[bazel] Switch to rules_closure 0.12.0

[shs96c]

User description

The next step in the process will be to replace our usage of closure_js_deps with a NodeJS binary without changing the rules_closure version, but in order to ease our ability to identify problems later on, we should minimise the number of things that change with each push.

---

PR Type

Enhancement

---

Description

• Upgraded rules_closure dependency from version 0.11.0 to 0.12.0
• Removed custom patch (rules_closure_shell.patch) as it's no longer needed with the new version
• Simplified repository configuration in WORKSPACE file by removing patch-related settings
• Updated repository URL to use a more specific tag-based reference

---

Changes walkthrough 📝

	Relevant files
Dependencies	WORKSPACE Update rules_closure dependency to version 0.12.0                WORKSPACE Updated rules_closure version from 0.11.0 to 0.12.0 Simplified repository configuration by removing patch-related settings Updated URL format to use refs/tags for version specification +2/-11
Configuration changes	rules_closure_shell.patch Remove shell environment patch for closure_js_deps              javascript/rules_closure_shell.patch Removed patch file that was previously adding shell environment support to closure_js_deps +0/-12

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Missing integrity check: The removal of the SHA256 hash from the http_archive rule means there's no verification of the downloaded archive's integrity. This could potentially allow for supply chain attacks if the source repository is compromised. Consider adding back the SHA256 hash for the new version.

⚡ Recommended focus areas for review Missing SHA256 The SHA256 hash for the downloaded archive is missing, which is recommended for reproducible builds and security

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Security	Add cryptographic hash verification for third-party dependency downloads to prevent tampering Add a sha256 hash for the downloaded archive to ensure integrity and prevent supply chain attacks. WORKSPACE [7-11] http_archive( name = "io_bazel_rules_closure", strip_prefix = "rules_closure-0.12.0", + sha256 = "308b05b08232284f5f4d31e983896534b1a483644d67c6c4f84149f5ef9e4bee", url = "https://github.com/bazelbuild/rules_closure/archive/refs/tags/0.12.0.tar.gz", ) Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding a sha256 hash is crucial for security as it prevents supply chain attacks by ensuring the integrity of downloaded dependencies. This is especially important since the PR removes the previous hash verification.	9