dependabot[bot]
a873bcb7ac
Bump @types/node from 25.9.1 to 25.9.2 in the actions group ( #531 )
...
Bumps the actions group with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@types/node` from 25.9.1 to 25.9.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.9.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 10:59:28 +00:00
dependabot[bot]
cc6628a38e
Bump github/codeql-action in /.github/workflows in the actions group ( #532 )
...
Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.36.1 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](87557b9c84...8aad20d150
2026-06-09 22:56:42 +12:00
dependabot[bot]
06c6e5b021
Bump the actions group in /.github/workflows with 2 updates ( #530 )
...
Bumps the actions group in /.github/workflows with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](de0fac2e45...df4cb1c069https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7211b7c807...87557b9c84
2026-06-05 15:11:54 -04:00
dependabot[bot]
e8d601f116
Bump the actions group with 2 updates ( #529 )
...
Bumps the actions group with 2 updates: [js-yaml](https://github.com/nodeca/js-yaml ) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ).
Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodeca/js-yaml/commits )
Updates `vitest` from 4.1.7 to 4.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest )
---
updated-dependencies:
- dependency-name: js-yaml
dependency-version: 4.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions
- dependency-name: vitest
dependency-version: 4.1.8
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-03 17:57:44 -04:00
Tom Gamble
ef735e2cde
fix: confine manifest paths to workspace and harden URL fetcher ( #528 )
...
* docs: add design for manifest path traversal fix
* docs: add implementation plan for manifest path traversal fix
* fix: confine manifest paths to workspace
moveFileToTmpDir previously used path.join(tempDirectory, originalFilepath),
which normalizes ../ sequences. A manifests input containing a traversal
sequence caused the action to read .yaml/.yml files from outside the
workspace and write copies outside RUNNER_TEMP. Directory inputs made
this stronger because recurisveManifestGetter enumerated YAML files
under the traversed directory.
Add assertPathWithinWorkspace, which resolves symlinks via realpathSync
and rejects any path not contained in GITHUB_WORKSPACE. Apply it in
getFilesFromDirectoriesAndURLs before lstat / readdir / file inclusion.
Rewrite moveFileToTmpDir to use a basename-only destination under
RUNNER_TEMP with a getCurrentTime() uniquifier to avoid collisions,
matching the safer pattern already used by getNewTempManifestFileName.
* fix: handle errors in writeYamlFromURLToFile
The https.get callback was marked async without any await, which caused
thrown errors to be silently swallowed as floating promise rejections.
There were no error listeners on the response stream or the file
writer, so socket or disk errors hung the promise instead of rejecting
it. On HTTP status >= 400 the function called reject but then fell
through and opened a write stream anyway.
Drop the misleading async, return after rejecting HTTP errors, drain
the response, and add error listeners on both streams. Wrap the string
verification error in new Error so stack traces are preserved.
* fix: harden verifyYaml and warn on unset GITHUB_WORKSPACE
Two follow-ups from review of the path-traversal series:
verifyYaml is called inside writeYamlFromURLToFile's finish listener.
If the body parsed to a null YAML document (e.g. "---" or a multi-doc
file with a trailing separator), the loop dereferenced obj.kind on
null and threw. Because the throw happened inside an EventEmitter
listener attached to a WriteStream rather than the Promise executor,
it was not routed to reject, so the promise hung. Wrap the finish
body in try/catch and add a null guard inside verifyYaml.
assertPathWithinWorkspace previously returned silently when
GITHUB_WORKSPACE was unset. In a real Action run the runner always
sets it, so unset is a signal that something is wrong with the
environment, not "skip the security check". Emit core.warning so a
misconfigured self-hosted runner does not lose the containment
protection without notice.
* test: realpath both sides of dirname comparison
On macOS, RUNNER_TEMP under /var/folders/... resolves through a
/private symlink. moveFileToTmpDir builds its destination from the
raw RUNNER_TEMP, so comparing path.dirname(out) directly with
realpathSync(tmpDir) would fail on macOS. Normalize both sides.
* fix: resolve relative manifest paths against workspace and clean up URL temp files
Address two Copilot review comments on PR #528 :
- assertPathWithinWorkspace now resolves relative inputPath values
against the realpathed GITHUB_WORKSPACE instead of process.cwd().
Previously a step that changed CWD could cause unexpected
rejections (or false acceptances) for relative manifests inputs.
Absolute paths are still passed through and validated unchanged.
- writeYamlFromURLToFile now unlinks the partial temp file on any
rejection that occurs after the write stream is created
(writer error, response error, verification failure, sync throw
in verify). The success path still resolves without unlinking.
Pre-stream request errors leave nothing to clean up.
Tests added: a workspace-relative resolution test that deliberately
chdirs elsewhere, plus two cleanup-assertion tests covering
verification-failure and mid-stream response error.
2026-06-02 12:35:22 -04:00
David Gamero
6fc8836682
chore: pin release workflow to SHA for supply chain safety ( #527 )
...
Pin Azure/action-release-workflows to commit SHA instead of mutable v1 tag.
2026-06-01 02:18:05 +00:00
dependabot[bot]
c7bccb6124
Bump the actions group in /.github/workflows with 2 updates ( #526 )
...
Bumps the actions group in /.github/workflows with 2 updates: [github/codeql-action](https://github.com/github/codeql-action ) and [actions/stale](https://github.com/actions/stale ).
Updates `github/codeql-action` from 4.35.5 to 4.36.0
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e0d7b8d25...7211b7c807https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](b5d41d4e1d...eb5cf3af3a
2026-05-26 06:19:13 +00:00
dependabot[bot]
d4bfad4550
Bump the actions group with 2 updates ( #525 )
...
Bumps the actions group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ).
Updates `@types/node` from 25.9.0 to 25.9.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `vitest` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/vitest )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.9.1
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: vitest
dependency-version: 4.1.7
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-26 18:15:21 +12:00
dependabot[bot]
4298bf8626
Bump @types/node from 25.7.0 to 25.9.0 in the actions group ( #524 )
...
Bumps the actions group with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@types/node` from 25.7.0 to 25.9.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.9.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tatsat (Tats) Mishra 🐉 <tamishra@microsoft.com>
2026-05-19 09:12:10 +00:00
dependabot[bot]
f2b0a5041d
Bump github/codeql-action in /.github/workflows in the actions group ( #523 )
...
Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.35.4 to 4.35.5
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](68bde559de...9e0d7b8d25
2026-05-19 21:06:57 +12:00
dependabot[bot]
031b17e505
Bump the actions group with 2 updates ( #521 )
...
Bumps the actions group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ).
Updates `@types/node` from 25.6.0 to 25.7.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `vitest` from 4.1.5 to 4.1.6
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/vitest )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.7.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: actions
- dependency-name: vitest
dependency-version: 4.1.6
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-12 11:56:34 +00:00
dependabot[bot]
d31be45ea5
Bump github/codeql-action in /.github/workflows in the actions group ( #522 )
...
Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.35.3 to 4.35.4
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e46ed2cbd0...68bde559de
2026-05-12 23:52:04 +12:00
dependabot[bot]
9884b47c86
Bump github/codeql-action in /.github/workflows in the actions group ( #520 )
...
Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.35.2 to 4.35.3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](95e58e9a2c...e46ed2cbd0
2026-05-05 14:21:33 +12:00
dependabot[bot]
7da36614a9
Bump the actions group with 2 updates ( #519 )
...
Bumps the actions group with 2 updates: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ).
Updates `@actions/core` from 3.0.0 to 3.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `vitest` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 3.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: vitest
dependency-version: 4.1.5
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:49:52 -04:00
dependabot[bot]
e17e3d873d
Bump the actions group in /.github/workflows with 2 updates ( #518 )
...
Bumps the actions group in /.github/workflows with 2 updates: [github/codeql-action](https://github.com/github/codeql-action ) and [Azure/setup-kubectl](https://github.com/azure/setup-kubectl ).
Updates `github/codeql-action` from 4.35.1 to 4.35.2
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c10b8064de...95e58e9a2chttps://github.com/azure/setup-kubectl/releases )
- [Changelog](https://github.com/Azure/setup-kubectl/blob/main/CHANGELOG.md )
- [Commits](15650b3ad7...829323503d
2026-04-21 17:05:29 -04:00
dependabot[bot]
2208360a18
Bump typescript in the actions group across 1 directory ( #517 )
...
Bumps the actions group with 1 update in the / directory: [typescript](https://github.com/microsoft/TypeScript ).
Updates `typescript` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases )
- [Commits](https://github.com/microsoft/TypeScript/compare/v6.0.2...v6.0.3 )
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-17 18:08:11 -04:00
David Gamero
37ab655aa8
release: prepare v6.0.0 ( #516 )
2026-04-17 18:01:18 -04:00
dependabot[bot]
4ce14be7f2
Bump the actions group with 2 updates ( #514 )
...
Bumps the actions group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) and [esbuild](https://github.com/evanw/esbuild ).
Updates `@types/node` from 25.5.0 to 25.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `esbuild` from 0.27.4 to 0.28.0
- [Release notes](https://github.com/evanw/esbuild/releases )
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md )
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0 )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.5.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: esbuild
dependency-version: 0.28.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-07 21:15:20 +12:00
dependabot[bot]
d1db10bbe0
Bump vite from 8.0.3 to 8.0.5 ( #513 )
2026-04-07 06:44:09 +12:00
dependabot[bot]
9b1aca534a
Bump vitest from 4.1.1 to 4.1.2 in the actions group ( #511 )
...
Bumps the actions group with 1 update: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ).
Updates `vitest` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest )
---
updated-dependencies:
- dependency-name: vitest
dependency-version: 4.1.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tatsat (Tats) Mishra 🐉 <tamishra@microsoft.com>
2026-04-06 07:56:39 +00:00
dependabot[bot]
566b1027eb
Bump the actions group in /.github/workflows with 2 updates ( #512 )
...
Bumps the actions group in /.github/workflows with 2 updates: [github/codeql-action](https://github.com/github/codeql-action ) and [Azure/setup-kubectl](https://github.com/azure/setup-kubectl ).
Updates `github/codeql-action` from 4.34.1 to 4.35.1
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3869755554...c10b8064dehttps://github.com/azure/setup-kubectl/releases )
- [Changelog](https://github.com/Azure/setup-kubectl/blob/main/CHANGELOG.md )
- [Commits](776406bce9...15650b3ad7
2026-04-05 10:06:34 +12:00
dependabot[bot]
4bab0cb90d
Bump the actions group across 1 directory with 2 updates ( #510 )
...
Bumps the actions group with 2 updates in the /.github/workflows directory: [github/codeql-action](https://github.com/github/codeql-action ) and [azure/login](https://github.com/azure/login ).
Updates `github/codeql-action` from 4.32.6 to 4.34.1
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0d579ffd05...3869755554https://github.com/azure/login/releases )
- [Commits](https://github.com/azure/login/compare/v2.3.0...v3.0.0 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.34.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions
- dependency-name: azure/login
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-25 23:39:46 +00:00
dependabot[bot]
2c9e6e7762
Bump the actions group across 1 directory with 4 updates ( #509 )
...
Bumps the actions group with 4 updates in the / directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ), [esbuild](https://github.com/evanw/esbuild ), [typescript](https://github.com/microsoft/TypeScript ) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ).
Updates `@types/node` from 25.4.0 to 25.5.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `esbuild` from 0.27.3 to 0.27.4
- [Release notes](https://github.com/evanw/esbuild/releases )
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md )
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.3...v0.27.4 )
Updates `typescript` from 5.9.3 to 6.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases )
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2 )
Updates `vitest` from 4.0.18 to 4.1.1
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.1/packages/vitest )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.5.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: actions
- dependency-name: esbuild
dependency-version: 0.27.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: typescript
dependency-version: 6.0.2
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: vitest
dependency-version: 4.1.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-24 17:36:16 +13:00
dependabot[bot]
104a7063f6
Bump @types/node from 25.3.3 to 25.4.0 in the actions group ( #501 )
...
Bumps the actions group with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@types/node` from 25.3.3 to 25.4.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.4.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Gamero <david340804@gmail.com>
Co-authored-by: Tatsat (Tats) Mishra 🐉 <tamishra@microsoft.com>
2026-03-14 10:25:33 +00:00
David Gamero
e7aa4f9d0c
Update Node.js runtime from node20 to node24 ( #504 )
...
Co-authored-by: Suneha Bose <123775811+bosesuneha@users.noreply.github.com>
Co-authored-by: Tatsat (Tats) Mishra 🐉 <tamishra@microsoft.com>
2026-03-14 23:22:26 +13:00
dependabot[bot]
30dbc03366
Bump undici from 6.23.0 to 6.24.1 ( #506 )
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.23.0 to 6.24.1.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.1 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.24.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-14 22:48:42 +13:00
dependabot[bot]
f4bacf1216
Bump github/codeql-action in /.github/workflows in the actions group ( #502 )
...
Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.32.5 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c793b717bc...0d579ffd05
2026-03-12 16:31:23 -07:00
David Gamero
49d0f2a6fd
docs: update action version references in README to latest majors ( #500 )
2026-03-05 12:02:12 -08:00
David Gamero
a4d35bd653
releases/v5.1.0 ( #499 )
...
* chore(release): bump version to 5.1.0
* chore(release): update package-lock.json to 5.1.0
2026-03-03 13:16:48 -08:00
David Gamero
e202ed4d60
Add typecheck to build script ( #498 )
2026-03-03 12:34:01 -08:00
dependabot[bot]
80628307ac
Bump the actions group in /.github/workflows with 2 updates ( #494 )
...
Bumps the actions group in /.github/workflows with 2 updates: [github/codeql-action](https://github.com/github/codeql-action ) and [actions/stale](https://github.com/actions/stale ).
Updates `github/codeql-action` from 4.32.3 to 4.32.4
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e907b5e64...89a39a4e59https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](997185467f...b5d41d4e1d
2026-03-03 17:28:00 +00:00
dependabot[bot]
332b91818e
Bump @types/node from 25.3.0 to 25.3.3 in the actions group ( #497 )
...
Bumps the actions group with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@types/node` from 25.3.0 to 25.3.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.3.3
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 12:07:07 -05:00
dependabot[bot]
8bb8e3e420
Bump the actions group across 1 directory with 2 updates ( #495 )
...
Bumps the actions group with 2 updates in the / directory: [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js ) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@octokit/plugin-retry` from 8.0.3 to 8.1.0
- [Release notes](https://github.com/octokit/plugin-retry.js/releases )
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v8.0.3...v8.1.0 )
Updates `@types/node` from 25.2.3 to 25.3.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
dependency-version: 8.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions
- dependency-name: "@types/node"
dependency-version: 25.3.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Gamero <david340804@gmail.com>
2026-03-02 18:06:52 +00:00
dependabot[bot]
f3086d990b
Bump rollup from 4.57.1 to 4.59.0 ( #496 )
...
Bumps [rollup](https://github.com/rollup/rollup ) from 4.57.1 to 4.59.0.
- [Release notes](https://github.com/rollup/rollup/releases )
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rollup/rollup/compare/v4.57.1...v4.59.0 )
---
updated-dependencies:
- dependency-name: rollup
dependency-version: 4.59.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 13:04:32 -05:00
David Gamero
01cfe404ef
Migrate to esbuild/Vitest and upgrade @actions/* to ESM-only versions ( #492 )
...
* Migrate build toolchain from ncc/Jest to esbuild/Vitest
Replace the legacy ncc/Jest/Babel build stack with a modern ESM toolchain:
Build:
- Replace @vercel/ncc with esbuild (--platform=node --target=node20 --format=esm)
- Add createRequire banner for CJS interop in ESM bundle
- Add "type": "module" to package.json
- Add tsc --noEmit typecheck script (esbuild strips types without checking)
- Add typecheck to husky pre-commit hook
Dependencies:
- Bump @actions/core@3, exec@3, io@3, tool-cache@4 (ESM-only)
- Replace jest/ts-jest/@babel/* with vitest@4
Tests:
- Convert 29 test files: jest.fn()→vi.fn(), jest.mock()→vi.mock(), jest.spyOn()→vi.spyOn()
- Fix vitest 4 compat: mockImplementation requires args, mock call tracking, await .rejects
CI:
- Update build step from ncc build → npm run build
- Update composite action to use npm run build
* Switch tsconfig to NodeNext module resolution
Change module/moduleResolution from ES2022/bundler to NodeNext/NodeNext
and target from ES2022 to ES2020.
- Add .js extensions to all relative imports across 59 source/test files
(required by NodeNext module resolution)
- Add vitest/globals to tsconfig types array for global test API declarations
2026-02-24 11:57:56 -08:00
dependabot[bot]
84e2095bf0
Bump github/codeql-action in /.github/workflows in the actions group ( #491 )
...
Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.32.0 to 4.32.3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b20883b0cd...9e907b5e64🐉 <tamishra@microsoft.com>
2026-02-17 15:18:18 -05:00
dependabot[bot]
1ad0b3bc5b
Bump undici and @actions/http-client ( #490 )
...
Bumps [undici](https://github.com/nodejs/undici ) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client ). These dependencies needed to be updated together.
Updates `undici` from 5.29.0 to 6.23.0
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.29.0...v6.23.0 )
Updates `@actions/http-client` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.23.0
dependency-type: indirect
- dependency-name: "@actions/http-client"
dependency-version: 3.0.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-18 08:51:55 +13:00
dependabot[bot]
8f82d97be7
Bump the actions group in /.github/workflows with 3 updates ( #488 )
...
Bumps the actions group in /.github/workflows with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [github/codeql-action](https://github.com/github/codeql-action ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cdefb33c0f...b20883b0cdhttps://github.com/actions/setup-python/releases )
- [Commits](83679a892e...a309ff8b42
2026-02-10 12:51:17 -08:00
dependabot[bot]
d9732d2f20
Bump the actions group with 2 updates ( #486 )
...
Bumps the actions group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) and [prettier](https://github.com/prettier/prettier ).
Updates `@types/node` from 25.0.7 to 25.0.9
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `prettier` from 3.7.4 to 3.8.0
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/3.7.4...3.8.0 )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.0.9
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: prettier
dependency-version: 3.8.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-20 10:34:31 -05:00
dependabot[bot]
fc94f1c6e0
Bump github/codeql-action in /.github/workflows in the actions group ( #485 )
...
Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.31.9 to 4.31.10
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5d4e8d1aca...cdefb33c0f
2026-01-13 16:34:53 -08:00
dependabot[bot]
ac0cc3d225
Bump the actions group with 4 updates ( #484 )
...
Bumps the actions group with 4 updates: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ), [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache ), [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@actions/core` from 2.0.1 to 2.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `@actions/tool-cache` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache )
Updates `@babel/preset-env` from 7.28.5 to 7.28.6
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-preset-env )
Updates `@types/node` from 25.0.3 to 25.0.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 2.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: "@actions/tool-cache"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: "@babel/preset-env"
dependency-version: 7.28.6
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: "@types/node"
dependency-version: 25.0.7
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-13 16:26:29 -05:00
dependabot[bot]
cf2c9c0edd
Bump @types/node from 25.0.2 to 25.0.3 in the actions group ( #480 )
...
Bumps the actions group with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@types/node` from 25.0.2 to 25.0.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Gamero <david340804@gmail.com>
2026-01-06 21:28:06 +00:00
dependabot[bot]
d206adcc7f
Bump github/codeql-action in /.github/workflows in the actions group ( #481 )
...
Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.31.8 to 4.31.9
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b168cd394...5d4e8d1aca
2026-01-06 16:25:29 -05:00
David Gamero
68aff7a5a7
docker driver ( #482 )
...
* docker driver
* centralize action setup
* distribute timeout to call sites
* bump timeout
2026-01-05 18:23:31 -08:00
dependabot[bot]
1748cb02b8
Bump the actions group with 3 updates ( #478 )
...
Bumps the actions group with 3 updates: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ), [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec ) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@actions/core` from 1.11.1 to 2.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/@actions/artifact@2.0.1/packages/core )
Updates `@actions/exec` from 1.1.1 to 2.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/exec )
Updates `@types/node` from 24.10.1 to 25.0.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 2.0.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: "@actions/exec"
dependency-version: 2.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: "@types/node"
dependency-version: 25.0.2
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-16 17:21:37 +00:00
dependabot[bot]
6aac2fd790
Bump the actions group in /.github/workflows with 2 updates ( #479 )
...
Bumps the actions group in /.github/workflows with 2 updates: [github/codeql-action](https://github.com/github/codeql-action ) and [medyagh/setup-minikube](https://github.com/medyagh/setup-minikube ).
Updates `github/codeql-action` from 4.31.7 to 4.31.8
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cf1bb45a27...1b168cd394https://github.com/medyagh/setup-minikube/releases )
- [Commits](e3c7f79eb1...e9e035a86b
2025-12-16 09:17:07 -08:00
dependabot[bot]
511707c4a0
Bump prettier from 3.7.3 to 3.7.4 in the actions group ( #476 )
...
Bumps the actions group with 1 update: [prettier](https://github.com/prettier/prettier ).
Updates `prettier` from 3.7.3 to 3.7.4
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/3.7.3...3.7.4 )
---
updated-dependencies:
- dependency-name: prettier
dependency-version: 3.7.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 16:34:46 +00:00
dependabot[bot]
b35cf6be4f
Bump the actions group in /.github/workflows with 4 updates ( #477 )
...
Bumps the actions group in /.github/workflows with 4 updates: [actions/checkout](https://github.com/actions/checkout ), [github/codeql-action](https://github.com/github/codeql-action ), [actions/stale](https://github.com/actions/stale ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fdbfb4d275...cf1bb45a27https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](5f858e3efb...997185467fhttps://github.com/actions/setup-python/releases )
- [Commits](e797f83bcb...83679a892e
2025-12-15 11:26:46 -05:00
dependabot[bot]
07c26e70d3
Bump the actions group with 2 updates ( #475 )
...
Bumps the actions group with 2 updates: [prettier](https://github.com/prettier/prettier ) and [ts-jest](https://github.com/kulshekhar/ts-jest ).
Updates `prettier` from 3.6.2 to 3.7.3
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/3.6.2...3.7.3 )
Updates `ts-jest` from 29.4.5 to 29.4.6
- [Release notes](https://github.com/kulshekhar/ts-jest/releases )
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.4.5...v29.4.6 )
---
updated-dependencies:
- dependency-name: prettier
dependency-version: 3.7.3
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: actions
- dependency-name: ts-jest
dependency-version: 29.4.6
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-08 12:22:29 -08:00
dependabot[bot]
0090ff3ba3
Bump the actions group in /.github/workflows with 2 updates ( #474 )
...
Bumps the actions group in /.github/workflows with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 5.0.1 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](93cb6efe18...1af3b93b68https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](014f16e7ab...fdbfb4d275
2025-12-01 14:19:36 -05:00
