merge: resolve conflict with upstream/main

The build-spm job was moved to microsoft-prebuild-macos-core.yml
in our branch, so we take our side (no build-spm in resolve-hermes.yml).
The upstream HERMES_VERSION=prebuilt changes are already reflected in
microsoft-prebuild-macos-core.yml.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Saadnajmi

.ado/publish.yml

@@ -38,7 +38,7 @@ extends:
       os: windows
     sdl:
       componentgovernance:
-        ignoreDirectories: $(Build.SourcesDirectory)/packages/helloworld
+        ignoreDirectories: $(Build.SourcesDirectory)/private/helloworld
       credscan:
         suppressionsFile: .ado/CredScanSuppressions.json
       eslint:

.github/workflows/microsoft-pr.yml

@@ -159,6 +159,7 @@ jobs:
 
   PR:
     name: "PR"
+    if: always()
     permissions: {}
     runs-on: ubuntu-latest
     needs:
@@ -172,5 +173,10 @@ jobs:
       - test-react-native-macos-init
       # - react-native-test-app-integration
     steps:
+      - name: Check for failures or cancellations
+        if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
+        run: |
+          echo "One or more required jobs failed or were cancelled."
+          exit 1
       - name: All required jobs passed
-        run: echo "All required jobs completed."
+        run: echo "All required jobs completed successfully."

Gemfile

@@ -4,7 +4,7 @@ source 'https://rubygems.org'
 ruby ">= 2.6.10"
 
 gem 'cocoapods', '~> 1.13', '!= 1.15.0', '!= 1.15.1'
-gem 'activesupport', '>= 6.1.7.5', '< 7.1.0'
+gem 'activesupport', '>= 7.2.3.1' # [macOS]
 gem 'xcodeproj', '< 1.26.0'
 gem 'concurrent-ruby', '<= 1.3.4'
 

Gemfile.lock

@@ -1,24 +1,28 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (3.0.7)
+    CFPropertyList (3.0.8)
+    activesupport (7.2.3.1)
       base64
-      nkf
-      rexml
-    activesupport (7.0.8.4)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
-      minitest (>= 5.1)
-      tzinfo (~> 2.0)
-    addressable (2.8.7)
-      public_suffix (>= 2.0.2, < 7.0)
+      logger (>= 1.4.2)
+      minitest (>= 5.1, < 6)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+    addressable (2.9.0)
+      public_suffix (>= 2.0.2, < 8.0)
     algoliasearch (1.27.5)
       httpclient (~> 2.8, >= 2.8.3)
       json (>= 1.5.1)
     atomos (0.1.3)
     base64 (0.3.0)
-    benchmark (0.4.0)
-    bigdecimal (3.1.9)
+    benchmark (0.5.0)
+    bigdecimal (4.1.1)
     claide (1.1.0)
     cocoapods (1.15.2)
       addressable (~> 2.8)
@@ -58,46 +62,51 @@ GEM
       netrc (~> 0.11)
     cocoapods-try (1.2.0)
     colored2 (3.1.2)
-    concurrent-ruby (1.3.3)
+    concurrent-ruby (1.3.4)
+    connection_pool (3.0.2)
+    drb (2.2.3)
     escape (0.0.4)
-    ethon (0.16.0)
+    ethon (0.18.0)
       ffi (>= 1.15.0)
-    ffi (1.17.0)
+      logger
+    ffi (1.17.4)
     fourflusher (2.3.1)
     fuzzy_match (2.0.4)
     gh_inspector (1.1.3)
-    httpclient (2.8.3)
-    i18n (1.14.5)
+    httpclient (2.9.0)
+      mutex_m
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
-    json (2.6.3)
-    logger (1.6.5)
-    minitest (5.20.0)
+    json (2.19.3)
+    logger (1.7.0)
+    minitest (5.27.0)
     molinillo (0.8.0)
     mutex_m (0.3.0)
     nanaimo (0.3.0)
     nap (1.1.0)
     netrc (0.11.0)
     nkf (0.2.0)
     public_suffix (4.0.7)
-    rexml (3.4.2)
+    rexml (3.4.4)
     ruby-macho (2.5.1)
-    typhoeus (1.4.1)
-      ethon (>= 0.9.0)
+    securerandom (0.4.1)
+    typhoeus (1.6.0)
+      ethon (>= 0.18.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    xcodeproj (1.25.0)
+    xcodeproj (1.25.1)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
       nanaimo (~> 0.3.0)
-      rexml (>= 3.3.2, < 4.0)
+      rexml (>= 3.3.6, < 4.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  activesupport (>= 6.1.7.5, < 7.1.0)
+  activesupport (>= 7.2.3.1)
   benchmark
   bigdecimal
   cocoapods (~> 1.13, != 1.15.1, != 1.15.0)
@@ -111,4 +120,4 @@ RUBY VERSION
    ruby 3.3.0p0
 
 BUNDLED WITH
-   2.5.3
+   2.5.22

docsite/package.json

@@ -15,8 +15,8 @@
     "typecheck": "tsc"
   },
   "dependencies": {
-    "@docusaurus/core": "3.8.1",
-    "@docusaurus/preset-classic": "3.8.1",
+    "@docusaurus/core": "3.10.0",
+    "@docusaurus/preset-classic": "3.10.0",
     "@mdx-js/react": "^3.0.0",
     "@types/react": "^19.0.0",
     "clsx": "^2.0.0",
@@ -25,9 +25,9 @@
     "react-dom": "^19.0.0"
   },
   "devDependencies": {
-    "@docusaurus/module-type-aliases": "3.8.1",
-    "@docusaurus/tsconfig": "3.8.1",
-    "@docusaurus/types": "3.8.1",
+    "@docusaurus/module-type-aliases": "3.10.0",
+    "@docusaurus/tsconfig": "3.10.0",
+    "@docusaurus/types": "3.10.0",
     "typescript": "~5.8.3"
   },
   "browserslist": {
@@ -45,5 +45,13 @@
   "engines": {
     "node": ">=18.0"
   },
-  "packageManager": "yarn@4.9.1"
+  "packageManager": "yarn@4.9.1",
+  "resolutions": {
+    "serialize-javascript": "^7.0.3",
+    "webpack": ">=5.104.1 <5.106.0"
+  },
+  "_resolution_justifications": {
+    "serialize-javascript": "Earlier versions of serialize-javascript are affected by GHSA-5c6j-r48x-rmvq, and it's a transitive dependency of docusaurus, of which we are already using the latest version.",
+    "webpack": "Earlier versions of webpack are affected by CVE-2025-68458, but versions >=5.106.0 doesn't work with docusaurus, which is being worked on: https://github.com/facebook/docusaurus/issues/11923"
+  }
 }