Compare commits

...

30 Commits

Author SHA1 Message Date
Aiqiao Yan cf80afb392 Merge pull request #2383 from actions/aiqiaoy/release-new-versions
Code Scanning - Action / CodeQL-Build (push) Has been cancelled
release new versions for a few packages
2026-04-21 15:52:32 -04:00
Aiqiao Yan 0607d7a54b release new versions for a few packages 2026-04-21 17:15:02 +00:00
Aiqiao Yan 36d90eb54c Merge pull request #2356 from actions/dependabot/npm_and_yarn/flatted-3.4.2
chore(deps-dev): bump flatted from 3.3.3 to 3.4.2
2026-04-21 12:59:58 -04:00
Aiqiao Yan 4ee32849b4 Merge pull request #2346 from actions/dependabot/npm_and_yarn/packages/github/undici-6.24.0
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/github
2026-04-21 12:55:26 -04:00
Aiqiao Yan d76f9fe99a Merge pull request #2348 from actions/dependabot/npm_and_yarn/packages/core/undici-6.24.1
chore(deps): bump undici from 6.23.0 to 6.24.1 in /packages/core
2026-04-21 12:54:48 -04:00
Aiqiao Yan 7e08d73d76 Merge pull request #2345 from actions/dependabot/npm_and_yarn/packages/glob/undici-6.24.0
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/glob
2026-04-21 12:42:56 -04:00
Aiqiao Yan 8b842d839b Merge pull request #2355 from shogo82148/bump-minimatch-v10
@actions/glob: bump minimatch from v3.0.4 to v10.2.5
2026-04-21 12:38:52 -04:00
ICHINOSE Shogo 16cd46c365 Merge branch 'main' into bump-minimatch-v10 2026-04-21 21:43:27 +09:00
Aiqiao Yan 75b8dd1009 Merge pull request #2369 from actions/dependabot/npm_and_yarn/packages/glob/brace-expansion-1.1.13
chore(deps): bump brace-expansion from 1.1.12 to 1.1.13 in /packages/glob
2026-04-20 17:44:57 -04:00
Aiqiao Yan a7c6618070 Merge pull request #2381 from actions/dependabot/npm_and_yarn/axios-1.15.1
chore(deps-dev): bump axios from 1.12.2 to 1.15.1
2026-04-20 17:44:12 -04:00
Aiqiao Yan 54ad3ca9ba Merge pull request #2347 from actions/dependabot/npm_and_yarn/packages/http-client/undici-6.24.0
chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/http-client
2026-04-20 17:34:56 -04:00
dependabot[bot] 3c424f0d63 chore(deps-dev): bump axios from 1.12.2 to 1.15.1
Bumps [axios](https://github.com/axios/axios) from 1.12.2 to 1.15.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.12.2...v1.15.1)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-20 21:34:33 +00:00
Aiqiao Yan d9346d8d93 Merge pull request #2378 from actions/dependabot/npm_and_yarn/follow-redirects-1.16.0
chore(deps-dev): bump follow-redirects from 1.15.11 to 1.16.0
2026-04-20 17:33:08 -04:00
dependabot[bot] 1f375f130a chore(deps-dev): bump follow-redirects from 1.15.11 to 1.16.0
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.11 to 1.16.0.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-15 18:58:03 +00:00
dependabot[bot] 140509034c chore(deps): bump brace-expansion in /packages/glob
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.12 to 1.1.13.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.13)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-08 20:54:11 +00:00
Salman Chishti b68d046fe3 Merge pull request #2366 from salmanmkc/salmanmkc/github-9.1.0-release
chore: bump @actions/github to 9.1.0 for release
2026-04-08 21:11:16 +01:00
Salman Chishti e4598e374b chore: bump @actions/github to 9.1.0 for release
- Version bump 9.0.0 → 9.1.0 in package.json
- Update RELEASES.md with idempotency guard note and PR link
2026-04-08 20:07:19 +00:00
Salman Chishti 14a090004e Merge pull request #2364 from salmanmkc/salmanmkc/orchestration-id-support
feat(github): add orchestration ID to user-agent in getOctokitOptions
2026-04-08 20:54:57 +01:00
Salman Chishti 3643ce2db4 style: fix prettier formatting in orchestration tests 2026-04-08 19:38:31 +00:00
Salman Chishti ffeb50bd02 fix: prevent duplicate orchestration ID in user-agent
Add idempotency check to getUserAgentWithOrchestrationId — if the
tag is already present in baseUserAgent, return it unchanged. This
prevents doubling when both the exported helper and getOctokitOptions
run for the same client.
2026-04-08 16:49:32 +00:00
Salman Chishti b0917c5a37 style: fix prettier formatting in orchestration tests 2026-04-07 16:35:32 +00:00
Salman Chishti a8ea745713 feat(github): append orchestration ID to user-agent in getOctokitOptions
When ACTIONS_ORCHESTRATION_ID is set, appends
actions_orchestration_id/{sanitizedId} to the user-agent string.

- Add getUserAgentWithOrchestrationId() to internal/utils.ts
- Wire into getOctokitOptions() so all getOctokit() calls include it
- Re-export helper from @actions/github/lib/utils for downstream consumers
- 14 deterministic unit tests covering helper, integration, edge cases
2026-04-07 16:16:11 +00:00
dependabot[bot] 23cbecacad chore(deps-dev): bump flatted from 3.3.3 to 3.4.2
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2.
- [Commits](https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-21 10:32:03 +00:00
ICHINOSE Shogo 74fcfdbd10 @actions/glob: add some comments for the regression testing
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-03-20 19:56:02 +09:00
ICHINOSE Shogo 20647b6bcf @actions/core: update regression test with minimatch v3 2026-03-20 19:24:19 +09:00
ICHINOSE Shogo 6bd5e50ee1 @actions/glob: bump minimatch from v3.0.4 to v10.2.4 2026-03-20 18:00:34 +09:00
dependabot[bot] 7c6cc28ed5 chore(deps): bump undici from 6.23.0 to 6.24.1 in /packages/core
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.1.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.1)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-14 09:09:41 +00:00
dependabot[bot] 8f62bc23d1 chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/http-client
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-14 05:22:04 +00:00
dependabot[bot] bbaffb4bb3 chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/github
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-14 04:56:28 +00:00
dependabot[bot] c23cc6e61c chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/glob
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-14 04:40:06 +00:00
18 changed files with 262 additions and 76 deletions
+19 -16
View File
@@ -4322,15 +4322,15 @@
}
},
"node_modules/axios": {
"version": "1.12.2",
"resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
"integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
"version": "1.15.1",
"resolved": "https://registry.npmjs.org/axios/-/axios-1.15.1.tgz",
"integrity": "sha512-WOG+Jj8ZOvR0a3rAn+Tuf1UQJRxw5venr6DgdbJzngJE3qG7X0kL83CZGpdHMxEm+ZK3seAbvFsw4FfOfP9vxg==",
"dev": true,
"license": "MIT",
"dependencies": {
"follow-redirects": "^1.15.6",
"form-data": "^4.0.4",
"proxy-from-env": "^1.1.0"
"follow-redirects": "^1.15.11",
"form-data": "^4.0.5",
"proxy-from-env": "^2.1.0"
}
},
"node_modules/axobject-query": {
@@ -7215,9 +7215,9 @@
}
},
"node_modules/flatted": {
"version": "3.3.3",
"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
"integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
"version": "3.4.2",
"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
"integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
"dev": true,
"license": "ISC"
},
@@ -7235,9 +7235,9 @@
}
},
"node_modules/follow-redirects": {
"version": "1.15.11",
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz",
"integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==",
"version": "1.16.0",
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz",
"integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==",
"dev": true,
"funding": [
{
@@ -13570,11 +13570,14 @@
"license": "MIT"
},
"node_modules/proxy-from-env": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
"integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz",
"integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==",
"dev": true,
"license": "MIT"
"license": "MIT",
"engines": {
"node": ">=10"
}
},
"node_modules/pure-rand": {
"version": "6.1.0",
+4
View File
@@ -1,5 +1,9 @@
# @actions/core Releases
## 3.0.1
- Bump `undici` from `6.23.0` to `6.24.1` [#2348](https://github.com/actions/toolkit/pull/2348)
## 3.0.0
- **Breaking change**: Package is now ESM-only
+5 -5
View File
@@ -1,12 +1,12 @@
{
"name": "@actions/core",
"version": "3.0.0",
"version": "3.0.1",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@actions/core",
"version": "3.0.0",
"version": "3.0.1",
"license": "MIT",
"dependencies": {
"@actions/exec": "^3.0.0",
@@ -61,9 +61,9 @@
}
},
"node_modules/undici": {
"version": "6.23.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
"version": "6.24.1",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz",
"integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==",
"license": "MIT",
"engines": {
"node": ">=18.17"
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/core",
"version": "3.0.0",
"version": "3.0.1",
"description": "Actions core lib",
"keywords": [
"github",
+8
View File
@@ -1,5 +1,13 @@
# @actions/github Releases
### 9.1.1
- Bump `undici` from `6.23.0` to `6.24.0` [#2346](https://github.com/actions/toolkit/pull/2346)
### 9.1.0
- Append `actions_orchestration_id` to user-agent when the `ACTIONS_ORCHESTRATION_ID` environment variable is set [#2364](https://github.com/actions/toolkit/pull/2364)
### 9.0.0
- **Breaking change**: Package is now ESM-only
@@ -0,0 +1,130 @@
import {getOctokitOptions, getUserAgentWithOrchestrationId} from '../src/utils'
import {getUserAgentWithOrchestrationId as internalGetUserAgentWithOrchestrationId} from '../src/internal/utils'
describe('orchestration ID support', () => {
let originalOrchId: string | undefined
beforeEach(() => {
originalOrchId = process.env['ACTIONS_ORCHESTRATION_ID']
delete process.env['ACTIONS_ORCHESTRATION_ID']
})
afterEach(() => {
if (originalOrchId !== undefined) {
process.env['ACTIONS_ORCHESTRATION_ID'] = originalOrchId
} else {
delete process.env['ACTIONS_ORCHESTRATION_ID']
}
})
describe('getUserAgentWithOrchestrationId', () => {
it('returns undefined when env var is not set and no base user agent', () => {
expect(getUserAgentWithOrchestrationId()).toBeUndefined()
})
it('returns base user agent unchanged when env var is not set', () => {
expect(getUserAgentWithOrchestrationId('my-app')).toBe('my-app')
})
it('returns orchestration ID without base when env var is set and no base', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123'
expect(getUserAgentWithOrchestrationId()).toBe(
'actions_orchestration_id/abc-123'
)
})
it('appends orchestration ID to base user agent', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123'
expect(getUserAgentWithOrchestrationId('my-app')).toBe(
'my-app actions_orchestration_id/abc-123'
)
})
it('sanitizes special characters in orchestration ID', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = 'id with spaces/and$pecial!'
expect(getUserAgentWithOrchestrationId('my-app')).toBe(
'my-app actions_orchestration_id/id_with_spaces_and_pecial_'
)
})
it('preserves allowed characters in orchestration ID', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] =
'valid_id-with.allowed_chars.123'
expect(getUserAgentWithOrchestrationId()).toBe(
'actions_orchestration_id/valid_id-with.allowed_chars.123'
)
})
it('ignores whitespace-only orchestration ID', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = ' '
expect(getUserAgentWithOrchestrationId('my-app')).toBe('my-app')
})
it('does not duplicate orchestration ID if already present in base', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123'
const alreadyTagged = 'my-app actions_orchestration_id/abc-123'
expect(getUserAgentWithOrchestrationId(alreadyTagged)).toBe(alreadyTagged)
})
})
describe('public re-export', () => {
it('exports getUserAgentWithOrchestrationId from utils (public API)', () => {
expect(getUserAgentWithOrchestrationId).toBe(
internalGetUserAgentWithOrchestrationId
)
})
})
describe('getOctokitOptions', () => {
it('sets userAgent when ACTIONS_ORCHESTRATION_ID is set', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id'
const opts = getOctokitOptions('fake-token')
expect(opts.userAgent).toBe('actions_orchestration_id/test-orch-id')
})
it('does not set userAgent when ACTIONS_ORCHESTRATION_ID is not set', () => {
const opts = getOctokitOptions('fake-token')
expect(opts.userAgent).toBeUndefined()
})
it('preserves and appends to caller-provided userAgent', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id'
const opts = getOctokitOptions('fake-token', {
userAgent: 'custom-agent/1.0'
})
expect(opts.userAgent).toBe(
'custom-agent/1.0 actions_orchestration_id/test-orch-id'
)
})
it('leaves caller-provided userAgent intact when env var is not set', () => {
const opts = getOctokitOptions('fake-token', {
userAgent: 'custom-agent/1.0'
})
expect(opts.userAgent).toBe('custom-agent/1.0')
})
it('does not mutate the original options object', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id'
const original = {userAgent: 'original/1.0'}
getOctokitOptions('fake-token', original)
expect(original.userAgent).toBe('original/1.0')
})
it('sanitizes special characters through getOctokitOptions', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = 'bad chars here!'
const opts = getOctokitOptions('fake-token')
expect(opts.userAgent).toBe('actions_orchestration_id/bad_chars_here_')
})
it('does not duplicate orchestration ID when caller already applied it', () => {
process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id'
const opts = getOctokitOptions('fake-token', {
userAgent: 'my-app actions_orchestration_id/test-orch-id'
})
expect(opts.userAgent).toBe(
'my-app actions_orchestration_id/test-orch-id'
)
})
})
})
+5 -5
View File
@@ -1,12 +1,12 @@
{
"name": "@actions/github",
"version": "9.0.0",
"version": "9.1.1",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@actions/github",
"version": "9.0.0",
"version": "9.1.1",
"license": "MIT",
"dependencies": {
"@actions/http-client": "^3.0.2",
@@ -363,9 +363,9 @@
}
},
"node_modules/undici": {
"version": "6.23.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
"version": "6.24.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz",
"integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==",
"license": "MIT",
"engines": {
"node": ">=18.17"
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/github",
"version": "9.0.0",
"version": "9.1.1",
"description": "Actions github lib",
"keywords": [
"github",
+14
View File
@@ -42,3 +42,17 @@ export function getProxyFetch(destinationUrl): typeof fetch {
export function getApiBaseUrl(): string {
return process.env['GITHUB_API_URL'] || 'https://api.github.com'
}
export function getUserAgentWithOrchestrationId(
baseUserAgent?: string
): string | undefined {
const orchId = process.env['ACTIONS_ORCHESTRATION_ID']?.trim()
if (orchId) {
const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_')
const tag = `actions_orchestration_id/${sanitizedId}`
if (baseUserAgent?.includes(tag)) return baseUserAgent
const ua = baseUserAgent ? `${baseUserAgent} ` : ''
return `${ua}${tag}`
}
return baseUserAgent
}
+10
View File
@@ -23,6 +23,8 @@ export const GitHub = Octokit.plugin(
paginateRest
).defaults(defaults)
export {getUserAgentWithOrchestrationId} from './internal/utils.js'
/**
* Convience function to correctly format Octokit Options to pass into the constructor.
*
@@ -41,5 +43,13 @@ export function getOctokitOptions(
opts.auth = auth
}
// Orchestration ID
const userAgent = Utils.getUserAgentWithOrchestrationId(
opts.userAgent as string | undefined
)
if (userAgent) {
opts.userAgent = userAgent
}
return opts
}
+6
View File
@@ -1,5 +1,11 @@
# @actions/glob Releases
## 0.7.0
- Bump `minimatch` from `^3.0.4` to `^10.2.5` [#2355](https://github.com/actions/toolkit/pull/2355)
- Bump `undici` from `6.23.0` to `6.24.0` [#2345](https://github.com/actions/toolkit/pull/2345)
- Bump `brace-expansion` in `/packages/glob` [#2369](https://github.com/actions/toolkit/pull/2369)
## 0.6.1
- Fix a bad import for `minimatch`
@@ -303,7 +303,7 @@ describe('pattern', () => {
expect(pattern.match(`${root}foo/bar/baz`)).toBeFalsy()
pattern = new Pattern(`${root}foo/b[!]r/b*`)
expect(pattern.searchPath).toBe(`${root}foo${path.sep}b!r`)
expect(pattern.match(`${root}foo/b!r/baz`)).toBeTruthy()
expect(pattern.match(`${root}foo/b!r/baz`)).toBeFalsy()
pattern = new Pattern(`${root}foo/b[[]ar/b*`)
expect(pattern.searchPath).toBe(`${root}foo${path.sep}b[ar`)
expect(pattern.match(`${root}foo/b[ar/baz`)).toBeTruthy()
@@ -340,9 +340,18 @@ describe('pattern', () => {
pattern = new Pattern('C:/foo/b\\[a]r/b*')
expect(pattern.searchPath).toBe(`C:\\foo\\b\\ar`)
expect(pattern.match('C:/foo/b/ar/baz')).toBeTruthy()
// Regression testing for minimatch v3
// Historically, minimatch/glob had a bug when parsing a character class
// containing an escaped '!' (e.g. `[\\!]`). In some cases, the internal
// pattern construction would incorrectly insert the literal string
// "undefined" into the generated pattern/segment, which could make a
// pattern intended to match `b[\\!]r` also match a path segment like
// `b[undefined/!]r`. This test ensures that a pattern with a literal
// `[\\!]` in the directory name does *not* match such malformed paths.
pattern = new Pattern('C:/foo/b[\\!]r/b*')
expect(pattern.searchPath).toBe('C:\\foo\\b[\\!]r')
expect(pattern.match('C:/foo/b[undefined/!]r/baz')).toBeTruthy() // Note, "undefined" substr to accommodate a bug in Minimatch when nocase=true
expect(pattern.match('C:/foo/b[undefined/!]r/baz')).toBeFalsy()
}
})
})
+33 -31
View File
@@ -1,16 +1,16 @@
{
"name": "@actions/glob",
"version": "0.6.1",
"version": "0.7.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@actions/glob",
"version": "0.6.1",
"version": "0.7.0",
"license": "MIT",
"dependencies": {
"@actions/core": "^3.0.0",
"minimatch": "^3.0.4"
"minimatch": "^10.2.5"
}
},
"node_modules/@actions/core": {
@@ -49,37 +49,39 @@
"license": "MIT"
},
"node_modules/balanced-match": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
"integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
"license": "MIT"
},
"node_modules/brace-expansion": {
"version": "1.1.12",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
"version": "4.0.4",
"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
"integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
"license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
"engines": {
"node": "18 || 20 || >=22"
}
},
"node_modules/concat-map": {
"version": "0.0.1",
"resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
"integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
"license": "MIT"
},
"node_modules/minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"license": "ISC",
"node_modules/brace-expansion": {
"version": "5.0.5",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"license": "MIT",
"dependencies": {
"brace-expansion": "^1.1.7"
"balanced-match": "^4.0.2"
},
"engines": {
"node": "*"
"node": "18 || 20 || >=22"
}
},
"node_modules/minimatch": {
"version": "10.2.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
"integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
"license": "BlueOak-1.0.0",
"dependencies": {
"brace-expansion": "^5.0.5"
},
"engines": {
"node": "18 || 20 || >=22"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/tunnel": {
@@ -92,9 +94,9 @@
}
},
"node_modules/undici": {
"version": "6.23.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
"version": "6.24.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz",
"integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==",
"license": "MIT",
"engines": {
"node": ">=18.17"
+2 -2
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/glob",
"version": "0.6.1",
"version": "0.7.0",
"preview": true,
"description": "Actions glob lib",
"keywords": [
@@ -45,6 +45,6 @@
},
"dependencies": {
"@actions/core": "^3.0.0",
"minimatch": "^3.0.4"
"minimatch": "^10.2.5"
}
}
+3 -7
View File
@@ -2,14 +2,10 @@ import * as os from 'os'
import * as path from 'path'
import * as pathHelper from './internal-path-helper.js'
import assert from 'assert'
import minimatch from 'minimatch'
import {Minimatch, type MinimatchOptions} from 'minimatch'
import {MatchKind} from './internal-match-kind.js'
import {Path} from './internal-path.js'
type IMinimatch = minimatch.IMinimatch
type IMinimatchOptions = minimatch.IOptions
const {Minimatch} = minimatch
const IS_WINDOWS = process.platform === 'win32'
export class Pattern {
@@ -38,7 +34,7 @@ export class Pattern {
/**
* The Minimatch object used for matching
*/
private readonly minimatch: IMinimatch
private readonly minimatch: Minimatch
/**
* Used to workaround a limitation with Minimatch when determining a partial
@@ -126,7 +122,7 @@ export class Pattern {
this.isImplicitPattern = isImplicitPattern
// Create minimatch
const minimatchOptions: IMinimatchOptions = {
const minimatchOptions: MinimatchOptions = {
dot: true,
nobrace: true,
nocase: IS_WINDOWS,
+4
View File
@@ -1,5 +1,9 @@
# Releases
## 4.0.1
- Bump `undici` from `6.23.0` to `6.24.0` [#2347](https://github.com/actions/toolkit/pull/2347)
## 4.0.0
- **Breaking change**: Package is now ESM-only
+5 -5
View File
@@ -1,12 +1,12 @@
{
"name": "@actions/http-client",
"version": "4.0.0",
"version": "4.0.1",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@actions/http-client",
"version": "4.0.0",
"version": "4.0.1",
"license": "MIT",
"dependencies": {
"tunnel": "^0.0.6",
@@ -232,9 +232,9 @@
}
},
"node_modules/undici": {
"version": "6.23.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
"version": "6.24.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz",
"integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==",
"license": "MIT",
"engines": {
"node": ">=18.17"
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/http-client",
"version": "4.0.0",
"version": "4.0.1",
"description": "Actions Http Client",
"keywords": [
"github",