tools: add version update to external dependencies

Refs: nodejs/security-wg#973
Most of the duplicated code in all the dependencies updaters
has been moved in the `utils.sh` file

PR-URL: #48081
Refs: nodejs/security-wg#973
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>

doc/contributing/maintaining/maintaining-dependencies.md

@@ -8,29 +8,30 @@ directories to create the Node.js binaries.
 All dependencies are located within the `deps` directory.
 This a list of all the dependencies:
 
-* [acorn][]
-* [ada][]
-* [base64][]
-* [brotli][]
-* [c-ares][]
-* [cjs-module-lexer][]
+* [acorn 8.8.2][]
+* [ada 2.5.0][]
+* [base64 0.5.0][]
+* [brotli 1.0.9][]
+* [c-ares 1.19.0][]
+* [cjs-module-lexer 1.2.2][]
 * [corepack][]
 * [googletest][]
-* [histogram][]
-* [icu-small][]
-* [llhttp][]
-* [minimatch][]
-* [nghttp2][]
-* [ngtcp2][]
-* [npm][]
-* [openssl][]
-* [postject][]
-* [simdutf][]
-* [undici][]
-* [uv][]
-* [uvwasi][]
-* [V8][]
-* [zlib][]
+* [histogram 0.11.8][]
+* [icu-small 73.1][]
+* [libuv 1.44.2][]
+* [llhttp 8.1.0][]
+* [minimatch 9.0.0][]
+* [nghttp2 1.53.0][]
+* [nghttp3 0.7.0][]
+* [ngtcp2 0.8.1][]
+* [npm 9.6.7][]
+* [openssl 3.0.8][]
+* [postject 1.0.0-alpha.6][]
+* [simdutf 3.2.9][]
+* [undici 5.22.1][]
+* [uvwasi 0.0.16][]
+* [V8 11.3.244.8][]
+* [zlib 1.2.13][]
 
 Any code which meets one or more of these conditions should
 be managed as a dependency:
@@ -136,48 +137,49 @@ Most dependencies are automatically updated by
 [dependency-update-action][] that runs weekly.
 However, it is possible to manually update a dependency by running
 the corresponding script in `tools/update-deps`.
-[OpenSSL][] has its own update action: [update-openssl-action][].
+[OpenSSL](https://github.com/openssl/openssl) has its own update action:
+[update-openssl-action][].
 [npm-cli-bot](https://github.com/npm/cli/blob/latest/.github/workflows/create-node-pr.yml)
-takes care of [npm][] update, it is maintained by the npm team.
+takes care of npm update, it is maintained by the npm team.
 
 ## Dependency list
 
-### acorn
+### acorn 8.8.2
 
 The [acorn](https://github.com/acornjs/acorn) dependency is a JavaScript parser.
 [acorn-walk](https://github.com/acornjs/acorn/tree/master/acorn-walk) is
 an abstract syntax tree walker for the ESTree format.
 
-### ada
+### ada 2.5.0
 
 The [ada](https://github.com/ada-url/ada) dependency is a
 fast and spec-compliant URL parser written in C++.
 
-### base64
+### base64 0.5.0
 
 The [base64](https://github.com/aklomp/base64) dependency is a base64
 stream encoding/decoding library in C99 with SIMD and OpenMP acceleration.
 It also contains wrapper functions to encode/decode simple
 length-delimited strings.
 
-### brotli
+### brotli 1.0.9
 
 The [brotli](https://github.com/google/brotli) dependency is
 used for the homonym generic-purpose lossless compression algorithm.
 
-### c-ares
+### c-ares 1.19.0
 
 The [c-ares](https://github.com/c-ares/c-ares) is a C library
 for asynchronous DNS requests.
 
-### cjs-module-lexer
+### cjs-module-lexer 1.2.2
 
 The [cjs-module-lexer](https://github.com/nodejs/node/tree/HEAD/deps/cjs-module-lexer)
 dependency is used within the Node.js ESM implementation to detect the
 named exports of a CommonJS module.
 See [maintaining-cjs-module-lexer][] for more information.
 
-## corepack
+### corepack
 
 The [corepack](https://github.com/nodejs/corepack) dependency is a
 zero-runtime-dependency Node.js script that acts as a bridge between
@@ -192,36 +194,47 @@ by Node.js by default.
 The [googletest](https://github.com/google/googletest) dependency is Google’s
 C++ testing and mocking framework.
 
-### histogram
+### histogram 0.11.8
 
 The [histogram](https://github.com/HdrHistogram/HdrHistogram_c) dependency is
 a C port of High Dynamic Range (HDR) Histogram.
 
-### icu-small
+### icu-small 73.1
 
 The [icu](http://site.icu-project.org) is widely used set of C/C++
 and Java libraries providing Unicode and Globalization
 support for software applications.
 See [maintaining-icu][] for more informations.
 
-### llhttp
+### libuv 1.44.2
+
+The [libuv](https://github.com/libuv/libuv) dependency is a
+multi-platform support library with a focus on asynchronous I/O.
+It was primarily developed for use by Node.js.
+
+### llhttp 8.1.0
 
 The [llhttp](https://github.com/nodejs/llhttp) dependency is
 the http parser used by Node.js.
 See [maintaining-http][] for more informations.
 
-### minimatch
+### minimatch 9.0.0
 
 The [minimatch](https://github.com/isaacs/minimatch) dependency is a
 minimal matching utility.
 
-### nghttp2
+### nghttp2 1.53.0
 
 The [nghttp2](https://github.com/nghttp2/nghttp2) dependency is a C library
 implementing HTTP/2 protocol.
 See [maintaining-http][] for more informations.
 
-### ngtcp2
+### nghttp3 0.7.0
+
+The [nghttp3](https://github.com/ngtcp2/nghttp3) dependency is HTTP/3 library
+written in C. See ngtcp2 for more informations.
+
+### ngtcp2 0.8.1
 
 The ngtcp2 and nghttp3 dependencies provide the core functionality for
 QUIC and HTTP/3.
@@ -241,7 +254,7 @@ The `nghttp3` library depends on `ngtcp2`. Both should always be updated
 together. From `ngtcp2` we only want the contents of the `lib` and `crypto`
 directories; from `nghttp3` we only want the contents of the `lib` directory.
 
-### npm
+### npm 9.6.7
 
 The [npm](https://github.com/npm/cli) dependency is
 the package manager for JavaScript.
@@ -256,7 +269,7 @@ are at the discretion of the release and LTS teams.
 This process only covers full updates to new versions of npm. Cherry-picked
 changes can be reviewed and landed via the normal consensus seeking process.
 
-### openssl
+### openssl 3.0.8
 
 The [openssl](https://github.com/quictls/openssl) dependency is a
 fork of OpenSSL to enable QUIC.
@@ -268,77 +281,72 @@ the main openssl/openssl releases with the addition of APIs to support
 the QUIC protocol.
 See [maintaining-openssl][] for more informations.
 
-### postject
+### postject 1.0.0-alpha.6
 
 The [postject](https://github.com/nodejs/postject) dependency is used for the
 [Single Executable strategic initiative](https://github.com/nodejs/single-executable).
 
-### simdutf
+### simdutf 3.2.9
 
 The [simdutf](https://github.com/simdutf/simdutf) dependency is
 a C++ library for fast UTF-8 decoding and encoding.
 
-### undici
+### undici 5.22.1
 
 The [undici](https://github.com/nodejs/undici) dependency is an HTTP/1.1 client,
 written from scratch for Node.js..
 See [maintaining-http][] for more informations.
 
-### uv
-
-The [libuv](https://github.com/libuv/libuv) dependency is a
-multi-platform support library with a focus on asynchronous I/O.
-It was primarily developed for use by Node.js.
-
-### uvwasi
+### uvwasi 0.0.16
 
 The [uvwasi](https://github.com/nodejs/uvwasi) dependency implements
 the WASI system call API, so that WebAssembly runtimes can easily
 implement WASI calls.
 Under the hood, uvwasi leverages libuv where possible for maximum portability.
 See [maintaining-web-assembly][] for more informations.
 
-### V8
+### V8 11.3.244.8
 
 [V8](https://chromium.googlesource.com/v8/v8.git/) is Google's open source
 high-performance JavaScript and WebAssembly engine, written in C++.
 See [maintaining-V8][] for more informations.
 
-### zlib
+### zlib 1.2.13
 
 The [zlib](https://chromium.googlesource.com/chromium/src/+/refs/heads/main/third_party/zlib)
 dependency lossless data-compression library,
 it comes from the Chromium team's zlib fork which incorporated
 performance improvements not currently available in standard zlib.
 
-[acorn]: #acorn
-[ada]: #ada
-[base64]: #base64
-[brotli]: #brotli
-[c-ares]: #c-ares
-[cjs-module-lexer]: #cjs-module-lexer
+[acorn 8.8.2]: #acorn-882
+[ada 2.5.0]: #ada-250
+[base64 0.5.0]: #base64-050
+[brotli 1.0.9]: #brotli-109
+[c-ares 1.19.0]: #c-ares-1190
+[cjs-module-lexer 1.2.2]: #cjs-module-lexer-122
 [corepack]: #corepack
 [dependency-update-action]: ../../../.github/workflows/tools.yml
 [googletest]: #googletest
-[histogram]: #histogram
-[icu-small]: #icu-small
-[llhttp]: #llhttp
+[histogram 0.11.8]: #histogram-0118
+[icu-small 73.1]: #icu-small-731
+[libuv 1.44.2]: #libuv-1442
+[llhttp 8.1.0]: #llhttp-810
 [maintaining-V8]: ./maintaining-V8.md
 [maintaining-cjs-module-lexer]: ./maintaining-cjs-module-lexer.md
 [maintaining-http]: ./maintaining-http.md
 [maintaining-icu]: ./maintaining-icu.md
 [maintaining-openssl]: ./maintaining-openssl.md
 [maintaining-web-assembly]: ./maintaining-web-assembly.md
-[minimatch]: #minimatch
-[nghttp2]: #nghttp2
-[ngtcp2]: #ngtcp2
-[npm]: #npm
-[openssl]: #openssl
-[postject]: #postject
-[simdutf]: #simdutf
-[undici]: #undici
+[minimatch 9.0.0]: #minimatch-900
+[nghttp2 1.53.0]: #nghttp2-1530
+[nghttp3 0.7.0]: #nghttp3-070
+[ngtcp2 0.8.1]: #ngtcp2-081
+[npm 9.6.7]: #npm-967
+[openssl 3.0.8]: #openssl-308
+[postject 1.0.0-alpha.6]: #postject-100-alpha6
+[simdutf 3.2.9]: #simdutf-329
+[undici 5.22.1]: #undici-5221
 [update-openssl-action]: ../../../.github/workflows/update-openssl.yml
-[uv]: #uv
-[uvwasi]: #uvwasi
-[v8]: #v8
-[zlib]: #zlib
+[uvwasi 0.0.16]: #uvwasi-0016
+[v8 11.3.244.8]: #v8-1132448
+[zlib 1.2.13]: #zlib-1213

tools/dep_updaters/update-acorn-walk.sh

@@ -12,15 +12,14 @@ ROOT=$(cd "$(dirname "$0")/../.." && pwd)
 [ -x "$NODE" ] || NODE=$(command -v node)
 NPM="$ROOT/deps/npm/bin/npm-cli.js"
 
+# shellcheck disable=SC1091
+. "$ROOT/tools/dep_updaters/utils.sh"
+
 NEW_VERSION=$("$NODE" "$NPM" view acorn-walk dist-tags.latest)
 CURRENT_VERSION=$("$NODE" -p "require('./deps/acorn/acorn-walk/package.json').version")
 
-echo "Comparing $NEW_VERSION with $CURRENT_VERSION"
-
-if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then
-  echo "Skipped because Acorn-walk is on the latest version."
-  exit 0
-fi
+# This function exit with 0 if new version and current version are the same
+compare_dependency_version "acorn-walk" "$NEW_VERSION" "$CURRENT_VERSION"
 
 cd "$( dirname "$0" )/../.." || exit
 

tools/dep_updaters/update-acorn.sh

@@ -12,15 +12,14 @@ ROOT=$(cd "$(dirname "$0")/../.." && pwd)
 [ -x "$NODE" ] || NODE=$(command -v node)
 NPM="$ROOT/deps/npm/bin/npm-cli.js"
 
+# shellcheck disable=SC1091
+. "$ROOT/tools/dep_updaters/utils.sh"
+
 NEW_VERSION=$("$NODE" "$NPM" view acorn dist-tags.latest)
 CURRENT_VERSION=$("$NODE" -p "require('./deps/acorn/acorn/package.json').version")
 
-echo "Comparing $NEW_VERSION with $CURRENT_VERSION"
-
-if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then
-  echo "Skipped because Acorn is on the latest version."
-  exit 0
-fi
+# This function exit with 0 if new version and current version are the same
+compare_dependency_version "acorn" "$NEW_VERSION" "$CURRENT_VERSION"
 
 cd "$( dirname "$0" )/../.." || exit
 
@@ -50,14 +49,7 @@ mv acorn-tmp/node_modules/acorn deps/acorn
 
 rm -rf acorn-tmp/
 
-echo "All done!"
-echo ""
-echo "Please git add acorn, commit the new version:"
-echo ""
-echo "$ git add -A deps/acorn src/acorn_version.h"
-echo "$ git commit -m \"deps: update acorn to $NEW_VERSION\""
-echo ""
-
-# The last line of the script should always print the new version,
-# as we need to add it to $GITHUB_ENV variable.
-echo "NEW_VERSION=$NEW_VERSION"
+# Update the version number on maintaining-dependencies.md
+# and print the new version as the last line of the script as we need
+# to add it to $GITHUB_ENV variable
+finalize_version_update "acorn" "$NEW_VERSION" "src/acorn_version.h"

tools/dep_updaters/update-ada.sh

@@ -25,12 +25,8 @@ EOF
 
 CURRENT_VERSION=$(grep "#define ADA_VERSION" "$DEPS_DIR/ada/ada.h" | sed -n "s/^.*VERSION \"\(.*\)\"/\1/p")
 
-echo "Comparing $NEW_VERSION with $CURRENT_VERSION"
-
-if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then
-  echo "Skipped because ada is on the latest version."
-  exit 0
-fi
+# This function exit with 0 if new version and current version are the same
+compare_dependency_version "ada" "$NEW_VERSION" "$CURRENT_VERSION"
 
 echo "Making temporary workspace..."
 
@@ -63,14 +59,7 @@ mv "$DEPS_DIR/ada/"*.gyp "$DEPS_DIR/ada/README.md" "$WORKSPACE/"
 rm -rf "$DEPS_DIR/ada"
 mv "$WORKSPACE" "$DEPS_DIR/ada"
 
-echo "All done!"
-echo ""
-echo "Please git add ada, commit the new version:"
-echo ""
-echo "$ git add -A deps/ada"
-echo "$ git commit -m \"deps: update ada to $NEW_VERSION\""
-echo ""
-
-# The last line of the script should always print the new version,
-# as we need to add it to $GITHUB_ENV variable.
-echo "NEW_VERSION=$NEW_VERSION"
+# Update the version number on maintaining-dependencies.md
+# and print the new version as the last line of the script as we need
+# to add it to $GITHUB_ENV variable
+finalize_version_update "ada" "$NEW_VERSION"