Aiqiao Yan
0607d7a54b
release new versions for a few packages
2026-04-21 17:15:02 +00:00
Aiqiao Yan
4ee32849b4
Merge pull request #2346 from actions/dependabot/npm_and_yarn/packages/github/undici-6.24.0
...
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/github
2026-04-21 12:55:26 -04:00
Aiqiao Yan
d76f9fe99a
Merge pull request #2348 from actions/dependabot/npm_and_yarn/packages/core/undici-6.24.1
...
chore(deps): bump undici from 6.23.0 to 6.24.1 in /packages/core
2026-04-21 12:54:48 -04:00
Aiqiao Yan
7e08d73d76
Merge pull request #2345 from actions/dependabot/npm_and_yarn/packages/glob/undici-6.24.0
...
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/glob
2026-04-21 12:42:56 -04:00
ICHINOSE Shogo
16cd46c365
Merge branch 'main' into bump-minimatch-v10
2026-04-21 21:43:27 +09:00
Aiqiao Yan
75b8dd1009
Merge pull request #2369 from actions/dependabot/npm_and_yarn/packages/glob/brace-expansion-1.1.13
...
chore(deps): bump brace-expansion from 1.1.12 to 1.1.13 in /packages/glob
2026-04-20 17:44:57 -04:00
Aiqiao Yan
54ad3ca9ba
Merge pull request #2347 from actions/dependabot/npm_and_yarn/packages/http-client/undici-6.24.0
...
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/http-client
2026-04-20 17:34:56 -04:00
dependabot[bot]
140509034c
chore(deps): bump brace-expansion in /packages/glob
...
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion ) from 1.1.12 to 1.1.13.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases )
- [Commits](https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.13 )
---
updated-dependencies:
- dependency-name: brace-expansion
dependency-version: 1.1.13
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-08 20:54:11 +00:00
Salman Chishti
e4598e374b
chore: bump @actions/github to 9.1.0 for release
...
- Version bump 9.0.0 → 9.1.0 in package.json
- Update RELEASES.md with idempotency guard note and PR link
2026-04-08 20:07:19 +00:00
Salman Chishti
3643ce2db4
style: fix prettier formatting in orchestration tests
2026-04-08 19:38:31 +00:00
Salman Chishti
ffeb50bd02
fix: prevent duplicate orchestration ID in user-agent
...
Add idempotency check to getUserAgentWithOrchestrationId — if the
tag is already present in baseUserAgent, return it unchanged. This
prevents doubling when both the exported helper and getOctokitOptions
run for the same client.
2026-04-08 16:49:32 +00:00
Salman Chishti
b0917c5a37
style: fix prettier formatting in orchestration tests
2026-04-07 16:35:32 +00:00
Salman Chishti
a8ea745713
feat(github): append orchestration ID to user-agent in getOctokitOptions
...
When ACTIONS_ORCHESTRATION_ID is set, appends
actions_orchestration_id/{sanitizedId} to the user-agent string.
- Add getUserAgentWithOrchestrationId() to internal/utils.ts
- Wire into getOctokitOptions() so all getOctokit() calls include it
- Re-export helper from @actions/github/lib/utils for downstream consumers
- 14 deterministic unit tests covering helper, integration, edge cases
2026-04-07 16:16:11 +00:00
ICHINOSE Shogo
74fcfdbd10
@actions/glob: add some comments for the regression testing
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-03-20 19:56:02 +09:00
ICHINOSE Shogo
20647b6bcf
@actions/core: update regression test with minimatch v3
2026-03-20 19:24:19 +09:00
ICHINOSE Shogo
6bd5e50ee1
@actions/glob: bump minimatch from v3.0.4 to v10.2.4
2026-03-20 18:00:34 +09:00
dependabot[bot]
7c6cc28ed5
chore(deps): bump undici from 6.23.0 to 6.24.1 in /packages/core
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.23.0 to 6.24.1.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.1 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.24.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-14 09:09:41 +00:00
dependabot[bot]
8f62bc23d1
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/http-client
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.24.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-14 05:22:04 +00:00
dependabot[bot]
bbaffb4bb3
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/github
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.24.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-14 04:56:28 +00:00
dependabot[bot]
c23cc6e61c
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/glob
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.24.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-14 04:40:06 +00:00
dependabot[bot]
06bca4509d
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/artifact
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.24.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-14 04:17:32 +00:00
Daniel Kennedy
21229dc09e
Artifact: support downloading artifacts with CJK characters in their name ( #2341 )
...
* Artifact: support downloading artifacts with CJK characters in their name
* Fix some linting/PR comments
* One more linting fix
2026-03-11 09:30:15 -04:00
dependabot[bot]
89f01c9125
chore(deps): bump tar from 7.5.7 to 7.5.10 in /packages/attest
...
Bumps [tar](https://github.com/isaacs/node-tar ) from 7.5.7 to 7.5.10.
- [Release notes](https://github.com/isaacs/node-tar/releases )
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.10 )
---
updated-dependencies:
- dependency-name: tar
dependency-version: 7.5.10
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-06 13:29:24 +00:00
Zachary Taylor
bd4fb086f1
Update UsageError in cache
2026-02-26 14:31:12 -05:00
Zachary Taylor
49c3d09c01
Update error message
2026-02-26 14:28:46 -05:00
Brian DeHamer
69f29a1b1c
Update packages/attest/src/artifactMetadata.ts
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-02-25 17:40:10 -08:00
Brian DeHamer
7987771a2b
new user-agent string for storage record API reqs
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2026-02-25 15:36:27 -08:00
Brian DeHamer
605cc18397
Merge pull request #2320 from actions/bdehamer/attest-orchestration-id
...
custom user-agent string for attestation API reqs
2026-02-25 11:25:53 -08:00
Brian DeHamer
27e5a955bf
custom user-agent string for attestation API reqs
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2026-02-25 11:20:54 -08:00
Daniel Kennedy
6fe3c0f3e6
Artifact upload: support uploading single un-zipped files ( #2256 )
...
* Artifact upload: support uploading single un-zipped files
* Fix linters
* Fix lint again
* Fix tests
* Check for 0 sized artifact lists
* Add some more stream tests and handle an upload failure gracefully
* Add CI tests for non-zipped artifacts
* Add an html report to test rendering in the browser
* Fix linting issue
* Artifact: bump the version and add release notes
* Fix Windows tests
* Fix linting
* stream: switch the error details to error type
* Refactor the validation logic in `uploadArtifact` a bit
* Added more details about how the name parameter is handled
2026-02-25 11:01:38 -05:00
Daniel Kennedy
8c90e2297a
fix(tests): close sockets to remove a Jest warning about resources outliving their tests ( #2279 )
2026-02-13 12:05:37 -05:00
dependabot[bot]
8351a5d84d
chore(deps): bump fast-xml-parser in /packages/artifact ( #2285 )
...
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser ) from 5.3.3 to 5.3.4.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases )
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.3...v5.3.4 )
---
updated-dependencies:
- dependency-name: fast-xml-parser
dependency-version: 5.3.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-30 16:26:32 -05:00
Daniel Kennedy
975fcbd402
Artifact download: don't unzip non-zip artifacts ( #2253 )
...
* Download artifact: don't extract the downloaded file if the content-type isn't a zip
* Remove unused `import`
* Add support for specifying whether to skip decompressing
* Prevent path traversal attacks
* Fix indenting
* Update packages/artifact/__tests__/download-artifact.test.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Parse the mime type out of the content-type header
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Fix some linting issues
* Swap `zip` for `application/zip-compressed`
* Test: negative check for malicious paths
* Increase the timeout on one of the tests
* Check the URL path for `.zip` to see if we can auto-decompress
* Fix linting issue
* Bump the package version and add release notes
* Remove `launch.json`
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-30 12:18:38 -05:00
dependabot[bot]
1c20378379
chore(deps): bump tar from 7.5.6 to 7.5.7 in /packages/attest
...
Bumps [tar](https://github.com/isaacs/node-tar ) from 7.5.6 to 7.5.7.
- [Release notes](https://github.com/isaacs/node-tar/releases )
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.6...v7.5.7 )
---
updated-dependencies:
- dependency-name: tar
dependency-version: 7.5.7
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-29 20:20:49 +00:00
Daniel Kennedy
0be0a6ef89
@actions/attest: convert to an ESM module (#2278 )
2026-01-29 15:19:39 -05:00
Daniel Kennedy
ae29a2751b
@actions/cache: convert to an ESM module (#2275 )
...
* `@actions/cache`: convert to an ESM module
* Update the fixture to ESM syntax
* Update the cache workflows
* Bump `@actions/glob` to `0.6.1`
* Fix awaiting in the cache unit tests
* Fix a type issues in contracts
* Export the `DownloadOptions`/`UploadOptions` like before
* More cache test fixes
* Make the cache units tests better
* Add some more logging
* Add retries to restore-cache.mjs
2026-01-29 14:23:32 -05:00
Daniel Kennedy
b48854e1ac
@actions/glob: fix minimatch imports (#2276 )
2026-01-29 13:30:54 -05:00
Daniel Kennedy
9d912b1840
@actions/tool-cache: convert to an ESM module (#2274 )
...
* `@actions/tool-cache`: convert to an ESM module
* Fix jest config
* Downgrade `nock` since it's conflicting with `@actions/attest`'s version
2026-01-29 11:26:14 -05:00
Daniel Kennedy
7a0147b5c6
@actions/glob: convert to an ESM module (#2273 )
...
* `@actions/glob`: convert to an ESM module
* Update packages/glob/RELEASES.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-29 10:41:33 -05:00
Daniel Kennedy
5793b08cd9
@actions/artifact: convert to an ESM module (#2266 )
...
* `@actions/artifact`: convert to an ESM module
* Update the package-lock.json
* Undo the GHES ignores
* Fix the reference to `@actions/http-client` in the lock file
* Bump `@actions/core` to `3.0.0`
* Remove `jest.config.cjs`
* Import `OctoKitOptions` from `@octokit/core/types`
* Pull the package version from `package.json`
* Workaround getting the package version for the user-agent
* Fix the `archiver` import
* Fix linting
2026-01-29 09:52:09 -05:00
Daniel Kennedy
ed3ea3b5ba
@actions/core: convert to ESM module
2026-01-28 20:50:58 -05:00
Daniel Kennedy
c9c663babe
Bump @actions/io to 3.0.2
2026-01-28 15:59:40 -05:00
Daniel Kennedy
0fc1805b46
@actions/exec: convert to ESM module
2026-01-28 15:59:40 -05:00
Daniel Kennedy
a6e9f4bab2
@actions/io: update lock file version
2026-01-28 14:36:03 -05:00
Daniel Kennedy
758b556388
@actions/io: export lib/io-util
2026-01-28 14:08:19 -05:00
Daniel Kennedy
9e060cb3e1
Add release notes
2026-01-28 13:33:17 -05:00
Daniel Kennedy
5501ba08b7
@actions/io: convert to ESM module
2026-01-28 13:33:17 -05:00
Daniel Kennedy
4446f00fc7
Add a release entry for 4.0.0
2026-01-28 10:27:09 -05:00
Daniel Kennedy
965dcc7493
Fix a JSON lint issue
2026-01-28 10:27:09 -05:00
Daniel Kennedy
d464f9dd60
Add proxy/interfaces exports
2026-01-28 10:27:09 -05:00