvvar);
AddAlias("--debug-port", "--inspect-port");
AddOption("--inspect",
"activate inspector on host:port (default: 127.0.0.1:9229)",
```
✅ Successfully resolved ./src/node_options.cc
CONFLICTS_RESOLVED=1
TOTAL_CONFLICTS=1
HAS_UNRESOLVED=False
Resolution summary: 1/1 conflicts resolved
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
## Node.js Patch Update to v24.10.0
This PR updates the Node.js patch to version 24.10.0.
The workflow automatically attempts to resolve patch conflicts using AI
when the OpenAI API key is available.
### AI Resolution Details
Processing section 1/1 for ./src/node_contextify.cc...
Found 1 reject files to process
Processing: ./src/node_contextify.cc.rej -> ./src/node_contextify.cc
Prompt for OpenAI API:
I have a Git patch that failed to apply. Here's the specific section
that needs to be fixed:
REJECTED PATCH HUNK:
```
@@ -1118,6 +1134,10 @@
.IsNothing())
return;
+ if (sourceless && produce_cached_data) {
+ V8::DisableCompilationForSourcelessUse();
+ }
+
TRACE_EVENT_END0(TRACING_CATEGORY_NODE2(vm, script), "ContextifyScript::New");
}
```
CURRENT FILE SECTION (lines 1113-1128):
```
return;
}
if (StoreCodeCacheResult(env,
self,
compile_options,
source,
produce_cached_data,
std::move(new_cached_data))
.IsNothing()) {
return;
}
if (self->Set(env->context(),
env->source_url_string(),
v8_script->GetSourceURL())
.IsNothing()) {
return;
```
Please apply the intended changes from the rejected hunk to this file
section. Return ONLY the corrected file section content, preserving the
exact line structure and formatting. Do not add explanations or markdown
formatting.
RESOLVED CONTENT for ./src/node_contextify.cc:
```
return;
}
if (StoreCodeCacheResult(env,
self,
compile_options,
source,
produce_cached_data,
std::move(new_cached_data))
.IsNothing()) {
return;
}
if (sourceless && produce_cached_data) {
V8::DisableCompilationForSourcelessUse();
}
if (self->Set(env->context(),
env->source_url_string(),
v8_script->GetSourceURL())
.IsNothing()) {
return;
```
✅ Successfully resolved ./src/node_contextify.cc
CONFLICTS_RESOLVED=1
TOTAL_CONFLICTS=1
HAS_UNRESOLVED=False
Resolution summary: 1/1 conflicts resolved
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Daniel Lando <daniel.sorridi@gmail.com>
## Node.js Patch Update to v22.21.0 This PR updates the Node.js patch to version 22.21.0. The workflow automatically attempts to resolve patch conflicts using AI when the OpenAI API key is available. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
## Node.js Patch Update to v22.21.1 This PR updates the Node.js patch to version 22.21.1. The workflow automatically attempts to resolve patch conflicts using AI when the OpenAI API key is available. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
## Node.js Patch Update to v24.11.0 This PR updates the Node.js patch to version 24.11.0. The workflow automatically attempts to resolve patch conflicts using AI when the OpenAI API key is available. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Daniel Lando <daniel.sorridi@gmail.com>
Update expected sha256sums for Node.js Co-authored-by: robertsLando <robertsLando@users.noreply.github.com>
## Node.js Patch Update to v24.11.1 This PR updates the Node.js patch to version 24.11.1. The workflow automatically attempts to resolve patch conflicts using AI when the OpenAI API key is available. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Release 3.5.30
spotandjake
force-pushed
the
spotandjake/3.5.30
branch
from
888dadf to
330c578
Compare
## Node.js Patch Update to v20.19.6 This PR updates the Node.js patch to version 20.19.6. The workflow automatically attempts to resolve patch conflicts using AI when the OpenAI API key is available. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ospencer
approved these changes
Dec 12, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Attempting to merge updates from yao-pkg so we can move up to the latest lts node 24