Commit Graph

312 Commits

Author SHA1 Message Date
dependabot[bot] 3d8acac3cb chore(deps): bump openai from 5.11.0 to 6.7.0
Bumps [openai](https://github.com/openai/openai-node) from 5.11.0 to 6.7.0.
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/openai/openai-node/compare/v5.11.0...v6.7.0)

---
updated-dependencies:
- dependency-name: openai
  dependency-version: 6.7.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-13 21:02:13 +00:00
Johan Jansson d46015cb8d Merge pull request #189 from actions/dependabot/npm_and_yarn/hono-4.12.7
chore(deps): bump hono from 4.11.3 to 4.12.7
2026-03-13 10:11:39 -10:00
dependabot[bot] b44f5a29f4 chore(deps): bump hono from 4.11.3 to 4.12.7
Bumps [hono](https://github.com/honojs/hono) from 4.11.3 to 4.12.7.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.11.3...v4.12.7)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-13 20:10:04 +00:00
Johan Jansson a6d96d58d5 Merge pull request #186 from Pet3cy/security-fix-mcp-token-exposure-9299248942858101367
Security fix mcp token exposure 9299248942858101367
2026-03-13 10:03:38 -10:00
Johan Jansson 4eebe5ea25 Merge branch 'main' into security-fix-mcp-token-exposure-9299248942858101367 2026-03-13 10:00:12 -10:00
Johan Jansson cf1eafb00d Merge pull request #190 from actions/try-to-fix-ci-error
Fix CI error: Check Transpiled JavaScript / Check dist
2026-03-13 09:59:59 -10:00
Johan Jansson debf34cf91 Fix CI error: Check Transpiled JavaScript / Check dist 2026-03-13 09:49:01 -10:00
Johan Jansson 541dd69625 Merge branch 'main' into security-fix-mcp-token-exposure-9299248942858101367 2026-03-13 09:33:41 -10:00
Johan Jansson f65d1a34dc Merge pull request #182 from actions/dependabot/npm_and_yarn/fast-xml-parser-5.4.2
chore(deps-dev): bump fast-xml-parser from 5.2.3 to 5.4.2
2026-03-13 09:32:38 -10:00
google-labs-jules[bot] 9d962e5274 🔒 [security fix] Mask sensitive tokens in GitHub Actions logs
- Added `core.setSecret(token)` to mask the primary GitHub token.
- Added `core.setSecret(githubMcpToken)` to mask the GitHub MCP token.
- Updated `__fixtures__/core.ts` to include the `setSecret` mock.
- Updated `__tests__/main.test.ts` to verify `setSecret` is called for the tokens.
2026-03-10 22:44:58 +00:00
dependabot[bot] 8b38b47848 chore(deps-dev): bump fast-xml-parser from 5.2.3 to 5.4.2
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.2.3 to 5.4.2.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.2.3...v5.4.2)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-03 13:20:56 +00:00
Pet3cy b7792492cd Merge pull request #12 from Pet3cy/fix-testing-improvement-parse-file-template-variables-6142620025282989819
🧪 [testing improvement] validate non-string file paths in parseFileTemplateVariables
2026-02-25 05:12:54 +01:00
google-labs-jules[bot] a2600c61b7 test: validate non-string file paths in parseFileTemplateVariables
Add test cases to verify that `parseFileTemplateVariables` correctly
throws an error when a non-string value (e.g. number, boolean, object)
is provided as a file path in the input YAML. This ensures the existing
validation is properly tested.

Co-authored-by: Pet3cy <169947521+Pet3cy@users.noreply.github.com>
2026-02-25 04:12:17 +00:00
Pet3cy 306ffe21b9 Merge pull request #11 from Pet3cy/relax-header-validation-16962389466518057682
🧹 Relax overly restrictive HTTP header name validation
2026-02-24 18:45:30 +01:00
google-labs-jules[bot] 326b9a12f4 chore: relax HTTP header name validation to match RFC 7230
Updated the regex in `src/helpers.ts` to allow all valid characters in an HTTP token (RFC 7230, section 3.2.6), including symbols like `_`, `.`, `!`, and `*`. Previously, the validation was overly restrictive, only allowing alphanumeric characters and hyphens.

Also updated the corresponding unit test in `__tests__/helpers.test.ts` to reflect the change.
2026-02-24 17:44:57 +00:00
Pet3cy 8207a8ca01 Merge pull request #10 from Pet3cy/security-fix-sensitive-data-exposure-logs-8322086360319645856
🔒 [security fix] Fix sensitive data exposure in MCP Inference logs
2026-02-24 18:42:50 +01:00
google-labs-jules[bot] c6c19e0fb7 🔒 [security fix] Fix sensitive data exposure in logs
- Change core.info to core.debug for model responses in src/inference.ts
- Change core.info to core.debug for tool execution details in src/mcp.ts
- Change core.info to core.debug for custom header logging in src/helpers.ts
- Remove sensitive response previews from error messages in src/inference.ts
- Update tests to reflect changes from core.info to core.debug
2026-02-24 17:42:20 +00:00
Stephanie Giang e09e659817 Merge pull request #173 from GitPaulo/main
Support passing max_tokens and max_completion_tokens
v2.0.7 v2
2026-02-24 10:40:15 -05:00
Paulo Santos e608d2ba8a update dist 2026-02-15 00:26:15 +00:00
Paulo Santos 27965bc3a4 updated docs for missing prompt.yml model parameters 2026-02-15 00:23:47 +00:00
Paulo Santos a8bddad5e5 update dist 2026-02-13 12:41:36 +00:00
Paulo Santos 672ba8a3ac missed comment 2026-02-13 12:38:48 +00:00
Paulo Santos 3a80d137e1 update comments 2026-02-13 12:36:47 +00:00
Paulo Santos 074e8b294d copilot review: add test for coverage of no params passed 2026-02-13 12:31:45 +00:00
Paulo Santos f1ca66fc66 build dist 2026-02-13 12:16:03 +00:00
Paulo Santos 6360e0db9b implement passing two action input properties to cover all model scenarios 2026-02-13 12:15:12 +00:00
Stephanie Giang a380166897 Merge pull request #170 from GitPaulo/gitpaulo/update-deprecated-max-tokens
Update deprecated max_tokens to max_completion_tokens
v2.0.6
2026-02-06 11:09:51 -05:00
Paulo Santos b07a08c5eb generate dist 2026-02-04 21:30:14 +00:00
Paulo Santos 725fb1c850 update max_tokens to max_completion_tokens 2026-02-04 21:29:53 +00:00
Stephanie Giang 95f4a27227 Merge pull request #160 from actions/dependabot/npm_and_yarn/rollup/rollup-linux-x64-gnu-4.55.1
chore(deps): bump @rollup/rollup-linux-x64-gnu from 4.52.5 to 4.55.1
2026-02-04 16:04:14 -05:00
dependabot[bot] b9877e2b39 chore(deps): bump @rollup/rollup-linux-x64-gnu from 4.52.5 to 4.55.1
Bumps [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) from 4.52.5 to 4.55.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.5...v4.55.1)

---
updated-dependencies:
- dependency-name: "@rollup/rollup-linux-x64-gnu"
  dependency-version: 4.55.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-04 21:00:34 +00:00
Stephanie Giang 29ac79522a Merge pull request #164 from actions/dependabot/npm_and_yarn/lodash-4.17.23
chore(deps): bump lodash from 4.17.21 to 4.17.23
2026-02-04 15:59:45 -05:00
Stephanie Giang 4ae036562a Merge branch 'main' into dependabot/npm_and_yarn/lodash-4.17.23 2026-02-04 15:59:12 -05:00
Stephanie Giang 268593b9a6 Merge pull request #168 from GitPaulo/gitpaulo/fork-add-temperature-topp-params
Add model parameters temperature and topP to action inputs
2026-02-04 15:58:13 -05:00
Paulo Santos 1171309110 refactor temperature/top-p parsing for clarity 2026-02-04 12:20:53 +00:00
Paulo Santos 71c69d42b5 document temperature and top-p inputs in readme 2026-02-04 12:12:24 +00:00
Paulo Santos d51321a7a6 rebuild dist bundle 2026-02-04 12:12:19 +00:00
Paulo Santos 5b62ecd0dd add temperature and top-p input parameters 2026-02-04 12:12:14 +00:00
dependabot[bot] eff4de28e3 chore(deps): bump lodash from 4.17.21 to 4.17.23
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-23 17:09:22 +00:00
Sean Goedecke a6101c89c6 Merge pull request #163 from yg1996/add-custom-headers-support
Add custom headers support for API Management integration
v2.0.5
2026-01-19 17:28:08 +11:00
Yonatan Golick 15ae50ae2f Add CRLF injection protection for header values
Implement security validation to prevent HTTP header injection attacks:
- Reject header values containing \r or \n characters
- Add comprehensive test coverage for CRLF protection
- Replace multiline YAML test with proper rejection test

Security improvements:
- Validates header values to prevent header injection
- Clear warning messages when values are rejected
- Four new test cases covering LF, CR, CRLF, and multiline scenarios

This addresses a critical security concern where malicious headers
could be injected via newline characters in header values.

All 84 tests passing.
2026-01-18 12:19:43 +02:00
Yonatan Golick f77380037b Update src/helpers.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-18 11:59:12 +02:00
Yonatan Golick 6402ff8f9a Update README.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-18 11:58:58 +02:00
Yonatan Golick c760995fbc Remove redundant feature documentation file
Delete CUSTOM_HEADERS_FEATURE.md as the README.md already contains
comprehensive documentation for the custom headers feature. This
reduces documentation duplication and follows standard practice
of keeping feature docs in the README.
2026-01-18 11:43:39 +02:00
Yonatan Golick ce720b3d0c Fix header validation per RFC 7230 and add null check
Address Copilot AI feedback:
- Remove underscore support from header names (RFC 7230 compliance)
- Add explicit null check for JSON parsing
- Update validation regex to /^[A-Za-z0-9-]+$/
- Add test case for null value handling
- Update documentation to clarify header name requirements

Changes:
- Header names now only accept alphanumeric characters and hyphens
- Improved error messages for invalid headers
- Added test for null JSON input
- Updated APIM example tests

All 81 tests passing.
2026-01-18 11:35:18 +02:00
Yonatan Golick 6d144ac474 Add custom headers support for API Management integration
This change adds support for custom HTTP headers in AI inference requests,
enabling integration with API Management platforms (Azure APIM, AWS API
Gateway, Kong, etc.) and custom request routing/tracking.

Features:
- New 'custom-headers' input supporting both YAML and JSON formats
- Auto-detection of input format for better UX
- Header name validation (alphanumeric, hyphens, underscores)
- Automatic masking of sensitive headers in logs
- Full backward compatibility (optional parameter)

Changes:
- Added parseCustomHeaders() function in helpers.ts
- Updated InferenceRequest interface with optional customHeaders field
- Modified simpleInference() and mcpInference() to pass headers to OpenAI client
- Added 18 comprehensive test cases
- Updated documentation with examples and use cases

All 80 tests passing. Zero breaking changes.
2026-01-18 11:24:13 +02:00
Sarah Vessels 63993128d7 Merge pull request #51 from KyFaSt/patch-1
Add Missing Languages to CodeQL Advanced Configuration
2026-01-07 11:27:48 -06:00
Sarah Vessels 3dfda414c6 Merge branch 'main' into patch-1 2026-01-07 11:21:35 -06:00
Sarah Vessels b99f473284 Merge pull request #152 from actions/dependabot/npm_and_yarn/express-5.2.1
chore(deps): bump express from 5.1.0 to 5.2.1
2026-01-07 11:11:33 -06:00
Sarah Vessels acb23a78e0 Merge branch 'main' into dependabot/npm_and_yarn/express-5.2.1 2026-01-07 11:10:57 -06:00