[build] combine pre-release dependency updates

[titusfortner]

User description

💥 What does this PR do?

Combines pre-release dependency updates into a single workflow step and centralizes the update logic in the Rakefile.
Also ensures the dependency update tasks stage the files they modify (notably Node package.json and Rust lockfiles).

🔧 Implementation Notes

• Swapped separate Maven/Node workflow steps for update_dependencies, backed by a new release_update task.
• Moved multitool updates into a Bazel target for hermeticity.
• Added staging in node:update and rust:update for the files those tasks actually modify.

🔄 Types of changes

• Cleanup (formatting, renaming)

---

PR Type

Enhancement

---

Description

• Consolidates Maven and Node dependency updates into single update_dependencies task

• Adds file staging for modified lockfiles and package.json files

• Moves multitool binary updates to dedicated Bazel target for hermeticity

• Simplifies pre-release workflow by reducing separate matrix steps

---

Diagram Walkthrough

flowchart LR
  A["Separate Maven/Node steps"] -->|Consolidate| B["update_dependencies task"]
  B -->|Invokes| C["release_update"]
  C -->|Calls| D["java:update"]
  C -->|Calls| E["node:update"]
  C -->|Calls| F["update_multitool"]
  D -->|Stages| G["Modified files"]
  E -->|Stages| G
  F -->|Stages| G

Loading

File Walkthrough

	Relevant files
Configuration changes	pre-release.yml Consolidate workflow matrix steps for dependencies              .github/workflows/pre-release.yml Replaces separate maven and node matrix steps with single dependencies step Updates patch application logic to use combined dependencies output variable Simplifies PR body table to show unified dependency update status +4/-8
Enhancement	Rakefile Add release_update task and file staging                                  Rakefile Adds new release_update task that orchestrates Maven, Node, and multitool updates Introduces update_multitool task as dedicated Bazel target for binary updates Adds @git.add() calls to stage modified files in node:update and rust:update tasks Stages javascript/selenium-webdriver/package.json, rust/Cargo.Bazel.lock, and rust/Cargo.lock +18/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Missing failure context: The newly added orchestration tasks call Bazel.execute/invoke other tasks without explicit error handling or enriched failure context, so it is unclear if failures will be reported with actionable details or gracefully handled. Referred Code # Ruby and Rust are automatically updated as part of version bumps in a separate step desc 'Update dependencies for the release' task :release_update do |_task, _arguments| Rake::Task[:update_multitool].invoke Rake::Task['java:update'].invoke Rake::Task['node:update'].invoke end desc 'Update multitool binaries to latest releases' task :update_multitool do |_task, _arguments| puts 'Updating multitool binary versions' Bazel.execute('run', [], '//scripts:update_multitool_binaries') @git.add('multitool.lock.json') end Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Stage the pnpm lockfile Stage the pnpm-lock.yaml file in the node:update task. This ensures the lockfile is committed along with package.json after dependencies are updated. Rakefile [619] @git.add('javascript/selenium-webdriver/package.json') +@git.add('javascript/selenium-webdriver/pnpm-lock.yaml') Apply / Chat Suggestion importance[1-10]: 8 __ Why: This suggestion correctly identifies a significant omission. The pnpm update command modifies the lockfile, and failing to stage pnpm-lock.yaml alongside package.json would result in an incomplete and potentially broken dependency update commit.	Medium
	Update Node dependencies to latest Invoke the node:update Rake task with the latest parameter. This ensures Node dependencies are updated to their latest versions, not just within the ranges specified in package.json. Rakefile [177-183] # Ruby and Rust are automatically updated as part of version bumps in a separate step desc 'Update dependencies for the release' task :release_update do |_task, _arguments| Rake::Task[:update_multitool].invoke Rake::Task['java:update'].invoke - Rake::Task['node:update'].invoke + Rake::Task['node:update'].invoke('latest') end Apply / Chat Suggestion importance[1-10]: 7 __ Why: This is a valid suggestion that correctly identifies that the node:update task can accept a latest argument. Using this argument aligns well with the goal of a pre-release workflow, which is to update to the newest available dependency versions.	Medium
Learned best practice	Reenable tasks before invoking Rake::Task#invoke only runs a task once per process, so release_update can become a partial no-op if those tasks were invoked earlier; reenable tasks (or use execute) before invoking to make the orchestration reliable. Rakefile [178-183] desc 'Update dependencies for the release' task :release_update do |_task, _arguments| + %i[update_multitool].each { |t| Rake::Task[t].reenable } + %w[java:update node:update].each { |t| Rake::Task[t].reenable } + Rake::Task[:update_multitool].invoke Rake::Task['java:update'].invoke Rake::Task['node:update'].invoke end Apply / Chat Suggestion importance[1-10]: 6 __ Why: Relevant best practice - Make lifecycle-sensitive orchestration robust by ensuring tasks can be rerun when appropriate (avoid hidden one-time execution behavior).	Low
Update

[Copilot]

Pull request overview

This PR consolidates pre-release dependency updates by combining separate Maven and Node workflow steps into a single "dependencies" step, with the update logic centralized in a new release_update Rake task. It also adds git staging for files modified by dependency update tasks (Node package.json and Rust lockfiles) and introduces a new task to update multitool binaries.

Changes:

• Created release_update task to orchestrate Java, Node, and multitool dependency updates
• Added update_multitool task to update multitool binaries via a Bazel target
• Enhanced node:update and rust:update tasks to stage modified files with git.add

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
Rakefile	Adds release_update and update_multitool tasks; adds git.add calls to node:update and rust:update tasks to stage modified lockfiles
.github/workflows/pre-release.yml	Combines separate maven and node workflow steps into single "dependencies" step; updates patch application and status table accordingly

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.