Daniel Kennedy
d584ea9caa
Fix tests
2026-02-24 11:46:51 -05:00
Daniel Kennedy
e6d08abdfe
Fix lint again
2026-02-24 11:22:39 -05:00
Daniel Kennedy
5e583a8e00
Fix linters
2026-02-24 11:22:39 -05:00
Daniel Kennedy
42ecbbbdb4
Artifact upload: support uploading single un-zipped files
2026-02-24 11:22:39 -05:00
Daniel Kennedy
8c90e2297a
fix(tests): close sockets to remove a Jest warning about resources outliving their tests ( #2279 )
2026-02-13 12:05:37 -05:00
dependabot[bot]
8351a5d84d
chore(deps): bump fast-xml-parser in /packages/artifact ( #2285 )
...
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser ) from 5.3.3 to 5.3.4.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases )
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.3...v5.3.4 )
---
updated-dependencies:
- dependency-name: fast-xml-parser
dependency-version: 5.3.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-30 16:26:32 -05:00
Daniel Kennedy
5203b671f1
Releases: use ubuntu-latest instead of macos-latest-large ( #2284 )
2026-01-30 16:04:52 -05:00
Daniel Kennedy
975fcbd402
Artifact download: don't unzip non-zip artifacts ( #2253 )
...
* Download artifact: don't extract the downloaded file if the content-type isn't a zip
* Remove unused `import`
* Add support for specifying whether to skip decompressing
* Prevent path traversal attacks
* Fix indenting
* Update packages/artifact/__tests__/download-artifact.test.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Parse the mime type out of the content-type header
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Fix some linting issues
* Swap `zip` for `application/zip-compressed`
* Test: negative check for malicious paths
* Increase the timeout on one of the tests
* Check the URL path for `.zip` to see if we can auto-decompress
* Fix linting issue
* Bump the package version and add release notes
* Remove `launch.json`
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-30 12:18:38 -05:00
Tingting Wang
ffae274475
Merge pull request #2268 from actions/dependabot/npm_and_yarn/packages/attest/tar-7.5.7
...
chore(deps): bump tar from 7.5.6 to 7.5.7 in /packages/attest
2026-01-29 13:01:33 -08:00
dependabot[bot]
1c20378379
chore(deps): bump tar from 7.5.6 to 7.5.7 in /packages/attest
...
Bumps [tar](https://github.com/isaacs/node-tar ) from 7.5.6 to 7.5.7.
- [Release notes](https://github.com/isaacs/node-tar/releases )
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.6...v7.5.7 )
---
updated-dependencies:
- dependency-name: tar
dependency-version: 7.5.7
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-29 20:20:49 +00:00
Daniel Kennedy
0be0a6ef89
@actions/attest: convert to an ESM module (#2278 )
2026-01-29 15:19:39 -05:00
Daniel Kennedy
ae29a2751b
@actions/cache: convert to an ESM module (#2275 )
...
* `@actions/cache`: convert to an ESM module
* Update the fixture to ESM syntax
* Update the cache workflows
* Bump `@actions/glob` to `0.6.1`
* Fix awaiting in the cache unit tests
* Fix a type issues in contracts
* Export the `DownloadOptions`/`UploadOptions` like before
* More cache test fixes
* Make the cache units tests better
* Add some more logging
* Add retries to restore-cache.mjs
2026-01-29 14:23:32 -05:00
Daniel Kennedy
b48854e1ac
@actions/glob: fix minimatch imports (#2276 )
2026-01-29 13:30:54 -05:00
Daniel Kennedy
9d912b1840
@actions/tool-cache: convert to an ESM module (#2274 )
...
* `@actions/tool-cache`: convert to an ESM module
* Fix jest config
* Downgrade `nock` since it's conflicting with `@actions/attest`'s version
2026-01-29 11:26:14 -05:00
Daniel Kennedy
7a0147b5c6
@actions/glob: convert to an ESM module (#2273 )
...
* `@actions/glob`: convert to an ESM module
* Update packages/glob/RELEASES.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-29 10:41:33 -05:00
Daniel Kennedy
5793b08cd9
@actions/artifact: convert to an ESM module (#2266 )
...
* `@actions/artifact`: convert to an ESM module
* Update the package-lock.json
* Undo the GHES ignores
* Fix the reference to `@actions/http-client` in the lock file
* Bump `@actions/core` to `3.0.0`
* Remove `jest.config.cjs`
* Import `OctoKitOptions` from `@octokit/core/types`
* Pull the package version from `package.json`
* Workaround getting the package version for the user-agent
* Fix the `archiver` import
* Fix linting
2026-01-29 09:52:09 -05:00
Daniel Kennedy
ed3ea3b5ba
@actions/core: convert to ESM module
2026-01-28 20:50:58 -05:00
Daniel Kennedy
c9c663babe
Bump @actions/io to 3.0.2
2026-01-28 15:59:40 -05:00
Daniel Kennedy
0fc1805b46
@actions/exec: convert to ESM module
2026-01-28 15:59:40 -05:00
Daniel Kennedy
a6e9f4bab2
@actions/io: update lock file version
2026-01-28 14:36:03 -05:00
Daniel Kennedy
758b556388
@actions/io: export lib/io-util
2026-01-28 14:08:19 -05:00
Daniel Kennedy
9e060cb3e1
Add release notes
2026-01-28 13:33:17 -05:00
Daniel Kennedy
5501ba08b7
@actions/io: convert to ESM module
2026-01-28 13:33:17 -05:00
Daniel Kennedy
4446f00fc7
Add a release entry for 4.0.0
2026-01-28 10:27:09 -05:00
Daniel Kennedy
965dcc7493
Fix a JSON lint issue
2026-01-28 10:27:09 -05:00
Daniel Kennedy
d464f9dd60
Add proxy/interfaces exports
2026-01-28 10:27:09 -05:00
Daniel Kennedy
c9ab4f9548
http-client: convert to ESM
2026-01-28 10:27:09 -05:00
Lokesh Gopu
a2986ee511
Merge pull request #2260 from actions/lokesh755-actions-github-v9-esm
...
ESM-only with updated @octokit dependencies
2026-01-27 15:58:18 -05:00
Daniel Kennedy
e827417593
Bump @actions/glob to 0.5.1 in @actions/cache
2026-01-27 15:43:44 -05:00
Lokesh Gopu
b05d26b3fa
ESM-only with updated @octokit dependencies
2026-01-27 15:35:32 -05:00
Daniel Kennedy
ecdfc18bf2
Bump @actions/glob version to 0.5.1
2026-01-27 14:55:56 -05:00
Daniel Kennedy
e8e0ce7ad8
Bump @actions/core to 2.0.3 on @actions/glob
2026-01-27 14:55:56 -05:00
Daniel Kennedy
dc6427f3c3
Attest: undo the @actions/github/@octokit bumps
2026-01-27 13:31:31 -05:00
Daniel Kennedy
76339b5f68
Bump @actions/http-client and @actions/github on all packages
2026-01-27 13:31:31 -05:00
Daniel Kennedy
c0ef67ec49
Release @actions/github v8.0.1
2026-01-27 10:29:06 -05:00
Daniel Kennedy
968fd7f8d3
Bump undici to v6.23.0 and @actions/http-client to v3.0.2 in @actions/github
2026-01-27 10:29:06 -05:00
Daniel Kennedy
9b27fa97f9
Release @actions/http-client version 3.0.2
2026-01-27 09:53:50 -05:00
Daniel Kennedy
065cf9f0b1
Bump undici to v6.23.0 in @actions/http-client
2026-01-27 09:38:40 -05:00
Lokesh Gopu
b77f226465
Merge pull request #2249 from actions/fix/upgrade-octokit-dependencies
...
upgrade octokit dependencies
2026-01-22 14:46:12 -05:00
Lokesh Gopu
f61ae48376
upgrade octokit dependencies
2026-01-22 11:59:59 -05:00
Salman Chishti
4236fc3e78
Merge pull request #2246 from actions/dependabot/npm_and_yarn/packages/attest/tar-7.5.6
...
chore(deps): bump tar from 7.5.2 to 7.5.6 in /packages/attest
2026-01-22 15:53:06 +00:00
Salman Chishti
f366966232
Merge pull request #2248 from actions/dependabot/npm_and_yarn/lodash-4.17.23
...
chore(deps): bump lodash from 4.17.21 to 4.17.23
2026-01-22 14:48:46 +00:00
dependabot[bot]
bd561a6765
chore(deps): bump lodash from 4.17.21 to 4.17.23
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23 )
---
updated-dependencies:
- dependency-name: lodash
dependency-version: 4.17.23
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-22 00:03:54 +00:00
dependabot[bot]
26490f0d3b
chore(deps): bump tar from 7.5.2 to 7.5.6 in /packages/attest
...
Bumps [tar](https://github.com/isaacs/node-tar ) from 7.5.2 to 7.5.6.
- [Release notes](https://github.com/isaacs/node-tar/releases )
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.2...v7.5.6 )
---
updated-dependencies:
- dependency-name: tar
dependency-version: 7.5.6
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-21 21:04:00 +00:00
Ryan Ghadimi
ee91adfbc4
Merge pull request #2243 from GhadimiR/main
...
Don't retry 429s returned from the cache service
2026-01-16 10:43:35 +00:00
Ryan Ghadimi
a039cff4a1
Add comment for rate limiting handling
...
Added a comment regarding rate limiting and retry behavior.
2026-01-16 10:26:45 +00:00
Ryan Ghadimi
9dd77993e7
Update packages/cache/RELEASES.md
...
Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com >
2026-01-16 10:25:44 +00:00
Ryan Ghadimi
dd1bb93c72
New error type for cache RL
2026-01-16 10:00:15 +00:00
Ryan Ghadimi
7292b3508f
update release doc
2026-01-16 09:51:21 +00:00
Ryan Ghadimi
4a47af6481
bump pkg
2026-01-16 09:46:28 +00:00