From 5586e40f21035efc96fcb69d13c0654014302a95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=A4der?= Date: Mon, 15 Apr 2024 15:55:50 +0200 Subject: [PATCH] Changes for builtins v1.88.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Refactored documentation and added scripts to simplify IP checks. Contributed on behalf of ST Microelectronics Signed-off-by: Thomas Mäder --- .gitignore | 3 + README-3PP-LICENSE-CHECK-AND-AUDIT.md | 129 --------------------- README-Proposed-APIs.md | 9 -- README.md | 96 ++-------------- doc/Building.md | 63 ++++++++++ doc/Publishing.md | 158 ++++++++++++++++++++++++++ package.json | 10 +- src/archive-source.js | 131 +++++++++++++++++++++ src/check-dependencies.js | 84 ++++++++++++++ src/download.js | 35 ++++++ src/get-external-builtins.js | 4 +- src/publish-vsix.js | 1 - vscode | 2 +- vscode-builtin-extensions/.gitignore | 2 - yarn.lock | 83 ++++++++++---- 15 files changed, 553 insertions(+), 257 deletions(-) delete mode 100644 README-3PP-LICENSE-CHECK-AND-AUDIT.md delete mode 100644 README-Proposed-APIs.md create mode 100644 doc/Building.md create mode 100644 doc/Publishing.md create mode 100644 src/archive-source.js create mode 100644 src/check-dependencies.js create mode 100644 src/download.js delete mode 100644 vscode-builtin-extensions/.gitignore diff --git a/.gitignore b/.gitignore index 9ec2ea3..fc77107 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,7 @@ lib *.log dist external-builtins/ +vscode-builtin-extensions dash-licenses.jar +*.zip +summary.txt diff --git a/README-3PP-LICENSE-CHECK-AND-AUDIT.md b/README-3PP-LICENSE-CHECK-AND-AUDIT.md deleted file mode 100644 index dce6071..0000000 --- a/README-3PP-LICENSE-CHECK-AND-AUDIT.md +++ /dev/null @@ -1,129 +0,0 @@ -# VS Code builtin extensions: 3PP license check and security vulnerability audit - -Note: Further automation is possible for the future, but for now we will document how to do most of this semi-manually (tools are used but could be better integrated in this repo). For example we have a better integration for `dash-licenses` in the main Theia repo, and intend to make it re-usable. When that happens, we can use it in this repo here, too. - -First, we need to do a few things to make sure we start with a known state: - -```bash -# clean-up the repo -yarn clean -# initialize vscode git submodule -git submodule init && git submodule update -# check-out the wanted vscode tag. e.g. 1.55.2: -cd vscode && git checkout 1.55.2 && cd .. -# run 'yarn` to install the repo's dependencies. You do not need to -# let it complete the builtin extensions build, for the current purpose -yarn -yarn build:extensions -``` - -## "internal" builtin vscode extensions - -These are normally just called `vscode builtin extensions`. These are in the vscode git repository, folder `extensions`, built and packaged along `vscode`. They are not made available individually by Microsoft, so to use them with Theia, we need to do this ourselves. This is what this repository is for. We have the `vscode` repository as a git submodule. We hook-into its build scripts to build the extensions and then package them individually as `.vsix` files, and publish them to [open-vsx.org](https://open-vsx.org/). - -Note: in the `vscode` git repo, only the `yarn` client is used, which means only the `yarn.lock` type lockfile is expected to be present. - -### 3PP License check (builtins) - -We use [dash-licenses](https://github.com/eclipse/dash-licenses) to scan for 3rd party dependencies that have unclear or forbidden licenses (as per the Eclipse Foundation rules). It needs to run on each extension. - -```bash -# dash-licenses - local run - -yarn download:dash-licenses -export DASH_LICENSES_JAR=${PWD}/dash-licenses.jar - -# Run dash-licenses on each yarn project - a summary.txt file will be created, -# that contains the results -find vscode/extensions -name yarn.lock ! -path '*node_modules*' -exec bash -c "cd \`dirname {}\` && pwd && java -jar $DASH_LICENSES_JAR yarn.lock -timeout 120 -batch 20 -summary ./summary.txt" \; - -# gather all output files and filter for restricted 3PPs: -find vscode/extensions -name summary.txt -exec bash -c "cat {} | grep restricted >> summary-restricted.txt" \; && grep restricted summary-restricted.txt | sort | uniq && rm summary-restricted.txt - -``` - -```bash -# (optional) dash-licenses with Automatic IP Team Review Requests - -# You need to supply your own Eclipse Foundation GitLab token. See: -# https://github.com/eclipse/dash-licenses#automatic-ip-team-review-requests -export DASH_LICENSES_TOKEN= - -# run dash-licenses in review mode, that automatically submits suspicious -# dependencies for review, by the Eclipse Foundation IP team. -find vscode/extensions -name yarn.lock ! -path '*node_modules*' -exec bash -c "cd \`dirname {}\` && pwd && java -jar $DASH_LICENSES_JAR yarn.lock -timeout 120 -batch 20 -summary ./summary.txt -review -token $DASH_LICENSES_TOKEN -project ecd.theia" \; -``` - -### Security vulnerability audit (builtins) - -The vscode repo uses `yarn`, so we can use `yarn audit` on the individual extensions directories, that each contain a small `yarn` sub-project (at least those that have code). We are mostly interested in runtime vulnerabilities (vs dev and test) of level `high` and up. - -```bash -find vscode/extensions/ -name yarn.lock ! -path '*node_modules*' -exec bash -c "cd \`dirname {}\` && pwd && yarn audit --level high --groups dependencies" \; -``` - -## External builtin vscode extensions - -`External builtin vscode extensions` are extensions that are bundled with vscode but not built along with it. Instead they are fetched from the `Visual Studio Marketplace`, when vscode is built. For Theia, some are published to [OpenVSX](https://open-vsx.org/) by the [openvsx bot](https://github.com/open-vsx/publish-extensions) and some may not be available. - -They are defined in `vscode`'s root `product.json` - each one at the version that needs to be used, for that vscode baseline. The exact list of extensions changes depending on `vscode` baseline. - -For convenience, we added a `package.json` script that clones these external builtin extensions repositories and checks-out each one at the expected version (as per `product.json` in current `vscode` git submodule baseline): - -```bash -# obtain external builtins and check-out each one to the "correct" version. They will be -# stored in subfolder "external-builtins" -yarn get-external-builtins -# list of repos: -find external-builtins -maxdepth 1 -mindepth 1 -type d -exec bash -c "cd '{}' && pwd && git describe --tags" \; -# note: we may not be using all external builtin extensions in Theia, for a given vscode -# API version. Any that's not used could be removed from consideration, for the following -# license and vulnerability checks. -``` - -Both the 3PP license check and security vulnerability audit require either a `yarn.lock` or `package-lock.json` file, to discover exactly which dependencies/versions are used, at a given point in time (commit/version tag). - -ATM, the external builtins repositories use a mix of `yarn` and `npm`, so we need to process both types of lockfiles. - -### 3PP License check (external builtins) - -We use [dash-licenses](https://github.com/eclipse/dash-licenses) to scan for 3rd party dependencies that have unclear or forbidden licenses (as per the Eclipse Foundation rules). It needs to run on each repository. Using the `yarn import` trick above, we can process all repos using a single command that target the various `yarn.lock` files. - -```bash -# dash-licenses - local run -yarn download:dash-licenses -export DASH_LICENSES_JAR=${PWD}/dash-licenses.jar - -# Run dash-licenses on each repo - a summary.txt file will be created, -# that contains the results -find external-builtins -name yarn.lock ! -path '*node_modules*' -exec bash -c "cd \`dirname {}\` && pwd && java -jar $DASH_LICENSES_JAR yarn.lock -timeout 120 -batch 20 -summary ./summary.txt" \; - -find external-builtins -name package-lock.json ! -path '*node_modules*' -exec bash -c "cd \`dirname {}\` && pwd && java -jar $DASH_LICENSES_JAR package-lock.json -timeout 120 -batch 20 -summary ./summary.txt" \; - -# gather all output files and filter for restricted 3PPs: -find external-builtins -name summary.txt -exec bash -c "cat {} | grep restricted >> summary-restricted.txt" \; && grep restricted summary-restricted.txt | sort | uniq && rm summary-restricted.txt -``` - -```bash -# (optional) dash-licenses with Automatic IP Team Review Requests - -# You need to supply your own Eclipse Foundation GitLab token. See: -# https://github.com/eclipse/dash-licenses#automatic-ip-team-review-requests -export DASH_LICENSES_TOKEN= - -# run dash-licenses in review mode, that automatically submits suspicious -# dependencies for review, by the Eclipse Foundation IP team. -find external-builtins/ -name yarn.lock -exec bash -c "cd \`dirname {}\` && pwd && java -jar $DASH_LICENSES_JAR yarn.lock -timeout 120 -batch 20 -summary ./summary.txt -review -token $DASH_LICENSES_TOKEN -project ecd.theia" \; - -find external-builtins/ -name package-lock.json -exec bash -c "cd \`dirname {}\` && pwd && java -jar $DASH_LICENSES_JAR package-lock.json -timeout 120 -batch 20 -summary ./summary.txt -review -token $DASH_LICENSES_TOKEN -project ecd.theia" \; -``` - -### Security vulnerability audit (external builtins) - -The external builtins repos use a mix of `npm` and `yarn`. However, using the `yarn import` trick above, we can process them all individually using only `yarn audit`. We are mostly interested in runtime vulnerabilities (vs dev and test) of level `high` and up. - -```bash -find external-builtins -name yarn.lock -exec bash -c "cd \`dirname {}\` && pwd && yarn audit --level high --groups dependencies" \; - -find external-builtins -name package-lock.json -exec bash -c "cd \`dirname {}\` && pwd && npm audit --audit-level=high" \; -``` diff --git a/README-Proposed-APIs.md b/README-Proposed-APIs.md deleted file mode 100644 index 6eb0a29..0000000 --- a/README-Proposed-APIs.md +++ /dev/null @@ -1,9 +0,0 @@ - -# Tracking Proposed vscode APIs - -To list all use of proposed API by the built-in extensions, run the following command in the root of the git repository: - -```bash -vscode-builtin-extensions$ git submodule foreach "grep -irn enabledApiProposals --include=package.json | cut -d ':' -f 1 | xargs jq --raw-output '{filename: input_filename, enabledApiProposals: .enabledApiProposals}'" - -``` diff --git a/README.md b/README.md index 90d495b..8909cba 100644 --- a/README.md +++ b/README.md @@ -1,99 +1,17 @@ # Built-in vscode extensions -This extension contributes built-in VS Code extensions to Eclipse Theia applications. +This extension contains code to build, package and publish the extensions that are included with VS Code. -[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/theia-ide/vscode-builtin-extensions) +We build/package them ourselves, from the MIT-licensed vscode repository, and then publish them individually to Open VSX. We do not modify the extensions, other than a couple of very minor adaptations, to make them suitable to work as standalone extensions. -## Getting started (locally) +The "vscode builtins", "vscode built-ins" or "vscode built-in extensions" are a set of extensions whose code resides in the public vscode repository. They are built along and bundled as a group, in the Visual Studio Code product as well as in products based on Code OSS and derivatives such as VSCodium. As such, they are not made available as individual .vsix packages, for use in other IDE applications, outside of the vscode family. This is why we have this repo here - to build, package and individually publish, the various built-in extensions. -Install [nvm](https://github.com/creationix/nvm#install-script). +Every sub-folder of vscode/extensions/ is one built-in vscode extension (with a couple of exceptions like node_modules after a build) - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash +## Getting started -Install npm and node. - - nvm install 18 - nvm use 18 - -NOTE: To re-build older `vscode` extensions requiring node 12, use the branch `node-12` on this repository and follow the corresponding `README.md` on that branch. - -Install yarn. - - npm install -g yarn - -Install vscode. - - cd vscode-builtin-extensions - git submodule init - git submodule update - -Install vscode prerequisite dependencies. - - https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites - -Pick a specific vscode version (optional) - - cd /vscode - git checkout 1.58.1 - -## Build - - yarn - yarn build:extensions - -## Packaging a built-in vscode extension. - -The version of the packaged built-in corresponds to the `version` present in the vscode sub-module's `package.json`. For `next` versions, an appropriate hash suffix is added. - -Latest / solid revision example: - - cd vscode; git checkout 1.58.1; cd .. - yarn; yarn package-vsix:latest - -Next / interim revision example: - - cd vscode; git checkout fe671f300845ca5161885125b1e12d43fc25ccf8; cd .. - yarn; yarn package-vsix:next - -The generated `.vsix` will be under folder `./dist` - -## Packaging built-in vscode extensions in an extension-pack. - -The version of the built-in extension-pack corresponds to the `version` present in the vscode sub-module's `package.json`. For `next` versions, an appropriate hash suffix is added. - -Latest / solid revision example: - - cd vscode; git checkout 1.58.1; cd .. - yarn; yarn create-extension-pack:latest - -Next / interim revision example: - - cd vscode; git checkout fe671f300845ca5161885125b1e12d43fc25ccf8; cd .. - yarn; yarn create-extension-pack:next - -The generated `.vsix` will be under the folder `./dist` - -## Publishing individual built-in vscode extensions and builtin-extension-packs to open-vsx - -The `ovsx` client is used to publish to an open-vsx registry. The default registry is set to the public instance at https://open-vsx.org. - -The environment variable `OVSX_REGISTRY_URL` may be set to configure publishing to a different registry URL. - -The environment variable `OVSX_PAT` is used to set the personal access token obtained from the registry. - -After packaging the extensions and extension-packs as `.vsix` (see above), you may examine/test them under the `dist` folder. Remove any extension that you do not wish to be published (e.g. those not working well), and when ready proceed with publishing: - - yarn publish:vsix - -## Re-publishing individual built-in vscode extensions and built-in extension packs to open-vsx. - -### Solid version - -There is a GH action to help: `publish-vsx-specific-latest`. For this to work, the version to be published needs to be removed from open-vsx. Then one must push to branch `ovsx-publish`. Make sure the wanted solid version of the `vscode` git submodule is checked-out in the pushed change. We do not care about that branch - once the publishing is done, it can be force reset the next time. - -### Intermediary (next) version - -There is a GH action to help: `publish-vsx-specific-next`. For this to work, the version to be published needs to be removed from open-vsx. Then one must push to branch `ovsx-publish-next`. Make sure the wanted intermediary version of the `vscode` git submodule is checked-out in the pushed change. We do not care about that branch - once the publishing is done, it can be force reset the next time. +Building the built-in `*.vsix` files locally is described in [Building.md](./doc/Building.md). If you need to publish a new version of the built-ins for use with Theia, please follow the +process described in [Publishing.md](./doc/Publishing.md). ## License diff --git a/doc/Building.md b/doc/Building.md new file mode 100644 index 0000000..bbeee73 --- /dev/null +++ b/doc/Building.md @@ -0,0 +1,63 @@ +# Building VS Code built-in Extensions + +## Setup + +1. Install the VS Code prerequisites as described in (link) +2. Open a command line inside this repo +3. Set up the version of VS Code you want to build: + git submodule init + git submodule update +4. Check out the version of VS code you want to use + cd vscode + git checkout +5. Install project dependencies + yarn + +## Building +Building the exensions from VS Code is done simply with + + yarn build:extensions + +This will compile a production ("minified") version of the built-in extensions into the `vscode/.build` folder. In order to produce unminified versions for debugging, +you will need to edit the build script at `vscode/build/lib/extensions.js`. Find the line that creates the webpack config. It should look like this: +``` +const webpackConfig = { + ...config, + ...{ mode: 'production' } +}; +``` +Remove part saying `mode: production` and redo the build + +## Packaging + +### Packaging the built-in vscode extensions + +Once we have built our extensions, we can packge them into `*.vsix`-files using this package script: + + yarn package-vsix:latest + +The script will produce `*.vsix` files in a folder called `./dist`. The vsix files will be named like `-.vsix`. Note that the publisher (msvscode) +is not included. + +If you want to create a prerelease version, you can do so by invoking + + yarn package-vsix:next + +This will generate `*.vsix` files of the form `--next..vsix` + +**Implementation Note:** the VS Code build process puts some shared depenencies in a `node_modules` folder which is located in the "extensions" folder at run time. In order to +produce self-contained extensions, we need to include those modules (at the time, it's the typescript language server) into the packaged extensions (currently for `typescript-language-features` and `html-language-features`). The code doing this is located in `src/package-vsix.js`. We also need to patch the `typescript-language-features` +extension because it contains a hard-code reference to `../node_modules`. + +### Creating the built-ins extension-pack + +We also create an extension pack from the internal and external built-ins into the `dist` folder with a package script. The file name will be of the form: +builtin-extension-pack-.vsix. + + yarn create-extension-pack:latest + +Again, we can produce a preview release of the form `builtin-extension-pack--next-.vsix + + yarn create-extension-pack:next + +Note that you will have to package the `next` versions of the built-in extensions before they can be included in a `next` extensions pack. diff --git a/doc/Publishing.md b/doc/Publishing.md new file mode 100644 index 0000000..85b4731 --- /dev/null +++ b/doc/Publishing.md @@ -0,0 +1,158 @@ +# Publishing VS Code built-in Extensions for a given VS Code Version +Publishing the VS Code built-in extensions for a given relase of VS Code entails multiple steps (in order) + +1. Perform IP-checks with the Eclipse foundation for the extensions included in the VS Code repo ("builtin") +2. Perform IP-checks with the Eclipse foundation for each extension that is included with VS Code, but with source in a different location ("external") +3. Build and test & package the built-ins with the latest Theia version +4. Publish the extensions from the VS Code repo to open-vsx.org + +## IP checks for VS Code built-ins +To prepare for the IP checks, you'll have to perform the setup steps from [Building.md](./Building.md#setup). Now we need +to first run the [dash-licenses](https://github.com/eclipse/dash-licenses) tool to check the dependencies of the bulit-in +extensions for compatibility with the Theia license. There are a couple of package scripts helping with this: the following sequence downloads the dash-licenses jar to the current directory and then runs the `dash-licenses` for all relevant extensions in the `vscode/extensions` directory. + + yarn download:dash-licenses + yarn ip-check:builtin + +This will run the dash-licenses tool an all extensions in the VS Code repo. To automatically open issues with the Eclipse [IP-issue tracker](https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab), you can pass a `--token` parameter to the `ip-check:builtin` script. The token is described [here](https://github.com/eclipse/dash-licenses?tab=readme-ov-file#automatic-ip-team-review-requests). + + yarn ip-check:builtin --token + +Any issues will show up as opened by you (or the account owning the token) at https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab. In general, it's a good idea to wait for the +IP tickets to be closed before publishing the built-in. Technically, this restriction applies to publishing the built-ins as part of an Eclipse project artifact like Theia IDE. +Now it's time to open an ip-ticket for the source of the VS Code built-ins themselves. + +Generate a source zip of the extensions folder. You can use a package script that will prune test extensions and test folders from the source: + + yarn archive:builtin + +This will `git clean` all extension directories and generate a zip file named like so: `vscode-builtins-.src.zip` + +Open an issue that looks like this: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/11676. Use the template "vet third party" on the new issue and fill in the templata liek in the example issue. Attach the source file generated in step one as "source". Since there is no real "clearlydefined id" for the built-ins, we set the title of the issue to "project/ecd.theia/-/vscode-builtin-extensions/" + +## IP checks for external VS Code built-ins +We now have to perform the IP checks for the "external builtins". These are extensions which are not developed as part of the VS code repository, but which are still included as part of the +VS Code product. They are described in the `product.json` file which lives at the root of the VS Code repository. There is a package script which will clone the relevant repos and check out +the correct tag into a folder named `external-builtins`. + + yarn get-external-builtin + +We now have to run the checks for the dependencies of those extensions: + + yarn ip-check:external --token + +Again, this will open issues with the Eclipse IP issue tracker. Once this is done, it's time to open an ip-check issue for the content of each of the external built ins. +For extensions from github, it's usually enough to open a "vet third party" issue with just the project in the details, like this one: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/14430. The title should be the clearlydefined id of the form `git/github///v`. The IP-check bot is usually able to download the source from the github release page on its own. In the issue template, just fill in the "project" field. +If the IP-check bot cannot figure out the source (it will ask for source in a comment on the issue), you can zip up the source of all external built-ins into files of the form `.-.src.zip>` with a package script: + + yarn archive:external + +You can then drag the relevant zip into the gitlab issue. + +## Produce the VS Code built-ins + +Building and packaging the built-ins is described in [Building.md](./Building.md). + +## Testing + +This section assumes you have a local clone of the [main Theia repo](https://github.com/eclipse-theia/theia). Please refer to the Theia documentation for instructions on how to build and +run Theia. Some built-ins may refuse to run if the VS Code API version reported by Theia is lower that what they require. If Theia's default API verison has not been updated yet, you can +force a newer version by either setting the `VSCODE_API_VERSION` environment variable or by passing the option `--vscode-api-version ..` + +If already present, delete folder `plugins` in your local Theia repo folder. We will instead use the built-ins we previously built + +```bash +rm -rf plugins +mkdir plugins +``` + +Copy the builtin extension `*.vsix` files built above to Theia's `extensions` folder (typically `~/.theia/extensions`) + +```bash +cp -a dist/* ~/.theia/extensions # adjust according to where your .theia folder resides +``` + +Get rid of a few builtins that will interfere with testing (note: we keep these extensions where they were generated, but remove them from our test Theia application): + +```bash +cd theia # back to theia repo +rm -rf plugins/ipynb-* +rm -rf plugins/extension-editing-* +``` + +To test vscode builtin git, we need to remove the Theia-specific git extension from the example application, for this, remove the line referring to +`"@theia/git": ""` from the `package.json` of the Theia example you use for testing. + +Rebuild the example and start Theia: + +```bash +yarn && yarn browser build +yarn browser start +``` + +Note that startup will take a bit longer than usual while Theia unzips the *.vsix files to `~/.theia/deployedPlugins`. + +- [ ] Connect to `localhost:3000` with a browser +- [ ] Observe backend log for new exceptions, specially during activation of builtin extensions +- [ ] quick TypeScript test +- [ ] quick JSON test +- [ ] quick git test +- [ ] Submit PR for current builtins versions for review and merge. + +File issues for problems found. Some problems may require changing how we build or package, in which case a fix would be made on `vscode-builtin-extensions` as part of the ongoing release PR. If the issue is with the upstream Theia repo, we open the issue there. + +While testing buitins 1.72.2, we found the following, for example: + +- [RangeError: Maximum call stack size exceeded with recent vscode.html builtin extension #12434](https://github.com/eclipse-theia/theia/issues/12434) +- [[builtins] [proposed API] [vscode.markdown-language-features]: Theia misses proposed API: `Document Paste`](https://github.com/eclipse-theia/theia/issues/12430) +- [[builtins] [proposed API] [vscode.git@1.72.2]: Theia misses proposed API: `Edit session identifier provider`](https://github.com/eclipse-theia/theia/issues/12437) + +Once you are confident that the new set of builtins do not have obvious issues, you can proceed with publishing them to `open-vsx.org`. It's ok if there are issues that will later be fixed in Theia - older version of the builtin can be temporarily used instead in most cases. + +Now it's time to open a PR against master. The convention is to create a branch that is named after the version of VS Code wer're using: + + git checkout -b .. # replace the version here wiht the VS Code version, for example "1.88.1" + +Now commit all changes you had to make to get the built-ins to correctly build, **including the `vscode` folder**. Adding `vscode` will update the submodule configuration n this repo to +check out the correct version of VS Code upon `git submodule update`. The convention is to make a single commit named `changes for builtins v..`. Open a PR and have it reviewed as usual. + +# Publishing to openvsx.org + +**Before publishing to open-vsx, all issues opened in [internal](#ip-checks-for-vs-code-built-ins) and [external](#ip-checks-for-external-vs-code-built-ins) should be closed.** +Please work with the Eclipse Foundation staff and the Theia community if there are problems! + +Publishing is done using GitHub Actions. In the vscode-builtin-extensions repo, a publish token for open-vsx.org has been set, that can be used to publish under the identity of the openvsx publish bot. + +There are four workflows in this repo. + +* **publish-vsx-latest.yml:** Will check out the latest tagged version of VS Code and builds and packages a release version of the extensions and extension pack +* **publish-vsix-next.yml:** Will check out the VS Code `main branch` and build a prerelase version. + +both these workflows are triggered on a regular schedule and upon push to the master branch + +* **publish-vsx-specific-latest:** This action is triggered upon pushes to the branch `ovsx-publish`. It checks out the version of VS Code that is checked in as a submodule +on the branch and creates and packages a release version of the built-ins. It then publishes the built-ins and extension pack to the open-vsx registry. +* **publish-vsx-specific-next:** This action is triggered upon pushes to the branch `ovsx-publish-next`. It checks out the version of VS Code that is checked in as a submodule +on the branch and creates and packages a prerelease version of the built-ins. It then publishes the built-ins and extension pack to the open-vsx registry. + +For "regular" vs. "prerelease" vesions see [Building.md](./Building.md)) + +In order to publish updated built-ins, we replace the contents of the `osvx-publish` branch. First, we make sure we're on the branch we're created in the "Testing" section: + + git checkout 1.72.2 + git branch -D ovsx-publish # delete the local version of the publsh branch + git checkout -b osvx-publish # copy our current branch to `osvx-publish` + git push origin # if the push fails because the branch can't be fast-forwarded, add the `-f` flag + +Go in the [Actions](https://github.com/eclipse-theia/vscode-builtin-extensions/actions) tab to observe the publishing progress. + +The publish workflow may fail, usually because the prerequisites for building the built-ins have changed. In this case, make the necessary change in the relevant workflows. In general, the setup should be aligned with the CI setup of VS Code: +https://github.com/microsoft/vscode/blob/main/.github/workflows/ci.yml#L107. **Make sure you updated all the workflows that may be affected.** +Now push to `osvx-publish` again. Repeat until the publish succeeds. + +Now we make a copy of the publish branch "for the record": + + git checkout -b old-ovsx-publish-.. + git push origin + +At this point, make sure the also apply all changes you had to make to get the publish to succeed in the `master` branch as well. diff --git a/package.json b/package.json index 81dff50..2cadb1a 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,11 @@ "checkout-latest-vscode-release": "node src/checkout-latest-vscode.js", "get-external-builtins": "node src/get-external-builtins.js", "clean": "git clean -ffdx; cd vscode && git clean -ffdx", - "download:dash-licenses": "curl -L 'https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST' -o dash-licenses.jar" + "download:dash-licenses": "node ./src/download.js --url=\"https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST\" --out=dash-licenses.jar", + "ip-check:builtin": "node ./src/check-dependencies.js --dir vscode/extensions", + "ip-check:external": "node ./src/check-dependencies.js --dir external-builtins", + "archive:builtin": "node ./src/archive-source.js --mode builtin", + "archive:external": "node ./src/archive-source.js --mode external" }, "devDependencies": { "@types/archiver": "^3.0.0", @@ -24,11 +28,13 @@ "capitalize": "^2.0.2", "colors": "^1.4.0", "cross-env": "^7.0.3", - "execa": "^6.0.0", + "execa": "^8.0.1", "fs-extra": "^10.0.0", + "glob": "^7.2.3", "node-fetch": "^2.6.0", "ovsx": "^0.8.1", "p-queue": "^2.4.2", + "@vscode/ripgrep": "1.15.9", "yargs": "^17.0.0" }, "workspaces": [ diff --git a/src/archive-source.js b/src/archive-source.js new file mode 100644 index 0000000..d4c0eae --- /dev/null +++ b/src/archive-source.js @@ -0,0 +1,131 @@ +/******************************************************************************** + * Copyright (C) 2024 ST Microelectronics and others. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0. + * + * This Source Code may also be made available under the following Secondary + * Licenses when the conditions for such availability set forth in the Eclipse + * Public License v. 2.0 are satisfied: GNU General Public License, version 2 + * with the GNU Classpath Exception which is available at + * https://www.gnu.org/software/classpath/license.html. + * + * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + ********************************************************************************/ + +const archiver = require('archiver'); +const glob = require('glob'); +const util = require('util'); +const globPromise = util.promisify(glob); +const { root, vscodeExtensions, vscode, externalBuiltinsRepos } = require('./paths'); +const fs = require('fs'); +const path = require('path'); +const { computeVersion } = require('./version'); + +const yargs = require('yargs'); + +const { mode } = yargs.option('mode', { + type: 'string', + demandOption: true, + choices: ['builtin', 'external'] +}).argv; + +/** + * + * @param { archiver.Archiver } zip + * @param { string } extensionDir + */ +async function addExtensionToArchive(archive, extensionDir) { + console.log(`adding extension ${extensionDir}`); + const filesToInclude = await globPromise('**', { + cwd: extensionDir, + ignore: ['**/test/**/*', '**/test-workspace/**/*'], + dot: true, + nodir: true + }); + for (const file of filesToInclude) { + const filePath = path.resolve(extensionDir, file); + archive.file(filePath, { + name: path.join(path.basename(extensionDir), file), + mode: (await fs.promises.stat(filePath)).mode + }); + } +} + +async function archiveExternal() { + const prod = vscode('product.json'); + const content = fs.readFileSync(prod, 'utf-8'); + /** + * vscode product.json section where we find info about external builtins + * @type ProductBuiltInExtensionEntry[] + */ + const prodJsonExts = JSON.parse(content).builtInExtensions || []; + const entries= new Map(); + + for (ext of prodJsonExts) { + const names = ext.repo.split("/"); + entries.set(names[names.length - 1], ext); + } + + const { execa } = await import('execa'); + + const rootDir = externalBuiltinsRepos(); + const dirs = await fs.promises.readdir(rootDir, { withFileTypes: true }); + for (const dir of dirs) { + if (dir.isDirectory()) { + const resolvedDir = path.resolve(rootDir, dir.name); + const entry = entries.get(dir.name); + process.stdout.write(`cleaning directory: ${resolvedDir}...`); + await execa('git', ['clean', '-xfd'], { + cwd: resolvedDir, + stdout: 'inherit' + }); + process.stdout.write('done\n'); + + const zipFile = path.resolve(root(), `${entry.name}-${entry.version}.src.zip`); + + const archive = archiver('zip'); + const output = fs.createWriteStream(zipFile, { flags: "w" }); + archive.pipe(output); + await addExtensionToArchive(archive, path.resolve(rootDir, dir.name)); + await archive.finalize(); + } + } +} + +async function archiveBuiltins() { + const { execa } = await import('execa'); + + process.stdout.write('cleaning vscode directory'); + execa('git', ['clean', '-xfd'], { + cwd: vscode() + }); + + process.stdout.write('done\n'); + + const excludedDirs = ['vscode-colorize-tests', 'vscode-api-tests', 'microsoft-authentication'] + const version = await computeVersion('latest'); + const zipFile = root(`vscode-built-ins-${version}.src.zip`); + + const archive = archiver('zip'); + const output = fs.createWriteStream(zipFile, { flags: "w" }); + archive.pipe(output); + + const dirs = await fs.promises.readdir(vscodeExtensions(), { withFileTypes: true }); + for (const dir of dirs) { + if (dir.isDirectory()) { + if (!excludedDirs.includes(dir.name)) { + await addExtensionToArchive(archive, path.resolve(vscodeExtensions(), dir.name)); + } + } + } + + await archive.finalize(); +} + +if (mode === 'builtin') { + archiveBuiltins(); +} else { + archiveExternal(); +} diff --git a/src/check-dependencies.js b/src/check-dependencies.js new file mode 100644 index 0000000..7eac0f9 --- /dev/null +++ b/src/check-dependencies.js @@ -0,0 +1,84 @@ +/******************************************************************************** + * Copyright (C) 2024 ST Microelectronics and others. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0. + * + * This Source Code may also be made available under the following Secondary + * Licenses when the conditions for such availability set forth in the Eclipse + * Public License v. 2.0 are satisfied: GNU General Public License, version 2 + * with the GNU Classpath Exception which is available at + * https://www.gnu.org/software/classpath/license.html. + * + * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + ********************************************************************************/ + +const { promises: fs } = require('fs'); +const fetch = require('node-fetch'); +const path = require('path'); +const { glob } = require('glob'); +const { rgPath } = require('@vscode/ripgrep'); + +const yargs = require('yargs'); +const { inherits } = require('util'); + +const { token, dir } = yargs.option('token', { + type: 'string', +}).option('dir', { + type: 'string', + demandOption: true +}).argv; + +console.log(`processing ${dir}`); + +checkDependencies(); + +async function checkDependencies() { + const allFailed = new Set(); + glob(`${dir}/*/*(yarn.lock|package-lock.json)`, async (err, files) => { + const { execa } = await import('execa'); + + if (token) { + console.log('Automatically opening IP tickets'); + } + + for (file of files) { + console.log(`inspecting ${file}...`); + try { + const javaArgs = ['-jar', 'dash-licenses.jar', '-summary', 'summary.txt']; + if (token) { + javaArgs.push('-review', '-project', 'ecd.theia', '-token', token); + } + javaArgs.push(file); + await execa('java', javaArgs, { stdout: 'inherit', stderr: 'inherit'}); + console.log('OK\n'); + } catch (e) { + // ignore + console.log('\x1b[31mFailures\x1b[0m\n'); + } + + const cp = execa(rgPath, ['restricted', 'summary.txt']); + try { + const { stdout } = await cp; + const lines = stdout.split(/\r?\n|\r|\n/g); + lines.forEach(line => allFailed.add(line)); + console.log(stdout); + } catch (e) { + if (cp.exitCode !== 1) { // ripgrep returns 1 for "no matches found" + console.error(e); + } + } + } + + if (allFailed.size > 0) { + console.log('\x1b[31mIPCheck failed for:\x1b[0m'); + for (line of allFailed) { + console.log(line); + } + } else { + console.log('IP check OK'); + } + }); + +} \ No newline at end of file diff --git a/src/download.js b/src/download.js new file mode 100644 index 0000000..9c9b10c --- /dev/null +++ b/src/download.js @@ -0,0 +1,35 @@ +/******************************************************************************** + * Copyright (C) 2024 ST Microelectronics and others. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0. + * + * This Source Code may also be made available under the following Secondary + * Licenses when the conditions for such availability set forth in the Eclipse + * Public License v. 2.0 are satisfied: GNU General Public License, version 2 + * with the GNU Classpath Exception which is available at + * https://www.gnu.org/software/classpath/license.html. + * + * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + ********************************************************************************/ + +const { promises: fs } = require('fs'); +const fetch= require('node-fetch'); +const path = require('path'); +const yargs = require('yargs'); + +const { url, out } = yargs.option('url', { + type: 'string', + demandOption: true +}).option('out', { + type: 'string', + demandOption: true +}).argv; + +download(); + +async function download() { + const response= await fetch(url); + await fs.writeFile(path.resolve(out), await response.buffer()); +}; diff --git a/src/get-external-builtins.js b/src/get-external-builtins.js index 184213c..845e84e 100644 --- a/src/get-external-builtins.js +++ b/src/get-external-builtins.js @@ -44,9 +44,7 @@ async function CloneCheckoutExternalBuiltins() { const repoName = entry.repo.split("/").slice(-1)[0]; /** @type string[] */ const repoDirectories = fs.readdirSync(externalBuiltinsRepos()); - const index = repoDirectories.findIndex( function (dir) { - if (dir == repoName) { return true; } - }); + const index = repoDirectories.indexOf(repoName); try { if (index != -1) { console.info(`skipping repo already present: ${repoName}`); diff --git a/src/publish-vsix.js b/src/publish-vsix.js index 0170498..7c79ac9 100644 --- a/src/publish-vsix.js +++ b/src/publish-vsix.js @@ -28,7 +28,6 @@ */ // @ts-check const fs = require('fs') -const os = require('os'); const ovsx = require('ovsx'); const { dist } = require('./paths.js'); const { isPublished } = require('./version'); diff --git a/vscode b/vscode index f1b07bd..e170252 160000 --- a/vscode +++ b/vscode @@ -1 +1 @@ -Subproject commit f1b07bd25dfad64b0167beb15359ae573aecd2cc +Subproject commit e170252f762678dec6ca2cc69aba1570769a5d39 diff --git a/vscode-builtin-extensions/.gitignore b/vscode-builtin-extensions/.gitignore deleted file mode 100644 index 11eb426..0000000 --- a/vscode-builtin-extensions/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -extensions -builtin-extension-pack-* diff --git a/yarn.lock b/yarn.lock index ec2323d..76adaa7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -47,6 +47,15 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-14.18.36.tgz#c414052cb9d43fab67d679d5f3c641be911f5835" integrity sha512-FXKWbsJ6a1hIrRxv+FoukuHnGTgEzKYGi7kilfMae96AL9UNkPFNWJEEYWzdRI9ooIkbr4AKldyuSTLql06vLQ== +"@vscode/ripgrep@1.15.9": + version "1.15.9" + resolved "https://registry.yarnpkg.com/@vscode/ripgrep/-/ripgrep-1.15.9.tgz#92279f7f28e1e49ad9a89603e10b17a4c7f9f5f1" + integrity sha512-4q2PXRvUvr3bF+LsfrifmUZgSPmCNcUZo6SbEAZgArIChchkezaxLoIeQMJe/z3CCKStvaVKpBXLxN3Z8lQjFQ== + dependencies: + https-proxy-agent "^7.0.2" + proxy-from-env "^1.1.0" + yauzl "^2.9.2" + "@vscode/vsce@^2.15.0": version "2.19.0" resolved "https://registry.yarnpkg.com/@vscode/vsce/-/vsce-2.19.0.tgz#342225662811245bc40d855636d000147c394b11" @@ -75,6 +84,13 @@ optionalDependencies: keytar "^7.7.0" +agent-base@^7.0.2: + version "7.1.1" + resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-7.1.1.tgz#bdbded7dfb096b751a2a087eeeb9664725b2e317" + integrity sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA== + dependencies: + debug "^4.3.4" + ansi-regex@^5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304" @@ -367,6 +383,13 @@ css-what@^6.1.0: resolved "https://registry.yarnpkg.com/css-what/-/css-what-6.1.0.tgz#fb5effcf76f1ddea2c81bdfaa4de44e79bac70f4" integrity sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw== +debug@4, debug@^4.3.4: + version "4.3.4" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865" + integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== + dependencies: + ms "2.1.2" + decompress-response@^6.0.0: version "6.0.0" resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-6.0.0.tgz#ca387612ddb7e104bd16d85aab00d5ecf09c66fc" @@ -451,19 +474,19 @@ escape-string-regexp@^1.0.5: resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" integrity sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg== -execa@^6.0.0: - version "6.1.0" - resolved "https://registry.yarnpkg.com/execa/-/execa-6.1.0.tgz#cea16dee211ff011246556388effa0818394fb20" - integrity sha512-QVWlX2e50heYJcCPG0iWtf8r0xjEYfz/OYLGDYH+IyjWezzPNxz63qNFOu0l4YftGWuizFVZHHs8PrLU5p2IDA== +execa@^8.0.1: + version "8.0.1" + resolved "https://registry.yarnpkg.com/execa/-/execa-8.0.1.tgz#51f6a5943b580f963c3ca9c6321796db8cc39b8c" + integrity sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg== dependencies: cross-spawn "^7.0.3" - get-stream "^6.0.1" - human-signals "^3.0.1" + get-stream "^8.0.1" + human-signals "^5.0.0" is-stream "^3.0.0" merge-stream "^2.0.0" npm-run-path "^5.1.0" onetime "^6.0.0" - signal-exit "^3.0.7" + signal-exit "^4.1.0" strip-final-newline "^3.0.0" expand-template@^2.0.3: @@ -530,17 +553,17 @@ get-intrinsic@^1.0.2: has "^1.0.3" has-symbols "^1.0.3" -get-stream@^6.0.1: - version "6.0.1" - resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-6.0.1.tgz#a262d8eef67aced57c2852ad6167526a43cbf7b7" - integrity sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg== +get-stream@^8.0.1: + version "8.0.1" + resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-8.0.1.tgz#def9dfd71742cd7754a7761ed43749a27d02eca2" + integrity sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA== github-from-package@0.0.0: version "0.0.0" resolved "https://registry.yarnpkg.com/github-from-package/-/github-from-package-0.0.0.tgz#97fb5d96bfde8973313f20e8288ef9a167fa64ce" integrity sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw== -glob@^7.0.6, glob@^7.1.3, glob@^7.1.4: +glob@^7.0.6, glob@^7.1.3, glob@^7.1.4, glob@^7.2.3: version "7.2.3" resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b" integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== @@ -591,10 +614,18 @@ htmlparser2@^8.0.1: domutils "^3.0.1" entities "^4.3.0" -human-signals@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-3.0.1.tgz#c740920859dafa50e5a3222da9d3bf4bb0e5eef5" - integrity sha512-rQLskxnM/5OCldHo+wNXbpVgDn5A17CUoKX+7Sokwaknlq7CdSnphy0W39GU8dw59XiCXmFXDg4fRuckQRKewQ== +https-proxy-agent@^7.0.2: + version "7.0.4" + resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-7.0.4.tgz#8e97b841a029ad8ddc8731f26595bad868cb4168" + integrity sha512-wlwpilI7YdjSkWaQ/7omYBMTliDcmCN8OLihO6I9B86g06lMyAoqgoDpV0XqoaPOKj+0DIdAvnsWfyAAhmimcg== + dependencies: + agent-base "^7.0.2" + debug "4" + +human-signals@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-5.0.0.tgz#42665a284f9ae0dade3ba41ebc37eb4b852f3a28" + integrity sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ== ieee754@^1.1.13: version "1.2.1" @@ -789,6 +820,11 @@ mkdirp-classic@^0.5.2, mkdirp-classic@^0.5.3: resolved "https://registry.yarnpkg.com/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz#fa10c9115cc6d8865be221ba47ee9bed78601113" integrity sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A== +ms@2.1.2: + version "2.1.2" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" + integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== + mute-stream@~0.0.4: version "0.0.8" resolved "https://registry.yarnpkg.com/mute-stream/-/mute-stream-0.0.8.tgz#1630c42b2251ff81e2a283de96a5497ea92e5e0d" @@ -939,6 +975,11 @@ process-nextick-args@~2.0.0: resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.1.tgz#7820d9b16120cc55ca9ae7792680ae7dba6d7fe2" integrity sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag== +proxy-from-env@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2" + integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg== + pump@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/pump/-/pump-3.0.0.tgz#b4a2116815bde2f4e1ea602354e8c75565107a64" @@ -1053,10 +1094,10 @@ side-channel@^1.0.4: get-intrinsic "^1.0.2" object-inspect "^1.9.0" -signal-exit@^3.0.7: - version "3.0.7" - resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9" - integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ== +signal-exit@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-4.1.0.tgz#952188c1cbd546070e2dd20d0f41c0ae0530cb04" + integrity sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== simple-concat@^1.0.0: version "1.0.1" @@ -1273,7 +1314,7 @@ yargs@^17.0.0: y18n "^5.0.5" yargs-parser "^21.1.1" -yauzl@^2.3.1: +yauzl@^2.3.1, yauzl@^2.9.2: version "2.10.0" resolved "https://registry.yarnpkg.com/yauzl/-/yauzl-2.10.0.tgz#c7eb17c93e112cb1086fa6d8e51fb0667b79a5f9" integrity sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==