Commit Graph

100 Commits

Author SHA1 Message Date
dependabot[bot] 06bca4509d chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/artifact
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-14 04:17:32 +00:00
Daniel Kennedy 6fe3c0f3e6 Artifact upload: support uploading single un-zipped files (#2256)
* Artifact upload: support uploading single un-zipped files

* Fix linters

* Fix lint again

* Fix tests

* Check for 0 sized artifact lists

* Add some more stream tests and handle an upload failure gracefully

* Add CI tests for non-zipped artifacts

* Add an html report to test rendering in the browser

* Fix linting issue

* Artifact: bump the version and add release notes

* Fix Windows tests

* Fix linting

* stream: switch the error details to error type

* Refactor the validation logic in `uploadArtifact` a bit

* Added more details about how the name parameter is handled
2026-02-25 11:01:38 -05:00
dependabot[bot] 8351a5d84d chore(deps): bump fast-xml-parser in /packages/artifact (#2285)
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.3 to 5.3.4.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.3...v5.3.4)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.3.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-30 16:26:32 -05:00
Daniel Kennedy 975fcbd402 Artifact download: don't unzip non-zip artifacts (#2253)
* Download artifact: don't extract the downloaded file if the content-type isn't a zip

* Remove unused `import`

* Add support for specifying whether to skip decompressing

* Prevent path traversal attacks

* Fix indenting

* Update packages/artifact/__tests__/download-artifact.test.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Parse the mime type out of the content-type header

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Fix some linting issues

* Swap `zip` for `application/zip-compressed`

* Test: negative check for malicious paths

* Increase the timeout on one of the tests

* Check the URL path for `.zip` to see if we can auto-decompress

* Fix linting issue

* Bump the package version and add release notes

* Remove `launch.json`

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-30 12:18:38 -05:00
Daniel Kennedy 5793b08cd9 @actions/artifact: convert to an ESM module (#2266)
* `@actions/artifact`: convert to an ESM module

* Update the package-lock.json

* Undo the GHES ignores

* Fix the reference to `@actions/http-client` in the lock file

* Bump `@actions/core` to `3.0.0`

* Remove `jest.config.cjs`

* Import `OctoKitOptions` from `@octokit/core/types`

* Pull the package version from `package.json`

* Workaround getting the package version for the user-agent

* Fix the `archiver` import

* Fix linting
2026-01-29 09:52:09 -05:00
Daniel Kennedy 76339b5f68 Bump @actions/http-client and @actions/github on all packages 2026-01-27 13:31:31 -05:00
Lokesh Gopu b77f226465 Merge pull request #2249 from actions/fix/upgrade-octokit-dependencies
upgrade octokit dependencies
2026-01-22 14:46:12 -05:00
Lokesh Gopu f61ae48376 upgrade octokit dependencies 2026-01-22 11:59:59 -05:00
dependabot[bot] bd561a6765 chore(deps): bump lodash from 4.17.21 to 4.17.23
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-22 00:03:54 +00:00
copilot-swe-agent[bot] be4fdc505f Fix package-lock.json to mark typescript as dev dependency
Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>
2026-01-07 22:10:30 +00:00
copilot-swe-agent[bot] dfc20acda2 Verify changes with tests - all package-specific tests passing
Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>
2026-01-07 22:03:56 +00:00
Salman Muin Kayser Chishti b71834a510 fix(artifact): update @azure/storage-blob to ^12.29.1 and remove deprecated packages 2025-12-12 15:01:31 +00:00
Salman Muin Kayser Chishti fcaf488df6 chore(artifact): bump version to v5.0.0 2025-12-11 20:45:49 +00:00
Salman Muin Kayser Chishti 3af0128b01 chore(artifact): bump dependencies for Node.js 24 support 2025-12-11 19:20:51 +00:00
Salman Muin Kayser Chishti 8883833d6d chore: fix npm audit vulnerabilities (glob, js-yaml) 2025-12-08 21:14:00 +00:00
Daniel Kennedy 1388fd1cac Artifact: prepare 4.0.0 2025-10-24 13:28:26 -04:00
Salman Muin Kayser Chishti b0d901f9c2 rebase led to this changing so reverting 2025-10-15 16:37:38 +01:00
Daniel Kennedy ee5d8970ad Take a direct dependency on @azure/core-http 2025-10-15 16:26:39 +01:00
dependabot[bot] 2874e3a741 Bump the artifact-minor-patch group in /packages/artifact with 5 updates
Bumps the artifact-minor-patch group in /packages/artifact with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `1.10.0` | `1.11.1` |
| [@azure/storage-blob](https://github.com/Azure/azure-sdk-for-js) | `12.15.0` | `12.28.0` |
| [@protobuf-ts/plugin](https://github.com/timostamm/protobuf-ts/tree/HEAD/packages/plugin) | `2.9.1` | `2.11.1` |
| [typedoc](https://github.com/TypeStrong/TypeDoc) | `0.25.4` | `0.28.13` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.2.2` | `5.9.2` |

Updates `@actions/core` from 1.10.0 to 1.11.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@azure/storage-blob` from 12.15.0 to 12.28.0
- [Release notes](https://github.com/Azure/azure-sdk-for-js/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/Changelog-for-next-generation.md)
- [Commits](https://github.com/Azure/azure-sdk-for-js/compare/@azure/storage-blob_12.15.0...@azure/storage-blob_12.28.0)

Updates `@protobuf-ts/plugin` from 2.9.1 to 2.11.1
- [Release notes](https://github.com/timostamm/protobuf-ts/releases)
- [Commits](https://github.com/timostamm/protobuf-ts/commits/v2.11.1/packages/plugin)

Updates `typedoc` from 0.25.4 to 0.28.13
- [Release notes](https://github.com/TypeStrong/TypeDoc/releases)
- [Changelog](https://github.com/TypeStrong/typedoc/blob/master/CHANGELOG.md)
- [Commits](https://github.com/TypeStrong/TypeDoc/compare/v0.25.4...v0.28.13)

Updates `typescript` from 5.2.2 to 5.9.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.2.2...v5.9.2)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: artifact-minor-patch
- dependency-name: "@azure/storage-blob"
  dependency-version: 12.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: artifact-minor-patch
- dependency-name: "@protobuf-ts/plugin"
  dependency-version: 2.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: artifact-minor-patch
- dependency-name: typedoc
  dependency-version: 0.28.13
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: artifact-minor-patch
- dependency-name: typescript
  dependency-version: 5.9.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: artifact-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-15 16:25:54 +01:00
Salman Muin Kayser Chishti 33a9b6c09c update with dist updates 2025-10-15 16:22:51 +01:00
Salman Muin Kayser Chishti 7aea3e735f changes 2025-09-08 15:37:51 +01:00
Salman Muin Kayser Chishti b738f10ef3 package updates 2025-09-04 15:15:02 +01:00
Ryan Ghadimi 6444290c57 release prep 2025-05-08 08:53:55 +00:00
Ryan Ghadimi f32d6bc043 bump octokit core 2025-05-08 08:42:32 +00:00
Ryan Ghadimi 2e4ab87130 artifact deps 2025-05-08 08:38:48 +00:00
Salman Chishti c40bccc9c3 Use patch instead of minor 2025-03-17 14:08:42 +00:00
Salman Chishti 4d4bbebd6a update package-lock.json 2025-03-17 12:47:54 +00:00
Ryan Ghadimi b2d2270685 Bump package.json 2025-03-11 11:02:42 +00:00
Ryan Ghadimi 20fee3ea63 Update @actions/artifact version to 2.3.0 2025-03-10 15:12:36 +00:00
Ryan Ghadimi b85d4e6b38 Prepare for Artifact v2.2.3 release 2025-03-07 10:14:36 +00:00
Yang Cao a62f530b6f Update package-lock.json 2025-02-20 21:20:28 +00:00
Rob Herley e0c069db55 remove runtime dependency on twirp-ts 2025-01-27 17:52:55 +00:00
Yang Cao 3095d112ef Prep release packages/artifact v2.2.1 2025-01-08 21:11:59 +00:00
Brian DeHamer 4426b4ea91 Prepare artifact release 2.2.0
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-12-17 10:05:45 -08:00
Bassem Dghaidi ab58a59f33 Bump cross-spawn to 7.0.6 2024-11-20 14:02:54 -08:00
Rob Herley 545e0e6b95 properly resolve relative symlinks 2024-10-08 12:35:48 -04:00
JoannaaKL c18a7d2f73 Merge pull request #1815 from mydea/fn/remove-crypto
Use native `crypto` package from node
2024-10-07 11:06:38 +02:00
Rob Herley 2a8f1c5ddd bump package lock version 2024-10-01 16:43:30 -04:00
Rob Herley 7f19a7886a fix regression, auto readlink on symlinks again 2024-09-20 17:23:43 -04:00
Francesco Novy 2e1998fc42 update lockfile 2024-08-30 09:41:33 +02:00
Rob Herley 76b6e24aee bump pkg lock 2024-07-31 10:12:04 -04:00
Rob Herley 56832696fc npm audit fix 2024-07-03 17:03:40 +00:00
bethanyj28 0159bbe7f2 bump version 2024-04-23 16:03:52 -04:00
bethanyj28 476276bf98 use latest unzip-stream 2024-04-23 15:54:54 -04:00
Vallie Joseph fa1cb5d153 correcting imports 2024-04-15 16:49:47 +00:00
Vallie Joseph e998cf1216 cleaning up tests 2024-04-15 16:32:31 +00:00
Vallie Joseph 4fc93ec115 . 2024-04-09 19:01:54 +00:00
Vallie Joseph f98ccd1e39 updating tests 2024-04-09 18:21:41 +00:00
Vallie Joseph 2e7a11c409 upgrading archiver package along with chunk timeout 2024-04-09 18:02:48 +00:00
bethanyj28 4799020e28 bump version 2024-03-01 13:04:16 -05:00