Here a list of improvements to the dependency update workflow - [x] add a step to the `.github/workflows/tools.yml` in order to open an issue when a job fails (tagging the security-wg). https://github.com/nodejs/node/pull/48018 (WIP) - [x] change `deps_updater/update-zlib.sh` check latest commit on main instead of release version (like its done here https://github.com/nodejs/node/pull/47482), here for more reference: https://github.com/nodejs/node/pull/47417#discussion_r1158895942. (WIP) - [x] add version to `doc/contributing/maintaining/maintaining-dependencies.md` dependencies list and automate the update (when https://github.com/nodejs/node/pull/47589 lands). - [ ] automate v8 major update (research if it's doable) - [x] log shasum of archive file when downloading from repository - [x] investigate and fix gh rate limit issue https://github.com/nodejs/node/issues/48119 - [ ] investigate nghttp3 and ngtpc2 double commit issue https://github.com/nodejs/node/pull/47576#issuecomment-1537382159 - [x] order alphabetically jobs for https://github.com/nodejs/node/blob/main/.github/workflows/tools.yml - [x] automate security patch backporting to openssl in v16.x
Here a list of improvements to the dependency update workflow
.github/workflows/tools.ymlin order to open an issue when a job fails (tagging the security-wg). tools: open issue when update workflow fails node#48018 (WIP)deps_updater/update-zlib.shcheck latest commit on main instead of release version (like its done here tools: add update script for googletest node#47482), here for more reference: tools: automate zlib update node#47417 (comment). (WIP)doc/contributing/maintaining/maintaining-dependencies.mddependencies list and automate the update (when doc: create maintaining folder for deps node#47589 lands).