Johan Jansson
09488142e3
Merge pull request #174 from actions/dependabot/npm_and_yarn/qs-6.14.2
...
chore(deps): bump qs from 6.14.1 to 6.14.2
2026-03-13 11:20:50 -10:00
dependabot[bot]
c729573012
chore(deps): bump qs from 6.14.1 to 6.14.2
...
Bumps [qs](https://github.com/ljharb/qs ) from 6.14.1 to 6.14.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2 )
---
updated-dependencies:
- dependency-name: qs
dependency-version: 6.14.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 21:15:02 +00:00
Johan Jansson
fa073b82c5
Merge pull request #179 from actions/dependabot/npm_and_yarn/rollup-4.59.0
...
chore(deps-dev): bump rollup from 4.43.0 to 4.59.0
2026-03-13 11:13:49 -10:00
dependabot[bot]
1157ae8180
chore(deps-dev): bump rollup from 4.43.0 to 4.59.0
...
Bumps [rollup](https://github.com/rollup/rollup ) from 4.43.0 to 4.59.0.
- [Release notes](https://github.com/rollup/rollup/releases )
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rollup/rollup/compare/v4.43.0...v4.59.0 )
---
updated-dependencies:
- dependency-name: rollup
dependency-version: 4.59.0
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 21:11:33 +00:00
Johan Jansson
39e1ff891d
Merge pull request #181 from actions/dependabot/npm_and_yarn/ajv-6.14.0
...
chore(deps-dev): bump ajv from 6.12.6 to 6.14.0
2026-03-13 11:10:15 -10:00
dependabot[bot]
2da133cc84
chore(deps-dev): bump ajv from 6.12.6 to 6.14.0
...
Bumps [ajv](https://github.com/ajv-validator/ajv ) from 6.12.6 to 6.14.0.
- [Release notes](https://github.com/ajv-validator/ajv/releases )
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.14.0 )
---
updated-dependencies:
- dependency-name: ajv
dependency-version: 6.14.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 21:08:59 +00:00
Johan Jansson
121a7cf487
Merge pull request #161 from actions/dependabot/npm_and_yarn/actions/core-2.0.2
...
chore(deps): bump @actions/core from 1.11.1 to 2.0.2
2026-03-13 11:07:38 -10:00
dependabot[bot]
e06ed630a2
chore(deps): bump @actions/core from 1.11.1 to 2.0.2
...
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ) from 1.11.1 to 2.0.2.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 2.0.2
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 21:05:29 +00:00
Johan Jansson
230b1cd3d0
Merge pull request #140 from actions/dependabot/npm_and_yarn/openai-6.7.0
...
chore(deps): bump openai from 5.11.0 to 6.7.0
2026-03-13 11:03:23 -10:00
dependabot[bot]
3d8acac3cb
chore(deps): bump openai from 5.11.0 to 6.7.0
...
Bumps [openai](https://github.com/openai/openai-node ) from 5.11.0 to 6.7.0.
- [Release notes](https://github.com/openai/openai-node/releases )
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md )
- [Commits](https://github.com/openai/openai-node/compare/v5.11.0...v6.7.0 )
---
updated-dependencies:
- dependency-name: openai
dependency-version: 6.7.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 21:02:13 +00:00
Johan Jansson
d46015cb8d
Merge pull request #189 from actions/dependabot/npm_and_yarn/hono-4.12.7
...
chore(deps): bump hono from 4.11.3 to 4.12.7
2026-03-13 10:11:39 -10:00
dependabot[bot]
b44f5a29f4
chore(deps): bump hono from 4.11.3 to 4.12.7
...
Bumps [hono](https://github.com/honojs/hono ) from 4.11.3 to 4.12.7.
- [Release notes](https://github.com/honojs/hono/releases )
- [Commits](https://github.com/honojs/hono/compare/v4.11.3...v4.12.7 )
---
updated-dependencies:
- dependency-name: hono
dependency-version: 4.12.7
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 20:10:04 +00:00
Johan Jansson
a6d96d58d5
Merge pull request #186 from Pet3cy/security-fix-mcp-token-exposure-9299248942858101367
...
Security fix mcp token exposure 9299248942858101367
2026-03-13 10:03:38 -10:00
Johan Jansson
4eebe5ea25
Merge branch 'main' into security-fix-mcp-token-exposure-9299248942858101367
2026-03-13 10:00:12 -10:00
Johan Jansson
cf1eafb00d
Merge pull request #190 from actions/try-to-fix-ci-error
...
Fix CI error: Check Transpiled JavaScript / Check dist
2026-03-13 09:59:59 -10:00
Johan Jansson
debf34cf91
Fix CI error: Check Transpiled JavaScript / Check dist
2026-03-13 09:49:01 -10:00
Johan Jansson
541dd69625
Merge branch 'main' into security-fix-mcp-token-exposure-9299248942858101367
2026-03-13 09:33:41 -10:00
Johan Jansson
f65d1a34dc
Merge pull request #182 from actions/dependabot/npm_and_yarn/fast-xml-parser-5.4.2
...
chore(deps-dev): bump fast-xml-parser from 5.2.3 to 5.4.2
2026-03-13 09:32:38 -10:00
google-labs-jules[bot]
9d962e5274
🔒 [security fix] Mask sensitive tokens in GitHub Actions logs
...
- Added `core.setSecret(token)` to mask the primary GitHub token.
- Added `core.setSecret(githubMcpToken)` to mask the GitHub MCP token.
- Updated `__fixtures__/core.ts` to include the `setSecret` mock.
- Updated `__tests__/main.test.ts` to verify `setSecret` is called for the tokens.
2026-03-10 22:44:58 +00:00
dependabot[bot]
8b38b47848
chore(deps-dev): bump fast-xml-parser from 5.2.3 to 5.4.2
...
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser ) from 5.2.3 to 5.4.2.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases )
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.2.3...v5.4.2 )
---
updated-dependencies:
- dependency-name: fast-xml-parser
dependency-version: 5.4.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 13:20:56 +00:00
Pet3cy
b7792492cd
Merge pull request #12 from Pet3cy/fix-testing-improvement-parse-file-template-variables-6142620025282989819
...
🧪 [testing improvement] validate non-string file paths in parseFileTemplateVariables
2026-02-25 05:12:54 +01:00
google-labs-jules[bot]
a2600c61b7
test: validate non-string file paths in parseFileTemplateVariables
...
Add test cases to verify that `parseFileTemplateVariables` correctly
throws an error when a non-string value (e.g. number, boolean, object)
is provided as a file path in the input YAML. This ensures the existing
validation is properly tested.
Co-authored-by: Pet3cy <169947521+Pet3cy@users.noreply.github.com >
2026-02-25 04:12:17 +00:00
Pet3cy
306ffe21b9
Merge pull request #11 from Pet3cy/relax-header-validation-16962389466518057682
...
🧹 Relax overly restrictive HTTP header name validation
2026-02-24 18:45:30 +01:00
google-labs-jules[bot]
326b9a12f4
chore: relax HTTP header name validation to match RFC 7230
...
Updated the regex in `src/helpers.ts` to allow all valid characters in an HTTP token (RFC 7230, section 3.2.6), including symbols like `_`, `.`, `!`, and `*`. Previously, the validation was overly restrictive, only allowing alphanumeric characters and hyphens.
Also updated the corresponding unit test in `__tests__/helpers.test.ts` to reflect the change.
2026-02-24 17:44:57 +00:00
Pet3cy
8207a8ca01
Merge pull request #10 from Pet3cy/security-fix-sensitive-data-exposure-logs-8322086360319645856
...
🔒 [security fix] Fix sensitive data exposure in MCP Inference logs
2026-02-24 18:42:50 +01:00
google-labs-jules[bot]
c6c19e0fb7
🔒 [security fix] Fix sensitive data exposure in logs
...
- Change core.info to core.debug for model responses in src/inference.ts
- Change core.info to core.debug for tool execution details in src/mcp.ts
- Change core.info to core.debug for custom header logging in src/helpers.ts
- Remove sensitive response previews from error messages in src/inference.ts
- Update tests to reflect changes from core.info to core.debug
2026-02-24 17:42:20 +00:00
Stephanie Giang
e09e659817
Merge pull request #173 from GitPaulo/main
...
Support passing max_tokens and max_completion_tokens
v2.0.7
v2
2026-02-24 10:40:15 -05:00
Paulo Santos
e608d2ba8a
update dist
2026-02-15 00:26:15 +00:00
Paulo Santos
27965bc3a4
updated docs for missing prompt.yml model parameters
2026-02-15 00:23:47 +00:00
Paulo Santos
a8bddad5e5
update dist
2026-02-13 12:41:36 +00:00
Paulo Santos
672ba8a3ac
missed comment
2026-02-13 12:38:48 +00:00
Paulo Santos
3a80d137e1
update comments
2026-02-13 12:36:47 +00:00
Paulo Santos
074e8b294d
copilot review: add test for coverage of no params passed
2026-02-13 12:31:45 +00:00
Paulo Santos
f1ca66fc66
build dist
2026-02-13 12:16:03 +00:00
Paulo Santos
6360e0db9b
implement passing two action input properties to cover all model scenarios
2026-02-13 12:15:12 +00:00
Stephanie Giang
a380166897
Merge pull request #170 from GitPaulo/gitpaulo/update-deprecated-max-tokens
...
Update deprecated max_tokens to max_completion_tokens
v2.0.6
2026-02-06 11:09:51 -05:00
Paulo Santos
b07a08c5eb
generate dist
2026-02-04 21:30:14 +00:00
Paulo Santos
725fb1c850
update max_tokens to max_completion_tokens
2026-02-04 21:29:53 +00:00
Stephanie Giang
95f4a27227
Merge pull request #160 from actions/dependabot/npm_and_yarn/rollup/rollup-linux-x64-gnu-4.55.1
...
chore(deps): bump @rollup/rollup-linux-x64-gnu from 4.52.5 to 4.55.1
2026-02-04 16:04:14 -05:00
dependabot[bot]
b9877e2b39
chore(deps): bump @rollup/rollup-linux-x64-gnu from 4.52.5 to 4.55.1
...
Bumps [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup ) from 4.52.5 to 4.55.1.
- [Release notes](https://github.com/rollup/rollup/releases )
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rollup/rollup/compare/v4.52.5...v4.55.1 )
---
updated-dependencies:
- dependency-name: "@rollup/rollup-linux-x64-gnu"
dependency-version: 4.55.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-04 21:00:34 +00:00
Stephanie Giang
29ac79522a
Merge pull request #164 from actions/dependabot/npm_and_yarn/lodash-4.17.23
...
chore(deps): bump lodash from 4.17.21 to 4.17.23
2026-02-04 15:59:45 -05:00
Stephanie Giang
4ae036562a
Merge branch 'main' into dependabot/npm_and_yarn/lodash-4.17.23
2026-02-04 15:59:12 -05:00
Stephanie Giang
268593b9a6
Merge pull request #168 from GitPaulo/gitpaulo/fork-add-temperature-topp-params
...
Add model parameters temperature and topP to action inputs
2026-02-04 15:58:13 -05:00
Paulo Santos
1171309110
refactor temperature/top-p parsing for clarity
2026-02-04 12:20:53 +00:00
Paulo Santos
71c69d42b5
document temperature and top-p inputs in readme
2026-02-04 12:12:24 +00:00
Paulo Santos
d51321a7a6
rebuild dist bundle
2026-02-04 12:12:19 +00:00
Paulo Santos
5b62ecd0dd
add temperature and top-p input parameters
2026-02-04 12:12:14 +00:00
dependabot[bot]
eff4de28e3
chore(deps): bump lodash from 4.17.21 to 4.17.23
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23 )
---
updated-dependencies:
- dependency-name: lodash
dependency-version: 4.17.23
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-23 17:09:22 +00:00
Sean Goedecke
a6101c89c6
Merge pull request #163 from yg1996/add-custom-headers-support
...
Add custom headers support for API Management integration
v2.0.5
2026-01-19 17:28:08 +11:00
Yonatan Golick
15ae50ae2f
Add CRLF injection protection for header values
...
Implement security validation to prevent HTTP header injection attacks:
- Reject header values containing \r or \n characters
- Add comprehensive test coverage for CRLF protection
- Replace multiline YAML test with proper rejection test
Security improvements:
- Validates header values to prevent header injection
- Clear warning messages when values are rejected
- Four new test cases covering LF, CR, CRLF, and multiline scenarios
This addresses a critical security concern where malicious headers
could be injected via newline characters in header values.
All 84 tests passing.
2026-01-18 12:19:43 +02:00