Compare commits

...

26 Commits

Author SHA1 Message Date
Parker Brown 2156e19368 Remove dist changes
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-13 16:03:39 -07:00
Parker Brown b24274086f Merge origin/main into enterprise-app-enterprise-slug
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-13 16:01:58 -07:00
semantic-release-bot fee1f7d63c build(release): 2.2.2 [skip ci]
## [2.2.2](https://github.com/actions/create-github-app-token/compare/v2.2.1...v2.2.2) (2026-03-13)

### Bug Fixes

* **deps:** bump @actions/core from 1.11.1 to 3.0.0 ([#337](https://github.com/actions/create-github-app-token/issues/337)) ([b044133](https://github.com/actions/create-github-app-token/commit/b04413352d4644ac2131b9a90c074f5e93ca18a1))
* **deps:** bump minimatch from 9.0.5 to 9.0.9 ([#335](https://github.com/actions/create-github-app-token/issues/335)) ([5cbc656](https://github.com/actions/create-github-app-token/commit/5cbc65624c9ddc4589492bda7c8b146223e8c3e4))
* **deps:** bump the production-dependencies group with 4 updates ([#336](https://github.com/actions/create-github-app-token/issues/336)) ([6bda5bc](https://github.com/actions/create-github-app-token/commit/6bda5bc1410576b9a0879ce6076d53345485bba9))
* **deps:** bump undici from 7.16.0 to 7.18.2 ([#323](https://github.com/actions/create-github-app-token/issues/323)) ([b4f638f](https://github.com/actions/create-github-app-token/commit/b4f638f48ee0dcdbb0bc646c48e4cb2a2de847fe))
2026-03-13 22:51:54 +00:00
dependabot[bot] 6bda5bc141 fix(deps): bump the production-dependencies group with 4 updates (#336)
Bumps the production-dependencies group with 4 updates:
[@octokit/auth-app](https://github.com/octokit/auth-app.js),
[@octokit/request](https://github.com/octokit/request.js),
[p-retry](https://github.com/sindresorhus/p-retry) and
[undici](https://github.com/nodejs/undici).

Updates `@octokit/auth-app` from 8.1.2 to 8.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/octokit/auth-app.js/releases"><code>@​octokit/auth-app</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v8.2.0</h2>
<h1><a
href="https://github.com/octokit/auth-app.js/compare/v8.1.2...v8.2.0">8.2.0</a>
(2026-02-03)</h1>
<h3>Features</h3>
<ul>
<li>handling exp is too far in the future (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/699">#699</a>)
(<a
href="https://github.com/octokit/auth-app.js/commit/6201580be6cc3f0967c7454d5de92db35e353041">6201580</a>)</li>
<li>Add enterprise installation route to JWT-authenticated routes (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/736">#736</a>)
(<a
href="https://github.com/octokit/auth-app.js/commit/5b218af8ee91347b25ef944aac76932e45b997d0">5b218af</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/octokit/auth-app.js/commit/6201580be6cc3f0967c7454d5de92db35e353041"><code>6201580</code></a>
feat: handling exp is too far in the future (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/699">#699</a>)</li>
<li><a
href="https://github.com/octokit/auth-app.js/commit/5b218af8ee91347b25ef944aac76932e45b997d0"><code>5b218af</code></a>
Add enterprise installation route to JWT-authenticated routes (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/736">#736</a>)</li>
<li><a
href="https://github.com/octokit/auth-app.js/commit/4486c10028249f4f2ffaabeafde986edca92e7b5"><code>4486c10</code></a>
build(deps-dev): bump vite from 7.1.7 to 7.1.11 (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/728">#728</a>)</li>
<li><a
href="https://github.com/octokit/auth-app.js/commit/e1fecc4ea8c5475da1a1d9c6c119c9322087dbd4"><code>e1fecc4</code></a>
build(deps): bump glob from 10.4.5 to 10.5.0 (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/733">#733</a>)</li>
<li>See full diff in <a
href="https://github.com/octokit/auth-app.js/compare/v8.1.2...v8.2.0">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for <code>@​octokit/auth-app</code> since your
current version.</p>
</details>
<br />

Updates `@octokit/request` from 10.0.7 to 10.0.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/octokit/request.js/releases"><code>@​octokit/request</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v10.0.8</h2>
<h2><a
href="https://github.com/octokit/request.js/compare/v10.0.7...v10.0.8">10.0.8</a>
(2026-02-20)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>use <code>json-with-bigint</code> instead of built-in JSON methods
in order to properly support int64's (<a
href="https://redirect.github.com/octokit/request.js/issues/798">#798</a>)
(<a
href="https://github.com/octokit/request.js/commit/f13f5d9814cec9e51cdbe57e3864f9a7f95a9731">f13f5d9</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/octokit/request.js/commit/f13f5d9814cec9e51cdbe57e3864f9a7f95a9731"><code>f13f5d9</code></a>
fix: use <code>json-with-bigint</code> instead of built-in JSON methods
in order to prop...</li>
<li><a
href="https://github.com/octokit/request.js/commit/9ba6ae0fd2eff35a6c29a9f032eca6e9ba002976"><code>9ba6ae0</code></a>
Document that unsuccessful HTTP status code result in an exception (<a
href="https://redirect.github.com/octokit/request.js/issues/795">#795</a>)</li>
<li><a
href="https://github.com/octokit/request.js/commit/7160b8201ee183d57e3572c9ac78aa3f241c9468"><code>7160b82</code></a>
chore(deps): replace glob with tinyglobby (<a
href="https://redirect.github.com/octokit/request.js/issues/791">#791</a>)</li>
<li><a
href="https://github.com/octokit/request.js/commit/ab8018b6d42de25adb305e3ea5ea840ee2805481"><code>ab8018b</code></a>
ci(action): update peter-evans/create-or-update-comment action to v5 (<a
href="https://redirect.github.com/octokit/request.js/issues/776">#776</a>)</li>
<li><a
href="https://github.com/octokit/request.js/commit/fb916e454df205980835281368da81a003cde30d"><code>fb916e4</code></a>
build(deps): bump vite from 6.3.4 to 6.4.1 (<a
href="https://redirect.github.com/octokit/request.js/issues/780">#780</a>)</li>
<li><a
href="https://github.com/octokit/request.js/commit/e1eb7693969a87cbdde278c82a7474b8acec9207"><code>e1eb769</code></a>
chore(deps): update dependency esbuild to ^0.27.0 (<a
href="https://redirect.github.com/octokit/request.js/issues/784">#784</a>)</li>
<li>See full diff in <a
href="https://github.com/octokit/request.js/compare/v10.0.7...v10.0.8">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for <code>@​octokit/request</code> since your
current version.</p>
</details>
<br />

Updates `p-retry` from 7.1.0 to 7.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sindresorhus/p-retry/releases">p-retry's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.1</h2>
<ul>
<li>Fix delayed abort when signal is already aborted before delay phase
2aba573</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/p-retry/compare/v7.1.0...v7.1.1">https://github.com/sindresorhus/p-retry/compare/v7.1.0...v7.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sindresorhus/p-retry/commit/0b1e29877422c40b59cad4a4c938dcf44fe512ce"><code>0b1e298</code></a>
7.1.1</li>
<li><a
href="https://github.com/sindresorhus/p-retry/commit/2aba573c0fdca165c4d95262f51ae56902f2f892"><code>2aba573</code></a>
Fix delayed abort when signal is already aborted before delay phase</li>
<li><a
href="https://github.com/sindresorhus/p-retry/commit/6ac326b188834f4af5a54cedc114f67f0f510613"><code>6ac326b</code></a>
Minor tweak</li>
<li>See full diff in <a
href="https://github.com/sindresorhus/p-retry/compare/v7.1.0...v7.1.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `undici` from 7.16.0 to 7.22.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases">undici's
releases</a>.</em></p>
<blockquote>
<h2>v7.22.0</h2>
<h2>What's Changed</h2>
<ul>
<li>docs: fix syntax highlighting in WebSocket.md by <a
href="https://github.com/styfle"><code>@​styfle</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4814">nodejs/undici#4814</a></li>
<li>fix: use OR operator in includesCredentials per WHATWG URL Standard
by <a href="https://github.com/jackhax"><code>@​jackhax</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4816">nodejs/undici#4816</a></li>
<li>feat(dispatcher/env-http-proxy-agent): strip leading dot and
asterisk by <a
href="https://github.com/SuperOleg39"><code>@​SuperOleg39</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/4676">nodejs/undici#4676</a></li>
<li>fix: route WebSocket upgrades through onRequestUpgrade by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4787">nodejs/undici#4787</a></li>
<li>build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/4821">nodejs/undici#4821</a></li>
<li>fix(deduplicate): do not deduplicate non-safe methods by default by
<a href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4818">nodejs/undici#4818</a></li>
<li>feat: Support async cache stores in revalidation by <a
href="https://github.com/marcopiraccini"><code>@​marcopiraccini</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/4826">nodejs/undici#4826</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jackhax"><code>@​jackhax</code></a> made
their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/4816">nodejs/undici#4816</a></li>
<li><a
href="https://github.com/marcopiraccini"><code>@​marcopiraccini</code></a>
made their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/4826">nodejs/undici#4826</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v7.21.0...v7.22.0">https://github.com/nodejs/undici/compare/v7.21.0...v7.22.0</a></p>
<h2>v7.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/4796">nodejs/undici#4796</a></li>
<li>test: restore global dispatcher after fetch tests by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4790">nodejs/undici#4790</a></li>
<li>Add missing <code>close</code> method to WebSocketStream interface
by <a href="https://github.com/piotr-cz"><code>@​piotr-cz</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/4802">nodejs/undici#4802</a></li>
<li>fix: error stream instead of canceling by <a
href="https://github.com/KhafraDev"><code>@​KhafraDev</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4804">nodejs/undici#4804</a></li>
<li>Fix clientTtl cleanup race in Agent by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4807">nodejs/undici#4807</a></li>
<li>feat(<a
href="https://redirect.github.com/nodejs/undici/issues/4230">#4230</a>):
Implement pingInterval for dispatching PING frames by <a
href="https://github.com/metcoder95"><code>@​metcoder95</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4296">nodejs/undici#4296</a></li>
<li>fix: handle undefined __filename in bundled environments by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4812">nodejs/undici#4812</a></li>
<li>fix: set finalizer only for fetch responses by <a
href="https://github.com/tsctx"><code>@​tsctx</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4803">nodejs/undici#4803</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/piotr-cz"><code>@​piotr-cz</code></a>
made their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/4802">nodejs/undici#4802</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v7.20.0...v7.21.0">https://github.com/nodejs/undici/compare/v7.20.0...v7.21.0</a></p>
<h2>v7.20.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: preserve fetch stack traces by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4778">nodejs/undici#4778</a></li>
<li>Fix error handling in MockPool example by <a
href="https://github.com/dave-kennedy"><code>@​dave-kennedy</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/4781">nodejs/undici#4781</a></li>
<li>feat: expose statusText in request() ResponseData by <a
href="https://github.com/domenic"><code>@​domenic</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4784">nodejs/undici#4784</a></li>
<li>test: reduce retry-after invalid date flake by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4788">nodejs/undici#4788</a></li>
<li>extractBody fixes by <a
href="https://github.com/KhafraDev"><code>@​KhafraDev</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4791">nodejs/undici#4791</a></li>
<li>fix: MockAgent delayed response with AbortSignal (<a
href="https://redirect.github.com/nodejs/undici/issues/4693">#4693</a>)
by <a href="https://github.com/mcollina"><code>@​mcollina</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/4772">nodejs/undici#4772</a></li>
<li>fix: onParserTimeout potentially accessing undefined by <a
href="https://github.com/vbfox"><code>@​vbfox</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4758">nodejs/undici#4758</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/dave-kennedy"><code>@​dave-kennedy</code></a>
made their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/4781">nodejs/undici#4781</a></li>
<li><a href="https://github.com/vbfox"><code>@​vbfox</code></a> made
their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/4758">nodejs/undici#4758</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v7.19.2...v7.20.0">https://github.com/nodejs/undici/compare/v7.19.2...v7.20.0</a></p>
<h2>v7.19.2</h2>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nodejs/undici/commit/0a236106a3a3e1b0aab424f71de2a68ca2c1d37b"><code>0a23610</code></a>
Bumped v7.22.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/4829">#4829</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/f3c5c614901e4ba29f2f60730c3d4f28e60a5186"><code>f3c5c61</code></a>
feat: Support async cache stores in revalidation (<a
href="https://redirect.github.com/nodejs/undici/issues/4826">#4826</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/9b78a44eb21cabe0451263ef8e3cfc7ad8e40876"><code>9b78a44</code></a>
fix(deduplicate): avoid deduping methods not in methods option (<a
href="https://redirect.github.com/nodejs/undici/issues/4818">#4818</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/0ce57bad2c171a16c043c8234317ef5383f86e0b"><code>0ce57ba</code></a>
build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 (<a
href="https://redirect.github.com/nodejs/undici/issues/4821">#4821</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/2453caf93824997c24383e5a84fddbfa783113b0"><code>2453caf</code></a>
fix: route websocket upgrades through new handler API (<a
href="https://redirect.github.com/nodejs/undici/issues/4787">#4787</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/4658cdf5eacf3f6692ec96811a0e49e6b9bc060a"><code>4658cdf</code></a>
feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk
(<a
href="https://redirect.github.com/nodejs/undici/issues/4676">#4676</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/a821c5669fa653364649d8fb7b36957702c548f5"><code>a821c56</code></a>
fix: use OR operator in includesCredentials per WHATWG URL Standard (<a
href="https://redirect.github.com/nodejs/undici/issues/4816">#4816</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/b3326b58969e2370a7da77d80dbad4df2f36ca1e"><code>b3326b5</code></a>
docs: fix syntax highlighting in WebSocket.md (<a
href="https://redirect.github.com/nodejs/undici/issues/4814">#4814</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/393c0da68691a6da8ea0a774e38bcce2889be89e"><code>393c0da</code></a>
Bumped v7.21.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/4813">#4813</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/47f9b9664759d18d30c3c8f321425bee102e1df3"><code>47f9b96</code></a>
fix: set finalizer only for fetch responses (<a
href="https://redirect.github.com/nodejs/undici/issues/4803">#4803</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/nodejs/undici/compare/v7.16.0...v7.22.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-13 15:51:23 -07:00
dependabot[bot] b04413352d fix(deps): bump @actions/core from 1.11.1 to 3.0.0 (#337)
Bumps
[@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core)
from 1.11.1 to 3.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md"><code>@​actions/core</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>3.0.0</h2>
<ul>
<li><strong>Breaking change</strong>: Package is now ESM-only
<ul>
<li>CommonJS consumers must use dynamic <code>import()</code> instead of
<code>require()</code></li>
</ul>
</li>
</ul>
<h2>2.0.3</h2>
<ul>
<li>Bump <code>@actions/http-client</code> to <code>3.0.2</code></li>
</ul>
<h2>2.0.1</h2>
<ul>
<li>Bump <code>@​actions/exec</code> from 1.1.1 to 2.0.0 <a
href="https://redirect.github.com/actions/toolkit/pull/2199">#2199</a></li>
</ul>
<h2>2.0.0</h2>
<ul>
<li>Add support for Node 24 <a
href="https://redirect.github.com/actions/toolkit/pull/2110">#2110</a></li>
<li>Bump <code>@​actions/http-client</code> from 2.0.1 to 3.0.0</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/actions/toolkit/commits/HEAD/packages/core">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for <code>@​actions/core</code> since your
current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/core&package-manager=npm_and_yarn&previous-version=1.11.1&new-version=3.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-13 15:51:23 -07:00
dependabot[bot] 5cbc65624c fix(deps): bump minimatch from 9.0.5 to 9.0.9 (#335)
Bumps [minimatch](https://github.com/isaacs/minimatch) from 9.0.5 to
9.0.9.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/isaacs/minimatch/commit/8a10e473e2e0ff03c2d4de308f257093af2bce21"><code>8a10e47</code></a>
9.0.9</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/c6f180636cebd4de2f9af7ef29ca4c9bf2eeef02"><code>c6f1806</code></a>
brace-expansion@2</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/446cfa3e2aa3ef45bd4a27fa4418221e158489f6"><code>446cfa3</code></a>
9.0.8</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/8fa151ab95fd4e2acd6e1a81f10d02dc7c1098d3"><code>8fa151a</code></a>
docs: add warning about ReDoS</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/71b78a2a4cad3a40af08a39c065e71bbf69ea7f7"><code>71b78a2</code></a>
fix partial matching of globstar patterns</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/2de496f6d9362dd92460f35ffa6ff8de2907244b"><code>2de496f</code></a>
9.0.7</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/0d4616de9193bf1d359271662e92657bb51b2f75"><code>0d4616d</code></a>
limit nested extglob recursion, flatten extglobs</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/7117ef381e74deace1c62a74d2298c8fe61d10ca"><code>7117ef3</code></a>
9.0.6</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/2418458b7fe82e0a1fd1a1b6f618c41c90b9848a"><code>2418458</code></a>
update deps, do not checkin dist</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/1d1f531009d5e4a86083de37e5ef3f301e073986"><code>1d1f531</code></a>
update deps</li>
<li>Additional commits viewable in <a
href="https://github.com/isaacs/minimatch/compare/v9.0.5...v9.0.9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=minimatch&package-manager=npm_and_yarn&previous-version=9.0.5&new-version=9.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/actions/create-github-app-token/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-13 15:51:23 -07:00
dependabot[bot] b4f638f48e fix(deps): bump undici from 7.16.0 to 7.18.2 (#323)
Bumps [undici](https://github.com/nodejs/undici) from 7.16.0 to 7.18.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases">undici's
releases</a>.</em></p>
<blockquote>
<h2>v7.18.2</h2>
<h2>⚠️ Security Release</h2>
<p>This fixes <a
href="https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9">https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9</a>
and CVE-2026-22036.</p>
<h2>What's Changed</h2>
<ul>
<li>fix(decompress): limit Content-Encoding chain to 5 to prevent
resourc… by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4729">nodejs/undici#4729</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2">https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2</a></p>
<h2>v7.18.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Test and Fix running without SSL by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4727">nodejs/undici#4727</a></li>
<li>docs: add security warning for strictContentLength option by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4726">nodejs/undici#4726</a></li>
<li>build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/4718">nodejs/undici#4718</a></li>
<li>build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/4719">nodejs/undici#4719</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1">https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1</a></p>
<h2>v7.18.0</h2>
<h2>What's Changed</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0">https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0</a></p>
<h2>v7.17.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: extract infra and encoding methods by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4523">nodejs/undici#4523</a></li>
<li>ci: remove h2 by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4534">nodejs/undici#4534</a></li>
<li>ci: make nodejs-shared wf reusable, install binaryen for wasm-opt,
test on node-nightly by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4535">nodejs/undici#4535</a></li>
<li>ci: fix nightly shared library case by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4543">nodejs/undici#4543</a></li>
<li>test: consume bodies of fetch responses to fix failing macos 20 ci
by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4528">nodejs/undici#4528</a></li>
<li>docs: add Cache Interceptor example to README by <a
href="https://github.com/tawseefnabi"><code>@​tawseefnabi</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/4393">nodejs/undici#4393</a></li>
<li>test: remove node20 version check by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4544">nodejs/undici#4544</a></li>
<li>types: use MessagePort instance type in MessageEvent by <a
href="https://github.com/Renegade334"><code>@​Renegade334</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/4546">nodejs/undici#4546</a></li>
<li>ci: set write permissions on job level by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4537">nodejs/undici#4537</a></li>
<li>lint: activate n/no-process-exit by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4548">nodejs/undici#4548</a></li>
<li>ci: run benchmarks on pull_requests and by pushing on specific
branches only by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4536">nodejs/undici#4536</a></li>
<li>chore: activate n/prefer-node-protocol to enforce
<code>'node:'</code> prefix for requiring node built-ins by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4547">nodejs/undici#4547</a></li>
<li>feat(H2): correct CONNECT behaviour by <a
href="https://github.com/metcoder95"><code>@​metcoder95</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4541">nodejs/undici#4541</a></li>
<li>test: fix plans by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4550">nodejs/undici#4550</a></li>
<li>feat: add runtime feature &quot;detection&quot; by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4545">nodejs/undici#4545</a></li>
<li>perf: use less promises in extractBody by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4458">nodejs/undici#4458</a></li>
<li>fix(proxy-agent): add missing return after callback-call by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4553">nodejs/undici#4553</a></li>
<li>fix: remove redundant line in retry-handler by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4554">nodejs/undici#4554</a></li>
<li>ci: add no-wasm-simd option by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4533">nodejs/undici#4533</a></li>
<li>fix: use lazyloaders for runtime feature detection by <a
href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4557">nodejs/undici#4557</a></li>
<li>fix: minor changes in dispatcher-base.js and types for Dispatcher by
<a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4556">nodejs/undici#4556</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nodejs/undici/commit/7e5cb2d7468633b48679627061d696a0bb45f651"><code>7e5cb2d</code></a>
Bumped v7.18.2 (<a
href="https://redirect.github.com/nodejs/undici/issues/4730">#4730</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3"><code>b04e3cb</code></a>
fix(decompress): limit Content-Encoding chain to 5 to prevent resource
exhaus...</li>
<li><a
href="https://github.com/nodejs/undici/commit/2bcb77bbc27f966ac86e31154161792a4a8dadf5"><code>2bcb77b</code></a>
Bumped v7.18.1 (<a
href="https://redirect.github.com/nodejs/undici/issues/4728">#4728</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/58a12b7f19f5d4b186c90aed2e3a55a3ba37decf"><code>58a12b7</code></a>
build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (<a
href="https://redirect.github.com/nodejs/undici/issues/4719">#4719</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/5fa2930582cab9c387df5cb2ddef44cb42bdf4a9"><code>5fa2930</code></a>
build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/4718">#4718</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/fbbe283fc4054c35ad21316bcf65996b0929ed58"><code>fbbe283</code></a>
docs: add security warning for strictContentLength option (<a
href="https://redirect.github.com/nodejs/undici/issues/4726">#4726</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/ce12d9e5dc1a72724cbef8ac43219ba9643b9142"><code>ce12d9e</code></a>
fix: do not crash if Node.js is compiled without SSL (<a
href="https://redirect.github.com/nodejs/undici/issues/4727">#4727</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/ebe3e33ea4d25402e0dc12dcc67902fdb7f231d4"><code>ebe3e33</code></a>
Bumped v7.18.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/4725">#4725</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/4e9b88b1c78349a956babef1151add83866f2dfb"><code>4e9b88b</code></a>
fix: limit Content-Encoding chain to 5 to prevent resource
exhaustion</li>
<li><a
href="https://github.com/nodejs/undici/commit/d5607677d444553183b0a637f687d20167427b36"><code>d560767</code></a>
Bumped v7.17.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/4724">#4724</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/nodejs/undici/compare/v7.16.0...v7.18.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=undici&package-manager=npm_and_yarn&previous-version=7.16.0&new-version=7.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/actions/create-github-app-token/network/alerts).

</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-13 15:51:23 -07:00
dependabot[bot] efd9eb0674 build(deps-dev): bump tar from 7.4.3 to 7.5.11 (#341)
Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.11.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>7.5</h2>
<ul>
<li>Added <code>zstd</code> compression support.</li>
<li>Consistent TOCTOU behavior in sync t.list</li>
<li>Only read from ustar block if not specified in Pax</li>
<li>Fix sync tar.list when file size reduces while reading</li>
<li>Sanitize absolute linkpaths properly</li>
<li>Prevent writing hardlink entries to the archive ahead of their
file target</li>
</ul>
<h2>7.4</h2>
<ul>
<li>Deprecate <code>onentry</code> in favor of <code>onReadEntry</code>
for clarity.</li>
</ul>
<h2>7.3</h2>
<ul>
<li>Add <code>onWriteEntry</code> option</li>
</ul>
<h2>7.2</h2>
<ul>
<li>DRY the command definitions into a single <code>makeCommand</code>
method,
and update the type signatures to more appropriately infer the
return type from the options and arguments provided.</li>
</ul>
<h2>7.1</h2>
<ul>
<li>Update minipass to v7.1.0</li>
<li>Update the type definitions of <code>write()</code> and
<code>end()</code> methods on
<code>Unpack</code> and <code>Parser</code> classes to be compatible
with the
NodeJS.WritableStream type in the latest versions of
<code>@types/node</code>.</li>
</ul>
<h2>7.0</h2>
<ul>
<li>Drop support for node &lt;18</li>
<li>Rewrite in TypeScript, provide ESM and CommonJS hybrid
interface</li>
<li>Add tree-shake friendly exports, like
<code>import('tar/create')</code>
and <code>import('tar/read-entry')</code> to get individual functions or
classes.</li>
<li>Add <code>chmod</code> option that defaults to false, and deprecate
<code>noChmod</code>. That is, reverse the default option regarding
explicitly setting file system modes to match tar entry
settings.</li>
<li>Add <code>processUmask</code> option to avoid having to call
<code>process.umask()</code> when <code>chmod: true</code> (or
<code>noChmod: false</code>) is
set.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4"><code>bf776f6</code></a>
7.5.11</li>
<li><a
href="https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad"><code>f48b5fa</code></a>
prevent escaping symlinks with drive-relative paths</li>
<li><a
href="https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3"><code>97cff15</code></a>
docs: more security info</li>
<li><a
href="https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1"><code>2b72abc</code></a>
7.5.10</li>
<li><a
href="https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f"><code>7bc755d</code></a>
parse root off paths before sanitizing .. parts</li>
<li><a
href="https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778"><code>c8cb846</code></a>
update deps</li>
<li><a
href="https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa"><code>1f0c2c9</code></a>
7.5.9</li>
<li><a
href="https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75"><code>fbb0851</code></a>
build minified version as default export</li>
<li><a
href="https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f"><code>6b8eba0</code></a>
7.5.8</li>
<li><a
href="https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"><code>2cb1120</code></a>
fix(unpack): improve UnpackSync symlink error &quot;into&quot; path
accuracy</li>
<li>Additional commits viewable in <a
href="https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.11">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for tar
since your current version.</p>
</details>
<details>
<summary>Install script changes</summary>
<p>This version adds <code>prepare</code> script that runs during
installation. Review the package contents before updating.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tar&package-manager=npm_and_yarn&previous-version=7.4.3&new-version=7.5.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/actions/create-github-app-token/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-12 23:03:34 -07:00
dependabot[bot] 340567cb0e build(deps-dev): bump the development-dependencies group across 1 directory with 5 updates (#334)
Bumps the development-dependencies group with 5 updates in the /
directory:

| Package | From | To |
| --- | --- | --- |
| [@sinonjs/fake-timers](https://github.com/sinonjs/fake-timers) |
`15.0.0` | `15.1.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.3.1` |
| [esbuild](https://github.com/evanw/esbuild) | `0.25.10` | `0.27.3` |
| [execa](https://github.com/sindresorhus/execa) | `9.6.0` | `9.6.1` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.8.2` |


Updates `@sinonjs/fake-timers` from 15.0.0 to 15.1.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sinonjs/fake-timers/blob/main/CHANGELOG.md"><code>@​sinonjs/fake-timers</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>15.1.0 / 2025-12-18</h1>
<ul>
<li>Include stacktrace clear native timers warning (<a
href="https://redirect.github.com/sinonjs/fake-timers/issues/529">#529</a>)</li>
<li>docs: Update <code>setTickMode</code> docs to mention sinon APIs,
not jest (<a
href="https://redirect.github.com/sinonjs/fake-timers/issues/527">#527</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sinonjs/fake-timers/commit/307815db063b5001f946488292c0093a991c3062"><code>307815d</code></a>
15.1.0</li>
<li><a
href="https://github.com/sinonjs/fake-timers/commit/d4d0eed1c9432f07f2b4a0dcbba58b388e1fc8c6"><code>d4d0eed</code></a>
Updated release files for 15.1.0</li>
<li><a
href="https://github.com/sinonjs/fake-timers/commit/88145ac11337176d19aadf9dbe0d7a4cd6410abb"><code>88145ac</code></a>
Commit lock file</li>
<li><a
href="https://github.com/sinonjs/fake-timers/commit/4296cb900cd7ea54cff9fec2d346ba73a4be0f60"><code>4296cb9</code></a>
Update all</li>
<li><a
href="https://github.com/sinonjs/fake-timers/commit/c623931fa954dbcb564e65b32a463ea0b2224aff"><code>c623931</code></a>
adjustment: only do check on V8 engines</li>
<li><a
href="https://github.com/sinonjs/fake-timers/commit/d1983d2842886bb01486984b8611082710eb97d6"><code>d1983d2</code></a>
Include stacktrace clear native timers warning (<a
href="https://redirect.github.com/sinonjs/fake-timers/issues/529">#529</a>)</li>
<li><a
href="https://github.com/sinonjs/fake-timers/commit/73f52d814aa35e3e702757ca555f7ddaa12e7f53"><code>73f52d8</code></a>
docs: Update <code>setTickMode</code> docs to mention sinon APIs, not
jest (<a
href="https://redirect.github.com/sinonjs/fake-timers/issues/527">#527</a>)</li>
<li>See full diff in <a
href="https://github.com/sinonjs/fake-timers/compare/v15.0.0...v15.1.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `dotenv` from 17.2.3 to 17.3.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md">dotenv's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/motdotla/dotenv/compare/v17.3.0...v17.3.1">17.3.1</a>
(2026-02-12)</h2>
<h3>Changed</h3>
<ul>
<li>Fix as2 example command in README and update spanish README</li>
</ul>
<h2><a
href="https://github.com/motdotla/dotenv/compare/v17.2.4...v17.3.0">17.3.0</a>
(2026-02-12)</h2>
<h3>Added</h3>
<ul>
<li>Add a new README section on dotenv’s approach to the agentic
future.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Rewrite README to get humans started more quickly with less noise
while simultaneously making more accessible for llms and agents to go
deeper into details.</li>
</ul>
<h2><a
href="https://github.com/motdotla/dotenv/compare/v17.2.3...v17.2.4">17.2.4</a>
(2026-02-05)</h2>
<h3>Changed</h3>
<ul>
<li>Make <code>DotenvPopulateInput</code> accept
<code>NodeJS.ProcessEnv</code> type (<a
href="https://redirect.github.com/motdotla/dotenv/pull/915">#915</a>)</li>
</ul>
<ul>
<li>Give back to dotenv by checking out my newest project <a
href="https://github.com/vestauth/vestauth">vestauth</a>. It is auth for
agents. Thank you for using my software.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/motdotla/dotenv/commit/7bc16a41c9efd4cf4ab8a4614d0ace7fd240b27b"><code>7bc16a4</code></a>
17.3.1</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/27303fd56321a166d698f0482e0f4d0c51e51c1e"><code>27303fd</code></a>
update README-es</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/6379eb2cae43c27656df8d93509b2c14366811ec"><code>6379eb2</code></a>
update README</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/b6d7339fd085a290669af8e601331c13b4dd2920"><code>b6d7339</code></a>
fix spelling</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/5febe352d4dd499bfaa73de808a56bf03a268b6b"><code>5febe35</code></a>
17.3.0</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/f61f3832c438078fc5d6552f59fac0c0205eca98"><code>f61f383</code></a>
changelog 🪵</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/dec94ad828acba99e3a8570ecf12a1081f9c189c"><code>dec94ad</code></a>
update README</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/485695052c82c26024fbb8568babb0770756dd06"><code>4856950</code></a>
update README</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/6351887077957c5ee74c3528bccbf5512b184b2e"><code>6351887</code></a>
update README</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/23bd017381f1ab5e4fcdeaebe2e134aaef644a4c"><code>23bd017</code></a>
update README</li>
<li>Additional commits viewable in <a
href="https://github.com/motdotla/dotenv/compare/v17.2.3...v17.3.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `esbuild` from 0.25.10 to 0.27.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/evanw/esbuild/releases">esbuild's
releases</a>.</em></p>
<blockquote>
<h2>v0.27.3</h2>
<ul>
<li>
<p>Preserve URL fragments in data URLs (<a
href="https://redirect.github.com/evanw/esbuild/issues/4370">#4370</a>)</p>
<p>Consider the following HTML, CSS, and SVG:</p>
<ul>
<li>
<p><code>index.html</code>:</p>
<pre lang="html"><code>&lt;!DOCTYPE html&gt;
&lt;html&gt;
&lt;head&gt;&lt;link rel=&quot;stylesheet&quot;
href=&quot;icons.css&quot;&gt;&lt;/head&gt;
&lt;body&gt;&lt;div
class=&quot;triangle&quot;&gt;&lt;/div&gt;&lt;/body&gt;
&lt;/html&gt;
</code></pre>
</li>
<li>
<p><code>icons.css</code>:</p>
<pre lang="css"><code>.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}
</code></pre>
</li>
<li>
<p><code>triangle.svg</code>:</p>
<pre lang="xml"><code>&lt;svg
xmlns=&quot;http://www.w3.org/2000/svg&quot;&gt;
  &lt;defs&gt;
    &lt;clipPath id=&quot;x&quot;&gt;
      &lt;path d=&quot;M0 0H10V10Z&quot;/&gt;
    &lt;/clipPath&gt;
  &lt;/defs&gt;
&lt;/svg&gt;
</code></pre>
</li>
</ul>
<p>The CSS uses a URL fragment (the <code>#x</code>) to reference the
<code>clipPath</code> element in the SVG file. Previously esbuild's CSS
bundler didn't preserve the URL fragment when bundling the SVG using the
<code>dataurl</code> loader, which broke the bundled CSS. With this
release, esbuild will now preserve the URL fragment in the bundled
CSS:</p>
<pre lang="css"><code>/* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
clip-path: url('data:image/svg+xml,&lt;svg
xmlns=&quot;http://www.w3.org/2000/svg&quot;&gt;&lt;defs&gt;&lt;clipPath
id=&quot;x&quot;&gt;&lt;path d=&quot;M0
0H10V10Z&quot;/&gt;&lt;/clipPath&gt;&lt;/defs&gt;&lt;/svg&gt;#x');
}
</code></pre>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's
changelog</a>.</em></p>
<blockquote>
<h2>0.27.3</h2>
<ul>
<li>
<p>Preserve URL fragments in data URLs (<a
href="https://redirect.github.com/evanw/esbuild/issues/4370">#4370</a>)</p>
<p>Consider the following HTML, CSS, and SVG:</p>
<ul>
<li>
<p><code>index.html</code>:</p>
<pre lang="html"><code>&lt;!DOCTYPE html&gt;
&lt;html&gt;
&lt;head&gt;&lt;link rel=&quot;stylesheet&quot;
href=&quot;icons.css&quot;&gt;&lt;/head&gt;
&lt;body&gt;&lt;div
class=&quot;triangle&quot;&gt;&lt;/div&gt;&lt;/body&gt;
&lt;/html&gt;
</code></pre>
</li>
<li>
<p><code>icons.css</code>:</p>
<pre lang="css"><code>.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}
</code></pre>
</li>
<li>
<p><code>triangle.svg</code>:</p>
<pre lang="xml"><code>&lt;svg
xmlns=&quot;http://www.w3.org/2000/svg&quot;&gt;
  &lt;defs&gt;
    &lt;clipPath id=&quot;x&quot;&gt;
      &lt;path d=&quot;M0 0H10V10Z&quot;/&gt;
    &lt;/clipPath&gt;
  &lt;/defs&gt;
&lt;/svg&gt;
</code></pre>
</li>
</ul>
<p>The CSS uses a URL fragment (the <code>#x</code>) to reference the
<code>clipPath</code> element in the SVG file. Previously esbuild's CSS
bundler didn't preserve the URL fragment when bundling the SVG using the
<code>dataurl</code> loader, which broke the bundled CSS. With this
release, esbuild will now preserve the URL fragment in the bundled
CSS:</p>
<pre lang="css"><code>/* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
clip-path: url('data:image/svg+xml,&lt;svg
xmlns=&quot;http://www.w3.org/2000/svg&quot;&gt;&lt;defs&gt;&lt;clipPath
id=&quot;x&quot;&gt;&lt;path d=&quot;M0
0H10V10Z&quot;/&gt;&lt;/clipPath&gt;&lt;/defs&gt;&lt;/svg&gt;#x');
}
</code></pre>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/evanw/esbuild/commit/9129e00e6c36a3e374820cb5e3fc2cd319c8ab85"><code>9129e00</code></a>
publish 0.27.3 to npm</li>
<li><a
href="https://github.com/evanw/esbuild/commit/e20e4115acda9c9f052fdd1ec8d7d5c5489e837b"><code>e20e411</code></a>
small fix to release notes</li>
<li><a
href="https://github.com/evanw/esbuild/commit/0dc0f2dee556460bd7b81d5bbbae5a2f86449ab6"><code>0dc0f2d</code></a>
fix <a
href="https://redirect.github.com/evanw/esbuild/issues/4322">#4322</a>:
parse and print CSS <code>@scope</code> rules</li>
<li><a
href="https://github.com/evanw/esbuild/commit/55fe39164cd3429fcb92c6f358a8dfe2f6e6e559"><code>55fe391</code></a>
update firefox css gradient support</li>
<li><a
href="https://github.com/evanw/esbuild/commit/2c35297c7ad249a51b9cc3974fa91f74dc13f68c"><code>2c35297</code></a>
update gradient lowering transform</li>
<li><a
href="https://github.com/evanw/esbuild/commit/9209e4445abe7610018f0f758fd5d1fa13ec3ea8"><code>9209e44</code></a>
Update Go to 1.25.7 (<a
href="https://redirect.github.com/evanw/esbuild/issues/4388">#4388</a>)</li>
<li><a
href="https://github.com/evanw/esbuild/commit/e8d861b68cf8c3c3a4806ec87444ee48b9af1ade"><code>e8d861b</code></a>
close <a
href="https://redirect.github.com/evanw/esbuild/issues/4374">#4374</a>:
compat table for the <code>using</code> feature</li>
<li><a
href="https://github.com/evanw/esbuild/commit/19b8887368396934957abd75f316cc069d6cc067"><code>19b8887</code></a>
no longer need <code>williamkapke/node-compat-table</code></li>
<li><a
href="https://github.com/evanw/esbuild/commit/7e442189722b54bc6c574ae1148e1014d99e5f32"><code>7e44218</code></a>
the <code>kangax/compat-table</code> repo moved to a new url</li>
<li><a
href="https://github.com/evanw/esbuild/commit/23b9338ed5efbdfa29d59b8b0d8088b1761fdc39"><code>23b9338</code></a>
run <code>make update-compat-table</code></li>
<li>Additional commits viewable in <a
href="https://github.com/evanw/esbuild/compare/v0.25.10...v0.27.3">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for esbuild since your current version.</p>
</details>
<br />

Updates `execa` from 9.6.0 to 9.6.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sindresorhus/execa/releases">execa's
releases</a>.</em></p>
<blockquote>
<h2>v9.6.1</h2>
<ul>
<li>Fix <code>VerboseOption</code> type not being properly exported (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1215">#1215</a>)
7891c39</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/execa/compare/v9.6.0...v9.6.1">https://github.com/sindresorhus/execa/compare/v9.6.0...v9.6.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sindresorhus/execa/commit/84e1f36b2c31a463e3efbd37c7505da9438a05c9"><code>84e1f36</code></a>
9.6.1</li>
<li><a
href="https://github.com/sindresorhus/execa/commit/7891c39441c5a6d0fca4be696c0c1cf0b746fa1e"><code>7891c39</code></a>
Fix <code>VerboseOption</code> type not being properly exported (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1215">#1215</a>)</li>
<li><a
href="https://github.com/sindresorhus/execa/commit/103095f2c9a459ae3500fa7d861f162c21a94b3a"><code>103095f</code></a>
Meta tweaks</li>
<li><a
href="https://github.com/sindresorhus/execa/commit/23ec6f0569b3e42af43294dc807494ebe896e980"><code>23ec6f0</code></a>
Fix CI tests related to <code>.kill(0)</code> (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1212">#1212</a>)</li>
<li><a
href="https://github.com/sindresorhus/execa/commit/9a2cb79b1120f3b476aa8a452ceaeb71bfa19a2d"><code>9a2cb79</code></a>
Meta tweaks</li>
<li><a
href="https://github.com/sindresorhus/execa/commit/e7cafebf55e19485a9d4bdf5af9ed5d2c82fe0d8"><code>e7cafeb</code></a>
[docs] TTY control is lost only on the FD that uses mixed inherit. (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1209">#1209</a>)</li>
<li><a
href="https://github.com/sindresorhus/execa/commit/5587ae1dcb9b258b0d9667219100b197de50594f"><code>5587ae1</code></a>
Fix CI tests (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1207">#1207</a>)</li>
<li><a
href="https://github.com/sindresorhus/execa/commit/3e8fa32d498dcc57f1da447524bdb6b521fbd603"><code>3e8fa32</code></a>
[docs] A process is not a TTY usually, just connected to one. (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1208">#1208</a>)</li>
<li><a
href="https://github.com/sindresorhus/execa/commit/c468672a7f212e9040c4405e99f9428d3253a76a"><code>c468672</code></a>
[docs] Transforms: Summary: Fix example command and output. (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1206">#1206</a>)</li>
<li>See full diff in <a
href="https://github.com/sindresorhus/execa/compare/v9.6.0...v9.6.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `yaml` from 2.8.1 to 2.8.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/eemeli/yaml/releases">yaml's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.2</h2>
<ul>
<li>Serialize -0 as -0 (<a
href="https://redirect.github.com/eemeli/yaml/issues/638">#638</a>)</li>
<li>Do not double newlines for empty map values (<a
href="https://redirect.github.com/eemeli/yaml/issues/642">#642</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/eemeli/yaml/commit/086fa6b5bae325da18734750cddee231ce578930"><code>086fa6b</code></a>
2.8.2</li>
<li><a
href="https://github.com/eemeli/yaml/commit/95f01e98032ddf199b42bb3ba0737303b35ef752"><code>95f01e9</code></a>
chore: Add funding to package.json</li>
<li><a
href="https://github.com/eemeli/yaml/commit/152e204a9255064cc0af4f70b7fa0ac25e324a42"><code>152e204</code></a>
style: Apply updated Prettier rules &amp; satisfy updated ESLint</li>
<li><a
href="https://github.com/eemeli/yaml/commit/3f3378c3bff1663a41f413dbf3c65b9bbb292db7"><code>3f3378c</code></a>
chore: Drop unused dependency cross-env</li>
<li><a
href="https://github.com/eemeli/yaml/commit/f0b9af7b6fba48e0fe4b4a85a64cb3339e5dd7aa"><code>f0b9af7</code></a>
chore: Update to <code>@​rollup/plugin-replace</code> v6</li>
<li><a
href="https://github.com/eemeli/yaml/commit/e3cafc70ca0dfac449f25cfa60a426f68c23e061"><code>e3cafc7</code></a>
chore: Update to eslint-config-prettier v10</li>
<li><a
href="https://github.com/eemeli/yaml/commit/553c1b56f1f3a6b23b6f0358322dfbacfc3e80cb"><code>553c1b5</code></a>
chore: Refresh lockfile</li>
<li><a
href="https://github.com/eemeli/yaml/commit/70a8db37c3bd8d6db6e8dddd4a1e9e6fc5a9a3b0"><code>70a8db3</code></a>
fix: Do not double newlines for empty map values (<a
href="https://redirect.github.com/eemeli/yaml/issues/642">#642</a>)</li>
<li><a
href="https://github.com/eemeli/yaml/commit/92821f2b8164f9831ff5a51f6e5a575e06365742"><code>92821f2</code></a>
ci: Limit action permissions to minimum required</li>
<li><a
href="https://github.com/eemeli/yaml/commit/95285f82a888781d4ff010b26f9beb6d13778422"><code>95285f8</code></a>
fix: Serialize -0 as -0 (fixes <a
href="https://redirect.github.com/eemeli/yaml/issues/638">#638</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/eemeli/yaml/compare/v2.8.1...v2.8.2">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-12 23:03:00 -07:00
dependabot[bot] 5c1e00d1af build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#327)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to
4.17.23.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lodash/lodash/commit/dec55b7a3b382da075e2eac90089b4cd00a26cbb"><code>dec55b7</code></a>
Bump main to v4.17.23 (<a
href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/19c9251b3631d7cf220b43bc757eb33f1084f117"><code>19c9251</code></a>
fix: setCacheHas JSDoc return type should be boolean (<a
href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/b5e672995ae26929d111a6e94589f8d03fb8e578"><code>b5e6729</code></a>
jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a
href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81"><code>edadd45</code></a>
Prevent prototype pollution on baseUnset function</li>
<li><a
href="https://github.com/lodash/lodash/commit/4879a7a7d0a4494b0e83c7fa21bcc9fc6e7f1a6d"><code>4879a7a</code></a>
doc: fix autoLink function, conversion of source links (<a
href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/9648f692b0fc7c2f6a7a763d754377200126c2e8"><code>9648f69</code></a>
chore: remove <code>yarn.lock</code> file (<a
href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/dfa407db0bf5b200f2c7a9e4f06830ceaf074be9"><code>dfa407d</code></a>
ci: remove legacy configuration files (<a
href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/156e1965ae78b121a88f81178ab81632304e8d64"><code>156e196</code></a>
feat: add renovate setup (<a
href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/933e1061b8c344d3fc742cdc400175d5ffc99bce"><code>933e106</code></a>
ci: add pipeline for Bun (<a
href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/072a807ff7ad8ffc7c1d2c3097266e815d138e20"><code>072a807</code></a>
docs: update links related to Open JS Foundation (<a
href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=4.17.21&new-version=4.17.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/actions/create-github-app-token/network/alerts).

</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-12 23:01:31 -07:00
dependabot[bot] 64cd9c9a45 build(deps): bump stefanzweifel/git-auto-commit-action from 6.0.1 to 7.1.0 (#317)
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 6.0.1 to 7.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.0</h2>
<h2>Added</h2>
<ul>
<li>Add skip_push input option (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/401">#401</a>)
<a
href="https://github.com/@kvanzuijlen"><code>@​kvanzuijlen</code></a></li>
</ul>
<h2>Changes</h2>
<ul>
<li>docs: fix typo in README.md (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/400">#400</a>)
<a
href="https://github.com/@GideonBear"><code>@​GideonBear</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/399">#399</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
<li>Bump bats from 1.12.0 to 1.13.0 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/398">#398</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
</ul>
<h2>v7.0.0</h2>
<h2>Added</h2>
<ul>
<li>Restore skip_fetch, skip_checkout, create_branch (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/388">#388</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
<li>Restore Detached State Detection (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/393">#393</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
<li>Add Support for Tag Messages (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/391">#391</a>)
<a
href="https://github.com/@EliasBoulharts"><code>@​EliasBoulharts</code></a></li>
</ul>
<h2>Changed</h2>
<ul>
<li>Run Action on Node 24 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/389">#389</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/386">#386</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.1.0...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.0.0...v7.1.0">v7.1.0</a>
- 2025-12-17</h2>
<h3>Added</h3>
<ul>
<li>Add skip_push input option (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/401">#401</a>)
<a
href="https://github.com/@kvanzuijlen"><code>@​kvanzuijlen</code></a></li>
</ul>
<h3>Changes</h3>
<ul>
<li>docs: fix typo in README.md (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/400">#400</a>)
<a
href="https://github.com/@GideonBear"><code>@​GideonBear</code></a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/399">#399</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
<li>Bump bats from 1.12.0 to 1.13.0 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/398">#398</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.1...v7.0.0">v7.0.0</a>
- 2025-10-12</h2>
<h3>Added</h3>
<ul>
<li>Restore skip_fetch, skip_checkout, create_branch (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/388">#388</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
<li>Restore Detached State Detection (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/393">#393</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
<li>Add Support for Tag Messages (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/391">#391</a>)
<a
href="https://github.com/@EliasBoulharts"><code>@​EliasBoulharts</code></a></li>
</ul>
<h3>Changed</h3>
<ul>
<li>Run Action on Node 24 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/389">#389</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/386">#386</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.0...v6.0.1">v6.0.1</a>
- 2025-06-11</h2>
<h3>Fixed</h3>
<ul>
<li>Disable Check if Repo is in Detached State (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379">#379</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.2.0...v6.0.0">v6.0.0</a>
- 2025-06-10</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/04702edda442b2e678b25b537cec683a1493fcb9"><code>04702ed</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/399">#399</a>)</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/1e49d5001fa4bb7d02711af41f4af23c58ef1de8"><code>1e49d50</code></a>
Add skip_push input option (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/401">#401</a>)</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/65c56779c90b0324ac2a7e7c31ec876b8db47914"><code>65c5677</code></a>
docs: fix typo in README.md (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/400">#400</a>)</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/547c1409cec143c754e148a6fbdfa359db836cf6"><code>547c140</code></a>
Bump bats from 1.12.0 to 1.13.0 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/398">#398</a>)</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/8fa7f5a3c51038deaa521c22ae89fac24baad8e7"><code>8fa7f5a</code></a>
Update CHANGELOG</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/28e16e81777b558cc906c8750092100bbb34c5e3"><code>28e16e8</code></a>
Release preparations for v7 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/394">#394</a>)</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/698fd76863f4609be5d51f1d1fe685aa92f062e9"><code>698fd76</code></a>
Merge pull request <a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/391">#391</a>
from EliasBoulharts/custom-tag-message</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/c40819ab3b7619623b7d0d760f3296f014f245b8"><code>c40819a</code></a>
Update README</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/d7ee275235b337d03e77815bd319db607e2b455b"><code>d7ee275</code></a>
Change internal variable names</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/e8684eb0cd3714a844cb825cd29a0afcf6d66dbc"><code>e8684eb</code></a>
Fix Tests</li>
<li>Additional commits viewable in <a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/778341af668090896ca464160c2def5d1d1a3eb0...04702edda442b2e678b25b537cec683a1493fcb9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=6.0.1&new-version=7.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-12 23:00:55 -07:00
semantic-release-bot 29824e69f5 build(release): 2.2.1 [skip ci]
## [2.2.1](https://github.com/actions/create-github-app-token/compare/v2.2.0...v2.2.1) (2025-12-05)

### Bug Fixes

* **deps:** bump the production-dependencies group with 2 updates ([#311](https://github.com/actions/create-github-app-token/issues/311)) ([b212e6a](https://github.com/actions/create-github-app-token/commit/b212e6a739dec02d8488610fbaf8f049f82ee999))
2025-12-05 22:53:03 +00:00
dependabot[bot] b212e6a739 fix(deps): bump the production-dependencies group with 2 updates (#311)
Bumps the production-dependencies group with 2 updates:
[@octokit/auth-app](https://github.com/octokit/auth-app.js) and
[@octokit/request](https://github.com/octokit/request.js).

Updates `@octokit/auth-app` from 8.1.1 to 8.1.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/octokit/auth-app.js/releases"><code>@​octokit/auth-app</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v8.1.2</h2>
<h2><a
href="https://github.com/octokit/auth-app.js/compare/v8.1.1...v8.1.2">8.1.2</a>
(2025-10-31)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> update dependency
<code>@​octokit/types</code> to v16 (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/731">#731</a>)
(<a
href="https://github.com/octokit/auth-app.js/commit/016958a122fcd868c36f5c82200e5dfd14a90266">016958a</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/octokit/auth-app.js/commit/016958a122fcd868c36f5c82200e5dfd14a90266"><code>016958a</code></a>
fix(deps): update dependency <code>@​octokit/types</code> to v16 (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/731">#731</a>)</li>
<li><a
href="https://github.com/octokit/auth-app.js/commit/6290a83e69d4b9912abe90e6a67108eb38e396df"><code>6290a83</code></a>
ci(action): update peter-evans/create-or-update-comment action to v5 (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/723">#723</a>)</li>
<li><a
href="https://github.com/octokit/auth-app.js/commit/767ba94f5008c636b227cc429e8fad3fd9c81262"><code>767ba94</code></a>
ci(action): update actions/setup-node action to v6 (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/727">#727</a>)</li>
<li><a
href="https://github.com/octokit/auth-app.js/commit/a6b03f2d5fd57f6d4dda580ce04ac39c5db2e95f"><code>a6b03f2</code></a>
ci(action): update github/codeql-action action to v4 (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/726">#726</a>)</li>
<li><a
href="https://github.com/octokit/auth-app.js/commit/f6eb9c8e3403c385cc6a7494373b93eb5e1873c0"><code>f6eb9c8</code></a>
chore(deps): update dependency node to v24 (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/730">#730</a>)</li>
<li><a
href="https://github.com/octokit/auth-app.js/commit/f50e21a0a071d4780e84bdf080396bde66268a74"><code>f50e21a</code></a>
ci(action): update actions/setup-node action to v5 (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/718">#718</a>)</li>
<li><a
href="https://github.com/octokit/auth-app.js/commit/7f24cee3c5d05a614b89b87c84ccdd5d4aea37b1"><code>7f24cee</code></a>
build(deps): lock file maintenance (<a
href="https://redirect.github.com/octokit/auth-app.js/issues/719">#719</a>)</li>
<li>See full diff in <a
href="https://github.com/octokit/auth-app.js/compare/v8.1.1...v8.1.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `@octokit/request` from 10.0.5 to 10.0.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/octokit/request.js/releases"><code>@​octokit/request</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v10.0.7</h2>
<h2><a
href="https://github.com/octokit/request.js/compare/v10.0.6...v10.0.7">10.0.7</a>
(2025-11-13)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>readme:</strong> properly structure the options for custom
agent (<a
href="https://redirect.github.com/octokit/request.js/issues/786">#786</a>)
(<a
href="https://github.com/octokit/request.js/commit/f17c1c13c7cba81187c419da06b815ed741c950c">f17c1c1</a>),
closes <a
href="https://redirect.github.com/octokit/request.js/issues/785">#785</a></li>
</ul>
<h2>v10.0.6</h2>
<h2><a
href="https://github.com/octokit/request.js/compare/v10.0.5...v10.0.6">10.0.6</a>
(2025-10-30)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> update dependency
<code>@​octokit/types</code> to v16 (<a
href="https://redirect.github.com/octokit/request.js/issues/783">#783</a>)
(<a
href="https://github.com/octokit/request.js/commit/1aeac5672c04bc508e46796660465b1b67cf397c">1aeac56</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/octokit/request.js/commit/f17c1c13c7cba81187c419da06b815ed741c950c"><code>f17c1c1</code></a>
fix(readme): properly structure the options for custom agent (<a
href="https://redirect.github.com/octokit/request.js/issues/786">#786</a>)</li>
<li><a
href="https://github.com/octokit/request.js/commit/ea46fa9cd46f970fad5e286e6fdd2ea46929ac5d"><code>ea46fa9</code></a>
ci(action): update github/codeql-action action to v4 (<a
href="https://redirect.github.com/octokit/request.js/issues/778">#778</a>)</li>
<li><a
href="https://github.com/octokit/request.js/commit/8166d281814326b3e11d60b1895e623f2fd51c9e"><code>8166d28</code></a>
chore(deps): update vitest monorepo to v4 (major) (<a
href="https://redirect.github.com/octokit/request.js/issues/781">#781</a>)</li>
<li><a
href="https://github.com/octokit/request.js/commit/1aeac5672c04bc508e46796660465b1b67cf397c"><code>1aeac56</code></a>
fix(deps): update dependency <code>@​octokit/types</code> to v16 (<a
href="https://redirect.github.com/octokit/request.js/issues/783">#783</a>)</li>
<li><a
href="https://github.com/octokit/request.js/commit/b5b08a2ffde04d7c9ee3452ff86459836981e7f6"><code>b5b08a2</code></a>
ci(action): update actions/setup-node action to v6 (<a
href="https://redirect.github.com/octokit/request.js/issues/779">#779</a>)</li>
<li><a
href="https://github.com/octokit/request.js/commit/9a78123cc35f1c7cb5ac0e3cce4c2331ea5dca6e"><code>9a78123</code></a>
chore(deps): update dependency <code>@​types/node</code> to v24 (<a
href="https://redirect.github.com/octokit/request.js/issues/782">#782</a>)</li>
<li>See full diff in <a
href="https://github.com/octokit/request.js/compare/v10.0.5...v10.0.7">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-05 14:52:29 -08:00
Parker Brown 8efbf9bf0f ci: create stale workflow (#309)
Introduces a GitHub Actions workflow that automatically marks issues and
pull requests as stale after 180 days of inactivity and closes them
after an additional 60 days. This helps keep the repository clean and
maintainable by prompting action on inactive items.
2025-11-22 00:07:32 -08:00
Stefan Petrushevski 14350b6aaa bump version 2025-08-28 10:26:30 +02:00
Stefan Petrushevski 6cf7b5f22a update tests with enterprise-slug 2025-08-28 10:23:07 +02:00
Stefan 22e6bc6b49 Update lib/main.js
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
2025-08-28 09:34:44 +02:00
Stefan 3b3f07c3d1 Update lib/main.js
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
2025-08-28 09:34:29 +02:00
Stefan 7b860611c2 Update lib/main.js
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
2025-08-28 09:34:21 +02:00
Stefan a84c82dc20 Update action.yml
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
2025-08-28 09:34:12 +02:00
Stefan 81e8c224df Update README.md
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
2025-08-28 09:34:01 +02:00
Stefan 7434028a6d Update README.md
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
2025-08-28 09:33:49 +02:00
Stefan Petrushevski 46f9f788b8 improve installation match; refactor test per copilot review 2025-07-08 17:52:25 +02:00
Stefan Petrushevski 3c69395e16 update package version 2025-07-08 17:22:19 +02:00
Stefan Petrushevski 55b8c24e8d tests; update README 2025-07-08 17:05:18 +02:00
Stefan Petrushevski cbc2930e9b enterprise input; logic to generate ent token 2025-07-08 15:04:32 +02:00
22 changed files with 32099 additions and 24624 deletions
+34
View File
@@ -0,0 +1,34 @@
# This workflow warns and then closes issues that have had no activity for a specified amount of time.
# https://github.com/actions/stale
name: Stale
on:
workflow_dispatch:
schedule:
# 00:00 UTC on Mondays
- cron: '0 0 * * 1'
permissions:
issues: write
pull-requests: write
env:
DAYS_BEFORE_STALE: 180
DAYS_BEFORE_CLOSE: 60
STALE_LABEL: 'stale'
STALE_LABEL_URL: ${{github.server_url}}/${{github.repository}}/labels/stale
jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v10
with:
operations-per-run: 100
days-before-stale: ${{ env.DAYS_BEFORE_STALE }}
days-before-close: ${{ env.DAYS_BEFORE_CLOSE }}
stale-issue-label: ${{ env.STALE_LABEL }}
stale-pr-label: ${{ env.STALE_LABEL }}
stale-issue-message: 'This issue has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this issue if it is no longer needed. If this issue is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'
stale-pr-message: 'This pull request has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this pull request if it is no longer needed. If this pull request is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'
@@ -31,7 +31,7 @@ jobs:
run: node scripts/update-permission-inputs.js
- name: Commit changes
id: auto-commit
uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
with:
commit_message: ${{ env.COMMIT_MESSAGE }}
- name: Update PR title
+1
View File
@@ -1,3 +1,4 @@
.env
coverage
node_modules/
.DS_Store
+29
View File
@@ -195,6 +195,28 @@ jobs:
body: "Hello, World!"
```
### Create a token for an enterprise installation
```yaml
on: [workflow_dispatch]
jobs:
hello-world:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
enterprise-slug: my-enterprise-slug
- name: Call enterprise management REST API with gh
run: |
gh api /enterprises/my-enterprise-slug/apps/installable_organizations
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
```
### Create a token with specific permissions
> [!NOTE]
@@ -335,6 +357,13 @@ steps:
> [!NOTE]
> If `owner` is set and `repositories` is empty, access will be scoped to all repositories in the provided repository owner's installation. If `owner` and `repositories` are empty, access will be scoped to only the current repository.
### `enterprise-slug`
**Optional:** The slug of the enterprise to generate a token for enterprise-level app installations.
> [!NOTE]
> The `enterprise-slug` input is mutually exclusive with `owner` and `repositories`. GitHub Apps can be installed on enterprise accounts with permissions that let them call enterprise management APIs. Enterprise installations do not grant access to organization or repository resources.
### `permission-<permission name>`
**Optional:** The permissions to grant to the token. By default, the token inherits all of the installation's permissions. We recommend to explicitly list the permissions that are required for a use case. This follows GitHub's own recommendation to [control permissions of `GITHUB_TOKEN` in workflows](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token). The documentation also lists all available permissions, just prefix the permission key with `permission-` (e.g., `pull-requests``permission-pull-requests`).
+3
View File
@@ -17,6 +17,9 @@ inputs:
repositories:
description: "Comma or newline-separated list of repositories to install the GitHub App on (defaults to current repository if owner is unset)"
required: false
enterprise-slug:
description: "Enterprise slug for enterprise-level app installations (cannot be used with 'owner' or 'repositories')"
required: false
skip-token-revoke:
description: "If true, the token will not be revoked when the current job is complete"
required: false
+15701 -12183
View File
File diff suppressed because one or more lines are too long
+15641 -12127
View File
File diff suppressed because one or more lines are too long
+98 -37
View File
@@ -4,6 +4,7 @@ import pRetry from "p-retry";
/**
* @param {string} appId
* @param {string} privateKey
* @param {string} enterpriseSlug
* @param {string} owner
* @param {string[]} repositories
* @param {undefined | Record<string, string>} permissions
@@ -15,58 +16,70 @@ import pRetry from "p-retry";
export async function main(
appId,
privateKey,
enterpriseSlug,
owner,
repositories,
permissions,
core,
createAppAuth,
request,
skipTokenRevoke
skipTokenRevoke,
) {
// Validate mutual exclusivity of enterprise-slug with owner/repositories
if (enterpriseSlug && (owner || repositories.length > 0)) {
throw new Error("Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs");
}
let parsedOwner = "";
let parsedRepositoryNames = [];
// If neither owner nor repositories are set, default to current repository
if (!owner && repositories.length === 0) {
const [owner, repo] = String(process.env.GITHUB_REPOSITORY).split("/");
parsedOwner = owner;
parsedRepositoryNames = [repo];
// Skip owner/repository parsing if enterprise-slug is set
if (!enterpriseSlug) {
// If neither owner nor repositories are set, default to current repository
if (!owner && repositories.length === 0) {
const [owner, repo] = String(process.env.GITHUB_REPOSITORY).split("/");
parsedOwner = owner;
parsedRepositoryNames = [repo];
core.info(
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (${owner}/${repo}).`
);
}
core.info(
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (${owner}/${repo}).`
);
}
// If only an owner is set, default to all repositories from that owner
if (owner && repositories.length === 0) {
parsedOwner = owner;
// If only an owner is set, default to all repositories from that owner
if (owner && repositories.length === 0) {
parsedOwner = owner;
core.info(
`Input 'repositories' is not set. Creating token for all repositories owned by ${owner}.`
);
}
core.info(
`Input 'repositories' is not set. Creating token for all repositories owned by ${owner}.`
);
}
// If repositories are set, but no owner, default to `GITHUB_REPOSITORY_OWNER`
if (!owner && repositories.length > 0) {
parsedOwner = String(process.env.GITHUB_REPOSITORY_OWNER);
parsedRepositoryNames = repositories;
// If repositories are set, but no owner, default to `GITHUB_REPOSITORY_OWNER`
if (!owner && repositories.length > 0) {
parsedOwner = String(process.env.GITHUB_REPOSITORY_OWNER);
parsedRepositoryNames = repositories;
core.info(
`No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories
.map((repo) => `\n- ${parsedOwner}/${repo}`)
.join("")}`
);
}
core.info(
`No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories
.map((repo) => `\n- ${parsedOwner}/${repo}`)
.join("")}`
);
}
// If both owner and repositories are set, use those values
if (owner && repositories.length > 0) {
parsedOwner = owner;
parsedRepositoryNames = repositories;
// If both owner and repositories are set, use those values
if (owner && repositories.length > 0) {
parsedOwner = owner;
parsedRepositoryNames = repositories;
core.info(
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
core.info(
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
${repositories.map((repo) => `\n- ${parsedOwner}/${repo}`).join("")}`
);
);
}
} else {
core.info(`Creating enterprise installation token for enterprise "${enterpriseSlug}".`);
}
const auth = createAppAuth({
@@ -76,9 +89,22 @@ export async function main(
});
let authentication, installationId, appSlug;
// If at least one repository is set, get installation ID from that repository
if (parsedRepositoryNames.length > 0) {
// If enterprise-slug is set, get installation ID from the enterprise
if (enterpriseSlug) {
({ authentication, installationId, appSlug } = await pRetry(
() => getTokenFromEnterprise(request, auth, enterpriseSlug, permissions),
{
shouldRetry: (error) => error.status >= 500,
onFailedAttempt: (error) => {
core.info(
`Failed to create token for enterprise "${enterpriseSlug}" (attempt ${error.attemptNumber}): ${error.message}`
);
},
retries: 3,
}
));
} else if (parsedRepositoryNames.length > 0) {
({ authentication, installationId, appSlug } = await pRetry(
() =>
getTokenFromRepository(
@@ -181,3 +207,38 @@ async function getTokenFromRepository(
return { authentication, installationId, appSlug };
}
async function getTokenFromEnterprise(request, auth, enterpriseSlug, permissions) {
// Get all installations and find the enterprise one
// https://docs.github.com/rest/apps/apps#list-installations-for-the-authenticated-app
// Note: Currently we do not have a way to get the installation for an enterprise directly,
// so as a workaround we need to list all installations and filter for the enterprise one.
const response = await request("GET /app/installations", {
request: {
hook: auth.hook,
},
});
// Find the enterprise installation
const enterpriseInstallation = response.data.find(
installation => installation.target_type === "Enterprise" &&
installation.account?.slug === enterpriseSlug
);
/* c8 ignore next 3 */
if (!enterpriseInstallation) {
throw new Error(`No enterprise installation found matching the name ${enterpriseSlug}. Available installations: ${response.data.map(i => `${i.target_type}:${i.account?.login || 'N/A'}`).join(', ')}`);
}
// Get token for the enterprise installation
const authentication = await auth({
type: "installation",
installationId: enterpriseInstallation.id,
permissions,
});
const installationId = enterpriseInstallation.id;
const appSlug = enterpriseInstallation["app_slug"];
return { authentication, installationId, appSlug };
}
+1 -1
View File
@@ -1,4 +1,4 @@
import core from "@actions/core";
import * as core from "@actions/core";
import { request } from "@octokit/request";
import { ProxyAgent, fetch as undiciFetch } from "undici";
+8 -3
View File
@@ -1,6 +1,6 @@
// @ts-check
import core from "@actions/core";
import * as core from "@actions/core";
import { createAppAuth } from "@octokit/auth-app";
import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
@@ -17,6 +17,7 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
const appId = core.getInput("app-id");
const privateKey = core.getInput("private-key");
const enterpriseSlug = core.getInput("enterprise-slug");
const owner = core.getInput("owner");
const repositories = core
.getInput("repositories")
@@ -32,6 +33,7 @@ const permissions = getPermissionsFromInputs(process.env);
export default main(
appId,
privateKey,
enterpriseSlug,
owner,
repositories,
permissions,
@@ -40,7 +42,10 @@ export default main(
request,
skipTokenRevoke,
).catch((error) => {
/* c8 ignore next 3 */
/* c8 ignore next 5 */
console.error(error);
core.setFailed(error.message);
// Don't set failed in test mode (when GITHUB_OUTPUT is undefined)
if (process.env.GITHUB_OUTPUT !== undefined) {
core.setFailed(error.message);
}
});
+247 -260
View File
@@ -1,77 +1,78 @@
{
"name": "create-github-app-token",
"version": "2.2.0",
"version": "2.2.2",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "create-github-app-token",
"version": "2.2.0",
"version": "2.2.2",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.11.1",
"@octokit/auth-app": "^8.1.1",
"@octokit/request": "^10.0.3",
"p-retry": "^7.1.0",
"undici": "^7.16.0"
"@actions/core": "^3.0.0",
"@octokit/auth-app": "^8.2.0",
"@octokit/request": "^10.0.8",
"p-retry": "^7.1.1",
"undici": "^7.24.1"
},
"devDependencies": {
"@octokit/openapi": "^21.0.0",
"@sinonjs/fake-timers": "^15.0.0",
"@sinonjs/fake-timers": "^15.1.0",
"ava": "^6.4.1",
"c8": "^10.1.3",
"dotenv": "^17.2.3",
"esbuild": "^0.25.10",
"execa": "^9.6.0",
"dotenv": "^17.3.1",
"esbuild": "^0.27.3",
"execa": "^9.6.1",
"open-cli": "^8.0.0",
"yaml": "^2.8.1"
"yaml": "^2.8.2"
},
"engines": {
"node": ">=20"
}
},
"node_modules/@actions/core": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
"integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.0.tgz",
"integrity": "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg==",
"license": "MIT",
"dependencies": {
"@actions/exec": "^1.1.1",
"@actions/http-client": "^2.0.1"
"@actions/exec": "^3.0.0",
"@actions/http-client": "^4.0.0"
}
},
"node_modules/@actions/exec": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
"integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz",
"integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==",
"license": "MIT",
"dependencies": {
"@actions/io": "^1.0.1"
"@actions/io": "^3.0.2"
}
},
"node_modules/@actions/http-client": {
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.1.tgz",
"integrity": "sha512-KhC/cZsq7f8I4LfZSJKgCvEwfkE8o1538VoBeoGzokVLLnbFDEAdFD3UhoMklxo2un9NJVBdANOresx7vTHlHw==",
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz",
"integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==",
"license": "MIT",
"dependencies": {
"tunnel": "^0.0.6",
"undici": "^5.25.4"
"undici": "^6.23.0"
}
},
"node_modules/@actions/http-client/node_modules/undici": {
"version": "5.29.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
"integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
"version": "6.24.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz",
"integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==",
"license": "MIT",
"dependencies": {
"@fastify/busboy": "^2.0.0"
},
"engines": {
"node": ">=14.0"
"node": ">=18.17"
}
},
"node_modules/@actions/io": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
"integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz",
"integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw==",
"license": "MIT"
},
"node_modules/@bcoe/v8-coverage": {
"version": "1.0.1",
@@ -83,9 +84,9 @@
}
},
"node_modules/@esbuild/aix-ppc64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.10.tgz",
"integrity": "sha512-0NFWnA+7l41irNuaSVlLfgNT12caWJVLzp5eAVhZ0z1qpxbockccEt3s+149rE64VUI3Ml2zt8Nv5JVc4QXTsw==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.3.tgz",
"integrity": "sha512-9fJMTNFTWZMh5qwrBItuziu834eOCUcEqymSH7pY+zoMVEZg3gcPuBNxH1EvfVYe9h0x/Ptw8KBzv7qxb7l8dg==",
"cpu": [
"ppc64"
],
@@ -100,9 +101,9 @@
}
},
"node_modules/@esbuild/android-arm": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.10.tgz",
"integrity": "sha512-dQAxF1dW1C3zpeCDc5KqIYuZ1tgAdRXNoZP7vkBIRtKZPYe2xVr/d3SkirklCHudW1B45tGiUlz2pUWDfbDD4w==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.3.tgz",
"integrity": "sha512-i5D1hPY7GIQmXlXhs2w8AWHhenb00+GxjxRncS2ZM7YNVGNfaMxgzSGuO8o8SJzRc/oZwU2bcScvVERk03QhzA==",
"cpu": [
"arm"
],
@@ -117,9 +118,9 @@
}
},
"node_modules/@esbuild/android-arm64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.10.tgz",
"integrity": "sha512-LSQa7eDahypv/VO6WKohZGPSJDq5OVOo3UoFR1E4t4Gj1W7zEQMUhI+lo81H+DtB+kP+tDgBp+M4oNCwp6kffg==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.3.tgz",
"integrity": "sha512-YdghPYUmj/FX2SYKJ0OZxf+iaKgMsKHVPF1MAq/P8WirnSpCStzKJFjOjzsW0QQ7oIAiccHdcqjbHmJxRb/dmg==",
"cpu": [
"arm64"
],
@@ -134,9 +135,9 @@
}
},
"node_modules/@esbuild/android-x64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.10.tgz",
"integrity": "sha512-MiC9CWdPrfhibcXwr39p9ha1x0lZJ9KaVfvzA0Wxwz9ETX4v5CHfF09bx935nHlhi+MxhA63dKRRQLiVgSUtEg==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.3.tgz",
"integrity": "sha512-IN/0BNTkHtk8lkOM8JWAYFg4ORxBkZQf9zXiEOfERX/CzxW3Vg1ewAhU7QSWQpVIzTW+b8Xy+lGzdYXV6UZObQ==",
"cpu": [
"x64"
],
@@ -151,9 +152,9 @@
}
},
"node_modules/@esbuild/darwin-arm64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.10.tgz",
"integrity": "sha512-JC74bdXcQEpW9KkV326WpZZjLguSZ3DfS8wrrvPMHgQOIEIG/sPXEN/V8IssoJhbefLRcRqw6RQH2NnpdprtMA==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.3.tgz",
"integrity": "sha512-Re491k7ByTVRy0t3EKWajdLIr0gz2kKKfzafkth4Q8A5n1xTHrkqZgLLjFEHVD+AXdUGgQMq+Godfq45mGpCKg==",
"cpu": [
"arm64"
],
@@ -168,9 +169,9 @@
}
},
"node_modules/@esbuild/darwin-x64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.10.tgz",
"integrity": "sha512-tguWg1olF6DGqzws97pKZ8G2L7Ig1vjDmGTwcTuYHbuU6TTjJe5FXbgs5C1BBzHbJ2bo1m3WkQDbWO2PvamRcg==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.3.tgz",
"integrity": "sha512-vHk/hA7/1AckjGzRqi6wbo+jaShzRowYip6rt6q7VYEDX4LEy1pZfDpdxCBnGtl+A5zq8iXDcyuxwtv3hNtHFg==",
"cpu": [
"x64"
],
@@ -185,9 +186,9 @@
}
},
"node_modules/@esbuild/freebsd-arm64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.10.tgz",
"integrity": "sha512-3ZioSQSg1HT2N05YxeJWYR+Libe3bREVSdWhEEgExWaDtyFbbXWb49QgPvFH8u03vUPX10JhJPcz7s9t9+boWg==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.3.tgz",
"integrity": "sha512-ipTYM2fjt3kQAYOvo6vcxJx3nBYAzPjgTCk7QEgZG8AUO3ydUhvelmhrbOheMnGOlaSFUoHXB6un+A7q4ygY9w==",
"cpu": [
"arm64"
],
@@ -202,9 +203,9 @@
}
},
"node_modules/@esbuild/freebsd-x64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.10.tgz",
"integrity": "sha512-LLgJfHJk014Aa4anGDbh8bmI5Lk+QidDmGzuC2D+vP7mv/GeSN+H39zOf7pN5N8p059FcOfs2bVlrRr4SK9WxA==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.3.tgz",
"integrity": "sha512-dDk0X87T7mI6U3K9VjWtHOXqwAMJBNN2r7bejDsc+j03SEjtD9HrOl8gVFByeM0aJksoUuUVU9TBaZa2rgj0oA==",
"cpu": [
"x64"
],
@@ -219,9 +220,9 @@
}
},
"node_modules/@esbuild/linux-arm": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.10.tgz",
"integrity": "sha512-oR31GtBTFYCqEBALI9r6WxoU/ZofZl962pouZRTEYECvNF/dtXKku8YXcJkhgK/beU+zedXfIzHijSRapJY3vg==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.3.tgz",
"integrity": "sha512-s6nPv2QkSupJwLYyfS+gwdirm0ukyTFNl3KTgZEAiJDd+iHZcbTPPcWCcRYH+WlNbwChgH2QkE9NSlNrMT8Gfw==",
"cpu": [
"arm"
],
@@ -236,9 +237,9 @@
}
},
"node_modules/@esbuild/linux-arm64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.10.tgz",
"integrity": "sha512-5luJWN6YKBsawd5f9i4+c+geYiVEw20FVW5x0v1kEMWNq8UctFjDiMATBxLvmmHA4bf7F6hTRaJgtghFr9iziQ==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.3.tgz",
"integrity": "sha512-sZOuFz/xWnZ4KH3YfFrKCf1WyPZHakVzTiqji3WDc0BCl2kBwiJLCXpzLzUBLgmp4veFZdvN5ChW4Eq/8Fc2Fg==",
"cpu": [
"arm64"
],
@@ -253,9 +254,9 @@
}
},
"node_modules/@esbuild/linux-ia32": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.10.tgz",
"integrity": "sha512-NrSCx2Kim3EnnWgS4Txn0QGt0Xipoumb6z6sUtl5bOEZIVKhzfyp/Lyw4C1DIYvzeW/5mWYPBFJU3a/8Yr75DQ==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.3.tgz",
"integrity": "sha512-yGlQYjdxtLdh0a3jHjuwOrxQjOZYD/C9PfdbgJJF3TIZWnm/tMd/RcNiLngiu4iwcBAOezdnSLAwQDPqTmtTYg==",
"cpu": [
"ia32"
],
@@ -270,9 +271,9 @@
}
},
"node_modules/@esbuild/linux-loong64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.10.tgz",
"integrity": "sha512-xoSphrd4AZda8+rUDDfD9J6FUMjrkTz8itpTITM4/xgerAZZcFW7Dv+sun7333IfKxGG8gAq+3NbfEMJfiY+Eg==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.3.tgz",
"integrity": "sha512-WO60Sn8ly3gtzhyjATDgieJNet/KqsDlX5nRC5Y3oTFcS1l0KWba+SEa9Ja1GfDqSF1z6hif/SkpQJbL63cgOA==",
"cpu": [
"loong64"
],
@@ -287,9 +288,9 @@
}
},
"node_modules/@esbuild/linux-mips64el": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.10.tgz",
"integrity": "sha512-ab6eiuCwoMmYDyTnyptoKkVS3k8fy/1Uvq7Dj5czXI6DF2GqD2ToInBI0SHOp5/X1BdZ26RKc5+qjQNGRBelRA==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.3.tgz",
"integrity": "sha512-APsymYA6sGcZ4pD6k+UxbDjOFSvPWyZhjaiPyl/f79xKxwTnrn5QUnXR5prvetuaSMsb4jgeHewIDCIWljrSxw==",
"cpu": [
"mips64el"
],
@@ -304,9 +305,9 @@
}
},
"node_modules/@esbuild/linux-ppc64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.10.tgz",
"integrity": "sha512-NLinzzOgZQsGpsTkEbdJTCanwA5/wozN9dSgEl12haXJBzMTpssebuXR42bthOF3z7zXFWH1AmvWunUCkBE4EA==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.3.tgz",
"integrity": "sha512-eizBnTeBefojtDb9nSh4vvVQ3V9Qf9Df01PfawPcRzJH4gFSgrObw+LveUyDoKU3kxi5+9RJTCWlj4FjYXVPEA==",
"cpu": [
"ppc64"
],
@@ -321,9 +322,9 @@
}
},
"node_modules/@esbuild/linux-riscv64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.10.tgz",
"integrity": "sha512-FE557XdZDrtX8NMIeA8LBJX3dC2M8VGXwfrQWU7LB5SLOajfJIxmSdyL/gU1m64Zs9CBKvm4UAuBp5aJ8OgnrA==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.3.tgz",
"integrity": "sha512-3Emwh0r5wmfm3ssTWRQSyVhbOHvqegUDRd0WhmXKX2mkHJe1SFCMJhagUleMq+Uci34wLSipf8Lagt4LlpRFWQ==",
"cpu": [
"riscv64"
],
@@ -338,9 +339,9 @@
}
},
"node_modules/@esbuild/linux-s390x": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.10.tgz",
"integrity": "sha512-3BBSbgzuB9ajLoVZk0mGu+EHlBwkusRmeNYdqmznmMc9zGASFjSsxgkNsqmXugpPk00gJ0JNKh/97nxmjctdew==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.3.tgz",
"integrity": "sha512-pBHUx9LzXWBc7MFIEEL0yD/ZVtNgLytvx60gES28GcWMqil8ElCYR4kvbV2BDqsHOvVDRrOxGySBM9Fcv744hw==",
"cpu": [
"s390x"
],
@@ -355,9 +356,9 @@
}
},
"node_modules/@esbuild/linux-x64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.10.tgz",
"integrity": "sha512-QSX81KhFoZGwenVyPoberggdW1nrQZSvfVDAIUXr3WqLRZGZqWk/P4T8p2SP+de2Sr5HPcvjhcJzEiulKgnxtA==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.3.tgz",
"integrity": "sha512-Czi8yzXUWIQYAtL/2y6vogER8pvcsOsk5cpwL4Gk5nJqH5UZiVByIY8Eorm5R13gq+DQKYg0+JyQoytLQas4dA==",
"cpu": [
"x64"
],
@@ -372,9 +373,9 @@
}
},
"node_modules/@esbuild/netbsd-arm64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.10.tgz",
"integrity": "sha512-AKQM3gfYfSW8XRk8DdMCzaLUFB15dTrZfnX8WXQoOUpUBQ+NaAFCP1kPS/ykbbGYz7rxn0WS48/81l9hFl3u4A==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.3.tgz",
"integrity": "sha512-sDpk0RgmTCR/5HguIZa9n9u+HVKf40fbEUt+iTzSnCaGvY9kFP0YKBWZtJaraonFnqef5SlJ8/TiPAxzyS+UoA==",
"cpu": [
"arm64"
],
@@ -389,9 +390,9 @@
}
},
"node_modules/@esbuild/netbsd-x64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.10.tgz",
"integrity": "sha512-7RTytDPGU6fek/hWuN9qQpeGPBZFfB4zZgcz2VK2Z5VpdUxEI8JKYsg3JfO0n/Z1E/6l05n0unDCNc4HnhQGig==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.3.tgz",
"integrity": "sha512-P14lFKJl/DdaE00LItAukUdZO5iqNH7+PjoBm+fLQjtxfcfFE20Xf5CrLsmZdq5LFFZzb5JMZ9grUwvtVYzjiA==",
"cpu": [
"x64"
],
@@ -406,9 +407,9 @@
}
},
"node_modules/@esbuild/openbsd-arm64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.10.tgz",
"integrity": "sha512-5Se0VM9Wtq797YFn+dLimf2Zx6McttsH2olUBsDml+lm0GOCRVebRWUvDtkY4BWYv/3NgzS8b/UM3jQNh5hYyw==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.3.tgz",
"integrity": "sha512-AIcMP77AvirGbRl/UZFTq5hjXK+2wC7qFRGoHSDrZ5v5b8DK/GYpXW3CPRL53NkvDqb9D+alBiC/dV0Fb7eJcw==",
"cpu": [
"arm64"
],
@@ -423,9 +424,9 @@
}
},
"node_modules/@esbuild/openbsd-x64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.10.tgz",
"integrity": "sha512-XkA4frq1TLj4bEMB+2HnI0+4RnjbuGZfet2gs/LNs5Hc7D89ZQBHQ0gL2ND6Lzu1+QVkjp3x1gIcPKzRNP8bXw==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.3.tgz",
"integrity": "sha512-DnW2sRrBzA+YnE70LKqnM3P+z8vehfJWHXECbwBmH/CU51z6FiqTQTHFenPlHmo3a8UgpLyH3PT+87OViOh1AQ==",
"cpu": [
"x64"
],
@@ -440,9 +441,9 @@
}
},
"node_modules/@esbuild/openharmony-arm64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.10.tgz",
"integrity": "sha512-AVTSBhTX8Y/Fz6OmIVBip9tJzZEUcY8WLh7I59+upa5/GPhh2/aM6bvOMQySspnCCHvFi79kMtdJS1w0DXAeag==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.3.tgz",
"integrity": "sha512-NinAEgr/etERPTsZJ7aEZQvvg/A6IsZG/LgZy+81wON2huV7SrK3e63dU0XhyZP4RKGyTm7aOgmQk0bGp0fy2g==",
"cpu": [
"arm64"
],
@@ -457,9 +458,9 @@
}
},
"node_modules/@esbuild/sunos-x64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.10.tgz",
"integrity": "sha512-fswk3XT0Uf2pGJmOpDB7yknqhVkJQkAQOcW/ccVOtfx05LkbWOaRAtn5SaqXypeKQra1QaEa841PgrSL9ubSPQ==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.3.tgz",
"integrity": "sha512-PanZ+nEz+eWoBJ8/f8HKxTTD172SKwdXebZ0ndd953gt1HRBbhMsaNqjTyYLGLPdoWHy4zLU7bDVJztF5f3BHA==",
"cpu": [
"x64"
],
@@ -474,9 +475,9 @@
}
},
"node_modules/@esbuild/win32-arm64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.10.tgz",
"integrity": "sha512-ah+9b59KDTSfpaCg6VdJoOQvKjI33nTaQr4UluQwW7aEwZQsbMCfTmfEO4VyewOxx4RaDT/xCy9ra2GPWmO7Kw==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.3.tgz",
"integrity": "sha512-B2t59lWWYrbRDw/tjiWOuzSsFh1Y/E95ofKz7rIVYSQkUYBjfSgf6oeYPNWHToFRr2zx52JKApIcAS/D5TUBnA==",
"cpu": [
"arm64"
],
@@ -491,9 +492,9 @@
}
},
"node_modules/@esbuild/win32-ia32": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.10.tgz",
"integrity": "sha512-QHPDbKkrGO8/cz9LKVnJU22HOi4pxZnZhhA2HYHez5Pz4JeffhDjf85E57Oyco163GnzNCVkZK0b/n4Y0UHcSw==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.3.tgz",
"integrity": "sha512-QLKSFeXNS8+tHW7tZpMtjlNb7HKau0QDpwm49u0vUp9y1WOF+PEzkU84y9GqYaAVW8aH8f3GcBck26jh54cX4Q==",
"cpu": [
"ia32"
],
@@ -508,9 +509,9 @@
}
},
"node_modules/@esbuild/win32-x64": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.10.tgz",
"integrity": "sha512-9KpxSVFCu0iK1owoez6aC/s/EdUQLDN3adTxGCqxMVhrPDj6bt5dbrHDXUuq+Bs2vATFBBrQS5vdQ/Ed2P+nbw==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.3.tgz",
"integrity": "sha512-4uJGhsxuptu3OcpVAzli+/gWusVGwZZHTlS63hh++ehExkVT8SgiEf7/uC/PclrPPkLhZqGgCTjd0VWLo6xMqA==",
"cpu": [
"x64"
],
@@ -524,14 +525,6 @@
"node": ">=18"
}
},
"node_modules/@fastify/busboy": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
"integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
"engines": {
"node": ">=14"
}
},
"node_modules/@isaacs/cliui": {
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
@@ -697,16 +690,16 @@
}
},
"node_modules/@octokit/auth-app": {
"version": "8.1.1",
"resolved": "https://registry.npmjs.org/@octokit/auth-app/-/auth-app-8.1.1.tgz",
"integrity": "sha512-yW9YUy1cuqWlz8u7908ed498wJFt42VYsYWjvepjojM4BdZSp4t+5JehFds7LfvYi550O/GaUI94rgbhswvxfA==",
"version": "8.2.0",
"resolved": "https://registry.npmjs.org/@octokit/auth-app/-/auth-app-8.2.0.tgz",
"integrity": "sha512-vVjdtQQwomrZ4V46B9LaCsxsySxGoHsyw6IYBov/TqJVROrlYdyNgw5q6tQbB7KZt53v1l1W53RiqTvpzL907g==",
"license": "MIT",
"dependencies": {
"@octokit/auth-oauth-app": "^9.0.2",
"@octokit/auth-oauth-user": "^6.0.1",
"@octokit/request": "^10.0.5",
"@octokit/request-error": "^7.0.1",
"@octokit/types": "^15.0.0",
"@octokit/auth-oauth-app": "^9.0.3",
"@octokit/auth-oauth-user": "^6.0.2",
"@octokit/request": "^10.0.6",
"@octokit/request-error": "^7.0.2",
"@octokit/types": "^16.0.0",
"toad-cache": "^3.7.0",
"universal-github-app-jwt": "^2.2.0",
"universal-user-agent": "^7.0.0"
@@ -716,15 +709,15 @@
}
},
"node_modules/@octokit/auth-oauth-app": {
"version": "9.0.2",
"resolved": "https://registry.npmjs.org/@octokit/auth-oauth-app/-/auth-oauth-app-9.0.2.tgz",
"integrity": "sha512-vmjSHeuHuM+OxZLzOuoYkcY3OPZ8erJ5lfswdTmm+4XiAKB5PmCk70bA1is4uwSl/APhRVAv4KHsgevWfEKIPQ==",
"version": "9.0.3",
"resolved": "https://registry.npmjs.org/@octokit/auth-oauth-app/-/auth-oauth-app-9.0.3.tgz",
"integrity": "sha512-+yoFQquaF8OxJSxTb7rnytBIC2ZLbLqA/yb71I4ZXT9+Slw4TziV9j/kyGhUFRRTF2+7WlnIWsePZCWHs+OGjg==",
"license": "MIT",
"dependencies": {
"@octokit/auth-oauth-device": "^8.0.2",
"@octokit/auth-oauth-user": "^6.0.1",
"@octokit/request": "^10.0.5",
"@octokit/types": "^15.0.0",
"@octokit/auth-oauth-device": "^8.0.3",
"@octokit/auth-oauth-user": "^6.0.2",
"@octokit/request": "^10.0.6",
"@octokit/types": "^16.0.0",
"universal-user-agent": "^7.0.0"
},
"engines": {
@@ -732,14 +725,14 @@
}
},
"node_modules/@octokit/auth-oauth-device": {
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/@octokit/auth-oauth-device/-/auth-oauth-device-8.0.2.tgz",
"integrity": "sha512-KW7Ywrz7ei7JX+uClWD2DN1259fnkoKuVdhzfpQ3/GdETaCj4Tx0IjvuJrwhP/04OhcMu5yR6tjni0V6LBihdw==",
"version": "8.0.3",
"resolved": "https://registry.npmjs.org/@octokit/auth-oauth-device/-/auth-oauth-device-8.0.3.tgz",
"integrity": "sha512-zh2W0mKKMh/VWZhSqlaCzY7qFyrgd9oTWmTmHaXnHNeQRCZr/CXy2jCgHo4e4dJVTiuxP5dLa0YM5p5QVhJHbw==",
"license": "MIT",
"dependencies": {
"@octokit/oauth-methods": "^6.0.1",
"@octokit/request": "^10.0.5",
"@octokit/types": "^15.0.0",
"@octokit/oauth-methods": "^6.0.2",
"@octokit/request": "^10.0.6",
"@octokit/types": "^16.0.0",
"universal-user-agent": "^7.0.0"
},
"engines": {
@@ -747,15 +740,15 @@
}
},
"node_modules/@octokit/auth-oauth-user": {
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/@octokit/auth-oauth-user/-/auth-oauth-user-6.0.1.tgz",
"integrity": "sha512-vlKsL1KUUPvwXpv574zvmRd+/4JiDFXABIZNM39+S+5j2kODzGgjk7w5WtiQ1x24kRKNaE7v9DShNbw43UA3Hw==",
"version": "6.0.2",
"resolved": "https://registry.npmjs.org/@octokit/auth-oauth-user/-/auth-oauth-user-6.0.2.tgz",
"integrity": "sha512-qLoPPc6E6GJoz3XeDG/pnDhJpTkODTGG4kY0/Py154i/I003O9NazkrwJwRuzgCalhzyIeWQ+6MDvkUmKXjg/A==",
"license": "MIT",
"dependencies": {
"@octokit/auth-oauth-device": "^8.0.2",
"@octokit/oauth-methods": "^6.0.1",
"@octokit/request": "^10.0.5",
"@octokit/types": "^15.0.0",
"@octokit/auth-oauth-device": "^8.0.3",
"@octokit/oauth-methods": "^6.0.2",
"@octokit/request": "^10.0.6",
"@octokit/types": "^16.0.0",
"universal-user-agent": "^7.0.0"
},
"engines": {
@@ -763,12 +756,12 @@
}
},
"node_modules/@octokit/endpoint": {
"version": "11.0.1",
"resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.1.tgz",
"integrity": "sha512-7P1dRAZxuWAOPI7kXfio88trNi/MegQ0IJD3vfgC3b+LZo1Qe6gRJc2v0mz2USWWJOKrB2h5spXCzGbw+fAdqA==",
"version": "11.0.3",
"resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.3.tgz",
"integrity": "sha512-FWFlNxghg4HrXkD3ifYbS/IdL/mDHjh9QcsNyhQjN8dplUoZbejsdpmuqdA76nxj2xoWPs7p8uX2SNr9rYu0Ag==",
"license": "MIT",
"dependencies": {
"@octokit/types": "^15.0.0",
"@octokit/types": "^16.0.0",
"universal-user-agent": "^7.0.2"
},
"engines": {
@@ -785,15 +778,15 @@
}
},
"node_modules/@octokit/oauth-methods": {
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/@octokit/oauth-methods/-/oauth-methods-6.0.1.tgz",
"integrity": "sha512-xi6Iut3izMCFzXBJtxxJehxJmAKjE8iwj6L5+raPRwlTNKAbOOBJX7/Z8AF5apD4aXvc2skwIdOnC+CQ4QuA8Q==",
"version": "6.0.2",
"resolved": "https://registry.npmjs.org/@octokit/oauth-methods/-/oauth-methods-6.0.2.tgz",
"integrity": "sha512-HiNOO3MqLxlt5Da5bZbLV8Zarnphi4y9XehrbaFMkcoJ+FL7sMxH/UlUsCVxpddVu4qvNDrBdaTVE2o4ITK8ng==",
"license": "MIT",
"dependencies": {
"@octokit/oauth-authorization-url": "^8.0.0",
"@octokit/request": "^10.0.5",
"@octokit/request-error": "^7.0.1",
"@octokit/types": "^15.0.0"
"@octokit/request": "^10.0.6",
"@octokit/request-error": "^7.0.2",
"@octokit/types": "^16.0.0"
},
"engines": {
"node": ">= 20"
@@ -810,21 +803,22 @@
}
},
"node_modules/@octokit/openapi-types": {
"version": "26.0.0",
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
"integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==",
"version": "27.0.0",
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-27.0.0.tgz",
"integrity": "sha512-whrdktVs1h6gtR+09+QsNk2+FO+49j6ga1c55YZudfEG+oKJVvJLQi3zkOm5JjiUXAagWK2tI2kTGKJ2Ys7MGA==",
"license": "MIT"
},
"node_modules/@octokit/request": {
"version": "10.0.5",
"resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.5.tgz",
"integrity": "sha512-TXnouHIYLtgDhKo+N6mXATnDBkV05VwbR0TtMWpgTHIoQdRQfCSzmy/LGqR1AbRMbijq/EckC/E3/ZNcU92NaQ==",
"version": "10.0.8",
"resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.8.tgz",
"integrity": "sha512-SJZNwY9pur9Agf7l87ywFi14W+Hd9Jg6Ifivsd33+/bGUQIjNujdFiXII2/qSlN2ybqUHfp5xpekMEjIBTjlSw==",
"license": "MIT",
"dependencies": {
"@octokit/endpoint": "^11.0.1",
"@octokit/request-error": "^7.0.1",
"@octokit/types": "^15.0.0",
"@octokit/endpoint": "^11.0.3",
"@octokit/request-error": "^7.0.2",
"@octokit/types": "^16.0.0",
"fast-content-type-parse": "^3.0.0",
"json-with-bigint": "^3.5.3",
"universal-user-agent": "^7.0.2"
},
"engines": {
@@ -832,24 +826,24 @@
}
},
"node_modules/@octokit/request-error": {
"version": "7.0.1",
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.1.tgz",
"integrity": "sha512-CZpFwV4+1uBrxu7Cw8E5NCXDWFNf18MSY23TdxCBgjw1tXXHvTrZVsXlW8hgFTOLw8RQR1BBrMvYRtuyaijHMA==",
"version": "7.1.0",
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.1.0.tgz",
"integrity": "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw==",
"license": "MIT",
"dependencies": {
"@octokit/types": "^15.0.0"
"@octokit/types": "^16.0.0"
},
"engines": {
"node": ">= 20"
}
},
"node_modules/@octokit/types": {
"version": "15.0.0",
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
"integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
"version": "16.0.0",
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-16.0.0.tgz",
"integrity": "sha512-sKq+9r1Mm4efXW1FCk7hFSeJo4QKreL/tTbR0rz/qx/r1Oa2VV83LTA/H/MuCOX7uCIJmQVRKBcbmWoySjAnSg==",
"license": "MIT",
"dependencies": {
"@octokit/openapi-types": "^26.0.0"
"@octokit/openapi-types": "^27.0.0"
}
},
"node_modules/@pkgjs/parseargs": {
@@ -914,9 +908,9 @@
}
},
"node_modules/@sinonjs/fake-timers": {
"version": "15.0.0",
"resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-15.0.0.tgz",
"integrity": "sha512-dlUB2oL+hDIYkIq/OWFBDhQAuU6kDey3eeMiYpVb7UXHhkMq/r1HloKXAbJwJZpYWkFWsydLjMqDpueMUEOjXQ==",
"version": "15.1.0",
"resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-15.1.0.tgz",
"integrity": "sha512-cqfapCxwTGsrR80FEgOoPsTonoefMBY7dnUEbQ+GRcved0jvkJLzvX6F4WtN+HBqbPX/SiFsIRUp+IrCW/2I2w==",
"dev": true,
"license": "BSD-3-Clause",
"dependencies": {
@@ -985,7 +979,6 @@
"integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
"dev": true,
"license": "MIT",
"peer": true,
"bin": {
"acorn": "bin/acorn"
},
@@ -1182,9 +1175,9 @@
"dev": true
},
"node_modules/brace-expansion": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -1623,9 +1616,9 @@
}
},
"node_modules/dotenv": {
"version": "17.2.3",
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.2.3.tgz",
"integrity": "sha512-JVUnt+DUIzu87TABbhPmNfVdBDt18BLOWjMUFJMSi/Qqg7NTYtabbvSNJGOJ7afbRuv9D/lngizHtP7QyLQ+9w==",
"version": "17.3.1",
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.3.1.tgz",
"integrity": "sha512-IO8C/dzEb6O3F9/twg6ZLXz164a2fhTnEWb95H23Dm4OuN+92NmEAlTrupP9VW6Jm3sO26tQlqyvyi4CsnY9GA==",
"dev": true,
"license": "BSD-2-Clause",
"engines": {
@@ -1661,9 +1654,9 @@
"dev": true
},
"node_modules/esbuild": {
"version": "0.25.10",
"resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.10.tgz",
"integrity": "sha512-9RiGKvCwaqxO2owP61uQ4BgNborAQskMR6QusfWzQqv7AZOg5oGehdY2pRJMTKuwxd1IDBP4rSbI5lHzU7SMsQ==",
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.3.tgz",
"integrity": "sha512-8VwMnyGCONIs6cWue2IdpHxHnAjzxnw2Zr7MkVxB2vjmQ2ivqGFb4LEG3SMnv0Gb2F/G/2yA8zUaiL1gywDCCg==",
"dev": true,
"hasInstallScript": true,
"license": "MIT",
@@ -1674,32 +1667,32 @@
"node": ">=18"
},
"optionalDependencies": {
"@esbuild/aix-ppc64": "0.25.10",
"@esbuild/android-arm": "0.25.10",
"@esbuild/android-arm64": "0.25.10",
"@esbuild/android-x64": "0.25.10",
"@esbuild/darwin-arm64": "0.25.10",
"@esbuild/darwin-x64": "0.25.10",
"@esbuild/freebsd-arm64": "0.25.10",
"@esbuild/freebsd-x64": "0.25.10",
"@esbuild/linux-arm": "0.25.10",
"@esbuild/linux-arm64": "0.25.10",
"@esbuild/linux-ia32": "0.25.10",
"@esbuild/linux-loong64": "0.25.10",
"@esbuild/linux-mips64el": "0.25.10",
"@esbuild/linux-ppc64": "0.25.10",
"@esbuild/linux-riscv64": "0.25.10",
"@esbuild/linux-s390x": "0.25.10",
"@esbuild/linux-x64": "0.25.10",
"@esbuild/netbsd-arm64": "0.25.10",
"@esbuild/netbsd-x64": "0.25.10",
"@esbuild/openbsd-arm64": "0.25.10",
"@esbuild/openbsd-x64": "0.25.10",
"@esbuild/openharmony-arm64": "0.25.10",
"@esbuild/sunos-x64": "0.25.10",
"@esbuild/win32-arm64": "0.25.10",
"@esbuild/win32-ia32": "0.25.10",
"@esbuild/win32-x64": "0.25.10"
"@esbuild/aix-ppc64": "0.27.3",
"@esbuild/android-arm": "0.27.3",
"@esbuild/android-arm64": "0.27.3",
"@esbuild/android-x64": "0.27.3",
"@esbuild/darwin-arm64": "0.27.3",
"@esbuild/darwin-x64": "0.27.3",
"@esbuild/freebsd-arm64": "0.27.3",
"@esbuild/freebsd-x64": "0.27.3",
"@esbuild/linux-arm": "0.27.3",
"@esbuild/linux-arm64": "0.27.3",
"@esbuild/linux-ia32": "0.27.3",
"@esbuild/linux-loong64": "0.27.3",
"@esbuild/linux-mips64el": "0.27.3",
"@esbuild/linux-ppc64": "0.27.3",
"@esbuild/linux-riscv64": "0.27.3",
"@esbuild/linux-s390x": "0.27.3",
"@esbuild/linux-x64": "0.27.3",
"@esbuild/netbsd-arm64": "0.27.3",
"@esbuild/netbsd-x64": "0.27.3",
"@esbuild/openbsd-arm64": "0.27.3",
"@esbuild/openbsd-x64": "0.27.3",
"@esbuild/openharmony-arm64": "0.27.3",
"@esbuild/sunos-x64": "0.27.3",
"@esbuild/win32-arm64": "0.27.3",
"@esbuild/win32-ia32": "0.27.3",
"@esbuild/win32-x64": "0.27.3"
}
},
"node_modules/escalade": {
@@ -1753,9 +1746,9 @@
}
},
"node_modules/execa": {
"version": "9.6.0",
"resolved": "https://registry.npmjs.org/execa/-/execa-9.6.0.tgz",
"integrity": "sha512-jpWzZ1ZhwUmeWRhS7Qv3mhpOhLfwI+uAX4e5fOcXqwMR7EcJ0pj2kV1CVzHVMX/LphnKWD3LObjZCoJ71lKpHw==",
"version": "9.6.1",
"resolved": "https://registry.npmjs.org/execa/-/execa-9.6.1.tgz",
"integrity": "sha512-9Be3ZoN4LmYR90tUoVu2te2BsbzHfhJyfEiAVfz7N5/zv+jduIfLrV2xdQXOHbaD6KgpGdO9PRPM1Y4Q9QkPkA==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -2438,6 +2431,12 @@
"js-yaml": "bin/js-yaml.js"
}
},
"node_modules/json-with-bigint": {
"version": "3.5.7",
"resolved": "https://registry.npmjs.org/json-with-bigint/-/json-with-bigint-3.5.7.tgz",
"integrity": "sha512-7ei3MdAI5+fJPVnKlW77TKNKwQ5ppSzWvhPuSuINT/GYW9ZOC1eRKOuhV9yHG5aEsUPj9BBx5JIekkmoLHxZOw==",
"license": "MIT"
},
"node_modules/load-json-file": {
"version": "7.0.1",
"resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-7.0.1.tgz",
@@ -2466,10 +2465,11 @@
}
},
"node_modules/lodash": {
"version": "4.17.21",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
"dev": true
"version": "4.17.23",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
"dev": true,
"license": "MIT"
},
"node_modules/lru-cache": {
"version": "10.2.2",
@@ -2586,13 +2586,13 @@
}
},
"node_modules/minimatch": {
"version": "9.0.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
"integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
"version": "9.0.9",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
"integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"license": "ISC",
"dependencies": {
"brace-expansion": "^2.0.1"
"brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -2611,9 +2611,9 @@
}
},
"node_modules/minizlib": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.0.2.tgz",
"integrity": "sha512-oG62iEk+CYt5Xj2YqI5Xi9xWUeZhDI8jjQmC5oThVH5JGCTgIjr7ciJDzC7MBzYd//WvR1OTmP5Q38Q8ShQtVA==",
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz",
"integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -2623,22 +2623,6 @@
"node": ">= 18"
}
},
"node_modules/mkdirp": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz",
"integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==",
"dev": true,
"license": "MIT",
"bin": {
"mkdirp": "dist/cjs/src/bin.js"
},
"engines": {
"node": ">=10"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/ms": {
"version": "2.1.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
@@ -2817,9 +2801,9 @@
}
},
"node_modules/p-retry": {
"version": "7.1.0",
"resolved": "https://registry.npmjs.org/p-retry/-/p-retry-7.1.0.tgz",
"integrity": "sha512-xL4PiFRQa/f9L9ZvR4/gUCRNus4N8YX80ku8kv9Jqz+ZokkiZLM0bcvX0gm1F3PDi9SPRsww1BDsTWgE6Y1GLQ==",
"version": "7.1.1",
"resolved": "https://registry.npmjs.org/p-retry/-/p-retry-7.1.1.tgz",
"integrity": "sha512-J5ApzjyRkkf601HpEeykoiCvzHQjWxPAHhyjFcEUP2SWq0+35NKh8TLhpLw+Dkq5TZBFvUM6UigdE9hIVYTl5w==",
"license": "MIT",
"dependencies": {
"is-network-error": "^1.1.0"
@@ -3418,17 +3402,16 @@
}
},
"node_modules/tar": {
"version": "7.4.3",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.4.3.tgz",
"integrity": "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==",
"version": "7.5.11",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.11.tgz",
"integrity": "sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==",
"dev": true,
"license": "ISC",
"license": "BlueOak-1.0.0",
"dependencies": {
"@isaacs/fs-minipass": "^4.0.0",
"chownr": "^3.0.0",
"minipass": "^7.1.2",
"minizlib": "^3.0.1",
"mkdirp": "^3.0.1",
"minizlib": "^3.1.0",
"yallist": "^5.0.0"
},
"engines": {
@@ -3556,6 +3539,7 @@
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
"license": "MIT",
"engines": {
"node": ">=0.6.11 <=0.7.0 || >=0.7.3"
}
@@ -3582,9 +3566,9 @@
}
},
"node_modules/undici": {
"version": "7.16.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-7.16.0.tgz",
"integrity": "sha512-QEg3HPMll0o3t2ourKwOeUAZ159Kn9mx5pnzHRQO8+Wixmh88YdZRiIwat0iNzNNXn0yoEtXJqFpyW7eM8BV7g==",
"version": "7.24.1",
"resolved": "https://registry.npmjs.org/undici/-/undici-7.24.1.tgz",
"integrity": "sha512-5xoBibbmnjlcR3jdqtY2Lnx7WbrD/tHlT01TmvqZUFVc9Q1w4+j5hbnapTqbcXITMH1ovjq/W7BkqBilHiVAaA==",
"license": "MIT",
"engines": {
"node": ">=20.18.1"
@@ -3884,9 +3868,9 @@
"dev": true
},
"node_modules/yaml": {
"version": "2.8.1",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz",
"integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==",
"version": "2.8.2",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.2.tgz",
"integrity": "sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==",
"dev": true,
"license": "ISC",
"bin": {
@@ -3894,6 +3878,9 @@
},
"engines": {
"node": ">= 14.6"
},
"funding": {
"url": "https://github.com/sponsors/eemeli"
}
},
"node_modules/yargs": {
+11 -11
View File
@@ -2,7 +2,7 @@
"name": "create-github-app-token",
"private": true,
"type": "module",
"version": "2.2.0",
"version": "2.2.2",
"description": "GitHub Action for creating a GitHub App Installation Access Token",
"engines": {
"node": ">=20"
@@ -16,22 +16,22 @@
},
"license": "MIT",
"dependencies": {
"@actions/core": "^1.11.1",
"@octokit/auth-app": "^8.1.1",
"@octokit/request": "^10.0.3",
"p-retry": "^7.1.0",
"undici": "^7.16.0"
"@actions/core": "^3.0.0",
"@octokit/auth-app": "^8.2.0",
"@octokit/request": "^10.0.8",
"p-retry": "^7.1.1",
"undici": "^7.24.1"
},
"devDependencies": {
"@octokit/openapi": "^21.0.0",
"@sinonjs/fake-timers": "^15.0.0",
"@sinonjs/fake-timers": "^15.1.0",
"ava": "^6.4.1",
"c8": "^10.1.3",
"dotenv": "^17.2.3",
"esbuild": "^0.25.10",
"execa": "^9.6.0",
"dotenv": "^17.3.1",
"esbuild": "^0.27.3",
"execa": "^9.6.1",
"open-cli": "^8.0.0",
"yaml": "^2.8.1"
"yaml": "^2.8.2"
},
"release": {
"branches": [
+1 -1
View File
@@ -1,6 +1,6 @@
// @ts-check
import core from "@actions/core";
import * as core from "@actions/core";
import { post } from "./lib/post.js";
import request from "./lib/request.js";
@@ -0,0 +1,40 @@
import { test } from "./main.js";
// Verify `main` handles when no enterprise installation is found.
await test((mockPool) => {
delete process.env.INPUT_OWNER;
delete process.env.INPUT_REPOSITORIES;
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
// Mock the /app/installations endpoint to return only non-enterprise installations
mockPool
.intercept({
path: "/app/installations",
method: "GET",
headers: {
accept: "application/vnd.github.v3+json",
"user-agent": "actions/create-github-app-token",
// Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
},
})
.reply(
200,
[
{
id: "111111",
app_slug: "github-actions",
target_type: "Organization",
account: { login: "some-org" }
},
{
id: "222222",
app_slug: "github-actions",
target_type: "User",
account: { login: "some-user" }
}
],
{ headers: { "content-type": "application/json" } }
);
});
@@ -0,0 +1,16 @@
import { DEFAULT_ENV } from "./main.js";
// Verify `main` exits with an error when `enterprise-slug` is used with both `owner` and `repositories` inputs.
try {
// Set up environment with enterprise-slug, owner, and repositories all set
for (const [key, value] of Object.entries(DEFAULT_ENV)) {
process.env[key] = value;
}
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
process.env.INPUT_OWNER = "test-owner";
process.env.INPUT_REPOSITORIES = "repo1,repo2";
await import("../main.js");
} catch (error) {
console.error(error.message);
}
@@ -0,0 +1,15 @@
import { DEFAULT_ENV } from "./main.js";
// Verify `main` exits with an error when `enterprise-slug` is used with `owner` input.
try {
// Set up environment with enterprise-slug and owner set
for (const [key, value] of Object.entries(DEFAULT_ENV)) {
process.env[key] = value;
}
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
process.env.INPUT_OWNER = "test-owner";
await import("../main.js");
} catch (error) {
console.error(error.message);
}
@@ -0,0 +1,15 @@
import { DEFAULT_ENV } from "./main.js";
// Verify `main` exits with an error when `enterprise-slug` is used with `repositories` input.
try {
// Set up environment with enterprise-slug and repositories set
for (const [key, value] of Object.entries(DEFAULT_ENV)) {
process.env[key] = value;
}
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
process.env.INPUT_REPOSITORIES = "repo1,repo2";
await import("../main.js");
} catch (error) {
console.error(error.message);
}
@@ -0,0 +1,34 @@
import { test } from "./main.js";
// Verify `main` successfully obtains a token when only the `enterprise-slug` input is set.
await test((mockPool) => {
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
delete process.env.INPUT_OWNER;
delete process.env.INPUT_REPOSITORIES;
// Mock the /app/installations endpoint to return an enterprise installation
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";
mockPool
.intercept({
path: "/app/installations",
method: "GET",
headers: {
accept: "application/vnd.github.v3+json",
"user-agent": "actions/create-github-app-token",
// Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
},
})
.reply(
200,
[
{
id: mockInstallationId,
app_slug: mockAppSlug,
target_type: "Enterprise",
account: { login: "test-enterprise", slug: "test-enterprise" }
}
],
{ headers: { "content-type": "application/json" } }
);
});
@@ -0,0 +1,34 @@
import { test } from "./main.js";
// Verify `main` successfully generates enterprise token with basic functionality.
await test((mockPool) => {
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
delete process.env.INPUT_OWNER;
delete process.env.INPUT_REPOSITORIES;
// Mock the /app/installations endpoint to return an enterprise installation
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";
mockPool
.intercept({
path: "/app/installations",
method: "GET",
headers: {
accept: "application/vnd.github.v3+json",
"user-agent": "actions/create-github-app-token",
// Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
},
})
.reply(
200,
[
{
id: mockInstallationId,
app_slug: mockAppSlug,
target_type: "Enterprise",
account: { login: "test-enterprise", slug: "test-enterprise" }
}
],
{ headers: { "content-type": "application/json" } }
);
});
@@ -0,0 +1,36 @@
import { test } from "./main.js";
// Verify `main` successfully generates enterprise token with specific permissions.
await test((mockPool) => {
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
delete process.env.INPUT_OWNER;
delete process.env.INPUT_REPOSITORIES;
process.env["INPUT_PERMISSION-ENTERPRISE-ORGANIZATIONS"] = "read";
process.env["INPUT_PERMISSION-ENTERPRISE-PEOPLE"] = "write";
// Mock the /app/installations endpoint to return an enterprise installation
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";
mockPool
.intercept({
path: "/app/installations",
method: "GET",
headers: {
accept: "application/vnd.github.v3+json",
"user-agent": "actions/create-github-app-token",
// Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
},
})
.reply(
200,
[
{
id: mockInstallationId,
app_slug: mockAppSlug,
target_type: "Enterprise",
account: { login: "test-enterprise", slug: "test-enterprise" }
}
],
{ headers: { "content-type": "application/json" } }
);
});
+133
View File
@@ -39,6 +39,139 @@ Generated by [AVA](https://avajs.dev).
POST /api/v3/app/installations/123456/access_tokens␊
{"repositories":["create-github-app-token"]}`
## main-enterprise-installation-not-found.test.js
> stderr
`Error: No enterprise installation found matching the name test-enterprise. Available installations: Organization:some-org, User:some-user␊
at getTokenFromEnterprise (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:230:11)␊
at process.processTicksAndRejections (node:internal/process/task_queues:104:5)␊
at async pRetry (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/node_modules/p-retry/index.js:197:19)␊
at async main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:95:52)␊
at async test (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main.js:111:3)␊
at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-installation-not-found.test.js:5:1`
> stdout
`Creating enterprise installation token for enterprise "test-enterprise".␊
Failed to create token for enterprise "test-enterprise" (attempt 1): undefined␊
--- REQUESTS ---␊
GET /app/installations`
## main-enterprise-mutual-exclusivity-both.test.js
> stderr
`Error: Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs␊
at main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:31:11)␊
at file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/main.js:33:16␊
at ModuleJob.run (node:internal/modules/esm/module_job:430:25)␊
at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:639:26)␊
at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-mutual-exclusivity-both.test.js:13:3`
> stdout
''
## main-enterprise-mutual-exclusivity-owner.test.js
> stderr
`Error: Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs␊
at main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:31:11)␊
at file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/main.js:33:16␊
at ModuleJob.run (node:internal/modules/esm/module_job:430:25)␊
at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:639:26)␊
at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-mutual-exclusivity-owner.test.js:12:3`
> stdout
''
## main-enterprise-mutual-exclusivity-repositories.test.js
> stderr
`Error: Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs␊
at main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:31:11)␊
at file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/main.js:33:16␊
at ModuleJob.run (node:internal/modules/esm/module_job:430:25)␊
at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:639:26)␊
at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-mutual-exclusivity-repositories.test.js:12:3`
> stdout
''
## main-enterprise-only-success.test.js
> stderr
''
> stdout
`Creating enterprise installation token for enterprise "test-enterprise".␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
--- REQUESTS ---␊
GET /app/installations␊
POST /app/installations/123456/access_tokens␊
null`
## main-enterprise-token-success.test.js
> stderr
''
> stdout
`Creating enterprise installation token for enterprise "test-enterprise".␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
--- REQUESTS ---␊
GET /app/installations␊
POST /app/installations/123456/access_tokens␊
null`
## main-enterprise-token-with-permissions.test.js
> stderr
''
> stdout
`Creating enterprise installation token for enterprise "test-enterprise".␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
--- REQUESTS ---␊
GET /app/installations␊
POST /app/installations/123456/access_tokens␊
{"permissions":{"enterprise_organizations":"read","enterprise_people":"write"}}`
## main-missing-owner.test.js
> stderr
Binary file not shown.