@node-core/utils 5.15.0 → 5.16.0

package/README.md

@@ -47,7 +47,7 @@ If you would prefer to build from the source, install and link:
 ```
 git clone git@github.com:nodejs/node-core-utils.git
 cd node-core-utils
-npm install
+npm ci
 npm link
 ```
 

package/lib/config.js

@@ -2,7 +2,7 @@ import path from 'node:path';
 import os from 'node:os';
 
 import { readJson, writeJson } from './file.js';
-import { existsSync } from 'node:fs';
+import { existsSync, mkdtempSync, rmSync } from 'node:fs';
 import { spawnSync } from 'node:child_process';
 
 export const GLOBAL_CONFIG = Symbol('globalConfig');
@@ -61,13 +61,31 @@ export function getConfigPath(configType, dir) {
 };
 
 export function writeConfig(configType, obj, dir) {
-  writeJson(getConfigPath(configType, dir), obj);
+  const configPath = getConfigPath(configType, dir);
+  const encryptedConfigPath = configPath + '.gpg';
+  if (existsSync(encryptedConfigPath)) {
+    const tmpDir = mkdtempSync(path.join(os.tmpdir(), 'ncurc-'));
+    const tmpFile = path.join(tmpDir, 'config.json');
+    try {
+      writeJson(tmpFile, obj);
+      const { status } = spawnSync('gpg',
+        ['--default-recipient-self', '--yes', '--encrypt', '--output', encryptedConfigPath, tmpFile]
+      );
+      if (status !== 0) {
+        throw new Error('Failed to encrypt config file: ' + encryptedConfigPath);
+      }
+    } finally {
+      rmSync(tmpDir, { recursive: true, force: true });
+    }
+    return encryptedConfigPath;
+  }
+  writeJson(configPath, obj);
+  return configPath;
 };
 
 export function updateConfig(configType, obj, dir) {
   const config = getConfig(configType, dir);
-  const configPath = getConfigPath(configType, dir);
-  writeJson(configPath, Object.assign(config, obj));
+  writeConfig(configType, Object.assign(config, obj), dir);
 };
 
 export function getHomeDir(home) {

package/lib/prepare_security.js

@@ -55,6 +55,22 @@ export default class PrepareSecurityRelease extends SecurityRelease {
     // For now, close the ones with Security Release label
     await this.closePRWithLabel('Security Release');
 
+    if (vulnerabilityJSON.buildIssue) {
+      this.cli.info('Commenting on nodejs/build issue');
+      await this.req.commentIssue(
+        vulnerabilityJSON.buildIssue,
+        'Security release is out'
+      );
+    }
+
+    if (vulnerabilityJSON.dockerIssue) {
+      this.cli.info('Commenting on nodejs/docker-node issue');
+      await this.req.commentIssue(
+        vulnerabilityJSON.dockerIssue,
+        'Security release is out'
+      );
+    }
+
     const updateFolder = await this.cli.prompt(
       `Would you like to update the next-security-release folder to ${
         vulnerabilityJSON.releaseDate}?`,

package/lib/request.js

@@ -81,6 +81,23 @@ export default class Request {
     return this.json(url, options);
   }
 
+  async commentIssue(fullUrl, comment) {
+    const commentUrl = fullUrl.replace('https://github.com/', 'https://api.github.com/repos/') +
+      '/comments';
+    const options = {
+      method: 'POST',
+      headers: {
+        Authorization: `Basic ${this.credentials.github}`,
+        'User-Agent': 'node-core-utils',
+        Accept: 'application/vnd.github+json'
+      },
+      body: JSON.stringify({
+        body: comment,
+      })
+    };
+    return this.json(commentUrl, options);
+  }
+
   async getPullRequest(fullUrl) {
     const prUrl = fullUrl.replace('https://github.com/', 'https://api.github.com/repos/').replace('pull', 'pulls');
     const options = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node-core/utils",
-  "version": "5.15.0",
+  "version": "5.16.0",
   "description": "Utilities for Node.js core collaborators",
   "type": "module",
   "engines": {